New upstream version 1.6.4
Robert Edmonds
6 years ago
| 6 | 6 | /config.log |
| 7 | 7 | /config.status |
| 8 | 8 | /dnstap/dnstap_config.h |
| 9 | /dnscrypt/dnscrypt_config.h | |
| 9 | 10 | /doc/example.conf |
| 10 | 11 | /doc/libunbound.3 |
| 11 | 12 | /doc/unbound-anchor.8 |
| 22 | 22 | CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ |
| 23 | 23 | DNSTAP_SRC=@DNSTAP_SRC@ |
| 24 | 24 | DNSTAP_OBJ=@DNSTAP_OBJ@ |
| 25 | DNSCRYPT_SRC=@DNSCRYPT_SRC@ | |
| 26 | DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ | |
| 25 | 27 | WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ |
| 26 | 28 | WITH_PYUNBOUND=@WITH_PYUNBOUND@ |
| 27 | 29 | PY_MAJOR_VERSION=@PY_MAJOR_VERSION@ |
| 94 | 96 | PYUNBOUND_SRC= |
| 95 | 97 | # libunbound_wrap.lo if python libunbound wrapper enabled. |
| 96 | 98 | PYUNBOUND_OBJ=@PYUNBOUND_OBJ@ |
| 99 | SUBNET_SRC=edns-subnet/edns-subnet.c edns-subnet/subnetmod.c edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c | |
| 100 | SUBNET_OBJ=@SUBNET_OBJ@ | |
| 101 | SUBNET_HEADER=@SUBNET_HEADER@ | |
| 102 | IPSECMOD_SRC=ipsecmod/ipsecmod.c ipsecmod/ipsecmod-whitelist.c | |
| 103 | IPSECMOD_OBJ=@IPSECMOD_OBJ@ | |
| 104 | IPSECMOD_HEADER=@IPSECMOD_HEADER@ | |
| 97 | 105 | COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \ |
| 98 | 106 | util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \ |
| 99 | 107 | util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \ |
| 103 | 111 | services/localzone.c services/mesh.c services/modstack.c services/view.c \ |
| 104 | 112 | services/outbound_list.c services/outside_network.c util/alloc.c \ |
| 105 | 113 | util/config_file.c util/configlexer.c util/configparser.c \ |
| 114 | util/shm_side/shm_main.c services/authzone.c\ | |
| 106 | 115 | util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ |
| 107 | 116 | util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ |
| 108 | 117 | util/rtt.c util/storage/dnstree.c util/storage/lookup3.c \ |
| 111 | 120 | validator/autotrust.c validator/val_anchor.c validator/validator.c \ |
| 112 | 121 | validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ |
| 113 | 122 | validator/val_nsec3.c validator/val_nsec.c validator/val_secalgo.c \ |
| 114 | validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c cachedb/cachedb.c $(CHECKLOCK_SRC) \ | |
| 115 | $(DNSTAP_SRC) | |
| 123 | validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ | |
| 124 | edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ | |
| 125 | edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ | |
| 126 | cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \ | |
| 127 | $(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) | |
| 116 | 128 | COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ |
| 117 | 129 | as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ |
| 118 | 130 | iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ |
| 122 | 134 | random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ |
| 123 | 135 | slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \ |
| 124 | 136 | validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ |
| 125 | val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ | |
| 126 | $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) | |
| 137 | val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\ | |
| 138 | $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ | |
| 139 | $(IPSECMOD_OBJ) | |
| 140 | COMMON_OBJ_WITHOUT_NETCALL+=respip.lo | |
| 127 | 141 | COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ |
| 128 | 142 | outside_network.lo |
| 129 | 143 | COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo |
| 147 | 161 | UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ |
| 148 | 162 | testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ |
| 149 | 163 | testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ |
| 150 | testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c | |
| 164 | testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \ | |
| 165 | testcode/unitecs.c testcode/unitauth.c | |
| 151 | 166 | UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \ |
| 152 | 167 | unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \ |
| 153 | readhex.lo testpkts.lo unitldns.lo | |
| 168 | readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo | |
| 154 | 169 | UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \ |
| 155 | 170 | $(COMPAT_OBJ) |
| 156 | 171 | DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \ |
| 157 | 172 | daemon/remote.c daemon/stats.c daemon/unbound.c daemon/worker.c @WIN_DAEMON_SRC@ |
| 158 | DAEMON_OBJ=acl_list.lo cachedump.lo daemon.lo remote.lo stats.lo unbound.lo \ | |
| 173 | DAEMON_OBJ=acl_list.lo cachedump.lo daemon.lo shm_main.lo remote.lo stats.lo unbound.lo \ | |
| 159 | 174 | worker.lo @WIN_DAEMON_OBJ@ |
| 160 | 175 | DAEMON_OBJ_LINK=$(DAEMON_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \ |
| 161 | 176 | $(COMPAT_OBJ) @WIN_DAEMON_OBJ_LINK@ |
| 179 | 194 | testcode/replay.c testcode/fake_event.c |
| 180 | 195 | TESTBOUND_OBJ=testbound.lo replay.lo fake_event.lo |
| 181 | 196 | TESTBOUND_OBJ_LINK=$(TESTBOUND_OBJ) testpkts.lo worker.lo acl_list.lo \ |
| 182 | daemon.lo stats.lo $(COMMON_OBJ_WITHOUT_NETCALL) ub_event.lo $(SLDNS_OBJ) \ | |
| 197 | daemon.lo stats.lo shm_main.lo $(COMMON_OBJ_WITHOUT_NETCALL) ub_event.lo $(SLDNS_OBJ) \ | |
| 183 | 198 | $(COMPAT_OBJ) |
| 184 | 199 | LOCKVERIFY_SRC=testcode/lock_verify.c |
| 185 | 200 | LOCKVERIFY_OBJ=lock_verify.lo |
| 378 | 393 | |
| 379 | 394 | dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h |
| 380 | 395 | |
| 396 | # dnscrypt | |
| 397 | dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ | |
| 398 | dnscrypt/dnscrypt_config.h \ | |
| 399 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 400 | $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ | |
| 401 | $(srcdir)/util/netevent.h | |
| 402 | ||
| 381 | 403 | # Python Module |
| 382 | 404 | pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ |
| 383 | 405 | pythonmod/interface.h \ |
| 583 | 605 | -e 's?$$(srcdir)/util/configparser.c?util/configparser.c?g' \ |
| 584 | 606 | -e 's?$$(srcdir)/util/configparser.h?util/configparser.h?g' \ |
| 585 | 607 | -e 's?$$(srcdir)/dnstap/dnstap_config.h??g' \ |
| 608 | -e 's?$$(srcdir)/dnscrypt/dnscrypt_config.h??g' \ | |
| 586 | 609 | -e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \ |
| 610 | -e 's?$$(srcdir)/edns-subnet/subnetmod.h $$(srcdir)/edns-subnet/subnet-whitelist.h $$(srcdir)/edns-subnet/edns-subnet.h $$(srcdir)/edns-subnet/addrtree.h?$$(SUBNET_HEADER)?g' \ | |
| 611 | -e 's?$$(srcdir)/ipsecmod/ipsecmod.h $$(srcdir)/ipsecmod/ipsecmod-whitelist.h?$$(IPSECMOD_HEADER)?g' \ | |
| 587 | 612 | -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \ |
| 588 | 613 | > $(DEPEND_TMP) |
| 589 | 614 | cp $(DEPEND_TARGET) $(DEPEND_TMP2) |
| 601 | 626 | # Dependencies |
| 602 | 627 | dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ |
| 603 | 628 | $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ |
| 604 | $(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \ | |
| 605 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ | |
| 606 | $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ | |
| 607 | $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h | |
| 629 | $(srcdir)/util/locks.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/dns.h \ | |
| 630 | $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ | |
| 631 | $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 632 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ | |
| 633 | $(srcdir)/sldns/sbuffer.h | |
| 608 | 634 | infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ |
| 609 | 635 | $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ |
| 610 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/storage/slabhash.h \ | |
| 636 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \ | |
| 637 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 638 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h \ | |
| 611 | 639 | $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \ |
| 612 | 640 | $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ |
| 613 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ | |
| 614 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h | |
| 641 | $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h | |
| 615 | 642 | rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ |
| 616 | 643 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ |
| 617 | 644 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ |
| 633 | 660 | $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h |
| 634 | 661 | msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ |
| 635 | 662 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ |
| 636 | $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \ | |
| 663 | $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 664 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ | |
| 637 | 665 | $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ |
| 638 | 666 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ |
| 639 | 667 | $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ |
| 650 | 678 | $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \ |
| 651 | 679 | $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \ |
| 652 | 680 | $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ |
| 653 | $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ | |
| 654 | $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ | |
| 655 | $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \ | |
| 656 | $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h | |
| 681 | $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 682 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ | |
| 683 | $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \ | |
| 684 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ | |
| 685 | $(srcdir)/util/config_file.h $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ | |
| 686 | $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h | |
| 657 | 687 | iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \ |
| 658 | 688 | $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ |
| 659 | 689 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \ |
| 694 | 724 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \ |
| 695 | 725 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \ |
| 696 | 726 | $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ |
| 697 | $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h \ | |
| 727 | $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 728 | $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/dns.h \ | |
| 698 | 729 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \ |
| 699 | 730 | $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h \ |
| 700 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ | |
| 701 | $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h \ | |
| 702 | $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h \ | |
| 703 | $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h | |
| 731 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ | |
| 732 | $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ | |
| 733 | $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h \ | |
| 734 | $(srcdir)/sldns/str2wire.h | |
| 704 | 735 | listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ |
| 705 | $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/outside_network.h \ | |
| 736 | $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 737 | $(srcdir)/dnscrypt/cert.h $(srcdir)/services/outside_network.h \ | |
| 706 | 738 | $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ |
| 707 | 739 | $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h |
| 708 | 740 | localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ |
| 711 | 743 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ |
| 712 | 744 | $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \ |
| 713 | 745 | $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ |
| 714 | $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/as112.h | |
| 746 | $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \ | |
| 747 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 748 | $(srcdir)/util/as112.h | |
| 715 | 749 | mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ |
| 716 | $(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ | |
| 750 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 751 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ | |
| 717 | 752 | $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ |
| 718 | 753 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ |
| 719 | 754 | $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ |
| 720 | 755 | $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \ |
| 721 | 756 | $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \ |
| 722 | 757 | $(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ |
| 723 | $(srcdir)/services/view.h $(srcdir)/util/data/dname.h | |
| 758 | $(srcdir)/services/view.h $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h | |
| 724 | 759 | modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ |
| 725 | 760 | $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ |
| 726 | 761 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ |
| 727 | 762 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ |
| 763 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 728 | 764 | $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ |
| 729 | 765 | $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ |
| 730 | $(srcdir)/validator/val_utils.h $(PYTHONMOD_HEADER) | |
| 766 | $(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \ | |
| 767 | $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(PYTHONMOD_HEADER) \ | |
| 768 | $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \ | |
| 769 | $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h \ | |
| 770 | $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h | |
| 731 | 771 | view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ |
| 732 | 772 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ |
| 733 | 773 | $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ |
| 735 | 775 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h |
| 736 | 776 | outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ |
| 737 | 777 | $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ |
| 738 | $(srcdir)/util/netevent.h | |
| 778 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 779 | $(srcdir)/dnscrypt/cert.h | |
| 739 | 780 | outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ |
| 740 | 781 | $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ |
| 782 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 741 | 783 | $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \ |
| 742 | 784 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ |
| 743 | $(srcdir)/util/rtt.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ | |
| 744 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ | |
| 785 | $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ | |
| 786 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \ | |
| 745 | 787 | $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ |
| 746 | 788 | $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ |
| 747 | $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h | |
| 789 | $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ | |
| 790 | ||
| 748 | 791 | alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ |
| 749 | 792 | $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ |
| 750 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ | |
| 751 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ | |
| 752 | $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h | |
| 793 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 794 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \ | |
| 795 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ | |
| 796 | $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h | |
| 753 | 797 | config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \ |
| 754 | 798 | $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \ |
| 755 | 799 | $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ |
| 756 | 800 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ |
| 757 | 801 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \ |
| 758 | $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ | |
| 802 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 803 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ | |
| 759 | 804 | $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ |
| 760 | 805 | $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ |
| 761 | $(srcdir)/util/iana_ports.inc | |
| 806 | $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/iana_ports.inc | |
| 762 | 807 | configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ |
| 763 | 808 | $(srcdir)/util/config_file.h util/configparser.h |
| 764 | 809 | configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ |
| 765 | 810 | $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h |
| 811 | shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \ | |
| 812 | $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 813 | $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ | |
| 814 | $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ | |
| 815 | $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ | |
| 816 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ | |
| 817 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ | |
| 818 | $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h \ | |
| 819 | $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ | |
| 820 | $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ | |
| 821 | $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/config_file.h \ | |
| 822 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h | |
| 823 | authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \ | |
| 824 | $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ | |
| 825 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ | |
| 826 | $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \ | |
| 827 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \ | |
| 828 | $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/validator/val_nsec3.h \ | |
| 829 | $(srcdir)/validator/val_secalgo.h | |
| 766 | 830 | fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ |
| 767 | $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 831 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 832 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 768 | 833 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ |
| 769 | 834 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ |
| 770 | 835 | $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ |
| 771 | 836 | $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ |
| 772 | 837 | $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ |
| 773 | $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ | |
| 774 | $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ | |
| 775 | $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ | |
| 776 | $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ | |
| 777 | $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ | |
| 778 | $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ | |
| 779 | $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ | |
| 780 | $(srcdir)/util/config_file.h $(PYTHONMOD_HEADER) | |
| 838 | $(srcdir)/services/authzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ | |
| 839 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ | |
| 840 | $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ | |
| 841 | $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ | |
| 842 | $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ | |
| 843 | $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ | |
| 844 | $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \ | |
| 845 | $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \ | |
| 846 | $(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \ | |
| 847 | $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \ | |
| 848 | $(srcdir)/edns-subnet/edns-subnet.h | |
| 781 | 849 | locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h |
| 782 | 850 | log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h |
| 783 | 851 | mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ |
| 784 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ | |
| 785 | $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ | |
| 786 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ | |
| 787 | $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h | |
| 852 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 853 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ | |
| 854 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ | |
| 855 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 856 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ | |
| 857 | $(srcdir)/services/modstack.h | |
| 788 | 858 | module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ |
| 789 | 859 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ |
| 790 | 860 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h |
| 791 | netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/util/ub_event.h \ | |
| 792 | $(srcdir)/util/log.h $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ | |
| 793 | $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ | |
| 861 | netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 862 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ | |
| 863 | $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ | |
| 864 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ | |
| 794 | 865 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ |
| 795 | 866 | $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ |
| 796 | $(srcdir)/dnstap/dnstap.h | |
| 867 | $(srcdir)/dnstap/dnstap.h \ | |
| 868 | ||
| 797 | 869 | net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ |
| 798 | 870 | $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ |
| 799 | 871 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ |
| 800 | 872 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h \ |
| 801 | $(srcdir)/sldns/wire2str.h | |
| 873 | $(srcdir)/sldns/wire2str.h \ | |
| 874 | ||
| 802 | 875 | random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h |
| 803 | 876 | rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ |
| 804 | $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 877 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 878 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 805 | 879 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ |
| 806 | 880 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ |
| 807 | 881 | $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h |
| 812 | 886 | $(srcdir)/util/log.h $(srcdir)/util/net_help.h |
| 813 | 887 | lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h |
| 814 | 888 | lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \ |
| 815 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h \ | |
| 816 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ | |
| 817 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ | |
| 818 | $(srcdir)/services/modstack.h | |
| 889 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ | |
| 890 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 891 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ | |
| 892 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ | |
| 893 | $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h | |
| 819 | 894 | slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \ |
| 820 | 895 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h |
| 821 | 896 | timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h |
| 822 | 897 | tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ |
| 823 | $(srcdir)/util/netevent.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ | |
| 898 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 899 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ | |
| 824 | 900 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ |
| 825 | 901 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \ |
| 826 | 902 | $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h |
| 827 | 903 | ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ |
| 828 | $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h | |
| 904 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 905 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h | |
| 829 | 906 | ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ |
| 830 | $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ | |
| 907 | $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 908 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ | |
| 831 | 909 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ |
| 832 | 910 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ |
| 833 | 911 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ |
| 839 | 917 | $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ |
| 840 | 918 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ |
| 841 | 919 | $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ |
| 842 | $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/services/modstack.h \ | |
| 920 | $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 921 | $(srcdir)/dnscrypt/cert.h $(srcdir)/services/modstack.h \ | |
| 843 | 922 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h \ |
| 844 | $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h | |
| 923 | $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ | |
| 924 | ||
| 845 | 925 | val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ |
| 846 | 926 | $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ |
| 847 | 927 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \ |
| 856 | 936 | $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \ |
| 857 | 937 | $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ |
| 858 | 938 | $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ |
| 859 | $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ | |
| 860 | $(srcdir)/sldns/wire2str.h | |
| 939 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 940 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ | |
| 941 | $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h | |
| 861 | 942 | val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \ |
| 862 | 943 | $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ |
| 863 | 944 | $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ |
| 866 | 947 | val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ |
| 867 | 948 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ |
| 868 | 949 | $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ |
| 869 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h | |
| 870 | val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \ | |
| 871 | $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ | |
| 872 | $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ | |
| 873 | $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ | |
| 874 | $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ | |
| 875 | $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h | |
| 950 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ | |
| 951 | ||
| 952 | val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ | |
| 953 | $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ | |
| 954 | $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ | |
| 955 | $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h \ | |
| 956 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ | |
| 957 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ | |
| 958 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h | |
| 876 | 959 | val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \ |
| 877 | 960 | $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ |
| 878 | 961 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ |
| 888 | 971 | val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ |
| 889 | 972 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ |
| 890 | 973 | $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ |
| 891 | $(srcdir)/sldns/sbuffer.h | |
| 974 | $(srcdir)/sldns/sbuffer.h \ | |
| 975 | ||
| 892 | 976 | val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ |
| 893 | 977 | $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ |
| 894 | 978 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ |
| 895 | 979 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ |
| 896 | 980 | $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \ |
| 897 | $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h \ | |
| 898 | $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h | |
| 981 | $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ | |
| 982 | $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ | |
| 983 | ||
| 899 | 984 | val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ |
| 900 | 985 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ |
| 901 | 986 | $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ |
| 903 | 988 | $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \ |
| 904 | 989 | $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \ |
| 905 | 990 | $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ |
| 906 | $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h | |
| 991 | $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h \ | |
| 992 | $(srcdir)/sldns/parseutil.h | |
| 907 | 993 | dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \ |
| 908 | 994 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ |
| 909 | 995 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ |
| 910 | 996 | $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ |
| 911 | 997 | $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ |
| 912 | $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ | |
| 998 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 999 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ | |
| 913 | 1000 | $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h |
| 914 | cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h | |
| 1001 | edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ | |
| 1002 | $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h | |
| 1003 | subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ | |
| 1004 | $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 1005 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ | |
| 1006 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ | |
| 1007 | $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h \ | |
| 1008 | $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h \ | |
| 1009 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ | |
| 1010 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 1011 | $(srcdir)/services/modstack.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \ | |
| 1012 | $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h | |
| 1013 | addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ | |
| 1014 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ | |
| 1015 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ | |
| 1016 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h | |
| 1017 | subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ | |
| 1018 | $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ | |
| 1019 | $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ | |
| 1020 | $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ | |
| 1021 | $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h | |
| 1022 | cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \ | |
| 1023 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ | |
| 1024 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 1025 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ | |
| 1026 | $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h $(srcdir)/validator/val_neg.h \ | |
| 1027 | $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h $(srcdir)/iterator/iter_utils.h \ | |
| 1028 | $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ | |
| 1029 | $(srcdir)/sldns/sbuffer.h | |
| 1030 | respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ | |
| 1031 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ | |
| 1032 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ | |
| 1033 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \ | |
| 1034 | $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \ | |
| 1035 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1036 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ | |
| 1037 | $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h | |
| 915 | 1038 | checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ |
| 916 | 1039 | $(srcdir)/testcode/checklocks.h |
| 1040 | dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \ | |
| 1041 | $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ | |
| 1042 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h | |
| 1043 | ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ | |
| 1044 | $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 1045 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ | |
| 1046 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ | |
| 1047 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ | |
| 1048 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 1049 | $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/regional.h \ | |
| 1050 | $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h | |
| 1051 | ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ | |
| 1052 | $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ | |
| 1053 | $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ | |
| 1054 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ | |
| 1055 | $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ | |
| 1056 | $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h | |
| 917 | 1057 | unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ |
| 918 | 1058 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ |
| 919 | 1059 | $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h |
| 922 | 1062 | $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h |
| 923 | 1063 | unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ |
| 924 | 1064 | $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h |
| 925 | unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ | |
| 1065 | unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ | |
| 1066 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ | |
| 926 | 1067 | $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ |
| 927 | $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ | |
| 928 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ | |
| 929 | $(srcdir)/util/random.h | |
| 1068 | $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ | |
| 1069 | $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h \ | |
| 1070 | $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1071 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ | |
| 1072 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/random.h $(srcdir)/respip/respip.h $(srcdir)/util/module.h \ | |
| 1073 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h | |
| 930 | 1074 | unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ |
| 931 | 1075 | $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ |
| 932 | 1076 | $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ |
| 957 | 1101 | $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h |
| 958 | 1102 | unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ |
| 959 | 1103 | $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h |
| 1104 | unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ | |
| 1105 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ | |
| 1106 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 1107 | $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ | |
| 1108 | $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ | |
| 1109 | $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h | |
| 1110 | unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ | |
| 1111 | $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ | |
| 1112 | $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/msgreply.h \ | |
| 1113 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/dns.h \ | |
| 1114 | $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h | |
| 960 | 1115 | acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ |
| 961 | 1116 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ |
| 962 | 1117 | $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ |
| 963 | 1118 | $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ |
| 964 | 1119 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ |
| 965 | 1120 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h |
| 966 | cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ | |
| 967 | $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ | |
| 968 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 969 | $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 970 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ | |
| 971 | $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ | |
| 972 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ | |
| 973 | $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ | |
| 974 | $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ | |
| 1121 | cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ | |
| 1122 | $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ | |
| 1123 | $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ | |
| 1124 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1125 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ | |
| 1126 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ | |
| 1127 | $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ | |
| 1128 | $(srcdir)/dnstap/dnstap.h $(srcdir)/services/cache/rrset.h \ | |
| 1129 | $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ | |
| 1130 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \ | |
| 1131 | $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ | |
| 975 | 1132 | $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ |
| 976 | 1133 | $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ |
| 977 | 1134 | $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h |
| 978 | daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ | |
| 979 | $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ | |
| 980 | $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ | |
| 981 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \ | |
| 982 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ | |
| 983 | $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ | |
| 984 | $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ | |
| 985 | $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h \ | |
| 1135 | daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ | |
| 1136 | $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ | |
| 1137 | $(srcdir)/daemon/worker.h \ | |
| 1138 | $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ | |
| 1139 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1140 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 1141 | $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ | |
| 1142 | $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ | |
| 1143 | $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ | |
| 1144 | $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ | |
| 986 | 1145 | $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ |
| 987 | 1146 | $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ |
| 988 | $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h | |
| 989 | remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ | |
| 990 | $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ | |
| 991 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ | |
| 992 | $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 993 | $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ | |
| 994 | $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ | |
| 995 | $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ | |
| 996 | $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ | |
| 997 | $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ | |
| 998 | $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ | |
| 999 | $(srcdir)/services/view.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h \ | |
| 1000 | $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h \ | |
| 1001 | $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h \ | |
| 1002 | $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ | |
| 1003 | $(srcdir)/iterator/iter_delegpt.h $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h \ | |
| 1004 | $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h | |
| 1005 | stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ | |
| 1147 | $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h | |
| 1148 | remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ | |
| 1149 | $(srcdir)/daemon/remote.h \ | |
| 1006 | 1150 | $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ |
| 1007 | 1151 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ |
| 1008 | $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1152 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1153 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1154 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ | |
| 1155 | $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ | |
| 1156 | $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ | |
| 1157 | $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ | |
| 1158 | $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ | |
| 1159 | $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ | |
| 1160 | $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/util/fptr_wlist.h \ | |
| 1161 | $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ | |
| 1162 | $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ | |
| 1163 | $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ | |
| 1164 | $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ | |
| 1165 | $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ | |
| 1166 | $(srcdir)/sldns/wire2str.h | |
| 1167 | stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ | |
| 1168 | $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ | |
| 1169 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 1170 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1171 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1009 | 1172 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ |
| 1010 | 1173 | $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ |
| 1011 | 1174 | $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ |
| 1015 | 1178 | $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h |
| 1016 | 1179 | unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ |
| 1017 | 1180 | $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ |
| 1018 | $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h \ | |
| 1019 | $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \ | |
| 1020 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ | |
| 1021 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h \ | |
| 1022 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 1023 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h \ | |
| 1024 | $(srcdir)/util/ub_event.h | |
| 1181 | $(srcdir)/daemon/remote.h \ | |
| 1182 | $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ | |
| 1183 | $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1184 | $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h \ | |
| 1185 | $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ | |
| 1186 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ | |
| 1187 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ | |
| 1188 | $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h | |
| 1025 | 1189 | worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ |
| 1026 | 1190 | $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ |
| 1027 | 1191 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ |
| 1028 | $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1192 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1193 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1029 | 1194 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ |
| 1030 | $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ | |
| 1031 | $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ | |
| 1032 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ | |
| 1033 | $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ | |
| 1034 | $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ | |
| 1035 | $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ | |
| 1036 | $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ | |
| 1195 | $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ | |
| 1196 | $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ | |
| 1197 | $(srcdir)/daemon/remote.h \ | |
| 1198 | $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ | |
| 1199 | $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ | |
| 1200 | $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ | |
| 1201 | $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ | |
| 1202 | $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ | |
| 1037 | 1203 | $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ |
| 1038 | 1204 | $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ |
| 1039 | $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ | |
| 1040 | $(srcdir)/libunbound/libworker.h | |
| 1205 | $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ | |
| 1206 | $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h | |
| 1041 | 1207 | testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ |
| 1042 | $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ | |
| 1043 | $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \ | |
| 1044 | $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ | |
| 1208 | $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1209 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/rbtree.h \ | |
| 1210 | $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \ | |
| 1211 | $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ | |
| 1212 | $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ | |
| 1045 | 1213 | $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ |
| 1046 | 1214 | $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ |
| 1047 | 1215 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ |
| 1048 | $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ | |
| 1216 | $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ | |
| 1049 | 1217 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ |
| 1050 | 1218 | $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h |
| 1051 | 1219 | testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ |
| 1054 | 1222 | worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ |
| 1055 | 1223 | $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ |
| 1056 | 1224 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ |
| 1057 | $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1225 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1226 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1058 | 1227 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ |
| 1059 | $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ | |
| 1060 | $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ | |
| 1061 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ | |
| 1062 | $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ | |
| 1063 | $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ | |
| 1064 | $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ | |
| 1065 | $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ | |
| 1228 | $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ | |
| 1229 | $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ | |
| 1230 | $(srcdir)/daemon/remote.h \ | |
| 1231 | $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ | |
| 1232 | $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ | |
| 1233 | $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ | |
| 1234 | $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ | |
| 1235 | $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ | |
| 1066 | 1236 | $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ |
| 1067 | 1237 | $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ |
| 1068 | $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ | |
| 1069 | $(srcdir)/libunbound/libworker.h | |
| 1238 | $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ | |
| 1239 | $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h | |
| 1070 | 1240 | acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ |
| 1071 | 1241 | $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ |
| 1072 | 1242 | $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ |
| 1073 | 1243 | $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ |
| 1074 | 1244 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ |
| 1075 | 1245 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h |
| 1076 | daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ | |
| 1077 | $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ | |
| 1078 | $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ | |
| 1079 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \ | |
| 1080 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ | |
| 1081 | $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ | |
| 1082 | $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ | |
| 1083 | $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h \ | |
| 1246 | daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ | |
| 1247 | $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ | |
| 1248 | $(srcdir)/daemon/worker.h \ | |
| 1249 | $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ | |
| 1250 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1251 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 1252 | $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ | |
| 1253 | $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ | |
| 1254 | $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ | |
| 1255 | $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ | |
| 1084 | 1256 | $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ |
| 1085 | 1257 | $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ |
| 1086 | $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h | |
| 1258 | $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h | |
| 1087 | 1259 | stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ |
| 1088 | $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ | |
| 1260 | $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ | |
| 1089 | 1261 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ |
| 1090 | $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1262 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1263 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ | |
| 1091 | 1264 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ |
| 1092 | 1265 | $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ |
| 1093 | 1266 | $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ |
| 1096 | 1269 | $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ |
| 1097 | 1270 | $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h |
| 1098 | 1271 | replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ |
| 1099 | $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/testcode/testpkts.h \ | |
| 1272 | $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1273 | $(srcdir)/dnscrypt/cert.h $(srcdir)/testcode/testpkts.h \ | |
| 1100 | 1274 | $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h |
| 1101 | 1275 | fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ |
| 1102 | $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ | |
| 1276 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1277 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ | |
| 1103 | 1278 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ |
| 1104 | 1279 | $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ |
| 1105 | 1280 | $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \ |
| 1109 | 1284 | $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ |
| 1110 | 1285 | $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h |
| 1111 | 1286 | lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ |
| 1112 | $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \ | |
| 1287 | $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1288 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ | |
| 1113 | 1289 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ |
| 1114 | 1290 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ |
| 1115 | 1291 | $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h |
| 1120 | 1296 | readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \ |
| 1121 | 1297 | $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h |
| 1122 | 1298 | memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ |
| 1123 | $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \ | |
| 1299 | $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1300 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ | |
| 1124 | 1301 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ |
| 1125 | 1302 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ |
| 1126 | 1303 | $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h |
| 1131 | 1308 | $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ |
| 1132 | 1309 | $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ |
| 1133 | 1310 | $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ |
| 1134 | $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) | |
| 1311 | $(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) | |
| 1135 | 1312 | worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ |
| 1136 | 1313 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ |
| 1137 | 1314 | $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ |
| 1138 | 1315 | $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ |
| 1316 | $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ | |
| 1139 | 1317 | $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ |
| 1140 | 1318 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h |
| 1141 | 1319 | context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \ |
| 1145 | 1323 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ |
| 1146 | 1324 | $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ |
| 1147 | 1325 | $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ |
| 1148 | $(srcdir)/sldns/sbuffer.h | |
| 1326 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1327 | $(srcdir)/dnscrypt/cert.h $(srcdir)/sldns/sbuffer.h | |
| 1149 | 1328 | libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ |
| 1150 | 1329 | $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ |
| 1151 | 1330 | $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ |
| 1154 | 1333 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ |
| 1155 | 1334 | $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ |
| 1156 | 1335 | $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ |
| 1157 | $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ | |
| 1336 | $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1337 | $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h \ | |
| 1158 | 1338 | $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h |
| 1159 | libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ | |
| 1160 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ | |
| 1161 | $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ | |
| 1162 | $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ | |
| 1163 | $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ | |
| 1164 | $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ | |
| 1165 | $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ | |
| 1166 | $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ | |
| 1167 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ | |
| 1168 | $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ | |
| 1169 | $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ | |
| 1339 | libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ | |
| 1340 | $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ | |
| 1341 | $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ | |
| 1342 | $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h \ | |
| 1343 | $(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h \ | |
| 1344 | $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1345 | $(srcdir)/dnscrypt/cert.h $(srcdir)/services/mesh.h \ | |
| 1346 | $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ | |
| 1347 | $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ | |
| 1348 | $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ | |
| 1349 | $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h \ | |
| 1350 | $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ | |
| 1170 | 1351 | $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \ |
| 1171 | 1352 | $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h |
| 1172 | 1353 | unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ |
| 1179 | 1360 | $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ |
| 1180 | 1361 | $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ |
| 1181 | 1362 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ |
| 1182 | $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h | |
| 1363 | $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ | |
| 1364 | ||
| 1183 | 1365 | perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ |
| 1184 | 1366 | $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ |
| 1185 | 1367 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ |
| 1186 | 1368 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h |
| 1187 | 1369 | delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ |
| 1188 | 1370 | $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h |
| 1189 | unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ | |
| 1190 | $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h | |
| 1371 | unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ | |
| 1372 | $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ | |
| 1373 | $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \ | |
| 1374 | $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h | |
| 1191 | 1375 | unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ |
| 1192 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h | |
| 1193 | petal.lo petal.o: $(srcdir)/testcode/petal.c config.h | |
| 1376 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ | |
| 1377 | ||
| 1378 | petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ | |
| 1379 | ||
| 1194 | 1380 | pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ |
| 1195 | 1381 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ |
| 1196 | 1382 | $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ |
| 1197 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ | |
| 1198 | $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ | |
| 1199 | $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ | |
| 1383 | $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1384 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ | |
| 1385 | $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ | |
| 1386 | $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ | |
| 1200 | 1387 | |
| 1201 | 1388 | win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ |
| 1202 | 1389 | $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ |
| 1203 | $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ | |
| 1204 | $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ | |
| 1205 | $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 1206 | $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ | |
| 1207 | $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h | |
| 1390 | $(srcdir)/daemon/worker.h \ | |
| 1391 | $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ | |
| 1392 | $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ | |
| 1393 | $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ | |
| 1394 | $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ | |
| 1395 | $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ | |
| 1396 | $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h | |
| 1208 | 1397 | w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h |
| 1209 | 1398 | unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ |
| 1210 | 1399 | $(srcdir)/winrc/w_inst.h |
| 1212 | 1401 | $(srcdir)/winrc/w_inst.h |
| 1213 | 1402 | anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ |
| 1214 | 1403 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h |
| 1215 | keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h | |
| 1404 | keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \ | |
| 1405 | $(srcdir)/sldns/rrdef.h \ | |
| 1406 | ||
| 1216 | 1407 | sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h |
| 1217 | 1408 | wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ |
| 1218 | 1409 | $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ |
| 1219 | $(srcdir)/sldns/keyraw.h | |
| 1410 | $(srcdir)/sldns/keyraw.h \ | |
| 1411 | ||
| 1220 | 1412 | parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ |
| 1221 | 1413 | $(srcdir)/sldns/sbuffer.h |
| 1222 | 1414 | parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h |
| 1236 | 1428 | strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h |
| 1237 | 1429 | strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h |
| 1238 | 1430 | strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h |
| 1239 | getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h | |
| 1431 | getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ | |
| 1432 | ||
| 1240 | 1433 | getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h |
| 1241 | getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h | |
| 1434 | getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \ | |
| 1435 | ||
| 1242 | 1436 | getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c |
| 1243 | 1437 | explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h |
| 1244 | 1438 | arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h |
| 102 | 102 | if test -z "$available_patch" ; then |
| 103 | 103 | [available_patch=0] |
| 104 | 104 | fi |
| 105 | if test $available_major -ne $required_major \ | |
| 106 | -o $available_minor -ne $required_minor \ | |
| 107 | -o $available_patch -lt $required_patch ; then | |
| 105 | [badversion=0] | |
| 106 | if test $available_major -lt $required_major ; then | |
| 107 | [badversion=1] | |
| 108 | fi | |
| 109 | if test $available_major -eq $required_major \ | |
| 110 | -a $available_minor -lt $required_minor ; then | |
| 111 | [badversion=1] | |
| 112 | fi | |
| 113 | if test $available_major -eq $required_major \ | |
| 114 | -a $available_minor -eq $required_minor \ | |
| 115 | -a $available_patch -lt $required_patch ; then | |
| 116 | [badversion=1] | |
| 117 | fi | |
| 118 | if test $badversion -eq 1 ; then | |
| 108 | 119 | AC_MSG_WARN([SWIG version >= $1 is required. You have $swig_version. You should look at http://www.swig.org]) |
| 109 | 120 | SWIG='echo "Error: SWIG version >= $1 is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' |
| 110 | 121 | else |
| 9043 | 9043 | m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) |
| 9044 | 9044 | m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) |
| 9045 | 9045 | |
| 9046 | dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- | |
| 9047 | dnl serial 11 (pkg-config-0.29.1) | |
| 9048 | dnl | |
| 9049 | dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>. | |
| 9050 | dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com> | |
| 9051 | dnl | |
| 9052 | dnl This program is free software; you can redistribute it and/or modify | |
| 9053 | dnl it under the terms of the GNU General Public License as published by | |
| 9054 | dnl the Free Software Foundation; either version 2 of the License, or | |
| 9055 | dnl (at your option) any later version. | |
| 9056 | dnl | |
| 9057 | dnl This program is distributed in the hope that it will be useful, but | |
| 9058 | dnl WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 9059 | dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 9060 | dnl General Public License for more details. | |
| 9061 | dnl | |
| 9062 | dnl You should have received a copy of the GNU General Public License | |
| 9063 | dnl along with this program; if not, write to the Free Software | |
| 9064 | dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
| 9065 | dnl 02111-1307, USA. | |
| 9066 | dnl | |
| 9067 | dnl As a special exception to the GNU General Public License, if you | |
| 9068 | dnl distribute this file as part of a program that contains a | |
| 9069 | dnl configuration script generated by Autoconf, you may include it under | |
| 9070 | dnl the same distribution terms that you use for the rest of that | |
| 9071 | dnl program. | |
| 9072 | ||
| 9073 | dnl PKG_PREREQ(MIN-VERSION) | |
| 9074 | dnl ----------------------- | |
| 9075 | dnl Since: 0.29 | |
| 9076 | dnl | |
| 9077 | dnl Verify that the version of the pkg-config macros are at least | |
| 9078 | dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's | |
| 9079 | dnl installed version of pkg-config, this checks the developer's version | |
| 9080 | dnl of pkg.m4 when generating configure. | |
| 9081 | dnl | |
| 9082 | dnl To ensure that this macro is defined, also add: | |
| 9083 | dnl m4_ifndef([PKG_PREREQ], | |
| 9084 | dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) | |
| 9085 | dnl | |
| 9086 | dnl See the "Since" comment for each macro you use to see what version | |
| 9087 | dnl of the macros you require. | |
| 9088 | m4_defun([PKG_PREREQ], | |
| 9089 | [m4_define([PKG_MACROS_VERSION], [0.29.1]) | |
| 9090 | m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, | |
| 9091 | [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) | |
| 9092 | ])dnl PKG_PREREQ | |
| 9093 | ||
| 9094 | dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) | |
| 9095 | dnl ---------------------------------- | |
| 9096 | dnl Since: 0.16 | |
| 9097 | dnl | |
| 9098 | dnl Search for the pkg-config tool and set the PKG_CONFIG variable to | |
| 9099 | dnl first found in the path. Checks that the version of pkg-config found | |
| 9100 | dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is | |
| 9101 | dnl used since that's the first version where most current features of | |
| 9102 | dnl pkg-config existed. | |
| 9103 | AC_DEFUN([PKG_PROG_PKG_CONFIG], | |
| 9104 | [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) | |
| 9105 | m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) | |
| 9106 | m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) | |
| 9107 | AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) | |
| 9108 | AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) | |
| 9109 | AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) | |
| 9110 | ||
| 9111 | if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then | |
| 9112 | AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) | |
| 9113 | fi | |
| 9114 | if test -n "$PKG_CONFIG"; then | |
| 9115 | _pkg_min_version=m4_default([$1], [0.9.0]) | |
| 9116 | AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) | |
| 9117 | if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then | |
| 9118 | AC_MSG_RESULT([yes]) | |
| 9119 | else | |
| 9120 | AC_MSG_RESULT([no]) | |
| 9121 | PKG_CONFIG="" | |
| 9122 | fi | |
| 9123 | fi[]dnl | |
| 9124 | ])dnl PKG_PROG_PKG_CONFIG | |
| 9125 | ||
| 9126 | dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) | |
| 9127 | dnl ------------------------------------------------------------------- | |
| 9128 | dnl Since: 0.18 | |
| 9129 | dnl | |
| 9130 | dnl Check to see whether a particular set of modules exists. Similar to | |
| 9131 | dnl PKG_CHECK_MODULES(), but does not set variables or print errors. | |
| 9132 | dnl | |
| 9133 | dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) | |
| 9134 | dnl only at the first occurence in configure.ac, so if the first place | |
| 9135 | dnl it's called might be skipped (such as if it is within an "if", you | |
| 9136 | dnl have to call PKG_CHECK_EXISTS manually | |
| 9137 | AC_DEFUN([PKG_CHECK_EXISTS], | |
| 9138 | [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl | |
| 9139 | if test -n "$PKG_CONFIG" && \ | |
| 9140 | AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then | |
| 9141 | m4_default([$2], [:]) | |
| 9142 | m4_ifvaln([$3], [else | |
| 9143 | $3])dnl | |
| 9144 | fi]) | |
| 9145 | ||
| 9146 | dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) | |
| 9147 | dnl --------------------------------------------- | |
| 9148 | dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting | |
| 9149 | dnl pkg_failed based on the result. | |
| 9150 | m4_define([_PKG_CONFIG], | |
| 9151 | [if test -n "$$1"; then | |
| 9152 | pkg_cv_[]$1="$$1" | |
| 9153 | elif test -n "$PKG_CONFIG"; then | |
| 9154 | PKG_CHECK_EXISTS([$3], | |
| 9155 | [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` | |
| 9156 | test "x$?" != "x0" && pkg_failed=yes ], | |
| 9157 | [pkg_failed=yes]) | |
| 9158 | else | |
| 9159 | pkg_failed=untried | |
| 9160 | fi[]dnl | |
| 9161 | ])dnl _PKG_CONFIG | |
| 9162 | ||
| 9163 | dnl _PKG_SHORT_ERRORS_SUPPORTED | |
| 9164 | dnl --------------------------- | |
| 9165 | dnl Internal check to see if pkg-config supports short errors. | |
| 9166 | AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], | |
| 9167 | [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) | |
| 9168 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | |
| 9169 | _pkg_short_errors_supported=yes | |
| 9170 | else | |
| 9171 | _pkg_short_errors_supported=no | |
| 9172 | fi[]dnl | |
| 9173 | ])dnl _PKG_SHORT_ERRORS_SUPPORTED | |
| 9174 | ||
| 9175 | ||
| 9176 | dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], | |
| 9177 | dnl [ACTION-IF-NOT-FOUND]) | |
| 9178 | dnl -------------------------------------------------------------- | |
| 9179 | dnl Since: 0.4.0 | |
| 9180 | dnl | |
| 9181 | dnl Note that if there is a possibility the first call to | |
| 9182 | dnl PKG_CHECK_MODULES might not happen, you should be sure to include an | |
| 9183 | dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac | |
| 9184 | AC_DEFUN([PKG_CHECK_MODULES], | |
| 9185 | [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl | |
| 9186 | AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl | |
| 9187 | AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl | |
| 9188 | ||
| 9189 | pkg_failed=no | |
| 9190 | AC_MSG_CHECKING([for $1]) | |
| 9191 | ||
| 9192 | _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) | |
| 9193 | _PKG_CONFIG([$1][_LIBS], [libs], [$2]) | |
| 9194 | ||
| 9195 | m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS | |
| 9196 | and $1[]_LIBS to avoid the need to call pkg-config. | |
| 9197 | See the pkg-config man page for more details.]) | |
| 9198 | ||
| 9199 | if test $pkg_failed = yes; then | |
| 9200 | AC_MSG_RESULT([no]) | |
| 9201 | _PKG_SHORT_ERRORS_SUPPORTED | |
| 9202 | if test $_pkg_short_errors_supported = yes; then | |
| 9203 | $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` | |
| 9204 | else | |
| 9205 | $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` | |
| 9206 | fi | |
| 9207 | # Put the nasty error message in config.log where it belongs | |
| 9208 | echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD | |
| 9209 | ||
| 9210 | m4_default([$4], [AC_MSG_ERROR( | |
| 9211 | [Package requirements ($2) were not met: | |
| 9212 | ||
| 9213 | $$1_PKG_ERRORS | |
| 9214 | ||
| 9215 | Consider adjusting the PKG_CONFIG_PATH environment variable if you | |
| 9216 | installed software in a non-standard prefix. | |
| 9217 | ||
| 9218 | _PKG_TEXT])[]dnl | |
| 9219 | ]) | |
| 9220 | elif test $pkg_failed = untried; then | |
| 9221 | AC_MSG_RESULT([no]) | |
| 9222 | m4_default([$4], [AC_MSG_FAILURE( | |
| 9223 | [The pkg-config script could not be found or is too old. Make sure it | |
| 9224 | is in your PATH or set the PKG_CONFIG environment variable to the full | |
| 9225 | path to pkg-config. | |
| 9226 | ||
| 9227 | _PKG_TEXT | |
| 9228 | ||
| 9229 | To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl | |
| 9230 | ]) | |
| 9231 | else | |
| 9232 | $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS | |
| 9233 | $1[]_LIBS=$pkg_cv_[]$1[]_LIBS | |
| 9234 | AC_MSG_RESULT([yes]) | |
| 9235 | $3 | |
| 9236 | fi[]dnl | |
| 9237 | ])dnl PKG_CHECK_MODULES | |
| 9238 | ||
| 9239 | ||
| 9240 | dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], | |
| 9241 | dnl [ACTION-IF-NOT-FOUND]) | |
| 9242 | dnl --------------------------------------------------------------------- | |
| 9243 | dnl Since: 0.29 | |
| 9244 | dnl | |
| 9245 | dnl Checks for existence of MODULES and gathers its build flags with | |
| 9246 | dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags | |
| 9247 | dnl and VARIABLE-PREFIX_LIBS from --libs. | |
| 9248 | dnl | |
| 9249 | dnl Note that if there is a possibility the first call to | |
| 9250 | dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to | |
| 9251 | dnl include an explicit call to PKG_PROG_PKG_CONFIG in your | |
| 9252 | dnl configure.ac. | |
| 9253 | AC_DEFUN([PKG_CHECK_MODULES_STATIC], | |
| 9254 | [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl | |
| 9255 | _save_PKG_CONFIG=$PKG_CONFIG | |
| 9256 | PKG_CONFIG="$PKG_CONFIG --static" | |
| 9257 | PKG_CHECK_MODULES($@) | |
| 9258 | PKG_CONFIG=$_save_PKG_CONFIG[]dnl | |
| 9259 | ])dnl PKG_CHECK_MODULES_STATIC | |
| 9260 | ||
| 9261 | ||
| 9262 | dnl PKG_INSTALLDIR([DIRECTORY]) | |
| 9263 | dnl ------------------------- | |
| 9264 | dnl Since: 0.27 | |
| 9265 | dnl | |
| 9266 | dnl Substitutes the variable pkgconfigdir as the location where a module | |
| 9267 | dnl should install pkg-config .pc files. By default the directory is | |
| 9268 | dnl $libdir/pkgconfig, but the default can be changed by passing | |
| 9269 | dnl DIRECTORY. The user can override through the --with-pkgconfigdir | |
| 9270 | dnl parameter. | |
| 9271 | AC_DEFUN([PKG_INSTALLDIR], | |
| 9272 | [m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) | |
| 9273 | m4_pushdef([pkg_description], | |
| 9274 | [pkg-config installation directory @<:@]pkg_default[@:>@]) | |
| 9275 | AC_ARG_WITH([pkgconfigdir], | |
| 9276 | [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, | |
| 9277 | [with_pkgconfigdir=]pkg_default) | |
| 9278 | AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) | |
| 9279 | m4_popdef([pkg_default]) | |
| 9280 | m4_popdef([pkg_description]) | |
| 9281 | ])dnl PKG_INSTALLDIR | |
| 9282 | ||
| 9283 | ||
| 9284 | dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) | |
| 9285 | dnl -------------------------------- | |
| 9286 | dnl Since: 0.27 | |
| 9287 | dnl | |
| 9288 | dnl Substitutes the variable noarch_pkgconfigdir as the location where a | |
| 9289 | dnl module should install arch-independent pkg-config .pc files. By | |
| 9290 | dnl default the directory is $datadir/pkgconfig, but the default can be | |
| 9291 | dnl changed by passing DIRECTORY. The user can override through the | |
| 9292 | dnl --with-noarch-pkgconfigdir parameter. | |
| 9293 | AC_DEFUN([PKG_NOARCH_INSTALLDIR], | |
| 9294 | [m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) | |
| 9295 | m4_pushdef([pkg_description], | |
| 9296 | [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) | |
| 9297 | AC_ARG_WITH([noarch-pkgconfigdir], | |
| 9298 | [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, | |
| 9299 | [with_noarch_pkgconfigdir=]pkg_default) | |
| 9300 | AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) | |
| 9301 | m4_popdef([pkg_default]) | |
| 9302 | m4_popdef([pkg_description]) | |
| 9303 | ])dnl PKG_NOARCH_INSTALLDIR | |
| 9304 | ||
| 9305 | ||
| 9306 | dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, | |
| 9307 | dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) | |
| 9308 | dnl ------------------------------------------- | |
| 9309 | dnl Since: 0.28 | |
| 9310 | dnl | |
| 9311 | dnl Retrieves the value of the pkg-config variable for the given module. | |
| 9312 | AC_DEFUN([PKG_CHECK_VAR], | |
| 9313 | [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl | |
| 9314 | AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl | |
| 9315 | ||
| 9316 | _PKG_CONFIG([$1], [variable="][$3]["], [$2]) | |
| 9317 | AS_VAR_COPY([$1], [pkg_cv_][$1]) | |
| 9318 | ||
| 9319 | AS_VAR_IF([$1], [""], [$5], [$4])dnl | |
| 9320 | ])dnl PKG_CHECK_VAR | |
| 9321 | ||
| 9322 | # AM_CONDITIONAL -*- Autoconf -*- | |
| 9323 | ||
| 9324 | # Copyright (C) 1997-2014 Free Software Foundation, Inc. | |
| 9325 | # | |
| 9326 | # This file is free software; the Free Software Foundation | |
| 9327 | # gives unlimited permission to copy and/or distribute it, | |
| 9328 | # with or without modifications, as long as this notice is preserved. | |
| 9329 | ||
| 9330 | # AM_CONDITIONAL(NAME, SHELL-CONDITION) | |
| 9331 | # ------------------------------------- | |
| 9332 | # Define a conditional. | |
| 9333 | AC_DEFUN([AM_CONDITIONAL], | |
| 9334 | [AC_PREREQ([2.52])dnl | |
| 9335 | m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], | |
| 9336 | [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl | |
| 9337 | AC_SUBST([$1_TRUE])dnl | |
| 9338 | AC_SUBST([$1_FALSE])dnl | |
| 9339 | _AM_SUBST_NOTMAKE([$1_TRUE])dnl | |
| 9340 | _AM_SUBST_NOTMAKE([$1_FALSE])dnl | |
| 9341 | m4_define([_AM_COND_VALUE_$1], [$2])dnl | |
| 9342 | if $2; then | |
| 9343 | $1_TRUE= | |
| 9344 | $1_FALSE='#' | |
| 9345 | else | |
| 9346 | $1_TRUE='#' | |
| 9347 | $1_FALSE= | |
| 9348 | fi | |
| 9349 | AC_CONFIG_COMMANDS_PRE( | |
| 9350 | [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then | |
| 9351 | AC_MSG_ERROR([[conditional "$1" was never defined. | |
| 9352 | Usually this means the macro was only invoked conditionally.]]) | |
| 9353 | fi])]) | |
| 9354 | ||
| 9355 | # Copyright (C) 2006-2014 Free Software Foundation, Inc. | |
| 9356 | # | |
| 9357 | # This file is free software; the Free Software Foundation | |
| 9358 | # gives unlimited permission to copy and/or distribute it, | |
| 9359 | # with or without modifications, as long as this notice is preserved. | |
| 9360 | ||
| 9361 | # _AM_SUBST_NOTMAKE(VARIABLE) | |
| 9362 | # --------------------------- | |
| 9363 | # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. | |
| 9364 | # This macro is traced by Automake. | |
| 9365 | AC_DEFUN([_AM_SUBST_NOTMAKE]) | |
| 9366 | ||
| 9367 | # AM_SUBST_NOTMAKE(VARIABLE) | |
| 9368 | # -------------------------- | |
| 9369 | # Public sister of _AM_SUBST_NOTMAKE. | |
| 9370 | AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) | |
| 9371 |
| 21 | 21 | # Check if you have distutils, else fail |
| 22 | 22 | # |
| 23 | 23 | AC_MSG_CHECKING([for the distutils Python package]) |
| 24 | ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` | |
| 25 | if test -z "$ac_distutils_result"; then | |
| 24 | if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then | |
| 26 | 25 | AC_MSG_RESULT([yes]) |
| 27 | 26 | else |
| 28 | 27 | AC_MSG_RESULT([no]) |
| 170 | 170 | cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) |
| 171 | 171 | { |
| 172 | 172 | const char* backend_str = "testframe"; /* TODO get from cfg */ |
| 173 | (void)cfg; /* need this until the TODO is implemented */ | |
| 173 | 174 | if(backend_str && backend_str[0]) { |
| 174 | 175 | cachedb_env->backend = cachedb_find_backend(backend_str); |
| 175 | 176 | if(!cachedb_env->backend) { |
| 176 | 177 | log_err("cachedb: cannot find backend name '%s", |
| 177 | 178 | backend_str); |
| 178 | return NULL; | |
| 179 | return 0; | |
| 179 | 180 | } |
| 180 | 181 | } |
| 181 | 182 | /* TODO see if more configuration needs to be applied or not */ |
| 373 | 374 | return 1; |
| 374 | 375 | } |
| 375 | 376 | |
| 377 | static void | |
| 378 | packed_rrset_ttl_subtract(struct packed_rrset_data* data, time_t subtract) | |
| 379 | { | |
| 380 | size_t i; | |
| 381 | size_t total = data->count + data->rrsig_count; | |
| 382 | if(data->ttl > subtract) | |
| 383 | data->ttl -= subtract; | |
| 384 | else data->ttl = 0; | |
| 385 | for(i=0; i<total; i++) { | |
| 386 | if(data->rr_ttl[i] > subtract) | |
| 387 | data->rr_ttl[i] -= subtract; | |
| 388 | else data->rr_ttl[i] = 0; | |
| 389 | } | |
| 390 | } | |
| 391 | ||
| 392 | static void | |
| 393 | adjust_msg_ttl(struct dns_msg* msg, time_t adjust) | |
| 394 | { | |
| 395 | size_t i; | |
| 396 | if(msg->rep->ttl > adjust) | |
| 397 | msg->rep->ttl -= adjust; | |
| 398 | else msg->rep->ttl = 0; | |
| 399 | msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); | |
| 400 | ||
| 401 | for(i=0; i<msg->rep->rrset_count; i++) { | |
| 402 | packed_rrset_ttl_subtract((struct packed_rrset_data*)msg-> | |
| 403 | rep->rrsets[i]->entry.data, adjust); | |
| 404 | } | |
| 405 | } | |
| 406 | ||
| 376 | 407 | /** convert dns message in buffer to return_msg */ |
| 377 | 408 | static int |
| 378 | 409 | parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) |
| 419 | 450 | qstate->return_rcode = LDNS_RCODE_NOERROR; |
| 420 | 451 | |
| 421 | 452 | /* see how much of the TTL expired, and remove it */ |
| 453 | if(*qstate->env->now <= (time_t)timestamp) { | |
| 454 | verbose(VERB_ALGO, "cachedb msg adjust by zero"); | |
| 455 | return 1; /* message from the future (clock skew?) */ | |
| 456 | } | |
| 422 | 457 | adjust = *qstate->env->now - (time_t)timestamp; |
| 458 | if(qstate->return_msg->rep->ttl < adjust) { | |
| 459 | verbose(VERB_ALGO, "cachedb msg expired"); | |
| 460 | return 0; /* message expired */ | |
| 461 | } | |
| 423 | 462 | verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust); |
| 424 | /*adjust_msg(qstate->return_msg, adjust);*/ | |
| 425 | /* TODO: | |
| 426 | msg->rep->ttl = r->ttl - adjust; | |
| 427 | msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); | |
| 428 | for(i=0; i<d->count + d->rrsig_count; i++) { | |
| 429 | if(d->rr_ttl[i] < adjust) | |
| 430 | d->rr_ttl[i] = 0; | |
| 431 | else d->rr_ttl[i] -= adjust; | |
| 432 | } | |
| 433 | if(d->ttl < adjust) | |
| 434 | d->ttl = 0; | |
| 435 | else d->ttl -= adjust; | |
| 436 | */ | |
| 437 | /* TODO */ | |
| 438 | ||
| 439 | return 0; | |
| 463 | adjust_msg_ttl(qstate->return_msg, adjust); | |
| 464 | return 1; | |
| 440 | 465 | } |
| 441 | 466 | |
| 442 | 467 | /** |
| 47 | 47 | } |
| 48 | 48 | #else /* !THREADS_DISABLED */ |
| 49 | 49 | |
| 50 | static lock_quick_t arc4lock; | |
| 50 | static lock_quick_type arc4lock; | |
| 51 | 51 | static int arc4lockinit = 0; |
| 52 | 52 | |
| 53 | 53 | void _ARC4_LOCK(void) |
| 5 | 5 | #include "util/locks.h" |
| 6 | 6 | |
| 7 | 7 | /** the lock for ctime buffer */ |
| 8 | static lock_basic_t ctime_lock; | |
| 8 | static lock_basic_type ctime_lock; | |
| 9 | 9 | /** has it been inited */ |
| 10 | 10 | static int ctime_r_init = 0; |
| 11 | 11 |
| 1 | 1 | |
| 2 | 2 | /* Directory to chroot to */ |
| 3 | 3 | #undef CHROOT_DIR |
| 4 | ||
| 5 | /* Define this to enable client subnet option. */ | |
| 6 | #undef CLIENT_SUBNET | |
| 4 | 7 | |
| 5 | 8 | /* Do sha512 definitions in config.h */ |
| 6 | 9 | #undef COMPAT_SHA512 |
| 67 | 70 | if you don't. */ |
| 68 | 71 | #undef HAVE_DECL_ARC4RANDOM_UNIFORM |
| 69 | 72 | |
| 73 | /* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you | |
| 74 | don't. */ | |
| 75 | #undef HAVE_DECL_INET_NTOP | |
| 76 | ||
| 77 | /* Define to 1 if you have the declaration of `inet_pton', and to 0 if you | |
| 78 | don't. */ | |
| 79 | #undef HAVE_DECL_INET_PTON | |
| 80 | ||
| 81 | /* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you | |
| 82 | don't. */ | |
| 83 | #undef HAVE_DECL_NID_ED25519 | |
| 84 | ||
| 70 | 85 | /* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you |
| 71 | 86 | don't. */ |
| 72 | 87 | #undef HAVE_DECL_NID_SECP384R1 |
| 145 | 160 | /* Define to 1 if you have the `EVP_cleanup' function. */ |
| 146 | 161 | #undef HAVE_EVP_CLEANUP |
| 147 | 162 | |
| 163 | /* Define to 1 if you have the `EVP_DigestVerify' function. */ | |
| 164 | #undef HAVE_EVP_DIGESTVERIFY | |
| 165 | ||
| 148 | 166 | /* Define to 1 if you have the `EVP_dss1' function. */ |
| 149 | 167 | #undef HAVE_EVP_DSS1 |
| 150 | 168 | |
| 376 | 394 | /* Define to 1 if you have the `SHA512_Update' function. */ |
| 377 | 395 | #undef HAVE_SHA512_UPDATE |
| 378 | 396 | |
| 397 | /* Define to 1 if you have the `shmget' function. */ | |
| 398 | #undef HAVE_SHMGET | |
| 399 | ||
| 379 | 400 | /* Define to 1 if you have the `sigprocmask' function. */ |
| 380 | 401 | #undef HAVE_SIGPROCMASK |
| 381 | 402 | |
| 445 | 466 | /* Define to 1 if you have the <syslog.h> header file. */ |
| 446 | 467 | #undef HAVE_SYSLOG_H |
| 447 | 468 | |
| 469 | /* Define to 1 if systemd should be used */ | |
| 470 | #undef HAVE_SYSTEMD | |
| 471 | ||
| 472 | /* Define to 1 if you have the <sys/ipc.h> header file. */ | |
| 473 | #undef HAVE_SYS_IPC_H | |
| 474 | ||
| 448 | 475 | /* Define to 1 if you have the <sys/param.h> header file. */ |
| 449 | 476 | #undef HAVE_SYS_PARAM_H |
| 450 | 477 | |
| 453 | 480 | |
| 454 | 481 | /* Define to 1 if you have the <sys/sha2.h> header file. */ |
| 455 | 482 | #undef HAVE_SYS_SHA2_H |
| 483 | ||
| 484 | /* Define to 1 if you have the <sys/shm.h> header file. */ | |
| 485 | #undef HAVE_SYS_SHM_H | |
| 456 | 486 | |
| 457 | 487 | /* Define to 1 if you have the <sys/socket.h> header file. */ |
| 458 | 488 | #undef HAVE_SYS_SOCKET_H |
| 639 | 669 | /* Define to 1 to use cachedb support */ |
| 640 | 670 | #undef USE_CACHEDB |
| 641 | 671 | |
| 672 | /* Define to 1 to enable dnscrypt support */ | |
| 673 | #undef USE_DNSCRYPT | |
| 674 | ||
| 675 | /* Define to 1 to enable dnscrypt with xchacha20 support */ | |
| 676 | #undef USE_DNSCRYPT_XCHACHA20 | |
| 677 | ||
| 642 | 678 | /* Define to 1 to enable dnstap support */ |
| 643 | 679 | #undef USE_DNSTAP |
| 644 | 680 | |
| 651 | 687 | /* Define this to enable an EVP workaround for older openssl */ |
| 652 | 688 | #undef USE_ECDSA_EVP_WORKAROUND |
| 653 | 689 | |
| 690 | /* Define this to enable ED25519 support. */ | |
| 691 | #undef USE_ED25519 | |
| 692 | ||
| 654 | 693 | /* Define this to enable GOST support. */ |
| 655 | 694 | #undef USE_GOST |
| 656 | 695 | |
| 696 | /* Define to 1 to use ipsecmod support. */ | |
| 697 | #undef USE_IPSECMOD | |
| 698 | ||
| 657 | 699 | /* Define if you want to use internal select based events */ |
| 658 | 700 | #undef USE_MINI_EVENT |
| 659 | 701 | |
| 662 | 704 | |
| 663 | 705 | /* Define this to enable client TCP Fast Open. */ |
| 664 | 706 | #undef USE_OSX_MSG_FASTOPEN |
| 707 | ||
| 708 | /* Define this to enable SHA1 support. */ | |
| 709 | #undef USE_SHA1 | |
| 665 | 710 | |
| 666 | 711 | /* Define this to enable SHA256 and SHA512 support. */ |
| 667 | 712 | #undef USE_SHA2 |
| 1058 | 1103 | #ifndef HAVE_ISBLANK |
| 1059 | 1104 | #define isblank unbound_isblank |
| 1060 | 1105 | int isblank(int c); |
| 1106 | #endif | |
| 1107 | ||
| 1108 | #if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP | |
| 1109 | const char *inet_ntop(int af, const void *src, char *dst, size_t size); | |
| 1110 | #endif | |
| 1111 | ||
| 1112 | #if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON | |
| 1113 | int inet_pton(int af, const char* src, void* dst); | |
| 1061 | 1114 | #endif |
| 1062 | 1115 | |
| 1063 | 1116 | #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) |
| 0 | 0 | #! /bin/sh |
| 1 | 1 | # Guess values for system-dependent variables and create Makefiles. |
| 2 | # Generated by GNU Autoconf 2.69 for unbound 1.6.0. | |
| 2 | # Generated by GNU Autoconf 2.69 for unbound 1.6.4. | |
| 3 | 3 | # |
| 4 | 4 | # Report bugs to <unbound-bugs@nlnetlabs.nl>. |
| 5 | 5 | # |
| 589 | 589 | # Identity of this package. |
| 590 | 590 | PACKAGE_NAME='unbound' |
| 591 | 591 | PACKAGE_TARNAME='unbound' |
| 592 | PACKAGE_VERSION='1.6.0' | |
| 593 | PACKAGE_STRING='unbound 1.6.0' | |
| 592 | PACKAGE_VERSION='1.6.4' | |
| 593 | PACKAGE_STRING='unbound 1.6.4' | |
| 594 | 594 | PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' |
| 595 | 595 | PACKAGE_URL='' |
| 596 | 596 | |
| 637 | 637 | ALLTARGET |
| 638 | 638 | SOURCEFILE |
| 639 | 639 | SOURCEDETERMINE |
| 640 | IPSECMOD_HEADER | |
| 641 | IPSECMOD_OBJ | |
| 642 | DNSCRYPT_OBJ | |
| 643 | DNSCRYPT_SRC | |
| 644 | ENABLE_DNSCRYPT | |
| 645 | ENABLE_DNSCRYPT_XCHACHA20 | |
| 640 | 646 | DNSTAP_OBJ |
| 641 | 647 | DNSTAP_SRC |
| 642 | 648 | opt_dnstap_socket_path |
| 657 | 663 | WINAPPS |
| 658 | 664 | WINDRES |
| 659 | 665 | CHECKLOCK_OBJ |
| 666 | USE_SYSTEMD_FALSE | |
| 667 | USE_SYSTEMD_TRUE | |
| 668 | SYSTEMD_DAEMON_LIBS | |
| 669 | SYSTEMD_DAEMON_CFLAGS | |
| 670 | SYSTEMD_LIBS | |
| 671 | SYSTEMD_CFLAGS | |
| 672 | PKG_CONFIG_LIBDIR | |
| 673 | PKG_CONFIG_PATH | |
| 674 | PKG_CONFIG | |
| 660 | 675 | staticexe |
| 661 | 676 | PC_LIBEVENT_DEPENDENCY |
| 662 | 677 | UNBOUND_EVENT_UNINSTALL |
| 663 | 678 | UNBOUND_EVENT_INSTALL |
| 679 | SUBNET_HEADER | |
| 680 | SUBNET_OBJ | |
| 664 | 681 | SSLLIB |
| 665 | 682 | HAVE_SSL |
| 666 | 683 | CONFIG_DATE |
| 740 | 757 | UNBOUND_RUN_DIR |
| 741 | 758 | ub_conf_dir |
| 742 | 759 | ub_conf_file |
| 760 | UNBOUND_LOCALSTATE_DIR | |
| 761 | UNBOUND_SYSCONF_DIR | |
| 762 | UNBOUND_SBIN_DIR | |
| 743 | 763 | EGREP |
| 744 | 764 | GREP |
| 745 | 765 | CPP |
| 830 | 850 | with_nss |
| 831 | 851 | with_nettle |
| 832 | 852 | with_ssl |
| 853 | enable_sha1 | |
| 833 | 854 | enable_sha2 |
| 855 | enable_subnet | |
| 834 | 856 | enable_gost |
| 835 | 857 | enable_ecdsa |
| 836 | 858 | enable_dsa |
| 859 | enable_ed25519 | |
| 837 | 860 | enable_event_api |
| 838 | 861 | enable_tfo_client |
| 839 | 862 | enable_tfo_server |
| 840 | 863 | with_libevent |
| 841 | 864 | with_libexpat |
| 842 | 865 | enable_static_exe |
| 866 | enable_systemd | |
| 843 | 867 | enable_lock_checks |
| 844 | 868 | enable_allsymbols |
| 845 | 869 | enable_dnstap |
| 846 | 870 | with_dnstap_socket_path |
| 847 | 871 | with_protobuf_c |
| 848 | 872 | with_libfstrm |
| 873 | enable_dnscrypt | |
| 874 | with_libsodium | |
| 849 | 875 | enable_cachedb |
| 876 | enable_ipsecmod | |
| 850 | 877 | with_libunbound_only |
| 851 | 878 | ' |
| 852 | 879 | ac_precious_vars='build_alias |
| 861 | 888 | YACC |
| 862 | 889 | YFLAGS |
| 863 | 890 | LT_SYS_LIBRARY_PATH |
| 864 | PYTHON_VERSION' | |
| 891 | PYTHON_VERSION | |
| 892 | PKG_CONFIG | |
| 893 | PKG_CONFIG_PATH | |
| 894 | PKG_CONFIG_LIBDIR | |
| 895 | SYSTEMD_CFLAGS | |
| 896 | SYSTEMD_LIBS | |
| 897 | SYSTEMD_DAEMON_CFLAGS | |
| 898 | SYSTEMD_DAEMON_LIBS' | |
| 865 | 899 | |
| 866 | 900 | |
| 867 | 901 | # Initialize some variables set by options. |
| 1402 | 1436 | # Omit some internal or obsolete options to make the list less imposing. |
| 1403 | 1437 | # This message is too long to be a string in the A/UX 3.1 sh. |
| 1404 | 1438 | cat <<_ACEOF |
| 1405 | \`configure' configures unbound 1.6.0 to adapt to many kinds of systems. | |
| 1439 | \`configure' configures unbound 1.6.4 to adapt to many kinds of systems. | |
| 1406 | 1440 | |
| 1407 | 1441 | Usage: $0 [OPTION]... [VAR=VALUE]... |
| 1408 | 1442 | |
| 1467 | 1501 | |
| 1468 | 1502 | if test -n "$ac_init_help"; then |
| 1469 | 1503 | case $ac_init_help in |
| 1470 | short | recursive ) echo "Configuration of unbound 1.6.0:";; | |
| 1504 | short | recursive ) echo "Configuration of unbound 1.6.4:";; | |
| 1471 | 1505 | esac |
| 1472 | 1506 | cat <<\_ACEOF |
| 1473 | 1507 | |
| 1497 | 1531 | enable nonregional allocs, slow but exposes regional |
| 1498 | 1532 | allocations to other memory purifiers, for debug |
| 1499 | 1533 | purposes |
| 1534 | --disable-sha1 Disable SHA1 RRSIG support, does not disable nsec3 | |
| 1535 | support | |
| 1500 | 1536 | --disable-sha2 Disable SHA256 and SHA512 RRSIG support |
| 1537 | --enable-subnet Enable client subnet | |
| 1501 | 1538 | --disable-gost Disable GOST support |
| 1502 | 1539 | --disable-ecdsa Disable ECDSA support |
| 1503 | 1540 | --disable-dsa Disable DSA support |
| 1541 | --disable-ed25519 Disable ED25519 support | |
| 1504 | 1542 | --enable-event-api Enable (experimental) pluggable event base |
| 1505 | 1543 | libunbound API installed to unbound-event.h |
| 1506 | 1544 | --enable-tfo-client Enable TCP Fast Open for client mode |
| 1507 | 1545 | --enable-tfo-server Enable TCP Fast Open for server mode |
| 1508 | 1546 | --enable-static-exe enable to compile executables statically against |
| 1509 | 1547 | (event) libs, for debug purposes |
| 1548 | --enable-systemd compile with systemd support | |
| 1510 | 1549 | --enable-lock-checks enable to check lock and unlock calls, for debug |
| 1511 | 1550 | purposes |
| 1512 | 1551 | --enable-allsymbols export all symbols from libunbound and link binaries |
| 1513 | 1552 | to it, smaller install size but libunbound export |
| 1514 | 1553 | table is polluted by internal symbols |
| 1515 | 1554 | --enable-dnstap Enable dnstap support (requires fstrm, protobuf-c) |
| 1555 | --enable-dnscrypt Enable dnscrypt support (requires libsodium) | |
| 1516 | 1556 | --enable-cachedb enable cachedb module that can use external cache |
| 1517 | 1557 | storage |
| 1558 | --enable-ipsecmod Enable ipsecmod module that facilitates | |
| 1559 | opportunistic IPsec | |
| 1518 | 1560 | |
| 1519 | 1561 | Optional Packages: |
| 1520 | 1562 | --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] |
| 1567 | 1609 | set default dnstap socket path |
| 1568 | 1610 | --with-protobuf-c=path Path where protobuf-c is installed, for dnstap |
| 1569 | 1611 | --with-libfstrm=path Path where libfstrm is installed, for dnstap |
| 1612 | --with-libsodium=path Path where libsodium is installed, for dnscrypt | |
| 1570 | 1613 | --with-libunbound-only do not build daemon and tool programs |
| 1571 | 1614 | |
| 1572 | 1615 | Some influential environment variables: |
| 1590 | 1633 | The installed Python version to use, for example '2.3'. This |
| 1591 | 1634 | string will be appended to the Python interpreter canonical |
| 1592 | 1635 | name. |
| 1636 | PKG_CONFIG path to pkg-config utility | |
| 1637 | PKG_CONFIG_PATH | |
| 1638 | directories to add to pkg-config's search path | |
| 1639 | PKG_CONFIG_LIBDIR | |
| 1640 | path overriding pkg-config's built-in search path | |
| 1641 | SYSTEMD_CFLAGS | |
| 1642 | C compiler flags for SYSTEMD, overriding pkg-config | |
| 1643 | SYSTEMD_LIBS | |
| 1644 | linker flags for SYSTEMD, overriding pkg-config | |
| 1645 | SYSTEMD_DAEMON_CFLAGS | |
| 1646 | C compiler flags for SYSTEMD_DAEMON, overriding pkg-config | |
| 1647 | SYSTEMD_DAEMON_LIBS | |
| 1648 | linker flags for SYSTEMD_DAEMON, overriding pkg-config | |
| 1593 | 1649 | |
| 1594 | 1650 | Use these variables to override the choices made by `configure' or to help |
| 1595 | 1651 | it to find libraries and programs with nonstandard names/locations. |
| 1657 | 1713 | test -n "$ac_init_help" && exit $ac_status |
| 1658 | 1714 | if $ac_init_version; then |
| 1659 | 1715 | cat <<\_ACEOF |
| 1660 | unbound configure 1.6.0 | |
| 1716 | unbound configure 1.6.4 | |
| 1661 | 1717 | generated by GNU Autoconf 2.69 |
| 1662 | 1718 | |
| 1663 | 1719 | Copyright (C) 2012 Free Software Foundation, Inc. |
| 2366 | 2422 | This file contains any messages produced by compilers while |
| 2367 | 2423 | running configure, to aid debugging if configure makes a mistake. |
| 2368 | 2424 | |
| 2369 | It was created by unbound $as_me 1.6.0, which was | |
| 2425 | It was created by unbound $as_me 1.6.4, which was | |
| 2370 | 2426 | generated by GNU Autoconf 2.69. Invocation command line was |
| 2371 | 2427 | |
| 2372 | 2428 | $ $0 $@ |
| 2718 | 2774 | |
| 2719 | 2775 | UNBOUND_VERSION_MINOR=6 |
| 2720 | 2776 | |
| 2721 | UNBOUND_VERSION_MICRO=0 | |
| 2722 | ||
| 2723 | ||
| 2724 | LIBUNBOUND_CURRENT=6 | |
| 2777 | UNBOUND_VERSION_MICRO=4 | |
| 2778 | ||
| 2779 | ||
| 2780 | LIBUNBOUND_CURRENT=7 | |
| 2725 | 2781 | LIBUNBOUND_REVISION=3 |
| 2726 | LIBUNBOUND_AGE=4 | |
| 2782 | LIBUNBOUND_AGE=5 | |
| 2727 | 2783 | # 1.0.0 had 0:12:0 |
| 2728 | 2784 | # 1.0.1 had 0:13:0 |
| 2729 | 2785 | # 1.0.2 had 0:14:0 |
| 2773 | 2829 | # 1.5.9 had 6:1:4 |
| 2774 | 2830 | # 1.5.10 had 6:2:4 |
| 2775 | 2831 | # 1.6.0 had 6:3:4 |
| 2832 | # 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type | |
| 2833 | # 1.6.2 had 7:1:5 | |
| 2834 | # 1.6.3 had 7:2:5 | |
| 2835 | # 1.6.4 had 7:3:5 | |
| 2776 | 2836 | |
| 2777 | 2837 | # Current -- the number of the binary API that we're implementing |
| 2778 | 2838 | # Revision -- which iteration of the implementation of the binary |
| 4057 | 4117 | prefix="/usr/local" |
| 4058 | 4118 | ;; |
| 4059 | 4119 | esac |
| 4120 | case "$exec_prefix" in | |
| 4121 | NONE) | |
| 4122 | exec_prefix="$prefix" | |
| 4123 | ;; | |
| 4124 | esac | |
| 4060 | 4125 | |
| 4061 | 4126 | # are we on MinGW? |
| 4062 | 4127 | if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" |
| 4068 | 4133 | # |
| 4069 | 4134 | # Determine configuration file |
| 4070 | 4135 | # the eval is to evaluate shell expansion twice |
| 4136 | UNBOUND_SBIN_DIR=`eval echo "${sbindir}"` | |
| 4137 | ||
| 4138 | UNBOUND_SYSCONF_DIR=`eval echo "${sysconfdir}"` | |
| 4139 | ||
| 4140 | UNBOUND_LOCALSTATE_DIR=`eval echo "${localstatedir}"` | |
| 4141 | ||
| 4071 | 4142 | if test $on_mingw = "no"; then |
| 4072 | 4143 | ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` |
| 4073 | 4144 | else |
| 4074 | ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" | |
| 4145 | ub_conf_file="C:\\Program Files\\Unbound\\service.conf" | |
| 4075 | 4146 | fi |
| 4076 | 4147 | |
| 4077 | 4148 | # Check whether --with-conf_file was given. |
| 4202 | 4273 | if test $on_mingw = no; then |
| 4203 | 4274 | UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" |
| 4204 | 4275 | else |
| 4205 | UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" | |
| 4276 | UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" | |
| 4206 | 4277 | fi |
| 4207 | 4278 | |
| 4208 | 4279 | fi |
| 4224 | 4295 | if test $on_mingw = no; then |
| 4225 | 4296 | UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" |
| 4226 | 4297 | else |
| 4227 | UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" | |
| 4298 | UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" | |
| 4228 | 4299 | fi |
| 4229 | 4300 | |
| 4230 | 4301 | fi |
| 14389 | 14460 | |
| 14390 | 14461 | |
| 14391 | 14462 | # Checks for header files. |
| 14392 | for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h | |
| 14463 | for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/ipc.h sys/shm.h | |
| 14393 | 14464 | do : |
| 14394 | 14465 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` |
| 14395 | 14466 | ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default |
| 16684 | 16755 | # |
| 16685 | 16756 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 |
| 16686 | 16757 | $as_echo_n "checking for the distutils Python package... " >&6; } |
| 16687 | ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` | |
| 16688 | if test -z "$ac_distutils_result"; then | |
| 16758 | if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then | |
| 16689 | 16759 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 |
| 16690 | 16760 | $as_echo "yes" >&6; } |
| 16691 | 16761 | else |
| 16875 | 16945 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&5 |
| 16876 | 16946 | $as_echo "$as_me: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&2;} |
| 16877 | 16947 | SWIG='echo "Error: SWIG is not installed. You should look at http://www.swig.org" ; false' |
| 16878 | elif test -n "" ; then | |
| 16948 | elif test -n "2.0.1" ; then | |
| 16879 | 16949 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SWIG version" >&5 |
| 16880 | 16950 | $as_echo_n "checking for SWIG version... " >&6; } |
| 16881 | 16951 | swig_version=`$SWIG -version 2>&1 | grep 'SWIG Version' | sed 's/.*\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/g'` |
| 16883 | 16953 | $as_echo "$swig_version" >&6; } |
| 16884 | 16954 | if test -n "$swig_version" ; then |
| 16885 | 16955 | # Calculate the required version number components |
| 16886 | required= | |
| 16956 | required=2.0.1 | |
| 16887 | 16957 | required_major=`echo $required | sed 's/[^0-9].*//'` |
| 16888 | 16958 | if test -z "$required_major" ; then |
| 16889 | 16959 | required_major=0 |
| 16914 | 16984 | if test -z "$available_patch" ; then |
| 16915 | 16985 | available_patch=0 |
| 16916 | 16986 | fi |
| 16917 | if test $available_major -ne $required_major \ | |
| 16918 | -o $available_minor -ne $required_minor \ | |
| 16919 | -o $available_patch -lt $required_patch ; then | |
| 16920 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&5 | |
| 16921 | $as_echo "$as_me: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&2;} | |
| 16922 | SWIG='echo "Error: SWIG version >= is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' | |
| 16987 | badversion=0 | |
| 16988 | if test $available_major -lt $required_major ; then | |
| 16989 | badversion=1 | |
| 16990 | fi | |
| 16991 | if test $available_major -eq $required_major \ | |
| 16992 | -a $available_minor -lt $required_minor ; then | |
| 16993 | badversion=1 | |
| 16994 | fi | |
| 16995 | if test $available_major -eq $required_major \ | |
| 16996 | -a $available_minor -eq $required_minor \ | |
| 16997 | -a $available_patch -lt $required_patch ; then | |
| 16998 | badversion=1 | |
| 16999 | fi | |
| 17000 | if test $badversion -eq 1 ; then | |
| 17001 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= 2.0.1 is required. You have $swig_version. You should look at http://www.swig.org" >&5 | |
| 17002 | $as_echo "$as_me: WARNING: SWIG version >= 2.0.1 is required. You have $swig_version. You should look at http://www.swig.org" >&2;} | |
| 17003 | SWIG='echo "Error: SWIG version >= 2.0.1 is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' | |
| 16923 | 17004 | else |
| 16924 | 17005 | { $as_echo "$as_me:${as_lineno-$LINENO}: SWIG executable is '$SWIG'" >&5 |
| 16925 | 17006 | $as_echo "$as_me: SWIG executable is '$SWIG'" >&6;} |
| 17539 | 17620 | |
| 17540 | 17621 | done |
| 17541 | 17622 | |
| 17542 | for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 | |
| 17623 | for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify | |
| 17543 | 17624 | do : |
| 17544 | 17625 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` |
| 17545 | 17626 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" |
| 17664 | 17745 | |
| 17665 | 17746 | |
| 17666 | 17747 | |
| 17748 | # Check whether --enable-sha1 was given. | |
| 17749 | if test "${enable_sha1+set}" = set; then : | |
| 17750 | enableval=$enable_sha1; | |
| 17751 | fi | |
| 17752 | ||
| 17753 | case "$enable_sha1" in | |
| 17754 | no) | |
| 17755 | ;; | |
| 17756 | yes|*) | |
| 17757 | ||
| 17758 | $as_echo "#define USE_SHA1 1" >>confdefs.h | |
| 17759 | ||
| 17760 | ;; | |
| 17761 | esac | |
| 17762 | ||
| 17763 | ||
| 17667 | 17764 | # Check whether --enable-sha2 was given. |
| 17668 | 17765 | if test "${enable_sha2+set}" = set; then : |
| 17669 | 17766 | enableval=$enable_sha2; |
| 17676 | 17773 | |
| 17677 | 17774 | $as_echo "#define USE_SHA2 1" >>confdefs.h |
| 17678 | 17775 | |
| 17776 | ;; | |
| 17777 | esac | |
| 17778 | ||
| 17779 | # Check whether --enable-subnet was given. | |
| 17780 | if test "${enable_subnet+set}" = set; then : | |
| 17781 | enableval=$enable_subnet; | |
| 17782 | fi | |
| 17783 | ||
| 17784 | case "$enable_subnet" in | |
| 17785 | yes) | |
| 17786 | ||
| 17787 | $as_echo "#define CLIENT_SUBNET 1" >>confdefs.h | |
| 17788 | ||
| 17789 | SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo" | |
| 17790 | ||
| 17791 | SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h' | |
| 17792 | ||
| 17793 | ;; | |
| 17794 | no|*) | |
| 17679 | 17795 | ;; |
| 17680 | 17796 | esac |
| 17681 | 17797 | |
| 17952 | 18068 | ;; |
| 17953 | 18069 | esac |
| 17954 | 18070 | |
| 18071 | # Check whether --enable-ed25519 was given. | |
| 18072 | if test "${enable_ed25519+set}" = set; then : | |
| 18073 | enableval=$enable_ed25519; | |
| 18074 | fi | |
| 18075 | ||
| 18076 | use_ed25519="no" | |
| 18077 | case "$enable_ed25519" in | |
| 18078 | no) | |
| 18079 | ;; | |
| 18080 | *) | |
| 18081 | if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then | |
| 18082 | ac_fn_c_check_decl "$LINENO" "NID_ED25519" "ac_cv_have_decl_NID_ED25519" "$ac_includes_default | |
| 18083 | #include <openssl/evp.h> | |
| 18084 | ||
| 18085 | " | |
| 18086 | if test "x$ac_cv_have_decl_NID_ED25519" = xyes; then : | |
| 18087 | ac_have_decl=1 | |
| 18088 | else | |
| 18089 | ac_have_decl=0 | |
| 18090 | fi | |
| 18091 | ||
| 18092 | cat >>confdefs.h <<_ACEOF | |
| 18093 | #define HAVE_DECL_NID_ED25519 $ac_have_decl | |
| 18094 | _ACEOF | |
| 18095 | if test $ac_have_decl = 1; then : | |
| 18096 | ||
| 18097 | ||
| 18098 | cat >>confdefs.h <<_ACEOF | |
| 18099 | #define USE_ED25519 1 | |
| 18100 | _ACEOF | |
| 18101 | ||
| 18102 | use_ed25519="yes" | |
| 18103 | ||
| 18104 | else | |
| 18105 | if test "x$enable_ed25519" = "xyes"; then as_fn_error $? "OpenSSL does not support ED25519 and you used --enable-ed25519." "$LINENO" 5 | |
| 18106 | fi | |
| 18107 | fi | |
| 18108 | ||
| 18109 | fi | |
| 18110 | ;; | |
| 18111 | esac | |
| 17955 | 18112 | |
| 17956 | 18113 | # Check whether --enable-event-api was given. |
| 17957 | 18114 | if test "${enable_event_api+set}" = set; then : |
| 18466 | 18623 | fi |
| 18467 | 18624 | fi |
| 18468 | 18625 | |
| 18626 | # Include systemd.m4 - begin | |
| 18627 | # macros for configuring systemd | |
| 18628 | # Copyright 2015, Sami Kerola, CloudFlare. | |
| 18629 | # BSD licensed. | |
| 18630 | # Check whether --enable-systemd was given. | |
| 18631 | if test "${enable_systemd+set}" = set; then : | |
| 18632 | enableval=$enable_systemd; | |
| 18633 | else | |
| 18634 | enable_systemd=no | |
| 18635 | fi | |
| 18636 | ||
| 18637 | have_systemd=no | |
| 18638 | ||
| 18639 | ||
| 18640 | ||
| 18641 | ||
| 18642 | ||
| 18643 | ||
| 18644 | ||
| 18645 | if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then | |
| 18646 | if test -n "$ac_tool_prefix"; then | |
| 18647 | # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. | |
| 18648 | set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 | |
| 18649 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | |
| 18650 | $as_echo_n "checking for $ac_word... " >&6; } | |
| 18651 | if ${ac_cv_path_PKG_CONFIG+:} false; then : | |
| 18652 | $as_echo_n "(cached) " >&6 | |
| 18653 | else | |
| 18654 | case $PKG_CONFIG in | |
| 18655 | [\\/]* | ?:[\\/]*) | |
| 18656 | ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. | |
| 18657 | ;; | |
| 18658 | *) | |
| 18659 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | |
| 18660 | for as_dir in $PATH | |
| 18661 | do | |
| 18662 | IFS=$as_save_IFS | |
| 18663 | test -z "$as_dir" && as_dir=. | |
| 18664 | for ac_exec_ext in '' $ac_executable_extensions; do | |
| 18665 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | |
| 18666 | ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" | |
| 18667 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | |
| 18668 | break 2 | |
| 18669 | fi | |
| 18670 | done | |
| 18671 | done | |
| 18672 | IFS=$as_save_IFS | |
| 18673 | ||
| 18674 | ;; | |
| 18675 | esac | |
| 18676 | fi | |
| 18677 | PKG_CONFIG=$ac_cv_path_PKG_CONFIG | |
| 18678 | if test -n "$PKG_CONFIG"; then | |
| 18679 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 | |
| 18680 | $as_echo "$PKG_CONFIG" >&6; } | |
| 18681 | else | |
| 18682 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
| 18683 | $as_echo "no" >&6; } | |
| 18684 | fi | |
| 18685 | ||
| 18686 | ||
| 18687 | fi | |
| 18688 | if test -z "$ac_cv_path_PKG_CONFIG"; then | |
| 18689 | ac_pt_PKG_CONFIG=$PKG_CONFIG | |
| 18690 | # Extract the first word of "pkg-config", so it can be a program name with args. | |
| 18691 | set dummy pkg-config; ac_word=$2 | |
| 18692 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | |
| 18693 | $as_echo_n "checking for $ac_word... " >&6; } | |
| 18694 | if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : | |
| 18695 | $as_echo_n "(cached) " >&6 | |
| 18696 | else | |
| 18697 | case $ac_pt_PKG_CONFIG in | |
| 18698 | [\\/]* | ?:[\\/]*) | |
| 18699 | ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. | |
| 18700 | ;; | |
| 18701 | *) | |
| 18702 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | |
| 18703 | for as_dir in $PATH | |
| 18704 | do | |
| 18705 | IFS=$as_save_IFS | |
| 18706 | test -z "$as_dir" && as_dir=. | |
| 18707 | for ac_exec_ext in '' $ac_executable_extensions; do | |
| 18708 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | |
| 18709 | ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" | |
| 18710 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | |
| 18711 | break 2 | |
| 18712 | fi | |
| 18713 | done | |
| 18714 | done | |
| 18715 | IFS=$as_save_IFS | |
| 18716 | ||
| 18717 | ;; | |
| 18718 | esac | |
| 18719 | fi | |
| 18720 | ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG | |
| 18721 | if test -n "$ac_pt_PKG_CONFIG"; then | |
| 18722 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 | |
| 18723 | $as_echo "$ac_pt_PKG_CONFIG" >&6; } | |
| 18724 | else | |
| 18725 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
| 18726 | $as_echo "no" >&6; } | |
| 18727 | fi | |
| 18728 | ||
| 18729 | if test "x$ac_pt_PKG_CONFIG" = x; then | |
| 18730 | PKG_CONFIG="" | |
| 18731 | else | |
| 18732 | case $cross_compiling:$ac_tool_warned in | |
| 18733 | yes:) | |
| 18734 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | |
| 18735 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | |
| 18736 | ac_tool_warned=yes ;; | |
| 18737 | esac | |
| 18738 | PKG_CONFIG=$ac_pt_PKG_CONFIG | |
| 18739 | fi | |
| 18740 | else | |
| 18741 | PKG_CONFIG="$ac_cv_path_PKG_CONFIG" | |
| 18742 | fi | |
| 18743 | ||
| 18744 | fi | |
| 18745 | if test -n "$PKG_CONFIG"; then | |
| 18746 | _pkg_min_version=0.9.0 | |
| 18747 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 | |
| 18748 | $as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } | |
| 18749 | if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then | |
| 18750 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
| 18751 | $as_echo "yes" >&6; } | |
| 18752 | else | |
| 18753 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
| 18754 | $as_echo "no" >&6; } | |
| 18755 | PKG_CONFIG="" | |
| 18756 | fi | |
| 18757 | fi | |
| 18758 | if test "x$enable_systemd" != xno; then : | |
| 18759 | ||
| 18760 | ||
| 18761 | ||
| 18762 | pkg_failed=no | |
| 18763 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 | |
| 18764 | $as_echo_n "checking for SYSTEMD... " >&6; } | |
| 18765 | ||
| 18766 | if test -n "$SYSTEMD_CFLAGS"; then | |
| 18767 | pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" | |
| 18768 | elif test -n "$PKG_CONFIG"; then | |
| 18769 | if test -n "$PKG_CONFIG" && \ | |
| 18770 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 | |
| 18771 | ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 | |
| 18772 | ac_status=$? | |
| 18773 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
| 18774 | test $ac_status = 0; }; then | |
| 18775 | pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null` | |
| 18776 | test "x$?" != "x0" && pkg_failed=yes | |
| 18777 | else | |
| 18778 | pkg_failed=yes | |
| 18779 | fi | |
| 18780 | else | |
| 18781 | pkg_failed=untried | |
| 18782 | fi | |
| 18783 | if test -n "$SYSTEMD_LIBS"; then | |
| 18784 | pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" | |
| 18785 | elif test -n "$PKG_CONFIG"; then | |
| 18786 | if test -n "$PKG_CONFIG" && \ | |
| 18787 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 | |
| 18788 | ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 | |
| 18789 | ac_status=$? | |
| 18790 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
| 18791 | test $ac_status = 0; }; then | |
| 18792 | pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null` | |
| 18793 | test "x$?" != "x0" && pkg_failed=yes | |
| 18794 | else | |
| 18795 | pkg_failed=yes | |
| 18796 | fi | |
| 18797 | else | |
| 18798 | pkg_failed=untried | |
| 18799 | fi | |
| 18800 | ||
| 18801 | ||
| 18802 | ||
| 18803 | if test $pkg_failed = yes; then | |
| 18804 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
| 18805 | $as_echo "no" >&6; } | |
| 18806 | ||
| 18807 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | |
| 18808 | _pkg_short_errors_supported=yes | |
| 18809 | else | |
| 18810 | _pkg_short_errors_supported=no | |
| 18811 | fi | |
| 18812 | if test $_pkg_short_errors_supported = yes; then | |
| 18813 | SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1` | |
| 18814 | else | |
| 18815 | SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1` | |
| 18816 | fi | |
| 18817 | # Put the nasty error message in config.log where it belongs | |
| 18818 | echo "$SYSTEMD_PKG_ERRORS" >&5 | |
| 18819 | ||
| 18820 | have_systemd=no | |
| 18821 | elif test $pkg_failed = untried; then | |
| 18822 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
| 18823 | $as_echo "no" >&6; } | |
| 18824 | have_systemd=no | |
| 18825 | else | |
| 18826 | SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS | |
| 18827 | SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS | |
| 18828 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
| 18829 | $as_echo "yes" >&6; } | |
| 18830 | have_systemd=yes | |
| 18831 | fi | |
| 18832 | if test "x$have_systemd" != "xyes"; then : | |
| 18833 | ||
| 18834 | ||
| 18835 | pkg_failed=no | |
| 18836 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_DAEMON" >&5 | |
| 18837 | $as_echo_n "checking for SYSTEMD_DAEMON... " >&6; } | |
| 18838 | ||
| 18839 | if test -n "$SYSTEMD_DAEMON_CFLAGS"; then | |
| 18840 | pkg_cv_SYSTEMD_DAEMON_CFLAGS="$SYSTEMD_DAEMON_CFLAGS" | |
| 18841 | elif test -n "$PKG_CONFIG"; then | |
| 18842 | if test -n "$PKG_CONFIG" && \ | |
| 18843 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 | |
| 18844 | ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 | |
| 18845 | ac_status=$? | |
| 18846 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
| 18847 | test $ac_status = 0; }; then | |
| 18848 | pkg_cv_SYSTEMD_DAEMON_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-daemon" 2>/dev/null` | |
| 18849 | test "x$?" != "x0" && pkg_failed=yes | |
| 18850 | else | |
| 18851 | pkg_failed=yes | |
| 18852 | fi | |
| 18853 | else | |
| 18854 | pkg_failed=untried | |
| 18855 | fi | |
| 18856 | if test -n "$SYSTEMD_DAEMON_LIBS"; then | |
| 18857 | pkg_cv_SYSTEMD_DAEMON_LIBS="$SYSTEMD_DAEMON_LIBS" | |
| 18858 | elif test -n "$PKG_CONFIG"; then | |
| 18859 | if test -n "$PKG_CONFIG" && \ | |
| 18860 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 | |
| 18861 | ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 | |
| 18862 | ac_status=$? | |
| 18863 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
| 18864 | test $ac_status = 0; }; then | |
| 18865 | pkg_cv_SYSTEMD_DAEMON_LIBS=`$PKG_CONFIG --libs "libsystemd-daemon" 2>/dev/null` | |
| 18866 | test "x$?" != "x0" && pkg_failed=yes | |
| 18867 | else | |
| 18868 | pkg_failed=yes | |
| 18869 | fi | |
| 18870 | else | |
| 18871 | pkg_failed=untried | |
| 18872 | fi | |
| 18873 | ||
| 18874 | ||
| 18875 | ||
| 18876 | if test $pkg_failed = yes; then | |
| 18877 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
| 18878 | $as_echo "no" >&6; } | |
| 18879 | ||
| 18880 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | |
| 18881 | _pkg_short_errors_supported=yes | |
| 18882 | else | |
| 18883 | _pkg_short_errors_supported=no | |
| 18884 | fi | |
| 18885 | if test $_pkg_short_errors_supported = yes; then | |
| 18886 | SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1` | |
| 18887 | else | |
| 18888 | SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1` | |
| 18889 | fi | |
| 18890 | # Put the nasty error message in config.log where it belongs | |
| 18891 | echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5 | |
| 18892 | ||
| 18893 | have_systemd_daemon=no | |
| 18894 | elif test $pkg_failed = untried; then | |
| 18895 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
| 18896 | $as_echo "no" >&6; } | |
| 18897 | have_systemd_daemon=no | |
| 18898 | else | |
| 18899 | SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS | |
| 18900 | SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS | |
| 18901 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
| 18902 | $as_echo "yes" >&6; } | |
| 18903 | have_systemd_daemon=yes | |
| 18904 | fi | |
| 18905 | if test "x$have_systemd_daemon" = "xyes"; then : | |
| 18906 | have_systemd=yes | |
| 18907 | fi | |
| 18908 | ||
| 18909 | fi | |
| 18910 | case $enable_systemd:$have_systemd in #( | |
| 18911 | yes:no) : | |
| 18912 | as_fn_error $? "systemd enabled but libsystemd not found" "$LINENO" 5 ;; #( | |
| 18913 | *:yes) : | |
| 18914 | ||
| 18915 | $as_echo "#define HAVE_SYSTEMD 1" >>confdefs.h | |
| 18916 | ||
| 18917 | LIBS="$LIBS $SYSTEMD_LIBS" | |
| 18918 | ||
| 18919 | ;; #( | |
| 18920 | *) : | |
| 18921 | ;; | |
| 18922 | esac | |
| 18923 | ||
| 18924 | ||
| 18925 | fi | |
| 18926 | if test "x$have_systemd" = xyes; then | |
| 18927 | USE_SYSTEMD_TRUE= | |
| 18928 | USE_SYSTEMD_FALSE='#' | |
| 18929 | else | |
| 18930 | USE_SYSTEMD_TRUE='#' | |
| 18931 | USE_SYSTEMD_FALSE= | |
| 18932 | fi | |
| 18933 | ||
| 18934 | ||
| 18935 | # Include systemd.m4 - end | |
| 18936 | ||
| 18469 | 18937 | # set lock checking if requested |
| 18470 | 18938 | # Check whether --enable-lock_checks was given. |
| 18471 | 18939 | if test "${enable_lock_checks+set}" = set; then : |
| 18907 | 19375 | |
| 18908 | 19376 | fi |
| 18909 | 19377 | |
| 18910 | for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync | |
| 19378 | for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget | |
| 18911 | 19379 | do : |
| 18912 | 19380 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` |
| 18913 | 19381 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" |
| 18972 | 19440 | $as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h |
| 18973 | 19441 | |
| 18974 | 19442 | fi |
| 19443 | ac_fn_c_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" " | |
| 19444 | $ac_includes_default | |
| 19445 | #ifdef HAVE_NETINET_IN_H | |
| 19446 | #include <netinet/in.h> | |
| 19447 | #endif | |
| 19448 | ||
| 19449 | #ifdef HAVE_NETINET_TCP_H | |
| 19450 | #include <netinet/tcp.h> | |
| 19451 | #endif | |
| 19452 | ||
| 19453 | #ifdef HAVE_ARPA_INET_H | |
| 19454 | #include <arpa/inet.h> | |
| 19455 | #endif | |
| 19456 | ||
| 19457 | #ifdef HAVE_WINSOCK2_H | |
| 19458 | #include <winsock2.h> | |
| 19459 | #endif | |
| 19460 | ||
| 19461 | #ifdef HAVE_WS2TCPIP_H | |
| 19462 | #include <ws2tcpip.h> | |
| 19463 | #endif | |
| 19464 | ||
| 19465 | " | |
| 19466 | if test "x$ac_cv_have_decl_inet_pton" = xyes; then : | |
| 19467 | ac_have_decl=1 | |
| 19468 | else | |
| 19469 | ac_have_decl=0 | |
| 19470 | fi | |
| 19471 | ||
| 19472 | cat >>confdefs.h <<_ACEOF | |
| 19473 | #define HAVE_DECL_INET_PTON $ac_have_decl | |
| 19474 | _ACEOF | |
| 19475 | ac_fn_c_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" " | |
| 19476 | $ac_includes_default | |
| 19477 | #ifdef HAVE_NETINET_IN_H | |
| 19478 | #include <netinet/in.h> | |
| 19479 | #endif | |
| 19480 | ||
| 19481 | #ifdef HAVE_NETINET_TCP_H | |
| 19482 | #include <netinet/tcp.h> | |
| 19483 | #endif | |
| 19484 | ||
| 19485 | #ifdef HAVE_ARPA_INET_H | |
| 19486 | #include <arpa/inet.h> | |
| 19487 | #endif | |
| 19488 | ||
| 19489 | #ifdef HAVE_WINSOCK2_H | |
| 19490 | #include <winsock2.h> | |
| 19491 | #endif | |
| 19492 | ||
| 19493 | #ifdef HAVE_WS2TCPIP_H | |
| 19494 | #include <ws2tcpip.h> | |
| 19495 | #endif | |
| 19496 | ||
| 19497 | " | |
| 19498 | if test "x$ac_cv_have_decl_inet_ntop" = xyes; then : | |
| 19499 | ac_have_decl=1 | |
| 19500 | else | |
| 19501 | ac_have_decl=0 | |
| 19502 | fi | |
| 19503 | ||
| 19504 | cat >>confdefs.h <<_ACEOF | |
| 19505 | #define HAVE_DECL_INET_NTOP $ac_have_decl | |
| 19506 | _ACEOF | |
| 19507 | ||
| 18975 | 19508 | ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton" |
| 18976 | 19509 | if test "x$ac_cv_func_inet_aton" = xyes; then : |
| 18977 | 19510 | $as_echo "#define HAVE_INET_ATON 1" >>confdefs.h |
| 19216 | 19749 | esac |
| 19217 | 19750 | |
| 19218 | 19751 | else |
| 19219 | case `uname` in | |
| 19220 | Darwin) | |
| 19752 | case "$host" in | |
| 19753 | Darwin|*darwin*) | |
| 19221 | 19754 | case " $LIBOBJS " in |
| 19222 | 19755 | *" getentropy_osx.$ac_objext "* ) ;; |
| 19223 | 19756 | *) LIBOBJS="$LIBOBJS getentropy_osx.$ac_objext" |
| 19225 | 19758 | esac |
| 19226 | 19759 | |
| 19227 | 19760 | ;; |
| 19228 | SunOS) | |
| 19761 | *solaris*|*sunos*|SunOS) | |
| 19229 | 19762 | case " $LIBOBJS " in |
| 19230 | 19763 | *" getentropy_solaris.$ac_objext "* ) ;; |
| 19231 | 19764 | *) LIBOBJS="$LIBOBJS getentropy_solaris.$ac_objext" |
| 19329 | 19862 | fi |
| 19330 | 19863 | |
| 19331 | 19864 | ;; |
| 19332 | Linux|*) | |
| 19865 | *linux*|Linux|*) | |
| 19333 | 19866 | case " $LIBOBJS " in |
| 19334 | 19867 | *" getentropy_linux.$ac_objext "* ) ;; |
| 19335 | 19868 | *) LIBOBJS="$LIBOBJS getentropy_linux.$ac_objext" |
| 19761 | 20294 | fi |
| 19762 | 20295 | |
| 19763 | 20296 | |
| 20297 | # check for dnscrypt if requested | |
| 20298 | ||
| 20299 | # Check whether --enable-dnscrypt was given. | |
| 20300 | if test "${enable_dnscrypt+set}" = set; then : | |
| 20301 | enableval=$enable_dnscrypt; opt_dnscrypt=$enableval | |
| 20302 | else | |
| 20303 | opt_dnscrypt=no | |
| 20304 | fi | |
| 20305 | ||
| 20306 | ||
| 20307 | if test "x$opt_dnscrypt" != "xno"; then | |
| 20308 | ||
| 20309 | # Check whether --with-libsodium was given. | |
| 20310 | if test "${with_libsodium+set}" = set; then : | |
| 20311 | withval=$with_libsodium; | |
| 20312 | CFLAGS="$CFLAGS -I$withval/include" | |
| 20313 | LDFLAGS="$LDFLAGS -L$withval/lib" | |
| 20314 | ||
| 20315 | fi | |
| 20316 | ||
| 20317 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_init" >&5 | |
| 20318 | $as_echo_n "checking for library containing sodium_init... " >&6; } | |
| 20319 | if ${ac_cv_search_sodium_init+:} false; then : | |
| 20320 | $as_echo_n "(cached) " >&6 | |
| 20321 | else | |
| 20322 | ac_func_search_save_LIBS=$LIBS | |
| 20323 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | |
| 20324 | /* end confdefs.h. */ | |
| 20325 | ||
| 20326 | /* Override any GCC internal prototype to avoid an error. | |
| 20327 | Use char because int might match the return type of a GCC | |
| 20328 | builtin and then its argument prototype would still apply. */ | |
| 20329 | #ifdef __cplusplus | |
| 20330 | extern "C" | |
| 20331 | #endif | |
| 20332 | char sodium_init (); | |
| 20333 | int | |
| 20334 | main () | |
| 20335 | { | |
| 20336 | return sodium_init (); | |
| 20337 | ; | |
| 20338 | return 0; | |
| 20339 | } | |
| 20340 | _ACEOF | |
| 20341 | for ac_lib in '' sodium; do | |
| 20342 | if test -z "$ac_lib"; then | |
| 20343 | ac_res="none required" | |
| 20344 | else | |
| 20345 | ac_res=-l$ac_lib | |
| 20346 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | |
| 20347 | fi | |
| 20348 | if ac_fn_c_try_link "$LINENO"; then : | |
| 20349 | ac_cv_search_sodium_init=$ac_res | |
| 20350 | fi | |
| 20351 | rm -f core conftest.err conftest.$ac_objext \ | |
| 20352 | conftest$ac_exeext | |
| 20353 | if ${ac_cv_search_sodium_init+:} false; then : | |
| 20354 | break | |
| 20355 | fi | |
| 20356 | done | |
| 20357 | if ${ac_cv_search_sodium_init+:} false; then : | |
| 20358 | ||
| 20359 | else | |
| 20360 | ac_cv_search_sodium_init=no | |
| 20361 | fi | |
| 20362 | rm conftest.$ac_ext | |
| 20363 | LIBS=$ac_func_search_save_LIBS | |
| 20364 | fi | |
| 20365 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_init" >&5 | |
| 20366 | $as_echo "$ac_cv_search_sodium_init" >&6; } | |
| 20367 | ac_res=$ac_cv_search_sodium_init | |
| 20368 | if test "$ac_res" != no; then : | |
| 20369 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | |
| 20370 | ||
| 20371 | else | |
| 20372 | as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5 | |
| 20373 | fi | |
| 20374 | ||
| 20375 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypto_box_curve25519xchacha20poly1305_beforenm" >&5 | |
| 20376 | $as_echo_n "checking for library containing crypto_box_curve25519xchacha20poly1305_beforenm... " >&6; } | |
| 20377 | if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then : | |
| 20378 | $as_echo_n "(cached) " >&6 | |
| 20379 | else | |
| 20380 | ac_func_search_save_LIBS=$LIBS | |
| 20381 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | |
| 20382 | /* end confdefs.h. */ | |
| 20383 | ||
| 20384 | /* Override any GCC internal prototype to avoid an error. | |
| 20385 | Use char because int might match the return type of a GCC | |
| 20386 | builtin and then its argument prototype would still apply. */ | |
| 20387 | #ifdef __cplusplus | |
| 20388 | extern "C" | |
| 20389 | #endif | |
| 20390 | char crypto_box_curve25519xchacha20poly1305_beforenm (); | |
| 20391 | int | |
| 20392 | main () | |
| 20393 | { | |
| 20394 | return crypto_box_curve25519xchacha20poly1305_beforenm (); | |
| 20395 | ; | |
| 20396 | return 0; | |
| 20397 | } | |
| 20398 | _ACEOF | |
| 20399 | for ac_lib in '' sodium; do | |
| 20400 | if test -z "$ac_lib"; then | |
| 20401 | ac_res="none required" | |
| 20402 | else | |
| 20403 | ac_res=-l$ac_lib | |
| 20404 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | |
| 20405 | fi | |
| 20406 | if ac_fn_c_try_link "$LINENO"; then : | |
| 20407 | ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=$ac_res | |
| 20408 | fi | |
| 20409 | rm -f core conftest.err conftest.$ac_objext \ | |
| 20410 | conftest$ac_exeext | |
| 20411 | if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then : | |
| 20412 | break | |
| 20413 | fi | |
| 20414 | done | |
| 20415 | if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then : | |
| 20416 | ||
| 20417 | else | |
| 20418 | ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=no | |
| 20419 | fi | |
| 20420 | rm conftest.$ac_ext | |
| 20421 | LIBS=$ac_func_search_save_LIBS | |
| 20422 | fi | |
| 20423 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&5 | |
| 20424 | $as_echo "$ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&6; } | |
| 20425 | ac_res=$ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm | |
| 20426 | if test "$ac_res" != no; then : | |
| 20427 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | |
| 20428 | ||
| 20429 | ENABLE_DNSCRYPT_XCHACHA20=1 | |
| 20430 | ||
| 20431 | ||
| 20432 | $as_echo "#define USE_DNSCRYPT_XCHACHA20 1" >>confdefs.h | |
| 20433 | ||
| 20434 | ||
| 20435 | else | |
| 20436 | ||
| 20437 | ENABLE_DNSCRYPT_XCHACHA20=0 | |
| 20438 | ||
| 20439 | ||
| 20440 | fi | |
| 20441 | ||
| 20442 | ||
| 20443 | ||
| 20444 | $as_echo "#define USE_DNSCRYPT 1" >>confdefs.h | |
| 20445 | ||
| 20446 | ENABLE_DNSCRYPT=1 | |
| 20447 | ||
| 20448 | ||
| 20449 | DNSCRYPT_SRC="dnscrypt/dnscrypt.c" | |
| 20450 | ||
| 20451 | DNSCRYPT_OBJ="dnscrypt.lo" | |
| 20452 | ||
| 20453 | ||
| 20454 | else | |
| 20455 | ENABLE_DNSCRYPT_XCHACHA20=0 | |
| 20456 | ||
| 20457 | ||
| 20458 | ENABLE_DNSCRYPT=0 | |
| 20459 | ||
| 20460 | ||
| 20461 | ||
| 20462 | fi | |
| 20463 | ||
| 20464 | ||
| 19764 | 20465 | # check for cachedb if requested |
| 19765 | 20466 | # Check whether --enable-cachedb was given. |
| 19766 | 20467 | if test "${enable_cachedb+set}" = set; then : |
| 19776 | 20477 | no|*) |
| 19777 | 20478 | # nothing |
| 19778 | 20479 | ;; |
| 20480 | esac | |
| 20481 | ||
| 20482 | # check for ipsecmod if requested | |
| 20483 | # Check whether --enable-ipsecmod was given. | |
| 20484 | if test "${enable_ipsecmod+set}" = set; then : | |
| 20485 | enableval=$enable_ipsecmod; | |
| 20486 | fi | |
| 20487 | ||
| 20488 | case "$enable_ipsecmod" in | |
| 20489 | yes) | |
| 20490 | ||
| 20491 | $as_echo "#define USE_IPSECMOD 1" >>confdefs.h | |
| 20492 | ||
| 20493 | IPSECMOD_OBJ="ipsecmod.lo ipsecmod-whitelist.lo" | |
| 20494 | ||
| 20495 | IPSECMOD_HEADER='$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h' | |
| 20496 | ||
| 20497 | ;; | |
| 20498 | no|*) | |
| 20499 | # nothing | |
| 20500 | ;; | |
| 19779 | 20501 | esac |
| 19780 | 20502 | |
| 19781 | 20503 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5 |
| 19919 | 20641 | |
| 19920 | 20642 | |
| 19921 | 20643 | |
| 19922 | version=1.6.0 | |
| 20644 | version=1.6.4 | |
| 19923 | 20645 | |
| 19924 | 20646 | date=`date +'%b %e, %Y'` |
| 19925 | 20647 | |
| 19926 | 20648 | |
| 19927 | ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc" | |
| 20649 | ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service" | |
| 19928 | 20650 | |
| 19929 | 20651 | ac_config_headers="$ac_config_headers config.h" |
| 19930 | 20652 | |
| 20037 | 20759 | LTLIBOBJS=$ac_ltlibobjs |
| 20038 | 20760 | |
| 20039 | 20761 | |
| 20762 | if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then | |
| 20763 | as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined. | |
| 20764 | Usually this means the macro was only invoked conditionally." "$LINENO" 5 | |
| 20765 | fi | |
| 20040 | 20766 | |
| 20041 | 20767 | : "${CONFIG_STATUS=./config.status}" |
| 20042 | 20768 | ac_write_fail=0 |
| 20434 | 21160 | # report actual input values of CONFIG_FILES etc. instead of their |
| 20435 | 21161 | # values after options handling. |
| 20436 | 21162 | ac_log=" |
| 20437 | This file was extended by unbound $as_me 1.6.0, which was | |
| 21163 | This file was extended by unbound $as_me 1.6.4, which was | |
| 20438 | 21164 | generated by GNU Autoconf 2.69. Invocation command line was |
| 20439 | 21165 | |
| 20440 | 21166 | CONFIG_FILES = $CONFIG_FILES |
| 20500 | 21226 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
| 20501 | 21227 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
| 20502 | 21228 | ac_cs_version="\\ |
| 20503 | unbound config.status 1.6.0 | |
| 21229 | unbound config.status 1.6.4 | |
| 20504 | 21230 | configured by $0, generated by GNU Autoconf 2.69, |
| 20505 | 21231 | with options \\"\$ac_cs_config\\" |
| 20506 | 21232 | |
| 20922 | 21648 | "doc/unbound-host.1") CONFIG_FILES="$CONFIG_FILES doc/unbound-host.1" ;; |
| 20923 | 21649 | "smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;; |
| 20924 | 21650 | "dnstap/dnstap_config.h") CONFIG_FILES="$CONFIG_FILES dnstap/dnstap_config.h" ;; |
| 21651 | "dnscrypt/dnscrypt_config.h") CONFIG_FILES="$CONFIG_FILES dnscrypt/dnscrypt_config.h" ;; | |
| 20925 | 21652 | "contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;; |
| 21653 | "contrib/unbound.socket") CONFIG_FILES="$CONFIG_FILES contrib/unbound.socket" ;; | |
| 21654 | "contrib/unbound.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound.service" ;; | |
| 20926 | 21655 | "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; |
| 20927 | 21656 | |
| 20928 | 21657 | *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; |
| 5 | 5 | sinclude(acx_python.m4) |
| 6 | 6 | sinclude(ac_pkg_swig.m4) |
| 7 | 7 | sinclude(dnstap/dnstap.m4) |
| 8 | sinclude(dnscrypt/dnscrypt.m4) | |
| 8 | 9 | |
| 9 | 10 | # must be numbers. ac_defun because of later processing |
| 10 | 11 | m4_define([VERSION_MAJOR],[1]) |
| 11 | 12 | m4_define([VERSION_MINOR],[6]) |
| 12 | m4_define([VERSION_MICRO],[0]) | |
| 13 | m4_define([VERSION_MICRO],[4]) | |
| 13 | 14 | AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) |
| 14 | 15 | AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) |
| 15 | 16 | AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) |
| 16 | 17 | AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) |
| 17 | 18 | |
| 18 | LIBUNBOUND_CURRENT=6 | |
| 19 | LIBUNBOUND_CURRENT=7 | |
| 19 | 20 | LIBUNBOUND_REVISION=3 |
| 20 | LIBUNBOUND_AGE=4 | |
| 21 | LIBUNBOUND_AGE=5 | |
| 21 | 22 | # 1.0.0 had 0:12:0 |
| 22 | 23 | # 1.0.1 had 0:13:0 |
| 23 | 24 | # 1.0.2 had 0:14:0 |
| 67 | 68 | # 1.5.9 had 6:1:4 |
| 68 | 69 | # 1.5.10 had 6:2:4 |
| 69 | 70 | # 1.6.0 had 6:3:4 |
| 71 | # 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type | |
| 72 | # 1.6.2 had 7:1:5 | |
| 73 | # 1.6.3 had 7:2:5 | |
| 74 | # 1.6.4 had 7:3:5 | |
| 70 | 75 | |
| 71 | 76 | # Current -- the number of the binary API that we're implementing |
| 72 | 77 | # Revision -- which iteration of the implementation of the binary |
| 104 | 109 | prefix="/usr/local" |
| 105 | 110 | ;; |
| 106 | 111 | esac |
| 112 | case "$exec_prefix" in | |
| 113 | NONE) | |
| 114 | exec_prefix="$prefix" | |
| 115 | ;; | |
| 116 | esac | |
| 107 | 117 | |
| 108 | 118 | # are we on MinGW? |
| 109 | 119 | if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" |
| 115 | 125 | # |
| 116 | 126 | # Determine configuration file |
| 117 | 127 | # the eval is to evaluate shell expansion twice |
| 128 | UNBOUND_SBIN_DIR=`eval echo "${sbindir}"` | |
| 129 | AC_SUBST(UNBOUND_SBIN_DIR) | |
| 130 | UNBOUND_SYSCONF_DIR=`eval echo "${sysconfdir}"` | |
| 131 | AC_SUBST(UNBOUND_SYSCONF_DIR) | |
| 132 | UNBOUND_LOCALSTATE_DIR=`eval echo "${localstatedir}"` | |
| 133 | AC_SUBST(UNBOUND_LOCALSTATE_DIR) | |
| 118 | 134 | if test $on_mingw = "no"; then |
| 119 | 135 | ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` |
| 120 | 136 | else |
| 121 | ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" | |
| 137 | ub_conf_file="C:\\Program Files\\Unbound\\service.conf" | |
| 122 | 138 | fi |
| 123 | 139 | AC_ARG_WITH([conf_file], |
| 124 | 140 | AC_HELP_STRING([--with-conf-file=path], |
| 188 | 204 | if test $on_mingw = no; then |
| 189 | 205 | UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" |
| 190 | 206 | else |
| 191 | UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" | |
| 207 | UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" | |
| 192 | 208 | fi |
| 193 | 209 | ) |
| 194 | 210 | AC_SUBST(UNBOUND_ROOTKEY_FILE) |
| 202 | 218 | if test $on_mingw = no; then |
| 203 | 219 | UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" |
| 204 | 220 | else |
| 205 | UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" | |
| 221 | UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" | |
| 206 | 222 | fi |
| 207 | 223 | ) |
| 208 | 224 | AC_SUBST(UNBOUND_ROOTCERT_FILE) |
| 302 | 318 | ACX_LIBTOOL_C_ONLY |
| 303 | 319 | |
| 304 | 320 | # Checks for header files. |
| 305 | AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h],,, [AC_INCLUDES_DEFAULT]) | |
| 321 | AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT]) | |
| 306 | 322 | |
| 307 | 323 | # check for types. |
| 308 | 324 | # Using own tests for int64* because autoconf builtin only give 32bit. |
| 548 | 564 | |
| 549 | 565 | # Check for SWIG |
| 550 | 566 | ub_have_swig=no |
| 551 | AC_PROG_SWIG | |
| 567 | AC_PROG_SWIG(2.0.1) | |
| 552 | 568 | AC_MSG_CHECKING(SWIG) |
| 553 | 569 | if test ! -x "$SWIG"; then |
| 554 | 570 | AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) |
| 675 | 691 | AC_MSG_RESULT([no]) |
| 676 | 692 | fi |
| 677 | 693 | AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) |
| 678 | AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1]) | |
| 694 | AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify]) | |
| 679 | 695 | |
| 680 | 696 | # these check_funcs need -lssl |
| 681 | 697 | BAKLIBS="$LIBS" |
| 705 | 721 | ]) |
| 706 | 722 | fi |
| 707 | 723 | AC_SUBST(SSLLIB) |
| 724 | ||
| 725 | ||
| 726 | AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support])) | |
| 727 | case "$enable_sha1" in | |
| 728 | no) | |
| 729 | ;; | |
| 730 | yes|*) | |
| 731 | AC_DEFINE([USE_SHA1], [1], [Define this to enable SHA1 support.]) | |
| 732 | ;; | |
| 733 | esac | |
| 708 | 734 | |
| 709 | 735 | |
| 710 | 736 | AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support])) |
| 713 | 739 | ;; |
| 714 | 740 | yes|*) |
| 715 | 741 | AC_DEFINE([USE_SHA2], [1], [Define this to enable SHA256 and SHA512 support.]) |
| 742 | ;; | |
| 743 | esac | |
| 744 | ||
| 745 | AC_ARG_ENABLE(subnet, AC_HELP_STRING([--enable-subnet], [Enable client subnet])) | |
| 746 | case "$enable_subnet" in | |
| 747 | yes) | |
| 748 | AC_DEFINE([CLIENT_SUBNET], [1], [Define this to enable client subnet option.]) | |
| 749 | SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo" | |
| 750 | AC_SUBST(SUBNET_OBJ) | |
| 751 | SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h' | |
| 752 | AC_SUBST(SUBNET_HEADER) | |
| 753 | ;; | |
| 754 | no|*) | |
| 716 | 755 | ;; |
| 717 | 756 | esac |
| 718 | 757 | |
| 878 | 917 | ;; |
| 879 | 918 | esac |
| 880 | 919 | |
| 920 | AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support])) | |
| 921 | use_ed25519="no" | |
| 922 | case "$enable_ed25519" in | |
| 923 | no) | |
| 924 | ;; | |
| 925 | *) | |
| 926 | if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then | |
| 927 | AC_CHECK_DECLS([NID_ED25519], [ | |
| 928 | AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.]) | |
| 929 | use_ed25519="yes" | |
| 930 | ], [ if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.]) | |
| 931 | fi ], [AC_INCLUDES_DEFAULT | |
| 932 | #include <openssl/evp.h> | |
| 933 | ]) | |
| 934 | fi | |
| 935 | ;; | |
| 936 | esac | |
| 881 | 937 | |
| 882 | 938 | AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h])) |
| 883 | 939 | case "$enable_event_api" in |
| 1052 | 1108 | fi |
| 1053 | 1109 | fi |
| 1054 | 1110 | |
| 1111 | # Include systemd.m4 - begin | |
| 1112 | sinclude(systemd.m4) | |
| 1113 | # Include systemd.m4 - end | |
| 1114 | ||
| 1055 | 1115 | # set lock checking if requested |
| 1056 | 1116 | AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks], |
| 1057 | 1117 | [ enable to check lock and unlock calls, for debug purposes ]), |
| 1142 | 1202 | #endif |
| 1143 | 1203 | ]) |
| 1144 | 1204 | AC_SEARCH_LIBS([setusercontext], [util]) |
| 1145 | AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync]) | |
| 1205 | AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget]) | |
| 1146 | 1206 | AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) |
| 1147 | 1207 | AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) |
| 1148 | 1208 | |
| 1150 | 1210 | if echo $build_os | grep darwin8 > /dev/null; then |
| 1151 | 1211 | AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work]) |
| 1152 | 1212 | fi |
| 1213 | AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [ | |
| 1214 | AC_INCLUDES_DEFAULT | |
| 1215 | #ifdef HAVE_NETINET_IN_H | |
| 1216 | #include <netinet/in.h> | |
| 1217 | #endif | |
| 1218 | ||
| 1219 | #ifdef HAVE_NETINET_TCP_H | |
| 1220 | #include <netinet/tcp.h> | |
| 1221 | #endif | |
| 1222 | ||
| 1223 | #ifdef HAVE_ARPA_INET_H | |
| 1224 | #include <arpa/inet.h> | |
| 1225 | #endif | |
| 1226 | ||
| 1227 | #ifdef HAVE_WINSOCK2_H | |
| 1228 | #include <winsock2.h> | |
| 1229 | #endif | |
| 1230 | ||
| 1231 | #ifdef HAVE_WS2TCPIP_H | |
| 1232 | #include <ws2tcpip.h> | |
| 1233 | #endif | |
| 1234 | ]) | |
| 1153 | 1235 | AC_REPLACE_FUNCS(inet_aton) |
| 1154 | 1236 | AC_REPLACE_FUNCS(inet_pton) |
| 1155 | 1237 | AC_REPLACE_FUNCS(inet_ntop) |
| 1187 | 1269 | if test "$USE_WINSOCK" = 1; then |
| 1188 | 1270 | AC_LIBOBJ(getentropy_win) |
| 1189 | 1271 | else |
| 1190 | case `uname` in | |
| 1191 | Darwin) | |
| 1272 | case "$host" in | |
| 1273 | Darwin|*darwin*) | |
| 1192 | 1274 | AC_LIBOBJ(getentropy_osx) |
| 1193 | 1275 | ;; |
| 1194 | SunOS) | |
| 1276 | *solaris*|*sunos*|SunOS) | |
| 1195 | 1277 | AC_LIBOBJ(getentropy_solaris) |
| 1196 | 1278 | AC_CHECK_HEADERS([sys/sha2.h],, [ |
| 1197 | 1279 | AC_CHECK_FUNCS([SHA512_Update],,[ |
| 1204 | 1286 | fi |
| 1205 | 1287 | AC_SEARCH_LIBS([clock_gettime], [rt]) |
| 1206 | 1288 | ;; |
| 1207 | Linux|*) | |
| 1289 | *linux*|Linux|*) | |
| 1208 | 1290 | AC_LIBOBJ(getentropy_linux) |
| 1209 | 1291 | AC_CHECK_FUNCS([SHA512_Update],,[ |
| 1210 | 1292 | AC_DEFINE([COMPAT_SHA512], [1], [Do sha512 definitions in config.h]) |
| 1275 | 1357 | ] |
| 1276 | 1358 | ) |
| 1277 | 1359 | |
| 1360 | # check for dnscrypt if requested | |
| 1361 | dnsc_DNSCRYPT([ | |
| 1362 | AC_DEFINE([USE_DNSCRYPT], [1], [Define to 1 to enable dnscrypt support]) | |
| 1363 | AC_SUBST([ENABLE_DNSCRYPT], [1]) | |
| 1364 | ||
| 1365 | AC_SUBST([DNSCRYPT_SRC], ["dnscrypt/dnscrypt.c"]) | |
| 1366 | AC_SUBST([DNSCRYPT_OBJ], ["dnscrypt.lo"]) | |
| 1367 | ], | |
| 1368 | [ | |
| 1369 | AC_SUBST([ENABLE_DNSCRYPT], [0]) | |
| 1370 | ] | |
| 1371 | ) | |
| 1372 | ||
| 1278 | 1373 | # check for cachedb if requested |
| 1279 | 1374 | AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage])) |
| 1280 | 1375 | case "$enable_cachedb" in |
| 1284 | 1379 | no|*) |
| 1285 | 1380 | # nothing |
| 1286 | 1381 | ;; |
| 1382 | esac | |
| 1383 | ||
| 1384 | # check for ipsecmod if requested | |
| 1385 | AC_ARG_ENABLE(ipsecmod, AC_HELP_STRING([--enable-ipsecmod], [Enable ipsecmod module that facilitates opportunistic IPsec])) | |
| 1386 | case "$enable_ipsecmod" in | |
| 1387 | yes) | |
| 1388 | AC_DEFINE([USE_IPSECMOD], [1], [Define to 1 to use ipsecmod support.]) | |
| 1389 | IPSECMOD_OBJ="ipsecmod.lo ipsecmod-whitelist.lo" | |
| 1390 | AC_SUBST(IPSECMOD_OBJ) | |
| 1391 | IPSECMOD_HEADER='$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h' | |
| 1392 | AC_SUBST(IPSECMOD_HEADER) | |
| 1393 | ;; | |
| 1394 | no|*) | |
| 1395 | # nothing | |
| 1396 | ;; | |
| 1287 | 1397 | esac |
| 1288 | 1398 | |
| 1289 | 1399 | AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) |
| 1462 | 1572 | int isblank(int c); |
| 1463 | 1573 | #endif |
| 1464 | 1574 | |
| 1575 | #if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP | |
| 1576 | const char *inet_ntop(int af, const void *src, char *dst, size_t size); | |
| 1577 | #endif | |
| 1578 | ||
| 1579 | #if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON | |
| 1580 | int inet_pton(int af, const char* src, void* dst); | |
| 1581 | #endif | |
| 1582 | ||
| 1465 | 1583 | #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) |
| 1466 | 1584 | #define strptime unbound_strptime |
| 1467 | 1585 | struct tm; |
| 1570 | 1688 | AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) |
| 1571 | 1689 | AC_SUBST(date, [`date +'%b %e, %Y'`]) |
| 1572 | 1690 | |
| 1573 | AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc]) | |
| 1691 | AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service]) | |
| 1574 | 1692 | AC_CONFIG_HEADER([config.h]) |
| 1575 | 1693 | AC_OUTPUT |
| 28 | 28 | Patch from Stephane Lapie for ASAHI Net. |
| 29 | 29 | * unbound_smf22.tar.gz: Solaris SMF installation/removal scripts. |
| 30 | 30 | Contributed by Yuri Voinov. |
| 31 | * unbound.socket and unbound.service: systemd files for unbound, install them | |
| 32 | in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. | |
| 33 | * redirect-bogus.patch: Return configured address for bogus A and AAAA answers, | |
| 34 | instead of SERVFAIL. Contributed by SIDN. | |
| 35 | * fastrpz.patch: fastrpz support from Farsight Security. |
| 0 | =================================================================== | |
| 1 | RCS file: ./RCS/Makefile.in,v | |
| 2 | retrieving revision 1.1 | |
| 3 | diff -u --unidirectional-new-file -r1.1 ./Makefile.in | |
| 4 | --- ./Makefile.in | |
| 5 | +++ ./Makefile.in | |
| 6 | @@ -23,6 +23,8 @@ | |
| 7 | CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ | |
| 8 | DNSTAP_SRC=@DNSTAP_SRC@ | |
| 9 | DNSTAP_OBJ=@DNSTAP_OBJ@ | |
| 10 | +FASTRPZ_SRC=@FASTRPZ_SRC@ | |
| 11 | +FASTRPZ_OBJ=@FASTRPZ_OBJ@ | |
| 12 | DNSCRYPT_SRC=@DNSCRYPT_SRC@ | |
| 13 | DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ | |
| 14 | WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ | |
| 15 | @@ -125,7 +127,7 @@ | |
| 16 | edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ | |
| 17 | edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ | |
| 18 | cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \ | |
| 19 | -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) | |
| 20 | +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) | |
| 21 | COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ | |
| 22 | as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ | |
| 23 | iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ | |
| 24 | @@ -137,7 +139,7 @@ | |
| 25 | validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ | |
| 26 | val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ | |
| 27 | $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ | |
| 28 | -$(IPSECMOD_OBJ) | |
| 29 | +$(FASTRPZ_OBJ) $(DNSCRYPT_OBJ) | |
| 30 | COMMON_OBJ_WITHOUT_NETCALL+=respip.lo | |
| 31 | COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ | |
| 32 | outside_network.lo | |
| 33 | @@ -398,6 +401,11 @@ | |
| 34 | $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ | |
| 35 | $(srcdir)/util/netevent.h | |
| 36 | ||
| 37 | +# fastrpz | |
| 38 | +rpz.lo rpz.o: $(srcdir)/fastrpz/rpz.c config.h fastrpz/rpz.h fastrpz/librpz.h \ | |
| 39 | + $(srcdir)/util/config_file.h $(srcdir)/daemon/daemon.h \ | |
| 40 | + $(srcdir)/util/log.h | |
| 41 | + | |
| 42 | # Python Module | |
| 43 | pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ | |
| 44 | pythonmod/interface.h \ | |
| 45 | =================================================================== | |
| 46 | RCS file: ./RCS/config.h.in,v | |
| 47 | retrieving revision 1.1 | |
| 48 | diff -u --unidirectional-new-file -r1.1 ./config.h.in | |
| 49 | --- ./config.h.in | |
| 50 | +++ ./config.h.in | |
| 51 | @@ -1199,4 +1199,11 @@ | |
| 52 | /** the version of unbound-control that this software implements */ | |
| 53 | #define UNBOUND_CONTROL_VERSION 1 | |
| 54 | ||
| 55 | - | |
| 56 | +/* have __attribute__s used in librpz.h */ | |
| 57 | +#undef LIBRPZ_HAVE_ATTR | |
| 58 | +/** fastrpz librpz.so */ | |
| 59 | +#undef FASTRPZ_LIBRPZ_PATH | |
| 60 | +/** 0=no fastrpz 1=static link 2=dlopen() */ | |
| 61 | +#undef FASTRPZ_LIB_OPEN | |
| 62 | +/** turn on fastrpz response policy zones */ | |
| 63 | +#undef ENABLE_FASTRPZ | |
| 64 | =================================================================== | |
| 65 | RCS file: ./RCS/configure.ac,v | |
| 66 | retrieving revision 1.1 | |
| 67 | diff -u --unidirectional-new-file -r1.1 ./configure.ac | |
| 68 | --- ./configure.ac | |
| 69 | +++ ./configure.ac | |
| 70 | @@ -6,6 +6,7 @@ | |
| 71 | sinclude(acx_python.m4) | |
| 72 | sinclude(ac_pkg_swig.m4) | |
| 73 | sinclude(dnstap/dnstap.m4) | |
| 74 | +sinclude(fastrpz/rpz.m4) | |
| 75 | sinclude(dnscrypt/dnscrypt.m4) | |
| 76 | ||
| 77 | # must be numbers. ac_defun because of later processing | |
| 78 | @@ -1352,6 +1353,9 @@ | |
| 79 | ;; | |
| 80 | esac | |
| 81 | ||
| 82 | +# check for Fastrpz with fastrpz/rpz.m4 | |
| 83 | +ck_FASTRPZ | |
| 84 | + | |
| 85 | AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) | |
| 86 | # on openBSD, the implicit rule make $< work. | |
| 87 | # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). | |
| 88 | =================================================================== | |
| 89 | RCS file: ./daemon/RCS/daemon.c,v | |
| 90 | retrieving revision 1.1 | |
| 91 | diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c | |
| 92 | --- ./daemon/daemon.c | |
| 93 | +++ ./daemon/daemon.c | |
| 94 | @@ -89,6 +89,9 @@ | |
| 95 | #include "sldns/keyraw.h" | |
| 96 | #include "respip/respip.h" | |
| 97 | #include <signal.h> | |
| 98 | +#ifdef ENABLE_FASTRPZ | |
| 99 | +#include "fastrpz/rpz.h" | |
| 100 | +#endif | |
| 101 | ||
| 102 | #ifdef HAVE_SYSTEMD | |
| 103 | #include <systemd/sd-daemon.h> | |
| 104 | @@ -451,6 +454,14 @@ | |
| 105 | fatal_exit("dnstap enabled in config but not built with dnstap support"); | |
| 106 | #endif | |
| 107 | } | |
| 108 | + if(daemon->cfg->rpz_enable) { | |
| 109 | +#ifdef ENABLE_FASTRPZ | |
| 110 | + rpz_init(&daemon->rpz_clist, &daemon->rpz_client, daemon->cfg); | |
| 111 | +#else | |
| 112 | + fatal_exit("fastrpz enabled in config" | |
| 113 | + " but not built with fastrpz"); | |
| 114 | +#endif | |
| 115 | + } | |
| 116 | for(i=0; i<daemon->num; i++) { | |
| 117 | if(!(daemon->workers[i] = worker_create(daemon, i, | |
| 118 | shufport+numport*i/daemon->num, | |
| 119 | @@ -691,6 +702,9 @@ | |
| 120 | #ifdef USE_DNSTAP | |
| 121 | dt_delete(daemon->dtenv); | |
| 122 | #endif | |
| 123 | +#ifdef ENABLE_FASTRPZ | |
| 124 | + rpz_delete(&daemon->rpz_clist, &daemon->rpz_client); | |
| 125 | +#endif | |
| 126 | daemon->cfg = NULL; | |
| 127 | } | |
| 128 | ||
| 129 | =================================================================== | |
| 130 | RCS file: ./daemon/RCS/daemon.h,v | |
| 131 | retrieving revision 1.1 | |
| 132 | diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.h | |
| 133 | --- ./daemon/daemon.h | |
| 134 | +++ ./daemon/daemon.h | |
| 135 | @@ -134,6 +134,11 @@ | |
| 136 | /** the dnscrypt environment */ | |
| 137 | struct dnsc_env* dnscenv; | |
| 138 | #endif | |
| 139 | +#ifdef ENABLE_FASTRPZ | |
| 140 | + /** global opaque rpz handles */ | |
| 141 | + struct librpz_clist *rpz_clist; | |
| 142 | + struct librpz_client *rpz_client; | |
| 143 | +#endif | |
| 144 | }; | |
| 145 | ||
| 146 | /** | |
| 147 | =================================================================== | |
| 148 | RCS file: ./daemon/RCS/worker.c,v | |
| 149 | retrieving revision 1.1 | |
| 150 | diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c | |
| 151 | --- ./daemon/worker.c | |
| 152 | +++ ./daemon/worker.c | |
| 153 | @@ -73,6 +73,9 @@ | |
| 154 | #include "libunbound/context.h" | |
| 155 | #include "libunbound/libworker.h" | |
| 156 | #include "sldns/sbuffer.h" | |
| 157 | +#ifdef ENABLE_FASTRPZ | |
| 158 | +#include "fastrpz/rpz.h" | |
| 159 | +#endif | |
| 160 | #include "sldns/wire2str.h" | |
| 161 | #include "util/shm_side/shm_main.h" | |
| 162 | #include "dnscrypt/dnscrypt.h" | |
| 163 | @@ -526,8 +529,27 @@ | |
| 164 | /* not secure */ | |
| 165 | secure = 0; | |
| 166 | break; | |
| 167 | +#ifdef ENABLE_FASTRPZ | |
| 168 | + case sec_status_rpz_rewritten: | |
| 169 | + case sec_status_rpz_drop: | |
| 170 | + fatal_exit("impossible cached RPZ sec_status"); | |
| 171 | + break; | |
| 172 | +#endif | |
| 173 | } | |
| 174 | } | |
| 175 | +#ifdef ENABLE_FASTRPZ | |
| 176 | + if(repinfo->rpz) { | |
| 177 | + /* Scan the cached answer for RPZ hits. | |
| 178 | + * ret=1 use cache entry | |
| 179 | + * ret=-1 rewritten response already sent or dropped | |
| 180 | + * ret=0 deny a cached entry exists | |
| 181 | + */ | |
| 182 | + int ret = rpz_worker_cache(worker, msg->rep, qinfo, | |
| 183 | + id, flags, edns, repinfo); | |
| 184 | + if(ret != 1) | |
| 185 | + return ret; | |
| 186 | + } | |
| 187 | +#endif | |
| 188 | /* return this delegation from the cache */ | |
| 189 | edns->edns_version = EDNS_ADVERTISED_VERSION; | |
| 190 | edns->udp_size = EDNS_ADVERTISED_SIZE; | |
| 191 | @@ -688,6 +710,23 @@ | |
| 192 | secure = 0; | |
| 193 | } | |
| 194 | } else secure = 0; | |
| 195 | +#ifdef ENABLE_FASTRPZ | |
| 196 | + if(repinfo->rpz) { | |
| 197 | + /* Scan the cached answer for RPZ hits. | |
| 198 | + * ret=1 use cache entry | |
| 199 | + * ret=-1 rewritten response already sent or dropped | |
| 200 | + * ret=0 deny a cached entry exists | |
| 201 | + */ | |
| 202 | + int ret = rpz_worker_cache(worker, rep, qinfo, id, flags, edns, | |
| 203 | + repinfo); | |
| 204 | + if(ret != 1) { | |
| 205 | + rrset_array_unlock_touch(worker->env.rrset_cache, | |
| 206 | + worker->scratchpad, rep->ref, | |
| 207 | + rep->rrset_count); | |
| 208 | + return ret; | |
| 209 | + } | |
| 210 | + } | |
| 211 | +#endif | |
| 212 | ||
| 213 | edns->edns_version = EDNS_ADVERTISED_VERSION; | |
| 214 | edns->udp_size = EDNS_ADVERTISED_SIZE; | |
| 215 | @@ -1267,6 +1306,15 @@ | |
| 216 | log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", | |
| 217 | &repinfo->addr, repinfo->addrlen); | |
| 218 | goto send_reply; | |
| 219 | +#ifdef ENABLE_FASTRPZ | |
| 220 | + } else { | |
| 221 | + /* Start to rewrite for response policy zones. | |
| 222 | + * This can hit a qname trigger and be done. */ | |
| 223 | + if(rpz_start(worker, &qinfo, repinfo, &edns)) { | |
| 224 | + regional_free_all(worker->scratchpad); | |
| 225 | + return 0; | |
| 226 | + } | |
| 227 | +#endif | |
| 228 | } | |
| 229 | ||
| 230 | /* If we've found a local alias, replace the qname with the alias | |
| 231 | @@ -1315,12 +1363,21 @@ | |
| 232 | h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); | |
| 233 | if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { | |
| 234 | /* answer from cache - we have acquired a readlock on it */ | |
| 235 | - if(answer_from_cache(worker, &qinfo, | |
| 236 | + ret = answer_from_cache(worker, &qinfo, | |
| 237 | cinfo, &need_drop, &alias_rrset, &partial_rep, | |
| 238 | (struct reply_info*)e->data, | |
| 239 | *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), | |
| 240 | sldns_buffer_read_u16_at(c->buffer, 2), repinfo, | |
| 241 | - &edns)) { | |
| 242 | + &edns); | |
| 243 | +#ifdef ENABLE_FASTRPZ | |
| 244 | + if(ret < 0) { | |
| 245 | + /* RPZ already dropped or sent a response. */ | |
| 246 | + lock_rw_unlock(&e->lock); | |
| 247 | + regional_free_all(worker->scratchpad); | |
| 248 | + return 0; | |
| 249 | + } | |
| 250 | +#endif | |
| 251 | + if(ret) { | |
| 252 | /* prefetch it if the prefetch TTL expired. | |
| 253 | * Note that if there is more than one pass | |
| 254 | * its qname must be that used for cache | |
| 255 | @@ -1371,11 +1428,19 @@ | |
| 256 | lock_rw_unlock(&e->lock); | |
| 257 | } | |
| 258 | if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { | |
| 259 | - if(answer_norec_from_cache(worker, &qinfo, | |
| 260 | + ret = answer_norec_from_cache(worker, &qinfo, | |
| 261 | *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), | |
| 262 | sldns_buffer_read_u16_at(c->buffer, 2), repinfo, | |
| 263 | - &edns)) { | |
| 264 | + &edns); | |
| 265 | + if(ret) { | |
| 266 | regional_free_all(worker->scratchpad); | |
| 267 | +#ifdef ENABLE_FASTRPZ | |
| 268 | + if(ret < 0) { | |
| 269 | + /* RPZ already dropped | |
| 270 | + * or sent a response. */ | |
| 271 | + return 0; | |
| 272 | + } | |
| 273 | +#endif | |
| 274 | goto send_reply; | |
| 275 | } | |
| 276 | verbose(VERB_ALGO, "answer norec from cache -- " | |
| 277 | =================================================================== | |
| 278 | RCS file: ./doc/RCS/unbound.conf.5.in,v | |
| 279 | retrieving revision 1.1 | |
| 280 | diff -u --unidirectional-new-file -r1.1 ./doc/unbound.conf.5.in | |
| 281 | --- ./doc/unbound.conf.5.in | |
| 282 | +++ ./doc/unbound.conf.5.in | |
| 283 | @@ -1446,6 +1446,81 @@ | |
| 284 | .B dns64\-synthall: \fI<yes or no>\fR | |
| 285 | Debug option, default no. If enabled, synthesize all AAAA records | |
| 286 | despite the presence of actual AAAA records. | |
| 287 | +.SS "Response Policy Zone Rewriting" | |
| 288 | +.LP | |
| 289 | +Response policy zone rewriting is controlled with the | |
| 290 | +.B rpz | |
| 291 | +clause. | |
| 292 | +It must contain a | |
| 293 | +.B rpz\-enable: | |
| 294 | +option, and one or more | |
| 295 | +.B rpz\-zone: | |
| 296 | +options. | |
| 297 | +It will usually also contain | |
| 298 | +.B rpz\-option: | |
| 299 | +clauses with general rewriting options or specifying dnsrpzd parameters. | |
| 300 | +Beneath the surface, the text in | |
| 301 | +.B rpz\-zone: \fI<"domain">\fR | |
| 302 | +is converted to \fI"zone domain\\n"\fR and added to the configuration string | |
| 303 | +given to | |
| 304 | +\fIlibrpz\fR(3). | |
| 305 | +The text in | |
| 306 | +.B rpz-option \fI<"text">\fR | |
| 307 | +is also added to that configuration string. | |
| 308 | +.LP | |
| 309 | +If using chroot, then the chroot directory must contain the \fIdnsrpzd\fR(3) | |
| 310 | +command and the shared libraries that it uses. | |
| 311 | +Those can be found with the \fIldd\fR(1) command. | |
| 312 | +.LP | |
| 313 | +Resolver zone and rewriting options and response policy zone triggers and | |
| 314 | +actions are described in \fIlibrpz\fR(3). | |
| 315 | +The separate control file that specifies the policy zones maintained by | |
| 316 | +the dnsrpzd daemon is described in \fIdnsrpzd\fR(8). | |
| 317 | +.LP | |
| 318 | +Many installations need a local whitelist that exempts local | |
| 319 | +domains from rewriting. | |
| 320 | +Whitelist records can be in zones transferred by dnsrpzd from | |
| 321 | +authorities or in a local zone file. | |
| 322 | +.TP | |
| 323 | +.B rpz-enable: \fI<yes or no> | |
| 324 | +enables Fastrpz. | |
| 325 | +If not enabled, the other options in the | |
| 326 | +.B rpz: | |
| 327 | +clause are ignored. | |
| 328 | +.TP | |
| 329 | +.B rpz-zone: \fI<"zone and options"> | |
| 330 | +specifies a policy zone and optional per-zone rewriting parameters. | |
| 331 | +.TP | |
| 332 | +.B rpz-option: \fI<"option"> | |
| 333 | +specifies general Fastrpz options. | |
| 334 | +.LP | |
| 335 | +Fastrpz is available only on POSIX compliant UNIX-like systems with the | |
| 336 | +\fImmap\fR(2) system call. | |
| 337 | +.LP | |
| 338 | +Fastrpz in Unbound differs from rpz and fastrpz in BIND by | |
| 339 | +.RS 3 | |
| 340 | +.HP 4 | |
| 341 | +RPZ-CLIENT-IP triggers can only be used in the first policy zone | |
| 342 | +specified with | |
| 343 | +.B rpz-zone: | |
| 344 | +.HP | |
| 345 | +Policy zone rewriting is disabled by the DO bit in DNS requests | |
| 346 | +even when no DNSSEC signatures are supplied by authorities. | |
| 347 | +.HP | |
| 348 | +Unbound local zones are not subject to rpz rewriting. | |
| 349 | +.HP | |
| 350 | +Like Fastrpz with BIND but unlike classic BIND rpz, | |
| 351 | +the ADDITIONAL sections of rewritten responses contain the SOA record from | |
| 352 | +the policy zone used to rewrite the response. | |
| 353 | +.RE | |
| 354 | +.P | |
| 355 | +.nf | |
| 356 | +# example Fastrpz settings for use with chroot on Freebsd | |
| 357 | +rpz: | |
| 358 | + rpz-zone: "rpz.example.org" | |
| 359 | + rpz-zone: "other.rpz.example.org ip-as-ns yes" | |
| 360 | + rpz-option: "dnsrpzd ./dnsrpzd" | |
| 361 | +.fi | |
| 362 | .SS "DNSCrypt Options" | |
| 363 | .LP | |
| 364 | The | |
| 365 | =================================================================== | |
| 366 | RCS file: ./fastrpz/RCS/librpz.h,v | |
| 367 | retrieving revision 1.1 | |
| 368 | diff -u --unidirectional-new-file -r1.1 ./fastrpz/librpz.h | |
| 369 | --- ./fastrpz/librpz.h | |
| 370 | +++ ./fastrpz/librpz.h | |
| 371 | @@ -0,0 +1,957 @@ | |
| 372 | +/* | |
| 373 | + * Define the interface from a DNS resolver to the Response Policy Zone | |
| 374 | + * library, librpz. | |
| 375 | + * | |
| 376 | + * This file should be included only the interface functions between the | |
| 377 | + * resolver and librpz to avoid name space pollution. | |
| 378 | + * | |
| 379 | + * Copyright (c) 2016-2017 Farsight Security, Inc. | |
| 380 | + * | |
| 381 | + * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 382 | + * you may not use this file except in compliance with the License. | |
| 383 | + * You may obtain a copy of the License at | |
| 384 | + * http://www.apache.org/licenses/LICENSE-2.0 | |
| 385 | + * | |
| 386 | + * Unless required by applicable law or agreed to in writing, software | |
| 387 | + * distributed under the License is distributed on an "AS IS" BASIS, | |
| 388 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 389 | + * See the License for the specific language governing permissions and | |
| 390 | + * limitations under the License. | |
| 391 | + * | |
| 392 | + * Fastrpz version 1.2.10 | |
| 393 | + */ | |
| 394 | + | |
| 395 | +#ifndef LIBRPZ_H | |
| 396 | +#define LIBRPZ_H | |
| 397 | + | |
| 398 | +#include <arpa/nameser.h> | |
| 399 | +#include <netinet/in.h> | |
| 400 | +#include <stdarg.h> | |
| 401 | +#include <stdbool.h> | |
| 402 | +#include <stdio.h> | |
| 403 | +#include <sys/types.h> | |
| 404 | + | |
| 405 | + | |
| 406 | +/* | |
| 407 | + * Allow either ordinary or dlopen() linking. | |
| 408 | + */ | |
| 409 | +#ifdef LIBRPZ_INTERNAL | |
| 410 | +#define LIBDEF(t,s) extern t s; | |
| 411 | +#define LIBDEF_F(f) LIBDEF(librpz_##f##_t, librpz_##f) | |
| 412 | +#else | |
| 413 | +#define LIBDEF(t,s) | |
| 414 | +#define LIBDEF_F(f) | |
| 415 | +#endif | |
| 416 | + | |
| 417 | +/* | |
| 418 | + * Response Policy Zone triggers. | |
| 419 | + * Comparisons of trigger precedences require | |
| 420 | + * LIBRPZ_TRIG_CLIENT_IP < LIBRPZ_TRIG_QNAME < LIBRPZ_TRIG_IP | |
| 421 | + * < LIBRPZ_TRIG_NSDNAME < LIBRPZ_TRIG_NSIP} | |
| 422 | + */ | |
| 423 | +typedef enum { | |
| 424 | + LIBRPZ_TRIG_BAD =0, | |
| 425 | + LIBRPZ_TRIG_CLIENT_IP =1, | |
| 426 | + LIBRPZ_TRIG_QNAME =2, | |
| 427 | + LIBRPZ_TRIG_IP =3, | |
| 428 | + LIBRPZ_TRIG_NSDNAME =4, | |
| 429 | + LIBRPZ_TRIG_NSIP =5 | |
| 430 | +} librpz_trig_t; | |
| 431 | +#define LIBRPZ_TRIG_SIZE 3 /* sizeof librpz_trig_t in bits */ | |
| 432 | +typedef uint8_t librpz_tbit_t; /* one bit for each of the TRIGS_NUM | |
| 433 | + * trigger types */ | |
| 434 | + | |
| 435 | + | |
| 436 | +/* | |
| 437 | + * Response Policy Zone Actions or policies | |
| 438 | + */ | |
| 439 | +typedef enum { | |
| 440 | + LIBRPZ_POLICY_UNDEFINED =0, /* an empty entry or no decision yet */ | |
| 441 | + LIBRPZ_POLICY_DELETED =1, /* placeholder for a deleted policy */ | |
| 442 | + | |
| 443 | + LIBRPZ_POLICY_PASSTHRU =2, /* 'passthru': do not rewrite */ | |
| 444 | + LIBRPZ_POLICY_DROP =3, /* 'drop': do not respond */ | |
| 445 | + LIBRPZ_POLICY_TCP_ONLY =4, /* 'tcp-only': answer UDP with TC=1 */ | |
| 446 | + LIBRPZ_POLICY_NXDOMAIN =5, /* 'nxdomain': answer with NXDOMAIN */ | |
| 447 | + LIBRPZ_POLICY_NODATA =6, /* 'nodata': answer with ANCOUNT=0 */ | |
| 448 | + LIBRPZ_POLICY_RECORD =7, /* rewrite with the policy's RR */ | |
| 449 | + | |
| 450 | + /* only in client configurations to override the zone */ | |
| 451 | + LIBRPZ_POLICY_GIVEN, /* 'given': what policy record says */ | |
| 452 | + LIBRPZ_POLICY_DISABLED, /* at most log */ | |
| 453 | + LIBRPZ_POLICY_CNAME, /* answer with 'cname x' */ | |
| 454 | +} librpz_policy_t; | |
| 455 | +#define LIBRPZ_POLICY_BITS 4 | |
| 456 | + | |
| 457 | +/* | |
| 458 | + * Special policies that appear as targets of CNAMEs | |
| 459 | + * NXDOMAIN is signaled by a CNAME with a "." target. | |
| 460 | + * NODATA is signaled by a CNAME with a "*." target. | |
| 461 | + */ | |
| 462 | +#define LIBRPZ_RPZ_PREFIX "rpz-" | |
| 463 | +#define LIBRPZ_RPZ_PASSTHRU LIBRPZ_RPZ_PREFIX"passthru" | |
| 464 | +#define LIBRPZ_RPZ_DROP LIBRPZ_RPZ_PREFIX"drop" | |
| 465 | +#define LIBRPZ_RPZ_TCP_ONLY LIBRPZ_RPZ_PREFIX"tcp-only" | |
| 466 | + | |
| 467 | + | |
| 468 | +typedef uint16_t librpz_dznum_t; /* dnsrpzd zone # in [0,DZNUM_MAX] */ | |
| 469 | +typedef uint8_t librpz_cznum_t; /* client zone # in [0,CZNUM_MAX] */ | |
| 470 | + | |
| 471 | + | |
| 472 | +/* | |
| 473 | + * CIDR block | |
| 474 | + */ | |
| 475 | +typedef struct librpz_prefix { | |
| 476 | + union { | |
| 477 | + struct in_addr in; | |
| 478 | + struct in6_addr in6; | |
| 479 | + } addr; | |
| 480 | + uint8_t family; | |
| 481 | + uint8_t len; | |
| 482 | +} librpz_prefix_t; | |
| 483 | + | |
| 484 | +/* | |
| 485 | + * A domain | |
| 486 | + */ | |
| 487 | +typedef uint8_t librpz_dsize_t; | |
| 488 | +typedef struct librpz_domain { | |
| 489 | + librpz_dsize_t size; /* of only .d */ | |
| 490 | + uint8_t d[0]; /* variable length wire format */ | |
| 491 | +} librpz_domain_t; | |
| 492 | + | |
| 493 | +/* | |
| 494 | + * A maximal domain buffer | |
| 495 | + */ | |
| 496 | +typedef struct librpz_domain_buf { | |
| 497 | + librpz_dsize_t size; | |
| 498 | + uint8_t d[NS_MAXCDNAME]; | |
| 499 | +} librpz_domain_buf_t; | |
| 500 | + | |
| 501 | +/* | |
| 502 | + * A resource record without the owner name. | |
| 503 | + * C compilers say that sizeof(librpz_rr_t)=12 instead of 10. | |
| 504 | + */ | |
| 505 | +typedef struct { | |
| 506 | + uint16_t type; /* network byte order */ | |
| 507 | + uint16_t class; /* network byte order */ | |
| 508 | + uint32_t ttl; /* network byte order */ | |
| 509 | + uint16_t rdlength; /* network byte order */ | |
| 510 | + uint8_t rdata[0]; /* variable length */ | |
| 511 | +} librpz_rr_t; | |
| 512 | + | |
| 513 | +/* | |
| 514 | + * The database file might be mapped with different starting addresses | |
| 515 | + * by concurrent clients (resolvers), and so all pointers are offsets. | |
| 516 | + */ | |
| 517 | +typedef uint32_t librpz_idx_t; | |
| 518 | +#define LIBRPZ_IDX_NULL 0 | |
| 519 | +#define LIBRPZ_IDX_MIN 1 | |
| 520 | +#define LIBRPZ_IDX_BAD ((librpz_idx_t)-1) | |
| 521 | +/** | |
| 522 | + * Partial decoded results of a set of RPZ queries for a single DNS response | |
| 523 | + * or interation through the mapped file. | |
| 524 | + */ | |
| 525 | +typedef int16_t librpz_result_id_t; | |
| 526 | +typedef struct librpz_result { | |
| 527 | + librpz_idx_t next_rr; | |
| 528 | + librpz_result_id_t hit_id; /* trigger ID from resolver */ | |
| 529 | + librpz_policy_t zpolicy; /* policy from zone */ | |
| 530 | + librpz_policy_t policy; /* adjusted by client configuration */ | |
| 531 | + librpz_dznum_t dznum; /* dnsrpzd zone number */ | |
| 532 | + librpz_cznum_t cznum; /* librpz client zone number */ | |
| 533 | + librpz_trig_t trig:LIBRPZ_TRIG_SIZE; | |
| 534 | + bool log:1; /* log rewrite given librpz_log_level */ | |
| 535 | +} librpz_result_t; | |
| 536 | + | |
| 537 | + | |
| 538 | +/** | |
| 539 | + * librpz trace or log levels. | |
| 540 | + */ | |
| 541 | +typedef enum { | |
| 542 | + LIBRPZ_LOG_FATAL =0, /* always print fatal errors */ | |
| 543 | + LIBRPZ_LOG_ERROR =1, /* errors have this level */ | |
| 544 | + LIBRPZ_LOG_TRACE1 =2, /* big events such as dnsrpzd starts */ | |
| 545 | + LIBRPZ_LOG_TRACE2 =3, /* smaller dnsrpzd zone transfers */ | |
| 546 | + LIBRPZ_LOG_TRACE3 =4, /* librpz hits */ | |
| 547 | + LIBRPZ_LOG_TRACE4 =5, /* librpz lookups */ | |
| 548 | + LIBRPZ_LOG_INVALID =999, | |
| 549 | +} librpz_log_level_t; | |
| 550 | +typedef librpz_log_level_t (librpz_log_level_val_t)(librpz_log_level_t level); | |
| 551 | +LIBDEF_F(log_level_val) | |
| 552 | + | |
| 553 | +/** | |
| 554 | + * Logging function that can be supplied by the resolver. | |
| 555 | + * @param level is one of librpz_log_level_t | |
| 556 | + * @param ctx is for use by the resolver's logging system. | |
| 557 | + * NULL mean a context-free message. | |
| 558 | + */ | |
| 559 | +typedef void(librpz_log_fnc_t)(librpz_log_level_t level, void *ctx, | |
| 560 | + const char *buf); | |
| 561 | + | |
| 562 | +/** | |
| 563 | + * Point librpz logging functions to the resolver's choice. | |
| 564 | + */ | |
| 565 | +typedef void (librpz_set_log_t)(librpz_log_fnc_t *new_log, const char *prog_nm); | |
| 566 | +LIBDEF_F(set_log) | |
| 567 | + | |
| 568 | + | |
| 569 | +/** | |
| 570 | + * librpz error messages are put in these buffers. | |
| 571 | + * Use a structure intead of naked char* to let the compiler check the length. | |
| 572 | + * A function defined with "foo(char buf[120])" can be called with | |
| 573 | + * "char sbuf[2]; foo(sbuf)" and suffer a buffer overrun. | |
| 574 | + */ | |
| 575 | +typedef struct { | |
| 576 | + char c[120]; | |
| 577 | +} librpz_emsg_t; | |
| 578 | + | |
| 579 | + | |
| 580 | +#ifdef LIBRPZ_HAVE_ATTR | |
| 581 | +#define LIBRPZ_UNUSED __attribute__((unused)) | |
| 582 | +#define LIBRPZ_PF(f,l) __attribute__((format(printf,f,l))) | |
| 583 | +#define LIBRPZ_NORET __attribute__((__noreturn__)) | |
| 584 | +#else | |
| 585 | +#define LIBRPZ_UNUSED | |
| 586 | +#define LIBRPZ_PF(f,l) | |
| 587 | +#define LIBRPZ_NORET | |
| 588 | +#endif | |
| 589 | + | |
| 590 | +#ifdef HAVE_BUILTIN_EXPECT | |
| 591 | +#define LIBRPZ_LIKELY(c) __builtin_expect(!!(c), 1) | |
| 592 | +#define LIBRPZ_UNLIKELY(c) __builtin_expect(!!(c), 0) | |
| 593 | +#else | |
| 594 | +#define LIBRPZ_LIKELY(c) (c) | |
| 595 | +#define LIBRPZ_UNLIKELY(c) (c) | |
| 596 | +#endif | |
| 597 | + | |
| 598 | +typedef bool (librpz_parse_log_opt_t)(librpz_emsg_t *emsg, const char *arg); | |
| 599 | +LIBDEF_F(parse_log_opt) | |
| 600 | + | |
| 601 | +typedef void (librpz_vpemsg_t)(librpz_emsg_t *emsg, | |
| 602 | + const char *p, va_list args); | |
| 603 | +LIBDEF_F(vpemsg) | |
| 604 | +typedef void (librpz_pemsg_t)(librpz_emsg_t *emsg, | |
| 605 | + const char *p, ...) LIBRPZ_PF(2,3); | |
| 606 | +LIBDEF_F(pemsg) | |
| 607 | + | |
| 608 | +typedef void (librpz_vlog_t)(librpz_log_level_t level, void *ctx, | |
| 609 | + const char *p, va_list args); | |
| 610 | +LIBDEF_F(vlog) | |
| 611 | +typedef void (librpz_log_t)(librpz_log_level_t level, void *ctx, | |
| 612 | + const char *p, ...) LIBRPZ_PF(3,4); | |
| 613 | +LIBDEF_F(log) | |
| 614 | + | |
| 615 | +typedef void (librpz_fatal_t)(int ex_code, | |
| 616 | + const char *p, ...) LIBRPZ_PF(2,3); | |
| 617 | +extern void librpz_fatal(int ex_code, | |
| 618 | + const char *p, ...) LIBRPZ_PF(2,3) LIBRPZ_NORET; | |
| 619 | + | |
| 620 | +typedef void (librpz_rpz_assert_t)(const char *file, unsigned line, | |
| 621 | + const char *p, ...) LIBRPZ_PF(3,4); | |
| 622 | +extern void librpz_rpz_assert(const char *file, unsigned line, | |
| 623 | + const char *p, ...) LIBRPZ_PF(3,4) LIBRPZ_NORET; | |
| 624 | + | |
| 625 | +typedef void (librpz_rpz_vassert_t)(const char *file, uint line, | |
| 626 | + const char *p, va_list args); | |
| 627 | +extern void librpz_rpz_vassert(const char *file, uint line, | |
| 628 | + const char *p, va_list args) LIBRPZ_NORET; | |
| 629 | + | |
| 630 | + | |
| 631 | +/* | |
| 632 | + * As far as clients are concerned, all relative pointers or indexes in a | |
| 633 | + * version of the mapped file except trie node parent pointers remain valid | |
| 634 | + * forever. A client must release a version so that it can be garbage | |
| 635 | + * collected by the file system. When dnsrpzd needs to expand the file, | |
| 636 | + * it copies the old file to a new, larger file. Clients can continue | |
| 637 | + * using the old file. | |
| 638 | + * | |
| 639 | + * Versions can also appear in a single file. Old nodes and trie values | |
| 640 | + * within the file are not destroyed until all clients using the version | |
| 641 | + * that contained the old values release the version. | |
| 642 | + * | |
| 643 | + * A client is marked as using version by connecting to the deamon. It is | |
| 644 | + * marked as using all subsequent versions. A client releases all versions | |
| 645 | + * by closing the connection or a range of versions by updating is slot | |
| 646 | + * in the shared memory version table. | |
| 647 | + * | |
| 648 | + * As far as clients are concerned, there are the following possible librpz | |
| 649 | + * failures: | |
| 650 | + * - malloc() or other fatal internal librpz problems indicated by | |
| 651 | + * a failing return from a librpz function | |
| 652 | + * All operations will fail until client handle is destroyed and | |
| 653 | + * recreated with librpz_client_detach() and librpz_client_create(). | |
| 654 | + * - corrupt database detected by librpz code, corrupt database detected | |
| 655 | + * by dnsrpzd, or disconnection from the daemon. | |
| 656 | + * Current operations will fail. | |
| 657 | + * | |
| 658 | + * Clients assume that the file has already been unlinked before | |
| 659 | + * the corrupt flag is set so that they do not race with the server | |
| 660 | + * over the corruption of a single file. A client that finds the | |
| 661 | + * corrupt set knows that dnsrpzd has already crashed with | |
| 662 | + * abort() and is restarting. The client can re-connect to dnsrpzd | |
| 663 | + * and retransmit its configuration, backing off as usual if anything | |
| 664 | + * goes wrong. | |
| 665 | + * | |
| 666 | + * Searchs of the database by a client do not need locks against dnsrpzd or | |
| 667 | + * other clients, but a lock is used to protect changes to the connection | |
| 668 | + * by competing threads in the client. The client provides fuctions | |
| 669 | + * to serialize the conncurrent use of any single client handle. | |
| 670 | + * Functions that do nothing are appropriate for applications that are | |
| 671 | + * not "threaded" or that do not share client handles among threads. | |
| 672 | + * Otherwise, functions must be provided to librpz_clientcreate(). | |
| 673 | + * Something like the following works with pthreads: | |
| 674 | + * | |
| 675 | + * static void | |
| 676 | + * lock(void *mutex) { assert(pthread_mutex_lock(mutex) == 0); } | |
| 677 | + * | |
| 678 | + * static void | |
| 679 | + * unlock(void *mutex) { assert(pthread_mutex_unlock(mutex) == 0); } | |
| 680 | + * | |
| 681 | + * static void | |
| 682 | + * mutex_destroy(void *mutex) { assert(pthread_mutex_destroy(mutex) == 0); } | |
| 683 | + * | |
| 684 | + * | |
| 685 | + * | |
| 686 | + * At every instant, all of the data and pointers in the mapped file are valid. | |
| 687 | + * Changes to trie node or other data are always made so that it and | |
| 688 | + * all pointers in and to it remain valid for a time. Old versions are | |
| 689 | + * eventually discarded. | |
| 690 | + * | |
| 691 | + * Dnsrpzd periodically defines a new version by setting asside all changes | |
| 692 | + * made since the previous version was defined. Subsequent changes | |
| 693 | + * made (only!) by dnsrpzd will be part of the next version. | |
| 694 | + * | |
| 695 | + * To discard an old version, dnsrpzd must know that all clients have stopped | |
| 696 | + * using that version. Clients do that by using part of the mapped file | |
| 697 | + * to tell dnsrpzd the oldest version that each client is using. | |
| 698 | + * Dnsrpzd assigns each connecting client an entry in the cversions array | |
| 699 | + * in the mapped file. The client puts version numbers into that entry | |
| 700 | + * to signal to dnsrpzd which versions that can be discarded. | |
| 701 | + * Dnsrpzd is free, as far as that client is concerned, to discard all | |
| 702 | + * numerically smaller versions. A client can disclaim all versions with | |
| 703 | + * the version number VERSIONS_ALL or 0. | |
| 704 | + * | |
| 705 | + * The race between a client changing its entry and dnsrpzd discarding a | |
| 706 | + * version is resolved by allowing dnsrpzd to discard all versions | |
| 707 | + * smaller or equal to the client's version number. If dnsrpzd is in | |
| 708 | + * the midst of discarding or about to discard version N when the | |
| 709 | + * client asserts N, no harm is done. The client depends only on | |
| 710 | + * the consistency of version N+1. | |
| 711 | + * | |
| 712 | + * This version mechanism depends in part on not being exercised too frequently | |
| 713 | + * Version numbers are 32 bits long and dnsrpzd creates new versions | |
| 714 | + * at most once every 30 seconds. | |
| 715 | + */ | |
| 716 | + | |
| 717 | + | |
| 718 | +/* | |
| 719 | + * Lock functions for concurrent use of a single librpz_client_t client handle. | |
| 720 | + */ | |
| 721 | +typedef void(librpz_mutex_t)(void *mutex); | |
| 722 | + | |
| 723 | +/* | |
| 724 | + * List of connections to dnsrpzd daemons. | |
| 725 | + */ | |
| 726 | +typedef struct librpz_clist librpz_clist_t; | |
| 727 | + | |
| 728 | +/* | |
| 729 | + * Client's handle on dnsrpzd. | |
| 730 | + */ | |
| 731 | +typedef struct librpz_client librpz_client_t; | |
| 732 | + | |
| 733 | +/** | |
| 734 | + * Create the list of connections to the dnsrpzd daemon. | |
| 735 | + * @param[out] emsg: error message | |
| 736 | + * @param lock: start exclusive access to the client handle | |
| 737 | + * @param unlock: end exclusive access to the client handle | |
| 738 | + * @param mutex_destroy: release the lock | |
| 739 | + * @param mutex: pointer to the lock for the client handle | |
| 740 | + * @param log_ctx: NULL or resolver's context log messages | |
| 741 | + */ | |
| 742 | +typedef librpz_clist_t *(librpz_clist_create_t)(librpz_emsg_t *emsg, | |
| 743 | + librpz_mutex_t *lock, | |
| 744 | + librpz_mutex_t *unlock, | |
| 745 | + librpz_mutex_t *mutex_destroy, | |
| 746 | + void *mutex, void *log_ctx); | |
| 747 | +LIBDEF_F(clist_create) | |
| 748 | + | |
| 749 | + | |
| 750 | +/** | |
| 751 | + * Release the list of dnsrpzd connections. | |
| 752 | + */ | |
| 753 | +typedef void (librpz_clist_detach_t)(librpz_clist_t **clistp); | |
| 754 | +LIBDEF_F(clist_detach) | |
| 755 | + | |
| 756 | +/** | |
| 757 | + * Create a librpz client handle. | |
| 758 | + * @param[out] emsg: error message | |
| 759 | + * @param: list of dnsrpzd connections | |
| 760 | + * @param cstr: string of configuration settings separated by ';' or '\n' | |
| 761 | + * @param use_expired: true to not ignore expired zones | |
| 762 | + * @return client handle or NULL if the handle could not be created | |
| 763 | + */ | |
| 764 | +typedef librpz_client_t *(librpz_client_create_t)(librpz_emsg_t *emsg, | |
| 765 | + librpz_clist_t *clist, | |
| 766 | + const char *cstr, | |
| 767 | + bool use_expired); | |
| 768 | +LIBDEF_F(client_create) | |
| 769 | + | |
| 770 | +/** | |
| 771 | + * Start (if necessary) dnsrpzd and connect to it. | |
| 772 | + * @param[out] emsg: error message | |
| 773 | + * @param client handle | |
| 774 | + * @param optional: true if it is ok if starting the daemon is not allowed | |
| 775 | + */ | |
| 776 | +typedef bool (librpz_connect_t)(librpz_emsg_t *emsg, librpz_client_t *client, | |
| 777 | + bool optional); | |
| 778 | +LIBDEF_F(connect) | |
| 779 | + | |
| 780 | +/** | |
| 781 | + * Start to destroy a librpz client handle. | |
| 782 | + * It will not be destroyed until the last set of RPZ queries represented | |
| 783 | + * by a librpz_rsp_t ends. | |
| 784 | + * @param client handle to be released | |
| 785 | + * @return false on error | |
| 786 | + */ | |
| 787 | +typedef void (librpz_client_detach_t)(librpz_client_t **clientp); | |
| 788 | +LIBDEF_F(client_detach) | |
| 789 | + | |
| 790 | +/** | |
| 791 | + * State for a set of RPZ queries for a single DNS response | |
| 792 | + * or for listing the database. | |
| 793 | + */ | |
| 794 | +typedef struct librpz_rsp librpz_rsp_t; | |
| 795 | + | |
| 796 | +/** | |
| 797 | + * Start a set of RPZ queries for a single DNS response. | |
| 798 | + * @param[out] emsg: error message for false return or *rspp=NULL | |
| 799 | + * @param[out] rspp created context or NULL | |
| 800 | + * @param[out] min_ns_dotsp: NULL or pointer to configured MIN-NS-DOTS value | |
| 801 | + * @param client state | |
| 802 | + * @param have_rd: RD=1 in the DNS request | |
| 803 | + * @param have_do: DO=1 in the DNS request | |
| 804 | + * @return false on error | |
| 805 | + */ | |
| 806 | +typedef bool (librpz_rsp_create_t)(librpz_emsg_t *emsg, librpz_rsp_t **rspp, | |
| 807 | + int *min_ns_dotsp, librpz_client_t *client, | |
| 808 | + bool have_rd, bool have_do); | |
| 809 | +LIBDEF_F(rsp_create) | |
| 810 | + | |
| 811 | +/** | |
| 812 | + * Finish RPZ work for a DNS response. | |
| 813 | + */ | |
| 814 | +typedef void (librpz_rsp_detach_t)(librpz_rsp_t **rspp); | |
| 815 | +LIBDEF_F(rsp_detach) | |
| 816 | + | |
| 817 | +/** | |
| 818 | + * Get the final, accumulated result of a set of RPZ queries. | |
| 819 | + * Yield LIBRPZ_POLICY_UNDEFINED if | |
| 820 | + * - there were no hits, | |
| 821 | + * - there was a dispositive hit, be we have not recursed and are required | |
| 822 | + * to recurse so that evil DNS authories will not know we are using RPZ | |
| 823 | + * - we have a hit and have recursed, but later data such as NSIP could | |
| 824 | + * override | |
| 825 | + * @param[out] emsg | |
| 826 | + * @param[out] result describes the hit | |
| 827 | + * or result->policy=LIBRPZ_POLICY_UNDEFINED without a hit | |
| 828 | + * @param[out] result: current policy rewrite values | |
| 829 | + * @param recursed: recursion has now been done even if it was not done | |
| 830 | + * when the hit was found | |
| 831 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 832 | + * @return false on error | |
| 833 | + */ | |
| 834 | +typedef bool (librpz_rsp_result_t)(librpz_emsg_t *emsg, librpz_result_t *result, | |
| 835 | + bool recursed, const librpz_rsp_t *rsp); | |
| 836 | +LIBDEF_F(rsp_result) | |
| 837 | + | |
| 838 | +/** | |
| 839 | + * Might looking for a trigger be worthwhile? | |
| 840 | + * @param trig: look for this type of trigger | |
| 841 | + * @param ipv6: true if trig is LIBRPZ_TRIG_CLIENT_IP, LIBRPZ_TRIG_IP, | |
| 842 | + * or LIBRPZ_TRIG_NSIP and the IP address is IPv6 | |
| 843 | + * @return: true if looking could be worthwhile | |
| 844 | + */ | |
| 845 | +typedef bool (librpz_have_trig_t)(librpz_trig_t trig, bool ipv6, | |
| 846 | + const librpz_rsp_t *rsp); | |
| 847 | +LIBDEF_F(have_trig) | |
| 848 | + | |
| 849 | +/** | |
| 850 | + * Might looking for NSDNAME and NSIP triggers be worthwhile? | |
| 851 | + * @return: true if looking could be worthwhile | |
| 852 | + */ | |
| 853 | +typedef bool (librpz_have_ns_trig_t)(const librpz_rsp_t *rsp); | |
| 854 | +LIBDEF_F(have_ns_trig) | |
| 855 | + | |
| 856 | +/** | |
| 857 | + * Convert the found client IP trie key to a CIDR block | |
| 858 | + * @param[out] emsg | |
| 859 | + * @param[out] prefix trigger | |
| 860 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 861 | + * @return false on error | |
| 862 | + */ | |
| 863 | +typedef bool (librpz_rsp_clientip_prefix_t)(librpz_emsg_t *emsg, | |
| 864 | + librpz_prefix_t *prefix, | |
| 865 | + librpz_rsp_t *rsp); | |
| 866 | +LIBDEF_F(rsp_clientip_prefix) | |
| 867 | + | |
| 868 | +/** | |
| 869 | + * Compute the owner name of the found or result trie key, usually to log it. | |
| 870 | + * An IP address key might be returned as 8.0.0.0.127.rpz-client-ip. | |
| 871 | + * example.com. might be a qname trigger. example.com.rpz-nsdname. could | |
| 872 | + * be an NSDNAME trigger. | |
| 873 | + * @param[out] emsg | |
| 874 | + * @param[out] owner domain | |
| 875 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 876 | + * @return false on error | |
| 877 | + */ | |
| 878 | +typedef bool (librpz_rsp_domain_t)(librpz_emsg_t *emsg, | |
| 879 | + librpz_domain_buf_t *owner, | |
| 880 | + librpz_rsp_t *rsp); | |
| 881 | +LIBDEF_F(rsp_domain) | |
| 882 | + | |
| 883 | +/** | |
| 884 | + * Get the next RR of the LIBRPZ_POLICY_RECORD result after an initial use of | |
| 885 | + * librpz_rsp_result() or librpz_itr_node() or after a previous use of | |
| 886 | + * librpz_rsp_rr(). The RR is in uncompressed wire format including type, | |
| 887 | + * class, ttl and length in network byte order. | |
| 888 | + * @param[out] emsg | |
| 889 | + * @param[out] typep: optional host byte order record type or ns_t_invalid (0) | |
| 890 | + * @param[out] classp: class such as ns_c_in | |
| 891 | + * @param[out] ttlp: TTL | |
| 892 | + * @param[out] rrp: optionall malloc() buffer containting the next RR or | |
| 893 | + * NULL after the last RR | |
| 894 | + * @param[out] result: current policy rewrite values | |
| 895 | + * @param qname: used construct a wildcard CNAME | |
| 896 | + * @param qname_size | |
| 897 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 898 | + * @return false on error | |
| 899 | + */ | |
| 900 | +typedef bool (librpz_rsp_rr_t)(librpz_emsg_t *emsg, uint16_t *typep, | |
| 901 | + uint16_t *classp, uint32_t *ttlp, | |
| 902 | + librpz_rr_t **rrp, librpz_result_t *result, | |
| 903 | + const uint8_t *qname, size_t qname_size, | |
| 904 | + librpz_rsp_t *rsp); | |
| 905 | +LIBDEF_F(rsp_rr) | |
| 906 | + | |
| 907 | +/** | |
| 908 | + * Get the next RR of the LIBRPZ_POLICY_RECORD result. | |
| 909 | + * @param[out] emsg | |
| 910 | + * @param[out] ttlp: TTL | |
| 911 | + * @param[out] rrp: malloc() buffer with SOA RR without owner name | |
| 912 | + * @param[out] result: current policy rewrite values | |
| 913 | + * @param[out] origin: SOA owner name | |
| 914 | + * @param[out] origin_size | |
| 915 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 916 | + * @return false on error | |
| 917 | + */ | |
| 918 | +typedef bool (librpz_rsp_soa_t)(librpz_emsg_t *emsg, uint32_t *ttlp, | |
| 919 | + librpz_rr_t **rrp, librpz_domain_buf_t *origin, | |
| 920 | + librpz_result_t *result, librpz_rsp_t *rsp); | |
| 921 | +LIBDEF_F(rsp_soa) | |
| 922 | + | |
| 923 | +/** | |
| 924 | + * Get the SOA serial number for a policy zone to compare with a known value | |
| 925 | + * to check whether a zone tranfer is complete. | |
| 926 | + */ | |
| 927 | +typedef bool (librpz_soa_serial_t)(librpz_emsg_t *emsg, uint32_t *serialp, | |
| 928 | + const char *domain_nm, librpz_rsp_t *rsp); | |
| 929 | +LIBDEF_F(soa_serial) | |
| 930 | + | |
| 931 | +/** | |
| 932 | + * Save the current policy checking state. | |
| 933 | + * @param[out] emsg | |
| 934 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 935 | + * @return false on error | |
| 936 | + */ | |
| 937 | +typedef bool (librpz_rsp_push_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); | |
| 938 | +LIBDEF_F(rsp_push) | |
| 939 | +#define LIBRPZ_RSP_STACK_DEPTH 3 | |
| 940 | + | |
| 941 | +/** | |
| 942 | + * Restore the previous policy checking state. | |
| 943 | + * @param[out] emsg | |
| 944 | + * @param[out] result: NULL or restored policy rewrite values | |
| 945 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 946 | + * @return false on error | |
| 947 | + */ | |
| 948 | +typedef bool (librpz_rsp_pop_t)(librpz_emsg_t *emsg, librpz_result_t *result, | |
| 949 | + librpz_rsp_t *rsp); | |
| 950 | +LIBDEF_F(rsp_pop) | |
| 951 | + | |
| 952 | +/** | |
| 953 | + * Discard the most recently save policy checking state. | |
| 954 | + * @param[out] emsg | |
| 955 | + * @param[out] result: NULL or restored policy rewrite values | |
| 956 | + * @return false on error | |
| 957 | + */ | |
| 958 | +typedef bool (librpz_rsp_pop_discard_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); | |
| 959 | +LIBDEF_F(rsp_pop_discard) | |
| 960 | + | |
| 961 | +/** | |
| 962 | + * Disable a zone. | |
| 963 | + * @param[out] emsg | |
| 964 | + * @param znum | |
| 965 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 966 | + * @return false on error | |
| 967 | + */ | |
| 968 | +typedef bool (librpz_rsp_forget_zone_t)(librpz_emsg_t *emsg, | |
| 969 | + librpz_cznum_t znum, librpz_rsp_t *rsp); | |
| 970 | +LIBDEF_F(rsp_forget_zone) | |
| 971 | + | |
| 972 | +/** | |
| 973 | + * Apply RPZ to an IP address. | |
| 974 | + * @param[out] emsg | |
| 975 | + * @param addr: address to check | |
| 976 | + * @param ipv6: true for 16 byte IPv6 instead of 4 byte IPv4 | |
| 977 | + * @param trig LIBRPZ_TRIG_CLIENT_IP, LIBRPZ_TRIG_IP, or LIBRPZ_TRIG_NSIP | |
| 978 | + * @param hit_id: caller chosen | |
| 979 | + * @param recursed: recursion has been done | |
| 980 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 981 | + * @return false on error | |
| 982 | + */ | |
| 983 | +typedef bool (librpz_ck_ip_t)(librpz_emsg_t *emsg, | |
| 984 | + const void *addr, uint family, | |
| 985 | + librpz_trig_t trig, librpz_result_id_t hit_id, | |
| 986 | + bool recursed, librpz_rsp_t *rsp); | |
| 987 | +LIBDEF_F(ck_ip) | |
| 988 | + | |
| 989 | +/** | |
| 990 | + * Apply RPZ to a wire-format domain. | |
| 991 | + * @param[out] emsg | |
| 992 | + * @param domain in wire format | |
| 993 | + * @param domain_size | |
| 994 | + * @param trig LIBRPZ_TRIG_QNAME or LIBRPZ_TRIG_NSDNAME | |
| 995 | + * @param hit_id: caller chosen | |
| 996 | + * @param recursed: recursion has been done | |
| 997 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 998 | + * @return false on error | |
| 999 | + */ | |
| 1000 | +typedef bool (librpz_ck_domain_t)(librpz_emsg_t *emsg, | |
| 1001 | + const uint8_t *domain, size_t domain_size, | |
| 1002 | + librpz_trig_t trig, librpz_result_id_t hit_id, | |
| 1003 | + bool recursed, librpz_rsp_t *rsp); | |
| 1004 | +LIBDEF_F(ck_domain) | |
| 1005 | + | |
| 1006 | +/** | |
| 1007 | + * Ask dnsrpzd to refresh a zone. | |
| 1008 | + * @param[out] emsg error message | |
| 1009 | + * @param librpz_domain_t domain to refresh | |
| 1010 | + * @param client context | |
| 1011 | + * @return false after error | |
| 1012 | + */ | |
| 1013 | +typedef bool (librpz_zone_refresh_t)(librpz_emsg_t *emsg, const char *domain, | |
| 1014 | + librpz_rsp_t *rsp); | |
| 1015 | +LIBDEF_F(zone_refresh) | |
| 1016 | + | |
| 1017 | +/** | |
| 1018 | + * Get a string describing the the databasse | |
| 1019 | + * @param license: include the license | |
| 1020 | + * @param cfiles: include the configuration file names | |
| 1021 | + * @param listens: include the local notify IP addresses | |
| 1022 | + * @param[out] emsg error message if the result is null | |
| 1023 | + * @param client context | |
| 1024 | + * @return malloc'ed string or NULL after error | |
| 1025 | + */ | |
| 1026 | +typedef char *(librpz_db_info_t)(librpz_emsg_t *emsg, | |
| 1027 | + bool license, bool cfiles, bool listens, | |
| 1028 | + librpz_rsp_t *rsp); | |
| 1029 | +LIBDEF_F(db_info) | |
| 1030 | + | |
| 1031 | +/** | |
| 1032 | + * Start a context for listing the nodes and/or zones in the mapped file | |
| 1033 | + * @param[out] emsg: error message for false return or *rspp=NULL | |
| 1034 | + * @param[out[ rspp created context or NULL | |
| 1035 | + * @param client context | |
| 1036 | + * @return false after error | |
| 1037 | + */ | |
| 1038 | +typedef bool (librpz_itr_start_t)(librpz_emsg_t *emsg, librpz_rsp_t **rspp, | |
| 1039 | + librpz_client_t *client); | |
| 1040 | +LIBDEF_F(itr_start) | |
| 1041 | + | |
| 1042 | +/** | |
| 1043 | + * Get mapped file memory allocation statistics. | |
| 1044 | + * @param[out] emsg: error message | |
| 1045 | + * @param rsp state from librpz_itr_start() | |
| 1046 | + * @return malloc'ed string or NULL after error | |
| 1047 | + */ | |
| 1048 | +typedef char *(librpz_mf_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); | |
| 1049 | +LIBDEF_F(mf_stats) | |
| 1050 | + | |
| 1051 | +/** | |
| 1052 | + * Get versions currently used by clients. | |
| 1053 | + * @param[out] emsg: error message | |
| 1054 | + * @param[in,out] rsp: state from librpz_itr_start() | |
| 1055 | + * @return malloc'ed string or NULL after error | |
| 1056 | + */ | |
| 1057 | +typedef char *(librpz_vers_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); | |
| 1058 | +LIBDEF_F(vers_stats) | |
| 1059 | + | |
| 1060 | +/** | |
| 1061 | + * Allocate a string describing the next zone or "" after the last zone. | |
| 1062 | + * @param[out] emsg | |
| 1063 | + * @param all_zones to list all instead of only requested zones | |
| 1064 | + * @param[in,out] rsp state from librpz_rsp_start() | |
| 1065 | + * @return malloc'ed string or NULL after error | |
| 1066 | + */ | |
| 1067 | +typedef char *(librpz_itr_zone_t)(librpz_emsg_t *emsg, bool all_zones, | |
| 1068 | + librpz_rsp_t *rsp); | |
| 1069 | +LIBDEF_F(itr_zone) | |
| 1070 | + | |
| 1071 | +/** | |
| 1072 | + * Describe the next trie node while dumping the database. | |
| 1073 | + * @param[out] emsg | |
| 1074 | + * @param[out] result describes node | |
| 1075 | + * or result->policy=LIBRPZ_POLICY_UNDEFINED after the last node. | |
| 1076 | + * @param all_zones to list all instead of only requested zones | |
| 1077 | + * @param[in,out] rsp state from librpz_itr_start() | |
| 1078 | + * @return: false on error | |
| 1079 | + */ | |
| 1080 | +typedef bool (librpz_itr_node_t)(librpz_emsg_t *emsg, librpz_result_t *result, | |
| 1081 | + bool all_zones, librpz_rsp_t *rsp); | |
| 1082 | +LIBDEF_F(itr_node) | |
| 1083 | + | |
| 1084 | +/** | |
| 1085 | + * RPZ policy to string with a backup buffer of POLICY2STR_SIZE size | |
| 1086 | + */ | |
| 1087 | +typedef const char *(librpz_policy2str_t)(librpz_policy_t policy, | |
| 1088 | + char *buf, size_t buf_size); | |
| 1089 | +#define POLICY2STR_SIZE sizeof("policy xxxxxx") | |
| 1090 | +LIBDEF_F(policy2str) | |
| 1091 | + | |
| 1092 | +/** | |
| 1093 | + * Trigger type to string. | |
| 1094 | + */ | |
| 1095 | +typedef const char *(librpz_trig2str_t)(librpz_trig_t trig); | |
| 1096 | +LIBDEF_F(trig2str) | |
| 1097 | + | |
| 1098 | +/** | |
| 1099 | + * Convert a number of seconds to a zone file duration string | |
| 1100 | + */ | |
| 1101 | +typedef const char *(librpz_secs2str_t)(time_t secs, | |
| 1102 | + char *buf, size_t buf_size); | |
| 1103 | +#define SECS2STR_SIZE sizeof("1234567w7d24h59m59s") | |
| 1104 | +LIBDEF_F(secs2str) | |
| 1105 | + | |
| 1106 | +/** | |
| 1107 | + * Parse a duration with 's', 'm', 'h', 'd', and 'w' units. | |
| 1108 | + */ | |
| 1109 | +typedef bool (librpz_str2secs_t)(librpz_emsg_t *emsg, time_t *val, | |
| 1110 | + const char *str0); | |
| 1111 | +LIBDEF_F(str2secs) | |
| 1112 | + | |
| 1113 | +/** | |
| 1114 | + * Translate selected rtypes to strings | |
| 1115 | + */ | |
| 1116 | +typedef const char *(librpz_rtype2str_t)(uint type, char *buf, size_t buf_size); | |
| 1117 | +#define RTYPE2STR_SIZE sizeof("type xxxxx") | |
| 1118 | +LIBDEF_F(rtype2str) | |
| 1119 | + | |
| 1120 | +/** | |
| 1121 | + * Local version of ns_name_ntop() for portability. | |
| 1122 | + */ | |
| 1123 | +typedef int (librpz_domain_ntop_t)(const u_char *src, char *dst, size_t dstsiz); | |
| 1124 | +LIBDEF_F(domain_ntop) | |
| 1125 | + | |
| 1126 | +/** | |
| 1127 | + * Local version of ns_name_pton(). | |
| 1128 | + */ | |
| 1129 | +typedef int (librpz_domain_pton2_t)(const char *src, u_char *dst, size_t dstsiz, | |
| 1130 | + size_t *dstlen, bool lower); | |
| 1131 | +LIBDEF_F(domain_pton2) | |
| 1132 | + | |
| 1133 | +typedef union socku socku_t; | |
| 1134 | +typedef socku_t *(librpz_mk_inet_su_t)(socku_t *su, const struct in_addr *addrp, | |
| 1135 | + in_port_t port); | |
| 1136 | +LIBDEF_F(mk_inet_su) | |
| 1137 | + | |
| 1138 | +typedef socku_t *(librpz_mk_inet6_su_t)(socku_t *su, const | |
| 1139 | + struct in6_addr *addrp, | |
| 1140 | + uint32_t scope_id, in_port_t port); | |
| 1141 | +LIBDEF_F(mk_inet6_su) | |
| 1142 | + | |
| 1143 | +typedef bool (librpz_str2su_t)(socku_t *sup, const char *str); | |
| 1144 | +LIBDEF_F(str2su) | |
| 1145 | + | |
| 1146 | +typedef char *(librpz_su2str_t)(char *str, size_t str_len, const socku_t *su); | |
| 1147 | +LIBDEF_F(su2str) | |
| 1148 | +#define SU2STR_SIZE (INET6_ADDRSTRLEN+1+6+1) | |
| 1149 | + | |
| 1150 | + | |
| 1151 | +/** | |
| 1152 | + * default path to dnsrpzd | |
| 1153 | + */ | |
| 1154 | +const char *librpz_dnsrpzd_path; | |
| 1155 | + | |
| 1156 | + | |
| 1157 | +#undef LIBDEF | |
| 1158 | + | |
| 1159 | +/* | |
| 1160 | + * This is the dlopen() interface to librpz. | |
| 1161 | + */ | |
| 1162 | +typedef const struct { | |
| 1163 | + const char *dnsrpzd_path; | |
| 1164 | + const char *version; | |
| 1165 | + librpz_parse_log_opt_t *parse_log_opt; | |
| 1166 | + librpz_log_level_val_t *log_level_val; | |
| 1167 | + librpz_set_log_t *set_log; | |
| 1168 | + librpz_vpemsg_t *vpemsg; | |
| 1169 | + librpz_pemsg_t *pemsg; | |
| 1170 | + librpz_vlog_t *vlog; | |
| 1171 | + librpz_log_t *log; | |
| 1172 | + librpz_fatal_t *fatal LIBRPZ_NORET; | |
| 1173 | + librpz_rpz_assert_t *rpz_assert LIBRPZ_NORET; | |
| 1174 | + librpz_rpz_vassert_t *rpz_vassert LIBRPZ_NORET; | |
| 1175 | + librpz_clist_create_t *clist_create; | |
| 1176 | + librpz_clist_detach_t *clist_detach; | |
| 1177 | + librpz_client_create_t *client_create; | |
| 1178 | + librpz_connect_t *connect; | |
| 1179 | + librpz_client_detach_t *client_detach; | |
| 1180 | + librpz_rsp_create_t *rsp_create; | |
| 1181 | + librpz_rsp_detach_t *rsp_detach; | |
| 1182 | + librpz_rsp_result_t *rsp_result; | |
| 1183 | + librpz_have_trig_t *have_trig; | |
| 1184 | + librpz_have_ns_trig_t *have_ns_trig; | |
| 1185 | + librpz_rsp_clientip_prefix_t *rsp_clientip_prefix; | |
| 1186 | + librpz_rsp_domain_t *rsp_domain; | |
| 1187 | + librpz_rsp_rr_t *rsp_rr; | |
| 1188 | + librpz_rsp_soa_t *rsp_soa; | |
| 1189 | + librpz_soa_serial_t *soa_serial; | |
| 1190 | + librpz_rsp_push_t *rsp_push; | |
| 1191 | + librpz_rsp_pop_t *rsp_pop; | |
| 1192 | + librpz_rsp_pop_discard_t *rsp_pop_discard; | |
| 1193 | + librpz_rsp_forget_zone_t *rsp_forget_zone; | |
| 1194 | + librpz_ck_ip_t *ck_ip; | |
| 1195 | + librpz_ck_domain_t *ck_domain; | |
| 1196 | + librpz_zone_refresh_t *zone_refresh; | |
| 1197 | + librpz_db_info_t *db_info; | |
| 1198 | + librpz_itr_start_t *itr_start; | |
| 1199 | + librpz_mf_stats_t *mf_stats; | |
| 1200 | + librpz_vers_stats_t *vers_stats; | |
| 1201 | + librpz_itr_zone_t *itr_zone; | |
| 1202 | + librpz_itr_node_t *itr_node; | |
| 1203 | + librpz_policy2str_t *policy2str; | |
| 1204 | + librpz_trig2str_t *trig2str; | |
| 1205 | + librpz_secs2str_t *secs2str; | |
| 1206 | + librpz_str2secs_t *str2secs; | |
| 1207 | + librpz_rtype2str_t *rtype2str; | |
| 1208 | + librpz_domain_ntop_t *domain_ntop; | |
| 1209 | + librpz_domain_pton2_t *domain_pton2; | |
| 1210 | + librpz_mk_inet_su_t *mk_inet_su; | |
| 1211 | + librpz_mk_inet6_su_t *mk_inet6_su; | |
| 1212 | + librpz_str2su_t *str2su; | |
| 1213 | + librpz_su2str_t *su2str; | |
| 1214 | +} librpz_0_t; | |
| 1215 | +extern librpz_0_t librpz_def_0; | |
| 1216 | + | |
| 1217 | +/* | |
| 1218 | + * Future versions can be upward compatible by defining LIBRPZ_DEF as | |
| 1219 | + * librpz_X_t. | |
| 1220 | + */ | |
| 1221 | +#define LIBRPZ_DEF librpz_def_0 | |
| 1222 | +#define LIBRPZ_DEF_STR "librpz_def_0" | |
| 1223 | + | |
| 1224 | +typedef librpz_0_t librpz_t; | |
| 1225 | +extern librpz_t *librpz; | |
| 1226 | + | |
| 1227 | + | |
| 1228 | +#if LIBRPZ_LIB_OPEN == 2 | |
| 1229 | +#include <dlfcn.h> | |
| 1230 | + | |
| 1231 | +/** | |
| 1232 | + * link-load librpz | |
| 1233 | + * @param[out] emsg: error message | |
| 1234 | + * @param[in,out] dl_handle: NULL or pointer to new dlopen handle | |
| 1235 | + * @param[in] path: librpz.so path | |
| 1236 | + * @return address of interface structure or NULL on failure | |
| 1237 | + */ | |
| 1238 | +static inline librpz_t * | |
| 1239 | +librpz_lib_open(librpz_emsg_t *emsg, void **dl_handle, const char *path) | |
| 1240 | +{ | |
| 1241 | + void *handle; | |
| 1242 | + librpz_t *new_librpz; | |
| 1243 | + | |
| 1244 | + emsg->c[0] = '\0'; | |
| 1245 | + | |
| 1246 | + /* | |
| 1247 | + * Close a previously opened handle on librpz.so. | |
| 1248 | + */ | |
| 1249 | + if (dl_handle != NULL && *dl_handle != NULL) { | |
| 1250 | + if (dlclose(*dl_handle) != 0) { | |
| 1251 | + snprintf(emsg->c, sizeof(librpz_emsg_t), | |
| 1252 | + "dlopen(NULL): %s", dlerror()); | |
| 1253 | + return (NULL); | |
| 1254 | + } | |
| 1255 | + *dl_handle = NULL; | |
| 1256 | + } | |
| 1257 | + | |
| 1258 | + /* | |
| 1259 | + * First try the main executable of the process in case it was | |
| 1260 | + * linked to librpz. | |
| 1261 | + * Do not worry if we cannot search the main executable of the process. | |
| 1262 | + */ | |
| 1263 | + handle = dlopen(NULL, RTLD_NOW | RTLD_LOCAL); | |
| 1264 | + if (handle != NULL) { | |
| 1265 | + new_librpz = dlsym(handle, LIBRPZ_DEF_STR); | |
| 1266 | + if (new_librpz != NULL) { | |
| 1267 | + if (dl_handle != NULL) | |
| 1268 | + *dl_handle = handle; | |
| 1269 | + return (new_librpz); | |
| 1270 | + } | |
| 1271 | + if (dlclose(handle) != 0) { | |
| 1272 | + snprintf(emsg->c, sizeof(librpz_emsg_t), | |
| 1273 | + "dlsym(NULL, "LIBRPZ_DEF_STR"): %s", | |
| 1274 | + dlerror()); | |
| 1275 | + return (NULL); | |
| 1276 | + } | |
| 1277 | + } | |
| 1278 | + | |
| 1279 | + if (path == NULL || path[0] == '\0') { | |
| 1280 | + snprintf(emsg->c, sizeof(librpz_emsg_t), | |
| 1281 | + "librpz not linked and no dlopen() path provided"); | |
| 1282 | + return (NULL); | |
| 1283 | + } | |
| 1284 | + | |
| 1285 | + handle = dlopen(path, RTLD_NOW | RTLD_LOCAL); | |
| 1286 | + if (handle == NULL) { | |
| 1287 | + snprintf(emsg->c, sizeof(librpz_emsg_t), "dlopen(%s): %s", | |
| 1288 | + path, dlerror()); | |
| 1289 | + return (NULL); | |
| 1290 | + } | |
| 1291 | + new_librpz = dlsym(handle, LIBRPZ_DEF_STR); | |
| 1292 | + if (new_librpz != NULL) { | |
| 1293 | + if (dl_handle != NULL) | |
| 1294 | + *dl_handle = handle; | |
| 1295 | + return (new_librpz); | |
| 1296 | + } | |
| 1297 | + snprintf(emsg->c, sizeof(librpz_emsg_t), | |
| 1298 | + "dlsym(%s, "LIBRPZ_DEF_STR"): %s", | |
| 1299 | + path, dlerror()); | |
| 1300 | + dlclose(handle); | |
| 1301 | + return (NULL); | |
| 1302 | +} | |
| 1303 | + | |
| 1304 | +#elif defined(LIBRPZ_LIB_OPEN) | |
| 1305 | + | |
| 1306 | +/* | |
| 1307 | + * Statically link to the librpz.so DSO on systems without dlopen() | |
| 1308 | + */ | |
| 1309 | +static inline librpz_t * | |
| 1310 | +librpz_lib_open(librpz_emsg_t *emsg, void **dl_handle, const char *path) | |
| 1311 | +{ | |
| 1312 | + (void)(path); | |
| 1313 | + | |
| 1314 | + if (dl_handle != NULL) | |
| 1315 | + *dl_handle = NULL; | |
| 1316 | + | |
| 1317 | +#if LIBRPZ_LIB_OPEN == 1 | |
| 1318 | + emsg->c[0] = '\0'; | |
| 1319 | + return (&LIBRPZ_DEF); | |
| 1320 | +#else | |
| 1321 | + snprintf(emsg->c, sizeof(librpz_emsg_t), | |
| 1322 | + "librpz not available via ./configure"); | |
| 1323 | + return (NULL); | |
| 1324 | +#endif /* LIBRPZ_LIB_OPEN */ | |
| 1325 | +} | |
| 1326 | +#endif /* LIBRPZ_LIB_OPEN */ | |
| 1327 | + | |
| 1328 | +#endif /* LIBRPZ_H */ | |
| 1329 | =================================================================== | |
| 1330 | RCS file: ./fastrpz/RCS/rpz.c,v | |
| 1331 | retrieving revision 1.1 | |
| 1332 | diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.c | |
| 1333 | --- ./fastrpz/rpz.c | |
| 1334 | +++ ./fastrpz/rpz.c | |
| 1335 | @@ -0,0 +1,1357 @@ | |
| 1336 | +/* | |
| 1337 | + * fastrpz/rpz.c - interface to the fastrpz response policy zone library | |
| 1338 | + * | |
| 1339 | + * Optimize no-rewrite cases for speed but optimize rewriting for | |
| 1340 | + * simplicity and size. | |
| 1341 | + */ | |
| 1342 | + | |
| 1343 | +#include "config.h" | |
| 1344 | + | |
| 1345 | +#ifdef ENABLE_FASTRPZ | |
| 1346 | +#include "daemon/daemon.h" | |
| 1347 | +#define LIBRPZ_LIB_OPEN FASTRPZ_LIB_OPEN | |
| 1348 | +#include "fastrpz/rpz.h" | |
| 1349 | +#include "daemon/worker.h" | |
| 1350 | +#include "iterator/iter_delegpt.h" | |
| 1351 | +#include "iterator/iter_utils.h" | |
| 1352 | +#include "iterator/iterator.h" | |
| 1353 | +#include "util/data/dname.h" | |
| 1354 | +#include "util/data/msgencode.h" | |
| 1355 | +#include "util/data/msgparse.h" | |
| 1356 | +#include "util/data/msgreply.h" | |
| 1357 | +#include "util/log.h" | |
| 1358 | +#include "util/netevent.h" | |
| 1359 | +#include "util/net_help.h" | |
| 1360 | +#include "util/regional.h" | |
| 1361 | +#include "util/storage/slabhash.h" | |
| 1362 | +#include "services/cache/dns.h" | |
| 1363 | +#include "services/cache/rrset.h" | |
| 1364 | +#include "services/mesh.h" | |
| 1365 | +#include "sldns/sbuffer.h" | |
| 1366 | +#include "sldns/rrdef.h" | |
| 1367 | + | |
| 1368 | + | |
| 1369 | +typedef enum state { | |
| 1370 | + /* No more rewriting */ | |
| 1371 | + st_off = 1, | |
| 1372 | + /* Send SERVFAIL */ | |
| 1373 | + st_servfail, | |
| 1374 | + /* No dispositive hit yet */ | |
| 1375 | + st_unknown, | |
| 1376 | + /* Let the iterator resolve a CNAME or get a delegation point. */ | |
| 1377 | + st_iterate, | |
| 1378 | + /* Let the iterator resolve NS to check NSIP or NSDNAME triggers. */ | |
| 1379 | + st_ck_ns, | |
| 1380 | + /* We have an answer */ | |
| 1381 | + st_rewritten, | |
| 1382 | +} st_t; | |
| 1383 | + | |
| 1384 | + | |
| 1385 | +/* RPZ state pointed to by struct comm_reply */ | |
| 1386 | +typedef struct commreply_rpz { | |
| 1387 | + /* librpz state */ | |
| 1388 | + librpz_rsp_t* rsp; | |
| 1389 | + /* ID for log messages */ | |
| 1390 | + int log_id; | |
| 1391 | + | |
| 1392 | + /* from configuration */ | |
| 1393 | + int min_ns_dots; | |
| 1394 | + | |
| 1395 | + /* Running in the iterator */ | |
| 1396 | + bool iterating; | |
| 1397 | + | |
| 1398 | + /* current and previous state and librpz result */ | |
| 1399 | + st_t st; | |
| 1400 | + st_t saved_st[LIBRPZ_RSP_STACK_DEPTH-1]; | |
| 1401 | + librpz_result_t result; | |
| 1402 | + | |
| 1403 | + /* Stop adding CNAMEs to the prepend list before this owner name. */ | |
| 1404 | + librpz_domain_buf_t cname_hit; | |
| 1405 | + /* It is not the first CNAME */ | |
| 1406 | + bool cname_hit_2nd; | |
| 1407 | + librpz_result_id_t hit_id; | |
| 1408 | +} commreply_rpz_t; | |
| 1409 | + | |
| 1410 | + | |
| 1411 | +/* Generate an ID for log messages. */ | |
| 1412 | +static int log_id; | |
| 1413 | + | |
| 1414 | +librpz_t *librpz; | |
| 1415 | + | |
| 1416 | + | |
| 1417 | +static void LIBRPZ_NORET | |
| 1418 | +rpz_assert(const char *s) | |
| 1419 | +{ | |
| 1420 | + fatal_exit("%s", s); | |
| 1421 | + exit(1); | |
| 1422 | +} | |
| 1423 | +#define RPZ_ASSERT(c) ((c) ? (void)0 : rpz_assert(#c), (void)0) | |
| 1424 | + | |
| 1425 | +/* | |
| 1426 | + * librpz client handle locking | |
| 1427 | + */ | |
| 1428 | +static void | |
| 1429 | +lock_destroy(void* mutex) | |
| 1430 | +{ | |
| 1431 | + lock_basic_destroy(mutex); | |
| 1432 | + free(mutex); | |
| 1433 | +} | |
| 1434 | + | |
| 1435 | +static void | |
| 1436 | +lock(void* mutex) | |
| 1437 | +{ | |
| 1438 | + lock_basic_lock(mutex); | |
| 1439 | +} | |
| 1440 | + | |
| 1441 | +static void | |
| 1442 | +unlock(void* mutex) | |
| 1443 | +{ | |
| 1444 | + lock_basic_unlock(mutex); | |
| 1445 | +} | |
| 1446 | + | |
| 1447 | + | |
| 1448 | +static void | |
| 1449 | +log_fnc(librpz_log_level_t level, void* ATTR_UNUSED(ctx), const char* buf) | |
| 1450 | +{ | |
| 1451 | + char label_buf[sizeof("rpz ")+8]; | |
| 1452 | + | |
| 1453 | + /* Setting librpz_log_level overrides the unbound "verbose" level. */ | |
| 1454 | + if(level > LIBRPZ_LOG_TRACE1 && | |
| 1455 | + level <= librpz->log_level_val(LIBRPZ_LOG_INVALID)) | |
| 1456 | + level = LIBRPZ_LOG_TRACE1; | |
| 1457 | + | |
| 1458 | + switch(level) { | |
| 1459 | + case LIBRPZ_LOG_FATAL: | |
| 1460 | + case LIBRPZ_LOG_ERROR: /* errors */ | |
| 1461 | + default: | |
| 1462 | + log_err("rpz: %s", buf); | |
| 1463 | + break; | |
| 1464 | + | |
| 1465 | + case LIBRPZ_LOG_TRACE1: /* big events such as dnsrpzd starts */ | |
| 1466 | + verbose(VERB_OPS, "rpz: %s", buf); | |
| 1467 | + break; | |
| 1468 | + | |
| 1469 | + case LIBRPZ_LOG_TRACE2: /* smaller dnsrpzd zone transfers */ | |
| 1470 | + verbose(VERB_DETAIL, "rpz: %s", buf); | |
| 1471 | + break; | |
| 1472 | + | |
| 1473 | + case LIBRPZ_LOG_TRACE3: /* librpz hits */ | |
| 1474 | + verbose(VERB_QUERY, "rpz: %s", buf); | |
| 1475 | + break; | |
| 1476 | + | |
| 1477 | + case LIBRPZ_LOG_TRACE4: /* librpz lookups */ | |
| 1478 | + verbose(VERB_CLIENT, "rpz: %s", buf); | |
| 1479 | + break; | |
| 1480 | + } | |
| 1481 | +} | |
| 1482 | + | |
| 1483 | + | |
| 1484 | +/* Release the librpz version. */ | |
| 1485 | +static void | |
| 1486 | +rpz_off(commreply_rpz_t* rpz, st_t st) | |
| 1487 | +{ | |
| 1488 | + if(!rpz) | |
| 1489 | + return; | |
| 1490 | + rpz->st = st; | |
| 1491 | + librpz->rsp_detach(&rpz->rsp); | |
| 1492 | +} | |
| 1493 | + | |
| 1494 | + | |
| 1495 | +static void LIBRPZ_PF(2,3) | |
| 1496 | +log_fail(commreply_rpz_t* rpz, const char* p, ...) | |
| 1497 | +{ | |
| 1498 | + va_list args; | |
| 1499 | + | |
| 1500 | + if(rpz->st == st_servfail) | |
| 1501 | + return; | |
| 1502 | + | |
| 1503 | + va_start(args, p); | |
| 1504 | + librpz->vlog(LIBRPZ_LOG_ERROR, rpz, p, args); | |
| 1505 | + va_end(args); | |
| 1506 | + if(!rpz) | |
| 1507 | + return; | |
| 1508 | + rpz_off(rpz, st_servfail); | |
| 1509 | +} | |
| 1510 | + | |
| 1511 | + | |
| 1512 | +/* Announce a rewrite. */ | |
| 1513 | +static void | |
| 1514 | +log_rewrite(uint8_t* qname, librpz_policy_t policy, const char* msg, | |
| 1515 | + commreply_rpz_t* rpz) | |
| 1516 | +{ | |
| 1517 | + char policy_buf[POLICY2STR_SIZE]; | |
| 1518 | + char qname_nm[LDNS_MAX_DOMAINLEN+1]; | |
| 1519 | + librpz_domain_buf_t tdomain; | |
| 1520 | + char tdomain_nm[LDNS_MAX_DOMAINLEN+1]; | |
| 1521 | + librpz_emsg_t emsg; | |
| 1522 | + | |
| 1523 | + if(rpz->st == st_servfail || !rpz->result.log) | |
| 1524 | + return; | |
| 1525 | + if(librpz->log_level_val(LIBRPZ_LOG_INVALID) < LIBRPZ_LOG_TRACE1) | |
| 1526 | + return; | |
| 1527 | + | |
| 1528 | + dname_str(qname, qname_nm); | |
| 1529 | + | |
| 1530 | + if(!librpz->rsp_domain(&emsg, &tdomain, rpz->rsp)) { | |
| 1531 | + librpz->log(LIBRPZ_LOG_ERROR, rpz, "%s", emsg.c); | |
| 1532 | + return; | |
| 1533 | + } | |
| 1534 | + dname_str(tdomain.d, tdomain_nm); | |
| 1535 | + | |
| 1536 | + librpz->log(LIBRPZ_LOG_TRACE3, rpz, "%srewriting %s via %s %s to %s", | |
| 1537 | + msg, qname_nm, tdomain_nm, | |
| 1538 | + librpz->trig2str(rpz->result.trig), | |
| 1539 | + librpz->policy2str(policy, policy_buf, | |
| 1540 | + sizeof(policy_buf))); | |
| 1541 | +} | |
| 1542 | + | |
| 1543 | + | |
| 1544 | +/* Connect to and start dnsrpzd if necessary for the unbound daemon. | |
| 1545 | + * Require "rpz-conf: path" to specify the rpz configuration file. | |
| 1546 | + * The unbound server directory name is the default rpz working | |
| 1547 | + * directory. If unbound uses chroot, then the dnsrpzd working | |
| 1548 | + * directory must be in the chroot tree. | |
| 1549 | + * The database and socket are closed and re-opened. | |
| 1550 | + */ | |
| 1551 | +void | |
| 1552 | +rpz_init(librpz_clist_t** pclist, librpz_client_t** pclient, | |
| 1553 | + const struct config_file* cfg) | |
| 1554 | +{ | |
| 1555 | + lock_basic_type* mutex; | |
| 1556 | + librpz_emsg_t emsg; | |
| 1557 | + | |
| 1558 | + if(!librpz) { | |
| 1559 | + librpz = librpz_lib_open(&emsg, NULL, FASTRPZ_LIBRPZ_PATH); | |
| 1560 | + if(!librpz) | |
| 1561 | + fatal_exit("rpz: %s", emsg.c); | |
| 1562 | + } | |
| 1563 | + | |
| 1564 | + librpz->set_log(&log_fnc, NULL); | |
| 1565 | + | |
| 1566 | + if(!cfg->rpz_cstr) | |
| 1567 | + fatal_exit("rpz: rpz-zone: not set"); | |
| 1568 | + | |
| 1569 | + librpz->client_detach(pclient); | |
| 1570 | + librpz->clist_detach(pclist); | |
| 1571 | + | |
| 1572 | + mutex = malloc(sizeof(*mutex)); | |
| 1573 | + if(!mutex) | |
| 1574 | + fatal_exit("rpz: no memory for lock"); | |
| 1575 | + lock_basic_init(mutex); | |
| 1576 | + | |
| 1577 | + *pclist = librpz->clist_create(&emsg, &lock, &unlock, &lock_destroy, | |
| 1578 | + mutex, NULL); | |
| 1579 | + if(!pclist) | |
| 1580 | + fatal_exit("rpz: %s", emsg.c); | |
| 1581 | + | |
| 1582 | + *pclient = librpz->client_create(&emsg, *pclist, cfg->rpz_cstr, false); | |
| 1583 | + if(!*pclient) | |
| 1584 | + fatal_exit("rpz: %s", emsg.c); | |
| 1585 | + | |
| 1586 | + if(!librpz->connect(&emsg, *pclient, true)) | |
| 1587 | + fatal_exit("rpz: %s", emsg.c); | |
| 1588 | + | |
| 1589 | + verbose(VERB_OPS, "rpz: librpz version %s", librpz->version); | |
| 1590 | +} | |
| 1591 | + | |
| 1592 | + | |
| 1593 | +/* Stop using librpz on behalf of a worker thread. */ | |
| 1594 | +void | |
| 1595 | +rpz_delete(librpz_clist_t** pclist, librpz_client_t** pclient) | |
| 1596 | +{ | |
| 1597 | + if(librpz) { | |
| 1598 | + librpz->client_detach(pclient); | |
| 1599 | + librpz->clist_detach(pclist); | |
| 1600 | + } | |
| 1601 | +} | |
| 1602 | + | |
| 1603 | + | |
| 1604 | +/* Release the librpz resources held for a DNS client request. */ | |
| 1605 | +void | |
| 1606 | +rpz_end(struct comm_reply* commreply) | |
| 1607 | +{ | |
| 1608 | + if(!commreply->rpz) | |
| 1609 | + return; | |
| 1610 | + rpz_off(commreply->rpz, commreply->rpz->st); | |
| 1611 | + free(commreply->rpz); | |
| 1612 | + commreply->rpz = NULL; | |
| 1613 | +} | |
| 1614 | + | |
| 1615 | + | |
| 1616 | +static bool | |
| 1617 | +push_st(commreply_rpz_t* rpz) | |
| 1618 | +{ | |
| 1619 | + librpz_emsg_t emsg; | |
| 1620 | + | |
| 1621 | + if(rpz->st == st_off || rpz->st == st_servfail) { | |
| 1622 | + librpz->log(LIBRPZ_LOG_ERROR, rpz, | |
| 1623 | + "state %d in push_st()", rpz->st); | |
| 1624 | + return false; | |
| 1625 | + } | |
| 1626 | + if(!librpz->rsp_push(&emsg, rpz->rsp)) | |
| 1627 | + log_fail(rpz, "%s", emsg.c); | |
| 1628 | + memmove(&rpz->saved_st[1], &rpz->saved_st[0], | |
| 1629 | + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); | |
| 1630 | + rpz->saved_st[0] = rpz->st; | |
| 1631 | + return rpz->st != st_servfail; | |
| 1632 | +} | |
| 1633 | + | |
| 1634 | + | |
| 1635 | +static bool | |
| 1636 | +pop_st(commreply_rpz_t* rpz) | |
| 1637 | +{ | |
| 1638 | + librpz_emsg_t emsg; | |
| 1639 | + | |
| 1640 | + if(rpz->rsp && !librpz->rsp_pop(&emsg, &rpz->result, rpz->rsp)) | |
| 1641 | + log_fail(rpz, "%s", emsg.c); | |
| 1642 | + if(rpz->st != st_servfail) | |
| 1643 | + rpz->st = rpz->saved_st[0]; | |
| 1644 | + memmove(&rpz->saved_st[0], &rpz->saved_st[1], | |
| 1645 | + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); | |
| 1646 | + return rpz->st != st_servfail; | |
| 1647 | +} | |
| 1648 | + | |
| 1649 | +static bool | |
| 1650 | +pop_discard_st(commreply_rpz_t* rpz) | |
| 1651 | +{ | |
| 1652 | + librpz_emsg_t emsg; | |
| 1653 | + | |
| 1654 | + if(rpz->rsp && !librpz->rsp_pop_discard(&emsg, rpz->rsp)) | |
| 1655 | + log_fail(rpz, "%s", emsg.c); | |
| 1656 | + memmove(&rpz->saved_st[0], &rpz->saved_st[1], | |
| 1657 | + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); | |
| 1658 | + return rpz->st != st_servfail; | |
| 1659 | +} | |
| 1660 | + | |
| 1661 | +/* Check a rewrite attempt for errors and a disabled zone. */ | |
| 1662 | +static bool /* true=repeat the check */ | |
| 1663 | +ck_after(uint8_t* qname, bool recursed, librpz_trig_t trig, | |
| 1664 | + commreply_rpz_t* rpz) | |
| 1665 | +{ | |
| 1666 | + librpz_emsg_t emsg; | |
| 1667 | + | |
| 1668 | + if(rpz->st == st_servfail) | |
| 1669 | + return false; | |
| 1670 | + | |
| 1671 | + if(!librpz->rsp_result(&emsg, &rpz->result, recursed, rpz->rsp)) { | |
| 1672 | + log_fail(rpz, "%s", emsg.c); | |
| 1673 | + return false; | |
| 1674 | + } | |
| 1675 | + | |
| 1676 | + if(rpz->result.policy == LIBRPZ_POLICY_DISABLED) { | |
| 1677 | + /* Log the hit on the disabled zone, do not try the zone again, | |
| 1678 | + * and restore the state from before the check to forget the hit | |
| 1679 | + * before trying again. */ | |
| 1680 | + log_rewrite(qname, rpz->result.zpolicy, "disabled ", rpz); | |
| 1681 | + if(!librpz->rsp_forget_zone(&emsg, rpz->result.cznum, rpz->rsp)) | |
| 1682 | + log_fail(rpz, "%s", emsg.c); | |
| 1683 | + return pop_st(rpz); | |
| 1684 | + } | |
| 1685 | + | |
| 1686 | + /* Complain about and forget client-IP address hit that is not | |
| 1687 | + * dispositive. Client-IP triggers have the highest priority | |
| 1688 | + * within a policy zone, but can be overridden by any hit in a policy | |
| 1689 | + * earlier in the client's (resolver's) list of zones, including | |
| 1690 | + * policies that cannot be hit until after recursion. If we allowed | |
| 1691 | + * client-IP triggers in secondary zones, then than two DNS requests | |
| 1692 | + * that differ only in DNS client-IP addresses could properly | |
| 1693 | + * have differing results. The Unbound iterator treats identical | |
| 1694 | + * DNS requests the same regardless of DNS client-IP address. | |
| 1695 | + * struct query_info would need to be modified to have an optional | |
| 1696 | + * librpz_prefix_t containing the prefix of the client-IP address hit | |
| 1697 | + * from librpz->rsp_clientip_prefix(). Adding to struct query_info | |
| 1698 | + * would require finding and changing the many and obscure places | |
| 1699 | + * including the Unbound tests to memset(0) the struct query_info | |
| 1700 | + * that they create. */ | |
| 1701 | + if(trig == LIBRPZ_TRIG_CLIENT_IP) { | |
| 1702 | + if(rpz->result.cznum != 0) { | |
| 1703 | + log_rewrite(qname, rpz->result.policy, | |
| 1704 | + "ignore secondary ", rpz); | |
| 1705 | + if(!pop_st(rpz)) | |
| 1706 | + log_fail(rpz, "%s", emsg.c); | |
| 1707 | + return (false); | |
| 1708 | + } | |
| 1709 | + } | |
| 1710 | + | |
| 1711 | + /* Forget the state from before the check and keep the new state | |
| 1712 | + * if we do not have a hit on a disabled policy zone. */ | |
| 1713 | + pop_discard_st(rpz); | |
| 1714 | + return false; | |
| 1715 | +} | |
| 1716 | + | |
| 1717 | + | |
| 1718 | +/* Get the next RR from the policy record. */ | |
| 1719 | +static bool | |
| 1720 | +next_rr(librpz_rr_t** rrp, const uint8_t* qname, size_t qname_len, | |
| 1721 | + commreply_rpz_t* rpz) | |
| 1722 | +{ | |
| 1723 | + librpz_emsg_t emsg; | |
| 1724 | + | |
| 1725 | + if(!librpz->rsp_rr(&emsg, NULL, NULL, NULL, rrp, &rpz->result, | |
| 1726 | + qname, qname_len, rpz->rsp)) { | |
| 1727 | + log_fail(rpz, "%s", emsg.c); | |
| 1728 | + *rrp = NULL; | |
| 1729 | + return false; | |
| 1730 | + } | |
| 1731 | + return true; | |
| 1732 | +} | |
| 1733 | + | |
| 1734 | + | |
| 1735 | +static bool /* false=fatal error to be logged */ | |
| 1736 | +add_rr(struct sldns_buffer* pkt, const uint8_t* owner, size_t owner_len, | |
| 1737 | + librpz_rr_t* rr, commreply_rpz_t* rpz) | |
| 1738 | +{ | |
| 1739 | + size_t rdlength; | |
| 1740 | + | |
| 1741 | + rdlength = ntohs(rr->rdlength); | |
| 1742 | + | |
| 1743 | + if(!sldns_buffer_available(pkt, owner_len + 10 + rdlength)) { | |
| 1744 | + log_fail(rpz, "comm_reply buffer exhausted"); | |
| 1745 | + free(rr); | |
| 1746 | + return false; | |
| 1747 | + } | |
| 1748 | + sldns_buffer_write(pkt, owner, owner_len); | |
| 1749 | + /* sizeof(librpz_rr_t)=12 instead of 10 */ | |
| 1750 | + sldns_buffer_write(pkt, rr, 10 + rdlength); | |
| 1751 | + return true; | |
| 1752 | +} | |
| 1753 | + | |
| 1754 | + | |
| 1755 | +/* Convert a fake incoming DNS message to an Unbound struct dns_msg */ | |
| 1756 | +static void | |
| 1757 | +pkt2dns_msg(struct dns_msg** dnsmsg, struct sldns_buffer* pkt, | |
| 1758 | + commreply_rpz_t* rpz, struct regional* region) | |
| 1759 | +{ | |
| 1760 | + struct msg_parse* msgparse; | |
| 1761 | + | |
| 1762 | + msgparse = regional_alloc(region, sizeof(*msgparse)); | |
| 1763 | + if(!msgparse) { | |
| 1764 | + log_fail(rpz, "out of memory for msgparse"); | |
| 1765 | + *dnsmsg = NULL; | |
| 1766 | + return; | |
| 1767 | + } | |
| 1768 | + memset(msgparse, 0, sizeof(*msgparse)); | |
| 1769 | + if(parse_packet(pkt, msgparse, region) != LDNS_RCODE_NOERROR) { | |
| 1770 | + log_fail(rpz, "packet parse error"); | |
| 1771 | + *dnsmsg = NULL; | |
| 1772 | + return; | |
| 1773 | + } | |
| 1774 | + *dnsmsg = dns_alloc_msg(pkt, msgparse, region); | |
| 1775 | + if(!*dnsmsg) { | |
| 1776 | + log_fail(rpz, "dns_alloc_msg() failed"); | |
| 1777 | + *dnsmsg = NULL; | |
| 1778 | + return; | |
| 1779 | + } | |
| 1780 | + (*dnsmsg)->rep->security = sec_status_rpz_rewritten; | |
| 1781 | +} | |
| 1782 | + | |
| 1783 | + | |
| 1784 | +static bool /* false=SERVFAIL */ | |
| 1785 | +ck_ip_rrset(const void* vdata, int family, librpz_trig_t trig, | |
| 1786 | + uint8_t* qname, commreply_rpz_t* rpz) | |
| 1787 | +{ | |
| 1788 | + const struct packed_rrset_data* data; | |
| 1789 | + uint rr_n; | |
| 1790 | + size_t len; | |
| 1791 | + librpz_emsg_t emsg; | |
| 1792 | + | |
| 1793 | + data = vdata; | |
| 1794 | + | |
| 1795 | + /* Loop to ignore disabled zones. */ | |
| 1796 | + do { | |
| 1797 | + if(!push_st(rpz)) | |
| 1798 | + return false; | |
| 1799 | + for(rr_n = 0; rr_n < data->count; ++rr_n) { | |
| 1800 | + len = data->rr_len[rr_n]; | |
| 1801 | + /* Skip bogus including negative placeholding rdata. */ | |
| 1802 | + if((family == AF_INET && | |
| 1803 | + len != sizeof(struct in_addr)+2) || | |
| 1804 | + (family == AF_INET6 && | |
| 1805 | + len != sizeof(struct in6_addr)+2)) | |
| 1806 | + continue; | |
| 1807 | + if(!librpz->ck_ip(&emsg, data->rr_data[rr_n]+2, | |
| 1808 | + family, trig, rpz->hit_id, true, | |
| 1809 | + rpz->rsp)) { | |
| 1810 | + log_fail(rpz, "%s", emsg.c); | |
| 1811 | + return false; | |
| 1812 | + } | |
| 1813 | + } | |
| 1814 | + } while(ck_after(qname, true, trig, rpz)); | |
| 1815 | + return rpz->st != st_servfail; | |
| 1816 | +} | |
| 1817 | + | |
| 1818 | + | |
| 1819 | +static bool /* false=SERVFAIL */ | |
| 1820 | +ck_dname(uint8_t* dname, size_t dname_size, librpz_trig_t trig, | |
| 1821 | + uint8_t* qname, bool recursed, commreply_rpz_t* rpz) | |
| 1822 | +{ | |
| 1823 | + librpz_emsg_t emsg; | |
| 1824 | + | |
| 1825 | + /* Refuse to check the root. */ | |
| 1826 | + if(dname_is_root(dname)) | |
| 1827 | + return rpz->st != st_servfail; | |
| 1828 | + | |
| 1829 | + /* Loop to ignore disabled zones. */ | |
| 1830 | + do { | |
| 1831 | + if(!push_st(rpz)) | |
| 1832 | + return false; | |
| 1833 | + if(!librpz->ck_domain(&emsg, dname, dname_size, trig, | |
| 1834 | + rpz->hit_id, recursed, rpz->rsp)) { | |
| 1835 | + log_fail(rpz, "%s", emsg.c); | |
| 1836 | + return false; | |
| 1837 | + } | |
| 1838 | + } while(ck_after(qname, recursed, trig, rpz)); | |
| 1839 | + | |
| 1840 | + return rpz->st != st_servfail; | |
| 1841 | +} | |
| 1842 | + | |
| 1843 | + | |
| 1844 | +/* Check the IPv4 or IPv6 addresses for one NS name. */ | |
| 1845 | +static bool /* false=st_servfail */ | |
| 1846 | +ck_1nsip(uint8_t* nsname, size_t nsname_size, int family, int qtype, | |
| 1847 | + bool* have_ns, commreply_rpz_t* rpz, struct module_env* env) | |
| 1848 | +{ | |
| 1849 | + struct ub_packed_rrset_key* akey; | |
| 1850 | + | |
| 1851 | + akey = rrset_cache_lookup(env->rrset_cache, nsname, nsname_size, | |
| 1852 | + qtype, LDNS_RR_CLASS_IN, 0, 0, 0); | |
| 1853 | + if(akey) { | |
| 1854 | + *have_ns = true; | |
| 1855 | + | |
| 1856 | + if(!ck_ip_rrset(akey->entry.data, family, LIBRPZ_TRIG_NSIP, | |
| 1857 | + nsname, rpz)) { | |
| 1858 | + lock_rw_unlock(&akey->entry.lock); | |
| 1859 | + return false; | |
| 1860 | + } | |
| 1861 | + lock_rw_unlock(&akey->entry.lock); | |
| 1862 | + } | |
| 1863 | + return true; | |
| 1864 | +} | |
| 1865 | + | |
| 1866 | + | |
| 1867 | +static bool /* false=st_servfail */ | |
| 1868 | +ck_qname(uint8_t* qname, size_t qname_len, | |
| 1869 | + bool recursed, /* recursion done */ | |
| 1870 | + bool wait_ns, /* willing to iterate for NS data */ | |
| 1871 | + commreply_rpz_t* rpz, struct module_env* env) | |
| 1872 | +{ | |
| 1873 | + uint8_t* dname; | |
| 1874 | + size_t dname_size; | |
| 1875 | + int cur_lab; | |
| 1876 | + struct ub_packed_rrset_key* nskey; | |
| 1877 | + const struct packed_rrset_data* nsdata; | |
| 1878 | + uint8_t* nsname; | |
| 1879 | + size_t nsname_size; | |
| 1880 | + uint rr_n; | |
| 1881 | + bool have_ns, tried_ns; | |
| 1882 | + | |
| 1883 | + if(!ck_dname(qname, qname_len, LIBRPZ_TRIG_QNAME, qname, false, rpz)) | |
| 1884 | + return false; | |
| 1885 | + | |
| 1886 | + /* Do not waste time looking for NSDNAME and NSIP hits when there | |
| 1887 | + * are no currently relevant triggers. */ | |
| 1888 | + if(!librpz->have_ns_trig(rpz->rsp)) | |
| 1889 | + return true; | |
| 1890 | + | |
| 1891 | + have_ns = false; | |
| 1892 | + tried_ns = false; | |
| 1893 | + dname = qname; | |
| 1894 | + dname_size = qname_len; | |
| 1895 | + for(cur_lab = dname_count_labels(dname) - 2; | |
| 1896 | + cur_lab > rpz->min_ns_dots; | |
| 1897 | + --cur_lab) { | |
| 1898 | + tried_ns = true; | |
| 1899 | + dname_remove_label(&dname, &dname_size); | |
| 1900 | + nskey = rrset_cache_lookup(env->rrset_cache, dname, dname_size, | |
| 1901 | + LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN, | |
| 1902 | + 0, 0, 0); | |
| 1903 | + if(!nskey) | |
| 1904 | + continue; | |
| 1905 | + | |
| 1906 | + nsdata = (const struct packed_rrset_data*)nskey->entry.data; | |
| 1907 | + for(rr_n = 0; | |
| 1908 | + rr_n < nsdata->count && rpz->st == st_unknown; | |
| 1909 | + ++rr_n) { | |
| 1910 | + nsname = nsdata->rr_data[rr_n]+2; | |
| 1911 | + nsname_size = nsdata->rr_len[rr_n]; | |
| 1912 | + if(nsname_size <= 2) | |
| 1913 | + continue; | |
| 1914 | + nsname_size -= 2; | |
| 1915 | + if(!ck_dname(nsname, nsname_size, LIBRPZ_TRIG_NSDNAME, | |
| 1916 | + qname, recursed, rpz)) | |
| 1917 | + return false; | |
| 1918 | + if(!ck_1nsip(nsname, nsname_size, AF_INET, | |
| 1919 | + LDNS_RR_TYPE_A, &have_ns, rpz, env)) | |
| 1920 | + return false; | |
| 1921 | + if(!ck_1nsip(nsname, nsname_size, AF_INET6, | |
| 1922 | + LDNS_RR_TYPE_AAAA, &have_ns, rpz, env)) | |
| 1923 | + return false; | |
| 1924 | + } | |
| 1925 | + lock_rw_unlock(&nskey->entry.lock); | |
| 1926 | + } | |
| 1927 | + | |
| 1928 | + /* If we failed to find NS records, then stop building the response | |
| 1929 | + * before a CNAME with this owner name. */ | |
| 1930 | + if(!have_ns && tried_ns && (!recursed || wait_ns)) { | |
| 1931 | + rpz->cname_hit.size = qname_len; | |
| 1932 | + RPZ_ASSERT(rpz->cname_hit.size <= sizeof(rpz->cname_hit.d)); | |
| 1933 | + memcpy(rpz->cname_hit.d, qname, qname_len); | |
| 1934 | + rpz->result.hit_id = rpz->hit_id; | |
| 1935 | + rpz->st = st_ck_ns; | |
| 1936 | + } | |
| 1937 | + return true; | |
| 1938 | +} | |
| 1939 | + | |
| 1940 | + | |
| 1941 | +/* | |
| 1942 | + * Are we ready to rewrite the response? | |
| 1943 | + */ | |
| 1944 | +static bool /* true=send rewritten response */ | |
| 1945 | +ck_result(uint8_t* qname, bool recursed, | |
| 1946 | + commreply_rpz_t* rpz, const struct comm_point* commpoint) | |
| 1947 | +{ | |
| 1948 | + librpz_emsg_t emsg; | |
| 1949 | + | |
| 1950 | + switch(rpz->st) { | |
| 1951 | + case st_off: | |
| 1952 | + case st_servfail: | |
| 1953 | + case st_rewritten: | |
| 1954 | + return false; | |
| 1955 | + case st_unknown: | |
| 1956 | + break; | |
| 1957 | + case st_iterate: | |
| 1958 | + return false; | |
| 1959 | + case st_ck_ns: | |
| 1960 | + /* An NSDNAME or NSIP check failed for lack of cached data. */ | |
| 1961 | + return false; | |
| 1962 | +#pragma clang diagnostic push | |
| 1963 | +#pragma clang diagnostic ignored "-Wunreachable-code" | |
| 1964 | + default: | |
| 1965 | + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", | |
| 1966 | + rpz->st); | |
| 1967 | +#pragma clang diagnostic pop | |
| 1968 | + } | |
| 1969 | + | |
| 1970 | + /* Wait for a trigger. */ | |
| 1971 | + if(rpz->result.policy == LIBRPZ_POLICY_UNDEFINED) { | |
| 1972 | + if(recursed && | |
| 1973 | + rpz->result.zpolicy != LIBRPZ_POLICY_UNDEFINED && | |
| 1974 | + !librpz->rsp_result(&emsg, &rpz->result, true, rpz->rsp)) { | |
| 1975 | + log_fail(rpz, "%s", emsg.c); | |
| 1976 | + return false; | |
| 1977 | + } | |
| 1978 | + if(rpz->result.policy == LIBRPZ_POLICY_UNDEFINED) | |
| 1979 | + return false; | |
| 1980 | + } | |
| 1981 | + | |
| 1982 | + if(rpz->result.policy == LIBRPZ_POLICY_PASSTHRU) { | |
| 1983 | + log_rewrite(qname, rpz->result.policy, "", rpz); | |
| 1984 | + rpz_off(rpz, st_off); | |
| 1985 | + return false; | |
| 1986 | + } | |
| 1987 | + | |
| 1988 | + /* The TCP-only policy answers UDP requests with truncated responses. */ | |
| 1989 | + if(rpz->result.policy == LIBRPZ_POLICY_TCP_ONLY && | |
| 1990 | + commpoint->type == comm_tcp) { | |
| 1991 | + rpz_off(rpz, st_off); | |
| 1992 | + return false; | |
| 1993 | + } | |
| 1994 | + | |
| 1995 | + return true; | |
| 1996 | +} | |
| 1997 | + | |
| 1998 | + | |
| 1999 | +/* | |
| 2000 | + * Convert an RPZ hit to a struct dns_msg | |
| 2001 | + */ | |
| 2002 | +static void | |
| 2003 | +get_result_msg(struct dns_msg** dnsmsg, struct query_info* qinfo, | |
| 2004 | + uint16_t id, uint16_t flags, bool recursed, commreply_rpz_t* rpz, | |
| 2005 | + struct comm_point* commpoint, struct regional* region) | |
| 2006 | +{ | |
| 2007 | + librpz_rr_t* rr; | |
| 2008 | + librpz_domain_buf_t origin; | |
| 2009 | + struct sldns_buffer* pkt; | |
| 2010 | + uint16_t num_rrs; | |
| 2011 | + librpz_emsg_t emsg; | |
| 2012 | + | |
| 2013 | + *dnsmsg = NULL; | |
| 2014 | + if(!ck_result(qinfo->qname, recursed, rpz, commpoint)) | |
| 2015 | + return; | |
| 2016 | + | |
| 2017 | + rpz->st = st_rewritten; | |
| 2018 | + | |
| 2019 | + if(rpz->result.policy == LIBRPZ_POLICY_DROP) { | |
| 2020 | + log_rewrite(qinfo->qname, rpz->result.policy, "", rpz); | |
| 2021 | + /* Make a fake cached message to carry | |
| 2022 | + * sec_status_rpz_drop and be dropped. */ | |
| 2023 | + error_encode(commpoint->buffer, LDNS_RCODE_NOERROR, | |
| 2024 | + qinfo, id, flags, NULL); | |
| 2025 | + pkt2dns_msg(dnsmsg, commpoint->buffer, rpz, region); | |
| 2026 | + (*dnsmsg)->rep->security = sec_status_rpz_drop; | |
| 2027 | + return; | |
| 2028 | + } | |
| 2029 | + | |
| 2030 | + /* Create a DNS message of the RPZ data. | |
| 2031 | + * In many cases that message could be sent directly to the DNS client, | |
| 2032 | + * but sometimes iteration must be used to resolve a CNAME. | |
| 2033 | + * This need not be fast, because rewriting responses should be rare. | |
| 2034 | + * Therefore, use the simpler but slower tactic of generating a | |
| 2035 | + * parsed version of the message. */ | |
| 2036 | + | |
| 2037 | + flags &= ~BIT_AA; | |
| 2038 | + flags |= BIT_QR | BIT_RA; | |
| 2039 | + rr = NULL; | |
| 2040 | + | |
| 2041 | + /* The TCP-only policy answers UDP requests with truncated responses. */ | |
| 2042 | + if(rpz->result.policy == LIBRPZ_POLICY_TCP_ONLY) { | |
| 2043 | + flags |= BIT_TC; | |
| 2044 | + | |
| 2045 | + } else if(rpz->result.policy == LIBRPZ_POLICY_NXDOMAIN) { | |
| 2046 | + flags |= LDNS_RCODE_NXDOMAIN; | |
| 2047 | + | |
| 2048 | + } else if(rpz->result.policy == LIBRPZ_POLICY_CNAME) { | |
| 2049 | + if(!rpz->iterating && | |
| 2050 | + qinfo->qtype != LDNS_RR_TYPE_CNAME) { | |
| 2051 | + /* The new DNS message would be a CNAME and | |
| 2052 | + * the external request was not for a CNAME. | |
| 2053 | + * The worker must punt to the iterator so that | |
| 2054 | + * the iterator can resolve the CNAME. */ | |
| 2055 | + rpz->st = st_iterate; | |
| 2056 | + return; | |
| 2057 | + } | |
| 2058 | + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); | |
| 2059 | + | |
| 2060 | + } else if(rpz->result.policy == LIBRPZ_POLICY_RECORD || | |
| 2061 | + rpz->result.policy == LIBRPZ_POLICY_NODATA) { | |
| 2062 | + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); | |
| 2063 | + /* Punt to the iterator if the new DNS message would | |
| 2064 | + * be a CNAME that must be resolved. */ | |
| 2065 | + if(!rpz->iterating && | |
| 2066 | + qinfo->qtype != LDNS_RR_TYPE_CNAME && | |
| 2067 | + rr && rr->type == ntohs(LDNS_RR_TYPE_CNAME)) { | |
| 2068 | + free(rr); | |
| 2069 | + rpz->st = st_iterate; | |
| 2070 | + return; | |
| 2071 | + } | |
| 2072 | + } | |
| 2073 | + log_rewrite(qinfo->qname, rpz->result.policy, "", rpz); | |
| 2074 | + | |
| 2075 | + /* Make a buffer containing a DNS message with the RPZ data. */ | |
| 2076 | + pkt = commpoint->buffer; | |
| 2077 | + sldns_buffer_clear(pkt); | |
| 2078 | + if(sldns_buffer_remaining(pkt) < LDNS_HEADER_SIZE) { | |
| 2079 | + log_fail(rpz, "comm_reply buffer too small for header"); | |
| 2080 | + if(rr) | |
| 2081 | + free(rr); | |
| 2082 | + return; | |
| 2083 | + } | |
| 2084 | + | |
| 2085 | + /* Install ID, flags, QDCOUNT=1, ANCOUNT=# of RPZ RRs, NSCOUNT=0, | |
| 2086 | + * and ARCOUNT=1 for the RPZ SOA. */ | |
| 2087 | + sldns_buffer_write_u16(pkt, id); | |
| 2088 | + sldns_buffer_write_u16(pkt, flags); | |
| 2089 | + sldns_buffer_write_u16(pkt, 1); /* QDCOUNT */ | |
| 2090 | + sldns_buffer_write_u16(pkt, 0); /* ANCOUNT will be set later */ | |
| 2091 | + sldns_buffer_write_u16(pkt, 0); /* NSCOUNT */ | |
| 2092 | + sldns_buffer_write_u16(pkt, 1); /* ARCOUNT */ | |
| 2093 | + | |
| 2094 | + /* Install the question with the LDNS_RR_CLASS_RPZ bit to | |
| 2095 | + * to distinguish this supposed cache entry from the real deal. */ | |
| 2096 | + sldns_buffer_write(pkt, qinfo->qname, qinfo->qname_len); | |
| 2097 | + sldns_buffer_write_u16(pkt, qinfo->qtype); | |
| 2098 | + sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_IN); | |
| 2099 | + | |
| 2100 | + /* Install the RPZ RRs in the answer section */ | |
| 2101 | + num_rrs = 0; | |
| 2102 | + while(rr) { | |
| 2103 | + /* Include only the requested RRs. */ | |
| 2104 | + if(qinfo->qtype == LDNS_RR_TYPE_ANY || | |
| 2105 | + rr->type == htons(qinfo->qtype) || | |
| 2106 | + rr->type == htons(LDNS_RR_TYPE_CNAME)) { | |
| 2107 | + if(!add_rr(pkt, qinfo->qname, qinfo->qname_len, | |
| 2108 | + rr, rpz)) | |
| 2109 | + return; | |
| 2110 | + | |
| 2111 | + ++num_rrs; | |
| 2112 | + } | |
| 2113 | + free(rr); | |
| 2114 | + | |
| 2115 | + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); | |
| 2116 | + } | |
| 2117 | + /* Finish ANCOUNT. */ | |
| 2118 | + if(num_rrs != 0) | |
| 2119 | + sldns_buffer_write_u16_at(pkt, 6, num_rrs); | |
| 2120 | + | |
| 2121 | + /* All rewritten responses have an identifying SOA record in the | |
| 2122 | + * additional section. */ | |
| 2123 | + if(!librpz->rsp_soa(&emsg, NULL, &rr, &origin, | |
| 2124 | + &rpz->result, rpz->rsp)) { | |
| 2125 | + log_fail(rpz, "no soa"); | |
| 2126 | + return; | |
| 2127 | + } | |
| 2128 | + if(!add_rr(pkt, origin.d, origin.size, rr, rpz)) | |
| 2129 | + return; | |
| 2130 | + free(rr); | |
| 2131 | + | |
| 2132 | + /* Create a dns_msg representation of the fake incoming message. */ | |
| 2133 | + sldns_buffer_flip(pkt); | |
| 2134 | + pkt2dns_msg(dnsmsg, pkt, rpz, region); | |
| 2135 | +} | |
| 2136 | + | |
| 2137 | + | |
| 2138 | +/* Check the RRs in the ANSWER section of a reply_info. */ | |
| 2139 | +static void | |
| 2140 | +ck_reply(struct reply_info* reply, uint8_t* qname, bool wait_ns, | |
| 2141 | + commreply_rpz_t* rpz, struct module_env* env) | |
| 2142 | +{ | |
| 2143 | + struct ub_packed_rrset_key* rrset; | |
| 2144 | + enum sldns_enum_rr_type type; | |
| 2145 | + uint rrset_n; | |
| 2146 | + | |
| 2147 | + /* Check the RRs in the ANSWER section. */ | |
| 2148 | + rpz->cname_hit.size = 0; | |
| 2149 | + rpz->cname_hit_2nd = false; | |
| 2150 | + for(rrset_n = 0; rrset_n < reply->an_numrrsets; ++rrset_n) { | |
| 2151 | + /* Check all of the RRs before deciding. */ | |
| 2152 | + if(rpz->st != st_unknown) | |
| 2153 | + return; | |
| 2154 | + | |
| 2155 | + rrset = reply->rrsets[rrset_n]; | |
| 2156 | + if(ntohs(rrset->rk.rrset_class) != LDNS_RR_CLASS_IN) | |
| 2157 | + continue; | |
| 2158 | + type = ntohs(rrset->rk.type); | |
| 2159 | + | |
| 2160 | + if(type == LDNS_RR_TYPE_A) { | |
| 2161 | + if(!ck_ip_rrset(rrset->entry.data, AF_INET, | |
| 2162 | + LIBRPZ_TRIG_IP, qname, rpz)) | |
| 2163 | + break; | |
| 2164 | + | |
| 2165 | + } else if(type == LDNS_RR_TYPE_AAAA) { | |
| 2166 | + if(!ck_ip_rrset(rrset->entry.data, AF_INET6, | |
| 2167 | + LIBRPZ_TRIG_IP, qname, rpz)) | |
| 2168 | + break; | |
| 2169 | + | |
| 2170 | + } else if(type == LDNS_RR_TYPE_CNAME) { | |
| 2171 | + /* Check CNAME owners unless we already have a hit. */ | |
| 2172 | + ++rpz->hit_id; | |
| 2173 | + if(!ck_qname(rrset->rk.dname, rrset->rk.dname_len, | |
| 2174 | + true, wait_ns, rpz, env)) | |
| 2175 | + break; | |
| 2176 | + | |
| 2177 | + /* Do not worry about the CNAME if it did not hit, | |
| 2178 | + * but note the miss so that it can be prepended | |
| 2179 | + * if we do hit. */ | |
| 2180 | + if(rpz->result.hit_id != rpz->hit_id) { | |
| 2181 | + rpz->cname_hit_2nd = true; | |
| 2182 | + continue; | |
| 2183 | + } | |
| 2184 | + | |
| 2185 | + /* Stop after hitting a CNAME. | |
| 2186 | + * The iterator must be used to include CNAMEs before | |
| 2187 | + * the CNAME that hit in the rewritten response. */ | |
| 2188 | + rpz->cname_hit.size = rrset->rk.dname_len; | |
| 2189 | + RPZ_ASSERT(rpz->cname_hit.size <= sizeof(rpz->cname_hit.d)); | |
| 2190 | + memcpy(rpz->cname_hit.d, rrset->rk.dname, | |
| 2191 | + rpz->cname_hit.size); | |
| 2192 | + break; | |
| 2193 | + } | |
| 2194 | + } | |
| 2195 | +} | |
| 2196 | + | |
| 2197 | + | |
| 2198 | +static void | |
| 2199 | +worker_servfail(struct worker* worker, struct query_info* qinfo, | |
| 2200 | + uint16_t id, uint16_t flags, struct comm_reply* commreply) | |
| 2201 | +{ | |
| 2202 | + error_encode(commreply->c->buffer, LDNS_RCODE_SERVFAIL, | |
| 2203 | + qinfo, id, flags, NULL); | |
| 2204 | + regional_free_all(worker->scratchpad); | |
| 2205 | + comm_point_send_reply(commreply); | |
| 2206 | +} | |
| 2207 | + | |
| 2208 | + | |
| 2209 | +/* Send an RPZ answer before the iterator has started. | |
| 2210 | + * @return: 1=continue normal unbound processing | |
| 2211 | + * 0=punt to the iterator | |
| 2212 | + * -1=rewritten response already sent or dropped. */ | |
| 2213 | +static int | |
| 2214 | +worker_send(struct dns_msg* dnsmsg, struct worker* worker, | |
| 2215 | + struct query_info* qinfo, uint16_t id, uint16_t flags, | |
| 2216 | + struct edns_data* edns, struct comm_reply* commreply) | |
| 2217 | +{ | |
| 2218 | + switch (commreply->rpz->st) { | |
| 2219 | + case st_off: | |
| 2220 | + return 1; | |
| 2221 | + case st_servfail: | |
| 2222 | + worker_servfail(worker, qinfo, id, flags, commreply); | |
| 2223 | + return -1; | |
| 2224 | + case st_unknown: | |
| 2225 | + return 1; | |
| 2226 | + case st_iterate: | |
| 2227 | + case st_ck_ns: | |
| 2228 | + return 0; /* punt to the iterator */ | |
| 2229 | + case st_rewritten: | |
| 2230 | + break; | |
| 2231 | + default: | |
| 2232 | + fatal_exit("impossible RPZ state %d in worker_send()", | |
| 2233 | + commreply->rpz->st); | |
| 2234 | + } | |
| 2235 | + | |
| 2236 | + if(dnsmsg->rep->security == sec_status_rpz_drop) { | |
| 2237 | + regional_free_all(worker->scratchpad); | |
| 2238 | + comm_point_drop_reply(commreply); | |
| 2239 | + return -1; | |
| 2240 | + } | |
| 2241 | + | |
| 2242 | + edns->edns_version = EDNS_ADVERTISED_VERSION; | |
| 2243 | + edns->udp_size = EDNS_ADVERTISED_SIZE; | |
| 2244 | + edns->ext_rcode = 0; | |
| 2245 | + edns->bits = 0; /* rewritten response cannot verify. */ | |
| 2246 | + if(!reply_info_answer_encode(qinfo, dnsmsg->rep, | |
| 2247 | + id, flags | BIT_QR, | |
| 2248 | + commreply->c->buffer, 0, 1, | |
| 2249 | + worker->scratchpad, | |
| 2250 | + edns->udp_size, edns, 0, 0)) { | |
| 2251 | + worker_servfail(worker, qinfo, id, flags, commreply); | |
| 2252 | + } else { | |
| 2253 | + regional_free_all(worker->scratchpad); | |
| 2254 | + comm_point_send_reply(commreply); | |
| 2255 | + } | |
| 2256 | + return -1; | |
| 2257 | +} | |
| 2258 | + | |
| 2259 | + | |
| 2260 | +/* Set commreply to an RPZ context if the response might be rewritten. | |
| 2261 | + * Try to answer now with a hit allowed before recursion (iteration). */ | |
| 2262 | +bool /* true=response sent or dropped */ | |
| 2263 | +rpz_start(struct worker* worker, struct query_info* qinfo, | |
| 2264 | + struct comm_reply* commreply, struct edns_data* edns) | |
| 2265 | +{ | |
| 2266 | + commreply_rpz_t* rpz; | |
| 2267 | + uint16_t id, flags; | |
| 2268 | + struct dns_msg* dnsmsg; | |
| 2269 | + int family; | |
| 2270 | + const void* addr; | |
| 2271 | + librpz_emsg_t emsg; | |
| 2272 | + | |
| 2273 | + /* Quit if rpz not configured. */ | |
| 2274 | + if(!worker->daemon->rpz_client) | |
| 2275 | + return false; | |
| 2276 | + | |
| 2277 | + /* Rewrite only the Internet class */ | |
| 2278 | + if(qinfo->qclass != LDNS_RR_CLASS_IN) | |
| 2279 | + return false; | |
| 2280 | + | |
| 2281 | + rpz = commreply->rpz; | |
| 2282 | + RPZ_ASSERT(!rpz); | |
| 2283 | + | |
| 2284 | + dnsmsg = NULL; | |
| 2285 | + id = htons(sldns_buffer_read_u16_at(commreply->c->buffer, 0)); | |
| 2286 | + flags = sldns_buffer_read_u16_at(commreply->c->buffer, 2); | |
| 2287 | + | |
| 2288 | + rpz = malloc(sizeof(*rpz)); | |
| 2289 | + if(!rpz) { | |
| 2290 | + librpz->log(LIBRPZ_LOG_ERROR, NULL, "no memory for rpz"); | |
| 2291 | + return 0 > worker_send(dnsmsg, worker, qinfo, | |
| 2292 | + id, flags, edns, commreply); | |
| 2293 | + } | |
| 2294 | + memset(rpz, 0, sizeof(*rpz)); | |
| 2295 | + rpz->st = st_unknown; | |
| 2296 | + commreply->rpz = rpz; | |
| 2297 | + | |
| 2298 | + /* Make a new ID for log messages */ | |
| 2299 | + rpz->log_id = __sync_add_and_fetch(&log_id, 1); | |
| 2300 | + | |
| 2301 | + /* Get access to the librpz data. */ | |
| 2302 | + if(!librpz->rsp_create(&emsg, &rpz->rsp, &rpz->min_ns_dots, | |
| 2303 | + worker->daemon->rpz_client, | |
| 2304 | + (flags & BIT_RD) != 0, | |
| 2305 | + (edns->bits & EDNS_DO) != 0)) { | |
| 2306 | + log_fail(rpz, "%s", emsg.c); | |
| 2307 | + return false; | |
| 2308 | + } | |
| 2309 | + /* Quit if benign reasons prevent rewriting. */ | |
| 2310 | + if(!rpz->rsp) { | |
| 2311 | + rpz->st = st_off; | |
| 2312 | + librpz->log(LIBRPZ_LOG_TRACE1, rpz, "%s", emsg.c); | |
| 2313 | + return false; | |
| 2314 | + } | |
| 2315 | + | |
| 2316 | + /* Check the client IP address. | |
| 2317 | + * Do not use commreply->srctype because it is often 0. */ | |
| 2318 | + family = ((struct sockaddr*)&commreply->addr)->sa_family; | |
| 2319 | + switch(family) { | |
| 2320 | + case AF_INET: | |
| 2321 | + addr = &((struct sockaddr_in*)&commreply->addr)->sin_addr; | |
| 2322 | + break; | |
| 2323 | + case AF_INET6: | |
| 2324 | + addr = &((struct sockaddr_in6*)&commreply->addr)->sin6_addr; | |
| 2325 | + break; | |
| 2326 | + default: | |
| 2327 | + /* Maybe the client is on a UNIX domain socket. */ | |
| 2328 | + librpz->log(LIBRPZ_LOG_TRACE2, rpz, | |
| 2329 | + "unknown client address family %d", family); | |
| 2330 | + addr = NULL; | |
| 2331 | + break; | |
| 2332 | + } | |
| 2333 | + /* Loop to ignore disabled zones. */ | |
| 2334 | + while(addr) { | |
| 2335 | + if(!push_st(rpz)) | |
| 2336 | + break; | |
| 2337 | + if(!librpz->ck_ip(&emsg, addr, family, LIBRPZ_TRIG_CLIENT_IP, | |
| 2338 | + rpz->hit_id, true, rpz->rsp)) { | |
| 2339 | + log_fail(rpz, "%s", emsg.c); | |
| 2340 | + break; | |
| 2341 | + } | |
| 2342 | + if(!ck_after(qinfo->qname, false, LIBRPZ_TRIG_CLIENT_IP, rpz)) | |
| 2343 | + break; | |
| 2344 | + } | |
| 2345 | + if(rpz->st == st_servfail) | |
| 2346 | + return 0 > worker_send(dnsmsg, worker, qinfo, | |
| 2347 | + id, flags, edns, commreply); | |
| 2348 | + | |
| 2349 | + /* Check the QNAME and possibly replace a client-IP hit. */ | |
| 2350 | + ck_qname(qinfo->qname, qinfo->qname_len, false, true, | |
| 2351 | + rpz, &worker->env); | |
| 2352 | + | |
| 2353 | + get_result_msg(&dnsmsg, qinfo, id, flags, false, | |
| 2354 | + rpz, commreply->c, worker->scratchpad); | |
| 2355 | + return 0 > worker_send(dnsmsg, worker, qinfo, | |
| 2356 | + id, flags, edns, commreply); | |
| 2357 | +} | |
| 2358 | + | |
| 2359 | + | |
| 2360 | +/* Check a cached reply before iteration. | |
| 2361 | + * @return: 1=use cache entry | |
| 2362 | + * 0=deny a cached entry exists in order to punt to the iterator | |
| 2363 | + * -1=rewritten response already sent or dropped */ | |
| 2364 | +int | |
| 2365 | +rpz_worker_cache(struct worker* worker, struct reply_info* reply, | |
| 2366 | + struct query_info* qinfo, uint16_t id, uint16_t flags, | |
| 2367 | + struct edns_data* edns, struct comm_reply* commreply) | |
| 2368 | +{ | |
| 2369 | + commreply_rpz_t* rpz; | |
| 2370 | + struct dns_msg* dnsmsg; | |
| 2371 | + st_t new_st; | |
| 2372 | + librpz_rr_t* rr; | |
| 2373 | + | |
| 2374 | + dnsmsg = NULL; | |
| 2375 | + | |
| 2376 | + rpz = commreply->rpz; | |
| 2377 | + switch(rpz->st) { | |
| 2378 | + case st_off: | |
| 2379 | + return 1; /* Send the cache entry. */ | |
| 2380 | + case st_servfail: | |
| 2381 | + return worker_send(dnsmsg, worker, qinfo, id, flags, | |
| 2382 | + edns, commreply); | |
| 2383 | + case st_unknown: | |
| 2384 | + break; | |
| 2385 | + case st_iterate: | |
| 2386 | + case st_ck_ns: | |
| 2387 | + return 0; /* Punt to the iterator. */ | |
| 2388 | + case st_rewritten: | |
| 2389 | + default: | |
| 2390 | + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", | |
| 2391 | + rpz->st); | |
| 2392 | + } | |
| 2393 | + | |
| 2394 | + /* Check the RRs in the ANSWER section. */ | |
| 2395 | + if(!push_st(rpz)) | |
| 2396 | + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, | |
| 2397 | + commreply); | |
| 2398 | + | |
| 2399 | + ck_reply(reply, qinfo->qname, true, rpz, &worker->env); | |
| 2400 | + if(!ck_result(qinfo->qname, true, rpz, commreply->c)) | |
| 2401 | + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, | |
| 2402 | + commreply); | |
| 2403 | + | |
| 2404 | + if(rpz->cname_hit.size != 0) { | |
| 2405 | + /* Punt to the iterator if leading CNAMEs must be | |
| 2406 | + * included in the rewritten response. */ | |
| 2407 | + rpz->cname_hit.size = 0; | |
| 2408 | + new_st = st_iterate; | |
| 2409 | + | |
| 2410 | + } else if(rpz->result.policy == LIBRPZ_POLICY_CNAME) { | |
| 2411 | + /* Punt if the rewritten response is to a CNAME. */ | |
| 2412 | + new_st = st_iterate; | |
| 2413 | + | |
| 2414 | + } else { | |
| 2415 | + if(rpz->result.policy == LIBRPZ_POLICY_RECORD) { | |
| 2416 | + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); | |
| 2417 | + if(rr) { | |
| 2418 | + /* Punt we are rewriting to a CNAME. */ | |
| 2419 | + if(rr->type == ntohs(LDNS_RR_TYPE_CNAME)) { | |
| 2420 | + free(rr); | |
| 2421 | + rpz->st = st_iterate; | |
| 2422 | + } else { | |
| 2423 | + free(rr); | |
| 2424 | + } | |
| 2425 | + } | |
| 2426 | + } | |
| 2427 | + get_result_msg(&dnsmsg, qinfo, id, flags, true, | |
| 2428 | + rpz, commreply->c, worker->scratchpad); | |
| 2429 | + new_st = rpz->st; | |
| 2430 | + } | |
| 2431 | + | |
| 2432 | + switch(new_st) { | |
| 2433 | + case st_off: | |
| 2434 | + case st_servfail: | |
| 2435 | + break; | |
| 2436 | + case st_unknown: | |
| 2437 | + pop_discard_st(rpz); | |
| 2438 | + break; | |
| 2439 | + case st_iterate: | |
| 2440 | + case st_ck_ns: | |
| 2441 | + if(pop_st(rpz)) | |
| 2442 | + rpz->st = new_st; | |
| 2443 | + break; | |
| 2444 | + case st_rewritten: | |
| 2445 | + pop_discard_st(rpz); | |
| 2446 | + break; | |
| 2447 | + default: | |
| 2448 | + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", | |
| 2449 | + rpz->st); | |
| 2450 | + } | |
| 2451 | + | |
| 2452 | + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, commreply); | |
| 2453 | +} | |
| 2454 | + | |
| 2455 | + | |
| 2456 | +/* Check a cache hit or miss for the iterator. | |
| 2457 | + * A cache miss can already have a QNAME hit that was ignored before checking | |
| 2458 | + * the iterator because of "QNAME-WAIT-RECURSE yes". | |
| 2459 | + * Cache hits are treated like responses from authorities. */ | |
| 2460 | +bool /* false=SERVFAIL */ | |
| 2461 | +rpz_iter_cache(struct dns_msg** msg, enum response_type* type, | |
| 2462 | + struct module_qstate* qstate, struct iter_qstate* iq) | |
| 2463 | +{ | |
| 2464 | + struct comm_reply* commreply; | |
| 2465 | + commreply_rpz_t* rpz; | |
| 2466 | + struct dns_msg* dnsmsg; | |
| 2467 | + | |
| 2468 | + commreply = &qstate->mesh_info->reply_list->query_reply; | |
| 2469 | + rpz = commreply->rpz; | |
| 2470 | + | |
| 2471 | + rpz->iterating = true; | |
| 2472 | + | |
| 2473 | + switch(rpz->st) { | |
| 2474 | + case st_off: | |
| 2475 | + iq->rpz_rewritten = 1; /* RPZ has nothing to say. */ | |
| 2476 | + return true; | |
| 2477 | + case st_servfail: | |
| 2478 | + return false; | |
| 2479 | + case st_unknown: | |
| 2480 | + break; | |
| 2481 | + case st_iterate: | |
| 2482 | + case st_ck_ns: | |
| 2483 | + rpz->st = st_unknown; | |
| 2484 | + if(!ck_qname(iq->qchase.qname, iq->qchase.qname_len, | |
| 2485 | + *msg != NULL, true, rpz, qstate->env)) | |
| 2486 | + return false; | |
| 2487 | + /* If we must recurse regardless and if NSIP/NSDNAME | |
| 2488 | + * checking failed, then delay in the hope that | |
| 2489 | + * recursion will also get NS data. */ | |
| 2490 | + if(rpz->st == st_ck_ns) | |
| 2491 | + return true; | |
| 2492 | + break; | |
| 2493 | + case st_rewritten: | |
| 2494 | + default: | |
| 2495 | + fatal_exit("impossible RPZ state %d in rpz_iter_cache()", | |
| 2496 | + rpz->st); | |
| 2497 | + } | |
| 2498 | + | |
| 2499 | + push_st(rpz); | |
| 2500 | + | |
| 2501 | + /* Check the cache hit. */ | |
| 2502 | + if(*msg) | |
| 2503 | + ck_reply((*msg)->rep, iq->qchase.qname, true, rpz, qstate->env); | |
| 2504 | + | |
| 2505 | + /* The DNS ID does not matter, because the generated dns_msg | |
| 2506 | + * is nominally from an authority and not to the DNS client. */ | |
| 2507 | + get_result_msg(&dnsmsg, &iq->qchase, 1, qstate->query_flags, true, | |
| 2508 | + rpz, commreply->c, qstate->region); | |
| 2509 | + | |
| 2510 | + switch(rpz->st) { | |
| 2511 | + case st_off: | |
| 2512 | + iq->rpz_rewritten = 1; /* RPZ has nothing to say. */ | |
| 2513 | + return true; | |
| 2514 | + case st_servfail: | |
| 2515 | + return false; | |
| 2516 | + case st_unknown: | |
| 2517 | + /* RPZ has nothing to say yet. Maybe there will be a hit | |
| 2518 | + * later in the CNAME chain. */ | |
| 2519 | + return pop_discard_st(rpz); | |
| 2520 | + case st_ck_ns: | |
| 2521 | + /* Try to get NS data for a CNAME found by ck_reply() */ | |
| 2522 | + *type = RESPONSE_TYPE_CNAME; | |
| 2523 | + return pop_discard_st(rpz); | |
| 2524 | + case st_iterate: | |
| 2525 | + default: | |
| 2526 | + fatal_exit("impossible RPZ state %d in rpz_iter_cache()", | |
| 2527 | + rpz->st); | |
| 2528 | + case st_rewritten: | |
| 2529 | + break; | |
| 2530 | + } | |
| 2531 | + | |
| 2532 | + if(*msg && rpz->cname_hit.size != 0 && rpz->cname_hit_2nd) { | |
| 2533 | + /* We hit a CNAME owner in the cached msg after not hitting one | |
| 2534 | + * or more CNAME owners. We need to add those leading CNAMEs | |
| 2535 | + * to the prepend list. Tell the iterator to treat the cached | |
| 2536 | + * message as a RESPONSE_TYPE_CNAME even if it contains answers. | |
| 2537 | + * handle_cname_response() will stop prepending CNAMEs before | |
| 2538 | + * the triggering CNAME. handle_cname_response() will cause | |
| 2539 | + * a restart to resolve the target of the preceding CNAME, | |
| 2540 | + * which is the same as the hit CNAME owner. */ | |
| 2541 | + rpz->st = st_unknown; | |
| 2542 | + *type = RESPONSE_TYPE_CNAME; | |
| 2543 | + return pop_discard_st(rpz); | |
| 2544 | + } | |
| 2545 | + | |
| 2546 | + *msg = dnsmsg; | |
| 2547 | + iq->rpz_security = dnsmsg->rep->security; | |
| 2548 | + | |
| 2549 | + if(dnsmsg && dnsmsg->rep->an_numrrsets != 0 && | |
| 2550 | + dnsmsg->rep->rrsets[0]->rk.type == htons(LDNS_RR_TYPE_CNAME)) { | |
| 2551 | + /* The cached msg triggered a rule that rewrites to a | |
| 2552 | + * CNAME that must be resolved. | |
| 2553 | + * We have a replacement dns_msg with that CNAME and also | |
| 2554 | + * an SOA RR in the ADDITIONAL section that the iterator | |
| 2555 | + * will lose as it adds the CNAME to the prepend list. | |
| 2556 | + * Save the SOA RR in iq->rpz_soa. */ | |
| 2557 | + iq->rpz_soa = dnsmsg->rep->rrsets[1]; | |
| 2558 | + iq->rpz_rewritten = 1; | |
| 2559 | + *type = RESPONSE_TYPE_CNAME; | |
| 2560 | + return true; | |
| 2561 | + } | |
| 2562 | + | |
| 2563 | + /* Otherwise we have rewritten to zero or more non-CNAME RRs. | |
| 2564 | + * (DNAMEs are not supported.) | |
| 2565 | + * Tell the iterator to send the rewritten message. */ | |
| 2566 | + *type = RESPONSE_TYPE_ANSWER; | |
| 2567 | + iq->rpz_rewritten = 1; | |
| 2568 | + return true; | |
| 2569 | +} | |
| 2570 | + | |
| 2571 | + | |
| 2572 | +/* Check a RESPONSE_TYPE_ANSWER response from an authority in the iterator. */ | |
| 2573 | +rpz_iter_resp_t | |
| 2574 | +rpz_iter_resp(struct module_qstate* qstate, struct iter_qstate* iq, | |
| 2575 | + struct dns_msg** resp, bool* is_cname) | |
| 2576 | +{ | |
| 2577 | + struct comm_reply* commreply; | |
| 2578 | + commreply_rpz_t* rpz; | |
| 2579 | + struct reply_info* rep; | |
| 2580 | + | |
| 2581 | + *is_cname = false; | |
| 2582 | + | |
| 2583 | + commreply = &qstate->mesh_info->reply_list->query_reply; | |
| 2584 | + rpz = commreply->rpz; | |
| 2585 | + switch(rpz->st) { | |
| 2586 | + case st_off: | |
| 2587 | + case st_servfail: | |
| 2588 | + case st_iterate: | |
| 2589 | + case st_rewritten: | |
| 2590 | + default: | |
| 2591 | + fatal_exit("impossible RPZ state %d in rpz_iter_resp()", | |
| 2592 | + rpz->st); | |
| 2593 | + case st_ck_ns: | |
| 2594 | + case st_unknown: | |
| 2595 | + break; | |
| 2596 | + } | |
| 2597 | + | |
| 2598 | + /* We know !iq->rpz_rewritten and so the response was after a simple | |
| 2599 | + * cache miss when the original QNAME did not trigger a response | |
| 2600 | + * or after a CNAME whose owner name did hit but was then forgotten | |
| 2601 | + * with pop_st(). | |
| 2602 | + * In either case, it is necessary to check the QNAME here. | |
| 2603 | + * Checking the QNAME will not lose a better hit. */ | |
| 2604 | + rpz->st = st_unknown; | |
| 2605 | + ck_qname(iq->qchase.qname, iq->qchase.qname_len, true, false, | |
| 2606 | + rpz, qstate->env); | |
| 2607 | + | |
| 2608 | + /* Check the RRs in the ANSWER section. */ | |
| 2609 | + if(!push_st(rpz)) | |
| 2610 | + return rpz_iter_resp_fail; | |
| 2611 | + ck_reply(iq->response->rep, iq->qchase.qname, false, rpz, qstate->env); | |
| 2612 | + get_result_msg(resp, &qstate->qinfo, 1, qstate->query_flags, true, | |
| 2613 | + rpz, commreply->c, qstate->region); | |
| 2614 | + switch(rpz->st) { | |
| 2615 | + case st_off: | |
| 2616 | + iq->rpz_rewritten = 1; /* Do not come back. */ | |
| 2617 | + return rpz_iter_resp_done; | |
| 2618 | + case st_servfail: /* Send SERVFAIL */ | |
| 2619 | + return rpz_iter_resp_fail; | |
| 2620 | + case st_unknown: | |
| 2621 | + case st_ck_ns: | |
| 2622 | + return rpz_iter_resp_done; /* continue without change */ | |
| 2623 | + case st_iterate: | |
| 2624 | + default: | |
| 2625 | + fatal_exit("impossible RPZ state %d in rpz_iter_resp()", | |
| 2626 | + rpz->st); | |
| 2627 | + case st_rewritten: | |
| 2628 | + /* Tell the iterator to use handle_cname_response() to | |
| 2629 | + * prepend any preceding CNAMEs. | |
| 2630 | + * We have a replacement dns_msg that also has an SOA RR in the | |
| 2631 | + * ADDITIONAL section that the iterator will lose if it is a | |
| 2632 | + * CNAME. Save that SOA in that case. */ | |
| 2633 | + rep = (*resp)->rep; | |
| 2634 | + if(rep->an_numrrsets != 0 && | |
| 2635 | + rep->rrsets[0]->rk.type == ntohs(LDNS_RR_TYPE_CNAME)) { | |
| 2636 | + *is_cname = true; | |
| 2637 | + iq->rpz_soa = rep->rrsets[1]; | |
| 2638 | + } | |
| 2639 | + return rpz_iter_resp_rewrite; | |
| 2640 | + } | |
| 2641 | +} | |
| 2642 | + | |
| 2643 | + | |
| 2644 | +/* Tell handle_cname_response() to stop adding to the answer prepend list | |
| 2645 | + * after adding CNAME with a target that hits a QNAME trigger. | |
| 2646 | + * Do not change any RPZ state, but expect the call of handle_cname_response() | |
| 2647 | + * to try to resolve the CNAME and hit the same QNAME trigger and rewrite | |
| 2648 | + * the response. */ | |
| 2649 | +rpz_cname_t | |
| 2650 | +rpz_cname(struct module_qstate* qstate, | |
| 2651 | + uint8_t* oname, size_t oname_size) | |
| 2652 | +{ | |
| 2653 | + struct mesh_reply* reply_list; | |
| 2654 | + struct comm_reply* commreply; | |
| 2655 | + commreply_rpz_t* rpz; | |
| 2656 | + rpz_cname_t ret; | |
| 2657 | + | |
| 2658 | + /* Quit if RPZ is off */ | |
| 2659 | + reply_list = qstate->mesh_info->reply_list; | |
| 2660 | + if(!reply_list) | |
| 2661 | + return rpz_cname_prepend; | |
| 2662 | + commreply = &reply_list->query_reply; | |
| 2663 | + rpz = commreply->rpz; | |
| 2664 | + | |
| 2665 | + if(!rpz || rpz->st == st_off) | |
| 2666 | + return rpz_cname_prepend; | |
| 2667 | + | |
| 2668 | + /* Stop on a 2nd or later CNAME for rpz_iter_resp(). */ | |
| 2669 | + if(rpz->cname_hit.size != 0) { | |
| 2670 | + if(!query_dname_compare(rpz->cname_hit.d, oname)) | |
| 2671 | + return rpz_cname_stop; | |
| 2672 | + return rpz_cname_prepend; | |
| 2673 | + } | |
| 2674 | + | |
| 2675 | + if(rpz->st != st_unknown) | |
| 2676 | + fatal_exit("impossible RPZ state %d in rpz_cname()", rpz->st); | |
| 2677 | + | |
| 2678 | + ret = rpz_cname_prepend; | |
| 2679 | + if(!push_st(rpz)) | |
| 2680 | + return rpz_cname_fail; | |
| 2681 | + /* Stop before prepending a CNAME that would preempt a | |
| 2682 | + * rewritten response or before a possible NSDNAME or NSIP trigger. */ | |
| 2683 | + ++rpz->hit_id; | |
| 2684 | + ck_qname(oname, oname_size, true, true, rpz, qstate->env); | |
| 2685 | + if(rpz->st != st_unknown) | |
| 2686 | + ret = rpz_cname_stop; | |
| 2687 | + if(!pop_st(rpz)) | |
| 2688 | + return rpz_cname_fail; | |
| 2689 | + return ret; | |
| 2690 | +} | |
| 2691 | + | |
| 2692 | +#endif /* ENABLE_FASTRPZ */ | |
| 2693 | =================================================================== | |
| 2694 | RCS file: ./fastrpz/RCS/rpz.h,v | |
| 2695 | retrieving revision 1.1 | |
| 2696 | diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.h | |
| 2697 | --- ./fastrpz/rpz.h | |
| 2698 | +++ ./fastrpz/rpz.h | |
| 2699 | @@ -0,0 +1,138 @@ | |
| 2700 | +/* | |
| 2701 | + * fastrpz/rpz.h - interface to the fastrpz response policy zone library | |
| 2702 | + * | |
| 2703 | + * Copyright (c) 2016 Farsight Security, Inc. | |
| 2704 | + * | |
| 2705 | + * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 2706 | + * you may not use this file except in compliance with the License. | |
| 2707 | + * You may obtain a copy of the License at | |
| 2708 | + * http://www.apache.org/licenses/LICENSE-2.0 | |
| 2709 | + * | |
| 2710 | + * Unless required by applicable law or agreed to in writing, software | |
| 2711 | + * distributed under the License is distributed on an "AS IS" BASIS, | |
| 2712 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 2713 | + * See the License for the specific language governing permissions and | |
| 2714 | + * limitations under the License. | |
| 2715 | + */ | |
| 2716 | + | |
| 2717 | +#ifndef UNBOUND_FASTRPZ_RPZ_H | |
| 2718 | +#define UNBOUND_FASTRPZ_RPZ_H | |
| 2719 | + | |
| 2720 | +#ifndef PACKAGE_VERSION | |
| 2721 | +/* Ensure that config.h has been included to correctly set ENABLE_FASTRPZ */ | |
| 2722 | +#include "config.h" | |
| 2723 | +#endif | |
| 2724 | + | |
| 2725 | +#ifdef ENABLE_FASTRPZ | |
| 2726 | + | |
| 2727 | +#include "librpz.h" | |
| 2728 | + | |
| 2729 | +#include "daemon/daemon.h" | |
| 2730 | +#include "util/config_file.h" | |
| 2731 | + | |
| 2732 | +struct comm_point; /* forward references */ | |
| 2733 | +struct comm_reply; | |
| 2734 | +struct dns_msg; | |
| 2735 | +struct edns_data; | |
| 2736 | +struct iter_qstate; | |
| 2737 | +struct query_info; | |
| 2738 | +struct reply_info; | |
| 2739 | +enum response_type; /* iterator/iter_utils.h */ | |
| 2740 | + | |
| 2741 | + | |
| 2742 | +struct commreply_rpz; | |
| 2743 | + | |
| 2744 | +/** | |
| 2745 | + * Connect to the librpz database. | |
| 2746 | + * @param pclist: future pointer to opaque librpz client data | |
| 2747 | + * @param pclient: future pointer to opaque librpz client data | |
| 2748 | + * @param cfg: parsed unbound configuration | |
| 2749 | + */ | |
| 2750 | +void rpz_init(librpz_clist_t** pclist, librpz_client_t** pclient, | |
| 2751 | + const struct config_file* cfg); | |
| 2752 | + | |
| 2753 | +/** | |
| 2754 | + * Disconnect from the librpz database | |
| 2755 | + * @param client: opaque librpz client data | |
| 2756 | + */ | |
| 2757 | +void rpz_delete(librpz_clist_t** pclist, librpz_client_t** pclient); | |
| 2758 | + | |
| 2759 | +/** | |
| 2760 | + * Start working on a DNS request and check for client IP address triggers. | |
| 2761 | + * @param worker: the DNS request context | |
| 2762 | + * @param qinfo: the DNS question | |
| 2763 | + * @param[in,out] commreply: the answer | |
| 2764 | + * @param c: where to send the response | |
| 2765 | + * @param[in,out] edns for the DO flag | |
| 2766 | + * @return true if response already sent or dropped | |
| 2767 | + */ | |
| 2768 | +bool rpz_start(struct worker* worker, struct query_info* qinfo, | |
| 2769 | + struct comm_reply* commreply, struct edns_data* edns); | |
| 2770 | + | |
| 2771 | +/** | |
| 2772 | + * Release resources held for a DNS request | |
| 2773 | + * @param rspp: pointer to pointer to rpz client context. | |
| 2774 | + */ | |
| 2775 | +void rpz_end(struct comm_reply* comm_rep); | |
| 2776 | + | |
| 2777 | +/** | |
| 2778 | + * Check a cached reply for RPZ hits before iteration | |
| 2779 | + * @param worker: the DNS request context | |
| 2780 | + * @param casheresp: cache reply | |
| 2781 | + * @param qinfo: the DNS question | |
| 2782 | + * @param id from the DNS request | |
| 2783 | + * @param flags from the DNS request | |
| 2784 | + * @param[in,out] edns for the DO flag | |
| 2785 | + * @param[in,out] commreply: RPZ state | |
| 2786 | + * @return 1=use cache entry, -1=rewritten response already sent or dropped, | |
| 2787 | + * 0=deny a cached entry exists | |
| 2788 | + */ | |
| 2789 | +int rpz_worker_cache(struct worker* worker, struct reply_info* cacheresp, | |
| 2790 | + struct query_info* qinfo, uint16_t id, uint16_t flags, | |
| 2791 | + struct edns_data* edns, struct comm_reply* commreply); | |
| 2792 | + | |
| 2793 | +/** | |
| 2794 | + * Check for an existing RPZ CNAME rewrite with "QNAME-WAIT-RECURSE no" | |
| 2795 | + * that needs to be resolved before resolving the external request. | |
| 2796 | + * @param[out] msg: rewritten CNAME response. | |
| 2797 | + * @param qstate: query state. | |
| 2798 | + * @param iq: iterator query state. | |
| 2799 | + * @return false=send SERVFAIL | |
| 2800 | + */ | |
| 2801 | +bool rpz_iter_cache(struct dns_msg** msg, enum response_type* type, | |
| 2802 | + struct module_qstate* qstate, struct iter_qstate* iq); | |
| 2803 | + | |
| 2804 | +/** | |
| 2805 | + * Check a response from an authority in the iterator. | |
| 2806 | + * @param[out] type: of the final response | |
| 2807 | + * @param qstate: query state. | |
| 2808 | + * @param iq: iterator query state. | |
| 2809 | + * @param is_cname: true if the rewritten response is a CNAME | |
| 2810 | + * @return one of rpz_resp_t | |
| 2811 | + */ | |
| 2812 | +typedef enum { | |
| 2813 | + rpz_iter_resp_fail, /* Send SERVFAIL. */ | |
| 2814 | + rpz_iter_resp_rewrite, /* We rewrote the response. */ | |
| 2815 | + rpz_iter_resp_done, /* Restart to refetch glue. */ | |
| 2816 | +} rpz_iter_resp_t; | |
| 2817 | +rpz_iter_resp_t rpz_iter_resp(struct module_qstate* qstate, | |
| 2818 | + struct iter_qstate* iq, struct dns_msg** resp, | |
| 2819 | + bool* is_cname); | |
| 2820 | + | |
| 2821 | +/** | |
| 2822 | + * Check a CNAME RR | |
| 2823 | + * @param qstate: query state. | |
| 2824 | + * @param oname: cname owner name | |
| 2825 | + * @param oname_size: length of oname | |
| 2826 | + * @return: one of rpz_cname_t | |
| 2827 | + */ | |
| 2828 | +typedef enum { | |
| 2829 | + rpz_cname_fail, /* send SERVFAIL */ | |
| 2830 | + rpz_cname_prepend, /* prepend CNAME as usual */ | |
| 2831 | + rpz_cname_stop, /* stop before prepending this CNAME */ | |
| 2832 | +} rpz_cname_t; | |
| 2833 | +rpz_cname_t rpz_cname(struct module_qstate* qstate, | |
| 2834 | + uint8_t* oname, size_t oname_size); | |
| 2835 | + | |
| 2836 | +#endif /* ENABLE_FASTRPZ */ | |
| 2837 | +#endif /* UNBOUND_FASTRPZ_RPZ_H */ | |
| 2838 | =================================================================== | |
| 2839 | RCS file: ./fastrpz/RCS/rpz.m4,v | |
| 2840 | retrieving revision 1.1 | |
| 2841 | diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.m4 | |
| 2842 | --- ./fastrpz/rpz.m4 | |
| 2843 | +++ ./fastrpz/rpz.m4 | |
| 2844 | @@ -0,0 +1,64 @@ | |
| 2845 | +# fastrpz/rpz.m4 | |
| 2846 | + | |
| 2847 | +# ck_FASTRPZ | |
| 2848 | +# -------------------------------------------------------------------------- | |
| 2849 | +# check for Fastrpz | |
| 2850 | +# --enable-fastrpz enable Fastrpz response policy zones | |
| 2851 | +# --enable-fastrpz-dl Fastrpz delayed link [default=have dlopen] | |
| 2852 | +# --with-fastrpz-dir directory containing librpz.so | |
| 2853 | +# | |
| 2854 | +# Fastrpz can be compiled into Unbound everywhere with a reasonably | |
| 2855 | +# modern C compiler. It is enabled on systems with dlopen() and librpz.so. | |
| 2856 | + | |
| 2857 | +AC_DEFUN([ck_FASTRPZ], | |
| 2858 | +[ | |
| 2859 | + fastrpz_avail=yes | |
| 2860 | + AC_MSG_CHECKING([for librpz __attribute__s]) | |
| 2861 | + AC_TRY_COMPILE(,[ | |
| 2862 | + extern void f(char *p __attribute__((unused)), ...) | |
| 2863 | + __attribute__((format(printf,1,2))) __attribute__((__noreturn__));], | |
| 2864 | + librpz_have_attr=yes | |
| 2865 | + AC_DEFINE([LIBRPZ_HAVE_ATTR], 1, [have __attribute__s used in librpz.h]) | |
| 2866 | + AC_MSG_RESULT([yes]), | |
| 2867 | + librpz_have_attr=no | |
| 2868 | + AC_MSG_RESULT([no])) | |
| 2869 | + | |
| 2870 | + AC_SEARCH_LIBS(dlopen, dl) | |
| 2871 | + librpz_dl=yes | |
| 2872 | + AC_CHECK_FUNCS(dlopen dlclose dlsym,,librpz_dl=no) | |
| 2873 | + AC_ARG_ENABLE([fastrpz-dl], | |
| 2874 | + [ --enable-fastrpz-dl Fastrpz delayed link [[default=$librpz_dl]]], | |
| 2875 | + [enable_librpz_dl="$enableval"], | |
| 2876 | + [enable_librpz_dl="$librpz_dl"]) | |
| 2877 | + AC_ARG_WITH([fastrpz-dir], | |
| 2878 | + [ --with-fastrpz-dir directory containing librpz.so], | |
| 2879 | + [librpz_path="$withval/librpz.so"], [librpz_path="librpz.so"]) | |
| 2880 | + AC_DEFINE_UNQUOTED([FASTRPZ_LIBRPZ_PATH], ["$librpz_path"], | |
| 2881 | + [fastrpz librpz.so]) | |
| 2882 | + if test "x$enable_librpz_dl" = "xyes"; then | |
| 2883 | + fastrpz_lib_open=2 | |
| 2884 | + else | |
| 2885 | + fastrpz_lib_open=1 | |
| 2886 | + # Add librpz.so to linked libraries if we are not using dlopen() | |
| 2887 | + AC_SEARCH_LIBS([librpz_client_create], [rpz], [], | |
| 2888 | + [fastrpz_lib_open=0 | |
| 2889 | + fastrpz_avail=no]) | |
| 2890 | + fi | |
| 2891 | + AC_DEFINE_UNQUOTED([FASTRPZ_LIB_OPEN], [$fastrpz_lib_open], | |
| 2892 | + [0=no fastrpz 1=static link 2=dlopen()]) | |
| 2893 | + | |
| 2894 | + AC_ARG_ENABLE([fastrpz], | |
| 2895 | + AS_HELP_STRING([--enable-fastrpz],[enable Fastrpz response policy zones]), | |
| 2896 | + [enable_fastrpz=$enableval],[enable_fastrpz=$fastrpz_avail]) | |
| 2897 | + if test "x$enable_fastrpz" = xyes; then | |
| 2898 | + AC_DEFINE([ENABLE_FASTRPZ], [1], [Enable fastrpz]) | |
| 2899 | + if test "x$fastrpz_lib_open" = "x0"; then | |
| 2900 | + AC_MSG_ERROR([[dlopen and librpz.so needed for fastrpz]]) | |
| 2901 | + fi | |
| 2902 | + # used in Makefile.in | |
| 2903 | + AC_SUBST([FASTRPZ_SRC], [fastrpz/rpz.c]) | |
| 2904 | + AC_SUBST([FASTRPZ_OBJ], [rpz.lo]) | |
| 2905 | + elif test "x$fastrpz_avail" = "x0"; then | |
| 2906 | + AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]]) | |
| 2907 | + fi | |
| 2908 | +]) | |
| 2909 | =================================================================== | |
| 2910 | RCS file: ./iterator/RCS/iterator.c,v | |
| 2911 | retrieving revision 1.1 | |
| 2912 | diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c | |
| 2913 | --- ./iterator/iterator.c | |
| 2914 | +++ ./iterator/iterator.c | |
| 2915 | @@ -67,6 +67,9 @@ | |
| 2916 | #include "sldns/str2wire.h" | |
| 2917 | #include "sldns/parseutil.h" | |
| 2918 | #include "sldns/sbuffer.h" | |
| 2919 | +#ifdef ENABLE_FASTRPZ | |
| 2920 | +#include "fastrpz/rpz.h" | |
| 2921 | +#endif | |
| 2922 | ||
| 2923 | int | |
| 2924 | iter_init(struct module_env* env, int id) | |
| 2925 | @@ -487,6 +490,23 @@ | |
| 2926 | if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && | |
| 2927 | query_dname_compare(*mname, r->rk.dname) == 0 && | |
| 2928 | !iter_find_rrset_in_prepend_answer(iq, r)) { | |
| 2929 | +#ifdef ENABLE_FASTRPZ | |
| 2930 | + /* Stop adding CNAME rrsets to the prepend list | |
| 2931 | + * before defining an RPZ hit. */ | |
| 2932 | + if(!iq->rpz_rewritten) { | |
| 2933 | + switch (rpz_cname(qstate, *mname, *mname_len)) { | |
| 2934 | + case rpz_cname_fail: | |
| 2935 | + /* send SERVFAIL */ | |
| 2936 | + return 0; | |
| 2937 | + case rpz_cname_prepend: | |
| 2938 | + /* save the CNAME. */ | |
| 2939 | + break; | |
| 2940 | + case rpz_cname_stop: | |
| 2941 | + /* Pause before adding the CNAME. */ | |
| 2942 | + goto stop_short; | |
| 2943 | + } | |
| 2944 | + } | |
| 2945 | +#endif | |
| 2946 | /* Add this relevant CNAME rrset to the prepend list.*/ | |
| 2947 | if(!iter_add_prepend_answer(qstate, iq, r)) | |
| 2948 | return 0; | |
| 2949 | @@ -495,6 +515,9 @@ | |
| 2950 | ||
| 2951 | /* Other rrsets in the section are ignored. */ | |
| 2952 | } | |
| 2953 | +#ifdef ENABLE_FASTRPZ | |
| 2954 | +stop_short: ; | |
| 2955 | +#endif | |
| 2956 | /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ | |
| 2957 | for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets + | |
| 2958 | msg->rep->ns_numrrsets; i++) { | |
| 2959 | @@ -996,6 +1019,7 @@ | |
| 2960 | uint8_t* delname; | |
| 2961 | size_t delnamelen; | |
| 2962 | struct dns_msg* msg = NULL; | |
| 2963 | + enum response_type type; | |
| 2964 | ||
| 2965 | log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); | |
| 2966 | /* check effort */ | |
| 2967 | @@ -1056,8 +1080,7 @@ | |
| 2968 | } | |
| 2969 | if(msg) { | |
| 2970 | /* handle positive cache response */ | |
| 2971 | - enum response_type type = response_type_from_cache(msg, | |
| 2972 | - &iq->qchase); | |
| 2973 | + type = response_type_from_cache(msg, &iq->qchase); | |
| 2974 | if(verbosity >= VERB_ALGO) { | |
| 2975 | log_dns_msg("msg from cache lookup", &msg->qinfo, | |
| 2976 | msg->rep); | |
| 2977 | @@ -1065,7 +1088,22 @@ | |
| 2978 | (int)msg->rep->ttl, | |
| 2979 | (int)msg->rep->prefetch_ttl); | |
| 2980 | } | |
| 2981 | +#ifdef ENABLE_FASTRPZ | |
| 2982 | + } | |
| 2983 | + /* Check for an RPZ hit in the cached DNS message or an existing | |
| 2984 | + * RPZ CNAME rewrite that can be resolved now after a hit on the QNAME | |
| 2985 | + * or client IP address. This can involve a creating a fake cache | |
| 2986 | + * hit. It can also involve overriding an RESPONSE_TYPE_ANSWER | |
| 2987 | + * result from response_type_from_cache(). Or it can ignore | |
| 2988 | + * the cached result to refetch glue. */ | |
| 2989 | + if(!iq->rpz_rewritten && | |
| 2990 | + qstate->mesh_info->reply_list && | |
| 2991 | + qstate->mesh_info->reply_list->query_reply.rpz && | |
| 2992 | + !rpz_iter_cache(&msg, &type, qstate, iq)) | |
| 2993 | + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); | |
| 2994 | ||
| 2995 | + if(msg) { | |
| 2996 | +#endif | |
| 2997 | if(type == RESPONSE_TYPE_CNAME) { | |
| 2998 | uint8_t* sname = 0; | |
| 2999 | size_t slen = 0; | |
| 3000 | @@ -2321,6 +2359,62 @@ | |
| 3001 | sock_list_insert(&qstate->reply_origin, | |
| 3002 | &qstate->reply->addr, qstate->reply->addrlen, | |
| 3003 | qstate->region); | |
| 3004 | +#ifdef ENABLE_FASTRPZ | |
| 3005 | + /* Check the response for an RPZ hit. The response has already | |
| 3006 | + * been saved in the cache. This should have the same effect | |
| 3007 | + * as finding that response in the cache. | |
| 3008 | + * We have already used rpz_iter_cache() at least once. */ | |
| 3009 | + if(!iq->rpz_rewritten && | |
| 3010 | + qstate->mesh_info->reply_list && | |
| 3011 | + qstate->mesh_info->reply_list->query_reply.rpz) { | |
| 3012 | + struct dns_msg* resp; | |
| 3013 | + bool is_cname; | |
| 3014 | + uint8_t* sname; | |
| 3015 | + size_t slen; | |
| 3016 | + | |
| 3017 | + switch (rpz_iter_resp(qstate, iq, &resp, &is_cname)) { | |
| 3018 | + case rpz_iter_resp_fail: | |
| 3019 | + return error_response(qstate, id, | |
| 3020 | + LDNS_RCODE_SERVFAIL); | |
| 3021 | + case rpz_iter_resp_rewrite: | |
| 3022 | + /* Prepend any initial CNAMEs from the original | |
| 3023 | + * response up to a hit. */ | |
| 3024 | + if(!handle_cname_response(qstate, iq, | |
| 3025 | + iq->response, | |
| 3026 | + &sname, &slen)) | |
| 3027 | + return error_response(qstate, id, | |
| 3028 | + LDNS_RCODE_SERVFAIL); | |
| 3029 | + if (resp) { | |
| 3030 | + iq->response = resp; | |
| 3031 | + iq->rpz_security = resp->rep->security; | |
| 3032 | + iq->rpz_rewritten = 1; | |
| 3033 | + | |
| 3034 | + /* Send the rewritten record if it | |
| 3035 | + * is not a CNAME. */ | |
| 3036 | + if(!is_cname) | |
| 3037 | + break; | |
| 3038 | + | |
| 3039 | + /* Prepend the new CNAME | |
| 3040 | + * and restart to resolve it. */ | |
| 3041 | + if(!handle_cname_response(qstate, iq, | |
| 3042 | + resp, &sname, &slen)) | |
| 3043 | + return error_response(qstate, id, | |
| 3044 | + LDNS_RCODE_SERVFAIL); | |
| 3045 | + } | |
| 3046 | + iq->qchase.qname = sname; | |
| 3047 | + iq->qchase.qname_len = slen; | |
| 3048 | + iq->dp = NULL; | |
| 3049 | + iq->refetch_glue = 0; | |
| 3050 | + iq->query_restart_count++; | |
| 3051 | + iq->sent_count = 0; | |
| 3052 | + iq->state = INIT_REQUEST_STATE; | |
| 3053 | + return 1; | |
| 3054 | + | |
| 3055 | + case rpz_iter_resp_done: | |
| 3056 | + break; | |
| 3057 | + } | |
| 3058 | + } | |
| 3059 | +#endif | |
| 3060 | if(iq->minimisation_state != DONOT_MINIMISE_STATE) { | |
| 3061 | if(FLAGS_GET_RCODE(iq->response->rep->flags) != | |
| 3062 | LDNS_RCODE_NOERROR) { | |
| 3063 | @@ -3022,12 +3116,44 @@ | |
| 3064 | * but only if we did recursion. The nonrecursion referral | |
| 3065 | * from cache does not need to be stored in the msg cache. */ | |
| 3066 | if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { | |
| 3067 | +#ifdef ENABLE_FASTRPZ | |
| 3068 | + /* Do not save RPZ rewritten messages. */ | |
| 3069 | + if(!iq->rpz_rewritten) | |
| 3070 | +#endif | |
| 3071 | iter_dns_store(qstate->env, &qstate->qinfo, | |
| 3072 | iq->response->rep, 0, qstate->prefetch_leeway, | |
| 3073 | iq->dp&&iq->dp->has_parent_side_NS, | |
| 3074 | qstate->region, qstate->query_flags); | |
| 3075 | } | |
| 3076 | } | |
| 3077 | +#ifdef ENABLE_FASTRPZ | |
| 3078 | + if(iq->rpz_rewritten) { | |
| 3079 | + /* Restore RPZ marks on a rewritten response. The marks | |
| 3080 | + * are lost if the rewrite is to a CNAME. */ | |
| 3081 | + iq->response->rep->security = iq->rpz_security; | |
| 3082 | + | |
| 3083 | + /* Append the RPZ SOA to rewritten CNAME chains. */ | |
| 3084 | + if(iq->rpz_soa) { | |
| 3085 | + struct ub_packed_rrset_key** sets; | |
| 3086 | + uint n; | |
| 3087 | + | |
| 3088 | + n = iq->response->rep->rrset_count; | |
| 3089 | + sets = regional_alloc(qstate->region, | |
| 3090 | + (1+n) * sizeof(*sets)); | |
| 3091 | + if(!sets) { | |
| 3092 | + log_err("append RPZ SOA: out of memory"); | |
| 3093 | + return error_response(qstate, id, | |
| 3094 | + LDNS_RCODE_SERVFAIL); | |
| 3095 | + } | |
| 3096 | + memcpy(sets, iq->response->rep->rrsets, | |
| 3097 | + n * sizeof(struct ub_packed_rrset_key*)); | |
| 3098 | + sets[n] = iq->rpz_soa; | |
| 3099 | + iq->response->rep->rrsets = sets; | |
| 3100 | + ++iq->response->rep->rrset_count; | |
| 3101 | + ++iq->response->rep->ar_numrrsets; | |
| 3102 | + } | |
| 3103 | + } | |
| 3104 | +#endif | |
| 3105 | qstate->return_rcode = LDNS_RCODE_NOERROR; | |
| 3106 | qstate->return_msg = iq->response; | |
| 3107 | return 0; | |
| 3108 | =================================================================== | |
| 3109 | RCS file: ./iterator/RCS/iterator.h,v | |
| 3110 | retrieving revision 1.1 | |
| 3111 | diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.h | |
| 3112 | --- ./iterator/iterator.h | |
| 3113 | +++ ./iterator/iterator.h | |
| 3114 | @@ -381,6 +381,16 @@ | |
| 3115 | */ | |
| 3116 | int minimise_count; | |
| 3117 | ||
| 3118 | + | |
| 3119 | +#ifdef ENABLE_FASTRPZ | |
| 3120 | + /** The response has been rewritten by RPZ. */ | |
| 3121 | + int rpz_rewritten; | |
| 3122 | + /** RPZ SOA RR for the ADDITIONAL section */ | |
| 3123 | + struct ub_packed_rrset_key* rpz_soa; | |
| 3124 | + /** sec_status_rpz_rewritten or sec_status_rpz_drop if rewritten. */ | |
| 3125 | + enum sec_status rpz_security; | |
| 3126 | +#endif | |
| 3127 | + | |
| 3128 | /** | |
| 3129 | * Count number of time-outs. Used to prevent resolving failures when | |
| 3130 | * the QNAME minimisation QTYPE is blocked. */ | |
| 3131 | =================================================================== | |
| 3132 | RCS file: ./services/cache/RCS/dns.c,v | |
| 3133 | retrieving revision 1.1 | |
| 3134 | diff -u --unidirectional-new-file -r1.1 ./services/cache/dns.c | |
| 3135 | --- ./services/cache/dns.c | |
| 3136 | +++ ./services/cache/dns.c | |
| 3137 | @@ -838,6 +838,14 @@ | |
| 3138 | struct regional* region, uint16_t flags) | |
| 3139 | { | |
| 3140 | struct reply_info* rep = NULL; | |
| 3141 | + | |
| 3142 | +#ifdef ENABLE_FASTRPZ | |
| 3143 | + /* Never save RPZ rewritten data. */ | |
| 3144 | + if (msgrep->security == sec_status_rpz_drop || | |
| 3145 | + msgrep->security == sec_status_rpz_rewritten) | |
| 3146 | + return 1; | |
| 3147 | +#endif | |
| 3148 | + | |
| 3149 | /* alloc, malloc properly (not in region, like msg is) */ | |
| 3150 | rep = reply_info_copy(msgrep, env->alloc, NULL); | |
| 3151 | if(!rep) | |
| 3152 | =================================================================== | |
| 3153 | RCS file: ./services/RCS/mesh.c,v | |
| 3154 | retrieving revision 1.1 | |
| 3155 | diff -u --unidirectional-new-file -r1.1 ./services/mesh.c | |
| 3156 | --- ./services/mesh.c | |
| 3157 | +++ ./services/mesh.c | |
| 3158 | @@ -59,6 +59,9 @@ | |
| 3159 | #include "sldns/wire2str.h" | |
| 3160 | #include "services/localzone.h" | |
| 3161 | #include "util/data/dname.h" | |
| 3162 | +#ifdef ENABLE_FASTRPZ | |
| 3163 | +#include "fastrpz/rpz.h" | |
| 3164 | +#endif | |
| 3165 | #include "respip/respip.h" | |
| 3166 | ||
| 3167 | /** subtract timers and the values do not overflow or become negative */ | |
| 3168 | @@ -1011,6 +1014,13 @@ | |
| 3169 | else secure = 0; | |
| 3170 | if(!rep && rcode == LDNS_RCODE_NOERROR) | |
| 3171 | rcode = LDNS_RCODE_SERVFAIL; | |
| 3172 | +#ifdef ENABLE_FASTRPZ | |
| 3173 | + /* Drop the response here for LIBRPZ_POLICY_DROP after iteration. */ | |
| 3174 | + if(rep && rep->security == sec_status_rpz_drop) { | |
| 3175 | + log_query_info(VERB_QUERY, "rpz drop", &m->s.qinfo); | |
| 3176 | + secure = 0; | |
| 3177 | + } else | |
| 3178 | +#endif | |
| 3179 | /* send the reply */ | |
| 3180 | /* We don't reuse the encoded answer if either the previous or current | |
| 3181 | * response has a local alias. We could compare the alias records | |
| 3182 | @@ -1160,6 +1170,7 @@ | |
| 3183 | key.s.is_valrec = valrec; | |
| 3184 | key.s.qinfo = *qinfo; | |
| 3185 | key.s.query_flags = qflags; | |
| 3186 | + key.reply_list = NULL; | |
| 3187 | /* We are searching for a similar mesh state when we DO want to | |
| 3188 | * aggregate the state. Thus unique is set to NULL. (default when we | |
| 3189 | * desire aggregation).*/ | |
| 3190 | @@ -1206,6 +1217,10 @@ | |
| 3191 | if(!r) | |
| 3192 | return 0; | |
| 3193 | r->query_reply = *rep; | |
| 3194 | +#ifdef ENABLE_FASTRPZ | |
| 3195 | + /* The new reply structure owns the RPZ state. */ | |
| 3196 | + rep->rpz = NULL; | |
| 3197 | +#endif | |
| 3198 | r->edns = *edns; | |
| 3199 | if(edns->opt_list) { | |
| 3200 | r->edns.opt_list = edns_opt_copy_region(edns->opt_list, | |
| 3201 | =================================================================== | |
| 3202 | RCS file: ./util/RCS/config_file.c,v | |
| 3203 | retrieving revision 1.1 | |
| 3204 | diff -u --unidirectional-new-file -r1.1 ./util/config_file.c | |
| 3205 | --- ./util/config_file.c | |
| 3206 | +++ ./util/config_file.c | |
| 3207 | @@ -1167,6 +1167,8 @@ | |
| 3208 | free(cfg->dnstap_socket_path); | |
| 3209 | free(cfg->dnstap_identity); | |
| 3210 | free(cfg->dnstap_version); | |
| 3211 | + if (cfg->rpz_cstr) | |
| 3212 | + free(cfg->rpz_cstr); | |
| 3213 | config_deldblstrlist(cfg->ratelimit_for_domain); | |
| 3214 | config_deldblstrlist(cfg->ratelimit_below_domain); | |
| 3215 | free(cfg); | |
| 3216 | =================================================================== | |
| 3217 | RCS file: ./util/RCS/config_file.h,v | |
| 3218 | retrieving revision 1.1 | |
| 3219 | diff -u --unidirectional-new-file -r1.1 ./util/config_file.h | |
| 3220 | --- ./util/config_file.h | |
| 3221 | +++ ./util/config_file.h | |
| 3222 | @@ -416,6 +416,11 @@ | |
| 3223 | /** true to disable DNSSEC lameness check in iterator */ | |
| 3224 | int disable_dnssec_lame_check; | |
| 3225 | ||
| 3226 | + /** true to enable RPZ */ | |
| 3227 | + int rpz_enable; | |
| 3228 | + /** RPZ configuration */ | |
| 3229 | + char* rpz_cstr; | |
| 3230 | + | |
| 3231 | /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ | |
| 3232 | int ip_ratelimit; | |
| 3233 | /** number of slabs for ip_ratelimit cache */ | |
| 3234 | =================================================================== | |
| 3235 | RCS file: ./util/RCS/configlexer.lex,v | |
| 3236 | retrieving revision 1.1 | |
| 3237 | diff -u --unidirectional-new-file -r1.1 ./util/configlexer.lex | |
| 3238 | --- ./util/configlexer.lex | |
| 3239 | +++ ./util/configlexer.lex | |
| 3240 | @@ -395,6 +395,10 @@ | |
| 3241 | YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } | |
| 3242 | dnstap-log-forwarder-response-messages{COLON} { | |
| 3243 | YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } | |
| 3244 | +rpz{COLON} { YDVAR(0, VAR_RPZ) } | |
| 3245 | +rpz-enable{COLON} { YDVAR(1, VAR_RPZ_ENABLE) } | |
| 3246 | +rpz-zone{COLON} { YDVAR(1, VAR_RPZ_ZONE) } | |
| 3247 | +rpz-option{COLON} { YDVAR(1, VAR_RPZ_OPTION) } | |
| 3248 | disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } | |
| 3249 | ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } | |
| 3250 | ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } | |
| 3251 | =================================================================== | |
| 3252 | RCS file: ./util/RCS/configparser.y,v | |
| 3253 | retrieving revision 1.1 | |
| 3254 | diff -u --unidirectional-new-file -r1.1 ./util/configparser.y | |
| 3255 | --- ./util/configparser.y | |
| 3256 | +++ ./util/configparser.y | |
| 3257 | @@ -124,6 +124,7 @@ | |
| 3258 | %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES | |
| 3259 | %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES | |
| 3260 | %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES | |
| 3261 | +%token VAR_RPZ VAR_RPZ_ENABLE VAR_RPZ_ZONE VAR_RPZ_OPTION | |
| 3262 | %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA | |
| 3263 | %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT | |
| 3264 | %token VAR_DISABLE_DNSSEC_LAME_CHECK | |
| 3265 | @@ -150,7 +151,7 @@ | |
| 3266 | toplevelvar: serverstart contents_server | stubstart contents_stub | | |
| 3267 | forwardstart contents_forward | pythonstart contents_py | | |
| 3268 | rcstart contents_rc | dtstart contents_dt | viewstart | |
| 3269 | - contents_view | | |
| 3270 | + contents_view | rpzstart contents_rpz | | |
| 3271 | dnscstart contents_dnsc | |
| 3272 | ; | |
| 3273 | ||
| 3274 | @@ -2160,6 +2161,50 @@ | |
| 3275 | (strcmp($2, "yes")==0); | |
| 3276 | } | |
| 3277 | ; | |
| 3278 | +rpzstart: VAR_RPZ | |
| 3279 | + { | |
| 3280 | + OUTYY(("\nP(rpz:)\n")); | |
| 3281 | + } | |
| 3282 | + ; | |
| 3283 | +contents_rpz: contents_rpz content_rpz | |
| 3284 | + | ; | |
| 3285 | +content_rpz: rpz_enable | rpz_zone | rpz_option | |
| 3286 | + ; | |
| 3287 | +rpz_enable: VAR_RPZ_ENABLE STRING_ARG | |
| 3288 | + { | |
| 3289 | + OUTYY(("P(rpz_enable:%s)\n", $2)); | |
| 3290 | + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 3291 | + yyerror("expected yes or no."); | |
| 3292 | + else cfg_parser->cfg->rpz_enable = (strcmp($2, "yes")==0); | |
| 3293 | + free($2); | |
| 3294 | + } | |
| 3295 | + ; | |
| 3296 | +rpz_zone: VAR_RPZ_ZONE STRING_ARG | |
| 3297 | + { | |
| 3298 | + char *new_cstr, *old_cstr; | |
| 3299 | + | |
| 3300 | + OUTYY(("P(rpz_zone:%s)\n", $2)); | |
| 3301 | + old_cstr = cfg_parser->cfg->rpz_cstr; | |
| 3302 | + asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2); | |
| 3303 | + if(!new_cstr) | |
| 3304 | + yyerror("out of memory"); | |
| 3305 | + free(old_cstr); | |
| 3306 | + cfg_parser->cfg->rpz_cstr = new_cstr; | |
| 3307 | + } | |
| 3308 | + ; | |
| 3309 | +rpz_option: VAR_RPZ_OPTION STRING_ARG | |
| 3310 | + { | |
| 3311 | + char *new_cstr, *old_cstr; | |
| 3312 | + | |
| 3313 | + OUTYY(("P(rpz_option:%s)\n", $2)); | |
| 3314 | + old_cstr = cfg_parser->cfg->rpz_cstr; | |
| 3315 | + asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2); | |
| 3316 | + if(!new_cstr) | |
| 3317 | + yyerror("out of memory"); | |
| 3318 | + free(old_cstr); | |
| 3319 | + cfg_parser->cfg->rpz_cstr = new_cstr; | |
| 3320 | + } | |
| 3321 | + ; | |
| 3322 | pythonstart: VAR_PYTHON | |
| 3323 | { | |
| 3324 | OUTYY(("\nP(python:)\n")); | |
| 3325 | =================================================================== | |
| 3326 | RCS file: ./util/data/RCS/msgencode.c,v | |
| 3327 | retrieving revision 1.1 | |
| 3328 | diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c | |
| 3329 | --- ./util/data/msgencode.c | |
| 3330 | +++ ./util/data/msgencode.c | |
| 3331 | @@ -585,6 +585,35 @@ | |
| 3332 | return RETVAL_OK; | |
| 3333 | } | |
| 3334 | ||
| 3335 | +#ifdef ENABLE_FASTRPZ | |
| 3336 | +/* Insert the RPZ SOA even with MINIMAL_RESPONSES */ | |
| 3337 | +static int | |
| 3338 | +insert_rpz_soa(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, | |
| 3339 | + sldns_buffer* pkt, size_t rrsets_before, time_t timenow, | |
| 3340 | + struct regional* region, struct compress_tree_node** tree, | |
| 3341 | + size_t rr_offset) | |
| 3342 | +{ | |
| 3343 | + int r; | |
| 3344 | + size_t i, setstart; | |
| 3345 | + | |
| 3346 | + *num_rrs = 0; | |
| 3347 | + for(i=0; i<num_rrsets; i++) { | |
| 3348 | + if (rep->rrsets[rrsets_before+i]->rk.type != LDNS_RR_TYPE_SOA) | |
| 3349 | + continue; | |
| 3350 | + setstart = sldns_buffer_position(pkt); | |
| 3351 | + if((r=packed_rrset_encode(rep->rrsets[rrsets_before+i], | |
| 3352 | + pkt, num_rrs, timenow, region, | |
| 3353 | + 1, 0, tree, LDNS_SECTION_ADDITIONAL, | |
| 3354 | + LDNS_RR_TYPE_ANY, 0, rr_offset)) | |
| 3355 | + != RETVAL_OK) { | |
| 3356 | + sldns_buffer_set_position(pkt, setstart); | |
| 3357 | + return r; | |
| 3358 | + } | |
| 3359 | + } | |
| 3360 | + return RETVAL_OK; | |
| 3361 | +} | |
| 3362 | + | |
| 3363 | +#endif | |
| 3364 | /** store query section in wireformat buffer, return RETVAL */ | |
| 3365 | static int | |
| 3366 | insert_query(struct query_info* qinfo, struct compress_tree_node** tree, | |
| 3367 | @@ -748,6 +777,19 @@ | |
| 3368 | return 0; | |
| 3369 | } | |
| 3370 | sldns_buffer_write_u16_at(buffer, 10, arcount); | |
| 3371 | +#ifdef ENABLE_FASTRPZ | |
| 3372 | + } else if(rep->security == sec_status_rpz_rewritten) { | |
| 3373 | + /* Insert the RPZ SOA for rpz even with MINIMAL_RESPONSES */ | |
| 3374 | + r = insert_rpz_soa(rep, rep->ar_numrrsets, &arcount, buffer, | |
| 3375 | + rep->an_numrrsets + rep->ns_numrrsets, | |
| 3376 | + timenow, region, &tree, rr_offset); | |
| 3377 | + if(r!= RETVAL_OK) { | |
| 3378 | + if(r != RETVAL_TRUNC) | |
| 3379 | + return 0; | |
| 3380 | + /* no need to set TC bit, this is the additional */ | |
| 3381 | + sldns_buffer_write_u16_at(buffer, 10, arcount); | |
| 3382 | + } | |
| 3383 | +#endif | |
| 3384 | } | |
| 3385 | sldns_buffer_flip(buffer); | |
| 3386 | return 1; | |
| 3387 | =================================================================== | |
| 3388 | RCS file: ./util/data/RCS/packed_rrset.c,v | |
| 3389 | retrieving revision 1.1 | |
| 3390 | diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.c | |
| 3391 | --- ./util/data/packed_rrset.c | |
| 3392 | +++ ./util/data/packed_rrset.c | |
| 3393 | @@ -254,6 +254,10 @@ | |
| 3394 | case sec_status_indeterminate: return "sec_status_indeterminate"; | |
| 3395 | case sec_status_insecure: return "sec_status_insecure"; | |
| 3396 | case sec_status_secure: return "sec_status_secure"; | |
| 3397 | +#ifdef ENABLE_FASTRPZ | |
| 3398 | + case sec_status_rpz_rewritten: return "sec_status_rpz_rewritten"; | |
| 3399 | + case sec_status_rpz_drop: return "sec_status_rpz_drop"; | |
| 3400 | +#endif | |
| 3401 | } | |
| 3402 | return "unknown_sec_status_value"; | |
| 3403 | } | |
| 3404 | =================================================================== | |
| 3405 | RCS file: ./util/data/RCS/packed_rrset.h,v | |
| 3406 | retrieving revision 1.1 | |
| 3407 | diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.h | |
| 3408 | --- ./util/data/packed_rrset.h | |
| 3409 | +++ ./util/data/packed_rrset.h | |
| 3410 | @@ -189,7 +189,15 @@ | |
| 3411 | sec_status_insecure, | |
| 3412 | /** SECURE means that the object (RRset or message) validated | |
| 3413 | * according to local policy. */ | |
| 3414 | - sec_status_secure | |
| 3415 | + sec_status_secure, | |
| 3416 | +#ifdef ENABLE_FASTRPZ | |
| 3417 | + /** RPZ_REWRITTEN means that the response has been rewritten by | |
| 3418 | + * rpz and so cannot be verified. */ | |
| 3419 | + sec_status_rpz_rewritten, | |
| 3420 | + /** RPZ_DROP means that the response has been rewritten by rpz | |
| 3421 | + * as silence. */ | |
| 3422 | + sec_status_rpz_drop | |
| 3423 | +#endif | |
| 3424 | }; | |
| 3425 | ||
| 3426 | /** | |
| 3427 | =================================================================== | |
| 3428 | RCS file: ./util/RCS/netevent.c,v | |
| 3429 | retrieving revision 1.1 | |
| 3430 | diff -u --unidirectional-new-file -r1.1 ./util/netevent.c | |
| 3431 | --- ./util/netevent.c | |
| 3432 | +++ ./util/netevent.c | |
| 3433 | @@ -54,6 +54,9 @@ | |
| 3434 | #ifdef HAVE_OPENSSL_ERR_H | |
| 3435 | #include <openssl/err.h> | |
| 3436 | #endif | |
| 3437 | +#ifdef ENABLE_FASTRPZ | |
| 3438 | +#include "fastrpz/rpz.h" | |
| 3439 | +#endif | |
| 3440 | ||
| 3441 | /* -------- Start of local definitions -------- */ | |
| 3442 | /** if CMSG_ALIGN is not defined on this platform, a workaround */ | |
| 3443 | @@ -579,6 +582,9 @@ | |
| 3444 | struct cmsghdr* cmsg; | |
| 3445 | #endif /* S_SPLINT_S */ | |
| 3446 | ||
| 3447 | +#ifdef ENABLE_FASTRPZ | |
| 3448 | + rep.rpz = NULL; | |
| 3449 | +#endif | |
| 3450 | rep.c = (struct comm_point*)arg; | |
| 3451 | log_assert(rep.c->type == comm_udp); | |
| 3452 | ||
| 3453 | @@ -668,6 +674,9 @@ | |
| 3454 | int i; | |
| 3455 | struct sldns_buffer *buffer; | |
| 3456 | ||
| 3457 | +#ifdef ENABLE_FASTRPZ | |
| 3458 | + rep.rpz = NULL; | |
| 3459 | +#endif | |
| 3460 | rep.c = (struct comm_point*)arg; | |
| 3461 | log_assert(rep.c->type == comm_udp); | |
| 3462 | ||
| 3463 | @@ -711,6 +720,9 @@ | |
| 3464 | (void)comm_point_send_udp_msg(rep.c, buffer, | |
| 3465 | (struct sockaddr*)&rep.addr, rep.addrlen); | |
| 3466 | } | |
| 3467 | +#ifdef ENABLE_FASTRPZ | |
| 3468 | + rpz_end(&rep); | |
| 3469 | +#endif | |
| 3470 | if(rep.c->fd != fd) /* commpoint closed to -1 or reused for | |
| 3471 | another UDP port. Note rep.c cannot be reused with TCP fd. */ | |
| 3472 | break; | |
| 3473 | @@ -2145,6 +2157,9 @@ | |
| 3474 | comm_point_start_listening(repinfo->c, -1, | |
| 3475 | repinfo->c->tcp_timeout_msec); | |
| 3476 | } | |
| 3477 | +#ifdef ENABLE_FASTRPZ | |
| 3478 | + rpz_end(repinfo); | |
| 3479 | +#endif | |
| 3480 | } | |
| 3481 | ||
| 3482 | void | |
| 3483 | @@ -2154,6 +2169,9 @@ | |
| 3484 | return; | |
| 3485 | log_assert(repinfo && repinfo->c); | |
| 3486 | log_assert(repinfo->c->type != comm_tcp_accept); | |
| 3487 | +#ifdef ENABLE_FASTRPZ | |
| 3488 | + rpz_end(repinfo); | |
| 3489 | +#endif | |
| 3490 | if(repinfo->c->type == comm_udp) | |
| 3491 | return; | |
| 3492 | reclaim_tcp_handler(repinfo->c); | |
| 3493 | @@ -2173,6 +2191,9 @@ | |
| 3494 | { | |
| 3495 | verbose(VERB_ALGO, "comm point start listening %d", | |
| 3496 | c->fd==-1?newfd:c->fd); | |
| 3497 | +#ifdef ENABLE_FASTRPZ | |
| 3498 | + rpz_end(&c->repinfo); | |
| 3499 | +#endif | |
| 3500 | if(c->type == comm_tcp_accept && !c->tcp_free) { | |
| 3501 | /* no use to start listening no free slots. */ | |
| 3502 | return; | |
| 3503 | =================================================================== | |
| 3504 | RCS file: ./util/RCS/netevent.h,v | |
| 3505 | retrieving revision 1.1 | |
| 3506 | diff -u --unidirectional-new-file -r1.1 ./util/netevent.h | |
| 3507 | --- ./util/netevent.h | |
| 3508 | +++ ./util/netevent.h | |
| 3509 | @@ -117,6 +117,10 @@ | |
| 3510 | /** return type 0 (none), 4(IP4), 6(IP6) */ | |
| 3511 | int srctype; | |
| 3512 | /* DnsCrypt context */ | |
| 3513 | +#ifdef ENABLE_FASTRPZ | |
| 3514 | + /** per-request RPZ state */ | |
| 3515 | + struct commreply_rpz* rpz; | |
| 3516 | +#endif | |
| 3517 | #ifdef USE_DNSCRYPT | |
| 3518 | uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; | |
| 3519 | uint8_t nmkey[crypto_box_BEFORENMBYTES]; | |
| 3520 | =================================================================== | |
| 3521 | RCS file: ./validator/RCS/validator.c,v | |
| 3522 | retrieving revision 1.1 | |
| 3523 | diff -u --unidirectional-new-file -r1.1 ./validator/validator.c | |
| 3524 | --- ./validator/validator.c | |
| 3525 | +++ ./validator/validator.c | |
| 3526 | @@ -2552,6 +2552,12 @@ | |
| 3527 | default: | |
| 3528 | /* NSEC proof did not work, try next */ | |
| 3529 | break; | |
| 3530 | +#ifdef ENABLE_FASTRPZ | |
| 3531 | + case sec_status_rpz_rewritten: | |
| 3532 | + case sec_status_rpz_drop: | |
| 3533 | + fatal_exit("impossible RPZ sec_status"); | |
| 3534 | + break; | |
| 3535 | +#endif | |
| 3536 | } | |
| 3537 | ||
| 3538 | sec = nsec3_prove_nods(qstate->env, ve, | |
| 3539 | @@ -2584,6 +2590,12 @@ | |
| 3540 | default: | |
| 3541 | /* NSEC3 proof did not work */ | |
| 3542 | break; | |
| 3543 | +#ifdef ENABLE_FASTRPZ | |
| 3544 | + case sec_status_rpz_rewritten: | |
| 3545 | + case sec_status_rpz_drop: | |
| 3546 | + fatal_exit("impossible RPZ sec_status"); | |
| 3547 | + break; | |
| 3548 | +#endif | |
| 3549 | } | |
| 3550 | ||
| 3551 | /* Apparently, no available NSEC/NSEC3 proved NODATA, so |
| 0 | Index: daemon/worker.c | |
| 1 | =================================================================== | |
| 2 | --- daemon/worker.c (revision 4191) | |
| 3 | +++ daemon/worker.c (working copy) | |
| 4 | @@ -663,8 +663,21 @@ | |
| 5 | if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep, | |
| 6 | LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) | |
| 7 | goto bail_out; | |
| 8 | - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, | |
| 9 | - qinfo, id, flags, edns); | |
| 10 | + if (qinfo->qtype == LDNS_RR_TYPE_A && | |
| 11 | + worker->env.cfg->redirect_bogus_ipv4) { | |
| 12 | + /* BAD cached */ | |
| 13 | + fixed_address_encode(repinfo->c->buffer, | |
| 14 | + LDNS_RCODE_NOERROR, qinfo, id, flags, edns, | |
| 15 | + worker->env.cfg->redirect_bogus_ipv4); | |
| 16 | + } else if (qinfo->qtype == LDNS_RR_TYPE_AAAA && | |
| 17 | + worker->env.cfg->redirect_bogus_ipv6) { | |
| 18 | + fixed_address_encode(repinfo->c->buffer, | |
| 19 | + LDNS_RCODE_NOERROR, qinfo, id, flags, edns, | |
| 20 | + worker->env.cfg->redirect_bogus_ipv6); | |
| 21 | + } else { | |
| 22 | + error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, | |
| 23 | + qinfo, id, flags, edns); | |
| 24 | + } | |
| 25 | rrset_array_unlock_touch(worker->env.rrset_cache, | |
| 26 | worker->scratchpad, rep->ref, rep->rrset_count); | |
| 27 | if(worker->stats.extended) { | |
| 28 | Index: doc/unbound.conf.5.in | |
| 29 | =================================================================== | |
| 30 | --- doc/unbound.conf.5.in (revision 4191) | |
| 31 | +++ doc/unbound.conf.5.in (working copy) | |
| 32 | @@ -1244,6 +1244,18 @@ | |
| 33 | This can make ordinary queries complete (if repeatedly queried for), | |
| 34 | and enter the cache, whilst also mitigating the traffic flow by the | |
| 35 | factor given. | |
| 36 | +.TP 5 | |
| 37 | +.B redirect-bogus-ipv4: \fI<IPv4 address> | |
| 38 | +Set a fixed address for DNSSEC failures that are cached | |
| 39 | +Instead of responding to A queries with SERVFAIL, respond | |
| 40 | +with NOERROR and the address specified here | |
| 41 | +The TTL of the response will be 5 seconds | |
| 42 | +.TP 5 | |
| 43 | +.B redirect-bogus-ipv6: \fI<IPv4 address> | |
| 44 | +Set a fixed address for DNSSEC failures that are cached | |
| 45 | +Instead of responding to AAAA queries with SERVFAIL, respond | |
| 46 | +with NOERROR and the address specified here | |
| 47 | +The TTL of the response will be 5 seconds | |
| 48 | .SS "Remote Control Options" | |
| 49 | In the | |
| 50 | .B remote\-control: | |
| 51 | Index: services/mesh.c | |
| 52 | =================================================================== | |
| 53 | --- services/mesh.c (revision 4191) | |
| 54 | +++ services/mesh.c (working copy) | |
| 55 | @@ -1006,6 +1006,7 @@ | |
| 56 | struct timeval end_time; | |
| 57 | struct timeval duration; | |
| 58 | int secure; | |
| 59 | + int bogus_override = 0; | |
| 60 | /* Copy the client's EDNS for later restore, to make sure the edns | |
| 61 | * compare is with the correct edns options. */ | |
| 62 | struct edns_data edns_bak = r->edns; | |
| 63 | @@ -1016,6 +1017,7 @@ | |
| 64 | rcode = LDNS_RCODE_SERVFAIL; | |
| 65 | if(m->s.env->cfg->stat_extended) | |
| 66 | m->s.env->mesh->ans_bogus++; | |
| 67 | + bogus_override = 1; | |
| 68 | } | |
| 69 | if(rep && rep->security == sec_status_secure) | |
| 70 | secure = 1; | |
| 71 | @@ -1047,17 +1049,34 @@ | |
| 72 | } else if(rcode) { | |
| 73 | m->s.qinfo.qname = r->qname; | |
| 74 | m->s.qinfo.local_alias = r->local_alias; | |
| 75 | - if(rcode == LDNS_RCODE_SERVFAIL) { | |
| 76 | - if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, | |
| 77 | - rep, rcode, &r->edns, m->s.region)) | |
| 78 | - r->edns.opt_list = NULL; | |
| 79 | - } else { | |
| 80 | - if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, | |
| 81 | - &r->edns, m->s.region)) | |
| 82 | - r->edns.opt_list = NULL; | |
| 83 | + if(bogus_override && m->s.qinfo.qtype == LDNS_RR_TYPE_A && | |
| 84 | + m->s.env->cfg->redirect_bogus_ipv4) { | |
| 85 | + fixed_address_encode(r->query_reply.c->buffer, | |
| 86 | + LDNS_RCODE_NOERROR, &m->s.qinfo, r->qid, | |
| 87 | + r->qflags, &r->edns, | |
| 88 | + m->s.env->cfg->redirect_bogus_ipv4); | |
| 89 | + } else if(bogus_override && | |
| 90 | + m->s.qinfo.qtype == LDNS_RR_TYPE_AAAA && | |
| 91 | + m->s.env->cfg->redirect_bogus_ipv6) { | |
| 92 | + fixed_address_encode(r->query_reply.c->buffer, | |
| 93 | + LDNS_RCODE_NOERROR, &m->s.qinfo, r->qid, | |
| 94 | + r->qflags, &r->edns, | |
| 95 | + m->s.env->cfg->redirect_bogus_ipv6); | |
| 96 | + } else { | |
| 97 | + if(rcode == LDNS_RCODE_SERVFAIL) { | |
| 98 | + if(!inplace_cb_reply_servfail_call(m->s.env, | |
| 99 | + &m->s.qinfo, &m->s, | |
| 100 | + rep, rcode, &r->edns, m->s.region)) | |
| 101 | + r->edns.opt_list = NULL; | |
| 102 | + } else { | |
| 103 | + if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, | |
| 104 | + &m->s, rep, rcode, &r->edns, | |
| 105 | + m->s.region)) | |
| 106 | + r->edns.opt_list = NULL; | |
| 107 | + } | |
| 108 | + error_encode(r->query_reply.c->buffer, rcode, | |
| 109 | + &m->s.qinfo, r->qid, r->qflags, &r->edns); | |
| 110 | } | |
| 111 | - error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo, | |
| 112 | - r->qid, r->qflags, &r->edns); | |
| 113 | comm_point_send_reply(&r->query_reply); | |
| 114 | } else { | |
| 115 | size_t udp_size = r->edns.udp_size; | |
| 116 | Index: util/config_file.c | |
| 117 | =================================================================== | |
| 118 | --- util/config_file.c (revision 4191) | |
| 119 | +++ util/config_file.c (working copy) | |
| 120 | @@ -273,6 +273,8 @@ | |
| 121 | cfg->ratelimit_factor = 10; | |
| 122 | cfg->qname_minimisation = 0; | |
| 123 | cfg->qname_minimisation_strict = 0; | |
| 124 | + cfg->redirect_bogus_ipv4 = NULL; | |
| 125 | + cfg->redirect_bogus_ipv6 = NULL; | |
| 126 | cfg->shm_enable = 0; | |
| 127 | cfg->shm_key = 11777; | |
| 128 | cfg->dnscrypt = 0; | |
| 129 | @@ -602,6 +604,10 @@ | |
| 130 | } | |
| 131 | oi[cfg->num_out_ifs++] = d; | |
| 132 | cfg->out_ifs = oi; | |
| 133 | + } else if (strcmp(opt, "redirect-bogus-ipv4:") == 0) { | |
| 134 | + cfg->redirect_bogus_ipv4 = strdup(val); | |
| 135 | + } else if (strcmp(opt, "redirect-bogus-ipv6:") == 0) { | |
| 136 | + cfg->redirect_bogus_ipv6 = strdup(val); | |
| 137 | } else { | |
| 138 | /* unknown or unsupported (from the set_option interface): | |
| 139 | * interface, outgoing-interface, access-control, | |
| 140 | @@ -1250,6 +1256,12 @@ | |
| 141 | free(cfg->dnstap_version); | |
| 142 | config_deldblstrlist(cfg->ratelimit_for_domain); | |
| 143 | config_deldblstrlist(cfg->ratelimit_below_domain); | |
| 144 | + if (cfg->redirect_bogus_ipv4) { | |
| 145 | + free(cfg->redirect_bogus_ipv4); | |
| 146 | + } | |
| 147 | + if (cfg->redirect_bogus_ipv6) { | |
| 148 | + free(cfg->redirect_bogus_ipv6); | |
| 149 | + } | |
| 150 | #ifdef USE_IPSECMOD | |
| 151 | free(cfg->ipsecmod_hook); | |
| 152 | config_delstrlist(cfg->ipsecmod_whitelist); | |
| 153 | Index: util/config_file.h | |
| 154 | =================================================================== | |
| 155 | --- util/config_file.h (revision 4191) | |
| 156 | +++ util/config_file.h (working copy) | |
| 157 | @@ -444,6 +444,9 @@ | |
| 158 | /** minimise QNAME in strict mode, minimise according to RFC. | |
| 159 | * Do not apply fallback */ | |
| 160 | int qname_minimisation_strict; | |
| 161 | + /** construct fake responses for DNSSEC failures */ | |
| 162 | + char *redirect_bogus_ipv4; | |
| 163 | + char *redirect_bogus_ipv6; | |
| 164 | /** SHM data - true if shm is enabled */ | |
| 165 | int shm_enable; | |
| 166 | /** SHM data - key for the shm */ | |
| 167 | Index: util/configlexer.lex | |
| 168 | =================================================================== | |
| 169 | --- util/configlexer.lex (revision 4191) | |
| 170 | +++ util/configlexer.lex (working copy) | |
| 171 | @@ -410,6 +410,8 @@ | |
| 172 | response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) } | |
| 173 | response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) } | |
| 174 | response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) } | |
| 175 | +redirect-bogus-ipv4{COLON} { YDVAR(1, VAR_REDIRECT_BOGUS_IPV4) } | |
| 176 | +redirect-bogus-ipv6{COLON} { YDVAR(1, VAR_REDIRECT_BOGUS_IPV6) } | |
| 177 | dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) } | |
| 178 | dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) } | |
| 179 | dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } | |
| 180 | Index: util/configparser.y | |
| 181 | =================================================================== | |
| 182 | --- util/configparser.y (revision 4191) | |
| 183 | +++ util/configparser.y (working copy) | |
| 184 | @@ -44,6 +44,7 @@ | |
| 185 | #include <stdlib.h> | |
| 186 | #include <assert.h> | |
| 187 | ||
| 188 | +#include "sldns/str2wire.h" | |
| 189 | #include "util/configyyrename.h" | |
| 190 | #include "util/config_file.h" | |
| 191 | #include "util/net_help.h" | |
| 192 | @@ -141,6 +142,7 @@ | |
| 193 | %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW | |
| 194 | %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1 | |
| 195 | %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING | |
| 196 | +%token VAR_REDIRECT_BOGUS_IPV4 VAR_REDIRECT_BOGUS_IPV6 | |
| 197 | %token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY | |
| 198 | %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER | |
| 199 | %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT | |
| 200 | @@ -228,6 +230,7 @@ | |
| 201 | server_access_control_tag_data | server_access_control_view | | |
| 202 | server_qname_minimisation_strict | server_serve_expired | | |
| 203 | server_fake_dsa | server_log_identity | server_use_systemd | | |
| 204 | + server_redirect_bogus_ipv4 | server_redirect_bogus_ipv6 | | |
| 205 | server_response_ip_tag | server_response_ip | server_response_ip_data | | |
| 206 | server_shm_enable | server_shm_key | server_fake_sha1 | | |
| 207 | server_hide_trustanchor | server_trust_anchor_signaling | | |
| 208 | @@ -1873,6 +1876,34 @@ | |
| 209 | #endif | |
| 210 | } | |
| 211 | ; | |
| 212 | +server_redirect_bogus_ipv4: VAR_REDIRECT_BOGUS_IPV4 STRING_ARG | |
| 213 | + { | |
| 214 | + uint8_t data[4]; | |
| 215 | + size_t data_len = 4; | |
| 216 | + OUTYY(("P(name:%s)\n", $2)); | |
| 217 | + if(cfg_parser->cfg->redirect_bogus_ipv4) { | |
| 218 | + yyerror("redirect-bogus-ipv4, can only use one address"); | |
| 219 | + } | |
| 220 | + if(sldns_str2wire_a_buf($2, data, &data_len) != LDNS_WIREPARSE_ERR_OK) { | |
| 221 | + yyerror("redirect-bogus-ipv4, not a valid IPv4 address"); | |
| 222 | + } | |
| 223 | + free(cfg_parser->cfg->redirect_bogus_ipv4); | |
| 224 | + cfg_parser->cfg->redirect_bogus_ipv4 = $2; | |
| 225 | + } | |
| 226 | +server_redirect_bogus_ipv6: VAR_REDIRECT_BOGUS_IPV6 STRING_ARG | |
| 227 | + { | |
| 228 | + uint8_t data[16]; | |
| 229 | + size_t data_len = 16; | |
| 230 | + OUTYY(("P(name:%s)\n", $2)); | |
| 231 | + if(cfg_parser->cfg->redirect_bogus_ipv6) { | |
| 232 | + yyerror("redirect-bogus-ipv6, can only use one address"); | |
| 233 | + } | |
| 234 | + if(sldns_str2wire_aaaa_buf($2, data, &data_len) != LDNS_WIREPARSE_ERR_OK) { | |
| 235 | + yyerror("redirect-bogus-ipv6, not a valid IPv6 address"); | |
| 236 | + } | |
| 237 | + free(cfg_parser->cfg->redirect_bogus_ipv6); | |
| 238 | + cfg_parser->cfg->redirect_bogus_ipv6 = $2; | |
| 239 | + } | |
| 240 | stub_name: VAR_NAME STRING_ARG | |
| 241 | { | |
| 242 | OUTYY(("P(name:%s)\n", $2)); | |
| 243 | Index: util/data/msgencode.c | |
| 244 | =================================================================== | |
| 245 | --- util/data/msgencode.c (revision 4191) | |
| 246 | +++ util/data/msgencode.c (working copy) | |
| 247 | @@ -48,6 +48,7 @@ | |
| 248 | #include "util/regional.h" | |
| 249 | #include "util/net_help.h" | |
| 250 | #include "sldns/sbuffer.h" | |
| 251 | +#include "sldns/str2wire.h" | |
| 252 | #include "services/localzone.h" | |
| 253 | ||
| 254 | /** return code that means the function ran out of memory. negative so it does | |
| 255 | @@ -914,3 +915,63 @@ | |
| 256 | attach_edns_record(buf, &es); | |
| 257 | } | |
| 258 | } | |
| 259 | + | |
| 260 | +void | |
| 261 | +fixed_address_encode(sldns_buffer* buf, int r, struct query_info* qinfo, | |
| 262 | + uint16_t qid, uint16_t qflags, struct edns_data* edns, char* data) | |
| 263 | +{ | |
| 264 | + uint16_t flags; | |
| 265 | + uint8_t addr_data[16]; | |
| 266 | + size_t addr_len = 16; | |
| 267 | + if (qinfo->qtype == LDNS_RR_TYPE_A) { | |
| 268 | + sldns_str2wire_a_buf(data, addr_data, &addr_len); | |
| 269 | + } else if (qinfo->qtype == LDNS_RR_TYPE_AAAA) { | |
| 270 | + sldns_str2wire_aaaa_buf(data, addr_data, &addr_len); | |
| 271 | + } else { | |
| 272 | + return error_encode(buf, LDNS_RCODE_NOERROR, qinfo, qid, qflags, edns); | |
| 273 | + } | |
| 274 | + sldns_buffer_clear(buf); | |
| 275 | + sldns_buffer_write(buf, &qid, sizeof(uint16_t)); | |
| 276 | + flags = (uint16_t)(BIT_QR | BIT_RA | r); /* QR and retcode*/ | |
| 277 | + flags |= (qflags & (BIT_RD|BIT_CD)); /* copy RD and CD bit */ | |
| 278 | + sldns_buffer_write_u16(buf, flags); | |
| 279 | + if(qinfo) flags = 1; | |
| 280 | + else flags = 0; | |
| 281 | + sldns_buffer_write_u16(buf, flags); | |
| 282 | + sldns_buffer_write_u16(buf, 1); | |
| 283 | + flags = 0; | |
| 284 | + sldns_buffer_write(buf, &flags, sizeof(uint16_t)); | |
| 285 | + sldns_buffer_write(buf, &flags, sizeof(uint16_t)); | |
| 286 | + if(qinfo) { | |
| 287 | + // query | |
| 288 | + if(sldns_buffer_current(buf) == qinfo->qname) | |
| 289 | + sldns_buffer_skip(buf, (ssize_t)qinfo->qname_len); | |
| 290 | + else sldns_buffer_write(buf, qinfo->qname, qinfo->qname_len); | |
| 291 | + sldns_buffer_write_u16(buf, qinfo->qtype); | |
| 292 | + sldns_buffer_write_u16(buf, qinfo->qclass); | |
| 293 | + // faked answer | |
| 294 | + if(sldns_buffer_current(buf) == qinfo->qname) | |
| 295 | + sldns_buffer_skip(buf, (ssize_t)qinfo->qname_len); | |
| 296 | + else sldns_buffer_write(buf, qinfo->qname, qinfo->qname_len); | |
| 297 | + sldns_buffer_write_u16(buf, qinfo->qtype); | |
| 298 | + sldns_buffer_write_u16(buf, qinfo->qclass); | |
| 299 | + sldns_buffer_write_u16(buf, 0); | |
| 300 | + // TTL. Should we make this configurable too? | |
| 301 | + sldns_buffer_write_u16(buf, 5); | |
| 302 | + sldns_buffer_write_u16(buf, addr_len); | |
| 303 | + sldns_buffer_write(buf, addr_data, addr_len); | |
| 304 | + fflush(stderr); | |
| 305 | + } | |
| 306 | + sldns_buffer_flip(buf); | |
| 307 | + if(edns) { | |
| 308 | + struct edns_data es = *edns; | |
| 309 | + es.edns_version = EDNS_ADVERTISED_VERSION; | |
| 310 | + es.udp_size = EDNS_ADVERTISED_SIZE; | |
| 311 | + es.ext_rcode = 0; | |
| 312 | + es.bits &= EDNS_DO; | |
| 313 | + if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) > | |
| 314 | + edns->udp_size) | |
| 315 | + return; | |
| 316 | + attach_edns_record(buf, &es); | |
| 317 | + } | |
| 318 | +} | |
| 319 | Index: util/data/msgencode.h | |
| 320 | =================================================================== | |
| 321 | --- util/data/msgencode.h (revision 4191) | |
| 322 | +++ util/data/msgencode.h (working copy) | |
| 323 | @@ -128,4 +128,20 @@ | |
| 324 | void error_encode(struct sldns_buffer* pkt, int r, struct query_info* qinfo, | |
| 325 | uint16_t qid, uint16_t qflags, struct edns_data* edns); | |
| 326 | ||
| 327 | +/** | |
| 328 | + * Encode a fixed address response. | |
| 329 | + * This is a fake answer to either an A or AAA query | |
| 330 | + * | |
| 331 | + * It will answer with that address | |
| 332 | + * | |
| 333 | + * @param pkt: where to store the packet. | |
| 334 | + * @param r: RCODE value to encode. | |
| 335 | + * @param qinfo: if not NULL, the query is included. | |
| 336 | + * @param qid: query ID to set in packet. network order. | |
| 337 | + * @param qflags: original query flags (to copy RD and CD bits). host order. | |
| 338 | + * @param edns: if not NULL, this is the query edns info, | |
| 339 | + * and an edns reply is attached. Only attached if EDNS record fits reply. | |
| 340 | + */ | |
| 341 | +void fixed_address_encode(struct sldns_buffer* pkt, int r, struct query_info* qinfo, | |
| 342 | + uint16_t qid, uint16_t qflags, struct edns_data* edns, char* address); | |
| 343 | #endif /* UTIL_DATA_MSGENCODE_H */ |
| 0 | [Unit] | |
| 1 | Description=Validating, recursive, and caching DNS resolver | |
| 2 | Documentation=man:unbound(8) | |
| 3 | ||
| 4 | [Install] | |
| 5 | WantedBy=multi-user.target | |
| 6 | ||
| 7 | [Service] | |
| 8 | ExecReload=/bin/kill -HUP $MAINPID | |
| 9 | ExecStart=@UNBOUND_SBIN_DIR@/unbound | |
| 10 | NotifyAccess=main | |
| 11 | Type=notify | |
| 12 | CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT | |
| 13 | MemoryDenyWriteExecute=true | |
| 14 | NoNewPrivileges=true | |
| 15 | PrivateDevices=true | |
| 16 | PrivateTmp=true | |
| 17 | ProtectHome=true | |
| 18 | ProtectControlGroups=true | |
| 19 | ProtectKernelModules=true | |
| 20 | ProtectKernelTunables=true | |
| 21 | ProtectSystem=strict | |
| 22 | ReadWritePaths=@UNBOUND_SYSCONF_DIR@ @UNBOUND_LOCALSTATE_DIR@ /run @UNBOUND_RUN_DIR@ | |
| 23 | RestrictAddressFamilies=AF_INET AF_UNIX | |
| 24 | RestrictRealtime=true | |
| 25 | SystemCallArchitectures=native | |
| 26 | SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources | |
| 27 |
| 0 | [Socket] | |
| 1 | ListenDatagram=127.0.0.1:1153 | |
| 2 | ListenStream=127.0.0.1:1153 | |
| 3 | # ListenStream=@UNBOUND_RUN_DIR@/control | |
| 4 | [Install] | |
| 5 | WantedBy=sockets.target |
| 75 | 75 | * Tree of the addresses that are allowed/blocked. |
| 76 | 76 | * contents of type acl_addr. |
| 77 | 77 | */ |
| 78 | rbtree_t tree; | |
| 78 | rbtree_type tree; | |
| 79 | 79 | }; |
| 80 | 80 | |
| 81 | 81 | /** |
| 72 | 72 | #include "util/log.h" |
| 73 | 73 | #include "util/config_file.h" |
| 74 | 74 | #include "util/data/msgreply.h" |
| 75 | #include "util/shm_side/shm_main.h" | |
| 75 | 76 | #include "util/storage/lookup3.h" |
| 76 | 77 | #include "util/storage/slabhash.h" |
| 77 | 78 | #include "services/listen_dnsport.h" |
| 85 | 86 | #include "util/tube.h" |
| 86 | 87 | #include "util/net_help.h" |
| 87 | 88 | #include "sldns/keyraw.h" |
| 89 | #include "respip/respip.h" | |
| 88 | 90 | #include <signal.h> |
| 91 | ||
| 92 | #ifdef HAVE_SYSTEMD | |
| 93 | #include <systemd/sd-daemon.h> | |
| 94 | #endif | |
| 89 | 95 | |
| 90 | 96 | /** How many quit requests happened. */ |
| 91 | 97 | static int sig_record_quit = 0; |
| 174 | 180 | signal_handling_playback(struct worker* wrk) |
| 175 | 181 | { |
| 176 | 182 | #ifdef SIGHUP |
| 177 | if(sig_record_reload) | |
| 183 | if(sig_record_reload) { | |
| 184 | # ifdef HAVE_SYSTEMD | |
| 185 | sd_notify(0, "RELOADING=1"); | |
| 186 | # endif | |
| 178 | 187 | worker_sighandler(SIGHUP, wrk); |
| 188 | # ifdef HAVE_SYSTEMD | |
| 189 | sd_notify(0, "READY=1"); | |
| 190 | # endif | |
| 191 | } | |
| 179 | 192 | #endif |
| 180 | 193 | if(sig_record_quit) |
| 181 | 194 | worker_sighandler(SIGTERM, wrk); |
| 549 | 562 | void |
| 550 | 563 | daemon_fork(struct daemon* daemon) |
| 551 | 564 | { |
| 565 | int have_view_respip_cfg = 0; | |
| 566 | ||
| 552 | 567 | log_assert(daemon); |
| 553 | 568 | if(!(daemon->views = views_create())) |
| 554 | 569 | fatal_exit("Could not create views: out of memory"); |
| 558 | 573 | |
| 559 | 574 | if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) |
| 560 | 575 | fatal_exit("Could not setup access control list"); |
| 576 | if(daemon->cfg->dnscrypt) { | |
| 577 | #ifdef USE_DNSCRYPT | |
| 578 | daemon->dnscenv = dnsc_create(); | |
| 579 | if (!daemon->dnscenv) | |
| 580 | fatal_exit("dnsc_create failed"); | |
| 581 | dnsc_apply_cfg(daemon->dnscenv, daemon->cfg); | |
| 582 | #else | |
| 583 | fatal_exit("dnscrypt enabled in config but unbound was not built with " | |
| 584 | "dnscrypt support"); | |
| 585 | #endif | |
| 586 | } | |
| 561 | 587 | /* create global local_zones */ |
| 562 | 588 | if(!(daemon->local_zones = local_zones_create())) |
| 563 | 589 | fatal_exit("Could not create local zones: out of memory"); |
| 564 | 590 | if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) |
| 565 | 591 | fatal_exit("Could not set up local zones"); |
| 566 | 592 | |
| 593 | /* process raw response-ip configuration data */ | |
| 594 | if(!(daemon->respip_set = respip_set_create())) | |
| 595 | fatal_exit("Could not create response IP set"); | |
| 596 | if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg)) | |
| 597 | fatal_exit("Could not set up response IP set"); | |
| 598 | if(!respip_views_apply_cfg(daemon->views, daemon->cfg, | |
| 599 | &have_view_respip_cfg)) | |
| 600 | fatal_exit("Could not set up per-view response IP sets"); | |
| 601 | daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || | |
| 602 | have_view_respip_cfg; | |
| 603 | ||
| 567 | 604 | /* setup modules */ |
| 568 | 605 | daemon_setup_modules(daemon); |
| 606 | ||
| 607 | /* response-ip-xxx options don't work as expected without the respip | |
| 608 | * module. To avoid run-time operational surprise we reject such | |
| 609 | * configuration. */ | |
| 610 | if(daemon->use_response_ip && | |
| 611 | modstack_find(&daemon->mods, "respip") < 0) | |
| 612 | fatal_exit("response-ip options require respip module"); | |
| 569 | 613 | |
| 570 | 614 | /* first create all the worker structures, so we can pass |
| 571 | 615 | * them to the newly created threads. |
| 593 | 637 | #endif |
| 594 | 638 | signal_handling_playback(daemon->workers[0]); |
| 595 | 639 | |
| 640 | if (!shm_main_init(daemon)) | |
| 641 | log_warn("SHM has failed"); | |
| 642 | ||
| 596 | 643 | /* Start resolver service on main thread. */ |
| 644 | #ifdef HAVE_SYSTEMD | |
| 645 | sd_notify(0, "READY=1"); | |
| 646 | #endif | |
| 597 | 647 | log_info("start of service (%s).", PACKAGE_STRING); |
| 598 | 648 | worker_work(daemon->workers[0]); |
| 649 | #ifdef HAVE_SYSTEMD | |
| 650 | sd_notify(0, "STOPPING=1"); | |
| 651 | #endif | |
| 599 | 652 | log_info("service stopped (%s).", PACKAGE_STRING); |
| 600 | 653 | |
| 601 | 654 | /* we exited! a signal happened! Stop other threads */ |
| 602 | 655 | daemon_stop_others(daemon); |
| 656 | ||
| 657 | /* Shutdown SHM */ | |
| 658 | shm_main_shutdown(daemon); | |
| 603 | 659 | |
| 604 | 660 | daemon->need_to_exit = daemon->workers[0]->need_to_exit; |
| 605 | 661 | } |
| 620 | 676 | slabhash_clear(daemon->env->msg_cache); |
| 621 | 677 | local_zones_delete(daemon->local_zones); |
| 622 | 678 | daemon->local_zones = NULL; |
| 679 | respip_set_delete(daemon->respip_set); | |
| 680 | daemon->respip_set = NULL; | |
| 623 | 681 | views_delete(daemon->views); |
| 624 | 682 | daemon->views = NULL; |
| 625 | 683 | /* key cache is cleared by module desetup during next daemon_fork() */ |
| 652 | 710 | rrset_cache_delete(daemon->env->rrset_cache); |
| 653 | 711 | infra_delete(daemon->env->infra_cache); |
| 654 | 712 | edns_known_options_delete(daemon->env); |
| 655 | inplace_cb_lists_delete(daemon->env); | |
| 656 | 713 | } |
| 657 | 714 | ub_randfree(daemon->rand); |
| 658 | 715 | alloc_clear(&daemon->superalloc); |
| 55 | 55 | struct views; |
| 56 | 56 | struct ub_randstate; |
| 57 | 57 | struct daemon_remote; |
| 58 | struct respip_set; | |
| 59 | struct shm_main_info; | |
| 58 | 60 | |
| 59 | 61 | #include "dnstap/dnstap_config.h" |
| 60 | 62 | #ifdef USE_DNSTAP |
| 61 | 63 | struct dt_env; |
| 64 | #endif | |
| 65 | ||
| 66 | #include "dnscrypt/dnscrypt_config.h" | |
| 67 | #ifdef USE_DNSCRYPT | |
| 68 | struct dnsc_env; | |
| 62 | 69 | #endif |
| 63 | 70 | |
| 64 | 71 | /** |
| 117 | 124 | /** the dnstap environment master value, copied and changed by threads*/ |
| 118 | 125 | struct dt_env* dtenv; |
| 119 | 126 | #endif |
| 127 | struct shm_main_info* shm_info; | |
| 128 | /** response-ip set with associated actions and tags. */ | |
| 129 | struct respip_set* respip_set; | |
| 130 | /** some response-ip tags or actions are configured if true */ | |
| 131 | int use_response_ip; | |
| 132 | #ifdef USE_DNSCRYPT | |
| 133 | /** the dnscrypt environment */ | |
| 134 | struct dnsc_env* dnscenv; | |
| 135 | #endif | |
| 120 | 136 | }; |
| 121 | 137 | |
| 122 | 138 | /** |
| 123 | 123 | |
| 124 | 124 | /** divide sum of timers to get average */ |
| 125 | 125 | static void |
| 126 | timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) | |
| 126 | timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) | |
| 127 | 127 | { |
| 128 | 128 | #ifndef S_SPLINT_S |
| 129 | 129 | size_t leftover; |
| 241 | 241 | daemon_remote_delete(rc); |
| 242 | 242 | return NULL; |
| 243 | 243 | } |
| 244 | #if defined(SSL_OP_NO_TLSv1) && defined(SSL_OP_NO_TLSv1_1) | |
| 245 | /* if we have tls 1.1 disable 1.0 */ | |
| 246 | if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1) & SSL_OP_NO_TLSv1) | |
| 247 | != SSL_OP_NO_TLSv1){ | |
| 248 | log_crypto_err("could not set SSL_OP_NO_TLSv1"); | |
| 249 | daemon_remote_delete(rc); | |
| 250 | return NULL; | |
| 251 | } | |
| 252 | #endif | |
| 253 | #if defined(SSL_OP_NO_TLSv1_1) && defined(SSL_OP_NO_TLSv1_2) | |
| 254 | /* if we have tls 1.2 disable 1.1 */ | |
| 255 | if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1_1) & SSL_OP_NO_TLSv1_1) | |
| 256 | != SSL_OP_NO_TLSv1_1){ | |
| 257 | log_crypto_err("could not set SSL_OP_NO_TLSv1_1"); | |
| 258 | daemon_remote_delete(rc); | |
| 259 | return NULL; | |
| 260 | } | |
| 261 | #endif | |
| 262 | #if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA) | |
| 263 | /* if we have sha256, set the cipher list to have no known vulns */ | |
| 264 | if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256")) | |
| 265 | log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list"); | |
| 266 | #endif | |
| 244 | 267 | |
| 245 | 268 | if (cfg->remote_control_use_cert == 0) { |
| 246 | 269 | /* No certificates are requested */ |
| 380 | 403 | |
| 381 | 404 | if(ip[0] == '/') { |
| 382 | 405 | /* This looks like a local socket */ |
| 383 | fd = create_local_accept_sock(ip, &noproto); | |
| 406 | fd = create_local_accept_sock(ip, &noproto, cfg->use_systemd); | |
| 384 | 407 | /* |
| 385 | 408 | * Change socket ownership and permissions so users other |
| 386 | 409 | * than root can access it provided they are in the same |
| 423 | 446 | |
| 424 | 447 | /* open fd */ |
| 425 | 448 | fd = create_tcp_accept_sock(res, 1, &noproto, 0, |
| 426 | cfg->ip_transparent, 0, cfg->ip_freebind); | |
| 449 | cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd); | |
| 427 | 450 | freeaddrinfo(res); |
| 428 | 451 | } |
| 429 | 452 | |
| 756 | 779 | |
| 757 | 780 | /** print stats from statinfo */ |
| 758 | 781 | static int |
| 759 | print_stats(SSL* ssl, const char* nm, struct stats_info* s) | |
| 760 | { | |
| 761 | struct timeval avg; | |
| 782 | print_stats(SSL* ssl, const char* nm, struct ub_stats_info* s) | |
| 783 | { | |
| 784 | struct timeval sumwait, avg; | |
| 762 | 785 | if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm, |
| 763 | 786 | (unsigned long)s->svr.num_queries)) return 0; |
| 787 | if(!ssl_printf(ssl, "%s.num.queries_ip_ratelimited"SQ"%lu\n", nm, | |
| 788 | (unsigned long)s->svr.num_queries_ip_ratelimited)) return 0; | |
| 764 | 789 | if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm, |
| 765 | 790 | (unsigned long)(s->svr.num_queries |
| 766 | 791 | - s->svr.num_queries_missed_cache))) return 0; |
| 772 | 797 | (unsigned long)s->svr.zero_ttl_responses)) return 0; |
| 773 | 798 | if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, |
| 774 | 799 | (unsigned long)s->mesh_replies_sent)) return 0; |
| 800 | #ifdef USE_DNSCRYPT | |
| 801 | if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm, | |
| 802 | (unsigned long)s->svr.num_query_dnscrypt_crypted)) return 0; | |
| 803 | if(!ssl_printf(ssl, "%s.num.dnscrypt.cert"SQ"%lu\n", nm, | |
| 804 | (unsigned long)s->svr.num_query_dnscrypt_cert)) return 0; | |
| 805 | if(!ssl_printf(ssl, "%s.num.dnscrypt.cleartext"SQ"%lu\n", nm, | |
| 806 | (unsigned long)s->svr.num_query_dnscrypt_cleartext)) return 0; | |
| 807 | if(!ssl_printf(ssl, "%s.num.dnscrypt.malformed"SQ"%lu\n", nm, | |
| 808 | (unsigned long)s->svr.num_query_dnscrypt_crypted_malformed)) return 0; | |
| 809 | #endif | |
| 775 | 810 | if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm, |
| 776 | 811 | (s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)? |
| 777 | 812 | (double)s->svr.sum_query_list_size/ |
| 778 | (s->svr.num_queries_missed_cache+ | |
| 813 | (double)(s->svr.num_queries_missed_cache+ | |
| 779 | 814 | s->svr.num_queries_prefetch) : 0.0)) return 0; |
| 780 | 815 | if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm, |
| 781 | 816 | (unsigned long)s->svr.max_query_list_size)) return 0; |
| 787 | 822 | (unsigned long)s->mesh_num_states)) return 0; |
| 788 | 823 | if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm, |
| 789 | 824 | (unsigned long)s->mesh_num_reply_states)) return 0; |
| 790 | timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent); | |
| 825 | #ifndef S_SPLINT_S | |
| 826 | sumwait.tv_sec = s->mesh_replies_sum_wait_sec; | |
| 827 | sumwait.tv_usec = s->mesh_replies_sum_wait_usec; | |
| 828 | #endif | |
| 829 | timeval_divide(&avg, &sumwait, s->mesh_replies_sent); | |
| 791 | 830 | if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm, |
| 792 | 831 | (long long)avg.tv_sec, (int)avg.tv_usec)) return 0; |
| 793 | 832 | if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm, |
| 799 | 838 | |
| 800 | 839 | /** print stats for one thread */ |
| 801 | 840 | static int |
| 802 | print_thread_stats(SSL* ssl, int i, struct stats_info* s) | |
| 841 | print_thread_stats(SSL* ssl, int i, struct ub_stats_info* s) | |
| 803 | 842 | { |
| 804 | 843 | char nm[16]; |
| 805 | 844 | snprintf(nm, sizeof(nm), "thread%d", i); |
| 826 | 865 | static int |
| 827 | 866 | print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon) |
| 828 | 867 | { |
| 829 | int m; | |
| 830 | size_t msg, rrset, val, iter; | |
| 868 | size_t msg, rrset, val, iter, respip; | |
| 869 | #ifdef CLIENT_SUBNET | |
| 870 | size_t subnet = 0; | |
| 871 | #endif /* CLIENT_SUBNET */ | |
| 872 | #ifdef USE_IPSECMOD | |
| 873 | size_t ipsecmod = 0; | |
| 874 | #endif /* USE_IPSECMOD */ | |
| 831 | 875 | msg = slabhash_get_mem(daemon->env->msg_cache); |
| 832 | 876 | rrset = slabhash_get_mem(&daemon->env->rrset_cache->table); |
| 833 | val=0; | |
| 834 | iter=0; | |
| 835 | m = modstack_find(&worker->env.mesh->mods, "validator"); | |
| 836 | if(m != -1) { | |
| 837 | fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> | |
| 838 | mods.mod[m]->get_mem)); | |
| 839 | val = (*worker->env.mesh->mods.mod[m]->get_mem) | |
| 840 | (&worker->env, m); | |
| 841 | } | |
| 842 | m = modstack_find(&worker->env.mesh->mods, "iterator"); | |
| 843 | if(m != -1) { | |
| 844 | fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> | |
| 845 | mods.mod[m]->get_mem)); | |
| 846 | iter = (*worker->env.mesh->mods.mod[m]->get_mem) | |
| 847 | (&worker->env, m); | |
| 848 | } | |
| 877 | val = mod_get_mem(&worker->env, "validator"); | |
| 878 | iter = mod_get_mem(&worker->env, "iterator"); | |
| 879 | respip = mod_get_mem(&worker->env, "respip"); | |
| 880 | #ifdef CLIENT_SUBNET | |
| 881 | subnet = mod_get_mem(&worker->env, "subnet"); | |
| 882 | #endif /* CLIENT_SUBNET */ | |
| 883 | #ifdef USE_IPSECMOD | |
| 884 | ipsecmod = mod_get_mem(&worker->env, "ipsecmod"); | |
| 885 | #endif /* USE_IPSECMOD */ | |
| 849 | 886 | |
| 850 | 887 | if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset)) |
| 851 | 888 | return 0; |
| 855 | 892 | return 0; |
| 856 | 893 | if(!print_longnum(ssl, "mem.mod.validator"SQ, val)) |
| 857 | 894 | return 0; |
| 895 | if(!print_longnum(ssl, "mem.mod.respip"SQ, respip)) | |
| 896 | return 0; | |
| 897 | #ifdef CLIENT_SUBNET | |
| 898 | if(!print_longnum(ssl, "mem.mod.subnet"SQ, subnet)) | |
| 899 | return 0; | |
| 900 | #endif /* CLIENT_SUBNET */ | |
| 901 | #ifdef USE_IPSECMOD | |
| 902 | if(!print_longnum(ssl, "mem.mod.ipsecmod"SQ, ipsecmod)) | |
| 903 | return 0; | |
| 904 | #endif /* USE_IPSECMOD */ | |
| 858 | 905 | return 1; |
| 859 | 906 | } |
| 860 | 907 | |
| 879 | 926 | |
| 880 | 927 | /** print extended histogram */ |
| 881 | 928 | static int |
| 882 | print_hist(SSL* ssl, struct stats_info* s) | |
| 929 | print_hist(SSL* ssl, struct ub_stats_info* s) | |
| 883 | 930 | { |
| 884 | 931 | struct timehist* hist; |
| 885 | 932 | size_t i; |
| 907 | 954 | |
| 908 | 955 | /** print extended stats */ |
| 909 | 956 | static int |
| 910 | print_ext(SSL* ssl, struct stats_info* s) | |
| 957 | print_ext(SSL* ssl, struct ub_stats_info* s) | |
| 911 | 958 | { |
| 912 | 959 | int i; |
| 913 | 960 | char nm[16]; |
| 914 | 961 | const sldns_rr_descriptor* desc; |
| 915 | 962 | const sldns_lookup_table* lt; |
| 916 | 963 | /* TYPE */ |
| 917 | for(i=0; i<STATS_QTYPE_NUM; i++) { | |
| 964 | for(i=0; i<UB_STATS_QTYPE_NUM; i++) { | |
| 918 | 965 | if(inhibit_zero && s->svr.qtype[i] == 0) |
| 919 | 966 | continue; |
| 920 | 967 | desc = sldns_rr_descript((uint16_t)i); |
| 941 | 988 | (unsigned long)s->svr.qtype_big)) return 0; |
| 942 | 989 | } |
| 943 | 990 | /* CLASS */ |
| 944 | for(i=0; i<STATS_QCLASS_NUM; i++) { | |
| 991 | for(i=0; i<UB_STATS_QCLASS_NUM; i++) { | |
| 945 | 992 | if(inhibit_zero && s->svr.qclass[i] == 0) |
| 946 | 993 | continue; |
| 947 | 994 | lt = sldns_lookup_by_id(sldns_rr_classes, i); |
| 958 | 1005 | (unsigned long)s->svr.qclass_big)) return 0; |
| 959 | 1006 | } |
| 960 | 1007 | /* OPCODE */ |
| 961 | for(i=0; i<STATS_OPCODE_NUM; i++) { | |
| 1008 | for(i=0; i<UB_STATS_OPCODE_NUM; i++) { | |
| 962 | 1009 | if(inhibit_zero && s->svr.qopcode[i] == 0) |
| 963 | 1010 | continue; |
| 964 | 1011 | lt = sldns_lookup_by_id(sldns_opcodes, i); |
| 1000 | 1047 | (unsigned long)s->svr.qEDNS_DO)) return 0; |
| 1001 | 1048 | |
| 1002 | 1049 | /* RCODE */ |
| 1003 | for(i=0; i<STATS_RCODE_NUM; i++) { | |
| 1050 | for(i=0; i<UB_STATS_RCODE_NUM; i++) { | |
| 1004 | 1051 | /* Always include RCODEs 0-5 */ |
| 1005 | 1052 | if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0) |
| 1006 | 1053 | continue; |
| 1046 | 1093 | do_stats(SSL* ssl, struct daemon_remote* rc, int reset) |
| 1047 | 1094 | { |
| 1048 | 1095 | struct daemon* daemon = rc->worker->daemon; |
| 1049 | struct stats_info total; | |
| 1050 | struct stats_info s; | |
| 1096 | struct ub_stats_info total; | |
| 1097 | struct ub_stats_info s; | |
| 1051 | 1098 | int i; |
| 1052 | 1099 | log_assert(daemon->num > 0); |
| 1053 | 1100 | /* gather all thread statistics in one place */ |
| 1339 | 1386 | ssl_printf(ssl,"no view with name: %s\n", arg); |
| 1340 | 1387 | return; |
| 1341 | 1388 | } |
| 1389 | if(!v->local_zones) { | |
| 1390 | if(!(v->local_zones = local_zones_create())){ | |
| 1391 | lock_rw_unlock(&v->lock); | |
| 1392 | ssl_printf(ssl,"error out of memory\n"); | |
| 1393 | return; | |
| 1394 | } | |
| 1395 | if(!v->isfirst) { | |
| 1396 | /* Global local-zone is not used for this view, | |
| 1397 | * therefore add defaults to this view-specic | |
| 1398 | * local-zone. */ | |
| 1399 | struct config_file lz_cfg; | |
| 1400 | memset(&lz_cfg, 0, sizeof(lz_cfg)); | |
| 1401 | local_zone_enter_defaults(v->local_zones, &lz_cfg); | |
| 1402 | } | |
| 1403 | } | |
| 1342 | 1404 | do_zone_add(ssl, v->local_zones, arg2); |
| 1343 | 1405 | lock_rw_unlock(&v->lock); |
| 1344 | 1406 | } |
| 1357 | 1419 | ssl_printf(ssl,"no view with name: %s\n", arg); |
| 1358 | 1420 | return; |
| 1359 | 1421 | } |
| 1422 | if(!v->local_zones) { | |
| 1423 | lock_rw_unlock(&v->lock); | |
| 1424 | send_ok(ssl); | |
| 1425 | return; | |
| 1426 | } | |
| 1360 | 1427 | do_zone_remove(ssl, v->local_zones, arg2); |
| 1361 | 1428 | lock_rw_unlock(&v->lock); |
| 1362 | 1429 | } |
| 1375 | 1442 | ssl_printf(ssl,"no view with name: %s\n", arg); |
| 1376 | 1443 | return; |
| 1377 | 1444 | } |
| 1445 | if(!v->local_zones) { | |
| 1446 | if(!(v->local_zones = local_zones_create())){ | |
| 1447 | lock_rw_unlock(&v->lock); | |
| 1448 | ssl_printf(ssl,"error out of memory\n"); | |
| 1449 | return; | |
| 1450 | } | |
| 1451 | } | |
| 1378 | 1452 | do_data_add(ssl, v->local_zones, arg2); |
| 1379 | 1453 | lock_rw_unlock(&v->lock); |
| 1380 | 1454 | } |
| 1393 | 1467 | ssl_printf(ssl,"no view with name: %s\n", arg); |
| 1394 | 1468 | return; |
| 1395 | 1469 | } |
| 1470 | if(!v->local_zones) { | |
| 1471 | lock_rw_unlock(&v->lock); | |
| 1472 | send_ok(ssl); | |
| 1473 | return; | |
| 1474 | } | |
| 1396 | 1475 | do_data_remove(ssl, v->local_zones, arg2); |
| 1397 | 1476 | lock_rw_unlock(&v->lock); |
| 1398 | 1477 | } |
| 1415 | 1494 | do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen, |
| 1416 | 1495 | uint16_t t, uint16_t c) |
| 1417 | 1496 | { |
| 1418 | hashvalue_t h; | |
| 1497 | hashvalue_type h; | |
| 1419 | 1498 | struct query_info k; |
| 1420 | 1499 | rrset_cache_remove(worker->env.rrset_cache, nm, nmlen, t, c, 0); |
| 1421 | 1500 | if(t == LDNS_RR_TYPE_SOA) |
| 2528 | 2607 | ssl_printf(ssl,"no view with name: %s\n", arg); |
| 2529 | 2608 | return; |
| 2530 | 2609 | } |
| 2531 | do_list_local_zones(ssl, v->local_zones); | |
| 2610 | if(v->local_zones) { | |
| 2611 | do_list_local_zones(ssl, v->local_zones); | |
| 2612 | } | |
| 2532 | 2613 | lock_rw_unlock(&v->lock); |
| 2533 | 2614 | } |
| 2534 | 2615 | |
| 2542 | 2623 | ssl_printf(ssl,"no view with name: %s\n", arg); |
| 2543 | 2624 | return; |
| 2544 | 2625 | } |
| 2545 | do_list_local_data(ssl, worker, v->local_zones); | |
| 2626 | if(v->local_zones) { | |
| 2627 | do_list_local_data(ssl, worker, v->local_zones); | |
| 2628 | } | |
| 2546 | 2629 | lock_rw_unlock(&v->lock); |
| 2547 | 2630 | } |
| 2548 | 2631 | |
| 2558 | 2641 | time_t now; |
| 2559 | 2642 | }; |
| 2560 | 2643 | |
| 2644 | #define ip_ratelimit_list_arg ratelimit_list_arg | |
| 2645 | ||
| 2561 | 2646 | /** list items in the ratelimit table */ |
| 2562 | 2647 | static void |
| 2563 | 2648 | rate_list(struct lruhash_entry* e, void* arg) |
| 2574 | 2659 | } |
| 2575 | 2660 | dname_str(k->name, buf); |
| 2576 | 2661 | ssl_printf(a->ssl, "%s %d limit %d\n", buf, max, lim); |
| 2662 | } | |
| 2663 | ||
| 2664 | /** list items in the ip_ratelimit table */ | |
| 2665 | static void | |
| 2666 | ip_rate_list(struct lruhash_entry* e, void* arg) | |
| 2667 | { | |
| 2668 | char ip[128]; | |
| 2669 | struct ip_ratelimit_list_arg* a = (struct ip_ratelimit_list_arg*)arg; | |
| 2670 | struct ip_rate_key* k = (struct ip_rate_key*)e->key; | |
| 2671 | struct ip_rate_data* d = (struct ip_rate_data*)e->data; | |
| 2672 | int lim = infra_ip_ratelimit; | |
| 2673 | int max = infra_rate_max(d, a->now); | |
| 2674 | if(a->all == 0) { | |
| 2675 | if(max < lim) | |
| 2676 | return; | |
| 2677 | } | |
| 2678 | addr_to_str(&k->addr, k->addrlen, ip, sizeof(ip)); | |
| 2679 | ssl_printf(a->ssl, "%s %d limit %d\n", ip, max, lim); | |
| 2577 | 2680 | } |
| 2578 | 2681 | |
| 2579 | 2682 | /** do the ratelimit_list command */ |
| 2594 | 2697 | slabhash_traverse(a.infra->domain_rates, 0, rate_list, &a); |
| 2595 | 2698 | } |
| 2596 | 2699 | |
| 2700 | /** do the ip_ratelimit_list command */ | |
| 2701 | static void | |
| 2702 | do_ip_ratelimit_list(SSL* ssl, struct worker* worker, char* arg) | |
| 2703 | { | |
| 2704 | struct ip_ratelimit_list_arg a; | |
| 2705 | a.all = 0; | |
| 2706 | a.infra = worker->env.infra_cache; | |
| 2707 | a.now = *worker->env.now; | |
| 2708 | a.ssl = ssl; | |
| 2709 | arg = skipwhite(arg); | |
| 2710 | if(strcmp(arg, "+a") == 0) | |
| 2711 | a.all = 1; | |
| 2712 | if(a.infra->client_ip_rates==NULL || | |
| 2713 | (a.all == 0 && infra_ip_ratelimit == 0)) | |
| 2714 | return; | |
| 2715 | slabhash_traverse(a.infra->client_ip_rates, 0, ip_rate_list, &a); | |
| 2716 | } | |
| 2717 | ||
| 2597 | 2718 | /** tell other processes to execute the command */ |
| 2598 | 2719 | static void |
| 2599 | 2720 | distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd) |
| 2671 | 2792 | return; |
| 2672 | 2793 | } else if(cmdcmp(p, "ratelimit_list", 14)) { |
| 2673 | 2794 | do_ratelimit_list(ssl, worker, p+14); |
| 2795 | return; | |
| 2796 | } else if(cmdcmp(p, "ip_ratelimit_list", 17)) { | |
| 2797 | do_ip_ratelimit_list(ssl, worker, p+17); | |
| 2674 | 2798 | return; |
| 2675 | 2799 | } else if(cmdcmp(p, "stub_add", 8)) { |
| 2676 | 2800 | /* must always distribute this cmd */ |
| 62 | 62 | |
| 63 | 63 | /** add timers and the values do not overflow or become negative */ |
| 64 | 64 | static void |
| 65 | timeval_add(struct timeval* d, const struct timeval* add) | |
| 65 | stats_timeval_add(long long* d_sec, long long* d_usec, long long add_sec, long long add_usec) | |
| 66 | 66 | { |
| 67 | 67 | #ifndef S_SPLINT_S |
| 68 | d->tv_sec += add->tv_sec; | |
| 69 | d->tv_usec += add->tv_usec; | |
| 70 | if(d->tv_usec > 1000000) { | |
| 71 | d->tv_usec -= 1000000; | |
| 72 | d->tv_sec++; | |
| 68 | (*d_sec) += add_sec; | |
| 69 | (*d_usec) += add_usec; | |
| 70 | if((*d_usec) > 1000000) { | |
| 71 | (*d_usec) -= 1000000; | |
| 72 | (*d_sec)++; | |
| 73 | 73 | } |
| 74 | 74 | #endif |
| 75 | 75 | } |
| 76 | 76 | |
| 77 | void server_stats_init(struct server_stats* stats, struct config_file* cfg) | |
| 77 | void server_stats_init(struct ub_server_stats* stats, struct config_file* cfg) | |
| 78 | 78 | { |
| 79 | 79 | memset(stats, 0, sizeof(*stats)); |
| 80 | 80 | stats->extended = cfg->stat_extended; |
| 81 | 81 | } |
| 82 | 82 | |
| 83 | void server_stats_querymiss(struct server_stats* stats, struct worker* worker) | |
| 83 | void server_stats_querymiss(struct ub_server_stats* stats, struct worker* worker) | |
| 84 | 84 | { |
| 85 | 85 | stats->num_queries_missed_cache++; |
| 86 | 86 | stats->sum_query_list_size += worker->env.mesh->all.count; |
| 87 | if(worker->env.mesh->all.count > stats->max_query_list_size) | |
| 88 | stats->max_query_list_size = worker->env.mesh->all.count; | |
| 89 | } | |
| 90 | ||
| 91 | void server_stats_prefetch(struct server_stats* stats, struct worker* worker) | |
| 87 | if((long long)worker->env.mesh->all.count > stats->max_query_list_size) | |
| 88 | stats->max_query_list_size = (long long)worker->env.mesh->all.count; | |
| 89 | } | |
| 90 | ||
| 91 | void server_stats_prefetch(struct ub_server_stats* stats, struct worker* worker) | |
| 92 | 92 | { |
| 93 | 93 | stats->num_queries_prefetch++; |
| 94 | 94 | /* changes the query list size so account that, like a querymiss */ |
| 95 | 95 | stats->sum_query_list_size += worker->env.mesh->all.count; |
| 96 | if(worker->env.mesh->all.count > stats->max_query_list_size) | |
| 97 | stats->max_query_list_size = worker->env.mesh->all.count; | |
| 98 | } | |
| 99 | ||
| 100 | void server_stats_log(struct server_stats* stats, struct worker* worker, | |
| 96 | if((long long)worker->env.mesh->all.count > stats->max_query_list_size) | |
| 97 | stats->max_query_list_size = (long long)worker->env.mesh->all.count; | |
| 98 | } | |
| 99 | ||
| 100 | void server_stats_log(struct ub_server_stats* stats, struct worker* worker, | |
| 101 | 101 | int threadnum) |
| 102 | 102 | { |
| 103 | 103 | log_info("server stats for thread %d: %u queries, " |
| 104 | "%u answers from cache, %u recursions, %u prefetch", | |
| 104 | "%u answers from cache, %u recursions, %u prefetch, %u rejected by " | |
| 105 | "ip ratelimiting", | |
| 105 | 106 | threadnum, (unsigned)stats->num_queries, |
| 106 | 107 | (unsigned)(stats->num_queries - |
| 107 | 108 | stats->num_queries_missed_cache), |
| 108 | 109 | (unsigned)stats->num_queries_missed_cache, |
| 109 | (unsigned)stats->num_queries_prefetch); | |
| 110 | (unsigned)stats->num_queries_prefetch, | |
| 111 | (unsigned)stats->num_queries_ip_ratelimited); | |
| 110 | 112 | log_info("server stats for thread %d: requestlist max %u avg %g " |
| 111 | 113 | "exceeded %u jostled %u", threadnum, |
| 112 | 114 | (unsigned)stats->max_query_list_size, |
| 113 | 115 | (stats->num_queries_missed_cache+stats->num_queries_prefetch)? |
| 114 | 116 | (double)stats->sum_query_list_size/ |
| 115 | (stats->num_queries_missed_cache+ | |
| 117 | (double)(stats->num_queries_missed_cache+ | |
| 116 | 118 | stats->num_queries_prefetch) : 0.0, |
| 117 | 119 | (unsigned)worker->env.mesh->stats_dropped, |
| 118 | 120 | (unsigned)worker->env.mesh->stats_jostled); |
| 137 | 139 | } |
| 138 | 140 | |
| 139 | 141 | void |
| 140 | server_stats_compile(struct worker* worker, struct stats_info* s, int reset) | |
| 142 | server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) | |
| 141 | 143 | { |
| 142 | 144 | int i; |
| 143 | 145 | struct listen_list* lp; |
| 144 | 146 | |
| 145 | 147 | s->svr = worker->stats; |
| 146 | s->mesh_num_states = worker->env.mesh->all.count; | |
| 147 | s->mesh_num_reply_states = worker->env.mesh->num_reply_states; | |
| 148 | s->mesh_jostled = worker->env.mesh->stats_jostled; | |
| 149 | s->mesh_dropped = worker->env.mesh->stats_dropped; | |
| 150 | s->mesh_replies_sent = worker->env.mesh->replies_sent; | |
| 151 | s->mesh_replies_sum_wait = worker->env.mesh->replies_sum_wait; | |
| 148 | s->mesh_num_states = (long long)worker->env.mesh->all.count; | |
| 149 | s->mesh_num_reply_states = (long long)worker->env.mesh->num_reply_states; | |
| 150 | s->mesh_jostled = (long long)worker->env.mesh->stats_jostled; | |
| 151 | s->mesh_dropped = (long long)worker->env.mesh->stats_dropped; | |
| 152 | s->mesh_replies_sent = (long long)worker->env.mesh->replies_sent; | |
| 153 | s->mesh_replies_sum_wait_sec = (long long)worker->env.mesh->replies_sum_wait.tv_sec; | |
| 154 | s->mesh_replies_sum_wait_usec = (long long)worker->env.mesh->replies_sum_wait.tv_usec; | |
| 152 | 155 | s->mesh_time_median = timehist_quartile(worker->env.mesh->histogram, |
| 153 | 156 | 0.50); |
| 154 | 157 | |
| 155 | 158 | /* add in the values from the mesh */ |
| 156 | s->svr.ans_secure += worker->env.mesh->ans_secure; | |
| 157 | s->svr.ans_bogus += worker->env.mesh->ans_bogus; | |
| 158 | s->svr.ans_rcode_nodata += worker->env.mesh->ans_nodata; | |
| 159 | s->svr.ans_secure += (long long)worker->env.mesh->ans_secure; | |
| 160 | s->svr.ans_bogus += (long long)worker->env.mesh->ans_bogus; | |
| 161 | s->svr.ans_rcode_nodata += (long long)worker->env.mesh->ans_nodata; | |
| 159 | 162 | for(i=0; i<16; i++) |
| 160 | s->svr.ans_rcode[i] += worker->env.mesh->ans_rcode[i]; | |
| 163 | s->svr.ans_rcode[i] += (long long)worker->env.mesh->ans_rcode[i]; | |
| 161 | 164 | timehist_export(worker->env.mesh->histogram, s->svr.hist, |
| 162 | 165 | NUM_BUCKETS_HIST); |
| 163 | 166 | /* values from outside network */ |
| 164 | s->svr.unwanted_replies = worker->back->unwanted_replies; | |
| 165 | s->svr.qtcp_outgoing = worker->back->num_tcp_outgoing; | |
| 167 | s->svr.unwanted_replies = (long long)worker->back->unwanted_replies; | |
| 168 | s->svr.qtcp_outgoing = (long long)worker->back->num_tcp_outgoing; | |
| 166 | 169 | |
| 167 | 170 | /* get and reset validator rrset bogus number */ |
| 168 | s->svr.rrset_bogus = get_rrset_bogus(worker); | |
| 171 | s->svr.rrset_bogus = (long long)get_rrset_bogus(worker); | |
| 169 | 172 | |
| 170 | 173 | /* get cache sizes */ |
| 171 | s->svr.msg_cache_count = count_slabhash_entries(worker->env.msg_cache); | |
| 172 | s->svr.rrset_cache_count = count_slabhash_entries(&worker->env.rrset_cache->table); | |
| 173 | s->svr.infra_cache_count = count_slabhash_entries(worker->env.infra_cache->hosts); | |
| 174 | s->svr.msg_cache_count = (long long)count_slabhash_entries(worker->env.msg_cache); | |
| 175 | s->svr.rrset_cache_count = (long long)count_slabhash_entries(&worker->env.rrset_cache->table); | |
| 176 | s->svr.infra_cache_count = (long long)count_slabhash_entries(worker->env.infra_cache->hosts); | |
| 174 | 177 | if(worker->env.key_cache) |
| 175 | s->svr.key_cache_count = count_slabhash_entries(worker->env.key_cache->slab); | |
| 178 | s->svr.key_cache_count = (long long)count_slabhash_entries(worker->env.key_cache->slab); | |
| 176 | 179 | else s->svr.key_cache_count = 0; |
| 177 | 180 | |
| 178 | 181 | /* get tcp accept usage */ |
| 179 | 182 | s->svr.tcp_accept_usage = 0; |
| 180 | 183 | for(lp = worker->front->cps; lp; lp = lp->next) { |
| 181 | 184 | if(lp->com->type == comm_tcp_accept) |
| 182 | s->svr.tcp_accept_usage += lp->com->cur_tcp_count; | |
| 185 | s->svr.tcp_accept_usage += (long long)lp->com->cur_tcp_count; | |
| 183 | 186 | } |
| 184 | 187 | |
| 185 | 188 | if(reset && !worker->env.cfg->stat_cumulative) { |
| 188 | 191 | } |
| 189 | 192 | |
| 190 | 193 | void server_stats_obtain(struct worker* worker, struct worker* who, |
| 191 | struct stats_info* s, int reset) | |
| 194 | struct ub_stats_info* s, int reset) | |
| 192 | 195 | { |
| 193 | 196 | uint8_t *reply = NULL; |
| 194 | 197 | uint32_t len = 0; |
| 214 | 217 | |
| 215 | 218 | void server_stats_reply(struct worker* worker, int reset) |
| 216 | 219 | { |
| 217 | struct stats_info s; | |
| 220 | struct ub_stats_info s; | |
| 218 | 221 | server_stats_compile(worker, &s, reset); |
| 219 | 222 | verbose(VERB_ALGO, "write stats replymsg"); |
| 220 | 223 | if(!tube_write_msg(worker->daemon->workers[0]->cmd, |
| 222 | 225 | fatal_exit("could not write stat values over cmd channel"); |
| 223 | 226 | } |
| 224 | 227 | |
| 225 | void server_stats_add(struct stats_info* total, struct stats_info* a) | |
| 228 | void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) | |
| 226 | 229 | { |
| 227 | 230 | total->svr.num_queries += a->svr.num_queries; |
| 231 | total->svr.num_queries_ip_ratelimited += a->svr.num_queries_ip_ratelimited; | |
| 228 | 232 | total->svr.num_queries_missed_cache += a->svr.num_queries_missed_cache; |
| 229 | 233 | total->svr.num_queries_prefetch += a->svr.num_queries_prefetch; |
| 230 | 234 | total->svr.sum_query_list_size += a->svr.sum_query_list_size; |
| 235 | #ifdef USE_DNSCRYPT | |
| 236 | total->svr.num_query_dnscrypt_crypted += a->svr.num_query_dnscrypt_crypted; | |
| 237 | total->svr.num_query_dnscrypt_cert += a->svr.num_query_dnscrypt_cert; | |
| 238 | total->svr.num_query_dnscrypt_cleartext += \ | |
| 239 | a->svr.num_query_dnscrypt_cleartext; | |
| 240 | total->svr.num_query_dnscrypt_crypted_malformed += \ | |
| 241 | a->svr.num_query_dnscrypt_crypted_malformed; | |
| 242 | #endif | |
| 231 | 243 | /* the max size reached is upped to higher of both */ |
| 232 | 244 | if(a->svr.max_query_list_size > total->svr.max_query_list_size) |
| 233 | 245 | total->svr.max_query_list_size = a->svr.max_query_list_size; |
| 257 | 269 | total->svr.unwanted_replies += a->svr.unwanted_replies; |
| 258 | 270 | total->svr.unwanted_queries += a->svr.unwanted_queries; |
| 259 | 271 | total->svr.tcp_accept_usage += a->svr.tcp_accept_usage; |
| 260 | for(i=0; i<STATS_QTYPE_NUM; i++) | |
| 272 | for(i=0; i<UB_STATS_QTYPE_NUM; i++) | |
| 261 | 273 | total->svr.qtype[i] += a->svr.qtype[i]; |
| 262 | for(i=0; i<STATS_QCLASS_NUM; i++) | |
| 274 | for(i=0; i<UB_STATS_QCLASS_NUM; i++) | |
| 263 | 275 | total->svr.qclass[i] += a->svr.qclass[i]; |
| 264 | for(i=0; i<STATS_OPCODE_NUM; i++) | |
| 276 | for(i=0; i<UB_STATS_OPCODE_NUM; i++) | |
| 265 | 277 | total->svr.qopcode[i] += a->svr.qopcode[i]; |
| 266 | for(i=0; i<STATS_RCODE_NUM; i++) | |
| 278 | for(i=0; i<UB_STATS_RCODE_NUM; i++) | |
| 267 | 279 | total->svr.ans_rcode[i] += a->svr.ans_rcode[i]; |
| 268 | 280 | for(i=0; i<NUM_BUCKETS_HIST; i++) |
| 269 | 281 | total->svr.hist[i] += a->svr.hist[i]; |
| 274 | 286 | total->mesh_jostled += a->mesh_jostled; |
| 275 | 287 | total->mesh_dropped += a->mesh_dropped; |
| 276 | 288 | total->mesh_replies_sent += a->mesh_replies_sent; |
| 277 | timeval_add(&total->mesh_replies_sum_wait, &a->mesh_replies_sum_wait); | |
| 289 | stats_timeval_add(&total->mesh_replies_sum_wait_sec, &total->mesh_replies_sum_wait_usec, a->mesh_replies_sum_wait_sec, a->mesh_replies_sum_wait_usec); | |
| 278 | 290 | /* the medians are averaged together, this is not as accurate as |
| 279 | 291 | * taking the median over all of the data, but is good and fast |
| 280 | 292 | * added up here, division later*/ |
| 281 | 293 | total->mesh_time_median += a->mesh_time_median; |
| 282 | 294 | } |
| 283 | 295 | |
| 284 | void server_stats_insquery(struct server_stats* stats, struct comm_point* c, | |
| 296 | void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c, | |
| 285 | 297 | uint16_t qtype, uint16_t qclass, struct edns_data* edns, |
| 286 | 298 | struct comm_reply* repinfo) |
| 287 | 299 | { |
| 288 | 300 | uint16_t flags = sldns_buffer_read_u16_at(c->buffer, 2); |
| 289 | if(qtype < STATS_QTYPE_NUM) | |
| 301 | if(qtype < UB_STATS_QTYPE_NUM) | |
| 290 | 302 | stats->qtype[qtype]++; |
| 291 | 303 | else stats->qtype_big++; |
| 292 | if(qclass < STATS_QCLASS_NUM) | |
| 304 | if(qclass < UB_STATS_QCLASS_NUM) | |
| 293 | 305 | stats->qclass[qclass]++; |
| 294 | 306 | else stats->qclass_big++; |
| 295 | 307 | stats->qopcode[ LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) ]++; |
| 320 | 332 | } |
| 321 | 333 | } |
| 322 | 334 | |
| 323 | void server_stats_insrcode(struct server_stats* stats, sldns_buffer* buf) | |
| 335 | void server_stats_insrcode(struct ub_server_stats* stats, sldns_buffer* buf) | |
| 324 | 336 | { |
| 325 | 337 | if(stats->extended && sldns_buffer_limit(buf) != 0) { |
| 326 | 338 | int r = (int)LDNS_RCODE_WIRE( sldns_buffer_begin(buf) ); |
| 49 | 49 | struct edns_data; |
| 50 | 50 | struct sldns_buffer; |
| 51 | 51 | |
| 52 | /** number of qtype that is stored for in array */ | |
| 53 | #define STATS_QTYPE_NUM 256 | |
| 54 | /** number of qclass that is stored for in array */ | |
| 55 | #define STATS_QCLASS_NUM 256 | |
| 56 | /** number of rcodes in stats */ | |
| 57 | #define STATS_RCODE_NUM 16 | |
| 58 | /** number of opcodes in stats */ | |
| 59 | #define STATS_OPCODE_NUM 16 | |
| 60 | ||
| 61 | /** per worker statistics */ | |
| 62 | struct server_stats { | |
| 63 | /** number of queries from clients received. */ | |
| 64 | size_t num_queries; | |
| 65 | /** number of queries that had a cache-miss. */ | |
| 66 | size_t num_queries_missed_cache; | |
| 67 | /** number of prefetch queries - cachehits with prefetch */ | |
| 68 | size_t num_queries_prefetch; | |
| 69 | ||
| 70 | /** | |
| 71 | * Sum of the querylistsize of the worker for | |
| 72 | * every query that missed cache. To calculate average. | |
| 73 | */ | |
| 74 | size_t sum_query_list_size; | |
| 75 | /** max value of query list size reached. */ | |
| 76 | size_t max_query_list_size; | |
| 77 | ||
| 78 | /** Extended stats below (bool) */ | |
| 79 | int extended; | |
| 80 | ||
| 81 | /** qtype stats */ | |
| 82 | size_t qtype[STATS_QTYPE_NUM]; | |
| 83 | /** bigger qtype values not in array */ | |
| 84 | size_t qtype_big; | |
| 85 | /** qclass stats */ | |
| 86 | size_t qclass[STATS_QCLASS_NUM]; | |
| 87 | /** bigger qclass values not in array */ | |
| 88 | size_t qclass_big; | |
| 89 | /** query opcodes */ | |
| 90 | size_t qopcode[STATS_OPCODE_NUM]; | |
| 91 | /** number of queries over TCP */ | |
| 92 | size_t qtcp; | |
| 93 | /** number of outgoing queries over TCP */ | |
| 94 | size_t qtcp_outgoing; | |
| 95 | /** number of queries over IPv6 */ | |
| 96 | size_t qipv6; | |
| 97 | /** number of queries with QR bit */ | |
| 98 | size_t qbit_QR; | |
| 99 | /** number of queries with AA bit */ | |
| 100 | size_t qbit_AA; | |
| 101 | /** number of queries with TC bit */ | |
| 102 | size_t qbit_TC; | |
| 103 | /** number of queries with RD bit */ | |
| 104 | size_t qbit_RD; | |
| 105 | /** number of queries with RA bit */ | |
| 106 | size_t qbit_RA; | |
| 107 | /** number of queries with Z bit */ | |
| 108 | size_t qbit_Z; | |
| 109 | /** number of queries with AD bit */ | |
| 110 | size_t qbit_AD; | |
| 111 | /** number of queries with CD bit */ | |
| 112 | size_t qbit_CD; | |
| 113 | /** number of queries with EDNS OPT record */ | |
| 114 | size_t qEDNS; | |
| 115 | /** number of queries with EDNS with DO flag */ | |
| 116 | size_t qEDNS_DO; | |
| 117 | /** answer rcodes */ | |
| 118 | size_t ans_rcode[STATS_RCODE_NUM]; | |
| 119 | /** answers with pseudo rcode 'nodata' */ | |
| 120 | size_t ans_rcode_nodata; | |
| 121 | /** answers that were secure (AD) */ | |
| 122 | size_t ans_secure; | |
| 123 | /** answers that were bogus (withheld as SERVFAIL) */ | |
| 124 | size_t ans_bogus; | |
| 125 | /** rrsets marked bogus by validator */ | |
| 126 | size_t rrset_bogus; | |
| 127 | /** unwanted traffic received on server-facing ports */ | |
| 128 | size_t unwanted_replies; | |
| 129 | /** unwanted traffic received on client-facing ports */ | |
| 130 | size_t unwanted_queries; | |
| 131 | /** usage of tcp accept list */ | |
| 132 | size_t tcp_accept_usage; | |
| 133 | /** answers served from expired cache */ | |
| 134 | size_t zero_ttl_responses; | |
| 135 | /** histogram data exported to array | |
| 136 | * if the array is the same size, no data is lost, and | |
| 137 | * if all histograms are same size (is so by default) then | |
| 138 | * adding up works well. */ | |
| 139 | size_t hist[NUM_BUCKETS_HIST]; | |
| 140 | ||
| 141 | /** number of message cache entries */ | |
| 142 | size_t msg_cache_count; | |
| 143 | /** number of rrset cache entries */ | |
| 144 | size_t rrset_cache_count; | |
| 145 | /** number of infra cache entries */ | |
| 146 | size_t infra_cache_count; | |
| 147 | /** number of key cache entries */ | |
| 148 | size_t key_cache_count; | |
| 149 | }; | |
| 150 | ||
| 151 | /** | |
| 152 | * Statistics to send over the control pipe when asked | |
| 153 | * This struct is made to be memcpied, sent in binary. | |
| 154 | */ | |
| 155 | struct stats_info { | |
| 156 | /** the thread stats */ | |
| 157 | struct server_stats svr; | |
| 158 | ||
| 159 | /** mesh stats: current number of states */ | |
| 160 | size_t mesh_num_states; | |
| 161 | /** mesh stats: current number of reply (user) states */ | |
| 162 | size_t mesh_num_reply_states; | |
| 163 | /** mesh stats: number of reply states overwritten with a new one */ | |
| 164 | size_t mesh_jostled; | |
| 165 | /** mesh stats: number of incoming queries dropped */ | |
| 166 | size_t mesh_dropped; | |
| 167 | /** mesh stats: replies sent */ | |
| 168 | size_t mesh_replies_sent; | |
| 169 | /** mesh stats: sum of waiting times for the replies */ | |
| 170 | struct timeval mesh_replies_sum_wait; | |
| 171 | /** mesh stats: median of waiting times for replies (in sec) */ | |
| 172 | double mesh_time_median; | |
| 173 | }; | |
| 52 | /* stats struct */ | |
| 53 | #include "libunbound/unbound.h" | |
| 174 | 54 | |
| 175 | 55 | /** |
| 176 | 56 | * Initialize server stats to 0. |
| 177 | 57 | * @param stats: what to init (this is alloced by the caller). |
| 178 | 58 | * @param cfg: with extended statistics option. |
| 179 | 59 | */ |
| 180 | void server_stats_init(struct server_stats* stats, struct config_file* cfg); | |
| 60 | void server_stats_init(struct ub_server_stats* stats, struct config_file* cfg); | |
| 181 | 61 | |
| 182 | 62 | /** add query if it missed the cache */ |
| 183 | void server_stats_querymiss(struct server_stats* stats, struct worker* worker); | |
| 63 | void server_stats_querymiss(struct ub_server_stats* stats, struct worker* worker); | |
| 184 | 64 | |
| 185 | 65 | /** add query if was cached and also resulted in a prefetch */ |
| 186 | void server_stats_prefetch(struct server_stats* stats, struct worker* worker); | |
| 66 | void server_stats_prefetch(struct ub_server_stats* stats, struct worker* worker); | |
| 187 | 67 | |
| 188 | 68 | /** display the stats to the log */ |
| 189 | void server_stats_log(struct server_stats* stats, struct worker* worker, | |
| 69 | void server_stats_log(struct ub_server_stats* stats, struct worker* worker, | |
| 190 | 70 | int threadnum); |
| 191 | 71 | |
| 192 | 72 | /** |
| 197 | 77 | * @param reset: if stats can be reset. |
| 198 | 78 | */ |
| 199 | 79 | void server_stats_obtain(struct worker* worker, struct worker* who, |
| 200 | struct stats_info* s, int reset); | |
| 80 | struct ub_stats_info* s, int reset); | |
| 201 | 81 | |
| 202 | 82 | /** |
| 203 | 83 | * Compile stats into structure for this thread worker. |
| 207 | 87 | * @param reset: if true, depending on config stats are reset. |
| 208 | 88 | * if false, statistics are not reset. |
| 209 | 89 | */ |
| 210 | void server_stats_compile(struct worker* worker, struct stats_info* s, | |
| 90 | void server_stats_compile(struct worker* worker, struct ub_stats_info* s, | |
| 211 | 91 | int reset); |
| 212 | 92 | |
| 213 | 93 | /** |
| 223 | 103 | * @param total: sum of the two entries. |
| 224 | 104 | * @param a: to add to it. |
| 225 | 105 | */ |
| 226 | void server_stats_add(struct stats_info* total, struct stats_info* a); | |
| 106 | void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a); | |
| 227 | 107 | |
| 228 | 108 | /** |
| 229 | 109 | * Add stats for this query |
| 234 | 114 | * @param edns: edns record |
| 235 | 115 | * @param repinfo: reply info with remote address |
| 236 | 116 | */ |
| 237 | void server_stats_insquery(struct server_stats* stats, struct comm_point* c, | |
| 117 | void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c, | |
| 238 | 118 | uint16_t qtype, uint16_t qclass, struct edns_data* edns, |
| 239 | 119 | struct comm_reply* repinfo); |
| 240 | 120 | |
| 243 | 123 | * @param stats: the stats |
| 244 | 124 | * @param buf: buffer with rcode. If buffer is length0: not counted. |
| 245 | 125 | */ |
| 246 | void server_stats_insrcode(struct server_stats* stats, struct sldns_buffer* buf); | |
| 126 | void server_stats_insrcode(struct ub_server_stats* stats, struct sldns_buffer* buf); | |
| 247 | 127 | |
| 248 | 128 | #endif /* DAEMON_STATS_H */ |
| 263 | 263 | } |
| 264 | 264 | daemon_apply_cfg(daemon, cfg); |
| 265 | 265 | checkrlimits(cfg); |
| 266 | ||
| 267 | if (cfg->use_systemd && cfg->do_daemonize) { | |
| 268 | log_warn("use-systemd and do-daemonize should not be enabled at the same time"); | |
| 269 | } | |
| 270 | ||
| 266 | 271 | log_ident_set_fromdefault(cfg, log_default_identity); |
| 267 | 272 | } |
| 268 | 273 |
| 68 | 68 | #include "iterator/iter_hints.h" |
| 69 | 69 | #include "validator/autotrust.h" |
| 70 | 70 | #include "validator/val_anchor.h" |
| 71 | #include "respip/respip.h" | |
| 71 | 72 | #include "libunbound/context.h" |
| 72 | 73 | #include "libunbound/libworker.h" |
| 73 | 74 | #include "sldns/sbuffer.h" |
| 75 | #include "sldns/wire2str.h" | |
| 76 | #include "util/shm_side/shm_main.h" | |
| 77 | #include "dnscrypt/dnscrypt.h" | |
| 74 | 78 | |
| 75 | 79 | #ifdef HAVE_SYS_TYPES_H |
| 76 | 80 | # include <sys/types.h> |
| 112 | 116 | size_t total, front, back, mesh, msg, rrset, infra, ac, superac; |
| 113 | 117 | size_t me, iter, val, anch; |
| 114 | 118 | int i; |
| 119 | #ifdef CLIENT_SUBNET | |
| 120 | size_t subnet = 0; | |
| 121 | #endif /* CLIENT_SUBNET */ | |
| 115 | 122 | if(verbosity < VERB_ALGO) |
| 116 | 123 | return; |
| 117 | 124 | front = listen_get_mem(worker->front); |
| 131 | 138 | if(strcmp(worker->env.mesh->mods.mod[i]->name, "validator")==0) |
| 132 | 139 | val += (*worker->env.mesh->mods.mod[i]->get_mem) |
| 133 | 140 | (&worker->env, i); |
| 141 | #ifdef CLIENT_SUBNET | |
| 142 | else if(strcmp(worker->env.mesh->mods.mod[i]->name, | |
| 143 | "subnet")==0) | |
| 144 | subnet += (*worker->env.mesh->mods.mod[i]->get_mem) | |
| 145 | (&worker->env, i); | |
| 146 | #endif /* CLIENT_SUBNET */ | |
| 134 | 147 | else iter += (*worker->env.mesh->mods.mod[i]->get_mem) |
| 135 | 148 | (&worker->env, i); |
| 136 | 149 | } |
| 148 | 161 | me += serviced_get_mem(cur_serv); |
| 149 | 162 | } |
| 150 | 163 | total = front+back+mesh+msg+rrset+infra+iter+val+ac+superac+me; |
| 164 | #ifdef CLIENT_SUBNET | |
| 165 | total += subnet; | |
| 166 | log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " | |
| 167 | "rrset=%u infra=%u iter=%u val=%u subnet=%u anchors=%u " | |
| 168 | "alloccache=%u globalalloccache=%u me=%u", | |
| 169 | (unsigned)total, (unsigned)front, (unsigned)back, | |
| 170 | (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, | |
| 171 | (unsigned)iter, (unsigned)val, | |
| 172 | (unsigned)subnet, (unsigned)anch, (unsigned)ac, | |
| 173 | (unsigned)superac, (unsigned)me); | |
| 174 | #else /* no CLIENT_SUBNET */ | |
| 151 | 175 | log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " |
| 152 | 176 | "rrset=%u infra=%u iter=%u val=%u anchors=%u " |
| 153 | 177 | "alloccache=%u globalalloccache=%u me=%u", |
| 155 | 179 | (unsigned)mesh, (unsigned)msg, (unsigned)rrset, |
| 156 | 180 | (unsigned)infra, (unsigned)iter, (unsigned)val, (unsigned)anch, |
| 157 | 181 | (unsigned)ac, (unsigned)superac, (unsigned)me); |
| 182 | #endif /* CLIENT_SUBNET */ | |
| 158 | 183 | log_info("Total heap memory estimate: %u total-alloc: %u " |
| 159 | 184 | "total-free: %u", (unsigned)total, |
| 160 | 185 | (unsigned)unbound_mem_alloc, (unsigned)unbound_mem_freed); |
| 161 | 186 | #else /* no UNBOUND_ALLOC_STATS */ |
| 162 | 187 | size_t val = 0; |
| 188 | #ifdef CLIENT_SUBNET | |
| 189 | size_t subnet = 0; | |
| 190 | #endif /* CLIENT_SUBNET */ | |
| 163 | 191 | int i; |
| 164 | 192 | if(verbosity < VERB_QUERY) |
| 165 | 193 | return; |
| 169 | 197 | if(strcmp(worker->env.mesh->mods.mod[i]->name, "validator")==0) |
| 170 | 198 | val += (*worker->env.mesh->mods.mod[i]->get_mem) |
| 171 | 199 | (&worker->env, i); |
| 172 | } | |
| 200 | #ifdef CLIENT_SUBNET | |
| 201 | else if(strcmp(worker->env.mesh->mods.mod[i]->name, | |
| 202 | "subnet")==0) | |
| 203 | subnet += (*worker->env.mesh->mods.mod[i]->get_mem) | |
| 204 | (&worker->env, i); | |
| 205 | #endif /* CLIENT_SUBNET */ | |
| 206 | } | |
| 207 | #ifdef CLIENT_SUBNET | |
| 208 | verbose(VERB_QUERY, "cache memory msg=%u rrset=%u infra=%u val=%u " | |
| 209 | "subnet=%u", | |
| 210 | (unsigned)slabhash_get_mem(worker->env.msg_cache), | |
| 211 | (unsigned)slabhash_get_mem(&worker->env.rrset_cache->table), | |
| 212 | (unsigned)infra_get_mem(worker->env.infra_cache), | |
| 213 | (unsigned)val, (unsigned)subnet); | |
| 214 | #else /* no CLIENT_SUBNET */ | |
| 173 | 215 | verbose(VERB_QUERY, "cache memory msg=%u rrset=%u infra=%u val=%u", |
| 174 | 216 | (unsigned)slabhash_get_mem(worker->env.msg_cache), |
| 175 | 217 | (unsigned)slabhash_get_mem(&worker->env.rrset_cache->table), |
| 176 | 218 | (unsigned)infra_get_mem(worker->env.infra_cache), |
| 177 | 219 | (unsigned)val); |
| 220 | #endif /* CLIENT_SUBNET */ | |
| 178 | 221 | #endif /* UNBOUND_ALLOC_STATS */ |
| 179 | 222 | } |
| 180 | 223 | |
| 509 | 552 | return 1; |
| 510 | 553 | } |
| 511 | 554 | |
| 512 | /** answer query from the cache */ | |
| 555 | /** Apply, if applicable, a response IP action to a cached answer. | |
| 556 | * If the answer is rewritten as a result of an action, '*encode_repp' will | |
| 557 | * point to the reply info containing the modified answer. '*encode_repp' will | |
| 558 | * be intact otherwise. | |
| 559 | * It returns 1 on success, 0 otherwise. */ | |
| 560 | static int | |
| 561 | apply_respip_action(struct worker* worker, const struct query_info* qinfo, | |
| 562 | struct respip_client_info* cinfo, struct reply_info* rep, | |
| 563 | struct comm_reply* repinfo, struct ub_packed_rrset_key** alias_rrset, | |
| 564 | struct reply_info** encode_repp) | |
| 565 | { | |
| 566 | struct respip_action_info actinfo = {respip_none, NULL}; | |
| 567 | ||
| 568 | if(qinfo->qtype != LDNS_RR_TYPE_A && | |
| 569 | qinfo->qtype != LDNS_RR_TYPE_AAAA && | |
| 570 | qinfo->qtype != LDNS_RR_TYPE_ANY) | |
| 571 | return 1; | |
| 572 | ||
| 573 | if(!respip_rewrite_reply(qinfo, cinfo, rep, encode_repp, &actinfo, | |
| 574 | alias_rrset, 0, worker->scratchpad)) | |
| 575 | return 0; | |
| 576 | ||
| 577 | /* xxx_deny actions mean dropping the reply, unless the original reply | |
| 578 | * was redirected to response-ip data. */ | |
| 579 | if((actinfo.action == respip_deny || | |
| 580 | actinfo.action == respip_inform_deny) && | |
| 581 | *encode_repp == rep) | |
| 582 | *encode_repp = NULL; | |
| 583 | ||
| 584 | /* If address info is returned, it means the action should be an | |
| 585 | * 'inform' variant and the information should be logged. */ | |
| 586 | if(actinfo.addrinfo) { | |
| 587 | respip_inform_print(actinfo.addrinfo, qinfo->qname, | |
| 588 | qinfo->qtype, qinfo->qclass, qinfo->local_alias, | |
| 589 | repinfo); | |
| 590 | } | |
| 591 | ||
| 592 | return 1; | |
| 593 | } | |
| 594 | ||
| 595 | /** answer query from the cache. | |
| 596 | * Normally, the answer message will be built in repinfo->c->buffer; if the | |
| 597 | * answer is supposed to be suppressed or the answer is supposed to be an | |
| 598 | * incomplete CNAME chain, the buffer is explicitly cleared to signal the | |
| 599 | * caller as such. In the latter case *partial_rep will point to the incomplete | |
| 600 | * reply, and this function is (possibly) supposed to be called again with that | |
| 601 | * *partial_rep value to complete the chain. In addition, if the query should | |
| 602 | * be completely dropped, '*need_drop' will be set to 1. */ | |
| 513 | 603 | static int |
| 514 | 604 | answer_from_cache(struct worker* worker, struct query_info* qinfo, |
| 605 | struct respip_client_info* cinfo, int* need_drop, | |
| 606 | struct ub_packed_rrset_key** alias_rrset, | |
| 607 | struct reply_info** partial_repp, | |
| 515 | 608 | struct reply_info* rep, uint16_t id, uint16_t flags, |
| 516 | 609 | struct comm_reply* repinfo, struct edns_data* edns) |
| 517 | 610 | { |
| 518 | 611 | time_t timenow = *worker->env.now; |
| 519 | 612 | uint16_t udpsize = edns->udp_size; |
| 613 | struct reply_info* encode_rep = rep; | |
| 614 | struct reply_info* partial_rep = *partial_repp; | |
| 520 | 615 | int secure; |
| 521 | 616 | int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd) |
| 522 | 617 | && worker->env.need_to_validate; |
| 618 | *partial_repp = NULL; /* avoid accidental further pass */ | |
| 523 | 619 | if(worker->env.cfg->serve_expired) { |
| 524 | 620 | /* always lock rrsets, rep->ttl is ignored */ |
| 525 | 621 | if(!rrset_array_lock(rep->ref, rep->rrset_count, 0)) |
| 565 | 661 | edns->bits &= EDNS_DO; |
| 566 | 662 | if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep, |
| 567 | 663 | LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) |
| 568 | return 0; | |
| 664 | goto bail_out; | |
| 569 | 665 | error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, |
| 570 | 666 | qinfo, id, flags, edns); |
| 571 | 667 | rrset_array_unlock_touch(worker->env.rrset_cache, |
| 598 | 694 | edns->bits &= EDNS_DO; |
| 599 | 695 | if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep, |
| 600 | 696 | (int)(flags&LDNS_RCODE_MASK), edns, worker->scratchpad)) |
| 601 | return 0; | |
| 602 | if(!reply_info_answer_encode(qinfo, rep, id, flags, | |
| 697 | goto bail_out; | |
| 698 | *alias_rrset = NULL; /* avoid confusion if caller set it to non-NULL */ | |
| 699 | if(worker->daemon->use_response_ip && !partial_rep && | |
| 700 | !apply_respip_action(worker, qinfo, cinfo, rep, repinfo, alias_rrset, | |
| 701 | &encode_rep)) { | |
| 702 | goto bail_out; | |
| 703 | } else if(partial_rep && | |
| 704 | !respip_merge_cname(partial_rep, qinfo, rep, cinfo, | |
| 705 | must_validate, &encode_rep, worker->scratchpad)) { | |
| 706 | goto bail_out; | |
| 707 | } | |
| 708 | if(encode_rep != rep) | |
| 709 | secure = 0; /* if rewritten, it can't be considered "secure" */ | |
| 710 | if(!encode_rep || *alias_rrset) { | |
| 711 | sldns_buffer_clear(repinfo->c->buffer); | |
| 712 | sldns_buffer_flip(repinfo->c->buffer); | |
| 713 | if(!encode_rep) | |
| 714 | *need_drop = 1; | |
| 715 | else { | |
| 716 | /* If a partial CNAME chain is found, we first need to | |
| 717 | * make a copy of the reply in the scratchpad so we | |
| 718 | * can release the locks and lookup the cache again. */ | |
| 719 | *partial_repp = reply_info_copy(encode_rep, NULL, | |
| 720 | worker->scratchpad); | |
| 721 | if(!*partial_repp) | |
| 722 | goto bail_out; | |
| 723 | } | |
| 724 | } else if(!reply_info_answer_encode(qinfo, encode_rep, id, flags, | |
| 603 | 725 | repinfo->c->buffer, timenow, 1, worker->scratchpad, |
| 604 | 726 | udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { |
| 605 | 727 | if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, |
| 620 | 742 | return 1; |
| 621 | 743 | } |
| 622 | 744 | |
| 623 | /** Reply to client and perform prefetch to keep cache up to date */ | |
| 745 | /** Reply to client and perform prefetch to keep cache up to date. | |
| 746 | * If the buffer for the reply is empty, it indicates that only prefetch is | |
| 747 | * necessary and the reply should be suppressed (because it's dropped or | |
| 748 | * being deferred). */ | |
| 624 | 749 | static void |
| 625 | 750 | reply_and_prefetch(struct worker* worker, struct query_info* qinfo, |
| 626 | 751 | uint16_t flags, struct comm_reply* repinfo, time_t leeway) |
| 627 | 752 | { |
| 628 | 753 | /* first send answer to client to keep its latency |
| 629 | 754 | * as small as a cachereply */ |
| 630 | comm_point_send_reply(repinfo); | |
| 755 | if(sldns_buffer_limit(repinfo->c->buffer) != 0) | |
| 756 | comm_point_send_reply(repinfo); | |
| 631 | 757 | server_stats_prefetch(&worker->stats, worker); |
| 632 | 758 | |
| 633 | 759 | /* create the prefetch in the mesh as a normal lookup without |
| 642 | 768 | * Fill CH class answer into buffer. Keeps query. |
| 643 | 769 | * @param pkt: buffer |
| 644 | 770 | * @param str: string to put into text record (<255). |
| 771 | * array of strings, every string becomes a text record. | |
| 772 | * @param num: number of strings in array. | |
| 645 | 773 | * @param edns: edns reply information. |
| 646 | 774 | * @param worker: worker with scratch region. |
| 647 | 775 | */ |
| 648 | 776 | static void |
| 649 | chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns, | |
| 777 | chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns, | |
| 650 | 778 | struct worker* worker) |
| 651 | 779 | { |
| 652 | size_t len = strlen(str); | |
| 780 | int i; | |
| 653 | 781 | unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt)); |
| 654 | 782 | unsigned int cd = LDNS_CD_WIRE(sldns_buffer_begin(pkt)); |
| 655 | if(len>255) len=255; /* cap size of TXT record */ | |
| 656 | 783 | sldns_buffer_clear(pkt); |
| 657 | 784 | sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */ |
| 658 | 785 | sldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA)); |
| 659 | 786 | if(rd) LDNS_RD_SET(sldns_buffer_begin(pkt)); |
| 660 | 787 | if(cd) LDNS_CD_SET(sldns_buffer_begin(pkt)); |
| 661 | 788 | sldns_buffer_write_u16(pkt, 1); /* qdcount */ |
| 662 | sldns_buffer_write_u16(pkt, 1); /* ancount */ | |
| 789 | sldns_buffer_write_u16(pkt, (uint16_t)num); /* ancount */ | |
| 663 | 790 | sldns_buffer_write_u16(pkt, 0); /* nscount */ |
| 664 | 791 | sldns_buffer_write_u16(pkt, 0); /* arcount */ |
| 665 | 792 | (void)query_dname_len(pkt); /* skip qname */ |
| 666 | 793 | sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qtype */ |
| 667 | 794 | sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qclass */ |
| 668 | sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */ | |
| 669 | sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT); | |
| 670 | sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH); | |
| 671 | sldns_buffer_write_u32(pkt, 0); /* TTL */ | |
| 672 | sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len); | |
| 673 | sldns_buffer_write_u8(pkt, len); | |
| 674 | sldns_buffer_write(pkt, str, len); | |
| 795 | for(i=0; i<num; i++) { | |
| 796 | size_t len = strlen(str[i]); | |
| 797 | if(len>255) len=255; /* cap size of TXT record */ | |
| 798 | sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */ | |
| 799 | sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT); | |
| 800 | sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH); | |
| 801 | sldns_buffer_write_u32(pkt, 0); /* TTL */ | |
| 802 | sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len); | |
| 803 | sldns_buffer_write_u8(pkt, len); | |
| 804 | sldns_buffer_write(pkt, str[i], len); | |
| 805 | } | |
| 675 | 806 | sldns_buffer_flip(pkt); |
| 676 | 807 | edns->edns_version = EDNS_ADVERTISED_VERSION; |
| 677 | 808 | edns->udp_size = EDNS_ADVERTISED_SIZE; |
| 679 | 810 | if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL, |
| 680 | 811 | LDNS_RCODE_NOERROR, edns, worker->scratchpad)) |
| 681 | 812 | edns->opt_list = NULL; |
| 682 | attach_edns_record(pkt, edns); | |
| 813 | if(sldns_buffer_capacity(pkt) >= | |
| 814 | sldns_buffer_limit(pkt)+calc_edns_field_size(edns)) | |
| 815 | attach_edns_record(pkt, edns); | |
| 816 | } | |
| 817 | ||
| 818 | /** Reply with one string */ | |
| 819 | static void | |
| 820 | chaos_replyonestr(sldns_buffer* pkt, const char* str, struct edns_data* edns, | |
| 821 | struct worker* worker) | |
| 822 | { | |
| 823 | chaos_replystr(pkt, (char**)&str, 1, edns, worker); | |
| 824 | } | |
| 825 | ||
| 826 | /** | |
| 827 | * Create CH class trustanchor answer. | |
| 828 | * @param pkt: buffer | |
| 829 | * @param edns: edns reply information. | |
| 830 | * @param w: worker with scratch region. | |
| 831 | */ | |
| 832 | static void | |
| 833 | chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w) | |
| 834 | { | |
| 835 | #define TA_RESPONSE_MAX_TXT 16 /* max number of TXT records */ | |
| 836 | #define TA_RESPONSE_MAX_TAGS 32 /* max number of tags printed per zone */ | |
| 837 | char* str_array[TA_RESPONSE_MAX_TXT]; | |
| 838 | uint16_t tags[TA_RESPONSE_MAX_TAGS]; | |
| 839 | int num = 0; | |
| 840 | struct trust_anchor* ta; | |
| 841 | ||
| 842 | if(!w->env.need_to_validate) { | |
| 843 | /* no validator module, reply no trustanchors */ | |
| 844 | chaos_replystr(pkt, NULL, 0, edns, w); | |
| 845 | return; | |
| 846 | } | |
| 847 | ||
| 848 | /* fill the string with contents */ | |
| 849 | lock_basic_lock(&w->env.anchors->lock); | |
| 850 | RBTREE_FOR(ta, struct trust_anchor*, w->env.anchors->tree) { | |
| 851 | char* str; | |
| 852 | size_t i, numtag, str_len = 255; | |
| 853 | if(num == TA_RESPONSE_MAX_TXT) continue; | |
| 854 | str = (char*)regional_alloc(w->scratchpad, str_len); | |
| 855 | if(!str) continue; | |
| 856 | lock_basic_lock(&ta->lock); | |
| 857 | numtag = anchor_list_keytags(ta, tags, TA_RESPONSE_MAX_TAGS); | |
| 858 | if(numtag == 0) { | |
| 859 | /* empty, insecure point */ | |
| 860 | lock_basic_unlock(&ta->lock); | |
| 861 | continue; | |
| 862 | } | |
| 863 | str_array[num] = str; | |
| 864 | num++; | |
| 865 | ||
| 866 | /* spool name of anchor */ | |
| 867 | (void)sldns_wire2str_dname_buf(ta->name, ta->namelen, str, str_len); | |
| 868 | str_len -= strlen(str); str += strlen(str); | |
| 869 | /* spool tags */ | |
| 870 | for(i=0; i<numtag; i++) { | |
| 871 | snprintf(str, str_len, " %u", (unsigned)tags[i]); | |
| 872 | str_len -= strlen(str); str += strlen(str); | |
| 873 | } | |
| 874 | lock_basic_unlock(&ta->lock); | |
| 875 | } | |
| 876 | lock_basic_unlock(&w->env.anchors->lock); | |
| 877 | ||
| 878 | chaos_replystr(pkt, str_array, num, edns, w); | |
| 879 | regional_free_all(w->scratchpad); | |
| 683 | 880 | } |
| 684 | 881 | |
| 685 | 882 | /** |
| 708 | 905 | char buf[MAXHOSTNAMELEN+1]; |
| 709 | 906 | if (gethostname(buf, MAXHOSTNAMELEN) == 0) { |
| 710 | 907 | buf[MAXHOSTNAMELEN] = 0; |
| 711 | chaos_replystr(pkt, buf, edns, w); | |
| 908 | chaos_replyonestr(pkt, buf, edns, w); | |
| 712 | 909 | } else { |
| 713 | 910 | log_err("gethostname: %s", strerror(errno)); |
| 714 | chaos_replystr(pkt, "no hostname", edns, w); | |
| 911 | chaos_replyonestr(pkt, "no hostname", edns, w); | |
| 715 | 912 | } |
| 716 | 913 | } |
| 717 | else chaos_replystr(pkt, cfg->identity, edns, w); | |
| 914 | else chaos_replyonestr(pkt, cfg->identity, edns, w); | |
| 718 | 915 | return 1; |
| 719 | 916 | } |
| 720 | 917 | if(query_dname_compare(qinfo->qname, |
| 725 | 922 | if(cfg->hide_version) |
| 726 | 923 | return 0; |
| 727 | 924 | if(cfg->version==NULL || cfg->version[0]==0) |
| 728 | chaos_replystr(pkt, PACKAGE_STRING, edns, w); | |
| 729 | else chaos_replystr(pkt, cfg->version, edns, w); | |
| 925 | chaos_replyonestr(pkt, PACKAGE_STRING, edns, w); | |
| 926 | else chaos_replyonestr(pkt, cfg->version, edns, w); | |
| 730 | 927 | return 1; |
| 731 | 928 | } |
| 929 | if(query_dname_compare(qinfo->qname, | |
| 930 | (uint8_t*)"\013trustanchor\007unbound") == 0) | |
| 931 | { | |
| 932 | if(cfg->hide_trustanchor) | |
| 933 | return 0; | |
| 934 | chaos_trustanchor(pkt, edns, w); | |
| 935 | return 1; | |
| 936 | } | |
| 937 | ||
| 732 | 938 | return 0; |
| 733 | 939 | } |
| 734 | 940 | |
| 786 | 992 | { |
| 787 | 993 | struct worker* worker = (struct worker*)arg; |
| 788 | 994 | int ret; |
| 789 | hashvalue_t h; | |
| 995 | hashvalue_type h; | |
| 790 | 996 | struct lruhash_entry* e; |
| 791 | 997 | struct query_info qinfo; |
| 792 | 998 | struct edns_data edns; |
| 793 | 999 | enum acl_access acl; |
| 794 | 1000 | struct acl_addr* acladdr; |
| 795 | 1001 | int rc = 0; |
| 1002 | int need_drop = 0; | |
| 1003 | /* We might have to chase a CNAME chain internally, in which case | |
| 1004 | * we'll have up to two replies and combine them to build a complete | |
| 1005 | * answer. These variables control this case. */ | |
| 1006 | struct ub_packed_rrset_key* alias_rrset = NULL; | |
| 1007 | struct reply_info* partial_rep = NULL; | |
| 1008 | struct query_info* lookup_qinfo = &qinfo; | |
| 1009 | struct query_info qinfo_tmp; /* placeholdoer for lookup_qinfo */ | |
| 1010 | struct respip_client_info* cinfo = NULL, cinfo_tmp; | |
| 796 | 1011 | |
| 797 | 1012 | if(error != NETEVENT_NOERROR) { |
| 798 | 1013 | /* some bad tcp query DNS formats give these error calls */ |
| 799 | 1014 | verbose(VERB_ALGO, "handle request called with err=%d", error); |
| 800 | 1015 | return 0; |
| 801 | 1016 | } |
| 1017 | #ifdef USE_DNSCRYPT | |
| 1018 | repinfo->max_udp_size = worker->daemon->cfg->max_udp_size; | |
| 1019 | if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) { | |
| 1020 | worker->stats.num_query_dnscrypt_crypted_malformed++; | |
| 1021 | return 0; | |
| 1022 | } | |
| 1023 | if(c->dnscrypt && !repinfo->is_dnscrypted) { | |
| 1024 | char buf[LDNS_MAX_DOMAINLEN+1]; | |
| 1025 | /* Check if this is unencrypted and asking for certs */ | |
| 1026 | if(worker_check_request(c->buffer, worker) != 0) { | |
| 1027 | verbose(VERB_ALGO, | |
| 1028 | "dnscrypt: worker check request: bad query."); | |
| 1029 | log_addr(VERB_CLIENT,"from",&repinfo->addr, | |
| 1030 | repinfo->addrlen); | |
| 1031 | comm_point_drop_reply(repinfo); | |
| 1032 | return 0; | |
| 1033 | } | |
| 1034 | if(!query_info_parse(&qinfo, c->buffer)) { | |
| 1035 | verbose(VERB_ALGO, | |
| 1036 | "dnscrypt: worker parse request: formerror."); | |
| 1037 | log_addr(VERB_CLIENT, "from", &repinfo->addr, | |
| 1038 | repinfo->addrlen); | |
| 1039 | comm_point_drop_reply(repinfo); | |
| 1040 | return 0; | |
| 1041 | } | |
| 1042 | dname_str(qinfo.qname, buf); | |
| 1043 | if(!(qinfo.qtype == LDNS_RR_TYPE_TXT && | |
| 1044 | strcasecmp(buf, | |
| 1045 | worker->daemon->dnscenv->provider_name) == 0)) { | |
| 1046 | verbose(VERB_ALGO, | |
| 1047 | "dnscrypt: not TXT %s. Receive: %s %s", | |
| 1048 | worker->daemon->dnscenv->provider_name, | |
| 1049 | sldns_rr_descript(qinfo.qtype)->_name, | |
| 1050 | buf); | |
| 1051 | comm_point_drop_reply(repinfo); | |
| 1052 | worker->stats.num_query_dnscrypt_cleartext++; | |
| 1053 | return 0; | |
| 1054 | } | |
| 1055 | worker->stats.num_query_dnscrypt_cert++; | |
| 1056 | sldns_buffer_rewind(c->buffer); | |
| 1057 | } else if(c->dnscrypt && repinfo->is_dnscrypted) { | |
| 1058 | worker->stats.num_query_dnscrypt_crypted++; | |
| 1059 | } | |
| 1060 | #endif | |
| 802 | 1061 | #ifdef USE_DNSTAP |
| 803 | 1062 | if(worker->dtenv.log_client_query_messages) |
| 804 | 1063 | dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, c->type, |
| 824 | 1083 | comm_point_drop_reply(repinfo); |
| 825 | 1084 | return 0; |
| 826 | 1085 | } |
| 1086 | ||
| 827 | 1087 | worker->stats.num_queries++; |
| 1088 | ||
| 1089 | /* check if this query should be dropped based on source ip rate limiting */ | |
| 1090 | if(!infra_ip_ratelimit_inc(worker->env.infra_cache, repinfo, | |
| 1091 | *worker->env.now)) { | |
| 1092 | /* See if we are passed through with slip factor */ | |
| 1093 | if(worker->env.cfg->ip_ratelimit_factor != 0 && | |
| 1094 | ub_random_max(worker->env.rnd, | |
| 1095 | worker->env.cfg->ip_ratelimit_factor) == 1) { | |
| 1096 | ||
| 1097 | char addrbuf[128]; | |
| 1098 | addr_to_str(&repinfo->addr, repinfo->addrlen, | |
| 1099 | addrbuf, sizeof(addrbuf)); | |
| 1100 | verbose(VERB_OPS, "ip_ratelimit allowed through for ip address %s ", | |
| 1101 | addrbuf); | |
| 1102 | } else { | |
| 1103 | worker->stats.num_queries_ip_ratelimited++; | |
| 1104 | comm_point_drop_reply(repinfo); | |
| 1105 | return 0; | |
| 1106 | } | |
| 1107 | } | |
| 1108 | ||
| 828 | 1109 | /* see if query is in the cache */ |
| 829 | 1110 | if(!query_info_parse(&qinfo, c->buffer)) { |
| 830 | 1111 | verbose(VERB_ALGO, "worker parse request: formerror."); |
| 853 | 1134 | LDNS_QR_SET(sldns_buffer_begin(c->buffer)); |
| 854 | 1135 | LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), |
| 855 | 1136 | LDNS_RCODE_REFUSED); |
| 1137 | if(worker->stats.extended) { | |
| 1138 | worker->stats.qtype[qinfo.qtype]++; | |
| 1139 | server_stats_insrcode(&worker->stats, c->buffer); | |
| 1140 | } | |
| 1141 | goto send_reply; | |
| 1142 | } | |
| 1143 | if(qinfo.qtype == LDNS_RR_TYPE_OPT || | |
| 1144 | qinfo.qtype == LDNS_RR_TYPE_TSIG || | |
| 1145 | qinfo.qtype == LDNS_RR_TYPE_TKEY || | |
| 1146 | qinfo.qtype == LDNS_RR_TYPE_MAILA || | |
| 1147 | qinfo.qtype == LDNS_RR_TYPE_MAILB || | |
| 1148 | (qinfo.qtype >= 128 && qinfo.qtype <= 248)) { | |
| 1149 | verbose(VERB_ALGO, "worker request: formerror for meta-type."); | |
| 1150 | log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); | |
| 1151 | if(worker_err_ratelimit(worker, LDNS_RCODE_FORMERR) == -1) { | |
| 1152 | comm_point_drop_reply(repinfo); | |
| 1153 | return 0; | |
| 1154 | } | |
| 1155 | sldns_buffer_rewind(c->buffer); | |
| 1156 | LDNS_QR_SET(sldns_buffer_begin(c->buffer)); | |
| 1157 | LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), | |
| 1158 | LDNS_RCODE_FORMERR); | |
| 856 | 1159 | if(worker->stats.extended) { |
| 857 | 1160 | worker->stats.qtype[qinfo.qtype]++; |
| 858 | 1161 | server_stats_insrcode(&worker->stats, c->buffer); |
| 885 | 1188 | error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo, |
| 886 | 1189 | *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), |
| 887 | 1190 | sldns_buffer_read_u16_at(c->buffer, 2), NULL); |
| 888 | attach_edns_record(c->buffer, &edns); | |
| 1191 | if(sldns_buffer_capacity(c->buffer) >= | |
| 1192 | sldns_buffer_limit(c->buffer)+calc_edns_field_size(&edns)) | |
| 1193 | attach_edns_record(c->buffer, &edns); | |
| 889 | 1194 | regional_free_all(worker->scratchpad); |
| 890 | 1195 | goto send_reply; |
| 891 | 1196 | } |
| 991 | 1296 | qinfo.qname_len = d->rr_len[0] - 2; |
| 992 | 1297 | } |
| 993 | 1298 | |
| 1299 | /* If we may apply IP-based actions to the answer, build the client | |
| 1300 | * information. As this can be expensive, skip it if there is | |
| 1301 | * absolutely no possibility of it. */ | |
| 1302 | if(worker->daemon->use_response_ip && | |
| 1303 | (qinfo.qtype == LDNS_RR_TYPE_A || | |
| 1304 | qinfo.qtype == LDNS_RR_TYPE_AAAA || | |
| 1305 | qinfo.qtype == LDNS_RR_TYPE_ANY)) { | |
| 1306 | cinfo_tmp.taglist = acladdr->taglist; | |
| 1307 | cinfo_tmp.taglen = acladdr->taglen; | |
| 1308 | cinfo_tmp.tag_actions = acladdr->tag_actions; | |
| 1309 | cinfo_tmp.tag_actions_size = acladdr->tag_actions_size; | |
| 1310 | cinfo_tmp.tag_datas = acladdr->tag_datas; | |
| 1311 | cinfo_tmp.tag_datas_size = acladdr->tag_datas_size; | |
| 1312 | cinfo_tmp.view = acladdr->view; | |
| 1313 | cinfo_tmp.respip_set = worker->daemon->respip_set; | |
| 1314 | cinfo = &cinfo_tmp; | |
| 1315 | } | |
| 1316 | ||
| 1317 | lookup_cache: | |
| 1318 | /* Lookup the cache. In case we chase an intermediate CNAME chain | |
| 1319 | * this is a two-pass operation, and lookup_qinfo is different for | |
| 1320 | * each pass. We should still pass the original qinfo to | |
| 1321 | * answer_from_cache(), however, since it's used to build the reply. */ | |
| 994 | 1322 | if(!edns_bypass_cache_stage(edns.opt_list, &worker->env)) { |
| 995 | h = query_info_hash(&qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); | |
| 996 | if((e=slabhash_lookup(worker->env.msg_cache, h, &qinfo, 0))) { | |
| 1323 | h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); | |
| 1324 | if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { | |
| 997 | 1325 | /* answer from cache - we have acquired a readlock on it */ |
| 998 | 1326 | if(answer_from_cache(worker, &qinfo, |
| 1327 | cinfo, &need_drop, &alias_rrset, &partial_rep, | |
| 999 | 1328 | (struct reply_info*)e->data, |
| 1000 | 1329 | *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), |
| 1001 | 1330 | sldns_buffer_read_u16_at(c->buffer, 2), repinfo, |
| 1002 | 1331 | &edns)) { |
| 1003 | /* prefetch it if the prefetch TTL expired */ | |
| 1332 | /* prefetch it if the prefetch TTL expired. | |
| 1333 | * Note that if there is more than one pass | |
| 1334 | * its qname must be that used for cache | |
| 1335 | * lookup. */ | |
| 1004 | 1336 | if((worker->env.cfg->prefetch || worker->env.cfg->serve_expired) |
| 1005 | 1337 | && *worker->env.now >= |
| 1006 | 1338 | ((struct reply_info*)e->data)->prefetch_ttl) { |
| 1010 | 1342 | < *worker->env.now) |
| 1011 | 1343 | leeway = 0; |
| 1012 | 1344 | lock_rw_unlock(&e->lock); |
| 1013 | reply_and_prefetch(worker, &qinfo, | |
| 1345 | reply_and_prefetch(worker, lookup_qinfo, | |
| 1014 | 1346 | sldns_buffer_read_u16_at(c->buffer, 2), |
| 1015 | 1347 | repinfo, leeway); |
| 1016 | rc = 0; | |
| 1348 | if(!partial_rep) { | |
| 1349 | rc = 0; | |
| 1350 | regional_free_all(worker->scratchpad); | |
| 1351 | goto send_reply_rc; | |
| 1352 | } | |
| 1353 | } else if(!partial_rep) { | |
| 1354 | lock_rw_unlock(&e->lock); | |
| 1017 | 1355 | regional_free_all(worker->scratchpad); |
| 1018 | goto send_reply_rc; | |
| 1356 | goto send_reply; | |
| 1019 | 1357 | } |
| 1358 | /* We've found a partial reply ending with an | |
| 1359 | * alias. Replace the lookup qinfo for the | |
| 1360 | * alias target and lookup the cache again to | |
| 1361 | * (possibly) complete the reply. As we're | |
| 1362 | * passing the "base" reply, there will be no | |
| 1363 | * more alias chasing. */ | |
| 1020 | 1364 | lock_rw_unlock(&e->lock); |
| 1021 | regional_free_all(worker->scratchpad); | |
| 1022 | goto send_reply; | |
| 1365 | memset(&qinfo_tmp, 0, sizeof(qinfo_tmp)); | |
| 1366 | get_cname_target(alias_rrset, &qinfo_tmp.qname, | |
| 1367 | &qinfo_tmp.qname_len); | |
| 1368 | if(!qinfo_tmp.qname) { | |
| 1369 | log_err("unexpected: invalid answer alias"); | |
| 1370 | regional_free_all(worker->scratchpad); | |
| 1371 | return 0; /* drop query */ | |
| 1372 | } | |
| 1373 | qinfo_tmp.qtype = qinfo.qtype; | |
| 1374 | qinfo_tmp.qclass = qinfo.qclass; | |
| 1375 | lookup_qinfo = &qinfo_tmp; | |
| 1376 | goto lookup_cache; | |
| 1023 | 1377 | } |
| 1024 | 1378 | verbose(VERB_ALGO, "answer from the cache failed"); |
| 1025 | 1379 | lock_rw_unlock(&e->lock); |
| 1048 | 1402 | } |
| 1049 | 1403 | |
| 1050 | 1404 | /* grab a work request structure for this new request */ |
| 1051 | mesh_new_client(worker->env.mesh, &qinfo, | |
| 1405 | mesh_new_client(worker->env.mesh, &qinfo, cinfo, | |
| 1052 | 1406 | sldns_buffer_read_u16_at(c->buffer, 2), |
| 1053 | 1407 | &edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer)); |
| 1054 | 1408 | regional_free_all(worker->scratchpad); |
| 1058 | 1412 | send_reply: |
| 1059 | 1413 | rc = 1; |
| 1060 | 1414 | send_reply_rc: |
| 1415 | if(need_drop) { | |
| 1416 | comm_point_drop_reply(repinfo); | |
| 1417 | return 0; | |
| 1418 | } | |
| 1061 | 1419 | #ifdef USE_DNSTAP |
| 1062 | 1420 | if(worker->dtenv.log_client_response_messages) |
| 1063 | 1421 | dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, |
| 1064 | 1422 | c->type, c->buffer); |
| 1423 | #endif | |
| 1424 | if(worker->env.cfg->log_replies) | |
| 1425 | { | |
| 1426 | struct timeval tv = {0, 0}; | |
| 1427 | log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, | |
| 1428 | tv, 1, c->buffer); | |
| 1429 | } | |
| 1430 | #ifdef USE_DNSCRYPT | |
| 1431 | if(!dnsc_handle_uncurved_request(repinfo)) { | |
| 1432 | return 0; | |
| 1433 | } | |
| 1065 | 1434 | #endif |
| 1066 | 1435 | return rc; |
| 1067 | 1436 | } |
| 1118 | 1487 | server_stats_log(&worker->stats, worker, worker->thread_num); |
| 1119 | 1488 | mesh_stats(worker->env.mesh, "mesh has"); |
| 1120 | 1489 | worker_mem_report(worker, NULL); |
| 1490 | /* SHM is enabled, process data to SHM */ | |
| 1491 | if (worker->daemon->cfg->shm_enable) { | |
| 1492 | shm_main_run(worker); | |
| 1493 | } | |
| 1121 | 1494 | if(!worker->daemon->cfg->stat_cumulative) { |
| 1122 | 1495 | worker_stats_clear(worker); |
| 1123 | 1496 | } |
| 1299 | 1672 | worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env); |
| 1300 | 1673 | worker->env.detach_subs = &mesh_detach_subs; |
| 1301 | 1674 | worker->env.attach_sub = &mesh_attach_sub; |
| 1675 | worker->env.add_sub = &mesh_add_sub; | |
| 1302 | 1676 | worker->env.kill_sub = &mesh_state_delete; |
| 1303 | 1677 | worker->env.detect_cycle = &mesh_detect_cycle; |
| 1304 | 1678 | worker->env.scratch_buffer = sldns_buffer_new(cfg->msg_buffer_size); |
| 84 | 84 | /** global shared daemon structure */ |
| 85 | 85 | struct daemon* daemon; |
| 86 | 86 | /** thread id */ |
| 87 | ub_thread_t thr_id; | |
| 87 | ub_thread_type thr_id; | |
| 88 | 88 | /** pipe, for commands for this worker */ |
| 89 | 89 | struct tube* cmd; |
| 90 | 90 | /** the event base this worker works with */ |
| 115 | 115 | /** allocation cache for this thread */ |
| 116 | 116 | struct alloc_cache alloc; |
| 117 | 117 | /** per thread statistics */ |
| 118 | struct server_stats stats; | |
| 118 | struct ub_server_stats stats; | |
| 119 | 119 | /** thread scratch regional */ |
| 120 | 120 | struct regional* scratchpad; |
| 121 | 121 | |
| 410 | 410 | return module_wait_subquery; |
| 411 | 411 | } |
| 412 | 412 | |
| 413 | /** allocate (special) rrset keys, return 0 on error */ | |
| 414 | static int | |
| 415 | repinfo_alloc_rrset_keys(struct reply_info* rep, | |
| 416 | struct regional* region) | |
| 417 | { | |
| 418 | size_t i; | |
| 419 | for(i=0; i<rep->rrset_count; i++) { | |
| 420 | if(region) { | |
| 421 | rep->rrsets[i] = (struct ub_packed_rrset_key*) | |
| 422 | regional_alloc(region, | |
| 423 | sizeof(struct ub_packed_rrset_key)); | |
| 424 | if(rep->rrsets[i]) { | |
| 425 | memset(rep->rrsets[i], 0, | |
| 426 | sizeof(struct ub_packed_rrset_key)); | |
| 427 | rep->rrsets[i]->entry.key = rep->rrsets[i]; | |
| 428 | } | |
| 429 | } | |
| 430 | else return 0;/* rep->rrsets[i] = alloc_special_obtain(alloc);*/ | |
| 431 | if(!rep->rrsets[i]) | |
| 432 | return 0; | |
| 433 | rep->rrsets[i]->entry.data = NULL; | |
| 434 | } | |
| 435 | return 1; | |
| 436 | } | |
| 437 | ||
| 438 | 413 | static enum module_ext_state |
| 439 | 414 | generate_type_A_query(struct module_qstate* qstate, int id) |
| 440 | 415 | { |
| 706 | 681 | return; |
| 707 | 682 | |
| 708 | 683 | /* allocate ub_key structures special or not */ |
| 709 | if(!repinfo_alloc_rrset_keys(cp, super->region)) { | |
| 684 | if(!reply_info_alloc_rrset_keys(cp, NULL, super->region)) { | |
| 710 | 685 | return; |
| 711 | 686 | } |
| 712 | 687 | |
| 0 | #ifndef UNBOUND_DNSCRYPT_CERT_H | |
| 1 | #define UNBOUND_DNSCRYPT_CERT_H | |
| 2 | ||
| 3 | /** | |
| 4 | * \file | |
| 5 | * certificate type for dnscrypt for use in other header files | |
| 6 | */ | |
| 7 | ||
| 8 | #include <sodium.h> | |
| 9 | #define CERT_MAGIC_CERT "DNSC" | |
| 10 | #define CERT_MAJOR_VERSION 1 | |
| 11 | #define CERT_MINOR_VERSION 0 | |
| 12 | #define CERT_OLD_MAGIC_HEADER "7PYqwfzt" | |
| 13 | ||
| 14 | #define CERT_FILE_EXPIRE_DAYS 365 | |
| 15 | ||
| 16 | struct SignedCert { | |
| 17 | uint8_t magic_cert[4]; | |
| 18 | uint8_t version_major[2]; | |
| 19 | uint8_t version_minor[2]; | |
| 20 | ||
| 21 | // Signed Content | |
| 22 | uint8_t signed_content[64]; | |
| 23 | uint8_t server_publickey[crypto_box_PUBLICKEYBYTES]; | |
| 24 | uint8_t magic_query[8]; | |
| 25 | uint8_t serial[4]; | |
| 26 | uint8_t ts_begin[4]; | |
| 27 | uint8_t ts_end[4]; | |
| 28 | }; | |
| 29 | ||
| 30 | ||
| 31 | #endif |
| 0 | ||
| 1 | #include "config.h" | |
| 2 | #include <stdlib.h> | |
| 3 | #include <fcntl.h> | |
| 4 | #ifdef HAVE_TIME_H | |
| 5 | #include <time.h> | |
| 6 | #endif | |
| 7 | #include <sys/time.h> | |
| 8 | #include <sys/types.h> | |
| 9 | #include "sldns/sbuffer.h" | |
| 10 | #include "util/config_file.h" | |
| 11 | #include "util/net_help.h" | |
| 12 | #include "util/netevent.h" | |
| 13 | #include "util/log.h" | |
| 14 | ||
| 15 | #include "dnscrypt/cert.h" | |
| 16 | #include "dnscrypt/dnscrypt.h" | |
| 17 | #include "dnscrypt/dnscrypt_config.h" | |
| 18 | ||
| 19 | #include <ctype.h> | |
| 20 | ||
| 21 | /** | |
| 22 | * \file | |
| 23 | * dnscrypt functions for encrypting DNS packets. | |
| 24 | */ | |
| 25 | ||
| 26 | #define DNSCRYPT_QUERY_BOX_OFFSET \ | |
| 27 | (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES) | |
| 28 | ||
| 29 | // 8 bytes: magic header (CERT_MAGIC_HEADER) | |
| 30 | // 12 bytes: the client's nonce | |
| 31 | // 12 bytes: server nonce extension | |
| 32 | // 16 bytes: Poly1305 MAC (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) | |
| 33 | ||
| 34 | #define DNSCRYPT_REPLY_BOX_OFFSET \ | |
| 35 | (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES + crypto_box_HALF_NONCEBYTES) | |
| 36 | ||
| 37 | /** | |
| 38 | * Decrypt a query using the dnsccert that was found using dnsc_find_cert. | |
| 39 | * The client nonce will be extracted from the encrypted query and stored in | |
| 40 | * client_nonce, a shared secret will be computed and stored in nmkey and the | |
| 41 | * buffer will be decrypted inplace. | |
| 42 | * \param[in] cert the cert that matches this encrypted query. | |
| 43 | * \param[in] client_nonce where the client nonce will be stored. | |
| 44 | * \param[in] nmkey where the shared secret key will be written. | |
| 45 | * \param[in] buffer the encrypted buffer. | |
| 46 | * \return 0 on success. | |
| 47 | */ | |
| 48 | static int | |
| 49 | dnscrypt_server_uncurve(const dnsccert *cert, | |
| 50 | uint8_t client_nonce[crypto_box_HALF_NONCEBYTES], | |
| 51 | uint8_t nmkey[crypto_box_BEFORENMBYTES], | |
| 52 | struct sldns_buffer* buffer) | |
| 53 | { | |
| 54 | size_t len = sldns_buffer_limit(buffer); | |
| 55 | uint8_t *const buf = sldns_buffer_begin(buffer); | |
| 56 | uint8_t nonce[crypto_box_NONCEBYTES]; | |
| 57 | struct dnscrypt_query_header *query_header; | |
| 58 | ||
| 59 | if (len <= DNSCRYPT_QUERY_HEADER_SIZE) { | |
| 60 | return -1; | |
| 61 | } | |
| 62 | ||
| 63 | query_header = (struct dnscrypt_query_header *)buf; | |
| 64 | memcpy(nmkey, query_header->publickey, crypto_box_PUBLICKEYBYTES); | |
| 65 | if(cert->es_version[1] == 2) { | |
| 66 | #ifdef USE_DNSCRYPT_XCHACHA20 | |
| 67 | if (crypto_box_curve25519xchacha20poly1305_beforenm( | |
| 68 | nmkey, nmkey, cert->keypair->crypt_secretkey) != 0) { | |
| 69 | return -1; | |
| 70 | } | |
| 71 | #else | |
| 72 | return -1; | |
| 73 | #endif | |
| 74 | } else { | |
| 75 | if (crypto_box_beforenm(nmkey, nmkey, cert->keypair->crypt_secretkey) != 0) { | |
| 76 | return -1; | |
| 77 | } | |
| 78 | } | |
| 79 | ||
| 80 | memcpy(nonce, query_header->nonce, crypto_box_HALF_NONCEBYTES); | |
| 81 | memset(nonce + crypto_box_HALF_NONCEBYTES, 0, crypto_box_HALF_NONCEBYTES); | |
| 82 | ||
| 83 | if(cert->es_version[1] == 2) { | |
| 84 | #ifdef USE_DNSCRYPT_XCHACHA20 | |
| 85 | if (crypto_box_curve25519xchacha20poly1305_open_easy_afternm | |
| 86 | (buf, | |
| 87 | buf + DNSCRYPT_QUERY_BOX_OFFSET, | |
| 88 | len - DNSCRYPT_QUERY_BOX_OFFSET, nonce, | |
| 89 | nmkey) != 0) { | |
| 90 | return -1; | |
| 91 | } | |
| 92 | #else | |
| 93 | return -1; | |
| 94 | #endif | |
| 95 | } else { | |
| 96 | if (crypto_box_open_easy_afternm | |
| 97 | (buf, | |
| 98 | buf + DNSCRYPT_QUERY_BOX_OFFSET, | |
| 99 | len - DNSCRYPT_QUERY_BOX_OFFSET, nonce, | |
| 100 | nmkey) != 0) { | |
| 101 | return -1; | |
| 102 | } | |
| 103 | } | |
| 104 | ||
| 105 | len -= DNSCRYPT_QUERY_HEADER_SIZE; | |
| 106 | ||
| 107 | while (*sldns_buffer_at(buffer, --len) == 0) | |
| 108 | ; | |
| 109 | ||
| 110 | if (*sldns_buffer_at(buffer, len) != 0x80) { | |
| 111 | return -1; | |
| 112 | } | |
| 113 | ||
| 114 | memcpy(client_nonce, nonce, crypto_box_HALF_NONCEBYTES); | |
| 115 | ||
| 116 | sldns_buffer_set_position(buffer, 0); | |
| 117 | sldns_buffer_set_limit(buffer, len); | |
| 118 | ||
| 119 | return 0; | |
| 120 | } | |
| 121 | ||
| 122 | ||
| 123 | /** | |
| 124 | * Add random padding to a buffer, according to a client nonce. | |
| 125 | * The length has to depend on the query in order to avoid reply attacks. | |
| 126 | * | |
| 127 | * @param buf a buffer | |
| 128 | * @param len the initial size of the buffer | |
| 129 | * @param max_len the maximum size | |
| 130 | * @param nonce a nonce, made of the client nonce repeated twice | |
| 131 | * @param secretkey | |
| 132 | * @return the new size, after padding | |
| 133 | */ | |
| 134 | size_t | |
| 135 | dnscrypt_pad(uint8_t *buf, const size_t len, const size_t max_len, | |
| 136 | const uint8_t *nonce, const uint8_t *secretkey) | |
| 137 | { | |
| 138 | uint8_t *buf_padding_area = buf + len; | |
| 139 | size_t padded_len; | |
| 140 | uint32_t rnd; | |
| 141 | ||
| 142 | // no padding | |
| 143 | if (max_len < len + DNSCRYPT_MIN_PAD_LEN) | |
| 144 | return len; | |
| 145 | ||
| 146 | assert(nonce[crypto_box_HALF_NONCEBYTES] == nonce[0]); | |
| 147 | ||
| 148 | crypto_stream((unsigned char *)&rnd, (unsigned long long)sizeof(rnd), nonce, | |
| 149 | secretkey); | |
| 150 | padded_len = | |
| 151 | len + DNSCRYPT_MIN_PAD_LEN + rnd % (max_len - len - | |
| 152 | DNSCRYPT_MIN_PAD_LEN + 1); | |
| 153 | padded_len += DNSCRYPT_BLOCK_SIZE - padded_len % DNSCRYPT_BLOCK_SIZE; | |
| 154 | if (padded_len > max_len) | |
| 155 | padded_len = max_len; | |
| 156 | ||
| 157 | memset(buf_padding_area, 0, padded_len - len); | |
| 158 | *buf_padding_area = 0x80; | |
| 159 | ||
| 160 | return padded_len; | |
| 161 | } | |
| 162 | ||
| 163 | uint64_t | |
| 164 | dnscrypt_hrtime(void) | |
| 165 | { | |
| 166 | struct timeval tv; | |
| 167 | uint64_t ts = (uint64_t)0U; | |
| 168 | int ret; | |
| 169 | ||
| 170 | ret = gettimeofday(&tv, NULL); | |
| 171 | if (ret == 0) { | |
| 172 | ts = (uint64_t)tv.tv_sec * 1000000U + (uint64_t)tv.tv_usec; | |
| 173 | } else { | |
| 174 | log_err("gettimeofday: %s", strerror(errno)); | |
| 175 | } | |
| 176 | return ts; | |
| 177 | } | |
| 178 | ||
| 179 | /** | |
| 180 | * Add the server nonce part to once. | |
| 181 | * The nonce is made half of client nonce and the seconf half of the server | |
| 182 | * nonce, both of them of size crypto_box_HALF_NONCEBYTES. | |
| 183 | * \param[in] nonce: a uint8_t* of size crypto_box_NONCEBYTES | |
| 184 | */ | |
| 185 | static void | |
| 186 | add_server_nonce(uint8_t *nonce) | |
| 187 | { | |
| 188 | uint64_t ts; | |
| 189 | uint64_t tsn; | |
| 190 | uint32_t suffix; | |
| 191 | ts = dnscrypt_hrtime(); | |
| 192 | // TODO? dnscrypt-wrapper does some logic with context->nonce_ts_last | |
| 193 | // unclear if we really need it, so skipping it for now. | |
| 194 | tsn = (ts << 10) | (randombytes_random() & 0x3ff); | |
| 195 | #if (BYTE_ORDER == LITTLE_ENDIAN) | |
| 196 | tsn = | |
| 197 | (((uint64_t)htonl((uint32_t)tsn)) << 32) | htonl((uint32_t)(tsn >> 32)); | |
| 198 | #endif | |
| 199 | memcpy(nonce + crypto_box_HALF_NONCEBYTES, &tsn, 8); | |
| 200 | suffix = randombytes_random(); | |
| 201 | memcpy(nonce + crypto_box_HALF_NONCEBYTES + 8, &suffix, 4); | |
| 202 | } | |
| 203 | ||
| 204 | /** | |
| 205 | * Encrypt a reply using the dnsccert that was used with the query. | |
| 206 | * The client nonce will be extracted from the encrypted query and stored in | |
| 207 | * The buffer will be encrypted inplace. | |
| 208 | * \param[in] cert the dnsccert that matches this encrypted query. | |
| 209 | * \param[in] client_nonce client nonce used during the query | |
| 210 | * \param[in] nmkey shared secret key used during the query. | |
| 211 | * \param[in] buffer the buffer where to encrypt the reply. | |
| 212 | * \param[in] udp if whether or not it is a UDP query. | |
| 213 | * \param[in] max_udp_size configured max udp size. | |
| 214 | * \return 0 on success. | |
| 215 | */ | |
| 216 | static int | |
| 217 | dnscrypt_server_curve(const dnsccert *cert, | |
| 218 | uint8_t client_nonce[crypto_box_HALF_NONCEBYTES], | |
| 219 | uint8_t nmkey[crypto_box_BEFORENMBYTES], | |
| 220 | struct sldns_buffer* buffer, | |
| 221 | uint8_t udp, | |
| 222 | size_t max_udp_size) | |
| 223 | { | |
| 224 | size_t dns_reply_len = sldns_buffer_limit(buffer); | |
| 225 | size_t max_len = dns_reply_len + DNSCRYPT_MAX_PADDING + DNSCRYPT_REPLY_HEADER_SIZE; | |
| 226 | size_t max_reply_size = max_udp_size - 20U - 8U; | |
| 227 | uint8_t nonce[crypto_box_NONCEBYTES]; | |
| 228 | uint8_t *boxed; | |
| 229 | uint8_t *const buf = sldns_buffer_begin(buffer); | |
| 230 | size_t len = sldns_buffer_limit(buffer); | |
| 231 | ||
| 232 | if(udp){ | |
| 233 | if (max_len > max_reply_size) | |
| 234 | max_len = max_reply_size; | |
| 235 | } | |
| 236 | ||
| 237 | ||
| 238 | memcpy(nonce, client_nonce, crypto_box_HALF_NONCEBYTES); | |
| 239 | memcpy(nonce + crypto_box_HALF_NONCEBYTES, client_nonce, | |
| 240 | crypto_box_HALF_NONCEBYTES); | |
| 241 | ||
| 242 | boxed = buf + DNSCRYPT_REPLY_BOX_OFFSET; | |
| 243 | memmove(boxed + crypto_box_MACBYTES, buf, len); | |
| 244 | len = dnscrypt_pad(boxed + crypto_box_MACBYTES, len, | |
| 245 | max_len - DNSCRYPT_REPLY_HEADER_SIZE, nonce, | |
| 246 | cert->keypair->crypt_secretkey); | |
| 247 | sldns_buffer_set_at(buffer, | |
| 248 | DNSCRYPT_REPLY_BOX_OFFSET - crypto_box_BOXZEROBYTES, | |
| 249 | 0, crypto_box_ZEROBYTES); | |
| 250 | ||
| 251 | // add server nonce extension | |
| 252 | add_server_nonce(nonce); | |
| 253 | ||
| 254 | if(cert->es_version[1] == 2) { | |
| 255 | #ifdef USE_DNSCRYPT_XCHACHA20 | |
| 256 | if (crypto_box_curve25519xchacha20poly1305_easy_afternm | |
| 257 | (boxed, boxed + crypto_box_MACBYTES, len, nonce, nmkey) != 0) { | |
| 258 | return -1; | |
| 259 | } | |
| 260 | #else | |
| 261 | return -1; | |
| 262 | #endif | |
| 263 | } else { | |
| 264 | if (crypto_box_easy_afternm | |
| 265 | (boxed, boxed + crypto_box_MACBYTES, len, nonce, nmkey) != 0) { | |
| 266 | return -1; | |
| 267 | } | |
| 268 | } | |
| 269 | ||
| 270 | sldns_buffer_write_at(buffer, 0, DNSCRYPT_MAGIC_RESPONSE, DNSCRYPT_MAGIC_HEADER_LEN); | |
| 271 | sldns_buffer_write_at(buffer, DNSCRYPT_MAGIC_HEADER_LEN, nonce, crypto_box_NONCEBYTES); | |
| 272 | sldns_buffer_set_limit(buffer, len + DNSCRYPT_REPLY_HEADER_SIZE); | |
| 273 | return 0; | |
| 274 | } | |
| 275 | ||
| 276 | /** | |
| 277 | * Read the content of fname into buf. | |
| 278 | * \param[in] fname name of the file to read. | |
| 279 | * \param[in] buf the buffer in which to read the content of the file. | |
| 280 | * \param[in] count number of bytes to read. | |
| 281 | * \return 0 on success. | |
| 282 | */ | |
| 283 | static int | |
| 284 | dnsc_read_from_file(char *fname, char *buf, size_t count) | |
| 285 | { | |
| 286 | int fd; | |
| 287 | fd = open(fname, O_RDONLY); | |
| 288 | if (fd == -1) { | |
| 289 | return -1; | |
| 290 | } | |
| 291 | if (read(fd, buf, count) != (ssize_t)count) { | |
| 292 | close(fd); | |
| 293 | return -2; | |
| 294 | } | |
| 295 | close(fd); | |
| 296 | return 0; | |
| 297 | } | |
| 298 | ||
| 299 | /** | |
| 300 | * Given an absolute path on the original root, returns the absolute path | |
| 301 | * within the chroot. If chroot is disabled, the path is not modified. | |
| 302 | * No char * is malloced so there is no need to free this. | |
| 303 | * \param[in] cfg the configuration. | |
| 304 | * \param[in] path the path from the original root. | |
| 305 | * \return the path from inside the chroot. | |
| 306 | */ | |
| 307 | static char * | |
| 308 | dnsc_chroot_path(struct config_file *cfg, char *path) | |
| 309 | { | |
| 310 | char *nm; | |
| 311 | nm = path; | |
| 312 | if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, | |
| 313 | cfg->chrootdir, strlen(cfg->chrootdir)) == 0) | |
| 314 | nm += strlen(cfg->chrootdir); | |
| 315 | return nm; | |
| 316 | } | |
| 317 | ||
| 318 | /** | |
| 319 | * Parse certificates files provided by the configuration and load them into | |
| 320 | * dnsc_env. | |
| 321 | * \param[in] env the dnsc_env structure to load the certs into. | |
| 322 | * \param[in] cfg the configuration. | |
| 323 | * \return the number of certificates loaded. | |
| 324 | */ | |
| 325 | static int | |
| 326 | dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg) | |
| 327 | { | |
| 328 | struct config_strlist *head; | |
| 329 | size_t signed_cert_id; | |
| 330 | char *nm; | |
| 331 | ||
| 332 | env->signed_certs_count = 0U; | |
| 333 | for (head = cfg->dnscrypt_provider_cert; head; head = head->next) { | |
| 334 | env->signed_certs_count++; | |
| 335 | } | |
| 336 | env->signed_certs = sodium_allocarray(env->signed_certs_count, | |
| 337 | sizeof *env->signed_certs); | |
| 338 | ||
| 339 | signed_cert_id = 0U; | |
| 340 | for(head = cfg->dnscrypt_provider_cert; head; head = head->next, signed_cert_id++) { | |
| 341 | nm = dnsc_chroot_path(cfg, head->str); | |
| 342 | if(dnsc_read_from_file( | |
| 343 | nm, | |
| 344 | (char *)(env->signed_certs + signed_cert_id), | |
| 345 | sizeof(struct SignedCert)) != 0) { | |
| 346 | fatal_exit("dnsc_parse_certs: failed to load %s: %s", head->str, strerror(errno)); | |
| 347 | } | |
| 348 | verbose(VERB_OPS, "Loaded cert %s", head->str); | |
| 349 | } | |
| 350 | return signed_cert_id; | |
| 351 | } | |
| 352 | ||
| 353 | /** | |
| 354 | * Helper function to convert a binary key into a printable fingerprint. | |
| 355 | * \param[in] fingerprint the buffer in which to write the printable key. | |
| 356 | * \param[in] key the key to convert. | |
| 357 | */ | |
| 358 | void | |
| 359 | dnsc_key_to_fingerprint(char fingerprint[80U], const uint8_t * const key) | |
| 360 | { | |
| 361 | const size_t fingerprint_size = 80U; | |
| 362 | size_t fingerprint_pos = (size_t) 0U; | |
| 363 | size_t key_pos = (size_t) 0U; | |
| 364 | ||
| 365 | for (;;) { | |
| 366 | assert(fingerprint_size > fingerprint_pos); | |
| 367 | snprintf(&fingerprint[fingerprint_pos], | |
| 368 | fingerprint_size - fingerprint_pos, "%02X%02X", | |
| 369 | key[key_pos], key[key_pos + 1U]); | |
| 370 | key_pos += 2U; | |
| 371 | if (key_pos >= crypto_box_PUBLICKEYBYTES) { | |
| 372 | break; | |
| 373 | } | |
| 374 | fingerprint[fingerprint_pos + 4U] = ':'; | |
| 375 | fingerprint_pos += 5U; | |
| 376 | } | |
| 377 | } | |
| 378 | ||
| 379 | /** | |
| 380 | * Find the cert matching a DNSCrypt query. | |
| 381 | * \param[in] dnscenv The DNSCrypt enviroment, which contains the list of certs | |
| 382 | * supported by the server. | |
| 383 | * \param[in] buffer The encrypted DNS query. | |
| 384 | * \return a dnsccert * if we found a cert matching the magic_number of the | |
| 385 | * query, NULL otherwise. | |
| 386 | */ | |
| 387 | static const dnsccert * | |
| 388 | dnsc_find_cert(struct dnsc_env* dnscenv, struct sldns_buffer* buffer) | |
| 389 | { | |
| 390 | const dnsccert *certs = dnscenv->certs; | |
| 391 | struct dnscrypt_query_header *dnscrypt_header; | |
| 392 | size_t i; | |
| 393 | ||
| 394 | if (sldns_buffer_limit(buffer) < DNSCRYPT_QUERY_HEADER_SIZE) { | |
| 395 | return NULL; | |
| 396 | } | |
| 397 | dnscrypt_header = (struct dnscrypt_query_header *)sldns_buffer_begin(buffer); | |
| 398 | for (i = 0U; i < dnscenv->signed_certs_count; i++) { | |
| 399 | if (memcmp(certs[i].magic_query, dnscrypt_header->magic_query, | |
| 400 | DNSCRYPT_MAGIC_HEADER_LEN) == 0) { | |
| 401 | return &certs[i]; | |
| 402 | } | |
| 403 | } | |
| 404 | return NULL; | |
| 405 | } | |
| 406 | ||
| 407 | /** | |
| 408 | * Insert local-zone and local-data into configuration. | |
| 409 | * In order to be able to serve certs over TXT, we can reuse the local-zone and | |
| 410 | * local-data config option. The zone and qname are infered from the | |
| 411 | * provider_name and the content of the TXT record from the certificate content. | |
| 412 | * returns the number of certtificate TXT record that were loaded. | |
| 413 | * < 0 in case of error. | |
| 414 | */ | |
| 415 | static int | |
| 416 | dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) | |
| 417 | { | |
| 418 | size_t i, j; | |
| 419 | // Insert 'local-zone: "2.dnscrypt-cert.example.com" deny' | |
| 420 | if(!cfg_str2list_insert(&cfg->local_zones, | |
| 421 | strdup(dnscenv->provider_name), | |
| 422 | strdup("deny"))) { | |
| 423 | log_err("Could not load dnscrypt local-zone: %s deny", | |
| 424 | dnscenv->provider_name); | |
| 425 | return -1; | |
| 426 | } | |
| 427 | ||
| 428 | // Add local data entry of type: | |
| 429 | // 2.dnscrypt-cert.example.com 86400 IN TXT "DNSC......" | |
| 430 | for(i=0; i<dnscenv->signed_certs_count; i++) { | |
| 431 | const char *ttl_class_type = " 86400 IN TXT \""; | |
| 432 | struct SignedCert *cert = dnscenv->signed_certs + i; | |
| 433 | uint16_t rrlen = strlen(dnscenv->provider_name) + | |
| 434 | strlen(ttl_class_type) + | |
| 435 | 4 * sizeof(struct SignedCert) + // worst case scenario | |
| 436 | 1 + // trailing double quote | |
| 437 | 1; | |
| 438 | char *rr = malloc(rrlen); | |
| 439 | if(!rr) { | |
| 440 | log_err("Could not allocate memory"); | |
| 441 | return -2; | |
| 442 | } | |
| 443 | snprintf(rr, rrlen - 1, "%s 86400 IN TXT \"", dnscenv->provider_name); | |
| 444 | for(j=0; j<sizeof(struct SignedCert); j++) { | |
| 445 | int c = (int)*((const uint8_t *) cert + j); | |
| 446 | if (isprint(c) && c != '"' && c != '\\') { | |
| 447 | snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "%c", c); | |
| 448 | } else { | |
| 449 | snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "\\%03d", c); | |
| 450 | } | |
| 451 | } | |
| 452 | snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "\""); | |
| 453 | cfg_strlist_insert(&cfg->local_data, strdup(rr)); | |
| 454 | free(rr); | |
| 455 | } | |
| 456 | return dnscenv->signed_certs_count; | |
| 457 | } | |
| 458 | ||
| 459 | static const char * | |
| 460 | key_get_es_version(uint8_t version[2]) | |
| 461 | { | |
| 462 | struct es_version { | |
| 463 | uint8_t es_version[2]; | |
| 464 | const char *name; | |
| 465 | }; | |
| 466 | ||
| 467 | struct es_version es_versions[] = { | |
| 468 | {{0x00, 0x01}, "X25519-XSalsa20Poly1305"}, | |
| 469 | {{0x00, 0x02}, "X25519-XChacha20Poly1305"}, | |
| 470 | }; | |
| 471 | int i; | |
| 472 | for(i=0; i < (int)sizeof(es_versions); i++){ | |
| 473 | if(es_versions[i].es_version[0] == version[0] && | |
| 474 | es_versions[i].es_version[1] == version[1]){ | |
| 475 | return es_versions[i].name; | |
| 476 | } | |
| 477 | } | |
| 478 | return NULL; | |
| 479 | } | |
| 480 | ||
| 481 | ||
| 482 | /** | |
| 483 | * Parse the secret key files from `dnscrypt-secret-key` config and populates | |
| 484 | * a list of dnsccert with es_version, magic number and secret/public keys | |
| 485 | * supported by dnscrypt listener. | |
| 486 | * \param[in] env The dnsc_env structure which will hold the keypairs. | |
| 487 | * \param[in] cfg The config with the secret key file paths. | |
| 488 | */ | |
| 489 | static int | |
| 490 | dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg) | |
| 491 | { | |
| 492 | struct config_strlist *head; | |
| 493 | size_t cert_id, keypair_id; | |
| 494 | size_t c; | |
| 495 | char *nm; | |
| 496 | ||
| 497 | env->keypairs_count = 0U; | |
| 498 | for (head = cfg->dnscrypt_secret_key; head; head = head->next) { | |
| 499 | env->keypairs_count++; | |
| 500 | } | |
| 501 | ||
| 502 | env->keypairs = sodium_allocarray(env->keypairs_count, | |
| 503 | sizeof *env->keypairs); | |
| 504 | env->certs = sodium_allocarray(env->signed_certs_count, | |
| 505 | sizeof *env->certs); | |
| 506 | ||
| 507 | cert_id = 0U; | |
| 508 | keypair_id = 0U; | |
| 509 | for(head = cfg->dnscrypt_secret_key; head; head = head->next, keypair_id++) { | |
| 510 | char fingerprint[80]; | |
| 511 | int found_cert = 0; | |
| 512 | KeyPair *current_keypair = &env->keypairs[keypair_id]; | |
| 513 | nm = dnsc_chroot_path(cfg, head->str); | |
| 514 | if(dnsc_read_from_file( | |
| 515 | nm, | |
| 516 | (char *)(current_keypair->crypt_secretkey), | |
| 517 | crypto_box_SECRETKEYBYTES) != 0) { | |
| 518 | fatal_exit("dnsc_parse_keys: failed to load %s: %s", head->str, strerror(errno)); | |
| 519 | } | |
| 520 | verbose(VERB_OPS, "Loaded key %s", head->str); | |
| 521 | if (crypto_scalarmult_base(current_keypair->crypt_publickey, | |
| 522 | current_keypair->crypt_secretkey) != 0) { | |
| 523 | fatal_exit("dnsc_parse_keys: could not generate public key from %s", head->str); | |
| 524 | } | |
| 525 | dnsc_key_to_fingerprint(fingerprint, current_keypair->crypt_publickey); | |
| 526 | verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s", head->str, fingerprint); | |
| 527 | // find the cert matching this key | |
| 528 | for(c = 0; c < env->signed_certs_count; c++) { | |
| 529 | if(memcmp(current_keypair->crypt_publickey, | |
| 530 | env->signed_certs[c].server_publickey, | |
| 531 | crypto_box_PUBLICKEYBYTES) == 0) { | |
| 532 | dnsccert *current_cert = &env->certs[cert_id++]; | |
| 533 | found_cert = 1; | |
| 534 | current_cert->keypair = current_keypair; | |
| 535 | memcpy(current_cert->magic_query, | |
| 536 | env->signed_certs[c].magic_query, | |
| 537 | sizeof env->signed_certs[c].magic_query); | |
| 538 | memcpy(current_cert->es_version, | |
| 539 | env->signed_certs[c].version_major, | |
| 540 | sizeof env->signed_certs[c].version_major | |
| 541 | ); | |
| 542 | dnsc_key_to_fingerprint(fingerprint, | |
| 543 | current_cert->keypair->crypt_publickey); | |
| 544 | verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s", | |
| 545 | head->str, fingerprint); | |
| 546 | verbose(VERB_OPS, "Using %s", | |
| 547 | key_get_es_version(current_cert->es_version)); | |
| 548 | #ifndef USE_DNSCRYPT_XCHACHA20 | |
| 549 | if (current_cert->es_version[1] == 0x02) { | |
| 550 | fatal_exit("Certificate for XChacha20 but libsodium does not support it."); | |
| 551 | } | |
| 552 | #endif | |
| 553 | ||
| 554 | } | |
| 555 | } | |
| 556 | if (!found_cert) { | |
| 557 | fatal_exit("dnsc_parse_keys: could not match certificate for key " | |
| 558 | "%s. Unable to determine ES version.", | |
| 559 | head->str); | |
| 560 | } | |
| 561 | } | |
| 562 | return cert_id; | |
| 563 | } | |
| 564 | ||
| 565 | ||
| 566 | /** | |
| 567 | * ######################################################### | |
| 568 | * ############# Publicly accessible functions ############# | |
| 569 | * ######################################################### | |
| 570 | */ | |
| 571 | ||
| 572 | int | |
| 573 | dnsc_handle_curved_request(struct dnsc_env* dnscenv, | |
| 574 | struct comm_reply* repinfo) | |
| 575 | { | |
| 576 | struct comm_point* c = repinfo->c; | |
| 577 | ||
| 578 | repinfo->is_dnscrypted = 0; | |
| 579 | if( !c->dnscrypt ) { | |
| 580 | return 1; | |
| 581 | } | |
| 582 | // Attempt to decrypt the query. If it is not crypted, we may still need | |
| 583 | // to serve the certificate. | |
| 584 | verbose(VERB_ALGO, "handle request called on DNSCrypt socket"); | |
| 585 | if ((repinfo->dnsc_cert = dnsc_find_cert(dnscenv, c->buffer)) != NULL) { | |
| 586 | if(dnscrypt_server_uncurve(repinfo->dnsc_cert, | |
| 587 | repinfo->client_nonce, | |
| 588 | repinfo->nmkey, | |
| 589 | c->buffer) != 0){ | |
| 590 | verbose(VERB_ALGO, "dnscrypt: Failed to uncurve"); | |
| 591 | comm_point_drop_reply(repinfo); | |
| 592 | return 0; | |
| 593 | } | |
| 594 | repinfo->is_dnscrypted = 1; | |
| 595 | sldns_buffer_rewind(c->buffer); | |
| 596 | } | |
| 597 | return 1; | |
| 598 | } | |
| 599 | ||
| 600 | int | |
| 601 | dnsc_handle_uncurved_request(struct comm_reply *repinfo) | |
| 602 | { | |
| 603 | if(!repinfo->c->dnscrypt) { | |
| 604 | return 1; | |
| 605 | } | |
| 606 | sldns_buffer_copy(repinfo->c->dnscrypt_buffer, repinfo->c->buffer); | |
| 607 | if(!repinfo->is_dnscrypted) { | |
| 608 | return 1; | |
| 609 | } | |
| 610 | if(dnscrypt_server_curve(repinfo->dnsc_cert, | |
| 611 | repinfo->client_nonce, | |
| 612 | repinfo->nmkey, | |
| 613 | repinfo->c->dnscrypt_buffer, | |
| 614 | repinfo->c->type == comm_udp, | |
| 615 | repinfo->max_udp_size) != 0){ | |
| 616 | verbose(VERB_ALGO, "dnscrypt: Failed to curve cached missed answer"); | |
| 617 | comm_point_drop_reply(repinfo); | |
| 618 | return 0; | |
| 619 | } | |
| 620 | return 1; | |
| 621 | } | |
| 622 | ||
| 623 | struct dnsc_env * | |
| 624 | dnsc_create(void) | |
| 625 | { | |
| 626 | struct dnsc_env *env; | |
| 627 | if (sodium_init() == -1) { | |
| 628 | fatal_exit("dnsc_create: could not initialize libsodium."); | |
| 629 | } | |
| 630 | env = (struct dnsc_env *) calloc(1, sizeof(struct dnsc_env)); | |
| 631 | return env; | |
| 632 | } | |
| 633 | ||
| 634 | int | |
| 635 | dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg) | |
| 636 | { | |
| 637 | if(dnsc_parse_certs(env, cfg) <= 0) { | |
| 638 | fatal_exit("dnsc_apply_cfg: no cert file loaded"); | |
| 639 | } | |
| 640 | if(dnsc_parse_keys(env, cfg) <= 0) { | |
| 641 | fatal_exit("dnsc_apply_cfg: no key file loaded"); | |
| 642 | } | |
| 643 | randombytes_buf(env->hash_key, sizeof env->hash_key); | |
| 644 | env->provider_name = cfg->dnscrypt_provider; | |
| 645 | ||
| 646 | if(dnsc_load_local_data(env, cfg) <= 0) { | |
| 647 | fatal_exit("dnsc_apply_cfg: could not load local data"); | |
| 648 | } | |
| 649 | return 0; | |
| 650 | } |
| 0 | #ifndef UNBOUND_DNSCRYPT_H | |
| 1 | #define UNBOUND_DNSCRYPT_H | |
| 2 | ||
| 3 | /** | |
| 4 | * \file | |
| 5 | * dnscrypt functions for encrypting DNS packets. | |
| 6 | */ | |
| 7 | ||
| 8 | #include "dnscrypt/dnscrypt_config.h" | |
| 9 | #ifdef USE_DNSCRYPT | |
| 10 | ||
| 11 | #define DNSCRYPT_MAGIC_HEADER_LEN 8U | |
| 12 | #define DNSCRYPT_MAGIC_RESPONSE "r6fnvWj8" | |
| 13 | ||
| 14 | #ifndef DNSCRYPT_MAX_PADDING | |
| 15 | # define DNSCRYPT_MAX_PADDING 256U | |
| 16 | #endif | |
| 17 | #ifndef DNSCRYPT_BLOCK_SIZE | |
| 18 | # define DNSCRYPT_BLOCK_SIZE 64U | |
| 19 | #endif | |
| 20 | #ifndef DNSCRYPT_MIN_PAD_LEN | |
| 21 | # define DNSCRYPT_MIN_PAD_LEN 8U | |
| 22 | #endif | |
| 23 | ||
| 24 | #define crypto_box_HALF_NONCEBYTES (crypto_box_NONCEBYTES / 2U) | |
| 25 | ||
| 26 | #include "config.h" | |
| 27 | #include "dnscrypt/cert.h" | |
| 28 | ||
| 29 | #define DNSCRYPT_QUERY_HEADER_SIZE \ | |
| 30 | (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES + crypto_box_MACBYTES) | |
| 31 | #define DNSCRYPT_RESPONSE_HEADER_SIZE \ | |
| 32 | (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_NONCEBYTES + crypto_box_MACBYTES) | |
| 33 | ||
| 34 | #define DNSCRYPT_REPLY_HEADER_SIZE \ | |
| 35 | (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES * 2 + crypto_box_MACBYTES) | |
| 36 | ||
| 37 | struct sldns_buffer; | |
| 38 | struct config_file; | |
| 39 | struct comm_reply; | |
| 40 | ||
| 41 | typedef struct KeyPair_ { | |
| 42 | uint8_t crypt_publickey[crypto_box_PUBLICKEYBYTES]; | |
| 43 | uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES]; | |
| 44 | } KeyPair; | |
| 45 | ||
| 46 | typedef struct cert_ { | |
| 47 | uint8_t magic_query[DNSCRYPT_MAGIC_HEADER_LEN]; | |
| 48 | uint8_t es_version[2]; | |
| 49 | KeyPair *keypair; | |
| 50 | } dnsccert; | |
| 51 | ||
| 52 | struct dnsc_env { | |
| 53 | struct SignedCert *signed_certs; | |
| 54 | dnsccert *certs; | |
| 55 | size_t signed_certs_count; | |
| 56 | uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES]; | |
| 57 | uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES]; | |
| 58 | KeyPair *keypairs; | |
| 59 | size_t keypairs_count; | |
| 60 | uint64_t nonce_ts_last; | |
| 61 | unsigned char hash_key[crypto_shorthash_KEYBYTES]; | |
| 62 | char * provider_name; | |
| 63 | }; | |
| 64 | ||
| 65 | struct dnscrypt_query_header { | |
| 66 | uint8_t magic_query[DNSCRYPT_MAGIC_HEADER_LEN]; | |
| 67 | uint8_t publickey[crypto_box_PUBLICKEYBYTES]; | |
| 68 | uint8_t nonce[crypto_box_HALF_NONCEBYTES]; | |
| 69 | uint8_t mac[crypto_box_MACBYTES]; | |
| 70 | }; | |
| 71 | ||
| 72 | /** | |
| 73 | * Initialize DNSCrypt enviroment. | |
| 74 | * Initialize sodium library and allocate the dnsc_env structure. | |
| 75 | * \return an uninitialized struct dnsc_env. | |
| 76 | */ | |
| 77 | struct dnsc_env * dnsc_create(void); | |
| 78 | ||
| 79 | /** | |
| 80 | * Apply configuration. | |
| 81 | * Read certificates and secret keys from configuration. Initialize hashkey and | |
| 82 | * provider name as well as loading cert TXT records. | |
| 83 | * In case of issue applying configuration, this function fatals. | |
| 84 | * \param[in] env the struct dnsc_env to populate. | |
| 85 | * \param[in] cfg the config_file struct with dnscrypt options. | |
| 86 | * \return 0 on success. | |
| 87 | */ | |
| 88 | int dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg); | |
| 89 | ||
| 90 | /** | |
| 91 | * handle a crypted dnscrypt request. | |
| 92 | * Determine wether or not a query is coming over the dnscrypt listener and | |
| 93 | * attempt to uncurve it or detect if it is a certificate query. | |
| 94 | * return 0 in case of failure. | |
| 95 | */ | |
| 96 | int dnsc_handle_curved_request(struct dnsc_env* dnscenv, | |
| 97 | struct comm_reply* repinfo); | |
| 98 | /** | |
| 99 | * handle an unencrypted dnscrypt request. | |
| 100 | * Determine wether or not a query is going over the dnscrypt channel and | |
| 101 | * attempt to curve it unless it was not crypted like when it is a | |
| 102 | * certificate query. | |
| 103 | * \return 0 in case of failure. | |
| 104 | */ | |
| 105 | ||
| 106 | int dnsc_handle_uncurved_request(struct comm_reply *repinfo); | |
| 107 | #endif /* USE_DNSCRYPT */ | |
| 108 | #endif |
| 0 | # dnscrypt.m4 | |
| 1 | ||
| 2 | # dnsc_DNSCRYPT([action-if-true], [action-if-false]) | |
| 3 | # -------------------------------------------------------------------------- | |
| 4 | # Check for required dnscrypt libraries and add dnscrypt configure args. | |
| 5 | AC_DEFUN([dnsc_DNSCRYPT], | |
| 6 | [ | |
| 7 | AC_ARG_ENABLE([dnscrypt], | |
| 8 | AS_HELP_STRING([--enable-dnscrypt], | |
| 9 | [Enable dnscrypt support (requires libsodium)]), | |
| 10 | [opt_dnscrypt=$enableval], [opt_dnscrypt=no]) | |
| 11 | ||
| 12 | if test "x$opt_dnscrypt" != "xno"; then | |
| 13 | AC_ARG_WITH([libsodium], AC_HELP_STRING([--with-libsodium=path], | |
| 14 | [Path where libsodium is installed, for dnscrypt]), [ | |
| 15 | CFLAGS="$CFLAGS -I$withval/include" | |
| 16 | LDFLAGS="$LDFLAGS -L$withval/lib" | |
| 17 | ]) | |
| 18 | AC_SEARCH_LIBS([sodium_init], [sodium], [], | |
| 19 | AC_MSG_ERROR([The sodium library was not found. Please install sodium!])) | |
| 20 | AC_SEARCH_LIBS([crypto_box_curve25519xchacha20poly1305_beforenm], [sodium], | |
| 21 | [ | |
| 22 | AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [1]) | |
| 23 | AC_DEFINE( | |
| 24 | [USE_DNSCRYPT_XCHACHA20], [1], | |
| 25 | [Define to 1 to enable dnscrypt with xchacha20 support]) | |
| 26 | ], | |
| 27 | [ | |
| 28 | AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [0]) | |
| 29 | ]) | |
| 30 | $1 | |
| 31 | else | |
| 32 | AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [0]) | |
| 33 | $2 | |
| 34 | fi | |
| 35 | ]) |
| 0 | #ifndef UNBOUND_DNSCRYPT_CONFIG_H | |
| 1 | #define UNBOUND_DNSCRYPT_CONFIG_H | |
| 2 | ||
| 3 | /* | |
| 4 | * Process this file (dnscrypt_config.h.in) with AC_CONFIG_FILES to generate | |
| 5 | * dnscrypt_config.h. | |
| 6 | * | |
| 7 | * This file exists so that USE_DNSCRYPT can be used without including config.h. | |
| 8 | */ | |
| 9 | ||
| 10 | #if @ENABLE_DNSCRYPT@ /* ENABLE_DNSCRYPT */ | |
| 11 | # ifndef USE_DNSCRYPT | |
| 12 | # define USE_DNSCRYPT 1 | |
| 13 | # endif | |
| 14 | #endif | |
| 15 | ||
| 16 | #endif /* UNBOUND_DNSCRYPT_CONFIG_H */ |
| 120 | 120 | struct dt_env * |
| 121 | 121 | dt_create(const char *socket_path, unsigned num_workers) |
| 122 | 122 | { |
| 123 | #ifdef UNBOUND_DEBUG | |
| 123 | 124 | fstrm_res res; |
| 125 | #endif | |
| 124 | 126 | struct dt_env *env; |
| 125 | 127 | struct fstrm_iothr_options *fopt; |
| 126 | 128 | struct fstrm_unix_writer_options *fuwopt; |
| 137 | 139 | return NULL; |
| 138 | 140 | |
| 139 | 141 | fwopt = fstrm_writer_options_init(); |
| 140 | res = fstrm_writer_options_add_content_type(fwopt, | |
| 142 | #ifdef UNBOUND_DEBUG | |
| 143 | res = | |
| 144 | #else | |
| 145 | (void) | |
| 146 | #endif | |
| 147 | fstrm_writer_options_add_content_type(fwopt, | |
| 141 | 148 | DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1); |
| 142 | 149 | log_assert(res == fstrm_res_success); |
| 143 | 150 | |
Binary diff not shown
| 0 | 22 June 2017: Wouter | |
| 1 | - Tag 1.6.4rc2 | |
| 2 | ||
| 3 | 22 June 2017: Ralph | |
| 4 | - Added fastrpz patch to contrib | |
| 5 | ||
| 6 | 21 June 2017: Wouter | |
| 7 | - Fix #1316: heap read buffer overflow in parse_edns_options. | |
| 8 | ||
| 9 | 20 June 2017: Wouter | |
| 10 | - Fix warning in pythonmod under clang compiler. | |
| 11 | - Tag 1.6.4rc1 | |
| 12 | - Fix lintian typo. | |
| 13 | ||
| 14 | 16 June 2017: Ralph | |
| 15 | - Fix #1277: disable domain ratelimit by setting value to 0. | |
| 16 | ||
| 17 | 16 June 2017: Wouter | |
| 18 | - Fix #1301: memory leak in respip and tests. | |
| 19 | - Free callback in edns-subnetmod on exit and restart. | |
| 20 | - Fix memory leak in sldns_buffer_new_frm_data. | |
| 21 | - Fix memory leak in dnscrypt config read. | |
| 22 | - Fix dnscrypt chacha cert support ifdefs. | |
| 23 | - Fix dnscrypt chacha cert unit test escapes in grep. | |
| 24 | - Remove asynclook tests that cause test and purifier problems. | |
| 25 | - Fix to unlock view in view test. | |
| 26 | ||
| 27 | 15 June 2017: Wouter | |
| 28 | - Fix stub zone queries leaking to the internet for | |
| 29 | harden-referral-path ns checks. | |
| 30 | - Fix query for refetch_glue of stub leaking to internet. | |
| 31 | ||
| 32 | 13 June 2017: Wouter | |
| 33 | - Fix #1279: Memory leak on reload when python module is enabled. | |
| 34 | - Fix #1280: Unbound fails assert when response from authoritative | |
| 35 | contains malformed qname. When 0x20 caps-for-id is enabled, when | |
| 36 | assertions are not enabled the malformed qname is handled correctly. | |
| 37 | - 1.6.3 tag created, with only #1280 fix, trunk is 1.6.4 development. | |
| 38 | - More fixes in depth for buffer checks in 0x20 qname checks. | |
| 39 | ||
| 40 | 12 June 2017: Wouter | |
| 41 | - Fix #1278: Incomplete wildcard proof. | |
| 42 | ||
| 43 | 8 June 2017: Ralph | |
| 44 | - Added domain name based ECS whitelist. | |
| 45 | ||
| 46 | 8 June 2017: Wouter | |
| 47 | - Detect chacha for dnscrypt at configure time. | |
| 48 | - dnscrypt unit tests with chacha. | |
| 49 | ||
| 50 | 7 June 2017: Wouter | |
| 51 | - Fix that unbound-control can set val_clean_additional and val_permissive_mode. | |
| 52 | - Add dnscrypt XChaCha20 tests. | |
| 53 | ||
| 54 | 6 June 2017: Wouter | |
| 55 | - Add an explicit type cast for TCP FASTOPEN fix. | |
| 56 | - renumbering B-Root's IPv6 address to 2001:500:200::b. | |
| 57 | - Fix #1275: cached data in cachedb is never used. | |
| 58 | - Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher. | |
| 59 | ||
| 60 | 1 June 2017: Ralph | |
| 61 | - Fix #1274: automatically trim chroot path from dnscrypt key/cert paths | |
| 62 | (from Manu Bretelle). | |
| 63 | ||
| 64 | 1 June 2017: Wouter | |
| 65 | - Fix fastopen EPIPE fallthrough to perform connect. | |
| 66 | ||
| 67 | 31 May 2017: Ralph | |
| 68 | - Also use global local-zones when there is a matching view that does | |
| 69 | not have any local-zone specified. | |
| 70 | ||
| 71 | 31 May 2017: Wouter | |
| 72 | - Fix #1273: cachedb.c doesn't compile with -Wextra. | |
| 73 | - If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write. | |
| 74 | ||
| 75 | 30 May 2017: Ralph | |
| 76 | - Fix #1269: inconsistent use of built-in local zones with views. | |
| 77 | - Add defaults for new local-zone trees added to views using | |
| 78 | unbound-control. | |
| 79 | ||
| 80 | 30 May 2017: Wouter | |
| 81 | - Support for openssl EVP_DigestVerify. | |
| 82 | - Support for the ED25519 algorithm with openssl (from openssl 1.1.1). | |
| 83 | ||
| 84 | 29 May 2017: Wouter | |
| 85 | - Fix assertion for low buffer size and big edns payload when worker | |
| 86 | overrides udpsize. | |
| 87 | ||
| 88 | 26 May 2017: Ralph | |
| 89 | - Added redirect-bogus.patch to contrib directory. | |
| 90 | ||
| 91 | 26 May 2017: Wouter | |
| 92 | - Fix #1270: unitauth.c doesn't compile with higher warning level | |
| 93 | and optimization | |
| 94 | - exec_prefix is by default equal to prefix. | |
| 95 | - printout localzone for duplicate local-zone warnings. | |
| 96 | ||
| 97 | 24 May 2017: Wouter | |
| 98 | - authzone cname chain, no rrset duplicates, wildcard doesn't change | |
| 99 | rrsets added for cname chain. | |
| 100 | ||
| 101 | 23 May 2017: Wouter | |
| 102 | - first services/authzone check in, it compiles and reads and writes | |
| 103 | zonefiles. | |
| 104 | - iana portlist update | |
| 105 | ||
| 106 | 22 May 2017: Wouter | |
| 107 | - Fix #1268: SIGSEGV after log_reopen. | |
| 108 | ||
| 109 | 18 May 2017: Wouter | |
| 110 | - Fix #1265 to use /bin/kill. | |
| 111 | - Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs, | |
| 112 | and compatibility with BoringSSL. | |
| 113 | ||
| 114 | 17 May 2017: Wouter | |
| 115 | - Fix #1265: contrib/unbound.service contains hardcoded path. | |
| 116 | ||
| 117 | 17 May 2017: George | |
| 118 | - Use qstate's region for IPSECKEY rrset (ipsecmod). | |
| 119 | ||
| 120 | 16 May 2017: George | |
| 121 | - Implemented opportunistic IPsec support module (ipsecmod). | |
| 122 | - Some whitespace fixup. | |
| 123 | ||
| 124 | 16 May 2017: Wouter | |
| 125 | - updated dependencies in the makefile. | |
| 126 | - document trust-anchor-signaling in example config file. | |
| 127 | - updated configure, dependencies and flex output. | |
| 128 | - better module memory lookup, fix of unbound-control shm names for | |
| 129 | module memory printout of statistics. | |
| 130 | - Fix type AVC sldns rrdef. | |
| 131 | ||
| 132 | 12 May 2017: Wouter | |
| 133 | - Adjust servfail by iterator to not store in cache when serve-expired | |
| 134 | is enabled, to avoid overwriting useful information there. | |
| 135 | - Fix queries for nameservers under a stub leaking to the internet. | |
| 136 | ||
| 137 | 9 May 2017: Ralph | |
| 138 | - Add 'c' to getopt() in testbound. | |
| 139 | - iana portlist update | |
| 140 | ||
| 141 | 8 May 2017: Wouter | |
| 142 | - Fix tcp-mss failure printout text. | |
| 143 | - Set SO_REUSEADDR on outgoing tcp connections to fix the bind before | |
| 144 | connect limited tcp connections. With the option tcp connections | |
| 145 | can share the same source port (for different destinations). | |
| 146 | ||
| 147 | 2 May 2017: Ralph | |
| 148 | - Added mesh_add_sub to add detached mesh entries. | |
| 149 | - Use mesh_add_sub for key tag signaling query. | |
| 150 | ||
| 151 | 2 May 2017: Wouter | |
| 152 | - Added test for leak of stub information. | |
| 153 | - Fix sldns wire2str printout of RR type CAA tags. | |
| 154 | - Fix sldns int16_data parse. | |
| 155 | - Fix sldns parse and printout of TSIG RRs. | |
| 156 | - sldns SMIMEA and AVC definitions, same as getdns definitions. | |
| 157 | ||
| 158 | 1 May 2017: Wouter | |
| 159 | - Fix #1259: "--disable-ecdsa" argument overwritten | |
| 160 | by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c". | |
| 161 | - iana portlist update | |
| 162 | - Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start. | |
| 163 | and fix that 64bit getting installed in C:\Program Files (x86). | |
| 164 | ||
| 165 | 26 April 2017: Ralph | |
| 166 | - Implemented trust anchor signaling using key tag query. | |
| 167 | ||
| 168 | 26 April 2017: Wouter | |
| 169 | - Based on #1257: check parse limit before t increment in sldns RR | |
| 170 | string parse routine. | |
| 171 | ||
| 172 | 24 April 2017: Wouter | |
| 173 | - unbound-checkconf -o allows query of dnstap config variables. | |
| 174 | Also unbound-control get_option. Also for dnscrypt. | |
| 175 | - trunk contains 1.6.3 version number (changes from 1.6.2 back from | |
| 176 | when the 1.6.2rc1 tag has been created). | |
| 177 | ||
| 178 | 21 April 2017: Ralph | |
| 179 | - Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle). | |
| 180 | - iana portlist update | |
| 181 | ||
| 182 | 18 April 2017: Ralph | |
| 183 | - Fix #1252: more indentation inconsistencies. | |
| 184 | - Fix #1253: unused variable in edns-subnet/addrtree.c:getbit(). | |
| 185 | ||
| 186 | 13 April 2017: Ralph | |
| 187 | - Added ECS unit test (from Manu Bretelle). | |
| 188 | - ECS documentation fix (from Manu Bretelle). | |
| 189 | ||
| 190 | 13 April 2017: Wouter | |
| 191 | - Fix #1250: inconsistent indentation in services/listen_dnsport.c. | |
| 192 | - tag for 1.6.2rc1 | |
| 193 | - (for 1.6.3:) unbound.h exports the shm stats structures. They use | |
| 194 | type long long and no ifdefs, and ub_ before the typenames. | |
| 195 | ||
| 196 | 12 April 2017: Wouter | |
| 197 | - subnet mem value is available in shm, also when not enabled, | |
| 198 | to make the struct easier to memmap by other applications, | |
| 199 | independent of the configuration of unbound. | |
| 200 | ||
| 201 | 12 April 2017: Ralph | |
| 202 | - Fix #1247: unbound does not shorten source prefix length when | |
| 203 | forwarding ECS. | |
| 204 | - Properly check for allocation failure in local_data_find_tag_datas. | |
| 205 | - Fix #1249: unbound doesn't return FORMERR to bogus ECS. | |
| 206 | - Set SHM ECS memory usage to 0 when module not loaded. | |
| 207 | ||
| 208 | 11 April 2017: Ralph | |
| 209 | - Display ECS module memory usage. | |
| 210 | ||
| 211 | 10 April 2017: Wouter | |
| 212 | - harden-algo-downgrade: no also makes unbound more lenient about | |
| 213 | digest algorithms in DS records. | |
| 214 | ||
| 215 | 10 April 2017: Ralph | |
| 216 | - Remove ECS option after REFUSED answer. | |
| 217 | - Fix small memory leak in edns_opt_copy_alloc. | |
| 218 | - Respip dereference after NULL check. | |
| 219 | - Zero initialize addrtree allocation. | |
| 220 | - Use correct identifier for SHM destroy. | |
| 221 | ||
| 222 | 7 April 2017: George | |
| 223 | - Fix pythonmod for cb changes. | |
| 224 | - Some whitespace fixup. | |
| 225 | ||
| 226 | 7 April 2017: Ralph | |
| 227 | - Unlock view in respip unit test | |
| 228 | ||
| 229 | 6 April 2017: Ralph | |
| 230 | - Generalise inplace callback (de)registration | |
| 231 | - (de)register inplace callbacks for module id | |
| 232 | - No unbound-control set_option for ECS options | |
| 233 | - Deprecated client-subnet-opcode config option | |
| 234 | - Introduced client-subnet-always-forward config option | |
| 235 | - Changed max-client-subnet-ipv6 default to 56 (as in RFC) | |
| 236 | - Removed extern ECS config options | |
| 237 | - module_restart_next now calls clear on all following modules | |
| 238 | - Also create ECS module qstate on module_event_pass event | |
| 239 | - remove malloc from inplace_cb_register | |
| 240 | ||
| 241 | 6 April 2017: Wouter | |
| 242 | - Small fixup for documentation. | |
| 243 | - iana portlist update | |
| 244 | - Fix respip for braces when locks arent used. | |
| 245 | - Fix pythonmod for cb changes. | |
| 246 | ||
| 247 | 4 April 2017: Wouter | |
| 248 | - Fix #1244: document that use of chroot requires trust anchor file to | |
| 249 | be under chroot. | |
| 250 | - iana portlist update | |
| 251 | ||
| 252 | 3 April 2017: Ralph | |
| 253 | - Do not add current time twice to TTL before ECS cache store. | |
| 254 | - Do not touch rrset cache after ECS cache message generation. | |
| 255 | - Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode. | |
| 256 | ||
| 257 | 3 April 2017: Wouter | |
| 258 | - Fix #1217: Add metrics to unbound-control interface showing | |
| 259 | crypted, cert request, plaintext and malformed queries (from | |
| 260 | Manu Bretelle). | |
| 261 | - iana portlist update | |
| 262 | ||
| 263 | 27 March 2017: Wouter | |
| 264 | - Remove (now unused) event2 include from dnscrypt code. | |
| 265 | ||
| 266 | 24 March 2017: George | |
| 267 | - Fix to prevent non-referal query from being cached as referal when the | |
| 268 | no_cache_store flag was set. | |
| 269 | ||
| 270 | 23 March 2017: Wouter | |
| 271 | - Fix #1239: configure fails to find python distutils if python | |
| 272 | prints warning. | |
| 273 | ||
| 274 | 22 March 2017: Wouter | |
| 275 | - Fix #1238: segmentation fault when adding through the remote | |
| 276 | interface a per-view local zone to a view with no previous | |
| 277 | (configured) local zones. | |
| 278 | - Fix #1229: Systemd service sandboxing, options in wrong sections. | |
| 279 | ||
| 280 | 21 March 2017: Ralph | |
| 281 | - Merge EDNS Client subnet implementation from feature branch into main | |
| 282 | branch, using new EDNS processing framework. | |
| 283 | ||
| 284 | 21 March 2017: Wouter | |
| 285 | - Fix doxygen for dnscrypt files. | |
| 286 | ||
| 287 | 20 March 2017: Wouter | |
| 288 | - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then | |
| 289 | enabled in the config file from Manu Bretelle. | |
| 290 | - make depend, autoconf, remove warnings about statement before var. | |
| 291 | - lru_demote and lruhash_insert_or_retrieve functions for getdns. | |
| 292 | - fixup for lruhash (whitespace and header file comment). | |
| 293 | - dnscrypt tests. | |
| 294 | ||
| 295 | 17 March 2017: Wouter | |
| 296 | - Patch for view functionality for local-data-ptr from Björn Ketelaars. | |
| 297 | - Fix #1237 - Wrong resolving in chain, for norec queries that get | |
| 298 | SERVFAIL returned. | |
| 299 | ||
| 300 | 16 March 2017: Wouter | |
| 301 | - Fix that SHM is not inited if not enabled. | |
| 302 | - Add trustanchor.unbound CH TXT that gets a response with a number | |
| 303 | of TXT RRs with a string like "example.com. 2345 1234" with | |
| 304 | the trust anchors and their keytags. | |
| 305 | - Fix that looped DNAMEs do not cause unbound to spend effort. | |
| 306 | - trustanchor tags are sorted. reusable routine to fetch taglist. | |
| 307 | ||
| 308 | 13 March 2017: Wouter | |
| 309 | - testbound understands Deckard MATCH rcode question answer commands. | |
| 310 | - Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead | |
| 311 | of YXDOMAIN + query loop, reported by Petr Spacek. | |
| 312 | ||
| 313 | 10 March 2017: Wouter | |
| 314 | - Fix #1234: shortening DNAME loop produces duplicate DNAME records | |
| 315 | in ANSWER section. | |
| 316 | ||
| 317 | 9 March 2017: Wouter | |
| 318 | - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and | |
| 319 | DS records. NSEC3 is not disabled. | |
| 320 | - fake-sha1 test option; print warning if used. To make unit tests. | |
| 321 | - unbound-control list local zone and data commands listed in the | |
| 322 | help output. | |
| 323 | ||
| 324 | 8 March 2017: Wouter | |
| 325 | - make depend for build dependencies. | |
| 326 | - swig version 2.0.1 required. | |
| 327 | - fix enum conversion warnings | |
| 328 | ||
| 329 | 7 March 2017: Wouter | |
| 330 | - Fix #1230: swig version 2.0.0 is required for pythonmod, with | |
| 331 | 1.3.40 it crashes when running repeatly unbound-control reload. | |
| 332 | - Response actions based on IP address from Jinmei Tatuya (Infoblox). | |
| 333 | ||
| 334 | 6 March 2017: Wouter | |
| 335 | - Fix #1229: Systemd service sandboxing in contrib/unbound.service. | |
| 336 | - iana portlist update | |
| 337 | ||
| 338 | 28 February 2017: Ralph | |
| 339 | - Fix testpkts.c, check if DO bit is set, not only if there is an OPT | |
| 340 | record. | |
| 341 | ||
| 342 | 28 February 2017: Wouter | |
| 343 | - For #1227: if we have sha256, set the cipher list to have no | |
| 344 | known vulns. | |
| 345 | ||
| 346 | 27 February 2017: Wouter | |
| 347 | - Fix #1227: Fix that Unbound control allows weak ciphersuits. | |
| 348 | - Fix #1226: provide official 32bit binary for windows. | |
| 349 | ||
| 350 | 24 February 2017: Wouter | |
| 351 | - include sys/time.h for new shm code on NetBSD. | |
| 352 | ||
| 353 | 23 February 2017: Wouter | |
| 354 | - Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to | |
| 355 | redirect. | |
| 356 | - Patch from Luiz Fernando Softov for Stats Shared Memory. | |
| 357 | - unbound-control stats_shm command prints stats using shared memory, | |
| 358 | which uses less cpu. | |
| 359 | - make depend, autoconf, doxygen and lint fixed up. | |
| 360 | ||
| 361 | 22 February 2017: Wouter | |
| 362 | - Fix #1224: Fix that defaults should not fall back to "Program Files | |
| 363 | (x86) if Unbound is 64bit by default on windows. | |
| 364 | ||
| 365 | 21 February 2017: Wouter | |
| 366 | - iana portlist update | |
| 367 | ||
| 368 | 16 February 2017: Wouter | |
| 369 | - sldns updated for vfixed and buffer resize indication from getdns. | |
| 370 | ||
| 371 | 15 February 2017: Wouter | |
| 372 | - sldns has ED25519 and ED448 algorithm number and name for display. | |
| 373 | ||
| 374 | 14 February 2017: Wouter | |
| 375 | - tag 1.6.1rc3. -- which became 1.6.1 on 21feb, trunk has 1.6.2 | |
| 376 | ||
| 377 | 13 February 2017: Wouter | |
| 378 | - Fix autoconf of systemd check for lack of pkg-config. | |
| 379 | ||
| 380 | 10 February 2017: Wouter | |
| 381 | - Fix pythonmod for typedef changes. | |
| 382 | - Fix dnstap for warning of set but not used. | |
| 383 | - tag 1.6.1rc2. | |
| 384 | ||
| 385 | 9 February 2017: Wouter | |
| 386 | - tag 1.6.1rc1. | |
| 387 | ||
| 388 | 8 February 2017: Wouter | |
| 389 | - Fix for type name change and fix warning on windows compile. | |
| 390 | ||
| 391 | 7 February 2017: Wouter | |
| 392 | - Include root trust anchor id 20326 in unbound-anchor. | |
| 393 | ||
| 394 | 6 February 2017: Wouter | |
| 395 | - Fix compile on solaris of the fix to use $host detect. | |
| 396 | ||
| 397 | 4 February 2017: Wouter | |
| 398 | - fix root_anchor test for updated icannbundle.pem lower certificates. | |
| 399 | ||
| 400 | 26 January 2017: Wouter | |
| 401 | - Fix 1211: Fix can't enable interface-automatic if no IPv6 with | |
| 402 | more helpful error message. | |
| 403 | ||
| 404 | 20 January 2017: Wouter | |
| 405 | - Increase MAX_MODULE to 16. | |
| 406 | ||
| 407 | 19 January 2017: Wouter | |
| 408 | - Fix to Rename ub_callback_t to ub_callback_type, because POSIX | |
| 409 | reserves _t typedefs. | |
| 410 | - Fix to rename internally used types from _t to _type, because _t | |
| 411 | type names are reserved by POSIX. | |
| 412 | - iana portlist update | |
| 413 | ||
| 414 | 12 January 2017: Wouter | |
| 415 | - Fix to also block meta types 128 through to 248 with formerr. | |
| 416 | - Fix #1206: Some view-related commands are missing from 'unbound-control -h' | |
| 417 | ||
| 418 | 9 January 2017: Wouter | |
| 419 | - Fix #1202: Fix code comment that packed_rrset_data is not always | |
| 420 | 'packed'. | |
| 421 | ||
| 422 | 6 January 2017: Wouter | |
| 423 | - Fix #1201: Fix missing unlock in answer_from_cache error condition. | |
| 424 | ||
| 425 | 5 January 2017: Wouter | |
| 426 | - Fix to return formerr for queries for meta-types, to avoid | |
| 427 | packet amplification if this meta-type is sent on to upstream. | |
| 428 | - Fix #1184: Log DNS replies. This includes the same logging | |
| 429 | information that DNS queries and response code and response size, | |
| 430 | patch from Larissa Feng. | |
| 431 | - Fix #1187: Source IP rate limiting, patch from Larissa Feng. | |
| 432 | ||
| 433 | 3 January 2017: Wouter | |
| 434 | - configure --enable-systemd and lets unbound use systemd sockets if | |
| 435 | you enable use-systemd: yes in unbound.conf. | |
| 436 | Also there are contrib/unbound.socket and contrib/unbound.service: | |
| 437 | systemd files for unbound, install them in /usr/lib/systemd/system. | |
| 438 | Contributed by Sami Kerola and Pavel Odintsov. | |
| 439 | - Fix reload chdir failure when also chrooted to that directory. | |
| 440 | ||
| 441 | 2 January 2017: Wouter | |
| 442 | - Fix #1194: Cross build fails when $host isn't `uname` for getentropy. | |
| 443 | ||
| 444 | 23 December 2016: Ralph | |
| 445 | - Fix #1190: Do not echo back EDNS options in local-zone error response. | |
| 446 | - iana portlist update | |
| 447 | ||
| 448 | 21 December 2016: Ralph | |
| 449 | - Fix #1188: Unresolved symbol 'fake_dsa' in libunbound.so when built | |
| 450 | with Nettle | |
| 451 | ||
| 452 | 19 December 2016: Ralph | |
| 453 | - Fix #1191: remove comment about view deletion. | |
| 454 | ||
| 455 | 15 December 2016: Wouter | |
| 456 | - iana portlist update | |
| 457 | - 64bit is default for windows builds. | |
| 458 | - Fix inet_ntop and inet_pton warnings in windows compile. | |
| 459 | ||
| 460 | 14 December 2016: Wouter | |
| 461 | - Fix #1178: attempt to fix setup error at end, pop result values | |
| 462 | at end of install. | |
| 463 | ||
| 464 | 13 December 2016: Wouter | |
| 465 | - Fix #1182: Fix Resource leak (socket), at startup. | |
| 466 | - Fix unbound-control and ipv6 only. | |
| 467 | ||
| 468 | 9 December 2016: Wouter | |
| 469 | - Fix #1176: stack size too small for Alpine Linux. | |
| 470 | ||
| 0 | 471 | 8 December 2016: Wouter |
| 1 | 472 | - Fix downcast warnings from visual studio in sldns code. |
| 473 | - tag 1.6.0rc1 which became 1.6.0 on 15 dec, and trunk is 1.6.1. | |
| 2 | 474 | |
| 3 | 475 | 7 December 2016: Ralph |
| 4 | 476 | - Add DSA support for OpenSSL 1.1.0 |
Binary diff not shown
| 0 | README for Unbound 1.6.0 | |
| 0 | README for Unbound 1.6.4 | |
| 1 | 1 | Copyright 2007 NLnet Labs |
| 2 | 2 | http://unbound.net |
| 3 | 3 |
| 0 | 0 | # |
| 1 | 1 | # Example configuration file. |
| 2 | 2 | # |
| 3 | # See unbound.conf(5) man page, version 1.6.0. | |
| 3 | # See unbound.conf(5) man page, version 1.6.4. | |
| 4 | 4 | # |
| 5 | 5 | # this is a comment. |
| 6 | 6 | |
| 17 | 17 | # print statistics to the log (for every thread) every N seconds. |
| 18 | 18 | # Set to "" or 0 to disable. Default is disabled. |
| 19 | 19 | # statistics-interval: 0 |
| 20 | ||
| 21 | # enable shm for stats, default no. if you enable also enable | |
| 22 | # statistics-interval, every time it also writes stats to the | |
| 23 | # shared memory segment keyed with shm-key. | |
| 24 | # shm-enable: no | |
| 25 | ||
| 26 | # shm for stats uses this key, and key+1 for the shared mem segment. | |
| 27 | # shm-key: 11777 | |
| 20 | 28 | |
| 21 | 29 | # enable cumulative statistics, without clearing them after printing. |
| 22 | 30 | # statistics-cumulative: no |
| 199 | 207 | # Default is 0, system default MSS. |
| 200 | 208 | # outgoing-tcp-mss: 0 |
| 201 | 209 | |
| 210 | # Use systemd socket activation for UDP, TCP, and control sockets. | |
| 211 | # use-systemd: no | |
| 212 | ||
| 202 | 213 | # Detach from the terminal, run in background, "yes" or "no". |
| 214 | # Set the value to "no" when unbound runs as systemd service. | |
| 203 | 215 | # do-daemonize: yes |
| 204 | 216 | |
| 205 | 217 | # control which clients are allowed to make (recursive) queries |
| 287 | 299 | # print one line with time, IP, name, type, class for every query. |
| 288 | 300 | # log-queries: no |
| 289 | 301 | |
| 302 | # print one line per reply, with time, IP, name, type, class, rcode, | |
| 303 | # timetoresolve, fromcache and responsesize. | |
| 304 | # log-replies: no | |
| 305 | ||
| 290 | 306 | # the pid file. Can be an absolute path outside of chroot/work dir. |
| 291 | 307 | # pidfile: "@UNBOUND_PIDFILE@" |
| 292 | 308 | |
| 299 | 315 | |
| 300 | 316 | # enable to not answer version.server and version.bind queries. |
| 301 | 317 | # hide-version: no |
| 318 | ||
| 319 | # enable to not answer trustanchor.unbound queries. | |
| 320 | # hide-trustanchor: no | |
| 302 | 321 | |
| 303 | 322 | # the identity to report. Leave "" or default to return hostname. |
| 304 | 323 | # identity: "" |
| 427 | 446 | # Please note usage of unbound-anchor root anchor is at your own risk |
| 428 | 447 | # and under the terms of our LICENSE (see that file in the source). |
| 429 | 448 | # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" |
| 449 | ||
| 450 | # trust anchor signaling sends a RFC8145 key tag query after priming. | |
| 451 | # trust-anchor-signaling: no | |
| 430 | 452 | |
| 431 | 453 | # File with DLV trusted keys. Same format as trust-anchor-file. |
| 432 | 454 | # There can be only one DLV configured, it is trusted from root down. |
| 665 | 687 | # can give this multiple times, the name closest to the zone is used. |
| 666 | 688 | # ratelimit-below-domain: com 1000 |
| 667 | 689 | |
| 690 | # global query ratelimit for all ip addresses. | |
| 691 | # feature is experimental. | |
| 692 | # if 0(default) it is disabled, otherwise states qps allowed per ip address | |
| 693 | # ip-ratelimit: 0 | |
| 694 | ||
| 695 | # ip ratelimits are tracked in a cache, size in bytes of cache (or k,m). | |
| 696 | # ip-ratelimit-size: 4m | |
| 697 | # ip ratelimit cache slabs, reduces lock contention if equal to cpucount. | |
| 698 | # ip-ratelimit-slabs: 4 | |
| 699 | ||
| 700 | # 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through | |
| 701 | # ip-ratelimit-factor: 10 | |
| 702 | ||
| 703 | # Specific options for ipsecmod. unbound needs to be configured with | |
| 704 | # --enable-ipsecmod for these to take effect. | |
| 705 | # | |
| 706 | # Enable or disable ipsecmod (it still needs to be defined in | |
| 707 | # module-config above). Can be used when ipsecmod needs to be | |
| 708 | # enabled/disabled via remote-control(below). | |
| 709 | # ipsecmod-enabled: yes | |
| 710 | # | |
| 711 | # Path to executable external hook. It must be defined when ipsecmod is | |
| 712 | # listed in module-config (above). | |
| 713 | # ipsecmod-hook: "./my_executable" | |
| 714 | # | |
| 715 | # When enabled unbound will reply with SERVFAIL if the return value of | |
| 716 | # the ipsecmod-hook is not 0. | |
| 717 | # ipsecmod-strict: no | |
| 718 | # | |
| 719 | # Maximum time to live (TTL) for cached A/AAAA records with IPSECKEY. | |
| 720 | # ipsecmod-max-ttl: 3600 | |
| 721 | # | |
| 722 | # Reply with A/AAAA even if the relevant IPSECKEY is bogus. Mainly used for | |
| 723 | # testing. | |
| 724 | # ipsecmod-ignore-bogus: no | |
| 725 | # | |
| 726 | # Domains for which ipsecmod will be triggered. If not defined (default) | |
| 727 | # all domains are treated as being whitelisted. | |
| 728 | # ipsecmod-whitelist: "example.com" | |
| 729 | # ipsecmod-whitelist: "nlnetlabs.nl" | |
| 730 | ||
| 731 | ||
| 668 | 732 | # Python config section. To enable: |
| 669 | 733 | # o use --with-pythonmodule to configure before compiling. |
| 670 | 734 | # o list python in the module-config string (above) to enable. |
| 748 | 812 | # name: "viewname" |
| 749 | 813 | # local-zone: "example.com" redirect |
| 750 | 814 | # local-data: "example.com A 192.0.2.3" |
| 815 | # local-data-ptr: "192.0.2.3 www.example.com" | |
| 751 | 816 | # view-first: no |
| 752 | 817 | # view: |
| 753 | 818 | # name: "anotherview" |
| 754 | 819 | # local-zone: "example.com" refuse |
| 820 | ||
| 821 | # DNSCrypt | |
| 822 | # Caveats: | |
| 823 | # 1. the keys/certs cannot be produced by unbound. You can use dnscrypt-wrapper | |
| 824 | # for this: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage | |
| 825 | # 2. dnscrypt channel attaches to an interface. you MUST set interfaces to | |
| 826 | # listen on `dnscrypt-port` with the follo0wing snippet: | |
| 827 | # server: | |
| 828 | # interface: 0.0.0.0@443 | |
| 829 | # interface: ::0@443 | |
| 830 | # | |
| 831 | # Finally, `dnscrypt` config has its own section. | |
| 832 | # dnscrypt: | |
| 833 | # dnscrypt-enable: yes | |
| 834 | # dnscrypt-port: 443 | |
| 835 | # dnscrypt-provider: 2.dnscrypt-cert.example.com. | |
| 836 | # dnscrypt-secret-key: /path/unbound-conf/keys1/1.key | |
| 837 | # dnscrypt-secret-key: /path/unbound-conf/keys2/1.key | |
| 838 | # dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert | |
| 839 | # dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert | |
| 0 | .TH "libunbound" "3" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" | |
| 0 | .TH "libunbound" "3" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4" | |
| 1 | 1 | .\" |
| 2 | 2 | .\" libunbound.3 -- unbound library functions manual |
| 3 | 3 | .\" |
| 11 | 11 | .B unbound.h, |
| 12 | 12 | .B ub_ctx, |
| 13 | 13 | .B ub_result, |
| 14 | .B ub_callback_t, | |
| 14 | .B ub_callback_type, | |
| 15 | 15 | .B ub_ctx_create, |
| 16 | 16 | .B ub_ctx_delete, |
| 17 | 17 | .B ub_ctx_set_option, |
| 42 | 42 | .B ub_ctx_zone_remove, |
| 43 | 43 | .B ub_ctx_data_add, |
| 44 | 44 | .B ub_ctx_data_remove |
| 45 | \- Unbound DNS validating resolver 1.6.0 functions. | |
| 45 | \- Unbound DNS validating resolver 1.6.4 functions. | |
| 46 | 46 | .SH "SYNOPSIS" |
| 47 | 47 | .B #include <unbound.h> |
| 48 | 48 | .LP |
| 119 | 119 | .br |
| 120 | 120 | \fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata, |
| 121 | 121 | .br |
| 122 | \fIub_callback_t\fR callback, \fIint*\fR async_id); | |
| 122 | \fIub_callback_type\fR callback, \fIint*\fR async_id); | |
| 123 | 123 | .LP |
| 124 | 124 | \fIint\fR |
| 125 | 125 | \fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id); |
| 0 | .TH "unbound-anchor" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" | |
| 0 | .TH "unbound-anchor" "8" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4" | |
| 1 | 1 | .\" |
| 2 | 2 | .\" unbound-anchor.8 -- unbound anchor maintenance utility manual |
| 3 | 3 | .\" |
| 0 | .TH "unbound-checkconf" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" | |
| 0 | .TH "unbound-checkconf" "8" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4" | |
| 1 | 1 | .\" |
| 2 | 2 | .\" unbound-checkconf.8 -- unbound configuration checker manual |
| 3 | 3 | .\" |
| 0 | .TH "unbound-control" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" | |
| 0 | .TH "unbound-control" "8" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4" | |
| 1 | 1 | .\" |
| 2 | 2 | .\" unbound-control.8 -- unbound remote control manual |
| 3 | 3 | .\" |
| 193 | 193 | hide\-identity, hide\-version, identity, version, val\-log\-level, |
| 194 | 194 | val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown, |
| 195 | 195 | keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit, |
| 196 | cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl. | |
| 196 | ip\-ratelimit, cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl. | |
| 197 | 197 | .TP |
| 198 | 198 | .B get_option \fIopt |
| 199 | 199 | Get the value of the option. Give the option name without a trailing ':'. |
| 279 | 279 | domains return an error for uncached (new) queries, but cached queries work |
| 280 | 280 | as normal. |
| 281 | 281 | .TP |
| 282 | .B ip_ratelimit_list \fR[\fI+a\fR] | |
| 283 | List the ip addresses that are ratelimited. Printed one per line with current | |
| 284 | estimated qps and qps limit from config. With +a it prints all ips, not | |
| 285 | just the ratelimited ips, with their estimated qps. The ratelimited | |
| 286 | ips are dropped before checking the cache. | |
| 287 | .TP | |
| 282 | 288 | .B view_list_local_zones \fIview\fR |
| 283 | 289 | \fIlist_local_zones\fR for given view. |
| 284 | 290 | .TP |
| 287 | 293 | .TP |
| 288 | 294 | .B view_local_zone_remove \fIview\fR \fIname |
| 289 | 295 | \fIlocal_zone_remove\fR for given view. |
| 296 | .TP | |
| 297 | .B view_list_local_data \fIview\fR | |
| 298 | \fIlist_local_data\fR for given view. | |
| 290 | 299 | .TP |
| 291 | 300 | .B view_local_data \fIview\fR \fIRR data... |
| 292 | 301 | \fIlocal_data\fR for given view. |
| 318 | 327 | .I threadX.num.queries |
| 319 | 328 | number of queries received by thread |
| 320 | 329 | .TP |
| 330 | .I threadX.num.queries_ip_ratelimited | |
| 331 | number of queries rate limited by thread | |
| 332 | .TP | |
| 321 | 333 | .I threadX.num.cachehits |
| 322 | 334 | number of queries that were successfully answered using a cache lookup |
| 323 | 335 | .TP |
| 0 | .TH "unbound\-host" "1" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" | |
| 0 | .TH "unbound\-host" "1" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4" | |
| 1 | 1 | .\" |
| 2 | 2 | .\" unbound-host.1 -- unbound DNS lookup utility |
| 3 | 3 | .\" |
| 0 | .TH "unbound" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" | |
| 0 | .TH "unbound" "8" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4" | |
| 1 | 1 | .\" |
| 2 | 2 | .\" unbound.8 -- unbound manual |
| 3 | 3 | .\" |
| 8 | 8 | .\" |
| 9 | 9 | .SH "NAME" |
| 10 | 10 | .B unbound |
| 11 | \- Unbound DNS validating resolver 1.6.0. | |
| 11 | \- Unbound DNS validating resolver 1.6.4. | |
| 12 | 12 | .SH "SYNOPSIS" |
| 13 | 13 | .B unbound |
| 14 | 14 | .RB [ \-h ] |
| 0 | .TH "unbound.conf" "5" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" | |
| 0 | .TH "unbound.conf" "5" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4" | |
| 1 | 1 | .\" |
| 2 | 2 | .\" unbound.conf.5 -- unbound.conf manual |
| 3 | 3 | .\" |
| 15 | 15 | .B unbound.conf |
| 16 | 16 | is used to configure |
| 17 | 17 | \fIunbound\fR(8). |
| 18 | The file format has attributes and values. Some attributes have attributes inside them. | |
| 18 | The file format has attributes and values. Some attributes have attributes | |
| 19 | inside them. | |
| 19 | 20 | The notation is: attribute: value. |
| 20 | 21 | .P |
| 21 | 22 | Comments start with # and last to the end of line. Empty lines are |
| 22 | 23 | ignored as is whitespace at the beginning of a line. |
| 23 | 24 | .P |
| 24 | The utility | |
| 25 | The utility | |
| 25 | 26 | \fIunbound\-checkconf\fR(8) |
| 26 | 27 | can be used to check unbound.conf prior to usage. |
| 27 | 28 | .SH "EXAMPLE" |
| 29 | 30 | and start the server with: |
| 30 | 31 | .P |
| 31 | 32 | .nf |
| 32 | $ unbound \-c /etc/unbound/unbound.conf | |
| 33 | $ unbound \-c /etc/unbound/unbound.conf | |
| 33 | 34 | .fi |
| 34 | 35 | .P |
| 35 | 36 | Most settings are the defaults. Stop the server with: |
| 61 | 62 | access\-control: 2001:DB8::/64 allow |
| 62 | 63 | .fi |
| 63 | 64 | .SH "FILE FORMAT" |
| 64 | There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute | |
| 65 | is followed by its containing attributes, or a value. | |
| 65 | There must be whitespace between keywords. Attribute keywords end with a colon ':'. | |
| 66 | An attribute is followed by its containing attributes, or a value. | |
| 66 | 67 | .P |
| 67 | 68 | Files can be included using the |
| 68 | 69 | .B include: |
| 70 | 71 | Processing continues as if the text from the included file was copied into |
| 71 | 72 | the config file at that point. If also using chroot, using full path names |
| 72 | 73 | for the included files works, relative pathnames for the included names work |
| 73 | if the directory where the daemon is started equals its chroot/working | |
| 74 | if the directory where the daemon is started equals its chroot/working | |
| 74 | 75 | directory or is specified before the include statement with directory: dir. |
| 75 | 76 | Wildcards can be used to include multiple files, see \fIglob\fR(7). |
| 76 | 77 | .SS "Server Options" |
| 79 | 80 | clause. |
| 80 | 81 | .TP |
| 81 | 82 | .B verbosity: \fI<number> |
| 82 | The verbosity number, level 0 means no verbosity, only errors. Level 1 | |
| 83 | The verbosity number, level 0 means no verbosity, only errors. Level 1 | |
| 83 | 84 | gives operational information. Level 2 gives detailed operational |
| 84 | information. Level 3 gives query level information, output per query. | |
| 85 | Level 4 gives algorithm level information. Level 5 logs client | |
| 86 | identification for cache misses. Default is level 1. | |
| 85 | information. Level 3 gives query level information, output per query. | |
| 86 | Level 4 gives algorithm level information. Level 5 logs client | |
| 87 | identification for cache misses. Default is level 1. | |
| 87 | 88 | The verbosity can also be increased from the commandline, see \fIunbound\fR(8). |
| 88 | 89 | .TP |
| 89 | 90 | .B statistics\-interval: \fI<seconds> |
| 90 | 91 | The number of seconds between printing statistics to the log for every thread. |
| 91 | 92 | Disable with value 0 or "". Default is disabled. The histogram statistics |
| 92 | are only printed if replies were sent during the statistics interval, | |
| 93 | are only printed if replies were sent during the statistics interval, | |
| 93 | 94 | requestlist statistics are printed for every interval (but can be 0). |
| 94 | 95 | This is because the median calculation requires data to be present. |
| 95 | 96 | .TP |
| 98 | 99 | the statistics counters after logging the statistics. Default is no. |
| 99 | 100 | .TP |
| 100 | 101 | .B extended\-statistics: \fI<yes or no> |
| 101 | If enabled, extended statistics are printed from \fIunbound\-control\fR(8). | |
| 102 | If enabled, extended statistics are printed from \fIunbound\-control\fR(8). | |
| 102 | 103 | Default is off, because keeping track of more statistics takes time. The |
| 103 | 104 | counters are listed in \fIunbound\-control\fR(8). |
| 104 | 105 | .TP |
| 111 | 112 | .B interface: \fI<ip address[@port]> |
| 112 | 113 | Interface to use to connect to the network. This interface is listened to |
| 113 | 114 | for queries from clients, and answers to clients are given from it. |
| 114 | Can be given multiple times to work on several interfaces. If none are | |
| 115 | Can be given multiple times to work on several interfaces. If none are | |
| 115 | 116 | given the default is to listen to localhost. |
| 116 | 117 | The interfaces are not changed on a reload (kill \-HUP) but only on restart. |
| 117 | 118 | A port number can be specified with @port (without spaces between |
| 122 | 123 | Same as interface: (for easy of compatibility with nsd.conf). |
| 123 | 124 | .TP |
| 124 | 125 | .B interface\-automatic: \fI<yes or no> |
| 125 | Detect source interface on UDP queries and copy them to replies. This | |
| 126 | Detect source interface on UDP queries and copy them to replies. This | |
| 126 | 127 | feature is experimental, and needs support in your OS for particular socket |
| 127 | 128 | options. Default value is no. |
| 128 | 129 | .TP |
| 129 | 130 | .B outgoing\-interface: \fI<ip address or ip6 netblock> |
| 130 | 131 | Interface to use to connect to the network. This interface is used to send |
| 131 | queries to authoritative servers and receive their replies. Can be given | |
| 132 | multiple times to work on several interfaces. If none are given the | |
| 133 | default (all) is used. You can specify the same interfaces in | |
| 132 | queries to authoritative servers and receive their replies. Can be given | |
| 133 | multiple times to work on several interfaces. If none are given the | |
| 134 | default (all) is used. You can specify the same interfaces in | |
| 134 | 135 | .B interface: |
| 135 | 136 | and |
| 136 | 137 | .B outgoing\-interface: |
| 137 | lines, the interfaces are then used for both purposes. Outgoing queries are | |
| 138 | lines, the interfaces are then used for both purposes. Outgoing queries are | |
| 138 | 139 | sent via a random outgoing interface to counter spoofing. |
| 139 | 140 | .IP |
| 140 | 141 | If an IPv6 netblock is specified instead of an individual IPv6 address, |
| 154 | 155 | ip \-6 route add local mynetblock/64 dev lo |
| 155 | 156 | .TP |
| 156 | 157 | .B outgoing\-range: \fI<number> |
| 157 | Number of ports to open. This number of file descriptors can be opened per | |
| 158 | thread. Must be at least 1. Default depends on compile options. Larger | |
| 158 | Number of ports to open. This number of file descriptors can be opened per | |
| 159 | thread. Must be at least 1. Default depends on compile options. Larger | |
| 159 | 160 | numbers need extra resources from the operating system. For performance a |
| 160 | 161 | very large value is best, use libevent to make this possible. |
| 161 | 162 | .TP |
| 162 | 163 | .B outgoing\-port\-permit: \fI<port number or range> |
| 163 | 164 | Permit unbound to open this port or range of ports for use to send queries. |
| 164 | 165 | A larger number of permitted outgoing ports increases resilience against |
| 165 | spoofing attempts. Make sure these ports are not needed by other daemons. | |
| 166 | spoofing attempts. Make sure these ports are not needed by other daemons. | |
| 166 | 167 | By default only ports above 1024 that have not been assigned by IANA are used. |
| 167 | 168 | Give a port number or a range of the form "low\-high", without spaces. |
| 168 | 169 | .IP |
| 169 | The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements | |
| 170 | are processed in the line order of the config file, adding the permitted ports | |
| 171 | and subtracting the avoided ports from the set of allowed ports. The | |
| 172 | processing starts with the non IANA allocated ports above 1024 in the set | |
| 170 | The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements | |
| 171 | are processed in the line order of the config file, adding the permitted ports | |
| 172 | and subtracting the avoided ports from the set of allowed ports. The | |
| 173 | processing starts with the non IANA allocated ports above 1024 in the set | |
| 173 | 174 | of allowed ports. |
| 174 | 175 | .TP |
| 175 | 176 | .B outgoing\-port\-avoid: \fI<port number or range> |
| 176 | Do not permit unbound to open this port or range of ports for use to send | |
| 177 | Do not permit unbound to open this port or range of ports for use to send | |
| 177 | 178 | queries. Use this to make sure unbound does not grab a port that another |
| 178 | 179 | daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6. |
| 179 | 180 | By default only ports above 1024 that have not been assigned by IANA are used. |
| 203 | 204 | .B max\-udp\-size: \fI<number> |
| 204 | 205 | Maximum UDP response size (not applied to TCP response). 65536 disables the |
| 205 | 206 | udp response size maximum, and uses the choice from the client, always. |
| 206 | Suggested values are 512 to 4096. Default is 4096. | |
| 207 | Suggested values are 512 to 4096. Default is 4096. | |
| 207 | 208 | .TP |
| 208 | 209 | .B msg\-buffer\-size: \fI<number> |
| 209 | 210 | Number of bytes size of the message buffers. Default is 65552 bytes, enough |
| 210 | 211 | for 64 Kb packets, the maximum DNS message size. No message larger than this |
| 211 | 212 | can be sent or received. Can be reduced to use less memory, but some requests |
| 212 | for DNS data, such as for huge resource records, will result in a SERVFAIL | |
| 213 | for DNS data, such as for huge resource records, will result in a SERVFAIL | |
| 213 | 214 | reply to the client. |
| 214 | 215 | .TP |
| 215 | 216 | .B msg\-cache\-size: \fI<number> |
| 219 | 220 | .TP |
| 220 | 221 | .B msg\-cache\-slabs: \fI<number> |
| 221 | 222 | Number of slabs in the message cache. Slabs reduce lock contention by threads. |
| 222 | Must be set to a power of 2. Setting (close) to the number of cpus is a | |
| 223 | Must be set to a power of 2. Setting (close) to the number of cpus is a | |
| 223 | 224 | reasonable guess. |
| 224 | 225 | .TP |
| 225 | 226 | .B num\-queries\-per\-thread: \fI<number> |
| 231 | 232 | .TP |
| 232 | 233 | .B jostle\-timeout: \fI<msec> |
| 233 | 234 | Timeout used when the server is very busy. Set to a value that usually |
| 234 | results in one roundtrip to the authority servers. If too many queries | |
| 235 | results in one roundtrip to the authority servers. If too many queries | |
| 235 | 236 | arrive, then 50% of the queries are allowed to run to completion, and |
| 236 | the other 50% are replaced with the new incoming query if they have already | |
| 237 | spent more than their allowed time. This protects against denial of | |
| 237 | the other 50% are replaced with the new incoming query if they have already | |
| 238 | spent more than their allowed time. This protects against denial of | |
| 238 | 239 | service by slow queries or high query rates. Default 200 milliseconds. |
| 239 | The effect is that the qps for long-lasting queries is about | |
| 240 | The effect is that the qps for long-lasting queries is about | |
| 240 | 241 | (numqueriesperthread / 2) / (average time for such long queries) qps. |
| 241 | 242 | The qps for short queries can be about (numqueriesperthread / 2) |
| 242 | 243 | / (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560 |
| 307 | 308 | .TP |
| 308 | 309 | .B rrset\-cache\-slabs: \fI<number> |
| 309 | 310 | Number of slabs in the RRset cache. Slabs reduce lock contention by threads. |
| 310 | Must be set to a power of 2. | |
| 311 | Must be set to a power of 2. | |
| 311 | 312 | .TP |
| 312 | 313 | .B cache\-max\-ttl: \fI<seconds> |
| 313 | Time to live maximum for RRsets and messages in the cache. Default is | |
| 314 | 86400 seconds (1 day). If the maximum kicks in, responses to clients | |
| 315 | still get decrementing TTLs based on the original (larger) values. | |
| 314 | Time to live maximum for RRsets and messages in the cache. Default is | |
| 315 | 86400 seconds (1 day). If the maximum kicks in, responses to clients | |
| 316 | still get decrementing TTLs based on the original (larger) values. | |
| 316 | 317 | When the internal TTL expires, the cache item has expired. |
| 317 | 318 | Can be set lower to force the resolver to query for data often, and not |
| 318 | 319 | trust (very large) TTL values. |
| 322 | 323 | If the minimum kicks in, the data is cached for longer than the domain |
| 323 | 324 | owner intended, and thus less queries are made to look up the data. |
| 324 | 325 | Zero makes sure the data in the cache is as the domain owner intended, |
| 325 | higher values, especially more than an hour or so, can lead to trouble as | |
| 326 | higher values, especially more than an hour or so, can lead to trouble as | |
| 326 | 327 | the data in the cache does not match up with the actual data any more. |
| 327 | 328 | .TP |
| 328 | 329 | .B cache\-max\-negative\-ttl: \fI<seconds> |
| 330 | 331 | authority section that is limited in time. Default is 3600. |
| 331 | 332 | .TP |
| 332 | 333 | .B infra\-host\-ttl: \fI<seconds> |
| 333 | Time to live for entries in the host cache. The host cache contains | |
| 334 | Time to live for entries in the host cache. The host cache contains | |
| 334 | 335 | roundtrip timing, lameness and EDNS support information. Default is 900. |
| 335 | 336 | .TP |
| 336 | 337 | .B infra\-cache\-slabs: \fI<number> |
| 337 | Number of slabs in the infrastructure cache. Slabs reduce lock contention | |
| 338 | by threads. Must be set to a power of 2. | |
| 338 | Number of slabs in the infrastructure cache. Slabs reduce lock contention | |
| 339 | by threads. Must be set to a power of 2. | |
| 339 | 340 | .TP |
| 340 | 341 | .B infra\-cache\-numhosts: \fI<number> |
| 341 | 342 | Number of hosts for which information is cached. Default is 10000. |
| 371 | 372 | .TP |
| 372 | 373 | .B tcp\-mss: \fI<number> |
| 373 | 374 | Maximum segment size (MSS) of TCP socket on which the server responds |
| 374 | to queries. Value lower than common MSS on Ethernet | |
| 375 | to queries. Value lower than common MSS on Ethernet | |
| 375 | 376 | (1220 for example) will address path MTU problem. |
| 376 | 377 | Note that not all platform supports socket option to set MSS (TCP_MAXSEG). |
| 377 | 378 | Default is system default MSS determined by interface MTU and |
| 392 | 393 | .B ssl\-upstream: \fI<yes or no> |
| 393 | 394 | Enabled or disable whether the upstream queries use SSL only for transport. |
| 394 | 395 | Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in |
| 395 | TCP wireformat. The other server must support this (see \fBssl\-service\-key\fR). | |
| 396 | TCP wireformat. The other server must support this (see | |
| 397 | \fBssl\-service\-key\fR). | |
| 396 | 398 | .TP |
| 397 | 399 | .B ssl\-service-key: \fI<file> |
| 398 | 400 | If enabled, the server provider SSL service on its TCP sockets. The clients |
| 412 | 414 | The port number on which to provide TCP SSL service, default 853, only |
| 413 | 415 | interfaces configured with that port number as @number get the SSL service. |
| 414 | 416 | .TP |
| 417 | .B use\-systemd: \fI<yes or no> | |
| 418 | Enable or disable systemd socket activation. | |
| 419 | Default is no. | |
| 420 | .TP | |
| 415 | 421 | .B do\-daemonize: \fI<yes or no> |
| 416 | 422 | Enable or disable whether the unbound server forks into the background as |
| 417 | a daemon. Default is yes. | |
| 423 | a daemon. Set the value to \fIno\fR when unbound runs as systemd service. | |
| 424 | Default is yes. | |
| 418 | 425 | .TP |
| 419 | 426 | .B access\-control: \fI<IP netblock> <action> |
| 420 | The netblock is given as an IP4 or IP6 address with /size appended for a | |
| 421 | classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, | |
| 427 | The netblock is given as an IP4 or IP6 address with /size appended for a | |
| 428 | classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, | |
| 422 | 429 | \fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR. |
| 423 | 430 | The most specific netblock match is used, if none match \fIdeny\fR is used. |
| 424 | 431 | .IP |
| 425 | 432 | The action \fIdeny\fR stops queries from hosts from that netblock. |
| 426 | 433 | .IP |
| 427 | The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED | |
| 434 | The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED | |
| 428 | 435 | error message back. |
| 429 | 436 | .IP |
| 430 | The action \fIallow\fR gives access to clients from that netblock. | |
| 431 | It gives only access for recursion clients (which is | |
| 437 | The action \fIallow\fR gives access to clients from that netblock. | |
| 438 | It gives only access for recursion clients (which is | |
| 432 | 439 | what almost all clients need). Nonrecursive queries are refused. |
| 433 | 440 | .IP |
| 434 | The \fIallow\fR action does allow nonrecursive queries to access the | |
| 441 | The \fIallow\fR action does allow nonrecursive queries to access the | |
| 435 | 442 | local\-data that is configured. The reason is that this does not involve |
| 436 | the unbound server recursive lookup algorithm, and static data is served | |
| 437 | in the reply. This supports normal operations where nonrecursive queries | |
| 438 | are made for the authoritative data. For nonrecursive queries any replies | |
| 443 | the unbound server recursive lookup algorithm, and static data is served | |
| 444 | in the reply. This supports normal operations where nonrecursive queries | |
| 445 | are made for the authoritative data. For nonrecursive queries any replies | |
| 439 | 446 | from the dynamic cache are refused. |
| 440 | 447 | .IP |
| 441 | The action \fIallow_snoop\fR gives nonrecursive access too. This give | |
| 442 | both recursive and non recursive access. The name \fIallow_snoop\fR refers | |
| 448 | The action \fIallow_snoop\fR gives nonrecursive access too. This give | |
| 449 | both recursive and non recursive access. The name \fIallow_snoop\fR refers | |
| 443 | 450 | to cache snooping, a technique to use nonrecursive queries to examine |
| 444 | the cache contents (for malicious acts). However, nonrecursive queries can | |
| 445 | also be a valuable debugging tool (when you want to examine the cache | |
| 451 | the cache contents (for malicious acts). However, nonrecursive queries can | |
| 452 | also be a valuable debugging tool (when you want to examine the cache | |
| 446 | 453 | contents). In that case use \fIallow_snoop\fR for your administration host. |
| 447 | 454 | .IP |
| 448 | 455 | By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd. |
| 449 | The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS | |
| 450 | protocol is not designed to handle dropped packets due to policy, and | |
| 456 | The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS | |
| 457 | protocol is not designed to handle dropped packets due to policy, and | |
| 451 | 458 | dropping may result in (possibly excessive) retried queries. |
| 452 | 459 | .IP |
| 453 | 460 | The deny_non_local and refuse_non_local settings are for hosts that are |
| 479 | 486 | .B chroot: \fI<directory> |
| 480 | 487 | If chroot is enabled, you should pass the configfile (from the |
| 481 | 488 | commandline) as a full path from the original root. After the |
| 482 | chroot has been performed the now defunct portion of the config | |
| 483 | file path is removed to be able to reread the config after a reload. | |
| 489 | chroot has been performed the now defunct portion of the config | |
| 490 | file path is removed to be able to reread the config after a reload. | |
| 484 | 491 | .IP |
| 485 | 492 | All other file paths (working dir, logfile, roothints, and |
| 486 | 493 | key files) can be specified in several ways: |
| 491 | 498 | .IP |
| 492 | 499 | The pidfile can be either a relative path to the working directory, or |
| 493 | 500 | an absolute path relative to the original root. It is written just prior |
| 494 | to chroot and dropping permissions. This allows the pidfile to be | |
| 501 | to chroot and dropping permissions. This allows the pidfile to be | |
| 495 | 502 | /var/run/unbound.pid and the chroot to be /var/unbound, for example. |
| 496 | 503 | .IP |
| 497 | 504 | Additionally, unbound may need to access /dev/random (for entropy) |
| 498 | 505 | from inside the chroot. |
| 499 | 506 | .IP |
| 500 | If given a chroot is done to the given directory. The default is | |
| 507 | If given a chroot is done to the given directory. The default is | |
| 501 | 508 | "@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed. |
| 502 | 509 | .TP |
| 503 | 510 | .B username: \fI<name> |
| 504 | 511 | If given, after binding the port the user privileges are dropped. Default is |
| 505 | "@UNBOUND_USERNAME@". If you give username: "" no user change is performed. | |
| 512 | "@UNBOUND_USERNAME@". If you give username: "" no user change is performed. | |
| 506 | 513 | .IP |
| 507 | 514 | If this user is not capable of binding the |
| 508 | 515 | port, reloads (by signal HUP) will still retain the opened ports. |
| 509 | If you change the port number in the config file, and that new port number | |
| 516 | If you change the port number in the config file, and that new port number | |
| 510 | 517 | requires privileges, then a reload will fail; a restart is needed. |
| 511 | 518 | .TP |
| 512 | 519 | .B directory: \fI<directory> |
| 518 | 525 | .TP |
| 519 | 526 | .B logfile: \fI<filename> |
| 520 | 527 | If "" is given, logging goes to stderr, or nowhere once daemonized. |
| 521 | The logfile is appended to, in the following format: | |
| 528 | The logfile is appended to, in the following format: | |
| 522 | 529 | .nf |
| 523 | [seconds since 1970] unbound[pid:tid]: type: message. | |
| 530 | [seconds since 1970] unbound[pid:tid]: type: message. | |
| 524 | 531 | .fi |
| 525 | 532 | If this option is given, the use\-syslog is option is set to "no". |
| 526 | The logfile is reopened (for append) when the config file is reread, on | |
| 533 | The logfile is reopened (for append) when the config file is reread, on | |
| 527 | 534 | SIGHUP. |
| 528 | 535 | .TP |
| 529 | 536 | .B use\-syslog: \fI<yes or no> |
| 530 | Sets unbound to send log messages to the syslogd, using | |
| 531 | \fIsyslog\fR(3). | |
| 537 | Sets unbound to send log messages to the syslogd, using | |
| 538 | \fIsyslog\fR(3). | |
| 532 | 539 | The log facility LOG_DAEMON is used, with identity "unbound". |
| 533 | 540 | The logfile setting is overridden when use\-syslog is turned on. |
| 534 | 541 | The default is to log to syslog. |
| 551 | 558 | lines which makes the server (significantly) slower. Odd (nonprintable) |
| 552 | 559 | characters in names are printed as '?'. |
| 553 | 560 | .TP |
| 561 | .B log\-replies: \fI<yes or no> | |
| 562 | Prints one line per reply to the log, with the log timestamp and IP address, | |
| 563 | name, type, class, return code, time to resolve, from cache and response size. | |
| 564 | Default is no. Note that it takes time to print these | |
| 565 | lines which makes the server (significantly) slower. Odd (nonprintable) | |
| 566 | characters in names are printed as '?'. | |
| 567 | .TP | |
| 554 | 568 | .B pidfile: \fI<filename> |
| 555 | The process id is written to the file. Default is "@UNBOUND_PIDFILE@". | |
| 569 | The process id is written to the file. Default is "@UNBOUND_PIDFILE@". | |
| 556 | 570 | So, |
| 557 | 571 | .nf |
| 558 | kill \-HUP `cat @UNBOUND_PIDFILE@` | |
| 572 | kill \-HUP `cat @UNBOUND_PIDFILE@` | |
| 559 | 573 | .fi |
| 560 | 574 | triggers a reload, |
| 561 | 575 | .nf |
| 562 | kill \-TERM `cat @UNBOUND_PIDFILE@` | |
| 576 | kill \-TERM `cat @UNBOUND_PIDFILE@` | |
| 563 | 577 | .fi |
| 564 | 578 | gracefully terminates. |
| 565 | 579 | .TP |
| 566 | 580 | .B root\-hints: \fI<filename> |
| 567 | 581 | Read the root hints from this file. Default is nothing, using builtin hints |
| 568 | for the IN class. The file has the format of zone files, with root | |
| 582 | for the IN class. The file has the format of zone files, with root | |
| 569 | 583 | nameserver names and addresses only. The default may become outdated, |
| 570 | 584 | when servers change, therefore it is good practice to use a root\-hints file. |
| 571 | 585 | .TP |
| 583 | 597 | Set the version to report. If set to "", the default, then the package |
| 584 | 598 | version is returned. |
| 585 | 599 | .TP |
| 600 | .B hide\-trustanchor: \fI<yes or no> | |
| 601 | If enabled trustanchor.unbound queries are refused. | |
| 602 | .TP | |
| 586 | 603 | .B target\-fetch\-policy: \fI<"list of numbers"> |
| 587 | 604 | Set the target fetch policy used by unbound to determine if it should fetch |
| 588 | 605 | nameserver target addresses opportunistically. The policy is described per |
| 589 | dependency depth. | |
| 606 | dependency depth. | |
| 590 | 607 | .IP |
| 591 | 608 | The number of values determines the maximum dependency depth |
| 592 | that unbound will pursue in answering a query. | |
| 609 | that unbound will pursue in answering a query. | |
| 593 | 610 | A value of \-1 means to fetch all targets opportunistically for that dependency |
| 594 | 611 | depth. A value of 0 means to fetch on demand only. A positive value fetches |
| 595 | that many targets opportunistically. | |
| 612 | that many targets opportunistically. | |
| 596 | 613 | .IP |
| 597 | 614 | Enclose the list between quotes ("") and put spaces between numbers. |
| 598 | 615 | The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour |
| 599 | closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour | |
| 616 | closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour | |
| 600 | 617 | rumoured to be closer to that of BIND 8. |
| 601 | 618 | .TP |
| 602 | 619 | .B harden\-short\-bufsize: \fI<yes or no> |
| 603 | 620 | Very small EDNS buffer sizes from queries are ignored. Default is off, since |
| 604 | it is legal protocol wise to send these, and unbound tries to give very | |
| 621 | it is legal protocol wise to send these, and unbound tries to give very | |
| 605 | 622 | small answers to these queries, where possible. |
| 606 | 623 | .TP |
| 607 | 624 | .B harden\-large\-queries: \fI<yes or no> |
| 615 | 632 | .B harden\-dnssec\-stripped: \fI<yes or no> |
| 616 | 633 | Require DNSSEC data for trust\-anchored zones, if such data is absent, |
| 617 | 634 | the zone becomes bogus. If turned off, and no DNSSEC data is received |
| 618 | (or the DNSKEY data fails to validate), then the zone is made insecure, | |
| 619 | this behaves like there is no trust anchor. You could turn this off if | |
| 620 | you are sometimes behind an intrusive firewall (of some sort) that | |
| 621 | removes DNSSEC data from packets, or a zone changes from signed to | |
| 622 | unsigned to badly signed often. If turned off you run the risk of a | |
| 635 | (or the DNSKEY data fails to validate), then the zone is made insecure, | |
| 636 | this behaves like there is no trust anchor. You could turn this off if | |
| 637 | you are sometimes behind an intrusive firewall (of some sort) that | |
| 638 | removes DNSSEC data from packets, or a zone changes from signed to | |
| 639 | unsigned to badly signed often. If turned off you run the risk of a | |
| 623 | 640 | downgrade attack that disables security for a zone. Default is on. |
| 624 | 641 | .TP |
| 625 | 642 | .B harden\-below\-nxdomain: \fI<yes or no> |
| 637 | 654 | Harden the referral path by performing additional queries for |
| 638 | 655 | infrastructure data. Validates the replies if trust anchors are configured |
| 639 | 656 | and the zones are signed. This enforces DNSSEC validation on nameserver |
| 640 | NS sets and the nameserver addresses that are encountered on the referral | |
| 657 | NS sets and the nameserver addresses that are encountered on the referral | |
| 641 | 658 | path to the answer. |
| 642 | 659 | Default off, because it burdens the authority servers, and it is |
| 643 | 660 | not RFC standard, and could lead to performance problems because of the |
| 654 | 671 | .TP |
| 655 | 672 | .B use\-caps\-for\-id: \fI<yes or no> |
| 656 | 673 | Use 0x20\-encoded random bits in the query to foil spoof attempts. |
| 657 | This perturbs the lowercase and uppercase of query names sent to | |
| 658 | authority servers and checks if the reply still has the correct casing. | |
| 659 | Disabled by default. | |
| 674 | This perturbs the lowercase and uppercase of query names sent to | |
| 675 | authority servers and checks if the reply still has the correct casing. | |
| 676 | Disabled by default. | |
| 660 | 677 | This feature is an experimental implementation of draft dns\-0x20. |
| 661 | 678 | .TP |
| 662 | 679 | .B caps\-whitelist: \fI<domain> |
| 667 | 684 | .TP |
| 668 | 685 | .B qname\-minimisation: \fI<yes or no> |
| 669 | 686 | Send minimum amount of information to upstream servers to enhance privacy. |
| 670 | Only sent minimum required labels of the QNAME and set QTYPE to NS when | |
| 687 | Only sent minimum required labels of the QNAME and set QTYPE to NS when | |
| 671 | 688 | possible. Best effort approach; full QNAME and original QTYPE will be sent when |
| 672 | 689 | upstream replies with a RCODE other than NOERROR, except when receiving |
| 673 | 690 | NXDOMAIN from a DNSSEC signed zone. Default is off. |
| 699 | 716 | .TP |
| 700 | 717 | .B private\-domain: \fI<domain name> |
| 701 | 718 | Allow this domain, and all its subdomains to contain private addresses. |
| 702 | Give multiple times to allow multiple domain names to contain private | |
| 719 | Give multiple times to allow multiple domain names to contain private | |
| 703 | 720 | addresses. Default is none. |
| 704 | 721 | .TP |
| 705 | 722 | .B unwanted\-reply\-threshold: \fI<number> |
| 710 | 727 | is suggested. Default is 0 (turned off). |
| 711 | 728 | .TP |
| 712 | 729 | .B do\-not\-query\-address: \fI<IP address> |
| 713 | Do not query the given IP address. Can be IP4 or IP6. Append /num to | |
| 730 | Do not query the given IP address. Can be IP4 or IP6. Append /num to | |
| 714 | 731 | indicate a classless delegation netblock, for example like |
| 715 | 732 | 10.2.3.4/24 or 2001::11/64. |
| 716 | 733 | .TP |
| 769 | 786 | \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, |
| 770 | 787 | so the unbound user must have write permission. Write permission to the file, |
| 771 | 788 | but also to the directory it is in (to create a temporary file, which is |
| 772 | necessary to deal with filesystem full events). | |
| 789 | necessary to deal with filesystem full events), it must also be inside the | |
| 790 | chroot (if that is used). | |
| 773 | 791 | .TP |
| 774 | 792 | .B trust\-anchor: \fI<"Resource Record"> |
| 775 | 793 | A DS or DNSKEY RR for a key to use for validation. Multiple entries can be |
| 776 | 794 | given to specify multiple trusted keys, in addition to the trust\-anchor\-files. |
| 777 | 795 | The resource record is entered in the same format as 'dig' or 'drill' prints |
| 778 | 796 | them, the same format as in the zone file. Has to be on a single line, with |
| 779 | "" around it. A TTL can be specified for ease of cut and paste, but is ignored. | |
| 797 | "" around it. A TTL can be specified for ease of cut and paste, but is ignored. | |
| 780 | 798 | A class can be specified, but class IN is default. |
| 781 | 799 | .TP |
| 782 | 800 | .B trusted\-keys\-file: \fI<filename> |
| 783 | 801 | File with trusted keys for validation. Specify more than one file |
| 784 | 802 | with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR |
| 785 | but has a different file format. Format is BIND\-9 style format, | |
| 803 | but has a different file format. Format is BIND\-9 style format, | |
| 786 | 804 | the trusted\-keys { name flag proto algo "key"; }; clauses are read. |
| 787 | 805 | It is possible to use wildcards with this statement, the wildcard is |
| 788 | 806 | expanded on start and on reload. |
| 807 | .TP | |
| 808 | .B trust\-anchor\-signaling: \fI<yes or no> | |
| 809 | Send RFC8145 key tag query after trust anchor priming. Default is off. | |
| 789 | 810 | .TP |
| 790 | 811 | .B dlv\-anchor\-file: \fI<filename> |
| 791 | 812 | This option was used during early days DNSSEC deployment when no parent-side |
| 794 | 815 | File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and |
| 795 | 816 | DNSKEY entries can be used in the file, in the same format as for |
| 796 | 817 | \fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more |
| 797 | would be slow. The DLV configured is used as a root trusted DLV, this | |
| 798 | means that it is a lookaside for the root. Default is "", or no dlv anchor file. | |
| 799 | DLV is going to be decommissioned. Please do not use it any more. | |
| 818 | would be slow. The DLV configured is used as a root trusted DLV, this | |
| 819 | means that it is a lookaside for the root. Default is "", or no dlv anchor | |
| 820 | file. DLV is going to be decommissioned. Please do not use it any more. | |
| 800 | 821 | .TP |
| 801 | 822 | .B dlv\-anchor: \fI<"Resource Record"> |
| 802 | 823 | Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. |
| 808 | 829 | domain secure with a DS record, such a DS record is then ignored. |
| 809 | 830 | Also keys from DLV are ignored for the domain. Can be given multiple times |
| 810 | 831 | to specify multiple domains that are treated as if unsigned. If you set |
| 811 | trust anchors for the domain they override this setting (and the domain | |
| 832 | trust anchors for the domain they override this setting (and the domain | |
| 812 | 833 | is secured). |
| 813 | 834 | .IP |
| 814 | 835 | This can be useful if you want to make sure a trust anchor for external |
| 815 | lookups does not affect an (unsigned) internal domain. A DS record | |
| 836 | lookups does not affect an (unsigned) internal domain. A DS record | |
| 816 | 837 | externally can create validation failures for that internal domain. |
| 817 | 838 | .TP |
| 818 | 839 | .B val\-override\-date: \fI<rrsig\-style date spec> |
| 819 | 840 | Default is "" or "0", which disables this debugging feature. If enabled by |
| 820 | 841 | giving a RRSIG style date, that date is used for verifying RRSIG inception |
| 821 | and expiration dates, instead of the current date. Do not set this unless | |
| 842 | and expiration dates, instead of the current date. Do not set this unless | |
| 822 | 843 | you are debugging signature inception and expiration. The value \-1 ignores |
| 823 | 844 | the date altogether, useful for some special applications. |
| 824 | 845 | .TP |
| 848 | 869 | Instruct the validator to remove data from the additional section of secure |
| 849 | 870 | messages that are not signed properly. Messages that are insecure, bogus, |
| 850 | 871 | indeterminate or unchecked are not affected. Default is yes. Use this setting |
| 851 | to protect the users that rely on this validator for authentication from | |
| 872 | to protect the users that rely on this validator for authentication from | |
| 852 | 873 | potentially bad data in the additional section. |
| 853 | 874 | .TP |
| 854 | 875 | .B val\-log\-level: \fI<number> |
| 863 | 884 | .B val\-permissive\-mode: \fI<yes or no> |
| 864 | 885 | Instruct the validator to mark bogus messages as indeterminate. The security |
| 865 | 886 | checks are performed, but if the result is bogus (failed security), the |
| 866 | reply is not withheld from the client with SERVFAIL as usual. The client | |
| 867 | receives the bogus data. For messages that are found to be secure the AD bit | |
| 887 | reply is not withheld from the client with SERVFAIL as usual. The client | |
| 888 | receives the bogus data. For messages that are found to be secure the AD bit | |
| 868 | 889 | is set in replies. Also logging is performed as for full validation. |
| 869 | The default value is "no". | |
| 890 | The default value is "no". | |
| 870 | 891 | .TP |
| 871 | 892 | .B ignore\-cd\-flag: \fI<yes or no> |
| 872 | 893 | Instruct unbound to ignore the CD flag from clients and refuse to |
| 886 | 907 | by quotes. Default is "1024 150 2048 500 4096 2500". This determines the |
| 887 | 908 | maximum allowed NSEC3 iteration count before a message is simply marked |
| 888 | 909 | insecure instead of performing the many hashing iterations. The list must |
| 889 | be in ascending order and have at least one entry. If you set it to | |
| 910 | be in ascending order and have at least one entry. If you set it to | |
| 890 | 911 | "1024 65535" there is no restriction to NSEC3 iteration values. |
| 891 | 912 | This table must be kept short; a very long list could cause slower operation. |
| 892 | 913 | .TP |
| 921 | 942 | .TP |
| 922 | 943 | .B key\-cache\-slabs: \fI<number> |
| 923 | 944 | Number of slabs in the key cache. Slabs reduce lock contention by threads. |
| 924 | Must be set to a power of 2. Setting (close) to the number of cpus is a | |
| 945 | Must be set to a power of 2. Setting (close) to the number of cpus is a | |
| 925 | 946 | reasonable guess. |
| 926 | 947 | .TP |
| 927 | 948 | .B neg\-cache\-size: \fI<number> |
| 972 | 993 | For a negative answer a SOA is included in the answer if present |
| 973 | 994 | as local\-data for the zone apex domain. |
| 974 | 995 | .TP 10 |
| 975 | \h'5'\fItransparent\fR | |
| 996 | \h'5'\fItransparent\fR | |
| 976 | 997 | If there is a match from local data, the query is answered. |
| 977 | 998 | Otherwise if the query has a different name, the query is resolved normally. |
| 978 | 999 | If the query is for a name given in localdata but no such type of data is |
| 980 | 1001 | If no local\-zone is given local\-data causes a transparent zone |
| 981 | 1002 | to be created by default. |
| 982 | 1003 | .TP 10 |
| 983 | \h'5'\fItypetransparent\fR | |
| 1004 | \h'5'\fItypetransparent\fR | |
| 984 | 1005 | If there is a match from local data, the query is answered. If the query |
| 985 | 1006 | is for a different name, or for the same name but for a different type, |
| 986 | 1007 | the query is resolved normally. So, similar to transparent but types |
| 987 | 1008 | that are not listed in local data are resolved normally, so if an A record |
| 988 | 1009 | is in the local data that does not cause a nodata reply for AAAA queries. |
| 989 | 1010 | .TP 10 |
| 990 | \h'5'\fIredirect\fR | |
| 1011 | \h'5'\fIredirect\fR | |
| 991 | 1012 | The query is answered from the local data for the zone name. |
| 992 | 1013 | There may be no local data beneath the zone name. |
| 993 | 1014 | This answers queries for the zone, and all subdomains of the zone |
| 994 | 1015 | with the local data for the zone. |
| 995 | 1016 | It can be used to redirect a domain to return a different address record |
| 996 | to the end user, with | |
| 997 | local\-zone: "example.com." redirect and | |
| 1017 | to the end user, with | |
| 1018 | local\-zone: "example.com." redirect and | |
| 998 | 1019 | local\-data: "example.com. A 127.0.0.1" |
| 999 | 1020 | queries for www.example.com and www.foo.example.com are redirected, so |
| 1000 | 1021 | that users with web browsers cannot access sites with suffix example.com. |
| 1001 | 1022 | .TP 10 |
| 1002 | \h'5'\fIinform\fR | |
| 1023 | \h'5'\fIinform\fR | |
| 1003 | 1024 | The query is answered normally, same as transparent. The client IP |
| 1004 | 1025 | address (@portnumber) is printed to the logfile. The log message is: |
| 1005 | 1026 | timestamp, unbound-pid, info: zonename inform IP@port queryname type |
| 1006 | 1027 | class. This option can be used for normal resolution, but machines |
| 1007 | 1028 | looking up infected names are logged, eg. to run antivirus on them. |
| 1008 | 1029 | .TP 10 |
| 1009 | \h'5'\fIinform_deny\fR | |
| 1030 | \h'5'\fIinform_deny\fR | |
| 1010 | 1031 | The query is dropped, like 'deny', and logged, like 'inform'. Ie. find |
| 1011 | 1032 | infected machines without answering the queries. |
| 1012 | 1033 | .TP 10 |
| 1013 | \h'5'\fIalways_transparent\fR | |
| 1034 | \h'5'\fIalways_transparent\fR | |
| 1014 | 1035 | Like transparent, but ignores local data and resolves normally. |
| 1015 | 1036 | .TP 10 |
| 1016 | \h'5'\fIalways_refuse\fR | |
| 1037 | \h'5'\fIalways_refuse\fR | |
| 1017 | 1038 | Like refuse, but ignores local data and refuses the query. |
| 1018 | 1039 | .TP 10 |
| 1019 | \h'5'\fIalways_nxdomain\fR | |
| 1040 | \h'5'\fIalways_nxdomain\fR | |
| 1020 | 1041 | Like static, but ignores local data and returns nxdomain for the query. |
| 1021 | 1042 | .TP 10 |
| 1022 | \h'5'\fInodefault\fR | |
| 1043 | \h'5'\fInodefault\fR | |
| 1023 | 1044 | Used to turn off default contents for AS112 zones. The other types |
| 1024 | also turn off default contents for the zone. The 'nodefault' option | |
| 1025 | has no other effect than turning off default contents for the | |
| 1045 | also turn off default contents for the zone. The 'nodefault' option | |
| 1046 | has no other effect than turning off default contents for the | |
| 1026 | 1047 | given zone. Use \fInodefault\fR if you use exactly that zone, if you want to |
| 1027 | 1048 | use a subzone, use \fItransparent\fR. |
| 1028 | 1049 | .P |
| 1031 | 1052 | reserved IP addresses for which the servers on the internet cannot provide |
| 1032 | 1053 | correct answers. They are configured by default to give nxdomain (no reverse |
| 1033 | 1054 | information) answers. The defaults can be turned off by specifying your |
| 1034 | own local\-zone of that name, or using the 'nodefault' type. Below is a | |
| 1055 | own local\-zone of that name, or using the 'nodefault' type. Below is a | |
| 1035 | 1056 | list of the default zone contents. |
| 1036 | 1057 | .TP 10 |
| 1037 | \h'5'\fIlocalhost\fR | |
| 1058 | \h'5'\fIlocalhost\fR | |
| 1038 | 1059 | The IP4 and IP6 localhost information is given. NS and SOA records are provided |
| 1039 | 1060 | for completeness and to satisfy some DNS update tools. Default content: |
| 1040 | 1061 | .nf |
| 1041 | 1062 | local\-zone: "localhost." static |
| 1042 | 1063 | local\-data: "localhost. 10800 IN NS localhost." |
| 1043 | local\-data: "localhost. 10800 IN | |
| 1064 | local\-data: "localhost. 10800 IN | |
| 1044 | 1065 | SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" |
| 1045 | 1066 | local\-data: "localhost. 10800 IN A 127.0.0.1" |
| 1046 | 1067 | local\-data: "localhost. 10800 IN AAAA ::1" |
| 1047 | 1068 | .fi |
| 1048 | 1069 | .TP 10 |
| 1049 | \h'5'\fIreverse IPv4 loopback\fR | |
| 1070 | \h'5'\fIreverse IPv4 loopback\fR | |
| 1050 | 1071 | Default content: |
| 1051 | 1072 | .nf |
| 1052 | 1073 | local\-zone: "127.in\-addr.arpa." static |
| 1053 | 1074 | local\-data: "127.in\-addr.arpa. 10800 IN NS localhost." |
| 1054 | local\-data: "127.in\-addr.arpa. 10800 IN | |
| 1075 | local\-data: "127.in\-addr.arpa. 10800 IN | |
| 1055 | 1076 | SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" |
| 1056 | local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN | |
| 1077 | local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN | |
| 1057 | 1078 | PTR localhost." |
| 1058 | 1079 | .fi |
| 1059 | 1080 | .TP 10 |
| 1060 | \h'5'\fIreverse IPv6 loopback\fR | |
| 1081 | \h'5'\fIreverse IPv6 loopback\fR | |
| 1061 | 1082 | Default content: |
| 1062 | 1083 | .nf |
| 1063 | 1084 | local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. |
| 1064 | 1085 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static |
| 1065 | 1086 | local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. |
| 1066 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN | |
| 1087 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN | |
| 1067 | 1088 | NS localhost." |
| 1068 | 1089 | local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. |
| 1069 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN | |
| 1090 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN | |
| 1070 | 1091 | SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" |
| 1071 | 1092 | local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. |
| 1072 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN | |
| 1093 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN | |
| 1073 | 1094 | PTR localhost." |
| 1074 | 1095 | .fi |
| 1075 | 1096 | .TP 10 |
| 1076 | \h'5'\fIonion (RFC 7686)\fR | |
| 1097 | \h'5'\fIonion (RFC 7686)\fR | |
| 1077 | 1098 | Default content: |
| 1078 | 1099 | .nf |
| 1079 | 1100 | local\-zone: "onion." static |
| 1080 | 1101 | local\-data: "onion. 10800 IN NS localhost." |
| 1081 | local\-data: "onion. 10800 IN | |
| 1102 | local\-data: "onion. 10800 IN | |
| 1082 | 1103 | SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" |
| 1083 | 1104 | .fi |
| 1084 | 1105 | .TP 10 |
| 1085 | \h'5'\fIreverse RFC1918 local use zones\fR | |
| 1086 | Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to | |
| 1106 | \h'5'\fIreverse RFC1918 local use zones\fR | |
| 1107 | Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to | |
| 1087 | 1108 | 31.172.in\-addr.arpa, 168.192.in\-addr.arpa. |
| 1088 | The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS | |
| 1109 | The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS | |
| 1089 | 1110 | records are provided. |
| 1090 | 1111 | .TP 10 |
| 1091 | \h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR | |
| 1092 | Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa, | |
| 1112 | \h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR | |
| 1113 | Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa, | |
| 1093 | 1114 | 2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2), |
| 1094 | 1115 | 113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa. |
| 1095 | 1116 | And from 64.100.in\-addr.arpa to 127.100.in\-addr.arpa (Shared Address Space). |
| 1096 | 1117 | .TP 10 |
| 1097 | 1118 | \h'5'\fIreverse RFC4291 IP6 unspecified\fR |
| 1098 | Reverse data for zone | |
| 1119 | Reverse data for zone | |
| 1099 | 1120 | .nf |
| 1100 | 1121 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. |
| 1101 | 1122 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. |
| 1120 | 1141 | .TP 5 |
| 1121 | 1142 | .B local\-data: \fI"<resource record string>" |
| 1122 | 1143 | Configure local data, which is served in reply to queries for it. |
| 1123 | The query has to match exactly unless you configure the local\-zone as | |
| 1144 | The query has to match exactly unless you configure the local\-zone as | |
| 1124 | 1145 | redirect. If not matched exactly, the local\-zone type determines |
| 1125 | 1146 | further processing. If local\-data is configured that is not a subdomain of |
| 1126 | a local\-zone, a transparent local\-zone is configured. | |
| 1127 | For record types such as TXT, use single quotes, as in | |
| 1147 | a local\-zone, a transparent local\-zone is configured. | |
| 1148 | For record types such as TXT, use single quotes, as in | |
| 1128 | 1149 | local\-data: 'example. TXT "text"'. |
| 1129 | 1150 | .IP |
| 1130 | 1151 | If you need more complicated authoritative data, with referrals, wildcards, |
| 1143 | 1164 | tags. |
| 1144 | 1165 | .TP 5 |
| 1145 | 1166 | .B local\-zone\-override: \fI<zone> <IP netblock> <type> |
| 1146 | Override the localzone type for queries from addresses matching netblock. | |
| 1167 | Override the localzone type for queries from addresses matching netblock. | |
| 1147 | 1168 | Use this localzone type, regardless the type configured for the local-zone |
| 1148 | 1169 | (both tagged and untagged) and regardless the type configured using |
| 1149 | 1170 | access\-control\-tag\-action. |
| 1180 | 1201 | and enter the cache, whilst also mitigating the traffic flow by the |
| 1181 | 1202 | factor given. |
| 1182 | 1203 | .TP 5 |
| 1183 | .B ratelimit\-for\-domain: \fI<domain> <number qps> | |
| 1204 | .B ratelimit\-for\-domain: \fI<domain> <number qps or 0> | |
| 1184 | 1205 | Override the global ratelimit for an exact match domain name with the listed |
| 1185 | 1206 | number. You can give this for any number of names. For example, for |
| 1186 | 1207 | a top\-level\-domain you may want to have a higher limit than other names. |
| 1187 | .TP 5 | |
| 1188 | .B ratelimit\-below\-domain: \fI<domain> <number qps> | |
| 1208 | A value of 0 will disable ratelimiting for that domain. | |
| 1209 | .TP 5 | |
| 1210 | .B ratelimit\-below\-domain: \fI<domain> <number qps or 0> | |
| 1189 | 1211 | Override the global ratelimit for a domain name that ends in this name. |
| 1190 | 1212 | You can give this multiple times, it then describes different settings |
| 1191 | 1213 | in different parts of the namespace. The closest matching suffix is used |
| 1192 | 1214 | to determine the qps limit. The rate for the exact matching domain name |
| 1193 | 1215 | is not changed, use ratelimit\-for\-domain to set that, you might want |
| 1194 | 1216 | to use different settings for a top\-level\-domain and subdomains. |
| 1217 | A value of 0 will disable ratelimiting for domain names that end in this name. | |
| 1218 | .TP 5 | |
| 1219 | .B ip\-ratelimit: \fI<number or 0> | |
| 1220 | Enable global ratelimiting of queries accepted per ip address. | |
| 1221 | If 0, the default, it is disabled. This option is experimental at this time. | |
| 1222 | The ratelimit is in queries per second that are allowed. More queries are | |
| 1223 | completely dropped and will not receive a reply, SERVFAIL or otherwise. | |
| 1224 | IP ratelimiting happens before looking in the cache. This may be useful for | |
| 1225 | mitigating amplification attacks. | |
| 1226 | .TP 5 | |
| 1227 | .B ip\-ratelimit\-size: \fI<memory size> | |
| 1228 | Give the size of the data structure in which the current ongoing rates are | |
| 1229 | kept track in. Default 4m. In bytes or use m(mega), k(kilo), g(giga). | |
| 1230 | The ip ratelimit structure is small, so this data structure likely does | |
| 1231 | not need to be large. | |
| 1232 | .TP 5 | |
| 1233 | .B ip\-ratelimit\-slabs: \fI<number> | |
| 1234 | Give power of 2 number of slabs, this is used to reduce lock contention | |
| 1235 | in the ip ratelimit tracking data structure. Close to the number of cpus is | |
| 1236 | a fairly good setting. | |
| 1237 | .TP 5 | |
| 1238 | .B ip\-ratelimit\-factor: \fI<number> | |
| 1239 | Set the amount of queries to rate limit when the limit is exceeded. | |
| 1240 | If set to 0, all queries are dropped for addresses where the limit is | |
| 1241 | exceeded. If set to another value, 1 in that number is allowed through | |
| 1242 | to complete. Default is 10, allowing 1/10 traffic to flow normally. | |
| 1243 | This can make ordinary queries complete (if repeatedly queried for), | |
| 1244 | and enter the cache, whilst also mitigating the traffic flow by the | |
| 1245 | factor given. | |
| 1195 | 1246 | .SS "Remote Control Options" |
| 1196 | 1247 | In the |
| 1197 | 1248 | .B remote\-control: |
| 1259 | 1310 | .P |
| 1260 | 1311 | The stub zone can be used to configure authoritative data to be used |
| 1261 | 1312 | by the resolver that cannot be accessed using the public internet servers. |
| 1262 | This is useful for company\-local data or private zones. Setup an | |
| 1263 | authoritative server on a different host (or different port). Enter a config | |
| 1264 | entry for unbound with | |
| 1313 | This is useful for company\-local data or private zones. Setup an | |
| 1314 | authoritative server on a different host (or different port). Enter a config | |
| 1315 | entry for unbound with | |
| 1265 | 1316 | .B stub\-addr: |
| 1266 | <ip address of host[@port]>. | |
| 1267 | The unbound resolver can then access the data, without referring to the | |
| 1268 | public internet for it. | |
| 1317 | <ip address of host[@port]>. | |
| 1318 | The unbound resolver can then access the data, without referring to the | |
| 1319 | public internet for it. | |
| 1269 | 1320 | .P |
| 1270 | This setup allows DNSSEC signed zones to be served by that | |
| 1321 | This setup allows DNSSEC signed zones to be served by that | |
| 1271 | 1322 | authoritative server, in which case a trusted key entry with the public key |
| 1272 | can be put in config, so that unbound can validate the data and set the AD | |
| 1273 | bit on replies for the private zone (authoritative servers do not set the | |
| 1274 | AD bit). This setup makes unbound capable of answering queries for the | |
| 1275 | private zone, and can even set the AD bit ('authentic'), but the AA | |
| 1276 | ('authoritative') bit is not set on these replies. | |
| 1323 | can be put in config, so that unbound can validate the data and set the AD | |
| 1324 | bit on replies for the private zone (authoritative servers do not set the | |
| 1325 | AD bit). This setup makes unbound capable of answering queries for the | |
| 1326 | private zone, and can even set the AD bit ('authentic'), but the AA | |
| 1327 | ('authoritative') bit is not set on these replies. | |
| 1277 | 1328 | .P |
| 1278 | 1329 | Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and |
| 1279 | 1330 | for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally |
| 1292 | 1343 | To use a nondefault port for DNS communication append '@' with the port number. |
| 1293 | 1344 | .TP |
| 1294 | 1345 | .B stub\-prime: \fI<yes or no> |
| 1295 | This option is by default off. If enabled it performs NS set priming, | |
| 1296 | which is similar to root hints, where it starts using the list of nameservers | |
| 1346 | This option is by default off. If enabled it performs NS set priming, | |
| 1347 | which is similar to root hints, where it starts using the list of nameservers | |
| 1297 | 1348 | currently published by the zone. Thus, if the hint list is slightly outdated, |
| 1298 | 1349 | the resolver picks up a correct list online. |
| 1299 | 1350 | .TP |
| 1345 | 1396 | There may be multiple |
| 1346 | 1397 | .B view: |
| 1347 | 1398 | clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and |
| 1348 | \fBlocal\-data\fR elements. View can be mapped to requests by specifying the view | |
| 1349 | name in an \fBaccess\-control\-view\fR element. Options from matching views will | |
| 1350 | override global options. Global options will be used if no matching view | |
| 1351 | is found. | |
| 1399 | \fBlocal\-data\fR elements. View can be mapped to requests by specifying the | |
| 1400 | view name in an \fBaccess\-control\-view\fR element. Options from matching | |
| 1401 | views will override global options. Global options will be used if no matching | |
| 1402 | view is found, or when the matching view does not have the option specified. | |
| 1352 | 1403 | .TP |
| 1353 | 1404 | .B name: \fI<view name> |
| 1354 | 1405 | Name of the view. Must be unique. This name is used in access\-control\-view |
| 1356 | 1407 | .TP |
| 1357 | 1408 | .B local\-zone: \fI<zone> <type> |
| 1358 | 1409 | View specific local\-zone elements. Has the same types and behaviour as the |
| 1359 | global local\-zone elements. | |
| 1410 | global local\-zone elements. When there is at least one local\-zone specified | |
| 1411 | and view\-first is no, the default local-zones will be added to this view. | |
| 1412 | Defaults can be disabled using the nodefault type. When view\-first is yes or | |
| 1413 | when a view does not have a local\-zone, the global local\-zone will be used | |
| 1414 | including it's default zones. | |
| 1360 | 1415 | .TP |
| 1361 | 1416 | .B local\-data: \fI"<resource record string>" |
| 1362 | 1417 | View specific local\-data elements. Has the same behaviour as the global |
| 1363 | 1418 | local\-data elements. |
| 1419 | .TP | |
| 1420 | .B local\-data\-ptr: \fI"IPaddr name" | |
| 1421 | View specific local\-data\-ptr elements. Has the same behaviour as the global | |
| 1422 | local\-data\-ptr elements. | |
| 1364 | 1423 | .TP |
| 1365 | 1424 | .B view\-first: \fI<yes or no> |
| 1366 | 1425 | If enabled, it attempts to use the global local\-zone and local\-data if there |
| 1375 | 1434 | To enable the script module it has to be compiled into the daemon, |
| 1376 | 1435 | and the word "python" has to be put in the \fBmodule\-config:\fR option |
| 1377 | 1436 | (usually first, or between the validator and iterator). |
| 1437 | .LP | |
| 1438 | If the \fBchroot:\fR option is enabled, you should make sure Python's | |
| 1439 | library directory structure is bind mounted in the new root environment, see | |
| 1440 | \fImount\fR(8). Also the \fBpython\-script:\fR path should be specified as an | |
| 1441 | absolute path relative to the new root, or as a relative path to the working | |
| 1442 | directory. | |
| 1378 | 1443 | .TP |
| 1379 | 1444 | .B python\-script: \fI<python file>\fR |
| 1380 | The script file to load. | |
| 1445 | The script file to load. | |
| 1381 | 1446 | .SS "DNS64 Module Options" |
| 1382 | 1447 | .LP |
| 1383 | 1448 | The dns64 module must be configured in the \fBmodule\-config:\fR "dns64 |
| 1391 | 1456 | .B dns64\-synthall: \fI<yes or no>\fR |
| 1392 | 1457 | Debug option, default no. If enabled, synthesize all AAAA records |
| 1393 | 1458 | despite the presence of actual AAAA records. |
| 1459 | .SS "DNSCrypt Options" | |
| 1460 | .LP | |
| 1461 | The | |
| 1462 | .B dnscrypt: | |
| 1463 | clause give the settings of the dnscrypt channel. While those options are | |
| 1464 | available, they are only meaningful if unbound was compiled with | |
| 1465 | \fB\-\-enable\-dnscrypt\fR. | |
| 1466 | Currently certificate and secret/public keys cannot be generated by unbound. | |
| 1467 | You can use dnscrypt-wrapper to generate those: https://github.com/cofyc/\ | |
| 1468 | dnscrypt-wrapper/blob/master/README.md#usage | |
| 1469 | .TP | |
| 1470 | .B dnscrypt\-enable: \fI<yes or no>\fR | |
| 1471 | Whether or not the \fBdnscrypt\fR config should be enabled. You may define | |
| 1472 | configuration but not activate it. | |
| 1473 | The default is no. | |
| 1474 | .TP | |
| 1475 | .B dnscrypt\-port: \fI<port number> | |
| 1476 | On which port should \fBdnscrypt\fR should be activated. Note that you should | |
| 1477 | have a matching \fBinterface\fR option defined in the \fBserver\fR section for | |
| 1478 | this port. | |
| 1479 | .TP | |
| 1480 | .B dnscrypt\-provider: \fI<provider name>\fR | |
| 1481 | The provider name to use to distribute certificates. This is of the form: | |
| 1482 | \fB2.dnscrypt-cert.example.com.\fR. The name \fIMUST\fR end with a dot. | |
| 1483 | .TP | |
| 1484 | .B dnscrypt\-secret\-key: \fI<path to secret key file>\fR | |
| 1485 | Path to the time limited secret key file. This option may be specified multiple | |
| 1486 | times. | |
| 1487 | .TP | |
| 1488 | .B dnscrypt\-provider\-cert: \fI<path to cert file>\fR | |
| 1489 | Path to the certificate related to the \fBdnscrypt\-secret\-key\fRs. | |
| 1490 | This option may be specified multiple times. | |
| 1491 | .SS "EDNS Client Subnet Module Options" | |
| 1492 | .LP | |
| 1493 | The ECS module must be configured in the \fBmodule\-config:\fR "subnetcache | |
| 1494 | validator iterator" directive and be compiled into the daemon to be | |
| 1495 | enabled. These settings go in the \fBserver:\fR section. | |
| 1496 | .LP | |
| 1497 | If the destination address is whitelisted with Unbound will add the EDNS0 | |
| 1498 | option to the query containing the relevant part of the client's address. When | |
| 1499 | an answer contains the ECS option the response and the option are placed in a | |
| 1500 | specialized cache. If the authority indicated no support, the response is | |
| 1501 | stored in the regular cache. | |
| 1502 | .LP | |
| 1503 | Additionally, when a client includes the option in its queries, Unbound will | |
| 1504 | forward the option to the authority if prensent in the whitelist, or | |
| 1505 | \fBclient\-subnet\-always\-forward\fR is set to yes. In this case the lookup in | |
| 1506 | the regular cache is skipped. | |
| 1507 | .LP | |
| 1508 | The maximum size of the ECS cache is controlled by 'msg-cache-size' in the | |
| 1509 | configuration file. On top of that, for each query only 100 different subnets | |
| 1510 | are allowed to be stored for each address family. Exceeding that number, older | |
| 1511 | entries will be purged from cache. | |
| 1512 | .TP | |
| 1513 | .B send\-client\-subnet: \fI<IP address>\fR | |
| 1514 | Send client source address to this authority. Append /num to indicate a | |
| 1515 | classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. Can | |
| 1516 | be given multiple times. Authorities not listed will not receive edns-subnet | |
| 1517 | information, unless domain in query is specified in \fBclient\-subnet\-zone\fR. | |
| 1518 | .TP | |
| 1519 | .B client\-subnet\-zone: \fI<domain>\fR | |
| 1520 | Send client source address in queries for this domain and its subdomains. Can be | |
| 1521 | given multiple times. Zones not listed will not receive edns-subnet information, | |
| 1522 | unless hosted by authority specified in \fBsend\-client\-subnet\fR. | |
| 1523 | .TP | |
| 1524 | .B client\-subnet\-always\-forward: \fI<yes or no>\fR | |
| 1525 | Specify whether the ECS whitelist check (configured using | |
| 1526 | \fBsend\-client\-subnet\fR) is applied for all queries, even if the triggering | |
| 1527 | query contains an ECS record, or only for queries for which the ECS record is | |
| 1528 | generated using the querier address (and therefore did not contain ECS data in | |
| 1529 | the client query). If enabled, the whitelist check is skipped when the client | |
| 1530 | query contains an ECS record. Default is no. | |
| 1531 | .TP | |
| 1532 | .B max\-client\-subnet\-ipv6: \fI<number>\fR | |
| 1533 | Specifies the maximum prefix length of the client source address we are willing | |
| 1534 | to expose to third parties for IPv6. Defaults to 56. | |
| 1535 | .TP | |
| 1536 | .B max\-client\-subnet\-ipv4: \fI<number>\fR | |
| 1537 | Specifies the maximum prefix length of the client source address we are willing | |
| 1538 | to expose to third parties for IPv4. Defaults to 24. | |
| 1539 | .SS "Opportunistic IPsec Support Module Options" | |
| 1540 | .LP | |
| 1541 | The IPsec module must be configured in the \fBmodule\-config:\fR "ipsecmod | |
| 1542 | validator iterator" directive and be compiled into the daemon to be | |
| 1543 | enabled. These settings go in the \fBserver:\fR section. | |
| 1544 | .LP | |
| 1545 | When unbound receives an A/AAAA query that is not in the cache and finds a | |
| 1546 | valid answer, it will withhold returning the answer and instead will generate | |
| 1547 | an IPSECKEY subquery for the same domain name. If an answer was found, unbound | |
| 1548 | will call an external hook passing the following arguments: | |
| 1549 | .TP 10 | |
| 1550 | \h'5'\fIQNAME\fR | |
| 1551 | Domain name of the A/AAAA and IPSECKEY query. In string format. | |
| 1552 | .TP 10 | |
| 1553 | \h'5'\fIIPSECKEY TTL\fR | |
| 1554 | TTL of the IPSECKEY RRset. | |
| 1555 | .TP 10 | |
| 1556 | \h'5'\fIA/AAAA\fR | |
| 1557 | String of space separated IP addresses present in the A/AAAA RRset. The IP | |
| 1558 | addresses are in string format. | |
| 1559 | .TP 10 | |
| 1560 | \h'5'\fIIPSECKEY\fR | |
| 1561 | String of space separated IPSECKEY RDATA present in the IPSECKEY RRset. The | |
| 1562 | IPSECKEY RDATA are in DNS presentation format. | |
| 1563 | .LP | |
| 1564 | The A/AAAA answer is then cached and returned to the client. If the external | |
| 1565 | hook was called the TTL changes to ensure it doesn't surpass | |
| 1566 | \fBipsecmod-max-ttl\fR. | |
| 1567 | .LP | |
| 1568 | The same procedure is also followed when \fBprefetch:\fR is used, but the | |
| 1569 | A/AAAA answer is given to the client before the hook is called. | |
| 1570 | \fBipsecmod-max-ttl\fR ensures that the A/AAAA answer given from cache is still | |
| 1571 | relevant for opportunistic IPsec. | |
| 1572 | .TP | |
| 1573 | .B ipsecmod-enabled: \fI<yes or no>\fR | |
| 1574 | Specifies whether the IPsec module is enabled or not. The IPsec module still | |
| 1575 | needs to be defined in the \fBmodule\-config:\fR directive. This option | |
| 1576 | facilitates turning on/off the module without restarting/reloading unbound. | |
| 1577 | Defaults to yes. | |
| 1578 | .TP | |
| 1579 | .B ipsecmod\-hook: \fI<filename>\fR | |
| 1580 | Specifies the external hook that unbound will call with \fIsystem\fR(3). The | |
| 1581 | file can be specified as an absolute/relative path. The file needs the proper | |
| 1582 | permissions to be able to be executed by the same user that runs unbound. It | |
| 1583 | must be present when the IPsec module is defined in the \fBmodule\-config:\fR | |
| 1584 | directive. | |
| 1585 | .TP | |
| 1586 | .B ipsecmod-strict: \fI<yes or no>\fR | |
| 1587 | If enabled unbound requires the external hook to return a success value of 0. | |
| 1588 | Failing to do so unbound will reply with SERVFAIL. The A/AAAA answer will also | |
| 1589 | not be cached. Defaults to no. | |
| 1590 | .TP | |
| 1591 | .B ipsecmod\-max-ttl: \fI<seconds>\fR | |
| 1592 | Time to live maximum for A/AAAA cached records after calling the external hook. | |
| 1593 | Defaults to 3600. | |
| 1594 | .TP | |
| 1595 | .B ipsecmod-ignore-bogus: \fI<yes or no>\fR | |
| 1596 | Specifies the behaviour of unbound when the IPSECKEY answer is bogus. If set | |
| 1597 | to yes, the hook will be called and the A/AAAA answer will be returned to the | |
| 1598 | client. If set to no, the hook will not be called and the answer to the | |
| 1599 | A/AAAA query will be SERVFAIL. Mainly used for testing. Defaults to no. | |
| 1600 | .TP | |
| 1601 | .B ipsecmod\-whitelist: \fI<domain>\fR | |
| 1602 | Whitelist the domain so that the module logic will be executed. Can | |
| 1603 | be given multiple times, for different domains. If the option is not | |
| 1604 | specified, all domains are treated as being whitelisted (default). | |
| 1394 | 1605 | .SH "MEMORY CONTROL EXAMPLE" |
| 1395 | 1606 | In the example config settings below memory usage is reduced. Some service |
| 1396 | 1607 | levels are lower, notable very large data and a high TCP load are no longer |
| 1398 | 1609 | DNSSEC validation is enabled, just add trust anchors. |
| 1399 | 1610 | If you do not have to worry about programs using more than 3 Mb of memory, |
| 1400 | 1611 | the below example is not for you. Use the defaults to receive full service, |
| 1401 | which on BSD\-32bit tops out at 30\-40 Mb after heavy usage. | |
| 1612 | which on BSD\-32bit tops out at 30\-40 Mb after heavy usage. | |
| 1402 | 1613 | .P |
| 1403 | 1614 | .nf |
| 1404 | 1615 | # example settings that reduce memory usage |
| 1439 | 1650 | default unbound pidfile with process ID of the running daemon. |
| 1440 | 1651 | .TP |
| 1441 | 1652 | .I unbound.log |
| 1442 | unbound log file. default is to log to | |
| 1443 | \fIsyslog\fR(3). | |
| 1653 | unbound log file. default is to log to | |
| 1654 | \fIsyslog\fR(3). | |
| 1444 | 1655 | .SH "SEE ALSO" |
| 1445 | \fIunbound\fR(8), | |
| 1656 | \fIunbound\fR(8), | |
| 1446 | 1657 | \fIunbound\-checkconf\fR(8). |
| 1447 | 1658 | .SH "AUTHORS" |
| 1448 | .B Unbound | |
| 1659 | .B Unbound | |
| 1449 | 1660 | was written by NLnet Labs. Please see CREDITS file |
| 1450 | 1661 | in the distribution for further details. |
| 0 | /* | |
| 1 | * edns-subnet/addrtree.c -- radix tree for edns subnet cache. | |
| 2 | * | |
| 3 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | /** \file | |
| 35 | * addrtree -- radix tree for edns subnet cache. | |
| 36 | */ | |
| 37 | ||
| 38 | #include "config.h" | |
| 39 | #include "util/log.h" | |
| 40 | #include "util/data/msgreply.h" | |
| 41 | #include "util/module.h" | |
| 42 | #include "addrtree.h" | |
| 43 | ||
| 44 | /** | |
| 45 | * Create a new edge | |
| 46 | * @param node: Child node this edge will connect to. | |
| 47 | * @param addr: full key to this edge. | |
| 48 | * @param addrlen: length of relevant part of key for this node | |
| 49 | * @param parent_node: Parent node for node | |
| 50 | * @param parent_index: Index of child node at parent node | |
| 51 | * @return new addredge or NULL on failure | |
| 52 | */ | |
| 53 | static struct addredge * | |
| 54 | edge_create(struct addrnode *node, const addrkey_t *addr, | |
| 55 | addrlen_t addrlen, struct addrnode *parent_node, int parent_index) | |
| 56 | { | |
| 57 | size_t n; | |
| 58 | struct addredge *edge = (struct addredge *)malloc( sizeof (*edge) ); | |
| 59 | if (!edge) | |
| 60 | return NULL; | |
| 61 | edge->node = node; | |
| 62 | edge->len = addrlen; | |
| 63 | edge->parent_index = parent_index; | |
| 64 | edge->parent_node = parent_node; | |
| 65 | /* ceil() */ | |
| 66 | n = (size_t)((addrlen / KEYWIDTH) + ((addrlen % KEYWIDTH != 0)?1:0)); | |
| 67 | edge->str = (addrkey_t *)calloc(n, sizeof (addrkey_t)); | |
| 68 | if (!edge->str) { | |
| 69 | free(edge); | |
| 70 | return NULL; | |
| 71 | } | |
| 72 | memcpy(edge->str, addr, n * sizeof (addrkey_t)); | |
| 73 | /* Only manipulate other objects after successful alloc */ | |
| 74 | node->parent_edge = edge; | |
| 75 | log_assert(parent_node->edge[parent_index] == NULL); | |
| 76 | parent_node->edge[parent_index] = edge; | |
| 77 | return edge; | |
| 78 | } | |
| 79 | ||
| 80 | /** | |
| 81 | * Create a new node | |
| 82 | * @param tree: Tree the node lives in. | |
| 83 | * @param elem: Element to store at this node | |
| 84 | * @param scope: Scopemask from server reply | |
| 85 | * @param ttl: Element is valid up to this time. Absolute, seconds | |
| 86 | * @return new addrnode or NULL on failure | |
| 87 | */ | |
| 88 | static struct addrnode * | |
| 89 | node_create(struct addrtree *tree, void *elem, addrlen_t scope, | |
| 90 | time_t ttl) | |
| 91 | { | |
| 92 | struct addrnode* node = (struct addrnode *)malloc( sizeof (*node) ); | |
| 93 | if (!node) | |
| 94 | return NULL; | |
| 95 | node->elem = elem; | |
| 96 | tree->node_count++; | |
| 97 | node->scope = scope; | |
| 98 | node->ttl = ttl; | |
| 99 | node->edge[0] = NULL; | |
| 100 | node->edge[1] = NULL; | |
| 101 | node->parent_edge = NULL; | |
| 102 | node->next = NULL; | |
| 103 | node->prev = NULL; | |
| 104 | return node; | |
| 105 | } | |
| 106 | ||
| 107 | /** Size in bytes of node and parent edge | |
| 108 | * @param tree: tree the node lives in | |
| 109 | * @param n: node which size must be calculated | |
| 110 | * @return size in bytes. | |
| 111 | **/ | |
| 112 | static inline size_t | |
| 113 | node_size(const struct addrtree *tree, const struct addrnode *n) | |
| 114 | { | |
| 115 | return sizeof *n + sizeof *n->parent_edge + n->parent_edge->len + | |
| 116 | (n->elem?tree->sizefunc(n->elem):0); | |
| 117 | } | |
| 118 | ||
| 119 | struct addrtree * | |
| 120 | addrtree_create(addrlen_t max_depth, void (*delfunc)(void *, void *), | |
| 121 | size_t (*sizefunc)(void *), void *env, unsigned int max_node_count) | |
| 122 | { | |
| 123 | struct addrtree *tree; | |
| 124 | log_assert(delfunc != NULL); | |
| 125 | log_assert(sizefunc != NULL); | |
| 126 | tree = (struct addrtree *)calloc(1, sizeof(*tree)); | |
| 127 | if (!tree) | |
| 128 | return NULL; | |
| 129 | tree->root = node_create(tree, NULL, 0, 0); | |
| 130 | if (!tree->root) { | |
| 131 | free(tree); | |
| 132 | return NULL; | |
| 133 | } | |
| 134 | tree->size_bytes = sizeof *tree + sizeof *tree->root; | |
| 135 | tree->first = NULL; | |
| 136 | tree->last = NULL; | |
| 137 | tree->max_depth = max_depth; | |
| 138 | tree->delfunc = delfunc; | |
| 139 | tree->sizefunc = sizefunc; | |
| 140 | tree->env = env; | |
| 141 | tree->node_count = 0; | |
| 142 | tree->max_node_count = max_node_count; | |
| 143 | return tree; | |
| 144 | } | |
| 145 | ||
| 146 | /** | |
| 147 | * Scrub a node clean of elem | |
| 148 | * @param tree: tree the node lives in. | |
| 149 | * @param node: node to be cleaned. | |
| 150 | */ | |
| 151 | static void | |
| 152 | clean_node(struct addrtree *tree, struct addrnode *node) | |
| 153 | { | |
| 154 | if (!node->elem) return; | |
| 155 | tree->size_bytes -= tree->sizefunc(node->elem); | |
| 156 | tree->delfunc(tree->env, node->elem); | |
| 157 | node->elem = NULL; | |
| 158 | } | |
| 159 | ||
| 160 | /** Remove specified node from LRU list */ | |
| 161 | static void | |
| 162 | lru_pop(struct addrtree *tree, struct addrnode *node) | |
| 163 | { | |
| 164 | if (node == tree->first) { | |
| 165 | if (!node->next) { /* it is the last as well */ | |
| 166 | tree->first = NULL; | |
| 167 | tree->last = NULL; | |
| 168 | } else { | |
| 169 | tree->first = node->next; | |
| 170 | tree->first->prev = NULL; | |
| 171 | } | |
| 172 | } else if (node == tree->last) { /* but not the first */ | |
| 173 | tree->last = node->prev; | |
| 174 | tree->last->next = NULL; | |
| 175 | } else { | |
| 176 | node->prev->next = node->next; | |
| 177 | node->next->prev = node->prev; | |
| 178 | } | |
| 179 | } | |
| 180 | ||
| 181 | /** Add node to LRU list as most recently used. */ | |
| 182 | static void | |
| 183 | lru_push(struct addrtree *tree, struct addrnode *node) | |
| 184 | { | |
| 185 | if (!tree->first) { | |
| 186 | tree->first = node; | |
| 187 | node->prev = NULL; | |
| 188 | } else { | |
| 189 | tree->last->next = node; | |
| 190 | node->prev = tree->last; | |
| 191 | } | |
| 192 | tree->last = node; | |
| 193 | node->next = NULL; | |
| 194 | } | |
| 195 | ||
| 196 | /** Move node to the end of LRU list */ | |
| 197 | static void | |
| 198 | lru_update(struct addrtree *tree, struct addrnode *node) | |
| 199 | { | |
| 200 | if (tree->root == node) return; | |
| 201 | lru_pop(tree, node); | |
| 202 | lru_push(tree, node); | |
| 203 | } | |
| 204 | ||
| 205 | /** | |
| 206 | * Purge a node from the tree. Node and parentedge are cleaned and | |
| 207 | * free'd. | |
| 208 | * @param tree: Tree the node lives in. | |
| 209 | * @param node: Node to be freed | |
| 210 | */ | |
| 211 | static void | |
| 212 | purge_node(struct addrtree *tree, struct addrnode *node) | |
| 213 | { | |
| 214 | struct addredge *parent_edge, *child_edge = NULL; | |
| 215 | int index; | |
| 216 | int keep = node->edge[0] && node->edge[1]; | |
| 217 | ||
| 218 | clean_node(tree, node); | |
| 219 | parent_edge = node->parent_edge; | |
| 220 | if (keep || !parent_edge) return; | |
| 221 | tree->node_count--; | |
| 222 | index = parent_edge->parent_index; | |
| 223 | child_edge = node->edge[!node->edge[0]]; | |
| 224 | if (child_edge) { | |
| 225 | child_edge->parent_node = parent_edge->parent_node; | |
| 226 | child_edge->parent_index = index; | |
| 227 | } | |
| 228 | parent_edge->parent_node->edge[index] = child_edge; | |
| 229 | tree->size_bytes -= node_size(tree, node); | |
| 230 | free(parent_edge->str); | |
| 231 | free(parent_edge); | |
| 232 | lru_pop(tree, node); | |
| 233 | free(node); | |
| 234 | } | |
| 235 | ||
| 236 | /** | |
| 237 | * If a limit is set remove old nodes while above that limit. | |
| 238 | * @param tree: Tree to be cleaned up. | |
| 239 | */ | |
| 240 | static void | |
| 241 | lru_cleanup(struct addrtree *tree) | |
| 242 | { | |
| 243 | struct addrnode *n, *p; | |
| 244 | int children; | |
| 245 | if (tree->max_node_count == 0) return; | |
| 246 | while (tree->node_count > tree->max_node_count) { | |
| 247 | n = tree->first; | |
| 248 | if (!n) break; | |
| 249 | children = (n->edge[0] != NULL) + (n->edge[1] != NULL); | |
| 250 | /** Don't remove this node, it is either the root or we can't | |
| 251 | * do without it because it has 2 children */ | |
| 252 | if (children == 2 || !n->parent_edge) { | |
| 253 | lru_update(tree, n); | |
| 254 | continue; | |
| 255 | } | |
| 256 | p = n->parent_edge->parent_node; | |
| 257 | purge_node(tree, n); | |
| 258 | /** Since we removed n, n's parent p is eligible for deletion | |
| 259 | * if it is not the root node, caries no data and has only 1 | |
| 260 | * child */ | |
| 261 | children = (p->edge[0] != NULL) + (p->edge[1] != NULL); | |
| 262 | if (!p->elem && children == 1 && p->parent_edge) { | |
| 263 | purge_node(tree, p); | |
| 264 | } | |
| 265 | } | |
| 266 | } | |
| 267 | ||
| 268 | inline size_t | |
| 269 | addrtree_size(const struct addrtree *tree) | |
| 270 | { | |
| 271 | return tree?tree->size_bytes:0; | |
| 272 | } | |
| 273 | ||
| 274 | void addrtree_delete(struct addrtree *tree) | |
| 275 | { | |
| 276 | struct addrnode *n; | |
| 277 | if (!tree) return; | |
| 278 | clean_node(tree, tree->root); | |
| 279 | free(tree->root); | |
| 280 | tree->size_bytes -= sizeof(struct addrnode); | |
| 281 | while ((n = tree->first)) { | |
| 282 | tree->first = n->next; | |
| 283 | clean_node(tree, n); | |
| 284 | tree->size_bytes -= node_size(tree, n); | |
| 285 | free(n->parent_edge->str); | |
| 286 | free(n->parent_edge); | |
| 287 | free(n); | |
| 288 | } | |
| 289 | log_assert(sizeof *tree == addrtree_size(tree)); | |
| 290 | free(tree); | |
| 291 | } | |
| 292 | ||
| 293 | /** | |
| 294 | * Get N'th bit from address | |
| 295 | * @param addr: address to inspect | |
| 296 | * @param addrlen: length of addr in bits | |
| 297 | * @param n: index of bit to test. Must be in range [0, addrlen) | |
| 298 | * @return 0 or 1 | |
| 299 | */ | |
| 300 | static int | |
| 301 | getbit(const addrkey_t *addr, addrlen_t addrlen, addrlen_t n) | |
| 302 | { | |
| 303 | log_assert(addrlen > n); | |
| 304 | (void)addrlen; | |
| 305 | return (int)(addr[n/KEYWIDTH]>>((KEYWIDTH-1)-(n%KEYWIDTH))) & 1; | |
| 306 | } | |
| 307 | ||
| 308 | /** | |
| 309 | * Test for equality on N'th bit. | |
| 310 | * @return 0 for equal, 1 otherwise | |
| 311 | */ | |
| 312 | static inline int | |
| 313 | cmpbit(const addrkey_t *key1, const addrkey_t *key2, addrlen_t n) | |
| 314 | { | |
| 315 | addrkey_t c = key1[n/KEYWIDTH] ^ key2[n/KEYWIDTH]; | |
| 316 | return (int)(c >> ((KEYWIDTH-1)-(n%KEYWIDTH))) & 1; | |
| 317 | } | |
| 318 | ||
| 319 | /** | |
| 320 | * Common number of bits in prefix. | |
| 321 | * @param s1: first prefix. | |
| 322 | * @param l1: length of s1 in bits. | |
| 323 | * @param s2: second prefix. | |
| 324 | * @param l2: length of s2 in bits. | |
| 325 | * @param skip: nr of bits already checked. | |
| 326 | * @return common number of bits. | |
| 327 | */ | |
| 328 | static addrlen_t | |
| 329 | bits_common(const addrkey_t *s1, addrlen_t l1, | |
| 330 | const addrkey_t *s2, addrlen_t l2, addrlen_t skip) | |
| 331 | { | |
| 332 | addrlen_t len, i; | |
| 333 | len = (l1 > l2) ? l2 : l1; | |
| 334 | log_assert(skip < len); | |
| 335 | for (i = skip; i < len; i++) { | |
| 336 | if (cmpbit(s1, s2, i)) return i; | |
| 337 | } | |
| 338 | return len; | |
| 339 | } | |
| 340 | ||
| 341 | /** | |
| 342 | * Tests if s1 is a substring of s2 | |
| 343 | * @param s1: first prefix. | |
| 344 | * @param l1: length of s1 in bits. | |
| 345 | * @param s2: second prefix. | |
| 346 | * @param l2: length of s2 in bits. | |
| 347 | * @param skip: nr of bits already checked. | |
| 348 | * @return 1 for substring, 0 otherwise | |
| 349 | */ | |
| 350 | static int | |
| 351 | issub(const addrkey_t *s1, addrlen_t l1, | |
| 352 | const addrkey_t *s2, addrlen_t l2, addrlen_t skip) | |
| 353 | { | |
| 354 | return bits_common(s1, l1, s2, l2, skip) == l1; | |
| 355 | } | |
| 356 | ||
| 357 | void | |
| 358 | addrtree_insert(struct addrtree *tree, const addrkey_t *addr, | |
| 359 | addrlen_t sourcemask, addrlen_t scope, void *elem, time_t ttl, | |
| 360 | time_t now) | |
| 361 | { | |
| 362 | struct addrnode *newnode, *node; | |
| 363 | struct addredge *edge; | |
| 364 | int index; | |
| 365 | addrlen_t common, depth; | |
| 366 | ||
| 367 | node = tree->root; | |
| 368 | log_assert(node != NULL); | |
| 369 | ||
| 370 | /* Protect our cache against too much fine-grained data */ | |
| 371 | if (tree->max_depth < scope) scope = tree->max_depth; | |
| 372 | /* Server answer was less specific than question */ | |
| 373 | if (scope < sourcemask) sourcemask = scope; | |
| 374 | ||
| 375 | depth = 0; | |
| 376 | while (1) { | |
| 377 | log_assert(depth <= sourcemask); | |
| 378 | /* Case 1: update existing node */ | |
| 379 | if (depth == sourcemask) { | |
| 380 | /* update this node's scope and data */ | |
| 381 | clean_node(tree, node); | |
| 382 | node->ttl = ttl; | |
| 383 | node->elem = elem; | |
| 384 | node->scope = scope; | |
| 385 | tree->size_bytes += tree->sizefunc(elem); | |
| 386 | return; | |
| 387 | } | |
| 388 | index = getbit(addr, sourcemask, depth); | |
| 389 | /* Get an edge to an unexpired node */ | |
| 390 | edge = node->edge[index]; | |
| 391 | while (edge) { | |
| 392 | /* Purge all expired nodes on path */ | |
| 393 | if (!edge->node->elem || edge->node->ttl >= now) | |
| 394 | break; | |
| 395 | purge_node(tree, edge->node); | |
| 396 | edge = node->edge[index]; | |
| 397 | } | |
| 398 | /* Case 2: New leafnode */ | |
| 399 | if (!edge) { | |
| 400 | newnode = node_create(tree, elem, scope, ttl); | |
| 401 | if (!newnode) return; | |
| 402 | if (!edge_create(newnode, addr, sourcemask, node, | |
| 403 | index)) { | |
| 404 | clean_node(tree, newnode); | |
| 405 | tree->node_count--; | |
| 406 | free(newnode); | |
| 407 | return; | |
| 408 | } | |
| 409 | tree->size_bytes += node_size(tree, newnode); | |
| 410 | lru_push(tree, newnode); | |
| 411 | lru_cleanup(tree); | |
| 412 | return; | |
| 413 | } | |
| 414 | /* Case 3: Traverse edge */ | |
| 415 | common = bits_common(edge->str, edge->len, addr, sourcemask, | |
| 416 | depth); | |
| 417 | if (common == edge->len) { | |
| 418 | /* We update the scope of intermediate nodes. Apparently | |
| 419 | * the * authority changed its mind. If we would not do | |
| 420 | * this we might not be able to reach our new node. */ | |
| 421 | node->scope = scope; | |
| 422 | depth = edge->len; | |
| 423 | node = edge->node; | |
| 424 | continue; | |
| 425 | } | |
| 426 | /* Case 4: split. */ | |
| 427 | if (!(newnode = node_create(tree, NULL, 0, 0))) | |
| 428 | return; | |
| 429 | node->edge[index] = NULL; | |
| 430 | if (!edge_create(newnode, addr, common, node, index)) { | |
| 431 | node->edge[index] = edge; | |
| 432 | clean_node(tree, newnode); | |
| 433 | tree->node_count--; | |
| 434 | free(newnode); | |
| 435 | return; | |
| 436 | } | |
| 437 | lru_push(tree, newnode); | |
| 438 | /* connect existing child to our new node */ | |
| 439 | index = getbit(edge->str, edge->len, common); | |
| 440 | newnode->edge[index] = edge; | |
| 441 | edge->parent_node = newnode; | |
| 442 | edge->parent_index = (int)index; | |
| 443 | ||
| 444 | if (common == sourcemask) { | |
| 445 | /* Data is stored in the node */ | |
| 446 | newnode->elem = elem; | |
| 447 | newnode->scope = scope; | |
| 448 | newnode->ttl = ttl; | |
| 449 | } | |
| 450 | ||
| 451 | tree->size_bytes += node_size(tree, newnode); | |
| 452 | ||
| 453 | if (common != sourcemask) { | |
| 454 | /* Data is stored in other leafnode */ | |
| 455 | node = newnode; | |
| 456 | newnode = node_create(tree, elem, scope, ttl); | |
| 457 | if (!edge_create(newnode, addr, sourcemask, node, | |
| 458 | index^1)) { | |
| 459 | clean_node(tree, newnode); | |
| 460 | tree->node_count--; | |
| 461 | free(newnode); | |
| 462 | return; | |
| 463 | } | |
| 464 | tree->size_bytes += node_size(tree, newnode); | |
| 465 | lru_push(tree, newnode); | |
| 466 | } | |
| 467 | lru_cleanup(tree); | |
| 468 | return; | |
| 469 | } | |
| 470 | } | |
| 471 | ||
| 472 | struct addrnode * | |
| 473 | addrtree_find(struct addrtree *tree, const addrkey_t *addr, | |
| 474 | addrlen_t sourcemask, time_t now) | |
| 475 | { | |
| 476 | struct addrnode *node = tree->root; | |
| 477 | struct addredge *edge = NULL; | |
| 478 | addrlen_t depth = 0; | |
| 479 | ||
| 480 | log_assert(node != NULL); | |
| 481 | while (1) { | |
| 482 | /* Current node more specific then question. */ | |
| 483 | log_assert(depth <= sourcemask); | |
| 484 | /* does this node have data? if yes, see if we have a match */ | |
| 485 | if (node->elem && node->ttl >= now) { | |
| 486 | /* saved at wrong depth */; | |
| 487 | log_assert(node->scope >= depth) | |
| 488 | if (depth == node->scope || | |
| 489 | (node->scope > sourcemask && | |
| 490 | depth == sourcemask)) { | |
| 491 | /* Authority indicates it does not have a more | |
| 492 | * precise answer or we cannot ask a more | |
| 493 | * specific question. */ | |
| 494 | lru_update(tree, node); | |
| 495 | return node; | |
| 496 | } | |
| 497 | } | |
| 498 | /* This is our final depth, but we haven't found an answer. */ | |
| 499 | if (depth == sourcemask) | |
| 500 | return NULL; | |
| 501 | /* Find an edge to traverse */ | |
| 502 | edge = node->edge[getbit(addr, sourcemask, depth)]; | |
| 503 | if (!edge || !edge->node) | |
| 504 | return NULL; | |
| 505 | if (edge->len > sourcemask ) | |
| 506 | return NULL; | |
| 507 | if (!issub(edge->str, edge->len, addr, sourcemask, depth)) | |
| 508 | return NULL; | |
| 509 | log_assert(depth < edge->len); | |
| 510 | depth = edge->len; | |
| 511 | node = edge->node; | |
| 512 | } | |
| 513 | } | |
| 514 | ||
| 515 | /** Wrappers for static functions to unit test */ | |
| 516 | int unittest_wrapper_addrtree_cmpbit(const addrkey_t *key1, | |
| 517 | const addrkey_t *key2, addrlen_t n) { | |
| 518 | return cmpbit(key1, key2, n); | |
| 519 | } | |
| 520 | addrlen_t unittest_wrapper_addrtree_bits_common(const addrkey_t *s1, | |
| 521 | addrlen_t l1, const addrkey_t *s2, addrlen_t l2, addrlen_t skip) { | |
| 522 | return bits_common(s1, l1, s2, l2, skip); | |
| 523 | } | |
| 524 | int unittest_wrapper_addrtree_getbit(const addrkey_t *addr, | |
| 525 | addrlen_t addrlen, addrlen_t n) { | |
| 526 | return getbit(addr, addrlen, n); | |
| 527 | } | |
| 528 | int unittest_wrapper_addrtree_issub(const addrkey_t *s1, addrlen_t l1, | |
| 529 | const addrkey_t *s2, addrlen_t l2, addrlen_t skip) { | |
| 530 | return issub(s1, l1, s2, l2, skip); | |
| 531 | } |
| 0 | /* | |
| 1 | * edns-subnet/addrtree.h -- radix tree for edns subnet cache. | |
| 2 | * | |
| 3 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | ||
| 35 | /** | |
| 36 | * \file | |
| 37 | * The addrtree is a radix tree designed for edns subnet. Most notable | |
| 38 | * is the addition of 'scope' to a node. Scope is only relevant for | |
| 39 | * nodes with elem set, it indicates the number of bits the authority | |
| 40 | * desires. | |
| 41 | * | |
| 42 | * For retrieving data one needs an address and address length | |
| 43 | * (sourcemask). While traversing the tree the first matching node is | |
| 44 | * returned. A node matches when | |
| 45 | * node.scope<=sourcemask && node.elem!=NULL | |
| 46 | * (This is the most specific answer the authority has.) | |
| 47 | * or | |
| 48 | * node.sourcemask==sourcemask && node.elem!=NULL | |
| 49 | * (This is the most specific question the client can ask.) | |
| 50 | * | |
| 51 | * Insertion needs an address, sourcemask and scope. The length of the | |
| 52 | * address is capped by min(sourcemask, scope). While traversing the | |
| 53 | * tree the scope of all visited nodes is updated. This ensures we are | |
| 54 | * always able to find the most specific answer available. | |
| 55 | */ | |
| 56 | ||
| 57 | #ifndef ADDRTREE_H | |
| 58 | #define ADDRTREE_H | |
| 59 | ||
| 60 | typedef uint8_t addrlen_t; | |
| 61 | typedef uint8_t addrkey_t; | |
| 62 | #define KEYWIDTH 8 | |
| 63 | ||
| 64 | struct addrtree { | |
| 65 | struct addrnode *root; | |
| 66 | /** Number of elements in the tree (not always equal to number of | |
| 67 | * nodes) */ | |
| 68 | unsigned int node_count; | |
| 69 | /** Maximum number of allowed nodes, will be enforced by LRU list. | |
| 70 | * Excluding the root node, 0 for unlimited */ | |
| 71 | unsigned int max_node_count; | |
| 72 | /** Size of tree in bytes */ | |
| 73 | size_t size_bytes; | |
| 74 | /** Maximum prefix length we are willing to cache. */ | |
| 75 | addrlen_t max_depth; | |
| 76 | /** External function to delete elem. Called as | |
| 77 | * delfunc(addrnode->elem, addrtree->env) */ | |
| 78 | void (*delfunc)(void *, void *); | |
| 79 | /** Environment for delfunc */ | |
| 80 | void *env; | |
| 81 | /** External function returning size of elem. Called as | |
| 82 | * sizefunc(addrnode->elem) */ | |
| 83 | size_t (*sizefunc)(void *); | |
| 84 | /** first node in LRU list, first candidate to go */ | |
| 85 | struct addrnode* first; | |
| 86 | /** last node in LRU list, last candidate to go */ | |
| 87 | struct addrnode *last; | |
| 88 | }; | |
| 89 | ||
| 90 | struct addrnode { | |
| 91 | /** Payload of node, may be NULL */ | |
| 92 | void *elem; | |
| 93 | /** Abs time in seconds in which elem is meaningful */ | |
| 94 | time_t ttl; | |
| 95 | /** Number of significant bits in address. */ | |
| 96 | addrlen_t scope; | |
| 97 | /** A node can have 0-2 edges, set to NULL for unused */ | |
| 98 | struct addredge *edge[2]; | |
| 99 | /** edge between this node and parent */ | |
| 100 | struct addredge *parent_edge; | |
| 101 | /** previous node in LRU list */ | |
| 102 | struct addrnode *prev; | |
| 103 | /** next node in LRU list */ | |
| 104 | struct addrnode *next; | |
| 105 | }; | |
| 106 | ||
| 107 | struct addredge { | |
| 108 | /** address of connected node */ | |
| 109 | addrkey_t *str; | |
| 110 | /** lenght in bits of str */ | |
| 111 | addrlen_t len; | |
| 112 | /** child node this edge is connected to */ | |
| 113 | struct addrnode *node; | |
| 114 | /** Parent node this ege is connected to */ | |
| 115 | struct addrnode *parent_node; | |
| 116 | /** Index of this edge in parent_node */ | |
| 117 | int parent_index; | |
| 118 | }; | |
| 119 | ||
| 120 | /** | |
| 121 | * Size of tree in bytes. | |
| 122 | * @param tree: Tree. | |
| 123 | * @return size of tree in bytes. | |
| 124 | */ | |
| 125 | size_t addrtree_size(const struct addrtree *tree); | |
| 126 | ||
| 127 | /** | |
| 128 | * Create a new tree. | |
| 129 | * @param max_depth: Tree will cap keys to this length. | |
| 130 | * @param delfunc: f(element, env) delete element. | |
| 131 | * @param sizefunc: f(element) returning the size of element. | |
| 132 | * @param env: Module environment for alloc information. | |
| 133 | * @param max_node_count: Maximum size of this data structure in nodes. | |
| 134 | * 0 for unlimited. | |
| 135 | * @return new addrtree or NULL on failure. | |
| 136 | */ | |
| 137 | struct addrtree * | |
| 138 | addrtree_create(addrlen_t max_depth, void (*delfunc)(void *, void *), | |
| 139 | size_t (*sizefunc)(void *), void *env, unsigned int max_node_count); | |
| 140 | ||
| 141 | /** | |
| 142 | * Free tree and all nodes below. | |
| 143 | * @param tree: Tree to be freed. | |
| 144 | */ | |
| 145 | void addrtree_delete(struct addrtree *tree); | |
| 146 | ||
| 147 | /** | |
| 148 | * Insert an element in the tree. Failures are silent. Sourcemask and | |
| 149 | * scope might be changed according to local policy. Caller should no | |
| 150 | * longer access elem, it could be free'd now or later during future | |
| 151 | * inserts. | |
| 152 | * | |
| 153 | * @param tree: Tree insert elem in. | |
| 154 | * @param addr: key for element lookup. | |
| 155 | * @param sourcemask: Length of addr in bits. | |
| 156 | * @param scope: Number of significant bits in addr. | |
| 157 | * @param elem: data to store in the tree. | |
| 158 | * @param ttl: elem is valid up to this time, seconds. | |
| 159 | * @param now: Current time in seconds. | |
| 160 | */ | |
| 161 | void addrtree_insert(struct addrtree *tree, const addrkey_t *addr, | |
| 162 | addrlen_t sourcemask, addrlen_t scope, void *elem, time_t ttl, | |
| 163 | time_t now); | |
| 164 | ||
| 165 | /** | |
| 166 | * Find a node containing an element in the tree. | |
| 167 | * | |
| 168 | * @param tree: Tree to search. | |
| 169 | * @param addr: key for element lookup. | |
| 170 | * @param sourcemask: Length of addr in bits. | |
| 171 | * @param now: Current time in seconds. | |
| 172 | * @return addrnode or NULL on miss. | |
| 173 | */ | |
| 174 | struct addrnode * addrtree_find(struct addrtree *tree, | |
| 175 | const addrkey_t *addr, addrlen_t sourcemask, time_t now); | |
| 176 | ||
| 177 | /** Wrappers for static functions to unit test */ | |
| 178 | int unittest_wrapper_addrtree_cmpbit(const addrkey_t *key1, | |
| 179 | const addrkey_t *key2, addrlen_t n); | |
| 180 | addrlen_t unittest_wrapper_addrtree_bits_common(const addrkey_t *s1, | |
| 181 | addrlen_t l1, const addrkey_t *s2, addrlen_t l2, addrlen_t skip); | |
| 182 | int unittest_wrapper_addrtree_getbit(const addrkey_t *addr, | |
| 183 | addrlen_t addrlen, addrlen_t n); | |
| 184 | int unittest_wrapper_addrtree_issub(const addrkey_t *s1, addrlen_t l1, | |
| 185 | const addrkey_t *s2, addrlen_t l2, addrlen_t skip); | |
| 186 | #endif /* ADDRTREE_H */ |
| 0 | /* | |
| 1 | * edns-subnet/edns-subnet.c - Subnet option related constants | |
| 2 | * | |
| 3 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | /** | |
| 35 | * \file | |
| 36 | * Subnet option related constants. | |
| 37 | */ | |
| 38 | ||
| 39 | #include "config.h" | |
| 40 | ||
| 41 | #ifdef CLIENT_SUBNET /* keeps splint happy */ | |
| 42 | #include "edns-subnet/edns-subnet.h" | |
| 43 | #include <string.h> | |
| 44 | ||
| 45 | int | |
| 46 | copy_clear(uint8_t* dst, size_t dstlen, uint8_t* src, size_t srclen, size_t n) | |
| 47 | { | |
| 48 | size_t intpart = n / 8; /* bytes */ | |
| 49 | size_t fracpart = n % 8; /* bits */ | |
| 50 | size_t written = intpart; | |
| 51 | if (intpart > dstlen || intpart > srclen) | |
| 52 | return 1; | |
| 53 | if (fracpart && (intpart+1 > dstlen || intpart+1 > srclen)) | |
| 54 | return 1; | |
| 55 | memcpy(dst, src, intpart); | |
| 56 | if (fracpart) { | |
| 57 | dst[intpart] = src[intpart] & ~(0xFF >> fracpart); | |
| 58 | written++; | |
| 59 | } | |
| 60 | memset(dst + written, 0, dstlen - written); | |
| 61 | return 0; | |
| 62 | } | |
| 63 | ||
| 64 | #endif /* CLIENT_SUBNET */ |
| 0 | /* | |
| 1 | * edns-subnet/edns-subnet.h - Subnet option related constants | |
| 2 | * | |
| 3 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | /** | |
| 35 | * \file | |
| 36 | * Subnet option related constants. | |
| 37 | */ | |
| 38 | ||
| 39 | #include "util/net_help.h" | |
| 40 | ||
| 41 | #ifndef EDNSSUBNET_EDNSSUBNET_H | |
| 42 | #define EDNSSUBNET_EDNSSUBNET_H | |
| 43 | ||
| 44 | /** In use by the edns subnet option code, as assigned by IANA */ | |
| 45 | #define EDNSSUBNET_ADDRFAM_IP4 1 | |
| 46 | #define EDNSSUBNET_ADDRFAM_IP6 2 | |
| 47 | ||
| 48 | /** | |
| 49 | * ECS option | |
| 50 | */ | |
| 51 | struct ecs_data { | |
| 52 | uint16_t subnet_addr_fam; | |
| 53 | uint8_t subnet_source_mask; | |
| 54 | uint8_t subnet_scope_mask; | |
| 55 | uint8_t subnet_addr[INET6_SIZE]; | |
| 56 | int subnet_validdata; | |
| 57 | }; | |
| 58 | ||
| 59 | /** | |
| 60 | * copy the first n BITS from src to dst iff both src and dst | |
| 61 | * are large enough, return 0 on succes | |
| 62 | */ | |
| 63 | int | |
| 64 | copy_clear(uint8_t* dst, size_t dstlen, uint8_t* src, size_t srclen, size_t n); | |
| 65 | ||
| 66 | #endif /* EDNSSUBNET_EDNSSUBNET_H */ |
| 0 | /* | |
| 1 | * edns-subnet/subnet-whitelist.c - Hosts we actively try to send subnet option | |
| 2 | * to. | |
| 3 | * | |
| 4 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 5 | * | |
| 6 | * This software is open source. | |
| 7 | * | |
| 8 | * Redistribution and use in source and binary forms, with or without | |
| 9 | * modification, are permitted provided that the following conditions | |
| 10 | * are met: | |
| 11 | * | |
| 12 | * Redistributions of source code must retain the above copyright notice, | |
| 13 | * this list of conditions and the following disclaimer. | |
| 14 | * | |
| 15 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 16 | * this list of conditions and the following disclaimer in the documentation | |
| 17 | * and/or other materials provided with the distribution. | |
| 18 | * | |
| 19 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 20 | * be used to endorse or promote products derived from this software without | |
| 21 | * specific prior written permission. | |
| 22 | * | |
| 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 27 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 29 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 30 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 31 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 32 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 33 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 34 | */ | |
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * Keep track of the white listed servers for subnet option. Based | |
| 39 | * on acl_list.c|h | |
| 40 | */ | |
| 41 | ||
| 42 | #include "config.h" | |
| 43 | ||
| 44 | #ifdef CLIENT_SUBNET /* keeps splint happy */ | |
| 45 | #include "edns-subnet/edns-subnet.h" | |
| 46 | #include "edns-subnet/subnet-whitelist.h" | |
| 47 | #include "util/regional.h" | |
| 48 | #include "util/log.h" | |
| 49 | #include "util/config_file.h" | |
| 50 | #include "util/net_help.h" | |
| 51 | #include "util/storage/dnstree.h" | |
| 52 | #include "sldns/str2wire.h" | |
| 53 | #include "util/data/dname.h" | |
| 54 | ||
| 55 | struct ecs_whitelist* | |
| 56 | ecs_whitelist_create(void) | |
| 57 | { | |
| 58 | struct ecs_whitelist* whitelist = | |
| 59 | (struct ecs_whitelist*)calloc(1, | |
| 60 | sizeof(struct ecs_whitelist)); | |
| 61 | if(!whitelist) | |
| 62 | return NULL; | |
| 63 | whitelist->region = regional_create(); | |
| 64 | if(!whitelist->region) { | |
| 65 | ecs_whitelist_delete(whitelist); | |
| 66 | return NULL; | |
| 67 | } | |
| 68 | return whitelist; | |
| 69 | } | |
| 70 | ||
| 71 | void | |
| 72 | ecs_whitelist_delete(struct ecs_whitelist* whitelist) | |
| 73 | { | |
| 74 | if(!whitelist) | |
| 75 | return; | |
| 76 | regional_destroy(whitelist->region); | |
| 77 | free(whitelist); | |
| 78 | } | |
| 79 | ||
| 80 | /** insert new address into whitelist structure */ | |
| 81 | static int | |
| 82 | upstream_insert(struct ecs_whitelist* whitelist, | |
| 83 | struct sockaddr_storage* addr, socklen_t addrlen, int net) | |
| 84 | { | |
| 85 | struct addr_tree_node* node = (struct addr_tree_node*)regional_alloc( | |
| 86 | whitelist->region, sizeof(*node)); | |
| 87 | if(!node) | |
| 88 | return 0; | |
| 89 | if(!addr_tree_insert(&whitelist->upstream, node, addr, addrlen, net)) { | |
| 90 | verbose(VERB_QUERY, | |
| 91 | "duplicate send-client-subnet address ignored."); | |
| 92 | } | |
| 93 | return 1; | |
| 94 | } | |
| 95 | ||
| 96 | /** apply edns-subnet string */ | |
| 97 | static int | |
| 98 | upstream_str_cfg(struct ecs_whitelist* whitelist, const char* str) | |
| 99 | { | |
| 100 | struct sockaddr_storage addr; | |
| 101 | int net; | |
| 102 | socklen_t addrlen; | |
| 103 | verbose(VERB_ALGO, "send-client-subnet: %s", str); | |
| 104 | if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { | |
| 105 | log_err("cannot parse send-client-subnet netblock: %s", str); | |
| 106 | return 0; | |
| 107 | } | |
| 108 | if(!upstream_insert(whitelist, &addr, addrlen, net)) { | |
| 109 | log_err("out of memory"); | |
| 110 | return 0; | |
| 111 | } | |
| 112 | return 1; | |
| 113 | } | |
| 114 | ||
| 115 | /** read client_subnet config */ | |
| 116 | static int | |
| 117 | read_upstream(struct ecs_whitelist* whitelist, struct config_file* cfg) | |
| 118 | { | |
| 119 | struct config_strlist* p; | |
| 120 | for(p = cfg->client_subnet; p; p = p->next) { | |
| 121 | log_assert(p->str); | |
| 122 | if(!upstream_str_cfg(whitelist, p->str)) | |
| 123 | return 0; | |
| 124 | } | |
| 125 | return 1; | |
| 126 | } | |
| 127 | ||
| 128 | /** read client_subnet_zone config */ | |
| 129 | static int | |
| 130 | read_names(struct ecs_whitelist* whitelist, struct config_file* cfg) | |
| 131 | { | |
| 132 | /* parse names, report errors, insert into tree */ | |
| 133 | struct config_strlist* p; | |
| 134 | struct name_tree_node* n; | |
| 135 | uint8_t* nm, *nmr; | |
| 136 | size_t nm_len; | |
| 137 | int nm_labs; | |
| 138 | ||
| 139 | for(p = cfg->client_subnet_zone; p; p = p->next) { | |
| 140 | log_assert(p->str); | |
| 141 | nm = sldns_str2wire_dname(p->str, &nm_len); | |
| 142 | if(!nm) { | |
| 143 | log_err("cannot parse client-subnet-zone: %s", p->str); | |
| 144 | return 0; | |
| 145 | } | |
| 146 | nm_labs = dname_count_size_labels(nm, &nm_len); | |
| 147 | nmr = (uint8_t*)regional_alloc_init(whitelist->region, nm, | |
| 148 | nm_len); | |
| 149 | free(nm); | |
| 150 | if(!nmr) { | |
| 151 | log_err("out of memory"); | |
| 152 | return 0; | |
| 153 | } | |
| 154 | n = (struct name_tree_node*)regional_alloc(whitelist->region, | |
| 155 | sizeof(*n)); | |
| 156 | if(!n) { | |
| 157 | log_err("out of memory"); | |
| 158 | return 0; | |
| 159 | } | |
| 160 | if(!name_tree_insert(&whitelist->dname, n, nmr, nm_len, nm_labs, | |
| 161 | LDNS_RR_CLASS_IN)) { | |
| 162 | verbose(VERB_QUERY, "ignoring duplicate " | |
| 163 | "client-subnet-zone: %s", p->str); | |
| 164 | } | |
| 165 | } | |
| 166 | return 1; | |
| 167 | } | |
| 168 | ||
| 169 | int | |
| 170 | ecs_whitelist_apply_cfg(struct ecs_whitelist* whitelist, | |
| 171 | struct config_file* cfg) | |
| 172 | { | |
| 173 | regional_free_all(whitelist->region); | |
| 174 | addr_tree_init(&whitelist->upstream); | |
| 175 | name_tree_init(&whitelist->dname); | |
| 176 | if(!read_upstream(whitelist, cfg)) | |
| 177 | return 0; | |
| 178 | if(!read_names(whitelist, cfg)) | |
| 179 | return 0; | |
| 180 | addr_tree_init_parents(&whitelist->upstream); | |
| 181 | name_tree_init_parents(&whitelist->dname); | |
| 182 | return 1; | |
| 183 | } | |
| 184 | ||
| 185 | int | |
| 186 | ecs_is_whitelisted(struct ecs_whitelist* whitelist, | |
| 187 | struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* qname, | |
| 188 | size_t qname_len, uint16_t qclass) | |
| 189 | { | |
| 190 | int labs; | |
| 191 | if(addr_tree_lookup(&whitelist->upstream, addr, addrlen)) | |
| 192 | return 1; | |
| 193 | /* Not in upstream whitelist, check dname whitelist. */ | |
| 194 | labs = dname_count_labels(qname); | |
| 195 | return name_tree_lookup(&whitelist->dname, qname, qname_len, labs, | |
| 196 | qclass) != NULL; | |
| 197 | } | |
| 198 | ||
| 199 | size_t | |
| 200 | ecs_whitelist_get_mem(struct ecs_whitelist* whitelist) | |
| 201 | { | |
| 202 | if(!whitelist) return 0; | |
| 203 | return sizeof(*whitelist) + regional_get_mem(whitelist->region); | |
| 204 | } | |
| 205 | ||
| 206 | #endif /* CLIENT_SUBNET */ |
| 0 | /* | |
| 1 | * edns-subnet/subnet-whitelist.h - Hosts we actively try to send subnet option | |
| 2 | * to. | |
| 3 | * | |
| 4 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 5 | * | |
| 6 | * This software is open source. | |
| 7 | * | |
| 8 | * Redistribution and use in source and binary forms, with or without | |
| 9 | * modification, are permitted provided that the following conditions | |
| 10 | * are met: | |
| 11 | * | |
| 12 | * Redistributions of source code must retain the above copyright notice, | |
| 13 | * this list of conditions and the following disclaimer. | |
| 14 | * | |
| 15 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 16 | * this list of conditions and the following disclaimer in the documentation | |
| 17 | * and/or other materials provided with the distribution. | |
| 18 | * | |
| 19 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 20 | * be used to endorse or promote products derived from this software without | |
| 21 | * specific prior written permission. | |
| 22 | * | |
| 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 27 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 29 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 30 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 31 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 32 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 33 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 34 | */ | |
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * Keep track of the white listed servers and domain names for subnet option. | |
| 39 | * Based on acl_list.c|h | |
| 40 | */ | |
| 41 | ||
| 42 | #ifndef EDNSSUBNET_WHITELIST_H | |
| 43 | #define EDNSSUBNET_WHITELIST_H | |
| 44 | #include "util/storage/dnstree.h" | |
| 45 | ||
| 46 | struct config_file; | |
| 47 | struct regional; | |
| 48 | ||
| 49 | /** | |
| 50 | * ecs_whitelist structure | |
| 51 | */ | |
| 52 | struct ecs_whitelist { | |
| 53 | /** regional for allocation */ | |
| 54 | struct regional* region; | |
| 55 | /** | |
| 56 | * Tree of the address spans that are whitelisted. | |
| 57 | * contents of type addr_tree_node. Each node is an address span | |
| 58 | * Unbound will append subnet option for. | |
| 59 | */ | |
| 60 | rbtree_type upstream; | |
| 61 | /** | |
| 62 | * Tree of domain names for which Unbound will append an ECS option. | |
| 63 | * rbtree of struct name_tree_node. | |
| 64 | */ | |
| 65 | rbtree_type dname; | |
| 66 | }; | |
| 67 | ||
| 68 | /** | |
| 69 | * Create ecs_whitelist structure | |
| 70 | * @return new structure or NULL on error. | |
| 71 | */ | |
| 72 | struct ecs_whitelist* ecs_whitelist_create(void); | |
| 73 | ||
| 74 | /** | |
| 75 | * Delete ecs_whitelist structure. | |
| 76 | * @param whitelist: to delete. | |
| 77 | */ | |
| 78 | void ecs_whitelist_delete(struct ecs_whitelist* whitelist); | |
| 79 | ||
| 80 | /** | |
| 81 | * Process ecs_whitelist config. | |
| 82 | * @param whitelist: where to store. | |
| 83 | * @param cfg: config options. | |
| 84 | * @return 0 on error. | |
| 85 | */ | |
| 86 | int ecs_whitelist_apply_cfg(struct ecs_whitelist* whitelist, | |
| 87 | struct config_file* cfg); | |
| 88 | ||
| 89 | /** | |
| 90 | * See if an address or domain is whitelisted. | |
| 91 | * @param whitelist: structure for address storage. | |
| 92 | * @param addr: address to check | |
| 93 | * @param addrlen: length of addr. | |
| 94 | * @param qname: dname in query | |
| 95 | * @param qname_len: length of dname | |
| 96 | * @param qclass: class in query | |
| 97 | * @return: true if the address is whitelisted for subnet option. | |
| 98 | */ | |
| 99 | int ecs_is_whitelisted(struct ecs_whitelist* whitelist, | |
| 100 | struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* qname, | |
| 101 | size_t qname_len, uint16_t qclass); | |
| 102 | ||
| 103 | /** | |
| 104 | * Get memory used by ecs_whitelist structure. | |
| 105 | * @param whitelist: structure for address storage. | |
| 106 | * @return bytes in use. | |
| 107 | */ | |
| 108 | size_t ecs_whitelist_get_mem(struct ecs_whitelist* whitelist); | |
| 109 | ||
| 110 | #endif /* EDNSSUBNET_WHITELIST_H */ |
| 0 | /* | |
| 1 | * edns-subnet/subnetmod.c - edns subnet module. Must be called before validator | |
| 2 | * and iterator. | |
| 3 | * | |
| 4 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 5 | * | |
| 6 | * This software is open source. | |
| 7 | * | |
| 8 | * Redistribution and use in source and binary forms, with or without | |
| 9 | * modification, are permitted provided that the following conditions | |
| 10 | * are met: | |
| 11 | * | |
| 12 | * Redistributions of source code must retain the above copyright notice, | |
| 13 | * this list of conditions and the following disclaimer. | |
| 14 | * | |
| 15 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 16 | * this list of conditions and the following disclaimer in the documentation | |
| 17 | * and/or other materials provided with the distribution. | |
| 18 | * | |
| 19 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 20 | * be used to endorse or promote products derived from this software without | |
| 21 | * specific prior written permission. | |
| 22 | * | |
| 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 27 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 29 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 30 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 31 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 32 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 33 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 34 | */ | |
| 35 | /** | |
| 36 | * \file | |
| 37 | * subnet module for unbound. | |
| 38 | */ | |
| 39 | ||
| 40 | #include "config.h" | |
| 41 | ||
| 42 | #ifdef CLIENT_SUBNET /* keeps splint happy */ | |
| 43 | ||
| 44 | #include "edns-subnet/subnetmod.h" | |
| 45 | #include "edns-subnet/edns-subnet.h" | |
| 46 | #include "edns-subnet/addrtree.h" | |
| 47 | #include "edns-subnet/subnet-whitelist.h" | |
| 48 | ||
| 49 | #include "services/mesh.h" | |
| 50 | #include "services/cache/dns.h" | |
| 51 | #include "util/module.h" | |
| 52 | #include "util/regional.h" | |
| 53 | #include "util/storage/slabhash.h" | |
| 54 | #include "util/config_file.h" | |
| 55 | #include "util/data/msgreply.h" | |
| 56 | #include "sldns/sbuffer.h" | |
| 57 | ||
| 58 | #define ECS_MAX_TREESIZE 100 | |
| 59 | ||
| 60 | /** externally called */ | |
| 61 | void | |
| 62 | subnet_data_delete(void *d, void *ATTR_UNUSED(arg)) | |
| 63 | { | |
| 64 | struct subnet_msg_cache_data *r; | |
| 65 | r = (struct subnet_msg_cache_data*)d; | |
| 66 | addrtree_delete(r->tree4); | |
| 67 | addrtree_delete(r->tree6); | |
| 68 | free(r); | |
| 69 | } | |
| 70 | ||
| 71 | /** externally called */ | |
| 72 | size_t | |
| 73 | msg_cache_sizefunc(void *k, void *d) | |
| 74 | { | |
| 75 | struct msgreply_entry *q = (struct msgreply_entry*)k; | |
| 76 | struct subnet_msg_cache_data *r = (struct subnet_msg_cache_data*)d; | |
| 77 | size_t s = sizeof(struct msgreply_entry) | |
| 78 | + sizeof(struct subnet_msg_cache_data) | |
| 79 | + q->key.qname_len + lock_get_mem(&q->entry.lock); | |
| 80 | s += addrtree_size(r->tree4); | |
| 81 | s += addrtree_size(r->tree6); | |
| 82 | return s; | |
| 83 | } | |
| 84 | ||
| 85 | /** new query for ecs module */ | |
| 86 | static int | |
| 87 | subnet_new_qstate(struct module_qstate *qstate, int id) | |
| 88 | { | |
| 89 | struct subnet_qstate *sq = (struct subnet_qstate*)regional_alloc( | |
| 90 | qstate->region, sizeof(struct subnet_qstate)); | |
| 91 | if(!sq) | |
| 92 | return 0; | |
| 93 | qstate->minfo[id] = sq; | |
| 94 | memset(sq, 0, sizeof(*sq)); | |
| 95 | return 1; | |
| 96 | } | |
| 97 | ||
| 98 | /** Add ecs struct to edns list, after parsing it to wire format. */ | |
| 99 | static void | |
| 100 | ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, | |
| 101 | struct module_qstate *qstate) | |
| 102 | { | |
| 103 | size_t sn_octs, sn_octs_remainder; | |
| 104 | sldns_buffer* buf = qstate->env->scratch_buffer; | |
| 105 | ||
| 106 | if(ecs->subnet_validdata) { | |
| 107 | log_assert(ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4 || | |
| 108 | ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP6); | |
| 109 | log_assert(ecs->subnet_addr_fam != EDNSSUBNET_ADDRFAM_IP4 || | |
| 110 | ecs->subnet_source_mask <= INET_SIZE*8); | |
| 111 | log_assert(ecs->subnet_addr_fam != EDNSSUBNET_ADDRFAM_IP6 || | |
| 112 | ecs->subnet_source_mask <= INET6_SIZE*8); | |
| 113 | ||
| 114 | sn_octs = ecs->subnet_source_mask / 8; | |
| 115 | sn_octs_remainder = | |
| 116 | (size_t)((ecs->subnet_source_mask % 8)>0?1:0); | |
| 117 | ||
| 118 | log_assert(sn_octs + sn_octs_remainder <= INET6_SIZE); | |
| 119 | ||
| 120 | sldns_buffer_clear(buf); | |
| 121 | sldns_buffer_write_u16(buf, ecs->subnet_addr_fam); | |
| 122 | sldns_buffer_write_u8(buf, ecs->subnet_source_mask); | |
| 123 | sldns_buffer_write_u8(buf, ecs->subnet_scope_mask); | |
| 124 | sldns_buffer_write(buf, ecs->subnet_addr, sn_octs); | |
| 125 | if(sn_octs_remainder) | |
| 126 | sldns_buffer_write_u8(buf, ecs->subnet_addr[sn_octs] & | |
| 127 | ~(0xFF >> (ecs->subnet_source_mask % 8))); | |
| 128 | sldns_buffer_flip(buf); | |
| 129 | ||
| 130 | edns_opt_list_append(list, | |
| 131 | qstate->env->cfg->client_subnet_opcode, | |
| 132 | sn_octs + sn_octs_remainder + 4, | |
| 133 | sldns_buffer_begin(buf), qstate->region); | |
| 134 | } | |
| 135 | } | |
| 136 | ||
| 137 | int ecs_whitelist_check(struct query_info* qinfo, | |
| 138 | uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate, | |
| 139 | struct sockaddr_storage* addr, socklen_t addrlen, | |
| 140 | uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), | |
| 141 | struct regional* ATTR_UNUSED(region), int id, void* ATTR_UNUSED(cbargs)) | |
| 142 | { | |
| 143 | struct subnet_qstate *sq; | |
| 144 | struct subnet_env *sn_env; | |
| 145 | ||
| 146 | if(!(sq=(struct subnet_qstate*)qstate->minfo[id])) | |
| 147 | return 1; | |
| 148 | sn_env = (struct subnet_env*)qstate->env->modinfo[id]; | |
| 149 | ||
| 150 | /* Cache by default, might be disabled after parsing EDNS option | |
| 151 | * received from nameserver. */ | |
| 152 | qstate->no_cache_store = 0; | |
| 153 | ||
| 154 | if(sq->ecs_server_out.subnet_validdata && ((sq->subnet_downstream && | |
| 155 | qstate->env->cfg->client_subnet_always_forward) || | |
| 156 | ecs_is_whitelisted(sn_env->whitelist, | |
| 157 | addr, addrlen, qinfo->qname, qinfo->qname_len, | |
| 158 | qinfo->qclass))) { | |
| 159 | /* Address on whitelist or client query contains ECS option, we | |
| 160 | * want to sent out ECS. Only add option if it is not already | |
| 161 | * set. */ | |
| 162 | if(!(sq->subnet_sent)) { | |
| 163 | ecs_opt_list_append(&sq->ecs_server_out, | |
| 164 | &qstate->edns_opts_back_out, qstate); | |
| 165 | sq->subnet_sent = 1; | |
| 166 | } | |
| 167 | } | |
| 168 | else if(sq->subnet_sent) { | |
| 169 | /* Outgoing ECS option is set, but we don't want to sent it to | |
| 170 | * this address, remove option. */ | |
| 171 | edns_opt_list_remove(&qstate->edns_opts_back_out, | |
| 172 | qstate->env->cfg->client_subnet_opcode); | |
| 173 | sq->subnet_sent = 0; | |
| 174 | } | |
| 175 | return 1; | |
| 176 | } | |
| 177 | ||
| 178 | ||
| 179 | int | |
| 180 | subnetmod_init(struct module_env *env, int id) | |
| 181 | { | |
| 182 | struct subnet_env *sn_env = (struct subnet_env*)calloc(1, | |
| 183 | sizeof(struct subnet_env)); | |
| 184 | if(!sn_env) { | |
| 185 | log_err("malloc failure"); | |
| 186 | return 0; | |
| 187 | } | |
| 188 | alloc_init(&sn_env->alloc, NULL, 0); | |
| 189 | env->modinfo[id] = (void*)sn_env; | |
| 190 | /* Copy msg_cache settings */ | |
| 191 | sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs, | |
| 192 | HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size, | |
| 193 | msg_cache_sizefunc, query_info_compare, query_entry_delete, | |
| 194 | subnet_data_delete, NULL); | |
| 195 | if(!sn_env->subnet_msg_cache) { | |
| 196 | log_err("subnet: could not create cache"); | |
| 197 | free(sn_env); | |
| 198 | env->modinfo[id] = NULL; | |
| 199 | return 0; | |
| 200 | } | |
| 201 | /* whitelist for edns subnet capable servers */ | |
| 202 | sn_env->whitelist = ecs_whitelist_create(); | |
| 203 | if(!sn_env->whitelist || | |
| 204 | !ecs_whitelist_apply_cfg(sn_env->whitelist, env->cfg)) { | |
| 205 | log_err("subnet: could not create ECS whitelist"); | |
| 206 | slabhash_delete(sn_env->subnet_msg_cache); | |
| 207 | free(sn_env); | |
| 208 | env->modinfo[id] = NULL; | |
| 209 | return 0; | |
| 210 | } | |
| 211 | ||
| 212 | verbose(VERB_QUERY, "subnet: option registered (%d)", | |
| 213 | env->cfg->client_subnet_opcode); | |
| 214 | /* Create new mesh state for all queries. */ | |
| 215 | env->unique_mesh = 1; | |
| 216 | if(!edns_register_option(env->cfg->client_subnet_opcode, | |
| 217 | env->cfg->client_subnet_always_forward /* bypass cache */, | |
| 218 | 0 /* no aggregation */, env)) { | |
| 219 | log_err("subnet: could not register opcode"); | |
| 220 | ecs_whitelist_delete(sn_env->whitelist); | |
| 221 | slabhash_delete(sn_env->subnet_msg_cache); | |
| 222 | free(sn_env); | |
| 223 | env->modinfo[id] = NULL; | |
| 224 | return 0; | |
| 225 | } | |
| 226 | inplace_cb_register((void*)ecs_whitelist_check, inplace_cb_query, NULL, | |
| 227 | env, id); | |
| 228 | inplace_cb_register((void*)ecs_edns_back_parsed, | |
| 229 | inplace_cb_edns_back_parsed, NULL, env, id); | |
| 230 | inplace_cb_register((void*)ecs_query_response, | |
| 231 | inplace_cb_query_response, NULL, env, id); | |
| 232 | lock_rw_init(&sn_env->biglock); | |
| 233 | return 1; | |
| 234 | } | |
| 235 | ||
| 236 | void | |
| 237 | subnetmod_deinit(struct module_env *env, int id) | |
| 238 | { | |
| 239 | struct subnet_env *sn_env; | |
| 240 | if(!env || !env->modinfo[id]) | |
| 241 | return; | |
| 242 | sn_env = (struct subnet_env*)env->modinfo[id]; | |
| 243 | lock_rw_destroy(&sn_env->biglock); | |
| 244 | inplace_cb_delete(env, inplace_cb_edns_back_parsed, id); | |
| 245 | inplace_cb_delete(env, inplace_cb_query, id); | |
| 246 | inplace_cb_delete(env, inplace_cb_query_response, id); | |
| 247 | ecs_whitelist_delete(sn_env->whitelist); | |
| 248 | slabhash_delete(sn_env->subnet_msg_cache); | |
| 249 | alloc_clear(&sn_env->alloc); | |
| 250 | free(sn_env); | |
| 251 | env->modinfo[id] = NULL; | |
| 252 | } | |
| 253 | ||
| 254 | /** Tells client that upstream has no/improper support */ | |
| 255 | static void | |
| 256 | cp_edns_bad_response(struct ecs_data *target, struct ecs_data *source) | |
| 257 | { | |
| 258 | target->subnet_scope_mask = 0; | |
| 259 | target->subnet_source_mask = source->subnet_source_mask; | |
| 260 | target->subnet_addr_fam = source->subnet_addr_fam; | |
| 261 | memcpy(target->subnet_addr, source->subnet_addr, INET6_SIZE); | |
| 262 | target->subnet_validdata = 1; | |
| 263 | } | |
| 264 | ||
| 265 | static void | |
| 266 | delfunc(void *envptr, void *elemptr) { | |
| 267 | struct reply_info *elem = (struct reply_info *)elemptr; | |
| 268 | struct subnet_env *env = (struct subnet_env *)envptr; | |
| 269 | reply_info_parsedelete(elem, &env->alloc); | |
| 270 | } | |
| 271 | ||
| 272 | static size_t | |
| 273 | sizefunc(void *elemptr) { | |
| 274 | struct reply_info *elem = (struct reply_info *)elemptr; | |
| 275 | return sizeof (struct reply_info) - sizeof (struct rrset_ref) | |
| 276 | + elem->rrset_count * sizeof (struct rrset_ref) | |
| 277 | + elem->rrset_count * sizeof (struct ub_packed_rrset_key *); | |
| 278 | } | |
| 279 | ||
| 280 | /** | |
| 281 | * Select tree from cache entry based on edns data. | |
| 282 | * If for address family not present it will create a new one. | |
| 283 | * NULL on failure to create. */ | |
| 284 | static struct addrtree* | |
| 285 | get_tree(struct subnet_msg_cache_data *data, struct ecs_data *edns, | |
| 286 | struct subnet_env *env, struct config_file* cfg) | |
| 287 | { | |
| 288 | struct addrtree *tree; | |
| 289 | if (edns->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4) { | |
| 290 | if (!data->tree4) | |
| 291 | data->tree4 = addrtree_create( | |
| 292 | cfg->max_client_subnet_ipv4, &delfunc, | |
| 293 | &sizefunc, env, ECS_MAX_TREESIZE); | |
| 294 | tree = data->tree4; | |
| 295 | } else { | |
| 296 | if (!data->tree6) | |
| 297 | data->tree6 = addrtree_create( | |
| 298 | cfg->max_client_subnet_ipv6, &delfunc, | |
| 299 | &sizefunc, env, ECS_MAX_TREESIZE); | |
| 300 | tree = data->tree6; | |
| 301 | } | |
| 302 | return tree; | |
| 303 | } | |
| 304 | ||
| 305 | static void | |
| 306 | update_cache(struct module_qstate *qstate, int id) | |
| 307 | { | |
| 308 | struct msgreply_entry *mrep_entry; | |
| 309 | struct addrtree *tree; | |
| 310 | struct reply_info *rep; | |
| 311 | struct query_info qinf; | |
| 312 | struct subnet_env *sne = qstate->env->modinfo[id]; | |
| 313 | struct subnet_qstate *sq = (struct subnet_qstate*)qstate->minfo[id]; | |
| 314 | struct slabhash *subnet_msg_cache = sne->subnet_msg_cache; | |
| 315 | struct ecs_data *edns = &sq->ecs_client_in; | |
| 316 | size_t i; | |
| 317 | ||
| 318 | /* We already calculated hash upon lookup */ | |
| 319 | hashvalue_type h = qstate->minfo[id] ? | |
| 320 | ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash : | |
| 321 | query_info_hash(&qstate->qinfo, qstate->query_flags); | |
| 322 | /* Step 1, general qinfo lookup */ | |
| 323 | struct lruhash_entry *lru_entry = slabhash_lookup(subnet_msg_cache, h, | |
| 324 | &qstate->qinfo, 1); | |
| 325 | int acquired_lock = (lru_entry != NULL); | |
| 326 | if (!lru_entry) { | |
| 327 | qinf = qstate->qinfo; | |
| 328 | qinf.qname = memdup(qstate->qinfo.qname, | |
| 329 | qstate->qinfo.qname_len); | |
| 330 | if(!qinf.qname) { | |
| 331 | log_err("memdup failed"); | |
| 332 | return; | |
| 333 | } | |
| 334 | mrep_entry = query_info_entrysetup(&qinf, NULL, h); | |
| 335 | free(qinf.qname); /* if qname 'consumed', it is set to NULL */ | |
| 336 | if (!mrep_entry) { | |
| 337 | log_err("query_info_entrysetup failed"); | |
| 338 | return; | |
| 339 | } | |
| 340 | lru_entry = &mrep_entry->entry; | |
| 341 | lru_entry->data = calloc(1, | |
| 342 | sizeof(struct subnet_msg_cache_data)); | |
| 343 | if (!lru_entry->data) { | |
| 344 | log_err("malloc failed"); | |
| 345 | return; | |
| 346 | } | |
| 347 | } | |
| 348 | /* Step 2, find the correct tree */ | |
| 349 | if (!(tree = get_tree(lru_entry->data, edns, sne, qstate->env->cfg))) { | |
| 350 | if (acquired_lock) lock_rw_unlock(&lru_entry->lock); | |
| 351 | log_err("Subnet cache insertion failed"); | |
| 352 | return; | |
| 353 | } | |
| 354 | rep = reply_info_copy(qstate->return_msg->rep, &sne->alloc, NULL); | |
| 355 | if (!rep) { | |
| 356 | if (acquired_lock) lock_rw_unlock(&lru_entry->lock); | |
| 357 | log_err("Subnet cache insertion failed"); | |
| 358 | return; | |
| 359 | } | |
| 360 | ||
| 361 | /* store RRsets */ | |
| 362 | for(i=0; i<rep->rrset_count; i++) { | |
| 363 | rep->ref[i].key = rep->rrsets[i]; | |
| 364 | rep->ref[i].id = rep->rrsets[i]->id; | |
| 365 | } | |
| 366 | reply_info_set_ttls(rep, *qstate->env->now); | |
| 367 | rep->flags |= (BIT_RA | BIT_QR); /* fix flags to be sensible for */ | |
| 368 | rep->flags &= ~(BIT_AA | BIT_CD);/* a reply based on the cache */ | |
| 369 | addrtree_insert(tree, (addrkey_t*)edns->subnet_addr, | |
| 370 | edns->subnet_source_mask, | |
| 371 | sq->ecs_server_in.subnet_scope_mask, rep, | |
| 372 | rep->ttl, *qstate->env->now); | |
| 373 | if (acquired_lock) { | |
| 374 | lock_rw_unlock(&lru_entry->lock); | |
| 375 | } else { | |
| 376 | slabhash_insert(subnet_msg_cache, h, lru_entry, lru_entry->data, | |
| 377 | NULL); | |
| 378 | } | |
| 379 | } | |
| 380 | ||
| 381 | /** Lookup in cache and reply true iff reply is sent. */ | |
| 382 | static int | |
| 383 | lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq) | |
| 384 | { | |
| 385 | struct lruhash_entry *e; | |
| 386 | struct module_env *env = qstate->env; | |
| 387 | struct subnet_env *sne = (struct subnet_env*)env->modinfo[id]; | |
| 388 | hashvalue_type h = query_info_hash(&qstate->qinfo, qstate->query_flags); | |
| 389 | struct subnet_msg_cache_data *data; | |
| 390 | struct ecs_data *ecs = &sq->ecs_client_in; | |
| 391 | struct addrtree *tree; | |
| 392 | struct addrnode *node; | |
| 393 | uint8_t scope; | |
| 394 | ||
| 395 | memset(&sq->ecs_client_out, 0, sizeof(sq->ecs_client_out)); | |
| 396 | ||
| 397 | if (sq) sq->qinfo_hash = h; /* Might be useful on cache miss */ | |
| 398 | e = slabhash_lookup(sne->subnet_msg_cache, h, &qstate->qinfo, 1); | |
| 399 | if (!e) return 0; /* qinfo not in cache */ | |
| 400 | data = e->data; | |
| 401 | tree = (ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4)? | |
| 402 | data->tree4 : data->tree6; | |
| 403 | if (!tree) { /* qinfo in cache but not for this family */ | |
| 404 | lock_rw_unlock(&e->lock); | |
| 405 | return 0; | |
| 406 | } | |
| 407 | node = addrtree_find(tree, (addrkey_t*)ecs->subnet_addr, | |
| 408 | ecs->subnet_source_mask, *env->now); | |
| 409 | if (!node) { /* plain old cache miss */ | |
| 410 | lock_rw_unlock(&e->lock); | |
| 411 | return 0; | |
| 412 | } | |
| 413 | ||
| 414 | qstate->return_msg = tomsg(NULL, &qstate->qinfo, | |
| 415 | (struct reply_info *)node->elem, qstate->region, *env->now, | |
| 416 | env->scratch); | |
| 417 | scope = (uint8_t)node->scope; | |
| 418 | lock_rw_unlock(&e->lock); | |
| 419 | ||
| 420 | if (!qstate->return_msg) { /* Failed allocation or expired TTL */ | |
| 421 | return 0; | |
| 422 | } | |
| 423 | ||
| 424 | if (sq->subnet_downstream) { /* relay to interested client */ | |
| 425 | sq->ecs_client_out.subnet_scope_mask = scope; | |
| 426 | sq->ecs_client_out.subnet_addr_fam = ecs->subnet_addr_fam; | |
| 427 | sq->ecs_client_out.subnet_source_mask = ecs->subnet_source_mask; | |
| 428 | memcpy(&sq->ecs_client_out.subnet_addr, &ecs->subnet_addr, | |
| 429 | INET6_SIZE); | |
| 430 | sq->ecs_client_out.subnet_validdata = 1; | |
| 431 | } | |
| 432 | return 1; | |
| 433 | } | |
| 434 | ||
| 435 | /** | |
| 436 | * Test first bits of addresses for equality. Caller is responsible | |
| 437 | * for making sure that both a and b are at least net/8 octets long. | |
| 438 | * @param a: first address. | |
| 439 | * @param a: seconds address. | |
| 440 | * @param net: Number of bits to test. | |
| 441 | * @return: 1 if equal, 0 otherwise. | |
| 442 | */ | |
| 443 | static int | |
| 444 | common_prefix(uint8_t *a, uint8_t *b, uint8_t net) | |
| 445 | { | |
| 446 | size_t n = (size_t)net / 8; | |
| 447 | return !memcmp(a, b, n) && ((net % 8) == 0 || a[n] == b[n]); | |
| 448 | } | |
| 449 | ||
| 450 | static enum module_ext_state | |
| 451 | eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) | |
| 452 | { | |
| 453 | struct subnet_env *sne = qstate->env->modinfo[id]; | |
| 454 | ||
| 455 | struct ecs_data *c_in = &sq->ecs_client_in; /* rcvd from client */ | |
| 456 | struct ecs_data *c_out = &sq->ecs_client_out;/* will send to client */ | |
| 457 | struct ecs_data *s_in = &sq->ecs_server_in; /* rcvd from auth */ | |
| 458 | struct ecs_data *s_out = &sq->ecs_server_out;/* sent to auth */ | |
| 459 | ||
| 460 | memset(c_out, 0, sizeof(*c_out)); | |
| 461 | ||
| 462 | if (!qstate->return_msg) return module_error; | |
| 463 | ||
| 464 | /* We have not asked for subnet data */ | |
| 465 | if (!sq->subnet_sent) { | |
| 466 | if (s_in->subnet_validdata) | |
| 467 | verbose(VERB_QUERY, "subnet: received spurious data"); | |
| 468 | if (sq->subnet_downstream) /* Copy back to client */ | |
| 469 | cp_edns_bad_response(c_out, c_in); | |
| 470 | return module_finished; | |
| 471 | } | |
| 472 | ||
| 473 | /* subnet sent but nothing came back */ | |
| 474 | if (!s_in->subnet_validdata) { | |
| 475 | /* The authority indicated no support for edns subnet. As a | |
| 476 | * consequence the answer ended up in the regular cache. It | |
| 477 | * is still usefull to put it in the edns subnet cache for | |
| 478 | * when a client explicitly asks for subnet specific answer. */ | |
| 479 | verbose(VERB_QUERY, "subnet: Authority indicates no support"); | |
| 480 | lock_rw_wrlock(&sne->biglock); | |
| 481 | update_cache(qstate, id); | |
| 482 | lock_rw_unlock(&sne->biglock); | |
| 483 | if (sq->subnet_downstream) | |
| 484 | cp_edns_bad_response(c_out, c_in); | |
| 485 | return module_finished; | |
| 486 | } | |
| 487 | ||
| 488 | /* Being here means we have asked for and got a subnet specific | |
| 489 | * answer. Also, the answer from the authority is not yet cached | |
| 490 | * anywhere. */ | |
| 491 | ||
| 492 | /* can we accept response? */ | |
| 493 | if(s_out->subnet_addr_fam != s_in->subnet_addr_fam || | |
| 494 | s_out->subnet_source_mask != s_in->subnet_source_mask || | |
| 495 | !common_prefix(s_out->subnet_addr, s_in->subnet_addr, | |
| 496 | s_out->subnet_source_mask)) | |
| 497 | { | |
| 498 | /* we can not accept, restart query without option */ | |
| 499 | verbose(VERB_QUERY, "subnet: forged data"); | |
| 500 | s_out->subnet_validdata = 0; | |
| 501 | (void)edns_opt_list_remove(&qstate->edns_opts_back_out, | |
| 502 | qstate->env->cfg->client_subnet_opcode); | |
| 503 | sq->subnet_sent = 0; | |
| 504 | return module_restart_next; | |
| 505 | } | |
| 506 | ||
| 507 | lock_rw_wrlock(&sne->biglock); | |
| 508 | update_cache(qstate, id); | |
| 509 | lock_rw_unlock(&sne->biglock); | |
| 510 | ||
| 511 | if (sq->subnet_downstream) { | |
| 512 | /* Client wants to see the answer, echo option back | |
| 513 | * and adjust the scope. */ | |
| 514 | c_out->subnet_addr_fam = c_in->subnet_addr_fam; | |
| 515 | c_out->subnet_source_mask = c_in->subnet_source_mask; | |
| 516 | memcpy(&c_out->subnet_addr, &c_in->subnet_addr, INET6_SIZE); | |
| 517 | c_out->subnet_scope_mask = s_in->subnet_scope_mask; | |
| 518 | c_out->subnet_validdata = 1; | |
| 519 | } | |
| 520 | return module_finished; | |
| 521 | } | |
| 522 | ||
| 523 | /** Parse EDNS opt data containing ECS */ | |
| 524 | static int | |
| 525 | parse_subnet_option(struct edns_option* ecs_option, struct ecs_data* ecs) | |
| 526 | { | |
| 527 | memset(ecs, 0, sizeof(*ecs)); | |
| 528 | if (ecs_option->opt_len < 4) | |
| 529 | return 0; | |
| 530 | ||
| 531 | ecs->subnet_addr_fam = sldns_read_uint16(ecs_option->opt_data); | |
| 532 | ecs->subnet_source_mask = ecs_option->opt_data[2]; | |
| 533 | ecs->subnet_scope_mask = ecs_option->opt_data[3]; | |
| 534 | /* remaing bytes indicate address */ | |
| 535 | ||
| 536 | /* validate input*/ | |
| 537 | /* option length matches calculated length? */ | |
| 538 | if (ecs_option->opt_len != (size_t)((ecs->subnet_source_mask+7)/8 + 4)) | |
| 539 | return 0; | |
| 540 | if (ecs_option->opt_len - 4 > INET6_SIZE || ecs_option->opt_len == 0) | |
| 541 | return 0; | |
| 542 | if (ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4) { | |
| 543 | if (ecs->subnet_source_mask > 32 || ecs->subnet_scope_mask > 32) | |
| 544 | return 0; | |
| 545 | } else if (ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP6) { | |
| 546 | if (ecs->subnet_source_mask > 128 || | |
| 547 | ecs->subnet_scope_mask > 128) | |
| 548 | return 0; | |
| 549 | } else | |
| 550 | return 0; | |
| 551 | ||
| 552 | /* valid ECS data, write to ecs_data */ | |
| 553 | if (copy_clear(ecs->subnet_addr, INET6_SIZE, ecs_option->opt_data + 4, | |
| 554 | ecs_option->opt_len - 4, ecs->subnet_source_mask)) | |
| 555 | return 0; | |
| 556 | ecs->subnet_validdata = 1; | |
| 557 | return 1; | |
| 558 | } | |
| 559 | ||
| 560 | static void | |
| 561 | subnet_option_from_ss(struct sockaddr_storage *ss, struct ecs_data* ecs, | |
| 562 | struct config_file* cfg) | |
| 563 | { | |
| 564 | void* sinaddr; | |
| 565 | ||
| 566 | /* Construct subnet option from original query */ | |
| 567 | if(((struct sockaddr_in*)ss)->sin_family == AF_INET) { | |
| 568 | ecs->subnet_source_mask = cfg->max_client_subnet_ipv4; | |
| 569 | ecs->subnet_addr_fam = EDNSSUBNET_ADDRFAM_IP4; | |
| 570 | sinaddr = &((struct sockaddr_in*)ss)->sin_addr; | |
| 571 | if (!copy_clear( ecs->subnet_addr, INET6_SIZE, | |
| 572 | (uint8_t *)sinaddr, INET_SIZE, | |
| 573 | ecs->subnet_source_mask)) { | |
| 574 | ecs->subnet_validdata = 1; | |
| 575 | } | |
| 576 | } | |
| 577 | #ifdef INET6 | |
| 578 | else { | |
| 579 | ecs->subnet_source_mask = cfg->max_client_subnet_ipv6; | |
| 580 | ecs->subnet_addr_fam = EDNSSUBNET_ADDRFAM_IP6; | |
| 581 | sinaddr = &((struct sockaddr_in6*)ss)->sin6_addr; | |
| 582 | if (!copy_clear( ecs->subnet_addr, INET6_SIZE, | |
| 583 | (uint8_t *)sinaddr, INET6_SIZE, | |
| 584 | ecs->subnet_source_mask)) { | |
| 585 | ecs->subnet_validdata = 1; | |
| 586 | } | |
| 587 | } | |
| 588 | #else | |
| 589 | /* We don't know how to handle ip6, just pass */ | |
| 590 | #endif /* INET6 */ | |
| 591 | } | |
| 592 | ||
| 593 | int | |
| 594 | ecs_query_response(struct module_qstate* qstate, struct dns_msg* response, | |
| 595 | int id, void* ATTR_UNUSED(cbargs)) | |
| 596 | { | |
| 597 | struct subnet_qstate *sq; | |
| 598 | ||
| 599 | if(!response || !(sq=(struct subnet_qstate*)qstate->minfo[id])) | |
| 600 | return 1; | |
| 601 | ||
| 602 | if(sq->subnet_sent && | |
| 603 | FLAGS_GET_RCODE(response->rep->flags) == LDNS_RCODE_REFUSED) { | |
| 604 | /* REFUSED reponse to ECS query, remove ECS option. */ | |
| 605 | edns_opt_list_remove(&qstate->edns_opts_back_out, | |
| 606 | qstate->env->cfg->client_subnet_opcode); | |
| 607 | sq->subnet_sent = 0; | |
| 608 | memset(&sq->ecs_server_out, 0, sizeof(sq->ecs_server_out)); | |
| 609 | } | |
| 610 | return 1; | |
| 611 | } | |
| 612 | ||
| 613 | int | |
| 614 | ecs_edns_back_parsed(struct module_qstate* qstate, int id, | |
| 615 | void* ATTR_UNUSED(cbargs)) | |
| 616 | { | |
| 617 | struct subnet_qstate *sq; | |
| 618 | struct edns_option* ecs_opt; | |
| 619 | ||
| 620 | if(!(sq=(struct subnet_qstate*)qstate->minfo[id])) | |
| 621 | return 1; | |
| 622 | if((ecs_opt = edns_opt_list_find( | |
| 623 | qstate->edns_opts_back_in, | |
| 624 | qstate->env->cfg->client_subnet_opcode))) { | |
| 625 | if(parse_subnet_option(ecs_opt, &sq->ecs_server_in) && | |
| 626 | sq->subnet_sent && | |
| 627 | sq->ecs_server_in.subnet_validdata) | |
| 628 | /* Only skip global cache store if we sent an ECS option | |
| 629 | * and received one back. Answers from non-whitelisted | |
| 630 | * servers will end up in global cache. Ansers for | |
| 631 | * queries with 0 source will not (unless nameserver | |
| 632 | * does not support ECS). */ | |
| 633 | qstate->no_cache_store = 1; | |
| 634 | } | |
| 635 | ||
| 636 | return 1; | |
| 637 | } | |
| 638 | ||
| 639 | void | |
| 640 | subnetmod_operate(struct module_qstate *qstate, enum module_ev event, | |
| 641 | int id, struct outbound_entry* outbound) | |
| 642 | { | |
| 643 | struct subnet_env *sne = qstate->env->modinfo[id]; | |
| 644 | struct subnet_qstate *sq = (struct subnet_qstate*)qstate->minfo[id]; | |
| 645 | ||
| 646 | verbose(VERB_QUERY, "subnet[module %d] operate: extstate:%s " | |
| 647 | "event:%s", id, strextstate(qstate->ext_state[id]), | |
| 648 | strmodulevent(event)); | |
| 649 | log_query_info(VERB_QUERY, "subnet operate: query", &qstate->qinfo); | |
| 650 | ||
| 651 | if((event == module_event_new || event == module_event_pass) && | |
| 652 | sq == NULL) { | |
| 653 | struct edns_option* ecs_opt; | |
| 654 | if(!subnet_new_qstate(qstate, id)) { | |
| 655 | qstate->return_msg = NULL; | |
| 656 | qstate->ext_state[id] = module_finished; | |
| 657 | return; | |
| 658 | } | |
| 659 | ||
| 660 | sq = (struct subnet_qstate*)qstate->minfo[id]; | |
| 661 | ||
| 662 | if((ecs_opt = edns_opt_list_find( | |
| 663 | qstate->edns_opts_front_in, | |
| 664 | qstate->env->cfg->client_subnet_opcode))) { | |
| 665 | if(!parse_subnet_option(ecs_opt, &sq->ecs_client_in)) { | |
| 666 | /* Wrongly formatted ECS option. RFC mandates to | |
| 667 | * return FORMERROR. */ | |
| 668 | qstate->return_rcode = LDNS_RCODE_FORMERR; | |
| 669 | qstate->ext_state[id] = module_finished; | |
| 670 | return; | |
| 671 | } | |
| 672 | sq->subnet_downstream = 1; | |
| 673 | } | |
| 674 | else if(qstate->mesh_info->reply_list) { | |
| 675 | subnet_option_from_ss( | |
| 676 | &qstate->mesh_info->reply_list->query_reply.addr, | |
| 677 | &sq->ecs_client_in, qstate->env->cfg); | |
| 678 | } | |
| 679 | ||
| 680 | if(sq->ecs_client_in.subnet_validdata == 0) { | |
| 681 | /* No clients are interested in result or we could not | |
| 682 | * parse it, we don't do client subnet */ | |
| 683 | sq->ecs_server_out.subnet_validdata = 0; | |
| 684 | verbose(VERB_ALGO, "subnet: pass to next module"); | |
| 685 | qstate->ext_state[id] = module_wait_module; | |
| 686 | return; | |
| 687 | } | |
| 688 | ||
| 689 | lock_rw_wrlock(&sne->biglock); | |
| 690 | if (lookup_and_reply(qstate, id, sq)) { | |
| 691 | lock_rw_unlock(&sne->biglock); | |
| 692 | verbose(VERB_QUERY, "subnet: answered from cache"); | |
| 693 | qstate->ext_state[id] = module_finished; | |
| 694 | ||
| 695 | ecs_opt_list_append(&sq->ecs_client_out, | |
| 696 | &qstate->edns_opts_front_out, qstate); | |
| 697 | return; | |
| 698 | } | |
| 699 | lock_rw_unlock(&sne->biglock); | |
| 700 | ||
| 701 | sq->ecs_server_out.subnet_addr_fam = | |
| 702 | sq->ecs_client_in.subnet_addr_fam; | |
| 703 | sq->ecs_server_out.subnet_source_mask = | |
| 704 | sq->ecs_client_in.subnet_source_mask; | |
| 705 | /* Limit source prefix to configured maximum */ | |
| 706 | if(sq->ecs_server_out.subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4 | |
| 707 | && sq->ecs_server_out.subnet_source_mask > | |
| 708 | qstate->env->cfg->max_client_subnet_ipv4) | |
| 709 | sq->ecs_server_out.subnet_source_mask = | |
| 710 | qstate->env->cfg->max_client_subnet_ipv4; | |
| 711 | else if(sq->ecs_server_out.subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP6 | |
| 712 | && sq->ecs_server_out.subnet_source_mask > | |
| 713 | qstate->env->cfg->max_client_subnet_ipv6) | |
| 714 | sq->ecs_server_out.subnet_source_mask = | |
| 715 | qstate->env->cfg->max_client_subnet_ipv6; | |
| 716 | /* Safe to copy completely, even if the source is limited by the | |
| 717 | * configuration. ecs_opt_list_append() will limit the address. | |
| 718 | * */ | |
| 719 | memcpy(&sq->ecs_server_out.subnet_addr, | |
| 720 | sq->ecs_client_in.subnet_addr, INET6_SIZE); | |
| 721 | sq->ecs_server_out.subnet_scope_mask = 0; | |
| 722 | sq->ecs_server_out.subnet_validdata = 1; | |
| 723 | if(sq->ecs_server_out.subnet_source_mask != 0 && | |
| 724 | sq->subnet_downstream) | |
| 725 | /* ECS specific data required, do not look at the global | |
| 726 | * cache in other modules. */ | |
| 727 | qstate->no_cache_lookup = 1; | |
| 728 | ||
| 729 | /* pass request to next module */ | |
| 730 | verbose(VERB_ALGO, | |
| 731 | "subnet: not found in cache. pass to next module"); | |
| 732 | qstate->ext_state[id] = module_wait_module; | |
| 733 | return; | |
| 734 | } | |
| 735 | /* Query handed back by next module, we have a 'final' answer */ | |
| 736 | if(sq && event == module_event_moddone) { | |
| 737 | qstate->ext_state[id] = eval_response(qstate, id, sq); | |
| 738 | if(qstate->ext_state[id] == module_finished) { | |
| 739 | ecs_opt_list_append(&sq->ecs_client_out, | |
| 740 | &qstate->edns_opts_front_out, qstate); | |
| 741 | } | |
| 742 | return; | |
| 743 | } | |
| 744 | if(sq && outbound) { | |
| 745 | return; | |
| 746 | } | |
| 747 | /* We are being revisited */ | |
| 748 | if(event == module_event_pass || event == module_event_new) { | |
| 749 | /* Just pass it on, we already did the work */ | |
| 750 | verbose(VERB_ALGO, "subnet: pass to next module"); | |
| 751 | qstate->ext_state[id] = module_wait_module; | |
| 752 | return; | |
| 753 | } | |
| 754 | if(!sq && (event == module_event_moddone)) { | |
| 755 | /* during priming, module done but we never started */ | |
| 756 | qstate->ext_state[id] = module_finished; | |
| 757 | return; | |
| 758 | } | |
| 759 | log_err("subnet: bad event %s", strmodulevent(event)); | |
| 760 | qstate->ext_state[id] = module_error; | |
| 761 | return; | |
| 762 | } | |
| 763 | ||
| 764 | void | |
| 765 | subnetmod_clear(struct module_qstate *ATTR_UNUSED(qstate), | |
| 766 | int ATTR_UNUSED(id)) | |
| 767 | { | |
| 768 | /* qstate has no data outside region */ | |
| 769 | } | |
| 770 | ||
| 771 | void | |
| 772 | subnetmod_inform_super(struct module_qstate *ATTR_UNUSED(qstate), | |
| 773 | int ATTR_UNUSED(id), struct module_qstate *ATTR_UNUSED(super)) | |
| 774 | { | |
| 775 | /* Not used */ | |
| 776 | } | |
| 777 | ||
| 778 | size_t | |
| 779 | subnetmod_get_mem(struct module_env *env, int id) | |
| 780 | { | |
| 781 | struct subnet_env *sn_env = env->modinfo[id]; | |
| 782 | if (!sn_env) return 0; | |
| 783 | return sizeof(*sn_env) + | |
| 784 | slabhash_get_mem(sn_env->subnet_msg_cache) + | |
| 785 | ecs_whitelist_get_mem(sn_env->whitelist); | |
| 786 | } | |
| 787 | ||
| 788 | /** | |
| 789 | * The module function block | |
| 790 | */ | |
| 791 | static struct module_func_block subnetmod_block = { | |
| 792 | "subnet", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, | |
| 793 | &subnetmod_inform_super, &subnetmod_clear, &subnetmod_get_mem | |
| 794 | }; | |
| 795 | ||
| 796 | struct module_func_block* | |
| 797 | subnetmod_get_funcblock(void) | |
| 798 | { | |
| 799 | return &subnetmod_block; | |
| 800 | } | |
| 801 | ||
| 802 | /** Wrappers for static functions to unit test */ | |
| 803 | size_t | |
| 804 | unittest_wrapper_subnetmod_sizefunc(void *elemptr) | |
| 805 | { | |
| 806 | return sizefunc(elemptr); | |
| 807 | } | |
| 808 | ||
| 809 | #endif /* CLIENT_SUBNET */ |
| 0 | /* | |
| 1 | * edns-subnet/subnetmod.h - edns subnet module. Must be called before validator | |
| 2 | * and iterator. | |
| 3 | * | |
| 4 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 5 | * | |
| 6 | * This software is open source. | |
| 7 | * | |
| 8 | * Redistribution and use in source and binary forms, with or without | |
| 9 | * modification, are permitted provided that the following conditions | |
| 10 | * are met: | |
| 11 | * | |
| 12 | * Redistributions of source code must retain the above copyright notice, | |
| 13 | * this list of conditions and the following disclaimer. | |
| 14 | * | |
| 15 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 16 | * this list of conditions and the following disclaimer in the documentation | |
| 17 | * and/or other materials provided with the distribution. | |
| 18 | * | |
| 19 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 20 | * be used to endorse or promote products derived from this software without | |
| 21 | * specific prior written permission. | |
| 22 | * | |
| 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 27 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 29 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 30 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 31 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 32 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 33 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 34 | */ | |
| 35 | /** | |
| 36 | * \file | |
| 37 | * subnet module for unbound. | |
| 38 | */ | |
| 39 | ||
| 40 | #ifndef SUBNETMOD_H | |
| 41 | #define SUBNETMOD_H | |
| 42 | #include "util/module.h" | |
| 43 | #include "services/outbound_list.h" | |
| 44 | #include "util/alloc.h" | |
| 45 | #include "util/net_help.h" | |
| 46 | #include "util/storage/slabhash.h" | |
| 47 | #include "edns-subnet/addrtree.h" | |
| 48 | #include "edns-subnet/edns-subnet.h" | |
| 49 | ||
| 50 | /** | |
| 51 | * Global state for the subnet module. | |
| 52 | */ | |
| 53 | struct subnet_env { | |
| 54 | /** shared message cache | |
| 55 | * key: struct query_info* | |
| 56 | * data: struct subnet_msg_cache_data* */ | |
| 57 | struct slabhash* subnet_msg_cache; | |
| 58 | /** access control, which upstream servers we send client address */ | |
| 59 | struct ecs_whitelist* whitelist; | |
| 60 | /** allocation service */ | |
| 61 | struct alloc_cache alloc; | |
| 62 | lock_rw_type biglock; | |
| 63 | }; | |
| 64 | ||
| 65 | struct subnet_msg_cache_data { | |
| 66 | struct addrtree* tree4; | |
| 67 | struct addrtree* tree6; | |
| 68 | }; | |
| 69 | ||
| 70 | struct subnet_qstate { | |
| 71 | /** We need the hash for both cache lookup and insert */ | |
| 72 | hashvalue_type qinfo_hash; | |
| 73 | /** ecs_data for client communication */ | |
| 74 | struct ecs_data ecs_client_in; | |
| 75 | struct ecs_data ecs_client_out; | |
| 76 | /** ecss data for server communication */ | |
| 77 | struct ecs_data ecs_server_in; | |
| 78 | struct ecs_data ecs_server_out; | |
| 79 | int subnet_downstream; | |
| 80 | int subnet_sent; | |
| 81 | }; | |
| 82 | ||
| 83 | void subnet_data_delete(void* d, void* ATTR_UNUSED(arg)); | |
| 84 | size_t msg_cache_sizefunc(void* k, void* d); | |
| 85 | ||
| 86 | /** | |
| 87 | * Get the module function block. | |
| 88 | * @return: function block with function pointers to module methods. | |
| 89 | */ | |
| 90 | struct module_func_block* subnetmod_get_funcblock(void); | |
| 91 | ||
| 92 | /** subnet module init */ | |
| 93 | int subnetmod_init(struct module_env* env, int id); | |
| 94 | ||
| 95 | /** subnet module deinit */ | |
| 96 | void subnetmod_deinit(struct module_env* env, int id); | |
| 97 | ||
| 98 | /** subnet module operate on a query */ | |
| 99 | void subnetmod_operate(struct module_qstate* qstate, enum module_ev event, | |
| 100 | int id, struct outbound_entry* outbound); | |
| 101 | ||
| 102 | /** subnet module */ | |
| 103 | void subnetmod_inform_super(struct module_qstate* qstate, int id, | |
| 104 | struct module_qstate* super); | |
| 105 | ||
| 106 | /** subnet module cleanup query state */ | |
| 107 | void subnetmod_clear(struct module_qstate* qstate, int id); | |
| 108 | ||
| 109 | /** subnet module alloc size routine */ | |
| 110 | size_t subnetmod_get_mem(struct module_env* env, int id); | |
| 111 | ||
| 112 | /** Wrappers for static functions to unit test */ | |
| 113 | size_t unittest_wrapper_subnetmod_sizefunc(void *elemptr); | |
| 114 | ||
| 115 | /** Whitelist check, called just before query is sent upstream. */ | |
| 116 | int ecs_whitelist_check(struct query_info* qinfo, uint16_t flags, | |
| 117 | struct module_qstate* qstate, struct sockaddr_storage* addr, | |
| 118 | socklen_t addrlen, uint8_t* zone, size_t zonelen, | |
| 119 | struct regional* region, int id, void* cbargs); | |
| 120 | ||
| 121 | /** Check whether reponse from server contains ECS record, if so, skip cache | |
| 122 | * store. Called just after parsing EDNS data from server. */ | |
| 123 | int ecs_edns_back_parsed(struct module_qstate* qstate, int id, void* cbargs); | |
| 124 | ||
| 125 | /** Remove ECS record from back_out when query resulted in REFUSED response. */ | |
| 126 | int ecs_query_response(struct module_qstate* qstate, struct dns_msg* response, | |
| 127 | int id, void* cbargs); | |
| 128 | ||
| 129 | #endif /* SUBNETMOD_H */ |
| 0 | /* | |
| 1 | * ipsecmod/ipsecmod-whitelist.h - White listed domains for the ipsecmod to | |
| 2 | * operate on. | |
| 3 | * | |
| 4 | * Copyright (c) 2017, NLnet Labs. All rights reserved. | |
| 5 | * | |
| 6 | * This software is open source. | |
| 7 | * | |
| 8 | * Redistribution and use in source and binary forms, with or without | |
| 9 | * modification, are permitted provided that the following conditions | |
| 10 | * are met: | |
| 11 | * | |
| 12 | * Redistributions of source code must retain the above copyright notice, | |
| 13 | * this list of conditions and the following disclaimer. | |
| 14 | * | |
| 15 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 16 | * this list of conditions and the following disclaimer in the documentation | |
| 17 | * and/or other materials provided with the distribution. | |
| 18 | * | |
| 19 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 20 | * be used to endorse or promote products derived from this software without | |
| 21 | * specific prior written permission. | |
| 22 | * | |
| 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 27 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 29 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 30 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 31 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 32 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 33 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 34 | */ | |
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * Keep track of the white listed domains for ipsecmod. | |
| 39 | */ | |
| 40 | ||
| 41 | #include "config.h" | |
| 42 | ||
| 43 | #ifdef USE_IPSECMOD | |
| 44 | #include "ipsecmod/ipsecmod.h" | |
| 45 | #include "ipsecmod/ipsecmod-whitelist.h" | |
| 46 | #include "util/regional.h" | |
| 47 | #include "util/log.h" | |
| 48 | #include "util/config_file.h" | |
| 49 | #include "util/rbtree.h" | |
| 50 | #include "util/data/dname.h" | |
| 51 | #include "util/storage/dnstree.h" | |
| 52 | #include "sldns/str2wire.h" | |
| 53 | ||
| 54 | /** Apply ipsecmod-whitelist string. */ | |
| 55 | static int | |
| 56 | whitelist_str_cfg(rbtree_type* whitelist, const char* name) | |
| 57 | { | |
| 58 | struct name_tree_node* n; | |
| 59 | size_t len; | |
| 60 | uint8_t* nm = sldns_str2wire_dname(name, &len); | |
| 61 | if(!nm) { | |
| 62 | log_err("ipsecmod: could not parse %s for whitelist.", name); | |
| 63 | return 0; | |
| 64 | } | |
| 65 | n = (struct name_tree_node*)calloc(1, sizeof(*n)); | |
| 66 | if(!n) { | |
| 67 | log_err("ipsecmod: out of memory while creating whitelist."); | |
| 68 | free(nm); | |
| 69 | return 0; | |
| 70 | } | |
| 71 | n->node.key = n; | |
| 72 | n->name = nm; | |
| 73 | n->len = len; | |
| 74 | n->labs = dname_count_labels(nm); | |
| 75 | n->dclass = LDNS_RR_CLASS_IN; | |
| 76 | if(!name_tree_insert(whitelist, n, nm, len, n->labs, n->dclass)) { | |
| 77 | /* duplicate element ignored, idempotent */ | |
| 78 | free(n->name); | |
| 79 | free(n); | |
| 80 | } | |
| 81 | return 1; | |
| 82 | } | |
| 83 | ||
| 84 | /** Read ipsecmod-whitelist config. */ | |
| 85 | static int | |
| 86 | read_whitelist(rbtree_type* whitelist, struct config_file* cfg) | |
| 87 | { | |
| 88 | struct config_strlist* p; | |
| 89 | for(p = cfg->ipsecmod_whitelist; p; p = p->next) { | |
| 90 | log_assert(p->str); | |
| 91 | if(!whitelist_str_cfg(whitelist, p->str)) | |
| 92 | return 0; | |
| 93 | } | |
| 94 | return 1; | |
| 95 | } | |
| 96 | ||
| 97 | int | |
| 98 | ipsecmod_whitelist_apply_cfg(struct ipsecmod_env* ie, | |
| 99 | struct config_file* cfg) | |
| 100 | { | |
| 101 | ie->whitelist = rbtree_create(name_tree_compare); | |
| 102 | if(!read_whitelist(ie->whitelist, cfg)) | |
| 103 | return 0; | |
| 104 | name_tree_init_parents(ie->whitelist); | |
| 105 | return 1; | |
| 106 | } | |
| 107 | ||
| 108 | /** Delete ipsecmod_env->whitelist element. */ | |
| 109 | static void | |
| 110 | whitelist_free(struct rbnode_type* n, void* ATTR_UNUSED(d)) | |
| 111 | { | |
| 112 | if(n) { | |
| 113 | free(((struct name_tree_node*)n)->name); | |
| 114 | free(n); | |
| 115 | } | |
| 116 | } | |
| 117 | ||
| 118 | /** Get memory usage of ipsecmod_env->whitelist element. */ | |
| 119 | static void | |
| 120 | whitelist_get_mem(struct rbnode_type* n, void* arg) | |
| 121 | { | |
| 122 | struct name_tree_node* node = (struct name_tree_node*)n; | |
| 123 | size_t* size = (size_t*) arg; | |
| 124 | if(node) { | |
| 125 | *size += sizeof(node) + node->len; | |
| 126 | } | |
| 127 | } | |
| 128 | ||
| 129 | void | |
| 130 | ipsecmod_whitelist_delete(rbtree_type* whitelist) | |
| 131 | { | |
| 132 | if(whitelist) { | |
| 133 | traverse_postorder(whitelist, whitelist_free, NULL); | |
| 134 | free(whitelist); | |
| 135 | } | |
| 136 | } | |
| 137 | ||
| 138 | int | |
| 139 | ipsecmod_domain_is_whitelisted(struct ipsecmod_env* ie, uint8_t* dname, | |
| 140 | size_t dname_len, uint16_t qclass) | |
| 141 | { | |
| 142 | if(!ie->whitelist) return 1; /* No whitelist, treat as whitelisted. */ | |
| 143 | return name_tree_lookup(ie->whitelist, dname, dname_len, | |
| 144 | dname_count_labels(dname), qclass) != NULL; | |
| 145 | } | |
| 146 | ||
| 147 | size_t | |
| 148 | ipsecmod_whitelist_get_mem(rbtree_type* whitelist) | |
| 149 | { | |
| 150 | size_t size = 0; | |
| 151 | if(whitelist) { | |
| 152 | traverse_postorder(whitelist, whitelist_get_mem, &size); | |
| 153 | } | |
| 154 | return size; | |
| 155 | } | |
| 156 | ||
| 157 | #endif /* USE_IPSECMOD */ |
| 0 | /* | |
| 1 | * ipsecmod/ipsecmod-whitelist.h - White listed domains for the ipsecmod to | |
| 2 | * operate on. | |
| 3 | * | |
| 4 | * Copyright (c) 2017, NLnet Labs. All rights reserved. | |
| 5 | * | |
| 6 | * This software is open source. | |
| 7 | * | |
| 8 | * Redistribution and use in source and binary forms, with or without | |
| 9 | * modification, are permitted provided that the following conditions | |
| 10 | * are met: | |
| 11 | * | |
| 12 | * Redistributions of source code must retain the above copyright notice, | |
| 13 | * this list of conditions and the following disclaimer. | |
| 14 | * | |
| 15 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 16 | * this list of conditions and the following disclaimer in the documentation | |
| 17 | * and/or other materials provided with the distribution. | |
| 18 | * | |
| 19 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 20 | * be used to endorse or promote products derived from this software without | |
| 21 | * specific prior written permission. | |
| 22 | * | |
| 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 27 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 29 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 30 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 31 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 32 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 33 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 34 | */ | |
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * Keep track of the white listed domains for ipsecmod. | |
| 39 | */ | |
| 40 | ||
| 41 | #ifndef IPSECMOD_WHITELIST_H | |
| 42 | #define IPSECMOD_WHITELIST_H | |
| 43 | #include "util/storage/dnstree.h" | |
| 44 | ||
| 45 | struct config_file; | |
| 46 | struct regional; | |
| 47 | ||
| 48 | /** | |
| 49 | * Process ipsecmod_whitelist config. | |
| 50 | * @param ie: ipsecmod environment. | |
| 51 | * @param cfg: config options. | |
| 52 | * @return 0 on error. | |
| 53 | */ | |
| 54 | int ipsecmod_whitelist_apply_cfg(struct ipsecmod_env* ie, | |
| 55 | struct config_file* cfg); | |
| 56 | ||
| 57 | /** | |
| 58 | * Delete the ipsecmod whitelist. | |
| 59 | * @param whitelist: ipsecmod whitelist. | |
| 60 | */ | |
| 61 | void ipsecmod_whitelist_delete(rbtree_type* whitelist); | |
| 62 | ||
| 63 | /** | |
| 64 | * See if a domain is whitelisted. | |
| 65 | * @param ie: ipsecmod environment. | |
| 66 | * @param dname: domain name to check. | |
| 67 | * @param dname_len: length of domain name. | |
| 68 | * @param qclass: query CLASS. | |
| 69 | * @return: true if the domain is whitelisted for the ipsecmod. | |
| 70 | */ | |
| 71 | int ipsecmod_domain_is_whitelisted(struct ipsecmod_env* ie, uint8_t* dname, | |
| 72 | size_t dname_len, uint16_t qclass); | |
| 73 | ||
| 74 | /** | |
| 75 | * Get memory used by ipsecmod whitelist. | |
| 76 | * @param whitelist: structure for domain storage. | |
| 77 | * @return bytes in use. | |
| 78 | */ | |
| 79 | size_t ipsecmod_whitelist_get_mem(rbtree_type* whitelist); | |
| 80 | ||
| 81 | #endif /* IPSECMOD_WHITELIST_H */ |
| 0 | /* | |
| 1 | * ipsecmod/ipsecmod.c - facilitate opportunistic IPsec module | |
| 2 | * | |
| 3 | * Copyright (c) 2017, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | ||
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * This file contains a module that facilitates opportunistic IPsec. It does so | |
| 39 | * by also quering for the IPSECKEY for A/AAAA queries and calling a | |
| 40 | * configurable hook (eg. signaling an IKE daemon) before replying. | |
| 41 | */ | |
| 42 | ||
| 43 | #include "config.h" | |
| 44 | #ifdef USE_IPSECMOD | |
| 45 | #include "ipsecmod/ipsecmod.h" | |
| 46 | #include "ipsecmod/ipsecmod-whitelist.h" | |
| 47 | #include "util/fptr_wlist.h" | |
| 48 | #include "util/regional.h" | |
| 49 | #include "util/net_help.h" | |
| 50 | #include "util/config_file.h" | |
| 51 | #include "services/cache/dns.h" | |
| 52 | #include "sldns/wire2str.h" | |
| 53 | ||
| 54 | /** Apply configuration to ipsecmod module 'global' state. */ | |
| 55 | static int | |
| 56 | ipsecmod_apply_cfg(struct ipsecmod_env* ipsecmod_env, struct config_file* cfg) | |
| 57 | { | |
| 58 | if(!cfg->ipsecmod_hook || (cfg->ipsecmod_hook && !cfg->ipsecmod_hook[0])) { | |
| 59 | log_err("ipsecmod: missing ipsecmod-hook."); | |
| 60 | return 0; | |
| 61 | } | |
| 62 | if(cfg->ipsecmod_whitelist && | |
| 63 | !ipsecmod_whitelist_apply_cfg(ipsecmod_env, cfg)) | |
| 64 | return 0; | |
| 65 | return 1; | |
| 66 | } | |
| 67 | ||
| 68 | int | |
| 69 | ipsecmod_init(struct module_env* env, int id) | |
| 70 | { | |
| 71 | struct ipsecmod_env* ipsecmod_env = (struct ipsecmod_env*)calloc(1, | |
| 72 | sizeof(struct ipsecmod_env)); | |
| 73 | if(!ipsecmod_env) { | |
| 74 | log_err("malloc failure"); | |
| 75 | return 0; | |
| 76 | } | |
| 77 | env->modinfo[id] = (void*)ipsecmod_env; | |
| 78 | ipsecmod_env->whitelist = NULL; | |
| 79 | if(!ipsecmod_apply_cfg(ipsecmod_env, env->cfg)) { | |
| 80 | log_err("ipsecmod: could not apply configuration settings."); | |
| 81 | return 0; | |
| 82 | } | |
| 83 | return 1; | |
| 84 | } | |
| 85 | ||
| 86 | void | |
| 87 | ipsecmod_deinit(struct module_env* env, int id) | |
| 88 | { | |
| 89 | struct ipsecmod_env* ipsecmod_env; | |
| 90 | if(!env || !env->modinfo[id]) | |
| 91 | return; | |
| 92 | ipsecmod_env = (struct ipsecmod_env*)env->modinfo[id]; | |
| 93 | /* Free contents. */ | |
| 94 | ipsecmod_whitelist_delete(ipsecmod_env->whitelist); | |
| 95 | free(ipsecmod_env); | |
| 96 | env->modinfo[id] = NULL; | |
| 97 | } | |
| 98 | ||
| 99 | /** New query for ipsecmod. */ | |
| 100 | static int | |
| 101 | ipsecmod_new(struct module_qstate* qstate, int id) | |
| 102 | { | |
| 103 | struct ipsecmod_qstate* iq = (struct ipsecmod_qstate*)regional_alloc( | |
| 104 | qstate->region, sizeof(struct ipsecmod_qstate)); | |
| 105 | memset(iq, 0, sizeof(*iq)); | |
| 106 | qstate->minfo[id] = iq; | |
| 107 | if(!iq) | |
| 108 | return 0; | |
| 109 | /* Initialise it. */ | |
| 110 | iq->enabled = qstate->env->cfg->ipsecmod_enabled; | |
| 111 | iq->is_whitelisted = ipsecmod_domain_is_whitelisted( | |
| 112 | (struct ipsecmod_env*)qstate->env->modinfo[id], qstate->qinfo.qname, | |
| 113 | qstate->qinfo.qname_len, qstate->qinfo.qclass); | |
| 114 | return 1; | |
| 115 | } | |
| 116 | ||
| 117 | /** | |
| 118 | * Exit module with an error status. | |
| 119 | * @param qstate: query state | |
| 120 | * @param id: module id. | |
| 121 | */ | |
| 122 | static void | |
| 123 | ipsecmod_error(struct module_qstate* qstate, int id) | |
| 124 | { | |
| 125 | qstate->ext_state[id] = module_error; | |
| 126 | qstate->return_rcode = LDNS_RCODE_SERVFAIL; | |
| 127 | } | |
| 128 | ||
| 129 | /** | |
| 130 | * Generate a request for the IPSECKEY. | |
| 131 | * | |
| 132 | * @param qstate: query state that is the parent. | |
| 133 | * @param id: module id. | |
| 134 | * @param name: what name to query for. | |
| 135 | * @param namelen: length of name. | |
| 136 | * @param qtype: query type. | |
| 137 | * @param qclass: query class. | |
| 138 | * @param flags: additional flags, such as the CD bit (BIT_CD), or 0. | |
| 139 | * @return false on alloc failure. | |
| 140 | */ | |
| 141 | static int | |
| 142 | generate_request(struct module_qstate* qstate, int id, uint8_t* name, | |
| 143 | size_t namelen, uint16_t qtype, uint16_t qclass, uint16_t flags) | |
| 144 | { | |
| 145 | struct module_qstate* newq; | |
| 146 | struct query_info ask; | |
| 147 | ask.qname = name; | |
| 148 | ask.qname_len = namelen; | |
| 149 | ask.qtype = qtype; | |
| 150 | ask.qclass = qclass; | |
| 151 | ask.local_alias = NULL; | |
| 152 | log_query_info(VERB_ALGO, "ipsecmod: generate request", &ask); | |
| 153 | fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); | |
| 154 | if(!(*qstate->env->attach_sub)(qstate, &ask, | |
| 155 | (uint16_t)(BIT_RD|flags), 0, 0, &newq)){ | |
| 156 | log_err("Could not generate request: out of memory"); | |
| 157 | return 0; | |
| 158 | } | |
| 159 | qstate->ext_state[id] = module_wait_subquery; | |
| 160 | return 1; | |
| 161 | } | |
| 162 | ||
| 163 | /** | |
| 164 | * Prepare the data and call the hook. | |
| 165 | * | |
| 166 | * @param qstate: query state. | |
| 167 | * @param iq: ipsecmod qstate. | |
| 168 | * @param ie: ipsecmod environment. | |
| 169 | * @return true on success, false otherwise. | |
| 170 | */ | |
| 171 | static int | |
| 172 | call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq, | |
| 173 | struct ipsecmod_env* ATTR_UNUSED(ie)) | |
| 174 | { | |
| 175 | size_t slen, tempdata_len, tempstring_len, i; | |
| 176 | char str[65535], *s, *tempstring; | |
| 177 | int w; | |
| 178 | struct ub_packed_rrset_key* rrset_key; | |
| 179 | struct packed_rrset_data* rrset_data; | |
| 180 | uint8_t *tempdata; | |
| 181 | ||
| 182 | /* Check if a shell is available */ | |
| 183 | if(system(NULL) == 0) { | |
| 184 | log_err("ipsecmod: no shell available for ipsecmod-hook"); | |
| 185 | return 0; | |
| 186 | } | |
| 187 | ||
| 188 | /* Zero the buffer. */ | |
| 189 | s = str; | |
| 190 | slen = sizeof(str); | |
| 191 | memset(s, 0, slen); | |
| 192 | ||
| 193 | /* Copy the hook into the buffer. */ | |
| 194 | sldns_str_print(&s, &slen, "%s", qstate->env->cfg->ipsecmod_hook); | |
| 195 | /* Put space into the buffer. */ | |
| 196 | sldns_str_print(&s, &slen, " "); | |
| 197 | /* Copy the qname into the buffer. */ | |
| 198 | tempstring = sldns_wire2str_dname(qstate->qinfo.qname, | |
| 199 | qstate->qinfo.qname_len); | |
| 200 | if(!tempstring) { | |
| 201 | log_err("ipsecmod: out of memory when calling the hook"); | |
| 202 | return 0; | |
| 203 | } | |
| 204 | sldns_str_print(&s, &slen, "\"%s\"", tempstring); | |
| 205 | free(tempstring); | |
| 206 | /* Put space into the buffer. */ | |
| 207 | sldns_str_print(&s, &slen, " "); | |
| 208 | /* Copy the IPSECKEY TTL into the buffer. */ | |
| 209 | rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data; | |
| 210 | sldns_str_print(&s, &slen, "\"%ld\"", (long)rrset_data->ttl); | |
| 211 | /* Put space into the buffer. */ | |
| 212 | sldns_str_print(&s, &slen, " "); | |
| 213 | /* Copy the A/AAAA record(s) into the buffer. Start and end this section | |
| 214 | * with a double quote. */ | |
| 215 | rrset_key = reply_find_answer_rrset(&qstate->return_msg->qinfo, | |
| 216 | qstate->return_msg->rep); | |
| 217 | rrset_data = (struct packed_rrset_data*)rrset_key->entry.data; | |
| 218 | sldns_str_print(&s, &slen, "\""); | |
| 219 | for(i=0; i<rrset_data->count; i++) { | |
| 220 | if(i > 0) { | |
| 221 | /* Put space into the buffer. */ | |
| 222 | sldns_str_print(&s, &slen, " "); | |
| 223 | } | |
| 224 | /* Ignore the first two bytes, they are the rr_data len. */ | |
| 225 | w = sldns_wire2str_rdata_buf(rrset_data->rr_data[i] + 2, | |
| 226 | rrset_data->rr_len[i] - 2, s, slen, qstate->qinfo.qtype); | |
| 227 | if(w < 0) { | |
| 228 | /* Error in printout. */ | |
| 229 | return -1; | |
| 230 | } else if((size_t)w >= slen) { | |
| 231 | s = NULL; /* We do not want str to point outside of buffer. */ | |
| 232 | slen = 0; | |
| 233 | return -1; | |
| 234 | } else { | |
| 235 | s += w; | |
| 236 | slen -= w; | |
| 237 | } | |
| 238 | } | |
| 239 | sldns_str_print(&s, &slen, "\""); | |
| 240 | /* Put space into the buffer. */ | |
| 241 | sldns_str_print(&s, &slen, " "); | |
| 242 | /* Copy the IPSECKEY record(s) into the buffer. Start and end this section | |
| 243 | * with a double quote. */ | |
| 244 | sldns_str_print(&s, &slen, "\""); | |
| 245 | rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data; | |
| 246 | for(i=0; i<rrset_data->count; i++) { | |
| 247 | if(i > 0) { | |
| 248 | /* Put space into the buffer. */ | |
| 249 | sldns_str_print(&s, &slen, " "); | |
| 250 | } | |
| 251 | /* Ignore the first two bytes, they are the rr_data len. */ | |
| 252 | tempdata = rrset_data->rr_data[i] + 2; | |
| 253 | tempdata_len = rrset_data->rr_len[i] - 2; | |
| 254 | /* Save the buffer pointers. */ | |
| 255 | tempstring = s; tempstring_len = slen; | |
| 256 | w = sldns_wire2str_ipseckey_scan(&tempdata, &tempdata_len, &s, &slen, | |
| 257 | NULL, 0); | |
| 258 | /* There was an error when parsing the IPSECKEY; reset the buffer | |
| 259 | * pointers to their previous values. */ | |
| 260 | if(w == -1){ | |
| 261 | s = tempstring; slen = tempstring_len; | |
| 262 | } | |
| 263 | } | |
| 264 | sldns_str_print(&s, &slen, "\""); | |
| 265 | verbose(VERB_ALGO, "ipsecmod: hook command: '%s'", str); | |
| 266 | /* ipsecmod-hook should return 0 on success. */ | |
| 267 | if(system(str) != 0) | |
| 268 | return 0; | |
| 269 | return 1; | |
| 270 | } | |
| 271 | ||
| 272 | /** | |
| 273 | * Handle an ipsecmod module event with a query | |
| 274 | * @param qstate: query state (from the mesh), passed between modules. | |
| 275 | * contains qstate->env module environment with global caches and so on. | |
| 276 | * @param iq: query state specific for this module. per-query. | |
| 277 | * @param ie: environment specific for this module. global. | |
| 278 | * @param id: module id. | |
| 279 | */ | |
| 280 | static void | |
| 281 | ipsecmod_handle_query(struct module_qstate* qstate, | |
| 282 | struct ipsecmod_qstate* iq, struct ipsecmod_env* ie, int id) | |
| 283 | { | |
| 284 | struct ub_packed_rrset_key* rrset_key; | |
| 285 | struct packed_rrset_data* rrset_data; | |
| 286 | size_t i; | |
| 287 | /* Pass to next module if we are not enabled and whitelisted. */ | |
| 288 | if(!(iq->enabled && iq->is_whitelisted)) { | |
| 289 | qstate->ext_state[id] = module_wait_module; | |
| 290 | return; | |
| 291 | } | |
| 292 | /* New query, check if the query is for an A/AAAA record and disable | |
| 293 | * caching for other modules. */ | |
| 294 | if(!iq->ipseckey_done) { | |
| 295 | if(qstate->qinfo.qtype == LDNS_RR_TYPE_A || | |
| 296 | qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) { | |
| 297 | char type[16]; | |
| 298 | sldns_wire2str_type_buf(qstate->qinfo.qtype, type, | |
| 299 | sizeof(type)); | |
| 300 | verbose(VERB_ALGO, "ipsecmod: query for %s; engaging", | |
| 301 | type); | |
| 302 | qstate->no_cache_store = 1; | |
| 303 | } | |
| 304 | /* Pass request to next module. */ | |
| 305 | qstate->ext_state[id] = module_wait_module; | |
| 306 | return; | |
| 307 | } | |
| 308 | /* IPSECKEY subquery is finished. */ | |
| 309 | /* We have an IPSECKEY answer. */ | |
| 310 | if(iq->ipseckey_rrset) { | |
| 311 | rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data; | |
| 312 | if(rrset_data) { | |
| 313 | /* If bogus return SERVFAIL. */ | |
| 314 | if(!qstate->env->cfg->ipsecmod_ignore_bogus && | |
| 315 | rrset_data->security == sec_status_bogus) { | |
| 316 | log_err("ipsecmod: bogus IPSECKEY"); | |
| 317 | ipsecmod_error(qstate, id); | |
| 318 | return; | |
| 319 | } | |
| 320 | /* We have a valid IPSECKEY reply, call hook. */ | |
| 321 | if(!call_hook(qstate, iq, ie) && | |
| 322 | qstate->env->cfg->ipsecmod_strict) { | |
| 323 | log_err("ipsecmod: ipsecmod-hook failed"); | |
| 324 | ipsecmod_error(qstate, id); | |
| 325 | return; | |
| 326 | } | |
| 327 | /* Make sure the A/AAAA's TTL is equal/less than the | |
| 328 | * ipsecmod_max_ttl. */ | |
| 329 | rrset_key = reply_find_answer_rrset(&qstate->return_msg->qinfo, | |
| 330 | qstate->return_msg->rep); | |
| 331 | rrset_data = (struct packed_rrset_data*)rrset_key->entry.data; | |
| 332 | if(rrset_data->ttl > (time_t)qstate->env->cfg->ipsecmod_max_ttl) { | |
| 333 | /* Update TTL for rrset to fixed value. */ | |
| 334 | rrset_data->ttl = qstate->env->cfg->ipsecmod_max_ttl; | |
| 335 | for(i=0; i<rrset_data->count+rrset_data->rrsig_count; i++) | |
| 336 | rrset_data->rr_ttl[i] = qstate->env->cfg->ipsecmod_max_ttl; | |
| 337 | /* Also update reply_info's TTL */ | |
| 338 | if(qstate->return_msg->rep->ttl > (time_t)qstate->env->cfg->ipsecmod_max_ttl) { | |
| 339 | qstate->return_msg->rep->ttl = | |
| 340 | qstate->env->cfg->ipsecmod_max_ttl; | |
| 341 | qstate->return_msg->rep->prefetch_ttl = PREFETCH_TTL_CALC( | |
| 342 | qstate->return_msg->rep->ttl); | |
| 343 | } | |
| 344 | } | |
| 345 | } | |
| 346 | } | |
| 347 | /* Store A/AAAA in cache. */ | |
| 348 | if(!dns_cache_store(qstate->env, &qstate->qinfo, | |
| 349 | qstate->return_msg->rep, 0, qstate->prefetch_leeway, | |
| 350 | 0, qstate->region, qstate->query_flags)) { | |
| 351 | log_err("ipsecmod: out of memory caching record"); | |
| 352 | } | |
| 353 | qstate->ext_state[id] = module_finished; | |
| 354 | } | |
| 355 | ||
| 356 | /** | |
| 357 | * Handle an ipsecmod module event with a response from the iterator. | |
| 358 | * @param qstate: query state (from the mesh), passed between modules. | |
| 359 | * contains qstate->env module environment with global caches and so on. | |
| 360 | * @param iq: query state specific for this module. per-query. | |
| 361 | * @param ie: environment specific for this module. global. | |
| 362 | * @param id: module id. | |
| 363 | */ | |
| 364 | static void | |
| 365 | ipsecmod_handle_response(struct module_qstate* qstate, | |
| 366 | struct ipsecmod_qstate* ATTR_UNUSED(iq), | |
| 367 | struct ipsecmod_env* ATTR_UNUSED(ie), int id) | |
| 368 | { | |
| 369 | /* Pass to previous module if we are not enabled and whitelisted. */ | |
| 370 | if(!(iq->enabled && iq->is_whitelisted)) { | |
| 371 | qstate->ext_state[id] = module_finished; | |
| 372 | return; | |
| 373 | } | |
| 374 | /* check if the response is for an A/AAAA query. */ | |
| 375 | if((qstate->qinfo.qtype == LDNS_RR_TYPE_A || | |
| 376 | qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) && | |
| 377 | /* check that we had an answer for the A/AAAA query. */ | |
| 378 | qstate->return_msg && | |
| 379 | reply_find_answer_rrset(&qstate->return_msg->qinfo, | |
| 380 | qstate->return_msg->rep) && | |
| 381 | /* check that another module didn't SERVFAIL. */ | |
| 382 | qstate->return_rcode == LDNS_RCODE_NOERROR) { | |
| 383 | char type[16]; | |
| 384 | sldns_wire2str_type_buf(qstate->qinfo.qtype, type, | |
| 385 | sizeof(type)); | |
| 386 | verbose(VERB_ALGO, "ipsecmod: response for %s; generating IPSECKEY " | |
| 387 | "subquery", type); | |
| 388 | /* generate an IPSECKEY query. */ | |
| 389 | if(!generate_request(qstate, id, qstate->qinfo.qname, | |
| 390 | qstate->qinfo.qname_len, LDNS_RR_TYPE_IPSECKEY, | |
| 391 | qstate->qinfo.qclass, 0)) { | |
| 392 | log_err("ipsecmod: could not generate subquery."); | |
| 393 | ipsecmod_error(qstate, id); | |
| 394 | } | |
| 395 | return; | |
| 396 | } | |
| 397 | /* we are done with the query. */ | |
| 398 | qstate->ext_state[id] = module_finished; | |
| 399 | } | |
| 400 | ||
| 401 | void | |
| 402 | ipsecmod_operate(struct module_qstate* qstate, enum module_ev event, int id, | |
| 403 | struct outbound_entry* outbound) | |
| 404 | { | |
| 405 | struct ipsecmod_env* ie = (struct ipsecmod_env*)qstate->env->modinfo[id]; | |
| 406 | struct ipsecmod_qstate* iq = (struct ipsecmod_qstate*)qstate->minfo[id]; | |
| 407 | verbose(VERB_QUERY, "ipsecmod[module %d] operate: extstate:%s event:%s", | |
| 408 | id, strextstate(qstate->ext_state[id]), strmodulevent(event)); | |
| 409 | if(iq) log_query_info(VERB_QUERY, "ipsecmod operate: query", | |
| 410 | &qstate->qinfo); | |
| 411 | ||
| 412 | /* create ipsecmod_qstate. */ | |
| 413 | if((event == module_event_new || event == module_event_pass) && | |
| 414 | iq == NULL) { | |
| 415 | if(!ipsecmod_new(qstate, id)) { | |
| 416 | ipsecmod_error(qstate, id); | |
| 417 | return; | |
| 418 | } | |
| 419 | iq = (struct ipsecmod_qstate*)qstate->minfo[id]; | |
| 420 | } | |
| 421 | if(iq && (event == module_event_pass || event == module_event_new)) { | |
| 422 | ipsecmod_handle_query(qstate, iq, ie, id); | |
| 423 | return; | |
| 424 | } | |
| 425 | if(iq && (event == module_event_moddone)) { | |
| 426 | ipsecmod_handle_response(qstate, iq, ie, id); | |
| 427 | return; | |
| 428 | } | |
| 429 | if(iq && outbound) { | |
| 430 | /* cachedb does not need to process responses at this time | |
| 431 | * ignore it. | |
| 432 | cachedb_process_response(qstate, iq, ie, id, outbound, event); | |
| 433 | */ | |
| 434 | return; | |
| 435 | } | |
| 436 | if(event == module_event_error) { | |
| 437 | verbose(VERB_ALGO, "got called with event error, giving up"); | |
| 438 | ipsecmod_error(qstate, id); | |
| 439 | return; | |
| 440 | } | |
| 441 | if(!iq && (event == module_event_moddone)) { | |
| 442 | /* during priming, module done but we never started. */ | |
| 443 | qstate->ext_state[id] = module_finished; | |
| 444 | return; | |
| 445 | } | |
| 446 | ||
| 447 | log_err("ipsecmod: bad event %s", strmodulevent(event)); | |
| 448 | ipsecmod_error(qstate, id); | |
| 449 | return; | |
| 450 | } | |
| 451 | ||
| 452 | void | |
| 453 | ipsecmod_inform_super(struct module_qstate* qstate, int id, | |
| 454 | struct module_qstate* super) | |
| 455 | { | |
| 456 | struct ipsecmod_qstate* siq; | |
| 457 | log_query_info(VERB_ALGO, "ipsecmod: inform_super, sub is", | |
| 458 | &qstate->qinfo); | |
| 459 | log_query_info(VERB_ALGO, "super is", &super->qinfo); | |
| 460 | siq = (struct ipsecmod_qstate*)super->minfo[id]; | |
| 461 | if(!siq) { | |
| 462 | verbose(VERB_ALGO, "super has no ipsecmod state"); | |
| 463 | return; | |
| 464 | } | |
| 465 | ||
| 466 | if(qstate->return_msg) { | |
| 467 | struct ub_packed_rrset_key* rrset_key = reply_find_answer_rrset( | |
| 468 | &qstate->return_msg->qinfo, qstate->return_msg->rep); | |
| 469 | if(rrset_key) { | |
| 470 | /* We have an answer. */ | |
| 471 | /* Copy to super's region. */ | |
| 472 | rrset_key = packed_rrset_copy_region(rrset_key, super->region, 0); | |
| 473 | siq->ipseckey_rrset = rrset_key; | |
| 474 | if(!rrset_key) { | |
| 475 | log_err("ipsecmod: out of memory."); | |
| 476 | } | |
| 477 | } | |
| 478 | } | |
| 479 | /* Notify super to proceed. */ | |
| 480 | siq->ipseckey_done = 1; | |
| 481 | } | |
| 482 | ||
| 483 | void | |
| 484 | ipsecmod_clear(struct module_qstate* qstate, int id) | |
| 485 | { | |
| 486 | if(!qstate) | |
| 487 | return; | |
| 488 | qstate->minfo[id] = NULL; | |
| 489 | } | |
| 490 | ||
| 491 | size_t | |
| 492 | ipsecmod_get_mem(struct module_env* env, int id) | |
| 493 | { | |
| 494 | struct ipsecmod_env* ie = (struct ipsecmod_env*)env->modinfo[id]; | |
| 495 | if(!ie) | |
| 496 | return 0; | |
| 497 | return sizeof(*ie) + ipsecmod_whitelist_get_mem(ie->whitelist); | |
| 498 | } | |
| 499 | ||
| 500 | /** | |
| 501 | * The ipsecmod function block | |
| 502 | */ | |
| 503 | static struct module_func_block ipsecmod_block = { | |
| 504 | "ipsecmod", | |
| 505 | &ipsecmod_init, &ipsecmod_deinit, &ipsecmod_operate, | |
| 506 | &ipsecmod_inform_super, &ipsecmod_clear, &ipsecmod_get_mem | |
| 507 | }; | |
| 508 | ||
| 509 | struct module_func_block* | |
| 510 | ipsecmod_get_funcblock(void) | |
| 511 | { | |
| 512 | return &ipsecmod_block; | |
| 513 | } | |
| 514 | #endif /* USE_IPSECMOD */ |
| 0 | /* | |
| 1 | * ipsecmod/ipsecmod.h - facilitate opportunistic IPsec module | |
| 2 | * | |
| 3 | * Copyright (c) 2017, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | ||
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * This file contains a module that facilitates opportunistic IPsec. It does so | |
| 39 | * by also quering for the IPSECKEY for A/AAAA queries and calling a | |
| 40 | * configurable hook (eg. signaling an IKE daemon) before replying. | |
| 41 | */ | |
| 42 | ||
| 43 | #ifndef IPSECMOD_H | |
| 44 | #define IPSECMOD_H | |
| 45 | #include "util/module.h" | |
| 46 | #include "util/rbtree.h" | |
| 47 | ||
| 48 | /** | |
| 49 | * The global variable environment contents for the ipsecmod | |
| 50 | * Shared between threads, this represents long term information. | |
| 51 | */ | |
| 52 | struct ipsecmod_env { | |
| 53 | /** White listed domains for ipsecmod. */ | |
| 54 | rbtree_type* whitelist; | |
| 55 | }; | |
| 56 | ||
| 57 | /** | |
| 58 | * Per query state for the ipsecmod module. | |
| 59 | */ | |
| 60 | struct ipsecmod_qstate { | |
| 61 | /** State of the IPsec module. */ | |
| 62 | /** NOTE: This value is copied here from the configuration so that a change | |
| 63 | * with unbound-control would not complicate an already running mesh. */ | |
| 64 | int enabled; | |
| 65 | /** If the qname is whitelisted or not. */ | |
| 66 | /** NOTE: No whitelist means all qnames are whitelisted. */ | |
| 67 | int is_whitelisted; | |
| 68 | /** Pointer to IPSECKEY rrset allocated in the qstate region. NULL if there | |
| 69 | * was no IPSECKEY reply from the subquery. */ | |
| 70 | struct ub_packed_rrset_key* ipseckey_rrset; | |
| 71 | /** If the IPSECKEY subquery has finished. */ | |
| 72 | int ipseckey_done; | |
| 73 | }; | |
| 74 | ||
| 75 | /** Init the ipsecmod module */ | |
| 76 | int ipsecmod_init(struct module_env* env, int id); | |
| 77 | /** Deinit the ipsecmod module */ | |
| 78 | void ipsecmod_deinit(struct module_env* env, int id); | |
| 79 | /** Operate on an event on a query (in qstate). */ | |
| 80 | void ipsecmod_operate(struct module_qstate* qstate, enum module_ev event, | |
| 81 | int id, struct outbound_entry* outbound); | |
| 82 | /** Subordinate query done, inform this super request of its conclusion */ | |
| 83 | void ipsecmod_inform_super(struct module_qstate* qstate, int id, | |
| 84 | struct module_qstate* super); | |
| 85 | /** clear the ipsecmod query-specific contents out of qstate */ | |
| 86 | void ipsecmod_clear(struct module_qstate* qstate, int id); | |
| 87 | /** return memory estimate for the ipsecmod module */ | |
| 88 | size_t ipsecmod_get_mem(struct module_env* env, int id); | |
| 89 | ||
| 90 | /** | |
| 91 | * Get the function block with pointers to the ipsecmod functions | |
| 92 | * @return the function block for "ipsecmod". | |
| 93 | */ | |
| 94 | struct module_func_block* ipsecmod_get_funcblock(void); | |
| 95 | ||
| 96 | #endif /* IPSECMOD_H */ |
| 57 | 57 | * contents of type addr_tree_node. Each node is an address span |
| 58 | 58 | * that must not be used to send queries to. |
| 59 | 59 | */ |
| 60 | rbtree_t tree; | |
| 60 | rbtree_type tree; | |
| 61 | 61 | }; |
| 62 | 62 | |
| 63 | 63 | /** |
| 81 | 81 | free(n); |
| 82 | 82 | } |
| 83 | 83 | |
| 84 | static void delfwdnode(rbnode_t* n, void* ATTR_UNUSED(arg)) | |
| 84 | static void delfwdnode(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 85 | 85 | { |
| 86 | 86 | struct iter_forward_zone* node = (struct iter_forward_zone*)n; |
| 87 | 87 | fwd_zone_free(node); |
| 331 | 331 | struct delegpt* |
| 332 | 332 | forwards_find(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass) |
| 333 | 333 | { |
| 334 | rbnode_t* res = NULL; | |
| 334 | rbnode_type* res = NULL; | |
| 335 | 335 | struct iter_forward_zone key; |
| 336 | 336 | key.node.key = &key; |
| 337 | 337 | key.dclass = qclass; |
| 346 | 346 | forwards_lookup(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass) |
| 347 | 347 | { |
| 348 | 348 | /* lookup the forward zone in the tree */ |
| 349 | rbnode_t* res = NULL; | |
| 349 | rbnode_type* res = NULL; | |
| 350 | 350 | struct iter_forward_zone *result; |
| 351 | 351 | struct iter_forward_zone key; |
| 352 | 352 | key.node.key = &key; |
| 387 | 387 | forwards_next_root(struct iter_forwards* fwd, uint16_t* dclass) |
| 388 | 388 | { |
| 389 | 389 | struct iter_forward_zone key; |
| 390 | rbnode_t* n; | |
| 390 | rbnode_type* n; | |
| 391 | 391 | struct iter_forward_zone* p; |
| 392 | 392 | if(*dclass == 0) { |
| 393 | 393 | /* first root item is first item in tree */ |
| 56 | 56 | * match which gives the ancestor needed. |
| 57 | 57 | * contents of type iter_forward_zone. |
| 58 | 58 | */ |
| 59 | rbtree_t* tree; | |
| 59 | rbtree_type* tree; | |
| 60 | 60 | }; |
| 61 | 61 | |
| 62 | 62 | /** |
| 64 | 64 | */ |
| 65 | 65 | struct iter_forward_zone { |
| 66 | 66 | /** redblacktree node, key is this structure: class and name */ |
| 67 | rbnode_t node; | |
| 67 | rbnode_type node; | |
| 68 | 68 | /** name */ |
| 69 | 69 | uint8_t* name; |
| 70 | 70 | /** length of name */ |
| 66 | 66 | free(s); |
| 67 | 67 | } |
| 68 | 68 | |
| 69 | static void delhintnode(rbnode_t* n, void* ATTR_UNUSED(arg)) | |
| 69 | static void delhintnode(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 70 | 70 | { |
| 71 | 71 | struct iter_hints_stub* node = (struct iter_hints_stub*)n; |
| 72 | 72 | hints_stub_free(node); |
| 143 | 143 | } |
| 144 | 144 | if(do_ip6) { |
| 145 | 145 | if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed; |
| 146 | if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:84::b")) goto failed; | |
| 146 | if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:200::b")) goto failed; | |
| 147 | 147 | if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed; |
| 148 | 148 | if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed; |
| 149 | 149 | if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed; |
| 58 | 58 | * contents of type iter_hints_stub. The class IN root is in here. |
| 59 | 59 | * uses name_tree_node from dnstree.h. |
| 60 | 60 | */ |
| 61 | rbtree_t tree; | |
| 61 | rbtree_type tree; | |
| 62 | 62 | }; |
| 63 | 63 | |
| 64 | 64 | /** |
| 59 | 59 | * contents of type addr_tree_node. |
| 60 | 60 | * No further data need, only presence or absence. |
| 61 | 61 | */ |
| 62 | rbtree_t a; | |
| 62 | rbtree_type a; | |
| 63 | 63 | /** |
| 64 | 64 | * Tree of the domains spans that are allowed to contain |
| 65 | 65 | * the blocked address spans. |
| 66 | 66 | * contents of type name_tree_node. |
| 67 | 67 | * No further data need, only presence or absence. |
| 68 | 68 | */ |
| 69 | rbtree_t n; | |
| 69 | rbtree_type n; | |
| 70 | 70 | }; |
| 71 | 71 | |
| 72 | 72 | /** |
| 160 | 160 | for(rr = rrset->rr_first; rr; rr = rr->next) { |
| 161 | 161 | if(get_additional_name(rrset, rr, &nm, &nmlen, pkt)) { |
| 162 | 162 | /* mark A */ |
| 163 | hashvalue_t h = pkt_hash_rrset(pkt, nm, LDNS_RR_TYPE_A, | |
| 164 | rrset->rrset_class, 0); | |
| 163 | hashvalue_type h = pkt_hash_rrset(pkt, nm, | |
| 164 | LDNS_RR_TYPE_A, rrset->rrset_class, 0); | |
| 165 | 165 | struct rrset_parse* r = msgparse_hashtable_lookup( |
| 166 | 166 | msg, pkt, h, 0, nm, nmlen, |
| 167 | 167 | LDNS_RR_TYPE_A, rrset->rrset_class); |
| 107 | 107 | |
| 108 | 108 | /** apply config caps whitelist items to name tree */ |
| 109 | 109 | static int |
| 110 | caps_white_apply_cfg(rbtree_t* ntree, struct config_file* cfg) | |
| 110 | caps_white_apply_cfg(rbtree_type* ntree, struct config_file* cfg) | |
| 111 | 111 | { |
| 112 | 112 | struct config_strlist* p; |
| 113 | 113 | for(p=cfg->caps_whitelist; p; p=p->next) { |
| 87 | 87 | |
| 88 | 88 | /** delete caps_whitelist element */ |
| 89 | 89 | static void |
| 90 | caps_free(struct rbnode_t* n, void* ATTR_UNUSED(d)) | |
| 90 | caps_free(struct rbnode_type* n, void* ATTR_UNUSED(d)) | |
| 91 | 91 | { |
| 92 | 92 | if(n) { |
| 93 | 93 | free(((struct name_tree_node*)n)->name); |
| 287 | 287 | return error_response(qstate, id, rcode); |
| 288 | 288 | /* if that fails (not in cache), fall through to store err */ |
| 289 | 289 | } |
| 290 | if(qstate->env->cfg->serve_expired) { | |
| 291 | /* if serving expired contents, and such content is | |
| 292 | * already available, don't overwrite this servfail */ | |
| 293 | struct msgreply_entry* msg; | |
| 294 | if((msg=msg_cache_lookup(qstate->env, | |
| 295 | qstate->qinfo.qname, qstate->qinfo.qname_len, | |
| 296 | qstate->qinfo.qtype, qstate->qinfo.qclass, | |
| 297 | qstate->query_flags, 0, 0)) | |
| 298 | != NULL) { | |
| 299 | lock_rw_unlock(&msg->entry.lock); | |
| 300 | return error_response(qstate, id, rcode); | |
| 301 | } | |
| 302 | /* serving expired contents, but nothing is cached | |
| 303 | * at all, so the servfail cache entry is useful | |
| 304 | * (stops waste of time on this servfail NORR_TTL) */ | |
| 305 | } | |
| 290 | 306 | memset(&err, 0, sizeof(err)); |
| 291 | 307 | err.flags = (uint16_t)(BIT_QR | BIT_RA); |
| 292 | 308 | FLAGS_SET_RCODE(err.flags, rcode); |
| 372 | 388 | } |
| 373 | 389 | |
| 374 | 390 | /** |
| 391 | * Find rrset in ANSWER prepend list. | |
| 392 | * to avoid duplicate DNAMEs when a DNAME is traversed twice. | |
| 393 | * @param iq: iterator query state. | |
| 394 | * @param rrset: rrset to add. | |
| 395 | * @return false if not found | |
| 396 | */ | |
| 397 | static int | |
| 398 | iter_find_rrset_in_prepend_answer(struct iter_qstate* iq, | |
| 399 | struct ub_packed_rrset_key* rrset) | |
| 400 | { | |
| 401 | struct iter_prep_list* p = iq->an_prepend_list; | |
| 402 | while(p) { | |
| 403 | if(ub_rrset_compare(p->rrset, rrset) == 0 && | |
| 404 | rrsetdata_equal((struct packed_rrset_data*)p->rrset | |
| 405 | ->entry.data, (struct packed_rrset_data*)rrset | |
| 406 | ->entry.data)) | |
| 407 | return 1; | |
| 408 | p = p->next; | |
| 409 | } | |
| 410 | return 0; | |
| 411 | } | |
| 412 | ||
| 413 | /** | |
| 375 | 414 | * Add rrset to ANSWER prepend list |
| 376 | 415 | * @param qstate: query state. |
| 377 | 416 | * @param iq: iterator query state. |
| 453 | 492 | * by this DNAME following, so we don't process the DNAME |
| 454 | 493 | * directly. */ |
| 455 | 494 | if(ntohs(r->rk.type) == LDNS_RR_TYPE_DNAME && |
| 456 | dname_strict_subdomain_c(*mname, r->rk.dname)) { | |
| 495 | dname_strict_subdomain_c(*mname, r->rk.dname) && | |
| 496 | !iter_find_rrset_in_prepend_answer(iq, r)) { | |
| 457 | 497 | if(!iter_add_prepend_answer(qstate, iq, r)) |
| 458 | 498 | return 0; |
| 459 | 499 | continue; |
| 460 | 500 | } |
| 461 | 501 | |
| 462 | 502 | if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && |
| 463 | query_dname_compare(*mname, r->rk.dname) == 0) { | |
| 503 | query_dname_compare(*mname, r->rk.dname) == 0 && | |
| 504 | !iter_find_rrset_in_prepend_answer(iq, r)) { | |
| 464 | 505 | /* Add this relevant CNAME rrset to the prepend list.*/ |
| 465 | 506 | if(!iter_add_prepend_answer(qstate, iq, r)) |
| 466 | 507 | return 0; |
| 479 | 520 | if(!iter_add_prepend_auth(qstate, iq, r)) |
| 480 | 521 | return 0; |
| 481 | 522 | } |
| 523 | } | |
| 524 | return 1; | |
| 525 | } | |
| 526 | ||
| 527 | /** see if last resort is possible - does config allow queries to parent */ | |
| 528 | static int | |
| 529 | can_have_last_resort(struct module_env* env, uint8_t* nm, size_t nmlen, | |
| 530 | uint16_t qclass) | |
| 531 | { | |
| 532 | struct delegpt* fwddp; | |
| 533 | struct iter_hints_stub* stub; | |
| 534 | int labs = dname_count_labels(nm); | |
| 535 | /* do not process a last resort (the parent side) if a stub | |
| 536 | * or forward is configured, because we do not want to go 'above' | |
| 537 | * the configured servers */ | |
| 538 | if(!dname_is_root(nm) && (stub = (struct iter_hints_stub*) | |
| 539 | name_tree_find(&env->hints->tree, nm, nmlen, labs, qclass)) && | |
| 540 | /* has_parent side is turned off for stub_first, where we | |
| 541 | * are allowed to go to the parent */ | |
| 542 | stub->dp->has_parent_side_NS) { | |
| 543 | return 0; | |
| 544 | } | |
| 545 | if((fwddp = forwards_find(env->fwds, nm, qclass)) && | |
| 546 | /* has_parent_side is turned off for forward_first, where | |
| 547 | * we are allowed to go to the parent */ | |
| 548 | fwddp->has_parent_side_NS) { | |
| 549 | return 0; | |
| 482 | 550 | } |
| 483 | 551 | return 1; |
| 484 | 552 | } |
| 827 | 895 | |
| 828 | 896 | if(iq->depth == ie->max_dependency_depth) |
| 829 | 897 | return; |
| 898 | if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen, | |
| 899 | iq->qchase.qclass)) | |
| 900 | return; | |
| 830 | 901 | /* is this query the same as the nscheck? */ |
| 831 | 902 | if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS && |
| 832 | 903 | query_dname_compare(iq->dp->name, qstate->qinfo.qname)==0 && |
| 997 | 1068 | if(qstate->qinfo.qclass == LDNS_RR_CLASS_ANY) { |
| 998 | 1069 | iq->qchase.qclass = 0; |
| 999 | 1070 | return next_state(iq, COLLECT_CLASS_STATE); |
| 1071 | } | |
| 1072 | ||
| 1073 | /* | |
| 1074 | * If we are restricted by a forward-zone or a stub-zone, we | |
| 1075 | * can't re-fetch glue for this delegation point. | |
| 1076 | * we won’t try to re-fetch glue if the iq->dp is null. | |
| 1077 | */ | |
| 1078 | if (iq->refetch_glue && | |
| 1079 | iq->dp && | |
| 1080 | !can_have_last_resort(qstate->env, | |
| 1081 | iq->dp->name, | |
| 1082 | iq->dp->namelen, | |
| 1083 | iq->qchase.qclass)) { | |
| 1084 | iq->refetch_glue = 0; | |
| 1000 | 1085 | } |
| 1001 | 1086 | |
| 1002 | 1087 | /* Resolver Algorithm Step 1 -- Look for the answer in local data. */ |
| 1325 | 1410 | |
| 1326 | 1411 | /* If the RD flag wasn't set, then we just finish with the |
| 1327 | 1412 | * cached referral as the response. */ |
| 1328 | if(!(qstate->query_flags & BIT_RD)) { | |
| 1413 | if(!(qstate->query_flags & BIT_RD) && iq->deleg_msg) { | |
| 1329 | 1414 | iq->response = iq->deleg_msg; |
| 1330 | 1415 | if(verbosity >= VERB_ALGO && iq->response) |
| 1331 | 1416 | log_dns_msg("no RD requested, using delegation msg", |
| 1532 | 1617 | return 1; |
| 1533 | 1618 | } |
| 1534 | 1619 | |
| 1535 | /** see if last resort is possible - does config allow queries to parent */ | |
| 1536 | static int | |
| 1537 | can_have_last_resort(struct module_env* env, struct delegpt* dp, | |
| 1538 | struct iter_qstate* iq) | |
| 1539 | { | |
| 1540 | struct delegpt* fwddp; | |
| 1541 | struct iter_hints_stub* stub; | |
| 1542 | /* do not process a last resort (the parent side) if a stub | |
| 1543 | * or forward is configured, because we do not want to go 'above' | |
| 1544 | * the configured servers */ | |
| 1545 | if(!dname_is_root(dp->name) && (stub = (struct iter_hints_stub*) | |
| 1546 | name_tree_find(&env->hints->tree, dp->name, dp->namelen, | |
| 1547 | dp->namelabs, iq->qchase.qclass)) && | |
| 1548 | /* has_parent side is turned off for stub_first, where we | |
| 1549 | * are allowed to go to the parent */ | |
| 1550 | stub->dp->has_parent_side_NS) { | |
| 1551 | verbose(VERB_QUERY, "configured stub servers failed -- returning SERVFAIL"); | |
| 1552 | return 0; | |
| 1553 | } | |
| 1554 | if((fwddp = forwards_find(env->fwds, dp->name, iq->qchase.qclass)) && | |
| 1555 | /* has_parent_side is turned off for forward_first, where | |
| 1556 | * we are allowed to go to the parent */ | |
| 1557 | fwddp->has_parent_side_NS) { | |
| 1558 | verbose(VERB_QUERY, "configured forward servers failed -- returning SERVFAIL"); | |
| 1559 | return 0; | |
| 1560 | } | |
| 1561 | return 1; | |
| 1562 | } | |
| 1563 | ||
| 1564 | 1620 | /** |
| 1565 | 1621 | * Called by processQueryTargets when it would like extra targets to query |
| 1566 | 1622 | * but it seems to be out of options. At last resort some less appealing |
| 1582 | 1638 | verbose(VERB_ALGO, "No more query targets, attempting last resort"); |
| 1583 | 1639 | log_assert(iq->dp); |
| 1584 | 1640 | |
| 1585 | if(!can_have_last_resort(qstate->env, iq->dp, iq)) { | |
| 1641 | if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen, | |
| 1642 | iq->qchase.qclass)) { | |
| 1586 | 1643 | /* fail -- no more targets, no more hope of targets, no hope |
| 1587 | 1644 | * of a response. */ |
| 1645 | verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL"); | |
| 1588 | 1646 | return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); |
| 1589 | 1647 | } |
| 1590 | 1648 | if(!iq->dp->has_parent_side_NS && dname_is_root(iq->dp->name)) { |
| 1669 | 1727 | /* see if we can issue queries to get nameserver addresses */ |
| 1670 | 1728 | /* this lookup is not randomized, but sequential. */ |
| 1671 | 1729 | for(ns = iq->dp->nslist; ns; ns = ns->next) { |
| 1730 | /* if this nameserver is at a delegation point, but that | |
| 1731 | * delegation point is a stub and we cannot go higher, skip*/ | |
| 1732 | if( ((ie->supports_ipv6 && !ns->done_pside6) || | |
| 1733 | (ie->supports_ipv4 && !ns->done_pside4)) && | |
| 1734 | !can_have_last_resort(qstate->env, ns->name, ns->namelen, | |
| 1735 | iq->qchase.qclass)) { | |
| 1736 | log_nametypeclass(VERB_ALGO, "cannot pside lookup ns " | |
| 1737 | "because it is also a stub/forward,", | |
| 1738 | ns->name, LDNS_RR_TYPE_NS, iq->qchase.qclass); | |
| 1739 | if(ie->supports_ipv6) ns->done_pside6 = 1; | |
| 1740 | if(ie->supports_ipv4) ns->done_pside4 = 1; | |
| 1741 | continue; | |
| 1742 | } | |
| 1672 | 1743 | /* query for parent-side A and AAAA for nameservers */ |
| 1673 | 1744 | if(ie->supports_ipv6 && !ns->done_pside6) { |
| 1674 | 1745 | /* Send the AAAA request. */ |
| 2168 | 2239 | int dnsseclame = 0; |
| 2169 | 2240 | enum response_type type; |
| 2170 | 2241 | iq->num_current_queries--; |
| 2242 | ||
| 2243 | if(!inplace_cb_query_response_call(qstate->env, qstate, iq->response)) | |
| 2244 | log_err("unable to call query_response callback"); | |
| 2245 | ||
| 2171 | 2246 | if(iq->response == NULL) { |
| 2172 | 2247 | /* Don't increment qname when QNAME minimisation is enabled */ |
| 2173 | 2248 | if(qstate->env->cfg->qname_minimisation) |
| 2232 | 2307 | } else |
| 2233 | 2308 | iter_scrub_ds(iq->response, ns, iq->dp->name); |
| 2234 | 2309 | } else iter_scrub_ds(iq->response, NULL, NULL); |
| 2310 | if(type == RESPONSE_TYPE_THROWAWAY && | |
| 2311 | FLAGS_GET_RCODE(iq->response->rep->flags) == LDNS_RCODE_YXDOMAIN) { | |
| 2312 | /* YXDOMAIN is a permanent error, no need to retry */ | |
| 2313 | type = RESPONSE_TYPE_ANSWER; | |
| 2314 | } | |
| 2315 | if(type == RESPONSE_TYPE_CNAME && iq->response->rep->an_numrrsets >= 1 | |
| 2316 | && ntohs(iq->response->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DNAME) { | |
| 2317 | uint8_t* sname = NULL; | |
| 2318 | size_t snamelen = 0; | |
| 2319 | get_cname_target(iq->response->rep->rrsets[0], &sname, | |
| 2320 | &snamelen); | |
| 2321 | if(snamelen && dname_subdomain_c(sname, iq->response->rep->rrsets[0]->rk.dname)) { | |
| 2322 | /* DNAME to a subdomain loop; do not recurse */ | |
| 2323 | type = RESPONSE_TYPE_ANSWER; | |
| 2324 | } | |
| 2325 | } | |
| 2235 | 2326 | |
| 2236 | 2327 | /* handle each of the type cases */ |
| 2237 | 2328 | if(type == RESPONSE_TYPE_ANSWER) { |
| 3158 | 3249 | if(!qstate->edns_opts_back_in) { |
| 3159 | 3250 | log_err("out of memory on incoming message"); |
| 3160 | 3251 | /* like packet got dropped */ |
| 3252 | goto handle_it; | |
| 3253 | } | |
| 3254 | if(!inplace_cb_edns_back_parsed_call(qstate->env, qstate)) { | |
| 3255 | log_err("unable to call edns_back_parsed callback"); | |
| 3161 | 3256 | goto handle_it; |
| 3162 | 3257 | } |
| 3163 | 3258 | } |
| 50 | 50 | struct iter_donotq; |
| 51 | 51 | struct iter_prep_list; |
| 52 | 52 | struct iter_priv; |
| 53 | struct rbtree_t; | |
| 53 | struct rbtree_type; | |
| 54 | 54 | |
| 55 | 55 | /** max number of targets spawned for a query and its subqueries */ |
| 56 | 56 | #define MAX_TARGET_COUNT 64 |
| 114 | 114 | struct iter_priv* priv; |
| 115 | 115 | |
| 116 | 116 | /** whitelist for capsforid names */ |
| 117 | struct rbtree_t* caps_white; | |
| 117 | struct rbtree_type* caps_white; | |
| 118 | 118 | |
| 119 | 119 | /** The maximum dependency depth that this resolver will pursue. */ |
| 120 | 120 | int max_dependency_depth; |
| 126 | 126 | |
| 127 | 127 | struct ctx_query* |
| 128 | 128 | context_new(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, |
| 129 | ub_callback_t cb, void* cbarg) | |
| 129 | ub_callback_type cb, void* cbarg) | |
| 130 | 130 | { |
| 131 | 131 | struct ctx_query* q = (struct ctx_query*)calloc(1, sizeof(*q)); |
| 132 | 132 | if(!q) return NULL; |
| 60 | 60 | struct ub_ctx { |
| 61 | 61 | /* --- pipes --- */ |
| 62 | 62 | /** mutex on query write pipe */ |
| 63 | lock_basic_t qqpipe_lock; | |
| 63 | lock_basic_type qqpipe_lock; | |
| 64 | 64 | /** the query write pipe */ |
| 65 | 65 | struct tube* qq_pipe; |
| 66 | 66 | /** mutex on result read pipe */ |
| 67 | lock_basic_t rrpipe_lock; | |
| 67 | lock_basic_type rrpipe_lock; | |
| 68 | 68 | /** the result read pipe */ |
| 69 | 69 | struct tube* rr_pipe; |
| 70 | 70 | |
| 71 | 71 | /* --- shared data --- */ |
| 72 | 72 | /** mutex for access to env.cfg, finalized and dothread */ |
| 73 | lock_basic_t cfglock; | |
| 73 | lock_basic_type cfglock; | |
| 74 | 74 | /** |
| 75 | 75 | * The context has been finalized |
| 76 | 76 | * This is after config when the first resolve is done. |
| 83 | 83 | /** pid of bg worker process */ |
| 84 | 84 | pid_t bg_pid; |
| 85 | 85 | /** tid of bg worker thread */ |
| 86 | ub_thread_t bg_tid; | |
| 86 | ub_thread_type bg_tid; | |
| 87 | 87 | |
| 88 | 88 | /** do threading (instead of forking) for async resolution */ |
| 89 | 89 | int dothread; |
| 128 | 128 | * Used to see if querynum is free for use. |
| 129 | 129 | * Content of type ctx_query. |
| 130 | 130 | */ |
| 131 | rbtree_t queries; | |
| 131 | rbtree_type queries; | |
| 132 | 132 | }; |
| 133 | 133 | |
| 134 | 134 | /** |
| 139 | 139 | */ |
| 140 | 140 | struct ctx_query { |
| 141 | 141 | /** node in rbtree, must be first entry, key is ptr to the querynum */ |
| 142 | struct rbnode_t node; | |
| 142 | struct rbnode_type node; | |
| 143 | 143 | /** query id number, key for node */ |
| 144 | 144 | int querynum; |
| 145 | 145 | /** was this an async query? */ |
| 148 | 148 | int cancelled; |
| 149 | 149 | |
| 150 | 150 | /** for async query, the callback function */ |
| 151 | ub_callback_t cb; | |
| 151 | ub_callback_type cb; | |
| 152 | 152 | /** for async query, the callback user arg */ |
| 153 | 153 | void* cb_arg; |
| 154 | 154 | |
| 241 | 241 | * @return new ctx_query or NULL for malloc failure. |
| 242 | 242 | */ |
| 243 | 243 | struct ctx_query* context_new(struct ub_ctx* ctx, const char* name, int rrtype, |
| 244 | int rrclass, ub_callback_t cb, void* cbarg); | |
| 244 | int rrclass, ub_callback_type cb, void* cbarg); | |
| 245 | 245 | |
| 246 | 246 | /** |
| 247 | 247 | * Get a new alloc. Creates a new one or uses a cached one. |
| 214 | 214 | |
| 215 | 215 | /** delete q */ |
| 216 | 216 | static void |
| 217 | delq(rbnode_t* n, void* ATTR_UNUSED(arg)) | |
| 217 | delq(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 218 | 218 | { |
| 219 | 219 | struct ctx_query* q = (struct ctx_query*)n; |
| 220 | 220 | context_query_delete(q); |
| 309 | 309 | infra_delete(ctx->env->infra_cache); |
| 310 | 310 | config_delete(ctx->env->cfg); |
| 311 | 311 | edns_known_options_delete(ctx->env); |
| 312 | inplace_cb_lists_delete(ctx->env); | |
| 313 | 312 | free(ctx->env); |
| 314 | 313 | } |
| 315 | 314 | ub_randfree(ctx->seed_rnd); |
| 499 | 498 | /** process answer from bg worker */ |
| 500 | 499 | static int |
| 501 | 500 | process_answer_detail(struct ub_ctx* ctx, uint8_t* msg, uint32_t len, |
| 502 | ub_callback_t* cb, void** cbarg, int* err, | |
| 501 | ub_callback_type* cb, void** cbarg, int* err, | |
| 503 | 502 | struct ub_result** res) |
| 504 | 503 | { |
| 505 | 504 | struct ctx_query* q; |
| 566 | 565 | process_answer(struct ub_ctx* ctx, uint8_t* msg, uint32_t len) |
| 567 | 566 | { |
| 568 | 567 | int err; |
| 569 | ub_callback_t cb; | |
| 568 | ub_callback_type cb; | |
| 570 | 569 | void* cbarg; |
| 571 | 570 | struct ub_result* res; |
| 572 | 571 | int r; |
| 609 | 608 | ub_wait(struct ub_ctx* ctx) |
| 610 | 609 | { |
| 611 | 610 | int err; |
| 612 | ub_callback_t cb; | |
| 611 | ub_callback_type cb; | |
| 613 | 612 | void* cbarg; |
| 614 | 613 | struct ub_result* res; |
| 615 | 614 | int r; |
| 705 | 704 | |
| 706 | 705 | int |
| 707 | 706 | ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype, |
| 708 | int rrclass, void* mydata, ub_event_callback_t callback, int* async_id) | |
| 707 | int rrclass, void* mydata, ub_event_callback_type callback, | |
| 708 | int* async_id) | |
| 709 | 709 | { |
| 710 | 710 | struct ctx_query* q; |
| 711 | 711 | int r; |
| 733 | 733 | ub_comm_base_now(ctx->event_worker->base); |
| 734 | 734 | |
| 735 | 735 | /* create new ctx_query and attempt to add to the list */ |
| 736 | q = context_new(ctx, name, rrtype, rrclass, (ub_callback_t)callback, | |
| 736 | q = context_new(ctx, name, rrtype, rrclass, (ub_callback_type)callback, | |
| 737 | 737 | mydata); |
| 738 | 738 | if(!q) |
| 739 | 739 | return UB_NOMEM; |
| 747 | 747 | |
| 748 | 748 | int |
| 749 | 749 | ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, |
| 750 | int rrclass, void* mydata, ub_callback_t callback, int* async_id) | |
| 750 | int rrclass, void* mydata, ub_callback_type callback, int* async_id) | |
| 751 | 751 | { |
| 752 | 752 | struct ctx_query* q; |
| 753 | 753 | uint8_t* msg = NULL; |
| 638 | 638 | enum sec_status s, char* why_bogus) |
| 639 | 639 | { |
| 640 | 640 | struct ctx_query* q = (struct ctx_query*)arg; |
| 641 | ub_event_callback_t cb = (ub_event_callback_t)q->cb; | |
| 641 | ub_event_callback_type cb = (ub_event_callback_type)q->cb; | |
| 642 | 642 | void* cb_arg = q->cb_arg; |
| 643 | 643 | int cancelled = q->cancelled; |
| 644 | 644 |
| 169 | 169 | struct ub_event_vmt* vmt; |
| 170 | 170 | }; |
| 171 | 171 | |
| 172 | typedef void (*ub_event_callback_t)(void*, int, void*, int, int, char*); | |
| 172 | typedef void (*ub_event_callback_type)(void*, int, void*, int, int, char*); | |
| 173 | 173 | |
| 174 | 174 | /** |
| 175 | 175 | * Create a resolving and validation context. |
| 253 | 253 | * @return 0 if OK, else error. |
| 254 | 254 | */ |
| 255 | 255 | int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype, |
| 256 | int rrclass, void* mydata, ub_event_callback_t callback, int* async_id); | |
| 256 | int rrclass, void* mydata, ub_event_callback_type callback, | |
| 257 | int* async_id); | |
| 257 | 258 | |
| 258 | 259 | #ifdef __cplusplus |
| 259 | 260 | } |
| 222 | 222 | * This structure is allocated on the heap and needs to be |
| 223 | 223 | * freed with ub_resolve_free(result); |
| 224 | 224 | */ |
| 225 | typedef void (*ub_callback_t)(void*, int, struct ub_result*); | |
| 225 | typedef void (*ub_callback_type)(void*, int, struct ub_result*); | |
| 226 | 226 | |
| 227 | 227 | /** |
| 228 | 228 | * Create a resolving and validation context. |
| 518 | 518 | * @return 0 if OK, else error. |
| 519 | 519 | */ |
| 520 | 520 | int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, |
| 521 | int rrclass, void* mydata, ub_callback_t callback, int* async_id); | |
| 521 | int rrclass, void* mydata, ub_callback_type callback, int* async_id); | |
| 522 | 522 | |
| 523 | 523 | /** |
| 524 | 524 | * Cancel an async query in progress. |
| 600 | 600 | */ |
| 601 | 601 | const char* ub_version(void); |
| 602 | 602 | |
| 603 | /** | |
| 604 | * Some global statistics that are not in struct stats_info, | |
| 605 | * this struct is shared on a shm segment (shm-key in unbound.conf) | |
| 606 | */ | |
| 607 | struct ub_shm_stat_info { | |
| 608 | int num_threads; | |
| 609 | ||
| 610 | struct { | |
| 611 | long long now_sec, now_usec; | |
| 612 | long long up_sec, up_usec; | |
| 613 | long long elapsed_sec, elapsed_usec; | |
| 614 | } time; | |
| 615 | ||
| 616 | struct { | |
| 617 | long long msg; | |
| 618 | long long rrset; | |
| 619 | long long val; | |
| 620 | long long iter; | |
| 621 | long long subnet; | |
| 622 | long long ipsecmod; | |
| 623 | long long respip; | |
| 624 | } mem; | |
| 625 | }; | |
| 626 | ||
| 627 | /** number of qtype that is stored for in array */ | |
| 628 | #define UB_STATS_QTYPE_NUM 256 | |
| 629 | /** number of qclass that is stored for in array */ | |
| 630 | #define UB_STATS_QCLASS_NUM 256 | |
| 631 | /** number of rcodes in stats */ | |
| 632 | #define UB_STATS_RCODE_NUM 16 | |
| 633 | /** number of opcodes in stats */ | |
| 634 | #define UB_STATS_OPCODE_NUM 16 | |
| 635 | /** number of histogram buckets */ | |
| 636 | #define UB_STATS_BUCKET_NUM 40 | |
| 637 | ||
| 638 | /** per worker statistics. */ | |
| 639 | struct ub_server_stats { | |
| 640 | /** number of queries from clients received. */ | |
| 641 | long long num_queries; | |
| 642 | /** number of queries that have been dropped/ratelimited by ip. */ | |
| 643 | long long num_queries_ip_ratelimited; | |
| 644 | /** number of queries that had a cache-miss. */ | |
| 645 | long long num_queries_missed_cache; | |
| 646 | /** number of prefetch queries - cachehits with prefetch */ | |
| 647 | long long num_queries_prefetch; | |
| 648 | ||
| 649 | /** | |
| 650 | * Sum of the querylistsize of the worker for | |
| 651 | * every query that missed cache. To calculate average. | |
| 652 | */ | |
| 653 | long long sum_query_list_size; | |
| 654 | /** max value of query list size reached. */ | |
| 655 | long long max_query_list_size; | |
| 656 | ||
| 657 | /** Extended stats below (bool) */ | |
| 658 | int extended; | |
| 659 | ||
| 660 | /** qtype stats */ | |
| 661 | long long qtype[UB_STATS_QTYPE_NUM]; | |
| 662 | /** bigger qtype values not in array */ | |
| 663 | long long qtype_big; | |
| 664 | /** qclass stats */ | |
| 665 | long long qclass[UB_STATS_QCLASS_NUM]; | |
| 666 | /** bigger qclass values not in array */ | |
| 667 | long long qclass_big; | |
| 668 | /** query opcodes */ | |
| 669 | long long qopcode[UB_STATS_OPCODE_NUM]; | |
| 670 | /** number of queries over TCP */ | |
| 671 | long long qtcp; | |
| 672 | /** number of outgoing queries over TCP */ | |
| 673 | long long qtcp_outgoing; | |
| 674 | /** number of queries over IPv6 */ | |
| 675 | long long qipv6; | |
| 676 | /** number of queries with QR bit */ | |
| 677 | long long qbit_QR; | |
| 678 | /** number of queries with AA bit */ | |
| 679 | long long qbit_AA; | |
| 680 | /** number of queries with TC bit */ | |
| 681 | long long qbit_TC; | |
| 682 | /** number of queries with RD bit */ | |
| 683 | long long qbit_RD; | |
| 684 | /** number of queries with RA bit */ | |
| 685 | long long qbit_RA; | |
| 686 | /** number of queries with Z bit */ | |
| 687 | long long qbit_Z; | |
| 688 | /** number of queries with AD bit */ | |
| 689 | long long qbit_AD; | |
| 690 | /** number of queries with CD bit */ | |
| 691 | long long qbit_CD; | |
| 692 | /** number of queries with EDNS OPT record */ | |
| 693 | long long qEDNS; | |
| 694 | /** number of queries with EDNS with DO flag */ | |
| 695 | long long qEDNS_DO; | |
| 696 | /** answer rcodes */ | |
| 697 | long long ans_rcode[UB_STATS_RCODE_NUM]; | |
| 698 | /** answers with pseudo rcode 'nodata' */ | |
| 699 | long long ans_rcode_nodata; | |
| 700 | /** answers that were secure (AD) */ | |
| 701 | long long ans_secure; | |
| 702 | /** answers that were bogus (withheld as SERVFAIL) */ | |
| 703 | long long ans_bogus; | |
| 704 | /** rrsets marked bogus by validator */ | |
| 705 | long long rrset_bogus; | |
| 706 | /** unwanted traffic received on server-facing ports */ | |
| 707 | long long unwanted_replies; | |
| 708 | /** unwanted traffic received on client-facing ports */ | |
| 709 | long long unwanted_queries; | |
| 710 | /** usage of tcp accept list */ | |
| 711 | long long tcp_accept_usage; | |
| 712 | /** answers served from expired cache */ | |
| 713 | long long zero_ttl_responses; | |
| 714 | /** histogram data exported to array | |
| 715 | * if the array is the same size, no data is lost, and | |
| 716 | * if all histograms are same size (is so by default) then | |
| 717 | * adding up works well. */ | |
| 718 | long long hist[UB_STATS_BUCKET_NUM]; | |
| 719 | ||
| 720 | /** number of message cache entries */ | |
| 721 | long long msg_cache_count; | |
| 722 | /** number of rrset cache entries */ | |
| 723 | long long rrset_cache_count; | |
| 724 | /** number of infra cache entries */ | |
| 725 | long long infra_cache_count; | |
| 726 | /** number of key cache entries */ | |
| 727 | long long key_cache_count; | |
| 728 | ||
| 729 | /** number of queries that used dnscrypt */ | |
| 730 | long long num_query_dnscrypt_crypted; | |
| 731 | /** number of queries that queried dnscrypt certificates */ | |
| 732 | long long num_query_dnscrypt_cert; | |
| 733 | /** number of queries in clear text and not asking for the certificates */ | |
| 734 | long long num_query_dnscrypt_cleartext; | |
| 735 | /** number of malformed encrypted queries */ | |
| 736 | long long num_query_dnscrypt_crypted_malformed; | |
| 737 | }; | |
| 738 | ||
| 739 | /** | |
| 740 | * Statistics to send over the control pipe when asked | |
| 741 | * This struct is made to be memcpied, sent in binary. | |
| 742 | * shm mapped with (number+1) at num_threads+1, with first as total | |
| 743 | */ | |
| 744 | struct ub_stats_info { | |
| 745 | /** the thread stats */ | |
| 746 | struct ub_server_stats svr; | |
| 747 | ||
| 748 | /** mesh stats: current number of states */ | |
| 749 | long long mesh_num_states; | |
| 750 | /** mesh stats: current number of reply (user) states */ | |
| 751 | long long mesh_num_reply_states; | |
| 752 | /** mesh stats: number of reply states overwritten with a new one */ | |
| 753 | long long mesh_jostled; | |
| 754 | /** mesh stats: number of incoming queries dropped */ | |
| 755 | long long mesh_dropped; | |
| 756 | /** mesh stats: replies sent */ | |
| 757 | long long mesh_replies_sent; | |
| 758 | /** mesh stats: sum of waiting times for the replies */ | |
| 759 | long long mesh_replies_sum_wait_sec, mesh_replies_sum_wait_usec; | |
| 760 | /** mesh stats: median of waiting times for replies (in sec) */ | |
| 761 | double mesh_time_median; | |
| 762 | }; | |
| 763 | ||
| 603 | 764 | #ifdef __cplusplus |
| 604 | 765 | } |
| 605 | 766 | #endif |
| 62 | 62 | |
| 63 | 63 | .. code-block:: python |
| 64 | 64 | |
| 65 | if not register_inplace_cb_reply(inplace_reply_callback, env): | |
| 65 | if not register_inplace_cb_reply(inplace_reply_callback, env, id): | |
| 66 | 66 | log_info("python: Could not register inplace callback function.") |
| 67 | 67 | |
| 68 | 68 | |
| 98 | 98 | |
| 99 | 99 | .. code-block:: python |
| 100 | 100 | |
| 101 | if not register_inplace_cb_reply_cache(inplace_cache_callback, env): | |
| 101 | if not register_inplace_cb_reply_cache(inplace_cache_callback, env, id): | |
| 102 | 102 | log_info("python: Could not register inplace callback function.") |
| 103 | 103 | |
| 104 | 104 | |
| 134 | 134 | |
| 135 | 135 | .. code-block:: python |
| 136 | 136 | |
| 137 | if not register_inplace_cb_reply_local(inplace_local_callback, env): | |
| 137 | if not register_inplace_cb_reply_local(inplace_local_callback, env, id): | |
| 138 | 138 | log_info("python: Could not register inplace callback function.") |
| 139 | 139 | |
| 140 | 140 | |
| 171 | 171 | |
| 172 | 172 | .. code-block:: python |
| 173 | 173 | |
| 174 | if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env): | |
| 174 | if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env, id): | |
| 175 | 175 | log_info("python: Could not register inplace callback function.") |
| 176 | 176 | |
| 177 | 177 | |
| 45 | 45 | # (unbound needs to be validating for this example to work) |
| 46 | 46 | |
| 47 | 47 | # Useful functions: |
| 48 | # register_inplace_cb_reply(inplace_reply_callback, env): | |
| 48 | # register_inplace_cb_reply(inplace_reply_callback, env, id): | |
| 49 | 49 | # Register the reply_callback function as an inplace callback function |
| 50 | 50 | # when answering with a resolved query. |
| 51 | 51 | # Return True on success, False on failure. |
| 52 | 52 | # |
| 53 | # register_inplace_cb_reply_cache(inplace_reply_cache_callback, env): | |
| 53 | # register_inplace_cb_reply_cache(inplace_reply_cache_callback, env, id): | |
| 54 | 54 | # Register the reply_cache_callback function as an inplace callback |
| 55 | 55 | # function when answering from cache. |
| 56 | 56 | # Return True on success, False on failure. |
| 57 | 57 | # |
| 58 | # register_inplace_cb_reply_local(inplace_reply_local_callback, env): | |
| 58 | # register_inplace_cb_reply_local(inplace_reply_local_callback, env, id): | |
| 59 | 59 | # Register the reply_local_callback function as an inplace callback |
| 60 | 60 | # function when answering from local data or chaos reply. |
| 61 | 61 | # Return True on success, False on failure. |
| 62 | 62 | # |
| 63 | # register_inplace_cb_reply_servfail(inplace_reply_servfail_callback, env): | |
| 63 | # register_inplace_cb_reply_servfail(inplace_reply_servfail_callback, env, id): | |
| 64 | 64 | # Register the reply_servfail_callback function as an inplace callback |
| 65 | 65 | # function when answering with servfail. |
| 66 | 66 | # Return True on success, False on failure. |
| 192 | 192 | |
| 193 | 193 | # Register the inplace_reply_callback function as an inplace callback |
| 194 | 194 | # function when answering a resolved query. |
| 195 | if not register_inplace_cb_reply(inplace_reply_callback, env): | |
| 195 | if not register_inplace_cb_reply(inplace_reply_callback, env, id): | |
| 196 | 196 | return False |
| 197 | 197 | |
| 198 | 198 | # Register the inplace_cache_callback function as an inplace callback |
| 199 | 199 | # function when answering from cache. |
| 200 | if not register_inplace_cb_reply_cache(inplace_cache_callback, env): | |
| 200 | if not register_inplace_cb_reply_cache(inplace_cache_callback, env, id): | |
| 201 | 201 | return False |
| 202 | 202 | |
| 203 | 203 | # Register the inplace_local_callback function as an inplace callback |
| 204 | 204 | # function when answering from local data. |
| 205 | if not register_inplace_cb_reply_local(inplace_local_callback, env): | |
| 205 | if not register_inplace_cb_reply_local(inplace_local_callback, env, id): | |
| 206 | 206 | return False |
| 207 | 207 | |
| 208 | 208 | # Register the inplace_servfail_callback function as an inplace callback |
| 209 | 209 | # function when answering with SERVFAIL. |
| 210 | if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env): | |
| 210 | if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env, id): | |
| 211 | 211 | return False |
| 212 | 212 | |
| 213 | 213 | return True |
| 3 | 3 | %module unboundmodule |
| 4 | 4 | %{ |
| 5 | 5 | /** |
| 6 | * \file | |
| 6 | * \file | |
| 7 | 7 | * This is the interface between the unbound server and a python module |
| 8 | 8 | * called to perform operations on queries. |
| 9 | 9 | */ |
| 57 | 57 | } |
| 58 | 58 | %} |
| 59 | 59 | |
| 60 | /* ************************************************************************************ * | |
| 60 | /* ************************************************************************************ * | |
| 61 | 61 | Structure query_info |
| 62 | 62 | * ************************************************************************************ */ |
| 63 | 63 | /* Query info */ |
| 75 | 75 | }; |
| 76 | 76 | |
| 77 | 77 | %inline %{ |
| 78 | enum enum_rr_class { | |
| 78 | enum enum_rr_class { | |
| 79 | 79 | RR_CLASS_IN = 1, |
| 80 | 80 | RR_CLASS_CH = 3, |
| 81 | 81 | RR_CLASS_HS = 4, |
| 82 | 82 | RR_CLASS_NONE = 254, |
| 83 | 83 | RR_CLASS_ANY = 255, |
| 84 | 84 | }; |
| 85 | ||
| 85 | ||
| 86 | 86 | enum enum_rr_type { |
| 87 | RR_TYPE_A = 1, | |
| 88 | RR_TYPE_NS = 2, | |
| 89 | RR_TYPE_MD = 3, | |
| 90 | RR_TYPE_MF = 4, | |
| 91 | RR_TYPE_CNAME = 5, | |
| 92 | RR_TYPE_SOA = 6, | |
| 93 | RR_TYPE_MB = 7, | |
| 94 | RR_TYPE_MG = 8, | |
| 95 | RR_TYPE_MR = 9, | |
| 87 | RR_TYPE_A = 1, | |
| 88 | RR_TYPE_NS = 2, | |
| 89 | RR_TYPE_MD = 3, | |
| 90 | RR_TYPE_MF = 4, | |
| 91 | RR_TYPE_CNAME = 5, | |
| 92 | RR_TYPE_SOA = 6, | |
| 93 | RR_TYPE_MB = 7, | |
| 94 | RR_TYPE_MG = 8, | |
| 95 | RR_TYPE_MR = 9, | |
| 96 | 96 | RR_TYPE_NULL = 10, |
| 97 | 97 | RR_TYPE_WKS = 11, |
| 98 | 98 | RR_TYPE_PTR = 12, |
| 130 | 130 | RR_TYPE_SSHFP = 44, |
| 131 | 131 | RR_TYPE_IPSECKEY = 45, |
| 132 | 132 | RR_TYPE_RRSIG = 46, |
| 133 | RR_TYPE_NSEC = 47, | |
| 133 | RR_TYPE_NSEC = 47, | |
| 134 | 134 | RR_TYPE_DNSKEY = 48, |
| 135 | 135 | RR_TYPE_DHCID = 49, |
| 136 | 136 | RR_TYPE_NSEC3 = 50, |
| 150 | 150 | |
| 151 | 151 | PyObject* _get_qname(struct query_info* q) { |
| 152 | 152 | return PyBytes_FromStringAndSize((char*)q->qname, q->qname_len); |
| 153 | } | |
| 153 | } | |
| 154 | 154 | |
| 155 | 155 | PyObject* _get_qname_components(struct query_info* q) { |
| 156 | 156 | return GetNameAsLabelList((const char*)q->qname, q->qname_len); |
| 178 | 178 | |
| 179 | 179 | __swig_getmethods__["qname"] = _unboundmodule._get_qname |
| 180 | 180 | if _newclass:qname = _swig_property(_unboundmodule._get_qname) |
| 181 | ||
| 181 | ||
| 182 | 182 | __swig_getmethods__["qname_list"] = _unboundmodule._get_qname_components |
| 183 | 183 | if _newclass:qname_list = _swig_property(_unboundmodule._get_qname_components) |
| 184 | 184 | |
| 188 | 188 | %} |
| 189 | 189 | } |
| 190 | 190 | |
| 191 | /* ************************************************************************************ * | |
| 191 | /* ************************************************************************************ * | |
| 192 | 192 | Structure packed_rrset_key |
| 193 | 193 | * ************************************************************************************ */ |
| 194 | 194 | %ignore packed_rrset_key::dname; |
| 199 | 199 | %immutable; |
| 200 | 200 | char* dname; |
| 201 | 201 | size_t dname_len; |
| 202 | uint32_t flags; | |
| 202 | uint32_t flags; | |
| 203 | 203 | uint16_t type; /* rrset type in network format */ |
| 204 | 204 | uint16_t rrset_class; /* rrset class in network format */ |
| 205 | 205 | %mutable; |
| 215 | 215 | %inline %{ |
| 216 | 216 | PyObject* _get_dname(struct packed_rrset_key* k) { |
| 217 | 217 | return PyBytes_FromStringAndSize((char*)k->dname, k->dname_len); |
| 218 | } | |
| 218 | } | |
| 219 | 219 | PyObject* _get_dname_components(struct packed_rrset_key* k) { |
| 220 | 220 | return GetNameAsLabelList((char*)k->dname, k->dname_len); |
| 221 | 221 | } |
| 243 | 243 | %} |
| 244 | 244 | } |
| 245 | 245 | |
| 246 | #if defined(SWIGWORDSIZE64) | |
| 247 | typedef long int rrset_id_t; | |
| 248 | #else | |
| 249 | typedef long long int rrset_id_t; | |
| 250 | #endif | |
| 246 | #if defined(SWIGWORDSIZE64) | |
| 247 | typedef long int rrset_id_type; | |
| 248 | #else | |
| 249 | typedef long long int rrset_id_type; | |
| 250 | #endif | |
| 251 | 251 | |
| 252 | 252 | struct ub_packed_rrset_key { |
| 253 | 253 | struct lruhash_entry entry; |
| 254 | rrset_id_t id; | |
| 254 | rrset_id_type id; | |
| 255 | 255 | struct packed_rrset_key rk; |
| 256 | 256 | }; |
| 257 | 257 | |
| 258 | 258 | struct lruhash_entry { |
| 259 | lock_rw_t lock; | |
| 259 | lock_rw_type lock; | |
| 260 | 260 | struct lruhash_entry* overflow_next; |
| 261 | 261 | struct lruhash_entry* lru_next; |
| 262 | 262 | struct lruhash_entry* lru_prev; |
| 263 | hashvalue_t hash; | |
| 263 | hashvalue_type hash; | |
| 264 | 264 | void* key; |
| 265 | 265 | struct packed_rrset_data* data; |
| 266 | 266 | }; |
| 278 | 278 | /* number of rrsigs */ |
| 279 | 279 | size_t rrsig_count; |
| 280 | 280 | |
| 281 | enum rrset_trust trust; | |
| 281 | enum rrset_trust trust; | |
| 282 | 282 | enum sec_status security; |
| 283 | 283 | |
| 284 | 284 | /* length of every rr's rdata */ |
| 308 | 308 | |
| 309 | 309 | %inline %{ |
| 310 | 310 | PyObject* _get_data_rr_len(struct packed_rrset_data* d, int idx) { |
| 311 | if ((d != NULL) && (idx >= 0) && | |
| 312 | ((size_t)idx < (d->count+d->rrsig_count))) | |
| 311 | if ((d != NULL) && (idx >= 0) && | |
| 312 | ((size_t)idx < (d->count+d->rrsig_count))) | |
| 313 | 313 | return PyInt_FromLong(d->rr_len[idx]); |
| 314 | 314 | return Py_None; |
| 315 | 315 | } |
| 316 | 316 | void _set_data_rr_ttl(struct packed_rrset_data* d, int idx, uint32_t ttl) |
| 317 | 317 | { |
| 318 | if ((d != NULL) && (idx >= 0) && | |
| 319 | ((size_t)idx < (d->count+d->rrsig_count))) | |
| 318 | if ((d != NULL) && (idx >= 0) && | |
| 319 | ((size_t)idx < (d->count+d->rrsig_count))) | |
| 320 | 320 | d->rr_ttl[idx] = ttl; |
| 321 | 321 | } |
| 322 | 322 | PyObject* _get_data_rr_ttl(struct packed_rrset_data* d, int idx) { |
| 323 | if ((d != NULL) && (idx >= 0) && | |
| 324 | ((size_t)idx < (d->count+d->rrsig_count))) | |
| 323 | if ((d != NULL) && (idx >= 0) && | |
| 324 | ((size_t)idx < (d->count+d->rrsig_count))) | |
| 325 | 325 | return PyInt_FromLong(d->rr_ttl[idx]); |
| 326 | 326 | return Py_None; |
| 327 | 327 | } |
| 328 | 328 | PyObject* _get_data_rr_data(struct packed_rrset_data* d, int idx) { |
| 329 | if ((d != NULL) && (idx >= 0) && | |
| 330 | ((size_t)idx < (d->count+d->rrsig_count))) | |
| 329 | if ((d != NULL) && (idx >= 0) && | |
| 330 | ((size_t)idx < (d->count+d->rrsig_count))) | |
| 331 | 331 | return PyBytes_FromStringAndSize((char*)d->rr_data[idx], |
| 332 | 332 | d->rr_len[idx]); |
| 333 | 333 | return Py_None; |
| 348 | 348 | %} |
| 349 | 349 | } |
| 350 | 350 | |
| 351 | /* ************************************************************************************ * | |
| 351 | /* ************************************************************************************ * | |
| 352 | 352 | Structure reply_info |
| 353 | 353 | * ************************************************************************************ */ |
| 354 | 354 | /* Messages */ |
| 375 | 375 | |
| 376 | 376 | struct rrset_ref { |
| 377 | 377 | struct ub_packed_rrset_key* key; |
| 378 | rrset_id_t id; | |
| 378 | rrset_id_type id; | |
| 379 | 379 | }; |
| 380 | 380 | |
| 381 | 381 | struct dns_msg { |
| 425 | 425 | %} |
| 426 | 426 | } |
| 427 | 427 | |
| 428 | /* ************************************************************************************ * | |
| 428 | /* ************************************************************************************ * | |
| 429 | 429 | Structure mesh_state |
| 430 | 430 | * ************************************************************************************ */ |
| 431 | 431 | struct mesh_state { |
| 438 | 438 | }; |
| 439 | 439 | |
| 440 | 440 | struct comm_reply { |
| 441 | ||
| 441 | ||
| 442 | 442 | }; |
| 443 | 443 | |
| 444 | 444 | %inline %{ |
| 488 | 488 | %} |
| 489 | 489 | } |
| 490 | 490 | |
| 491 | /* ************************************************************************************ * | |
| 491 | /* ************************************************************************************ * | |
| 492 | 492 | Structure edns_option |
| 493 | 493 | * ************************************************************************************ */ |
| 494 | 494 | /* Rename the members to follow the python convention of marking them as |
| 499 | 499 | %rename(_opt_len) edns_option::opt_len; |
| 500 | 500 | %rename(_opt_data) edns_option::opt_data; |
| 501 | 501 | struct edns_option { |
| 502 | struct edns_option* next; | |
| 503 | uint16_t opt_code; | |
| 504 | size_t opt_len; | |
| 505 | uint8_t* opt_data; | |
| 502 | struct edns_option* next; | |
| 503 | uint16_t opt_code; | |
| 504 | size_t opt_len; | |
| 505 | uint8_t* opt_data; | |
| 506 | 506 | }; |
| 507 | 507 | |
| 508 | 508 | %inline %{ |
| 512 | 512 | } |
| 513 | 513 | |
| 514 | 514 | PyObject* _edns_option_opt_data_get(struct edns_option* option) { |
| 515 | return PyByteArray_FromStringAndSize((uint8_t*)option->opt_data, | |
| 515 | return PyByteArray_FromStringAndSize((void*)option->opt_data, | |
| 516 | 516 | option->opt_len); |
| 517 | 517 | } |
| 518 | 518 | %} |
| 528 | 528 | %} |
| 529 | 529 | } |
| 530 | 530 | |
| 531 | /* ************************************************************************************ * | |
| 531 | /* ************************************************************************************ * | |
| 532 | 532 | Structure edns_data |
| 533 | 533 | * ************************************************************************************ */ |
| 534 | 534 | /* This is ignored because we will pass a double pointer of this to Python |
| 536 | 536 | * pointers as None. */ |
| 537 | 537 | %ignore edns_data::opt_list; |
| 538 | 538 | struct edns_data { |
| 539 | int edns_present; | |
| 540 | uint8_t ext_rcode; | |
| 541 | uint8_t edns_version; | |
| 542 | uint16_t bits; | |
| 543 | uint16_t udp_size; | |
| 544 | struct edns_option* opt_list; | |
| 539 | int edns_present; | |
| 540 | uint8_t ext_rcode; | |
| 541 | uint8_t edns_version; | |
| 542 | uint16_t bits; | |
| 543 | uint16_t udp_size; | |
| 544 | struct edns_option* opt_list; | |
| 545 | 545 | }; |
| 546 | 546 | %inline %{ |
| 547 | 547 | struct edns_option** _edns_data_opt_list_get(struct edns_data* edns) { |
| 563 | 563 | Structure module_env |
| 564 | 564 | * ************************************************************************************ */ |
| 565 | 565 | struct module_env { |
| 566 | struct config_file* cfg; | |
| 567 | struct slabhash* msg_cache; | |
| 568 | struct rrset_cache* rrset_cache; | |
| 569 | struct infra_cache* infra_cache; | |
| 570 | struct key_cache* key_cache; | |
| 571 | ||
| 572 | /* --- services --- */ | |
| 573 | struct outbound_entry* (*send_query)(struct query_info* qinfo, | |
| 574 | uint16_t flags, int dnssec, int want_dnssec, int nocaps, | |
| 575 | struct sockaddr_storage* addr, socklen_t addrlen, | |
| 576 | uint8_t* zone, size_t zonelen, int ssl_upstream, | |
| 577 | struct module_qstate* q); | |
| 578 | void (*detach_subs)(struct module_qstate* qstate); | |
| 579 | int (*attach_sub)(struct module_qstate* qstate, | |
| 580 | struct query_info* qinfo, uint16_t qflags, int prime, | |
| 581 | int valrec, struct module_qstate** newq); | |
| 582 | void (*kill_sub)(struct module_qstate* newq); | |
| 583 | int (*detect_cycle)(struct module_qstate* qstate, | |
| 584 | struct query_info* qinfo, uint16_t flags, int prime, | |
| 585 | int valrec); | |
| 586 | ||
| 587 | struct regional* scratch; | |
| 588 | struct sldns_buffer* scratch_buffer; | |
| 589 | struct worker* worker; | |
| 590 | struct mesh_area* mesh; | |
| 591 | struct alloc_cache* alloc; | |
| 592 | struct ub_randstate* rnd; | |
| 593 | time_t* now; | |
| 594 | struct timeval* now_tv; | |
| 595 | int need_to_validate; | |
| 596 | struct val_anchors* anchors; | |
| 597 | struct val_neg_cache* neg_cache; | |
| 598 | struct comm_timer* probe_timer; | |
| 599 | struct iter_forwards* fwds; | |
| 600 | struct iter_hints* hints; | |
| 601 | void* modinfo[MAX_MODULE]; | |
| 602 | ||
| 603 | void* inplace_cb_lists[inplace_cb_types_total]; | |
| 604 | struct edns_known_option* edns_known_options; | |
| 605 | size_t edns_known_options_num; | |
| 606 | }; | |
| 607 | ||
| 566 | struct config_file* cfg; | |
| 567 | struct slabhash* msg_cache; | |
| 568 | struct rrset_cache* rrset_cache; | |
| 569 | struct infra_cache* infra_cache; | |
| 570 | struct key_cache* key_cache; | |
| 571 | ||
| 572 | /* --- services --- */ | |
| 573 | struct outbound_entry* (*send_query)(struct query_info* qinfo, | |
| 574 | uint16_t flags, int dnssec, int want_dnssec, int nocaps, | |
| 575 | struct sockaddr_storage* addr, socklen_t addrlen, | |
| 576 | uint8_t* zone, size_t zonelen, int ssl_upstream, | |
| 577 | struct module_qstate* q); | |
| 578 | void (*detach_subs)(struct module_qstate* qstate); | |
| 579 | int (*attach_sub)(struct module_qstate* qstate, | |
| 580 | struct query_info* qinfo, uint16_t qflags, int prime, | |
| 581 | int valrec, struct module_qstate** newq); | |
| 582 | void (*kill_sub)(struct module_qstate* newq); | |
| 583 | int (*detect_cycle)(struct module_qstate* qstate, | |
| 584 | struct query_info* qinfo, uint16_t flags, int prime, | |
| 585 | int valrec); | |
| 586 | ||
| 587 | struct regional* scratch; | |
| 588 | struct sldns_buffer* scratch_buffer; | |
| 589 | struct worker* worker; | |
| 590 | struct mesh_area* mesh; | |
| 591 | struct alloc_cache* alloc; | |
| 592 | struct ub_randstate* rnd; | |
| 593 | time_t* now; | |
| 594 | struct timeval* now_tv; | |
| 595 | int need_to_validate; | |
| 596 | struct val_anchors* anchors; | |
| 597 | struct val_neg_cache* neg_cache; | |
| 598 | struct comm_timer* probe_timer; | |
| 599 | struct iter_forwards* fwds; | |
| 600 | struct iter_hints* hints; | |
| 601 | void* modinfo[MAX_MODULE]; | |
| 602 | ||
| 603 | void* inplace_cb_lists[inplace_cb_types_total]; | |
| 604 | struct edns_known_option* edns_known_options; | |
| 605 | size_t edns_known_options_num; | |
| 606 | }; | |
| 608 | 607 | |
| 609 | 608 | /* ************************************************************************************ * |
| 610 | 609 | Structure module_qstate |
| 709 | 708 | enum module_ext_state _ext_state_get(struct module_qstate* q, int idx) { |
| 710 | 709 | if ((q != NULL) && (idx >= 0) && (idx < MAX_MODULE)) { |
| 711 | 710 | return q->ext_state[idx]; |
| 712 | } | |
| 711 | } | |
| 713 | 712 | return 0; |
| 714 | 713 | } |
| 715 | 714 | |
| 716 | 715 | void _ext_state_set(struct module_qstate* q, int idx, enum module_ext_state state) { |
| 717 | 716 | if ((q != NULL) && (idx >= 0) && (idx < MAX_MODULE)) { |
| 718 | 717 | q->ext_state[idx] = state; |
| 719 | } | |
| 718 | } | |
| 720 | 719 | } |
| 721 | 720 | |
| 722 | 721 | int edns_opt_list_is_empty(struct edns_option** opt) { |
| 788 | 787 | %} |
| 789 | 788 | } |
| 790 | 789 | |
| 791 | /* ************************************************************************************ * | |
| 790 | /* ************************************************************************************ * | |
| 792 | 791 | Structure config_strlist |
| 793 | 792 | * ************************************************************************************ */ |
| 794 | 793 | struct config_strlist { |
| 796 | 795 | char* str; |
| 797 | 796 | }; |
| 798 | 797 | |
| 799 | /* ************************************************************************************ * | |
| 798 | /* ************************************************************************************ * | |
| 800 | 799 | Structure config_str2list |
| 801 | 800 | * ************************************************************************************ */ |
| 802 | 801 | struct config_str2list { |
| 805 | 804 | char* str2; |
| 806 | 805 | }; |
| 807 | 806 | |
| 808 | /* ************************************************************************************ * | |
| 807 | /* ************************************************************************************ * | |
| 809 | 808 | Structure config_file |
| 810 | 809 | * ************************************************************************************ */ |
| 811 | 810 | struct config_file { |
| 872 | 871 | struct config_strlist* dlv_anchor_list; |
| 873 | 872 | int max_ttl; |
| 874 | 873 | int32_t val_date_override; |
| 875 | int bogus_ttl; | |
| 874 | int bogus_ttl; | |
| 876 | 875 | int val_clean_additional; |
| 877 | 876 | int val_permissive_mode; |
| 878 | 877 | char* val_nsec3_key_iterations; |
| 893 | 892 | char* python_script; |
| 894 | 893 | }; |
| 895 | 894 | |
| 896 | /* ************************************************************************************ * | |
| 895 | /* ************************************************************************************ * | |
| 897 | 896 | ASN: Adding structures related to forwards_lookup and dns_cache_find_delegation |
| 898 | 897 | * ************************************************************************************ */ |
| 899 | 898 | struct delegpt_ns { |
| 931 | 930 | %inline %{ |
| 932 | 931 | PyObject* _get_dp_dname(struct delegpt* dp) { |
| 933 | 932 | return PyBytes_FromStringAndSize((char*)dp->name, dp->namelen); |
| 934 | } | |
| 933 | } | |
| 935 | 934 | PyObject* _get_dp_dname_components(struct delegpt* dp) { |
| 936 | 935 | return GetNameAsLabelList((char*)dp->name, dp->namelen); |
| 937 | 936 | } |
| 986 | 985 | %} |
| 987 | 986 | } |
| 988 | 987 | |
| 989 | /* ************************************************************************************ * | |
| 988 | /* ************************************************************************************ * | |
| 990 | 989 | Enums |
| 991 | 990 | * ************************************************************************************ */ |
| 992 | 991 | %rename ("MODULE_STATE_INITIAL") "module_state_initial"; |
| 1039 | 1038 | VERB_ALGO |
| 1040 | 1039 | }; |
| 1041 | 1040 | |
| 1041 | enum inplace_cb_list_type { | |
| 1042 | /* Inplace callbacks for when a resolved reply is ready to be sent to the | |
| 1043 | * front.*/ | |
| 1044 | inplace_cb_reply = 0, | |
| 1045 | /* Inplace callbacks for when a reply is given from the cache. */ | |
| 1046 | inplace_cb_reply_cache, | |
| 1047 | /* Inplace callbacks for when a reply is given with local data | |
| 1048 | * (or Chaos reply). */ | |
| 1049 | inplace_cb_reply_local, | |
| 1050 | /* Inplace callbacks for when the reply is servfail. */ | |
| 1051 | inplace_cb_reply_servfail, | |
| 1052 | /* Inplace callbacks for when a query is ready to be sent to the back.*/ | |
| 1053 | inplace_cb_query, | |
| 1054 | /* Inplace callback for when a reply is received from the back. */ | |
| 1055 | inplace_cb_edns_back_parsed, | |
| 1056 | /* Total number of types. Used for array initialization. | |
| 1057 | * Should always be last. */ | |
| 1058 | inplace_cb_types_total | |
| 1059 | }; | |
| 1060 | ||
| 1042 | 1061 | %constant uint16_t PKT_QR = 1; /* QueRy - query flag */ |
| 1043 | 1062 | %constant uint16_t PKT_AA = 2; /* Authoritative Answer - server flag */ |
| 1044 | 1063 | %constant uint16_t PKT_TC = 4; /* TrunCated - server flag */ |
| 1048 | 1067 | %constant uint16_t PKT_AD = 64; /* Authenticated Data - server flag */ |
| 1049 | 1068 | |
| 1050 | 1069 | %{ |
| 1051 | int checkList(PyObject *l) | |
| 1070 | int checkList(PyObject *l) | |
| 1052 | 1071 | { |
| 1053 | 1072 | PyObject* item; |
| 1054 | 1073 | int i; |
| 1055 | 1074 | |
| 1056 | if (l == Py_None) | |
| 1075 | if (l == Py_None) | |
| 1057 | 1076 | return 1; |
| 1058 | 1077 | |
| 1059 | if (PyList_Check(l)) | |
| 1078 | if (PyList_Check(l)) | |
| 1060 | 1079 | { |
| 1061 | for (i=0; i < PyList_Size(l); i++) | |
| 1080 | for (i=0; i < PyList_Size(l); i++) | |
| 1062 | 1081 | { |
| 1063 | 1082 | item = PyList_GetItem(l, i); |
| 1064 | 1083 | if (!PyBytes_Check(item)) |
| 1077 | 1096 | int i; |
| 1078 | 1097 | size_t len; |
| 1079 | 1098 | |
| 1080 | for (i=0; i < PyList_Size(l); i++) | |
| 1099 | for (i=0; i < PyList_Size(l); i++) | |
| 1081 | 1100 | { |
| 1082 | 1101 | item = PyList_GetItem(l, i); |
| 1083 | 1102 | |
| 1101 | 1120 | return 1; |
| 1102 | 1121 | } |
| 1103 | 1122 | |
| 1104 | int set_return_msg(struct module_qstate* qstate, | |
| 1123 | int set_return_msg(struct module_qstate* qstate, | |
| 1105 | 1124 | const char* rr_name, sldns_rr_type rr_type, sldns_rr_class rr_class , uint16_t flags, uint32_t default_ttl, |
| 1106 | PyObject* question, PyObject* answer, PyObject* authority, PyObject* additional) | |
| 1125 | PyObject* question, PyObject* answer, PyObject* authority, PyObject* additional) | |
| 1107 | 1126 | { |
| 1108 | 1127 | sldns_buffer *qb = 0; |
| 1109 | 1128 | int res = 1; |
| 1115 | 1134 | uint16_t PKT_CD = 16; |
| 1116 | 1135 | uint16_t PKT_RA = 32; |
| 1117 | 1136 | uint16_t PKT_AD = 64; |
| 1118 | ||
| 1137 | ||
| 1119 | 1138 | if ((!checkList(question)) || (!checkList(answer)) || (!checkList(authority)) || (!checkList(additional))) |
| 1120 | 1139 | return 0; |
| 1121 | 1140 | if ((qb = sldns_buffer_new(LDNS_RR_BUF_SIZE)) == 0) return 0; |
| 1164 | 1183 | } |
| 1165 | 1184 | %} |
| 1166 | 1185 | |
| 1167 | int set_return_msg(struct module_qstate* qstate, | |
| 1186 | int set_return_msg(struct module_qstate* qstate, | |
| 1168 | 1187 | const char* rr_name, int rr_type, int rr_class , uint16_t flags, uint32_t default_ttl, |
| 1169 | 1188 | PyObject* question, PyObject* answer, PyObject* authority, PyObject* additional); |
| 1170 | 1189 | |
| 1184 | 1203 | |
| 1185 | 1204 | def set_return_msg(self, qstate): |
| 1186 | 1205 | """Returns 1 if OK""" |
| 1187 | status = _unboundmodule.set_return_msg(qstate, self.rr_name, self.rr_type, self.rr_class, | |
| 1206 | status = _unboundmodule.set_return_msg(qstate, self.rr_name, self.rr_type, self.rr_class, | |
| 1188 | 1207 | self.query_flags, self.default_ttl, |
| 1189 | 1208 | self.question, self.answer, self.authority, self.additional) |
| 1190 | 1209 | |
| 1191 | 1210 | if (status) and (PKT_AA & self.query_flags): |
| 1192 | 1211 | qstate.return_msg.rep.authoritative = 1 |
| 1193 | 1212 | |
| 1194 | return status | |
| 1195 | ||
| 1196 | %} | |
| 1197 | /* ************************************************************************************ * | |
| 1213 | return status | |
| 1214 | ||
| 1215 | %} | |
| 1216 | /* ************************************************************************************ * | |
| 1198 | 1217 | ASN: Delegation pointer related functions |
| 1199 | 1218 | * ************************************************************************************ */ |
| 1200 | 1219 | |
| 1253 | 1272 | } |
| 1254 | 1273 | %} |
| 1255 | 1274 | |
| 1256 | /* ************************************************************************************ * | |
| 1275 | /* ************************************************************************************ * | |
| 1257 | 1276 | Functions |
| 1258 | 1277 | * ************************************************************************************ */ |
| 1259 | 1278 | /****************************** |
| 1331 | 1350 | SWIG_exception_fail(SWIG_TypeError, "Expected bytearray!"); |
| 1332 | 1351 | return NULL; |
| 1333 | 1352 | } |
| 1334 | $2 = PyByteArray_AsString($input); | |
| 1353 | $2 = (void*)PyByteArray_AsString($input); | |
| 1335 | 1354 | $1 = PyByteArray_Size($input); |
| 1336 | 1355 | } |
| 1337 | 1356 | |
| 1345 | 1364 | int python_inplace_cb_reply_generic(struct query_info* qinfo, |
| 1346 | 1365 | struct module_qstate* qstate, struct reply_info* rep, int rcode, |
| 1347 | 1366 | struct edns_data* edns, struct edns_option** opt_list_out, |
| 1348 | struct regional* region, void* python_callback) | |
| 1367 | struct regional* region, int id, void* python_callback) | |
| 1349 | 1368 | { |
| 1350 | 1369 | PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; |
| 1351 | 1370 | PyObject *py_rep, *py_region; |
| 1352 | 1371 | PyObject *result; |
| 1353 | 1372 | int res = 0; |
| 1354 | 1373 | |
| 1374 | PyGILState_STATE gstate = PyGILState_Ensure(); | |
| 1355 | 1375 | func = (PyObject *) python_callback; |
| 1356 | PyGILState_STATE gstate = PyGILState_Ensure(); | |
| 1357 | 1376 | py_edns = SWIG_NewPointerObj((void*) edns, SWIGTYPE_p_edns_data, 0); |
| 1358 | 1377 | py_qstate = SWIG_NewPointerObj((void*) qstate, |
| 1359 | 1378 | SWIGTYPE_p_module_qstate, 0); |
| 1378 | 1397 | return res; |
| 1379 | 1398 | } |
| 1380 | 1399 | |
| 1381 | /* Swig implementations for Python */ | |
| 1382 | static int register_inplace_cb_reply(PyObject* py_cb, | |
| 1383 | struct module_env* env) | |
| 1400 | /* register a callback */ | |
| 1401 | static int python_inplace_cb_register(enum inplace_cb_list_type type, | |
| 1402 | PyObject* py_cb, struct module_env* env, int id) | |
| 1384 | 1403 | { |
| 1385 | int ret = inplace_cb_reply_register( | |
| 1386 | python_inplace_cb_reply_generic, (void*) py_cb, env); | |
| 1404 | int ret = inplace_cb_register(python_inplace_cb_reply_generic, | |
| 1405 | type, (void*) py_cb, env, id); | |
| 1387 | 1406 | if (ret) Py_INCREF(py_cb); |
| 1388 | 1407 | return ret; |
| 1389 | 1408 | } |
| 1409 | ||
| 1410 | /* Swig implementations for Python */ | |
| 1411 | static int register_inplace_cb_reply(PyObject* py_cb, | |
| 1412 | struct module_env* env, int id) | |
| 1413 | { | |
| 1414 | return python_inplace_cb_register(inplace_cb_reply, py_cb, env, id); | |
| 1415 | } | |
| 1390 | 1416 | static int register_inplace_cb_reply_cache(PyObject* py_cb, |
| 1391 | struct module_env* env) | |
| 1417 | struct module_env* env, int id) | |
| 1392 | 1418 | { |
| 1393 | int ret = inplace_cb_reply_cache_register( | |
| 1394 | python_inplace_cb_reply_generic, (void*) py_cb, env); | |
| 1395 | if (ret) Py_INCREF(py_cb); | |
| 1396 | return ret; | |
| 1419 | return python_inplace_cb_register(inplace_cb_reply_cache, py_cb, env, id); | |
| 1397 | 1420 | } |
| 1398 | 1421 | static int register_inplace_cb_reply_local(PyObject* py_cb, |
| 1399 | struct module_env* env) | |
| 1422 | struct module_env* env, int id) | |
| 1400 | 1423 | { |
| 1401 | int ret = inplace_cb_reply_local_register( | |
| 1402 | python_inplace_cb_reply_generic, (void*) py_cb, env); | |
| 1403 | if (ret) Py_INCREF(py_cb); | |
| 1404 | return ret; | |
| 1424 | return python_inplace_cb_register(inplace_cb_reply_local, py_cb, env, id); | |
| 1405 | 1425 | } |
| 1406 | 1426 | static int register_inplace_cb_reply_servfail(PyObject* py_cb, |
| 1407 | struct module_env* env) | |
| 1427 | struct module_env* env, int id) | |
| 1408 | 1428 | { |
| 1409 | int ret = inplace_cb_reply_servfail_register( | |
| 1410 | python_inplace_cb_reply_generic, (void*) py_cb, env); | |
| 1411 | if (ret) Py_INCREF(py_cb); | |
| 1412 | return ret; | |
| 1429 | return python_inplace_cb_register(inplace_cb_reply_servfail, | |
| 1430 | py_cb, env, id); | |
| 1413 | 1431 | } |
| 1414 | 1432 | %} |
| 1415 | 1433 | /* C declarations */ |
| 1416 | int inplace_cb_reply_register( | |
| 1417 | inplace_cb_reply_func_t* cb, void* cb_arg, struct module_env* env); | |
| 1418 | int inplace_cb_reply_cache_register( | |
| 1419 | inplace_cb_reply_func_t* cb, void* cb_arg, struct module_env* env); | |
| 1420 | int inplace_cb_reply_local_register( | |
| 1421 | inplace_cb_reply_func_t* cb, void* cb_arg, struct module_env* env); | |
| 1422 | int inplace_cb_reply_servfail_register( | |
| 1423 | inplace_cb_reply_func_t* cb, void* cb_arg, struct module_env* env); | |
| 1434 | int inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, | |
| 1435 | struct module_env* env, int id); | |
| 1424 | 1436 | |
| 1425 | 1437 | /* Swig declarations */ |
| 1426 | 1438 | static int register_inplace_cb_reply(PyObject* py_cb, |
| 1427 | struct module_env* env); | |
| 1439 | struct module_env* env, int id); | |
| 1428 | 1440 | static int register_inplace_cb_reply_cache(PyObject* py_cb, |
| 1429 | struct module_env* env); | |
| 1441 | struct module_env* env, int id); | |
| 1430 | 1442 | static int register_inplace_cb_reply_local(PyObject* py_cb, |
| 1431 | struct module_env* env); | |
| 1443 | struct module_env* env, int id); | |
| 1432 | 1444 | static int register_inplace_cb_reply_servfail(PyObject* py_cb, |
| 1433 | struct module_env* env); | |
| 1445 | struct module_env* env, int id); | |
| 0 | 0 | /* |
| 1 | 1 | * pythonmod.c: unbound module C wrapper |
| 2 | * | |
| 2 | * | |
| 3 | 3 | * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) |
| 4 | 4 | * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) |
| 5 | 5 | * |
| 6 | 6 | * This software is open source. |
| 7 | * | |
| 7 | * | |
| 8 | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | 9 | * modification, are permitted provided that the following conditions |
| 10 | 10 | * are met: |
| 11 | * | |
| 11 | * | |
| 12 | 12 | * * Redistributions of source code must retain the above copyright notice, |
| 13 | 13 | * this list of conditions and the following disclaimer. |
| 14 | * | |
| 14 | * | |
| 15 | 15 | * * Redistributions in binary form must reproduce the above copyright notice, |
| 16 | 16 | * this list of conditions and the following disclaimer in the documentation |
| 17 | 17 | * and/or other materials provided with the distribution. |
| 18 | * | |
| 18 | * | |
| 19 | 19 | * * Neither the name of the organization nor the names of its |
| 20 | 20 | * contributors may be used to endorse or promote products derived from this |
| 21 | 21 | * software without specific prior written permission. |
| 40 | 40 | /* ignore the varargs unused warning from SWIGs internal vararg support */ |
| 41 | 41 | #ifdef __GNUC__ |
| 42 | 42 | #pragma GCC diagnostic ignored "-Wunused-parameter" |
| 43 | #ifndef __clang__ | |
| 43 | 44 | #pragma GCC diagnostic ignored "-Wunused-but-set-variable" |
| 45 | #endif | |
| 44 | 46 | #endif |
| 45 | 47 | |
| 46 | 48 | #include "config.h" |
| 62 | 64 | #endif |
| 63 | 65 | |
| 64 | 66 | /** |
| 65 | * Global state for the module. | |
| 67 | * Global state for the module. | |
| 66 | 68 | */ |
| 67 | 69 | struct pythonmod_env { |
| 68 | 70 | |
| 116 | 118 | int init_standard = 1; |
| 117 | 119 | |
| 118 | 120 | struct pythonmod_env* pe = (struct pythonmod_env*)calloc(1, sizeof(struct pythonmod_env)); |
| 119 | if (!pe) | |
| 121 | if (!pe) | |
| 120 | 122 | { |
| 121 | 123 | log_err("pythonmod: malloc failure"); |
| 122 | 124 | return 0; |
| 132 | 134 | } |
| 133 | 135 | |
| 134 | 136 | /* Initialize Python libraries */ |
| 135 | if (!Py_IsInitialized()) | |
| 137 | if (!Py_IsInitialized()) | |
| 136 | 138 | { |
| 137 | 139 | #if PY_MAJOR_VERSION >= 3 |
| 138 | 140 | wchar_t progname[8]; |
| 168 | 170 | PyRun_SimpleString("sys.path.append(distutils.sysconfig.get_python_lib(1,0)) \n"); |
| 169 | 171 | if (PyRun_SimpleString("from unboundmodule import *\n") < 0) |
| 170 | 172 | { |
| 171 | log_err("pythonmod: cannot initialize core module: unboundmodule.py"); | |
| 173 | log_err("pythonmod: cannot initialize core module: unboundmodule.py"); | |
| 172 | 174 | PyGILState_Release(gil); |
| 173 | 175 | return 0; |
| 174 | 176 | } |
| 175 | 177 | |
| 176 | 178 | /* Check Python file load */ |
| 177 | if ((script_py = fopen(pe->fname, "r")) == NULL) | |
| 179 | if ((script_py = fopen(pe->fname, "r")) == NULL) | |
| 178 | 180 | { |
| 179 | 181 | log_err("pythonmod: can't open file %s for reading", pe->fname); |
| 180 | 182 | PyGILState_Release(gil); |
| 189 | 191 | PyModule_AddObject(pe->module, "mod_env", pe->data); |
| 190 | 192 | |
| 191 | 193 | /* TODO: deallocation of pe->... if an error occurs */ |
| 192 | ||
| 193 | if (PyRun_SimpleFile(script_py, pe->fname) < 0) | |
| 194 | ||
| 195 | if (PyRun_SimpleFile(script_py, pe->fname) < 0) | |
| 194 | 196 | { |
| 195 | 197 | log_err("pythonmod: can't parse Python script %s", pe->fname); |
| 196 | 198 | PyGILState_Release(gil); |
| 202 | 204 | if ((pe->func_init = PyDict_GetItemString(pe->dict, "init_standard")) == NULL) |
| 203 | 205 | { |
| 204 | 206 | init_standard = 0; |
| 205 | if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) | |
| 207 | if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) | |
| 206 | 208 | { |
| 207 | 209 | log_err("pythonmod: function init is missing in %s", pe->fname); |
| 208 | 210 | PyGILState_Release(gil); |
| 209 | 211 | return 0; |
| 210 | 212 | } |
| 211 | 213 | } |
| 212 | if ((pe->func_deinit = PyDict_GetItemString(pe->dict, "deinit")) == NULL) | |
| 214 | if ((pe->func_deinit = PyDict_GetItemString(pe->dict, "deinit")) == NULL) | |
| 213 | 215 | { |
| 214 | 216 | log_err("pythonmod: function deinit is missing in %s", pe->fname); |
| 215 | 217 | PyGILState_Release(gil); |
| 216 | 218 | return 0; |
| 217 | 219 | } |
| 218 | if ((pe->func_operate = PyDict_GetItemString(pe->dict, "operate")) == NULL) | |
| 220 | if ((pe->func_operate = PyDict_GetItemString(pe->dict, "operate")) == NULL) | |
| 219 | 221 | { |
| 220 | 222 | log_err("pythonmod: function operate is missing in %s", pe->fname); |
| 221 | 223 | PyGILState_Release(gil); |
| 222 | 224 | return 0; |
| 223 | 225 | } |
| 224 | if ((pe->func_inform = PyDict_GetItemString(pe->dict, "inform_super")) == NULL) | |
| 226 | if ((pe->func_inform = PyDict_GetItemString(pe->dict, "inform_super")) == NULL) | |
| 225 | 227 | { |
| 226 | 228 | log_err("pythonmod: function inform_super is missing in %s", pe->fname); |
| 227 | 229 | PyGILState_Release(gil); |
| 238 | 240 | SWIGTYPE_p_config_file, 0); |
| 239 | 241 | } |
| 240 | 242 | res = PyObject_CallFunction(pe->func_init, "iO", id, py_init_arg); |
| 241 | if (PyErr_Occurred()) | |
| 243 | if (PyErr_Occurred()) | |
| 242 | 244 | { |
| 243 | 245 | log_err("pythonmod: Exception occurred in function init"); |
| 244 | 246 | PyErr_Print(); |
| 303 | 305 | py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); |
| 304 | 306 | py_sqstate = SWIG_NewPointerObj((void*) super, SWIGTYPE_p_module_qstate, 0); |
| 305 | 307 | |
| 306 | res = PyObject_CallFunction(pe->func_inform, "iOOO", id, py_qstate, | |
| 308 | res = PyObject_CallFunction(pe->func_inform, "iOOO", id, py_qstate, | |
| 307 | 309 | py_sqstate, pq->data); |
| 308 | 310 | |
| 309 | if (PyErr_Occurred()) | |
| 311 | if (PyErr_Occurred()) | |
| 310 | 312 | { |
| 311 | 313 | log_err("pythonmod: Exception occurred in function inform_super"); |
| 312 | 314 | PyErr_Print(); |
| 313 | 315 | qstate->ext_state[id] = module_error; |
| 314 | } | |
| 315 | else if ((res == NULL) || (!PyObject_IsTrue(res))) | |
| 316 | } | |
| 317 | else if ((res == NULL) || (!PyObject_IsTrue(res))) | |
| 316 | 318 | { |
| 317 | 319 | log_err("pythonmod: python returned bad code in inform_super"); |
| 318 | 320 | qstate->ext_state[id] = module_error; |
| 319 | } | |
| 321 | } | |
| 320 | 322 | |
| 321 | 323 | Py_XDECREF(res); |
| 322 | 324 | Py_XDECREF(py_sqstate); |
| 325 | 327 | PyGILState_Release(gil); |
| 326 | 328 | } |
| 327 | 329 | |
| 328 | void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, | |
| 330 | void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, | |
| 329 | 331 | int id, struct outbound_entry* ATTR_UNUSED(outbound)) |
| 330 | 332 | { |
| 331 | 333 | struct pythonmod_env* pe = (struct pythonmod_env*)qstate->env->modinfo[id]; |
| 334 | 336 | PyGILState_STATE gil = PyGILState_Ensure(); |
| 335 | 337 | |
| 336 | 338 | if ( pq == NULL) |
| 337 | { | |
| 339 | { | |
| 338 | 340 | /* create qstate */ |
| 339 | 341 | pq = qstate->minfo[id] = malloc(sizeof(struct pythonmod_qstate)); |
| 340 | ||
| 342 | ||
| 341 | 343 | /* Initialize per query data */ |
| 342 | 344 | pq->data = Py_None; |
| 343 | 345 | Py_INCREF(pq->data); |
| 345 | 347 | |
| 346 | 348 | /* Call operate */ |
| 347 | 349 | py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); |
| 348 | res = PyObject_CallFunction(pe->func_operate, "iiOO", id, (int) event, | |
| 350 | res = PyObject_CallFunction(pe->func_operate, "iiOO", id, (int) event, | |
| 349 | 351 | py_qstate, pq->data); |
| 350 | if (PyErr_Occurred()) | |
| 352 | if (PyErr_Occurred()) | |
| 351 | 353 | { |
| 352 | 354 | log_err("pythonmod: Exception occurred in function operate, event: %s", strmodulevent(event)); |
| 353 | 355 | PyErr_Print(); |
| 354 | 356 | qstate->ext_state[id] = module_error; |
| 355 | } | |
| 356 | else if ((res == NULL) || (!PyObject_IsTrue(res))) | |
| 357 | } | |
| 358 | else if ((res == NULL) || (!PyObject_IsTrue(res))) | |
| 357 | 359 | { |
| 358 | 360 | log_err("pythonmod: python returned bad code, event: %s", strmodulevent(event)); |
| 359 | 361 | qstate->ext_state[id] = module_error; |
| 360 | } | |
| 362 | } | |
| 361 | 363 | Py_XDECREF(res); |
| 362 | 364 | Py_XDECREF(py_qstate); |
| 363 | 365 | |
| 371 | 373 | return; |
| 372 | 374 | |
| 373 | 375 | pq = (struct pythonmod_qstate*)qstate->minfo[id]; |
| 374 | verbose(VERB_ALGO, "pythonmod: clear, id: %d, pq:%lX", id, | |
| 376 | verbose(VERB_ALGO, "pythonmod: clear, id: %d, pq:%lX", id, | |
| 375 | 377 | (unsigned long int)pq); |
| 376 | 378 | if(pq != NULL) |
| 377 | 379 | { |
| 388 | 390 | size_t pythonmod_get_mem(struct module_env* env, int id) |
| 389 | 391 | { |
| 390 | 392 | struct pythonmod_env* pe = (struct pythonmod_env*)env->modinfo[id]; |
| 391 | verbose(VERB_ALGO, "pythonmod: get_mem, id: %d, pe:%lX", id, | |
| 393 | verbose(VERB_ALGO, "pythonmod: get_mem, id: %d, pe:%lX", id, | |
| 392 | 394 | (unsigned long int)pe); |
| 393 | 395 | if(!pe) |
| 394 | 396 | return 0; |
| 396 | 398 | } |
| 397 | 399 | |
| 398 | 400 | /** |
| 399 | * The module function block | |
| 401 | * The module function block | |
| 400 | 402 | */ |
| 401 | 403 | static struct module_func_block pythonmod_block = { |
| 402 | 404 | "python", |
| 403 | &pythonmod_init, &pythonmod_deinit, &pythonmod_operate, &pythonmod_inform_super, | |
| 405 | &pythonmod_init, &pythonmod_deinit, &pythonmod_operate, &pythonmod_inform_super, | |
| 404 | 406 | &pythonmod_clear, &pythonmod_get_mem |
| 405 | 407 | }; |
| 406 | 408 | |
| 71 | 71 | int python_inplace_cb_reply_generic(struct query_info* qinfo, |
| 72 | 72 | struct module_qstate* qstate, struct reply_info* rep, int rcode, |
| 73 | 73 | struct edns_data* edns, struct edns_option** opt_list_out, |
| 74 | struct regional* region, void* python_callback); | |
| 74 | struct regional* region, int id, void* python_callback); | |
| 75 | 75 | #endif /* PYTHONMOD_H */ |
| 73 | 73 | /* Invalidate the message associated with query_info stored in message cache */ |
| 74 | 74 | void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo) |
| 75 | 75 | { |
| 76 | hashvalue_t h; | |
| 76 | hashvalue_type h; | |
| 77 | 77 | struct lruhash_entry* e; |
| 78 | 78 | struct reply_info *r; |
| 79 | 79 | size_t i, j; |
| 0 | # Example configuration file for edns.py | |
| 1 | server: | |
| 2 | verbosity: 1 | |
| 3 | interface: 0.0.0.0 | |
| 4 | do-daemonize: no | |
| 5 | access-control: 0.0.0.0/0 allow | |
| 6 | chroot: "" | |
| 7 | username: "" | |
| 8 | directory: "" | |
| 9 | logfile: "" | |
| 10 | pidfile: "unbound.pid" | |
| 11 | module-config: "validator python iterator" | |
| 12 | ||
| 13 | # Python config section | |
| 14 | python: | |
| 15 | # Script file to load | |
| 16 | python-script: "./examples/inplace_callbacks.py" |
| 0 | # Example configuration file for edns.py | |
| 1 | server: | |
| 2 | verbosity: 1 | |
| 3 | interface: 0.0.0.0 | |
| 4 | do-daemonize: no | |
| 5 | access-control: 0.0.0.0/0 allow | |
| 6 | chroot: "" | |
| 7 | username: "" | |
| 8 | directory: "" | |
| 9 | logfile: "" | |
| 10 | pidfile: "unbound.pid" | |
| 11 | module-config: "validator python iterator" | |
| 12 | ||
| 13 | # Python config section | |
| 14 | python: | |
| 15 | # Script file to load | |
| 16 | python-script: "./examples/inplace_callbacks.py" |
| 0 | /* | |
| 1 | * respip/respip.c - filtering response IP module | |
| 2 | */ | |
| 3 | ||
| 4 | /** | |
| 5 | * \file | |
| 6 | * | |
| 7 | * This file contains a module that inspects a result of recursive resolution | |
| 8 | * to see if any IP address record should trigger a special action. | |
| 9 | * If applicable these actions can modify the original response. | |
| 10 | */ | |
| 11 | #include "config.h" | |
| 12 | ||
| 13 | #include "services/localzone.h" | |
| 14 | #include "services/cache/dns.h" | |
| 15 | #include "sldns/str2wire.h" | |
| 16 | #include "util/config_file.h" | |
| 17 | #include "util/fptr_wlist.h" | |
| 18 | #include "util/module.h" | |
| 19 | #include "util/net_help.h" | |
| 20 | #include "util/regional.h" | |
| 21 | #include "util/data/msgreply.h" | |
| 22 | #include "util/storage/dnstree.h" | |
| 23 | #include "respip/respip.h" | |
| 24 | #include "services/view.h" | |
| 25 | #include "sldns/rrdef.h" | |
| 26 | ||
| 27 | /** | |
| 28 | * Conceptual set of IP addresses for response AAAA or A records that should | |
| 29 | * trigger special actions. | |
| 30 | */ | |
| 31 | struct respip_set { | |
| 32 | struct regional* region; | |
| 33 | struct rbtree_type ip_tree; | |
| 34 | char* const* tagname; /* shallow copy of tag names, for logging */ | |
| 35 | int num_tags; /* number of tagname entries */ | |
| 36 | }; | |
| 37 | ||
| 38 | /** An address span with response control information */ | |
| 39 | struct resp_addr { | |
| 40 | /** node in address tree */ | |
| 41 | struct addr_tree_node node; | |
| 42 | /** tag bitlist */ | |
| 43 | uint8_t* taglist; | |
| 44 | /** length of the taglist (in bytes) */ | |
| 45 | size_t taglen; | |
| 46 | /** action for this address span */ | |
| 47 | enum respip_action action; | |
| 48 | /** "local data" for this node */ | |
| 49 | struct ub_packed_rrset_key* data; | |
| 50 | }; | |
| 51 | ||
| 52 | /** Subset of resp_addr.node, used for inform-variant logging */ | |
| 53 | struct respip_addr_info { | |
| 54 | struct sockaddr_storage addr; | |
| 55 | socklen_t addrlen; | |
| 56 | int net; | |
| 57 | }; | |
| 58 | ||
| 59 | /** Query state regarding the response-ip module. */ | |
| 60 | enum respip_state { | |
| 61 | /** | |
| 62 | * The general state. Unless CNAME chasing takes place, all processing | |
| 63 | * is completed in this state without any other asynchronous event. | |
| 64 | */ | |
| 65 | RESPIP_INIT = 0, | |
| 66 | ||
| 67 | /** | |
| 68 | * A subquery for CNAME chasing is completed. | |
| 69 | */ | |
| 70 | RESPIP_SUBQUERY_FINISHED | |
| 71 | }; | |
| 72 | ||
| 73 | /** Per query state for the response-ip module. */ | |
| 74 | struct respip_qstate { | |
| 75 | enum respip_state state; | |
| 76 | }; | |
| 77 | ||
| 78 | struct respip_set* | |
| 79 | respip_set_create(void) | |
| 80 | { | |
| 81 | struct respip_set* set = calloc(1, sizeof(*set)); | |
| 82 | if(!set) | |
| 83 | return NULL; | |
| 84 | set->region = regional_create(); | |
| 85 | if(!set->region) { | |
| 86 | free(set); | |
| 87 | return NULL; | |
| 88 | } | |
| 89 | addr_tree_init(&set->ip_tree); | |
| 90 | return set; | |
| 91 | } | |
| 92 | ||
| 93 | void | |
| 94 | respip_set_delete(struct respip_set* set) | |
| 95 | { | |
| 96 | if(!set) | |
| 97 | return; | |
| 98 | regional_destroy(set->region); | |
| 99 | free(set); | |
| 100 | } | |
| 101 | ||
| 102 | struct rbtree_type* | |
| 103 | respip_set_get_tree(struct respip_set* set) | |
| 104 | { | |
| 105 | if(!set) | |
| 106 | return NULL; | |
| 107 | return &set->ip_tree; | |
| 108 | } | |
| 109 | ||
| 110 | /** returns the node in the address tree for the specified netblock string; | |
| 111 | * non-existent node will be created if 'create' is true */ | |
| 112 | static struct resp_addr* | |
| 113 | respip_find_or_create(struct respip_set* set, const char* ipstr, int create) | |
| 114 | { | |
| 115 | struct resp_addr* node; | |
| 116 | struct sockaddr_storage addr; | |
| 117 | int net; | |
| 118 | socklen_t addrlen; | |
| 119 | ||
| 120 | if(!netblockstrtoaddr(ipstr, 0, &addr, &addrlen, &net)) { | |
| 121 | log_err("cannot parse netblock: '%s'", ipstr); | |
| 122 | return NULL; | |
| 123 | } | |
| 124 | node = (struct resp_addr*)addr_tree_find(&set->ip_tree, &addr, addrlen, net); | |
| 125 | if(!node && create) { | |
| 126 | node = regional_alloc_zero(set->region, sizeof(*node)); | |
| 127 | if(!node) { | |
| 128 | log_err("out of memory"); | |
| 129 | return NULL; | |
| 130 | } | |
| 131 | node->action = respip_none; | |
| 132 | if(!addr_tree_insert(&set->ip_tree, &node->node, &addr, | |
| 133 | addrlen, net)) { | |
| 134 | /* We know we didn't find it, so this should be | |
| 135 | * impossible. */ | |
| 136 | log_warn("unexpected: duplicate address: %s", ipstr); | |
| 137 | } | |
| 138 | } | |
| 139 | return node; | |
| 140 | } | |
| 141 | ||
| 142 | static int | |
| 143 | respip_tag_cfg(struct respip_set* set, const char* ipstr, | |
| 144 | const uint8_t* taglist, size_t taglen) | |
| 145 | { | |
| 146 | struct resp_addr* node; | |
| 147 | ||
| 148 | if(!(node=respip_find_or_create(set, ipstr, 1))) | |
| 149 | return 0; | |
| 150 | if(node->taglist) { | |
| 151 | log_warn("duplicate response-address-tag for '%s', overridden.", | |
| 152 | ipstr); | |
| 153 | } | |
| 154 | node->taglist = regional_alloc_init(set->region, taglist, taglen); | |
| 155 | if(!node->taglist) { | |
| 156 | log_err("out of memory"); | |
| 157 | return 0; | |
| 158 | } | |
| 159 | node->taglen = taglen; | |
| 160 | return 1; | |
| 161 | } | |
| 162 | ||
| 163 | /** set action for the node specified by the netblock string */ | |
| 164 | static int | |
| 165 | respip_action_cfg(struct respip_set* set, const char* ipstr, | |
| 166 | const char* actnstr) | |
| 167 | { | |
| 168 | struct resp_addr* node; | |
| 169 | enum respip_action action; | |
| 170 | ||
| 171 | if(!(node=respip_find_or_create(set, ipstr, 1))) | |
| 172 | return 0; | |
| 173 | if(node->action != respip_none) { | |
| 174 | log_warn("duplicate response-ip action for '%s', overridden.", | |
| 175 | ipstr); | |
| 176 | } | |
| 177 | if(strcmp(actnstr, "deny") == 0) | |
| 178 | action = respip_deny; | |
| 179 | else if(strcmp(actnstr, "redirect") == 0) | |
| 180 | action = respip_redirect; | |
| 181 | else if(strcmp(actnstr, "inform") == 0) | |
| 182 | action = respip_inform; | |
| 183 | else if(strcmp(actnstr, "inform_deny") == 0) | |
| 184 | action = respip_inform_deny; | |
| 185 | else if(strcmp(actnstr, "always_transparent") == 0) | |
| 186 | action = respip_always_transparent; | |
| 187 | else if(strcmp(actnstr, "always_refuse") == 0) | |
| 188 | action = respip_always_refuse; | |
| 189 | else if(strcmp(actnstr, "always_nxdomain") == 0) | |
| 190 | action = respip_always_nxdomain; | |
| 191 | else { | |
| 192 | log_err("unknown response-ip action %s", actnstr); | |
| 193 | return 0; | |
| 194 | } | |
| 195 | node->action = action; | |
| 196 | return 1; | |
| 197 | } | |
| 198 | ||
| 199 | /** allocate and initialize an rrset structure; this function is based | |
| 200 | * on new_local_rrset() from the localzone.c module */ | |
| 201 | static struct ub_packed_rrset_key* | |
| 202 | new_rrset(struct regional* region, uint16_t rrtype, uint16_t rrclass) | |
| 203 | { | |
| 204 | struct packed_rrset_data* pd; | |
| 205 | struct ub_packed_rrset_key* rrset = regional_alloc_zero( | |
| 206 | region, sizeof(*rrset)); | |
| 207 | if(!rrset) { | |
| 208 | log_err("out of memory"); | |
| 209 | return NULL; | |
| 210 | } | |
| 211 | rrset->entry.key = rrset; | |
| 212 | pd = regional_alloc_zero(region, sizeof(*pd)); | |
| 213 | if(!pd) { | |
| 214 | log_err("out of memory"); | |
| 215 | return NULL; | |
| 216 | } | |
| 217 | pd->trust = rrset_trust_prim_noglue; | |
| 218 | pd->security = sec_status_insecure; | |
| 219 | rrset->entry.data = pd; | |
| 220 | rrset->rk.dname = regional_alloc_zero(region, 1); | |
| 221 | if(!rrset->rk.dname) { | |
| 222 | log_err("out of memory"); | |
| 223 | return NULL; | |
| 224 | } | |
| 225 | rrset->rk.dname_len = 1; | |
| 226 | rrset->rk.type = htons(rrtype); | |
| 227 | rrset->rk.rrset_class = htons(rrclass); | |
| 228 | return rrset; | |
| 229 | } | |
| 230 | ||
| 231 | /** enter local data as resource records into a response-ip node */ | |
| 232 | static int | |
| 233 | respip_enter_rr(struct regional* region, struct resp_addr* raddr, | |
| 234 | const char* rrstr, const char* netblock) | |
| 235 | { | |
| 236 | uint8_t* nm; | |
| 237 | uint16_t rrtype = 0, rrclass = 0; | |
| 238 | time_t ttl = 0; | |
| 239 | uint8_t rr[LDNS_RR_BUF_SIZE]; | |
| 240 | uint8_t* rdata = NULL; | |
| 241 | size_t rdata_len = 0; | |
| 242 | char buf[65536]; | |
| 243 | char bufshort[64]; | |
| 244 | struct packed_rrset_data* pd; | |
| 245 | struct sockaddr* sa; | |
| 246 | int ret; | |
| 247 | if(raddr->action != respip_redirect) { | |
| 248 | log_err("cannot parse response-ip-data %s: response-ip " | |
| 249 | "action for %s is not redirect", rrstr, netblock); | |
| 250 | return 0; | |
| 251 | } | |
| 252 | ret = snprintf(buf, sizeof(buf), ". %s", rrstr); | |
| 253 | if(ret < 0 || ret >= (int)sizeof(buf)) { | |
| 254 | strlcpy(bufshort, rrstr, sizeof(bufshort)); | |
| 255 | log_err("bad response-ip-data: %s...", bufshort); | |
| 256 | return 0; | |
| 257 | } | |
| 258 | if(!rrstr_get_rr_content(buf, &nm, &rrtype, &rrclass, &ttl, rr, sizeof(rr), | |
| 259 | &rdata, &rdata_len)) { | |
| 260 | log_err("bad response-ip-data: %s", rrstr); | |
| 261 | return 0; | |
| 262 | } | |
| 263 | free(nm); | |
| 264 | sa = (struct sockaddr*)&raddr->node.addr; | |
| 265 | if (rrtype == LDNS_RR_TYPE_CNAME && raddr->data) { | |
| 266 | log_err("CNAME response-ip data (%s) can not co-exist with other " | |
| 267 | "response-ip data for netblock %s", rrstr, netblock); | |
| 268 | return 0; | |
| 269 | } else if (raddr->data && | |
| 270 | raddr->data->rk.type == htons(LDNS_RR_TYPE_CNAME)) { | |
| 271 | log_err("response-ip data (%s) can not be added; CNAME response-ip " | |
| 272 | "data already in place for netblock %s", rrstr, netblock); | |
| 273 | return 0; | |
| 274 | } else if((rrtype != LDNS_RR_TYPE_CNAME) && | |
| 275 | ((sa->sa_family == AF_INET && rrtype != LDNS_RR_TYPE_A) || | |
| 276 | (sa->sa_family == AF_INET6 && rrtype != LDNS_RR_TYPE_AAAA))) { | |
| 277 | log_err("response-ip data %s record type does not correspond " | |
| 278 | "to netblock %s address family", rrstr, netblock); | |
| 279 | return 0; | |
| 280 | } | |
| 281 | ||
| 282 | if(!raddr->data) { | |
| 283 | raddr->data = new_rrset(region, rrtype, rrclass); | |
| 284 | if(!raddr->data) | |
| 285 | return 0; | |
| 286 | } | |
| 287 | pd = raddr->data->entry.data; | |
| 288 | return rrset_insert_rr(region, pd, rdata, rdata_len, ttl, rrstr); | |
| 289 | } | |
| 290 | ||
| 291 | static int | |
| 292 | respip_data_cfg(struct respip_set* set, const char* ipstr, const char* rrstr) | |
| 293 | { | |
| 294 | struct resp_addr* node; | |
| 295 | ||
| 296 | node=respip_find_or_create(set, ipstr, 0); | |
| 297 | if(!node || node->action == respip_none) { | |
| 298 | log_err("cannot parse response-ip-data %s: " | |
| 299 | "response-ip node for %s not found", rrstr, ipstr); | |
| 300 | return 0; | |
| 301 | } | |
| 302 | return respip_enter_rr(set->region, node, rrstr, ipstr); | |
| 303 | } | |
| 304 | ||
| 305 | static int | |
| 306 | respip_set_apply_cfg(struct respip_set* set, char* const* tagname, int num_tags, | |
| 307 | struct config_strbytelist* respip_tags, | |
| 308 | struct config_str2list* respip_actions, | |
| 309 | struct config_str2list* respip_data) | |
| 310 | { | |
| 311 | struct config_strbytelist* p; | |
| 312 | struct config_str2list* pa; | |
| 313 | struct config_str2list* pd; | |
| 314 | ||
| 315 | set->tagname = tagname; | |
| 316 | set->num_tags = num_tags; | |
| 317 | ||
| 318 | p = respip_tags; | |
| 319 | while(p) { | |
| 320 | struct config_strbytelist* np = p->next; | |
| 321 | ||
| 322 | log_assert(p->str && p->str2); | |
| 323 | if(!respip_tag_cfg(set, p->str, p->str2, p->str2len)) { | |
| 324 | config_del_strbytelist(p); | |
| 325 | return 0; | |
| 326 | } | |
| 327 | free(p->str); | |
| 328 | free(p->str2); | |
| 329 | free(p); | |
| 330 | p = np; | |
| 331 | } | |
| 332 | ||
| 333 | pa = respip_actions; | |
| 334 | while(pa) { | |
| 335 | struct config_str2list* np = pa->next; | |
| 336 | log_assert(pa->str && pa->str2); | |
| 337 | if(!respip_action_cfg(set, pa->str, pa->str2)) { | |
| 338 | config_deldblstrlist(pa); | |
| 339 | return 0; | |
| 340 | } | |
| 341 | free(pa->str); | |
| 342 | free(pa->str2); | |
| 343 | free(pa); | |
| 344 | pa = np; | |
| 345 | } | |
| 346 | ||
| 347 | pd = respip_data; | |
| 348 | while(pd) { | |
| 349 | struct config_str2list* np = pd->next; | |
| 350 | log_assert(pd->str && pd->str2); | |
| 351 | if(!respip_data_cfg(set, pd->str, pd->str2)) { | |
| 352 | config_deldblstrlist(pd); | |
| 353 | return 0; | |
| 354 | } | |
| 355 | free(pd->str); | |
| 356 | free(pd->str2); | |
| 357 | free(pd); | |
| 358 | pd = np; | |
| 359 | } | |
| 360 | ||
| 361 | return 1; | |
| 362 | } | |
| 363 | ||
| 364 | int | |
| 365 | respip_global_apply_cfg(struct respip_set* set, struct config_file* cfg) | |
| 366 | { | |
| 367 | int ret = respip_set_apply_cfg(set, cfg->tagname, cfg->num_tags, | |
| 368 | cfg->respip_tags, cfg->respip_actions, cfg->respip_data); | |
| 369 | cfg->respip_data = NULL; | |
| 370 | cfg->respip_actions = NULL; | |
| 371 | cfg->respip_tags = NULL; | |
| 372 | return ret; | |
| 373 | } | |
| 374 | ||
| 375 | /** Iterate through raw view data and apply the view-specific respip | |
| 376 | * configuration; at this point we should have already seen all the views, | |
| 377 | * so if any of the views that respip data refer to does not exist, that's | |
| 378 | * an error. This additional iteration through view configuration data | |
| 379 | * is expected to not have significant performance impact (or rather, its | |
| 380 | * performance impact is not expected to be prohibitive in the configuration | |
| 381 | * processing phase). | |
| 382 | */ | |
| 383 | int | |
| 384 | respip_views_apply_cfg(struct views* vs, struct config_file* cfg, | |
| 385 | int* have_view_respip_cfg) | |
| 386 | { | |
| 387 | struct config_view* cv; | |
| 388 | struct view* v; | |
| 389 | int ret; | |
| 390 | ||
| 391 | for(cv = cfg->views; cv; cv = cv->next) { | |
| 392 | ||
| 393 | /** if no respip config for this view then there's | |
| 394 | * nothing to do; note that even though respip data must go | |
| 395 | * with respip action, we're checking for both here because | |
| 396 | * we want to catch the case where the respip action is missing | |
| 397 | * while the data is present */ | |
| 398 | if(!cv->respip_actions && !cv->respip_data) | |
| 399 | continue; | |
| 400 | ||
| 401 | if(!(v = views_find_view(vs, cv->name, 1))) { | |
| 402 | log_err("view '%s' unexpectedly missing", cv->name); | |
| 403 | return 0; | |
| 404 | } | |
| 405 | if(!v->respip_set) { | |
| 406 | v->respip_set = respip_set_create(); | |
| 407 | if(!v->respip_set) { | |
| 408 | log_err("out of memory"); | |
| 409 | lock_rw_unlock(&v->lock); | |
| 410 | return 0; | |
| 411 | } | |
| 412 | } | |
| 413 | ret = respip_set_apply_cfg(v->respip_set, NULL, 0, NULL, | |
| 414 | cv->respip_actions, cv->respip_data); | |
| 415 | lock_rw_unlock(&v->lock); | |
| 416 | if(!ret) { | |
| 417 | log_err("Error while applying respip configuration " | |
| 418 | "for view '%s'", cv->name); | |
| 419 | return 0; | |
| 420 | } | |
| 421 | *have_view_respip_cfg = (*have_view_respip_cfg || | |
| 422 | v->respip_set->ip_tree.count); | |
| 423 | cv->respip_actions = NULL; | |
| 424 | cv->respip_data = NULL; | |
| 425 | } | |
| 426 | return 1; | |
| 427 | } | |
| 428 | ||
| 429 | /** | |
| 430 | * make a deep copy of 'key' in 'region'. | |
| 431 | * This is largely derived from packed_rrset_copy_region() and | |
| 432 | * packed_rrset_ptr_fixup(), but differs in the following points: | |
| 433 | * | |
| 434 | * - It doesn't assume all data in 'key' are in a contiguous memory region. | |
| 435 | * Although that would be the case in most cases, 'key' can be passed from | |
| 436 | * a lower-level module and it might not build the rrset to meet the | |
| 437 | * assumption. In fact, an rrset specified as response-ip-data or generated | |
| 438 | * in local_data_find_tag_datas() breaks the assumption. So it would be | |
| 439 | * safer not to naively rely on the assumption. On the other hand, this | |
| 440 | * function ensures the copied rrset data are in a contiguous region so | |
| 441 | * that it won't cause a disruption even if an upper layer module naively | |
| 442 | * assumes the memory layout. | |
| 443 | * - It doesn't copy RRSIGs (if any) in 'key'. The rrset will be used in | |
| 444 | * a reply that was already faked, so it doesn't make much sense to provide | |
| 445 | * partial sigs even if they are valid themselves. | |
| 446 | * - It doesn't adjust TTLs as it basically has to be a verbatim copy of 'key' | |
| 447 | * just allocated in 'region' (the assumption is necessary TTL adjustment | |
| 448 | * has been already done in 'key'). | |
| 449 | * | |
| 450 | * This function returns the copied rrset key on success, and NULL on memory | |
| 451 | * allocation failure. | |
| 452 | */ | |
| 453 | struct ub_packed_rrset_key* | |
| 454 | copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region) | |
| 455 | { | |
| 456 | struct ub_packed_rrset_key* ck = regional_alloc(region, | |
| 457 | sizeof(struct ub_packed_rrset_key)); | |
| 458 | struct packed_rrset_data* d; | |
| 459 | struct packed_rrset_data* data = key->entry.data; | |
| 460 | size_t dsize, i; | |
| 461 | uint8_t* nextrdata; | |
| 462 | ||
| 463 | /* derived from packed_rrset_copy_region(), but don't use | |
| 464 | * packed_rrset_sizeof() and do exclude RRSIGs */ | |
| 465 | if(!ck) | |
| 466 | return NULL; | |
| 467 | ck->id = key->id; | |
| 468 | memset(&ck->entry, 0, sizeof(ck->entry)); | |
| 469 | ck->entry.hash = key->entry.hash; | |
| 470 | ck->entry.key = ck; | |
| 471 | ck->rk = key->rk; | |
| 472 | ck->rk.dname = regional_alloc_init(region, key->rk.dname, | |
| 473 | key->rk.dname_len); | |
| 474 | if(!ck->rk.dname) | |
| 475 | return NULL; | |
| 476 | ||
| 477 | dsize = sizeof(struct packed_rrset_data) + data->count * | |
| 478 | (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)); | |
| 479 | for(i=0; i<data->count; i++) | |
| 480 | dsize += data->rr_len[i]; | |
| 481 | d = regional_alloc(region, dsize); | |
| 482 | if(!d) | |
| 483 | return NULL; | |
| 484 | *d = *data; | |
| 485 | d->rrsig_count = 0; | |
| 486 | ck->entry.data = d; | |
| 487 | ||
| 488 | /* derived from packed_rrset_ptr_fixup() with copying the data */ | |
| 489 | d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data)); | |
| 490 | d->rr_data = (uint8_t**)&(d->rr_len[d->count]); | |
| 491 | d->rr_ttl = (time_t*)&(d->rr_data[d->count]); | |
| 492 | nextrdata = (uint8_t*)&(d->rr_ttl[d->count]); | |
| 493 | for(i=0; i<d->count; i++) { | |
| 494 | d->rr_len[i] = data->rr_len[i]; | |
| 495 | d->rr_ttl[i] = data->rr_ttl[i]; | |
| 496 | d->rr_data[i] = nextrdata; | |
| 497 | memcpy(d->rr_data[i], data->rr_data[i], data->rr_len[i]); | |
| 498 | nextrdata += d->rr_len[i]; | |
| 499 | } | |
| 500 | ||
| 501 | return ck; | |
| 502 | } | |
| 503 | ||
| 504 | int | |
| 505 | respip_init(struct module_env* env, int id) | |
| 506 | { | |
| 507 | (void)env; | |
| 508 | (void)id; | |
| 509 | return 1; | |
| 510 | } | |
| 511 | ||
| 512 | void | |
| 513 | respip_deinit(struct module_env* env, int id) | |
| 514 | { | |
| 515 | (void)env; | |
| 516 | (void)id; | |
| 517 | } | |
| 518 | ||
| 519 | /** Convert a packed AAAA or A RRset to sockaddr. */ | |
| 520 | static int | |
| 521 | rdata2sockaddr(const struct packed_rrset_data* rd, uint16_t rtype, size_t i, | |
| 522 | struct sockaddr_storage* ss, socklen_t* addrlenp) | |
| 523 | { | |
| 524 | /* unbound can accept and cache odd-length AAAA/A records, so we have | |
| 525 | * to validate the length. */ | |
| 526 | if(rtype == LDNS_RR_TYPE_A && rd->rr_len[i] == 6) { | |
| 527 | struct sockaddr_in* sa4 = (struct sockaddr_in*)ss; | |
| 528 | ||
| 529 | memset(sa4, 0, sizeof(*sa4)); | |
| 530 | sa4->sin_family = AF_INET; | |
| 531 | memcpy(&sa4->sin_addr, rd->rr_data[i] + 2, | |
| 532 | sizeof(sa4->sin_addr)); | |
| 533 | *addrlenp = sizeof(*sa4); | |
| 534 | return 1; | |
| 535 | } else if(rtype == LDNS_RR_TYPE_AAAA && rd->rr_len[i] == 18) { | |
| 536 | struct sockaddr_in6* sa6 = (struct sockaddr_in6*)ss; | |
| 537 | ||
| 538 | memset(sa6, 0, sizeof(*sa6)); | |
| 539 | sa6->sin6_family = AF_INET6; | |
| 540 | memcpy(&sa6->sin6_addr, rd->rr_data[i] + 2, | |
| 541 | sizeof(sa6->sin6_addr)); | |
| 542 | *addrlenp = sizeof(*sa6); | |
| 543 | return 1; | |
| 544 | } | |
| 545 | return 0; | |
| 546 | } | |
| 547 | ||
| 548 | /** | |
| 549 | * Search the given 'iptree' for response address information that matches | |
| 550 | * any of the IP addresses in an AAAA or A in the answer section of the | |
| 551 | * response (stored in 'rep'). If found, a pointer to the matched resp_addr | |
| 552 | * structure will be returned, and '*rrset_id' is set to the index in | |
| 553 | * rep->rrsets for the RRset that contains the matching IP address record | |
| 554 | * (the index is normally 0, but can be larger than that if this is a CNAME | |
| 555 | * chain or type-ANY response). | |
| 556 | */ | |
| 557 | static const struct resp_addr* | |
| 558 | respip_addr_lookup(const struct reply_info *rep, struct rbtree_type* iptree, | |
| 559 | size_t* rrset_id) | |
| 560 | { | |
| 561 | size_t i; | |
| 562 | struct resp_addr* ra; | |
| 563 | struct sockaddr_storage ss; | |
| 564 | socklen_t addrlen; | |
| 565 | ||
| 566 | for(i=0; i<rep->an_numrrsets; i++) { | |
| 567 | size_t j; | |
| 568 | const struct packed_rrset_data* rd; | |
| 569 | uint16_t rtype = ntohs(rep->rrsets[i]->rk.type); | |
| 570 | ||
| 571 | if(rtype != LDNS_RR_TYPE_A && rtype != LDNS_RR_TYPE_AAAA) | |
| 572 | continue; | |
| 573 | rd = rep->rrsets[i]->entry.data; | |
| 574 | for(j = 0; j < rd->count; j++) { | |
| 575 | if(!rdata2sockaddr(rd, rtype, j, &ss, &addrlen)) | |
| 576 | continue; | |
| 577 | ra = (struct resp_addr*)addr_tree_lookup(iptree, &ss, | |
| 578 | addrlen); | |
| 579 | if(ra) { | |
| 580 | *rrset_id = i; | |
| 581 | return ra; | |
| 582 | } | |
| 583 | } | |
| 584 | } | |
| 585 | ||
| 586 | return NULL; | |
| 587 | } | |
| 588 | ||
| 589 | /* | |
| 590 | * Create a new reply_info based on 'rep'. The new info is based on | |
| 591 | * the passed 'rep', but ignores any rrsets except for the first 'an_numrrsets' | |
| 592 | * RRsets in the answer section. These answer rrsets are copied to the | |
| 593 | * new info, up to 'copy_rrsets' rrsets (which must not be larger than | |
| 594 | * 'an_numrrsets'). If an_numrrsets > copy_rrsets, the remaining rrsets array | |
| 595 | * entries will be kept empty so the caller can fill them later. When rrsets | |
| 596 | * are copied, they are shallow copied. The caller must ensure that the | |
| 597 | * copied rrsets are valid throughout its lifetime and must provide appropriate | |
| 598 | * mutex if it can be shared by multiple threads. | |
| 599 | */ | |
| 600 | static struct reply_info * | |
| 601 | make_new_reply_info(const struct reply_info* rep, struct regional* region, | |
| 602 | size_t an_numrrsets, size_t copy_rrsets) | |
| 603 | { | |
| 604 | struct reply_info* new_rep; | |
| 605 | size_t i; | |
| 606 | ||
| 607 | /* create a base struct. we specify 'insecure' security status as | |
| 608 | * the modified response won't be DNSSEC-valid. In our faked response | |
| 609 | * the authority and additional sections will be empty (except possible | |
| 610 | * EDNS0 OPT RR in the additional section appended on sending it out), | |
| 611 | * so the total number of RRsets is an_numrrsets. */ | |
| 612 | new_rep = construct_reply_info_base(region, rep->flags, | |
| 613 | rep->qdcount, rep->ttl, rep->prefetch_ttl, an_numrrsets, | |
| 614 | 0, 0, an_numrrsets, sec_status_insecure); | |
| 615 | if(!new_rep) | |
| 616 | return NULL; | |
| 617 | if(!reply_info_alloc_rrset_keys(new_rep, NULL, region)) | |
| 618 | return NULL; | |
| 619 | for(i=0; i<copy_rrsets; i++) | |
| 620 | new_rep->rrsets[i] = rep->rrsets[i]; | |
| 621 | ||
| 622 | return new_rep; | |
| 623 | } | |
| 624 | ||
| 625 | /** | |
| 626 | * See if response-ip or tag data should override the original answer rrset | |
| 627 | * (which is rep->rrsets[rrset_id]) and if so override it. | |
| 628 | * This is (mostly) equivalent to localzone.c:local_data_answer() but for | |
| 629 | * response-ip actions. | |
| 630 | * Note that this function distinguishes error conditions from "success but | |
| 631 | * not overridden". This is because we want to avoid accidentally applying | |
| 632 | * the "no data" action in case of error. | |
| 633 | * @param raddr: address span that requires an action | |
| 634 | * @param action: action to apply | |
| 635 | * @param qtype: original query type | |
| 636 | * @param rep: original reply message | |
| 637 | * @param rrset_id: the rrset ID in 'rep' to which the action should apply | |
| 638 | * @param new_repp: see respip_rewrite_reply | |
| 639 | * @param tag: if >= 0 the tag ID used to determine the action and data | |
| 640 | * @param tag_datas: data corresponding to 'tag'. | |
| 641 | * @param tag_datas_size: size of 'tag_datas' | |
| 642 | * @param tagname: array of tag names, used for logging | |
| 643 | * @param num_tags: size of 'tagname', used for logging | |
| 644 | * @param redirect_rrsetp: ptr to redirect record | |
| 645 | * @param region: region for building new reply | |
| 646 | * @return 1 if overridden, 0 if not overridden, -1 on error. | |
| 647 | */ | |
| 648 | static int | |
| 649 | respip_data_answer(const struct resp_addr* raddr, enum respip_action action, | |
| 650 | uint16_t qtype, const struct reply_info* rep, | |
| 651 | size_t rrset_id, struct reply_info** new_repp, int tag, | |
| 652 | struct config_strlist** tag_datas, size_t tag_datas_size, | |
| 653 | char* const* tagname, int num_tags, | |
| 654 | struct ub_packed_rrset_key** redirect_rrsetp, struct regional* region) | |
| 655 | { | |
| 656 | struct ub_packed_rrset_key* rp = raddr->data; | |
| 657 | struct reply_info* new_rep; | |
| 658 | *redirect_rrsetp = NULL; | |
| 659 | ||
| 660 | if(action == respip_redirect && tag != -1 && | |
| 661 | (size_t)tag<tag_datas_size && tag_datas[tag]) { | |
| 662 | struct query_info dataqinfo; | |
| 663 | struct ub_packed_rrset_key r; | |
| 664 | ||
| 665 | /* Extract parameters of the original answer rrset that can be | |
| 666 | * rewritten below, in the form of query_info. Note that these | |
| 667 | * can be different from the info of the original query if the | |
| 668 | * rrset is a CNAME target.*/ | |
| 669 | memset(&dataqinfo, 0, sizeof(dataqinfo)); | |
| 670 | dataqinfo.qname = rep->rrsets[rrset_id]->rk.dname; | |
| 671 | dataqinfo.qname_len = rep->rrsets[rrset_id]->rk.dname_len; | |
| 672 | dataqinfo.qtype = ntohs(rep->rrsets[rrset_id]->rk.type); | |
| 673 | dataqinfo.qclass = ntohs(rep->rrsets[rrset_id]->rk.rrset_class); | |
| 674 | ||
| 675 | memset(&r, 0, sizeof(r)); | |
| 676 | if(local_data_find_tag_datas(&dataqinfo, tag_datas[tag], &r, | |
| 677 | region)) { | |
| 678 | verbose(VERB_ALGO, | |
| 679 | "response-ip redirect with tag data [%d] %s", | |
| 680 | tag, (tag<num_tags?tagname[tag]:"null")); | |
| 681 | /* use copy_rrset() to 'normalize' memory layout */ | |
| 682 | rp = copy_rrset(&r, region); | |
| 683 | if(!rp) | |
| 684 | return -1; | |
| 685 | } | |
| 686 | } | |
| 687 | if(!rp) | |
| 688 | return 0; | |
| 689 | ||
| 690 | /* If we are using response-ip-data, we need to make a copy of rrset | |
| 691 | * to replace the rrset's dname. Note that, unlike local data, we | |
| 692 | * rename the dname for other actions than redirect. This is because | |
| 693 | * response-ip-data isn't associated to any specific name. */ | |
| 694 | if(rp == raddr->data) { | |
| 695 | rp = copy_rrset(rp, region); | |
| 696 | if(!rp) | |
| 697 | return -1; | |
| 698 | rp->rk.dname = rep->rrsets[rrset_id]->rk.dname; | |
| 699 | rp->rk.dname_len = rep->rrsets[rrset_id]->rk.dname_len; | |
| 700 | } | |
| 701 | ||
| 702 | /* Build a new reply with redirect rrset. We keep any preceding CNAMEs | |
| 703 | * and replace the address rrset that triggers the action. If it's | |
| 704 | * type ANY query, however, no other answer records should be kept | |
| 705 | * (note that it can't be a CNAME chain in this case due to | |
| 706 | * sanitizing). */ | |
| 707 | if(qtype == LDNS_RR_TYPE_ANY) | |
| 708 | rrset_id = 0; | |
| 709 | new_rep = make_new_reply_info(rep, region, rrset_id + 1, rrset_id); | |
| 710 | if(!new_rep) | |
| 711 | return -1; | |
| 712 | rp->rk.flags |= PACKED_RRSET_FIXEDTTL; /* avoid adjusting TTL */ | |
| 713 | new_rep->rrsets[rrset_id] = rp; | |
| 714 | ||
| 715 | *redirect_rrsetp = rp; | |
| 716 | *new_repp = new_rep; | |
| 717 | return 1; | |
| 718 | } | |
| 719 | ||
| 720 | /** | |
| 721 | * apply response ip action in case where no action data is provided. | |
| 722 | * this is similar to localzone.c:lz_zone_answer() but simplified due to | |
| 723 | * the characteristics of response ip: | |
| 724 | * - 'deny' variants will be handled at the caller side | |
| 725 | * - no specific processing for 'transparent' variants: unlike local zones, | |
| 726 | * there is no such a case of 'no data but name existing'. so all variants | |
| 727 | * just mean 'transparent if no data'. | |
| 728 | * @param qtype: query type | |
| 729 | * @param action: found action | |
| 730 | * @param rep: | |
| 731 | * @param new_repp | |
| 732 | * @param rrset_id | |
| 733 | * @param region: region for building new reply | |
| 734 | * @return 1 on success, 0 on error. | |
| 735 | */ | |
| 736 | static int | |
| 737 | respip_nodata_answer(uint16_t qtype, enum respip_action action, | |
| 738 | const struct reply_info *rep, size_t rrset_id, | |
| 739 | struct reply_info** new_repp, struct regional* region) | |
| 740 | { | |
| 741 | struct reply_info* new_rep; | |
| 742 | ||
| 743 | if(action == respip_refuse || action == respip_always_refuse) { | |
| 744 | new_rep = make_new_reply_info(rep, region, 0, 0); | |
| 745 | if(!new_rep) | |
| 746 | return 0; | |
| 747 | FLAGS_SET_RCODE(new_rep->flags, LDNS_RCODE_REFUSED); | |
| 748 | *new_repp = new_rep; | |
| 749 | return 1; | |
| 750 | } else if(action == respip_static || action == respip_redirect || | |
| 751 | action == respip_always_nxdomain) { | |
| 752 | /* Since we don't know about other types of the owner name, | |
| 753 | * we generally return NOERROR/NODATA unless an NXDOMAIN action | |
| 754 | * is explicitly specified. */ | |
| 755 | int rcode = (action == respip_always_nxdomain)? | |
| 756 | LDNS_RCODE_NXDOMAIN:LDNS_RCODE_NOERROR; | |
| 757 | ||
| 758 | /* We should empty the answer section except for any preceding | |
| 759 | * CNAMEs (in that case rrset_id > 0). Type-ANY case is | |
| 760 | * special as noted in respip_data_answer(). */ | |
| 761 | if(qtype == LDNS_RR_TYPE_ANY) | |
| 762 | rrset_id = 0; | |
| 763 | new_rep = make_new_reply_info(rep, region, rrset_id, rrset_id); | |
| 764 | if(!new_rep) | |
| 765 | return 0; | |
| 766 | FLAGS_SET_RCODE(new_rep->flags, rcode); | |
| 767 | *new_repp = new_rep; | |
| 768 | return 1; | |
| 769 | } | |
| 770 | ||
| 771 | return 1; | |
| 772 | } | |
| 773 | ||
| 774 | /** Populate action info structure with the results of response-ip action | |
| 775 | * processing, iff as the result of response-ip processing we are actually | |
| 776 | * taking some action. Only action is set if action_only is true. | |
| 777 | * Returns true on success, false on failure. | |
| 778 | */ | |
| 779 | static int | |
| 780 | populate_action_info(struct respip_action_info* actinfo, | |
| 781 | enum respip_action action, const struct resp_addr* raddr, | |
| 782 | const struct ub_packed_rrset_key* ATTR_UNUSED(rrset), | |
| 783 | int ATTR_UNUSED(tag), const struct respip_set* ATTR_UNUSED(ipset), | |
| 784 | int ATTR_UNUSED(action_only), struct regional* region) | |
| 785 | { | |
| 786 | if(action == respip_none || !raddr) | |
| 787 | return 1; | |
| 788 | actinfo->action = action; | |
| 789 | ||
| 790 | /* for inform variants, make a copy of the matched address block for | |
| 791 | * later logging. We make a copy to proactively avoid disruption if | |
| 792 | * and when we allow a dynamic update to the respip tree. */ | |
| 793 | if(action == respip_inform || action == respip_inform_deny) { | |
| 794 | struct respip_addr_info* a = | |
| 795 | regional_alloc_zero(region, sizeof(*a)); | |
| 796 | if(!a) { | |
| 797 | log_err("out of memory"); | |
| 798 | return 0; | |
| 799 | } | |
| 800 | a->addr = raddr->node.addr; | |
| 801 | a->addrlen = raddr->node.addrlen; | |
| 802 | a->net = raddr->node.net; | |
| 803 | actinfo->addrinfo = a; | |
| 804 | } | |
| 805 | ||
| 806 | return 1; | |
| 807 | } | |
| 808 | ||
| 809 | int | |
| 810 | respip_rewrite_reply(const struct query_info* qinfo, | |
| 811 | const struct respip_client_info* cinfo, const struct reply_info* rep, | |
| 812 | struct reply_info** new_repp, struct respip_action_info* actinfo, | |
| 813 | struct ub_packed_rrset_key** alias_rrset, int search_only, | |
| 814 | struct regional* region) | |
| 815 | { | |
| 816 | const uint8_t* ctaglist; | |
| 817 | size_t ctaglen; | |
| 818 | const uint8_t* tag_actions; | |
| 819 | size_t tag_actions_size; | |
| 820 | struct config_strlist** tag_datas; | |
| 821 | size_t tag_datas_size; | |
| 822 | struct view* view = NULL; | |
| 823 | struct respip_set* ipset = NULL; | |
| 824 | size_t rrset_id = 0; | |
| 825 | enum respip_action action = respip_none; | |
| 826 | int tag = -1; | |
| 827 | const struct resp_addr* raddr = NULL; | |
| 828 | int ret = 1; | |
| 829 | struct ub_packed_rrset_key* redirect_rrset = NULL; | |
| 830 | ||
| 831 | if(!cinfo) | |
| 832 | goto done; | |
| 833 | ctaglist = cinfo->taglist; | |
| 834 | ctaglen = cinfo->taglen; | |
| 835 | tag_actions = cinfo->tag_actions; | |
| 836 | tag_actions_size = cinfo->tag_actions_size; | |
| 837 | tag_datas = cinfo->tag_datas; | |
| 838 | tag_datas_size = cinfo->tag_datas_size; | |
| 839 | view = cinfo->view; | |
| 840 | ipset = cinfo->respip_set; | |
| 841 | ||
| 842 | /** Try to use response-ip config from the view first; use | |
| 843 | * global response-ip config if we don't have the view or we don't | |
| 844 | * have the matching per-view config (and the view allows the use | |
| 845 | * of global data in this case). | |
| 846 | * Note that we lock the view even if we only use view members that | |
| 847 | * currently don't change after creation. This is for safety for | |
| 848 | * future possible changes as the view documentation seems to expect | |
| 849 | * any of its member can change in the view's lifetime. | |
| 850 | * Note also that we assume 'view' is valid in this function, which | |
| 851 | * should be safe (see unbound bug #1191) */ | |
| 852 | if(view) { | |
| 853 | lock_rw_rdlock(&view->lock); | |
| 854 | if(view->respip_set) { | |
| 855 | if((raddr = respip_addr_lookup(rep, | |
| 856 | &view->respip_set->ip_tree, &rrset_id))) { | |
| 857 | /** for per-view respip directives the action | |
| 858 | * can only be direct (i.e. not tag-based) */ | |
| 859 | action = raddr->action; | |
| 860 | } | |
| 861 | } | |
| 862 | if(!raddr && !view->isfirst) | |
| 863 | goto done; | |
| 864 | } | |
| 865 | if(!raddr && ipset && (raddr = respip_addr_lookup(rep, &ipset->ip_tree, | |
| 866 | &rrset_id))) { | |
| 867 | action = (enum respip_action)local_data_find_tag_action( | |
| 868 | raddr->taglist, raddr->taglen, ctaglist, ctaglen, | |
| 869 | tag_actions, tag_actions_size, | |
| 870 | (enum localzone_type)raddr->action, &tag, | |
| 871 | ipset->tagname, ipset->num_tags); | |
| 872 | } | |
| 873 | if(raddr && !search_only) { | |
| 874 | int result = 0; | |
| 875 | ||
| 876 | /* first, see if we have response-ip or tag action for the | |
| 877 | * action except for 'always' variants. */ | |
| 878 | if(action != respip_always_refuse | |
| 879 | && action != respip_always_transparent | |
| 880 | && action != respip_always_nxdomain | |
| 881 | && (result = respip_data_answer(raddr, action, | |
| 882 | qinfo->qtype, rep, rrset_id, new_repp, tag, tag_datas, | |
| 883 | tag_datas_size, ipset->tagname, ipset->num_tags, | |
| 884 | &redirect_rrset, region)) < 0) { | |
| 885 | ret = 0; | |
| 886 | goto done; | |
| 887 | } | |
| 888 | ||
| 889 | /* if no action data applied, take action specific to the | |
| 890 | * action without data. */ | |
| 891 | if(!result && !respip_nodata_answer(qinfo->qtype, action, rep, | |
| 892 | rrset_id, new_repp, region)) { | |
| 893 | ret = 0; | |
| 894 | goto done; | |
| 895 | } | |
| 896 | } | |
| 897 | done: | |
| 898 | if(view) { | |
| 899 | lock_rw_unlock(&view->lock); | |
| 900 | } | |
| 901 | if(ret) { | |
| 902 | /* If we're redirecting the original answer to a | |
| 903 | * CNAME, record the CNAME rrset so the caller can take | |
| 904 | * the appropriate action. Note that we don't check the | |
| 905 | * action type; it should normally be 'redirect', but it | |
| 906 | * can be of other type when a data-dependent tag action | |
| 907 | * uses redirect response-ip data. | |
| 908 | */ | |
| 909 | if(redirect_rrset && | |
| 910 | redirect_rrset->rk.type == ntohs(LDNS_RR_TYPE_CNAME) && | |
| 911 | qinfo->qtype != LDNS_RR_TYPE_ANY) | |
| 912 | *alias_rrset = redirect_rrset; | |
| 913 | /* on success, populate respip result structure */ | |
| 914 | ret = populate_action_info(actinfo, action, raddr, | |
| 915 | redirect_rrset, tag, ipset, search_only, region); | |
| 916 | } | |
| 917 | return ret; | |
| 918 | } | |
| 919 | ||
| 920 | static int | |
| 921 | generate_cname_request(struct module_qstate* qstate, | |
| 922 | struct ub_packed_rrset_key* alias_rrset) | |
| 923 | { | |
| 924 | struct module_qstate* subq = NULL; | |
| 925 | struct query_info subqi; | |
| 926 | ||
| 927 | memset(&subqi, 0, sizeof(subqi)); | |
| 928 | get_cname_target(alias_rrset, &subqi.qname, &subqi.qname_len); | |
| 929 | if(!subqi.qname) | |
| 930 | return 0; /* unexpected: not a valid CNAME RDATA */ | |
| 931 | subqi.qtype = qstate->qinfo.qtype; | |
| 932 | subqi.qclass = qstate->qinfo.qclass; | |
| 933 | fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); | |
| 934 | return (*qstate->env->attach_sub)(qstate, &subqi, BIT_RD, 0, 0, &subq); | |
| 935 | } | |
| 936 | ||
| 937 | void | |
| 938 | respip_operate(struct module_qstate* qstate, enum module_ev event, int id, | |
| 939 | struct outbound_entry* outbound) | |
| 940 | { | |
| 941 | struct respip_qstate* rq = (struct respip_qstate*)qstate->minfo[id]; | |
| 942 | ||
| 943 | log_query_info(VERB_QUERY, "respip operate: query", &qstate->qinfo); | |
| 944 | (void)outbound; | |
| 945 | ||
| 946 | if(event == module_event_new || event == module_event_pass) { | |
| 947 | if(!rq) { | |
| 948 | rq = regional_alloc_zero(qstate->region, sizeof(*rq)); | |
| 949 | if(!rq) | |
| 950 | goto servfail; | |
| 951 | rq->state = RESPIP_INIT; | |
| 952 | qstate->minfo[id] = rq; | |
| 953 | } | |
| 954 | if(rq->state == RESPIP_SUBQUERY_FINISHED) { | |
| 955 | qstate->ext_state[id] = module_finished; | |
| 956 | return; | |
| 957 | } | |
| 958 | verbose(VERB_ALGO, "respip: pass to next module"); | |
| 959 | qstate->ext_state[id] = module_wait_module; | |
| 960 | } else if(event == module_event_moddone) { | |
| 961 | /* If the reply may be subject to response-ip rewriting | |
| 962 | * according to the query type, check the actions. If a | |
| 963 | * rewrite is necessary, we'll replace the reply in qstate | |
| 964 | * with the new one. */ | |
| 965 | enum module_ext_state next_state = module_finished; | |
| 966 | ||
| 967 | if((qstate->qinfo.qtype == LDNS_RR_TYPE_A || | |
| 968 | qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA || | |
| 969 | qstate->qinfo.qtype == LDNS_RR_TYPE_ANY) && | |
| 970 | qstate->return_msg && qstate->return_msg->rep) { | |
| 971 | struct respip_action_info actinfo = {respip_none, NULL}; | |
| 972 | struct reply_info* new_rep = qstate->return_msg->rep; | |
| 973 | struct ub_packed_rrset_key* alias_rrset = NULL; | |
| 974 | ||
| 975 | if(!respip_rewrite_reply(&qstate->qinfo, | |
| 976 | qstate->client_info, qstate->return_msg->rep, | |
| 977 | &new_rep, &actinfo, &alias_rrset, 0, | |
| 978 | qstate->region)) { | |
| 979 | goto servfail; | |
| 980 | } | |
| 981 | if(actinfo.action != respip_none) { | |
| 982 | /* save action info for logging on a | |
| 983 | * per-front-end-query basis */ | |
| 984 | if(!(qstate->respip_action_info = | |
| 985 | regional_alloc_init(qstate->region, | |
| 986 | &actinfo, sizeof(actinfo)))) | |
| 987 | { | |
| 988 | log_err("out of memory"); | |
| 989 | goto servfail; | |
| 990 | } | |
| 991 | } else { | |
| 992 | qstate->respip_action_info = NULL; | |
| 993 | } | |
| 994 | if (new_rep == qstate->return_msg->rep && | |
| 995 | (actinfo.action == respip_deny || | |
| 996 | actinfo.action == respip_inform_deny)) { | |
| 997 | /* for deny-variant actions (unless response-ip | |
| 998 | * data is applied), mark the query state so | |
| 999 | * the response will be dropped for all | |
| 1000 | * clients. */ | |
| 1001 | qstate->is_drop = 1; | |
| 1002 | } else if(alias_rrset) { | |
| 1003 | if(!generate_cname_request(qstate, alias_rrset)) | |
| 1004 | goto servfail; | |
| 1005 | next_state = module_wait_subquery; | |
| 1006 | } | |
| 1007 | qstate->return_msg->rep = new_rep; | |
| 1008 | } | |
| 1009 | qstate->ext_state[id] = next_state; | |
| 1010 | } else | |
| 1011 | qstate->ext_state[id] = module_finished; | |
| 1012 | ||
| 1013 | return; | |
| 1014 | ||
| 1015 | servfail: | |
| 1016 | qstate->return_rcode = LDNS_RCODE_SERVFAIL; | |
| 1017 | qstate->return_msg = NULL; | |
| 1018 | } | |
| 1019 | ||
| 1020 | int | |
| 1021 | respip_merge_cname(struct reply_info* base_rep, | |
| 1022 | const struct query_info* qinfo, const struct reply_info* tgt_rep, | |
| 1023 | const struct respip_client_info* cinfo, int must_validate, | |
| 1024 | struct reply_info** new_repp, struct regional* region) | |
| 1025 | { | |
| 1026 | struct reply_info* new_rep; | |
| 1027 | struct reply_info* tmp_rep = NULL; /* just a placeholder */ | |
| 1028 | struct ub_packed_rrset_key* alias_rrset = NULL; /* ditto */ | |
| 1029 | uint16_t tgt_rcode; | |
| 1030 | size_t i, j; | |
| 1031 | struct respip_action_info actinfo = {respip_none, NULL}; | |
| 1032 | ||
| 1033 | /* If the query for the CNAME target would result in an unusual rcode, | |
| 1034 | * we generally translate it as a failure for the base query | |
| 1035 | * (which would then be translated into SERVFAIL). The only exception | |
| 1036 | * is NXDOMAIN and YXDOMAIN, which are passed to the end client(s). | |
| 1037 | * The YXDOMAIN case would be rare but still possible (when | |
| 1038 | * DNSSEC-validated DNAME has been cached but synthesizing CNAME | |
| 1039 | * can't be generated due to length limitation) */ | |
| 1040 | tgt_rcode = FLAGS_GET_RCODE(tgt_rep->flags); | |
| 1041 | if((tgt_rcode != LDNS_RCODE_NOERROR && | |
| 1042 | tgt_rcode != LDNS_RCODE_NXDOMAIN && | |
| 1043 | tgt_rcode != LDNS_RCODE_YXDOMAIN) || | |
| 1044 | (must_validate && tgt_rep->security <= sec_status_bogus)) { | |
| 1045 | return 0; | |
| 1046 | } | |
| 1047 | ||
| 1048 | /* see if the target reply would be subject to a response-ip action. */ | |
| 1049 | if(!respip_rewrite_reply(qinfo, cinfo, tgt_rep, &tmp_rep, &actinfo, | |
| 1050 | &alias_rrset, 1, region)) | |
| 1051 | return 0; | |
| 1052 | if(actinfo.action != respip_none) { | |
| 1053 | log_info("CNAME target of redirect response-ip action would " | |
| 1054 | "be subject to response-ip action, too; stripped"); | |
| 1055 | *new_repp = base_rep; | |
| 1056 | return 1; | |
| 1057 | } | |
| 1058 | ||
| 1059 | /* Append target reply to the base. Since we cannot assume | |
| 1060 | * tgt_rep->rrsets is valid throughout the lifetime of new_rep | |
| 1061 | * or it can be safely shared by multiple threads, we need to make a | |
| 1062 | * deep copy. */ | |
| 1063 | new_rep = make_new_reply_info(base_rep, region, | |
| 1064 | base_rep->an_numrrsets + tgt_rep->an_numrrsets, | |
| 1065 | base_rep->an_numrrsets); | |
| 1066 | if(!new_rep) | |
| 1067 | return 0; | |
| 1068 | for(i=0,j=base_rep->an_numrrsets; i<tgt_rep->an_numrrsets; i++,j++) { | |
| 1069 | new_rep->rrsets[j] = copy_rrset(tgt_rep->rrsets[i], region); | |
| 1070 | if(!new_rep->rrsets[j]) | |
| 1071 | return 0; | |
| 1072 | } | |
| 1073 | ||
| 1074 | FLAGS_SET_RCODE(new_rep->flags, tgt_rcode); | |
| 1075 | *new_repp = new_rep; | |
| 1076 | return 1; | |
| 1077 | } | |
| 1078 | ||
| 1079 | void | |
| 1080 | respip_inform_super(struct module_qstate* qstate, int id, | |
| 1081 | struct module_qstate* super) | |
| 1082 | { | |
| 1083 | struct respip_qstate* rq = (struct respip_qstate*)super->minfo[id]; | |
| 1084 | struct reply_info* new_rep = NULL; | |
| 1085 | ||
| 1086 | rq->state = RESPIP_SUBQUERY_FINISHED; | |
| 1087 | ||
| 1088 | /* respip subquery should have always been created with a valid reply | |
| 1089 | * in super. */ | |
| 1090 | log_assert(super->return_msg && super->return_msg->rep); | |
| 1091 | ||
| 1092 | /* return_msg can be NULL when, e.g., the sub query resulted in | |
| 1093 | * SERVFAIL, in which case we regard it as a failure of the original | |
| 1094 | * query. Other checks are probably redundant, but we check them | |
| 1095 | * for safety. */ | |
| 1096 | if(!qstate->return_msg || !qstate->return_msg->rep || | |
| 1097 | qstate->return_rcode != LDNS_RCODE_NOERROR) | |
| 1098 | goto fail; | |
| 1099 | ||
| 1100 | if(!respip_merge_cname(super->return_msg->rep, &qstate->qinfo, | |
| 1101 | qstate->return_msg->rep, super->client_info, | |
| 1102 | super->env->need_to_validate, &new_rep, super->region)) | |
| 1103 | goto fail; | |
| 1104 | super->return_msg->rep = new_rep; | |
| 1105 | return; | |
| 1106 | ||
| 1107 | fail: | |
| 1108 | super->return_rcode = LDNS_RCODE_SERVFAIL; | |
| 1109 | super->return_msg = NULL; | |
| 1110 | return; | |
| 1111 | } | |
| 1112 | ||
| 1113 | void | |
| 1114 | respip_clear(struct module_qstate* qstate, int id) | |
| 1115 | { | |
| 1116 | qstate->minfo[id] = NULL; | |
| 1117 | } | |
| 1118 | ||
| 1119 | size_t | |
| 1120 | respip_get_mem(struct module_env* env, int id) | |
| 1121 | { | |
| 1122 | (void)env; | |
| 1123 | (void)id; | |
| 1124 | return 0; | |
| 1125 | } | |
| 1126 | ||
| 1127 | /** | |
| 1128 | * The response-ip function block | |
| 1129 | */ | |
| 1130 | static struct module_func_block respip_block = { | |
| 1131 | "respip", | |
| 1132 | &respip_init, &respip_deinit, &respip_operate, &respip_inform_super, | |
| 1133 | &respip_clear, &respip_get_mem | |
| 1134 | }; | |
| 1135 | ||
| 1136 | struct module_func_block* | |
| 1137 | respip_get_funcblock(void) | |
| 1138 | { | |
| 1139 | return &respip_block; | |
| 1140 | } | |
| 1141 | ||
| 1142 | enum respip_action | |
| 1143 | resp_addr_get_action(const struct resp_addr* addr) | |
| 1144 | { | |
| 1145 | return addr ? addr->action : respip_none; | |
| 1146 | } | |
| 1147 | ||
| 1148 | struct ub_packed_rrset_key* | |
| 1149 | resp_addr_get_rrset(struct resp_addr* addr) | |
| 1150 | { | |
| 1151 | return addr ? addr->data : NULL; | |
| 1152 | } | |
| 1153 | ||
| 1154 | int | |
| 1155 | respip_set_is_empty(const struct respip_set* set) | |
| 1156 | { | |
| 1157 | return set ? set->ip_tree.count == 0 : 1; | |
| 1158 | } | |
| 1159 | ||
| 1160 | void | |
| 1161 | respip_inform_print(struct respip_addr_info* respip_addr, uint8_t* qname, | |
| 1162 | uint16_t qtype, uint16_t qclass, struct local_rrset* local_alias, | |
| 1163 | struct comm_reply* repinfo) | |
| 1164 | { | |
| 1165 | char srcip[128], respip[128], txt[512]; | |
| 1166 | unsigned port; | |
| 1167 | ||
| 1168 | if(local_alias) | |
| 1169 | qname = local_alias->rrset->rk.dname; | |
| 1170 | port = (unsigned)((repinfo->addr.ss_family == AF_INET) ? | |
| 1171 | ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port) : | |
| 1172 | ntohs(((struct sockaddr_in6*)&repinfo->addr)->sin6_port)); | |
| 1173 | addr_to_str(&repinfo->addr, repinfo->addrlen, srcip, sizeof(srcip)); | |
| 1174 | addr_to_str(&respip_addr->addr, respip_addr->addrlen, | |
| 1175 | respip, sizeof(respip)); | |
| 1176 | snprintf(txt, sizeof(txt), "%s/%d inform %s@%u", respip, | |
| 1177 | respip_addr->net, srcip, port); | |
| 1178 | log_nametypeclass(0, txt, qname, qtype, qclass); | |
| 1179 | } |
| 0 | /* | |
| 1 | * respip/respip.h - IP-based response modification module | |
| 2 | */ | |
| 3 | ||
| 4 | /** | |
| 5 | * \file | |
| 6 | * | |
| 7 | * This file contains a module that selectively modifies query responses | |
| 8 | * based on their AAAA/A IP addresses. | |
| 9 | */ | |
| 10 | ||
| 11 | #ifndef RESPIP_RESPIP_H | |
| 12 | #define RESPIP_RESPIP_H | |
| 13 | ||
| 14 | #include "util/module.h" | |
| 15 | #include "services/localzone.h" | |
| 16 | ||
| 17 | /** | |
| 18 | * Set of response IP addresses with associated actions and tags. | |
| 19 | * Forward declaration only here. Actual definition is hidden within the | |
| 20 | * module. | |
| 21 | */ | |
| 22 | struct respip_set; | |
| 23 | ||
| 24 | /** | |
| 25 | * Forward declaration for the structure that represents a node in the | |
| 26 | * respip_set address tree | |
| 27 | */ | |
| 28 | struct resp_addr; | |
| 29 | ||
| 30 | /** | |
| 31 | * Forward declaration for the structure that represents a tree of view data. | |
| 32 | */ | |
| 33 | struct views; | |
| 34 | ||
| 35 | struct respip_addr_info; | |
| 36 | ||
| 37 | /** | |
| 38 | * Client-specific attributes that can affect IP-based actions. | |
| 39 | * This is essentially a subset of acl_addr (except for respip_set) but | |
| 40 | * defined as a separate structure to avoid dependency on the daemon-specific | |
| 41 | * structure. | |
| 42 | * respip_set is supposed to refer to the response-ip set for the global view. | |
| 43 | */ | |
| 44 | struct respip_client_info { | |
| 45 | uint8_t* taglist; | |
| 46 | size_t taglen; | |
| 47 | uint8_t* tag_actions; | |
| 48 | size_t tag_actions_size; | |
| 49 | struct config_strlist** tag_datas; | |
| 50 | size_t tag_datas_size; | |
| 51 | struct view* view; | |
| 52 | struct respip_set* respip_set; | |
| 53 | }; | |
| 54 | ||
| 55 | /** | |
| 56 | * Data items representing the result of response-ip processing. | |
| 57 | * Note: this structure currently only define a few members, but exists | |
| 58 | * as a separate struct mainly for the convenience of custom extensions. | |
| 59 | */ | |
| 60 | struct respip_action_info { | |
| 61 | enum respip_action action; | |
| 62 | struct respip_addr_info* addrinfo; /* set only for inform variants */ | |
| 63 | }; | |
| 64 | ||
| 65 | /** | |
| 66 | * Forward declaration for the structure that represents a node in the | |
| 67 | * respip_set address tree | |
| 68 | */ | |
| 69 | struct resp_addr; | |
| 70 | ||
| 71 | /** | |
| 72 | * Create response IP set. | |
| 73 | * @return new struct or NULL on error. | |
| 74 | */ | |
| 75 | struct respip_set* respip_set_create(void); | |
| 76 | ||
| 77 | /** | |
| 78 | * Delete response IP set. | |
| 79 | * @param set: to delete. | |
| 80 | */ | |
| 81 | void respip_set_delete(struct respip_set* set); | |
| 82 | ||
| 83 | /** | |
| 84 | * Apply response-ip config settings to the global (default) view. | |
| 85 | * It assumes exclusive access to set (no internal locks). | |
| 86 | * @param set: processed global respip config data | |
| 87 | * @param cfg: config data. | |
| 88 | * @return 1 on success, 0 on error. | |
| 89 | */ | |
| 90 | int respip_global_apply_cfg(struct respip_set* set, struct config_file* cfg); | |
| 91 | ||
| 92 | /** | |
| 93 | * Apply response-ip config settings in named views. | |
| 94 | * @param vs: view structures with processed config data | |
| 95 | * @param cfg: config data. | |
| 96 | * @param have_view_respip_cfg: set to true if any named view has respip | |
| 97 | * configuration; otherwise set to false | |
| 98 | * @return 1 on success, 0 on error. | |
| 99 | */ | |
| 100 | int respip_views_apply_cfg(struct views* vs, struct config_file* cfg, | |
| 101 | int* have_view_respip_cfg); | |
| 102 | ||
| 103 | /** | |
| 104 | * Merge two replies to build a complete CNAME chain. | |
| 105 | * It appends the content of 'tgt_rep' to 'base_rep', assuming (but not | |
| 106 | * checking) the former ends with a CNAME and the latter resolves its target. | |
| 107 | * A merged new reply will be built using 'region' and *new_repp will point | |
| 108 | * to the new one on success. | |
| 109 | * If the target reply would also be subject to a response-ip action for | |
| 110 | * 'cinfo', this function uses 'base_rep' as the merged reply, ignoring | |
| 111 | * 'tgt_rep'. This is for avoiding cases like a CNAME loop or failure of | |
| 112 | * applying an action to an address. | |
| 113 | * RRSIGs in 'tgt_rep' will be excluded in the merged reply, as the resulting | |
| 114 | * reply is assumed to be faked due to a response-ip action and can't be | |
| 115 | * considered secure in terms of DNSSEC. | |
| 116 | * The caller must ensure that neither 'base_rep' nor 'tgt_rep' can be modified | |
| 117 | * until this function returns. | |
| 118 | * @param base_rep: the reply info containing an incomplete CNAME. | |
| 119 | * @param qinfo: query info corresponding to 'base_rep'. | |
| 120 | * @param tgt_rep: the reply info that completes the CNAME chain. | |
| 121 | * @param cinfo: client info corresponding to 'base_rep'. | |
| 122 | * @param must_validate: whether 'tgt_rep' must be DNSSEC-validated. | |
| 123 | * @param new_repp: pointer placeholder for the merged reply. will be intact | |
| 124 | * on error. | |
| 125 | * @param region: allocator to build *new_repp. | |
| 126 | * @return 1 on success, 0 on error. | |
| 127 | */ | |
| 128 | int respip_merge_cname(struct reply_info* base_rep, | |
| 129 | const struct query_info* qinfo, const struct reply_info* tgt_rep, | |
| 130 | const struct respip_client_info* cinfo, int must_validate, | |
| 131 | struct reply_info** new_repp, struct regional* region); | |
| 132 | ||
| 133 | /** | |
| 134 | * See if any IP-based action should apply to any IP address of AAAA/A answer | |
| 135 | * record in the reply. If so, apply the action. In some cases it rewrites | |
| 136 | * the reply rrsets, in which case *new_repp will point to the updated reply | |
| 137 | * info. Depending on the action, some of the rrsets in 'rep' will be | |
| 138 | * shallow-copied into '*new_repp'; the caller must ensure that the rrsets | |
| 139 | * in 'rep' are valid throughout the lifetime of *new_repp, and it must | |
| 140 | * provide appropriate mutex if the rrsets can be shared by multiple threads. | |
| 141 | * @param qinfo: query info corresponding to the reply. | |
| 142 | * @param cinfo: client-specific info to identify the best matching action. | |
| 143 | * can be NULL. | |
| 144 | * @param rep: original reply info. must not be NULL. | |
| 145 | * @param new_repp: can be set to the rewritten reply info (intact on failure). | |
| 146 | * @param actinfo: result of response-ip processing | |
| 147 | * @param alias_rrset: must not be NULL. | |
| 148 | * @param search_only: if true, only check if an action would apply. actionp | |
| 149 | * will be set (or intact) accordingly but the modified reply won't be built. | |
| 150 | * @param region: allocator to build *new_repp. | |
| 151 | * @return 1 on success, 0 on error. | |
| 152 | */ | |
| 153 | int respip_rewrite_reply(const struct query_info* qinfo, | |
| 154 | const struct respip_client_info* cinfo, | |
| 155 | const struct reply_info *rep, struct reply_info** new_repp, | |
| 156 | struct respip_action_info* actinfo, | |
| 157 | struct ub_packed_rrset_key** alias_rrset, | |
| 158 | int search_only, struct regional* region); | |
| 159 | ||
| 160 | /** | |
| 161 | * Get the response-ip function block. | |
| 162 | * @return: function block with function pointers to response-ip methods. | |
| 163 | */ | |
| 164 | struct module_func_block* respip_get_funcblock(void); | |
| 165 | ||
| 166 | /** response-ip init */ | |
| 167 | int respip_init(struct module_env* env, int id); | |
| 168 | ||
| 169 | /** response-ip deinit */ | |
| 170 | void respip_deinit(struct module_env* env, int id); | |
| 171 | ||
| 172 | /** response-ip operate on a query */ | |
| 173 | void respip_operate(struct module_qstate* qstate, enum module_ev event, int id, | |
| 174 | struct outbound_entry* outbound); | |
| 175 | ||
| 176 | /** inform response-ip super */ | |
| 177 | void respip_inform_super(struct module_qstate* qstate, int id, | |
| 178 | struct module_qstate* super); | |
| 179 | ||
| 180 | /** response-ip cleanup query state */ | |
| 181 | void respip_clear(struct module_qstate* qstate, int id); | |
| 182 | ||
| 183 | /** | |
| 184 | * returns address of the IP address tree of the specified respip set; | |
| 185 | * returns NULL for NULL input; exists for test purposes only | |
| 186 | */ | |
| 187 | struct rbtree_type* respip_set_get_tree(struct respip_set* set); | |
| 188 | ||
| 189 | /** | |
| 190 | * returns respip action for the specified node in the respip address | |
| 191 | * returns respip_none for NULL input; exists for test purposes only | |
| 192 | */ | |
| 193 | enum respip_action resp_addr_get_action(const struct resp_addr* addr); | |
| 194 | ||
| 195 | /** | |
| 196 | * returns rrset portion of the specified node in the respip address | |
| 197 | * tree; returns NULL for NULL input; exists for test purposes only | |
| 198 | */ | |
| 199 | struct ub_packed_rrset_key* resp_addr_get_rrset(struct resp_addr* addr); | |
| 200 | ||
| 201 | /** response-ip alloc size routine */ | |
| 202 | size_t respip_get_mem(struct module_env* env, int id); | |
| 203 | ||
| 204 | /** | |
| 205 | * respip set emptiness test | |
| 206 | * @param set respip set to test | |
| 207 | * @return 0 if the specified set exists (non-NULL) and is non-empty; | |
| 208 | * otherwise returns 1 | |
| 209 | */ | |
| 210 | int respip_set_is_empty(const struct respip_set* set); | |
| 211 | ||
| 212 | /** | |
| 213 | * print log information for a query subject to an inform or inform-deny | |
| 214 | * response-ip action. | |
| 215 | * @param respip_addr: response-ip information that causes the action | |
| 216 | * @param qname: query name in the context, will be ignored if local_alias is | |
| 217 | * non-NULL. | |
| 218 | * @param qtype: query type, in host byte order. | |
| 219 | * @param qclass: query class, in host byte order. | |
| 220 | * @param local_alias: set to a local alias if the query matches an alias in | |
| 221 | * a local zone. In this case its owner name will be considered the actual | |
| 222 | * query name. | |
| 223 | * @param repinfo: reply info containing the client's source address and port. | |
| 224 | */ | |
| 225 | void respip_inform_print(struct respip_addr_info* respip_addr, uint8_t* qname, | |
| 226 | uint16_t qtype, uint16_t qclass, struct local_rrset* local_alias, | |
| 227 | struct comm_reply* repinfo); | |
| 228 | ||
| 229 | #endif /* RESPIP_RESPIP_H */ |
| 0 | /* | |
| 1 | * services/authzone.c - authoritative zone that is locally hosted. | |
| 2 | * | |
| 3 | * Copyright (c) 2017, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | ||
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * This file contains the functions for an authority zone. This zone | |
| 39 | * is queried by the iterator, just like a stub or forward zone, but then | |
| 40 | * the data is locally held. | |
| 41 | */ | |
| 42 | ||
| 43 | #include "config.h" | |
| 44 | #include "services/authzone.h" | |
| 45 | #include "util/data/dname.h" | |
| 46 | #include "util/data/msgreply.h" | |
| 47 | #include "util/data/packed_rrset.h" | |
| 48 | #include "util/regional.h" | |
| 49 | #include "util/net_help.h" | |
| 50 | #include "util/config_file.h" | |
| 51 | #include "util/log.h" | |
| 52 | #include "services/cache/dns.h" | |
| 53 | #include "sldns/rrdef.h" | |
| 54 | #include "sldns/pkthdr.h" | |
| 55 | #include "sldns/sbuffer.h" | |
| 56 | #include "sldns/str2wire.h" | |
| 57 | #include "sldns/wire2str.h" | |
| 58 | #include "sldns/parseutil.h" | |
| 59 | #include "validator/val_nsec3.h" | |
| 60 | #include "validator/val_secalgo.h" | |
| 61 | ||
| 62 | /** bytes to use for NSEC3 hash buffer. 20 for sha1 */ | |
| 63 | #define N3HASHBUFLEN 32 | |
| 64 | /** max number of CNAMEs we are willing to follow (in one answer) */ | |
| 65 | #define MAX_CNAME_CHAIN 8 | |
| 66 | ||
| 67 | /** create new dns_msg */ | |
| 68 | static struct dns_msg* | |
| 69 | msg_create(struct regional* region, struct query_info* qinfo) | |
| 70 | { | |
| 71 | struct dns_msg* msg = (struct dns_msg*)regional_alloc(region, | |
| 72 | sizeof(struct dns_msg)); | |
| 73 | if(!msg) | |
| 74 | return NULL; | |
| 75 | msg->qinfo.qname = regional_alloc_init(region, qinfo->qname, | |
| 76 | qinfo->qname_len); | |
| 77 | if(!msg->qinfo.qname) | |
| 78 | return NULL; | |
| 79 | msg->qinfo.qname_len = qinfo->qname_len; | |
| 80 | msg->qinfo.qtype = qinfo->qtype; | |
| 81 | msg->qinfo.qclass = qinfo->qclass; | |
| 82 | msg->qinfo.local_alias = NULL; | |
| 83 | /* non-packed reply_info, because it needs to grow the array */ | |
| 84 | msg->rep = (struct reply_info*)regional_alloc_zero(region, | |
| 85 | sizeof(struct reply_info)-sizeof(struct rrset_ref)); | |
| 86 | if(!msg->rep) | |
| 87 | return NULL; | |
| 88 | msg->rep->flags = (uint16_t)(BIT_QR | BIT_AA); | |
| 89 | msg->rep->authoritative = 1; | |
| 90 | msg->rep->qdcount = 1; | |
| 91 | /* rrsets is NULL, no rrsets yet */ | |
| 92 | return msg; | |
| 93 | } | |
| 94 | ||
| 95 | /** grow rrset array by one in msg */ | |
| 96 | static int | |
| 97 | msg_grow_array(struct regional* region, struct dns_msg* msg) | |
| 98 | { | |
| 99 | if(msg->rep->rrsets == NULL) { | |
| 100 | msg->rep->rrsets = regional_alloc_zero(region, | |
| 101 | sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1)); | |
| 102 | if(!msg->rep->rrsets) | |
| 103 | return 0; | |
| 104 | } else { | |
| 105 | struct ub_packed_rrset_key** rrsets_old = msg->rep->rrsets; | |
| 106 | msg->rep->rrsets = regional_alloc_zero(region, | |
| 107 | sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1)); | |
| 108 | if(!msg->rep->rrsets) | |
| 109 | return 0; | |
| 110 | memmove(msg->rep->rrsets, rrsets_old, | |
| 111 | sizeof(struct ub_packed_rrset_key*)*msg->rep->rrset_count); | |
| 112 | } | |
| 113 | return 1; | |
| 114 | } | |
| 115 | ||
| 116 | /** get ttl of rrset */ | |
| 117 | static time_t | |
| 118 | get_rrset_ttl(struct ub_packed_rrset_key* k) | |
| 119 | { | |
| 120 | struct packed_rrset_data* d = (struct packed_rrset_data*) | |
| 121 | k->entry.data; | |
| 122 | return d->ttl; | |
| 123 | } | |
| 124 | ||
| 125 | /** Copy rrset into region from domain-datanode and packet rrset */ | |
| 126 | static struct ub_packed_rrset_key* | |
| 127 | auth_packed_rrset_copy_region(struct auth_zone* z, struct auth_data* node, | |
| 128 | struct auth_rrset* rrset, struct regional* region, time_t adjust) | |
| 129 | { | |
| 130 | struct ub_packed_rrset_key key; | |
| 131 | memset(&key, 0, sizeof(key)); | |
| 132 | key.entry.key = &key; | |
| 133 | key.entry.data = rrset->data; | |
| 134 | key.rk.dname = node->name; | |
| 135 | key.rk.dname_len = node->namelen; | |
| 136 | key.rk.type = htons(rrset->type); | |
| 137 | key.rk.rrset_class = htons(z->dclass); | |
| 138 | key.entry.hash = rrset_key_hash(&key.rk); | |
| 139 | return packed_rrset_copy_region(&key, region, adjust); | |
| 140 | } | |
| 141 | ||
| 142 | /** fix up msg->rep TTL and prefetch ttl */ | |
| 143 | static void | |
| 144 | msg_ttl(struct dns_msg* msg) | |
| 145 | { | |
| 146 | if(msg->rep->rrset_count == 0) return; | |
| 147 | if(msg->rep->rrset_count == 1) { | |
| 148 | msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]); | |
| 149 | msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); | |
| 150 | } else if(get_rrset_ttl(msg->rep->rrsets[msg->rep->rrset_count-1]) < | |
| 151 | msg->rep->ttl) { | |
| 152 | msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[ | |
| 153 | msg->rep->rrset_count-1]); | |
| 154 | msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); | |
| 155 | } | |
| 156 | } | |
| 157 | ||
| 158 | /** see if rrset is a duplicate in the answer message */ | |
| 159 | static int | |
| 160 | msg_rrset_duplicate(struct dns_msg* msg, uint8_t* nm, size_t nmlen, | |
| 161 | uint16_t type, uint16_t dclass) | |
| 162 | { | |
| 163 | size_t i; | |
| 164 | for(i=0; i<msg->rep->rrset_count; i++) { | |
| 165 | struct ub_packed_rrset_key* k = msg->rep->rrsets[i]; | |
| 166 | if(ntohs(k->rk.type) == type && k->rk.dname_len == nmlen && | |
| 167 | ntohs(k->rk.rrset_class) == dclass && | |
| 168 | query_dname_compare(k->rk.dname, nm) == 0) | |
| 169 | return 1; | |
| 170 | } | |
| 171 | return 0; | |
| 172 | } | |
| 173 | ||
| 174 | /** add rrset to answer section (no auth, add rrsets yet) */ | |
| 175 | static int | |
| 176 | msg_add_rrset_an(struct auth_zone* z, struct regional* region, | |
| 177 | struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset) | |
| 178 | { | |
| 179 | log_assert(msg->rep->ns_numrrsets == 0); | |
| 180 | log_assert(msg->rep->ar_numrrsets == 0); | |
| 181 | if(!rrset) | |
| 182 | return 1; | |
| 183 | if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type, | |
| 184 | z->dclass)) | |
| 185 | return 1; | |
| 186 | /* grow array */ | |
| 187 | if(!msg_grow_array(region, msg)) | |
| 188 | return 0; | |
| 189 | /* copy it */ | |
| 190 | if(!(msg->rep->rrsets[msg->rep->rrset_count] = | |
| 191 | auth_packed_rrset_copy_region(z, node, rrset, region, 0))) | |
| 192 | return 0; | |
| 193 | msg->rep->rrset_count++; | |
| 194 | msg->rep->an_numrrsets++; | |
| 195 | msg_ttl(msg); | |
| 196 | return 1; | |
| 197 | } | |
| 198 | ||
| 199 | /** add rrset to authority section (no additonal section rrsets yet) */ | |
| 200 | static int | |
| 201 | msg_add_rrset_ns(struct auth_zone* z, struct regional* region, | |
| 202 | struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset) | |
| 203 | { | |
| 204 | log_assert(msg->rep->ar_numrrsets == 0); | |
| 205 | if(!rrset) | |
| 206 | return 1; | |
| 207 | if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type, | |
| 208 | z->dclass)) | |
| 209 | return 1; | |
| 210 | /* grow array */ | |
| 211 | if(!msg_grow_array(region, msg)) | |
| 212 | return 0; | |
| 213 | /* copy it */ | |
| 214 | if(!(msg->rep->rrsets[msg->rep->rrset_count] = | |
| 215 | auth_packed_rrset_copy_region(z, node, rrset, region, 0))) | |
| 216 | return 0; | |
| 217 | msg->rep->rrset_count++; | |
| 218 | msg->rep->ns_numrrsets++; | |
| 219 | msg_ttl(msg); | |
| 220 | return 1; | |
| 221 | } | |
| 222 | ||
| 223 | /** add rrset to additional section */ | |
| 224 | static int | |
| 225 | msg_add_rrset_ar(struct auth_zone* z, struct regional* region, | |
| 226 | struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset) | |
| 227 | { | |
| 228 | if(!rrset) | |
| 229 | return 1; | |
| 230 | if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type, | |
| 231 | z->dclass)) | |
| 232 | return 1; | |
| 233 | /* grow array */ | |
| 234 | if(!msg_grow_array(region, msg)) | |
| 235 | return 0; | |
| 236 | /* copy it */ | |
| 237 | if(!(msg->rep->rrsets[msg->rep->rrset_count] = | |
| 238 | auth_packed_rrset_copy_region(z, node, rrset, region, 0))) | |
| 239 | return 0; | |
| 240 | msg->rep->rrset_count++; | |
| 241 | msg->rep->ar_numrrsets++; | |
| 242 | msg_ttl(msg); | |
| 243 | return 1; | |
| 244 | } | |
| 245 | ||
| 246 | struct auth_zones* auth_zones_create(void) | |
| 247 | { | |
| 248 | struct auth_zones* az = (struct auth_zones*)calloc(1, sizeof(*az)); | |
| 249 | if(!az) { | |
| 250 | log_err("out of memory"); | |
| 251 | return NULL; | |
| 252 | } | |
| 253 | rbtree_init(&az->ztree, &auth_zone_cmp); | |
| 254 | lock_rw_init(&az->lock); | |
| 255 | lock_protect(&az->lock, &az->ztree, sizeof(az->ztree)); | |
| 256 | /* also lock protects the rbnode's in struct auth_zone */ | |
| 257 | return az; | |
| 258 | } | |
| 259 | ||
| 260 | int auth_zone_cmp(const void* z1, const void* z2) | |
| 261 | { | |
| 262 | /* first sort on class, so that hierarchy can be maintained within | |
| 263 | * a class */ | |
| 264 | struct auth_zone* a = (struct auth_zone*)z1; | |
| 265 | struct auth_zone* b = (struct auth_zone*)z2; | |
| 266 | int m; | |
| 267 | if(a->dclass != b->dclass) { | |
| 268 | if(a->dclass < b->dclass) | |
| 269 | return -1; | |
| 270 | return 1; | |
| 271 | } | |
| 272 | /* sorted such that higher zones sort before lower zones (their | |
| 273 | * contents) */ | |
| 274 | return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m); | |
| 275 | } | |
| 276 | ||
| 277 | int auth_data_cmp(const void* z1, const void* z2) | |
| 278 | { | |
| 279 | struct auth_data* a = (struct auth_data*)z1; | |
| 280 | struct auth_data* b = (struct auth_data*)z2; | |
| 281 | int m; | |
| 282 | /* canonical sort, because DNSSEC needs that */ | |
| 283 | return dname_canon_lab_cmp(a->name, a->namelabs, b->name, | |
| 284 | b->namelabs, &m); | |
| 285 | } | |
| 286 | ||
| 287 | /** delete auth rrset node */ | |
| 288 | static void | |
| 289 | auth_rrset_delete(struct auth_rrset* rrset) | |
| 290 | { | |
| 291 | if(!rrset) return; | |
| 292 | free(rrset->data); | |
| 293 | free(rrset); | |
| 294 | } | |
| 295 | ||
| 296 | /** delete auth data domain node */ | |
| 297 | static void | |
| 298 | auth_data_delete(struct auth_data* n) | |
| 299 | { | |
| 300 | struct auth_rrset* p, *np; | |
| 301 | if(!n) return; | |
| 302 | p = n->rrsets; | |
| 303 | while(p) { | |
| 304 | np = p->next; | |
| 305 | auth_rrset_delete(p); | |
| 306 | p = np; | |
| 307 | } | |
| 308 | free(n->name); | |
| 309 | free(n); | |
| 310 | } | |
| 311 | ||
| 312 | /** helper traverse to delete zones */ | |
| 313 | static void | |
| 314 | auth_data_del(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 315 | { | |
| 316 | struct auth_data* z = (struct auth_data*)n->key; | |
| 317 | auth_data_delete(z); | |
| 318 | } | |
| 319 | ||
| 320 | /** delete an auth zone structure (tree remove must be done elsewhere) */ | |
| 321 | static void | |
| 322 | auth_zone_delete(struct auth_zone* z) | |
| 323 | { | |
| 324 | if(!z) return; | |
| 325 | lock_rw_destroy(&z->lock); | |
| 326 | traverse_postorder(&z->data, auth_data_del, NULL); | |
| 327 | free(z->name); | |
| 328 | free(z->zonefile); | |
| 329 | free(z); | |
| 330 | } | |
| 331 | ||
| 332 | struct auth_zone* | |
| 333 | auth_zone_create(struct auth_zones* az, uint8_t* nm, size_t nmlen, | |
| 334 | uint16_t dclass) | |
| 335 | { | |
| 336 | struct auth_zone* z = (struct auth_zone*)calloc(1, sizeof(*z)); | |
| 337 | if(!z) { | |
| 338 | return NULL; | |
| 339 | } | |
| 340 | z->node.key = z; | |
| 341 | z->dclass = dclass; | |
| 342 | z->namelen = nmlen; | |
| 343 | z->namelabs = dname_count_labels(nm); | |
| 344 | z->name = memdup(nm, nmlen); | |
| 345 | if(!z->name) { | |
| 346 | free(z); | |
| 347 | return NULL; | |
| 348 | } | |
| 349 | rbtree_init(&z->data, &auth_data_cmp); | |
| 350 | lock_rw_init(&z->lock); | |
| 351 | lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type)); | |
| 352 | lock_rw_wrlock(&z->lock); | |
| 353 | /* z lock protects all, except rbtree itself, which is az->lock */ | |
| 354 | if(!rbtree_insert(&az->ztree, &z->node)) { | |
| 355 | lock_rw_unlock(&z->lock); | |
| 356 | auth_zone_delete(z); | |
| 357 | log_warn("duplicate auth zone"); | |
| 358 | return NULL; | |
| 359 | } | |
| 360 | return z; | |
| 361 | } | |
| 362 | ||
| 363 | struct auth_zone* | |
| 364 | auth_zone_find(struct auth_zones* az, uint8_t* nm, size_t nmlen, | |
| 365 | uint16_t dclass) | |
| 366 | { | |
| 367 | struct auth_zone key; | |
| 368 | key.node.key = &key; | |
| 369 | key.dclass = dclass; | |
| 370 | key.name = nm; | |
| 371 | key.namelen = nmlen; | |
| 372 | key.namelabs = dname_count_labels(nm); | |
| 373 | return (struct auth_zone*)rbtree_search(&az->ztree, &key); | |
| 374 | } | |
| 375 | ||
| 376 | /** find an auth zone or sorted less-or-equal, return true if exact */ | |
| 377 | static int | |
| 378 | auth_zone_find_less_equal(struct auth_zones* az, uint8_t* nm, size_t nmlen, | |
| 379 | uint16_t dclass, struct auth_zone** z) | |
| 380 | { | |
| 381 | struct auth_zone key; | |
| 382 | key.node.key = &key; | |
| 383 | key.dclass = dclass; | |
| 384 | key.name = nm; | |
| 385 | key.namelen = nmlen; | |
| 386 | key.namelabs = dname_count_labels(nm); | |
| 387 | return rbtree_find_less_equal(&az->ztree, &key, (rbnode_type**)z); | |
| 388 | } | |
| 389 | ||
| 390 | /** find the auth zone that is above the given qname */ | |
| 391 | struct auth_zone* | |
| 392 | auth_zones_find_zone(struct auth_zones* az, struct query_info* qinfo) | |
| 393 | { | |
| 394 | uint8_t* nm = qinfo->qname; | |
| 395 | size_t nmlen = qinfo->qname_len; | |
| 396 | struct auth_zone* z; | |
| 397 | if(auth_zone_find_less_equal(az, nm, nmlen, qinfo->qclass, &z)) { | |
| 398 | /* exact match */ | |
| 399 | return z; | |
| 400 | } else { | |
| 401 | /* less-or-nothing */ | |
| 402 | if(!z) return NULL; /* nothing smaller, nothing above it */ | |
| 403 | /* we found smaller name; smaller may be above the qname, | |
| 404 | * but not below it. */ | |
| 405 | nm = dname_get_shared_topdomain(z->name, qinfo->qname); | |
| 406 | dname_count_size_labels(nm, &nmlen); | |
| 407 | } | |
| 408 | /* search up */ | |
| 409 | while(!z && !dname_is_root(nm)) { | |
| 410 | dname_remove_label(&nm, &nmlen); | |
| 411 | z = auth_zone_find(az, nm, nmlen, qinfo->qclass); | |
| 412 | } | |
| 413 | return z; | |
| 414 | } | |
| 415 | ||
| 416 | /** find or create zone with name str. caller must have lock on az. | |
| 417 | * returns a wrlocked zone */ | |
| 418 | static struct auth_zone* | |
| 419 | auth_zones_find_or_add_zone(struct auth_zones* az, char* name) | |
| 420 | { | |
| 421 | uint8_t nm[LDNS_MAX_DOMAINLEN+1]; | |
| 422 | size_t nmlen = sizeof(nm); | |
| 423 | struct auth_zone* z; | |
| 424 | ||
| 425 | if(sldns_str2wire_dname_buf(name, nm, &nmlen) != 0) { | |
| 426 | log_err("cannot parse auth zone name: %s", name); | |
| 427 | return 0; | |
| 428 | } | |
| 429 | z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN); | |
| 430 | if(!z) { | |
| 431 | /* not found, create the zone */ | |
| 432 | z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN); | |
| 433 | } else { | |
| 434 | lock_rw_wrlock(&z->lock); | |
| 435 | } | |
| 436 | return z; | |
| 437 | } | |
| 438 | ||
| 439 | int | |
| 440 | auth_zone_set_zonefile(struct auth_zone* z, char* zonefile) | |
| 441 | { | |
| 442 | if(z->zonefile) free(z->zonefile); | |
| 443 | if(zonefile == NULL) { | |
| 444 | z->zonefile = NULL; | |
| 445 | } else { | |
| 446 | z->zonefile = strdup(zonefile); | |
| 447 | if(!z->zonefile) { | |
| 448 | log_err("malloc failure"); | |
| 449 | return 0; | |
| 450 | } | |
| 451 | } | |
| 452 | return 1; | |
| 453 | } | |
| 454 | ||
| 455 | /** set auth zone fallback. caller must have lock on zone */ | |
| 456 | int | |
| 457 | auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr) | |
| 458 | { | |
| 459 | if(strcmp(fallbackstr, "yes") != 0 && strcmp(fallbackstr, "no") != 0){ | |
| 460 | log_err("auth zone fallback, expected yes or no, got %s", | |
| 461 | fallbackstr); | |
| 462 | return 0; | |
| 463 | } | |
| 464 | z->fallback_enabled = (strcmp(fallbackstr, "yes")==0); | |
| 465 | return 1; | |
| 466 | } | |
| 467 | ||
| 468 | /** create domain with the given name */ | |
| 469 | static struct auth_data* | |
| 470 | az_domain_create(struct auth_zone* z, uint8_t* nm, size_t nmlen) | |
| 471 | { | |
| 472 | struct auth_data* n = (struct auth_data*)malloc(sizeof(*n)); | |
| 473 | if(!n) return NULL; | |
| 474 | memset(n, 0, sizeof(*n)); | |
| 475 | n->node.key = n; | |
| 476 | n->name = memdup(nm, nmlen); | |
| 477 | if(!n->name) { | |
| 478 | free(n); | |
| 479 | return NULL; | |
| 480 | } | |
| 481 | n->namelen = nmlen; | |
| 482 | n->namelabs = dname_count_labels(nm); | |
| 483 | if(!rbtree_insert(&z->data, &n->node)) { | |
| 484 | log_warn("duplicate auth domain name"); | |
| 485 | free(n->name); | |
| 486 | free(n); | |
| 487 | return NULL; | |
| 488 | } | |
| 489 | return n; | |
| 490 | } | |
| 491 | ||
| 492 | /** find domain with exactly the given name */ | |
| 493 | static struct auth_data* | |
| 494 | az_find_name(struct auth_zone* z, uint8_t* nm, size_t nmlen) | |
| 495 | { | |
| 496 | struct auth_zone key; | |
| 497 | key.node.key = &key; | |
| 498 | key.name = nm; | |
| 499 | key.namelen = nmlen; | |
| 500 | key.namelabs = dname_count_labels(nm); | |
| 501 | return (struct auth_data*)rbtree_search(&z->data, &key); | |
| 502 | } | |
| 503 | ||
| 504 | /** Find domain name (or closest match) */ | |
| 505 | static void | |
| 506 | az_find_domain(struct auth_zone* z, struct query_info* qinfo, int* node_exact, | |
| 507 | struct auth_data** node) | |
| 508 | { | |
| 509 | struct auth_zone key; | |
| 510 | key.node.key = &key; | |
| 511 | key.name = qinfo->qname; | |
| 512 | key.namelen = qinfo->qname_len; | |
| 513 | key.namelabs = dname_count_labels(key.name); | |
| 514 | *node_exact = rbtree_find_less_equal(&z->data, &key, | |
| 515 | (rbnode_type**)node); | |
| 516 | } | |
| 517 | ||
| 518 | /** find or create domain with name in zone */ | |
| 519 | static struct auth_data* | |
| 520 | az_domain_find_or_create(struct auth_zone* z, uint8_t* dname, | |
| 521 | size_t dname_len) | |
| 522 | { | |
| 523 | struct auth_data* n = az_find_name(z, dname, dname_len); | |
| 524 | if(!n) { | |
| 525 | n = az_domain_create(z, dname, dname_len); | |
| 526 | } | |
| 527 | return n; | |
| 528 | } | |
| 529 | ||
| 530 | /** find rrset of given type in the domain */ | |
| 531 | static struct auth_rrset* | |
| 532 | az_domain_rrset(struct auth_data* n, uint16_t t) | |
| 533 | { | |
| 534 | struct auth_rrset* rrset; | |
| 535 | if(!n) return NULL; | |
| 536 | rrset = n->rrsets; | |
| 537 | while(rrset) { | |
| 538 | if(rrset->type == t) | |
| 539 | return rrset; | |
| 540 | rrset = rrset->next; | |
| 541 | } | |
| 542 | return NULL; | |
| 543 | } | |
| 544 | ||
| 545 | /** remove rrset of this type from domain */ | |
| 546 | static void | |
| 547 | domain_remove_rrset(struct auth_data* node, uint16_t rr_type) | |
| 548 | { | |
| 549 | struct auth_rrset* rrset, *prev; | |
| 550 | if(!node) return; | |
| 551 | prev = NULL; | |
| 552 | rrset = node->rrsets; | |
| 553 | while(rrset) { | |
| 554 | if(rrset->type == rr_type) { | |
| 555 | /* found it, now delete it */ | |
| 556 | if(prev) prev->next = rrset->next; | |
| 557 | else node->rrsets = rrset->next; | |
| 558 | auth_rrset_delete(rrset); | |
| 559 | return; | |
| 560 | } | |
| 561 | prev = rrset; | |
| 562 | rrset = rrset->next; | |
| 563 | } | |
| 564 | } | |
| 565 | ||
| 566 | /** see if rdata is duplicate */ | |
| 567 | static int | |
| 568 | rdata_duplicate(struct packed_rrset_data* d, uint8_t* rdata, size_t len) | |
| 569 | { | |
| 570 | size_t i; | |
| 571 | for(i=0; i<d->count + d->rrsig_count; i++) { | |
| 572 | if(d->rr_len[i] != len) | |
| 573 | continue; | |
| 574 | if(memcmp(d->rr_data[i], rdata, len) == 0) | |
| 575 | return 1; | |
| 576 | } | |
| 577 | return 0; | |
| 578 | } | |
| 579 | ||
| 580 | /** get rrsig type covered from rdata. | |
| 581 | * @param rdata: rdata in wireformat, starting with 16bit rdlength. | |
| 582 | * @param rdatalen: length of rdata buffer. | |
| 583 | * @return type covered (or 0). | |
| 584 | */ | |
| 585 | static uint16_t | |
| 586 | rrsig_rdata_get_type_covered(uint8_t* rdata, size_t rdatalen) | |
| 587 | { | |
| 588 | if(rdatalen < 4) | |
| 589 | return 0; | |
| 590 | return sldns_read_uint16(rdata+2); | |
| 591 | } | |
| 592 | ||
| 593 | /** add RR to existing RRset. If insert_sig is true, add to rrsigs. | |
| 594 | * This reallocates the packed rrset for a new one */ | |
| 595 | static int | |
| 596 | rrset_add_rr(struct auth_rrset* rrset, uint32_t rr_ttl, uint8_t* rdata, | |
| 597 | size_t rdatalen, int insert_sig) | |
| 598 | { | |
| 599 | struct packed_rrset_data* d, *old = rrset->data; | |
| 600 | size_t total, old_total; | |
| 601 | ||
| 602 | d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) | |
| 603 | + sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t) | |
| 604 | + rdatalen); | |
| 605 | if(!d) { | |
| 606 | log_err("out of memory"); | |
| 607 | return 0; | |
| 608 | } | |
| 609 | /* copy base values */ | |
| 610 | memcpy(d, old, sizeof(struct packed_rrset_data)); | |
| 611 | if(!insert_sig) { | |
| 612 | d->count++; | |
| 613 | } else { | |
| 614 | d->rrsig_count++; | |
| 615 | } | |
| 616 | old_total = old->count + old->rrsig_count; | |
| 617 | total = d->count + d->rrsig_count; | |
| 618 | /* set rr_len, needed for ptr_fixup */ | |
| 619 | d->rr_len = (size_t*)((uint8_t*)d + | |
| 620 | sizeof(struct packed_rrset_data)); | |
| 621 | if(old->count != 0) | |
| 622 | memmove(d->rr_len, old->rr_len, old->count*sizeof(size_t)); | |
| 623 | if(old->rrsig_count != 0) | |
| 624 | memmove(d->rr_len+d->count, old->rr_len+old->count, | |
| 625 | old->rrsig_count*sizeof(size_t)); | |
| 626 | if(!insert_sig) | |
| 627 | d->rr_len[d->count-1] = rdatalen; | |
| 628 | else d->rr_len[total-1] = rdatalen; | |
| 629 | packed_rrset_ptr_fixup(d); | |
| 630 | if(rr_ttl < d->ttl) | |
| 631 | d->ttl = rr_ttl; | |
| 632 | ||
| 633 | /* copy old values into new array */ | |
| 634 | if(old->count != 0) { | |
| 635 | memmove(d->rr_ttl, old->rr_ttl, old->count*sizeof(time_t)); | |
| 636 | /* all the old rr pieces are allocated sequential, so we | |
| 637 | * can copy them in one go */ | |
| 638 | memmove(d->rr_data[0], old->rr_data[0], | |
| 639 | (old->rr_data[old->count-1] - old->rr_data[0]) + | |
| 640 | old->rr_len[old->count-1]); | |
| 641 | } | |
| 642 | if(old->rrsig_count != 0) { | |
| 643 | memmove(d->rr_ttl+d->count, old->rr_ttl+old->count, | |
| 644 | old->rrsig_count*sizeof(time_t)); | |
| 645 | memmove(d->rr_data[d->count], old->rr_data[old->count], | |
| 646 | (old->rr_data[old_total-1] - old->rr_data[old->count]) + | |
| 647 | old->rr_len[old_total-1]); | |
| 648 | } | |
| 649 | ||
| 650 | /* insert new value */ | |
| 651 | if(!insert_sig) { | |
| 652 | d->rr_ttl[d->count-1] = rr_ttl; | |
| 653 | memmove(d->rr_data[d->count-1], rdata, rdatalen); | |
| 654 | } else { | |
| 655 | d->rr_ttl[total-1] = rr_ttl; | |
| 656 | memmove(d->rr_data[total-1], rdata, rdatalen); | |
| 657 | } | |
| 658 | ||
| 659 | rrset->data = d; | |
| 660 | free(old); | |
| 661 | return 1; | |
| 662 | } | |
| 663 | ||
| 664 | /** Create new rrset for node with packed rrset with one RR element */ | |
| 665 | static struct auth_rrset* | |
| 666 | rrset_create(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl, | |
| 667 | uint8_t* rdata, size_t rdatalen) | |
| 668 | { | |
| 669 | struct auth_rrset* rrset = (struct auth_rrset*)calloc(1, | |
| 670 | sizeof(*rrset)); | |
| 671 | struct auth_rrset* p, *prev; | |
| 672 | struct packed_rrset_data* d; | |
| 673 | if(!rrset) { | |
| 674 | log_err("out of memory"); | |
| 675 | return NULL; | |
| 676 | } | |
| 677 | rrset->type = rr_type; | |
| 678 | ||
| 679 | /* the rrset data structure, with one RR */ | |
| 680 | d = (struct packed_rrset_data*)calloc(1, | |
| 681 | sizeof(struct packed_rrset_data) + sizeof(size_t) + | |
| 682 | sizeof(uint8_t*) + sizeof(time_t) + rdatalen); | |
| 683 | if(!d) { | |
| 684 | free(rrset); | |
| 685 | log_err("out of memory"); | |
| 686 | return NULL; | |
| 687 | } | |
| 688 | rrset->data = d; | |
| 689 | d->ttl = rr_ttl; | |
| 690 | d->trust = rrset_trust_prim_noglue; | |
| 691 | d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data)); | |
| 692 | d->rr_data = (uint8_t**)&(d->rr_len[1]); | |
| 693 | d->rr_ttl = (time_t*)&(d->rr_data[1]); | |
| 694 | d->rr_data[0] = (uint8_t*)&(d->rr_ttl[1]); | |
| 695 | ||
| 696 | /* insert the RR */ | |
| 697 | d->rr_len[0] = rdatalen; | |
| 698 | d->rr_ttl[0] = rr_ttl; | |
| 699 | memmove(d->rr_data[0], rdata, rdatalen); | |
| 700 | d->count++; | |
| 701 | ||
| 702 | /* insert rrset into linked list for domain */ | |
| 703 | /* find sorted place to link the rrset into the list */ | |
| 704 | prev = NULL; | |
| 705 | p = node->rrsets; | |
| 706 | while(p && p->type<=rr_type) { | |
| 707 | prev = p; | |
| 708 | p = p->next; | |
| 709 | } | |
| 710 | /* so, prev is smaller, and p is larger than rr_type */ | |
| 711 | rrset->next = p; | |
| 712 | if(prev) prev->next = rrset; | |
| 713 | else node->rrsets = rrset; | |
| 714 | return rrset; | |
| 715 | } | |
| 716 | ||
| 717 | /** count number (and size) of rrsigs that cover a type */ | |
| 718 | static size_t | |
| 719 | rrsig_num_that_cover(struct auth_rrset* rrsig, uint16_t rr_type, size_t* sigsz) | |
| 720 | { | |
| 721 | struct packed_rrset_data* d = rrsig->data; | |
| 722 | size_t i, num = 0; | |
| 723 | *sigsz = 0; | |
| 724 | log_assert(d && rrsig->type == LDNS_RR_TYPE_RRSIG); | |
| 725 | for(i=0; i<d->count+d->rrsig_count; i++) { | |
| 726 | if(rrsig_rdata_get_type_covered(d->rr_data[i], | |
| 727 | d->rr_len[i]) == rr_type) { | |
| 728 | num++; | |
| 729 | (*sigsz) += d->rr_len[i]; | |
| 730 | } | |
| 731 | } | |
| 732 | return num; | |
| 733 | } | |
| 734 | ||
| 735 | /** See if rrsig set has covered sigs for rrset and move them over */ | |
| 736 | static int | |
| 737 | rrset_moveover_rrsigs(struct auth_data* node, uint16_t rr_type, | |
| 738 | struct auth_rrset* rrset, struct auth_rrset* rrsig) | |
| 739 | { | |
| 740 | size_t sigs, sigsz, i, j, total; | |
| 741 | struct packed_rrset_data* sigold = rrsig->data; | |
| 742 | struct packed_rrset_data* old = rrset->data; | |
| 743 | struct packed_rrset_data* d, *sigd; | |
| 744 | ||
| 745 | log_assert(rrset->type == rr_type); | |
| 746 | log_assert(rrsig->type == LDNS_RR_TYPE_RRSIG); | |
| 747 | sigs = rrsig_num_that_cover(rrsig, rr_type, &sigsz); | |
| 748 | if(sigs == 0) { | |
| 749 | /* 0 rrsigs to move over, done */ | |
| 750 | return 1; | |
| 751 | } | |
| 752 | log_info("moveover %d sigs size %d", (int)sigs, (int)sigsz); | |
| 753 | ||
| 754 | /* allocate rrset sigsz larger for extra sigs elements, and | |
| 755 | * allocate rrsig sigsz smaller for less sigs elements. */ | |
| 756 | d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) | |
| 757 | + sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)) | |
| 758 | + sigsz); | |
| 759 | if(!d) { | |
| 760 | log_err("out of memory"); | |
| 761 | return 0; | |
| 762 | } | |
| 763 | /* copy base values */ | |
| 764 | total = old->count + old->rrsig_count; | |
| 765 | memcpy(d, old, sizeof(struct packed_rrset_data)); | |
| 766 | d->rrsig_count += sigs; | |
| 767 | /* setup rr_len */ | |
| 768 | d->rr_len = (size_t*)((uint8_t*)d + | |
| 769 | sizeof(struct packed_rrset_data)); | |
| 770 | if(total != 0) | |
| 771 | memmove(d->rr_len, old->rr_len, total*sizeof(size_t)); | |
| 772 | j = d->count+d->rrsig_count-sigs; | |
| 773 | for(i=0; i<sigold->count+sigold->rrsig_count; i++) { | |
| 774 | if(rrsig_rdata_get_type_covered(sigold->rr_data[i], | |
| 775 | sigold->rr_len[i]) == rr_type) { | |
| 776 | d->rr_len[j] = sigold->rr_len[i]; | |
| 777 | j++; | |
| 778 | } | |
| 779 | } | |
| 780 | packed_rrset_ptr_fixup(d); | |
| 781 | ||
| 782 | /* copy old values into new array */ | |
| 783 | if(total != 0) { | |
| 784 | memmove(d->rr_ttl, old->rr_ttl, total*sizeof(time_t)); | |
| 785 | /* all the old rr pieces are allocated sequential, so we | |
| 786 | * can copy them in one go */ | |
| 787 | memmove(d->rr_data[0], old->rr_data[0], | |
| 788 | (old->rr_data[total-1] - old->rr_data[0]) + | |
| 789 | old->rr_len[total-1]); | |
| 790 | } | |
| 791 | ||
| 792 | /* move over the rrsigs to the larger rrset*/ | |
| 793 | j = d->count+d->rrsig_count-sigs; | |
| 794 | for(i=0; i<sigold->count+sigold->rrsig_count; i++) { | |
| 795 | if(rrsig_rdata_get_type_covered(sigold->rr_data[i], | |
| 796 | sigold->rr_len[i]) == rr_type) { | |
| 797 | /* move this one over to location j */ | |
| 798 | d->rr_ttl[j] = sigold->rr_ttl[i]; | |
| 799 | memmove(d->rr_data[j], sigold->rr_data[i], | |
| 800 | sigold->rr_len[i]); | |
| 801 | if(d->rr_ttl[j] < d->ttl) | |
| 802 | d->ttl = d->rr_ttl[j]; | |
| 803 | j++; | |
| 804 | } | |
| 805 | } | |
| 806 | ||
| 807 | /* put it in and deallocate the old rrset */ | |
| 808 | rrset->data = d; | |
| 809 | free(old); | |
| 810 | ||
| 811 | /* now make rrsig set smaller */ | |
| 812 | if(sigold->count+sigold->rrsig_count == sigs) { | |
| 813 | /* remove all sigs from rrsig, remove it entirely */ | |
| 814 | domain_remove_rrset(node, LDNS_RR_TYPE_RRSIG); | |
| 815 | return 1; | |
| 816 | } | |
| 817 | log_assert(packed_rrset_sizeof(sigold) > sigs*(sizeof(size_t) + | |
| 818 | sizeof(uint8_t*) + sizeof(time_t)) + sigsz); | |
| 819 | sigd = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(sigold) | |
| 820 | - sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)) | |
| 821 | - sigsz); | |
| 822 | if(!sigd) { | |
| 823 | /* no need to free up d, it has already been placed in the | |
| 824 | * node->rrset structure */ | |
| 825 | log_err("out of memory"); | |
| 826 | return 0; | |
| 827 | } | |
| 828 | /* copy base values */ | |
| 829 | memcpy(sigd, sigold, sizeof(struct packed_rrset_data)); | |
| 830 | sigd->rrsig_count -= sigs; | |
| 831 | /* setup rr_len */ | |
| 832 | sigd->rr_len = (size_t*)((uint8_t*)sigd + | |
| 833 | sizeof(struct packed_rrset_data)); | |
| 834 | j = 0; | |
| 835 | for(i=0; i<sigold->count+sigold->rrsig_count; i++) { | |
| 836 | if(rrsig_rdata_get_type_covered(sigold->rr_data[i], | |
| 837 | sigold->rr_len[i]) != rr_type) { | |
| 838 | sigd->rr_len[j] = sigold->rr_len[i]; | |
| 839 | j++; | |
| 840 | } | |
| 841 | } | |
| 842 | packed_rrset_ptr_fixup(sigd); | |
| 843 | ||
| 844 | /* copy old values into new rrsig array */ | |
| 845 | j = 0; | |
| 846 | for(i=0; i<sigold->count+sigold->rrsig_count; i++) { | |
| 847 | if(rrsig_rdata_get_type_covered(sigold->rr_data[i], | |
| 848 | sigold->rr_len[i]) != rr_type) { | |
| 849 | /* move this one over to location j */ | |
| 850 | sigd->rr_ttl[j] = sigold->rr_ttl[i]; | |
| 851 | memmove(sigd->rr_data[j], sigold->rr_data[i], | |
| 852 | sigold->rr_len[i]); | |
| 853 | if(j==0) sigd->ttl = sigd->rr_ttl[j]; | |
| 854 | else { | |
| 855 | if(sigd->rr_ttl[j] < sigd->ttl) | |
| 856 | sigd->ttl = sigd->rr_ttl[j]; | |
| 857 | } | |
| 858 | j++; | |
| 859 | } | |
| 860 | } | |
| 861 | ||
| 862 | /* put it in and deallocate the old rrset */ | |
| 863 | rrsig->data = sigd; | |
| 864 | free(sigold); | |
| 865 | ||
| 866 | return 1; | |
| 867 | } | |
| 868 | ||
| 869 | /** Add rr to node, ignores duplicate RRs, | |
| 870 | * rdata points to buffer with rdatalen octets, starts with 2bytelength. */ | |
| 871 | static int | |
| 872 | az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl, | |
| 873 | uint8_t* rdata, size_t rdatalen) | |
| 874 | { | |
| 875 | struct auth_rrset* rrset; | |
| 876 | /* packed rrsets have their rrsigs along with them, sort them out */ | |
| 877 | if(rr_type == LDNS_RR_TYPE_RRSIG) { | |
| 878 | uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen); | |
| 879 | if((rrset=az_domain_rrset(node, ctype))!= NULL) { | |
| 880 | /* a node of the correct type exists, add the RRSIG | |
| 881 | * to the rrset of the covered data type */ | |
| 882 | if(rdata_duplicate(rrset->data, rdata, rdatalen)) | |
| 883 | return 1; | |
| 884 | if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 1)) | |
| 885 | return 0; | |
| 886 | } else if((rrset=az_domain_rrset(node, rr_type))!= NULL) { | |
| 887 | /* add RRSIG to rrset of type RRSIG */ | |
| 888 | if(rdata_duplicate(rrset->data, rdata, rdatalen)) | |
| 889 | return 1; | |
| 890 | if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0)) | |
| 891 | return 0; | |
| 892 | } else { | |
| 893 | /* create rrset of type RRSIG */ | |
| 894 | if(!rrset_create(node, rr_type, rr_ttl, rdata, | |
| 895 | rdatalen)) | |
| 896 | return 0; | |
| 897 | } | |
| 898 | } else { | |
| 899 | /* normal RR type */ | |
| 900 | if((rrset=az_domain_rrset(node, rr_type))!= NULL) { | |
| 901 | /* add data to existing node with data type */ | |
| 902 | if(rdata_duplicate(rrset->data, rdata, rdatalen)) | |
| 903 | return 1; | |
| 904 | if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0)) | |
| 905 | return 0; | |
| 906 | } else { | |
| 907 | struct auth_rrset* rrsig; | |
| 908 | /* create new node with data type */ | |
| 909 | if(!(rrset=rrset_create(node, rr_type, rr_ttl, rdata, | |
| 910 | rdatalen))) | |
| 911 | return 0; | |
| 912 | ||
| 913 | /* see if node of type RRSIG has signatures that | |
| 914 | * cover the data type, and move them over */ | |
| 915 | /* and then make the RRSIG type smaller */ | |
| 916 | if((rrsig=az_domain_rrset(node, LDNS_RR_TYPE_RRSIG)) | |
| 917 | != NULL) { | |
| 918 | if(!rrset_moveover_rrsigs(node, rr_type, | |
| 919 | rrset, rrsig)) | |
| 920 | return 0; | |
| 921 | } | |
| 922 | } | |
| 923 | } | |
| 924 | return 1; | |
| 925 | } | |
| 926 | ||
| 927 | /** insert RR into zone, ignore duplicates */ | |
| 928 | static int | |
| 929 | az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, | |
| 930 | size_t dname_len) | |
| 931 | { | |
| 932 | struct auth_data* node; | |
| 933 | uint8_t* dname = rr; | |
| 934 | uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len); | |
| 935 | uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len); | |
| 936 | uint32_t rr_ttl = sldns_wirerr_get_ttl(rr, rr_len, dname_len); | |
| 937 | size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len, | |
| 938 | dname_len))+2; | |
| 939 | /* rdata points to rdata prefixed with uint16 rdatalength */ | |
| 940 | uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len); | |
| 941 | ||
| 942 | if(rr_class != z->dclass) { | |
| 943 | log_err("wrong class for RR"); | |
| 944 | return 0; | |
| 945 | } | |
| 946 | if(!(node=az_domain_find_or_create(z, dname, dname_len))) { | |
| 947 | log_err("cannot create domain"); | |
| 948 | return 0; | |
| 949 | } | |
| 950 | if(!az_domain_add_rr(node, rr_type, rr_ttl, rdata, rdatalen)) { | |
| 951 | log_err("cannot add RR to domain"); | |
| 952 | return 0; | |
| 953 | } | |
| 954 | return 1; | |
| 955 | } | |
| 956 | ||
| 957 | /** | |
| 958 | * Parse zonefile | |
| 959 | * @param z: zone to read in. | |
| 960 | * @param in: file to read from (just opened). | |
| 961 | * @param rr: buffer to use for RRs, 64k. | |
| 962 | * passed so that recursive includes can use the same buffer and do | |
| 963 | * not grow the stack too much. | |
| 964 | * @param rrbuflen: sizeof rr buffer. | |
| 965 | * @param state: parse state with $ORIGIN, $TTL and 'prev-dname' and so on, | |
| 966 | * that is kept between includes. | |
| 967 | * The lineno is set at 1 and then increased by the function. | |
| 968 | * returns false on failure, has printed an error message | |
| 969 | */ | |
| 970 | static int | |
| 971 | az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen, | |
| 972 | struct sldns_file_parse_state* state) | |
| 973 | { | |
| 974 | size_t rr_len, dname_len; | |
| 975 | int status; | |
| 976 | state->lineno = 1; | |
| 977 | ||
| 978 | while(!feof(in)) { | |
| 979 | rr_len = rrbuflen; | |
| 980 | dname_len = 0; | |
| 981 | status = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len, | |
| 982 | state); | |
| 983 | if(status == LDNS_WIREPARSE_ERR_INCLUDE && rr_len == 0) { | |
| 984 | /* we have $INCLUDE or $something */ | |
| 985 | if(strncmp((char*)rr, "$INCLUDE ", 9) == 0 || | |
| 986 | strncmp((char*)rr, "$INCLUDE\t", 9) == 0) { | |
| 987 | FILE* inc; | |
| 988 | int lineno_orig = state->lineno; | |
| 989 | char* incfile = (char*)rr + 8; | |
| 990 | /* skip spaces */ | |
| 991 | while(*incfile == ' ' || *incfile == '\t') | |
| 992 | incfile++; | |
| 993 | verbose(VERB_ALGO, "opening $INCLUDE %s", | |
| 994 | incfile); | |
| 995 | inc = fopen(incfile, "r"); | |
| 996 | if(!inc) { | |
| 997 | log_err("%s:%d cannot open include " | |
| 998 | "file %s: %s", z->zonefile, | |
| 999 | lineno_orig, incfile, | |
| 1000 | strerror(errno)); | |
| 1001 | return 0; | |
| 1002 | } | |
| 1003 | /* recurse read that file now */ | |
| 1004 | if(!az_parse_file(z, inc, rr, rrbuflen, | |
| 1005 | state)) { | |
| 1006 | log_err("%s:%d cannot parse include " | |
| 1007 | "file %s", z->zonefile, | |
| 1008 | lineno_orig, incfile); | |
| 1009 | fclose(inc); | |
| 1010 | return 0; | |
| 1011 | } | |
| 1012 | fclose(inc); | |
| 1013 | verbose(VERB_ALGO, "done with $INCLUDE %s", | |
| 1014 | incfile); | |
| 1015 | state->lineno = lineno_orig; | |
| 1016 | } | |
| 1017 | continue; | |
| 1018 | } | |
| 1019 | if(status != 0) { | |
| 1020 | log_err("parse error %s %d:%d: %s", z->zonefile, | |
| 1021 | state->lineno, LDNS_WIREPARSE_OFFSET(status), | |
| 1022 | sldns_get_errorstr_parse(status)); | |
| 1023 | return 0; | |
| 1024 | } | |
| 1025 | if(rr_len == 0) { | |
| 1026 | /* EMPTY line, TTL or ORIGIN */ | |
| 1027 | continue; | |
| 1028 | } | |
| 1029 | /* insert wirerr in rrbuf */ | |
| 1030 | if(!az_insert_rr(z, rr, rr_len, dname_len)) { | |
| 1031 | char buf[17]; | |
| 1032 | sldns_wire2str_type_buf(sldns_wirerr_get_type(rr, | |
| 1033 | rr_len, dname_len), buf, sizeof(buf)); | |
| 1034 | log_err("%s:%d cannot insert RR of type %s", | |
| 1035 | z->zonefile, state->lineno, buf); | |
| 1036 | return 0; | |
| 1037 | } | |
| 1038 | } | |
| 1039 | return 1; | |
| 1040 | } | |
| 1041 | ||
| 1042 | int | |
| 1043 | auth_zone_read_zonefile(struct auth_zone* z) | |
| 1044 | { | |
| 1045 | uint8_t rr[LDNS_RR_BUF_SIZE]; | |
| 1046 | struct sldns_file_parse_state state; | |
| 1047 | FILE* in; | |
| 1048 | if(!z || !z->zonefile || z->zonefile[0]==0) | |
| 1049 | return 1; /* no file, or "", nothing to read */ | |
| 1050 | verbose(VERB_ALGO, "read zonefile %s", z->zonefile); | |
| 1051 | in = fopen(z->zonefile, "r"); | |
| 1052 | if(!in) { | |
| 1053 | char* n = sldns_wire2str_dname(z->name, z->namelen); | |
| 1054 | log_err("cannot open zonefile %s for %s: %s", | |
| 1055 | z->zonefile, n?n:"error", strerror(errno)); | |
| 1056 | free(n); | |
| 1057 | return 0; | |
| 1058 | } | |
| 1059 | memset(&state, 0, sizeof(state)); | |
| 1060 | /* default TTL to 3600 */ | |
| 1061 | state.default_ttl = 3600; | |
| 1062 | /* set $ORIGIN to the zone name */ | |
| 1063 | if(z->namelen <= sizeof(state.origin)) { | |
| 1064 | memcpy(state.origin, z->name, z->namelen); | |
| 1065 | state.origin_len = z->namelen; | |
| 1066 | } | |
| 1067 | /* parse the (toplevel) file */ | |
| 1068 | if(!az_parse_file(z, in, rr, sizeof(rr), &state)) { | |
| 1069 | char* n = sldns_wire2str_dname(z->name, z->namelen); | |
| 1070 | log_err("error parsing zonefile %s for %s", | |
| 1071 | z->zonefile, n?n:"error"); | |
| 1072 | free(n); | |
| 1073 | fclose(in); | |
| 1074 | return 0; | |
| 1075 | } | |
| 1076 | fclose(in); | |
| 1077 | return 1; | |
| 1078 | } | |
| 1079 | ||
| 1080 | /** write buffer to file and check return codes */ | |
| 1081 | static int | |
| 1082 | write_out(FILE* out, const char* str) | |
| 1083 | { | |
| 1084 | size_t r, len = strlen(str); | |
| 1085 | if(len == 0) | |
| 1086 | return 1; | |
| 1087 | r = fwrite(str, 1, len, out); | |
| 1088 | if(r == 0) { | |
| 1089 | log_err("write failed: %s", strerror(errno)); | |
| 1090 | return 0; | |
| 1091 | } else if(r < len) { | |
| 1092 | log_err("write failed: too short (disk full?)"); | |
| 1093 | return 0; | |
| 1094 | } | |
| 1095 | return 1; | |
| 1096 | } | |
| 1097 | ||
| 1098 | /** write rrset to file */ | |
| 1099 | static int | |
| 1100 | auth_zone_write_rrset(struct auth_zone* z, struct auth_data* node, | |
| 1101 | struct auth_rrset* r, FILE* out) | |
| 1102 | { | |
| 1103 | size_t i, count = r->data->count + r->data->rrsig_count; | |
| 1104 | char buf[LDNS_RR_BUF_SIZE]; | |
| 1105 | for(i=0; i<count; i++) { | |
| 1106 | struct ub_packed_rrset_key key; | |
| 1107 | memset(&key, 0, sizeof(key)); | |
| 1108 | key.entry.key = &key; | |
| 1109 | key.entry.data = r->data; | |
| 1110 | key.rk.dname = node->name; | |
| 1111 | key.rk.dname_len = node->namelen; | |
| 1112 | key.rk.type = htons(r->type); | |
| 1113 | key.rk.rrset_class = htons(z->dclass); | |
| 1114 | if(!packed_rr_to_string(&key, i, 0, buf, sizeof(buf))) { | |
| 1115 | verbose(VERB_ALGO, "failed to rr2str rr %d", (int)i); | |
| 1116 | continue; | |
| 1117 | } | |
| 1118 | if(!write_out(out, buf)) | |
| 1119 | return 0; | |
| 1120 | } | |
| 1121 | return 1; | |
| 1122 | } | |
| 1123 | ||
| 1124 | /** write domain to file */ | |
| 1125 | static int | |
| 1126 | auth_zone_write_domain(struct auth_zone* z, struct auth_data* n, FILE* out) | |
| 1127 | { | |
| 1128 | struct auth_rrset* r; | |
| 1129 | /* if this is zone apex, write SOA first */ | |
| 1130 | if(z->namelen == n->namelen) { | |
| 1131 | struct auth_rrset* soa = az_domain_rrset(n, LDNS_RR_TYPE_SOA); | |
| 1132 | if(soa) { | |
| 1133 | if(!auth_zone_write_rrset(z, n, soa, out)) | |
| 1134 | return 0; | |
| 1135 | } | |
| 1136 | } | |
| 1137 | /* write all the RRsets for this domain */ | |
| 1138 | for(r = n->rrsets; r; r = r->next) { | |
| 1139 | if(z->namelen == n->namelen && | |
| 1140 | r->type == LDNS_RR_TYPE_SOA) | |
| 1141 | continue; /* skip SOA here */ | |
| 1142 | if(!auth_zone_write_rrset(z, n, r, out)) | |
| 1143 | return 0; | |
| 1144 | } | |
| 1145 | return 1; | |
| 1146 | } | |
| 1147 | ||
| 1148 | int auth_zone_write_file(struct auth_zone* z, const char* fname) | |
| 1149 | { | |
| 1150 | FILE* out; | |
| 1151 | struct auth_data* n; | |
| 1152 | out = fopen(fname, "w"); | |
| 1153 | if(!out) { | |
| 1154 | log_err("could not open %s: %s", fname, strerror(errno)); | |
| 1155 | return 0; | |
| 1156 | } | |
| 1157 | RBTREE_FOR(n, struct auth_data*, &z->data) { | |
| 1158 | if(!auth_zone_write_domain(z, n, out)) { | |
| 1159 | log_err("could not write domain to %s", fname); | |
| 1160 | fclose(out); | |
| 1161 | return 0; | |
| 1162 | } | |
| 1163 | } | |
| 1164 | fclose(out); | |
| 1165 | return 1; | |
| 1166 | } | |
| 1167 | ||
| 1168 | /** read all auth zones from file (if they have) */ | |
| 1169 | static int | |
| 1170 | auth_zones_read_zones(struct auth_zones* az) | |
| 1171 | { | |
| 1172 | struct auth_zone* z; | |
| 1173 | lock_rw_wrlock(&az->lock); | |
| 1174 | RBTREE_FOR(z, struct auth_zone*, &az->ztree) { | |
| 1175 | lock_rw_wrlock(&z->lock); | |
| 1176 | if(!auth_zone_read_zonefile(z)) { | |
| 1177 | lock_rw_unlock(&z->lock); | |
| 1178 | lock_rw_unlock(&az->lock); | |
| 1179 | return 0; | |
| 1180 | } | |
| 1181 | lock_rw_unlock(&z->lock); | |
| 1182 | } | |
| 1183 | lock_rw_unlock(&az->lock); | |
| 1184 | return 1; | |
| 1185 | } | |
| 1186 | ||
| 1187 | /** set str2list with (zonename, zonefile) config items and create zones */ | |
| 1188 | static int | |
| 1189 | auth_zones_cfg_zonefile(struct auth_zones* az, struct config_str2list* zlist) | |
| 1190 | { | |
| 1191 | struct auth_zone* z; | |
| 1192 | while(zlist) { | |
| 1193 | lock_rw_wrlock(&az->lock); | |
| 1194 | if(!(z=auth_zones_find_or_add_zone(az, zlist->str))) { | |
| 1195 | lock_rw_unlock(&az->lock); | |
| 1196 | return 0; | |
| 1197 | } | |
| 1198 | lock_rw_unlock(&az->lock); | |
| 1199 | if(!auth_zone_set_zonefile(z, zlist->str2)) { | |
| 1200 | lock_rw_unlock(&z->lock); | |
| 1201 | return 0; | |
| 1202 | } | |
| 1203 | lock_rw_unlock(&z->lock); | |
| 1204 | zlist = zlist->next; | |
| 1205 | } | |
| 1206 | return 1; | |
| 1207 | } | |
| 1208 | ||
| 1209 | /** set str2list with (zonename, fallback) config items and create zones */ | |
| 1210 | static int | |
| 1211 | auth_zones_cfg_fallback(struct auth_zones* az, struct config_str2list* zlist) | |
| 1212 | { | |
| 1213 | struct auth_zone* z; | |
| 1214 | while(zlist) { | |
| 1215 | lock_rw_wrlock(&az->lock); | |
| 1216 | if(!(z=auth_zones_find_or_add_zone(az, zlist->str))) { | |
| 1217 | lock_rw_unlock(&az->lock); | |
| 1218 | return 0; | |
| 1219 | } | |
| 1220 | lock_rw_unlock(&az->lock); | |
| 1221 | if(!auth_zone_set_fallback(z, zlist->str2)) { | |
| 1222 | lock_rw_unlock(&z->lock); | |
| 1223 | return 0; | |
| 1224 | } | |
| 1225 | lock_rw_unlock(&z->lock); | |
| 1226 | zlist = zlist->next; | |
| 1227 | } | |
| 1228 | return 1; | |
| 1229 | } | |
| 1230 | ||
| 1231 | int auth_zones_apply_config(struct auth_zones* az, struct config_file* cfg) | |
| 1232 | { | |
| 1233 | (void)cfg; | |
| 1234 | /* TODO cfg str2lists */ | |
| 1235 | /* create config items for | |
| 1236 | * auth-zone: name: "example.com" | |
| 1237 | * zonefile: "zones/example.com" | |
| 1238 | * fallback: yes | |
| 1239 | */ | |
| 1240 | if(!auth_zones_cfg_zonefile(az, NULL /*cfg->auth_zones*/)) | |
| 1241 | return 0; | |
| 1242 | if(!auth_zones_cfg_fallback(az, NULL /*cfg->auth_zones*/)) | |
| 1243 | return 0; | |
| 1244 | if(!auth_zones_read_zones(az)) | |
| 1245 | return 0; | |
| 1246 | return 1; | |
| 1247 | } | |
| 1248 | ||
| 1249 | /** helper traverse to delete zones */ | |
| 1250 | static void | |
| 1251 | auth_zone_del(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 1252 | { | |
| 1253 | struct auth_zone* z = (struct auth_zone*)n->key; | |
| 1254 | auth_zone_delete(z); | |
| 1255 | } | |
| 1256 | ||
| 1257 | void auth_zones_delete(struct auth_zones* az) | |
| 1258 | { | |
| 1259 | if(!az) return; | |
| 1260 | lock_rw_destroy(&az->lock); | |
| 1261 | traverse_postorder(&az->ztree, auth_zone_del, NULL); | |
| 1262 | free(az); | |
| 1263 | } | |
| 1264 | ||
| 1265 | /** true if domain has only nsec3 */ | |
| 1266 | static int | |
| 1267 | domain_has_only_nsec3(struct auth_data* n) | |
| 1268 | { | |
| 1269 | struct auth_rrset* rrset = n->rrsets; | |
| 1270 | int nsec3_seen = 0; | |
| 1271 | while(rrset) { | |
| 1272 | if(rrset->type == LDNS_RR_TYPE_NSEC3) { | |
| 1273 | nsec3_seen = 1; | |
| 1274 | } else if(rrset->type != LDNS_RR_TYPE_RRSIG) { | |
| 1275 | return 0; | |
| 1276 | } | |
| 1277 | rrset = rrset->next; | |
| 1278 | } | |
| 1279 | return nsec3_seen; | |
| 1280 | } | |
| 1281 | ||
| 1282 | /** see if the domain has a wildcard child '*.domain' */ | |
| 1283 | static struct auth_data* | |
| 1284 | az_find_wildcard_domain(struct auth_zone* z, uint8_t* nm, size_t nmlen) | |
| 1285 | { | |
| 1286 | uint8_t wc[LDNS_MAX_DOMAINLEN]; | |
| 1287 | if(nmlen+2 > sizeof(wc)) | |
| 1288 | return NULL; /* result would be too long */ | |
| 1289 | wc[0] = 1; /* length of wildcard label */ | |
| 1290 | wc[1] = (uint8_t)'*'; /* wildcard label */ | |
| 1291 | memmove(wc+2, nm, nmlen); | |
| 1292 | return az_find_name(z, wc, nmlen+2); | |
| 1293 | } | |
| 1294 | ||
| 1295 | /** find wildcard between qname and cename */ | |
| 1296 | static struct auth_data* | |
| 1297 | az_find_wildcard(struct auth_zone* z, struct query_info* qinfo, | |
| 1298 | struct auth_data* ce) | |
| 1299 | { | |
| 1300 | uint8_t* nm = qinfo->qname; | |
| 1301 | size_t nmlen = qinfo->qname_len; | |
| 1302 | struct auth_data* node; | |
| 1303 | if(!dname_subdomain_c(nm, z->name)) | |
| 1304 | return NULL; /* out of zone */ | |
| 1305 | while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) { | |
| 1306 | /* see if we can go up to find the wildcard */ | |
| 1307 | if(nmlen == z->namelen) | |
| 1308 | return NULL; /* top of zone reached */ | |
| 1309 | if(ce && nmlen == ce->namelen) | |
| 1310 | return NULL; /* ce reached */ | |
| 1311 | if(dname_is_root(nm)) | |
| 1312 | return NULL; /* cannot go up */ | |
| 1313 | dname_remove_label(&nm, &nmlen); | |
| 1314 | } | |
| 1315 | return node; | |
| 1316 | } | |
| 1317 | ||
| 1318 | /** domain is not exact, find first candidate ce (name that matches | |
| 1319 | * a part of qname) in tree */ | |
| 1320 | static struct auth_data* | |
| 1321 | az_find_candidate_ce(struct auth_zone* z, struct query_info* qinfo, | |
| 1322 | struct auth_data* n) | |
| 1323 | { | |
| 1324 | uint8_t* nm; | |
| 1325 | size_t nmlen; | |
| 1326 | if(n) { | |
| 1327 | nm = dname_get_shared_topdomain(qinfo->qname, n->name); | |
| 1328 | } else { | |
| 1329 | nm = qinfo->qname; | |
| 1330 | } | |
| 1331 | dname_count_size_labels(nm, &nmlen); | |
| 1332 | n = az_find_name(z, nm, nmlen); | |
| 1333 | /* delete labels and go up on name */ | |
| 1334 | while(!n) { | |
| 1335 | if(dname_is_root(nm)) | |
| 1336 | return NULL; /* cannot go up */ | |
| 1337 | dname_remove_label(&nm, &nmlen); | |
| 1338 | n = az_find_name(z, nm, nmlen); | |
| 1339 | } | |
| 1340 | return n; | |
| 1341 | } | |
| 1342 | ||
| 1343 | /** go up the auth tree to next existing name. */ | |
| 1344 | static struct auth_data* | |
| 1345 | az_domain_go_up(struct auth_zone* z, struct auth_data* n) | |
| 1346 | { | |
| 1347 | uint8_t* nm = n->name; | |
| 1348 | size_t nmlen = n->namelen; | |
| 1349 | while(!dname_is_root(nm)) { | |
| 1350 | dname_remove_label(&nm, &nmlen); | |
| 1351 | if((n=az_find_name(z, nm, nmlen)) != NULL) | |
| 1352 | return n; | |
| 1353 | } | |
| 1354 | return NULL; | |
| 1355 | } | |
| 1356 | ||
| 1357 | /** Find the closest encloser, an name that exists and is above the | |
| 1358 | * qname. | |
| 1359 | * return true if the node (param node) is existing, nonobscured and | |
| 1360 | * can be used to generate answers from. It is then also node_exact. | |
| 1361 | * returns false if the node is not good enough (or it wasn't node_exact) | |
| 1362 | * in this case the ce can be filled. | |
| 1363 | * if ce is NULL, no ce exists, and likely the zone is completely empty, | |
| 1364 | * not even with a zone apex. | |
| 1365 | * if ce is nonNULL it is the closest enclosing upper name (that exists | |
| 1366 | * itself for answer purposes). That name may have DNAME, NS or wildcard | |
| 1367 | * rrset is the closest DNAME or NS rrset that was found. | |
| 1368 | */ | |
| 1369 | static int | |
| 1370 | az_find_ce(struct auth_zone* z, struct query_info* qinfo, | |
| 1371 | struct auth_data* node, int node_exact, struct auth_data** ce, | |
| 1372 | struct auth_rrset** rrset) | |
| 1373 | { | |
| 1374 | struct auth_data* n = node; | |
| 1375 | *ce = NULL; | |
| 1376 | *rrset = NULL; | |
| 1377 | if(!node_exact) { | |
| 1378 | /* if not exact, lookup closest exact match */ | |
| 1379 | n = az_find_candidate_ce(z, qinfo, n); | |
| 1380 | } else { | |
| 1381 | /* if exact, the node itself is the first candidate ce */ | |
| 1382 | *ce = n; | |
| 1383 | } | |
| 1384 | ||
| 1385 | /* no direct answer from nsec3-only domains */ | |
| 1386 | if(n && domain_has_only_nsec3(n)) { | |
| 1387 | node_exact = 0; | |
| 1388 | *ce = NULL; | |
| 1389 | } | |
| 1390 | ||
| 1391 | /* with exact matches, walk up the labels until we find the | |
| 1392 | * delegation, or DNAME or zone end */ | |
| 1393 | while(n) { | |
| 1394 | /* see if the current candidate has issues */ | |
| 1395 | /* not zone apex and has type NS */ | |
| 1396 | if(n->namelen != z->namelen && | |
| 1397 | (*rrset=az_domain_rrset(n, LDNS_RR_TYPE_NS)) && | |
| 1398 | /* delegate here, but DS at exact the dp has notype */ | |
| 1399 | (qinfo->qtype != LDNS_RR_TYPE_DS || | |
| 1400 | n->namelen != qinfo->qname_len)) { | |
| 1401 | /* referral */ | |
| 1402 | /* this is ce and the lowernode is nonexisting */ | |
| 1403 | *ce = n; | |
| 1404 | return 0; | |
| 1405 | } | |
| 1406 | /* not equal to qname and has type DNAME */ | |
| 1407 | if(n->namelen != qinfo->qname_len && | |
| 1408 | (*rrset=az_domain_rrset(n, LDNS_RR_TYPE_DNAME))) { | |
| 1409 | /* this is ce and the lowernode is nonexisting */ | |
| 1410 | *ce = n; | |
| 1411 | return 0; | |
| 1412 | } | |
| 1413 | ||
| 1414 | if(*ce == NULL && !domain_has_only_nsec3(n)) { | |
| 1415 | /* if not found yet, this exact name must be | |
| 1416 | * our lowest match (but not nsec3onlydomain) */ | |
| 1417 | *ce = n; | |
| 1418 | } | |
| 1419 | ||
| 1420 | /* walk up the tree by removing labels from name and lookup */ | |
| 1421 | n = az_domain_go_up(z, n); | |
| 1422 | } | |
| 1423 | /* found no problems, if it was an exact node, it is fine to use */ | |
| 1424 | return node_exact; | |
| 1425 | } | |
| 1426 | ||
| 1427 | /** add additional A/AAAA from domain names in rrset rdata (+offset) | |
| 1428 | * offset is number of bytes in rdata where the dname is located. */ | |
| 1429 | static int | |
| 1430 | az_add_additionals_from(struct auth_zone* z, struct regional* region, | |
| 1431 | struct dns_msg* msg, struct auth_rrset* rrset, size_t offset) | |
| 1432 | { | |
| 1433 | struct packed_rrset_data* d = rrset->data; | |
| 1434 | size_t i; | |
| 1435 | if(!d) return 0; | |
| 1436 | for(i=0; i<d->count; i++) { | |
| 1437 | size_t dlen; | |
| 1438 | struct auth_data* domain; | |
| 1439 | struct auth_rrset* ref; | |
| 1440 | if(d->rr_len[i] < 2+offset) | |
| 1441 | continue; /* too short */ | |
| 1442 | if(!(dlen = dname_valid(d->rr_data[i]+2+offset, | |
| 1443 | d->rr_len[i]-2-offset))) | |
| 1444 | continue; /* malformed */ | |
| 1445 | domain = az_find_name(z, d->rr_data[i]+2+offset, dlen); | |
| 1446 | if(!domain) | |
| 1447 | continue; | |
| 1448 | if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_A)) != NULL) { | |
| 1449 | if(!msg_add_rrset_ar(z, region, msg, domain, ref)) | |
| 1450 | return 0; | |
| 1451 | } | |
| 1452 | if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_AAAA)) != NULL) { | |
| 1453 | if(!msg_add_rrset_ar(z, region, msg, domain, ref)) | |
| 1454 | return 0; | |
| 1455 | } | |
| 1456 | } | |
| 1457 | return 1; | |
| 1458 | } | |
| 1459 | ||
| 1460 | /** add negative SOA record (with negative TTL) */ | |
| 1461 | static int | |
| 1462 | az_add_negative_soa(struct auth_zone* z, struct regional* region, | |
| 1463 | struct dns_msg* msg) | |
| 1464 | { | |
| 1465 | uint32_t minimum; | |
| 1466 | struct packed_rrset_data* d; | |
| 1467 | struct auth_rrset* soa; | |
| 1468 | struct auth_data* apex = az_find_name(z, z->name, z->namelen); | |
| 1469 | if(!apex) return 0; | |
| 1470 | soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); | |
| 1471 | if(!soa) return 0; | |
| 1472 | /* must be first to put in message; we want to fix the TTL with | |
| 1473 | * one RRset here, otherwise we'd need to loop over the RRs to get | |
| 1474 | * the resulting lower TTL */ | |
| 1475 | log_assert(msg->rep->rrset_count == 0); | |
| 1476 | if(!msg_add_rrset_ns(z, region, msg, apex, soa)) return 0; | |
| 1477 | /* fixup TTL */ | |
| 1478 | d = (struct packed_rrset_data*)msg->rep->rrsets[msg->rep->rrset_count-1]->entry.data; | |
| 1479 | /* last 4 bytes are minimum ttl in network format */ | |
| 1480 | if(d->count == 0) return 0; | |
| 1481 | if(d->rr_len[0] < 2+4) return 0; | |
| 1482 | minimum = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4)); | |
| 1483 | d->ttl = (time_t)minimum; | |
| 1484 | d->rr_ttl[0] = (time_t)minimum; | |
| 1485 | msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]); | |
| 1486 | msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); | |
| 1487 | return 1; | |
| 1488 | } | |
| 1489 | ||
| 1490 | /** See if the query goes to empty nonterminal (that has no auth_data, | |
| 1491 | * but there are nodes underneath. We already checked that there are | |
| 1492 | * not NS, or DNAME above, so that we only need to check if some node | |
| 1493 | * exists below (with nonempty rr list), return true if emptynonterminal */ | |
| 1494 | static int | |
| 1495 | az_empty_nonterminal(struct auth_zone* z, struct query_info* qinfo, | |
| 1496 | struct auth_data* node) | |
| 1497 | { | |
| 1498 | struct auth_data* next; | |
| 1499 | if(!node) { | |
| 1500 | /* no smaller was found, use first (smallest) node as the | |
| 1501 | * next one */ | |
| 1502 | next = (struct auth_data*)rbtree_first(&z->data); | |
| 1503 | } else { | |
| 1504 | next = (struct auth_data*)rbtree_next(&node->node); | |
| 1505 | } | |
| 1506 | while(next && (rbnode_type*)next != RBTREE_NULL && next->rrsets == NULL) { | |
| 1507 | /* the next name has empty rrsets, is an empty nonterminal | |
| 1508 | * itself, see if there exists something below it */ | |
| 1509 | next = (struct auth_data*)rbtree_next(&node->node); | |
| 1510 | } | |
| 1511 | if((rbnode_type*)next == RBTREE_NULL || !next) { | |
| 1512 | /* there is no next node, so something below it cannot | |
| 1513 | * exist */ | |
| 1514 | return 0; | |
| 1515 | } | |
| 1516 | /* a next node exists, if there was something below the query, | |
| 1517 | * this node has to be it. See if it is below the query name */ | |
| 1518 | if(dname_strict_subdomain_c(next->name, qinfo->qname)) | |
| 1519 | return 1; | |
| 1520 | return 0; | |
| 1521 | } | |
| 1522 | ||
| 1523 | /** create synth cname target name in buffer, or fail if too long */ | |
| 1524 | static size_t | |
| 1525 | synth_cname_buf(uint8_t* qname, size_t qname_len, size_t dname_len, | |
| 1526 | uint8_t* dtarg, size_t dtarglen, uint8_t* buf, size_t buflen) | |
| 1527 | { | |
| 1528 | size_t newlen = qname_len + dtarglen - dname_len; | |
| 1529 | if(newlen > buflen) { | |
| 1530 | /* YXDOMAIN error */ | |
| 1531 | return 0; | |
| 1532 | } | |
| 1533 | /* new name is concatenation of qname front (without DNAME owner) | |
| 1534 | * and DNAME target name */ | |
| 1535 | memcpy(buf, qname, qname_len-dname_len); | |
| 1536 | memmove(buf+(qname_len-dname_len), dtarg, dtarglen); | |
| 1537 | return newlen; | |
| 1538 | } | |
| 1539 | ||
| 1540 | /** create synthetic CNAME rrset for in a DNAME answer in region, | |
| 1541 | * false on alloc failure, cname==NULL when name too long. */ | |
| 1542 | static int | |
| 1543 | create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region, | |
| 1544 | struct auth_data* node, struct auth_rrset* dname, uint16_t dclass, | |
| 1545 | struct ub_packed_rrset_key** cname) | |
| 1546 | { | |
| 1547 | uint8_t buf[LDNS_MAX_DOMAINLEN]; | |
| 1548 | uint8_t* dtarg; | |
| 1549 | size_t dtarglen, newlen; | |
| 1550 | struct packed_rrset_data* d; | |
| 1551 | ||
| 1552 | /* get DNAME target name */ | |
| 1553 | if(dname->data->count < 1) return 0; | |
| 1554 | if(dname->data->rr_len[0] < 3) return 0; /* at least rdatalen +1 */ | |
| 1555 | dtarg = dname->data->rr_data[0]+2; | |
| 1556 | dtarglen = dname->data->rr_len[0]-2; | |
| 1557 | if(sldns_read_uint16(dname->data->rr_data[0]) != dtarglen) | |
| 1558 | return 0; /* rdatalen in DNAME rdata is malformed */ | |
| 1559 | if(dname_valid(dtarg, dtarglen) != dtarglen) | |
| 1560 | return 0; /* DNAME RR has malformed rdata */ | |
| 1561 | ||
| 1562 | /* synthesize a CNAME */ | |
| 1563 | newlen = synth_cname_buf(qname, qname_len, node->namelen, | |
| 1564 | dtarg, dtarglen, buf, sizeof(buf)); | |
| 1565 | if(newlen == 0) { | |
| 1566 | /* YXDOMAIN error */ | |
| 1567 | *cname = NULL; | |
| 1568 | return 1; | |
| 1569 | } | |
| 1570 | *cname = (struct ub_packed_rrset_key*)regional_alloc(region, | |
| 1571 | sizeof(struct ub_packed_rrset_key)); | |
| 1572 | if(!*cname) | |
| 1573 | return 0; /* out of memory */ | |
| 1574 | memset(&(*cname)->entry, 0, sizeof((*cname)->entry)); | |
| 1575 | (*cname)->entry.key = (*cname); | |
| 1576 | (*cname)->rk.type = htons(LDNS_RR_TYPE_CNAME); | |
| 1577 | (*cname)->rk.rrset_class = htons(dclass); | |
| 1578 | (*cname)->rk.flags = 0; | |
| 1579 | (*cname)->rk.dname = regional_alloc_init(region, qname, qname_len); | |
| 1580 | if(!(*cname)->rk.dname) | |
| 1581 | return 0; /* out of memory */ | |
| 1582 | (*cname)->rk.dname_len = qname_len; | |
| 1583 | (*cname)->entry.hash = rrset_key_hash(&(*cname)->rk); | |
| 1584 | d = (struct packed_rrset_data*)regional_alloc_zero(region, | |
| 1585 | sizeof(struct packed_rrset_data) + sizeof(size_t) + | |
| 1586 | sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t) | |
| 1587 | + newlen); | |
| 1588 | if(!d) | |
| 1589 | return 0; /* out of memory */ | |
| 1590 | (*cname)->entry.data = d; | |
| 1591 | d->ttl = 0; /* 0 for synthesized CNAME TTL */ | |
| 1592 | d->count = 1; | |
| 1593 | d->rrsig_count = 0; | |
| 1594 | d->trust = rrset_trust_ans_noAA; | |
| 1595 | d->rr_len = (size_t*)((uint8_t*)d + | |
| 1596 | sizeof(struct packed_rrset_data)); | |
| 1597 | d->rr_len[0] = newlen + sizeof(uint16_t); | |
| 1598 | packed_rrset_ptr_fixup(d); | |
| 1599 | d->rr_ttl[0] = d->ttl; | |
| 1600 | sldns_write_uint16(d->rr_data[0], newlen); | |
| 1601 | memmove(d->rr_data[0] + sizeof(uint16_t), buf, newlen); | |
| 1602 | return 1; | |
| 1603 | } | |
| 1604 | ||
| 1605 | /** add a synthesized CNAME to the answer section */ | |
| 1606 | static int | |
| 1607 | add_synth_cname(struct auth_zone* z, uint8_t* qname, size_t qname_len, | |
| 1608 | struct regional* region, struct dns_msg* msg, struct auth_data* dname, | |
| 1609 | struct auth_rrset* rrset) | |
| 1610 | { | |
| 1611 | struct ub_packed_rrset_key* cname; | |
| 1612 | /* synthesize a CNAME */ | |
| 1613 | if(!create_synth_cname(qname, qname_len, region, dname, rrset, | |
| 1614 | z->dclass, &cname)) { | |
| 1615 | /* out of memory */ | |
| 1616 | return 0; | |
| 1617 | } | |
| 1618 | if(!cname) { | |
| 1619 | /* cname cannot be create because of YXDOMAIN */ | |
| 1620 | msg->rep->flags |= LDNS_RCODE_YXDOMAIN; | |
| 1621 | return 1; | |
| 1622 | } | |
| 1623 | /* add cname to message */ | |
| 1624 | if(!msg_grow_array(region, msg)) | |
| 1625 | return 0; | |
| 1626 | msg->rep->rrsets[msg->rep->rrset_count] = cname; | |
| 1627 | msg->rep->rrset_count++; | |
| 1628 | msg->rep->an_numrrsets++; | |
| 1629 | msg_ttl(msg); | |
| 1630 | return 1; | |
| 1631 | } | |
| 1632 | ||
| 1633 | /** Change a dname to a different one, for wildcard namechange */ | |
| 1634 | static void | |
| 1635 | az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname, | |
| 1636 | size_t newlen, int an_only) | |
| 1637 | { | |
| 1638 | size_t i; | |
| 1639 | size_t start = 0, end = msg->rep->rrset_count; | |
| 1640 | if(!an_only) start = msg->rep->an_numrrsets; | |
| 1641 | if(an_only) end = msg->rep->an_numrrsets; | |
| 1642 | for(i=start; i<end; i++) { | |
| 1643 | /* allocated in region so we can change the ptrs */ | |
| 1644 | if(query_dname_compare(msg->rep->rrsets[i]->rk.dname, oldname) | |
| 1645 | == 0) { | |
| 1646 | msg->rep->rrsets[i]->rk.dname = newname; | |
| 1647 | msg->rep->rrsets[i]->rk.dname_len = newlen; | |
| 1648 | } | |
| 1649 | } | |
| 1650 | } | |
| 1651 | ||
| 1652 | /** find NSEC record covering the query */ | |
| 1653 | static struct auth_rrset* | |
| 1654 | az_find_nsec_cover(struct auth_zone* z, struct auth_data** node) | |
| 1655 | { | |
| 1656 | uint8_t* nm = (*node)->name; | |
| 1657 | size_t nmlen = (*node)->namelen; | |
| 1658 | struct auth_rrset* rrset; | |
| 1659 | /* find the NSEC for the smallest-or-equal node */ | |
| 1660 | /* if node == NULL, we did not find a smaller name. But the zone | |
| 1661 | * name is the smallest name and should have an NSEC. So there is | |
| 1662 | * no NSEC to return (for a properly signed zone) */ | |
| 1663 | /* for empty nonterminals, the auth-data node should not exist, | |
| 1664 | * and thus we don't need to go rbtree_previous here to find | |
| 1665 | * a domain with an NSEC record */ | |
| 1666 | /* but there could be glue, and if this is node, then it has no NSEC. | |
| 1667 | * Go up to find nonglue (previous) NSEC-holding nodes */ | |
| 1668 | while((rrset=az_domain_rrset(*node, LDNS_RR_TYPE_NSEC)) == NULL) { | |
| 1669 | if(dname_is_root(nm)) return NULL; | |
| 1670 | if(nmlen == z->namelen) return NULL; | |
| 1671 | dname_remove_label(&nm, &nmlen); | |
| 1672 | /* adjust *node for the nsec rrset to find in */ | |
| 1673 | *node = az_find_name(z, nm, nmlen); | |
| 1674 | } | |
| 1675 | return rrset; | |
| 1676 | } | |
| 1677 | ||
| 1678 | /** Find NSEC and add for wildcard denial */ | |
| 1679 | static int | |
| 1680 | az_nsec_wildcard_denial(struct auth_zone* z, struct regional* region, | |
| 1681 | struct dns_msg* msg, uint8_t* cenm, size_t cenmlen) | |
| 1682 | { | |
| 1683 | struct query_info qinfo; | |
| 1684 | int node_exact; | |
| 1685 | struct auth_data* node; | |
| 1686 | struct auth_rrset* nsec; | |
| 1687 | uint8_t wc[LDNS_MAX_DOMAINLEN]; | |
| 1688 | if(cenmlen+2 > sizeof(wc)) | |
| 1689 | return 0; /* result would be too long */ | |
| 1690 | wc[0] = 1; /* length of wildcard label */ | |
| 1691 | wc[1] = (uint8_t)'*'; /* wildcard label */ | |
| 1692 | memmove(wc+2, cenm, cenmlen); | |
| 1693 | ||
| 1694 | /* we have '*.ce' in wc wildcard name buffer */ | |
| 1695 | /* get nsec cover for that */ | |
| 1696 | qinfo.qname = wc; | |
| 1697 | qinfo.qname_len = cenmlen+2; | |
| 1698 | qinfo.qtype = 0; | |
| 1699 | qinfo.qclass = 0; | |
| 1700 | az_find_domain(z, &qinfo, &node_exact, &node); | |
| 1701 | if((nsec=az_find_nsec_cover(z, &node)) != NULL) { | |
| 1702 | if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0; | |
| 1703 | } | |
| 1704 | return 1; | |
| 1705 | } | |
| 1706 | ||
| 1707 | /** Find the NSEC3PARAM rrset (if any) and if true you have the parameters */ | |
| 1708 | static int | |
| 1709 | az_nsec3_param(struct auth_zone* z, int* algo, size_t* iter, uint8_t** salt, | |
| 1710 | size_t* saltlen) | |
| 1711 | { | |
| 1712 | struct auth_data* apex; | |
| 1713 | struct auth_rrset* param; | |
| 1714 | size_t i; | |
| 1715 | apex = az_find_name(z, z->name, z->namelen); | |
| 1716 | if(!apex) return 0; | |
| 1717 | param = az_domain_rrset(apex, LDNS_RR_TYPE_NSEC3PARAM); | |
| 1718 | if(!param || param->data->count==0) | |
| 1719 | return 0; /* no RRset or no RRs in rrset */ | |
| 1720 | /* find out which NSEC3PARAM RR has supported parameters */ | |
| 1721 | /* skip unknown flags (dynamic signer is recalculating nsec3 chain) */ | |
| 1722 | for(i=0; i<param->data->count; i++) { | |
| 1723 | uint8_t* rdata = param->data->rr_data[i]+2; | |
| 1724 | size_t rdatalen = param->data->rr_len[i]; | |
| 1725 | if(rdatalen < 2+5) | |
| 1726 | continue; /* too short */ | |
| 1727 | if(!nsec3_hash_algo_size_supported((int)(rdata[0]))) | |
| 1728 | continue; /* unsupported algo */ | |
| 1729 | if(rdatalen < (size_t)(2+5+(size_t)rdata[4])) | |
| 1730 | continue; /* salt missing */ | |
| 1731 | if((rdata[1]&NSEC3_UNKNOWN_FLAGS)!=0) | |
| 1732 | continue; /* unknown flags */ | |
| 1733 | *algo = (int)(rdata[0]); | |
| 1734 | *iter = sldns_read_uint16(rdata+2); | |
| 1735 | *saltlen = rdata[4]; | |
| 1736 | if(*saltlen == 0) | |
| 1737 | *salt = NULL; | |
| 1738 | else *salt = rdata+5; | |
| 1739 | return 1; | |
| 1740 | } | |
| 1741 | /* no supported params */ | |
| 1742 | return 0; | |
| 1743 | } | |
| 1744 | ||
| 1745 | /** Hash a name with nsec3param into buffer, it has zone name appended. | |
| 1746 | * return length of hash */ | |
| 1747 | static size_t | |
| 1748 | az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen, | |
| 1749 | int algo, size_t iter, uint8_t* salt, size_t saltlen) | |
| 1750 | { | |
| 1751 | size_t hlen = nsec3_hash_algo_size_supported(algo); | |
| 1752 | /* buffer has domain name, nsec3hash, and 256 is for max saltlen | |
| 1753 | * (salt has 0-255 length) */ | |
| 1754 | unsigned char p[LDNS_MAX_DOMAINLEN+1+N3HASHBUFLEN+256]; | |
| 1755 | size_t i; | |
| 1756 | if(nmlen+saltlen > sizeof(p) || hlen+saltlen > sizeof(p)) | |
| 1757 | return 0; | |
| 1758 | if(hlen > buflen) | |
| 1759 | return 0; /* somehow too large for destination buffer */ | |
| 1760 | /* hashfunc(name, salt) */ | |
| 1761 | memmove(p, nm, nmlen); | |
| 1762 | query_dname_tolower(p); | |
| 1763 | memmove(p+nmlen, salt, saltlen); | |
| 1764 | (void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf); | |
| 1765 | for(i=0; i<iter; i++) { | |
| 1766 | /* hashfunc(hash, salt) */ | |
| 1767 | memmove(p, buf, hlen); | |
| 1768 | memmove(p+hlen, salt, saltlen); | |
| 1769 | (void)secalgo_nsec3_hash(algo, p, hlen+saltlen, | |
| 1770 | (unsigned char*)buf); | |
| 1771 | } | |
| 1772 | return hlen; | |
| 1773 | } | |
| 1774 | ||
| 1775 | /** Hash name and return b32encoded hashname for lookup, zone name appended */ | |
| 1776 | static int | |
| 1777 | az_nsec3_hashname(struct auth_zone* z, uint8_t* hashname, size_t* hashnmlen, | |
| 1778 | uint8_t* nm, size_t nmlen, int algo, size_t iter, uint8_t* salt, | |
| 1779 | size_t saltlen) | |
| 1780 | { | |
| 1781 | uint8_t hash[N3HASHBUFLEN]; | |
| 1782 | size_t hlen; | |
| 1783 | int ret; | |
| 1784 | hlen = az_nsec3_hash(hash, sizeof(hash), nm, nmlen, algo, iter, | |
| 1785 | salt, saltlen); | |
| 1786 | if(!hlen) return 0; | |
| 1787 | /* b32 encode */ | |
| 1788 | if(*hashnmlen < hlen*2+1+z->namelen) /* approx b32 as hexb16 */ | |
| 1789 | return 0; | |
| 1790 | ret = sldns_b32_ntop_extended_hex(hash, hlen, (char*)(hashname+1), | |
| 1791 | (*hashnmlen)-1); | |
| 1792 | if(ret<1) | |
| 1793 | return 0; | |
| 1794 | hashname[0] = (uint8_t)ret; | |
| 1795 | ret++; | |
| 1796 | if((*hashnmlen) - ret < z->namelen) | |
| 1797 | return 0; | |
| 1798 | memmove(hashname+ret, z->name, z->namelen); | |
| 1799 | *hashnmlen = z->namelen+(size_t)ret; | |
| 1800 | return 1; | |
| 1801 | } | |
| 1802 | ||
| 1803 | /** Find the datanode that covers the nsec3hash-name */ | |
| 1804 | struct auth_data* | |
| 1805 | az_nsec3_findnode(struct auth_zone* z, uint8_t* hashnm, size_t hashnmlen) | |
| 1806 | { | |
| 1807 | struct query_info qinfo; | |
| 1808 | struct auth_data* node; | |
| 1809 | int node_exact; | |
| 1810 | qinfo.qclass = 0; | |
| 1811 | qinfo.qtype = 0; | |
| 1812 | qinfo.qname = hashnm; | |
| 1813 | qinfo.qname_len = hashnmlen; | |
| 1814 | /* because canonical ordering and b32 nsec3 ordering are the same. | |
| 1815 | * this is a good lookup to find the nsec3 name. */ | |
| 1816 | az_find_domain(z, &qinfo, &node_exact, &node); | |
| 1817 | /* but we may have to skip non-nsec3 nodes */ | |
| 1818 | /* this may be a lot, the way to speed that up is to have a | |
| 1819 | * separate nsec3 tree with nsec3 nodes */ | |
| 1820 | while(node && (rbnode_type*)node != RBTREE_NULL && | |
| 1821 | !az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) { | |
| 1822 | node = (struct auth_data*)rbtree_previous(&node->node); | |
| 1823 | } | |
| 1824 | if((rbnode_type*)node == RBTREE_NULL) | |
| 1825 | node = NULL; | |
| 1826 | return node; | |
| 1827 | } | |
| 1828 | ||
| 1829 | /** Find cover for hashed(nm, nmlen) (or NULL) */ | |
| 1830 | static struct auth_data* | |
| 1831 | az_nsec3_find_cover(struct auth_zone* z, uint8_t* nm, size_t nmlen, | |
| 1832 | int algo, size_t iter, uint8_t* salt, size_t saltlen) | |
| 1833 | { | |
| 1834 | struct auth_data* node; | |
| 1835 | uint8_t hname[LDNS_MAX_DOMAINLEN]; | |
| 1836 | size_t hlen = sizeof(hname); | |
| 1837 | if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter, | |
| 1838 | salt, saltlen)) | |
| 1839 | return NULL; | |
| 1840 | node = az_nsec3_findnode(z, hname, hlen); | |
| 1841 | if(node) | |
| 1842 | return node; | |
| 1843 | /* we did not find any, perhaps because the NSEC3 hash is before | |
| 1844 | * the first hash, we have to find the 'last hash' in the zone */ | |
| 1845 | node = (struct auth_data*)rbtree_last(&z->data); | |
| 1846 | while(node && (rbnode_type*)node != RBTREE_NULL && | |
| 1847 | !az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) { | |
| 1848 | node = (struct auth_data*)rbtree_previous(&node->node); | |
| 1849 | } | |
| 1850 | if((rbnode_type*)node == RBTREE_NULL) | |
| 1851 | node = NULL; | |
| 1852 | return node; | |
| 1853 | } | |
| 1854 | ||
| 1855 | /** Find exact match for hashed(nm, nmlen) NSEC3 record or NULL */ | |
| 1856 | static struct auth_data* | |
| 1857 | az_nsec3_find_exact(struct auth_zone* z, uint8_t* nm, size_t nmlen, | |
| 1858 | int algo, size_t iter, uint8_t* salt, size_t saltlen) | |
| 1859 | { | |
| 1860 | struct auth_data* node; | |
| 1861 | uint8_t hname[LDNS_MAX_DOMAINLEN]; | |
| 1862 | size_t hlen = sizeof(hname); | |
| 1863 | if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter, | |
| 1864 | salt, saltlen)) | |
| 1865 | return NULL; | |
| 1866 | node = az_find_name(z, hname, hlen); | |
| 1867 | if(az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) | |
| 1868 | return node; | |
| 1869 | return NULL; | |
| 1870 | } | |
| 1871 | ||
| 1872 | /** Return nextcloser name (as a ref into the qname). This is one label | |
| 1873 | * more than the cenm (cename must be a suffix of qname) */ | |
| 1874 | static void | |
| 1875 | az_nsec3_get_nextcloser(uint8_t* cenm, uint8_t* qname, size_t qname_len, | |
| 1876 | uint8_t** nx, size_t* nxlen) | |
| 1877 | { | |
| 1878 | int celabs = dname_count_labels(cenm); | |
| 1879 | int qlabs = dname_count_labels(qname); | |
| 1880 | int strip = qlabs - celabs -1; | |
| 1881 | log_assert(dname_strict_subdomain(qname, qlabs, cenm, celabs)); | |
| 1882 | *nx = qname; | |
| 1883 | *nxlen = qname_len; | |
| 1884 | if(strip>0) | |
| 1885 | dname_remove_labels(nx, nxlen, strip); | |
| 1886 | } | |
| 1887 | ||
| 1888 | /** Find the closest encloser that has exact NSEC3. | |
| 1889 | * updated cenm to the new name. If it went up no-exact-ce is true. */ | |
| 1890 | static struct auth_data* | |
| 1891 | az_nsec3_find_ce(struct auth_zone* z, uint8_t** cenm, size_t* cenmlen, | |
| 1892 | int* no_exact_ce, int algo, size_t iter, uint8_t* salt, size_t saltlen) | |
| 1893 | { | |
| 1894 | struct auth_data* node; | |
| 1895 | while((node = az_nsec3_find_exact(z, *cenm, *cenmlen, | |
| 1896 | algo, iter, salt, saltlen)) == NULL) { | |
| 1897 | if(*cenmlen == z->namelen) { | |
| 1898 | /* next step up would take us out of the zone. fail */ | |
| 1899 | return NULL; | |
| 1900 | } | |
| 1901 | *no_exact_ce = 1; | |
| 1902 | dname_remove_label(cenm, cenmlen); | |
| 1903 | } | |
| 1904 | return node; | |
| 1905 | } | |
| 1906 | ||
| 1907 | /* Insert NSEC3 record in authority section, if NULL does nothing */ | |
| 1908 | static int | |
| 1909 | az_nsec3_insert(struct auth_zone* z, struct regional* region, | |
| 1910 | struct dns_msg* msg, struct auth_data* node) | |
| 1911 | { | |
| 1912 | struct auth_rrset* nsec3; | |
| 1913 | if(!node) return 1; /* no node, skip this */ | |
| 1914 | nsec3 = az_domain_rrset(node, LDNS_RR_TYPE_NSEC3); | |
| 1915 | if(!nsec3) return 1; /* if no nsec3 RR, skip it */ | |
| 1916 | if(!msg_add_rrset_ns(z, region, msg, node, nsec3)) return 0; | |
| 1917 | return 1; | |
| 1918 | } | |
| 1919 | ||
| 1920 | /** add NSEC3 records to the zone for the nsec3 proof. | |
| 1921 | * Specify with the flags with parts of the proof are required. | |
| 1922 | * the ce is the exact matching name (for notype) but also delegation points. | |
| 1923 | * qname is the one where the nextcloser name can be derived from. | |
| 1924 | * If NSEC3 is not properly there (in the zone) nothing is added. | |
| 1925 | * always enabled: include nsec3 proving about the Closest Encloser. | |
| 1926 | * that is an exact match that should exist for it. | |
| 1927 | * If that does not exist, a higher exact match + nxproof is enabled | |
| 1928 | * (for some sort of opt-out empty nonterminal cases). | |
| 1929 | * nxproof: include denial of the qname. | |
| 1930 | * wcproof: include denial of wildcard (wildcard.ce). | |
| 1931 | */ | |
| 1932 | static int | |
| 1933 | az_add_nsec3_proof(struct auth_zone* z, struct regional* region, | |
| 1934 | struct dns_msg* msg, uint8_t* cenm, size_t cenmlen, uint8_t* qname, | |
| 1935 | size_t qname_len, int nxproof, int wcproof) | |
| 1936 | { | |
| 1937 | int algo; | |
| 1938 | size_t iter, saltlen; | |
| 1939 | uint8_t* salt; | |
| 1940 | int no_exact_ce = 0; | |
| 1941 | struct auth_data* node; | |
| 1942 | ||
| 1943 | /* find parameters of nsec3 proof */ | |
| 1944 | if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen)) | |
| 1945 | return 1; /* no nsec3 */ | |
| 1946 | /* find ce that has an NSEC3 */ | |
| 1947 | node = az_nsec3_find_ce(z, &cenm, &cenmlen, &no_exact_ce, | |
| 1948 | algo, iter, salt, saltlen); | |
| 1949 | if(no_exact_ce) nxproof = 1; | |
| 1950 | if(!az_nsec3_insert(z, region, msg, node)) | |
| 1951 | return 0; | |
| 1952 | ||
| 1953 | if(nxproof) { | |
| 1954 | uint8_t* nx; | |
| 1955 | size_t nxlen; | |
| 1956 | /* create nextcloser domain name */ | |
| 1957 | az_nsec3_get_nextcloser(cenm, qname, qname_len, &nx, &nxlen); | |
| 1958 | /* find nsec3 that matches or covers it */ | |
| 1959 | node = az_nsec3_find_cover(z, nx, nxlen, algo, iter, salt, | |
| 1960 | saltlen); | |
| 1961 | if(!az_nsec3_insert(z, region, msg, node)) | |
| 1962 | return 0; | |
| 1963 | } | |
| 1964 | if(wcproof) { | |
| 1965 | /* create wildcard name *.ce */ | |
| 1966 | uint8_t wc[LDNS_MAX_DOMAINLEN]; | |
| 1967 | size_t wclen; | |
| 1968 | if(cenmlen+2 > sizeof(wc)) | |
| 1969 | return 0; /* result would be too long */ | |
| 1970 | wc[0] = 1; /* length of wildcard label */ | |
| 1971 | wc[1] = (uint8_t)'*'; /* wildcard label */ | |
| 1972 | memmove(wc+2, cenm, cenmlen); | |
| 1973 | wclen = cenmlen+2; | |
| 1974 | /* find nsec3 that matches or covers it */ | |
| 1975 | node = az_nsec3_find_cover(z, wc, wclen, algo, iter, salt, | |
| 1976 | saltlen); | |
| 1977 | if(!az_nsec3_insert(z, region, msg, node)) | |
| 1978 | return 0; | |
| 1979 | } | |
| 1980 | return 1; | |
| 1981 | } | |
| 1982 | ||
| 1983 | /** generate answer for positive answer */ | |
| 1984 | static int | |
| 1985 | az_generate_positive_answer(struct auth_zone* z, struct regional* region, | |
| 1986 | struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset) | |
| 1987 | { | |
| 1988 | if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; | |
| 1989 | /* see if we want additional rrs */ | |
| 1990 | if(rrset->type == LDNS_RR_TYPE_MX) { | |
| 1991 | if(!az_add_additionals_from(z, region, msg, rrset, 2)) | |
| 1992 | return 0; | |
| 1993 | } else if(rrset->type == LDNS_RR_TYPE_SRV) { | |
| 1994 | if(!az_add_additionals_from(z, region, msg, rrset, 6)) | |
| 1995 | return 0; | |
| 1996 | } else if(rrset->type == LDNS_RR_TYPE_NS) { | |
| 1997 | if(!az_add_additionals_from(z, region, msg, rrset, 0)) | |
| 1998 | return 0; | |
| 1999 | } | |
| 2000 | return 1; | |
| 2001 | } | |
| 2002 | ||
| 2003 | /** generate answer for type ANY answer */ | |
| 2004 | static int | |
| 2005 | az_generate_any_answer(struct auth_zone* z, struct regional* region, | |
| 2006 | struct dns_msg* msg, struct auth_data* node) | |
| 2007 | { | |
| 2008 | struct auth_rrset* rrset; | |
| 2009 | int added = 0; | |
| 2010 | /* add a couple (at least one) RRs */ | |
| 2011 | if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_SOA)) != NULL) { | |
| 2012 | if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; | |
| 2013 | added++; | |
| 2014 | } | |
| 2015 | if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_MX)) != NULL) { | |
| 2016 | if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; | |
| 2017 | added++; | |
| 2018 | } | |
| 2019 | if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_A)) != NULL) { | |
| 2020 | if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; | |
| 2021 | added++; | |
| 2022 | } | |
| 2023 | if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_AAAA)) != NULL) { | |
| 2024 | if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; | |
| 2025 | added++; | |
| 2026 | } | |
| 2027 | if(added == 0 && node->rrsets) { | |
| 2028 | if(!msg_add_rrset_an(z, region, msg, node, | |
| 2029 | node->rrsets)) return 0; | |
| 2030 | } | |
| 2031 | return 1; | |
| 2032 | } | |
| 2033 | ||
| 2034 | /** follow cname chain and add more data to the answer section */ | |
| 2035 | static int | |
| 2036 | follow_cname_chain(struct auth_zone* z, uint16_t qtype, | |
| 2037 | struct regional* region, struct dns_msg* msg, | |
| 2038 | struct packed_rrset_data* d) | |
| 2039 | { | |
| 2040 | int maxchain = 0; | |
| 2041 | /* see if we can add the target of the CNAME into the answer */ | |
| 2042 | while(maxchain++ < MAX_CNAME_CHAIN) { | |
| 2043 | struct auth_data* node; | |
| 2044 | struct auth_rrset* rrset; | |
| 2045 | size_t clen; | |
| 2046 | /* d has cname rdata */ | |
| 2047 | if(d->count == 0) break; /* no CNAME */ | |
| 2048 | if(d->rr_len[0] < 2+1) break; /* too small */ | |
| 2049 | if((clen=dname_valid(d->rr_data[0]+2, d->rr_len[0]-2))==0) | |
| 2050 | break; /* malformed */ | |
| 2051 | if(!dname_subdomain_c(d->rr_data[0]+2, z->name)) | |
| 2052 | break; /* target out of zone */ | |
| 2053 | if((node = az_find_name(z, d->rr_data[0]+2, clen))==NULL) | |
| 2054 | break; /* no such target name */ | |
| 2055 | if((rrset=az_domain_rrset(node, qtype))!=NULL) { | |
| 2056 | /* done we found the target */ | |
| 2057 | if(!msg_add_rrset_an(z, region, msg, node, rrset)) | |
| 2058 | return 0; | |
| 2059 | break; | |
| 2060 | } | |
| 2061 | if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME))==NULL) | |
| 2062 | break; /* no further CNAME chain, notype */ | |
| 2063 | if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; | |
| 2064 | d = rrset->data; | |
| 2065 | } | |
| 2066 | return 1; | |
| 2067 | } | |
| 2068 | ||
| 2069 | /** generate answer for cname answer */ | |
| 2070 | static int | |
| 2071 | az_generate_cname_answer(struct auth_zone* z, struct query_info* qinfo, | |
| 2072 | struct regional* region, struct dns_msg* msg, | |
| 2073 | struct auth_data* node, struct auth_rrset* rrset) | |
| 2074 | { | |
| 2075 | if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; | |
| 2076 | if(!rrset) return 1; | |
| 2077 | if(!follow_cname_chain(z, qinfo->qtype, region, msg, rrset->data)) | |
| 2078 | return 0; | |
| 2079 | return 1; | |
| 2080 | } | |
| 2081 | ||
| 2082 | /** generate answer for notype answer */ | |
| 2083 | static int | |
| 2084 | az_generate_notype_answer(struct auth_zone* z, struct regional* region, | |
| 2085 | struct dns_msg* msg, struct auth_data* node) | |
| 2086 | { | |
| 2087 | struct auth_rrset* rrset; | |
| 2088 | if(!az_add_negative_soa(z, region, msg)) return 0; | |
| 2089 | /* DNSSEC denial NSEC */ | |
| 2090 | if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_NSEC))!=NULL) { | |
| 2091 | if(!msg_add_rrset_ns(z, region, msg, node, rrset)) return 0; | |
| 2092 | } else if(node) { | |
| 2093 | /* DNSSEC denial NSEC3 */ | |
| 2094 | if(!az_add_nsec3_proof(z, region, msg, node->name, | |
| 2095 | node->namelen, msg->qinfo.qname, | |
| 2096 | msg->qinfo.qname_len, 0, 0)) | |
| 2097 | return 0; | |
| 2098 | } | |
| 2099 | return 1; | |
| 2100 | } | |
| 2101 | ||
| 2102 | /** generate answer for referral answer */ | |
| 2103 | static int | |
| 2104 | az_generate_referral_answer(struct auth_zone* z, struct regional* region, | |
| 2105 | struct dns_msg* msg, struct auth_data* ce, struct auth_rrset* rrset) | |
| 2106 | { | |
| 2107 | struct auth_rrset* ds, *nsec; | |
| 2108 | /* turn off AA flag, referral is nonAA because it leaves the zone */ | |
| 2109 | log_assert(ce); | |
| 2110 | msg->rep->flags &= ~BIT_AA; | |
| 2111 | if(!msg_add_rrset_ns(z, region, msg, ce, rrset)) return 0; | |
| 2112 | /* add DS or deny it */ | |
| 2113 | if((ds=az_domain_rrset(ce, LDNS_RR_TYPE_DS))!=NULL) { | |
| 2114 | if(!msg_add_rrset_ns(z, region, msg, ce, ds)) return 0; | |
| 2115 | } else { | |
| 2116 | /* deny the DS */ | |
| 2117 | if((nsec=az_domain_rrset(ce, LDNS_RR_TYPE_NSEC))!=NULL) { | |
| 2118 | if(!msg_add_rrset_ns(z, region, msg, ce, nsec)) | |
| 2119 | return 0; | |
| 2120 | } else { | |
| 2121 | if(!az_add_nsec3_proof(z, region, msg, ce->name, | |
| 2122 | ce->namelen, msg->qinfo.qname, | |
| 2123 | msg->qinfo.qname_len, 0, 0)) | |
| 2124 | return 0; | |
| 2125 | } | |
| 2126 | } | |
| 2127 | /* add additional rrs for type NS */ | |
| 2128 | if(!az_add_additionals_from(z, region, msg, rrset, 0)) return 0; | |
| 2129 | return 1; | |
| 2130 | } | |
| 2131 | ||
| 2132 | /** generate answer for DNAME answer */ | |
| 2133 | static int | |
| 2134 | az_generate_dname_answer(struct auth_zone* z, struct query_info* qinfo, | |
| 2135 | struct regional* region, struct dns_msg* msg, struct auth_data* ce, | |
| 2136 | struct auth_rrset* rrset) | |
| 2137 | { | |
| 2138 | log_assert(ce); | |
| 2139 | /* add the DNAME and then a CNAME */ | |
| 2140 | if(!msg_add_rrset_an(z, region, msg, ce, rrset)) return 0; | |
| 2141 | if(!add_synth_cname(z, qinfo->qname, qinfo->qname_len, region, | |
| 2142 | msg, ce, rrset)) return 0; | |
| 2143 | if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_YXDOMAIN) | |
| 2144 | return 1; | |
| 2145 | if(msg->rep->rrset_count == 0 || | |
| 2146 | !msg->rep->rrsets[msg->rep->rrset_count-1]) | |
| 2147 | return 0; | |
| 2148 | if(!follow_cname_chain(z, qinfo->qtype, region, msg, | |
| 2149 | (struct packed_rrset_data*)msg->rep->rrsets[ | |
| 2150 | msg->rep->rrset_count-1]->entry.data)) | |
| 2151 | return 0; | |
| 2152 | return 1; | |
| 2153 | } | |
| 2154 | ||
| 2155 | /** generate answer for wildcard answer */ | |
| 2156 | static int | |
| 2157 | az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo, | |
| 2158 | struct regional* region, struct dns_msg* msg, struct auth_data* ce, | |
| 2159 | struct auth_data* wildcard, struct auth_data* node) | |
| 2160 | { | |
| 2161 | struct auth_rrset* rrset, *nsec; | |
| 2162 | if(verbosity>=VERB_ALGO) { | |
| 2163 | char wcname[256]; | |
| 2164 | sldns_wire2str_dname_buf(wildcard->name, wildcard->namelen, | |
| 2165 | wcname, sizeof(wcname)); | |
| 2166 | log_info("wildcard %s", wcname); | |
| 2167 | } | |
| 2168 | if((rrset=az_domain_rrset(wildcard, qinfo->qtype)) != NULL) { | |
| 2169 | /* wildcard has type, add it */ | |
| 2170 | if(!msg_add_rrset_an(z, region, msg, wildcard, rrset)) | |
| 2171 | return 0; | |
| 2172 | az_change_dnames(msg, wildcard->name, msg->qinfo.qname, | |
| 2173 | msg->qinfo.qname_len, 1); | |
| 2174 | } else if((rrset=az_domain_rrset(wildcard, LDNS_RR_TYPE_CNAME))!=NULL) { | |
| 2175 | /* wildcard has cname instead, do that */ | |
| 2176 | if(!msg_add_rrset_an(z, region, msg, wildcard, rrset)) | |
| 2177 | return 0; | |
| 2178 | az_change_dnames(msg, wildcard->name, msg->qinfo.qname, | |
| 2179 | msg->qinfo.qname_len, 1); | |
| 2180 | if(!follow_cname_chain(z, qinfo->qtype, region, msg, | |
| 2181 | rrset->data)) | |
| 2182 | return 0; | |
| 2183 | } else if(qinfo->qtype == LDNS_RR_TYPE_ANY && wildcard->rrsets) { | |
| 2184 | /* add ANY rrsets from wildcard node */ | |
| 2185 | if(!az_generate_any_answer(z, region, msg, wildcard)) | |
| 2186 | return 0; | |
| 2187 | az_change_dnames(msg, wildcard->name, msg->qinfo.qname, | |
| 2188 | msg->qinfo.qname_len, 1); | |
| 2189 | } else { | |
| 2190 | /* wildcard has nodata, notype answer */ | |
| 2191 | /* call other notype routine for dnssec notype denials */ | |
| 2192 | if(!az_generate_notype_answer(z, region, msg, wildcard)) | |
| 2193 | return 0; | |
| 2194 | } | |
| 2195 | ||
| 2196 | /* ce and node for dnssec denial of wildcard original name */ | |
| 2197 | if((nsec=az_find_nsec_cover(z, &node)) != NULL) { | |
| 2198 | if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0; | |
| 2199 | } else if(ce) { | |
| 2200 | if(!az_add_nsec3_proof(z, region, msg, ce->name, | |
| 2201 | ce->namelen, msg->qinfo.qname, | |
| 2202 | msg->qinfo.qname_len, 1, 0)) | |
| 2203 | return 0; | |
| 2204 | } | |
| 2205 | ||
| 2206 | /* fixup name of wildcard from *.zone to qname, use already allocated | |
| 2207 | * pointer to msg qname */ | |
| 2208 | az_change_dnames(msg, wildcard->name, msg->qinfo.qname, | |
| 2209 | msg->qinfo.qname_len, 0); | |
| 2210 | return 1; | |
| 2211 | } | |
| 2212 | ||
| 2213 | /** generate answer for nxdomain answer */ | |
| 2214 | static int | |
| 2215 | az_generate_nxdomain_answer(struct auth_zone* z, struct regional* region, | |
| 2216 | struct dns_msg* msg, struct auth_data* ce, struct auth_data* node) | |
| 2217 | { | |
| 2218 | struct auth_rrset* nsec; | |
| 2219 | msg->rep->flags |= LDNS_RCODE_NXDOMAIN; | |
| 2220 | if(!az_add_negative_soa(z, region, msg)) return 0; | |
| 2221 | if((nsec=az_find_nsec_cover(z, &node)) != NULL) { | |
| 2222 | if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0; | |
| 2223 | if(ce && !az_nsec_wildcard_denial(z, region, msg, ce->name, | |
| 2224 | ce->namelen)) return 0; | |
| 2225 | } else if(ce) { | |
| 2226 | if(!az_add_nsec3_proof(z, region, msg, ce->name, | |
| 2227 | ce->namelen, msg->qinfo.qname, | |
| 2228 | msg->qinfo.qname_len, 1, 1)) | |
| 2229 | return 0; | |
| 2230 | } | |
| 2231 | return 1; | |
| 2232 | } | |
| 2233 | ||
| 2234 | /** Create answers when an exact match exists for the domain name */ | |
| 2235 | static int | |
| 2236 | az_generate_answer_with_node(struct auth_zone* z, struct query_info* qinfo, | |
| 2237 | struct regional* region, struct dns_msg* msg, struct auth_data* node) | |
| 2238 | { | |
| 2239 | struct auth_rrset* rrset; | |
| 2240 | /* positive answer, rrset we are looking for exists */ | |
| 2241 | if((rrset=az_domain_rrset(node, qinfo->qtype)) != NULL) { | |
| 2242 | return az_generate_positive_answer(z, region, msg, node, rrset); | |
| 2243 | } | |
| 2244 | /* CNAME? */ | |
| 2245 | if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME)) != NULL) { | |
| 2246 | return az_generate_cname_answer(z, qinfo, region, msg, | |
| 2247 | node, rrset); | |
| 2248 | } | |
| 2249 | /* type ANY ? */ | |
| 2250 | if(qinfo->qtype == LDNS_RR_TYPE_ANY) { | |
| 2251 | return az_generate_any_answer(z, region, msg, node); | |
| 2252 | } | |
| 2253 | /* NOERROR/NODATA (no such type at domain name) */ | |
| 2254 | return az_generate_notype_answer(z, region, msg, node); | |
| 2255 | } | |
| 2256 | ||
| 2257 | /** Generate answer without an existing-node that we can use. | |
| 2258 | * So it'll be a referral, DNAME or nxdomain */ | |
| 2259 | static int | |
| 2260 | az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo, | |
| 2261 | struct regional* region, struct dns_msg* msg, struct auth_data* ce, | |
| 2262 | struct auth_rrset* rrset, struct auth_data* node) | |
| 2263 | { | |
| 2264 | struct auth_data* wildcard; | |
| 2265 | ||
| 2266 | /* we do not have an exact matching name (that exists) */ | |
| 2267 | /* see if we have a NS or DNAME in the ce */ | |
| 2268 | if(ce && rrset && rrset->type == LDNS_RR_TYPE_NS) { | |
| 2269 | return az_generate_referral_answer(z, region, msg, ce, rrset); | |
| 2270 | } | |
| 2271 | if(ce && rrset && rrset->type == LDNS_RR_TYPE_DNAME) { | |
| 2272 | return az_generate_dname_answer(z, qinfo, region, msg, ce, | |
| 2273 | rrset); | |
| 2274 | } | |
| 2275 | /* if there is an empty nonterminal, wildcard and nxdomain don't | |
| 2276 | * happen, it is a notype answer */ | |
| 2277 | if(az_empty_nonterminal(z, qinfo, node)) { | |
| 2278 | return az_generate_notype_answer(z, region, msg, node); | |
| 2279 | } | |
| 2280 | /* see if we have a wildcard under the ce */ | |
| 2281 | if((wildcard=az_find_wildcard(z, qinfo, ce)) != NULL) { | |
| 2282 | return az_generate_wildcard_answer(z, qinfo, region, msg, | |
| 2283 | ce, wildcard, node); | |
| 2284 | } | |
| 2285 | /* generate nxdomain answer */ | |
| 2286 | return az_generate_nxdomain_answer(z, region, msg, ce, node); | |
| 2287 | } | |
| 2288 | ||
| 2289 | /** Lookup answer in a zone. */ | |
| 2290 | static int | |
| 2291 | auth_zone_generate_answer(struct auth_zone* z, struct query_info* qinfo, | |
| 2292 | struct regional* region, struct dns_msg** msg, int* fallback) | |
| 2293 | { | |
| 2294 | struct auth_data* node, *ce; | |
| 2295 | struct auth_rrset* rrset; | |
| 2296 | int node_exact, node_exists; | |
| 2297 | /* does the zone want fallback in case of failure? */ | |
| 2298 | *fallback = z->fallback_enabled; | |
| 2299 | if(!(*msg=msg_create(region, qinfo))) return 0; | |
| 2300 | ||
| 2301 | /* lookup if there is a matching domain name for the query */ | |
| 2302 | az_find_domain(z, qinfo, &node_exact, &node); | |
| 2303 | ||
| 2304 | /* see if node exists for generating answers from (i.e. not glue and | |
| 2305 | * obscured by NS or DNAME or NSEC3-only), and also return the | |
| 2306 | * closest-encloser from that, closest node that should be used | |
| 2307 | * to generate answers from that is above the query */ | |
| 2308 | node_exists = az_find_ce(z, qinfo, node, node_exact, &ce, &rrset); | |
| 2309 | ||
| 2310 | if(verbosity >= VERB_ALGO) { | |
| 2311 | char zname[256], qname[256], nname[256], cename[256], | |
| 2312 | tpstr[32], rrstr[32]; | |
| 2313 | sldns_wire2str_dname_buf(qinfo->qname, qinfo->qname_len, qname, | |
| 2314 | sizeof(qname)); | |
| 2315 | sldns_wire2str_type_buf(qinfo->qtype, tpstr, sizeof(tpstr)); | |
| 2316 | sldns_wire2str_dname_buf(z->name, z->namelen, zname, | |
| 2317 | sizeof(zname)); | |
| 2318 | if(node) | |
| 2319 | sldns_wire2str_dname_buf(node->name, node->namelen, | |
| 2320 | nname, sizeof(nname)); | |
| 2321 | else snprintf(nname, sizeof(nname), "NULL"); | |
| 2322 | if(ce) | |
| 2323 | sldns_wire2str_dname_buf(ce->name, ce->namelen, | |
| 2324 | cename, sizeof(cename)); | |
| 2325 | else snprintf(cename, sizeof(cename), "NULL"); | |
| 2326 | if(rrset) sldns_wire2str_type_buf(rrset->type, rrstr, | |
| 2327 | sizeof(rrstr)); | |
| 2328 | else snprintf(rrstr, sizeof(rrstr), "NULL"); | |
| 2329 | log_info("auth_zone %s query %s %s, domain %s %s %s, " | |
| 2330 | "ce %s, rrset %s", zname, qname, tpstr, nname, | |
| 2331 | (node_exact?"exact":"notexact"), | |
| 2332 | (node_exists?"exist":"notexist"), cename, rrstr); | |
| 2333 | } | |
| 2334 | ||
| 2335 | if(node_exists) { | |
| 2336 | /* the node is fine, generate answer from node */ | |
| 2337 | return az_generate_answer_with_node(z, qinfo, region, *msg, | |
| 2338 | node); | |
| 2339 | } | |
| 2340 | return az_generate_answer_nonexistnode(z, qinfo, region, *msg, | |
| 2341 | ce, rrset, node); | |
| 2342 | } | |
| 2343 | ||
| 2344 | int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo, | |
| 2345 | struct regional* region, struct dns_msg** msg, int* fallback, | |
| 2346 | uint8_t* dp_nm, size_t dp_nmlen) | |
| 2347 | { | |
| 2348 | int r; | |
| 2349 | struct auth_zone* z; | |
| 2350 | ||
| 2351 | /* find the zone that should contain the answer. */ | |
| 2352 | lock_rw_rdlock(&az->lock); | |
| 2353 | z = auth_zone_find(az, dp_nm, dp_nmlen, qinfo->qclass); | |
| 2354 | if(!z) { | |
| 2355 | lock_rw_unlock(&az->lock); | |
| 2356 | verbose(VERB_ALGO, "no auth zone for query, fallback"); | |
| 2357 | /* no auth zone, fallback to internet */ | |
| 2358 | *fallback = 1; | |
| 2359 | return 0; | |
| 2360 | } | |
| 2361 | lock_rw_rdlock(&z->lock); | |
| 2362 | lock_rw_unlock(&az->lock); | |
| 2363 | ||
| 2364 | /* see what answer that zone would generate */ | |
| 2365 | r = auth_zone_generate_answer(z, qinfo, region, msg, fallback); | |
| 2366 | lock_rw_unlock(&z->lock); | |
| 2367 | return r; | |
| 2368 | } |
| 0 | /* | |
| 1 | * services/authzone.h - authoritative zone that is locally hosted. | |
| 2 | * | |
| 3 | * Copyright (c) 2017, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | ||
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * This file contains the functions for an authority zone. This zone | |
| 39 | * is queried by the iterator, just like a stub or forward zone, but then | |
| 40 | * the data is locally held. | |
| 41 | */ | |
| 42 | ||
| 43 | #ifndef SERVICES_AUTHZONE_H | |
| 44 | #define SERVICES_AUTHZONE_H | |
| 45 | #include "util/rbtree.h" | |
| 46 | #include "util/locks.h" | |
| 47 | struct ub_packed_rrset_key; | |
| 48 | struct regional; | |
| 49 | struct config_file; | |
| 50 | struct query_info; | |
| 51 | struct dns_msg; | |
| 52 | ||
| 53 | /** | |
| 54 | * Authoritative zones, shared. | |
| 55 | */ | |
| 56 | struct auth_zones { | |
| 57 | /** lock on the authzone tree */ | |
| 58 | lock_rw_type lock; | |
| 59 | /** rbtree of struct auth_zone */ | |
| 60 | rbtree_type ztree; | |
| 61 | }; | |
| 62 | ||
| 63 | /** | |
| 64 | * Auth zone. Authoritative data, that is fetched from instead of sending | |
| 65 | * packets to the internet. | |
| 66 | */ | |
| 67 | struct auth_zone { | |
| 68 | /** rbtree node, key is name and class */ | |
| 69 | rbnode_type node; | |
| 70 | ||
| 71 | /** zone name, in uncompressed wireformat */ | |
| 72 | uint8_t* name; | |
| 73 | /** length of zone name */ | |
| 74 | size_t namelen; | |
| 75 | /** number of labels in zone name */ | |
| 76 | int namelabs; | |
| 77 | /** the class of this zone, in host byteorder. | |
| 78 | * uses 'dclass' to not conflict with c++ keyword class. */ | |
| 79 | uint16_t dclass; | |
| 80 | ||
| 81 | /** lock on the data in the structure | |
| 82 | * For the node, parent, name, namelen, namelabs, dclass, you | |
| 83 | * need to also hold the zones_tree lock to change them (or to | |
| 84 | * delete this zone) */ | |
| 85 | lock_rw_type lock; | |
| 86 | ||
| 87 | /** auth data for this zone | |
| 88 | * rbtree of struct auth_data */ | |
| 89 | rbtree_type data; | |
| 90 | ||
| 91 | /* zonefile name (or NULL for no zonefile) */ | |
| 92 | char* zonefile; | |
| 93 | /* fallback to the internet on failure or ttl-expiry of auth zone */ | |
| 94 | int fallback_enabled; | |
| 95 | }; | |
| 96 | ||
| 97 | /** | |
| 98 | * Auth data. One domain name, and the RRs to go with it. | |
| 99 | */ | |
| 100 | struct auth_data { | |
| 101 | /** rbtree node, key is name only */ | |
| 102 | rbnode_type node; | |
| 103 | /** domain name */ | |
| 104 | uint8_t* name; | |
| 105 | /** length of name */ | |
| 106 | size_t namelen; | |
| 107 | /** number of labels in name */ | |
| 108 | int namelabs; | |
| 109 | /** the data rrsets, with different types, linked list. | |
| 110 | * if the list if NULL the node would be an empty non-terminal, | |
| 111 | * but in this data structure such nodes that represent an empty | |
| 112 | * non-terminal are not needed; they just don't exist. | |
| 113 | */ | |
| 114 | struct auth_rrset* rrsets; | |
| 115 | }; | |
| 116 | ||
| 117 | /** | |
| 118 | * A auth data RRset | |
| 119 | */ | |
| 120 | struct auth_rrset { | |
| 121 | /** next in list */ | |
| 122 | struct auth_rrset* next; | |
| 123 | /** RR type in host byteorder */ | |
| 124 | uint16_t type; | |
| 125 | /** RRset data item */ | |
| 126 | struct packed_rrset_data* data; | |
| 127 | }; | |
| 128 | ||
| 129 | /** | |
| 130 | * Create auth zones structure | |
| 131 | */ | |
| 132 | struct auth_zones* auth_zones_create(void); | |
| 133 | ||
| 134 | /** | |
| 135 | * Apply configuration to auth zones. Reads zonefiles. | |
| 136 | */ | |
| 137 | int auth_zones_apply_config(struct auth_zones* az, struct config_file* cfg); | |
| 138 | ||
| 139 | /** | |
| 140 | * Delete auth zones structure | |
| 141 | */ | |
| 142 | void auth_zones_delete(struct auth_zones* az); | |
| 143 | ||
| 144 | /** | |
| 145 | * Write auth zone data to file, in zonefile format. | |
| 146 | */ | |
| 147 | int auth_zone_write_file(struct auth_zone* z, const char* fname); | |
| 148 | ||
| 149 | /** | |
| 150 | * Use auth zones to lookup the answer to a query. | |
| 151 | * The query is from the iterator. And the auth zones attempts to provide | |
| 152 | * the answer instead of going to the internet. | |
| 153 | * | |
| 154 | * @param az: auth zones structure. | |
| 155 | * @param qinfo: query info to lookup. | |
| 156 | * @param region: region to use to allocate the reply in. | |
| 157 | * @param msg: reply is stored here (if one). | |
| 158 | * @param fallback: if true, fallback to making a query to the internet. | |
| 159 | * @param dp_nm: name of delegation point to look for. This zone is used | |
| 160 | * to answer the query. | |
| 161 | * If the dp_nm is not found, fallback is set to true and false returned. | |
| 162 | * @param dp_nmlen: length of dp_nm. | |
| 163 | * @return 0: failure (an error of some sort, like servfail). | |
| 164 | * if 0 and fallback is true, fallback to the internet. | |
| 165 | * if 0 and fallback is false, like getting servfail. | |
| 166 | * If true, an answer is available. | |
| 167 | */ | |
| 168 | int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo, | |
| 169 | struct regional* region, struct dns_msg** msg, int* fallback, | |
| 170 | uint8_t* dp_nm, size_t dp_nmlen); | |
| 171 | ||
| 172 | /** | |
| 173 | * Find the auth zone that is above the given qname. | |
| 174 | * Return NULL when there is no auth_zone above the give name, otherwise | |
| 175 | * returns the closest auth_zone above the qname that pertains to it. | |
| 176 | * @param az: auth zones structure. | |
| 177 | * @param qinfo: query info to lookup. | |
| 178 | * @return NULL or auth_zone that pertains to the query. | |
| 179 | */ | |
| 180 | struct auth_zone* auth_zones_find_zone(struct auth_zones* az, | |
| 181 | struct query_info* qinfo); | |
| 182 | ||
| 183 | /** find an auth zone by name (exact match by name or NULL returned) */ | |
| 184 | struct auth_zone* auth_zone_find(struct auth_zones* az, uint8_t* nm, | |
| 185 | size_t nmlen, uint16_t dclass); | |
| 186 | ||
| 187 | /** create an auth zone. returns wrlocked zone. caller must have wrlock | |
| 188 | * on az. returns NULL on malloc failure */ | |
| 189 | struct auth_zone* auth_zone_create(struct auth_zones* az, uint8_t* nm, | |
| 190 | size_t nmlen, uint16_t dclass); | |
| 191 | ||
| 192 | /** set auth zone zonefile string. caller must have lock on zone */ | |
| 193 | int auth_zone_set_zonefile(struct auth_zone* z, char* zonefile); | |
| 194 | ||
| 195 | /** set auth zone fallback. caller must have lock on zone. | |
| 196 | * fallbackstr is "yes" or "no". false on parse failure. */ | |
| 197 | int auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr); | |
| 198 | ||
| 199 | /** read auth zone from zonefile. caller must lock zone. false on failure */ | |
| 200 | int auth_zone_read_zonefile(struct auth_zone* z); | |
| 201 | ||
| 202 | /** compare auth_zones for sorted rbtree */ | |
| 203 | int auth_zone_cmp(const void* z1, const void* z2); | |
| 204 | ||
| 205 | /** compare auth_data for sorted rbtree */ | |
| 206 | int auth_data_cmp(const void* z1, const void* z2); | |
| 207 | ||
| 208 | #endif /* SERVICES_AUTHZONE_H */ |
| 40 | 40 | #include "config.h" |
| 41 | 41 | #include "iterator/iter_delegpt.h" |
| 42 | 42 | #include "validator/val_nsec.h" |
| 43 | #include "validator/val_utils.h" | |
| 43 | 44 | #include "services/cache/dns.h" |
| 44 | 45 | #include "services/cache/rrset.h" |
| 45 | 46 | #include "util/data/msgreply.h" |
| 105 | 106 | |
| 106 | 107 | void |
| 107 | 108 | dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, |
| 108 | hashvalue_t hash, struct reply_info* rep, time_t leeway, int pside, | |
| 109 | hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside, | |
| 109 | 110 | struct reply_info* qrep, struct regional* region) |
| 110 | 111 | { |
| 111 | 112 | struct msgreply_entry* e; |
| 181 | 182 | } |
| 182 | 183 | |
| 183 | 184 | /** lookup message in message cache */ |
| 184 | static struct msgreply_entry* | |
| 185 | struct msgreply_entry* | |
| 185 | 186 | msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, |
| 186 | 187 | uint16_t qtype, uint16_t qclass, uint16_t flags, time_t now, int wr) |
| 187 | 188 | { |
| 188 | 189 | struct lruhash_entry* e; |
| 189 | 190 | struct query_info k; |
| 190 | hashvalue_t h; | |
| 191 | hashvalue_type h; | |
| 191 | 192 | |
| 192 | 193 | k.qname = qname; |
| 193 | 194 | k.qname_len = qnamelen; |
| 478 | 479 | return msg; |
| 479 | 480 | } |
| 480 | 481 | |
| 481 | /** generate dns_msg from cached message */ | |
| 482 | static struct dns_msg* | |
| 482 | struct dns_msg* | |
| 483 | 483 | tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, |
| 484 | 484 | struct regional* region, time_t now, struct regional* scratch) |
| 485 | 485 | { |
| 524 | 524 | return NULL; |
| 525 | 525 | } |
| 526 | 526 | } |
| 527 | rrset_array_unlock_touch(env->rrset_cache, scratch, r->ref, | |
| 527 | if(env) | |
| 528 | rrset_array_unlock_touch(env->rrset_cache, scratch, r->ref, | |
| 528 | 529 | r->rrset_count); |
| 530 | else | |
| 531 | rrset_array_unlock(r->ref, r->rrset_count); | |
| 529 | 532 | return msg; |
| 530 | 533 | } |
| 531 | 534 | |
| 708 | 711 | { |
| 709 | 712 | struct lruhash_entry* e; |
| 710 | 713 | struct query_info k; |
| 711 | hashvalue_t h; | |
| 714 | hashvalue_type h; | |
| 712 | 715 | time_t now = *env->now; |
| 713 | 716 | struct ub_packed_rrset_key* rrset; |
| 714 | 717 | |
| 752 | 755 | if( qtype != LDNS_RR_TYPE_DS && |
| 753 | 756 | (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, |
| 754 | 757 | LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) { |
| 755 | struct dns_msg* msg = rrset_msg(rrset, region, now, &k); | |
| 756 | if(msg) { | |
| 757 | lock_rw_unlock(&rrset->entry.lock); | |
| 758 | return msg; | |
| 758 | uint8_t* wc = NULL; | |
| 759 | /* if the rrset is not a wildcard expansion, with wcname */ | |
| 760 | /* because, if we return that CNAME rrset on its own, it is | |
| 761 | * missing the NSEC or NSEC3 proof */ | |
| 762 | if(!(val_rrset_wildcard(rrset, &wc) && wc != NULL)) { | |
| 763 | struct dns_msg* msg = rrset_msg(rrset, region, now, &k); | |
| 764 | if(msg) { | |
| 765 | lock_rw_unlock(&rrset->entry.lock); | |
| 766 | return msg; | |
| 767 | } | |
| 759 | 768 | } |
| 760 | 769 | lock_rw_unlock(&rrset->entry.lock); |
| 761 | 770 | } |
| 864 | 873 | } else { |
| 865 | 874 | /* store msg, and rrsets */ |
| 866 | 875 | struct query_info qinf; |
| 867 | hashvalue_t h; | |
| 876 | hashvalue_type h; | |
| 868 | 877 | |
| 869 | 878 | qinf = *msgqinf; |
| 870 | 879 | qinf.qname = memdup(msgqinf->qname, msgqinf->qname_len); |
| 105 | 105 | * @param region: to allocate into for qmsg. |
| 106 | 106 | */ |
| 107 | 107 | void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, |
| 108 | hashvalue_t hash, struct reply_info* rep, time_t leeway, int pside, | |
| 108 | hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside, | |
| 109 | 109 | struct reply_info* qrep, struct regional* region); |
| 110 | 110 | |
| 111 | 111 | /** |
| 124 | 124 | struct delegpt* dns_cache_find_delegation(struct module_env* env, |
| 125 | 125 | uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, |
| 126 | 126 | struct regional* region, struct dns_msg** msg, time_t timenow); |
| 127 | ||
| 128 | /** | |
| 129 | * generate dns_msg from cached message | |
| 130 | * @param env: module environment with the DNS cache. NULL if the LRU from cache | |
| 131 | * does not need to be touched. | |
| 132 | * @param q: query info, contains qname that will make up the dns message. | |
| 133 | * @param r: reply info that, together with qname, will make up the dns message. | |
| 134 | * @param region: where to allocate dns message. | |
| 135 | * @param now: the time now, for check if TTL on cache entry is ok. | |
| 136 | * @param scratch: where to allocate temporary data. | |
| 137 | * */ | |
| 138 | struct dns_msg* tomsg(struct module_env* env, struct query_info* q, | |
| 139 | struct reply_info* r, struct regional* region, time_t now, | |
| 140 | struct regional* scratch); | |
| 127 | 141 | |
| 128 | 142 | /** |
| 129 | 143 | * Find cached message |
| 193 | 207 | int dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo, |
| 194 | 208 | time_t adjust, uint16_t flags); |
| 195 | 209 | |
| 210 | /** lookup message in message cache | |
| 211 | * the returned nonNULL entry is locked and has to be unlocked by the caller */ | |
| 212 | struct msgreply_entry* msg_cache_lookup(struct module_env* env, | |
| 213 | uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, | |
| 214 | uint16_t flags, time_t now, int wr); | |
| 215 | ||
| 196 | 216 | #endif /* SERVICES_CACHE_DNS_H */ |
| 60 | 60 | /** ratelimit value for delegation point */ |
| 61 | 61 | int infra_dp_ratelimit = 0; |
| 62 | 62 | |
| 63 | /** ratelimit value for client ip addresses, | |
| 64 | * in queries per second. */ | |
| 65 | int infra_ip_ratelimit = 0; | |
| 66 | ||
| 63 | 67 | size_t |
| 64 | 68 | infra_sizefunc(void* k, void* ATTR_UNUSED(d)) |
| 65 | 69 | { |
| 243 | 247 | } |
| 244 | 248 | name_tree_init_parents(&infra->domain_limits); |
| 245 | 249 | } |
| 250 | infra_ip_ratelimit = cfg->ip_ratelimit; | |
| 251 | infra->client_ip_rates = slabhash_create(cfg->ratelimit_slabs, | |
| 252 | INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc, | |
| 253 | &ip_rate_compfunc, &ip_rate_delkeyfunc, &ip_rate_deldatafunc, NULL); | |
| 254 | if(!infra->client_ip_rates) { | |
| 255 | infra_delete(infra); | |
| 256 | return NULL; | |
| 257 | } | |
| 246 | 258 | return infra; |
| 247 | 259 | } |
| 248 | 260 | |
| 249 | 261 | /** delete domain_limit entries */ |
| 250 | static void domain_limit_free(rbnode_t* n, void* ATTR_UNUSED(arg)) | |
| 262 | static void domain_limit_free(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 251 | 263 | { |
| 252 | 264 | if(n) { |
| 253 | 265 | free(((struct domain_limit_data*)n)->node.name); |
| 263 | 275 | slabhash_delete(infra->hosts); |
| 264 | 276 | slabhash_delete(infra->domain_rates); |
| 265 | 277 | traverse_postorder(&infra->domain_limits, domain_limit_free, NULL); |
| 278 | slabhash_delete(infra->client_ip_rates); | |
| 266 | 279 | free(infra); |
| 267 | 280 | } |
| 268 | 281 | |
| 283 | 296 | return infra; |
| 284 | 297 | } |
| 285 | 298 | |
| 286 | /** calculate the hash value for a host key */ | |
| 287 | static hashvalue_t | |
| 288 | hash_addr(struct sockaddr_storage* addr, socklen_t addrlen) | |
| 289 | { | |
| 290 | hashvalue_t h = 0xab; | |
| 299 | /** calculate the hash value for a host key | |
| 300 | * set use_port to a non-0 number to use the port in | |
| 301 | * the hash calculation; 0 to ignore the port.*/ | |
| 302 | static hashvalue_type | |
| 303 | hash_addr(struct sockaddr_storage* addr, socklen_t addrlen, | |
| 304 | int use_port) | |
| 305 | { | |
| 306 | hashvalue_type h = 0xab; | |
| 291 | 307 | /* select the pieces to hash, some OS have changing data inside */ |
| 292 | 308 | if(addr_is_ip6(addr, addrlen)) { |
| 293 | 309 | struct sockaddr_in6* in6 = (struct sockaddr_in6*)addr; |
| 294 | 310 | h = hashlittle(&in6->sin6_family, sizeof(in6->sin6_family), h); |
| 295 | h = hashlittle(&in6->sin6_port, sizeof(in6->sin6_port), h); | |
| 311 | if(use_port){ | |
| 312 | h = hashlittle(&in6->sin6_port, sizeof(in6->sin6_port), h); | |
| 313 | } | |
| 296 | 314 | h = hashlittle(&in6->sin6_addr, INET6_SIZE, h); |
| 297 | 315 | } else { |
| 298 | 316 | struct sockaddr_in* in = (struct sockaddr_in*)addr; |
| 299 | 317 | h = hashlittle(&in->sin_family, sizeof(in->sin_family), h); |
| 300 | h = hashlittle(&in->sin_port, sizeof(in->sin_port), h); | |
| 318 | if(use_port){ | |
| 319 | h = hashlittle(&in->sin_port, sizeof(in->sin_port), h); | |
| 320 | } | |
| 301 | 321 | h = hashlittle(&in->sin_addr, INET_SIZE, h); |
| 302 | 322 | } |
| 303 | 323 | return h; |
| 304 | 324 | } |
| 305 | 325 | |
| 306 | 326 | /** calculate infra hash for a key */ |
| 307 | static hashvalue_t | |
| 327 | static hashvalue_type | |
| 308 | 328 | hash_infra(struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name) |
| 309 | 329 | { |
| 310 | return dname_query_hash(name, hash_addr(addr, addrlen)); | |
| 330 | return dname_query_hash(name, hash_addr(addr, addrlen, 1)); | |
| 311 | 331 | } |
| 312 | 332 | |
| 313 | 333 | /** lookup version that does not check host ttl (you check it) */ |
| 725 | 745 | return infra_dp_ratelimit; |
| 726 | 746 | } |
| 727 | 747 | |
| 748 | size_t ip_rate_sizefunc(void* k, void* ATTR_UNUSED(d)) | |
| 749 | { | |
| 750 | struct ip_rate_key* key = (struct ip_rate_key*)k; | |
| 751 | return sizeof(*key) + sizeof(struct ip_rate_data) | |
| 752 | + lock_get_mem(&key->entry.lock); | |
| 753 | } | |
| 754 | ||
| 755 | int ip_rate_compfunc(void* key1, void* key2) | |
| 756 | { | |
| 757 | struct ip_rate_key* k1 = (struct ip_rate_key*)key1; | |
| 758 | struct ip_rate_key* k2 = (struct ip_rate_key*)key2; | |
| 759 | return sockaddr_cmp_addr(&k1->addr, k1->addrlen, | |
| 760 | &k2->addr, k2->addrlen); | |
| 761 | } | |
| 762 | ||
| 763 | void ip_rate_delkeyfunc(void* k, void* ATTR_UNUSED(arg)) | |
| 764 | { | |
| 765 | struct ip_rate_key* key = (struct ip_rate_key*)k; | |
| 766 | if(!key) | |
| 767 | return; | |
| 768 | lock_rw_destroy(&key->entry.lock); | |
| 769 | free(key); | |
| 770 | } | |
| 771 | ||
| 728 | 772 | /** find data item in array, for write access, caller unlocks */ |
| 729 | 773 | static struct lruhash_entry* infra_find_ratedata(struct infra_cache* infra, |
| 730 | 774 | uint8_t* name, size_t namelen, int wr) |
| 731 | 775 | { |
| 732 | 776 | struct rate_key key; |
| 733 | hashvalue_t h = dname_query_hash(name, 0xab); | |
| 777 | hashvalue_type h = dname_query_hash(name, 0xab); | |
| 734 | 778 | memset(&key, 0, sizeof(key)); |
| 735 | 779 | key.name = name; |
| 736 | 780 | key.namelen = namelen; |
| 738 | 782 | return slabhash_lookup(infra->domain_rates, h, &key, wr); |
| 739 | 783 | } |
| 740 | 784 | |
| 785 | /** find data item in array for ip addresses */ | |
| 786 | struct lruhash_entry* infra_find_ip_ratedata(struct infra_cache* infra, | |
| 787 | struct comm_reply* repinfo, int wr) | |
| 788 | { | |
| 789 | struct ip_rate_key key; | |
| 790 | hashvalue_type h = hash_addr(&(repinfo->addr), | |
| 791 | repinfo->addrlen, 0); | |
| 792 | memset(&key, 0, sizeof(key)); | |
| 793 | key.addr = repinfo->addr; | |
| 794 | key.addrlen = repinfo->addrlen; | |
| 795 | key.entry.hash = h; | |
| 796 | return slabhash_lookup(infra->client_ip_rates, h, &key, wr); | |
| 797 | } | |
| 798 | ||
| 741 | 799 | /** create rate data item for name, number 1 in now */ |
| 742 | 800 | static void infra_create_ratedata(struct infra_cache* infra, |
| 743 | 801 | uint8_t* name, size_t namelen, time_t timenow) |
| 744 | 802 | { |
| 745 | hashvalue_t h = dname_query_hash(name, 0xab); | |
| 803 | hashvalue_type h = dname_query_hash(name, 0xab); | |
| 746 | 804 | struct rate_key* k = (struct rate_key*)calloc(1, sizeof(*k)); |
| 747 | 805 | struct rate_data* d = (struct rate_data*)calloc(1, sizeof(*d)); |
| 748 | 806 | if(!k || !d) { |
| 766 | 824 | slabhash_insert(infra->domain_rates, h, &k->entry, d, NULL); |
| 767 | 825 | } |
| 768 | 826 | |
| 827 | /** create rate data item for ip address */ | |
| 828 | static void infra_ip_create_ratedata(struct infra_cache* infra, | |
| 829 | struct comm_reply* repinfo, time_t timenow) | |
| 830 | { | |
| 831 | hashvalue_type h = hash_addr(&(repinfo->addr), | |
| 832 | repinfo->addrlen, 0); | |
| 833 | struct ip_rate_key* k = (struct ip_rate_key*)calloc(1, sizeof(*k)); | |
| 834 | struct ip_rate_data* d = (struct ip_rate_data*)calloc(1, sizeof(*d)); | |
| 835 | if(!k || !d) { | |
| 836 | free(k); | |
| 837 | free(d); | |
| 838 | return; /* alloc failure */ | |
| 839 | } | |
| 840 | k->addr = repinfo->addr; | |
| 841 | k->addrlen = repinfo->addrlen; | |
| 842 | lock_rw_init(&k->entry.lock); | |
| 843 | k->entry.hash = h; | |
| 844 | k->entry.key = k; | |
| 845 | k->entry.data = d; | |
| 846 | d->qps[0] = 1; | |
| 847 | d->timestamp[0] = timenow; | |
| 848 | slabhash_insert(infra->client_ip_rates, h, &k->entry, d, NULL); | |
| 849 | } | |
| 850 | ||
| 769 | 851 | /** find the second and return its rate counter, if none, remove oldest */ |
| 770 | 852 | static int* infra_rate_find_second(void* data, time_t t) |
| 771 | 853 | { |
| 810 | 892 | |
| 811 | 893 | /* find ratelimit */ |
| 812 | 894 | lim = infra_find_ratelimit(infra, name, namelen); |
| 895 | if(!lim) | |
| 896 | return 1; /* disabled for this domain */ | |
| 813 | 897 | |
| 814 | 898 | /* find or insert ratedata */ |
| 815 | 899 | entry = infra_find_ratedata(infra, name, namelen, 1); |
| 858 | 942 | |
| 859 | 943 | /* find ratelimit */ |
| 860 | 944 | lim = infra_find_ratelimit(infra, name, namelen); |
| 945 | if(!lim) | |
| 946 | return 0; /* disabled for this domain */ | |
| 861 | 947 | |
| 862 | 948 | /* find current rate */ |
| 863 | 949 | entry = infra_find_ratedata(infra, name, namelen, 0); |
| 874 | 960 | { |
| 875 | 961 | size_t s = sizeof(*infra) + slabhash_get_mem(infra->hosts); |
| 876 | 962 | if(infra->domain_rates) s += slabhash_get_mem(infra->domain_rates); |
| 963 | if(infra->client_ip_rates) s += slabhash_get_mem(infra->client_ip_rates); | |
| 877 | 964 | /* ignore domain_limits because walk through tree is big */ |
| 878 | 965 | return s; |
| 879 | 966 | } |
| 967 | ||
| 968 | int infra_ip_ratelimit_inc(struct infra_cache* infra, | |
| 969 | struct comm_reply* repinfo, time_t timenow) | |
| 970 | { | |
| 971 | int max; | |
| 972 | struct lruhash_entry* entry; | |
| 973 | ||
| 974 | /* not enabled */ | |
| 975 | if(!infra_ip_ratelimit) { | |
| 976 | return 1; | |
| 977 | } | |
| 978 | /* find or insert ratedata */ | |
| 979 | entry = infra_find_ip_ratedata(infra, repinfo, 1); | |
| 980 | if(entry) { | |
| 981 | int premax = infra_rate_max(entry->data, timenow); | |
| 982 | int* cur = infra_rate_find_second(entry->data, timenow); | |
| 983 | (*cur)++; | |
| 984 | max = infra_rate_max(entry->data, timenow); | |
| 985 | lock_rw_unlock(&entry->lock); | |
| 986 | ||
| 987 | if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) { | |
| 988 | char client_ip[128]; | |
| 989 | addr_to_str((struct sockaddr_storage *)&repinfo->addr, | |
| 990 | repinfo->addrlen, client_ip, sizeof(client_ip)); | |
| 991 | verbose(VERB_OPS, "ratelimit exceeded %s %d", client_ip, | |
| 992 | infra_ip_ratelimit); | |
| 993 | } | |
| 994 | return (max <= infra_ip_ratelimit); | |
| 995 | } | |
| 996 | ||
| 997 | /* create */ | |
| 998 | infra_ip_create_ratedata(infra, repinfo, timenow); | |
| 999 | return 1; | |
| 1000 | } | |
| 35 | 35 | /** |
| 36 | 36 | * \file |
| 37 | 37 | * |
| 38 | * This file contains the infrastructure cache. | |
| 38 | * This file contains the infrastructure cache, as well as rate limiting. | |
| 39 | * Note that there are two sorts of rate-limiting here: | |
| 40 | * - Pre-cache, per-query rate limiting (query ratelimits) | |
| 41 | * - Post-cache, per-domain name rate limiting (infra-ratelimits) | |
| 39 | 42 | */ |
| 40 | 43 | |
| 41 | 44 | #ifndef SERVICES_CACHE_INFRA_H |
| 43 | 46 | #include "util/storage/lruhash.h" |
| 44 | 47 | #include "util/storage/dnstree.h" |
| 45 | 48 | #include "util/rtt.h" |
| 49 | #include "util/netevent.h" | |
| 50 | #include "util/data/msgreply.h" | |
| 46 | 51 | struct slabhash; |
| 47 | 52 | struct config_file; |
| 48 | 53 | |
| 111 | 116 | /** hash table with query rates per name: rate_key, rate_data */ |
| 112 | 117 | struct slabhash* domain_rates; |
| 113 | 118 | /** ratelimit settings for domains, struct domain_limit_data */ |
| 114 | rbtree_t domain_limits; | |
| 119 | rbtree_type domain_limits; | |
| 120 | /** hash table with query rates per client ip: ip_rate_key, ip_rate_data */ | |
| 121 | struct slabhash* client_ip_rates; | |
| 115 | 122 | }; |
| 116 | 123 | |
| 117 | 124 | /** ratelimit, unless overridden by domain_limits, 0 is off */ |
| 141 | 148 | size_t namelen; |
| 142 | 149 | }; |
| 143 | 150 | |
| 151 | /** ip ratelimit, 0 is off */ | |
| 152 | extern int infra_ip_ratelimit; | |
| 153 | ||
| 154 | /** | |
| 155 | * key for ip_ratelimit lookups, a source IP. | |
| 156 | */ | |
| 157 | struct ip_rate_key { | |
| 158 | /** lruhash key entry */ | |
| 159 | struct lruhash_entry entry; | |
| 160 | /** client ip information */ | |
| 161 | struct sockaddr_storage addr; | |
| 162 | /** length of address */ | |
| 163 | socklen_t addrlen; | |
| 164 | }; | |
| 165 | ||
| 144 | 166 | /** number of seconds to track qps rate */ |
| 145 | 167 | #define RATE_WINDOW 2 |
| 146 | 168 | |
| 158 | 180 | * valid for that timestamp. Usually now and now-1. */ |
| 159 | 181 | time_t timestamp[RATE_WINDOW]; |
| 160 | 182 | }; |
| 183 | ||
| 184 | #define ip_rate_data rate_data | |
| 161 | 185 | |
| 162 | 186 | /** infra host cache default hash lookup size */ |
| 163 | 187 | #define INFRA_HOST_STARTSIZE 32 |
| 376 | 400 | /** find the maximum rate stored, not too old. 0 if no information. */ |
| 377 | 401 | int infra_rate_max(void* data, time_t now); |
| 378 | 402 | |
| 379 | /** find the ratelimit in qps for a domain */ | |
| 403 | /** find the ratelimit in qps for a domain. 0 if no limit for domain. */ | |
| 380 | 404 | int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, |
| 381 | 405 | size_t namelen); |
| 406 | ||
| 407 | /** Update query ratelimit hash and decide | |
| 408 | * whether or not a query should be dropped. | |
| 409 | * @param infra: infra cache | |
| 410 | * @param repinfo: information about client | |
| 411 | * @param timenow: what time it is now. | |
| 412 | * @return 1 if it could be incremented. 0 if the increment overshot the | |
| 413 | * ratelimit and the query should be dropped. */ | |
| 414 | int infra_ip_ratelimit_inc(struct infra_cache* infra, | |
| 415 | struct comm_reply* repinfo, time_t timenow); | |
| 382 | 416 | |
| 383 | 417 | /** |
| 384 | 418 | * Get memory used by the infra cache. |
| 412 | 446 | /** delete data */ |
| 413 | 447 | void rate_deldatafunc(void* d, void* arg); |
| 414 | 448 | |
| 449 | /* calculate size for the client ip hashtable */ | |
| 450 | size_t ip_rate_sizefunc(void* k, void* d); | |
| 451 | ||
| 452 | /* compare two addresses */ | |
| 453 | int ip_rate_compfunc(void* key1, void* key2); | |
| 454 | ||
| 455 | /* delete key, and destroy the lock */ | |
| 456 | void ip_rate_delkeyfunc(void* d, void* arg); | |
| 457 | ||
| 458 | /* delete data */ | |
| 459 | #define ip_rate_deldatafunc rate_deldatafunc | |
| 460 | ||
| 415 | 461 | #endif /* SERVICES_CACHE_INFRA_H */ |
| 90 | 90 | |
| 91 | 91 | void |
| 92 | 92 | rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key, |
| 93 | hashvalue_t hash, rrset_id_t id) | |
| 93 | hashvalue_type hash, rrset_id_type id) | |
| 94 | 94 | { |
| 95 | 95 | struct lruhash* table = slabhash_gettable(&r->table, hash); |
| 96 | 96 | /* |
| 185 | 185 | { |
| 186 | 186 | struct lruhash_entry* e; |
| 187 | 187 | struct ub_packed_rrset_key* k = ref->key; |
| 188 | hashvalue_t h = k->entry.hash; | |
| 188 | hashvalue_type h = k->entry.hash; | |
| 189 | 189 | uint16_t rrset_type = ntohs(k->rk.type); |
| 190 | 190 | int equal = 0; |
| 191 | 191 | log_assert(ref->id != 0 && k->id != 0); |
| 302 | 302 | rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch, |
| 303 | 303 | struct rrset_ref* ref, size_t count) |
| 304 | 304 | { |
| 305 | hashvalue_t* h; | |
| 305 | hashvalue_type* h; | |
| 306 | 306 | size_t i; |
| 307 | if(count > RR_COUNT_MAX || !(h = (hashvalue_t*)regional_alloc(scratch, | |
| 308 | sizeof(hashvalue_t)*count))) { | |
| 307 | if(count > RR_COUNT_MAX || !(h = (hashvalue_type*)regional_alloc( | |
| 308 | scratch, sizeof(hashvalue_type)*count))) { | |
| 309 | 309 | log_warn("rrset LRU: memory allocation failed"); |
| 310 | 310 | h = NULL; |
| 311 | 311 | } else /* store hash values */ |
| 101 | 101 | * @param id: used to check that the item is unchanged and not deleted. |
| 102 | 102 | */ |
| 103 | 103 | void rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key, |
| 104 | hashvalue_t hash, rrset_id_t id); | |
| 104 | hashvalue_type hash, rrset_id_type id); | |
| 105 | 105 | |
| 106 | 106 | /** |
| 107 | 107 | * Update an rrset in the rrset cache. Stores the information for later use. |
| 62 | 62 | #include <sys/un.h> |
| 63 | 63 | #endif |
| 64 | 64 | |
| 65 | #ifdef HAVE_SYSTEMD | |
| 66 | #include <systemd/sd-daemon.h> | |
| 67 | #endif | |
| 68 | ||
| 65 | 69 | /** number of queued TCP connections for listen() */ |
| 66 | 70 | #define TCP_BACKLOG 256 |
| 67 | 71 | |
| 95 | 99 | } |
| 96 | 100 | } |
| 97 | 101 | |
| 102 | #ifdef HAVE_SYSTEMD | |
| 103 | static int | |
| 104 | systemd_get_activated(int family, int socktype, int listen, | |
| 105 | struct sockaddr *addr, socklen_t addrlen, | |
| 106 | const char *path) | |
| 107 | { | |
| 108 | int i = 0; | |
| 109 | int r = 0; | |
| 110 | int s = -1; | |
| 111 | const char* listen_pid, *listen_fds; | |
| 112 | ||
| 113 | /* We should use "listen" option only for stream protocols. For UDP it should be -1 */ | |
| 114 | ||
| 115 | if((r = sd_booted()) < 1) { | |
| 116 | if(r == 0) | |
| 117 | log_warn("systemd is not running"); | |
| 118 | else | |
| 119 | log_err("systemd sd_booted(): %s", strerror(-r)); | |
| 120 | return -1; | |
| 121 | } | |
| 122 | ||
| 123 | listen_pid = getenv("LISTEN_PID"); | |
| 124 | listen_fds = getenv("LISTEN_FDS"); | |
| 125 | ||
| 126 | if (!listen_pid) { | |
| 127 | log_warn("Systemd mandatory ENV variable is not defined: LISTEN_PID"); | |
| 128 | return -1; | |
| 129 | } | |
| 130 | ||
| 131 | if (!listen_fds) { | |
| 132 | log_warn("Systemd mandatory ENV variable is not defined: LISTEN_FDS"); | |
| 133 | return -1; | |
| 134 | } | |
| 135 | ||
| 136 | if((r = sd_listen_fds(0)) < 1) { | |
| 137 | if(r == 0) | |
| 138 | log_warn("systemd: did not return socket, check unit configuration"); | |
| 139 | else | |
| 140 | log_err("systemd sd_listen_fds(): %s", strerror(-r)); | |
| 141 | return -1; | |
| 142 | } | |
| 143 | ||
| 144 | for(i = 0; i < r; i++) { | |
| 145 | if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) { | |
| 146 | s = SD_LISTEN_FDS_START + i; | |
| 147 | break; | |
| 148 | } | |
| 149 | } | |
| 150 | if (s == -1) { | |
| 151 | if (addr) | |
| 152 | log_err_addr("systemd sd_listen_fds()", | |
| 153 | "no such socket", | |
| 154 | (struct sockaddr_storage *)addr, addrlen); | |
| 155 | else | |
| 156 | log_err("systemd sd_listen_fds(): %s", path); | |
| 157 | } | |
| 158 | return s; | |
| 159 | } | |
| 160 | #endif | |
| 161 | ||
| 98 | 162 | int |
| 99 | 163 | create_udp_sock(int family, int socktype, struct sockaddr* addr, |
| 100 | 164 | socklen_t addrlen, int v6only, int* inuse, int* noproto, |
| 101 | 165 | int rcv, int snd, int listen, int* reuseport, int transparent, |
| 102 | int freebind) | |
| 166 | int freebind, int use_systemd) | |
| 103 | 167 | { |
| 104 | 168 | int s; |
| 105 | 169 | #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) |
| 122 | 186 | #endif |
| 123 | 187 | #if !defined(IP_FREEBIND) |
| 124 | 188 | (void)freebind; |
| 189 | #endif | |
| 190 | #ifdef HAVE_SYSTEMD | |
| 191 | int got_fd_from_systemd = 0; | |
| 192 | ||
| 193 | if (!use_systemd | |
| 194 | || (use_systemd | |
| 195 | && (s = systemd_get_activated(family, socktype, -1, addr, | |
| 196 | addrlen, NULL)) == -1)) { | |
| 197 | #else | |
| 198 | (void)use_systemd; | |
| 125 | 199 | #endif |
| 126 | 200 | if((s = socket(family, socktype, 0)) == -1) { |
| 127 | 201 | *inuse = 0; |
| 143 | 217 | *noproto = 0; |
| 144 | 218 | return -1; |
| 145 | 219 | } |
| 220 | #ifdef HAVE_SYSTEMD | |
| 221 | } else { | |
| 222 | got_fd_from_systemd = 1; | |
| 223 | } | |
| 224 | #endif | |
| 146 | 225 | if(listen) { |
| 147 | 226 | #ifdef SO_REUSEADDR |
| 148 | 227 | if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, |
| 464 | 543 | } |
| 465 | 544 | # endif /* IPv4 MTU */ |
| 466 | 545 | } |
| 467 | if(bind(s, (struct sockaddr*)addr, addrlen) != 0) { | |
| 546 | if( | |
| 547 | #ifdef HAVE_SYSTEMD | |
| 548 | !got_fd_from_systemd && | |
| 549 | #endif | |
| 550 | bind(s, (struct sockaddr*)addr, addrlen) != 0) { | |
| 468 | 551 | *noproto = 0; |
| 469 | 552 | *inuse = 0; |
| 470 | 553 | #ifndef USE_WINSOCK |
| 487 | 570 | (struct sockaddr_storage*)addr, addrlen); |
| 488 | 571 | } |
| 489 | 572 | closesocket(s); |
| 490 | #endif | |
| 573 | #endif /* USE_WINSOCK */ | |
| 491 | 574 | return -1; |
| 492 | 575 | } |
| 493 | 576 | if(!fd_set_nonblock(s)) { |
| 505 | 588 | |
| 506 | 589 | int |
| 507 | 590 | create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, |
| 508 | int* reuseport, int transparent, int mss, int freebind) | |
| 591 | int* reuseport, int transparent, int mss, int freebind, int use_systemd) | |
| 509 | 592 | { |
| 510 | 593 | int s; |
| 511 | 594 | #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) |
| 512 | 595 | int on = 1; |
| 513 | 596 | #endif |
| 597 | #ifdef HAVE_SYSTEMD | |
| 598 | int got_fd_from_systemd = 0; | |
| 599 | #endif | |
| 514 | 600 | #ifdef USE_TCP_FASTOPEN |
| 515 | 601 | int qlen; |
| 516 | 602 | #endif |
| 522 | 608 | #endif |
| 523 | 609 | verbose_print_addr(addr); |
| 524 | 610 | *noproto = 0; |
| 611 | #ifdef HAVE_SYSTEMD | |
| 612 | if (!use_systemd || | |
| 613 | (use_systemd | |
| 614 | && (s = systemd_get_activated(addr->ai_family, addr->ai_socktype, 1, | |
| 615 | addr->ai_addr, addr->ai_addrlen, | |
| 616 | NULL)) == -1)) { | |
| 617 | #else | |
| 618 | (void)use_systemd; | |
| 619 | #endif | |
| 525 | 620 | if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) { |
| 526 | 621 | #ifndef USE_WINSOCK |
| 527 | 622 | if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { |
| 559 | 654 | log_warn(" setsockopt(TCP_MAXSEG) unsupported"); |
| 560 | 655 | #endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */ |
| 561 | 656 | } |
| 657 | #ifdef HAVE_SYSTEMD | |
| 658 | } else { | |
| 659 | got_fd_from_systemd = 1; | |
| 660 | } | |
| 661 | #endif | |
| 562 | 662 | #ifdef SO_REUSEADDR |
| 563 | 663 | if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, |
| 564 | 664 | (socklen_t)sizeof(on)) < 0) { |
| 636 | 736 | (addr->ai_family==AF_INET6?"V6":""), strerror(errno)); |
| 637 | 737 | } |
| 638 | 738 | #endif /* IP_TRANSPARENT || IP_BINDANY */ |
| 639 | if(bind(s, addr->ai_addr, addr->ai_addrlen) != 0) { | |
| 739 | if( | |
| 740 | #ifdef HAVE_SYSTEMD | |
| 741 | !got_fd_from_systemd && | |
| 742 | #endif | |
| 743 | bind(s, addr->ai_addr, addr->ai_addrlen) != 0) { | |
| 640 | 744 | #ifndef USE_WINSOCK |
| 641 | 745 | /* detect freebsd jail with no ipv6 permission */ |
| 642 | 746 | if(addr->ai_family==AF_INET6 && errno==EINVAL) |
| 694 | 798 | } |
| 695 | 799 | |
| 696 | 800 | int |
| 697 | create_local_accept_sock(const char *path, int* noproto) | |
| 698 | { | |
| 801 | create_local_accept_sock(const char *path, int* noproto, int use_systemd) | |
| 802 | { | |
| 803 | #ifdef HAVE_SYSTEMD | |
| 804 | int ret; | |
| 805 | ||
| 806 | if (use_systemd && (ret = systemd_get_activated(AF_LOCAL, SOCK_STREAM, 1, NULL, 0, path)) != -1) | |
| 807 | return ret; | |
| 808 | else { | |
| 809 | #endif | |
| 699 | 810 | #ifdef HAVE_SYS_UN_H |
| 700 | 811 | int s; |
| 701 | 812 | struct sockaddr_un usock; |
| 813 | #ifndef HAVE_SYSTEMD | |
| 814 | (void)use_systemd; | |
| 815 | #endif | |
| 702 | 816 | |
| 703 | 817 | verbose(VERB_ALGO, "creating unix socket %s", path); |
| 704 | 818 | #ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN |
| 719 | 833 | /* The socket already exists and cannot be removed */ |
| 720 | 834 | log_err("Cannot remove old local socket %s (%s)", |
| 721 | 835 | path, strerror(errno)); |
| 722 | return -1; | |
| 836 | goto err; | |
| 723 | 837 | } |
| 724 | 838 | |
| 725 | 839 | if (bind(s, (struct sockaddr *)&usock, |
| 726 | 840 | (socklen_t)sizeof(struct sockaddr_un)) == -1) { |
| 727 | 841 | log_err("Cannot bind local socket %s (%s)", |
| 728 | 842 | path, strerror(errno)); |
| 729 | return -1; | |
| 843 | goto err; | |
| 730 | 844 | } |
| 731 | 845 | |
| 732 | 846 | if (!fd_set_nonblock(s)) { |
| 733 | 847 | log_err("Cannot set non-blocking mode"); |
| 734 | return -1; | |
| 848 | goto err; | |
| 735 | 849 | } |
| 736 | 850 | |
| 737 | 851 | if (listen(s, TCP_BACKLOG) == -1) { |
| 738 | 852 | log_err("can't listen: %s", strerror(errno)); |
| 739 | return -1; | |
| 853 | goto err; | |
| 740 | 854 | } |
| 741 | 855 | |
| 742 | 856 | (void)noproto; /*unused*/ |
| 743 | 857 | return s; |
| 744 | #else | |
| 858 | ||
| 859 | err: | |
| 860 | #ifndef USE_WINSOCK | |
| 861 | close(s); | |
| 862 | #else | |
| 863 | closesocket(s); | |
| 864 | #endif | |
| 865 | return -1; | |
| 866 | ||
| 867 | #ifdef HAVE_SYSTEMD | |
| 868 | } | |
| 869 | #endif | |
| 870 | #else | |
| 871 | (void)use_systemd; | |
| 745 | 872 | (void)path; |
| 746 | 873 | log_err("Local sockets are not supported"); |
| 747 | 874 | *noproto = 1; |
| 756 | 883 | static int |
| 757 | 884 | make_sock(int stype, const char* ifname, const char* port, |
| 758 | 885 | struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, |
| 759 | int* reuseport, int transparent, int tcp_mss, int freebind) | |
| 886 | int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd) | |
| 760 | 887 | { |
| 761 | 888 | struct addrinfo *res = NULL; |
| 762 | 889 | int r, s, inuse, noproto; |
| 784 | 911 | s = create_udp_sock(res->ai_family, res->ai_socktype, |
| 785 | 912 | (struct sockaddr*)res->ai_addr, res->ai_addrlen, |
| 786 | 913 | v6only, &inuse, &noproto, (int)rcv, (int)snd, 1, |
| 787 | reuseport, transparent, freebind); | |
| 914 | reuseport, transparent, freebind, use_systemd); | |
| 788 | 915 | if(s == -1 && inuse) { |
| 789 | 916 | log_err("bind: address already in use"); |
| 790 | 917 | } else if(s == -1 && noproto && hints->ai_family == AF_INET6){ |
| 792 | 919 | } |
| 793 | 920 | } else { |
| 794 | 921 | s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, |
| 795 | transparent, tcp_mss, freebind); | |
| 922 | transparent, tcp_mss, freebind, use_systemd); | |
| 796 | 923 | if(s == -1 && noproto && hints->ai_family == AF_INET6){ |
| 797 | 924 | *noip6 = 1; |
| 798 | 925 | } |
| 805 | 932 | static int |
| 806 | 933 | make_sock_port(int stype, const char* ifname, const char* port, |
| 807 | 934 | struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, |
| 808 | int* reuseport, int transparent, int tcp_mss, int freebind) | |
| 935 | int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd) | |
| 809 | 936 | { |
| 810 | 937 | char* s = strchr(ifname, '@'); |
| 811 | 938 | if(s) { |
| 827 | 954 | (void)strlcpy(p, s+1, sizeof(p)); |
| 828 | 955 | p[strlen(s+1)]=0; |
| 829 | 956 | return make_sock(stype, newif, p, hints, v6only, noip6, |
| 830 | rcv, snd, reuseport, transparent, tcp_mss, freebind); | |
| 957 | rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd); | |
| 831 | 958 | } |
| 832 | 959 | return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, |
| 833 | reuseport, transparent, tcp_mss, freebind); | |
| 960 | reuseport, transparent, tcp_mss, freebind, use_systemd); | |
| 834 | 961 | } |
| 835 | 962 | |
| 836 | 963 | /** |
| 880 | 1007 | } |
| 881 | 1008 | # else |
| 882 | 1009 | log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please " |
| 883 | "disable interface-automatic in config"); | |
| 1010 | "disable interface-automatic or do-ip6 in config"); | |
| 884 | 1011 | return 0; |
| 885 | 1012 | # endif /* defined IPV6_RECVPKTINFO */ |
| 886 | 1013 | |
| 901 | 1028 | } |
| 902 | 1029 | # else |
| 903 | 1030 | log_err("no IP_SENDSRCADDR or IP_PKTINFO option, please disable " |
| 904 | "interface-automatic in config"); | |
| 1031 | "interface-automatic or do-ip4 in config"); | |
| 905 | 1032 | return 0; |
| 906 | 1033 | # endif /* IP_PKTINFO */ |
| 907 | 1034 | |
| 927 | 1054 | * @param transparent: set IP_TRANSPARENT socket option. |
| 928 | 1055 | * @param tcp_mss: maximum segment size of tcp socket. default if zero. |
| 929 | 1056 | * @param freebind: set IP_FREEBIND socket option. |
| 1057 | * @param use_systemd: if true, fetch sockets from systemd. | |
| 1058 | * @param dnscrypt_port: dnscrypt service port number | |
| 930 | 1059 | * @return: returns false on error. |
| 931 | 1060 | */ |
| 932 | 1061 | static int |
| 933 | 1062 | ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, |
| 934 | 1063 | struct addrinfo *hints, const char* port, struct listen_port** list, |
| 935 | 1064 | size_t rcv, size_t snd, int ssl_port, int* reuseport, int transparent, |
| 936 | int tcp_mss, int freebind) | |
| 1065 | int tcp_mss, int freebind, int use_systemd, int dnscrypt_port) | |
| 937 | 1066 | { |
| 938 | 1067 | int s, noip6=0; |
| 1068 | #ifdef USE_DNSCRYPT | |
| 1069 | int is_dnscrypt = ((strchr(ifname, '@') && | |
| 1070 | atoi(strchr(ifname, '@')+1) == dnscrypt_port) || | |
| 1071 | (!strchr(ifname, '@') && atoi(port) == dnscrypt_port)); | |
| 1072 | #else | |
| 1073 | int is_dnscrypt = 0; | |
| 1074 | (void)dnscrypt_port; | |
| 1075 | #endif | |
| 1076 | ||
| 939 | 1077 | if(!do_udp && !do_tcp) |
| 940 | 1078 | return 0; |
| 941 | 1079 | if(do_auto) { |
| 942 | 1080 | if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, |
| 943 | 1081 | &noip6, rcv, snd, reuseport, transparent, |
| 944 | tcp_mss, freebind)) == -1) { | |
| 1082 | tcp_mss, freebind, use_systemd)) == -1) { | |
| 945 | 1083 | if(noip6) { |
| 946 | 1084 | log_warn("IPv6 protocol not available"); |
| 947 | 1085 | return 1; |
| 957 | 1095 | #endif |
| 958 | 1096 | return 0; |
| 959 | 1097 | } |
| 960 | if(!port_insert(list, s, listen_type_udpancil)) { | |
| 1098 | if(!port_insert(list, s, | |
| 1099 | is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) { | |
| 961 | 1100 | #ifndef USE_WINSOCK |
| 962 | 1101 | close(s); |
| 963 | 1102 | #else |
| 969 | 1108 | /* regular udp socket */ |
| 970 | 1109 | if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, |
| 971 | 1110 | &noip6, rcv, snd, reuseport, transparent, |
| 972 | tcp_mss, freebind)) == -1) { | |
| 1111 | tcp_mss, freebind, use_systemd)) == -1) { | |
| 973 | 1112 | if(noip6) { |
| 974 | 1113 | log_warn("IPv6 protocol not available"); |
| 975 | 1114 | return 1; |
| 976 | 1115 | } |
| 977 | 1116 | return 0; |
| 978 | 1117 | } |
| 979 | if(!port_insert(list, s, listen_type_udp)) { | |
| 1118 | if(!port_insert(list, s, | |
| 1119 | is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) { | |
| 980 | 1120 | #ifndef USE_WINSOCK |
| 981 | 1121 | close(s); |
| 982 | 1122 | #else |
| 991 | 1131 | (!strchr(ifname, '@') && atoi(port) == ssl_port)); |
| 992 | 1132 | if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, |
| 993 | 1133 | &noip6, 0, 0, reuseport, transparent, tcp_mss, |
| 994 | freebind)) == -1) { | |
| 1134 | freebind, use_systemd)) == -1) { | |
| 995 | 1135 | if(noip6) { |
| 996 | 1136 | /*log_warn("IPv6 protocol not available");*/ |
| 997 | 1137 | return 1; |
| 1001 | 1141 | if(is_ssl) |
| 1002 | 1142 | verbose(VERB_ALGO, "setup TCP for SSL service"); |
| 1003 | 1143 | if(!port_insert(list, s, is_ssl?listen_type_ssl: |
| 1004 | listen_type_tcp)) { | |
| 1144 | (is_dnscrypt?listen_type_tcp_dnscrypt:listen_type_tcp))) { | |
| 1005 | 1145 | #ifndef USE_WINSOCK |
| 1006 | 1146 | close(s); |
| 1007 | 1147 | #else |
| 1035 | 1175 | struct listen_dnsport* |
| 1036 | 1176 | listen_create(struct comm_base* base, struct listen_port* ports, |
| 1037 | 1177 | size_t bufsize, int tcp_accept_count, void* sslctx, |
| 1038 | struct dt_env* dtenv, comm_point_callback_t* cb, void *cb_arg) | |
| 1178 | struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg) | |
| 1039 | 1179 | { |
| 1040 | 1180 | struct listen_dnsport* front = (struct listen_dnsport*) |
| 1041 | 1181 | malloc(sizeof(struct listen_dnsport)); |
| 1043 | 1183 | return NULL; |
| 1044 | 1184 | front->cps = NULL; |
| 1045 | 1185 | front->udp_buff = sldns_buffer_new(bufsize); |
| 1186 | #ifdef USE_DNSCRYPT | |
| 1187 | front->dnscrypt_udp_buff = NULL; | |
| 1188 | #endif | |
| 1046 | 1189 | if(!front->udp_buff) { |
| 1047 | 1190 | free(front); |
| 1048 | 1191 | return NULL; |
| 1051 | 1194 | /* create comm points as needed */ |
| 1052 | 1195 | while(ports) { |
| 1053 | 1196 | struct comm_point* cp = NULL; |
| 1054 | if(ports->ftype == listen_type_udp) | |
| 1197 | if(ports->ftype == listen_type_udp || | |
| 1198 | ports->ftype == listen_type_udp_dnscrypt) | |
| 1055 | 1199 | cp = comm_point_create_udp(base, ports->fd, |
| 1056 | 1200 | front->udp_buff, cb, cb_arg); |
| 1057 | else if(ports->ftype == listen_type_tcp) | |
| 1201 | else if(ports->ftype == listen_type_tcp || | |
| 1202 | ports->ftype == listen_type_tcp_dnscrypt) | |
| 1058 | 1203 | cp = comm_point_create_tcp(base, ports->fd, |
| 1059 | 1204 | tcp_accept_count, bufsize, cb, cb_arg); |
| 1060 | 1205 | else if(ports->ftype == listen_type_ssl) { |
| 1061 | 1206 | cp = comm_point_create_tcp(base, ports->fd, |
| 1062 | 1207 | tcp_accept_count, bufsize, cb, cb_arg); |
| 1063 | 1208 | cp->ssl = sslctx; |
| 1064 | } else if(ports->ftype == listen_type_udpancil) | |
| 1209 | } else if(ports->ftype == listen_type_udpancil || | |
| 1210 | ports->ftype == listen_type_udpancil_dnscrypt) | |
| 1065 | 1211 | cp = comm_point_create_udp_ancil(base, ports->fd, |
| 1066 | 1212 | front->udp_buff, cb, cb_arg); |
| 1067 | 1213 | if(!cp) { |
| 1071 | 1217 | } |
| 1072 | 1218 | cp->dtenv = dtenv; |
| 1073 | 1219 | cp->do_not_close = 1; |
| 1220 | #ifdef USE_DNSCRYPT | |
| 1221 | if (ports->ftype == listen_type_udp_dnscrypt || | |
| 1222 | ports->ftype == listen_type_tcp_dnscrypt || | |
| 1223 | ports->ftype == listen_type_udpancil_dnscrypt) { | |
| 1224 | cp->dnscrypt = 1; | |
| 1225 | cp->dnscrypt_buffer = sldns_buffer_new(bufsize); | |
| 1226 | if(!cp->dnscrypt_buffer) { | |
| 1227 | log_err("can't alloc dnscrypt_buffer"); | |
| 1228 | comm_point_delete(cp); | |
| 1229 | listen_delete(front); | |
| 1230 | return NULL; | |
| 1231 | } | |
| 1232 | front->dnscrypt_udp_buff = cp->dnscrypt_buffer; | |
| 1233 | } | |
| 1234 | #endif | |
| 1074 | 1235 | if(!listen_cp_insert(cp, front)) { |
| 1075 | 1236 | log_err("malloc failed"); |
| 1076 | 1237 | comm_point_delete(cp); |
| 1106 | 1267 | if(!front) |
| 1107 | 1268 | return; |
| 1108 | 1269 | listen_list_delete(front->cps); |
| 1270 | #ifdef USE_DNSCRYPT | |
| 1271 | if(front->dnscrypt_udp_buff && | |
| 1272 | front->udp_buff != front->dnscrypt_udp_buff) { | |
| 1273 | sldns_buffer_free(front->dnscrypt_udp_buff); | |
| 1274 | } | |
| 1275 | #endif | |
| 1109 | 1276 | sldns_buffer_free(front->udp_buff); |
| 1110 | 1277 | free(front); |
| 1111 | 1278 | } |
| 1149 | 1316 | cfg->so_rcvbuf, cfg->so_sndbuf, |
| 1150 | 1317 | cfg->ssl_port, reuseport, |
| 1151 | 1318 | cfg->ip_transparent, |
| 1152 | cfg->tcp_mss, cfg->ip_freebind)) { | |
| 1319 | cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, | |
| 1320 | cfg->dnscrypt_port)) { | |
| 1153 | 1321 | listening_ports_free(list); |
| 1154 | 1322 | return NULL; |
| 1155 | 1323 | } |
| 1162 | 1330 | cfg->so_rcvbuf, cfg->so_sndbuf, |
| 1163 | 1331 | cfg->ssl_port, reuseport, |
| 1164 | 1332 | cfg->ip_transparent, |
| 1165 | cfg->tcp_mss, cfg->ip_freebind)) { | |
| 1333 | cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, | |
| 1334 | cfg->dnscrypt_port)) { | |
| 1166 | 1335 | listening_ports_free(list); |
| 1167 | 1336 | return NULL; |
| 1168 | 1337 | } |
| 1177 | 1346 | cfg->so_rcvbuf, cfg->so_sndbuf, |
| 1178 | 1347 | cfg->ssl_port, reuseport, |
| 1179 | 1348 | cfg->ip_transparent, |
| 1180 | cfg->tcp_mss, cfg->ip_freebind)) { | |
| 1349 | cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, | |
| 1350 | cfg->dnscrypt_port)) { | |
| 1181 | 1351 | listening_ports_free(list); |
| 1182 | 1352 | return NULL; |
| 1183 | 1353 | } |
| 1190 | 1360 | cfg->so_rcvbuf, cfg->so_sndbuf, |
| 1191 | 1361 | cfg->ssl_port, reuseport, |
| 1192 | 1362 | cfg->ip_transparent, |
| 1193 | cfg->tcp_mss, cfg->ip_freebind)) { | |
| 1363 | cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, | |
| 1364 | cfg->dnscrypt_port)) { | |
| 1194 | 1365 | listening_ports_free(list); |
| 1195 | 1366 | return NULL; |
| 1196 | 1367 | } |
| 1218 | 1389 | |
| 1219 | 1390 | size_t listen_get_mem(struct listen_dnsport* listen) |
| 1220 | 1391 | { |
| 1392 | struct listen_list* p; | |
| 1221 | 1393 | size_t s = sizeof(*listen) + sizeof(*listen->base) + |
| 1222 | 1394 | sizeof(*listen->udp_buff) + |
| 1223 | 1395 | sldns_buffer_capacity(listen->udp_buff); |
| 1224 | struct listen_list* p; | |
| 1396 | #ifdef USE_DNSCRYPT | |
| 1397 | s += sizeof(*listen->dnscrypt_udp_buff); | |
| 1398 | if(listen->udp_buff != listen->dnscrypt_udp_buff){ | |
| 1399 | s += sldns_buffer_capacity(listen->dnscrypt_udp_buff); | |
| 1400 | } | |
| 1401 | #endif | |
| 1225 | 1402 | for(p = listen->cps; p; p = p->next) { |
| 1226 | 1403 | s += sizeof(*p); |
| 1227 | 1404 | s += comm_point_get_mem(p->com); |
| 58 | 58 | /** buffer shared by UDP connections, since there is only one |
| 59 | 59 | datagram at any time. */ |
| 60 | 60 | struct sldns_buffer* udp_buff; |
| 61 | ||
| 61 | #ifdef USE_DNSCRYPT | |
| 62 | struct sldns_buffer* dnscrypt_udp_buff; | |
| 63 | #endif | |
| 62 | 64 | /** list of comm points used to get incoming events */ |
| 63 | 65 | struct listen_list* cps; |
| 64 | 66 | }; |
| 84 | 86 | /** udp ipv6 (v4mapped) for use with ancillary data */ |
| 85 | 87 | listen_type_udpancil, |
| 86 | 88 | /** ssl over tcp type */ |
| 87 | listen_type_ssl | |
| 89 | listen_type_ssl, | |
| 90 | /** udp type + dnscrypt*/ | |
| 91 | listen_type_udp_dnscrypt, | |
| 92 | /** tcp type + dnscrypt */ | |
| 93 | listen_type_tcp_dnscrypt, | |
| 94 | /** udp ipv6 (v4mapped) for use with ancillary data + dnscrypt*/ | |
| 95 | listen_type_udpancil_dnscrypt | |
| 96 | ||
| 88 | 97 | }; |
| 89 | 98 | |
| 90 | 99 | /** |
| 136 | 145 | */ |
| 137 | 146 | struct listen_dnsport* listen_create(struct comm_base* base, |
| 138 | 147 | struct listen_port* ports, size_t bufsize, int tcp_accept_count, |
| 139 | void* sslctx, struct dt_env *dtenv, comm_point_callback_t* cb, | |
| 148 | void* sslctx, struct dt_env *dtenv, comm_point_callback_type* cb, | |
| 140 | 149 | void* cb_arg); |
| 141 | 150 | |
| 142 | 151 | /** |
| 190 | 199 | * listening UDP port. Set to false on return if it failed to do so. |
| 191 | 200 | * @param transparent: set IP_TRANSPARENT socket option. |
| 192 | 201 | * @param freebind: set IP_FREEBIND socket option. |
| 202 | * @param use_systemd: if true, fetch sockets from systemd. | |
| 193 | 203 | * @return: the socket. -1 on error. |
| 194 | 204 | */ |
| 195 | 205 | int create_udp_sock(int family, int socktype, struct sockaddr* addr, |
| 196 | 206 | socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv, |
| 197 | int snd, int listen, int* reuseport, int transparent, int freebind); | |
| 207 | int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd); | |
| 198 | 208 | |
| 199 | 209 | /** |
| 200 | 210 | * Create and bind TCP listening socket |
| 206 | 216 | * @param transparent: set IP_TRANSPARENT socket option. |
| 207 | 217 | * @param mss: maximum segment size of the socket. if zero, leaves the default. |
| 208 | 218 | * @param freebind: set IP_FREEBIND socket option. |
| 219 | * @param use_systemd: if true, fetch sockets from systemd. | |
| 209 | 220 | * @return: the socket. -1 on error. |
| 210 | 221 | */ |
| 211 | 222 | int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, |
| 212 | int* reuseport, int transparent, int mss, int freebind); | |
| 223 | int* reuseport, int transparent, int mss, int freebind, int use_systemd); | |
| 213 | 224 | |
| 214 | 225 | /** |
| 215 | 226 | * Create and bind local listening socket |
| 216 | 227 | * @param path: path to the socket. |
| 217 | 228 | * @param noproto: on error, this is set true if cause is that local sockets |
| 218 | 229 | * are not supported. |
| 230 | * @param use_systemd: if true, fetch sockets from systemd. | |
| 219 | 231 | * @return: the socket. -1 on error. |
| 220 | 232 | */ |
| 221 | int create_local_accept_sock(const char* path, int* noproto); | |
| 233 | int create_local_accept_sock(const char* path, int* noproto, int use_systemd); | |
| 222 | 234 | |
| 223 | 235 | #endif /* LISTEN_DNSPORT_H */ |
| 73 | 73 | |
| 74 | 74 | /** helper traverse to delete zones */ |
| 75 | 75 | static void |
| 76 | lzdel(rbnode_t* n, void* ATTR_UNUSED(arg)) | |
| 76 | lzdel(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 77 | 77 | { |
| 78 | 78 | struct local_zone* z = (struct local_zone*)n->key; |
| 79 | 79 | local_zone_delete(z); |
| 164 | 164 | return NULL; |
| 165 | 165 | } |
| 166 | 166 | rbtree_init(&z->data, &local_data_cmp); |
| 167 | lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_t)); | |
| 167 | lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_type)); | |
| 168 | 168 | /* also the zones->lock protects node, parent, name*, class */ |
| 169 | 169 | return z; |
| 170 | 170 | } |
| 186 | 186 | lock_rw_wrlock(&z->lock); |
| 187 | 187 | if(!rbtree_insert(&zones->ztree, &z->node)) { |
| 188 | 188 | struct local_zone* oldz; |
| 189 | log_warn("duplicate local-zone"); | |
| 189 | char str[256]; | |
| 190 | dname_str(nm, str); | |
| 191 | log_warn("duplicate local-zone %s", str); | |
| 190 | 192 | lock_rw_unlock(&z->lock); |
| 191 | 193 | /* save zone name locally before deallocation, |
| 192 | 194 | * otherwise, nm is gone if we zone_delete now. */ |
| 228 | 230 | return z; |
| 229 | 231 | } |
| 230 | 232 | |
| 231 | /** return name and class and rdata of rr; parses string */ | |
| 232 | static int | |
| 233 | get_rr_content(const char* str, uint8_t** nm, uint16_t* type, | |
| 233 | int | |
| 234 | rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type, | |
| 234 | 235 | uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len, |
| 235 | 236 | uint8_t** rdata, size_t* rdata_len) |
| 236 | 237 | { |
| 352 | 353 | } |
| 353 | 354 | |
| 354 | 355 | /** insert RR into RRset data structure; Wastes a couple of bytes */ |
| 355 | static int | |
| 356 | insert_rr(struct regional* region, struct packed_rrset_data* pd, | |
| 356 | int | |
| 357 | rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd, | |
| 357 | 358 | uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr) |
| 358 | 359 | { |
| 359 | 360 | size_t* oldlen = pd->rr_len; |
| 455 | 456 | uint8_t rr[LDNS_RR_BUF_SIZE]; |
| 456 | 457 | uint8_t* rdata; |
| 457 | 458 | size_t rdata_len; |
| 458 | if(!get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr, sizeof(rr), | |
| 459 | &rdata, &rdata_len)) { | |
| 459 | if(!rrstr_get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr, | |
| 460 | sizeof(rr), &rdata, &rdata_len)) { | |
| 460 | 461 | log_err("bad local-data: %s", rrstr); |
| 461 | 462 | return 0; |
| 462 | 463 | } |
| 512 | 513 | verbose(VERB_ALGO, "ignoring duplicate RR: %s", rrstr); |
| 513 | 514 | return 1; |
| 514 | 515 | } |
| 515 | return insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr); | |
| 516 | return rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr); | |
| 516 | 517 | } |
| 517 | 518 | |
| 518 | 519 | /** enter a data RR into auth data; a zone for it must exist */ |
| 628 | 629 | |
| 629 | 630 | /* create netblock addr_tree if not present yet */ |
| 630 | 631 | if(!z->override_tree) { |
| 631 | z->override_tree = (struct rbtree_t*)regional_alloc_zero( | |
| 632 | z->override_tree = (struct rbtree_type*)regional_alloc_zero( | |
| 632 | 633 | z->region, sizeof(*z->override_tree)); |
| 633 | 634 | if(!z->override_tree) { |
| 634 | 635 | lock_rw_unlock(&z->lock); |
| 744 | 745 | } |
| 745 | 746 | |
| 746 | 747 | /** enter default zones */ |
| 747 | static int | |
| 748 | lz_enter_defaults(struct local_zones* zones, struct config_file* cfg) | |
| 748 | int local_zone_enter_defaults(struct local_zones* zones, struct config_file* cfg) | |
| 749 | 749 | { |
| 750 | 750 | struct local_zone* z; |
| 751 | 751 | const char** zstr; |
| 752 | ||
| 753 | /* Do not add any default */ | |
| 754 | if(cfg->local_zones_disable_default) | |
| 755 | return 1; | |
| 752 | 756 | |
| 753 | 757 | /* this list of zones is from RFC 6303 and RFC 7686 */ |
| 754 | 758 | |
| 1019 | 1023 | return 0; |
| 1020 | 1024 | } |
| 1021 | 1025 | /* apply default zones+content (unless disabled, or overridden) */ |
| 1022 | if(!lz_enter_defaults(zones, cfg)) { | |
| 1026 | if(!local_zone_enter_defaults(zones, cfg)) { | |
| 1023 | 1027 | return 0; |
| 1024 | 1028 | } |
| 1025 | 1029 | /* enter local zone overrides */ |
| 1059 | 1063 | uint8_t* name, size_t len, int labs, uint16_t dclass, |
| 1060 | 1064 | uint8_t* taglist, size_t taglen, int ignoretags) |
| 1061 | 1065 | { |
| 1062 | rbnode_t* res = NULL; | |
| 1066 | rbnode_type* res = NULL; | |
| 1063 | 1067 | struct local_zone *result; |
| 1064 | 1068 | struct local_zone key; |
| 1065 | 1069 | int m; |
| 1213 | 1217 | return 1; |
| 1214 | 1218 | } |
| 1215 | 1219 | |
| 1220 | /** encode local error answer */ | |
| 1221 | static void | |
| 1222 | local_error_encode(struct query_info* qinfo, struct module_env* env, | |
| 1223 | struct edns_data* edns, sldns_buffer* buf, struct regional* temp, | |
| 1224 | int rcode, int r) | |
| 1225 | { | |
| 1226 | edns->edns_version = EDNS_ADVERTISED_VERSION; | |
| 1227 | edns->udp_size = EDNS_ADVERTISED_SIZE; | |
| 1228 | edns->ext_rcode = 0; | |
| 1229 | edns->bits &= EDNS_DO; | |
| 1230 | ||
| 1231 | if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, | |
| 1232 | rcode, edns, temp)) | |
| 1233 | edns->opt_list = NULL; | |
| 1234 | error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf), | |
| 1235 | sldns_buffer_read_u16_at(buf, 2), edns); | |
| 1236 | } | |
| 1237 | ||
| 1216 | 1238 | /** find local data tag string match for the given type in the list */ |
| 1217 | static int | |
| 1218 | find_tag_datas(struct query_info* qinfo, struct config_strlist* list, | |
| 1219 | struct ub_packed_rrset_key* r, struct regional* temp) | |
| 1239 | int | |
| 1240 | local_data_find_tag_datas(const struct query_info* qinfo, | |
| 1241 | struct config_strlist* list, struct ub_packed_rrset_key* r, | |
| 1242 | struct regional* temp) | |
| 1220 | 1243 | { |
| 1221 | 1244 | struct config_strlist* p; |
| 1222 | 1245 | char buf[65536]; |
| 1293 | 1316 | sldns_wirerr_get_rdatawl(rr, len, 1), |
| 1294 | 1317 | d->rr_len[d->count]); |
| 1295 | 1318 | if(!d->rr_data[d->count]) |
| 1296 | if(!d) return 0; /* out of memory */ | |
| 1319 | return 0; /* out of memory */ | |
| 1297 | 1320 | d->count++; |
| 1298 | 1321 | } |
| 1322 | if(r->rk.dname) | |
| 1323 | return 1; | |
| 1324 | return 0; | |
| 1325 | } | |
| 1326 | ||
| 1327 | static int | |
| 1328 | find_tag_datas(struct query_info* qinfo, struct config_strlist* list, | |
| 1329 | struct ub_packed_rrset_key* r, struct regional* temp) | |
| 1330 | { | |
| 1331 | int result = local_data_find_tag_datas(qinfo, list, r, temp); | |
| 1332 | ||
| 1299 | 1333 | /* If we've found a non-exact alias type of local data, make a shallow |
| 1300 | 1334 | * copy of the RRset and remember it in qinfo to complete the alias |
| 1301 | 1335 | * chain later. */ |
| 1302 | if(r->rk.dname && qinfo->qtype != LDNS_RR_TYPE_CNAME && | |
| 1336 | if(result && qinfo->qtype != LDNS_RR_TYPE_CNAME && | |
| 1303 | 1337 | r->rk.type == htons(LDNS_RR_TYPE_CNAME)) { |
| 1304 | 1338 | qinfo->local_alias = |
| 1305 | 1339 | regional_alloc_zero(temp, sizeof(struct local_rrset)); |
| 1310 | 1344 | if(!qinfo->local_alias->rrset) |
| 1311 | 1345 | return 0; /* out of memory */ |
| 1312 | 1346 | } |
| 1313 | if(r->rk.dname) | |
| 1314 | return 1; | |
| 1315 | return 0; | |
| 1347 | return result; | |
| 1316 | 1348 | } |
| 1317 | 1349 | |
| 1318 | 1350 | /** answer local data match */ |
| 1413 | 1445 | return 1; |
| 1414 | 1446 | } else if(lz_type == local_zone_refuse |
| 1415 | 1447 | || lz_type == local_zone_always_refuse) { |
| 1416 | error_encode(buf, (LDNS_RCODE_REFUSED|BIT_AA), qinfo, | |
| 1417 | *(uint16_t*)sldns_buffer_begin(buf), | |
| 1418 | sldns_buffer_read_u16_at(buf, 2), edns); | |
| 1448 | local_error_encode(qinfo, env, edns, buf, temp, | |
| 1449 | LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA)); | |
| 1419 | 1450 | return 1; |
| 1420 | 1451 | } else if(lz_type == local_zone_static || |
| 1421 | 1452 | lz_type == local_zone_redirect || |
| 1432 | 1463 | if(z->soa) |
| 1433 | 1464 | return local_encode(qinfo, env, edns, buf, temp, |
| 1434 | 1465 | z->soa, 0, rcode); |
| 1435 | error_encode(buf, (rcode|BIT_AA), qinfo, | |
| 1436 | *(uint16_t*)sldns_buffer_begin(buf), | |
| 1437 | sldns_buffer_read_u16_at(buf, 2), edns); | |
| 1466 | local_error_encode(qinfo, env, edns, buf, temp, rcode, | |
| 1467 | (rcode|BIT_AA)); | |
| 1438 | 1468 | return 1; |
| 1439 | 1469 | } else if(lz_type == local_zone_typetransparent |
| 1440 | 1470 | || lz_type == local_zone_always_transparent) { |
| 1450 | 1480 | if(z->soa) |
| 1451 | 1481 | return local_encode(qinfo, env, edns, buf, temp, |
| 1452 | 1482 | z->soa, 0, rcode); |
| 1453 | error_encode(buf, (rcode|BIT_AA), qinfo, | |
| 1454 | *(uint16_t*)sldns_buffer_begin(buf), | |
| 1455 | sldns_buffer_read_u16_at(buf, 2), edns); | |
| 1483 | local_error_encode(qinfo, env, edns, buf, temp, rcode, | |
| 1484 | (rcode|BIT_AA)); | |
| 1456 | 1485 | return 1; |
| 1457 | 1486 | } |
| 1458 | 1487 | |
| 1478 | 1507 | static enum localzone_type |
| 1479 | 1508 | lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2, |
| 1480 | 1509 | uint8_t *tagactions, size_t tagactionssize, enum localzone_type lzt, |
| 1481 | struct comm_reply* repinfo, struct rbtree_t* override_tree, int* tag, | |
| 1482 | char** tagname, int num_tags) | |
| 1483 | { | |
| 1484 | size_t i, j; | |
| 1485 | uint8_t tagmatch; | |
| 1510 | struct comm_reply* repinfo, struct rbtree_type* override_tree, | |
| 1511 | int* tag, char** tagname, int num_tags) | |
| 1512 | { | |
| 1486 | 1513 | struct local_zone_override* lzo; |
| 1487 | 1514 | if(repinfo && override_tree) { |
| 1488 | 1515 | lzo = (struct local_zone_override*)addr_tree_lookup( |
| 1495 | 1522 | } |
| 1496 | 1523 | if(!taglist || !taglist2) |
| 1497 | 1524 | return lzt; |
| 1525 | return local_data_find_tag_action(taglist, taglen, taglist2, taglen2, | |
| 1526 | tagactions, tagactionssize, lzt, tag, tagname, num_tags); | |
| 1527 | } | |
| 1528 | ||
| 1529 | enum localzone_type | |
| 1530 | local_data_find_tag_action(const uint8_t* taglist, size_t taglen, | |
| 1531 | const uint8_t* taglist2, size_t taglen2, const uint8_t* tagactions, | |
| 1532 | size_t tagactionssize, enum localzone_type lzt, int* tag, | |
| 1533 | char* const* tagname, int num_tags) | |
| 1534 | { | |
| 1535 | size_t i, j; | |
| 1536 | uint8_t tagmatch; | |
| 1537 | ||
| 1498 | 1538 | for(i=0; i<taglen && i<taglen2; i++) { |
| 1499 | 1539 | tagmatch = (taglist[i] & taglist2[i]); |
| 1500 | 1540 | for(j=0; j<8 && tagmatch>0; j++) { |
| 1549 | 1589 | lock_rw_rdlock(&z->lock); |
| 1550 | 1590 | lzt = z->type; |
| 1551 | 1591 | } |
| 1552 | if(!z && !view->isfirst){ | |
| 1592 | if(view->local_zones && !z && !view->isfirst){ | |
| 1553 | 1593 | lock_rw_unlock(&view->lock); |
| 1554 | 1594 | return 0; |
| 1555 | 1595 | } |
| 1634 | 1674 | *t = local_zone_always_refuse; |
| 1635 | 1675 | else if(strcmp(type, "always_nxdomain") == 0) |
| 1636 | 1676 | *t = local_zone_always_nxdomain; |
| 1677 | else if(strcmp(type, "nodefault") == 0) | |
| 1678 | *t = local_zone_nodefault; | |
| 1637 | 1679 | else return 0; |
| 1638 | 1680 | return 1; |
| 1639 | 1681 | } |
| 45 | 45 | #include "util/storage/dnstree.h" |
| 46 | 46 | #include "util/module.h" |
| 47 | 47 | #include "services/view.h" |
| 48 | struct packed_rrset_data; | |
| 48 | 49 | struct ub_packed_rrset_key; |
| 49 | 50 | struct regional; |
| 50 | 51 | struct config_file; |
| 94 | 95 | */ |
| 95 | 96 | struct local_zones { |
| 96 | 97 | /** lock on the localzone tree */ |
| 97 | lock_rw_t lock; | |
| 98 | lock_rw_type lock; | |
| 98 | 99 | /** rbtree of struct local_zone */ |
| 99 | rbtree_t ztree; | |
| 100 | rbtree_type ztree; | |
| 100 | 101 | }; |
| 101 | 102 | |
| 102 | 103 | /** |
| 104 | 105 | */ |
| 105 | 106 | struct local_zone { |
| 106 | 107 | /** rbtree node, key is name and class */ |
| 107 | rbnode_t node; | |
| 108 | rbnode_type node; | |
| 108 | 109 | /** parent zone, if any. */ |
| 109 | 110 | struct local_zone* parent; |
| 110 | 111 | |
| 122 | 123 | * For the node, parent, name, namelen, namelabs, dclass, you |
| 123 | 124 | * need to also hold the zones_tree lock to change them (or to |
| 124 | 125 | * delete this zone) */ |
| 125 | lock_rw_t lock; | |
| 126 | lock_rw_type lock; | |
| 126 | 127 | |
| 127 | 128 | /** how to process zone */ |
| 128 | 129 | enum localzone_type type; |
| 132 | 133 | size_t taglen; |
| 133 | 134 | /** netblock addr_tree with struct local_zone_override information |
| 134 | 135 | * or NULL if there are no override elements */ |
| 135 | struct rbtree_t* override_tree; | |
| 136 | struct rbtree_type* override_tree; | |
| 136 | 137 | |
| 137 | 138 | /** in this region the zone's data is allocated. |
| 138 | 139 | * the struct local_zone itself is malloced. */ |
| 139 | 140 | struct regional* region; |
| 140 | 141 | /** local data for this zone |
| 141 | 142 | * rbtree of struct local_data */ |
| 142 | rbtree_t data; | |
| 143 | rbtree_type data; | |
| 143 | 144 | /** if data contains zone apex SOA data, this is a ptr to it. */ |
| 144 | 145 | struct ub_packed_rrset_key* soa; |
| 145 | 146 | }; |
| 149 | 150 | */ |
| 150 | 151 | struct local_data { |
| 151 | 152 | /** rbtree node, key is name only */ |
| 152 | rbnode_t node; | |
| 153 | rbnode_type node; | |
| 153 | 154 | /** domain name */ |
| 154 | 155 | uint8_t* name; |
| 155 | 156 | /** length of name */ |
| 388 | 389 | */ |
| 389 | 390 | int parse_dname(const char* str, uint8_t** res, size_t* len, int* labs); |
| 390 | 391 | |
| 392 | /** | |
| 393 | * Find local data tag string match for the given type (in qinfo) in the list. | |
| 394 | * If found, 'r' will be filled with corresponding rrset information. | |
| 395 | * @param qinfo: contains name, type, and class for the data | |
| 396 | * @param list: stores local tag data to be searched | |
| 397 | * @param r: rrset key to be filled for matched data | |
| 398 | * @param temp: region to allocate rrset in 'r' | |
| 399 | * @return 1 if a match is found and rrset is built; otherwise 0 including | |
| 400 | * errors. | |
| 401 | */ | |
| 402 | int local_data_find_tag_datas(const struct query_info* qinfo, | |
| 403 | struct config_strlist* list, struct ub_packed_rrset_key* r, | |
| 404 | struct regional* temp); | |
| 405 | ||
| 406 | /** | |
| 407 | * See if two sets of tag lists (in the form of bitmap) have the same tag that | |
| 408 | * has an action. If so, '*tag' will be set to the found tag index, and the | |
| 409 | * corresponding action will be returned in the form of local zone type. | |
| 410 | * Otherwise the passed type (lzt) will be returned as the default action. | |
| 411 | * Pointers except tagactions must not be NULL. | |
| 412 | * @param taglist: 1st list of tags | |
| 413 | * @param taglen: size of taglist in bytes | |
| 414 | * @param taglist2: 2nd list of tags | |
| 415 | * @param taglen2: size of taglist2 in bytes | |
| 416 | * @param tagactions: local data actions for tags. May be NULL. | |
| 417 | * @param tagactionssize: length of the tagactions. | |
| 418 | * @param lzt: default action (local zone type) if no tag action is found. | |
| 419 | * @param tag: see above. | |
| 420 | * @param tagname: array of tag name strings (for debug output). | |
| 421 | * @param num_tags: number of items in tagname array. | |
| 422 | * @return found tag action or the default action. | |
| 423 | */ | |
| 424 | enum localzone_type local_data_find_tag_action(const uint8_t* taglist, | |
| 425 | size_t taglen, const uint8_t* taglist2, size_t taglen2, | |
| 426 | const uint8_t* tagactions, size_t tagactionssize, | |
| 427 | enum localzone_type lzt, int* tag, char* const* tagname, int num_tags); | |
| 428 | ||
| 429 | /** | |
| 430 | * Enter defaults to local zone. | |
| 431 | * @param zones: to add defaults to | |
| 432 | * @param cfg: containing list of zones to exclude from default set. | |
| 433 | * @return 1 on success; 0 otherwise. | |
| 434 | */ | |
| 435 | int local_zone_enter_defaults(struct local_zones* zones, | |
| 436 | struct config_file* cfg); | |
| 437 | ||
| 438 | /** | |
| 439 | * Parses resource record string into wire format, also returning its field values. | |
| 440 | * @param str: input resource record | |
| 441 | * @param nm: domain name field | |
| 442 | * @param type: record type field | |
| 443 | * @param dclass: record class field | |
| 444 | * @param ttl: ttl field | |
| 445 | * @param rr: buffer for the parsed rr in wire format | |
| 446 | * @param len: buffer length | |
| 447 | * @param rdata: rdata field | |
| 448 | * @param rdata_len: rdata field length | |
| 449 | * @return 1 on success; 0 otherwise. | |
| 450 | */ | |
| 451 | int rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type, | |
| 452 | uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len, | |
| 453 | uint8_t** rdata, size_t* rdata_len); | |
| 454 | ||
| 455 | /** | |
| 456 | * Insert specified rdata into the specified resource record. | |
| 457 | * @param region: allocator | |
| 458 | * @param pd: data portion of the destination resource record | |
| 459 | * @param rdata: source rdata | |
| 460 | * @param rdata_len: source rdata length | |
| 461 | * @param ttl: time to live | |
| 462 | * @param rrstr: resource record in text form (for logging) | |
| 463 | * @return 1 on success; 0 otherwise. | |
| 464 | */ | |
| 465 | int rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd, | |
| 466 | uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr); | |
| 467 | ||
| 468 | /** | |
| 469 | * Valid response ip actions for the IP-response-driven-action feature; | |
| 470 | * defined here instead of in the respip module to enable sharing of enum | |
| 471 | * values with the localzone_type enum. | |
| 472 | * Note that these values except 'none' are the same as localzone types of | |
| 473 | * the 'same semantics'. It's intentional as we use these values via | |
| 474 | * access-control-tags, which can be shared for both response ip actions and | |
| 475 | * local zones. | |
| 476 | */ | |
| 477 | enum respip_action { | |
| 478 | /** no respip action */ | |
| 479 | respip_none = local_zone_unset, | |
| 480 | /** don't answer */ | |
| 481 | respip_deny = local_zone_deny, | |
| 482 | /** redirect as per provided data */ | |
| 483 | respip_redirect = local_zone_redirect, | |
| 484 | /** log query source and answer query */ | |
| 485 | respip_inform = local_zone_inform, | |
| 486 | /** log query source and don't answer query */ | |
| 487 | respip_inform_deny = local_zone_inform_deny, | |
| 488 | /** resolve normally, even when there is response-ip data */ | |
| 489 | respip_always_transparent = local_zone_always_transparent, | |
| 490 | /** answer with 'refused' response */ | |
| 491 | respip_always_refuse = local_zone_always_refuse, | |
| 492 | /** answer with 'no such domain' response */ | |
| 493 | respip_always_nxdomain = local_zone_always_nxdomain, | |
| 494 | ||
| 495 | /* The rest of the values are only possible as | |
| 496 | * access-control-tag-action */ | |
| 497 | ||
| 498 | /** serves response data (if any), else, drops queries. */ | |
| 499 | respip_refuse = local_zone_refuse, | |
| 500 | /** serves response data, else, nodata answer. */ | |
| 501 | respip_static = local_zone_static, | |
| 502 | /** gives response data (if any), else nodata answer. */ | |
| 503 | respip_transparent = local_zone_transparent, | |
| 504 | /** gives response data (if any), else nodata answer. */ | |
| 505 | respip_typetransparent = local_zone_typetransparent, | |
| 506 | }; | |
| 507 | ||
| 391 | 508 | #endif /* SERVICES_LOCALZONE_H */ |
| 58 | 58 | #include "sldns/wire2str.h" |
| 59 | 59 | #include "services/localzone.h" |
| 60 | 60 | #include "util/data/dname.h" |
| 61 | #include "respip/respip.h" | |
| 61 | 62 | |
| 62 | 63 | /** subtract timers and the values do not overflow or become negative */ |
| 63 | 64 | static void |
| 123 | 124 | #endif |
| 124 | 125 | } |
| 125 | 126 | |
| 127 | /* | |
| 128 | * Compare two response-ip client info entries for the purpose of mesh state | |
| 129 | * compare. It returns 0 if ci_a and ci_b are considered equal; otherwise | |
| 130 | * 1 or -1 (they mean 'ci_a is larger/smaller than ci_b', respectively, but | |
| 131 | * in practice it should be only used to mean they are different). | |
| 132 | * We cannot share the mesh state for two queries if different response-ip | |
| 133 | * actions can apply in the end, even if those queries are otherwise identical. | |
| 134 | * For this purpose we compare tag lists and tag action lists; they should be | |
| 135 | * identical to share the same state. | |
| 136 | * For tag data, we don't look into the data content, as it can be | |
| 137 | * expensive; unless tag data are not defined for both or they point to the | |
| 138 | * exact same data in memory (i.e., they come from the same ACL entry), we | |
| 139 | * consider these data different. | |
| 140 | * Likewise, if the client info is associated with views, we don't look into | |
| 141 | * the views. They are considered different unless they are exactly the same | |
| 142 | * even if the views only differ in the names. | |
| 143 | */ | |
| 144 | static int | |
| 145 | client_info_compare(const struct respip_client_info* ci_a, | |
| 146 | const struct respip_client_info* ci_b) | |
| 147 | { | |
| 148 | int cmp; | |
| 149 | ||
| 150 | if(!ci_a && !ci_b) | |
| 151 | return 0; | |
| 152 | if(ci_a && !ci_b) | |
| 153 | return -1; | |
| 154 | if(!ci_a && ci_b) | |
| 155 | return 1; | |
| 156 | if(ci_a->taglen != ci_b->taglen) | |
| 157 | return (ci_a->taglen < ci_b->taglen) ? -1 : 1; | |
| 158 | cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen); | |
| 159 | if(cmp != 0) | |
| 160 | return cmp; | |
| 161 | if(ci_a->tag_actions_size != ci_b->tag_actions_size) | |
| 162 | return (ci_a->tag_actions_size < ci_b->tag_actions_size) ? | |
| 163 | -1 : 1; | |
| 164 | cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions, | |
| 165 | ci_a->tag_actions_size); | |
| 166 | if(cmp != 0) | |
| 167 | return cmp; | |
| 168 | if(ci_a->tag_datas != ci_b->tag_datas) | |
| 169 | return ci_a->tag_datas < ci_b->tag_datas ? -1 : 1; | |
| 170 | if(ci_a->view != ci_b->view) | |
| 171 | return ci_a->view < ci_b->view ? -1 : 1; | |
| 172 | /* For the unbound daemon these should be non-NULL and identical, | |
| 173 | * but we check that just in case. */ | |
| 174 | if(ci_a->respip_set != ci_b->respip_set) | |
| 175 | return ci_a->respip_set < ci_b->respip_set ? -1 : 1; | |
| 176 | return 0; | |
| 177 | } | |
| 178 | ||
| 126 | 179 | int |
| 127 | 180 | mesh_state_compare(const void* ap, const void* bp) |
| 128 | 181 | { |
| 129 | 182 | struct mesh_state* a = (struct mesh_state*)ap; |
| 130 | 183 | struct mesh_state* b = (struct mesh_state*)bp; |
| 184 | int cmp; | |
| 131 | 185 | |
| 132 | 186 | if(a->unique < b->unique) |
| 133 | 187 | return -1; |
| 154 | 208 | if(!(a->s.query_flags&BIT_CD) && (b->s.query_flags&BIT_CD)) |
| 155 | 209 | return 1; |
| 156 | 210 | |
| 157 | return query_info_compare(&a->s.qinfo, &b->s.qinfo); | |
| 211 | cmp = query_info_compare(&a->s.qinfo, &b->s.qinfo); | |
| 212 | if(cmp != 0) | |
| 213 | return cmp; | |
| 214 | return client_info_compare(a->s.client_info, b->s.client_info); | |
| 158 | 215 | } |
| 159 | 216 | |
| 160 | 217 | int |
| 202 | 259 | |
| 203 | 260 | /** help mesh delete delete mesh states */ |
| 204 | 261 | static void |
| 205 | mesh_delete_helper(rbnode_t* n) | |
| 262 | mesh_delete_helper(rbnode_type* n) | |
| 206 | 263 | { |
| 207 | 264 | struct mesh_state* mstate = (struct mesh_state*)n->key; |
| 208 | 265 | /* perform a full delete, not only 'cleanup' routine, |
| 286 | 343 | } |
| 287 | 344 | |
| 288 | 345 | void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, |
| 289 | uint16_t qflags, struct edns_data* edns, struct comm_reply* rep, | |
| 290 | uint16_t qid) | |
| 346 | struct respip_client_info* cinfo, uint16_t qflags, | |
| 347 | struct edns_data* edns, struct comm_reply* rep, uint16_t qid) | |
| 291 | 348 | { |
| 292 | 349 | struct mesh_state* s = NULL; |
| 293 | int unique = edns_unique_mesh_state(edns->opt_list, mesh->env); | |
| 350 | int unique = unique_mesh_state(edns->opt_list, mesh->env); | |
| 294 | 351 | int was_detached = 0; |
| 295 | 352 | int was_noreply = 0; |
| 296 | 353 | int added = 0; |
| 297 | 354 | if(!unique) |
| 298 | s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 355 | s = mesh_area_find(mesh, cinfo, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 299 | 356 | /* does this create a new reply state? */ |
| 300 | 357 | if(!s || s->list_select == mesh_no_list) { |
| 301 | 358 | if(!mesh_make_new_space(mesh, rep->c->buffer)) { |
| 320 | 377 | /* see if it already exists, if not, create one */ |
| 321 | 378 | if(!s) { |
| 322 | 379 | #ifdef UNBOUND_DEBUG |
| 323 | struct rbnode_t* n; | |
| 324 | #endif | |
| 325 | s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 380 | struct rbnode_type* n; | |
| 381 | #endif | |
| 382 | s = mesh_state_create(mesh->env, qinfo, cinfo, | |
| 383 | qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 326 | 384 | if(!s) { |
| 327 | 385 | log_err("mesh_state_create: out of memory; SERVFAIL"); |
| 328 | 386 | if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, |
| 408 | 466 | int |
| 409 | 467 | mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, |
| 410 | 468 | uint16_t qflags, struct edns_data* edns, sldns_buffer* buf, |
| 411 | uint16_t qid, mesh_cb_func_t cb, void* cb_arg) | |
| 469 | uint16_t qid, mesh_cb_func_type cb, void* cb_arg) | |
| 412 | 470 | { |
| 413 | 471 | struct mesh_state* s = NULL; |
| 414 | int unique = edns_unique_mesh_state(edns->opt_list, mesh->env); | |
| 472 | int unique = unique_mesh_state(edns->opt_list, mesh->env); | |
| 415 | 473 | int was_detached = 0; |
| 416 | 474 | int was_noreply = 0; |
| 417 | 475 | int added = 0; |
| 418 | 476 | if(!unique) |
| 419 | s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 477 | s = mesh_area_find(mesh, NULL, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 478 | ||
| 420 | 479 | /* there are no limits on the number of callbacks */ |
| 421 | 480 | |
| 422 | 481 | /* see if it already exists, if not, create one */ |
| 423 | 482 | if(!s) { |
| 424 | 483 | #ifdef UNBOUND_DEBUG |
| 425 | struct rbnode_t* n; | |
| 426 | #endif | |
| 427 | s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 484 | struct rbnode_type* n; | |
| 485 | #endif | |
| 486 | s = mesh_state_create(mesh->env, qinfo, NULL, | |
| 487 | qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 428 | 488 | if(!s) { |
| 429 | 489 | return 0; |
| 430 | 490 | } |
| 475 | 535 | void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, |
| 476 | 536 | uint16_t qflags, time_t leeway) |
| 477 | 537 | { |
| 478 | struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), | |
| 479 | 0, 0); | |
| 538 | struct mesh_state* s = mesh_area_find(mesh, NULL, qinfo, | |
| 539 | qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 480 | 540 | #ifdef UNBOUND_DEBUG |
| 481 | struct rbnode_t* n; | |
| 541 | struct rbnode_type* n; | |
| 482 | 542 | #endif |
| 483 | 543 | /* already exists, and for a different purpose perhaps. |
| 484 | 544 | * if mesh_no_list, keep it that way. */ |
| 496 | 556 | return; |
| 497 | 557 | } |
| 498 | 558 | |
| 499 | s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 559 | s = mesh_state_create(mesh->env, qinfo, NULL, | |
| 560 | qflags&(BIT_RD|BIT_CD), 0, 0); | |
| 500 | 561 | if(!s) { |
| 501 | 562 | log_err("prefetch mesh_state_create: out of memory"); |
| 502 | 563 | return; |
| 545 | 606 | |
| 546 | 607 | struct mesh_state* |
| 547 | 608 | mesh_state_create(struct module_env* env, struct query_info* qinfo, |
| 548 | uint16_t qflags, int prime, int valrec) | |
| 609 | struct respip_client_info* cinfo, uint16_t qflags, int prime, | |
| 610 | int valrec) | |
| 549 | 611 | { |
| 550 | 612 | struct regional* region = alloc_reg_obtain(env->alloc); |
| 551 | 613 | struct mesh_state* mstate; |
| 581 | 643 | alloc_reg_release(env->alloc, region); |
| 582 | 644 | return NULL; |
| 583 | 645 | } |
| 646 | if(cinfo) { | |
| 647 | mstate->s.client_info = regional_alloc_init(region, cinfo, | |
| 648 | sizeof(*cinfo)); | |
| 649 | if(!mstate->s.client_info) { | |
| 650 | alloc_reg_release(env->alloc, region); | |
| 651 | return NULL; | |
| 652 | } | |
| 653 | } | |
| 584 | 654 | /* remove all weird bits from qflags */ |
| 585 | 655 | mstate->s.query_flags = (qflags & (BIT_RD|BIT_CD)); |
| 586 | 656 | mstate->s.is_priming = prime; |
| 728 | 798 | struct mesh_area* mesh = qstate->env->mesh; |
| 729 | 799 | struct mesh_state_ref* ref, lookup; |
| 730 | 800 | #ifdef UNBOUND_DEBUG |
| 731 | struct rbnode_t* n; | |
| 801 | struct rbnode_type* n; | |
| 732 | 802 | #endif |
| 733 | 803 | lookup.node.key = &lookup; |
| 734 | 804 | lookup.s = qstate->mesh_info; |
| 750 | 820 | rbtree_init(&qstate->mesh_info->sub_set, &mesh_state_ref_compare); |
| 751 | 821 | } |
| 752 | 822 | |
| 753 | int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, | |
| 754 | uint16_t qflags, int prime, int valrec, struct module_qstate** newq) | |
| 823 | int mesh_add_sub(struct module_qstate* qstate, struct query_info* qinfo, | |
| 824 | uint16_t qflags, int prime, int valrec, struct module_qstate** newq, | |
| 825 | struct mesh_state** sub) | |
| 755 | 826 | { |
| 756 | 827 | /* find it, if not, create it */ |
| 757 | 828 | struct mesh_area* mesh = qstate->env->mesh; |
| 758 | struct mesh_state* sub = mesh_area_find(mesh, qinfo, qflags, prime, valrec); | |
| 759 | int was_detached; | |
| 760 | if(mesh_detect_cycle_found(qstate, sub)) { | |
| 829 | *sub = mesh_area_find(mesh, NULL, qinfo, qflags, | |
| 830 | prime, valrec); | |
| 831 | if(mesh_detect_cycle_found(qstate, *sub)) { | |
| 761 | 832 | verbose(VERB_ALGO, "attach failed, cycle detected"); |
| 762 | 833 | return 0; |
| 763 | 834 | } |
| 764 | if(!sub) { | |
| 835 | if(!*sub) { | |
| 765 | 836 | #ifdef UNBOUND_DEBUG |
| 766 | struct rbnode_t* n; | |
| 837 | struct rbnode_type* n; | |
| 767 | 838 | #endif |
| 768 | 839 | /* create a new one */ |
| 769 | sub = mesh_state_create(qstate->env, qinfo, qflags, prime, valrec); | |
| 770 | if(!sub) { | |
| 840 | *sub = mesh_state_create(qstate->env, qinfo, NULL, qflags, prime, | |
| 841 | valrec); | |
| 842 | if(!*sub) { | |
| 771 | 843 | log_err("mesh_attach_sub: out of memory"); |
| 772 | 844 | return 0; |
| 773 | 845 | } |
| 776 | 848 | #else |
| 777 | 849 | (void) |
| 778 | 850 | #endif |
| 779 | rbtree_insert(&mesh->all, &sub->node); | |
| 851 | rbtree_insert(&mesh->all, &(*sub)->node); | |
| 780 | 852 | log_assert(n != NULL); |
| 781 | 853 | /* set detached (it is now) */ |
| 782 | 854 | mesh->num_detached_states++; |
| 786 | 858 | #else |
| 787 | 859 | (void) |
| 788 | 860 | #endif |
| 789 | rbtree_insert(&mesh->run, &sub->run_node); | |
| 861 | rbtree_insert(&mesh->run, &(*sub)->run_node); | |
| 790 | 862 | log_assert(n != NULL); |
| 791 | *newq = &sub->s; | |
| 863 | *newq = &(*sub)->s; | |
| 792 | 864 | } else |
| 793 | 865 | *newq = NULL; |
| 866 | return 1; | |
| 867 | } | |
| 868 | ||
| 869 | int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, | |
| 870 | uint16_t qflags, int prime, int valrec, struct module_qstate** newq) | |
| 871 | { | |
| 872 | struct mesh_area* mesh = qstate->env->mesh; | |
| 873 | struct mesh_state* sub = NULL; | |
| 874 | int was_detached; | |
| 875 | if(!mesh_add_sub(qstate, qinfo, qflags, prime, valrec, newq, &sub)) | |
| 876 | return 0; | |
| 794 | 877 | was_detached = (sub->super_set.count == 0); |
| 795 | 878 | if(!mesh_state_attachment(qstate->mesh_info, sub)) |
| 796 | 879 | return 0; |
| 808 | 891 | int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub) |
| 809 | 892 | { |
| 810 | 893 | #ifdef UNBOUND_DEBUG |
| 811 | struct rbnode_t* n; | |
| 894 | struct rbnode_type* n; | |
| 812 | 895 | #endif |
| 813 | 896 | struct mesh_state_ref* subref; /* points to sub, inserted in super */ |
| 814 | 897 | struct mesh_state_ref* superref; /* points to super, inserted in sub */ |
| 1018 | 1101 | query_reply.c->buffer)) == 0) |
| 1019 | 1102 | m->s.env->mesh->ans_nodata++; |
| 1020 | 1103 | } |
| 1104 | /* Log reply sent */ | |
| 1105 | if(m->s.env->cfg->log_replies) { | |
| 1106 | log_reply_info(0, &m->s.qinfo, &r->query_reply.addr, | |
| 1107 | r->query_reply.addrlen, duration, 0, | |
| 1108 | r->query_reply.c->buffer); | |
| 1109 | } | |
| 1021 | 1110 | } |
| 1022 | 1111 | |
| 1023 | 1112 | void mesh_query_done(struct mesh_state* mstate) |
| 1028 | 1117 | struct reply_info* rep = (mstate->s.return_msg? |
| 1029 | 1118 | mstate->s.return_msg->rep:NULL); |
| 1030 | 1119 | for(r = mstate->reply_list; r; r = r->next) { |
| 1031 | mesh_send_reply(mstate, mstate->s.return_rcode, rep, r, prev); | |
| 1032 | prev = r; | |
| 1120 | /* if a response-ip address block has been stored the | |
| 1121 | * information should be logged for each client. */ | |
| 1122 | if(mstate->s.respip_action_info && | |
| 1123 | mstate->s.respip_action_info->addrinfo) { | |
| 1124 | respip_inform_print(mstate->s.respip_action_info->addrinfo, | |
| 1125 | r->qname, mstate->s.qinfo.qtype, | |
| 1126 | mstate->s.qinfo.qclass, r->local_alias, | |
| 1127 | &r->query_reply); | |
| 1128 | } | |
| 1129 | ||
| 1130 | /* if this query is determined to be dropped during the | |
| 1131 | * mesh processing, this is the point to take that action. */ | |
| 1132 | if(mstate->s.is_drop) | |
| 1133 | comm_point_drop_reply(&r->query_reply); | |
| 1134 | else { | |
| 1135 | mesh_send_reply(mstate, mstate->s.return_rcode, rep, | |
| 1136 | r, prev); | |
| 1137 | prev = r; | |
| 1138 | } | |
| 1033 | 1139 | } |
| 1034 | 1140 | mstate->replies_sent = 1; |
| 1035 | 1141 | for(c = mstate->cb_list; c; c = c->next) { |
| 1053 | 1159 | } |
| 1054 | 1160 | |
| 1055 | 1161 | struct mesh_state* mesh_area_find(struct mesh_area* mesh, |
| 1056 | struct query_info* qinfo, uint16_t qflags, int prime, int valrec) | |
| 1162 | struct respip_client_info* cinfo, struct query_info* qinfo, | |
| 1163 | uint16_t qflags, int prime, int valrec) | |
| 1057 | 1164 | { |
| 1058 | 1165 | struct mesh_state key; |
| 1059 | 1166 | struct mesh_state* result; |
| 1067 | 1174 | * aggregate the state. Thus unique is set to NULL. (default when we |
| 1068 | 1175 | * desire aggregation).*/ |
| 1069 | 1176 | key.unique = NULL; |
| 1177 | key.s.client_info = cinfo; | |
| 1070 | 1178 | |
| 1071 | 1179 | result = (struct mesh_state*)rbtree_search(&mesh->all, &key); |
| 1072 | 1180 | return result; |
| 1073 | 1181 | } |
| 1074 | 1182 | |
| 1075 | 1183 | int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns, |
| 1076 | sldns_buffer* buf, mesh_cb_func_t cb, void* cb_arg, | |
| 1184 | sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg, | |
| 1077 | 1185 | uint16_t qid, uint16_t qflags) |
| 1078 | 1186 | { |
| 1079 | 1187 | struct mesh_cb* r = regional_alloc(s->s.region, |
| 1217 | 1325 | return mesh_continue(mesh, mstate, module_error, ev); |
| 1218 | 1326 | } |
| 1219 | 1327 | if(s == module_restart_next) { |
| 1220 | fptr_ok(fptr_whitelist_mod_clear( | |
| 1221 | mesh->mods.mod[mstate->s.curmod]->clear)); | |
| 1222 | (*mesh->mods.mod[mstate->s.curmod]->clear) | |
| 1223 | (&mstate->s, mstate->s.curmod); | |
| 1224 | mstate->s.minfo[mstate->s.curmod] = NULL; | |
| 1328 | int curmod = mstate->s.curmod; | |
| 1329 | for(; mstate->s.curmod < mesh->mods.num; | |
| 1330 | mstate->s.curmod++) { | |
| 1331 | fptr_ok(fptr_whitelist_mod_clear( | |
| 1332 | mesh->mods.mod[mstate->s.curmod]->clear)); | |
| 1333 | (*mesh->mods.mod[mstate->s.curmod]->clear) | |
| 1334 | (&mstate->s, mstate->s.curmod); | |
| 1335 | mstate->s.minfo[mstate->s.curmod] = NULL; | |
| 1336 | } | |
| 1337 | mstate->s.curmod = curmod; | |
| 1225 | 1338 | } |
| 1226 | 1339 | *ev = module_event_pass; |
| 1227 | 1340 | return 1; |
| 1371 | 1484 | struct mesh_area* mesh = qstate->env->mesh; |
| 1372 | 1485 | struct mesh_state* dep_m = NULL; |
| 1373 | 1486 | if(!mesh_state_is_unique(qstate->mesh_info)) |
| 1374 | dep_m = mesh_area_find(mesh, qinfo, flags, prime, valrec); | |
| 1487 | dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec); | |
| 1375 | 1488 | return mesh_detect_cycle_found(qstate, dep_m); |
| 1376 | 1489 | } |
| 1377 | 1490 | |
| 58 | 58 | struct reply_info; |
| 59 | 59 | struct outbound_entry; |
| 60 | 60 | struct timehist; |
| 61 | struct respip_client_info; | |
| 61 | 62 | |
| 62 | 63 | /** |
| 63 | 64 | * Maximum number of mesh state activations. Any more is likely an |
| 82 | 83 | struct module_env* env; |
| 83 | 84 | |
| 84 | 85 | /** set of runnable queries (mesh_state.run_node) */ |
| 85 | rbtree_t run; | |
| 86 | rbtree_type run; | |
| 86 | 87 | /** rbtree of all current queries (mesh_state.node)*/ |
| 87 | rbtree_t all; | |
| 88 | rbtree_type all; | |
| 88 | 89 | |
| 89 | 90 | /** count of the total number of mesh_reply entries */ |
| 90 | 91 | size_t num_reply_addrs; |
| 153 | 154 | */ |
| 154 | 155 | struct mesh_state { |
| 155 | 156 | /** node in mesh_area all tree, key is this struct. Must be first. */ |
| 156 | rbnode_t node; | |
| 157 | rbnode_type node; | |
| 157 | 158 | /** node in mesh_area runnable tree, key is this struct */ |
| 158 | rbnode_t run_node; | |
| 159 | rbnode_type run_node; | |
| 159 | 160 | /** the query state. Note that the qinfo and query_flags |
| 160 | 161 | * may not change. */ |
| 161 | 162 | struct module_qstate s; |
| 165 | 166 | struct mesh_cb* cb_list; |
| 166 | 167 | /** set of superstates (that want this state's result) |
| 167 | 168 | * contains struct mesh_state_ref* */ |
| 168 | rbtree_t super_set; | |
| 169 | rbtree_type super_set; | |
| 169 | 170 | /** set of substates (that this state needs to continue) |
| 170 | 171 | * contains struct mesh_state_ref* */ |
| 171 | rbtree_t sub_set; | |
| 172 | rbtree_type sub_set; | |
| 172 | 173 | /** number of activations for the mesh state */ |
| 173 | 174 | size_t num_activated; |
| 174 | 175 | |
| 192 | 193 | */ |
| 193 | 194 | struct mesh_state_ref { |
| 194 | 195 | /** node in rbtree for set, key is this structure */ |
| 195 | rbnode_t node; | |
| 196 | rbnode_type node; | |
| 196 | 197 | /** the mesh state */ |
| 197 | 198 | struct mesh_state* s; |
| 198 | 199 | }; |
| 223 | 224 | * Mesh result callback func. |
| 224 | 225 | * called as func(cb_arg, rcode, buffer_with_reply, security, why_bogus); |
| 225 | 226 | */ |
| 226 | typedef void (*mesh_cb_func_t)(void*, int, struct sldns_buffer*, enum sec_status, | |
| 227 | typedef void (*mesh_cb_func_type)(void*, int, struct sldns_buffer*, enum sec_status, | |
| 227 | 228 | char*); |
| 228 | 229 | |
| 229 | 230 | /** |
| 244 | 245 | /** callback routine for results. if rcode != 0 buf has message. |
| 245 | 246 | * called as cb(cb_arg, rcode, buf, sec_state); |
| 246 | 247 | */ |
| 247 | mesh_cb_func_t cb; | |
| 248 | mesh_cb_func_type cb; | |
| 248 | 249 | /** user arg for callback */ |
| 249 | 250 | void* cb_arg; |
| 250 | 251 | }; |
| 273 | 274 | * |
| 274 | 275 | * @param mesh: the mesh. |
| 275 | 276 | * @param qinfo: query from client. |
| 277 | * @param cinfo: additional information associated with the query client. | |
| 278 | * 'cinfo' itself is ephemeral but data pointed to by its members | |
| 279 | * can be assumed to be valid and unchanged until the query processing is | |
| 280 | * completed. | |
| 276 | 281 | * @param qflags: flags from client query. |
| 277 | 282 | * @param edns: edns data from client query. |
| 278 | 283 | * @param rep: where to reply to. |
| 279 | 284 | * @param qid: query id to reply with. |
| 280 | 285 | */ |
| 281 | 286 | void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, |
| 282 | uint16_t qflags, struct edns_data* edns, struct comm_reply* rep, | |
| 283 | uint16_t qid); | |
| 287 | struct respip_client_info* cinfo, uint16_t qflags, | |
| 288 | struct edns_data* edns, struct comm_reply* rep, uint16_t qid); | |
| 284 | 289 | |
| 285 | 290 | /** |
| 286 | 291 | * New query with callback. Create new query state if needed, and |
| 299 | 304 | */ |
| 300 | 305 | int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, |
| 301 | 306 | uint16_t qflags, struct edns_data* edns, struct sldns_buffer* buf, |
| 302 | uint16_t qid, mesh_cb_func_t cb, void* cb_arg); | |
| 307 | uint16_t qid, mesh_cb_func_type cb, void* cb_arg); | |
| 303 | 308 | |
| 304 | 309 | /** |
| 305 | 310 | * New prefetch message. Create new query state if needed. |
| 365 | 370 | uint16_t qflags, int prime, int valrec, struct module_qstate** newq); |
| 366 | 371 | |
| 367 | 372 | /** |
| 373 | * Add detached query. | |
| 374 | * Creates it if it does not exist already. | |
| 375 | * Does not make super/sub references. | |
| 376 | * Performs a cycle detection - for double check - and fails if there is one. | |
| 377 | * Updates stat items in mesh_area structure. | |
| 378 | * Pass if it is priming query or not. | |
| 379 | * return: | |
| 380 | * o if error (malloc) happened. | |
| 381 | * o need to initialise the new state (module init; it is a new state). | |
| 382 | * so that the next run of the query with this module is successful. | |
| 383 | * o no init needed, attachment successful. | |
| 384 | * o added subquery, created if it did not exist already. | |
| 385 | * | |
| 386 | * @param qstate: the state to find mesh state, and that wants to receive | |
| 387 | * the results from the new subquery. | |
| 388 | * @param qinfo: what to query for (copied). | |
| 389 | * @param qflags: what flags to use (RD / CD flag or not). | |
| 390 | * @param prime: if it is a (stub) priming query. | |
| 391 | * @param valrec: if it is a validation recursion query (lookup of key, DS). | |
| 392 | * @param newq: If the new subquery needs initialisation, it is returned, | |
| 393 | * otherwise NULL is returned. | |
| 394 | * @param sub: The added mesh state, created if it did not exist already. | |
| 395 | * @return: false on error, true if success (and init may be needed). | |
| 396 | */ | |
| 397 | int mesh_add_sub(struct module_qstate* qstate, struct query_info* qinfo, | |
| 398 | uint16_t qflags, int prime, int valrec, struct module_qstate** newq, | |
| 399 | struct mesh_state** sub); | |
| 400 | ||
| 401 | /** | |
| 368 | 402 | * Query state is done, send messages to reply entries. |
| 369 | 403 | * Encode messages using reply entry values and the querystate (with original |
| 370 | 404 | * qinfo), using given reply_info. |
| 408 | 442 | * Does not put the mesh state into rbtrees and so on. |
| 409 | 443 | * @param env: module environment to set. |
| 410 | 444 | * @param qinfo: query info that the mesh is for. |
| 445 | * @param cinfo: control info for the query client (can be NULL). | |
| 411 | 446 | * @param qflags: flags for query (RD / CD flag). |
| 412 | 447 | * @param prime: if true, it is a priming query, set is_priming on mesh state. |
| 413 | 448 | * @param valrec: if true, it is a validation recursion query, and sets |
| 414 | 449 | * is_valrec on the mesh state. |
| 415 | 450 | * @return: new mesh state or NULL on allocation error. |
| 416 | 451 | */ |
| 417 | struct mesh_state* mesh_state_create(struct module_env* env, | |
| 418 | struct query_info* qinfo, uint16_t qflags, int prime, int valrec); | |
| 452 | struct mesh_state* mesh_state_create(struct module_env* env, | |
| 453 | struct query_info* qinfo, struct respip_client_info* cinfo, | |
| 454 | uint16_t qflags, int prime, int valrec); | |
| 419 | 455 | |
| 420 | 456 | /** |
| 421 | 457 | * Check if the mesh state is unique. |
| 450 | 486 | * Find a mesh state in the mesh area. Pass relevant flags. |
| 451 | 487 | * |
| 452 | 488 | * @param mesh: the mesh area to look in. |
| 489 | * @param cinfo: if non-NULL client specific info that may affect IP-based | |
| 490 | * actions that apply to the query result. | |
| 453 | 491 | * @param qinfo: what query |
| 454 | 492 | * @param qflags: if RD / CD bit is set or not. |
| 455 | 493 | * @param prime: if it is a priming query. |
| 456 | 494 | * @param valrec: if it is a validation-recursion query. |
| 457 | 495 | * @return: mesh state or NULL if not found. |
| 458 | 496 | */ |
| 459 | struct mesh_state* mesh_area_find(struct mesh_area* mesh, | |
| 460 | struct query_info* qinfo, uint16_t qflags, int prime, int valrec); | |
| 497 | struct mesh_state* mesh_area_find(struct mesh_area* mesh, | |
| 498 | struct respip_client_info* cinfo, struct query_info* qinfo, | |
| 499 | uint16_t qflags, int prime, int valrec); | |
| 461 | 500 | |
| 462 | 501 | /** |
| 463 | 502 | * Setup attachment super/sub relation between super and sub mesh state. |
| 497 | 536 | * @return: 0 on alloc error. |
| 498 | 537 | */ |
| 499 | 538 | int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns, |
| 500 | struct sldns_buffer* buf, mesh_cb_func_t cb, void* cb_arg, uint16_t qid, | |
| 501 | uint16_t qflags); | |
| 539 | struct sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg, | |
| 540 | uint16_t qid, uint16_t qflags); | |
| 502 | 541 | |
| 503 | 542 | /** |
| 504 | 543 | * Run the mesh. Run all runnable mesh states. Which can create new |
| 45 | 45 | #include "dns64/dns64.h" |
| 46 | 46 | #include "iterator/iterator.h" |
| 47 | 47 | #include "validator/validator.h" |
| 48 | #include "respip/respip.h" | |
| 48 | 49 | |
| 49 | 50 | #ifdef WITH_PYTHONMODULE |
| 50 | 51 | #include "pythonmod/pythonmod.h" |
| 51 | 52 | #endif |
| 52 | 53 | #ifdef USE_CACHEDB |
| 53 | 54 | #include "cachedb/cachedb.h" |
| 55 | #endif | |
| 56 | #ifdef USE_IPSECMOD | |
| 57 | #include "ipsecmod/ipsecmod.h" | |
| 58 | #endif | |
| 59 | #ifdef CLIENT_SUBNET | |
| 60 | #include "edns-subnet/subnetmod.h" | |
| 54 | 61 | #endif |
| 55 | 62 | |
| 56 | 63 | /** count number of modules (words) in the string */ |
| 121 | 128 | static const char* names[] = { |
| 122 | 129 | "dns64", |
| 123 | 130 | #ifdef WITH_PYTHONMODULE |
| 124 | "python", | |
| 131 | "python", | |
| 125 | 132 | #endif |
| 126 | 133 | #ifdef USE_CACHEDB |
| 127 | 134 | "cachedb", |
| 128 | 135 | #endif |
| 129 | "validator", | |
| 130 | "iterator", | |
| 136 | #ifdef USE_IPSECMOD | |
| 137 | "ipsecmod", | |
| 138 | #endif | |
| 139 | #ifdef CLIENT_SUBNET | |
| 140 | "subnetcache", | |
| 141 | #endif | |
| 142 | "respip", | |
| 143 | "validator", | |
| 144 | "iterator", | |
| 131 | 145 | NULL}; |
| 132 | 146 | return names; |
| 133 | 147 | } |
| 142 | 156 | static struct module_func_block* (*fb[])(void) = { |
| 143 | 157 | &dns64_get_funcblock, |
| 144 | 158 | #ifdef WITH_PYTHONMODULE |
| 145 | &pythonmod_get_funcblock, | |
| 159 | &pythonmod_get_funcblock, | |
| 146 | 160 | #endif |
| 147 | 161 | #ifdef USE_CACHEDB |
| 148 | 162 | &cachedb_get_funcblock, |
| 149 | 163 | #endif |
| 150 | &val_get_funcblock, | |
| 151 | &iter_get_funcblock, | |
| 164 | #ifdef USE_IPSECMOD | |
| 165 | &ipsecmod_get_funcblock, | |
| 166 | #endif | |
| 167 | #ifdef CLIENT_SUBNET | |
| 168 | &subnetmod_get_funcblock, | |
| 169 | #endif | |
| 170 | &respip_get_funcblock, | |
| 171 | &val_get_funcblock, | |
| 172 | &iter_get_funcblock, | |
| 152 | 173 | NULL}; |
| 153 | 174 | return fb; |
| 154 | 175 | } |
| 155 | 176 | |
| 156 | struct | |
| 177 | struct | |
| 157 | 178 | module_func_block* module_factory(const char** str) |
| 158 | 179 | { |
| 159 | 180 | int i = 0; |
| 215 | 236 | modstack_find(struct module_stack* stack, const char* name) |
| 216 | 237 | { |
| 217 | 238 | int i; |
| 218 | for(i=0; i<stack->num; i++) { | |
| 239 | for(i=0; i<stack->num; i++) { | |
| 219 | 240 | if(strcmp(stack->mod[i]->name, name) == 0) |
| 220 | 241 | return i; |
| 221 | 242 | } |
| 222 | 243 | return -1; |
| 223 | 244 | } |
| 245 | ||
| 246 | size_t | |
| 247 | mod_get_mem(struct module_env* env, const char* name) | |
| 248 | { | |
| 249 | int m = modstack_find(&env->mesh->mods, name); | |
| 250 | if(m != -1) { | |
| 251 | fptr_ok(fptr_whitelist_mod_get_mem(env->mesh-> | |
| 252 | mods.mod[m]->get_mem)); | |
| 253 | return (*env->mesh->mods.mod[m]->get_mem)(env, m); | |
| 254 | } | |
| 255 | return 0; | |
| 256 | } | |
| 109 | 109 | */ |
| 110 | 110 | int modstack_find(struct module_stack* stack, const char* name); |
| 111 | 111 | |
| 112 | /** fetch memory for a module by name, returns 0 if module not there */ | |
| 113 | size_t mod_get_mem(struct module_env* env, const char* name); | |
| 114 | ||
| 112 | 115 | #endif /* SERVICES_MODSTACK_H */ |
| 203 | 203 | { |
| 204 | 204 | struct pending_tcp* pend = w->outnet->tcp_free; |
| 205 | 205 | int s; |
| 206 | #ifdef SO_REUSEADDR | |
| 207 | int on = 1; | |
| 208 | #endif | |
| 206 | 209 | log_assert(pend); |
| 207 | 210 | log_assert(pkt); |
| 208 | 211 | log_assert(w->addrlen > 0); |
| 224 | 227 | return 0; |
| 225 | 228 | } |
| 226 | 229 | |
| 230 | #ifdef SO_REUSEADDR | |
| 231 | if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, | |
| 232 | (socklen_t)sizeof(on)) < 0) { | |
| 233 | verbose(VERB_ALGO, "outgoing tcp:" | |
| 234 | " setsockopt(.. SO_REUSEADDR ..) failed"); | |
| 235 | } | |
| 236 | #endif | |
| 227 | 237 | if (w->outnet->tcp_mss > 0) { |
| 228 | 238 | #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) |
| 229 | 239 | if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, |
| 230 | 240 | (void*)&w->outnet->tcp_mss, |
| 231 | 241 | (socklen_t)sizeof(w->outnet->tcp_mss)) < 0) { |
| 232 | 242 | verbose(VERB_ALGO, "outgoing tcp:" |
| 233 | " setsockopt(.. SO_REUSEADDR ..) failed"); | |
| 243 | " setsockopt(.. TCP_MAXSEG ..) failed"); | |
| 234 | 244 | } |
| 235 | 245 | #else |
| 236 | 246 | verbose(VERB_ALGO, "outgoing tcp:" |
| 333 | 343 | if(outnet->tcp_wait_last == w) |
| 334 | 344 | outnet->tcp_wait_last = NULL; |
| 335 | 345 | if(!outnet_tcp_take_into_use(w, w->pkt, w->pkt_len)) { |
| 336 | comm_point_callback_t* cb = w->cb; | |
| 346 | comm_point_callback_type* cb = w->cb; | |
| 337 | 347 | void* cb_arg = w->cb_arg; |
| 338 | 348 | waiting_tcp_delete(w); |
| 339 | 349 | fptr_ok(fptr_whitelist_pending_tcp(cb)); |
| 774 | 784 | |
| 775 | 785 | /** helper pending delete */ |
| 776 | 786 | static void |
| 777 | pending_node_del(rbnode_t* node, void* arg) | |
| 787 | pending_node_del(rbnode_type* node, void* arg) | |
| 778 | 788 | { |
| 779 | 789 | struct pending* pend = (struct pending*)node; |
| 780 | 790 | struct outside_network* outnet = (struct outside_network*)arg; |
| 783 | 793 | |
| 784 | 794 | /** helper serviced delete */ |
| 785 | 795 | static void |
| 786 | serviced_node_del(rbnode_t* node, void* ATTR_UNUSED(arg)) | |
| 796 | serviced_node_del(rbnode_type* node, void* ATTR_UNUSED(arg)) | |
| 787 | 797 | { |
| 788 | 798 | struct serviced_query* sq = (struct serviced_query*)node; |
| 789 | 799 | struct service_callback* p = sq->cblist, *np; |
| 965 | 975 | } |
| 966 | 976 | fd = create_udp_sock(AF_INET6, SOCK_DGRAM, |
| 967 | 977 | (struct sockaddr*)&sa, addrlen, 1, inuse, &noproto, |
| 968 | 0, 0, 0, NULL, 0, freebind); | |
| 978 | 0, 0, 0, NULL, 0, freebind, 0); | |
| 969 | 979 | } else { |
| 970 | 980 | struct sockaddr_in* sa = (struct sockaddr_in*)addr; |
| 971 | 981 | sa->sin_port = (in_port_t)htons((uint16_t)port); |
| 972 | 982 | fd = create_udp_sock(AF_INET, SOCK_DGRAM, |
| 973 | 983 | (struct sockaddr*)addr, addrlen, 1, inuse, &noproto, |
| 974 | 0, 0, 0, NULL, 0, 0); | |
| 984 | 0, 0, 0, NULL, 0, 0, 0); | |
| 975 | 985 | } |
| 976 | 986 | return fd; |
| 977 | 987 | } |
| 1123 | 1133 | |
| 1124 | 1134 | struct pending* |
| 1125 | 1135 | pending_udp_query(struct serviced_query* sq, struct sldns_buffer* packet, |
| 1126 | int timeout, comm_point_callback_t* cb, void* cb_arg) | |
| 1136 | int timeout, comm_point_callback_type* cb, void* cb_arg) | |
| 1127 | 1137 | { |
| 1128 | 1138 | struct pending* pend = (struct pending*)calloc(1, sizeof(*pend)); |
| 1129 | 1139 | if(!pend) return NULL; |
| 1173 | 1183 | { |
| 1174 | 1184 | struct waiting_tcp* w = (struct waiting_tcp*)arg; |
| 1175 | 1185 | struct outside_network* outnet = w->outnet; |
| 1176 | comm_point_callback_t* cb; | |
| 1186 | comm_point_callback_type* cb; | |
| 1177 | 1187 | void* cb_arg; |
| 1178 | 1188 | if(w->pkt) { |
| 1179 | 1189 | /* it is on the waiting list */ |
| 1196 | 1206 | |
| 1197 | 1207 | struct waiting_tcp* |
| 1198 | 1208 | pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, |
| 1199 | int timeout, comm_point_callback_t* callback, void* callback_arg) | |
| 1209 | int timeout, comm_point_callback_type* callback, void* callback_arg) | |
| 1200 | 1210 | { |
| 1201 | 1211 | struct pending_tcp* pend = sq->outnet->tcp_free; |
| 1202 | 1212 | struct waiting_tcp* w; |
| 1300 | 1310 | { |
| 1301 | 1311 | struct serviced_query* sq = (struct serviced_query*)malloc(sizeof(*sq)); |
| 1302 | 1312 | #ifdef UNBOUND_DEBUG |
| 1303 | rbnode_t* ins; | |
| 1313 | rbnode_type* ins; | |
| 1304 | 1314 | #endif |
| 1305 | 1315 | if(!sq) |
| 1306 | 1316 | return NULL; |
| 1537 | 1547 | static int |
| 1538 | 1548 | serviced_check_qname(sldns_buffer* pkt, uint8_t* qbuf, size_t qbuflen) |
| 1539 | 1549 | { |
| 1540 | uint8_t* d1 = sldns_buffer_at(pkt, 12); | |
| 1550 | uint8_t* d1 = sldns_buffer_begin(pkt)+12; | |
| 1541 | 1551 | uint8_t* d2 = qbuf+10; |
| 1542 | 1552 | uint8_t len1, len2; |
| 1543 | 1553 | int count = 0; |
| 1554 | if(sldns_buffer_limit(pkt) < 12+1+4) /* packet too small for qname */ | |
| 1555 | return 0; | |
| 1544 | 1556 | log_assert(qbuflen >= 15 /* 10 header, root, type, class */); |
| 1545 | 1557 | len1 = *d1++; |
| 1546 | 1558 | len2 = *d2++; |
| 1547 | if(sldns_buffer_limit(pkt) < 12+1+4) /* packet too small for qname */ | |
| 1548 | return 0; | |
| 1549 | 1559 | while(len1 != 0 || len2 != 0) { |
| 1550 | 1560 | if(LABEL_IS_PTR(len1)) { |
| 1551 | d1 = sldns_buffer_at(pkt, PTR_OFFSET(len1, *d1)); | |
| 1561 | /* check if we can read *d1 with compression ptr rest */ | |
| 1562 | if(d1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt))) | |
| 1563 | return 0; | |
| 1564 | d1 = sldns_buffer_begin(pkt)+PTR_OFFSET(len1, *d1); | |
| 1565 | /* check if we can read the destination *d1 */ | |
| 1552 | 1566 | if(d1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt))) |
| 1553 | 1567 | return 0; |
| 1554 | 1568 | len1 = *d1++; |
| 1561 | 1575 | if(len1 != len2) |
| 1562 | 1576 | return 0; |
| 1563 | 1577 | if(len1 > LDNS_MAX_LABELLEN) |
| 1578 | return 0; | |
| 1579 | /* check len1 + 1(next length) are okay to read */ | |
| 1580 | if(d1+len1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt))) | |
| 1564 | 1581 | return 0; |
| 1565 | 1582 | log_assert(len1 <= LDNS_MAX_LABELLEN); |
| 1566 | 1583 | log_assert(len2 <= LDNS_MAX_LABELLEN); |
| 1586 | 1603 | uint8_t *backup_p = NULL; |
| 1587 | 1604 | size_t backlen = 0; |
| 1588 | 1605 | #ifdef UNBOUND_DEBUG |
| 1589 | rbnode_t* rem = | |
| 1606 | rbnode_type* rem = | |
| 1590 | 1607 | #else |
| 1591 | 1608 | (void) |
| 1592 | 1609 | #endif |
| 1989 | 2006 | int nocaps, int tcp_upstream, int ssl_upstream, |
| 1990 | 2007 | struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, |
| 1991 | 2008 | size_t zonelen, struct module_qstate* qstate, |
| 1992 | comm_point_callback_t* callback, void* callback_arg, sldns_buffer* buff, | |
| 2009 | comm_point_callback_type* callback, void* callback_arg, sldns_buffer* buff, | |
| 1993 | 2010 | struct module_env* env) |
| 1994 | 2011 | { |
| 1995 | 2012 | struct serviced_query* sq; |
| 122 | 122 | struct pending* udp_wait_last; |
| 123 | 123 | |
| 124 | 124 | /** pending udp answers. sorted by id, addr */ |
| 125 | rbtree_t* pending; | |
| 125 | rbtree_type* pending; | |
| 126 | 126 | /** serviced queries, sorted by qbuf, addr, dnssec */ |
| 127 | rbtree_t* serviced; | |
| 127 | rbtree_type* serviced; | |
| 128 | 128 | /** host cache, pointer but not owned by outnet. */ |
| 129 | 129 | struct infra_cache* infra; |
| 130 | 130 | /** where to get random numbers */ |
| 209 | 209 | */ |
| 210 | 210 | struct pending { |
| 211 | 211 | /** redblacktree entry, key is the pending struct(id, addr). */ |
| 212 | rbnode_t node; | |
| 212 | rbnode_type node; | |
| 213 | 213 | /** the ID for the query. int so that a value out of range can |
| 214 | 214 | * be used to signify a pending that is for certain not present in |
| 215 | 215 | * the rbtree. (and for which deletion is safe). */ |
| 223 | 223 | /** timeout event */ |
| 224 | 224 | struct comm_timer* timer; |
| 225 | 225 | /** callback for the timeout, error or reply to the message */ |
| 226 | comm_point_callback_t* cb; | |
| 226 | comm_point_callback_type* cb; | |
| 227 | 227 | /** callback user argument */ |
| 228 | 228 | void* cb_arg; |
| 229 | 229 | /** the outside network it is part of */ |
| 284 | 284 | /** length of query packet. */ |
| 285 | 285 | size_t pkt_len; |
| 286 | 286 | /** callback for the timeout, error or reply to the message */ |
| 287 | comm_point_callback_t* cb; | |
| 287 | comm_point_callback_type* cb; | |
| 288 | 288 | /** callback user argument */ |
| 289 | 289 | void* cb_arg; |
| 290 | 290 | /** if it uses ssl upstream */ |
| 298 | 298 | /** next in callback list */ |
| 299 | 299 | struct service_callback* next; |
| 300 | 300 | /** callback function */ |
| 301 | comm_point_callback_t* cb; | |
| 301 | comm_point_callback_type* cb; | |
| 302 | 302 | /** user argument for callback function */ |
| 303 | 303 | void* cb_arg; |
| 304 | 304 | }; |
| 316 | 316 | */ |
| 317 | 317 | struct serviced_query { |
| 318 | 318 | /** The rbtree node, key is this record */ |
| 319 | rbnode_t node; | |
| 319 | rbnode_type node; | |
| 320 | 320 | /** The query that needs to be answered. Starts with flags u16, |
| 321 | 321 | * then qdcount, ..., including qname, qtype, qclass. Does not include |
| 322 | 322 | * EDNS record. */ |
| 442 | 442 | * @return: NULL on error for malloc or socket. Else the pending query object. |
| 443 | 443 | */ |
| 444 | 444 | struct pending* pending_udp_query(struct serviced_query* sq, |
| 445 | struct sldns_buffer* packet, int timeout, comm_point_callback_t* callback, | |
| 445 | struct sldns_buffer* packet, int timeout, comm_point_callback_type* callback, | |
| 446 | 446 | void* callback_arg); |
| 447 | 447 | |
| 448 | 448 | /** |
| 458 | 458 | * @return: false on error for malloc or socket. Else the pending TCP object. |
| 459 | 459 | */ |
| 460 | 460 | struct waiting_tcp* pending_tcp_query(struct serviced_query* sq, |
| 461 | struct sldns_buffer* packet, int timeout, comm_point_callback_t* callback, | |
| 461 | struct sldns_buffer* packet, int timeout, comm_point_callback_type* callback, | |
| 462 | 462 | void* callback_arg); |
| 463 | 463 | |
| 464 | 464 | /** |
| 503 | 503 | int nocaps, int tcp_upstream, int ssl_upstream, |
| 504 | 504 | struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, |
| 505 | 505 | size_t zonelen, struct module_qstate* qstate, |
| 506 | comm_point_callback_t* callback, void* callback_arg, | |
| 506 | comm_point_callback_type* callback, void* callback_arg, | |
| 507 | 507 | struct sldns_buffer* buff, struct module_env* env); |
| 508 | 508 | |
| 509 | 509 | /** |
| 65 | 65 | return v; |
| 66 | 66 | } |
| 67 | 67 | |
| 68 | /** This prototype is defined in in respip.h, but we want to avoid | |
| 69 | * unnecessary dependencies */ | |
| 70 | void respip_set_delete(struct respip_set *set); | |
| 71 | ||
| 68 | 72 | void |
| 69 | 73 | view_delete(struct view* v) |
| 70 | 74 | { |
| 72 | 76 | return; |
| 73 | 77 | lock_rw_destroy(&v->lock); |
| 74 | 78 | local_zones_delete(v->local_zones); |
| 79 | respip_set_delete(v->respip_set); | |
| 75 | 80 | free(v->name); |
| 76 | 81 | free(v); |
| 77 | 82 | } |
| 78 | 83 | |
| 79 | 84 | static void |
| 80 | delviewnode(rbnode_t* n, void* ATTR_UNUSED(arg)) | |
| 85 | delviewnode(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 81 | 86 | { |
| 82 | 87 | struct view* v = (struct view*)n; |
| 83 | 88 | view_delete(v); |
| 106 | 111 | return NULL; |
| 107 | 112 | } |
| 108 | 113 | lock_rw_init(&v->lock); |
| 109 | lock_protect(&v->lock, &v->name, sizeof(*v)-sizeof(rbnode_t)); | |
| 114 | lock_protect(&v->lock, &v->name, sizeof(*v)-sizeof(rbnode_type)); | |
| 110 | 115 | return v; |
| 111 | 116 | } |
| 112 | 117 | |
| 161 | 166 | lz_cfg.local_data = cv->local_data; |
| 162 | 167 | lz_cfg.local_zones_nodefault = |
| 163 | 168 | cv->local_zones_nodefault; |
| 169 | if(v->isfirst) { | |
| 170 | /* Do not add defaults to view-specific | |
| 171 | * local-zone when global local zone will be | |
| 172 | * used. */ | |
| 173 | struct config_strlist* nd; | |
| 174 | lz_cfg.local_zones_disable_default = 1; | |
| 175 | /* Add nodefault zones to list of zones to add, | |
| 176 | * so they will be used as if they are | |
| 177 | * configured as type transparent */ | |
| 178 | for(nd = cv->local_zones_nodefault; nd; | |
| 179 | nd = nd->next) { | |
| 180 | char* nd_str, *nd_type; | |
| 181 | nd_str = strdup(nd->str); | |
| 182 | if(!nd_str) { | |
| 183 | log_err("out of memory"); | |
| 184 | lock_rw_unlock(&v->lock); | |
| 185 | return 0; | |
| 186 | } | |
| 187 | nd_type = strdup("nodefault"); | |
| 188 | if(!nd_type) { | |
| 189 | log_err("out of memory"); | |
| 190 | free(nd_str); | |
| 191 | lock_rw_unlock(&v->lock); | |
| 192 | return 0; | |
| 193 | } | |
| 194 | if(!cfg_str2list_insert( | |
| 195 | &lz_cfg.local_zones, nd_str, | |
| 196 | nd_type)) { | |
| 197 | log_err("failed to insert " | |
| 198 | "default zones into " | |
| 199 | "local-zone list"); | |
| 200 | free(nd_str); | |
| 201 | free(nd_type); | |
| 202 | lock_rw_unlock(&v->lock); | |
| 203 | return 0; | |
| 204 | } | |
| 205 | } | |
| 206 | } | |
| 164 | 207 | if(!local_zones_apply_cfg(v->local_zones, &lz_cfg)){ |
| 165 | 208 | lock_rw_unlock(&v->lock); |
| 166 | 209 | return 0; |
| 46 | 46 | struct regional; |
| 47 | 47 | struct config_file; |
| 48 | 48 | struct config_view; |
| 49 | struct respip_set; | |
| 49 | 50 | |
| 50 | 51 | |
| 51 | 52 | /** |
| 53 | 54 | */ |
| 54 | 55 | struct views { |
| 55 | 56 | /** lock on the view tree */ |
| 56 | lock_rw_t lock; | |
| 57 | lock_rw_type lock; | |
| 57 | 58 | /** rbtree of struct view */ |
| 58 | rbtree_t vtree; | |
| 59 | rbtree_type vtree; | |
| 59 | 60 | }; |
| 60 | 61 | |
| 61 | 62 | /** |
| 63 | 64 | */ |
| 64 | 65 | struct view { |
| 65 | 66 | /** rbtree node, key is name */ |
| 66 | rbnode_t node; | |
| 67 | rbnode_type node; | |
| 67 | 68 | /** view name. |
| 68 | 69 | * Has to be right after rbnode_t due to pointer arithmatic in |
| 69 | 70 | * view_create's lock protect */ |
| 70 | 71 | char* name; |
| 71 | 72 | /** view specific local authority zones */ |
| 72 | 73 | struct local_zones* local_zones; |
| 74 | /** response-ip configuration data for this view */ | |
| 75 | struct respip_set* respip_set; | |
| 73 | 76 | /** Fallback to global local_zones when there is no match in the view |
| 74 | 77 | * specific tree. 1 for yes, 0 for no */ |
| 75 | 78 | int isfirst; |
| 76 | 79 | /** lock on the data in the structure |
| 77 | * For the node and name you | |
| 78 | * need to also hold the views_tree lock to change them (or to | |
| 79 | * delete this view) */ | |
| 80 | lock_rw_t lock; | |
| 80 | * For the node and name you need to also hold the views_tree lock to | |
| 81 | * change them. */ | |
| 82 | lock_rw_type lock; | |
| 81 | 83 | }; |
| 82 | 84 | |
| 83 | 85 | |
| 387 | 387 | } |
| 388 | 388 | #endif /* USE_ECDSA */ |
| 389 | 389 | |
| 390 | #ifdef USE_ED25519 | |
| 391 | EVP_PKEY* | |
| 392 | sldns_ed255192pkey_raw(const unsigned char* key, size_t keylen) | |
| 393 | { | |
| 394 | /* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */ | |
| 395 | uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, | |
| 396 | 0x70, 0x03, 0x21, 0x00}; | |
| 397 | int pre_len = 12; | |
| 398 | uint8_t buf[256]; | |
| 399 | EVP_PKEY *evp_key; | |
| 400 | /* pp gets modified by d2i() */ | |
| 401 | const unsigned char* pp = (unsigned char*)buf; | |
| 402 | if(keylen != 32 || keylen + pre_len > sizeof(buf)) | |
| 403 | return NULL; /* wrong length */ | |
| 404 | memmove(buf, pre, pre_len); | |
| 405 | memmove(buf+pre_len, key, keylen); | |
| 406 | evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen)); | |
| 407 | return evp_key; | |
| 408 | } | |
| 409 | #endif /* USE_ED25519 */ | |
| 410 | ||
| 390 | 411 | int |
| 391 | 412 | sldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest, |
| 392 | 413 | const EVP_MD* md) |
| 92 | 92 | RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len); |
| 93 | 93 | |
| 94 | 94 | /** |
| 95 | * Converts a holding buffer with key material to EVP PKEY in openssl. | |
| 96 | * Only available if ldns was compiled with ED25519. | |
| 97 | * \param[in] key the uncompressed wireformat of the key. | |
| 98 | * \param[in] len length of key data | |
| 99 | * \return the key or NULL on error. | |
| 100 | */ | |
| 101 | EVP_PKEY* sldns_ed255192pkey_raw(const unsigned char* key, size_t len); | |
| 102 | ||
| 103 | /** | |
| 95 | 104 | * Utility function to calculate hash using generic EVP_MD pointer. |
| 96 | 105 | * \param[in] data the data to hash. |
| 97 | 106 | * \param[in] len length of data. |
| 118 | 118 | /* in parentheses */ |
| 119 | 119 | if (line_nr) { |
| 120 | 120 | *line_nr = *line_nr + 1; |
| 121 | } | |
| 122 | if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { | |
| 123 | *t = '\0'; | |
| 124 | return -1; | |
| 121 | 125 | } |
| 122 | 126 | *t++ = ' '; |
| 123 | 127 | prev_c = c; |
| 174 | 174 | LDNS_RDF_TYPE_TIME, |
| 175 | 175 | LDNS_RDF_TYPE_TIME, |
| 176 | 176 | LDNS_RDF_TYPE_INT16, |
| 177 | LDNS_RDF_TYPE_INT16, | |
| 177 | LDNS_RDF_TYPE_TSIGERROR, | |
| 178 | 178 | LDNS_RDF_TYPE_INT16_DATA, |
| 179 | 179 | LDNS_RDF_TYPE_INT16_DATA, |
| 180 | 180 | }; |
| 184 | 184 | LDNS_RDF_TYPE_INT16, |
| 185 | 185 | LDNS_RDF_TYPE_INT16_DATA, |
| 186 | 186 | LDNS_RDF_TYPE_INT16, |
| 187 | LDNS_RDF_TYPE_INT16, | |
| 187 | LDNS_RDF_TYPE_TSIGERROR, | |
| 188 | 188 | LDNS_RDF_TYPE_INT16_DATA |
| 189 | 189 | }; |
| 190 | 190 | static const sldns_rdf_type type_tlsa_wireformat[] = { |
| 340 | 340 | {LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, |
| 341 | 341 | /* 52 */ |
| 342 | 342 | {LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, |
| 343 | ||
| 343 | /*53 */ | |
| 344 | #ifdef DRAFT_RRTYPES | |
| 345 | {LDNS_RR_TYPE_SMIMEA, "SMIMEA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, | |
| 346 | #else | |
| 344 | 347 | {LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, |
| 348 | #endif | |
| 345 | 349 | {LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, |
| 346 | 350 | /* 55 |
| 347 | 351 | * Hip ends with 0 or more Rendezvous Servers represented as dname's. |
| 599 | 603 | {LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, |
| 600 | 604 | /* 257 */ |
| 601 | 605 | {LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, |
| 606 | #ifdef DRAFT_RRTYPES | |
| 607 | /* 258 */ | |
| 608 | {LDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, | |
| 609 | #else | |
| 610 | {LDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, | |
| 611 | #endif | |
| 602 | 612 | |
| 603 | 613 | /* split in array, no longer contiguous */ |
| 604 | 614 | |
| 37 | 37 | #define LDNS_KEY_REVOKE_KEY 0x0080 /* used to revoke KSK, rfc 5011 */ |
| 38 | 38 | |
| 39 | 39 | /* The first fields are contiguous and can be referenced instantly */ |
| 40 | #define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258 | |
| 40 | #define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 259 | |
| 41 | 41 | |
| 42 | 42 | /** lookuptable for rr classes */ |
| 43 | 43 | extern struct sldns_struct_lookup_table* sldns_rr_classes; |
| 225 | 225 | LDNS_RR_TYPE_ANY = 255, |
| 226 | 226 | LDNS_RR_TYPE_URI = 256, /* RFC 7553 */ |
| 227 | 227 | LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */ |
| 228 | LDNS_RR_TYPE_AVC = 258, | |
| 228 | 229 | |
| 229 | 230 | /** DNSSEC Trust Authorities */ |
| 230 | 231 | LDNS_RR_TYPE_TA = 32768, |
| 349 | 350 | */ |
| 350 | 351 | LDNS_RDF_TYPE_LONG_STR, |
| 351 | 352 | |
| 353 | /** TSIG extended 16bit error value */ | |
| 354 | LDNS_RDF_TYPE_TSIGERROR, | |
| 355 | ||
| 352 | 356 | /* Aliases */ |
| 353 | 357 | LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC |
| 354 | 358 | }; |
| 371 | 375 | LDNS_ECC_GOST = 12, /* RFC 5933 */ |
| 372 | 376 | LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ |
| 373 | 377 | LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ |
| 378 | LDNS_ED25519 = 15, /* RFC 8080 */ | |
| 379 | LDNS_ED448 = 16, /* RFC 8080 */ | |
| 374 | 380 | LDNS_INDIRECT = 252, |
| 375 | 381 | LDNS_PRIVATEDNS = 253, |
| 376 | 382 | LDNS_PRIVATEOID = 254 |
| 419 | 425 | LDNS_EDNS_DAU = 5, /* RFC6975 */ |
| 420 | 426 | LDNS_EDNS_DHU = 6, /* RFC6975 */ |
| 421 | 427 | LDNS_EDNS_N3U = 7, /* RFC6975 */ |
| 422 | LDNS_EDNS_CLIENT_SUBNET = 8, /* draft-vandergaast-edns-client-subnet */ | |
| 428 | LDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */ | |
| 429 | LDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/ | |
| 423 | 430 | LDNS_EDNS_PADDING = 12 /* RFC7830 */ |
| 424 | 431 | }; |
| 425 | 432 | typedef enum sldns_enum_edns_option sldns_edns_option; |
| 426 | 433 | |
| 427 | 434 | #define LDNS_EDNS_MASK_DO_BIT 0x8000 |
| 435 | ||
| 436 | /** TSIG and TKEY extended rcodes (16bit), 0-15 are the normal rcodes. */ | |
| 437 | #define LDNS_TSIG_ERROR_NOERROR 0 | |
| 438 | #define LDNS_TSIG_ERROR_BADSIG 16 | |
| 439 | #define LDNS_TSIG_ERROR_BADKEY 17 | |
| 440 | #define LDNS_TSIG_ERROR_BADTIME 18 | |
| 441 | #define LDNS_TSIG_ERROR_BADMODE 19 | |
| 442 | #define LDNS_TSIG_ERROR_BADNAME 20 | |
| 443 | #define LDNS_TSIG_ERROR_BADALG 21 | |
| 428 | 444 | |
| 429 | 445 | /** |
| 430 | 446 | * Contains all information about resource record types. |
| 32 | 32 | buffer->_position = 0; |
| 33 | 33 | buffer->_limit = buffer->_capacity = capacity; |
| 34 | 34 | buffer->_fixed = 0; |
| 35 | buffer->_vfixed = 0; | |
| 35 | 36 | buffer->_status_err = 0; |
| 36 | 37 | |
| 37 | 38 | sldns_buffer_invariant(buffer); |
| 47 | 48 | buffer->_position = 0; |
| 48 | 49 | buffer->_limit = buffer->_capacity = size; |
| 49 | 50 | buffer->_fixed = 0; |
| 51 | buffer->_vfixed = 0; | |
| 52 | if (!buffer->_fixed && buffer->_data) | |
| 53 | free(buffer->_data); | |
| 50 | 54 | buffer->_data = malloc(size); |
| 51 | 55 | if(!buffer->_data) { |
| 52 | 56 | buffer->_status_err = 1; |
| 65 | 69 | buffer->_data = data; |
| 66 | 70 | buffer->_capacity = buffer->_limit = size; |
| 67 | 71 | buffer->_fixed = 1; |
| 72 | buffer->_vfixed = 0; | |
| 73 | } | |
| 74 | ||
| 75 | void | |
| 76 | sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size) | |
| 77 | { | |
| 78 | memset(buffer, 0, sizeof(*buffer)); | |
| 79 | buffer->_data = data; | |
| 80 | buffer->_capacity = buffer->_limit = size; | |
| 81 | buffer->_fixed = 1; | |
| 82 | buffer->_vfixed = 1; | |
| 68 | 83 | } |
| 69 | 84 | |
| 70 | 85 | int |
| 73 | 88 | void *data; |
| 74 | 89 | |
| 75 | 90 | sldns_buffer_invariant(buffer); |
| 76 | assert(buffer->_position <= capacity); | |
| 91 | assert(buffer->_position <= capacity && !buffer->_fixed); | |
| 77 | 92 | |
| 78 | 93 | data = (uint8_t *) realloc(buffer->_data, capacity); |
| 79 | 94 | if (!data) { |
| 125 | 140 | if (written == -1) { |
| 126 | 141 | buffer->_status_err = 1; |
| 127 | 142 | return -1; |
| 128 | } else if ((size_t) written >= remaining) { | |
| 143 | } else if (!buffer->_vfixed && (size_t) written >= remaining) { | |
| 129 | 144 | if (!sldns_buffer_reserve(buffer, (size_t) written + 1)) { |
| 130 | 145 | buffer->_status_err = 1; |
| 131 | 146 | return -1; |
| 86 | 86 | } |
| 87 | 87 | |
| 88 | 88 | |
| 89 | INLINE void | |
| 90 | sldns_write_uint48(void *dst, uint64_t data) | |
| 91 | { | |
| 92 | uint8_t *p = (uint8_t *) dst; | |
| 93 | p[0] = (uint8_t) ((data >> 40) & 0xff); | |
| 94 | p[1] = (uint8_t) ((data >> 32) & 0xff); | |
| 95 | p[2] = (uint8_t) ((data >> 24) & 0xff); | |
| 96 | p[3] = (uint8_t) ((data >> 16) & 0xff); | |
| 97 | p[4] = (uint8_t) ((data >> 8) & 0xff); | |
| 98 | p[5] = (uint8_t) (data & 0xff); | |
| 99 | } | |
| 100 | ||
| 101 | ||
| 89 | 102 | /** |
| 90 | 103 | * \file sbuffer.h |
| 91 | 104 | * |
| 115 | 128 | |
| 116 | 129 | /** If the buffer is fixed it cannot be resized */ |
| 117 | 130 | unsigned _fixed : 1; |
| 131 | ||
| 132 | /** If the buffer is vfixed, no more than capacity bytes willl be | |
| 133 | * written to _data, however the _position counter will be updated | |
| 134 | * with the amount that would have been written in consecutive | |
| 135 | * writes. This allows for a modus operandi in which a sequence is | |
| 136 | * written on a fixed capacity buffer (perhaps with _data on stack). | |
| 137 | * When everything could be written, then the _data is immediately | |
| 138 | * usable, if not, then a buffer could be allocated sized precisely | |
| 139 | * to fit the data for a second attempt. | |
| 140 | */ | |
| 141 | unsigned _vfixed : 1; | |
| 118 | 142 | |
| 119 | 143 | /** The current state of the buffer. If writing to the buffer fails |
| 120 | 144 | * for any reason, this value is changed. This way, you can perform |
| 133 | 157 | sldns_buffer_invariant(sldns_buffer *buffer) |
| 134 | 158 | { |
| 135 | 159 | assert(buffer != NULL); |
| 136 | assert(buffer->_position <= buffer->_limit); | |
| 160 | assert(buffer->_position <= buffer->_limit || buffer->_vfixed); | |
| 137 | 161 | assert(buffer->_limit <= buffer->_capacity); |
| 138 | assert(buffer->_data != NULL); | |
| 162 | assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0)); | |
| 139 | 163 | } |
| 140 | 164 | #endif |
| 141 | 165 | |
| 168 | 192 | void sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size); |
| 169 | 193 | |
| 170 | 194 | /** |
| 195 | * Setup a buffer with the data pointed to. No data copied, no memory allocs. | |
| 196 | * The buffer is "virtually" fixed. Writes beyond size (the capacity) will | |
| 197 | * only update position, but no data will be written beyond capacity. This | |
| 198 | * allows to determine how big the buffer should have been to contain all the | |
| 199 | * written data, by looking at the position with sldns_buffer_position(), | |
| 200 | * similarly to the return value of POSIX's snprintf. | |
| 201 | * \param[in] buffer pointer to the buffer to put the data in | |
| 202 | * \param[in] data the data to encapsulate in the buffer | |
| 203 | * \param[in] size the size of the data | |
| 204 | */ | |
| 205 | void sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size); | |
| 206 | ||
| 207 | /** | |
| 171 | 208 | * clears the buffer and make it ready for writing. The buffer's limit |
| 172 | 209 | * is set to the capacity and the position is set to 0. |
| 173 | 210 | * \param[in] buffer the buffer to clear |
| 230 | 267 | INLINE void |
| 231 | 268 | sldns_buffer_set_position(sldns_buffer *buffer, size_t mark) |
| 232 | 269 | { |
| 233 | assert(mark <= buffer->_limit); | |
| 270 | assert(mark <= buffer->_limit || buffer->_vfixed); | |
| 234 | 271 | buffer->_position = mark; |
| 235 | 272 | } |
| 236 | 273 | |
| 244 | 281 | INLINE void |
| 245 | 282 | sldns_buffer_skip(sldns_buffer *buffer, ssize_t count) |
| 246 | 283 | { |
| 247 | assert(buffer->_position + count <= buffer->_limit); | |
| 284 | assert(buffer->_position + count <= buffer->_limit || buffer->_vfixed); | |
| 248 | 285 | buffer->_position += count; |
| 249 | 286 | } |
| 250 | 287 | |
| 316 | 353 | INLINE uint8_t * |
| 317 | 354 | sldns_buffer_at(const sldns_buffer *buffer, size_t at) |
| 318 | 355 | { |
| 319 | assert(at <= buffer->_limit); | |
| 356 | assert(at <= buffer->_limit || buffer->_vfixed); | |
| 320 | 357 | return buffer->_data + at; |
| 321 | 358 | } |
| 322 | 359 | |
| 366 | 403 | sldns_buffer_remaining_at(sldns_buffer *buffer, size_t at) |
| 367 | 404 | { |
| 368 | 405 | sldns_buffer_invariant(buffer); |
| 369 | assert(at <= buffer->_limit); | |
| 370 | return buffer->_limit - at; | |
| 406 | assert(at <= buffer->_limit || buffer->_vfixed); | |
| 407 | return at < buffer->_limit ? buffer->_limit - at : 0; | |
| 371 | 408 | } |
| 372 | 409 | |
| 373 | 410 | /** |
| 419 | 456 | INLINE void |
| 420 | 457 | sldns_buffer_write_at(sldns_buffer *buffer, size_t at, const void *data, size_t count) |
| 421 | 458 | { |
| 422 | assert(sldns_buffer_available_at(buffer, at, count)); | |
| 459 | if (!buffer->_vfixed) | |
| 460 | assert(sldns_buffer_available_at(buffer, at, count)); | |
| 461 | else if (sldns_buffer_remaining_at(buffer, at) == 0) | |
| 462 | return; | |
| 463 | else if (count > sldns_buffer_remaining_at(buffer, at)) { | |
| 464 | memcpy(buffer->_data + at, data, | |
| 465 | sldns_buffer_remaining_at(buffer, at)); | |
| 466 | return; | |
| 467 | } | |
| 423 | 468 | memcpy(buffer->_data + at, data, count); |
| 424 | 469 | } |
| 470 | ||
| 471 | /** | |
| 472 | * set the given byte to the buffer at the specified position | |
| 473 | * \param[in] buffer the buffer | |
| 474 | * \param[in] at the position (in number of bytes) to write the data at | |
| 475 | * \param[in] c the byte to set to the buffer | |
| 476 | * \param[in] count the number of bytes of bytes to write | |
| 477 | */ | |
| 478 | ||
| 479 | INLINE void | |
| 480 | sldns_buffer_set_at(sldns_buffer *buffer, size_t at, int c, size_t count) | |
| 481 | { | |
| 482 | if (!buffer->_vfixed) | |
| 483 | assert(sldns_buffer_available_at(buffer, at, count)); | |
| 484 | else if (sldns_buffer_remaining_at(buffer, at) == 0) | |
| 485 | return; | |
| 486 | else if (count > sldns_buffer_remaining_at(buffer, at)) { | |
| 487 | memset(buffer->_data + at, c, | |
| 488 | sldns_buffer_remaining_at(buffer, at)); | |
| 489 | return; | |
| 490 | } | |
| 491 | memset(buffer->_data + at, c, count); | |
| 492 | } | |
| 493 | ||
| 425 | 494 | |
| 426 | 495 | /** |
| 427 | 496 | * writes count bytes of data to the current position of the buffer |
| 468 | 537 | INLINE void |
| 469 | 538 | sldns_buffer_write_u8_at(sldns_buffer *buffer, size_t at, uint8_t data) |
| 470 | 539 | { |
| 540 | if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; | |
| 471 | 541 | assert(sldns_buffer_available_at(buffer, at, sizeof(data))); |
| 472 | 542 | buffer->_data[at] = data; |
| 473 | 543 | } |
| 493 | 563 | INLINE void |
| 494 | 564 | sldns_buffer_write_u16_at(sldns_buffer *buffer, size_t at, uint16_t data) |
| 495 | 565 | { |
| 566 | if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; | |
| 496 | 567 | assert(sldns_buffer_available_at(buffer, at, sizeof(data))); |
| 497 | 568 | sldns_write_uint16(buffer->_data + at, data); |
| 498 | 569 | } |
| 518 | 589 | INLINE void |
| 519 | 590 | sldns_buffer_write_u32_at(sldns_buffer *buffer, size_t at, uint32_t data) |
| 520 | 591 | { |
| 592 | if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; | |
| 521 | 593 | assert(sldns_buffer_available_at(buffer, at, sizeof(data))); |
| 522 | 594 | sldns_write_uint32(buffer->_data + at, data); |
| 523 | 595 | } |
| 524 | 596 | |
| 525 | 597 | /** |
| 598 | * writes the given 6 byte integer at the given position in the buffer | |
| 599 | * \param[in] buffer the buffer | |
| 600 | * \param[in] at the position in the buffer | |
| 601 | * \param[in] data the (lower) 48 bits to write | |
| 602 | */ | |
| 603 | INLINE void | |
| 604 | sldns_buffer_write_u48_at(sldns_buffer *buffer, size_t at, uint64_t data) | |
| 605 | { | |
| 606 | if (buffer->_vfixed && at + 6 > buffer->_limit) return; | |
| 607 | assert(sldns_buffer_available_at(buffer, at, 6)); | |
| 608 | sldns_write_uint48(buffer->_data + at, data); | |
| 609 | } | |
| 610 | ||
| 611 | /** | |
| 526 | 612 | * writes the given 4 byte integer at the current position in the buffer |
| 527 | 613 | * \param[in] buffer the buffer |
| 528 | 614 | * \param[in] data the 32 bits to write |
| 532 | 618 | { |
| 533 | 619 | sldns_buffer_write_u32_at(buffer, buffer->_position, data); |
| 534 | 620 | buffer->_position += sizeof(data); |
| 621 | } | |
| 622 | ||
| 623 | /** | |
| 624 | * writes the given 6 byte integer at the current position in the buffer | |
| 625 | * \param[in] buffer the buffer | |
| 626 | * \param[in] data the 48 bits to write | |
| 627 | */ | |
| 628 | INLINE void | |
| 629 | sldns_buffer_write_u48(sldns_buffer *buffer, uint64_t data) | |
| 630 | { | |
| 631 | sldns_buffer_write_u48_at(buffer, buffer->_position, data); | |
| 632 | buffer->_position += 6; | |
| 535 | 633 | } |
| 536 | 634 | |
| 537 | 635 | /** |
| 663 | 663 | &pre_data_pos, delimiters, |
| 664 | 664 | rdftype, &token_strlen)) |
| 665 | 665 | break; |
| 666 | } else if(rdftype == LDNS_RDF_TYPE_INT16_DATA && | |
| 667 | strcmp(token, "0")!=0) { | |
| 668 | /* affix len and b64 fields */ | |
| 669 | if(!sldns_affix_token(strbuf, token, | |
| 670 | &token_len, "ed, &parens, | |
| 671 | &pre_data_pos, delimiters, | |
| 672 | rdftype, &token_strlen)) | |
| 673 | break; | |
| 666 | 674 | } |
| 667 | 675 | |
| 668 | 676 | /* normal RR */ |
| 860 | 868 | /* we can have the situation, where we've read ok, but still got |
| 861 | 869 | * no bytes to play with, in this case size is 0 */ |
| 862 | 870 | if(size == 0) { |
| 871 | if(*len > 0) | |
| 872 | rr[0] = 0; | |
| 863 | 873 | *len = 0; |
| 864 | 874 | *dname_len = 0; |
| 865 | 875 | return LDNS_WIREPARSE_ERR_OK; |
| 867 | 877 | |
| 868 | 878 | if(strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) { |
| 869 | 879 | int s; |
| 880 | strlcpy((char*)rr, line, *len); | |
| 870 | 881 | *len = 0; |
| 871 | 882 | *dname_len = 0; |
| 872 | 883 | if(!parse_state) return LDNS_WIREPARSE_ERR_OK; |
| 877 | 888 | return s; |
| 878 | 889 | } else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) { |
| 879 | 890 | const char* end = NULL; |
| 891 | strlcpy((char*)rr, line, *len); | |
| 880 | 892 | *len = 0; |
| 881 | 893 | *dname_len = 0; |
| 882 | 894 | if(!parse_state) return LDNS_WIREPARSE_ERR_OK; |
| 883 | 895 | parse_state->default_ttl = sldns_str2period( |
| 884 | 896 | sldns_strip_ws(line+5), &end); |
| 885 | 897 | } else if (strncmp(line, "$INCLUDE", 8) == 0) { |
| 898 | strlcpy((char*)rr, line, *len); | |
| 899 | *len = 0; | |
| 900 | *dname_len = 0; | |
| 901 | return LDNS_WIREPARSE_ERR_INCLUDE; | |
| 902 | } else if (strncmp(line, "$", 1) == 0) { | |
| 903 | strlcpy((char*)rr, line, *len); | |
| 886 | 904 | *len = 0; |
| 887 | 905 | *dname_len = 0; |
| 888 | 906 | return LDNS_WIREPARSE_ERR_INCLUDE; |
| 939 | 957 | return sldns_str2wire_time_buf(str, rd, len); |
| 940 | 958 | case LDNS_RDF_TYPE_PERIOD: |
| 941 | 959 | return sldns_str2wire_period_buf(str, rd, len); |
| 960 | case LDNS_RDF_TYPE_TSIGTIME: | |
| 961 | return sldns_str2wire_tsigtime_buf(str, rd, len); | |
| 942 | 962 | case LDNS_RDF_TYPE_LOC: |
| 943 | 963 | return sldns_str2wire_loc_buf(str, rd, len); |
| 944 | 964 | case LDNS_RDF_TYPE_WKS: |
| 963 | 983 | return sldns_str2wire_tag_buf(str, rd, len); |
| 964 | 984 | case LDNS_RDF_TYPE_LONG_STR: |
| 965 | 985 | return sldns_str2wire_long_str_buf(str, rd, len); |
| 986 | case LDNS_RDF_TYPE_TSIGERROR: | |
| 987 | return sldns_str2wire_tsigerror_buf(str, rd, len); | |
| 966 | 988 | case LDNS_RDF_TYPE_HIP: |
| 967 | 989 | return sldns_str2wire_hip_buf(str, rd, len); |
| 968 | 990 | case LDNS_RDF_TYPE_INT16_DATA: |
| 1336 | 1358 | } else { |
| 1337 | 1359 | /* try as-is (a number) */ |
| 1338 | 1360 | return sldns_str2wire_int8_buf(str, rd, len); |
| 1361 | } | |
| 1362 | return LDNS_WIREPARSE_ERR_OK; | |
| 1363 | } | |
| 1364 | ||
| 1365 | int sldns_str2wire_tsigerror_buf(const char* str, uint8_t* rd, size_t* len) | |
| 1366 | { | |
| 1367 | sldns_lookup_table *lt = sldns_lookup_by_name(sldns_tsig_errors, str); | |
| 1368 | if(*len < 2) | |
| 1369 | return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; | |
| 1370 | if(lt) { | |
| 1371 | sldns_write_uint16(rd, (uint16_t)lt->id); | |
| 1372 | *len = 2; | |
| 1373 | } else { | |
| 1374 | /* try as-is (a number) */ | |
| 1375 | return sldns_str2wire_int16_buf(str, rd, len); | |
| 1339 | 1376 | } |
| 1340 | 1377 | return LDNS_WIREPARSE_ERR_OK; |
| 1341 | 1378 | } |
| 1379 | 1416 | sldns_write_uint32(rd, l); |
| 1380 | 1417 | } |
| 1381 | 1418 | *len = 4; |
| 1419 | return LDNS_WIREPARSE_ERR_OK; | |
| 1420 | } | |
| 1421 | ||
| 1422 | int sldns_str2wire_tsigtime_buf(const char* str, uint8_t* rd, size_t* len) | |
| 1423 | { | |
| 1424 | char* end; | |
| 1425 | uint64_t t = (uint64_t)strtol((char*)str, &end, 10); | |
| 1426 | uint16_t high; | |
| 1427 | uint32_t low; | |
| 1428 | if(*end != 0) | |
| 1429 | return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TIME, end-str); | |
| 1430 | if(*len < 6) | |
| 1431 | return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; | |
| 1432 | high = (uint16_t)(t>>32); | |
| 1433 | low = (uint32_t)(t); | |
| 1434 | sldns_write_uint16(rd, high); | |
| 1435 | sldns_write_uint32(rd+2, low); | |
| 1436 | *len = 6; | |
| 1382 | 1437 | return LDNS_WIREPARSE_ERR_OK; |
| 1383 | 1438 | } |
| 1384 | 1439 | |
| 2007 | 2062 | |
| 2008 | 2063 | int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len) |
| 2009 | 2064 | { |
| 2010 | size_t sz = sldns_b64_pton_calculate_size(strlen(str)); | |
| 2065 | char* s; | |
| 2011 | 2066 | int n; |
| 2012 | if(*len < sz+2) | |
| 2013 | return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; | |
| 2014 | if(sz > 65535) | |
| 2067 | n = strtol(str, &s, 10); | |
| 2068 | if(*len < ((size_t)n)+2) | |
| 2069 | return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; | |
| 2070 | if(n > 65535) | |
| 2015 | 2071 | return LDNS_WIREPARSE_ERR_LABEL_OVERFLOW; |
| 2016 | n = sldns_b64_pton(str, rd+2, (*len)-2); | |
| 2072 | ||
| 2073 | if(n == 0) { | |
| 2074 | sldns_write_uint16(rd, 0); | |
| 2075 | *len = 2; | |
| 2076 | return LDNS_WIREPARSE_ERR_OK; | |
| 2077 | } | |
| 2078 | if(*s != ' ') | |
| 2079 | return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_INT, s-(char*)str); | |
| 2080 | s++; | |
| 2081 | while(*s == ' ') | |
| 2082 | s++; | |
| 2083 | ||
| 2084 | n = sldns_b64_pton(s, rd+2, (*len)-2); | |
| 2017 | 2085 | if(n < 0) |
| 2018 | 2086 | return LDNS_WIREPARSE_ERR_SYNTAX_B64; |
| 2019 | 2087 | sldns_write_uint16(rd, (uint16_t)n); |
| 2020 | *len = (size_t)n; | |
| 2021 | return LDNS_WIREPARSE_ERR_OK; | |
| 2022 | } | |
| 2088 | *len = ((size_t)n)+2; | |
| 2089 | return LDNS_WIREPARSE_ERR_OK; | |
| 2090 | } | |
| 236 | 236 | * @param rr: this is malloced by the user and the result is stored here, |
| 237 | 237 | * if an RR is read. If no RR is read this is signalled with the |
| 238 | 238 | * return len set to 0 (for ORIGIN, TTL directives). |
| 239 | * The read line is available in the rr_buf (zero terminated), for | |
| 240 | * $DIRECTIVE style elements. | |
| 239 | 241 | * @param len: on input, the length of the rr buffer. on output the rr len. |
| 240 | 242 | * Buffer size of 64k should be enough. |
| 241 | 243 | * @param dname_len: returns the length of the dname initial part of the rr. |
| 417 | 419 | int sldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len); |
| 418 | 420 | |
| 419 | 421 | /** |
| 422 | * Convert rdf of type LDNS_RDF_TYPE_TSIGTIME from string to wireformat. | |
| 423 | * @param str: the text to convert for this rdata element. | |
| 424 | * @param rd: rdata buffer for the wireformat. | |
| 425 | * @param len: length of rd buffer on input, used length on output. | |
| 426 | * @return 0 on success, error on failure. | |
| 427 | */ | |
| 428 | int sldns_str2wire_tsigtime_buf(const char* str, uint8_t* rd, size_t* len); | |
| 429 | ||
| 430 | /** | |
| 431 | * Convert rdf of type LDNS_RDF_TYPE_TSIGERROR from string to wireformat. | |
| 432 | * @param str: the text to convert for this rdata element. | |
| 433 | * @param rd: rdata buffer for the wireformat. | |
| 434 | * @param len: length of rd buffer on input, used length on output. | |
| 435 | * @return 0 on success, error on failure. | |
| 436 | */ | |
| 437 | int sldns_str2wire_tsigerror_buf(const char* str, uint8_t* rd, size_t* len); | |
| 438 | ||
| 439 | /** | |
| 420 | 440 | * Convert rdf of type LDNS_RDF_TYPE_LOC from string to wireformat. |
| 421 | 441 | * @param str: the text to convert for this rdata element. |
| 422 | 442 | * @param rd: rdata buffer for the wireformat. |
| 46 | 46 | { LDNS_ECC_GOST, "ECC-GOST"}, |
| 47 | 47 | { LDNS_ECDSAP256SHA256, "ECDSAP256SHA256"}, |
| 48 | 48 | { LDNS_ECDSAP384SHA384, "ECDSAP384SHA384"}, |
| 49 | { LDNS_ED25519, "ED25519"}, | |
| 50 | { LDNS_ED448, "ED448"}, | |
| 49 | 51 | { LDNS_INDIRECT, "INDIRECT" }, |
| 50 | 52 | { LDNS_PRIVATEDNS, "PRIVATEDNS" }, |
| 51 | 53 | { LDNS_PRIVATEOID, "PRIVATEOID" }, |
| 164 | 166 | { 6, "DHU" }, |
| 165 | 167 | { 7, "N3U" }, |
| 166 | 168 | { 8, "edns-client-subnet" }, |
| 169 | { 11, "edns-tcp-keepalive"}, | |
| 167 | 170 | { 12, "Padding" }, |
| 168 | 171 | { 0, NULL} |
| 169 | 172 | }; |
| 170 | 173 | sldns_lookup_table* sldns_edns_options = sldns_edns_options_data; |
| 174 | ||
| 175 | static sldns_lookup_table sldns_tsig_errors_data[] = { | |
| 176 | { LDNS_TSIG_ERROR_NOERROR, "NOERROR" }, | |
| 177 | { LDNS_RCODE_FORMERR, "FORMERR" }, | |
| 178 | { LDNS_RCODE_SERVFAIL, "SERVFAIL" }, | |
| 179 | { LDNS_RCODE_NXDOMAIN, "NXDOMAIN" }, | |
| 180 | { LDNS_RCODE_NOTIMPL, "NOTIMPL" }, | |
| 181 | { LDNS_RCODE_REFUSED, "REFUSED" }, | |
| 182 | { LDNS_RCODE_YXDOMAIN, "YXDOMAIN" }, | |
| 183 | { LDNS_RCODE_YXRRSET, "YXRRSET" }, | |
| 184 | { LDNS_RCODE_NXRRSET, "NXRRSET" }, | |
| 185 | { LDNS_RCODE_NOTAUTH, "NOTAUTH" }, | |
| 186 | { LDNS_RCODE_NOTZONE, "NOTZONE" }, | |
| 187 | { LDNS_TSIG_ERROR_BADSIG, "BADSIG" }, | |
| 188 | { LDNS_TSIG_ERROR_BADKEY, "BADKEY" }, | |
| 189 | { LDNS_TSIG_ERROR_BADTIME, "BADTIME" }, | |
| 190 | { LDNS_TSIG_ERROR_BADMODE, "BADMODE" }, | |
| 191 | { LDNS_TSIG_ERROR_BADNAME, "BADNAME" }, | |
| 192 | { LDNS_TSIG_ERROR_BADALG, "BADALG" }, | |
| 193 | { 0, NULL } | |
| 194 | }; | |
| 195 | sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data; | |
| 171 | 196 | |
| 172 | 197 | char* sldns_wire2str_pkt(uint8_t* data, size_t len) |
| 173 | 198 | { |
| 267 | 292 | { |
| 268 | 293 | /* use arguments as temporary variables */ |
| 269 | 294 | return sldns_wire2str_rcode_print(&s, &slen, rcode); |
| 295 | } | |
| 296 | ||
| 297 | int sldns_wire2str_opcode_buf(int opcode, char* s, size_t slen) | |
| 298 | { | |
| 299 | /* use arguments as temporary variables */ | |
| 300 | return sldns_wire2str_opcode_print(&s, &slen, opcode); | |
| 270 | 301 | } |
| 271 | 302 | |
| 272 | 303 | int sldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen) |
| 966 | 997 | return sldns_wire2str_tag_scan(d, dlen, s, slen); |
| 967 | 998 | case LDNS_RDF_TYPE_LONG_STR: |
| 968 | 999 | return sldns_wire2str_long_str_scan(d, dlen, s, slen); |
| 1000 | case LDNS_RDF_TYPE_TSIGERROR: | |
| 1001 | return sldns_wire2str_tsigerror_scan(d, dlen, s, slen); | |
| 969 | 1002 | } |
| 970 | 1003 | /* unknown rdf type */ |
| 971 | 1004 | return -1; |
| 1564 | 1597 | |
| 1565 | 1598 | int sldns_wire2str_int16_data_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) |
| 1566 | 1599 | { |
| 1600 | int w; | |
| 1567 | 1601 | uint16_t n; |
| 1568 | 1602 | if(*dl < 2) |
| 1569 | 1603 | return -1; |
| 1572 | 1606 | return -1; |
| 1573 | 1607 | (*d)+=2; |
| 1574 | 1608 | (*dl)-=2; |
| 1575 | return sldns_wire2str_b64_scan_num(d, dl, s, sl, n); | |
| 1609 | if(n == 0) { | |
| 1610 | return sldns_str_print(s, sl, "0"); | |
| 1611 | } | |
| 1612 | w = sldns_str_print(s, sl, "%u ", (unsigned)n); | |
| 1613 | w += sldns_wire2str_b64_scan_num(d, dl, s, sl, n); | |
| 1614 | return w; | |
| 1576 | 1615 | } |
| 1577 | 1616 | |
| 1578 | 1617 | int sldns_wire2str_nsec3_next_owner_scan(uint8_t** d, size_t* dl, char** s, |
| 1629 | 1668 | if(*dl < 1+n) |
| 1630 | 1669 | return -1; |
| 1631 | 1670 | for(i=0; i<n; i++) |
| 1632 | if(!isalnum((unsigned char)(*d)[i])) | |
| 1671 | if(!isalnum((unsigned char)(*d)[i+1])) | |
| 1633 | 1672 | return -1; |
| 1634 | 1673 | for(i=0; i<n; i++) |
| 1635 | w += sldns_str_print(s, sl, "%c", (char)(*d)[i]); | |
| 1674 | w += sldns_str_print(s, sl, "%c", (char)(*d)[i+1]); | |
| 1636 | 1675 | (*d)+=n+1; |
| 1637 | 1676 | (*dl)-=(n+1); |
| 1638 | 1677 | return w; |
| 1648 | 1687 | w += sldns_str_print(s, sl, "\""); |
| 1649 | 1688 | (*d)+=*dl; |
| 1650 | 1689 | (*dl)=0; |
| 1690 | return w; | |
| 1691 | } | |
| 1692 | ||
| 1693 | int sldns_wire2str_tsigerror_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) | |
| 1694 | { | |
| 1695 | sldns_lookup_table *lt; | |
| 1696 | int data, w; | |
| 1697 | if(*dl < 2) return -1; | |
| 1698 | data = (int)sldns_read_uint16(*d); | |
| 1699 | lt = sldns_lookup_by_id(sldns_tsig_errors, data); | |
| 1700 | if(lt && lt->name) | |
| 1701 | w = sldns_str_print(s, sl, "%s", lt->name); | |
| 1702 | else w = sldns_str_print(s, sl, "%d", data); | |
| 1703 | (*dl)-=2; | |
| 1704 | (*d)+=2; | |
| 1651 | 1705 | return w; |
| 1652 | 1706 | } |
| 1653 | 1707 | |
| 1837 | 1891 | return w; |
| 1838 | 1892 | } |
| 1839 | 1893 | |
| 1894 | int sldns_wire2str_edns_keepalive_print(char** s, size_t* sl, uint8_t* data, | |
| 1895 | size_t len) | |
| 1896 | { | |
| 1897 | int w = 0; | |
| 1898 | uint16_t timeout; | |
| 1899 | if(!(len == 0 || len == 2)) { | |
| 1900 | w += sldns_str_print(s, sl, "malformed keepalive "); | |
| 1901 | w += print_hex_buf(s, sl, data, len); | |
| 1902 | return w; | |
| 1903 | } | |
| 1904 | if(len == 0 ) { | |
| 1905 | w += sldns_str_print(s, sl, "no timeout value (only valid for client option) "); | |
| 1906 | } else { | |
| 1907 | timeout = sldns_read_uint16(data); | |
| 1908 | w += sldns_str_print(s, sl, "timeout value in units of 100ms %u", (int)timeout); | |
| 1909 | } | |
| 1910 | return w; | |
| 1911 | } | |
| 1912 | ||
| 1840 | 1913 | int sldns_wire2str_edns_option_print(char** s, size_t* sl, |
| 1841 | 1914 | uint16_t option_code, uint8_t* optdata, size_t optlen) |
| 1842 | 1915 | { |
| 1865 | 1938 | case LDNS_EDNS_CLIENT_SUBNET: |
| 1866 | 1939 | w += sldns_wire2str_edns_subnet_print(s, sl, optdata, optlen); |
| 1867 | 1940 | break; |
| 1941 | case LDNS_EDNS_KEEPALIVE: | |
| 1942 | w += sldns_wire2str_edns_keepalive_print(s, sl, optdata, optlen); | |
| 1943 | break; | |
| 1868 | 1944 | case LDNS_EDNS_PADDING: |
| 1869 | 1945 | w += print_hex_buf(s, sl, optdata, optlen); |
| 1870 | 1946 | break; |
| 37 | 37 | extern struct sldns_struct_lookup_table* sldns_edns_options; |
| 38 | 38 | /** error string from wireparse */ |
| 39 | 39 | extern struct sldns_struct_lookup_table* sldns_wireparse_errors; |
| 40 | /** tsig errors are the rcodes with extra (higher) values */ | |
| 41 | extern struct sldns_struct_lookup_table* sldns_tsig_errors; | |
| 40 | 42 | |
| 41 | 43 | /** |
| 42 | 44 | * Convert wireformat packet to a string representation |
| 441 | 443 | int sldns_wire2str_rcode_buf(int rcode, char* str, size_t len); |
| 442 | 444 | |
| 443 | 445 | /** |
| 446 | * Convert host format opcode to a string. 'QUERY', 'NOTIFY', 'UPDATE'. | |
| 447 | * With user buffer. | |
| 448 | * @param opcode: opcode as integer in host order | |
| 449 | * @param str: the string to write to. | |
| 450 | * @param len: length of str. | |
| 451 | * @return the number of characters for this element, excluding zerobyte. | |
| 452 | * Is larger or equal than str_len if output was truncated. | |
| 453 | */ | |
| 454 | int sldns_wire2str_opcode_buf(int opcode, char* str, size_t len); | |
| 455 | ||
| 456 | /** | |
| 444 | 457 | * Convert wire dname to a string, "example.com.". With user buffer. |
| 445 | 458 | * @param dname: the dname in uncompressed wireformat. |
| 446 | 459 | * @param dname_len: length of the dname. |
| 796 | 809 | size_t* str_len); |
| 797 | 810 | |
| 798 | 811 | /** |
| 812 | * Scan wireformat tsigerror field to string, with user buffers. | |
| 813 | * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). | |
| 814 | * @param data: wireformat data. | |
| 815 | * @param data_len: length of data buffer. | |
| 816 | * @param str: string buffer. | |
| 817 | * @param str_len: length of string buffer. | |
| 818 | * @return number of characters (except null) needed to print. | |
| 819 | * Can return -1 on failure. | |
| 820 | */ | |
| 821 | int sldns_wire2str_tsigerror_scan(uint8_t** data, size_t* data_len, char** str, | |
| 822 | size_t* str_len); | |
| 823 | ||
| 824 | /** | |
| 799 | 825 | * Scan wireformat nsec3_next_owner field to string, with user buffers. |
| 800 | 826 | * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). |
| 801 | 827 | * @param data: wireformat data. |
| 240 | 240 | get_builtin_ds(void) |
| 241 | 241 | { |
| 242 | 242 | return |
| 243 | ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n"; | |
| 243 | /* The anchors must start on a new line with ". IN DS and end with \n"[;] | |
| 244 | * because the makedist script greps on the source here */ | |
| 245 | /* anchor 19036 is from 2010 */ | |
| 246 | /* anchor 20326 is from 2017 */ | |
| 247 | ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n" | |
| 248 | ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; | |
| 244 | 249 | } |
| 245 | 250 | |
| 246 | 251 | /** print hex data */ |
| 3 | 3 | * Copyright (c) 2007, NLnet Labs. All rights reserved. |
| 4 | 4 | * |
| 5 | 5 | * This software is open source. |
| 6 | * | |
| 6 | * | |
| 7 | 7 | * Redistribution and use in source and binary forms, with or without |
| 8 | 8 | * modification, are permitted provided that the following conditions |
| 9 | 9 | * are met: |
| 10 | * | |
| 10 | * | |
| 11 | 11 | * Redistributions of source code must retain the above copyright notice, |
| 12 | 12 | * this list of conditions and the following disclaimer. |
| 13 | * | |
| 13 | * | |
| 14 | 14 | * Redistributions in binary form must reproduce the above copyright notice, |
| 15 | 15 | * this list of conditions and the following disclaimer in the documentation |
| 16 | 16 | * and/or other materials provided with the distribution. |
| 17 | * | |
| 17 | * | |
| 18 | 18 | * Neither the name of the NLNET LABS nor the names of its contributors may |
| 19 | 19 | * be used to endorse or promote products derived from this software without |
| 20 | 20 | * specific prior written permission. |
| 21 | * | |
| 21 | * | |
| 22 | 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 23 | 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 24 | 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 52 | 52 | #include "iterator/iter_hints.h" |
| 53 | 53 | #include "validator/validator.h" |
| 54 | 54 | #include "services/localzone.h" |
| 55 | #include "services/view.h" | |
| 56 | #include "respip/respip.h" | |
| 55 | 57 | #include "sldns/sbuffer.h" |
| 56 | 58 | #ifdef HAVE_GETOPT_H |
| 57 | 59 | #include <getopt.h> |
| 85 | 87 | exit(1); |
| 86 | 88 | } |
| 87 | 89 | |
| 88 | /** | |
| 89 | * Print given option to stdout | |
| 90 | /** | |
| 91 | * Print given option to stdout | |
| 90 | 92 | * @param cfg: config |
| 91 | * @param opt: option name without trailing :. | |
| 93 | * @param opt: option name without trailing :. | |
| 92 | 94 | * This is different from config_set_option. |
| 93 | 95 | * @param final: if final pathname with chroot applied has to be printed. |
| 94 | 96 | */ |
| 140 | 142 | local_zones_delete(zs); |
| 141 | 143 | } |
| 142 | 144 | |
| 145 | /** check view and response-ip configuration */ | |
| 146 | static void | |
| 147 | view_and_respipchecks(struct config_file* cfg) | |
| 148 | { | |
| 149 | struct views* views = NULL; | |
| 150 | struct respip_set* respip = NULL; | |
| 151 | int ignored = 0; | |
| 152 | if(!(views = views_create())) | |
| 153 | fatal_exit("Could not create views: out of memory"); | |
| 154 | if(!(respip = respip_set_create())) | |
| 155 | fatal_exit("Could not create respip set: out of memory"); | |
| 156 | if(!views_apply_cfg(views, cfg)) | |
| 157 | fatal_exit("Could not set up views"); | |
| 158 | if(!respip_global_apply_cfg(respip, cfg)) | |
| 159 | fatal_exit("Could not setup respip set"); | |
| 160 | if(!respip_views_apply_cfg(views, cfg, &ignored)) | |
| 161 | fatal_exit("Could not setup per-view respip sets"); | |
| 162 | views_delete(views); | |
| 163 | respip_set_delete(respip); | |
| 164 | } | |
| 165 | ||
| 143 | 166 | /** emit warnings for IP in hosts */ |
| 144 | 167 | static void |
| 145 | 168 | warn_hosts(const char* typ, struct config_stub* list) |
| 154 | 177 | fprintf(stderr, "unbound-checkconf: warning:" |
| 155 | 178 | " %s %s: \"%s\" is an IP%s address, " |
| 156 | 179 | "and when looked up as a host name " |
| 157 | "during use may not resolve.\n", | |
| 180 | "during use may not resolve.\n", | |
| 158 | 181 | s->name, typ, h->str, |
| 159 | 182 | addr_is_ip6(&a, alen)?"6":"4"); |
| 160 | 183 | } |
| 206 | 229 | socklen_t alen; |
| 207 | 230 | struct config_str2list* acl; |
| 208 | 231 | for(acl=cfg->acls; acl; acl = acl->next) { |
| 209 | if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, | |
| 232 | if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, | |
| 210 | 233 | &d)) { |
| 211 | 234 | fatal_exit("cannot parse access control address %s %s", |
| 212 | 235 | acl->str, acl->str2); |
| 216 | 239 | |
| 217 | 240 | /** true if fname is a file */ |
| 218 | 241 | static int |
| 219 | is_file(const char* fname) | |
| 242 | is_file(const char* fname) | |
| 220 | 243 | { |
| 221 | 244 | struct stat buf; |
| 222 | 245 | if(stat(fname, &buf) < 0) { |
| 236 | 259 | |
| 237 | 260 | /** true if fname is a directory */ |
| 238 | 261 | static int |
| 239 | is_dir(const char* fname) | |
| 262 | is_dir(const char* fname) | |
| 240 | 263 | { |
| 241 | 264 | struct stat buf; |
| 242 | 265 | if(stat(fname, &buf) < 0) { |
| 281 | 304 | fatal_exit("%s: \"%s\" does not exist in " |
| 282 | 305 | "chrootdir %s", desc, str, chrootdir); |
| 283 | 306 | else |
| 284 | fatal_exit("%s: \"%s\" does not exist", | |
| 307 | fatal_exit("%s: \"%s\" does not exist", | |
| 285 | 308 | desc, str); |
| 286 | 309 | } |
| 287 | 310 | /* put in a new full path for continued checking */ |
| 308 | 331 | struct config_strlist* p; |
| 309 | 332 | for(p=list; p; p=p->next) { |
| 310 | 333 | #ifdef HAVE_GLOB |
| 311 | if(strchr(p->str, '*') || strchr(p->str, '[') || | |
| 312 | strchr(p->str, '?') || strchr(p->str, '{') || | |
| 334 | if(strchr(p->str, '*') || strchr(p->str, '[') || | |
| 335 | strchr(p->str, '?') || strchr(p->str, '{') || | |
| 313 | 336 | strchr(p->str, '~')) { |
| 314 | 337 | char* s = p->str; |
| 315 | 338 | /* adjust whole pattern for chroot and check later */ |
| 346 | 369 | #ifdef UB_ON_WINDOWS |
| 347 | 370 | w_config_adjust_directory(cfg); |
| 348 | 371 | #endif |
| 349 | if(cfg->chrootdir && cfg->chrootdir[0] && | |
| 372 | if(cfg->chrootdir && cfg->chrootdir[0] && | |
| 350 | 373 | cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/') |
| 351 | 374 | fatal_exit("chootdir %s has trailing slash '/' please remove.", |
| 352 | 375 | cfg->chrootdir); |
| 353 | if(cfg->chrootdir && cfg->chrootdir[0] && | |
| 376 | if(cfg->chrootdir && cfg->chrootdir[0] && | |
| 354 | 377 | !is_dir(cfg->chrootdir)) { |
| 355 | 378 | fatal_exit("bad chroot directory"); |
| 356 | 379 | } |
| 392 | 415 | } |
| 393 | 416 | } |
| 394 | 417 | |
| 395 | check_chroot_filelist("file with root-hints", | |
| 418 | check_chroot_filelist("file with root-hints", | |
| 396 | 419 | cfg->root_hints, cfg->chrootdir, cfg); |
| 397 | check_chroot_filelist("trust-anchor-file", | |
| 420 | check_chroot_filelist("trust-anchor-file", | |
| 398 | 421 | cfg->trust_anchor_file_list, cfg->chrootdir, cfg); |
| 399 | check_chroot_filelist("auto-trust-anchor-file", | |
| 422 | check_chroot_filelist("auto-trust-anchor-file", | |
| 400 | 423 | cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg); |
| 401 | check_chroot_filelist_wild("trusted-keys-file", | |
| 424 | check_chroot_filelist_wild("trusted-keys-file", | |
| 402 | 425 | cfg->trusted_keys_file_list, cfg->chrootdir, cfg); |
| 403 | check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file, | |
| 426 | check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file, | |
| 404 | 427 | cfg->chrootdir, cfg); |
| 428 | #ifdef USE_IPSECMOD | |
| 429 | check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, cfg->chrootdir, | |
| 430 | cfg); | |
| 431 | #endif | |
| 405 | 432 | /* remove chroot setting so that modules are not stripping pathnames*/ |
| 406 | 433 | free(cfg->chrootdir); |
| 407 | 434 | cfg->chrootdir = NULL; |
| 408 | ||
| 409 | if(strcmp(cfg->module_conf, "iterator") != 0 | |
| 435 | ||
| 436 | /* There should be no reason for 'respip' module not to work with | |
| 437 | * dns64, but it's not explicitly confirmed, so the combination is | |
| 438 | * excluded below. It's simply unknown yet for the combination of | |
| 439 | * respip and other modules. */ | |
| 440 | if(strcmp(cfg->module_conf, "iterator") != 0 | |
| 410 | 441 | && strcmp(cfg->module_conf, "validator iterator") != 0 |
| 411 | 442 | && strcmp(cfg->module_conf, "dns64 validator iterator") != 0 |
| 412 | 443 | && strcmp(cfg->module_conf, "dns64 iterator") != 0 |
| 444 | && strcmp(cfg->module_conf, "respip iterator") != 0 | |
| 445 | && strcmp(cfg->module_conf, "respip validator iterator") != 0 | |
| 413 | 446 | #ifdef WITH_PYTHONMODULE |
| 414 | && strcmp(cfg->module_conf, "python iterator") != 0 | |
| 415 | && strcmp(cfg->module_conf, "python validator iterator") != 0 | |
| 447 | && strcmp(cfg->module_conf, "python iterator") != 0 | |
| 448 | && strcmp(cfg->module_conf, "python validator iterator") != 0 | |
| 416 | 449 | && strcmp(cfg->module_conf, "validator python iterator") != 0 |
| 417 | && strcmp(cfg->module_conf, "dns64 python iterator") != 0 | |
| 418 | && strcmp(cfg->module_conf, "dns64 python validator iterator") != 0 | |
| 450 | && strcmp(cfg->module_conf, "dns64 python iterator") != 0 | |
| 451 | && strcmp(cfg->module_conf, "dns64 python validator iterator") != 0 | |
| 419 | 452 | && strcmp(cfg->module_conf, "dns64 validator python iterator") != 0 |
| 420 | && strcmp(cfg->module_conf, "python dns64 iterator") != 0 | |
| 421 | && strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 | |
| 453 | && strcmp(cfg->module_conf, "python dns64 iterator") != 0 | |
| 454 | && strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 | |
| 422 | 455 | #endif |
| 423 | 456 | #ifdef USE_CACHEDB |
| 424 | 457 | && strcmp(cfg->module_conf, "validator cachedb iterator") != 0 |
| 425 | 458 | && strcmp(cfg->module_conf, "cachedb iterator") != 0 |
| 426 | 459 | && strcmp(cfg->module_conf, "dns64 validator cachedb iterator") != 0 |
| 427 | 460 | && strcmp(cfg->module_conf, "dns64 cachedb iterator") != 0 |
| 461 | #endif | |
| 462 | #if defined(WITH_PYTHONMODULE) && defined(USE_CACHEDB) | |
| 428 | 463 | && strcmp(cfg->module_conf, "python dns64 cachedb iterator") != 0 |
| 429 | 464 | && strcmp(cfg->module_conf, "python dns64 validator cachedb iterator") != 0 |
| 430 | 465 | && strcmp(cfg->module_conf, "dns64 python cachedb iterator") != 0 |
| 434 | 469 | && strcmp(cfg->module_conf, "cachedb python iterator") != 0 |
| 435 | 470 | && strcmp(cfg->module_conf, "validator cachedb python iterator") != 0 |
| 436 | 471 | && strcmp(cfg->module_conf, "validator python cachedb iterator") != 0 |
| 472 | #endif | |
| 473 | #ifdef CLIENT_SUBNET | |
| 474 | && strcmp(cfg->module_conf, "subnetcache iterator") != 0 | |
| 475 | && strcmp(cfg->module_conf, "subnetcache validator iterator") != 0 | |
| 476 | #endif | |
| 477 | #if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET) | |
| 478 | && strcmp(cfg->module_conf, "python subnetcache iterator") != 0 | |
| 479 | && strcmp(cfg->module_conf, "subnetcache python iterator") != 0 | |
| 480 | && strcmp(cfg->module_conf, "subnetcache validator iterator") != 0 | |
| 481 | && strcmp(cfg->module_conf, "python subnetcache validator iterator") != 0 | |
| 482 | && strcmp(cfg->module_conf, "subnetcache python validator iterator") != 0 | |
| 483 | && strcmp(cfg->module_conf, "subnetcache validator python iterator") != 0 | |
| 484 | #endif | |
| 485 | #ifdef USE_IPSECMOD | |
| 486 | && strcmp(cfg->module_conf, "ipsecmod iterator") != 0 | |
| 487 | && strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0 | |
| 488 | #endif | |
| 489 | #if defined(WITH_PYTHONMODULE) && defined(USE_IPSECMOD) | |
| 490 | && strcmp(cfg->module_conf, "python ipsecmod iterator") != 0 | |
| 491 | && strcmp(cfg->module_conf, "ipsecmod python iterator") != 0 | |
| 492 | && strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0 | |
| 493 | && strcmp(cfg->module_conf, "python ipsecmod validator iterator") != 0 | |
| 494 | && strcmp(cfg->module_conf, "ipsecmod python validator iterator") != 0 | |
| 495 | && strcmp(cfg->module_conf, "ipsecmod validator python iterator") != 0 | |
| 437 | 496 | #endif |
| 438 | 497 | ) { |
| 439 | 498 | fatal_exit("module conf '%s' is not known to work", |
| 463 | 522 | } |
| 464 | 523 | |
| 465 | 524 | localzonechecks(cfg); |
| 525 | view_and_respipchecks(cfg); | |
| 466 | 526 | } |
| 467 | 527 | |
| 468 | 528 | /** check forwards */ |
| 57 | 57 | #include "util/config_file.h" |
| 58 | 58 | #include "util/locks.h" |
| 59 | 59 | #include "util/net_help.h" |
| 60 | ||
| 60 | #include "util/shm_side/shm_main.h" | |
| 61 | #include "daemon/stats.h" | |
| 62 | #include "sldns/wire2str.h" | |
| 63 | #include "sldns/pkthdr.h" | |
| 64 | ||
| 65 | #ifdef HAVE_SYS_IPC_H | |
| 66 | #include "sys/ipc.h" | |
| 67 | #endif | |
| 68 | #ifdef HAVE_SYS_SHM_H | |
| 69 | #include "sys/shm.h" | |
| 70 | #endif | |
| 61 | 71 | #ifdef HAVE_SYS_UN_H |
| 62 | 72 | #include <sys/un.h> |
| 63 | 73 | #endif |
| 80 | 90 | printf(" (this flushes data, stats, requestlist)\n"); |
| 81 | 91 | printf(" stats print statistics\n"); |
| 82 | 92 | printf(" stats_noreset peek at statistics\n"); |
| 93 | #ifdef HAVE_SHMGET | |
| 94 | printf(" stats_shm print statistics using shm\n"); | |
| 95 | #endif | |
| 83 | 96 | printf(" status display status of server\n"); |
| 84 | 97 | printf(" verbosity <number> change logging detail\n"); |
| 85 | 98 | printf(" log_reopen close and open the logfile\n"); |
| 88 | 101 | printf(" local_data <RR data...> add local data, for example\n"); |
| 89 | 102 | printf(" local_data www.example.com A 192.0.2.1\n"); |
| 90 | 103 | printf(" local_data_remove <name> remove local RR data from name\n"); |
| 104 | printf(" local_zones, local_zones_remove, local_datas, local_datas_remove\n"); | |
| 105 | printf(" same, but read list from stdin\n"); | |
| 106 | printf(" (one entry per line).\n"); | |
| 91 | 107 | printf(" dump_cache print cache to stdout\n"); |
| 92 | 108 | printf(" load_cache load cache from stdin\n"); |
| 93 | 109 | printf(" lookup <name> print nameservers for name\n"); |
| 123 | 139 | printf(" or off to turn off root forwarding\n"); |
| 124 | 140 | printf(" or give list of ip addresses\n"); |
| 125 | 141 | printf(" ratelimit_list [+a] list ratelimited domains\n"); |
| 142 | printf(" ip_ratelimit_list [+a] list ratelimited ip addresses\n"); | |
| 126 | 143 | printf(" +a list all, also not ratelimited\n"); |
| 144 | printf(" view_list_local_zones view list local-zones in view\n"); | |
| 145 | printf(" view_list_local_data view list local-data RRs in view\n"); | |
| 146 | printf(" view_local_zone view name type add local-zone in view\n"); | |
| 147 | printf(" view_local_zone_remove view name remove local-zone in view\n"); | |
| 148 | printf(" view_local_data view RR... add local-data in view\n"); | |
| 149 | printf(" view_local_data_remove view name remove local-data in view\n"); | |
| 127 | 150 | printf("Version %s\n", PACKAGE_VERSION); |
| 128 | 151 | printf("BSD licensed, see LICENSE in source package for details.\n"); |
| 129 | 152 | printf("Report bugs to %s\n", PACKAGE_BUGREPORT); |
| 130 | 153 | exit(1); |
| 154 | } | |
| 155 | ||
| 156 | #ifdef HAVE_SHMGET | |
| 157 | /** what to put on statistics lines between var and value, ": " or "=" */ | |
| 158 | #define SQ "=" | |
| 159 | /** if true, inhibits a lot of =0 lines from the stats output */ | |
| 160 | static const int inhibit_zero = 1; | |
| 161 | /** divide sum of timers to get average */ | |
| 162 | static void | |
| 163 | timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) | |
| 164 | { | |
| 165 | #ifndef S_SPLINT_S | |
| 166 | size_t leftover; | |
| 167 | if(d == 0) { | |
| 168 | avg->tv_sec = 0; | |
| 169 | avg->tv_usec = 0; | |
| 170 | return; | |
| 171 | } | |
| 172 | avg->tv_sec = sum->tv_sec / d; | |
| 173 | avg->tv_usec = sum->tv_usec / d; | |
| 174 | /* handle fraction from seconds divide */ | |
| 175 | leftover = sum->tv_sec - avg->tv_sec*d; | |
| 176 | avg->tv_usec += (leftover*1000000)/d; | |
| 177 | #endif | |
| 178 | } | |
| 179 | ||
| 180 | /** print unsigned long stats value */ | |
| 181 | #define PR_UL_NM(str, var) printf("%s."str SQ"%lu\n", nm, (unsigned long)(var)); | |
| 182 | #define PR_UL(str, var) printf(str SQ"%lu\n", (unsigned long)(var)); | |
| 183 | #define PR_UL_SUB(str, nm, var) printf(str".%s"SQ"%lu\n", nm, (unsigned long)(var)); | |
| 184 | #define PR_TIMEVAL(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \ | |
| 185 | (long long)var.tv_sec, (int)var.tv_usec); | |
| 186 | #define PR_STATSTIME(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \ | |
| 187 | (long long)var ## _sec, (int)var ## _usec); | |
| 188 | #define PR_LL(str, var) printf(str SQ ARG_LL"d\n", (long long)(var)); | |
| 189 | ||
| 190 | /** print stat block */ | |
| 191 | static void pr_stats(const char* nm, struct ub_stats_info* s) | |
| 192 | { | |
| 193 | struct timeval sumwait, avg; | |
| 194 | PR_UL_NM("num.queries", s->svr.num_queries); | |
| 195 | PR_UL_NM("num.queries_ip_ratelimited", | |
| 196 | s->svr.num_queries_ip_ratelimited); | |
| 197 | PR_UL_NM("num.cachehits", | |
| 198 | s->svr.num_queries - s->svr.num_queries_missed_cache); | |
| 199 | PR_UL_NM("num.cachemiss", s->svr.num_queries_missed_cache); | |
| 200 | PR_UL_NM("num.prefetch", s->svr.num_queries_prefetch); | |
| 201 | PR_UL_NM("num.zero_ttl", s->svr.zero_ttl_responses); | |
| 202 | PR_UL_NM("num.recursivereplies", s->mesh_replies_sent); | |
| 203 | #ifdef USE_DNSCRYPT | |
| 204 | PR_UL_NM("num.dnscrypt.crypted", s->svr.num_query_dnscrypt_crypted); | |
| 205 | PR_UL_NM("num.dnscrypt.cert", s->svr.num_query_dnscrypt_cert); | |
| 206 | PR_UL_NM("num.dnscrypt.cleartext", s->svr.num_query_dnscrypt_cleartext); | |
| 207 | PR_UL_NM("num.dnscrypt.malformed", | |
| 208 | s->svr.num_query_dnscrypt_crypted_malformed); | |
| 209 | #endif | |
| 210 | printf("%s.requestlist.avg"SQ"%g\n", nm, | |
| 211 | (s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)? | |
| 212 | (double)s->svr.sum_query_list_size/ | |
| 213 | (double)(s->svr.num_queries_missed_cache+ | |
| 214 | s->svr.num_queries_prefetch) : 0.0); | |
| 215 | PR_UL_NM("requestlist.max", s->svr.max_query_list_size); | |
| 216 | PR_UL_NM("requestlist.overwritten", s->mesh_jostled); | |
| 217 | PR_UL_NM("requestlist.exceeded", s->mesh_dropped); | |
| 218 | PR_UL_NM("requestlist.current.all", s->mesh_num_states); | |
| 219 | PR_UL_NM("requestlist.current.user", s->mesh_num_reply_states); | |
| 220 | #ifndef S_SPLINT_S | |
| 221 | sumwait.tv_sec = s->mesh_replies_sum_wait_sec; | |
| 222 | sumwait.tv_usec = s->mesh_replies_sum_wait_usec; | |
| 223 | #endif | |
| 224 | timeval_divide(&avg, &sumwait, s->mesh_replies_sent); | |
| 225 | printf("%s.", nm); | |
| 226 | PR_TIMEVAL("recursion.time.avg", avg); | |
| 227 | printf("%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median); | |
| 228 | PR_UL_NM("tcpusage", s->svr.tcp_accept_usage); | |
| 229 | } | |
| 230 | ||
| 231 | /** print uptime */ | |
| 232 | static void print_uptime(struct ub_shm_stat_info* shm_stat) | |
| 233 | { | |
| 234 | PR_STATSTIME("time.now", shm_stat->time.now); | |
| 235 | PR_STATSTIME("time.up", shm_stat->time.up); | |
| 236 | PR_STATSTIME("time.elapsed", shm_stat->time.elapsed); | |
| 237 | } | |
| 238 | ||
| 239 | /** print memory usage */ | |
| 240 | static void print_mem(struct ub_shm_stat_info* shm_stat) | |
| 241 | { | |
| 242 | PR_LL("mem.cache.rrset", shm_stat->mem.rrset); | |
| 243 | PR_LL("mem.cache.message", shm_stat->mem.msg); | |
| 244 | PR_LL("mem.mod.iterator", shm_stat->mem.iter); | |
| 245 | PR_LL("mem.mod.validator", shm_stat->mem.val); | |
| 246 | PR_LL("mem.mod.respip", shm_stat->mem.respip); | |
| 247 | #ifdef CLIENT_SUBNET | |
| 248 | PR_LL("mem.mod.subnet", shm_stat->mem.subnet); | |
| 249 | #endif | |
| 250 | #ifdef USE_IPSECMOD | |
| 251 | PR_LL("mem.mod.ipsecmod", shm_stat->mem.ipsecmod); | |
| 252 | #endif | |
| 253 | } | |
| 254 | ||
| 255 | /** print histogram */ | |
| 256 | static void print_hist(struct ub_stats_info* s) | |
| 257 | { | |
| 258 | struct timehist* hist; | |
| 259 | size_t i; | |
| 260 | hist = timehist_setup(); | |
| 261 | if(!hist) | |
| 262 | fatal_exit("out of memory"); | |
| 263 | timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST); | |
| 264 | for(i=0; i<hist->num; i++) { | |
| 265 | printf("histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n", | |
| 266 | (int)hist->buckets[i].lower.tv_sec, | |
| 267 | (int)hist->buckets[i].lower.tv_usec, | |
| 268 | (int)hist->buckets[i].upper.tv_sec, | |
| 269 | (int)hist->buckets[i].upper.tv_usec, | |
| 270 | (unsigned long)hist->buckets[i].count); | |
| 271 | } | |
| 272 | timehist_delete(hist); | |
| 273 | } | |
| 274 | ||
| 275 | /** print extended */ | |
| 276 | static void print_extended(struct ub_stats_info* s) | |
| 277 | { | |
| 278 | int i; | |
| 279 | char nm[16]; | |
| 280 | ||
| 281 | /* TYPE */ | |
| 282 | for(i=0; i<UB_STATS_QTYPE_NUM; i++) { | |
| 283 | if(inhibit_zero && s->svr.qtype[i] == 0) | |
| 284 | continue; | |
| 285 | sldns_wire2str_type_buf((uint16_t)i, nm, sizeof(nm)); | |
| 286 | PR_UL_SUB("num.query.type", nm, s->svr.qtype[i]); | |
| 287 | } | |
| 288 | if(!inhibit_zero || s->svr.qtype_big) { | |
| 289 | PR_UL("num.query.type.other", s->svr.qtype_big); | |
| 290 | } | |
| 291 | ||
| 292 | /* CLASS */ | |
| 293 | for(i=0; i<UB_STATS_QCLASS_NUM; i++) { | |
| 294 | if(inhibit_zero && s->svr.qclass[i] == 0) | |
| 295 | continue; | |
| 296 | sldns_wire2str_class_buf((uint16_t)i, nm, sizeof(nm)); | |
| 297 | PR_UL_SUB("num.query.class", nm, s->svr.qclass[i]); | |
| 298 | } | |
| 299 | if(!inhibit_zero || s->svr.qclass_big) { | |
| 300 | PR_UL("num.query.class.other", s->svr.qclass_big); | |
| 301 | } | |
| 302 | ||
| 303 | /* OPCODE */ | |
| 304 | for(i=0; i<UB_STATS_OPCODE_NUM; i++) { | |
| 305 | if(inhibit_zero && s->svr.qopcode[i] == 0) | |
| 306 | continue; | |
| 307 | sldns_wire2str_opcode_buf(i, nm, sizeof(nm)); | |
| 308 | PR_UL_SUB("num.query.opcode", nm, s->svr.qopcode[i]); | |
| 309 | } | |
| 310 | ||
| 311 | /* transport */ | |
| 312 | PR_UL("num.query.tcp", s->svr.qtcp); | |
| 313 | PR_UL("num.query.tcpout", s->svr.qtcp_outgoing); | |
| 314 | PR_UL("num.query.ipv6", s->svr.qipv6); | |
| 315 | ||
| 316 | /* flags */ | |
| 317 | PR_UL("num.query.flags.QR", s->svr.qbit_QR); | |
| 318 | PR_UL("num.query.flags.AA", s->svr.qbit_AA); | |
| 319 | PR_UL("num.query.flags.TC", s->svr.qbit_TC); | |
| 320 | PR_UL("num.query.flags.RD", s->svr.qbit_RD); | |
| 321 | PR_UL("num.query.flags.RA", s->svr.qbit_RA); | |
| 322 | PR_UL("num.query.flags.Z", s->svr.qbit_Z); | |
| 323 | PR_UL("num.query.flags.AD", s->svr.qbit_AD); | |
| 324 | PR_UL("num.query.flags.CD", s->svr.qbit_CD); | |
| 325 | PR_UL("num.query.edns.present", s->svr.qEDNS); | |
| 326 | PR_UL("num.query.edns.DO", s->svr.qEDNS_DO); | |
| 327 | ||
| 328 | /* RCODE */ | |
| 329 | for(i=0; i<UB_STATS_RCODE_NUM; i++) { | |
| 330 | /* Always include RCODEs 0-5 */ | |
| 331 | if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0) | |
| 332 | continue; | |
| 333 | sldns_wire2str_rcode_buf(i, nm, sizeof(nm)); | |
| 334 | PR_UL_SUB("num.answer.rcode", nm, s->svr.ans_rcode[i]); | |
| 335 | } | |
| 336 | if(!inhibit_zero || s->svr.ans_rcode_nodata) { | |
| 337 | PR_UL("num.answer.rcode.nodata", s->svr.ans_rcode_nodata); | |
| 338 | } | |
| 339 | /* validation */ | |
| 340 | PR_UL("num.answer.secure", s->svr.ans_secure); | |
| 341 | PR_UL("num.answer.bogus", s->svr.ans_bogus); | |
| 342 | PR_UL("num.rrset.bogus", s->svr.rrset_bogus); | |
| 343 | /* threat detection */ | |
| 344 | PR_UL("unwanted.queries", s->svr.unwanted_queries); | |
| 345 | PR_UL("unwanted.replies", s->svr.unwanted_replies); | |
| 346 | /* cache counts */ | |
| 347 | PR_UL("msg.cache.count", s->svr.msg_cache_count); | |
| 348 | PR_UL("rrset.cache.count", s->svr.rrset_cache_count); | |
| 349 | PR_UL("infra.cache.count", s->svr.infra_cache_count); | |
| 350 | PR_UL("key.cache.count", s->svr.key_cache_count); | |
| 351 | } | |
| 352 | ||
| 353 | /** print statistics out of memory structures */ | |
| 354 | static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats, | |
| 355 | struct ub_shm_stat_info* shm_stat) | |
| 356 | { | |
| 357 | int i; | |
| 358 | char nm[16]; | |
| 359 | for(i=0; i<cfg->num_threads; i++) { | |
| 360 | snprintf(nm, sizeof(nm), "thread%d", i); | |
| 361 | pr_stats(nm, &stats[i+1]); | |
| 362 | } | |
| 363 | pr_stats("total", &stats[0]); | |
| 364 | print_uptime(shm_stat); | |
| 365 | if(cfg->stat_extended) { | |
| 366 | print_mem(shm_stat); | |
| 367 | print_hist(stats); | |
| 368 | print_extended(stats); | |
| 369 | } | |
| 370 | } | |
| 371 | #endif /* HAVE_SHMGET */ | |
| 372 | ||
| 373 | /** print statistics from shm memory segment */ | |
| 374 | static void print_stats_shm(const char* cfgfile) | |
| 375 | { | |
| 376 | #ifdef HAVE_SHMGET | |
| 377 | struct config_file* cfg; | |
| 378 | struct ub_stats_info* stats; | |
| 379 | struct ub_shm_stat_info* shm_stat; | |
| 380 | int id_ctl, id_arr; | |
| 381 | /* read config */ | |
| 382 | if(!(cfg = config_create())) | |
| 383 | fatal_exit("out of memory"); | |
| 384 | if(!config_read(cfg, cfgfile, NULL)) | |
| 385 | fatal_exit("could not read config file"); | |
| 386 | /* get shm segments */ | |
| 387 | id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R|SHM_W); | |
| 388 | if(id_ctl == -1) { | |
| 389 | fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno)); | |
| 390 | } | |
| 391 | id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R|SHM_W); | |
| 392 | if(id_arr == -1) { | |
| 393 | fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno)); | |
| 394 | } | |
| 395 | shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, 0); | |
| 396 | if(shm_stat == (void*)-1) { | |
| 397 | fatal_exit("shmat(%d): %s", id_ctl, strerror(errno)); | |
| 398 | } | |
| 399 | stats = (struct ub_stats_info*)shmat(id_arr, NULL, 0); | |
| 400 | if(stats == (void*)-1) { | |
| 401 | fatal_exit("shmat(%d): %s", id_arr, strerror(errno)); | |
| 402 | } | |
| 403 | ||
| 404 | /* print the stats */ | |
| 405 | do_stats_shm(cfg, stats, shm_stat); | |
| 406 | ||
| 407 | /* shutdown */ | |
| 408 | shmdt(shm_stat); | |
| 409 | shmdt(stats); | |
| 410 | config_delete(cfg); | |
| 411 | #else | |
| 412 | (void)cfgfile; | |
| 413 | #endif /* HAVE_SHMGET */ | |
| 131 | 414 | } |
| 132 | 415 | |
| 133 | 416 | /** exit with ssl error */ |
| 152 | 435 | if(!s_cert || !c_key || !c_cert) |
| 153 | 436 | fatal_exit("out of memory"); |
| 154 | 437 | } |
| 155 | ctx = SSL_CTX_new(SSLv23_client_method()); | |
| 438 | ctx = SSL_CTX_new(SSLv23_client_method()); | |
| 156 | 439 | if(!ctx) |
| 157 | 440 | ssl_err("could not allocate SSL_CTX pointer"); |
| 158 | if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) | |
| 441 | if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) | |
| 159 | 442 | != SSL_OP_NO_SSLv2) |
| 160 | 443 | ssl_err("could not set SSL_OP_NO_SSLv2"); |
| 161 | if(cfg->remote_control_use_cert) { | |
| 444 | if(cfg->remote_control_use_cert) { | |
| 162 | 445 | if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) |
| 163 | 446 | != SSL_OP_NO_SSLv3) |
| 164 | 447 | ssl_err("could not set SSL_OP_NO_SSLv3"); |
| 194 | 477 | int fd; |
| 195 | 478 | /* use svr or the first config entry */ |
| 196 | 479 | if(!svr) { |
| 197 | if(cfg->control_ifs) | |
| 480 | if(cfg->control_ifs) { | |
| 198 | 481 | svr = cfg->control_ifs->str; |
| 199 | else svr = "127.0.0.1"; | |
| 482 | } else if(cfg->do_ip4) { | |
| 483 | svr = "127.0.0.1"; | |
| 484 | } else { | |
| 485 | svr = "::1"; | |
| 486 | } | |
| 200 | 487 | /* config 0 addr (everything), means ask localhost */ |
| 201 | 488 | if(strcmp(svr, "0.0.0.0") == 0) |
| 202 | 489 | svr = "127.0.0.1"; |
| 429 | 716 | log_init(NULL, 0, NULL); |
| 430 | 717 | checklock_start(); |
| 431 | 718 | #ifdef USE_WINSOCK |
| 432 | if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) | |
| 433 | fatal_exit("WSAStartup failed: %s", wsa_strerror(r)); | |
| 434 | 719 | /* use registry config file in preference to compiletime location */ |
| 435 | 720 | if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile"))) |
| 436 | 721 | cfgfile = CONFIGFILE; |
| 437 | 722 | #endif |
| 438 | ||
| 439 | #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS | |
| 440 | ERR_load_crypto_strings(); | |
| 441 | #endif | |
| 442 | ERR_load_SSL_strings(); | |
| 443 | #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) | |
| 444 | OpenSSL_add_all_algorithms(); | |
| 445 | #else | |
| 446 | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | |
| 447 | | OPENSSL_INIT_ADD_ALL_DIGESTS | |
| 448 | | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); | |
| 449 | #endif | |
| 450 | #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) | |
| 451 | (void)SSL_library_init(); | |
| 452 | #else | |
| 453 | (void)OPENSSL_init_ssl(0, NULL); | |
| 454 | #endif | |
| 455 | ||
| 456 | if(!RAND_status()) { | |
| 457 | /* try to seed it */ | |
| 458 | unsigned char buf[256]; | |
| 459 | unsigned int seed=(unsigned)time(NULL) ^ (unsigned)getpid(); | |
| 460 | unsigned int v = seed; | |
| 461 | size_t i; | |
| 462 | for(i=0; i<256/sizeof(v); i++) { | |
| 463 | memmove(buf+i*sizeof(v), &v, sizeof(v)); | |
| 464 | v = v*seed + (unsigned int)i; | |
| 465 | } | |
| 466 | RAND_seed(buf, 256); | |
| 467 | log_warn("no entropy, seeding openssl PRNG with time\n"); | |
| 468 | } | |
| 469 | ||
| 470 | 723 | /* parse the options */ |
| 471 | 724 | while( (c=getopt(argc, argv, "c:s:qh")) != -1) { |
| 472 | 725 | switch(c) { |
| 496 | 749 | strerror(errno)); |
| 497 | 750 | } |
| 498 | 751 | } |
| 752 | if(argc >= 1 && strcmp(argv[0], "stats_shm")==0) { | |
| 753 | print_stats_shm(cfgfile); | |
| 754 | return 0; | |
| 755 | } | |
| 756 | ||
| 757 | #ifdef USE_WINSOCK | |
| 758 | if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) | |
| 759 | fatal_exit("WSAStartup failed: %s", wsa_strerror(r)); | |
| 760 | #endif | |
| 761 | ||
| 762 | #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS | |
| 763 | ERR_load_crypto_strings(); | |
| 764 | #endif | |
| 765 | ERR_load_SSL_strings(); | |
| 766 | #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) | |
| 767 | OpenSSL_add_all_algorithms(); | |
| 768 | #else | |
| 769 | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | |
| 770 | | OPENSSL_INIT_ADD_ALL_DIGESTS | |
| 771 | | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); | |
| 772 | #endif | |
| 773 | #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) | |
| 774 | (void)SSL_library_init(); | |
| 775 | #else | |
| 776 | (void)OPENSSL_init_ssl(0, NULL); | |
| 777 | #endif | |
| 778 | ||
| 779 | if(!RAND_status()) { | |
| 780 | /* try to seed it */ | |
| 781 | unsigned char buf[256]; | |
| 782 | unsigned int seed=(unsigned)time(NULL) ^ (unsigned)getpid(); | |
| 783 | unsigned int v = seed; | |
| 784 | size_t i; | |
| 785 | for(i=0; i<256/sizeof(v); i++) { | |
| 786 | memmove(buf+i*sizeof(v), &v, sizeof(v)); | |
| 787 | v = v*seed + (unsigned int)i; | |
| 788 | } | |
| 789 | RAND_seed(buf, 256); | |
| 790 | log_warn("no entropy, seeding openssl PRNG with time\n"); | |
| 791 | } | |
| 499 | 792 | |
| 500 | 793 | ret = go(cfgfile, svr, quiet, argc, argv); |
| 501 | 794 | |
| 502 | 795 | #ifdef USE_WINSOCK |
| 503 | WSACleanup(); | |
| 796 | WSACleanup(); | |
| 504 | 797 | #endif |
| 505 | 798 | checklock_stop(); |
| 506 | 799 | return ret; |
| 0 | # macros for configuring systemd | |
| 1 | # Copyright 2015, Sami Kerola, CloudFlare. | |
| 2 | # BSD licensed. | |
| 3 | AC_ARG_ENABLE([systemd], | |
| 4 | [AS_HELP_STRING([--enable-systemd], [compile with systemd support])], | |
| 5 | [], [enable_systemd=no]) | |
| 6 | have_systemd=no | |
| 7 | AS_IF([test "x$enable_systemd" != xno], [ | |
| 8 | ifdef([PKG_CHECK_MODULES], [ | |
| 9 | dnl systemd v209 or newer | |
| 10 | PKG_CHECK_MODULES([SYSTEMD], [libsystemd], [have_systemd=yes], [have_systemd=no]) | |
| 11 | dnl old systemd library | |
| 12 | AS_IF([test "x$have_systemd" != "xyes"], [ | |
| 13 | PKG_CHECK_MODULES([SYSTEMD_DAEMON], [libsystemd-daemon], | |
| 14 | [have_systemd_daemon=yes], [have_systemd_daemon=no]) | |
| 15 | AS_IF([test "x$have_systemd_daemon" = "xyes"], | |
| 16 | [have_systemd=yes]) | |
| 17 | ]) | |
| 18 | AS_CASE([$enable_systemd:$have_systemd], | |
| 19 | [yes:no], | |
| 20 | [AC_MSG_ERROR([systemd enabled but libsystemd not found])], | |
| 21 | [*:yes], | |
| 22 | [AC_DEFINE([HAVE_SYSTEMD], [1], [Define to 1 if systemd should be used]) | |
| 23 | LIBS="$LIBS $SYSTEMD_LIBS" | |
| 24 | ] | |
| 25 | ) | |
| 26 | ], [ | |
| 27 | AC_MSG_ERROR([systemd enabled but need pkg-config to configure for it]) | |
| 28 | ]) | |
| 29 | ]) | |
| 30 | AM_CONDITIONAL([USE_SYSTEMD], [test "x$have_systemd" = xyes]) |
| 63 | 63 | /** true if cancelled */ |
| 64 | 64 | int cancel; |
| 65 | 65 | /** a lock on this structure for thread safety */ |
| 66 | lock_basic_t lock; | |
| 66 | lock_basic_type lock; | |
| 67 | 67 | }; |
| 68 | 68 | |
| 69 | 69 | /** |
| 163 | 163 | /** thread num for debug */ |
| 164 | 164 | int thread_num; |
| 165 | 165 | /** thread id */ |
| 166 | ub_thread_t tid; | |
| 166 | ub_thread_type tid; | |
| 167 | 167 | /** context */ |
| 168 | 168 | struct ub_ctx* ctx; |
| 169 | 169 | /** size of array to query */ |
| 60 | 60 | /** if the key was deleted, i.e. we have quit */ |
| 61 | 61 | static int key_deleted = 0; |
| 62 | 62 | /** we hide the thread debug info with this key. */ |
| 63 | static ub_thread_key_t thr_debug_key; | |
| 63 | static ub_thread_key_type thr_debug_key; | |
| 64 | 64 | /** the list of threads, so all threads can be examined. NULL if unused. */ |
| 65 | 65 | static struct thr_check* thread_infos[THRDEBUG_MAX_THREADS]; |
| 66 | 66 | /** do we check locking order */ |
| 306 | 306 | struct checked_lock_spl { struct checked_lock* c_spl; }; |
| 307 | 307 | |
| 308 | 308 | /** debugging rwlock */ |
| 309 | typedef struct checked_lock_rw lock_rw_t; | |
| 309 | typedef struct checked_lock_rw lock_rw_type; | |
| 310 | 310 | #define lock_rw_init(lock) checklock_init(check_lock_rwlock, &((lock)->c_rw), __func__, __FILE__, __LINE__) |
| 311 | 311 | #define lock_rw_destroy(lock) checklock_destroy(check_lock_rwlock, &((lock)->c_rw), __func__, __FILE__, __LINE__) |
| 312 | 312 | #define lock_rw_rdlock(lock) checklock_rdlock(check_lock_rwlock, (lock)->c_rw, __func__, __FILE__, __LINE__) |
| 314 | 314 | #define lock_rw_unlock(lock) checklock_unlock(check_lock_rwlock, (lock)->c_rw, __func__, __FILE__, __LINE__) |
| 315 | 315 | |
| 316 | 316 | /** debugging mutex */ |
| 317 | typedef struct checked_lock_mutex lock_basic_t; | |
| 317 | typedef struct checked_lock_mutex lock_basic_type; | |
| 318 | 318 | #define lock_basic_init(lock) checklock_init(check_lock_mutex, &((lock)->c_m), __func__, __FILE__, __LINE__) |
| 319 | 319 | #define lock_basic_destroy(lock) checklock_destroy(check_lock_mutex, &((lock)->c_m), __func__, __FILE__, __LINE__) |
| 320 | 320 | #define lock_basic_lock(lock) checklock_lock(check_lock_mutex, (lock)->c_m, __func__, __FILE__, __LINE__) |
| 321 | 321 | #define lock_basic_unlock(lock) checklock_unlock(check_lock_mutex, (lock)->c_m, __func__, __FILE__, __LINE__) |
| 322 | 322 | |
| 323 | 323 | /** debugging spinlock */ |
| 324 | typedef struct checked_lock_spl lock_quick_t; | |
| 324 | typedef struct checked_lock_spl lock_quick_type; | |
| 325 | 325 | #define lock_quick_init(lock) checklock_init(check_lock_spinlock, &((lock)->c_spl), __func__, __FILE__, __LINE__) |
| 326 | 326 | #define lock_quick_destroy(lock) checklock_destroy(check_lock_spinlock, &((lock)->c_spl), __func__, __FILE__, __LINE__) |
| 327 | 327 | #define lock_quick_lock(lock) checklock_lock(check_lock_spinlock, (lock)->c_spl, __func__, __FILE__, __LINE__) |
| 328 | 328 | #define lock_quick_unlock(lock) checklock_unlock(check_lock_spinlock, (lock)->c_spl, __func__, __FILE__, __LINE__) |
| 329 | 329 | |
| 330 | 330 | /** we use the pthread id, our thr_check structure is kept behind the scenes */ |
| 331 | typedef pthread_t ub_thread_t; | |
| 331 | typedef pthread_t ub_thread_type; | |
| 332 | 332 | #define ub_thread_create(thr, func, arg) checklock_thrcreate(thr, func, arg) |
| 333 | 333 | #define ub_thread_self() pthread_self() |
| 334 | 334 | #define ub_thread_join(thread) checklock_thrjoin(thread) |
| 335 | 335 | |
| 336 | typedef pthread_key_t ub_thread_key_t; | |
| 336 | typedef pthread_key_t ub_thread_key_type; | |
| 337 | 337 | #define ub_thread_key_create(key, f) LOCKRET(pthread_key_create(key, f)) |
| 338 | 338 | #define ub_thread_key_set(key, v) LOCKRET(pthread_setspecific(key, v)) |
| 339 | 339 | #define ub_thread_key_get(key) pthread_getspecific(key) |
| 8 | 8 | NEED_WHOAMI='07-confroot.tpkg' |
| 9 | 9 | NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg' |
| 10 | 10 | NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg' |
| 11 | NEED_DNSCRYPT_PROXY='dnscrypt_queries.tpkg dnscrypt_queries_chacha.tpkg' | |
| 11 | 12 | |
| 12 | 13 | # test if dig and ldns-testns are available. |
| 13 | 14 | test_tool_avail "dig" |
| 38 | 39 | skip_if_in_list $test "$NEED_XXD" "xxd" |
| 39 | 40 | skip_if_in_list $test "$NEED_NC" "nc" |
| 40 | 41 | skip_if_in_list $test "$NEED_WHOAMI" "whoami" |
| 42 | skip_if_in_list $test "$NEED_DNSCRYPT_PROXY" "dnscrypt-proxy" | |
| 41 | 43 | |
| 42 | 44 | if echo $NEED_IPV6 | grep $test >/dev/null; then |
| 43 | 45 | if test "$HAVE_IPV6" = no; then |
| 317 | 317 | struct comm_point c; |
| 318 | 318 | struct comm_reply repinfo; |
| 319 | 319 | void* cb_arg = pend->cb_arg; |
| 320 | comm_point_callback_t* cb = pend->callback; | |
| 320 | comm_point_callback_type* cb = pend->callback; | |
| 321 | 321 | |
| 322 | 322 | memset(&c, 0, sizeof(c)); |
| 323 | 323 | c.fd = -1; |
| 421 | 421 | struct comm_reply repinfo; |
| 422 | 422 | struct comm_point c; |
| 423 | 423 | void* cb_arg; |
| 424 | comm_point_callback_t* cb; | |
| 424 | comm_point_callback_type* cb; | |
| 425 | 425 | |
| 426 | 426 | memset(&c, 0, sizeof(c)); |
| 427 | 427 | if(!p) fatal_exit("No pending queries."); |
| 734 | 734 | listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports), |
| 735 | 735 | size_t bufsize, int ATTR_UNUSED(tcp_accept_count), |
| 736 | 736 | void* ATTR_UNUSED(sslctx), struct dt_env* ATTR_UNUSED(dtenv), |
| 737 | comm_point_callback_t* cb, void* cb_arg) | |
| 737 | comm_point_callback_type* cb, void* cb_arg) | |
| 738 | 738 | { |
| 739 | 739 | struct replay_runtime* runtime = (struct replay_runtime*)base; |
| 740 | 740 | struct listen_dnsport* l= calloc(1, sizeof(struct listen_dnsport)); |
| 936 | 936 | |
| 937 | 937 | struct pending* |
| 938 | 938 | pending_udp_query(struct serviced_query* sq, sldns_buffer* packet, |
| 939 | int timeout, comm_point_callback_t* callback, void* callback_arg) | |
| 939 | int timeout, comm_point_callback_type* callback, void* callback_arg) | |
| 940 | 940 | { |
| 941 | 941 | struct replay_runtime* runtime = (struct replay_runtime*) |
| 942 | 942 | sq->outnet->base; |
| 986 | 986 | |
| 987 | 987 | struct waiting_tcp* |
| 988 | 988 | pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, |
| 989 | int timeout, comm_point_callback_t* callback, void* callback_arg) | |
| 989 | int timeout, comm_point_callback_type* callback, void* callback_arg) | |
| 990 | 990 | { |
| 991 | 991 | struct replay_runtime* runtime = (struct replay_runtime*) |
| 992 | 992 | sq->outnet->base; |
| 1040 | 1040 | int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream), |
| 1041 | 1041 | struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, |
| 1042 | 1042 | size_t zonelen, struct module_qstate* qstate, |
| 1043 | comm_point_callback_t* callback, void* callback_arg, | |
| 1043 | comm_point_callback_type* callback, void* callback_arg, | |
| 1044 | 1044 | sldns_buffer* ATTR_UNUSED(buff), struct module_env* ATTR_UNUSED(env)) |
| 1045 | 1045 | { |
| 1046 | 1046 | struct replay_runtime* runtime = (struct replay_runtime*)outnet->base; |
| 1069 | 1069 | sldns_buffer_write_u16(pend->buffer, qinfo->qclass); |
| 1070 | 1070 | sldns_buffer_flip(pend->buffer); |
| 1071 | 1071 | if(1) { |
| 1072 | struct edns_data edns; | |
| 1073 | if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, | |
| 1074 | zone, zonelen, qstate, qstate->region)) { | |
| 1075 | free(pend); | |
| 1076 | return NULL; | |
| 1077 | } | |
| 1072 | 1078 | /* add edns */ |
| 1073 | struct edns_data edns; | |
| 1074 | 1079 | edns.edns_present = 1; |
| 1075 | 1080 | edns.ext_rcode = 0; |
| 1076 | 1081 | edns.edns_version = EDNS_ADVERTISED_VERSION; |
| 1159 | 1164 | |
| 1160 | 1165 | struct comm_point* comm_point_create_local(struct comm_base* ATTR_UNUSED(base), |
| 1161 | 1166 | int ATTR_UNUSED(fd), size_t ATTR_UNUSED(bufsize), |
| 1162 | comm_point_callback_t* ATTR_UNUSED(callback), | |
| 1167 | comm_point_callback_type* ATTR_UNUSED(callback), | |
| 1163 | 1168 | void* ATTR_UNUSED(callback_arg)) |
| 1164 | 1169 | { |
| 1165 | 1170 | return calloc(1, 1); |
| 1167 | 1172 | |
| 1168 | 1173 | struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base), |
| 1169 | 1174 | int ATTR_UNUSED(fd), int ATTR_UNUSED(writing), |
| 1170 | comm_point_callback_t* ATTR_UNUSED(callback), | |
| 1175 | comm_point_callback_type* ATTR_UNUSED(callback), | |
| 1171 | 1176 | void* ATTR_UNUSED(callback_arg)) |
| 1172 | 1177 | { |
| 1173 | 1178 | /* no pipe comm possible */ |
| 67 | 67 | /** a lock */ |
| 68 | 68 | struct order_lock { |
| 69 | 69 | /** rbnode in all tree */ |
| 70 | rbnode_t node; | |
| 70 | rbnode_type node; | |
| 71 | 71 | /** lock id */ |
| 72 | 72 | struct order_id id; |
| 73 | 73 | /** the creation file */ |
| 75 | 75 | /** creation line */ |
| 76 | 76 | int create_line; |
| 77 | 77 | /** set of all locks that are smaller than this one (locked earlier) */ |
| 78 | rbtree_t* smaller; | |
| 78 | rbtree_type* smaller; | |
| 79 | 79 | /** during depthfirstsearch, this is a linked list of the stack |
| 80 | 80 | * of locks. points to the next lock bigger than this one. */ |
| 81 | 81 | struct lock_ref* dfs_next; |
| 88 | 88 | /** reference to a lock in a rbtree set */ |
| 89 | 89 | struct lock_ref { |
| 90 | 90 | /** rbnode, key is an order_id ptr */ |
| 91 | rbnode_t node; | |
| 91 | rbnode_type node; | |
| 92 | 92 | /** the lock referenced */ |
| 93 | 93 | struct order_lock* lock; |
| 94 | 94 | /** why is this ref */ |
| 180 | 180 | } |
| 181 | 181 | |
| 182 | 182 | /** read creation entry */ |
| 183 | static void read_create(rbtree_t* all, FILE* in) | |
| 183 | static void read_create(rbtree_type* all, FILE* in) | |
| 184 | 184 | { |
| 185 | 185 | struct order_lock* o = calloc(1, sizeof(struct order_lock)); |
| 186 | 186 | if(!o) fatal_exit("malloc failure"); |
| 209 | 209 | |
| 210 | 210 | /** insert lock entry (empty) into list */ |
| 211 | 211 | static struct order_lock* |
| 212 | insert_lock(rbtree_t* all, struct order_id* id) | |
| 212 | insert_lock(rbtree_type* all, struct order_id* id) | |
| 213 | 213 | { |
| 214 | 214 | struct order_lock* o = calloc(1, sizeof(struct order_lock)); |
| 215 | 215 | if(!o) fatal_exit("malloc failure"); |
| 222 | 222 | } |
| 223 | 223 | |
| 224 | 224 | /** read lock entry */ |
| 225 | static void read_lock(rbtree_t* all, FILE* in, int val) | |
| 225 | static void read_lock(rbtree_type* all, FILE* in, int val) | |
| 226 | 226 | { |
| 227 | 227 | struct order_id prev_id, now_id; |
| 228 | 228 | struct lock_ref* ref; |
| 255 | 255 | } |
| 256 | 256 | |
| 257 | 257 | /** read input file */ |
| 258 | static void readinput(rbtree_t* all, char* file) | |
| 258 | static void readinput(rbtree_type* all, char* file) | |
| 259 | 259 | { |
| 260 | 260 | FILE *in = fopen(file, "r"); |
| 261 | 261 | int fst; |
| 366 | 366 | } |
| 367 | 367 | |
| 368 | 368 | /** Check ordering of locks */ |
| 369 | static void check_order(rbtree_t* all_locks) | |
| 369 | static void check_order(rbtree_type* all_locks) | |
| 370 | 370 | { |
| 371 | 371 | /* check each lock */ |
| 372 | 372 | struct order_lock* lock; |
| 390 | 390 | int |
| 391 | 391 | main(int argc, char* argv[]) |
| 392 | 392 | { |
| 393 | rbtree_t* all_locks; | |
| 393 | rbtree_type* all_locks; | |
| 394 | 394 | int i; |
| 395 | 395 | time_t starttime = time(NULL); |
| 396 | 396 | #ifdef USE_THREAD_DEBUG |
| 50 | 50 | */ |
| 51 | 51 | struct codeline { |
| 52 | 52 | /** rbtree node */ |
| 53 | rbnode_t node; | |
| 53 | rbnode_type node; | |
| 54 | 54 | /** the name of the file:linenumber */ |
| 55 | 55 | char* codeline; |
| 56 | 56 | /** the name of the function */ |
| 98 | 98 | |
| 99 | 99 | /** find or alloc codeline in tree */ |
| 100 | 100 | static struct codeline* |
| 101 | get_codeline(rbtree_t* tree, char* key, char* func) | |
| 101 | get_codeline(rbtree_type* tree, char* key, char* func) | |
| 102 | 102 | { |
| 103 | 103 | struct codeline* cl = (struct codeline*)rbtree_search(tree, key); |
| 104 | 104 | if(!cl) { |
| 117 | 117 | |
| 118 | 118 | /** read up the malloc stats */ |
| 119 | 119 | static void |
| 120 | read_malloc_stat(char* line, rbtree_t* tree) | |
| 120 | read_malloc_stat(char* line, rbtree_type* tree) | |
| 121 | 121 | { |
| 122 | 122 | char codeline[10240]; |
| 123 | 123 | char name[10240]; |
| 142 | 142 | |
| 143 | 143 | /** read up the calloc stats */ |
| 144 | 144 | static void |
| 145 | read_calloc_stat(char* line, rbtree_t* tree) | |
| 145 | read_calloc_stat(char* line, rbtree_type* tree) | |
| 146 | 146 | { |
| 147 | 147 | char codeline[10240]; |
| 148 | 148 | char name[10240]; |
| 179 | 179 | |
| 180 | 180 | /** read the logfile */ |
| 181 | 181 | static void |
| 182 | readfile(rbtree_t* tree, const char* fname) | |
| 182 | readfile(rbtree_type* tree, const char* fname) | |
| 183 | 183 | { |
| 184 | 184 | off_t total = get_file_size(fname); |
| 185 | 185 | off_t done = (off_t)0; |
| 215 | 215 | |
| 216 | 216 | /** print memory stats */ |
| 217 | 217 | static void |
| 218 | printstats(rbtree_t* tree) | |
| 218 | printstats(rbtree_type* tree) | |
| 219 | 219 | { |
| 220 | 220 | struct codeline* cl; |
| 221 | 221 | uint64_t total = 0, tcalls = 0; |
| 234 | 234 | /** main program */ |
| 235 | 235 | int main(int argc, const char* argv[]) |
| 236 | 236 | { |
| 237 | rbtree_t* tree = 0; | |
| 237 | rbtree_type* tree = 0; | |
| 238 | 238 | log_init(NULL, 0, 0); |
| 239 | 239 | if(argc != 2) { |
| 240 | 240 | usage(); |
| 62 | 62 | * done (successfully). |
| 63 | 63 | * @return expanded text, malloced. NULL on failure. |
| 64 | 64 | */ |
| 65 | static char* macro_expand(rbtree_t* store, | |
| 65 | static char* macro_expand(rbtree_type* store, | |
| 66 | 66 | struct replay_runtime* runtime, char** text); |
| 67 | 67 | |
| 68 | 68 | /** compare of time values */ |
| 487 | 487 | return scen; |
| 488 | 488 | } |
| 489 | 489 | } |
| 490 | log_err("scenario read failed at line %d (no SCENARIO_END?)", *lineno); | |
| 490 | 491 | replay_scenario_delete(scen); |
| 491 | 492 | return NULL; |
| 492 | 493 | } |
| 547 | 548 | return strcmp(x->name, y->name); |
| 548 | 549 | } |
| 549 | 550 | |
| 550 | rbtree_t* | |
| 551 | rbtree_type* | |
| 551 | 552 | macro_store_create(void) |
| 552 | 553 | { |
| 553 | 554 | return rbtree_create(&replay_var_compare); |
| 555 | 556 | |
| 556 | 557 | /** helper function to delete macro values */ |
| 557 | 558 | static void |
| 558 | del_macro(rbnode_t* x, void* ATTR_UNUSED(arg)) | |
| 559 | del_macro(rbnode_type* x, void* ATTR_UNUSED(arg)) | |
| 559 | 560 | { |
| 560 | 561 | struct replay_var* v = (struct replay_var*)x; |
| 561 | 562 | free(v->name); |
| 564 | 565 | } |
| 565 | 566 | |
| 566 | 567 | void |
| 567 | macro_store_delete(rbtree_t* store) | |
| 568 | macro_store_delete(rbtree_type* store) | |
| 568 | 569 | { |
| 569 | 570 | if(!store) |
| 570 | 571 | return; |
| 614 | 615 | |
| 615 | 616 | /** do macro recursion */ |
| 616 | 617 | static char* |
| 617 | do_macro_recursion(rbtree_t* store, struct replay_runtime* runtime, | |
| 618 | do_macro_recursion(rbtree_type* store, struct replay_runtime* runtime, | |
| 618 | 619 | char* at, size_t remain) |
| 619 | 620 | { |
| 620 | 621 | char* after = at+2; |
| 631 | 632 | |
| 632 | 633 | /** get var from store */ |
| 633 | 634 | static struct replay_var* |
| 634 | macro_getvar(rbtree_t* store, char* name) | |
| 635 | macro_getvar(rbtree_type* store, char* name) | |
| 635 | 636 | { |
| 636 | 637 | struct replay_var k; |
| 637 | 638 | k.node.key = &k; |
| 641 | 642 | |
| 642 | 643 | /** do macro variable */ |
| 643 | 644 | static char* |
| 644 | do_macro_variable(rbtree_t* store, char* buf, size_t remain) | |
| 645 | do_macro_variable(rbtree_type* store, char* buf, size_t remain) | |
| 645 | 646 | { |
| 646 | 647 | struct replay_var* v; |
| 647 | 648 | char* at = buf+1; |
| 775 | 776 | } |
| 776 | 777 | |
| 777 | 778 | static char* |
| 778 | macro_expand(rbtree_t* store, struct replay_runtime* runtime, char** text) | |
| 779 | macro_expand(rbtree_type* store, struct replay_runtime* runtime, char** text) | |
| 779 | 780 | { |
| 780 | 781 | char buf[10240]; |
| 781 | 782 | char* at = *text; |
| 843 | 844 | } |
| 844 | 845 | |
| 845 | 846 | char* |
| 846 | macro_process(rbtree_t* store, struct replay_runtime* runtime, char* text) | |
| 847 | macro_process(rbtree_type* store, struct replay_runtime* runtime, char* text) | |
| 847 | 848 | { |
| 848 | 849 | char buf[10240]; |
| 849 | 850 | char* next, *expand; |
| 871 | 872 | } |
| 872 | 873 | |
| 873 | 874 | char* |
| 874 | macro_lookup(rbtree_t* store, char* name) | |
| 875 | macro_lookup(rbtree_type* store, char* name) | |
| 875 | 876 | { |
| 876 | 877 | struct replay_var* x = macro_getvar(store, name); |
| 877 | 878 | if(!x) return strdup(""); |
| 878 | 879 | return strdup(x->value); |
| 879 | 880 | } |
| 880 | 881 | |
| 881 | void macro_print_debug(rbtree_t* store) | |
| 882 | void macro_print_debug(rbtree_type* store) | |
| 882 | 883 | { |
| 883 | 884 | struct replay_var* x; |
| 884 | 885 | RBTREE_FOR(x, struct replay_var*, store) { |
| 887 | 888 | } |
| 888 | 889 | |
| 889 | 890 | int |
| 890 | macro_assign(rbtree_t* store, char* name, char* value) | |
| 891 | macro_assign(rbtree_type* store, char* name, char* value) | |
| 891 | 892 | { |
| 892 | 893 | struct replay_var* x = macro_getvar(store, name); |
| 893 | 894 | if(x) { |
| 917 | 918 | void testbound_selftest(void) |
| 918 | 919 | { |
| 919 | 920 | /* test the macro store */ |
| 920 | rbtree_t* store = macro_store_create(); | |
| 921 | rbtree_type* store = macro_store_create(); | |
| 921 | 922 | char* v; |
| 922 | 923 | int r; |
| 923 | 924 | int num_asserts = 0; |
| 279 | 279 | struct fake_timer* timer_list; |
| 280 | 280 | |
| 281 | 281 | /** callback to call for incoming queries */ |
| 282 | comm_point_callback_t* callback_query; | |
| 282 | comm_point_callback_type* callback_query; | |
| 283 | 283 | /** user argument for incoming query callback */ |
| 284 | 284 | void *cb_arg; |
| 285 | 285 | |
| 304 | 304 | /** |
| 305 | 305 | * Tree of macro values. Of type replay_var |
| 306 | 306 | */ |
| 307 | rbtree_t* vars; | |
| 307 | rbtree_type* vars; | |
| 308 | 308 | }; |
| 309 | 309 | |
| 310 | 310 | /** |
| 324 | 324 | /** qtype */ |
| 325 | 325 | int qtype; |
| 326 | 326 | /** The callback function to call when answer arrives (or timeout) */ |
| 327 | comm_point_callback_t* callback; | |
| 327 | comm_point_callback_type* callback; | |
| 328 | 328 | /** callback user argument */ |
| 329 | 329 | void* cb_arg; |
| 330 | 330 | /** original timeout in seconds from 'then' */ |
| 379 | 379 | */ |
| 380 | 380 | struct replay_var { |
| 381 | 381 | /** rbtree node. Key is this structure. Sorted by name. */ |
| 382 | rbnode_t node; | |
| 382 | rbnode_type node; | |
| 383 | 383 | /** the variable name */ |
| 384 | 384 | char* name; |
| 385 | 385 | /** the variable value */ |
| 412 | 412 | * Create variable storage |
| 413 | 413 | * @return new or NULL on failure. |
| 414 | 414 | */ |
| 415 | rbtree_t* macro_store_create(void); | |
| 415 | rbtree_type* macro_store_create(void); | |
| 416 | 416 | |
| 417 | 417 | /** |
| 418 | 418 | * Delete variable storage |
| 419 | 419 | * @param store: the macro storage to free up. |
| 420 | 420 | */ |
| 421 | void macro_store_delete(rbtree_t* store); | |
| 421 | void macro_store_delete(rbtree_type* store); | |
| 422 | 422 | |
| 423 | 423 | /** |
| 424 | 424 | * Apply macro substitution to string. |
| 427 | 427 | * @param text: string to work on. |
| 428 | 428 | * @return newly malloced string with result. |
| 429 | 429 | */ |
| 430 | char* macro_process(rbtree_t* store, struct replay_runtime* runtime, | |
| 430 | char* macro_process(rbtree_type* store, struct replay_runtime* runtime, | |
| 431 | 431 | char* text); |
| 432 | 432 | |
| 433 | 433 | /** |
| 437 | 437 | * @return newly malloced string with result or strdup("") if not found. |
| 438 | 438 | * or NULL on malloc failure. |
| 439 | 439 | */ |
| 440 | char* macro_lookup(rbtree_t* store, char* name); | |
| 440 | char* macro_lookup(rbtree_type* store, char* name); | |
| 441 | 441 | |
| 442 | 442 | /** |
| 443 | 443 | * Set macro value. |
| 446 | 446 | * @param value: text to set it to. Not expanded. |
| 447 | 447 | * @return false on failure. |
| 448 | 448 | */ |
| 449 | int macro_assign(rbtree_t* store, char* name, char* value); | |
| 449 | int macro_assign(rbtree_type* store, char* name, char* value); | |
| 450 | 450 | |
| 451 | 451 | /** Print macro variables stored as debug info */ |
| 452 | void macro_print_debug(rbtree_t* store); | |
| 452 | void macro_print_debug(rbtree_type* store); | |
| 453 | 453 | |
| 454 | 454 | /** testbounds self test */ |
| 455 | 455 | void testbound_selftest(void); |
| 142 | 142 | edns.edns_present = 1; |
| 143 | 143 | edns.bits = EDNS_DO; |
| 144 | 144 | edns.udp_size = 4096; |
| 145 | attach_edns_record(buf, &edns); | |
| 145 | if(sldns_buffer_capacity(buf) >= | |
| 146 | sldns_buffer_limit(buf)+calc_edns_field_size(&edns)) | |
| 147 | attach_edns_record(buf, &edns); | |
| 146 | 148 | } |
| 147 | 149 | |
| 148 | 150 | /* send it */ |
| 72 | 72 | printf("\ttest the unbound daemon.\n"); |
| 73 | 73 | printf("-h this help\n"); |
| 74 | 74 | printf("-p file playback text file\n"); |
| 75 | printf("-1 detect SHA1 support (exit code 0 or 1)\n"); | |
| 75 | 76 | printf("-2 detect SHA256 support (exit code 0 or 1)\n"); |
| 76 | 77 | printf("-g detect GOST support (exit code 0 or 1)\n"); |
| 77 | 78 | printf("-e detect ECDSA support (exit code 0 or 1)\n"); |
| 79 | printf("-c detect CLIENT_SUBNET support (exit code 0 or 1)\n"); | |
| 80 | printf("-i detect IPSECMOD support (exit code 0 or 1)\n"); | |
| 78 | 81 | printf("-s testbound self-test - unit test of testbound parts.\n"); |
| 79 | 82 | printf("-o str unbound commandline options separated by spaces.\n"); |
| 80 | 83 | printf("Version %s\n", PACKAGE_VERSION); |
| 278 | 281 | pass_argc = 1; |
| 279 | 282 | pass_argv[0] = "unbound"; |
| 280 | 283 | add_opts("-d", &pass_argc, pass_argv); |
| 281 | while( (c=getopt(argc, argv, "2egho:p:s")) != -1) { | |
| 284 | while( (c=getopt(argc, argv, "12egciho:p:s")) != -1) { | |
| 282 | 285 | switch(c) { |
| 283 | 286 | case 's': |
| 284 | 287 | free(pass_argv[1]); |
| 285 | 288 | testbound_selftest(); |
| 286 | 289 | exit(0); |
| 290 | case '1': | |
| 291 | #ifdef USE_SHA1 | |
| 292 | printf("SHA1 supported\n"); | |
| 293 | exit(0); | |
| 294 | #else | |
| 295 | printf("SHA1 not supported\n"); | |
| 296 | exit(1); | |
| 297 | #endif | |
| 298 | break; | |
| 287 | 299 | case '2': |
| 288 | 300 | #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) |
| 289 | 301 | printf("SHA256 supported\n"); |
| 316 | 328 | exit(1); |
| 317 | 329 | #endif |
| 318 | 330 | break; |
| 331 | case 'c': | |
| 332 | #ifdef CLIENT_SUBNET | |
| 333 | printf("CLIENT_SUBNET supported\n"); | |
| 334 | exit(0); | |
| 335 | #else | |
| 336 | printf("CLIENT_SUBNET not supported\n"); | |
| 337 | exit(1); | |
| 338 | #endif | |
| 339 | break; | |
| 340 | case 'i': | |
| 341 | #ifdef USE_IPSECMOD | |
| 342 | printf("IPSECMOD supported\n"); | |
| 343 | exit(0); | |
| 344 | #else | |
| 345 | printf("IPSECMOD not supported\n"); | |
| 346 | exit(1); | |
| 347 | #endif | |
| 348 | break; | |
| 319 | 349 | case 'p': |
| 320 | 350 | playback_file = optarg; |
| 321 | 351 | break; |
| 97 | 97 | pkt->packet_sleep = 0; |
| 98 | 98 | pkt->reply_pkt = NULL; |
| 99 | 99 | pkt->reply_from_hex = NULL; |
| 100 | pkt->raw_ednsdata = NULL; | |
| 100 | 101 | /* link at end */ |
| 101 | 102 | while(*p) |
| 102 | 103 | p = &((*p)->next); |
| 117 | 118 | e->match_qtype = 1; |
| 118 | 119 | } else if(str_keyword(&parse, "qname")) { |
| 119 | 120 | e->match_qname = 1; |
| 121 | } else if(str_keyword(&parse, "rcode")) { | |
| 122 | e->match_rcode = 1; | |
| 123 | } else if(str_keyword(&parse, "question")) { | |
| 124 | e->match_question = 1; | |
| 125 | } else if(str_keyword(&parse, "answer")) { | |
| 126 | e->match_answer = 1; | |
| 120 | 127 | } else if(str_keyword(&parse, "subdomain")) { |
| 121 | 128 | e->match_subdomain = 1; |
| 122 | 129 | } else if(str_keyword(&parse, "all")) { |
| 127 | 134 | e->match_do = 1; |
| 128 | 135 | } else if(str_keyword(&parse, "noedns")) { |
| 129 | 136 | e->match_noedns = 1; |
| 137 | } else if(str_keyword(&parse, "ednsdata")) { | |
| 138 | e->match_ednsdata_raw = 1; | |
| 130 | 139 | } else if(str_keyword(&parse, "UDP")) { |
| 131 | 140 | e->match_transport = transport_udp; |
| 132 | 141 | } else if(str_keyword(&parse, "TCP")) { |
| 223 | 232 | e->copy_id = 1; |
| 224 | 233 | } else if(str_keyword(&parse, "copy_query")) { |
| 225 | 234 | e->copy_query = 1; |
| 235 | } else if(str_keyword(&parse, "copy_ednsdata_assume_clientsubnet")) { | |
| 236 | e->copy_ednsdata_assume_clientsubnet = 1; | |
| 226 | 237 | } else if(str_keyword(&parse, "sleep=")) { |
| 227 | 238 | e->sleeptime = (unsigned int) strtol(parse, (char**)&parse, 10); |
| 228 | 239 | while(isspace((unsigned char)*parse)) |
| 246 | 257 | e->match_opcode = 0; |
| 247 | 258 | e->match_qtype = 0; |
| 248 | 259 | e->match_qname = 0; |
| 260 | e->match_rcode = 0; | |
| 261 | e->match_question = 0; | |
| 262 | e->match_answer = 0; | |
| 249 | 263 | e->match_subdomain = 0; |
| 250 | 264 | e->match_all = 0; |
| 251 | 265 | e->match_ttl = 0; |
| 257 | 271 | e->reply_list = NULL; |
| 258 | 272 | e->copy_id = 0; |
| 259 | 273 | e->copy_query = 0; |
| 274 | e->copy_ednsdata_assume_clientsubnet = 0; | |
| 260 | 275 | e->sleeptime = 0; |
| 261 | 276 | e->next = NULL; |
| 262 | 277 | return e; |
| 474 | 489 | else error("internal error bad section %d", (int)add_section); |
| 475 | 490 | } |
| 476 | 491 | |
| 477 | /* add EDNS 4096 DO opt record */ | |
| 492 | /* add EDNS 4096 opt record */ | |
| 478 | 493 | static void |
| 479 | add_do_flag(uint8_t* pktbuf, size_t pktsize, size_t* pktlen) | |
| 494 | add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata, | |
| 495 | uint16_t ednslen, size_t* pktlen) | |
| 480 | 496 | { |
| 481 | 497 | uint8_t edns[] = {0x00, /* root label */ |
| 482 | 498 | 0x00, LDNS_RR_TYPE_OPT, /* type */ |
| 483 | 499 | 0x10, 0x00, /* class is UDPSIZE 4096 */ |
| 484 | 500 | 0x00, /* TTL[0] is ext rcode */ |
| 485 | 501 | 0x00, /* TTL[1] is edns version */ |
| 486 | 0x80, 0x00, /* TTL[2-3] is edns flags, DO */ | |
| 487 | 0x00, 0x00 /* rdatalength (0 options) */ | |
| 502 | (uint8_t)(do_flag?0x80:0x00), 0x00, /* TTL[2-3] is edns flags, DO */ | |
| 503 | (uint8_t)((ednslen >> 8) & 0xff), | |
| 504 | (uint8_t)(ednslen & 0xff), /* rdatalength */ | |
| 488 | 505 | }; |
| 489 | 506 | if(*pktlen < LDNS_HEADER_SIZE) |
| 490 | 507 | return; |
| 491 | if(*pktlen + sizeof(edns) > pktsize) | |
| 508 | if(*pktlen + sizeof(edns) + ednslen > pktsize) | |
| 492 | 509 | error("not enough space for EDNS OPT record"); |
| 493 | 510 | memmove(pktbuf+*pktlen, edns, sizeof(edns)); |
| 511 | memmove(pktbuf+*pktlen+sizeof(edns), ednsdata, ednslen); | |
| 494 | 512 | sldns_write_uint16(pktbuf+10, LDNS_ARCOUNT(pktbuf)+1); |
| 495 | *pktlen += sizeof(edns); | |
| 513 | *pktlen += (sizeof(edns) + ednslen); | |
| 496 | 514 | } |
| 497 | 515 | |
| 498 | 516 | /* Reads one entry from file. Returns entry or NULL on error. */ |
| 506 | 524 | sldns_pkt_section add_section = LDNS_SECTION_QUESTION; |
| 507 | 525 | struct reply_packet *cur_reply = NULL; |
| 508 | 526 | int reading_hex = 0; |
| 527 | int reading_hex_ednsdata = 0; | |
| 509 | 528 | sldns_buffer* hex_data_buffer = NULL; |
| 529 | sldns_buffer* hex_ednsdata_buffer = NULL; | |
| 510 | 530 | uint8_t pktbuf[MAX_PACKETLEN]; |
| 511 | 531 | size_t pktlen = LDNS_HEADER_SIZE; |
| 512 | 532 | int do_flag = 0; /* DO flag in EDNS */ |
| 573 | 593 | cur_reply->reply_from_hex = hex_buffer2wire(hex_data_buffer); |
| 574 | 594 | sldns_buffer_free(hex_data_buffer); |
| 575 | 595 | hex_data_buffer = NULL; |
| 596 | } else if(reading_hex) { | |
| 597 | sldns_buffer_printf(hex_data_buffer, "%s", line); | |
| 598 | } else if(str_keyword(&parse, "HEX_EDNSDATA_BEGIN")) { | |
| 599 | hex_ednsdata_buffer = sldns_buffer_new(MAX_PACKETLEN); | |
| 600 | reading_hex_ednsdata = 1; | |
| 601 | } else if(str_keyword(&parse, "HEX_EDNSDATA_END")) { | |
| 602 | if (!reading_hex_ednsdata) { | |
| 603 | error("%s line %d: HEX_EDNSDATA_END read but no" | |
| 604 | "HEX_EDNSDATA_BEGIN keyword seen", name, pstate->lineno); | |
| 605 | } | |
| 606 | reading_hex_ednsdata = 0; | |
| 607 | cur_reply->raw_ednsdata = hex_buffer2wire(hex_ednsdata_buffer); | |
| 608 | sldns_buffer_free(hex_ednsdata_buffer); | |
| 609 | hex_ednsdata_buffer = NULL; | |
| 610 | } else if(reading_hex_ednsdata) { | |
| 611 | sldns_buffer_printf(hex_ednsdata_buffer, "%s", line); | |
| 576 | 612 | } else if(str_keyword(&parse, "ENTRY_END")) { |
| 577 | 613 | if(hex_data_buffer) |
| 578 | 614 | sldns_buffer_free(hex_data_buffer); |
| 615 | if(hex_ednsdata_buffer) | |
| 616 | sldns_buffer_free(hex_ednsdata_buffer); | |
| 579 | 617 | if(pktlen != 0) { |
| 580 | if(do_flag) | |
| 581 | add_do_flag(pktbuf, sizeof(pktbuf), | |
| 582 | &pktlen); | |
| 618 | if(do_flag || cur_reply->raw_ednsdata) { | |
| 619 | if(cur_reply->raw_ednsdata && | |
| 620 | sldns_buffer_limit(cur_reply->raw_ednsdata)) | |
| 621 | add_edns(pktbuf, sizeof(pktbuf), do_flag, | |
| 622 | sldns_buffer_begin(cur_reply->raw_ednsdata), | |
| 623 | (uint16_t)sldns_buffer_limit(cur_reply->raw_ednsdata), | |
| 624 | &pktlen); | |
| 625 | else | |
| 626 | add_edns(pktbuf, sizeof(pktbuf), do_flag, | |
| 627 | NULL, 0, &pktlen); | |
| 628 | } | |
| 583 | 629 | cur_reply->reply_pkt = memdup(pktbuf, pktlen); |
| 584 | 630 | cur_reply->reply_len = pktlen; |
| 585 | 631 | if(!cur_reply->reply_pkt) |
| 586 | 632 | error("out of memory"); |
| 587 | 633 | } |
| 588 | 634 | return current; |
| 589 | } else if(reading_hex) { | |
| 590 | sldns_buffer_printf(hex_data_buffer, "%s", line); | |
| 591 | 635 | } else { |
| 592 | 636 | add_rr(skip_whitespace?parse:line, pktbuf, |
| 593 | 637 | sizeof(pktbuf), &pktlen, pstate, add_section, |
| 595 | 639 | } |
| 596 | 640 | |
| 597 | 641 | } |
| 598 | if (reading_hex) { | |
| 642 | if(reading_hex) { | |
| 599 | 643 | error("%s: End of file reached while still reading hex, " |
| 600 | 644 | "missing HEX_ANSWER_END\n", name); |
| 645 | } | |
| 646 | if(reading_hex_ednsdata) { | |
| 647 | error("%s: End of file reached while still reading edns data, " | |
| 648 | "missing HEX_EDNSDATA_END\n", name); | |
| 601 | 649 | } |
| 602 | 650 | if(current) { |
| 603 | 651 | error("%s: End of file reached while reading entry. " |
| 688 | 736 | if(pktlen < LDNS_HEADER_SIZE) |
| 689 | 737 | return 0; |
| 690 | 738 | return (int)LDNS_OPCODE_WIRE(pkt); |
| 739 | } | |
| 740 | ||
| 741 | /** returns rcode from packet */ | |
| 742 | static int get_rcode(uint8_t* pkt, size_t pktlen) | |
| 743 | { | |
| 744 | if(pktlen < LDNS_HEADER_SIZE) | |
| 745 | return 0; | |
| 746 | return (int)LDNS_RCODE_WIRE(pkt); | |
| 691 | 747 | } |
| 692 | 748 | |
| 693 | 749 | /** get authority section SOA serial value */ |
| 760 | 816 | wlen -= LDNS_HEADER_SIZE; |
| 761 | 817 | |
| 762 | 818 | /* skip other records with wire2str_scan */ |
| 763 | for(i=0; i < LDNS_QDCOUNT(p); i++) | |
| 819 | for(i=0; i < LDNS_QDCOUNT(*p); i++) | |
| 764 | 820 | (void)sldns_wire2str_rrquestion_scan(&w, &wlen, &snull, &sl, |
| 765 | 821 | *p, *plen); |
| 766 | for(i=0; i < LDNS_ANCOUNT(p); i++) | |
| 822 | for(i=0; i < LDNS_ANCOUNT(*p); i++) | |
| 767 | 823 | (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); |
| 768 | for(i=0; i < LDNS_NSCOUNT(p); i++) | |
| 824 | for(i=0; i < LDNS_NSCOUNT(*p); i++) | |
| 769 | 825 | (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); |
| 770 | 826 | |
| 771 | 827 | /* walk through additional section */ |
| 772 | for(i=0; i < LDNS_ARCOUNT(p); i++) { | |
| 828 | for(i=0; i < LDNS_ARCOUNT(*p); i++) { | |
| 773 | 829 | /* if this is OPT then done */ |
| 774 | 830 | uint8_t* dstart = w; |
| 775 | 831 | size_t dlen = wlen; |
| 801 | 857 | uint16_t edns_bits; |
| 802 | 858 | uint8_t* walk = pkt; |
| 803 | 859 | size_t walk_len = len; |
| 804 | if(pkt_find_edns_opt(&walk, &walk_len)) { | |
| 805 | return 1; | |
| 860 | if(!pkt_find_edns_opt(&walk, &walk_len)) { | |
| 861 | return 0; | |
| 806 | 862 | } |
| 807 | 863 | if(walk_len < 6) |
| 808 | 864 | return 0; /* malformed */ |
| 1085 | 1141 | } |
| 1086 | 1142 | } |
| 1087 | 1143 | |
| 1144 | /** match question section of packet */ | |
| 1145 | static int | |
| 1146 | match_question(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl) | |
| 1147 | { | |
| 1148 | char* qstr, *pstr, *s, *qcmpstr, *pcmpstr; | |
| 1149 | uint8_t* qb = q, *pb = p; | |
| 1150 | int r; | |
| 1151 | /* zero TTLs */ | |
| 1152 | qb = memdup(q, qlen); | |
| 1153 | pb = memdup(p, plen); | |
| 1154 | if(!qb || !pb) error("out of memory"); | |
| 1155 | if(!mttl) { | |
| 1156 | zerottls(qb, qlen); | |
| 1157 | zerottls(pb, plen); | |
| 1158 | } | |
| 1159 | lowercase_pkt(qb, qlen); | |
| 1160 | lowercase_pkt(pb, plen); | |
| 1161 | qstr = sldns_wire2str_pkt(qb, qlen); | |
| 1162 | pstr = sldns_wire2str_pkt(pb, plen); | |
| 1163 | if(!qstr || !pstr) error("cannot pkt2string"); | |
| 1164 | ||
| 1165 | /* remove before ;; QUESTION */ | |
| 1166 | s = strstr(qstr, ";; QUESTION SECTION"); | |
| 1167 | qcmpstr = s; | |
| 1168 | s = strstr(pstr, ";; QUESTION SECTION"); | |
| 1169 | pcmpstr = s; | |
| 1170 | if(!qcmpstr && !pcmpstr) { | |
| 1171 | free(qstr); | |
| 1172 | free(pstr); | |
| 1173 | free(qb); | |
| 1174 | free(pb); | |
| 1175 | return 1; | |
| 1176 | } | |
| 1177 | if(!qcmpstr || !pcmpstr) { | |
| 1178 | free(qstr); | |
| 1179 | free(pstr); | |
| 1180 | free(qb); | |
| 1181 | free(pb); | |
| 1182 | return 0; | |
| 1183 | } | |
| 1184 | ||
| 1185 | /* remove after answer section, (;; AUTH, ;; ADD, ;; MSG size ..) */ | |
| 1186 | s = strstr(qcmpstr, ";; ANSWER SECTION"); | |
| 1187 | if(!s) s = strstr(qcmpstr, ";; AUTHORITY SECTION"); | |
| 1188 | if(!s) s = strstr(qcmpstr, ";; ADDITIONAL SECTION"); | |
| 1189 | if(!s) s = strstr(qcmpstr, ";; MSG SIZE"); | |
| 1190 | if(s) *s = 0; | |
| 1191 | s = strstr(pcmpstr, ";; ANSWER SECTION"); | |
| 1192 | if(!s) s = strstr(pcmpstr, ";; AUTHORITY SECTION"); | |
| 1193 | if(!s) s = strstr(pcmpstr, ";; ADDITIONAL SECTION"); | |
| 1194 | if(!s) s = strstr(pcmpstr, ";; MSG SIZE"); | |
| 1195 | if(s) *s = 0; | |
| 1196 | ||
| 1197 | r = (strcmp(qcmpstr, pcmpstr) == 0); | |
| 1198 | ||
| 1199 | if(!r) { | |
| 1200 | verbose(3, "mismatch question section '%s' and '%s'", | |
| 1201 | qcmpstr, pcmpstr); | |
| 1202 | } | |
| 1203 | ||
| 1204 | free(qstr); | |
| 1205 | free(pstr); | |
| 1206 | free(qb); | |
| 1207 | free(pb); | |
| 1208 | return r; | |
| 1209 | } | |
| 1210 | ||
| 1211 | /** match answer section of packet */ | |
| 1212 | static int | |
| 1213 | match_answer(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl) | |
| 1214 | { | |
| 1215 | char* qstr, *pstr, *s, *qcmpstr, *pcmpstr; | |
| 1216 | uint8_t* qb = q, *pb = p; | |
| 1217 | int r; | |
| 1218 | /* zero TTLs */ | |
| 1219 | qb = memdup(q, qlen); | |
| 1220 | pb = memdup(p, plen); | |
| 1221 | if(!qb || !pb) error("out of memory"); | |
| 1222 | if(!mttl) { | |
| 1223 | zerottls(qb, qlen); | |
| 1224 | zerottls(pb, plen); | |
| 1225 | } | |
| 1226 | lowercase_pkt(qb, qlen); | |
| 1227 | lowercase_pkt(pb, plen); | |
| 1228 | qstr = sldns_wire2str_pkt(qb, qlen); | |
| 1229 | pstr = sldns_wire2str_pkt(pb, plen); | |
| 1230 | if(!qstr || !pstr) error("cannot pkt2string"); | |
| 1231 | ||
| 1232 | /* remove before ;; ANSWER */ | |
| 1233 | s = strstr(qstr, ";; ANSWER SECTION"); | |
| 1234 | qcmpstr = s; | |
| 1235 | s = strstr(pstr, ";; ANSWER SECTION"); | |
| 1236 | pcmpstr = s; | |
| 1237 | if(!qcmpstr && !pcmpstr) { | |
| 1238 | free(qstr); | |
| 1239 | free(pstr); | |
| 1240 | free(qb); | |
| 1241 | free(pb); | |
| 1242 | return 1; | |
| 1243 | } | |
| 1244 | if(!qcmpstr || !pcmpstr) { | |
| 1245 | free(qstr); | |
| 1246 | free(pstr); | |
| 1247 | free(qb); | |
| 1248 | free(pb); | |
| 1249 | return 0; | |
| 1250 | } | |
| 1251 | ||
| 1252 | /* remove after answer section, (;; AUTH, ;; ADD, ;; MSG size ..) */ | |
| 1253 | s = strstr(qcmpstr, ";; AUTHORITY SECTION"); | |
| 1254 | if(!s) s = strstr(qcmpstr, ";; ADDITIONAL SECTION"); | |
| 1255 | if(!s) s = strstr(qcmpstr, ";; MSG SIZE"); | |
| 1256 | if(s) *s = 0; | |
| 1257 | s = strstr(pcmpstr, ";; AUTHORITY SECTION"); | |
| 1258 | if(!s) s = strstr(pcmpstr, ";; ADDITIONAL SECTION"); | |
| 1259 | if(!s) s = strstr(pcmpstr, ";; MSG SIZE"); | |
| 1260 | if(s) *s = 0; | |
| 1261 | ||
| 1262 | r = (strcmp(qcmpstr, pcmpstr) == 0); | |
| 1263 | ||
| 1264 | if(!r) { | |
| 1265 | verbose(3, "mismatch answer section '%s' and '%s'", | |
| 1266 | qcmpstr, pcmpstr); | |
| 1267 | } | |
| 1268 | ||
| 1269 | free(qstr); | |
| 1270 | free(pstr); | |
| 1271 | free(qb); | |
| 1272 | free(pb); | |
| 1273 | return r; | |
| 1274 | } | |
| 1275 | ||
| 1088 | 1276 | /** match all of the packet */ |
| 1089 | 1277 | int |
| 1090 | 1278 | match_all(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl, |
| 1127 | 1315 | /* check for reordered sections */ |
| 1128 | 1316 | r = match_noloc(qstr, pstr, q, qlen, p, plen); |
| 1129 | 1317 | } |
| 1318 | if(!r) { | |
| 1319 | verbose(3, "mismatch pkt '%s' and '%s'", qstr, pstr); | |
| 1320 | } | |
| 1130 | 1321 | free(qstr); |
| 1131 | 1322 | free(pstr); |
| 1132 | 1323 | free(qb); |
| 1185 | 1376 | return 0; |
| 1186 | 1377 | } |
| 1187 | 1378 | |
| 1379 | /** Match OPT RDATA (not the EDNS payload size or flags) */ | |
| 1380 | static int | |
| 1381 | match_ednsdata(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) | |
| 1382 | { | |
| 1383 | uint8_t* walk_q = q; | |
| 1384 | size_t walk_qlen = qlen; | |
| 1385 | uint8_t* walk_p = p; | |
| 1386 | size_t walk_plen = plen; | |
| 1387 | ||
| 1388 | if(!pkt_find_edns_opt(&walk_q, &walk_qlen)) | |
| 1389 | walk_qlen = 0; | |
| 1390 | if(!pkt_find_edns_opt(&walk_p, &walk_plen)) | |
| 1391 | walk_plen = 0; | |
| 1392 | ||
| 1393 | /* class + ttl + rdlen = 8 */ | |
| 1394 | if(walk_qlen <= 8 && walk_plen <= 8) { | |
| 1395 | verbose(3, "NO edns opt, move on"); | |
| 1396 | return 1; | |
| 1397 | } | |
| 1398 | if(walk_qlen != walk_plen) | |
| 1399 | return 0; | |
| 1400 | ||
| 1401 | return (memcmp(walk_p+8, walk_q+8, walk_qlen-8) == 0); | |
| 1402 | } | |
| 1403 | ||
| 1188 | 1404 | /* finds entry in list, or returns NULL */ |
| 1189 | 1405 | struct entry* |
| 1190 | 1406 | find_match(struct entry* entries, uint8_t* query_pkt, size_t len, |
| 1213 | 1429 | continue; |
| 1214 | 1430 | } |
| 1215 | 1431 | } |
| 1432 | if(p->match_rcode) { | |
| 1433 | if(get_rcode(query_pkt, len) != get_rcode(reply, rlen)) { | |
| 1434 | char *r1 = sldns_wire2str_rcode(get_rcode(query_pkt, len)); | |
| 1435 | char *r2 = sldns_wire2str_rcode(get_rcode(reply, rlen)); | |
| 1436 | verbose(3, "bad rcode %s instead of %s\n", | |
| 1437 | r1, r2); | |
| 1438 | free(r1); | |
| 1439 | free(r2); | |
| 1440 | continue; | |
| 1441 | } | |
| 1442 | } | |
| 1443 | if(p->match_question) { | |
| 1444 | if(!match_question(query_pkt, len, reply, rlen, | |
| 1445 | (int)p->match_ttl)) { | |
| 1446 | verbose(3, "bad question section\n"); | |
| 1447 | continue; | |
| 1448 | } | |
| 1449 | } | |
| 1450 | if(p->match_answer) { | |
| 1451 | if(!match_answer(query_pkt, len, reply, rlen, | |
| 1452 | (int)p->match_ttl)) { | |
| 1453 | verbose(3, "bad answer section\n"); | |
| 1454 | continue; | |
| 1455 | } | |
| 1456 | } | |
| 1216 | 1457 | if(p->match_subdomain) { |
| 1217 | 1458 | if(!subdomain_dname(query_pkt, len, reply, rlen)) { |
| 1218 | 1459 | verbose(3, "bad subdomain\n"); |
| 1229 | 1470 | } |
| 1230 | 1471 | if(p->match_noedns && get_has_edns(query_pkt, len)) { |
| 1231 | 1472 | verbose(3, "bad; EDNS OPT present\n"); |
| 1473 | continue; | |
| 1474 | } | |
| 1475 | if(p->match_ednsdata_raw && | |
| 1476 | !match_ednsdata(query_pkt, len, reply, rlen)) { | |
| 1477 | verbose(3, "bad EDNS data match.\n"); | |
| 1232 | 1478 | continue; |
| 1233 | 1479 | } |
| 1234 | 1480 | if(p->match_transport != transport_any && p->match_transport != transport) { |
| 1316 | 1562 | if(match->copy_id && reslen >= 1) |
| 1317 | 1563 | res[0] = orig[0]; |
| 1318 | 1564 | |
| 1565 | if(match->copy_ednsdata_assume_clientsubnet) { | |
| 1566 | /** Assume there is only one EDNS option, which is ECS. | |
| 1567 | * Copy source mask from query to scope mask in reply. Assume | |
| 1568 | * rest of ECS data in response (eg address) matches the query. | |
| 1569 | */ | |
| 1570 | uint8_t* walk_q = orig; | |
| 1571 | size_t walk_qlen = origlen; | |
| 1572 | uint8_t* walk_p = res; | |
| 1573 | size_t walk_plen = reslen; | |
| 1574 | ||
| 1575 | if(!pkt_find_edns_opt(&walk_q, &walk_qlen)) { | |
| 1576 | walk_qlen = 0; | |
| 1577 | } | |
| 1578 | if(!pkt_find_edns_opt(&walk_p, &walk_plen)) { | |
| 1579 | walk_plen = 0; | |
| 1580 | } | |
| 1581 | /* class + ttl + rdlen + optcode + optlen + ecs fam + ecs source | |
| 1582 | * + ecs scope = index 15 */ | |
| 1583 | if(walk_qlen >= 15 && walk_plen >= 15) { | |
| 1584 | walk_p[15] = walk_q[14]; | |
| 1585 | } | |
| 1586 | } | |
| 1587 | ||
| 1319 | 1588 | if(match->sleeptime > 0) { |
| 1320 | 1589 | verbose(3, "sleeping for %d seconds\n", match->sleeptime); |
| 1321 | 1590 | #ifdef HAVE_SLEEP |
| 1409 | 1678 | np = p->next; |
| 1410 | 1679 | free(p->reply_pkt); |
| 1411 | 1680 | sldns_buffer_free(p->reply_from_hex); |
| 1681 | sldns_buffer_free(p->raw_ednsdata); | |
| 1412 | 1682 | free(p); |
| 1413 | 1683 | p=np; |
| 1414 | 1684 | } |
| 49 | 49 | ; 'ttl' used with all, rrs in packet must also have matching TTLs. |
| 50 | 50 | ; 'DO' will match only queries with DO bit set. |
| 51 | 51 | ; 'noedns' matches queries without EDNS OPT records. |
| 52 | ; 'rcode' makes the query match the rcode from the reply | |
| 53 | ; 'question' makes the query match the question section | |
| 54 | ; 'answer' makes the query match the answer section | |
| 55 | ; 'ednsdata' matches queries to HEX_EDNS section. | |
| 52 | 56 | MATCH [opcode] [qtype] [qname] [serial=<value>] [all] [ttl] |
| 53 | 57 | MATCH [UDP|TCP] DO |
| 54 | 58 | MATCH ... |
| 83 | 87 | ; be parsed, ADJUST rules for the answer packet |
| 84 | 88 | ; are ignored. Only copy_id is done. |
| 85 | 89 | HEX_ANSWER_END |
| 90 | HEX_EDNS_BEGIN ; follow with hex data. | |
| 91 | ; Raw EDNS data to match against. It must be an | |
| 92 | ; exact match (all options are matched) and will be | |
| 93 | ; evaluated only when 'MATCH ednsdata' given. | |
| 94 | HEX_EDNS_END | |
| 86 | 95 | ENTRY_END |
| 87 | 96 | |
| 88 | 97 | |
| 143 | 152 | uint8_t* reply_pkt; |
| 144 | 153 | /** length of reply pkt */ |
| 145 | 154 | size_t reply_len; |
| 155 | /** Additional EDNS data for matching queries. */ | |
| 156 | struct sldns_buffer* raw_ednsdata; | |
| 146 | 157 | /** or reply pkt in hex if not parsable */ |
| 147 | 158 | struct sldns_buffer* reply_from_hex; |
| 148 | 159 | /** seconds to sleep before giving packet */ |
| 160 | 171 | uint8_t match_qtype; |
| 161 | 172 | /** match qname with answer qname */ |
| 162 | 173 | uint8_t match_qname; |
| 174 | /** match rcode with answer rcode */ | |
| 175 | uint8_t match_rcode; | |
| 176 | /** match question section */ | |
| 177 | uint8_t match_question; | |
| 178 | /** match answer section */ | |
| 179 | uint8_t match_answer; | |
| 163 | 180 | /** match qname as subdomain of answer qname */ |
| 164 | 181 | uint8_t match_subdomain; |
| 165 | 182 | /** match SOA serial number, from auth section */ |
| 172 | 189 | uint8_t match_do; |
| 173 | 190 | /** match absence of EDNS OPT record in query */ |
| 174 | 191 | uint8_t match_noedns; |
| 192 | /** match edns data field given in hex */ | |
| 193 | uint8_t match_ednsdata_raw; | |
| 175 | 194 | /** match query serial with this value. */ |
| 176 | 195 | uint32_t ixfr_soa_serial; |
| 177 | 196 | /** match on UDP/TCP */ |
| 185 | 204 | uint8_t copy_id; |
| 186 | 205 | /** copy the query nametypeclass from query into the answer */ |
| 187 | 206 | uint8_t copy_query; |
| 207 | /** copy ednsdata to reply, assume it is clientsubnet and | |
| 208 | * adjust scopemask to match sourcemask */ | |
| 209 | uint8_t copy_ednsdata_assume_clientsubnet; | |
| 188 | 210 | /** in seconds */ |
| 189 | 211 | unsigned int sleeptime; |
| 190 | 212 | |
| 0 | /* | |
| 1 | * testcode/unitauth.c - unit test for authzone authoritative zone code. | |
| 2 | * | |
| 3 | * Copyright (c) 2017, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | * | |
| 34 | */ | |
| 35 | /** | |
| 36 | * \file | |
| 37 | * Unit test for auth zone code. | |
| 38 | */ | |
| 39 | #include "config.h" | |
| 40 | #include "services/authzone.h" | |
| 41 | #include "testcode/unitmain.h" | |
| 42 | #include "util/regional.h" | |
| 43 | #include "util/net_help.h" | |
| 44 | #include "util/data/msgreply.h" | |
| 45 | #include "services/cache/dns.h" | |
| 46 | #include "sldns/str2wire.h" | |
| 47 | #include "sldns/wire2str.h" | |
| 48 | #include "sldns/sbuffer.h" | |
| 49 | ||
| 50 | /** verbosity for this test */ | |
| 51 | static int vbmp = 0; | |
| 52 | ||
| 53 | /** struct for query and answer checks */ | |
| 54 | struct q_ans { | |
| 55 | /** zone to query (delegpt) */ | |
| 56 | const char* zone; | |
| 57 | /** query name, class, type */ | |
| 58 | const char* query; | |
| 59 | /** additional flags or "" */ | |
| 60 | const char* flags; | |
| 61 | /** expected answer to check against, multi-line string */ | |
| 62 | const char* answer; | |
| 63 | }; | |
| 64 | ||
| 65 | /** auth zone for test */ | |
| 66 | static const char* zone_example_com = | |
| 67 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 68 | "example.com. 3600 IN A 10.0.0.1\n" | |
| 69 | "example.com. 3600 IN NS ns.example.com.\n" | |
| 70 | "example.com. 3600 IN MX 50 mail.example.com.\n" | |
| 71 | "deep.ent.example.com. 3600 IN A 10.0.0.9\n" | |
| 72 | "mail.example.com. 3600 IN A 10.0.0.4\n" | |
| 73 | "ns.example.com. 3600 IN A 10.0.0.5\n" | |
| 74 | "out.example.com. 3600 IN CNAME www.example.com.\n" | |
| 75 | "plan.example.com. 3600 IN CNAME nonexist.example.com.\n" | |
| 76 | "redir.example.com. 3600 IN DNAME redir.example.org.\n" | |
| 77 | "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" | |
| 78 | "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" | |
| 79 | "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" | |
| 80 | "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" | |
| 81 | "*.wild.example.com. 3600 IN A 10.0.0.8\n" | |
| 82 | "*.wild2.example.com. 3600 IN CNAME www.example.com.\n" | |
| 83 | "*.wild3.example.com. 3600 IN A 10.0.0.8\n" | |
| 84 | "*.wild3.example.com. 3600 IN MX 50 mail.example.com.\n" | |
| 85 | "www.example.com. 3600 IN A 10.0.0.2\n" | |
| 86 | "www.example.com. 3600 IN A 10.0.0.3\n" | |
| 87 | "yy.example.com. 3600 IN TXT \"a\"\n" | |
| 88 | "yy.example.com. 3600 IN TXT \"b\"\n" | |
| 89 | "yy.example.com. 3600 IN TXT \"c\"\n" | |
| 90 | "yy.example.com. 3600 IN TXT \"d\"\n" | |
| 91 | "yy.example.com. 3600 IN TXT \"e\"\n" | |
| 92 | "yy.example.com. 3600 IN TXT \"f\"\n" | |
| 93 | ||
| 94 | /* and some tests for RRSIGs (rrsig is www.nlnetlabs.nl copy) */ | |
| 95 | /* normal: domain and 1 rrsig */ | |
| 96 | "z1.example.com. 3600 IN A 10.0.0.10\n" | |
| 97 | "z1.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 98 | /* normal: domain and 2 rrsigs */ | |
| 99 | "z2.example.com. 3600 IN A 10.0.0.10\n" | |
| 100 | "z2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 101 | "z2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" | |
| 102 | /* normal: domain and 3 rrsigs */ | |
| 103 | "z3.example.com. 3600 IN A 10.0.0.10\n" | |
| 104 | "z3.example.com. 3600 IN A 10.0.0.11\n" | |
| 105 | "z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 106 | "z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" | |
| 107 | "z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12356 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12356}\n" | |
| 108 | /* just an RRSIG rrset with nothing else */ | |
| 109 | "z4.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 110 | /* just an RRSIG rrset with nothing else, 2 rrsigs */ | |
| 111 | "z5.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 112 | "z5.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" | |
| 113 | #if 0 /* comparison of file does not work on this part because duplicates */ | |
| 114 | /* are removed and the rrsets are reordered */ | |
| 115 | /* first rrsig, then A record */ | |
| 116 | "z6.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 117 | "z6.example.com. 3600 IN A 10.0.0.10\n" | |
| 118 | /* first two rrsigs, then A record */ | |
| 119 | "z7.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 120 | "z7.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" | |
| 121 | "z7.example.com. 3600 IN A 10.0.0.10\n" | |
| 122 | /* first two rrsigs, then two A records */ | |
| 123 | "z8.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 124 | "z8.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" | |
| 125 | "z8.example.com. 3600 IN A 10.0.0.10\n" | |
| 126 | "z8.example.com. 3600 IN A 10.0.0.11\n" | |
| 127 | /* duplicate RR, duplicate RRsig */ | |
| 128 | "z9.example.com. 3600 IN A 10.0.0.10\n" | |
| 129 | "z9.example.com. 3600 IN A 10.0.0.11\n" | |
| 130 | "z9.example.com. 3600 IN A 10.0.0.10\n" | |
| 131 | "z9.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 132 | "z9.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" | |
| 133 | #endif /* if0 for duplicates and reordering */ | |
| 134 | ; | |
| 135 | ||
| 136 | /** queries for example.com: zone, query, flags, answer. end with NULL */ | |
| 137 | static struct q_ans example_com_queries[] = { | |
| 138 | { "example.com", "www.example.com. A", "", | |
| 139 | ";flags QR AA rcode NOERROR\n" | |
| 140 | ";answer section\n" | |
| 141 | "www.example.com. 3600 IN A 10.0.0.2\n" | |
| 142 | "www.example.com. 3600 IN A 10.0.0.3\n" | |
| 143 | }, | |
| 144 | ||
| 145 | { "example.com", "example.com. SOA", "", | |
| 146 | ";flags QR AA rcode NOERROR\n" | |
| 147 | ";answer section\n" | |
| 148 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 149 | }, | |
| 150 | ||
| 151 | { "example.com", "example.com. A", "", | |
| 152 | ";flags QR AA rcode NOERROR\n" | |
| 153 | ";answer section\n" | |
| 154 | "example.com. 3600 IN A 10.0.0.1\n" | |
| 155 | }, | |
| 156 | ||
| 157 | { "example.com", "example.com. AAAA", "", | |
| 158 | ";flags QR AA rcode NOERROR\n" | |
| 159 | ";authority section\n" | |
| 160 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 161 | }, | |
| 162 | ||
| 163 | { "example.com", "example.com. NS", "", | |
| 164 | ";flags QR AA rcode NOERROR\n" | |
| 165 | ";answer section\n" | |
| 166 | "example.com. 3600 IN NS ns.example.com.\n" | |
| 167 | ";additional section\n" | |
| 168 | "ns.example.com. 3600 IN A 10.0.0.5\n" | |
| 169 | }, | |
| 170 | ||
| 171 | { "example.com", "example.com. MX", "", | |
| 172 | ";flags QR AA rcode NOERROR\n" | |
| 173 | ";answer section\n" | |
| 174 | "example.com. 3600 IN MX 50 mail.example.com.\n" | |
| 175 | ";additional section\n" | |
| 176 | "mail.example.com. 3600 IN A 10.0.0.4\n" | |
| 177 | }, | |
| 178 | ||
| 179 | { "example.com", "example.com. IN ANY", "", | |
| 180 | ";flags QR AA rcode NOERROR\n" | |
| 181 | ";answer section\n" | |
| 182 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 183 | "example.com. 3600 IN MX 50 mail.example.com.\n" | |
| 184 | "example.com. 3600 IN A 10.0.0.1\n" | |
| 185 | }, | |
| 186 | ||
| 187 | { "example.com", "nonexist.example.com. A", "", | |
| 188 | ";flags QR AA rcode NXDOMAIN\n" | |
| 189 | ";authority section\n" | |
| 190 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 191 | }, | |
| 192 | ||
| 193 | { "example.com", "deep.ent.example.com. A", "", | |
| 194 | ";flags QR AA rcode NOERROR\n" | |
| 195 | ";answer section\n" | |
| 196 | "deep.ent.example.com. 3600 IN A 10.0.0.9\n" | |
| 197 | }, | |
| 198 | ||
| 199 | { "example.com", "ent.example.com. A", "", | |
| 200 | ";flags QR AA rcode NOERROR\n" | |
| 201 | ";authority section\n" | |
| 202 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 203 | }, | |
| 204 | ||
| 205 | { "example.com", "below.deep.ent.example.com. A", "", | |
| 206 | ";flags QR AA rcode NXDOMAIN\n" | |
| 207 | ";authority section\n" | |
| 208 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 209 | }, | |
| 210 | ||
| 211 | { "example.com", "mail.example.com. A", "", | |
| 212 | ";flags QR AA rcode NOERROR\n" | |
| 213 | ";answer section\n" | |
| 214 | "mail.example.com. 3600 IN A 10.0.0.4\n" | |
| 215 | }, | |
| 216 | ||
| 217 | { "example.com", "ns.example.com. A", "", | |
| 218 | ";flags QR AA rcode NOERROR\n" | |
| 219 | ";answer section\n" | |
| 220 | "ns.example.com. 3600 IN A 10.0.0.5\n" | |
| 221 | }, | |
| 222 | ||
| 223 | { "example.com", "out.example.com. A", "", | |
| 224 | ";flags QR AA rcode NOERROR\n" | |
| 225 | ";answer section\n" | |
| 226 | "out.example.com. 3600 IN CNAME www.example.com.\n" | |
| 227 | "www.example.com. 3600 IN A 10.0.0.2\n" | |
| 228 | "www.example.com. 3600 IN A 10.0.0.3\n" | |
| 229 | }, | |
| 230 | ||
| 231 | { "example.com", "out.example.com. CNAME", "", | |
| 232 | ";flags QR AA rcode NOERROR\n" | |
| 233 | ";answer section\n" | |
| 234 | "out.example.com. 3600 IN CNAME www.example.com.\n" | |
| 235 | }, | |
| 236 | ||
| 237 | { "example.com", "plan.example.com. A", "", | |
| 238 | ";flags QR AA rcode NOERROR\n" | |
| 239 | ";answer section\n" | |
| 240 | "plan.example.com. 3600 IN CNAME nonexist.example.com.\n" | |
| 241 | }, | |
| 242 | ||
| 243 | { "example.com", "plan.example.com. CNAME", "", | |
| 244 | ";flags QR AA rcode NOERROR\n" | |
| 245 | ";answer section\n" | |
| 246 | "plan.example.com. 3600 IN CNAME nonexist.example.com.\n" | |
| 247 | }, | |
| 248 | ||
| 249 | { "example.com", "redir.example.com. A", "", | |
| 250 | ";flags QR AA rcode NOERROR\n" | |
| 251 | ";authority section\n" | |
| 252 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 253 | }, | |
| 254 | ||
| 255 | { "example.com", "redir.example.com. DNAME", "", | |
| 256 | ";flags QR AA rcode NOERROR\n" | |
| 257 | ";answer section\n" | |
| 258 | "redir.example.com. 3600 IN DNAME redir.example.org.\n" | |
| 259 | }, | |
| 260 | ||
| 261 | { "example.com", "abc.redir.example.com. A", "", | |
| 262 | ";flags QR AA rcode NOERROR\n" | |
| 263 | ";answer section\n" | |
| 264 | "redir.example.com. 3600 IN DNAME redir.example.org.\n" | |
| 265 | "abc.redir.example.com. 0 IN CNAME abc.redir.example.org.\n" | |
| 266 | }, | |
| 267 | ||
| 268 | { "example.com", "foo.abc.redir.example.com. A", "", | |
| 269 | ";flags QR AA rcode NOERROR\n" | |
| 270 | ";answer section\n" | |
| 271 | "redir.example.com. 3600 IN DNAME redir.example.org.\n" | |
| 272 | "foo.abc.redir.example.com. 0 IN CNAME foo.abc.redir.example.org.\n" | |
| 273 | }, | |
| 274 | ||
| 275 | { "example.com", "sub.example.com. NS", "", | |
| 276 | ";flags QR rcode NOERROR\n" | |
| 277 | ";authority section\n" | |
| 278 | "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" | |
| 279 | "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" | |
| 280 | ";additional section\n" | |
| 281 | "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" | |
| 282 | "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" | |
| 283 | }, | |
| 284 | ||
| 285 | { "example.com", "sub.example.com. DS", "", | |
| 286 | ";flags QR AA rcode NOERROR\n" | |
| 287 | ";authority section\n" | |
| 288 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 289 | }, | |
| 290 | ||
| 291 | { "example.com", "www.sub.example.com. NS", "", | |
| 292 | ";flags QR rcode NOERROR\n" | |
| 293 | ";authority section\n" | |
| 294 | "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" | |
| 295 | "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" | |
| 296 | ";additional section\n" | |
| 297 | "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" | |
| 298 | "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" | |
| 299 | }, | |
| 300 | ||
| 301 | { "example.com", "foo.abc.sub.example.com. NS", "", | |
| 302 | ";flags QR rcode NOERROR\n" | |
| 303 | ";authority section\n" | |
| 304 | "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" | |
| 305 | "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" | |
| 306 | ";additional section\n" | |
| 307 | "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" | |
| 308 | "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" | |
| 309 | }, | |
| 310 | ||
| 311 | { "example.com", "ns1.sub.example.com. A", "", | |
| 312 | ";flags QR rcode NOERROR\n" | |
| 313 | ";authority section\n" | |
| 314 | "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" | |
| 315 | "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" | |
| 316 | ";additional section\n" | |
| 317 | "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" | |
| 318 | "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" | |
| 319 | }, | |
| 320 | ||
| 321 | { "example.com", "ns1.sub.example.com. AAAA", "", | |
| 322 | ";flags QR rcode NOERROR\n" | |
| 323 | ";authority section\n" | |
| 324 | "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" | |
| 325 | "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" | |
| 326 | ";additional section\n" | |
| 327 | "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" | |
| 328 | "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" | |
| 329 | }, | |
| 330 | ||
| 331 | { "example.com", "ns2.sub.example.com. A", "", | |
| 332 | ";flags QR rcode NOERROR\n" | |
| 333 | ";authority section\n" | |
| 334 | "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" | |
| 335 | "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" | |
| 336 | ";additional section\n" | |
| 337 | "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" | |
| 338 | "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" | |
| 339 | }, | |
| 340 | ||
| 341 | { "example.com", "ns2.sub.example.com. AAAA", "", | |
| 342 | ";flags QR rcode NOERROR\n" | |
| 343 | ";authority section\n" | |
| 344 | "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" | |
| 345 | "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" | |
| 346 | ";additional section\n" | |
| 347 | "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" | |
| 348 | "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" | |
| 349 | }, | |
| 350 | ||
| 351 | { "example.com", "wild.example.com. A", "", | |
| 352 | ";flags QR AA rcode NOERROR\n" | |
| 353 | ";authority section\n" | |
| 354 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 355 | }, | |
| 356 | ||
| 357 | { "example.com", "*.wild.example.com. A", "", | |
| 358 | ";flags QR AA rcode NOERROR\n" | |
| 359 | ";answer section\n" | |
| 360 | "*.wild.example.com. 3600 IN A 10.0.0.8\n" | |
| 361 | }, | |
| 362 | ||
| 363 | { "example.com", "*.wild.example.com. AAAA", "", | |
| 364 | ";flags QR AA rcode NOERROR\n" | |
| 365 | ";authority section\n" | |
| 366 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 367 | }, | |
| 368 | ||
| 369 | { "example.com", "abc.wild.example.com. A", "", | |
| 370 | ";flags QR AA rcode NOERROR\n" | |
| 371 | ";answer section\n" | |
| 372 | "abc.wild.example.com. 3600 IN A 10.0.0.8\n" | |
| 373 | }, | |
| 374 | ||
| 375 | { "example.com", "abc.wild.example.com. AAAA", "", | |
| 376 | ";flags QR AA rcode NOERROR\n" | |
| 377 | ";authority section\n" | |
| 378 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 379 | }, | |
| 380 | ||
| 381 | { "example.com", "foo.abc.wild.example.com. A", "", | |
| 382 | ";flags QR AA rcode NOERROR\n" | |
| 383 | ";answer section\n" | |
| 384 | "foo.abc.wild.example.com. 3600 IN A 10.0.0.8\n" | |
| 385 | }, | |
| 386 | ||
| 387 | { "example.com", "foo.abc.wild.example.com. AAAA", "", | |
| 388 | ";flags QR AA rcode NOERROR\n" | |
| 389 | ";authority section\n" | |
| 390 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 391 | }, | |
| 392 | ||
| 393 | { "example.com", "wild2.example.com. A", "", | |
| 394 | ";flags QR AA rcode NOERROR\n" | |
| 395 | ";authority section\n" | |
| 396 | "example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" | |
| 397 | }, | |
| 398 | ||
| 399 | { "example.com", "*.wild2.example.com. A", "", | |
| 400 | ";flags QR AA rcode NOERROR\n" | |
| 401 | ";answer section\n" | |
| 402 | "*.wild2.example.com. 3600 IN CNAME www.example.com.\n" | |
| 403 | "www.example.com. 3600 IN A 10.0.0.2\n" | |
| 404 | "www.example.com. 3600 IN A 10.0.0.3\n" | |
| 405 | }, | |
| 406 | ||
| 407 | { "example.com", "abc.wild2.example.com. A", "", | |
| 408 | ";flags QR AA rcode NOERROR\n" | |
| 409 | ";answer section\n" | |
| 410 | "abc.wild2.example.com. 3600 IN CNAME www.example.com.\n" | |
| 411 | "www.example.com. 3600 IN A 10.0.0.2\n" | |
| 412 | "www.example.com. 3600 IN A 10.0.0.3\n" | |
| 413 | }, | |
| 414 | ||
| 415 | { "example.com", "foo.abc.wild2.example.com. A", "", | |
| 416 | ";flags QR AA rcode NOERROR\n" | |
| 417 | ";answer section\n" | |
| 418 | "foo.abc.wild2.example.com. 3600 IN CNAME www.example.com.\n" | |
| 419 | "www.example.com. 3600 IN A 10.0.0.2\n" | |
| 420 | "www.example.com. 3600 IN A 10.0.0.3\n" | |
| 421 | }, | |
| 422 | ||
| 423 | { "example.com", "abc.wild2.example.com. CNAME", "", | |
| 424 | ";flags QR AA rcode NOERROR\n" | |
| 425 | ";answer section\n" | |
| 426 | "abc.wild2.example.com. 3600 IN CNAME www.example.com.\n" | |
| 427 | }, | |
| 428 | ||
| 429 | { "example.com", "abc.wild3.example.com. IN ANY", "", | |
| 430 | ";flags QR AA rcode NOERROR\n" | |
| 431 | ";answer section\n" | |
| 432 | "abc.wild3.example.com. 3600 IN MX 50 mail.example.com.\n" | |
| 433 | "abc.wild3.example.com. 3600 IN A 10.0.0.8\n" | |
| 434 | }, | |
| 435 | ||
| 436 | { "example.com", "yy.example.com. TXT", "", | |
| 437 | ";flags QR AA rcode NOERROR\n" | |
| 438 | ";answer section\n" | |
| 439 | "yy.example.com. 3600 IN TXT \"a\"\n" | |
| 440 | "yy.example.com. 3600 IN TXT \"b\"\n" | |
| 441 | "yy.example.com. 3600 IN TXT \"c\"\n" | |
| 442 | "yy.example.com. 3600 IN TXT \"d\"\n" | |
| 443 | "yy.example.com. 3600 IN TXT \"e\"\n" | |
| 444 | "yy.example.com. 3600 IN TXT \"f\"\n" | |
| 445 | }, | |
| 446 | ||
| 447 | {NULL, NULL, NULL, NULL} | |
| 448 | }; | |
| 449 | ||
| 450 | /** number of tmpfiles */ | |
| 451 | static int tempno = 0; | |
| 452 | /** number of deleted files */ | |
| 453 | static int delno = 0; | |
| 454 | ||
| 455 | /** cleanup tmp files at exit */ | |
| 456 | static void | |
| 457 | tmpfilecleanup(void) | |
| 458 | { | |
| 459 | int i; | |
| 460 | char buf[256]; | |
| 461 | for(i=0; i<tempno; i++) { | |
| 462 | snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d", | |
| 463 | (unsigned)getpid(), i); | |
| 464 | if(vbmp) printf("cleanup: unlink %s\n", buf); | |
| 465 | unlink(buf); | |
| 466 | } | |
| 467 | } | |
| 468 | ||
| 469 | /** create temp file, return (malloced) name string, write contents to it */ | |
| 470 | static char* | |
| 471 | create_tmp_file(const char* s) | |
| 472 | { | |
| 473 | char buf[256]; | |
| 474 | char *fname; | |
| 475 | FILE *out; | |
| 476 | size_t r; | |
| 477 | snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d", | |
| 478 | (unsigned)getpid(), tempno++); | |
| 479 | fname = strdup(buf); | |
| 480 | if(!fname) fatal_exit("out of memory"); | |
| 481 | /* if no string, just make the name */ | |
| 482 | if(!s) return fname; | |
| 483 | /* if string, write to file */ | |
| 484 | out = fopen(fname, "w"); | |
| 485 | if(!out) fatal_exit("cannot open %s: %s", fname, strerror(errno)); | |
| 486 | r = fwrite(s, 1, strlen(s), out); | |
| 487 | if(r == 0) { | |
| 488 | fatal_exit("write failed: %s", strerror(errno)); | |
| 489 | } else if(r < strlen(s)) { | |
| 490 | fatal_exit("write failed: too short (disk full?)"); | |
| 491 | } | |
| 492 | fclose(out); | |
| 493 | return fname; | |
| 494 | } | |
| 495 | ||
| 496 | /** delete temp file and free name string */ | |
| 497 | static void | |
| 498 | del_tmp_file(char* fname) | |
| 499 | { | |
| 500 | unlink(fname); | |
| 501 | free(fname); | |
| 502 | delno++; | |
| 503 | if(delno == tempno) { | |
| 504 | /* deleted all outstanding files, back to start condition */ | |
| 505 | tempno = 0; | |
| 506 | delno = 0; | |
| 507 | } | |
| 508 | } | |
| 509 | ||
| 510 | /** Add zone from file for testing */ | |
| 511 | static struct auth_zone* | |
| 512 | addzone(struct auth_zones* az, const char* name, char* fname) | |
| 513 | { | |
| 514 | struct auth_zone* z; | |
| 515 | size_t nmlen; | |
| 516 | uint8_t* nm = sldns_str2wire_dname(name, &nmlen); | |
| 517 | if(!nm) fatal_exit("out of memory"); | |
| 518 | lock_rw_wrlock(&az->lock); | |
| 519 | z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN); | |
| 520 | lock_rw_unlock(&az->lock); | |
| 521 | if(!z) fatal_exit("cannot find zone"); | |
| 522 | auth_zone_set_zonefile(z, fname); | |
| 523 | ||
| 524 | if(!auth_zone_read_zonefile(z)) { | |
| 525 | fatal_exit("parse failure for auth zone %s", name); | |
| 526 | } | |
| 527 | lock_rw_unlock(&z->lock); | |
| 528 | free(nm); | |
| 529 | return z; | |
| 530 | } | |
| 531 | ||
| 532 | /** check that file is the same as other file */ | |
| 533 | static void | |
| 534 | checkfile(char* f1, char *f2) | |
| 535 | { | |
| 536 | char buf1[10240], buf2[10240]; | |
| 537 | int line = 0; | |
| 538 | FILE* i1, *i2; | |
| 539 | i1 = fopen(f1, "r"); | |
| 540 | if(!i1) fatal_exit("cannot open %s: %s", f1, strerror(errno)); | |
| 541 | i2 = fopen(f2, "r"); | |
| 542 | if(!i2) fatal_exit("cannot open %s: %s", f2, strerror(errno)); | |
| 543 | ||
| 544 | while(!feof(i1) && !feof(i2)) { | |
| 545 | char* cp1, *cp2; | |
| 546 | line++; | |
| 547 | cp1 = fgets(buf1, (int)sizeof(buf1), i1); | |
| 548 | cp2 = fgets(buf2, (int)sizeof(buf2), i2); | |
| 549 | if((!cp1 && !feof(i1)) || (!cp2 && !feof(i2))) | |
| 550 | fatal_exit("fgets failed: %s", strerror(errno)); | |
| 551 | if(strcmp(buf1, buf2) != 0) { | |
| 552 | log_info("in files %s and %s:%d", f1, f2, line); | |
| 553 | log_info("'%s'", buf1); | |
| 554 | log_info("'%s'", buf2); | |
| 555 | fatal_exit("files are not eqaul"); | |
| 556 | } | |
| 557 | } | |
| 558 | unit_assert(feof(i1) && feof(i2)); | |
| 559 | ||
| 560 | fclose(i1); | |
| 561 | fclose(i2); | |
| 562 | } | |
| 563 | ||
| 564 | /** check that a zone (in string) can be read and reproduced */ | |
| 565 | static void | |
| 566 | check_read_exact(const char* name, const char* zone) | |
| 567 | { | |
| 568 | struct auth_zones* az; | |
| 569 | struct auth_zone* z; | |
| 570 | char* fname, *outf; | |
| 571 | if(vbmp) printf("check read zone %s\n", name); | |
| 572 | fname = create_tmp_file(zone); | |
| 573 | ||
| 574 | az = auth_zones_create(); | |
| 575 | unit_assert(az); | |
| 576 | z = addzone(az, name, fname); | |
| 577 | unit_assert(z); | |
| 578 | outf = create_tmp_file(NULL); | |
| 579 | if(!auth_zone_write_file(z, outf)) { | |
| 580 | fatal_exit("write file failed for %s", fname); | |
| 581 | } | |
| 582 | checkfile(fname, outf); | |
| 583 | ||
| 584 | del_tmp_file(fname); | |
| 585 | del_tmp_file(outf); | |
| 586 | auth_zones_delete(az); | |
| 587 | } | |
| 588 | ||
| 589 | /** parse q_ans structure for making query */ | |
| 590 | static void | |
| 591 | q_ans_parse(struct q_ans* q, struct regional* region, | |
| 592 | struct query_info** qinfo, int* fallback, uint8_t** dp_nm, | |
| 593 | size_t* dp_nmlen) | |
| 594 | { | |
| 595 | int ret; | |
| 596 | uint8_t buf[65535]; | |
| 597 | size_t len, dname_len; | |
| 598 | ||
| 599 | /* parse flags */ | |
| 600 | *fallback = 0; /* default fallback value */ | |
| 601 | if(strstr(q->flags, "fallback")) | |
| 602 | *fallback = 1; | |
| 603 | ||
| 604 | /* parse zone */ | |
| 605 | *dp_nmlen = sizeof(buf); | |
| 606 | if((ret=sldns_str2wire_dname_buf(q->zone, buf, dp_nmlen))!=0) | |
| 607 | fatal_exit("cannot parse query dp zone %s : %s", q->zone, | |
| 608 | sldns_get_errorstr_parse(ret)); | |
| 609 | *dp_nm = regional_alloc_init(region, buf, *dp_nmlen); | |
| 610 | if(!dp_nm) fatal_exit("out of memory"); | |
| 611 | ||
| 612 | /* parse query */ | |
| 613 | len = sizeof(buf); | |
| 614 | dname_len = 0; | |
| 615 | if((ret=sldns_str2wire_rr_question_buf(q->query, buf, &len, &dname_len, | |
| 616 | *dp_nm, *dp_nmlen, NULL, 0))!=0) | |
| 617 | fatal_exit("cannot parse query %s : %s", q->query, | |
| 618 | sldns_get_errorstr_parse(ret)); | |
| 619 | *qinfo = (struct query_info*)regional_alloc_zero(region, | |
| 620 | sizeof(**qinfo)); | |
| 621 | if(!*qinfo) fatal_exit("out of memory"); | |
| 622 | (*qinfo)->qname = regional_alloc_init(region, buf, dname_len); | |
| 623 | if(!(*qinfo)->qname) fatal_exit("out of memory"); | |
| 624 | (*qinfo)->qname_len = dname_len; | |
| 625 | (*qinfo)->qtype = sldns_wirerr_get_type(buf, len, dname_len); | |
| 626 | (*qinfo)->qclass = sldns_wirerr_get_class(buf, len, dname_len); | |
| 627 | } | |
| 628 | ||
| 629 | /** print flags to string */ | |
| 630 | static void | |
| 631 | pr_flags(sldns_buffer* buf, uint16_t flags) | |
| 632 | { | |
| 633 | char rcode[32]; | |
| 634 | sldns_buffer_printf(buf, ";flags"); | |
| 635 | if((flags&BIT_QR)!=0) sldns_buffer_printf(buf, " QR"); | |
| 636 | if((flags&BIT_AA)!=0) sldns_buffer_printf(buf, " AA"); | |
| 637 | if((flags&BIT_TC)!=0) sldns_buffer_printf(buf, " TC"); | |
| 638 | if((flags&BIT_RD)!=0) sldns_buffer_printf(buf, " RD"); | |
| 639 | if((flags&BIT_CD)!=0) sldns_buffer_printf(buf, " CD"); | |
| 640 | if((flags&BIT_RA)!=0) sldns_buffer_printf(buf, " RA"); | |
| 641 | if((flags&BIT_AD)!=0) sldns_buffer_printf(buf, " AD"); | |
| 642 | if((flags&BIT_Z)!=0) sldns_buffer_printf(buf, " Z"); | |
| 643 | sldns_wire2str_rcode_buf((int)(FLAGS_GET_RCODE(flags)), | |
| 644 | rcode, sizeof(rcode)); | |
| 645 | sldns_buffer_printf(buf, " rcode %s", rcode); | |
| 646 | sldns_buffer_printf(buf, "\n"); | |
| 647 | } | |
| 648 | ||
| 649 | /** print RRs to string */ | |
| 650 | static void | |
| 651 | pr_rrs(sldns_buffer* buf, struct reply_info* rep) | |
| 652 | { | |
| 653 | char s[65536]; | |
| 654 | size_t i, j; | |
| 655 | struct packed_rrset_data* d; | |
| 656 | log_assert(rep->rrset_count == rep->an_numrrsets + rep->ns_numrrsets | |
| 657 | + rep->ar_numrrsets); | |
| 658 | for(i=0; i<rep->rrset_count; i++) { | |
| 659 | /* section heading */ | |
| 660 | if(i == 0 && rep->an_numrrsets != 0) | |
| 661 | sldns_buffer_printf(buf, ";answer section\n"); | |
| 662 | else if(i == rep->an_numrrsets && rep->ns_numrrsets != 0) | |
| 663 | sldns_buffer_printf(buf, ";authority section\n"); | |
| 664 | else if(i == rep->an_numrrsets+rep->ns_numrrsets && | |
| 665 | rep->ar_numrrsets != 0) | |
| 666 | sldns_buffer_printf(buf, ";additional section\n"); | |
| 667 | /* spool RRset */ | |
| 668 | d = (struct packed_rrset_data*)rep->rrsets[i]->entry.data; | |
| 669 | for(j=0; j<d->count+d->rrsig_count; j++) { | |
| 670 | if(!packed_rr_to_string(rep->rrsets[i], j, 0, | |
| 671 | s, sizeof(s))) { | |
| 672 | fatal_exit("could not rr_to_string %d", | |
| 673 | (int)i); | |
| 674 | } | |
| 675 | sldns_buffer_printf(buf, "%s", s); | |
| 676 | } | |
| 677 | } | |
| 678 | } | |
| 679 | ||
| 680 | /** create string for message */ | |
| 681 | static char* | |
| 682 | msgtostr(struct dns_msg* msg) | |
| 683 | { | |
| 684 | char* str; | |
| 685 | sldns_buffer* buf = sldns_buffer_new(65535); | |
| 686 | if(!buf) fatal_exit("out of memory"); | |
| 687 | pr_flags(buf, msg->rep->flags); | |
| 688 | pr_rrs(buf, msg->rep); | |
| 689 | ||
| 690 | str = strdup((char*)sldns_buffer_begin(buf)); | |
| 691 | if(!str) fatal_exit("out of memory"); | |
| 692 | sldns_buffer_free(buf); | |
| 693 | return str; | |
| 694 | } | |
| 695 | ||
| 696 | /** find line diff between strings */ | |
| 697 | static void | |
| 698 | line_diff(const char* p, const char* q, const char* pdesc, const char* qdesc) | |
| 699 | { | |
| 700 | char* pdup, *qdup, *pl, *ql; | |
| 701 | int line = 1; | |
| 702 | pdup = strdup(p); | |
| 703 | qdup = strdup(q); | |
| 704 | if(!pdup || !qdup) fatal_exit("out of memory"); | |
| 705 | pl=pdup; | |
| 706 | ql=qdup; | |
| 707 | printf("linediff (<%s, >%s)\n", pdesc, qdesc); | |
| 708 | while(pl && ql && *pl && *ql) { | |
| 709 | char* ep = strchr(pl, '\n'); | |
| 710 | char* eq = strchr(ql, '\n'); | |
| 711 | /* terminate lines */ | |
| 712 | if(ep) *ep = 0; | |
| 713 | if(eq) *eq = 0; | |
| 714 | /* printout */ | |
| 715 | if(strcmp(pl, ql) == 0) { | |
| 716 | printf("%3d %s\n", line, pl); | |
| 717 | } else { | |
| 718 | printf("%3d < %s\n", line, pl); | |
| 719 | printf("%3d > %s\n", line, ql); | |
| 720 | } | |
| 721 | if(ep) *ep = '\n'; | |
| 722 | if(eq) *eq = '\n'; | |
| 723 | if(ep) pl = ep+1; | |
| 724 | else pl = NULL; | |
| 725 | if(eq) ql = eq+1; | |
| 726 | else ql = NULL; | |
| 727 | line++; | |
| 728 | } | |
| 729 | if(pl && *pl) { | |
| 730 | printf("%3d < %s\n", line, pl); | |
| 731 | } | |
| 732 | if(ql && *ql) { | |
| 733 | printf("%3d > %s\n", line, ql); | |
| 734 | } | |
| 735 | free(pdup); | |
| 736 | free(qdup); | |
| 737 | } | |
| 738 | ||
| 739 | /** make q_ans query */ | |
| 740 | static void | |
| 741 | q_ans_query(struct q_ans* q, struct auth_zones* az, struct query_info* qinfo, | |
| 742 | struct regional* region, int expected_fallback, uint8_t* dp_nm, | |
| 743 | size_t dp_nmlen) | |
| 744 | { | |
| 745 | int ret, fallback = 0; | |
| 746 | struct dns_msg* msg = NULL; | |
| 747 | char* ans_str; | |
| 748 | int oldv = verbosity; | |
| 749 | /* increase verbosity to printout logic in authzone */ | |
| 750 | if(vbmp) verbosity = 4; | |
| 751 | ret = auth_zones_lookup(az, qinfo, region, &msg, &fallback, dp_nm, | |
| 752 | dp_nmlen); | |
| 753 | if(vbmp) verbosity = oldv; | |
| 754 | ||
| 755 | /* check the answer */ | |
| 756 | ans_str = msgtostr(msg); | |
| 757 | /* printout if vbmp */ | |
| 758 | if(vbmp) printf("got (ret=%s%s):\n%s", | |
| 759 | (ret?"ok":"fail"), (fallback?" fallback":""), ans_str); | |
| 760 | /* check expected value for ret */ | |
| 761 | if(expected_fallback && ret != 0) { | |
| 762 | /* ret is zero on fallback */ | |
| 763 | if(vbmp) printf("fallback expected, but " | |
| 764 | "return value is not false\n"); | |
| 765 | unit_assert(expected_fallback && ret == 0); | |
| 766 | } | |
| 767 | if(ret == 0) { | |
| 768 | if(!expected_fallback) { | |
| 769 | if(vbmp) printf("return value is false, " | |
| 770 | "(unexpected)\n"); | |
| 771 | } | |
| 772 | unit_assert(expected_fallback); | |
| 773 | } | |
| 774 | /* check expected value for fallback */ | |
| 775 | if(expected_fallback && !fallback) { | |
| 776 | if(vbmp) printf("expected fallback, but fallback is no\n"); | |
| 777 | } else if(!expected_fallback && fallback) { | |
| 778 | if(vbmp) printf("expected no fallback, but fallback is yes\n"); | |
| 779 | } | |
| 780 | unit_assert( (expected_fallback&&fallback) || | |
| 781 | (!expected_fallback&&!fallback)); | |
| 782 | /* check answer string */ | |
| 783 | if(strcmp(q->answer, ans_str) != 0) { | |
| 784 | if(vbmp) printf("wanted:\n%s", q->answer); | |
| 785 | line_diff(q->answer, ans_str, "wanted", "got"); | |
| 786 | } | |
| 787 | unit_assert(strcmp(q->answer, ans_str) == 0); | |
| 788 | if(vbmp) printf("query ok\n\n"); | |
| 789 | free(ans_str); | |
| 790 | } | |
| 791 | ||
| 792 | /** check queries on a loaded zone */ | |
| 793 | static void | |
| 794 | check_az_q_ans(struct auth_zones* az, struct q_ans* queries) | |
| 795 | { | |
| 796 | struct q_ans* q; | |
| 797 | struct regional* region = regional_create(); | |
| 798 | struct query_info* qinfo; | |
| 799 | int fallback; | |
| 800 | uint8_t* dp_nm; | |
| 801 | size_t dp_nmlen; | |
| 802 | for(q=queries; q->zone; q++) { | |
| 803 | if(vbmp) printf("query %s: %s %s\n", q->zone, q->query, | |
| 804 | q->flags); | |
| 805 | q_ans_parse(q, region, &qinfo, &fallback, &dp_nm, &dp_nmlen); | |
| 806 | q_ans_query(q, az, qinfo, region, fallback, dp_nm, dp_nmlen); | |
| 807 | regional_free_all(region); | |
| 808 | } | |
| 809 | regional_destroy(region); | |
| 810 | } | |
| 811 | ||
| 812 | /** check queries for a zone are returned as specified */ | |
| 813 | static void | |
| 814 | check_queries(const char* name, const char* zone, struct q_ans* queries) | |
| 815 | { | |
| 816 | struct auth_zones* az; | |
| 817 | struct auth_zone* z; | |
| 818 | char* fname; | |
| 819 | if(vbmp) printf("check queries %s\n", name); | |
| 820 | fname = create_tmp_file(zone); | |
| 821 | az = auth_zones_create(); | |
| 822 | if(!az) fatal_exit("out of memory"); | |
| 823 | z = addzone(az, name, fname); | |
| 824 | if(!z) fatal_exit("could not read zone for queries test"); | |
| 825 | del_tmp_file(fname); | |
| 826 | ||
| 827 | /* run queries and test them */ | |
| 828 | check_az_q_ans(az, queries); | |
| 829 | ||
| 830 | auth_zones_delete(az); | |
| 831 | } | |
| 832 | ||
| 833 | /** Test authzone read from file */ | |
| 834 | static void | |
| 835 | authzone_read_test(void) | |
| 836 | { | |
| 837 | if(vbmp) printf("Testing read auth zone\n"); | |
| 838 | check_read_exact("example.com", zone_example_com); | |
| 839 | } | |
| 840 | ||
| 841 | /** Test authzone query from zone */ | |
| 842 | static void | |
| 843 | authzone_query_test(void) | |
| 844 | { | |
| 845 | if(vbmp) printf("Testing query auth zone\n"); | |
| 846 | check_queries("example.com", zone_example_com, example_com_queries); | |
| 847 | } | |
| 848 | ||
| 849 | /** test authzone code */ | |
| 850 | void | |
| 851 | authzone_test(void) | |
| 852 | { | |
| 853 | unit_show_feature("authzone"); | |
| 854 | atexit(tmpfilecleanup); | |
| 855 | authzone_read_test(); | |
| 856 | authzone_query_test(); | |
| 857 | } |
| 0 | /* | |
| 1 | * testcode/unitecs.c - unit test for ecs routines. | |
| 2 | * | |
| 3 | * Copyright (c) 2013, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
| 24 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
| 25 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE | |
| 26 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| 27 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| 28 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| 29 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| 30 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 31 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| 32 | * POSSIBILITY OF SUCH DAMAGE. | |
| 33 | * | |
| 34 | */ | |
| 35 | ||
| 36 | /** | |
| 37 | * \file | |
| 38 | * Calls ecs related unit tests. Exits with code 1 on a failure. | |
| 39 | */ | |
| 40 | ||
| 41 | #include "config.h" | |
| 42 | ||
| 43 | #ifdef CLIENT_SUBNET | |
| 44 | ||
| 45 | #include "util/log.h" | |
| 46 | #include "util/module.h" | |
| 47 | #include "testcode/unitmain.h" | |
| 48 | #include "edns-subnet/addrtree.h" | |
| 49 | #include "edns-subnet/subnetmod.h" | |
| 50 | ||
| 51 | /* | |
| 52 | void printkey(addrkey_t *k, addrlen_t bits) | |
| 53 | { | |
| 54 | int byte; | |
| 55 | int bytes = bits/8 + ((bits%8)>0); | |
| 56 | char msk = 0xFF; | |
| 57 | for (byte = 0; byte < bytes; byte++) { | |
| 58 | //~ if (byte+1 == bytes) | |
| 59 | //~ msk = 0xFF<<(8-bits%8); | |
| 60 | printf("%02x ", k[byte]&msk); | |
| 61 | } | |
| 62 | } | |
| 63 | ||
| 64 | void print_tree(struct addrnode* node, int indent, int maxdepth) | |
| 65 | { | |
| 66 | struct addredge* edge; | |
| 67 | int i, s, byte; | |
| 68 | if (indent == 0) printf("-----Tree-----\n"); | |
| 69 | if (indent > maxdepth) { | |
| 70 | printf("\n"); | |
| 71 | return; | |
| 72 | } | |
| 73 | printf("[node elem:%d] (%d)\n", node->elem != NULL, node); | |
| 74 | for (i = 0; i<2; i++) { | |
| 75 | if (node->edge[i]) { | |
| 76 | for (s = 0; s < indent; s++) printf(" "); | |
| 77 | printkey(node->edge[i]->str, node->edge[i]->len); | |
| 78 | printf("(len %d bits, %d bytes) ", node->edge[i]->len, | |
| 79 | node->edge[i]->len/8 + ((node->edge[i]->len%8)>0)); | |
| 80 | print_tree(node->edge[i]->node, indent+1, maxdepth); | |
| 81 | } | |
| 82 | } | |
| 83 | if (indent == 0) printf("-----Tree-----"); | |
| 84 | } | |
| 85 | */ | |
| 86 | ||
| 87 | /* what should we check? | |
| 88 | * X - is it balanced? (a node with 1 child shoudl not have | |
| 89 | * a node with 1 child MUST have elem | |
| 90 | * child must be sub of parent | |
| 91 | * edge must be longer than parent edge | |
| 92 | * */ | |
| 93 | static int addrtree_inconsistent_subtree(struct addrtree* tree, | |
| 94 | struct addredge* parent_edge, addrlen_t depth) | |
| 95 | { | |
| 96 | struct addredge* edge; | |
| 97 | struct addrnode* node = parent_edge->node; | |
| 98 | int childcount, i, r; | |
| 99 | if (depth > tree->max_depth) return 15; | |
| 100 | childcount = (node->edge[0] != NULL) + (node->edge[1] != NULL); | |
| 101 | /* Only nodes with 2 children should possibly have no element. */ | |
| 102 | if (childcount < 2 && !node->elem) return 10; | |
| 103 | for (i = 0; i<2; i++) { | |
| 104 | edge = node->edge[i]; | |
| 105 | if (!edge) continue; | |
| 106 | if (!edge->node) return 11; | |
| 107 | if (!edge->str) return 12; | |
| 108 | if (edge->len <= parent_edge->len) return 13; | |
| 109 | if (!unittest_wrapper_addrtree_issub(parent_edge->str, | |
| 110 | parent_edge->len, edge->str, edge->len, 0)) | |
| 111 | return 14; | |
| 112 | if ((r = addrtree_inconsistent_subtree(tree, edge, depth+1)) != 0) | |
| 113 | return 100+r; | |
| 114 | } | |
| 115 | return 0; | |
| 116 | } | |
| 117 | ||
| 118 | static int addrtree_inconsistent(struct addrtree* tree) | |
| 119 | { | |
| 120 | struct addredge* edge; | |
| 121 | int i, r; | |
| 122 | ||
| 123 | if (!tree) return 0; | |
| 124 | if (!tree->root) return 1; | |
| 125 | ||
| 126 | for (i = 0; i<2; i++) { | |
| 127 | edge = tree->root->edge[i]; | |
| 128 | if (!edge) continue; | |
| 129 | if (!edge->node) return 3; | |
| 130 | if (!edge->str) return 4; | |
| 131 | if ((r = addrtree_inconsistent_subtree(tree, edge, 1)) != 0) | |
| 132 | return r; | |
| 133 | } | |
| 134 | return 0; | |
| 135 | } | |
| 136 | ||
| 137 | static addrlen_t randomkey(addrkey_t **k, int maxlen) | |
| 138 | { | |
| 139 | int byte; | |
| 140 | int bits = rand() % maxlen; | |
| 141 | int bytes = bits/8 + (bits%8>0); /*ceil*/ | |
| 142 | *k = (addrkey_t *) malloc(bytes * sizeof(addrkey_t)); | |
| 143 | for (byte = 0; byte < bytes; byte++) { | |
| 144 | (*k)[byte] = (addrkey_t)(rand() & 0xFF); | |
| 145 | } | |
| 146 | return (addrlen_t)bits; | |
| 147 | } | |
| 148 | ||
| 149 | static void elemfree(void *envptr, void *elemptr) | |
| 150 | { | |
| 151 | struct reply_info *elem = (struct reply_info *)elemptr; | |
| 152 | (void)envptr; | |
| 153 | free(elem); | |
| 154 | } | |
| 155 | ||
| 156 | static void consistency_test(void) | |
| 157 | { | |
| 158 | addrlen_t l; | |
| 159 | time_t i; | |
| 160 | unsigned int count; | |
| 161 | addrkey_t *k; | |
| 162 | struct addrtree* t; | |
| 163 | struct module_env env; | |
| 164 | struct reply_info *elem; | |
| 165 | time_t timenow = 0; | |
| 166 | unit_show_func("edns-subnet/addrtree.h", "Tree consistency check"); | |
| 167 | srand(9195); /* just some value for reproducibility */ | |
| 168 | ||
| 169 | t = addrtree_create(100, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 0); | |
| 170 | count = t->node_count; | |
| 171 | unit_assert(count == 0); | |
| 172 | for (i = 0; i < 1000; i++) { | |
| 173 | l = randomkey(&k, 128); | |
| 174 | elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); | |
| 175 | addrtree_insert(t, k, l, 64, elem, timenow + 10, timenow); | |
| 176 | /* This should always hold because no items ever expire. They | |
| 177 | * could be overwritten, though. */ | |
| 178 | unit_assert( count <= t->node_count ); | |
| 179 | count = t->node_count; | |
| 180 | free(k); | |
| 181 | unit_assert( !addrtree_inconsistent(t) ); | |
| 182 | } | |
| 183 | addrtree_delete(t); | |
| 184 | ||
| 185 | unit_show_func("edns-subnet/addrtree.h", "Tree consistency with purge"); | |
| 186 | t = addrtree_create(8, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 0); | |
| 187 | unit_assert(t->node_count == 0); | |
| 188 | for (i = 0; i < 1000; i++) { | |
| 189 | l = randomkey(&k, 128); | |
| 190 | elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); | |
| 191 | addrtree_insert(t, k, l, 64, elem, i + 10, i); | |
| 192 | free(k); | |
| 193 | unit_assert( !addrtree_inconsistent(t) ); | |
| 194 | } | |
| 195 | addrtree_delete(t); | |
| 196 | ||
| 197 | unit_show_func("edns-subnet/addrtree.h", "Tree consistency with limit"); | |
| 198 | t = addrtree_create(8, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 27); | |
| 199 | unit_assert(t->node_count == 0); | |
| 200 | for (i = 0; i < 1000; i++) { | |
| 201 | l = randomkey(&k, 128); | |
| 202 | elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); | |
| 203 | addrtree_insert(t, k, l, 64, elem, i + 10, i); | |
| 204 | unit_assert( t->node_count <= 27); | |
| 205 | free(k); | |
| 206 | unit_assert( !addrtree_inconsistent(t) ); | |
| 207 | } | |
| 208 | addrtree_delete(t); | |
| 209 | } | |
| 210 | ||
| 211 | static void issub_test(void) | |
| 212 | { | |
| 213 | addrkey_t k1[] = {0x55, 0x55, 0x5A}; | |
| 214 | addrkey_t k2[] = {0x55, 0x5D, 0x5A}; | |
| 215 | unit_show_func("edns-subnet/addrtree.h", "issub"); | |
| 216 | unit_assert( !unittest_wrapper_addrtree_issub(k1, 24, k2, 24, 0) ); | |
| 217 | unit_assert( unittest_wrapper_addrtree_issub(k1, 8, k2, 16, 0) ); | |
| 218 | unit_assert( unittest_wrapper_addrtree_issub(k2, 12, k1, 13, 0) ); | |
| 219 | unit_assert( !unittest_wrapper_addrtree_issub(k1, 16, k2, 12, 0) ); | |
| 220 | unit_assert( unittest_wrapper_addrtree_issub(k1, 12, k2, 12, 0) ); | |
| 221 | unit_assert( !unittest_wrapper_addrtree_issub(k1, 13, k2, 13, 0) ); | |
| 222 | unit_assert( unittest_wrapper_addrtree_issub(k1, 24, k2, 24, 13) ); | |
| 223 | unit_assert( !unittest_wrapper_addrtree_issub(k1, 24, k2, 20, 13) ); | |
| 224 | unit_assert( unittest_wrapper_addrtree_issub(k1, 20, k2, 24, 13) ); | |
| 225 | } | |
| 226 | ||
| 227 | static void getbit_test(void) | |
| 228 | { | |
| 229 | addrkey_t k1[] = {0x55, 0x55, 0x5A}; | |
| 230 | int i; | |
| 231 | unit_show_func("edns-subnet/addrtree.h", "getbit"); | |
| 232 | for(i = 0; i<20; i++) { | |
| 233 | unit_assert( unittest_wrapper_addrtree_getbit(k1, 20, (addrlen_t)i) == (i&1) ); | |
| 234 | } | |
| 235 | } | |
| 236 | ||
| 237 | static void bits_common_test(void) | |
| 238 | { | |
| 239 | addrkey_t k1[] = {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0}; | |
| 240 | addrkey_t k2[] = {0,0,0,0,0,0,0,0}; | |
| 241 | addrlen_t i; | |
| 242 | ||
| 243 | unit_show_func("edns-subnet/addrtree.h", "bits_common"); | |
| 244 | for(i = 0; i<64; i++) { | |
| 245 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k1, 64, i) == 64 ); | |
| 246 | } | |
| 247 | for(i = 0; i<8; i++) { | |
| 248 | k2[i] = k1[i]^(1<<i); | |
| 249 | } | |
| 250 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 0) == 0*8+7 ); | |
| 251 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 8) == 1*8+6 ); | |
| 252 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 16) == 2*8+5 ); | |
| 253 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 24) == 3*8+4 ); | |
| 254 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 32) == 4*8+3 ); | |
| 255 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 40) == 5*8+2 ); | |
| 256 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 48) == 6*8+1 ); | |
| 257 | unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 56) == 7*8+0 ); | |
| 258 | } | |
| 259 | ||
| 260 | static void cmpbit_test(void) | |
| 261 | { | |
| 262 | addrkey_t k1[] = {0xA5, 0x0F}; | |
| 263 | addrkey_t k2[] = {0x5A, 0xF0}; | |
| 264 | addrlen_t i; | |
| 265 | ||
| 266 | unit_show_func("edns-subnet/addrtree.h", "cmpbit"); | |
| 267 | for(i = 0; i<16; i++) { | |
| 268 | unit_assert( !unittest_wrapper_addrtree_cmpbit(k1,k1,i) ); | |
| 269 | unit_assert( unittest_wrapper_addrtree_cmpbit(k1,k2,i) ); | |
| 270 | } | |
| 271 | } | |
| 272 | ||
| 273 | void ecs_test(void) | |
| 274 | { | |
| 275 | unit_show_feature("ecs"); | |
| 276 | cmpbit_test(); | |
| 277 | bits_common_test(); | |
| 278 | getbit_test(); | |
| 279 | issub_test(); | |
| 280 | consistency_test(); | |
| 281 | } | |
| 282 | #endif /* CLIENT_SUBNET */ | |
| 283 |
| 44 | 44 | #include "util/storage/slabhash.h" /* for the test structures */ |
| 45 | 45 | |
| 46 | 46 | /** use this type for the lruhash test key */ |
| 47 | typedef struct slabhash_testkey testkey_t; | |
| 47 | typedef struct slabhash_testkey testkey_type; | |
| 48 | 48 | /** use this type for the lruhash test data */ |
| 49 | typedef struct slabhash_testdata testdata_t; | |
| 49 | typedef struct slabhash_testdata testdata_type; | |
| 50 | 50 | |
| 51 | 51 | /** delete key */ |
| 52 | 52 | static void delkey(struct slabhash_testkey* k) { |
| 55 | 55 | static void deldata(struct slabhash_testdata* d) {free(d);} |
| 56 | 56 | |
| 57 | 57 | /** hash func, very bad to improve collisions */ |
| 58 | static hashvalue_t myhash(int id) {return (hashvalue_t)id & 0x0f;} | |
| 58 | static hashvalue_type myhash(int id) {return (hashvalue_type)id & 0x0f;} | |
| 59 | 59 | /** allocate new key, fill in hash */ |
| 60 | static testkey_t* newkey(int id) { | |
| 61 | testkey_t* k = (testkey_t*)calloc(1, sizeof(testkey_t)); | |
| 60 | static testkey_type* newkey(int id) { | |
| 61 | testkey_type* k = (testkey_type*)calloc(1, sizeof(testkey_type)); | |
| 62 | 62 | if(!k) fatal_exit("out of memory"); |
| 63 | 63 | k->id = id; |
| 64 | 64 | k->entry.hash = myhash(id); |
| 67 | 67 | return k; |
| 68 | 68 | } |
| 69 | 69 | /** new data el */ |
| 70 | static testdata_t* newdata(int val) { | |
| 71 | testdata_t* d = (testdata_t*)calloc(1, | |
| 72 | sizeof(testdata_t)); | |
| 70 | static testdata_type* newdata(int val) { | |
| 71 | testdata_type* d = (testdata_type*)calloc(1, | |
| 72 | sizeof(testdata_type)); | |
| 73 | 73 | if(!d) fatal_exit("out of memory"); |
| 74 | 74 | d->data = val; |
| 75 | 75 | return d; |
| 79 | 79 | static void |
| 80 | 80 | test_bin_find_entry(struct lruhash* table) |
| 81 | 81 | { |
| 82 | testkey_t* k = newkey(12); | |
| 83 | testdata_t* d = newdata(128); | |
| 84 | testkey_t* k2 = newkey(12 + 1024); | |
| 85 | testkey_t* k3 = newkey(14); | |
| 86 | testkey_t* k4 = newkey(12 + 1024*2); | |
| 87 | hashvalue_t h = myhash(12); | |
| 82 | testkey_type* k = newkey(12); | |
| 83 | testdata_type* d = newdata(128); | |
| 84 | testkey_type* k2 = newkey(12 + 1024); | |
| 85 | testkey_type* k3 = newkey(14); | |
| 86 | testkey_type* k4 = newkey(12 + 1024*2); | |
| 87 | hashvalue_type h = myhash(12); | |
| 88 | 88 | struct lruhash_bin bin; |
| 89 | 89 | memset(&bin, 0, sizeof(bin)); |
| 90 | 90 | bin_init(&bin, 1); |
| 160 | 160 | /** test lru_front lru_remove */ |
| 161 | 161 | static void test_lru(struct lruhash* table) |
| 162 | 162 | { |
| 163 | testkey_t* k = newkey(12); | |
| 164 | testkey_t* k2 = newkey(14); | |
| 163 | testkey_type* k = newkey(12); | |
| 164 | testkey_type* k2 = newkey(14); | |
| 165 | 165 | lock_quick_lock(&table->lock); |
| 166 | 166 | |
| 167 | 167 | unit_assert( table->lru_start == NULL && table->lru_end == NULL); |
| 207 | 207 | static void |
| 208 | 208 | test_short_table(struct lruhash* table) |
| 209 | 209 | { |
| 210 | testkey_t* k = newkey(12); | |
| 211 | testkey_t* k2 = newkey(14); | |
| 212 | testdata_t* d = newdata(128); | |
| 213 | testdata_t* d2 = newdata(129); | |
| 210 | testkey_type* k = newkey(12); | |
| 211 | testkey_type* k2 = newkey(14); | |
| 212 | testdata_type* d = newdata(128); | |
| 213 | testdata_type* d2 = newdata(129); | |
| 214 | 214 | |
| 215 | 215 | k->entry.data = d; |
| 216 | 216 | k2->entry.data = d2; |
| 231 | 231 | |
| 232 | 232 | /** test adding a random element */ |
| 233 | 233 | static void |
| 234 | testadd(struct lruhash* table, testdata_t* ref[]) | |
| 234 | testadd(struct lruhash* table, testdata_type* ref[]) | |
| 235 | 235 | { |
| 236 | 236 | int numtoadd = random() % HASHTESTMAX; |
| 237 | testdata_t* data = newdata(numtoadd); | |
| 238 | testkey_t* key = newkey(numtoadd); | |
| 237 | testdata_type* data = newdata(numtoadd); | |
| 238 | testkey_type* key = newkey(numtoadd); | |
| 239 | 239 | key->entry.data = data; |
| 240 | 240 | lruhash_insert(table, myhash(numtoadd), &key->entry, data, NULL); |
| 241 | 241 | ref[numtoadd] = data; |
| 243 | 243 | |
| 244 | 244 | /** test adding a random element */ |
| 245 | 245 | static void |
| 246 | testremove(struct lruhash* table, testdata_t* ref[]) | |
| 246 | testremove(struct lruhash* table, testdata_type* ref[]) | |
| 247 | 247 | { |
| 248 | 248 | int num = random() % HASHTESTMAX; |
| 249 | testkey_t* key = newkey(num); | |
| 249 | testkey_type* key = newkey(num); | |
| 250 | 250 | lruhash_remove(table, myhash(num), key); |
| 251 | 251 | ref[num] = NULL; |
| 252 | 252 | delkey(key); |
| 254 | 254 | |
| 255 | 255 | /** test adding a random element */ |
| 256 | 256 | static void |
| 257 | testlookup(struct lruhash* table, testdata_t* ref[]) | |
| 257 | testlookup(struct lruhash* table, testdata_type* ref[]) | |
| 258 | 258 | { |
| 259 | 259 | int num = random() % HASHTESTMAX; |
| 260 | testkey_t* key = newkey(num); | |
| 260 | testkey_type* key = newkey(num); | |
| 261 | 261 | struct lruhash_entry* en = lruhash_lookup(table, myhash(num), key, 0); |
| 262 | testdata_t* data = en? (testdata_t*)en->data : NULL; | |
| 262 | testdata_type* data = en? (testdata_type*)en->data : NULL; | |
| 263 | 263 | if(en) { |
| 264 | 264 | unit_assert(en->key); |
| 265 | 265 | unit_assert(en->data); |
| 309 | 309 | |
| 310 | 310 | /** test adding a random element (unlimited range) */ |
| 311 | 311 | static void |
| 312 | testadd_unlim(struct lruhash* table, testdata_t** ref) | |
| 312 | testadd_unlim(struct lruhash* table, testdata_type** ref) | |
| 313 | 313 | { |
| 314 | 314 | int numtoadd = random() % (HASHTESTMAX * 10); |
| 315 | testdata_t* data = newdata(numtoadd); | |
| 316 | testkey_t* key = newkey(numtoadd); | |
| 315 | testdata_type* data = newdata(numtoadd); | |
| 316 | testkey_type* key = newkey(numtoadd); | |
| 317 | 317 | key->entry.data = data; |
| 318 | 318 | lruhash_insert(table, myhash(numtoadd), &key->entry, data, NULL); |
| 319 | 319 | if(ref) |
| 322 | 322 | |
| 323 | 323 | /** test adding a random element (unlimited range) */ |
| 324 | 324 | static void |
| 325 | testremove_unlim(struct lruhash* table, testdata_t** ref) | |
| 325 | testremove_unlim(struct lruhash* table, testdata_type** ref) | |
| 326 | 326 | { |
| 327 | 327 | int num = random() % (HASHTESTMAX*10); |
| 328 | testkey_t* key = newkey(num); | |
| 328 | testkey_type* key = newkey(num); | |
| 329 | 329 | lruhash_remove(table, myhash(num), key); |
| 330 | 330 | if(ref) |
| 331 | 331 | ref[num] = NULL; |
| 334 | 334 | |
| 335 | 335 | /** test adding a random element (unlimited range) */ |
| 336 | 336 | static void |
| 337 | testlookup_unlim(struct lruhash* table, testdata_t** ref) | |
| 337 | testlookup_unlim(struct lruhash* table, testdata_type** ref) | |
| 338 | 338 | { |
| 339 | 339 | int num = random() % (HASHTESTMAX*10); |
| 340 | testkey_t* key = newkey(num); | |
| 340 | testkey_type* key = newkey(num); | |
| 341 | 341 | struct lruhash_entry* en = lruhash_lookup(table, myhash(num), key, 0); |
| 342 | testdata_t* data = en? (testdata_t*)en->data : NULL; | |
| 342 | testdata_type* data = en? (testdata_type*)en->data : NULL; | |
| 343 | 343 | if(en) { |
| 344 | 344 | unit_assert(en->key); |
| 345 | 345 | unit_assert(en->data); |
| 359 | 359 | test_long_table(struct lruhash* table) |
| 360 | 360 | { |
| 361 | 361 | /* assuming it all fits in the hashtable, this check will work */ |
| 362 | testdata_t* ref[HASHTESTMAX * 100]; | |
| 362 | testdata_type* ref[HASHTESTMAX * 100]; | |
| 363 | 363 | size_t i; |
| 364 | 364 | memset(ref, 0, sizeof(ref)); |
| 365 | 365 | /* test assumption */ |
| 421 | 421 | /** thread num, first entry. */ |
| 422 | 422 | int num; |
| 423 | 423 | /** id */ |
| 424 | ub_thread_t id; | |
| 424 | ub_thread_type id; | |
| 425 | 425 | /** hash table */ |
| 426 | 426 | struct lruhash* table; |
| 427 | 427 | }; |
| 72 | 72 | /** test alloc code */ |
| 73 | 73 | static void |
| 74 | 74 | alloc_test(void) { |
| 75 | alloc_special_t *t1, *t2; | |
| 75 | alloc_special_type *t1, *t2; | |
| 76 | 76 | struct alloc_cache major, minor1, minor2; |
| 77 | 77 | int i; |
| 78 | 78 | |
| 402 | 402 | } |
| 403 | 403 | |
| 404 | 404 | #include "util/rtt.h" |
| 405 | #include "util/timehist.h" | |
| 406 | #include "libunbound/unbound.h" | |
| 405 | 407 | /** test RTT code */ |
| 406 | 408 | static void |
| 407 | 409 | rtt_test(void) |
| 425 | 427 | unit_assert( rtt_timeout(&r) > RTT_MIN_TIMEOUT-1); |
| 426 | 428 | unit_assert( rtt_timeout(&r) < RTT_MAX_TIMEOUT+1); |
| 427 | 429 | } |
| 430 | /* must be the same, timehist bucket is used in stats */ | |
| 431 | unit_assert(UB_STATS_BUCKET_NUM == NUM_BUCKETS_HIST); | |
| 428 | 432 | } |
| 429 | 433 | |
| 430 | 434 | #include "services/cache/infra.h" |
| 555 | 559 | unit_assert(a[i] >= 0 && a[i] < 10); |
| 556 | 560 | } |
| 557 | 561 | ub_randfree(r); |
| 562 | } | |
| 563 | ||
| 564 | #include "respip/respip.h" | |
| 565 | #include "services/localzone.h" | |
| 566 | #include "util/data/packed_rrset.h" | |
| 567 | typedef struct addr_action {char* ip; char* sact; enum respip_action act;} | |
| 568 | addr_action_t; | |
| 569 | ||
| 570 | /** Utility function that verifies that the respip set has actions as expected */ | |
| 571 | static void | |
| 572 | verify_respip_set_actions(struct respip_set* set, addr_action_t actions[], | |
| 573 | int actions_len) | |
| 574 | { | |
| 575 | int i = 0; | |
| 576 | struct rbtree_type* tree = respip_set_get_tree(set); | |
| 577 | for (i=0; i<actions_len; i++) { | |
| 578 | struct sockaddr_storage addr; | |
| 579 | int net; | |
| 580 | socklen_t addrlen; | |
| 581 | struct resp_addr* node; | |
| 582 | netblockstrtoaddr(actions[i].ip, UNBOUND_DNS_PORT, &addr, | |
| 583 | &addrlen, &net); | |
| 584 | node = (struct resp_addr*)addr_tree_find(tree, &addr, addrlen, net); | |
| 585 | ||
| 586 | /** we have the node and the node has the correct action | |
| 587 | * and has no data */ | |
| 588 | unit_assert(node); | |
| 589 | unit_assert(actions[i].act == | |
| 590 | resp_addr_get_action(node)); | |
| 591 | unit_assert(resp_addr_get_rrset(node) == NULL); | |
| 592 | } | |
| 593 | unit_assert(actions_len && i == actions_len); | |
| 594 | unit_assert(actions_len == (int)tree->count); | |
| 595 | } | |
| 596 | ||
| 597 | /** Global respip actions test; apply raw config data and verify that | |
| 598 | * all the nodes in the respip set, looked up by address, have expected | |
| 599 | * actions */ | |
| 600 | static void | |
| 601 | respip_conf_actions_test(void) | |
| 602 | { | |
| 603 | addr_action_t config_response_ip[] = { | |
| 604 | {"192.0.1.0/24", "deny", respip_deny}, | |
| 605 | {"192.0.2.0/24", "redirect", respip_redirect}, | |
| 606 | {"192.0.3.0/26", "inform", respip_inform}, | |
| 607 | {"192.0.4.0/27", "inform_deny", respip_inform_deny}, | |
| 608 | {"2001:db8:1::/48", "always_transparent", respip_always_transparent}, | |
| 609 | {"2001:db8:2::/49", "always_refuse", respip_always_refuse}, | |
| 610 | {"2001:db8:3::/50", "always_nxdomain", respip_always_nxdomain}, | |
| 611 | }; | |
| 612 | int i; | |
| 613 | struct respip_set* set = respip_set_create(); | |
| 614 | struct config_file cfg; | |
| 615 | int clen = (int)(sizeof(config_response_ip) / sizeof(addr_action_t)); | |
| 616 | ||
| 617 | unit_assert(set); | |
| 618 | unit_show_feature("global respip config actions apply"); | |
| 619 | memset(&cfg, 0, sizeof(cfg)); | |
| 620 | for(i=0; i<clen; i++) { | |
| 621 | char* ip = strdup(config_response_ip[i].ip); | |
| 622 | char* sact = strdup(config_response_ip[i].sact); | |
| 623 | unit_assert(ip && sact); | |
| 624 | if(!cfg_str2list_insert(&cfg.respip_actions, ip, sact)) | |
| 625 | unit_assert(0); | |
| 626 | } | |
| 627 | unit_assert(respip_global_apply_cfg(set, &cfg)); | |
| 628 | verify_respip_set_actions(set, config_response_ip, clen); | |
| 629 | ||
| 630 | respip_set_delete(set); | |
| 631 | config_deldblstrlist(cfg.respip_actions); | |
| 632 | } | |
| 633 | ||
| 634 | /** Per-view respip actions test; apply raw configuration with two views | |
| 635 | * and verify that actions are as expected in respip sets of both views */ | |
| 636 | static void | |
| 637 | respip_view_conf_actions_test(void) | |
| 638 | { | |
| 639 | addr_action_t config_response_ip_view1[] = { | |
| 640 | {"192.0.1.0/24", "deny", respip_deny}, | |
| 641 | {"192.0.2.0/24", "redirect", respip_redirect}, | |
| 642 | {"192.0.3.0/26", "inform", respip_inform}, | |
| 643 | {"192.0.4.0/27", "inform_deny", respip_inform_deny}, | |
| 644 | }; | |
| 645 | addr_action_t config_response_ip_view2[] = { | |
| 646 | {"2001:db8:1::/48", "always_transparent", respip_always_transparent}, | |
| 647 | {"2001:db8:2::/49", "always_refuse", respip_always_refuse}, | |
| 648 | {"2001:db8:3::/50", "always_nxdomain", respip_always_nxdomain}, | |
| 649 | }; | |
| 650 | int i; | |
| 651 | struct config_file cfg; | |
| 652 | int clen1 = (int)(sizeof(config_response_ip_view1) / sizeof(addr_action_t)); | |
| 653 | int clen2 = (int)(sizeof(config_response_ip_view2) / sizeof(addr_action_t)); | |
| 654 | struct config_view* cv1; | |
| 655 | struct config_view* cv2; | |
| 656 | int have_respip_cfg = 0; | |
| 657 | struct views* views = NULL; | |
| 658 | struct view* v = NULL; | |
| 659 | ||
| 660 | unit_show_feature("per-view respip config actions apply"); | |
| 661 | memset(&cfg, 0, sizeof(cfg)); | |
| 662 | cv1 = (struct config_view*)calloc(1, sizeof(struct config_view)); | |
| 663 | cv2 = (struct config_view*)calloc(1, sizeof(struct config_view)); | |
| 664 | unit_assert(cv1 && cv2); | |
| 665 | cv1->name = strdup("view1"); | |
| 666 | cv2->name = strdup("view2"); | |
| 667 | unit_assert(cv1->name && cv2->name); | |
| 668 | cv1->next = cv2; | |
| 669 | cfg.views = cv1; | |
| 670 | ||
| 671 | for(i=0; i<clen1; i++) { | |
| 672 | char* ip = strdup(config_response_ip_view1[i].ip); | |
| 673 | char* sact = strdup(config_response_ip_view1[i].sact); | |
| 674 | unit_assert(ip && sact); | |
| 675 | if(!cfg_str2list_insert(&cv1->respip_actions, ip, sact)) | |
| 676 | unit_assert(0); | |
| 677 | } | |
| 678 | for(i=0; i<clen2; i++) { | |
| 679 | char* ip = strdup(config_response_ip_view2[i].ip); | |
| 680 | char* sact = strdup(config_response_ip_view2[i].sact); | |
| 681 | unit_assert(ip && sact); | |
| 682 | if(!cfg_str2list_insert(&cv2->respip_actions, ip, sact)) | |
| 683 | unit_assert(0); | |
| 684 | } | |
| 685 | views = views_create(); | |
| 686 | unit_assert(views); | |
| 687 | unit_assert(views_apply_cfg(views, &cfg)); | |
| 688 | unit_assert(respip_views_apply_cfg(views, &cfg, &have_respip_cfg)); | |
| 689 | ||
| 690 | /* now verify the respip sets in each view */ | |
| 691 | v = views_find_view(views, "view1", 0); | |
| 692 | unit_assert(v); | |
| 693 | verify_respip_set_actions(v->respip_set, config_response_ip_view1, clen1); | |
| 694 | lock_rw_unlock(&v->lock); | |
| 695 | v = views_find_view(views, "view2", 0); | |
| 696 | unit_assert(v); | |
| 697 | verify_respip_set_actions(v->respip_set, config_response_ip_view2, clen2); | |
| 698 | lock_rw_unlock(&v->lock); | |
| 699 | ||
| 700 | views_delete(views); | |
| 701 | free(cv1->name); | |
| 702 | free(cv1); | |
| 703 | free(cv2->name); | |
| 704 | free(cv2); | |
| 705 | } | |
| 706 | ||
| 707 | typedef struct addr_data {char* ip; char* data;} addr_data_t; | |
| 708 | ||
| 709 | /** find the respip address node in the specified tree (by address lookup) | |
| 710 | * and verify type and address of the specified rdata (by index) in this | |
| 711 | * node's rrset */ | |
| 712 | static void | |
| 713 | verify_rrset(struct respip_set* set, const char* ipstr, | |
| 714 | const char* rdatastr, size_t rdi, uint16_t type) | |
| 715 | { | |
| 716 | struct sockaddr_storage addr; | |
| 717 | int net; | |
| 718 | char buf[65536]; | |
| 719 | socklen_t addrlen; | |
| 720 | struct rbtree_type* tree; | |
| 721 | struct resp_addr* node; | |
| 722 | const struct ub_packed_rrset_key* rrs; | |
| 723 | ||
| 724 | netblockstrtoaddr(ipstr, UNBOUND_DNS_PORT, &addr, &addrlen, &net); | |
| 725 | tree = respip_set_get_tree(set); | |
| 726 | node = (struct resp_addr*)addr_tree_find(tree, &addr, addrlen, net); | |
| 727 | unit_assert(node); | |
| 728 | unit_assert((rrs = resp_addr_get_rrset(node))); | |
| 729 | unit_assert(ntohs(rrs->rk.type) == type); | |
| 730 | packed_rr_to_string((struct ub_packed_rrset_key*)rrs, | |
| 731 | rdi, 0, buf, sizeof(buf)); | |
| 732 | unit_assert(strstr(buf, rdatastr)); | |
| 733 | } | |
| 734 | ||
| 735 | /** Dataset used to test redirect rrset initialization for both | |
| 736 | * global and per-view respip redirect configuration */ | |
| 737 | static addr_data_t config_response_ip_data[] = { | |
| 738 | {"192.0.1.0/24", "A 1.2.3.4"}, | |
| 739 | {"192.0.1.0/24", "A 11.12.13.14"}, | |
| 740 | {"192.0.2.0/24", "CNAME www.example.com."}, | |
| 741 | {"2001:db8:1::/48", "AAAA 2001:db8:1::2:1"}, | |
| 742 | }; | |
| 743 | ||
| 744 | /** Populate raw respip redirect config data, used for both global and | |
| 745 | * view-based respip redirect test case */ | |
| 746 | static void | |
| 747 | cfg_insert_respip_data(struct config_str2list** respip_actions, | |
| 748 | struct config_str2list** respip_data) | |
| 749 | { | |
| 750 | int clen = (int)(sizeof(config_response_ip_data) / sizeof(addr_data_t)); | |
| 751 | int i = 0; | |
| 752 | ||
| 753 | /* insert actions (duplicate netblocks don't matter) */ | |
| 754 | for(i=0; i<clen; i++) { | |
| 755 | char* ip = strdup(config_response_ip_data[i].ip); | |
| 756 | char* sact = strdup("redirect"); | |
| 757 | unit_assert(ip && sact); | |
| 758 | if(!cfg_str2list_insert(respip_actions, ip, sact)) | |
| 759 | unit_assert(0); | |
| 760 | } | |
| 761 | /* insert data */ | |
| 762 | for(i=0; i<clen; i++) { | |
| 763 | char* ip = strdup(config_response_ip_data[i].ip); | |
| 764 | char* data = strdup(config_response_ip_data[i].data); | |
| 765 | unit_assert(ip && data); | |
| 766 | if(!cfg_str2list_insert(respip_data, ip, data)) | |
| 767 | unit_assert(0); | |
| 768 | } | |
| 769 | } | |
| 770 | ||
| 771 | /** Test global respip redirect w/ data directives */ | |
| 772 | static void | |
| 773 | respip_conf_data_test(void) | |
| 774 | { | |
| 775 | struct respip_set* set = respip_set_create(); | |
| 776 | struct config_file cfg; | |
| 777 | ||
| 778 | unit_show_feature("global respip config data apply"); | |
| 779 | memset(&cfg, 0, sizeof(cfg)); | |
| 780 | ||
| 781 | cfg_insert_respip_data(&cfg.respip_actions, &cfg.respip_data); | |
| 782 | ||
| 783 | /* apply configuration and verify rrsets */ | |
| 784 | unit_assert(respip_global_apply_cfg(set, &cfg)); | |
| 785 | verify_rrset(set, "192.0.1.0/24", "1.2.3.4", 0, LDNS_RR_TYPE_A); | |
| 786 | verify_rrset(set, "192.0.1.0/24", "11.12.13.14", 1, LDNS_RR_TYPE_A); | |
| 787 | verify_rrset(set, "192.0.2.0/24", "www.example.com", 0, LDNS_RR_TYPE_CNAME); | |
| 788 | verify_rrset(set, "2001:db8:1::/48", "2001:db8:1::2:1", 0, LDNS_RR_TYPE_AAAA); | |
| 789 | ||
| 790 | respip_set_delete(set); | |
| 791 | } | |
| 792 | ||
| 793 | /** Test per-view respip redirect w/ data directives */ | |
| 794 | static void | |
| 795 | respip_view_conf_data_test(void) | |
| 796 | { | |
| 797 | struct config_file cfg; | |
| 798 | struct config_view* cv; | |
| 799 | int have_respip_cfg = 0; | |
| 800 | struct views* views = NULL; | |
| 801 | struct view* v = NULL; | |
| 802 | ||
| 803 | unit_show_feature("per-view respip config data apply"); | |
| 804 | memset(&cfg, 0, sizeof(cfg)); | |
| 805 | cv = (struct config_view*)calloc(1, sizeof(struct config_view)); | |
| 806 | unit_assert(cv); | |
| 807 | cv->name = strdup("view1"); | |
| 808 | unit_assert(cv->name); | |
| 809 | cfg.views = cv; | |
| 810 | cfg_insert_respip_data(&cv->respip_actions, &cv->respip_data); | |
| 811 | views = views_create(); | |
| 812 | unit_assert(views); | |
| 813 | unit_assert(views_apply_cfg(views, &cfg)); | |
| 814 | ||
| 815 | /* apply configuration and verify rrsets */ | |
| 816 | unit_assert(respip_views_apply_cfg(views, &cfg, &have_respip_cfg)); | |
| 817 | v = views_find_view(views, "view1", 0); | |
| 818 | unit_assert(v); | |
| 819 | verify_rrset(v->respip_set, "192.0.1.0/24", "1.2.3.4", | |
| 820 | 0, LDNS_RR_TYPE_A); | |
| 821 | verify_rrset(v->respip_set, "192.0.1.0/24", "11.12.13.14", | |
| 822 | 1, LDNS_RR_TYPE_A); | |
| 823 | verify_rrset(v->respip_set, "192.0.2.0/24", "www.example.com", | |
| 824 | 0, LDNS_RR_TYPE_CNAME); | |
| 825 | verify_rrset(v->respip_set, "2001:db8:1::/48", "2001:db8:1::2:1", | |
| 826 | 0, LDNS_RR_TYPE_AAAA); | |
| 827 | lock_rw_unlock(&v->lock); | |
| 828 | ||
| 829 | views_delete(views); | |
| 830 | free(cv->name); | |
| 831 | free(cv); | |
| 832 | } | |
| 833 | ||
| 834 | /** respip unit tests */ | |
| 835 | static void respip_test(void) | |
| 836 | { | |
| 837 | respip_view_conf_data_test(); | |
| 838 | respip_conf_data_test(); | |
| 839 | respip_view_conf_actions_test(); | |
| 840 | respip_conf_actions_test(); | |
| 558 | 841 | } |
| 559 | 842 | |
| 560 | 843 | void unit_show_func(const char* file, const char* func) |
| 601 | 884 | fatal_exit("could not init NSS"); |
| 602 | 885 | #endif /* HAVE_SSL or HAVE_NSS*/ |
| 603 | 886 | checklock_start(); |
| 887 | authzone_test(); | |
| 604 | 888 | neg_test(); |
| 605 | 889 | rnd_test(); |
| 890 | respip_test(); | |
| 606 | 891 | verify_test(); |
| 607 | 892 | net_test(); |
| 608 | 893 | config_memsize_test(); |
| 617 | 902 | infra_test(); |
| 618 | 903 | ldns_test(); |
| 619 | 904 | msgparse_test(); |
| 905 | #ifdef CLIENT_SUBNET | |
| 906 | ecs_test(); | |
| 907 | #endif /* CLIENT_SUBNET */ | |
| 620 | 908 | checklock_stop(); |
| 621 | 909 | printf("%d checks ok.\n", testcount); |
| 622 | 910 | #ifdef HAVE_SSL |
| 71 | 71 | void neg_test(void); |
| 72 | 72 | /** unit test for regional allocator functions */ |
| 73 | 73 | void regional_test(void); |
| 74 | #ifdef CLIENT_SUBNET | |
| 75 | /** Unit test for ECS functions */ | |
| 76 | void ecs_test(void); | |
| 77 | #endif /* CLIENT_SUBNET */ | |
| 74 | 78 | /** unit test for ldns functions */ |
| 75 | 79 | void ldns_test(void); |
| 80 | /** unit test for auth zone functions */ | |
| 81 | void authzone_test(void); | |
| 76 | 82 | |
| 77 | 83 | #endif /* TESTCODE_UNITMAIN_H */ |
| 241 | 241 | { |
| 242 | 242 | int n, i; |
| 243 | 243 | struct val_neg_data* d; |
| 244 | rbnode_t* walk; | |
| 244 | rbnode_type* walk; | |
| 245 | 245 | struct val_neg_zone* z; |
| 246 | 246 | |
| 247 | 247 | lock_basic_lock(&neg->lock); |
| 323 | 323 | RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) { |
| 324 | 324 | /* get count of highest parent for num in use */ |
| 325 | 325 | d = (struct val_neg_data*)rbtree_first(&z->tree); |
| 326 | if(d && (rbnode_t*)d!=RBTREE_NULL) | |
| 326 | if(d && (rbnode_type*)d!=RBTREE_NULL) | |
| 327 | 327 | res += d->count; |
| 328 | 328 | } |
| 329 | 329 | return res; |
| 43 | 43 | #include "util/storage/slabhash.h" |
| 44 | 44 | |
| 45 | 45 | /** use this type for the slabhash test key */ |
| 46 | typedef struct slabhash_testkey testkey_t; | |
| 46 | typedef struct slabhash_testkey testkey_type; | |
| 47 | 47 | /** use this type for the slabhash test data */ |
| 48 | typedef struct slabhash_testdata testdata_t; | |
| 48 | typedef struct slabhash_testdata testdata_type; | |
| 49 | 49 | |
| 50 | 50 | /** delete key */ |
| 51 | 51 | static void delkey(struct slabhash_testkey* k) { |
| 52 | 52 | lock_rw_destroy(&k->entry.lock); free(k);} |
| 53 | 53 | |
| 54 | 54 | /** hash func, very bad to improve collisions, both high and low bits */ |
| 55 | static hashvalue_t myhash(int id) { | |
| 56 | hashvalue_t h = (hashvalue_t)id & 0x0f; | |
| 55 | static hashvalue_type myhash(int id) { | |
| 56 | hashvalue_type h = (hashvalue_type)id & 0x0f; | |
| 57 | 57 | h |= (h << 28); |
| 58 | 58 | return h; |
| 59 | 59 | } |
| 60 | 60 | |
| 61 | 61 | /** allocate new key, fill in hash */ |
| 62 | static testkey_t* newkey(int id) { | |
| 63 | testkey_t* k = (testkey_t*)calloc(1, sizeof(testkey_t)); | |
| 62 | static testkey_type* newkey(int id) { | |
| 63 | testkey_type* k = (testkey_type*)calloc(1, sizeof(testkey_type)); | |
| 64 | 64 | if(!k) fatal_exit("out of memory"); |
| 65 | 65 | k->id = id; |
| 66 | 66 | k->entry.hash = myhash(id); |
| 69 | 69 | return k; |
| 70 | 70 | } |
| 71 | 71 | /** new data el */ |
| 72 | static testdata_t* newdata(int val) { | |
| 73 | testdata_t* d = (testdata_t*)calloc(1, | |
| 74 | sizeof(testdata_t)); | |
| 72 | static testdata_type* newdata(int val) { | |
| 73 | testdata_type* d = (testdata_type*)calloc(1, | |
| 74 | sizeof(testdata_type)); | |
| 75 | 75 | if(!d) fatal_exit("out of memory"); |
| 76 | 76 | d->data = val; |
| 77 | 77 | return d; |
| 81 | 81 | static void |
| 82 | 82 | test_short_table(struct slabhash* table) |
| 83 | 83 | { |
| 84 | testkey_t* k = newkey(12); | |
| 85 | testkey_t* k2 = newkey(14); | |
| 86 | testdata_t* d = newdata(128); | |
| 87 | testdata_t* d2 = newdata(129); | |
| 84 | testkey_type* k = newkey(12); | |
| 85 | testkey_type* k2 = newkey(14); | |
| 86 | testdata_type* d = newdata(128); | |
| 87 | testdata_type* d2 = newdata(129); | |
| 88 | 88 | |
| 89 | 89 | k->entry.data = d; |
| 90 | 90 | k2->entry.data = d2; |
| 105 | 105 | |
| 106 | 106 | /** test adding a random element */ |
| 107 | 107 | static void |
| 108 | testadd(struct slabhash* table, testdata_t* ref[]) | |
| 108 | testadd(struct slabhash* table, testdata_type* ref[]) | |
| 109 | 109 | { |
| 110 | 110 | int numtoadd = random() % HASHTESTMAX; |
| 111 | testdata_t* data = newdata(numtoadd); | |
| 112 | testkey_t* key = newkey(numtoadd); | |
| 111 | testdata_type* data = newdata(numtoadd); | |
| 112 | testkey_type* key = newkey(numtoadd); | |
| 113 | 113 | key->entry.data = data; |
| 114 | 114 | slabhash_insert(table, myhash(numtoadd), &key->entry, data, NULL); |
| 115 | 115 | ref[numtoadd] = data; |
| 117 | 117 | |
| 118 | 118 | /** test adding a random element */ |
| 119 | 119 | static void |
| 120 | testremove(struct slabhash* table, testdata_t* ref[]) | |
| 120 | testremove(struct slabhash* table, testdata_type* ref[]) | |
| 121 | 121 | { |
| 122 | 122 | int num = random() % HASHTESTMAX; |
| 123 | testkey_t* key = newkey(num); | |
| 123 | testkey_type* key = newkey(num); | |
| 124 | 124 | slabhash_remove(table, myhash(num), key); |
| 125 | 125 | ref[num] = NULL; |
| 126 | 126 | delkey(key); |
| 128 | 128 | |
| 129 | 129 | /** test adding a random element */ |
| 130 | 130 | static void |
| 131 | testlookup(struct slabhash* table, testdata_t* ref[]) | |
| 131 | testlookup(struct slabhash* table, testdata_type* ref[]) | |
| 132 | 132 | { |
| 133 | 133 | int num = random() % HASHTESTMAX; |
| 134 | testkey_t* key = newkey(num); | |
| 134 | testkey_type* key = newkey(num); | |
| 135 | 135 | struct lruhash_entry* en = slabhash_lookup(table, myhash(num), key, 0); |
| 136 | testdata_t* data = en? (testdata_t*)en->data : NULL; | |
| 136 | testdata_type* data = en? (testdata_type*)en->data : NULL; | |
| 137 | 137 | if(en) { |
| 138 | 138 | unit_assert(en->key); |
| 139 | 139 | unit_assert(en->data); |
| 192 | 192 | |
| 193 | 193 | /** test adding a random element (unlimited range) */ |
| 194 | 194 | static void |
| 195 | testadd_unlim(struct slabhash* table, testdata_t** ref) | |
| 195 | testadd_unlim(struct slabhash* table, testdata_type** ref) | |
| 196 | 196 | { |
| 197 | 197 | int numtoadd = random() % (HASHTESTMAX * 10); |
| 198 | testdata_t* data = newdata(numtoadd); | |
| 199 | testkey_t* key = newkey(numtoadd); | |
| 198 | testdata_type* data = newdata(numtoadd); | |
| 199 | testkey_type* key = newkey(numtoadd); | |
| 200 | 200 | key->entry.data = data; |
| 201 | 201 | slabhash_insert(table, myhash(numtoadd), &key->entry, data, NULL); |
| 202 | 202 | if(ref) |
| 205 | 205 | |
| 206 | 206 | /** test adding a random element (unlimited range) */ |
| 207 | 207 | static void |
| 208 | testremove_unlim(struct slabhash* table, testdata_t** ref) | |
| 208 | testremove_unlim(struct slabhash* table, testdata_type** ref) | |
| 209 | 209 | { |
| 210 | 210 | int num = random() % (HASHTESTMAX*10); |
| 211 | testkey_t* key = newkey(num); | |
| 211 | testkey_type* key = newkey(num); | |
| 212 | 212 | slabhash_remove(table, myhash(num), key); |
| 213 | 213 | if(ref) |
| 214 | 214 | ref[num] = NULL; |
| 217 | 217 | |
| 218 | 218 | /** test adding a random element (unlimited range) */ |
| 219 | 219 | static void |
| 220 | testlookup_unlim(struct slabhash* table, testdata_t** ref) | |
| 220 | testlookup_unlim(struct slabhash* table, testdata_type** ref) | |
| 221 | 221 | { |
| 222 | 222 | int num = random() % (HASHTESTMAX*10); |
| 223 | testkey_t* key = newkey(num); | |
| 223 | testkey_type* key = newkey(num); | |
| 224 | 224 | struct lruhash_entry* en = slabhash_lookup(table, myhash(num), key, 0); |
| 225 | testdata_t* data = en? (testdata_t*)en->data : NULL; | |
| 225 | testdata_type* data = en? (testdata_type*)en->data : NULL; | |
| 226 | 226 | if(en) { |
| 227 | 227 | unit_assert(en->key); |
| 228 | 228 | unit_assert(en->data); |
| 242 | 242 | test_long_table(struct slabhash* table) |
| 243 | 243 | { |
| 244 | 244 | /* assuming it all fits in the hashtable, this check will work */ |
| 245 | testdata_t* ref[HASHTESTMAX * 100]; | |
| 245 | testdata_type* ref[HASHTESTMAX * 100]; | |
| 246 | 246 | size_t i; |
| 247 | 247 | memset(ref, 0, sizeof(ref)); |
| 248 | 248 | /* test assumption */ |
| 300 | 300 | /** thread num, first entry. */ |
| 301 | 301 | int num; |
| 302 | 302 | /** id */ |
| 303 | ub_thread_t id; | |
| 303 | ub_thread_type id; | |
| 304 | 304 | /** hash table */ |
| 305 | 305 | struct slabhash* table; |
| 306 | 306 | }; |
| 411 | 411 | |
| 412 | 412 | /** Test hash algo - NSEC3 hash it and compare result */ |
| 413 | 413 | static void |
| 414 | nsec3_hash_test_entry(struct entry* e, rbtree_t* ct, | |
| 414 | nsec3_hash_test_entry(struct entry* e, rbtree_type* ct, | |
| 415 | 415 | struct alloc_cache* alloc, struct regional* region, |
| 416 | 416 | sldns_buffer* buf) |
| 417 | 417 | { |
| 467 | 467 | * |
| 468 | 468 | * The test does not perform canonicalization during the compare. |
| 469 | 469 | */ |
| 470 | rbtree_t ct; | |
| 470 | rbtree_type ct; | |
| 471 | 471 | struct regional* region = regional_create(); |
| 472 | 472 | struct alloc_cache alloc; |
| 473 | 473 | sldns_buffer* buf = sldns_buffer_new(65535); |
| 495 | 495 | verify_test(void) |
| 496 | 496 | { |
| 497 | 497 | unit_show_feature("signature verify"); |
| 498 | #ifdef USE_SHA1 | |
| 498 | 499 | verifytest_file("testdata/test_signatures.1", "20070818005004"); |
| 499 | #ifdef USE_DSA | |
| 500 | #endif | |
| 501 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 500 | 502 | verifytest_file("testdata/test_signatures.2", "20080414005004"); |
| 501 | 503 | verifytest_file("testdata/test_signatures.3", "20080416005004"); |
| 502 | 504 | verifytest_file("testdata/test_signatures.4", "20080416005004"); |
| 504 | 506 | verifytest_file("testdata/test_signatures.6", "20080416005004"); |
| 505 | 507 | verifytest_file("testdata/test_signatures.7", "20070829144150"); |
| 506 | 508 | #endif /* USE_DSA */ |
| 509 | #ifdef USE_SHA1 | |
| 507 | 510 | verifytest_file("testdata/test_signatures.8", "20070829144150"); |
| 511 | #endif | |
| 508 | 512 | #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) |
| 509 | 513 | verifytest_file("testdata/test_sigs.rsasha256", "20070829144150"); |
| 514 | # ifdef USE_SHA1 | |
| 510 | 515 | verifytest_file("testdata/test_sigs.sha1_and_256", "20070829144150"); |
| 516 | # endif | |
| 511 | 517 | verifytest_file("testdata/test_sigs.rsasha256_draft", "20090101000000"); |
| 512 | 518 | #endif |
| 513 | 519 | #if (defined(HAVE_EVP_SHA512) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) |
| 514 | 520 | verifytest_file("testdata/test_sigs.rsasha512_draft", "20070829144150"); |
| 515 | 521 | #endif |
| 522 | #ifdef USE_SHA1 | |
| 516 | 523 | verifytest_file("testdata/test_sigs.hinfo", "20090107100022"); |
| 517 | 524 | verifytest_file("testdata/test_sigs.revoked", "20080414005004"); |
| 525 | #endif | |
| 518 | 526 | #ifdef USE_GOST |
| 519 | 527 | if(sldns_key_EVP_load_gost_id()) |
| 520 | 528 | verifytest_file("testdata/test_sigs.gost", "20090807060504"); |
| 528 | 536 | } |
| 529 | 537 | dstest_file("testdata/test_ds.sha384"); |
| 530 | 538 | #endif |
| 539 | #ifdef USE_ED25519 | |
| 540 | if(dnskey_algo_id_is_supported(LDNS_ED25519)) { | |
| 541 | verifytest_file("testdata/test_sigs.ed25519", "20170530140439"); | |
| 542 | } | |
| 543 | #endif | |
| 544 | #ifdef USE_SHA1 | |
| 531 | 545 | dstest_file("testdata/test_ds.sha1"); |
| 546 | #endif | |
| 532 | 547 | nsectest(); |
| 533 | 548 | nsec3_hash_test("testdata/test_nsec3_hash.1"); |
| 534 | 549 | } |
Binary diff not shown
Binary diff not shown
Binary diff not shown
Binary diff not shown
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | 4 | val-override-date: '20091018111500' |
| 5 | fake-sha1: yes | |
| 5 | 6 | stub-zone: |
| 6 | 7 | name: "." |
| 7 | 8 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | 4 | val-override-date: '20091018111500' |
| 5 | fake-sha1: yes | |
| 5 | 6 | stub-zone: |
| 6 | 7 | name: "." |
| 7 | 8 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 1 | 1 | server: |
| 2 | 2 | target-fetch-policy: "0 0 0 0 0" |
| 3 | 3 | log-time-ascii: yes |
| 4 | fake-sha1: yes | |
| 4 | 5 | stub-zone: |
| 5 | 6 | name: "." |
| 6 | 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 0 | ; config options | |
| 1 | ; The island of trust is at example.com | |
| 2 | server: | |
| 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" | |
| 4 | hide-trustanchor: no | |
| 5 | val-override-date: "20070916134226" | |
| 6 | target-fetch-policy: "0 0 0 0 0" | |
| 7 | fake-sha1: yes | |
| 8 | ||
| 9 | stub-zone: | |
| 10 | name: "." | |
| 11 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 12 | CONFIG_END | |
| 13 | ||
| 14 | SCENARIO_BEGIN Test chaos trustanchor query | |
| 15 | ||
| 16 | ; K.ROOT-SERVERS.NET. | |
| 17 | RANGE_BEGIN 0 100 | |
| 18 | ADDRESS 193.0.14.129 | |
| 19 | ENTRY_BEGIN | |
| 20 | MATCH opcode qtype qname | |
| 21 | ADJUST copy_id | |
| 22 | REPLY QR NOERROR | |
| 23 | SECTION QUESTION | |
| 24 | . IN NS | |
| 25 | SECTION ANSWER | |
| 26 | . IN NS K.ROOT-SERVERS.NET. | |
| 27 | SECTION ADDITIONAL | |
| 28 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 29 | ENTRY_END | |
| 30 | ||
| 31 | ENTRY_BEGIN | |
| 32 | MATCH opcode qtype qname | |
| 33 | ADJUST copy_id | |
| 34 | REPLY QR NOERROR | |
| 35 | SECTION QUESTION | |
| 36 | www.example.com. IN A | |
| 37 | SECTION AUTHORITY | |
| 38 | com. IN NS a.gtld-servers.net. | |
| 39 | SECTION ADDITIONAL | |
| 40 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 41 | ENTRY_END | |
| 42 | RANGE_END | |
| 43 | ||
| 44 | ; a.gtld-servers.net. | |
| 45 | RANGE_BEGIN 0 100 | |
| 46 | ADDRESS 192.5.6.30 | |
| 47 | ENTRY_BEGIN | |
| 48 | MATCH opcode qtype qname | |
| 49 | ADJUST copy_id | |
| 50 | REPLY QR NOERROR | |
| 51 | SECTION QUESTION | |
| 52 | com. IN NS | |
| 53 | SECTION ANSWER | |
| 54 | com. IN NS a.gtld-servers.net. | |
| 55 | SECTION ADDITIONAL | |
| 56 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 57 | ENTRY_END | |
| 58 | ||
| 59 | ENTRY_BEGIN | |
| 60 | MATCH opcode qtype qname | |
| 61 | ADJUST copy_id | |
| 62 | REPLY QR NOERROR | |
| 63 | SECTION QUESTION | |
| 64 | www.example.com. IN A | |
| 65 | SECTION AUTHORITY | |
| 66 | example.com. IN NS ns.example.com. | |
| 67 | SECTION ADDITIONAL | |
| 68 | ns.example.com. IN A 1.2.3.4 | |
| 69 | ENTRY_END | |
| 70 | RANGE_END | |
| 71 | ||
| 72 | ; ns.example.com. | |
| 73 | RANGE_BEGIN 0 100 | |
| 74 | ADDRESS 1.2.3.4 | |
| 75 | ENTRY_BEGIN | |
| 76 | MATCH opcode qtype qname | |
| 77 | ADJUST copy_id | |
| 78 | REPLY QR NOERROR | |
| 79 | SECTION QUESTION | |
| 80 | example.com. IN NS | |
| 81 | SECTION ANSWER | |
| 82 | example.com. IN NS ns.example.com. | |
| 83 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 84 | SECTION ADDITIONAL | |
| 85 | ns.example.com. IN A 1.2.3.4 | |
| 86 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 87 | ENTRY_END | |
| 88 | ||
| 89 | ; response to DNSKEY priming query | |
| 90 | ENTRY_BEGIN | |
| 91 | MATCH opcode qtype qname | |
| 92 | ADJUST copy_id | |
| 93 | REPLY QR NOERROR | |
| 94 | SECTION QUESTION | |
| 95 | example.com. IN DNSKEY | |
| 96 | SECTION ANSWER | |
| 97 | example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} | |
| 98 | example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} | |
| 99 | SECTION AUTHORITY | |
| 100 | example.com. IN NS ns.example.com. | |
| 101 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 102 | SECTION ADDITIONAL | |
| 103 | ns.example.com. IN A 1.2.3.4 | |
| 104 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 105 | ENTRY_END | |
| 106 | ||
| 107 | ; response to query of interest | |
| 108 | ENTRY_BEGIN | |
| 109 | MATCH opcode qtype qname | |
| 110 | ADJUST copy_id | |
| 111 | REPLY QR NOERROR | |
| 112 | SECTION QUESTION | |
| 113 | www.example.com. IN A | |
| 114 | SECTION ANSWER | |
| 115 | www.example.com. IN A 10.20.30.40 | |
| 116 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} | |
| 117 | SECTION AUTHORITY | |
| 118 | example.com. IN NS ns.example.com. | |
| 119 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 120 | SECTION ADDITIONAL | |
| 121 | ns.example.com. IN A 1.2.3.4 | |
| 122 | www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} | |
| 123 | ENTRY_END | |
| 124 | RANGE_END | |
| 125 | ||
| 126 | STEP 1 QUERY | |
| 127 | ENTRY_BEGIN | |
| 128 | REPLY RD DO | |
| 129 | SECTION QUESTION | |
| 130 | trustanchor.unbound. CH TXT | |
| 131 | ENTRY_END | |
| 132 | ||
| 133 | ; recursion happens here. | |
| 134 | STEP 10 CHECK_ANSWER | |
| 135 | ENTRY_BEGIN | |
| 136 | MATCH all | |
| 137 | REPLY QR RD RA DO NOERROR | |
| 138 | SECTION QUESTION | |
| 139 | trustanchor.unbound. CH TXT | |
| 140 | SECTION ANSWER | |
| 141 | trustanchor.unbound. CH TXT "example.com. 2854" | |
| 142 | ENTRY_END | |
| 143 | ||
| 144 | SCENARIO_END |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | harden-referral-path: no |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | harden-referral-path: no |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
Binary diff not shown
Binary diff not shown
Binary diff not shown
Binary diff not shown
Binary diff not shown
Binary diff not shown
Binary diff not shown
| 3 | 3 | trust-anchor: "dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw==" |
| 4 | 4 | val-override-date: "20090617133009" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 0 | ; Test ipsecmod with bogus IPSECKEY | |
| 1 | ||
| 2 | ; config options | |
| 3 | ; The island of trust is at example.com | |
| 4 | server: | |
| 5 | trust-anchor: "example.com. IN DS 48069 8 2 fce2bcb0d88b828064faad58e935ca2e32ff0bbd8bd8407a8f344d8f8e8c438a" | |
| 6 | val-override-date: "-1" | |
| 7 | target-fetch-policy: "0 0 0 0 0" | |
| 8 | # test that default value of harden-dnssec-stripped is still yes. | |
| 9 | fake-sha1: yes | |
| 10 | access-control: 127.0.0.1 allow_snoop | |
| 11 | module-config: "ipsecmod validator iterator" | |
| 12 | ; ../../ is there because the test runs from testdata/03-testbound.dir | |
| 13 | ipsecmod-hook: "../../testdata/ipsecmod_hook.sh" | |
| 14 | ipsecmod-strict: no | |
| 15 | ipsecmod-max-ttl: 200 | |
| 16 | ||
| 17 | stub-zone: | |
| 18 | name: "." | |
| 19 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 20 | CONFIG_END | |
| 21 | ||
| 22 | SCENARIO_BEGIN Test ipsecmod with bogus IPSECKEY | |
| 23 | ; Scenario overview: | |
| 24 | ; - query for example.com. IN A | |
| 25 | ; - check that query for example.com. IN IPSECKEY is generated | |
| 26 | ; - check that we get an answer for example.com. IN A with the correct TTL | |
| 27 | ; - check that the get the same answer from cache | |
| 28 | ; - check that we don't get the IPSECKEY answer from cache (bogus) | |
| 29 | ||
| 30 | ; K.ROOT-SERVERS.NET. | |
| 31 | RANGE_BEGIN 0 100 | |
| 32 | ADDRESS 193.0.14.129 | |
| 33 | ENTRY_BEGIN | |
| 34 | MATCH opcode qtype qname | |
| 35 | ADJUST copy_id | |
| 36 | REPLY QR NOERROR | |
| 37 | SECTION QUESTION | |
| 38 | . IN NS | |
| 39 | SECTION ANSWER | |
| 40 | . IN NS K.ROOT-SERVERS.NET. | |
| 41 | SECTION ADDITIONAL | |
| 42 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 43 | ENTRY_END | |
| 44 | ||
| 45 | ENTRY_BEGIN | |
| 46 | MATCH opcode qtype qname | |
| 47 | ADJUST copy_id | |
| 48 | REPLY QR AA NOERROR | |
| 49 | SECTION QUESTION | |
| 50 | a.gtld-servers.net. IN AAAA | |
| 51 | SECTION AUTHORITY | |
| 52 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 53 | ENTRY_END | |
| 54 | ||
| 55 | ENTRY_BEGIN | |
| 56 | MATCH opcode qtype qname | |
| 57 | ADJUST copy_id | |
| 58 | REPLY QR AA NOERROR | |
| 59 | SECTION QUESTION | |
| 60 | K.ROOT-SERVERS.NET. IN AAAA | |
| 61 | SECTION AUTHORITY | |
| 62 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 63 | ENTRY_END | |
| 64 | ||
| 65 | ENTRY_BEGIN | |
| 66 | MATCH opcode subdomain | |
| 67 | ADJUST copy_id copy_query | |
| 68 | REPLY QR NOERROR | |
| 69 | SECTION QUESTION | |
| 70 | com. IN A | |
| 71 | SECTION AUTHORITY | |
| 72 | com. IN NS a.gtld-servers.net. | |
| 73 | SECTION ADDITIONAL | |
| 74 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 75 | ENTRY_END | |
| 76 | RANGE_END | |
| 77 | ||
| 78 | ; a.gtld-servers.net. | |
| 79 | RANGE_BEGIN 0 100 | |
| 80 | ADDRESS 192.5.6.30 | |
| 81 | ENTRY_BEGIN | |
| 82 | MATCH opcode qtype qname | |
| 83 | ADJUST copy_id | |
| 84 | REPLY QR NOERROR | |
| 85 | SECTION QUESTION | |
| 86 | com. IN NS | |
| 87 | SECTION ANSWER | |
| 88 | com. IN NS a.gtld-servers.net. | |
| 89 | SECTION ADDITIONAL | |
| 90 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 91 | ENTRY_END | |
| 92 | ||
| 93 | ENTRY_BEGIN | |
| 94 | MATCH opcode subdomain | |
| 95 | ADJUST copy_id copy_query | |
| 96 | REPLY QR NOERROR | |
| 97 | SECTION QUESTION | |
| 98 | example.com. IN A | |
| 99 | SECTION AUTHORITY | |
| 100 | example.com. IN NS ns.example.com. | |
| 101 | SECTION ADDITIONAL | |
| 102 | ns.example.com. IN A 1.2.3.4 | |
| 103 | ENTRY_END | |
| 104 | RANGE_END | |
| 105 | ||
| 106 | ; ns.example.com. | |
| 107 | RANGE_BEGIN 0 100 | |
| 108 | ADDRESS 1.2.3.4 | |
| 109 | ENTRY_BEGIN | |
| 110 | MATCH opcode qtype qname | |
| 111 | ADJUST copy_id | |
| 112 | REPLY QR NOERROR | |
| 113 | SECTION QUESTION | |
| 114 | example.com. IN NS | |
| 115 | SECTION ANSWER | |
| 116 | example.com. IN NS ns.example.com. | |
| 117 | example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= | |
| 118 | SECTION ADDITIONAL | |
| 119 | ns.example.com. IN A 1.2.3.4 | |
| 120 | ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= | |
| 121 | ENTRY_END | |
| 122 | ||
| 123 | ENTRY_BEGIN | |
| 124 | MATCH opcode qtype qname | |
| 125 | ADJUST copy_id | |
| 126 | REPLY QR AA NOERROR | |
| 127 | SECTION QUESTION | |
| 128 | ns.example.com. IN AAAA | |
| 129 | SECTION AUTHORITY | |
| 130 | example.com. 86400 IN SOA ns.example.com. example.com. 2002022401 10800 15 604800 10800 | |
| 131 | example.com. 86400 IN RRSIG SOA 8 2 86400 20170609142855 20170512142855 48069 example.com. fr6oVOsRMnm3D8N01LxzPvT9lWdNDhTlmwR1co42c3H2ra1EjbbKqkLcrXQAsq7E/ddzqgL3RnYS+3USojXycI1xhjXC8YT2xsW3uH8uTY1Qvk1K75lu1OXmDiU6wvHplFowl0OX7sx76lB1itbvsau4bMPMt03sf4u8po7V35s= | |
| 132 | ENTRY_END | |
| 133 | ||
| 134 | ; response to A query | |
| 135 | ENTRY_BEGIN | |
| 136 | MATCH opcode qtype qname | |
| 137 | ADJUST copy_id | |
| 138 | REPLY QR NOERROR | |
| 139 | SECTION QUESTION | |
| 140 | example.com. IN A | |
| 141 | SECTION ANSWER | |
| 142 | example.com. 3600 IN A 5.6.7.8 | |
| 143 | example.com. 3600 IN RRSIG A 8 2 3600 20170609142855 20170512142855 48069 example.com. Qviw6w8ReMG2WZxenvzj/YwoeM3Ln59Fnw6s1MRWGsD2yA3+y0loFdUEHZdRhrEiV0kvtQGC+kBhMuSMq/cyjprbKLw5pkS9+MMDDnVPP1PQb17LY4NIxPtq710AN1sjhBK6PVa6XN+3ciUmCcLs1ESviQkVKpgAY/QlV0TaarQ= | |
| 144 | SECTION AUTHORITY | |
| 145 | example.com. IN NS ns.example.com. | |
| 146 | example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= | |
| 147 | SECTION ADDITIONAL | |
| 148 | ns.example.com. IN A 1.2.3.4 | |
| 149 | ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= | |
| 150 | ENTRY_END | |
| 151 | ||
| 152 | ; response to IPSECKEY query | |
| 153 | ENTRY_BEGIN | |
| 154 | MATCH opcode qtype qname | |
| 155 | ADJUST copy_id | |
| 156 | REPLY QR NOERROR | |
| 157 | SECTION QUESTION | |
| 158 | example.com. IN IPSECKEY | |
| 159 | SECTION ANSWER | |
| 160 | example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 161 | ;(correct answer) example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. UqRbG6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE= | |
| 162 | ; (bogus answer) | |
| 163 | example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. Bogus6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE= | |
| 164 | SECTION AUTHORITY | |
| 165 | example.com. IN NS ns.example.com. | |
| 166 | example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= | |
| 167 | SECTION ADDITIONAL | |
| 168 | ns.example.com. IN A 1.2.3.4 | |
| 169 | ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= | |
| 170 | ENTRY_END | |
| 171 | ||
| 172 | ; response to DNSKEY priming query | |
| 173 | ENTRY_BEGIN | |
| 174 | MATCH opcode qtype qname | |
| 175 | ADJUST copy_id | |
| 176 | REPLY QR AA NOERROR | |
| 177 | SECTION QUESTION | |
| 178 | example.com. IN DNSKEY | |
| 179 | SECTION ANSWER | |
| 180 | example.com. 86400 IN DNSKEY 256 3 8 AwEAAddE7q1HL4Id+gpQ7imk+RyNEhCWgtew5tstsqIR/fXq0RBn0rF4SI1H6ysbb3nfqAV1xRDJ01ddpgfGyz9zXXHQ/H/9qEpeWapqfNTQ5GHHdxBL2iST7XusThfXEyX/pouKIpvtknvtLs8tmH64dajxoJkaejU2EKXKaBaRKcYx ;{id = 48069 (zsk), size = 1024b} | |
| 181 | example.com. 86400 IN RRSIG DNSKEY 8 2 86400 20170609144114 20170512144114 48069 example.com. mJU3LnubfYW7vhksiC1STWbrSjCe6TG1kEpnk4jRrYovues6bzOTIFSXEMjPW1mikulapnx3nMtTWdrW2InjfP9wLV/u2Wx1Vu3s9uzli/27y//3DOkZSeBa5RZdKpC1h8UB5GAxq4MRiSidgEBB1qaDIaE29sWmn9kPHEgNcgI= | |
| 182 | SECTION AUTHORITY | |
| 183 | example.com. IN NS ns.example.com. | |
| 184 | example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= | |
| 185 | SECTION ADDITIONAL | |
| 186 | ns.example.com. IN A 1.2.3.4 | |
| 187 | ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= | |
| 188 | ENTRY_END | |
| 189 | RANGE_END | |
| 190 | ||
| 191 | STEP 1 QUERY | |
| 192 | ENTRY_BEGIN | |
| 193 | REPLY RD | |
| 194 | SECTION QUESTION | |
| 195 | example.com. IN A | |
| 196 | ENTRY_END | |
| 197 | ||
| 198 | STEP 2 CHECK_OUT_QUERY | |
| 199 | ENTRY_BEGIN | |
| 200 | MATCH qname qtype opcode | |
| 201 | SECTION QUESTION | |
| 202 | example.com. IN IPSECKEY | |
| 203 | ENTRY_END | |
| 204 | ||
| 205 | ; recursion happens here. | |
| 206 | STEP 10 CHECK_ANSWER | |
| 207 | ENTRY_BEGIN | |
| 208 | MATCH all | |
| 209 | REPLY QR RD RA SERVFAIL | |
| 210 | SECTION QUESTION | |
| 211 | example.com. IN A | |
| 212 | SECTION ANSWER | |
| 213 | ENTRY_END | |
| 214 | ||
| 215 | ; Query without RD, check if not cached | |
| 216 | STEP 11 QUERY | |
| 217 | ENTRY_BEGIN | |
| 218 | SECTION QUESTION | |
| 219 | example.com. IN A | |
| 220 | ENTRY_END | |
| 221 | ||
| 222 | STEP 20 CHECK_ANSWER | |
| 223 | ENTRY_BEGIN | |
| 224 | MATCH all | |
| 225 | REPLY QR RA NOERROR | |
| 226 | SECTION QUESTION | |
| 227 | example.com. IN A | |
| 228 | SECTION ANSWER | |
| 229 | SECTION AUTHORITY | |
| 230 | example.com. IN NS ns.example.com. | |
| 231 | SECTION ADDITIONAL | |
| 232 | ns.example.com. IN A 1.2.3.4 | |
| 233 | ENTRY_END | |
| 234 | ||
| 235 | SCENARIO_END |
| 0 | ; Test ipsecmod-enabled option. | |
| 1 | ||
| 2 | ; config options | |
| 3 | server: | |
| 4 | access-control: 127.0.0.1 allow_snoop | |
| 5 | module-config: "ipsecmod validator iterator" | |
| 6 | ; ../../ is there because the test runs from testdata/03-testbound.dir | |
| 7 | ipsecmod-hook: "../../testdata/ipsecmod_hook.sh" | |
| 8 | ipsecmod-strict: no | |
| 9 | ipsecmod-max-ttl: 200 | |
| 10 | ipsecmod-enabled: no | |
| 11 | ||
| 12 | stub-zone: | |
| 13 | name: "." | |
| 14 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 15 | CONFIG_END | |
| 16 | ||
| 17 | SCENARIO_BEGIN Test ipsecmod-enabled option | |
| 18 | ; Scenario overview: | |
| 19 | ; - query for example.com. IN A | |
| 20 | ; - check that we get an answer for example.com. IN A with the correct TTL | |
| 21 | ; - check that the get the same answer from cache | |
| 22 | ; - check that we don't get the IPSECKEY answer from cache | |
| 23 | ||
| 24 | ; K.ROOT-SERVERS.NET. | |
| 25 | RANGE_BEGIN 0 100 | |
| 26 | ADDRESS 193.0.14.129 | |
| 27 | ENTRY_BEGIN | |
| 28 | MATCH opcode qtype qname | |
| 29 | ADJUST copy_id | |
| 30 | REPLY QR NOERROR | |
| 31 | SECTION QUESTION | |
| 32 | . IN NS | |
| 33 | SECTION ANSWER | |
| 34 | . IN NS K.ROOT-SERVERS.NET. | |
| 35 | SECTION ADDITIONAL | |
| 36 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 37 | ENTRY_END | |
| 38 | ||
| 39 | ENTRY_BEGIN | |
| 40 | MATCH opcode qtype qname | |
| 41 | ADJUST copy_id | |
| 42 | REPLY QR AA NOERROR | |
| 43 | SECTION QUESTION | |
| 44 | a.gtld-servers.net. IN AAAA | |
| 45 | SECTION AUTHORITY | |
| 46 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 47 | ENTRY_END | |
| 48 | ||
| 49 | ENTRY_BEGIN | |
| 50 | MATCH opcode qtype qname | |
| 51 | ADJUST copy_id | |
| 52 | REPLY QR AA NOERROR | |
| 53 | SECTION QUESTION | |
| 54 | K.ROOT-SERVERS.NET. IN AAAA | |
| 55 | SECTION AUTHORITY | |
| 56 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 57 | ENTRY_END | |
| 58 | ||
| 59 | ENTRY_BEGIN | |
| 60 | MATCH opcode subdomain | |
| 61 | ADJUST copy_id copy_query | |
| 62 | REPLY QR NOERROR | |
| 63 | SECTION QUESTION | |
| 64 | com. IN A | |
| 65 | SECTION AUTHORITY | |
| 66 | com. IN NS a.gtld-servers.net. | |
| 67 | SECTION ADDITIONAL | |
| 68 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 69 | ENTRY_END | |
| 70 | RANGE_END | |
| 71 | ||
| 72 | ; a.gtld-servers.net. | |
| 73 | RANGE_BEGIN 0 100 | |
| 74 | ADDRESS 192.5.6.30 | |
| 75 | ENTRY_BEGIN | |
| 76 | MATCH opcode qtype qname | |
| 77 | ADJUST copy_id | |
| 78 | REPLY QR NOERROR | |
| 79 | SECTION QUESTION | |
| 80 | com. IN NS | |
| 81 | SECTION ANSWER | |
| 82 | com. IN NS a.gtld-servers.net. | |
| 83 | SECTION ADDITIONAL | |
| 84 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 85 | ENTRY_END | |
| 86 | ||
| 87 | ENTRY_BEGIN | |
| 88 | MATCH opcode subdomain | |
| 89 | ADJUST copy_id copy_query | |
| 90 | REPLY QR NOERROR | |
| 91 | SECTION QUESTION | |
| 92 | example.com. IN A | |
| 93 | SECTION AUTHORITY | |
| 94 | example.com. IN NS ns.example.com. | |
| 95 | SECTION ADDITIONAL | |
| 96 | ns.example.com. IN A 1.2.3.4 | |
| 97 | ENTRY_END | |
| 98 | RANGE_END | |
| 99 | ||
| 100 | ; ns.example.com. | |
| 101 | RANGE_BEGIN 0 100 | |
| 102 | ADDRESS 1.2.3.4 | |
| 103 | ENTRY_BEGIN | |
| 104 | MATCH opcode qtype qname | |
| 105 | ADJUST copy_id | |
| 106 | REPLY QR NOERROR | |
| 107 | SECTION QUESTION | |
| 108 | example.com. IN NS | |
| 109 | SECTION ANSWER | |
| 110 | example.com. IN NS ns.example.com. | |
| 111 | SECTION ADDITIONAL | |
| 112 | ns.example.com. IN A 1.2.3.4 | |
| 113 | ENTRY_END | |
| 114 | ||
| 115 | ENTRY_BEGIN | |
| 116 | MATCH opcode qtype qname | |
| 117 | ADJUST copy_id | |
| 118 | REPLY QR AA NOERROR | |
| 119 | SECTION QUESTION | |
| 120 | ns.example.com. IN AAAA | |
| 121 | SECTION AUTHORITY | |
| 122 | example.com. 10 IN SOA . . 15 28800 7200 604800 10 | |
| 123 | ENTRY_END | |
| 124 | ||
| 125 | ; response to A query | |
| 126 | ENTRY_BEGIN | |
| 127 | MATCH opcode qtype qname | |
| 128 | ADJUST copy_id | |
| 129 | REPLY QR NOERROR | |
| 130 | SECTION QUESTION | |
| 131 | example.com. IN A | |
| 132 | SECTION ANSWER | |
| 133 | example.com. 3600 IN A 5.6.7.8 | |
| 134 | SECTION AUTHORITY | |
| 135 | example.com. IN NS ns.example.com. | |
| 136 | SECTION ADDITIONAL | |
| 137 | ns.example.com. IN A 1.2.3.4 | |
| 138 | ENTRY_END | |
| 139 | ||
| 140 | ; response to IPSECKEY query | |
| 141 | ENTRY_BEGIN | |
| 142 | MATCH opcode qtype qname | |
| 143 | ADJUST copy_id | |
| 144 | REPLY QR NOERROR | |
| 145 | SECTION QUESTION | |
| 146 | example.com. IN IPSECKEY | |
| 147 | SECTION ANSWER | |
| 148 | example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 149 | SECTION AUTHORITY | |
| 150 | example.com. IN NS ns.example.com. | |
| 151 | SECTION ADDITIONAL | |
| 152 | ns.example.com. IN A 1.2.3.4 | |
| 153 | ENTRY_END | |
| 154 | RANGE_END | |
| 155 | ||
| 156 | ; Query with RD flag | |
| 157 | STEP 1 QUERY | |
| 158 | ENTRY_BEGIN | |
| 159 | REPLY RD | |
| 160 | SECTION QUESTION | |
| 161 | example.com. IN A | |
| 162 | ENTRY_END | |
| 163 | ||
| 164 | STEP 10 CHECK_ANSWER | |
| 165 | ENTRY_BEGIN | |
| 166 | MATCH all ttl | |
| 167 | REPLY QR RD RA NOERROR | |
| 168 | SECTION QUESTION | |
| 169 | example.com. IN A | |
| 170 | SECTION ANSWER | |
| 171 | example.com. 3600 IN A 5.6.7.8 | |
| 172 | SECTION AUTHORITY | |
| 173 | example.com. IN NS ns.example.com. | |
| 174 | SECTION ADDITIONAL | |
| 175 | ns.example.com. IN A 1.2.3.4 | |
| 176 | ENTRY_END | |
| 177 | ||
| 178 | ; Query without RD, check if cached and with correct TTL | |
| 179 | STEP 11 QUERY | |
| 180 | ENTRY_BEGIN | |
| 181 | SECTION QUESTION | |
| 182 | example.com. IN A | |
| 183 | ENTRY_END | |
| 184 | ||
| 185 | STEP 20 CHECK_ANSWER | |
| 186 | ENTRY_BEGIN | |
| 187 | MATCH all ttl | |
| 188 | REPLY QR RA NOERROR | |
| 189 | SECTION QUESTION | |
| 190 | example.com. IN A | |
| 191 | SECTION ANSWER | |
| 192 | example.com. 3600 IN A 5.6.7.8 | |
| 193 | SECTION AUTHORITY | |
| 194 | example.com. IN NS ns.example.com. | |
| 195 | SECTION ADDITIONAL | |
| 196 | ns.example.com. IN A 1.2.3.4 | |
| 197 | ENTRY_END | |
| 198 | ||
| 199 | ; Query without RD, check if IPSECKEY cached | |
| 200 | STEP 21 QUERY | |
| 201 | ENTRY_BEGIN | |
| 202 | SECTION QUESTION | |
| 203 | example.com. IN IPSECKEY | |
| 204 | ENTRY_END | |
| 205 | ||
| 206 | STEP 30 CHECK_ANSWER | |
| 207 | ENTRY_BEGIN | |
| 208 | MATCH all | |
| 209 | REPLY QR RA NOERROR | |
| 210 | SECTION QUESTION | |
| 211 | example.com. IN IPSECKEY | |
| 212 | SECTION AUTHORITY | |
| 213 | example.com. IN NS ns.example.com. | |
| 214 | SECTION ADDITIONAL | |
| 215 | ns.example.com. IN A 1.2.3.4 | |
| 216 | ENTRY_END | |
| 217 | ||
| 218 | SCENARIO_END |
| 0 | ; Test ipsecmod-ignore-bogus option | |
| 1 | ||
| 2 | ; config options | |
| 3 | ; The island of trust is at example.com | |
| 4 | server: | |
| 5 | trust-anchor: "example.com. IN DS 48069 8 2 fce2bcb0d88b828064faad58e935ca2e32ff0bbd8bd8407a8f344d8f8e8c438a" | |
| 6 | val-override-date: "-1" | |
| 7 | target-fetch-policy: "0 0 0 0 0" | |
| 8 | # test that default value of harden-dnssec-stripped is still yes. | |
| 9 | fake-sha1: yes | |
| 10 | access-control: 127.0.0.1 allow_snoop | |
| 11 | module-config: "ipsecmod validator iterator" | |
| 12 | ; ../../ is there because the test runs from testdata/03-testbound.dir | |
| 13 | ipsecmod-hook: "../../testdata/ipsecmod_hook.sh" | |
| 14 | ipsecmod-strict: no | |
| 15 | ipsecmod-max-ttl: 200 | |
| 16 | ipsecmod-ignore-bogus: yes | |
| 17 | ||
| 18 | stub-zone: | |
| 19 | name: "." | |
| 20 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 21 | CONFIG_END | |
| 22 | ||
| 23 | SCENARIO_BEGIN Test ipsecmod-ignore-bogus option | |
| 24 | ; Scenario overview: | |
| 25 | ; - query for example.com. IN A | |
| 26 | ; - check that query for example.com. IN IPSECKEY is generated | |
| 27 | ; - check that we get an answer for example.com. IN A with the correct TTL | |
| 28 | ; - check that the get the same answer from cache | |
| 29 | ; - check that we don't get the IPSECKEY answer from cache (bogus) | |
| 30 | ||
| 31 | ; K.ROOT-SERVERS.NET. | |
| 32 | RANGE_BEGIN 0 100 | |
| 33 | ADDRESS 193.0.14.129 | |
| 34 | ENTRY_BEGIN | |
| 35 | MATCH opcode qtype qname | |
| 36 | ADJUST copy_id | |
| 37 | REPLY QR NOERROR | |
| 38 | SECTION QUESTION | |
| 39 | . IN NS | |
| 40 | SECTION ANSWER | |
| 41 | . IN NS K.ROOT-SERVERS.NET. | |
| 42 | SECTION ADDITIONAL | |
| 43 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 44 | ENTRY_END | |
| 45 | ||
| 46 | ENTRY_BEGIN | |
| 47 | MATCH opcode qtype qname | |
| 48 | ADJUST copy_id | |
| 49 | REPLY QR AA NOERROR | |
| 50 | SECTION QUESTION | |
| 51 | a.gtld-servers.net. IN AAAA | |
| 52 | SECTION AUTHORITY | |
| 53 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 54 | ENTRY_END | |
| 55 | ||
| 56 | ENTRY_BEGIN | |
| 57 | MATCH opcode qtype qname | |
| 58 | ADJUST copy_id | |
| 59 | REPLY QR AA NOERROR | |
| 60 | SECTION QUESTION | |
| 61 | K.ROOT-SERVERS.NET. IN AAAA | |
| 62 | SECTION AUTHORITY | |
| 63 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 64 | ENTRY_END | |
| 65 | ||
| 66 | ENTRY_BEGIN | |
| 67 | MATCH opcode subdomain | |
| 68 | ADJUST copy_id copy_query | |
| 69 | REPLY QR NOERROR | |
| 70 | SECTION QUESTION | |
| 71 | com. IN A | |
| 72 | SECTION AUTHORITY | |
| 73 | com. IN NS a.gtld-servers.net. | |
| 74 | SECTION ADDITIONAL | |
| 75 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 76 | ENTRY_END | |
| 77 | RANGE_END | |
| 78 | ||
| 79 | ; a.gtld-servers.net. | |
| 80 | RANGE_BEGIN 0 100 | |
| 81 | ADDRESS 192.5.6.30 | |
| 82 | ENTRY_BEGIN | |
| 83 | MATCH opcode qtype qname | |
| 84 | ADJUST copy_id | |
| 85 | REPLY QR NOERROR | |
| 86 | SECTION QUESTION | |
| 87 | com. IN NS | |
| 88 | SECTION ANSWER | |
| 89 | com. IN NS a.gtld-servers.net. | |
| 90 | SECTION ADDITIONAL | |
| 91 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 92 | ENTRY_END | |
| 93 | ||
| 94 | ENTRY_BEGIN | |
| 95 | MATCH opcode subdomain | |
| 96 | ADJUST copy_id copy_query | |
| 97 | REPLY QR NOERROR | |
| 98 | SECTION QUESTION | |
| 99 | example.com. IN A | |
| 100 | SECTION AUTHORITY | |
| 101 | example.com. IN NS ns.example.com. | |
| 102 | SECTION ADDITIONAL | |
| 103 | ns.example.com. IN A 1.2.3.4 | |
| 104 | ENTRY_END | |
| 105 | RANGE_END | |
| 106 | ||
| 107 | ; ns.example.com. | |
| 108 | RANGE_BEGIN 0 100 | |
| 109 | ADDRESS 1.2.3.4 | |
| 110 | ENTRY_BEGIN | |
| 111 | MATCH opcode qtype qname | |
| 112 | ADJUST copy_id | |
| 113 | REPLY QR NOERROR | |
| 114 | SECTION QUESTION | |
| 115 | example.com. IN NS | |
| 116 | SECTION ANSWER | |
| 117 | example.com. IN NS ns.example.com. | |
| 118 | example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= | |
| 119 | SECTION ADDITIONAL | |
| 120 | ns.example.com. IN A 1.2.3.4 | |
| 121 | ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= | |
| 122 | ENTRY_END | |
| 123 | ||
| 124 | ENTRY_BEGIN | |
| 125 | MATCH opcode qtype qname | |
| 126 | ADJUST copy_id | |
| 127 | REPLY QR AA NOERROR | |
| 128 | SECTION QUESTION | |
| 129 | ns.example.com. IN AAAA | |
| 130 | SECTION AUTHORITY | |
| 131 | example.com. 86400 IN SOA ns.example.com. example.com. 2002022401 10800 15 604800 10800 | |
| 132 | example.com. 86400 IN RRSIG SOA 8 2 86400 20170609142855 20170512142855 48069 example.com. fr6oVOsRMnm3D8N01LxzPvT9lWdNDhTlmwR1co42c3H2ra1EjbbKqkLcrXQAsq7E/ddzqgL3RnYS+3USojXycI1xhjXC8YT2xsW3uH8uTY1Qvk1K75lu1OXmDiU6wvHplFowl0OX7sx76lB1itbvsau4bMPMt03sf4u8po7V35s= | |
| 133 | ENTRY_END | |
| 134 | ||
| 135 | ; response to A query | |
| 136 | ENTRY_BEGIN | |
| 137 | MATCH opcode qtype qname | |
| 138 | ADJUST copy_id | |
| 139 | REPLY QR NOERROR | |
| 140 | SECTION QUESTION | |
| 141 | example.com. IN A | |
| 142 | SECTION ANSWER | |
| 143 | example.com. 3600 IN A 5.6.7.8 | |
| 144 | example.com. 3600 IN RRSIG A 8 2 3600 20170609142855 20170512142855 48069 example.com. Qviw6w8ReMG2WZxenvzj/YwoeM3Ln59Fnw6s1MRWGsD2yA3+y0loFdUEHZdRhrEiV0kvtQGC+kBhMuSMq/cyjprbKLw5pkS9+MMDDnVPP1PQb17LY4NIxPtq710AN1sjhBK6PVa6XN+3ciUmCcLs1ESviQkVKpgAY/QlV0TaarQ= | |
| 145 | SECTION AUTHORITY | |
| 146 | example.com. IN NS ns.example.com. | |
| 147 | example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= | |
| 148 | SECTION ADDITIONAL | |
| 149 | ns.example.com. IN A 1.2.3.4 | |
| 150 | ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= | |
| 151 | ENTRY_END | |
| 152 | ||
| 153 | ; response to IPSECKEY query | |
| 154 | ENTRY_BEGIN | |
| 155 | MATCH opcode qtype qname | |
| 156 | ADJUST copy_id | |
| 157 | REPLY QR NOERROR | |
| 158 | SECTION QUESTION | |
| 159 | example.com. IN IPSECKEY | |
| 160 | SECTION ANSWER | |
| 161 | example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 162 | ;(correct answer) example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. UqRbG6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE= | |
| 163 | ; (bogus answer) | |
| 164 | example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. Bogus6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE= | |
| 165 | SECTION AUTHORITY | |
| 166 | example.com. IN NS ns.example.com. | |
| 167 | example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= | |
| 168 | SECTION ADDITIONAL | |
| 169 | ns.example.com. IN A 1.2.3.4 | |
| 170 | ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= | |
| 171 | ENTRY_END | |
| 172 | ||
| 173 | ; response to DNSKEY priming query | |
| 174 | ENTRY_BEGIN | |
| 175 | MATCH opcode qtype qname | |
| 176 | ADJUST copy_id | |
| 177 | REPLY QR AA NOERROR | |
| 178 | SECTION QUESTION | |
| 179 | example.com. IN DNSKEY | |
| 180 | SECTION ANSWER | |
| 181 | example.com. 86400 IN DNSKEY 256 3 8 AwEAAddE7q1HL4Id+gpQ7imk+RyNEhCWgtew5tstsqIR/fXq0RBn0rF4SI1H6ysbb3nfqAV1xRDJ01ddpgfGyz9zXXHQ/H/9qEpeWapqfNTQ5GHHdxBL2iST7XusThfXEyX/pouKIpvtknvtLs8tmH64dajxoJkaejU2EKXKaBaRKcYx ;{id = 48069 (zsk), size = 1024b} | |
| 182 | example.com. 86400 IN RRSIG DNSKEY 8 2 86400 20170609144114 20170512144114 48069 example.com. mJU3LnubfYW7vhksiC1STWbrSjCe6TG1kEpnk4jRrYovues6bzOTIFSXEMjPW1mikulapnx3nMtTWdrW2InjfP9wLV/u2Wx1Vu3s9uzli/27y//3DOkZSeBa5RZdKpC1h8UB5GAxq4MRiSidgEBB1qaDIaE29sWmn9kPHEgNcgI= | |
| 183 | SECTION AUTHORITY | |
| 184 | example.com. IN NS ns.example.com. | |
| 185 | example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= | |
| 186 | SECTION ADDITIONAL | |
| 187 | ns.example.com. IN A 1.2.3.4 | |
| 188 | ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= | |
| 189 | ENTRY_END | |
| 190 | RANGE_END | |
| 191 | ||
| 192 | STEP 1 QUERY | |
| 193 | ENTRY_BEGIN | |
| 194 | REPLY RD | |
| 195 | SECTION QUESTION | |
| 196 | example.com. IN A | |
| 197 | ENTRY_END | |
| 198 | ||
| 199 | STEP 2 CHECK_OUT_QUERY | |
| 200 | ENTRY_BEGIN | |
| 201 | MATCH qname qtype opcode | |
| 202 | SECTION QUESTION | |
| 203 | example.com. IN IPSECKEY | |
| 204 | ENTRY_END | |
| 205 | ||
| 206 | STEP 10 CHECK_ANSWER | |
| 207 | ENTRY_BEGIN | |
| 208 | MATCH all ttl | |
| 209 | REPLY QR RD RA NOERROR | |
| 210 | SECTION QUESTION | |
| 211 | example.com. IN A | |
| 212 | SECTION ANSWER | |
| 213 | example.com. 200 IN A 5.6.7.8 | |
| 214 | SECTION AUTHORITY | |
| 215 | example.com. IN NS ns.example.com. | |
| 216 | SECTION ADDITIONAL | |
| 217 | ns.example.com. IN A 1.2.3.4 | |
| 218 | ENTRY_END | |
| 219 | ||
| 220 | ; Query without RD, check if cached and with correct TTL | |
| 221 | STEP 11 QUERY | |
| 222 | ENTRY_BEGIN | |
| 223 | SECTION QUESTION | |
| 224 | example.com. IN A | |
| 225 | ENTRY_END | |
| 226 | ||
| 227 | STEP 20 CHECK_ANSWER | |
| 228 | ENTRY_BEGIN | |
| 229 | MATCH all ttl | |
| 230 | REPLY QR RA NOERROR | |
| 231 | SECTION QUESTION | |
| 232 | example.com. IN A | |
| 233 | SECTION ANSWER | |
| 234 | example.com. 200 IN A 5.6.7.8 | |
| 235 | SECTION AUTHORITY | |
| 236 | example.com. IN NS ns.example.com. | |
| 237 | SECTION ADDITIONAL | |
| 238 | ns.example.com. IN A 1.2.3.4 | |
| 239 | ENTRY_END | |
| 240 | ||
| 241 | ; Query without RD, check if IPSECKEY is not cached | |
| 242 | STEP 21 QUERY | |
| 243 | ENTRY_BEGIN | |
| 244 | SECTION QUESTION | |
| 245 | example.com. IN IPSECKEY | |
| 246 | ENTRY_END | |
| 247 | ||
| 248 | STEP 30 CHECK_ANSWER | |
| 249 | ENTRY_BEGIN | |
| 250 | MATCH all | |
| 251 | REPLY QR RA SERVFAIL | |
| 252 | SECTION QUESTION | |
| 253 | example.com. IN IPSECKEY | |
| 254 | ENTRY_END | |
| 255 | ||
| 256 | SCENARIO_END |
| 0 | ; Test ipsecmod-max-ttl option. | |
| 1 | ||
| 2 | ; config options | |
| 3 | server: | |
| 4 | access-control: 127.0.0.1 allow_snoop | |
| 5 | module-config: "ipsecmod validator iterator" | |
| 6 | ; ../../ is there because the test runs from testdata/03-testbound.dir | |
| 7 | ipsecmod-hook: "../../testdata/ipsecmod_hook.sh" | |
| 8 | ipsecmod-strict: no | |
| 9 | ipsecmod-max-ttl: 200 | |
| 10 | ||
| 11 | stub-zone: | |
| 12 | name: "." | |
| 13 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 14 | CONFIG_END | |
| 15 | ||
| 16 | SCENARIO_BEGIN Test ipsecmod-max-ttl option | |
| 17 | ; Scenario overview: | |
| 18 | ; - query for example.com. IN A | |
| 19 | ; - check that query for example.com. IN IPSECKEY is generated | |
| 20 | ; - check that we get an answer for example.com. IN A with the correct TTL | |
| 21 | ; - check that the get the same answer from cache | |
| 22 | ; - check that we get the IPSECKEY answer from cache | |
| 23 | ||
| 24 | ; K.ROOT-SERVERS.NET. | |
| 25 | RANGE_BEGIN 0 100 | |
| 26 | ADDRESS 193.0.14.129 | |
| 27 | ENTRY_BEGIN | |
| 28 | MATCH opcode qtype qname | |
| 29 | ADJUST copy_id | |
| 30 | REPLY QR NOERROR | |
| 31 | SECTION QUESTION | |
| 32 | . IN NS | |
| 33 | SECTION ANSWER | |
| 34 | . IN NS K.ROOT-SERVERS.NET. | |
| 35 | SECTION ADDITIONAL | |
| 36 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 37 | ENTRY_END | |
| 38 | ||
| 39 | ENTRY_BEGIN | |
| 40 | MATCH opcode qtype qname | |
| 41 | ADJUST copy_id | |
| 42 | REPLY QR AA NOERROR | |
| 43 | SECTION QUESTION | |
| 44 | a.gtld-servers.net. IN AAAA | |
| 45 | SECTION AUTHORITY | |
| 46 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 47 | ENTRY_END | |
| 48 | ||
| 49 | ENTRY_BEGIN | |
| 50 | MATCH opcode qtype qname | |
| 51 | ADJUST copy_id | |
| 52 | REPLY QR AA NOERROR | |
| 53 | SECTION QUESTION | |
| 54 | K.ROOT-SERVERS.NET. IN AAAA | |
| 55 | SECTION AUTHORITY | |
| 56 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 57 | ENTRY_END | |
| 58 | ||
| 59 | ENTRY_BEGIN | |
| 60 | MATCH opcode subdomain | |
| 61 | ADJUST copy_id copy_query | |
| 62 | REPLY QR NOERROR | |
| 63 | SECTION QUESTION | |
| 64 | com. IN A | |
| 65 | SECTION AUTHORITY | |
| 66 | com. IN NS a.gtld-servers.net. | |
| 67 | SECTION ADDITIONAL | |
| 68 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 69 | ENTRY_END | |
| 70 | RANGE_END | |
| 71 | ||
| 72 | ; a.gtld-servers.net. | |
| 73 | RANGE_BEGIN 0 100 | |
| 74 | ADDRESS 192.5.6.30 | |
| 75 | ENTRY_BEGIN | |
| 76 | MATCH opcode qtype qname | |
| 77 | ADJUST copy_id | |
| 78 | REPLY QR NOERROR | |
| 79 | SECTION QUESTION | |
| 80 | com. IN NS | |
| 81 | SECTION ANSWER | |
| 82 | com. IN NS a.gtld-servers.net. | |
| 83 | SECTION ADDITIONAL | |
| 84 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 85 | ENTRY_END | |
| 86 | ||
| 87 | ENTRY_BEGIN | |
| 88 | MATCH opcode subdomain | |
| 89 | ADJUST copy_id copy_query | |
| 90 | REPLY QR NOERROR | |
| 91 | SECTION QUESTION | |
| 92 | example.com. IN A | |
| 93 | SECTION AUTHORITY | |
| 94 | example.com. IN NS ns.example.com. | |
| 95 | SECTION ADDITIONAL | |
| 96 | ns.example.com. IN A 1.2.3.4 | |
| 97 | ENTRY_END | |
| 98 | RANGE_END | |
| 99 | ||
| 100 | ; ns.example.com. | |
| 101 | RANGE_BEGIN 0 100 | |
| 102 | ADDRESS 1.2.3.4 | |
| 103 | ENTRY_BEGIN | |
| 104 | MATCH opcode qtype qname | |
| 105 | ADJUST copy_id | |
| 106 | REPLY QR NOERROR | |
| 107 | SECTION QUESTION | |
| 108 | example.com. IN NS | |
| 109 | SECTION ANSWER | |
| 110 | example.com. IN NS ns.example.com. | |
| 111 | SECTION ADDITIONAL | |
| 112 | ns.example.com. IN A 1.2.3.4 | |
| 113 | ENTRY_END | |
| 114 | ||
| 115 | ENTRY_BEGIN | |
| 116 | MATCH opcode qtype qname | |
| 117 | ADJUST copy_id | |
| 118 | REPLY QR AA NOERROR | |
| 119 | SECTION QUESTION | |
| 120 | ns.example.com. IN AAAA | |
| 121 | SECTION AUTHORITY | |
| 122 | example.com. 10 IN SOA . . 15 28800 7200 604800 10 | |
| 123 | ENTRY_END | |
| 124 | ||
| 125 | ; response to A query | |
| 126 | ENTRY_BEGIN | |
| 127 | MATCH opcode qtype qname | |
| 128 | ADJUST copy_id | |
| 129 | REPLY QR NOERROR | |
| 130 | SECTION QUESTION | |
| 131 | example.com. IN A | |
| 132 | SECTION ANSWER | |
| 133 | example.com. 3600 IN A 5.6.7.8 | |
| 134 | SECTION AUTHORITY | |
| 135 | example.com. IN NS ns.example.com. | |
| 136 | SECTION ADDITIONAL | |
| 137 | ns.example.com. IN A 1.2.3.4 | |
| 138 | ENTRY_END | |
| 139 | ||
| 140 | ; response to IPSECKEY query | |
| 141 | ENTRY_BEGIN | |
| 142 | MATCH opcode qtype qname | |
| 143 | ADJUST copy_id | |
| 144 | REPLY QR NOERROR | |
| 145 | SECTION QUESTION | |
| 146 | example.com. IN IPSECKEY | |
| 147 | SECTION ANSWER | |
| 148 | example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 149 | SECTION AUTHORITY | |
| 150 | example.com. IN NS ns.example.com. | |
| 151 | SECTION ADDITIONAL | |
| 152 | ns.example.com. IN A 1.2.3.4 | |
| 153 | ENTRY_END | |
| 154 | RANGE_END | |
| 155 | ||
| 156 | ; Query with RD flag | |
| 157 | STEP 1 QUERY | |
| 158 | ENTRY_BEGIN | |
| 159 | REPLY RD | |
| 160 | SECTION QUESTION | |
| 161 | example.com. IN A | |
| 162 | ENTRY_END | |
| 163 | ||
| 164 | STEP 2 CHECK_OUT_QUERY | |
| 165 | ENTRY_BEGIN | |
| 166 | MATCH qname qtype opcode | |
| 167 | SECTION QUESTION | |
| 168 | example.com. IN IPSECKEY | |
| 169 | ENTRY_END | |
| 170 | ||
| 171 | STEP 10 CHECK_ANSWER | |
| 172 | ENTRY_BEGIN | |
| 173 | MATCH all ttl | |
| 174 | REPLY QR RD RA NOERROR | |
| 175 | SECTION QUESTION | |
| 176 | example.com. IN A | |
| 177 | SECTION ANSWER | |
| 178 | example.com. 200 IN A 5.6.7.8 | |
| 179 | SECTION AUTHORITY | |
| 180 | example.com. IN NS ns.example.com. | |
| 181 | SECTION ADDITIONAL | |
| 182 | ns.example.com. IN A 1.2.3.4 | |
| 183 | ENTRY_END | |
| 184 | ||
| 185 | ; Query without RD, check if cached and with correct TTL | |
| 186 | STEP 11 QUERY | |
| 187 | ENTRY_BEGIN | |
| 188 | SECTION QUESTION | |
| 189 | example.com. IN A | |
| 190 | ENTRY_END | |
| 191 | ||
| 192 | STEP 20 CHECK_ANSWER | |
| 193 | ENTRY_BEGIN | |
| 194 | MATCH all ttl | |
| 195 | REPLY QR RA NOERROR | |
| 196 | SECTION QUESTION | |
| 197 | example.com. IN A | |
| 198 | SECTION ANSWER | |
| 199 | example.com. 200 IN A 5.6.7.8 | |
| 200 | SECTION AUTHORITY | |
| 201 | example.com. IN NS ns.example.com. | |
| 202 | SECTION ADDITIONAL | |
| 203 | ns.example.com. IN A 1.2.3.4 | |
| 204 | ENTRY_END | |
| 205 | ||
| 206 | ; Query without RD, check if IPSECKEY cached | |
| 207 | STEP 21 QUERY | |
| 208 | ENTRY_BEGIN | |
| 209 | SECTION QUESTION | |
| 210 | example.com. IN IPSECKEY | |
| 211 | ENTRY_END | |
| 212 | ||
| 213 | STEP 30 CHECK_ANSWER | |
| 214 | ENTRY_BEGIN | |
| 215 | MATCH all | |
| 216 | REPLY QR RA NOERROR | |
| 217 | SECTION QUESTION | |
| 218 | example.com. IN IPSECKEY | |
| 219 | SECTION ANSWER | |
| 220 | example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 221 | SECTION AUTHORITY | |
| 222 | example.com. IN NS ns.example.com. | |
| 223 | SECTION ADDITIONAL | |
| 224 | ns.example.com. IN A 1.2.3.4 | |
| 225 | ENTRY_END | |
| 226 | ||
| 227 | SCENARIO_END |
| 0 | ; Test ipsecmod-strict option | |
| 1 | ||
| 2 | ; config options | |
| 3 | server: | |
| 4 | access-control: 127.0.0.1 allow_snoop | |
| 5 | module-config: "ipsecmod validator iterator" | |
| 6 | ; ../../ is there because the test runs from testdata/03-testbound.dir | |
| 7 | ipsecmod-hook: "../../testdata/ipsecmod_hook.sh" | |
| 8 | ipsecmod-strict: yes | |
| 9 | ipsecmod-max-ttl: 200 | |
| 10 | ||
| 11 | stub-zone: | |
| 12 | name: "." | |
| 13 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 14 | CONFIG_END | |
| 15 | ||
| 16 | SCENARIO_BEGIN Test ipsecmod-strict option | |
| 17 | ; Scenario overview: | |
| 18 | ; - query for example.com. IN A | |
| 19 | ; - check that query for example.com. IN IPSECKEY is generated | |
| 20 | ; - check that we get SERVFAIL as answer (the hook failed) | |
| 21 | ; - check that the example.com. IN A answer is not cached | |
| 22 | ; - check that the example.com. IN IPSECKEY answer is cached | |
| 23 | ||
| 24 | ; K.ROOT-SERVERS.NET. | |
| 25 | RANGE_BEGIN 0 100 | |
| 26 | ADDRESS 193.0.14.129 | |
| 27 | ENTRY_BEGIN | |
| 28 | MATCH opcode qtype qname | |
| 29 | ADJUST copy_id | |
| 30 | REPLY QR NOERROR | |
| 31 | SECTION QUESTION | |
| 32 | . IN NS | |
| 33 | SECTION ANSWER | |
| 34 | . IN NS K.ROOT-SERVERS.NET. | |
| 35 | SECTION ADDITIONAL | |
| 36 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 37 | ENTRY_END | |
| 38 | ||
| 39 | ENTRY_BEGIN | |
| 40 | MATCH opcode qtype qname | |
| 41 | ADJUST copy_id | |
| 42 | REPLY QR AA NOERROR | |
| 43 | SECTION QUESTION | |
| 44 | a.gtld-servers.net. IN AAAA | |
| 45 | SECTION AUTHORITY | |
| 46 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 47 | ENTRY_END | |
| 48 | ||
| 49 | ENTRY_BEGIN | |
| 50 | MATCH opcode qtype qname | |
| 51 | ADJUST copy_id | |
| 52 | REPLY QR AA NOERROR | |
| 53 | SECTION QUESTION | |
| 54 | K.ROOT-SERVERS.NET. IN AAAA | |
| 55 | SECTION AUTHORITY | |
| 56 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 57 | ENTRY_END | |
| 58 | ||
| 59 | ENTRY_BEGIN | |
| 60 | MATCH opcode subdomain | |
| 61 | ADJUST copy_id copy_query | |
| 62 | REPLY QR NOERROR | |
| 63 | SECTION QUESTION | |
| 64 | com. IN A | |
| 65 | SECTION AUTHORITY | |
| 66 | com. IN NS a.gtld-servers.net. | |
| 67 | SECTION ADDITIONAL | |
| 68 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 69 | ENTRY_END | |
| 70 | RANGE_END | |
| 71 | ||
| 72 | ; a.gtld-servers.net. | |
| 73 | RANGE_BEGIN 0 100 | |
| 74 | ADDRESS 192.5.6.30 | |
| 75 | ENTRY_BEGIN | |
| 76 | MATCH opcode qtype qname | |
| 77 | ADJUST copy_id | |
| 78 | REPLY QR NOERROR | |
| 79 | SECTION QUESTION | |
| 80 | com. IN NS | |
| 81 | SECTION ANSWER | |
| 82 | com. IN NS a.gtld-servers.net. | |
| 83 | SECTION ADDITIONAL | |
| 84 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 85 | ENTRY_END | |
| 86 | ||
| 87 | ENTRY_BEGIN | |
| 88 | MATCH opcode subdomain | |
| 89 | ADJUST copy_id copy_query | |
| 90 | REPLY QR NOERROR | |
| 91 | SECTION QUESTION | |
| 92 | example.com. IN A | |
| 93 | SECTION AUTHORITY | |
| 94 | example.com. IN NS ns.example.com. | |
| 95 | SECTION ADDITIONAL | |
| 96 | ns.example.com. IN A 1.2.3.4 | |
| 97 | ENTRY_END | |
| 98 | RANGE_END | |
| 99 | ||
| 100 | ; ns.example.com. | |
| 101 | RANGE_BEGIN 0 100 | |
| 102 | ADDRESS 1.2.3.4 | |
| 103 | ENTRY_BEGIN | |
| 104 | MATCH opcode qtype qname | |
| 105 | ADJUST copy_id | |
| 106 | REPLY QR NOERROR | |
| 107 | SECTION QUESTION | |
| 108 | example.com. IN NS | |
| 109 | SECTION ANSWER | |
| 110 | example.com. IN NS ns.example.com. | |
| 111 | SECTION ADDITIONAL | |
| 112 | ns.example.com. IN A 1.2.3.4 | |
| 113 | ENTRY_END | |
| 114 | ||
| 115 | ENTRY_BEGIN | |
| 116 | MATCH opcode qtype qname | |
| 117 | ADJUST copy_id | |
| 118 | REPLY QR AA NOERROR | |
| 119 | SECTION QUESTION | |
| 120 | ns.example.com. IN AAAA | |
| 121 | SECTION AUTHORITY | |
| 122 | example.com. 10 IN SOA . . 15 28800 7200 604800 10 | |
| 123 | ENTRY_END | |
| 124 | ||
| 125 | ; response to A query | |
| 126 | ENTRY_BEGIN | |
| 127 | MATCH opcode qtype qname | |
| 128 | ADJUST copy_id | |
| 129 | REPLY QR NOERROR | |
| 130 | SECTION QUESTION | |
| 131 | example.com. IN A | |
| 132 | SECTION ANSWER | |
| 133 | example.com. 3600 IN A 5.6.7.8 | |
| 134 | SECTION AUTHORITY | |
| 135 | example.com. IN NS ns.example.com. | |
| 136 | SECTION ADDITIONAL | |
| 137 | ns.example.com. IN A 1.2.3.4 | |
| 138 | ENTRY_END | |
| 139 | ||
| 140 | ; response to IPSECKEY query | |
| 141 | ENTRY_BEGIN | |
| 142 | MATCH opcode qtype qname | |
| 143 | ADJUST copy_id | |
| 144 | REPLY QR NOERROR | |
| 145 | SECTION QUESTION | |
| 146 | example.com. IN IPSECKEY | |
| 147 | SECTION ANSWER | |
| 148 | example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 149 | SECTION AUTHORITY | |
| 150 | example.com. IN NS ns.example.com. | |
| 151 | SECTION ADDITIONAL | |
| 152 | ns.example.com. IN A 1.2.3.4 | |
| 153 | ENTRY_END | |
| 154 | RANGE_END | |
| 155 | ||
| 156 | STEP 1 QUERY | |
| 157 | ENTRY_BEGIN | |
| 158 | REPLY RD | |
| 159 | SECTION QUESTION | |
| 160 | example.com. IN A | |
| 161 | ENTRY_END | |
| 162 | ||
| 163 | STEP 2 CHECK_OUT_QUERY | |
| 164 | ENTRY_BEGIN | |
| 165 | MATCH qname qtype opcode | |
| 166 | SECTION QUESTION | |
| 167 | example.com. IN IPSECKEY | |
| 168 | ENTRY_END | |
| 169 | ||
| 170 | STEP 10 CHECK_ANSWER | |
| 171 | ENTRY_BEGIN | |
| 172 | MATCH all | |
| 173 | REPLY QR RD RA SERVFAIL | |
| 174 | SECTION QUESTION | |
| 175 | example.com. IN A | |
| 176 | ENTRY_END | |
| 177 | ||
| 178 | STEP 11 QUERY | |
| 179 | ENTRY_BEGIN | |
| 180 | SECTION QUESTION | |
| 181 | example.com. IN A | |
| 182 | ENTRY_END | |
| 183 | ||
| 184 | STEP 20 CHECK_ANSWER | |
| 185 | ENTRY_BEGIN | |
| 186 | MATCH all | |
| 187 | REPLY QR RA NOERROR | |
| 188 | SECTION QUESTION | |
| 189 | example.com. IN A | |
| 190 | SECTION AUTHORITY | |
| 191 | example.com. IN NS ns.example.com. | |
| 192 | SECTION ADDITIONAL | |
| 193 | ns.example.com. IN A 1.2.3.4 | |
| 194 | ENTRY_END | |
| 195 | ||
| 196 | STEP 21 QUERY | |
| 197 | ENTRY_BEGIN | |
| 198 | SECTION QUESTION | |
| 199 | example.com. IN IPSECKEY | |
| 200 | ENTRY_END | |
| 201 | ||
| 202 | STEP 30 CHECK_ANSWER | |
| 203 | ENTRY_BEGIN | |
| 204 | MATCH all | |
| 205 | REPLY QR RA NOERROR | |
| 206 | SECTION QUESTION | |
| 207 | example.com. IN IPSECKEY | |
| 208 | SECTION ANSWER | |
| 209 | example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 210 | SECTION AUTHORITY | |
| 211 | example.com. IN NS ns.example.com. | |
| 212 | SECTION ADDITIONAL | |
| 213 | ns.example.com. IN A 1.2.3.4 | |
| 214 | ENTRY_END | |
| 215 | ||
| 216 | SCENARIO_END |
| 0 | ; Test ipsecmod-whitelist option. | |
| 1 | ||
| 2 | ; config options | |
| 3 | server: | |
| 4 | access-control: 127.0.0.1 allow_snoop | |
| 5 | module-config: "ipsecmod validator iterator" | |
| 6 | ; ../../ is there because the test runs from testdata/03-testbound.dir | |
| 7 | ipsecmod-hook: "../../testdata/ipsecmod_hook.sh" | |
| 8 | ipsecmod-strict: no | |
| 9 | ipsecmod-max-ttl: 200 | |
| 10 | ipsecmod-whitelist: white.example.com | |
| 11 | ||
| 12 | stub-zone: | |
| 13 | name: "." | |
| 14 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 15 | CONFIG_END | |
| 16 | ||
| 17 | SCENARIO_BEGIN Test ipsecmod-whitelist option | |
| 18 | ; Scenario overview: | |
| 19 | ; - query for black.example.com. IN A | |
| 20 | ; - check that we get an answer for black.example.com. IN A with the correct TTL | |
| 21 | ; - check that an answer for black.example.com. IN IPSECKEY is not cached (not given) | |
| 22 | ; - query for white.example.com. IN A | |
| 23 | ; - check that query for white.example.com. IN IPSECKEY is generated | |
| 24 | ; - check that we get an answer for white.example.com. IN A with the correct TTL | |
| 25 | ; - check that the get the same answer from cache | |
| 26 | ; - check that we get the IPSECKEY answer from cache | |
| 27 | ||
| 28 | ; K.ROOT-SERVERS.NET. | |
| 29 | RANGE_BEGIN 0 100 | |
| 30 | ADDRESS 193.0.14.129 | |
| 31 | ENTRY_BEGIN | |
| 32 | MATCH opcode qtype qname | |
| 33 | ADJUST copy_id | |
| 34 | REPLY QR NOERROR | |
| 35 | SECTION QUESTION | |
| 36 | . IN NS | |
| 37 | SECTION ANSWER | |
| 38 | . IN NS K.ROOT-SERVERS.NET. | |
| 39 | SECTION ADDITIONAL | |
| 40 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 41 | ENTRY_END | |
| 42 | ||
| 43 | ENTRY_BEGIN | |
| 44 | MATCH opcode qtype qname | |
| 45 | ADJUST copy_id | |
| 46 | REPLY QR AA NOERROR | |
| 47 | SECTION QUESTION | |
| 48 | a.gtld-servers.net. IN AAAA | |
| 49 | SECTION AUTHORITY | |
| 50 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 51 | ENTRY_END | |
| 52 | ||
| 53 | ENTRY_BEGIN | |
| 54 | MATCH opcode qtype qname | |
| 55 | ADJUST copy_id | |
| 56 | REPLY QR AA NOERROR | |
| 57 | SECTION QUESTION | |
| 58 | K.ROOT-SERVERS.NET. IN AAAA | |
| 59 | SECTION AUTHORITY | |
| 60 | . 86400 IN SOA . . 20070304 28800 7200 604800 86400 | |
| 61 | ENTRY_END | |
| 62 | ||
| 63 | ENTRY_BEGIN | |
| 64 | MATCH opcode subdomain | |
| 65 | ADJUST copy_id copy_query | |
| 66 | REPLY QR NOERROR | |
| 67 | SECTION QUESTION | |
| 68 | com. IN A | |
| 69 | SECTION AUTHORITY | |
| 70 | com. IN NS a.gtld-servers.net. | |
| 71 | SECTION ADDITIONAL | |
| 72 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 73 | ENTRY_END | |
| 74 | RANGE_END | |
| 75 | ||
| 76 | ; a.gtld-servers.net. | |
| 77 | RANGE_BEGIN 0 100 | |
| 78 | ADDRESS 192.5.6.30 | |
| 79 | ENTRY_BEGIN | |
| 80 | MATCH opcode qtype qname | |
| 81 | ADJUST copy_id | |
| 82 | REPLY QR NOERROR | |
| 83 | SECTION QUESTION | |
| 84 | com. IN NS | |
| 85 | SECTION ANSWER | |
| 86 | com. IN NS a.gtld-servers.net. | |
| 87 | SECTION ADDITIONAL | |
| 88 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 89 | ENTRY_END | |
| 90 | ||
| 91 | ENTRY_BEGIN | |
| 92 | MATCH opcode subdomain | |
| 93 | ADJUST copy_id copy_query | |
| 94 | REPLY QR NOERROR | |
| 95 | SECTION QUESTION | |
| 96 | example.com. IN A | |
| 97 | SECTION AUTHORITY | |
| 98 | example.com. IN NS ns.example.com. | |
| 99 | SECTION ADDITIONAL | |
| 100 | ns.example.com. IN A 1.2.3.4 | |
| 101 | ENTRY_END | |
| 102 | RANGE_END | |
| 103 | ||
| 104 | ; ns.example.com. | |
| 105 | RANGE_BEGIN 0 100 | |
| 106 | ADDRESS 1.2.3.4 | |
| 107 | ENTRY_BEGIN | |
| 108 | MATCH opcode qtype qname | |
| 109 | ADJUST copy_id | |
| 110 | REPLY QR NOERROR | |
| 111 | SECTION QUESTION | |
| 112 | example.com. IN NS | |
| 113 | SECTION ANSWER | |
| 114 | example.com. IN NS ns.example.com. | |
| 115 | SECTION ADDITIONAL | |
| 116 | ns.example.com. IN A 1.2.3.4 | |
| 117 | ENTRY_END | |
| 118 | ||
| 119 | ENTRY_BEGIN | |
| 120 | MATCH opcode qtype qname | |
| 121 | ADJUST copy_id | |
| 122 | REPLY QR AA NOERROR | |
| 123 | SECTION QUESTION | |
| 124 | ns.example.com. IN AAAA | |
| 125 | SECTION AUTHORITY | |
| 126 | example.com. 10 IN SOA . . 15 28800 7200 604800 10 | |
| 127 | ENTRY_END | |
| 128 | ||
| 129 | ENTRY_BEGIN | |
| 130 | MATCH opcode qtype qname | |
| 131 | ADJUST copy_id | |
| 132 | REPLY QR NOERROR | |
| 133 | SECTION QUESTION | |
| 134 | white.example.com. IN A | |
| 135 | SECTION ANSWER | |
| 136 | white.example.com. 3600 IN A 5.6.7.8 | |
| 137 | SECTION AUTHORITY | |
| 138 | example.com. IN NS ns.example.com. | |
| 139 | SECTION ADDITIONAL | |
| 140 | ns.example.com. IN A 1.2.3.4 | |
| 141 | ENTRY_END | |
| 142 | ||
| 143 | ENTRY_BEGIN | |
| 144 | MATCH opcode qtype qname | |
| 145 | ADJUST copy_id | |
| 146 | REPLY QR NOERROR | |
| 147 | SECTION QUESTION | |
| 148 | white.example.com. IN IPSECKEY | |
| 149 | SECTION ANSWER | |
| 150 | white.example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 151 | SECTION AUTHORITY | |
| 152 | example.com. IN NS ns.example.com. | |
| 153 | SECTION ADDITIONAL | |
| 154 | ns.example.com. IN A 1.2.3.4 | |
| 155 | ENTRY_END | |
| 156 | ||
| 157 | ENTRY_BEGIN | |
| 158 | MATCH opcode qtype qname | |
| 159 | ADJUST copy_id | |
| 160 | REPLY QR NOERROR | |
| 161 | SECTION QUESTION | |
| 162 | black.example.com. IN A | |
| 163 | SECTION ANSWER | |
| 164 | black.example.com. 3600 IN A 5.6.7.8 | |
| 165 | SECTION AUTHORITY | |
| 166 | example.com. IN NS ns.example.com. | |
| 167 | SECTION ADDITIONAL | |
| 168 | ns.example.com. IN A 1.2.3.4 | |
| 169 | ENTRY_END | |
| 170 | ||
| 171 | ENTRY_BEGIN | |
| 172 | MATCH opcode qtype qname | |
| 173 | ADJUST copy_id | |
| 174 | REPLY QR NOERROR | |
| 175 | SECTION QUESTION | |
| 176 | black.example.com. IN IPSECKEY | |
| 177 | SECTION ANSWER | |
| 178 | black.example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 179 | SECTION AUTHORITY | |
| 180 | example.com. IN NS ns.example.com. | |
| 181 | SECTION ADDITIONAL | |
| 182 | ns.example.com. IN A 1.2.3.4 | |
| 183 | ENTRY_END | |
| 184 | RANGE_END | |
| 185 | ||
| 186 | STEP 1 QUERY | |
| 187 | ENTRY_BEGIN | |
| 188 | REPLY RD | |
| 189 | SECTION QUESTION | |
| 190 | black.example.com. IN A | |
| 191 | ENTRY_END | |
| 192 | ||
| 193 | STEP 10 CHECK_ANSWER | |
| 194 | ENTRY_BEGIN | |
| 195 | MATCH all ttl | |
| 196 | REPLY QR RD RA NOERROR | |
| 197 | SECTION QUESTION | |
| 198 | black.example.com. IN A | |
| 199 | SECTION ANSWER | |
| 200 | black.example.com. 3600 IN A 5.6.7.8 | |
| 201 | SECTION AUTHORITY | |
| 202 | example.com. IN NS ns.example.com. | |
| 203 | SECTION ADDITIONAL | |
| 204 | ns.example.com. IN A 1.2.3.4 | |
| 205 | ENTRY_END | |
| 206 | ||
| 207 | STEP 11 QUERY | |
| 208 | ENTRY_BEGIN | |
| 209 | SECTION QUESTION | |
| 210 | black.example.com. IN IPSECKEY | |
| 211 | ENTRY_END | |
| 212 | ||
| 213 | STEP 12 CHECK_ANSWER | |
| 214 | ENTRY_BEGIN | |
| 215 | MATCH all | |
| 216 | REPLY QR RA NOERROR | |
| 217 | SECTION QUESTION | |
| 218 | black.example.com. IN IPSECKEY | |
| 219 | SECTION AUTHORITY | |
| 220 | example.com. IN NS ns.example.com. | |
| 221 | SECTION ADDITIONAL | |
| 222 | ns.example.com. IN A 1.2.3.4 | |
| 223 | ENTRY_END | |
| 224 | ||
| 225 | STEP 20 QUERY | |
| 226 | ENTRY_BEGIN | |
| 227 | REPLY RD | |
| 228 | SECTION QUESTION | |
| 229 | white.example.com. IN A | |
| 230 | ENTRY_END | |
| 231 | ||
| 232 | STEP 21 CHECK_OUT_QUERY | |
| 233 | ENTRY_BEGIN | |
| 234 | MATCH qname qtype opcode | |
| 235 | SECTION QUESTION | |
| 236 | white.example.com. IN IPSECKEY | |
| 237 | ENTRY_END | |
| 238 | ||
| 239 | STEP 30 CHECK_ANSWER | |
| 240 | ENTRY_BEGIN | |
| 241 | MATCH all ttl | |
| 242 | REPLY QR RD RA NOERROR | |
| 243 | SECTION QUESTION | |
| 244 | white.example.com. IN A | |
| 245 | SECTION ANSWER | |
| 246 | white.example.com. 200 IN A 5.6.7.8 | |
| 247 | SECTION AUTHORITY | |
| 248 | example.com. IN NS ns.example.com. | |
| 249 | SECTION ADDITIONAL | |
| 250 | ns.example.com. IN A 1.2.3.4 | |
| 251 | ENTRY_END | |
| 252 | ||
| 253 | STEP 31 QUERY | |
| 254 | ENTRY_BEGIN | |
| 255 | SECTION QUESTION | |
| 256 | white.example.com. IN A | |
| 257 | ENTRY_END | |
| 258 | ||
| 259 | STEP 40 CHECK_ANSWER | |
| 260 | ENTRY_BEGIN | |
| 261 | MATCH all ttl | |
| 262 | REPLY QR RA NOERROR | |
| 263 | SECTION QUESTION | |
| 264 | white.example.com. IN A | |
| 265 | SECTION ANSWER | |
| 266 | white.example.com. 200 IN A 5.6.7.8 | |
| 267 | SECTION AUTHORITY | |
| 268 | example.com. IN NS ns.example.com. | |
| 269 | SECTION ADDITIONAL | |
| 270 | ns.example.com. IN A 1.2.3.4 | |
| 271 | ENTRY_END | |
| 272 | ||
| 273 | STEP 41 QUERY | |
| 274 | ENTRY_BEGIN | |
| 275 | SECTION QUESTION | |
| 276 | white.example.com. IN IPSECKEY | |
| 277 | ENTRY_END | |
| 278 | ||
| 279 | STEP 50 CHECK_ANSWER | |
| 280 | ENTRY_BEGIN | |
| 281 | MATCH all | |
| 282 | REPLY QR RA NOERROR | |
| 283 | SECTION QUESTION | |
| 284 | white.example.com. IN IPSECKEY | |
| 285 | SECTION ANSWER | |
| 286 | white.example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== | |
| 287 | SECTION AUTHORITY | |
| 288 | example.com. IN NS ns.example.com. | |
| 289 | SECTION ADDITIONAL | |
| 290 | ns.example.com. IN A 1.2.3.4 | |
| 291 | ENTRY_END | |
| 292 | ||
| 293 | SCENARIO_END |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 0 | ; config options | |
| 1 | server: | |
| 2 | harden-referral-path: no | |
| 3 | target-fetch-policy: "0 0 0 0 0" | |
| 4 | ||
| 5 | stub-zone: | |
| 6 | name: "." | |
| 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 8 | CONFIG_END | |
| 9 | ||
| 10 | SCENARIO_BEGIN Test scrub of insecure DNAME in answer section | |
| 11 | ||
| 12 | ; root infrastucture | |
| 13 | RANGE_BEGIN 0 10000000 | |
| 14 | ADDRESS 193.0.14.129 | |
| 15 | ENTRY_BEGIN | |
| 16 | MATCH qname qtype opcode | |
| 17 | ADJUST copy_id | |
| 18 | REPLY QR AA NOERROR | |
| 19 | SECTION QUESTION | |
| 20 | . IN NS | |
| 21 | SECTION ANSWER | |
| 22 | . IN NS K.ROOT-SERVERS.NET. | |
| 23 | SECTION ADDITIONAL | |
| 24 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 25 | ENTRY_END | |
| 26 | ||
| 27 | ENTRY_BEGIN | |
| 28 | MATCH qname qtype opcode | |
| 29 | ADJUST copy_id | |
| 30 | REPLY QR AA NOERROR | |
| 31 | SECTION QUESTION | |
| 32 | shortloop. IN TXT | |
| 33 | SECTION ANSWER | |
| 34 | shortloop. IN TXT "shortloop end" | |
| 35 | ENTRY_END | |
| 36 | ||
| 37 | ENTRY_BEGIN | |
| 38 | MATCH qname qtype opcode | |
| 39 | ADJUST copy_id | |
| 40 | REPLY QR AA NOERROR | |
| 41 | SECTION QUESTION | |
| 42 | K.ROOT-SERVERS.NET. IN A | |
| 43 | SECTION ANSWER | |
| 44 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 45 | ENTRY_END | |
| 46 | ||
| 47 | ENTRY_BEGIN | |
| 48 | MATCH qname qtype opcode | |
| 49 | ADJUST copy_id | |
| 50 | REPLY QR AA NOERROR | |
| 51 | SECTION QUESTION | |
| 52 | K.ROOT-SERVERS.NET. IN AAAA | |
| 53 | SECTION ANSWER | |
| 54 | ENTRY_END | |
| 55 | ||
| 56 | ENTRY_BEGIN | |
| 57 | MATCH subdomain opcode | |
| 58 | ADJUST copy_id copy_query | |
| 59 | REPLY QR NOERROR | |
| 60 | SECTION QUESTION | |
| 61 | com. IN A | |
| 62 | SECTION AUTHORITY | |
| 63 | com. IN NS a.gtld-servers.net. | |
| 64 | SECTION ADDITIONAL | |
| 65 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 66 | ENTRY_END | |
| 67 | ||
| 68 | ENTRY_BEGIN | |
| 69 | MATCH subdomain opcode | |
| 70 | ADJUST copy_id copy_query | |
| 71 | REPLY QR NOERROR | |
| 72 | SECTION QUESTION | |
| 73 | net. IN A | |
| 74 | SECTION AUTHORITY | |
| 75 | net. IN NS a.gtld-servers.net. | |
| 76 | SECTION ADDITIONAL | |
| 77 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 78 | ENTRY_END | |
| 79 | ||
| 80 | ENTRY_BEGIN | |
| 81 | MATCH subdomain opcode | |
| 82 | ADJUST copy_id copy_query | |
| 83 | REPLY QR NOERROR | |
| 84 | SECTION QUESTION | |
| 85 | x. IN A | |
| 86 | SECTION AUTHORITY | |
| 87 | x. IN NS a.gtld-servers.net. | |
| 88 | SECTION ADDITIONAL | |
| 89 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 90 | ENTRY_END | |
| 91 | ||
| 92 | ENTRY_BEGIN | |
| 93 | MATCH opcode subdomain | |
| 94 | ADJUST copy_id copy_query | |
| 95 | REPLY QR NOERROR | |
| 96 | SECTION QUESTION | |
| 97 | long. IN NS | |
| 98 | SECTION AUTHORITY | |
| 99 | long. IN NS a.gtld-servers.net. | |
| 100 | SECTION ADDITIONAL | |
| 101 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 102 | ENTRY_END | |
| 103 | ||
| 104 | ENTRY_BEGIN | |
| 105 | MATCH opcode subdomain | |
| 106 | ADJUST copy_id copy_query | |
| 107 | REPLY QR NOERROR | |
| 108 | SECTION QUESTION | |
| 109 | 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS | |
| 110 | SECTION AUTHORITY | |
| 111 | 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. | |
| 112 | SECTION ADDITIONAL | |
| 113 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 114 | ENTRY_END | |
| 115 | ||
| 116 | ENTRY_BEGIN | |
| 117 | MATCH qname qtype opcode | |
| 118 | ADJUST copy_id | |
| 119 | REPLY QR NOERROR | |
| 120 | SECTION QUESTION | |
| 121 | a.gtld-servers.net. IN A | |
| 122 | SECTION ANSWER | |
| 123 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 124 | ENTRY_END | |
| 125 | ||
| 126 | ENTRY_BEGIN | |
| 127 | MATCH qname qtype opcode | |
| 128 | ADJUST copy_id | |
| 129 | REPLY QR NOERROR | |
| 130 | SECTION QUESTION | |
| 131 | a.gtld-servers.net. IN AAAA | |
| 132 | SECTION ANSWER | |
| 133 | ENTRY_END | |
| 134 | RANGE_END | |
| 135 | ; end of root infrastucture | |
| 136 | ||
| 137 | ; a.gtld-servers.net. (com. net. x.) | |
| 138 | RANGE_BEGIN 0 10000000 | |
| 139 | ADDRESS 192.5.6.30 | |
| 140 | ENTRY_BEGIN | |
| 141 | MATCH qname qtype opcode | |
| 142 | ADJUST copy_id | |
| 143 | REPLY QR NOERROR | |
| 144 | SECTION QUESTION | |
| 145 | a.gtld-servers.net. IN A | |
| 146 | SECTION ANSWER | |
| 147 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 148 | ENTRY_END | |
| 149 | ||
| 150 | ENTRY_BEGIN | |
| 151 | MATCH qname qtype opcode | |
| 152 | ADJUST copy_id | |
| 153 | REPLY QR NOERROR | |
| 154 | SECTION QUESTION | |
| 155 | a.gtld-servers.net. IN AAAA | |
| 156 | SECTION ANSWER | |
| 157 | ENTRY_END | |
| 158 | ||
| 159 | ENTRY_BEGIN | |
| 160 | MATCH qname qtype opcode | |
| 161 | ADJUST copy_id | |
| 162 | REPLY QR NOERROR | |
| 163 | SECTION QUESTION | |
| 164 | com. IN NS | |
| 165 | SECTION AUTHORITY | |
| 166 | com. IN NS a.gtld-servers.net. | |
| 167 | SECTION ADDITIONAL | |
| 168 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 169 | ENTRY_END | |
| 170 | ||
| 171 | ENTRY_BEGIN | |
| 172 | MATCH qname qtype opcode | |
| 173 | ADJUST copy_id | |
| 174 | REPLY QR NOERROR | |
| 175 | SECTION QUESTION | |
| 176 | net. IN NS | |
| 177 | SECTION AUTHORITY | |
| 178 | net. IN NS a.gtld-servers.net. | |
| 179 | SECTION ADDITIONAL | |
| 180 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 181 | ENTRY_END | |
| 182 | ||
| 183 | ENTRY_BEGIN | |
| 184 | MATCH opcode subdomain | |
| 185 | ADJUST copy_id copy_query | |
| 186 | REPLY QR NOERROR | |
| 187 | SECTION QUESTION | |
| 188 | example.com. IN A | |
| 189 | SECTION AUTHORITY | |
| 190 | example.com. IN NS ns1.example.com. | |
| 191 | SECTION ADDITIONAL | |
| 192 | ns1.example.com. IN A 168.192.2.2 | |
| 193 | ENTRY_END | |
| 194 | ||
| 195 | ENTRY_BEGIN | |
| 196 | MATCH opcode subdomain | |
| 197 | ADJUST copy_id copy_query | |
| 198 | REPLY QR NOERROR | |
| 199 | SECTION QUESTION | |
| 200 | example.net. IN A | |
| 201 | SECTION AUTHORITY | |
| 202 | example.net. IN NS ns1.example.net. | |
| 203 | SECTION ADDITIONAL | |
| 204 | ns1.example.net. IN A 168.192.3.3 | |
| 205 | ENTRY_END | |
| 206 | ||
| 207 | ENTRY_BEGIN | |
| 208 | MATCH qname qtype opcode | |
| 209 | ADJUST copy_id | |
| 210 | REPLY QR NOERROR | |
| 211 | SECTION QUESTION | |
| 212 | x. IN NS | |
| 213 | SECTION AUTHORITY | |
| 214 | x. IN NS a.gtld-servers.net. | |
| 215 | SECTION ADDITIONAL | |
| 216 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 217 | ENTRY_END | |
| 218 | ||
| 219 | ENTRY_BEGIN | |
| 220 | MATCH qname qtype opcode | |
| 221 | ADJUST copy_id | |
| 222 | REPLY QR NOERROR | |
| 223 | SECTION QUESTION | |
| 224 | x. IN DNAME | |
| 225 | SECTION AUTHORITY | |
| 226 | x. IN DNAME . | |
| 227 | SECTION ADDITIONAL | |
| 228 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 229 | ENTRY_END | |
| 230 | ||
| 231 | ENTRY_BEGIN | |
| 232 | MATCH qname opcode | |
| 233 | ADJUST copy_id copy_query | |
| 234 | REPLY QR NOERROR | |
| 235 | SECTION QUESTION | |
| 236 | shortloop.x.x. IN CNAME | |
| 237 | SECTION ANSWER | |
| 238 | x. DNAME . | |
| 239 | shortloop.x.x. IN CNAME shortloop.x. | |
| 240 | shortloop.x. IN CNAME shortloop. | |
| 241 | ENTRY_END | |
| 242 | ||
| 243 | ENTRY_BEGIN | |
| 244 | MATCH qname opcode | |
| 245 | ADJUST copy_id copy_query | |
| 246 | REPLY QR NOERROR | |
| 247 | SECTION QUESTION | |
| 248 | shortloop.x. IN CNAME | |
| 249 | SECTION ANSWER | |
| 250 | x. DNAME . | |
| 251 | shortloop.x. IN CNAME shortloop. | |
| 252 | ENTRY_END | |
| 253 | ||
| 254 | ENTRY_BEGIN | |
| 255 | MATCH qname qtype opcode | |
| 256 | ADJUST copy_id | |
| 257 | REPLY QR NOERROR | |
| 258 | SECTION QUESTION | |
| 259 | 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS | |
| 260 | SECTION AUTHORITY | |
| 261 | 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. | |
| 262 | SECTION ADDITIONAL | |
| 263 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 264 | ENTRY_END | |
| 265 | ||
| 266 | ENTRY_BEGIN | |
| 267 | MATCH qname qtype opcode | |
| 268 | ADJUST copy_id | |
| 269 | REPLY QR NOERROR | |
| 270 | SECTION QUESTION | |
| 271 | long. IN NS | |
| 272 | SECTION AUTHORITY | |
| 273 | long. IN NS a.gtld-servers.net. | |
| 274 | SECTION ADDITIONAL | |
| 275 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 276 | ENTRY_END | |
| 277 | ||
| 278 | ; DNAME at zone apex, allowed by RFC 6672 section 2.3 | |
| 279 | ENTRY_BEGIN | |
| 280 | MATCH qname qtype opcode | |
| 281 | ADJUST copy_id | |
| 282 | REPLY QR NOERROR | |
| 283 | SECTION QUESTION | |
| 284 | long. IN DNAME | |
| 285 | SECTION ANSWER | |
| 286 | long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 287 | ENTRY_END | |
| 288 | ||
| 289 | ENTRY_BEGIN | |
| 290 | MATCH qname qtype opcode | |
| 291 | ADJUST copy_id | |
| 292 | REPLY QR NOERROR | |
| 293 | SECTION QUESTION | |
| 294 | x.long. IN A | |
| 295 | SECTION ANSWER | |
| 296 | long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 297 | x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 298 | x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 | |
| 299 | ENTRY_END | |
| 300 | ||
| 301 | ENTRY_BEGIN | |
| 302 | MATCH qname qtype opcode | |
| 303 | ADJUST copy_id | |
| 304 | REPLY QR NOERROR | |
| 305 | SECTION QUESTION | |
| 306 | x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A | |
| 307 | SECTION ANSWER | |
| 308 | x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 | |
| 309 | ENTRY_END | |
| 310 | ||
| 311 | ENTRY_BEGIN | |
| 312 | MATCH qname opcode | |
| 313 | ADJUST copy_id copy_query | |
| 314 | REPLY QR YXDOMAIN | |
| 315 | SECTION QUESTION | |
| 316 | too.long. IN A | |
| 317 | SECTION ANSWER | |
| 318 | long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 319 | ENTRY_END | |
| 320 | RANGE_END | |
| 321 | ; end of a.gtld-servers.net. | |
| 322 | ||
| 323 | ; RFC 6672 section 2.2. The DNAME Substitution table tests | |
| 324 | ;# QNAME owner DNAME target result | |
| 325 | ;-- ---------------- -------------- -------------- ----------------- | |
| 326 | ;1 com. example.com. example.net. <no match> | |
| 327 | ;2 example.com. example.com. example.net. [0] | |
| 328 | ;3 a.example.com. example.com. example.net. a.example.net. | |
| 329 | ;4 a.b.example.com. example.com. example.net. a.b.example.net. | |
| 330 | ;5 ab.example.com. b.example.com. example.net. <no match> | |
| 331 | ;6 foo.example.com. example.com. example.net. foo.example.net. | |
| 332 | ;7 a.x.example.com. x.example.com. example.net. a.example.net. | |
| 333 | ;8 a.example.com. example.com. y.example.net. a.y.example.net. | |
| 334 | ;9 cyc.example.com. example.com. example.com. cyc.example.com. | |
| 335 | ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. | |
| 336 | ;11 shortloop.x.x. x. . shortloop.x. | |
| 337 | ;12 shortloop.x. x. . shortloop. | |
| 338 | ; | |
| 339 | ; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then | |
| 340 | ; the result is "example.com.", else "<no match>". | |
| 341 | ; | |
| 342 | ; Table 1. DNAME Substitution Examples | |
| 343 | ||
| 344 | ; line no. 1 is mostly for authoritative server | |
| 345 | ; line no. 2 QTYPE != DNAME | |
| 346 | STEP 220201 QUERY | |
| 347 | ENTRY_BEGIN | |
| 348 | REPLY RD DO | |
| 349 | SECTION QUESTION | |
| 350 | example.com. IN NS | |
| 351 | ENTRY_END | |
| 352 | ||
| 353 | STEP 220202 CHECK_ANSWER | |
| 354 | ENTRY_BEGIN | |
| 355 | MATCH all | |
| 356 | REPLY QR RD RA DO | |
| 357 | SECTION QUESTION | |
| 358 | example.com. IN NS | |
| 359 | SECTION ANSWER | |
| 360 | example.com. IN NS ns1.example.com. | |
| 361 | SECTION ADDITIONAL | |
| 362 | ns1.example.com. 0 IN A 168.192.2.2 | |
| 363 | ENTRY_END | |
| 364 | ||
| 365 | ; line no. 2 QTYPE == DNAME | |
| 366 | STEP 220203 QUERY | |
| 367 | ENTRY_BEGIN | |
| 368 | REPLY RD DO | |
| 369 | SECTION QUESTION | |
| 370 | example.com. IN DNAME | |
| 371 | ENTRY_END | |
| 372 | ||
| 373 | STEP 220204 CHECK_ANSWER | |
| 374 | ENTRY_BEGIN | |
| 375 | MATCH all | |
| 376 | REPLY QR RD RA DO | |
| 377 | SECTION QUESTION | |
| 378 | example.com. IN DNAME | |
| 379 | SECTION ANSWER | |
| 380 | example.com. IN DNAME example.net. | |
| 381 | ENTRY_END | |
| 382 | ||
| 383 | ||
| 384 | ;# QNAME owner DNAME target result | |
| 385 | ;-- ---------------- -------------- -------------- ----------------- | |
| 386 | ;3 a.example.com. example.com. example.net. a.example.net. | |
| 387 | ||
| 388 | STEP 220301 QUERY | |
| 389 | ENTRY_BEGIN | |
| 390 | REPLY RD DO | |
| 391 | SECTION QUESTION | |
| 392 | a.example.com. IN A | |
| 393 | ENTRY_END | |
| 394 | ||
| 395 | STEP 220302 CHECK_ANSWER | |
| 396 | ENTRY_BEGIN | |
| 397 | MATCH all | |
| 398 | REPLY QR RD RA DO | |
| 399 | SECTION QUESTION | |
| 400 | a.example.com. IN A | |
| 401 | SECTION ANSWER | |
| 402 | example.com. IN DNAME example.net. | |
| 403 | a.example.com. IN CNAME a.example.net. | |
| 404 | a.example.net. IN A 10.0.0.97 | |
| 405 | ENTRY_END | |
| 406 | ||
| 407 | ;# QNAME owner DNAME target result | |
| 408 | ;-- ---------------- -------------- -------------- ----------------- | |
| 409 | ;4 a.b.example.com. example.com. example.net. a.b.example.net. | |
| 410 | ||
| 411 | STEP 220401 QUERY | |
| 412 | ENTRY_BEGIN | |
| 413 | REPLY RD DO | |
| 414 | SECTION QUESTION | |
| 415 | a.b.example.com. IN A | |
| 416 | ENTRY_END | |
| 417 | ||
| 418 | STEP 220402 CHECK_ANSWER | |
| 419 | ENTRY_BEGIN | |
| 420 | MATCH all | |
| 421 | REPLY QR RD RA DO | |
| 422 | SECTION QUESTION | |
| 423 | a.b.example.com. IN A | |
| 424 | SECTION ANSWER | |
| 425 | example.com. IN DNAME example.net. | |
| 426 | a.b.example.com. IN CNAME a.b.example.net. | |
| 427 | a.b.example.net. IN A 10.0.97.98 | |
| 428 | ENTRY_END | |
| 429 | ||
| 430 | ;# QNAME owner DNAME target result | |
| 431 | ;-- ---------------- -------------- -------------- ----------------- | |
| 432 | ;5 ab.example.com. b.example.com. example.net. <no match> | |
| 433 | ;6 foo.example.com. example.com. example.net. foo.example.net. | |
| 434 | ||
| 435 | ; line no. 5 is mostly for authoritative server | |
| 436 | ; line no. 6 is basically the same as line no. 3 | |
| 437 | ||
| 438 | ; ns1.example.com. | |
| 439 | RANGE_BEGIN 220000 220699 | |
| 440 | ADDRESS 168.192.2.2 | |
| 441 | ENTRY_BEGIN | |
| 442 | MATCH opcode qtype qname | |
| 443 | ADJUST copy_id | |
| 444 | REPLY QR AA NOERROR | |
| 445 | SECTION QUESTION | |
| 446 | example.com. IN NS | |
| 447 | SECTION ANSWER | |
| 448 | example.com. IN NS ns1.example.com. | |
| 449 | SECTION ADDITIONAL | |
| 450 | ns1.example.com. IN A 168.192.2.2 | |
| 451 | ENTRY_END | |
| 452 | ||
| 453 | ENTRY_BEGIN | |
| 454 | MATCH opcode qtype qname | |
| 455 | ADJUST copy_id | |
| 456 | REPLY QR AA NOERROR | |
| 457 | SECTION QUESTION | |
| 458 | ns1.example.com. IN A | |
| 459 | SECTION ANSWER | |
| 460 | ns1.example.com. IN A 168.192.2.2 | |
| 461 | ENTRY_END | |
| 462 | ||
| 463 | ENTRY_BEGIN | |
| 464 | MATCH opcode qtype qname | |
| 465 | ADJUST copy_id | |
| 466 | REPLY QR AA NOERROR | |
| 467 | SECTION QUESTION | |
| 468 | ns1.example.com. IN AAAA | |
| 469 | SECTION ANSWER | |
| 470 | ENTRY_END | |
| 471 | ||
| 472 | ; line 2 DNAME | |
| 473 | ENTRY_BEGIN | |
| 474 | MATCH opcode qtype qname | |
| 475 | ADJUST copy_id | |
| 476 | REPLY QR AA NOERROR | |
| 477 | SECTION QUESTION | |
| 478 | example.com. IN DNAME | |
| 479 | SECTION ANSWER | |
| 480 | example.com. IN DNAME example.net. | |
| 481 | ENTRY_END | |
| 482 | ||
| 483 | ; line 3 | |
| 484 | ENTRY_BEGIN | |
| 485 | MATCH opcode qtype qname | |
| 486 | ADJUST copy_id | |
| 487 | REPLY QR AA NOERROR | |
| 488 | SECTION QUESTION | |
| 489 | a.example.com. IN A | |
| 490 | SECTION ANSWER | |
| 491 | example.com. IN DNAME example.net. | |
| 492 | a.example.com. IN CNAME a.example.net. | |
| 493 | ENTRY_END | |
| 494 | ||
| 495 | ; line 4 | |
| 496 | ENTRY_BEGIN | |
| 497 | MATCH opcode qtype qname | |
| 498 | ADJUST copy_id | |
| 499 | REPLY QR AA NOERROR | |
| 500 | SECTION QUESTION | |
| 501 | a.b.example.com. IN A | |
| 502 | SECTION ANSWER | |
| 503 | example.com. IN DNAME example.net. | |
| 504 | a.b.example.com. IN CNAME a.b.example.net. | |
| 505 | ENTRY_END | |
| 506 | RANGE_END | |
| 507 | ; end of ns1.example.com. | |
| 508 | ||
| 509 | ||
| 510 | ;# QNAME owner DNAME target result | |
| 511 | ;-- ---------------- -------------- -------------- ----------------- | |
| 512 | ;7 a.x.example.com. x.example.com. example.net. a.example.net. | |
| 513 | ||
| 514 | STEP 220701 QUERY | |
| 515 | ENTRY_BEGIN | |
| 516 | REPLY RD DO | |
| 517 | SECTION QUESTION | |
| 518 | a.x.example.com. IN A | |
| 519 | ENTRY_END | |
| 520 | ||
| 521 | STEP 220702 CHECK_ANSWER | |
| 522 | ENTRY_BEGIN | |
| 523 | MATCH all | |
| 524 | REPLY QR RD RA DO | |
| 525 | SECTION QUESTION | |
| 526 | a.x.example.com. IN A | |
| 527 | SECTION ANSWER | |
| 528 | x.example.com. IN DNAME example.net. | |
| 529 | a.x.example.com. IN CNAME a.example.net. | |
| 530 | a.example.net. IN A 10.0.0.97 | |
| 531 | ENTRY_END | |
| 532 | ||
| 533 | ; ns1.example.com. | |
| 534 | RANGE_BEGIN 220700 220799 | |
| 535 | ADDRESS 168.192.2.2 | |
| 536 | ENTRY_BEGIN | |
| 537 | MATCH opcode qtype qname | |
| 538 | ADJUST copy_id | |
| 539 | REPLY QR AA NOERROR | |
| 540 | SECTION QUESTION | |
| 541 | example.com. IN NS | |
| 542 | SECTION ANSWER | |
| 543 | example.com. IN NS ns1.example.com. | |
| 544 | SECTION ADDITIONAL | |
| 545 | ns1.example.com. IN A 168.192.2.2 | |
| 546 | ENTRY_END | |
| 547 | ||
| 548 | ENTRY_BEGIN | |
| 549 | MATCH opcode qtype qname | |
| 550 | ADJUST copy_id | |
| 551 | REPLY QR AA NOERROR | |
| 552 | SECTION QUESTION | |
| 553 | ns1.example.com. IN A | |
| 554 | SECTION ANSWER | |
| 555 | ns1.example.com. IN A 168.192.2.2 | |
| 556 | ENTRY_END | |
| 557 | ||
| 558 | ENTRY_BEGIN | |
| 559 | MATCH opcode qtype qname | |
| 560 | ADJUST copy_id | |
| 561 | REPLY QR AA NOERROR | |
| 562 | SECTION QUESTION | |
| 563 | ns1.example.com. IN AAAA | |
| 564 | SECTION ANSWER | |
| 565 | ENTRY_END | |
| 566 | ||
| 567 | ; line 7 DNAME | |
| 568 | ENTRY_BEGIN | |
| 569 | MATCH opcode qtype qname | |
| 570 | ADJUST copy_id | |
| 571 | REPLY QR AA NOERROR | |
| 572 | SECTION QUESTION | |
| 573 | example.com. IN DNAME | |
| 574 | SECTION ANSWER | |
| 575 | x.example.com. IN DNAME example.net. | |
| 576 | ENTRY_END | |
| 577 | ||
| 578 | ENTRY_BEGIN | |
| 579 | MATCH opcode qtype qname | |
| 580 | ADJUST copy_id | |
| 581 | REPLY QR AA NOERROR | |
| 582 | SECTION QUESTION | |
| 583 | a.x.example.com. IN A | |
| 584 | SECTION ANSWER | |
| 585 | x.example.com. IN DNAME example.net. | |
| 586 | a.x.example.com. IN CNAME a.example.net. | |
| 587 | ENTRY_END | |
| 588 | RANGE_END | |
| 589 | ; end of ns1.example.com. | |
| 590 | ||
| 591 | ;# QNAME owner DNAME target result | |
| 592 | ;-- ---------------- -------------- -------------- ----------------- | |
| 593 | ;8 a.example.com. example.com. y.example.net. a.y.example.net. | |
| 594 | ; | |
| 595 | ; a.example.com. was renamed to a2.example.com. to avoid cache clashes | |
| 596 | ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) | |
| 597 | ||
| 598 | STEP 220801 QUERY | |
| 599 | ENTRY_BEGIN | |
| 600 | REPLY RD DO | |
| 601 | SECTION QUESTION | |
| 602 | a2.example.com. IN A | |
| 603 | ENTRY_END | |
| 604 | ||
| 605 | STEP 220802 CHECK_ANSWER | |
| 606 | ENTRY_BEGIN | |
| 607 | MATCH all | |
| 608 | REPLY QR RD RA DO | |
| 609 | SECTION QUESTION | |
| 610 | a2.example.com. IN A | |
| 611 | SECTION ANSWER | |
| 612 | example.com. IN DNAME y.example.net. | |
| 613 | a2.example.com. IN CNAME a2.y.example.net. | |
| 614 | a2.y.example.net. IN A 10.97.50.121 | |
| 615 | ENTRY_END | |
| 616 | ||
| 617 | ; ns1.example.com. | |
| 618 | RANGE_BEGIN 220800 220899 | |
| 619 | ADDRESS 168.192.2.2 | |
| 620 | ENTRY_BEGIN | |
| 621 | MATCH opcode qtype qname | |
| 622 | ADJUST copy_id | |
| 623 | REPLY QR AA NOERROR | |
| 624 | SECTION QUESTION | |
| 625 | example.com. IN NS | |
| 626 | SECTION ANSWER | |
| 627 | example.com. IN NS ns1.example.com. | |
| 628 | SECTION ADDITIONAL | |
| 629 | ns1.example.com. IN A 168.192.2.2 | |
| 630 | ENTRY_END | |
| 631 | ||
| 632 | ENTRY_BEGIN | |
| 633 | MATCH opcode qtype qname | |
| 634 | ADJUST copy_id | |
| 635 | REPLY QR AA NOERROR | |
| 636 | SECTION QUESTION | |
| 637 | ns1.example.com. IN A | |
| 638 | SECTION ANSWER | |
| 639 | ns1.example.com. IN A 168.192.2.2 | |
| 640 | ENTRY_END | |
| 641 | ||
| 642 | ENTRY_BEGIN | |
| 643 | MATCH opcode qtype qname | |
| 644 | ADJUST copy_id | |
| 645 | REPLY QR AA NOERROR | |
| 646 | SECTION QUESTION | |
| 647 | ns1.example.com. IN AAAA | |
| 648 | SECTION ANSWER | |
| 649 | ENTRY_END | |
| 650 | ||
| 651 | ; line 8 DNAME | |
| 652 | ENTRY_BEGIN | |
| 653 | MATCH opcode qtype qname | |
| 654 | ADJUST copy_id | |
| 655 | REPLY QR AA NOERROR | |
| 656 | SECTION QUESTION | |
| 657 | example.com. IN DNAME | |
| 658 | SECTION ANSWER | |
| 659 | example.com. IN DNAME y.example.net. | |
| 660 | ENTRY_END | |
| 661 | ||
| 662 | ENTRY_BEGIN | |
| 663 | MATCH opcode qtype qname | |
| 664 | ADJUST copy_id | |
| 665 | REPLY QR AA NOERROR | |
| 666 | SECTION QUESTION | |
| 667 | a2.example.com. IN A | |
| 668 | SECTION ANSWER | |
| 669 | example.com. IN DNAME y.example.net. | |
| 670 | a2.example.com. IN CNAME a2.y.example.net. | |
| 671 | ENTRY_END | |
| 672 | RANGE_END | |
| 673 | ; end of ns1.example.com. | |
| 674 | ||
| 675 | ||
| 676 | ;# QNAME owner DNAME target result | |
| 677 | ;-- ---------------- -------------- -------------- ----------------- | |
| 678 | ;9 cyc.example.com. example.com. example.com. cyc.example.com. | |
| 679 | ||
| 680 | STEP 220901 QUERY | |
| 681 | ENTRY_BEGIN | |
| 682 | REPLY RD DO | |
| 683 | SECTION QUESTION | |
| 684 | cyc.example.com. IN A | |
| 685 | ENTRY_END | |
| 686 | ||
| 687 | ; Expected result is defined by RFC 1034 section 3.6.2: | |
| 688 | ; CNAME chains should be followed and CNAME loops signalled as an error | |
| 689 | STEP 220902 CHECK_ANSWER | |
| 690 | ENTRY_BEGIN | |
| 691 | MATCH all | |
| 692 | REPLY QR RD RA DO | |
| 693 | REPLY NOERROR | |
| 694 | SECTION QUESTION | |
| 695 | cyc.example.com. IN A | |
| 696 | SECTION ANSWER | |
| 697 | example.com. 0 IN DNAME example.com. | |
| 698 | cyc.example.com. 0 IN CNAME cyc.example.com. | |
| 699 | ENTRY_END | |
| 700 | ||
| 701 | ; ns1.example.com. | |
| 702 | RANGE_BEGIN 220900 220999 | |
| 703 | ADDRESS 168.192.2.2 | |
| 704 | ENTRY_BEGIN | |
| 705 | MATCH opcode qtype qname | |
| 706 | ADJUST copy_id | |
| 707 | REPLY QR AA NOERROR | |
| 708 | SECTION QUESTION | |
| 709 | example.com. IN NS | |
| 710 | SECTION ANSWER | |
| 711 | example.com. IN NS ns1.example.com. | |
| 712 | SECTION ADDITIONAL | |
| 713 | ns1.example.com. IN A 168.192.2.2 | |
| 714 | ENTRY_END | |
| 715 | ||
| 716 | ENTRY_BEGIN | |
| 717 | MATCH opcode qtype qname | |
| 718 | ADJUST copy_id | |
| 719 | REPLY QR AA NOERROR | |
| 720 | SECTION QUESTION | |
| 721 | ns1.example.com. IN A | |
| 722 | SECTION ANSWER | |
| 723 | ns1.example.com. IN A 168.192.2.2 | |
| 724 | ENTRY_END | |
| 725 | ||
| 726 | ENTRY_BEGIN | |
| 727 | MATCH opcode qtype qname | |
| 728 | ADJUST copy_id | |
| 729 | REPLY QR AA NOERROR | |
| 730 | SECTION QUESTION | |
| 731 | ns1.example.com. IN AAAA | |
| 732 | SECTION ANSWER | |
| 733 | ENTRY_END | |
| 734 | ||
| 735 | ; line 9 DNAME | |
| 736 | ENTRY_BEGIN | |
| 737 | MATCH opcode qtype qname | |
| 738 | ADJUST copy_id | |
| 739 | REPLY QR AA NOERROR | |
| 740 | SECTION QUESTION | |
| 741 | example.com. IN DNAME | |
| 742 | SECTION ANSWER | |
| 743 | example.com. IN DNAME example.com. | |
| 744 | ENTRY_END | |
| 745 | ||
| 746 | ENTRY_BEGIN | |
| 747 | MATCH opcode qtype qname | |
| 748 | ADJUST copy_id | |
| 749 | REPLY QR AA NOERROR | |
| 750 | SECTION QUESTION | |
| 751 | cyc.example.com. IN A | |
| 752 | SECTION ANSWER | |
| 753 | example.com. IN DNAME example.com. | |
| 754 | cyc.example.com. IN CNAME cyc.example.com. | |
| 755 | ENTRY_END | |
| 756 | RANGE_END | |
| 757 | ; end of ns1.example.com. | |
| 758 | ||
| 759 | ;# QNAME owner DNAME target result | |
| 760 | ;-- ---------------- -------------- -------------- ----------------- | |
| 761 | ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. | |
| 762 | ; | |
| 763 | ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes | |
| 764 | ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) | |
| 765 | ; | |
| 766 | ; target c.example.com. was renamed to cyc2.example.net. | |
| 767 | ; to limit number of pre-canned answers required for the test | |
| 768 | ||
| 769 | STEP 221001 QUERY | |
| 770 | ENTRY_BEGIN | |
| 771 | REPLY RD DO | |
| 772 | SECTION QUESTION | |
| 773 | cyc2.example.com. IN A | |
| 774 | ENTRY_END | |
| 775 | ||
| 776 | ; Expected result is defined by RFC 1034 section 3.6.2: | |
| 777 | ; CNAME chains should be followed and CNAME loops signalled as an error | |
| 778 | STEP 221002 CHECK_ANSWER | |
| 779 | ENTRY_BEGIN | |
| 780 | MATCH all | |
| 781 | REPLY QR RD RA DO SERVFAIL | |
| 782 | SECTION QUESTION | |
| 783 | cyc2.example.com. IN A | |
| 784 | ENTRY_END | |
| 785 | ||
| 786 | ; ns1.example.com. | |
| 787 | RANGE_BEGIN 221000 221099 | |
| 788 | ADDRESS 168.192.2.2 | |
| 789 | ENTRY_BEGIN | |
| 790 | MATCH opcode qtype qname | |
| 791 | ADJUST copy_id | |
| 792 | REPLY QR AA NOERROR | |
| 793 | SECTION QUESTION | |
| 794 | example.com. IN NS | |
| 795 | SECTION ANSWER | |
| 796 | example.com. IN NS ns1.example.com. | |
| 797 | SECTION ADDITIONAL | |
| 798 | ns1.example.com. IN A 168.192.2.2 | |
| 799 | ENTRY_END | |
| 800 | ||
| 801 | ENTRY_BEGIN | |
| 802 | MATCH opcode qtype qname | |
| 803 | ADJUST copy_id | |
| 804 | REPLY QR AA NOERROR | |
| 805 | SECTION QUESTION | |
| 806 | ns1.example.com. IN A | |
| 807 | SECTION ANSWER | |
| 808 | ns1.example.com. IN A 168.192.2.2 | |
| 809 | ENTRY_END | |
| 810 | ||
| 811 | ENTRY_BEGIN | |
| 812 | MATCH opcode qtype qname | |
| 813 | ADJUST copy_id | |
| 814 | REPLY QR AA NOERROR | |
| 815 | SECTION QUESTION | |
| 816 | ns1.example.com. IN AAAA | |
| 817 | SECTION ANSWER | |
| 818 | ENTRY_END | |
| 819 | ||
| 820 | ; line 10 DNAME | |
| 821 | ENTRY_BEGIN | |
| 822 | MATCH opcode qtype qname | |
| 823 | ADJUST copy_id | |
| 824 | REPLY QR AA NOERROR | |
| 825 | SECTION QUESTION | |
| 826 | example.com. IN DNAME | |
| 827 | SECTION ANSWER | |
| 828 | example.com. IN DNAME cyc2.example.net. | |
| 829 | ENTRY_END | |
| 830 | ||
| 831 | ENTRY_BEGIN | |
| 832 | MATCH opcode qtype qname | |
| 833 | ADJUST copy_id | |
| 834 | REPLY QR AA NOERROR | |
| 835 | SECTION QUESTION | |
| 836 | cyc2.example.com. IN A | |
| 837 | SECTION ANSWER | |
| 838 | example.com. IN DNAME cyc2.example.net. | |
| 839 | cyc2.example.com. IN CNAME cyc2.cyc2.example.net. | |
| 840 | ENTRY_END | |
| 841 | RANGE_END | |
| 842 | ; end of ns1.example.com. | |
| 843 | ||
| 844 | ;# QNAME owner DNAME target result | |
| 845 | ;-- ---------------- -------------- -------------- ----------------- | |
| 846 | ;11 shortloop.x.x. x. . shortloop.x. | |
| 847 | ||
| 848 | STEP 221101 QUERY | |
| 849 | ENTRY_BEGIN | |
| 850 | REPLY RD DO | |
| 851 | SECTION QUESTION | |
| 852 | shortloop.x.x. TXT | |
| 853 | ENTRY_END | |
| 854 | ||
| 855 | STEP 221102 CHECK_ANSWER | |
| 856 | ENTRY_BEGIN | |
| 857 | MATCH all | |
| 858 | REPLY QR RD RA DO | |
| 859 | SECTION QUESTION | |
| 860 | shortloop.x.x. IN TXT | |
| 861 | SECTION ANSWER | |
| 862 | x. IN DNAME . | |
| 863 | shortloop.x.x. IN CNAME shortloop.x. | |
| 864 | ;;x. IN DNAME . | |
| 865 | shortloop.x. IN CNAME shortloop. | |
| 866 | shortloop. IN TXT "shortloop end" | |
| 867 | ENTRY_END | |
| 868 | ||
| 869 | ;# QNAME owner DNAME target result | |
| 870 | ;-- ---------------- -------------- -------------- ----------------- | |
| 871 | ;12 shortloop.x. x. . shortloop. | |
| 872 | ||
| 873 | ; expire potentically cached CNAMEs for shortloop.x. from cache | |
| 874 | STEP 221200 TIME_PASSES ELAPSE 10000 | |
| 875 | ||
| 876 | STEP 221201 QUERY | |
| 877 | ENTRY_BEGIN | |
| 878 | REPLY RD DO | |
| 879 | SECTION QUESTION | |
| 880 | shortloop.x. TXT | |
| 881 | ENTRY_END | |
| 882 | ||
| 883 | STEP 221202 CHECK_ANSWER | |
| 884 | ENTRY_BEGIN | |
| 885 | MATCH all | |
| 886 | REPLY QR RD RA DO | |
| 887 | SECTION QUESTION | |
| 888 | shortloop.x. IN TXT | |
| 889 | SECTION ANSWER | |
| 890 | x. IN DNAME . | |
| 891 | shortloop.x. IN CNAME shortloop. | |
| 892 | shortloop. IN TXT "shortloop end" | |
| 893 | ENTRY_END | |
| 894 | ||
| 895 | ||
| 896 | ; ns1.example.net. (data shared by whole 22xxxx range) | |
| 897 | RANGE_BEGIN 220000 229999 | |
| 898 | ADDRESS 168.192.3.3 | |
| 899 | ENTRY_BEGIN | |
| 900 | MATCH opcode qtype qname | |
| 901 | ADJUST copy_id | |
| 902 | REPLY QR AA NOERROR | |
| 903 | SECTION QUESTION | |
| 904 | example.net. IN NS | |
| 905 | SECTION ANSWER | |
| 906 | example.net. IN NS ns1.example.net. | |
| 907 | SECTION ADDITIONAL | |
| 908 | example.net. IN A 168.192.3.3 | |
| 909 | ENTRY_END | |
| 910 | ||
| 911 | ENTRY_BEGIN | |
| 912 | MATCH opcode qtype qname | |
| 913 | ADJUST copy_id | |
| 914 | REPLY QR AA NOERROR | |
| 915 | SECTION QUESTION | |
| 916 | ns1.example.net. IN A | |
| 917 | SECTION ANSWER | |
| 918 | ns1.example.net. IN A 168.192.3.3 | |
| 919 | ENTRY_END | |
| 920 | ||
| 921 | ENTRY_BEGIN | |
| 922 | MATCH opcode qtype qname | |
| 923 | ADJUST copy_id | |
| 924 | REPLY QR AA NOERROR | |
| 925 | SECTION QUESTION | |
| 926 | ns1.example.net. IN AAAA | |
| 927 | SECTION ANSWER | |
| 928 | ENTRY_END | |
| 929 | ||
| 930 | ; line 3 | |
| 931 | ENTRY_BEGIN | |
| 932 | MATCH opcode qtype qname | |
| 933 | ADJUST copy_id | |
| 934 | REPLY QR AA NOERROR | |
| 935 | SECTION QUESTION | |
| 936 | a.example.net. IN A | |
| 937 | SECTION ANSWER | |
| 938 | a.example.net. IN A 10.0.0.97 | |
| 939 | ENTRY_END | |
| 940 | ||
| 941 | ; line 4 | |
| 942 | ENTRY_BEGIN | |
| 943 | MATCH opcode qtype qname | |
| 944 | ADJUST copy_id | |
| 945 | REPLY QR AA NOERROR | |
| 946 | SECTION QUESTION | |
| 947 | a.b.example.net. IN A | |
| 948 | SECTION ANSWER | |
| 949 | a.b.example.net. IN A 10.0.97.98 | |
| 950 | ENTRY_END | |
| 951 | ||
| 952 | ENTRY_BEGIN | |
| 953 | MATCH opcode qtype qname | |
| 954 | ADJUST copy_id | |
| 955 | REPLY QR AA NOERROR | |
| 956 | SECTION QUESTION | |
| 957 | a2.y.example.net. IN A | |
| 958 | SECTION ANSWER | |
| 959 | a2.y.example.net. IN A 10.97.50.121 | |
| 960 | ENTRY_END | |
| 961 | ||
| 962 | ; line 10 | |
| 963 | ENTRY_BEGIN | |
| 964 | MATCH opcode qtype qname | |
| 965 | ADJUST copy_id | |
| 966 | REPLY QR AA NOERROR | |
| 967 | SECTION QUESTION | |
| 968 | cyc2.example.net. IN DNAME | |
| 969 | SECTION ANSWER | |
| 970 | cyc2.example.net. IN DNAME example.com. | |
| 971 | ENTRY_END | |
| 972 | ||
| 973 | ENTRY_BEGIN | |
| 974 | MATCH opcode qtype qname | |
| 975 | ADJUST copy_id | |
| 976 | REPLY QR AA NOERROR | |
| 977 | SECTION QUESTION | |
| 978 | cyc2.cyc2.example.net. IN A | |
| 979 | SECTION ANSWER | |
| 980 | cyc2.example.net. IN DNAME example.com. | |
| 981 | cyc2.cyc2.example.com. IN CNAME cyc2.example.com. | |
| 982 | ENTRY_END | |
| 983 | RANGE_END | |
| 984 | ; end of ns1.example.net. | |
| 985 | ||
| 986 | ||
| 987 | ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution | |
| 988 | ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. | |
| 989 | STEP 229001 QUERY | |
| 990 | ENTRY_BEGIN | |
| 991 | REPLY RD DO | |
| 992 | SECTION QUESTION | |
| 993 | x.long. IN A | |
| 994 | ENTRY_END | |
| 995 | ||
| 996 | ; query returning maximal permissible length - should work | |
| 997 | STEP 229002 CHECK_ANSWER | |
| 998 | ENTRY_BEGIN | |
| 999 | MATCH all | |
| 1000 | REPLY QR RD RA DO | |
| 1001 | SECTION QUESTION | |
| 1002 | x.long. IN A | |
| 1003 | SECTION ANSWER | |
| 1004 | long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 1005 | x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 1006 | x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 | |
| 1007 | ENTRY_END | |
| 1008 | ||
| 1009 | ; result of substitution has too long name | |
| 1010 | ; YXDOMAIN should be propagated to the client | |
| 1011 | ; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html | |
| 1012 | ;TODO | |
| 1013 | ; STEP 229003 QUERY | |
| 1014 | ; ENTRY_BEGIN | |
| 1015 | ; REPLY RD DO | |
| 1016 | ; SECTION QUESTION | |
| 1017 | ; too.long. IN A | |
| 1018 | ; ENTRY_END | |
| 1019 | ; | |
| 1020 | ; STEP 229004 CHECK_ANSWER | |
| 1021 | ; ENTRY_BEGIN | |
| 1022 | ; MATCH all | |
| 1023 | ; REPLY QR YXDOMAIN | |
| 1024 | ; SECTION QUESTION | |
| 1025 | ; x.long. IN A | |
| 1026 | ; SECTION ANSWER | |
| 1027 | ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 1028 | ; ENTRY_END | |
| 1029 | ||
| 1030 | ; YXDOMAIN should work even if the cache is empty | |
| 1031 | STEP 229005 TIME_PASSES ELAPSE 4000 | |
| 1032 | ||
| 1033 | ; STEP 229006 QUERY | |
| 1034 | ; ENTRY_BEGIN | |
| 1035 | ; REPLY RD DO | |
| 1036 | ; SECTION QUESTION | |
| 1037 | ; too.long. IN A | |
| 1038 | ; ENTRY_END | |
| 1039 | ; | |
| 1040 | ; STEP 229007 CHECK_ANSWER | |
| 1041 | ; ENTRY_BEGIN | |
| 1042 | ; MATCH all | |
| 1043 | ; REPLY QR YXDOMAIN | |
| 1044 | ; SECTION QUESTION | |
| 1045 | ; x.long. IN A | |
| 1046 | ; SECTION ANSWER | |
| 1047 | ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 1048 | ; ENTRY_END | |
| 1049 | ||
| 1050 | ||
| 1051 | ||
| 1052 | ||
| 1053 | SCENARIO_END |
| 0 | ; config options | |
| 1 | server: | |
| 2 | harden-referral-path: no | |
| 3 | target-fetch-policy: "0 0 0 0 0" | |
| 4 | ||
| 5 | stub-zone: | |
| 6 | name: "." | |
| 7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 8 | CONFIG_END | |
| 9 | ||
| 10 | SCENARIO_BEGIN Test scrub of insecure DNAME in answer section | |
| 11 | ||
| 12 | ; root infrastucture | |
| 13 | RANGE_BEGIN 0 10000000 | |
| 14 | ADDRESS 193.0.14.129 | |
| 15 | ENTRY_BEGIN | |
| 16 | MATCH qname qtype opcode | |
| 17 | ADJUST copy_id | |
| 18 | REPLY QR AA NOERROR | |
| 19 | SECTION QUESTION | |
| 20 | . IN NS | |
| 21 | SECTION ANSWER | |
| 22 | . IN NS K.ROOT-SERVERS.NET. | |
| 23 | SECTION ADDITIONAL | |
| 24 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 25 | ENTRY_END | |
| 26 | ||
| 27 | ENTRY_BEGIN | |
| 28 | MATCH qname qtype opcode | |
| 29 | ADJUST copy_id | |
| 30 | REPLY QR AA NOERROR | |
| 31 | SECTION QUESTION | |
| 32 | shortloop. IN TXT | |
| 33 | SECTION ANSWER | |
| 34 | shortloop. IN TXT "shortloop end" | |
| 35 | ENTRY_END | |
| 36 | ||
| 37 | ENTRY_BEGIN | |
| 38 | MATCH qname qtype opcode | |
| 39 | ADJUST copy_id | |
| 40 | REPLY QR AA NOERROR | |
| 41 | SECTION QUESTION | |
| 42 | K.ROOT-SERVERS.NET. IN A | |
| 43 | SECTION ANSWER | |
| 44 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 45 | ENTRY_END | |
| 46 | ||
| 47 | ENTRY_BEGIN | |
| 48 | MATCH qname qtype opcode | |
| 49 | ADJUST copy_id | |
| 50 | REPLY QR AA NOERROR | |
| 51 | SECTION QUESTION | |
| 52 | K.ROOT-SERVERS.NET. IN AAAA | |
| 53 | SECTION ANSWER | |
| 54 | ENTRY_END | |
| 55 | ||
| 56 | ENTRY_BEGIN | |
| 57 | MATCH subdomain opcode | |
| 58 | ADJUST copy_id copy_query | |
| 59 | REPLY QR NOERROR | |
| 60 | SECTION QUESTION | |
| 61 | com. IN A | |
| 62 | SECTION AUTHORITY | |
| 63 | com. IN NS a.gtld-servers.net. | |
| 64 | SECTION ADDITIONAL | |
| 65 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 66 | ENTRY_END | |
| 67 | ||
| 68 | ENTRY_BEGIN | |
| 69 | MATCH subdomain opcode | |
| 70 | ADJUST copy_id copy_query | |
| 71 | REPLY QR NOERROR | |
| 72 | SECTION QUESTION | |
| 73 | net. IN A | |
| 74 | SECTION AUTHORITY | |
| 75 | net. IN NS a.gtld-servers.net. | |
| 76 | SECTION ADDITIONAL | |
| 77 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 78 | ENTRY_END | |
| 79 | ||
| 80 | ENTRY_BEGIN | |
| 81 | MATCH subdomain opcode | |
| 82 | ADJUST copy_id copy_query | |
| 83 | REPLY QR NOERROR | |
| 84 | SECTION QUESTION | |
| 85 | x. IN A | |
| 86 | SECTION AUTHORITY | |
| 87 | x. IN NS a.gtld-servers.net. | |
| 88 | SECTION ADDITIONAL | |
| 89 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 90 | ENTRY_END | |
| 91 | ||
| 92 | ENTRY_BEGIN | |
| 93 | MATCH opcode subdomain | |
| 94 | ADJUST copy_id copy_query | |
| 95 | REPLY QR NOERROR | |
| 96 | SECTION QUESTION | |
| 97 | long. IN NS | |
| 98 | SECTION AUTHORITY | |
| 99 | long. IN NS a.gtld-servers.net. | |
| 100 | SECTION ADDITIONAL | |
| 101 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 102 | ENTRY_END | |
| 103 | ||
| 104 | ENTRY_BEGIN | |
| 105 | MATCH opcode subdomain | |
| 106 | ADJUST copy_id copy_query | |
| 107 | REPLY QR NOERROR | |
| 108 | SECTION QUESTION | |
| 109 | 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS | |
| 110 | SECTION AUTHORITY | |
| 111 | 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. | |
| 112 | SECTION ADDITIONAL | |
| 113 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 114 | ENTRY_END | |
| 115 | ||
| 116 | ENTRY_BEGIN | |
| 117 | MATCH qname qtype opcode | |
| 118 | ADJUST copy_id | |
| 119 | REPLY QR NOERROR | |
| 120 | SECTION QUESTION | |
| 121 | a.gtld-servers.net. IN A | |
| 122 | SECTION ANSWER | |
| 123 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 124 | ENTRY_END | |
| 125 | ||
| 126 | ENTRY_BEGIN | |
| 127 | MATCH qname qtype opcode | |
| 128 | ADJUST copy_id | |
| 129 | REPLY QR NOERROR | |
| 130 | SECTION QUESTION | |
| 131 | a.gtld-servers.net. IN AAAA | |
| 132 | SECTION ANSWER | |
| 133 | ENTRY_END | |
| 134 | RANGE_END | |
| 135 | ; end of root infrastucture | |
| 136 | ||
| 137 | ; a.gtld-servers.net. (com. net. x.) | |
| 138 | RANGE_BEGIN 0 10000000 | |
| 139 | ADDRESS 192.5.6.30 | |
| 140 | ENTRY_BEGIN | |
| 141 | MATCH qname qtype opcode | |
| 142 | ADJUST copy_id | |
| 143 | REPLY QR NOERROR | |
| 144 | SECTION QUESTION | |
| 145 | a.gtld-servers.net. IN A | |
| 146 | SECTION ANSWER | |
| 147 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 148 | ENTRY_END | |
| 149 | ||
| 150 | ENTRY_BEGIN | |
| 151 | MATCH qname qtype opcode | |
| 152 | ADJUST copy_id | |
| 153 | REPLY QR NOERROR | |
| 154 | SECTION QUESTION | |
| 155 | a.gtld-servers.net. IN AAAA | |
| 156 | SECTION ANSWER | |
| 157 | ENTRY_END | |
| 158 | ||
| 159 | ENTRY_BEGIN | |
| 160 | MATCH qname qtype opcode | |
| 161 | ADJUST copy_id | |
| 162 | REPLY QR NOERROR | |
| 163 | SECTION QUESTION | |
| 164 | com. IN NS | |
| 165 | SECTION AUTHORITY | |
| 166 | com. IN NS a.gtld-servers.net. | |
| 167 | SECTION ADDITIONAL | |
| 168 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 169 | ENTRY_END | |
| 170 | ||
| 171 | ENTRY_BEGIN | |
| 172 | MATCH qname qtype opcode | |
| 173 | ADJUST copy_id | |
| 174 | REPLY QR NOERROR | |
| 175 | SECTION QUESTION | |
| 176 | net. IN NS | |
| 177 | SECTION AUTHORITY | |
| 178 | net. IN NS a.gtld-servers.net. | |
| 179 | SECTION ADDITIONAL | |
| 180 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 181 | ENTRY_END | |
| 182 | ||
| 183 | ENTRY_BEGIN | |
| 184 | MATCH opcode subdomain | |
| 185 | ADJUST copy_id copy_query | |
| 186 | REPLY QR NOERROR | |
| 187 | SECTION QUESTION | |
| 188 | example.com. IN A | |
| 189 | SECTION AUTHORITY | |
| 190 | example.com. IN NS ns1.example.com. | |
| 191 | SECTION ADDITIONAL | |
| 192 | ns1.example.com. IN A 168.192.2.2 | |
| 193 | ENTRY_END | |
| 194 | ||
| 195 | ENTRY_BEGIN | |
| 196 | MATCH opcode subdomain | |
| 197 | ADJUST copy_id copy_query | |
| 198 | REPLY QR NOERROR | |
| 199 | SECTION QUESTION | |
| 200 | example.net. IN A | |
| 201 | SECTION AUTHORITY | |
| 202 | example.net. IN NS ns1.example.net. | |
| 203 | SECTION ADDITIONAL | |
| 204 | ns1.example.net. IN A 168.192.3.3 | |
| 205 | ENTRY_END | |
| 206 | ||
| 207 | ENTRY_BEGIN | |
| 208 | MATCH qname qtype opcode | |
| 209 | ADJUST copy_id | |
| 210 | REPLY QR NOERROR | |
| 211 | SECTION QUESTION | |
| 212 | x. IN NS | |
| 213 | SECTION AUTHORITY | |
| 214 | x. IN NS a.gtld-servers.net. | |
| 215 | SECTION ADDITIONAL | |
| 216 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 217 | ENTRY_END | |
| 218 | ||
| 219 | ENTRY_BEGIN | |
| 220 | MATCH qname qtype opcode | |
| 221 | ADJUST copy_id | |
| 222 | REPLY QR NOERROR | |
| 223 | SECTION QUESTION | |
| 224 | x. IN DNAME | |
| 225 | SECTION AUTHORITY | |
| 226 | x. IN DNAME . | |
| 227 | SECTION ADDITIONAL | |
| 228 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 229 | ENTRY_END | |
| 230 | ||
| 231 | ENTRY_BEGIN | |
| 232 | MATCH qname opcode | |
| 233 | ADJUST copy_id copy_query | |
| 234 | REPLY QR NOERROR | |
| 235 | SECTION QUESTION | |
| 236 | shortloop.x.x. IN CNAME | |
| 237 | SECTION ANSWER | |
| 238 | x. DNAME . | |
| 239 | shortloop.x.x. IN CNAME shortloop.x. | |
| 240 | shortloop.x. IN CNAME shortloop. | |
| 241 | ENTRY_END | |
| 242 | ||
| 243 | ENTRY_BEGIN | |
| 244 | MATCH qname opcode | |
| 245 | ADJUST copy_id copy_query | |
| 246 | REPLY QR NOERROR | |
| 247 | SECTION QUESTION | |
| 248 | shortloop.x. IN CNAME | |
| 249 | SECTION ANSWER | |
| 250 | x. DNAME . | |
| 251 | shortloop.x. IN CNAME shortloop. | |
| 252 | ENTRY_END | |
| 253 | ||
| 254 | ENTRY_BEGIN | |
| 255 | MATCH qname qtype opcode | |
| 256 | ADJUST copy_id | |
| 257 | REPLY QR NOERROR | |
| 258 | SECTION QUESTION | |
| 259 | 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS | |
| 260 | SECTION AUTHORITY | |
| 261 | 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. | |
| 262 | SECTION ADDITIONAL | |
| 263 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 264 | ENTRY_END | |
| 265 | ||
| 266 | ENTRY_BEGIN | |
| 267 | MATCH qname qtype opcode | |
| 268 | ADJUST copy_id | |
| 269 | REPLY QR NOERROR | |
| 270 | SECTION QUESTION | |
| 271 | long. IN NS | |
| 272 | SECTION AUTHORITY | |
| 273 | long. IN NS a.gtld-servers.net. | |
| 274 | SECTION ADDITIONAL | |
| 275 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 276 | ENTRY_END | |
| 277 | ||
| 278 | ; DNAME at zone apex, allowed by RFC 6672 section 2.3 | |
| 279 | ENTRY_BEGIN | |
| 280 | MATCH qname qtype opcode | |
| 281 | ADJUST copy_id | |
| 282 | REPLY QR AA NOERROR | |
| 283 | SECTION QUESTION | |
| 284 | long. IN DNAME | |
| 285 | SECTION ANSWER | |
| 286 | long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 287 | ENTRY_END | |
| 288 | ||
| 289 | ENTRY_BEGIN | |
| 290 | MATCH qname qtype opcode | |
| 291 | ADJUST copy_id | |
| 292 | REPLY QR AA NOERROR | |
| 293 | SECTION QUESTION | |
| 294 | x.long. IN A | |
| 295 | SECTION ANSWER | |
| 296 | long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 297 | x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 298 | x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 | |
| 299 | ENTRY_END | |
| 300 | ||
| 301 | ENTRY_BEGIN | |
| 302 | MATCH qname qtype opcode | |
| 303 | ADJUST copy_id | |
| 304 | REPLY QR AA NOERROR | |
| 305 | SECTION QUESTION | |
| 306 | x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A | |
| 307 | SECTION ANSWER | |
| 308 | x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 | |
| 309 | ENTRY_END | |
| 310 | ||
| 311 | ENTRY_BEGIN | |
| 312 | MATCH qname opcode | |
| 313 | ADJUST copy_id copy_query | |
| 314 | REPLY QR AA YXDOMAIN | |
| 315 | SECTION QUESTION | |
| 316 | too.long. IN A | |
| 317 | SECTION ANSWER | |
| 318 | long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 319 | ENTRY_END | |
| 320 | RANGE_END | |
| 321 | ; end of a.gtld-servers.net. | |
| 322 | ||
| 323 | ; RFC 6672 section 2.2. The DNAME Substitution table tests | |
| 324 | ;# QNAME owner DNAME target result | |
| 325 | ;-- ---------------- -------------- -------------- ----------------- | |
| 326 | ;1 com. example.com. example.net. <no match> | |
| 327 | ;2 example.com. example.com. example.net. [0] | |
| 328 | ;3 a.example.com. example.com. example.net. a.example.net. | |
| 329 | ;4 a.b.example.com. example.com. example.net. a.b.example.net. | |
| 330 | ;5 ab.example.com. b.example.com. example.net. <no match> | |
| 331 | ;6 foo.example.com. example.com. example.net. foo.example.net. | |
| 332 | ;7 a.x.example.com. x.example.com. example.net. a.example.net. | |
| 333 | ;8 a.example.com. example.com. y.example.net. a.y.example.net. | |
| 334 | ;9 cyc.example.com. example.com. example.com. cyc.example.com. | |
| 335 | ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. | |
| 336 | ;11 shortloop.x.x. x. . shortloop.x. | |
| 337 | ;12 shortloop.x. x. . shortloop. | |
| 338 | ; | |
| 339 | ; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then | |
| 340 | ; the result is "example.com.", else "<no match>". | |
| 341 | ; | |
| 342 | ; Table 1. DNAME Substitution Examples | |
| 343 | ||
| 344 | ; ; line no. 1 is mostly for authoritative server | |
| 345 | ; ; line no. 2 QTYPE != DNAME | |
| 346 | ; STEP 220201 QUERY | |
| 347 | ; ENTRY_BEGIN | |
| 348 | ; REPLY RD DO | |
| 349 | ; SECTION QUESTION | |
| 350 | ; example.com. IN NS | |
| 351 | ; ENTRY_END | |
| 352 | ; | |
| 353 | ; STEP 220202 CHECK_ANSWER | |
| 354 | ; ENTRY_BEGIN | |
| 355 | ; MATCH rcode answer | |
| 356 | ; REPLY QR RD RA DO | |
| 357 | ; SECTION QUESTION | |
| 358 | ; example.com. IN NS | |
| 359 | ; SECTION ANSWER | |
| 360 | ; example.com. IN NS ns1.example.com. | |
| 361 | ; ENTRY_END | |
| 362 | ; | |
| 363 | ; ; line no. 2 QTYPE == DNAME | |
| 364 | ; STEP 220203 QUERY | |
| 365 | ; ENTRY_BEGIN | |
| 366 | ; REPLY RD DO | |
| 367 | ; SECTION QUESTION | |
| 368 | ; example.com. IN DNAME | |
| 369 | ; ENTRY_END | |
| 370 | ; | |
| 371 | ; STEP 220204 CHECK_ANSWER | |
| 372 | ; ENTRY_BEGIN | |
| 373 | ; MATCH rcode question answer | |
| 374 | ; REPLY QR RD RA DO | |
| 375 | ; SECTION QUESTION | |
| 376 | ; example.com. IN DNAME | |
| 377 | ; SECTION ANSWER | |
| 378 | ; example.com. IN DNAME example.net. | |
| 379 | ; ENTRY_END | |
| 380 | ; | |
| 381 | ; | |
| 382 | ; ;# QNAME owner DNAME target result | |
| 383 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 384 | ; ;3 a.example.com. example.com. example.net. a.example.net. | |
| 385 | ; | |
| 386 | ; STEP 220301 QUERY | |
| 387 | ; ENTRY_BEGIN | |
| 388 | ; REPLY RD DO | |
| 389 | ; SECTION QUESTION | |
| 390 | ; a.example.com. IN A | |
| 391 | ; ENTRY_END | |
| 392 | ; | |
| 393 | ; STEP 220302 CHECK_ANSWER | |
| 394 | ; ENTRY_BEGIN | |
| 395 | ; MATCH rcode question answer | |
| 396 | ; SECTION QUESTION | |
| 397 | ; a.example.com. IN A | |
| 398 | ; SECTION ANSWER | |
| 399 | ; example.com. IN DNAME example.net. | |
| 400 | ; a.example.com. IN CNAME a.example.net. | |
| 401 | ; a.example.net. IN A 10.0.0.97 | |
| 402 | ; ENTRY_END | |
| 403 | ; | |
| 404 | ; ;# QNAME owner DNAME target result | |
| 405 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 406 | ; ;4 a.b.example.com. example.com. example.net. a.b.example.net. | |
| 407 | ; | |
| 408 | ; STEP 220401 QUERY | |
| 409 | ; ENTRY_BEGIN | |
| 410 | ; REPLY RD DO | |
| 411 | ; SECTION QUESTION | |
| 412 | ; a.b.example.com. IN A | |
| 413 | ; ENTRY_END | |
| 414 | ; | |
| 415 | ; STEP 220402 CHECK_ANSWER | |
| 416 | ; ENTRY_BEGIN | |
| 417 | ; MATCH rcode question answer | |
| 418 | ; SECTION QUESTION | |
| 419 | ; a.b.example.com. IN A | |
| 420 | ; SECTION ANSWER | |
| 421 | ; example.com. IN DNAME example.net. | |
| 422 | ; a.b.example.com. IN CNAME a.b.example.net. | |
| 423 | ; a.b.example.net. IN A 10.0.97.98 | |
| 424 | ; ENTRY_END | |
| 425 | ; | |
| 426 | ; ;# QNAME owner DNAME target result | |
| 427 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 428 | ; ;5 ab.example.com. b.example.com. example.net. <no match> | |
| 429 | ; ;6 foo.example.com. example.com. example.net. foo.example.net. | |
| 430 | ; | |
| 431 | ; ; line no. 5 is mostly for authoritative server | |
| 432 | ; ; line no. 6 is basically the same as line no. 3 | |
| 433 | ; | |
| 434 | ; ; ns1.example.com. | |
| 435 | ; RANGE_BEGIN 220000 220699 | |
| 436 | ; ADDRESS 168.192.2.2 | |
| 437 | ; ENTRY_BEGIN | |
| 438 | ; MATCH opcode qtype qname | |
| 439 | ; ADJUST copy_id | |
| 440 | ; REPLY QR AA NOERROR | |
| 441 | ; SECTION QUESTION | |
| 442 | ; example.com. IN NS | |
| 443 | ; SECTION ANSWER | |
| 444 | ; example.com. IN NS ns1.example.com. | |
| 445 | ; SECTION ADDITIONAL | |
| 446 | ; ns1.example.com. IN A 168.192.2.2 | |
| 447 | ; ENTRY_END | |
| 448 | ; | |
| 449 | ; ENTRY_BEGIN | |
| 450 | ; MATCH opcode qtype qname | |
| 451 | ; ADJUST copy_id | |
| 452 | ; REPLY QR AA NOERROR | |
| 453 | ; SECTION QUESTION | |
| 454 | ; ns1.example.com. IN A | |
| 455 | ; SECTION ANSWER | |
| 456 | ; ns1.example.com. IN A 168.192.2.2 | |
| 457 | ; ENTRY_END | |
| 458 | ; | |
| 459 | ; ENTRY_BEGIN | |
| 460 | ; MATCH opcode qtype qname | |
| 461 | ; ADJUST copy_id | |
| 462 | ; REPLY QR AA NOERROR | |
| 463 | ; SECTION QUESTION | |
| 464 | ; ns1.example.com. IN AAAA | |
| 465 | ; SECTION ANSWER | |
| 466 | ; ENTRY_END | |
| 467 | ; | |
| 468 | ; ; line 2 DNAME | |
| 469 | ; ENTRY_BEGIN | |
| 470 | ; MATCH opcode qtype qname | |
| 471 | ; ADJUST copy_id | |
| 472 | ; REPLY QR AA NOERROR | |
| 473 | ; SECTION QUESTION | |
| 474 | ; example.com. IN DNAME | |
| 475 | ; SECTION ANSWER | |
| 476 | ; example.com. IN DNAME example.net. | |
| 477 | ; ENTRY_END | |
| 478 | ; | |
| 479 | ; ; line 3 | |
| 480 | ; ENTRY_BEGIN | |
| 481 | ; MATCH opcode qtype qname | |
| 482 | ; ADJUST copy_id | |
| 483 | ; REPLY QR AA NOERROR | |
| 484 | ; SECTION QUESTION | |
| 485 | ; a.example.com. IN A | |
| 486 | ; SECTION ANSWER | |
| 487 | ; example.com. IN DNAME example.net. | |
| 488 | ; a.example.com. IN CNAME a.example.net. | |
| 489 | ; ENTRY_END | |
| 490 | ; | |
| 491 | ; ; line 4 | |
| 492 | ; ENTRY_BEGIN | |
| 493 | ; MATCH opcode qtype qname | |
| 494 | ; ADJUST copy_id | |
| 495 | ; REPLY QR AA NOERROR | |
| 496 | ; SECTION QUESTION | |
| 497 | ; a.b.example.com. IN A | |
| 498 | ; SECTION ANSWER | |
| 499 | ; example.com. IN DNAME example.net. | |
| 500 | ; a.b.example.com. IN CNAME a.b.example.net. | |
| 501 | ; ENTRY_END | |
| 502 | ; RANGE_END | |
| 503 | ; ; end of ns1.example.com. | |
| 504 | ; | |
| 505 | ; | |
| 506 | ; ;# QNAME owner DNAME target result | |
| 507 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 508 | ; ;7 a.x.example.com. x.example.com. example.net. a.example.net. | |
| 509 | ; | |
| 510 | ; STEP 220701 QUERY | |
| 511 | ; ENTRY_BEGIN | |
| 512 | ; REPLY RD DO | |
| 513 | ; SECTION QUESTION | |
| 514 | ; a.x.example.com. IN A | |
| 515 | ; ENTRY_END | |
| 516 | ; | |
| 517 | ; STEP 220702 CHECK_ANSWER | |
| 518 | ; ENTRY_BEGIN | |
| 519 | ; MATCH rcode question answer | |
| 520 | ; SECTION QUESTION | |
| 521 | ; a.x.example.com. IN A | |
| 522 | ; SECTION ANSWER | |
| 523 | ; x.example.com. IN DNAME example.net. | |
| 524 | ; a.x.example.com. IN CNAME a.example.net. | |
| 525 | ; a.example.net. IN A 10.0.0.97 | |
| 526 | ; ENTRY_END | |
| 527 | ; | |
| 528 | ; ; ns1.example.com. | |
| 529 | ; RANGE_BEGIN 220700 220799 | |
| 530 | ; ADDRESS 168.192.2.2 | |
| 531 | ; ENTRY_BEGIN | |
| 532 | ; MATCH opcode qtype qname | |
| 533 | ; ADJUST copy_id | |
| 534 | ; REPLY QR AA NOERROR | |
| 535 | ; SECTION QUESTION | |
| 536 | ; example.com. IN NS | |
| 537 | ; SECTION ANSWER | |
| 538 | ; example.com. IN NS ns1.example.com. | |
| 539 | ; SECTION ADDITIONAL | |
| 540 | ; ns1.example.com. IN A 168.192.2.2 | |
| 541 | ; ENTRY_END | |
| 542 | ; | |
| 543 | ; ENTRY_BEGIN | |
| 544 | ; MATCH opcode qtype qname | |
| 545 | ; ADJUST copy_id | |
| 546 | ; REPLY QR AA NOERROR | |
| 547 | ; SECTION QUESTION | |
| 548 | ; ns1.example.com. IN A | |
| 549 | ; SECTION ANSWER | |
| 550 | ; ns1.example.com. IN A 168.192.2.2 | |
| 551 | ; ENTRY_END | |
| 552 | ; | |
| 553 | ; ENTRY_BEGIN | |
| 554 | ; MATCH opcode qtype qname | |
| 555 | ; ADJUST copy_id | |
| 556 | ; REPLY QR AA NOERROR | |
| 557 | ; SECTION QUESTION | |
| 558 | ; ns1.example.com. IN AAAA | |
| 559 | ; SECTION ANSWER | |
| 560 | ; ENTRY_END | |
| 561 | ; | |
| 562 | ; ; line 7 DNAME | |
| 563 | ; ENTRY_BEGIN | |
| 564 | ; MATCH opcode qtype qname | |
| 565 | ; ADJUST copy_id | |
| 566 | ; REPLY QR AA NOERROR | |
| 567 | ; SECTION QUESTION | |
| 568 | ; example.com. IN DNAME | |
| 569 | ; SECTION ANSWER | |
| 570 | ; x.example.com. IN DNAME example.net. | |
| 571 | ; ENTRY_END | |
| 572 | ; | |
| 573 | ; ENTRY_BEGIN | |
| 574 | ; MATCH opcode qtype qname | |
| 575 | ; ADJUST copy_id | |
| 576 | ; REPLY QR AA NOERROR | |
| 577 | ; SECTION QUESTION | |
| 578 | ; a.x.example.com. IN A | |
| 579 | ; SECTION ANSWER | |
| 580 | ; x.example.com. IN DNAME example.net. | |
| 581 | ; a.x.example.com. IN CNAME a.example.net. | |
| 582 | ; ENTRY_END | |
| 583 | ; RANGE_END | |
| 584 | ; ; end of ns1.example.com. | |
| 585 | ; | |
| 586 | ; ;# QNAME owner DNAME target result | |
| 587 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 588 | ; ;8 a.example.com. example.com. y.example.net. a.y.example.net. | |
| 589 | ; ; | |
| 590 | ; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes | |
| 591 | ; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) | |
| 592 | ; | |
| 593 | ; STEP 220801 QUERY | |
| 594 | ; ENTRY_BEGIN | |
| 595 | ; REPLY RD DO | |
| 596 | ; SECTION QUESTION | |
| 597 | ; a2.example.com. IN A | |
| 598 | ; ENTRY_END | |
| 599 | ; | |
| 600 | ; STEP 220802 CHECK_ANSWER | |
| 601 | ; ENTRY_BEGIN | |
| 602 | ; MATCH rcode question answer | |
| 603 | ; SECTION QUESTION | |
| 604 | ; a2.example.com. IN A | |
| 605 | ; SECTION ANSWER | |
| 606 | ; example.com. IN DNAME y.example.net. | |
| 607 | ; a2.example.com. IN CNAME a2.y.example.net. | |
| 608 | ; a2.y.example.net. IN A 10.97.50.121 | |
| 609 | ; ENTRY_END | |
| 610 | ; | |
| 611 | ; ; ns1.example.com. | |
| 612 | ; RANGE_BEGIN 220800 220899 | |
| 613 | ; ADDRESS 168.192.2.2 | |
| 614 | ; ENTRY_BEGIN | |
| 615 | ; MATCH opcode qtype qname | |
| 616 | ; ADJUST copy_id | |
| 617 | ; REPLY QR AA NOERROR | |
| 618 | ; SECTION QUESTION | |
| 619 | ; example.com. IN NS | |
| 620 | ; SECTION ANSWER | |
| 621 | ; example.com. IN NS ns1.example.com. | |
| 622 | ; SECTION ADDITIONAL | |
| 623 | ; ns1.example.com. IN A 168.192.2.2 | |
| 624 | ; ENTRY_END | |
| 625 | ; | |
| 626 | ; ENTRY_BEGIN | |
| 627 | ; MATCH opcode qtype qname | |
| 628 | ; ADJUST copy_id | |
| 629 | ; REPLY QR AA NOERROR | |
| 630 | ; SECTION QUESTION | |
| 631 | ; ns1.example.com. IN A | |
| 632 | ; SECTION ANSWER | |
| 633 | ; ns1.example.com. IN A 168.192.2.2 | |
| 634 | ; ENTRY_END | |
| 635 | ; | |
| 636 | ; ENTRY_BEGIN | |
| 637 | ; MATCH opcode qtype qname | |
| 638 | ; ADJUST copy_id | |
| 639 | ; REPLY QR AA NOERROR | |
| 640 | ; SECTION QUESTION | |
| 641 | ; ns1.example.com. IN AAAA | |
| 642 | ; SECTION ANSWER | |
| 643 | ; ENTRY_END | |
| 644 | ; | |
| 645 | ; ; line 8 DNAME | |
| 646 | ; ENTRY_BEGIN | |
| 647 | ; MATCH opcode qtype qname | |
| 648 | ; ADJUST copy_id | |
| 649 | ; REPLY QR AA NOERROR | |
| 650 | ; SECTION QUESTION | |
| 651 | ; example.com. IN DNAME | |
| 652 | ; SECTION ANSWER | |
| 653 | ; example.com. IN DNAME y.example.net. | |
| 654 | ; ENTRY_END | |
| 655 | ; | |
| 656 | ; ENTRY_BEGIN | |
| 657 | ; MATCH opcode qtype qname | |
| 658 | ; ADJUST copy_id | |
| 659 | ; REPLY QR AA NOERROR | |
| 660 | ; SECTION QUESTION | |
| 661 | ; a2.example.com. IN A | |
| 662 | ; SECTION ANSWER | |
| 663 | ; example.com. IN DNAME y.example.net. | |
| 664 | ; a2.example.com. IN CNAME a2.y.example.net. | |
| 665 | ; ENTRY_END | |
| 666 | ; RANGE_END | |
| 667 | ; ; end of ns1.example.com. | |
| 668 | ; | |
| 669 | ; | |
| 670 | ; ;# QNAME owner DNAME target result | |
| 671 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 672 | ; ;9 cyc.example.com. example.com. example.com. cyc.example.com. | |
| 673 | ; | |
| 674 | ; STEP 220901 QUERY | |
| 675 | ; ENTRY_BEGIN | |
| 676 | ; REPLY RD DO | |
| 677 | ; SECTION QUESTION | |
| 678 | ; cyc.example.com. IN A | |
| 679 | ; ENTRY_END | |
| 680 | ; | |
| 681 | ; ; Expected result is defined by RFC 1034 section 3.6.2: | |
| 682 | ; ; CNAME chains should be followed and CNAME loops signalled as an error | |
| 683 | ; STEP 220902 CHECK_ANSWER | |
| 684 | ; ENTRY_BEGIN | |
| 685 | ; MATCH rcode question answer | |
| 686 | ; REPLY SERVFAIL | |
| 687 | ; SECTION QUESTION | |
| 688 | ; cyc.example.com. IN A | |
| 689 | ; ENTRY_END | |
| 690 | ; | |
| 691 | ; ; ns1.example.com. | |
| 692 | ; RANGE_BEGIN 220900 220999 | |
| 693 | ; ADDRESS 168.192.2.2 | |
| 694 | ; ENTRY_BEGIN | |
| 695 | ; MATCH opcode qtype qname | |
| 696 | ; ADJUST copy_id | |
| 697 | ; REPLY QR AA NOERROR | |
| 698 | ; SECTION QUESTION | |
| 699 | ; example.com. IN NS | |
| 700 | ; SECTION ANSWER | |
| 701 | ; example.com. IN NS ns1.example.com. | |
| 702 | ; SECTION ADDITIONAL | |
| 703 | ; ns1.example.com. IN A 168.192.2.2 | |
| 704 | ; ENTRY_END | |
| 705 | ; | |
| 706 | ; ENTRY_BEGIN | |
| 707 | ; MATCH opcode qtype qname | |
| 708 | ; ADJUST copy_id | |
| 709 | ; REPLY QR AA NOERROR | |
| 710 | ; SECTION QUESTION | |
| 711 | ; ns1.example.com. IN A | |
| 712 | ; SECTION ANSWER | |
| 713 | ; ns1.example.com. IN A 168.192.2.2 | |
| 714 | ; ENTRY_END | |
| 715 | ; | |
| 716 | ; ENTRY_BEGIN | |
| 717 | ; MATCH opcode qtype qname | |
| 718 | ; ADJUST copy_id | |
| 719 | ; REPLY QR AA NOERROR | |
| 720 | ; SECTION QUESTION | |
| 721 | ; ns1.example.com. IN AAAA | |
| 722 | ; SECTION ANSWER | |
| 723 | ; ENTRY_END | |
| 724 | ; | |
| 725 | ; ; line 9 DNAME | |
| 726 | ; ENTRY_BEGIN | |
| 727 | ; MATCH opcode qtype qname | |
| 728 | ; ADJUST copy_id | |
| 729 | ; REPLY QR AA NOERROR | |
| 730 | ; SECTION QUESTION | |
| 731 | ; example.com. IN DNAME | |
| 732 | ; SECTION ANSWER | |
| 733 | ; example.com. IN DNAME example.com. | |
| 734 | ; ENTRY_END | |
| 735 | ; | |
| 736 | ; ENTRY_BEGIN | |
| 737 | ; MATCH opcode qtype qname | |
| 738 | ; ADJUST copy_id | |
| 739 | ; REPLY QR AA NOERROR | |
| 740 | ; SECTION QUESTION | |
| 741 | ; cyc.example.com. IN A | |
| 742 | ; SECTION ANSWER | |
| 743 | ; example.com. IN DNAME example.com. | |
| 744 | ; cyc.example.com. IN CNAME cyc.example.com. | |
| 745 | ; ENTRY_END | |
| 746 | ; RANGE_END | |
| 747 | ; ; end of ns1.example.com. | |
| 748 | ; | |
| 749 | ; ;# QNAME owner DNAME target result | |
| 750 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 751 | ; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. | |
| 752 | ; ; | |
| 753 | ; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes | |
| 754 | ; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) | |
| 755 | ; ; | |
| 756 | ; ; target c.example.com. was renamed to cyc2.example.net. | |
| 757 | ; ; to limit number of pre-canned answers required for the test | |
| 758 | ; | |
| 759 | ; STEP 221001 QUERY | |
| 760 | ; ENTRY_BEGIN | |
| 761 | ; REPLY RD DO | |
| 762 | ; SECTION QUESTION | |
| 763 | ; cyc2.example.com. IN A | |
| 764 | ; ENTRY_END | |
| 765 | ; | |
| 766 | ; ; Expected result is defined by RFC 1034 section 3.6.2: | |
| 767 | ; ; CNAME chains should be followed and CNAME loops signalled as an error | |
| 768 | ; STEP 221002 CHECK_ANSWER | |
| 769 | ; ENTRY_BEGIN | |
| 770 | ; MATCH rcode question answer | |
| 771 | ; REPLY SERVFAIL | |
| 772 | ; SECTION QUESTION | |
| 773 | ; cyc2.example.com. IN A | |
| 774 | ; ENTRY_END | |
| 775 | ; | |
| 776 | ; ; ns1.example.com. | |
| 777 | ; RANGE_BEGIN 221000 221099 | |
| 778 | ; ADDRESS 168.192.2.2 | |
| 779 | ; ENTRY_BEGIN | |
| 780 | ; MATCH opcode qtype qname | |
| 781 | ; ADJUST copy_id | |
| 782 | ; REPLY QR AA NOERROR | |
| 783 | ; SECTION QUESTION | |
| 784 | ; example.com. IN NS | |
| 785 | ; SECTION ANSWER | |
| 786 | ; example.com. IN NS ns1.example.com. | |
| 787 | ; SECTION ADDITIONAL | |
| 788 | ; ns1.example.com. IN A 168.192.2.2 | |
| 789 | ; ENTRY_END | |
| 790 | ; | |
| 791 | ; ENTRY_BEGIN | |
| 792 | ; MATCH opcode qtype qname | |
| 793 | ; ADJUST copy_id | |
| 794 | ; REPLY QR AA NOERROR | |
| 795 | ; SECTION QUESTION | |
| 796 | ; ns1.example.com. IN A | |
| 797 | ; SECTION ANSWER | |
| 798 | ; ns1.example.com. IN A 168.192.2.2 | |
| 799 | ; ENTRY_END | |
| 800 | ; | |
| 801 | ; ENTRY_BEGIN | |
| 802 | ; MATCH opcode qtype qname | |
| 803 | ; ADJUST copy_id | |
| 804 | ; REPLY QR AA NOERROR | |
| 805 | ; SECTION QUESTION | |
| 806 | ; ns1.example.com. IN AAAA | |
| 807 | ; SECTION ANSWER | |
| 808 | ; ENTRY_END | |
| 809 | ; | |
| 810 | ; ; line 10 DNAME | |
| 811 | ; ENTRY_BEGIN | |
| 812 | ; MATCH opcode qtype qname | |
| 813 | ; ADJUST copy_id | |
| 814 | ; REPLY QR AA NOERROR | |
| 815 | ; SECTION QUESTION | |
| 816 | ; example.com. IN DNAME | |
| 817 | ; SECTION ANSWER | |
| 818 | ; example.com. IN DNAME cyc2.example.net. | |
| 819 | ; ENTRY_END | |
| 820 | ; | |
| 821 | ; ENTRY_BEGIN | |
| 822 | ; MATCH opcode qtype qname | |
| 823 | ; ADJUST copy_id | |
| 824 | ; REPLY QR AA NOERROR | |
| 825 | ; SECTION QUESTION | |
| 826 | ; cyc2.example.com. IN A | |
| 827 | ; SECTION ANSWER | |
| 828 | ; example.com. IN DNAME cyc2.example.net. | |
| 829 | ; cyc2.example.com. IN CNAME cyc2.cyc2.example.net. | |
| 830 | ; ENTRY_END | |
| 831 | ; RANGE_END | |
| 832 | ; ; end of ns1.example.com. | |
| 833 | ; | |
| 834 | ; ;# QNAME owner DNAME target result | |
| 835 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 836 | ; ;11 shortloop.x.x. x. . shortloop.x. | |
| 837 | ; | |
| 838 | ; STEP 221101 QUERY | |
| 839 | ; ENTRY_BEGIN | |
| 840 | ; REPLY RD DO | |
| 841 | ; SECTION QUESTION | |
| 842 | ; shortloop.x.x. TXT | |
| 843 | ; ENTRY_END | |
| 844 | ; | |
| 845 | ; STEP 221102 CHECK_ANSWER | |
| 846 | ; ENTRY_BEGIN | |
| 847 | ; MATCH rcode question answer | |
| 848 | ; SECTION QUESTION | |
| 849 | ; shortloop.x.x. IN TXT | |
| 850 | ; SECTION ANSWER | |
| 851 | ; x. IN DNAME . | |
| 852 | ; ; unbound hack | |
| 853 | ; x. IN DNAME . | |
| 854 | ; shortloop.x.x. IN CNAME shortloop.x. | |
| 855 | ; shortloop.x. IN CNAME shortloop. | |
| 856 | ; shortloop. IN TXT "shortloop end" | |
| 857 | ; ENTRY_END | |
| 858 | ; | |
| 859 | ; ;# QNAME owner DNAME target result | |
| 860 | ; ;-- ---------------- -------------- -------------- ----------------- | |
| 861 | ; ;12 shortloop.x. x. . shortloop. | |
| 862 | ; | |
| 863 | ; ; expire potentically cached CNAMEs for shortloop.x. from cache | |
| 864 | ; STEP 221200 TIME_PASSES ELAPSE 10000 | |
| 865 | ; | |
| 866 | ; STEP 221201 QUERY | |
| 867 | ; ENTRY_BEGIN | |
| 868 | ; REPLY RD DO | |
| 869 | ; SECTION QUESTION | |
| 870 | ; shortloop.x. TXT | |
| 871 | ; ENTRY_END | |
| 872 | ; | |
| 873 | ; STEP 221202 CHECK_ANSWER | |
| 874 | ; ENTRY_BEGIN | |
| 875 | ; MATCH rcode question answer | |
| 876 | ; SECTION QUESTION | |
| 877 | ; shortloop.x. IN TXT | |
| 878 | ; SECTION ANSWER | |
| 879 | ; x. IN DNAME . | |
| 880 | ; shortloop.x. IN CNAME shortloop. | |
| 881 | ; shortloop. IN TXT "shortloop end" | |
| 882 | ; ENTRY_END | |
| 883 | ; | |
| 884 | ; | |
| 885 | ; ; ns1.example.net. (data shared by whole 22xxxx range) | |
| 886 | ; RANGE_BEGIN 220000 229999 | |
| 887 | ; ADDRESS 168.192.3.3 | |
| 888 | ; ENTRY_BEGIN | |
| 889 | ; MATCH opcode qtype qname | |
| 890 | ; ADJUST copy_id | |
| 891 | ; REPLY QR AA NOERROR | |
| 892 | ; SECTION QUESTION | |
| 893 | ; example.net. IN NS | |
| 894 | ; SECTION ANSWER | |
| 895 | ; example.net. IN NS ns1.example.net. | |
| 896 | ; SECTION ADDITIONAL | |
| 897 | ; example.net. IN A 168.192.3.3 | |
| 898 | ; ENTRY_END | |
| 899 | ; | |
| 900 | ; ENTRY_BEGIN | |
| 901 | ; MATCH opcode qtype qname | |
| 902 | ; ADJUST copy_id | |
| 903 | ; REPLY QR AA NOERROR | |
| 904 | ; SECTION QUESTION | |
| 905 | ; ns1.example.net. IN A | |
| 906 | ; SECTION ANSWER | |
| 907 | ; ns1.example.net. IN A 168.192.3.3 | |
| 908 | ; ENTRY_END | |
| 909 | ; | |
| 910 | ; ENTRY_BEGIN | |
| 911 | ; MATCH opcode qtype qname | |
| 912 | ; ADJUST copy_id | |
| 913 | ; REPLY QR AA NOERROR | |
| 914 | ; SECTION QUESTION | |
| 915 | ; ns1.example.net. IN AAAA | |
| 916 | ; SECTION ANSWER | |
| 917 | ; ENTRY_END | |
| 918 | ; | |
| 919 | ; ; line 3 | |
| 920 | ; ENTRY_BEGIN | |
| 921 | ; MATCH opcode qtype qname | |
| 922 | ; ADJUST copy_id | |
| 923 | ; REPLY QR AA NOERROR | |
| 924 | ; SECTION QUESTION | |
| 925 | ; a.example.net. IN A | |
| 926 | ; SECTION ANSWER | |
| 927 | ; a.example.net. IN A 10.0.0.97 | |
| 928 | ; ENTRY_END | |
| 929 | ; | |
| 930 | ; ; line 4 | |
| 931 | ; ENTRY_BEGIN | |
| 932 | ; MATCH opcode qtype qname | |
| 933 | ; ADJUST copy_id | |
| 934 | ; REPLY QR AA NOERROR | |
| 935 | ; SECTION QUESTION | |
| 936 | ; a.b.example.net. IN A | |
| 937 | ; SECTION ANSWER | |
| 938 | ; a.b.example.net. IN A 10.0.97.98 | |
| 939 | ; ENTRY_END | |
| 940 | ; | |
| 941 | ; ENTRY_BEGIN | |
| 942 | ; MATCH opcode qtype qname | |
| 943 | ; ADJUST copy_id | |
| 944 | ; REPLY QR AA NOERROR | |
| 945 | ; SECTION QUESTION | |
| 946 | ; a2.y.example.net. IN A | |
| 947 | ; SECTION ANSWER | |
| 948 | ; a2.y.example.net. IN A 10.97.50.121 | |
| 949 | ; ENTRY_END | |
| 950 | ; | |
| 951 | ; ; line 10 | |
| 952 | ; ENTRY_BEGIN | |
| 953 | ; MATCH opcode qtype qname | |
| 954 | ; ADJUST copy_id | |
| 955 | ; REPLY QR AA NOERROR | |
| 956 | ; SECTION QUESTION | |
| 957 | ; cyc2.example.net. IN DNAME | |
| 958 | ; SECTION ANSWER | |
| 959 | ; cyc2.example.net. IN DNAME example.com. | |
| 960 | ; ENTRY_END | |
| 961 | ; | |
| 962 | ; ENTRY_BEGIN | |
| 963 | ; MATCH opcode qtype qname | |
| 964 | ; ADJUST copy_id | |
| 965 | ; REPLY QR AA NOERROR | |
| 966 | ; SECTION QUESTION | |
| 967 | ; cyc2.cyc2.example.net. IN A | |
| 968 | ; SECTION ANSWER | |
| 969 | ; cyc2.example.net. IN DNAME example.com. | |
| 970 | ; cyc2.cyc2.example.com. IN CNAME cyc2.example.com. | |
| 971 | ; ENTRY_END | |
| 972 | ; RANGE_END | |
| 973 | ; ; end of ns1.example.net. | |
| 974 | ; | |
| 975 | ; | |
| 976 | ; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution | |
| 977 | ; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. | |
| 978 | ; STEP 229001 QUERY | |
| 979 | ; ENTRY_BEGIN | |
| 980 | ; REPLY RD DO | |
| 981 | ; SECTION QUESTION | |
| 982 | ; x.long. IN A | |
| 983 | ; ENTRY_END | |
| 984 | ; | |
| 985 | ; ; query returning maximal permissible length - should work | |
| 986 | ; STEP 229002 CHECK_ANSWER | |
| 987 | ; ENTRY_BEGIN | |
| 988 | ; MATCH rcode question answer | |
| 989 | ; SECTION QUESTION | |
| 990 | ; x.long. IN A | |
| 991 | ; SECTION ANSWER | |
| 992 | ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 993 | ; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 994 | ; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 | |
| 995 | ; ENTRY_END | |
| 996 | ||
| 997 | ; result of substitution has too long name | |
| 998 | ; YXDOMAIN should be propagated to the client | |
| 999 | ; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html | |
| 1000 | STEP 229003 QUERY | |
| 1001 | ENTRY_BEGIN | |
| 1002 | REPLY RD DO | |
| 1003 | SECTION QUESTION | |
| 1004 | too.long. IN A | |
| 1005 | ENTRY_END | |
| 1006 | ||
| 1007 | STEP 229004 CHECK_ANSWER | |
| 1008 | ENTRY_BEGIN | |
| 1009 | MATCH rcode question answer | |
| 1010 | REPLY QR YXDOMAIN | |
| 1011 | SECTION QUESTION | |
| 1012 | too.long. IN A | |
| 1013 | SECTION ANSWER | |
| 1014 | long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 1015 | ENTRY_END | |
| 1016 | ||
| 1017 | ; ; YXDOMAIN should work even if the cache is empty | |
| 1018 | ; STEP 229005 TIME_PASSES ELAPSE 4000 | |
| 1019 | ; | |
| 1020 | ; STEP 229006 QUERY | |
| 1021 | ; ENTRY_BEGIN | |
| 1022 | ; REPLY RD DO | |
| 1023 | ; SECTION QUESTION | |
| 1024 | ; too.long. IN A | |
| 1025 | ; ENTRY_END | |
| 1026 | ; | |
| 1027 | ; STEP 229007 CHECK_ANSWER | |
| 1028 | ; ENTRY_BEGIN | |
| 1029 | ; MATCH rcode question answer | |
| 1030 | ; REPLY QR YXDOMAIN | |
| 1031 | ; SECTION QUESTION | |
| 1032 | ; x.long. IN A | |
| 1033 | ; SECTION ANSWER | |
| 1034 | ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. | |
| 1035 | ; ENTRY_END | |
| 1036 | ||
| 1037 | ||
| 1038 | ||
| 1039 | ||
| 1040 | SCENARIO_END |
| 1 | 1 | server: |
| 2 | 2 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 3 | 3 | val-override-date: "20070916134226" |
| 4 | fake-sha1: yes | |
| 4 | 5 | |
| 5 | 6 | stub-zone: |
| 6 | 7 | name: "." |
| 1 | 1 | server: |
| 2 | 2 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 3 | 3 | val-override-date: "20070916134226" |
| 4 | fake-sha1: yes | |
| 4 | 5 | |
| 5 | 6 | stub-zone: |
| 6 | 7 | name: "." |
| 2 | 2 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 3 | 3 | val-override-date: "20070916134226" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 1 | 1 | server: |
| 2 | 2 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 3 | 3 | val-override-date: "20070916134226" |
| 4 | fake-sha1: yes | |
| 4 | 5 | |
| 5 | 6 | stub-zone: |
| 6 | 7 | name: "." |
| 2 | 2 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 3 | 3 | val-override-date: "20070916134226" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 0 | ; config options | |
| 1 | server: | |
| 2 | target-fetch-policy: "0 0 0 0 0" | |
| 3 | ||
| 4 | stub-zone: | |
| 5 | name: "." | |
| 6 | stub-addr: 193.0.14.129 | |
| 7 | stub-zone: | |
| 8 | name: "example.com" | |
| 9 | stub-addr: 10.0.1.1 | |
| 10 | stub-zone: | |
| 11 | name: "example.net" | |
| 12 | stub-addr: 10.0.5.1 | |
| 13 | CONFIG_END | |
| 14 | ||
| 15 | SCENARIO_BEGIN Test stub zone leaking to the internet on last resort fallback | |
| 16 | ||
| 17 | ; root server | |
| 18 | RANGE_BEGIN 0 100 | |
| 19 | ADDRESS 193.0.14.129 | |
| 20 | ||
| 21 | ; root prime | |
| 22 | ENTRY_BEGIN | |
| 23 | MATCH qname qtype | |
| 24 | ADJUST copy_id copy_query | |
| 25 | REPLY QR NOERROR | |
| 26 | SECTION QUESTION | |
| 27 | . IN NS | |
| 28 | SECTION ANSWER | |
| 29 | . IN NS k.root-servers.net. | |
| 30 | SECTION ADDITIONAL | |
| 31 | k.root-servers.net. IN A 193.0.14.129 | |
| 32 | ENTRY_END | |
| 33 | ||
| 34 | RANGE_END | |
| 35 | ||
| 36 | ; stub server for example.com | |
| 37 | RANGE_BEGIN 0 100 | |
| 38 | ADDRESS 10.0.1.1 | |
| 39 | ||
| 40 | ; subzone is delegated | |
| 41 | ENTRY_BEGIN | |
| 42 | MATCH opcode subdomain | |
| 43 | ADJUST copy_id copy_query | |
| 44 | REPLY QR NOERROR | |
| 45 | SECTION QUESTION | |
| 46 | subzone.example.com. IN A | |
| 47 | SECTION AUTHORITY | |
| 48 | subzone.example.com. IN NS sub-ns1.example.com. | |
| 49 | subzone.example.com. IN NS sub-ns2.example.com. | |
| 50 | subzone.example.com. IN NS example.net. | |
| 51 | SECTION ADDITIONAL | |
| 52 | sub-ns1.example.com. IN A 10.0.2.3 | |
| 53 | sub-ns2.example.com. IN A 10.0.2.4 | |
| 54 | ENTRY_END | |
| 55 | ||
| 56 | ENTRY_BEGIN | |
| 57 | MATCH opcode question | |
| 58 | ADJUST copy_id copy_query | |
| 59 | REPLY QR AA NOERROR | |
| 60 | SECTION QUESTION | |
| 61 | sub-ns1.example.com. IN A | |
| 62 | SECTION ANSWER | |
| 63 | sub-ns1.example.com. IN A 10.0.2.3 | |
| 64 | ENTRY_END | |
| 65 | ||
| 66 | ENTRY_BEGIN | |
| 67 | MATCH opcode question | |
| 68 | ADJUST copy_id copy_query | |
| 69 | REPLY QR AA NOERROR | |
| 70 | SECTION QUESTION | |
| 71 | sub-ns2.example.com. IN A | |
| 72 | SECTION ANSWER | |
| 73 | sub-ns2.example.com. IN A 10.0.2.4 | |
| 74 | ENTRY_END | |
| 75 | ||
| 76 | ENTRY_BEGIN | |
| 77 | MATCH opcode question | |
| 78 | ADJUST copy_id copy_query | |
| 79 | REPLY QR AA NOERROR | |
| 80 | SECTION QUESTION | |
| 81 | sub-ns1.example.com. IN AAAA | |
| 82 | SECTION AUTHORITY | |
| 83 | example.com. 300 SOA master.example.com etc 1 2 3 4 300 | |
| 84 | ENTRY_END | |
| 85 | ||
| 86 | ENTRY_BEGIN | |
| 87 | MATCH opcode question | |
| 88 | ADJUST copy_id copy_query | |
| 89 | REPLY QR AA NOERROR | |
| 90 | SECTION QUESTION | |
| 91 | sub-ns2.example.com. IN AAAA | |
| 92 | SECTION AUTHORITY | |
| 93 | example.com. 300 SOA master.example.com etc 1 2 3 4 300 | |
| 94 | ENTRY_END | |
| 95 | ||
| 96 | RANGE_END | |
| 97 | ||
| 98 | ; stub server for example.net | |
| 99 | RANGE_BEGIN 0 100 | |
| 100 | ADDRESS 10.0.5.1 | |
| 101 | ||
| 102 | ENTRY_BEGIN | |
| 103 | MATCH opcode question | |
| 104 | ADJUST copy_id copy_query | |
| 105 | REPLY QR AA NOERROR | |
| 106 | SECTION QUESTION | |
| 107 | example.net. IN NS | |
| 108 | SECTION ANSWER | |
| 109 | example.net. IN NS ns.example.net. | |
| 110 | SECTION ADDITIONAL | |
| 111 | ns.example.net. IN A 10.0.5.1 | |
| 112 | ENTRY_END | |
| 113 | ||
| 114 | ENTRY_BEGIN | |
| 115 | MATCH opcode question | |
| 116 | ADJUST copy_id copy_query | |
| 117 | REPLY QR AA NOERROR | |
| 118 | SECTION QUESTION | |
| 119 | example.net. IN A | |
| 120 | SECTION ANSWER | |
| 121 | example.net. IN A 10.0.5.4 | |
| 122 | ENTRY_END | |
| 123 | ||
| 124 | ENTRY_BEGIN | |
| 125 | MATCH opcode question | |
| 126 | ADJUST copy_id copy_query | |
| 127 | REPLY QR AA NOERROR | |
| 128 | SECTION QUESTION | |
| 129 | example.net. IN AAAA | |
| 130 | SECTION AUTHORITY | |
| 131 | example.net. 300 SOA master.example.net etc 1 2 3 4 300 | |
| 132 | ENTRY_END | |
| 133 | ||
| 134 | RANGE_END | |
| 135 | ||
| 136 | ; stub server for subzone.example.com | |
| 137 | RANGE_BEGIN 0 100 | |
| 138 | ADDRESS 10.0.2.3 | |
| 139 | ; match anything, servfail | |
| 140 | ENTRY_BEGIN | |
| 141 | MATCH opcode | |
| 142 | ADJUST copy_id copy_query | |
| 143 | REPLY QR SERVFAIL | |
| 144 | SECTION QUESTION | |
| 145 | subzone.example.com. IN A | |
| 146 | SECTION ANSWER | |
| 147 | ENTRY_END | |
| 148 | RANGE_END | |
| 149 | ||
| 150 | ; stub server for subzone.example.com | |
| 151 | RANGE_BEGIN 0 100 | |
| 152 | ADDRESS 10.0.2.4 | |
| 153 | ; match anything, servfail | |
| 154 | ENTRY_BEGIN | |
| 155 | MATCH opcode | |
| 156 | ADJUST copy_id copy_query | |
| 157 | REPLY QR SERVFAIL | |
| 158 | SECTION QUESTION | |
| 159 | subzone.example.com. IN A | |
| 160 | SECTION ANSWER | |
| 161 | ENTRY_END | |
| 162 | RANGE_END | |
| 163 | ||
| 164 | ; stub server for subzone.example.com | |
| 165 | RANGE_BEGIN 0 100 | |
| 166 | ADDRESS 10.0.5.4 | |
| 167 | ; match anything, servfail | |
| 168 | ENTRY_BEGIN | |
| 169 | MATCH opcode | |
| 170 | ADJUST copy_id copy_query | |
| 171 | REPLY QR SERVFAIL | |
| 172 | SECTION QUESTION | |
| 173 | subzone.example.com. IN A | |
| 174 | SECTION ANSWER | |
| 175 | ENTRY_END | |
| 176 | RANGE_END | |
| 177 | ||
| 178 | ||
| 179 | ; fetch the delegation point for example.net in cache. | |
| 180 | STEP 1 QUERY | |
| 181 | ENTRY_BEGIN | |
| 182 | REPLY RD | |
| 183 | SECTION QUESTION | |
| 184 | example.net. IN NS | |
| 185 | ENTRY_END | |
| 186 | ||
| 187 | ; recursion happens here. | |
| 188 | STEP 10 CHECK_ANSWER | |
| 189 | ENTRY_BEGIN | |
| 190 | MATCH all | |
| 191 | REPLY QR RD RA NOERROR | |
| 192 | SECTION QUESTION | |
| 193 | example.net. IN NS | |
| 194 | SECTION ANSWER | |
| 195 | example.net. IN NS ns.example.net. | |
| 196 | SECTION ADDITIONAL | |
| 197 | ns.example.net. IN A 10.0.5.1 | |
| 198 | ENTRY_END | |
| 199 | ||
| 200 | STEP 20 QUERY | |
| 201 | ENTRY_BEGIN | |
| 202 | REPLY RD | |
| 203 | SECTION QUESTION | |
| 204 | whatever.subzone.example.com. IN A | |
| 205 | ENTRY_END | |
| 206 | ||
| 207 | ; recursion happens here. | |
| 208 | ; the query should not leak subzone ns queries to the internet | |
| 209 | STEP 30 CHECK_ANSWER | |
| 210 | ENTRY_BEGIN | |
| 211 | MATCH all | |
| 212 | REPLY QR RD RA SERVFAIL | |
| 213 | SECTION QUESTION | |
| 214 | whatever.subzone.example.com. IN A | |
| 215 | SECTION ANSWER | |
| 216 | SECTION AUTHORITY | |
| 217 | ENTRY_END | |
| 218 | ||
| 219 | SCENARIO_END |
| 3 | 3 | trust-anchor: ". IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk)}" |
| 4 | 4 | val-override-date: "20110207110823" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 6 | 6 | msg-cache-size: 8 |
| 7 | 7 | rrset-cache-size: 8 |
| 8 | 8 | target-fetch-policy: "0 0 0 0 0" |
| 9 | fake-sha1: yes | |
| 9 | 10 | |
| 10 | 11 | stub-zone: |
| 11 | 12 | name: "." |
Binary diff not shown
| 3 | 3 | harden-below-nxdomain: yes |
| 4 | 4 | trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | qname-minimisation: yes |
| 5 | 5 | trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" |
| 6 | 6 | val-override-date: "20070916134226" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 0 | ; Ask the same question twice. Check to see second is answered | |
| 1 | ; from cache | |
| 2 | ||
| 3 | server: | |
| 4 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" | |
| 5 | val-override-date: "20070916134226" | |
| 6 | target-fetch-policy: "0 0 0 0 0" | |
| 7 | send-client-subnet: 1.2.3.4 | |
| 8 | max-client-subnet-ipv4: 17 | |
| 9 | module-config: "subnetcache validator iterator" | |
| 10 | verbosity: 3 | |
| 11 | access-control: 127.0.0.1 allow_snoop | |
| 12 | ||
| 13 | stub-zone: | |
| 14 | name: "." | |
| 15 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 16 | CONFIG_END | |
| 17 | ||
| 18 | SCENARIO_BEGIN Test validator with positive response | |
| 19 | ||
| 20 | ; K.ROOT-SERVERS.NET. | |
| 21 | RANGE_BEGIN 0 100 | |
| 22 | ADDRESS 193.0.14.129 | |
| 23 | ENTRY_BEGIN | |
| 24 | MATCH opcode qtype qname ednsdata | |
| 25 | ADJUST copy_id | |
| 26 | REPLY QR NOERROR | |
| 27 | SECTION QUESTION | |
| 28 | . IN NS | |
| 29 | SECTION ANSWER | |
| 30 | . IN NS K.ROOT-SERVERS.NET. | |
| 31 | SECTION ADDITIONAL | |
| 32 | HEX_EDNSDATA_BEGIN | |
| 33 | ;; we expect to receive empty | |
| 34 | HEX_EDNSDATA_END | |
| 35 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 36 | ENTRY_END | |
| 37 | ||
| 38 | ENTRY_BEGIN | |
| 39 | MATCH opcode qtype qname | |
| 40 | ADJUST copy_id | |
| 41 | REPLY QR NOERROR | |
| 42 | SECTION QUESTION | |
| 43 | www.example.com. IN A | |
| 44 | SECTION AUTHORITY | |
| 45 | com. IN NS a.gtld-servers.net. | |
| 46 | SECTION ADDITIONAL | |
| 47 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 48 | ENTRY_END | |
| 49 | RANGE_END | |
| 50 | ||
| 51 | ; a.gtld-servers.net. | |
| 52 | RANGE_BEGIN 0 100 | |
| 53 | ADDRESS 192.5.6.30 | |
| 54 | ENTRY_BEGIN | |
| 55 | MATCH opcode qtype qname ednsdata | |
| 56 | ADJUST copy_id | |
| 57 | REPLY QR NOERROR | |
| 58 | SECTION QUESTION | |
| 59 | com. IN NS | |
| 60 | SECTION ANSWER | |
| 61 | com. IN NS a.gtld-servers.net. | |
| 62 | SECTION ADDITIONAL | |
| 63 | HEX_EDNSDATA_BEGIN | |
| 64 | ;; we expect to receive empty | |
| 65 | HEX_EDNSDATA_END | |
| 66 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 67 | ENTRY_END | |
| 68 | ||
| 69 | ENTRY_BEGIN | |
| 70 | MATCH opcode qtype qname | |
| 71 | ADJUST copy_id | |
| 72 | REPLY QR NOERROR | |
| 73 | SECTION QUESTION | |
| 74 | www.example.com. IN A | |
| 75 | SECTION AUTHORITY | |
| 76 | example.com. IN NS ns.example.com. | |
| 77 | SECTION ADDITIONAL | |
| 78 | ns.example.com. IN A 1.2.3.4 | |
| 79 | ENTRY_END | |
| 80 | RANGE_END | |
| 81 | ||
| 82 | ; ns.example.com. | |
| 83 | RANGE_BEGIN 0 100 | |
| 84 | ADDRESS 1.2.3.4 | |
| 85 | ENTRY_BEGIN | |
| 86 | MATCH opcode qtype qname ednsdata | |
| 87 | ADJUST copy_id | |
| 88 | REPLY QR NOERROR | |
| 89 | SECTION QUESTION | |
| 90 | example.com. IN NS | |
| 91 | SECTION ANSWER | |
| 92 | example.com. IN NS ns.example.com. | |
| 93 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 94 | SECTION ADDITIONAL | |
| 95 | HEX_EDNSDATA_BEGIN | |
| 96 | ;; we expect to receive empty | |
| 97 | HEX_EDNSDATA_END | |
| 98 | ns.example.com. IN A 1.2.3.4 | |
| 99 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 100 | ENTRY_END | |
| 101 | ||
| 102 | ; response to DNSKEY priming query | |
| 103 | ENTRY_BEGIN | |
| 104 | MATCH opcode qtype qname ednsdata | |
| 105 | ADJUST copy_id | |
| 106 | REPLY QR NOERROR | |
| 107 | SECTION QUESTION | |
| 108 | example.com. IN DNSKEY | |
| 109 | SECTION ANSWER | |
| 110 | example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} | |
| 111 | example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} | |
| 112 | SECTION AUTHORITY | |
| 113 | example.com. IN NS ns.example.com. | |
| 114 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 115 | SECTION ADDITIONAL | |
| 116 | HEX_EDNSDATA_BEGIN | |
| 117 | ;; we expect to receive empty | |
| 118 | HEX_EDNSDATA_END | |
| 119 | ns.example.com. IN A 1.2.3.4 | |
| 120 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 121 | ENTRY_END | |
| 122 | ||
| 123 | ; response to query of interest | |
| 124 | ENTRY_BEGIN | |
| 125 | MATCH opcode qtype qname ednsdata | |
| 126 | ADJUST copy_id copy_ednsdata_assume_clientsubnet | |
| 127 | REPLY QR NOERROR | |
| 128 | SECTION QUESTION | |
| 129 | www.example.com. IN A | |
| 130 | SECTION ANSWER | |
| 131 | www.example.com. IN A 10.20.30.40 | |
| 132 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} | |
| 133 | SECTION AUTHORITY | |
| 134 | example.com. IN NS ns.example.com. | |
| 135 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 136 | SECTION ADDITIONAL | |
| 137 | HEX_EDNSDATA_BEGIN | |
| 138 | ; client is 127.0.0.1 | |
| 139 | 00 08 ; OPC | |
| 140 | 00 07 ; option length | |
| 141 | 00 01 ; Family | |
| 142 | 11 00 ; source mask, scopemask | |
| 143 | 7f 00 00 ; address | |
| 144 | HEX_EDNSDATA_END | |
| 145 | ns.example.com. IN A 1.2.3.4 | |
| 146 | www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} | |
| 147 | ENTRY_END | |
| 148 | RANGE_END | |
| 149 | ||
| 150 | STEP 1 QUERY | |
| 151 | ENTRY_BEGIN | |
| 152 | HEX_ANSWER_BEGIN; | |
| 153 | 00 00 01 00 00 01 00 00 ;ID 0 | |
| 154 | 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) | |
| 155 | 07 65 78 61 6d 70 6c 65 | |
| 156 | 03 63 6f 6d 00 00 01 00 | |
| 157 | 01 00 00 29 10 00 00 00 | |
| 158 | 80 00 00 0b | |
| 159 | ||
| 160 | 00 08 00 07 ; OPC, optlen | |
| 161 | 00 01 11 00 ; ip4, scope 17, source 0 | |
| 162 | 7f 00 00 ;127.0.0.0/17 | |
| 163 | HEX_ANSWER_END | |
| 164 | ENTRY_END | |
| 165 | ||
| 166 | STEP 10 CHECK_ANSWER | |
| 167 | ENTRY_BEGIN | |
| 168 | MATCH all ednsdata | |
| 169 | REPLY QR RD RA AD NOERROR | |
| 170 | SECTION QUESTION | |
| 171 | www.example.com. IN A | |
| 172 | SECTION ANSWER | |
| 173 | www.example.com. IN A 10.20.30.40 | |
| 174 | www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} | |
| 175 | SECTION AUTHORITY | |
| 176 | example.com. IN NS ns.example.com. | |
| 177 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 178 | SECTION ADDITIONAL | |
| 179 | HEX_EDNSDATA_BEGIN | |
| 180 | ; client is 127.0.0.1 | |
| 181 | 00 08 ; OPC | |
| 182 | 00 07 ; option length | |
| 183 | 00 01 ; Family | |
| 184 | 11 11 ; source mask, scopemask | |
| 185 | 7f 00 00 ; address | |
| 186 | HEX_EDNSDATA_END | |
| 187 | ns.example.com. IN A 1.2.3.4 | |
| 188 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} | |
| 189 | ENTRY_END | |
| 190 | ||
| 191 | STEP 11 QUERY | |
| 192 | ||
| 193 | ENTRY_BEGIN | |
| 194 | HEX_ANSWER_BEGIN; | |
| 195 | 00 00 00 00 00 01 00 00 ;ID 0, no RD | |
| 196 | 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) | |
| 197 | 07 65 78 61 6d 70 6c 65 | |
| 198 | 03 63 6f 6d 00 00 01 00 | |
| 199 | 01 00 00 29 10 00 00 00 | |
| 200 | 80 00 00 0b | |
| 201 | ||
| 202 | 00 08 00 07 ; OPC, optlen | |
| 203 | 00 01 12 00 ; ip4, scope 18, source 0 | |
| 204 | 7f 00 00 ;127.0.0.0/18 | |
| 205 | HEX_ANSWER_END | |
| 206 | ENTRY_END | |
| 207 | ||
| 208 | STEP 20 CHECK_ANSWER | |
| 209 | ENTRY_BEGIN | |
| 210 | MATCH all ednsdata | |
| 211 | REPLY QR RA AD NOERROR | |
| 212 | SECTION QUESTION | |
| 213 | www.example.com. IN A | |
| 214 | SECTION ANSWER | |
| 215 | www.example.com. IN A 10.20.30.40 | |
| 216 | www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} | |
| 217 | SECTION AUTHORITY | |
| 218 | example.com. IN NS ns.example.com. | |
| 219 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 220 | SECTION ADDITIONAL | |
| 221 | HEX_EDNSDATA_BEGIN | |
| 222 | ; client is 127.0.0.1 | |
| 223 | 00 08 ; OPC | |
| 224 | 00 07 ; option length | |
| 225 | 00 01 ; Family | |
| 226 | 12 11 ; source mask, scopemask | |
| 227 | 7f 00 00 ; address | |
| 228 | HEX_EDNSDATA_END | |
| 229 | ns.example.com. IN A 1.2.3.4 | |
| 230 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} | |
| 231 | ENTRY_END | |
| 232 | ||
| 233 | SCENARIO_END |
| 0 | server: | |
| 1 | send-client-subnet: 5.0.15.10 | |
| 2 | send-client-subnet: 193.0.14.129 | |
| 3 | max-client-subnet-ipv4: 21 | |
| 4 | verbosity: 3 | |
| 5 | module-config: "subnetcache validator iterator" | |
| 6 | ||
| 7 | stub-zone: | |
| 8 | name: "." | |
| 9 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 10 | CONFIG_END | |
| 11 | ||
| 12 | SCENARIO_BEGIN Must not send subnet option for 'derived' queries. | |
| 13 | ||
| 14 | RANGE_BEGIN 0 100 | |
| 15 | ||
| 16 | ADDRESS 193.0.14.129 | |
| 17 | ||
| 18 | ENTRY_BEGIN | |
| 19 | MATCH opcode qtype qname ednsdata | |
| 20 | ADJUST copy_id | |
| 21 | REPLY QR NOERROR | |
| 22 | SECTION QUESTION | |
| 23 | . IN NS | |
| 24 | SECTION ANSWER | |
| 25 | . IN NS K.ROOT-SERVERS.NET. | |
| 26 | SECTION ADDITIONAL | |
| 27 | HEX_EDNSDATA_BEGIN | |
| 28 | ;; we expect to receive empty | |
| 29 | HEX_EDNSDATA_END | |
| 30 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 31 | ENTRY_END | |
| 32 | ||
| 33 | ENTRY_BEGIN | |
| 34 | MATCH opcode qtype qname ednsdata | |
| 35 | ADJUST copy_id | |
| 36 | REPLY QR NOERROR | |
| 37 | SECTION QUESTION | |
| 38 | a.gtld-servers.net. IN AAAA | |
| 39 | SECTION AUTHORITY | |
| 40 | SECTION ADDITIONAL | |
| 41 | HEX_EDNSDATA_BEGIN | |
| 42 | ;; we expect to receive empty | |
| 43 | HEX_EDNSDATA_END | |
| 44 | ENTRY_END | |
| 45 | ||
| 46 | ENTRY_BEGIN | |
| 47 | MATCH opcode qtype qname ednsdata | |
| 48 | ADJUST copy_id | |
| 49 | REPLY QR NOERROR | |
| 50 | SECTION QUESTION | |
| 51 | www.example.com. IN A | |
| 52 | SECTION AUTHORITY | |
| 53 | com. IN NS a.gtld-servers.net. | |
| 54 | SECTION ADDITIONAL | |
| 55 | HEX_EDNSDATA_BEGIN | |
| 56 | ; client is 127.0.0.1 | |
| 57 | 00 08 ; OPC | |
| 58 | 00 07 ; option length | |
| 59 | 00 01 ; Family | |
| 60 | 15 00 ; source mask, scopemask | |
| 61 | 7f 00 00 ; address | |
| 62 | HEX_EDNSDATA_END | |
| 63 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 64 | ENTRY_END | |
| 65 | ||
| 66 | RANGE_END | |
| 67 | ||
| 68 | RANGE_BEGIN 0 100 | |
| 69 | ||
| 70 | ADDRESS 192.5.6.30 | |
| 71 | ||
| 72 | ENTRY_BEGIN | |
| 73 | MATCH opcode qtype qname | |
| 74 | ADJUST copy_id copy_query | |
| 75 | REPLY QR NOERROR | |
| 76 | SECTION QUESTION | |
| 77 | www.example.com. IN A | |
| 78 | SECTION AUTHORITY | |
| 79 | example.com. IN NS ns.example.com. | |
| 80 | SECTION ADDITIONAL | |
| 81 | ns.example.com. IN A 5.0.15.10 | |
| 82 | ENTRY_END | |
| 83 | ||
| 84 | RANGE_END | |
| 85 | ||
| 86 | RANGE_BEGIN 0 100 | |
| 87 | ||
| 88 | ADDRESS 5.0.15.10 | |
| 89 | ||
| 90 | ENTRY_BEGIN | |
| 91 | MATCH opcode qtype qname ednsdata | |
| 92 | ADJUST copy_id | |
| 93 | REPLY QR NOERROR | |
| 94 | SECTION QUESTION | |
| 95 | example.com. IN NS | |
| 96 | SECTION ANSWER | |
| 97 | example.com. IN NS ns.example.com. | |
| 98 | SECTION ADDITIONAL | |
| 99 | HEX_EDNSDATA_BEGIN | |
| 100 | ;; we expect to receive empty | |
| 101 | HEX_EDNSDATA_END | |
| 102 | ns.example.com. IN A 5.0.15.10 | |
| 103 | ENTRY_END | |
| 104 | ||
| 105 | ENTRY_BEGIN | |
| 106 | MATCH opcode qtype qname ednsdata | |
| 107 | ADJUST copy_id | |
| 108 | REPLY QR NOERROR | |
| 109 | SECTION QUESTION | |
| 110 | ns.example.com. IN AAAA | |
| 111 | SECTION ANSWER | |
| 112 | SECTION ADDITIONAL | |
| 113 | HEX_EDNSDATA_BEGIN | |
| 114 | ;; we expect to receive empty | |
| 115 | HEX_EDNSDATA_END | |
| 116 | ENTRY_END | |
| 117 | ||
| 118 | ENTRY_BEGIN | |
| 119 | MATCH opcode subdomain ednsdata | |
| 120 | ADJUST copy_id copy_query | |
| 121 | REPLY QR NOERROR | |
| 122 | SECTION QUESTION | |
| 123 | www.example.com. IN A | |
| 124 | SECTION ANSWER | |
| 125 | www.example.com. IN A 4.3.2.1 | |
| 126 | SECTION ADDITIONAL | |
| 127 | HEX_EDNSDATA_BEGIN | |
| 128 | ; client is 127.0.0.1 | |
| 129 | 00 08 ; OPC | |
| 130 | 00 07 ; option length | |
| 131 | 00 01 ; Family | |
| 132 | 15 00 ; source mask, scopemask | |
| 133 | 7f 00 00 ; address | |
| 134 | HEX_EDNSDATA_END | |
| 135 | ENTRY_END | |
| 136 | ||
| 137 | RANGE_END | |
| 138 | ||
| 139 | ;; ---------------------------------------- | |
| 140 | ||
| 141 | STEP 1 QUERY | |
| 142 | ||
| 143 | ENTRY_BEGIN | |
| 144 | REPLY RD | |
| 145 | SECTION QUESTION | |
| 146 | www.example.com. IN A | |
| 147 | ENTRY_END | |
| 148 | ||
| 149 | STEP 10 CHECK_ANSWER | |
| 150 | ||
| 151 | ENTRY_BEGIN | |
| 152 | MATCH all | |
| 153 | REPLY QR RD RA NOERROR | |
| 154 | SECTION QUESTION | |
| 155 | www.example.com. IN A | |
| 156 | SECTION ANSWER | |
| 157 | www.example.com. IN A 4.3.2.1 | |
| 158 | SECTION AUTHORITY | |
| 159 | SECTION ADDITIONAL | |
| 160 | ENTRY_END | |
| 161 | ||
| 162 | SCENARIO_END |
| 0 | server: | |
| 1 | send-client-subnet: 5.0.15.10 | |
| 2 | max-client-subnet-ipv4: 21 | |
| 3 | verbosity: 3 | |
| 4 | module-config: "subnetcache validator iterator" | |
| 5 | ||
| 6 | stub-zone: | |
| 7 | name: "." | |
| 8 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 9 | CONFIG_END | |
| 10 | ||
| 11 | SCENARIO_BEGIN Subnet option ONLY in final query | |
| 12 | ||
| 13 | RANGE_BEGIN 0 100 | |
| 14 | ||
| 15 | ADDRESS 193.0.14.129 | |
| 16 | ||
| 17 | ENTRY_BEGIN | |
| 18 | MATCH opcode qtype qname ednsdata | |
| 19 | ADJUST copy_id | |
| 20 | REPLY QR NOERROR | |
| 21 | SECTION QUESTION | |
| 22 | . IN NS | |
| 23 | SECTION ANSWER | |
| 24 | . IN NS K.ROOT-SERVERS.NET. | |
| 25 | SECTION ADDITIONAL | |
| 26 | HEX_EDNSDATA_BEGIN | |
| 27 | ;; we expect to receive empty | |
| 28 | HEX_EDNSDATA_END | |
| 29 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 30 | ENTRY_END | |
| 31 | ||
| 32 | ENTRY_BEGIN | |
| 33 | MATCH opcode qtype qname ednsdata | |
| 34 | ADJUST copy_id | |
| 35 | REPLY QR NOERROR | |
| 36 | SECTION QUESTION | |
| 37 | a.gtld-servers.net. IN AAAA | |
| 38 | SECTION AUTHORITY | |
| 39 | SECTION ADDITIONAL | |
| 40 | HEX_EDNSDATA_BEGIN | |
| 41 | ;; we expect to receive empty | |
| 42 | HEX_EDNSDATA_END | |
| 43 | ENTRY_END | |
| 44 | ||
| 45 | ENTRY_BEGIN | |
| 46 | MATCH opcode qtype qname ednsdata | |
| 47 | ADJUST copy_id | |
| 48 | REPLY QR NOERROR | |
| 49 | SECTION QUESTION | |
| 50 | www.example.com. IN A | |
| 51 | SECTION AUTHORITY | |
| 52 | com. IN NS a.gtld-servers.net. | |
| 53 | SECTION ADDITIONAL | |
| 54 | HEX_EDNSDATA_BEGIN | |
| 55 | ;; we expect to receive empty | |
| 56 | HEX_EDNSDATA_END | |
| 57 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 58 | ENTRY_END | |
| 59 | ||
| 60 | RANGE_END | |
| 61 | ||
| 62 | RANGE_BEGIN 0 100 | |
| 63 | ||
| 64 | ADDRESS 192.5.6.30 | |
| 65 | ||
| 66 | ENTRY_BEGIN | |
| 67 | MATCH opcode opcode qtype qname ednsdata | |
| 68 | ADJUST copy_id copy_query | |
| 69 | REPLY QR NOERROR | |
| 70 | SECTION QUESTION | |
| 71 | www.example.com. IN A | |
| 72 | SECTION AUTHORITY | |
| 73 | example.com. IN NS ns.example.com. | |
| 74 | SECTION ADDITIONAL | |
| 75 | HEX_EDNSDATA_BEGIN | |
| 76 | ;; we expect to receive empty | |
| 77 | HEX_EDNSDATA_END | |
| 78 | ns.example.com. IN A 5.0.15.10 | |
| 79 | ENTRY_END | |
| 80 | ||
| 81 | RANGE_END | |
| 82 | ||
| 83 | RANGE_BEGIN 0 100 | |
| 84 | ||
| 85 | ADDRESS 5.0.15.10 | |
| 86 | ||
| 87 | ENTRY_BEGIN | |
| 88 | MATCH opcode qtype qname ednsdata | |
| 89 | ADJUST copy_id | |
| 90 | REPLY QR NOERROR | |
| 91 | SECTION QUESTION | |
| 92 | example.com. IN NS | |
| 93 | SECTION ANSWER | |
| 94 | example.com. IN NS ns.example.com. | |
| 95 | SECTION ADDITIONAL | |
| 96 | HEX_EDNSDATA_BEGIN | |
| 97 | ;; we expect to receive empty | |
| 98 | HEX_EDNSDATA_END | |
| 99 | ns.example.com. IN A 5.0.15.10 | |
| 100 | ENTRY_END | |
| 101 | ||
| 102 | ENTRY_BEGIN | |
| 103 | MATCH opcode qtype qname ednsdata | |
| 104 | ADJUST copy_id | |
| 105 | REPLY QR NOERROR | |
| 106 | SECTION QUESTION | |
| 107 | ns.example.com. IN AAAA | |
| 108 | SECTION ANSWER | |
| 109 | SECTION ADDITIONAL | |
| 110 | HEX_EDNSDATA_BEGIN | |
| 111 | ;; we expect to receive empty | |
| 112 | HEX_EDNSDATA_END | |
| 113 | ENTRY_END | |
| 114 | ||
| 115 | ENTRY_BEGIN | |
| 116 | MATCH opcode subdomain ednsdata | |
| 117 | ADJUST copy_id copy_query | |
| 118 | REPLY QR NOERROR | |
| 119 | SECTION QUESTION | |
| 120 | www.example.com. IN A | |
| 121 | SECTION ANSWER | |
| 122 | www.example.com. IN A 4.3.2.1 | |
| 123 | SECTION ADDITIONAL | |
| 124 | HEX_EDNSDATA_BEGIN | |
| 125 | ; client is 127.0.0.1 | |
| 126 | 00 08 ; OPC | |
| 127 | 00 07 ; option length | |
| 128 | 00 01 ; Family | |
| 129 | 15 00 ; source mask, scopemask | |
| 130 | 7f 00 00 ; address | |
| 131 | HEX_EDNSDATA_END | |
| 132 | ENTRY_END | |
| 133 | ||
| 134 | RANGE_END | |
| 135 | ||
| 136 | ;; ---------------------------------------- | |
| 137 | ||
| 138 | STEP 1 QUERY | |
| 139 | ||
| 140 | ENTRY_BEGIN | |
| 141 | REPLY RD | |
| 142 | SECTION QUESTION | |
| 143 | www.example.com. IN A | |
| 144 | ENTRY_END | |
| 145 | ||
| 146 | STEP 10 CHECK_ANSWER | |
| 147 | ||
| 148 | ENTRY_BEGIN | |
| 149 | MATCH all | |
| 150 | REPLY QR RD RA NOERROR | |
| 151 | SECTION QUESTION | |
| 152 | www.example.com. IN A | |
| 153 | SECTION ANSWER | |
| 154 | www.example.com. IN A 4.3.2.1 | |
| 155 | SECTION AUTHORITY | |
| 156 | SECTION ADDITIONAL | |
| 157 | ENTRY_END | |
| 158 | ||
| 159 | SCENARIO_END |
| 0 | ; When the triggering query includes ECS option, source prefix-length should | |
| 1 | ; be set to the shorter of the incoming query or server maximum cacheable prefix | |
| 2 | ; length | |
| 3 | ||
| 4 | server: | |
| 5 | val-override-date: "20070916134226" | |
| 6 | target-fetch-policy: "0 0 0 0 0" | |
| 7 | send-client-subnet: 1.2.3.4 | |
| 8 | max-client-subnet-ipv4: 17 | |
| 9 | module-config: "subnetcache validator iterator" | |
| 10 | verbosity: 3 | |
| 11 | ||
| 12 | stub-zone: | |
| 13 | name: "." | |
| 14 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 15 | CONFIG_END | |
| 16 | ||
| 17 | SCENARIO_BEGIN Test shortest source prefix-length | |
| 18 | ||
| 19 | ; K.ROOT-SERVERS.NET. | |
| 20 | RANGE_BEGIN 0 100 | |
| 21 | ADDRESS 193.0.14.129 | |
| 22 | ENTRY_BEGIN | |
| 23 | MATCH opcode qtype qname ednsdata | |
| 24 | ADJUST copy_id | |
| 25 | REPLY QR NOERROR | |
| 26 | SECTION QUESTION | |
| 27 | . IN NS | |
| 28 | SECTION ANSWER | |
| 29 | . IN NS K.ROOT-SERVERS.NET. | |
| 30 | SECTION ADDITIONAL | |
| 31 | HEX_EDNSDATA_BEGIN | |
| 32 | ;; we expect to receive empty | |
| 33 | HEX_EDNSDATA_END | |
| 34 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 35 | ENTRY_END | |
| 36 | ||
| 37 | ENTRY_BEGIN | |
| 38 | MATCH opcode qtype qname | |
| 39 | ADJUST copy_id | |
| 40 | REPLY QR NOERROR | |
| 41 | SECTION QUESTION | |
| 42 | www.example.com. IN A | |
| 43 | SECTION AUTHORITY | |
| 44 | com. IN NS a.gtld-servers.net. | |
| 45 | SECTION ADDITIONAL | |
| 46 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 47 | ENTRY_END | |
| 48 | RANGE_END | |
| 49 | ||
| 50 | ; a.gtld-servers.net. | |
| 51 | RANGE_BEGIN 0 100 | |
| 52 | ADDRESS 192.5.6.30 | |
| 53 | ENTRY_BEGIN | |
| 54 | MATCH opcode qtype qname ednsdata | |
| 55 | ADJUST copy_id | |
| 56 | REPLY QR NOERROR | |
| 57 | SECTION QUESTION | |
| 58 | com. IN NS | |
| 59 | SECTION ANSWER | |
| 60 | com. IN NS a.gtld-servers.net. | |
| 61 | SECTION ADDITIONAL | |
| 62 | HEX_EDNSDATA_BEGIN | |
| 63 | ;; we expect to receive empty | |
| 64 | HEX_EDNSDATA_END | |
| 65 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 66 | ENTRY_END | |
| 67 | ||
| 68 | ENTRY_BEGIN | |
| 69 | MATCH opcode qtype qname | |
| 70 | ADJUST copy_id | |
| 71 | REPLY QR NOERROR | |
| 72 | SECTION QUESTION | |
| 73 | www.example.com. IN A | |
| 74 | SECTION AUTHORITY | |
| 75 | example.com. IN NS ns.example.com. | |
| 76 | SECTION ADDITIONAL | |
| 77 | ns.example.com. IN A 1.2.3.4 | |
| 78 | ENTRY_END | |
| 79 | RANGE_END | |
| 80 | ||
| 81 | ; ns.example.com. | |
| 82 | RANGE_BEGIN 0 100 | |
| 83 | ADDRESS 1.2.3.4 | |
| 84 | ENTRY_BEGIN | |
| 85 | MATCH opcode qtype qname ednsdata | |
| 86 | ADJUST copy_id copy_ednsdata_assume_clientsubnet | |
| 87 | REPLY QR NOERROR | |
| 88 | SECTION QUESTION | |
| 89 | example.com. IN NS | |
| 90 | SECTION ANSWER | |
| 91 | example.com. IN NS ns.example.com. | |
| 92 | SECTION ADDITIONAL | |
| 93 | HEX_EDNSDATA_BEGIN | |
| 94 | ;; we expect to receive empty | |
| 95 | HEX_EDNSDATA_END | |
| 96 | ns.example.com. IN A 1.2.3.4 | |
| 97 | ENTRY_END | |
| 98 | ||
| 99 | ; response to query of interest | |
| 100 | ENTRY_BEGIN | |
| 101 | MATCH opcode qtype qname ednsdata | |
| 102 | ADJUST copy_id copy_ednsdata_assume_clientsubnet | |
| 103 | REPLY QR NOERROR | |
| 104 | SECTION QUESTION | |
| 105 | www.example.com. IN A | |
| 106 | SECTION ANSWER | |
| 107 | www.example.com. IN A 10.20.30.40 | |
| 108 | SECTION AUTHORITY | |
| 109 | example.com. IN NS ns.example.com. | |
| 110 | SECTION ADDITIONAL | |
| 111 | HEX_EDNSDATA_BEGIN | |
| 112 | ; client is 127.0.0.1 | |
| 113 | 00 08 ; OPC | |
| 114 | 00 06 ; option length | |
| 115 | 00 01 ; Family | |
| 116 | 10 00 ; source mask, scopemask | |
| 117 | 7f 00 ; address | |
| 118 | HEX_EDNSDATA_END | |
| 119 | ns.example.com. IN A 1.2.3.4 | |
| 120 | ENTRY_END | |
| 121 | ||
| 122 | ; client send /18, we expect /17 | |
| 123 | ENTRY_BEGIN | |
| 124 | MATCH opcode qtype qname ednsdata | |
| 125 | ADJUST copy_id copy_ednsdata_assume_clientsubnet | |
| 126 | REPLY QR NOERROR | |
| 127 | SECTION QUESTION | |
| 128 | www.example.com. IN A | |
| 129 | SECTION ANSWER | |
| 130 | www.example.com. IN A 10.20.30.50 | |
| 131 | SECTION AUTHORITY | |
| 132 | example.com. IN NS ns.example.com. | |
| 133 | SECTION ADDITIONAL | |
| 134 | HEX_EDNSDATA_BEGIN | |
| 135 | ; client is 127.1.0.1 | |
| 136 | 00 08 ; OPC | |
| 137 | 00 07 ; option length | |
| 138 | 00 01 ; Family | |
| 139 | 11 00 ; source mask, scopemask | |
| 140 | 7f 01 00 ; address | |
| 141 | HEX_EDNSDATA_END | |
| 142 | ns.example.com. IN A 1.2.3.4 | |
| 143 | ENTRY_END | |
| 144 | ||
| 145 | RANGE_END | |
| 146 | ||
| 147 | STEP 1 QUERY | |
| 148 | ENTRY_BEGIN | |
| 149 | HEX_ANSWER_BEGIN; | |
| 150 | 00 00 01 00 00 01 00 00 ;ID 0 | |
| 151 | 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) | |
| 152 | 07 65 78 61 6d 70 6c 65 | |
| 153 | 03 63 6f 6d 00 00 01 00 | |
| 154 | 01 00 00 29 10 00 00 00 | |
| 155 | 80 00 00 0a | |
| 156 | ||
| 157 | 00 08 00 06 ; OPC, optlen | |
| 158 | 00 01 10 00 ; ip4, scope 16, source 0 | |
| 159 | 7f 00 ;127.0.0.0/16 | |
| 160 | HEX_ANSWER_END | |
| 161 | ENTRY_END | |
| 162 | ||
| 163 | ||
| 164 | ||
| 165 | ; recursion happens here. | |
| 166 | STEP 10 CHECK_ANSWER | |
| 167 | ENTRY_BEGIN | |
| 168 | MATCH all ednsdata | |
| 169 | REPLY QR RD RA NOERROR | |
| 170 | SECTION QUESTION | |
| 171 | www.example.com. IN A | |
| 172 | SECTION ANSWER | |
| 173 | www.example.com. IN A 10.20.30.40 | |
| 174 | SECTION AUTHORITY | |
| 175 | example.com. IN NS ns.example.com. | |
| 176 | SECTION ADDITIONAL | |
| 177 | HEX_EDNSDATA_BEGIN | |
| 178 | ; client is 127.0.0.1 | |
| 179 | 00 08 ; OPC | |
| 180 | 00 06 ; option length | |
| 181 | 00 01 ; Family | |
| 182 | 10 10 ; source mask, scopemask | |
| 183 | 7f 00 ; address | |
| 184 | HEX_EDNSDATA_END | |
| 185 | ns.example.com. IN A 1.2.3.4 | |
| 186 | ENTRY_END | |
| 187 | ||
| 188 | STEP 11 QUERY | |
| 189 | ENTRY_BEGIN | |
| 190 | HEX_ANSWER_BEGIN; | |
| 191 | 00 00 01 00 00 01 00 00 ;ID 0 | |
| 192 | 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) | |
| 193 | 07 65 78 61 6d 70 6c 65 | |
| 194 | 03 63 6f 6d 00 00 01 00 | |
| 195 | 01 00 00 29 10 00 00 00 | |
| 196 | 80 00 00 0b | |
| 197 | ||
| 198 | 00 08 00 07 ; OPC, optlen | |
| 199 | 00 01 12 00 ; ip4, scope 18, source 0 | |
| 200 | 7f 01 00 ;127.1.0.0/18 | |
| 201 | HEX_ANSWER_END | |
| 202 | ENTRY_END | |
| 203 | ||
| 204 | ||
| 205 | ||
| 206 | ; recursion happens here. | |
| 207 | STEP 20 CHECK_ANSWER | |
| 208 | ENTRY_BEGIN | |
| 209 | MATCH all ednsdata | |
| 210 | REPLY QR RD RA NOERROR | |
| 211 | SECTION QUESTION | |
| 212 | www.example.com. IN A | |
| 213 | SECTION ANSWER | |
| 214 | www.example.com. IN A 10.20.30.50 | |
| 215 | SECTION AUTHORITY | |
| 216 | example.com. IN NS ns.example.com. | |
| 217 | SECTION ADDITIONAL | |
| 218 | HEX_EDNSDATA_BEGIN | |
| 219 | ; client is 127.1.0.1 | |
| 220 | 00 08 ; OPC | |
| 221 | 00 07 ; option length | |
| 222 | 00 01 ; Family | |
| 223 | 12 11 ; source mask, scopemask | |
| 224 | 7f 01 00 ; address | |
| 225 | HEX_EDNSDATA_END | |
| 226 | ns.example.com. IN A 1.2.3.4 | |
| 227 | ENTRY_END | |
| 228 | ||
| 229 | ||
| 230 | SCENARIO_END |
| 0 | server: | |
| 1 | send-client-subnet: 9.9.9.9/32 | |
| 2 | client-subnet-opcode: 20730 | |
| 3 | max-client-subnet-ipv4: 21 | |
| 4 | verbosity: 3 | |
| 5 | module-config: "subnetcache validator iterator" | |
| 6 | ||
| 7 | stub-zone: | |
| 8 | name: "." | |
| 9 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 10 | CONFIG_END | |
| 11 | ||
| 12 | SCENARIO_BEGIN Subnet option MUST NOT be send to any host | |
| 13 | ||
| 14 | RANGE_BEGIN 0 100 | |
| 15 | ||
| 16 | ADDRESS 193.0.14.129 | |
| 17 | ||
| 18 | ENTRY_BEGIN | |
| 19 | MATCH opcode qtype qname ednsdata | |
| 20 | ADJUST copy_id | |
| 21 | REPLY QR NOERROR | |
| 22 | SECTION QUESTION | |
| 23 | . IN NS | |
| 24 | SECTION ANSWER | |
| 25 | . IN NS K.ROOT-SERVERS.NET. | |
| 26 | SECTION ADDITIONAL | |
| 27 | HEX_EDNSDATA_BEGIN | |
| 28 | ;; we expect to receive empty | |
| 29 | HEX_EDNSDATA_END | |
| 30 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 31 | ENTRY_END | |
| 32 | ||
| 33 | ENTRY_BEGIN | |
| 34 | MATCH opcode qtype qname ednsdata | |
| 35 | ADJUST copy_id | |
| 36 | REPLY QR NOERROR | |
| 37 | SECTION QUESTION | |
| 38 | a.gtld-servers.net. IN AAAA | |
| 39 | SECTION AUTHORITY | |
| 40 | SECTION ADDITIONAL | |
| 41 | HEX_EDNSDATA_BEGIN | |
| 42 | ;; we expect to receive empty | |
| 43 | HEX_EDNSDATA_END | |
| 44 | ENTRY_END | |
| 45 | ||
| 46 | ENTRY_BEGIN | |
| 47 | MATCH opcode qtype qname ednsdata | |
| 48 | ADJUST copy_id | |
| 49 | REPLY QR NOERROR | |
| 50 | SECTION QUESTION | |
| 51 | www.example.com. IN A | |
| 52 | SECTION AUTHORITY | |
| 53 | com. IN NS a.gtld-servers.net. | |
| 54 | SECTION ADDITIONAL | |
| 55 | HEX_EDNSDATA_BEGIN | |
| 56 | ;; we expect to receive empty | |
| 57 | HEX_EDNSDATA_END | |
| 58 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 59 | ENTRY_END | |
| 60 | ||
| 61 | RANGE_END | |
| 62 | ||
| 63 | RANGE_BEGIN 0 100 | |
| 64 | ||
| 65 | ADDRESS 192.5.6.30 | |
| 66 | ||
| 67 | ENTRY_BEGIN | |
| 68 | MATCH opcode subdomain ednsdata | |
| 69 | ADJUST copy_id copy_query | |
| 70 | REPLY QR NOERROR | |
| 71 | SECTION QUESTION | |
| 72 | example.com. IN A | |
| 73 | SECTION AUTHORITY | |
| 74 | example.com. IN NS ns.example.com. | |
| 75 | SECTION ADDITIONAL | |
| 76 | HEX_EDNSDATA_BEGIN | |
| 77 | ;; we expect to receive empty | |
| 78 | HEX_EDNSDATA_END | |
| 79 | ns.example.com. IN A 5.0.15.10 | |
| 80 | ENTRY_END | |
| 81 | ||
| 82 | RANGE_END | |
| 83 | ||
| 84 | RANGE_BEGIN 0 100 | |
| 85 | ||
| 86 | ADDRESS 5.0.15.10 | |
| 87 | ||
| 88 | ENTRY_BEGIN | |
| 89 | MATCH opcode qtype qname ednsdata | |
| 90 | ADJUST copy_id | |
| 91 | REPLY QR NOERROR | |
| 92 | SECTION QUESTION | |
| 93 | example.com. IN NS | |
| 94 | SECTION ANSWER | |
| 95 | example.com. IN NS ns.example.com. | |
| 96 | SECTION ADDITIONAL | |
| 97 | HEX_EDNSDATA_BEGIN | |
| 98 | ;; we expect to receive empty | |
| 99 | HEX_EDNSDATA_END | |
| 100 | ns.example.com. IN A 5.0.15.10 | |
| 101 | ENTRY_END | |
| 102 | ||
| 103 | ENTRY_BEGIN | |
| 104 | MATCH opcode qtype qname ednsdata | |
| 105 | ADJUST copy_id | |
| 106 | REPLY QR NOERROR | |
| 107 | SECTION QUESTION | |
| 108 | ns.example.com. IN AAAA | |
| 109 | SECTION ANSWER | |
| 110 | SECTION ADDITIONAL | |
| 111 | HEX_EDNSDATA_BEGIN | |
| 112 | ;; we expect to receive empty | |
| 113 | HEX_EDNSDATA_END | |
| 114 | ENTRY_END | |
| 115 | ||
| 116 | ENTRY_BEGIN | |
| 117 | MATCH opcode subdomain ednsdata | |
| 118 | ADJUST copy_id copy_query | |
| 119 | REPLY QR NOERROR | |
| 120 | SECTION QUESTION | |
| 121 | www.example.com. IN A | |
| 122 | SECTION ANSWER | |
| 123 | www.example.com. IN A 4.3.2.1 | |
| 124 | SECTION ADDITIONAL | |
| 125 | HEX_EDNSDATA_BEGIN | |
| 126 | ;; we expect to receive empty | |
| 127 | HEX_EDNSDATA_END | |
| 128 | ENTRY_END | |
| 129 | ||
| 130 | RANGE_END | |
| 131 | ||
| 132 | ;; ---------------------------------------- | |
| 133 | ||
| 134 | STEP 1 QUERY | |
| 135 | ||
| 136 | ENTRY_BEGIN | |
| 137 | REPLY RD | |
| 138 | SECTION QUESTION | |
| 139 | www.example.com. IN A | |
| 140 | ENTRY_END | |
| 141 | ||
| 142 | STEP 10 CHECK_ANSWER | |
| 143 | ||
| 144 | ENTRY_BEGIN | |
| 145 | MATCH all | |
| 146 | REPLY QR RD RA NOERROR | |
| 147 | SECTION QUESTION | |
| 148 | www.example.com. IN A | |
| 149 | SECTION ANSWER | |
| 150 | www.example.com. IN A 4.3.2.1 | |
| 151 | SECTION AUTHORITY | |
| 152 | SECTION ADDITIONAL | |
| 153 | ENTRY_END | |
| 154 | ||
| 155 | SCENARIO_END |
| 0 | ; Test subnet option in combination with dnssec | |
| 1 | ||
| 2 | server: | |
| 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" | |
| 4 | val-override-date: "20070916134226" | |
| 5 | target-fetch-policy: "0 0 0 0 0" | |
| 6 | send-client-subnet: 1.2.3.4 | |
| 7 | max-client-subnet-ipv4: 17 | |
| 8 | module-config: "subnetcache validator iterator" | |
| 9 | verbosity: 3 | |
| 10 | ||
| 11 | stub-zone: | |
| 12 | name: "." | |
| 13 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 14 | CONFIG_END | |
| 15 | ||
| 16 | SCENARIO_BEGIN Test validator with positive response | |
| 17 | ||
| 18 | ; K.ROOT-SERVERS.NET. | |
| 19 | RANGE_BEGIN 0 100 | |
| 20 | ADDRESS 193.0.14.129 | |
| 21 | ENTRY_BEGIN | |
| 22 | MATCH opcode qtype qname ednsdata | |
| 23 | ADJUST copy_id | |
| 24 | REPLY QR NOERROR | |
| 25 | SECTION QUESTION | |
| 26 | . IN NS | |
| 27 | SECTION ANSWER | |
| 28 | . IN NS K.ROOT-SERVERS.NET. | |
| 29 | SECTION ADDITIONAL | |
| 30 | HEX_EDNSDATA_BEGIN | |
| 31 | ;; we expect to receive empty | |
| 32 | HEX_EDNSDATA_END | |
| 33 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 34 | ENTRY_END | |
| 35 | ||
| 36 | ENTRY_BEGIN | |
| 37 | MATCH opcode qtype qname ednsdata | |
| 38 | ADJUST copy_id | |
| 39 | REPLY QR NOERROR | |
| 40 | SECTION QUESTION | |
| 41 | www.example.com. IN A | |
| 42 | SECTION AUTHORITY | |
| 43 | com. IN NS a.gtld-servers.net. | |
| 44 | SECTION ADDITIONAL | |
| 45 | HEX_EDNSDATA_BEGIN | |
| 46 | ;; we expect to receive empty | |
| 47 | HEX_EDNSDATA_END | |
| 48 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 49 | ENTRY_END | |
| 50 | RANGE_END | |
| 51 | ||
| 52 | ; a.gtld-servers.net. | |
| 53 | RANGE_BEGIN 0 100 | |
| 54 | ADDRESS 192.5.6.30 | |
| 55 | ENTRY_BEGIN | |
| 56 | MATCH opcode qtype qname ednsdata | |
| 57 | ADJUST copy_id | |
| 58 | REPLY QR NOERROR | |
| 59 | SECTION QUESTION | |
| 60 | com. IN NS | |
| 61 | SECTION ANSWER | |
| 62 | com. IN NS a.gtld-servers.net. | |
| 63 | SECTION ADDITIONAL | |
| 64 | HEX_EDNSDATA_BEGIN | |
| 65 | ;; we expect to receive empty | |
| 66 | HEX_EDNSDATA_END | |
| 67 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 68 | ENTRY_END | |
| 69 | ||
| 70 | ENTRY_BEGIN | |
| 71 | MATCH opcode qtype qname ednsdata | |
| 72 | ADJUST copy_id | |
| 73 | REPLY QR NOERROR | |
| 74 | SECTION QUESTION | |
| 75 | www.example.com. IN A | |
| 76 | SECTION AUTHORITY | |
| 77 | example.com. IN NS ns.example.com. | |
| 78 | SECTION ADDITIONAL | |
| 79 | HEX_EDNSDATA_BEGIN | |
| 80 | ;; we expect to receive empty | |
| 81 | HEX_EDNSDATA_END | |
| 82 | ns.example.com. IN A 1.2.3.4 | |
| 83 | ENTRY_END | |
| 84 | RANGE_END | |
| 85 | ||
| 86 | ; ns.example.com. | |
| 87 | RANGE_BEGIN 0 100 | |
| 88 | ADDRESS 1.2.3.4 | |
| 89 | ENTRY_BEGIN | |
| 90 | MATCH opcode qtype qname ednsdata | |
| 91 | ADJUST copy_id | |
| 92 | REPLY QR NOERROR | |
| 93 | SECTION QUESTION | |
| 94 | example.com. IN NS | |
| 95 | SECTION ANSWER | |
| 96 | example.com. IN NS ns.example.com. | |
| 97 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 98 | SECTION ADDITIONAL | |
| 99 | HEX_EDNSDATA_BEGIN | |
| 100 | ;; we expect to receive empty | |
| 101 | HEX_EDNSDATA_END | |
| 102 | ns.example.com. IN A 1.2.3.4 | |
| 103 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 104 | ENTRY_END | |
| 105 | ||
| 106 | ; response to DNSKEY priming query | |
| 107 | ENTRY_BEGIN | |
| 108 | MATCH opcode qtype qname ednsdata | |
| 109 | ADJUST copy_id | |
| 110 | REPLY QR NOERROR | |
| 111 | SECTION QUESTION | |
| 112 | example.com. IN DNSKEY | |
| 113 | SECTION ANSWER | |
| 114 | example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} | |
| 115 | example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} | |
| 116 | SECTION AUTHORITY | |
| 117 | example.com. IN NS ns.example.com. | |
| 118 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 119 | SECTION ADDITIONAL | |
| 120 | HEX_EDNSDATA_BEGIN | |
| 121 | ;; we expect to receive empty | |
| 122 | HEX_EDNSDATA_END | |
| 123 | ns.example.com. IN A 1.2.3.4 | |
| 124 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 125 | ENTRY_END | |
| 126 | ||
| 127 | ; response to query of interest | |
| 128 | ENTRY_BEGIN | |
| 129 | MATCH opcode qtype qname ednsdata | |
| 130 | ADJUST copy_id | |
| 131 | REPLY QR NOERROR | |
| 132 | SECTION QUESTION | |
| 133 | www.example.com. IN A | |
| 134 | SECTION ANSWER | |
| 135 | www.example.com. IN A 10.20.30.40 | |
| 136 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} | |
| 137 | SECTION AUTHORITY | |
| 138 | example.com. IN NS ns.example.com. | |
| 139 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 140 | SECTION ADDITIONAL | |
| 141 | HEX_EDNSDATA_BEGIN | |
| 142 | ; client is 127.0.0.1 | |
| 143 | 00 08 ; OPC | |
| 144 | 00 07 ; option length | |
| 145 | 00 01 ; Family | |
| 146 | 11 00 ; source mask, scopemask | |
| 147 | 7f 00 00 ; address | |
| 148 | HEX_EDNSDATA_END | |
| 149 | ns.example.com. IN A 1.2.3.4 | |
| 150 | www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} | |
| 151 | ENTRY_END | |
| 152 | RANGE_END | |
| 153 | ||
| 154 | STEP 1 QUERY | |
| 155 | ENTRY_BEGIN | |
| 156 | REPLY RD DO | |
| 157 | SECTION QUESTION | |
| 158 | www.example.com. IN A | |
| 159 | ENTRY_END | |
| 160 | ||
| 161 | ; recursion happens here. | |
| 162 | STEP 10 CHECK_ANSWER | |
| 163 | ENTRY_BEGIN | |
| 164 | MATCH all ednsdata | |
| 165 | REPLY QR RD RA AD NOERROR | |
| 166 | SECTION QUESTION | |
| 167 | www.example.com. IN A | |
| 168 | SECTION ANSWER | |
| 169 | www.example.com. IN A 10.20.30.40 | |
| 170 | www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} | |
| 171 | SECTION AUTHORITY | |
| 172 | example.com. IN NS ns.example.com. | |
| 173 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 174 | SECTION ADDITIONAL | |
| 175 | HEX_EDNSDATA_BEGIN | |
| 176 | ;; we expect to receive empty | |
| 177 | HEX_EDNSDATA_END | |
| 178 | ns.example.com. IN A 1.2.3.4 | |
| 179 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} | |
| 180 | ENTRY_END | |
| 181 | ||
| 182 | SCENARIO_END |
| 0 | ; Test subnet option in combination with dnssec | |
| 1 | ; Client asks for subnet data | |
| 2 | ||
| 3 | server: | |
| 4 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" | |
| 5 | val-override-date: "20070916134226" | |
| 6 | target-fetch-policy: "0 0 0 0 0" | |
| 7 | send-client-subnet: 1.2.3.4 | |
| 8 | max-client-subnet-ipv4: 17 | |
| 9 | module-config: "subnetcache validator iterator" | |
| 10 | verbosity: 3 | |
| 11 | ||
| 12 | stub-zone: | |
| 13 | name: "." | |
| 14 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 15 | CONFIG_END | |
| 16 | ||
| 17 | SCENARIO_BEGIN Test validator with positive response | |
| 18 | ||
| 19 | ; K.ROOT-SERVERS.NET. | |
| 20 | RANGE_BEGIN 0 100 | |
| 21 | ADDRESS 193.0.14.129 | |
| 22 | ENTRY_BEGIN | |
| 23 | MATCH opcode qtype qname ednsdata | |
| 24 | ADJUST copy_id | |
| 25 | REPLY QR NOERROR | |
| 26 | SECTION QUESTION | |
| 27 | . IN NS | |
| 28 | SECTION ANSWER | |
| 29 | . IN NS K.ROOT-SERVERS.NET. | |
| 30 | SECTION ADDITIONAL | |
| 31 | HEX_EDNSDATA_BEGIN | |
| 32 | ;; we expect to receive empty | |
| 33 | HEX_EDNSDATA_END | |
| 34 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 35 | ENTRY_END | |
| 36 | ||
| 37 | ENTRY_BEGIN | |
| 38 | MATCH opcode qtype qname | |
| 39 | ADJUST copy_id | |
| 40 | REPLY QR NOERROR | |
| 41 | SECTION QUESTION | |
| 42 | www.example.com. IN A | |
| 43 | SECTION AUTHORITY | |
| 44 | com. IN NS a.gtld-servers.net. | |
| 45 | SECTION ADDITIONAL | |
| 46 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 47 | ENTRY_END | |
| 48 | RANGE_END | |
| 49 | ||
| 50 | ; a.gtld-servers.net. | |
| 51 | RANGE_BEGIN 0 100 | |
| 52 | ADDRESS 192.5.6.30 | |
| 53 | ENTRY_BEGIN | |
| 54 | MATCH opcode qtype qname ednsdata | |
| 55 | ADJUST copy_id | |
| 56 | REPLY QR NOERROR | |
| 57 | SECTION QUESTION | |
| 58 | com. IN NS | |
| 59 | SECTION ANSWER | |
| 60 | com. IN NS a.gtld-servers.net. | |
| 61 | SECTION ADDITIONAL | |
| 62 | HEX_EDNSDATA_BEGIN | |
| 63 | ;; we expect to receive empty | |
| 64 | HEX_EDNSDATA_END | |
| 65 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 66 | ENTRY_END | |
| 67 | ||
| 68 | ENTRY_BEGIN | |
| 69 | MATCH opcode qtype qname | |
| 70 | ADJUST copy_id | |
| 71 | REPLY QR NOERROR | |
| 72 | SECTION QUESTION | |
| 73 | www.example.com. IN A | |
| 74 | SECTION AUTHORITY | |
| 75 | example.com. IN NS ns.example.com. | |
| 76 | SECTION ADDITIONAL | |
| 77 | ns.example.com. IN A 1.2.3.4 | |
| 78 | ENTRY_END | |
| 79 | RANGE_END | |
| 80 | ||
| 81 | ; ns.example.com. | |
| 82 | RANGE_BEGIN 0 100 | |
| 83 | ADDRESS 1.2.3.4 | |
| 84 | ENTRY_BEGIN | |
| 85 | MATCH opcode qtype qname ednsdata | |
| 86 | ADJUST copy_id | |
| 87 | REPLY QR NOERROR | |
| 88 | SECTION QUESTION | |
| 89 | example.com. IN NS | |
| 90 | SECTION ANSWER | |
| 91 | example.com. IN NS ns.example.com. | |
| 92 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 93 | SECTION ADDITIONAL | |
| 94 | HEX_EDNSDATA_BEGIN | |
| 95 | ;; we expect to receive empty | |
| 96 | HEX_EDNSDATA_END | |
| 97 | ns.example.com. IN A 1.2.3.4 | |
| 98 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 99 | ENTRY_END | |
| 100 | ||
| 101 | ; response to DNSKEY priming query | |
| 102 | ENTRY_BEGIN | |
| 103 | MATCH opcode qtype qname ednsdata | |
| 104 | ADJUST copy_id | |
| 105 | REPLY QR NOERROR | |
| 106 | SECTION QUESTION | |
| 107 | example.com. IN DNSKEY | |
| 108 | SECTION ANSWER | |
| 109 | example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} | |
| 110 | example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} | |
| 111 | SECTION AUTHORITY | |
| 112 | example.com. IN NS ns.example.com. | |
| 113 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 114 | SECTION ADDITIONAL | |
| 115 | HEX_EDNSDATA_BEGIN | |
| 116 | ;; we expect to receive empty | |
| 117 | HEX_EDNSDATA_END | |
| 118 | ns.example.com. IN A 1.2.3.4 | |
| 119 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 120 | ENTRY_END | |
| 121 | ||
| 122 | ; response to query of interest | |
| 123 | ENTRY_BEGIN | |
| 124 | MATCH opcode qtype qname ednsdata | |
| 125 | ADJUST copy_id | |
| 126 | REPLY QR NOERROR | |
| 127 | SECTION QUESTION | |
| 128 | www.example.com. IN A | |
| 129 | SECTION ANSWER | |
| 130 | www.example.com. IN A 10.20.30.40 | |
| 131 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} | |
| 132 | SECTION AUTHORITY | |
| 133 | example.com. IN NS ns.example.com. | |
| 134 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 135 | SECTION ADDITIONAL | |
| 136 | HEX_EDNSDATA_BEGIN | |
| 137 | ; client is 127.0.0.1 | |
| 138 | 00 08 ; OPC | |
| 139 | 00 07 ; option length | |
| 140 | 00 01 ; Family | |
| 141 | 11 00 ; source mask, scopemask | |
| 142 | 7f 00 00 ; address | |
| 143 | HEX_EDNSDATA_END | |
| 144 | ns.example.com. IN A 1.2.3.4 | |
| 145 | www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} | |
| 146 | ENTRY_END | |
| 147 | RANGE_END | |
| 148 | ||
| 149 | STEP 1 QUERY | |
| 150 | ENTRY_BEGIN | |
| 151 | HEX_ANSWER_BEGIN; | |
| 152 | 00 00 01 00 00 01 00 00 ;ID 0 | |
| 153 | 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) | |
| 154 | 07 65 78 61 6d 70 6c 65 | |
| 155 | 03 63 6f 6d 00 00 01 00 | |
| 156 | 01 00 00 29 10 00 00 00 | |
| 157 | 80 00 00 0b | |
| 158 | ||
| 159 | 00 08 00 07 ; OPC, optlen | |
| 160 | 00 01 11 00 ; ip4, scope 17, source 0 | |
| 161 | 7f 00 00 ;127.0.0.0/17 | |
| 162 | HEX_ANSWER_END | |
| 163 | ENTRY_END | |
| 164 | ||
| 165 | ||
| 166 | ||
| 167 | ; recursion happens here. | |
| 168 | STEP 10 CHECK_ANSWER | |
| 169 | ENTRY_BEGIN | |
| 170 | MATCH all ednsdata | |
| 171 | REPLY QR RD RA AD NOERROR | |
| 172 | SECTION QUESTION | |
| 173 | www.example.com. IN A | |
| 174 | SECTION ANSWER | |
| 175 | www.example.com. IN A 10.20.30.40 | |
| 176 | www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} | |
| 177 | SECTION AUTHORITY | |
| 178 | example.com. IN NS ns.example.com. | |
| 179 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 180 | SECTION ADDITIONAL | |
| 181 | HEX_EDNSDATA_BEGIN | |
| 182 | ; client is 127.0.0.1 | |
| 183 | 00 08 ; OPC | |
| 184 | 00 07 ; option length | |
| 185 | 00 01 ; Family | |
| 186 | 11 00 ; source mask, scopemask | |
| 187 | 7f 00 00 ; address | |
| 188 | HEX_EDNSDATA_END | |
| 189 | ns.example.com. IN A 1.2.3.4 | |
| 190 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} | |
| 191 | ENTRY_END | |
| 192 | ||
| 193 | SCENARIO_END |
| 0 | server: | |
| 1 | send-client-subnet: 5.0.15.10 | |
| 2 | max-client-subnet-ipv4: 21 | |
| 3 | verbosity: 3 | |
| 4 | module-config: "subnetcache iterator" | |
| 5 | ||
| 6 | stub-zone: | |
| 7 | name: "." | |
| 8 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 9 | CONFIG_END | |
| 10 | ||
| 11 | SCENARIO_BEGIN Works without validator module | |
| 12 | ||
| 13 | RANGE_BEGIN 0 100 | |
| 14 | ||
| 15 | ADDRESS 193.0.14.129 | |
| 16 | ||
| 17 | ENTRY_BEGIN | |
| 18 | MATCH opcode qtype qname ednsdata | |
| 19 | ADJUST copy_id | |
| 20 | REPLY QR NOERROR | |
| 21 | SECTION QUESTION | |
| 22 | . IN NS | |
| 23 | SECTION ANSWER | |
| 24 | . IN NS K.ROOT-SERVERS.NET. | |
| 25 | SECTION ADDITIONAL | |
| 26 | HEX_EDNSDATA_BEGIN | |
| 27 | ;; we expect to receive empty | |
| 28 | HEX_EDNSDATA_END | |
| 29 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 30 | ENTRY_END | |
| 31 | ||
| 32 | ENTRY_BEGIN | |
| 33 | MATCH opcode qtype qname ednsdata | |
| 34 | ADJUST copy_id | |
| 35 | REPLY QR NOERROR | |
| 36 | SECTION QUESTION | |
| 37 | a.gtld-servers.net. IN AAAA | |
| 38 | SECTION AUTHORITY | |
| 39 | SECTION ADDITIONAL | |
| 40 | HEX_EDNSDATA_BEGIN | |
| 41 | ;; we expect to receive empty | |
| 42 | HEX_EDNSDATA_END | |
| 43 | ENTRY_END | |
| 44 | ||
| 45 | ENTRY_BEGIN | |
| 46 | MATCH opcode qtype qname ednsdata | |
| 47 | ADJUST copy_id | |
| 48 | REPLY QR NOERROR | |
| 49 | SECTION QUESTION | |
| 50 | www.example.com. IN A | |
| 51 | SECTION AUTHORITY | |
| 52 | com. IN NS a.gtld-servers.net. | |
| 53 | SECTION ADDITIONAL | |
| 54 | HEX_EDNSDATA_BEGIN | |
| 55 | ;; we expect to receive empty | |
| 56 | HEX_EDNSDATA_END | |
| 57 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 58 | ENTRY_END | |
| 59 | ||
| 60 | RANGE_END | |
| 61 | ||
| 62 | RANGE_BEGIN 0 100 | |
| 63 | ||
| 64 | ADDRESS 192.5.6.30 | |
| 65 | ||
| 66 | ENTRY_BEGIN | |
| 67 | MATCH opcode subdomain ednsdata | |
| 68 | ADJUST copy_id copy_query | |
| 69 | REPLY QR NOERROR | |
| 70 | SECTION QUESTION | |
| 71 | example.com. IN A | |
| 72 | SECTION AUTHORITY | |
| 73 | example.com. IN NS ns.example.com. | |
| 74 | SECTION ADDITIONAL | |
| 75 | HEX_EDNSDATA_BEGIN | |
| 76 | ;; we expect to receive empty | |
| 77 | HEX_EDNSDATA_END | |
| 78 | ns.example.com. IN A 5.0.15.10 | |
| 79 | ENTRY_END | |
| 80 | ||
| 81 | RANGE_END | |
| 82 | ||
| 83 | RANGE_BEGIN 0 100 | |
| 84 | ||
| 85 | ADDRESS 5.0.15.10 | |
| 86 | ||
| 87 | ENTRY_BEGIN | |
| 88 | MATCH opcode qtype qname ednsdata | |
| 89 | ADJUST copy_id | |
| 90 | REPLY QR NOERROR | |
| 91 | SECTION QUESTION | |
| 92 | example.com. IN NS | |
| 93 | SECTION ANSWER | |
| 94 | example.com. IN NS ns.example.com. | |
| 95 | SECTION ADDITIONAL | |
| 96 | HEX_EDNSDATA_BEGIN | |
| 97 | ;; we expect to receive empty | |
| 98 | HEX_EDNSDATA_END | |
| 99 | ns.example.com. IN A 5.0.15.10 | |
| 100 | ENTRY_END | |
| 101 | ||
| 102 | ENTRY_BEGIN | |
| 103 | MATCH opcode qtype qname ednsdata | |
| 104 | ADJUST copy_id | |
| 105 | REPLY QR NOERROR | |
| 106 | SECTION QUESTION | |
| 107 | ns.example.com. IN AAAA | |
| 108 | SECTION ANSWER | |
| 109 | SECTION ADDITIONAL | |
| 110 | HEX_EDNSDATA_BEGIN | |
| 111 | ;; we expect to receive empty | |
| 112 | HEX_EDNSDATA_END | |
| 113 | ENTRY_END | |
| 114 | ||
| 115 | ENTRY_BEGIN | |
| 116 | MATCH opcode subdomain ednsdata | |
| 117 | ADJUST copy_id copy_query | |
| 118 | REPLY QR NOERROR | |
| 119 | SECTION QUESTION | |
| 120 | www.example.com. IN A | |
| 121 | SECTION ANSWER | |
| 122 | www.example.com. IN A 4.3.2.1 | |
| 123 | SECTION ADDITIONAL | |
| 124 | HEX_EDNSDATA_BEGIN | |
| 125 | ; client is 127.0.0.1 | |
| 126 | 00 08 ; OPC | |
| 127 | 00 07 ; option length | |
| 128 | 00 01 ; Family | |
| 129 | 15 00 ; source mask, scopemask | |
| 130 | 7f 00 00 ; address | |
| 131 | HEX_EDNSDATA_END | |
| 132 | ENTRY_END | |
| 133 | ||
| 134 | RANGE_END | |
| 135 | ||
| 136 | ;; ---------------------------------------- | |
| 137 | ||
| 138 | STEP 1 QUERY | |
| 139 | ||
| 140 | ENTRY_BEGIN | |
| 141 | REPLY RD | |
| 142 | SECTION QUESTION | |
| 143 | www.example.com. IN A | |
| 144 | ENTRY_END | |
| 145 | ||
| 146 | STEP 10 CHECK_ANSWER | |
| 147 | ||
| 148 | ENTRY_BEGIN | |
| 149 | MATCH all | |
| 150 | REPLY QR RD RA NOERROR | |
| 151 | SECTION QUESTION | |
| 152 | www.example.com. IN A | |
| 153 | SECTION ANSWER | |
| 154 | www.example.com. IN A 4.3.2.1 | |
| 155 | SECTION AUTHORITY | |
| 156 | SECTION ADDITIONAL | |
| 157 | ENTRY_END | |
| 158 | ||
| 159 | SCENARIO_END |
| 144 | 144 | |
| 145 | 145 | example.com. 3600 IN CSYNC 66 3 A NS AAAA |
| 146 | 146 | 9fe6cbb9e933ad0b8b4fa94066474e091ee8be696c224b1c1678fcec._openpgpkey 3600 IN OPENPGPKEY \# 2221 ( 99020d044d6cf351011000ae2731a071cae66040331dcfffbc1abaea01fba2b3 341ad29f4191e1e2e47514cc595e5d3b59ebd460db81cb04e98a753dae963543 74b8c3a420364960a6c6875e66cea7216327c16996557c4d13e25e236b3714e9 32795be889e8b33a295faf6d9015474cfe9c2643603f1e91e01334011a841909 8e2fc9807285b2195cdbb1a9ae1916a26b9e33b3f91cde2f728aa133464a1099 fc2beecaf8f67ee03a999aa97be89ce4a252f804ce27a9efb7a631ca956bfa99 c51d6beca52af39a93353aac43097671074a4bb5b039eb86e99209989d5b6a4a e22b32c1605e712072926095b4640db4b4d16b54a8139048e25ef0098781e524 4222df9b6a6bf2335942527356a29e1063c5bc1297c051ab969a3e0c01fb15e2 0ea63a06b416d6c96f9794c5d80e97afb249d2b907dc46605f1001019dd62774 4bc2ad73f239cd623f945bf9922ec6ceb607ce8818455173199de1ef555bf3e8 5e9702dcab7a30e5e6c0f6827ce6d550df2ba4fa6ef2ed47bceb916aded25a72 7039a09942a0684897cdf2efc13f5169693c19da94d861be40e8b07fe853d297 8389eba876332be7db146f1ec6a957bfe39ac90514b1f870a5d899bb4e1d97af 49294ad09dede6d5a04abdc29332bbe74cf70393b626c0f4fdfef6ee2b01d8a6 a40750c446e159b44d0a783611585385ba912b771364b6eda8a69680026a6bf2 105692fd6f9a6cf19e09550011010001b42357696c6c656d20546f6f726f7020 3c77696c6c656d406e6c6e65746c6162732e6e6c3e89023e0413010200280502 4d6cf351021b23050909660180060b090807030206150802090a0b0416020301 021e01021780000a0910e5f8f8212f77a4985d5b0ffe289b97f7d8e4e5abc537 8b7d6db7c395f98c3d787e3fb598638c41e889aea40cbe5b3001d947c7184c92 9efe6ad1e32ae9acb0802823870bb149c3a7bdfbb591601d8c099b3bdd3b3ddc cb03b4d611dc741d9c49c3b5b87654a21dfb618cfe6087f172b3dc663a9f4c0d ad81476ebe5b6fd966164383bc39303a66272a3fe6a0b9a813d4e249c6b9dacf 748a49a979b3fa24036e47099e1d24ed3310cc04341e0bf3afd4e365a04cd075 b7d1dff607a3b8738abf885a7dc959251785ca626b8c9b476f44439653615437 c715b1a586236132e1f89b0e4a9d2d84e403e6733c90a96ec041d14994b19ec0 d23153bb94d9059851901353ddb60b9c42edf715af6ee4ef111e5afd56092a1f 7662a72af80f8768425324a8a7335c805a49b1c4d3dc279b69114a5c592638ff 22a963bd34d2d4bcc319972b99c197fa31c21b89e627f36ce811297ff707f53e 6c258dab407b7d618ec296317a565c2c8b740a39244d8f82095842f6f84448dc e29bb292c7e15072b00c04f2a0f4cd700f2e7348b703f74bcb8d5f4235fbd282 4f515852ea9be06255f88d81a5046d1f730e9bf103b3335f5f03d74ac2ec6581 4dd920e985b57a3b4e0c699f3103ab033ccf36a5b037b3668365484b58a4462d 79414d27170c9db4285bec72d24a9654354b996d13c14b2994f6725e36fb766d 57a79ed721c3ca248221390d7d6fa65f867fa6fa1369b9020d044d6cf3510110 00a4ece215b3f782bae8fb6c1e3fdc06d1e6242271f41b073fc7a85237788814 7b7168134e0b753c608d07308f188b9489af34f1dab1bb52fc3968d0a705c30a 35ea0226e7d2608931138d56ccf124a9236276462863a8f1c83b3a640167211d eaaadfc557ff7701cbb1d413259cf3f5b18ec6e615000bb4ab73c75b980615cf a9a7778de3bab318cc448eca044e3fdc95ac63aa2b28846d77fe190fe8fbc3a0 3ece39d38675040ff1be064410faad9fc5a8c2efe02f34cc39f3087d6b2e9346 42995fd5a9f2d3a59302c0cbe1fea01002c7eb64c8c4e5f853b5b17aebc7c722 97380b8df9ec7f32f1766b3d76e186dc582eedd5da955b7cacdb4cca69e99e9b 25d22b157a68c9f828170917709d335a000590f2be22fd7a5ed0ff2432969642 e84978428c1a3c8380bb339d21ce9cb8ce8f4d6bc102b70a56042159f26c85f7 8599f931a73fe159cf4ae34c828e66fe84f648af745b5d2b1022d514901a8e48 c1cdae82205fe21a58cab77bbc8c1dd32a94aaf4954e7695f05b7c40a395e07f 34ee0add218904fcd380bb737be2ec5b148942840c58abfa212c10ad6debb265 23aa040dad2191397deb472f0dbeeceb6afb386b7166754a47216c3629f63633 a02c5fd1c116e46c8a682a163426e556ea5c0ecdb472429c0d51bea5e583f889 e70f831251e8b31c231d2f946de8c31a6550f884ea961dfdf75a2c3e366ad48c b5001101000189022404180102000f05024d6cf351021b0c050909660180000a 0910e5f8f8212f77a498ed740ff8e1cd5baa631d75dff18a2aa27def9c416118 d178092a1c327c3cc641fd74bc976f3a1b5da52b95cfea68618b31f2aaee6f82 f30ed934eb98de0105878a4814fc811139ed4b3aa356e3c962c422f0be4d3d59 f8e9e64913964287282a6519cd0b1f3f03615aea223b276efcbc5cd4921787c1 7f70b0967aefdcc5462344399b4180efd75c1185a83d6b691e660f8210e76624 f1a87d988baf9367d26b84dcb5df8c7303c2947c4c238734addccb7970f6c192 f3f5dd5f75127e289f26b2fda0562b44a032ed45ae1fc855dca67d54125ccd36 c16f207e4389b0f4e5ff45fe60328a53b322534868ff0d3d8aca0bb0781ee1fe 62f2c0e6fc468f57ccf795ced9f2b27e3cb6d16fc417bd4ca969a364dc649ea5 c57f0325205eaa77fd9df84431c3be5329773828d0e32c0011cbb885e7131b44 b1fc5267b0b3ff125e7255c233239fc6e8c8844d613dab76833e49a7d947fae6 b3ceb35b2ddce2a0f71f384f74fecda521ae07ce3332e5eb2c79d100ad8f9ace 2a0067c1b590f61dd18ab021d66605aa745b5944d830de4c9f61dcc889354b1a 6203d918a5c2317b6d5f188d8d0cf6dab11c9578f6f41d3089871bbb2963b114 59ab0b4c4220ddafb14c20ecbacab1cec60a522ecc883bd1d539ca61cdd4933c 412fafd631d03eff23b23a4164729e32236947f622fe79a17493154e9a30b257 e3fdf97f0b2e1b8c65fc85bd98) |
| 147 | ||
| 148 | test.add.1. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480584899 300 16 lkEJsjwBeAdfv9RGs6zZrg== 15355 NOERROR 0 | |
| 149 | blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585012 300 16 k9mSMs2t5vq5FV2DvQvR6g== 59231 NOERROR 0 | |
| 150 | blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 0 0 | |
| 151 | blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0 | |
| 152 | blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0 |
| 110 | 110 | 05686F73743105626C616174026E6C00006B000100000E100018000A0B6C36342D7375626E65743105626C616174026E6C00 |
| 111 | 111 | host1.blaat.nl. 3600 IN LP 10 l64-subnet1.blaat.nl. |
| 112 | 112 | 03636161000101000100000E1000150005697373756563612E6578616D706C652E6E6574 |
| 113 | caa. 3600 IN CAA \# 21 0005697373756563612E6578616D706C652E6E6574 | |
| 113 | caa. 3600 IN CAA 0 issue "ca.example.net" | |
| 114 | 114 | 03636161000101000100000E1000220005696F6465666D61696C746F3A7365637572697479406578616D706C652E636F6D |
| 115 | caa. 3600 IN CAA \# 34 0005696F6465666D61696C746F3A7365637572697479406578616D706C652E636F6D | |
| 115 | caa. 3600 IN CAA 0 iodef "mailto:security@example.com" | |
| 116 | 116 | 03636161000101000100000E1000200005696F646566687474703A2F2F696F6465662E6578616D706C652E636F6D2F |
| 117 | caa. 3600 IN CAA \# 32 0005696F646566687474703A2F2F696F6465662E6578616D706C652E636F6D2F | |
| 117 | caa. 3600 IN CAA 0 iodef "http://iodef.example.com/" | |
| 118 | 118 | 03636161000101000100000E1000250005697373756563612E6578616D706C652E6E65743B206163636F756E743D323330313233 |
| 119 | caa. 3600 IN CAA \# 37 0005697373756563612E6578616D706C652E6E65743B206163636F756E743D323330313233 | |
| 119 | caa. 3600 IN CAA 0 issue "ca.example.net; account=230123" | |
| 120 | 120 | 03636161000101000100000E1000200005697373756563612E6578616D706C652E6E65743B20706F6C6963793D6576 |
| 121 | caa. 3600 IN CAA \# 32 0005697373756563612E6578616D706C652E6E65743B20706F6C6963793D6576 | |
| 121 | caa. 3600 IN CAA 0 issue "ca.example.net; policy=ev" | |
| 122 | 122 | 03636161000101000100000E10000C8003746273556E6B6E6F776E |
| 123 | caa. 3600 IN CAA \# 12 8003746273556E6B6E6F776E | |
| 123 | caa. 3600 IN CAA 128 tbs "Unknown" | |
| 124 | 124 | 03636161000101000100000E100046020461757468303E3039060A2B06010401D67902030106096086480165030402010420614829C81B958911F81164D40DCDBFD49D66CEB3B3442FF6C9C3A912F9497566020100 |
| 125 | caa. 3600 IN CAA \# 70 020461757468303E3039060A2B06010401D67902030106096086480165030402010420614829C81B958911F81164D40DCDBFD49D66CEB3B3442FF6C9C3A912F9497566020100 | |
| 125 | caa. 3600 IN CAA 2 auth "0>09\006\010+\006\001\004\001\214y\002\003\001\006 `\134H\001e\003\004\002\001\004 aH)\200\027\149\137\017\248\017d\212\013\205\191\212\157f\206\179\179D/\246\201\195\169\018\249Iuf\002\001\000" | |
| 126 | 126 | 05657569343800006C000100000E10000600005E90012A |
| 127 | 127 | eui48. 3600 IN EUI48 00-00-5e-90-01-2a |
| 128 | 128 | 05657569363400006D000100000E10000800005EEF0000002A |
| 177 | 177 | example.com. 3600 IN CSYNC 66 3 A NS AAAA |
| 178 | 178 | 3839666536636262396539333361643062386234666139343036363437346530393165653862653639366332323462316331363738666365630B5F6F70656E7067706B657900003D000100000E1008AD99020D044D6CF351011000AE2731A071CAE66040331DCFFFBC1ABAEA01FBA2B3341AD29F4191E1E2E47514CC595E5D3B59EBD460DB81CB04E98A753DAE96354374B8C3A420364960A6C6875E66CEA7216327C16996557C4D13E25E236B3714E932795BE889E8B33A295FAF6D9015474CFE9C2643603F1E91E01334011A8419098E2FC9807285B2195CDBB1A9AE1916A26B9E33B3F91CDE2F728AA133464A1099FC2BEECAF8F67EE03A999AA97BE89CE4A252F804CE27A9EFB7A631CA956BFA99C51D6BECA52AF39A93353AAC43097671074A4BB5B039EB86E99209989D5B6A4AE22B32C1605E712072926095B4640DB4B4D16B54A8139048E25EF0098781E5244222DF9B6A6BF2335942527356A29E1063C5BC1297C051AB969A3E0C01FB15E20EA63A06B416D6C96F9794C5D80E97AFB249D2B907DC46605F1001019DD627744BC2AD73F239CD623F945BF9922EC6CEB607CE8818455173199DE1EF555BF3E85E9702DCAB7A30E5E6C0F6827CE6D550DF2BA4FA6EF2ED47BCEB916ADED25A727039A09942A0684897CDF2EFC13F5169693C19DA94D861BE40E8B07FE853D2978389EBA876332BE7DB146F1EC6A957BFE39AC90514B1F870A5D899BB4E1D97AF49294AD09DEDE6D5A04ABDC29332BBE74CF70393B626C0F4FDFEF6EE2B01D8A6A40750C446E159B44D0A783611585385BA912B771364B6EDA8A69680026A6BF2105692FD6F9A6CF19E09550011010001B42357696C6C656D20546F6F726F70203C77696C6C656D406E6C6E65746C6162732E6E6C3E89023E04130102002805024D6CF351021B23050909660180060B090807030206150802090A0B0416020301021E01021780000A0910E5F8F8212F77A4985D5B0FFE289B97F7D8E4E5ABC5378B7D6DB7C395F98C3D787E3FB598638C41E889AEA40CBE5B3001D947C7184C929EFE6AD1E32AE9ACB0802823870BB149C3A7BDFBB591601D8C099B3BDD3B3DDCCB03B4D611DC741D9C49C3B5B87654A21DFB618CFE6087F172B3DC663A9F4C0DAD81476EBE5B6FD966164383BC39303A66272A3FE6A0B9A813D4E249C6B9DACF748A49A979B3FA24036E47099E1D24ED3310CC04341E0BF3AFD4E365A04CD075B7D1DFF607A3B8738ABF885A7DC959251785CA626B8C9B476F44439653615437C715B1A586236132E1F89B0E4A9D2D84E403E6733C90A96EC041D14994B19EC0D23153BB94D9059851901353DDB60B9C42EDF715AF6EE4EF111E5AFD56092A1F7662A72AF80F8768425324A8A7335C805A49B1C4D3DC279B69114A5C592638FF22A963BD34D2D4BCC319972B99C197FA31C21B89E627F36CE811297FF707F53E6C258DAB407B7D618EC296317A565C2C8B740A39244D8F82095842F6F84448DCE29BB292C7E15072B00C04F2A0F4CD700F2E7348B703F74BCB8D5F4235FBD2824F515852EA9BE06255F88D81A5046D1F730E9BF103B3335F5F03D74AC2EC65814DD920E985B57A3B4E0C699F3103AB033CCF36A5B037B3668365484B58A4462D79414D27170C9DB4285BEC72D24A9654354B996D13C14B2994F6725E36FB766D57A79ED721C3CA248221390D7D6FA65F867FA6FA1369B9020D044D6CF351011000A4ECE215B3F782BAE8FB6C1E3FDC06D1E6242271F41B073FC7A852377888147B7168134E0B753C608D07308F188B9489AF34F1DAB1BB52FC3968D0A705C30A35EA0226E7D2608931138D56CCF124A9236276462863A8F1C83B3A640167211DEAAADFC557FF7701CBB1D413259CF3F5B18EC6E615000BB4AB73C75B980615CFA9A7778DE3BAB318CC448ECA044E3FDC95AC63AA2B28846D77FE190FE8FBC3A03ECE39D38675040FF1BE064410FAAD9FC5A8C2EFE02F34CC39F3087D6B2E934642995FD5A9F2D3A59302C0CBE1FEA01002C7EB64C8C4E5F853B5B17AEBC7C72297380B8DF9EC7F32F1766B3D76E186DC582EEDD5DA955B7CACDB4CCA69E99E9B25D22B157A68C9F828170917709D335A000590F2BE22FD7A5ED0FF2432969642E84978428C1A3C8380BB339D21CE9CB8CE8F4D6BC102B70A56042159F26C85F78599F931A73FE159CF4AE34C828E66FE84F648AF745B5D2B1022D514901A8E48C1CDAE82205FE21A58CAB77BBC8C1DD32A94AAF4954E7695F05B7C40A395E07F34EE0ADD218904FCD380BB737BE2EC5B148942840C58ABFA212C10AD6DEBB26523AA040DAD2191397DEB472F0DBEECEB6AFB386B7166754A47216C3629F63633A02C5FD1C116E46C8A682A163426E556EA5C0ECDB472429C0D51BEA5E583F889E70F831251E8B31C231D2F946DE8C31A6550F884EA961DFDF75A2C3E366AD48CB5001101000189022404180102000F05024D6CF351021B0C050909660180000A0910E5F8F8212F77A498ED740FF8E1CD5BAA631D75DFF18A2AA27DEF9C416118D178092A1C327C3CC641FD74BC976F3A1B5DA52B95CFEA68618B31F2AAEE6F82F30ED934EB98DE0105878A4814FC811139ED4B3AA356E3C962C422F0BE4D3D59F8E9E64913964287282A6519CD0B1F3F03615AEA223B276EFCBC5CD4921787C17F70B0967AEFDCC5462344399B4180EFD75C1185A83D6B691E660F8210E76624F1A87D988BAF9367D26B84DCB5DF8C7303C2947C4C238734ADDCCB7970F6C192F3F5DD5F75127E289F26B2FDA0562B44A032ED45AE1FC855DCA67D54125CCD36C16F207E4389B0F4E5FF45FE60328A53B322534868FF0D3D8ACA0BB0781EE1FE62F2C0E6FC468F57CCF795CED9F2B27E3CB6D16FC417BD4CA969A364DC649EA5C57F0325205EAA77FD9DF84431C3BE5329773828D0E32C0011CBB885E7131B44B1FC5267B0B3FF125E7255C233239FC6E8C8844D613DAB76833E49A7D947FAE6B3CEB35B2DDCE2A0F71F384F74FECDA521AE07CE3332E5EB2C79D100AD8F9ACE2A0067C1B590F61DD18AB021D66605AA745B5944D830DE4C9F61DCC889354B1A6203D918A5C2317B6D5F188D8D0CF6DAB11C9578F6F41D3089871BBB2963B11459AB0B4C4220DDAFB14C20ECBACAB1CEC60A522ECC883BD1D539CA61CDD4933C412FAFD631D03EFF23B23A4164729E32236947F622FE79A17493154E9A30B257E3FDF97F0B2E1B8C65FC85BD98 |
| 179 | 179 | 9fe6cbb9e933ad0b8b4fa94066474e091ee8be696c224b1c1678fcec._openpgpkey. 3600 IN OPENPGPKEY mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTpMnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRaia54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZxR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXiDqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbOtgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpycDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdimpAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQABtCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAUCTWzzUQIbIwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ5fj4IS93pJhdWw/+KJuX99jk5avFN4t9bbfDlfmMPXh+P7WYY4xB6ImupAy+WzAB2UfHGEySnv5q0eMq6aywgCgjhwuxScOnvfu1kWAdjAmbO907PdzLA7TWEdx0HZxJw7W4dlSiHfthjP5gh/Fys9xmOp9MDa2BR26+W2/ZZhZDg7w5MDpmJyo/5qC5qBPU4knGudrPdIpJqXmz+iQDbkcJnh0k7TMQzAQ0Hgvzr9TjZaBM0HW30d/2B6O4c4q/iFp9yVklF4XKYmuMm0dvREOWU2FUN8cVsaWGI2Ey4fibDkqdLYTkA+ZzPJCpbsBB0UmUsZ7A0jFTu5TZBZhRkBNT3bYLnELt9xWvbuTvER5a/VYJKh92Yqcq+A+HaEJTJKinM1yAWkmxxNPcJ5tpEUpcWSY4/yKpY7000tS8wxmXK5nBl/oxwhuJ5ifzbOgRKX/3B/U+bCWNq0B7fWGOwpYxelZcLIt0CjkkTY+CCVhC9vhESNzim7KSx+FQcrAMBPKg9M1wDy5zSLcD90vLjV9CNfvSgk9RWFLqm+BiVfiNgaUEbR9zDpvxA7MzX18D10rC7GWBTdkg6YW1ejtODGmfMQOrAzzPNqWwN7Nmg2VIS1ikRi15QU0nFwydtChb7HLSSpZUNUuZbRPBSymU9nJeNvt2bVenntchw8okgiE5DX1vpl+Gf6b6E2m5Ag0ETWzzUQEQAKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgTTgt1PGCNBzCPGIuUia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7OmQBZyEd6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/claxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNGQplf1any06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124YbcWC7t1dqVW3ys20zKaememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC6El4QowaPIOAuzOdIc6cuM6PTWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+hPZIr3RbXSsQItUUkBqOSMHNroIgX+IaWMq3e7yMHdMqlKr0lU52lfBbfECjleB/NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3rsmUjqgQNrSGROX3rRy8Nvuzravs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7NtHJCnA1RvqXlg/iJ5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiQEGAECAA8FAk1s81ECGwwFCQlmAYAACgkQ5fj4IS93pJjtdA/44c1bqmMddd/xiiqife+cQWEY0XgJKhwyfDzGQf10vJdvOhtdpSuVz+poYYsx8qrub4LzDtk065jeAQWHikgU/IEROe1LOqNW48lixCLwvk09Wfjp5kkTlkKHKCplGc0LHz8DYVrqIjsnbvy8XNSSF4fBf3Cwlnrv3MVGI0Q5m0GA79dcEYWoPWtpHmYPghDnZiTxqH2Yi6+TZ9JrhNy134xzA8KUfEwjhzSt3Mt5cPbBkvP13V91En4onyay/aBWK0SgMu1Frh/IVdymfVQSXM02wW8gfkOJsPTl/0X+YDKKU7MiU0ho/w09isoLsHge4f5i8sDm/EaPV8z3lc7Z8rJ+PLbRb8QXvUypaaNk3GSepcV/AyUgXqp3/Z34RDHDvlMpdzgo0OMsABHLuIXnExtEsfxSZ7Cz/xJeclXCMyOfxujIhE1hPat2gz5Jp9lH+uazzrNbLdzioPcfOE90/s2lIa4HzjMy5essedEArY+azioAZ8G1kPYd0YqwIdZmBap0W1lE2DDeTJ9h3MiJNUsaYgPZGKXCMXttXxiNjQz22rEclXj29B0wiYcbuyljsRRZqwtMQiDdr7FMIOy6yrHOxgpSLsyIO9HVOcphzdSTPEEvr9Yx0D7/I7I6QWRynjIjaUf2Iv55oXSTFU6aMLJX4/35fwsuG4xl/IW9mA== |
| 180 | 04746573740361646401310000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FEEC3012C0010964109B23C0178075FBFD446B3ACD9AE3BFB00000000 | |
| 181 | test.add.1. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480584899 300 16 lkEJsjwBeAdfv9RGs6zZrg== 15355 NOERROR 0 | |
| 182 | 06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FEF34012C001093D99232CDADE6FAB9155D83BD0BD1EAE75F00000000 | |
| 183 | blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585012 300 16 k9mSMs2t5vq5FV2DvQvR6g== 59231 NOERROR 0 | |
| 184 | 06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583F0000012C0010B017F1D34191B3EB5F4539B8B910A3C964BF00000000 | |
| 185 | blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 NOERROR 0 | |
| 186 | 06626C61626C610000FA00FF00000000002A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0E9012C0000E92C00100000 | |
| 187 | blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0 | |
| 188 | 06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0F6012C0010EB0BE51BCDAC1151F2AAC4ED04BBD14365BC00000000 | |
| 189 | blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0 | |
| 0 | ; Signature test file | |
| 1 | ||
| 2 | ; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification. | |
| 3 | ; later entries are verified with it. | |
| 4 | ||
| 5 | ENTRY_BEGIN | |
| 6 | SECTION QUESTION | |
| 7 | example.com. IN DNSKEY | |
| 8 | SECTION ANSWER | |
| 9 | example.com. 3600 IN DNSKEY 256 3 15 +sZnc8HII6xxA9Ili5bboiKH0Ipv/Ap1aucIt/CVF2M= ;{id = 57147 (zsk), size = 256b} | |
| 10 | ENTRY_END | |
| 11 | ||
| 12 | ; entry to test | |
| 13 | ENTRY_BEGIN | |
| 14 | SECTION QUESTION | |
| 15 | www.example.com. IN A | |
| 16 | SECTION ANSWER | |
| 17 | www.example.com. 3600 IN A 10.0.0.1 | |
| 18 | www.example.com. 3600 IN RRSIG A 15 3 3600 20170627103620 20170530103620 57147 example.com. daYG6zZJ3BJwGOS4PC0tDnxssVNYoenOHocoIfx0GeXNkKHSyXF+XHgD5LKbG3ZN0dZJ/4To5eni9QXOXiR4CA== | |
| 19 | ENTRY_END | |
| 20 |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | #trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 2 | 2 | trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" |
| 3 | 3 | trust-anchor: "a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8=" |
| 4 | 4 | val-override-date: "20091113091234" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | forward-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" |
| 3 | 3 | trust-anchor: "a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8=" |
| 4 | 4 | val-override-date: "20091113091234" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | forward-zone: |
| 7 | 8 | name: "." |
| 3 | 3 | trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b" |
| 4 | 4 | val-override-date: "-1" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 5 | 5 | trust-anchor: "example.org. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" |
| 6 | 6 | val-override-date: "20070916134226" |
| 7 | 7 | target-fetch-policy: "0 0 0 0 0" |
| 8 | fake-sha1: yes | |
| 8 | 9 | |
| 9 | 10 | stub-zone: |
| 10 | 11 | name: "." |
| 2 | 2 | trust-anchor: "example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 3 | 3 | trust-anchor: "example.org. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 4 | 4 | val-override-date: "20091011000000" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | forward-zone: |
| 7 | 8 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 1 | 1 | server: |
| 2 | 2 | trust-anchor: "GOV. DS 26079 7 2 4ED5FFBC8A40262B56E1232135B929192804ACC006930D087AAB38A611C89041" |
| 3 | 3 | val-override-date: "20091113091234" |
| 4 | fake-sha1: yes | |
| 4 | 5 | |
| 5 | 6 | forward-zone: |
| 6 | 7 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 243 | 244 | STEP 10 CHECK_ANSWER |
| 244 | 245 | ENTRY_BEGIN |
| 245 | 246 | MATCH all |
| 246 | REPLY QR RD RA DO SERVFAIL | |
| 247 | REPLY QR RD RA DO YXDOMAIN | |
| 247 | 248 | SECTION QUESTION |
| 248 | 249 | www.example.com. IN A |
| 249 | 250 | SECTION ANSWER |
| 251 | example.com. IN DNAME long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef. | |
| 252 | example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854} | |
| 250 | 253 | SECTION AUTHORITY |
| 251 | 254 | SECTION ADDITIONAL |
| 252 | 255 | ENTRY_END |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 7 | harden-algo-downgrade: yes | |
| 6 | 8 | |
| 7 | 9 | stub-zone: |
| 8 | 10 | name: "." |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | 6 | fake-dsa: yes |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | 6 | fake-dsa: yes |
| 7 | fake-sha1: yes | |
| 8 | harden-algo-downgrade: yes | |
| 7 | 9 | |
| 8 | 10 | stub-zone: |
| 9 | 11 | name: "." |
| 0 | ; config options | |
| 1 | ; The island of trust is at example.com | |
| 2 | server: | |
| 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" | |
| 4 | val-override-date: "20070916134226" | |
| 5 | target-fetch-policy: "0 0 0 0 0" | |
| 6 | fake-dsa: yes | |
| 7 | fake-sha1: yes | |
| 8 | harden-algo-downgrade: no | |
| 9 | ||
| 10 | stub-zone: | |
| 11 | name: "." | |
| 12 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
| 13 | CONFIG_END | |
| 14 | ||
| 15 | SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1 lenience | |
| 16 | ||
| 17 | ; K.ROOT-SERVERS.NET. | |
| 18 | RANGE_BEGIN 0 100 | |
| 19 | ADDRESS 193.0.14.129 | |
| 20 | ENTRY_BEGIN | |
| 21 | MATCH opcode qtype qname | |
| 22 | ADJUST copy_id | |
| 23 | REPLY QR NOERROR | |
| 24 | SECTION QUESTION | |
| 25 | . IN NS | |
| 26 | SECTION ANSWER | |
| 27 | . IN NS K.ROOT-SERVERS.NET. | |
| 28 | SECTION ADDITIONAL | |
| 29 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
| 30 | ENTRY_END | |
| 31 | ||
| 32 | ENTRY_BEGIN | |
| 33 | MATCH opcode qtype qname | |
| 34 | ADJUST copy_id | |
| 35 | REPLY QR NOERROR | |
| 36 | SECTION QUESTION | |
| 37 | www.sub.example.com. IN A | |
| 38 | SECTION AUTHORITY | |
| 39 | com. IN NS a.gtld-servers.net. | |
| 40 | SECTION ADDITIONAL | |
| 41 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 42 | ENTRY_END | |
| 43 | RANGE_END | |
| 44 | ||
| 45 | ; a.gtld-servers.net. | |
| 46 | RANGE_BEGIN 0 100 | |
| 47 | ADDRESS 192.5.6.30 | |
| 48 | ENTRY_BEGIN | |
| 49 | MATCH opcode qtype qname | |
| 50 | ADJUST copy_id | |
| 51 | REPLY QR NOERROR | |
| 52 | SECTION QUESTION | |
| 53 | com. IN NS | |
| 54 | SECTION ANSWER | |
| 55 | com. IN NS a.gtld-servers.net. | |
| 56 | SECTION ADDITIONAL | |
| 57 | a.gtld-servers.net. IN A 192.5.6.30 | |
| 58 | ENTRY_END | |
| 59 | ||
| 60 | ENTRY_BEGIN | |
| 61 | MATCH opcode qtype qname | |
| 62 | ADJUST copy_id | |
| 63 | REPLY QR NOERROR | |
| 64 | SECTION QUESTION | |
| 65 | www.sub.example.com. IN A | |
| 66 | SECTION AUTHORITY | |
| 67 | example.com. IN NS ns.example.com. | |
| 68 | SECTION ADDITIONAL | |
| 69 | ns.example.com. IN A 1.2.3.4 | |
| 70 | ENTRY_END | |
| 71 | RANGE_END | |
| 72 | ||
| 73 | ; ns.example.com. | |
| 74 | RANGE_BEGIN 0 100 | |
| 75 | ADDRESS 1.2.3.4 | |
| 76 | ENTRY_BEGIN | |
| 77 | MATCH opcode qtype qname | |
| 78 | ADJUST copy_id | |
| 79 | REPLY QR NOERROR | |
| 80 | SECTION QUESTION | |
| 81 | example.com. IN NS | |
| 82 | SECTION ANSWER | |
| 83 | example.com. IN NS ns.example.com. | |
| 84 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 85 | SECTION ADDITIONAL | |
| 86 | ns.example.com. IN A 1.2.3.4 | |
| 87 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 88 | ENTRY_END | |
| 89 | ||
| 90 | ; response to DNSKEY priming query | |
| 91 | ENTRY_BEGIN | |
| 92 | MATCH opcode qtype qname | |
| 93 | ADJUST copy_id | |
| 94 | REPLY QR NOERROR | |
| 95 | SECTION QUESTION | |
| 96 | example.com. IN DNSKEY | |
| 97 | SECTION ANSWER | |
| 98 | example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} | |
| 99 | example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} | |
| 100 | SECTION AUTHORITY | |
| 101 | example.com. IN NS ns.example.com. | |
| 102 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
| 103 | SECTION ADDITIONAL | |
| 104 | ns.example.com. IN A 1.2.3.4 | |
| 105 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
| 106 | ENTRY_END | |
| 107 | ||
| 108 | ; response for delegation to sub.example.com. | |
| 109 | ENTRY_BEGIN | |
| 110 | MATCH opcode subdomain | |
| 111 | ADJUST copy_id copy_query | |
| 112 | REPLY QR NOERROR | |
| 113 | SECTION QUESTION | |
| 114 | sub.example.com. IN A | |
| 115 | SECTION ANSWER | |
| 116 | SECTION AUTHORITY | |
| 117 | sub.example.com. IN NS ns.sub.example.com. | |
| 118 | ||
| 119 | ; Downgrade attack: false SHA2, correct SHA1 | |
| 120 | ||
| 121 | ; SHA256 DS for sub.example.com. | |
| 122 | ;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033 | |
| 123 | ; BAD SHA256 DS | |
| 124 | sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000 | |
| 125 | ||
| 126 | ; SHA1 DS for sub.example.com. | |
| 127 | sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 | |
| 128 | sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854} | |
| 129 | ||
| 130 | SECTION ADDITIONAL | |
| 131 | ns.sub.example.com. IN A 1.2.3.6 | |
| 132 | ENTRY_END | |
| 133 | ||
| 134 | RANGE_END | |
| 135 | ||
| 136 | ; ns.sub.example.com. | |
| 137 | RANGE_BEGIN 0 100 | |
| 138 | ADDRESS 1.2.3.6 | |
| 139 | ENTRY_BEGIN | |
| 140 | MATCH opcode qtype qname | |
| 141 | ADJUST copy_id | |
| 142 | REPLY QR NOERROR | |
| 143 | SECTION QUESTION | |
| 144 | sub.example.com. IN NS | |
| 145 | SECTION ANSWER | |
| 146 | sub.example.com. IN NS ns.sub.example.com. | |
| 147 | sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} | |
| 148 | SECTION ADDITIONAL | |
| 149 | ns.sub.example.com. IN A 1.2.3.6 | |
| 150 | ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} | |
| 151 | ENTRY_END | |
| 152 | ||
| 153 | ; response to DNSKEY priming query | |
| 154 | ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 | |
| 155 | ENTRY_BEGIN | |
| 156 | MATCH opcode qtype qname | |
| 157 | ADJUST copy_id | |
| 158 | REPLY QR NOERROR | |
| 159 | SECTION QUESTION | |
| 160 | sub.example.com. IN DNSKEY | |
| 161 | SECTION ANSWER | |
| 162 | sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} | |
| 163 | sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} | |
| 164 | SECTION AUTHORITY | |
| 165 | sub.example.com. IN NS ns.sub.example.com. | |
| 166 | sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} | |
| 167 | SECTION ADDITIONAL | |
| 168 | ns.sub.example.com. IN A 1.2.3.6 | |
| 169 | ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} | |
| 170 | ENTRY_END | |
| 171 | ||
| 172 | ; response to query of interest | |
| 173 | ENTRY_BEGIN | |
| 174 | MATCH opcode qtype qname | |
| 175 | ADJUST copy_id | |
| 176 | REPLY QR NOERROR | |
| 177 | SECTION QUESTION | |
| 178 | www.sub.example.com. IN A | |
| 179 | SECTION ANSWER | |
| 180 | www.sub.example.com. IN A 11.11.11.11 | |
| 181 | www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} | |
| 182 | SECTION AUTHORITY | |
| 183 | SECTION ADDITIONAL | |
| 184 | ENTRY_END | |
| 185 | ||
| 186 | ENTRY_BEGIN | |
| 187 | MATCH opcode qtype qname | |
| 188 | ADJUST copy_id | |
| 189 | REPLY QR AA REFUSED | |
| 190 | SECTION QUESTION | |
| 191 | ns.sub.example.com. IN A | |
| 192 | ENTRY_END | |
| 193 | ||
| 194 | ENTRY_BEGIN | |
| 195 | MATCH opcode qtype qname | |
| 196 | ADJUST copy_id | |
| 197 | REPLY QR AA REFUSED | |
| 198 | SECTION QUESTION | |
| 199 | ns.sub.example.com. IN AAAA | |
| 200 | ENTRY_END | |
| 201 | ||
| 202 | RANGE_END | |
| 203 | ||
| 204 | STEP 1 QUERY | |
| 205 | ENTRY_BEGIN | |
| 206 | REPLY RD DO | |
| 207 | SECTION QUESTION | |
| 208 | www.sub.example.com. IN A | |
| 209 | ENTRY_END | |
| 210 | ||
| 211 | ; recursion happens here. | |
| 212 | ; must servfail, BOGUS | |
| 213 | STEP 10 CHECK_ANSWER | |
| 214 | ENTRY_BEGIN | |
| 215 | MATCH all | |
| 216 | REPLY QR RD RA AD DO NOERROR | |
| 217 | SECTION QUESTION | |
| 218 | www.sub.example.com. IN A | |
| 219 | SECTION ANSWER | |
| 220 | www.sub.example.com. 3600 IN A 11.11.11.11 | |
| 221 | www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} | |
| 222 | SECTION AUTHORITY | |
| 223 | SECTION ADDITIONAL | |
| 224 | ENTRY_END | |
| 225 | ||
| 226 | SCENARIO_END |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | 6 | # test that default value of harden-dnssec-stripped is still yes. |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | harden-dnssec-stripped: no |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | 6 | prefetch-key: yes |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | 6 | prefetch-key: yes |
| 7 | 7 | prefetch: yes |
| 8 | fake-sha1: yes | |
| 8 | 9 | |
| 9 | 10 | stub-zone: |
| 10 | 11 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. IN DS 29332 8 2 751f8b755718a7b4ef8920a4b42407520889c3d2142a64f6ffad9e12fa9fc262" |
| 4 | 4 | val-override-date: "20140301134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm 3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 2 | 2 | trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" |
| 3 | 3 | val-override-date: "20120420235959" |
| 4 | 4 | target-fetch-policy: "0 0 0 0 0" |
| 5 | fake-sha1: yes | |
| 5 | 6 | |
| 6 | 7 | stub-zone: |
| 7 | 8 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b" |
| 4 | 4 | val-override-date: "-1" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | val-nsec3-keysize-iterations: "1024 100 2048 200 4096 500" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. DS 57024 7 1 46d134be319b2cc910b9938f1cb25dc41abb27bf" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | access-control: 127.0.0.1 allow_snoop |
| 7 | 7 | target-fetch-policy: "0 0 0 0 0" |
| 8 | fake-sha1: yes | |
| 8 | 9 | |
| 9 | 10 | stub-zone: |
| 10 | 11 | name: "." |
| 5 | 5 | harden-referral-path: no |
| 6 | 6 | access-control: 127.0.0.1 allow_snoop |
| 7 | 7 | target-fetch-policy: "0 0 0 0 0" |
| 8 | fake-sha1: yes | |
| 8 | 9 | |
| 9 | 10 | stub-zone: |
| 10 | 11 | name: "." |
| 5 | 5 | directory: "" |
| 6 | 6 | access-control: 127.0.0.1 allow_snoop |
| 7 | 7 | target-fetch-policy: "0 0 0 0 0" |
| 8 | fake-sha1: yes | |
| 8 | 9 | |
| 9 | 10 | stub-zone: |
| 10 | 11 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | val-override-date: "20100913111500" |
| 5 | 5 | ; the dlv anchor is completely ignored, but here to test that. |
| 6 | 6 | dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 4 | 4 | trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | fake-sha1: yes | |
| 7 | 8 | |
| 8 | 9 | stub-zone: |
| 9 | 10 | name: "." |
| 5 | 5 | val-override-date: "20070916134226" |
| 6 | 6 | target-fetch-policy: "0 0 0 0 0" |
| 7 | 7 | harden-algo-downgrade: no |
| 8 | fake-sha1: yes | |
| 8 | 9 | |
| 9 | 10 | stub-zone: |
| 10 | 11 | name: "." |
| 6 | 6 | val-override-date: "20070916134226" |
| 7 | 7 | target-fetch-policy: "0 0 0 0 0" |
| 8 | 8 | harden-algo-downgrade: yes |
| 9 | fake-sha1: yes | |
| 9 | 10 | |
| 10 | 11 | stub-zone: |
| 11 | 12 | name: "." |
| 6 | 6 | val-override-date: "20070916134226" |
| 7 | 7 | target-fetch-policy: "0 0 0 0 0" |
| 8 | 8 | harden-algo-downgrade: no |
| 9 | fake-sha1: yes | |
| 9 | 10 | |
| 10 | 11 | stub-zone: |
| 11 | 12 | name: "." |
| 1 | 1 | server: |
| 2 | 2 | trust-anchor: "ORG. DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2" |
| 3 | 3 | val-override-date: "20091116100204" |
| 4 | fake-sha1: yes | |
| 4 | 5 | |
| 5 | 6 | forward-zone: |
| 6 | 7 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 208 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 3 | 3 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 4 | 4 | val-override-date: "20070916134226" |
| 5 | 5 | target-fetch-policy: "0 0 0 0 0" |
| 6 | fake-sha1: yes | |
| 6 | 7 | |
| 7 | 8 | stub-zone: |
| 8 | 9 | name: "." |
| 51 | 51 | |
| 52 | 52 | /** setup new special type */ |
| 53 | 53 | static void |
| 54 | alloc_setup_special(alloc_special_t* t) | |
| 54 | alloc_setup_special(alloc_special_type* t) | |
| 55 | 55 | { |
| 56 | 56 | memset(t, 0, sizeof(*t)); |
| 57 | 57 | lock_rw_init(&t->entry.lock); |
| 65 | 65 | static void |
| 66 | 66 | prealloc_setup(struct alloc_cache* alloc) |
| 67 | 67 | { |
| 68 | alloc_special_t* p; | |
| 68 | alloc_special_type* p; | |
| 69 | 69 | int i; |
| 70 | 70 | for(i=0; i<ALLOC_SPECIAL_MAX; i++) { |
| 71 | if(!(p = (alloc_special_t*)malloc(sizeof(alloc_special_t)))) { | |
| 71 | if(!(p = (alloc_special_type*)malloc( | |
| 72 | sizeof(alloc_special_type)))) { | |
| 72 | 73 | log_err("prealloc: out of memory"); |
| 73 | 74 | return; |
| 74 | 75 | } |
| 127 | 128 | void |
| 128 | 129 | alloc_clear(struct alloc_cache* alloc) |
| 129 | 130 | { |
| 130 | alloc_special_t* p, *np; | |
| 131 | alloc_special_type* p, *np; | |
| 131 | 132 | struct regional* r, *nr; |
| 132 | 133 | if(!alloc) |
| 133 | 134 | return; |
| 186 | 187 | return id; |
| 187 | 188 | } |
| 188 | 189 | |
| 189 | alloc_special_t* | |
| 190 | alloc_special_type* | |
| 190 | 191 | alloc_special_obtain(struct alloc_cache* alloc) |
| 191 | 192 | { |
| 192 | alloc_special_t* p; | |
| 193 | alloc_special_type* p; | |
| 193 | 194 | log_assert(alloc); |
| 194 | 195 | /* see if in local cache */ |
| 195 | 196 | if(alloc->quar) { |
| 216 | 217 | } |
| 217 | 218 | /* allocate new */ |
| 218 | 219 | prealloc_setup(alloc); |
| 219 | if(!(p = (alloc_special_t*)malloc(sizeof(alloc_special_t)))) { | |
| 220 | if(!(p = (alloc_special_type*)malloc(sizeof(alloc_special_type)))) { | |
| 220 | 221 | log_err("alloc_special_obtain: out of memory"); |
| 221 | 222 | return NULL; |
| 222 | 223 | } |
| 227 | 228 | |
| 228 | 229 | /** push mem and some more items to the super */ |
| 229 | 230 | static void |
| 230 | pushintosuper(struct alloc_cache* alloc, alloc_special_t* mem) | |
| 231 | pushintosuper(struct alloc_cache* alloc, alloc_special_type* mem) | |
| 231 | 232 | { |
| 232 | 233 | int i; |
| 233 | alloc_special_t *p = alloc->quar; | |
| 234 | alloc_special_type *p = alloc->quar; | |
| 234 | 235 | log_assert(p); |
| 235 | 236 | log_assert(alloc && alloc->super && |
| 236 | 237 | alloc->num_quar >= ALLOC_SPECIAL_MAX); |
| 252 | 253 | } |
| 253 | 254 | |
| 254 | 255 | void |
| 255 | alloc_special_release(struct alloc_cache* alloc, alloc_special_t* mem) | |
| 256 | alloc_special_release(struct alloc_cache* alloc, alloc_special_type* mem) | |
| 256 | 257 | { |
| 257 | 258 | log_assert(alloc); |
| 258 | 259 | if(!mem) |
| 285 | 286 | |
| 286 | 287 | size_t alloc_get_mem(struct alloc_cache* alloc) |
| 287 | 288 | { |
| 288 | alloc_special_t* p; | |
| 289 | alloc_special_type* p; | |
| 289 | 290 | size_t s = sizeof(*alloc); |
| 290 | 291 | if(!alloc->super) { |
| 291 | 292 | lock_quick_lock(&alloc->lock); /* superalloc needs locking */ |
| 292 | 293 | } |
| 293 | s += sizeof(alloc_special_t) * alloc->num_quar; | |
| 294 | s += sizeof(alloc_special_type) * alloc->num_quar; | |
| 294 | 295 | for(p = alloc->quar; p; p = alloc_special_next(p)) { |
| 295 | 296 | s += lock_get_mem(&p->entry.lock); |
| 296 | 297 | } |
| 52 | 52 | struct regional; |
| 53 | 53 | |
| 54 | 54 | /** The special type, packed rrset. Not allowed to be used for other memory */ |
| 55 | typedef struct ub_packed_rrset_key alloc_special_t; | |
| 55 | typedef struct ub_packed_rrset_key alloc_special_type; | |
| 56 | 56 | /** clean the special type. Pass pointer. */ |
| 57 | 57 | #define alloc_special_clean(x) (x)->id = 0; |
| 58 | 58 | /** access next pointer. (in available spot). Pass pointer. */ |
| 59 | #define alloc_special_next(x) ((alloc_special_t*)((x)->entry.overflow_next)) | |
| 59 | #define alloc_special_next(x) ((alloc_special_type*)((x)->entry.overflow_next)) | |
| 60 | 60 | /** set next pointer. (in available spot). Pass pointers. */ |
| 61 | 61 | #define alloc_set_special_next(x, y) \ |
| 62 | 62 | ((x)->entry.overflow_next) = (struct lruhash_entry*)(y); |
| 70 | 70 | */ |
| 71 | 71 | struct alloc_cache { |
| 72 | 72 | /** lock, only used for the super. */ |
| 73 | lock_quick_t lock; | |
| 73 | lock_quick_type lock; | |
| 74 | 74 | /** global allocator above this one. NULL for none (malloc/free) */ |
| 75 | 75 | struct alloc_cache* super; |
| 76 | 76 | /** singly linked lists of special type. These are free for use. */ |
| 77 | alloc_special_t* quar; | |
| 77 | alloc_special_type* quar; | |
| 78 | 78 | /** number of items in quarantine. */ |
| 79 | 79 | size_t num_quar; |
| 80 | 80 | /** thread number for id creation */ |
| 115 | 115 | void alloc_clear(struct alloc_cache* alloc); |
| 116 | 116 | |
| 117 | 117 | /** |
| 118 | * Get a new special_t element. | |
| 118 | * Get a new special_type element. | |
| 119 | 119 | * @param alloc: where to alloc it. |
| 120 | 120 | * @return: memory block. Will not return NULL (instead fatal_exit). |
| 121 | 121 | * The block is zeroed. |
| 122 | 122 | */ |
| 123 | alloc_special_t* alloc_special_obtain(struct alloc_cache* alloc); | |
| 124 | ||
| 125 | /** | |
| 126 | * Return special_t back to pool. | |
| 123 | alloc_special_type* alloc_special_obtain(struct alloc_cache* alloc); | |
| 124 | ||
| 125 | /** | |
| 126 | * Return special_type back to pool. | |
| 127 | 127 | * The block is cleaned up (zeroed) which also invalidates the ID inside. |
| 128 | 128 | * @param alloc: where to alloc it. |
| 129 | 129 | * @param mem: block to free. |
| 130 | 130 | */ |
| 131 | void alloc_special_release(struct alloc_cache* alloc, alloc_special_t* mem); | |
| 131 | void alloc_special_release(struct alloc_cache* alloc, alloc_special_type* mem); | |
| 132 | 132 | |
| 133 | 133 | /** |
| 134 | 134 | * Set ID number of special type to a fresh new ID number. |
| 61 | 61 | #ifdef HAVE_GLOB_H |
| 62 | 62 | # include <glob.h> |
| 63 | 63 | #endif |
| 64 | #ifdef CLIENT_SUBNET | |
| 65 | #include "edns-subnet/edns-subnet.h" | |
| 66 | #endif | |
| 64 | 67 | #ifdef HAVE_PWD_H |
| 65 | 68 | #include <pwd.h> |
| 66 | 69 | #endif |
| 107 | 110 | cfg->log_identity = NULL; /* changed later with argv[0] */ |
| 108 | 111 | cfg->log_time_ascii = 0; |
| 109 | 112 | cfg->log_queries = 0; |
| 113 | cfg->log_replies = 0; | |
| 110 | 114 | #ifndef USE_WINSOCK |
| 111 | 115 | # ifdef USE_MINI_EVENT |
| 112 | 116 | /* select max 1024 sockets */ |
| 157 | 161 | cfg->donotqueryaddrs = NULL; |
| 158 | 162 | cfg->donotquery_localhost = 1; |
| 159 | 163 | cfg->root_hints = NULL; |
| 164 | cfg->use_systemd = 0; | |
| 160 | 165 | cfg->do_daemonize = 1; |
| 161 | 166 | cfg->if_automatic = 0; |
| 162 | 167 | cfg->so_rcvbuf = 0; |
| 170 | 175 | cfg->out_ifs = NULL; |
| 171 | 176 | cfg->stubs = NULL; |
| 172 | 177 | cfg->forwards = NULL; |
| 178 | #ifdef CLIENT_SUBNET | |
| 179 | cfg->client_subnet = NULL; | |
| 180 | cfg->client_subnet_zone = NULL; | |
| 181 | cfg->client_subnet_opcode = LDNS_EDNS_CLIENT_SUBNET; | |
| 182 | cfg->client_subnet_always_forward = 0; | |
| 183 | cfg->max_client_subnet_ipv4 = 24; | |
| 184 | cfg->max_client_subnet_ipv6 = 56; | |
| 185 | #endif | |
| 173 | 186 | cfg->views = NULL; |
| 174 | 187 | cfg->acls = NULL; |
| 175 | 188 | cfg->harden_short_bufsize = 0; |
| 186 | 199 | cfg->unwanted_threshold = 0; |
| 187 | 200 | cfg->hide_identity = 0; |
| 188 | 201 | cfg->hide_version = 0; |
| 202 | cfg->hide_trustanchor = 0; | |
| 189 | 203 | cfg->identity = NULL; |
| 190 | 204 | cfg->version = NULL; |
| 191 | 205 | cfg->auto_trust_anchor_file_list = NULL; |
| 192 | 206 | cfg->trust_anchor_file_list = NULL; |
| 193 | 207 | cfg->trust_anchor_list = NULL; |
| 194 | 208 | cfg->trusted_keys_file_list = NULL; |
| 209 | cfg->trust_anchor_signaling = 0; | |
| 195 | 210 | cfg->dlv_anchor_file = NULL; |
| 196 | 211 | cfg->dlv_anchor_list = NULL; |
| 197 | 212 | cfg->domain_insecure = NULL; |
| 213 | 228 | cfg->neg_cache_size = 1 * 1024 * 1024; |
| 214 | 229 | cfg->local_zones = NULL; |
| 215 | 230 | cfg->local_zones_nodefault = NULL; |
| 231 | cfg->local_zones_disable_default = 0; | |
| 216 | 232 | cfg->local_data = NULL; |
| 217 | 233 | cfg->local_zone_overrides = NULL; |
| 218 | 234 | cfg->unblock_lan_zones = 0; |
| 234 | 250 | if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) |
| 235 | 251 | goto error_exit; |
| 236 | 252 | |
| 253 | #ifdef CLIENT_SUBNET | |
| 254 | if(!(cfg->module_conf = strdup("subnetcache validator iterator"))) goto error_exit; | |
| 255 | #else | |
| 237 | 256 | if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; |
| 257 | #endif | |
| 238 | 258 | if(!(cfg->val_nsec3_key_iterations = |
| 239 | 259 | strdup("1024 150 2048 500 4096 2500"))) goto error_exit; |
| 240 | 260 | #if defined(DNSTAP_SOCKET_PATH) |
| 242 | 262 | goto error_exit; |
| 243 | 263 | #endif |
| 244 | 264 | cfg->disable_dnssec_lame_check = 0; |
| 265 | cfg->ip_ratelimit = 0; | |
| 245 | 266 | cfg->ratelimit = 0; |
| 267 | cfg->ip_ratelimit_slabs = 4; | |
| 246 | 268 | cfg->ratelimit_slabs = 4; |
| 269 | cfg->ip_ratelimit_size = 4*1024*1024; | |
| 247 | 270 | cfg->ratelimit_size = 4*1024*1024; |
| 248 | 271 | cfg->ratelimit_for_domain = NULL; |
| 249 | 272 | cfg->ratelimit_below_domain = NULL; |
| 273 | cfg->ip_ratelimit_factor = 10; | |
| 250 | 274 | cfg->ratelimit_factor = 10; |
| 251 | 275 | cfg->qname_minimisation = 0; |
| 252 | 276 | cfg->qname_minimisation_strict = 0; |
| 277 | cfg->shm_enable = 0; | |
| 278 | cfg->shm_key = 11777; | |
| 279 | cfg->dnscrypt = 0; | |
| 280 | cfg->dnscrypt_port = 0; | |
| 281 | cfg->dnscrypt_provider = NULL; | |
| 282 | cfg->dnscrypt_provider_cert = NULL; | |
| 283 | cfg->dnscrypt_secret_key = NULL; | |
| 284 | #ifdef USE_IPSECMOD | |
| 285 | cfg->ipsecmod_enabled = 1; | |
| 286 | cfg->ipsecmod_ignore_bogus = 0; | |
| 287 | cfg->ipsecmod_hook = NULL; | |
| 288 | cfg->ipsecmod_max_ttl = 3600; | |
| 289 | cfg->ipsecmod_whitelist = NULL; | |
| 290 | cfg->ipsecmod_strict = 0; | |
| 291 | #endif | |
| 253 | 292 | return cfg; |
| 254 | 293 | error_exit: |
| 255 | 294 | config_delete(cfg); |
| 373 | 412 | else S_STR("log-identity:", log_identity) |
| 374 | 413 | else S_YNO("extended-statistics:", stat_extended) |
| 375 | 414 | else S_YNO("statistics-cumulative:", stat_cumulative) |
| 415 | else S_YNO("shm-enable:", shm_enable) | |
| 416 | else S_NUMBER_OR_ZERO("shm-key:", shm_key) | |
| 376 | 417 | else S_YNO("do-ip4:", do_ip4) |
| 377 | 418 | else S_YNO("do-ip6:", do_ip6) |
| 378 | 419 | else S_YNO("do-udp:", do_udp) |
| 385 | 426 | else S_STR("ssl-service-pem:", ssl_service_pem) |
| 386 | 427 | else S_NUMBER_NONZERO("ssl-port:", ssl_port) |
| 387 | 428 | else S_YNO("interface-automatic:", if_automatic) |
| 429 | else S_YNO("use-systemd:", use_systemd) | |
| 388 | 430 | else S_YNO("do-daemonize:", do_daemonize) |
| 389 | 431 | else S_NUMBER_NONZERO("port:", port) |
| 390 | 432 | else S_NUMBER_NONZERO("outgoing-range:", outgoing_num_ports) |
| 425 | 467 | else S_STR("pidfile:", pidfile) |
| 426 | 468 | else S_YNO("hide-identity:", hide_identity) |
| 427 | 469 | else S_YNO("hide-version:", hide_version) |
| 470 | else S_YNO("hide-trustanchor:", hide_trustanchor) | |
| 428 | 471 | else S_STR("identity:", identity) |
| 429 | 472 | else S_STR("version:", version) |
| 430 | 473 | else S_STRLIST("root-hints:", root_hints) |
| 447 | 490 | else S_STRLIST("trust-anchor-file:", trust_anchor_file_list) |
| 448 | 491 | else S_STRLIST("trust-anchor:", trust_anchor_list) |
| 449 | 492 | else S_STRLIST("trusted-keys-file:", trusted_keys_file_list) |
| 493 | else S_YNO("trust-anchor-signaling:", trust_anchor_signaling) | |
| 450 | 494 | else S_STR("dlv-anchor-file:", dlv_anchor_file) |
| 451 | 495 | else S_STRLIST("dlv-anchor:", dlv_anchor_list) |
| 452 | 496 | else S_STRLIST("domain-insecure:", domain_insecure) |
| 455 | 499 | else S_NUMBER_OR_ZERO("val-log-level:", val_log_level) |
| 456 | 500 | else S_YNO("val-log-squelch:", val_log_squelch) |
| 457 | 501 | else S_YNO("log-queries:", log_queries) |
| 502 | else S_YNO("log-replies:", log_replies) | |
| 458 | 503 | else S_YNO("val-permissive-mode:", val_permissive_mode) |
| 459 | 504 | else S_YNO("ignore-cd-flag:", ignore_cd) |
| 460 | 505 | else S_YNO("serve-expired:", serve_expired) |
| 483 | 528 | else S_STR("module-config:", module_conf) |
| 484 | 529 | else S_STR("python-script:", python_script) |
| 485 | 530 | else S_YNO("disable-dnssec-lame-check:", disable_dnssec_lame_check) |
| 531 | #ifdef CLIENT_SUBNET | |
| 532 | /* Can't set max subnet prefix here, since that value is used when | |
| 533 | * generating the address tree. */ | |
| 534 | /* No client-subnet-always-forward here, module registration depends on | |
| 535 | * this option. */ | |
| 536 | #endif | |
| 537 | #ifdef USE_DNSTAP | |
| 538 | else S_YNO("dnstap-enable:", dnstap) | |
| 539 | else S_STR("dnstap-socket-path:", dnstap_socket_path) | |
| 540 | else S_YNO("dnstap-send-identity:", dnstap_send_identity) | |
| 541 | else S_YNO("dnstap-send-version:", dnstap_send_version) | |
| 542 | else S_STR("dnstap-identity:", dnstap_identity) | |
| 543 | else S_STR("dnstap-version:", dnstap_version) | |
| 544 | else S_YNO("dnstap-log-resolver-query-messages:", | |
| 545 | dnstap_log_resolver_query_messages) | |
| 546 | else S_YNO("dnstap-log-resolver-response-messages:", | |
| 547 | dnstap_log_resolver_response_messages) | |
| 548 | else S_YNO("dnstap-log-client-query-messages:", | |
| 549 | dnstap_log_client_query_messages) | |
| 550 | else S_YNO("dnstap-log-client-response-messages:", | |
| 551 | dnstap_log_client_response_messages) | |
| 552 | else S_YNO("dnstap-log-forwarder-query-messages:", | |
| 553 | dnstap_log_forwarder_query_messages) | |
| 554 | else S_YNO("dnstap-log-forwarder-response-messages:", | |
| 555 | dnstap_log_forwarder_response_messages) | |
| 556 | #endif | |
| 557 | #ifdef USE_DNSCRYPT | |
| 558 | else S_YNO("dnscrypt-enable:", dnscrypt) | |
| 559 | else S_NUMBER_NONZERO("dnscrypt-port:", dnscrypt_port) | |
| 560 | else S_STR("dnscrypt-provider:", dnscrypt_provider) | |
| 561 | else S_STRLIST("dnscrypt-provider-cert:", dnscrypt_provider_cert) | |
| 562 | else S_STRLIST("dnscrypt-secret-key:", dnscrypt_secret_key) | |
| 563 | #endif | |
| 564 | else if(strcmp(opt, "ip-ratelimit:") == 0) { | |
| 565 | IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val); | |
| 566 | infra_ip_ratelimit=cfg->ip_ratelimit; | |
| 567 | } | |
| 486 | 568 | else if(strcmp(opt, "ratelimit:") == 0) { |
| 487 | 569 | IS_NUMBER_OR_ZERO; cfg->ratelimit = atoi(val); |
| 488 | 570 | infra_dp_ratelimit=cfg->ratelimit; |
| 489 | 571 | } |
| 572 | else S_MEMSIZE("ip-ratelimit-size:", ip_ratelimit_size) | |
| 490 | 573 | else S_MEMSIZE("ratelimit-size:", ratelimit_size) |
| 574 | else S_POW2("ip-ratelimit-slabs:", ip_ratelimit_slabs) | |
| 491 | 575 | else S_POW2("ratelimit-slabs:", ratelimit_slabs) |
| 576 | else S_NUMBER_OR_ZERO("ip-ratelimit-factor:", ip_ratelimit_factor) | |
| 492 | 577 | else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor) |
| 493 | 578 | else S_YNO("qname-minimisation:", qname_minimisation) |
| 494 | 579 | else S_YNO("qname-minimisation-strict:", qname_minimisation_strict) |
| 580 | #ifdef USE_IPSECMOD | |
| 581 | else S_YNO("ipsecmod-enabled:", ipsecmod_enabled) | |
| 582 | else S_YNO("ipsecmod-ignore-bogus:", ipsecmod_ignore_bogus) | |
| 583 | else if(strcmp(opt, "ipsecmod-max-ttl:") == 0) | |
| 584 | { IS_NUMBER_OR_ZERO; cfg->ipsecmod_max_ttl = atoi(val); } | |
| 585 | else S_YNO("ipsecmod-strict:", ipsecmod_strict) | |
| 586 | #endif | |
| 495 | 587 | else if(strcmp(opt, "define-tag:") ==0) { |
| 496 | 588 | return config_add_tag(cfg, val); |
| 497 | 589 | /* val_sig_skew_min and max are copied into val_env during init, |
| 513 | 605 | cfg->out_ifs = oi; |
| 514 | 606 | } else { |
| 515 | 607 | /* unknown or unsupported (from the set_option interface): |
| 516 | * interface, outgoing-interface, access-control, | |
| 608 | * interface, outgoing-interface, access-control, | |
| 517 | 609 | * stub-zone, name, stub-addr, stub-host, stub-prime |
| 518 | 610 | * forward-first, stub-first, forward-ssl-upstream, |
| 519 | 611 | * stub-ssl-upstream, forward-zone, |
| 520 | 612 | * name, forward-addr, forward-host, |
| 521 | 613 | * ratelimit-for-domain, ratelimit-below-domain, |
| 522 | * local-zone-tag, access-control-view */ | |
| 614 | * local-zone-tag, access-control-view, | |
| 615 | * send-client-subnet, client-subnet-always-forward, | |
| 616 | * max-client-subnet-ipv4, max-client-subnet-ipv6, ipsecmod_hook, | |
| 617 | * ipsecmod_whitelist. */ | |
| 523 | 618 | return 0; |
| 524 | 619 | } |
| 525 | 620 | return 1; |
| 681 | 776 | else O_DEC(opt, "statistics-interval", stat_interval) |
| 682 | 777 | else O_YNO(opt, "statistics-cumulative", stat_cumulative) |
| 683 | 778 | else O_YNO(opt, "extended-statistics", stat_extended) |
| 779 | else O_YNO(opt, "shm-enable", shm_enable) | |
| 780 | else O_DEC(opt, "shm-key", shm_key) | |
| 684 | 781 | else O_YNO(opt, "use-syslog", use_syslog) |
| 685 | 782 | else O_STR(opt, "log-identity", log_identity) |
| 686 | 783 | else O_YNO(opt, "log-time-ascii", log_time_ascii) |
| 726 | 823 | else O_STR(opt, "ssl-service-key", ssl_service_key) |
| 727 | 824 | else O_STR(opt, "ssl-service-pem", ssl_service_pem) |
| 728 | 825 | else O_DEC(opt, "ssl-port", ssl_port) |
| 826 | else O_YNO(opt, "use-systemd", use_systemd) | |
| 729 | 827 | else O_YNO(opt, "do-daemonize", do_daemonize) |
| 730 | 828 | else O_STR(opt, "chroot", chrootdir) |
| 731 | 829 | else O_STR(opt, "username", username) |
| 732 | 830 | else O_STR(opt, "directory", directory) |
| 733 | 831 | else O_STR(opt, "logfile", logfile) |
| 734 | 832 | else O_YNO(opt, "log-queries", log_queries) |
| 833 | else O_YNO(opt, "log-replies", log_replies) | |
| 735 | 834 | else O_STR(opt, "pidfile", pidfile) |
| 736 | 835 | else O_YNO(opt, "hide-identity", hide_identity) |
| 737 | 836 | else O_YNO(opt, "hide-version", hide_version) |
| 837 | else O_YNO(opt, "hide-trustanchor", hide_trustanchor) | |
| 738 | 838 | else O_STR(opt, "identity", identity) |
| 739 | 839 | else O_STR(opt, "version", version) |
| 740 | 840 | else O_STR(opt, "target-fetch-policy", target_fetch_policy) |
| 780 | 880 | else O_LST(opt, "trust-anchor-file", trust_anchor_file_list) |
| 781 | 881 | else O_LST(opt, "trust-anchor", trust_anchor_list) |
| 782 | 882 | else O_LST(opt, "trusted-keys-file", trusted_keys_file_list) |
| 883 | else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling) | |
| 783 | 884 | else O_LST(opt, "dlv-anchor", dlv_anchor_list) |
| 784 | 885 | else O_LST(opt, "control-interface", control_ifs) |
| 785 | 886 | else O_LST(opt, "domain-insecure", domain_insecure) |
| 786 | 887 | else O_UNS(opt, "val-override-date", val_date_override) |
| 787 | 888 | else O_YNO(opt, "minimal-responses", minimal_responses) |
| 788 | 889 | else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin) |
| 890 | #ifdef CLIENT_SUBNET | |
| 891 | else O_LST(opt, "send-client-subnet", client_subnet) | |
| 892 | else O_LST(opt, "client-subnet-zone", client_subnet_zone) | |
| 893 | else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4) | |
| 894 | else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6) | |
| 895 | else O_YNO(opt, "client-subnet-always-forward:", | |
| 896 | client_subnet_always_forward) | |
| 897 | #endif | |
| 898 | #ifdef USE_DNSTAP | |
| 899 | else O_YNO(opt, "dnstap-enable", dnstap) | |
| 900 | else O_STR(opt, "dnstap-socket-path", dnstap_socket_path) | |
| 901 | else O_YNO(opt, "dnstap-send-identity", dnstap_send_identity) | |
| 902 | else O_YNO(opt, "dnstap-send-version", dnstap_send_version) | |
| 903 | else O_STR(opt, "dnstap-identity", dnstap_identity) | |
| 904 | else O_STR(opt, "dnstap-version", dnstap_version) | |
| 905 | else O_YNO(opt, "dnstap-log-resolver-query-messages", | |
| 906 | dnstap_log_resolver_query_messages) | |
| 907 | else O_YNO(opt, "dnstap-log-resolver-response-messages", | |
| 908 | dnstap_log_resolver_response_messages) | |
| 909 | else O_YNO(opt, "dnstap-log-client-query-messages", | |
| 910 | dnstap_log_client_query_messages) | |
| 911 | else O_YNO(opt, "dnstap-log-client-response-messages", | |
| 912 | dnstap_log_client_response_messages) | |
| 913 | else O_YNO(opt, "dnstap-log-forwarder-query-messages", | |
| 914 | dnstap_log_forwarder_query_messages) | |
| 915 | else O_YNO(opt, "dnstap-log-forwarder-response-messages", | |
| 916 | dnstap_log_forwarder_response_messages) | |
| 917 | #endif | |
| 918 | #ifdef USE_DNSCRYPT | |
| 919 | else O_YNO(opt, "dnscrypt-enable", dnscrypt) | |
| 920 | else O_DEC(opt, "dnscrypt-port", dnscrypt_port) | |
| 921 | else O_STR(opt, "dnscrypt-provider", dnscrypt_provider) | |
| 922 | else O_LST(opt, "dnscrypt-provider-cert", dnscrypt_provider_cert) | |
| 923 | else O_LST(opt, "dnscrypt-secret-key", dnscrypt_secret_key) | |
| 924 | #endif | |
| 789 | 925 | else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones) |
| 790 | 926 | else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones) |
| 791 | 927 | else O_DEC(opt, "max-udp-size", max_udp_size) |
| 792 | 928 | else O_STR(opt, "python-script", python_script) |
| 793 | 929 | else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check) |
| 930 | else O_DEC(opt, "ip-ratelimit", ip_ratelimit) | |
| 794 | 931 | else O_DEC(opt, "ratelimit", ratelimit) |
| 932 | else O_MEM(opt, "ip-ratelimit-size", ip_ratelimit_size) | |
| 795 | 933 | else O_MEM(opt, "ratelimit-size", ratelimit_size) |
| 934 | else O_DEC(opt, "ip-ratelimit-slabs", ip_ratelimit_slabs) | |
| 796 | 935 | else O_DEC(opt, "ratelimit-slabs", ratelimit_slabs) |
| 797 | 936 | else O_LS2(opt, "ratelimit-for-domain", ratelimit_for_domain) |
| 798 | 937 | else O_LS2(opt, "ratelimit-below-domain", ratelimit_below_domain) |
| 938 | else O_DEC(opt, "ip-ratelimit-factor", ip_ratelimit_factor) | |
| 799 | 939 | else O_DEC(opt, "ratelimit-factor", ratelimit_factor) |
| 800 | 940 | else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) |
| 801 | 941 | else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max) |
| 804 | 944 | else O_IFC(opt, "define-tag", num_tags, tagname) |
| 805 | 945 | else O_LTG(opt, "local-zone-tag", local_zone_tags) |
| 806 | 946 | else O_LTG(opt, "access-control-tag", acl_tags) |
| 947 | else O_LTG(opt, "response-ip-tag", respip_tags) | |
| 807 | 948 | else O_LS3(opt, "local-zone-override", local_zone_overrides) |
| 808 | 949 | else O_LS3(opt, "access-control-tag-action", acl_tag_actions) |
| 809 | 950 | else O_LS3(opt, "access-control-tag-data", acl_tag_datas) |
| 810 | 951 | else O_LS2(opt, "access-control-view", acl_view) |
| 952 | #ifdef USE_IPSECMOD | |
| 953 | else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled) | |
| 954 | else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus) | |
| 955 | else O_STR(opt, "ipsecmod-hook", ipsecmod_hook) | |
| 956 | else O_DEC(opt, "ipsecmod-max-ttl", ipsecmod_max_ttl) | |
| 957 | else O_LST(opt, "ipsecmod-whitelist", ipsecmod_whitelist) | |
| 958 | else O_YNO(opt, "ipsecmod-strict", ipsecmod_strict) | |
| 959 | #endif | |
| 811 | 960 | /* not here: |
| 812 | 961 | * outgoing-permit, outgoing-avoid - have list of ports |
| 813 | 962 | * local-zone - zones and nodefault variables |
| 912 | 1061 | ub_c_parse(); |
| 913 | 1062 | fclose(in); |
| 914 | 1063 | |
| 1064 | if(!cfg->dnscrypt) cfg->dnscrypt_port = 0; | |
| 1065 | ||
| 915 | 1066 | if(cfg_parser->errors != 0) { |
| 916 | 1067 | fprintf(stderr, "read %s failed: %d errors in configuration file\n", |
| 917 | 1068 | fname, cfg_parser->errors); |
| 1061 | 1212 | config_delviews(cfg->views); |
| 1062 | 1213 | config_delstrlist(cfg->donotqueryaddrs); |
| 1063 | 1214 | config_delstrlist(cfg->root_hints); |
| 1215 | #ifdef CLIENT_SUBNET | |
| 1216 | config_delstrlist(cfg->client_subnet); | |
| 1217 | config_delstrlist(cfg->client_subnet_zone); | |
| 1218 | #endif | |
| 1064 | 1219 | free(cfg->identity); |
| 1065 | 1220 | free(cfg->version); |
| 1066 | 1221 | free(cfg->module_conf); |
| 1067 | 1222 | free(cfg->outgoing_avail_ports); |
| 1223 | free(cfg->python_script); | |
| 1068 | 1224 | config_delstrlist(cfg->caps_whitelist); |
| 1069 | 1225 | config_delstrlist(cfg->private_address); |
| 1070 | 1226 | config_delstrlist(cfg->private_domain); |
| 1084 | 1240 | config_del_strarray(cfg->tagname, cfg->num_tags); |
| 1085 | 1241 | config_del_strbytelist(cfg->local_zone_tags); |
| 1086 | 1242 | config_del_strbytelist(cfg->acl_tags); |
| 1243 | config_del_strbytelist(cfg->respip_tags); | |
| 1087 | 1244 | config_deltrplstrlist(cfg->acl_tag_actions); |
| 1088 | 1245 | config_deltrplstrlist(cfg->acl_tag_datas); |
| 1089 | 1246 | config_delstrlist(cfg->control_ifs); |
| 1097 | 1254 | free(cfg->dnstap_version); |
| 1098 | 1255 | config_deldblstrlist(cfg->ratelimit_for_domain); |
| 1099 | 1256 | config_deldblstrlist(cfg->ratelimit_below_domain); |
| 1257 | #ifdef USE_IPSECMOD | |
| 1258 | free(cfg->ipsecmod_hook); | |
| 1259 | config_delstrlist(cfg->ipsecmod_whitelist); | |
| 1260 | #endif | |
| 1100 | 1261 | free(cfg); |
| 1101 | 1262 | } |
| 1102 | 1263 | |
| 171 | 171 | struct config_view* views; |
| 172 | 172 | /** list of donotquery addresses, linked list */ |
| 173 | 173 | struct config_strlist* donotqueryaddrs; |
| 174 | #ifdef CLIENT_SUBNET | |
| 175 | /** list of servers we send edns-client-subnet option to and | |
| 176 | * accept option from, linked list */ | |
| 177 | struct config_strlist* client_subnet; | |
| 178 | /** list of zones we send edns-client-subnet option for */ | |
| 179 | struct config_strlist* client_subnet_zone; | |
| 180 | /** opcode assigned by IANA for edns0-client-subnet option */ | |
| 181 | uint16_t client_subnet_opcode; | |
| 182 | /** Do not check whitelist if incoming query contains an ECS record */ | |
| 183 | int client_subnet_always_forward; | |
| 184 | /** Subnet length we are willing to give up privacy for */ | |
| 185 | uint8_t max_client_subnet_ipv4; | |
| 186 | uint8_t max_client_subnet_ipv6; | |
| 187 | #endif | |
| 174 | 188 | /** list of access control entries, linked list */ |
| 175 | 189 | struct config_str2list* acls; |
| 176 | 190 | /** use default localhost donotqueryaddr entries */ |
| 228 | 242 | int log_time_ascii; |
| 229 | 243 | /** log queries with one line per query */ |
| 230 | 244 | int log_queries; |
| 245 | /** log replies with one line per reply */ | |
| 246 | int log_replies; | |
| 231 | 247 | /** log identity to report */ |
| 232 | 248 | char* log_identity; |
| 233 | 249 | |
| 235 | 251 | int hide_identity; |
| 236 | 252 | /** do not report version (version.server, version.bind) */ |
| 237 | 253 | int hide_version; |
| 254 | /** do not report trustanchor (trustanchor.unbound) */ | |
| 255 | int hide_trustanchor; | |
| 238 | 256 | /** identity, hostname is returned if "". */ |
| 239 | 257 | char* identity; |
| 240 | 258 | /** version, package version returned if "". */ |
| 257 | 275 | struct config_strlist* dlv_anchor_list; |
| 258 | 276 | /** insecure domain list */ |
| 259 | 277 | struct config_strlist* domain_insecure; |
| 278 | /** send key tag query */ | |
| 279 | int trust_anchor_signaling; | |
| 260 | 280 | |
| 261 | 281 | /** if not 0, this value is the validation date for RRSIGs */ |
| 262 | 282 | int32_t val_date_override; |
| 300 | 320 | struct config_str2list* local_zones; |
| 301 | 321 | /** local zones nodefault list */ |
| 302 | 322 | struct config_strlist* local_zones_nodefault; |
| 323 | /** do not add any default local zone */ | |
| 324 | int local_zones_disable_default; | |
| 303 | 325 | /** local data RRs configured */ |
| 304 | 326 | struct config_strlist* local_data; |
| 305 | 327 | /** local zone override types per netblock */ |
| 318 | 340 | struct config_str3list* acl_tag_datas; |
| 319 | 341 | /** list of aclname, view*/ |
| 320 | 342 | struct config_str2list* acl_view; |
| 343 | /** list of IP-netblock, tagbitlist */ | |
| 344 | struct config_strbytelist* respip_tags; | |
| 345 | /** list of response-driven access control entries, linked list */ | |
| 346 | struct config_str2list* respip_actions; | |
| 347 | /** RRs configured for response-driven access controls */ | |
| 348 | struct config_str2list* respip_data; | |
| 321 | 349 | /** tag list, array with tagname[i] is malloced string */ |
| 322 | 350 | char** tagname; |
| 323 | 351 | /** number of items in the taglist */ |
| 343 | 371 | /** Python script file */ |
| 344 | 372 | char* python_script; |
| 345 | 373 | |
| 374 | /** Use systemd socket activation. */ | |
| 375 | int use_systemd; | |
| 376 | ||
| 346 | 377 | /** daemonize, i.e. fork into the background. */ |
| 347 | 378 | int do_daemonize; |
| 348 | 379 | |
| 390 | 421 | /** true to disable DNSSEC lameness check in iterator */ |
| 391 | 422 | int disable_dnssec_lame_check; |
| 392 | 423 | |
| 393 | /** ratelimit 0 is off, otherwise qps (unless overridden) */ | |
| 424 | /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ | |
| 425 | int ip_ratelimit; | |
| 426 | /** number of slabs for ip_ratelimit cache */ | |
| 427 | size_t ip_ratelimit_slabs; | |
| 428 | /** memory size in bytes for ip_ratelimit cache */ | |
| 429 | size_t ip_ratelimit_size; | |
| 430 | /** ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ | |
| 431 | int ip_ratelimit_factor; | |
| 432 | ||
| 433 | /** ratelimit for domains. 0 is off, otherwise qps (unless overridden) */ | |
| 394 | 434 | int ratelimit; |
| 395 | 435 | /** number of slabs for ratelimit cache */ |
| 396 | 436 | size_t ratelimit_slabs; |
| 407 | 447 | /** minimise QNAME in strict mode, minimise according to RFC. |
| 408 | 448 | * Do not apply fallback */ |
| 409 | 449 | int qname_minimisation_strict; |
| 450 | /** SHM data - true if shm is enabled */ | |
| 451 | int shm_enable; | |
| 452 | /** SHM data - key for the shm */ | |
| 453 | int shm_key; | |
| 454 | ||
| 455 | /** DNSCrypt */ | |
| 456 | /** true to enable dnscrypt */ | |
| 457 | int dnscrypt; | |
| 458 | /** port on which to provide dnscrypt service */ | |
| 459 | int dnscrypt_port; | |
| 460 | /** provider name 2.dnscrypt-cert.example.com */ | |
| 461 | char* dnscrypt_provider; | |
| 462 | /** dnscrypt secret keys 1.key */ | |
| 463 | struct config_strlist* dnscrypt_secret_key; | |
| 464 | /** dnscrypt provider certs 1.cert */ | |
| 465 | struct config_strlist* dnscrypt_provider_cert; | |
| 466 | ||
| 467 | /** IPsec module */ | |
| 468 | #ifdef USE_IPSECMOD | |
| 469 | /** false to bypass the IPsec module */ | |
| 470 | int ipsecmod_enabled; | |
| 471 | /** whitelisted domains for ipsecmod */ | |
| 472 | struct config_strlist* ipsecmod_whitelist; | |
| 473 | /** path to external hook */ | |
| 474 | char* ipsecmod_hook; | |
| 475 | /** true to proceed even with a bogus IPSECKEY */ | |
| 476 | int ipsecmod_ignore_bogus; | |
| 477 | /** max TTL for the A/AAAA records that call the hook */ | |
| 478 | int ipsecmod_max_ttl; | |
| 479 | /** false to proceed even when ipsecmod_hook fails */ | |
| 480 | int ipsecmod_strict; | |
| 481 | #endif | |
| 410 | 482 | }; |
| 411 | 483 | |
| 412 | 484 | /** from cfg username, after daemonise setup performed */ |
| 432 | 504 | int isprime; |
| 433 | 505 | /** if forward-first is set (failover to without if fails) */ |
| 434 | 506 | int isfirst; |
| 435 | /* use SSL for queries to this stub */ | |
| 507 | /** use SSL for queries to this stub */ | |
| 436 | 508 | int ssl_upstream; |
| 437 | 509 | }; |
| 438 | 510 | |
| 453 | 525 | /** Fallback to global local_zones when there is no match in the view |
| 454 | 526 | * view specific tree. 1 for yes, 0 for no */ |
| 455 | 527 | int isfirst; |
| 528 | /** predefined actions for particular IP address responses */ | |
| 529 | struct config_str2list* respip_actions; | |
| 530 | /** data complementing the 'redirect' response IP actions */ | |
| 531 | struct config_str2list* respip_data; | |
| 456 | 532 | }; |
| 457 | 533 | |
| 458 | 534 | /** |
| 949 | 1025 | #endif /* UB_ON_WINDOWS */ |
| 950 | 1026 | |
| 951 | 1027 | /** debug option for unit tests. */ |
| 952 | extern int fake_dsa; | |
| 1028 | extern int fake_dsa, fake_sha1; | |
| 953 | 1029 | |
| 954 | 1030 | #endif /* UTIL_CONFIG_FILE_H */ |
| 377 | 377 | *yy_cp = '\0'; \ |
| 378 | 378 | (yy_c_buf_p) = yy_cp; |
| 379 | 379 | |
| 380 | #define YY_NUM_RULES 197 | |
| 381 | #define YY_END_OF_BUFFER 198 | |
| 380 | #define YY_NUM_RULES 229 | |
| 381 | #define YY_END_OF_BUFFER 230 | |
| 382 | 382 | /* This struct is not used in this scanner, |
| 383 | 383 | but its presence is necessary. */ |
| 384 | 384 | struct yy_trans_info |
| 386 | 386 | flex_int32_t yy_verify; |
| 387 | 387 | flex_int32_t yy_nxt; |
| 388 | 388 | }; |
| 389 | static yyconst flex_int16_t yy_accept[1956] = | |
| 389 | static yyconst flex_int16_t yy_accept[2238] = | |
| 390 | 390 | { 0, |
| 391 | 1, 1, 179, 179, 183, 183, 187, 187, 191, 191, | |
| 392 | 1, 1, 198, 195, 1, 177, 177, 196, 2, 195, | |
| 393 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 394 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 196, | |
| 395 | 179, 180, 180, 181, 196, 183, 184, 184, 185, 196, | |
| 396 | 190, 187, 188, 188, 189, 196, 191, 192, 192, 193, | |
| 397 | 196, 194, 178, 2, 182, 194, 196, 195, 0, 1, | |
| 398 | 2, 2, 2, 2, 195, 195, 195, 195, 195, 195, | |
| 399 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 400 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 401 | ||
| 402 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 403 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 404 | 195, 195, 195, 195, 195, 195, 195, 195, 179, 0, | |
| 405 | 183, 0, 190, 0, 187, 191, 0, 194, 0, 2, | |
| 406 | 2, 194, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 407 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 408 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 409 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 410 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 411 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 412 | ||
| 413 | 195, 195, 195, 195, 195, 195, 195, 195, 194, 195, | |
| 414 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 415 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 416 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 417 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 418 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 419 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 420 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 421 | 195, 195, 195, 195, 195, 195, 195, 195, 194, 195, | |
| 422 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 423 | ||
| 424 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 425 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 426 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 427 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 76, | |
| 428 | 195, 195, 195, 195, 195, 195, 8, 195, 195, 195, | |
| 429 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 430 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 431 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 432 | 195, 195, 195, 87, 194, 195, 195, 195, 195, 195, | |
| 433 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 434 | ||
| 435 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 436 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 437 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 438 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 439 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 440 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 441 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 442 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 443 | 195, 195, 195, 195, 195, 195, 195, 194, 195, 195, | |
| 444 | 195, 195, 195, 36, 195, 195, 195, 195, 195, 195, | |
| 445 | ||
| 446 | 195, 195, 195, 195, 157, 195, 14, 15, 195, 18, | |
| 447 | 17, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 448 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 449 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 450 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 451 | 195, 195, 195, 195, 195, 143, 195, 195, 195, 195, | |
| 452 | 195, 195, 195, 195, 3, 195, 195, 195, 195, 195, | |
| 453 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 454 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 455 | 195, 195, 195, 195, 195, 195, 195, 195, 194, 195, | |
| 456 | ||
| 457 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 458 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 459 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 460 | 195, 195, 195, 195, 195, 195, 195, 186, 195, 195, | |
| 461 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 462 | 195, 195, 195, 195, 195, 39, 195, 195, 195, 195, | |
| 463 | 195, 195, 195, 195, 195, 195, 40, 195, 195, 195, | |
| 464 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 465 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 466 | 195, 195, 195, 195, 20, 195, 195, 195, 195, 195, | |
| 467 | ||
| 468 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 469 | 195, 95, 195, 186, 195, 195, 195, 195, 195, 195, | |
| 470 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 471 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 472 | 195, 195, 195, 195, 195, 111, 195, 195, 195, 195, | |
| 473 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 474 | 94, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 475 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 476 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 477 | 195, 74, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 478 | ||
| 479 | 195, 195, 195, 195, 195, 195, 195, 25, 195, 195, | |
| 480 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 481 | 195, 195, 195, 195, 195, 37, 195, 195, 195, 195, | |
| 482 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 483 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 484 | 38, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 485 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 486 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 487 | 195, 195, 195, 195, 195, 195, 195, 27, 195, 195, | |
| 488 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 489 | ||
| 490 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 491 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 492 | 171, 195, 195, 195, 195, 195, 195, 195, 31, 195, | |
| 493 | 32, 195, 195, 195, 77, 195, 78, 195, 195, 75, | |
| 494 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 495 | 195, 195, 195, 195, 195, 7, 195, 195, 195, 195, | |
| 496 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 497 | 150, 195, 195, 195, 195, 97, 195, 195, 195, 195, | |
| 498 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 499 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 500 | ||
| 501 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 502 | 28, 195, 195, 195, 195, 195, 195, 126, 195, 125, | |
| 503 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 504 | 195, 195, 195, 195, 195, 195, 195, 16, 195, 195, | |
| 505 | 195, 195, 195, 195, 195, 195, 195, 41, 195, 195, | |
| 506 | 195, 195, 195, 195, 195, 195, 195, 80, 79, 195, | |
| 507 | 195, 195, 195, 195, 195, 195, 195, 121, 195, 195, | |
| 508 | 195, 195, 195, 195, 195, 88, 195, 195, 195, 195, | |
| 509 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 510 | 59, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 511 | ||
| 512 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 513 | 195, 195, 195, 195, 195, 195, 63, 195, 195, 195, | |
| 514 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 35, | |
| 515 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 124, | |
| 516 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 6, | |
| 517 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 518 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 519 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 520 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 521 | 195, 195, 195, 117, 195, 195, 195, 195, 195, 195, | |
| 522 | ||
| 523 | 195, 195, 195, 136, 195, 118, 195, 195, 148, 195, | |
| 524 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 26, | |
| 525 | 195, 195, 195, 195, 83, 195, 84, 195, 82, 195, | |
| 526 | 195, 195, 195, 195, 195, 195, 93, 195, 195, 195, | |
| 527 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 119, | |
| 528 | 195, 195, 195, 195, 195, 122, 195, 147, 195, 195, | |
| 529 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 530 | 195, 73, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 531 | 195, 195, 195, 195, 195, 195, 195, 33, 195, 195, | |
| 532 | 22, 195, 195, 195, 195, 19, 195, 102, 195, 195, | |
| 533 | ||
| 534 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 535 | 195, 195, 48, 50, 195, 195, 195, 195, 195, 195, | |
| 536 | 195, 195, 195, 158, 195, 195, 195, 195, 195, 195, | |
| 537 | 195, 195, 195, 195, 195, 195, 195, 85, 195, 195, | |
| 538 | 195, 195, 195, 195, 195, 92, 195, 195, 195, 195, | |
| 539 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 540 | 195, 195, 195, 195, 195, 96, 195, 195, 195, 195, | |
| 541 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 142, | |
| 542 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 543 | 110, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 544 | ||
| 545 | 195, 195, 195, 195, 106, 195, 112, 195, 195, 195, | |
| 546 | 195, 195, 91, 195, 195, 69, 195, 134, 195, 195, | |
| 547 | 195, 195, 195, 149, 195, 195, 195, 195, 195, 195, | |
| 548 | 195, 163, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 549 | 195, 195, 195, 195, 109, 195, 195, 195, 195, 195, | |
| 550 | 51, 52, 195, 195, 34, 58, 113, 195, 127, 195, | |
| 551 | 151, 123, 195, 195, 44, 195, 115, 195, 195, 195, | |
| 552 | 195, 195, 9, 195, 195, 195, 72, 195, 195, 195, | |
| 553 | 195, 173, 195, 133, 195, 195, 195, 195, 195, 195, | |
| 554 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 555 | ||
| 556 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 557 | 195, 195, 195, 195, 195, 98, 162, 195, 195, 195, | |
| 558 | 195, 195, 195, 195, 195, 144, 195, 195, 195, 195, | |
| 559 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 560 | 195, 195, 114, 195, 195, 43, 45, 195, 195, 195, | |
| 561 | 195, 195, 195, 195, 71, 195, 195, 195, 195, 172, | |
| 562 | 195, 195, 195, 195, 138, 23, 24, 195, 195, 195, | |
| 563 | 195, 195, 195, 195, 195, 68, 195, 195, 195, 195, | |
| 564 | 195, 195, 195, 195, 195, 195, 195, 195, 140, 137, | |
| 565 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 42, | |
| 566 | ||
| 567 | 195, 195, 195, 195, 195, 195, 195, 195, 13, 195, | |
| 568 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 12, | |
| 569 | 195, 195, 21, 195, 195, 195, 176, 195, 46, 195, | |
| 570 | 146, 139, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 571 | 195, 195, 195, 195, 105, 104, 195, 195, 195, 195, | |
| 572 | 141, 135, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 573 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 574 | 195, 195, 53, 195, 195, 195, 145, 195, 195, 195, | |
| 575 | 195, 195, 195, 195, 195, 47, 195, 195, 81, 195, | |
| 576 | 99, 101, 128, 195, 195, 195, 103, 195, 195, 152, | |
| 577 | ||
| 578 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 579 | 159, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 580 | 195, 195, 195, 195, 129, 195, 195, 195, 29, 195, | |
| 581 | 195, 195, 195, 4, 195, 195, 195, 195, 195, 195, | |
| 582 | 195, 195, 195, 195, 195, 155, 195, 195, 195, 195, | |
| 583 | 195, 195, 195, 195, 161, 195, 195, 132, 195, 195, | |
| 584 | 195, 195, 195, 195, 195, 195, 56, 195, 30, 156, | |
| 585 | 195, 11, 195, 195, 195, 195, 195, 195, 130, 60, | |
| 586 | 195, 195, 195, 108, 195, 195, 195, 195, 195, 195, | |
| 587 | 195, 195, 195, 195, 160, 89, 195, 86, 195, 195, | |
| 588 | ||
| 589 | 195, 62, 66, 61, 195, 54, 195, 10, 195, 195, | |
| 590 | 195, 174, 195, 195, 107, 195, 195, 195, 195, 195, | |
| 591 | 195, 195, 195, 195, 195, 195, 195, 195, 67, 65, | |
| 592 | 195, 55, 195, 120, 195, 195, 131, 195, 195, 195, | |
| 593 | 195, 100, 49, 195, 195, 195, 195, 195, 195, 195, | |
| 594 | 90, 64, 57, 195, 175, 195, 195, 195, 154, 195, | |
| 595 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 596 | 195, 195, 195, 195, 195, 195, 195, 195, 70, 195, | |
| 597 | 153, 170, 195, 195, 195, 195, 195, 195, 5, 195, | |
| 598 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 599 | ||
| 600 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 601 | 116, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 602 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 166, | |
| 603 | 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, | |
| 604 | 195, 195, 195, 164, 195, 167, 168, 195, 195, 195, | |
| 605 | 195, 195, 165, 169, 0 | |
| 391 | 1, 1, 211, 211, 215, 215, 219, 219, 223, 223, | |
| 392 | 1, 1, 230, 227, 1, 209, 209, 228, 2, 227, | |
| 393 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 394 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 228, | |
| 395 | 211, 212, 212, 213, 228, 215, 216, 216, 217, 228, | |
| 396 | 222, 219, 220, 220, 221, 228, 223, 224, 224, 225, | |
| 397 | 228, 226, 210, 2, 214, 226, 228, 227, 0, 1, | |
| 398 | 2, 2, 2, 2, 227, 227, 227, 227, 227, 227, | |
| 399 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 400 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 401 | ||
| 402 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 403 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 404 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 405 | 211, 0, 215, 0, 222, 0, 219, 223, 0, 226, | |
| 406 | 0, 2, 2, 226, 227, 227, 227, 227, 227, 227, | |
| 407 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 408 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 409 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 410 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 411 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 412 | ||
| 413 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 414 | 227, 227, 227, 227, 227, 226, 227, 227, 227, 227, | |
| 415 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 416 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 417 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 418 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 419 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 420 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 421 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 422 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 423 | ||
| 424 | 227, 227, 226, 227, 227, 227, 227, 227, 227, 227, | |
| 425 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 426 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 427 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 428 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 429 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 77, | |
| 430 | 227, 227, 227, 227, 227, 227, 8, 227, 227, 227, | |
| 431 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 432 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 433 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 434 | ||
| 435 | 227, 227, 227, 227, 227, 227, 227, 88, 226, 227, | |
| 436 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 437 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 438 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 439 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 440 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 441 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 442 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 443 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 444 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 445 | ||
| 446 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 447 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 448 | 227, 227, 227, 226, 227, 227, 227, 227, 227, 37, | |
| 449 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 450 | 227, 227, 170, 227, 14, 15, 227, 18, 17, 227, | |
| 451 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 452 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 453 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 454 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 455 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 156, | |
| 456 | ||
| 457 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 458 | 3, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 459 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 460 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 461 | 227, 227, 227, 227, 227, 227, 226, 227, 227, 227, | |
| 462 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 463 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 464 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 465 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 218, | |
| 466 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 467 | ||
| 468 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 469 | 40, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 470 | 227, 227, 41, 227, 227, 227, 227, 227, 227, 227, | |
| 471 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 145, | |
| 472 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 473 | 227, 227, 227, 227, 20, 227, 227, 227, 227, 227, | |
| 474 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 475 | 227, 227, 103, 227, 218, 227, 227, 227, 227, 227, | |
| 476 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 477 | 227, 227, 227, 227, 227, 227, 227, 197, 227, 227, | |
| 478 | ||
| 479 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 120, | |
| 480 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 481 | 227, 227, 227, 227, 227, 227, 102, 227, 227, 227, | |
| 482 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 483 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 484 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 485 | 227, 75, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 486 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 487 | 25, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 488 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 38, | |
| 489 | ||
| 490 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 491 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 492 | 227, 227, 227, 227, 227, 39, 227, 227, 227, 227, | |
| 493 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 494 | 227, 227, 227, 227, 121, 227, 227, 227, 227, 227, | |
| 495 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 496 | 227, 227, 227, 227, 227, 227, 227, 28, 227, 227, | |
| 497 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 498 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 499 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 500 | ||
| 501 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 185, | |
| 502 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 503 | 32, 227, 33, 227, 227, 227, 78, 227, 79, 227, | |
| 504 | 227, 76, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 505 | 227, 227, 227, 227, 227, 227, 227, 227, 7, 227, | |
| 506 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 507 | 227, 227, 227, 227, 163, 227, 227, 227, 227, 105, | |
| 508 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 509 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 510 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 511 | ||
| 512 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 29, | |
| 513 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 514 | 227, 227, 227, 137, 227, 136, 227, 227, 227, 227, | |
| 515 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 516 | 227, 227, 227, 227, 227, 16, 227, 227, 227, 227, | |
| 517 | 227, 227, 227, 227, 227, 227, 42, 227, 227, 227, | |
| 518 | 227, 227, 227, 144, 227, 227, 227, 227, 81, 80, | |
| 519 | 227, 227, 227, 227, 227, 227, 227, 227, 131, 227, | |
| 520 | 227, 227, 227, 227, 227, 227, 227, 89, 227, 227, | |
| 521 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 522 | ||
| 523 | 227, 227, 227, 60, 227, 227, 227, 227, 227, 227, | |
| 524 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 525 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 526 | 227, 227, 227, 64, 227, 227, 227, 227, 227, 227, | |
| 527 | 227, 227, 227, 227, 227, 227, 227, 36, 227, 227, | |
| 528 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 529 | 227, 227, 227, 227, 134, 135, 227, 227, 227, 227, | |
| 530 | 227, 227, 227, 227, 227, 227, 6, 227, 227, 227, | |
| 531 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 532 | 227, 227, 227, 227, 227, 195, 227, 227, 227, 227, | |
| 533 | ||
| 534 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 535 | 227, 227, 227, 227, 227, 26, 227, 227, 227, 227, | |
| 536 | 227, 227, 227, 227, 127, 227, 227, 227, 227, 227, | |
| 537 | 227, 227, 227, 227, 227, 149, 227, 128, 227, 227, | |
| 538 | 161, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 539 | 227, 227, 227, 227, 227, 27, 227, 227, 227, 227, | |
| 540 | 84, 227, 85, 227, 83, 227, 227, 227, 227, 227, | |
| 541 | 227, 227, 227, 100, 227, 227, 227, 227, 227, 227, | |
| 542 | 227, 227, 227, 227, 227, 184, 227, 227, 227, 227, | |
| 543 | 227, 227, 227, 227, 129, 227, 227, 227, 227, 227, | |
| 544 | ||
| 545 | 132, 227, 227, 160, 227, 227, 227, 227, 227, 227, | |
| 546 | 227, 227, 227, 227, 227, 227, 227, 74, 227, 227, | |
| 547 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 548 | 227, 227, 227, 227, 227, 227, 34, 227, 227, 22, | |
| 549 | 227, 227, 227, 227, 19, 227, 110, 227, 227, 227, | |
| 550 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 551 | 227, 49, 51, 227, 227, 227, 227, 227, 227, 227, | |
| 552 | 227, 227, 227, 227, 199, 227, 227, 171, 227, 227, | |
| 553 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 554 | 227, 86, 227, 227, 227, 227, 227, 227, 227, 99, | |
| 555 | ||
| 556 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 557 | 227, 227, 227, 227, 227, 205, 227, 227, 227, 227, | |
| 558 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 104, | |
| 559 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 560 | 227, 227, 227, 155, 227, 227, 227, 227, 227, 227, | |
| 561 | 227, 227, 227, 227, 227, 227, 227, 119, 227, 227, | |
| 562 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 563 | 227, 227, 115, 227, 122, 227, 227, 227, 227, 227, | |
| 564 | 92, 227, 227, 70, 227, 227, 227, 227, 147, 227, | |
| 565 | 227, 227, 227, 227, 162, 227, 227, 227, 227, 227, | |
| 566 | ||
| 567 | 227, 227, 227, 227, 227, 176, 227, 227, 227, 227, | |
| 568 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 118, | |
| 569 | 227, 227, 227, 227, 227, 52, 53, 227, 227, 227, | |
| 570 | 227, 227, 35, 227, 227, 227, 227, 227, 59, 123, | |
| 571 | 227, 138, 227, 164, 133, 227, 227, 227, 45, 227, | |
| 572 | 125, 227, 227, 227, 227, 227, 9, 227, 227, 227, | |
| 573 | 73, 227, 227, 227, 227, 189, 227, 146, 227, 227, | |
| 574 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 575 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 576 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 577 | ||
| 578 | 227, 227, 227, 227, 227, 227, 106, 198, 227, 227, | |
| 579 | 175, 227, 227, 227, 227, 227, 227, 227, 227, 157, | |
| 580 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 581 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 582 | 227, 227, 227, 208, 227, 124, 227, 227, 227, 44, | |
| 583 | 46, 227, 227, 227, 227, 227, 227, 227, 72, 227, | |
| 584 | 227, 227, 227, 187, 227, 194, 227, 227, 227, 227, | |
| 585 | 227, 151, 23, 24, 227, 227, 227, 227, 227, 227, | |
| 586 | 227, 227, 227, 69, 227, 227, 227, 227, 227, 227, | |
| 587 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 153, | |
| 588 | ||
| 589 | 150, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 590 | 227, 227, 43, 227, 227, 227, 227, 227, 227, 227, | |
| 591 | 227, 101, 13, 227, 227, 227, 227, 227, 227, 227, | |
| 592 | 227, 227, 203, 227, 206, 227, 227, 227, 227, 227, | |
| 593 | 227, 12, 227, 227, 21, 227, 227, 227, 193, 227, | |
| 594 | 196, 47, 227, 159, 227, 152, 227, 227, 227, 227, | |
| 595 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 114, | |
| 596 | 113, 227, 227, 227, 227, 227, 227, 227, 154, 148, | |
| 597 | 227, 227, 200, 227, 227, 227, 227, 227, 227, 227, | |
| 598 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 599 | ||
| 600 | 227, 227, 227, 54, 227, 227, 227, 188, 227, 227, | |
| 601 | 227, 227, 227, 158, 227, 227, 227, 227, 227, 227, | |
| 602 | 227, 227, 48, 227, 227, 227, 82, 227, 107, 227, | |
| 603 | 109, 139, 227, 227, 227, 112, 227, 227, 165, 227, | |
| 604 | 227, 227, 227, 227, 94, 227, 227, 227, 227, 227, | |
| 605 | 227, 227, 227, 227, 172, 227, 227, 227, 227, 227, | |
| 606 | 227, 227, 227, 227, 227, 227, 227, 227, 140, 227, | |
| 607 | 227, 186, 227, 207, 227, 227, 227, 30, 227, 227, | |
| 608 | 227, 227, 4, 227, 227, 93, 227, 227, 227, 227, | |
| 609 | 227, 227, 227, 227, 227, 227, 168, 227, 227, 227, | |
| 610 | ||
| 611 | 227, 227, 227, 201, 227, 227, 227, 227, 227, 174, | |
| 612 | 227, 227, 143, 227, 227, 227, 227, 227, 227, 227, | |
| 613 | 227, 57, 227, 31, 192, 227, 169, 227, 227, 11, | |
| 614 | 227, 227, 227, 227, 227, 227, 141, 61, 227, 227, | |
| 615 | 227, 227, 117, 227, 227, 227, 227, 227, 96, 227, | |
| 616 | 227, 227, 227, 227, 227, 227, 173, 90, 227, 87, | |
| 617 | 227, 227, 227, 63, 67, 62, 227, 55, 227, 227, | |
| 618 | 227, 10, 227, 227, 227, 190, 227, 227, 227, 116, | |
| 619 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 620 | 227, 227, 227, 227, 227, 68, 66, 227, 56, 204, | |
| 621 | ||
| 622 | 227, 227, 227, 130, 227, 227, 142, 227, 227, 227, | |
| 623 | 227, 227, 108, 50, 227, 227, 202, 227, 227, 227, | |
| 624 | 227, 227, 227, 91, 65, 97, 98, 58, 227, 191, | |
| 625 | 111, 227, 227, 227, 167, 227, 227, 227, 227, 227, | |
| 626 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 627 | 227, 227, 227, 227, 227, 227, 71, 227, 166, 227, | |
| 628 | 183, 227, 227, 227, 227, 227, 227, 5, 227, 227, | |
| 629 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 630 | 227, 227, 227, 227, 227, 95, 227, 227, 227, 227, | |
| 631 | 227, 227, 126, 227, 227, 227, 227, 227, 227, 227, | |
| 632 | ||
| 633 | 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 634 | 227, 179, 227, 227, 227, 227, 227, 227, 227, 227, | |
| 635 | 227, 227, 227, 227, 227, 177, 227, 180, 181, 227, | |
| 636 | 227, 227, 227, 227, 178, 182, 0 | |
| 606 | 637 | } ; |
| 607 | 638 | |
| 608 | 639 | static yyconst YY_CHAR yy_ec[256] = |
| 611 | 642 | 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, |
| 612 | 643 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 613 | 644 | 1, 2, 1, 5, 6, 1, 1, 1, 7, 1, |
| 614 | 1, 1, 1, 1, 8, 1, 1, 1, 1, 1, | |
| 615 | 9, 10, 1, 11, 1, 1, 1, 12, 1, 1, | |
| 616 | 1, 1, 1, 1, 13, 14, 15, 16, 17, 18, | |
| 617 | 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, | |
| 618 | 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, | |
| 619 | 1, 39, 1, 1, 1, 1, 40, 41, 42, 43, | |
| 620 | ||
| 621 | 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, | |
| 622 | 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, | |
| 623 | 64, 65, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 645 | 1, 1, 1, 1, 8, 1, 1, 1, 9, 1, | |
| 646 | 10, 11, 1, 12, 1, 1, 1, 13, 1, 1, | |
| 647 | 1, 1, 1, 1, 14, 15, 16, 17, 18, 19, | |
| 648 | 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, | |
| 649 | 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, | |
| 650 | 1, 40, 1, 1, 1, 1, 41, 42, 43, 44, | |
| 651 | ||
| 652 | 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, | |
| 653 | 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, | |
| 654 | 65, 66, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 624 | 655 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 625 | 656 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 626 | 657 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 637 | 668 | 1, 1, 1, 1, 1 |
| 638 | 669 | } ; |
| 639 | 670 | |
| 640 | static yyconst YY_CHAR yy_meta[66] = | |
| 671 | static yyconst YY_CHAR yy_meta[67] = | |
| 641 | 672 | { 0, |
| 642 | 673 | 1, 2, 3, 4, 5, 1, 6, 1, 1, 1, |
| 643 | 1, 7, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 674 | 1, 1, 7, 1, 1, 1, 1, 1, 1, 1, | |
| 644 | 675 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 645 | 676 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 646 | 677 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 647 | 678 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 648 | 1, 1, 1, 1, 1 | |
| 679 | 1, 1, 1, 1, 1, 1 | |
| 649 | 680 | } ; |
| 650 | 681 | |
| 651 | static yyconst flex_uint16_t yy_base[1970] = | |
| 682 | static yyconst flex_uint16_t yy_base[2252] = | |
| 652 | 683 | { 0, |
| 653 | 0, 0, 63, 66, 69, 71, 77, 83, 88, 91, | |
| 654 | 129, 135, 354, 275, 95, 5624, 5624, 5624, 107, 110, | |
| 655 | 142, 180, 108, 145, 152, 186, 50, 149, 121, 182, | |
| 656 | 210, 177, 254, 137, 225, 229, 205, 227, 273, 116, | |
| 657 | 271, 5624, 5624, 5624, 94, 268, 5624, 5624, 5624, 96, | |
| 658 | 261, 295, 5624, 5624, 5624, 299, 256, 5624, 5624, 5624, | |
| 659 | 102, 250, 5624, 318, 5624, 141, 322, 228, 326, 111, | |
| 660 | 0, 330, 0, 0, 257, 235, 277, 324, 310, 266, | |
| 661 | 323, 314, 125, 312, 348, 322, 326, 341, 320, 351, | |
| 662 | 339, 359, 357, 374, 209, 362, 378, 392, 358, 373, | |
| 663 | ||
| 664 | 386, 404, 389, 405, 410, 398, 379, 424, 409, 435, | |
| 665 | 414, 432, 422, 430, 431, 429, 445, 218, 441, 464, | |
| 666 | 456, 450, 455, 477, 481, 472, 460, 483, 224, 174, | |
| 667 | 220, 150, 172, 524, 206, 159, 272, 122, 528, 536, | |
| 668 | 0, 495, 519, 307, 515, 525, 513, 520, 514, 528, | |
| 669 | 542, 539, 547, 468, 557, 601, 552, 546, 540, 549, | |
| 670 | 559, 564, 580, 573, 574, 581, 572, 592, 598, 625, | |
| 671 | 586, 611, 602, 633, 640, 639, 632, 623, 643, 642, | |
| 672 | 655, 659, 649, 650, 651, 660, 658, 666, 654, 652, | |
| 673 | 670, 679, 676, 690, 677, 682, 702, 685, 706, 703, | |
| 674 | ||
| 675 | 715, 697, 707, 712, 718, 722, 729, 724, 726, 725, | |
| 676 | 733, 754, 750, 758, 742, 743, 745, 756, 751, 763, | |
| 677 | 760, 772, 454, 778, 791, 780, 782, 795, 790, 793, | |
| 678 | 784, 787, 799, 803, 805, 812, 807, 815, 814, 823, | |
| 679 | 837, 813, 826, 841, 828, 829, 839, 852, 854, 849, | |
| 680 | 850, 860, 862, 872, 863, 889, 509, 877, 878, 886, | |
| 681 | 873, 884, 903, 909, 905, 900, 912, 896, 904, 925, | |
| 682 | 918, 921, 944, 923, 939, 934, 950, 935, 959, 936, | |
| 683 | 942, 954, 970, 961, 1015, 963, 983, 998, 985, 974, | |
| 684 | 981, 994, 995, 986, 1008, 1011, 1019, 1022, 1036, 1020, | |
| 685 | ||
| 686 | 1038, 1025, 1047, 1032, 1055, 551, 1042, 1052, 1054, 1057, | |
| 687 | 1074, 1069, 1079, 1067, 1064, 1077, 1081, 1075, 1084, 1100, | |
| 688 | 1096, 1093, 1110, 1115, 1113, 1120, 1117, 1111, 1127, 1129, | |
| 689 | 1126, 1112, 1123, 1140, 1131, 1160, 1158, 1143, 1165, 5624, | |
| 690 | 1167, 1148, 1170, 1162, 1153, 1172, 5624, 1156, 1182, 1190, | |
| 691 | 1138, 1197, 1181, 1199, 1185, 1214, 1193, 1195, 1217, 1203, | |
| 692 | 1220, 1211, 1209, 1259, 1219, 1230, 1234, 1257, 1253, 1243, | |
| 693 | 1268, 1246, 1273, 1264, 1270, 1266, 1280, 1288, 1298, 1295, | |
| 694 | 1292, 1301, 1231, 5624, 1309, 1318, 1305, 1302, 1308, 1315, | |
| 695 | 1324, 1322, 1331, 1327, 1330, 1326, 1347, 1343, 1340, 1369, | |
| 696 | ||
| 697 | 1349, 1355, 1363, 1368, 1371, 1372, 1379, 1357, 1375, 1358, | |
| 698 | 1383, 1385, 1384, 1386, 1373, 1396, 1389, 1395, 1416, 1390, | |
| 699 | 1402, 1407, 1421, 1413, 1405, 1422, 1430, 1435, 1432, 1436, | |
| 700 | 1429, 1440, 1449, 1458, 1448, 1444, 1471, 1475, 1468, 1462, | |
| 701 | 1467, 1483, 1477, 1487, 1488, 1479, 1490, 1486, 1503, 1497, | |
| 702 | 1510, 1509, 1515, 1525, 1521, 1513, 1526, 1504, 1511, 1514, | |
| 703 | 1524, 1530, 1536, 1543, 1546, 1547, 1550, 1571, 1549, 1556, | |
| 704 | 1561, 1574, 1569, 1576, 1563, 1567, 1584, 1592, 1577, 1593, | |
| 705 | 1605, 1607, 1596, 1608, 1609, 1602, 1613, 1620, 1627, 1617, | |
| 706 | 1629, 1637, 1624, 5624, 1632, 1635, 1649, 1651, 1640, 1665, | |
| 707 | ||
| 708 | 1660, 1648, 1644, 1692, 5624, 1657, 5624, 5624, 1662, 5624, | |
| 709 | 5624, 1682, 1675, 1690, 1685, 1678, 1741, 1683, 1680, 1695, | |
| 710 | 1700, 1723, 1722, 1734, 1724, 1736, 1747, 1751, 1750, 1738, | |
| 711 | 1757, 1763, 1766, 1765, 1770, 1774, 1777, 1778, 1790, 1788, | |
| 712 | 1730, 1798, 1799, 1800, 1801, 1803, 1813, 1814, 1817, 1815, | |
| 713 | 1808, 1812, 1829, 1818, 1828, 5624, 1823, 1840, 1850, 1838, | |
| 714 | 1842, 1839, 1833, 1860, 5624, 1841, 1867, 1861, 1858, 1864, | |
| 715 | 1873, 1874, 1888, 1877, 1884, 1887, 1885, 1894, 1900, 1875, | |
| 716 | 1898, 1902, 1911, 1921, 1922, 1909, 1919, 1927, 1913, 1936, | |
| 717 | 1943, 1938, 1924, 1939, 1948, 1930, 1947, 1944, 1956, 1945, | |
| 718 | ||
| 719 | 1963, 1954, 1958, 1964, 1966, 2011, 1975, 1980, 1977, 1971, | |
| 720 | 1997, 1991, 1983, 1985, 1994, 2013, 2010, 2024, 2026, 2028, | |
| 721 | 2009, 2034, 2040, 2038, 2045, 2075, 2050, 2055, 2057, 2051, | |
| 722 | 2069, 2059, 2072, 2065, 2066, 2068, 2084, 5624, 2078, 2097, | |
| 723 | 2090, 2091, 2117, 2111, 2095, 2110, 2107, 2120, 2106, 2121, | |
| 724 | 2112, 2128, 2131, 2136, 2134, 5624, 2130, 2144, 2139, 2155, | |
| 725 | 2159, 2163, 2156, 2166, 2174, 2171, 5624, 2161, 2179, 2195, | |
| 726 | 2170, 2188, 2183, 2190, 2187, 2182, 2192, 2200, 2215, 2219, | |
| 727 | 2212, 2209, 2222, 2208, 2229, 2223, 2230, 2226, 2235, 2239, | |
| 728 | 2245, 2252, 2256, 2262, 5624, 2246, 2260, 2265, 2257, 2274, | |
| 729 | ||
| 730 | 2278, 2280, 2275, 2279, 2283, 2281, 106, 2282, 2290, 2285, | |
| 731 | 2286, 5624, 2296, 90, 2302, 2303, 2294, 2323, 2332, 2328, | |
| 732 | 2329, 2321, 2322, 2339, 2325, 2327, 2330, 2338, 2349, 2347, | |
| 733 | 2355, 2352, 2345, 2357, 2374, 2376, 2378, 2372, 2380, 2371, | |
| 734 | 2379, 2382, 2373, 2406, 2398, 5624, 2414, 2412, 2405, 2403, | |
| 735 | 2408, 2419, 2415, 2409, 2410, 2416, 2445, 2425, 2436, 2448, | |
| 736 | 5624, 2397, 2446, 2454, 2439, 2463, 2452, 2469, 2455, 2466, | |
| 737 | 2470, 2472, 2467, 2481, 2487, 2495, 2483, 2497, 2503, 2496, | |
| 738 | 2501, 2499, 2491, 2515, 2520, 2512, 2521, 2544, 2540, 176, | |
| 739 | 2523, 5624, 2539, 2530, 2528, 2529, 2563, 2555, 2556, 2566, | |
| 740 | ||
| 741 | 2565, 2567, 2559, 2570, 2551, 2573, 2554, 5624, 2581, 2593, | |
| 742 | 2580, 2605, 2589, 2610, 2607, 2592, 2614, 2597, 2616, 2615, | |
| 743 | 2622, 2628, 2620, 2624, 2626, 5624, 2632, 2635, 2640, 2639, | |
| 744 | 2637, 2642, 2641, 2658, 2643, 2651, 2653, 2678, 2667, 2655, | |
| 745 | 2665, 2666, 2682, 2669, 2670, 2673, 2694, 2686, 2692, 2696, | |
| 746 | 5624, 2693, 2729, 2697, 2709, 2705, 2713, 2734, 2731, 2726, | |
| 747 | 2719, 2721, 2723, 2740, 2725, 2739, 2751, 2742, 2730, 2761, | |
| 748 | 2757, 2748, 2762, 2764, 2774, 2778, 2775, 2776, 2772, 2782, | |
| 749 | 2786, 2790, 2788, 2799, 2800, 2813, 2815, 5624, 2818, 2819, | |
| 750 | 2804, 2820, 2821, 2809, 2833, 2834, 2812, 2837, 2838, 2827, | |
| 751 | ||
| 752 | 2839, 2845, 2841, 2844, 2848, 2850, 2854, 2860, 2849, 2864, | |
| 753 | 2881, 2883, 2876, 2889, 2887, 2891, 2880, 2890, 2885, 2921, | |
| 754 | 5624, 2884, 2902, 2919, 2901, 2912, 2914, 2925, 5624, 2915, | |
| 755 | 5624, 2931, 2937, 2939, 5624, 2943, 5624, 2944, 2929, 5624, | |
| 756 | 2946, 2952, 2932, 2950, 2941, 2957, 2954, 2978, 2963, 2984, | |
| 757 | 2964, 2976, 2988, 2974, 2989, 5624, 2995, 2979, 2990, 2998, | |
| 758 | 3002, 3003, 3008, 2991, 3012, 3031, 3035, 3041, 3016, 3042, | |
| 759 | 5624, 3030, 3045, 3027, 3043, 5624, 3024, 3051, 3053, 3054, | |
| 760 | 3079, 3057, 3056, 3068, 3059, 3062, 3063, 3098, 3095, 3081, | |
| 761 | 3083, 3080, 3107, 3106, 3109, 3090, 3110, 3116, 3114, 3103, | |
| 762 | ||
| 763 | 3108, 3112, 3104, 3135, 3131, 3124, 3129, 3130, 3138, 3133, | |
| 764 | 5624, 3153, 3156, 3148, 3157, 3158, 3162, 5624, 3172, 5624, | |
| 765 | 3141, 3169, 3179, 3168, 3185, 3177, 3183, 3199, 3189, 3176, | |
| 766 | 3207, 3195, 3204, 3200, 3206, 3205, 3212, 5624, 3216, 3219, | |
| 767 | 3222, 3236, 3231, 3248, 3254, 3247, 3239, 5624, 3234, 3244, | |
| 768 | 3260, 3258, 3264, 3268, 3276, 3277, 3291, 5624, 5624, 3274, | |
| 769 | 3297, 3285, 3281, 3283, 3280, 3295, 3296, 5624, 3286, 3312, | |
| 770 | 3304, 3323, 3325, 3310, 3317, 5624, 3320, 3334, 3331, 3341, | |
| 771 | 3337, 3339, 3344, 3346, 3342, 3338, 3347, 3359, 3357, 3370, | |
| 772 | 5624, 3372, 3373, 3379, 3376, 3380, 3383, 3381, 3374, 3386, | |
| 773 | ||
| 774 | 3402, 3375, 3390, 3394, 3400, 3404, 3407, 3403, 3414, 3408, | |
| 775 | 3433, 3415, 3437, 3435, 3444, 3440, 5624, 3448, 3427, 3450, | |
| 776 | 3422, 3456, 3457, 3452, 3468, 3441, 3449, 3463, 3466, 5624, | |
| 777 | 3451, 3470, 3473, 3472, 3488, 3474, 3483, 3501, 3503, 5624, | |
| 778 | 3495, 3506, 3496, 3510, 3515, 3493, 3525, 3508, 3520, 5624, | |
| 779 | 3522, 3516, 3521, 3532, 3544, 3549, 3550, 3551, 3546, 3537, | |
| 780 | 3543, 3548, 3564, 3547, 3553, 3568, 3566, 3571, 3570, 3582, | |
| 781 | 3593, 3591, 3588, 3594, 3601, 3595, 3597, 3587, 3576, 3602, | |
| 782 | 3623, 3608, 3604, 3613, 3637, 3624, 3635, 3629, 3617, 3649, | |
| 783 | 3626, 3650, 3643, 5624, 3644, 3653, 3658, 3659, 3640, 3666, | |
| 784 | ||
| 785 | 3656, 3667, 3669, 5624, 3674, 5624, 3662, 3683, 5624, 3685, | |
| 786 | 3684, 3671, 3681, 3686, 3688, 3698, 3709, 3713, 3689, 5624, | |
| 787 | 3720, 3701, 3717, 3718, 5624, 3723, 5624, 3722, 5624, 3724, | |
| 788 | 3728, 3737, 3735, 3755, 3741, 3757, 5624, 3751, 3740, 3762, | |
| 789 | 3764, 3750, 3749, 3768, 3769, 3748, 3777, 3766, 3779, 5624, | |
| 790 | 3789, 3795, 3784, 3798, 3805, 5624, 3800, 5624, 3796, 3814, | |
| 791 | 3791, 3815, 3826, 3829, 3830, 3813, 3818, 3819, 3843, 3836, | |
| 792 | 3825, 5624, 3832, 3840, 3850, 3863, 3853, 3846, 3847, 3867, | |
| 793 | 3869, 3870, 3874, 3877, 3884, 3876, 3875, 5624, 3895, 3902, | |
| 794 | 5624, 3892, 3888, 3898, 3901, 5624, 3912, 5624, 3914, 3906, | |
| 795 | ||
| 796 | 3899, 3922, 3923, 3927, 3930, 3919, 3933, 3935, 3929, 3959, | |
| 797 | 3944, 3941, 5624, 5624, 3953, 3957, 3970, 3971, 3962, 3955, | |
| 798 | 3979, 3976, 3977, 5624, 3958, 3982, 3967, 3980, 3986, 3978, | |
| 799 | 3999, 3992, 3998, 3997, 4006, 3994, 4008, 5624, 4009, 4007, | |
| 800 | 4013, 4022, 4023, 4004, 4024, 5624, 4032, 4043, 4035, 4038, | |
| 801 | 4040, 4055, 4058, 4060, 4051, 4050, 4061, 4069, 4074, 4057, | |
| 802 | 4081, 4068, 4089, 4091, 4073, 5624, 4093, 4094, 4078, 4099, | |
| 803 | 4084, 4100, 4101, 4114, 4107, 4090, 4095, 4113, 4112, 5624, | |
| 804 | 4118, 4120, 4108, 4140, 4146, 4129, 4149, 4125, 4152, 4145, | |
| 805 | 5624, 4150, 4155, 4136, 4156, 4137, 4163, 4179, 4159, 4182, | |
| 806 | ||
| 807 | 4183, 4180, 4170, 4189, 5624, 4178, 5624, 4190, 4201, 4204, | |
| 808 | 4213, 4210, 5624, 4197, 4206, 5624, 4196, 5624, 4224, 4229, | |
| 809 | 4216, 4226, 4244, 5624, 4245, 4233, 4249, 4240, 4241, 4239, | |
| 810 | 4261, 5624, 4242, 4267, 4248, 4259, 4260, 4263, 4278, 4277, | |
| 811 | 4273, 4279, 4282, 4289, 5624, 4285, 4291, 4302, 4305, 4297, | |
| 812 | 5624, 5624, 4300, 4316, 5624, 5624, 5624, 4303, 5624, 4307, | |
| 813 | 5624, 5624, 4310, 4321, 5624, 4331, 5624, 4306, 4334, 4320, | |
| 814 | 4323, 4333, 5624, 4327, 4337, 4339, 5624, 4342, 4357, 4341, | |
| 815 | 4340, 5624, 4356, 5624, 4365, 4369, 4360, 4372, 4375, 4379, | |
| 816 | 4380, 4373, 4363, 4387, 4382, 4383, 4391, 4384, 4393, 4405, | |
| 817 | ||
| 818 | 4408, 4397, 4399, 4412, 4404, 4415, 4426, 4424, 4416, 4414, | |
| 819 | 4432, 4440, 4438, 4447, 4448, 5624, 5624, 4442, 4439, 4446, | |
| 820 | 4450, 4469, 4459, 4453, 4480, 5624, 4458, 4473, 4465, 4484, | |
| 821 | 4472, 4475, 4476, 4474, 4485, 4488, 4517, 4498, 4507, 4500, | |
| 822 | 4518, 4506, 5624, 4515, 4509, 5624, 5624, 4510, 4529, 4535, | |
| 823 | 4525, 4520, 4539, 4537, 5624, 4533, 4550, 4558, 4556, 5624, | |
| 824 | 4561, 4544, 4570, 4572, 5624, 5624, 5624, 4573, 4557, 4565, | |
| 825 | 4567, 4575, 4577, 4568, 4581, 5624, 4571, 4588, 4605, 4596, | |
| 826 | 4591, 4612, 4614, 4617, 4623, 4619, 4625, 4626, 5624, 5624, | |
| 827 | 4615, 4631, 4629, 4630, 4627, 4632, 4637, 4638, 4649, 5624, | |
| 828 | ||
| 829 | 4663, 4662, 4650, 4656, 4664, 4670, 4674, 4671, 5624, 4659, | |
| 830 | 4665, 4684, 4681, 4690, 4695, 4683, 4699, 4705, 4710, 5624, | |
| 831 | 4707, 4706, 5624, 4714, 4711, 4708, 5624, 4720, 5624, 4724, | |
| 832 | 5624, 5624, 4729, 4726, 4728, 4736, 4744, 4757, 4758, 4741, | |
| 833 | 4746, 4644, 4761, 4763, 5624, 5624, 4769, 4747, 4756, 4768, | |
| 834 | 5624, 5624, 4772, 4764, 4773, 4774, 4783, 4766, 4775, 4779, | |
| 835 | 4804, 4794, 4810, 4814, 4816, 4802, 4819, 4800, 4796, 4823, | |
| 836 | 4806, 4808, 5624, 4834, 4833, 4843, 5624, 4838, 4852, 4850, | |
| 837 | 4849, 4842, 4866, 4851, 4859, 5624, 4862, 4855, 5624, 4847, | |
| 838 | 5624, 5624, 5624, 4875, 4886, 4879, 5624, 4885, 4896, 5624, | |
| 839 | ||
| 840 | 4892, 4894, 4881, 4877, 4884, 4904, 4898, 4914, 4893, 4922, | |
| 841 | 5624, 4907, 4920, 4929, 4924, 4934, 4930, 4917, 4921, 4942, | |
| 842 | 4941, 4928, 4952, 4944, 5624, 4958, 4959, 4965, 5624, 4972, | |
| 843 | 4955, 4951, 4957, 5624, 4979, 4969, 4966, 4987, 4989, 4981, | |
| 844 | 4982, 4971, 4995, 5001, 5010, 5624, 4993, 4992, 5014, 5008, | |
| 845 | 5006, 5027, 5028, 5024, 5624, 5026, 5015, 5624, 5029, 5031, | |
| 846 | 5016, 5042, 5048, 5049, 5050, 5054, 5624, 5060, 5624, 5624, | |
| 847 | 5061, 5624, 5064, 5051, 5063, 5057, 5067, 5074, 5624, 5624, | |
| 848 | 5072, 5068, 5077, 5624, 5076, 5078, 5092, 5073, 5094, 5090, | |
| 849 | 5095, 5109, 5093, 5110, 5624, 5624, 5112, 5624, 5113, 5116, | |
| 850 | ||
| 851 | 5124, 5624, 5624, 5624, 5118, 5624, 5129, 5624, 5130, 5131, | |
| 852 | 5120, 5624, 5144, 5135, 5624, 5145, 5137, 5147, 5152, 5165, | |
| 853 | 5161, 5142, 5153, 5157, 5176, 5177, 5164, 5170, 5624, 5624, | |
| 854 | 5185, 5624, 5186, 5624, 5180, 5187, 5624, 5184, 5197, 5191, | |
| 855 | 5199, 5624, 5624, 5212, 5204, 5203, 5214, 5201, 5209, 5205, | |
| 856 | 5624, 5624, 5624, 5226, 5624, 5218, 5223, 5224, 5624, 5241, | |
| 857 | 5242, 5239, 5244, 5245, 5232, 5248, 5240, 5237, 5264, 5274, | |
| 858 | 5276, 5272, 5275, 5256, 5271, 5282, 5278, 5293, 5624, 5279, | |
| 859 | 5624, 5624, 5291, 5299, 5300, 5297, 5301, 5296, 5624, 5298, | |
| 860 | 5303, 5304, 5316, 5313, 5328, 5330, 5326, 5346, 5331, 5343, | |
| 861 | ||
| 862 | 5349, 5342, 5338, 5350, 5344, 5360, 5363, 5356, 5365, 5353, | |
| 863 | 5624, 5359, 5370, 5375, 5372, 5395, 5393, 5381, 5402, 5404, | |
| 864 | 5408, 5407, 5391, 5368, 5412, 5417, 5409, 5421, 5423, 5624, | |
| 865 | 5433, 5440, 5430, 5435, 5446, 5437, 5439, 5451, 5443, 5461, | |
| 866 | 5459, 5463, 5464, 5624, 5470, 5624, 5624, 5472, 5465, 5474, | |
| 867 | 5480, 5482, 5624, 5624, 5624, 5532, 5539, 5546, 5553, 5560, | |
| 868 | 82, 5567, 5574, 5581, 5588, 5595, 5602, 5609, 5616 | |
| 684 | 0, 0, 64, 67, 70, 72, 78, 84, 89, 92, | |
| 685 | 131, 137, 420, 366, 96, 6399, 6399, 6399, 109, 111, | |
| 686 | 142, 180, 86, 133, 138, 172, 50, 151, 91, 181, | |
| 687 | 197, 124, 241, 187, 225, 289, 233, 228, 253, 307, | |
| 688 | 362, 6399, 6399, 6399, 95, 359, 6399, 6399, 6399, 102, | |
| 689 | 326, 355, 6399, 6399, 6399, 311, 245, 6399, 6399, 6399, | |
| 690 | 116, 221, 6399, 321, 6399, 265, 328, 212, 334, 160, | |
| 691 | 0, 338, 0, 0, 141, 206, 184, 330, 322, 255, | |
| 692 | 323, 335, 324, 222, 268, 350, 325, 334, 344, 357, | |
| 693 | 358, 352, 367, 364, 389, 385, 369, 393, 394, 214, | |
| 694 | ||
| 695 | 373, 402, 128, 400, 403, 419, 414, 399, 435, 420, | |
| 696 | 443, 422, 449, 431, 441, 178, 436, 453, 459, 416, | |
| 697 | 461, 463, 456, 469, 263, 487, 488, 480, 477, 497, | |
| 698 | 170, 284, 164, 241, 160, 514, 174, 85, 367, 77, | |
| 699 | 534, 541, 0, 514, 504, 518, 512, 513, 515, 523, | |
| 700 | 542, 526, 540, 556, 550, 551, 548, 560, 604, 561, | |
| 701 | 539, 559, 565, 571, 568, 588, 582, 585, 590, 583, | |
| 702 | 606, 609, 636, 617, 599, 623, 576, 633, 652, 621, | |
| 703 | 644, 638, 635, 650, 648, 662, 660, 657, 666, 668, | |
| 704 | 684, 651, 683, 679, 669, 687, 682, 685, 699, 703, | |
| 705 | ||
| 706 | 686, 721, 709, 725, 713, 720, 716, 726, 718, 712, | |
| 707 | 740, 743, 747, 744, 735, 745, 750, 748, 749, 754, | |
| 708 | 770, 751, 765, 762, 768, 783, 773, 784, 792, 800, | |
| 709 | 804, 781, 802, 811, 789, 807, 810, 816, 806, 809, | |
| 710 | 821, 828, 823, 836, 849, 825, 838, 832, 833, 857, | |
| 711 | 851, 843, 860, 848, 868, 859, 871, 855, 862, 876, | |
| 712 | 878, 891, 883, 894, 886, 895, 926, 676, 913, 903, | |
| 713 | 910, 905, 922, 912, 939, 932, 930, 941, 936, 934, | |
| 714 | 947, 956, 949, 970, 959, 973, 974, 953, 966, 981, | |
| 715 | 975, 983, 986, 996, 1003, 1005, 1017, 1008, 1062, 1006, | |
| 716 | ||
| 717 | 1015, 1055, 1004, 1010, 1012, 1033, 1043, 1034, 1039, 1048, | |
| 718 | 1052, 1066, 1058, 1045, 1063, 1075, 1082, 1093, 1072, 1090, | |
| 719 | 1102, 1113, 1095, 1100, 1103, 1104, 1123, 1117, 1122, 1110, | |
| 720 | 1124, 1147, 1127, 1130, 1154, 1150, 1137, 1139, 1155, 1166, | |
| 721 | 1168, 1151, 1174, 1163, 1179, 1178, 1188, 1152, 1195, 1183, | |
| 722 | 1187, 1198, 1196, 1197, 1213, 1211, 1215, 1200, 1227, 6399, | |
| 723 | 1229, 1216, 1224, 1236, 1226, 1238, 6399, 1240, 1241, 1235, | |
| 724 | 1257, 1262, 1264, 1252, 1267, 1279, 1277, 1283, 1256, 1276, | |
| 725 | 1268, 1265, 1278, 1284, 1295, 1296, 1297, 1343, 1294, 1306, | |
| 726 | 1302, 1341, 1327, 1311, 1333, 1315, 1336, 1305, 1338, 1357, | |
| 727 | ||
| 728 | 1329, 1352, 1361, 1371, 1363, 1368, 1375, 6399, 1387, 1358, | |
| 729 | 1385, 1376, 1379, 1396, 1400, 1360, 1393, 1416, 1401, 1412, | |
| 730 | 1402, 1420, 1419, 1414, 1410, 1450, 1421, 1435, 1436, 1443, | |
| 731 | 1451, 1454, 1460, 1437, 1461, 1440, 1448, 1464, 1470, 1465, | |
| 732 | 1453, 1467, 1462, 1478, 1474, 1476, 1499, 1486, 1509, 1494, | |
| 733 | 1495, 1503, 1501, 1505, 1489, 1514, 1516, 1529, 1513, 1539, | |
| 734 | 1532, 1536, 1546, 1543, 1537, 1542, 1530, 1556, 1558, 1564, | |
| 735 | 1560, 1550, 1570, 1563, 1569, 1577, 1583, 1588, 1603, 1587, | |
| 736 | 1589, 1604, 1590, 1596, 1615, 1595, 1614, 1626, 1611, 1610, | |
| 737 | 1622, 1621, 1623, 1629, 1636, 1638, 1639, 1651, 1634, 1649, | |
| 738 | ||
| 739 | 1650, 1652, 1658, 1663, 1653, 1656, 1686, 1665, 1677, 1684, | |
| 740 | 1678, 1674, 1690, 1699, 1692, 1700, 1704, 1705, 1711, 1701, | |
| 741 | 1713, 1698, 1714, 1737, 1740, 1741, 1725, 1750, 1735, 6399, | |
| 742 | 1728, 1753, 1734, 1756, 1763, 1739, 1758, 1768, 1761, 1764, | |
| 743 | 1772, 1815, 6399, 1767, 6399, 6399, 1781, 6399, 6399, 1787, | |
| 744 | 1795, 1808, 1803, 1816, 1770, 1864, 1806, 1805, 1818, 1788, | |
| 745 | 1843, 1821, 1822, 1851, 1835, 1857, 1854, 1869, 1862, 1873, | |
| 746 | 1878, 1861, 1870, 1884, 1887, 1900, 1911, 1898, 1901, 1842, | |
| 747 | 1907, 1916, 1918, 1917, 1925, 1928, 1923, 1924, 1929, 1933, | |
| 748 | 1936, 1942, 1951, 1940, 1961, 1953, 1957, 1971, 1956, 6399, | |
| 749 | ||
| 750 | 1963, 1964, 1967, 1974, 1968, 1976, 1978, 1987, 1983, 2005, | |
| 751 | 6399, 2009, 2012, 1992, 2010, 1997, 2001, 1995, 2006, 2020, | |
| 752 | 2023, 2028, 2022, 2042, 2040, 2043, 2053, 2031, 2044, 2047, | |
| 753 | 2035, 2065, 2062, 2056, 2070, 2067, 2060, 2076, 2068, 2093, | |
| 754 | 2080, 2087, 2106, 2085, 2110, 2095, 2111, 2101, 2114, 2102, | |
| 755 | 2107, 2112, 2115, 2103, 2160, 2145, 2143, 2137, 2130, 2157, | |
| 756 | 2141, 2162, 2164, 2159, 2166, 2173, 2170, 2194, 2190, 2187, | |
| 757 | 2189, 2188, 2200, 2216, 2213, 75, 2243, 2207, 2215, 2204, | |
| 758 | 2211, 2229, 2227, 2231, 2234, 2233, 2236, 2241, 2260, 6399, | |
| 759 | 2240, 2250, 2246, 2259, 2279, 2276, 2266, 2274, 2275, 2278, | |
| 760 | ||
| 761 | 2293, 2286, 2271, 2292, 2280, 2301, 2289, 2305, 2316, 2323, | |
| 762 | 6399, 2312, 2310, 2313, 2318, 2330, 2339, 2341, 2338, 2348, | |
| 763 | 2328, 2321, 6399, 2343, 2369, 2350, 2360, 2353, 2352, 2368, | |
| 764 | 2387, 2364, 2382, 2371, 2388, 2373, 2396, 2397, 2391, 6399, | |
| 765 | 2398, 2390, 2399, 2407, 2412, 2395, 2424, 2417, 2418, 2416, | |
| 766 | 2425, 2446, 2442, 2444, 6399, 2432, 2452, 2445, 2441, 2451, | |
| 767 | 2462, 2443, 2461, 2460, 2448, 2470, 2469, 291, 2468, 2482, | |
| 768 | 2471, 2474, 6399, 2473, 68, 2488, 2489, 2483, 2510, 2511, | |
| 769 | 2507, 2518, 2509, 2508, 2513, 2516, 2517, 2506, 2535, 2531, | |
| 770 | 2534, 2523, 2537, 2538, 2549, 2540, 2552, 6399, 2562, 2561, | |
| 771 | ||
| 772 | 2565, 2567, 2574, 2573, 2576, 2570, 2586, 2601, 2588, 6399, | |
| 773 | 2596, 2610, 2600, 2602, 2592, 2615, 2613, 2604, 2626, 2625, | |
| 774 | 2621, 2629, 2634, 2631, 2640, 2641, 6399, 2627, 2655, 2656, | |
| 775 | 2643, 2654, 2653, 2679, 2666, 2657, 2662, 2687, 2711, 2681, | |
| 776 | 2686, 2702, 2698, 2696, 2691, 2704, 2705, 2732, 2715, 2731, | |
| 777 | 2712, 2727, 2737, 2750, 2753, 2744, 2748, 2774, 2768, 153, | |
| 778 | 2759, 6399, 2762, 2757, 2760, 2764, 2803, 2793, 2795, 2787, | |
| 779 | 2800, 2797, 2798, 2809, 2805, 2801, 2824, 2813, 2822, 2816, | |
| 780 | 6399, 2838, 2839, 2827, 2842, 2828, 2847, 2852, 2840, 2858, | |
| 781 | 2843, 2854, 2864, 2855, 2875, 2862, 2871, 2885, 2870, 6399, | |
| 782 | ||
| 783 | 2758, 2867, 2873, 2898, 2886, 2882, 2897, 2896, 2891, 2894, | |
| 784 | 2893, 2920, 2912, 2907, 2917, 2919, 2913, 2935, 2910, 2923, | |
| 785 | 2924, 2940, 2949, 2938, 2947, 6399, 2951, 2971, 2946, 2956, | |
| 786 | 2954, 2962, 2979, 2983, 2972, 2992, 2989, 2990, 2975, 2982, | |
| 787 | 2978, 2995, 2997, 2998, 6399, 2999, 3011, 3012, 3020, 3019, | |
| 788 | 3021, 3022, 3024, 3035, 3007, 3039, 3034, 3041, 3053, 3042, | |
| 789 | 3049, 3051, 3060, 3058, 3078, 3073, 3082, 6399, 3075, 3084, | |
| 790 | 3077, 3071, 3076, 3079, 3100, 3092, 3098, 3087, 3103, 3109, | |
| 791 | 3105, 3131, 3133, 3117, 3119, 3120, 3121, 3102, 3115, 3130, | |
| 792 | 3146, 3148, 3134, 3135, 3136, 3150, 3145, 3157, 3156, 3173, | |
| 793 | ||
| 794 | 3167, 3175, 3185, 3183, 3186, 3176, 3182, 3179, 3202, 6399, | |
| 795 | 3200, 3195, 3199, 3218, 3203, 3205, 3206, 3216, 3233, 3237, | |
| 796 | 6399, 3222, 6399, 3234, 3241, 3246, 6399, 3244, 6399, 3253, | |
| 797 | 3238, 6399, 3252, 3256, 3243, 3247, 3248, 3271, 3263, 3259, | |
| 798 | 3273, 3267, 3290, 3266, 3281, 3293, 3282, 3302, 6399, 3295, | |
| 799 | 3294, 3296, 3305, 3308, 3311, 3316, 3317, 3320, 3321, 3328, | |
| 800 | 3322, 3347, 3339, 3350, 6399, 3337, 3346, 3342, 3354, 6399, | |
| 801 | 3338, 3355, 3366, 3352, 3357, 3368, 3363, 3365, 3397, 3381, | |
| 802 | 3386, 3387, 3399, 3380, 3398, 3411, 3408, 3392, 3402, 3413, | |
| 803 | 3416, 3412, 3425, 3418, 3429, 3422, 3442, 3428, 3430, 3431, | |
| 804 | ||
| 805 | 3439, 3440, 3452, 3449, 3468, 3445, 3455, 3456, 3463, 6399, | |
| 806 | 3459, 3467, 3466, 3495, 3473, 3485, 3477, 3489, 3494, 3490, | |
| 807 | 3502, 3515, 3492, 6399, 3498, 6399, 3506, 3510, 3520, 3535, | |
| 808 | 3522, 3534, 3528, 3537, 3529, 3551, 3543, 3555, 3553, 3547, | |
| 809 | 3556, 3554, 3562, 3561, 3573, 6399, 3532, 3568, 3590, 3581, | |
| 810 | 3583, 3588, 3601, 3613, 3587, 3606, 6399, 3603, 3608, 3612, | |
| 811 | 3604, 3628, 3615, 6399, 3607, 3642, 3631, 3638, 6399, 6399, | |
| 812 | 3632, 3637, 3633, 3639, 3643, 3655, 3640, 3658, 6399, 3611, | |
| 813 | 3659, 3671, 3672, 3682, 3683, 3654, 3668, 6399, 3665, 3693, | |
| 814 | 3686, 3689, 3685, 3699, 3698, 3674, 3710, 3707, 3704, 3702, | |
| 815 | ||
| 816 | 3728, 3727, 3732, 6399, 3731, 3724, 3739, 3729, 3738, 3723, | |
| 817 | 3720, 3734, 3748, 3755, 3750, 3756, 3767, 3765, 3758, 3761, | |
| 818 | 3773, 3786, 3763, 3777, 3775, 3793, 3788, 3797, 3785, 3807, | |
| 819 | 3805, 3791, 3813, 6399, 3815, 3799, 3824, 3800, 3818, 3828, | |
| 820 | 3829, 3834, 3846, 3819, 3827, 3836, 3842, 6399, 3872, 3823, | |
| 821 | 3851, 3857, 3855, 3854, 3866, 3856, 3850, 3879, 3864, 3887, | |
| 822 | 3874, 3878, 3895, 3904, 6399, 6399, 3898, 3889, 3908, 3897, | |
| 823 | 3902, 3911, 3892, 3925, 3906, 3914, 6399, 3923, 3916, 3922, | |
| 824 | 3933, 3949, 3951, 3948, 3953, 3945, 3936, 3943, 3952, 3963, | |
| 825 | 3947, 3960, 3967, 3946, 3978, 6399, 3977, 3984, 3981, 3993, | |
| 826 | ||
| 827 | 3995, 3994, 4002, 4020, 4006, 3989, 4005, 3987, 4017, 4015, | |
| 828 | 4040, 4022, 4012, 4029, 4023, 6399, 4033, 4039, 4042, 4026, | |
| 829 | 4053, 4030, 4060, 4047, 6399, 4058, 4063, 4062, 4071, 4055, | |
| 830 | 4078, 4070, 4072, 4086, 4074, 6399, 4079, 6399, 4090, 4082, | |
| 831 | 6399, 4088, 4095, 4096, 4099, 4109, 4112, 4098, 4115, 4110, | |
| 832 | 4111, 4125, 4126, 4121, 4119, 6399, 4142, 4122, 4123, 4135, | |
| 833 | 6399, 4147, 6399, 4145, 6399, 4148, 4150, 4170, 4149, 4167, | |
| 834 | 4171, 4178, 4172, 6399, 4175, 4159, 4183, 4176, 4187, 4177, | |
| 835 | 4201, 4203, 4191, 4204, 4214, 6399, 4202, 4209, 4196, 4207, | |
| 836 | 4212, 4223, 4238, 4231, 6399, 4240, 4235, 4236, 4250, 4249, | |
| 837 | ||
| 838 | 6399, 4248, 4259, 6399, 4252, 4268, 4247, 4264, 4278, 4282, | |
| 839 | 4284, 4267, 4270, 4197, 4293, 4279, 4291, 6399, 4283, 4294, | |
| 840 | 4301, 4303, 4300, 4312, 4276, 4317, 4311, 4321, 4323, 4335, | |
| 841 | 4325, 4339, 4326, 4343, 4345, 4344, 6399, 4350, 4352, 6399, | |
| 842 | 4360, 4338, 4349, 4353, 6399, 4372, 6399, 4380, 4374, 4363, | |
| 843 | 4366, 4392, 4394, 4395, 4379, 4393, 4399, 4396, 4417, 4400, | |
| 844 | 4412, 6399, 6399, 4410, 4427, 4402, 4414, 4433, 4431, 4422, | |
| 845 | 4438, 4441, 4445, 4447, 6399, 4444, 4430, 6399, 4437, 4451, | |
| 846 | 4458, 4461, 4477, 4466, 4470, 4463, 4483, 4479, 4490, 4465, | |
| 847 | 4480, 6399, 4493, 4473, 4474, 4497, 4506, 4503, 4507, 6399, | |
| 848 | ||
| 849 | 4504, 4502, 4529, 4522, 4523, 4525, 4539, 4536, 4541, 4530, | |
| 850 | 4531, 4546, 4566, 4553, 4555, 6399, 4556, 4549, 4550, 4567, | |
| 851 | 4581, 4584, 4571, 4585, 4568, 4589, 4591, 4587, 4573, 6399, | |
| 852 | 4594, 4603, 4588, 4604, 4602, 4616, 4606, 4623, 4610, 4608, | |
| 853 | 4617, 4619, 4625, 6399, 4621, 4630, 4640, 4652, 4642, 4643, | |
| 854 | 4645, 4644, 4651, 4634, 4672, 4654, 4674, 6399, 4665, 4670, | |
| 855 | 4659, 4680, 4667, 4690, 4691, 4683, 4697, 4699, 4700, 4702, | |
| 856 | 4710, 4715, 6399, 4694, 6399, 4703, 4727, 4718, 4731, 4729, | |
| 857 | 6399, 4723, 4725, 6399, 4735, 4737, 4733, 4745, 6399, 4741, | |
| 858 | 4758, 4746, 4765, 4769, 6399, 4770, 4774, 4786, 4782, 4773, | |
| 859 | ||
| 860 | 4788, 4771, 4780, 4772, 4801, 6399, 4799, 4792, 4805, 4806, | |
| 861 | 4797, 4800, 4798, 4804, 4814, 4818, 4841, 4831, 4822, 6399, | |
| 862 | 4826, 4838, 4851, 4844, 4846, 6399, 6399, 4845, 4853, 4857, | |
| 863 | 4829, 4861, 6399, 4870, 4856, 4864, 4863, 4868, 6399, 6399, | |
| 864 | 4866, 6399, 4867, 6399, 6399, 4887, 4891, 4898, 6399, 4899, | |
| 865 | 6399, 4905, 4901, 4890, 4886, 4904, 6399, 4888, 4910, 4911, | |
| 866 | 6399, 4912, 4915, 4923, 4925, 6399, 4916, 6399, 4919, 4924, | |
| 867 | 4939, 4928, 4931, 4942, 4948, 4927, 4959, 4960, 4949, 4946, | |
| 868 | 4962, 4958, 4965, 4967, 4966, 4976, 4975, 4979, 4973, 4972, | |
| 869 | 4987, 4983, 4988, 4997, 5015, 5004, 4999, 5005, 5006, 5018, | |
| 870 | ||
| 871 | 5014, 5025, 5031, 5019, 5020, 5034, 6399, 6399, 5032, 5026, | |
| 872 | 6399, 5040, 5047, 5044, 5048, 5042, 5052, 5055, 5069, 6399, | |
| 873 | 5049, 5071, 5063, 5076, 5074, 5067, 5084, 5088, 5086, 5091, | |
| 874 | 5106, 5093, 5096, 5094, 5098, 5119, 5107, 5108, 5121, 5120, | |
| 875 | 5130, 5135, 5138, 6399, 5123, 6399, 5131, 5125, 5141, 6399, | |
| 876 | 6399, 5136, 5158, 5139, 5144, 5152, 5173, 5171, 6399, 5162, | |
| 877 | 5172, 5174, 5165, 6399, 5180, 6399, 5181, 5163, 5184, 5186, | |
| 878 | 5193, 6399, 6399, 6399, 5194, 5188, 5199, 5187, 5201, 5202, | |
| 879 | 5214, 5198, 5222, 6399, 5209, 5226, 5227, 5220, 5234, 5238, | |
| 880 | 5233, 5237, 5250, 5243, 5251, 5241, 5258, 5255, 5266, 6399, | |
| 881 | ||
| 882 | 6399, 5259, 5276, 5268, 5279, 5277, 5275, 5278, 5269, 5283, | |
| 883 | 5289, 5285, 6399, 5295, 5296, 5299, 5300, 5306, 5310, 5308, | |
| 884 | 5311, 6399, 6399, 5312, 5314, 5324, 5329, 5326, 5321, 5335, | |
| 885 | 5332, 5333, 6399, 5339, 6399, 5344, 5351, 5368, 5349, 5357, | |
| 886 | 5362, 6399, 5360, 5361, 6399, 5371, 5359, 5370, 6399, 5379, | |
| 887 | 6399, 6399, 5383, 6399, 5384, 6399, 5388, 5389, 5393, 5396, | |
| 888 | 5403, 5412, 5405, 5409, 5400, 5407, 5419, 5422, 5420, 6399, | |
| 889 | 6399, 5433, 5402, 5431, 5443, 5416, 5438, 5444, 6399, 6399, | |
| 890 | 5445, 5451, 6399, 5428, 5439, 5458, 5449, 5455, 5447, 5459, | |
| 891 | 5460, 5465, 5470, 5490, 5492, 5494, 5480, 5498, 5481, 5478, | |
| 892 | ||
| 893 | 5500, 5506, 5512, 6399, 5510, 5508, 5497, 6399, 5513, 5507, | |
| 894 | 5529, 5538, 5535, 6399, 5527, 5546, 5547, 5539, 5534, 5552, | |
| 895 | 5537, 5554, 6399, 5555, 5558, 5556, 6399, 5559, 6399, 5575, | |
| 896 | 6399, 6399, 5564, 5579, 5583, 6399, 5588, 5596, 6399, 5589, | |
| 897 | 5590, 5578, 5582, 5603, 6399, 5609, 5607, 5613, 5610, 5616, | |
| 898 | 5611, 5623, 5617, 5622, 6399, 5614, 5630, 5632, 5634, 5648, | |
| 899 | 5637, 5635, 5636, 5657, 5649, 5640, 5653, 5658, 6399, 5668, | |
| 900 | 5670, 6399, 5662, 6399, 5671, 5672, 5681, 6399, 5687, 5674, | |
| 901 | 5673, 5684, 6399, 5689, 5691, 6399, 5680, 5706, 5709, 5710, | |
| 902 | 5693, 5713, 5704, 5722, 5723, 5727, 6399, 5729, 5715, 5732, | |
| 903 | ||
| 904 | 5734, 5740, 5720, 6399, 5739, 5745, 5750, 5756, 5748, 6399, | |
| 905 | 5757, 5759, 6399, 5758, 5755, 5749, 5775, 5769, 5779, 5781, | |
| 906 | 5783, 6399, 5789, 6399, 6399, 5776, 6399, 5770, 5793, 6399, | |
| 907 | 5798, 5785, 5784, 5800, 5813, 5812, 6399, 6399, 5810, 5806, | |
| 908 | 5818, 5823, 6399, 5815, 5826, 5825, 5820, 5837, 6399, 5821, | |
| 909 | 5834, 5831, 5844, 5848, 5842, 5862, 6399, 6399, 5852, 6399, | |
| 910 | 5868, 5874, 5873, 6399, 6399, 6399, 5878, 6399, 5880, 5884, | |
| 911 | 5881, 6399, 5886, 5870, 5882, 6399, 5891, 5895, 5883, 6399, | |
| 912 | 5899, 5894, 5905, 5914, 5916, 5904, 5915, 5924, 5909, 5912, | |
| 913 | 5928, 5930, 5932, 5921, 5938, 6399, 6399, 5945, 6399, 6399, | |
| 914 | ||
| 915 | 5950, 5952, 5953, 6399, 5947, 5958, 6399, 5960, 5951, 5965, | |
| 916 | 5954, 5968, 6399, 6399, 5955, 5967, 6399, 5976, 5961, 5979, | |
| 917 | 5972, 5971, 5985, 6399, 6399, 6399, 6399, 6399, 5983, 6399, | |
| 918 | 6399, 6000, 5987, 5994, 6399, 5982, 6006, 6002, 6003, 6018, | |
| 919 | 6010, 5998, 6024, 6020, 6019, 6029, 6041, 6042, 6048, 6047, | |
| 920 | 6049, 6030, 6044, 6063, 6046, 6061, 6399, 6057, 6399, 6062, | |
| 921 | 6399, 6058, 6067, 6069, 6064, 6070, 6073, 6399, 6079, 6091, | |
| 922 | 6082, 6085, 6089, 6084, 6108, 6109, 6096, 6117, 6120, 6119, | |
| 923 | 6122, 6126, 6118, 6138, 6132, 6399, 6136, 6133, 6142, 6139, | |
| 924 | 6148, 6144, 6399, 6145, 6149, 6154, 6165, 6155, 6169, 6166, | |
| 925 | ||
| 926 | 6179, 6186, 6184, 6183, 6172, 6197, 6195, 6196, 6200, 6193, | |
| 927 | 6207, 6399, 6204, 6210, 6213, 6214, 6220, 6216, 6225, 6227, | |
| 928 | 6238, 6242, 6239, 6245, 6243, 6399, 6246, 6399, 6399, 6252, | |
| 929 | 6237, 6248, 6258, 6261, 6399, 6399, 6399, 6307, 6314, 6321, | |
| 930 | 6328, 6335, 100, 6342, 6349, 6356, 6363, 6370, 6377, 6384, | |
| 931 | 6391 | |
| 869 | 932 | } ; |
| 870 | 933 | |
| 871 | static yyconst flex_int16_t yy_def[1970] = | |
| 934 | static yyconst flex_int16_t yy_def[2252] = | |
| 872 | 935 | { 0, |
| 873 | 1955, 1, 1956, 1956, 1957, 1957, 1958, 1958, 1959, 1959, | |
| 874 | 1960, 1960, 1955, 1961, 1955, 1955, 1955, 1955, 1962, 1961, | |
| 875 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 876 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 877 | 1963, 1955, 1955, 1955, 1963, 1964, 1955, 1955, 1955, 1964, | |
| 878 | 1965, 1955, 1955, 1955, 1955, 1965, 1966, 1955, 1955, 1955, | |
| 879 | 1966, 1967, 1955, 1968, 1955, 1967, 1967, 1961, 1961, 1955, | |
| 880 | 1969, 1962, 1969, 1962, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 881 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 882 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 883 | ||
| 884 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 885 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 886 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1963, 1963, | |
| 887 | 1964, 1964, 1965, 1965, 1955, 1966, 1966, 1967, 1967, 1968, | |
| 888 | 1968, 1967, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 889 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 890 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 891 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 892 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 893 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 894 | ||
| 895 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1967, 1961, | |
| 896 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 897 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 898 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 899 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 900 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 901 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 902 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 903 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1967, 1961, | |
| 904 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 905 | ||
| 906 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 907 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 908 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 909 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 910 | 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, | |
| 911 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 912 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 913 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 914 | 1961, 1961, 1961, 1955, 1967, 1961, 1961, 1961, 1961, 1961, | |
| 915 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 916 | ||
| 917 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 918 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 919 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 920 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 921 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 922 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 923 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 924 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 925 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1967, 1961, 1961, | |
| 926 | 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 927 | ||
| 928 | 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1955, 1961, 1955, | |
| 929 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 930 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 931 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 932 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 933 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 934 | 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, | |
| 935 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 936 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 937 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1967, 1961, | |
| 938 | ||
| 939 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 940 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 941 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 942 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, | |
| 943 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 944 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 945 | 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, | |
| 946 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 947 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 948 | 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, | |
| 949 | ||
| 950 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 951 | 1961, 1955, 1961, 1967, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 952 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 953 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 954 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 955 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 956 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 957 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 958 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 959 | 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 960 | ||
| 961 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, | |
| 962 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 963 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 964 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 965 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 966 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 967 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 968 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 969 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, | |
| 970 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 971 | ||
| 972 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 973 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 974 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, | |
| 975 | 1955, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, 1955, | |
| 976 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 977 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 978 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 979 | 1955, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 980 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 981 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 982 | ||
| 983 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 984 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1955, | |
| 985 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 986 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, | |
| 987 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, | |
| 988 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1955, 1961, | |
| 989 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, | |
| 990 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 991 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 992 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 993 | ||
| 994 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 995 | 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, | |
| 996 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 997 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 998 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 999 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1000 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1001 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1002 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1003 | 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1004 | ||
| 1005 | 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, 1955, 1961, | |
| 1006 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 1007 | 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1955, 1961, | |
| 1008 | 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, | |
| 1009 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 1010 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, | |
| 1011 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1012 | 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1013 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, | |
| 1014 | 1955, 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, | |
| 1015 | ||
| 1016 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1017 | 1961, 1961, 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1018 | 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1019 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, | |
| 1020 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 1021 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1022 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 1023 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 1024 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1025 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1026 | ||
| 1027 | 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, 1961, | |
| 1028 | 1961, 1961, 1955, 1961, 1961, 1955, 1961, 1955, 1961, 1961, | |
| 1029 | 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1030 | 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1031 | 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, | |
| 1032 | 1955, 1955, 1961, 1961, 1955, 1955, 1955, 1961, 1955, 1961, | |
| 1033 | 1955, 1955, 1961, 1961, 1955, 1961, 1955, 1961, 1961, 1961, | |
| 1034 | 1961, 1961, 1955, 1961, 1961, 1961, 1955, 1961, 1961, 1961, | |
| 1035 | 1961, 1955, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1036 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1037 | ||
| 1038 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1039 | 1961, 1961, 1961, 1961, 1961, 1955, 1955, 1961, 1961, 1961, | |
| 1040 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 1041 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1042 | 1961, 1961, 1955, 1961, 1961, 1955, 1955, 1961, 1961, 1961, | |
| 1043 | 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1955, | |
| 1044 | 1961, 1961, 1961, 1961, 1955, 1955, 1955, 1961, 1961, 1961, | |
| 1045 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 1046 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1955, | |
| 1047 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 1048 | ||
| 1049 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, | |
| 1050 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 1051 | 1961, 1961, 1955, 1961, 1961, 1961, 1955, 1961, 1955, 1961, | |
| 1052 | 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1053 | 1961, 1961, 1961, 1961, 1955, 1955, 1961, 1961, 1961, 1961, | |
| 1054 | 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1055 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1056 | 1961, 1961, 1955, 1961, 1961, 1961, 1955, 1961, 1961, 1961, | |
| 1057 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1955, 1961, | |
| 1058 | 1955, 1955, 1955, 1961, 1961, 1961, 1955, 1961, 1961, 1955, | |
| 1059 | ||
| 1060 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1061 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1062 | 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1955, 1961, | |
| 1063 | 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1064 | 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, | |
| 1065 | 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1955, 1961, 1961, | |
| 1066 | 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1955, | |
| 1067 | 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1955, | |
| 1068 | 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1069 | 1961, 1961, 1961, 1961, 1955, 1955, 1961, 1955, 1961, 1961, | |
| 1070 | ||
| 1071 | 1961, 1955, 1955, 1955, 1961, 1955, 1961, 1955, 1961, 1961, | |
| 1072 | 1961, 1955, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, | |
| 1073 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1955, | |
| 1074 | 1961, 1955, 1961, 1955, 1961, 1961, 1955, 1961, 1961, 1961, | |
| 1075 | 1961, 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1076 | 1955, 1955, 1955, 1961, 1955, 1961, 1961, 1961, 1955, 1961, | |
| 1077 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1078 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, | |
| 1079 | 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, | |
| 1080 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1081 | ||
| 1082 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1083 | 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1084 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, | |
| 1085 | 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, | |
| 1086 | 1961, 1961, 1961, 1955, 1961, 1955, 1955, 1961, 1961, 1961, | |
| 1087 | 1961, 1961, 1955, 1955, 0, 1955, 1955, 1955, 1955, 1955, | |
| 1088 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955 | |
| 936 | 2237, 1, 2238, 2238, 2239, 2239, 2240, 2240, 2241, 2241, | |
| 937 | 2242, 2242, 2237, 2243, 2237, 2237, 2237, 2237, 2244, 2243, | |
| 938 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 939 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 940 | 2245, 2237, 2237, 2237, 2245, 2246, 2237, 2237, 2237, 2246, | |
| 941 | 2247, 2237, 2237, 2237, 2237, 2247, 2248, 2237, 2237, 2237, | |
| 942 | 2248, 2249, 2237, 2250, 2237, 2249, 2249, 2243, 2243, 2237, | |
| 943 | 2251, 2244, 2251, 2244, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 944 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 945 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 946 | ||
| 947 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 948 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 949 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 950 | 2245, 2245, 2246, 2246, 2247, 2247, 2237, 2248, 2248, 2249, | |
| 951 | 2249, 2250, 2250, 2249, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 952 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 953 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 954 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 955 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 956 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 957 | ||
| 958 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 959 | 2243, 2243, 2243, 2243, 2243, 2249, 2243, 2243, 2243, 2243, | |
| 960 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 961 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 962 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 963 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 964 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 965 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 966 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 967 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 968 | ||
| 969 | 2243, 2243, 2249, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 970 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 971 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 972 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 973 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 974 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 975 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, | |
| 976 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 977 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 978 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 979 | ||
| 980 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2249, 2243, | |
| 981 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 982 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 983 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 984 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 985 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 986 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 987 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 988 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 989 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 990 | ||
| 991 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 992 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 993 | 2243, 2243, 2243, 2249, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 994 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 995 | 2243, 2243, 2237, 2243, 2237, 2237, 2243, 2237, 2237, 2243, | |
| 996 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 997 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 998 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 999 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1000 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1001 | ||
| 1002 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1003 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1004 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1005 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1006 | 2243, 2243, 2243, 2243, 2243, 2243, 2249, 2243, 2243, 2243, | |
| 1007 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1008 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1009 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1010 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1011 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1012 | ||
| 1013 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1014 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1015 | 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1016 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1017 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1018 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1019 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1020 | 2243, 2243, 2237, 2243, 2249, 2243, 2243, 2243, 2243, 2243, | |
| 1021 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1022 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1023 | ||
| 1024 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1025 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1026 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, | |
| 1027 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1028 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1029 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1030 | 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1031 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1032 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1033 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1034 | ||
| 1035 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1036 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1037 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1038 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1039 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1040 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1041 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1042 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1043 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1044 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1045 | ||
| 1046 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1047 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1048 | 2237, 2243, 2237, 2243, 2243, 2243, 2237, 2243, 2237, 2243, | |
| 1049 | 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1050 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, | |
| 1051 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1052 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2237, | |
| 1053 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1054 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1055 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1056 | ||
| 1057 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1058 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1059 | 2243, 2243, 2243, 2237, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1060 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1061 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1062 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, | |
| 1063 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2237, 2237, | |
| 1064 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, | |
| 1065 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1066 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1067 | ||
| 1068 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1069 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1070 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1071 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1072 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1073 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1074 | 2243, 2243, 2243, 2243, 2237, 2237, 2243, 2243, 2243, 2243, | |
| 1075 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, | |
| 1076 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1077 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1078 | ||
| 1079 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1080 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1081 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1082 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2237, 2243, 2243, | |
| 1083 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1084 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1085 | 2237, 2243, 2237, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1086 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1087 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1088 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1089 | ||
| 1090 | 2237, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1091 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1092 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1093 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2237, | |
| 1094 | 2243, 2243, 2243, 2243, 2237, 2243, 2237, 2243, 2243, 2243, | |
| 1095 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1096 | 2243, 2237, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1097 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2237, 2243, 2243, | |
| 1098 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1099 | 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1100 | ||
| 1101 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1102 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1103 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1104 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1105 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1106 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1107 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1108 | 2243, 2243, 2237, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1109 | 2237, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2237, 2243, | |
| 1110 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1111 | ||
| 1112 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1113 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1114 | 2243, 2243, 2243, 2243, 2243, 2237, 2237, 2243, 2243, 2243, | |
| 1115 | 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2237, 2237, | |
| 1116 | 2243, 2237, 2243, 2237, 2237, 2243, 2243, 2243, 2237, 2243, | |
| 1117 | 2237, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, | |
| 1118 | 2237, 2243, 2243, 2243, 2243, 2237, 2243, 2237, 2243, 2243, | |
| 1119 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1120 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1121 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1122 | ||
| 1123 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2237, 2243, 2243, | |
| 1124 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1125 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1126 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1127 | 2243, 2243, 2243, 2237, 2243, 2237, 2243, 2243, 2243, 2237, | |
| 1128 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, | |
| 1129 | 2243, 2243, 2243, 2237, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1130 | 2243, 2237, 2237, 2237, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1131 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1132 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1133 | ||
| 1134 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1135 | 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1136 | 2243, 2237, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1137 | 2243, 2243, 2237, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1138 | 2243, 2237, 2243, 2243, 2237, 2243, 2243, 2243, 2237, 2243, | |
| 1139 | 2237, 2237, 2243, 2237, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1140 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1141 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2237, | |
| 1142 | 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1143 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1144 | ||
| 1145 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1146 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1147 | 2243, 2243, 2237, 2243, 2243, 2243, 2237, 2243, 2237, 2243, | |
| 1148 | 2237, 2237, 2243, 2243, 2243, 2237, 2243, 2243, 2237, 2243, | |
| 1149 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1150 | 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1151 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, | |
| 1152 | 2243, 2237, 2243, 2237, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1153 | 2243, 2243, 2237, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1154 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, | |
| 1155 | ||
| 1156 | 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2237, | |
| 1157 | 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1158 | 2243, 2237, 2243, 2237, 2237, 2243, 2237, 2243, 2243, 2237, | |
| 1159 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2237, 2243, 2243, | |
| 1160 | 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2237, 2243, | |
| 1161 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2237, 2243, 2237, | |
| 1162 | 2243, 2243, 2243, 2237, 2237, 2237, 2243, 2237, 2243, 2243, | |
| 1163 | 2243, 2237, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2237, | |
| 1164 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1165 | 2243, 2243, 2243, 2243, 2243, 2237, 2237, 2243, 2237, 2237, | |
| 1166 | ||
| 1167 | 2243, 2243, 2243, 2237, 2243, 2243, 2237, 2243, 2243, 2243, | |
| 1168 | 2243, 2243, 2237, 2237, 2243, 2243, 2237, 2243, 2243, 2243, | |
| 1169 | 2243, 2243, 2243, 2237, 2237, 2237, 2237, 2237, 2243, 2237, | |
| 1170 | 2237, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, | |
| 1171 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1172 | 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2237, 2243, | |
| 1173 | 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, | |
| 1174 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1175 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2243, 2243, 2243, | |
| 1176 | 2243, 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1177 | ||
| 1178 | 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1179 | 2243, 2237, 2243, 2243, 2243, 2243, 2243, 2243, 2243, 2243, | |
| 1180 | 2243, 2243, 2243, 2243, 2243, 2237, 2243, 2237, 2237, 2243, | |
| 1181 | 2243, 2243, 2243, 2243, 2237, 2237, 0, 2237, 2237, 2237, | |
| 1182 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 1183 | 2237 | |
| 1089 | 1184 | } ; |
| 1090 | 1185 | |
| 1091 | static yyconst flex_uint16_t yy_nxt[5690] = | |
| 1186 | static yyconst flex_uint16_t yy_nxt[6466] = | |
| 1092 | 1187 | { 0, |
| 1093 | 1188 | 14, 15, 16, 17, 18, 19, 18, 14, 14, 14, |
| 1094 | 14, 18, 20, 14, 21, 22, 23, 24, 14, 25, | |
| 1095 | 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, | |
| 1096 | 36, 37, 38, 39, 14, 14, 14, 14, 40, 20, | |
| 1097 | 14, 21, 22, 23, 24, 14, 25, 26, 27, 28, | |
| 1098 | 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, | |
| 1099 | 39, 14, 14, 14, 14, 42, 43, 44, 42, 43, | |
| 1100 | 44, 47, 48, 47, 48, 49, 96, 49, 52, 53, | |
| 1101 | 54, 55, 68, 18, 52, 53, 54, 55, 69, 18, | |
| 1102 | 58, 59, 60, 58, 59, 60, 70, 129, 129, 131, | |
| 1103 | ||
| 1104 | 71, 45, 131, 96, 45, 136, 136, 50, 73, 50, | |
| 1105 | 73, 73, 70, 73, 830, 56, 71, 68, 73, 68, | |
| 1106 | 68, 56, 68, 86, 75, 76, 61, 68, 139, 61, | |
| 1107 | 15, 16, 17, 63, 64, 65, 15, 16, 17, 63, | |
| 1108 | 64, 65, 77, 87, 69, 74, 69, 98, 69, 66, | |
| 1109 | 86, 75, 76, 131, 78, 66, 131, 88, 154, 69, | |
| 1110 | 139, 79, 112, 69, 90, 97, 142, 67, 80, 77, | |
| 1111 | 87, 89, 91, 67, 98, 69, 66, 129, 129, 139, | |
| 1112 | 69, 78, 66, 69, 88, 154, 914, 69, 79, 112, | |
| 1113 | 69, 90, 97, 142, 99, 80, 81, 137, 89, 91, | |
| 1114 | ||
| 1115 | 82, 92, 100, 83, 93, 84, 85, 135, 101, 106, | |
| 1116 | 134, 94, 102, 95, 69, 69, 170, 121, 69, 122, | |
| 1117 | 69, 99, 103, 81, 69, 196, 104, 82, 92, 100, | |
| 1118 | 83, 93, 84, 85, 123, 101, 106, 113, 94, 102, | |
| 1119 | 95, 114, 105, 69, 121, 117, 122, 69, 69, 103, | |
| 1120 | 144, 115, 124, 104, 116, 118, 69, 125, 132, 119, | |
| 1121 | 120, 123, 130, 69, 113, 69, 69, 69, 114, 105, | |
| 1122 | 107, 143, 117, 69, 108, 136, 136, 144, 115, 124, | |
| 1123 | 109, 116, 118, 110, 125, 126, 119, 120, 139, 127, | |
| 1124 | 111, 149, 69, 128, 137, 69, 135, 107, 143, 134, | |
| 1125 | ||
| 1126 | 133, 108, 133, 133, 69, 133, 132, 109, 145, 130, | |
| 1127 | 110, 69, 126, 69, 211, 69, 127, 111, 149, 73, | |
| 1128 | 128, 73, 73, 138, 73, 138, 138, 68, 138, 68, | |
| 1129 | 68, 73, 68, 73, 73, 145, 73, 68, 146, 148, | |
| 1130 | 150, 73, 155, 152, 153, 69, 151, 158, 69, 161, | |
| 1131 | 69, 147, 69, 1955, 163, 156, 141, 159, 69, 1955, | |
| 1132 | 69, 69, 69, 160, 69, 146, 148, 150, 74, 155, | |
| 1133 | 152, 153, 157, 151, 158, 164, 161, 69, 147, 69, | |
| 1134 | 162, 163, 165, 1955, 159, 1955, 69, 1955, 166, 69, | |
| 1135 | 160, 167, 171, 176, 172, 69, 69, 69, 177, 157, | |
| 1136 | ||
| 1137 | 69, 178, 164, 1955, 168, 169, 174, 162, 184, 165, | |
| 1138 | 175, 69, 69, 180, 173, 166, 69, 69, 167, 171, | |
| 1139 | 176, 172, 179, 181, 69, 177, 1955, 69, 178, 183, | |
| 1140 | 69, 168, 169, 174, 182, 184, 69, 175, 186, 185, | |
| 1141 | 180, 173, 69, 69, 190, 189, 1955, 69, 69, 179, | |
| 1142 | 181, 187, 69, 191, 192, 188, 183, 193, 1955, 194, | |
| 1143 | 69, 182, 69, 303, 197, 186, 185, 69, 69, 69, | |
| 1144 | 69, 190, 189, 69, 195, 222, 198, 201, 187, 69, | |
| 1145 | 191, 192, 188, 69, 193, 200, 194, 202, 69, 207, | |
| 1146 | 203, 197, 69, 69, 69, 206, 199, 205, 69, 208, | |
| 1147 | ||
| 1148 | 1955, 195, 69, 198, 201, 1955, 69, 1955, 1955, 209, | |
| 1149 | 69, 204, 200, 1955, 202, 69, 207, 203, 1955, 69, | |
| 1150 | 340, 69, 206, 199, 205, 133, 208, 133, 133, 138, | |
| 1151 | 133, 138, 138, 139, 138, 210, 209, 73, 204, 73, | |
| 1152 | 73, 212, 73, 214, 213, 216, 215, 69, 217, 218, | |
| 1153 | 1955, 69, 69, 69, 219, 220, 232, 69, 69, 221, | |
| 1154 | 402, 403, 210, 69, 230, 233, 69, 223, 212, 1955, | |
| 1155 | 214, 213, 216, 215, 141, 217, 231, 69, 69, 235, | |
| 1156 | 69, 219, 220, 232, 69, 69, 221, 69, 224, 69, | |
| 1157 | 69, 230, 233, 234, 1955, 69, 236, 69, 237, 1955, | |
| 1158 | ||
| 1159 | 238, 241, 69, 231, 239, 1955, 235, 240, 242, 249, | |
| 1160 | 69, 69, 69, 1955, 243, 224, 225, 247, 69, 69, | |
| 1161 | 234, 226, 1955, 236, 69, 237, 227, 238, 241, 1955, | |
| 1162 | 69, 239, 228, 229, 240, 242, 69, 244, 248, 69, | |
| 1163 | 69, 243, 245, 225, 247, 250, 253, 251, 226, 69, | |
| 1164 | 256, 1955, 254, 227, 1955, 255, 246, 252, 257, 228, | |
| 1165 | 229, 69, 258, 69, 244, 248, 259, 260, 262, 245, | |
| 1166 | 69, 69, 250, 266, 261, 264, 267, 69, 69, 254, | |
| 1167 | 69, 69, 255, 246, 252, 257, 268, 69, 69, 69, | |
| 1168 | 69, 263, 69, 69, 260, 262, 69, 69, 69, 265, | |
| 1169 | ||
| 1170 | 266, 261, 264, 267, 69, 269, 271, 270, 69, 275, | |
| 1171 | 272, 273, 274, 268, 69, 69, 276, 69, 263, 277, | |
| 1172 | 69, 278, 279, 69, 282, 283, 265, 280, 69, 285, | |
| 1173 | 281, 1955, 269, 271, 270, 69, 1955, 272, 273, 274, | |
| 1174 | 69, 69, 286, 276, 69, 69, 277, 284, 278, 289, | |
| 1175 | 69, 282, 291, 69, 280, 290, 69, 281, 288, 287, | |
| 1176 | 69, 292, 69, 69, 139, 294, 293, 69, 295, 286, | |
| 1177 | 297, 69, 296, 301, 284, 298, 289, 300, 1955, 291, | |
| 1178 | 69, 69, 290, 69, 302, 288, 287, 299, 69, 69, | |
| 1179 | 304, 311, 69, 293, 69, 295, 69, 297, 69, 296, | |
| 1180 | ||
| 1181 | 301, 69, 298, 305, 300, 309, 313, 306, 307, 308, | |
| 1182 | 69, 302, 312, 310, 299, 314, 69, 304, 69, 316, | |
| 1183 | 69, 315, 69, 1955, 1955, 69, 1955, 322, 69, 69, | |
| 1184 | 305, 69, 309, 69, 306, 307, 308, 69, 317, 312, | |
| 1185 | 310, 69, 314, 69, 318, 69, 319, 320, 315, 321, | |
| 1186 | 69, 69, 69, 69, 322, 323, 324, 325, 326, 328, | |
| 1187 | 1955, 69, 327, 1955, 69, 317, 69, 69, 329, 1955, | |
| 1188 | 331, 318, 330, 319, 320, 69, 321, 69, 332, 69, | |
| 1189 | 334, 333, 323, 324, 325, 326, 337, 69, 69, 327, | |
| 1190 | 69, 341, 69, 345, 335, 329, 336, 331, 69, 330, | |
| 1191 | ||
| 1192 | 69, 69, 338, 339, 346, 332, 342, 334, 333, 343, | |
| 1193 | 69, 69, 344, 337, 347, 69, 69, 349, 341, 352, | |
| 1194 | 345, 335, 69, 336, 69, 348, 350, 69, 351, 338, | |
| 1195 | 339, 346, 354, 342, 69, 353, 343, 356, 69, 344, | |
| 1196 | 1955, 69, 69, 69, 349, 1955, 352, 69, 359, 355, | |
| 1197 | 69, 365, 348, 350, 363, 351, 69, 364, 357, 69, | |
| 1198 | 358, 69, 353, 69, 356, 1955, 360, 368, 369, 361, | |
| 1199 | 1955, 362, 69, 69, 69, 359, 355, 69, 365, 370, | |
| 1200 | 69, 363, 69, 366, 371, 357, 373, 358, 69, 381, | |
| 1201 | 1955, 367, 69, 360, 368, 369, 361, 69, 362, 69, | |
| 1202 | ||
| 1203 | 372, 69, 389, 382, 386, 383, 370, 387, 69, 384, | |
| 1204 | 366, 371, 69, 373, 1955, 1955, 381, 385, 367, 69, | |
| 1205 | 390, 69, 1955, 139, 69, 388, 1955, 372, 374, 375, | |
| 1206 | 382, 386, 69, 69, 387, 393, 69, 392, 376, 391, | |
| 1207 | 377, 378, 379, 395, 385, 380, 69, 390, 394, 69, | |
| 1208 | 398, 396, 388, 69, 399, 374, 375, 69, 69, 400, | |
| 1209 | 69, 397, 393, 69, 392, 376, 391, 377, 378, 379, | |
| 1210 | 69, 401, 380, 404, 69, 394, 69, 398, 396, 405, | |
| 1211 | 69, 406, 407, 1955, 409, 69, 400, 408, 397, 412, | |
| 1212 | 69, 416, 69, 69, 410, 69, 411, 413, 401, 417, | |
| 1213 | ||
| 1214 | 404, 415, 69, 419, 1955, 69, 405, 69, 406, 407, | |
| 1215 | 414, 409, 69, 69, 408, 69, 412, 69, 416, 69, | |
| 1216 | 418, 410, 69, 411, 413, 420, 417, 421, 415, 423, | |
| 1217 | 422, 69, 424, 425, 69, 426, 428, 414, 69, 427, | |
| 1218 | 1955, 429, 1955, 431, 430, 448, 433, 418, 69, 69, | |
| 1219 | 69, 69, 420, 69, 421, 69, 423, 422, 69, 424, | |
| 1220 | 425, 69, 426, 432, 69, 69, 427, 69, 429, 69, | |
| 1221 | 431, 430, 434, 433, 435, 436, 69, 437, 69, 438, | |
| 1222 | 439, 69, 441, 1955, 442, 444, 69, 445, 1955, 440, | |
| 1223 | 432, 69, 452, 1955, 69, 443, 69, 450, 69, 434, | |
| 1224 | ||
| 1225 | 69, 435, 436, 69, 437, 69, 438, 439, 69, 441, | |
| 1226 | 69, 442, 444, 446, 445, 447, 440, 449, 451, 69, | |
| 1227 | 69, 453, 443, 69, 450, 1955, 455, 456, 69, 458, | |
| 1228 | 1955, 69, 457, 69, 1955, 69, 459, 69, 460, 461, | |
| 1229 | 446, 69, 447, 454, 449, 451, 1955, 69, 487, 69, | |
| 1230 | 468, 1955, 69, 455, 456, 69, 458, 69, 69, 457, | |
| 1231 | 469, 470, 1955, 459, 471, 460, 461, 473, 69, 69, | |
| 1232 | 454, 462, 69, 472, 474, 487, 463, 468, 464, 1955, | |
| 1233 | 475, 69, 476, 1955, 69, 477, 465, 469, 470, 466, | |
| 1234 | 478, 69, 480, 479, 473, 69, 467, 69, 462, 1955, | |
| 1235 | ||
| 1236 | 472, 474, 69, 463, 69, 464, 69, 475, 69, 476, | |
| 1237 | 481, 69, 477, 465, 483, 484, 466, 478, 69, 480, | |
| 1238 | 479, 482, 485, 467, 488, 489, 69, 486, 490, 1955, | |
| 1239 | 69, 491, 492, 69, 493, 494, 69, 481, 496, 69, | |
| 1240 | 69, 483, 484, 69, 498, 495, 69, 139, 482, 485, | |
| 1241 | 497, 488, 499, 69, 486, 490, 69, 501, 491, 492, | |
| 1242 | 69, 493, 69, 500, 69, 69, 507, 502, 69, 69, | |
| 1243 | 503, 498, 495, 506, 508, 509, 504, 497, 69, 499, | |
| 1244 | 505, 69, 510, 511, 501, 69, 512, 69, 515, 513, | |
| 1245 | 500, 514, 517, 69, 502, 69, 69, 503, 516, 518, | |
| 1246 | ||
| 1247 | 506, 69, 519, 521, 520, 522, 69, 69, 1955, 69, | |
| 1248 | 69, 69, 532, 69, 528, 515, 513, 69, 514, 527, | |
| 1249 | 523, 69, 69, 69, 69, 516, 518, 69, 69, 519, | |
| 1250 | 524, 520, 522, 69, 69, 525, 529, 530, 531, 526, | |
| 1251 | 69, 528, 533, 69, 534, 69, 527, 523, 537, 1955, | |
| 1252 | 535, 69, 538, 539, 69, 543, 540, 524, 1955, 69, | |
| 1253 | 69, 544, 525, 529, 530, 531, 526, 69, 69, 533, | |
| 1254 | 69, 534, 536, 69, 69, 537, 541, 535, 69, 538, | |
| 1255 | 539, 542, 69, 540, 547, 545, 69, 69, 544, 546, | |
| 1256 | 550, 548, 549, 551, 552, 554, 69, 555, 1955, 536, | |
| 1257 | ||
| 1258 | 69, 556, 553, 541, 559, 69, 69, 1955, 542, 69, | |
| 1259 | 557, 547, 545, 69, 1955, 69, 546, 69, 548, 549, | |
| 1260 | 551, 69, 554, 561, 69, 69, 69, 558, 69, 553, | |
| 1261 | 560, 563, 564, 569, 566, 69, 565, 557, 562, 568, | |
| 1262 | 570, 69, 69, 567, 571, 573, 1955, 69, 69, 69, | |
| 1263 | 561, 69, 69, 69, 558, 572, 574, 560, 563, 69, | |
| 1264 | 569, 566, 69, 69, 69, 562, 568, 570, 69, 575, | |
| 1265 | 567, 571, 573, 582, 69, 576, 578, 577, 579, 580, | |
| 1266 | 1955, 69, 572, 574, 69, 69, 581, 69, 69, 583, | |
| 1267 | 586, 584, 585, 590, 69, 1955, 575, 587, 1955, 69, | |
| 1268 | ||
| 1269 | 582, 69, 576, 578, 577, 69, 580, 69, 588, 69, | |
| 1270 | 589, 591, 69, 581, 69, 69, 583, 586, 584, 585, | |
| 1271 | 590, 592, 69, 593, 587, 594, 595, 597, 1955, 596, | |
| 1272 | 69, 69, 601, 598, 69, 588, 599, 589, 591, 606, | |
| 1273 | 69, 600, 1955, 69, 605, 69, 69, 69, 592, 603, | |
| 1274 | 593, 69, 594, 595, 597, 69, 596, 604, 139, 601, | |
| 1275 | 598, 602, 69, 599, 608, 69, 607, 69, 600, 610, | |
| 1276 | 69, 605, 611, 69, 609, 69, 603, 613, 69, 612, | |
| 1277 | 614, 1955, 69, 620, 604, 626, 69, 69, 602, 69, | |
| 1278 | 621, 608, 623, 607, 1955, 69, 610, 625, 69, 634, | |
| 1279 | ||
| 1280 | 69, 609, 622, 69, 613, 624, 612, 614, 615, 635, | |
| 1281 | 620, 1955, 616, 69, 637, 617, 69, 621, 69, 623, | |
| 1282 | 69, 69, 618, 69, 625, 619, 634, 1955, 69, 622, | |
| 1283 | 69, 636, 624, 69, 638, 615, 635, 657, 69, 616, | |
| 1284 | 639, 637, 617, 1955, 1955, 1955, 640, 1955, 642, 618, | |
| 1285 | 641, 646, 619, 627, 628, 1955, 629, 1955, 636, 630, | |
| 1286 | 69, 69, 69, 643, 631, 644, 645, 639, 69, 1955, | |
| 1287 | 632, 633, 69, 640, 69, 642, 69, 641, 646, 69, | |
| 1288 | 627, 628, 651, 629, 650, 69, 630, 647, 69, 69, | |
| 1289 | 643, 631, 644, 645, 648, 69, 649, 632, 633, 656, | |
| 1290 | ||
| 1291 | 652, 69, 653, 69, 69, 658, 655, 654, 69, 651, | |
| 1292 | 1955, 650, 69, 659, 647, 69, 69, 660, 1955, 667, | |
| 1293 | 661, 648, 662, 649, 1955, 670, 69, 652, 69, 653, | |
| 1294 | 664, 1955, 668, 655, 654, 665, 69, 69, 69, 69, | |
| 1295 | 659, 69, 663, 672, 660, 666, 69, 661, 669, 662, | |
| 1296 | 69, 69, 69, 69, 676, 69, 69, 664, 671, 668, | |
| 1297 | 673, 69, 665, 675, 674, 677, 69, 69, 678, 663, | |
| 1298 | 672, 69, 666, 681, 679, 669, 69, 69, 69, 69, | |
| 1299 | 69, 676, 680, 682, 1955, 671, 695, 673, 69, 684, | |
| 1300 | 675, 674, 677, 683, 687, 678, 69, 685, 69, 69, | |
| 1301 | ||
| 1302 | 681, 679, 69, 688, 686, 69, 689, 691, 692, 680, | |
| 1303 | 682, 69, 69, 69, 690, 69, 684, 694, 698, 693, | |
| 1304 | 683, 687, 69, 69, 685, 69, 69, 697, 699, 696, | |
| 1305 | 688, 686, 69, 689, 691, 692, 69, 700, 69, 701, | |
| 1306 | 69, 690, 702, 703, 694, 704, 693, 69, 705, 69, | |
| 1307 | 706, 69, 707, 708, 697, 710, 696, 69, 712, 69, | |
| 1308 | 69, 711, 69, 709, 700, 69, 701, 714, 69, 702, | |
| 1309 | 703, 715, 704, 713, 69, 705, 69, 69, 716, 707, | |
| 1310 | 708, 69, 69, 69, 717, 69, 69, 727, 711, 719, | |
| 1311 | 709, 1955, 69, 718, 139, 728, 69, 720, 715, 733, | |
| 1312 | ||
| 1313 | 713, 69, 69, 729, 69, 716, 1955, 730, 1955, 69, | |
| 1314 | 734, 717, 731, 69, 727, 69, 719, 732, 69, 735, | |
| 1315 | 718, 69, 728, 69, 720, 721, 733, 722, 736, 69, | |
| 1316 | 729, 723, 69, 724, 730, 69, 737, 734, 725, 731, | |
| 1317 | 738, 742, 740, 726, 732, 745, 735, 69, 69, 69, | |
| 1318 | 739, 69, 721, 741, 722, 736, 746, 744, 723, 743, | |
| 1319 | 724, 1955, 69, 737, 69, 725, 69, 738, 742, 740, | |
| 1320 | 726, 753, 69, 752, 755, 757, 69, 739, 69, 761, | |
| 1321 | 741, 756, 754, 69, 744, 763, 743, 747, 69, 69, | |
| 1322 | 759, 758, 748, 69, 749, 69, 760, 69, 753, 762, | |
| 1323 | ||
| 1324 | 752, 755, 757, 69, 69, 750, 69, 69, 756, 754, | |
| 1325 | 69, 764, 751, 69, 747, 766, 69, 759, 758, 748, | |
| 1326 | 765, 749, 69, 760, 767, 769, 762, 768, 69, 69, | |
| 1327 | 770, 1955, 750, 69, 771, 69, 773, 774, 764, 751, | |
| 1328 | 772, 779, 766, 775, 69, 69, 1955, 765, 69, 69, | |
| 1329 | 69, 1955, 769, 776, 768, 69, 778, 770, 69, 69, | |
| 1330 | 780, 771, 777, 773, 774, 782, 69, 772, 69, 69, | |
| 1331 | 775, 783, 69, 781, 69, 784, 786, 69, 787, 785, | |
| 1332 | 776, 788, 69, 778, 795, 1955, 791, 780, 790, 777, | |
| 1333 | 792, 1955, 782, 69, 69, 789, 800, 69, 783, 69, | |
| 1334 | ||
| 1335 | 781, 69, 784, 786, 69, 787, 785, 793, 69, 69, | |
| 1336 | 794, 795, 69, 796, 797, 790, 798, 69, 799, 808, | |
| 1337 | 69, 69, 789, 800, 801, 69, 69, 802, 69, 805, | |
| 1338 | 69, 803, 1955, 69, 793, 804, 806, 794, 69, 807, | |
| 1339 | 796, 797, 1955, 798, 811, 799, 69, 69, 1955, 809, | |
| 1340 | 69, 801, 810, 69, 802, 812, 805, 69, 803, 816, | |
| 1341 | 69, 69, 804, 806, 69, 813, 807, 69, 69, 815, | |
| 1342 | 814, 811, 817, 69, 820, 819, 809, 69, 818, 810, | |
| 1343 | 822, 823, 812, 69, 69, 824, 826, 821, 1955, 1955, | |
| 1344 | 69, 1955, 813, 1955, 69, 69, 815, 814, 69, 817, | |
| 1345 | ||
| 1346 | 69, 820, 819, 69, 829, 818, 825, 822, 828, 827, | |
| 1347 | 832, 831, 69, 69, 821, 833, 69, 69, 69, 69, | |
| 1348 | 69, 69, 834, 69, 69, 838, 835, 836, 69, 837, | |
| 1349 | 839, 829, 69, 825, 69, 828, 827, 832, 831, 840, | |
| 1350 | 69, 69, 833, 1955, 841, 842, 843, 844, 848, 834, | |
| 1351 | 1955, 846, 838, 835, 836, 845, 837, 847, 851, 69, | |
| 1352 | 69, 69, 854, 69, 849, 69, 69, 69, 69, 1955, | |
| 1353 | 69, 841, 842, 843, 844, 848, 69, 69, 846, 850, | |
| 1354 | 852, 853, 845, 69, 847, 69, 856, 69, 855, 854, | |
| 1355 | 69, 849, 857, 69, 860, 69, 858, 859, 863, 862, | |
| 1356 | ||
| 1357 | 861, 1955, 1955, 864, 881, 1955, 850, 852, 853, 69, | |
| 1358 | 69, 69, 69, 856, 69, 855, 69, 69, 69, 857, | |
| 1359 | 69, 860, 865, 858, 859, 863, 862, 861, 866, 867, | |
| 1360 | 864, 869, 868, 870, 871, 69, 69, 872, 873, 874, | |
| 1361 | 1955, 69, 875, 69, 69, 876, 69, 69, 69, 865, | |
| 1362 | 69, 878, 69, 69, 69, 866, 867, 69, 869, 868, | |
| 1363 | 870, 871, 877, 69, 872, 873, 874, 879, 880, 875, | |
| 1364 | 884, 882, 876, 883, 69, 886, 887, 69, 878, 885, | |
| 1365 | 888, 1955, 891, 69, 69, 889, 69, 893, 894, 877, | |
| 1366 | 69, 890, 69, 69, 879, 880, 892, 884, 882, 895, | |
| 1367 | ||
| 1368 | 883, 69, 886, 897, 69, 69, 885, 69, 69, 891, | |
| 1369 | 69, 896, 889, 898, 893, 899, 900, 901, 890, 69, | |
| 1370 | 903, 69, 904, 892, 902, 69, 895, 905, 906, 69, | |
| 1371 | 897, 1955, 1955, 69, 69, 69, 907, 69, 896, 69, | |
| 1372 | 898, 69, 899, 900, 901, 915, 1955, 903, 1955, 919, | |
| 1373 | 69, 902, 913, 69, 916, 906, 917, 918, 69, 69, | |
| 1374 | 1955, 69, 929, 907, 908, 931, 69, 69, 69, 909, | |
| 1375 | 920, 910, 915, 911, 921, 912, 919, 69, 69, 913, | |
| 1376 | 922, 916, 69, 917, 918, 924, 923, 926, 927, 69, | |
| 1377 | 925, 908, 69, 69, 69, 932, 909, 69, 910, 930, | |
| 1378 | ||
| 1379 | 911, 69, 912, 69, 69, 69, 928, 922, 69, 933, | |
| 1380 | 934, 69, 924, 923, 926, 927, 935, 925, 69, 69, | |
| 1381 | 936, 937, 932, 938, 939, 940, 930, 69, 941, 1955, | |
| 1382 | 69, 69, 942, 928, 943, 69, 933, 934, 944, 949, | |
| 1383 | 945, 947, 950, 69, 948, 69, 952, 936, 69, 946, | |
| 1384 | 938, 939, 69, 69, 69, 941, 951, 953, 69, 942, | |
| 1385 | 69, 943, 69, 955, 69, 944, 69, 945, 947, 956, | |
| 1386 | 69, 948, 954, 69, 957, 69, 946, 69, 69, 69, | |
| 1387 | 69, 69, 958, 951, 953, 960, 963, 959, 964, 69, | |
| 1388 | 955, 69, 961, 69, 966, 965, 69, 971, 962, 954, | |
| 1389 | ||
| 1390 | 967, 957, 969, 69, 69, 69, 968, 69, 69, 958, | |
| 1391 | 970, 69, 973, 963, 959, 964, 69, 977, 979, 961, | |
| 1392 | 69, 966, 965, 974, 69, 962, 972, 967, 978, 969, | |
| 1393 | 69, 69, 69, 968, 69, 69, 975, 970, 980, 973, | |
| 1394 | 976, 981, 1955, 69, 977, 979, 982, 69, 983, 984, | |
| 1395 | 974, 69, 986, 972, 988, 978, 987, 69, 985, 69, | |
| 1396 | 992, 69, 1955, 69, 69, 980, 990, 69, 69, 69, | |
| 1397 | 989, 991, 69, 982, 995, 983, 984, 69, 69, 986, | |
| 1398 | 69, 988, 994, 987, 993, 985, 69, 992, 996, 69, | |
| 1399 | 998, 1000, 1002, 990, 997, 69, 999, 989, 991, 69, | |
| 1400 | ||
| 1401 | 69, 995, 69, 1004, 1006, 1001, 1007, 1008, 1003, 994, | |
| 1402 | 69, 993, 69, 69, 69, 996, 69, 998, 1000, 1002, | |
| 1403 | 69, 997, 1005, 999, 69, 1009, 69, 1010, 69, 1011, | |
| 1404 | 1004, 1006, 1001, 1013, 1012, 1003, 1014, 69, 69, 1016, | |
| 1405 | 1017, 1019, 69, 1021, 1018, 1020, 1015, 69, 1027, 1005, | |
| 1406 | 69, 69, 1009, 69, 1010, 1955, 69, 69, 69, 69, | |
| 1407 | 1013, 1012, 1026, 1014, 1024, 69, 1016, 1022, 1023, 1025, | |
| 1408 | 1021, 69, 69, 1015, 1028, 69, 69, 69, 1029, 69, | |
| 1409 | 1030, 1033, 69, 69, 1031, 1032, 69, 69, 69, 1026, | |
| 1410 | 1034, 1024, 69, 1035, 1022, 1023, 1025, 1036, 69, 1037, | |
| 1411 | ||
| 1412 | 1038, 1028, 69, 1039, 1041, 1029, 1040, 1030, 1033, 1043, | |
| 1413 | 1042, 1031, 1032, 1048, 69, 1047, 1050, 1034, 69, 69, | |
| 1414 | 1035, 69, 69, 69, 1036, 69, 1037, 69, 69, 69, | |
| 1415 | 1039, 1041, 1053, 1040, 1044, 1049, 1043, 1042, 1045, 69, | |
| 1416 | 69, 1051, 1047, 1050, 1054, 1052, 1057, 1055, 1955, 1056, | |
| 1417 | 69, 1046, 69, 69, 1058, 1059, 1060, 69, 1063, 69, | |
| 1418 | 1061, 1044, 1049, 69, 1062, 1045, 1065, 69, 1051, 69, | |
| 1419 | 69, 1054, 1052, 1066, 1055, 69, 1056, 69, 1046, 69, | |
| 1420 | 1067, 69, 69, 1060, 69, 1063, 1064, 1061, 69, 1068, | |
| 1421 | 69, 1062, 69, 1065, 1069, 69, 1070, 1071, 1072, 1955, | |
| 1422 | ||
| 1423 | 1066, 69, 69, 1073, 1074, 1075, 1076, 1067, 1077, 1955, | |
| 1424 | 1079, 1083, 69, 1064, 69, 1078, 69, 69, 1080, 1955, | |
| 1425 | 1955, 1069, 69, 1070, 1071, 1072, 69, 69, 69, 69, | |
| 1426 | 1073, 1074, 1075, 69, 1081, 1077, 69, 1079, 1083, 1082, | |
| 1427 | 69, 69, 1078, 1084, 1085, 1080, 69, 1088, 1087, 1089, | |
| 1428 | 69, 1086, 1955, 1955, 69, 1090, 1091, 1092, 1955, 1094, | |
| 1429 | 1093, 1081, 69, 1095, 1101, 69, 1082, 1955, 69, 69, | |
| 1430 | 1084, 1085, 1102, 69, 1088, 1104, 1096, 1106, 1086, 69, | |
| 1431 | 69, 69, 1090, 69, 1092, 1097, 1094, 1093, 1103, 69, | |
| 1432 | 1095, 69, 69, 1098, 69, 69, 1099, 69, 1105, 1102, | |
| 1433 | ||
| 1434 | 69, 69, 1104, 1096, 1106, 1107, 69, 1108, 1100, 1955, | |
| 1435 | 1109, 1111, 1097, 1110, 1112, 1103, 1114, 69, 69, 69, | |
| 1436 | 1098, 69, 1113, 1099, 1115, 1105, 1116, 1117, 69, 1122, | |
| 1437 | 1118, 1125, 1119, 69, 1108, 1100, 69, 1109, 1111, 1120, | |
| 1438 | 1110, 69, 69, 1121, 69, 69, 69, 69, 69, 1113, | |
| 1439 | 69, 1115, 69, 1116, 69, 1124, 1122, 1118, 1123, 1119, | |
| 1440 | 1126, 1127, 69, 1128, 1130, 1129, 1120, 69, 69, 69, | |
| 1441 | 1121, 69, 1131, 69, 1132, 1133, 69, 1139, 1134, 69, | |
| 1442 | 1140, 1135, 1124, 1149, 1142, 1123, 69, 1126, 1127, 1136, | |
| 1443 | 1128, 69, 1129, 1141, 69, 69, 69, 1144, 1137, 1131, | |
| 1444 | ||
| 1445 | 69, 1132, 1133, 1138, 1139, 1134, 69, 69, 1135, 1148, | |
| 1446 | 69, 1142, 1143, 1145, 69, 69, 1136, 69, 1150, 1146, | |
| 1447 | 1141, 69, 1147, 69, 1144, 1137, 1151, 69, 1152, 1153, | |
| 1448 | 1138, 1154, 1155, 69, 1159, 1156, 1148, 69, 69, 1143, | |
| 1449 | 1145, 1168, 69, 69, 69, 69, 1146, 1955, 1158, 1147, | |
| 1450 | 69, 1161, 1157, 1151, 69, 1152, 1153, 69, 1154, 1155, | |
| 1451 | 69, 1159, 1156, 1160, 1162, 1171, 1163, 1165, 1167, 69, | |
| 1452 | 1166, 1955, 69, 1169, 69, 1158, 1170, 69, 1161, 1157, | |
| 1453 | 1164, 1172, 69, 1174, 1955, 69, 69, 1183, 1955, 1955, | |
| 1454 | 1160, 1162, 69, 1163, 1165, 1167, 69, 1166, 69, 1173, | |
| 1455 | ||
| 1456 | 1169, 1175, 69, 1170, 1178, 1176, 69, 1164, 1172, 1180, | |
| 1457 | 1181, 1177, 69, 1182, 69, 69, 1179, 1186, 69, 69, | |
| 1458 | 1188, 69, 1184, 69, 69, 1185, 1173, 1187, 1175, 69, | |
| 1459 | 1191, 1178, 1176, 69, 69, 69, 1180, 1181, 1177, 1189, | |
| 1460 | 1182, 1190, 69, 1179, 1186, 1194, 1193, 1188, 69, 1184, | |
| 1461 | 69, 1192, 1185, 1200, 1187, 69, 1195, 1191, 69, 1196, | |
| 1462 | 1197, 69, 1198, 69, 1203, 1201, 1189, 1202, 1190, 69, | |
| 1463 | 1204, 1205, 69, 1193, 1199, 69, 69, 69, 1192, 69, | |
| 1464 | 69, 1206, 69, 1195, 69, 69, 1196, 1197, 1207, 1198, | |
| 1465 | 1209, 1203, 1201, 1208, 1202, 69, 1211, 69, 1205, 1210, | |
| 1466 | ||
| 1467 | 1214, 1199, 1215, 1212, 1213, 1220, 1218, 1221, 69, 1955, | |
| 1468 | 69, 69, 69, 69, 69, 1207, 1219, 69, 69, 69, | |
| 1469 | 1208, 69, 1216, 1211, 69, 1225, 1210, 1214, 69, 1215, | |
| 1470 | 1212, 1213, 69, 1218, 1224, 1217, 1222, 1223, 69, 1226, | |
| 1471 | 69, 69, 69, 1219, 1227, 69, 69, 1228, 1229, 1216, | |
| 1472 | 1230, 1231, 69, 69, 1232, 1233, 1234, 1235, 1236, 1239, | |
| 1473 | 69, 1224, 1217, 1222, 1223, 69, 1226, 1237, 1955, 1238, | |
| 1474 | 1246, 69, 1244, 69, 1228, 69, 1248, 1230, 69, 69, | |
| 1475 | 1245, 1232, 69, 1234, 1250, 1236, 69, 69, 69, 69, | |
| 1476 | 69, 1240, 1241, 1242, 69, 69, 1238, 1247, 1243, 1244, | |
| 1477 | ||
| 1478 | 1252, 69, 1249, 1248, 69, 1253, 69, 1245, 69, 1251, | |
| 1479 | 69, 69, 69, 1255, 1256, 1257, 1254, 1258, 1240, 1241, | |
| 1480 | 1242, 69, 1259, 1267, 1247, 1243, 69, 1252, 1260, 1249, | |
| 1481 | 1262, 69, 1253, 69, 69, 1261, 1251, 1263, 1266, 69, | |
| 1482 | 1255, 69, 1257, 1254, 69, 1264, 69, 1265, 69, 1259, | |
| 1483 | 1269, 1270, 1268, 69, 69, 1260, 1271, 1262, 69, 69, | |
| 1484 | 69, 1272, 1261, 69, 1263, 1266, 1274, 1273, 1275, 1955, | |
| 1485 | 69, 1277, 1264, 1276, 1265, 69, 1279, 1269, 1278, 1268, | |
| 1486 | 1281, 69, 69, 1295, 69, 69, 69, 69, 69, 69, | |
| 1487 | 1280, 69, 1282, 1274, 1273, 1275, 1284, 1285, 1277, 1288, | |
| 1488 | ||
| 1489 | 1276, 1283, 69, 1279, 69, 1278, 69, 1281, 69, 69, | |
| 1490 | 1286, 1287, 1291, 1296, 69, 1299, 1289, 1280, 1294, 1282, | |
| 1491 | 69, 1290, 1293, 1284, 1285, 69, 69, 1292, 1283, 69, | |
| 1492 | 1297, 69, 69, 69, 1298, 69, 1301, 1286, 1287, 69, | |
| 1493 | 69, 1300, 69, 1289, 1302, 1294, 69, 1303, 1290, 1293, | |
| 1494 | 1304, 69, 1305, 1306, 1292, 69, 1307, 1309, 1311, 1308, | |
| 1495 | 1955, 69, 69, 1301, 69, 1312, 1310, 69, 1300, 1313, | |
| 1496 | 1314, 1315, 1317, 69, 1303, 69, 1321, 1304, 69, 1305, | |
| 1497 | 1306, 69, 69, 1316, 1318, 1311, 1308, 69, 69, 1319, | |
| 1498 | 1320, 69, 1312, 1310, 69, 1324, 69, 69, 1315, 1317, | |
| 1499 | ||
| 1500 | 69, 1326, 1325, 1321, 69, 69, 1322, 69, 1323, 69, | |
| 1501 | 1316, 1318, 69, 1329, 1332, 1327, 1319, 1320, 1328, 69, | |
| 1502 | 1331, 69, 69, 69, 69, 1330, 69, 69, 1326, 1325, | |
| 1503 | 1335, 1955, 1333, 1322, 1338, 1323, 69, 1336, 1337, 69, | |
| 1504 | 1329, 1332, 1327, 1334, 1342, 1328, 1955, 69, 1955, 1339, | |
| 1505 | 1340, 69, 1330, 1341, 1345, 69, 69, 1335, 69, 1333, | |
| 1506 | 69, 69, 69, 1343, 1336, 1337, 69, 1344, 1346, 1347, | |
| 1507 | 1334, 1348, 1352, 69, 1349, 69, 1339, 1340, 69, 69, | |
| 1508 | 1341, 1345, 1351, 1955, 1350, 1355, 69, 69, 69, 69, | |
| 1509 | 1343, 1353, 1354, 69, 1344, 69, 1347, 1357, 1348, 1352, | |
| 1510 | ||
| 1511 | 69, 1349, 69, 1356, 69, 1359, 69, 69, 1360, 1351, | |
| 1512 | 1358, 1350, 1355, 1361, 1362, 69, 1955, 69, 1353, 1354, | |
| 1513 | 1364, 1365, 69, 1363, 1357, 1366, 1374, 69, 1367, 69, | |
| 1514 | 1356, 1368, 1359, 69, 69, 1360, 69, 1358, 69, 1369, | |
| 1515 | 1361, 1362, 1372, 69, 1377, 1370, 1371, 1364, 1365, 1373, | |
| 1516 | 1363, 69, 69, 69, 1384, 1367, 69, 69, 1368, 1375, | |
| 1517 | 1376, 1380, 1378, 69, 69, 1379, 1369, 69, 69, 1372, | |
| 1518 | 69, 1377, 1370, 1371, 69, 1381, 1373, 1383, 69, 1382, | |
| 1519 | 1955, 69, 1386, 1385, 69, 69, 1375, 1376, 69, 1378, | |
| 1520 | 1390, 69, 1379, 1387, 1388, 1391, 1392, 1389, 1393, 1955, | |
| 1521 | ||
| 1522 | 1955, 69, 1381, 1955, 1383, 69, 1382, 69, 69, 1386, | |
| 1523 | 1385, 1394, 69, 69, 69, 69, 1396, 1390, 1395, 1397, | |
| 1524 | 1387, 1388, 69, 1392, 1389, 1393, 69, 1398, 1399, 1400, | |
| 1525 | 69, 1401, 1402, 69, 1405, 1403, 69, 69, 1394, 69, | |
| 1526 | 69, 1407, 1404, 1396, 69, 1395, 1397, 1406, 1409, 1408, | |
| 1527 | 69, 1410, 69, 1411, 1398, 1399, 1400, 69, 1401, 1402, | |
| 1528 | 69, 69, 1403, 1414, 1416, 69, 1412, 69, 69, 1404, | |
| 1529 | 1413, 69, 1415, 69, 1406, 1409, 1408, 1417, 1410, 69, | |
| 1530 | 1411, 1418, 69, 1419, 1421, 1420, 1422, 1955, 1424, 1955, | |
| 1531 | 1414, 69, 1423, 69, 1425, 69, 69, 69, 1426, 1415, | |
| 1532 | ||
| 1533 | 69, 1427, 1429, 1432, 1417, 69, 1428, 1430, 69, 69, | |
| 1534 | 1419, 1421, 1420, 1433, 69, 69, 69, 69, 69, 1423, | |
| 1535 | 69, 1425, 1435, 1434, 69, 1426, 1431, 1443, 1427, 1429, | |
| 1536 | 69, 1436, 69, 1428, 1430, 69, 69, 69, 1437, 1438, | |
| 1537 | 1433, 1439, 69, 1445, 69, 69, 69, 69, 1440, 1435, | |
| 1538 | 1434, 69, 1441, 1431, 1443, 1442, 1444, 1446, 1436, 1447, | |
| 1539 | 69, 69, 69, 1448, 1449, 1437, 1438, 1450, 1439, 1451, | |
| 1540 | 69, 1452, 1455, 69, 1454, 1440, 69, 1453, 69, 1441, | |
| 1541 | 1456, 69, 1442, 1444, 1446, 1457, 1447, 1458, 69, 69, | |
| 1542 | 1448, 1449, 1459, 69, 1450, 69, 69, 1460, 69, 69, | |
| 1543 | ||
| 1544 | 1461, 1454, 1462, 1463, 1453, 1465, 69, 69, 1466, 1464, | |
| 1545 | 1467, 69, 69, 1468, 1458, 1470, 69, 1469, 1473, 69, | |
| 1546 | 1474, 1475, 69, 1477, 1460, 1955, 1471, 69, 69, 69, | |
| 1547 | 1463, 69, 69, 69, 1480, 1466, 1464, 69, 69, 69, | |
| 1548 | 1468, 1472, 1470, 1476, 1469, 69, 69, 1474, 1475, 1478, | |
| 1549 | 69, 69, 69, 1471, 1479, 1481, 69, 1482, 69, 1483, | |
| 1550 | 1484, 1480, 1485, 69, 1486, 1487, 1955, 69, 1472, 1492, | |
| 1551 | 1476, 1489, 1490, 1488, 69, 69, 1478, 1499, 69, 1493, | |
| 1552 | 1491, 1479, 1481, 69, 69, 1495, 1483, 69, 69, 1485, | |
| 1553 | 69, 1486, 1487, 69, 69, 1494, 1492, 69, 1489, 1490, | |
| 1554 | ||
| 1555 | 1488, 69, 1496, 1497, 1500, 1498, 1493, 1491, 69, 1501, | |
| 1556 | 1502, 1504, 1495, 1503, 1955, 1955, 69, 69, 69, 1511, | |
| 1557 | 69, 69, 1494, 1509, 1955, 1505, 1510, 69, 69, 1496, | |
| 1558 | 1497, 1500, 1498, 1506, 69, 69, 1501, 1502, 1512, 69, | |
| 1559 | 1503, 1507, 69, 1508, 69, 1513, 1511, 1514, 69, 1515, | |
| 1560 | 1509, 69, 1505, 1510, 69, 1516, 1517, 1524, 1518, 1526, | |
| 1561 | 1506, 1519, 69, 1520, 69, 1512, 1521, 69, 1507, 1522, | |
| 1562 | 1508, 69, 1513, 1523, 1514, 1527, 1515, 69, 69, 69, | |
| 1563 | 69, 1525, 69, 69, 1524, 1518, 69, 69, 1519, 1534, | |
| 1564 | 1520, 1528, 1531, 1521, 1529, 1533, 1522, 69, 69, 69, | |
| 1565 | ||
| 1566 | 1523, 69, 1527, 1530, 1532, 69, 1535, 1537, 1525, 1538, | |
| 1567 | 1540, 69, 1536, 1548, 1543, 69, 69, 69, 1528, 1531, | |
| 1568 | 69, 1529, 1533, 69, 1539, 1541, 1545, 69, 1542, 69, | |
| 1569 | 1530, 1532, 1546, 1535, 1537, 69, 1544, 1540, 69, 1536, | |
| 1570 | 69, 69, 1547, 69, 69, 69, 1549, 1550, 69, 1552, | |
| 1571 | 1555, 1539, 1541, 1545, 69, 1542, 1551, 1553, 69, 69, | |
| 1572 | 1554, 69, 1556, 1544, 1557, 69, 1559, 1560, 1955, 69, | |
| 1573 | 1558, 69, 69, 1549, 1550, 69, 1552, 69, 69, 69, | |
| 1574 | 69, 1561, 1562, 1551, 1553, 1563, 1565, 1554, 1564, 1556, | |
| 1575 | 1566, 1567, 1569, 1559, 69, 69, 1568, 1558, 69, 1570, | |
| 1576 | ||
| 1577 | 1574, 69, 1955, 69, 1955, 1571, 1572, 69, 1561, 1562, | |
| 1578 | 69, 69, 1563, 69, 1573, 1564, 1576, 69, 69, 1569, | |
| 1579 | 69, 69, 69, 1568, 1575, 69, 1570, 1574, 1577, 69, | |
| 1580 | 1579, 69, 1571, 1572, 1578, 69, 1580, 69, 1583, 1581, | |
| 1581 | 1582, 1573, 69, 69, 1584, 1585, 69, 1586, 1587, 1589, | |
| 1582 | 69, 1575, 69, 69, 69, 1577, 1588, 1579, 1590, 1955, | |
| 1583 | 1591, 1578, 69, 1580, 69, 1583, 1581, 1582, 1593, 1600, | |
| 1584 | 69, 1584, 1585, 1592, 1586, 1587, 69, 69, 69, 1594, | |
| 1585 | 69, 1595, 1598, 1588, 69, 69, 69, 1591, 69, 1596, | |
| 1586 | 1597, 69, 1599, 1601, 1602, 1593, 69, 69, 1604, 1609, | |
| 1587 | ||
| 1588 | 1592, 1607, 1603, 69, 1605, 1606, 1594, 69, 1595, 1598, | |
| 1589 | 69, 69, 69, 69, 69, 1608, 1596, 1597, 69, 1599, | |
| 1590 | 1601, 1602, 69, 69, 1610, 1604, 69, 1611, 1607, 1603, | |
| 1591 | 1613, 1605, 1606, 1612, 1614, 1616, 69, 1615, 69, 1617, | |
| 1592 | 1955, 1618, 1608, 1619, 69, 69, 1620, 69, 69, 1622, | |
| 1593 | 1623, 1621, 1624, 69, 1611, 69, 69, 1613, 69, 1625, | |
| 1594 | 1612, 1614, 1616, 69, 1615, 1626, 1617, 69, 1618, 1627, | |
| 1595 | 1619, 69, 1629, 69, 1630, 69, 1622, 69, 1621, 1624, | |
| 1596 | 1628, 1631, 69, 1632, 1955, 1633, 1625, 1636, 69, 1635, | |
| 1597 | 1634, 1637, 1626, 1638, 69, 69, 69, 1641, 1639, 69, | |
| 1598 | ||
| 1599 | 1640, 1630, 1645, 69, 1642, 69, 69, 1628, 69, 69, | |
| 1600 | 69, 69, 1633, 69, 1636, 69, 1635, 1634, 1637, 69, | |
| 1601 | 1638, 1643, 1644, 1646, 1641, 1639, 69, 1640, 1955, 69, | |
| 1602 | 1649, 1642, 1647, 1648, 69, 1650, 1651, 1652, 1654, 1653, | |
| 1603 | 1955, 1955, 1955, 69, 1655, 1955, 1656, 1657, 1643, 1644, | |
| 1604 | 69, 1696, 69, 69, 1660, 69, 1659, 69, 1658, 1647, | |
| 1605 | 1648, 69, 1650, 69, 69, 69, 1653, 69, 69, 69, | |
| 1606 | 69, 1655, 1661, 1656, 1657, 69, 69, 1662, 1663, 1664, | |
| 1607 | 1665, 1660, 69, 1659, 1666, 1658, 1668, 69, 69, 1670, | |
| 1608 | 1667, 1669, 1673, 1955, 69, 1955, 1671, 69, 1676, 1661, | |
| 1609 | ||
| 1610 | 69, 69, 69, 69, 1662, 1663, 1664, 1665, 69, 69, | |
| 1611 | 1677, 1666, 69, 1668, 1672, 1675, 1670, 1667, 1669, 69, | |
| 1612 | 1674, 69, 69, 1671, 1678, 1676, 1679, 1680, 69, 1682, | |
| 1613 | 1681, 1955, 1685, 69, 1684, 1686, 1683, 69, 1688, 1689, | |
| 1614 | 1955, 1672, 1675, 69, 69, 69, 69, 1674, 69, 69, | |
| 1615 | 1690, 1678, 69, 1679, 1680, 1691, 1682, 1681, 69, 1685, | |
| 1616 | 1687, 1684, 69, 1683, 69, 1688, 69, 69, 1692, 1693, | |
| 1617 | 1694, 1695, 1697, 1702, 69, 1703, 1699, 1690, 1698, 69, | |
| 1618 | 1700, 1701, 69, 1955, 69, 69, 1711, 1687, 1704, 1707, | |
| 1619 | 1955, 1710, 1705, 1706, 69, 69, 69, 1694, 1695, 69, | |
| 1620 | ||
| 1621 | 1702, 69, 69, 1708, 69, 1698, 69, 69, 1701, 1712, | |
| 1622 | 69, 69, 69, 69, 1709, 1704, 1707, 69, 1710, 1705, | |
| 1623 | 1706, 69, 1715, 1713, 1714, 1955, 1716, 1955, 1717, 1718, | |
| 1624 | 1708, 1720, 69, 1721, 69, 1719, 1712, 1723, 69, 1724, | |
| 1625 | 69, 1709, 69, 1722, 69, 1725, 69, 1726, 69, 1715, | |
| 1626 | 1713, 1714, 69, 1716, 69, 1717, 1718, 69, 1720, 1727, | |
| 1627 | 1721, 69, 1719, 1729, 1723, 1730, 1724, 1728, 1732, 1731, | |
| 1628 | 1722, 69, 69, 1733, 1726, 1735, 69, 1734, 1738, 1736, | |
| 1629 | 69, 69, 1737, 1739, 1749, 69, 1727, 69, 69, 69, | |
| 1630 | 69, 1740, 1730, 69, 1728, 1732, 1731, 69, 1741, 1742, | |
| 1631 | ||
| 1632 | 69, 1743, 1735, 1746, 69, 1738, 1736, 1955, 1744, 1737, | |
| 1633 | 1739, 1745, 1748, 69, 1747, 69, 1750, 69, 1740, 69, | |
| 1634 | 1751, 1753, 69, 69, 69, 1741, 1742, 1752, 1743, 1754, | |
| 1635 | 69, 69, 69, 1755, 69, 1744, 69, 1756, 1745, 1748, | |
| 1636 | 1758, 1747, 69, 1750, 1762, 69, 1757, 1751, 1759, 1760, | |
| 1637 | 1761, 1763, 69, 1955, 1752, 69, 1754, 1765, 69, 69, | |
| 1638 | 69, 1764, 69, 1767, 1756, 1766, 69, 69, 69, 1769, | |
| 1639 | 1770, 1762, 69, 1757, 1768, 1759, 1760, 1761, 1763, 69, | |
| 1640 | 69, 1771, 69, 1772, 1765, 1774, 1773, 1775, 1764, 69, | |
| 1641 | 69, 1776, 1766, 69, 1777, 69, 69, 69, 1779, 1778, | |
| 1642 | ||
| 1643 | 1780, 1768, 1783, 69, 69, 1782, 1784, 69, 1771, 69, | |
| 1644 | 69, 1781, 1774, 1773, 1775, 1785, 1787, 69, 1776, 69, | |
| 1645 | 69, 1777, 1786, 1788, 1790, 69, 1778, 69, 1789, 1783, | |
| 1646 | 69, 69, 1782, 69, 1792, 1795, 1791, 1796, 1781, 69, | |
| 1647 | 1798, 1800, 1785, 1787, 69, 1797, 69, 1799, 69, 1786, | |
| 1648 | 1788, 1790, 69, 69, 69, 1789, 1793, 1794, 1801, 1802, | |
| 1649 | 1803, 1804, 69, 1791, 69, 69, 69, 69, 1800, 69, | |
| 1650 | 1805, 1806, 1797, 1807, 1799, 1808, 1809, 1811, 1812, 1815, | |
| 1651 | 69, 1955, 1955, 1793, 1794, 1801, 69, 69, 69, 69, | |
| 1652 | 1813, 1814, 69, 1816, 1810, 69, 1820, 1805, 69, 69, | |
| 1653 | ||
| 1654 | 1807, 69, 69, 1809, 1811, 69, 69, 1817, 1819, 1818, | |
| 1655 | 69, 69, 69, 1821, 69, 69, 69, 1813, 1814, 1822, | |
| 1656 | 1816, 1810, 1823, 1820, 1829, 1826, 1827, 1830, 69, 1832, | |
| 1657 | 69, 69, 69, 69, 1817, 1819, 1818, 1824, 1825, 1831, | |
| 1658 | 1821, 1834, 1955, 1828, 1833, 1836, 1822, 69, 69, 1823, | |
| 1659 | 69, 69, 1826, 1827, 69, 1837, 69, 1840, 69, 1841, | |
| 1660 | 1835, 1838, 69, 1842, 1824, 1825, 1831, 69, 69, 69, | |
| 1661 | 1828, 1833, 1836, 69, 1839, 69, 1843, 1844, 1845, 1846, | |
| 1662 | 69, 1851, 69, 69, 1840, 69, 1841, 1835, 1838, 1847, | |
| 1663 | 69, 69, 1848, 1849, 1850, 69, 1852, 1853, 1855, 69, | |
| 1664 | ||
| 1665 | 1854, 1839, 69, 69, 1844, 1845, 1846, 1856, 69, 1857, | |
| 1666 | 1859, 1861, 1955, 1955, 69, 69, 1847, 1858, 69, 1848, | |
| 1667 | 1849, 1850, 69, 69, 69, 69, 1860, 1854, 1862, 69, | |
| 1668 | 1863, 1864, 1866, 1868, 1856, 69, 1857, 69, 1865, 69, | |
| 1669 | 1867, 69, 69, 69, 1858, 1955, 1955, 69, 1879, 1870, | |
| 1670 | 69, 1955, 69, 1860, 1869, 1862, 69, 1863, 1864, 1866, | |
| 1671 | 1868, 69, 69, 1871, 69, 1865, 1872, 1867, 1876, 1873, | |
| 1672 | 69, 1878, 1875, 1874, 1877, 69, 1870, 69, 69, 69, | |
| 1673 | 69, 1869, 69, 69, 1880, 1881, 69, 1882, 1883, 1887, | |
| 1674 | 1871, 1884, 1885, 1872, 69, 1876, 1873, 1886, 1878, 1875, | |
| 1675 | ||
| 1676 | 1874, 1877, 69, 1888, 1889, 1890, 1892, 1893, 1955, 69, | |
| 1677 | 69, 1880, 69, 69, 69, 1883, 69, 69, 1884, 1885, | |
| 1678 | 69, 1891, 1894, 1897, 1886, 1895, 1896, 1955, 1899, 69, | |
| 1679 | 1888, 69, 1890, 1898, 69, 69, 69, 69, 69, 69, | |
| 1680 | 1900, 69, 69, 1901, 1902, 1910, 1903, 1906, 1891, 1894, | |
| 1681 | 1897, 69, 1895, 1896, 69, 1899, 1904, 1955, 1905, 1907, | |
| 1682 | 1898, 1911, 1912, 1915, 69, 1908, 69, 1900, 69, 69, | |
| 1683 | 1901, 1902, 1909, 1903, 1906, 1918, 69, 1917, 1955, 1930, | |
| 1684 | 69, 69, 69, 1904, 69, 1905, 1907, 69, 69, 1912, | |
| 1685 | 1913, 69, 1908, 1914, 69, 1916, 1921, 69, 69, 1909, | |
| 1686 | ||
| 1687 | 1919, 69, 1918, 69, 1917, 1920, 69, 1922, 69, 1923, | |
| 1688 | 69, 1924, 1955, 69, 1925, 1955, 1926, 1913, 1955, 69, | |
| 1689 | 1914, 1929, 1916, 1921, 1927, 1928, 1955, 1919, 1955, 69, | |
| 1690 | 1931, 69, 1920, 69, 1922, 1932, 1923, 1934, 1924, 1933, | |
| 1691 | 69, 1925, 69, 1926, 1955, 69, 69, 69, 1929, 1936, | |
| 1692 | 69, 1927, 1928, 1935, 1944, 69, 1937, 1931, 1940, 69, | |
| 1693 | 1938, 69, 1932, 1943, 1934, 1939, 1933, 1941, 69, 1942, | |
| 1694 | 1946, 69, 1955, 69, 1947, 69, 1936, 69, 69, 1945, | |
| 1695 | 1935, 69, 1948, 1937, 69, 1940, 1949, 1938, 1950, 69, | |
| 1696 | 1943, 1953, 1939, 1954, 1941, 1951, 1942, 69, 1955, 69, | |
| 1697 | ||
| 1698 | 1955, 69, 69, 69, 1952, 1955, 1945, 1955, 69, 1948, | |
| 1699 | 69, 1955, 69, 1949, 1955, 1950, 1955, 1955, 69, 1955, | |
| 1700 | 69, 1955, 1951, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 1701 | 1955, 1952, 41, 41, 41, 41, 41, 41, 41, 46, | |
| 1702 | 46, 46, 46, 46, 46, 46, 51, 51, 51, 51, | |
| 1703 | 51, 51, 51, 57, 57, 57, 57, 57, 57, 57, | |
| 1704 | 62, 62, 62, 62, 62, 62, 62, 72, 72, 1955, | |
| 1705 | 72, 72, 72, 72, 129, 129, 1955, 1955, 1955, 129, | |
| 1706 | 129, 131, 131, 1955, 1955, 131, 1955, 131, 133, 1955, | |
| 1707 | 1955, 1955, 1955, 1955, 133, 136, 136, 1955, 1955, 1955, | |
| 1708 | ||
| 1709 | 136, 136, 138, 1955, 1955, 1955, 1955, 1955, 138, 140, | |
| 1710 | 140, 1955, 140, 140, 140, 140, 73, 73, 1955, 73, | |
| 1711 | 73, 73, 73, 13, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 1712 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 1713 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 1714 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 1715 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 1716 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 1717 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955 | |
| 1189 | 14, 14, 18, 20, 14, 21, 22, 23, 24, 14, | |
| 1190 | 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, | |
| 1191 | 35, 36, 37, 38, 39, 14, 14, 14, 14, 40, | |
| 1192 | 20, 14, 21, 22, 23, 24, 14, 25, 26, 27, | |
| 1193 | 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, | |
| 1194 | 38, 39, 14, 14, 14, 14, 42, 43, 44, 42, | |
| 1195 | 43, 44, 47, 48, 47, 48, 49, 97, 49, 52, | |
| 1196 | 53, 54, 55, 811, 18, 52, 53, 54, 55, 69, | |
| 1197 | 18, 58, 59, 60, 58, 59, 60, 70, 131, 131, | |
| 1198 | ||
| 1199 | 68, 71, 87, 45, 97, 133, 45, 141, 133, 50, | |
| 1200 | 73, 50, 73, 73, 69, 73, 141, 56, 99, 138, | |
| 1201 | 138, 73, 88, 56, 139, 69, 75, 76, 61, 87, | |
| 1202 | 69, 61, 15, 16, 17, 63, 64, 65, 15, 16, | |
| 1203 | 17, 63, 64, 65, 77, 99, 89, 183, 74, 88, | |
| 1204 | 69, 91, 66, 75, 76, 78, 145, 107, 66, 92, | |
| 1205 | 90, 70, 79, 69, 1003, 71, 80, 69, 98, 81, | |
| 1206 | 67, 77, 69, 89, 183, 137, 67, 69, 91, 66, | |
| 1207 | 69, 69, 78, 145, 107, 66, 92, 90, 93, 79, | |
| 1208 | 69, 94, 69, 80, 100, 98, 81, 82, 95, 136, | |
| 1209 | ||
| 1210 | 96, 83, 101, 134, 84, 198, 85, 86, 102, 132, | |
| 1211 | 104, 69, 103, 113, 105, 93, 147, 69, 94, 69, | |
| 1212 | 69, 100, 146, 69, 82, 95, 69, 96, 83, 101, | |
| 1213 | 106, 84, 198, 85, 86, 102, 69, 104, 114, 103, | |
| 1214 | 113, 105, 115, 147, 133, 69, 123, 133, 124, 146, | |
| 1215 | 180, 69, 116, 69, 126, 117, 157, 106, 108, 127, | |
| 1216 | 141, 69, 109, 125, 69, 114, 128, 69, 110, 115, | |
| 1217 | 129, 111, 69, 123, 130, 124, 151, 180, 112, 116, | |
| 1218 | 69, 126, 117, 157, 139, 108, 127, 131, 131, 109, | |
| 1219 | 125, 144, 69, 128, 69, 110, 209, 129, 111, 158, | |
| 1220 | ||
| 1221 | 904, 130, 69, 151, 141, 112, 118, 69, 68, 119, | |
| 1222 | 68, 68, 135, 68, 135, 135, 120, 135, 144, 68, | |
| 1223 | 121, 122, 73, 209, 73, 73, 158, 73, 69, 140, | |
| 1224 | 69, 140, 140, 118, 140, 68, 119, 68, 68, 73, | |
| 1225 | 68, 73, 73, 120, 73, 148, 68, 121, 122, 152, | |
| 1226 | 73, 161, 150, 153, 155, 156, 137, 159, 149, 154, | |
| 1227 | 143, 69, 69, 69, 69, 136, 162, 163, 166, 69, | |
| 1228 | 138, 138, 148, 69, 69, 160, 152, 74, 161, 150, | |
| 1229 | 153, 155, 156, 69, 167, 149, 154, 164, 165, 69, | |
| 1230 | 168, 69, 173, 162, 163, 166, 69, 69, 134, 181, | |
| 1231 | ||
| 1232 | 175, 132, 160, 69, 169, 69, 69, 170, 69, 178, | |
| 1233 | 176, 167, 69, 179, 164, 165, 174, 168, 182, 2237, | |
| 1234 | 171, 172, 185, 203, 69, 184, 181, 175, 69, 188, | |
| 1235 | 177, 169, 69, 69, 170, 2237, 178, 176, 69, 69, | |
| 1236 | 179, 69, 69, 174, 186, 182, 187, 171, 172, 185, | |
| 1237 | 190, 189, 184, 69, 193, 69, 188, 177, 69, 69, | |
| 1238 | 191, 69, 194, 195, 192, 2237, 196, 199, 2237, 2237, | |
| 1239 | 69, 186, 197, 187, 69, 69, 205, 190, 189, 200, | |
| 1240 | 69, 193, 69, 201, 202, 204, 207, 191, 69, 194, | |
| 1241 | 195, 192, 69, 196, 199, 69, 206, 208, 69, 197, | |
| 1242 | ||
| 1243 | 69, 210, 69, 205, 213, 212, 200, 214, 69, 2237, | |
| 1244 | 201, 202, 204, 207, 215, 135, 69, 135, 135, 69, | |
| 1245 | 135, 217, 211, 206, 208, 218, 69, 69, 210, 216, | |
| 1246 | 2237, 213, 212, 220, 214, 140, 69, 140, 140, 219, | |
| 1247 | 140, 215, 73, 69, 73, 73, 221, 73, 217, 211, | |
| 1248 | 222, 69, 69, 141, 69, 230, 216, 69, 224, 223, | |
| 1249 | 220, 225, 69, 226, 229, 69, 219, 228, 2237, 227, | |
| 1250 | 240, 231, 2237, 221, 239, 232, 241, 222, 69, 69, | |
| 1251 | 143, 69, 242, 260, 244, 224, 223, 69, 225, 69, | |
| 1252 | 69, 229, 233, 2237, 228, 69, 227, 240, 69, 69, | |
| 1253 | ||
| 1254 | 69, 239, 232, 241, 69, 245, 243, 69, 246, 242, | |
| 1255 | 69, 244, 247, 250, 248, 69, 2237, 249, 2237, 233, | |
| 1256 | 234, 69, 69, 251, 69, 235, 252, 69, 264, 69, | |
| 1257 | 236, 258, 245, 243, 257, 246, 237, 238, 69, 247, | |
| 1258 | 250, 248, 267, 69, 249, 69, 261, 234, 69, 253, | |
| 1259 | 251, 259, 235, 252, 254, 269, 69, 236, 258, 262, | |
| 1260 | 69, 257, 69, 237, 238, 265, 255, 268, 256, 270, | |
| 1261 | 263, 266, 69, 261, 69, 69, 253, 69, 259, 271, | |
| 1262 | 2237, 254, 272, 69, 273, 276, 279, 69, 360, 69, | |
| 1263 | 69, 69, 265, 255, 268, 256, 69, 263, 266, 69, | |
| 1264 | ||
| 1265 | 274, 69, 275, 277, 278, 69, 271, 69, 69, 272, | |
| 1266 | 281, 273, 276, 279, 280, 69, 283, 282, 69, 284, | |
| 1267 | 285, 69, 69, 69, 69, 69, 69, 274, 286, 275, | |
| 1268 | 277, 278, 289, 293, 291, 292, 295, 281, 69, 287, | |
| 1269 | 288, 280, 69, 283, 282, 290, 284, 285, 69, 294, | |
| 1270 | 297, 69, 69, 296, 299, 69, 306, 69, 300, 69, | |
| 1271 | 69, 291, 292, 295, 69, 69, 287, 288, 305, 303, | |
| 1272 | 302, 307, 290, 298, 69, 301, 294, 308, 309, 69, | |
| 1273 | 296, 304, 69, 69, 141, 300, 69, 69, 69, 69, | |
| 1274 | 69, 310, 311, 69, 312, 305, 303, 302, 307, 315, | |
| 1275 | ||
| 1276 | 298, 69, 301, 313, 69, 309, 316, 69, 304, 69, | |
| 1277 | 314, 319, 69, 317, 318, 320, 327, 322, 310, 311, | |
| 1278 | 69, 312, 69, 69, 321, 324, 315, 326, 69, 2237, | |
| 1279 | 313, 69, 325, 316, 323, 329, 330, 314, 319, 69, | |
| 1280 | 317, 69, 320, 69, 322, 69, 69, 328, 69, 69, | |
| 1281 | 69, 321, 324, 331, 326, 69, 332, 333, 336, 325, | |
| 1282 | 69, 323, 69, 330, 69, 335, 338, 69, 334, 346, | |
| 1283 | 337, 69, 69, 339, 328, 69, 340, 69, 341, 345, | |
| 1284 | 331, 342, 69, 2237, 333, 336, 344, 69, 69, 343, | |
| 1285 | 69, 347, 335, 338, 69, 334, 69, 337, 69, 69, | |
| 1286 | ||
| 1287 | 339, 69, 348, 340, 353, 341, 345, 69, 342, 354, | |
| 1288 | 69, 356, 349, 344, 2237, 69, 343, 69, 347, 357, | |
| 1289 | 350, 351, 69, 352, 367, 69, 365, 355, 361, 348, | |
| 1290 | 69, 353, 362, 69, 69, 363, 354, 364, 356, 349, | |
| 1291 | 358, 359, 69, 366, 69, 369, 357, 350, 351, 69, | |
| 1292 | 352, 69, 69, 365, 355, 361, 368, 370, 371, 362, | |
| 1293 | 372, 69, 363, 375, 364, 69, 373, 358, 359, 69, | |
| 1294 | 366, 69, 369, 69, 374, 69, 378, 377, 69, 383, | |
| 1295 | 69, 376, 388, 368, 370, 371, 69, 372, 69, 381, | |
| 1296 | 379, 382, 69, 373, 384, 69, 380, 385, 69, 386, | |
| 1297 | ||
| 1298 | 389, 374, 387, 378, 2237, 69, 383, 2237, 376, 69, | |
| 1299 | 2237, 390, 69, 69, 69, 2237, 381, 379, 382, 391, | |
| 1300 | 69, 384, 69, 380, 385, 69, 386, 389, 392, 387, | |
| 1301 | 393, 394, 395, 405, 397, 69, 406, 409, 390, 411, | |
| 1302 | 2237, 410, 69, 141, 69, 69, 391, 69, 396, 69, | |
| 1303 | 413, 69, 420, 2237, 69, 392, 69, 393, 394, 395, | |
| 1304 | 405, 397, 407, 406, 409, 412, 411, 408, 410, 414, | |
| 1305 | 2237, 415, 69, 69, 2237, 396, 398, 399, 69, 417, | |
| 1306 | 416, 2237, 69, 418, 69, 419, 400, 69, 401, 402, | |
| 1307 | 403, 69, 412, 404, 69, 421, 414, 69, 415, 422, | |
| 1308 | ||
| 1309 | 424, 69, 69, 398, 399, 69, 417, 416, 423, 425, | |
| 1310 | 418, 69, 419, 400, 69, 401, 402, 403, 426, 427, | |
| 1311 | 404, 69, 421, 428, 429, 2237, 422, 430, 431, 69, | |
| 1312 | 433, 432, 69, 435, 69, 423, 425, 434, 436, 69, | |
| 1313 | 438, 69, 69, 69, 447, 426, 427, 444, 443, 69, | |
| 1314 | 439, 2237, 69, 437, 430, 431, 69, 433, 432, 458, | |
| 1315 | 435, 69, 69, 69, 434, 436, 69, 438, 440, 69, | |
| 1316 | 445, 446, 448, 449, 444, 443, 69, 439, 69, 441, | |
| 1317 | 437, 442, 450, 452, 2237, 451, 69, 453, 454, 69, | |
| 1318 | 69, 69, 2237, 69, 69, 440, 455, 445, 446, 448, | |
| 1319 | ||
| 1320 | 449, 457, 69, 456, 461, 69, 441, 69, 442, 450, | |
| 1321 | 452, 459, 451, 69, 453, 454, 460, 69, 69, 462, | |
| 1322 | 463, 464, 69, 455, 466, 2237, 69, 69, 457, 465, | |
| 1323 | 456, 461, 467, 468, 69, 69, 69, 69, 459, 69, | |
| 1324 | 469, 2237, 470, 460, 472, 2237, 462, 463, 464, 471, | |
| 1325 | 69, 466, 69, 2237, 69, 69, 465, 473, 474, 467, | |
| 1326 | 468, 479, 475, 69, 480, 69, 69, 469, 69, 470, | |
| 1327 | 476, 472, 477, 478, 69, 69, 471, 69, 483, 69, | |
| 1328 | 69, 482, 489, 481, 473, 474, 485, 484, 479, 475, | |
| 1329 | 487, 69, 486, 490, 493, 69, 69, 476, 492, 477, | |
| 1330 | ||
| 1331 | 478, 69, 491, 69, 69, 483, 69, 69, 482, 489, | |
| 1332 | 481, 494, 495, 488, 484, 69, 69, 69, 69, 486, | |
| 1333 | 490, 493, 69, 69, 496, 492, 504, 2237, 497, 491, | |
| 1334 | 506, 2237, 514, 69, 69, 69, 69, 505, 494, 495, | |
| 1335 | 488, 69, 509, 510, 69, 69, 511, 2237, 507, 513, | |
| 1336 | 69, 496, 512, 504, 69, 497, 498, 506, 508, 514, | |
| 1337 | 517, 499, 515, 500, 505, 525, 69, 531, 69, 509, | |
| 1338 | 510, 501, 69, 511, 502, 69, 513, 69, 519, 512, | |
| 1339 | 69, 503, 69, 498, 516, 508, 518, 517, 499, 515, | |
| 1340 | 500, 69, 520, 523, 521, 522, 69, 69, 501, 69, | |
| 1341 | ||
| 1342 | 69, 502, 69, 524, 528, 519, 527, 69, 503, 526, | |
| 1343 | 69, 516, 530, 518, 69, 69, 529, 532, 69, 520, | |
| 1344 | 523, 521, 522, 533, 69, 534, 141, 535, 2237, 536, | |
| 1345 | 524, 528, 69, 527, 538, 69, 526, 537, 541, 69, | |
| 1346 | 69, 69, 539, 529, 532, 540, 544, 545, 546, 69, | |
| 1347 | 547, 69, 534, 69, 535, 69, 536, 542, 69, 69, | |
| 1348 | 69, 538, 543, 548, 537, 541, 549, 550, 554, 539, | |
| 1349 | 551, 553, 540, 544, 69, 69, 69, 556, 552, 69, | |
| 1350 | 555, 557, 69, 558, 559, 561, 2237, 69, 2237, 69, | |
| 1351 | 69, 562, 69, 69, 560, 554, 574, 551, 553, 69, | |
| 1352 | ||
| 1353 | 69, 69, 563, 69, 69, 552, 69, 555, 557, 69, | |
| 1354 | 558, 559, 570, 69, 564, 69, 567, 69, 562, 565, | |
| 1355 | 571, 560, 568, 566, 569, 69, 2237, 572, 69, 563, | |
| 1356 | 579, 576, 573, 69, 69, 575, 2237, 587, 69, 570, | |
| 1357 | 69, 564, 69, 567, 69, 577, 565, 571, 69, 568, | |
| 1358 | 566, 569, 69, 69, 572, 69, 580, 579, 576, 573, | |
| 1359 | 581, 582, 575, 583, 584, 585, 586, 578, 69, 69, | |
| 1360 | 594, 69, 577, 589, 588, 69, 69, 591, 69, 590, | |
| 1361 | 592, 69, 69, 580, 596, 69, 595, 581, 582, 69, | |
| 1362 | 583, 584, 585, 586, 578, 69, 593, 69, 597, 69, | |
| 1363 | ||
| 1364 | 589, 588, 69, 69, 591, 598, 590, 592, 69, 69, | |
| 1365 | 599, 603, 601, 595, 602, 600, 69, 605, 2237, 608, | |
| 1366 | 2237, 604, 69, 593, 612, 597, 69, 69, 69, 69, | |
| 1367 | 606, 609, 598, 610, 69, 69, 614, 616, 611, 601, | |
| 1368 | 2237, 602, 69, 69, 605, 607, 608, 613, 604, 69, | |
| 1369 | 69, 612, 615, 69, 69, 622, 2237, 606, 609, 617, | |
| 1370 | 69, 69, 69, 614, 616, 69, 618, 621, 69, 619, | |
| 1371 | 627, 620, 607, 69, 613, 69, 623, 69, 69, 615, | |
| 1372 | 624, 631, 622, 625, 628, 626, 617, 629, 69, 69, | |
| 1373 | 69, 69, 69, 618, 621, 69, 619, 69, 620, 630, | |
| 1374 | ||
| 1375 | 632, 633, 69, 623, 69, 635, 634, 624, 631, 638, | |
| 1376 | 625, 628, 626, 69, 629, 636, 69, 69, 637, 639, | |
| 1377 | 643, 640, 641, 69, 645, 69, 630, 632, 633, 69, | |
| 1378 | 2237, 69, 635, 634, 644, 646, 638, 69, 69, 69, | |
| 1379 | 69, 642, 636, 69, 69, 637, 639, 643, 640, 641, | |
| 1380 | 69, 645, 69, 69, 647, 648, 653, 649, 650, 654, | |
| 1381 | 655, 644, 646, 651, 69, 660, 656, 69, 642, 659, | |
| 1382 | 2237, 652, 657, 69, 69, 2237, 141, 677, 69, 69, | |
| 1383 | 69, 647, 648, 653, 649, 650, 654, 658, 661, 69, | |
| 1384 | 651, 662, 69, 656, 670, 69, 659, 69, 652, 657, | |
| 1385 | ||
| 1386 | 69, 663, 69, 69, 664, 2237, 69, 69, 672, 69, | |
| 1387 | 671, 69, 2237, 673, 658, 661, 675, 2237, 662, 2237, | |
| 1388 | 69, 670, 2237, 685, 674, 688, 69, 69, 663, 676, | |
| 1389 | 2237, 664, 665, 690, 69, 672, 666, 671, 686, 667, | |
| 1390 | 673, 691, 69, 675, 69, 69, 668, 69, 687, 669, | |
| 1391 | 685, 674, 688, 2237, 69, 69, 676, 69, 689, 665, | |
| 1392 | 69, 69, 693, 666, 692, 686, 667, 2237, 691, 2237, | |
| 1393 | 694, 695, 708, 668, 69, 687, 669, 678, 679, 697, | |
| 1394 | 680, 69, 69, 681, 696, 689, 701, 698, 682, 693, | |
| 1395 | 69, 692, 700, 69, 683, 684, 69, 694, 695, 708, | |
| 1396 | ||
| 1397 | 69, 69, 699, 69, 678, 679, 697, 680, 69, 69, | |
| 1398 | 681, 696, 69, 701, 698, 682, 702, 69, 703, 700, | |
| 1399 | 704, 683, 684, 69, 705, 706, 69, 707, 2237, 699, | |
| 1400 | 711, 709, 713, 710, 712, 714, 2237, 69, 715, 69, | |
| 1401 | 69, 2237, 716, 702, 2237, 703, 69, 704, 2237, 717, | |
| 1402 | 69, 705, 706, 718, 707, 69, 69, 69, 709, 720, | |
| 1403 | 710, 712, 69, 69, 69, 715, 719, 69, 69, 716, | |
| 1404 | 721, 722, 69, 723, 724, 69, 717, 725, 726, 69, | |
| 1405 | 718, 69, 730, 2237, 728, 729, 720, 727, 2237, 733, | |
| 1406 | 69, 731, 69, 719, 732, 69, 69, 721, 722, 2237, | |
| 1407 | ||
| 1408 | 69, 724, 69, 69, 725, 734, 69, 69, 735, 730, | |
| 1409 | 69, 728, 729, 69, 727, 69, 733, 69, 731, 736, | |
| 1410 | 737, 732, 69, 739, 740, 741, 69, 742, 738, 745, | |
| 1411 | 743, 69, 734, 744, 69, 735, 69, 2237, 746, 748, | |
| 1412 | 69, 747, 758, 755, 69, 69, 736, 737, 69, 69, | |
| 1413 | 739, 69, 741, 750, 742, 738, 745, 743, 749, 69, | |
| 1414 | 744, 69, 69, 751, 752, 746, 748, 69, 747, 753, | |
| 1415 | 69, 754, 759, 757, 69, 767, 756, 2237, 760, 69, | |
| 1416 | 750, 69, 69, 69, 764, 749, 69, 761, 2237, 766, | |
| 1417 | 751, 752, 69, 765, 762, 69, 753, 2237, 754, 69, | |
| 1418 | ||
| 1419 | 757, 69, 763, 756, 69, 760, 69, 69, 768, 69, | |
| 1420 | 769, 764, 770, 771, 761, 69, 766, 772, 2237, 69, | |
| 1421 | 765, 762, 773, 775, 69, 774, 69, 2237, 776, 763, | |
| 1422 | 777, 2237, 69, 778, 69, 768, 782, 769, 780, 770, | |
| 1423 | 69, 69, 69, 779, 772, 69, 69, 781, 2237, 69, | |
| 1424 | 141, 69, 774, 69, 69, 776, 2237, 777, 789, 790, | |
| 1425 | 778, 2237, 2237, 782, 791, 780, 797, 792, 794, 69, | |
| 1426 | 779, 798, 2237, 793, 781, 783, 69, 784, 2237, 795, | |
| 1427 | 69, 785, 69, 786, 69, 789, 790, 2237, 787, 800, | |
| 1428 | 796, 791, 799, 788, 792, 794, 69, 801, 69, 69, | |
| 1429 | ||
| 1430 | 793, 69, 783, 69, 784, 69, 795, 804, 785, 69, | |
| 1431 | 786, 802, 69, 805, 807, 787, 800, 796, 808, 799, | |
| 1432 | 788, 803, 806, 809, 801, 810, 69, 69, 69, 69, | |
| 1433 | 819, 817, 818, 69, 804, 820, 2237, 2237, 802, 69, | |
| 1434 | 805, 807, 821, 69, 822, 808, 69, 829, 803, 806, | |
| 1435 | 69, 823, 69, 827, 69, 69, 812, 819, 817, 818, | |
| 1436 | 824, 813, 820, 814, 825, 830, 69, 826, 69, 821, | |
| 1437 | 69, 822, 69, 69, 815, 69, 828, 831, 823, 69, | |
| 1438 | 69, 816, 69, 812, 832, 69, 833, 824, 813, 69, | |
| 1439 | 814, 825, 830, 834, 826, 836, 837, 835, 69, 69, | |
| 1440 | ||
| 1441 | 839, 815, 841, 828, 831, 69, 838, 840, 816, 842, | |
| 1442 | 69, 832, 843, 69, 69, 69, 2237, 69, 69, 69, | |
| 1443 | 834, 845, 836, 837, 835, 69, 846, 844, 69, 841, | |
| 1444 | 848, 69, 69, 838, 840, 858, 842, 847, 849, 843, | |
| 1445 | 69, 850, 2237, 851, 69, 852, 859, 853, 845, 69, | |
| 1446 | 2237, 69, 69, 846, 844, 69, 854, 69, 855, 856, | |
| 1447 | 69, 857, 69, 863, 847, 849, 864, 69, 850, 69, | |
| 1448 | 851, 860, 852, 859, 853, 865, 861, 69, 69, 866, | |
| 1449 | 69, 862, 69, 854, 867, 855, 856, 69, 857, 69, | |
| 1450 | 863, 69, 69, 864, 869, 868, 870, 871, 860, 69, | |
| 1451 | ||
| 1452 | 2237, 874, 865, 69, 872, 873, 866, 69, 69, 2237, | |
| 1453 | 69, 867, 69, 875, 876, 877, 878, 880, 879, 881, | |
| 1454 | 2237, 69, 868, 870, 871, 883, 69, 69, 874, 69, | |
| 1455 | 69, 872, 873, 882, 69, 69, 69, 69, 69, 884, | |
| 1456 | 875, 876, 877, 878, 880, 879, 69, 885, 887, 886, | |
| 1457 | 888, 69, 883, 889, 2237, 69, 69, 69, 896, 890, | |
| 1458 | 882, 891, 892, 69, 69, 895, 884, 893, 894, 897, | |
| 1459 | 898, 69, 900, 2237, 885, 887, 886, 888, 899, 901, | |
| 1460 | 69, 69, 69, 69, 69, 69, 890, 69, 891, 892, | |
| 1461 | 69, 69, 895, 903, 893, 894, 902, 898, 905, 69, | |
| 1462 | ||
| 1463 | 69, 69, 907, 906, 909, 899, 901, 69, 69, 69, | |
| 1464 | 69, 908, 69, 69, 910, 912, 911, 913, 914, 2237, | |
| 1465 | 903, 69, 69, 902, 915, 905, 917, 69, 69, 907, | |
| 1466 | 906, 909, 916, 920, 918, 926, 2237, 922, 908, 919, | |
| 1467 | 2237, 910, 912, 911, 921, 69, 69, 69, 69, 69, | |
| 1468 | 69, 915, 69, 917, 923, 69, 69, 69, 924, 916, | |
| 1469 | 920, 918, 69, 927, 922, 925, 919, 929, 928, 931, | |
| 1470 | 69, 921, 930, 69, 69, 934, 69, 69, 935, 69, | |
| 1471 | 932, 923, 2237, 933, 936, 924, 2237, 941, 69, 938, | |
| 1472 | 927, 69, 925, 937, 929, 928, 931, 940, 2237, 930, | |
| 1473 | ||
| 1474 | 69, 69, 934, 939, 69, 935, 69, 932, 945, 69, | |
| 1475 | 933, 936, 69, 69, 941, 69, 938, 942, 943, 944, | |
| 1476 | 937, 947, 2237, 949, 940, 69, 946, 69, 952, 948, | |
| 1477 | 939, 69, 951, 2237, 961, 69, 2237, 2237, 2237, 69, | |
| 1478 | 69, 69, 950, 69, 942, 943, 944, 956, 947, 69, | |
| 1479 | 949, 955, 69, 946, 69, 952, 948, 953, 954, 951, | |
| 1480 | 69, 957, 960, 958, 69, 69, 69, 2237, 69, 950, | |
| 1481 | 69, 965, 959, 69, 956, 964, 963, 966, 955, 69, | |
| 1482 | 69, 962, 69, 970, 953, 954, 967, 971, 957, 960, | |
| 1483 | 958, 968, 69, 69, 69, 69, 69, 969, 965, 959, | |
| 1484 | ||
| 1485 | 972, 69, 964, 963, 966, 69, 979, 980, 962, 981, | |
| 1486 | 970, 982, 984, 983, 971, 2237, 2237, 2237, 69, 2237, | |
| 1487 | 69, 985, 986, 2237, 969, 69, 69, 972, 973, 990, | |
| 1488 | 69, 974, 975, 979, 980, 69, 976, 69, 982, 984, | |
| 1489 | 983, 69, 977, 69, 69, 987, 978, 988, 985, 986, | |
| 1490 | 69, 69, 989, 991, 69, 973, 990, 993, 974, 975, | |
| 1491 | 994, 995, 2237, 976, 996, 1042, 69, 992, 2237, 977, | |
| 1492 | 69, 69, 987, 978, 988, 2237, 69, 2237, 1005, 989, | |
| 1493 | 991, 1002, 1004, 69, 1006, 1008, 2237, 69, 995, 69, | |
| 1494 | 1007, 996, 69, 2237, 992, 997, 69, 69, 69, 69, | |
| 1495 | ||
| 1496 | 998, 69, 999, 69, 1000, 1005, 1001, 69, 1002, 1004, | |
| 1497 | 1009, 1006, 1008, 69, 2237, 1010, 1012, 1007, 1013, 1011, | |
| 1498 | 1014, 2237, 997, 1015, 1016, 1021, 69, 998, 1023, 999, | |
| 1499 | 1017, 1000, 69, 1001, 69, 1018, 69, 69, 1019, 69, | |
| 1500 | 69, 1020, 69, 1012, 69, 1013, 1011, 1014, 69, 1022, | |
| 1501 | 1015, 1016, 69, 1024, 1027, 69, 1025, 1017, 1026, 1029, | |
| 1502 | 1028, 69, 1018, 69, 2237, 1019, 69, 69, 1020, 1030, | |
| 1503 | 1032, 1034, 1036, 1031, 1043, 1033, 1022, 69, 69, 69, | |
| 1504 | 1024, 69, 69, 1025, 1035, 1026, 69, 1028, 1037, 1039, | |
| 1505 | 1044, 69, 1038, 69, 69, 1041, 1030, 69, 1034, 1036, | |
| 1506 | ||
| 1507 | 1031, 69, 1033, 69, 1040, 1045, 69, 1046, 1049, 69, | |
| 1508 | 69, 1035, 69, 1047, 69, 1037, 1039, 1044, 2237, 1038, | |
| 1509 | 1048, 69, 1041, 1050, 69, 69, 1051, 1053, 1052, 2237, | |
| 1510 | 69, 1040, 69, 69, 1046, 69, 69, 69, 1054, 1056, | |
| 1511 | 1047, 1057, 1061, 1059, 1055, 1058, 69, 1048, 1060, 69, | |
| 1512 | 1050, 69, 69, 1051, 1063, 1052, 69, 1064, 69, 69, | |
| 1513 | 1062, 1065, 69, 69, 1067, 1054, 1056, 1071, 1057, 1061, | |
| 1514 | 1059, 1055, 1058, 1066, 69, 1060, 1072, 69, 1069, 69, | |
| 1515 | 1073, 1063, 1068, 1070, 1064, 69, 69, 1062, 69, 1074, | |
| 1516 | 69, 1067, 1075, 69, 1071, 69, 1076, 1077, 1078, 1079, | |
| 1517 | ||
| 1518 | 1066, 69, 2237, 1072, 2237, 1080, 1082, 1073, 1084, 1068, | |
| 1519 | 69, 69, 1085, 1081, 69, 1088, 1074, 69, 69, 1075, | |
| 1520 | 1083, 69, 69, 1076, 1077, 1078, 1097, 1086, 69, 69, | |
| 1521 | 1087, 69, 1080, 1082, 69, 1084, 69, 69, 69, 1085, | |
| 1522 | 1081, 1089, 1088, 1090, 1091, 1092, 69, 1083, 1093, 1094, | |
| 1523 | 69, 69, 1096, 1097, 1086, 1095, 1098, 1087, 69, 69, | |
| 1524 | 69, 69, 1100, 69, 1099, 1106, 1101, 1103, 1089, 1102, | |
| 1525 | 1090, 1091, 1092, 69, 69, 1093, 1094, 1105, 69, 1096, | |
| 1526 | 69, 69, 1095, 1098, 1104, 1107, 1108, 1110, 69, 1100, | |
| 1527 | 69, 1099, 69, 1101, 1103, 1109, 1102, 69, 1112, 69, | |
| 1528 | ||
| 1529 | 1111, 1113, 1114, 2237, 1105, 1117, 1115, 1119, 2237, 1131, | |
| 1530 | 69, 1104, 69, 1108, 69, 69, 69, 69, 69, 1116, | |
| 1531 | 1120, 69, 1109, 69, 2237, 1112, 69, 1111, 1113, 1114, | |
| 1532 | 1118, 69, 1117, 1115, 1119, 1121, 1122, 69, 1123, 69, | |
| 1533 | 1125, 69, 69, 1124, 69, 1126, 1116, 1120, 69, 1127, | |
| 1534 | 1128, 1129, 1130, 1132, 69, 1135, 69, 1118, 69, 69, | |
| 1535 | 69, 1133, 1121, 1122, 1134, 1136, 1137, 1138, 2237, 69, | |
| 1536 | 69, 1140, 69, 69, 69, 69, 1127, 1128, 1129, 1130, | |
| 1537 | 1132, 1139, 1144, 1142, 69, 69, 1143, 69, 1133, 69, | |
| 1538 | 1141, 1134, 1136, 1137, 1138, 69, 69, 1146, 1140, 1145, | |
| 1539 | ||
| 1540 | 1147, 1149, 1148, 1150, 1151, 2237, 69, 2237, 1139, 1144, | |
| 1541 | 1142, 1157, 69, 1143, 69, 69, 1152, 1141, 69, 1159, | |
| 1542 | 1153, 69, 69, 1156, 69, 69, 1145, 1147, 1149, 1148, | |
| 1543 | 1150, 1151, 1155, 1154, 69, 1158, 1161, 1160, 69, 69, | |
| 1544 | 1163, 69, 69, 1152, 69, 69, 1159, 1153, 1162, 1164, | |
| 1545 | 1156, 1166, 1165, 1168, 1167, 69, 1169, 69, 2237, 1155, | |
| 1546 | 1154, 69, 1158, 1161, 1160, 1170, 1171, 1172, 2237, 1173, | |
| 1547 | 1174, 1179, 69, 69, 1176, 1162, 69, 69, 1166, 1165, | |
| 1548 | 69, 1167, 69, 69, 1175, 69, 69, 69, 1177, 1180, | |
| 1549 | 1178, 69, 69, 1171, 1172, 69, 1173, 1174, 69, 1181, | |
| 1550 | ||
| 1551 | 1183, 1176, 69, 1182, 1184, 69, 69, 1188, 2237, 1185, | |
| 1552 | 69, 1175, 69, 1186, 2237, 1177, 1180, 1178, 1191, 1187, | |
| 1553 | 69, 69, 1190, 2237, 1189, 1192, 1181, 1183, 2237, 69, | |
| 1554 | 1182, 1184, 69, 69, 69, 69, 1185, 1196, 1195, 1199, | |
| 1555 | 1186, 69, 1198, 1193, 69, 1191, 1187, 69, 1194, 1190, | |
| 1556 | 69, 1189, 1192, 1197, 1200, 69, 69, 1202, 1204, 69, | |
| 1557 | 69, 69, 2237, 1203, 1196, 1195, 1199, 69, 1208, 1198, | |
| 1558 | 1193, 1201, 1206, 1205, 1207, 1194, 69, 69, 69, 1209, | |
| 1559 | 1197, 69, 1210, 1212, 1211, 69, 69, 1213, 1218, 69, | |
| 1560 | 1203, 69, 2237, 69, 69, 1208, 69, 1214, 1201, 1206, | |
| 1561 | ||
| 1562 | 1205, 1207, 69, 1219, 69, 69, 1209, 69, 1220, 1210, | |
| 1563 | 1212, 1211, 1215, 1223, 1213, 1216, 1221, 1222, 1224, 69, | |
| 1564 | 69, 1225, 1226, 1229, 1214, 69, 69, 1217, 2237, 1230, | |
| 1565 | 1219, 69, 1231, 1227, 1234, 1220, 69, 69, 69, 1215, | |
| 1566 | 1223, 69, 1216, 1221, 1222, 1228, 1233, 69, 1225, 1226, | |
| 1567 | 69, 69, 69, 1232, 1217, 69, 1230, 69, 1236, 1235, | |
| 1568 | 1227, 69, 1237, 1238, 69, 1239, 1240, 69, 69, 69, | |
| 1569 | 69, 1248, 1228, 1233, 1242, 1243, 1241, 1244, 69, 69, | |
| 1570 | 1232, 69, 1246, 1250, 69, 1236, 1235, 1245, 69, 1237, | |
| 1571 | 1238, 69, 1239, 1240, 69, 69, 1247, 2237, 69, 1249, | |
| 1572 | ||
| 1573 | 1252, 1242, 69, 1241, 1244, 69, 69, 69, 1251, 1246, | |
| 1574 | 1250, 1253, 69, 1254, 1245, 1256, 69, 1257, 2237, 1255, | |
| 1575 | 1261, 1258, 1265, 1247, 69, 1262, 1249, 1252, 69, 69, | |
| 1576 | 1263, 69, 1266, 69, 69, 1251, 1259, 69, 1253, 1260, | |
| 1577 | 1254, 69, 1256, 1264, 1257, 69, 1255, 1261, 1258, 69, | |
| 1578 | 1267, 1269, 1262, 1268, 69, 2237, 1270, 1263, 1271, 69, | |
| 1579 | 1272, 69, 1276, 1259, 1275, 1277, 1260, 69, 69, 1284, | |
| 1580 | 1264, 69, 1273, 69, 69, 1274, 69, 1267, 1269, 1278, | |
| 1581 | 1268, 1279, 69, 1270, 1280, 1271, 69, 1272, 1281, 1282, | |
| 1582 | 69, 1275, 69, 69, 69, 69, 1284, 1283, 1285, 1273, | |
| 1583 | ||
| 1584 | 69, 69, 1274, 1286, 1288, 1289, 1278, 69, 1279, 1287, | |
| 1585 | 1297, 1280, 69, 1295, 1290, 1281, 1282, 1294, 1296, 1299, | |
| 1586 | 69, 1300, 69, 1316, 1283, 1285, 69, 69, 1291, 69, | |
| 1587 | 1286, 1288, 1289, 1302, 1292, 1301, 1287, 1293, 1298, 1303, | |
| 1588 | 69, 1290, 69, 69, 1294, 69, 69, 69, 1300, 1304, | |
| 1589 | 69, 69, 69, 1306, 69, 1291, 1305, 1309, 1310, 1307, | |
| 1590 | 1302, 1292, 1313, 1308, 1293, 1298, 1303, 69, 1314, 1311, | |
| 1591 | 69, 69, 69, 2237, 1312, 1322, 69, 69, 69, 69, | |
| 1592 | 1306, 69, 69, 1305, 1309, 1310, 1307, 1318, 1315, 1319, | |
| 1593 | 1308, 1317, 1324, 69, 69, 1314, 1311, 69, 69, 1320, | |
| 1594 | ||
| 1595 | 1321, 1312, 1322, 1323, 69, 1325, 1331, 69, 1327, 1328, | |
| 1596 | 69, 69, 1326, 69, 1318, 1315, 1319, 1332, 1317, 1324, | |
| 1597 | 1335, 69, 69, 1329, 69, 69, 1320, 1321, 69, 1330, | |
| 1598 | 1323, 1333, 69, 1331, 1334, 1327, 1328, 69, 69, 1326, | |
| 1599 | 1336, 69, 1337, 69, 1338, 1340, 69, 1335, 1339, 69, | |
| 1600 | 1329, 1341, 1343, 1342, 1345, 1344, 1330, 2237, 1333, 69, | |
| 1601 | 2237, 1334, 69, 69, 1346, 1347, 69, 69, 69, 1337, | |
| 1602 | 69, 69, 1340, 69, 1349, 1339, 1348, 69, 69, 1343, | |
| 1603 | 1342, 1345, 1344, 1350, 1351, 1356, 1352, 69, 1355, 69, | |
| 1604 | 1354, 1346, 1347, 1357, 69, 69, 1358, 69, 1367, 1353, | |
| 1605 | ||
| 1606 | 69, 1349, 69, 1348, 69, 1361, 69, 1360, 1359, 1363, | |
| 1607 | 1350, 1351, 69, 1352, 69, 1355, 69, 1354, 1364, 1365, | |
| 1608 | 1362, 1366, 1369, 1358, 69, 69, 1353, 69, 1368, 1370, | |
| 1609 | 69, 1371, 69, 1373, 1360, 1359, 69, 1372, 69, 69, | |
| 1610 | 1374, 1376, 1375, 1383, 69, 1364, 69, 1362, 1366, 1387, | |
| 1611 | 2237, 1381, 69, 2237, 69, 1368, 1370, 69, 69, 1382, | |
| 1612 | 1373, 1391, 69, 69, 1372, 1388, 69, 69, 69, 1375, | |
| 1613 | 1377, 1378, 1379, 69, 1384, 69, 1387, 1380, 1381, 1385, | |
| 1614 | 1389, 69, 1390, 1394, 1386, 69, 1382, 1392, 1393, 69, | |
| 1615 | 69, 1395, 1388, 69, 69, 69, 69, 1377, 1378, 1379, | |
| 1616 | ||
| 1617 | 1397, 1384, 1396, 69, 1380, 69, 1398, 1389, 1400, 1390, | |
| 1618 | 1394, 69, 1399, 69, 1392, 1393, 1401, 69, 69, 1402, | |
| 1619 | 1404, 1406, 1403, 1413, 1405, 2237, 69, 1397, 69, 1396, | |
| 1620 | 1408, 69, 1407, 1398, 69, 1400, 69, 69, 1409, 1399, | |
| 1621 | 1412, 69, 1411, 69, 1410, 69, 1402, 69, 1406, 1403, | |
| 1622 | 69, 1405, 1415, 69, 1414, 69, 1416, 1408, 1417, 1407, | |
| 1623 | 1418, 69, 69, 2237, 69, 1409, 1420, 1412, 1421, 1411, | |
| 1624 | 1419, 1410, 69, 1428, 1422, 69, 1423, 1425, 1424, 1415, | |
| 1625 | 1427, 1414, 69, 2237, 69, 69, 69, 69, 69, 2237, | |
| 1626 | 69, 69, 69, 1420, 1429, 1421, 2237, 1419, 1426, 69, | |
| 1627 | ||
| 1628 | 1428, 1422, 69, 1423, 1425, 1424, 69, 1427, 1431, 1434, | |
| 1629 | 1430, 1432, 1433, 1435, 1437, 1436, 69, 69, 1440, 1443, | |
| 1630 | 69, 1429, 1441, 69, 1444, 1426, 69, 1445, 69, 1448, | |
| 1631 | 1451, 1442, 69, 69, 69, 1431, 1434, 1430, 1432, 1433, | |
| 1632 | 1435, 69, 1436, 1438, 69, 69, 1443, 1446, 1439, 1441, | |
| 1633 | 1449, 69, 1447, 1450, 69, 1453, 69, 1452, 1442, 69, | |
| 1634 | 1456, 69, 69, 1455, 1457, 69, 1454, 1458, 69, 69, | |
| 1635 | 1438, 1459, 69, 1460, 1462, 1439, 1461, 1449, 69, 69, | |
| 1636 | 1450, 69, 1453, 1463, 1452, 1465, 69, 1464, 1466, 1467, | |
| 1637 | 1455, 1457, 69, 1454, 69, 1469, 1470, 69, 1459, 69, | |
| 1638 | ||
| 1639 | 1460, 69, 69, 1461, 1468, 1471, 1472, 2237, 1475, 69, | |
| 1640 | 69, 69, 1473, 69, 1464, 1466, 1467, 69, 69, 1474, | |
| 1641 | 1476, 69, 1469, 1470, 1478, 69, 1477, 69, 1485, 69, | |
| 1642 | 1479, 1468, 1471, 1472, 69, 69, 1480, 69, 69, 1473, | |
| 1643 | 1481, 1483, 1482, 1484, 1490, 1486, 1474, 1476, 69, 69, | |
| 1644 | 69, 69, 1489, 1477, 69, 1487, 1491, 1479, 69, 1492, | |
| 1645 | 69, 69, 69, 1480, 69, 69, 1488, 1481, 1483, 1482, | |
| 1646 | 1484, 1490, 1486, 1493, 69, 1494, 1495, 1496, 1497, 1489, | |
| 1647 | 1498, 69, 1487, 1491, 69, 1499, 69, 69, 69, 69, | |
| 1648 | 1500, 1503, 1501, 1488, 1502, 2237, 1504, 1505, 69, 2237, | |
| 1649 | ||
| 1650 | 1493, 1507, 1494, 1495, 1538, 1497, 69, 1498, 1516, 69, | |
| 1651 | 69, 69, 1499, 2237, 69, 69, 69, 69, 1503, 1501, | |
| 1652 | 1506, 1502, 69, 1504, 1505, 1508, 69, 1509, 1507, 1510, | |
| 1653 | 69, 1511, 1512, 1515, 1514, 69, 69, 1517, 1519, 2237, | |
| 1654 | 69, 69, 69, 69, 1518, 1513, 69, 1506, 69, 1523, | |
| 1655 | 2237, 69, 1508, 69, 1509, 1520, 1510, 1522, 1511, 1512, | |
| 1656 | 1515, 1514, 69, 1521, 1517, 1519, 1524, 1525, 1526, 1527, | |
| 1657 | 69, 1518, 1513, 1528, 69, 69, 1523, 69, 1529, 69, | |
| 1658 | 1530, 1532, 1520, 1548, 1522, 1531, 69, 69, 69, 69, | |
| 1659 | 1521, 69, 1533, 1524, 1525, 1526, 1527, 1536, 69, 1534, | |
| 1660 | ||
| 1661 | 1528, 1535, 1537, 69, 1540, 1529, 69, 69, 1532, 69, | |
| 1662 | 1539, 1541, 1531, 1544, 1542, 69, 1545, 69, 69, 1533, | |
| 1663 | 1543, 69, 69, 69, 1536, 1550, 1534, 1546, 1535, 1537, | |
| 1664 | 69, 1540, 69, 69, 1549, 2237, 1552, 1539, 1541, 69, | |
| 1665 | 69, 1542, 69, 1545, 1547, 1551, 1554, 1543, 1553, 1555, | |
| 1666 | 69, 69, 1550, 1556, 1546, 1558, 69, 2237, 2237, 1557, | |
| 1667 | 69, 1549, 69, 1552, 69, 69, 1559, 1561, 1560, 1562, | |
| 1668 | 1564, 1547, 1551, 1554, 69, 1553, 1555, 69, 69, 1565, | |
| 1669 | 1556, 1566, 69, 69, 69, 1563, 1557, 1572, 69, 69, | |
| 1670 | 1567, 69, 69, 1559, 1561, 1560, 1562, 1564, 1569, 69, | |
| 1671 | ||
| 1672 | 1571, 1570, 69, 1568, 1573, 69, 1565, 1575, 1566, 1577, | |
| 1673 | 1576, 69, 1563, 69, 1572, 1574, 1578, 1567, 69, 69, | |
| 1674 | 1582, 1579, 1584, 1588, 1580, 1569, 1589, 1571, 1570, 1581, | |
| 1675 | 1568, 69, 69, 69, 69, 69, 1577, 1576, 69, 69, | |
| 1676 | 1585, 69, 1574, 1578, 1583, 1593, 1590, 1582, 1579, 69, | |
| 1677 | 1588, 69, 1592, 69, 1586, 1591, 69, 1595, 1594, 2237, | |
| 1678 | 1597, 69, 1598, 2237, 1596, 1587, 69, 1585, 1600, 69, | |
| 1679 | 69, 1583, 69, 1590, 1599, 1606, 69, 69, 2237, 1592, | |
| 1680 | 69, 1586, 1591, 69, 69, 1594, 69, 1597, 1602, 1598, | |
| 1681 | 69, 1596, 1587, 1601, 1603, 1600, 1604, 69, 1605, 1607, | |
| 1682 | ||
| 1683 | 69, 1599, 69, 1610, 69, 69, 1608, 1609, 1613, 69, | |
| 1684 | 1614, 1611, 69, 69, 1620, 1602, 69, 2237, 69, 69, | |
| 1685 | 1601, 1603, 69, 1604, 1612, 1605, 1607, 1617, 1615, 69, | |
| 1686 | 1610, 1619, 69, 1608, 1609, 1613, 69, 1614, 1611, 1616, | |
| 1687 | 1618, 69, 69, 69, 1621, 69, 69, 1622, 1626, 1623, | |
| 1688 | 1624, 1612, 1625, 1627, 1617, 1615, 1629, 1628, 1619, 1630, | |
| 1689 | 2237, 69, 69, 2237, 69, 1633, 1616, 1618, 69, 69, | |
| 1690 | 69, 1621, 1634, 1635, 1622, 69, 1623, 1624, 69, 1625, | |
| 1691 | 69, 1636, 1637, 1629, 1628, 69, 1630, 1631, 69, 69, | |
| 1692 | 1632, 1638, 69, 1639, 69, 69, 1640, 1642, 1643, 1634, | |
| 1693 | ||
| 1694 | 1635, 1644, 1641, 1645, 1647, 69, 69, 69, 1636, 1637, | |
| 1695 | 69, 1648, 69, 1646, 1631, 1649, 1651, 1632, 1638, 1650, | |
| 1696 | 69, 1654, 1657, 69, 69, 1643, 69, 69, 69, 1641, | |
| 1697 | 69, 1647, 1652, 69, 1653, 2237, 1655, 1661, 1648, 1658, | |
| 1698 | 1646, 69, 69, 69, 1659, 69, 1650, 69, 1654, 69, | |
| 1699 | 1660, 1656, 2237, 1662, 1666, 69, 69, 1668, 69, 1652, | |
| 1700 | 69, 1653, 69, 1655, 69, 1663, 1658, 1664, 1665, 69, | |
| 1701 | 1670, 1659, 1671, 69, 1667, 1673, 1669, 1660, 1656, 69, | |
| 1702 | 1662, 69, 69, 69, 69, 1672, 2237, 1676, 1674, 1675, | |
| 1703 | 69, 69, 1663, 69, 1664, 1665, 1677, 1670, 69, 1671, | |
| 1704 | ||
| 1705 | 1679, 1667, 1673, 1669, 69, 1678, 69, 1680, 1681, 69, | |
| 1706 | 1682, 69, 1672, 69, 1676, 1674, 1675, 1687, 1683, 69, | |
| 1707 | 1684, 1685, 69, 1677, 1690, 1692, 1689, 1679, 1686, 69, | |
| 1708 | 69, 1688, 1678, 69, 1680, 1681, 69, 1682, 69, 69, | |
| 1709 | 1691, 69, 69, 2237, 1693, 1683, 1698, 1684, 1685, 69, | |
| 1710 | 1697, 1690, 1694, 1689, 69, 1686, 1703, 69, 1688, 1699, | |
| 1711 | 1701, 1695, 69, 1696, 69, 1700, 69, 1691, 69, 1702, | |
| 1712 | 69, 1693, 69, 1698, 69, 1704, 69, 1697, 1705, 1694, | |
| 1713 | 69, 1707, 1708, 1703, 69, 69, 1699, 1701, 1695, 1706, | |
| 1714 | 1696, 1709, 1700, 1710, 1711, 1714, 1702, 69, 2237, 1712, | |
| 1715 | ||
| 1716 | 2237, 1713, 1704, 1716, 69, 1705, 1715, 1719, 69, 69, | |
| 1717 | 69, 69, 69, 69, 1717, 1718, 1706, 1720, 1709, 69, | |
| 1718 | 1725, 69, 1714, 1721, 1724, 69, 1712, 69, 1713, 1722, | |
| 1719 | 1716, 69, 1723, 1715, 1719, 1727, 69, 69, 69, 69, | |
| 1720 | 69, 1717, 1718, 69, 69, 69, 1726, 1725, 1728, 1729, | |
| 1721 | 1721, 1724, 1730, 69, 1731, 1732, 1722, 69, 1733, 1723, | |
| 1722 | 1735, 69, 1727, 1742, 1734, 69, 1737, 1739, 69, 2237, | |
| 1723 | 69, 1736, 1738, 1726, 1740, 1744, 1729, 69, 1746, 1730, | |
| 1724 | 69, 1731, 1732, 69, 69, 69, 1741, 1735, 1743, 1745, | |
| 1725 | 69, 1734, 69, 1737, 1739, 69, 69, 1747, 1736, 1738, | |
| 1726 | ||
| 1727 | 69, 1740, 69, 69, 1748, 69, 69, 69, 1749, 69, | |
| 1728 | 1750, 1751, 1752, 1741, 1753, 1743, 1745, 2237, 1754, 1757, | |
| 1729 | 1755, 1756, 1761, 1759, 1747, 69, 69, 69, 1764, 69, | |
| 1730 | 69, 1748, 1765, 1760, 1758, 1749, 1766, 69, 69, 1772, | |
| 1731 | 69, 1753, 1768, 69, 69, 1754, 1757, 1755, 1756, 69, | |
| 1732 | 69, 69, 1763, 1762, 69, 69, 1767, 1769, 69, 1765, | |
| 1733 | 1760, 1758, 69, 69, 69, 1771, 69, 69, 1770, 1768, | |
| 1734 | 69, 1773, 1774, 1775, 2237, 1777, 1776, 2237, 69, 1763, | |
| 1735 | 1762, 69, 1778, 1767, 1769, 69, 1780, 69, 69, 1779, | |
| 1736 | 1781, 1784, 1771, 1782, 1785, 1770, 2237, 69, 69, 69, | |
| 1737 | ||
| 1738 | 1775, 69, 1777, 1776, 69, 69, 69, 1783, 1788, 1778, | |
| 1739 | 1786, 69, 69, 1780, 69, 69, 1779, 1781, 69, 1787, | |
| 1740 | 1782, 1785, 69, 1790, 1789, 1792, 69, 69, 1791, 1793, | |
| 1741 | 2237, 1800, 1801, 1796, 1783, 1788, 69, 1786, 69, 1794, | |
| 1742 | 1797, 1795, 1798, 69, 69, 69, 1787, 1802, 1799, 1804, | |
| 1743 | 1790, 1789, 1792, 69, 69, 1791, 1793, 69, 69, 69, | |
| 1744 | 1796, 1813, 1803, 1809, 69, 69, 1794, 1797, 1795, 1798, | |
| 1745 | 69, 69, 1805, 69, 1802, 1799, 1804, 1806, 1807, 69, | |
| 1746 | 1808, 69, 1812, 69, 1810, 1811, 69, 69, 69, 1803, | |
| 1747 | 1809, 69, 1814, 1815, 69, 1816, 2237, 1818, 2237, 1805, | |
| 1748 | ||
| 1749 | 1824, 1817, 69, 1822, 1806, 1807, 69, 1808, 69, 1812, | |
| 1750 | 69, 1810, 1811, 69, 1819, 69, 1820, 1821, 1823, 1814, | |
| 1751 | 1815, 1826, 1816, 69, 1818, 69, 1825, 69, 1817, 1827, | |
| 1752 | 69, 2237, 69, 69, 1832, 69, 1828, 69, 1831, 1829, | |
| 1753 | 1830, 1819, 1833, 1820, 1821, 69, 69, 69, 1826, 1834, | |
| 1754 | 1835, 1842, 1837, 1825, 1836, 2237, 1827, 1838, 69, 69, | |
| 1755 | 69, 1832, 69, 1828, 69, 1831, 1829, 1830, 1840, 69, | |
| 1756 | 69, 1843, 1839, 1841, 69, 69, 1834, 69, 69, 1837, | |
| 1757 | 69, 1836, 1844, 69, 1838, 1845, 1849, 1846, 1848, 1847, | |
| 1758 | 1850, 69, 1851, 1852, 1853, 1840, 1854, 69, 1843, 1839, | |
| 1759 | ||
| 1760 | 1841, 69, 69, 1855, 69, 1856, 2237, 1857, 1860, 1844, | |
| 1761 | 69, 69, 69, 69, 1846, 1848, 1847, 1850, 1861, 69, | |
| 1762 | 69, 1853, 1858, 69, 1859, 69, 69, 69, 1862, 1864, | |
| 1763 | 1855, 1863, 69, 69, 1857, 1860, 1866, 69, 69, 2237, | |
| 1764 | 69, 69, 1865, 1867, 1868, 1861, 1870, 1869, 69, 1858, | |
| 1765 | 1871, 1859, 1872, 69, 1873, 1862, 1864, 1874, 1863, 69, | |
| 1766 | 1875, 69, 2237, 1866, 1876, 69, 69, 1879, 1877, 1865, | |
| 1767 | 1867, 1868, 69, 69, 1869, 1878, 69, 69, 1880, 1872, | |
| 1768 | 69, 1873, 69, 1882, 1881, 1884, 1885, 1875, 1883, 69, | |
| 1769 | 69, 1876, 1887, 1886, 69, 1877, 1889, 69, 69, 1888, | |
| 1770 | ||
| 1771 | 2237, 2237, 1878, 1890, 2237, 69, 1891, 69, 69, 1892, | |
| 1772 | 1893, 1881, 1884, 1894, 69, 69, 69, 69, 69, 1887, | |
| 1773 | 1886, 1899, 69, 1889, 69, 1896, 1888, 1897, 69, 1895, | |
| 1774 | 1890, 1898, 1900, 1891, 69, 69, 1892, 1893, 69, 69, | |
| 1775 | 1894, 1904, 1906, 1901, 1908, 69, 1902, 69, 1899, 69, | |
| 1776 | 69, 69, 1896, 69, 1897, 1903, 1895, 1905, 1898, 1900, | |
| 1777 | 69, 1914, 1907, 69, 1909, 69, 1910, 1912, 69, 1906, | |
| 1778 | 1901, 69, 69, 1902, 69, 1913, 1911, 1915, 69, 1916, | |
| 1779 | 2237, 1917, 1903, 69, 1905, 1920, 1918, 1919, 69, 1907, | |
| 1780 | 69, 1909, 1922, 1910, 1912, 1923, 69, 1921, 69, 69, | |
| 1781 | ||
| 1782 | 69, 69, 1926, 1911, 1915, 1927, 1916, 69, 1917, 69, | |
| 1783 | 69, 1928, 1920, 1918, 1919, 1929, 1924, 1931, 69, 1922, | |
| 1784 | 1925, 1932, 69, 69, 1921, 1930, 1935, 69, 69, 1926, | |
| 1785 | 1933, 2237, 69, 1934, 1936, 69, 1937, 1940, 1928, 69, | |
| 1786 | 1938, 69, 69, 1924, 69, 1939, 69, 1925, 69, 1941, | |
| 1787 | 1942, 69, 1930, 1943, 1944, 69, 1945, 1933, 69, 69, | |
| 1788 | 1934, 69, 1946, 1937, 1940, 1948, 1947, 69, 1949, 1950, | |
| 1789 | 69, 1955, 69, 1954, 2237, 1951, 1941, 69, 69, 1952, | |
| 1790 | 1943, 1944, 69, 69, 69, 1957, 69, 1953, 69, 1946, | |
| 1791 | 69, 1956, 1948, 1947, 69, 1949, 1950, 69, 69, 69, | |
| 1792 | ||
| 1793 | 1954, 1958, 1951, 1959, 69, 1960, 1952, 1961, 1962, 69, | |
| 1794 | 2237, 2237, 1957, 1964, 1953, 1963, 1965, 69, 1956, 69, | |
| 1795 | 69, 1966, 1969, 1970, 2237, 1972, 1973, 1971, 1958, 69, | |
| 1796 | 1959, 69, 1960, 69, 1961, 1962, 69, 69, 1967, 69, | |
| 1797 | 1964, 1974, 1963, 1965, 1968, 69, 69, 69, 1966, 69, | |
| 1798 | 1970, 69, 69, 1973, 1971, 1975, 1976, 1977, 1978, 1982, | |
| 1799 | 1980, 1981, 1984, 1979, 1983, 1967, 69, 1986, 69, 2237, | |
| 1800 | 2237, 1968, 2237, 69, 69, 1985, 69, 69, 69, 1987, | |
| 1801 | 1988, 1991, 1975, 1976, 1977, 69, 69, 1980, 1981, 1984, | |
| 1802 | 1979, 69, 1992, 69, 69, 69, 1989, 69, 69, 1990, | |
| 1803 | ||
| 1804 | 2237, 1997, 1985, 69, 1993, 1994, 1987, 1988, 1991, 1995, | |
| 1805 | 1999, 1998, 1996, 2000, 69, 2237, 2002, 69, 69, 1992, | |
| 1806 | 2001, 69, 69, 1989, 2003, 2004, 1990, 69, 69, 69, | |
| 1807 | 2008, 1993, 1994, 2006, 2010, 69, 1995, 1999, 1998, 1996, | |
| 1808 | 2000, 2007, 69, 2005, 2013, 2011, 69, 2001, 69, 69, | |
| 1809 | 69, 2003, 69, 69, 2009, 69, 69, 2012, 2016, 2014, | |
| 1810 | 2006, 69, 69, 2017, 2015, 2022, 2020, 2018, 2007, 69, | |
| 1811 | 2005, 69, 2011, 69, 69, 69, 69, 2019, 2021, 69, | |
| 1812 | 2024, 2009, 2025, 2027, 2012, 2016, 2014, 69, 69, 2023, | |
| 1813 | 2017, 2015, 69, 2020, 2018, 2026, 69, 69, 2029, 2030, | |
| 1814 | ||
| 1815 | 2028, 69, 2034, 2237, 2019, 2021, 2031, 69, 2032, 69, | |
| 1816 | 69, 69, 69, 69, 2036, 2033, 2023, 2035, 2037, 69, | |
| 1817 | 69, 2038, 2026, 69, 2040, 2029, 69, 2028, 69, 2034, | |
| 1818 | 69, 2039, 69, 2031, 2043, 2032, 2042, 2041, 2044, 2048, | |
| 1819 | 2045, 2036, 2033, 69, 2035, 69, 2049, 2047, 69, 69, | |
| 1820 | 2051, 2040, 69, 2046, 69, 2050, 2052, 2054, 2039, 69, | |
| 1821 | 2057, 69, 69, 2042, 2041, 2044, 69, 2045, 69, 2058, | |
| 1822 | 2060, 69, 2061, 69, 2047, 2062, 2053, 2051, 69, 69, | |
| 1823 | 2046, 2064, 2050, 2052, 69, 2055, 2056, 69, 69, 69, | |
| 1824 | 2059, 2065, 2063, 2066, 69, 69, 69, 69, 69, 2061, | |
| 1825 | ||
| 1826 | 2067, 2068, 2062, 2053, 2070, 2237, 2071, 2069, 69, 69, | |
| 1827 | 2072, 2073, 2055, 2056, 69, 69, 2074, 2059, 69, 2063, | |
| 1828 | 69, 2075, 69, 69, 69, 2076, 2079, 2067, 69, 2077, | |
| 1829 | 2080, 2070, 69, 2071, 2069, 2237, 2078, 69, 2073, 69, | |
| 1830 | 2081, 2087, 2084, 2074, 2085, 69, 2237, 2082, 2075, 69, | |
| 1831 | 2237, 69, 69, 2079, 69, 2086, 2077, 69, 2083, 69, | |
| 1832 | 69, 2089, 69, 2078, 69, 69, 2088, 2081, 2087, 2084, | |
| 1833 | 69, 2085, 2090, 69, 2082, 2093, 69, 2091, 2092, 2094, | |
| 1834 | 2096, 69, 2086, 69, 2095, 2083, 2097, 69, 2089, 2098, | |
| 1835 | 2099, 69, 2100, 2088, 2101, 2102, 2237, 2103, 2104, 2090, | |
| 1836 | ||
| 1837 | 2105, 69, 2093, 2107, 2091, 2092, 2094, 69, 2106, 69, | |
| 1838 | 2109, 2095, 69, 69, 2108, 2111, 2098, 69, 2112, 69, | |
| 1839 | 69, 69, 69, 69, 2103, 69, 2113, 2105, 2114, 2110, | |
| 1840 | 69, 2115, 2116, 69, 69, 2106, 2117, 2109, 69, 2119, | |
| 1841 | 2237, 2108, 2111, 69, 69, 2112, 2118, 2121, 69, 2122, | |
| 1842 | 2124, 69, 2123, 69, 69, 69, 2110, 2125, 2115, 2116, | |
| 1843 | 69, 2120, 2126, 69, 2127, 2128, 2119, 69, 2129, 69, | |
| 1844 | 2130, 69, 2131, 2118, 2121, 2132, 2122, 69, 2133, 2123, | |
| 1845 | 2135, 2134, 2137, 2138, 69, 2136, 69, 2139, 2120, 69, | |
| 1846 | 69, 69, 69, 69, 69, 2129, 2140, 69, 2144, 69, | |
| 1847 | ||
| 1848 | 69, 2142, 2132, 2141, 69, 2133, 69, 69, 2134, 2137, | |
| 1849 | 69, 69, 2136, 2143, 2139, 69, 2145, 2148, 69, 2146, | |
| 1850 | 2147, 69, 69, 2140, 69, 2144, 69, 2150, 2142, 2149, | |
| 1851 | 2141, 2157, 2237, 69, 2151, 2154, 2237, 69, 2153, 69, | |
| 1852 | 2143, 69, 69, 2145, 2148, 69, 2146, 2147, 2152, 69, | |
| 1853 | 2158, 2155, 2156, 2159, 2150, 2160, 2149, 69, 69, 69, | |
| 1854 | 2161, 2151, 2154, 69, 2162, 2153, 2163, 2164, 69, 69, | |
| 1855 | 2166, 2165, 2167, 2168, 2172, 2152, 2173, 2158, 2155, 2156, | |
| 1856 | 69, 69, 2160, 69, 2169, 69, 69, 69, 69, 2171, | |
| 1857 | 2174, 2162, 2170, 2163, 2164, 2175, 69, 69, 2165, 2167, | |
| 1858 | ||
| 1859 | 69, 69, 69, 69, 2176, 2177, 69, 2178, 69, 69, | |
| 1860 | 2180, 2169, 69, 2179, 2181, 2182, 2171, 2174, 69, 2170, | |
| 1861 | 2237, 69, 2175, 69, 69, 2183, 2184, 2185, 69, 2186, | |
| 1862 | 69, 2176, 2177, 2187, 2178, 69, 2188, 2180, 2237, 2189, | |
| 1863 | 2179, 2181, 2182, 2190, 2193, 2192, 2197, 69, 69, 2191, | |
| 1864 | 2237, 2237, 2183, 2184, 2185, 2194, 69, 69, 69, 69, | |
| 1865 | 2187, 69, 2200, 2188, 2195, 69, 2189, 2237, 2204, 2199, | |
| 1866 | 2190, 69, 69, 2196, 2237, 69, 2191, 69, 69, 2198, | |
| 1867 | 2201, 69, 2194, 69, 69, 2202, 2205, 69, 69, 2200, | |
| 1868 | 2203, 2195, 2207, 69, 69, 2204, 2199, 2206, 2237, 2208, | |
| 1869 | ||
| 1870 | 2196, 2209, 2210, 2211, 69, 69, 2198, 2201, 69, 2212, | |
| 1871 | 2216, 69, 2202, 2205, 2213, 2214, 2237, 2203, 69, 2207, | |
| 1872 | 2237, 2218, 69, 69, 2206, 69, 2208, 2219, 2209, 2210, | |
| 1873 | 2211, 2215, 69, 2222, 69, 69, 69, 2216, 2217, 69, | |
| 1874 | 2225, 2213, 2214, 69, 2220, 2221, 69, 2223, 2218, 69, | |
| 1875 | 2226, 2228, 69, 69, 2219, 69, 2224, 2229, 2215, 69, | |
| 1876 | 2222, 2227, 2230, 2231, 69, 2217, 69, 2225, 2233, 2232, | |
| 1877 | 2235, 2220, 2221, 2236, 2223, 2237, 69, 69, 69, 2234, | |
| 1878 | 2237, 69, 69, 2224, 69, 69, 2237, 69, 2227, 2230, | |
| 1879 | 2231, 69, 2237, 2237, 2237, 2233, 2232, 69, 2237, 2237, | |
| 1880 | ||
| 1881 | 69, 2237, 2237, 2237, 2237, 2237, 2234, 41, 41, 41, | |
| 1882 | 41, 41, 41, 41, 46, 46, 46, 46, 46, 46, | |
| 1883 | 46, 51, 51, 51, 51, 51, 51, 51, 57, 57, | |
| 1884 | 57, 57, 57, 57, 57, 62, 62, 62, 62, 62, | |
| 1885 | 62, 62, 72, 72, 2237, 72, 72, 72, 72, 131, | |
| 1886 | 131, 2237, 2237, 2237, 131, 131, 133, 133, 2237, 2237, | |
| 1887 | 133, 2237, 133, 135, 2237, 2237, 2237, 2237, 2237, 135, | |
| 1888 | 138, 138, 2237, 2237, 2237, 138, 138, 140, 2237, 2237, | |
| 1889 | 2237, 2237, 2237, 140, 142, 142, 2237, 142, 142, 142, | |
| 1890 | 142, 73, 73, 2237, 73, 73, 73, 73, 13, 2237, | |
| 1891 | ||
| 1892 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 1893 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 1894 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 1895 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 1896 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 1897 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 1898 | 2237, 2237, 2237, 2237, 2237 | |
| 1718 | 1899 | } ; |
| 1719 | 1900 | |
| 1720 | static yyconst flex_int16_t yy_chk[5690] = | |
| 1901 | static yyconst flex_int16_t yy_chk[6466] = | |
| 1721 | 1902 | { 0, |
| 1722 | 1903 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1723 | 1904 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1725 | 1906 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1726 | 1907 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1727 | 1908 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1728 | 1, 1, 1, 1, 1, 3, 3, 3, 4, 4, | |
| 1729 | 4, 5, 5, 6, 6, 5, 27, 6, 7, 7, | |
| 1730 | 7, 7, 1961, 7, 8, 8, 8, 8, 27, 8, | |
| 1731 | 9, 9, 9, 10, 10, 10, 15, 45, 45, 50, | |
| 1732 | ||
| 1733 | 15, 3, 50, 27, 4, 61, 61, 5, 19, 6, | |
| 1734 | 19, 19, 70, 19, 707, 7, 70, 40, 19, 40, | |
| 1735 | 40, 8, 40, 23, 20, 20, 9, 40, 714, 10, | |
| 1736 | 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, | |
| 1737 | 12, 12, 20, 23, 707, 19, 23, 29, 20, 11, | |
| 1738 | 23, 20, 20, 132, 21, 12, 132, 24, 83, 29, | |
| 1739 | 138, 21, 34, 83, 25, 28, 66, 11, 21, 20, | |
| 1740 | 23, 24, 25, 12, 29, 34, 11, 130, 130, 66, | |
| 1741 | 21, 21, 12, 24, 24, 83, 790, 28, 21, 34, | |
| 1742 | 25, 25, 28, 66, 30, 21, 22, 136, 24, 25, | |
| 1743 | ||
| 1744 | 22, 26, 30, 22, 26, 22, 22, 135, 30, 32, | |
| 1745 | 133, 26, 30, 26, 790, 32, 95, 37, 22, 37, | |
| 1746 | 30, 30, 31, 22, 26, 118, 31, 22, 26, 30, | |
| 1747 | 22, 26, 22, 22, 37, 30, 32, 35, 26, 30, | |
| 1748 | 26, 35, 31, 37, 37, 36, 37, 95, 31, 31, | |
| 1749 | 76, 35, 38, 31, 35, 36, 118, 38, 131, 36, | |
| 1750 | 36, 37, 129, 35, 35, 38, 68, 36, 35, 31, | |
| 1751 | 33, 75, 36, 76, 33, 137, 137, 76, 35, 38, | |
| 1752 | 33, 35, 36, 33, 38, 39, 36, 36, 62, 39, | |
| 1753 | 33, 80, 33, 39, 57, 75, 52, 33, 75, 51, | |
| 1754 | ||
| 1755 | 56, 33, 56, 56, 80, 56, 46, 33, 77, 41, | |
| 1756 | 33, 39, 39, 14, 144, 77, 39, 33, 80, 64, | |
| 1757 | 39, 64, 64, 67, 64, 67, 67, 69, 67, 69, | |
| 1758 | 69, 72, 69, 72, 72, 77, 72, 69, 78, 79, | |
| 1759 | 81, 72, 84, 82, 82, 144, 81, 86, 79, 89, | |
| 1760 | 84, 78, 82, 13, 91, 85, 64, 87, 89, 0, | |
| 1761 | 86, 81, 78, 88, 87, 78, 79, 81, 72, 84, | |
| 1762 | 82, 82, 85, 81, 86, 92, 89, 91, 78, 88, | |
| 1763 | 90, 91, 93, 0, 87, 0, 85, 0, 94, 90, | |
| 1764 | 88, 94, 96, 99, 97, 93, 99, 92, 100, 85, | |
| 1765 | ||
| 1766 | 96, 101, 92, 0, 94, 94, 98, 90, 107, 93, | |
| 1767 | 98, 100, 94, 103, 97, 94, 97, 107, 94, 96, | |
| 1768 | 99, 97, 102, 104, 101, 100, 0, 103, 101, 106, | |
| 1769 | 98, 94, 94, 98, 105, 107, 106, 98, 109, 108, | |
| 1770 | 103, 97, 102, 104, 112, 111, 0, 109, 105, 102, | |
| 1771 | 104, 110, 111, 113, 114, 110, 106, 115, 0, 116, | |
| 1772 | 113, 105, 108, 223, 119, 109, 108, 116, 114, 115, | |
| 1773 | 112, 112, 111, 110, 117, 154, 120, 122, 110, 119, | |
| 1774 | 113, 114, 110, 117, 115, 121, 116, 123, 122, 127, | |
| 1775 | 124, 119, 223, 123, 121, 126, 120, 125, 127, 128, | |
| 1776 | ||
| 1777 | 0, 117, 120, 120, 122, 0, 154, 0, 0, 142, | |
| 1778 | 126, 124, 121, 0, 123, 124, 127, 124, 0, 125, | |
| 1779 | 257, 128, 126, 120, 125, 134, 128, 134, 134, 139, | |
| 1780 | 134, 139, 139, 142, 139, 143, 142, 140, 124, 140, | |
| 1781 | 140, 145, 140, 147, 146, 149, 148, 257, 150, 151, | |
| 1782 | 0, 147, 149, 145, 151, 152, 159, 143, 148, 153, | |
| 1783 | 306, 306, 143, 146, 157, 160, 150, 155, 145, 0, | |
| 1784 | 147, 146, 149, 148, 140, 150, 158, 152, 159, 162, | |
| 1785 | 151, 151, 152, 159, 158, 153, 153, 160, 155, 306, | |
| 1786 | 157, 157, 160, 161, 0, 155, 163, 161, 164, 0, | |
| 1787 | ||
| 1788 | 165, 167, 162, 158, 166, 0, 162, 166, 168, 173, | |
| 1789 | 167, 164, 165, 0, 169, 155, 156, 171, 163, 166, | |
| 1790 | 161, 156, 0, 163, 171, 164, 156, 165, 167, 0, | |
| 1791 | 168, 166, 156, 156, 166, 168, 169, 170, 172, 156, | |
| 1792 | 173, 169, 170, 156, 171, 174, 176, 175, 156, 172, | |
| 1793 | 179, 0, 177, 156, 0, 178, 170, 175, 180, 156, | |
| 1794 | 156, 178, 181, 170, 170, 172, 182, 183, 185, 170, | |
| 1795 | 177, 174, 174, 189, 184, 187, 190, 176, 175, 177, | |
| 1796 | 180, 179, 178, 170, 175, 180, 191, 183, 184, 185, | |
| 1797 | 190, 186, 189, 181, 183, 185, 187, 182, 186, 188, | |
| 1798 | ||
| 1799 | 189, 184, 187, 190, 188, 192, 194, 193, 191, 197, | |
| 1800 | 195, 196, 196, 191, 193, 195, 198, 192, 186, 199, | |
| 1801 | 196, 200, 201, 198, 204, 205, 188, 202, 194, 206, | |
| 1802 | 203, 0, 192, 194, 193, 202, 0, 195, 196, 196, | |
| 1803 | 197, 200, 207, 198, 199, 203, 199, 205, 200, 209, | |
| 1804 | 204, 204, 211, 201, 202, 210, 205, 203, 208, 207, | |
| 1805 | 206, 212, 208, 210, 209, 214, 213, 207, 215, 207, | |
| 1806 | 217, 211, 216, 221, 205, 218, 209, 220, 0, 211, | |
| 1807 | 215, 216, 210, 217, 222, 208, 207, 219, 213, 219, | |
| 1808 | 224, 231, 212, 213, 218, 215, 214, 217, 221, 216, | |
| 1809 | ||
| 1810 | 221, 220, 218, 225, 220, 229, 233, 226, 227, 228, | |
| 1811 | 222, 222, 232, 230, 219, 234, 224, 224, 226, 236, | |
| 1812 | 227, 235, 231, 0, 0, 232, 0, 242, 229, 225, | |
| 1813 | 225, 230, 229, 228, 226, 227, 228, 233, 237, 232, | |
| 1814 | 230, 234, 234, 235, 238, 237, 239, 240, 235, 241, | |
| 1815 | 236, 242, 239, 238, 242, 243, 244, 245, 246, 248, | |
| 1816 | 0, 240, 247, 0, 243, 237, 245, 246, 249, 0, | |
| 1817 | 251, 238, 250, 239, 240, 241, 241, 247, 251, 244, | |
| 1818 | 252, 251, 243, 244, 245, 246, 255, 250, 251, 247, | |
| 1819 | 248, 258, 249, 261, 253, 249, 254, 251, 252, 250, | |
| 1820 | ||
| 1821 | 253, 255, 256, 256, 262, 251, 259, 252, 251, 259, | |
| 1822 | 254, 261, 260, 255, 263, 258, 259, 265, 258, 268, | |
| 1823 | 261, 253, 262, 254, 260, 264, 266, 256, 267, 256, | |
| 1824 | 256, 262, 270, 259, 268, 269, 259, 272, 266, 260, | |
| 1825 | 0, 263, 269, 265, 265, 0, 268, 264, 274, 271, | |
| 1826 | 267, 278, 264, 266, 276, 267, 271, 277, 273, 272, | |
| 1827 | 273, 274, 269, 270, 272, 0, 275, 280, 281, 275, | |
| 1828 | 0, 275, 276, 278, 280, 274, 271, 275, 278, 282, | |
| 1829 | 281, 276, 273, 279, 283, 273, 284, 273, 277, 286, | |
| 1830 | 0, 279, 282, 275, 280, 281, 275, 279, 275, 284, | |
| 1831 | ||
| 1832 | 283, 286, 293, 287, 290, 288, 282, 291, 283, 288, | |
| 1833 | 279, 283, 290, 284, 0, 0, 286, 289, 279, 291, | |
| 1834 | 294, 287, 0, 289, 294, 292, 0, 283, 285, 285, | |
| 1835 | 287, 290, 292, 293, 291, 297, 288, 296, 285, 295, | |
| 1836 | 285, 285, 285, 299, 289, 285, 295, 294, 298, 296, | |
| 1837 | 302, 300, 292, 285, 303, 285, 285, 297, 300, 304, | |
| 1838 | 298, 301, 297, 302, 296, 285, 295, 285, 285, 285, | |
| 1839 | 304, 305, 285, 307, 299, 298, 301, 302, 300, 308, | |
| 1840 | 307, 309, 310, 0, 312, 303, 304, 311, 301, 315, | |
| 1841 | 308, 318, 309, 305, 313, 310, 314, 316, 305, 319, | |
| 1842 | ||
| 1843 | 307, 317, 315, 321, 0, 314, 308, 312, 309, 310, | |
| 1844 | 316, 312, 311, 318, 311, 316, 315, 313, 318, 317, | |
| 1845 | 320, 313, 319, 314, 316, 322, 319, 323, 317, 325, | |
| 1846 | 324, 322, 326, 327, 321, 328, 330, 316, 320, 329, | |
| 1847 | 0, 331, 0, 333, 332, 351, 335, 320, 323, 328, | |
| 1848 | 332, 325, 322, 324, 323, 327, 325, 324, 326, 326, | |
| 1849 | 327, 333, 328, 334, 331, 329, 329, 330, 331, 335, | |
| 1850 | 333, 332, 336, 335, 337, 338, 351, 339, 334, 341, | |
| 1851 | 342, 338, 344, 0, 345, 348, 342, 348, 0, 343, | |
| 1852 | 334, 345, 355, 0, 348, 346, 337, 353, 336, 336, | |
| 1853 | ||
| 1854 | 344, 337, 338, 339, 339, 341, 341, 342, 343, 344, | |
| 1855 | 346, 345, 348, 349, 348, 350, 343, 352, 354, 353, | |
| 1856 | 349, 356, 346, 355, 353, 0, 357, 358, 350, 360, | |
| 1857 | 0, 357, 359, 358, 0, 352, 361, 354, 362, 363, | |
| 1858 | 349, 360, 350, 356, 352, 354, 0, 363, 383, 362, | |
| 1859 | 365, 0, 356, 357, 358, 359, 360, 365, 361, 359, | |
| 1860 | 366, 367, 0, 361, 368, 362, 363, 369, 366, 383, | |
| 1861 | 356, 364, 367, 368, 370, 383, 364, 365, 364, 0, | |
| 1862 | 371, 370, 372, 0, 372, 373, 364, 366, 367, 364, | |
| 1863 | 374, 369, 376, 375, 369, 368, 364, 364, 364, 0, | |
| 1864 | ||
| 1865 | 368, 370, 374, 364, 376, 364, 371, 371, 375, 372, | |
| 1866 | 377, 373, 373, 364, 379, 380, 364, 374, 377, 376, | |
| 1867 | 375, 378, 381, 364, 385, 386, 378, 382, 387, 0, | |
| 1868 | 381, 388, 389, 380, 390, 391, 379, 377, 393, 382, | |
| 1869 | 388, 379, 380, 387, 395, 392, 389, 385, 378, 381, | |
| 1870 | 394, 385, 396, 390, 382, 387, 386, 398, 388, 389, | |
| 1871 | 392, 390, 391, 397, 396, 394, 402, 399, 395, 393, | |
| 1872 | 399, 395, 392, 401, 403, 404, 400, 394, 399, 396, | |
| 1873 | 400, 398, 405, 406, 398, 397, 407, 401, 410, 408, | |
| 1874 | 397, 409, 412, 402, 399, 408, 410, 399, 411, 413, | |
| 1875 | ||
| 1876 | 401, 403, 414, 416, 415, 417, 404, 400, 0, 405, | |
| 1877 | 406, 415, 425, 409, 421, 410, 408, 407, 409, 420, | |
| 1878 | 418, 411, 413, 412, 414, 411, 413, 417, 420, 414, | |
| 1879 | 419, 415, 417, 418, 416, 419, 422, 423, 424, 419, | |
| 1880 | 421, 421, 426, 425, 427, 422, 420, 418, 429, 0, | |
| 1881 | 428, 424, 430, 431, 419, 435, 432, 419, 0, 423, | |
| 1882 | 426, 436, 419, 422, 423, 424, 419, 431, 427, 426, | |
| 1883 | 429, 427, 428, 428, 430, 429, 433, 428, 432, 430, | |
| 1884 | 431, 434, 436, 432, 439, 437, 435, 433, 436, 438, | |
| 1885 | 442, 440, 441, 443, 444, 446, 434, 447, 0, 428, | |
| 1886 | ||
| 1887 | 440, 447, 445, 433, 450, 441, 439, 0, 434, 437, | |
| 1888 | 448, 439, 437, 438, 0, 443, 438, 446, 440, 441, | |
| 1889 | 443, 442, 446, 452, 448, 444, 445, 449, 447, 445, | |
| 1890 | 451, 453, 454, 458, 455, 450, 454, 448, 452, 457, | |
| 1891 | 459, 449, 458, 456, 460, 462, 0, 452, 451, 459, | |
| 1892 | 452, 456, 460, 453, 449, 461, 463, 451, 453, 455, | |
| 1893 | 458, 455, 461, 454, 457, 452, 457, 459, 462, 464, | |
| 1894 | 456, 460, 462, 471, 463, 465, 467, 466, 468, 469, | |
| 1895 | 0, 464, 461, 463, 465, 466, 470, 469, 467, 472, | |
| 1896 | 475, 473, 474, 479, 470, 0, 464, 476, 0, 471, | |
| 1897 | ||
| 1898 | 471, 475, 465, 467, 466, 476, 469, 473, 477, 468, | |
| 1899 | 478, 480, 472, 470, 474, 479, 472, 475, 473, 474, | |
| 1900 | 479, 481, 477, 482, 476, 483, 484, 486, 0, 485, | |
| 1901 | 478, 480, 490, 487, 483, 477, 488, 478, 480, 495, | |
| 1902 | 486, 489, 0, 481, 493, 482, 484, 485, 481, 492, | |
| 1903 | 482, 487, 483, 484, 486, 490, 485, 492, 488, 490, | |
| 1904 | 487, 491, 493, 488, 497, 489, 496, 491, 489, 499, | |
| 1905 | 495, 493, 500, 496, 498, 492, 492, 502, 499, 501, | |
| 1906 | 503, 0, 503, 506, 492, 516, 502, 497, 491, 498, | |
| 1907 | 509, 497, 513, 496, 0, 506, 499, 515, 501, 518, | |
| 1908 | ||
| 1909 | 509, 498, 512, 500, 502, 514, 501, 503, 504, 519, | |
| 1910 | 506, 0, 504, 513, 521, 504, 516, 509, 519, 513, | |
| 1911 | 512, 518, 504, 515, 515, 504, 518, 0, 514, 512, | |
| 1912 | 504, 520, 514, 520, 522, 504, 519, 541, 521, 504, | |
| 1913 | 523, 521, 504, 0, 0, 0, 524, 0, 526, 504, | |
| 1914 | 525, 530, 504, 517, 517, 0, 517, 0, 520, 517, | |
| 1915 | 523, 522, 525, 527, 517, 528, 529, 523, 541, 0, | |
| 1916 | 517, 517, 524, 524, 526, 526, 530, 525, 530, 517, | |
| 1917 | 517, 517, 535, 517, 534, 527, 517, 531, 529, 528, | |
| 1918 | 527, 517, 528, 529, 532, 531, 533, 517, 517, 540, | |
| 1919 | ||
| 1920 | 536, 532, 537, 534, 533, 542, 539, 538, 535, 535, | |
| 1921 | 0, 534, 536, 543, 531, 537, 538, 544, 0, 551, | |
| 1922 | 545, 532, 546, 533, 0, 554, 540, 536, 539, 537, | |
| 1923 | 548, 0, 552, 539, 538, 549, 542, 543, 544, 545, | |
| 1924 | 543, 546, 547, 557, 544, 550, 551, 545, 553, 546, | |
| 1925 | 552, 547, 548, 550, 561, 549, 554, 548, 555, 552, | |
| 1926 | 558, 557, 549, 560, 559, 562, 555, 553, 563, 547, | |
| 1927 | 557, 563, 550, 566, 564, 553, 560, 562, 558, 566, | |
| 1928 | 561, 561, 564, 567, 0, 555, 580, 558, 559, 569, | |
| 1929 | 560, 559, 562, 568, 572, 563, 569, 570, 564, 568, | |
| 1930 | ||
| 1931 | 566, 564, 570, 573, 571, 567, 574, 576, 577, 564, | |
| 1932 | 567, 571, 572, 580, 575, 574, 569, 579, 583, 578, | |
| 1933 | 568, 572, 575, 577, 570, 576, 573, 582, 584, 581, | |
| 1934 | 573, 571, 578, 574, 576, 577, 581, 585, 579, 586, | |
| 1935 | 582, 575, 587, 588, 579, 589, 578, 586, 590, 583, | |
| 1936 | 591, 589, 592, 593, 582, 595, 581, 587, 597, 584, | |
| 1937 | 585, 596, 593, 594, 585, 588, 586, 599, 596, 587, | |
| 1938 | 588, 600, 589, 598, 590, 590, 592, 594, 601, 592, | |
| 1939 | 593, 591, 598, 600, 602, 597, 595, 607, 596, 604, | |
| 1940 | 594, 0, 602, 603, 599, 608, 603, 605, 600, 613, | |
| 1941 | ||
| 1942 | 598, 601, 604, 609, 605, 601, 0, 610, 0, 610, | |
| 1943 | 614, 602, 611, 607, 607, 609, 604, 612, 608, 615, | |
| 1944 | 603, 613, 608, 614, 605, 606, 613, 606, 616, 612, | |
| 1945 | 609, 606, 615, 606, 610, 611, 617, 614, 606, 611, | |
| 1946 | 618, 621, 619, 606, 612, 624, 615, 621, 617, 606, | |
| 1947 | 618, 616, 606, 620, 606, 616, 625, 623, 606, 622, | |
| 1948 | 606, 0, 618, 617, 619, 606, 620, 618, 621, 619, | |
| 1949 | 606, 628, 622, 627, 630, 632, 624, 618, 623, 636, | |
| 1950 | 620, 631, 629, 625, 623, 639, 622, 626, 627, 630, | |
| 1951 | 634, 633, 626, 628, 626, 629, 635, 632, 628, 637, | |
| 1952 | ||
| 1953 | 627, 630, 632, 634, 635, 626, 636, 631, 631, 629, | |
| 1954 | 633, 640, 626, 626, 626, 642, 639, 634, 633, 626, | |
| 1955 | 641, 626, 637, 635, 643, 645, 637, 644, 641, 642, | |
| 1956 | 646, 0, 626, 645, 647, 640, 649, 650, 640, 626, | |
| 1957 | 648, 655, 642, 651, 649, 647, 0, 641, 646, 644, | |
| 1958 | 651, 0, 645, 652, 644, 643, 654, 646, 648, 650, | |
| 1959 | 657, 647, 653, 649, 650, 659, 652, 648, 657, 653, | |
| 1960 | 651, 660, 655, 658, 654, 661, 663, 659, 664, 662, | |
| 1961 | 652, 665, 658, 654, 671, 0, 669, 657, 668, 653, | |
| 1962 | 669, 0, 659, 660, 663, 666, 676, 661, 660, 668, | |
| 1963 | ||
| 1964 | 658, 662, 661, 663, 664, 664, 662, 670, 671, 666, | |
| 1965 | 670, 671, 665, 672, 673, 668, 674, 669, 675, 684, | |
| 1966 | 676, 673, 666, 676, 677, 675, 672, 678, 674, 681, | |
| 1967 | 677, 679, 0, 670, 670, 680, 682, 670, 678, 683, | |
| 1968 | 672, 673, 0, 674, 687, 675, 684, 682, 0, 685, | |
| 1969 | 681, 677, 686, 679, 678, 688, 681, 680, 679, 692, | |
| 1970 | 683, 686, 680, 682, 688, 689, 683, 685, 687, 691, | |
| 1971 | 690, 687, 693, 689, 697, 696, 685, 690, 694, 686, | |
| 1972 | 699, 700, 688, 691, 696, 701, 703, 698, 0, 0, | |
| 1973 | 692, 0, 689, 0, 693, 699, 691, 690, 697, 693, | |
| 1974 | ||
| 1975 | 694, 697, 696, 698, 706, 694, 702, 699, 705, 704, | |
| 1976 | 709, 708, 700, 703, 698, 710, 701, 704, 702, 706, | |
| 1977 | 708, 705, 711, 710, 711, 717, 713, 715, 709, 716, | |
| 1978 | 718, 706, 717, 702, 713, 705, 704, 709, 708, 719, | |
| 1979 | 715, 716, 710, 0, 720, 721, 722, 723, 727, 711, | |
| 1980 | 0, 725, 717, 713, 715, 724, 716, 726, 730, 722, | |
| 1981 | 723, 718, 733, 725, 728, 726, 720, 721, 727, 0, | |
| 1982 | 719, 720, 721, 722, 723, 727, 728, 724, 725, 729, | |
| 1983 | 731, 732, 724, 733, 726, 730, 735, 729, 734, 733, | |
| 1984 | 732, 728, 736, 731, 739, 734, 737, 738, 742, 741, | |
| 1985 | ||
| 1986 | 740, 0, 0, 743, 762, 0, 729, 731, 732, 740, | |
| 1987 | 738, 743, 735, 735, 736, 734, 737, 741, 739, 736, | |
| 1988 | 742, 739, 744, 737, 738, 742, 741, 740, 745, 747, | |
| 1989 | 743, 749, 748, 750, 751, 762, 745, 752, 753, 754, | |
| 1990 | 0, 750, 755, 749, 744, 756, 751, 754, 755, 744, | |
| 1991 | 748, 758, 747, 753, 756, 745, 747, 752, 749, 748, | |
| 1992 | 750, 751, 757, 758, 752, 753, 754, 759, 760, 755, | |
| 1993 | 765, 763, 756, 764, 759, 767, 768, 765, 758, 766, | |
| 1994 | 768, 0, 771, 757, 763, 769, 760, 773, 774, 757, | |
| 1995 | 767, 770, 764, 769, 759, 760, 772, 765, 763, 775, | |
| 1996 | ||
| 1997 | 764, 766, 767, 777, 770, 773, 766, 768, 771, 771, | |
| 1998 | 772, 776, 769, 778, 773, 779, 780, 781, 770, 774, | |
| 1999 | 783, 777, 784, 772, 782, 775, 775, 785, 786, 783, | |
| 2000 | 777, 0, 0, 776, 780, 778, 787, 782, 776, 781, | |
| 2001 | 778, 779, 779, 780, 781, 791, 0, 783, 0, 796, | |
| 2002 | 786, 782, 789, 784, 793, 786, 794, 795, 785, 787, | |
| 2003 | 0, 791, 805, 787, 788, 807, 795, 796, 794, 788, | |
| 2004 | 797, 788, 791, 788, 797, 788, 796, 793, 789, 789, | |
| 2005 | 798, 793, 788, 794, 795, 800, 799, 802, 803, 805, | |
| 2006 | 801, 788, 807, 798, 799, 809, 788, 803, 788, 806, | |
| 2007 | ||
| 2008 | 788, 797, 788, 801, 800, 802, 804, 798, 804, 810, | |
| 2009 | 811, 806, 800, 799, 802, 803, 812, 801, 811, 809, | |
| 2010 | 813, 814, 809, 815, 816, 817, 806, 813, 818, 0, | |
| 2011 | 816, 810, 819, 804, 820, 818, 810, 811, 821, 827, | |
| 2012 | 822, 824, 828, 812, 825, 815, 830, 813, 814, 823, | |
| 2013 | 815, 816, 817, 820, 819, 818, 829, 831, 823, 819, | |
| 2014 | 821, 820, 824, 833, 825, 821, 822, 822, 824, 834, | |
| 2015 | 827, 825, 832, 828, 835, 831, 823, 830, 829, 833, | |
| 2016 | 832, 835, 836, 829, 831, 838, 840, 837, 841, 836, | |
| 2017 | 833, 837, 839, 840, 843, 842, 834, 848, 839, 832, | |
| 2018 | ||
| 2019 | 844, 835, 846, 841, 842, 839, 845, 844, 845, 836, | |
| 2020 | 847, 846, 850, 840, 837, 841, 838, 854, 856, 839, | |
| 2021 | 843, 843, 842, 852, 848, 839, 849, 844, 855, 846, | |
| 2022 | 849, 852, 847, 845, 850, 854, 853, 847, 857, 850, | |
| 2023 | 853, 858, 0, 856, 854, 856, 859, 855, 860, 861, | |
| 2024 | 852, 857, 863, 849, 865, 855, 864, 861, 862, 862, | |
| 2025 | 869, 863, 0, 865, 860, 857, 867, 853, 869, 859, | |
| 2026 | 866, 868, 858, 859, 872, 860, 861, 866, 864, 863, | |
| 2027 | 868, 865, 871, 864, 870, 862, 872, 869, 873, 867, | |
| 2028 | 875, 877, 879, 867, 874, 871, 876, 866, 868, 870, | |
| 2029 | ||
| 2030 | 873, 872, 874, 881, 883, 878, 884, 885, 880, 871, | |
| 2031 | 879, 870, 875, 877, 878, 873, 876, 875, 877, 879, | |
| 2032 | 880, 874, 882, 876, 881, 886, 883, 887, 882, 889, | |
| 2033 | 881, 883, 878, 891, 890, 880, 892, 884, 885, 894, | |
| 2034 | 895, 896, 891, 897, 895, 896, 893, 894, 903, 882, | |
| 2035 | 897, 886, 886, 887, 887, 0, 889, 890, 892, 893, | |
| 2036 | 891, 890, 902, 892, 900, 900, 894, 898, 899, 901, | |
| 2037 | 897, 895, 896, 893, 904, 898, 899, 901, 905, 903, | |
| 2038 | 906, 909, 904, 902, 907, 908, 905, 909, 906, 902, | |
| 2039 | 910, 900, 907, 911, 898, 899, 901, 912, 908, 913, | |
| 2040 | ||
| 2041 | 914, 904, 910, 915, 917, 905, 916, 906, 909, 919, | |
| 2042 | 918, 907, 908, 923, 913, 922, 925, 910, 917, 911, | |
| 2043 | 911, 912, 922, 919, 912, 915, 913, 914, 918, 916, | |
| 2044 | 915, 917, 928, 916, 920, 924, 919, 918, 920, 925, | |
| 2045 | 923, 926, 922, 925, 930, 927, 934, 932, 0, 933, | |
| 2046 | 926, 920, 927, 930, 936, 938, 939, 924, 943, 920, | |
| 2047 | 941, 920, 924, 928, 942, 920, 945, 939, 926, 932, | |
| 2048 | 943, 930, 927, 946, 932, 933, 933, 934, 920, 945, | |
| 2049 | 947, 936, 938, 939, 941, 943, 944, 941, 944, 948, | |
| 2050 | 942, 942, 947, 945, 949, 946, 950, 951, 952, 0, | |
| 2051 | ||
| 2052 | 946, 949, 951, 953, 954, 955, 957, 947, 958, 0, | |
| 2053 | 960, 964, 954, 944, 952, 959, 948, 958, 961, 0, | |
| 2054 | 0, 949, 950, 950, 951, 952, 953, 955, 959, 964, | |
| 2055 | 953, 954, 955, 957, 962, 958, 960, 960, 964, 963, | |
| 2056 | 961, 962, 959, 965, 966, 961, 963, 969, 968, 970, | |
| 2057 | 965, 967, 0, 0, 969, 972, 973, 974, 0, 977, | |
| 2058 | 975, 962, 977, 978, 982, 974, 963, 0, 972, 966, | |
| 2059 | 965, 966, 983, 967, 969, 985, 979, 987, 967, 968, | |
| 2060 | 970, 975, 972, 973, 974, 980, 977, 975, 984, 978, | |
| 2061 | 978, 979, 980, 981, 983, 982, 981, 985, 986, 983, | |
| 2062 | ||
| 2063 | 986, 987, 985, 979, 987, 988, 984, 989, 981, 0, | |
| 2064 | 990, 992, 980, 991, 993, 984, 995, 981, 992, 990, | |
| 2065 | 981, 991, 994, 981, 996, 986, 997, 998, 996, 1003, | |
| 2066 | 999, 1006, 1000, 989, 989, 981, 988, 990, 992, 1001, | |
| 2067 | 991, 1000, 1003, 1002, 994, 993, 1001, 995, 997, 994, | |
| 2068 | 1002, 996, 999, 997, 998, 1005, 1003, 999, 1004, 1000, | |
| 2069 | 1007, 1008, 1006, 1009, 1012, 1010, 1001, 1007, 1008, 1005, | |
| 2070 | 1002, 1010, 1013, 1004, 1014, 1015, 1009, 1021, 1016, 1021, | |
| 2071 | 1022, 1016, 1005, 1030, 1024, 1004, 1014, 1007, 1008, 1017, | |
| 2072 | 1009, 1012, 1010, 1023, 1013, 1015, 1016, 1026, 1019, 1013, | |
| 2073 | ||
| 2074 | 1017, 1014, 1015, 1019, 1021, 1016, 1024, 1022, 1016, 1029, | |
| 2075 | 1019, 1024, 1025, 1027, 1030, 1026, 1017, 1023, 1031, 1028, | |
| 2076 | 1023, 1027, 1028, 1025, 1026, 1019, 1032, 1029, 1033, 1034, | |
| 2077 | 1019, 1035, 1036, 1032, 1041, 1037, 1029, 1028, 1034, 1025, | |
| 2078 | 1027, 1049, 1033, 1036, 1035, 1031, 1028, 0, 1040, 1028, | |
| 2079 | 1037, 1043, 1039, 1032, 1039, 1033, 1034, 1040, 1035, 1036, | |
| 2080 | 1041, 1041, 1037, 1042, 1044, 1052, 1045, 1046, 1047, 1043, | |
| 2081 | 1046, 0, 1049, 1050, 1042, 1040, 1051, 1047, 1043, 1039, | |
| 2082 | 1045, 1053, 1050, 1055, 0, 1046, 1044, 1065, 0, 0, | |
| 2083 | 1042, 1044, 1045, 1045, 1046, 1047, 1052, 1046, 1051, 1054, | |
| 2084 | ||
| 2085 | 1050, 1056, 1053, 1051, 1060, 1057, 1054, 1045, 1053, 1062, | |
| 2086 | 1063, 1057, 1060, 1064, 1055, 1056, 1061, 1069, 1065, 1063, | |
| 2087 | 1071, 1064, 1066, 1062, 1069, 1067, 1054, 1070, 1056, 1057, | |
| 2088 | 1074, 1060, 1057, 1066, 1067, 1061, 1062, 1063, 1057, 1072, | |
| 2089 | 1064, 1073, 1071, 1061, 1069, 1078, 1077, 1071, 1074, 1066, | |
| 2090 | 1070, 1075, 1067, 1084, 1070, 1075, 1079, 1074, 1077, 1080, | |
| 2091 | 1081, 1072, 1082, 1073, 1087, 1085, 1072, 1086, 1073, 1079, | |
| 2092 | 1088, 1089, 1078, 1077, 1083, 1081, 1086, 1082, 1075, 1080, | |
| 2093 | 1085, 1090, 1083, 1079, 1084, 1087, 1080, 1081, 1092, 1082, | |
| 2094 | 1094, 1087, 1085, 1093, 1086, 1089, 1096, 1088, 1089, 1095, | |
| 2095 | ||
| 2096 | 1099, 1083, 1100, 1097, 1098, 1104, 1102, 1105, 1090, 0, | |
| 2097 | 1092, 1093, 1099, 1102, 1095, 1092, 1103, 1094, 1096, 1098, | |
| 2098 | 1093, 1097, 1101, 1096, 1100, 1109, 1095, 1099, 1103, 1100, | |
| 2099 | 1097, 1098, 1104, 1102, 1108, 1101, 1106, 1107, 1105, 1110, | |
| 2100 | 1101, 1108, 1106, 1103, 1111, 1107, 1110, 1112, 1113, 1101, | |
| 2101 | 1114, 1115, 1109, 1112, 1116, 1118, 1119, 1120, 1121, 1124, | |
| 2102 | 1121, 1108, 1101, 1106, 1107, 1119, 1110, 1122, 0, 1123, | |
| 2103 | 1128, 1111, 1126, 1114, 1112, 1113, 1131, 1114, 1116, 1126, | |
| 2104 | 1127, 1116, 1115, 1119, 1133, 1121, 1118, 1127, 1120, 1131, | |
| 2105 | 1124, 1125, 1125, 1125, 1122, 1123, 1123, 1129, 1125, 1126, | |
| 2106 | ||
| 2107 | 1135, 1128, 1132, 1131, 1129, 1136, 1125, 1127, 1132, 1134, | |
| 2108 | 1134, 1133, 1136, 1138, 1139, 1141, 1137, 1142, 1125, 1125, | |
| 2109 | 1125, 1137, 1143, 1152, 1129, 1125, 1135, 1135, 1144, 1132, | |
| 2110 | 1146, 1146, 1136, 1141, 1143, 1145, 1134, 1147, 1151, 1138, | |
| 2111 | 1138, 1139, 1141, 1137, 1142, 1148, 1148, 1149, 1144, 1143, | |
| 2112 | 1154, 1155, 1153, 1145, 1152, 1144, 1156, 1146, 1149, 1153, | |
| 2113 | 1151, 1157, 1145, 1147, 1147, 1151, 1159, 1158, 1160, 0, | |
| 2114 | 1154, 1162, 1148, 1161, 1149, 1160, 1164, 1154, 1163, 1153, | |
| 2115 | 1166, 1161, 1155, 1179, 1159, 1164, 1162, 1156, 1157, 1158, | |
| 2116 | 1165, 1165, 1167, 1159, 1158, 1160, 1169, 1170, 1162, 1173, | |
| 2117 | ||
| 2118 | 1161, 1168, 1163, 1164, 1167, 1163, 1166, 1166, 1169, 1168, | |
| 2119 | 1171, 1172, 1175, 1180, 1179, 1182, 1174, 1165, 1178, 1167, | |
| 2120 | 1170, 1174, 1177, 1169, 1170, 1178, 1173, 1176, 1168, 1172, | |
| 2121 | 1181, 1171, 1174, 1176, 1181, 1177, 1184, 1171, 1172, 1175, | |
| 2122 | 1180, 1183, 1183, 1174, 1185, 1178, 1182, 1186, 1174, 1177, | |
| 2123 | 1187, 1184, 1188, 1189, 1176, 1189, 1190, 1192, 1195, 1191, | |
| 2124 | 0, 1181, 1186, 1184, 1191, 1196, 1193, 1188, 1183, 1197, | |
| 2125 | 1198, 1199, 1201, 1187, 1186, 1185, 1207, 1187, 1199, 1188, | |
| 2126 | 1189, 1193, 1195, 1200, 1202, 1195, 1191, 1190, 1192, 1203, | |
| 2127 | 1205, 1196, 1196, 1193, 1201, 1211, 1197, 1198, 1199, 1201, | |
| 2128 | ||
| 2129 | 1207, 1213, 1212, 1207, 1200, 1202, 1208, 1203, 1210, 1212, | |
| 2130 | 1200, 1202, 1205, 1216, 1219, 1214, 1203, 1205, 1215, 1213, | |
| 2131 | 1218, 1208, 1211, 1210, 1214, 1217, 1215, 1219, 1213, 1212, | |
| 2132 | 1222, 0, 1221, 1208, 1226, 1210, 1216, 1223, 1224, 1222, | |
| 2133 | 1216, 1219, 1214, 1221, 1232, 1215, 0, 1217, 0, 1228, | |
| 2134 | 1230, 1218, 1217, 1231, 1235, 1223, 1224, 1222, 1221, 1221, | |
| 2135 | 1228, 1226, 1230, 1233, 1223, 1224, 1231, 1234, 1236, 1238, | |
| 2136 | 1221, 1239, 1243, 1233, 1240, 1232, 1228, 1230, 1239, 1235, | |
| 2137 | 1231, 1235, 1242, 0, 1241, 1246, 1246, 1243, 1242, 1238, | |
| 2138 | 1233, 1244, 1245, 1234, 1234, 1236, 1238, 1248, 1239, 1243, | |
| 2139 | ||
| 2140 | 1240, 1240, 1241, 1247, 1248, 1251, 1244, 1245, 1252, 1242, | |
| 2141 | 1249, 1241, 1246, 1253, 1254, 1247, 0, 1249, 1244, 1245, | |
| 2142 | 1257, 1259, 1253, 1255, 1248, 1260, 1268, 1251, 1261, 1261, | |
| 2143 | 1247, 1262, 1251, 1252, 1259, 1252, 1254, 1249, 1257, 1263, | |
| 2144 | 1253, 1254, 1266, 1255, 1271, 1264, 1265, 1257, 1259, 1267, | |
| 2145 | 1255, 1266, 1260, 1262, 1279, 1261, 1267, 1268, 1262, 1269, | |
| 2146 | 1270, 1275, 1273, 1271, 1263, 1274, 1263, 1264, 1265, 1266, | |
| 2147 | 1273, 1271, 1264, 1265, 1270, 1276, 1267, 1278, 1274, 1277, | |
| 2148 | 0, 1269, 1281, 1280, 1278, 1279, 1269, 1270, 1275, 1273, | |
| 2149 | 1284, 1277, 1274, 1282, 1283, 1285, 1286, 1283, 1287, 0, | |
| 2150 | ||
| 2151 | 0, 1276, 1276, 0, 1278, 1280, 1277, 1281, 1282, 1281, | |
| 2152 | 1280, 1289, 1283, 1287, 1286, 1284, 1292, 1284, 1290, 1293, | |
| 2153 | 1282, 1283, 1285, 1286, 1283, 1287, 1293, 1294, 1295, 1297, | |
| 2154 | 1292, 1299, 1300, 1289, 1303, 1301, 1294, 1301, 1289, 1295, | |
| 2155 | 1290, 1305, 1302, 1292, 1300, 1290, 1293, 1304, 1307, 1306, | |
| 2156 | 1297, 1308, 1299, 1309, 1294, 1295, 1297, 1306, 1299, 1300, | |
| 2157 | 1302, 1303, 1301, 1311, 1315, 1304, 1310, 1309, 1305, 1302, | |
| 2158 | 1310, 1307, 1312, 1308, 1304, 1307, 1306, 1316, 1308, 1312, | |
| 2159 | 1309, 1317, 1311, 1318, 1320, 1319, 1321, 0, 1323, 0, | |
| 2160 | 1311, 1315, 1322, 1320, 1325, 1316, 1325, 1310, 1326, 1312, | |
| 2161 | ||
| 2162 | 1319, 1327, 1329, 1332, 1316, 1327, 1328, 1330, 1317, 1318, | |
| 2163 | 1318, 1320, 1319, 1333, 1322, 1323, 1330, 1321, 1328, 1322, | |
| 2164 | 1326, 1325, 1335, 1334, 1329, 1326, 1331, 1344, 1327, 1329, | |
| 2165 | 1332, 1336, 1336, 1328, 1330, 1334, 1333, 1331, 1337, 1339, | |
| 2166 | 1333, 1340, 1344, 1347, 1335, 1340, 1337, 1339, 1341, 1335, | |
| 2167 | 1334, 1341, 1342, 1331, 1344, 1343, 1345, 1348, 1336, 1349, | |
| 2168 | 1342, 1343, 1345, 1350, 1351, 1337, 1339, 1352, 1340, 1353, | |
| 2169 | 1347, 1354, 1357, 1349, 1356, 1341, 1350, 1355, 1351, 1342, | |
| 2170 | 1358, 1348, 1343, 1345, 1348, 1359, 1349, 1360, 1356, 1355, | |
| 2171 | 1350, 1351, 1361, 1352, 1352, 1360, 1353, 1362, 1354, 1357, | |
| 2172 | ||
| 2173 | 1363, 1356, 1364, 1365, 1355, 1368, 1362, 1358, 1369, 1367, | |
| 2174 | 1370, 1365, 1359, 1371, 1360, 1373, 1369, 1372, 1375, 1361, | |
| 2175 | 1376, 1377, 1371, 1379, 1362, 0, 1374, 1363, 1376, 1364, | |
| 2176 | 1365, 1367, 1368, 1377, 1383, 1369, 1367, 1370, 1372, 1373, | |
| 2177 | 1371, 1374, 1373, 1378, 1372, 1375, 1383, 1376, 1377, 1381, | |
| 2178 | 1379, 1378, 1374, 1374, 1382, 1384, 1381, 1385, 1382, 1386, | |
| 2179 | 1387, 1383, 1388, 1388, 1389, 1390, 0, 1386, 1374, 1396, | |
| 2180 | 1378, 1393, 1394, 1392, 1394, 1396, 1381, 1403, 1384, 1397, | |
| 2181 | 1395, 1382, 1384, 1390, 1385, 1399, 1386, 1387, 1392, 1388, | |
| 2182 | 1389, 1389, 1390, 1393, 1395, 1398, 1396, 1399, 1393, 1394, | |
| 2183 | ||
| 2184 | 1392, 1397, 1400, 1401, 1404, 1402, 1397, 1395, 1403, 1406, | |
| 2185 | 1408, 1410, 1399, 1409, 0, 0, 1406, 1398, 1402, 1417, | |
| 2186 | 1400, 1401, 1398, 1414, 0, 1411, 1415, 1404, 1408, 1400, | |
| 2187 | 1401, 1404, 1402, 1411, 1417, 1414, 1406, 1408, 1419, 1409, | |
| 2188 | 1409, 1412, 1410, 1412, 1415, 1420, 1417, 1421, 1412, 1422, | |
| 2189 | 1414, 1411, 1411, 1415, 1421, 1423, 1425, 1433, 1426, 1435, | |
| 2190 | 1411, 1427, 1419, 1428, 1422, 1419, 1429, 1420, 1412, 1430, | |
| 2191 | 1412, 1426, 1420, 1431, 1421, 1436, 1422, 1430, 1428, 1429, | |
| 2192 | 1433, 1434, 1423, 1425, 1433, 1426, 1435, 1427, 1427, 1443, | |
| 2193 | 1428, 1437, 1440, 1429, 1438, 1442, 1430, 1436, 1437, 1431, | |
| 2194 | ||
| 2195 | 1431, 1438, 1436, 1439, 1441, 1434, 1444, 1447, 1434, 1448, | |
| 2196 | 1450, 1441, 1446, 1468, 1458, 1440, 1439, 1442, 1437, 1440, | |
| 2197 | 1443, 1438, 1442, 1446, 1449, 1453, 1463, 1444, 1454, 1447, | |
| 2198 | 1439, 1441, 1464, 1444, 1447, 1450, 1460, 1450, 1453, 1446, | |
| 2199 | 1448, 1458, 1466, 1449, 1468, 1460, 1469, 1470, 1463, 1472, | |
| 2200 | 1476, 1449, 1453, 1463, 1454, 1454, 1471, 1474, 1470, 1464, | |
| 2201 | 1475, 1471, 1478, 1460, 1479, 1474, 1481, 1483, 0, 1466, | |
| 2202 | 1480, 1472, 1469, 1469, 1470, 1475, 1472, 1476, 1481, 1480, | |
| 2203 | 1478, 1485, 1486, 1471, 1474, 1487, 1489, 1475, 1488, 1478, | |
| 2204 | 1490, 1491, 1493, 1481, 1483, 1479, 1492, 1480, 1487, 1494, | |
| 2205 | ||
| 2206 | 1498, 1493, 0, 1485, 0, 1495, 1496, 1486, 1485, 1486, | |
| 2207 | 1488, 1492, 1487, 1489, 1497, 1488, 1500, 1490, 1491, 1493, | |
| 2208 | 1495, 1496, 1498, 1492, 1499, 1494, 1494, 1498, 1501, 1497, | |
| 2209 | 1503, 1499, 1495, 1496, 1502, 1502, 1504, 1503, 1507, 1505, | |
| 2210 | 1506, 1497, 1505, 1500, 1508, 1509, 1501, 1510, 1511, 1513, | |
| 2211 | 1504, 1499, 1510, 1506, 1509, 1501, 1512, 1503, 1514, 0, | |
| 2212 | 1515, 1502, 1508, 1504, 1507, 1507, 1505, 1506, 1519, 1527, | |
| 2213 | 1511, 1508, 1509, 1518, 1510, 1511, 1513, 1519, 1512, 1520, | |
| 2214 | 1518, 1521, 1524, 1512, 1520, 1514, 1515, 1515, 1521, 1522, | |
| 2215 | 1523, 1524, 1525, 1528, 1529, 1519, 1527, 1523, 1531, 1536, | |
| 2216 | ||
| 2217 | 1518, 1534, 1530, 1529, 1532, 1533, 1520, 1522, 1521, 1524, | |
| 2218 | 1531, 1528, 1534, 1532, 1533, 1535, 1522, 1523, 1525, 1525, | |
| 2219 | 1528, 1529, 1530, 1535, 1537, 1531, 1536, 1538, 1534, 1530, | |
| 2220 | 1540, 1532, 1533, 1539, 1541, 1544, 1538, 1542, 1540, 1545, | |
| 2221 | 0, 1548, 1535, 1549, 1542, 1539, 1550, 1545, 1548, 1552, | |
| 2222 | 1553, 1551, 1554, 1544, 1538, 1537, 1541, 1540, 1552, 1556, | |
| 2223 | 1539, 1541, 1544, 1551, 1542, 1557, 1545, 1549, 1548, 1558, | |
| 2224 | 1549, 1556, 1561, 1550, 1562, 1554, 1552, 1553, 1551, 1554, | |
| 2225 | 1559, 1563, 1562, 1564, 0, 1568, 1556, 1571, 1557, 1570, | |
| 2226 | 1569, 1572, 1557, 1573, 1559, 1569, 1558, 1577, 1574, 1561, | |
| 2227 | ||
| 2228 | 1575, 1562, 1581, 1570, 1578, 1571, 1574, 1559, 1563, 1577, | |
| 2229 | 1564, 1568, 1568, 1572, 1571, 1573, 1570, 1569, 1572, 1575, | |
| 2230 | 1573, 1579, 1580, 1582, 1577, 1574, 1578, 1575, 0, 1581, | |
| 2231 | 1585, 1578, 1583, 1584, 1580, 1586, 1587, 1588, 1592, 1591, | |
| 2232 | 0, 0, 0, 1579, 1593, 0, 1594, 1595, 1579, 1580, | |
| 2233 | 1582, 1642, 1583, 1591, 1598, 1584, 1597, 1586, 1596, 1583, | |
| 2234 | 1584, 1585, 1586, 1587, 1588, 1595, 1591, 1593, 1594, 1592, | |
| 2235 | 1596, 1593, 1599, 1594, 1595, 1597, 1598, 1601, 1602, 1603, | |
| 2236 | 1604, 1598, 1642, 1597, 1605, 1596, 1607, 1599, 1603, 1610, | |
| 2237 | 1606, 1608, 1613, 0, 1604, 0, 1611, 1610, 1616, 1599, | |
| 2238 | ||
| 2239 | 1602, 1601, 1605, 1611, 1601, 1602, 1603, 1604, 1606, 1608, | |
| 2240 | 1617, 1605, 1607, 1607, 1612, 1615, 1610, 1606, 1608, 1613, | |
| 2241 | 1614, 1616, 1612, 1611, 1618, 1616, 1619, 1621, 1614, 1624, | |
| 2242 | 1622, 0, 1628, 1615, 1626, 1630, 1625, 1617, 1634, 1635, | |
| 2243 | 0, 1612, 1615, 1618, 1622, 1621, 1626, 1614, 1619, 1625, | |
| 2244 | 1636, 1618, 1624, 1619, 1621, 1637, 1624, 1622, 1628, 1628, | |
| 2245 | 1633, 1626, 1630, 1625, 1634, 1634, 1635, 1633, 1638, 1639, | |
| 2246 | 1640, 1641, 1643, 1649, 1636, 1650, 1647, 1636, 1644, 1640, | |
| 2247 | 1647, 1648, 1637, 0, 1641, 1648, 1659, 1633, 1653, 1655, | |
| 2248 | 0, 1658, 1654, 1654, 1649, 1638, 1639, 1640, 1641, 1643, | |
| 2249 | ||
| 2250 | 1649, 1644, 1654, 1656, 1658, 1644, 1650, 1647, 1648, 1660, | |
| 2251 | 1653, 1655, 1656, 1659, 1657, 1653, 1655, 1660, 1658, 1654, | |
| 2252 | 1654, 1657, 1663, 1661, 1662, 0, 1664, 0, 1665, 1666, | |
| 2253 | 1656, 1668, 1662, 1669, 1669, 1667, 1660, 1671, 1668, 1672, | |
| 2254 | 1666, 1657, 1661, 1670, 1671, 1674, 1672, 1675, 1663, 1663, | |
| 2255 | 1661, 1662, 1664, 1664, 1665, 1665, 1666, 1667, 1668, 1676, | |
| 2256 | 1669, 1670, 1667, 1679, 1671, 1680, 1672, 1678, 1682, 1681, | |
| 2257 | 1670, 1675, 1674, 1683, 1675, 1684, 1678, 1683, 1688, 1685, | |
| 2258 | 1682, 1676, 1687, 1690, 1704, 1690, 1676, 1681, 1680, 1684, | |
| 2259 | 1679, 1694, 1680, 1688, 1678, 1682, 1681, 1685, 1695, 1696, | |
| 2260 | ||
| 2261 | 1687, 1698, 1684, 1701, 1683, 1688, 1685, 0, 1699, 1687, | |
| 2262 | 1690, 1699, 1703, 1694, 1702, 1704, 1705, 1696, 1694, 1703, | |
| 2263 | 1706, 1708, 1705, 1698, 1695, 1695, 1696, 1707, 1698, 1709, | |
| 2264 | 1701, 1709, 1702, 1710, 1699, 1699, 1707, 1712, 1699, 1703, | |
| 2265 | 1714, 1702, 1706, 1705, 1718, 1712, 1713, 1706, 1715, 1716, | |
| 2266 | 1717, 1719, 1708, 0, 1707, 1718, 1709, 1721, 1713, 1719, | |
| 2267 | 1710, 1720, 1715, 1723, 1712, 1722, 1722, 1714, 1717, 1726, | |
| 2268 | 1727, 1718, 1716, 1713, 1724, 1715, 1716, 1717, 1719, 1721, | |
| 2269 | 1720, 1728, 1724, 1730, 1721, 1732, 1731, 1733, 1720, 1732, | |
| 2270 | 1723, 1735, 1722, 1731, 1736, 1733, 1726, 1727, 1738, 1737, | |
| 2271 | ||
| 2272 | 1739, 1724, 1742, 1728, 1737, 1741, 1743, 1736, 1728, 1742, | |
| 2273 | 1730, 1740, 1732, 1731, 1733, 1744, 1747, 1735, 1735, 1740, | |
| 2274 | 1741, 1736, 1745, 1748, 1750, 1738, 1737, 1739, 1749, 1742, | |
| 2275 | 1748, 1747, 1741, 1743, 1752, 1754, 1751, 1756, 1740, 1744, | |
| 2276 | 1759, 1761, 1744, 1747, 1751, 1757, 1750, 1760, 1745, 1745, | |
| 2277 | 1748, 1750, 1749, 1757, 1761, 1749, 1753, 1753, 1762, 1763, | |
| 2278 | 1764, 1765, 1754, 1751, 1756, 1752, 1753, 1759, 1761, 1760, | |
| 2279 | 1766, 1768, 1757, 1771, 1760, 1773, 1774, 1776, 1777, 1782, | |
| 2280 | 1762, 0, 0, 1753, 1753, 1762, 1763, 1764, 1765, 1774, | |
| 2281 | 1778, 1781, 1766, 1783, 1775, 1776, 1788, 1766, 1768, 1771, | |
| 2282 | ||
| 2283 | 1771, 1775, 1773, 1774, 1776, 1777, 1782, 1785, 1787, 1786, | |
| 2284 | 1781, 1788, 1778, 1789, 1785, 1783, 1786, 1778, 1781, 1790, | |
| 2285 | 1783, 1775, 1791, 1788, 1799, 1793, 1794, 1800, 1790, 1805, | |
| 2286 | 1787, 1793, 1789, 1791, 1785, 1787, 1786, 1792, 1792, 1801, | |
| 2287 | 1789, 1809, 0, 1797, 1807, 1811, 1790, 1792, 1794, 1791, | |
| 2288 | 1797, 1799, 1793, 1794, 1800, 1813, 1805, 1817, 1811, 1818, | |
| 2289 | 1810, 1814, 1801, 1819, 1792, 1792, 1801, 1807, 1809, 1810, | |
| 2290 | 1797, 1807, 1811, 1814, 1816, 1817, 1820, 1821, 1822, 1823, | |
| 2291 | 1822, 1828, 1813, 1816, 1817, 1818, 1818, 1810, 1814, 1824, | |
| 2292 | 1819, 1823, 1825, 1826, 1827, 1824, 1831, 1833, 1836, 1821, | |
| 2293 | ||
| 2294 | 1835, 1816, 1827, 1820, 1821, 1822, 1823, 1838, 1828, 1839, | |
| 2295 | 1841, 1845, 0, 0, 1825, 1826, 1824, 1840, 1835, 1825, | |
| 2296 | 1826, 1827, 1838, 1831, 1833, 1836, 1844, 1835, 1846, 1840, | |
| 2297 | 1847, 1848, 1850, 1856, 1838, 1839, 1839, 1841, 1849, 1848, | |
| 2298 | 1854, 1846, 1845, 1850, 1840, 0, 0, 1849, 1868, 1858, | |
| 2299 | 1844, 0, 1847, 1844, 1857, 1846, 1856, 1847, 1848, 1850, | |
| 2300 | 1856, 1857, 1858, 1860, 1854, 1849, 1861, 1854, 1865, 1862, | |
| 2301 | 1865, 1867, 1864, 1863, 1866, 1868, 1858, 1862, 1867, 1860, | |
| 2302 | 1861, 1857, 1863, 1864, 1869, 1870, 1866, 1871, 1872, 1876, | |
| 2303 | 1860, 1873, 1874, 1861, 1874, 1865, 1862, 1875, 1867, 1864, | |
| 2304 | ||
| 2305 | 1863, 1866, 1869, 1877, 1878, 1880, 1884, 1885, 0, 1875, | |
| 2306 | 1872, 1869, 1870, 1873, 1871, 1872, 1877, 1880, 1873, 1874, | |
| 2307 | 1876, 1883, 1886, 1890, 1875, 1887, 1888, 0, 1892, 1883, | |
| 2308 | 1877, 1878, 1880, 1891, 1888, 1886, 1890, 1884, 1885, 1887, | |
| 2309 | 1893, 1891, 1892, 1894, 1895, 1903, 1896, 1899, 1883, 1886, | |
| 2310 | 1890, 1894, 1887, 1888, 1893, 1892, 1897, 0, 1898, 1900, | |
| 2311 | 1891, 1904, 1905, 1908, 1897, 1901, 1895, 1893, 1896, 1899, | |
| 2312 | 1894, 1895, 1902, 1896, 1899, 1912, 1903, 1910, 0, 1924, | |
| 2313 | 1902, 1900, 1905, 1897, 1898, 1898, 1900, 1901, 1904, 1905, | |
| 2314 | 1906, 1910, 1901, 1907, 1908, 1909, 1915, 1912, 1906, 1902, | |
| 2315 | ||
| 2316 | 1913, 1907, 1912, 1909, 1910, 1914, 1924, 1916, 1913, 1917, | |
| 2317 | 1915, 1918, 0, 1914, 1919, 0, 1920, 1906, 0, 1918, | |
| 2318 | 1907, 1923, 1909, 1915, 1921, 1922, 0, 1913, 0, 1923, | |
| 2319 | 1925, 1917, 1914, 1916, 1916, 1926, 1917, 1928, 1918, 1927, | |
| 2320 | 1919, 1919, 1920, 1920, 0, 1922, 1921, 1927, 1923, 1931, | |
| 2321 | 1925, 1921, 1922, 1929, 1939, 1926, 1932, 1925, 1935, 1928, | |
| 2322 | 1933, 1929, 1926, 1938, 1928, 1934, 1927, 1936, 1933, 1937, | |
| 2323 | 1941, 1931, 0, 1934, 1942, 1936, 1931, 1937, 1932, 1940, | |
| 2324 | 1929, 1939, 1943, 1932, 1935, 1935, 1945, 1933, 1948, 1938, | |
| 2325 | 1938, 1951, 1934, 1952, 1936, 1949, 1937, 1941, 0, 1940, | |
| 2326 | ||
| 2327 | 0, 1942, 1943, 1949, 1950, 0, 1940, 0, 1945, 1943, | |
| 2328 | 1948, 0, 1950, 1945, 0, 1948, 0, 0, 1951, 0, | |
| 2329 | 1952, 0, 1949, 0, 0, 0, 0, 0, 0, 0, | |
| 2330 | 0, 1950, 1956, 1956, 1956, 1956, 1956, 1956, 1956, 1957, | |
| 2331 | 1957, 1957, 1957, 1957, 1957, 1957, 1958, 1958, 1958, 1958, | |
| 2332 | 1958, 1958, 1958, 1959, 1959, 1959, 1959, 1959, 1959, 1959, | |
| 2333 | 1960, 1960, 1960, 1960, 1960, 1960, 1960, 1962, 1962, 0, | |
| 2334 | 1962, 1962, 1962, 1962, 1963, 1963, 0, 0, 0, 1963, | |
| 2335 | 1963, 1964, 1964, 0, 0, 1964, 0, 1964, 1965, 0, | |
| 2336 | 0, 0, 0, 0, 1965, 1966, 1966, 0, 0, 0, | |
| 2337 | ||
| 2338 | 1966, 1966, 1967, 0, 0, 0, 0, 0, 1967, 1968, | |
| 2339 | 1968, 0, 1968, 1968, 1968, 1968, 1969, 1969, 0, 1969, | |
| 2340 | 1969, 1969, 1969, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 2341 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 2342 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 2343 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 2344 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 2345 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, | |
| 2346 | 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955 | |
| 1909 | 1, 1, 1, 1, 1, 1, 3, 3, 3, 4, | |
| 1910 | 4, 4, 5, 5, 6, 6, 5, 27, 6, 7, | |
| 1911 | 7, 7, 7, 676, 7, 8, 8, 8, 8, 27, | |
| 1912 | 8, 9, 9, 9, 10, 10, 10, 15, 45, 45, | |
| 1913 | ||
| 1914 | 2243, 15, 23, 3, 27, 50, 4, 775, 50, 5, | |
| 1915 | 19, 6, 19, 19, 676, 19, 140, 7, 29, 61, | |
| 1916 | 61, 19, 23, 8, 138, 23, 20, 20, 9, 23, | |
| 1917 | 29, 10, 11, 11, 11, 11, 11, 11, 12, 12, | |
| 1918 | 12, 12, 12, 12, 20, 29, 24, 103, 19, 23, | |
| 1919 | 20, 25, 11, 20, 20, 21, 75, 32, 12, 25, | |
| 1920 | 24, 70, 21, 32, 860, 70, 21, 103, 28, 21, | |
| 1921 | 11, 20, 24, 24, 103, 137, 12, 25, 25, 11, | |
| 1922 | 75, 21, 21, 75, 32, 12, 25, 24, 26, 21, | |
| 1923 | 28, 26, 860, 21, 30, 28, 21, 22, 26, 135, | |
| 1924 | ||
| 1925 | 26, 22, 30, 133, 22, 116, 22, 22, 30, 131, | |
| 1926 | 31, 26, 30, 34, 31, 26, 77, 116, 26, 22, | |
| 1927 | 30, 30, 76, 77, 22, 26, 34, 26, 22, 30, | |
| 1928 | 31, 22, 116, 22, 22, 30, 31, 31, 35, 30, | |
| 1929 | 34, 31, 35, 77, 134, 76, 37, 134, 37, 76, | |
| 1930 | 100, 68, 35, 100, 38, 35, 84, 31, 33, 38, | |
| 1931 | 62, 84, 33, 37, 35, 35, 39, 38, 33, 35, | |
| 1932 | 39, 33, 37, 37, 39, 37, 80, 100, 33, 35, | |
| 1933 | 33, 38, 35, 84, 57, 33, 38, 132, 132, 33, | |
| 1934 | 37, 66, 39, 39, 80, 33, 125, 39, 33, 85, | |
| 1935 | ||
| 1936 | 768, 39, 125, 80, 66, 33, 36, 85, 40, 36, | |
| 1937 | 40, 40, 56, 40, 56, 56, 36, 56, 66, 40, | |
| 1938 | 36, 36, 64, 125, 64, 64, 85, 64, 36, 67, | |
| 1939 | 768, 67, 67, 36, 67, 69, 36, 69, 69, 72, | |
| 1940 | 69, 72, 72, 36, 72, 78, 69, 36, 36, 81, | |
| 1941 | 72, 87, 79, 82, 83, 83, 52, 86, 78, 82, | |
| 1942 | 64, 79, 81, 83, 87, 51, 88, 89, 92, 78, | |
| 1943 | 139, 139, 78, 88, 82, 86, 81, 72, 87, 79, | |
| 1944 | 82, 83, 83, 89, 93, 78, 82, 90, 91, 86, | |
| 1945 | 94, 92, 96, 88, 89, 92, 90, 91, 46, 101, | |
| 1946 | ||
| 1947 | 97, 41, 86, 94, 95, 14, 93, 95, 97, 99, | |
| 1948 | 98, 93, 101, 99, 90, 91, 96, 94, 102, 13, | |
| 1949 | 95, 95, 105, 120, 96, 104, 101, 97, 95, 108, | |
| 1950 | 98, 95, 98, 99, 95, 0, 99, 98, 108, 104, | |
| 1951 | 99, 102, 105, 96, 106, 102, 107, 95, 95, 105, | |
| 1952 | 110, 109, 104, 107, 112, 120, 108, 98, 106, 110, | |
| 1953 | 111, 112, 113, 114, 111, 0, 115, 117, 0, 0, | |
| 1954 | 114, 106, 115, 107, 109, 117, 122, 110, 109, 118, | |
| 1955 | 115, 112, 111, 118, 119, 121, 123, 111, 113, 113, | |
| 1956 | 114, 111, 118, 115, 117, 123, 122, 124, 119, 115, | |
| 1957 | ||
| 1958 | 121, 126, 122, 122, 128, 127, 118, 129, 124, 0, | |
| 1959 | 118, 119, 121, 123, 130, 136, 129, 136, 136, 128, | |
| 1960 | 136, 145, 126, 122, 124, 146, 126, 127, 126, 144, | |
| 1961 | 0, 128, 127, 148, 129, 141, 130, 141, 141, 147, | |
| 1962 | 141, 130, 142, 145, 142, 142, 149, 142, 145, 126, | |
| 1963 | 150, 147, 148, 144, 149, 157, 144, 146, 152, 151, | |
| 1964 | 148, 153, 150, 154, 156, 152, 147, 155, 0, 154, | |
| 1965 | 161, 158, 0, 149, 160, 158, 162, 150, 161, 153, | |
| 1966 | 142, 151, 163, 177, 165, 152, 151, 157, 153, 155, | |
| 1967 | 156, 156, 158, 0, 155, 154, 154, 161, 162, 158, | |
| 1968 | ||
| 1969 | 160, 160, 158, 162, 163, 166, 164, 165, 167, 163, | |
| 1970 | 164, 165, 168, 170, 169, 177, 0, 169, 0, 158, | |
| 1971 | 159, 167, 170, 171, 168, 159, 172, 166, 180, 169, | |
| 1972 | 159, 175, 166, 164, 174, 167, 159, 159, 175, 168, | |
| 1973 | 170, 169, 183, 159, 169, 171, 178, 159, 172, 173, | |
| 1974 | 171, 176, 159, 172, 173, 185, 174, 159, 175, 179, | |
| 1975 | 180, 174, 176, 159, 159, 181, 173, 184, 173, 186, | |
| 1976 | 179, 182, 178, 178, 183, 173, 173, 182, 176, 187, | |
| 1977 | 0, 173, 188, 181, 189, 192, 195, 185, 268, 184, | |
| 1978 | 192, 179, 181, 173, 184, 173, 188, 179, 182, 187, | |
| 1979 | ||
| 1980 | 190, 186, 191, 193, 194, 189, 187, 190, 195, 188, | |
| 1981 | 197, 189, 192, 195, 196, 268, 199, 198, 194, 200, | |
| 1982 | 201, 197, 193, 191, 198, 201, 196, 190, 202, 191, | |
| 1983 | 193, 194, 204, 208, 206, 207, 210, 197, 199, 203, | |
| 1984 | 203, 196, 200, 199, 198, 205, 200, 201, 203, 209, | |
| 1985 | 212, 210, 205, 211, 213, 207, 219, 209, 214, 206, | |
| 1986 | 202, 206, 207, 210, 204, 208, 203, 203, 218, 216, | |
| 1987 | 215, 220, 205, 212, 215, 214, 209, 221, 222, 211, | |
| 1988 | 211, 217, 212, 214, 216, 214, 213, 218, 219, 217, | |
| 1989 | 222, 223, 224, 220, 225, 218, 216, 215, 220, 228, | |
| 1990 | ||
| 1991 | 212, 224, 214, 226, 223, 222, 229, 225, 217, 221, | |
| 1992 | 227, 232, 227, 230, 231, 233, 240, 235, 223, 224, | |
| 1993 | 232, 225, 226, 228, 234, 237, 228, 239, 235, 0, | |
| 1994 | 226, 229, 238, 229, 236, 242, 243, 227, 232, 230, | |
| 1995 | 230, 233, 233, 231, 235, 239, 236, 241, 240, 237, | |
| 1996 | 234, 234, 237, 244, 239, 238, 245, 246, 249, 238, | |
| 1997 | 241, 236, 243, 243, 246, 248, 251, 242, 247, 259, | |
| 1998 | 250, 248, 249, 252, 241, 244, 253, 247, 254, 258, | |
| 1999 | 244, 255, 252, 0, 246, 249, 257, 254, 245, 256, | |
| 2000 | 251, 260, 248, 251, 258, 247, 250, 250, 256, 253, | |
| 2001 | ||
| 2002 | 252, 259, 261, 253, 263, 254, 258, 255, 255, 264, | |
| 2003 | 257, 265, 262, 257, 0, 260, 256, 261, 260, 266, | |
| 2004 | 262, 262, 263, 262, 274, 265, 272, 264, 269, 261, | |
| 2005 | 262, 263, 270, 264, 266, 270, 264, 271, 265, 262, | |
| 2006 | 267, 267, 270, 273, 272, 276, 266, 262, 262, 271, | |
| 2007 | 262, 274, 269, 272, 264, 269, 275, 277, 278, 270, | |
| 2008 | 279, 273, 270, 282, 271, 267, 280, 267, 267, 277, | |
| 2009 | 273, 276, 276, 280, 281, 279, 285, 284, 275, 288, | |
| 2010 | 278, 283, 291, 275, 277, 278, 281, 279, 283, 287, | |
| 2011 | 286, 287, 288, 280, 289, 282, 286, 289, 285, 289, | |
| 2012 | ||
| 2013 | 292, 281, 290, 285, 0, 289, 288, 0, 283, 284, | |
| 2014 | 0, 293, 286, 287, 291, 0, 287, 286, 287, 293, | |
| 2015 | 290, 289, 292, 286, 289, 293, 289, 292, 294, 290, | |
| 2016 | 295, 296, 297, 300, 298, 294, 301, 303, 293, 305, | |
| 2017 | 0, 304, 295, 303, 296, 300, 293, 298, 297, 304, | |
| 2018 | 307, 305, 314, 0, 301, 294, 297, 295, 296, 297, | |
| 2019 | 300, 298, 302, 301, 303, 306, 305, 302, 304, 308, | |
| 2020 | 0, 309, 306, 308, 0, 297, 299, 299, 309, 311, | |
| 2021 | 310, 0, 307, 312, 314, 313, 299, 310, 299, 299, | |
| 2022 | 299, 311, 306, 299, 302, 315, 308, 313, 309, 316, | |
| 2023 | ||
| 2024 | 318, 299, 315, 299, 299, 312, 311, 310, 317, 319, | |
| 2025 | 312, 319, 313, 299, 316, 299, 299, 299, 320, 321, | |
| 2026 | 299, 317, 315, 322, 322, 0, 316, 323, 324, 320, | |
| 2027 | 326, 325, 318, 328, 323, 317, 319, 327, 329, 324, | |
| 2028 | 330, 321, 325, 326, 337, 320, 321, 334, 333, 330, | |
| 2029 | 331, 0, 322, 329, 323, 324, 328, 326, 325, 348, | |
| 2030 | 328, 329, 327, 331, 327, 329, 333, 330, 332, 334, | |
| 2031 | 335, 336, 338, 339, 334, 333, 337, 331, 338, 332, | |
| 2032 | 329, 332, 340, 342, 0, 341, 332, 343, 344, 336, | |
| 2033 | 342, 348, 0, 335, 339, 332, 345, 335, 336, 338, | |
| 2034 | ||
| 2035 | 339, 347, 344, 346, 351, 340, 332, 341, 332, 340, | |
| 2036 | 342, 349, 341, 343, 343, 344, 350, 346, 345, 352, | |
| 2037 | 353, 354, 350, 345, 356, 0, 351, 347, 347, 355, | |
| 2038 | 346, 351, 357, 358, 349, 353, 354, 352, 349, 358, | |
| 2039 | 359, 0, 361, 350, 363, 0, 352, 353, 354, 362, | |
| 2040 | 356, 356, 355, 0, 357, 362, 355, 364, 365, 357, | |
| 2041 | 358, 370, 366, 363, 371, 365, 359, 359, 361, 361, | |
| 2042 | 368, 363, 368, 369, 370, 364, 362, 366, 374, 368, | |
| 2043 | 369, 373, 379, 372, 364, 365, 376, 375, 370, 366, | |
| 2044 | 378, 374, 377, 380, 383, 379, 371, 368, 382, 368, | |
| 2045 | ||
| 2046 | 369, 372, 381, 373, 382, 374, 375, 381, 373, 379, | |
| 2047 | 372, 384, 385, 378, 375, 380, 377, 383, 376, 377, | |
| 2048 | 380, 383, 378, 384, 386, 382, 389, 0, 387, 381, | |
| 2049 | 391, 0, 398, 389, 385, 386, 387, 390, 384, 385, | |
| 2050 | 378, 391, 393, 394, 398, 390, 395, 0, 392, 397, | |
| 2051 | 394, 386, 396, 389, 396, 387, 388, 391, 392, 398, | |
| 2052 | 401, 388, 399, 388, 390, 410, 393, 416, 401, 393, | |
| 2053 | 394, 388, 395, 395, 388, 397, 397, 399, 403, 396, | |
| 2054 | 392, 388, 388, 388, 400, 392, 402, 401, 388, 399, | |
| 2055 | 388, 402, 404, 407, 405, 406, 400, 410, 388, 416, | |
| 2056 | ||
| 2057 | 403, 388, 405, 409, 413, 403, 412, 406, 388, 411, | |
| 2058 | 404, 400, 415, 402, 407, 412, 414, 417, 413, 404, | |
| 2059 | 407, 405, 406, 418, 411, 419, 409, 420, 0, 421, | |
| 2060 | 409, 413, 417, 412, 423, 414, 411, 422, 425, 415, | |
| 2061 | 419, 421, 424, 414, 417, 424, 427, 428, 429, 425, | |
| 2062 | 430, 420, 419, 424, 420, 418, 421, 426, 423, 422, | |
| 2063 | 427, 423, 426, 431, 422, 425, 432, 433, 437, 424, | |
| 2064 | 434, 436, 424, 427, 428, 429, 434, 439, 435, 436, | |
| 2065 | 438, 440, 430, 441, 442, 444, 0, 437, 0, 426, | |
| 2066 | 431, 445, 441, 432, 443, 437, 455, 434, 436, 433, | |
| 2067 | ||
| 2068 | 435, 443, 446, 438, 440, 435, 442, 438, 440, 439, | |
| 2069 | 441, 442, 451, 445, 447, 446, 448, 444, 445, 447, | |
| 2070 | 452, 443, 449, 447, 450, 448, 0, 453, 455, 446, | |
| 2071 | 459, 457, 454, 450, 451, 456, 0, 467, 447, 451, | |
| 2072 | 453, 447, 452, 448, 454, 458, 447, 452, 449, 449, | |
| 2073 | 447, 450, 459, 456, 453, 457, 460, 459, 457, 454, | |
| 2074 | 461, 462, 456, 463, 464, 465, 466, 458, 458, 467, | |
| 2075 | 474, 461, 458, 469, 468, 462, 465, 471, 460, 470, | |
| 2076 | 472, 466, 464, 460, 476, 463, 475, 461, 462, 472, | |
| 2077 | 463, 464, 465, 466, 458, 468, 473, 469, 477, 471, | |
| 2078 | ||
| 2079 | 469, 468, 474, 470, 471, 478, 470, 472, 475, 473, | |
| 2080 | 479, 482, 480, 475, 481, 479, 476, 484, 0, 486, | |
| 2081 | 0, 483, 477, 473, 489, 477, 480, 478, 481, 483, | |
| 2082 | 485, 487, 478, 488, 486, 484, 491, 493, 488, 480, | |
| 2083 | 0, 481, 479, 482, 484, 485, 486, 490, 483, 490, | |
| 2084 | 489, 489, 492, 487, 485, 499, 0, 485, 487, 494, | |
| 2085 | 492, 491, 493, 491, 493, 488, 495, 498, 494, 496, | |
| 2086 | 504, 497, 485, 499, 490, 495, 500, 496, 497, 492, | |
| 2087 | 501, 508, 499, 502, 505, 503, 494, 506, 500, 501, | |
| 2088 | 498, 502, 505, 495, 498, 506, 496, 503, 497, 507, | |
| 2089 | ||
| 2090 | 509, 510, 504, 500, 508, 512, 511, 501, 508, 515, | |
| 2091 | 502, 505, 503, 512, 506, 513, 509, 511, 514, 516, | |
| 2092 | 520, 517, 518, 510, 522, 507, 507, 509, 510, 513, | |
| 2093 | 0, 515, 512, 511, 521, 523, 515, 522, 514, 516, | |
| 2094 | 520, 519, 513, 517, 518, 514, 516, 520, 517, 518, | |
| 2095 | 519, 522, 521, 523, 524, 525, 529, 526, 527, 531, | |
| 2096 | 532, 521, 523, 528, 527, 537, 533, 531, 519, 536, | |
| 2097 | 0, 528, 534, 533, 529, 0, 524, 555, 536, 525, | |
| 2098 | 526, 524, 525, 529, 526, 527, 531, 535, 538, 528, | |
| 2099 | 528, 539, 532, 533, 544, 534, 536, 537, 528, 534, | |
| 2100 | ||
| 2101 | 539, 540, 535, 540, 541, 0, 544, 538, 550, 555, | |
| 2102 | 547, 541, 0, 551, 535, 538, 553, 0, 539, 0, | |
| 2103 | 547, 544, 0, 557, 552, 560, 550, 560, 540, 554, | |
| 2104 | 0, 541, 542, 562, 551, 550, 542, 547, 558, 542, | |
| 2105 | 551, 563, 553, 553, 558, 557, 542, 552, 559, 542, | |
| 2106 | 557, 552, 560, 0, 542, 554, 554, 559, 561, 542, | |
| 2107 | 562, 563, 565, 542, 564, 558, 542, 0, 563, 0, | |
| 2108 | 566, 567, 580, 542, 565, 559, 542, 556, 556, 569, | |
| 2109 | 556, 580, 561, 556, 568, 561, 573, 570, 556, 565, | |
| 2110 | 564, 564, 572, 567, 556, 556, 566, 566, 567, 580, | |
| 2111 | ||
| 2112 | 572, 569, 571, 556, 556, 556, 569, 556, 568, 573, | |
| 2113 | 556, 568, 570, 573, 570, 556, 574, 571, 575, 572, | |
| 2114 | 576, 556, 556, 574, 577, 578, 575, 579, 0, 571, | |
| 2115 | 583, 581, 585, 582, 584, 586, 0, 578, 587, 576, | |
| 2116 | 579, 0, 588, 574, 0, 575, 581, 576, 0, 589, | |
| 2117 | 577, 577, 578, 590, 579, 582, 584, 583, 581, 592, | |
| 2118 | 582, 584, 587, 588, 585, 587, 591, 586, 589, 588, | |
| 2119 | 593, 594, 590, 595, 596, 591, 589, 597, 598, 594, | |
| 2120 | 590, 592, 603, 0, 601, 602, 592, 599, 0, 606, | |
| 2121 | 593, 604, 596, 591, 605, 599, 597, 593, 594, 0, | |
| 2122 | ||
| 2123 | 595, 596, 601, 602, 597, 607, 603, 605, 608, 603, | |
| 2124 | 598, 601, 602, 604, 599, 606, 606, 607, 604, 609, | |
| 2125 | 610, 605, 609, 612, 613, 614, 608, 615, 610, 618, | |
| 2126 | 616, 614, 607, 617, 618, 608, 616, 0, 619, 621, | |
| 2127 | 617, 620, 631, 628, 610, 619, 609, 610, 612, 615, | |
| 2128 | 612, 613, 614, 623, 615, 610, 618, 616, 622, 620, | |
| 2129 | 617, 623, 621, 624, 625, 619, 621, 622, 620, 626, | |
| 2130 | 628, 627, 632, 630, 631, 639, 629, 0, 633, 625, | |
| 2131 | 623, 624, 626, 629, 636, 622, 630, 634, 0, 638, | |
| 2132 | 624, 625, 627, 637, 635, 634, 626, 0, 627, 637, | |
| 2133 | ||
| 2134 | 630, 633, 635, 629, 632, 633, 636, 639, 640, 635, | |
| 2135 | 641, 636, 642, 643, 634, 638, 638, 644, 0, 641, | |
| 2136 | 637, 635, 645, 647, 644, 646, 642, 0, 648, 635, | |
| 2137 | 649, 0, 640, 650, 646, 640, 654, 641, 652, 642, | |
| 2138 | 648, 650, 654, 651, 644, 643, 651, 653, 0, 645, | |
| 2139 | 647, 652, 646, 649, 653, 648, 0, 649, 656, 657, | |
| 2140 | 650, 0, 0, 654, 658, 652, 664, 659, 661, 659, | |
| 2141 | 651, 664, 0, 660, 653, 655, 658, 655, 0, 662, | |
| 2142 | 661, 655, 657, 655, 656, 656, 657, 0, 655, 666, | |
| 2143 | 663, 658, 665, 655, 659, 661, 660, 667, 664, 655, | |
| 2144 | ||
| 2145 | 660, 662, 655, 663, 655, 665, 662, 669, 655, 667, | |
| 2146 | 655, 668, 666, 670, 672, 655, 666, 663, 673, 665, | |
| 2147 | 655, 668, 671, 674, 667, 675, 670, 672, 671, 669, | |
| 2148 | 680, 678, 679, 668, 669, 681, 0, 0, 668, 673, | |
| 2149 | 670, 672, 682, 680, 683, 673, 678, 691, 668, 671, | |
| 2150 | 681, 684, 675, 688, 679, 674, 677, 680, 678, 679, | |
| 2151 | 685, 677, 681, 677, 686, 692, 683, 687, 682, 682, | |
| 2152 | 684, 683, 686, 685, 677, 687, 689, 693, 684, 691, | |
| 2153 | 688, 677, 677, 677, 694, 693, 695, 685, 677, 692, | |
| 2154 | 677, 686, 692, 696, 687, 698, 699, 697, 694, 689, | |
| 2155 | ||
| 2156 | 701, 677, 703, 689, 693, 697, 700, 702, 677, 704, | |
| 2157 | 703, 694, 705, 698, 699, 696, 0, 700, 695, 705, | |
| 2158 | 696, 707, 698, 699, 697, 702, 708, 706, 707, 703, | |
| 2159 | 710, 704, 701, 700, 702, 721, 704, 709, 712, 705, | |
| 2160 | 706, 713, 0, 714, 708, 715, 722, 716, 707, 713, | |
| 2161 | 0, 712, 714, 708, 706, 709, 717, 715, 718, 719, | |
| 2162 | 722, 720, 710, 726, 709, 712, 726, 721, 713, 716, | |
| 2163 | 714, 724, 715, 722, 716, 727, 725, 719, 717, 728, | |
| 2164 | 718, 725, 724, 717, 729, 718, 719, 720, 720, 726, | |
| 2165 | 726, 729, 728, 726, 731, 730, 732, 733, 724, 727, | |
| 2166 | ||
| 2167 | 0, 736, 727, 732, 734, 735, 728, 730, 725, 0, | |
| 2168 | 734, 729, 736, 737, 738, 739, 741, 743, 742, 744, | |
| 2169 | 0, 733, 730, 732, 733, 746, 731, 735, 736, 742, | |
| 2170 | 739, 734, 735, 745, 746, 737, 738, 741, 743, 747, | |
| 2171 | 737, 738, 739, 741, 743, 742, 744, 748, 750, 749, | |
| 2172 | 751, 745, 746, 752, 0, 750, 748, 749, 760, 753, | |
| 2173 | 745, 754, 756, 747, 751, 759, 747, 757, 758, 761, | |
| 2174 | 762, 756, 764, 0, 748, 750, 749, 751, 763, 765, | |
| 2175 | 759, 753, 762, 754, 758, 752, 753, 765, 754, 756, | |
| 2176 | 760, 757, 759, 767, 757, 758, 766, 762, 769, 764, | |
| 2177 | ||
| 2178 | 763, 761, 771, 770, 774, 763, 765, 769, 767, 766, | |
| 2179 | 771, 772, 774, 772, 776, 778, 777, 779, 780, 0, | |
| 2180 | 767, 770, 778, 766, 781, 769, 783, 776, 777, 771, | |
| 2181 | 770, 774, 782, 786, 784, 792, 0, 788, 772, 785, | |
| 2182 | 0, 776, 778, 777, 787, 788, 781, 784, 783, 779, | |
| 2183 | 780, 781, 785, 783, 789, 786, 787, 782, 790, 782, | |
| 2184 | 786, 784, 792, 793, 788, 791, 785, 795, 794, 797, | |
| 2185 | 790, 787, 796, 791, 789, 799, 793, 794, 800, 796, | |
| 2186 | 797, 789, 0, 797, 801, 790, 0, 806, 795, 803, | |
| 2187 | 793, 797, 791, 802, 795, 794, 797, 805, 0, 796, | |
| 2188 | ||
| 2189 | 800, 799, 799, 804, 801, 800, 802, 797, 811, 806, | |
| 2190 | 797, 801, 804, 803, 806, 805, 803, 807, 808, 809, | |
| 2191 | 802, 813, 0, 815, 805, 807, 812, 809, 818, 814, | |
| 2192 | 804, 815, 817, 0, 828, 811, 0, 0, 0, 813, | |
| 2193 | 808, 814, 816, 818, 807, 808, 809, 822, 813, 812, | |
| 2194 | 815, 821, 817, 812, 816, 818, 814, 819, 820, 817, | |
| 2195 | 821, 823, 826, 824, 820, 819, 828, 0, 822, 816, | |
| 2196 | 824, 832, 825, 823, 822, 831, 830, 833, 821, 825, | |
| 2197 | 826, 829, 831, 836, 819, 820, 834, 837, 823, 826, | |
| 2198 | 824, 834, 833, 832, 829, 830, 836, 835, 832, 825, | |
| 2199 | ||
| 2200 | 838, 837, 831, 830, 833, 835, 840, 841, 829, 842, | |
| 2201 | 836, 843, 845, 844, 837, 0, 0, 0, 834, 0, | |
| 2202 | 840, 846, 847, 0, 835, 841, 838, 838, 839, 851, | |
| 2203 | 845, 839, 839, 840, 841, 844, 839, 843, 843, 845, | |
| 2204 | 844, 842, 839, 846, 847, 848, 839, 849, 846, 847, | |
| 2205 | 839, 851, 850, 852, 849, 839, 851, 854, 839, 839, | |
| 2206 | 855, 856, 0, 839, 857, 901, 852, 853, 0, 839, | |
| 2207 | 850, 848, 848, 839, 849, 0, 853, 0, 863, 850, | |
| 2208 | 852, 859, 861, 856, 864, 866, 0, 857, 856, 854, | |
| 2209 | 865, 857, 855, 0, 853, 858, 864, 901, 861, 865, | |
| 2210 | ||
| 2211 | 858, 863, 858, 866, 858, 863, 858, 859, 859, 861, | |
| 2212 | 867, 864, 866, 858, 0, 867, 869, 865, 870, 868, | |
| 2213 | 871, 0, 858, 872, 873, 878, 870, 858, 880, 858, | |
| 2214 | 874, 858, 868, 858, 869, 875, 872, 873, 876, 871, | |
| 2215 | 876, 877, 867, 869, 875, 870, 868, 871, 874, 879, | |
| 2216 | 872, 873, 878, 882, 885, 880, 883, 874, 884, 887, | |
| 2217 | 886, 879, 875, 877, 0, 876, 884, 886, 877, 888, | |
| 2218 | 890, 892, 894, 889, 902, 891, 879, 882, 883, 889, | |
| 2219 | 882, 885, 891, 883, 893, 884, 887, 886, 895, 897, | |
| 2220 | 903, 888, 896, 892, 894, 899, 888, 890, 892, 894, | |
| 2221 | ||
| 2222 | 889, 896, 891, 893, 898, 904, 902, 905, 908, 899, | |
| 2223 | 897, 893, 903, 906, 895, 895, 897, 903, 0, 896, | |
| 2224 | 907, 906, 899, 909, 898, 905, 910, 912, 911, 0, | |
| 2225 | 909, 898, 911, 910, 905, 908, 907, 904, 913, 914, | |
| 2226 | 906, 915, 919, 917, 913, 916, 914, 907, 918, 919, | |
| 2227 | 909, 913, 917, 910, 921, 911, 915, 922, 916, 912, | |
| 2228 | 920, 923, 920, 921, 925, 913, 914, 929, 915, 919, | |
| 2229 | 917, 913, 916, 924, 918, 918, 930, 924, 928, 922, | |
| 2230 | 931, 921, 927, 928, 922, 929, 925, 920, 923, 932, | |
| 2231 | 927, 925, 932, 931, 929, 930, 933, 934, 935, 936, | |
| 2232 | ||
| 2233 | 924, 932, 0, 930, 0, 937, 939, 931, 941, 927, | |
| 2234 | 928, 935, 942, 938, 939, 946, 932, 941, 933, 932, | |
| 2235 | 940, 940, 934, 933, 934, 935, 955, 943, 937, 938, | |
| 2236 | 944, 936, 937, 939, 942, 941, 943, 944, 946, 942, | |
| 2237 | 938, 947, 946, 948, 949, 950, 955, 940, 951, 952, | |
| 2238 | 947, 948, 954, 955, 943, 953, 956, 944, 950, 949, | |
| 2239 | 951, 952, 958, 953, 957, 964, 959, 961, 947, 960, | |
| 2240 | 948, 949, 950, 957, 954, 951, 952, 963, 956, 954, | |
| 2241 | 958, 960, 953, 956, 962, 965, 966, 969, 961, 958, | |
| 2242 | 962, 957, 959, 959, 961, 967, 960, 964, 971, 963, | |
| 2243 | ||
| 2244 | 970, 972, 973, 0, 963, 976, 974, 978, 0, 988, | |
| 2245 | 972, 962, 966, 966, 969, 973, 971, 965, 974, 975, | |
| 2246 | 979, 967, 967, 970, 0, 971, 978, 970, 972, 973, | |
| 2247 | 977, 976, 976, 974, 978, 980, 981, 977, 982, 975, | |
| 2248 | 983, 988, 979, 982, 981, 983, 975, 979, 980, 984, | |
| 2249 | 985, 986, 987, 989, 989, 992, 984, 977, 985, 986, | |
| 2250 | 987, 990, 980, 981, 991, 993, 994, 995, 0, 990, | |
| 2251 | 982, 997, 983, 993, 994, 995, 984, 985, 986, 987, | |
| 2252 | 989, 996, 1001, 999, 997, 991, 1000, 992, 990, 996, | |
| 2253 | 998, 991, 993, 994, 995, 999, 998, 1003, 997, 1002, | |
| 2254 | ||
| 2255 | 1004, 1006, 1005, 1007, 1008, 0, 1001, 0, 996, 1001, | |
| 2256 | 999, 1013, 1000, 1000, 1002, 1006, 1009, 998, 1008, 1015, | |
| 2257 | 1009, 1007, 1004, 1012, 1003, 1005, 1002, 1004, 1006, 1005, | |
| 2258 | 1007, 1008, 1011, 1009, 1012, 1014, 1017, 1016, 1013, 1011, | |
| 2259 | 1019, 1009, 1015, 1009, 1016, 1017, 1015, 1009, 1018, 1020, | |
| 2260 | 1012, 1024, 1022, 1026, 1025, 1018, 1028, 1014, 0, 1011, | |
| 2261 | 1009, 1022, 1014, 1017, 1016, 1030, 1031, 1033, 0, 1034, | |
| 2262 | 1035, 1040, 1019, 1024, 1037, 1018, 1020, 1031, 1024, 1022, | |
| 2263 | 1025, 1025, 1035, 1028, 1036, 1026, 1036, 1037, 1038, 1041, | |
| 2264 | 1039, 1033, 1030, 1031, 1033, 1034, 1034, 1035, 1040, 1042, | |
| 2265 | ||
| 2266 | 1044, 1037, 1039, 1043, 1045, 1044, 1042, 1050, 0, 1046, | |
| 2267 | 1038, 1036, 1041, 1047, 0, 1038, 1041, 1039, 1053, 1048, | |
| 2268 | 1045, 1047, 1052, 0, 1051, 1054, 1042, 1044, 0, 1043, | |
| 2269 | 1043, 1045, 1046, 1051, 1050, 1052, 1046, 1058, 1057, 1061, | |
| 2270 | 1047, 1048, 1060, 1055, 1053, 1053, 1048, 1054, 1056, 1052, | |
| 2271 | 1055, 1051, 1054, 1059, 1062, 1056, 1057, 1064, 1067, 1058, | |
| 2272 | 1059, 1061, 0, 1066, 1058, 1057, 1061, 1060, 1072, 1060, | |
| 2273 | 1055, 1063, 1069, 1068, 1071, 1056, 1066, 1071, 1063, 1073, | |
| 2274 | 1059, 1068, 1074, 1076, 1075, 1067, 1062, 1077, 1080, 1064, | |
| 2275 | 1066, 1074, 0, 1069, 1072, 1072, 1075, 1078, 1063, 1069, | |
| 2276 | ||
| 2277 | 1068, 1071, 1077, 1081, 1078, 1073, 1073, 1076, 1082, 1074, | |
| 2278 | 1076, 1075, 1079, 1085, 1077, 1079, 1083, 1084, 1086, 1084, | |
| 2279 | 1080, 1087, 1088, 1091, 1078, 1081, 1082, 1079, 0, 1092, | |
| 2280 | 1081, 1088, 1093, 1089, 1096, 1082, 1079, 1085, 1083, 1079, | |
| 2281 | 1085, 1089, 1079, 1083, 1084, 1090, 1095, 1087, 1087, 1088, | |
| 2282 | 1086, 1092, 1090, 1094, 1079, 1091, 1092, 1094, 1098, 1097, | |
| 2283 | 1089, 1096, 1099, 1100, 1093, 1101, 1102, 1098, 1095, 1099, | |
| 2284 | 1100, 1111, 1090, 1095, 1104, 1105, 1103, 1106, 1101, 1102, | |
| 2285 | 1094, 1097, 1108, 1113, 1106, 1098, 1097, 1107, 1104, 1099, | |
| 2286 | 1100, 1103, 1101, 1102, 1107, 1108, 1109, 0, 1111, 1112, | |
| 2287 | ||
| 2288 | 1115, 1104, 1109, 1103, 1106, 1113, 1112, 1105, 1114, 1108, | |
| 2289 | 1113, 1116, 1115, 1117, 1107, 1119, 1117, 1120, 0, 1118, | |
| 2290 | 1123, 1121, 1128, 1109, 1116, 1125, 1112, 1115, 1118, 1120, | |
| 2291 | 1125, 1123, 1129, 1119, 1114, 1114, 1122, 1125, 1116, 1122, | |
| 2292 | 1117, 1121, 1119, 1127, 1120, 1127, 1118, 1123, 1121, 1128, | |
| 2293 | 1130, 1132, 1125, 1131, 1122, 0, 1133, 1125, 1134, 1129, | |
| 2294 | 1135, 1131, 1138, 1122, 1137, 1139, 1122, 1133, 1135, 1147, | |
| 2295 | 1127, 1147, 1136, 1132, 1130, 1136, 1134, 1130, 1132, 1140, | |
| 2296 | 1131, 1141, 1137, 1133, 1142, 1134, 1140, 1135, 1143, 1144, | |
| 2297 | 1136, 1137, 1139, 1142, 1138, 1141, 1147, 1145, 1148, 1136, | |
| 2298 | ||
| 2299 | 1144, 1143, 1136, 1149, 1151, 1152, 1140, 1148, 1141, 1150, | |
| 2300 | 1158, 1142, 1145, 1156, 1153, 1143, 1144, 1155, 1156, 1160, | |
| 2301 | 1150, 1161, 1151, 1180, 1145, 1148, 1155, 1152, 1153, 1149, | |
| 2302 | 1149, 1151, 1152, 1163, 1154, 1162, 1150, 1154, 1159, 1165, | |
| 2303 | 1153, 1153, 1158, 1161, 1155, 1156, 1165, 1159, 1161, 1166, | |
| 2304 | 1180, 1160, 1154, 1168, 1163, 1153, 1167, 1172, 1173, 1168, | |
| 2305 | 1163, 1154, 1176, 1171, 1154, 1159, 1165, 1162, 1177, 1174, | |
| 2306 | 1167, 1171, 1173, 0, 1175, 1186, 1172, 1168, 1174, 1177, | |
| 2307 | 1168, 1166, 1175, 1167, 1172, 1173, 1168, 1182, 1178, 1183, | |
| 2308 | 1171, 1181, 1189, 1186, 1176, 1177, 1174, 1178, 1181, 1184, | |
| 2309 | ||
| 2310 | 1185, 1175, 1186, 1187, 1189, 1190, 1196, 1187, 1192, 1193, | |
| 2311 | 1182, 1183, 1191, 1196, 1182, 1178, 1183, 1197, 1181, 1189, | |
| 2312 | 1200, 1184, 1185, 1194, 1193, 1191, 1184, 1185, 1192, 1195, | |
| 2313 | 1187, 1198, 1190, 1196, 1199, 1192, 1193, 1195, 1194, 1191, | |
| 2314 | 1201, 1200, 1202, 1199, 1203, 1206, 1198, 1200, 1205, 1197, | |
| 2315 | 1194, 1207, 1209, 1208, 1211, 1210, 1195, 0, 1198, 1211, | |
| 2316 | 0, 1199, 1210, 1206, 1212, 1213, 1202, 1201, 1208, 1202, | |
| 2317 | 1205, 1203, 1206, 1212, 1215, 1205, 1214, 1209, 1207, 1209, | |
| 2318 | 1208, 1211, 1210, 1216, 1217, 1221, 1218, 1213, 1220, 1215, | |
| 2319 | 1219, 1212, 1213, 1222, 1214, 1216, 1223, 1219, 1232, 1218, | |
| 2320 | ||
| 2321 | 1220, 1215, 1223, 1214, 1218, 1226, 1217, 1225, 1224, 1228, | |
| 2322 | 1216, 1217, 1221, 1218, 1225, 1220, 1224, 1219, 1229, 1230, | |
| 2323 | 1227, 1231, 1235, 1223, 1229, 1222, 1218, 1227, 1233, 1236, | |
| 2324 | 1232, 1237, 1226, 1239, 1225, 1224, 1228, 1238, 1236, 1238, | |
| 2325 | 1240, 1242, 1241, 1246, 1231, 1229, 1230, 1227, 1231, 1250, | |
| 2326 | 0, 1244, 1233, 0, 1235, 1233, 1236, 1239, 1244, 1245, | |
| 2327 | 1239, 1254, 1250, 1237, 1238, 1251, 1245, 1240, 1241, 1241, | |
| 2328 | 1243, 1243, 1243, 1242, 1247, 1246, 1250, 1243, 1244, 1249, | |
| 2329 | 1252, 1247, 1253, 1257, 1249, 1243, 1245, 1255, 1256, 1257, | |
| 2330 | 1251, 1258, 1251, 1254, 1253, 1256, 1252, 1243, 1243, 1243, | |
| 2331 | ||
| 2332 | 1260, 1247, 1259, 1259, 1243, 1255, 1261, 1252, 1263, 1253, | |
| 2333 | 1257, 1249, 1262, 1261, 1255, 1256, 1264, 1262, 1258, 1267, | |
| 2334 | 1269, 1271, 1268, 1279, 1270, 0, 1260, 1260, 1268, 1259, | |
| 2335 | 1273, 1273, 1272, 1261, 1263, 1263, 1270, 1267, 1274, 1262, | |
| 2336 | 1278, 1271, 1276, 1264, 1275, 1275, 1267, 1269, 1271, 1268, | |
| 2337 | 1272, 1270, 1281, 1276, 1280, 1279, 1282, 1273, 1283, 1272, | |
| 2338 | 1284, 1280, 1278, 0, 1274, 1274, 1286, 1278, 1287, 1276, | |
| 2339 | 1285, 1275, 1281, 1294, 1288, 1287, 1289, 1291, 1290, 1281, | |
| 2340 | 1293, 1280, 1288, 0, 1286, 1294, 1291, 1284, 1282, 0, | |
| 2341 | 1283, 1289, 1285, 1286, 1295, 1287, 0, 1285, 1292, 1292, | |
| 2342 | ||
| 2343 | 1294, 1288, 1290, 1289, 1291, 1290, 1293, 1293, 1297, 1300, | |
| 2344 | 1295, 1298, 1299, 1301, 1303, 1302, 1297, 1295, 1305, 1308, | |
| 2345 | 1299, 1295, 1306, 1298, 1309, 1292, 1308, 1310, 1306, 1312, | |
| 2346 | 1315, 1307, 1300, 1302, 1301, 1297, 1300, 1295, 1298, 1299, | |
| 2347 | 1301, 1303, 1302, 1304, 1307, 1305, 1308, 1311, 1304, 1306, | |
| 2348 | 1313, 1313, 1311, 1314, 1310, 1318, 1309, 1317, 1307, 1304, | |
| 2349 | 1321, 1312, 1315, 1320, 1322, 1320, 1319, 1323, 1314, 1322, | |
| 2350 | 1304, 1324, 1317, 1326, 1328, 1304, 1327, 1313, 1318, 1311, | |
| 2351 | 1314, 1319, 1318, 1329, 1317, 1331, 1324, 1330, 1332, 1333, | |
| 2352 | 1320, 1322, 1321, 1319, 1330, 1335, 1337, 1326, 1324, 1323, | |
| 2353 | ||
| 2354 | 1326, 1328, 1327, 1327, 1334, 1339, 1340, 0, 1344, 1332, | |
| 2355 | 1329, 1333, 1342, 1335, 1330, 1332, 1333, 1331, 1337, 1343, | |
| 2356 | 1345, 1340, 1335, 1337, 1347, 1334, 1346, 1342, 1354, 1339, | |
| 2357 | 1348, 1334, 1339, 1340, 1343, 1344, 1349, 1348, 1345, 1342, | |
| 2358 | 1350, 1352, 1351, 1353, 1359, 1355, 1343, 1345, 1346, 1350, | |
| 2359 | 1351, 1347, 1358, 1346, 1349, 1357, 1360, 1348, 1355, 1362, | |
| 2360 | 1354, 1358, 1359, 1349, 1352, 1353, 1357, 1350, 1352, 1351, | |
| 2361 | 1353, 1359, 1355, 1364, 1360, 1366, 1367, 1368, 1369, 1358, | |
| 2362 | 1370, 1357, 1357, 1360, 1364, 1371, 1362, 1366, 1369, 1367, | |
| 2363 | 1372, 1376, 1373, 1357, 1375, 0, 1377, 1378, 1376, 0, | |
| 2364 | ||
| 2365 | 1364, 1380, 1366, 1367, 1414, 1369, 1370, 1370, 1389, 1368, | |
| 2366 | 1371, 1373, 1371, 0, 1375, 1378, 1380, 1372, 1376, 1373, | |
| 2367 | 1379, 1375, 1377, 1377, 1378, 1381, 1379, 1382, 1380, 1383, | |
| 2368 | 1383, 1384, 1385, 1388, 1387, 1389, 1414, 1390, 1392, 0, | |
| 2369 | 1381, 1387, 1382, 1384, 1391, 1385, 1390, 1379, 1388, 1397, | |
| 2370 | 0, 1391, 1381, 1385, 1382, 1393, 1383, 1396, 1384, 1385, | |
| 2371 | 1388, 1387, 1392, 1394, 1390, 1392, 1398, 1399, 1400, 1402, | |
| 2372 | 1394, 1391, 1385, 1403, 1397, 1398, 1397, 1393, 1405, 1396, | |
| 2373 | 1406, 1408, 1393, 1425, 1396, 1407, 1407, 1402, 1400, 1399, | |
| 2374 | 1394, 1405, 1409, 1398, 1399, 1400, 1402, 1412, 1403, 1410, | |
| 2375 | ||
| 2376 | 1403, 1411, 1413, 1408, 1416, 1405, 1412, 1406, 1408, 1413, | |
| 2377 | 1415, 1417, 1407, 1421, 1419, 1425, 1422, 1409, 1416, 1409, | |
| 2378 | 1420, 1410, 1419, 1411, 1412, 1427, 1410, 1423, 1411, 1413, | |
| 2379 | 1417, 1416, 1415, 1420, 1426, 0, 1429, 1415, 1417, 1423, | |
| 2380 | 1421, 1419, 1422, 1422, 1424, 1428, 1431, 1420, 1430, 1431, | |
| 2381 | 1427, 1424, 1427, 1432, 1423, 1434, 1426, 0, 0, 1433, | |
| 2382 | 1428, 1426, 1429, 1429, 1431, 1433, 1435, 1438, 1436, 1439, | |
| 2383 | 1442, 1424, 1428, 1431, 1430, 1430, 1431, 1442, 1432, 1443, | |
| 2384 | 1432, 1444, 1434, 1436, 1435, 1441, 1433, 1451, 1443, 1438, | |
| 2385 | 1446, 1439, 1444, 1435, 1438, 1436, 1439, 1442, 1448, 1441, | |
| 2386 | ||
| 2387 | 1450, 1449, 1450, 1446, 1452, 1451, 1443, 1454, 1444, 1456, | |
| 2388 | 1455, 1446, 1441, 1449, 1451, 1453, 1457, 1446, 1455, 1448, | |
| 2389 | 1460, 1458, 1464, 1466, 1459, 1448, 1467, 1450, 1449, 1459, | |
| 2390 | 1446, 1452, 1456, 1453, 1454, 1458, 1456, 1455, 1457, 1460, | |
| 2391 | 1465, 1466, 1453, 1457, 1461, 1471, 1468, 1460, 1458, 1464, | |
| 2392 | 1466, 1461, 1470, 1467, 1465, 1469, 1459, 1473, 1472, 0, | |
| 2393 | 1476, 1470, 1477, 0, 1474, 1465, 1465, 1465, 1480, 1477, | |
| 2394 | 1469, 1461, 1468, 1468, 1479, 1486, 1479, 1471, 0, 1470, | |
| 2395 | 1472, 1465, 1469, 1476, 1473, 1472, 1474, 1476, 1482, 1477, | |
| 2396 | 1480, 1474, 1465, 1481, 1483, 1480, 1484, 1481, 1485, 1487, | |
| 2397 | ||
| 2398 | 1482, 1479, 1486, 1490, 1490, 1484, 1488, 1489, 1494, 1485, | |
| 2399 | 1495, 1491, 1494, 1495, 1502, 1482, 1483, 0, 1488, 1491, | |
| 2400 | 1481, 1483, 1487, 1484, 1493, 1485, 1487, 1498, 1496, 1489, | |
| 2401 | 1490, 1501, 1493, 1488, 1489, 1494, 1496, 1495, 1491, 1497, | |
| 2402 | 1499, 1502, 1498, 1501, 1503, 1497, 1499, 1504, 1508, 1505, | |
| 2403 | 1506, 1493, 1507, 1509, 1498, 1496, 1511, 1510, 1501, 1512, | |
| 2404 | 0, 1504, 1505, 0, 1506, 1514, 1497, 1499, 1503, 1510, | |
| 2405 | 1511, 1503, 1515, 1517, 1504, 1508, 1505, 1506, 1507, 1507, | |
| 2406 | 1509, 1518, 1519, 1511, 1510, 1512, 1512, 1513, 1518, 1519, | |
| 2407 | 1513, 1520, 1514, 1521, 1515, 1517, 1522, 1524, 1525, 1515, | |
| 2408 | ||
| 2409 | 1517, 1526, 1523, 1527, 1529, 1513, 1520, 1525, 1518, 1519, | |
| 2410 | 1523, 1531, 1529, 1528, 1513, 1532, 1534, 1513, 1520, 1533, | |
| 2411 | 1521, 1537, 1539, 1522, 1524, 1525, 1528, 1533, 1526, 1523, | |
| 2412 | 1527, 1529, 1535, 1531, 1536, 0, 1538, 1543, 1531, 1540, | |
| 2413 | 1528, 1535, 1532, 1534, 1541, 1537, 1533, 1540, 1537, 1539, | |
| 2414 | 1542, 1538, 0, 1545, 1549, 1536, 1541, 1551, 1542, 1535, | |
| 2415 | 1545, 1536, 1538, 1538, 1543, 1546, 1540, 1547, 1548, 1546, | |
| 2416 | 1553, 1541, 1554, 1554, 1550, 1556, 1552, 1542, 1538, 1547, | |
| 2417 | 1545, 1549, 1550, 1552, 1551, 1555, 0, 1560, 1557, 1559, | |
| 2418 | 1553, 1548, 1546, 1556, 1547, 1548, 1561, 1553, 1561, 1554, | |
| 2419 | ||
| 2420 | 1563, 1550, 1556, 1552, 1559, 1562, 1563, 1564, 1565, 1560, | |
| 2421 | 1566, 1555, 1555, 1557, 1560, 1557, 1559, 1571, 1567, 1562, | |
| 2422 | 1568, 1569, 1566, 1561, 1576, 1578, 1574, 1563, 1570, 1564, | |
| 2423 | 1565, 1572, 1562, 1574, 1564, 1565, 1567, 1566, 1568, 1569, | |
| 2424 | 1577, 1570, 1576, 0, 1579, 1567, 1583, 1568, 1569, 1571, | |
| 2425 | 1582, 1576, 1579, 1574, 1572, 1570, 1590, 1578, 1572, 1585, | |
| 2426 | 1587, 1580, 1582, 1580, 1583, 1586, 1577, 1577, 1580, 1588, | |
| 2427 | 1579, 1579, 1587, 1583, 1585, 1591, 1586, 1582, 1592, 1579, | |
| 2428 | 1590, 1594, 1596, 1590, 1588, 1592, 1585, 1587, 1580, 1593, | |
| 2429 | 1580, 1597, 1586, 1598, 1599, 1602, 1588, 1591, 0, 1600, | |
| 2430 | ||
| 2431 | 0, 1601, 1591, 1604, 1593, 1592, 1603, 1608, 1594, 1596, | |
| 2432 | 1602, 1604, 1600, 1597, 1605, 1607, 1593, 1609, 1597, 1603, | |
| 2433 | 1614, 1599, 1602, 1610, 1613, 1598, 1600, 1601, 1601, 1611, | |
| 2434 | 1604, 1608, 1612, 1603, 1608, 1616, 1611, 1613, 1607, 1612, | |
| 2435 | 1605, 1605, 1607, 1614, 1609, 1610, 1615, 1614, 1617, 1618, | |
| 2436 | 1610, 1613, 1619, 1615, 1621, 1622, 1611, 1616, 1623, 1612, | |
| 2437 | 1625, 1619, 1616, 1635, 1624, 1621, 1629, 1631, 1631, 0, | |
| 2438 | 1618, 1628, 1630, 1615, 1632, 1637, 1618, 1622, 1641, 1619, | |
| 2439 | 1617, 1621, 1622, 1624, 1628, 1625, 1634, 1625, 1636, 1638, | |
| 2440 | 1623, 1624, 1629, 1629, 1631, 1635, 1630, 1643, 1628, 1630, | |
| 2441 | ||
| 2442 | 1632, 1632, 1637, 1636, 1646, 1641, 1643, 1638, 1647, 1634, | |
| 2443 | 1648, 1650, 1652, 1634, 1653, 1636, 1638, 0, 1654, 1658, | |
| 2444 | 1655, 1656, 1663, 1660, 1643, 1655, 1646, 1658, 1667, 1654, | |
| 2445 | 1647, 1646, 1669, 1662, 1659, 1647, 1670, 1648, 1650, 1676, | |
| 2446 | 1653, 1653, 1672, 1656, 1652, 1654, 1658, 1655, 1656, 1659, | |
| 2447 | 1660, 1662, 1665, 1664, 1663, 1667, 1671, 1673, 1669, 1669, | |
| 2448 | 1662, 1659, 1664, 1670, 1665, 1675, 1676, 1672, 1674, 1672, | |
| 2449 | 1673, 1677, 1678, 1679, 0, 1681, 1680, 0, 1671, 1665, | |
| 2450 | 1664, 1674, 1682, 1671, 1673, 1680, 1684, 1675, 1679, 1683, | |
| 2451 | 1685, 1688, 1675, 1686, 1689, 1674, 0, 1682, 1677, 1678, | |
| 2452 | ||
| 2453 | 1679, 1681, 1681, 1680, 1683, 1685, 1684, 1687, 1692, 1682, | |
| 2454 | 1690, 1690, 1689, 1684, 1687, 1686, 1683, 1685, 1688, 1691, | |
| 2455 | 1686, 1689, 1692, 1694, 1693, 1696, 1691, 1693, 1695, 1697, | |
| 2456 | 0, 1704, 1705, 1700, 1687, 1692, 1694, 1690, 1697, 1698, | |
| 2457 | 1701, 1699, 1702, 1696, 1698, 1699, 1691, 1706, 1703, 1710, | |
| 2458 | 1694, 1693, 1696, 1701, 1695, 1695, 1697, 1700, 1704, 1705, | |
| 2459 | 1700, 1721, 1709, 1716, 1702, 1710, 1698, 1701, 1699, 1702, | |
| 2460 | 1703, 1709, 1712, 1706, 1706, 1703, 1710, 1713, 1714, 1712, | |
| 2461 | 1715, 1716, 1719, 1714, 1717, 1718, 1713, 1715, 1721, 1709, | |
| 2462 | 1716, 1717, 1722, 1723, 1718, 1724, 0, 1726, 0, 1712, | |
| 2463 | ||
| 2464 | 1732, 1725, 1723, 1730, 1713, 1714, 1726, 1715, 1719, 1719, | |
| 2465 | 1722, 1717, 1718, 1725, 1727, 1724, 1728, 1729, 1731, 1722, | |
| 2466 | 1723, 1734, 1724, 1727, 1726, 1729, 1733, 1728, 1725, 1735, | |
| 2467 | 1730, 0, 1732, 1734, 1740, 1733, 1736, 1735, 1739, 1737, | |
| 2468 | 1738, 1727, 1741, 1728, 1729, 1731, 1737, 1738, 1734, 1742, | |
| 2469 | 1743, 1754, 1747, 1733, 1745, 0, 1735, 1748, 1736, 1740, | |
| 2470 | 1739, 1740, 1745, 1736, 1748, 1739, 1737, 1738, 1752, 1741, | |
| 2471 | 1747, 1755, 1749, 1753, 1742, 1752, 1742, 1743, 1754, 1747, | |
| 2472 | 1749, 1745, 1756, 1755, 1748, 1757, 1762, 1758, 1761, 1760, | |
| 2473 | 1763, 1756, 1765, 1767, 1768, 1752, 1769, 1753, 1755, 1749, | |
| 2474 | ||
| 2475 | 1753, 1760, 1768, 1770, 1763, 1771, 0, 1775, 1778, 1756, | |
| 2476 | 1758, 1761, 1757, 1762, 1758, 1761, 1760, 1763, 1779, 1765, | |
| 2477 | 1767, 1768, 1776, 1769, 1777, 1770, 1778, 1776, 1780, 1782, | |
| 2478 | 1770, 1781, 1771, 1775, 1775, 1778, 1785, 1782, 1777, 0, | |
| 2479 | 1779, 1780, 1783, 1786, 1787, 1779, 1789, 1788, 1785, 1776, | |
| 2480 | 1790, 1777, 1791, 1781, 1792, 1780, 1782, 1793, 1781, 1788, | |
| 2481 | 1794, 1783, 0, 1785, 1795, 1786, 1787, 1798, 1796, 1783, | |
| 2482 | 1786, 1787, 1791, 1789, 1788, 1797, 1792, 1790, 1799, 1791, | |
| 2483 | 1796, 1792, 1794, 1803, 1802, 1804, 1805, 1794, 1803, 1793, | |
| 2484 | 1795, 1795, 1807, 1806, 1798, 1796, 1809, 1797, 1802, 1808, | |
| 2485 | ||
| 2486 | 0, 0, 1797, 1810, 0, 1799, 1811, 1804, 1809, 1812, | |
| 2487 | 1814, 1802, 1804, 1815, 1807, 1803, 1806, 1808, 1805, 1807, | |
| 2488 | 1806, 1820, 1810, 1809, 1812, 1817, 1808, 1818, 1811, 1816, | |
| 2489 | 1810, 1819, 1821, 1811, 1814, 1815, 1812, 1814, 1816, 1817, | |
| 2490 | 1815, 1827, 1829, 1824, 1831, 1818, 1825, 1820, 1820, 1819, | |
| 2491 | 1821, 1824, 1817, 1825, 1818, 1826, 1816, 1828, 1819, 1821, | |
| 2492 | 1829, 1839, 1830, 1826, 1832, 1828, 1834, 1837, 1827, 1829, | |
| 2493 | 1824, 1831, 1832, 1825, 1830, 1838, 1836, 1840, 1834, 1841, | |
| 2494 | 0, 1843, 1826, 1836, 1828, 1847, 1844, 1846, 1839, 1830, | |
| 2495 | 1837, 1832, 1850, 1834, 1837, 1853, 1840, 1848, 1847, 1843, | |
| 2496 | ||
| 2497 | 1844, 1841, 1858, 1836, 1840, 1859, 1841, 1838, 1843, 1848, | |
| 2498 | 1846, 1860, 1847, 1844, 1846, 1861, 1855, 1863, 1850, 1850, | |
| 2499 | 1857, 1864, 1853, 1855, 1848, 1862, 1867, 1857, 1858, 1858, | |
| 2500 | 1865, 0, 1859, 1866, 1868, 1860, 1869, 1873, 1860, 1865, | |
| 2501 | 1872, 1873, 1861, 1855, 1863, 1872, 1866, 1857, 1864, 1874, | |
| 2502 | 1875, 1862, 1862, 1876, 1877, 1876, 1878, 1865, 1867, 1869, | |
| 2503 | 1866, 1868, 1881, 1869, 1873, 1884, 1882, 1884, 1885, 1885, | |
| 2504 | 1874, 1890, 1872, 1889, 0, 1886, 1874, 1877, 1885, 1887, | |
| 2505 | 1876, 1877, 1875, 1878, 1881, 1892, 1889, 1888, 1887, 1881, | |
| 2506 | 1882, 1891, 1884, 1882, 1888, 1885, 1885, 1886, 1890, 1891, | |
| 2507 | ||
| 2508 | 1889, 1893, 1886, 1894, 1892, 1895, 1887, 1896, 1897, 1893, | |
| 2509 | 0, 0, 1892, 1899, 1888, 1898, 1900, 1900, 1891, 1897, | |
| 2510 | 1899, 1901, 1905, 1906, 0, 1909, 1910, 1907, 1893, 1894, | |
| 2511 | 1894, 1895, 1895, 1896, 1896, 1897, 1907, 1898, 1902, 1901, | |
| 2512 | 1899, 1911, 1898, 1900, 1903, 1902, 1910, 1906, 1901, 1905, | |
| 2513 | 1906, 1903, 1909, 1910, 1907, 1912, 1913, 1915, 1916, 1920, | |
| 2514 | 1918, 1919, 1921, 1917, 1920, 1902, 1915, 1924, 1911, 0, | |
| 2515 | 0, 1903, 0, 1919, 1913, 1922, 1921, 1912, 1918, 1925, | |
| 2516 | 1926, 1933, 1912, 1913, 1915, 1916, 1917, 1918, 1919, 1921, | |
| 2517 | 1917, 1920, 1934, 1922, 1924, 1926, 1928, 1925, 1928, 1930, | |
| 2518 | ||
| 2519 | 0, 1940, 1922, 1933, 1935, 1937, 1925, 1926, 1933, 1938, | |
| 2520 | 1942, 1941, 1938, 1943, 1930, 0, 1946, 1942, 1934, 1934, | |
| 2521 | 1944, 1943, 1935, 1928, 1947, 1948, 1930, 1937, 1940, 1941, | |
| 2522 | 1952, 1935, 1937, 1950, 1954, 1938, 1938, 1942, 1941, 1938, | |
| 2523 | 1943, 1951, 1944, 1949, 1958, 1956, 1947, 1944, 1946, 1949, | |
| 2524 | 1951, 1947, 1948, 1956, 1953, 1950, 1953, 1957, 1961, 1959, | |
| 2525 | 1950, 1954, 1952, 1962, 1960, 1967, 1965, 1963, 1951, 1957, | |
| 2526 | 1949, 1958, 1956, 1959, 1962, 1963, 1961, 1964, 1966, 1966, | |
| 2527 | 1970, 1953, 1971, 1975, 1957, 1961, 1959, 1960, 1965, 1968, | |
| 2528 | 1962, 1960, 1967, 1965, 1963, 1973, 1964, 1968, 1977, 1979, | |
| 2529 | ||
| 2530 | 1976, 1973, 1984, 0, 1964, 1966, 1980, 1970, 1981, 1971, | |
| 2531 | 1975, 1976, 1981, 1980, 1987, 1982, 1968, 1985, 1988, 1987, | |
| 2532 | 1977, 1989, 1973, 1982, 1991, 1977, 1979, 1976, 1984, 1984, | |
| 2533 | 1985, 1990, 1991, 1980, 1994, 1981, 1993, 1992, 1995, 2000, | |
| 2534 | 1996, 1987, 1982, 1993, 1985, 1988, 2001, 1999, 1989, 1990, | |
| 2535 | 2003, 1991, 1992, 1998, 1999, 2002, 2005, 2007, 1990, 2003, | |
| 2536 | 2009, 1994, 1995, 1993, 1992, 1995, 1996, 1996, 1998, 2011, | |
| 2537 | 2014, 2000, 2015, 2001, 1999, 2016, 2006, 2003, 2005, 2002, | |
| 2538 | 1998, 2018, 2002, 2005, 2006, 2008, 2008, 2009, 2016, 2007, | |
| 2539 | 2012, 2019, 2017, 2020, 2015, 2008, 2011, 2014, 2012, 2015, | |
| 2540 | ||
| 2541 | 2021, 2023, 2016, 2006, 2028, 0, 2029, 2026, 2018, 2028, | |
| 2542 | 2031, 2032, 2008, 2008, 2017, 2026, 2033, 2012, 2019, 2017, | |
| 2543 | 2020, 2034, 2021, 2033, 2032, 2035, 2040, 2021, 2023, 2036, | |
| 2544 | 2041, 2028, 2029, 2029, 2026, 0, 2039, 2031, 2032, 2034, | |
| 2545 | 2042, 2050, 2046, 2033, 2047, 2040, 0, 2044, 2034, 2039, | |
| 2546 | 0, 2036, 2035, 2040, 2044, 2048, 2036, 2041, 2045, 2047, | |
| 2547 | 2050, 2052, 2042, 2039, 2046, 2045, 2051, 2042, 2050, 2046, | |
| 2548 | 2052, 2047, 2053, 2051, 2044, 2055, 2048, 2054, 2054, 2056, | |
| 2549 | 2061, 2055, 2048, 2053, 2059, 2045, 2062, 2054, 2052, 2063, | |
| 2550 | 2067, 2059, 2069, 2051, 2070, 2070, 0, 2071, 2073, 2053, | |
| 2551 | ||
| 2552 | 2074, 2056, 2055, 2077, 2054, 2054, 2056, 2061, 2075, 2074, | |
| 2553 | 2079, 2059, 2063, 2062, 2078, 2082, 2063, 2067, 2083, 2069, | |
| 2554 | 2071, 2075, 2079, 2070, 2071, 2073, 2084, 2074, 2085, 2081, | |
| 2555 | 2077, 2086, 2087, 2082, 2078, 2075, 2088, 2079, 2081, 2090, | |
| 2556 | 0, 2078, 2082, 2086, 2083, 2083, 2089, 2092, 2089, 2093, | |
| 2557 | 2095, 2090, 2094, 2084, 2087, 2085, 2081, 2098, 2086, 2087, | |
| 2558 | 2094, 2091, 2101, 2088, 2102, 2103, 2090, 2091, 2105, 2092, | |
| 2559 | 2106, 2093, 2108, 2089, 2092, 2109, 2093, 2095, 2110, 2094, | |
| 2560 | 2112, 2111, 2116, 2118, 2098, 2115, 2105, 2119, 2091, 2101, | |
| 2561 | 2109, 2102, 2103, 2111, 2115, 2105, 2120, 2106, 2129, 2108, | |
| 2562 | ||
| 2563 | 2119, 2122, 2109, 2121, 2110, 2110, 2116, 2112, 2111, 2116, | |
| 2564 | 2122, 2121, 2115, 2123, 2119, 2118, 2132, 2136, 2120, 2133, | |
| 2565 | 2134, 2136, 2129, 2120, 2123, 2129, 2133, 2138, 2122, 2137, | |
| 2566 | 2121, 2145, 0, 2134, 2139, 2142, 0, 2142, 2141, 2132, | |
| 2567 | 2123, 2138, 2139, 2132, 2136, 2137, 2133, 2134, 2140, 2141, | |
| 2568 | 2146, 2143, 2144, 2147, 2138, 2148, 2137, 2140, 2145, 2144, | |
| 2569 | 2149, 2139, 2142, 2143, 2150, 2141, 2151, 2152, 2146, 2152, | |
| 2570 | 2154, 2153, 2155, 2156, 2163, 2140, 2164, 2146, 2143, 2144, | |
| 2571 | 2147, 2148, 2148, 2153, 2158, 2155, 2150, 2149, 2151, 2162, | |
| 2572 | 2165, 2150, 2160, 2151, 2152, 2166, 2158, 2162, 2153, 2155, | |
| 2573 | ||
| 2574 | 2156, 2160, 2154, 2165, 2167, 2169, 2163, 2170, 2164, 2166, | |
| 2575 | 2172, 2158, 2167, 2171, 2173, 2174, 2162, 2165, 2169, 2160, | |
| 2576 | 0, 2171, 2166, 2174, 2172, 2175, 2176, 2177, 2173, 2178, | |
| 2577 | 2170, 2167, 2169, 2179, 2170, 2177, 2180, 2172, 0, 2181, | |
| 2578 | 2171, 2173, 2174, 2182, 2185, 2184, 2190, 2175, 2176, 2183, | |
| 2579 | 0, 0, 2175, 2176, 2177, 2187, 2178, 2183, 2180, 2179, | |
| 2580 | 2179, 2181, 2194, 2180, 2188, 2182, 2181, 0, 2198, 2192, | |
| 2581 | 2182, 2185, 2188, 2189, 0, 2187, 2183, 2184, 2190, 2191, | |
| 2582 | 2195, 2189, 2187, 2192, 2194, 2196, 2199, 2191, 2195, 2194, | |
| 2583 | 2197, 2188, 2201, 2196, 2198, 2198, 2192, 2200, 0, 2202, | |
| 2584 | ||
| 2585 | 2189, 2203, 2204, 2205, 2197, 2200, 2191, 2195, 2199, 2206, | |
| 2586 | 2210, 2205, 2196, 2199, 2207, 2208, 0, 2197, 2201, 2201, | |
| 2587 | 0, 2213, 2204, 2203, 2200, 2202, 2202, 2214, 2203, 2204, | |
| 2588 | 2205, 2209, 2210, 2217, 2207, 2208, 2206, 2210, 2211, 2209, | |
| 2589 | 2220, 2207, 2208, 2213, 2215, 2216, 2211, 2218, 2213, 2214, | |
| 2590 | 2221, 2223, 2215, 2216, 2214, 2218, 2219, 2224, 2209, 2217, | |
| 2591 | 2217, 2222, 2225, 2227, 2219, 2211, 2220, 2220, 2231, 2230, | |
| 2592 | 2233, 2215, 2216, 2234, 2218, 0, 2231, 2221, 2223, 2232, | |
| 2593 | 0, 2222, 2225, 2219, 2224, 2227, 0, 2232, 2222, 2225, | |
| 2594 | 2227, 2230, 0, 0, 0, 2231, 2230, 2233, 0, 0, | |
| 2595 | ||
| 2596 | 2234, 0, 0, 0, 0, 0, 2232, 2238, 2238, 2238, | |
| 2597 | 2238, 2238, 2238, 2238, 2239, 2239, 2239, 2239, 2239, 2239, | |
| 2598 | 2239, 2240, 2240, 2240, 2240, 2240, 2240, 2240, 2241, 2241, | |
| 2599 | 2241, 2241, 2241, 2241, 2241, 2242, 2242, 2242, 2242, 2242, | |
| 2600 | 2242, 2242, 2244, 2244, 0, 2244, 2244, 2244, 2244, 2245, | |
| 2601 | 2245, 0, 0, 0, 2245, 2245, 2246, 2246, 0, 0, | |
| 2602 | 2246, 0, 2246, 2247, 0, 0, 0, 0, 0, 2247, | |
| 2603 | 2248, 2248, 0, 0, 0, 2248, 2248, 2249, 0, 0, | |
| 2604 | 0, 0, 0, 2249, 2250, 2250, 0, 2250, 2250, 2250, | |
| 2605 | 2250, 2251, 2251, 0, 2251, 2251, 2251, 2251, 2237, 2237, | |
| 2606 | ||
| 2607 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 2608 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 2609 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 2610 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 2611 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 2612 | 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, 2237, | |
| 2613 | 2237, 2237, 2237, 2237, 2237 | |
| 2347 | 2614 | } ; |
| 2348 | 2615 | |
| 2349 | 2616 | static yy_state_type yy_last_accepting_state; |
| 2554 | 2821 | #define YY_NO_INPUT 1 |
| 2555 | 2822 | #endif |
| 2556 | 2823 | |
| 2557 | #line 2557 "<stdout>" | |
| 2824 | #line 2824 "<stdout>" | |
| 2558 | 2825 | |
| 2559 | 2826 | #define INITIAL 0 |
| 2560 | 2827 | #define quotedstring 1 |
| 2777 | 3044 | { |
| 2778 | 3045 | #line 207 "util/configlexer.lex" |
| 2779 | 3046 | |
| 2780 | #line 2780 "<stdout>" | |
| 3047 | #line 3047 "<stdout>" | |
| 2781 | 3048 | |
| 2782 | 3049 | while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ |
| 2783 | 3050 | { |
| 2810 | 3077 | while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) |
| 2811 | 3078 | { |
| 2812 | 3079 | yy_current_state = (int) yy_def[yy_current_state]; |
| 2813 | if ( yy_current_state >= 1956 ) | |
| 3080 | if ( yy_current_state >= 2238 ) | |
| 2814 | 3081 | yy_c = yy_meta[(unsigned int) yy_c]; |
| 2815 | 3082 | } |
| 2816 | 3083 | yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; |
| 2817 | 3084 | ++yy_cp; |
| 2818 | 3085 | } |
| 2819 | while ( yy_base[yy_current_state] != 5624 ); | |
| 3086 | while ( yy_base[yy_current_state] != 6399 ); | |
| 2820 | 3087 | |
| 2821 | 3088 | yy_find_action: |
| 2822 | 3089 | yy_act = yy_accept[yy_current_state]; |
| 2971 | 3238 | case 26: |
| 2972 | 3239 | YY_RULE_SETUP |
| 2973 | 3240 | #line 236 "util/configlexer.lex" |
| 3241 | { YDVAR(1, VAR_USE_SYSTEMD) } | |
| 3242 | YY_BREAK | |
| 3243 | case 27: | |
| 3244 | YY_RULE_SETUP | |
| 3245 | #line 237 "util/configlexer.lex" | |
| 2974 | 3246 | { YDVAR(1, VAR_DO_DAEMONIZE) } |
| 2975 | YY_BREAK | |
| 2976 | case 27: | |
| 2977 | YY_RULE_SETUP | |
| 2978 | #line 237 "util/configlexer.lex" | |
| 2979 | { YDVAR(1, VAR_INTERFACE) } | |
| 2980 | 3247 | YY_BREAK |
| 2981 | 3248 | case 28: |
| 2982 | 3249 | YY_RULE_SETUP |
| 2986 | 3253 | case 29: |
| 2987 | 3254 | YY_RULE_SETUP |
| 2988 | 3255 | #line 239 "util/configlexer.lex" |
| 3256 | { YDVAR(1, VAR_INTERFACE) } | |
| 3257 | YY_BREAK | |
| 3258 | case 30: | |
| 3259 | YY_RULE_SETUP | |
| 3260 | #line 240 "util/configlexer.lex" | |
| 2989 | 3261 | { YDVAR(1, VAR_OUTGOING_INTERFACE) } |
| 2990 | 3262 | YY_BREAK |
| 2991 | case 30: | |
| 2992 | YY_RULE_SETUP | |
| 2993 | #line 240 "util/configlexer.lex" | |
| 3263 | case 31: | |
| 3264 | YY_RULE_SETUP | |
| 3265 | #line 241 "util/configlexer.lex" | |
| 2994 | 3266 | { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } |
| 2995 | 3267 | YY_BREAK |
| 2996 | case 31: | |
| 2997 | YY_RULE_SETUP | |
| 2998 | #line 241 "util/configlexer.lex" | |
| 3268 | case 32: | |
| 3269 | YY_RULE_SETUP | |
| 3270 | #line 242 "util/configlexer.lex" | |
| 2999 | 3271 | { YDVAR(1, VAR_SO_RCVBUF) } |
| 3000 | 3272 | YY_BREAK |
| 3001 | case 32: | |
| 3002 | YY_RULE_SETUP | |
| 3003 | #line 242 "util/configlexer.lex" | |
| 3273 | case 33: | |
| 3274 | YY_RULE_SETUP | |
| 3275 | #line 243 "util/configlexer.lex" | |
| 3004 | 3276 | { YDVAR(1, VAR_SO_SNDBUF) } |
| 3005 | 3277 | YY_BREAK |
| 3006 | case 33: | |
| 3007 | YY_RULE_SETUP | |
| 3008 | #line 243 "util/configlexer.lex" | |
| 3278 | case 34: | |
| 3279 | YY_RULE_SETUP | |
| 3280 | #line 244 "util/configlexer.lex" | |
| 3009 | 3281 | { YDVAR(1, VAR_SO_REUSEPORT) } |
| 3010 | 3282 | YY_BREAK |
| 3011 | case 34: | |
| 3012 | YY_RULE_SETUP | |
| 3013 | #line 244 "util/configlexer.lex" | |
| 3283 | case 35: | |
| 3284 | YY_RULE_SETUP | |
| 3285 | #line 245 "util/configlexer.lex" | |
| 3014 | 3286 | { YDVAR(1, VAR_IP_TRANSPARENT) } |
| 3015 | 3287 | YY_BREAK |
| 3016 | case 35: | |
| 3017 | YY_RULE_SETUP | |
| 3018 | #line 245 "util/configlexer.lex" | |
| 3288 | case 36: | |
| 3289 | YY_RULE_SETUP | |
| 3290 | #line 246 "util/configlexer.lex" | |
| 3019 | 3291 | { YDVAR(1, VAR_IP_FREEBIND) } |
| 3020 | 3292 | YY_BREAK |
| 3021 | case 36: | |
| 3022 | YY_RULE_SETUP | |
| 3023 | #line 246 "util/configlexer.lex" | |
| 3293 | case 37: | |
| 3294 | YY_RULE_SETUP | |
| 3295 | #line 247 "util/configlexer.lex" | |
| 3024 | 3296 | { YDVAR(1, VAR_CHROOT) } |
| 3025 | 3297 | YY_BREAK |
| 3026 | case 37: | |
| 3027 | YY_RULE_SETUP | |
| 3028 | #line 247 "util/configlexer.lex" | |
| 3298 | case 38: | |
| 3299 | YY_RULE_SETUP | |
| 3300 | #line 248 "util/configlexer.lex" | |
| 3029 | 3301 | { YDVAR(1, VAR_USERNAME) } |
| 3030 | 3302 | YY_BREAK |
| 3031 | case 38: | |
| 3032 | YY_RULE_SETUP | |
| 3033 | #line 248 "util/configlexer.lex" | |
| 3303 | case 39: | |
| 3304 | YY_RULE_SETUP | |
| 3305 | #line 249 "util/configlexer.lex" | |
| 3034 | 3306 | { YDVAR(1, VAR_DIRECTORY) } |
| 3035 | 3307 | YY_BREAK |
| 3036 | case 39: | |
| 3037 | YY_RULE_SETUP | |
| 3038 | #line 249 "util/configlexer.lex" | |
| 3308 | case 40: | |
| 3309 | YY_RULE_SETUP | |
| 3310 | #line 250 "util/configlexer.lex" | |
| 3039 | 3311 | { YDVAR(1, VAR_LOGFILE) } |
| 3040 | 3312 | YY_BREAK |
| 3041 | case 40: | |
| 3042 | YY_RULE_SETUP | |
| 3043 | #line 250 "util/configlexer.lex" | |
| 3313 | case 41: | |
| 3314 | YY_RULE_SETUP | |
| 3315 | #line 251 "util/configlexer.lex" | |
| 3044 | 3316 | { YDVAR(1, VAR_PIDFILE) } |
| 3045 | 3317 | YY_BREAK |
| 3046 | case 41: | |
| 3047 | YY_RULE_SETUP | |
| 3048 | #line 251 "util/configlexer.lex" | |
| 3318 | case 42: | |
| 3319 | YY_RULE_SETUP | |
| 3320 | #line 252 "util/configlexer.lex" | |
| 3049 | 3321 | { YDVAR(1, VAR_ROOT_HINTS) } |
| 3050 | 3322 | YY_BREAK |
| 3051 | case 42: | |
| 3052 | YY_RULE_SETUP | |
| 3053 | #line 252 "util/configlexer.lex" | |
| 3323 | case 43: | |
| 3324 | YY_RULE_SETUP | |
| 3325 | #line 253 "util/configlexer.lex" | |
| 3054 | 3326 | { YDVAR(1, VAR_EDNS_BUFFER_SIZE) } |
| 3055 | 3327 | YY_BREAK |
| 3056 | case 43: | |
| 3057 | YY_RULE_SETUP | |
| 3058 | #line 253 "util/configlexer.lex" | |
| 3328 | case 44: | |
| 3329 | YY_RULE_SETUP | |
| 3330 | #line 254 "util/configlexer.lex" | |
| 3059 | 3331 | { YDVAR(1, VAR_MSG_BUFFER_SIZE) } |
| 3060 | 3332 | YY_BREAK |
| 3061 | case 44: | |
| 3062 | YY_RULE_SETUP | |
| 3063 | #line 254 "util/configlexer.lex" | |
| 3333 | case 45: | |
| 3334 | YY_RULE_SETUP | |
| 3335 | #line 255 "util/configlexer.lex" | |
| 3064 | 3336 | { YDVAR(1, VAR_MSG_CACHE_SIZE) } |
| 3065 | 3337 | YY_BREAK |
| 3066 | case 45: | |
| 3067 | YY_RULE_SETUP | |
| 3068 | #line 255 "util/configlexer.lex" | |
| 3338 | case 46: | |
| 3339 | YY_RULE_SETUP | |
| 3340 | #line 256 "util/configlexer.lex" | |
| 3069 | 3341 | { YDVAR(1, VAR_MSG_CACHE_SLABS) } |
| 3070 | 3342 | YY_BREAK |
| 3071 | case 46: | |
| 3072 | YY_RULE_SETUP | |
| 3073 | #line 256 "util/configlexer.lex" | |
| 3343 | case 47: | |
| 3344 | YY_RULE_SETUP | |
| 3345 | #line 257 "util/configlexer.lex" | |
| 3074 | 3346 | { YDVAR(1, VAR_RRSET_CACHE_SIZE) } |
| 3075 | 3347 | YY_BREAK |
| 3076 | case 47: | |
| 3077 | YY_RULE_SETUP | |
| 3078 | #line 257 "util/configlexer.lex" | |
| 3348 | case 48: | |
| 3349 | YY_RULE_SETUP | |
| 3350 | #line 258 "util/configlexer.lex" | |
| 3079 | 3351 | { YDVAR(1, VAR_RRSET_CACHE_SLABS) } |
| 3080 | 3352 | YY_BREAK |
| 3081 | case 48: | |
| 3082 | YY_RULE_SETUP | |
| 3083 | #line 258 "util/configlexer.lex" | |
| 3353 | case 49: | |
| 3354 | YY_RULE_SETUP | |
| 3355 | #line 259 "util/configlexer.lex" | |
| 3084 | 3356 | { YDVAR(1, VAR_CACHE_MAX_TTL) } |
| 3085 | 3357 | YY_BREAK |
| 3086 | case 49: | |
| 3087 | YY_RULE_SETUP | |
| 3088 | #line 259 "util/configlexer.lex" | |
| 3358 | case 50: | |
| 3359 | YY_RULE_SETUP | |
| 3360 | #line 260 "util/configlexer.lex" | |
| 3089 | 3361 | { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } |
| 3090 | 3362 | YY_BREAK |
| 3091 | case 50: | |
| 3092 | YY_RULE_SETUP | |
| 3093 | #line 260 "util/configlexer.lex" | |
| 3363 | case 51: | |
| 3364 | YY_RULE_SETUP | |
| 3365 | #line 261 "util/configlexer.lex" | |
| 3094 | 3366 | { YDVAR(1, VAR_CACHE_MIN_TTL) } |
| 3095 | 3367 | YY_BREAK |
| 3096 | case 51: | |
| 3097 | YY_RULE_SETUP | |
| 3098 | #line 261 "util/configlexer.lex" | |
| 3368 | case 52: | |
| 3369 | YY_RULE_SETUP | |
| 3370 | #line 262 "util/configlexer.lex" | |
| 3099 | 3371 | { YDVAR(1, VAR_INFRA_HOST_TTL) } |
| 3100 | 3372 | YY_BREAK |
| 3101 | case 52: | |
| 3102 | YY_RULE_SETUP | |
| 3103 | #line 262 "util/configlexer.lex" | |
| 3373 | case 53: | |
| 3374 | YY_RULE_SETUP | |
| 3375 | #line 263 "util/configlexer.lex" | |
| 3104 | 3376 | { YDVAR(1, VAR_INFRA_LAME_TTL) } |
| 3105 | 3377 | YY_BREAK |
| 3106 | case 53: | |
| 3107 | YY_RULE_SETUP | |
| 3108 | #line 263 "util/configlexer.lex" | |
| 3378 | case 54: | |
| 3379 | YY_RULE_SETUP | |
| 3380 | #line 264 "util/configlexer.lex" | |
| 3109 | 3381 | { YDVAR(1, VAR_INFRA_CACHE_SLABS) } |
| 3110 | 3382 | YY_BREAK |
| 3111 | case 54: | |
| 3112 | YY_RULE_SETUP | |
| 3113 | #line 264 "util/configlexer.lex" | |
| 3383 | case 55: | |
| 3384 | YY_RULE_SETUP | |
| 3385 | #line 265 "util/configlexer.lex" | |
| 3114 | 3386 | { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } |
| 3115 | 3387 | YY_BREAK |
| 3116 | case 55: | |
| 3117 | YY_RULE_SETUP | |
| 3118 | #line 265 "util/configlexer.lex" | |
| 3388 | case 56: | |
| 3389 | YY_RULE_SETUP | |
| 3390 | #line 266 "util/configlexer.lex" | |
| 3119 | 3391 | { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } |
| 3120 | 3392 | YY_BREAK |
| 3121 | case 56: | |
| 3122 | YY_RULE_SETUP | |
| 3123 | #line 266 "util/configlexer.lex" | |
| 3393 | case 57: | |
| 3394 | YY_RULE_SETUP | |
| 3395 | #line 267 "util/configlexer.lex" | |
| 3124 | 3396 | { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } |
| 3125 | 3397 | YY_BREAK |
| 3126 | case 57: | |
| 3127 | YY_RULE_SETUP | |
| 3128 | #line 267 "util/configlexer.lex" | |
| 3398 | case 58: | |
| 3399 | YY_RULE_SETUP | |
| 3400 | #line 268 "util/configlexer.lex" | |
| 3129 | 3401 | { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } |
| 3130 | 3402 | YY_BREAK |
| 3131 | case 58: | |
| 3132 | YY_RULE_SETUP | |
| 3133 | #line 268 "util/configlexer.lex" | |
| 3403 | case 59: | |
| 3404 | YY_RULE_SETUP | |
| 3405 | #line 269 "util/configlexer.lex" | |
| 3134 | 3406 | { YDVAR(1, VAR_JOSTLE_TIMEOUT) } |
| 3135 | 3407 | YY_BREAK |
| 3136 | case 59: | |
| 3137 | YY_RULE_SETUP | |
| 3138 | #line 269 "util/configlexer.lex" | |
| 3408 | case 60: | |
| 3409 | YY_RULE_SETUP | |
| 3410 | #line 270 "util/configlexer.lex" | |
| 3139 | 3411 | { YDVAR(1, VAR_DELAY_CLOSE) } |
| 3140 | 3412 | YY_BREAK |
| 3141 | case 60: | |
| 3142 | YY_RULE_SETUP | |
| 3143 | #line 270 "util/configlexer.lex" | |
| 3413 | case 61: | |
| 3414 | YY_RULE_SETUP | |
| 3415 | #line 271 "util/configlexer.lex" | |
| 3144 | 3416 | { YDVAR(1, VAR_TARGET_FETCH_POLICY) } |
| 3145 | 3417 | YY_BREAK |
| 3146 | case 61: | |
| 3147 | YY_RULE_SETUP | |
| 3148 | #line 271 "util/configlexer.lex" | |
| 3418 | case 62: | |
| 3419 | YY_RULE_SETUP | |
| 3420 | #line 272 "util/configlexer.lex" | |
| 3149 | 3421 | { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } |
| 3150 | 3422 | YY_BREAK |
| 3151 | case 62: | |
| 3152 | YY_RULE_SETUP | |
| 3153 | #line 272 "util/configlexer.lex" | |
| 3423 | case 63: | |
| 3424 | YY_RULE_SETUP | |
| 3425 | #line 273 "util/configlexer.lex" | |
| 3154 | 3426 | { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } |
| 3155 | 3427 | YY_BREAK |
| 3156 | case 63: | |
| 3157 | YY_RULE_SETUP | |
| 3158 | #line 273 "util/configlexer.lex" | |
| 3428 | case 64: | |
| 3429 | YY_RULE_SETUP | |
| 3430 | #line 274 "util/configlexer.lex" | |
| 3159 | 3431 | { YDVAR(1, VAR_HARDEN_GLUE) } |
| 3160 | 3432 | YY_BREAK |
| 3161 | case 64: | |
| 3162 | YY_RULE_SETUP | |
| 3163 | #line 274 "util/configlexer.lex" | |
| 3433 | case 65: | |
| 3434 | YY_RULE_SETUP | |
| 3435 | #line 275 "util/configlexer.lex" | |
| 3164 | 3436 | { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } |
| 3165 | 3437 | YY_BREAK |
| 3166 | case 65: | |
| 3167 | YY_RULE_SETUP | |
| 3168 | #line 275 "util/configlexer.lex" | |
| 3438 | case 66: | |
| 3439 | YY_RULE_SETUP | |
| 3440 | #line 276 "util/configlexer.lex" | |
| 3169 | 3441 | { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } |
| 3170 | 3442 | YY_BREAK |
| 3171 | case 66: | |
| 3172 | YY_RULE_SETUP | |
| 3173 | #line 276 "util/configlexer.lex" | |
| 3443 | case 67: | |
| 3444 | YY_RULE_SETUP | |
| 3445 | #line 277 "util/configlexer.lex" | |
| 3174 | 3446 | { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } |
| 3175 | 3447 | YY_BREAK |
| 3176 | case 67: | |
| 3177 | YY_RULE_SETUP | |
| 3178 | #line 277 "util/configlexer.lex" | |
| 3448 | case 68: | |
| 3449 | YY_RULE_SETUP | |
| 3450 | #line 278 "util/configlexer.lex" | |
| 3179 | 3451 | { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } |
| 3180 | 3452 | YY_BREAK |
| 3181 | case 68: | |
| 3182 | YY_RULE_SETUP | |
| 3183 | #line 278 "util/configlexer.lex" | |
| 3453 | case 69: | |
| 3454 | YY_RULE_SETUP | |
| 3455 | #line 279 "util/configlexer.lex" | |
| 3184 | 3456 | { YDVAR(1, VAR_USE_CAPS_FOR_ID) } |
| 3185 | 3457 | YY_BREAK |
| 3186 | case 69: | |
| 3187 | YY_RULE_SETUP | |
| 3188 | #line 279 "util/configlexer.lex" | |
| 3458 | case 70: | |
| 3459 | YY_RULE_SETUP | |
| 3460 | #line 280 "util/configlexer.lex" | |
| 3189 | 3461 | { YDVAR(1, VAR_CAPS_WHITELIST) } |
| 3190 | 3462 | YY_BREAK |
| 3191 | case 70: | |
| 3192 | YY_RULE_SETUP | |
| 3193 | #line 280 "util/configlexer.lex" | |
| 3463 | case 71: | |
| 3464 | YY_RULE_SETUP | |
| 3465 | #line 281 "util/configlexer.lex" | |
| 3194 | 3466 | { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } |
| 3195 | 3467 | YY_BREAK |
| 3196 | case 71: | |
| 3197 | YY_RULE_SETUP | |
| 3198 | #line 281 "util/configlexer.lex" | |
| 3468 | case 72: | |
| 3469 | YY_RULE_SETUP | |
| 3470 | #line 282 "util/configlexer.lex" | |
| 3199 | 3471 | { YDVAR(1, VAR_PRIVATE_ADDRESS) } |
| 3200 | 3472 | YY_BREAK |
| 3201 | case 72: | |
| 3202 | YY_RULE_SETUP | |
| 3203 | #line 282 "util/configlexer.lex" | |
| 3473 | case 73: | |
| 3474 | YY_RULE_SETUP | |
| 3475 | #line 283 "util/configlexer.lex" | |
| 3204 | 3476 | { YDVAR(1, VAR_PRIVATE_DOMAIN) } |
| 3205 | 3477 | YY_BREAK |
| 3206 | case 73: | |
| 3207 | YY_RULE_SETUP | |
| 3208 | #line 283 "util/configlexer.lex" | |
| 3478 | case 74: | |
| 3479 | YY_RULE_SETUP | |
| 3480 | #line 284 "util/configlexer.lex" | |
| 3209 | 3481 | { YDVAR(1, VAR_PREFETCH_KEY) } |
| 3210 | 3482 | YY_BREAK |
| 3211 | case 74: | |
| 3212 | YY_RULE_SETUP | |
| 3213 | #line 284 "util/configlexer.lex" | |
| 3483 | case 75: | |
| 3484 | YY_RULE_SETUP | |
| 3485 | #line 285 "util/configlexer.lex" | |
| 3214 | 3486 | { YDVAR(1, VAR_PREFETCH) } |
| 3215 | 3487 | YY_BREAK |
| 3216 | case 75: | |
| 3217 | YY_RULE_SETUP | |
| 3218 | #line 285 "util/configlexer.lex" | |
| 3488 | case 76: | |
| 3489 | YY_RULE_SETUP | |
| 3490 | #line 286 "util/configlexer.lex" | |
| 3219 | 3491 | { YDVAR(0, VAR_STUB_ZONE) } |
| 3220 | 3492 | YY_BREAK |
| 3221 | case 76: | |
| 3222 | YY_RULE_SETUP | |
| 3223 | #line 286 "util/configlexer.lex" | |
| 3493 | case 77: | |
| 3494 | YY_RULE_SETUP | |
| 3495 | #line 287 "util/configlexer.lex" | |
| 3224 | 3496 | { YDVAR(1, VAR_NAME) } |
| 3225 | 3497 | YY_BREAK |
| 3226 | case 77: | |
| 3227 | YY_RULE_SETUP | |
| 3228 | #line 287 "util/configlexer.lex" | |
| 3498 | case 78: | |
| 3499 | YY_RULE_SETUP | |
| 3500 | #line 288 "util/configlexer.lex" | |
| 3229 | 3501 | { YDVAR(1, VAR_STUB_ADDR) } |
| 3230 | 3502 | YY_BREAK |
| 3231 | case 78: | |
| 3232 | YY_RULE_SETUP | |
| 3233 | #line 288 "util/configlexer.lex" | |
| 3503 | case 79: | |
| 3504 | YY_RULE_SETUP | |
| 3505 | #line 289 "util/configlexer.lex" | |
| 3234 | 3506 | { YDVAR(1, VAR_STUB_HOST) } |
| 3235 | 3507 | YY_BREAK |
| 3236 | case 79: | |
| 3237 | YY_RULE_SETUP | |
| 3238 | #line 289 "util/configlexer.lex" | |
| 3508 | case 80: | |
| 3509 | YY_RULE_SETUP | |
| 3510 | #line 290 "util/configlexer.lex" | |
| 3239 | 3511 | { YDVAR(1, VAR_STUB_PRIME) } |
| 3240 | 3512 | YY_BREAK |
| 3241 | case 80: | |
| 3242 | YY_RULE_SETUP | |
| 3243 | #line 290 "util/configlexer.lex" | |
| 3513 | case 81: | |
| 3514 | YY_RULE_SETUP | |
| 3515 | #line 291 "util/configlexer.lex" | |
| 3244 | 3516 | { YDVAR(1, VAR_STUB_FIRST) } |
| 3245 | 3517 | YY_BREAK |
| 3246 | case 81: | |
| 3247 | YY_RULE_SETUP | |
| 3248 | #line 291 "util/configlexer.lex" | |
| 3518 | case 82: | |
| 3519 | YY_RULE_SETUP | |
| 3520 | #line 292 "util/configlexer.lex" | |
| 3249 | 3521 | { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } |
| 3250 | 3522 | YY_BREAK |
| 3251 | case 82: | |
| 3252 | YY_RULE_SETUP | |
| 3253 | #line 292 "util/configlexer.lex" | |
| 3523 | case 83: | |
| 3524 | YY_RULE_SETUP | |
| 3525 | #line 293 "util/configlexer.lex" | |
| 3254 | 3526 | { YDVAR(0, VAR_FORWARD_ZONE) } |
| 3255 | 3527 | YY_BREAK |
| 3256 | case 83: | |
| 3257 | YY_RULE_SETUP | |
| 3258 | #line 293 "util/configlexer.lex" | |
| 3528 | case 84: | |
| 3529 | YY_RULE_SETUP | |
| 3530 | #line 294 "util/configlexer.lex" | |
| 3259 | 3531 | { YDVAR(1, VAR_FORWARD_ADDR) } |
| 3260 | 3532 | YY_BREAK |
| 3261 | case 84: | |
| 3262 | YY_RULE_SETUP | |
| 3263 | #line 294 "util/configlexer.lex" | |
| 3533 | case 85: | |
| 3534 | YY_RULE_SETUP | |
| 3535 | #line 295 "util/configlexer.lex" | |
| 3264 | 3536 | { YDVAR(1, VAR_FORWARD_HOST) } |
| 3265 | 3537 | YY_BREAK |
| 3266 | case 85: | |
| 3267 | YY_RULE_SETUP | |
| 3268 | #line 295 "util/configlexer.lex" | |
| 3538 | case 86: | |
| 3539 | YY_RULE_SETUP | |
| 3540 | #line 296 "util/configlexer.lex" | |
| 3269 | 3541 | { YDVAR(1, VAR_FORWARD_FIRST) } |
| 3270 | 3542 | YY_BREAK |
| 3271 | case 86: | |
| 3272 | YY_RULE_SETUP | |
| 3273 | #line 296 "util/configlexer.lex" | |
| 3543 | case 87: | |
| 3544 | YY_RULE_SETUP | |
| 3545 | #line 297 "util/configlexer.lex" | |
| 3274 | 3546 | { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } |
| 3275 | 3547 | YY_BREAK |
| 3276 | case 87: | |
| 3277 | YY_RULE_SETUP | |
| 3278 | #line 297 "util/configlexer.lex" | |
| 3548 | case 88: | |
| 3549 | YY_RULE_SETUP | |
| 3550 | #line 298 "util/configlexer.lex" | |
| 3279 | 3551 | { YDVAR(0, VAR_VIEW) } |
| 3280 | 3552 | YY_BREAK |
| 3281 | case 88: | |
| 3282 | YY_RULE_SETUP | |
| 3283 | #line 298 "util/configlexer.lex" | |
| 3553 | case 89: | |
| 3554 | YY_RULE_SETUP | |
| 3555 | #line 299 "util/configlexer.lex" | |
| 3284 | 3556 | { YDVAR(1, VAR_VIEW_FIRST) } |
| 3285 | 3557 | YY_BREAK |
| 3286 | case 89: | |
| 3287 | YY_RULE_SETUP | |
| 3288 | #line 299 "util/configlexer.lex" | |
| 3558 | case 90: | |
| 3559 | YY_RULE_SETUP | |
| 3560 | #line 300 "util/configlexer.lex" | |
| 3289 | 3561 | { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } |
| 3290 | 3562 | YY_BREAK |
| 3291 | case 90: | |
| 3292 | YY_RULE_SETUP | |
| 3293 | #line 300 "util/configlexer.lex" | |
| 3563 | case 91: | |
| 3564 | YY_RULE_SETUP | |
| 3565 | #line 301 "util/configlexer.lex" | |
| 3294 | 3566 | { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } |
| 3295 | 3567 | YY_BREAK |
| 3296 | case 91: | |
| 3297 | YY_RULE_SETUP | |
| 3298 | #line 301 "util/configlexer.lex" | |
| 3568 | case 92: | |
| 3569 | YY_RULE_SETUP | |
| 3570 | #line 302 "util/configlexer.lex" | |
| 3299 | 3571 | { YDVAR(2, VAR_ACCESS_CONTROL) } |
| 3300 | 3572 | YY_BREAK |
| 3301 | case 92: | |
| 3302 | YY_RULE_SETUP | |
| 3303 | #line 302 "util/configlexer.lex" | |
| 3573 | case 93: | |
| 3574 | YY_RULE_SETUP | |
| 3575 | #line 303 "util/configlexer.lex" | |
| 3576 | { YDVAR(1, VAR_SEND_CLIENT_SUBNET) } | |
| 3577 | YY_BREAK | |
| 3578 | case 94: | |
| 3579 | YY_RULE_SETUP | |
| 3580 | #line 304 "util/configlexer.lex" | |
| 3581 | { YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } | |
| 3582 | YY_BREAK | |
| 3583 | case 95: | |
| 3584 | YY_RULE_SETUP | |
| 3585 | #line 305 "util/configlexer.lex" | |
| 3586 | { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } | |
| 3587 | YY_BREAK | |
| 3588 | case 96: | |
| 3589 | YY_RULE_SETUP | |
| 3590 | #line 306 "util/configlexer.lex" | |
| 3591 | { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } | |
| 3592 | YY_BREAK | |
| 3593 | case 97: | |
| 3594 | YY_RULE_SETUP | |
| 3595 | #line 307 "util/configlexer.lex" | |
| 3596 | { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } | |
| 3597 | YY_BREAK | |
| 3598 | case 98: | |
| 3599 | YY_RULE_SETUP | |
| 3600 | #line 308 "util/configlexer.lex" | |
| 3601 | { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } | |
| 3602 | YY_BREAK | |
| 3603 | case 99: | |
| 3604 | YY_RULE_SETUP | |
| 3605 | #line 309 "util/configlexer.lex" | |
| 3304 | 3606 | { YDVAR(1, VAR_HIDE_IDENTITY) } |
| 3305 | 3607 | YY_BREAK |
| 3306 | case 93: | |
| 3307 | YY_RULE_SETUP | |
| 3308 | #line 303 "util/configlexer.lex" | |
| 3608 | case 100: | |
| 3609 | YY_RULE_SETUP | |
| 3610 | #line 310 "util/configlexer.lex" | |
| 3309 | 3611 | { YDVAR(1, VAR_HIDE_VERSION) } |
| 3310 | 3612 | YY_BREAK |
| 3311 | case 94: | |
| 3312 | YY_RULE_SETUP | |
| 3313 | #line 304 "util/configlexer.lex" | |
| 3613 | case 101: | |
| 3614 | YY_RULE_SETUP | |
| 3615 | #line 311 "util/configlexer.lex" | |
| 3616 | { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } | |
| 3617 | YY_BREAK | |
| 3618 | case 102: | |
| 3619 | YY_RULE_SETUP | |
| 3620 | #line 312 "util/configlexer.lex" | |
| 3314 | 3621 | { YDVAR(1, VAR_IDENTITY) } |
| 3315 | 3622 | YY_BREAK |
| 3316 | case 95: | |
| 3317 | YY_RULE_SETUP | |
| 3318 | #line 305 "util/configlexer.lex" | |
| 3623 | case 103: | |
| 3624 | YY_RULE_SETUP | |
| 3625 | #line 313 "util/configlexer.lex" | |
| 3319 | 3626 | { YDVAR(1, VAR_VERSION) } |
| 3320 | 3627 | YY_BREAK |
| 3321 | case 96: | |
| 3322 | YY_RULE_SETUP | |
| 3323 | #line 306 "util/configlexer.lex" | |
| 3628 | case 104: | |
| 3629 | YY_RULE_SETUP | |
| 3630 | #line 314 "util/configlexer.lex" | |
| 3324 | 3631 | { YDVAR(1, VAR_MODULE_CONF) } |
| 3325 | 3632 | YY_BREAK |
| 3326 | case 97: | |
| 3327 | YY_RULE_SETUP | |
| 3328 | #line 307 "util/configlexer.lex" | |
| 3633 | case 105: | |
| 3634 | YY_RULE_SETUP | |
| 3635 | #line 315 "util/configlexer.lex" | |
| 3329 | 3636 | { YDVAR(1, VAR_DLV_ANCHOR) } |
| 3330 | 3637 | YY_BREAK |
| 3331 | case 98: | |
| 3332 | YY_RULE_SETUP | |
| 3333 | #line 308 "util/configlexer.lex" | |
| 3638 | case 106: | |
| 3639 | YY_RULE_SETUP | |
| 3640 | #line 316 "util/configlexer.lex" | |
| 3334 | 3641 | { YDVAR(1, VAR_DLV_ANCHOR_FILE) } |
| 3335 | 3642 | YY_BREAK |
| 3336 | case 99: | |
| 3337 | YY_RULE_SETUP | |
| 3338 | #line 309 "util/configlexer.lex" | |
| 3643 | case 107: | |
| 3644 | YY_RULE_SETUP | |
| 3645 | #line 317 "util/configlexer.lex" | |
| 3339 | 3646 | { YDVAR(1, VAR_TRUST_ANCHOR_FILE) } |
| 3340 | 3647 | YY_BREAK |
| 3341 | case 100: | |
| 3342 | YY_RULE_SETUP | |
| 3343 | #line 310 "util/configlexer.lex" | |
| 3648 | case 108: | |
| 3649 | YY_RULE_SETUP | |
| 3650 | #line 318 "util/configlexer.lex" | |
| 3344 | 3651 | { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } |
| 3345 | 3652 | YY_BREAK |
| 3346 | case 101: | |
| 3347 | YY_RULE_SETUP | |
| 3348 | #line 311 "util/configlexer.lex" | |
| 3653 | case 109: | |
| 3654 | YY_RULE_SETUP | |
| 3655 | #line 319 "util/configlexer.lex" | |
| 3349 | 3656 | { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } |
| 3350 | 3657 | YY_BREAK |
| 3351 | case 102: | |
| 3352 | YY_RULE_SETUP | |
| 3353 | #line 312 "util/configlexer.lex" | |
| 3658 | case 110: | |
| 3659 | YY_RULE_SETUP | |
| 3660 | #line 320 "util/configlexer.lex" | |
| 3354 | 3661 | { YDVAR(1, VAR_TRUST_ANCHOR) } |
| 3355 | 3662 | YY_BREAK |
| 3356 | case 103: | |
| 3357 | YY_RULE_SETUP | |
| 3358 | #line 313 "util/configlexer.lex" | |
| 3663 | case 111: | |
| 3664 | YY_RULE_SETUP | |
| 3665 | #line 321 "util/configlexer.lex" | |
| 3666 | { YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } | |
| 3667 | YY_BREAK | |
| 3668 | case 112: | |
| 3669 | YY_RULE_SETUP | |
| 3670 | #line 322 "util/configlexer.lex" | |
| 3359 | 3671 | { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } |
| 3360 | 3672 | YY_BREAK |
| 3361 | case 104: | |
| 3362 | YY_RULE_SETUP | |
| 3363 | #line 314 "util/configlexer.lex" | |
| 3673 | case 113: | |
| 3674 | YY_RULE_SETUP | |
| 3675 | #line 323 "util/configlexer.lex" | |
| 3364 | 3676 | { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } |
| 3365 | 3677 | YY_BREAK |
| 3366 | case 105: | |
| 3367 | YY_RULE_SETUP | |
| 3368 | #line 315 "util/configlexer.lex" | |
| 3678 | case 114: | |
| 3679 | YY_RULE_SETUP | |
| 3680 | #line 324 "util/configlexer.lex" | |
| 3369 | 3681 | { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } |
| 3370 | 3682 | YY_BREAK |
| 3371 | case 106: | |
| 3372 | YY_RULE_SETUP | |
| 3373 | #line 316 "util/configlexer.lex" | |
| 3683 | case 115: | |
| 3684 | YY_RULE_SETUP | |
| 3685 | #line 325 "util/configlexer.lex" | |
| 3374 | 3686 | { YDVAR(1, VAR_BOGUS_TTL) } |
| 3375 | 3687 | YY_BREAK |
| 3376 | case 107: | |
| 3377 | YY_RULE_SETUP | |
| 3378 | #line 317 "util/configlexer.lex" | |
| 3688 | case 116: | |
| 3689 | YY_RULE_SETUP | |
| 3690 | #line 326 "util/configlexer.lex" | |
| 3379 | 3691 | { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } |
| 3380 | 3692 | YY_BREAK |
| 3381 | case 108: | |
| 3382 | YY_RULE_SETUP | |
| 3383 | #line 318 "util/configlexer.lex" | |
| 3693 | case 117: | |
| 3694 | YY_RULE_SETUP | |
| 3695 | #line 327 "util/configlexer.lex" | |
| 3384 | 3696 | { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } |
| 3385 | 3697 | YY_BREAK |
| 3386 | case 109: | |
| 3387 | YY_RULE_SETUP | |
| 3388 | #line 319 "util/configlexer.lex" | |
| 3698 | case 118: | |
| 3699 | YY_RULE_SETUP | |
| 3700 | #line 328 "util/configlexer.lex" | |
| 3389 | 3701 | { YDVAR(1, VAR_IGNORE_CD_FLAG) } |
| 3390 | 3702 | YY_BREAK |
| 3391 | case 110: | |
| 3392 | YY_RULE_SETUP | |
| 3393 | #line 320 "util/configlexer.lex" | |
| 3703 | case 119: | |
| 3704 | YY_RULE_SETUP | |
| 3705 | #line 329 "util/configlexer.lex" | |
| 3394 | 3706 | { YDVAR(1, VAR_SERVE_EXPIRED) } |
| 3395 | 3707 | YY_BREAK |
| 3396 | case 111: | |
| 3397 | YY_RULE_SETUP | |
| 3398 | #line 321 "util/configlexer.lex" | |
| 3708 | case 120: | |
| 3709 | YY_RULE_SETUP | |
| 3710 | #line 330 "util/configlexer.lex" | |
| 3399 | 3711 | { YDVAR(1, VAR_FAKE_DSA) } |
| 3400 | 3712 | YY_BREAK |
| 3401 | case 112: | |
| 3402 | YY_RULE_SETUP | |
| 3403 | #line 322 "util/configlexer.lex" | |
| 3713 | case 121: | |
| 3714 | YY_RULE_SETUP | |
| 3715 | #line 331 "util/configlexer.lex" | |
| 3716 | { YDVAR(1, VAR_FAKE_SHA1) } | |
| 3717 | YY_BREAK | |
| 3718 | case 122: | |
| 3719 | YY_RULE_SETUP | |
| 3720 | #line 332 "util/configlexer.lex" | |
| 3404 | 3721 | { YDVAR(1, VAR_VAL_LOG_LEVEL) } |
| 3405 | 3722 | YY_BREAK |
| 3406 | case 113: | |
| 3407 | YY_RULE_SETUP | |
| 3408 | #line 323 "util/configlexer.lex" | |
| 3723 | case 123: | |
| 3724 | YY_RULE_SETUP | |
| 3725 | #line 333 "util/configlexer.lex" | |
| 3409 | 3726 | { YDVAR(1, VAR_KEY_CACHE_SIZE) } |
| 3410 | 3727 | YY_BREAK |
| 3411 | case 114: | |
| 3412 | YY_RULE_SETUP | |
| 3413 | #line 324 "util/configlexer.lex" | |
| 3728 | case 124: | |
| 3729 | YY_RULE_SETUP | |
| 3730 | #line 334 "util/configlexer.lex" | |
| 3414 | 3731 | { YDVAR(1, VAR_KEY_CACHE_SLABS) } |
| 3415 | 3732 | YY_BREAK |
| 3416 | case 115: | |
| 3417 | YY_RULE_SETUP | |
| 3418 | #line 325 "util/configlexer.lex" | |
| 3733 | case 125: | |
| 3734 | YY_RULE_SETUP | |
| 3735 | #line 335 "util/configlexer.lex" | |
| 3419 | 3736 | { YDVAR(1, VAR_NEG_CACHE_SIZE) } |
| 3420 | 3737 | YY_BREAK |
| 3421 | case 116: | |
| 3422 | YY_RULE_SETUP | |
| 3423 | #line 326 "util/configlexer.lex" | |
| 3738 | case 126: | |
| 3739 | YY_RULE_SETUP | |
| 3740 | #line 336 "util/configlexer.lex" | |
| 3424 | 3741 | { |
| 3425 | 3742 | YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } |
| 3426 | 3743 | YY_BREAK |
| 3427 | case 117: | |
| 3428 | YY_RULE_SETUP | |
| 3429 | #line 328 "util/configlexer.lex" | |
| 3744 | case 127: | |
| 3745 | YY_RULE_SETUP | |
| 3746 | #line 338 "util/configlexer.lex" | |
| 3430 | 3747 | { YDVAR(1, VAR_ADD_HOLDDOWN) } |
| 3431 | 3748 | YY_BREAK |
| 3432 | case 118: | |
| 3433 | YY_RULE_SETUP | |
| 3434 | #line 329 "util/configlexer.lex" | |
| 3749 | case 128: | |
| 3750 | YY_RULE_SETUP | |
| 3751 | #line 339 "util/configlexer.lex" | |
| 3435 | 3752 | { YDVAR(1, VAR_DEL_HOLDDOWN) } |
| 3436 | 3753 | YY_BREAK |
| 3437 | case 119: | |
| 3438 | YY_RULE_SETUP | |
| 3439 | #line 330 "util/configlexer.lex" | |
| 3754 | case 129: | |
| 3755 | YY_RULE_SETUP | |
| 3756 | #line 340 "util/configlexer.lex" | |
| 3440 | 3757 | { YDVAR(1, VAR_KEEP_MISSING) } |
| 3441 | 3758 | YY_BREAK |
| 3442 | case 120: | |
| 3443 | YY_RULE_SETUP | |
| 3444 | #line 331 "util/configlexer.lex" | |
| 3759 | case 130: | |
| 3760 | YY_RULE_SETUP | |
| 3761 | #line 341 "util/configlexer.lex" | |
| 3445 | 3762 | { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } |
| 3446 | 3763 | YY_BREAK |
| 3447 | case 121: | |
| 3448 | YY_RULE_SETUP | |
| 3449 | #line 332 "util/configlexer.lex" | |
| 3764 | case 131: | |
| 3765 | YY_RULE_SETUP | |
| 3766 | #line 342 "util/configlexer.lex" | |
| 3450 | 3767 | { YDVAR(1, VAR_USE_SYSLOG) } |
| 3451 | 3768 | YY_BREAK |
| 3452 | case 122: | |
| 3453 | YY_RULE_SETUP | |
| 3454 | #line 333 "util/configlexer.lex" | |
| 3769 | case 132: | |
| 3770 | YY_RULE_SETUP | |
| 3771 | #line 343 "util/configlexer.lex" | |
| 3455 | 3772 | { YDVAR(1, VAR_LOG_IDENTITY) } |
| 3456 | 3773 | YY_BREAK |
| 3457 | case 123: | |
| 3458 | YY_RULE_SETUP | |
| 3459 | #line 334 "util/configlexer.lex" | |
| 3774 | case 133: | |
| 3775 | YY_RULE_SETUP | |
| 3776 | #line 344 "util/configlexer.lex" | |
| 3460 | 3777 | { YDVAR(1, VAR_LOG_TIME_ASCII) } |
| 3461 | 3778 | YY_BREAK |
| 3462 | case 124: | |
| 3463 | YY_RULE_SETUP | |
| 3464 | #line 335 "util/configlexer.lex" | |
| 3779 | case 134: | |
| 3780 | YY_RULE_SETUP | |
| 3781 | #line 345 "util/configlexer.lex" | |
| 3465 | 3782 | { YDVAR(1, VAR_LOG_QUERIES) } |
| 3466 | 3783 | YY_BREAK |
| 3467 | case 125: | |
| 3468 | YY_RULE_SETUP | |
| 3469 | #line 336 "util/configlexer.lex" | |
| 3784 | case 135: | |
| 3785 | YY_RULE_SETUP | |
| 3786 | #line 346 "util/configlexer.lex" | |
| 3787 | { YDVAR(1, VAR_LOG_REPLIES) } | |
| 3788 | YY_BREAK | |
| 3789 | case 136: | |
| 3790 | YY_RULE_SETUP | |
| 3791 | #line 347 "util/configlexer.lex" | |
| 3470 | 3792 | { YDVAR(2, VAR_LOCAL_ZONE) } |
| 3471 | 3793 | YY_BREAK |
| 3472 | case 126: | |
| 3473 | YY_RULE_SETUP | |
| 3474 | #line 337 "util/configlexer.lex" | |
| 3794 | case 137: | |
| 3795 | YY_RULE_SETUP | |
| 3796 | #line 348 "util/configlexer.lex" | |
| 3475 | 3797 | { YDVAR(1, VAR_LOCAL_DATA) } |
| 3476 | 3798 | YY_BREAK |
| 3477 | case 127: | |
| 3478 | YY_RULE_SETUP | |
| 3479 | #line 338 "util/configlexer.lex" | |
| 3799 | case 138: | |
| 3800 | YY_RULE_SETUP | |
| 3801 | #line 349 "util/configlexer.lex" | |
| 3480 | 3802 | { YDVAR(1, VAR_LOCAL_DATA_PTR) } |
| 3481 | 3803 | YY_BREAK |
| 3482 | case 128: | |
| 3483 | YY_RULE_SETUP | |
| 3484 | #line 339 "util/configlexer.lex" | |
| 3804 | case 139: | |
| 3805 | YY_RULE_SETUP | |
| 3806 | #line 350 "util/configlexer.lex" | |
| 3485 | 3807 | { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } |
| 3486 | 3808 | YY_BREAK |
| 3487 | case 129: | |
| 3488 | YY_RULE_SETUP | |
| 3489 | #line 340 "util/configlexer.lex" | |
| 3809 | case 140: | |
| 3810 | YY_RULE_SETUP | |
| 3811 | #line 351 "util/configlexer.lex" | |
| 3490 | 3812 | { YDVAR(1, VAR_INSECURE_LAN_ZONES) } |
| 3491 | 3813 | YY_BREAK |
| 3492 | case 130: | |
| 3493 | YY_RULE_SETUP | |
| 3494 | #line 341 "util/configlexer.lex" | |
| 3814 | case 141: | |
| 3815 | YY_RULE_SETUP | |
| 3816 | #line 352 "util/configlexer.lex" | |
| 3495 | 3817 | { YDVAR(1, VAR_STATISTICS_INTERVAL) } |
| 3496 | 3818 | YY_BREAK |
| 3497 | case 131: | |
| 3498 | YY_RULE_SETUP | |
| 3499 | #line 342 "util/configlexer.lex" | |
| 3819 | case 142: | |
| 3820 | YY_RULE_SETUP | |
| 3821 | #line 353 "util/configlexer.lex" | |
| 3500 | 3822 | { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } |
| 3501 | 3823 | YY_BREAK |
| 3502 | case 132: | |
| 3503 | YY_RULE_SETUP | |
| 3504 | #line 343 "util/configlexer.lex" | |
| 3824 | case 143: | |
| 3825 | YY_RULE_SETUP | |
| 3826 | #line 354 "util/configlexer.lex" | |
| 3505 | 3827 | { YDVAR(1, VAR_EXTENDED_STATISTICS) } |
| 3506 | 3828 | YY_BREAK |
| 3507 | case 133: | |
| 3508 | YY_RULE_SETUP | |
| 3509 | #line 344 "util/configlexer.lex" | |
| 3829 | case 144: | |
| 3830 | YY_RULE_SETUP | |
| 3831 | #line 355 "util/configlexer.lex" | |
| 3832 | { YDVAR(1, VAR_SHM_ENABLE) } | |
| 3833 | YY_BREAK | |
| 3834 | case 145: | |
| 3835 | YY_RULE_SETUP | |
| 3836 | #line 356 "util/configlexer.lex" | |
| 3837 | { YDVAR(1, VAR_SHM_KEY) } | |
| 3838 | YY_BREAK | |
| 3839 | case 146: | |
| 3840 | YY_RULE_SETUP | |
| 3841 | #line 357 "util/configlexer.lex" | |
| 3510 | 3842 | { YDVAR(0, VAR_REMOTE_CONTROL) } |
| 3511 | 3843 | YY_BREAK |
| 3512 | case 134: | |
| 3513 | YY_RULE_SETUP | |
| 3514 | #line 345 "util/configlexer.lex" | |
| 3844 | case 147: | |
| 3845 | YY_RULE_SETUP | |
| 3846 | #line 358 "util/configlexer.lex" | |
| 3515 | 3847 | { YDVAR(1, VAR_CONTROL_ENABLE) } |
| 3516 | 3848 | YY_BREAK |
| 3517 | case 135: | |
| 3518 | YY_RULE_SETUP | |
| 3519 | #line 346 "util/configlexer.lex" | |
| 3849 | case 148: | |
| 3850 | YY_RULE_SETUP | |
| 3851 | #line 359 "util/configlexer.lex" | |
| 3520 | 3852 | { YDVAR(1, VAR_CONTROL_INTERFACE) } |
| 3521 | 3853 | YY_BREAK |
| 3522 | case 136: | |
| 3523 | YY_RULE_SETUP | |
| 3524 | #line 347 "util/configlexer.lex" | |
| 3854 | case 149: | |
| 3855 | YY_RULE_SETUP | |
| 3856 | #line 360 "util/configlexer.lex" | |
| 3525 | 3857 | { YDVAR(1, VAR_CONTROL_PORT) } |
| 3526 | 3858 | YY_BREAK |
| 3527 | case 137: | |
| 3528 | YY_RULE_SETUP | |
| 3529 | #line 348 "util/configlexer.lex" | |
| 3859 | case 150: | |
| 3860 | YY_RULE_SETUP | |
| 3861 | #line 361 "util/configlexer.lex" | |
| 3530 | 3862 | { YDVAR(1, VAR_CONTROL_USE_CERT) } |
| 3531 | 3863 | YY_BREAK |
| 3532 | case 138: | |
| 3533 | YY_RULE_SETUP | |
| 3534 | #line 349 "util/configlexer.lex" | |
| 3864 | case 151: | |
| 3865 | YY_RULE_SETUP | |
| 3866 | #line 362 "util/configlexer.lex" | |
| 3535 | 3867 | { YDVAR(1, VAR_SERVER_KEY_FILE) } |
| 3536 | 3868 | YY_BREAK |
| 3537 | case 139: | |
| 3538 | YY_RULE_SETUP | |
| 3539 | #line 350 "util/configlexer.lex" | |
| 3869 | case 152: | |
| 3870 | YY_RULE_SETUP | |
| 3871 | #line 363 "util/configlexer.lex" | |
| 3540 | 3872 | { YDVAR(1, VAR_SERVER_CERT_FILE) } |
| 3541 | 3873 | YY_BREAK |
| 3542 | case 140: | |
| 3543 | YY_RULE_SETUP | |
| 3544 | #line 351 "util/configlexer.lex" | |
| 3874 | case 153: | |
| 3875 | YY_RULE_SETUP | |
| 3876 | #line 364 "util/configlexer.lex" | |
| 3545 | 3877 | { YDVAR(1, VAR_CONTROL_KEY_FILE) } |
| 3546 | 3878 | YY_BREAK |
| 3547 | case 141: | |
| 3548 | YY_RULE_SETUP | |
| 3549 | #line 352 "util/configlexer.lex" | |
| 3879 | case 154: | |
| 3880 | YY_RULE_SETUP | |
| 3881 | #line 365 "util/configlexer.lex" | |
| 3550 | 3882 | { YDVAR(1, VAR_CONTROL_CERT_FILE) } |
| 3551 | 3883 | YY_BREAK |
| 3552 | case 142: | |
| 3553 | YY_RULE_SETUP | |
| 3554 | #line 353 "util/configlexer.lex" | |
| 3884 | case 155: | |
| 3885 | YY_RULE_SETUP | |
| 3886 | #line 366 "util/configlexer.lex" | |
| 3555 | 3887 | { YDVAR(1, VAR_PYTHON_SCRIPT) } |
| 3556 | 3888 | YY_BREAK |
| 3557 | case 143: | |
| 3558 | YY_RULE_SETUP | |
| 3559 | #line 354 "util/configlexer.lex" | |
| 3889 | case 156: | |
| 3890 | YY_RULE_SETUP | |
| 3891 | #line 367 "util/configlexer.lex" | |
| 3560 | 3892 | { YDVAR(0, VAR_PYTHON) } |
| 3561 | 3893 | YY_BREAK |
| 3562 | case 144: | |
| 3563 | YY_RULE_SETUP | |
| 3564 | #line 355 "util/configlexer.lex" | |
| 3894 | case 157: | |
| 3895 | YY_RULE_SETUP | |
| 3896 | #line 368 "util/configlexer.lex" | |
| 3565 | 3897 | { YDVAR(1, VAR_DOMAIN_INSECURE) } |
| 3566 | 3898 | YY_BREAK |
| 3567 | case 145: | |
| 3568 | YY_RULE_SETUP | |
| 3569 | #line 356 "util/configlexer.lex" | |
| 3899 | case 158: | |
| 3900 | YY_RULE_SETUP | |
| 3901 | #line 369 "util/configlexer.lex" | |
| 3570 | 3902 | { YDVAR(1, VAR_MINIMAL_RESPONSES) } |
| 3571 | 3903 | YY_BREAK |
| 3572 | case 146: | |
| 3573 | YY_RULE_SETUP | |
| 3574 | #line 357 "util/configlexer.lex" | |
| 3904 | case 159: | |
| 3905 | YY_RULE_SETUP | |
| 3906 | #line 370 "util/configlexer.lex" | |
| 3575 | 3907 | { YDVAR(1, VAR_RRSET_ROUNDROBIN) } |
| 3576 | 3908 | YY_BREAK |
| 3577 | case 147: | |
| 3578 | YY_RULE_SETUP | |
| 3579 | #line 358 "util/configlexer.lex" | |
| 3909 | case 160: | |
| 3910 | YY_RULE_SETUP | |
| 3911 | #line 371 "util/configlexer.lex" | |
| 3580 | 3912 | { YDVAR(1, VAR_MAX_UDP_SIZE) } |
| 3581 | 3913 | YY_BREAK |
| 3582 | case 148: | |
| 3583 | YY_RULE_SETUP | |
| 3584 | #line 359 "util/configlexer.lex" | |
| 3914 | case 161: | |
| 3915 | YY_RULE_SETUP | |
| 3916 | #line 372 "util/configlexer.lex" | |
| 3585 | 3917 | { YDVAR(1, VAR_DNS64_PREFIX) } |
| 3586 | 3918 | YY_BREAK |
| 3587 | case 149: | |
| 3588 | YY_RULE_SETUP | |
| 3589 | #line 360 "util/configlexer.lex" | |
| 3919 | case 162: | |
| 3920 | YY_RULE_SETUP | |
| 3921 | #line 373 "util/configlexer.lex" | |
| 3590 | 3922 | { YDVAR(1, VAR_DNS64_SYNTHALL) } |
| 3591 | 3923 | YY_BREAK |
| 3592 | case 150: | |
| 3593 | YY_RULE_SETUP | |
| 3594 | #line 361 "util/configlexer.lex" | |
| 3924 | case 163: | |
| 3925 | YY_RULE_SETUP | |
| 3926 | #line 374 "util/configlexer.lex" | |
| 3595 | 3927 | { YDVAR(1, VAR_DEFINE_TAG) } |
| 3596 | 3928 | YY_BREAK |
| 3597 | case 151: | |
| 3598 | YY_RULE_SETUP | |
| 3599 | #line 362 "util/configlexer.lex" | |
| 3929 | case 164: | |
| 3930 | YY_RULE_SETUP | |
| 3931 | #line 375 "util/configlexer.lex" | |
| 3600 | 3932 | { YDVAR(2, VAR_LOCAL_ZONE_TAG) } |
| 3601 | 3933 | YY_BREAK |
| 3602 | case 152: | |
| 3603 | YY_RULE_SETUP | |
| 3604 | #line 363 "util/configlexer.lex" | |
| 3934 | case 165: | |
| 3935 | YY_RULE_SETUP | |
| 3936 | #line 376 "util/configlexer.lex" | |
| 3605 | 3937 | { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } |
| 3606 | 3938 | YY_BREAK |
| 3607 | case 153: | |
| 3608 | YY_RULE_SETUP | |
| 3609 | #line 364 "util/configlexer.lex" | |
| 3939 | case 166: | |
| 3940 | YY_RULE_SETUP | |
| 3941 | #line 377 "util/configlexer.lex" | |
| 3610 | 3942 | { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } |
| 3611 | 3943 | YY_BREAK |
| 3612 | case 154: | |
| 3613 | YY_RULE_SETUP | |
| 3614 | #line 365 "util/configlexer.lex" | |
| 3944 | case 167: | |
| 3945 | YY_RULE_SETUP | |
| 3946 | #line 378 "util/configlexer.lex" | |
| 3615 | 3947 | { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } |
| 3616 | 3948 | YY_BREAK |
| 3617 | case 155: | |
| 3618 | YY_RULE_SETUP | |
| 3619 | #line 366 "util/configlexer.lex" | |
| 3949 | case 168: | |
| 3950 | YY_RULE_SETUP | |
| 3951 | #line 379 "util/configlexer.lex" | |
| 3620 | 3952 | { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } |
| 3621 | 3953 | YY_BREAK |
| 3622 | case 156: | |
| 3623 | YY_RULE_SETUP | |
| 3624 | #line 367 "util/configlexer.lex" | |
| 3954 | case 169: | |
| 3955 | YY_RULE_SETUP | |
| 3956 | #line 380 "util/configlexer.lex" | |
| 3625 | 3957 | { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } |
| 3626 | 3958 | YY_BREAK |
| 3627 | case 157: | |
| 3628 | YY_RULE_SETUP | |
| 3629 | #line 368 "util/configlexer.lex" | |
| 3959 | case 170: | |
| 3960 | YY_RULE_SETUP | |
| 3961 | #line 381 "util/configlexer.lex" | |
| 3630 | 3962 | { YDVAR(0, VAR_DNSTAP) } |
| 3631 | 3963 | YY_BREAK |
| 3632 | case 158: | |
| 3633 | YY_RULE_SETUP | |
| 3634 | #line 369 "util/configlexer.lex" | |
| 3964 | case 171: | |
| 3965 | YY_RULE_SETUP | |
| 3966 | #line 382 "util/configlexer.lex" | |
| 3635 | 3967 | { YDVAR(1, VAR_DNSTAP_ENABLE) } |
| 3636 | 3968 | YY_BREAK |
| 3637 | case 159: | |
| 3638 | YY_RULE_SETUP | |
| 3639 | #line 370 "util/configlexer.lex" | |
| 3969 | case 172: | |
| 3970 | YY_RULE_SETUP | |
| 3971 | #line 383 "util/configlexer.lex" | |
| 3640 | 3972 | { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } |
| 3641 | 3973 | YY_BREAK |
| 3642 | case 160: | |
| 3643 | YY_RULE_SETUP | |
| 3644 | #line 371 "util/configlexer.lex" | |
| 3974 | case 173: | |
| 3975 | YY_RULE_SETUP | |
| 3976 | #line 384 "util/configlexer.lex" | |
| 3645 | 3977 | { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } |
| 3646 | 3978 | YY_BREAK |
| 3647 | case 161: | |
| 3648 | YY_RULE_SETUP | |
| 3649 | #line 372 "util/configlexer.lex" | |
| 3979 | case 174: | |
| 3980 | YY_RULE_SETUP | |
| 3981 | #line 385 "util/configlexer.lex" | |
| 3650 | 3982 | { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } |
| 3651 | 3983 | YY_BREAK |
| 3652 | case 162: | |
| 3653 | YY_RULE_SETUP | |
| 3654 | #line 373 "util/configlexer.lex" | |
| 3984 | case 175: | |
| 3985 | YY_RULE_SETUP | |
| 3986 | #line 386 "util/configlexer.lex" | |
| 3655 | 3987 | { YDVAR(1, VAR_DNSTAP_IDENTITY) } |
| 3656 | 3988 | YY_BREAK |
| 3657 | case 163: | |
| 3658 | YY_RULE_SETUP | |
| 3659 | #line 374 "util/configlexer.lex" | |
| 3989 | case 176: | |
| 3990 | YY_RULE_SETUP | |
| 3991 | #line 387 "util/configlexer.lex" | |
| 3660 | 3992 | { YDVAR(1, VAR_DNSTAP_VERSION) } |
| 3661 | 3993 | YY_BREAK |
| 3662 | case 164: | |
| 3663 | YY_RULE_SETUP | |
| 3664 | #line 375 "util/configlexer.lex" | |
| 3994 | case 177: | |
| 3995 | YY_RULE_SETUP | |
| 3996 | #line 388 "util/configlexer.lex" | |
| 3665 | 3997 | { |
| 3666 | 3998 | YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } |
| 3667 | 3999 | YY_BREAK |
| 3668 | case 165: | |
| 3669 | YY_RULE_SETUP | |
| 3670 | #line 377 "util/configlexer.lex" | |
| 4000 | case 178: | |
| 4001 | YY_RULE_SETUP | |
| 4002 | #line 390 "util/configlexer.lex" | |
| 3671 | 4003 | { |
| 3672 | 4004 | YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } |
| 3673 | 4005 | YY_BREAK |
| 3674 | case 166: | |
| 3675 | YY_RULE_SETUP | |
| 3676 | #line 379 "util/configlexer.lex" | |
| 4006 | case 179: | |
| 4007 | YY_RULE_SETUP | |
| 4008 | #line 392 "util/configlexer.lex" | |
| 3677 | 4009 | { |
| 3678 | 4010 | YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } |
| 3679 | 4011 | YY_BREAK |
| 3680 | case 167: | |
| 3681 | YY_RULE_SETUP | |
| 3682 | #line 381 "util/configlexer.lex" | |
| 4012 | case 180: | |
| 4013 | YY_RULE_SETUP | |
| 4014 | #line 394 "util/configlexer.lex" | |
| 3683 | 4015 | { |
| 3684 | 4016 | YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } |
| 3685 | 4017 | YY_BREAK |
| 3686 | case 168: | |
| 3687 | YY_RULE_SETUP | |
| 3688 | #line 383 "util/configlexer.lex" | |
| 4018 | case 181: | |
| 4019 | YY_RULE_SETUP | |
| 4020 | #line 396 "util/configlexer.lex" | |
| 3689 | 4021 | { |
| 3690 | 4022 | YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } |
| 3691 | 4023 | YY_BREAK |
| 3692 | case 169: | |
| 3693 | YY_RULE_SETUP | |
| 3694 | #line 385 "util/configlexer.lex" | |
| 4024 | case 182: | |
| 4025 | YY_RULE_SETUP | |
| 4026 | #line 398 "util/configlexer.lex" | |
| 3695 | 4027 | { |
| 3696 | 4028 | YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } |
| 3697 | 4029 | YY_BREAK |
| 3698 | case 170: | |
| 3699 | YY_RULE_SETUP | |
| 3700 | #line 387 "util/configlexer.lex" | |
| 4030 | case 183: | |
| 4031 | YY_RULE_SETUP | |
| 4032 | #line 400 "util/configlexer.lex" | |
| 3701 | 4033 | { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } |
| 3702 | 4034 | YY_BREAK |
| 3703 | case 171: | |
| 3704 | YY_RULE_SETUP | |
| 3705 | #line 388 "util/configlexer.lex" | |
| 4035 | case 184: | |
| 4036 | YY_RULE_SETUP | |
| 4037 | #line 401 "util/configlexer.lex" | |
| 4038 | { YDVAR(1, VAR_IP_RATELIMIT) } | |
| 4039 | YY_BREAK | |
| 4040 | case 185: | |
| 4041 | YY_RULE_SETUP | |
| 4042 | #line 402 "util/configlexer.lex" | |
| 3706 | 4043 | { YDVAR(1, VAR_RATELIMIT) } |
| 3707 | 4044 | YY_BREAK |
| 3708 | case 172: | |
| 3709 | YY_RULE_SETUP | |
| 3710 | #line 389 "util/configlexer.lex" | |
| 4045 | case 186: | |
| 4046 | YY_RULE_SETUP | |
| 4047 | #line 403 "util/configlexer.lex" | |
| 4048 | { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } | |
| 4049 | YY_BREAK | |
| 4050 | case 187: | |
| 4051 | YY_RULE_SETUP | |
| 4052 | #line 404 "util/configlexer.lex" | |
| 3711 | 4053 | { YDVAR(1, VAR_RATELIMIT_SLABS) } |
| 3712 | 4054 | YY_BREAK |
| 3713 | case 173: | |
| 3714 | YY_RULE_SETUP | |
| 3715 | #line 390 "util/configlexer.lex" | |
| 4055 | case 188: | |
| 4056 | YY_RULE_SETUP | |
| 4057 | #line 405 "util/configlexer.lex" | |
| 4058 | { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } | |
| 4059 | YY_BREAK | |
| 4060 | case 189: | |
| 4061 | YY_RULE_SETUP | |
| 4062 | #line 406 "util/configlexer.lex" | |
| 3716 | 4063 | { YDVAR(1, VAR_RATELIMIT_SIZE) } |
| 3717 | 4064 | YY_BREAK |
| 3718 | case 174: | |
| 3719 | YY_RULE_SETUP | |
| 3720 | #line 391 "util/configlexer.lex" | |
| 4065 | case 190: | |
| 4066 | YY_RULE_SETUP | |
| 4067 | #line 407 "util/configlexer.lex" | |
| 3721 | 4068 | { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } |
| 3722 | 4069 | YY_BREAK |
| 3723 | case 175: | |
| 3724 | YY_RULE_SETUP | |
| 3725 | #line 392 "util/configlexer.lex" | |
| 4070 | case 191: | |
| 4071 | YY_RULE_SETUP | |
| 4072 | #line 408 "util/configlexer.lex" | |
| 3726 | 4073 | { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } |
| 3727 | 4074 | YY_BREAK |
| 3728 | case 176: | |
| 3729 | YY_RULE_SETUP | |
| 3730 | #line 393 "util/configlexer.lex" | |
| 4075 | case 192: | |
| 4076 | YY_RULE_SETUP | |
| 4077 | #line 409 "util/configlexer.lex" | |
| 4078 | { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } | |
| 4079 | YY_BREAK | |
| 4080 | case 193: | |
| 4081 | YY_RULE_SETUP | |
| 4082 | #line 410 "util/configlexer.lex" | |
| 3731 | 4083 | { YDVAR(1, VAR_RATELIMIT_FACTOR) } |
| 3732 | 4084 | YY_BREAK |
| 3733 | case 177: | |
| 3734 | /* rule 177 can match eol */ | |
| 3735 | YY_RULE_SETUP | |
| 3736 | #line 394 "util/configlexer.lex" | |
| 4085 | case 194: | |
| 4086 | YY_RULE_SETUP | |
| 4087 | #line 411 "util/configlexer.lex" | |
| 4088 | { YDVAR(2, VAR_RESPONSE_IP_TAG) } | |
| 4089 | YY_BREAK | |
| 4090 | case 195: | |
| 4091 | YY_RULE_SETUP | |
| 4092 | #line 412 "util/configlexer.lex" | |
| 4093 | { YDVAR(2, VAR_RESPONSE_IP) } | |
| 4094 | YY_BREAK | |
| 4095 | case 196: | |
| 4096 | YY_RULE_SETUP | |
| 4097 | #line 413 "util/configlexer.lex" | |
| 4098 | { YDVAR(2, VAR_RESPONSE_IP_DATA) } | |
| 4099 | YY_BREAK | |
| 4100 | case 197: | |
| 4101 | YY_RULE_SETUP | |
| 4102 | #line 414 "util/configlexer.lex" | |
| 4103 | { YDVAR(0, VAR_DNSCRYPT) } | |
| 4104 | YY_BREAK | |
| 4105 | case 198: | |
| 4106 | YY_RULE_SETUP | |
| 4107 | #line 415 "util/configlexer.lex" | |
| 4108 | { YDVAR(1, VAR_DNSCRYPT_ENABLE) } | |
| 4109 | YY_BREAK | |
| 4110 | case 199: | |
| 4111 | YY_RULE_SETUP | |
| 4112 | #line 416 "util/configlexer.lex" | |
| 4113 | { YDVAR(1, VAR_DNSCRYPT_PORT) } | |
| 4114 | YY_BREAK | |
| 4115 | case 200: | |
| 4116 | YY_RULE_SETUP | |
| 4117 | #line 417 "util/configlexer.lex" | |
| 4118 | { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } | |
| 4119 | YY_BREAK | |
| 4120 | case 201: | |
| 4121 | YY_RULE_SETUP | |
| 4122 | #line 418 "util/configlexer.lex" | |
| 4123 | { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } | |
| 4124 | YY_BREAK | |
| 4125 | case 202: | |
| 4126 | YY_RULE_SETUP | |
| 4127 | #line 419 "util/configlexer.lex" | |
| 4128 | { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } | |
| 4129 | YY_BREAK | |
| 4130 | case 203: | |
| 4131 | YY_RULE_SETUP | |
| 4132 | #line 420 "util/configlexer.lex" | |
| 4133 | { YDVAR(1, VAR_IPSECMOD_ENABLED) } | |
| 4134 | YY_BREAK | |
| 4135 | case 204: | |
| 4136 | YY_RULE_SETUP | |
| 4137 | #line 421 "util/configlexer.lex" | |
| 4138 | { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } | |
| 4139 | YY_BREAK | |
| 4140 | case 205: | |
| 4141 | YY_RULE_SETUP | |
| 4142 | #line 422 "util/configlexer.lex" | |
| 4143 | { YDVAR(1, VAR_IPSECMOD_HOOK) } | |
| 4144 | YY_BREAK | |
| 4145 | case 206: | |
| 4146 | YY_RULE_SETUP | |
| 4147 | #line 423 "util/configlexer.lex" | |
| 4148 | { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } | |
| 4149 | YY_BREAK | |
| 4150 | case 207: | |
| 4151 | YY_RULE_SETUP | |
| 4152 | #line 424 "util/configlexer.lex" | |
| 4153 | { YDVAR(1, VAR_IPSECMOD_WHITELIST) } | |
| 4154 | YY_BREAK | |
| 4155 | case 208: | |
| 4156 | YY_RULE_SETUP | |
| 4157 | #line 425 "util/configlexer.lex" | |
| 4158 | { YDVAR(1, VAR_IPSECMOD_STRICT) } | |
| 4159 | YY_BREAK | |
| 4160 | case 209: | |
| 4161 | /* rule 209 can match eol */ | |
| 4162 | YY_RULE_SETUP | |
| 4163 | #line 426 "util/configlexer.lex" | |
| 3737 | 4164 | { LEXOUT(("NL\n")); cfg_parser->line++; } |
| 3738 | 4165 | YY_BREAK |
| 3739 | 4166 | /* Quoted strings. Strip leading and ending quotes */ |
| 3740 | case 178: | |
| 3741 | YY_RULE_SETUP | |
| 3742 | #line 397 "util/configlexer.lex" | |
| 4167 | case 210: | |
| 4168 | YY_RULE_SETUP | |
| 4169 | #line 429 "util/configlexer.lex" | |
| 3743 | 4170 | { BEGIN(quotedstring); LEXOUT(("QS ")); } |
| 3744 | 4171 | YY_BREAK |
| 3745 | 4172 | case YY_STATE_EOF(quotedstring): |
| 3746 | #line 398 "util/configlexer.lex" | |
| 4173 | #line 430 "util/configlexer.lex" | |
| 3747 | 4174 | { |
| 3748 | 4175 | yyerror("EOF inside quoted string"); |
| 3749 | 4176 | if(--num_args == 0) { BEGIN(INITIAL); } |
| 3750 | 4177 | else { BEGIN(val); } |
| 3751 | 4178 | } |
| 3752 | 4179 | YY_BREAK |
| 3753 | case 179: | |
| 3754 | YY_RULE_SETUP | |
| 3755 | #line 403 "util/configlexer.lex" | |
| 4180 | case 211: | |
| 4181 | YY_RULE_SETUP | |
| 4182 | #line 435 "util/configlexer.lex" | |
| 3756 | 4183 | { LEXOUT(("STR(%s) ", yytext)); yymore(); } |
| 3757 | 4184 | YY_BREAK |
| 3758 | case 180: | |
| 3759 | /* rule 180 can match eol */ | |
| 3760 | YY_RULE_SETUP | |
| 3761 | #line 404 "util/configlexer.lex" | |
| 4185 | case 212: | |
| 4186 | /* rule 212 can match eol */ | |
| 4187 | YY_RULE_SETUP | |
| 4188 | #line 436 "util/configlexer.lex" | |
| 3762 | 4189 | { yyerror("newline inside quoted string, no end \""); |
| 3763 | 4190 | cfg_parser->line++; BEGIN(INITIAL); } |
| 3764 | 4191 | YY_BREAK |
| 3765 | case 181: | |
| 3766 | YY_RULE_SETUP | |
| 3767 | #line 406 "util/configlexer.lex" | |
| 4192 | case 213: | |
| 4193 | YY_RULE_SETUP | |
| 4194 | #line 438 "util/configlexer.lex" | |
| 3768 | 4195 | { |
| 3769 | 4196 | LEXOUT(("QE ")); |
| 3770 | 4197 | if(--num_args == 0) { BEGIN(INITIAL); } |
| 3777 | 4204 | } |
| 3778 | 4205 | YY_BREAK |
| 3779 | 4206 | /* Single Quoted strings. Strip leading and ending quotes */ |
| 3780 | case 182: | |
| 3781 | YY_RULE_SETUP | |
| 3782 | #line 418 "util/configlexer.lex" | |
| 4207 | case 214: | |
| 4208 | YY_RULE_SETUP | |
| 4209 | #line 450 "util/configlexer.lex" | |
| 3783 | 4210 | { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } |
| 3784 | 4211 | YY_BREAK |
| 3785 | 4212 | case YY_STATE_EOF(singlequotedstr): |
| 3786 | #line 419 "util/configlexer.lex" | |
| 4213 | #line 451 "util/configlexer.lex" | |
| 3787 | 4214 | { |
| 3788 | 4215 | yyerror("EOF inside quoted string"); |
| 3789 | 4216 | if(--num_args == 0) { BEGIN(INITIAL); } |
| 3790 | 4217 | else { BEGIN(val); } |
| 3791 | 4218 | } |
| 3792 | 4219 | YY_BREAK |
| 3793 | case 183: | |
| 3794 | YY_RULE_SETUP | |
| 3795 | #line 424 "util/configlexer.lex" | |
| 4220 | case 215: | |
| 4221 | YY_RULE_SETUP | |
| 4222 | #line 456 "util/configlexer.lex" | |
| 3796 | 4223 | { LEXOUT(("STR(%s) ", yytext)); yymore(); } |
| 3797 | 4224 | YY_BREAK |
| 3798 | case 184: | |
| 3799 | /* rule 184 can match eol */ | |
| 3800 | YY_RULE_SETUP | |
| 3801 | #line 425 "util/configlexer.lex" | |
| 4225 | case 216: | |
| 4226 | /* rule 216 can match eol */ | |
| 4227 | YY_RULE_SETUP | |
| 4228 | #line 457 "util/configlexer.lex" | |
| 3802 | 4229 | { yyerror("newline inside quoted string, no end '"); |
| 3803 | 4230 | cfg_parser->line++; BEGIN(INITIAL); } |
| 3804 | 4231 | YY_BREAK |
| 3805 | case 185: | |
| 3806 | YY_RULE_SETUP | |
| 3807 | #line 427 "util/configlexer.lex" | |
| 4232 | case 217: | |
| 4233 | YY_RULE_SETUP | |
| 4234 | #line 459 "util/configlexer.lex" | |
| 3808 | 4235 | { |
| 3809 | 4236 | LEXOUT(("SQE ")); |
| 3810 | 4237 | if(--num_args == 0) { BEGIN(INITIAL); } |
| 3817 | 4244 | } |
| 3818 | 4245 | YY_BREAK |
| 3819 | 4246 | /* include: directive */ |
| 3820 | case 186: | |
| 3821 | YY_RULE_SETUP | |
| 3822 | #line 439 "util/configlexer.lex" | |
| 4247 | case 218: | |
| 4248 | YY_RULE_SETUP | |
| 4249 | #line 471 "util/configlexer.lex" | |
| 3823 | 4250 | { |
| 3824 | 4251 | LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } |
| 3825 | 4252 | YY_BREAK |
| 3826 | 4253 | case YY_STATE_EOF(include): |
| 3827 | #line 441 "util/configlexer.lex" | |
| 4254 | #line 473 "util/configlexer.lex" | |
| 3828 | 4255 | { |
| 3829 | 4256 | yyerror("EOF inside include directive"); |
| 3830 | 4257 | BEGIN(inc_prev); |
| 3831 | 4258 | } |
| 3832 | 4259 | YY_BREAK |
| 3833 | case 187: | |
| 3834 | YY_RULE_SETUP | |
| 3835 | #line 445 "util/configlexer.lex" | |
| 4260 | case 219: | |
| 4261 | YY_RULE_SETUP | |
| 4262 | #line 477 "util/configlexer.lex" | |
| 3836 | 4263 | { LEXOUT(("ISP ")); /* ignore */ } |
| 3837 | 4264 | YY_BREAK |
| 3838 | case 188: | |
| 3839 | /* rule 188 can match eol */ | |
| 3840 | YY_RULE_SETUP | |
| 3841 | #line 446 "util/configlexer.lex" | |
| 4265 | case 220: | |
| 4266 | /* rule 220 can match eol */ | |
| 4267 | YY_RULE_SETUP | |
| 4268 | #line 478 "util/configlexer.lex" | |
| 3842 | 4269 | { LEXOUT(("NL\n")); cfg_parser->line++;} |
| 3843 | 4270 | YY_BREAK |
| 3844 | case 189: | |
| 3845 | YY_RULE_SETUP | |
| 3846 | #line 447 "util/configlexer.lex" | |
| 4271 | case 221: | |
| 4272 | YY_RULE_SETUP | |
| 4273 | #line 479 "util/configlexer.lex" | |
| 3847 | 4274 | { LEXOUT(("IQS ")); BEGIN(include_quoted); } |
| 3848 | 4275 | YY_BREAK |
| 3849 | case 190: | |
| 3850 | YY_RULE_SETUP | |
| 3851 | #line 448 "util/configlexer.lex" | |
| 4276 | case 222: | |
| 4277 | YY_RULE_SETUP | |
| 4278 | #line 480 "util/configlexer.lex" | |
| 3852 | 4279 | { |
| 3853 | 4280 | LEXOUT(("Iunquotedstr(%s) ", yytext)); |
| 3854 | 4281 | config_start_include_glob(yytext); |
| 3856 | 4283 | } |
| 3857 | 4284 | YY_BREAK |
| 3858 | 4285 | case YY_STATE_EOF(include_quoted): |
| 3859 | #line 453 "util/configlexer.lex" | |
| 4286 | #line 485 "util/configlexer.lex" | |
| 3860 | 4287 | { |
| 3861 | 4288 | yyerror("EOF inside quoted string"); |
| 3862 | 4289 | BEGIN(inc_prev); |
| 3863 | 4290 | } |
| 3864 | 4291 | YY_BREAK |
| 3865 | case 191: | |
| 3866 | YY_RULE_SETUP | |
| 3867 | #line 457 "util/configlexer.lex" | |
| 4292 | case 223: | |
| 4293 | YY_RULE_SETUP | |
| 4294 | #line 489 "util/configlexer.lex" | |
| 3868 | 4295 | { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } |
| 3869 | 4296 | YY_BREAK |
| 3870 | case 192: | |
| 3871 | /* rule 192 can match eol */ | |
| 3872 | YY_RULE_SETUP | |
| 3873 | #line 458 "util/configlexer.lex" | |
| 4297 | case 224: | |
| 4298 | /* rule 224 can match eol */ | |
| 4299 | YY_RULE_SETUP | |
| 4300 | #line 490 "util/configlexer.lex" | |
| 3874 | 4301 | { yyerror("newline before \" in include name"); |
| 3875 | 4302 | cfg_parser->line++; BEGIN(inc_prev); } |
| 3876 | 4303 | YY_BREAK |
| 3877 | case 193: | |
| 3878 | YY_RULE_SETUP | |
| 3879 | #line 460 "util/configlexer.lex" | |
| 4304 | case 225: | |
| 4305 | YY_RULE_SETUP | |
| 4306 | #line 492 "util/configlexer.lex" | |
| 3880 | 4307 | { |
| 3881 | 4308 | LEXOUT(("IQE ")); |
| 3882 | 4309 | yytext[yyleng - 1] = '\0'; |
| 3886 | 4313 | YY_BREAK |
| 3887 | 4314 | case YY_STATE_EOF(INITIAL): |
| 3888 | 4315 | case YY_STATE_EOF(val): |
| 3889 | #line 466 "util/configlexer.lex" | |
| 4316 | #line 498 "util/configlexer.lex" | |
| 3890 | 4317 | { |
| 3891 | 4318 | LEXOUT(("LEXEOF ")); |
| 3892 | 4319 | yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ |
| 3898 | 4325 | } |
| 3899 | 4326 | } |
| 3900 | 4327 | YY_BREAK |
| 3901 | case 194: | |
| 3902 | YY_RULE_SETUP | |
| 3903 | #line 477 "util/configlexer.lex" | |
| 4328 | case 226: | |
| 4329 | YY_RULE_SETUP | |
| 4330 | #line 509 "util/configlexer.lex" | |
| 3904 | 4331 | { LEXOUT(("unquotedstr(%s) ", yytext)); |
| 3905 | 4332 | if(--num_args == 0) { BEGIN(INITIAL); } |
| 3906 | 4333 | yylval.str = strdup(yytext); return STRING_ARG; } |
| 3907 | 4334 | YY_BREAK |
| 3908 | case 195: | |
| 3909 | YY_RULE_SETUP | |
| 3910 | #line 481 "util/configlexer.lex" | |
| 4335 | case 227: | |
| 4336 | YY_RULE_SETUP | |
| 4337 | #line 513 "util/configlexer.lex" | |
| 3911 | 4338 | { |
| 3912 | 4339 | ub_c_error_msg("unknown keyword '%s'", yytext); |
| 3913 | 4340 | } |
| 3914 | 4341 | YY_BREAK |
| 3915 | case 196: | |
| 3916 | YY_RULE_SETUP | |
| 3917 | #line 485 "util/configlexer.lex" | |
| 4342 | case 228: | |
| 4343 | YY_RULE_SETUP | |
| 4344 | #line 517 "util/configlexer.lex" | |
| 3918 | 4345 | { |
| 3919 | 4346 | ub_c_error_msg("stray '%s'", yytext); |
| 3920 | 4347 | } |
| 3921 | 4348 | YY_BREAK |
| 3922 | case 197: | |
| 3923 | YY_RULE_SETUP | |
| 3924 | #line 489 "util/configlexer.lex" | |
| 4349 | case 229: | |
| 4350 | YY_RULE_SETUP | |
| 4351 | #line 521 "util/configlexer.lex" | |
| 3925 | 4352 | ECHO; |
| 3926 | 4353 | YY_BREAK |
| 3927 | #line 3927 "<stdout>" | |
| 4354 | #line 4354 "<stdout>" | |
| 3928 | 4355 | |
| 3929 | 4356 | case YY_END_OF_BUFFER: |
| 3930 | 4357 | { |
| 4215 | 4642 | while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) |
| 4216 | 4643 | { |
| 4217 | 4644 | yy_current_state = (int) yy_def[yy_current_state]; |
| 4218 | if ( yy_current_state >= 1956 ) | |
| 4645 | if ( yy_current_state >= 2238 ) | |
| 4219 | 4646 | yy_c = yy_meta[(unsigned int) yy_c]; |
| 4220 | 4647 | } |
| 4221 | 4648 | yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; |
| 4243 | 4670 | while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) |
| 4244 | 4671 | { |
| 4245 | 4672 | yy_current_state = (int) yy_def[yy_current_state]; |
| 4246 | if ( yy_current_state >= 1956 ) | |
| 4673 | if ( yy_current_state >= 2238 ) | |
| 4247 | 4674 | yy_c = yy_meta[(unsigned int) yy_c]; |
| 4248 | 4675 | } |
| 4249 | 4676 | yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; |
| 4250 | yy_is_jam = (yy_current_state == 1955); | |
| 4677 | yy_is_jam = (yy_current_state == 2237); | |
| 4251 | 4678 | |
| 4252 | 4679 | return yy_is_jam ? 0 : yy_current_state; |
| 4253 | 4680 | } |
| 4886 | 5313 | |
| 4887 | 5314 | #define YYTABLES_NAME "yytables" |
| 4888 | 5315 | |
| 4889 | #line 489 "util/configlexer.lex" | |
| 4890 | ||
| 4891 | ||
| 4892 | ||
| 5316 | #line 521 "util/configlexer.lex" | |
| 5317 | ||
| 5318 | ||
| 5319 | ||
| 232 | 232 | ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } |
| 233 | 233 | ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } |
| 234 | 234 | ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) } |
| 235 | use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } | |
| 235 | 236 | do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } |
| 236 | 237 | interface{COLON} { YDVAR(1, VAR_INTERFACE) } |
| 237 | 238 | ip-address{COLON} { YDVAR(1, VAR_INTERFACE) } |
| 298 | 299 | do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } |
| 299 | 300 | do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } |
| 300 | 301 | access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) } |
| 302 | send-client-subnet{COLON} { YDVAR(1, VAR_SEND_CLIENT_SUBNET) } | |
| 303 | client-subnet-zone{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } | |
| 304 | client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } | |
| 305 | client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } | |
| 306 | max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } | |
| 307 | max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } | |
| 301 | 308 | hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) } |
| 302 | 309 | hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) } |
| 310 | hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } | |
| 303 | 311 | identity{COLON} { YDVAR(1, VAR_IDENTITY) } |
| 304 | 312 | version{COLON} { YDVAR(1, VAR_VERSION) } |
| 305 | 313 | module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) } |
| 309 | 317 | auto-trust-anchor-file{COLON} { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } |
| 310 | 318 | trusted-keys-file{COLON} { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } |
| 311 | 319 | trust-anchor{COLON} { YDVAR(1, VAR_TRUST_ANCHOR) } |
| 320 | trust-anchor-signaling{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } | |
| 312 | 321 | val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } |
| 313 | 322 | val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } |
| 314 | 323 | val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } |
| 318 | 327 | ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } |
| 319 | 328 | serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) } |
| 320 | 329 | fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } |
| 330 | fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) } | |
| 321 | 331 | val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } |
| 322 | 332 | key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } |
| 323 | 333 | key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } |
| 332 | 342 | log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) } |
| 333 | 343 | log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } |
| 334 | 344 | log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } |
| 345 | log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) } | |
| 335 | 346 | local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } |
| 336 | 347 | local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) } |
| 337 | 348 | local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) } |
| 340 | 351 | statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } |
| 341 | 352 | statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } |
| 342 | 353 | extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } |
| 354 | shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) } | |
| 355 | shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) } | |
| 343 | 356 | remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } |
| 344 | 357 | control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) } |
| 345 | 358 | control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) } |
| 384 | 397 | dnstap-log-forwarder-response-messages{COLON} { |
| 385 | 398 | YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } |
| 386 | 399 | disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } |
| 400 | ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } | |
| 387 | 401 | ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } |
| 402 | ip-ratelimit-slabs{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } | |
| 388 | 403 | ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) } |
| 404 | ip-ratelimit-size{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } | |
| 389 | 405 | ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) } |
| 390 | 406 | ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } |
| 391 | 407 | ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } |
| 408 | ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } | |
| 392 | 409 | ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) } |
| 410 | response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) } | |
| 411 | response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) } | |
| 412 | response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) } | |
| 413 | dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) } | |
| 414 | dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) } | |
| 415 | dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } | |
| 416 | dnscrypt-provider{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } | |
| 417 | dnscrypt-secret-key{COLON} { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } | |
| 418 | dnscrypt-provider-cert{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } | |
| 419 | ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) } | |
| 420 | ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } | |
| 421 | ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) } | |
| 422 | ipsecmod-max-ttl{COLON} { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } | |
| 423 | ipsecmod-whitelist{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } | |
| 424 | ipsecmod-strict{COLON} { YDVAR(1, VAR_IPSECMOD_STRICT) } | |
| 393 | 425 | <INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } |
| 394 | 426 | |
| 395 | 427 | /* Quoted strings. Strip leading and ending quotes */ |
| 78 | 78 | int ub_c_lex(void); |
| 79 | 79 | void ub_c_error(const char *message); |
| 80 | 80 | |
| 81 | static void validate_respip_action(const char* action); | |
| 82 | ||
| 81 | 83 | /* these need to be global, otherwise they cannot be used inside yacc */ |
| 82 | 84 | extern struct config_parser_state* cfg_parser; |
| 83 | 85 | |
| 88 | 90 | #endif |
| 89 | 91 | |
| 90 | 92 | |
| 91 | #line 93 "util/configparser.c" /* yacc.c:339 */ | |
| 93 | #line 95 "util/configparser.c" /* yacc.c:339 */ | |
| 92 | 94 | |
| 93 | 95 | # ifndef YY_NULLPTR |
| 94 | 96 | # if defined __cplusplus && 201103L <= __cplusplus |
| 246 | 248 | VAR_HARDEN_BELOW_NXDOMAIN = 378, |
| 247 | 249 | VAR_IGNORE_CD_FLAG = 379, |
| 248 | 250 | VAR_LOG_QUERIES = 380, |
| 249 | VAR_TCP_UPSTREAM = 381, | |
| 250 | VAR_SSL_UPSTREAM = 382, | |
| 251 | VAR_SSL_SERVICE_KEY = 383, | |
| 252 | VAR_SSL_SERVICE_PEM = 384, | |
| 253 | VAR_SSL_PORT = 385, | |
| 254 | VAR_FORWARD_FIRST = 386, | |
| 255 | VAR_STUB_SSL_UPSTREAM = 387, | |
| 256 | VAR_FORWARD_SSL_UPSTREAM = 388, | |
| 257 | VAR_STUB_FIRST = 389, | |
| 258 | VAR_MINIMAL_RESPONSES = 390, | |
| 259 | VAR_RRSET_ROUNDROBIN = 391, | |
| 260 | VAR_MAX_UDP_SIZE = 392, | |
| 261 | VAR_DELAY_CLOSE = 393, | |
| 262 | VAR_UNBLOCK_LAN_ZONES = 394, | |
| 263 | VAR_INSECURE_LAN_ZONES = 395, | |
| 264 | VAR_INFRA_CACHE_MIN_RTT = 396, | |
| 265 | VAR_DNS64_PREFIX = 397, | |
| 266 | VAR_DNS64_SYNTHALL = 398, | |
| 267 | VAR_DNSTAP = 399, | |
| 268 | VAR_DNSTAP_ENABLE = 400, | |
| 269 | VAR_DNSTAP_SOCKET_PATH = 401, | |
| 270 | VAR_DNSTAP_SEND_IDENTITY = 402, | |
| 271 | VAR_DNSTAP_SEND_VERSION = 403, | |
| 272 | VAR_DNSTAP_IDENTITY = 404, | |
| 273 | VAR_DNSTAP_VERSION = 405, | |
| 274 | VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 406, | |
| 275 | VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 407, | |
| 276 | VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 408, | |
| 277 | VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 409, | |
| 278 | VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 410, | |
| 279 | VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 411, | |
| 280 | VAR_HARDEN_ALGO_DOWNGRADE = 412, | |
| 281 | VAR_IP_TRANSPARENT = 413, | |
| 282 | VAR_DISABLE_DNSSEC_LAME_CHECK = 414, | |
| 283 | VAR_RATELIMIT = 415, | |
| 284 | VAR_RATELIMIT_SLABS = 416, | |
| 285 | VAR_RATELIMIT_SIZE = 417, | |
| 286 | VAR_RATELIMIT_FOR_DOMAIN = 418, | |
| 287 | VAR_RATELIMIT_BELOW_DOMAIN = 419, | |
| 288 | VAR_RATELIMIT_FACTOR = 420, | |
| 289 | VAR_CAPS_WHITELIST = 421, | |
| 290 | VAR_CACHE_MAX_NEGATIVE_TTL = 422, | |
| 291 | VAR_PERMIT_SMALL_HOLDDOWN = 423, | |
| 292 | VAR_QNAME_MINIMISATION = 424, | |
| 293 | VAR_QNAME_MINIMISATION_STRICT = 425, | |
| 294 | VAR_IP_FREEBIND = 426, | |
| 295 | VAR_DEFINE_TAG = 427, | |
| 296 | VAR_LOCAL_ZONE_TAG = 428, | |
| 297 | VAR_ACCESS_CONTROL_TAG = 429, | |
| 298 | VAR_LOCAL_ZONE_OVERRIDE = 430, | |
| 299 | VAR_ACCESS_CONTROL_TAG_ACTION = 431, | |
| 300 | VAR_ACCESS_CONTROL_TAG_DATA = 432, | |
| 301 | VAR_VIEW = 433, | |
| 302 | VAR_ACCESS_CONTROL_VIEW = 434, | |
| 303 | VAR_VIEW_FIRST = 435, | |
| 304 | VAR_SERVE_EXPIRED = 436, | |
| 305 | VAR_FAKE_DSA = 437, | |
| 306 | VAR_LOG_IDENTITY = 438 | |
| 251 | VAR_LOG_REPLIES = 381, | |
| 252 | VAR_TCP_UPSTREAM = 382, | |
| 253 | VAR_SSL_UPSTREAM = 383, | |
| 254 | VAR_SSL_SERVICE_KEY = 384, | |
| 255 | VAR_SSL_SERVICE_PEM = 385, | |
| 256 | VAR_SSL_PORT = 386, | |
| 257 | VAR_FORWARD_FIRST = 387, | |
| 258 | VAR_STUB_SSL_UPSTREAM = 388, | |
| 259 | VAR_FORWARD_SSL_UPSTREAM = 389, | |
| 260 | VAR_STUB_FIRST = 390, | |
| 261 | VAR_MINIMAL_RESPONSES = 391, | |
| 262 | VAR_RRSET_ROUNDROBIN = 392, | |
| 263 | VAR_MAX_UDP_SIZE = 393, | |
| 264 | VAR_DELAY_CLOSE = 394, | |
| 265 | VAR_UNBLOCK_LAN_ZONES = 395, | |
| 266 | VAR_INSECURE_LAN_ZONES = 396, | |
| 267 | VAR_INFRA_CACHE_MIN_RTT = 397, | |
| 268 | VAR_DNS64_PREFIX = 398, | |
| 269 | VAR_DNS64_SYNTHALL = 399, | |
| 270 | VAR_DNSTAP = 400, | |
| 271 | VAR_DNSTAP_ENABLE = 401, | |
| 272 | VAR_DNSTAP_SOCKET_PATH = 402, | |
| 273 | VAR_DNSTAP_SEND_IDENTITY = 403, | |
| 274 | VAR_DNSTAP_SEND_VERSION = 404, | |
| 275 | VAR_DNSTAP_IDENTITY = 405, | |
| 276 | VAR_DNSTAP_VERSION = 406, | |
| 277 | VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 407, | |
| 278 | VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 408, | |
| 279 | VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 409, | |
| 280 | VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410, | |
| 281 | VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411, | |
| 282 | VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412, | |
| 283 | VAR_RESPONSE_IP_TAG = 413, | |
| 284 | VAR_RESPONSE_IP = 414, | |
| 285 | VAR_RESPONSE_IP_DATA = 415, | |
| 286 | VAR_HARDEN_ALGO_DOWNGRADE = 416, | |
| 287 | VAR_IP_TRANSPARENT = 417, | |
| 288 | VAR_DISABLE_DNSSEC_LAME_CHECK = 418, | |
| 289 | VAR_IP_RATELIMIT = 419, | |
| 290 | VAR_IP_RATELIMIT_SLABS = 420, | |
| 291 | VAR_IP_RATELIMIT_SIZE = 421, | |
| 292 | VAR_RATELIMIT = 422, | |
| 293 | VAR_RATELIMIT_SLABS = 423, | |
| 294 | VAR_RATELIMIT_SIZE = 424, | |
| 295 | VAR_RATELIMIT_FOR_DOMAIN = 425, | |
| 296 | VAR_RATELIMIT_BELOW_DOMAIN = 426, | |
| 297 | VAR_IP_RATELIMIT_FACTOR = 427, | |
| 298 | VAR_RATELIMIT_FACTOR = 428, | |
| 299 | VAR_SEND_CLIENT_SUBNET = 429, | |
| 300 | VAR_CLIENT_SUBNET_ZONE = 430, | |
| 301 | VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 431, | |
| 302 | VAR_CLIENT_SUBNET_OPCODE = 432, | |
| 303 | VAR_MAX_CLIENT_SUBNET_IPV4 = 433, | |
| 304 | VAR_MAX_CLIENT_SUBNET_IPV6 = 434, | |
| 305 | VAR_CAPS_WHITELIST = 435, | |
| 306 | VAR_CACHE_MAX_NEGATIVE_TTL = 436, | |
| 307 | VAR_PERMIT_SMALL_HOLDDOWN = 437, | |
| 308 | VAR_QNAME_MINIMISATION = 438, | |
| 309 | VAR_QNAME_MINIMISATION_STRICT = 439, | |
| 310 | VAR_IP_FREEBIND = 440, | |
| 311 | VAR_DEFINE_TAG = 441, | |
| 312 | VAR_LOCAL_ZONE_TAG = 442, | |
| 313 | VAR_ACCESS_CONTROL_TAG = 443, | |
| 314 | VAR_LOCAL_ZONE_OVERRIDE = 444, | |
| 315 | VAR_ACCESS_CONTROL_TAG_ACTION = 445, | |
| 316 | VAR_ACCESS_CONTROL_TAG_DATA = 446, | |
| 317 | VAR_VIEW = 447, | |
| 318 | VAR_ACCESS_CONTROL_VIEW = 448, | |
| 319 | VAR_VIEW_FIRST = 449, | |
| 320 | VAR_SERVE_EXPIRED = 450, | |
| 321 | VAR_FAKE_DSA = 451, | |
| 322 | VAR_FAKE_SHA1 = 452, | |
| 323 | VAR_LOG_IDENTITY = 453, | |
| 324 | VAR_HIDE_TRUSTANCHOR = 454, | |
| 325 | VAR_TRUST_ANCHOR_SIGNALING = 455, | |
| 326 | VAR_USE_SYSTEMD = 456, | |
| 327 | VAR_SHM_ENABLE = 457, | |
| 328 | VAR_SHM_KEY = 458, | |
| 329 | VAR_DNSCRYPT = 459, | |
| 330 | VAR_DNSCRYPT_ENABLE = 460, | |
| 331 | VAR_DNSCRYPT_PORT = 461, | |
| 332 | VAR_DNSCRYPT_PROVIDER = 462, | |
| 333 | VAR_DNSCRYPT_SECRET_KEY = 463, | |
| 334 | VAR_DNSCRYPT_PROVIDER_CERT = 464, | |
| 335 | VAR_IPSECMOD_ENABLED = 465, | |
| 336 | VAR_IPSECMOD_HOOK = 466, | |
| 337 | VAR_IPSECMOD_IGNORE_BOGUS = 467, | |
| 338 | VAR_IPSECMOD_MAX_TTL = 468, | |
| 339 | VAR_IPSECMOD_WHITELIST = 469, | |
| 340 | VAR_IPSECMOD_STRICT = 470 | |
| 307 | 341 | }; |
| 308 | 342 | #endif |
| 309 | 343 | /* Tokens. */ |
| 430 | 464 | #define VAR_HARDEN_BELOW_NXDOMAIN 378 |
| 431 | 465 | #define VAR_IGNORE_CD_FLAG 379 |
| 432 | 466 | #define VAR_LOG_QUERIES 380 |
| 433 | #define VAR_TCP_UPSTREAM 381 | |
| 434 | #define VAR_SSL_UPSTREAM 382 | |
| 435 | #define VAR_SSL_SERVICE_KEY 383 | |
| 436 | #define VAR_SSL_SERVICE_PEM 384 | |
| 437 | #define VAR_SSL_PORT 385 | |
| 438 | #define VAR_FORWARD_FIRST 386 | |
| 439 | #define VAR_STUB_SSL_UPSTREAM 387 | |
| 440 | #define VAR_FORWARD_SSL_UPSTREAM 388 | |
| 441 | #define VAR_STUB_FIRST 389 | |
| 442 | #define VAR_MINIMAL_RESPONSES 390 | |
| 443 | #define VAR_RRSET_ROUNDROBIN 391 | |
| 444 | #define VAR_MAX_UDP_SIZE 392 | |
| 445 | #define VAR_DELAY_CLOSE 393 | |
| 446 | #define VAR_UNBLOCK_LAN_ZONES 394 | |
| 447 | #define VAR_INSECURE_LAN_ZONES 395 | |
| 448 | #define VAR_INFRA_CACHE_MIN_RTT 396 | |
| 449 | #define VAR_DNS64_PREFIX 397 | |
| 450 | #define VAR_DNS64_SYNTHALL 398 | |
| 451 | #define VAR_DNSTAP 399 | |
| 452 | #define VAR_DNSTAP_ENABLE 400 | |
| 453 | #define VAR_DNSTAP_SOCKET_PATH 401 | |
| 454 | #define VAR_DNSTAP_SEND_IDENTITY 402 | |
| 455 | #define VAR_DNSTAP_SEND_VERSION 403 | |
| 456 | #define VAR_DNSTAP_IDENTITY 404 | |
| 457 | #define VAR_DNSTAP_VERSION 405 | |
| 458 | #define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 406 | |
| 459 | #define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 407 | |
| 460 | #define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 408 | |
| 461 | #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 409 | |
| 462 | #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 410 | |
| 463 | #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 411 | |
| 464 | #define VAR_HARDEN_ALGO_DOWNGRADE 412 | |
| 465 | #define VAR_IP_TRANSPARENT 413 | |
| 466 | #define VAR_DISABLE_DNSSEC_LAME_CHECK 414 | |
| 467 | #define VAR_RATELIMIT 415 | |
| 468 | #define VAR_RATELIMIT_SLABS 416 | |
| 469 | #define VAR_RATELIMIT_SIZE 417 | |
| 470 | #define VAR_RATELIMIT_FOR_DOMAIN 418 | |
| 471 | #define VAR_RATELIMIT_BELOW_DOMAIN 419 | |
| 472 | #define VAR_RATELIMIT_FACTOR 420 | |
| 473 | #define VAR_CAPS_WHITELIST 421 | |
| 474 | #define VAR_CACHE_MAX_NEGATIVE_TTL 422 | |
| 475 | #define VAR_PERMIT_SMALL_HOLDDOWN 423 | |
| 476 | #define VAR_QNAME_MINIMISATION 424 | |
| 477 | #define VAR_QNAME_MINIMISATION_STRICT 425 | |
| 478 | #define VAR_IP_FREEBIND 426 | |
| 479 | #define VAR_DEFINE_TAG 427 | |
| 480 | #define VAR_LOCAL_ZONE_TAG 428 | |
| 481 | #define VAR_ACCESS_CONTROL_TAG 429 | |
| 482 | #define VAR_LOCAL_ZONE_OVERRIDE 430 | |
| 483 | #define VAR_ACCESS_CONTROL_TAG_ACTION 431 | |
| 484 | #define VAR_ACCESS_CONTROL_TAG_DATA 432 | |
| 485 | #define VAR_VIEW 433 | |
| 486 | #define VAR_ACCESS_CONTROL_VIEW 434 | |
| 487 | #define VAR_VIEW_FIRST 435 | |
| 488 | #define VAR_SERVE_EXPIRED 436 | |
| 489 | #define VAR_FAKE_DSA 437 | |
| 490 | #define VAR_LOG_IDENTITY 438 | |
| 467 | #define VAR_LOG_REPLIES 381 | |
| 468 | #define VAR_TCP_UPSTREAM 382 | |
| 469 | #define VAR_SSL_UPSTREAM 383 | |
| 470 | #define VAR_SSL_SERVICE_KEY 384 | |
| 471 | #define VAR_SSL_SERVICE_PEM 385 | |
| 472 | #define VAR_SSL_PORT 386 | |
| 473 | #define VAR_FORWARD_FIRST 387 | |
| 474 | #define VAR_STUB_SSL_UPSTREAM 388 | |
| 475 | #define VAR_FORWARD_SSL_UPSTREAM 389 | |
| 476 | #define VAR_STUB_FIRST 390 | |
| 477 | #define VAR_MINIMAL_RESPONSES 391 | |
| 478 | #define VAR_RRSET_ROUNDROBIN 392 | |
| 479 | #define VAR_MAX_UDP_SIZE 393 | |
| 480 | #define VAR_DELAY_CLOSE 394 | |
| 481 | #define VAR_UNBLOCK_LAN_ZONES 395 | |
| 482 | #define VAR_INSECURE_LAN_ZONES 396 | |
| 483 | #define VAR_INFRA_CACHE_MIN_RTT 397 | |
| 484 | #define VAR_DNS64_PREFIX 398 | |
| 485 | #define VAR_DNS64_SYNTHALL 399 | |
| 486 | #define VAR_DNSTAP 400 | |
| 487 | #define VAR_DNSTAP_ENABLE 401 | |
| 488 | #define VAR_DNSTAP_SOCKET_PATH 402 | |
| 489 | #define VAR_DNSTAP_SEND_IDENTITY 403 | |
| 490 | #define VAR_DNSTAP_SEND_VERSION 404 | |
| 491 | #define VAR_DNSTAP_IDENTITY 405 | |
| 492 | #define VAR_DNSTAP_VERSION 406 | |
| 493 | #define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 407 | |
| 494 | #define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 408 | |
| 495 | #define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 409 | |
| 496 | #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410 | |
| 497 | #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411 | |
| 498 | #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412 | |
| 499 | #define VAR_RESPONSE_IP_TAG 413 | |
| 500 | #define VAR_RESPONSE_IP 414 | |
| 501 | #define VAR_RESPONSE_IP_DATA 415 | |
| 502 | #define VAR_HARDEN_ALGO_DOWNGRADE 416 | |
| 503 | #define VAR_IP_TRANSPARENT 417 | |
| 504 | #define VAR_DISABLE_DNSSEC_LAME_CHECK 418 | |
| 505 | #define VAR_IP_RATELIMIT 419 | |
| 506 | #define VAR_IP_RATELIMIT_SLABS 420 | |
| 507 | #define VAR_IP_RATELIMIT_SIZE 421 | |
| 508 | #define VAR_RATELIMIT 422 | |
| 509 | #define VAR_RATELIMIT_SLABS 423 | |
| 510 | #define VAR_RATELIMIT_SIZE 424 | |
| 511 | #define VAR_RATELIMIT_FOR_DOMAIN 425 | |
| 512 | #define VAR_RATELIMIT_BELOW_DOMAIN 426 | |
| 513 | #define VAR_IP_RATELIMIT_FACTOR 427 | |
| 514 | #define VAR_RATELIMIT_FACTOR 428 | |
| 515 | #define VAR_SEND_CLIENT_SUBNET 429 | |
| 516 | #define VAR_CLIENT_SUBNET_ZONE 430 | |
| 517 | #define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 431 | |
| 518 | #define VAR_CLIENT_SUBNET_OPCODE 432 | |
| 519 | #define VAR_MAX_CLIENT_SUBNET_IPV4 433 | |
| 520 | #define VAR_MAX_CLIENT_SUBNET_IPV6 434 | |
| 521 | #define VAR_CAPS_WHITELIST 435 | |
| 522 | #define VAR_CACHE_MAX_NEGATIVE_TTL 436 | |
| 523 | #define VAR_PERMIT_SMALL_HOLDDOWN 437 | |
| 524 | #define VAR_QNAME_MINIMISATION 438 | |
| 525 | #define VAR_QNAME_MINIMISATION_STRICT 439 | |
| 526 | #define VAR_IP_FREEBIND 440 | |
| 527 | #define VAR_DEFINE_TAG 441 | |
| 528 | #define VAR_LOCAL_ZONE_TAG 442 | |
| 529 | #define VAR_ACCESS_CONTROL_TAG 443 | |
| 530 | #define VAR_LOCAL_ZONE_OVERRIDE 444 | |
| 531 | #define VAR_ACCESS_CONTROL_TAG_ACTION 445 | |
| 532 | #define VAR_ACCESS_CONTROL_TAG_DATA 446 | |
| 533 | #define VAR_VIEW 447 | |
| 534 | #define VAR_ACCESS_CONTROL_VIEW 448 | |
| 535 | #define VAR_VIEW_FIRST 449 | |
| 536 | #define VAR_SERVE_EXPIRED 450 | |
| 537 | #define VAR_FAKE_DSA 451 | |
| 538 | #define VAR_FAKE_SHA1 452 | |
| 539 | #define VAR_LOG_IDENTITY 453 | |
| 540 | #define VAR_HIDE_TRUSTANCHOR 454 | |
| 541 | #define VAR_TRUST_ANCHOR_SIGNALING 455 | |
| 542 | #define VAR_USE_SYSTEMD 456 | |
| 543 | #define VAR_SHM_ENABLE 457 | |
| 544 | #define VAR_SHM_KEY 458 | |
| 545 | #define VAR_DNSCRYPT 459 | |
| 546 | #define VAR_DNSCRYPT_ENABLE 460 | |
| 547 | #define VAR_DNSCRYPT_PORT 461 | |
| 548 | #define VAR_DNSCRYPT_PROVIDER 462 | |
| 549 | #define VAR_DNSCRYPT_SECRET_KEY 463 | |
| 550 | #define VAR_DNSCRYPT_PROVIDER_CERT 464 | |
| 551 | #define VAR_IPSECMOD_ENABLED 465 | |
| 552 | #define VAR_IPSECMOD_HOOK 466 | |
| 553 | #define VAR_IPSECMOD_IGNORE_BOGUS 467 | |
| 554 | #define VAR_IPSECMOD_MAX_TTL 468 | |
| 555 | #define VAR_IPSECMOD_WHITELIST 469 | |
| 556 | #define VAR_IPSECMOD_STRICT 470 | |
| 491 | 557 | |
| 492 | 558 | /* Value type. */ |
| 493 | 559 | #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED |
| 494 | 560 | |
| 495 | 561 | union YYSTYPE |
| 496 | 562 | { |
| 497 | #line 64 "util/configparser.y" /* yacc.c:355 */ | |
| 563 | #line 66 "util/configparser.y" /* yacc.c:355 */ | |
| 498 | 564 | |
| 499 | 565 | char* str; |
| 500 | 566 | |
| 501 | #line 503 "util/configparser.c" /* yacc.c:355 */ | |
| 567 | #line 569 "util/configparser.c" /* yacc.c:355 */ | |
| 502 | 568 | }; |
| 503 | 569 | |
| 504 | 570 | typedef union YYSTYPE YYSTYPE; |
| 515 | 581 | |
| 516 | 582 | /* Copy the second part of user declarations. */ |
| 517 | 583 | |
| 518 | #line 520 "util/configparser.c" /* yacc.c:358 */ | |
| 584 | #line 586 "util/configparser.c" /* yacc.c:358 */ | |
| 519 | 585 | |
| 520 | 586 | #ifdef short |
| 521 | 587 | # undef short |
| 757 | 823 | /* YYFINAL -- State number of the termination state. */ |
| 758 | 824 | #define YYFINAL 2 |
| 759 | 825 | /* YYLAST -- Last index in YYTABLE. */ |
| 760 | #define YYLAST 363 | |
| 826 | #define YYLAST 442 | |
| 761 | 827 | |
| 762 | 828 | /* YYNTOKENS -- Number of terminals. */ |
| 763 | #define YYNTOKENS 184 | |
| 829 | #define YYNTOKENS 216 | |
| 764 | 830 | /* YYNNTS -- Number of nonterminals. */ |
| 765 | #define YYNNTS 194 | |
| 831 | #define YYNNTS 231 | |
| 766 | 832 | /* YYNRULES -- Number of rules. */ |
| 767 | #define YYNRULES 371 | |
| 833 | #define YYNRULES 443 | |
| 768 | 834 | /* YYNSTATES -- Number of states. */ |
| 769 | #define YYNSTATES 556 | |
| 835 | #define YYNSTATES 667 | |
| 770 | 836 | |
| 771 | 837 | /* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned |
| 772 | 838 | by yylex, with out-of-bounds checking. */ |
| 773 | 839 | #define YYUNDEFTOK 2 |
| 774 | #define YYMAXUTOK 438 | |
| 840 | #define YYMAXUTOK 470 | |
| 775 | 841 | |
| 776 | 842 | #define YYTRANSLATE(YYX) \ |
| 777 | 843 | ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) |
| 823 | 889 | 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, |
| 824 | 890 | 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, |
| 825 | 891 | 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, |
| 826 | 175, 176, 177, 178, 179, 180, 181, 182, 183 | |
| 892 | 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, | |
| 893 | 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, | |
| 894 | 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, | |
| 895 | 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, | |
| 896 | 215 | |
| 827 | 897 | }; |
| 828 | 898 | |
| 829 | 899 | #if YYDEBUG |
| 830 | 900 | /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ |
| 831 | 901 | static const yytype_uint16 yyrline[] = |
| 832 | 902 | { |
| 833 | 0, 137, 137, 137, 138, 138, 139, 139, 140, 140, | |
| 834 | 140, 145, 150, 151, 152, 152, 152, 153, 153, 154, | |
| 835 | 154, 155, 155, 156, 156, 157, 157, 157, 158, 158, | |
| 836 | 158, 159, 159, 160, 160, 161, 161, 162, 162, 163, | |
| 837 | 163, 164, 164, 165, 165, 166, 166, 167, 167, 167, | |
| 838 | 168, 168, 168, 169, 169, 169, 170, 170, 171, 171, | |
| 839 | 172, 172, 173, 173, 174, 174, 174, 175, 175, 176, | |
| 840 | 176, 177, 177, 177, 178, 178, 179, 179, 180, 180, | |
| 841 | 181, 181, 181, 182, 182, 183, 183, 184, 184, 185, | |
| 842 | 185, 186, 186, 187, 187, 187, 188, 188, 189, 189, | |
| 843 | 189, 190, 190, 190, 191, 191, 191, 192, 192, 192, | |
| 844 | 193, 193, 193, 194, 194, 194, 195, 195, 196, 196, | |
| 845 | 197, 197, 198, 198, 199, 199, 199, 200, 200, 201, | |
| 846 | 201, 202, 202, 203, 203, 204, 204, 204, 205, 205, | |
| 847 | 206, 206, 207, 207, 208, 208, 209, 209, 211, 223, | |
| 848 | 224, 225, 225, 225, 225, 225, 226, 228, 240, 241, | |
| 849 | 242, 242, 242, 242, 243, 245, 259, 260, 261, 261, | |
| 850 | 261, 261, 263, 272, 281, 292, 301, 310, 319, 332, | |
| 851 | 347, 356, 365, 374, 383, 392, 401, 410, 419, 428, | |
| 852 | 437, 446, 455, 464, 473, 482, 489, 496, 505, 514, | |
| 853 | 528, 537, 546, 553, 560, 584, 592, 599, 606, 613, | |
| 854 | 620, 628, 636, 644, 651, 658, 667, 676, 683, 690, | |
| 855 | 698, 706, 716, 726, 736, 749, 760, 768, 781, 790, | |
| 856 | 799, 808, 818, 828, 836, 849, 858, 866, 875, 883, | |
| 857 | 896, 905, 912, 922, 932, 942, 952, 962, 972, 982, | |
| 858 | 992, 999, 1006, 1013, 1022, 1031, 1040, 1047, 1057, 1074, | |
| 859 | 1081, 1099, 1112, 1125, 1134, 1143, 1152, 1161, 1171, 1181, | |
| 860 | 1190, 1199, 1210, 1219, 1226, 1235, 1244, 1253, 1262, 1270, | |
| 861 | 1283, 1291, 1319, 1326, 1341, 1351, 1361, 1368, 1375, 1384, | |
| 862 | 1398, 1417, 1436, 1448, 1460, 1472, 1483, 1492, 1500, 1513, | |
| 863 | 1526, 1539, 1548, 1558, 1568, 1578, 1585, 1592, 1601, 1611, | |
| 864 | 1621, 1631, 1638, 1645, 1654, 1664, 1674, 1703, 1712, 1721, | |
| 865 | 1726, 1727, 1728, 1728, 1728, 1729, 1729, 1729, 1730, 1730, | |
| 866 | 1732, 1742, 1751, 1758, 1768, 1775, 1782, 1789, 1796, 1801, | |
| 867 | 1802, 1803, 1803, 1804, 1804, 1805, 1805, 1806, 1807, 1808, | |
| 868 | 1809, 1810, 1811, 1813, 1821, 1828, 1836, 1844, 1851, 1858, | |
| 869 | 1867, 1876, 1885, 1894, 1903, 1912, 1917, 1918, 1919, 1921, | |
| 870 | 1927, 1937 | |
| 903 | 0, 151, 151, 151, 152, 152, 153, 153, 154, 154, | |
| 904 | 154, 156, 160, 165, 166, 167, 167, 167, 168, 168, | |
| 905 | 169, 169, 170, 170, 171, 171, 172, 172, 172, 173, | |
| 906 | 173, 173, 174, 174, 175, 175, 176, 176, 177, 177, | |
| 907 | 178, 178, 179, 179, 180, 180, 181, 181, 182, 182, | |
| 908 | 182, 183, 183, 183, 184, 184, 184, 185, 185, 186, | |
| 909 | 186, 187, 187, 188, 188, 189, 189, 189, 190, 190, | |
| 910 | 191, 191, 192, 192, 192, 193, 193, 194, 194, 195, | |
| 911 | 195, 196, 196, 196, 197, 197, 198, 198, 199, 199, | |
| 912 | 200, 200, 201, 201, 202, 202, 202, 203, 203, 204, | |
| 913 | 204, 204, 205, 205, 205, 206, 206, 206, 207, 207, | |
| 914 | 207, 207, 208, 208, 208, 209, 209, 209, 210, 210, | |
| 915 | 211, 211, 212, 212, 213, 213, 214, 214, 214, 215, | |
| 916 | 215, 216, 216, 217, 218, 218, 219, 219, 220, 220, | |
| 917 | 221, 222, 222, 223, 223, 224, 224, 225, 225, 225, | |
| 918 | 226, 226, 227, 227, 228, 228, 229, 229, 230, 230, | |
| 919 | 230, 231, 231, 231, 232, 232, 232, 233, 233, 234, | |
| 920 | 234, 235, 235, 236, 236, 238, 250, 251, 252, 252, | |
| 921 | 252, 252, 252, 253, 255, 267, 268, 269, 269, 269, | |
| 922 | 269, 270, 272, 286, 287, 288, 288, 288, 288, 289, | |
| 923 | 289, 289, 291, 300, 309, 320, 329, 338, 347, 358, | |
| 924 | 367, 378, 391, 406, 417, 434, 451, 464, 479, 488, | |
| 925 | 497, 506, 515, 524, 533, 542, 551, 560, 569, 578, | |
| 926 | 587, 596, 605, 614, 621, 628, 637, 646, 655, 669, | |
| 927 | 678, 687, 696, 703, 710, 736, 744, 751, 758, 765, | |
| 928 | 772, 780, 788, 796, 803, 814, 821, 830, 839, 848, | |
| 929 | 855, 862, 870, 878, 888, 898, 908, 921, 932, 940, | |
| 930 | 953, 962, 971, 980, 990, 1000, 1008, 1021, 1030, 1038, | |
| 931 | 1047, 1055, 1068, 1077, 1084, 1094, 1104, 1114, 1124, 1134, | |
| 932 | 1144, 1154, 1164, 1171, 1178, 1185, 1194, 1203, 1212, 1219, | |
| 933 | 1229, 1246, 1253, 1271, 1284, 1297, 1306, 1315, 1324, 1333, | |
| 934 | 1343, 1353, 1362, 1371, 1384, 1397, 1406, 1413, 1422, 1431, | |
| 935 | 1440, 1449, 1457, 1470, 1478, 1506, 1513, 1528, 1538, 1548, | |
| 936 | 1555, 1562, 1571, 1585, 1604, 1623, 1635, 1647, 1659, 1670, | |
| 937 | 1689, 1699, 1708, 1716, 1724, 1737, 1750, 1763, 1776, 1785, | |
| 938 | 1794, 1804, 1814, 1827, 1840, 1851, 1864, 1875, 1888, 1898, | |
| 939 | 1905, 1912, 1921, 1931, 1941, 1951, 1958, 1965, 1974, 1984, | |
| 940 | 1994, 2023, 2033, 2041, 2050, 2065, 2074, 2079, 2080, 2081, | |
| 941 | 2081, 2081, 2082, 2082, 2082, 2083, 2083, 2085, 2095, 2104, | |
| 942 | 2111, 2121, 2128, 2135, 2142, 2149, 2154, 2155, 2156, 2156, | |
| 943 | 2157, 2157, 2158, 2158, 2159, 2160, 2161, 2162, 2163, 2164, | |
| 944 | 2166, 2174, 2181, 2189, 2197, 2204, 2211, 2220, 2229, 2238, | |
| 945 | 2247, 2256, 2265, 2270, 2271, 2272, 2274, 2280, 2290, 2297, | |
| 946 | 2306, 2314, 2320, 2321, 2323, 2323, 2323, 2324, 2324, 2326, | |
| 947 | 2336, 2346, 2353, 2360 | |
| 871 | 948 | }; |
| 872 | 949 | #endif |
| 873 | 950 | |
| 915 | 992 | "VAR_SO_RCVBUF", "VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH", |
| 916 | 993 | "VAR_PREFETCH_KEY", "VAR_SO_SNDBUF", "VAR_SO_REUSEPORT", |
| 917 | 994 | "VAR_HARDEN_BELOW_NXDOMAIN", "VAR_IGNORE_CD_FLAG", "VAR_LOG_QUERIES", |
| 918 | "VAR_TCP_UPSTREAM", "VAR_SSL_UPSTREAM", "VAR_SSL_SERVICE_KEY", | |
| 919 | "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", "VAR_FORWARD_FIRST", | |
| 920 | "VAR_STUB_SSL_UPSTREAM", "VAR_FORWARD_SSL_UPSTREAM", "VAR_STUB_FIRST", | |
| 921 | "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", | |
| 922 | "VAR_DELAY_CLOSE", "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES", | |
| 923 | "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", | |
| 924 | "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", "VAR_DNSTAP_SOCKET_PATH", | |
| 925 | "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION", | |
| 926 | "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", | |
| 995 | "VAR_LOG_REPLIES", "VAR_TCP_UPSTREAM", "VAR_SSL_UPSTREAM", | |
| 996 | "VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", | |
| 997 | "VAR_FORWARD_FIRST", "VAR_STUB_SSL_UPSTREAM", "VAR_FORWARD_SSL_UPSTREAM", | |
| 998 | "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", | |
| 999 | "VAR_MAX_UDP_SIZE", "VAR_DELAY_CLOSE", "VAR_UNBLOCK_LAN_ZONES", | |
| 1000 | "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", | |
| 1001 | "VAR_DNS64_SYNTHALL", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", | |
| 1002 | "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_SEND_IDENTITY", | |
| 1003 | "VAR_DNSTAP_SEND_VERSION", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", | |
| 927 | 1004 | "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", |
| 928 | 1005 | "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", |
| 929 | 1006 | "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", |
| 930 | 1007 | "VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES", |
| 931 | 1008 | "VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES", |
| 932 | "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", | |
| 933 | "VAR_HARDEN_ALGO_DOWNGRADE", "VAR_IP_TRANSPARENT", | |
| 934 | "VAR_DISABLE_DNSSEC_LAME_CHECK", "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", | |
| 935 | "VAR_RATELIMIT_SIZE", "VAR_RATELIMIT_FOR_DOMAIN", | |
| 936 | "VAR_RATELIMIT_BELOW_DOMAIN", "VAR_RATELIMIT_FACTOR", | |
| 1009 | "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", "VAR_RESPONSE_IP_TAG", | |
| 1010 | "VAR_RESPONSE_IP", "VAR_RESPONSE_IP_DATA", "VAR_HARDEN_ALGO_DOWNGRADE", | |
| 1011 | "VAR_IP_TRANSPARENT", "VAR_DISABLE_DNSSEC_LAME_CHECK", | |
| 1012 | "VAR_IP_RATELIMIT", "VAR_IP_RATELIMIT_SLABS", "VAR_IP_RATELIMIT_SIZE", | |
| 1013 | "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE", | |
| 1014 | "VAR_RATELIMIT_FOR_DOMAIN", "VAR_RATELIMIT_BELOW_DOMAIN", | |
| 1015 | "VAR_IP_RATELIMIT_FACTOR", "VAR_RATELIMIT_FACTOR", | |
| 1016 | "VAR_SEND_CLIENT_SUBNET", "VAR_CLIENT_SUBNET_ZONE", | |
| 1017 | "VAR_CLIENT_SUBNET_ALWAYS_FORWARD", "VAR_CLIENT_SUBNET_OPCODE", | |
| 1018 | "VAR_MAX_CLIENT_SUBNET_IPV4", "VAR_MAX_CLIENT_SUBNET_IPV6", | |
| 937 | 1019 | "VAR_CAPS_WHITELIST", "VAR_CACHE_MAX_NEGATIVE_TTL", |
| 938 | 1020 | "VAR_PERMIT_SMALL_HOLDDOWN", "VAR_QNAME_MINIMISATION", |
| 939 | 1021 | "VAR_QNAME_MINIMISATION_STRICT", "VAR_IP_FREEBIND", "VAR_DEFINE_TAG", |
| 940 | 1022 | "VAR_LOCAL_ZONE_TAG", "VAR_ACCESS_CONTROL_TAG", |
| 941 | 1023 | "VAR_LOCAL_ZONE_OVERRIDE", "VAR_ACCESS_CONTROL_TAG_ACTION", |
| 942 | 1024 | "VAR_ACCESS_CONTROL_TAG_DATA", "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", |
| 943 | "VAR_VIEW_FIRST", "VAR_SERVE_EXPIRED", "VAR_FAKE_DSA", | |
| 944 | "VAR_LOG_IDENTITY", "$accept", "toplevelvars", "toplevelvar", | |
| 945 | "serverstart", "contents_server", "content_server", "stubstart", | |
| 946 | "contents_stub", "content_stub", "forwardstart", "contents_forward", | |
| 947 | "content_forward", "viewstart", "contents_view", "content_view", | |
| 948 | "server_num_threads", "server_verbosity", "server_statistics_interval", | |
| 1025 | "VAR_VIEW_FIRST", "VAR_SERVE_EXPIRED", "VAR_FAKE_DSA", "VAR_FAKE_SHA1", | |
| 1026 | "VAR_LOG_IDENTITY", "VAR_HIDE_TRUSTANCHOR", "VAR_TRUST_ANCHOR_SIGNALING", | |
| 1027 | "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", "VAR_SHM_KEY", "VAR_DNSCRYPT", | |
| 1028 | "VAR_DNSCRYPT_ENABLE", "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", | |
| 1029 | "VAR_DNSCRYPT_SECRET_KEY", "VAR_DNSCRYPT_PROVIDER_CERT", | |
| 1030 | "VAR_IPSECMOD_ENABLED", "VAR_IPSECMOD_HOOK", "VAR_IPSECMOD_IGNORE_BOGUS", | |
| 1031 | "VAR_IPSECMOD_MAX_TTL", "VAR_IPSECMOD_WHITELIST", "VAR_IPSECMOD_STRICT", | |
| 1032 | "$accept", "toplevelvars", "toplevelvar", "serverstart", | |
| 1033 | "contents_server", "content_server", "stubstart", "contents_stub", | |
| 1034 | "content_stub", "forwardstart", "contents_forward", "content_forward", | |
| 1035 | "viewstart", "contents_view", "content_view", "server_num_threads", | |
| 1036 | "server_verbosity", "server_statistics_interval", | |
| 949 | 1037 | "server_statistics_cumulative", "server_extended_statistics", |
| 950 | "server_port", "server_interface", "server_outgoing_interface", | |
| 951 | "server_outgoing_range", "server_outgoing_port_permit", | |
| 952 | "server_outgoing_port_avoid", "server_outgoing_num_tcp", | |
| 953 | "server_incoming_num_tcp", "server_interface_automatic", "server_do_ip4", | |
| 954 | "server_do_ip6", "server_do_udp", "server_do_tcp", "server_prefer_ip6", | |
| 955 | "server_tcp_mss", "server_outgoing_tcp_mss", "server_tcp_upstream", | |
| 956 | "server_ssl_upstream", "server_ssl_service_key", | |
| 957 | "server_ssl_service_pem", "server_ssl_port", "server_do_daemonize", | |
| 958 | "server_use_syslog", "server_log_time_ascii", "server_log_queries", | |
| 1038 | "server_shm_enable", "server_shm_key", "server_port", | |
| 1039 | "server_send_client_subnet", "server_client_subnet_zone", | |
| 1040 | "server_client_subnet_always_forward", "server_client_subnet_opcode", | |
| 1041 | "server_max_client_subnet_ipv4", "server_max_client_subnet_ipv6", | |
| 1042 | "server_interface", "server_outgoing_interface", "server_outgoing_range", | |
| 1043 | "server_outgoing_port_permit", "server_outgoing_port_avoid", | |
| 1044 | "server_outgoing_num_tcp", "server_incoming_num_tcp", | |
| 1045 | "server_interface_automatic", "server_do_ip4", "server_do_ip6", | |
| 1046 | "server_do_udp", "server_do_tcp", "server_prefer_ip6", "server_tcp_mss", | |
| 1047 | "server_outgoing_tcp_mss", "server_tcp_upstream", "server_ssl_upstream", | |
| 1048 | "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", | |
| 1049 | "server_use_systemd", "server_do_daemonize", "server_use_syslog", | |
| 1050 | "server_log_time_ascii", "server_log_queries", "server_log_replies", | |
| 959 | 1051 | "server_chroot", "server_username", "server_directory", "server_logfile", |
| 960 | 1052 | "server_pidfile", "server_root_hints", "server_dlv_anchor_file", |
| 961 | 1053 | "server_dlv_anchor", "server_auto_trust_anchor_file", |
| 962 | 1054 | "server_trust_anchor_file", "server_trusted_keys_file", |
| 963 | "server_trust_anchor", "server_domain_insecure", "server_hide_identity", | |
| 964 | "server_hide_version", "server_identity", "server_version", | |
| 1055 | "server_trust_anchor", "server_trust_anchor_signaling", | |
| 1056 | "server_domain_insecure", "server_hide_identity", "server_hide_version", | |
| 1057 | "server_hide_trustanchor", "server_identity", "server_version", | |
| 965 | 1058 | "server_so_rcvbuf", "server_so_sndbuf", "server_so_reuseport", |
| 966 | 1059 | "server_ip_transparent", "server_ip_freebind", "server_edns_buffer_size", |
| 967 | 1060 | "server_msg_buffer_size", "server_msg_cache_size", |
| 986 | 1079 | "server_cache_max_negative_ttl", "server_cache_min_ttl", |
| 987 | 1080 | "server_bogus_ttl", "server_val_clean_additional", |
| 988 | 1081 | "server_val_permissive_mode", "server_ignore_cd_flag", |
| 989 | "server_serve_expired", "server_fake_dsa", "server_val_log_level", | |
| 990 | "server_val_nsec3_keysize_iterations", "server_add_holddown", | |
| 991 | "server_del_holddown", "server_keep_missing", | |
| 1082 | "server_serve_expired", "server_fake_dsa", "server_fake_sha1", | |
| 1083 | "server_val_log_level", "server_val_nsec3_keysize_iterations", | |
| 1084 | "server_add_holddown", "server_del_holddown", "server_keep_missing", | |
| 992 | 1085 | "server_permit_small_holddown", "server_key_cache_size", |
| 993 | 1086 | "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone", |
| 994 | 1087 | "server_local_data", "server_local_data_ptr", "server_minimal_responses", |
| 996 | 1089 | "server_dns64_synthall", "server_define_tag", "server_local_zone_tag", |
| 997 | 1090 | "server_access_control_tag", "server_access_control_tag_action", |
| 998 | 1091 | "server_access_control_tag_data", "server_local_zone_override", |
| 999 | "server_access_control_view", "server_ratelimit", | |
| 1000 | "server_ratelimit_size", "server_ratelimit_slabs", | |
| 1001 | "server_ratelimit_for_domain", "server_ratelimit_below_domain", | |
| 1092 | "server_access_control_view", "server_response_ip_tag", | |
| 1093 | "server_ip_ratelimit", "server_ratelimit", "server_ip_ratelimit_size", | |
| 1094 | "server_ratelimit_size", "server_ip_ratelimit_slabs", | |
| 1095 | "server_ratelimit_slabs", "server_ratelimit_for_domain", | |
| 1096 | "server_ratelimit_below_domain", "server_ip_ratelimit_factor", | |
| 1002 | 1097 | "server_ratelimit_factor", "server_qname_minimisation", |
| 1003 | "server_qname_minimisation_strict", "stub_name", "stub_host", | |
| 1004 | "stub_addr", "stub_first", "stub_ssl_upstream", "stub_prime", | |
| 1005 | "forward_name", "forward_host", "forward_addr", "forward_first", | |
| 1006 | "forward_ssl_upstream", "view_name", "view_local_zone", | |
| 1007 | "view_local_data", "view_first", "rcstart", "contents_rc", "content_rc", | |
| 1098 | "server_qname_minimisation_strict", "server_ipsecmod_enabled", | |
| 1099 | "server_ipsecmod_ignore_bogus", "server_ipsecmod_hook", | |
| 1100 | "server_ipsecmod_max_ttl", "server_ipsecmod_whitelist", | |
| 1101 | "server_ipsecmod_strict", "stub_name", "stub_host", "stub_addr", | |
| 1102 | "stub_first", "stub_ssl_upstream", "stub_prime", "forward_name", | |
| 1103 | "forward_host", "forward_addr", "forward_first", "forward_ssl_upstream", | |
| 1104 | "view_name", "view_local_zone", "view_response_ip", | |
| 1105 | "view_response_ip_data", "view_local_data", "view_local_data_ptr", | |
| 1106 | "view_first", "rcstart", "contents_rc", "content_rc", | |
| 1008 | 1107 | "rc_control_enable", "rc_control_port", "rc_control_interface", |
| 1009 | 1108 | "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file", |
| 1010 | 1109 | "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt", |
| 1018 | 1117 | "dt_dnstap_log_forwarder_query_messages", |
| 1019 | 1118 | "dt_dnstap_log_forwarder_response_messages", "pythonstart", |
| 1020 | 1119 | "contents_py", "content_py", "py_script", |
| 1021 | "server_disable_dnssec_lame_check", "server_log_identity", YY_NULLPTR | |
| 1120 | "server_disable_dnssec_lame_check", "server_log_identity", | |
| 1121 | "server_response_ip", "server_response_ip_data", "dnscstart", | |
| 1122 | "contents_dnsc", "content_dnsc", "dnsc_dnscrypt_enable", | |
| 1123 | "dnsc_dnscrypt_port", "dnsc_dnscrypt_provider", | |
| 1124 | "dnsc_dnscrypt_provider_cert", "dnsc_dnscrypt_secret_key", YY_NULLPTR | |
| 1022 | 1125 | }; |
| 1023 | 1126 | #endif |
| 1024 | 1127 | |
| 1045 | 1148 | 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, |
| 1046 | 1149 | 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, |
| 1047 | 1150 | 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, |
| 1048 | 435, 436, 437, 438 | |
| 1151 | 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, | |
| 1152 | 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, | |
| 1153 | 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, | |
| 1154 | 465, 466, 467, 468, 469, 470 | |
| 1049 | 1155 | }; |
| 1050 | 1156 | # endif |
| 1051 | 1157 | |
| 1052 | #define YYPACT_NINF -130 | |
| 1158 | #define YYPACT_NINF -200 | |
| 1053 | 1159 | |
| 1054 | 1160 | #define yypact_value_is_default(Yystate) \ |
| 1055 | (!!((Yystate) == (-130))) | |
| 1161 | (!!((Yystate) == (-200))) | |
| 1056 | 1162 | |
| 1057 | 1163 | #define YYTABLE_NINF -1 |
| 1058 | 1164 | |
| 1063 | 1169 | STATE-NUM. */ |
| 1064 | 1170 | static const yytype_int16 yypact[] = |
| 1065 | 1171 | { |
| 1066 | -130, 0, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1067 | -130, -130, -130, -130, -130, -130, -130, -130, 135, -38, | |
| 1068 | -34, -39, -64, -129, -105, -3, -2, -1, 2, 3, | |
| 1069 | 26, 29, 30, 32, 33, 34, 35, 36, 38, 39, | |
| 1070 | 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, | |
| 1071 | 50, 51, 52, 53, 54, 56, 57, 58, 59, 60, | |
| 1072 | 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, | |
| 1073 | 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, | |
| 1074 | 82, 83, 85, 88, 90, 91, 92, 93, 94, 95, | |
| 1075 | 96, 98, 99, 100, 101, 102, 103, 104, 105, 106, | |
| 1076 | 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, | |
| 1077 | 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, | |
| 1078 | 127, 128, 129, 130, 132, 133, 136, 165, 166, 167, | |
| 1079 | 172, 173, 174, 216, 217, 218, 219, 220, 221, 222, | |
| 1080 | 223, 224, 228, 232, 233, 256, 257, 258, 259, 269, | |
| 1081 | 270, 271, 272, 273, 274, 275, 276, 277, 278, -130, | |
| 1082 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1083 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1084 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1085 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1086 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1087 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1088 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1089 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1090 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1091 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1092 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1093 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1094 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1095 | -130, -130, -130, -130, 279, 280, 281, 303, 305, 309, | |
| 1096 | -130, -130, -130, -130, -130, -130, -130, 310, 311, 312, | |
| 1097 | 313, 314, -130, -130, -130, -130, -130, -130, 315, 316, | |
| 1098 | 317, 318, -130, -130, -130, -130, -130, 319, 320, 321, | |
| 1099 | 322, 323, 324, 325, 326, -130, -130, -130, -130, -130, | |
| 1100 | -130, -130, -130, -130, 327, 328, 329, 330, 331, 332, | |
| 1101 | 333, 334, 335, 336, 337, 338, -130, -130, -130, -130, | |
| 1102 | -130, -130, -130, -130, -130, -130, -130, -130, -130, 339, | |
| 1103 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1104 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1105 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1106 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1107 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1108 | -130, -130, -130, -130, -130, -130, -130, -130, 340, 341, | |
| 1109 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1110 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1111 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1112 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1113 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1114 | -130, -130, -130, -130, -130, -130, -130, 342, 343, -130, | |
| 1115 | -130, -130, -130, -130, -130, -130, -130, 344, 345, 346, | |
| 1116 | 347, 348, 349, -130, -130, -130, -130, -130, -130, -130, | |
| 1117 | -130, -130, -130, -130, -130, -130, -130, -130, 350, -130, | |
| 1118 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1119 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1120 | -130, -130, -130, -130, -130, -130, -130, -130, 351, 352, | |
| 1121 | 353, -130, -130, -130, -130, -130 | |
| 1172 | -200, 0, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1173 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1174 | 96, -39, -35, 248, -65, -131, -106, -199, 2, 25, | |
| 1175 | 26, 27, 28, 29, 30, 32, 33, 34, 35, 36, | |
| 1176 | 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, | |
| 1177 | 48, 49, 50, 51, 52, 53, 55, 56, 57, 58, | |
| 1178 | 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, | |
| 1179 | 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, | |
| 1180 | 79, 80, 82, 83, 85, 88, 90, 91, 92, 93, | |
| 1181 | 94, 95, 126, 127, 128, 129, 133, 134, 177, 178, | |
| 1182 | 179, 180, 181, 183, 184, 185, 189, 193, 218, 219, | |
| 1183 | 220, 221, 231, 232, 233, 234, 235, 236, 237, 238, | |
| 1184 | 239, 240, 241, 242, 243, 280, 290, 291, 292, 293, | |
| 1185 | 294, 295, 302, 303, 304, 305, 306, 307, 308, 309, | |
| 1186 | 310, 311, 312, 313, 316, 317, 318, 319, 320, 321, | |
| 1187 | 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, | |
| 1188 | 332, 333, 334, 335, 336, 337, 338, 340, 341, 342, | |
| 1189 | 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, | |
| 1190 | 353, 354, 355, 356, 357, 358, 359, 360, -200, -200, | |
| 1191 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1192 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1193 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1194 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1195 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1196 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1197 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1198 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1199 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1200 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1201 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1202 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1203 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1204 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1205 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1206 | -200, -200, -200, -200, -200, -200, -200, -200, -200, 361, | |
| 1207 | 362, 363, 364, 365, 366, -200, -200, -200, -200, -200, | |
| 1208 | -200, -200, 367, 368, 369, 370, 371, -200, -200, -200, | |
| 1209 | -200, -200, -200, 372, 373, 374, 375, 376, 377, 378, | |
| 1210 | -200, -200, -200, -200, -200, -200, -200, -200, 379, 380, | |
| 1211 | 381, 382, 383, 384, 385, 386, -200, -200, -200, -200, | |
| 1212 | -200, -200, -200, -200, -200, 387, 388, 389, 390, 391, | |
| 1213 | 392, 393, 394, 395, 396, 399, 400, -200, -200, -200, | |
| 1214 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1215 | 401, -200, -200, 402, 403, 404, 405, 406, -200, -200, | |
| 1216 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1217 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1218 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1219 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1220 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1221 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1222 | 407, 408, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1223 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1224 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1225 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1226 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1227 | -200, -200, -200, -200, 409, 410, 411, -200, -200, -200, | |
| 1228 | -200, -200, -200, -200, -200, -200, 412, 413, -200, -200, | |
| 1229 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1230 | -200, -200, -200, 414, 415, 416, 417, 418, 419, -200, | |
| 1231 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1232 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1233 | -200, -200, -200, -200, -200, -200, 420, -200, -200, 421, | |
| 1234 | 422, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1235 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1236 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1237 | -200, -200, -200, -200, -200, -200, -200, 423, 424, 425, | |
| 1238 | -200, -200, -200, -200, -200, -200, -200 | |
| 1122 | 1239 | }; |
| 1123 | 1240 | |
| 1124 | 1241 | /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. |
| 1126 | 1243 | means the default is an error. */ |
| 1127 | 1244 | static const yytype_uint16 yydefact[] = |
| 1128 | 1245 | { |
| 1129 | 2, 0, 1, 11, 148, 157, 319, 365, 338, 165, | |
| 1130 | 3, 13, 150, 159, 167, 321, 340, 367, 4, 5, | |
| 1131 | 6, 10, 8, 9, 7, 0, 0, 0, 0, 0, | |
| 1246 | 2, 0, 1, 12, 175, 184, 376, 422, 395, 192, | |
| 1247 | 431, 3, 14, 177, 186, 194, 378, 397, 424, 433, | |
| 1248 | 4, 5, 6, 10, 8, 9, 7, 11, 0, 0, | |
| 1132 | 1249 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 1133 | 1250 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 1134 | 1251 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 1141 | 1258 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 1142 | 1259 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 1143 | 1260 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 1144 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, | |
| 1145 | 14, 15, 74, 77, 86, 16, 25, 65, 17, 78, | |
| 1146 | 79, 36, 58, 73, 18, 19, 21, 22, 20, 23, | |
| 1147 | 24, 108, 109, 110, 111, 112, 75, 64, 90, 107, | |
| 1148 | 26, 27, 28, 29, 30, 66, 80, 81, 96, 52, | |
| 1149 | 62, 53, 91, 46, 47, 48, 49, 100, 104, 116, | |
| 1150 | 124, 135, 101, 59, 31, 32, 33, 88, 117, 118, | |
| 1151 | 119, 34, 35, 37, 38, 40, 41, 39, 122, 42, | |
| 1152 | 43, 44, 50, 69, 105, 83, 123, 76, 131, 84, | |
| 1153 | 85, 102, 103, 89, 45, 67, 70, 51, 54, 92, | |
| 1154 | 93, 68, 132, 94, 55, 56, 57, 106, 145, 146, | |
| 1155 | 95, 63, 97, 98, 99, 133, 60, 61, 82, 71, | |
| 1156 | 72, 87, 113, 114, 115, 120, 121, 136, 137, 139, | |
| 1157 | 141, 142, 140, 143, 125, 127, 126, 128, 129, 130, | |
| 1158 | 134, 144, 138, 147, 0, 0, 0, 0, 0, 0, | |
| 1159 | 149, 151, 152, 153, 155, 156, 154, 0, 0, 0, | |
| 1160 | 0, 0, 158, 160, 161, 162, 163, 164, 0, 0, | |
| 1161 | 0, 0, 166, 168, 169, 170, 171, 0, 0, 0, | |
| 1162 | 0, 0, 0, 0, 0, 320, 322, 324, 323, 329, | |
| 1163 | 325, 326, 327, 328, 0, 0, 0, 0, 0, 0, | |
| 1164 | 0, 0, 0, 0, 0, 0, 339, 341, 342, 343, | |
| 1165 | 344, 345, 346, 347, 348, 349, 350, 351, 352, 0, | |
| 1166 | 366, 368, 173, 172, 177, 180, 178, 186, 187, 190, | |
| 1167 | 188, 189, 191, 192, 202, 203, 204, 205, 206, 226, | |
| 1168 | 227, 228, 233, 234, 183, 235, 236, 239, 237, 238, | |
| 1169 | 241, 242, 243, 256, 215, 216, 217, 218, 244, 259, | |
| 1170 | 211, 213, 260, 266, 267, 268, 184, 225, 278, 279, | |
| 1171 | 212, 273, 199, 179, 207, 257, 263, 245, 0, 0, | |
| 1172 | 282, 185, 174, 198, 249, 175, 181, 182, 208, 209, | |
| 1173 | 280, 247, 251, 252, 176, 283, 229, 255, 200, 214, | |
| 1174 | 261, 262, 265, 272, 210, 276, 274, 275, 219, 224, | |
| 1175 | 253, 254, 220, 221, 246, 269, 201, 193, 194, 195, | |
| 1176 | 196, 197, 284, 285, 286, 230, 231, 232, 240, 287, | |
| 1177 | 288, 248, 222, 370, 296, 298, 297, 0, 0, 301, | |
| 1178 | 250, 264, 277, 302, 303, 223, 289, 0, 0, 0, | |
| 1179 | 0, 0, 0, 270, 271, 371, 304, 305, 306, 309, | |
| 1180 | 308, 307, 310, 311, 312, 313, 314, 315, 0, 317, | |
| 1181 | 318, 330, 332, 331, 334, 335, 336, 337, 333, 353, | |
| 1182 | 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, | |
| 1183 | 364, 369, 258, 281, 299, 300, 290, 291, 0, 0, | |
| 1184 | 0, 295, 316, 294, 292, 293 | |
| 1261 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
| 1262 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
| 1263 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
| 1264 | 0, 0, 0, 0, 0, 0, 0, 0, 13, 15, | |
| 1265 | 16, 75, 78, 87, 164, 165, 17, 137, 138, 139, | |
| 1266 | 140, 141, 142, 26, 66, 18, 79, 80, 37, 59, | |
| 1267 | 74, 19, 20, 22, 23, 21, 24, 25, 110, 111, | |
| 1268 | 112, 113, 114, 160, 76, 65, 91, 108, 109, 27, | |
| 1269 | 28, 29, 30, 31, 67, 81, 82, 97, 53, 63, | |
| 1270 | 54, 168, 92, 47, 48, 167, 49, 50, 101, 105, | |
| 1271 | 118, 126, 147, 102, 60, 32, 33, 34, 89, 119, | |
| 1272 | 120, 121, 35, 36, 38, 39, 41, 42, 40, 124, | |
| 1273 | 43, 44, 45, 51, 70, 106, 84, 125, 77, 143, | |
| 1274 | 85, 86, 103, 104, 90, 46, 68, 71, 52, 55, | |
| 1275 | 93, 94, 69, 144, 95, 56, 57, 58, 107, 157, | |
| 1276 | 158, 166, 96, 64, 98, 99, 100, 145, 61, 62, | |
| 1277 | 83, 72, 73, 88, 115, 116, 117, 122, 123, 148, | |
| 1278 | 149, 151, 153, 154, 152, 155, 161, 127, 128, 131, | |
| 1279 | 132, 129, 130, 133, 134, 136, 135, 146, 156, 169, | |
| 1280 | 171, 170, 172, 173, 174, 150, 159, 162, 163, 0, | |
| 1281 | 0, 0, 0, 0, 0, 176, 178, 179, 180, 182, | |
| 1282 | 183, 181, 0, 0, 0, 0, 0, 185, 187, 188, | |
| 1283 | 189, 190, 191, 0, 0, 0, 0, 0, 0, 0, | |
| 1284 | 193, 195, 196, 199, 200, 197, 201, 198, 0, 0, | |
| 1285 | 0, 0, 0, 0, 0, 0, 377, 379, 381, 380, | |
| 1286 | 386, 382, 383, 384, 385, 0, 0, 0, 0, 0, | |
| 1287 | 0, 0, 0, 0, 0, 0, 0, 396, 398, 399, | |
| 1288 | 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, | |
| 1289 | 0, 423, 425, 0, 0, 0, 0, 0, 432, 434, | |
| 1290 | 435, 436, 438, 437, 203, 202, 209, 218, 216, 224, | |
| 1291 | 225, 228, 226, 227, 229, 230, 242, 243, 244, 245, | |
| 1292 | 246, 268, 269, 270, 275, 276, 221, 277, 278, 281, | |
| 1293 | 279, 280, 283, 284, 285, 298, 256, 257, 259, 260, | |
| 1294 | 286, 301, 251, 253, 302, 308, 309, 310, 222, 267, | |
| 1295 | 321, 322, 252, 316, 238, 217, 247, 299, 305, 287, | |
| 1296 | 0, 0, 325, 223, 204, 237, 291, 205, 219, 220, | |
| 1297 | 248, 249, 323, 289, 293, 294, 206, 326, 271, 297, | |
| 1298 | 239, 255, 303, 304, 307, 315, 250, 319, 317, 318, | |
| 1299 | 261, 266, 295, 296, 262, 263, 288, 311, 240, 241, | |
| 1300 | 231, 232, 233, 234, 235, 327, 328, 329, 272, 273, | |
| 1301 | 274, 282, 330, 331, 0, 0, 0, 290, 264, 427, | |
| 1302 | 340, 344, 342, 341, 345, 343, 0, 0, 348, 349, | |
| 1303 | 210, 211, 212, 213, 214, 215, 292, 306, 320, 350, | |
| 1304 | 351, 265, 332, 0, 0, 0, 0, 0, 0, 312, | |
| 1305 | 313, 314, 428, 258, 254, 236, 207, 208, 352, 354, | |
| 1306 | 353, 355, 356, 357, 358, 359, 360, 363, 362, 361, | |
| 1307 | 364, 365, 366, 367, 368, 369, 0, 373, 374, 0, | |
| 1308 | 0, 375, 387, 389, 388, 391, 392, 393, 394, 390, | |
| 1309 | 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, | |
| 1310 | 420, 421, 426, 439, 440, 441, 443, 442, 300, 324, | |
| 1311 | 339, 429, 430, 346, 347, 333, 334, 0, 0, 0, | |
| 1312 | 338, 370, 371, 372, 337, 335, 336 | |
| 1185 | 1313 | }; |
| 1186 | 1314 | |
| 1187 | 1315 | /* YYPGOTO[NTERM-NUM]. */ |
| 1188 | 1316 | static const yytype_int16 yypgoto[] = |
| 1189 | 1317 | { |
| 1190 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1191 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1192 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1193 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1194 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1195 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1196 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1197 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1198 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1199 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1200 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1201 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1202 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1203 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1204 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1205 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1206 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1207 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1208 | -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, | |
| 1209 | -130, -130, -130, -130 | |
| 1318 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1319 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1320 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1321 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1322 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1323 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1324 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1325 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1326 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1327 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1328 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1329 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1330 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1331 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1332 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1333 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1334 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1335 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1336 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1337 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1338 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1339 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1340 | -200, -200, -200, -200, -200, -200, -200, -200, -200, -200, | |
| 1341 | -200 | |
| 1210 | 1342 | }; |
| 1211 | 1343 | |
| 1212 | 1344 | /* YYDEFGOTO[NTERM-NUM]. */ |
| 1213 | 1345 | static const yytype_int16 yydefgoto[] = |
| 1214 | 1346 | { |
| 1215 | -1, 1, 10, 11, 18, 159, 12, 19, 300, 13, | |
| 1216 | 20, 312, 14, 21, 322, 160, 161, 162, 163, 164, | |
| 1217 | 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, | |
| 1218 | 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, | |
| 1219 | 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, | |
| 1220 | 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, | |
| 1221 | 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, | |
| 1222 | 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, | |
| 1223 | 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, | |
| 1224 | 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, | |
| 1225 | 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, | |
| 1226 | 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, | |
| 1227 | 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, | |
| 1228 | 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, | |
| 1229 | 285, 286, 287, 288, 289, 290, 291, 301, 302, 303, | |
| 1230 | 304, 305, 306, 313, 314, 315, 316, 317, 323, 324, | |
| 1231 | 325, 326, 15, 22, 335, 336, 337, 338, 339, 340, | |
| 1232 | 341, 342, 343, 16, 23, 356, 357, 358, 359, 360, | |
| 1233 | 361, 362, 363, 364, 365, 366, 367, 368, 17, 24, | |
| 1234 | 370, 371, 292, 293 | |
| 1347 | -1, 1, 11, 12, 20, 188, 13, 21, 355, 14, | |
| 1348 | 22, 367, 15, 23, 380, 189, 190, 191, 192, 193, | |
| 1349 | 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, | |
| 1350 | 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, | |
| 1351 | 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, | |
| 1352 | 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, | |
| 1353 | 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, | |
| 1354 | 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, | |
| 1355 | 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, | |
| 1356 | 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, | |
| 1357 | 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, | |
| 1358 | 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, | |
| 1359 | 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, | |
| 1360 | 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, | |
| 1361 | 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, | |
| 1362 | 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, | |
| 1363 | 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, | |
| 1364 | 344, 356, 357, 358, 359, 360, 361, 368, 369, 370, | |
| 1365 | 371, 372, 381, 382, 383, 384, 385, 386, 387, 16, | |
| 1366 | 24, 396, 397, 398, 399, 400, 401, 402, 403, 404, | |
| 1367 | 17, 25, 417, 418, 419, 420, 421, 422, 423, 424, | |
| 1368 | 425, 426, 427, 428, 429, 18, 26, 431, 432, 345, | |
| 1369 | 346, 347, 348, 19, 27, 438, 439, 440, 441, 442, | |
| 1370 | 443 | |
| 1235 | 1371 | }; |
| 1236 | 1372 | |
| 1237 | 1373 | /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If |
| 1239 | 1375 | number is the opposite. If YYTABLE_NINF, syntax error. */ |
| 1240 | 1376 | static const yytype_uint16 yytable[] = |
| 1241 | 1377 | { |
| 1242 | 2, 318, 294, 369, 295, 296, 307, 372, 373, 374, | |
| 1243 | 0, 3, 375, 376, 308, 309, 344, 345, 346, 347, | |
| 1244 | 348, 349, 350, 351, 352, 353, 354, 355, 327, 328, | |
| 1245 | 329, 330, 331, 332, 333, 334, 377, 319, 320, 378, | |
| 1246 | 379, 4, 380, 381, 382, 383, 384, 5, 385, 386, | |
| 1247 | 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, | |
| 1248 | 397, 398, 399, 400, 401, 297, 402, 403, 404, 405, | |
| 1249 | 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, | |
| 1250 | 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, | |
| 1251 | 426, 6, 427, 428, 298, 429, 299, 310, 430, 311, | |
| 1252 | 431, 432, 433, 434, 435, 436, 437, 7, 438, 439, | |
| 1253 | 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, | |
| 1254 | 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, | |
| 1255 | 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, | |
| 1256 | 470, 321, 471, 472, 8, 0, 473, 25, 26, 27, | |
| 1257 | 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, | |
| 1258 | 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, | |
| 1259 | 48, 49, 50, 51, 52, 474, 475, 476, 9, 53, | |
| 1260 | 54, 55, 477, 478, 479, 56, 57, 58, 59, 60, | |
| 1261 | 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, | |
| 1262 | 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, | |
| 1263 | 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, | |
| 1264 | 91, 92, 93, 94, 95, 96, 480, 481, 482, 483, | |
| 1265 | 484, 485, 486, 487, 488, 97, 98, 99, 489, 100, | |
| 1266 | 101, 102, 490, 491, 103, 104, 105, 106, 107, 108, | |
| 1267 | 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, | |
| 1268 | 119, 120, 121, 122, 123, 124, 492, 493, 494, 495, | |
| 1269 | 125, 126, 127, 128, 129, 130, 131, 132, 133, 496, | |
| 1270 | 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, | |
| 1271 | 507, 508, 134, 135, 136, 137, 138, 139, 140, 141, | |
| 1272 | 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, | |
| 1273 | 152, 153, 154, 509, 155, 510, 156, 157, 158, 511, | |
| 1274 | 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, | |
| 1275 | 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, | |
| 1276 | 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, | |
| 1277 | 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, | |
| 1278 | 552, 553, 554, 555 | |
| 1378 | 2, 349, 430, 350, 351, 362, 433, 434, 435, 436, | |
| 1379 | 437, 3, 444, 363, 364, 405, 406, 407, 408, 409, | |
| 1380 | 410, 411, 412, 413, 414, 415, 416, 388, 389, 390, | |
| 1381 | 391, 392, 393, 394, 395, 445, 446, 447, 448, 449, | |
| 1382 | 450, 4, 451, 452, 453, 454, 455, 5, 456, 457, | |
| 1383 | 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, | |
| 1384 | 468, 469, 470, 471, 352, 472, 473, 474, 475, 476, | |
| 1385 | 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, | |
| 1386 | 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, | |
| 1387 | 497, 6, 498, 499, 353, 500, 354, 365, 501, 366, | |
| 1388 | 502, 503, 504, 505, 506, 507, 0, 7, 28, 29, | |
| 1389 | 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, | |
| 1390 | 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, | |
| 1391 | 50, 51, 52, 53, 54, 55, 508, 509, 510, 511, | |
| 1392 | 56, 57, 58, 512, 513, 8, 59, 60, 61, 62, | |
| 1393 | 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, | |
| 1394 | 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, | |
| 1395 | 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, | |
| 1396 | 93, 94, 95, 96, 97, 98, 99, 514, 515, 516, | |
| 1397 | 517, 518, 9, 519, 520, 521, 100, 101, 102, 522, | |
| 1398 | 103, 104, 105, 523, 10, 106, 107, 108, 109, 110, | |
| 1399 | 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, | |
| 1400 | 121, 122, 123, 124, 125, 126, 127, 128, 524, 525, | |
| 1401 | 526, 527, 129, 130, 131, 132, 133, 134, 135, 136, | |
| 1402 | 137, 528, 529, 530, 531, 532, 533, 534, 535, 536, | |
| 1403 | 537, 538, 539, 540, 138, 139, 140, 141, 142, 143, | |
| 1404 | 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, | |
| 1405 | 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, | |
| 1406 | 164, 165, 166, 167, 168, 169, 170, 171, 373, 172, | |
| 1407 | 541, 173, 174, 175, 176, 177, 178, 179, 180, 181, | |
| 1408 | 542, 543, 544, 545, 546, 547, 182, 183, 184, 185, | |
| 1409 | 186, 187, 548, 549, 550, 551, 552, 553, 554, 555, | |
| 1410 | 556, 557, 558, 559, 374, 375, 560, 561, 562, 563, | |
| 1411 | 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, | |
| 1412 | 574, 575, 576, 577, 578, 579, 580, 581, 582, 376, | |
| 1413 | 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, | |
| 1414 | 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, | |
| 1415 | 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, | |
| 1416 | 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, | |
| 1417 | 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, | |
| 1418 | 633, 634, 635, 636, 637, 638, 639, 377, 378, 640, | |
| 1419 | 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, | |
| 1420 | 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, | |
| 1421 | 661, 662, 663, 664, 665, 666, 0, 0, 0, 0, | |
| 1422 | 0, 0, 379 | |
| 1279 | 1423 | }; |
| 1280 | 1424 | |
| 1281 | 1425 | static const yytype_int16 yycheck[] = |
| 1282 | 1426 | { |
| 1283 | 0, 40, 40, 108, 42, 43, 40, 10, 10, 10, | |
| 1284 | -1, 11, 10, 10, 48, 49, 145, 146, 147, 148, | |
| 1285 | 149, 150, 151, 152, 153, 154, 155, 156, 92, 93, | |
| 1286 | 94, 95, 96, 97, 98, 99, 10, 76, 77, 10, | |
| 1427 | 0, 40, 108, 42, 43, 40, 205, 206, 207, 208, | |
| 1428 | 209, 11, 10, 48, 49, 146, 147, 148, 149, 150, | |
| 1429 | 151, 152, 153, 154, 155, 156, 157, 92, 93, 94, | |
| 1430 | 95, 96, 97, 98, 99, 10, 10, 10, 10, 10, | |
| 1287 | 1431 | 10, 41, 10, 10, 10, 10, 10, 47, 10, 10, |
| 1288 | 1432 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1289 | 10, 10, 10, 10, 10, 103, 10, 10, 10, 10, | |
| 1433 | 10, 10, 10, 10, 103, 10, 10, 10, 10, 10, | |
| 1290 | 1434 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1291 | 1435 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1292 | 10, 91, 10, 10, 132, 10, 134, 131, 10, 133, | |
| 1293 | 10, 10, 10, 10, 10, 10, 10, 107, 10, 10, | |
| 1436 | 10, 91, 10, 10, 133, 10, 135, 132, 10, 134, | |
| 1437 | 10, 10, 10, 10, 10, 10, -1, 107, 12, 13, | |
| 1438 | 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, | |
| 1439 | 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, | |
| 1440 | 34, 35, 36, 37, 38, 39, 10, 10, 10, 10, | |
| 1441 | 44, 45, 46, 10, 10, 145, 50, 51, 52, 53, | |
| 1442 | 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, | |
| 1443 | 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, | |
| 1444 | 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, | |
| 1445 | 84, 85, 86, 87, 88, 89, 90, 10, 10, 10, | |
| 1446 | 10, 10, 192, 10, 10, 10, 100, 101, 102, 10, | |
| 1447 | 104, 105, 106, 10, 204, 109, 110, 111, 112, 113, | |
| 1448 | 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, | |
| 1449 | 124, 125, 126, 127, 128, 129, 130, 131, 10, 10, | |
| 1450 | 10, 10, 136, 137, 138, 139, 140, 141, 142, 143, | |
| 1451 | 144, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1452 | 10, 10, 10, 10, 158, 159, 160, 161, 162, 163, | |
| 1453 | 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, | |
| 1454 | 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, | |
| 1455 | 184, 185, 186, 187, 188, 189, 190, 191, 40, 193, | |
| 1456 | 10, 195, 196, 197, 198, 199, 200, 201, 202, 203, | |
| 1457 | 10, 10, 10, 10, 10, 10, 210, 211, 212, 213, | |
| 1458 | 214, 215, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1459 | 10, 10, 10, 10, 76, 77, 10, 10, 10, 10, | |
| 1294 | 1460 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1295 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1296 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1297 | 10, 180, 10, 10, 144, -1, 10, 12, 13, 14, | |
| 1298 | 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, | |
| 1299 | 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, | |
| 1300 | 35, 36, 37, 38, 39, 10, 10, 10, 178, 44, | |
| 1301 | 45, 46, 10, 10, 10, 50, 51, 52, 53, 54, | |
| 1302 | 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, | |
| 1303 | 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, | |
| 1304 | 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, | |
| 1305 | 85, 86, 87, 88, 89, 90, 10, 10, 10, 10, | |
| 1306 | 10, 10, 10, 10, 10, 100, 101, 102, 10, 104, | |
| 1307 | 105, 106, 10, 10, 109, 110, 111, 112, 113, 114, | |
| 1308 | 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, | |
| 1309 | 125, 126, 127, 128, 129, 130, 10, 10, 10, 10, | |
| 1310 | 135, 136, 137, 138, 139, 140, 141, 142, 143, 10, | |
| 1311 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1312 | 10, 10, 157, 158, 159, 160, 161, 162, 163, 164, | |
| 1313 | 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, | |
| 1314 | 175, 176, 177, 10, 179, 10, 181, 182, 183, 10, | |
| 1461 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 101, | |
| 1315 | 1462 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1316 | 1463 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1317 | 1464 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1318 | 1465 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1319 | 10, 10, 10, 10 | |
| 1466 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1467 | 10, 10, 10, 10, 10, 10, 10, 159, 160, 10, | |
| 1468 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1469 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1470 | 10, 10, 10, 10, 10, 10, -1, -1, -1, -1, | |
| 1471 | -1, -1, 194 | |
| 1320 | 1472 | }; |
| 1321 | 1473 | |
| 1322 | 1474 | /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing |
| 1323 | 1475 | symbol of state STATE-NUM. */ |
| 1324 | 1476 | static const yytype_uint16 yystos[] = |
| 1325 | 1477 | { |
| 1326 | 0, 185, 0, 11, 41, 47, 91, 107, 144, 178, | |
| 1327 | 186, 187, 190, 193, 196, 346, 357, 372, 188, 191, | |
| 1328 | 194, 197, 347, 358, 373, 12, 13, 14, 15, 16, | |
| 1329 | 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, | |
| 1330 | 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, | |
| 1331 | 37, 38, 39, 44, 45, 46, 50, 51, 52, 53, | |
| 1332 | 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, | |
| 1333 | 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, | |
| 1334 | 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, | |
| 1335 | 84, 85, 86, 87, 88, 89, 90, 100, 101, 102, | |
| 1336 | 104, 105, 106, 109, 110, 111, 112, 113, 114, 115, | |
| 1337 | 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, | |
| 1338 | 126, 127, 128, 129, 130, 135, 136, 137, 138, 139, | |
| 1339 | 140, 141, 142, 143, 157, 158, 159, 160, 161, 162, | |
| 1340 | 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, | |
| 1341 | 173, 174, 175, 176, 177, 179, 181, 182, 183, 189, | |
| 1342 | 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, | |
| 1343 | 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, | |
| 1344 | 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, | |
| 1345 | 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, | |
| 1346 | 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, | |
| 1347 | 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, | |
| 1348 | 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, | |
| 1349 | 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, | |
| 1350 | 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, | |
| 1351 | 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, | |
| 1352 | 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, | |
| 1353 | 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, | |
| 1354 | 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, | |
| 1355 | 329, 330, 376, 377, 40, 42, 43, 103, 132, 134, | |
| 1356 | 192, 331, 332, 333, 334, 335, 336, 40, 48, 49, | |
| 1357 | 131, 133, 195, 337, 338, 339, 340, 341, 40, 76, | |
| 1358 | 77, 180, 198, 342, 343, 344, 345, 92, 93, 94, | |
| 1359 | 95, 96, 97, 98, 99, 348, 349, 350, 351, 352, | |
| 1360 | 353, 354, 355, 356, 145, 146, 147, 148, 149, 150, | |
| 1361 | 151, 152, 153, 154, 155, 156, 359, 360, 361, 362, | |
| 1362 | 363, 364, 365, 366, 367, 368, 369, 370, 371, 108, | |
| 1363 | 374, 375, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1478 | 0, 217, 0, 11, 41, 47, 91, 107, 145, 192, | |
| 1479 | 204, 218, 219, 222, 225, 228, 405, 416, 431, 439, | |
| 1480 | 220, 223, 226, 229, 406, 417, 432, 440, 12, 13, | |
| 1481 | 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, | |
| 1482 | 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, | |
| 1483 | 34, 35, 36, 37, 38, 39, 44, 45, 46, 50, | |
| 1484 | 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, | |
| 1485 | 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, | |
| 1486 | 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, | |
| 1487 | 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, | |
| 1488 | 100, 101, 102, 104, 105, 106, 109, 110, 111, 112, | |
| 1489 | 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, | |
| 1490 | 123, 124, 125, 126, 127, 128, 129, 130, 131, 136, | |
| 1491 | 137, 138, 139, 140, 141, 142, 143, 144, 158, 159, | |
| 1492 | 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, | |
| 1493 | 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, | |
| 1494 | 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, | |
| 1495 | 190, 191, 193, 195, 196, 197, 198, 199, 200, 201, | |
| 1496 | 202, 203, 210, 211, 212, 213, 214, 215, 221, 231, | |
| 1497 | 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, | |
| 1498 | 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, | |
| 1499 | 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, | |
| 1500 | 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, | |
| 1501 | 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, | |
| 1502 | 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, | |
| 1503 | 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, | |
| 1504 | 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, | |
| 1505 | 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, | |
| 1506 | 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, | |
| 1507 | 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, | |
| 1508 | 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, | |
| 1509 | 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, | |
| 1510 | 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, | |
| 1511 | 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, | |
| 1512 | 382, 383, 384, 385, 386, 435, 436, 437, 438, 40, | |
| 1513 | 42, 43, 103, 133, 135, 224, 387, 388, 389, 390, | |
| 1514 | 391, 392, 40, 48, 49, 132, 134, 227, 393, 394, | |
| 1515 | 395, 396, 397, 40, 76, 77, 101, 159, 160, 194, | |
| 1516 | 230, 398, 399, 400, 401, 402, 403, 404, 92, 93, | |
| 1517 | 94, 95, 96, 97, 98, 99, 407, 408, 409, 410, | |
| 1518 | 411, 412, 413, 414, 415, 146, 147, 148, 149, 150, | |
| 1519 | 151, 152, 153, 154, 155, 156, 157, 418, 419, 420, | |
| 1520 | 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, | |
| 1521 | 108, 433, 434, 205, 206, 207, 208, 209, 441, 442, | |
| 1522 | 443, 444, 445, 446, 10, 10, 10, 10, 10, 10, | |
| 1364 | 1523 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1365 | 1524 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1366 | 1525 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1378 | 1537 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1379 | 1538 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1380 | 1539 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, |
| 1381 | 10, 10, 10, 10, 10, 10 | |
| 1540 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1541 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1542 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1543 | 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, | |
| 1544 | 10, 10, 10, 10, 10, 10, 10 | |
| 1382 | 1545 | }; |
| 1383 | 1546 | |
| 1384 | 1547 | /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ |
| 1385 | 1548 | static const yytype_uint16 yyr1[] = |
| 1386 | 1549 | { |
| 1387 | 0, 184, 185, 185, 186, 186, 186, 186, 186, 186, | |
| 1388 | 186, 187, 188, 188, 189, 189, 189, 189, 189, 189, | |
| 1389 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1390 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1391 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1392 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1393 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1394 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1395 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1396 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1397 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1398 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1399 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1400 | 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, | |
| 1401 | 189, 189, 189, 189, 189, 189, 189, 189, 190, 191, | |
| 1402 | 191, 192, 192, 192, 192, 192, 192, 193, 194, 194, | |
| 1403 | 195, 195, 195, 195, 195, 196, 197, 197, 198, 198, | |
| 1404 | 198, 198, 199, 200, 201, 202, 203, 204, 205, 206, | |
| 1405 | 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, | |
| 1406 | 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, | |
| 1407 | 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, | |
| 1408 | 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, | |
| 1409 | 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, | |
| 1410 | 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, | |
| 1411 | 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, | |
| 1412 | 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, | |
| 1413 | 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, | |
| 1414 | 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, | |
| 1415 | 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, | |
| 1416 | 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, | |
| 1417 | 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, | |
| 1418 | 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, | |
| 1419 | 347, 347, 348, 348, 348, 348, 348, 348, 348, 348, | |
| 1550 | 0, 216, 217, 217, 218, 218, 218, 218, 218, 218, | |
| 1551 | 218, 218, 219, 220, 220, 221, 221, 221, 221, 221, | |
| 1552 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1553 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1554 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1555 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1556 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1557 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1558 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1559 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1560 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1561 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1562 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1563 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1564 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1565 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1566 | 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, | |
| 1567 | 221, 221, 221, 221, 221, 222, 223, 223, 224, 224, | |
| 1568 | 224, 224, 224, 224, 225, 226, 226, 227, 227, 227, | |
| 1569 | 227, 227, 228, 229, 229, 230, 230, 230, 230, 230, | |
| 1570 | 230, 230, 231, 232, 233, 234, 235, 236, 237, 238, | |
| 1571 | 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, | |
| 1572 | 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, | |
| 1573 | 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, | |
| 1574 | 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, | |
| 1575 | 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, | |
| 1576 | 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, | |
| 1577 | 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, | |
| 1578 | 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, | |
| 1579 | 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, | |
| 1580 | 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, | |
| 1581 | 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, | |
| 1420 | 1582 | 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, |
| 1421 | 358, 359, 359, 359, 359, 359, 359, 359, 359, 359, | |
| 1422 | 359, 359, 359, 360, 361, 362, 363, 364, 365, 366, | |
| 1423 | 367, 368, 369, 370, 371, 372, 373, 373, 374, 375, | |
| 1424 | 376, 377 | |
| 1583 | 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, | |
| 1584 | 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, | |
| 1585 | 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, | |
| 1586 | 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, | |
| 1587 | 399, 400, 401, 402, 403, 404, 405, 406, 406, 407, | |
| 1588 | 407, 407, 407, 407, 407, 407, 407, 408, 409, 410, | |
| 1589 | 411, 412, 413, 414, 415, 416, 417, 417, 418, 418, | |
| 1590 | 418, 418, 418, 418, 418, 418, 418, 418, 418, 418, | |
| 1591 | 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, | |
| 1592 | 429, 430, 431, 432, 432, 433, 434, 435, 436, 437, | |
| 1593 | 438, 439, 440, 440, 441, 441, 441, 441, 441, 442, | |
| 1594 | 443, 444, 445, 446 | |
| 1425 | 1595 | }; |
| 1426 | 1596 | |
| 1427 | 1597 | /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ |
| 1428 | 1598 | static const yytype_uint8 yyr2[] = |
| 1429 | 1599 | { |
| 1430 | 1600 | 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, |
| 1431 | 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, | |
| 1601 | 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, | |
| 1432 | 1602 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1433 | 1603 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1434 | 1604 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1441 | 1611 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1442 | 1612 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1443 | 1613 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
| 1444 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, | |
| 1445 | 0, 1, 1, 1, 1, 1, 1, 1, 2, 0, | |
| 1614 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 1615 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 1616 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 1446 | 1617 | 1, 1, 1, 1, 1, 1, 2, 0, 1, 1, |
| 1618 | 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, | |
| 1619 | 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, | |
| 1447 | 1620 | 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1448 | 1621 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1449 | 1622 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1452 | 1625 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1453 | 1626 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1454 | 1627 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1455 | 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, | |
| 1456 | 1628 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1457 | 1629 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1458 | 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, | |
| 1459 | 3, 3, 4, 4, 4, 3, 2, 2, 2, 3, | |
| 1460 | 1630 | 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
| 1461 | 2, 2, 2, 2, 2, 2, 3, 2, 2, 1, | |
| 1462 | 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 1463 | 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, | |
| 1464 | 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 1465 | 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, | |
| 1466 | 2, 2, 2, 2, 2, 1, 2, 0, 1, 2, | |
| 1467 | 2, 2 | |
| 1631 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, | |
| 1632 | 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, | |
| 1633 | 2, 2, 2, 3, 3, 4, 4, 4, 3, 3, | |
| 1634 | 2, 2, 2, 2, 2, 2, 3, 3, 2, 2, | |
| 1635 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, | |
| 1636 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, | |
| 1637 | 3, 3, 3, 2, 2, 2, 1, 2, 0, 1, | |
| 1638 | 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, | |
| 1639 | 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, | |
| 1640 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
| 1641 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, | |
| 1642 | 2, 2, 1, 2, 0, 1, 2, 2, 2, 3, | |
| 1643 | 3, 1, 2, 0, 1, 1, 1, 1, 1, 2, | |
| 1644 | 2, 2, 2, 2 | |
| 1468 | 1645 | }; |
| 1469 | 1646 | |
| 1470 | 1647 | |
| 2140 | 2317 | YY_REDUCE_PRINT (yyn); |
| 2141 | 2318 | switch (yyn) |
| 2142 | 2319 | { |
| 2143 | case 11: | |
| 2144 | #line 146 "util/configparser.y" /* yacc.c:1646 */ | |
| 2320 | case 12: | |
| 2321 | #line 161 "util/configparser.y" /* yacc.c:1646 */ | |
| 2145 | 2322 | { |
| 2146 | 2323 | OUTYY(("\nP(server:)\n")); |
| 2147 | 2324 | } |
| 2148 | #line 2150 "util/configparser.c" /* yacc.c:1646 */ | |
| 2149 | break; | |
| 2150 | ||
| 2151 | case 148: | |
| 2152 | #line 212 "util/configparser.y" /* yacc.c:1646 */ | |
| 2325 | #line 2327 "util/configparser.c" /* yacc.c:1646 */ | |
| 2326 | break; | |
| 2327 | ||
| 2328 | case 175: | |
| 2329 | #line 239 "util/configparser.y" /* yacc.c:1646 */ | |
| 2153 | 2330 | { |
| 2154 | 2331 | struct config_stub* s; |
| 2155 | 2332 | OUTYY(("\nP(stub_zone:)\n")); |
| 2160 | 2337 | } else |
| 2161 | 2338 | yyerror("out of memory"); |
| 2162 | 2339 | } |
| 2163 | #line 2165 "util/configparser.c" /* yacc.c:1646 */ | |
| 2164 | break; | |
| 2165 | ||
| 2166 | case 157: | |
| 2167 | #line 229 "util/configparser.y" /* yacc.c:1646 */ | |
| 2340 | #line 2342 "util/configparser.c" /* yacc.c:1646 */ | |
| 2341 | break; | |
| 2342 | ||
| 2343 | case 184: | |
| 2344 | #line 256 "util/configparser.y" /* yacc.c:1646 */ | |
| 2168 | 2345 | { |
| 2169 | 2346 | struct config_stub* s; |
| 2170 | 2347 | OUTYY(("\nP(forward_zone:)\n")); |
| 2175 | 2352 | } else |
| 2176 | 2353 | yyerror("out of memory"); |
| 2177 | 2354 | } |
| 2178 | #line 2180 "util/configparser.c" /* yacc.c:1646 */ | |
| 2179 | break; | |
| 2180 | ||
| 2181 | case 165: | |
| 2182 | #line 246 "util/configparser.y" /* yacc.c:1646 */ | |
| 2355 | #line 2357 "util/configparser.c" /* yacc.c:1646 */ | |
| 2356 | break; | |
| 2357 | ||
| 2358 | case 192: | |
| 2359 | #line 273 "util/configparser.y" /* yacc.c:1646 */ | |
| 2183 | 2360 | { |
| 2184 | 2361 | struct config_view* s; |
| 2185 | 2362 | OUTYY(("\nP(view:)\n")); |
| 2192 | 2369 | } else |
| 2193 | 2370 | yyerror("out of memory"); |
| 2194 | 2371 | } |
| 2195 | #line 2197 "util/configparser.c" /* yacc.c:1646 */ | |
| 2196 | break; | |
| 2197 | ||
| 2198 | case 172: | |
| 2199 | #line 264 "util/configparser.y" /* yacc.c:1646 */ | |
| 2372 | #line 2374 "util/configparser.c" /* yacc.c:1646 */ | |
| 2373 | break; | |
| 2374 | ||
| 2375 | case 202: | |
| 2376 | #line 292 "util/configparser.y" /* yacc.c:1646 */ | |
| 2200 | 2377 | { |
| 2201 | 2378 | OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); |
| 2202 | 2379 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2204 | 2381 | else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); |
| 2205 | 2382 | free((yyvsp[0].str)); |
| 2206 | 2383 | } |
| 2207 | #line 2209 "util/configparser.c" /* yacc.c:1646 */ | |
| 2208 | break; | |
| 2209 | ||
| 2210 | case 173: | |
| 2211 | #line 273 "util/configparser.y" /* yacc.c:1646 */ | |
| 2384 | #line 2386 "util/configparser.c" /* yacc.c:1646 */ | |
| 2385 | break; | |
| 2386 | ||
| 2387 | case 203: | |
| 2388 | #line 301 "util/configparser.y" /* yacc.c:1646 */ | |
| 2212 | 2389 | { |
| 2213 | 2390 | OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); |
| 2214 | 2391 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2216 | 2393 | else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); |
| 2217 | 2394 | free((yyvsp[0].str)); |
| 2218 | 2395 | } |
| 2219 | #line 2221 "util/configparser.c" /* yacc.c:1646 */ | |
| 2220 | break; | |
| 2221 | ||
| 2222 | case 174: | |
| 2223 | #line 282 "util/configparser.y" /* yacc.c:1646 */ | |
| 2396 | #line 2398 "util/configparser.c" /* yacc.c:1646 */ | |
| 2397 | break; | |
| 2398 | ||
| 2399 | case 204: | |
| 2400 | #line 310 "util/configparser.y" /* yacc.c:1646 */ | |
| 2224 | 2401 | { |
| 2225 | 2402 | OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); |
| 2226 | 2403 | if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) |
| 2230 | 2407 | else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); |
| 2231 | 2408 | free((yyvsp[0].str)); |
| 2232 | 2409 | } |
| 2233 | #line 2235 "util/configparser.c" /* yacc.c:1646 */ | |
| 2234 | break; | |
| 2235 | ||
| 2236 | case 175: | |
| 2237 | #line 293 "util/configparser.y" /* yacc.c:1646 */ | |
| 2410 | #line 2412 "util/configparser.c" /* yacc.c:1646 */ | |
| 2411 | break; | |
| 2412 | ||
| 2413 | case 205: | |
| 2414 | #line 321 "util/configparser.y" /* yacc.c:1646 */ | |
| 2238 | 2415 | { |
| 2239 | 2416 | OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); |
| 2240 | 2417 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2242 | 2419 | else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); |
| 2243 | 2420 | free((yyvsp[0].str)); |
| 2244 | 2421 | } |
| 2245 | #line 2247 "util/configparser.c" /* yacc.c:1646 */ | |
| 2246 | break; | |
| 2247 | ||
| 2248 | case 176: | |
| 2249 | #line 302 "util/configparser.y" /* yacc.c:1646 */ | |
| 2422 | #line 2424 "util/configparser.c" /* yacc.c:1646 */ | |
| 2423 | break; | |
| 2424 | ||
| 2425 | case 206: | |
| 2426 | #line 330 "util/configparser.y" /* yacc.c:1646 */ | |
| 2250 | 2427 | { |
| 2251 | 2428 | OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); |
| 2252 | 2429 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2254 | 2431 | else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); |
| 2255 | 2432 | free((yyvsp[0].str)); |
| 2256 | 2433 | } |
| 2257 | #line 2259 "util/configparser.c" /* yacc.c:1646 */ | |
| 2258 | break; | |
| 2259 | ||
| 2260 | case 177: | |
| 2261 | #line 311 "util/configparser.y" /* yacc.c:1646 */ | |
| 2434 | #line 2436 "util/configparser.c" /* yacc.c:1646 */ | |
| 2435 | break; | |
| 2436 | ||
| 2437 | case 207: | |
| 2438 | #line 339 "util/configparser.y" /* yacc.c:1646 */ | |
| 2439 | { | |
| 2440 | OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); | |
| 2441 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 2442 | yyerror("expected yes or no."); | |
| 2443 | else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); | |
| 2444 | free((yyvsp[0].str)); | |
| 2445 | } | |
| 2446 | #line 2448 "util/configparser.c" /* yacc.c:1646 */ | |
| 2447 | break; | |
| 2448 | ||
| 2449 | case 208: | |
| 2450 | #line 348 "util/configparser.y" /* yacc.c:1646 */ | |
| 2451 | { | |
| 2452 | OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); | |
| 2453 | if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) | |
| 2454 | cfg_parser->cfg->shm_key = 0; | |
| 2455 | else if(atoi((yyvsp[0].str)) == 0) | |
| 2456 | yyerror("number expected"); | |
| 2457 | else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); | |
| 2458 | free((yyvsp[0].str)); | |
| 2459 | } | |
| 2460 | #line 2462 "util/configparser.c" /* yacc.c:1646 */ | |
| 2461 | break; | |
| 2462 | ||
| 2463 | case 209: | |
| 2464 | #line 359 "util/configparser.y" /* yacc.c:1646 */ | |
| 2262 | 2465 | { |
| 2263 | 2466 | OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); |
| 2264 | 2467 | if(atoi((yyvsp[0].str)) == 0) |
| 2266 | 2469 | else cfg_parser->cfg->port = atoi((yyvsp[0].str)); |
| 2267 | 2470 | free((yyvsp[0].str)); |
| 2268 | 2471 | } |
| 2269 | #line 2271 "util/configparser.c" /* yacc.c:1646 */ | |
| 2270 | break; | |
| 2271 | ||
| 2272 | case 178: | |
| 2273 | #line 320 "util/configparser.y" /* yacc.c:1646 */ | |
| 2472 | #line 2474 "util/configparser.c" /* yacc.c:1646 */ | |
| 2473 | break; | |
| 2474 | ||
| 2475 | case 210: | |
| 2476 | #line 368 "util/configparser.y" /* yacc.c:1646 */ | |
| 2477 | { | |
| 2478 | #ifdef CLIENT_SUBNET | |
| 2479 | OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); | |
| 2480 | if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, (yyvsp[0].str))) | |
| 2481 | fatal_exit("out of memory adding client-subnet"); | |
| 2482 | #else | |
| 2483 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 2484 | #endif | |
| 2485 | } | |
| 2486 | #line 2488 "util/configparser.c" /* yacc.c:1646 */ | |
| 2487 | break; | |
| 2488 | ||
| 2489 | case 211: | |
| 2490 | #line 379 "util/configparser.y" /* yacc.c:1646 */ | |
| 2491 | { | |
| 2492 | #ifdef CLIENT_SUBNET | |
| 2493 | OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); | |
| 2494 | if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone, | |
| 2495 | (yyvsp[0].str))) | |
| 2496 | fatal_exit("out of memory adding client-subnet-zone"); | |
| 2497 | #else | |
| 2498 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 2499 | #endif | |
| 2500 | } | |
| 2501 | #line 2503 "util/configparser.c" /* yacc.c:1646 */ | |
| 2502 | break; | |
| 2503 | ||
| 2504 | case 212: | |
| 2505 | #line 392 "util/configparser.y" /* yacc.c:1646 */ | |
| 2506 | { | |
| 2507 | #ifdef CLIENT_SUBNET | |
| 2508 | OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); | |
| 2509 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 2510 | yyerror("expected yes or no."); | |
| 2511 | else | |
| 2512 | cfg_parser->cfg->client_subnet_always_forward = | |
| 2513 | (strcmp((yyvsp[0].str), "yes")==0); | |
| 2514 | #else | |
| 2515 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 2516 | #endif | |
| 2517 | free((yyvsp[0].str)); | |
| 2518 | } | |
| 2519 | #line 2521 "util/configparser.c" /* yacc.c:1646 */ | |
| 2520 | break; | |
| 2521 | ||
| 2522 | case 213: | |
| 2523 | #line 407 "util/configparser.y" /* yacc.c:1646 */ | |
| 2524 | { | |
| 2525 | #ifdef CLIENT_SUBNET | |
| 2526 | OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); | |
| 2527 | OUTYY(("P(Depricated option, ignoring)\n")); | |
| 2528 | #else | |
| 2529 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 2530 | #endif | |
| 2531 | free((yyvsp[0].str)); | |
| 2532 | } | |
| 2533 | #line 2535 "util/configparser.c" /* yacc.c:1646 */ | |
| 2534 | break; | |
| 2535 | ||
| 2536 | case 214: | |
| 2537 | #line 418 "util/configparser.y" /* yacc.c:1646 */ | |
| 2538 | { | |
| 2539 | #ifdef CLIENT_SUBNET | |
| 2540 | OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); | |
| 2541 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) | |
| 2542 | yyerror("IPv4 subnet length expected"); | |
| 2543 | else if (atoi((yyvsp[0].str)) > 32) | |
| 2544 | cfg_parser->cfg->max_client_subnet_ipv4 = 32; | |
| 2545 | else if (atoi((yyvsp[0].str)) < 0) | |
| 2546 | cfg_parser->cfg->max_client_subnet_ipv4 = 0; | |
| 2547 | else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi((yyvsp[0].str)); | |
| 2548 | #else | |
| 2549 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 2550 | #endif | |
| 2551 | free((yyvsp[0].str)); | |
| 2552 | } | |
| 2553 | #line 2555 "util/configparser.c" /* yacc.c:1646 */ | |
| 2554 | break; | |
| 2555 | ||
| 2556 | case 215: | |
| 2557 | #line 435 "util/configparser.y" /* yacc.c:1646 */ | |
| 2558 | { | |
| 2559 | #ifdef CLIENT_SUBNET | |
| 2560 | OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); | |
| 2561 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) | |
| 2562 | yyerror("Ipv6 subnet length expected"); | |
| 2563 | else if (atoi((yyvsp[0].str)) > 128) | |
| 2564 | cfg_parser->cfg->max_client_subnet_ipv6 = 128; | |
| 2565 | else if (atoi((yyvsp[0].str)) < 0) | |
| 2566 | cfg_parser->cfg->max_client_subnet_ipv6 = 0; | |
| 2567 | else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi((yyvsp[0].str)); | |
| 2568 | #else | |
| 2569 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 2570 | #endif | |
| 2571 | free((yyvsp[0].str)); | |
| 2572 | } | |
| 2573 | #line 2575 "util/configparser.c" /* yacc.c:1646 */ | |
| 2574 | break; | |
| 2575 | ||
| 2576 | case 216: | |
| 2577 | #line 452 "util/configparser.y" /* yacc.c:1646 */ | |
| 2274 | 2578 | { |
| 2275 | 2579 | OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); |
| 2276 | 2580 | if(cfg_parser->cfg->num_ifs == 0) |
| 2282 | 2586 | else |
| 2283 | 2587 | cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); |
| 2284 | 2588 | } |
| 2285 | #line 2287 "util/configparser.c" /* yacc.c:1646 */ | |
| 2286 | break; | |
| 2287 | ||
| 2288 | case 179: | |
| 2289 | #line 333 "util/configparser.y" /* yacc.c:1646 */ | |
| 2589 | #line 2591 "util/configparser.c" /* yacc.c:1646 */ | |
| 2590 | break; | |
| 2591 | ||
| 2592 | case 217: | |
| 2593 | #line 465 "util/configparser.y" /* yacc.c:1646 */ | |
| 2290 | 2594 | { |
| 2291 | 2595 | OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); |
| 2292 | 2596 | if(cfg_parser->cfg->num_out_ifs == 0) |
| 2300 | 2604 | cfg_parser->cfg->out_ifs[ |
| 2301 | 2605 | cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); |
| 2302 | 2606 | } |
| 2303 | #line 2305 "util/configparser.c" /* yacc.c:1646 */ | |
| 2304 | break; | |
| 2305 | ||
| 2306 | case 180: | |
| 2307 | #line 348 "util/configparser.y" /* yacc.c:1646 */ | |
| 2607 | #line 2609 "util/configparser.c" /* yacc.c:1646 */ | |
| 2608 | break; | |
| 2609 | ||
| 2610 | case 218: | |
| 2611 | #line 480 "util/configparser.y" /* yacc.c:1646 */ | |
| 2308 | 2612 | { |
| 2309 | 2613 | OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); |
| 2310 | 2614 | if(atoi((yyvsp[0].str)) == 0) |
| 2312 | 2616 | else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); |
| 2313 | 2617 | free((yyvsp[0].str)); |
| 2314 | 2618 | } |
| 2315 | #line 2317 "util/configparser.c" /* yacc.c:1646 */ | |
| 2316 | break; | |
| 2317 | ||
| 2318 | case 181: | |
| 2319 | #line 357 "util/configparser.y" /* yacc.c:1646 */ | |
| 2619 | #line 2621 "util/configparser.c" /* yacc.c:1646 */ | |
| 2620 | break; | |
| 2621 | ||
| 2622 | case 219: | |
| 2623 | #line 489 "util/configparser.y" /* yacc.c:1646 */ | |
| 2320 | 2624 | { |
| 2321 | 2625 | OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); |
| 2322 | 2626 | if(!cfg_mark_ports((yyvsp[0].str), 1, |
| 2324 | 2628 | yyerror("port number or range (\"low-high\") expected"); |
| 2325 | 2629 | free((yyvsp[0].str)); |
| 2326 | 2630 | } |
| 2327 | #line 2329 "util/configparser.c" /* yacc.c:1646 */ | |
| 2328 | break; | |
| 2329 | ||
| 2330 | case 182: | |
| 2331 | #line 366 "util/configparser.y" /* yacc.c:1646 */ | |
| 2631 | #line 2633 "util/configparser.c" /* yacc.c:1646 */ | |
| 2632 | break; | |
| 2633 | ||
| 2634 | case 220: | |
| 2635 | #line 498 "util/configparser.y" /* yacc.c:1646 */ | |
| 2332 | 2636 | { |
| 2333 | 2637 | OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); |
| 2334 | 2638 | if(!cfg_mark_ports((yyvsp[0].str), 0, |
| 2336 | 2640 | yyerror("port number or range (\"low-high\") expected"); |
| 2337 | 2641 | free((yyvsp[0].str)); |
| 2338 | 2642 | } |
| 2339 | #line 2341 "util/configparser.c" /* yacc.c:1646 */ | |
| 2340 | break; | |
| 2341 | ||
| 2342 | case 183: | |
| 2343 | #line 375 "util/configparser.y" /* yacc.c:1646 */ | |
| 2643 | #line 2645 "util/configparser.c" /* yacc.c:1646 */ | |
| 2644 | break; | |
| 2645 | ||
| 2646 | case 221: | |
| 2647 | #line 507 "util/configparser.y" /* yacc.c:1646 */ | |
| 2344 | 2648 | { |
| 2345 | 2649 | OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); |
| 2346 | 2650 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2348 | 2652 | else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); |
| 2349 | 2653 | free((yyvsp[0].str)); |
| 2350 | 2654 | } |
| 2351 | #line 2353 "util/configparser.c" /* yacc.c:1646 */ | |
| 2352 | break; | |
| 2353 | ||
| 2354 | case 184: | |
| 2355 | #line 384 "util/configparser.y" /* yacc.c:1646 */ | |
| 2655 | #line 2657 "util/configparser.c" /* yacc.c:1646 */ | |
| 2656 | break; | |
| 2657 | ||
| 2658 | case 222: | |
| 2659 | #line 516 "util/configparser.y" /* yacc.c:1646 */ | |
| 2356 | 2660 | { |
| 2357 | 2661 | OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); |
| 2358 | 2662 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2360 | 2664 | else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); |
| 2361 | 2665 | free((yyvsp[0].str)); |
| 2362 | 2666 | } |
| 2363 | #line 2365 "util/configparser.c" /* yacc.c:1646 */ | |
| 2364 | break; | |
| 2365 | ||
| 2366 | case 185: | |
| 2367 | #line 393 "util/configparser.y" /* yacc.c:1646 */ | |
| 2667 | #line 2669 "util/configparser.c" /* yacc.c:1646 */ | |
| 2668 | break; | |
| 2669 | ||
| 2670 | case 223: | |
| 2671 | #line 525 "util/configparser.y" /* yacc.c:1646 */ | |
| 2368 | 2672 | { |
| 2369 | 2673 | OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); |
| 2370 | 2674 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2372 | 2676 | else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); |
| 2373 | 2677 | free((yyvsp[0].str)); |
| 2374 | 2678 | } |
| 2375 | #line 2377 "util/configparser.c" /* yacc.c:1646 */ | |
| 2376 | break; | |
| 2377 | ||
| 2378 | case 186: | |
| 2379 | #line 402 "util/configparser.y" /* yacc.c:1646 */ | |
| 2679 | #line 2681 "util/configparser.c" /* yacc.c:1646 */ | |
| 2680 | break; | |
| 2681 | ||
| 2682 | case 224: | |
| 2683 | #line 534 "util/configparser.y" /* yacc.c:1646 */ | |
| 2380 | 2684 | { |
| 2381 | 2685 | OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); |
| 2382 | 2686 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2384 | 2688 | else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); |
| 2385 | 2689 | free((yyvsp[0].str)); |
| 2386 | 2690 | } |
| 2387 | #line 2389 "util/configparser.c" /* yacc.c:1646 */ | |
| 2388 | break; | |
| 2389 | ||
| 2390 | case 187: | |
| 2391 | #line 411 "util/configparser.y" /* yacc.c:1646 */ | |
| 2691 | #line 2693 "util/configparser.c" /* yacc.c:1646 */ | |
| 2692 | break; | |
| 2693 | ||
| 2694 | case 225: | |
| 2695 | #line 543 "util/configparser.y" /* yacc.c:1646 */ | |
| 2392 | 2696 | { |
| 2393 | 2697 | OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); |
| 2394 | 2698 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2396 | 2700 | else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); |
| 2397 | 2701 | free((yyvsp[0].str)); |
| 2398 | 2702 | } |
| 2399 | #line 2401 "util/configparser.c" /* yacc.c:1646 */ | |
| 2400 | break; | |
| 2401 | ||
| 2402 | case 188: | |
| 2403 | #line 420 "util/configparser.y" /* yacc.c:1646 */ | |
| 2703 | #line 2705 "util/configparser.c" /* yacc.c:1646 */ | |
| 2704 | break; | |
| 2705 | ||
| 2706 | case 226: | |
| 2707 | #line 552 "util/configparser.y" /* yacc.c:1646 */ | |
| 2404 | 2708 | { |
| 2405 | 2709 | OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); |
| 2406 | 2710 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2408 | 2712 | else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); |
| 2409 | 2713 | free((yyvsp[0].str)); |
| 2410 | 2714 | } |
| 2411 | #line 2413 "util/configparser.c" /* yacc.c:1646 */ | |
| 2412 | break; | |
| 2413 | ||
| 2414 | case 189: | |
| 2415 | #line 429 "util/configparser.y" /* yacc.c:1646 */ | |
| 2715 | #line 2717 "util/configparser.c" /* yacc.c:1646 */ | |
| 2716 | break; | |
| 2717 | ||
| 2718 | case 227: | |
| 2719 | #line 561 "util/configparser.y" /* yacc.c:1646 */ | |
| 2416 | 2720 | { |
| 2417 | 2721 | OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); |
| 2418 | 2722 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2420 | 2724 | else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); |
| 2421 | 2725 | free((yyvsp[0].str)); |
| 2422 | 2726 | } |
| 2423 | #line 2425 "util/configparser.c" /* yacc.c:1646 */ | |
| 2424 | break; | |
| 2425 | ||
| 2426 | case 190: | |
| 2427 | #line 438 "util/configparser.y" /* yacc.c:1646 */ | |
| 2727 | #line 2729 "util/configparser.c" /* yacc.c:1646 */ | |
| 2728 | break; | |
| 2729 | ||
| 2730 | case 228: | |
| 2731 | #line 570 "util/configparser.y" /* yacc.c:1646 */ | |
| 2428 | 2732 | { |
| 2429 | 2733 | OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); |
| 2430 | 2734 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2432 | 2736 | else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); |
| 2433 | 2737 | free((yyvsp[0].str)); |
| 2434 | 2738 | } |
| 2435 | #line 2437 "util/configparser.c" /* yacc.c:1646 */ | |
| 2436 | break; | |
| 2437 | ||
| 2438 | case 191: | |
| 2439 | #line 447 "util/configparser.y" /* yacc.c:1646 */ | |
| 2739 | #line 2741 "util/configparser.c" /* yacc.c:1646 */ | |
| 2740 | break; | |
| 2741 | ||
| 2742 | case 229: | |
| 2743 | #line 579 "util/configparser.y" /* yacc.c:1646 */ | |
| 2440 | 2744 | { |
| 2441 | 2745 | OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); |
| 2442 | 2746 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2444 | 2748 | else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); |
| 2445 | 2749 | free((yyvsp[0].str)); |
| 2446 | 2750 | } |
| 2447 | #line 2449 "util/configparser.c" /* yacc.c:1646 */ | |
| 2448 | break; | |
| 2449 | ||
| 2450 | case 192: | |
| 2451 | #line 456 "util/configparser.y" /* yacc.c:1646 */ | |
| 2751 | #line 2753 "util/configparser.c" /* yacc.c:1646 */ | |
| 2752 | break; | |
| 2753 | ||
| 2754 | case 230: | |
| 2755 | #line 588 "util/configparser.y" /* yacc.c:1646 */ | |
| 2452 | 2756 | { |
| 2453 | 2757 | OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); |
| 2454 | 2758 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2456 | 2760 | else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); |
| 2457 | 2761 | free((yyvsp[0].str)); |
| 2458 | 2762 | } |
| 2459 | #line 2461 "util/configparser.c" /* yacc.c:1646 */ | |
| 2460 | break; | |
| 2461 | ||
| 2462 | case 193: | |
| 2463 | #line 465 "util/configparser.y" /* yacc.c:1646 */ | |
| 2763 | #line 2765 "util/configparser.c" /* yacc.c:1646 */ | |
| 2764 | break; | |
| 2765 | ||
| 2766 | case 231: | |
| 2767 | #line 597 "util/configparser.y" /* yacc.c:1646 */ | |
| 2464 | 2768 | { |
| 2465 | 2769 | OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); |
| 2466 | 2770 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2468 | 2772 | else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); |
| 2469 | 2773 | free((yyvsp[0].str)); |
| 2470 | 2774 | } |
| 2471 | #line 2473 "util/configparser.c" /* yacc.c:1646 */ | |
| 2472 | break; | |
| 2473 | ||
| 2474 | case 194: | |
| 2475 | #line 474 "util/configparser.y" /* yacc.c:1646 */ | |
| 2775 | #line 2777 "util/configparser.c" /* yacc.c:1646 */ | |
| 2776 | break; | |
| 2777 | ||
| 2778 | case 232: | |
| 2779 | #line 606 "util/configparser.y" /* yacc.c:1646 */ | |
| 2476 | 2780 | { |
| 2477 | 2781 | OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); |
| 2478 | 2782 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2480 | 2784 | else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); |
| 2481 | 2785 | free((yyvsp[0].str)); |
| 2482 | 2786 | } |
| 2483 | #line 2485 "util/configparser.c" /* yacc.c:1646 */ | |
| 2484 | break; | |
| 2485 | ||
| 2486 | case 195: | |
| 2487 | #line 483 "util/configparser.y" /* yacc.c:1646 */ | |
| 2787 | #line 2789 "util/configparser.c" /* yacc.c:1646 */ | |
| 2788 | break; | |
| 2789 | ||
| 2790 | case 233: | |
| 2791 | #line 615 "util/configparser.y" /* yacc.c:1646 */ | |
| 2488 | 2792 | { |
| 2489 | 2793 | OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); |
| 2490 | 2794 | free(cfg_parser->cfg->ssl_service_key); |
| 2491 | 2795 | cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); |
| 2492 | 2796 | } |
| 2493 | #line 2495 "util/configparser.c" /* yacc.c:1646 */ | |
| 2494 | break; | |
| 2495 | ||
| 2496 | case 196: | |
| 2497 | #line 490 "util/configparser.y" /* yacc.c:1646 */ | |
| 2797 | #line 2799 "util/configparser.c" /* yacc.c:1646 */ | |
| 2798 | break; | |
| 2799 | ||
| 2800 | case 234: | |
| 2801 | #line 622 "util/configparser.y" /* yacc.c:1646 */ | |
| 2498 | 2802 | { |
| 2499 | 2803 | OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); |
| 2500 | 2804 | free(cfg_parser->cfg->ssl_service_pem); |
| 2501 | 2805 | cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); |
| 2502 | 2806 | } |
| 2503 | #line 2505 "util/configparser.c" /* yacc.c:1646 */ | |
| 2504 | break; | |
| 2505 | ||
| 2506 | case 197: | |
| 2507 | #line 497 "util/configparser.y" /* yacc.c:1646 */ | |
| 2807 | #line 2809 "util/configparser.c" /* yacc.c:1646 */ | |
| 2808 | break; | |
| 2809 | ||
| 2810 | case 235: | |
| 2811 | #line 629 "util/configparser.y" /* yacc.c:1646 */ | |
| 2508 | 2812 | { |
| 2509 | 2813 | OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); |
| 2510 | 2814 | if(atoi((yyvsp[0].str)) == 0) |
| 2512 | 2816 | else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); |
| 2513 | 2817 | free((yyvsp[0].str)); |
| 2514 | 2818 | } |
| 2515 | #line 2517 "util/configparser.c" /* yacc.c:1646 */ | |
| 2516 | break; | |
| 2517 | ||
| 2518 | case 198: | |
| 2519 | #line 506 "util/configparser.y" /* yacc.c:1646 */ | |
| 2819 | #line 2821 "util/configparser.c" /* yacc.c:1646 */ | |
| 2820 | break; | |
| 2821 | ||
| 2822 | case 236: | |
| 2823 | #line 638 "util/configparser.y" /* yacc.c:1646 */ | |
| 2824 | { | |
| 2825 | OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); | |
| 2826 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 2827 | yyerror("expected yes or no."); | |
| 2828 | else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); | |
| 2829 | free((yyvsp[0].str)); | |
| 2830 | } | |
| 2831 | #line 2833 "util/configparser.c" /* yacc.c:1646 */ | |
| 2832 | break; | |
| 2833 | ||
| 2834 | case 237: | |
| 2835 | #line 647 "util/configparser.y" /* yacc.c:1646 */ | |
| 2520 | 2836 | { |
| 2521 | 2837 | OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); |
| 2522 | 2838 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2524 | 2840 | else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); |
| 2525 | 2841 | free((yyvsp[0].str)); |
| 2526 | 2842 | } |
| 2527 | #line 2529 "util/configparser.c" /* yacc.c:1646 */ | |
| 2528 | break; | |
| 2529 | ||
| 2530 | case 199: | |
| 2531 | #line 515 "util/configparser.y" /* yacc.c:1646 */ | |
| 2843 | #line 2845 "util/configparser.c" /* yacc.c:1646 */ | |
| 2844 | break; | |
| 2845 | ||
| 2846 | case 238: | |
| 2847 | #line 656 "util/configparser.y" /* yacc.c:1646 */ | |
| 2532 | 2848 | { |
| 2533 | 2849 | OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); |
| 2534 | 2850 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2541 | 2857 | #endif |
| 2542 | 2858 | free((yyvsp[0].str)); |
| 2543 | 2859 | } |
| 2544 | #line 2546 "util/configparser.c" /* yacc.c:1646 */ | |
| 2545 | break; | |
| 2546 | ||
| 2547 | case 200: | |
| 2548 | #line 529 "util/configparser.y" /* yacc.c:1646 */ | |
| 2860 | #line 2862 "util/configparser.c" /* yacc.c:1646 */ | |
| 2861 | break; | |
| 2862 | ||
| 2863 | case 239: | |
| 2864 | #line 670 "util/configparser.y" /* yacc.c:1646 */ | |
| 2549 | 2865 | { |
| 2550 | 2866 | OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); |
| 2551 | 2867 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2553 | 2869 | else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); |
| 2554 | 2870 | free((yyvsp[0].str)); |
| 2555 | 2871 | } |
| 2556 | #line 2558 "util/configparser.c" /* yacc.c:1646 */ | |
| 2557 | break; | |
| 2558 | ||
| 2559 | case 201: | |
| 2560 | #line 538 "util/configparser.y" /* yacc.c:1646 */ | |
| 2872 | #line 2874 "util/configparser.c" /* yacc.c:1646 */ | |
| 2873 | break; | |
| 2874 | ||
| 2875 | case 240: | |
| 2876 | #line 679 "util/configparser.y" /* yacc.c:1646 */ | |
| 2561 | 2877 | { |
| 2562 | 2878 | OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); |
| 2563 | 2879 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2565 | 2881 | else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); |
| 2566 | 2882 | free((yyvsp[0].str)); |
| 2567 | 2883 | } |
| 2568 | #line 2570 "util/configparser.c" /* yacc.c:1646 */ | |
| 2569 | break; | |
| 2570 | ||
| 2571 | case 202: | |
| 2572 | #line 547 "util/configparser.y" /* yacc.c:1646 */ | |
| 2884 | #line 2886 "util/configparser.c" /* yacc.c:1646 */ | |
| 2885 | break; | |
| 2886 | ||
| 2887 | case 241: | |
| 2888 | #line 688 "util/configparser.y" /* yacc.c:1646 */ | |
| 2889 | { | |
| 2890 | OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); | |
| 2891 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 2892 | yyerror("expected yes or no."); | |
| 2893 | else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); | |
| 2894 | free((yyvsp[0].str)); | |
| 2895 | } | |
| 2896 | #line 2898 "util/configparser.c" /* yacc.c:1646 */ | |
| 2897 | break; | |
| 2898 | ||
| 2899 | case 242: | |
| 2900 | #line 697 "util/configparser.y" /* yacc.c:1646 */ | |
| 2573 | 2901 | { |
| 2574 | 2902 | OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); |
| 2575 | 2903 | free(cfg_parser->cfg->chrootdir); |
| 2576 | 2904 | cfg_parser->cfg->chrootdir = (yyvsp[0].str); |
| 2577 | 2905 | } |
| 2578 | #line 2580 "util/configparser.c" /* yacc.c:1646 */ | |
| 2579 | break; | |
| 2580 | ||
| 2581 | case 203: | |
| 2582 | #line 554 "util/configparser.y" /* yacc.c:1646 */ | |
| 2906 | #line 2908 "util/configparser.c" /* yacc.c:1646 */ | |
| 2907 | break; | |
| 2908 | ||
| 2909 | case 243: | |
| 2910 | #line 704 "util/configparser.y" /* yacc.c:1646 */ | |
| 2583 | 2911 | { |
| 2584 | 2912 | OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); |
| 2585 | 2913 | free(cfg_parser->cfg->username); |
| 2586 | 2914 | cfg_parser->cfg->username = (yyvsp[0].str); |
| 2587 | 2915 | } |
| 2588 | #line 2590 "util/configparser.c" /* yacc.c:1646 */ | |
| 2589 | break; | |
| 2590 | ||
| 2591 | case 204: | |
| 2592 | #line 561 "util/configparser.y" /* yacc.c:1646 */ | |
| 2916 | #line 2918 "util/configparser.c" /* yacc.c:1646 */ | |
| 2917 | break; | |
| 2918 | ||
| 2919 | case 244: | |
| 2920 | #line 711 "util/configparser.y" /* yacc.c:1646 */ | |
| 2593 | 2921 | { |
| 2594 | 2922 | OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); |
| 2595 | 2923 | free(cfg_parser->cfg->directory); |
| 2607 | 2935 | strncmp(d, cfg_parser->chroot, strlen( |
| 2608 | 2936 | cfg_parser->chroot)) == 0) |
| 2609 | 2937 | d += strlen(cfg_parser->chroot); |
| 2610 | if(chdir(d)) | |
| 2938 | if(d[0]) { | |
| 2939 | if(chdir(d)) | |
| 2611 | 2940 | log_err("cannot chdir to directory: %s (%s)", |
| 2612 | 2941 | d, strerror(errno)); |
| 2942 | } | |
| 2613 | 2943 | } |
| 2614 | 2944 | } |
| 2615 | #line 2617 "util/configparser.c" /* yacc.c:1646 */ | |
| 2616 | break; | |
| 2617 | ||
| 2618 | case 205: | |
| 2619 | #line 585 "util/configparser.y" /* yacc.c:1646 */ | |
| 2945 | #line 2947 "util/configparser.c" /* yacc.c:1646 */ | |
| 2946 | break; | |
| 2947 | ||
| 2948 | case 245: | |
| 2949 | #line 737 "util/configparser.y" /* yacc.c:1646 */ | |
| 2620 | 2950 | { |
| 2621 | 2951 | OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); |
| 2622 | 2952 | free(cfg_parser->cfg->logfile); |
| 2623 | 2953 | cfg_parser->cfg->logfile = (yyvsp[0].str); |
| 2624 | 2954 | cfg_parser->cfg->use_syslog = 0; |
| 2625 | 2955 | } |
| 2626 | #line 2628 "util/configparser.c" /* yacc.c:1646 */ | |
| 2627 | break; | |
| 2628 | ||
| 2629 | case 206: | |
| 2630 | #line 593 "util/configparser.y" /* yacc.c:1646 */ | |
| 2956 | #line 2958 "util/configparser.c" /* yacc.c:1646 */ | |
| 2957 | break; | |
| 2958 | ||
| 2959 | case 246: | |
| 2960 | #line 745 "util/configparser.y" /* yacc.c:1646 */ | |
| 2631 | 2961 | { |
| 2632 | 2962 | OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); |
| 2633 | 2963 | free(cfg_parser->cfg->pidfile); |
| 2634 | 2964 | cfg_parser->cfg->pidfile = (yyvsp[0].str); |
| 2635 | 2965 | } |
| 2636 | #line 2638 "util/configparser.c" /* yacc.c:1646 */ | |
| 2637 | break; | |
| 2638 | ||
| 2639 | case 207: | |
| 2640 | #line 600 "util/configparser.y" /* yacc.c:1646 */ | |
| 2966 | #line 2968 "util/configparser.c" /* yacc.c:1646 */ | |
| 2967 | break; | |
| 2968 | ||
| 2969 | case 247: | |
| 2970 | #line 752 "util/configparser.y" /* yacc.c:1646 */ | |
| 2641 | 2971 | { |
| 2642 | 2972 | OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); |
| 2643 | 2973 | if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) |
| 2644 | 2974 | yyerror("out of memory"); |
| 2645 | 2975 | } |
| 2646 | #line 2648 "util/configparser.c" /* yacc.c:1646 */ | |
| 2647 | break; | |
| 2648 | ||
| 2649 | case 208: | |
| 2650 | #line 607 "util/configparser.y" /* yacc.c:1646 */ | |
| 2976 | #line 2978 "util/configparser.c" /* yacc.c:1646 */ | |
| 2977 | break; | |
| 2978 | ||
| 2979 | case 248: | |
| 2980 | #line 759 "util/configparser.y" /* yacc.c:1646 */ | |
| 2651 | 2981 | { |
| 2652 | 2982 | OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); |
| 2653 | 2983 | free(cfg_parser->cfg->dlv_anchor_file); |
| 2654 | 2984 | cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); |
| 2655 | 2985 | } |
| 2656 | #line 2658 "util/configparser.c" /* yacc.c:1646 */ | |
| 2657 | break; | |
| 2658 | ||
| 2659 | case 209: | |
| 2660 | #line 614 "util/configparser.y" /* yacc.c:1646 */ | |
| 2986 | #line 2988 "util/configparser.c" /* yacc.c:1646 */ | |
| 2987 | break; | |
| 2988 | ||
| 2989 | case 249: | |
| 2990 | #line 766 "util/configparser.y" /* yacc.c:1646 */ | |
| 2661 | 2991 | { |
| 2662 | 2992 | OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); |
| 2663 | 2993 | if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) |
| 2664 | 2994 | yyerror("out of memory"); |
| 2665 | 2995 | } |
| 2666 | #line 2668 "util/configparser.c" /* yacc.c:1646 */ | |
| 2667 | break; | |
| 2668 | ||
| 2669 | case 210: | |
| 2670 | #line 621 "util/configparser.y" /* yacc.c:1646 */ | |
| 2996 | #line 2998 "util/configparser.c" /* yacc.c:1646 */ | |
| 2997 | break; | |
| 2998 | ||
| 2999 | case 250: | |
| 3000 | #line 773 "util/configparser.y" /* yacc.c:1646 */ | |
| 2671 | 3001 | { |
| 2672 | 3002 | OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); |
| 2673 | 3003 | if(!cfg_strlist_insert(&cfg_parser->cfg-> |
| 2674 | 3004 | auto_trust_anchor_file_list, (yyvsp[0].str))) |
| 2675 | 3005 | yyerror("out of memory"); |
| 2676 | 3006 | } |
| 2677 | #line 2679 "util/configparser.c" /* yacc.c:1646 */ | |
| 2678 | break; | |
| 2679 | ||
| 2680 | case 211: | |
| 2681 | #line 629 "util/configparser.y" /* yacc.c:1646 */ | |
| 3007 | #line 3009 "util/configparser.c" /* yacc.c:1646 */ | |
| 3008 | break; | |
| 3009 | ||
| 3010 | case 251: | |
| 3011 | #line 781 "util/configparser.y" /* yacc.c:1646 */ | |
| 2682 | 3012 | { |
| 2683 | 3013 | OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); |
| 2684 | 3014 | if(!cfg_strlist_insert(&cfg_parser->cfg-> |
| 2685 | 3015 | trust_anchor_file_list, (yyvsp[0].str))) |
| 2686 | 3016 | yyerror("out of memory"); |
| 2687 | 3017 | } |
| 2688 | #line 2690 "util/configparser.c" /* yacc.c:1646 */ | |
| 2689 | break; | |
| 2690 | ||
| 2691 | case 212: | |
| 2692 | #line 637 "util/configparser.y" /* yacc.c:1646 */ | |
| 3018 | #line 3020 "util/configparser.c" /* yacc.c:1646 */ | |
| 3019 | break; | |
| 3020 | ||
| 3021 | case 252: | |
| 3022 | #line 789 "util/configparser.y" /* yacc.c:1646 */ | |
| 2693 | 3023 | { |
| 2694 | 3024 | OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); |
| 2695 | 3025 | if(!cfg_strlist_insert(&cfg_parser->cfg-> |
| 2696 | 3026 | trusted_keys_file_list, (yyvsp[0].str))) |
| 2697 | 3027 | yyerror("out of memory"); |
| 2698 | 3028 | } |
| 2699 | #line 2701 "util/configparser.c" /* yacc.c:1646 */ | |
| 2700 | break; | |
| 2701 | ||
| 2702 | case 213: | |
| 2703 | #line 645 "util/configparser.y" /* yacc.c:1646 */ | |
| 3029 | #line 3031 "util/configparser.c" /* yacc.c:1646 */ | |
| 3030 | break; | |
| 3031 | ||
| 3032 | case 253: | |
| 3033 | #line 797 "util/configparser.y" /* yacc.c:1646 */ | |
| 2704 | 3034 | { |
| 2705 | 3035 | OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); |
| 2706 | 3036 | if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) |
| 2707 | 3037 | yyerror("out of memory"); |
| 2708 | 3038 | } |
| 2709 | #line 2711 "util/configparser.c" /* yacc.c:1646 */ | |
| 2710 | break; | |
| 2711 | ||
| 2712 | case 214: | |
| 2713 | #line 652 "util/configparser.y" /* yacc.c:1646 */ | |
| 3039 | #line 3041 "util/configparser.c" /* yacc.c:1646 */ | |
| 3040 | break; | |
| 3041 | ||
| 3042 | case 254: | |
| 3043 | #line 804 "util/configparser.y" /* yacc.c:1646 */ | |
| 3044 | { | |
| 3045 | OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); | |
| 3046 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 3047 | yyerror("expected yes or no."); | |
| 3048 | else | |
| 3049 | cfg_parser->cfg->trust_anchor_signaling = | |
| 3050 | (strcmp((yyvsp[0].str), "yes")==0); | |
| 3051 | free((yyvsp[0].str)); | |
| 3052 | } | |
| 3053 | #line 3055 "util/configparser.c" /* yacc.c:1646 */ | |
| 3054 | break; | |
| 3055 | ||
| 3056 | case 255: | |
| 3057 | #line 815 "util/configparser.y" /* yacc.c:1646 */ | |
| 2714 | 3058 | { |
| 2715 | 3059 | OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); |
| 2716 | 3060 | if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) |
| 2717 | 3061 | yyerror("out of memory"); |
| 2718 | 3062 | } |
| 2719 | #line 2721 "util/configparser.c" /* yacc.c:1646 */ | |
| 2720 | break; | |
| 2721 | ||
| 2722 | case 215: | |
| 2723 | #line 659 "util/configparser.y" /* yacc.c:1646 */ | |
| 3063 | #line 3065 "util/configparser.c" /* yacc.c:1646 */ | |
| 3064 | break; | |
| 3065 | ||
| 3066 | case 256: | |
| 3067 | #line 822 "util/configparser.y" /* yacc.c:1646 */ | |
| 2724 | 3068 | { |
| 2725 | 3069 | OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); |
| 2726 | 3070 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2728 | 3072 | else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); |
| 2729 | 3073 | free((yyvsp[0].str)); |
| 2730 | 3074 | } |
| 2731 | #line 2733 "util/configparser.c" /* yacc.c:1646 */ | |
| 2732 | break; | |
| 2733 | ||
| 2734 | case 216: | |
| 2735 | #line 668 "util/configparser.y" /* yacc.c:1646 */ | |
| 3075 | #line 3077 "util/configparser.c" /* yacc.c:1646 */ | |
| 3076 | break; | |
| 3077 | ||
| 3078 | case 257: | |
| 3079 | #line 831 "util/configparser.y" /* yacc.c:1646 */ | |
| 2736 | 3080 | { |
| 2737 | 3081 | OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); |
| 2738 | 3082 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2740 | 3084 | else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); |
| 2741 | 3085 | free((yyvsp[0].str)); |
| 2742 | 3086 | } |
| 2743 | #line 2745 "util/configparser.c" /* yacc.c:1646 */ | |
| 2744 | break; | |
| 2745 | ||
| 2746 | case 217: | |
| 2747 | #line 677 "util/configparser.y" /* yacc.c:1646 */ | |
| 3087 | #line 3089 "util/configparser.c" /* yacc.c:1646 */ | |
| 3088 | break; | |
| 3089 | ||
| 3090 | case 258: | |
| 3091 | #line 840 "util/configparser.y" /* yacc.c:1646 */ | |
| 3092 | { | |
| 3093 | OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); | |
| 3094 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 3095 | yyerror("expected yes or no."); | |
| 3096 | else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); | |
| 3097 | free((yyvsp[0].str)); | |
| 3098 | } | |
| 3099 | #line 3101 "util/configparser.c" /* yacc.c:1646 */ | |
| 3100 | break; | |
| 3101 | ||
| 3102 | case 259: | |
| 3103 | #line 849 "util/configparser.y" /* yacc.c:1646 */ | |
| 2748 | 3104 | { |
| 2749 | 3105 | OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); |
| 2750 | 3106 | free(cfg_parser->cfg->identity); |
| 2751 | 3107 | cfg_parser->cfg->identity = (yyvsp[0].str); |
| 2752 | 3108 | } |
| 2753 | #line 2755 "util/configparser.c" /* yacc.c:1646 */ | |
| 2754 | break; | |
| 2755 | ||
| 2756 | case 218: | |
| 2757 | #line 684 "util/configparser.y" /* yacc.c:1646 */ | |
| 3109 | #line 3111 "util/configparser.c" /* yacc.c:1646 */ | |
| 3110 | break; | |
| 3111 | ||
| 3112 | case 260: | |
| 3113 | #line 856 "util/configparser.y" /* yacc.c:1646 */ | |
| 2758 | 3114 | { |
| 2759 | 3115 | OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); |
| 2760 | 3116 | free(cfg_parser->cfg->version); |
| 2761 | 3117 | cfg_parser->cfg->version = (yyvsp[0].str); |
| 2762 | 3118 | } |
| 2763 | #line 2765 "util/configparser.c" /* yacc.c:1646 */ | |
| 2764 | break; | |
| 2765 | ||
| 2766 | case 219: | |
| 2767 | #line 691 "util/configparser.y" /* yacc.c:1646 */ | |
| 3119 | #line 3121 "util/configparser.c" /* yacc.c:1646 */ | |
| 3120 | break; | |
| 3121 | ||
| 3122 | case 261: | |
| 3123 | #line 863 "util/configparser.y" /* yacc.c:1646 */ | |
| 2768 | 3124 | { |
| 2769 | 3125 | OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); |
| 2770 | 3126 | if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) |
| 2771 | 3127 | yyerror("buffer size expected"); |
| 2772 | 3128 | free((yyvsp[0].str)); |
| 2773 | 3129 | } |
| 2774 | #line 2776 "util/configparser.c" /* yacc.c:1646 */ | |
| 2775 | break; | |
| 2776 | ||
| 2777 | case 220: | |
| 2778 | #line 699 "util/configparser.y" /* yacc.c:1646 */ | |
| 3130 | #line 3132 "util/configparser.c" /* yacc.c:1646 */ | |
| 3131 | break; | |
| 3132 | ||
| 3133 | case 262: | |
| 3134 | #line 871 "util/configparser.y" /* yacc.c:1646 */ | |
| 2779 | 3135 | { |
| 2780 | 3136 | OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); |
| 2781 | 3137 | if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) |
| 2782 | 3138 | yyerror("buffer size expected"); |
| 2783 | 3139 | free((yyvsp[0].str)); |
| 2784 | 3140 | } |
| 2785 | #line 2787 "util/configparser.c" /* yacc.c:1646 */ | |
| 2786 | break; | |
| 2787 | ||
| 2788 | case 221: | |
| 2789 | #line 707 "util/configparser.y" /* yacc.c:1646 */ | |
| 3141 | #line 3143 "util/configparser.c" /* yacc.c:1646 */ | |
| 3142 | break; | |
| 3143 | ||
| 3144 | case 263: | |
| 3145 | #line 879 "util/configparser.y" /* yacc.c:1646 */ | |
| 2790 | 3146 | { |
| 2791 | 3147 | OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); |
| 2792 | 3148 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2795 | 3151 | (strcmp((yyvsp[0].str), "yes")==0); |
| 2796 | 3152 | free((yyvsp[0].str)); |
| 2797 | 3153 | } |
| 2798 | #line 2800 "util/configparser.c" /* yacc.c:1646 */ | |
| 2799 | break; | |
| 2800 | ||
| 2801 | case 222: | |
| 2802 | #line 717 "util/configparser.y" /* yacc.c:1646 */ | |
| 3154 | #line 3156 "util/configparser.c" /* yacc.c:1646 */ | |
| 3155 | break; | |
| 3156 | ||
| 3157 | case 264: | |
| 3158 | #line 889 "util/configparser.y" /* yacc.c:1646 */ | |
| 2803 | 3159 | { |
| 2804 | 3160 | OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); |
| 2805 | 3161 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2808 | 3164 | (strcmp((yyvsp[0].str), "yes")==0); |
| 2809 | 3165 | free((yyvsp[0].str)); |
| 2810 | 3166 | } |
| 2811 | #line 2813 "util/configparser.c" /* yacc.c:1646 */ | |
| 2812 | break; | |
| 2813 | ||
| 2814 | case 223: | |
| 2815 | #line 727 "util/configparser.y" /* yacc.c:1646 */ | |
| 3167 | #line 3169 "util/configparser.c" /* yacc.c:1646 */ | |
| 3168 | break; | |
| 3169 | ||
| 3170 | case 265: | |
| 3171 | #line 899 "util/configparser.y" /* yacc.c:1646 */ | |
| 2816 | 3172 | { |
| 2817 | 3173 | OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); |
| 2818 | 3174 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2821 | 3177 | (strcmp((yyvsp[0].str), "yes")==0); |
| 2822 | 3178 | free((yyvsp[0].str)); |
| 2823 | 3179 | } |
| 2824 | #line 2826 "util/configparser.c" /* yacc.c:1646 */ | |
| 2825 | break; | |
| 2826 | ||
| 2827 | case 224: | |
| 2828 | #line 737 "util/configparser.y" /* yacc.c:1646 */ | |
| 3180 | #line 3182 "util/configparser.c" /* yacc.c:1646 */ | |
| 3181 | break; | |
| 3182 | ||
| 3183 | case 266: | |
| 3184 | #line 909 "util/configparser.y" /* yacc.c:1646 */ | |
| 2829 | 3185 | { |
| 2830 | 3186 | OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); |
| 2831 | 3187 | if(atoi((yyvsp[0].str)) == 0) |
| 2837 | 3193 | else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); |
| 2838 | 3194 | free((yyvsp[0].str)); |
| 2839 | 3195 | } |
| 2840 | #line 2842 "util/configparser.c" /* yacc.c:1646 */ | |
| 2841 | break; | |
| 2842 | ||
| 2843 | case 225: | |
| 2844 | #line 750 "util/configparser.y" /* yacc.c:1646 */ | |
| 3196 | #line 3198 "util/configparser.c" /* yacc.c:1646 */ | |
| 3197 | break; | |
| 3198 | ||
| 3199 | case 267: | |
| 3200 | #line 922 "util/configparser.y" /* yacc.c:1646 */ | |
| 2845 | 3201 | { |
| 2846 | 3202 | OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); |
| 2847 | 3203 | if(atoi((yyvsp[0].str)) == 0) |
| 2851 | 3207 | else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); |
| 2852 | 3208 | free((yyvsp[0].str)); |
| 2853 | 3209 | } |
| 2854 | #line 2856 "util/configparser.c" /* yacc.c:1646 */ | |
| 2855 | break; | |
| 2856 | ||
| 2857 | case 226: | |
| 2858 | #line 761 "util/configparser.y" /* yacc.c:1646 */ | |
| 3210 | #line 3212 "util/configparser.c" /* yacc.c:1646 */ | |
| 3211 | break; | |
| 3212 | ||
| 3213 | case 268: | |
| 3214 | #line 933 "util/configparser.y" /* yacc.c:1646 */ | |
| 2859 | 3215 | { |
| 2860 | 3216 | OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); |
| 2861 | 3217 | if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) |
| 2862 | 3218 | yyerror("memory size expected"); |
| 2863 | 3219 | free((yyvsp[0].str)); |
| 2864 | 3220 | } |
| 2865 | #line 2867 "util/configparser.c" /* yacc.c:1646 */ | |
| 2866 | break; | |
| 2867 | ||
| 2868 | case 227: | |
| 2869 | #line 769 "util/configparser.y" /* yacc.c:1646 */ | |
| 3221 | #line 3223 "util/configparser.c" /* yacc.c:1646 */ | |
| 3222 | break; | |
| 3223 | ||
| 3224 | case 269: | |
| 3225 | #line 941 "util/configparser.y" /* yacc.c:1646 */ | |
| 2870 | 3226 | { |
| 2871 | 3227 | OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); |
| 2872 | 3228 | if(atoi((yyvsp[0].str)) == 0) |
| 2878 | 3234 | } |
| 2879 | 3235 | free((yyvsp[0].str)); |
| 2880 | 3236 | } |
| 2881 | #line 2883 "util/configparser.c" /* yacc.c:1646 */ | |
| 2882 | break; | |
| 2883 | ||
| 2884 | case 228: | |
| 2885 | #line 782 "util/configparser.y" /* yacc.c:1646 */ | |
| 3237 | #line 3239 "util/configparser.c" /* yacc.c:1646 */ | |
| 3238 | break; | |
| 3239 | ||
| 3240 | case 270: | |
| 3241 | #line 954 "util/configparser.y" /* yacc.c:1646 */ | |
| 2886 | 3242 | { |
| 2887 | 3243 | OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); |
| 2888 | 3244 | if(atoi((yyvsp[0].str)) == 0) |
| 2890 | 3246 | else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); |
| 2891 | 3247 | free((yyvsp[0].str)); |
| 2892 | 3248 | } |
| 2893 | #line 2895 "util/configparser.c" /* yacc.c:1646 */ | |
| 2894 | break; | |
| 2895 | ||
| 2896 | case 229: | |
| 2897 | #line 791 "util/configparser.y" /* yacc.c:1646 */ | |
| 3249 | #line 3251 "util/configparser.c" /* yacc.c:1646 */ | |
| 3250 | break; | |
| 3251 | ||
| 3252 | case 271: | |
| 3253 | #line 963 "util/configparser.y" /* yacc.c:1646 */ | |
| 2898 | 3254 | { |
| 2899 | 3255 | OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); |
| 2900 | 3256 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2902 | 3258 | else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); |
| 2903 | 3259 | free((yyvsp[0].str)); |
| 2904 | 3260 | } |
| 2905 | #line 2907 "util/configparser.c" /* yacc.c:1646 */ | |
| 2906 | break; | |
| 2907 | ||
| 2908 | case 230: | |
| 2909 | #line 800 "util/configparser.y" /* yacc.c:1646 */ | |
| 3261 | #line 3263 "util/configparser.c" /* yacc.c:1646 */ | |
| 3262 | break; | |
| 3263 | ||
| 3264 | case 272: | |
| 3265 | #line 972 "util/configparser.y" /* yacc.c:1646 */ | |
| 2910 | 3266 | { |
| 2911 | 3267 | OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); |
| 2912 | 3268 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2914 | 3270 | else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); |
| 2915 | 3271 | free((yyvsp[0].str)); |
| 2916 | 3272 | } |
| 2917 | #line 2919 "util/configparser.c" /* yacc.c:1646 */ | |
| 2918 | break; | |
| 2919 | ||
| 2920 | case 231: | |
| 2921 | #line 809 "util/configparser.y" /* yacc.c:1646 */ | |
| 3273 | #line 3275 "util/configparser.c" /* yacc.c:1646 */ | |
| 3274 | break; | |
| 3275 | ||
| 3276 | case 273: | |
| 3277 | #line 981 "util/configparser.y" /* yacc.c:1646 */ | |
| 2922 | 3278 | { |
| 2923 | 3279 | OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); |
| 2924 | 3280 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2927 | 3283 | (strcmp((yyvsp[0].str), "yes")==0); |
| 2928 | 3284 | free((yyvsp[0].str)); |
| 2929 | 3285 | } |
| 2930 | #line 2932 "util/configparser.c" /* yacc.c:1646 */ | |
| 2931 | break; | |
| 2932 | ||
| 2933 | case 232: | |
| 2934 | #line 819 "util/configparser.y" /* yacc.c:1646 */ | |
| 3286 | #line 3288 "util/configparser.c" /* yacc.c:1646 */ | |
| 3287 | break; | |
| 3288 | ||
| 3289 | case 274: | |
| 3290 | #line 991 "util/configparser.y" /* yacc.c:1646 */ | |
| 2935 | 3291 | { |
| 2936 | 3292 | OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); |
| 2937 | 3293 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 2940 | 3296 | (strcmp((yyvsp[0].str), "yes")==0); |
| 2941 | 3297 | free((yyvsp[0].str)); |
| 2942 | 3298 | } |
| 2943 | #line 2945 "util/configparser.c" /* yacc.c:1646 */ | |
| 2944 | break; | |
| 2945 | ||
| 2946 | case 233: | |
| 2947 | #line 829 "util/configparser.y" /* yacc.c:1646 */ | |
| 3299 | #line 3301 "util/configparser.c" /* yacc.c:1646 */ | |
| 3300 | break; | |
| 3301 | ||
| 3302 | case 275: | |
| 3303 | #line 1001 "util/configparser.y" /* yacc.c:1646 */ | |
| 2948 | 3304 | { |
| 2949 | 3305 | OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); |
| 2950 | 3306 | if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) |
| 2951 | 3307 | yyerror("memory size expected"); |
| 2952 | 3308 | free((yyvsp[0].str)); |
| 2953 | 3309 | } |
| 2954 | #line 2956 "util/configparser.c" /* yacc.c:1646 */ | |
| 2955 | break; | |
| 2956 | ||
| 2957 | case 234: | |
| 2958 | #line 837 "util/configparser.y" /* yacc.c:1646 */ | |
| 3310 | #line 3312 "util/configparser.c" /* yacc.c:1646 */ | |
| 3311 | break; | |
| 3312 | ||
| 3313 | case 276: | |
| 3314 | #line 1009 "util/configparser.y" /* yacc.c:1646 */ | |
| 2959 | 3315 | { |
| 2960 | 3316 | OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); |
| 2961 | 3317 | if(atoi((yyvsp[0].str)) == 0) |
| 2967 | 3323 | } |
| 2968 | 3324 | free((yyvsp[0].str)); |
| 2969 | 3325 | } |
| 2970 | #line 2972 "util/configparser.c" /* yacc.c:1646 */ | |
| 2971 | break; | |
| 2972 | ||
| 2973 | case 235: | |
| 2974 | #line 850 "util/configparser.y" /* yacc.c:1646 */ | |
| 3326 | #line 3328 "util/configparser.c" /* yacc.c:1646 */ | |
| 3327 | break; | |
| 3328 | ||
| 3329 | case 277: | |
| 3330 | #line 1022 "util/configparser.y" /* yacc.c:1646 */ | |
| 2975 | 3331 | { |
| 2976 | 3332 | OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); |
| 2977 | 3333 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 2979 | 3335 | else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); |
| 2980 | 3336 | free((yyvsp[0].str)); |
| 2981 | 3337 | } |
| 2982 | #line 2984 "util/configparser.c" /* yacc.c:1646 */ | |
| 2983 | break; | |
| 2984 | ||
| 2985 | case 236: | |
| 2986 | #line 859 "util/configparser.y" /* yacc.c:1646 */ | |
| 3338 | #line 3340 "util/configparser.c" /* yacc.c:1646 */ | |
| 3339 | break; | |
| 3340 | ||
| 3341 | case 278: | |
| 3342 | #line 1031 "util/configparser.y" /* yacc.c:1646 */ | |
| 2987 | 3343 | { |
| 2988 | 3344 | OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); |
| 2989 | 3345 | verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " |
| 2990 | 3346 | "removed, use infra-host-ttl)", (yyvsp[0].str)); |
| 2991 | 3347 | free((yyvsp[0].str)); |
| 2992 | 3348 | } |
| 2993 | #line 2995 "util/configparser.c" /* yacc.c:1646 */ | |
| 2994 | break; | |
| 2995 | ||
| 2996 | case 237: | |
| 2997 | #line 867 "util/configparser.y" /* yacc.c:1646 */ | |
| 3349 | #line 3351 "util/configparser.c" /* yacc.c:1646 */ | |
| 3350 | break; | |
| 3351 | ||
| 3352 | case 279: | |
| 3353 | #line 1039 "util/configparser.y" /* yacc.c:1646 */ | |
| 2998 | 3354 | { |
| 2999 | 3355 | OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); |
| 3000 | 3356 | if(atoi((yyvsp[0].str)) == 0) |
| 3002 | 3358 | else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); |
| 3003 | 3359 | free((yyvsp[0].str)); |
| 3004 | 3360 | } |
| 3005 | #line 3007 "util/configparser.c" /* yacc.c:1646 */ | |
| 3006 | break; | |
| 3007 | ||
| 3008 | case 238: | |
| 3009 | #line 876 "util/configparser.y" /* yacc.c:1646 */ | |
| 3361 | #line 3363 "util/configparser.c" /* yacc.c:1646 */ | |
| 3362 | break; | |
| 3363 | ||
| 3364 | case 280: | |
| 3365 | #line 1048 "util/configparser.y" /* yacc.c:1646 */ | |
| 3010 | 3366 | { |
| 3011 | 3367 | OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); |
| 3012 | 3368 | verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " |
| 3013 | 3369 | "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); |
| 3014 | 3370 | free((yyvsp[0].str)); |
| 3015 | 3371 | } |
| 3016 | #line 3018 "util/configparser.c" /* yacc.c:1646 */ | |
| 3017 | break; | |
| 3018 | ||
| 3019 | case 239: | |
| 3020 | #line 884 "util/configparser.y" /* yacc.c:1646 */ | |
| 3372 | #line 3374 "util/configparser.c" /* yacc.c:1646 */ | |
| 3373 | break; | |
| 3374 | ||
| 3375 | case 281: | |
| 3376 | #line 1056 "util/configparser.y" /* yacc.c:1646 */ | |
| 3021 | 3377 | { |
| 3022 | 3378 | OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); |
| 3023 | 3379 | if(atoi((yyvsp[0].str)) == 0) |
| 3029 | 3385 | } |
| 3030 | 3386 | free((yyvsp[0].str)); |
| 3031 | 3387 | } |
| 3032 | #line 3034 "util/configparser.c" /* yacc.c:1646 */ | |
| 3033 | break; | |
| 3034 | ||
| 3035 | case 240: | |
| 3036 | #line 897 "util/configparser.y" /* yacc.c:1646 */ | |
| 3388 | #line 3390 "util/configparser.c" /* yacc.c:1646 */ | |
| 3389 | break; | |
| 3390 | ||
| 3391 | case 282: | |
| 3392 | #line 1069 "util/configparser.y" /* yacc.c:1646 */ | |
| 3037 | 3393 | { |
| 3038 | 3394 | OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); |
| 3039 | 3395 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3041 | 3397 | else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); |
| 3042 | 3398 | free((yyvsp[0].str)); |
| 3043 | 3399 | } |
| 3044 | #line 3046 "util/configparser.c" /* yacc.c:1646 */ | |
| 3045 | break; | |
| 3046 | ||
| 3047 | case 241: | |
| 3048 | #line 906 "util/configparser.y" /* yacc.c:1646 */ | |
| 3400 | #line 3402 "util/configparser.c" /* yacc.c:1646 */ | |
| 3401 | break; | |
| 3402 | ||
| 3403 | case 283: | |
| 3404 | #line 1078 "util/configparser.y" /* yacc.c:1646 */ | |
| 3049 | 3405 | { |
| 3050 | 3406 | OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); |
| 3051 | 3407 | free(cfg_parser->cfg->target_fetch_policy); |
| 3052 | 3408 | cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); |
| 3053 | 3409 | } |
| 3054 | #line 3056 "util/configparser.c" /* yacc.c:1646 */ | |
| 3055 | break; | |
| 3056 | ||
| 3057 | case 242: | |
| 3058 | #line 913 "util/configparser.y" /* yacc.c:1646 */ | |
| 3410 | #line 3412 "util/configparser.c" /* yacc.c:1646 */ | |
| 3411 | break; | |
| 3412 | ||
| 3413 | case 284: | |
| 3414 | #line 1085 "util/configparser.y" /* yacc.c:1646 */ | |
| 3059 | 3415 | { |
| 3060 | 3416 | OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); |
| 3061 | 3417 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3064 | 3420 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3065 | 3421 | free((yyvsp[0].str)); |
| 3066 | 3422 | } |
| 3067 | #line 3069 "util/configparser.c" /* yacc.c:1646 */ | |
| 3068 | break; | |
| 3069 | ||
| 3070 | case 243: | |
| 3071 | #line 923 "util/configparser.y" /* yacc.c:1646 */ | |
| 3423 | #line 3425 "util/configparser.c" /* yacc.c:1646 */ | |
| 3424 | break; | |
| 3425 | ||
| 3426 | case 285: | |
| 3427 | #line 1095 "util/configparser.y" /* yacc.c:1646 */ | |
| 3072 | 3428 | { |
| 3073 | 3429 | OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); |
| 3074 | 3430 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3077 | 3433 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3078 | 3434 | free((yyvsp[0].str)); |
| 3079 | 3435 | } |
| 3080 | #line 3082 "util/configparser.c" /* yacc.c:1646 */ | |
| 3081 | break; | |
| 3082 | ||
| 3083 | case 244: | |
| 3084 | #line 933 "util/configparser.y" /* yacc.c:1646 */ | |
| 3436 | #line 3438 "util/configparser.c" /* yacc.c:1646 */ | |
| 3437 | break; | |
| 3438 | ||
| 3439 | case 286: | |
| 3440 | #line 1105 "util/configparser.y" /* yacc.c:1646 */ | |
| 3085 | 3441 | { |
| 3086 | 3442 | OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); |
| 3087 | 3443 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3090 | 3446 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3091 | 3447 | free((yyvsp[0].str)); |
| 3092 | 3448 | } |
| 3093 | #line 3095 "util/configparser.c" /* yacc.c:1646 */ | |
| 3094 | break; | |
| 3095 | ||
| 3096 | case 245: | |
| 3097 | #line 943 "util/configparser.y" /* yacc.c:1646 */ | |
| 3449 | #line 3451 "util/configparser.c" /* yacc.c:1646 */ | |
| 3450 | break; | |
| 3451 | ||
| 3452 | case 287: | |
| 3453 | #line 1115 "util/configparser.y" /* yacc.c:1646 */ | |
| 3098 | 3454 | { |
| 3099 | 3455 | OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); |
| 3100 | 3456 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3103 | 3459 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3104 | 3460 | free((yyvsp[0].str)); |
| 3105 | 3461 | } |
| 3106 | #line 3108 "util/configparser.c" /* yacc.c:1646 */ | |
| 3107 | break; | |
| 3108 | ||
| 3109 | case 246: | |
| 3110 | #line 953 "util/configparser.y" /* yacc.c:1646 */ | |
| 3462 | #line 3464 "util/configparser.c" /* yacc.c:1646 */ | |
| 3463 | break; | |
| 3464 | ||
| 3465 | case 288: | |
| 3466 | #line 1125 "util/configparser.y" /* yacc.c:1646 */ | |
| 3111 | 3467 | { |
| 3112 | 3468 | OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); |
| 3113 | 3469 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3116 | 3472 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3117 | 3473 | free((yyvsp[0].str)); |
| 3118 | 3474 | } |
| 3119 | #line 3121 "util/configparser.c" /* yacc.c:1646 */ | |
| 3120 | break; | |
| 3121 | ||
| 3122 | case 247: | |
| 3123 | #line 963 "util/configparser.y" /* yacc.c:1646 */ | |
| 3475 | #line 3477 "util/configparser.c" /* yacc.c:1646 */ | |
| 3476 | break; | |
| 3477 | ||
| 3478 | case 289: | |
| 3479 | #line 1135 "util/configparser.y" /* yacc.c:1646 */ | |
| 3124 | 3480 | { |
| 3125 | 3481 | OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); |
| 3126 | 3482 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3129 | 3485 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3130 | 3486 | free((yyvsp[0].str)); |
| 3131 | 3487 | } |
| 3132 | #line 3134 "util/configparser.c" /* yacc.c:1646 */ | |
| 3133 | break; | |
| 3134 | ||
| 3135 | case 248: | |
| 3136 | #line 973 "util/configparser.y" /* yacc.c:1646 */ | |
| 3488 | #line 3490 "util/configparser.c" /* yacc.c:1646 */ | |
| 3489 | break; | |
| 3490 | ||
| 3491 | case 290: | |
| 3492 | #line 1145 "util/configparser.y" /* yacc.c:1646 */ | |
| 3137 | 3493 | { |
| 3138 | 3494 | OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); |
| 3139 | 3495 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3142 | 3498 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3143 | 3499 | free((yyvsp[0].str)); |
| 3144 | 3500 | } |
| 3145 | #line 3147 "util/configparser.c" /* yacc.c:1646 */ | |
| 3146 | break; | |
| 3147 | ||
| 3148 | case 249: | |
| 3149 | #line 983 "util/configparser.y" /* yacc.c:1646 */ | |
| 3501 | #line 3503 "util/configparser.c" /* yacc.c:1646 */ | |
| 3502 | break; | |
| 3503 | ||
| 3504 | case 291: | |
| 3505 | #line 1155 "util/configparser.y" /* yacc.c:1646 */ | |
| 3150 | 3506 | { |
| 3151 | 3507 | OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); |
| 3152 | 3508 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3155 | 3511 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3156 | 3512 | free((yyvsp[0].str)); |
| 3157 | 3513 | } |
| 3158 | #line 3160 "util/configparser.c" /* yacc.c:1646 */ | |
| 3159 | break; | |
| 3160 | ||
| 3161 | case 250: | |
| 3162 | #line 993 "util/configparser.y" /* yacc.c:1646 */ | |
| 3514 | #line 3516 "util/configparser.c" /* yacc.c:1646 */ | |
| 3515 | break; | |
| 3516 | ||
| 3517 | case 292: | |
| 3518 | #line 1165 "util/configparser.y" /* yacc.c:1646 */ | |
| 3163 | 3519 | { |
| 3164 | 3520 | OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); |
| 3165 | 3521 | if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) |
| 3166 | 3522 | yyerror("out of memory"); |
| 3167 | 3523 | } |
| 3168 | #line 3170 "util/configparser.c" /* yacc.c:1646 */ | |
| 3169 | break; | |
| 3170 | ||
| 3171 | case 251: | |
| 3172 | #line 1000 "util/configparser.y" /* yacc.c:1646 */ | |
| 3524 | #line 3526 "util/configparser.c" /* yacc.c:1646 */ | |
| 3525 | break; | |
| 3526 | ||
| 3527 | case 293: | |
| 3528 | #line 1172 "util/configparser.y" /* yacc.c:1646 */ | |
| 3173 | 3529 | { |
| 3174 | 3530 | OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); |
| 3175 | 3531 | if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) |
| 3176 | 3532 | yyerror("out of memory"); |
| 3177 | 3533 | } |
| 3178 | #line 3180 "util/configparser.c" /* yacc.c:1646 */ | |
| 3179 | break; | |
| 3180 | ||
| 3181 | case 252: | |
| 3182 | #line 1007 "util/configparser.y" /* yacc.c:1646 */ | |
| 3534 | #line 3536 "util/configparser.c" /* yacc.c:1646 */ | |
| 3535 | break; | |
| 3536 | ||
| 3537 | case 294: | |
| 3538 | #line 1179 "util/configparser.y" /* yacc.c:1646 */ | |
| 3183 | 3539 | { |
| 3184 | 3540 | OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); |
| 3185 | 3541 | if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) |
| 3186 | 3542 | yyerror("out of memory"); |
| 3187 | 3543 | } |
| 3188 | #line 3190 "util/configparser.c" /* yacc.c:1646 */ | |
| 3189 | break; | |
| 3190 | ||
| 3191 | case 253: | |
| 3192 | #line 1014 "util/configparser.y" /* yacc.c:1646 */ | |
| 3544 | #line 3546 "util/configparser.c" /* yacc.c:1646 */ | |
| 3545 | break; | |
| 3546 | ||
| 3547 | case 295: | |
| 3548 | #line 1186 "util/configparser.y" /* yacc.c:1646 */ | |
| 3193 | 3549 | { |
| 3194 | 3550 | OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); |
| 3195 | 3551 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3197 | 3553 | else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); |
| 3198 | 3554 | free((yyvsp[0].str)); |
| 3199 | 3555 | } |
| 3200 | #line 3202 "util/configparser.c" /* yacc.c:1646 */ | |
| 3201 | break; | |
| 3202 | ||
| 3203 | case 254: | |
| 3204 | #line 1023 "util/configparser.y" /* yacc.c:1646 */ | |
| 3556 | #line 3558 "util/configparser.c" /* yacc.c:1646 */ | |
| 3557 | break; | |
| 3558 | ||
| 3559 | case 296: | |
| 3560 | #line 1195 "util/configparser.y" /* yacc.c:1646 */ | |
| 3205 | 3561 | { |
| 3206 | 3562 | OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); |
| 3207 | 3563 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3209 | 3565 | else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); |
| 3210 | 3566 | free((yyvsp[0].str)); |
| 3211 | 3567 | } |
| 3212 | #line 3214 "util/configparser.c" /* yacc.c:1646 */ | |
| 3213 | break; | |
| 3214 | ||
| 3215 | case 255: | |
| 3216 | #line 1032 "util/configparser.y" /* yacc.c:1646 */ | |
| 3568 | #line 3570 "util/configparser.c" /* yacc.c:1646 */ | |
| 3569 | break; | |
| 3570 | ||
| 3571 | case 297: | |
| 3572 | #line 1204 "util/configparser.y" /* yacc.c:1646 */ | |
| 3217 | 3573 | { |
| 3218 | 3574 | OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); |
| 3219 | 3575 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3221 | 3577 | else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); |
| 3222 | 3578 | free((yyvsp[0].str)); |
| 3223 | 3579 | } |
| 3224 | #line 3226 "util/configparser.c" /* yacc.c:1646 */ | |
| 3225 | break; | |
| 3226 | ||
| 3227 | case 256: | |
| 3228 | #line 1041 "util/configparser.y" /* yacc.c:1646 */ | |
| 3580 | #line 3582 "util/configparser.c" /* yacc.c:1646 */ | |
| 3581 | break; | |
| 3582 | ||
| 3583 | case 298: | |
| 3584 | #line 1213 "util/configparser.y" /* yacc.c:1646 */ | |
| 3229 | 3585 | { |
| 3230 | 3586 | OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); |
| 3231 | 3587 | if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) |
| 3232 | 3588 | yyerror("out of memory"); |
| 3233 | 3589 | } |
| 3234 | #line 3236 "util/configparser.c" /* yacc.c:1646 */ | |
| 3235 | break; | |
| 3236 | ||
| 3237 | case 257: | |
| 3238 | #line 1048 "util/configparser.y" /* yacc.c:1646 */ | |
| 3590 | #line 3592 "util/configparser.c" /* yacc.c:1646 */ | |
| 3591 | break; | |
| 3592 | ||
| 3593 | case 299: | |
| 3594 | #line 1220 "util/configparser.y" /* yacc.c:1646 */ | |
| 3239 | 3595 | { |
| 3240 | 3596 | OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); |
| 3241 | 3597 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3244 | 3600 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3245 | 3601 | free((yyvsp[0].str)); |
| 3246 | 3602 | } |
| 3247 | #line 3249 "util/configparser.c" /* yacc.c:1646 */ | |
| 3248 | break; | |
| 3249 | ||
| 3250 | case 258: | |
| 3251 | #line 1058 "util/configparser.y" /* yacc.c:1646 */ | |
| 3603 | #line 3605 "util/configparser.c" /* yacc.c:1646 */ | |
| 3604 | break; | |
| 3605 | ||
| 3606 | case 300: | |
| 3607 | #line 1230 "util/configparser.y" /* yacc.c:1646 */ | |
| 3252 | 3608 | { |
| 3253 | 3609 | OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); |
| 3254 | 3610 | if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && |
| 3264 | 3620 | fatal_exit("out of memory adding acl"); |
| 3265 | 3621 | } |
| 3266 | 3622 | } |
| 3267 | #line 3269 "util/configparser.c" /* yacc.c:1646 */ | |
| 3268 | break; | |
| 3269 | ||
| 3270 | case 259: | |
| 3271 | #line 1075 "util/configparser.y" /* yacc.c:1646 */ | |
| 3623 | #line 3625 "util/configparser.c" /* yacc.c:1646 */ | |
| 3624 | break; | |
| 3625 | ||
| 3626 | case 301: | |
| 3627 | #line 1247 "util/configparser.y" /* yacc.c:1646 */ | |
| 3272 | 3628 | { |
| 3273 | 3629 | OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); |
| 3274 | 3630 | free(cfg_parser->cfg->module_conf); |
| 3275 | 3631 | cfg_parser->cfg->module_conf = (yyvsp[0].str); |
| 3276 | 3632 | } |
| 3277 | #line 3279 "util/configparser.c" /* yacc.c:1646 */ | |
| 3278 | break; | |
| 3279 | ||
| 3280 | case 260: | |
| 3281 | #line 1082 "util/configparser.y" /* yacc.c:1646 */ | |
| 3633 | #line 3635 "util/configparser.c" /* yacc.c:1646 */ | |
| 3634 | break; | |
| 3635 | ||
| 3636 | case 302: | |
| 3637 | #line 1254 "util/configparser.y" /* yacc.c:1646 */ | |
| 3282 | 3638 | { |
| 3283 | 3639 | OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); |
| 3284 | 3640 | if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { |
| 3295 | 3651 | } |
| 3296 | 3652 | free((yyvsp[0].str)); |
| 3297 | 3653 | } |
| 3298 | #line 3300 "util/configparser.c" /* yacc.c:1646 */ | |
| 3299 | break; | |
| 3300 | ||
| 3301 | case 261: | |
| 3302 | #line 1100 "util/configparser.y" /* yacc.c:1646 */ | |
| 3654 | #line 3656 "util/configparser.c" /* yacc.c:1646 */ | |
| 3655 | break; | |
| 3656 | ||
| 3657 | case 303: | |
| 3658 | #line 1272 "util/configparser.y" /* yacc.c:1646 */ | |
| 3303 | 3659 | { |
| 3304 | 3660 | OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); |
| 3305 | 3661 | if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { |
| 3311 | 3667 | } |
| 3312 | 3668 | free((yyvsp[0].str)); |
| 3313 | 3669 | } |
| 3314 | #line 3316 "util/configparser.c" /* yacc.c:1646 */ | |
| 3315 | break; | |
| 3316 | ||
| 3317 | case 262: | |
| 3318 | #line 1113 "util/configparser.y" /* yacc.c:1646 */ | |
| 3670 | #line 3672 "util/configparser.c" /* yacc.c:1646 */ | |
| 3671 | break; | |
| 3672 | ||
| 3673 | case 304: | |
| 3674 | #line 1285 "util/configparser.y" /* yacc.c:1646 */ | |
| 3319 | 3675 | { |
| 3320 | 3676 | OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); |
| 3321 | 3677 | if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { |
| 3327 | 3683 | } |
| 3328 | 3684 | free((yyvsp[0].str)); |
| 3329 | 3685 | } |
| 3330 | #line 3332 "util/configparser.c" /* yacc.c:1646 */ | |
| 3331 | break; | |
| 3332 | ||
| 3333 | case 263: | |
| 3334 | #line 1126 "util/configparser.y" /* yacc.c:1646 */ | |
| 3686 | #line 3688 "util/configparser.c" /* yacc.c:1646 */ | |
| 3687 | break; | |
| 3688 | ||
| 3689 | case 305: | |
| 3690 | #line 1298 "util/configparser.y" /* yacc.c:1646 */ | |
| 3335 | 3691 | { |
| 3336 | 3692 | OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); |
| 3337 | 3693 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3339 | 3695 | else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); |
| 3340 | 3696 | free((yyvsp[0].str)); |
| 3341 | 3697 | } |
| 3342 | #line 3344 "util/configparser.c" /* yacc.c:1646 */ | |
| 3343 | break; | |
| 3344 | ||
| 3345 | case 264: | |
| 3346 | #line 1135 "util/configparser.y" /* yacc.c:1646 */ | |
| 3698 | #line 3700 "util/configparser.c" /* yacc.c:1646 */ | |
| 3699 | break; | |
| 3700 | ||
| 3701 | case 306: | |
| 3702 | #line 1307 "util/configparser.y" /* yacc.c:1646 */ | |
| 3347 | 3703 | { |
| 3348 | 3704 | OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); |
| 3349 | 3705 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3351 | 3707 | else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); |
| 3352 | 3708 | free((yyvsp[0].str)); |
| 3353 | 3709 | } |
| 3354 | #line 3356 "util/configparser.c" /* yacc.c:1646 */ | |
| 3355 | break; | |
| 3356 | ||
| 3357 | case 265: | |
| 3358 | #line 1144 "util/configparser.y" /* yacc.c:1646 */ | |
| 3710 | #line 3712 "util/configparser.c" /* yacc.c:1646 */ | |
| 3711 | break; | |
| 3712 | ||
| 3713 | case 307: | |
| 3714 | #line 1316 "util/configparser.y" /* yacc.c:1646 */ | |
| 3359 | 3715 | { |
| 3360 | 3716 | OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); |
| 3361 | 3717 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3363 | 3719 | else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); |
| 3364 | 3720 | free((yyvsp[0].str)); |
| 3365 | 3721 | } |
| 3366 | #line 3368 "util/configparser.c" /* yacc.c:1646 */ | |
| 3367 | break; | |
| 3368 | ||
| 3369 | case 266: | |
| 3370 | #line 1153 "util/configparser.y" /* yacc.c:1646 */ | |
| 3722 | #line 3724 "util/configparser.c" /* yacc.c:1646 */ | |
| 3723 | break; | |
| 3724 | ||
| 3725 | case 308: | |
| 3726 | #line 1325 "util/configparser.y" /* yacc.c:1646 */ | |
| 3371 | 3727 | { |
| 3372 | 3728 | OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); |
| 3373 | 3729 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3375 | 3731 | else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); |
| 3376 | 3732 | free((yyvsp[0].str)); |
| 3377 | 3733 | } |
| 3378 | #line 3380 "util/configparser.c" /* yacc.c:1646 */ | |
| 3379 | break; | |
| 3380 | ||
| 3381 | case 267: | |
| 3382 | #line 1162 "util/configparser.y" /* yacc.c:1646 */ | |
| 3734 | #line 3736 "util/configparser.c" /* yacc.c:1646 */ | |
| 3735 | break; | |
| 3736 | ||
| 3737 | case 309: | |
| 3738 | #line 1334 "util/configparser.y" /* yacc.c:1646 */ | |
| 3383 | 3739 | { |
| 3384 | 3740 | OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); |
| 3385 | 3741 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3388 | 3744 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3389 | 3745 | free((yyvsp[0].str)); |
| 3390 | 3746 | } |
| 3391 | #line 3393 "util/configparser.c" /* yacc.c:1646 */ | |
| 3392 | break; | |
| 3393 | ||
| 3394 | case 268: | |
| 3395 | #line 1172 "util/configparser.y" /* yacc.c:1646 */ | |
| 3747 | #line 3749 "util/configparser.c" /* yacc.c:1646 */ | |
| 3748 | break; | |
| 3749 | ||
| 3750 | case 310: | |
| 3751 | #line 1344 "util/configparser.y" /* yacc.c:1646 */ | |
| 3396 | 3752 | { |
| 3397 | 3753 | OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); |
| 3398 | 3754 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3401 | 3757 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3402 | 3758 | free((yyvsp[0].str)); |
| 3403 | 3759 | } |
| 3404 | #line 3406 "util/configparser.c" /* yacc.c:1646 */ | |
| 3405 | break; | |
| 3406 | ||
| 3407 | case 269: | |
| 3408 | #line 1182 "util/configparser.y" /* yacc.c:1646 */ | |
| 3760 | #line 3762 "util/configparser.c" /* yacc.c:1646 */ | |
| 3761 | break; | |
| 3762 | ||
| 3763 | case 311: | |
| 3764 | #line 1354 "util/configparser.y" /* yacc.c:1646 */ | |
| 3409 | 3765 | { |
| 3410 | 3766 | OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); |
| 3411 | 3767 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3413 | 3769 | else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); |
| 3414 | 3770 | free((yyvsp[0].str)); |
| 3415 | 3771 | } |
| 3416 | #line 3418 "util/configparser.c" /* yacc.c:1646 */ | |
| 3417 | break; | |
| 3418 | ||
| 3419 | case 270: | |
| 3420 | #line 1191 "util/configparser.y" /* yacc.c:1646 */ | |
| 3772 | #line 3774 "util/configparser.c" /* yacc.c:1646 */ | |
| 3773 | break; | |
| 3774 | ||
| 3775 | case 312: | |
| 3776 | #line 1363 "util/configparser.y" /* yacc.c:1646 */ | |
| 3421 | 3777 | { |
| 3422 | 3778 | OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); |
| 3423 | 3779 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3425 | 3781 | else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); |
| 3426 | 3782 | free((yyvsp[0].str)); |
| 3427 | 3783 | } |
| 3428 | #line 3430 "util/configparser.c" /* yacc.c:1646 */ | |
| 3429 | break; | |
| 3430 | ||
| 3431 | case 271: | |
| 3432 | #line 1200 "util/configparser.y" /* yacc.c:1646 */ | |
| 3784 | #line 3786 "util/configparser.c" /* yacc.c:1646 */ | |
| 3785 | break; | |
| 3786 | ||
| 3787 | case 313: | |
| 3788 | #line 1372 "util/configparser.y" /* yacc.c:1646 */ | |
| 3433 | 3789 | { |
| 3434 | 3790 | OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); |
| 3435 | 3791 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3436 | 3792 | yyerror("expected yes or no."); |
| 3793 | #ifdef HAVE_SSL | |
| 3437 | 3794 | else fake_dsa = (strcmp((yyvsp[0].str), "yes")==0); |
| 3438 | 3795 | if(fake_dsa) |
| 3439 | 3796 | log_warn("test option fake_dsa is enabled"); |
| 3440 | free((yyvsp[0].str)); | |
| 3441 | } | |
| 3442 | #line 3444 "util/configparser.c" /* yacc.c:1646 */ | |
| 3443 | break; | |
| 3444 | ||
| 3445 | case 272: | |
| 3446 | #line 1211 "util/configparser.y" /* yacc.c:1646 */ | |
| 3797 | #endif | |
| 3798 | free((yyvsp[0].str)); | |
| 3799 | } | |
| 3800 | #line 3802 "util/configparser.c" /* yacc.c:1646 */ | |
| 3801 | break; | |
| 3802 | ||
| 3803 | case 314: | |
| 3804 | #line 1385 "util/configparser.y" /* yacc.c:1646 */ | |
| 3805 | { | |
| 3806 | OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); | |
| 3807 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 3808 | yyerror("expected yes or no."); | |
| 3809 | #ifdef HAVE_SSL | |
| 3810 | else fake_sha1 = (strcmp((yyvsp[0].str), "yes")==0); | |
| 3811 | if(fake_sha1) | |
| 3812 | log_warn("test option fake_sha1 is enabled"); | |
| 3813 | #endif | |
| 3814 | free((yyvsp[0].str)); | |
| 3815 | } | |
| 3816 | #line 3818 "util/configparser.c" /* yacc.c:1646 */ | |
| 3817 | break; | |
| 3818 | ||
| 3819 | case 315: | |
| 3820 | #line 1398 "util/configparser.y" /* yacc.c:1646 */ | |
| 3447 | 3821 | { |
| 3448 | 3822 | OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); |
| 3449 | 3823 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3451 | 3825 | else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); |
| 3452 | 3826 | free((yyvsp[0].str)); |
| 3453 | 3827 | } |
| 3454 | #line 3456 "util/configparser.c" /* yacc.c:1646 */ | |
| 3455 | break; | |
| 3456 | ||
| 3457 | case 273: | |
| 3458 | #line 1220 "util/configparser.y" /* yacc.c:1646 */ | |
| 3828 | #line 3830 "util/configparser.c" /* yacc.c:1646 */ | |
| 3829 | break; | |
| 3830 | ||
| 3831 | case 316: | |
| 3832 | #line 1407 "util/configparser.y" /* yacc.c:1646 */ | |
| 3459 | 3833 | { |
| 3460 | 3834 | OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); |
| 3461 | 3835 | free(cfg_parser->cfg->val_nsec3_key_iterations); |
| 3462 | 3836 | cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); |
| 3463 | 3837 | } |
| 3464 | #line 3466 "util/configparser.c" /* yacc.c:1646 */ | |
| 3465 | break; | |
| 3466 | ||
| 3467 | case 274: | |
| 3468 | #line 1227 "util/configparser.y" /* yacc.c:1646 */ | |
| 3838 | #line 3840 "util/configparser.c" /* yacc.c:1646 */ | |
| 3839 | break; | |
| 3840 | ||
| 3841 | case 317: | |
| 3842 | #line 1414 "util/configparser.y" /* yacc.c:1646 */ | |
| 3469 | 3843 | { |
| 3470 | 3844 | OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); |
| 3471 | 3845 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3473 | 3847 | else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); |
| 3474 | 3848 | free((yyvsp[0].str)); |
| 3475 | 3849 | } |
| 3476 | #line 3478 "util/configparser.c" /* yacc.c:1646 */ | |
| 3477 | break; | |
| 3478 | ||
| 3479 | case 275: | |
| 3480 | #line 1236 "util/configparser.y" /* yacc.c:1646 */ | |
| 3850 | #line 3852 "util/configparser.c" /* yacc.c:1646 */ | |
| 3851 | break; | |
| 3852 | ||
| 3853 | case 318: | |
| 3854 | #line 1423 "util/configparser.y" /* yacc.c:1646 */ | |
| 3481 | 3855 | { |
| 3482 | 3856 | OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); |
| 3483 | 3857 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3485 | 3859 | else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); |
| 3486 | 3860 | free((yyvsp[0].str)); |
| 3487 | 3861 | } |
| 3488 | #line 3490 "util/configparser.c" /* yacc.c:1646 */ | |
| 3489 | break; | |
| 3490 | ||
| 3491 | case 276: | |
| 3492 | #line 1245 "util/configparser.y" /* yacc.c:1646 */ | |
| 3862 | #line 3864 "util/configparser.c" /* yacc.c:1646 */ | |
| 3863 | break; | |
| 3864 | ||
| 3865 | case 319: | |
| 3866 | #line 1432 "util/configparser.y" /* yacc.c:1646 */ | |
| 3493 | 3867 | { |
| 3494 | 3868 | OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); |
| 3495 | 3869 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3497 | 3871 | else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); |
| 3498 | 3872 | free((yyvsp[0].str)); |
| 3499 | 3873 | } |
| 3500 | #line 3502 "util/configparser.c" /* yacc.c:1646 */ | |
| 3501 | break; | |
| 3502 | ||
| 3503 | case 277: | |
| 3504 | #line 1254 "util/configparser.y" /* yacc.c:1646 */ | |
| 3874 | #line 3876 "util/configparser.c" /* yacc.c:1646 */ | |
| 3875 | break; | |
| 3876 | ||
| 3877 | case 320: | |
| 3878 | #line 1441 "util/configparser.y" /* yacc.c:1646 */ | |
| 3505 | 3879 | { |
| 3506 | 3880 | OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); |
| 3507 | 3881 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3510 | 3884 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3511 | 3885 | free((yyvsp[0].str)); |
| 3512 | 3886 | } |
| 3513 | #line 3515 "util/configparser.c" /* yacc.c:1646 */ | |
| 3514 | break; | |
| 3515 | ||
| 3516 | case 278: | |
| 3517 | #line 1263 "util/configparser.y" /* yacc.c:1646 */ | |
| 3887 | #line 3889 "util/configparser.c" /* yacc.c:1646 */ | |
| 3888 | break; | |
| 3889 | ||
| 3890 | case 321: | |
| 3891 | #line 1450 "util/configparser.y" /* yacc.c:1646 */ | |
| 3518 | 3892 | { |
| 3519 | 3893 | OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); |
| 3520 | 3894 | if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) |
| 3521 | 3895 | yyerror("memory size expected"); |
| 3522 | 3896 | free((yyvsp[0].str)); |
| 3523 | 3897 | } |
| 3524 | #line 3526 "util/configparser.c" /* yacc.c:1646 */ | |
| 3525 | break; | |
| 3526 | ||
| 3527 | case 279: | |
| 3528 | #line 1271 "util/configparser.y" /* yacc.c:1646 */ | |
| 3898 | #line 3900 "util/configparser.c" /* yacc.c:1646 */ | |
| 3899 | break; | |
| 3900 | ||
| 3901 | case 322: | |
| 3902 | #line 1458 "util/configparser.y" /* yacc.c:1646 */ | |
| 3529 | 3903 | { |
| 3530 | 3904 | OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); |
| 3531 | 3905 | if(atoi((yyvsp[0].str)) == 0) |
| 3537 | 3911 | } |
| 3538 | 3912 | free((yyvsp[0].str)); |
| 3539 | 3913 | } |
| 3540 | #line 3542 "util/configparser.c" /* yacc.c:1646 */ | |
| 3541 | break; | |
| 3542 | ||
| 3543 | case 280: | |
| 3544 | #line 1284 "util/configparser.y" /* yacc.c:1646 */ | |
| 3914 | #line 3916 "util/configparser.c" /* yacc.c:1646 */ | |
| 3915 | break; | |
| 3916 | ||
| 3917 | case 323: | |
| 3918 | #line 1471 "util/configparser.y" /* yacc.c:1646 */ | |
| 3545 | 3919 | { |
| 3546 | 3920 | OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); |
| 3547 | 3921 | if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) |
| 3548 | 3922 | yyerror("memory size expected"); |
| 3549 | 3923 | free((yyvsp[0].str)); |
| 3550 | 3924 | } |
| 3551 | #line 3553 "util/configparser.c" /* yacc.c:1646 */ | |
| 3552 | break; | |
| 3553 | ||
| 3554 | case 281: | |
| 3555 | #line 1292 "util/configparser.y" /* yacc.c:1646 */ | |
| 3925 | #line 3927 "util/configparser.c" /* yacc.c:1646 */ | |
| 3926 | break; | |
| 3927 | ||
| 3928 | case 324: | |
| 3929 | #line 1479 "util/configparser.y" /* yacc.c:1646 */ | |
| 3556 | 3930 | { |
| 3557 | 3931 | OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); |
| 3558 | 3932 | if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && |
| 3579 | 3953 | fatal_exit("out of memory adding local-zone"); |
| 3580 | 3954 | } |
| 3581 | 3955 | } |
| 3582 | #line 3584 "util/configparser.c" /* yacc.c:1646 */ | |
| 3583 | break; | |
| 3584 | ||
| 3585 | case 282: | |
| 3586 | #line 1320 "util/configparser.y" /* yacc.c:1646 */ | |
| 3956 | #line 3958 "util/configparser.c" /* yacc.c:1646 */ | |
| 3957 | break; | |
| 3958 | ||
| 3959 | case 325: | |
| 3960 | #line 1507 "util/configparser.y" /* yacc.c:1646 */ | |
| 3587 | 3961 | { |
| 3588 | 3962 | OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); |
| 3589 | 3963 | if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) |
| 3590 | 3964 | fatal_exit("out of memory adding local-data"); |
| 3591 | 3965 | } |
| 3592 | #line 3594 "util/configparser.c" /* yacc.c:1646 */ | |
| 3593 | break; | |
| 3594 | ||
| 3595 | case 283: | |
| 3596 | #line 1327 "util/configparser.y" /* yacc.c:1646 */ | |
| 3966 | #line 3968 "util/configparser.c" /* yacc.c:1646 */ | |
| 3967 | break; | |
| 3968 | ||
| 3969 | case 326: | |
| 3970 | #line 1514 "util/configparser.y" /* yacc.c:1646 */ | |
| 3597 | 3971 | { |
| 3598 | 3972 | char* ptr; |
| 3599 | 3973 | OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); |
| 3607 | 3981 | yyerror("local-data-ptr could not be reversed"); |
| 3608 | 3982 | } |
| 3609 | 3983 | } |
| 3610 | #line 3612 "util/configparser.c" /* yacc.c:1646 */ | |
| 3611 | break; | |
| 3612 | ||
| 3613 | case 284: | |
| 3614 | #line 1342 "util/configparser.y" /* yacc.c:1646 */ | |
| 3984 | #line 3986 "util/configparser.c" /* yacc.c:1646 */ | |
| 3985 | break; | |
| 3986 | ||
| 3987 | case 327: | |
| 3988 | #line 1529 "util/configparser.y" /* yacc.c:1646 */ | |
| 3615 | 3989 | { |
| 3616 | 3990 | OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); |
| 3617 | 3991 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3620 | 3994 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3621 | 3995 | free((yyvsp[0].str)); |
| 3622 | 3996 | } |
| 3623 | #line 3625 "util/configparser.c" /* yacc.c:1646 */ | |
| 3624 | break; | |
| 3625 | ||
| 3626 | case 285: | |
| 3627 | #line 1352 "util/configparser.y" /* yacc.c:1646 */ | |
| 3997 | #line 3999 "util/configparser.c" /* yacc.c:1646 */ | |
| 3998 | break; | |
| 3999 | ||
| 4000 | case 328: | |
| 4001 | #line 1539 "util/configparser.y" /* yacc.c:1646 */ | |
| 3628 | 4002 | { |
| 3629 | 4003 | OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); |
| 3630 | 4004 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3633 | 4007 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3634 | 4008 | free((yyvsp[0].str)); |
| 3635 | 4009 | } |
| 3636 | #line 3638 "util/configparser.c" /* yacc.c:1646 */ | |
| 3637 | break; | |
| 3638 | ||
| 3639 | case 286: | |
| 3640 | #line 1362 "util/configparser.y" /* yacc.c:1646 */ | |
| 4010 | #line 4012 "util/configparser.c" /* yacc.c:1646 */ | |
| 4011 | break; | |
| 4012 | ||
| 4013 | case 329: | |
| 4014 | #line 1549 "util/configparser.y" /* yacc.c:1646 */ | |
| 3641 | 4015 | { |
| 3642 | 4016 | OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); |
| 3643 | 4017 | cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); |
| 3644 | 4018 | free((yyvsp[0].str)); |
| 3645 | 4019 | } |
| 3646 | #line 3648 "util/configparser.c" /* yacc.c:1646 */ | |
| 3647 | break; | |
| 3648 | ||
| 3649 | case 287: | |
| 3650 | #line 1369 "util/configparser.y" /* yacc.c:1646 */ | |
| 4020 | #line 4022 "util/configparser.c" /* yacc.c:1646 */ | |
| 4021 | break; | |
| 4022 | ||
| 4023 | case 330: | |
| 4024 | #line 1556 "util/configparser.y" /* yacc.c:1646 */ | |
| 3651 | 4025 | { |
| 3652 | 4026 | OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); |
| 3653 | 4027 | free(cfg_parser->cfg->dns64_prefix); |
| 3654 | 4028 | cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); |
| 3655 | 4029 | } |
| 3656 | #line 3658 "util/configparser.c" /* yacc.c:1646 */ | |
| 3657 | break; | |
| 3658 | ||
| 3659 | case 288: | |
| 3660 | #line 1376 "util/configparser.y" /* yacc.c:1646 */ | |
| 4030 | #line 4032 "util/configparser.c" /* yacc.c:1646 */ | |
| 4031 | break; | |
| 4032 | ||
| 4033 | case 331: | |
| 4034 | #line 1563 "util/configparser.y" /* yacc.c:1646 */ | |
| 3661 | 4035 | { |
| 3662 | 4036 | OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); |
| 3663 | 4037 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3665 | 4039 | else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); |
| 3666 | 4040 | free((yyvsp[0].str)); |
| 3667 | 4041 | } |
| 3668 | #line 3670 "util/configparser.c" /* yacc.c:1646 */ | |
| 3669 | break; | |
| 3670 | ||
| 3671 | case 289: | |
| 3672 | #line 1385 "util/configparser.y" /* yacc.c:1646 */ | |
| 4042 | #line 4044 "util/configparser.c" /* yacc.c:1646 */ | |
| 4043 | break; | |
| 4044 | ||
| 4045 | case 332: | |
| 4046 | #line 1572 "util/configparser.y" /* yacc.c:1646 */ | |
| 3673 | 4047 | { |
| 3674 | 4048 | char* p, *s = (yyvsp[0].str); |
| 3675 | 4049 | OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); |
| 3682 | 4056 | } |
| 3683 | 4057 | free((yyvsp[0].str)); |
| 3684 | 4058 | } |
| 3685 | #line 3687 "util/configparser.c" /* yacc.c:1646 */ | |
| 3686 | break; | |
| 3687 | ||
| 3688 | case 290: | |
| 3689 | #line 1399 "util/configparser.y" /* yacc.c:1646 */ | |
| 4059 | #line 4061 "util/configparser.c" /* yacc.c:1646 */ | |
| 4060 | break; | |
| 4061 | ||
| 4062 | case 333: | |
| 4063 | #line 1586 "util/configparser.y" /* yacc.c:1646 */ | |
| 3690 | 4064 | { |
| 3691 | 4065 | size_t len = 0; |
| 3692 | 4066 | uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), |
| 3704 | 4078 | } |
| 3705 | 4079 | } |
| 3706 | 4080 | } |
| 3707 | #line 3709 "util/configparser.c" /* yacc.c:1646 */ | |
| 3708 | break; | |
| 3709 | ||
| 3710 | case 291: | |
| 3711 | #line 1418 "util/configparser.y" /* yacc.c:1646 */ | |
| 4081 | #line 4083 "util/configparser.c" /* yacc.c:1646 */ | |
| 4082 | break; | |
| 4083 | ||
| 4084 | case 334: | |
| 4085 | #line 1605 "util/configparser.y" /* yacc.c:1646 */ | |
| 3712 | 4086 | { |
| 3713 | 4087 | size_t len = 0; |
| 3714 | 4088 | uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), |
| 3726 | 4100 | } |
| 3727 | 4101 | } |
| 3728 | 4102 | } |
| 3729 | #line 3731 "util/configparser.c" /* yacc.c:1646 */ | |
| 3730 | break; | |
| 3731 | ||
| 3732 | case 292: | |
| 3733 | #line 1437 "util/configparser.y" /* yacc.c:1646 */ | |
| 4103 | #line 4105 "util/configparser.c" /* yacc.c:1646 */ | |
| 4104 | break; | |
| 4105 | ||
| 4106 | case 335: | |
| 4107 | #line 1624 "util/configparser.y" /* yacc.c:1646 */ | |
| 3734 | 4108 | { |
| 3735 | 4109 | OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); |
| 3736 | 4110 | if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, |
| 3741 | 4115 | free((yyvsp[0].str)); |
| 3742 | 4116 | } |
| 3743 | 4117 | } |
| 3744 | #line 3746 "util/configparser.c" /* yacc.c:1646 */ | |
| 3745 | break; | |
| 3746 | ||
| 3747 | case 293: | |
| 3748 | #line 1449 "util/configparser.y" /* yacc.c:1646 */ | |
| 4118 | #line 4120 "util/configparser.c" /* yacc.c:1646 */ | |
| 4119 | break; | |
| 4120 | ||
| 4121 | case 336: | |
| 4122 | #line 1636 "util/configparser.y" /* yacc.c:1646 */ | |
| 3749 | 4123 | { |
| 3750 | 4124 | OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); |
| 3751 | 4125 | if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, |
| 3756 | 4130 | free((yyvsp[0].str)); |
| 3757 | 4131 | } |
| 3758 | 4132 | } |
| 3759 | #line 3761 "util/configparser.c" /* yacc.c:1646 */ | |
| 3760 | break; | |
| 3761 | ||
| 3762 | case 294: | |
| 3763 | #line 1461 "util/configparser.y" /* yacc.c:1646 */ | |
| 4133 | #line 4135 "util/configparser.c" /* yacc.c:1646 */ | |
| 4134 | break; | |
| 4135 | ||
| 4136 | case 337: | |
| 4137 | #line 1648 "util/configparser.y" /* yacc.c:1646 */ | |
| 3764 | 4138 | { |
| 3765 | 4139 | OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); |
| 3766 | 4140 | if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, |
| 3771 | 4145 | free((yyvsp[0].str)); |
| 3772 | 4146 | } |
| 3773 | 4147 | } |
| 3774 | #line 3776 "util/configparser.c" /* yacc.c:1646 */ | |
| 3775 | break; | |
| 3776 | ||
| 3777 | case 295: | |
| 3778 | #line 1473 "util/configparser.y" /* yacc.c:1646 */ | |
| 4148 | #line 4150 "util/configparser.c" /* yacc.c:1646 */ | |
| 4149 | break; | |
| 4150 | ||
| 4151 | case 338: | |
| 4152 | #line 1660 "util/configparser.y" /* yacc.c:1646 */ | |
| 3779 | 4153 | { |
| 3780 | 4154 | OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); |
| 3781 | 4155 | if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, |
| 3785 | 4159 | free((yyvsp[0].str)); |
| 3786 | 4160 | } |
| 3787 | 4161 | } |
| 3788 | #line 3790 "util/configparser.c" /* yacc.c:1646 */ | |
| 3789 | break; | |
| 3790 | ||
| 3791 | case 296: | |
| 3792 | #line 1484 "util/configparser.y" /* yacc.c:1646 */ | |
| 4162 | #line 4164 "util/configparser.c" /* yacc.c:1646 */ | |
| 4163 | break; | |
| 4164 | ||
| 4165 | case 339: | |
| 4166 | #line 1671 "util/configparser.y" /* yacc.c:1646 */ | |
| 4167 | { | |
| 4168 | size_t len = 0; | |
| 4169 | uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), | |
| 4170 | &len); | |
| 4171 | free((yyvsp[0].str)); | |
| 4172 | OUTYY(("P(response_ip_tag:%s)\n", (yyvsp[-1].str))); | |
| 4173 | if(!bitlist) | |
| 4174 | yyerror("could not parse tags, (define-tag them first)"); | |
| 4175 | if(bitlist) { | |
| 4176 | if(!cfg_strbytelist_insert( | |
| 4177 | &cfg_parser->cfg->respip_tags, | |
| 4178 | (yyvsp[-1].str), bitlist, len)) { | |
| 4179 | yyerror("out of memory"); | |
| 4180 | free((yyvsp[-1].str)); | |
| 4181 | } | |
| 4182 | } | |
| 4183 | } | |
| 4184 | #line 4186 "util/configparser.c" /* yacc.c:1646 */ | |
| 4185 | break; | |
| 4186 | ||
| 4187 | case 340: | |
| 4188 | #line 1690 "util/configparser.y" /* yacc.c:1646 */ | |
| 4189 | { | |
| 4190 | OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); | |
| 4191 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) | |
| 4192 | yyerror("number expected"); | |
| 4193 | else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); | |
| 4194 | free((yyvsp[0].str)); | |
| 4195 | } | |
| 4196 | #line 4198 "util/configparser.c" /* yacc.c:1646 */ | |
| 4197 | break; | |
| 4198 | ||
| 4199 | case 341: | |
| 4200 | #line 1700 "util/configparser.y" /* yacc.c:1646 */ | |
| 3793 | 4201 | { |
| 3794 | 4202 | OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); |
| 3795 | 4203 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3797 | 4205 | else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); |
| 3798 | 4206 | free((yyvsp[0].str)); |
| 3799 | 4207 | } |
| 3800 | #line 3802 "util/configparser.c" /* yacc.c:1646 */ | |
| 3801 | break; | |
| 3802 | ||
| 3803 | case 297: | |
| 3804 | #line 1493 "util/configparser.y" /* yacc.c:1646 */ | |
| 4208 | #line 4210 "util/configparser.c" /* yacc.c:1646 */ | |
| 4209 | break; | |
| 4210 | ||
| 4211 | case 342: | |
| 4212 | #line 1709 "util/configparser.y" /* yacc.c:1646 */ | |
| 4213 | { | |
| 4214 | OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); | |
| 4215 | if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) | |
| 4216 | yyerror("memory size expected"); | |
| 4217 | free((yyvsp[0].str)); | |
| 4218 | } | |
| 4219 | #line 4221 "util/configparser.c" /* yacc.c:1646 */ | |
| 4220 | break; | |
| 4221 | ||
| 4222 | case 343: | |
| 4223 | #line 1717 "util/configparser.y" /* yacc.c:1646 */ | |
| 3805 | 4224 | { |
| 3806 | 4225 | OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); |
| 3807 | 4226 | if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) |
| 3808 | 4227 | yyerror("memory size expected"); |
| 3809 | 4228 | free((yyvsp[0].str)); |
| 3810 | 4229 | } |
| 3811 | #line 3813 "util/configparser.c" /* yacc.c:1646 */ | |
| 3812 | break; | |
| 3813 | ||
| 3814 | case 298: | |
| 3815 | #line 1501 "util/configparser.y" /* yacc.c:1646 */ | |
| 4230 | #line 4232 "util/configparser.c" /* yacc.c:1646 */ | |
| 4231 | break; | |
| 4232 | ||
| 4233 | case 344: | |
| 4234 | #line 1725 "util/configparser.y" /* yacc.c:1646 */ | |
| 4235 | { | |
| 4236 | OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); | |
| 4237 | if(atoi((yyvsp[0].str)) == 0) | |
| 4238 | yyerror("number expected"); | |
| 4239 | else { | |
| 4240 | cfg_parser->cfg->ip_ratelimit_slabs = atoi((yyvsp[0].str)); | |
| 4241 | if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs)) | |
| 4242 | yyerror("must be a power of 2"); | |
| 4243 | } | |
| 4244 | free((yyvsp[0].str)); | |
| 4245 | } | |
| 4246 | #line 4248 "util/configparser.c" /* yacc.c:1646 */ | |
| 4247 | break; | |
| 4248 | ||
| 4249 | case 345: | |
| 4250 | #line 1738 "util/configparser.y" /* yacc.c:1646 */ | |
| 3816 | 4251 | { |
| 3817 | 4252 | OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); |
| 3818 | 4253 | if(atoi((yyvsp[0].str)) == 0) |
| 3824 | 4259 | } |
| 3825 | 4260 | free((yyvsp[0].str)); |
| 3826 | 4261 | } |
| 3827 | #line 3829 "util/configparser.c" /* yacc.c:1646 */ | |
| 3828 | break; | |
| 3829 | ||
| 3830 | case 299: | |
| 3831 | #line 1514 "util/configparser.y" /* yacc.c:1646 */ | |
| 4262 | #line 4264 "util/configparser.c" /* yacc.c:1646 */ | |
| 4263 | break; | |
| 4264 | ||
| 4265 | case 346: | |
| 4266 | #line 1751 "util/configparser.y" /* yacc.c:1646 */ | |
| 3832 | 4267 | { |
| 3833 | 4268 | OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); |
| 3834 | 4269 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { |
| 3840 | 4275 | "ratelimit-for-domain"); |
| 3841 | 4276 | } |
| 3842 | 4277 | } |
| 3843 | #line 3845 "util/configparser.c" /* yacc.c:1646 */ | |
| 3844 | break; | |
| 3845 | ||
| 3846 | case 300: | |
| 3847 | #line 1527 "util/configparser.y" /* yacc.c:1646 */ | |
| 4278 | #line 4280 "util/configparser.c" /* yacc.c:1646 */ | |
| 4279 | break; | |
| 4280 | ||
| 4281 | case 347: | |
| 4282 | #line 1764 "util/configparser.y" /* yacc.c:1646 */ | |
| 3848 | 4283 | { |
| 3849 | 4284 | OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); |
| 3850 | 4285 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { |
| 3856 | 4291 | "ratelimit-below-domain"); |
| 3857 | 4292 | } |
| 3858 | 4293 | } |
| 3859 | #line 3861 "util/configparser.c" /* yacc.c:1646 */ | |
| 3860 | break; | |
| 3861 | ||
| 3862 | case 301: | |
| 3863 | #line 1540 "util/configparser.y" /* yacc.c:1646 */ | |
| 4294 | #line 4296 "util/configparser.c" /* yacc.c:1646 */ | |
| 4295 | break; | |
| 4296 | ||
| 4297 | case 348: | |
| 4298 | #line 1777 "util/configparser.y" /* yacc.c:1646 */ | |
| 4299 | { | |
| 4300 | OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); | |
| 4301 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) | |
| 4302 | yyerror("number expected"); | |
| 4303 | else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); | |
| 4304 | free((yyvsp[0].str)); | |
| 4305 | } | |
| 4306 | #line 4308 "util/configparser.c" /* yacc.c:1646 */ | |
| 4307 | break; | |
| 4308 | ||
| 4309 | case 349: | |
| 4310 | #line 1786 "util/configparser.y" /* yacc.c:1646 */ | |
| 3864 | 4311 | { |
| 3865 | 4312 | OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); |
| 3866 | 4313 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) |
| 3868 | 4315 | else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); |
| 3869 | 4316 | free((yyvsp[0].str)); |
| 3870 | 4317 | } |
| 3871 | #line 3873 "util/configparser.c" /* yacc.c:1646 */ | |
| 3872 | break; | |
| 3873 | ||
| 3874 | case 302: | |
| 3875 | #line 1549 "util/configparser.y" /* yacc.c:1646 */ | |
| 4318 | #line 4320 "util/configparser.c" /* yacc.c:1646 */ | |
| 4319 | break; | |
| 4320 | ||
| 4321 | case 350: | |
| 4322 | #line 1795 "util/configparser.y" /* yacc.c:1646 */ | |
| 3876 | 4323 | { |
| 3877 | 4324 | OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); |
| 3878 | 4325 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3881 | 4328 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3882 | 4329 | free((yyvsp[0].str)); |
| 3883 | 4330 | } |
| 3884 | #line 3886 "util/configparser.c" /* yacc.c:1646 */ | |
| 3885 | break; | |
| 3886 | ||
| 3887 | case 303: | |
| 3888 | #line 1559 "util/configparser.y" /* yacc.c:1646 */ | |
| 4331 | #line 4333 "util/configparser.c" /* yacc.c:1646 */ | |
| 4332 | break; | |
| 4333 | ||
| 4334 | case 351: | |
| 4335 | #line 1805 "util/configparser.y" /* yacc.c:1646 */ | |
| 3889 | 4336 | { |
| 3890 | 4337 | OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); |
| 3891 | 4338 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3894 | 4341 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3895 | 4342 | free((yyvsp[0].str)); |
| 3896 | 4343 | } |
| 3897 | #line 3899 "util/configparser.c" /* yacc.c:1646 */ | |
| 3898 | break; | |
| 3899 | ||
| 3900 | case 304: | |
| 3901 | #line 1569 "util/configparser.y" /* yacc.c:1646 */ | |
| 4344 | #line 4346 "util/configparser.c" /* yacc.c:1646 */ | |
| 4345 | break; | |
| 4346 | ||
| 4347 | case 352: | |
| 4348 | #line 1815 "util/configparser.y" /* yacc.c:1646 */ | |
| 4349 | { | |
| 4350 | #ifdef USE_IPSECMOD | |
| 4351 | OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); | |
| 4352 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 4353 | yyerror("expected yes or no."); | |
| 4354 | else cfg_parser->cfg->ipsecmod_enabled = (strcmp((yyvsp[0].str), "yes")==0); | |
| 4355 | free((yyvsp[0].str)); | |
| 4356 | #else | |
| 4357 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 4358 | #endif | |
| 4359 | } | |
| 4360 | #line 4362 "util/configparser.c" /* yacc.c:1646 */ | |
| 4361 | break; | |
| 4362 | ||
| 4363 | case 353: | |
| 4364 | #line 1828 "util/configparser.y" /* yacc.c:1646 */ | |
| 4365 | { | |
| 4366 | #ifdef USE_IPSECMOD | |
| 4367 | OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); | |
| 4368 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 4369 | yyerror("expected yes or no."); | |
| 4370 | else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp((yyvsp[0].str), "yes")==0); | |
| 4371 | free((yyvsp[0].str)); | |
| 4372 | #else | |
| 4373 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 4374 | #endif | |
| 4375 | } | |
| 4376 | #line 4378 "util/configparser.c" /* yacc.c:1646 */ | |
| 4377 | break; | |
| 4378 | ||
| 4379 | case 354: | |
| 4380 | #line 1841 "util/configparser.y" /* yacc.c:1646 */ | |
| 4381 | { | |
| 4382 | #ifdef USE_IPSECMOD | |
| 4383 | OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); | |
| 4384 | free(cfg_parser->cfg->ipsecmod_hook); | |
| 4385 | cfg_parser->cfg->ipsecmod_hook = (yyvsp[0].str); | |
| 4386 | #else | |
| 4387 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 4388 | #endif | |
| 4389 | } | |
| 4390 | #line 4392 "util/configparser.c" /* yacc.c:1646 */ | |
| 4391 | break; | |
| 4392 | ||
| 4393 | case 355: | |
| 4394 | #line 1852 "util/configparser.y" /* yacc.c:1646 */ | |
| 4395 | { | |
| 4396 | #ifdef USE_IPSECMOD | |
| 4397 | OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); | |
| 4398 | if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) | |
| 4399 | yyerror("number expected"); | |
| 4400 | else cfg_parser->cfg->ipsecmod_max_ttl = atoi((yyvsp[0].str)); | |
| 4401 | free((yyvsp[0].str)); | |
| 4402 | #else | |
| 4403 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 4404 | #endif | |
| 4405 | } | |
| 4406 | #line 4408 "util/configparser.c" /* yacc.c:1646 */ | |
| 4407 | break; | |
| 4408 | ||
| 4409 | case 356: | |
| 4410 | #line 1865 "util/configparser.y" /* yacc.c:1646 */ | |
| 4411 | { | |
| 4412 | #ifdef USE_IPSECMOD | |
| 4413 | OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); | |
| 4414 | if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, (yyvsp[0].str))) | |
| 4415 | yyerror("out of memory"); | |
| 4416 | #else | |
| 4417 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 4418 | #endif | |
| 4419 | } | |
| 4420 | #line 4422 "util/configparser.c" /* yacc.c:1646 */ | |
| 4421 | break; | |
| 4422 | ||
| 4423 | case 357: | |
| 4424 | #line 1876 "util/configparser.y" /* yacc.c:1646 */ | |
| 4425 | { | |
| 4426 | #ifdef USE_IPSECMOD | |
| 4427 | OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); | |
| 4428 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 4429 | yyerror("expected yes or no."); | |
| 4430 | else cfg_parser->cfg->ipsecmod_strict = (strcmp((yyvsp[0].str), "yes")==0); | |
| 4431 | free((yyvsp[0].str)); | |
| 4432 | #else | |
| 4433 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 4434 | #endif | |
| 4435 | } | |
| 4436 | #line 4438 "util/configparser.c" /* yacc.c:1646 */ | |
| 4437 | break; | |
| 4438 | ||
| 4439 | case 358: | |
| 4440 | #line 1889 "util/configparser.y" /* yacc.c:1646 */ | |
| 3902 | 4441 | { |
| 3903 | 4442 | OUTYY(("P(name:%s)\n", (yyvsp[0].str))); |
| 3904 | 4443 | if(cfg_parser->cfg->stubs->name) |
| 3907 | 4446 | free(cfg_parser->cfg->stubs->name); |
| 3908 | 4447 | cfg_parser->cfg->stubs->name = (yyvsp[0].str); |
| 3909 | 4448 | } |
| 3910 | #line 3912 "util/configparser.c" /* yacc.c:1646 */ | |
| 3911 | break; | |
| 3912 | ||
| 3913 | case 305: | |
| 3914 | #line 1579 "util/configparser.y" /* yacc.c:1646 */ | |
| 4449 | #line 4451 "util/configparser.c" /* yacc.c:1646 */ | |
| 4450 | break; | |
| 4451 | ||
| 4452 | case 359: | |
| 4453 | #line 1899 "util/configparser.y" /* yacc.c:1646 */ | |
| 3915 | 4454 | { |
| 3916 | 4455 | OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); |
| 3917 | 4456 | if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) |
| 3918 | 4457 | yyerror("out of memory"); |
| 3919 | 4458 | } |
| 3920 | #line 3922 "util/configparser.c" /* yacc.c:1646 */ | |
| 3921 | break; | |
| 3922 | ||
| 3923 | case 306: | |
| 3924 | #line 1586 "util/configparser.y" /* yacc.c:1646 */ | |
| 4459 | #line 4461 "util/configparser.c" /* yacc.c:1646 */ | |
| 4460 | break; | |
| 4461 | ||
| 4462 | case 360: | |
| 4463 | #line 1906 "util/configparser.y" /* yacc.c:1646 */ | |
| 3925 | 4464 | { |
| 3926 | 4465 | OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); |
| 3927 | 4466 | if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) |
| 3928 | 4467 | yyerror("out of memory"); |
| 3929 | 4468 | } |
| 3930 | #line 3932 "util/configparser.c" /* yacc.c:1646 */ | |
| 3931 | break; | |
| 3932 | ||
| 3933 | case 307: | |
| 3934 | #line 1593 "util/configparser.y" /* yacc.c:1646 */ | |
| 4469 | #line 4471 "util/configparser.c" /* yacc.c:1646 */ | |
| 4470 | break; | |
| 4471 | ||
| 4472 | case 361: | |
| 4473 | #line 1913 "util/configparser.y" /* yacc.c:1646 */ | |
| 3935 | 4474 | { |
| 3936 | 4475 | OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); |
| 3937 | 4476 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3939 | 4478 | else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); |
| 3940 | 4479 | free((yyvsp[0].str)); |
| 3941 | 4480 | } |
| 3942 | #line 3944 "util/configparser.c" /* yacc.c:1646 */ | |
| 3943 | break; | |
| 3944 | ||
| 3945 | case 308: | |
| 3946 | #line 1602 "util/configparser.y" /* yacc.c:1646 */ | |
| 4481 | #line 4483 "util/configparser.c" /* yacc.c:1646 */ | |
| 4482 | break; | |
| 4483 | ||
| 4484 | case 362: | |
| 4485 | #line 1922 "util/configparser.y" /* yacc.c:1646 */ | |
| 3947 | 4486 | { |
| 3948 | 4487 | OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); |
| 3949 | 4488 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3952 | 4491 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3953 | 4492 | free((yyvsp[0].str)); |
| 3954 | 4493 | } |
| 3955 | #line 3957 "util/configparser.c" /* yacc.c:1646 */ | |
| 3956 | break; | |
| 3957 | ||
| 3958 | case 309: | |
| 3959 | #line 1612 "util/configparser.y" /* yacc.c:1646 */ | |
| 4494 | #line 4496 "util/configparser.c" /* yacc.c:1646 */ | |
| 4495 | break; | |
| 4496 | ||
| 4497 | case 363: | |
| 4498 | #line 1932 "util/configparser.y" /* yacc.c:1646 */ | |
| 3960 | 4499 | { |
| 3961 | 4500 | OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); |
| 3962 | 4501 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 3965 | 4504 | (strcmp((yyvsp[0].str), "yes")==0); |
| 3966 | 4505 | free((yyvsp[0].str)); |
| 3967 | 4506 | } |
| 3968 | #line 3970 "util/configparser.c" /* yacc.c:1646 */ | |
| 3969 | break; | |
| 3970 | ||
| 3971 | case 310: | |
| 3972 | #line 1622 "util/configparser.y" /* yacc.c:1646 */ | |
| 4507 | #line 4509 "util/configparser.c" /* yacc.c:1646 */ | |
| 4508 | break; | |
| 4509 | ||
| 4510 | case 364: | |
| 4511 | #line 1942 "util/configparser.y" /* yacc.c:1646 */ | |
| 3973 | 4512 | { |
| 3974 | 4513 | OUTYY(("P(name:%s)\n", (yyvsp[0].str))); |
| 3975 | 4514 | if(cfg_parser->cfg->forwards->name) |
| 3978 | 4517 | free(cfg_parser->cfg->forwards->name); |
| 3979 | 4518 | cfg_parser->cfg->forwards->name = (yyvsp[0].str); |
| 3980 | 4519 | } |
| 3981 | #line 3983 "util/configparser.c" /* yacc.c:1646 */ | |
| 3982 | break; | |
| 3983 | ||
| 3984 | case 311: | |
| 3985 | #line 1632 "util/configparser.y" /* yacc.c:1646 */ | |
| 4520 | #line 4522 "util/configparser.c" /* yacc.c:1646 */ | |
| 4521 | break; | |
| 4522 | ||
| 4523 | case 365: | |
| 4524 | #line 1952 "util/configparser.y" /* yacc.c:1646 */ | |
| 3986 | 4525 | { |
| 3987 | 4526 | OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); |
| 3988 | 4527 | if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) |
| 3989 | 4528 | yyerror("out of memory"); |
| 3990 | 4529 | } |
| 3991 | #line 3993 "util/configparser.c" /* yacc.c:1646 */ | |
| 3992 | break; | |
| 3993 | ||
| 3994 | case 312: | |
| 3995 | #line 1639 "util/configparser.y" /* yacc.c:1646 */ | |
| 4530 | #line 4532 "util/configparser.c" /* yacc.c:1646 */ | |
| 4531 | break; | |
| 4532 | ||
| 4533 | case 366: | |
| 4534 | #line 1959 "util/configparser.y" /* yacc.c:1646 */ | |
| 3996 | 4535 | { |
| 3997 | 4536 | OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); |
| 3998 | 4537 | if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) |
| 3999 | 4538 | yyerror("out of memory"); |
| 4000 | 4539 | } |
| 4001 | #line 4003 "util/configparser.c" /* yacc.c:1646 */ | |
| 4002 | break; | |
| 4003 | ||
| 4004 | case 313: | |
| 4005 | #line 1646 "util/configparser.y" /* yacc.c:1646 */ | |
| 4540 | #line 4542 "util/configparser.c" /* yacc.c:1646 */ | |
| 4541 | break; | |
| 4542 | ||
| 4543 | case 367: | |
| 4544 | #line 1966 "util/configparser.y" /* yacc.c:1646 */ | |
| 4006 | 4545 | { |
| 4007 | 4546 | OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); |
| 4008 | 4547 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4010 | 4549 | else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); |
| 4011 | 4550 | free((yyvsp[0].str)); |
| 4012 | 4551 | } |
| 4013 | #line 4015 "util/configparser.c" /* yacc.c:1646 */ | |
| 4014 | break; | |
| 4015 | ||
| 4016 | case 314: | |
| 4017 | #line 1655 "util/configparser.y" /* yacc.c:1646 */ | |
| 4552 | #line 4554 "util/configparser.c" /* yacc.c:1646 */ | |
| 4553 | break; | |
| 4554 | ||
| 4555 | case 368: | |
| 4556 | #line 1975 "util/configparser.y" /* yacc.c:1646 */ | |
| 4018 | 4557 | { |
| 4019 | 4558 | OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); |
| 4020 | 4559 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4023 | 4562 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4024 | 4563 | free((yyvsp[0].str)); |
| 4025 | 4564 | } |
| 4026 | #line 4028 "util/configparser.c" /* yacc.c:1646 */ | |
| 4027 | break; | |
| 4028 | ||
| 4029 | case 315: | |
| 4030 | #line 1665 "util/configparser.y" /* yacc.c:1646 */ | |
| 4565 | #line 4567 "util/configparser.c" /* yacc.c:1646 */ | |
| 4566 | break; | |
| 4567 | ||
| 4568 | case 369: | |
| 4569 | #line 1985 "util/configparser.y" /* yacc.c:1646 */ | |
| 4031 | 4570 | { |
| 4032 | 4571 | OUTYY(("P(name:%s)\n", (yyvsp[0].str))); |
| 4033 | 4572 | if(cfg_parser->cfg->views->name) |
| 4036 | 4575 | free(cfg_parser->cfg->views->name); |
| 4037 | 4576 | cfg_parser->cfg->views->name = (yyvsp[0].str); |
| 4038 | 4577 | } |
| 4039 | #line 4041 "util/configparser.c" /* yacc.c:1646 */ | |
| 4040 | break; | |
| 4041 | ||
| 4042 | case 316: | |
| 4043 | #line 1675 "util/configparser.y" /* yacc.c:1646 */ | |
| 4578 | #line 4580 "util/configparser.c" /* yacc.c:1646 */ | |
| 4579 | break; | |
| 4580 | ||
| 4581 | case 370: | |
| 4582 | #line 1995 "util/configparser.y" /* yacc.c:1646 */ | |
| 4044 | 4583 | { |
| 4045 | 4584 | OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); |
| 4046 | 4585 | if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && |
| 4068 | 4607 | fatal_exit("out of memory adding local-zone"); |
| 4069 | 4608 | } |
| 4070 | 4609 | } |
| 4071 | #line 4073 "util/configparser.c" /* yacc.c:1646 */ | |
| 4072 | break; | |
| 4073 | ||
| 4074 | case 317: | |
| 4075 | #line 1704 "util/configparser.y" /* yacc.c:1646 */ | |
| 4610 | #line 4612 "util/configparser.c" /* yacc.c:1646 */ | |
| 4611 | break; | |
| 4612 | ||
| 4613 | case 371: | |
| 4614 | #line 2024 "util/configparser.y" /* yacc.c:1646 */ | |
| 4615 | { | |
| 4616 | OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); | |
| 4617 | validate_respip_action((yyvsp[0].str)); | |
| 4618 | if(!cfg_str2list_insert( | |
| 4619 | &cfg_parser->cfg->views->respip_actions, (yyvsp[-1].str), (yyvsp[0].str))) | |
| 4620 | fatal_exit("out of memory adding per-view " | |
| 4621 | "response-ip action"); | |
| 4622 | } | |
| 4623 | #line 4625 "util/configparser.c" /* yacc.c:1646 */ | |
| 4624 | break; | |
| 4625 | ||
| 4626 | case 372: | |
| 4627 | #line 2034 "util/configparser.y" /* yacc.c:1646 */ | |
| 4628 | { | |
| 4629 | OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); | |
| 4630 | if(!cfg_str2list_insert( | |
| 4631 | &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) | |
| 4632 | fatal_exit("out of memory adding response-ip-data"); | |
| 4633 | } | |
| 4634 | #line 4636 "util/configparser.c" /* yacc.c:1646 */ | |
| 4635 | break; | |
| 4636 | ||
| 4637 | case 373: | |
| 4638 | #line 2042 "util/configparser.y" /* yacc.c:1646 */ | |
| 4076 | 4639 | { |
| 4077 | 4640 | OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); |
| 4078 | 4641 | if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { |
| 4080 | 4643 | free((yyvsp[0].str)); |
| 4081 | 4644 | } |
| 4082 | 4645 | } |
| 4083 | #line 4085 "util/configparser.c" /* yacc.c:1646 */ | |
| 4084 | break; | |
| 4085 | ||
| 4086 | case 318: | |
| 4087 | #line 1713 "util/configparser.y" /* yacc.c:1646 */ | |
| 4646 | #line 4648 "util/configparser.c" /* yacc.c:1646 */ | |
| 4647 | break; | |
| 4648 | ||
| 4649 | case 374: | |
| 4650 | #line 2051 "util/configparser.y" /* yacc.c:1646 */ | |
| 4651 | { | |
| 4652 | char* ptr; | |
| 4653 | OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); | |
| 4654 | ptr = cfg_ptr_reverse((yyvsp[0].str)); | |
| 4655 | free((yyvsp[0].str)); | |
| 4656 | if(ptr) { | |
| 4657 | if(!cfg_strlist_insert(&cfg_parser->cfg->views-> | |
| 4658 | local_data, ptr)) | |
| 4659 | fatal_exit("out of memory adding local-data"); | |
| 4660 | } else { | |
| 4661 | yyerror("local-data-ptr could not be reversed"); | |
| 4662 | } | |
| 4663 | } | |
| 4664 | #line 4666 "util/configparser.c" /* yacc.c:1646 */ | |
| 4665 | break; | |
| 4666 | ||
| 4667 | case 375: | |
| 4668 | #line 2066 "util/configparser.y" /* yacc.c:1646 */ | |
| 4088 | 4669 | { |
| 4089 | 4670 | OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); |
| 4090 | 4671 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4092 | 4673 | else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); |
| 4093 | 4674 | free((yyvsp[0].str)); |
| 4094 | 4675 | } |
| 4095 | #line 4097 "util/configparser.c" /* yacc.c:1646 */ | |
| 4096 | break; | |
| 4097 | ||
| 4098 | case 319: | |
| 4099 | #line 1722 "util/configparser.y" /* yacc.c:1646 */ | |
| 4676 | #line 4678 "util/configparser.c" /* yacc.c:1646 */ | |
| 4677 | break; | |
| 4678 | ||
| 4679 | case 376: | |
| 4680 | #line 2075 "util/configparser.y" /* yacc.c:1646 */ | |
| 4100 | 4681 | { |
| 4101 | 4682 | OUTYY(("\nP(remote-control:)\n")); |
| 4102 | 4683 | } |
| 4103 | #line 4105 "util/configparser.c" /* yacc.c:1646 */ | |
| 4104 | break; | |
| 4105 | ||
| 4106 | case 330: | |
| 4107 | #line 1733 "util/configparser.y" /* yacc.c:1646 */ | |
| 4684 | #line 4686 "util/configparser.c" /* yacc.c:1646 */ | |
| 4685 | break; | |
| 4686 | ||
| 4687 | case 387: | |
| 4688 | #line 2086 "util/configparser.y" /* yacc.c:1646 */ | |
| 4108 | 4689 | { |
| 4109 | 4690 | OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); |
| 4110 | 4691 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4113 | 4694 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4114 | 4695 | free((yyvsp[0].str)); |
| 4115 | 4696 | } |
| 4116 | #line 4118 "util/configparser.c" /* yacc.c:1646 */ | |
| 4117 | break; | |
| 4118 | ||
| 4119 | case 331: | |
| 4120 | #line 1743 "util/configparser.y" /* yacc.c:1646 */ | |
| 4697 | #line 4699 "util/configparser.c" /* yacc.c:1646 */ | |
| 4698 | break; | |
| 4699 | ||
| 4700 | case 388: | |
| 4701 | #line 2096 "util/configparser.y" /* yacc.c:1646 */ | |
| 4121 | 4702 | { |
| 4122 | 4703 | OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); |
| 4123 | 4704 | if(atoi((yyvsp[0].str)) == 0) |
| 4125 | 4706 | else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); |
| 4126 | 4707 | free((yyvsp[0].str)); |
| 4127 | 4708 | } |
| 4128 | #line 4130 "util/configparser.c" /* yacc.c:1646 */ | |
| 4129 | break; | |
| 4130 | ||
| 4131 | case 332: | |
| 4132 | #line 1752 "util/configparser.y" /* yacc.c:1646 */ | |
| 4709 | #line 4711 "util/configparser.c" /* yacc.c:1646 */ | |
| 4710 | break; | |
| 4711 | ||
| 4712 | case 389: | |
| 4713 | #line 2105 "util/configparser.y" /* yacc.c:1646 */ | |
| 4133 | 4714 | { |
| 4134 | 4715 | OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); |
| 4135 | 4716 | if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) |
| 4136 | 4717 | yyerror("out of memory"); |
| 4137 | 4718 | } |
| 4138 | #line 4140 "util/configparser.c" /* yacc.c:1646 */ | |
| 4139 | break; | |
| 4140 | ||
| 4141 | case 333: | |
| 4142 | #line 1759 "util/configparser.y" /* yacc.c:1646 */ | |
| 4719 | #line 4721 "util/configparser.c" /* yacc.c:1646 */ | |
| 4720 | break; | |
| 4721 | ||
| 4722 | case 390: | |
| 4723 | #line 2112 "util/configparser.y" /* yacc.c:1646 */ | |
| 4143 | 4724 | { |
| 4144 | 4725 | OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); |
| 4145 | 4726 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4148 | 4729 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4149 | 4730 | free((yyvsp[0].str)); |
| 4150 | 4731 | } |
| 4151 | #line 4153 "util/configparser.c" /* yacc.c:1646 */ | |
| 4152 | break; | |
| 4153 | ||
| 4154 | case 334: | |
| 4155 | #line 1769 "util/configparser.y" /* yacc.c:1646 */ | |
| 4732 | #line 4734 "util/configparser.c" /* yacc.c:1646 */ | |
| 4733 | break; | |
| 4734 | ||
| 4735 | case 391: | |
| 4736 | #line 2122 "util/configparser.y" /* yacc.c:1646 */ | |
| 4156 | 4737 | { |
| 4157 | 4738 | OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); |
| 4158 | 4739 | free(cfg_parser->cfg->server_key_file); |
| 4159 | 4740 | cfg_parser->cfg->server_key_file = (yyvsp[0].str); |
| 4160 | 4741 | } |
| 4161 | #line 4163 "util/configparser.c" /* yacc.c:1646 */ | |
| 4162 | break; | |
| 4163 | ||
| 4164 | case 335: | |
| 4165 | #line 1776 "util/configparser.y" /* yacc.c:1646 */ | |
| 4742 | #line 4744 "util/configparser.c" /* yacc.c:1646 */ | |
| 4743 | break; | |
| 4744 | ||
| 4745 | case 392: | |
| 4746 | #line 2129 "util/configparser.y" /* yacc.c:1646 */ | |
| 4166 | 4747 | { |
| 4167 | 4748 | OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); |
| 4168 | 4749 | free(cfg_parser->cfg->server_cert_file); |
| 4169 | 4750 | cfg_parser->cfg->server_cert_file = (yyvsp[0].str); |
| 4170 | 4751 | } |
| 4171 | #line 4173 "util/configparser.c" /* yacc.c:1646 */ | |
| 4172 | break; | |
| 4173 | ||
| 4174 | case 336: | |
| 4175 | #line 1783 "util/configparser.y" /* yacc.c:1646 */ | |
| 4752 | #line 4754 "util/configparser.c" /* yacc.c:1646 */ | |
| 4753 | break; | |
| 4754 | ||
| 4755 | case 393: | |
| 4756 | #line 2136 "util/configparser.y" /* yacc.c:1646 */ | |
| 4176 | 4757 | { |
| 4177 | 4758 | OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); |
| 4178 | 4759 | free(cfg_parser->cfg->control_key_file); |
| 4179 | 4760 | cfg_parser->cfg->control_key_file = (yyvsp[0].str); |
| 4180 | 4761 | } |
| 4181 | #line 4183 "util/configparser.c" /* yacc.c:1646 */ | |
| 4182 | break; | |
| 4183 | ||
| 4184 | case 337: | |
| 4185 | #line 1790 "util/configparser.y" /* yacc.c:1646 */ | |
| 4762 | #line 4764 "util/configparser.c" /* yacc.c:1646 */ | |
| 4763 | break; | |
| 4764 | ||
| 4765 | case 394: | |
| 4766 | #line 2143 "util/configparser.y" /* yacc.c:1646 */ | |
| 4186 | 4767 | { |
| 4187 | 4768 | OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); |
| 4188 | 4769 | free(cfg_parser->cfg->control_cert_file); |
| 4189 | 4770 | cfg_parser->cfg->control_cert_file = (yyvsp[0].str); |
| 4190 | 4771 | } |
| 4191 | #line 4193 "util/configparser.c" /* yacc.c:1646 */ | |
| 4192 | break; | |
| 4193 | ||
| 4194 | case 338: | |
| 4195 | #line 1797 "util/configparser.y" /* yacc.c:1646 */ | |
| 4772 | #line 4774 "util/configparser.c" /* yacc.c:1646 */ | |
| 4773 | break; | |
| 4774 | ||
| 4775 | case 395: | |
| 4776 | #line 2150 "util/configparser.y" /* yacc.c:1646 */ | |
| 4196 | 4777 | { |
| 4197 | 4778 | OUTYY(("\nP(dnstap:)\n")); |
| 4198 | 4779 | } |
| 4199 | #line 4201 "util/configparser.c" /* yacc.c:1646 */ | |
| 4200 | break; | |
| 4201 | ||
| 4202 | case 353: | |
| 4203 | #line 1814 "util/configparser.y" /* yacc.c:1646 */ | |
| 4780 | #line 4782 "util/configparser.c" /* yacc.c:1646 */ | |
| 4781 | break; | |
| 4782 | ||
| 4783 | case 410: | |
| 4784 | #line 2167 "util/configparser.y" /* yacc.c:1646 */ | |
| 4204 | 4785 | { |
| 4205 | 4786 | OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); |
| 4206 | 4787 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4207 | 4788 | yyerror("expected yes or no."); |
| 4208 | 4789 | else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); |
| 4209 | 4790 | } |
| 4210 | #line 4212 "util/configparser.c" /* yacc.c:1646 */ | |
| 4211 | break; | |
| 4212 | ||
| 4213 | case 354: | |
| 4214 | #line 1822 "util/configparser.y" /* yacc.c:1646 */ | |
| 4791 | #line 4793 "util/configparser.c" /* yacc.c:1646 */ | |
| 4792 | break; | |
| 4793 | ||
| 4794 | case 411: | |
| 4795 | #line 2175 "util/configparser.y" /* yacc.c:1646 */ | |
| 4215 | 4796 | { |
| 4216 | 4797 | OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); |
| 4217 | 4798 | free(cfg_parser->cfg->dnstap_socket_path); |
| 4218 | 4799 | cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); |
| 4219 | 4800 | } |
| 4220 | #line 4222 "util/configparser.c" /* yacc.c:1646 */ | |
| 4221 | break; | |
| 4222 | ||
| 4223 | case 355: | |
| 4224 | #line 1829 "util/configparser.y" /* yacc.c:1646 */ | |
| 4801 | #line 4803 "util/configparser.c" /* yacc.c:1646 */ | |
| 4802 | break; | |
| 4803 | ||
| 4804 | case 412: | |
| 4805 | #line 2182 "util/configparser.y" /* yacc.c:1646 */ | |
| 4225 | 4806 | { |
| 4226 | 4807 | OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); |
| 4227 | 4808 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4228 | 4809 | yyerror("expected yes or no."); |
| 4229 | 4810 | else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); |
| 4230 | 4811 | } |
| 4231 | #line 4233 "util/configparser.c" /* yacc.c:1646 */ | |
| 4232 | break; | |
| 4233 | ||
| 4234 | case 356: | |
| 4235 | #line 1837 "util/configparser.y" /* yacc.c:1646 */ | |
| 4812 | #line 4814 "util/configparser.c" /* yacc.c:1646 */ | |
| 4813 | break; | |
| 4814 | ||
| 4815 | case 413: | |
| 4816 | #line 2190 "util/configparser.y" /* yacc.c:1646 */ | |
| 4236 | 4817 | { |
| 4237 | 4818 | OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); |
| 4238 | 4819 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4239 | 4820 | yyerror("expected yes or no."); |
| 4240 | 4821 | else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); |
| 4241 | 4822 | } |
| 4242 | #line 4244 "util/configparser.c" /* yacc.c:1646 */ | |
| 4243 | break; | |
| 4244 | ||
| 4245 | case 357: | |
| 4246 | #line 1845 "util/configparser.y" /* yacc.c:1646 */ | |
| 4823 | #line 4825 "util/configparser.c" /* yacc.c:1646 */ | |
| 4824 | break; | |
| 4825 | ||
| 4826 | case 414: | |
| 4827 | #line 2198 "util/configparser.y" /* yacc.c:1646 */ | |
| 4247 | 4828 | { |
| 4248 | 4829 | OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); |
| 4249 | 4830 | free(cfg_parser->cfg->dnstap_identity); |
| 4250 | 4831 | cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); |
| 4251 | 4832 | } |
| 4252 | #line 4254 "util/configparser.c" /* yacc.c:1646 */ | |
| 4253 | break; | |
| 4254 | ||
| 4255 | case 358: | |
| 4256 | #line 1852 "util/configparser.y" /* yacc.c:1646 */ | |
| 4833 | #line 4835 "util/configparser.c" /* yacc.c:1646 */ | |
| 4834 | break; | |
| 4835 | ||
| 4836 | case 415: | |
| 4837 | #line 2205 "util/configparser.y" /* yacc.c:1646 */ | |
| 4257 | 4838 | { |
| 4258 | 4839 | OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); |
| 4259 | 4840 | free(cfg_parser->cfg->dnstap_version); |
| 4260 | 4841 | cfg_parser->cfg->dnstap_version = (yyvsp[0].str); |
| 4261 | 4842 | } |
| 4262 | #line 4264 "util/configparser.c" /* yacc.c:1646 */ | |
| 4263 | break; | |
| 4264 | ||
| 4265 | case 359: | |
| 4266 | #line 1859 "util/configparser.y" /* yacc.c:1646 */ | |
| 4843 | #line 4845 "util/configparser.c" /* yacc.c:1646 */ | |
| 4844 | break; | |
| 4845 | ||
| 4846 | case 416: | |
| 4847 | #line 2212 "util/configparser.y" /* yacc.c:1646 */ | |
| 4267 | 4848 | { |
| 4268 | 4849 | OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); |
| 4269 | 4850 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4271 | 4852 | else cfg_parser->cfg->dnstap_log_resolver_query_messages = |
| 4272 | 4853 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4273 | 4854 | } |
| 4274 | #line 4276 "util/configparser.c" /* yacc.c:1646 */ | |
| 4275 | break; | |
| 4276 | ||
| 4277 | case 360: | |
| 4278 | #line 1868 "util/configparser.y" /* yacc.c:1646 */ | |
| 4855 | #line 4857 "util/configparser.c" /* yacc.c:1646 */ | |
| 4856 | break; | |
| 4857 | ||
| 4858 | case 417: | |
| 4859 | #line 2221 "util/configparser.y" /* yacc.c:1646 */ | |
| 4279 | 4860 | { |
| 4280 | 4861 | OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); |
| 4281 | 4862 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4283 | 4864 | else cfg_parser->cfg->dnstap_log_resolver_response_messages = |
| 4284 | 4865 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4285 | 4866 | } |
| 4286 | #line 4288 "util/configparser.c" /* yacc.c:1646 */ | |
| 4287 | break; | |
| 4288 | ||
| 4289 | case 361: | |
| 4290 | #line 1877 "util/configparser.y" /* yacc.c:1646 */ | |
| 4867 | #line 4869 "util/configparser.c" /* yacc.c:1646 */ | |
| 4868 | break; | |
| 4869 | ||
| 4870 | case 418: | |
| 4871 | #line 2230 "util/configparser.y" /* yacc.c:1646 */ | |
| 4291 | 4872 | { |
| 4292 | 4873 | OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); |
| 4293 | 4874 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4295 | 4876 | else cfg_parser->cfg->dnstap_log_client_query_messages = |
| 4296 | 4877 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4297 | 4878 | } |
| 4298 | #line 4300 "util/configparser.c" /* yacc.c:1646 */ | |
| 4299 | break; | |
| 4300 | ||
| 4301 | case 362: | |
| 4302 | #line 1886 "util/configparser.y" /* yacc.c:1646 */ | |
| 4879 | #line 4881 "util/configparser.c" /* yacc.c:1646 */ | |
| 4880 | break; | |
| 4881 | ||
| 4882 | case 419: | |
| 4883 | #line 2239 "util/configparser.y" /* yacc.c:1646 */ | |
| 4303 | 4884 | { |
| 4304 | 4885 | OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); |
| 4305 | 4886 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4307 | 4888 | else cfg_parser->cfg->dnstap_log_client_response_messages = |
| 4308 | 4889 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4309 | 4890 | } |
| 4310 | #line 4312 "util/configparser.c" /* yacc.c:1646 */ | |
| 4311 | break; | |
| 4312 | ||
| 4313 | case 363: | |
| 4314 | #line 1895 "util/configparser.y" /* yacc.c:1646 */ | |
| 4891 | #line 4893 "util/configparser.c" /* yacc.c:1646 */ | |
| 4892 | break; | |
| 4893 | ||
| 4894 | case 420: | |
| 4895 | #line 2248 "util/configparser.y" /* yacc.c:1646 */ | |
| 4315 | 4896 | { |
| 4316 | 4897 | OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); |
| 4317 | 4898 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4319 | 4900 | else cfg_parser->cfg->dnstap_log_forwarder_query_messages = |
| 4320 | 4901 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4321 | 4902 | } |
| 4322 | #line 4324 "util/configparser.c" /* yacc.c:1646 */ | |
| 4323 | break; | |
| 4324 | ||
| 4325 | case 364: | |
| 4326 | #line 1904 "util/configparser.y" /* yacc.c:1646 */ | |
| 4903 | #line 4905 "util/configparser.c" /* yacc.c:1646 */ | |
| 4904 | break; | |
| 4905 | ||
| 4906 | case 421: | |
| 4907 | #line 2257 "util/configparser.y" /* yacc.c:1646 */ | |
| 4327 | 4908 | { |
| 4328 | 4909 | OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); |
| 4329 | 4910 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4331 | 4912 | else cfg_parser->cfg->dnstap_log_forwarder_response_messages = |
| 4332 | 4913 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4333 | 4914 | } |
| 4334 | #line 4336 "util/configparser.c" /* yacc.c:1646 */ | |
| 4335 | break; | |
| 4336 | ||
| 4337 | case 365: | |
| 4338 | #line 1913 "util/configparser.y" /* yacc.c:1646 */ | |
| 4915 | #line 4917 "util/configparser.c" /* yacc.c:1646 */ | |
| 4916 | break; | |
| 4917 | ||
| 4918 | case 422: | |
| 4919 | #line 2266 "util/configparser.y" /* yacc.c:1646 */ | |
| 4339 | 4920 | { |
| 4340 | 4921 | OUTYY(("\nP(python:)\n")); |
| 4341 | 4922 | } |
| 4342 | #line 4344 "util/configparser.c" /* yacc.c:1646 */ | |
| 4343 | break; | |
| 4344 | ||
| 4345 | case 369: | |
| 4346 | #line 1922 "util/configparser.y" /* yacc.c:1646 */ | |
| 4923 | #line 4925 "util/configparser.c" /* yacc.c:1646 */ | |
| 4924 | break; | |
| 4925 | ||
| 4926 | case 426: | |
| 4927 | #line 2275 "util/configparser.y" /* yacc.c:1646 */ | |
| 4347 | 4928 | { |
| 4348 | 4929 | OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); |
| 4349 | 4930 | free(cfg_parser->cfg->python_script); |
| 4350 | 4931 | cfg_parser->cfg->python_script = (yyvsp[0].str); |
| 4351 | 4932 | } |
| 4352 | #line 4354 "util/configparser.c" /* yacc.c:1646 */ | |
| 4353 | break; | |
| 4354 | ||
| 4355 | case 370: | |
| 4356 | #line 1928 "util/configparser.y" /* yacc.c:1646 */ | |
| 4933 | #line 4935 "util/configparser.c" /* yacc.c:1646 */ | |
| 4934 | break; | |
| 4935 | ||
| 4936 | case 427: | |
| 4937 | #line 2281 "util/configparser.y" /* yacc.c:1646 */ | |
| 4357 | 4938 | { |
| 4358 | 4939 | OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); |
| 4359 | 4940 | if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) |
| 4362 | 4943 | (strcmp((yyvsp[0].str), "yes")==0); |
| 4363 | 4944 | free((yyvsp[0].str)); |
| 4364 | 4945 | } |
| 4365 | #line 4367 "util/configparser.c" /* yacc.c:1646 */ | |
| 4366 | break; | |
| 4367 | ||
| 4368 | case 371: | |
| 4369 | #line 1938 "util/configparser.y" /* yacc.c:1646 */ | |
| 4946 | #line 4948 "util/configparser.c" /* yacc.c:1646 */ | |
| 4947 | break; | |
| 4948 | ||
| 4949 | case 428: | |
| 4950 | #line 2291 "util/configparser.y" /* yacc.c:1646 */ | |
| 4370 | 4951 | { |
| 4371 | 4952 | OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); |
| 4372 | 4953 | free(cfg_parser->cfg->log_identity); |
| 4373 | 4954 | cfg_parser->cfg->log_identity = (yyvsp[0].str); |
| 4374 | 4955 | } |
| 4375 | #line 4377 "util/configparser.c" /* yacc.c:1646 */ | |
| 4376 | break; | |
| 4377 | ||
| 4378 | ||
| 4379 | #line 4381 "util/configparser.c" /* yacc.c:1646 */ | |
| 4956 | #line 4958 "util/configparser.c" /* yacc.c:1646 */ | |
| 4957 | break; | |
| 4958 | ||
| 4959 | case 429: | |
| 4960 | #line 2298 "util/configparser.y" /* yacc.c:1646 */ | |
| 4961 | { | |
| 4962 | OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); | |
| 4963 | validate_respip_action((yyvsp[0].str)); | |
| 4964 | if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, | |
| 4965 | (yyvsp[-1].str), (yyvsp[0].str))) | |
| 4966 | fatal_exit("out of memory adding response-ip"); | |
| 4967 | } | |
| 4968 | #line 4970 "util/configparser.c" /* yacc.c:1646 */ | |
| 4969 | break; | |
| 4970 | ||
| 4971 | case 430: | |
| 4972 | #line 2307 "util/configparser.y" /* yacc.c:1646 */ | |
| 4973 | { | |
| 4974 | OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); | |
| 4975 | if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, | |
| 4976 | (yyvsp[-1].str), (yyvsp[0].str))) | |
| 4977 | fatal_exit("out of memory adding response-ip-data"); | |
| 4978 | } | |
| 4979 | #line 4981 "util/configparser.c" /* yacc.c:1646 */ | |
| 4980 | break; | |
| 4981 | ||
| 4982 | case 431: | |
| 4983 | #line 2315 "util/configparser.y" /* yacc.c:1646 */ | |
| 4984 | { | |
| 4985 | OUTYY(("\nP(dnscrypt:)\n")); | |
| 4986 | OUTYY(("\nP(dnscrypt:)\n")); | |
| 4987 | } | |
| 4988 | #line 4990 "util/configparser.c" /* yacc.c:1646 */ | |
| 4989 | break; | |
| 4990 | ||
| 4991 | case 439: | |
| 4992 | #line 2327 "util/configparser.y" /* yacc.c:1646 */ | |
| 4993 | { | |
| 4994 | OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); | |
| 4995 | if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) | |
| 4996 | yyerror("expected yes or no."); | |
| 4997 | else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); | |
| 4998 | free((yyvsp[0].str)); | |
| 4999 | } | |
| 5000 | #line 5002 "util/configparser.c" /* yacc.c:1646 */ | |
| 5001 | break; | |
| 5002 | ||
| 5003 | case 440: | |
| 5004 | #line 2337 "util/configparser.y" /* yacc.c:1646 */ | |
| 5005 | { | |
| 5006 | OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); | |
| 5007 | ||
| 5008 | if(atoi((yyvsp[0].str)) == 0) | |
| 5009 | yyerror("port number expected"); | |
| 5010 | else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); | |
| 5011 | free((yyvsp[0].str)); | |
| 5012 | } | |
| 5013 | #line 5015 "util/configparser.c" /* yacc.c:1646 */ | |
| 5014 | break; | |
| 5015 | ||
| 5016 | case 441: | |
| 5017 | #line 2347 "util/configparser.y" /* yacc.c:1646 */ | |
| 5018 | { | |
| 5019 | OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); | |
| 5020 | free(cfg_parser->cfg->dnscrypt_provider); | |
| 5021 | cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); | |
| 5022 | } | |
| 5023 | #line 5025 "util/configparser.c" /* yacc.c:1646 */ | |
| 5024 | break; | |
| 5025 | ||
| 5026 | case 442: | |
| 5027 | #line 2354 "util/configparser.y" /* yacc.c:1646 */ | |
| 5028 | { | |
| 5029 | OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); | |
| 5030 | if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) | |
| 5031 | fatal_exit("out of memory adding dnscrypt-provider-cert"); | |
| 5032 | } | |
| 5033 | #line 5035 "util/configparser.c" /* yacc.c:1646 */ | |
| 5034 | break; | |
| 5035 | ||
| 5036 | case 443: | |
| 5037 | #line 2361 "util/configparser.y" /* yacc.c:1646 */ | |
| 5038 | { | |
| 5039 | OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); | |
| 5040 | if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) | |
| 5041 | fatal_exit("out of memory adding dnscrypt-secret-key"); | |
| 5042 | } | |
| 5043 | #line 5045 "util/configparser.c" /* yacc.c:1646 */ | |
| 5044 | break; | |
| 5045 | ||
| 5046 | ||
| 5047 | #line 5049 "util/configparser.c" /* yacc.c:1646 */ | |
| 4380 | 5048 | default: break; |
| 4381 | 5049 | } |
| 4382 | 5050 | /* User semantic actions sometimes alter yychar, and that requires |
| 4604 | 5272 | #endif |
| 4605 | 5273 | return yyresult; |
| 4606 | 5274 | } |
| 4607 | #line 1944 "util/configparser.y" /* yacc.c:1906 */ | |
| 5275 | #line 2367 "util/configparser.y" /* yacc.c:1906 */ | |
| 4608 | 5276 | |
| 4609 | 5277 | |
| 4610 | 5278 | /* parse helper routines could be here */ |
| 5279 | static void | |
| 5280 | validate_respip_action(const char* action) | |
| 5281 | { | |
| 5282 | if(strcmp(action, "deny")!=0 && | |
| 5283 | strcmp(action, "redirect")!=0 && | |
| 5284 | strcmp(action, "inform")!=0 && | |
| 5285 | strcmp(action, "inform_deny")!=0 && | |
| 5286 | strcmp(action, "always_transparent")!=0 && | |
| 5287 | strcmp(action, "always_refuse")!=0 && | |
| 5288 | strcmp(action, "always_nxdomain")!=0) | |
| 5289 | { | |
| 5290 | yyerror("response-ip action: expected deny, redirect, " | |
| 5291 | "inform, inform_deny, always_transparent, " | |
| 5292 | "always_refuse or always_nxdomain"); | |
| 5293 | } | |
| 5294 | } | |
| 167 | 167 | VAR_HARDEN_BELOW_NXDOMAIN = 378, |
| 168 | 168 | VAR_IGNORE_CD_FLAG = 379, |
| 169 | 169 | VAR_LOG_QUERIES = 380, |
| 170 | VAR_TCP_UPSTREAM = 381, | |
| 171 | VAR_SSL_UPSTREAM = 382, | |
| 172 | VAR_SSL_SERVICE_KEY = 383, | |
| 173 | VAR_SSL_SERVICE_PEM = 384, | |
| 174 | VAR_SSL_PORT = 385, | |
| 175 | VAR_FORWARD_FIRST = 386, | |
| 176 | VAR_STUB_SSL_UPSTREAM = 387, | |
| 177 | VAR_FORWARD_SSL_UPSTREAM = 388, | |
| 178 | VAR_STUB_FIRST = 389, | |
| 179 | VAR_MINIMAL_RESPONSES = 390, | |
| 180 | VAR_RRSET_ROUNDROBIN = 391, | |
| 181 | VAR_MAX_UDP_SIZE = 392, | |
| 182 | VAR_DELAY_CLOSE = 393, | |
| 183 | VAR_UNBLOCK_LAN_ZONES = 394, | |
| 184 | VAR_INSECURE_LAN_ZONES = 395, | |
| 185 | VAR_INFRA_CACHE_MIN_RTT = 396, | |
| 186 | VAR_DNS64_PREFIX = 397, | |
| 187 | VAR_DNS64_SYNTHALL = 398, | |
| 188 | VAR_DNSTAP = 399, | |
| 189 | VAR_DNSTAP_ENABLE = 400, | |
| 190 | VAR_DNSTAP_SOCKET_PATH = 401, | |
| 191 | VAR_DNSTAP_SEND_IDENTITY = 402, | |
| 192 | VAR_DNSTAP_SEND_VERSION = 403, | |
| 193 | VAR_DNSTAP_IDENTITY = 404, | |
| 194 | VAR_DNSTAP_VERSION = 405, | |
| 195 | VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 406, | |
| 196 | VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 407, | |
| 197 | VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 408, | |
| 198 | VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 409, | |
| 199 | VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 410, | |
| 200 | VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 411, | |
| 201 | VAR_HARDEN_ALGO_DOWNGRADE = 412, | |
| 202 | VAR_IP_TRANSPARENT = 413, | |
| 203 | VAR_DISABLE_DNSSEC_LAME_CHECK = 414, | |
| 204 | VAR_RATELIMIT = 415, | |
| 205 | VAR_RATELIMIT_SLABS = 416, | |
| 206 | VAR_RATELIMIT_SIZE = 417, | |
| 207 | VAR_RATELIMIT_FOR_DOMAIN = 418, | |
| 208 | VAR_RATELIMIT_BELOW_DOMAIN = 419, | |
| 209 | VAR_RATELIMIT_FACTOR = 420, | |
| 210 | VAR_CAPS_WHITELIST = 421, | |
| 211 | VAR_CACHE_MAX_NEGATIVE_TTL = 422, | |
| 212 | VAR_PERMIT_SMALL_HOLDDOWN = 423, | |
| 213 | VAR_QNAME_MINIMISATION = 424, | |
| 214 | VAR_QNAME_MINIMISATION_STRICT = 425, | |
| 215 | VAR_IP_FREEBIND = 426, | |
| 216 | VAR_DEFINE_TAG = 427, | |
| 217 | VAR_LOCAL_ZONE_TAG = 428, | |
| 218 | VAR_ACCESS_CONTROL_TAG = 429, | |
| 219 | VAR_LOCAL_ZONE_OVERRIDE = 430, | |
| 220 | VAR_ACCESS_CONTROL_TAG_ACTION = 431, | |
| 221 | VAR_ACCESS_CONTROL_TAG_DATA = 432, | |
| 222 | VAR_VIEW = 433, | |
| 223 | VAR_ACCESS_CONTROL_VIEW = 434, | |
| 224 | VAR_VIEW_FIRST = 435, | |
| 225 | VAR_SERVE_EXPIRED = 436, | |
| 226 | VAR_FAKE_DSA = 437, | |
| 227 | VAR_LOG_IDENTITY = 438 | |
| 170 | VAR_LOG_REPLIES = 381, | |
| 171 | VAR_TCP_UPSTREAM = 382, | |
| 172 | VAR_SSL_UPSTREAM = 383, | |
| 173 | VAR_SSL_SERVICE_KEY = 384, | |
| 174 | VAR_SSL_SERVICE_PEM = 385, | |
| 175 | VAR_SSL_PORT = 386, | |
| 176 | VAR_FORWARD_FIRST = 387, | |
| 177 | VAR_STUB_SSL_UPSTREAM = 388, | |
| 178 | VAR_FORWARD_SSL_UPSTREAM = 389, | |
| 179 | VAR_STUB_FIRST = 390, | |
| 180 | VAR_MINIMAL_RESPONSES = 391, | |
| 181 | VAR_RRSET_ROUNDROBIN = 392, | |
| 182 | VAR_MAX_UDP_SIZE = 393, | |
| 183 | VAR_DELAY_CLOSE = 394, | |
| 184 | VAR_UNBLOCK_LAN_ZONES = 395, | |
| 185 | VAR_INSECURE_LAN_ZONES = 396, | |
| 186 | VAR_INFRA_CACHE_MIN_RTT = 397, | |
| 187 | VAR_DNS64_PREFIX = 398, | |
| 188 | VAR_DNS64_SYNTHALL = 399, | |
| 189 | VAR_DNSTAP = 400, | |
| 190 | VAR_DNSTAP_ENABLE = 401, | |
| 191 | VAR_DNSTAP_SOCKET_PATH = 402, | |
| 192 | VAR_DNSTAP_SEND_IDENTITY = 403, | |
| 193 | VAR_DNSTAP_SEND_VERSION = 404, | |
| 194 | VAR_DNSTAP_IDENTITY = 405, | |
| 195 | VAR_DNSTAP_VERSION = 406, | |
| 196 | VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 407, | |
| 197 | VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 408, | |
| 198 | VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 409, | |
| 199 | VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410, | |
| 200 | VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411, | |
| 201 | VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412, | |
| 202 | VAR_RESPONSE_IP_TAG = 413, | |
| 203 | VAR_RESPONSE_IP = 414, | |
| 204 | VAR_RESPONSE_IP_DATA = 415, | |
| 205 | VAR_HARDEN_ALGO_DOWNGRADE = 416, | |
| 206 | VAR_IP_TRANSPARENT = 417, | |
| 207 | VAR_DISABLE_DNSSEC_LAME_CHECK = 418, | |
| 208 | VAR_IP_RATELIMIT = 419, | |
| 209 | VAR_IP_RATELIMIT_SLABS = 420, | |
| 210 | VAR_IP_RATELIMIT_SIZE = 421, | |
| 211 | VAR_RATELIMIT = 422, | |
| 212 | VAR_RATELIMIT_SLABS = 423, | |
| 213 | VAR_RATELIMIT_SIZE = 424, | |
| 214 | VAR_RATELIMIT_FOR_DOMAIN = 425, | |
| 215 | VAR_RATELIMIT_BELOW_DOMAIN = 426, | |
| 216 | VAR_IP_RATELIMIT_FACTOR = 427, | |
| 217 | VAR_RATELIMIT_FACTOR = 428, | |
| 218 | VAR_SEND_CLIENT_SUBNET = 429, | |
| 219 | VAR_CLIENT_SUBNET_ZONE = 430, | |
| 220 | VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 431, | |
| 221 | VAR_CLIENT_SUBNET_OPCODE = 432, | |
| 222 | VAR_MAX_CLIENT_SUBNET_IPV4 = 433, | |
| 223 | VAR_MAX_CLIENT_SUBNET_IPV6 = 434, | |
| 224 | VAR_CAPS_WHITELIST = 435, | |
| 225 | VAR_CACHE_MAX_NEGATIVE_TTL = 436, | |
| 226 | VAR_PERMIT_SMALL_HOLDDOWN = 437, | |
| 227 | VAR_QNAME_MINIMISATION = 438, | |
| 228 | VAR_QNAME_MINIMISATION_STRICT = 439, | |
| 229 | VAR_IP_FREEBIND = 440, | |
| 230 | VAR_DEFINE_TAG = 441, | |
| 231 | VAR_LOCAL_ZONE_TAG = 442, | |
| 232 | VAR_ACCESS_CONTROL_TAG = 443, | |
| 233 | VAR_LOCAL_ZONE_OVERRIDE = 444, | |
| 234 | VAR_ACCESS_CONTROL_TAG_ACTION = 445, | |
| 235 | VAR_ACCESS_CONTROL_TAG_DATA = 446, | |
| 236 | VAR_VIEW = 447, | |
| 237 | VAR_ACCESS_CONTROL_VIEW = 448, | |
| 238 | VAR_VIEW_FIRST = 449, | |
| 239 | VAR_SERVE_EXPIRED = 450, | |
| 240 | VAR_FAKE_DSA = 451, | |
| 241 | VAR_FAKE_SHA1 = 452, | |
| 242 | VAR_LOG_IDENTITY = 453, | |
| 243 | VAR_HIDE_TRUSTANCHOR = 454, | |
| 244 | VAR_TRUST_ANCHOR_SIGNALING = 455, | |
| 245 | VAR_USE_SYSTEMD = 456, | |
| 246 | VAR_SHM_ENABLE = 457, | |
| 247 | VAR_SHM_KEY = 458, | |
| 248 | VAR_DNSCRYPT = 459, | |
| 249 | VAR_DNSCRYPT_ENABLE = 460, | |
| 250 | VAR_DNSCRYPT_PORT = 461, | |
| 251 | VAR_DNSCRYPT_PROVIDER = 462, | |
| 252 | VAR_DNSCRYPT_SECRET_KEY = 463, | |
| 253 | VAR_DNSCRYPT_PROVIDER_CERT = 464, | |
| 254 | VAR_IPSECMOD_ENABLED = 465, | |
| 255 | VAR_IPSECMOD_HOOK = 466, | |
| 256 | VAR_IPSECMOD_IGNORE_BOGUS = 467, | |
| 257 | VAR_IPSECMOD_MAX_TTL = 468, | |
| 258 | VAR_IPSECMOD_WHITELIST = 469, | |
| 259 | VAR_IPSECMOD_STRICT = 470 | |
| 228 | 260 | }; |
| 229 | 261 | #endif |
| 230 | 262 | /* Tokens. */ |
| 351 | 383 | #define VAR_HARDEN_BELOW_NXDOMAIN 378 |
| 352 | 384 | #define VAR_IGNORE_CD_FLAG 379 |
| 353 | 385 | #define VAR_LOG_QUERIES 380 |
| 354 | #define VAR_TCP_UPSTREAM 381 | |
| 355 | #define VAR_SSL_UPSTREAM 382 | |
| 356 | #define VAR_SSL_SERVICE_KEY 383 | |
| 357 | #define VAR_SSL_SERVICE_PEM 384 | |
| 358 | #define VAR_SSL_PORT 385 | |
| 359 | #define VAR_FORWARD_FIRST 386 | |
| 360 | #define VAR_STUB_SSL_UPSTREAM 387 | |
| 361 | #define VAR_FORWARD_SSL_UPSTREAM 388 | |
| 362 | #define VAR_STUB_FIRST 389 | |
| 363 | #define VAR_MINIMAL_RESPONSES 390 | |
| 364 | #define VAR_RRSET_ROUNDROBIN 391 | |
| 365 | #define VAR_MAX_UDP_SIZE 392 | |
| 366 | #define VAR_DELAY_CLOSE 393 | |
| 367 | #define VAR_UNBLOCK_LAN_ZONES 394 | |
| 368 | #define VAR_INSECURE_LAN_ZONES 395 | |
| 369 | #define VAR_INFRA_CACHE_MIN_RTT 396 | |
| 370 | #define VAR_DNS64_PREFIX 397 | |
| 371 | #define VAR_DNS64_SYNTHALL 398 | |
| 372 | #define VAR_DNSTAP 399 | |
| 373 | #define VAR_DNSTAP_ENABLE 400 | |
| 374 | #define VAR_DNSTAP_SOCKET_PATH 401 | |
| 375 | #define VAR_DNSTAP_SEND_IDENTITY 402 | |
| 376 | #define VAR_DNSTAP_SEND_VERSION 403 | |
| 377 | #define VAR_DNSTAP_IDENTITY 404 | |
| 378 | #define VAR_DNSTAP_VERSION 405 | |
| 379 | #define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 406 | |
| 380 | #define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 407 | |
| 381 | #define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 408 | |
| 382 | #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 409 | |
| 383 | #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 410 | |
| 384 | #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 411 | |
| 385 | #define VAR_HARDEN_ALGO_DOWNGRADE 412 | |
| 386 | #define VAR_IP_TRANSPARENT 413 | |
| 387 | #define VAR_DISABLE_DNSSEC_LAME_CHECK 414 | |
| 388 | #define VAR_RATELIMIT 415 | |
| 389 | #define VAR_RATELIMIT_SLABS 416 | |
| 390 | #define VAR_RATELIMIT_SIZE 417 | |
| 391 | #define VAR_RATELIMIT_FOR_DOMAIN 418 | |
| 392 | #define VAR_RATELIMIT_BELOW_DOMAIN 419 | |
| 393 | #define VAR_RATELIMIT_FACTOR 420 | |
| 394 | #define VAR_CAPS_WHITELIST 421 | |
| 395 | #define VAR_CACHE_MAX_NEGATIVE_TTL 422 | |
| 396 | #define VAR_PERMIT_SMALL_HOLDDOWN 423 | |
| 397 | #define VAR_QNAME_MINIMISATION 424 | |
| 398 | #define VAR_QNAME_MINIMISATION_STRICT 425 | |
| 399 | #define VAR_IP_FREEBIND 426 | |
| 400 | #define VAR_DEFINE_TAG 427 | |
| 401 | #define VAR_LOCAL_ZONE_TAG 428 | |
| 402 | #define VAR_ACCESS_CONTROL_TAG 429 | |
| 403 | #define VAR_LOCAL_ZONE_OVERRIDE 430 | |
| 404 | #define VAR_ACCESS_CONTROL_TAG_ACTION 431 | |
| 405 | #define VAR_ACCESS_CONTROL_TAG_DATA 432 | |
| 406 | #define VAR_VIEW 433 | |
| 407 | #define VAR_ACCESS_CONTROL_VIEW 434 | |
| 408 | #define VAR_VIEW_FIRST 435 | |
| 409 | #define VAR_SERVE_EXPIRED 436 | |
| 410 | #define VAR_FAKE_DSA 437 | |
| 411 | #define VAR_LOG_IDENTITY 438 | |
| 386 | #define VAR_LOG_REPLIES 381 | |
| 387 | #define VAR_TCP_UPSTREAM 382 | |
| 388 | #define VAR_SSL_UPSTREAM 383 | |
| 389 | #define VAR_SSL_SERVICE_KEY 384 | |
| 390 | #define VAR_SSL_SERVICE_PEM 385 | |
| 391 | #define VAR_SSL_PORT 386 | |
| 392 | #define VAR_FORWARD_FIRST 387 | |
| 393 | #define VAR_STUB_SSL_UPSTREAM 388 | |
| 394 | #define VAR_FORWARD_SSL_UPSTREAM 389 | |
| 395 | #define VAR_STUB_FIRST 390 | |
| 396 | #define VAR_MINIMAL_RESPONSES 391 | |
| 397 | #define VAR_RRSET_ROUNDROBIN 392 | |
| 398 | #define VAR_MAX_UDP_SIZE 393 | |
| 399 | #define VAR_DELAY_CLOSE 394 | |
| 400 | #define VAR_UNBLOCK_LAN_ZONES 395 | |
| 401 | #define VAR_INSECURE_LAN_ZONES 396 | |
| 402 | #define VAR_INFRA_CACHE_MIN_RTT 397 | |
| 403 | #define VAR_DNS64_PREFIX 398 | |
| 404 | #define VAR_DNS64_SYNTHALL 399 | |
| 405 | #define VAR_DNSTAP 400 | |
| 406 | #define VAR_DNSTAP_ENABLE 401 | |
| 407 | #define VAR_DNSTAP_SOCKET_PATH 402 | |
| 408 | #define VAR_DNSTAP_SEND_IDENTITY 403 | |
| 409 | #define VAR_DNSTAP_SEND_VERSION 404 | |
| 410 | #define VAR_DNSTAP_IDENTITY 405 | |
| 411 | #define VAR_DNSTAP_VERSION 406 | |
| 412 | #define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 407 | |
| 413 | #define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 408 | |
| 414 | #define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 409 | |
| 415 | #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410 | |
| 416 | #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411 | |
| 417 | #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412 | |
| 418 | #define VAR_RESPONSE_IP_TAG 413 | |
| 419 | #define VAR_RESPONSE_IP 414 | |
| 420 | #define VAR_RESPONSE_IP_DATA 415 | |
| 421 | #define VAR_HARDEN_ALGO_DOWNGRADE 416 | |
| 422 | #define VAR_IP_TRANSPARENT 417 | |
| 423 | #define VAR_DISABLE_DNSSEC_LAME_CHECK 418 | |
| 424 | #define VAR_IP_RATELIMIT 419 | |
| 425 | #define VAR_IP_RATELIMIT_SLABS 420 | |
| 426 | #define VAR_IP_RATELIMIT_SIZE 421 | |
| 427 | #define VAR_RATELIMIT 422 | |
| 428 | #define VAR_RATELIMIT_SLABS 423 | |
| 429 | #define VAR_RATELIMIT_SIZE 424 | |
| 430 | #define VAR_RATELIMIT_FOR_DOMAIN 425 | |
| 431 | #define VAR_RATELIMIT_BELOW_DOMAIN 426 | |
| 432 | #define VAR_IP_RATELIMIT_FACTOR 427 | |
| 433 | #define VAR_RATELIMIT_FACTOR 428 | |
| 434 | #define VAR_SEND_CLIENT_SUBNET 429 | |
| 435 | #define VAR_CLIENT_SUBNET_ZONE 430 | |
| 436 | #define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 431 | |
| 437 | #define VAR_CLIENT_SUBNET_OPCODE 432 | |
| 438 | #define VAR_MAX_CLIENT_SUBNET_IPV4 433 | |
| 439 | #define VAR_MAX_CLIENT_SUBNET_IPV6 434 | |
| 440 | #define VAR_CAPS_WHITELIST 435 | |
| 441 | #define VAR_CACHE_MAX_NEGATIVE_TTL 436 | |
| 442 | #define VAR_PERMIT_SMALL_HOLDDOWN 437 | |
| 443 | #define VAR_QNAME_MINIMISATION 438 | |
| 444 | #define VAR_QNAME_MINIMISATION_STRICT 439 | |
| 445 | #define VAR_IP_FREEBIND 440 | |
| 446 | #define VAR_DEFINE_TAG 441 | |
| 447 | #define VAR_LOCAL_ZONE_TAG 442 | |
| 448 | #define VAR_ACCESS_CONTROL_TAG 443 | |
| 449 | #define VAR_LOCAL_ZONE_OVERRIDE 444 | |
| 450 | #define VAR_ACCESS_CONTROL_TAG_ACTION 445 | |
| 451 | #define VAR_ACCESS_CONTROL_TAG_DATA 446 | |
| 452 | #define VAR_VIEW 447 | |
| 453 | #define VAR_ACCESS_CONTROL_VIEW 448 | |
| 454 | #define VAR_VIEW_FIRST 449 | |
| 455 | #define VAR_SERVE_EXPIRED 450 | |
| 456 | #define VAR_FAKE_DSA 451 | |
| 457 | #define VAR_FAKE_SHA1 452 | |
| 458 | #define VAR_LOG_IDENTITY 453 | |
| 459 | #define VAR_HIDE_TRUSTANCHOR 454 | |
| 460 | #define VAR_TRUST_ANCHOR_SIGNALING 455 | |
| 461 | #define VAR_USE_SYSTEMD 456 | |
| 462 | #define VAR_SHM_ENABLE 457 | |
| 463 | #define VAR_SHM_KEY 458 | |
| 464 | #define VAR_DNSCRYPT 459 | |
| 465 | #define VAR_DNSCRYPT_ENABLE 460 | |
| 466 | #define VAR_DNSCRYPT_PORT 461 | |
| 467 | #define VAR_DNSCRYPT_PROVIDER 462 | |
| 468 | #define VAR_DNSCRYPT_SECRET_KEY 463 | |
| 469 | #define VAR_DNSCRYPT_PROVIDER_CERT 464 | |
| 470 | #define VAR_IPSECMOD_ENABLED 465 | |
| 471 | #define VAR_IPSECMOD_HOOK 466 | |
| 472 | #define VAR_IPSECMOD_IGNORE_BOGUS 467 | |
| 473 | #define VAR_IPSECMOD_MAX_TTL 468 | |
| 474 | #define VAR_IPSECMOD_WHITELIST 469 | |
| 475 | #define VAR_IPSECMOD_STRICT 470 | |
| 412 | 476 | |
| 413 | 477 | /* Value type. */ |
| 414 | 478 | #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED |
| 415 | 479 | |
| 416 | 480 | union YYSTYPE |
| 417 | 481 | { |
| 418 | #line 64 "util/configparser.y" /* yacc.c:1909 */ | |
| 482 | #line 66 "util/configparser.y" /* yacc.c:1909 */ | |
| 419 | 483 | |
| 420 | 484 | char* str; |
| 421 | 485 | |
| 422 | #line 424 "util/configparser.h" /* yacc.c:1909 */ | |
| 486 | #line 488 "util/configparser.h" /* yacc.c:1909 */ | |
| 423 | 487 | }; |
| 424 | 488 | |
| 425 | 489 | typedef union YYSTYPE YYSTYPE; |
| 49 | 49 | |
| 50 | 50 | int ub_c_lex(void); |
| 51 | 51 | void ub_c_error(const char *message); |
| 52 | ||
| 53 | static void validate_respip_action(const char* action); | |
| 52 | 54 | |
| 53 | 55 | /* these need to be global, otherwise they cannot be used inside yacc */ |
| 54 | 56 | extern struct config_parser_state* cfg_parser; |
| 103 | 105 | %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN |
| 104 | 106 | %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH |
| 105 | 107 | %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN |
| 106 | %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM | |
| 108 | %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES | |
| 109 | %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM | |
| 107 | 110 | %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST |
| 108 | 111 | %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM |
| 109 | 112 | %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN |
| 120 | 123 | %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES |
| 121 | 124 | %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES |
| 122 | 125 | %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES |
| 126 | %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA | |
| 123 | 127 | %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT |
| 124 | 128 | %token VAR_DISABLE_DNSSEC_LAME_CHECK |
| 129 | %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE | |
| 125 | 130 | %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE |
| 126 | %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR | |
| 131 | %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN | |
| 132 | %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR | |
| 133 | %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE | |
| 134 | %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE | |
| 135 | %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6 | |
| 127 | 136 | %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN |
| 128 | 137 | %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND |
| 129 | 138 | %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG |
| 130 | 139 | %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION |
| 131 | 140 | %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW |
| 132 | %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA | |
| 133 | %token VAR_LOG_IDENTITY | |
| 141 | %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1 | |
| 142 | %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING | |
| 143 | %token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY | |
| 144 | %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER | |
| 145 | %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT | |
| 146 | %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS | |
| 147 | %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT | |
| 134 | 148 | |
| 135 | 149 | %% |
| 136 | 150 | toplevelvars: /* empty */ | toplevelvars toplevelvar ; |
| 137 | 151 | toplevelvar: serverstart contents_server | stubstart contents_stub | |
| 138 | 152 | forwardstart contents_forward | pythonstart contents_py | |
| 139 | 153 | rcstart contents_rc | dtstart contents_dt | viewstart |
| 140 | contents_view | |
| 154 | contents_view | | |
| 155 | dnscstart contents_dnsc | |
| 141 | 156 | ; |
| 142 | 157 | |
| 143 | 158 | /* server: declaration */ |
| 188 | 203 | server_del_holddown | server_keep_missing | server_so_rcvbuf | |
| 189 | 204 | server_edns_buffer_size | server_prefetch | server_prefetch_key | |
| 190 | 205 | server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag | |
| 191 | server_log_queries | server_tcp_upstream | server_ssl_upstream | | |
| 206 | server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream | | |
| 192 | 207 | server_ssl_service_key | server_ssl_service_pem | server_ssl_port | |
| 193 | 208 | server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | |
| 194 | 209 | server_so_reuseport | server_delay_close | |
| 195 | 210 | server_unblock_lan_zones | server_insecure_lan_zones | |
| 196 | 211 | server_dns64_prefix | server_dns64_synthall | |
| 197 | 212 | server_infra_cache_min_rtt | server_harden_algo_downgrade | |
| 198 | server_ip_transparent | server_ratelimit | server_ratelimit_slabs | | |
| 199 | server_ratelimit_size | server_ratelimit_for_domain | | |
| 213 | server_ip_transparent | server_ip_ratelimit | server_ratelimit | | |
| 214 | server_ip_ratelimit_slabs | server_ratelimit_slabs | | |
| 215 | server_ip_ratelimit_size | server_ratelimit_size | | |
| 216 | server_ratelimit_for_domain | | |
| 200 | 217 | server_ratelimit_below_domain | server_ratelimit_factor | |
| 218 | server_ip_ratelimit_factor | server_send_client_subnet | | |
| 219 | server_client_subnet_zone | server_client_subnet_always_forward | | |
| 220 | server_client_subnet_opcode | | |
| 221 | server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 | | |
| 201 | 222 | server_caps_whitelist | server_cache_max_negative_ttl | |
| 202 | 223 | server_permit_small_holddown | server_qname_minimisation | |
| 203 | 224 | server_ip_freebind | server_define_tag | server_local_zone_tag | |
| 205 | 226 | server_local_zone_override | server_access_control_tag_action | |
| 206 | 227 | server_access_control_tag_data | server_access_control_view | |
| 207 | 228 | server_qname_minimisation_strict | server_serve_expired | |
| 208 | server_fake_dsa | server_log_identity | |
| 229 | server_fake_dsa | server_log_identity | server_use_systemd | | |
| 230 | server_response_ip_tag | server_response_ip | server_response_ip_data | | |
| 231 | server_shm_enable | server_shm_key | server_fake_sha1 | | |
| 232 | server_hide_trustanchor | server_trust_anchor_signaling | | |
| 233 | server_ipsecmod_enabled | server_ipsecmod_hook | | |
| 234 | server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl | | |
| 235 | server_ipsecmod_whitelist | server_ipsecmod_strict | |
| 209 | 236 | ; |
| 210 | 237 | stubstart: VAR_STUB_ZONE |
| 211 | 238 | { |
| 257 | 284 | ; |
| 258 | 285 | contents_view: contents_view content_view |
| 259 | 286 | | ; |
| 260 | content_view: view_name | view_local_zone | view_local_data | view_first | |
| 287 | content_view: view_name | view_local_zone | view_local_data | view_first | | |
| 288 | view_response_ip | view_response_ip_data | view_local_data_ptr | |
| 261 | 289 | ; |
| 262 | 290 | server_num_threads: VAR_NUM_THREADS STRING_ARG |
| 263 | 291 | { |
| 306 | 334 | free($2); |
| 307 | 335 | } |
| 308 | 336 | ; |
| 337 | server_shm_enable: VAR_SHM_ENABLE STRING_ARG | |
| 338 | { | |
| 339 | OUTYY(("P(server_shm_enable:%s)\n", $2)); | |
| 340 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 341 | yyerror("expected yes or no."); | |
| 342 | else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0); | |
| 343 | free($2); | |
| 344 | } | |
| 345 | ; | |
| 346 | server_shm_key: VAR_SHM_KEY STRING_ARG | |
| 347 | { | |
| 348 | OUTYY(("P(server_shm_key:%s)\n", $2)); | |
| 349 | if(strcmp($2, "") == 0 || strcmp($2, "0") == 0) | |
| 350 | cfg_parser->cfg->shm_key = 0; | |
| 351 | else if(atoi($2) == 0) | |
| 352 | yyerror("number expected"); | |
| 353 | else cfg_parser->cfg->shm_key = atoi($2); | |
| 354 | free($2); | |
| 355 | } | |
| 356 | ; | |
| 309 | 357 | server_port: VAR_PORT STRING_ARG |
| 310 | 358 | { |
| 311 | 359 | OUTYY(("P(server_port:%s)\n", $2)); |
| 312 | 360 | if(atoi($2) == 0) |
| 313 | 361 | yyerror("port number expected"); |
| 314 | 362 | else cfg_parser->cfg->port = atoi($2); |
| 363 | free($2); | |
| 364 | } | |
| 365 | ; | |
| 366 | server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG | |
| 367 | { | |
| 368 | #ifdef CLIENT_SUBNET | |
| 369 | OUTYY(("P(server_send_client_subnet:%s)\n", $2)); | |
| 370 | if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2)) | |
| 371 | fatal_exit("out of memory adding client-subnet"); | |
| 372 | #else | |
| 373 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 374 | #endif | |
| 375 | } | |
| 376 | ; | |
| 377 | server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG | |
| 378 | { | |
| 379 | #ifdef CLIENT_SUBNET | |
| 380 | OUTYY(("P(server_client_subnet_zone:%s)\n", $2)); | |
| 381 | if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone, | |
| 382 | $2)) | |
| 383 | fatal_exit("out of memory adding client-subnet-zone"); | |
| 384 | #else | |
| 385 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 386 | #endif | |
| 387 | } | |
| 388 | ; | |
| 389 | server_client_subnet_always_forward: | |
| 390 | VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG | |
| 391 | { | |
| 392 | #ifdef CLIENT_SUBNET | |
| 393 | OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2)); | |
| 394 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 395 | yyerror("expected yes or no."); | |
| 396 | else | |
| 397 | cfg_parser->cfg->client_subnet_always_forward = | |
| 398 | (strcmp($2, "yes")==0); | |
| 399 | #else | |
| 400 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 401 | #endif | |
| 402 | free($2); | |
| 403 | } | |
| 404 | ; | |
| 405 | server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG | |
| 406 | { | |
| 407 | #ifdef CLIENT_SUBNET | |
| 408 | OUTYY(("P(client_subnet_opcode:%s)\n", $2)); | |
| 409 | OUTYY(("P(Depricated option, ignoring)\n")); | |
| 410 | #else | |
| 411 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 412 | #endif | |
| 413 | free($2); | |
| 414 | } | |
| 415 | ; | |
| 416 | server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG | |
| 417 | { | |
| 418 | #ifdef CLIENT_SUBNET | |
| 419 | OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2)); | |
| 420 | if(atoi($2) == 0 && strcmp($2, "0") != 0) | |
| 421 | yyerror("IPv4 subnet length expected"); | |
| 422 | else if (atoi($2) > 32) | |
| 423 | cfg_parser->cfg->max_client_subnet_ipv4 = 32; | |
| 424 | else if (atoi($2) < 0) | |
| 425 | cfg_parser->cfg->max_client_subnet_ipv4 = 0; | |
| 426 | else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2); | |
| 427 | #else | |
| 428 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 429 | #endif | |
| 430 | free($2); | |
| 431 | } | |
| 432 | ; | |
| 433 | server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG | |
| 434 | { | |
| 435 | #ifdef CLIENT_SUBNET | |
| 436 | OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2)); | |
| 437 | if(atoi($2) == 0 && strcmp($2, "0") != 0) | |
| 438 | yyerror("Ipv6 subnet length expected"); | |
| 439 | else if (atoi($2) > 128) | |
| 440 | cfg_parser->cfg->max_client_subnet_ipv6 = 128; | |
| 441 | else if (atoi($2) < 0) | |
| 442 | cfg_parser->cfg->max_client_subnet_ipv6 = 0; | |
| 443 | else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2); | |
| 444 | #else | |
| 445 | OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); | |
| 446 | #endif | |
| 315 | 447 | free($2); |
| 316 | 448 | } |
| 317 | 449 | ; |
| 501 | 633 | free($2); |
| 502 | 634 | } |
| 503 | 635 | ; |
| 636 | server_use_systemd: VAR_USE_SYSTEMD STRING_ARG | |
| 637 | { | |
| 638 | OUTYY(("P(server_use_systemd:%s)\n", $2)); | |
| 639 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 640 | yyerror("expected yes or no."); | |
| 641 | else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0); | |
| 642 | free($2); | |
| 643 | } | |
| 644 | ; | |
| 504 | 645 | server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG |
| 505 | 646 | { |
| 506 | 647 | OUTYY(("P(server_do_daemonize:%s)\n", $2)); |
| 542 | 683 | free($2); |
| 543 | 684 | } |
| 544 | 685 | ; |
| 686 | server_log_replies: VAR_LOG_REPLIES STRING_ARG | |
| 687 | { | |
| 688 | OUTYY(("P(server_log_replies:%s)\n", $2)); | |
| 689 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 690 | yyerror("expected yes or no."); | |
| 691 | else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0); | |
| 692 | free($2); | |
| 693 | } | |
| 694 | ; | |
| 545 | 695 | server_chroot: VAR_CHROOT STRING_ARG |
| 546 | 696 | { |
| 547 | 697 | OUTYY(("P(server_chroot:%s)\n", $2)); |
| 574 | 724 | strncmp(d, cfg_parser->chroot, strlen( |
| 575 | 725 | cfg_parser->chroot)) == 0) |
| 576 | 726 | d += strlen(cfg_parser->chroot); |
| 577 | if(chdir(d)) | |
| 727 | if(d[0]) { | |
| 728 | if(chdir(d)) | |
| 578 | 729 | log_err("cannot chdir to directory: %s (%s)", |
| 579 | 730 | d, strerror(errno)); |
| 731 | } | |
| 580 | 732 | } |
| 581 | 733 | } |
| 582 | 734 | ; |
| 647 | 799 | yyerror("out of memory"); |
| 648 | 800 | } |
| 649 | 801 | ; |
| 802 | server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG | |
| 803 | { | |
| 804 | OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2)); | |
| 805 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 806 | yyerror("expected yes or no."); | |
| 807 | else | |
| 808 | cfg_parser->cfg->trust_anchor_signaling = | |
| 809 | (strcmp($2, "yes")==0); | |
| 810 | free($2); | |
| 811 | } | |
| 812 | ; | |
| 650 | 813 | server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG |
| 651 | 814 | { |
| 652 | 815 | OUTYY(("P(server_domain_insecure:%s)\n", $2)); |
| 669 | 832 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) |
| 670 | 833 | yyerror("expected yes or no."); |
| 671 | 834 | else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0); |
| 835 | free($2); | |
| 836 | } | |
| 837 | ; | |
| 838 | server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG | |
| 839 | { | |
| 840 | OUTYY(("P(server_hide_trustanchor:%s)\n", $2)); | |
| 841 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 842 | yyerror("expected yes or no."); | |
| 843 | else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0); | |
| 672 | 844 | free($2); |
| 673 | 845 | } |
| 674 | 846 | ; |
| 1200 | 1372 | OUTYY(("P(server_fake_dsa:%s)\n", $2)); |
| 1201 | 1373 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) |
| 1202 | 1374 | yyerror("expected yes or no."); |
| 1375 | #ifdef HAVE_SSL | |
| 1203 | 1376 | else fake_dsa = (strcmp($2, "yes")==0); |
| 1204 | 1377 | if(fake_dsa) |
| 1205 | 1378 | log_warn("test option fake_dsa is enabled"); |
| 1379 | #endif | |
| 1380 | free($2); | |
| 1381 | } | |
| 1382 | ; | |
| 1383 | server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG | |
| 1384 | { | |
| 1385 | OUTYY(("P(server_fake_sha1:%s)\n", $2)); | |
| 1386 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 1387 | yyerror("expected yes or no."); | |
| 1388 | #ifdef HAVE_SSL | |
| 1389 | else fake_sha1 = (strcmp($2, "yes")==0); | |
| 1390 | if(fake_sha1) | |
| 1391 | log_warn("test option fake_sha1 is enabled"); | |
| 1392 | #endif | |
| 1206 | 1393 | free($2); |
| 1207 | 1394 | } |
| 1208 | 1395 | ; |
| 1479 | 1666 | } |
| 1480 | 1667 | } |
| 1481 | 1668 | ; |
| 1669 | server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG | |
| 1670 | { | |
| 1671 | size_t len = 0; | |
| 1672 | uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3, | |
| 1673 | &len); | |
| 1674 | free($3); | |
| 1675 | OUTYY(("P(response_ip_tag:%s)\n", $2)); | |
| 1676 | if(!bitlist) | |
| 1677 | yyerror("could not parse tags, (define-tag them first)"); | |
| 1678 | if(bitlist) { | |
| 1679 | if(!cfg_strbytelist_insert( | |
| 1680 | &cfg_parser->cfg->respip_tags, | |
| 1681 | $2, bitlist, len)) { | |
| 1682 | yyerror("out of memory"); | |
| 1683 | free($2); | |
| 1684 | } | |
| 1685 | } | |
| 1686 | } | |
| 1687 | ; | |
| 1688 | server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG | |
| 1689 | { | |
| 1690 | OUTYY(("P(server_ip_ratelimit:%s)\n", $2)); | |
| 1691 | if(atoi($2) == 0 && strcmp($2, "0") != 0) | |
| 1692 | yyerror("number expected"); | |
| 1693 | else cfg_parser->cfg->ip_ratelimit = atoi($2); | |
| 1694 | free($2); | |
| 1695 | } | |
| 1696 | ; | |
| 1697 | ||
| 1482 | 1698 | server_ratelimit: VAR_RATELIMIT STRING_ARG |
| 1483 | 1699 | { |
| 1484 | 1700 | OUTYY(("P(server_ratelimit:%s)\n", $2)); |
| 1488 | 1704 | free($2); |
| 1489 | 1705 | } |
| 1490 | 1706 | ; |
| 1707 | server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG | |
| 1708 | { | |
| 1709 | OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2)); | |
| 1710 | if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size)) | |
| 1711 | yyerror("memory size expected"); | |
| 1712 | free($2); | |
| 1713 | } | |
| 1714 | ; | |
| 1491 | 1715 | server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG |
| 1492 | 1716 | { |
| 1493 | 1717 | OUTYY(("P(server_ratelimit_size:%s)\n", $2)); |
| 1496 | 1720 | free($2); |
| 1497 | 1721 | } |
| 1498 | 1722 | ; |
| 1723 | server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG | |
| 1724 | { | |
| 1725 | OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2)); | |
| 1726 | if(atoi($2) == 0) | |
| 1727 | yyerror("number expected"); | |
| 1728 | else { | |
| 1729 | cfg_parser->cfg->ip_ratelimit_slabs = atoi($2); | |
| 1730 | if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs)) | |
| 1731 | yyerror("must be a power of 2"); | |
| 1732 | } | |
| 1733 | free($2); | |
| 1734 | } | |
| 1735 | ; | |
| 1499 | 1736 | server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG |
| 1500 | 1737 | { |
| 1501 | 1738 | OUTYY(("P(server_ratelimit_slabs:%s)\n", $2)); |
| 1535 | 1772 | } |
| 1536 | 1773 | } |
| 1537 | 1774 | ; |
| 1775 | server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG | |
| 1776 | { | |
| 1777 | OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2)); | |
| 1778 | if(atoi($2) == 0 && strcmp($2, "0") != 0) | |
| 1779 | yyerror("number expected"); | |
| 1780 | else cfg_parser->cfg->ip_ratelimit_factor = atoi($2); | |
| 1781 | free($2); | |
| 1782 | } | |
| 1783 | ; | |
| 1538 | 1784 | server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG |
| 1539 | 1785 | { |
| 1540 | 1786 | OUTYY(("P(server_ratelimit_factor:%s)\n", $2)); |
| 1562 | 1808 | else cfg_parser->cfg->qname_minimisation_strict = |
| 1563 | 1809 | (strcmp($2, "yes")==0); |
| 1564 | 1810 | free($2); |
| 1811 | } | |
| 1812 | ; | |
| 1813 | server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG | |
| 1814 | { | |
| 1815 | #ifdef USE_IPSECMOD | |
| 1816 | OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2)); | |
| 1817 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 1818 | yyerror("expected yes or no."); | |
| 1819 | else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0); | |
| 1820 | free($2); | |
| 1821 | #else | |
| 1822 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 1823 | #endif | |
| 1824 | } | |
| 1825 | ; | |
| 1826 | server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG | |
| 1827 | { | |
| 1828 | #ifdef USE_IPSECMOD | |
| 1829 | OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2)); | |
| 1830 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 1831 | yyerror("expected yes or no."); | |
| 1832 | else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0); | |
| 1833 | free($2); | |
| 1834 | #else | |
| 1835 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 1836 | #endif | |
| 1837 | } | |
| 1838 | ; | |
| 1839 | server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG | |
| 1840 | { | |
| 1841 | #ifdef USE_IPSECMOD | |
| 1842 | OUTYY(("P(server_ipsecmod_hook:%s)\n", $2)); | |
| 1843 | free(cfg_parser->cfg->ipsecmod_hook); | |
| 1844 | cfg_parser->cfg->ipsecmod_hook = $2; | |
| 1845 | #else | |
| 1846 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 1847 | #endif | |
| 1848 | } | |
| 1849 | ; | |
| 1850 | server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG | |
| 1851 | { | |
| 1852 | #ifdef USE_IPSECMOD | |
| 1853 | OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2)); | |
| 1854 | if(atoi($2) == 0 && strcmp($2, "0") != 0) | |
| 1855 | yyerror("number expected"); | |
| 1856 | else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2); | |
| 1857 | free($2); | |
| 1858 | #else | |
| 1859 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 1860 | #endif | |
| 1861 | } | |
| 1862 | ; | |
| 1863 | server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG | |
| 1864 | { | |
| 1865 | #ifdef USE_IPSECMOD | |
| 1866 | OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2)); | |
| 1867 | if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2)) | |
| 1868 | yyerror("out of memory"); | |
| 1869 | #else | |
| 1870 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 1871 | #endif | |
| 1872 | } | |
| 1873 | ; | |
| 1874 | server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG | |
| 1875 | { | |
| 1876 | #ifdef USE_IPSECMOD | |
| 1877 | OUTYY(("P(server_ipsecmod_strict:%s)\n", $2)); | |
| 1878 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 1879 | yyerror("expected yes or no."); | |
| 1880 | else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0); | |
| 1881 | free($2); | |
| 1882 | #else | |
| 1883 | OUTYY(("P(Compiled without IPsec module, ignoring)\n")); | |
| 1884 | #endif | |
| 1565 | 1885 | } |
| 1566 | 1886 | ; |
| 1567 | 1887 | stub_name: VAR_NAME STRING_ARG |
| 1699 | 2019 | } |
| 1700 | 2020 | } |
| 1701 | 2021 | ; |
| 2022 | view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG | |
| 2023 | { | |
| 2024 | OUTYY(("P(view_response_ip:%s %s)\n", $2, $3)); | |
| 2025 | validate_respip_action($3); | |
| 2026 | if(!cfg_str2list_insert( | |
| 2027 | &cfg_parser->cfg->views->respip_actions, $2, $3)) | |
| 2028 | fatal_exit("out of memory adding per-view " | |
| 2029 | "response-ip action"); | |
| 2030 | } | |
| 2031 | ; | |
| 2032 | view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG | |
| 2033 | { | |
| 2034 | OUTYY(("P(view_response_ip_data:%s)\n", $2)); | |
| 2035 | if(!cfg_str2list_insert( | |
| 2036 | &cfg_parser->cfg->views->respip_data, $2, $3)) | |
| 2037 | fatal_exit("out of memory adding response-ip-data"); | |
| 2038 | } | |
| 2039 | ; | |
| 1702 | 2040 | view_local_data: VAR_LOCAL_DATA STRING_ARG |
| 1703 | 2041 | { |
| 1704 | 2042 | OUTYY(("P(view_local_data:%s)\n", $2)); |
| 1705 | 2043 | if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) { |
| 1706 | 2044 | fatal_exit("out of memory adding local-data"); |
| 1707 | 2045 | free($2); |
| 2046 | } | |
| 2047 | } | |
| 2048 | ; | |
| 2049 | view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG | |
| 2050 | { | |
| 2051 | char* ptr; | |
| 2052 | OUTYY(("P(view_local_data_ptr:%s)\n", $2)); | |
| 2053 | ptr = cfg_ptr_reverse($2); | |
| 2054 | free($2); | |
| 2055 | if(ptr) { | |
| 2056 | if(!cfg_strlist_insert(&cfg_parser->cfg->views-> | |
| 2057 | local_data, ptr)) | |
| 2058 | fatal_exit("out of memory adding local-data"); | |
| 2059 | } else { | |
| 2060 | yyerror("local-data-ptr could not be reversed"); | |
| 1708 | 2061 | } |
| 1709 | 2062 | } |
| 1710 | 2063 | ; |
| 1940 | 2293 | cfg_parser->cfg->log_identity = $2; |
| 1941 | 2294 | } |
| 1942 | 2295 | ; |
| 2296 | server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG | |
| 2297 | { | |
| 2298 | OUTYY(("P(server_response_ip:%s %s)\n", $2, $3)); | |
| 2299 | validate_respip_action($3); | |
| 2300 | if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, | |
| 2301 | $2, $3)) | |
| 2302 | fatal_exit("out of memory adding response-ip"); | |
| 2303 | } | |
| 2304 | ; | |
| 2305 | server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG | |
| 2306 | { | |
| 2307 | OUTYY(("P(server_response_ip_data:%s)\n", $2)); | |
| 2308 | if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, | |
| 2309 | $2, $3)) | |
| 2310 | fatal_exit("out of memory adding response-ip-data"); | |
| 2311 | } | |
| 2312 | ; | |
| 2313 | dnscstart: VAR_DNSCRYPT | |
| 2314 | { | |
| 2315 | OUTYY(("\nP(dnscrypt:)\n")); | |
| 2316 | OUTYY(("\nP(dnscrypt:)\n")); | |
| 2317 | } | |
| 2318 | ; | |
| 2319 | contents_dnsc: contents_dnsc content_dnsc | |
| 2320 | | ; | |
| 2321 | content_dnsc: | |
| 2322 | dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider | | |
| 2323 | dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert | |
| 2324 | ; | |
| 2325 | dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG | |
| 2326 | { | |
| 2327 | OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2)); | |
| 2328 | if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) | |
| 2329 | yyerror("expected yes or no."); | |
| 2330 | else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0); | |
| 2331 | free($2); | |
| 2332 | } | |
| 2333 | ; | |
| 2334 | ||
| 2335 | dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG | |
| 2336 | { | |
| 2337 | OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2)); | |
| 2338 | ||
| 2339 | if(atoi($2) == 0) | |
| 2340 | yyerror("port number expected"); | |
| 2341 | else cfg_parser->cfg->dnscrypt_port = atoi($2); | |
| 2342 | free($2); | |
| 2343 | } | |
| 2344 | ; | |
| 2345 | dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG | |
| 2346 | { | |
| 2347 | OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2)); | |
| 2348 | free(cfg_parser->cfg->dnscrypt_provider); | |
| 2349 | cfg_parser->cfg->dnscrypt_provider = $2; | |
| 2350 | } | |
| 2351 | ; | |
| 2352 | dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG | |
| 2353 | { | |
| 2354 | OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2)); | |
| 2355 | if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2)) | |
| 2356 | fatal_exit("out of memory adding dnscrypt-provider-cert"); | |
| 2357 | } | |
| 2358 | ; | |
| 2359 | dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG | |
| 2360 | { | |
| 2361 | OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2)); | |
| 2362 | if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2)) | |
| 2363 | fatal_exit("out of memory adding dnscrypt-secret-key"); | |
| 2364 | } | |
| 2365 | ; | |
| 1943 | 2366 | %% |
| 1944 | 2367 | |
| 1945 | 2368 | /* parse helper routines could be here */ |
| 2369 | static void | |
| 2370 | validate_respip_action(const char* action) | |
| 2371 | { | |
| 2372 | if(strcmp(action, "deny")!=0 && | |
| 2373 | strcmp(action, "redirect")!=0 && | |
| 2374 | strcmp(action, "inform")!=0 && | |
| 2375 | strcmp(action, "inform_deny")!=0 && | |
| 2376 | strcmp(action, "always_transparent")!=0 && | |
| 2377 | strcmp(action, "always_refuse")!=0 && | |
| 2378 | strcmp(action, "always_nxdomain")!=0) | |
| 2379 | { | |
| 2380 | yyerror("response-ip action: expected deny, redirect, " | |
| 2381 | "inform, inform_deny, always_transparent, " | |
| 2382 | "always_refuse or always_nxdomain"); | |
| 2383 | } | |
| 2384 | } | |
| 269 | 269 | return 0; |
| 270 | 270 | } |
| 271 | 271 | |
| 272 | hashvalue_t | |
| 273 | dname_query_hash(uint8_t* dname, hashvalue_t h) | |
| 272 | hashvalue_type | |
| 273 | dname_query_hash(uint8_t* dname, hashvalue_type h) | |
| 274 | 274 | { |
| 275 | 275 | uint8_t labuf[LDNS_MAX_LABELLEN+1]; |
| 276 | 276 | uint8_t lablen; |
| 293 | 293 | return h; |
| 294 | 294 | } |
| 295 | 295 | |
| 296 | hashvalue_t | |
| 297 | dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_t h) | |
| 296 | hashvalue_type | |
| 297 | dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_type h) | |
| 298 | 298 | { |
| 299 | 299 | uint8_t labuf[LDNS_MAX_LABELLEN+1]; |
| 300 | 300 | uint8_t lablen; |
| 126 | 126 | * @param h: initial hash value. |
| 127 | 127 | * @return: result hash value. |
| 128 | 128 | */ |
| 129 | hashvalue_t dname_query_hash(uint8_t* dname, hashvalue_t h); | |
| 129 | hashvalue_type dname_query_hash(uint8_t* dname, hashvalue_type h); | |
| 130 | 130 | |
| 131 | 131 | /** |
| 132 | 132 | * Hash dname, label by label, lowercasing, into hashvalue. |
| 138 | 138 | * @return: result hash value. |
| 139 | 139 | * Result is the same as dname_query_hash, even if compression is used. |
| 140 | 140 | */ |
| 141 | hashvalue_t dname_pkt_hash(struct sldns_buffer* pkt, uint8_t* dname, hashvalue_t h); | |
| 141 | hashvalue_type dname_pkt_hash(struct sldns_buffer* pkt, uint8_t* dname, | |
| 142 | hashvalue_type h); | |
| 142 | 143 | |
| 143 | 144 | /** |
| 144 | 145 | * Copy over a valid dname and decompress it. |
| 458 | 458 | owner_labs = dname_count_labels(key->rk.dname); |
| 459 | 459 | owner_pos = sldns_buffer_position(pkt); |
| 460 | 460 | |
| 461 | /* For an rrset with a fixed TTL, use the rrset's TTL as given */ | |
| 462 | if((key->rk.flags & PACKED_RRSET_FIXEDTTL) != 0) | |
| 463 | timenow = 0; | |
| 464 | ||
| 461 | 465 | if(do_data) { |
| 462 | 466 | const sldns_rr_descriptor* c = type_rdata_compressable(key); |
| 463 | 467 | for(i=0; i<data->count; i++) { |
| 642 | 646 | sldns_buffer_clear(buffer); |
| 643 | 647 | if(udpsize < sldns_buffer_limit(buffer)) |
| 644 | 648 | sldns_buffer_set_limit(buffer, udpsize); |
| 649 | else if(sldns_buffer_limit(buffer) < udpsize) | |
| 650 | udpsize = sldns_buffer_limit(buffer); | |
| 645 | 651 | if(sldns_buffer_remaining(buffer) < LDNS_HEADER_SIZE) |
| 646 | 652 | return 0; |
| 647 | 653 | |
| 805 | 811 | struct edns_data* edns, int dnssec, int secure) |
| 806 | 812 | { |
| 807 | 813 | uint16_t flags; |
| 808 | int attach_edns = 1; | |
| 814 | unsigned int attach_edns = 0; | |
| 809 | 815 | |
| 810 | 816 | if(!cached || rep->authoritative) { |
| 811 | 817 | /* original flags, copy RD and CD bits from query. */ |
| 828 | 834 | log_assert(flags & BIT_QR); /* QR bit must be on in our replies */ |
| 829 | 835 | if(udpsize < LDNS_HEADER_SIZE) |
| 830 | 836 | return 0; |
| 837 | if(sldns_buffer_capacity(pkt) < udpsize) | |
| 838 | udpsize = sldns_buffer_capacity(pkt); | |
| 831 | 839 | if(udpsize < LDNS_HEADER_SIZE + calc_edns_field_size(edns)) { |
| 832 | 840 | /* packet too small to contain edns, omit it. */ |
| 833 | 841 | attach_edns = 0; |
| 834 | 842 | } else { |
| 835 | 843 | /* reserve space for edns record */ |
| 836 | udpsize -= calc_edns_field_size(edns); | |
| 844 | attach_edns = (unsigned int)calc_edns_field_size(edns); | |
| 845 | udpsize -= attach_edns; | |
| 837 | 846 | } |
| 838 | 847 | |
| 839 | 848 | if(!reply_info_encode(qinf, rep, id, flags, pkt, timenow, region, |
| 841 | 850 | log_err("reply encode: out of memory"); |
| 842 | 851 | return 0; |
| 843 | 852 | } |
| 844 | if(attach_edns) | |
| 853 | if(attach_edns && sldns_buffer_capacity(pkt) >= | |
| 854 | sldns_buffer_limit(pkt)+attach_edns) | |
| 845 | 855 | attach_edns_record(pkt, edns); |
| 846 | 856 | return 1; |
| 847 | 857 | } |
| 70 | 70 | */ |
| 71 | 71 | static struct rrset_parse* |
| 72 | 72 | new_rrset(struct msg_parse* msg, uint8_t* dname, size_t dnamelen, |
| 73 | uint16_t type, uint16_t dclass, hashvalue_t hash, | |
| 73 | uint16_t type, uint16_t dclass, hashvalue_type hash, | |
| 74 | 74 | uint32_t rrset_flags, sldns_pkt_section section, |
| 75 | 75 | struct regional* region) |
| 76 | 76 | { |
| 158 | 158 | return f; |
| 159 | 159 | } |
| 160 | 160 | |
| 161 | hashvalue_t | |
| 161 | hashvalue_type | |
| 162 | 162 | pkt_hash_rrset(sldns_buffer* pkt, uint8_t* dname, uint16_t type, |
| 163 | 163 | uint16_t dclass, uint32_t rrset_flags) |
| 164 | 164 | { |
| 165 | 165 | /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ |
| 166 | 166 | /* this routine handles compressed names */ |
| 167 | hashvalue_t h = 0xab; | |
| 167 | hashvalue_type h = 0xab; | |
| 168 | 168 | h = dname_pkt_hash(pkt, dname, h); |
| 169 | 169 | h = hashlittle(&type, sizeof(type), h); /* host order */ |
| 170 | 170 | h = hashlittle(&dclass, sizeof(dclass), h); /* netw order */ |
| 173 | 173 | } |
| 174 | 174 | |
| 175 | 175 | /** create partial dname hash for rrset hash */ |
| 176 | static hashvalue_t | |
| 176 | static hashvalue_type | |
| 177 | 177 | pkt_hash_rrset_first(sldns_buffer* pkt, uint8_t* dname) |
| 178 | 178 | { |
| 179 | 179 | /* works together with pkt_hash_rrset_rest */ |
| 180 | 180 | /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ |
| 181 | 181 | /* this routine handles compressed names */ |
| 182 | hashvalue_t h = 0xab; | |
| 182 | hashvalue_type h = 0xab; | |
| 183 | 183 | h = dname_pkt_hash(pkt, dname, h); |
| 184 | 184 | return h; |
| 185 | 185 | } |
| 186 | 186 | |
| 187 | 187 | /** create a rrset hash from a partial dname hash */ |
| 188 | static hashvalue_t | |
| 189 | pkt_hash_rrset_rest(hashvalue_t dname_h, uint16_t type, uint16_t dclass, | |
| 188 | static hashvalue_type | |
| 189 | pkt_hash_rrset_rest(hashvalue_type dname_h, uint16_t type, uint16_t dclass, | |
| 190 | 190 | uint32_t rrset_flags) |
| 191 | 191 | { |
| 192 | 192 | /* works together with pkt_hash_rrset_first */ |
| 193 | 193 | /* note this MUST be identical to rrset_key_hash in packed_rrset.c */ |
| 194 | hashvalue_t h; | |
| 194 | hashvalue_type h; | |
| 195 | 195 | h = hashlittle(&type, sizeof(type), dname_h); /* host order */ |
| 196 | 196 | h = hashlittle(&dclass, sizeof(dclass), h); /* netw order */ |
| 197 | 197 | h = hashlittle(&rrset_flags, sizeof(uint32_t), h); |
| 200 | 200 | |
| 201 | 201 | /** compare rrset_parse with data */ |
| 202 | 202 | static int |
| 203 | rrset_parse_equals(struct rrset_parse* p, sldns_buffer* pkt, hashvalue_t h, | |
| 203 | rrset_parse_equals(struct rrset_parse* p, sldns_buffer* pkt, hashvalue_type h, | |
| 204 | 204 | uint32_t rrset_flags, uint8_t* dname, size_t dnamelen, |
| 205 | 205 | uint16_t type, uint16_t dclass) |
| 206 | 206 | { |
| 214 | 214 | |
| 215 | 215 | struct rrset_parse* |
| 216 | 216 | msgparse_hashtable_lookup(struct msg_parse* msg, sldns_buffer* pkt, |
| 217 | hashvalue_t h, uint32_t rrset_flags, uint8_t* dname, size_t dnamelen, | |
| 218 | uint16_t type, uint16_t dclass) | |
| 217 | hashvalue_type h, uint32_t rrset_flags, uint8_t* dname, | |
| 218 | size_t dnamelen, uint16_t type, uint16_t dclass) | |
| 219 | 219 | { |
| 220 | 220 | struct rrset_parse* p = msg->hashtable[h & (PARSE_TABLE_SIZE-1)]; |
| 221 | 221 | while(p) { |
| 387 | 387 | int hasother, sldns_pkt_section section, struct regional* region) |
| 388 | 388 | { |
| 389 | 389 | struct rrset_parse* dataset = sigset; |
| 390 | hashvalue_t hash = pkt_hash_rrset(pkt, sigset->dname, datatype, | |
| 390 | hashvalue_type hash = pkt_hash_rrset(pkt, sigset->dname, datatype, | |
| 391 | 391 | sigset->rrset_class, rrset_flags); |
| 392 | 392 | log_assert( sigset->type == LDNS_RR_TYPE_RRSIG ); |
| 393 | 393 | log_assert( datatype != LDNS_RR_TYPE_RRSIG ); |
| 454 | 454 | */ |
| 455 | 455 | static int |
| 456 | 456 | find_rrset(struct msg_parse* msg, sldns_buffer* pkt, uint8_t* dname, |
| 457 | size_t dnamelen, uint16_t type, uint16_t dclass, hashvalue_t* hash, | |
| 457 | size_t dnamelen, uint16_t type, uint16_t dclass, hashvalue_type* hash, | |
| 458 | 458 | uint32_t* rrset_flags, |
| 459 | 459 | uint8_t** prev_dname_first, uint8_t** prev_dname_last, |
| 460 | 460 | size_t* prev_dnamelen, uint16_t* prev_type, |
| 461 | 461 | uint16_t* prev_dclass, struct rrset_parse** rrset_prev, |
| 462 | 462 | sldns_pkt_section section, struct regional* region) |
| 463 | 463 | { |
| 464 | hashvalue_t dname_h = pkt_hash_rrset_first(pkt, dname); | |
| 464 | hashvalue_type dname_h = pkt_hash_rrset_first(pkt, dname); | |
| 465 | 465 | uint16_t covtype; |
| 466 | 466 | if(*rrset_prev) { |
| 467 | 467 | /* check if equal to previous item */ |
| 823 | 823 | uint16_t type, prev_type = 0; |
| 824 | 824 | uint16_t dclass, prev_dclass = 0; |
| 825 | 825 | uint32_t rrset_flags = 0; |
| 826 | hashvalue_t hash = 0; | |
| 826 | hashvalue_type hash = 0; | |
| 827 | 827 | struct rrset_parse* rrset = NULL; |
| 828 | 828 | int r; |
| 829 | 829 | |
| 1017 | 1017 | edns->opt_list = NULL; |
| 1018 | 1018 | |
| 1019 | 1019 | /* take the options */ |
| 1020 | rdata_len = found->rr_first->size; | |
| 1020 | rdata_len = found->rr_first->size-2; | |
| 1021 | 1021 | rdata_ptr = found->rr_first->ttl_data+6; |
| 1022 | 1022 | if(!parse_edns_options(rdata_ptr, rdata_len, edns, region)) |
| 1023 | 1023 | return 0; |
| 137 | 137 | /** next in list of all rrsets */ |
| 138 | 138 | struct rrset_parse* rrset_all_next; |
| 139 | 139 | /** hash value of rrset */ |
| 140 | hashvalue_t hash; | |
| 140 | hashvalue_type hash; | |
| 141 | 141 | /** which section was it found in: one of |
| 142 | 142 | * LDNS_SECTION_ANSWER, LDNS_SECTION_AUTHORITY, LDNS_SECTION_ADDITIONAL |
| 143 | 143 | */ |
| 295 | 295 | * @param rrset_flags: rrset flags (same as packed_rrset flags). |
| 296 | 296 | * @return hash value |
| 297 | 297 | */ |
| 298 | hashvalue_t pkt_hash_rrset(struct sldns_buffer* pkt, uint8_t* dname, uint16_t type, | |
| 299 | uint16_t dclass, uint32_t rrset_flags); | |
| 298 | hashvalue_type pkt_hash_rrset(struct sldns_buffer* pkt, uint8_t* dname, | |
| 299 | uint16_t type, uint16_t dclass, uint32_t rrset_flags); | |
| 300 | 300 | |
| 301 | 301 | /** |
| 302 | 302 | * Lookup in msg hashtable to find a rrset. |
| 311 | 311 | * @return NULL or the rrset_parse if found. |
| 312 | 312 | */ |
| 313 | 313 | struct rrset_parse* msgparse_hashtable_lookup(struct msg_parse* msg, |
| 314 | struct sldns_buffer* pkt, hashvalue_t h, uint32_t rrset_flags, | |
| 314 | struct sldns_buffer* pkt, hashvalue_type h, uint32_t rrset_flags, | |
| 315 | 315 | uint8_t* dname, size_t dnamelen, uint16_t type, uint16_t dclass); |
| 316 | 316 | |
| 317 | 317 | /** |
| 132 | 132 | return 1; |
| 133 | 133 | } |
| 134 | 134 | |
| 135 | /** allocate (special) rrset keys, return 0 on error */ | |
| 136 | static int | |
| 137 | repinfo_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc, | |
| 135 | int | |
| 136 | reply_info_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc, | |
| 138 | 137 | struct regional* region) |
| 139 | 138 | { |
| 140 | 139 | size_t i; |
| 437 | 436 | return 0; |
| 438 | 437 | if(!parse_create_repinfo(msg, rep, region)) |
| 439 | 438 | return 0; |
| 440 | if(!repinfo_alloc_rrset_keys(*rep, alloc, region)) | |
| 439 | if(!reply_info_alloc_rrset_keys(*rep, alloc, region)) | |
| 441 | 440 | return 0; |
| 442 | 441 | if(!parse_copy_decompress(pkt, msg, *rep, region)) |
| 443 | 442 | return 0; |
| 607 | 606 | free(r); |
| 608 | 607 | } |
| 609 | 608 | |
| 610 | hashvalue_t | |
| 609 | hashvalue_type | |
| 611 | 610 | query_info_hash(struct query_info *q, uint16_t flags) |
| 612 | 611 | { |
| 613 | hashvalue_t h = 0xab; | |
| 612 | hashvalue_type h = 0xab; | |
| 614 | 613 | h = hashlittle(&q->qtype, sizeof(q->qtype), h); |
| 615 | 614 | if(q->qtype == LDNS_RR_TYPE_AAAA && (flags&BIT_CD)) |
| 616 | 615 | h++; |
| 621 | 620 | |
| 622 | 621 | struct msgreply_entry* |
| 623 | 622 | query_info_entrysetup(struct query_info* q, struct reply_info* r, |
| 624 | hashvalue_t h) | |
| 623 | hashvalue_type h) | |
| 625 | 624 | { |
| 626 | 625 | struct msgreply_entry* e = (struct msgreply_entry*)malloc( |
| 627 | 626 | sizeof(struct msgreply_entry)); |
| 687 | 686 | if(!cp) |
| 688 | 687 | return NULL; |
| 689 | 688 | /* allocate ub_key structures special or not */ |
| 690 | if(!repinfo_alloc_rrset_keys(cp, alloc, region)) { | |
| 689 | if(!reply_info_alloc_rrset_keys(cp, alloc, region)) { | |
| 691 | 690 | if(!region) |
| 692 | 691 | reply_info_parsedelete(cp, alloc); |
| 693 | 692 | return NULL; |
| 818 | 817 | regional_destroy(region); |
| 819 | 818 | } |
| 820 | 819 | |
| 821 | void | |
| 820 | void | |
| 821 | log_reply_info(enum verbosity_value v, struct query_info *qinf, | |
| 822 | struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur, | |
| 823 | int cached, struct sldns_buffer *rmsg) | |
| 824 | { | |
| 825 | char qname_buf[LDNS_MAX_DOMAINLEN+1]; | |
| 826 | char clientip_buf[128]; | |
| 827 | char rcode_buf[16]; | |
| 828 | char type_buf[16]; | |
| 829 | char class_buf[16]; | |
| 830 | size_t pktlen; | |
| 831 | uint16_t rcode = FLAGS_GET_RCODE(sldns_buffer_read_u16_at(rmsg, 2)); | |
| 832 | ||
| 833 | if(verbosity < v) | |
| 834 | return; | |
| 835 | ||
| 836 | sldns_wire2str_rcode_buf((int)rcode, rcode_buf, sizeof(rcode_buf)); | |
| 837 | addr_to_str(addr, addrlen, clientip_buf, sizeof(clientip_buf)); | |
| 838 | if(rcode == LDNS_RCODE_FORMERR) | |
| 839 | { | |
| 840 | log_info("%s - - - %s - - - ", clientip_buf, rcode_buf); | |
| 841 | } else { | |
| 842 | dname_str(qinf->qname, qname_buf); | |
| 843 | pktlen = sldns_buffer_limit(rmsg); | |
| 844 | sldns_wire2str_type_buf(qinf->qtype, type_buf, sizeof(type_buf)); | |
| 845 | sldns_wire2str_class_buf(qinf->qclass, class_buf, sizeof(class_buf)); | |
| 846 | log_info("%s %s %s %s %s " ARG_LL "d.%6.6d %d %d", | |
| 847 | clientip_buf, qname_buf, type_buf, class_buf, | |
| 848 | rcode_buf, (long long)dur.tv_sec, (int)dur.tv_usec, cached, (int)pktlen); | |
| 849 | } | |
| 850 | } | |
| 851 | ||
| 852 | void | |
| 822 | 853 | log_query_info(enum verbosity_value v, const char* str, |
| 823 | 854 | struct query_info* qinf) |
| 824 | 855 | { |
| 951 | 982 | } |
| 952 | 983 | |
| 953 | 984 | static int inplace_cb_reply_call_generic( |
| 954 | struct inplace_cb_reply* callback_list, enum inplace_cb_list_type type, | |
| 985 | struct inplace_cb* callback_list, enum inplace_cb_list_type type, | |
| 955 | 986 | struct query_info* qinfo, struct module_qstate* qstate, |
| 956 | 987 | struct reply_info* rep, int rcode, struct edns_data* edns, |
| 957 | 988 | struct regional* region) |
| 958 | 989 | { |
| 959 | struct inplace_cb_reply* cb; | |
| 990 | struct inplace_cb* cb; | |
| 960 | 991 | struct edns_option* opt_list_out = NULL; |
| 961 | 992 | if(qstate) |
| 962 | 993 | opt_list_out = qstate->edns_opts_front_out; |
| 963 | 994 | for(cb=callback_list; cb; cb=cb->next) { |
| 964 | fptr_ok(fptr_whitelist_inplace_cb_reply_generic(cb->cb, type)); | |
| 965 | (void)(*cb->cb)(qinfo, qstate, rep, rcode, edns, &opt_list_out, region, | |
| 966 | cb->cb_arg); | |
| 995 | fptr_ok(fptr_whitelist_inplace_cb_reply_generic( | |
| 996 | (inplace_cb_reply_func_type*)cb->cb, type)); | |
| 997 | (void)(*(inplace_cb_reply_func_type*)cb->cb)(qinfo, qstate, rep, | |
| 998 | rcode, edns, &opt_list_out, region, cb->id, cb->cb_arg); | |
| 967 | 999 | } |
| 968 | 1000 | edns->opt_list = opt_list_out; |
| 969 | 1001 | return 1; |
| 1016 | 1048 | uint8_t* zone, size_t zonelen, struct module_qstate* qstate, |
| 1017 | 1049 | struct regional* region) |
| 1018 | 1050 | { |
| 1019 | struct inplace_cb_query* cb = env->inplace_cb_lists[inplace_cb_query]; | |
| 1051 | struct inplace_cb* cb = env->inplace_cb_lists[inplace_cb_query]; | |
| 1020 | 1052 | for(; cb; cb=cb->next) { |
| 1021 | fptr_ok(fptr_whitelist_inplace_cb_query(cb->cb)); | |
| 1022 | (void)(*cb->cb)(qinfo, flags, qstate, addr, addrlen, zone, zonelen, | |
| 1023 | region, cb->cb_arg); | |
| 1053 | fptr_ok(fptr_whitelist_inplace_cb_query( | |
| 1054 | (inplace_cb_query_func_type*)cb->cb)); | |
| 1055 | (void)(*(inplace_cb_query_func_type*)cb->cb)(qinfo, flags, | |
| 1056 | qstate, addr, addrlen, zone, zonelen, region, | |
| 1057 | cb->id, cb->cb_arg); | |
| 1058 | } | |
| 1059 | return 1; | |
| 1060 | } | |
| 1061 | ||
| 1062 | int inplace_cb_edns_back_parsed_call(struct module_env* env, | |
| 1063 | struct module_qstate* qstate) | |
| 1064 | { | |
| 1065 | struct inplace_cb* cb = | |
| 1066 | env->inplace_cb_lists[inplace_cb_edns_back_parsed]; | |
| 1067 | for(; cb; cb=cb->next) { | |
| 1068 | fptr_ok(fptr_whitelist_inplace_cb_edns_back_parsed( | |
| 1069 | (inplace_cb_edns_back_parsed_func_type*)cb->cb)); | |
| 1070 | (void)(*(inplace_cb_edns_back_parsed_func_type*)cb->cb)(qstate, | |
| 1071 | cb->id, cb->cb_arg); | |
| 1072 | } | |
| 1073 | return 1; | |
| 1074 | } | |
| 1075 | ||
| 1076 | int inplace_cb_query_response_call(struct module_env* env, | |
| 1077 | struct module_qstate* qstate, struct dns_msg* response) { | |
| 1078 | struct inplace_cb* cb = | |
| 1079 | env->inplace_cb_lists[inplace_cb_query_response]; | |
| 1080 | for(; cb; cb=cb->next) { | |
| 1081 | fptr_ok(fptr_whitelist_inplace_cb_query_response( | |
| 1082 | (inplace_cb_query_response_func_type*)cb->cb)); | |
| 1083 | (void)(*(inplace_cb_query_response_func_type*)cb->cb)(qstate, | |
| 1084 | response, cb->id, cb->cb_arg); | |
| 1024 | 1085 | } |
| 1025 | 1086 | return 1; |
| 1026 | 1087 | } |
| 1115 | 1176 | if(s->opt_data) { |
| 1116 | 1177 | s->opt_data = memdup(s->opt_data, s->opt_len); |
| 1117 | 1178 | if(!s->opt_data) { |
| 1179 | free(s); | |
| 1118 | 1180 | edns_opt_list_free(result); |
| 1119 | 1181 | return NULL; |
| 1120 | 1182 | } |
| 49 | 49 | struct regional; |
| 50 | 50 | struct edns_data; |
| 51 | 51 | struct edns_option; |
| 52 | struct inplace_cb_reply; | |
| 53 | struct inplace_cb_query; | |
| 52 | struct inplace_cb; | |
| 54 | 53 | struct module_qstate; |
| 55 | 54 | struct module_env; |
| 56 | 55 | struct msg_parse; |
| 57 | 56 | struct rrset_parse; |
| 58 | 57 | struct local_rrset; |
| 58 | struct dns_msg; | |
| 59 | 59 | |
| 60 | 60 | /** calculate the prefetch TTL as 90% of original. Calculation |
| 61 | 61 | * without numerical overflow (uin32_t) */ |
| 104 | 104 | /** the key with lock, and ptr to packed data. */ |
| 105 | 105 | struct ub_packed_rrset_key* key; |
| 106 | 106 | /** id needed */ |
| 107 | rrset_id_t id; | |
| 107 | rrset_id_type id; | |
| 108 | 108 | }; |
| 109 | 109 | |
| 110 | 110 | /** |
| 329 | 329 | |
| 330 | 330 | /** calculate hash value of query_info, lowercases the qname, |
| 331 | 331 | * uses CD flag for AAAA qtype */ |
| 332 | hashvalue_t query_info_hash(struct query_info *q, uint16_t flags); | |
| 332 | hashvalue_type query_info_hash(struct query_info *q, uint16_t flags); | |
| 333 | 333 | |
| 334 | 334 | /** |
| 335 | 335 | * Setup query info entry |
| 339 | 339 | * @return: newly allocated message reply cache item. |
| 340 | 340 | */ |
| 341 | 341 | struct msgreply_entry* query_info_entrysetup(struct query_info* q, |
| 342 | struct reply_info* r, hashvalue_t h); | |
| 342 | struct reply_info* r, hashvalue_type h); | |
| 343 | 343 | |
| 344 | 344 | /** |
| 345 | 345 | * Copy reply_info and all rrsets in it and allocate. |
| 356 | 356 | struct alloc_cache* alloc, struct regional* region); |
| 357 | 357 | |
| 358 | 358 | /** |
| 359 | * Allocate (special) rrset keys. | |
| 360 | * @param rep: reply info in which the rrset keys to be allocated, rrset[] | |
| 361 | * array should have bee allocated with NULL pointers. | |
| 362 | * @param alloc: how to allocate rrset keys. | |
| 363 | * Not used if region!=NULL, it can be NULL in that case. | |
| 364 | * @param region: if this parameter is NULL then the alloc is used. | |
| 365 | * otherwise, rrset keys are allocated in this region. | |
| 366 | * In a region, no special rrset key structures are needed (not shared). | |
| 367 | * and no rrset_ref array in the reply needs to be built up. | |
| 368 | * @return 1 on success, 0 on error | |
| 369 | */ | |
| 370 | int reply_info_alloc_rrset_keys(struct reply_info* rep, | |
| 371 | struct alloc_cache* alloc, struct regional* region); | |
| 372 | ||
| 373 | /** | |
| 359 | 374 | * Copy a parsed rrset into given key, decompressing and allocating rdata. |
| 360 | 375 | * @param pkt: packet for decompression |
| 361 | 376 | * @param msg: the parser message (for flags for trust). |
| 447 | 462 | * @param qinfo: query section. |
| 448 | 463 | * @param rep: rest of message. |
| 449 | 464 | */ |
| 450 | void log_dns_msg(const char* str, struct query_info* qinfo, | |
| 465 | void log_dns_msg(const char* str, struct query_info* qinfo, | |
| 451 | 466 | struct reply_info* rep); |
| 467 | ||
| 468 | /** | |
| 469 | * Print string with neat domain name, type, class, | |
| 470 | * status code from, and size of a query response. | |
| 471 | * | |
| 472 | * @param v: at what verbosity level to print this. | |
| 473 | * @param qinf: query section. | |
| 474 | * @param addr: address of the client. | |
| 475 | * @param addrlen: length of the client address. | |
| 476 | * @param dur: how long it took to complete the query. | |
| 477 | * @param cached: whether or not the reply is coming from | |
| 478 | * the cache, or an outside network. | |
| 479 | * @param rmsg: sldns buffer packet. | |
| 480 | */ | |
| 481 | void log_reply_info(enum verbosity_value v, struct query_info *qinf, | |
| 482 | struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur, | |
| 483 | int cached, struct sldns_buffer *rmsg); | |
| 452 | 484 | |
| 453 | 485 | /** |
| 454 | 486 | * Print string with neat domain name, type, class from query info. |
| 590 | 622 | struct regional* region); |
| 591 | 623 | |
| 592 | 624 | /** |
| 625 | * Call the registered functions in the inplace_cb_edns_back_parsed linked list. | |
| 626 | * This function is going to get called after parsing the EDNS data on the | |
| 627 | * reply from a nameserver. | |
| 628 | * @param env: module environment. | |
| 629 | * @param qstate: module qstate. | |
| 630 | * @return false on failure (a callback function returned an error). | |
| 631 | */ | |
| 632 | int inplace_cb_edns_back_parsed_call(struct module_env* env, | |
| 633 | struct module_qstate* qstate); | |
| 634 | ||
| 635 | /** | |
| 636 | * Call the registered functions in the inplace_cb_query_reponse linked list. | |
| 637 | * This function is going to get called after receiving a reply from a | |
| 638 | * nameserver. | |
| 639 | * @param env: module environment. | |
| 640 | * @param qstate: module qstate. | |
| 641 | * @param response: received response | |
| 642 | * @return false on failure (a callback function returned an error). | |
| 643 | */ | |
| 644 | int inplace_cb_query_response_call(struct module_env* env, | |
| 645 | struct module_qstate* qstate, struct dns_msg* response); | |
| 646 | ||
| 647 | /** | |
| 593 | 648 | * Copy edns option list allocated to the new region |
| 594 | 649 | */ |
| 595 | 650 | struct edns_option* edns_opt_copy_region(struct edns_option* list, |
| 157 | 157 | return 1; |
| 158 | 158 | } |
| 159 | 159 | |
| 160 | hashvalue_t | |
| 160 | hashvalue_type | |
| 161 | 161 | rrset_key_hash(struct packed_rrset_key* key) |
| 162 | 162 | { |
| 163 | 163 | /* type is hashed in host order */ |
| 164 | 164 | uint16_t t = ntohs(key->type); |
| 165 | 165 | /* Note this MUST be identical to pkt_hash_rrset in msgparse.c */ |
| 166 | 166 | /* this routine does not have a compressed name */ |
| 167 | hashvalue_t h = 0xab; | |
| 167 | hashvalue_type h = 0xab; | |
| 168 | 168 | h = dname_query_hash(key->dname, h); |
| 169 | 169 | h = hashlittle(&t, sizeof(t), h); |
| 170 | 170 | h = hashlittle(&key->rrset_class, sizeof(uint16_t), h); |
| 46 | 46 | |
| 47 | 47 | /** type used to uniquely identify rrsets. Cannot be reused without |
| 48 | 48 | * clearing the cache. */ |
| 49 | typedef uint64_t rrset_id_t; | |
| 49 | typedef uint64_t rrset_id_type; | |
| 50 | 50 | |
| 51 | 51 | /** this rrset is NSEC and is at zone apex (at child side of zonecut) */ |
| 52 | 52 | #define PACKED_RRSET_NSEC_AT_APEX 0x1 |
| 56 | 56 | * this is set on SOA rrsets in the authority section, to keep its TTL separate |
| 57 | 57 | * from the SOA in the answer section from a direct SOA query or ANY query. */ |
| 58 | 58 | #define PACKED_RRSET_SOA_NEG 0x4 |
| 59 | /** This rrset is considered to have a fixed TTL; its TTL doesn't have to be | |
| 60 | * updated on encoding in a reply. This flag is not expected to be set in | |
| 61 | * cached data. */ | |
| 62 | #define PACKED_RRSET_FIXEDTTL 0x80000000 | |
| 59 | 63 | |
| 60 | 64 | /** number of rrs and rrsets for integer overflow protection. More than |
| 61 | 65 | * this is not really possible (64K packet has much less RRs and RRsets) in |
| 82 | 86 | * o PACKED_RRSET_NSEC_AT_APEX |
| 83 | 87 | * o PACKED_RRSET_PARENT_SIDE |
| 84 | 88 | * o PACKED_RRSET_SOA_NEG |
| 89 | * o PACKED_RRSET_FIXEDTTL (not supposed to be cached) | |
| 85 | 90 | */ |
| 86 | 91 | uint32_t flags; |
| 87 | 92 | /** the rrset type in network format */ |
| 113 | 118 | * The other values in this struct may only be altered after changing |
| 114 | 119 | * the id (which needs a writelock on entry.lock). |
| 115 | 120 | */ |
| 116 | rrset_id_t id; | |
| 121 | rrset_id_type id; | |
| 117 | 122 | /** key data: dname, type and class */ |
| 118 | 123 | struct packed_rrset_key rk; |
| 119 | 124 | }; |
| 190 | 195 | * RRset data. |
| 191 | 196 | * |
| 192 | 197 | * The data is packed, stored contiguously in memory. |
| 198 | * | |
| 199 | * It is not always stored contiguously, in that case, an unpacked-packed | |
| 200 | * rrset has the arrays separate. A bunch of routines work on that, but | |
| 201 | * the packed rrset that is contiguous is for the rrset-cache and the | |
| 202 | * cache-response routines in daemon/worker.c. | |
| 203 | * | |
| 193 | 204 | * memory layout: |
| 194 | 205 | * o base struct |
| 195 | 206 | * o rr_len size_t array |
| 333 | 344 | * @param key: the rrset key with name, type, class, flags. |
| 334 | 345 | * @return hash value. |
| 335 | 346 | */ |
| 336 | hashvalue_t rrset_key_hash(struct packed_rrset_key* key); | |
| 347 | hashvalue_type rrset_key_hash(struct packed_rrset_key* key); | |
| 337 | 348 | |
| 338 | 349 | /** |
| 339 | 350 | * Fixup pointers in fixed data packed_rrset_data blob. |
| 48 | 48 | #include "services/outside_network.h" |
| 49 | 49 | #include "services/mesh.h" |
| 50 | 50 | #include "services/localzone.h" |
| 51 | #include "services/authzone.h" | |
| 51 | 52 | #include "services/cache/infra.h" |
| 52 | 53 | #include "services/cache/rrset.h" |
| 53 | 54 | #include "services/view.h" |
| 74 | 75 | #ifdef UB_ON_WINDOWS |
| 75 | 76 | #include "winrc/win_svc.h" |
| 76 | 77 | #endif |
| 78 | #include "respip/respip.h" | |
| 77 | 79 | |
| 78 | 80 | #ifdef WITH_PYTHONMODULE |
| 79 | 81 | #include "pythonmod/pythonmod.h" |
| 81 | 83 | #ifdef USE_CACHEDB |
| 82 | 84 | #include "cachedb/cachedb.h" |
| 83 | 85 | #endif |
| 84 | ||
| 85 | int | |
| 86 | fptr_whitelist_comm_point(comm_point_callback_t *fptr) | |
| 86 | #ifdef USE_IPSECMOD | |
| 87 | #include "ipsecmod/ipsecmod.h" | |
| 88 | #endif | |
| 89 | #ifdef CLIENT_SUBNET | |
| 90 | #include "edns-subnet/subnetmod.h" | |
| 91 | #endif | |
| 92 | ||
| 93 | int | |
| 94 | fptr_whitelist_comm_point(comm_point_callback_type *fptr) | |
| 87 | 95 | { |
| 88 | 96 | if(fptr == &worker_handle_request) return 1; |
| 89 | 97 | else if(fptr == &outnet_udp_cb) return 1; |
| 93 | 101 | } |
| 94 | 102 | |
| 95 | 103 | int |
| 96 | fptr_whitelist_comm_point_raw(comm_point_callback_t *fptr) | |
| 104 | fptr_whitelist_comm_point_raw(comm_point_callback_type *fptr) | |
| 97 | 105 | { |
| 98 | 106 | if(fptr == &tube_handle_listen) return 1; |
| 99 | 107 | else if(fptr == &tube_handle_write) return 1; |
| 155 | 163 | } |
| 156 | 164 | |
| 157 | 165 | int |
| 158 | fptr_whitelist_pending_udp(comm_point_callback_t *fptr) | |
| 166 | fptr_whitelist_pending_udp(comm_point_callback_type *fptr) | |
| 159 | 167 | { |
| 160 | 168 | if(fptr == &serviced_udp_callback) return 1; |
| 161 | 169 | else if(fptr == &worker_handle_reply) return 1; |
| 164 | 172 | } |
| 165 | 173 | |
| 166 | 174 | int |
| 167 | fptr_whitelist_pending_tcp(comm_point_callback_t *fptr) | |
| 175 | fptr_whitelist_pending_tcp(comm_point_callback_type *fptr) | |
| 168 | 176 | { |
| 169 | 177 | if(fptr == &serviced_tcp_callback) return 1; |
| 170 | 178 | else if(fptr == &worker_handle_reply) return 1; |
| 173 | 181 | } |
| 174 | 182 | |
| 175 | 183 | int |
| 176 | fptr_whitelist_serviced_query(comm_point_callback_t *fptr) | |
| 184 | fptr_whitelist_serviced_query(comm_point_callback_type *fptr) | |
| 177 | 185 | { |
| 178 | 186 | if(fptr == &worker_handle_service_reply) return 1; |
| 179 | 187 | else if(fptr == &libworker_handle_service_reply) return 1; |
| 204 | 212 | else if(fptr == &probetree_cmp) return 1; |
| 205 | 213 | else if(fptr == &replay_var_compare) return 1; |
| 206 | 214 | else if(fptr == &view_cmp) return 1; |
| 207 | return 0; | |
| 208 | } | |
| 209 | ||
| 210 | int | |
| 211 | fptr_whitelist_hash_sizefunc(lruhash_sizefunc_t fptr) | |
| 215 | else if(fptr == &auth_zone_cmp) return 1; | |
| 216 | else if(fptr == &auth_data_cmp) return 1; | |
| 217 | return 0; | |
| 218 | } | |
| 219 | ||
| 220 | int | |
| 221 | fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr) | |
| 212 | 222 | { |
| 213 | 223 | if(fptr == &msgreply_sizefunc) return 1; |
| 214 | 224 | else if(fptr == &ub_rrset_sizefunc) return 1; |
| 215 | 225 | else if(fptr == &infra_sizefunc) return 1; |
| 216 | 226 | else if(fptr == &key_entry_sizefunc) return 1; |
| 217 | 227 | else if(fptr == &rate_sizefunc) return 1; |
| 228 | else if(fptr == &ip_rate_sizefunc) return 1; | |
| 218 | 229 | else if(fptr == &test_slabhash_sizefunc) return 1; |
| 219 | return 0; | |
| 220 | } | |
| 221 | ||
| 222 | int | |
| 223 | fptr_whitelist_hash_compfunc(lruhash_compfunc_t fptr) | |
| 230 | #ifdef CLIENT_SUBNET | |
| 231 | else if(fptr == &msg_cache_sizefunc) return 1; | |
| 232 | #endif | |
| 233 | return 0; | |
| 234 | } | |
| 235 | ||
| 236 | int | |
| 237 | fptr_whitelist_hash_compfunc(lruhash_compfunc_type fptr) | |
| 224 | 238 | { |
| 225 | 239 | if(fptr == &query_info_compare) return 1; |
| 226 | 240 | else if(fptr == &ub_rrset_compare) return 1; |
| 227 | 241 | else if(fptr == &infra_compfunc) return 1; |
| 228 | 242 | else if(fptr == &key_entry_compfunc) return 1; |
| 229 | 243 | else if(fptr == &rate_compfunc) return 1; |
| 244 | else if(fptr == &ip_rate_compfunc) return 1; | |
| 230 | 245 | else if(fptr == &test_slabhash_compfunc) return 1; |
| 231 | 246 | return 0; |
| 232 | 247 | } |
| 233 | 248 | |
| 234 | 249 | int |
| 235 | fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_t fptr) | |
| 250 | fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_type fptr) | |
| 236 | 251 | { |
| 237 | 252 | if(fptr == &query_entry_delete) return 1; |
| 238 | 253 | else if(fptr == &ub_rrset_key_delete) return 1; |
| 239 | 254 | else if(fptr == &infra_delkeyfunc) return 1; |
| 240 | 255 | else if(fptr == &key_entry_delkeyfunc) return 1; |
| 241 | 256 | else if(fptr == &rate_delkeyfunc) return 1; |
| 257 | else if(fptr == &ip_rate_delkeyfunc) return 1; | |
| 242 | 258 | else if(fptr == &test_slabhash_delkey) return 1; |
| 243 | 259 | return 0; |
| 244 | 260 | } |
| 245 | 261 | |
| 246 | 262 | int |
| 247 | fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr) | |
| 263 | fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr) | |
| 248 | 264 | { |
| 249 | 265 | if(fptr == &reply_info_delete) return 1; |
| 250 | 266 | else if(fptr == &rrset_data_delete) return 1; |
| 252 | 268 | else if(fptr == &key_entry_deldatafunc) return 1; |
| 253 | 269 | else if(fptr == &rate_deldatafunc) return 1; |
| 254 | 270 | else if(fptr == &test_slabhash_deldata) return 1; |
| 255 | return 0; | |
| 256 | } | |
| 257 | ||
| 258 | int | |
| 259 | fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_t fptr) | |
| 271 | #ifdef CLIENT_SUBNET | |
| 272 | else if(fptr == &subnet_data_delete) return 1; | |
| 273 | #endif | |
| 274 | return 0; | |
| 275 | } | |
| 276 | ||
| 277 | int | |
| 278 | fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_type fptr) | |
| 260 | 279 | { |
| 261 | 280 | if(fptr == NULL) return 1; |
| 262 | 281 | else if(fptr == &rrset_markdel) return 1; |
| 293 | 312 | } |
| 294 | 313 | |
| 295 | 314 | int |
| 315 | fptr_whitelist_modenv_add_sub(int (*fptr)( | |
| 316 | struct module_qstate* qstate, struct query_info* qinfo, | |
| 317 | uint16_t qflags, int prime, int valrec, struct module_qstate** newq, | |
| 318 | struct mesh_state** sub)) | |
| 319 | { | |
| 320 | if(fptr == &mesh_add_sub) return 1; | |
| 321 | return 0; | |
| 322 | } | |
| 323 | ||
| 324 | int | |
| 296 | 325 | fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq)) |
| 297 | 326 | { |
| 298 | 327 | if(fptr == &mesh_state_delete) return 1; |
| 314 | 343 | if(fptr == &iter_init) return 1; |
| 315 | 344 | else if(fptr == &val_init) return 1; |
| 316 | 345 | else if(fptr == &dns64_init) return 1; |
| 346 | else if(fptr == &respip_init) return 1; | |
| 317 | 347 | #ifdef WITH_PYTHONMODULE |
| 318 | 348 | else if(fptr == &pythonmod_init) return 1; |
| 319 | 349 | #endif |
| 320 | 350 | #ifdef USE_CACHEDB |
| 321 | 351 | else if(fptr == &cachedb_init) return 1; |
| 352 | #endif | |
| 353 | #ifdef USE_IPSECMOD | |
| 354 | else if(fptr == &ipsecmod_init) return 1; | |
| 355 | #endif | |
| 356 | #ifdef CLIENT_SUBNET | |
| 357 | else if(fptr == &subnetmod_init) return 1; | |
| 322 | 358 | #endif |
| 323 | 359 | return 0; |
| 324 | 360 | } |
| 329 | 365 | if(fptr == &iter_deinit) return 1; |
| 330 | 366 | else if(fptr == &val_deinit) return 1; |
| 331 | 367 | else if(fptr == &dns64_deinit) return 1; |
| 368 | else if(fptr == &respip_deinit) return 1; | |
| 332 | 369 | #ifdef WITH_PYTHONMODULE |
| 333 | 370 | else if(fptr == &pythonmod_deinit) return 1; |
| 334 | 371 | #endif |
| 335 | 372 | #ifdef USE_CACHEDB |
| 336 | 373 | else if(fptr == &cachedb_deinit) return 1; |
| 374 | #endif | |
| 375 | #ifdef USE_IPSECMOD | |
| 376 | else if(fptr == &ipsecmod_deinit) return 1; | |
| 377 | #endif | |
| 378 | #ifdef CLIENT_SUBNET | |
| 379 | else if(fptr == &subnetmod_deinit) return 1; | |
| 337 | 380 | #endif |
| 338 | 381 | return 0; |
| 339 | 382 | } |
| 345 | 388 | if(fptr == &iter_operate) return 1; |
| 346 | 389 | else if(fptr == &val_operate) return 1; |
| 347 | 390 | else if(fptr == &dns64_operate) return 1; |
| 391 | else if(fptr == &respip_operate) return 1; | |
| 348 | 392 | #ifdef WITH_PYTHONMODULE |
| 349 | 393 | else if(fptr == &pythonmod_operate) return 1; |
| 350 | 394 | #endif |
| 351 | 395 | #ifdef USE_CACHEDB |
| 352 | 396 | else if(fptr == &cachedb_operate) return 1; |
| 397 | #endif | |
| 398 | #ifdef USE_IPSECMOD | |
| 399 | else if(fptr == &ipsecmod_operate) return 1; | |
| 400 | #endif | |
| 401 | #ifdef CLIENT_SUBNET | |
| 402 | else if(fptr == &subnetmod_operate) return 1; | |
| 353 | 403 | #endif |
| 354 | 404 | return 0; |
| 355 | 405 | } |
| 361 | 411 | if(fptr == &iter_inform_super) return 1; |
| 362 | 412 | else if(fptr == &val_inform_super) return 1; |
| 363 | 413 | else if(fptr == &dns64_inform_super) return 1; |
| 414 | else if(fptr == &respip_inform_super) return 1; | |
| 364 | 415 | #ifdef WITH_PYTHONMODULE |
| 365 | 416 | else if(fptr == &pythonmod_inform_super) return 1; |
| 366 | 417 | #endif |
| 367 | 418 | #ifdef USE_CACHEDB |
| 368 | 419 | else if(fptr == &cachedb_inform_super) return 1; |
| 420 | #endif | |
| 421 | #ifdef USE_IPSECMOD | |
| 422 | else if(fptr == &ipsecmod_inform_super) return 1; | |
| 423 | #endif | |
| 424 | #ifdef CLIENT_SUBNET | |
| 425 | else if(fptr == &subnetmod_inform_super) return 1; | |
| 369 | 426 | #endif |
| 370 | 427 | return 0; |
| 371 | 428 | } |
| 377 | 434 | if(fptr == &iter_clear) return 1; |
| 378 | 435 | else if(fptr == &val_clear) return 1; |
| 379 | 436 | else if(fptr == &dns64_clear) return 1; |
| 437 | else if(fptr == &respip_clear) return 1; | |
| 380 | 438 | #ifdef WITH_PYTHONMODULE |
| 381 | 439 | else if(fptr == &pythonmod_clear) return 1; |
| 382 | 440 | #endif |
| 383 | 441 | #ifdef USE_CACHEDB |
| 384 | 442 | else if(fptr == &cachedb_clear) return 1; |
| 443 | #endif | |
| 444 | #ifdef USE_IPSECMOD | |
| 445 | else if(fptr == &ipsecmod_clear) return 1; | |
| 446 | #endif | |
| 447 | #ifdef CLIENT_SUBNET | |
| 448 | else if(fptr == &subnetmod_clear) return 1; | |
| 385 | 449 | #endif |
| 386 | 450 | return 0; |
| 387 | 451 | } |
| 392 | 456 | if(fptr == &iter_get_mem) return 1; |
| 393 | 457 | else if(fptr == &val_get_mem) return 1; |
| 394 | 458 | else if(fptr == &dns64_get_mem) return 1; |
| 459 | else if(fptr == &respip_get_mem) return 1; | |
| 395 | 460 | #ifdef WITH_PYTHONMODULE |
| 396 | 461 | else if(fptr == &pythonmod_get_mem) return 1; |
| 397 | 462 | #endif |
| 398 | 463 | #ifdef USE_CACHEDB |
| 399 | 464 | else if(fptr == &cachedb_get_mem) return 1; |
| 400 | 465 | #endif |
| 466 | #ifdef USE_IPSECMOD | |
| 467 | else if(fptr == &ipsecmod_get_mem) return 1; | |
| 468 | #endif | |
| 469 | #ifdef CLIENT_SUBNET | |
| 470 | else if(fptr == &subnetmod_get_mem) return 1; | |
| 471 | #endif | |
| 401 | 472 | return 0; |
| 402 | 473 | } |
| 403 | 474 | |
| 408 | 479 | return 0; |
| 409 | 480 | } |
| 410 | 481 | |
| 411 | int fptr_whitelist_tube_listen(tube_callback_t* fptr) | |
| 482 | int fptr_whitelist_tube_listen(tube_callback_type* fptr) | |
| 412 | 483 | { |
| 413 | 484 | if(fptr == &worker_handle_control_cmd) return 1; |
| 414 | 485 | else if(fptr == &libworker_handle_control_cmd) return 1; |
| 415 | 486 | return 0; |
| 416 | 487 | } |
| 417 | 488 | |
| 418 | int fptr_whitelist_mesh_cb(mesh_cb_func_t fptr) | |
| 489 | int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr) | |
| 419 | 490 | { |
| 420 | 491 | if(fptr == &libworker_fg_done_cb) return 1; |
| 421 | 492 | else if(fptr == &libworker_bg_done_cb) return 1; |
| 432 | 503 | return 0; |
| 433 | 504 | } |
| 434 | 505 | |
| 435 | int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_t* fptr, | |
| 506 | int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, | |
| 436 | 507 | enum inplace_cb_list_type type) |
| 437 | 508 | { |
| 438 | 509 | #ifndef WITH_PYTHONMODULE |
| 458 | 529 | return 0; |
| 459 | 530 | } |
| 460 | 531 | |
| 461 | int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_t* ATTR_UNUSED(fptr)) | |
| 462 | { | |
| 463 | return 0; | |
| 464 | } | |
| 532 | int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr) | |
| 533 | { | |
| 534 | #ifdef CLIENT_SUBNET | |
| 535 | if(fptr == &ecs_whitelist_check) | |
| 536 | return 1; | |
| 537 | #else | |
| 538 | (void)fptr; | |
| 539 | #endif | |
| 540 | return 0; | |
| 541 | } | |
| 542 | ||
| 543 | int fptr_whitelist_inplace_cb_edns_back_parsed( | |
| 544 | inplace_cb_edns_back_parsed_func_type* fptr) | |
| 545 | { | |
| 546 | #ifdef CLIENT_SUBNET | |
| 547 | if(fptr == &ecs_edns_back_parsed) | |
| 548 | return 1; | |
| 549 | #else | |
| 550 | (void)fptr; | |
| 551 | #endif | |
| 552 | return 0; | |
| 553 | } | |
| 554 | ||
| 555 | int fptr_whitelist_inplace_cb_query_response( | |
| 556 | inplace_cb_query_response_func_type* fptr) | |
| 557 | { | |
| 558 | #ifdef CLIENT_SUBNET | |
| 559 | if(fptr == &ecs_query_response) | |
| 560 | return 1; | |
| 561 | #else | |
| 562 | (void)fptr; | |
| 563 | #endif | |
| 564 | return 0; | |
| 565 | } | |
| 79 | 79 | * @param fptr: function pointer to check. |
| 80 | 80 | * @return false if not in whitelist. |
| 81 | 81 | */ |
| 82 | int fptr_whitelist_comm_point(comm_point_callback_t *fptr); | |
| 82 | int fptr_whitelist_comm_point(comm_point_callback_type *fptr); | |
| 83 | 83 | |
| 84 | 84 | /** |
| 85 | 85 | * Check function pointer whitelist for raw comm_point callback values. |
| 87 | 87 | * @param fptr: function pointer to check. |
| 88 | 88 | * @return false if not in whitelist. |
| 89 | 89 | */ |
| 90 | int fptr_whitelist_comm_point_raw(comm_point_callback_t *fptr); | |
| 90 | int fptr_whitelist_comm_point_raw(comm_point_callback_type *fptr); | |
| 91 | 91 | |
| 92 | 92 | /** |
| 93 | 93 | * Check function pointer whitelist for comm_timer callback values. |
| 136 | 136 | * @param fptr: function pointer to check. |
| 137 | 137 | * @return false if not in whitelist. |
| 138 | 138 | */ |
| 139 | int fptr_whitelist_pending_udp(comm_point_callback_t *fptr); | |
| 139 | int fptr_whitelist_pending_udp(comm_point_callback_type *fptr); | |
| 140 | 140 | |
| 141 | 141 | /** |
| 142 | 142 | * Check function pointer whitelist for pending tcp callback values. |
| 144 | 144 | * @param fptr: function pointer to check. |
| 145 | 145 | * @return false if not in whitelist. |
| 146 | 146 | */ |
| 147 | int fptr_whitelist_pending_tcp(comm_point_callback_t *fptr); | |
| 147 | int fptr_whitelist_pending_tcp(comm_point_callback_type *fptr); | |
| 148 | 148 | |
| 149 | 149 | /** |
| 150 | 150 | * Check function pointer whitelist for serviced query callback values. |
| 152 | 152 | * @param fptr: function pointer to check. |
| 153 | 153 | * @return false if not in whitelist. |
| 154 | 154 | */ |
| 155 | int fptr_whitelist_serviced_query(comm_point_callback_t *fptr); | |
| 155 | int fptr_whitelist_serviced_query(comm_point_callback_type *fptr); | |
| 156 | 156 | |
| 157 | 157 | /** |
| 158 | 158 | * Check function pointer whitelist for rbtree cmp callback values. |
| 168 | 168 | * @param fptr: function pointer to check. |
| 169 | 169 | * @return false if not in whitelist. |
| 170 | 170 | */ |
| 171 | int fptr_whitelist_hash_sizefunc(lruhash_sizefunc_t fptr); | |
| 171 | int fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr); | |
| 172 | 172 | |
| 173 | 173 | /** |
| 174 | 174 | * Check function pointer whitelist for lruhash compfunc callback values. |
| 176 | 176 | * @param fptr: function pointer to check. |
| 177 | 177 | * @return false if not in whitelist. |
| 178 | 178 | */ |
| 179 | int fptr_whitelist_hash_compfunc(lruhash_compfunc_t fptr); | |
| 179 | int fptr_whitelist_hash_compfunc(lruhash_compfunc_type fptr); | |
| 180 | 180 | |
| 181 | 181 | /** |
| 182 | 182 | * Check function pointer whitelist for lruhash delkeyfunc callback values. |
| 184 | 184 | * @param fptr: function pointer to check. |
| 185 | 185 | * @return false if not in whitelist. |
| 186 | 186 | */ |
| 187 | int fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_t fptr); | |
| 187 | int fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_type fptr); | |
| 188 | 188 | |
| 189 | 189 | /** |
| 190 | 190 | * Check function pointer whitelist for lruhash deldata callback values. |
| 192 | 192 | * @param fptr: function pointer to check. |
| 193 | 193 | * @return false if not in whitelist. |
| 194 | 194 | */ |
| 195 | int fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr); | |
| 195 | int fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr); | |
| 196 | 196 | |
| 197 | 197 | /** |
| 198 | 198 | * Check function pointer whitelist for lruhash markdel callback values. |
| 200 | 200 | * @param fptr: function pointer to check. |
| 201 | 201 | * @return false if not in whitelist. |
| 202 | 202 | */ |
| 203 | int fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_t fptr); | |
| 203 | int fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_type fptr); | |
| 204 | 204 | |
| 205 | 205 | /** |
| 206 | 206 | * Check function pointer whitelist for module_env send_query callback values. |
| 233 | 233 | uint16_t qflags, int prime, int valrec, struct module_qstate** newq)); |
| 234 | 234 | |
| 235 | 235 | /** |
| 236 | * Check function pointer whitelist for module_env add_sub callback values. | |
| 237 | * | |
| 238 | * @param fptr: function pointer to check. | |
| 239 | * @return false if not in whitelist. | |
| 240 | */ | |
| 241 | int fptr_whitelist_modenv_add_sub(int (*fptr)(struct module_qstate* qstate, | |
| 242 | struct query_info* qinfo, uint16_t qflags, int prime, int valrec, | |
| 243 | struct module_qstate** newq, struct mesh_state** sub)); | |
| 244 | /** | |
| 236 | 245 | * Check function pointer whitelist for module_env kill_sub callback values. |
| 237 | 246 | * |
| 238 | 247 | * @param fptr: function pointer to check. |
| 315 | 324 | * @param fptr: function pointer to check. |
| 316 | 325 | * @return false if not in whitelist. |
| 317 | 326 | */ |
| 318 | int fptr_whitelist_tube_listen(tube_callback_t* fptr); | |
| 327 | int fptr_whitelist_tube_listen(tube_callback_type* fptr); | |
| 319 | 328 | |
| 320 | 329 | /** |
| 321 | 330 | * Check function pointer whitelist for mesh state callback values. |
| 323 | 332 | * @param fptr: function pointer to check. |
| 324 | 333 | * @return false if not in whitelist. |
| 325 | 334 | */ |
| 326 | int fptr_whitelist_mesh_cb(mesh_cb_func_t fptr); | |
| 335 | int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr); | |
| 327 | 336 | |
| 328 | 337 | /** |
| 329 | 338 | * Check function pointer whitelist for config_get_option func values. |
| 340 | 349 | * @param type: the type of the callback function. |
| 341 | 350 | * @return false if not in whitelist. |
| 342 | 351 | */ |
| 343 | int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_t* fptr, | |
| 352 | int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, | |
| 344 | 353 | enum inplace_cb_list_type type); |
| 345 | 354 | |
| 346 | 355 | /** |
| 348 | 357 | * @param fptr: function pointer to check. |
| 349 | 358 | * @return false if not in whitelist. |
| 350 | 359 | */ |
| 351 | int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_t* fptr); | |
| 360 | int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr); | |
| 361 | ||
| 362 | /** | |
| 363 | * Check function pointer whitelist for inplace_cb_edns_back_parsed func values. | |
| 364 | * @param fptr: function pointer to check. | |
| 365 | * @return false if not in whitelist. | |
| 366 | */ | |
| 367 | int fptr_whitelist_inplace_cb_edns_back_parsed( | |
| 368 | inplace_cb_edns_back_parsed_func_type* fptr); | |
| 369 | ||
| 370 | /** | |
| 371 | * Check function pointer whitelist for inplace_cb_query_response func values. | |
| 372 | * @param fptr: function pointer to check. | |
| 373 | * @return false if not in whitelist. | |
| 374 | */ | |
| 375 | int fptr_whitelist_inplace_cb_query_response( | |
| 376 | inplace_cb_query_response_func_type* fptr); | |
| 352 | 377 | |
| 353 | 378 | /** Due to module breakage by fptr wlist, these test app declarations |
| 354 | 379 | * are presented here */ |
| 28 | 28 | 44, |
| 29 | 29 | 45, |
| 30 | 30 | 46, |
| 31 | 47, | |
| 32 | 31 | 48, |
| 33 | 32 | 49, |
| 34 | 33 | 50, |
| 40 | 39 | 57, |
| 41 | 40 | 58, |
| 42 | 41 | 59, |
| 43 | 61, | |
| 44 | 42 | 62, |
| 45 | 43 | 63, |
| 46 | 44 | 64, |
| 660 | 658 | 847, |
| 661 | 659 | 848, |
| 662 | 660 | 853, |
| 661 | 854, | |
| 663 | 662 | 860, |
| 664 | 663 | 861, |
| 665 | 664 | 862, |
| 3775 | 3774 | 4188, |
| 3776 | 3775 | 4191, |
| 3777 | 3776 | 4192, |
| 3777 | 4197, | |
| 3778 | 3778 | 4199, |
| 3779 | 3779 | 4300, |
| 3780 | 3780 | 4301, |
| 3945 | 3945 | 4700, |
| 3946 | 3946 | 4701, |
| 3947 | 3947 | 4702, |
| 3948 | 4711, | |
| 3948 | 3949 | 4725, |
| 3949 | 3950 | 4726, |
| 3950 | 3951 | 4727, |
| 4453 | 4454 | 6446, |
| 4454 | 4455 | 6455, |
| 4455 | 4456 | 6456, |
| 4457 | 6464, | |
| 4456 | 4458 | 6471, |
| 4457 | 4459 | 6480, |
| 4458 | 4460 | 6481, |
| 4569 | 4571 | 7013, |
| 4570 | 4572 | 7014, |
| 4571 | 4573 | 7015, |
| 4574 | 7016, | |
| 4575 | 7017, | |
| 4572 | 4576 | 7019, |
| 4573 | 4577 | 7020, |
| 4574 | 4578 | 7021, |
| 4727 | 4731 | 8002, |
| 4728 | 4732 | 8003, |
| 4729 | 4733 | 8005, |
| 4734 | 8006, | |
| 4730 | 4735 | 8008, |
| 4731 | 4736 | 8019, |
| 4732 | 4737 | 8020, |
| 4848 | 4853 | 8793, |
| 4849 | 4854 | 8800, |
| 4850 | 4855 | 8804, |
| 4856 | 8805, | |
| 4857 | 8808, | |
| 4851 | 4858 | 8873, |
| 4852 | 4859 | 8880, |
| 4853 | 4860 | 8883, |
| 5351 | 5358 | 30260, |
| 5352 | 5359 | 30832, |
| 5353 | 5360 | 30999, |
| 5361 | 31016, | |
| 5354 | 5362 | 31029, |
| 5355 | 5363 | 31416, |
| 5356 | 5364 | 31457, |
| 5391 | 5399 | 34980, |
| 5392 | 5400 | 35001, |
| 5393 | 5401 | 35004, |
| 5402 | 35100, | |
| 5394 | 5403 | 35355, |
| 5395 | 5404 | 36001, |
| 5396 | 5405 | 36411, |
| 5453 | 5462 | 48556, |
| 5454 | 5463 | 48619, |
| 5455 | 5464 | 48653, |
| 5465 | 49001, | |
| 109 | 109 | * @param arg: user argument to func. |
| 110 | 110 | */ |
| 111 | 111 | void |
| 112 | ub_thr_fork_create(ub_thread_t* thr, void* (*func)(void*), void* arg) | |
| 112 | ub_thr_fork_create(ub_thread_type* thr, void* (*func)(void*), void* arg) | |
| 113 | 113 | { |
| 114 | 114 | pid_t pid = fork(); |
| 115 | 115 | switch(pid) { |
| 116 | 116 | default: /* main */ |
| 117 | *thr = (ub_thread_t)pid; | |
| 117 | *thr = (ub_thread_type)pid; | |
| 118 | 118 | return; |
| 119 | 119 | case 0: /* child */ |
| 120 | *thr = (ub_thread_t)getpid(); | |
| 120 | *thr = (ub_thread_type)getpid(); | |
| 121 | 121 | (void)(*func)(arg); |
| 122 | 122 | exit(0); |
| 123 | 123 | case -1: /* error */ |
| 127 | 127 | |
| 128 | 128 | /** |
| 129 | 129 | * There is no threading. Wait for a process to terminate. |
| 130 | * Note that ub_thread_t is defined as pid_t. | |
| 130 | * Note that ub_thread_type is defined as pid_t. | |
| 131 | 131 | * @param thread: the process id to wait for. |
| 132 | 132 | */ |
| 133 | void ub_thr_fork_wait(ub_thread_t thread) | |
| 133 | void ub_thr_fork_wait(ub_thread_type thread) | |
| 134 | 134 | { |
| 135 | 135 | int status = 0; |
| 136 | 136 | if(waitpid((pid_t)thread, &status, 0) == -1) |
| 142 | 142 | #endif /* !defined(HAVE_PTHREAD) && !defined(HAVE_SOLARIS_THREADS) && !defined(HAVE_WINDOWS_THREADS) */ |
| 143 | 143 | |
| 144 | 144 | #ifdef HAVE_SOLARIS_THREADS |
| 145 | void* ub_thread_key_get(ub_thread_key_t key) | |
| 145 | void* ub_thread_key_get(ub_thread_key_type key) | |
| 146 | 146 | { |
| 147 | 147 | void* ret=NULL; |
| 148 | 148 | LOCKRET(thr_getspecific(key, &ret)); |
| 166 | 166 | LocalFree(buf); |
| 167 | 167 | } |
| 168 | 168 | |
| 169 | void lock_basic_init(lock_basic_t* lock) | |
| 169 | void lock_basic_init(lock_basic_type* lock) | |
| 170 | 170 | { |
| 171 | 171 | /* implement own lock, because windows HANDLE as Mutex usage |
| 172 | 172 | * uses too many handles and would bog down the whole system. */ |
| 173 | 173 | (void)InterlockedExchange(lock, 0); |
| 174 | 174 | } |
| 175 | 175 | |
| 176 | void lock_basic_destroy(lock_basic_t* lock) | |
| 176 | void lock_basic_destroy(lock_basic_type* lock) | |
| 177 | 177 | { |
| 178 | 178 | (void)InterlockedExchange(lock, 0); |
| 179 | 179 | } |
| 180 | 180 | |
| 181 | void lock_basic_lock(lock_basic_t* lock) | |
| 181 | void lock_basic_lock(lock_basic_type* lock) | |
| 182 | 182 | { |
| 183 | 183 | LONG wait = 1; /* wait 1 msec at first */ |
| 184 | 184 | |
| 190 | 190 | /* the old value was 0, but we inserted 1, we locked it! */ |
| 191 | 191 | } |
| 192 | 192 | |
| 193 | void lock_basic_unlock(lock_basic_t* lock) | |
| 193 | void lock_basic_unlock(lock_basic_type* lock) | |
| 194 | 194 | { |
| 195 | 195 | /* unlock it by inserting the value of 0. xchg for cache coherency. */ |
| 196 | 196 | (void)InterlockedExchange(lock, 0); |
| 197 | 197 | } |
| 198 | 198 | |
| 199 | void ub_thread_key_create(ub_thread_key_t* key, void* f) | |
| 199 | void ub_thread_key_create(ub_thread_key_type* key, void* f) | |
| 200 | 200 | { |
| 201 | 201 | *key = TlsAlloc(); |
| 202 | 202 | if(*key == TLS_OUT_OF_INDEXES) { |
| 206 | 206 | else ub_thread_key_set(*key, f); |
| 207 | 207 | } |
| 208 | 208 | |
| 209 | void ub_thread_key_set(ub_thread_key_t key, void* v) | |
| 209 | void ub_thread_key_set(ub_thread_key_type key, void* v) | |
| 210 | 210 | { |
| 211 | 211 | if(!TlsSetValue(key, v)) { |
| 212 | 212 | log_win_err("TlsSetValue failed", GetLastError()); |
| 213 | 213 | } |
| 214 | 214 | } |
| 215 | 215 | |
| 216 | void* ub_thread_key_get(ub_thread_key_t key) | |
| 216 | void* ub_thread_key_get(ub_thread_key_type key) | |
| 217 | 217 | { |
| 218 | 218 | void* ret = (void*)TlsGetValue(key); |
| 219 | 219 | if(ret == NULL && GetLastError() != ERROR_SUCCESS) { |
| 222 | 222 | return ret; |
| 223 | 223 | } |
| 224 | 224 | |
| 225 | void ub_thread_create(ub_thread_t* thr, void* (*func)(void*), void* arg) | |
| 225 | void ub_thread_create(ub_thread_type* thr, void* (*func)(void*), void* arg) | |
| 226 | 226 | { |
| 227 | 227 | #ifndef HAVE__BEGINTHREADEX |
| 228 | 228 | *thr = CreateThread(NULL, /* default security (no inherit handle) */ |
| 232 | 232 | NULL); /* do not store thread identifier anywhere */ |
| 233 | 233 | #else |
| 234 | 234 | /* the beginthreadex routine setups for the C lib; aligns stack */ |
| 235 | *thr=(ub_thread_t)_beginthreadex(NULL, 0, (void*)func, arg, 0, NULL); | |
| 235 | *thr=(ub_thread_type)_beginthreadex(NULL, 0, (void*)func, arg, 0, NULL); | |
| 236 | 236 | #endif |
| 237 | 237 | if(*thr == NULL) { |
| 238 | 238 | log_win_err("CreateThread failed", GetLastError()); |
| 240 | 240 | } |
| 241 | 241 | } |
| 242 | 242 | |
| 243 | ub_thread_t ub_thread_self(void) | |
| 243 | ub_thread_type ub_thread_self(void) | |
| 244 | 244 | { |
| 245 | 245 | return GetCurrentThread(); |
| 246 | 246 | } |
| 247 | 247 | |
| 248 | void ub_thread_join(ub_thread_t thr) | |
| 248 | void ub_thread_join(ub_thread_type thr) | |
| 249 | 249 | { |
| 250 | 250 | DWORD ret = WaitForSingleObject(thr, INFINITE); |
| 251 | 251 | if(ret == WAIT_FAILED) { |
| 94 | 94 | /******************* PTHREAD ************************/ |
| 95 | 95 | |
| 96 | 96 | /** use pthread mutex for basic lock */ |
| 97 | typedef pthread_mutex_t lock_basic_t; | |
| 97 | typedef pthread_mutex_t lock_basic_type; | |
| 98 | 98 | /** small front for pthread init func, NULL is default attrs. */ |
| 99 | 99 | #define lock_basic_init(lock) LOCKRET(pthread_mutex_init(lock, NULL)) |
| 100 | 100 | #define lock_basic_destroy(lock) LOCKRET(pthread_mutex_destroy(lock)) |
| 103 | 103 | |
| 104 | 104 | #ifndef HAVE_PTHREAD_RWLOCK_T |
| 105 | 105 | /** in case rwlocks are not supported, use a mutex. */ |
| 106 | typedef pthread_mutex_t lock_rw_t; | |
| 106 | typedef pthread_mutex_t lock_rw_type; | |
| 107 | 107 | #define lock_rw_init(lock) LOCKRET(pthread_mutex_init(lock, NULL)) |
| 108 | 108 | #define lock_rw_destroy(lock) LOCKRET(pthread_mutex_destroy(lock)) |
| 109 | 109 | #define lock_rw_rdlock(lock) LOCKRET(pthread_mutex_lock(lock)) |
| 111 | 111 | #define lock_rw_unlock(lock) LOCKRET(pthread_mutex_unlock(lock)) |
| 112 | 112 | #else /* HAVE_PTHREAD_RWLOCK_T */ |
| 113 | 113 | /** we use the pthread rwlock */ |
| 114 | typedef pthread_rwlock_t lock_rw_t; | |
| 114 | typedef pthread_rwlock_t lock_rw_type; | |
| 115 | 115 | /** small front for pthread init func, NULL is default attrs. */ |
| 116 | 116 | #define lock_rw_init(lock) LOCKRET(pthread_rwlock_init(lock, NULL)) |
| 117 | 117 | #define lock_rw_destroy(lock) LOCKRET(pthread_rwlock_destroy(lock)) |
| 122 | 122 | |
| 123 | 123 | #ifndef HAVE_PTHREAD_SPINLOCK_T |
| 124 | 124 | /** in case spinlocks are not supported, use a mutex. */ |
| 125 | typedef pthread_mutex_t lock_quick_t; | |
| 125 | typedef pthread_mutex_t lock_quick_type; | |
| 126 | 126 | /** small front for pthread init func, NULL is default attrs. */ |
| 127 | 127 | #define lock_quick_init(lock) LOCKRET(pthread_mutex_init(lock, NULL)) |
| 128 | 128 | #define lock_quick_destroy(lock) LOCKRET(pthread_mutex_destroy(lock)) |
| 131 | 131 | |
| 132 | 132 | #else /* HAVE_PTHREAD_SPINLOCK_T */ |
| 133 | 133 | /** use pthread spinlock for the quick lock */ |
| 134 | typedef pthread_spinlock_t lock_quick_t; | |
| 134 | typedef pthread_spinlock_t lock_quick_type; | |
| 135 | 135 | /** |
| 136 | 136 | * allocate process private since this is available whether |
| 137 | 137 | * Thread Process-Shared Synchronization is supported or not. |
| 147 | 147 | #endif /* HAVE SPINLOCK */ |
| 148 | 148 | |
| 149 | 149 | /** Thread creation */ |
| 150 | typedef pthread_t ub_thread_t; | |
| 151 | /** Pass where to store tread_t in thr. Use default NULL attributes. */ | |
| 152 | #define ub_thread_create(thr, func, arg) LOCKRET(pthread_create(thr, NULL, func, arg)) | |
| 150 | typedef pthread_t ub_thread_type; | |
| 151 | /** On alpine linux default thread stack size is 80 Kb. See | |
| 152 | http://wiki.musl-libc.org/wiki/Functional_differences_from_glibc#Thread_stack_size | |
| 153 | This is not enough and cause segfault. Other linux distros have 2 Mb at least. | |
| 154 | Wrapper for set up thread stack size */ | |
| 155 | #define PTHREADSTACKSIZE 2*1024*1024 | |
| 156 | #define PTHREADCREATE(thr, stackrequired, func, arg) do {\ | |
| 157 | pthread_attr_t attr; \ | |
| 158 | size_t stacksize; \ | |
| 159 | LOCKRET(pthread_attr_init(&attr)); \ | |
| 160 | LOCKRET(pthread_attr_getstacksize(&attr, &stacksize)); \ | |
| 161 | if (stacksize < stackrequired) { \ | |
| 162 | LOCKRET(pthread_attr_setstacksize(&attr, stackrequired)); \ | |
| 163 | LOCKRET(pthread_create(thr, &attr, func, arg)); \ | |
| 164 | LOCKRET(pthread_attr_getstacksize(&attr, &stacksize)); \ | |
| 165 | verbose(VERB_ALGO, "Thread stack size set to %u", (unsigned)stacksize); \ | |
| 166 | } else {LOCKRET(pthread_create(thr, NULL, func, arg));} \ | |
| 167 | } while(0) | |
| 168 | /** Use wrapper for set thread stack size on attributes. */ | |
| 169 | #define ub_thread_create(thr, func, arg) PTHREADCREATE(thr, PTHREADSTACKSIZE, func, arg) | |
| 153 | 170 | /** get self id. */ |
| 154 | 171 | #define ub_thread_self() pthread_self() |
| 155 | 172 | /** wait for another thread to terminate */ |
| 156 | 173 | #define ub_thread_join(thread) LOCKRET(pthread_join(thread, NULL)) |
| 157 | typedef pthread_key_t ub_thread_key_t; | |
| 174 | typedef pthread_key_t ub_thread_key_type; | |
| 158 | 175 | #define ub_thread_key_create(key, f) LOCKRET(pthread_key_create(key, f)) |
| 159 | 176 | #define ub_thread_key_set(key, v) LOCKRET(pthread_setspecific(key, v)) |
| 160 | 177 | #define ub_thread_key_get(key) pthread_getspecific(key) |
| 166 | 183 | #include <synch.h> |
| 167 | 184 | #include <thread.h> |
| 168 | 185 | |
| 169 | typedef rwlock_t lock_rw_t; | |
| 186 | typedef rwlock_t lock_rw_type; | |
| 170 | 187 | #define lock_rw_init(lock) LOCKRET(rwlock_init(lock, USYNC_THREAD, NULL)) |
| 171 | 188 | #define lock_rw_destroy(lock) LOCKRET(rwlock_destroy(lock)) |
| 172 | 189 | #define lock_rw_rdlock(lock) LOCKRET(rw_rdlock(lock)) |
| 174 | 191 | #define lock_rw_unlock(lock) LOCKRET(rw_unlock(lock)) |
| 175 | 192 | |
| 176 | 193 | /** use basic mutex */ |
| 177 | typedef mutex_t lock_basic_t; | |
| 194 | typedef mutex_t lock_basic_type; | |
| 178 | 195 | #define lock_basic_init(lock) LOCKRET(mutex_init(lock, USYNC_THREAD, NULL)) |
| 179 | 196 | #define lock_basic_destroy(lock) LOCKRET(mutex_destroy(lock)) |
| 180 | 197 | #define lock_basic_lock(lock) LOCKRET(mutex_lock(lock)) |
| 181 | 198 | #define lock_basic_unlock(lock) LOCKRET(mutex_unlock(lock)) |
| 182 | 199 | |
| 183 | 200 | /** No spinlocks in solaris threads API. Use a mutex. */ |
| 184 | typedef mutex_t lock_quick_t; | |
| 201 | typedef mutex_t lock_quick_type; | |
| 185 | 202 | #define lock_quick_init(lock) LOCKRET(mutex_init(lock, USYNC_THREAD, NULL)) |
| 186 | 203 | #define lock_quick_destroy(lock) LOCKRET(mutex_destroy(lock)) |
| 187 | 204 | #define lock_quick_lock(lock) LOCKRET(mutex_lock(lock)) |
| 188 | 205 | #define lock_quick_unlock(lock) LOCKRET(mutex_unlock(lock)) |
| 189 | 206 | |
| 190 | 207 | /** Thread creation, create a default thread. */ |
| 191 | typedef thread_t ub_thread_t; | |
| 208 | typedef thread_t ub_thread_type; | |
| 192 | 209 | #define ub_thread_create(thr, func, arg) LOCKRET(thr_create(NULL, NULL, func, arg, NULL, thr)) |
| 193 | 210 | #define ub_thread_self() thr_self() |
| 194 | 211 | #define ub_thread_join(thread) LOCKRET(thr_join(thread, NULL, NULL)) |
| 195 | typedef thread_key_t ub_thread_key_t; | |
| 212 | typedef thread_key_t ub_thread_key_type; | |
| 196 | 213 | #define ub_thread_key_create(key, f) LOCKRET(thr_keycreate(key, f)) |
| 197 | 214 | #define ub_thread_key_set(key, v) LOCKRET(thr_setspecific(key, v)) |
| 198 | void* ub_thread_key_get(ub_thread_key_t key); | |
| 215 | void* ub_thread_key_get(ub_thread_key_type key); | |
| 199 | 216 | |
| 200 | 217 | |
| 201 | 218 | #else /* we do not HAVE_SOLARIS_THREADS and no PTHREADS */ |
| 204 | 221 | #include <windows.h> |
| 205 | 222 | |
| 206 | 223 | /* Use a mutex */ |
| 207 | typedef LONG lock_rw_t; | |
| 224 | typedef LONG lock_rw_type; | |
| 208 | 225 | #define lock_rw_init(lock) lock_basic_init(lock) |
| 209 | 226 | #define lock_rw_destroy(lock) lock_basic_destroy(lock) |
| 210 | 227 | #define lock_rw_rdlock(lock) lock_basic_lock(lock) |
| 212 | 229 | #define lock_rw_unlock(lock) lock_basic_unlock(lock) |
| 213 | 230 | |
| 214 | 231 | /** the basic lock is a mutex, implemented opaquely, for error handling. */ |
| 215 | typedef LONG lock_basic_t; | |
| 216 | void lock_basic_init(lock_basic_t* lock); | |
| 217 | void lock_basic_destroy(lock_basic_t* lock); | |
| 218 | void lock_basic_lock(lock_basic_t* lock); | |
| 219 | void lock_basic_unlock(lock_basic_t* lock); | |
| 232 | typedef LONG lock_basic_type; | |
| 233 | void lock_basic_init(lock_basic_type* lock); | |
| 234 | void lock_basic_destroy(lock_basic_type* lock); | |
| 235 | void lock_basic_lock(lock_basic_type* lock); | |
| 236 | void lock_basic_unlock(lock_basic_type* lock); | |
| 220 | 237 | |
| 221 | 238 | /** on windows no spinlock, use mutex too. */ |
| 222 | typedef LONG lock_quick_t; | |
| 239 | typedef LONG lock_quick_type; | |
| 223 | 240 | #define lock_quick_init(lock) lock_basic_init(lock) |
| 224 | 241 | #define lock_quick_destroy(lock) lock_basic_destroy(lock) |
| 225 | 242 | #define lock_quick_lock(lock) lock_basic_lock(lock) |
| 226 | 243 | #define lock_quick_unlock(lock) lock_basic_unlock(lock) |
| 227 | 244 | |
| 228 | 245 | /** Thread creation, create a default thread. */ |
| 229 | typedef HANDLE ub_thread_t; | |
| 230 | void ub_thread_create(ub_thread_t* thr, void* (*func)(void*), void* arg); | |
| 231 | ub_thread_t ub_thread_self(void); | |
| 232 | void ub_thread_join(ub_thread_t thr); | |
| 233 | typedef DWORD ub_thread_key_t; | |
| 234 | void ub_thread_key_create(ub_thread_key_t* key, void* f); | |
| 235 | void ub_thread_key_set(ub_thread_key_t key, void* v); | |
| 236 | void* ub_thread_key_get(ub_thread_key_t key); | |
| 246 | typedef HANDLE ub_thread_type; | |
| 247 | void ub_thread_create(ub_thread_type* thr, void* (*func)(void*), void* arg); | |
| 248 | ub_thread_type ub_thread_self(void); | |
| 249 | void ub_thread_join(ub_thread_type thr); | |
| 250 | typedef DWORD ub_thread_key_type; | |
| 251 | void ub_thread_key_create(ub_thread_key_type* key, void* f); | |
| 252 | void ub_thread_key_set(ub_thread_key_type key, void* v); | |
| 253 | void* ub_thread_key_get(ub_thread_key_type key); | |
| 237 | 254 | |
| 238 | 255 | #else /* we do not HAVE_SOLARIS_THREADS, PTHREADS or WINDOWS_THREADS */ |
| 239 | 256 | |
| 240 | 257 | /******************* NO THREADS ************************/ |
| 241 | 258 | #define THREADS_DISABLED 1 |
| 242 | 259 | /** In case there is no thread support, define locks to do nothing */ |
| 243 | typedef int lock_rw_t; | |
| 260 | typedef int lock_rw_type; | |
| 244 | 261 | #define lock_rw_init(lock) /* nop */ |
| 245 | 262 | #define lock_rw_destroy(lock) /* nop */ |
| 246 | 263 | #define lock_rw_rdlock(lock) /* nop */ |
| 248 | 265 | #define lock_rw_unlock(lock) /* nop */ |
| 249 | 266 | |
| 250 | 267 | /** define locks to do nothing */ |
| 251 | typedef int lock_basic_t; | |
| 268 | typedef int lock_basic_type; | |
| 252 | 269 | #define lock_basic_init(lock) /* nop */ |
| 253 | 270 | #define lock_basic_destroy(lock) /* nop */ |
| 254 | 271 | #define lock_basic_lock(lock) /* nop */ |
| 255 | 272 | #define lock_basic_unlock(lock) /* nop */ |
| 256 | 273 | |
| 257 | 274 | /** define locks to do nothing */ |
| 258 | typedef int lock_quick_t; | |
| 275 | typedef int lock_quick_type; | |
| 259 | 276 | #define lock_quick_init(lock) /* nop */ |
| 260 | 277 | #define lock_quick_destroy(lock) /* nop */ |
| 261 | 278 | #define lock_quick_lock(lock) /* nop */ |
| 262 | 279 | #define lock_quick_unlock(lock) /* nop */ |
| 263 | 280 | |
| 264 | 281 | /** Thread creation, threads do not exist */ |
| 265 | typedef pid_t ub_thread_t; | |
| 282 | typedef pid_t ub_thread_type; | |
| 266 | 283 | /** ub_thread_create is simulated with fork (extremely heavy threads, |
| 267 | 284 | * with no shared memory). */ |
| 268 | 285 | #define ub_thread_create(thr, func, arg) \ |
| 269 | 286 | ub_thr_fork_create(thr, func, arg) |
| 270 | 287 | #define ub_thread_self() getpid() |
| 271 | 288 | #define ub_thread_join(thread) ub_thr_fork_wait(thread) |
| 272 | void ub_thr_fork_wait(ub_thread_t thread); | |
| 273 | void ub_thr_fork_create(ub_thread_t* thr, void* (*func)(void*), void* arg); | |
| 274 | typedef void* ub_thread_key_t; | |
| 289 | void ub_thr_fork_wait(ub_thread_type thread); | |
| 290 | void ub_thr_fork_create(ub_thread_type* thr, void* (*func)(void*), void* arg); | |
| 291 | typedef void* ub_thread_key_type; | |
| 275 | 292 | #define ub_thread_key_create(key, f) (*(key)) = NULL |
| 276 | 293 | #define ub_thread_key_set(key, v) (key) = (v) |
| 277 | 294 | #define ub_thread_key_get(key) (key) |
| 66 | 66 | /** if key has been created */ |
| 67 | 67 | static int key_created = 0; |
| 68 | 68 | /** pthread key for thread ids in logfile */ |
| 69 | static ub_thread_key_t logkey; | |
| 69 | static ub_thread_key_type logkey; | |
| 70 | 70 | #ifndef THREADS_DISABLED |
| 71 | 71 | /** pthread mutex to protect FILE* */ |
| 72 | static lock_quick_t log_lock; | |
| 72 | static lock_quick_type log_lock; | |
| 73 | 73 | #endif |
| 74 | 74 | /** the identity of this executable/process */ |
| 75 | 75 | static const char* ident="unbound"; |
| 102 | 102 | use_syslog?"syslog":(filename&&filename[0]?filename:"stderr")); |
| 103 | 103 | lock_quick_lock(&log_lock); |
| 104 | 104 | } |
| 105 | if(logfile && logfile != stderr) | |
| 106 | fclose(logfile); | |
| 105 | if(logfile && logfile != stderr) { | |
| 106 | FILE* cl = logfile; | |
| 107 | logfile = NULL; /* set to NULL before it is closed, so that | |
| 108 | other threads have a valid logfile or NULL */ | |
| 109 | fclose(cl); | |
| 110 | } | |
| 107 | 111 | #ifdef HAVE_SYSLOG_H |
| 108 | 112 | if(logging_to_syslog) { |
| 109 | 113 | closelog(); |
| 146 | 146 | wait->tv_sec = (time_t)-1; |
| 147 | 147 | #endif |
| 148 | 148 | |
| 149 | while((rbnode_t*)(p = (struct event*)rbtree_first(base->times)) | |
| 149 | while((rbnode_type*)(p = (struct event*)rbtree_first(base->times)) | |
| 150 | 150 | !=RBTREE_NULL) { |
| 151 | 151 | #ifndef S_SPLINT_S |
| 152 | 152 | if(p->ev_timeout.tv_sec > now->tv_sec || |
| 95 | 95 | struct event_base |
| 96 | 96 | { |
| 97 | 97 | /** sorted by timeout (absolute), ptr */ |
| 98 | rbtree_t* times; | |
| 98 | rbtree_type* times; | |
| 99 | 99 | /** array of 0 - maxfd of ptr to event for it */ |
| 100 | 100 | struct event** fds; |
| 101 | 101 | /** max fd in use */ |
| 127 | 127 | */ |
| 128 | 128 | struct event { |
| 129 | 129 | /** node in timeout rbtree */ |
| 130 | rbnode_t node; | |
| 130 | rbnode_type node; | |
| 131 | 131 | /** is event already added */ |
| 132 | 132 | int added; |
| 133 | 133 | |
| 122 | 122 | return 1; |
| 123 | 123 | } |
| 124 | 124 | |
| 125 | static int | |
| 126 | inplace_cb_reply_register_generic(inplace_cb_reply_func_t* cb, | |
| 127 | enum inplace_cb_list_type type, void* cb_arg, struct module_env* env) | |
| 128 | { | |
| 129 | struct inplace_cb_reply* callback; | |
| 130 | struct inplace_cb_reply** prevp; | |
| 125 | int | |
| 126 | inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, | |
| 127 | struct module_env* env, int id) | |
| 128 | { | |
| 129 | struct inplace_cb* callback; | |
| 130 | struct inplace_cb** prevp; | |
| 131 | 131 | if(env->worker) { |
| 132 | 132 | log_err("invalid edns callback registration: " |
| 133 | 133 | "trying to register callback after module init phase"); |
| 134 | 134 | return 0; |
| 135 | 135 | } |
| 136 | 136 | |
| 137 | callback = (struct inplace_cb_reply*)calloc(1, sizeof(*callback)); | |
| 137 | callback = (struct inplace_cb*)calloc(1, sizeof(*callback)); | |
| 138 | 138 | if(callback == NULL) { |
| 139 | 139 | log_err("out of memory during edns callback registration."); |
| 140 | 140 | return 0; |
| 141 | 141 | } |
| 142 | callback->id = id; | |
| 142 | 143 | callback->next = NULL; |
| 143 | 144 | callback->cb = cb; |
| 144 | callback->cb_arg = cb_arg; | |
| 145 | callback->cb_arg = cbarg; | |
| 145 | 146 | |
| 146 | prevp = (struct inplace_cb_reply**) &env->inplace_cb_lists[type]; | |
| 147 | prevp = (struct inplace_cb**) &env->inplace_cb_lists[type]; | |
| 147 | 148 | /* append at end of list */ |
| 148 | 149 | while(*prevp != NULL) |
| 149 | 150 | prevp = &((*prevp)->next); |
| 151 | 152 | return 1; |
| 152 | 153 | } |
| 153 | 154 | |
| 154 | int | |
| 155 | inplace_cb_reply_register(inplace_cb_reply_func_t* cb, void* cb_arg, | |
| 156 | struct module_env* env) | |
| 157 | { | |
| 158 | return inplace_cb_reply_register_generic(cb, inplace_cb_reply, cb_arg, | |
| 159 | env); | |
| 160 | } | |
| 161 | ||
| 162 | int | |
| 163 | inplace_cb_reply_cache_register(inplace_cb_reply_func_t* cb, void* cb_arg, | |
| 164 | struct module_env* env) | |
| 165 | { | |
| 166 | return inplace_cb_reply_register_generic(cb, inplace_cb_reply_cache, | |
| 167 | cb_arg, env); | |
| 168 | } | |
| 169 | ||
| 170 | int | |
| 171 | inplace_cb_reply_local_register(inplace_cb_reply_func_t* cb, void* cb_arg, | |
| 172 | struct module_env* env) | |
| 173 | { | |
| 174 | return inplace_cb_reply_register_generic(cb, inplace_cb_reply_local, | |
| 175 | cb_arg, env); | |
| 176 | } | |
| 177 | ||
| 178 | int | |
| 179 | inplace_cb_reply_servfail_register(inplace_cb_reply_func_t* cb, void* cb_arg, | |
| 180 | struct module_env* env) | |
| 181 | { | |
| 182 | return inplace_cb_reply_register_generic(cb, inplace_cb_reply_servfail, | |
| 183 | cb_arg, env); | |
| 184 | } | |
| 185 | ||
| 186 | static void | |
| 187 | inplace_cb_reply_delete_generic(struct module_env* env, | |
| 188 | enum inplace_cb_list_type type) | |
| 189 | { | |
| 190 | struct inplace_cb_reply* curr = env->inplace_cb_lists[type]; | |
| 191 | struct inplace_cb_reply* tmp; | |
| 192 | /* delete list */ | |
| 193 | while(curr) { | |
| 194 | tmp = curr->next; | |
| 195 | free(curr); | |
| 196 | curr = tmp; | |
| 197 | } | |
| 198 | /* update head pointer */ | |
| 199 | env->inplace_cb_lists[type] = NULL; | |
| 200 | } | |
| 201 | ||
| 202 | void inplace_cb_reply_delete(struct module_env* env) | |
| 203 | { | |
| 204 | inplace_cb_reply_delete_generic(env, inplace_cb_reply); | |
| 205 | } | |
| 206 | ||
| 207 | void inplace_cb_reply_cache_delete(struct module_env* env) | |
| 208 | { | |
| 209 | inplace_cb_reply_delete_generic(env, inplace_cb_reply_cache); | |
| 210 | } | |
| 211 | ||
| 212 | void inplace_cb_reply_servfail_delete(struct module_env* env) | |
| 213 | { | |
| 214 | inplace_cb_reply_delete_generic(env, inplace_cb_reply_servfail); | |
| 215 | } | |
| 216 | ||
| 217 | int | |
| 218 | inplace_cb_query_register(inplace_cb_query_func_t* cb, void* cb_arg, | |
| 219 | struct module_env* env) | |
| 220 | { | |
| 221 | struct inplace_cb_query* callback; | |
| 222 | struct inplace_cb_query** prevp; | |
| 223 | if(env->worker) { | |
| 224 | log_err("invalid edns callback registration: " | |
| 225 | "trying to register callback after module init phase"); | |
| 226 | return 0; | |
| 227 | } | |
| 228 | ||
| 229 | callback = (struct inplace_cb_query*)calloc(1, sizeof(*callback)); | |
| 230 | if(callback == NULL) { | |
| 231 | log_err("out of memory during edns callback registration."); | |
| 232 | return 0; | |
| 233 | } | |
| 234 | callback->next = NULL; | |
| 235 | callback->cb = cb; | |
| 236 | callback->cb_arg = cb_arg; | |
| 237 | ||
| 238 | prevp = (struct inplace_cb_query**) | |
| 239 | &env->inplace_cb_lists[inplace_cb_query]; | |
| 240 | /* append at end of list */ | |
| 241 | while(*prevp != NULL) | |
| 242 | prevp = &((*prevp)->next); | |
| 243 | *prevp = callback; | |
| 244 | return 1; | |
| 245 | } | |
| 246 | ||
| 247 | 155 | void |
| 248 | inplace_cb_query_delete(struct module_env* env) | |
| 249 | { | |
| 250 | struct inplace_cb_query* curr = env->inplace_cb_lists[inplace_cb_query]; | |
| 251 | struct inplace_cb_query* tmp; | |
| 252 | /* delete list */ | |
| 253 | while(curr) { | |
| 254 | tmp = curr->next; | |
| 255 | free(curr); | |
| 256 | curr = tmp; | |
| 257 | } | |
| 258 | /* update head pointer */ | |
| 259 | env->inplace_cb_lists[inplace_cb_query] = NULL; | |
| 260 | } | |
| 261 | ||
| 262 | void | |
| 263 | inplace_cb_lists_delete(struct module_env* env) | |
| 264 | { | |
| 265 | inplace_cb_reply_delete(env); | |
| 266 | inplace_cb_reply_cache_delete(env); | |
| 267 | inplace_cb_reply_servfail_delete(env); | |
| 268 | inplace_cb_query_delete(env); | |
| 156 | inplace_cb_delete(struct module_env* env, enum inplace_cb_list_type type, | |
| 157 | int id) | |
| 158 | { | |
| 159 | struct inplace_cb* temp = env->inplace_cb_lists[type]; | |
| 160 | struct inplace_cb* prev = NULL; | |
| 161 | ||
| 162 | while(temp) { | |
| 163 | if(temp->id == id) { | |
| 164 | if(!prev) { | |
| 165 | env->inplace_cb_lists[type] = temp->next; | |
| 166 | free(temp); | |
| 167 | temp = env->inplace_cb_lists[type]; | |
| 168 | } | |
| 169 | else { | |
| 170 | prev->next = temp->next; | |
| 171 | free(temp); | |
| 172 | temp = prev->next; | |
| 173 | } | |
| 174 | } | |
| 175 | else { | |
| 176 | prev = temp; | |
| 177 | temp = temp->next; | |
| 178 | } | |
| 179 | } | |
| 269 | 180 | } |
| 270 | 181 | |
| 271 | 182 | struct edns_known_option* |
| 291 | 202 | } |
| 292 | 203 | |
| 293 | 204 | int |
| 294 | edns_unique_mesh_state(struct edns_option* list, struct module_env* env) | |
| 295 | { | |
| 296 | size_t i; | |
| 205 | unique_mesh_state(struct edns_option* list, struct module_env* env) | |
| 206 | { | |
| 207 | size_t i; | |
| 208 | if(env->unique_mesh) | |
| 209 | return 1; | |
| 297 | 210 | for(; list; list=list->next) |
| 298 | 211 | for(i=0; i<env->edns_known_options_num; i++) |
| 299 | 212 | if(env->edns_known_options[i].opt_code == list->opt_code && |
| 173 | 173 | struct val_neg_cache; |
| 174 | 174 | struct iter_forwards; |
| 175 | 175 | struct iter_hints; |
| 176 | struct respip_set; | |
| 177 | struct respip_client_info; | |
| 178 | struct respip_addr_info; | |
| 176 | 179 | |
| 177 | 180 | /** Maximum number of modules in operation */ |
| 178 | #define MAX_MODULE 5 | |
| 181 | #define MAX_MODULE 16 | |
| 179 | 182 | |
| 180 | 183 | /** Maximum number of known edns options */ |
| 181 | 184 | #define MAX_KNOWN_EDNS_OPTS 256 |
| 193 | 196 | inplace_cb_reply_servfail, |
| 194 | 197 | /* Inplace callbacks for when a query is ready to be sent to the back.*/ |
| 195 | 198 | inplace_cb_query, |
| 199 | /* Inplace callback for when a reply is received from the back. */ | |
| 200 | inplace_cb_query_response, | |
| 201 | /* Inplace callback for when EDNS is parsed on a reply received from the | |
| 202 | * back. */ | |
| 203 | inplace_cb_edns_back_parsed, | |
| 196 | 204 | /* Total number of types. Used for array initialization. |
| 197 | 205 | * Should always be last. */ |
| 198 | 206 | inplace_cb_types_total |
| 207 | 215 | int bypass_cache_stage; |
| 208 | 216 | /** whether the option needs mesh aggregation */ |
| 209 | 217 | int no_aggregation; |
| 218 | }; | |
| 219 | ||
| 220 | /** | |
| 221 | * Inplace callback list of registered routines to be called. | |
| 222 | */ | |
| 223 | struct inplace_cb { | |
| 224 | /** next in list */ | |
| 225 | struct inplace_cb* next; | |
| 226 | /** Inplace callback routine */ | |
| 227 | void* cb; | |
| 228 | void* cb_arg; | |
| 229 | /** module id */ | |
| 230 | int id; | |
| 210 | 231 | }; |
| 211 | 232 | |
| 212 | 233 | /** |
| 225 | 246 | * region: region to store data. |
| 226 | 247 | * python_callback: only used for registering a python callback function. |
| 227 | 248 | */ |
| 228 | typedef int inplace_cb_reply_func_t(struct query_info* qinfo, | |
| 249 | typedef int inplace_cb_reply_func_type(struct query_info* qinfo, | |
| 229 | 250 | struct module_qstate* qstate, struct reply_info* rep, int rcode, |
| 230 | 251 | struct edns_data* edns, struct edns_option** opt_list_out, |
| 231 | struct regional* region, void* python_callback); | |
| 232 | ||
| 233 | /** | |
| 234 | * Inplace callback list of registered routines to be called before replying | |
| 235 | * with a resolved query. | |
| 236 | */ | |
| 237 | struct inplace_cb_reply { | |
| 238 | /** next in list */ | |
| 239 | struct inplace_cb_reply* next; | |
| 240 | /** | |
| 241 | * Inplace callback routine for cache stage response. | |
| 242 | * called as cb(qinfo, qstate, qinfo, reply_info, rcode, edns, | |
| 243 | * opt_list_out, region, python_callback); | |
| 244 | * python_callback is only used for registering a python callback function. | |
| 245 | */ | |
| 246 | inplace_cb_reply_func_t* cb; | |
| 247 | void* cb_arg; | |
| 248 | }; | |
| 252 | struct regional* region, int id, void* callback); | |
| 249 | 253 | |
| 250 | 254 | /** |
| 251 | 255 | * Inplace callback function called before sending the query to a nameserver. |
| 264 | 268 | * region: region to store data. |
| 265 | 269 | * python_callback: only used for registering a python callback function. |
| 266 | 270 | */ |
| 267 | typedef int inplace_cb_query_func_t(struct query_info* qinfo, uint16_t flags, | |
| 271 | typedef int inplace_cb_query_func_type(struct query_info* qinfo, uint16_t flags, | |
| 268 | 272 | struct module_qstate* qstate, struct sockaddr_storage* addr, |
| 269 | 273 | socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region, |
| 270 | void* python_callback); | |
| 271 | ||
| 272 | /** | |
| 273 | * Inplace callback list of registered routines to be called before quering a | |
| 274 | * nameserver. | |
| 275 | */ | |
| 276 | struct inplace_cb_query { | |
| 277 | /** next in list */ | |
| 278 | struct inplace_cb_query* next; | |
| 279 | /** | |
| 280 | * Inplace callback routine for cache stage response. | |
| 281 | * called as cb(qinfo, flags, qstate, addr, addrlen, zone, zonelen, | |
| 282 | * region, python_callback); | |
| 283 | * python_callback is only used for registering a python callback function. | |
| 284 | */ | |
| 285 | inplace_cb_query_func_t* cb; | |
| 286 | void* cb_arg; | |
| 287 | }; | |
| 274 | int id, void* callback); | |
| 275 | ||
| 276 | /** | |
| 277 | * Inplace callback function called after parsing edns on query reply. | |
| 278 | * Called as func(qstate, cb_args) | |
| 279 | * Where: | |
| 280 | * qstate: the query state | |
| 281 | * id: module id | |
| 282 | * cb_args: argument passed when registering callback. | |
| 283 | */ | |
| 284 | typedef int inplace_cb_edns_back_parsed_func_type(struct module_qstate* qstate, | |
| 285 | int id, void* cb_args); | |
| 286 | ||
| 287 | /** | |
| 288 | * Inplace callback function called after parsing query response. | |
| 289 | * Called as func(qstate, id, cb_args) | |
| 290 | * Where: | |
| 291 | * qstate: the query state | |
| 292 | * response: query response | |
| 293 | * id: module id | |
| 294 | * cb_args: argument passed when registering callback. | |
| 295 | */ | |
| 296 | typedef int inplace_cb_query_response_func_type(struct module_qstate* qstate, | |
| 297 | struct dns_msg* response, int id, void* cb_args); | |
| 288 | 298 | |
| 289 | 299 | /** |
| 290 | 300 | * Module environment. |
| 370 | 380 | int (*attach_sub)(struct module_qstate* qstate, |
| 371 | 381 | struct query_info* qinfo, uint16_t qflags, int prime, |
| 372 | 382 | int valrec, struct module_qstate** newq); |
| 383 | ||
| 384 | /** | |
| 385 | * Add detached query. | |
| 386 | * Creates it if it does not exist already. | |
| 387 | * Does not make super/sub references. | |
| 388 | * Performs a cycle detection - for double check - and fails if there is | |
| 389 | * one. | |
| 390 | * Updates stat items in mesh_area structure. | |
| 391 | * Pass if it is priming query or not. | |
| 392 | * return: | |
| 393 | * o if error (malloc) happened. | |
| 394 | * o need to initialise the new state (module init; it is a new state). | |
| 395 | * so that the next run of the query with this module is successful. | |
| 396 | * o no init needed, attachment successful. | |
| 397 | * o added subquery, created if it did not exist already. | |
| 398 | * | |
| 399 | * @param qstate: the state to find mesh state, and that wants to receive | |
| 400 | * the results from the new subquery. | |
| 401 | * @param qinfo: what to query for (copied). | |
| 402 | * @param qflags: what flags to use (RD / CD flag or not). | |
| 403 | * @param prime: if it is a (stub) priming query. | |
| 404 | * @param valrec: if it is a validation recursion query (lookup of key, DS). | |
| 405 | * @param newq: If the new subquery needs initialisation, it is returned, | |
| 406 | * otherwise NULL is returned. | |
| 407 | * @param sub: The added mesh state, created if it did not exist already. | |
| 408 | * @return: false on error, true if success (and init may be needed). | |
| 409 | */ | |
| 410 | int (*add_sub)(struct module_qstate* qstate, | |
| 411 | struct query_info* qinfo, uint16_t qflags, int prime, | |
| 412 | int valrec, struct module_qstate** newq, | |
| 413 | struct mesh_state** sub); | |
| 373 | 414 | |
| 374 | 415 | /** |
| 375 | 416 | * Kill newly attached sub. If attach_sub returns newq for |
| 441 | 482 | void* modinfo[MAX_MODULE]; |
| 442 | 483 | |
| 443 | 484 | /* Shared linked list of inplace callback functions */ |
| 444 | void* inplace_cb_lists[inplace_cb_types_total]; | |
| 485 | struct inplace_cb* inplace_cb_lists[inplace_cb_types_total]; | |
| 445 | 486 | |
| 446 | 487 | /** |
| 447 | 488 | * Shared array of known edns options (size MAX_KNOWN_EDNS_OPTS). |
| 450 | 491 | struct edns_known_option* edns_known_options; |
| 451 | 492 | /* Number of known edns options */ |
| 452 | 493 | size_t edns_known_options_num; |
| 494 | ||
| 495 | /* Make every mesh state unique, do not aggregate mesh states. */ | |
| 496 | int unique_mesh; | |
| 453 | 497 | }; |
| 454 | 498 | |
| 455 | 499 | /** |
| 507 | 551 | struct sockaddr_storage addr; |
| 508 | 552 | }; |
| 509 | 553 | |
| 554 | struct respip_action_info; | |
| 555 | ||
| 510 | 556 | /** |
| 511 | 557 | * Module state, per query. |
| 512 | 558 | */ |
| 561 | 607 | int no_cache_lookup; |
| 562 | 608 | /** whether modules should store answer in the cache */ |
| 563 | 609 | int no_cache_store; |
| 610 | ||
| 611 | /** | |
| 612 | * Attributes of clients that share the qstate that may affect IP-based | |
| 613 | * actions. | |
| 614 | */ | |
| 615 | struct respip_client_info* client_info; | |
| 616 | ||
| 617 | /** Extended result of response-ip action processing, mainly | |
| 618 | * for logging purposes. */ | |
| 619 | struct respip_action_info* respip_action_info; | |
| 620 | ||
| 621 | /** whether the reply should be dropped */ | |
| 622 | int is_drop; | |
| 564 | 623 | }; |
| 565 | 624 | |
| 566 | 625 | /** |
| 679 | 738 | int no_aggregation, struct module_env* env); |
| 680 | 739 | |
| 681 | 740 | /** |
| 682 | * Register an inplace callback function called before replying with a resolved | |
| 683 | * query. | |
| 741 | * Register an inplace callback function. | |
| 684 | 742 | * @param cb: pointer to the callback function. |
| 685 | * @param cb_arg: optional argument for the callback function. | |
| 686 | * @param env: the module environment. | |
| 743 | * @param type: inplace callback type. | |
| 744 | * @param cbarg: argument for the callback function, or NULL. | |
| 745 | * @param env: the module environment. | |
| 746 | * @param id: module id. | |
| 687 | 747 | * @return true on success, false on failure (out of memory or trying to |
| 688 | 748 | * register after the environment is copied to the threads.) |
| 689 | 749 | */ |
| 690 | int inplace_cb_reply_register(inplace_cb_reply_func_t* cb, void* cb_arg, | |
| 691 | struct module_env* env); | |
| 692 | ||
| 693 | /** | |
| 694 | * Register an inplace callback function called before replying from the cache. | |
| 695 | * @param cb: pointer to the callback function. | |
| 696 | * @param cb_arg: optional argument for the callback function. | |
| 697 | * @param env: the module environment. | |
| 698 | * @return true on success, false on failure (out of memory or trying to | |
| 699 | * register after the environment is copied to the threads.) | |
| 700 | */ | |
| 701 | int inplace_cb_reply_cache_register(inplace_cb_reply_func_t* cb, void* cb_arg, | |
| 702 | struct module_env* env); | |
| 703 | ||
| 704 | /** | |
| 705 | * Register an inplace callback function called before replying with local | |
| 706 | * data or Chaos reply. | |
| 707 | * @param cb: pointer to the callback function. | |
| 708 | * @param cb_arg: optional argument for the callback function. | |
| 709 | * @param env: the module environment. | |
| 710 | * @return true on success, false on failure (out of memory or trying to | |
| 711 | * register after the environment is copied to the threads.) | |
| 712 | */ | |
| 713 | int inplace_cb_reply_local_register(inplace_cb_reply_func_t* cb, void* cb_arg, | |
| 714 | struct module_env* env); | |
| 715 | ||
| 716 | /** | |
| 717 | * Register an inplace callback function called before replying with servfail. | |
| 718 | * @param cb: pointer to the callback function. | |
| 719 | * @param cb_arg: optional argument for the callback function. | |
| 720 | * @param env: the module environment. | |
| 721 | * @return true on success, false on failure (out of memory or trying to | |
| 722 | * register after the environment is copied to the threads.) | |
| 723 | */ | |
| 724 | int inplace_cb_reply_servfail_register(inplace_cb_reply_func_t* cb, | |
| 725 | void* cb_arg, struct module_env* env); | |
| 726 | ||
| 727 | /** | |
| 728 | * Delete the inplace_cb_reply callback linked list. | |
| 729 | * @param env: the module environment. | |
| 730 | */ | |
| 731 | void inplace_cb_reply_delete(struct module_env* env); | |
| 732 | ||
| 733 | /** | |
| 734 | * Delete the inplace_cb_reply_cache callback linked list. | |
| 735 | * @param env: the module environment. | |
| 736 | */ | |
| 737 | void inplace_cb_reply_cache_delete(struct module_env* env); | |
| 738 | ||
| 739 | /** | |
| 740 | * Delete the inplace_cb_reply_servfail callback linked list. | |
| 741 | * @param env: the module environment. | |
| 742 | */ | |
| 743 | void inplace_cb_reply_servfail_delete(struct module_env* env); | |
| 744 | ||
| 745 | /** | |
| 746 | * Register an inplace callback function called before quering a nameserver. | |
| 747 | * @param cb: pointer to the callback function. | |
| 748 | * @param cb_arg: optional argument for the callback function. | |
| 749 | * @param env: the module environment. | |
| 750 | * @return true on success, false on failure (out of memory or trying to | |
| 751 | * register after the environment is copied to the threads.) | |
| 752 | */ | |
| 753 | int inplace_cb_query_register(inplace_cb_query_func_t* cb, void* cb_arg, | |
| 754 | struct module_env* env); | |
| 755 | ||
| 756 | /** | |
| 757 | * Delete the inplace_cb_query callback linked list. | |
| 758 | * @param env: the module environment. | |
| 759 | */ | |
| 760 | void inplace_cb_query_delete(struct module_env* env); | |
| 750 | int | |
| 751 | inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, | |
| 752 | struct module_env* env, int id); | |
| 753 | ||
| 754 | /** | |
| 755 | * Delete callback for specified type and module id. | |
| 756 | * @param env: the module environment. | |
| 757 | * @param type: inplace callback type. | |
| 758 | * @param id: module id. | |
| 759 | */ | |
| 760 | void | |
| 761 | inplace_cb_delete(struct module_env* env, enum inplace_cb_list_type type, | |
| 762 | int id); | |
| 761 | 763 | |
| 762 | 764 | /** |
| 763 | 765 | * Delete all the inplace callback linked lists. |
| 786 | 788 | struct module_env* env); |
| 787 | 789 | |
| 788 | 790 | /** |
| 789 | * Check if an edns option needs a unique mesh state. | |
| 791 | * Check if an unique mesh state is required. Might be triggered by EDNS option | |
| 792 | * or set for the complete env. | |
| 790 | 793 | * @param list: the edns options. |
| 791 | 794 | * @param env: the module environment. |
| 792 | 795 | * @return true if an edns option needs a unique mesh state, |
| 793 | 796 | * false otherwise. |
| 794 | 797 | */ |
| 795 | int edns_unique_mesh_state(struct edns_option* list, struct module_env* env); | |
| 798 | int unique_mesh_state(struct edns_option* list, struct module_env* env); | |
| 796 | 799 | |
| 797 | 800 | /** |
| 798 | 801 | * Log the known edns options. |
| 784 | 784 | |
| 785 | 785 | #if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L |
| 786 | 786 | /** global lock list for openssl locks */ |
| 787 | static lock_basic_t *ub_openssl_locks = NULL; | |
| 787 | static lock_basic_type *ub_openssl_locks = NULL; | |
| 788 | 788 | |
| 789 | 789 | /** callback that gets thread id for openssl */ |
| 790 | 790 | static unsigned long |
| 809 | 809 | { |
| 810 | 810 | #if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L |
| 811 | 811 | int i; |
| 812 | ub_openssl_locks = (lock_basic_t*)reallocarray( | |
| 813 | NULL, (size_t)CRYPTO_num_locks(), sizeof(lock_basic_t)); | |
| 812 | ub_openssl_locks = (lock_basic_type*)reallocarray( | |
| 813 | NULL, (size_t)CRYPTO_num_locks(), sizeof(lock_basic_type)); | |
| 814 | 814 | if(!ub_openssl_locks) |
| 815 | 815 | return 0; |
| 816 | 816 | for(i=0; i<CRYPTO_num_locks(); i++) { |
| 46 | 46 | #include "sldns/pkthdr.h" |
| 47 | 47 | #include "sldns/sbuffer.h" |
| 48 | 48 | #include "dnstap/dnstap.h" |
| 49 | #include "dnscrypt/dnscrypt.h" | |
| 49 | 50 | #ifdef HAVE_OPENSSL_SSL_H |
| 50 | 51 | #include <openssl/ssl.h> |
| 51 | 52 | #endif |
| 145 | 146 | /** create a tcp handler with a parent */ |
| 146 | 147 | static struct comm_point* comm_point_create_tcp_handler( |
| 147 | 148 | struct comm_base *base, struct comm_point* parent, size_t bufsize, |
| 148 | comm_point_callback_t* callback, void* callback_arg); | |
| 149 | comm_point_callback_type* callback, void* callback_arg); | |
| 149 | 150 | |
| 150 | 151 | /* -------- End of local definitions -------- */ |
| 151 | 152 | |
| 653 | 654 | (void)fd; |
| 654 | 655 | (void)event; |
| 655 | 656 | (void)arg; |
| 656 | fatal_exit("recvmsg: No support for IPV6_PKTINFO. " | |
| 657 | fatal_exit("recvmsg: No support for IPV6_PKTINFO; IP_PKTINFO or IP_RECVDSTADDR. " | |
| 657 | 658 | "Please disable interface-automatic"); |
| 658 | 659 | #endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG */ |
| 659 | 660 | } |
| 664 | 665 | struct comm_reply rep; |
| 665 | 666 | ssize_t rcv; |
| 666 | 667 | int i; |
| 668 | struct sldns_buffer *buffer; | |
| 667 | 669 | |
| 668 | 670 | rep.c = (struct comm_point*)arg; |
| 669 | 671 | log_assert(rep.c->type == comm_udp); |
| 700 | 702 | fptr_ok(fptr_whitelist_comm_point(rep.c->callback)); |
| 701 | 703 | if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) { |
| 702 | 704 | /* send back immediate reply */ |
| 703 | (void)comm_point_send_udp_msg(rep.c, rep.c->buffer, | |
| 705 | #ifdef USE_DNSCRYPT | |
| 706 | buffer = rep.c->dnscrypt_buffer; | |
| 707 | #else | |
| 708 | buffer = rep.c->buffer; | |
| 709 | #endif | |
| 710 | (void)comm_point_send_udp_msg(rep.c, buffer, | |
| 704 | 711 | (struct sockaddr*)&rep.addr, rep.addrlen); |
| 705 | 712 | } |
| 706 | 713 | if(rep.c->fd != fd) /* commpoint closed to -1 or reused for |
| 716 | 723 | log_assert(c->type == comm_tcp); |
| 717 | 724 | log_assert(c->fd == -1); |
| 718 | 725 | sldns_buffer_clear(c->buffer); |
| 726 | #ifdef USE_DNSCRYPT | |
| 727 | if (c->dnscrypt) | |
| 728 | sldns_buffer_clear(c->dnscrypt_buffer); | |
| 729 | #endif | |
| 719 | 730 | c->tcp_is_reading = 1; |
| 720 | 731 | c->tcp_byte_count = 0; |
| 721 | 732 | c->tcp_timeout_msec = TCP_QUERY_TIMEOUT; |
| 1309 | 1320 | comm_point_tcp_handle_write(int fd, struct comm_point* c) |
| 1310 | 1321 | { |
| 1311 | 1322 | ssize_t r; |
| 1323 | struct sldns_buffer *buffer; | |
| 1312 | 1324 | log_assert(c->type == comm_tcp); |
| 1325 | #ifdef USE_DNSCRYPT | |
| 1326 | buffer = c->dnscrypt_buffer; | |
| 1327 | #else | |
| 1328 | buffer = c->buffer; | |
| 1329 | #endif | |
| 1313 | 1330 | if(c->tcp_is_reading && !c->ssl) |
| 1314 | 1331 | return 0; |
| 1315 | 1332 | log_assert(fd != -1); |
| 1363 | 1380 | if(c->tcp_do_fastopen == 1) { |
| 1364 | 1381 | /* this form of sendmsg() does both a connect() and send() so need to |
| 1365 | 1382 | look for various flavours of error*/ |
| 1366 | uint16_t len = htons(sldns_buffer_limit(c->buffer)); | |
| 1383 | uint16_t len = htons(sldns_buffer_limit(buffer)); | |
| 1367 | 1384 | struct msghdr msg; |
| 1368 | 1385 | struct iovec iov[2]; |
| 1369 | 1386 | c->tcp_do_fastopen = 0; |
| 1370 | 1387 | memset(&msg, 0, sizeof(msg)); |
| 1371 | 1388 | iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; |
| 1372 | 1389 | iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; |
| 1373 | iov[1].iov_base = sldns_buffer_begin(c->buffer); | |
| 1374 | iov[1].iov_len = sldns_buffer_limit(c->buffer); | |
| 1390 | iov[1].iov_base = sldns_buffer_begin(buffer); | |
| 1391 | iov[1].iov_len = sldns_buffer_limit(buffer); | |
| 1375 | 1392 | log_assert(iov[0].iov_len > 0); |
| 1376 | 1393 | log_assert(iov[1].iov_len > 0); |
| 1377 | 1394 | msg.msg_name = &c->repinfo.addr; |
| 1389 | 1406 | if(errno == EINTR || errno == EAGAIN) |
| 1390 | 1407 | return 1; |
| 1391 | 1408 | /* Not handling EISCONN here as shouldn't ever hit that case.*/ |
| 1392 | if(errno != 0 && verbosity < 2) | |
| 1409 | if(errno != EPIPE && errno != 0 && verbosity < 2) | |
| 1393 | 1410 | return 0; /* silence lots of chatter in the logs */ |
| 1394 | else if(errno != 0) | |
| 1411 | if(errno != EPIPE && errno != 0) { | |
| 1395 | 1412 | log_err_addr("tcp sendmsg", strerror(errno), |
| 1396 | 1413 | &c->repinfo.addr, c->repinfo.addrlen); |
| 1397 | return 0; | |
| 1414 | return 0; | |
| 1415 | } | |
| 1416 | /* fallthrough to nonFASTOPEN | |
| 1417 | * (MSG_FASTOPEN on Linux 3 produces EPIPE) | |
| 1418 | * we need to perform connect() */ | |
| 1419 | if(connect(fd, (struct sockaddr *)&c->repinfo.addr, c->repinfo.addrlen) == -1) { | |
| 1420 | #ifdef EINPROGRESS | |
| 1421 | if(errno == EINPROGRESS) | |
| 1422 | return 1; /* wait until connect done*/ | |
| 1423 | #endif | |
| 1424 | #ifdef USE_WINSOCK | |
| 1425 | if(WSAGetLastError() == WSAEINPROGRESS || | |
| 1426 | WSAGetLastError() == WSAEWOULDBLOCK) | |
| 1427 | return 1; /* wait until connect done*/ | |
| 1428 | #endif | |
| 1429 | if(tcp_connect_errno_needs_log( | |
| 1430 | (struct sockaddr *)&c->repinfo.addr, c->repinfo.addrlen)) { | |
| 1431 | log_err_addr("outgoing tcp: connect after EPIPE for fastopen", | |
| 1432 | strerror(errno), &c->repinfo.addr, c->repinfo.addrlen); | |
| 1433 | } | |
| 1434 | return 0; | |
| 1435 | } | |
| 1436 | ||
| 1398 | 1437 | } else { |
| 1399 | 1438 | c->tcp_byte_count += r; |
| 1400 | 1439 | if(c->tcp_byte_count < sizeof(uint16_t)) |
| 1401 | 1440 | return 1; |
| 1402 | sldns_buffer_set_position(c->buffer, c->tcp_byte_count - | |
| 1441 | sldns_buffer_set_position(buffer, c->tcp_byte_count - | |
| 1403 | 1442 | sizeof(uint16_t)); |
| 1404 | if(sldns_buffer_remaining(c->buffer) == 0) { | |
| 1443 | if(sldns_buffer_remaining(buffer) == 0) { | |
| 1405 | 1444 | tcp_callback_writer(c); |
| 1406 | 1445 | return 1; |
| 1407 | 1446 | } |
| 1410 | 1449 | #endif /* USE_MSG_FASTOPEN */ |
| 1411 | 1450 | |
| 1412 | 1451 | if(c->tcp_byte_count < sizeof(uint16_t)) { |
| 1413 | uint16_t len = htons(sldns_buffer_limit(c->buffer)); | |
| 1452 | uint16_t len = htons(sldns_buffer_limit(buffer)); | |
| 1414 | 1453 | #ifdef HAVE_WRITEV |
| 1415 | 1454 | struct iovec iov[2]; |
| 1416 | 1455 | iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; |
| 1417 | 1456 | iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; |
| 1418 | iov[1].iov_base = sldns_buffer_begin(c->buffer); | |
| 1419 | iov[1].iov_len = sldns_buffer_limit(c->buffer); | |
| 1457 | iov[1].iov_base = sldns_buffer_begin(buffer); | |
| 1458 | iov[1].iov_len = sldns_buffer_limit(buffer); | |
| 1420 | 1459 | log_assert(iov[0].iov_len > 0); |
| 1421 | 1460 | log_assert(iov[1].iov_len > 0); |
| 1422 | 1461 | r = writev(fd, iov, 2); |
| 1458 | 1497 | c->tcp_byte_count += r; |
| 1459 | 1498 | if(c->tcp_byte_count < sizeof(uint16_t)) |
| 1460 | 1499 | return 1; |
| 1461 | sldns_buffer_set_position(c->buffer, c->tcp_byte_count - | |
| 1500 | sldns_buffer_set_position(buffer, c->tcp_byte_count - | |
| 1462 | 1501 | sizeof(uint16_t)); |
| 1463 | if(sldns_buffer_remaining(c->buffer) == 0) { | |
| 1502 | if(sldns_buffer_remaining(buffer) == 0) { | |
| 1464 | 1503 | tcp_callback_writer(c); |
| 1465 | 1504 | return 1; |
| 1466 | 1505 | } |
| 1467 | 1506 | } |
| 1468 | log_assert(sldns_buffer_remaining(c->buffer) > 0); | |
| 1469 | r = send(fd, (void*)sldns_buffer_current(c->buffer), | |
| 1470 | sldns_buffer_remaining(c->buffer), 0); | |
| 1507 | log_assert(sldns_buffer_remaining(buffer) > 0); | |
| 1508 | r = send(fd, (void*)sldns_buffer_current(buffer), | |
| 1509 | sldns_buffer_remaining(buffer), 0); | |
| 1471 | 1510 | if(r == -1) { |
| 1472 | 1511 | #ifndef USE_WINSOCK |
| 1473 | 1512 | if(errno == EINTR || errno == EAGAIN) |
| 1486 | 1525 | #endif |
| 1487 | 1526 | return 0; |
| 1488 | 1527 | } |
| 1489 | sldns_buffer_skip(c->buffer, r); | |
| 1490 | ||
| 1491 | if(sldns_buffer_remaining(c->buffer) == 0) { | |
| 1528 | sldns_buffer_skip(buffer, r); | |
| 1529 | ||
| 1530 | if(sldns_buffer_remaining(buffer) == 0) { | |
| 1492 | 1531 | tcp_callback_writer(c); |
| 1493 | 1532 | } |
| 1494 | 1533 | |
| 1501 | 1540 | struct comm_point* c = (struct comm_point*)arg; |
| 1502 | 1541 | log_assert(c->type == comm_tcp); |
| 1503 | 1542 | ub_comm_base_now(c->ev->base); |
| 1543 | ||
| 1544 | #ifdef USE_DNSCRYPT | |
| 1545 | /* Initialize if this is a dnscrypt socket */ | |
| 1546 | if(c->tcp_parent) { | |
| 1547 | c->dnscrypt = c->tcp_parent->dnscrypt; | |
| 1548 | } | |
| 1549 | if(c->dnscrypt && c->dnscrypt_buffer == c->buffer) { | |
| 1550 | c->dnscrypt_buffer = sldns_buffer_new(sldns_buffer_capacity(c->buffer)); | |
| 1551 | if(!c->dnscrypt_buffer) { | |
| 1552 | log_err("Could not allocate dnscrypt buffer"); | |
| 1553 | return; | |
| 1554 | } | |
| 1555 | } | |
| 1556 | #endif | |
| 1504 | 1557 | |
| 1505 | 1558 | if(event&UB_EV_READ) { |
| 1506 | 1559 | if(!comm_point_tcp_handle_read(fd, c, 0)) { |
| 1572 | 1625 | |
| 1573 | 1626 | struct comm_point* |
| 1574 | 1627 | comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, |
| 1575 | comm_point_callback_t* callback, void* callback_arg) | |
| 1628 | comm_point_callback_type* callback, void* callback_arg) | |
| 1576 | 1629 | { |
| 1577 | 1630 | struct comm_point* c = (struct comm_point*)calloc(1, |
| 1578 | 1631 | sizeof(struct comm_point)); |
| 1604 | 1657 | #ifdef USE_MSG_FASTOPEN |
| 1605 | 1658 | c->tcp_do_fastopen = 0; |
| 1606 | 1659 | #endif |
| 1660 | #ifdef USE_DNSCRYPT | |
| 1661 | c->dnscrypt = 0; | |
| 1662 | c->dnscrypt_buffer = buffer; | |
| 1663 | #endif | |
| 1607 | 1664 | c->inuse = 0; |
| 1608 | 1665 | c->callback = callback; |
| 1609 | 1666 | c->cb_arg = callback_arg; |
| 1627 | 1684 | struct comm_point* |
| 1628 | 1685 | comm_point_create_udp_ancil(struct comm_base *base, int fd, |
| 1629 | 1686 | sldns_buffer* buffer, |
| 1630 | comm_point_callback_t* callback, void* callback_arg) | |
| 1687 | comm_point_callback_type* callback, void* callback_arg) | |
| 1631 | 1688 | { |
| 1632 | 1689 | struct comm_point* c = (struct comm_point*)calloc(1, |
| 1633 | 1690 | sizeof(struct comm_point)); |
| 1654 | 1711 | c->type = comm_udp; |
| 1655 | 1712 | c->tcp_do_close = 0; |
| 1656 | 1713 | c->do_not_close = 0; |
| 1714 | #ifdef USE_DNSCRYPT | |
| 1715 | c->dnscrypt = 0; | |
| 1716 | c->dnscrypt_buffer = buffer; | |
| 1717 | #endif | |
| 1657 | 1718 | c->inuse = 0; |
| 1658 | 1719 | c->tcp_do_toggle_rw = 0; |
| 1659 | 1720 | c->tcp_check_nb_connect = 0; |
| 1682 | 1743 | static struct comm_point* |
| 1683 | 1744 | comm_point_create_tcp_handler(struct comm_base *base, |
| 1684 | 1745 | struct comm_point* parent, size_t bufsize, |
| 1685 | comm_point_callback_t* callback, void* callback_arg) | |
| 1746 | comm_point_callback_type* callback, void* callback_arg) | |
| 1686 | 1747 | { |
| 1687 | 1748 | struct comm_point* c = (struct comm_point*)calloc(1, |
| 1688 | 1749 | sizeof(struct comm_point)); |
| 1724 | 1785 | c->tcp_check_nb_connect = 0; |
| 1725 | 1786 | #ifdef USE_MSG_FASTOPEN |
| 1726 | 1787 | c->tcp_do_fastopen = 0; |
| 1788 | #endif | |
| 1789 | #ifdef USE_DNSCRYPT | |
| 1790 | c->dnscrypt = 0; | |
| 1791 | /* We don't know just yet if this is a dnscrypt channel. Allocation | |
| 1792 | * will be done when handling the callback. */ | |
| 1793 | c->dnscrypt_buffer = c->buffer; | |
| 1727 | 1794 | #endif |
| 1728 | 1795 | c->repinfo.c = c; |
| 1729 | 1796 | c->callback = callback; |
| 1748 | 1815 | |
| 1749 | 1816 | struct comm_point* |
| 1750 | 1817 | comm_point_create_tcp(struct comm_base *base, int fd, int num, size_t bufsize, |
| 1751 | comm_point_callback_t* callback, void* callback_arg) | |
| 1818 | comm_point_callback_type* callback, void* callback_arg) | |
| 1752 | 1819 | { |
| 1753 | 1820 | struct comm_point* c = (struct comm_point*)calloc(1, |
| 1754 | 1821 | sizeof(struct comm_point)); |
| 1788 | 1855 | #ifdef USE_MSG_FASTOPEN |
| 1789 | 1856 | c->tcp_do_fastopen = 0; |
| 1790 | 1857 | #endif |
| 1858 | #ifdef USE_DNSCRYPT | |
| 1859 | c->dnscrypt = 0; | |
| 1860 | c->dnscrypt_buffer = NULL; | |
| 1861 | #endif | |
| 1791 | 1862 | c->callback = NULL; |
| 1792 | 1863 | c->cb_arg = NULL; |
| 1793 | 1864 | evbits = UB_EV_READ | UB_EV_PERSIST; |
| 1819 | 1890 | |
| 1820 | 1891 | struct comm_point* |
| 1821 | 1892 | comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, |
| 1822 | comm_point_callback_t* callback, void* callback_arg) | |
| 1893 | comm_point_callback_type* callback, void* callback_arg) | |
| 1823 | 1894 | { |
| 1824 | 1895 | struct comm_point* c = (struct comm_point*)calloc(1, |
| 1825 | 1896 | sizeof(struct comm_point)); |
| 1856 | 1927 | #ifdef USE_MSG_FASTOPEN |
| 1857 | 1928 | c->tcp_do_fastopen = 1; |
| 1858 | 1929 | #endif |
| 1930 | #ifdef USE_DNSCRYPT | |
| 1931 | c->dnscrypt = 0; | |
| 1932 | c->dnscrypt_buffer = c->buffer; | |
| 1933 | #endif | |
| 1859 | 1934 | c->repinfo.c = c; |
| 1860 | 1935 | c->callback = callback; |
| 1861 | 1936 | c->cb_arg = callback_arg; |
| 1876 | 1951 | |
| 1877 | 1952 | struct comm_point* |
| 1878 | 1953 | comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, |
| 1879 | comm_point_callback_t* callback, void* callback_arg) | |
| 1954 | comm_point_callback_type* callback, void* callback_arg) | |
| 1880 | 1955 | { |
| 1881 | 1956 | struct comm_point* c = (struct comm_point*)calloc(1, |
| 1882 | 1957 | sizeof(struct comm_point)); |
| 1913 | 1988 | #ifdef USE_MSG_FASTOPEN |
| 1914 | 1989 | c->tcp_do_fastopen = 0; |
| 1915 | 1990 | #endif |
| 1991 | #ifdef USE_DNSCRYPT | |
| 1992 | c->dnscrypt = 0; | |
| 1993 | c->dnscrypt_buffer = c->buffer; | |
| 1994 | #endif | |
| 1916 | 1995 | c->callback = callback; |
| 1917 | 1996 | c->cb_arg = callback_arg; |
| 1918 | 1997 | /* ub_event stuff */ |
| 1937 | 2016 | |
| 1938 | 2017 | struct comm_point* |
| 1939 | 2018 | comm_point_create_raw(struct comm_base* base, int fd, int writing, |
| 1940 | comm_point_callback_t* callback, void* callback_arg) | |
| 2019 | comm_point_callback_type* callback, void* callback_arg) | |
| 1941 | 2020 | { |
| 1942 | 2021 | struct comm_point* c = (struct comm_point*)calloc(1, |
| 1943 | 2022 | sizeof(struct comm_point)); |
| 1969 | 2048 | #ifdef USE_MSG_FASTOPEN |
| 1970 | 2049 | c->tcp_do_fastopen = 0; |
| 1971 | 2050 | #endif |
| 2051 | #ifdef USE_DNSCRYPT | |
| 2052 | c->dnscrypt = 0; | |
| 2053 | c->dnscrypt_buffer = c->buffer; | |
| 2054 | #endif | |
| 1972 | 2055 | c->callback = callback; |
| 1973 | 2056 | c->cb_arg = callback_arg; |
| 1974 | 2057 | /* ub_event stuff */ |
| 2033 | 2116 | free(c->tcp_handlers); |
| 2034 | 2117 | } |
| 2035 | 2118 | free(c->timeout); |
| 2036 | if(c->type == comm_tcp || c->type == comm_local) | |
| 2119 | if(c->type == comm_tcp || c->type == comm_local) { | |
| 2037 | 2120 | sldns_buffer_free(c->buffer); |
| 2121 | #ifdef USE_DNSCRYPT | |
| 2122 | if(c->dnscrypt && c->dnscrypt_buffer != c->buffer) { | |
| 2123 | sldns_buffer_free(c->dnscrypt_buffer); | |
| 2124 | } | |
| 2125 | #endif | |
| 2126 | } | |
| 2038 | 2127 | ub_event_free(c->ev->ev); |
| 2039 | 2128 | free(c->ev); |
| 2040 | 2129 | free(c); |
| 2043 | 2132 | void |
| 2044 | 2133 | comm_point_send_reply(struct comm_reply *repinfo) |
| 2045 | 2134 | { |
| 2135 | struct sldns_buffer* buffer; | |
| 2046 | 2136 | log_assert(repinfo && repinfo->c); |
| 2137 | #ifdef USE_DNSCRYPT | |
| 2138 | buffer = repinfo->c->dnscrypt_buffer; | |
| 2139 | if(!dnsc_handle_uncurved_request(repinfo)) { | |
| 2140 | return; | |
| 2141 | } | |
| 2142 | #else | |
| 2143 | buffer = repinfo->c->buffer; | |
| 2144 | #endif | |
| 2047 | 2145 | if(repinfo->c->type == comm_udp) { |
| 2048 | 2146 | if(repinfo->srctype) |
| 2049 | 2147 | comm_point_send_udp_msg_if(repinfo->c, |
| 2050 | repinfo->c->buffer, (struct sockaddr*)&repinfo->addr, | |
| 2148 | buffer, (struct sockaddr*)&repinfo->addr, | |
| 2051 | 2149 | repinfo->addrlen, repinfo); |
| 2052 | 2150 | else |
| 2053 | comm_point_send_udp_msg(repinfo->c, repinfo->c->buffer, | |
| 2151 | comm_point_send_udp_msg(repinfo->c, buffer, | |
| 2054 | 2152 | (struct sockaddr*)&repinfo->addr, repinfo->addrlen); |
| 2055 | 2153 | #ifdef USE_DNSTAP |
| 2056 | 2154 | if(repinfo->c->dtenv != NULL && |
| 2159 | 2257 | s = sizeof(*c) + sizeof(*c->ev); |
| 2160 | 2258 | if(c->timeout) |
| 2161 | 2259 | s += sizeof(*c->timeout); |
| 2162 | if(c->type == comm_tcp || c->type == comm_local) | |
| 2260 | if(c->type == comm_tcp || c->type == comm_local) { | |
| 2163 | 2261 | s += sizeof(*c->buffer) + sldns_buffer_capacity(c->buffer); |
| 2262 | #ifdef USE_DNSCRYPT | |
| 2263 | s += sizeof(*c->dnscrypt_buffer); | |
| 2264 | if(c->buffer != c->dnscrypt_buffer) { | |
| 2265 | s += sldns_buffer_capacity(c->dnscrypt_buffer); | |
| 2266 | } | |
| 2267 | #endif | |
| 2268 | } | |
| 2164 | 2269 | if(c->type == comm_tcp_accept) { |
| 2165 | 2270 | int i; |
| 2166 | 2271 | for(i=0; i<c->max_tcp_count; i++) |
| 59 | 59 | #ifndef NET_EVENT_H |
| 60 | 60 | #define NET_EVENT_H |
| 61 | 61 | |
| 62 | #include "dnscrypt/dnscrypt.h" | |
| 63 | ||
| 62 | 64 | struct sldns_buffer; |
| 63 | 65 | struct comm_point; |
| 64 | 66 | struct comm_reply; |
| 70 | 72 | struct internal_timer; /* A sub struct of the comm_timer super struct */ |
| 71 | 73 | |
| 72 | 74 | /** callback from communication point function type */ |
| 73 | typedef int comm_point_callback_t(struct comm_point*, void*, int, | |
| 75 | typedef int comm_point_callback_type(struct comm_point*, void*, int, | |
| 74 | 76 | struct comm_reply*); |
| 75 | 77 | |
| 76 | 78 | /** to pass no_error to callback function */ |
| 113 | 115 | socklen_t addrlen; |
| 114 | 116 | /** return type 0 (none), 4(IP4), 6(IP6) */ |
| 115 | 117 | int srctype; |
| 118 | /* DnsCrypt context */ | |
| 119 | #ifdef USE_DNSCRYPT | |
| 120 | uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; | |
| 121 | uint8_t nmkey[crypto_box_BEFORENMBYTES]; | |
| 122 | const dnsccert *dnsc_cert; | |
| 123 | int is_dnscrypted; | |
| 124 | #endif | |
| 116 | 125 | /** the return source interface data */ |
| 117 | 126 | union { |
| 118 | 127 | #ifdef IPV6_PKTINFO |
| 123 | 132 | #elif defined(IP_RECVDSTADDR) |
| 124 | 133 | struct in_addr v4addr; |
| 125 | 134 | #endif |
| 126 | } | |
| 135 | } | |
| 127 | 136 | /** variable with return source data */ |
| 128 | 137 | pktinfo; |
| 138 | /** max udp size for udp packets */ | |
| 139 | size_t max_udp_size; | |
| 129 | 140 | }; |
| 130 | 141 | |
| 131 | 142 | /** |
| 235 | 246 | int tcp_do_fastopen; |
| 236 | 247 | #endif |
| 237 | 248 | |
| 249 | #ifdef USE_DNSCRYPT | |
| 250 | /** Is this a dnscrypt channel */ | |
| 251 | int dnscrypt; | |
| 252 | /** encrypted buffer pointer. Either to perthread, or own buffer or NULL */ | |
| 253 | struct sldns_buffer* dnscrypt_buffer; | |
| 254 | #endif | |
| 238 | 255 | /** number of queries outstanding on this socket, used by |
| 239 | 256 | * outside network for udp ports */ |
| 240 | 257 | int inuse; |
| 263 | 280 | For UDP this is done without changing the commpoint. |
| 264 | 281 | In TCP it sets write state. |
| 265 | 282 | */ |
| 266 | comm_point_callback_t* callback; | |
| 283 | comm_point_callback_type* callback; | |
| 267 | 284 | /** argument to pass to callback. */ |
| 268 | 285 | void *cb_arg; |
| 269 | 286 | }; |
| 381 | 398 | */ |
| 382 | 399 | struct comm_point* comm_point_create_udp(struct comm_base* base, |
| 383 | 400 | int fd, struct sldns_buffer* buffer, |
| 384 | comm_point_callback_t* callback, void* callback_arg); | |
| 401 | comm_point_callback_type* callback, void* callback_arg); | |
| 385 | 402 | |
| 386 | 403 | /** |
| 387 | 404 | * Create an UDP with ancillary data comm point. Calls malloc. |
| 397 | 414 | */ |
| 398 | 415 | struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, |
| 399 | 416 | int fd, struct sldns_buffer* buffer, |
| 400 | comm_point_callback_t* callback, void* callback_arg); | |
| 417 | comm_point_callback_type* callback, void* callback_arg); | |
| 401 | 418 | |
| 402 | 419 | /** |
| 403 | 420 | * Create a TCP listener comm point. Calls malloc. |
| 418 | 435 | */ |
| 419 | 436 | struct comm_point* comm_point_create_tcp(struct comm_base* base, |
| 420 | 437 | int fd, int num, size_t bufsize, |
| 421 | comm_point_callback_t* callback, void* callback_arg); | |
| 438 | comm_point_callback_type* callback, void* callback_arg); | |
| 422 | 439 | |
| 423 | 440 | /** |
| 424 | 441 | * Create an outgoing TCP commpoint. No file descriptor is opened, left at -1. |
| 429 | 446 | * @return: the commpoint or NULL on error. |
| 430 | 447 | */ |
| 431 | 448 | struct comm_point* comm_point_create_tcp_out(struct comm_base* base, |
| 432 | size_t bufsize, comm_point_callback_t* callback, void* callback_arg); | |
| 449 | size_t bufsize, comm_point_callback_type* callback, void* callback_arg); | |
| 433 | 450 | |
| 434 | 451 | /** |
| 435 | 452 | * Create commpoint to listen to a local domain file descriptor. |
| 442 | 459 | */ |
| 443 | 460 | struct comm_point* comm_point_create_local(struct comm_base* base, |
| 444 | 461 | int fd, size_t bufsize, |
| 445 | comm_point_callback_t* callback, void* callback_arg); | |
| 462 | comm_point_callback_type* callback, void* callback_arg); | |
| 446 | 463 | |
| 447 | 464 | /** |
| 448 | 465 | * Create commpoint to listen to a local domain pipe descriptor. |
| 455 | 472 | */ |
| 456 | 473 | struct comm_point* comm_point_create_raw(struct comm_base* base, |
| 457 | 474 | int fd, int writing, |
| 458 | comm_point_callback_t* callback, void* callback_arg); | |
| 475 | comm_point_callback_type* callback, void* callback_arg); | |
| 459 | 476 | |
| 460 | 477 | /** |
| 461 | 478 | * Close a comm point fd. |
| 49 | 49 | #define RED 1 |
| 50 | 50 | |
| 51 | 51 | /** the NULL node, global alloc */ |
| 52 | rbnode_t rbtree_null_node = { | |
| 52 | rbnode_type rbtree_null_node = { | |
| 53 | 53 | RBTREE_NULL, /* Parent. */ |
| 54 | 54 | RBTREE_NULL, /* Left. */ |
| 55 | 55 | RBTREE_NULL, /* Right. */ |
| 58 | 58 | }; |
| 59 | 59 | |
| 60 | 60 | /** rotate subtree left (to preserve redblack property) */ |
| 61 | static void rbtree_rotate_left(rbtree_t *rbtree, rbnode_t *node); | |
| 61 | static void rbtree_rotate_left(rbtree_type *rbtree, rbnode_type *node); | |
| 62 | 62 | /** rotate subtree right (to preserve redblack property) */ |
| 63 | static void rbtree_rotate_right(rbtree_t *rbtree, rbnode_t *node); | |
| 63 | static void rbtree_rotate_right(rbtree_type *rbtree, rbnode_type *node); | |
| 64 | 64 | /** Fixup node colours when insert happened */ |
| 65 | static void rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node); | |
| 65 | static void rbtree_insert_fixup(rbtree_type *rbtree, rbnode_type *node); | |
| 66 | 66 | /** Fixup node colours when delete happened */ |
| 67 | static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent); | |
| 67 | static void rbtree_delete_fixup(rbtree_type* rbtree, rbnode_type* child, | |
| 68 | rbnode_type* child_parent); | |
| 68 | 69 | |
| 69 | 70 | /* |
| 70 | 71 | * Creates a new red black tree, initializes and returns a pointer to it. |
| 72 | 73 | * Return NULL on failure. |
| 73 | 74 | * |
| 74 | 75 | */ |
| 75 | rbtree_t * | |
| 76 | rbtree_type * | |
| 76 | 77 | rbtree_create (int (*cmpf)(const void *, const void *)) |
| 77 | 78 | { |
| 78 | rbtree_t *rbtree; | |
| 79 | rbtree_type *rbtree; | |
| 79 | 80 | |
| 80 | 81 | /* Allocate memory for it */ |
| 81 | rbtree = (rbtree_t *) malloc(sizeof(rbtree_t)); | |
| 82 | rbtree = (rbtree_type *) malloc(sizeof(rbtree_type)); | |
| 82 | 83 | if (!rbtree) { |
| 83 | 84 | return NULL; |
| 84 | 85 | } |
| 90 | 91 | } |
| 91 | 92 | |
| 92 | 93 | void |
| 93 | rbtree_init(rbtree_t *rbtree, int (*cmpf)(const void *, const void *)) | |
| 94 | rbtree_init(rbtree_type *rbtree, int (*cmpf)(const void *, const void *)) | |
| 94 | 95 | { |
| 95 | 96 | /* Initialize it */ |
| 96 | 97 | rbtree->root = RBTREE_NULL; |
| 103 | 104 | * |
| 104 | 105 | */ |
| 105 | 106 | static void |
| 106 | rbtree_rotate_left(rbtree_t *rbtree, rbnode_t *node) | |
| 107 | { | |
| 108 | rbnode_t *right = node->right; | |
| 107 | rbtree_rotate_left(rbtree_type *rbtree, rbnode_type *node) | |
| 108 | { | |
| 109 | rbnode_type *right = node->right; | |
| 109 | 110 | node->right = right->left; |
| 110 | 111 | if (right->left != RBTREE_NULL) |
| 111 | 112 | right->left->parent = node; |
| 130 | 131 | * |
| 131 | 132 | */ |
| 132 | 133 | static void |
| 133 | rbtree_rotate_right(rbtree_t *rbtree, rbnode_t *node) | |
| 134 | { | |
| 135 | rbnode_t *left = node->left; | |
| 134 | rbtree_rotate_right(rbtree_type *rbtree, rbnode_type *node) | |
| 135 | { | |
| 136 | rbnode_type *left = node->left; | |
| 136 | 137 | node->left = left->right; |
| 137 | 138 | if (left->right != RBTREE_NULL) |
| 138 | 139 | left->right->parent = node; |
| 153 | 154 | } |
| 154 | 155 | |
| 155 | 156 | static void |
| 156 | rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node) | |
| 157 | { | |
| 158 | rbnode_t *uncle; | |
| 157 | rbtree_insert_fixup(rbtree_type *rbtree, rbnode_type *node) | |
| 158 | { | |
| 159 | rbnode_type *uncle; | |
| 159 | 160 | |
| 160 | 161 | /* While not at the root and need fixing... */ |
| 161 | 162 | while (node != rbtree->root && node->parent->color == RED) { |
| 222 | 223 | * Returns NULL on failure or the pointer to the newly added node |
| 223 | 224 | * otherwise. |
| 224 | 225 | */ |
| 225 | rbnode_t * | |
| 226 | rbtree_insert (rbtree_t *rbtree, rbnode_t *data) | |
| 226 | rbnode_type * | |
| 227 | rbtree_insert (rbtree_type *rbtree, rbnode_type *data) | |
| 227 | 228 | { |
| 228 | 229 | /* XXX Not necessary, but keeps compiler quiet... */ |
| 229 | 230 | int r = 0; |
| 230 | 231 | |
| 231 | 232 | /* We start at the root of the tree */ |
| 232 | rbnode_t *node = rbtree->root; | |
| 233 | rbnode_t *parent = RBTREE_NULL; | |
| 233 | rbnode_type *node = rbtree->root; | |
| 234 | rbnode_type *parent = RBTREE_NULL; | |
| 234 | 235 | |
| 235 | 236 | fptr_ok(fptr_whitelist_rbtree_cmp(rbtree->cmp)); |
| 236 | 237 | /* Lets find the new parent... */ |
| 275 | 276 | * Searches the red black tree, returns the data if key is found or NULL otherwise. |
| 276 | 277 | * |
| 277 | 278 | */ |
| 278 | rbnode_t * | |
| 279 | rbtree_search (rbtree_t *rbtree, const void *key) | |
| 280 | { | |
| 281 | rbnode_t *node; | |
| 279 | rbnode_type * | |
| 280 | rbtree_search (rbtree_type *rbtree, const void *key) | |
| 281 | { | |
| 282 | rbnode_type *node; | |
| 282 | 283 | |
| 283 | 284 | if (rbtree_find_less_equal(rbtree, key, &node)) { |
| 284 | 285 | return node; |
| 294 | 295 | } |
| 295 | 296 | |
| 296 | 297 | /** helpers for delete: swap node pointers */ |
| 297 | static void swap_np(rbnode_t** x, rbnode_t** y) | |
| 298 | { | |
| 299 | rbnode_t* t = *x; *x = *y; *y = t; | |
| 298 | static void swap_np(rbnode_type** x, rbnode_type** y) | |
| 299 | { | |
| 300 | rbnode_type* t = *x; *x = *y; *y = t; | |
| 300 | 301 | } |
| 301 | 302 | |
| 302 | 303 | /** Update parent pointers of child trees of 'parent' */ |
| 303 | static void change_parent_ptr(rbtree_t* rbtree, rbnode_t* parent, rbnode_t* old, rbnode_t* new) | |
| 304 | static void change_parent_ptr(rbtree_type* rbtree, rbnode_type* parent, | |
| 305 | rbnode_type* old, rbnode_type* new) | |
| 304 | 306 | { |
| 305 | 307 | if(parent == RBTREE_NULL) |
| 306 | 308 | { |
| 314 | 316 | if(parent->right == old) parent->right = new; |
| 315 | 317 | } |
| 316 | 318 | /** Update parent pointer of a node 'child' */ |
| 317 | static void change_child_ptr(rbnode_t* child, rbnode_t* old, rbnode_t* new) | |
| 319 | static void change_child_ptr(rbnode_type* child, rbnode_type* old, | |
| 320 | rbnode_type* new) | |
| 318 | 321 | { |
| 319 | 322 | if(child == RBTREE_NULL) return; |
| 320 | 323 | log_assert(child->parent == old || child->parent == new); |
| 321 | 324 | if(child->parent == old) child->parent = new; |
| 322 | 325 | } |
| 323 | 326 | |
| 324 | rbnode_t* | |
| 325 | rbtree_delete(rbtree_t *rbtree, const void *key) | |
| 326 | { | |
| 327 | rbnode_t *to_delete; | |
| 328 | rbnode_t *child; | |
| 327 | rbnode_type* | |
| 328 | rbtree_delete(rbtree_type *rbtree, const void *key) | |
| 329 | { | |
| 330 | rbnode_type *to_delete; | |
| 331 | rbnode_type *child; | |
| 329 | 332 | if((to_delete = rbtree_search(rbtree, key)) == 0) return 0; |
| 330 | 333 | rbtree->count--; |
| 331 | 334 | |
| 333 | 336 | if(to_delete->left != RBTREE_NULL && to_delete->right != RBTREE_NULL) |
| 334 | 337 | { |
| 335 | 338 | /* swap with smallest from right subtree (or largest from left) */ |
| 336 | rbnode_t *smright = to_delete->right; | |
| 339 | rbnode_type *smright = to_delete->right; | |
| 337 | 340 | while(smright->left != RBTREE_NULL) |
| 338 | 341 | smright = smright->left; |
| 339 | 342 | /* swap the smright and to_delete elements in the tree, |
| 340 | * but the rbnode_t is first part of user data struct | |
| 343 | * but the rbnode_type is first part of user data struct | |
| 341 | 344 | * so cannot just swap the keys and data pointers. Instead |
| 342 | 345 | * readjust the pointers left,right,parent */ |
| 343 | 346 | |
| 399 | 402 | return to_delete; |
| 400 | 403 | } |
| 401 | 404 | |
| 402 | static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent) | |
| 403 | { | |
| 404 | rbnode_t* sibling; | |
| 405 | static void rbtree_delete_fixup(rbtree_type* rbtree, rbnode_type* child, | |
| 406 | rbnode_type* child_parent) | |
| 407 | { | |
| 408 | rbnode_type* sibling; | |
| 405 | 409 | int go_up = 1; |
| 406 | 410 | |
| 407 | 411 | /* determine sibling to the node that is one-black short */ |
| 503 | 507 | } |
| 504 | 508 | |
| 505 | 509 | int |
| 506 | rbtree_find_less_equal(rbtree_t *rbtree, const void *key, rbnode_t **result) | |
| 510 | rbtree_find_less_equal(rbtree_type *rbtree, const void *key, | |
| 511 | rbnode_type **result) | |
| 507 | 512 | { |
| 508 | 513 | int r; |
| 509 | rbnode_t *node; | |
| 514 | rbnode_type *node; | |
| 510 | 515 | |
| 511 | 516 | log_assert(result); |
| 512 | 517 | |
| 539 | 544 | * Finds the first element in the red black tree |
| 540 | 545 | * |
| 541 | 546 | */ |
| 542 | rbnode_t * | |
| 543 | rbtree_first (rbtree_t *rbtree) | |
| 544 | { | |
| 545 | rbnode_t *node; | |
| 547 | rbnode_type * | |
| 548 | rbtree_first (rbtree_type *rbtree) | |
| 549 | { | |
| 550 | rbnode_type *node; | |
| 546 | 551 | |
| 547 | 552 | for (node = rbtree->root; node->left != RBTREE_NULL; node = node->left); |
| 548 | 553 | return node; |
| 549 | 554 | } |
| 550 | 555 | |
| 551 | rbnode_t * | |
| 552 | rbtree_last (rbtree_t *rbtree) | |
| 553 | { | |
| 554 | rbnode_t *node; | |
| 556 | rbnode_type * | |
| 557 | rbtree_last (rbtree_type *rbtree) | |
| 558 | { | |
| 559 | rbnode_type *node; | |
| 555 | 560 | |
| 556 | 561 | for (node = rbtree->root; node->right != RBTREE_NULL; node = node->right); |
| 557 | 562 | return node; |
| 561 | 566 | * Returns the next node... |
| 562 | 567 | * |
| 563 | 568 | */ |
| 564 | rbnode_t * | |
| 565 | rbtree_next (rbnode_t *node) | |
| 566 | { | |
| 567 | rbnode_t *parent; | |
| 569 | rbnode_type * | |
| 570 | rbtree_next (rbnode_type *node) | |
| 571 | { | |
| 572 | rbnode_type *parent; | |
| 568 | 573 | |
| 569 | 574 | if (node->right != RBTREE_NULL) { |
| 570 | 575 | /* One right, then keep on going left... */ |
| 580 | 585 | return node; |
| 581 | 586 | } |
| 582 | 587 | |
| 583 | rbnode_t * | |
| 584 | rbtree_previous(rbnode_t *node) | |
| 585 | { | |
| 586 | rbnode_t *parent; | |
| 588 | rbnode_type * | |
| 589 | rbtree_previous(rbnode_type *node) | |
| 590 | { | |
| 591 | rbnode_type *parent; | |
| 587 | 592 | |
| 588 | 593 | if (node->left != RBTREE_NULL) { |
| 589 | 594 | /* One left, then keep on going right... */ |
| 601 | 606 | |
| 602 | 607 | /** recursive descent traverse */ |
| 603 | 608 | static void |
| 604 | traverse_post(void (*func)(rbnode_t*, void*), void* arg, rbnode_t* node) | |
| 609 | traverse_post(void (*func)(rbnode_type*, void*), void* arg, rbnode_type* node) | |
| 605 | 610 | { |
| 606 | 611 | if(!node || node == RBTREE_NULL) |
| 607 | 612 | return; |
| 613 | 618 | } |
| 614 | 619 | |
| 615 | 620 | void |
| 616 | traverse_postorder(rbtree_t* tree, void (*func)(rbnode_t*, void*), void* arg) | |
| 621 | traverse_postorder(rbtree_type* tree, void (*func)(rbnode_type*, void*), | |
| 622 | void* arg) | |
| 617 | 623 | { |
| 618 | 624 | traverse_post(func, arg, tree->root); |
| 619 | 625 | } |
| 44 | 44 | |
| 45 | 45 | /** |
| 46 | 46 | * This structure must be the first member of the data structure in |
| 47 | * the rbtree. This allows easy casting between an rbnode_t and the | |
| 47 | * the rbtree. This allows easy casting between an rbnode_type and the | |
| 48 | 48 | * user data (poor man's inheritance). |
| 49 | 49 | */ |
| 50 | typedef struct rbnode_t rbnode_t; | |
| 50 | typedef struct rbnode_type rbnode_type; | |
| 51 | 51 | /** |
| 52 | * The rbnode_t struct definition. | |
| 52 | * The rbnode_type struct definition. | |
| 53 | 53 | */ |
| 54 | struct rbnode_t { | |
| 54 | struct rbnode_type { | |
| 55 | 55 | /** parent in rbtree, RBTREE_NULL for root */ |
| 56 | rbnode_t *parent; | |
| 56 | rbnode_type *parent; | |
| 57 | 57 | /** left node (smaller items) */ |
| 58 | rbnode_t *left; | |
| 58 | rbnode_type *left; | |
| 59 | 59 | /** right node (larger items) */ |
| 60 | rbnode_t *right; | |
| 60 | rbnode_type *right; | |
| 61 | 61 | /** pointer to sorting key */ |
| 62 | const void *key; | |
| 62 | const void *key; | |
| 63 | 63 | /** colour of this node */ |
| 64 | uint8_t color; | |
| 64 | uint8_t color; | |
| 65 | 65 | }; |
| 66 | 66 | |
| 67 | 67 | /** The nullpointer, points to empty node */ |
| 68 | 68 | #define RBTREE_NULL &rbtree_null_node |
| 69 | 69 | /** the global empty node */ |
| 70 | extern rbnode_t rbtree_null_node; | |
| 70 | extern rbnode_type rbtree_null_node; | |
| 71 | 71 | |
| 72 | 72 | /** An entire red black tree */ |
| 73 | typedef struct rbtree_t rbtree_t; | |
| 73 | typedef struct rbtree_type rbtree_type; | |
| 74 | 74 | /** definition for tree struct */ |
| 75 | struct rbtree_t { | |
| 75 | struct rbtree_type { | |
| 76 | 76 | /** The root of the red-black tree */ |
| 77 | rbnode_t *root; | |
| 77 | rbnode_type *root; | |
| 78 | 78 | |
| 79 | 79 | /** The number of the nodes in the tree */ |
| 80 | size_t count; | |
| 80 | size_t count; | |
| 81 | 81 | |
| 82 | 82 | /** |
| 83 | 83 | * Key compare function. <0,0,>0 like strcmp. |
| 91 | 91 | * @param cmpf: compare function (like strcmp) takes pointers to two keys. |
| 92 | 92 | * @return: new tree, empty. |
| 93 | 93 | */ |
| 94 | rbtree_t *rbtree_create(int (*cmpf)(const void *, const void *)); | |
| 94 | rbtree_type *rbtree_create(int (*cmpf)(const void *, const void *)); | |
| 95 | 95 | |
| 96 | 96 | /** |
| 97 | 97 | * Init a new tree (malloced by caller) with given key compare function. |
| 98 | 98 | * @param rbtree: uninitialised memory for new tree, returned empty. |
| 99 | 99 | * @param cmpf: compare function (like strcmp) takes pointers to two keys. |
| 100 | 100 | */ |
| 101 | void rbtree_init(rbtree_t *rbtree, int (*cmpf)(const void *, const void *)); | |
| 101 | void rbtree_init(rbtree_type *rbtree, int (*cmpf)(const void *, const void *)); | |
| 102 | 102 | |
| 103 | 103 | /** |
| 104 | 104 | * Insert data into the tree. |
| 106 | 106 | * @param data: element to insert. |
| 107 | 107 | * @return: data ptr or NULL if key already present. |
| 108 | 108 | */ |
| 109 | rbnode_t *rbtree_insert(rbtree_t *rbtree, rbnode_t *data); | |
| 109 | rbnode_type *rbtree_insert(rbtree_type *rbtree, rbnode_type *data); | |
| 110 | 110 | |
| 111 | 111 | /** |
| 112 | 112 | * Delete element from tree. |
| 115 | 115 | * @return: node that is now unlinked from the tree. User to delete it. |
| 116 | 116 | * returns 0 if node not present |
| 117 | 117 | */ |
| 118 | rbnode_t *rbtree_delete(rbtree_t *rbtree, const void *key); | |
| 118 | rbnode_type *rbtree_delete(rbtree_type *rbtree, const void *key); | |
| 119 | 119 | |
| 120 | 120 | /** |
| 121 | 121 | * Find key in tree. Returns NULL if not found. |
| 123 | 123 | * @param key: key that must match. |
| 124 | 124 | * @return: node that fits or NULL. |
| 125 | 125 | */ |
| 126 | rbnode_t *rbtree_search(rbtree_t *rbtree, const void *key); | |
| 126 | rbnode_type *rbtree_search(rbtree_type *rbtree, const void *key); | |
| 127 | 127 | |
| 128 | 128 | /** |
| 129 | 129 | * Find, but match does not have to be exact. |
| 134 | 134 | * @return: true if exact match in result. Else result points to <= element, |
| 135 | 135 | * or NULL if key is smaller than the smallest key. |
| 136 | 136 | */ |
| 137 | int rbtree_find_less_equal(rbtree_t *rbtree, const void *key, | |
| 138 | rbnode_t **result); | |
| 137 | int rbtree_find_less_equal(rbtree_type *rbtree, const void *key, | |
| 138 | rbnode_type **result); | |
| 139 | 139 | |
| 140 | 140 | /** |
| 141 | 141 | * Returns first (smallest) node in the tree |
| 142 | 142 | * @param rbtree: tree |
| 143 | 143 | * @return: smallest element or NULL if tree empty. |
| 144 | 144 | */ |
| 145 | rbnode_t *rbtree_first(rbtree_t *rbtree); | |
| 145 | rbnode_type *rbtree_first(rbtree_type *rbtree); | |
| 146 | 146 | |
| 147 | 147 | /** |
| 148 | 148 | * Returns last (largest) node in the tree |
| 149 | 149 | * @param rbtree: tree |
| 150 | 150 | * @return: largest element or NULL if tree empty. |
| 151 | 151 | */ |
| 152 | rbnode_t *rbtree_last(rbtree_t *rbtree); | |
| 152 | rbnode_type *rbtree_last(rbtree_type *rbtree); | |
| 153 | 153 | |
| 154 | 154 | /** |
| 155 | 155 | * Returns next larger node in the tree |
| 156 | 156 | * @param rbtree: tree |
| 157 | 157 | * @return: next larger element or NULL if no larger in tree. |
| 158 | 158 | */ |
| 159 | rbnode_t *rbtree_next(rbnode_t *rbtree); | |
| 159 | rbnode_type *rbtree_next(rbnode_type *rbtree); | |
| 160 | 160 | |
| 161 | 161 | /** |
| 162 | 162 | * Returns previous smaller node in the tree |
| 163 | 163 | * @param rbtree: tree |
| 164 | 164 | * @return: previous smaller element or NULL if no previous in tree. |
| 165 | 165 | */ |
| 166 | rbnode_t *rbtree_previous(rbnode_t *rbtree); | |
| 166 | rbnode_type *rbtree_previous(rbnode_type *rbtree); | |
| 167 | 167 | |
| 168 | 168 | /** |
| 169 | * Call with node=variable of struct* with rbnode_t as first element. | |
| 169 | * Call with node=variable of struct* with rbnode_type as first element. | |
| 170 | 170 | * with type is the type of a pointer to that struct. |
| 171 | 171 | */ |
| 172 | 172 | #define RBTREE_FOR(node, type, rbtree) \ |
| 173 | 173 | for(node=(type)rbtree_first(rbtree); \ |
| 174 | (rbnode_t*)node != RBTREE_NULL; \ | |
| 175 | node = (type)rbtree_next((rbnode_t*)node)) | |
| 174 | (rbnode_type*)node != RBTREE_NULL; \ | |
| 175 | node = (type)rbtree_next((rbnode_type*)node)) | |
| 176 | 176 | |
| 177 | 177 | /** |
| 178 | 178 | * Call function for all elements in the redblack tree, such that |
| 185 | 185 | * The function must not alter the rbtree. |
| 186 | 186 | * @param arg: user argument. |
| 187 | 187 | */ |
| 188 | void traverse_postorder(rbtree_t* tree, void (*func)(rbnode_t*, void*), | |
| 188 | void traverse_postorder(rbtree_type* tree, void (*func)(rbnode_type*, void*), | |
| 189 | 189 | void* arg); |
| 190 | 190 | |
| 191 | 191 | #endif /* UTIL_RBTREE_H_ */ |
| 0 | /* | |
| 1 | * util/shm_side/shm_main.c - SHM for statistics transport | |
| 2 | * | |
| 3 | * Copyright (c) 2017, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | ||
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * This file contains functions for the SHM implementation. | |
| 39 | */ | |
| 40 | ||
| 41 | #include "config.h" | |
| 42 | #include <ctype.h> | |
| 43 | #include <stdarg.h> | |
| 44 | #ifdef HAVE_SYS_IPC_H | |
| 45 | #include <sys/ipc.h> | |
| 46 | #endif | |
| 47 | #ifdef HAVE_SYS_SHM_H | |
| 48 | #include <sys/shm.h> | |
| 49 | #endif | |
| 50 | #include <sys/time.h> | |
| 51 | #include <errno.h> | |
| 52 | #include "shm_main.h" | |
| 53 | #include "daemon/daemon.h" | |
| 54 | #include "daemon/worker.h" | |
| 55 | #include "daemon/stats.h" | |
| 56 | #include "services/mesh.h" | |
| 57 | #include "services/cache/rrset.h" | |
| 58 | #include "services/cache/infra.h" | |
| 59 | #include "validator/validator.h" | |
| 60 | #include "util/config_file.h" | |
| 61 | #include "util/fptr_wlist.h" | |
| 62 | #include "util/log.h" | |
| 63 | ||
| 64 | #ifdef HAVE_SHMGET | |
| 65 | /** subtract timers and the values do not overflow or become negative */ | |
| 66 | static void | |
| 67 | stat_timeval_subtract(long long *d_sec, long long *d_usec, const struct timeval* end, | |
| 68 | const struct timeval* start) | |
| 69 | { | |
| 70 | #ifndef S_SPLINT_S | |
| 71 | time_t end_usec = end->tv_usec; | |
| 72 | *d_sec = end->tv_sec - start->tv_sec; | |
| 73 | if(end_usec < start->tv_usec) { | |
| 74 | end_usec += 1000000; | |
| 75 | (*d_sec)--; | |
| 76 | } | |
| 77 | *d_usec = end_usec - start->tv_usec; | |
| 78 | #endif | |
| 79 | } | |
| 80 | #endif /* HAVE_SHMGET */ | |
| 81 | ||
| 82 | int shm_main_init(struct daemon* daemon) | |
| 83 | { | |
| 84 | #ifdef HAVE_SHMGET | |
| 85 | struct ub_shm_stat_info *shm_stat; | |
| 86 | size_t shm_size; | |
| 87 | ||
| 88 | /* sanitize */ | |
| 89 | if(!daemon) | |
| 90 | return 0; | |
| 91 | if(!daemon->cfg->shm_enable) | |
| 92 | return 1; | |
| 93 | if(daemon->cfg->stat_interval == 0) | |
| 94 | log_warn("shm-enable is yes but statistics-interval is 0"); | |
| 95 | ||
| 96 | /* Statistics to maintain the number of thread + total */ | |
| 97 | shm_size = (sizeof(struct ub_stats_info) * (daemon->num + 1)); | |
| 98 | ||
| 99 | /* Allocation of needed memory */ | |
| 100 | daemon->shm_info = (struct shm_main_info*)calloc(1, shm_size); | |
| 101 | ||
| 102 | /* Sanitize */ | |
| 103 | if(!daemon->shm_info) { | |
| 104 | log_err("shm fail: malloc failure"); | |
| 105 | return 0; | |
| 106 | } | |
| 107 | ||
| 108 | daemon->shm_info->key = daemon->cfg->shm_key; | |
| 109 | ||
| 110 | /* Check for previous create SHM */ | |
| 111 | daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(int), SHM_R); | |
| 112 | daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, sizeof(int), SHM_R); | |
| 113 | ||
| 114 | /* Destroy previous SHM */ | |
| 115 | if (daemon->shm_info->id_ctl >= 0) | |
| 116 | shmctl(daemon->shm_info->id_ctl, IPC_RMID, NULL); | |
| 117 | ||
| 118 | /* Destroy previous SHM */ | |
| 119 | if (daemon->shm_info->id_arr >= 0) | |
| 120 | shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); | |
| 121 | ||
| 122 | /* SHM: Create the segment */ | |
| 123 | daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0666); | |
| 124 | ||
| 125 | if (daemon->shm_info->id_ctl < 0) | |
| 126 | { | |
| 127 | log_err("SHM failed(id_ctl) cannot shmget(key %d) %s", | |
| 128 | daemon->shm_info->key, strerror(errno)); | |
| 129 | ||
| 130 | /* Just release memory unused */ | |
| 131 | free(daemon->shm_info); | |
| 132 | ||
| 133 | return 0; | |
| 134 | } | |
| 135 | ||
| 136 | daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0666); | |
| 137 | ||
| 138 | if (daemon->shm_info->id_arr < 0) | |
| 139 | { | |
| 140 | log_err("SHM failed(id_arr) cannot shmget(key %d + 1) %s", | |
| 141 | daemon->shm_info->key, strerror(errno)); | |
| 142 | ||
| 143 | /* Just release memory unused */ | |
| 144 | free(daemon->shm_info); | |
| 145 | ||
| 146 | return 0; | |
| 147 | } | |
| 148 | ||
| 149 | /* SHM: attach the segment */ | |
| 150 | daemon->shm_info->ptr_ctl = (struct ub_shm_stat_info*) | |
| 151 | shmat(daemon->shm_info->id_ctl, NULL, 0); | |
| 152 | if(daemon->shm_info->ptr_ctl == (void *) -1) { | |
| 153 | log_err("SHM failed(ctl) cannot shmat(%d) %s", | |
| 154 | daemon->shm_info->id_ctl, strerror(errno)); | |
| 155 | ||
| 156 | /* Just release memory unused */ | |
| 157 | free(daemon->shm_info); | |
| 158 | ||
| 159 | return 0; | |
| 160 | } | |
| 161 | ||
| 162 | daemon->shm_info->ptr_arr = (struct ub_stats_info*) | |
| 163 | shmat(daemon->shm_info->id_arr, NULL, 0); | |
| 164 | ||
| 165 | if (daemon->shm_info->ptr_arr == (void *) -1) | |
| 166 | { | |
| 167 | log_err("SHM failed(arr) cannot shmat(%d) %s", | |
| 168 | daemon->shm_info->id_arr, strerror(errno)); | |
| 169 | ||
| 170 | /* Just release memory unused */ | |
| 171 | free(daemon->shm_info); | |
| 172 | ||
| 173 | return 0; | |
| 174 | } | |
| 175 | ||
| 176 | /* Zero fill SHM to stand clean while is not filled by other events */ | |
| 177 | memset(daemon->shm_info->ptr_ctl, 0, sizeof(struct ub_shm_stat_info)); | |
| 178 | memset(daemon->shm_info->ptr_arr, 0, shm_size); | |
| 179 | ||
| 180 | shm_stat = daemon->shm_info->ptr_ctl; | |
| 181 | shm_stat->num_threads = daemon->num; | |
| 182 | ||
| 183 | #else | |
| 184 | (void)daemon; | |
| 185 | #endif /* HAVE_SHMGET */ | |
| 186 | return 1; | |
| 187 | } | |
| 188 | ||
| 189 | void shm_main_shutdown(struct daemon* daemon) | |
| 190 | { | |
| 191 | #ifdef HAVE_SHMGET | |
| 192 | /* web are OK, just disabled */ | |
| 193 | if(!daemon->cfg->shm_enable) | |
| 194 | return; | |
| 195 | ||
| 196 | verbose(VERB_DETAIL, "SHM shutdown - KEY [%d] - ID CTL [%d] ARR [%d] - PTR CTL [%p] ARR [%p]", | |
| 197 | daemon->shm_info->key, daemon->shm_info->id_ctl, daemon->shm_info->id_arr, daemon->shm_info->ptr_ctl, daemon->shm_info->ptr_arr); | |
| 198 | ||
| 199 | /* Destroy previous SHM */ | |
| 200 | if (daemon->shm_info->id_ctl >= 0) | |
| 201 | shmctl(daemon->shm_info->id_ctl, IPC_RMID, NULL); | |
| 202 | ||
| 203 | if (daemon->shm_info->id_arr >= 0) | |
| 204 | shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); | |
| 205 | ||
| 206 | if (daemon->shm_info->ptr_ctl) | |
| 207 | shmdt(daemon->shm_info->ptr_ctl); | |
| 208 | ||
| 209 | if (daemon->shm_info->ptr_arr) | |
| 210 | shmdt(daemon->shm_info->ptr_arr); | |
| 211 | ||
| 212 | #else | |
| 213 | (void)daemon; | |
| 214 | #endif /* HAVE_SHMGET */ | |
| 215 | } | |
| 216 | ||
| 217 | void shm_main_run(struct worker *worker) | |
| 218 | { | |
| 219 | #ifdef HAVE_SHMGET | |
| 220 | struct ub_shm_stat_info *shm_stat; | |
| 221 | struct ub_stats_info *stat_total; | |
| 222 | struct ub_stats_info *stat_info; | |
| 223 | int offset; | |
| 224 | ||
| 225 | verbose(VERB_DETAIL, "SHM run - worker [%d] - daemon [%p] - timenow(%u) - timeboot(%u)", | |
| 226 | worker->thread_num, worker->daemon, (unsigned)worker->env.now_tv->tv_sec, (unsigned)worker->daemon->time_boot.tv_sec); | |
| 227 | ||
| 228 | offset = worker->thread_num + 1; | |
| 229 | stat_total = worker->daemon->shm_info->ptr_arr; | |
| 230 | stat_info = worker->daemon->shm_info->ptr_arr + offset; | |
| 231 | ||
| 232 | /* Copy data to the current position */ | |
| 233 | server_stats_compile(worker, stat_info, 0); | |
| 234 | ||
| 235 | /* First thread, zero fill total, and copy general info */ | |
| 236 | if (worker->thread_num == 0) { | |
| 237 | ||
| 238 | /* Copy data to the current position */ | |
| 239 | memset(stat_total, 0, sizeof(struct ub_stats_info)); | |
| 240 | ||
| 241 | /* Point to data into SHM */ | |
| 242 | shm_stat = worker->daemon->shm_info->ptr_ctl; | |
| 243 | shm_stat->time.now_sec = (long long)worker->env.now_tv->tv_sec; | |
| 244 | shm_stat->time.now_usec = (long long)worker->env.now_tv->tv_usec; | |
| 245 | ||
| 246 | stat_timeval_subtract(&shm_stat->time.up_sec, &shm_stat->time.up_usec, worker->env.now_tv, &worker->daemon->time_boot); | |
| 247 | stat_timeval_subtract(&shm_stat->time.elapsed_sec, &shm_stat->time.elapsed_usec, worker->env.now_tv, &worker->daemon->time_last_stat); | |
| 248 | ||
| 249 | shm_stat->mem.msg = (long long)slabhash_get_mem(worker->env.msg_cache); | |
| 250 | shm_stat->mem.rrset = (long long)slabhash_get_mem(&worker->env.rrset_cache->table); | |
| 251 | shm_stat->mem.val = (long long)mod_get_mem(&worker->env, | |
| 252 | "validator"); | |
| 253 | shm_stat->mem.iter = (long long)mod_get_mem(&worker->env, | |
| 254 | "iterator"); | |
| 255 | shm_stat->mem.respip = (long long)mod_get_mem(&worker->env, | |
| 256 | "respip"); | |
| 257 | ||
| 258 | /* subnet mem value is available in shm, also when not enabled, | |
| 259 | * to make the struct easier to memmap by other applications, | |
| 260 | * independent of the configuration of unbound */ | |
| 261 | shm_stat->mem.subnet = 0; | |
| 262 | #ifdef CLIENT_SUBNET | |
| 263 | shm_stat->mem.subnet = (long long)mod_get_mem(&worker->env, | |
| 264 | "subnet"); | |
| 265 | #endif | |
| 266 | /* ipsecmod mem value is available in shm, also when not enabled, | |
| 267 | * to make the struct easier to memmap by other applications, | |
| 268 | * independent of the configuration of unbound */ | |
| 269 | shm_stat->mem.ipsecmod = 0; | |
| 270 | #ifdef USE_IPSECMOD | |
| 271 | shm_stat->mem.ipsecmod = (long long)mod_get_mem(&worker->env, | |
| 272 | "ipsecmod"); | |
| 273 | #endif | |
| 274 | } | |
| 275 | ||
| 276 | server_stats_add(stat_total, stat_info); | |
| 277 | ||
| 278 | /* print the thread statistics */ | |
| 279 | stat_total->mesh_time_median /= (double)worker->daemon->num; | |
| 280 | ||
| 281 | #else | |
| 282 | (void)worker; | |
| 283 | #endif /* HAVE_SHMGET */ | |
| 284 | } |
| 0 | /* | |
| 1 | * util/shm_side/shm_main.h - control the shared memory for unbound. | |
| 2 | * | |
| 3 | * Copyright (c) 2007, NLnet Labs. All rights reserved. | |
| 4 | * | |
| 5 | * This software is open source. | |
| 6 | * | |
| 7 | * Redistribution and use in source and binary forms, with or without | |
| 8 | * modification, are permitted provided that the following conditions | |
| 9 | * are met: | |
| 10 | * | |
| 11 | * Redistributions of source code must retain the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer. | |
| 13 | * | |
| 14 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 15 | * this list of conditions and the following disclaimer in the documentation | |
| 16 | * and/or other materials provided with the distribution. | |
| 17 | * | |
| 18 | * Neither the name of the NLNET LABS nor the names of its contributors may | |
| 19 | * be used to endorse or promote products derived from this software without | |
| 20 | * specific prior written permission. | |
| 21 | * | |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 25 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 26 | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 27 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | |
| 28 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
| 29 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 30 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 31 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 32 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 33 | */ | |
| 34 | ||
| 35 | /** | |
| 36 | * \file | |
| 37 | * | |
| 38 | * This file contains functions for the SHM side. | |
| 39 | */ | |
| 40 | ||
| 41 | #ifndef UTIL_SHM_SIDE_MAIN_H | |
| 42 | #define UTIL_SHM_SIDE_MAIN_H | |
| 43 | struct daemon; | |
| 44 | struct worker; | |
| 45 | ||
| 46 | /* get struct ub_shm_stat_info */ | |
| 47 | #include "libunbound/unbound.h" | |
| 48 | ||
| 49 | /** | |
| 50 | * The SHM info. | |
| 51 | */ | |
| 52 | struct shm_main_info { | |
| 53 | /** stats_info array, shared memory segment. | |
| 54 | * [0] is totals, [1..thread_num] are per-thread stats */ | |
| 55 | struct ub_stats_info* ptr_arr; | |
| 56 | /** the global stats block, shared memory segment */ | |
| 57 | struct ub_shm_stat_info* ptr_ctl; | |
| 58 | int key; | |
| 59 | int id_ctl; | |
| 60 | int id_arr; | |
| 61 | }; | |
| 62 | ||
| 63 | int shm_main_init(struct daemon* daemon); | |
| 64 | void shm_main_shutdown(struct daemon* daemon); | |
| 65 | void shm_main_run(struct worker *worker); | |
| 66 | ||
| 67 | #endif /* UTIL_SHM_SIDE_MAIN_H */ |
| 70 | 70 | return 0; |
| 71 | 71 | } |
| 72 | 72 | |
| 73 | void name_tree_init(rbtree_t* tree) | |
| 73 | void name_tree_init(rbtree_type* tree) | |
| 74 | 74 | { |
| 75 | 75 | rbtree_init(tree, &name_tree_compare); |
| 76 | 76 | } |
| 77 | 77 | |
| 78 | void addr_tree_init(rbtree_t* tree) | |
| 78 | void addr_tree_init(rbtree_type* tree) | |
| 79 | 79 | { |
| 80 | 80 | rbtree_init(tree, &addr_tree_compare); |
| 81 | 81 | } |
| 82 | 82 | |
| 83 | int name_tree_insert(rbtree_t* tree, struct name_tree_node* node, | |
| 83 | int name_tree_insert(rbtree_type* tree, struct name_tree_node* node, | |
| 84 | 84 | uint8_t* name, size_t len, int labs, uint16_t dclass) |
| 85 | 85 | { |
| 86 | 86 | node->node.key = node; |
| 92 | 92 | return rbtree_insert(tree, &node->node) != NULL; |
| 93 | 93 | } |
| 94 | 94 | |
| 95 | int addr_tree_insert(rbtree_t* tree, struct addr_tree_node* node, | |
| 95 | int addr_tree_insert(rbtree_type* tree, struct addr_tree_node* node, | |
| 96 | 96 | struct sockaddr_storage* addr, socklen_t addrlen, int net) |
| 97 | 97 | { |
| 98 | 98 | node->node.key = node; |
| 103 | 103 | return rbtree_insert(tree, &node->node) != NULL; |
| 104 | 104 | } |
| 105 | 105 | |
| 106 | void addr_tree_init_parents(rbtree_t* tree) | |
| 106 | void addr_tree_init_parents(rbtree_type* tree) | |
| 107 | 107 | { |
| 108 | 108 | struct addr_tree_node* node, *prev = NULL, *p; |
| 109 | 109 | int m; |
| 129 | 129 | } |
| 130 | 130 | } |
| 131 | 131 | |
| 132 | void name_tree_init_parents(rbtree_t* tree) | |
| 132 | void name_tree_init_parents(rbtree_type* tree) | |
| 133 | 133 | { |
| 134 | 134 | struct name_tree_node* node, *prev = NULL, *p; |
| 135 | 135 | int m; |
| 155 | 155 | } |
| 156 | 156 | } |
| 157 | 157 | |
| 158 | struct name_tree_node* name_tree_find(rbtree_t* tree, uint8_t* name, | |
| 158 | struct name_tree_node* name_tree_find(rbtree_type* tree, uint8_t* name, | |
| 159 | 159 | size_t len, int labs, uint16_t dclass) |
| 160 | 160 | { |
| 161 | 161 | struct name_tree_node key; |
| 167 | 167 | return (struct name_tree_node*)rbtree_search(tree, &key); |
| 168 | 168 | } |
| 169 | 169 | |
| 170 | struct name_tree_node* name_tree_lookup(rbtree_t* tree, uint8_t* name, | |
| 170 | struct name_tree_node* name_tree_lookup(rbtree_type* tree, uint8_t* name, | |
| 171 | 171 | size_t len, int labs, uint16_t dclass) |
| 172 | 172 | { |
| 173 | rbnode_t* res = NULL; | |
| 173 | rbnode_type* res = NULL; | |
| 174 | 174 | struct name_tree_node *result; |
| 175 | 175 | struct name_tree_node key; |
| 176 | 176 | key.node.key = &key; |
| 199 | 199 | return result; |
| 200 | 200 | } |
| 201 | 201 | |
| 202 | struct addr_tree_node* addr_tree_lookup(rbtree_t* tree, | |
| 202 | struct addr_tree_node* addr_tree_lookup(rbtree_type* tree, | |
| 203 | 203 | struct sockaddr_storage* addr, socklen_t addrlen) |
| 204 | 204 | { |
| 205 | rbnode_t* res = NULL; | |
| 205 | rbnode_type* res = NULL; | |
| 206 | 206 | struct addr_tree_node* result; |
| 207 | 207 | struct addr_tree_node key; |
| 208 | 208 | key.node.key = &key; |
| 230 | 230 | return result; |
| 231 | 231 | } |
| 232 | 232 | |
| 233 | struct addr_tree_node* addr_tree_find(rbtree_t* tree, | |
| 233 | struct addr_tree_node* addr_tree_find(rbtree_type* tree, | |
| 234 | 234 | struct sockaddr_storage* addr, socklen_t addrlen, int net) |
| 235 | 235 | { |
| 236 | rbnode_t* res = NULL; | |
| 236 | rbnode_type* res = NULL; | |
| 237 | 237 | struct addr_tree_node key; |
| 238 | 238 | key.node.key = &key; |
| 239 | 239 | memcpy(&key.addr, addr, addrlen); |
| 244 | 244 | } |
| 245 | 245 | |
| 246 | 246 | int |
| 247 | name_tree_next_root(rbtree_t* tree, uint16_t* dclass) | |
| 247 | name_tree_next_root(rbtree_type* tree, uint16_t* dclass) | |
| 248 | 248 | { |
| 249 | 249 | struct name_tree_node key; |
| 250 | rbnode_t* n; | |
| 250 | rbnode_type* n; | |
| 251 | 251 | struct name_tree_node* p; |
| 252 | 252 | if(*dclass == 0) { |
| 253 | 253 | /* first root item is first item in tree */ |
| 48 | 48 | * This is not sorted canonically, but fast. |
| 49 | 49 | * This can be looked up to obtain a closest encloser parent name. |
| 50 | 50 | * |
| 51 | * The tree itself is a rbtree_t. | |
| 51 | * The tree itself is a rbtree_type. | |
| 52 | 52 | * This is the element node put as first entry in the client structure. |
| 53 | 53 | */ |
| 54 | 54 | struct name_tree_node { |
| 55 | 55 | /** rbtree node, key is this struct : dclass and name */ |
| 56 | rbnode_t node; | |
| 56 | rbnode_type node; | |
| 57 | 57 | /** parent in tree */ |
| 58 | 58 | struct name_tree_node* parent; |
| 59 | 59 | /** name in uncompressed wireformat */ |
| 70 | 70 | * Tree of IP addresses. Sorted first by protocol, then by bits. |
| 71 | 71 | * This can be looked up to obtain the enclosing subnet. |
| 72 | 72 | * |
| 73 | * The tree itself is a rbtree_t. | |
| 73 | * The tree itself is a rbtree_type. | |
| 74 | 74 | * This is the element node put as first entry in the client structure. |
| 75 | 75 | */ |
| 76 | 76 | struct addr_tree_node { |
| 77 | 77 | /** rbtree node, key is this struct : proto and subnet */ |
| 78 | rbnode_t node; | |
| 78 | rbnode_type node; | |
| 79 | 79 | /** parent in tree */ |
| 80 | 80 | struct addr_tree_node* parent; |
| 81 | 81 | /** address */ |
| 90 | 90 | * Init a name tree to be empty |
| 91 | 91 | * @param tree: to init. |
| 92 | 92 | */ |
| 93 | void name_tree_init(rbtree_t* tree); | |
| 93 | void name_tree_init(rbtree_type* tree); | |
| 94 | 94 | |
| 95 | 95 | /** |
| 96 | 96 | * insert element into name tree. |
| 104 | 104 | * @param dclass: class of name |
| 105 | 105 | * @return false on error (duplicate element). |
| 106 | 106 | */ |
| 107 | int name_tree_insert(rbtree_t* tree, struct name_tree_node* node, | |
| 107 | int name_tree_insert(rbtree_type* tree, struct name_tree_node* node, | |
| 108 | 108 | uint8_t* name, size_t len, int labs, uint16_t dclass); |
| 109 | 109 | |
| 110 | 110 | /** |
| 112 | 112 | * Should be performed after insertions are done, before lookups |
| 113 | 113 | * @param tree: name tree |
| 114 | 114 | */ |
| 115 | void name_tree_init_parents(rbtree_t* tree); | |
| 115 | void name_tree_init_parents(rbtree_type* tree); | |
| 116 | 116 | |
| 117 | 117 | /** |
| 118 | 118 | * Lookup exact match in name tree |
| 123 | 123 | * @param dclass: class of name |
| 124 | 124 | * @return node or NULL if not found. |
| 125 | 125 | */ |
| 126 | struct name_tree_node* name_tree_find(rbtree_t* tree, uint8_t* name, | |
| 126 | struct name_tree_node* name_tree_find(rbtree_type* tree, uint8_t* name, | |
| 127 | 127 | size_t len, int labs, uint16_t dclass); |
| 128 | 128 | |
| 129 | 129 | /** |
| 135 | 135 | * @param dclass: class of name |
| 136 | 136 | * @return closest enclosing node (could be equal) or NULL if not found. |
| 137 | 137 | */ |
| 138 | struct name_tree_node* name_tree_lookup(rbtree_t* tree, uint8_t* name, | |
| 138 | struct name_tree_node* name_tree_lookup(rbtree_type* tree, uint8_t* name, | |
| 139 | 139 | size_t len, int labs, uint16_t dclass); |
| 140 | 140 | |
| 141 | 141 | /** |
| 144 | 144 | * @param dclass: the class to look for next (or higher). |
| 145 | 145 | * @return false if no classes found, true means class put into c. |
| 146 | 146 | */ |
| 147 | int name_tree_next_root(rbtree_t* tree, uint16_t* dclass); | |
| 147 | int name_tree_next_root(rbtree_type* tree, uint16_t* dclass); | |
| 148 | 148 | |
| 149 | 149 | /** |
| 150 | 150 | * Init addr tree to be empty. |
| 151 | 151 | * @param tree: to init. |
| 152 | 152 | */ |
| 153 | void addr_tree_init(rbtree_t* tree); | |
| 153 | void addr_tree_init(rbtree_type* tree); | |
| 154 | 154 | |
| 155 | 155 | /** |
| 156 | 156 | * insert element into addr tree. |
| 162 | 162 | * @param net: size of subnet. |
| 163 | 163 | * @return false on error (duplicate element). |
| 164 | 164 | */ |
| 165 | int addr_tree_insert(rbtree_t* tree, struct addr_tree_node* node, | |
| 165 | int addr_tree_insert(rbtree_type* tree, struct addr_tree_node* node, | |
| 166 | 166 | struct sockaddr_storage* addr, socklen_t addrlen, int net); |
| 167 | 167 | |
| 168 | 168 | /** |
| 170 | 170 | * Should be performed after insertions are done, before lookups |
| 171 | 171 | * @param tree: addr tree |
| 172 | 172 | */ |
| 173 | void addr_tree_init_parents(rbtree_t* tree); | |
| 173 | void addr_tree_init_parents(rbtree_type* tree); | |
| 174 | 174 | |
| 175 | 175 | /** |
| 176 | 176 | * Lookup closest encloser in addr tree. |
| 179 | 179 | * @param addrlen: length of addr |
| 180 | 180 | * @return closest enclosing node (could be equal) or NULL if not found. |
| 181 | 181 | */ |
| 182 | struct addr_tree_node* addr_tree_lookup(rbtree_t* tree, | |
| 182 | struct addr_tree_node* addr_tree_lookup(rbtree_type* tree, | |
| 183 | 183 | struct sockaddr_storage* addr, socklen_t addrlen); |
| 184 | 184 | |
| 185 | 185 | /** |
| 190 | 190 | * @param net: size of subnet |
| 191 | 191 | * @return addr tree element, or NULL if not found. |
| 192 | 192 | */ |
| 193 | struct addr_tree_node* addr_tree_find(rbtree_t* tree, | |
| 193 | struct addr_tree_node* addr_tree_find(rbtree_type* tree, | |
| 194 | 194 | struct sockaddr_storage* addr, socklen_t addrlen, int net); |
| 195 | 195 | |
| 196 | 196 | /** compare name tree nodes */ |
| 58 | 58 | } |
| 59 | 59 | |
| 60 | 60 | struct lruhash* |
| 61 | lruhash_create(size_t start_size, size_t maxmem, lruhash_sizefunc_t sizefunc, | |
| 62 | lruhash_compfunc_t compfunc, lruhash_delkeyfunc_t delkeyfunc, | |
| 63 | lruhash_deldatafunc_t deldatafunc, void* arg) | |
| 61 | lruhash_create(size_t start_size, size_t maxmem, | |
| 62 | lruhash_sizefunc_type sizefunc, lruhash_compfunc_type compfunc, | |
| 63 | lruhash_delkeyfunc_type delkeyfunc, | |
| 64 | lruhash_deldatafunc_type deldatafunc, void* arg) | |
| 64 | 65 | { |
| 65 | 66 | struct lruhash* table = (struct lruhash*)calloc(1, |
| 66 | 67 | sizeof(struct lruhash)); |
| 214 | 215 | |
| 215 | 216 | struct lruhash_entry* |
| 216 | 217 | bin_find_entry(struct lruhash* table, |
| 217 | struct lruhash_bin* bin, hashvalue_t hash, void* key) | |
| 218 | struct lruhash_bin* bin, hashvalue_type hash, void* key) | |
| 218 | 219 | { |
| 219 | 220 | struct lruhash_entry* p = bin->overflow_list; |
| 220 | 221 | while(p) { |
| 295 | 296 | } |
| 296 | 297 | |
| 297 | 298 | void |
| 298 | lruhash_insert(struct lruhash* table, hashvalue_t hash, | |
| 299 | lruhash_insert(struct lruhash* table, hashvalue_type hash, | |
| 299 | 300 | struct lruhash_entry* entry, void* data, void* cb_arg) |
| 300 | 301 | { |
| 301 | 302 | struct lruhash_bin* bin; |
| 351 | 352 | } |
| 352 | 353 | |
| 353 | 354 | struct lruhash_entry* |
| 354 | lruhash_lookup(struct lruhash* table, hashvalue_t hash, void* key, int wr) | |
| 355 | lruhash_lookup(struct lruhash* table, hashvalue_type hash, void* key, int wr) | |
| 355 | 356 | { |
| 356 | 357 | struct lruhash_entry* entry; |
| 357 | 358 | struct lruhash_bin* bin; |
| 373 | 374 | } |
| 374 | 375 | |
| 375 | 376 | void |
| 376 | lruhash_remove(struct lruhash* table, hashvalue_t hash, void* key) | |
| 377 | lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key) | |
| 377 | 378 | { |
| 378 | 379 | struct lruhash_entry* entry; |
| 379 | 380 | struct lruhash_bin* bin; |
| 511 | 512 | } |
| 512 | 513 | |
| 513 | 514 | void |
| 514 | lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_t md) | |
| 515 | lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md) | |
| 515 | 516 | { |
| 516 | 517 | lock_quick_lock(&table->lock); |
| 517 | 518 | table->markdelfunc = md; |
| 541 | 542 | } |
| 542 | 543 | lock_quick_unlock(&h->lock); |
| 543 | 544 | } |
| 545 | ||
| 546 | /* | |
| 547 | * Demote: the opposite of touch, move an entry to the bottom | |
| 548 | * of the LRU pile. | |
| 549 | */ | |
| 550 | ||
| 551 | void | |
| 552 | lru_demote(struct lruhash* table, struct lruhash_entry* entry) | |
| 553 | { | |
| 554 | log_assert(table && entry); | |
| 555 | if (entry == table->lru_end) | |
| 556 | return; /* nothing to do */ | |
| 557 | /* remove from current lru position */ | |
| 558 | lru_remove(table, entry); | |
| 559 | /* add at end */ | |
| 560 | entry->lru_next = NULL; | |
| 561 | entry->lru_prev = table->lru_end; | |
| 562 | ||
| 563 | if (table->lru_end == NULL) | |
| 564 | { | |
| 565 | table->lru_start = entry; | |
| 566 | } | |
| 567 | else | |
| 568 | { | |
| 569 | table->lru_end->lru_next = entry; | |
| 570 | } | |
| 571 | table->lru_end = entry; | |
| 572 | } | |
| 573 | ||
| 574 | struct lruhash_entry* | |
| 575 | lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, | |
| 576 | struct lruhash_entry* entry, void* data, void* cb_arg) | |
| 577 | { | |
| 578 | struct lruhash_bin* bin; | |
| 579 | struct lruhash_entry* found, *reclaimlist = NULL; | |
| 580 | size_t need_size; | |
| 581 | fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); | |
| 582 | fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); | |
| 583 | fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); | |
| 584 | fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc)); | |
| 585 | fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc)); | |
| 586 | need_size = table->sizefunc(entry->key, data); | |
| 587 | if (cb_arg == NULL) cb_arg = table->cb_arg; | |
| 588 | ||
| 589 | /* find bin */ | |
| 590 | lock_quick_lock(&table->lock); | |
| 591 | bin = &table->array[hash & table->size_mask]; | |
| 592 | lock_quick_lock(&bin->lock); | |
| 593 | ||
| 594 | /* see if entry exists already */ | |
| 595 | if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) { | |
| 596 | /* if so: keep the existing data - acquire a writelock */ | |
| 597 | lock_rw_wrlock(&found->lock); | |
| 598 | } | |
| 599 | else | |
| 600 | { | |
| 601 | /* if not: add to bin */ | |
| 602 | entry->overflow_next = bin->overflow_list; | |
| 603 | bin->overflow_list = entry; | |
| 604 | lru_front(table, entry); | |
| 605 | table->num++; | |
| 606 | table->space_used += need_size; | |
| 607 | /* return the entry that was presented, and lock it */ | |
| 608 | found = entry; | |
| 609 | lock_rw_wrlock(&found->lock); | |
| 610 | } | |
| 611 | lock_quick_unlock(&bin->lock); | |
| 612 | if (table->space_used > table->space_max) | |
| 613 | reclaim_space(table, &reclaimlist); | |
| 614 | if (table->num >= table->size) | |
| 615 | table_grow(table); | |
| 616 | lock_quick_unlock(&table->lock); | |
| 617 | ||
| 618 | /* finish reclaim if any (outside of critical region) */ | |
| 619 | while (reclaimlist) { | |
| 620 | struct lruhash_entry* n = reclaimlist->overflow_next; | |
| 621 | void* d = reclaimlist->data; | |
| 622 | (*table->delkeyfunc)(reclaimlist->key, cb_arg); | |
| 623 | (*table->deldatafunc)(d, cb_arg); | |
| 624 | reclaimlist = n; | |
| 625 | } | |
| 626 | ||
| 627 | /* return the entry that was selected */ | |
| 628 | return found; | |
| 629 | } | |
| 630 | ||
| 115 | 115 | #define HASH_DEFAULT_MAXMEM 4*1024*1024 /* bytes */ |
| 116 | 116 | |
| 117 | 117 | /** the type of a hash value */ |
| 118 | typedef uint32_t hashvalue_t; | |
| 118 | typedef uint32_t hashvalue_type; | |
| 119 | 119 | |
| 120 | 120 | /** |
| 121 | 121 | * Type of function that calculates the size of an entry. |
| 123 | 123 | * Keys that are identical must also calculate to the same size. |
| 124 | 124 | * size = func(key, data). |
| 125 | 125 | */ |
| 126 | typedef size_t (*lruhash_sizefunc_t)(void*, void*); | |
| 126 | typedef size_t (*lruhash_sizefunc_type)(void*, void*); | |
| 127 | 127 | |
| 128 | 128 | /** type of function that compares two keys. return 0 if equal. */ |
| 129 | typedef int (*lruhash_compfunc_t)(void*, void*); | |
| 129 | typedef int (*lruhash_compfunc_type)(void*, void*); | |
| 130 | 130 | |
| 131 | 131 | /** old keys are deleted. |
| 132 | 132 | * The RRset type has to revoke its ID number, markdel() is used first. |
| 133 | 133 | * This function is called: func(key, userarg) */ |
| 134 | typedef void (*lruhash_delkeyfunc_t)(void*, void*); | |
| 134 | typedef void (*lruhash_delkeyfunc_type)(void*, void*); | |
| 135 | 135 | |
| 136 | 136 | /** old data is deleted. This function is called: func(data, userarg). */ |
| 137 | typedef void (*lruhash_deldatafunc_t)(void*, void*); | |
| 137 | typedef void (*lruhash_deldatafunc_type)(void*, void*); | |
| 138 | 138 | |
| 139 | 139 | /** mark a key as pending to be deleted (and not to be used by anyone). |
| 140 | 140 | * called: func(key) */ |
| 141 | typedef void (*lruhash_markdelfunc_t)(void*); | |
| 141 | typedef void (*lruhash_markdelfunc_type)(void*); | |
| 142 | 142 | |
| 143 | 143 | /** |
| 144 | 144 | * Hash table that keeps LRU list of entries. |
| 145 | 145 | */ |
| 146 | 146 | struct lruhash { |
| 147 | 147 | /** lock for exclusive access, to the lookup array */ |
| 148 | lock_quick_t lock; | |
| 148 | lock_quick_type lock; | |
| 149 | 149 | /** the size function for entries in this table */ |
| 150 | lruhash_sizefunc_t sizefunc; | |
| 150 | lruhash_sizefunc_type sizefunc; | |
| 151 | 151 | /** the compare function for entries in this table. */ |
| 152 | lruhash_compfunc_t compfunc; | |
| 152 | lruhash_compfunc_type compfunc; | |
| 153 | 153 | /** how to delete keys. */ |
| 154 | lruhash_delkeyfunc_t delkeyfunc; | |
| 154 | lruhash_delkeyfunc_type delkeyfunc; | |
| 155 | 155 | /** how to delete data. */ |
| 156 | lruhash_deldatafunc_t deldatafunc; | |
| 156 | lruhash_deldatafunc_type deldatafunc; | |
| 157 | 157 | /** how to mark a key pending deletion */ |
| 158 | lruhash_markdelfunc_t markdelfunc; | |
| 158 | lruhash_markdelfunc_type markdelfunc; | |
| 159 | 159 | /** user argument for user functions */ |
| 160 | 160 | void* cb_arg; |
| 161 | 161 | |
| 187 | 187 | * Lock for exclusive access to the linked list |
| 188 | 188 | * This lock makes deletion of items safe in this overflow list. |
| 189 | 189 | */ |
| 190 | lock_quick_t lock; | |
| 190 | lock_quick_type lock; | |
| 191 | 191 | /** linked list of overflow entries */ |
| 192 | 192 | struct lruhash_entry* overflow_list; |
| 193 | 193 | }; |
| 206 | 206 | * Even with a writelock, you cannot change hash and key. |
| 207 | 207 | * You need to delete it to change hash or key. |
| 208 | 208 | */ |
| 209 | lock_rw_t lock; | |
| 209 | lock_rw_type lock; | |
| 210 | 210 | /** next entry in overflow chain. Covered by hashlock and binlock. */ |
| 211 | 211 | struct lruhash_entry* overflow_next; |
| 212 | 212 | /** next entry in lru chain. covered by hashlock. */ |
| 214 | 214 | /** prev entry in lru chain. covered by hashlock. */ |
| 215 | 215 | struct lruhash_entry* lru_prev; |
| 216 | 216 | /** hash value of the key. It may not change, until entry deleted. */ |
| 217 | hashvalue_t hash; | |
| 217 | hashvalue_type hash; | |
| 218 | 218 | /** key */ |
| 219 | 219 | void* key; |
| 220 | 220 | /** data */ |
| 235 | 235 | * @return: new hash table or NULL on malloc failure. |
| 236 | 236 | */ |
| 237 | 237 | struct lruhash* lruhash_create(size_t start_size, size_t maxmem, |
| 238 | lruhash_sizefunc_t sizefunc, lruhash_compfunc_t compfunc, | |
| 239 | lruhash_delkeyfunc_t delkeyfunc, lruhash_deldatafunc_t deldatafunc, | |
| 240 | void* arg); | |
| 238 | lruhash_sizefunc_type sizefunc, lruhash_compfunc_type compfunc, | |
| 239 | lruhash_delkeyfunc_type delkeyfunc, | |
| 240 | lruhash_deldatafunc_type deldatafunc, void* arg); | |
| 241 | 241 | |
| 242 | 242 | /** |
| 243 | 243 | * Delete hash table. Entries are all deleted. |
| 268 | 268 | * @param data: the data. |
| 269 | 269 | * @param cb_override: if not null overrides the cb_arg for the deletefunc. |
| 270 | 270 | */ |
| 271 | void lruhash_insert(struct lruhash* table, hashvalue_t hash, | |
| 271 | void lruhash_insert(struct lruhash* table, hashvalue_type hash, | |
| 272 | 272 | struct lruhash_entry* entry, void* data, void* cb_override); |
| 273 | 273 | |
| 274 | 274 | /** |
| 284 | 284 | * @return: pointer to the entry or NULL. The entry is locked. |
| 285 | 285 | * The user must unlock the entry when done. |
| 286 | 286 | */ |
| 287 | struct lruhash_entry* lruhash_lookup(struct lruhash* table, hashvalue_t hash, | |
| 288 | void* key, int wr); | |
| 287 | struct lruhash_entry* lruhash_lookup(struct lruhash* table, | |
| 288 | hashvalue_type hash, void* key, int wr); | |
| 289 | 289 | |
| 290 | 290 | /** |
| 291 | 291 | * Touch entry, so it becomes the most recently used in the LRU list. |
| 298 | 298 | /** |
| 299 | 299 | * Set the markdelfunction (or NULL) |
| 300 | 300 | */ |
| 301 | void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_t md); | |
| 301 | void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md); | |
| 302 | ||
| 303 | /************************* getdns functions ************************/ | |
| 304 | /*** these are used by getdns only and not by unbound. ***/ | |
| 305 | ||
| 306 | /** | |
| 307 | * Demote entry, so it becomes the least recently used in the LRU list. | |
| 308 | * Caller must hold hash table lock. The entry must be inserted already. | |
| 309 | * @param table: hash table. | |
| 310 | * @param entry: entry to make last in LRU. | |
| 311 | */ | |
| 312 | void lru_demote(struct lruhash* table, struct lruhash_entry* entry); | |
| 313 | ||
| 314 | /** | |
| 315 | * Insert a new element into the hashtable, or retrieve the corresponding | |
| 316 | * element of it exits. | |
| 317 | * | |
| 318 | * If key is already present data pointer in that entry is kept. | |
| 319 | * If it is not present, a new entry is created. In that case, | |
| 320 | * the space calculation function is called with the key, data. | |
| 321 | * If necessary the least recently used entries are deleted to make space. | |
| 322 | * If necessary the hash array is grown up. | |
| 323 | * | |
| 324 | * @param table: hash table. | |
| 325 | * @param hash: hash value. User calculates the hash. | |
| 326 | * @param entry: identifies the entry. | |
| 327 | * @param data: the data. | |
| 328 | * @param cb_arg: if not null overrides the cb_arg for the deletefunc. | |
| 329 | * @return: pointer to the existing entry if the key was already present, | |
| 330 | * or to the entry argument if it was not. | |
| 331 | */ | |
| 332 | struct lruhash_entry* lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, | |
| 333 | struct lruhash_entry* entry, void* data, void* cb_arg); | |
| 302 | 334 | |
| 303 | 335 | /************************* Internal functions ************************/ |
| 304 | 336 | /*** these are only exposed for unit tests. ***/ |
| 310 | 342 | * @param hash: hash of key. |
| 311 | 343 | * @param key: what to look for. |
| 312 | 344 | */ |
| 313 | void lruhash_remove(struct lruhash* table, hashvalue_t hash, void* key); | |
| 345 | void lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key); | |
| 314 | 346 | |
| 315 | 347 | /** init the hash bins for the table */ |
| 316 | 348 | void bin_init(struct lruhash_bin* array, size_t size); |
| 327 | 359 | * @return: the entry or NULL if not found. |
| 328 | 360 | */ |
| 329 | 361 | struct lruhash_entry* bin_find_entry(struct lruhash* table, |
| 330 | struct lruhash_bin* bin, hashvalue_t hash, void* key); | |
| 362 | struct lruhash_bin* bin, hashvalue_type hash, void* key); | |
| 331 | 363 | |
| 332 | 364 | /** |
| 333 | 365 | * Remove entry from bin overflow chain. |
| 45 | 45 | #include "util/storage/slabhash.h" |
| 46 | 46 | |
| 47 | 47 | struct slabhash* slabhash_create(size_t numtables, size_t start_size, |
| 48 | size_t maxmem, lruhash_sizefunc_t sizefunc, | |
| 49 | lruhash_compfunc_t compfunc, lruhash_delkeyfunc_t delkeyfunc, | |
| 50 | lruhash_deldatafunc_t deldatafunc, void* arg) | |
| 48 | size_t maxmem, lruhash_sizefunc_type sizefunc, | |
| 49 | lruhash_compfunc_type compfunc, lruhash_delkeyfunc_type delkeyfunc, | |
| 50 | lruhash_deldatafunc_type deldatafunc, void* arg) | |
| 51 | 51 | { |
| 52 | 52 | size_t i; |
| 53 | 53 | struct slabhash* sl = (struct slabhash*)calloc(1, |
| 107 | 107 | |
| 108 | 108 | /** helper routine to calculate the slabhash index */ |
| 109 | 109 | static unsigned int |
| 110 | slab_idx(struct slabhash* sl, hashvalue_t hash) | |
| 110 | slab_idx(struct slabhash* sl, hashvalue_type hash) | |
| 111 | 111 | { |
| 112 | 112 | return ((hash & sl->mask) >> sl->shift); |
| 113 | 113 | } |
| 114 | 114 | |
| 115 | void slabhash_insert(struct slabhash* sl, hashvalue_t hash, | |
| 115 | void slabhash_insert(struct slabhash* sl, hashvalue_type hash, | |
| 116 | 116 | struct lruhash_entry* entry, void* data, void* arg) |
| 117 | 117 | { |
| 118 | 118 | lruhash_insert(sl->array[slab_idx(sl, hash)], hash, entry, data, arg); |
| 119 | 119 | } |
| 120 | 120 | |
| 121 | 121 | struct lruhash_entry* slabhash_lookup(struct slabhash* sl, |
| 122 | hashvalue_t hash, void* key, int wr) | |
| 122 | hashvalue_type hash, void* key, int wr) | |
| 123 | 123 | { |
| 124 | 124 | return lruhash_lookup(sl->array[slab_idx(sl, hash)], hash, key, wr); |
| 125 | 125 | } |
| 126 | 126 | |
| 127 | void slabhash_remove(struct slabhash* sl, hashvalue_t hash, void* key) | |
| 127 | void slabhash_remove(struct slabhash* sl, hashvalue_type hash, void* key) | |
| 128 | 128 | { |
| 129 | 129 | lruhash_remove(sl->array[slab_idx(sl, hash)], hash, key); |
| 130 | 130 | } |
| 162 | 162 | return total; |
| 163 | 163 | } |
| 164 | 164 | |
| 165 | struct lruhash* slabhash_gettable(struct slabhash* sl, hashvalue_t hash) | |
| 165 | struct lruhash* slabhash_gettable(struct slabhash* sl, hashvalue_type hash) | |
| 166 | 166 | { |
| 167 | 167 | return sl->array[slab_idx(sl, hash)]; |
| 168 | 168 | } |
| 201 | 201 | deldata((struct slabhash_testdata*)data); |
| 202 | 202 | } |
| 203 | 203 | |
| 204 | void slabhash_setmarkdel(struct slabhash* sl, lruhash_markdelfunc_t md) | |
| 204 | void slabhash_setmarkdel(struct slabhash* sl, lruhash_markdelfunc_type md) | |
| 205 | 205 | { |
| 206 | 206 | size_t i; |
| 207 | 207 | for(i=0; i<sl->size; i++) { |
| 79 | 79 | * @return: new hash table or NULL on malloc failure. |
| 80 | 80 | */ |
| 81 | 81 | struct slabhash* slabhash_create(size_t numtables, size_t start_size, |
| 82 | size_t maxmem, lruhash_sizefunc_t sizefunc, | |
| 83 | lruhash_compfunc_t compfunc, lruhash_delkeyfunc_t delkeyfunc, | |
| 84 | lruhash_deldatafunc_t deldatafunc, void* arg); | |
| 82 | size_t maxmem, lruhash_sizefunc_type sizefunc, | |
| 83 | lruhash_compfunc_type compfunc, lruhash_delkeyfunc_type delkeyfunc, | |
| 84 | lruhash_deldatafunc_type deldatafunc, void* arg); | |
| 85 | 85 | |
| 86 | 86 | /** |
| 87 | 87 | * Delete hash table. Entries are all deleted. |
| 108 | 108 | * @param data: the data. |
| 109 | 109 | * @param cb_override: if not NULL overrides the cb_arg for deletfunc. |
| 110 | 110 | */ |
| 111 | void slabhash_insert(struct slabhash* table, hashvalue_t hash, | |
| 111 | void slabhash_insert(struct slabhash* table, hashvalue_type hash, | |
| 112 | 112 | struct lruhash_entry* entry, void* data, void* cb_override); |
| 113 | 113 | |
| 114 | 114 | /** |
| 125 | 125 | * The user must unlock the entry when done. |
| 126 | 126 | */ |
| 127 | 127 | struct lruhash_entry* slabhash_lookup(struct slabhash* table, |
| 128 | hashvalue_t hash, void* key, int wr); | |
| 128 | hashvalue_type hash, void* key, int wr); | |
| 129 | 129 | |
| 130 | 130 | /** |
| 131 | 131 | * Remove entry from hashtable. Does nothing if not found in hashtable. |
| 134 | 134 | * @param hash: hash of key. |
| 135 | 135 | * @param key: what to look for. |
| 136 | 136 | */ |
| 137 | void slabhash_remove(struct slabhash* table, hashvalue_t hash, void* key); | |
| 137 | void slabhash_remove(struct slabhash* table, hashvalue_type hash, void* key); | |
| 138 | 138 | |
| 139 | 139 | /** |
| 140 | 140 | * Output debug info to the log as to state of the hash table. |
| 164 | 164 | * @param hash: hash value. |
| 165 | 165 | * @return the lru hash table. |
| 166 | 166 | */ |
| 167 | struct lruhash* slabhash_gettable(struct slabhash* table, hashvalue_t hash); | |
| 167 | struct lruhash* slabhash_gettable(struct slabhash* table, hashvalue_type hash); | |
| 168 | 168 | |
| 169 | 169 | /** |
| 170 | 170 | * Set markdel function |
| 171 | 171 | * @param table: slabbed hash table. |
| 172 | 172 | * @param md: markdel function ptr. |
| 173 | 173 | */ |
| 174 | void slabhash_setmarkdel(struct slabhash* table, lruhash_markdelfunc_t md); | |
| 174 | void slabhash_setmarkdel(struct slabhash* table, lruhash_markdelfunc_type md); | |
| 175 | 175 | |
| 176 | 176 | /** |
| 177 | 177 | * Traverse a slabhash. |
| 224 | 224 | } |
| 225 | 225 | |
| 226 | 226 | void |
| 227 | timehist_export(struct timehist* hist, size_t* array, size_t sz) | |
| 227 | timehist_export(struct timehist* hist, long long* array, size_t sz) | |
| 228 | 228 | { |
| 229 | 229 | size_t i; |
| 230 | 230 | if(!hist) return; |
| 231 | 231 | if(sz > hist->num) |
| 232 | 232 | sz = hist->num; |
| 233 | 233 | for(i=0; i<sz; i++) |
| 234 | array[i] = hist->buckets[i].count; | |
| 234 | array[i] = (long long)hist->buckets[i].count; | |
| 235 | 235 | } |
| 236 | 236 | |
| 237 | 237 | void |
| 238 | timehist_import(struct timehist* hist, size_t* array, size_t sz) | |
| 238 | timehist_import(struct timehist* hist, long long* array, size_t sz) | |
| 239 | 239 | { |
| 240 | 240 | size_t i; |
| 241 | 241 | if(!hist) return; |
| 242 | 242 | if(sz > hist->num) |
| 243 | 243 | sz = hist->num; |
| 244 | 244 | for(i=0; i<sz; i++) |
| 245 | hist->buckets[i].count = array[i]; | |
| 246 | } | |
| 245 | hist->buckets[i].count = (size_t)array[i]; | |
| 246 | } |
| 120 | 120 | * @param array: the array to export to. |
| 121 | 121 | * @param sz: number of items in array. |
| 122 | 122 | */ |
| 123 | void timehist_export(struct timehist* hist, size_t* array, size_t sz); | |
| 123 | void timehist_export(struct timehist* hist, long long* array, size_t sz); | |
| 124 | 124 | |
| 125 | 125 | /** |
| 126 | 126 | * Import histogram from an array. |
| 128 | 128 | * @param array: the array to import from. |
| 129 | 129 | * @param sz: number of items in array. |
| 130 | 130 | */ |
| 131 | void timehist_import(struct timehist* hist, size_t* array, size_t sz); | |
| 131 | void timehist_import(struct timehist* hist, long long* array, size_t sz); | |
| 132 | 132 | |
| 133 | 133 | #endif /* UTIL_TIMEHIST_H */ |
| 425 | 425 | } |
| 426 | 426 | |
| 427 | 427 | int tube_setup_bg_listen(struct tube* tube, struct comm_base* base, |
| 428 | tube_callback_t* cb, void* arg) | |
| 428 | tube_callback_type* cb, void* arg) | |
| 429 | 429 | { |
| 430 | 430 | tube->listen_cb = cb; |
| 431 | 431 | tube->listen_arg = arg; |
| 666 | 666 | } |
| 667 | 667 | |
| 668 | 668 | int tube_setup_bg_listen(struct tube* tube, struct comm_base* base, |
| 669 | tube_callback_t* cb, void* arg) | |
| 669 | tube_callback_type* cb, void* arg) | |
| 670 | 670 | { |
| 671 | 671 | tube->listen_cb = cb; |
| 672 | 672 | tube->listen_arg = arg; |
| 54 | 54 | * void mycallback(tube, msg, len, error, user_argument); |
| 55 | 55 | * if error is true (NETEVENT_*), msg is probably NULL. |
| 56 | 56 | */ |
| 57 | typedef void tube_callback_t(struct tube*, uint8_t*, size_t, int, void*); | |
| 57 | typedef void tube_callback_type(struct tube*, uint8_t*, size_t, int, void*); | |
| 58 | 58 | |
| 59 | 59 | /** |
| 60 | 60 | * A pipe |
| 69 | 69 | /** listen commpoint */ |
| 70 | 70 | struct comm_point* listen_com; |
| 71 | 71 | /** listen callback */ |
| 72 | tube_callback_t* listen_cb; | |
| 72 | tube_callback_type* listen_cb; | |
| 73 | 73 | /** listen callback user arg */ |
| 74 | 74 | void* listen_arg; |
| 75 | 75 | /** are we currently reading a command, 0 if not, else bytecount */ |
| 91 | 91 | |
| 92 | 92 | #else /* USE_WINSOCK */ |
| 93 | 93 | /** listen callback */ |
| 94 | tube_callback_t* listen_cb; | |
| 94 | tube_callback_type* listen_cb; | |
| 95 | 95 | /** listen callback user arg */ |
| 96 | 96 | void* listen_arg; |
| 97 | 97 | /** the windows sockets event (signaled if items in pipe) */ |
| 100 | 100 | struct ub_event* ev_listen; |
| 101 | 101 | |
| 102 | 102 | /** lock on the list of outstanding items */ |
| 103 | lock_basic_t res_lock; | |
| 103 | lock_basic_type res_lock; | |
| 104 | 104 | /** list of outstanding results on pipe */ |
| 105 | 105 | struct tube_res_list* res_list; |
| 106 | 106 | /** last in list */ |
| 221 | 221 | * @return true if successful, false on error. |
| 222 | 222 | */ |
| 223 | 223 | int tube_setup_bg_listen(struct tube* tube, struct comm_base* base, |
| 224 | tube_callback_t* cb, void* arg); | |
| 224 | tube_callback_type* cb, void* arg); | |
| 225 | 225 | |
| 226 | 226 | /** |
| 227 | 227 | * Remove bg listen setup from event base. |
| 168 | 168 | #endif |
| 169 | 169 | verbose(VERB_CLIENT, "winsock_event handle_timeouts"); |
| 170 | 170 | |
| 171 | while((rbnode_t*)(p = (struct event*)rbtree_first(base->times)) | |
| 171 | while((rbnode_type*)(p = (struct event*)rbtree_first(base->times)) | |
| 172 | 172 | !=RBTREE_NULL) { |
| 173 | 173 | #ifndef S_SPLINT_S |
| 174 | 174 | if(p->ev_timeout.tv_sec > now->tv_sec || |
| 131 | 131 | struct event_base |
| 132 | 132 | { |
| 133 | 133 | /** sorted by timeout (absolute), ptr */ |
| 134 | rbtree_t* times; | |
| 134 | rbtree_type* times; | |
| 135 | 135 | /** array (first part in use) of handles to work on */ |
| 136 | 136 | struct event** items; |
| 137 | 137 | /** number of items in use in array */ |
| 168 | 168 | */ |
| 169 | 169 | struct event { |
| 170 | 170 | /** node in timeout rbtree */ |
| 171 | rbnode_t node; | |
| 171 | rbnode_type node; | |
| 172 | 172 | /** is event already added */ |
| 173 | 173 | int added; |
| 174 | 174 | |
| 1063 | 1063 | |
| 1064 | 1064 | /** string for a trustanchor state */ |
| 1065 | 1065 | static const char* |
| 1066 | trustanchor_state2str(autr_state_t s) | |
| 1066 | trustanchor_state2str(autr_state_type s) | |
| 1067 | 1067 | { |
| 1068 | 1068 | switch (s) { |
| 1069 | 1069 | case AUTR_STATE_START: return " START "; |
| 1678 | 1678 | /** Set the state for this trust anchor */ |
| 1679 | 1679 | static void |
| 1680 | 1680 | set_trustanchor_state(struct module_env* env, struct autr_ta* ta, int* changed, |
| 1681 | autr_state_t s) | |
| 1681 | autr_state_type s) | |
| 1682 | 1682 | { |
| 1683 | 1683 | verbose_key(ta, VERB_ALGO, "update: %s to %s", |
| 1684 | 1684 | trustanchor_state2str(ta->s), trustanchor_state2str(s)); |
| 1988 | 1988 | static time_t |
| 1989 | 1989 | wait_probe_time(struct val_anchors* anchors) |
| 1990 | 1990 | { |
| 1991 | rbnode_t* t = rbtree_first(&anchors->autr->probe); | |
| 1991 | rbnode_type* t = rbtree_first(&anchors->autr->probe); | |
| 1992 | 1992 | if(t != RBTREE_NULL) |
| 1993 | 1993 | return ((struct trust_anchor*)t->key)->autr->next_probe_time; |
| 1994 | 1994 | return 0; |
| 2362 | 2362 | todo_probe(struct module_env* env, time_t* next) |
| 2363 | 2363 | { |
| 2364 | 2364 | struct trust_anchor* tp; |
| 2365 | rbnode_t* el; | |
| 2365 | rbnode_type* el; | |
| 2366 | 2366 | /* get first one */ |
| 2367 | 2367 | lock_basic_lock(&env->anchors->lock); |
| 2368 | 2368 | if( (el=rbtree_first(&env->anchors->autr->probe)) == RBTREE_NULL) { |
| 57 | 57 | AUTR_STATE_MISSING = 3, |
| 58 | 58 | AUTR_STATE_REVOKED = 4, |
| 59 | 59 | AUTR_STATE_REMOVED = 5 |
| 60 | } autr_state_t; | |
| 60 | } autr_state_type; | |
| 61 | 61 | |
| 62 | 62 | /** |
| 63 | 63 | * Autotrust metadata for one trust anchor key. |
| 72 | 72 | /** last update of key state (new pending count keeps date the same) */ |
| 73 | 73 | time_t last_change; |
| 74 | 74 | /** 5011 state */ |
| 75 | autr_state_t s; | |
| 75 | autr_state_type s; | |
| 76 | 76 | /** pending count */ |
| 77 | 77 | uint8_t pending_count; |
| 78 | 78 | /** fresh TA was seen */ |
| 89 | 89 | /** file to store the trust point in. chrootdir already applied. */ |
| 90 | 90 | char* file; |
| 91 | 91 | /** rbtree node for probe sort, key is struct trust_anchor */ |
| 92 | rbnode_t pnode; | |
| 92 | rbnode_type pnode; | |
| 93 | 93 | |
| 94 | 94 | /** the keys */ |
| 95 | 95 | struct autr_ta* keys; |
| 125 | 125 | struct autr_global_data { |
| 126 | 126 | /** rbtree of autotrust anchors sorted by next probe time. |
| 127 | 127 | * When time is equal, sorted by anchor class, name. */ |
| 128 | rbtree_t probe; | |
| 128 | rbtree_type probe; | |
| 129 | 129 | }; |
| 130 | 130 | |
| 131 | 131 | /** |
| 112 | 112 | |
| 113 | 113 | /** destroy locks in tree and delete autotrust anchors */ |
| 114 | 114 | static void |
| 115 | anchors_delfunc(rbnode_t* elem, void* ATTR_UNUSED(arg)) | |
| 115 | anchors_delfunc(rbnode_type* elem, void* ATTR_UNUSED(arg)) | |
| 116 | 116 | { |
| 117 | 117 | struct trust_anchor* ta = (struct trust_anchor*)elem; |
| 118 | 118 | if(!ta) return; |
| 197 | 197 | size_t namelen, uint16_t dclass) |
| 198 | 198 | { |
| 199 | 199 | struct trust_anchor key; |
| 200 | rbnode_t* n; | |
| 200 | rbnode_type* n; | |
| 201 | 201 | if(!name) return NULL; |
| 202 | 202 | key.node.key = &key; |
| 203 | 203 | key.name = name; |
| 221 | 221 | size_t namelen, uint16_t dclass, int lockit) |
| 222 | 222 | { |
| 223 | 223 | #ifdef UNBOUND_DEBUG |
| 224 | rbnode_t* r; | |
| 224 | rbnode_type* r; | |
| 225 | 225 | #endif |
| 226 | 226 | struct trust_anchor* ta = (struct trust_anchor*)malloc( |
| 227 | 227 | sizeof(struct trust_anchor)); |
| 989 | 989 | size_t nods, nokey; |
| 990 | 990 | lock_basic_lock(&anchors->lock); |
| 991 | 991 | ta=(struct trust_anchor*)rbtree_first(anchors->tree); |
| 992 | while((rbnode_t*)ta != RBTREE_NULL) { | |
| 992 | while((rbnode_type*)ta != RBTREE_NULL) { | |
| 993 | 993 | next = (struct trust_anchor*)rbtree_next(&ta->node); |
| 994 | 994 | lock_basic_lock(&ta->lock); |
| 995 | 995 | if(ta->autr || (ta->numDS == 0 && ta->numDNSKEY == 0)) { |
| 1163 | 1163 | { |
| 1164 | 1164 | struct trust_anchor key; |
| 1165 | 1165 | struct trust_anchor* result; |
| 1166 | rbnode_t* res = NULL; | |
| 1166 | rbnode_type* res = NULL; | |
| 1167 | 1167 | key.node.key = &key; |
| 1168 | 1168 | key.name = qname; |
| 1169 | 1169 | key.namelabs = dname_count_labels(qname); |
| 1272 | 1272 | anchors_delfunc(&ta->node, NULL); |
| 1273 | 1273 | } |
| 1274 | 1274 | |
| 1275 | /** compare two keytags, return -1, 0 or 1 */ | |
| 1276 | static int | |
| 1277 | keytag_compare(const void* x, const void* y) | |
| 1278 | { | |
| 1279 | if(*(uint16_t*)x == *(uint16_t*)y) | |
| 1280 | return 0; | |
| 1281 | if(*(uint16_t*)x > *(uint16_t*)y) | |
| 1282 | return 1; | |
| 1283 | return -1; | |
| 1284 | } | |
| 1285 | ||
| 1286 | size_t | |
| 1287 | anchor_list_keytags(struct trust_anchor* ta, uint16_t* list, size_t num) | |
| 1288 | { | |
| 1289 | size_t i, ret = 0; | |
| 1290 | if(ta->numDS == 0 && ta->numDNSKEY == 0) | |
| 1291 | return 0; /* insecure point */ | |
| 1292 | if(ta->numDS != 0 && ta->ds_rrset) { | |
| 1293 | struct packed_rrset_data* d=(struct packed_rrset_data*) | |
| 1294 | ta->ds_rrset->entry.data; | |
| 1295 | for(i=0; i<d->count; i++) { | |
| 1296 | if(ret == num) continue; | |
| 1297 | list[ret++] = ds_get_keytag(ta->ds_rrset, i); | |
| 1298 | } | |
| 1299 | } | |
| 1300 | if(ta->numDNSKEY != 0 && ta->dnskey_rrset) { | |
| 1301 | struct packed_rrset_data* d=(struct packed_rrset_data*) | |
| 1302 | ta->dnskey_rrset->entry.data; | |
| 1303 | for(i=0; i<d->count; i++) { | |
| 1304 | if(ret == num) continue; | |
| 1305 | list[ret++] = dnskey_calc_keytag(ta->dnskey_rrset, i); | |
| 1306 | } | |
| 1307 | } | |
| 1308 | qsort(list, ret, sizeof(*list), keytag_compare); | |
| 1309 | return ret; | |
| 1310 | } | |
| 58 | 58 | */ |
| 59 | 59 | struct val_anchors { |
| 60 | 60 | /** lock on trees */ |
| 61 | lock_basic_t lock; | |
| 61 | lock_basic_type lock; | |
| 62 | 62 | /** |
| 63 | 63 | * Anchors are store in this tree. Sort order is chosen, so that |
| 64 | 64 | * dnames are in nsec-like order. A lookup on class, name will return |
| 65 | 65 | * an exact match of the closest match, with the ancestor needed. |
| 66 | 66 | * contents of type trust_anchor. |
| 67 | 67 | */ |
| 68 | rbtree_t* tree; | |
| 68 | rbtree_type* tree; | |
| 69 | 69 | /** The DLV trust anchor (if one is configured, else NULL) */ |
| 70 | 70 | struct trust_anchor* dlv_anchor; |
| 71 | 71 | /** Autotrust global data, anchors sorted by next probe time */ |
| 92 | 92 | */ |
| 93 | 93 | struct trust_anchor { |
| 94 | 94 | /** rbtree node, key is this structure */ |
| 95 | rbnode_t node; | |
| 95 | rbnode_type node; | |
| 96 | 96 | /** lock on the entire anchor and its keys; for autotrust changes */ |
| 97 | lock_basic_t lock; | |
| 97 | lock_basic_type lock; | |
| 98 | 98 | /** name of this trust anchor */ |
| 99 | 99 | uint8_t* name; |
| 100 | 100 | /** length of name */ |
| 215 | 215 | void anchors_delete_insecure(struct val_anchors* anchors, uint16_t c, |
| 216 | 216 | uint8_t* nm); |
| 217 | 217 | |
| 218 | /** | |
| 219 | * Get a list of keytags for the trust anchor. Zero tags for insecure points. | |
| 220 | * @param ta: trust anchor (locked by caller). | |
| 221 | * @param list: array of uint16_t. | |
| 222 | * @param num: length of array. | |
| 223 | * @return number of keytags filled into array. If total number of keytags is | |
| 224 | * bigger than the array, it is truncated at num. On errors, less keytags | |
| 225 | * are filled in. The array is sorted. | |
| 226 | */ | |
| 227 | size_t anchor_list_keytags(struct trust_anchor* ta, uint16_t* list, size_t num); | |
| 228 | ||
| 218 | 229 | #endif /* VALIDATOR_VAL_ANCHOR_H */ |
| 110 | 110 | |
| 111 | 111 | /** clear datas on cache deletion */ |
| 112 | 112 | static void |
| 113 | neg_clear_datas(rbnode_t* n, void* ATTR_UNUSED(arg)) | |
| 113 | neg_clear_datas(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 114 | 114 | { |
| 115 | 115 | struct val_neg_data* d = (struct val_neg_data*)n; |
| 116 | 116 | free(d->name); |
| 119 | 119 | |
| 120 | 120 | /** clear zones on cache deletion */ |
| 121 | 121 | static void |
| 122 | neg_clear_zones(rbnode_t* n, void* ATTR_UNUSED(arg)) | |
| 122 | neg_clear_zones(rbnode_type* n, void* ATTR_UNUSED(arg)) | |
| 123 | 123 | { |
| 124 | 124 | struct val_neg_zone* z = (struct val_neg_zone*)n; |
| 125 | 125 | /* delete all the rrset entries in the tree */ |
| 370 | 370 | { |
| 371 | 371 | struct val_neg_zone key; |
| 372 | 372 | struct val_neg_zone* result; |
| 373 | rbnode_t* res = NULL; | |
| 373 | rbnode_type* res = NULL; | |
| 374 | 374 | key.node.key = &key; |
| 375 | 375 | key.name = nm; |
| 376 | 376 | key.len = nm_len; |
| 410 | 410 | { |
| 411 | 411 | struct val_neg_data key; |
| 412 | 412 | struct val_neg_data* result; |
| 413 | rbnode_t* res = NULL; | |
| 413 | rbnode_type* res = NULL; | |
| 414 | 414 | key.node.key = &key; |
| 415 | 415 | key.name = nm; |
| 416 | 416 | key.len = nm_len; |
| 676 | 676 | uint8_t* end; |
| 677 | 677 | size_t end_len; |
| 678 | 678 | int end_labs, m; |
| 679 | rbnode_t* walk, *next; | |
| 679 | rbnode_type* walk, *next; | |
| 680 | 680 | struct val_neg_data* cur; |
| 681 | 681 | uint8_t buf[257]; |
| 682 | 682 | /* get endpoint */ |
| 910 | 910 | uint8_t* qname, size_t len, int labs, struct val_neg_data** data) |
| 911 | 911 | { |
| 912 | 912 | struct val_neg_data key; |
| 913 | rbnode_t* r; | |
| 913 | rbnode_type* r; | |
| 914 | 914 | key.node.key = &key; |
| 915 | 915 | key.name = qname; |
| 916 | 916 | key.len = len; |
| 66 | 66 | struct val_neg_cache { |
| 67 | 67 | /** the big lock on the negative cache. Because we use a rbtree |
| 68 | 68 | * for the data (quick lookup), we need a big lock */ |
| 69 | lock_basic_t lock; | |
| 69 | lock_basic_type lock; | |
| 70 | 70 | /** The zone rbtree. contents sorted canonical, type val_neg_zone */ |
| 71 | rbtree_t tree; | |
| 71 | rbtree_type tree; | |
| 72 | 72 | /** the first in linked list of LRU of val_neg_data */ |
| 73 | 73 | struct val_neg_data* first; |
| 74 | 74 | /** last in lru (least recently used element) */ |
| 86 | 86 | */ |
| 87 | 87 | struct val_neg_zone { |
| 88 | 88 | /** rbtree node element, key is this struct: the name, class */ |
| 89 | rbnode_t node; | |
| 89 | rbnode_type node; | |
| 90 | 90 | /** name; the key */ |
| 91 | 91 | uint8_t* name; |
| 92 | 92 | /** length of name */ |
| 113 | 113 | |
| 114 | 114 | /** tree of NSEC data for this zone, sorted canonical |
| 115 | 115 | * by NSEC owner name */ |
| 116 | rbtree_t tree; | |
| 116 | rbtree_type tree; | |
| 117 | 117 | |
| 118 | 118 | /** class of node; host order */ |
| 119 | 119 | uint16_t dclass; |
| 134 | 134 | */ |
| 135 | 135 | struct val_neg_data { |
| 136 | 136 | /** rbtree node element, key is this struct: the name */ |
| 137 | rbnode_t node; | |
| 137 | rbnode_type node; | |
| 138 | 138 | /** name; the key */ |
| 139 | 139 | uint8_t* name; |
| 140 | 140 | /** length of name */ |
| 622 | 622 | } |
| 623 | 623 | |
| 624 | 624 | int |
| 625 | nsec3_hash_name(rbtree_t* table, struct regional* region, sldns_buffer* buf, | |
| 625 | nsec3_hash_name(rbtree_type* table, struct regional* region, sldns_buffer* buf, | |
| 626 | 626 | struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname, |
| 627 | 627 | size_t dname_len, struct nsec3_cached_hash** hash) |
| 628 | 628 | { |
| 629 | 629 | struct nsec3_cached_hash* c; |
| 630 | 630 | struct nsec3_cached_hash looki; |
| 631 | 631 | #ifdef UNBOUND_DEBUG |
| 632 | rbnode_t* n; | |
| 632 | rbnode_type* n; | |
| 633 | 633 | #endif |
| 634 | 634 | int r; |
| 635 | 635 | looki.node.key = &looki; |
| 729 | 729 | */ |
| 730 | 730 | static int |
| 731 | 731 | find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt, |
| 732 | rbtree_t* ct, uint8_t* nm, size_t nmlen, | |
| 732 | rbtree_type* ct, uint8_t* nm, size_t nmlen, | |
| 733 | 733 | struct ub_packed_rrset_key** rrset, int* rr) |
| 734 | 734 | { |
| 735 | 735 | size_t i_rs; |
| 822 | 822 | */ |
| 823 | 823 | static int |
| 824 | 824 | find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt, |
| 825 | rbtree_t* ct, uint8_t* nm, size_t nmlen, | |
| 825 | rbtree_type* ct, uint8_t* nm, size_t nmlen, | |
| 826 | 826 | struct ub_packed_rrset_key** rrset, int* rr) |
| 827 | 827 | { |
| 828 | 828 | size_t i_rs; |
| 868 | 868 | */ |
| 869 | 869 | static int |
| 870 | 870 | nsec3_find_closest_encloser(struct module_env* env, struct nsec3_filter* flt, |
| 871 | rbtree_t* ct, struct query_info* qinfo, struct ce_response* ce) | |
| 871 | rbtree_type* ct, struct query_info* qinfo, struct ce_response* ce) | |
| 872 | 872 | { |
| 873 | 873 | uint8_t* nm = qinfo->qname; |
| 874 | 874 | size_t nmlen = qinfo->qname_len; |
| 935 | 935 | */ |
| 936 | 936 | static enum sec_status |
| 937 | 937 | nsec3_prove_closest_encloser(struct module_env* env, struct nsec3_filter* flt, |
| 938 | rbtree_t* ct, struct query_info* qinfo, int prove_does_not_exist, | |
| 938 | rbtree_type* ct, struct query_info* qinfo, int prove_does_not_exist, | |
| 939 | 939 | struct ce_response* ce) |
| 940 | 940 | { |
| 941 | 941 | uint8_t* nc; |
| 1015 | 1015 | /** Do the name error proof */ |
| 1016 | 1016 | static enum sec_status |
| 1017 | 1017 | nsec3_do_prove_nameerror(struct module_env* env, struct nsec3_filter* flt, |
| 1018 | rbtree_t* ct, struct query_info* qinfo) | |
| 1018 | rbtree_type* ct, struct query_info* qinfo) | |
| 1019 | 1019 | { |
| 1020 | 1020 | struct ce_response ce; |
| 1021 | 1021 | uint8_t* wc; |
| 1061 | 1061 | struct ub_packed_rrset_key** list, size_t num, |
| 1062 | 1062 | struct query_info* qinfo, struct key_entry_key* kkey) |
| 1063 | 1063 | { |
| 1064 | rbtree_t ct; | |
| 1064 | rbtree_type ct; | |
| 1065 | 1065 | struct nsec3_filter flt; |
| 1066 | 1066 | |
| 1067 | 1067 | if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) |
| 1085 | 1085 | /** Do the nodata proof */ |
| 1086 | 1086 | static enum sec_status |
| 1087 | 1087 | nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt, |
| 1088 | rbtree_t* ct, struct query_info* qinfo) | |
| 1088 | rbtree_type* ct, struct query_info* qinfo) | |
| 1089 | 1089 | { |
| 1090 | 1090 | struct ce_response ce; |
| 1091 | 1091 | uint8_t* wc; |
| 1220 | 1220 | struct ub_packed_rrset_key** list, size_t num, |
| 1221 | 1221 | struct query_info* qinfo, struct key_entry_key* kkey) |
| 1222 | 1222 | { |
| 1223 | rbtree_t ct; | |
| 1223 | rbtree_type ct; | |
| 1224 | 1224 | struct nsec3_filter flt; |
| 1225 | 1225 | |
| 1226 | 1226 | if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) |
| 1239 | 1239 | struct ub_packed_rrset_key** list, size_t num, |
| 1240 | 1240 | struct query_info* qinfo, struct key_entry_key* kkey, uint8_t* wc) |
| 1241 | 1241 | { |
| 1242 | rbtree_t ct; | |
| 1242 | rbtree_type ct; | |
| 1243 | 1243 | struct nsec3_filter flt; |
| 1244 | 1244 | struct ce_response ce; |
| 1245 | 1245 | uint8_t* nc; |
| 1313 | 1313 | struct ub_packed_rrset_key** list, size_t num, |
| 1314 | 1314 | struct query_info* qinfo, struct key_entry_key* kkey, char** reason) |
| 1315 | 1315 | { |
| 1316 | rbtree_t ct; | |
| 1316 | rbtree_type ct; | |
| 1317 | 1317 | struct nsec3_filter flt; |
| 1318 | 1318 | struct ce_response ce; |
| 1319 | 1319 | struct ub_packed_rrset_key* rrset; |
| 1402 | 1402 | struct query_info* qinfo, struct key_entry_key* kkey, int* nodata) |
| 1403 | 1403 | { |
| 1404 | 1404 | enum sec_status sec, secnx; |
| 1405 | rbtree_t ct; | |
| 1405 | rbtree_type ct; | |
| 1406 | 1406 | struct nsec3_filter flt; |
| 1407 | 1407 | *nodata = 0; |
| 1408 | 1408 | |
| 223 | 223 | */ |
| 224 | 224 | struct nsec3_cached_hash { |
| 225 | 225 | /** rbtree node, key is this structure */ |
| 226 | rbnode_t node; | |
| 226 | rbnode_type node; | |
| 227 | 227 | /** where are the parameters for conversion, in this rrset data */ |
| 228 | 228 | struct ub_packed_rrset_key* nsec3; |
| 229 | 229 | /** where are the parameters for conversion, this RR number in data */ |
| 270 | 270 | * 0 on a malloc failure. |
| 271 | 271 | * -1 if the NSEC3 rr was badly formatted (i.e. formerr). |
| 272 | 272 | */ |
| 273 | int nsec3_hash_name(rbtree_t* table, struct regional* region, | |
| 273 | int nsec3_hash_name(rbtree_type* table, struct regional* region, | |
| 274 | 274 | struct sldns_buffer* buf, struct ub_packed_rrset_key* nsec3, int rr, |
| 275 | 275 | uint8_t* dname, size_t dname_len, struct nsec3_cached_hash** hash); |
| 276 | 276 | |
| 73 | 73 | |
| 74 | 74 | /** fake DSA support for unit tests */ |
| 75 | 75 | int fake_dsa = 0; |
| 76 | /** fake SHA1 support for unit tests */ | |
| 77 | int fake_sha1 = 0; | |
| 76 | 78 | |
| 77 | 79 | /* return size of digest if supported, or 0 otherwise */ |
| 78 | 80 | size_t |
| 115 | 117 | ds_digest_size_supported(int algo) |
| 116 | 118 | { |
| 117 | 119 | switch(algo) { |
| 118 | #ifdef HAVE_EVP_SHA1 | |
| 119 | 120 | case LDNS_SHA1: |
| 121 | #if defined(HAVE_EVP_SHA1) && defined(USE_SHA1) | |
| 120 | 122 | return SHA_DIGEST_LENGTH; |
| 123 | #else | |
| 124 | if(fake_sha1) return 20; | |
| 125 | return 0; | |
| 121 | 126 | #endif |
| 122 | 127 | #ifdef HAVE_EVP_SHA256 |
| 123 | 128 | case LDNS_SHA256: |
| 157 | 162 | unsigned char* res) |
| 158 | 163 | { |
| 159 | 164 | switch(algo) { |
| 160 | #ifdef HAVE_EVP_SHA1 | |
| 165 | #if defined(HAVE_EVP_SHA1) && defined(USE_SHA1) | |
| 161 | 166 | case LDNS_SHA1: |
| 162 | 167 | (void)SHA1(buf, len, res); |
| 163 | 168 | return 1; |
| 196 | 201 | return 0; |
| 197 | 202 | case LDNS_DSA: |
| 198 | 203 | case LDNS_DSA_NSEC3: |
| 199 | #ifdef USE_DSA | |
| 204 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 200 | 205 | return 1; |
| 201 | 206 | #else |
| 202 | if(fake_dsa) return 1; | |
| 207 | if(fake_dsa || fake_sha1) return 1; | |
| 203 | 208 | return 0; |
| 204 | 209 | #endif |
| 210 | ||
| 205 | 211 | case LDNS_RSASHA1: |
| 206 | 212 | case LDNS_RSASHA1_NSEC3: |
| 213 | #ifdef USE_SHA1 | |
| 214 | return 1; | |
| 215 | #else | |
| 216 | if(fake_sha1) return 1; | |
| 217 | return 0; | |
| 218 | #endif | |
| 219 | ||
| 207 | 220 | #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) |
| 208 | 221 | case LDNS_RSASHA256: |
| 209 | 222 | #endif |
| 214 | 227 | case LDNS_ECDSAP256SHA256: |
| 215 | 228 | case LDNS_ECDSAP384SHA384: |
| 216 | 229 | #endif |
| 230 | #ifdef USE_ED25519 | |
| 231 | case LDNS_ED25519: | |
| 232 | #endif | |
| 233 | #if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA) | |
| 217 | 234 | return 1; |
| 235 | #endif | |
| 236 | ||
| 218 | 237 | #ifdef USE_GOST |
| 219 | 238 | case LDNS_ECC_GOST: |
| 220 | 239 | /* we support GOST if it can be loaded */ |
| 391 | 410 | setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, |
| 392 | 411 | unsigned char* key, size_t keylen) |
| 393 | 412 | { |
| 394 | #ifdef USE_DSA | |
| 413 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 395 | 414 | DSA* dsa; |
| 396 | 415 | #endif |
| 397 | 416 | RSA* rsa; |
| 398 | 417 | |
| 399 | 418 | switch(algo) { |
| 400 | #ifdef USE_DSA | |
| 419 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 401 | 420 | case LDNS_DSA: |
| 402 | 421 | case LDNS_DSA_NSEC3: |
| 403 | 422 | *evp_key = EVP_PKEY_new(); |
| 423 | 442 | #endif |
| 424 | 443 | |
| 425 | 444 | break; |
| 426 | #endif /* USE_DSA */ | |
| 445 | #endif /* USE_DSA && USE_SHA1 */ | |
| 446 | ||
| 447 | #if defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) | |
| 448 | #ifdef USE_SHA1 | |
| 427 | 449 | case LDNS_RSASHA1: |
| 428 | 450 | case LDNS_RSASHA1_NSEC3: |
| 451 | #endif | |
| 429 | 452 | #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) |
| 430 | 453 | case LDNS_RSASHA256: |
| 431 | 454 | #endif |
| 460 | 483 | *digest_type = EVP_sha512(); |
| 461 | 484 | else |
| 462 | 485 | #endif |
| 486 | #ifdef USE_SHA1 | |
| 463 | 487 | *digest_type = EVP_sha1(); |
| 464 | ||
| 465 | break; | |
| 488 | #else | |
| 489 | { verbose(VERB_QUERY, "no digest available"); return 0; } | |
| 490 | #endif | |
| 491 | break; | |
| 492 | #endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */ | |
| 493 | ||
| 466 | 494 | case LDNS_RSAMD5: |
| 467 | 495 | *evp_key = EVP_PKEY_new(); |
| 468 | 496 | if(!*evp_key) { |
| 529 | 557 | #endif |
| 530 | 558 | break; |
| 531 | 559 | #endif /* USE_ECDSA */ |
| 560 | #ifdef USE_ED25519 | |
| 561 | case LDNS_ED25519: | |
| 562 | *evp_key = sldns_ed255192pkey_raw(key, keylen); | |
| 563 | if(!*evp_key) { | |
| 564 | verbose(VERB_QUERY, "verify: " | |
| 565 | "sldns_ed255192pkey_raw failed"); | |
| 566 | return 0; | |
| 567 | } | |
| 568 | *digest_type = NULL; | |
| 569 | break; | |
| 570 | #endif /* USE_ED25519 */ | |
| 532 | 571 | default: |
| 533 | 572 | verbose(VERB_QUERY, "verify: unknown algorithm %d", |
| 534 | 573 | algo); |
| 561 | 600 | EVP_PKEY *evp_key = NULL; |
| 562 | 601 | |
| 563 | 602 | #ifndef USE_DSA |
| 564 | if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && fake_dsa) | |
| 603 | if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1)) | |
| 604 | return sec_status_secure; | |
| 605 | #endif | |
| 606 | #ifndef USE_SHA1 | |
| 607 | if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3)) | |
| 565 | 608 | return sec_status_secure; |
| 566 | 609 | #endif |
| 567 | 610 | |
| 614 | 657 | else if(docrypto_free) OPENSSL_free(sigblock); |
| 615 | 658 | return sec_status_unchecked; |
| 616 | 659 | } |
| 617 | if(EVP_VerifyInit(ctx, digest_type) == 0) { | |
| 618 | verbose(VERB_QUERY, "verify: EVP_VerifyInit failed"); | |
| 660 | #ifndef HAVE_EVP_DIGESTVERIFY | |
| 661 | if(EVP_DigestInit(ctx, digest_type) == 0) { | |
| 662 | verbose(VERB_QUERY, "verify: EVP_DigestInit failed"); | |
| 663 | #ifdef HAVE_EVP_MD_CTX_NEW | |
| 619 | 664 | EVP_MD_CTX_destroy(ctx); |
| 665 | #else | |
| 666 | EVP_MD_CTX_cleanup(ctx); | |
| 667 | free(ctx); | |
| 668 | #endif | |
| 620 | 669 | EVP_PKEY_free(evp_key); |
| 621 | 670 | if(dofree) free(sigblock); |
| 622 | 671 | else if(docrypto_free) OPENSSL_free(sigblock); |
| 623 | 672 | return sec_status_unchecked; |
| 624 | 673 | } |
| 625 | if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), | |
| 674 | if(EVP_DigestUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), | |
| 626 | 675 | (unsigned int)sldns_buffer_limit(buf)) == 0) { |
| 627 | verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed"); | |
| 676 | verbose(VERB_QUERY, "verify: EVP_DigestUpdate failed"); | |
| 677 | #ifdef HAVE_EVP_MD_CTX_NEW | |
| 628 | 678 | EVP_MD_CTX_destroy(ctx); |
| 679 | #else | |
| 680 | EVP_MD_CTX_cleanup(ctx); | |
| 681 | free(ctx); | |
| 682 | #endif | |
| 629 | 683 | EVP_PKEY_free(evp_key); |
| 630 | 684 | if(dofree) free(sigblock); |
| 631 | 685 | else if(docrypto_free) OPENSSL_free(sigblock); |
| 633 | 687 | } |
| 634 | 688 | |
| 635 | 689 | res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key); |
| 690 | #else /* HAVE_EVP_DIGESTVERIFY */ | |
| 691 | if(EVP_DigestVerifyInit(ctx, NULL, digest_type, NULL, evp_key) == 0) { | |
| 692 | verbose(VERB_QUERY, "verify: EVP_DigestVerifyInit failed"); | |
| 693 | #ifdef HAVE_EVP_MD_CTX_NEW | |
| 694 | EVP_MD_CTX_destroy(ctx); | |
| 695 | #else | |
| 696 | EVP_MD_CTX_cleanup(ctx); | |
| 697 | free(ctx); | |
| 698 | #endif | |
| 699 | EVP_PKEY_free(evp_key); | |
| 700 | if(dofree) free(sigblock); | |
| 701 | else if(docrypto_free) OPENSSL_free(sigblock); | |
| 702 | return sec_status_unchecked; | |
| 703 | } | |
| 704 | res = EVP_DigestVerify(ctx, sigblock, sigblock_len, | |
| 705 | (unsigned char*)sldns_buffer_begin(buf), | |
| 706 | sldns_buffer_limit(buf)); | |
| 707 | #endif | |
| 636 | 708 | #ifdef HAVE_EVP_MD_CTX_NEW |
| 637 | 709 | EVP_MD_CTX_destroy(ctx); |
| 638 | 710 | #else |
| 705 | 777 | { |
| 706 | 778 | /* uses libNSS */ |
| 707 | 779 | switch(algo) { |
| 780 | #ifdef USE_SHA1 | |
| 708 | 781 | case LDNS_SHA1: |
| 709 | 782 | return SHA1_LENGTH; |
| 783 | #endif | |
| 710 | 784 | #ifdef USE_SHA2 |
| 711 | 785 | case LDNS_SHA256: |
| 712 | 786 | return SHA256_LENGTH; |
| 728 | 802 | { |
| 729 | 803 | /* uses libNSS */ |
| 730 | 804 | switch(algo) { |
| 805 | #ifdef USE_SHA1 | |
| 731 | 806 | case LDNS_SHA1: |
| 732 | 807 | return HASH_HashBuf(HASH_AlgSHA1, res, buf, len) |
| 733 | 808 | == SECSuccess; |
| 809 | #endif | |
| 734 | 810 | #if defined(USE_SHA2) |
| 735 | 811 | case LDNS_SHA256: |
| 736 | 812 | return HASH_HashBuf(HASH_AlgSHA256, res, buf, len) |
| 758 | 834 | case LDNS_RSAMD5: |
| 759 | 835 | /* RFC 6725 deprecates RSAMD5 */ |
| 760 | 836 | return 0; |
| 761 | #ifdef USE_DSA | |
| 837 | #if defined(USE_SHA1) || defined(USE_SHA2) | |
| 838 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 762 | 839 | case LDNS_DSA: |
| 763 | 840 | case LDNS_DSA_NSEC3: |
| 764 | 841 | #endif |
| 842 | #ifdef USE_SHA1 | |
| 765 | 843 | case LDNS_RSASHA1: |
| 766 | 844 | case LDNS_RSASHA1_NSEC3: |
| 845 | #endif | |
| 767 | 846 | #ifdef USE_SHA2 |
| 768 | 847 | case LDNS_RSASHA256: |
| 769 | 848 | #endif |
| 771 | 850 | case LDNS_RSASHA512: |
| 772 | 851 | #endif |
| 773 | 852 | return 1; |
| 853 | #endif /* SHA1 or SHA2 */ | |
| 854 | ||
| 774 | 855 | #ifdef USE_ECDSA |
| 775 | 856 | case LDNS_ECDSAP256SHA256: |
| 776 | 857 | case LDNS_ECDSAP384SHA384: |
| 1002 | 1083 | */ |
| 1003 | 1084 | |
| 1004 | 1085 | switch(algo) { |
| 1005 | #ifdef USE_DSA | |
| 1086 | ||
| 1087 | #if defined(USE_SHA1) || defined(USE_SHA2) | |
| 1088 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 1006 | 1089 | case LDNS_DSA: |
| 1007 | 1090 | case LDNS_DSA_NSEC3: |
| 1008 | 1091 | *pubkey = nss_buf2dsa(key, keylen); |
| 1014 | 1097 | /* no prefix for DSA verification */ |
| 1015 | 1098 | break; |
| 1016 | 1099 | #endif |
| 1100 | #ifdef USE_SHA1 | |
| 1017 | 1101 | case LDNS_RSASHA1: |
| 1018 | 1102 | case LDNS_RSASHA1_NSEC3: |
| 1103 | #endif | |
| 1019 | 1104 | #ifdef USE_SHA2 |
| 1020 | 1105 | case LDNS_RSASHA256: |
| 1021 | 1106 | #endif |
| 1042 | 1127 | *prefixlen = sizeof(p_sha512); |
| 1043 | 1128 | } else |
| 1044 | 1129 | #endif |
| 1130 | #ifdef USE_SHA1 | |
| 1045 | 1131 | { |
| 1046 | 1132 | *htype = HASH_AlgSHA1; |
| 1047 | 1133 | *prefix = p_sha1; |
| 1048 | 1134 | *prefixlen = sizeof(p_sha1); |
| 1049 | 1135 | } |
| 1050 | ||
| 1051 | break; | |
| 1136 | #else | |
| 1137 | { | |
| 1138 | verbose(VERB_QUERY, "verify: no digest algo"); | |
| 1139 | return 0; | |
| 1140 | } | |
| 1141 | #endif | |
| 1142 | ||
| 1143 | break; | |
| 1144 | #endif /* SHA1 or SHA2 */ | |
| 1145 | ||
| 1052 | 1146 | case LDNS_RSAMD5: |
| 1053 | 1147 | *pubkey = nss_buf2rsa(key, keylen); |
| 1054 | 1148 | if(!*pubkey) { |
| 1130 | 1224 | return sec_status_bogus; |
| 1131 | 1225 | } |
| 1132 | 1226 | |
| 1133 | #ifdef USE_DSA | |
| 1227 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 1134 | 1228 | /* need to convert DSA, ECDSA signatures? */ |
| 1135 | 1229 | if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) { |
| 1136 | 1230 | if(sigblock_len == 1+2*SHA1_LENGTH) { |
| 1311 | 1405 | { |
| 1312 | 1406 | switch(algo) { |
| 1313 | 1407 | case LDNS_SHA1: |
| 1408 | #ifdef USE_SHA1 | |
| 1314 | 1409 | return SHA1_DIGEST_SIZE; |
| 1410 | #else | |
| 1411 | if(fake_sha1) return 20; | |
| 1412 | return 0; | |
| 1413 | #endif | |
| 1315 | 1414 | #ifdef USE_SHA2 |
| 1316 | 1415 | case LDNS_SHA256: |
| 1317 | 1416 | return SHA256_DIGEST_SIZE; |
| 1333 | 1432 | unsigned char* res) |
| 1334 | 1433 | { |
| 1335 | 1434 | switch(algo) { |
| 1435 | #ifdef USE_SHA1 | |
| 1336 | 1436 | case LDNS_SHA1: |
| 1337 | 1437 | return _digest_nettle(SHA1_DIGEST_SIZE, buf, len, res); |
| 1438 | #endif | |
| 1338 | 1439 | #if defined(USE_SHA2) |
| 1339 | 1440 | case LDNS_SHA256: |
| 1340 | 1441 | return _digest_nettle(SHA256_DIGEST_SIZE, buf, len, res); |
| 1358 | 1459 | { |
| 1359 | 1460 | /* uses libnettle */ |
| 1360 | 1461 | switch(id) { |
| 1361 | #ifdef USE_DSA | |
| 1462 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 1362 | 1463 | case LDNS_DSA: |
| 1363 | 1464 | case LDNS_DSA_NSEC3: |
| 1364 | 1465 | #endif |
| 1466 | #ifdef USE_SHA1 | |
| 1365 | 1467 | case LDNS_RSASHA1: |
| 1366 | 1468 | case LDNS_RSASHA1_NSEC3: |
| 1469 | #endif | |
| 1367 | 1470 | #ifdef USE_SHA2 |
| 1368 | 1471 | case LDNS_RSASHA256: |
| 1369 | 1472 | case LDNS_RSASHA512: |
| 1380 | 1483 | } |
| 1381 | 1484 | } |
| 1382 | 1485 | |
| 1383 | #ifdef USE_DSA | |
| 1486 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 1384 | 1487 | static char * |
| 1385 | 1488 | _verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock, |
| 1386 | 1489 | unsigned int sigblock_len, unsigned char* key, unsigned int keylen) |
| 1387 | 1490 | { |
| 1388 | 1491 | uint8_t digest[SHA1_DIGEST_SIZE]; |
| 1389 | uint8_t key_t; | |
| 1492 | uint8_t key_t_value; | |
| 1390 | 1493 | int res = 0; |
| 1391 | 1494 | size_t offset; |
| 1392 | 1495 | struct dsa_public_key pubkey; |
| 1425 | 1528 | } |
| 1426 | 1529 | |
| 1427 | 1530 | /* Validate T values constraints - RFC 2536 sec. 2 & sec. 3 */ |
| 1428 | key_t = key[0]; | |
| 1429 | if (key_t > 8) { | |
| 1531 | key_t_value = key[0]; | |
| 1532 | if (key_t_value > 8) { | |
| 1430 | 1533 | return "invalid T value in DSA pubkey"; |
| 1431 | 1534 | } |
| 1432 | 1535 | |
| 1437 | 1540 | |
| 1438 | 1541 | expected_len = 1 + /* T */ |
| 1439 | 1542 | 20 + /* Q */ |
| 1440 | (64 + key_t*8) + /* P */ | |
| 1441 | (64 + key_t*8) + /* G */ | |
| 1442 | (64 + key_t*8); /* Y */ | |
| 1543 | (64 + key_t_value*8) + /* P */ | |
| 1544 | (64 + key_t_value*8) + /* G */ | |
| 1545 | (64 + key_t_value*8); /* Y */ | |
| 1443 | 1546 | if (keylen != expected_len ) { |
| 1444 | 1547 | return "invalid DSA pubkey length"; |
| 1445 | 1548 | } |
| 1449 | 1552 | offset = 1; |
| 1450 | 1553 | nettle_mpz_set_str_256_u(pubkey.q, 20, key+offset); |
| 1451 | 1554 | offset += 20; |
| 1452 | nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t*8), key+offset); | |
| 1453 | offset += (64 + key_t*8); | |
| 1454 | nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t*8), key+offset); | |
| 1455 | offset += (64 + key_t*8); | |
| 1456 | nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t*8), key+offset); | |
| 1555 | nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t_value*8), key+offset); | |
| 1556 | offset += (64 + key_t_value*8); | |
| 1557 | nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t_value*8), key+offset); | |
| 1558 | offset += (64 + key_t_value*8); | |
| 1559 | nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t_value*8), key+offset); | |
| 1457 | 1560 | |
| 1458 | 1561 | /* Digest content of "buf" and verify its DSA signature in "sigblock"*/ |
| 1459 | 1562 | res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), |
| 1640 | 1743 | } |
| 1641 | 1744 | |
| 1642 | 1745 | switch(algo) { |
| 1643 | #ifdef USE_DSA | |
| 1746 | #if defined(USE_DSA) && defined(USE_SHA1) | |
| 1644 | 1747 | case LDNS_DSA: |
| 1645 | 1748 | case LDNS_DSA_NSEC3: |
| 1646 | 1749 | *reason = _verify_nettle_dsa(buf, sigblock, sigblock_len, key, keylen); |
| 1650 | 1753 | return sec_status_secure; |
| 1651 | 1754 | #endif /* USE_DSA */ |
| 1652 | 1755 | |
| 1756 | #ifdef USE_SHA1 | |
| 1653 | 1757 | case LDNS_RSASHA1: |
| 1654 | 1758 | case LDNS_RSASHA1_NSEC3: |
| 1655 | 1759 | digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE); |
| 1760 | #endif | |
| 1656 | 1761 | #ifdef USE_SHA2 |
| 1657 | 1762 | case LDNS_RSASHA256: |
| 1658 | 1763 | digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); |
| 50 | 50 | #include "util/module.h" |
| 51 | 51 | #include "util/net_help.h" |
| 52 | 52 | #include "util/regional.h" |
| 53 | #include "util/config_file.h" | |
| 53 | 54 | #include "sldns/keyraw.h" |
| 54 | 55 | #include "sldns/sbuffer.h" |
| 55 | 56 | #include "sldns/parseutil.h" |
| 317 | 318 | size_t dslen; |
| 318 | 319 | uint8_t* digest; /* generated digest */ |
| 319 | 320 | size_t digestlen = ds_digest_size_algo(ds_rrset, ds_idx); |
| 320 | ||
| 321 | ||
| 321 | 322 | if(digestlen == 0) { |
| 322 | 323 | verbose(VERB_QUERY, "DS fail: not supported, or DS RR " |
| 323 | 324 | "format error"); |
| 324 | 325 | return 0; /* not supported, or DS RR format error */ |
| 325 | 326 | } |
| 327 | #ifndef USE_SHA1 | |
| 328 | if(fake_sha1 && ds_get_digest_algo(ds_rrset, ds_idx)==LDNS_SHA1) | |
| 329 | return 1; | |
| 330 | #endif | |
| 331 | ||
| 326 | 332 | /* check digest length in DS with length from hash function */ |
| 327 | 333 | ds_get_sigdata(ds_rrset, ds_idx, &ds, &dslen); |
| 328 | 334 | if(!ds || dslen != digestlen) { |
| 482 | 488 | { |
| 483 | 489 | enum sec_status sec; |
| 484 | 490 | size_t i, num; |
| 485 | rbtree_t* sortree = NULL; | |
| 491 | rbtree_type* sortree = NULL; | |
| 486 | 492 | /* make sure that for all DNSKEY algorithms there are valid sigs */ |
| 487 | 493 | struct algo_needs needs; |
| 488 | 494 | int alg; |
| 550 | 556 | { |
| 551 | 557 | enum sec_status sec; |
| 552 | 558 | size_t i, num, numchecked = 0; |
| 553 | rbtree_t* sortree = NULL; | |
| 559 | rbtree_type* sortree = NULL; | |
| 554 | 560 | int buf_canon = 0; |
| 555 | 561 | uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx); |
| 556 | 562 | int algo = dnskey_get_algo(dnskey, dnskey_idx); |
| 584 | 590 | dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve, |
| 585 | 591 | time_t now, struct ub_packed_rrset_key* rrset, |
| 586 | 592 | struct ub_packed_rrset_key* dnskey, size_t sig_idx, |
| 587 | struct rbtree_t** sortree, char** reason) | |
| 593 | struct rbtree_type** sortree, char** reason) | |
| 588 | 594 | { |
| 589 | 595 | /* find matching keys and check them */ |
| 590 | 596 | enum sec_status sec = sec_status_bogus; |
| 626 | 632 | */ |
| 627 | 633 | struct canon_rr { |
| 628 | 634 | /** rbtree node, key is this structure */ |
| 629 | rbnode_t node; | |
| 635 | rbnode_type node; | |
| 630 | 636 | /** rrset the RR is in */ |
| 631 | 637 | struct ub_packed_rrset_key* rrset; |
| 632 | 638 | /** which RR in the rrset */ |
| 884 | 890 | */ |
| 885 | 891 | static void |
| 886 | 892 | canonical_sort(struct ub_packed_rrset_key* rrset, struct packed_rrset_data* d, |
| 887 | rbtree_t* sortree, struct canon_rr* rrs) | |
| 893 | rbtree_type* sortree, struct canon_rr* rrs) | |
| 888 | 894 | { |
| 889 | 895 | size_t i; |
| 890 | 896 | /* insert into rbtree to sort and detect duplicates */ |
| 1042 | 1048 | int rrset_canonical_equal(struct regional* region, |
| 1043 | 1049 | struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2) |
| 1044 | 1050 | { |
| 1045 | struct rbtree_t sortree1, sortree2; | |
| 1051 | struct rbtree_type sortree1, sortree2; | |
| 1046 | 1052 | struct canon_rr *rrs1, *rrs2, *p1, *p2; |
| 1047 | 1053 | struct packed_rrset_data* d1=(struct packed_rrset_data*)k1->entry.data; |
| 1048 | 1054 | struct packed_rrset_data* d2=(struct packed_rrset_data*)k2->entry.data; |
| 1119 | 1125 | static int |
| 1120 | 1126 | rrset_canonical(struct regional* region, sldns_buffer* buf, |
| 1121 | 1127 | struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen, |
| 1122 | struct rbtree_t** sortree) | |
| 1128 | struct rbtree_type** sortree) | |
| 1123 | 1129 | { |
| 1124 | 1130 | struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; |
| 1125 | 1131 | uint8_t* can_owner = NULL; |
| 1128 | 1134 | struct canon_rr* rrs; |
| 1129 | 1135 | |
| 1130 | 1136 | if(!*sortree) { |
| 1131 | *sortree = (struct rbtree_t*)regional_alloc(region, | |
| 1132 | sizeof(rbtree_t)); | |
| 1137 | *sortree = (struct rbtree_type*)regional_alloc(region, | |
| 1138 | sizeof(rbtree_type)); | |
| 1133 | 1139 | if(!*sortree) |
| 1134 | 1140 | return 0; |
| 1135 | 1141 | if(d->count > RR_COUNT_MAX) |
| 1311 | 1317 | struct val_env* ve, time_t now, |
| 1312 | 1318 | struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, |
| 1313 | 1319 | size_t dnskey_idx, size_t sig_idx, |
| 1314 | struct rbtree_t** sortree, int* buf_canon, char** reason) | |
| 1320 | struct rbtree_type** sortree, int* buf_canon, char** reason) | |
| 1315 | 1321 | { |
| 1316 | 1322 | enum sec_status sec; |
| 1317 | 1323 | uint8_t* sig; /* RRSIG rdata */ |
| 46 | 46 | struct val_env; |
| 47 | 47 | struct module_env; |
| 48 | 48 | struct ub_packed_rrset_key; |
| 49 | struct rbtree_t; | |
| 49 | struct rbtree_type; | |
| 50 | 50 | struct regional; |
| 51 | 51 | struct sldns_buffer; |
| 52 | 52 | |
| 276 | 276 | enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, |
| 277 | 277 | struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, |
| 278 | 278 | struct ub_packed_rrset_key* dnskey, size_t sig_idx, |
| 279 | struct rbtree_t** sortree, char** reason); | |
| 279 | struct rbtree_type** sortree, char** reason); | |
| 280 | 280 | |
| 281 | 281 | /** |
| 282 | 282 | * verify rrset, with specific dnskey(from set), for a specific rrsig |
| 301 | 301 | struct sldns_buffer* buf, struct val_env* ve, time_t now, |
| 302 | 302 | struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, |
| 303 | 303 | size_t dnskey_idx, size_t sig_idx, |
| 304 | struct rbtree_t** sortree, int* buf_canon, char** reason); | |
| 304 | struct rbtree_type** sortree, int* buf_canon, char** reason); | |
| 305 | 305 | |
| 306 | 306 | /** |
| 307 | 307 | * canonical compare for two tree entries |
| 53 | 53 | #include "util/net_help.h" |
| 54 | 54 | #include "util/module.h" |
| 55 | 55 | #include "util/regional.h" |
| 56 | #include "util/config_file.h" | |
| 56 | 57 | #include "sldns/wire2str.h" |
| 57 | 58 | #include "sldns/parseutil.h" |
| 58 | 59 | |
| 494 | 495 | return sec_status_bogus; |
| 495 | 496 | } |
| 496 | 497 | |
| 497 | digest_algo = val_favorite_ds_algo(ds_rrset); | |
| 498 | if(sigalg) | |
| 498 | if(sigalg) { | |
| 499 | /* harden against algo downgrade is enabled */ | |
| 500 | digest_algo = val_favorite_ds_algo(ds_rrset); | |
| 499 | 501 | algo_needs_init_ds(&needs, ds_rrset, digest_algo, sigalg); |
| 502 | } else { | |
| 503 | /* accept any key algo, any digest algo */ | |
| 504 | digest_algo = -1; | |
| 505 | } | |
| 500 | 506 | num = rrset_get_count(ds_rrset); |
| 501 | 507 | for(i=0; i<num; i++) { |
| 502 | 508 | /* Check to see if we can understand this DS. |
| 503 | 509 | * And check it is the strongest digest */ |
| 504 | 510 | if(!ds_digest_algo_is_supported(ds_rrset, i) || |
| 505 | 511 | !ds_key_algo_is_supported(ds_rrset, i) || |
| 506 | ds_get_digest_algo(ds_rrset, i) != digest_algo) { | |
| 512 | (sigalg && (ds_get_digest_algo(ds_rrset, i) != digest_algo))) { | |
| 507 | 513 | continue; |
| 508 | 514 | } |
| 509 | 515 | |
| 908 | 914 | } |
| 909 | 915 | |
| 910 | 916 | void |
| 911 | val_check_nonsecure(struct val_env* ve, struct reply_info* rep) | |
| 917 | val_check_nonsecure(struct module_env* env, struct reply_info* rep) | |
| 912 | 918 | { |
| 913 | 919 | size_t i; |
| 914 | 920 | /* authority */ |
| 949 | 955 | } |
| 950 | 956 | } |
| 951 | 957 | /* additional */ |
| 952 | if(!ve->clean_additional) | |
| 958 | if(!env->cfg->val_clean_additional) | |
| 953 | 959 | return; |
| 954 | 960 | for(i=rep->an_numrrsets+rep->ns_numrrsets; i<rep->rrset_count; i++) { |
| 955 | 961 | if(((struct packed_rrset_data*)rep->rrsets[i]->entry.data) |
| 305 | 305 | * So that unsigned data does not get let through to clients, when we have |
| 306 | 306 | * found the data to be secure. |
| 307 | 307 | * |
| 308 | * @param ve: validator environment with cleaning options. | |
| 308 | * @param env: environment with cleaning options. | |
| 309 | 309 | * @param rep: reply to dump all nonsecure stuff out of. |
| 310 | 310 | */ |
| 311 | void val_check_nonsecure(struct val_env* ve, struct reply_info* rep); | |
| 311 | void val_check_nonsecure(struct module_env* env, struct reply_info* rep); | |
| 312 | 312 | |
| 313 | 313 | /** |
| 314 | 314 | * Mark all unchecked rrset entries not below a trust anchor as indeterminate. |
| 59 | 59 | #include "util/fptr_wlist.h" |
| 60 | 60 | #include "sldns/rrdef.h" |
| 61 | 61 | #include "sldns/wire2str.h" |
| 62 | #include "sldns/str2wire.h" | |
| 62 | 63 | |
| 63 | 64 | /* forward decl for cache response and normal super inform calls of a DS */ |
| 64 | 65 | static void process_ds_response(struct module_qstate* qstate, |
| 111 | 112 | { |
| 112 | 113 | int c; |
| 113 | 114 | val_env->bogus_ttl = (uint32_t)cfg->bogus_ttl; |
| 114 | val_env->clean_additional = cfg->val_clean_additional; | |
| 115 | val_env->permissive_mode = cfg->val_permissive_mode; | |
| 116 | 115 | if(!env->anchors) |
| 117 | 116 | env->anchors = anchors_create(); |
| 118 | 117 | if(!env->anchors) { |
| 169 | 168 | } |
| 170 | 169 | env->modinfo[id] = (void*)val_env; |
| 171 | 170 | env->need_to_validate = 1; |
| 172 | val_env->permissive_mode = 0; | |
| 173 | 171 | lock_basic_init(&val_env->bogus_lock); |
| 174 | 172 | lock_protect(&val_env->bogus_lock, &val_env->num_rrset_bogus, |
| 175 | 173 | sizeof(val_env->num_rrset_bogus)); |
| 363 | 361 | * @param qtype: query type. |
| 364 | 362 | * @param qclass: query class. |
| 365 | 363 | * @param flags: additional flags, such as the CD bit (BIT_CD), or 0. |
| 364 | * @param newq: If the subquery is newly created, it is returned, | |
| 365 | * otherwise NULL is returned | |
| 366 | * @param detached: true if this qstate should not attach to the subquery | |
| 366 | 367 | * @return false on alloc failure. |
| 367 | 368 | */ |
| 368 | 369 | static int |
| 369 | 370 | generate_request(struct module_qstate* qstate, int id, uint8_t* name, |
| 370 | size_t namelen, uint16_t qtype, uint16_t qclass, uint16_t flags) | |
| 371 | size_t namelen, uint16_t qtype, uint16_t qclass, uint16_t flags, | |
| 372 | struct module_qstate** newq, int detached) | |
| 371 | 373 | { |
| 372 | 374 | struct val_qstate* vq = (struct val_qstate*)qstate->minfo[id]; |
| 373 | struct module_qstate* newq; | |
| 374 | 375 | struct query_info ask; |
| 375 | 376 | int valrec; |
| 376 | 377 | ask.qname = name; |
| 379 | 380 | ask.qclass = qclass; |
| 380 | 381 | ask.local_alias = NULL; |
| 381 | 382 | log_query_info(VERB_ALGO, "generate request", &ask); |
| 382 | fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); | |
| 383 | 383 | /* enable valrec flag to avoid recursion to the same validation |
| 384 | 384 | * routine, this lookup is simply a lookup. DLVs need validation */ |
| 385 | 385 | if(qtype == LDNS_RR_TYPE_DLV) |
| 386 | 386 | valrec = 0; |
| 387 | 387 | else valrec = 1; |
| 388 | if(!(*qstate->env->attach_sub)(qstate, &ask, | |
| 389 | (uint16_t)(BIT_RD|flags), 0, valrec, &newq)){ | |
| 390 | log_err("Could not generate request: out of memory"); | |
| 391 | return 0; | |
| 388 | if(detached) { | |
| 389 | struct mesh_state* sub = NULL; | |
| 390 | fptr_ok(fptr_whitelist_modenv_add_sub( | |
| 391 | qstate->env->add_sub)); | |
| 392 | if(!(*qstate->env->add_sub)(qstate, &ask, | |
| 393 | (uint16_t)(BIT_RD|flags), 0, valrec, newq, &sub)){ | |
| 394 | log_err("Could not generate request: out of memory"); | |
| 395 | return 0; | |
| 396 | } | |
| 397 | } | |
| 398 | else { | |
| 399 | fptr_ok(fptr_whitelist_modenv_attach_sub( | |
| 400 | qstate->env->attach_sub)); | |
| 401 | if(!(*qstate->env->attach_sub)(qstate, &ask, | |
| 402 | (uint16_t)(BIT_RD|flags), 0, valrec, newq)){ | |
| 403 | log_err("Could not generate request: out of memory"); | |
| 404 | return 0; | |
| 405 | } | |
| 392 | 406 | } |
| 393 | 407 | /* newq; validator does not need state created for that |
| 394 | 408 | * query, and its a 'normal' for iterator as well */ |
| 395 | if(newq) { | |
| 409 | if(*newq) { | |
| 396 | 410 | /* add our blacklist to the query blacklist */ |
| 397 | sock_list_merge(&newq->blacklist, newq->region, | |
| 411 | sock_list_merge(&(*newq)->blacklist, (*newq)->region, | |
| 398 | 412 | vq->chain_blacklist); |
| 399 | 413 | } |
| 400 | 414 | qstate->ext_state[id] = module_wait_subquery; |
| 415 | return 1; | |
| 416 | } | |
| 417 | ||
| 418 | /** | |
| 419 | * Generate, send and detach key tag signaling query. | |
| 420 | * | |
| 421 | * @param qstate: query state. | |
| 422 | * @param id: module id. | |
| 423 | * @param ta: trust anchor, locked. | |
| 424 | * @return false on a processing error. | |
| 425 | */ | |
| 426 | static int | |
| 427 | generate_keytag_query(struct module_qstate* qstate, int id, | |
| 428 | struct trust_anchor* ta) | |
| 429 | { | |
| 430 | /* 3 bytes for "_ta", 5 bytes per tag (4 bytes + "-") */ | |
| 431 | #define MAX_LABEL_TAGS (LDNS_MAX_LABELLEN-3)/5 | |
| 432 | size_t i, numtag; | |
| 433 | uint16_t tags[MAX_LABEL_TAGS]; | |
| 434 | char tagstr[LDNS_MAX_LABELLEN+1] = "_ta"; /* +1 for NULL byte */ | |
| 435 | size_t tagstr_left = sizeof(tagstr) - strlen(tagstr); | |
| 436 | char* tagstr_pos = tagstr + strlen(tagstr); | |
| 437 | uint8_t dnamebuf[LDNS_MAX_DOMAINLEN+1]; /* +1 for label length byte */ | |
| 438 | size_t dnamebuf_len = sizeof(dnamebuf); | |
| 439 | uint8_t* keytagdname; | |
| 440 | struct module_qstate* newq = NULL; | |
| 441 | enum module_ext_state ext_state = qstate->ext_state[id]; | |
| 442 | ||
| 443 | numtag = anchor_list_keytags(ta, tags, MAX_LABEL_TAGS); | |
| 444 | if(numtag == 0) | |
| 445 | return 0; | |
| 446 | ||
| 447 | for(i=0; i<numtag; i++) { | |
| 448 | /* Buffer can't overflow; numtag is limited to tags that fit in | |
| 449 | * the buffer. */ | |
| 450 | snprintf(tagstr_pos, tagstr_left, "-%04x", (unsigned)tags[i]); | |
| 451 | tagstr_left -= strlen(tagstr_pos); | |
| 452 | tagstr_pos += strlen(tagstr_pos); | |
| 453 | } | |
| 454 | ||
| 455 | sldns_str2wire_dname_buf_origin(tagstr, dnamebuf, &dnamebuf_len, | |
| 456 | ta->name, ta->namelen); | |
| 457 | if(!(keytagdname = (uint8_t*)regional_alloc_init(qstate->region, | |
| 458 | dnamebuf, dnamebuf_len))) { | |
| 459 | log_err("could not generate key tag query: out of memory"); | |
| 460 | return 0; | |
| 461 | } | |
| 462 | ||
| 463 | log_nametypeclass(VERB_ALGO, "keytag query", keytagdname, | |
| 464 | LDNS_RR_TYPE_NULL, ta->dclass); | |
| 465 | if(!generate_request(qstate, id, keytagdname, dnamebuf_len, | |
| 466 | LDNS_RR_TYPE_NULL, ta->dclass, 0, &newq, 1)) { | |
| 467 | log_err("failed to generate key tag signaling request"); | |
| 468 | return 0; | |
| 469 | } | |
| 470 | ||
| 471 | /* Not interrested in subquery response. Restore the ext_state, | |
| 472 | * that might be changed by generate_request() */ | |
| 473 | qstate->ext_state[id] = ext_state; | |
| 474 | ||
| 401 | 475 | return 1; |
| 402 | 476 | } |
| 403 | 477 | |
| 416 | 490 | prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq, |
| 417 | 491 | int id, struct trust_anchor* toprime) |
| 418 | 492 | { |
| 493 | struct module_qstate* newq = NULL; | |
| 419 | 494 | int ret = generate_request(qstate, id, toprime->name, toprime->namelen, |
| 420 | LDNS_RR_TYPE_DNSKEY, toprime->dclass, BIT_CD); | |
| 495 | LDNS_RR_TYPE_DNSKEY, toprime->dclass, BIT_CD, &newq, 0); | |
| 496 | ||
| 497 | if(newq && qstate->env->cfg->trust_anchor_signaling && | |
| 498 | !generate_keytag_query(qstate, id, toprime)) { | |
| 499 | log_err("keytag signaling query failed"); | |
| 500 | return 0; | |
| 501 | } | |
| 502 | ||
| 421 | 503 | if(!ret) { |
| 422 | 504 | log_err("Could not prime trust anchor: out of memory"); |
| 423 | 505 | return 0; |
| 533 | 615 | } |
| 534 | 616 | } |
| 535 | 617 | |
| 618 | /* If set, the validator should clean the additional section of | |
| 619 | * secure messages. */ | |
| 620 | if(!env->cfg->val_clean_additional) | |
| 621 | return 1; | |
| 536 | 622 | /* attempt to validate the ADDITIONAL section rrsets */ |
| 537 | if(!ve->clean_additional) | |
| 538 | return 1; | |
| 539 | 623 | for(i=chase_reply->an_numrrsets+chase_reply->ns_numrrsets; |
| 540 | 624 | i<chase_reply->rrset_count; i++) { |
| 541 | 625 | s = chase_reply->rrsets[i]; |
| 1509 | 1593 | uint8_t* target_key_name, *current_key_name; |
| 1510 | 1594 | size_t target_key_len; |
| 1511 | 1595 | int strip_lab; |
| 1596 | struct module_qstate* newq = NULL; | |
| 1512 | 1597 | |
| 1513 | 1598 | log_query_info(VERB_ALGO, "validator: FindKey", &vq->qchase); |
| 1514 | 1599 | /* We know that state.key_entry is not 0 or bad key -- if it were, |
| 1521 | 1606 | if(key_entry_isnull(vq->key_entry)) { |
| 1522 | 1607 | if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, |
| 1523 | 1608 | vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, |
| 1524 | vq->qchase.qclass, BIT_CD)) { | |
| 1609 | vq->qchase.qclass, BIT_CD, &newq, 0)) { | |
| 1525 | 1610 | log_err("mem error generating DNSKEY request"); |
| 1526 | 1611 | return val_error(qstate, id); |
| 1527 | 1612 | } |
| 1593 | 1678 | vq->key_entry->name) != 0) { |
| 1594 | 1679 | if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, |
| 1595 | 1680 | vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, |
| 1596 | vq->qchase.qclass, BIT_CD)) { | |
| 1681 | vq->qchase.qclass, BIT_CD, &newq, 0)) { | |
| 1597 | 1682 | log_err("mem error generating DNSKEY request"); |
| 1598 | 1683 | return val_error(qstate, id); |
| 1599 | 1684 | } |
| 1622 | 1707 | } |
| 1623 | 1708 | if(!generate_request(qstate, id, target_key_name, |
| 1624 | 1709 | target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass, |
| 1625 | BIT_CD)) { | |
| 1710 | BIT_CD, &newq, 0)) { | |
| 1626 | 1711 | log_err("mem error generating DS request"); |
| 1627 | 1712 | return val_error(qstate, id); |
| 1628 | 1713 | } |
| 1632 | 1717 | /* Otherwise, it is time to query for the DNSKEY */ |
| 1633 | 1718 | if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, |
| 1634 | 1719 | vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, |
| 1635 | vq->qchase.qclass, BIT_CD)) { | |
| 1720 | vq->qchase.qclass, BIT_CD, &newq, 0)) { | |
| 1636 | 1721 | log_err("mem error generating DNSKEY request"); |
| 1637 | 1722 | return val_error(qstate, id); |
| 1638 | 1723 | } |
| 1846 | 1931 | { |
| 1847 | 1932 | uint8_t* nm; |
| 1848 | 1933 | size_t nm_len; |
| 1934 | struct module_qstate* newq = NULL; | |
| 1849 | 1935 | /* there must be a DLV configured */ |
| 1850 | 1936 | log_assert(qstate->env->anchors->dlv_anchor); |
| 1851 | 1937 | /* this bool is true to avoid looping in the DLV checks */ |
| 1947 | 2033 | vq->state = VAL_DLVLOOKUP_STATE; |
| 1948 | 2034 | if(!generate_request(qstate, id, vq->dlv_lookup_name, |
| 1949 | 2035 | vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV, |
| 1950 | vq->qchase.qclass, 0)) { | |
| 2036 | vq->qchase.qclass, 0, &newq, 0)) { | |
| 1951 | 2037 | return val_error(qstate, id); |
| 1952 | 2038 | } |
| 1953 | 2039 | |
| 2041 | 2127 | * a different signer name). And drop additional rrsets |
| 2042 | 2128 | * that are not secure (if clean-additional option is set) */ |
| 2043 | 2129 | /* this may cause the msg to be marked bogus */ |
| 2044 | val_check_nonsecure(ve, vq->orig_msg->rep); | |
| 2130 | val_check_nonsecure(qstate->env, vq->orig_msg->rep); | |
| 2045 | 2131 | if(vq->orig_msg->rep->security == sec_status_secure) { |
| 2046 | 2132 | log_query_info(VERB_DETAIL, "validation success", |
| 2047 | 2133 | &qstate->qinfo); |
| 2082 | 2168 | free(err); |
| 2083 | 2169 | } |
| 2084 | 2170 | } |
| 2171 | /* | |
| 2172 | * If set, the validator will not make messages bogus, instead | |
| 2173 | * indeterminate is issued, so that no clients receive SERVFAIL. | |
| 2174 | * This allows an operator to run validation 'shadow' without | |
| 2175 | * hurting responses to clients. | |
| 2176 | */ | |
| 2085 | 2177 | /* If we are in permissive mode, bogus gets indeterminate */ |
| 2086 | if(ve->permissive_mode) | |
| 2178 | if(qstate->env->cfg->val_permissive_mode) | |
| 2087 | 2179 | vq->orig_msg->rep->security = sec_status_indeterminate; |
| 2088 | 2180 | } |
| 2089 | 2181 | |
| 2090 | 2182 | /* store results in cache */ |
| 2091 | if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { | |
| 2183 | if(qstate->query_flags&BIT_RD) { | |
| 2092 | 2184 | /* if secure, this will override cache anyway, no need |
| 2093 | 2185 | * to check if from parentNS */ |
| 2094 | if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, | |
| 2095 | vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL, | |
| 2096 | qstate->query_flags)) { | |
| 2097 | log_err("out of memory caching validator results"); | |
| 2186 | if(!qstate->no_cache_store) { | |
| 2187 | if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, | |
| 2188 | vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL, | |
| 2189 | qstate->query_flags)) { | |
| 2190 | log_err("out of memory caching validator results"); | |
| 2191 | } | |
| 2098 | 2192 | } |
| 2099 | 2193 | } else { |
| 2100 | 2194 | /* for a referral, store the verified RRsets */ |
| 2101 | 2195 | /* and this does not get prefetched, so no leeway */ |
| 2102 | if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, | |
| 2196 | if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, | |
| 2103 | 2197 | vq->orig_msg->rep, 1, 0, 0, NULL, |
| 2104 | 2198 | qstate->query_flags)) { |
| 2105 | 2199 | log_err("out of memory caching validator results"); |
| 2125 | 2219 | processDLVLookup(struct module_qstate* qstate, struct val_qstate* vq, |
| 2126 | 2220 | struct val_env* ve, int id) |
| 2127 | 2221 | { |
| 2222 | struct module_qstate* newq = NULL; | |
| 2128 | 2223 | /* see if this we are ready to continue normal resolution */ |
| 2129 | 2224 | /* we may need more DLV lookups */ |
| 2130 | 2225 | if(vq->dlv_status==dlv_error) |
| 2173 | 2268 | |
| 2174 | 2269 | if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, |
| 2175 | 2270 | vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, |
| 2176 | vq->qchase.qclass, BIT_CD)) { | |
| 2271 | vq->qchase.qclass, BIT_CD, &newq, 0)) { | |
| 2177 | 2272 | log_err("mem error generating DNSKEY request"); |
| 2178 | 2273 | return val_error(qstate, id); |
| 2179 | 2274 | } |
| 2215 | 2310 | |
| 2216 | 2311 | if(!generate_request(qstate, id, vq->dlv_lookup_name, |
| 2217 | 2312 | vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV, |
| 2218 | vq->qchase.qclass, 0)) { | |
| 2313 | vq->qchase.qclass, 0, &newq, 0)) { | |
| 2219 | 2314 | return val_error(qstate, id); |
| 2220 | 2315 | } |
| 2221 | 2316 | |
| 2854 | 2949 | ta->name, ta->namelen, LDNS_RR_TYPE_DNSKEY, |
| 2855 | 2950 | ta->dclass); |
| 2856 | 2951 | } |
| 2952 | ||
| 2857 | 2953 | if(ta->autr) { |
| 2858 | 2954 | if(!autr_process_prime(qstate->env, ve, ta, dnskey_rrset)) { |
| 2859 | 2955 | /* trust anchor revoked, restart with less anchors */ |
| 92 | 92 | * seconds. */ |
| 93 | 93 | uint32_t bogus_ttl; |
| 94 | 94 | |
| 95 | /** If set, the validator should clean the additional section of | |
| 96 | * secure messages. | |
| 97 | */ | |
| 98 | int clean_additional; | |
| 99 | ||
| 100 | /** | |
| 101 | * If set, the validator will not make messages bogus, instead | |
| 102 | * indeterminate is issued, so that no clients receive SERVFAIL. | |
| 103 | * This allows an operator to run validation 'shadow' without | |
| 104 | * hurting responses to clients. | |
| 105 | */ | |
| 106 | int permissive_mode; | |
| 107 | ||
| 108 | 95 | /** |
| 109 | 96 | * Number of entries in the NSEC3 maximum iteration count table. |
| 110 | 97 | * Keep this table short, and sorted by size |
| 125 | 112 | size_t* nsec3_maxiter; |
| 126 | 113 | |
| 127 | 114 | /** lock on bogus counter */ |
| 128 | lock_basic_t bogus_lock; | |
| 115 | lock_basic_type bogus_lock; | |
| 129 | 116 | /** number of times rrsets marked bogus */ |
| 130 | 117 | size_t num_rrset_bogus; |
| 131 | 118 | }; |
| 89 | 89 | File "..\unbound-service-install.exe" |
| 90 | 90 | File "..\unbound-service-remove.exe" |
| 91 | 91 | File "..\anchor-update.exe" |
| 92 | File "..\root.key" | |
| 92 | 93 | File "unbound-control-setup.cmd" |
| 93 | 94 | File "unbound-website.url" |
| 94 | 95 | File "..\doc\example.conf" |
| 147 | 148 | |
| 148 | 149 | # install service entry |
| 149 | 150 | nsExec::ExecToLog '"$INSTDIR\unbound-service-install.exe"' |
| 151 | Pop $0 # return value/error/timeout | |
| 150 | 152 | # start unbound service |
| 151 | 153 | nsExec::ExecToLog '"$INSTDIR\unbound-service-install.exe" start' |
| 154 | Pop $0 # return value/error/timeout | |
| 152 | 155 | sectionEnd |
| 153 | 156 | |
| 154 | 157 | # set section descriptions |
| 170 | 173 | section "un.Unbound" |
| 171 | 174 | # stop unbound service |
| 172 | 175 | nsExec::ExecToLog '"$INSTDIR\unbound-service-remove.exe" stop' |
| 176 | Pop $0 # return value/error/timeout | |
| 173 | 177 | # uninstall service entry |
| 174 | 178 | nsExec::ExecToLog '"$INSTDIR\unbound-service-remove.exe"' |
| 179 | Pop $0 # return value/error/timeout | |
| 175 | 180 | # deregister uninstall |
| 176 | 181 | DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Unbound" |
| 177 | 182 | Delete "$INSTDIR\uninst.exe" # delete self |
| 36 | 36 | rem settings: |
| 37 | 37 | |
| 38 | 38 | rem directory for files |
| 39 | set prefix="C:\Program Files (x86)" | |
| 39 | set prefix="C:\Program Files" | |
| 40 | 40 | set DESTDIR=%prefix%\Unbound |
| 41 | 41 | |
| 42 | 42 | rem issuer and subject name for certificates |