Commit 5b99bf1c4403d02e49026e0cb6da9c99d1f55f59 - unbound

Imported Upstream version 1.4.8 Robert S. Edmonds 12 years ago

147 changed file(s) with 12805 addition(s) and 4564 deletion(s). Raw diff Collapse all Expand all

+50

-9

Makefile.in less more

70	70
71	71	WINDRES=@WINDRES@
72	72	LINT=splint
73		LINTFLAGS=+quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list -Dglob64=glob -Dglobfree64=globfree
	73	LINTFLAGS=+quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list
	74	#-Dglob64=glob -Dglobfree64=globfree
74	75	# compat with openssl linux edition.
75	76	LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned"
76	77	# compat with NetBSD

109	110	CONTROL_OBJ=$(addprefix $(BUILD),$(CONTROL_SRC:.c=.lo)) $(COMPAT_OBJ)
110	111	HOST_SRC=smallapp/unbound-host.c
111	112	HOST_OBJ=$(addprefix $(BUILD),$(HOST_SRC:.c=.lo)) $(filter-out $(BUILD)compat/ctime_r.lo, $(COMPAT_OBJ))
	113	UBANCHOR_SRC=smallapp/unbound-anchor.c
	114	UBANCHOR_OBJ=$(addprefix $(BUILD),$(UBANCHOR_SRC:.c=.lo)) $(filter-out $(BUILD)compat/ctime_r.lo, $(COMPAT_OBJ))
112	115	TESTBOUND_SRC=testcode/testbound.c testcode/ldns-testpkts.c \
113	116	daemon/worker.c daemon/acl_list.c daemon/daemon.c daemon/stats.c \
114	117	testcode/replay.c testcode/fake_event.c $(filter-out util/netevent.c \

116	119	TESTBOUND_OBJ=$(addprefix $(BUILD),$(TESTBOUND_SRC:.c=.lo)) $(COMPAT_OBJ)
117	120	LOCKVERIFY_SRC=testcode/lock_verify.c smallapp/worker_cb.c $(COMMON_SRC)
118	121	LOCKVERIFY_OBJ=$(addprefix $(BUILD),$(LOCKVERIFY_SRC:.c=.lo)) $(COMPAT_OBJ)
	122	PETAL_SRC=testcode/petal.c
	123	PETAL_OBJ=$(addprefix $(BUILD),$(PETAL_SRC:.c=.lo)) $(filter-out $(BUILD)compat/ctime_r.lo, $(COMPAT_OBJ))
119	124	PKTVIEW_SRC=testcode/pktview.c testcode/readhex.c smallapp/worker_cb.c \
120	125	$(COMMON_SRC)
121	126	PKTVIEW_OBJ=$(addprefix $(BUILD),$(PKTVIEW_SRC:.c=.lo)) $(COMPAT_OBJ)

140	145	$(TESTBOUND_SRC) $(LOCKVERIFY_SRC) $(PKTVIEW_SRC) $(SIGNIT_SRC) \
141	146	$(MEMSTATS_SRC) $(CHECKCONF_SRC) $(LIBUNBOUND_SRC) $(HOST_SRC) \
142	147	$(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \
143		$(HARVEST_SRC) $(CONTROL_SRC))
	148	$(HARVEST_SRC) $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC))
144	149	ALL_OBJ=$(addprefix $(BUILD),$(ALL_SRC:.c=.lo) \
145	150	$(addprefix compat/,$(LIBOBJS:.o=.lo))) $(COMPAT_OBJ)
146	151

148	153	DAEMON_SRC+=winrc/win_svc.c winrc/w_inst.c
149	154	DAEMON_OBJ+=$(BUILD)winrc/rsrc_unbound.o $(BUILD)winrc/win_svc.lo
150	155	HOST_OBJ+=$(BUILD)winrc/rsrc_unbound_host.o
	156	UBANCHOR_OBJ+=$(BUILD)winrc/rsrc_unbound_anchor.o
151	157	CONTROL_OBJ+=$(BUILD)winrc/rsrc_unbound_control.o
152	158	CHECKCONF_OBJ+=$(BUILD)winrc/rsrc_unbound_checkconf.o
153	159

178	184	LINK=$(LIBTOOL) --tag=CC --mode=link $(strip $(CC) $(staticexe) $(RUNTIME_PATH) $(CFLAGS) $(LDFLAGS))
179	185	LINK_LIB=$(LIBTOOL) --tag=CC --mode=link $(strip $(CC) $(RUNTIME_PATH) $(CFLAGS) $(LDFLAGS) $(staticexe) -version-number @LIBUNBOUND_CURRENT@:@LIBUNBOUND_REVISION@:@LIBUNBOUND_AGE@ -no-undefined)
180	186
181		.PHONY: clean realclean doc lint all install uninstall tests test download_ldns strip lib
	187	.PHONY: clean realclean doc lint all install uninstall tests test download_ldns strip lib longtest longcheck check
182	188
183	189	$(BUILD)%.lo: $(srcdir)/%.c
184	190	$(INFO) Build $<

187	193	@-if test ! -d $(dir $@); then $(INSTALL) -d $(patsubst %/,%,$(dir $@)); fi
188	194	$Q$(COMPILE) -o $@ -c $<
189	195
190		all: $(COMMON_OBJ) unbound$(EXEEXT) unbound-checkconf$(EXEEXT) lib unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-control-setup $(WINAPPS)
	196	all: $(COMMON_OBJ) unbound$(EXEEXT) unbound-checkconf$(EXEEXT) lib unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup $(WINAPPS)
191	197
192	198	TEST_BIN=$(addsuffix $(EXEEXT),asynclook delayer harvest lock-verify \
193		memstats perf pktview signit streamtcp testbound unittest)
	199	memstats perf petal pktview signit streamtcp testbound unittest)
194	200	tests: all $(TEST_BIN)
195	201
196		test: tests
	202	check: test
	203	longcheck: longtest
	204
	205	test: unittest$(EXEEXT) testbound$(EXEEXT)
	206	./unittest$(EXEEXT)
	207	./testbound$(EXEEXT) -s
	208	for x in testdata/*.rpl; do echo -n "$$x "; if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then echo OK; else echo failed; exit 1; fi done
	209	@echo test OK
	210
	211	longtest: tests
197	212	if test -x "`which bash`"; then bash testcode/do-tests.sh; else sh testcode/do-tests.sh; fi
198	213
199	214	lib: libunbound.la

210	225
211	226	libunbound.la: $(LIBUNBOUND_OBJ) $(ldnslib)
212	227	$(INFO) Link $@
	228	ifeq ($(CHECKLOCK_SRC),)
213	229	$Q$(LINK_LIB) -export-symbols $(srcdir)/libunbound/ubsyms.def -o $@ $(sort $(LIBUNBOUND_OBJ)) -rpath $(libdir) $(LIBS)
	230	else
	231	cp $(srcdir)/libunbound/ubsyms.def $(BUILD)clubsyms.def
	232	echo lock_protect >> $(BUILD)clubsyms.def
	233	echo lock_unprotect >> $(BUILD)clubsyms.def
	234	echo lock_get_mem >> $(BUILD)clubsyms.def
	235	echo checklock_start >> $(BUILD)clubsyms.def
	236	echo checklock_stop >> $(BUILD)clubsyms.def
	237	echo checklock_lock >> $(BUILD)clubsyms.def
	238	echo checklock_unlock >> $(BUILD)clubsyms.def
	239	echo checklock_init >> $(BUILD)clubsyms.def
	240	echo checklock_thrcreate >> $(BUILD)clubsyms.def
	241	echo checklock_thrjoin >> $(BUILD)clubsyms.def
	242	$Q$(LINK_LIB) -export-symbols $(BUILD)clubsyms.def -o $@ $(sort $(LIBUNBOUND_OBJ)) -rpath $(libdir) $(LIBS)
	243	endif
214	244
215	245	unbound$(EXEEXT): $(DAEMON_OBJ) $(ldnslib)
216	246	$(INFO) Link $@

228	258	$(INFO) Link $@
229	259	$Q$(LINK) -o $@ $(sort $(HOST_OBJ)) -L. -L.libs -lunbound $(LIBS)
230	260
	261	unbound-anchor$(EXEEXT): $(UBANCHOR_OBJ) libunbound.la $(ldnslib)
	262	$(INFO) Link $@
	263	$Q$(LINK) -o $@ $(sort $(UBANCHOR_OBJ)) -L. -L.libs -lunbound -lexpat -lssl $(LIBS)
	264
231	265	unbound-service-install$(EXEEXT): $(SVCINST_OBJ)
232	266	$(INFO) Link $@
233	267	$Q$(LINK) -o $@ $(sort $(SVCINST_OBJ)) $(LIBS)

251	285	lock-verify$(EXEEXT): $(LOCKVERIFY_OBJ) $(ldnslib)
252	286	$(INFO) Link $@
253	287	$Q$(LINK) -o $@ $(sort $(LOCKVERIFY_OBJ)) $(LIBS)
	288
	289	petal$(EXEEXT): $(PETAL_OBJ)
	290	$(INFO) Link $@
	291	$Q$(LINK) -o $@ $(sort $(PETAL_OBJ)) -lssl $(LIBS)
254	292
255	293	pktview$(EXEEXT): $(PKTVIEW_OBJ) $(ldnslib)
256	294	$(INFO) Link $@

333	371
334	372	clean:
335	373	rm -f .o .d .lo ~ tags
336		rm -f unbound$(EXEEXT) unbound-checkconf$(EXEEXT) unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-control-setup libunbound.la
	374	rm -f unbound$(EXEEXT) unbound-checkconf$(EXEEXT) unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup libunbound.la
337	375	rm -rf autom4te.cache .libs build doc/html doc/xml
338	376
339	377	realclean: clean

370	408	$(STRIP) unbound-checkconf$(EXEEXT)
371	409	$(STRIP) unbound-control$(EXEEXT)
372	410	$(STRIP) unbound-host$(EXEEXT)
	411	$(STRIP) unbound-anchor$(EXEEXT)
373	412
374	413	install: all
375	414	$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)

384	423	$(LIBTOOL) --mode=install cp unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT)
385	424	$(LIBTOOL) --mode=install cp unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT)
386	425	$(LIBTOOL) --mode=install cp unbound-host$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-host$(EXEEXT)
	426	$(LIBTOOL) --mode=install cp unbound-anchor$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-anchor$(EXEEXT)
387	427	ifeq "$(WITH_PYTHONMODULE)" "yes"
388	428	$(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG)
389	429	$(INSTALL) -c -m 644 pythonmod/unboundmodule.py $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py

397	437	$(INSTALL) -c -m 644 doc/unbound.8 $(DESTDIR)$(mandir)/man8
398	438	$(INSTALL) -c -m 644 doc/unbound-checkconf.8 $(DESTDIR)$(mandir)/man8
399	439	$(INSTALL) -c -m 644 doc/unbound-control.8 $(DESTDIR)$(mandir)/man8
	440	$(INSTALL) -c -m 644 doc/unbound-anchor.8 $(DESTDIR)$(mandir)/man8
400	441	$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
401	442	$(INSTALL) -c -m 644 $(srcdir)/doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
402	443	$(INSTALL) -c -m 644 doc/libunbound.3 $(DESTDIR)$(mandir)/man3

407	448	$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
408	449
409	450	uninstall:
410		rm -f -- $(DESTDIR)$(sbindir)/unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-host$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control-setup
411		rm -f -- $(DESTDIR)$(mandir)/man8/unbound.8 $(DESTDIR)$(mandir)/man8/unbound-checkconf.8 $(DESTDIR)$(mandir)/man5/unbound.conf.5 $(DESTDIR)$(mandir)/man8/unbound-control.8
	451	rm -f -- $(DESTDIR)$(sbindir)/unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-host$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-anchor$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control-setup
	452	rm -f -- $(DESTDIR)$(mandir)/man8/unbound.8 $(DESTDIR)$(mandir)/man8/unbound-checkconf.8 $(DESTDIR)$(mandir)/man5/unbound.conf.5 $(DESTDIR)$(mandir)/man8/unbound-control.8 $(DESTDIR)$(mandir)/man8/unbound-anchor.8
412	453	rm -f -- $(DESTDIR)$(mandir)/man1/unbound-host.1 $(DESTDIR)$(mandir)/man3/libunbound.3
413	454	rm -f -- $(DESTDIR)$(includedir)/unbound.h
414	455	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la

-3

acx_nlnetlabs.m4 less more

1	1	# Copyright 2009, Wouter Wijngaards, NLnet Labs.
2	2	# BSD licensed.
3	3	#
4		# Version 10
	4	# Version 11
	5	# 2010-08-16 Fix FLAG_OMITTED for AS_TR_CPP changes in autoconf-2.66.
5	6	# 2010-07-02 Add check for ss_family (for minix).
6	7	# 2010-04-26 Fix to use CPPFLAGS for CHECK_COMPILER_FLAGS.
7	8	# 2010-03-01 Fix RPATH using CONFIG_COMMANDS to run at the very end.

1191	1192	[
1192	1193	if echo $CFLAGS \| grep " $1" >/dev/null 2>&1; then
1193	1194	CFLAGS="`echo $CFLAGS \| sed -e 's/ $1//g'`"
1194		AC_DEFINE(AS_TR_CPP(OMITTED_$1), 1, Put $1 define in config.h)
	1195	AC_DEFINE(m4_bpatsubst(OMITTED_$1,[[-=]],_), 1, Put $1 define in config.h)
1195	1196	fi
1196	1197	])
1197	1198

1222	1223	dnl Wrapper for AHX_CONFIG_FLAG_OMITTED for -D style flags
1223	1224	dnl $1: the -DNAME or -DNAME=value string.
1224	1225	AC_DEFUN([AHX_CONFIG_FLAG_EXT],
1225		[AHX_CONFIG_FLAG_OMITTED(AS_TR_CPP(OMITTED_$1),m4_bpatsubst(m4_bpatsubst($1,-D,),=.$,),m4_if(m4_bregexp($1,=),-1,1,m4_bpatsubst($1,^.=,)))
	1226	[AHX_CONFIG_FLAG_OMITTED(m4_bpatsubst(OMITTED_$1,[[-=]],_),m4_bpatsubst(m4_bpatsubst($1,-D,),=.$,),m4_if(m4_bregexp($1,=),-1,1,m4_bpatsubst($1,^.=,)))
1226	1227	])
1227	1228
1228	1229	dnl config.h part to define omitted cflags, use with ACX_STRIP_EXT_FLAGS.

-1

compat/ctime_r.c less more

31	31	}
32	32	lock_basic_lock(&ctime_lock);
33	33	result = ctime(timep);
34		if(buf && result)
	34	if(buf && result) {
	35	if(strlen(result) > 10 && result[7]==' ' && result[8]=='0')
	36	result[8]=' '; /* fix error in windows ctime */
35	37	strcpy(buf, result);
	38	}
36	39	lock_basic_unlock(&ctime_lock);
37	40	return result;
38	41	}

+347

-0

compat/strptime.c less more

	0	/** strptime workaround (for oa macos leopard)
	1	* This strptime follows the man strptime (2001-11-12)
	2	* conforming to SUSv2, POSIX.1-2001
	3	*
	4	* This very simple version of strptime has no:
	5	* - E alternatives
	6	* - O alternatives
	7	* - Glibc additions
	8	* - Does not process week numbers
	9	* - Does not properly processes year day
	10	*
	11	* LICENSE
	12	* Copyright (c) 2008, NLnet Labs, Matthijs Mekking
	13	* All rights reserved.
	14	*
	15	* Redistribution and use in source and binary forms, with or without
	16	* modification, are permitted provided that the following conditions are met:
	17	* * Redistributions of source code must retain the above copyright notice,
	18	* this list of conditions and the following disclaimer.
	19	* * Redistributions in binary form must reproduce the above copyright
	20	* notice, this list of conditions and the following disclaimer in the
	21	* documentation and/or other materials provided with the distribution.
	22	* * Neither the name of NLnetLabs nor the names of its
	23	* contributors may be used to endorse or promote products derived from this
	24	* software without specific prior written permission.
	25	*
	26	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	27	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	28	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	29	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
	30	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	31	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	32	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	33	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	34	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	35	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	36	* POSSIBILITY OF SUCH DAMAGE.
	37	**/
	38
	39	#include "config.h"
	40
	41	#ifndef HAVE_CONFIG_H
	42	#include <time.h>
	43	#endif
	44
	45	#ifndef STRPTIME_WORKS
	46
	47	#define TM_YEAR_BASE 1900
	48
	49	#include <ctype.h>
	50	#include <string.h>
	51
	52	static const char *abb_weekdays[] = {
	53	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
	54	};
	55	static const char *full_weekdays[] = {
	56	"Sunday", "Monday", "Tuesday", "Wednesday",
	57	"Thursday", "Friday", "Saturday", NULL
	58	};
	59	static const char *abb_months[] = {
	60	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
	61	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL
	62	};
	63	static const char *full_months[] = {
	64	"January", "February", "March", "April", "May", "June",
	65	"July", "August", "September", "October", "November", "December", NULL
	66	};
	67	static const char *ampm[] = {
	68	"am", "pm", NULL
	69	};
	70
	71	static int
	72	match_string(const char buf, const char strs)
	73	{
	74	int i = 0;
	75
	76	for (i = 0; strs[i] != NULL; i++) {
	77	int len = strlen(strs[i]);
	78	if (strncasecmp (*buf, strs[i], len) == 0) {
	79	*buf += len;
	80	return i;
	81	}
	82	}
	83	return -1;
	84	}
	85
	86	static int
	87	str2int(const char **buf, int max)
	88	{
	89	int ret=0, count=0;
	90
	91	while (buf[0] != '\0' && isdigit(buf[0]) && count<max) {
	92	ret = ret10 + (buf[0] - '0');
	93	(*buf)++;
	94	count++;
	95	}
	96
	97	if (!count)
	98	return -1;
	99	return ret;
	100	}
	101
	102	/** Converts the character string s to values which are stored in tm
	103	* using the format specified by format
	104	**/
	105	char *
	106	unbound_strptime(const char s, const char format, struct tm *tm)
	107	{
	108	int c, alt_format, ret;
	109	int split_year = 0;
	110
	111	while ((c = *format) != '\0') {
	112	alt_format = 0;
	113
	114	/* whitespace, literal or format */
	115	if (isspace(c)) { /* whitespace */
	116	/** whitespace matches zero or more whitespace characters in the
	117	* input string.
	118	**/
	119	while (isspace(*s))
	120	s++;
	121	}
	122	else if (c == '%') { /* format */
	123	format++;
	124	c = *format;
	125	switch (c) {
	126	case '%': /* %% is converted to % */
	127	if (*s != c) {
	128	return NULL;
	129	}
	130	s++;
	131	break;
	132	case 'a': /* weekday name, abbreviated or full */
	133	case 'A':
	134	ret = match_string(&s, full_weekdays);
	135	if (ret < 0)
	136	ret = match_string(&s, abb_weekdays);
	137	if (ret < 0) {
	138	return NULL;
	139	}
	140	tm->tm_wday = ret;
	141	break;
	142	case 'b': /* month name, abbreviated or full */
	143	case 'B':
	144	case 'h':
	145	ret = match_string(&s, full_months);
	146	if (ret < 0)
	147	ret = match_string(&s, abb_months);
	148	if (ret < 0) {
	149	return NULL;
	150	}
	151	tm->tm_mon = ret;
	152	break;
	153	case 'c': /* date and time representation */
	154	if (!(s = unbound_strptime(s, "%x %X", tm))) {
	155	return NULL;
	156	}
	157	break;
	158	case 'C': /* century number */
	159	ret = str2int(&s, 2);
	160	if (ret < 0 \|\| ret > 99) { /* must be in [00,99] */
	161	return NULL;
	162	}
	163
	164	if (split_year) {
	165	tm->tm_year = ret*100 + (tm->tm_year%100);
	166	}
	167	else {
	168	tm->tm_year = ret*100 - TM_YEAR_BASE;
	169	split_year = 1;
	170	}
	171	break;
	172	case 'd': /* day of month */
	173	case 'e':
	174	ret = str2int(&s, 2);
	175	if (ret < 1 \|\| ret > 31) { /* must be in [01,31] */
	176	return NULL;
	177	}
	178	tm->tm_mday = ret;
	179	break;
	180	case 'D': /* equivalent to %m/%d/%y */
	181	if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) {
	182	return NULL;
	183	}
	184	break;
	185	case 'H': /* hour */
	186	ret = str2int(&s, 2);
	187	if (ret < 0 \|\| ret > 23) { /* must be in [00,23] */
	188	return NULL;
	189	}
	190	tm->tm_hour = ret;
	191	break;
	192	case 'I': /* 12hr clock hour */
	193	ret = str2int(&s, 2);
	194	if (ret < 1 \|\| ret > 12) { /* must be in [01,12] */
	195	return NULL;
	196	}
	197	if (ret == 12) /* actually [0,11] */
	198	ret = 0;
	199	tm->tm_hour = ret;
	200	break;
	201	case 'j': /* day of year */
	202	ret = str2int(&s, 2);
	203	if (ret < 1 \|\| ret > 366) { /* must be in [001,366] */
	204	return NULL;
	205	}
	206	tm->tm_yday = ret;
	207	break;
	208	case 'm': /* month */
	209	ret = str2int(&s, 2);
	210	if (ret < 1 \|\| ret > 12) { /* must be in [01,12] */
	211	return NULL;
	212	}
	213	/* months go from 0-11 */
	214	tm->tm_mon = (ret-1);
	215	break;
	216	case 'M': /* minute */
	217	ret = str2int(&s, 2);
	218	if (ret < 0 \|\| ret > 59) { /* must be in [00,59] */
	219	return NULL;
	220	}
	221	tm->tm_min = ret;
	222	break;
	223	case 'n': /* arbitrary whitespace */
	224	case 't':
	225	while (isspace(*s))
	226	s++;
	227	break;
	228	case 'p': /* am pm */
	229	ret = match_string(&s, ampm);
	230	if (ret < 0) {
	231	return NULL;
	232	}
	233	if (tm->tm_hour < 0 \|\| tm->tm_hour > 11) { /* %I */
	234	return NULL;
	235	}
	236
	237	if (ret == 1) /* pm */
	238	tm->tm_hour += 12;
	239	break;
	240	case 'r': /* equivalent of %I:%M:%S %p */
	241	if (!(s = unbound_strptime(s, "%I:%M:%S %p", tm))) {
	242	return NULL;
	243	}
	244	break;
	245	case 'R': /* equivalent of %H:%M */
	246	if (!(s = unbound_strptime(s, "%H:%M", tm))) {
	247	return NULL;
	248	}
	249	break;
	250	case 'S': /* seconds */
	251	ret = str2int(&s, 2);
	252	/* 60 may occur for leap seconds */
	253	/* earlier 61 was also allowed */
	254	if (ret < 0 \|\| ret > 60) { /* must be in [00,60] */
	255	return NULL;
	256	}
	257	tm->tm_sec = ret;
	258	break;
	259	case 'T': /* equivalent of %H:%M:%S */
	260	if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) {
	261	return NULL;
	262	}
	263	break;
	264	case 'U': /* week number, with the first Sun of Jan being w1 */
	265	ret = str2int(&s, 2);
	266	if (ret < 0 \|\| ret > 53) { /* must be in [00,53] */
	267	return NULL;
	268	}
	269	/** it is hard (and not necessary for nsd) to determine time
	270	* data from week number.
	271	**/
	272	break;
	273	case 'w': /* day of week */
	274	ret = str2int(&s, 1);
	275	if (ret < 0 \|\| ret > 6) { /* must be in [0,6] */
	276	return NULL;
	277	}
	278	tm->tm_wday = ret;
	279	break;
	280	case 'W': /* week number, with the first Mon of Jan being w1 */
	281	ret = str2int(&s, 2);
	282	if (ret < 0 \|\| ret > 53) { /* must be in [00,53] */
	283	return NULL;
	284	}
	285	/** it is hard (and not necessary for nsd) to determine time
	286	* data from week number.
	287	**/
	288	break;
	289	case 'x': /* date format */
	290	if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) {
	291	return NULL;
	292	}
	293	break;
	294	case 'X': /* time format */
	295	if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) {
	296	return NULL;
	297	}
	298	break;
	299	case 'y': /* last two digits of a year */
	300	ret = str2int(&s, 2);
	301	if (ret < 0 \|\| ret > 99) { /* must be in [00,99] */
	302	return NULL;
	303	}
	304	if (split_year) {
	305	tm->tm_year = ((tm->tm_year/100) * 100) + ret;
	306	}
	307	else {
	308	split_year = 1;
	309
	310	/** currently:
	311	* if in [0,68] we are in 21th century,
	312	* if in [69,99] we are in 20th century.
	313	**/
	314	if (ret < 69) /* 2000 */
	315	ret += 100;
	316	tm->tm_year = ret;
	317	}
	318	break;
	319	case 'Y': /* year */
	320	ret = str2int(&s, 4);
	321	if (ret < 0 \|\| ret > 9999) {
	322	return NULL;
	323	}
	324	tm->tm_year = ret - TM_YEAR_BASE;
	325	break;
	326	case '\0':
	327	default: /* unsupported, cannot match format */
	328	return NULL;
	329	break;
	330	}
	331	}
	332	else { /* literal */
	333	/* if input cannot match format, return NULL */
	334	if (*s != c)
	335	return NULL;
	336	s++;
	337	}
	338
	339	format++;
	340	}
	341
	342	/* return pointer to remainder of s */
	343	return (char*) s;
	344	}
	345
	346	#endif /* STRPTIME_WORKS */

+25

-1

config.h.in less more

80	80	/* Define to 1 if you have the `EVP_sha512' function. */
81	81	#undef HAVE_EVP_SHA512
82	82
	83	/* Define to 1 if you have the `ev_default_loop' function. */
	84	#undef HAVE_EV_DEFAULT_LOOP
	85
83	86	/* Define to 1 if you have the `ev_loop' function. */
84	87	#undef HAVE_EV_LOOP
	88
	89	/* Define to 1 if you have the <expat.h> header file. */
	90	#undef HAVE_EXPAT_H
85	91
86	92	/* Define to 1 if you have the `fcntl' function. */
87	93	#undef HAVE_FCNTL

285	291	/* Define to 1 if you have the `strlcpy' function. */
286	292	#undef HAVE_STRLCPY
287	293
	294	/* Define to 1 if you have the `strptime' function. */
	295	#undef HAVE_STRPTIME
	296
288	297	/* Define if you have Swig libraries and header files. */
289	298	#undef HAVE_SWIG
290	299

426	435	/* Define as the return type of signal handlers (`int' or `void'). */
427	436	#undef RETSIGTYPE
428	437
	438	/* default rootkey location */
	439	#undef ROOT_ANCHOR_FILE
	440
	441	/* default rootcert location */
	442	#undef ROOT_CERT_FILE
	443
429	444	/* version number for resource files */
430	445	#undef RSRC_PACKAGE_VERSION
431	446

437	452
438	453	/* Define to 1 if you have the ANSI C header files. */
439	454	#undef STDC_HEADERS
	455
	456	/* use default strptime. */
	457	#undef STRPTIME_WORKS
440	458
441	459	/* Use win32 resources and API */
442	460	#undef UB_ON_WINDOWS

802	820	char ctime_r(const time_t timep, char *buf);
803	821	#endif
804	822
805		#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && (defined(HAVE_PTHREAD) \|\| defined(HAVE_SOLARIS_THREADS))
	823	#if !defined(HAVE_STRPTIME) \|\| !defined(STRPTIME_WORKS)
	824	#define strptime unbound_strptime
	825	struct tm;
	826	char strptime(const char s, const char format, struct tm tm);
	827	#endif
	828
	829	#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) \|\| defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) \|\| defined(HAVE_SOLARIS_THREADS))
806	830	/* using version of libevent that is not threadsafe. */
807	831	# define LIBEVENT_SIGNAL_PROBLEM 1
808	832	#endif

+243

-109

configure less more

0	0	#! /bin/sh
1	1	# Guess values for system-dependent variables and create Makefiles.
2		# Generated by GNU Autoconf 2.65 for unbound 1.4.6.
	2	# Generated by GNU Autoconf 2.65 for unbound 1.4.8.
3	3	#
4	4	# Report bugs to <unbound-bugs@nlnetlabs.nl>.
5	5	#

700	700	# Identity of this package.
701	701	PACKAGE_NAME='unbound'
702	702	PACKAGE_TARNAME='unbound'
703		PACKAGE_VERSION='1.4.6'
704		PACKAGE_STRING='unbound 1.4.6'
	703	PACKAGE_VERSION='1.4.8'
	704	PACKAGE_STRING='unbound 1.4.8'
705	705	PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
706	706	PACKAGE_URL=''
707	707

796	796	debug_enabled
797	797	DEPFLAG
798	798	UNBOUND_USERNAME
	799	UNBOUND_ROOTCERT_FILE
	800	UNBOUND_ROOTKEY_FILE
799	801	UNBOUND_PIDFILE
800	802	UNBOUND_SHARE_DIR
801	803	UNBOUND_CHROOT_DIR

872	874	with_chroot_dir
873	875	with_share_dir
874	876	with_pidfile
	877	with_rootkey_file
	878	with_rootcert_file
875	879	with_username
876	880	enable_checking
877	881	enable_debug

891	895	enable_sha2
892	896	enable_gost
893	897	with_libevent
	898	with_libexpat
894	899	enable_staticexe
895	900	enable_lock_checks
896	901	enable_alloc_checks

1452	1457	# Omit some internal or obsolete options to make the list less imposing.
1453	1458	# This message is too long to be a string in the A/UX 3.1 sh.
1454	1459	cat <<_ACEOF
1455		\`configure' configures unbound 1.4.6 to adapt to many kinds of systems.
	1460	\`configure' configures unbound 1.4.8 to adapt to many kinds of systems.
1456	1461
1457	1462	Usage: $0 [OPTION]... [VAR=VALUE]...
1458	1463

1518	1523
1519	1524	if test -n "$ac_init_help"; then
1520	1525	case $ac_init_help in
1521		short \| recursive ) echo "Configuration of unbound 1.4.6:";;
	1526	short \| recursive ) echo "Configuration of unbound 1.4.8:";;
1522	1527	esac
1523	1528	cat <<\_ACEOF
1524	1529

1536	1541	--disable-rpath disable hardcoded rpath (default=enabled)
1537	1542	--disable-largefile omit support for large files
1538	1543	--disable-sha2 Disable SHA256 and SHA512 RRSIG support
1539		--enable-gost Enable GOST support, experimental
	1544	--disable-gost Disable GOST support
1540	1545	--enable-static-exe enable to compile executables statically against
1541	1546	event, ldns libs, for debug purposes
1542	1547	--enable-lock-checks enable to check lock and unlock calls, for debug

1562	1567	same as share/unbound)
1563	1568	--with-pidfile=filename set default pathname to unbound pidfile (default
1564	1569	run-dir/unbound.pid)
	1570	--with-rootkey-file=filename
	1571	set default pathname to root key file (default
	1572	run-dir/root.key). This file is read and written.
	1573	--with-rootcert-file=filename
	1574	set default pathname to root update certificate file
	1575	(default run-dir/icannbundle.pem). This file need
	1576	not exist if you are content with the builtin.
1565	1577	--with-username=user set default user that unbound changes to (default
1566	1578	user is unbound)
1567	1579	--with-pic try to use only PIC/non-PIC objects [default=use

1582	1594	/usr/lib /usr/pkg /usr/sfw /usr or you can specify
1583	1595	an explicit path). Slower, but allows use of large
1584	1596	outgoing port ranges.
	1597	--with-libexpat=path specify explicit path for libexpat.
1585	1598	--with-ldns=PATH specify prefix of path of ldns library to use
1586	1599	--with-ldns-builtin forces use of package included with this one
1587	1600

1670	1683	test -n "$ac_init_help" && exit $ac_status
1671	1684	if $ac_init_version; then
1672	1685	cat <<\_ACEOF
1673		unbound configure 1.4.6
	1686	unbound configure 1.4.8
1674	1687	generated by GNU Autoconf 2.65
1675	1688
1676	1689	Copyright (C) 2009 Free Software Foundation, Inc.

2134	2147	This file contains any messages produced by compilers while
2135	2148	running configure, to aid debugging if configure makes a mistake.
2136	2149
2137		It was created by unbound $as_me 1.4.6, which was
	2150	It was created by unbound $as_me 1.4.8, which was
2138	2151	generated by GNU Autoconf 2.65. Invocation command line was
2139	2152
2140	2153	$ $0 $@

2483	2496
2484	2497
2485	2498	LIBUNBOUND_CURRENT=2
2486		LIBUNBOUND_REVISION=6
	2499	LIBUNBOUND_REVISION=8
2487	2500	LIBUNBOUND_AGE=0
2488	2501	# 1.0.0 had 0:12:0
2489	2502	# 1.0.1 had 0:13:0

2505	2518	# 1.4.4 had 2:4:0
2506	2519	# 1.4.5 had 2:5:0
2507	2520	# 1.4.6 had 2:6:0
	2521	# 1.4.7 had 2:7:0
	2522	# 1.4.8 had 2:8:0
2508	2523
2509	2524	# Current -- the number of the binary API that we're implementing
2510	2525	# Revision -- which iteration of the implementation of the binary

4058	4073
4059	4074
4060	4075
	4076	# Check whether --with-rootkey-file was given.
	4077	if test "${with_rootkey_file+set}" = set; then :
	4078	withval=$with_rootkey_file; UNBOUND_ROOTKEY_FILE="$withval"
	4079	else
	4080	if test $on_mingw = no; then
	4081	UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key"
	4082	else
	4083	UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key"
	4084	fi
	4085
	4086	fi
	4087
	4088
	4089	hdr_rkey="`echo $UNBOUND_ROOTKEY_FILE \| sed -e 's/\\\\/\\\\\\\\/g'`"
	4090
	4091
	4092	cat >>confdefs.h <<_ACEOF
	4093	#define ROOT_ANCHOR_FILE "$hdr_rkey"
	4094	_ACEOF
	4095
	4096
	4097
	4098	# Check whether --with-rootcert-file was given.
	4099	if test "${with_rootcert_file+set}" = set; then :
	4100	withval=$with_rootcert_file; UNBOUND_ROOTCERT_FILE="$withval"
	4101	else
	4102	if test $on_mingw = no; then
	4103	UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem"
	4104	else
	4105	UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem"
	4106	fi
	4107
	4108	fi
	4109
	4110
	4111	hdr_rpem="`echo $UNBOUND_ROOTCERT_FILE \| sed -e 's/\\\\/\\\\\\\\/g'`"
	4112
	4113
	4114	cat >>confdefs.h <<_ACEOF
	4115	#define ROOT_CERT_FILE "$hdr_rpem"
	4116	_ACEOF
	4117
	4118
	4119
4061	4120	# Check whether --with-username was given.
4062	4121	if test "${with_username+set}" = set; then :
4063	4122	withval=$with_username; UNBOUND_USERNAME="$withval"

5528	5587	fi
5529	5588
5530	5589
5531
5532
5533		# for Sun studio 11.
5534
5535
5536		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -xO4" >&5
5537		$as_echo_n "checking whether $CC supports -xO4... " >&6; }
5538		cache=`echo xO4 \| sed 'y%.=/+-%___p_%'`
5539		if { as_var=cv_prog_cc_flag_$cache; eval "test \"\${$as_var+set}\" = set"; }; then :
5540		$as_echo_n "(cached) " >&6
5541		else
5542
5543		echo 'void f(){}' >conftest.c
5544		if test -z "`$CC $CPPFLAGS $CFLAGS -xO4 -c conftest.c 2>&1`"; then
5545		eval "cv_prog_cc_flag_$cache=yes"
5546		else
5547		eval "cv_prog_cc_flag_$cache=no"
5548		fi
5549		rm -f conftest conftest.o conftest.c
5550
5551		fi
5552
5553		if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
5554		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5555		$as_echo "yes" >&6; }
5556		:
5557		CFLAGS="$CFLAGS -xO4"
5558		else
5559		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5560		$as_echo "no" >&6; }
5561		:
5562
5563		fi
5564
5565
5566
5567		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -xtarget=generic" >&5
5568		$as_echo_n "checking whether $CC supports -xtarget=generic... " >&6; }
5569		cache=`echo xtarget=generic \| sed 'y%.=/+-%___p_%'`
5570		if { as_var=cv_prog_cc_flag_$cache; eval "test \"\${$as_var+set}\" = set"; }; then :
5571		$as_echo_n "(cached) " >&6
5572		else
5573
5574		echo 'void f(){}' >conftest.c
5575		if test -z "`$CC $CPPFLAGS $CFLAGS -xtarget=generic -c conftest.c 2>&1`"; then
5576		eval "cv_prog_cc_flag_$cache=yes"
5577		else
5578		eval "cv_prog_cc_flag_$cache=no"
5579		fi
5580		rm -f conftest conftest.o conftest.c
5581
5582		fi
5583
5584		if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
5585		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5586		$as_echo "yes" >&6; }
5587		:
5588		CFLAGS="$CFLAGS -xtarget=generic"
5589		else
5590		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5591		$as_echo "no" >&6; }
5592		:
5593
5594		fi
5595	5590
5596	5591
5597	5592	# debug mode flags warnings

6817	6812	else
6818	6813	lt_cv_nm_interface="BSD nm"
6819	6814	echo "int some_variable = 0;" > conftest.$ac_ext
6820		(eval echo "\"\$as_me:6821: $ac_compile\"" >&5)
	6815	(eval echo "\"\$as_me:6816: $ac_compile\"" >&5)
6821	6816	(eval "$ac_compile" 2>conftest.err)
6822	6817	cat conftest.err >&5
6823		(eval echo "\"\$as_me:6824: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
	6818	(eval echo "\"\$as_me:6819: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
6824	6819	(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
6825	6820	cat conftest.err >&5
6826		(eval echo "\"\$as_me:6827: output\"" >&5)
	6821	(eval echo "\"\$as_me:6822: output\"" >&5)
6827	6822	cat conftest.out >&5
6828	6823	if $GREP 'External.*some_variable' conftest.out > /dev/null; then
6829	6824	lt_cv_nm_interface="MS dumpbin"

8028	8023	;;
8029	8024	--irix6*)
8030	8025	# Find out which ABI we are using.
8031		echo '#line 8032 "configure"' > conftest.$ac_ext
	8026	echo '#line 8027 "configure"' > conftest.$ac_ext
8032	8027	if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
8033	8028	(eval $ac_compile) 2>&5
8034	8029	ac_status=$?

9288	9283	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
9289	9284	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
9290	9285	-e 's:$: $lt_compiler_flag:'`
9291		(eval echo "\"\$as_me:9292: $lt_compile\"" >&5)
	9286	(eval echo "\"\$as_me:9287: $lt_compile\"" >&5)
9292	9287	(eval "$lt_compile" 2>conftest.err)
9293	9288	ac_status=$?
9294	9289	cat conftest.err >&5
9295		echo "$as_me:9296: \$? = $ac_status" >&5
	9290	echo "$as_me:9291: \$? = $ac_status" >&5
9296	9291	if (exit $ac_status) && test -s "$ac_outfile"; then
9297	9292	# The compiler can only warn and ignore the option if not recognized
9298	9293	# So say no if there are warnings other than the usual output.

9627	9622	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
9628	9623	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
9629	9624	-e 's:$: $lt_compiler_flag:'`
9630		(eval echo "\"\$as_me:9631: $lt_compile\"" >&5)
	9625	(eval echo "\"\$as_me:9626: $lt_compile\"" >&5)
9631	9626	(eval "$lt_compile" 2>conftest.err)
9632	9627	ac_status=$?
9633	9628	cat conftest.err >&5
9634		echo "$as_me:9635: \$? = $ac_status" >&5
	9629	echo "$as_me:9630: \$? = $ac_status" >&5
9635	9630	if (exit $ac_status) && test -s "$ac_outfile"; then
9636	9631	# The compiler can only warn and ignore the option if not recognized
9637	9632	# So say no if there are warnings other than the usual output.

9732	9727	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
9733	9728	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
9734	9729	-e 's:$: $lt_compiler_flag:'`
9735		(eval echo "\"\$as_me:9736: $lt_compile\"" >&5)
	9730	(eval echo "\"\$as_me:9731: $lt_compile\"" >&5)
9736	9731	(eval "$lt_compile" 2>out/conftest.err)
9737	9732	ac_status=$?
9738	9733	cat out/conftest.err >&5
9739		echo "$as_me:9740: \$? = $ac_status" >&5
	9734	echo "$as_me:9735: \$? = $ac_status" >&5
9740	9735	if (exit $ac_status) && test -s out/conftest2.$ac_objext
9741	9736	then
9742	9737	# The compiler can only warn and ignore the option if not recognized

9787	9782	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
9788	9783	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
9789	9784	-e 's:$: $lt_compiler_flag:'`
9790		(eval echo "\"\$as_me:9791: $lt_compile\"" >&5)
	9785	(eval echo "\"\$as_me:9786: $lt_compile\"" >&5)
9791	9786	(eval "$lt_compile" 2>out/conftest.err)
9792	9787	ac_status=$?
9793	9788	cat out/conftest.err >&5
9794		echo "$as_me:9795: \$? = $ac_status" >&5
	9789	echo "$as_me:9790: \$? = $ac_status" >&5
9795	9790	if (exit $ac_status) && test -s out/conftest2.$ac_objext
9796	9791	then
9797	9792	# The compiler can only warn and ignore the option if not recognized

12157	12152	lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
12158	12153	lt_status=$lt_dlunknown
12159	12154	cat > conftest.$ac_ext <<_LT_EOF
12160		#line 12161 "configure"
	12155	#line 12156 "configure"
12161	12156	#include "confdefs.h"
12162	12157
12163	12158	#if HAVE_DLFCN_H

12253	12248	lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
12254	12249	lt_status=$lt_dlunknown
12255	12250	cat > conftest.$ac_ext <<_LT_EOF
12256		#line 12257 "configure"
	12251	#line 12252 "configure"
12257	12252	#include "confdefs.h"
12258	12253
12259	12254	#if HAVE_DLFCN_H

15311	15306
15312	15307	use_gost="no"
15313	15308	case "$enable_gost" in
15314		yes)
	15309	no)
	15310	;;
	15311	*)
15315	15312	ac_fn_c_check_func "$LINENO" "EVP_PKEY_set_type_str" "ac_cv_func_EVP_PKEY_set_type_str"
15316	15313	if test "x$ac_cv_func_EVP_PKEY_set_type_str" = x""yes; then :
15317	15314	:

15319	15316	as_fn_error "OpenSSL 1.0.0 is needed for GOST support" "$LINENO" 5
15320	15317	fi
15321	15318
	15319	ac_fn_c_check_func "$LINENO" "EC_KEY_new" "ac_cv_func_EC_KEY_new"
	15320	if test "x$ac_cv_func_EC_KEY_new" = x""yes; then :
	15321
	15322	else
	15323	as_fn_error "OpenSSL does not support ECC, needed for GOST support" "$LINENO" 5
	15324	fi
	15325
15322	15326	use_gost="yes"
15323	15327
15324	15328	$as_echo "#define USE_GOST 1" >>confdefs.h
15325
15326		;;
15327		no)
15328		;;
15329		*) ac_fn_c_check_func "$LINENO" "EVP_PKEY_set_type_str" "ac_cv_func_EVP_PKEY_set_type_str"
15330		if test "x$ac_cv_func_EVP_PKEY_set_type_str" = x""yes; then :
15331
15332		use_gost="yes"
15333
15334		$as_echo "#define USE_GOST 1" >>confdefs.h
15335
15336		fi
15337	15329
15338	15330	;;
15339	15331	esac

15654	15646	fi
15655	15647	done
15656	15648	# only in libev. (tested on 3.51)
	15649	for ac_func in ev_default_loop
	15650	do :
	15651	ac_fn_c_check_func "$LINENO" "ev_default_loop" "ac_cv_func_ev_default_loop"
	15652	if test "x$ac_cv_func_ev_default_loop" = x""yes; then :
	15653	cat >>confdefs.h <<_ACEOF
	15654	#define HAVE_EV_DEFAULT_LOOP 1
	15655	_ACEOF
	15656
	15657	fi
	15658	done
	15659	# only in libev. (tested on 4.00)
15657	15660	if test -n "$BAK_LDFLAGS_SET"; then
15658	15661	LDFLAGS="$BAK_LDFLAGS"
15659	15662	fi

15662	15665	$as_echo "#define USE_MINI_EVENT 1" >>confdefs.h
15663	15666
15664	15667	fi
	15668
	15669	# check for libexpat
	15670
	15671	# Check whether --with-libexpat was given.
	15672	if test "${with_libexpat+set}" = set; then :
	15673	withval=$with_libexpat;
	15674	else
	15675	withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
	15676	fi
	15677
	15678	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
	15679	$as_echo_n "checking for libexpat... " >&6; }
	15680	found_libexpat="no"
	15681	for dir in $withval ; do
	15682	if test -f "$dir/include/expat.h"; then
	15683	found_libexpat="yes"
	15684	if test "$dir" != "/usr"; then
	15685	CPPFLAGS="$CPPFLAGS -I$dir/include"
	15686	LDFLAGS="$LDFLAGS -L$dir/lib"
	15687	fi
	15688	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5
	15689	$as_echo "found in $dir" >&6; }
	15690	break;
	15691	fi
	15692	done
	15693	if test x_$found_libexpat != x_yes; then
	15694	as_fn_error "Could not find libexpat, expat.h" "$LINENO" 5
	15695	fi
	15696	for ac_header in expat.h
	15697	do :
	15698	ac_fn_c_check_header_compile "$LINENO" "expat.h" "ac_cv_header_expat_h" "$ac_includes_default
	15699	"
	15700	if test "x$ac_cv_header_expat_h" = x""yes; then :
	15701	cat >>confdefs.h <<_ACEOF
	15702	#define HAVE_EXPAT_H 1
	15703	_ACEOF
	15704
	15705	fi
	15706
	15707	done
	15708
15665	15709
15666	15710	# set static linking if requested
15667	15711

16095	16139
16096	16140	fi
16097	16141
	16142	# check wether strptime also works
	16143	for ac_func in strptime
	16144	do :
	16145	ac_fn_c_check_func "$LINENO" "strptime" "ac_cv_func_strptime"
	16146	if test "x$ac_cv_func_strptime" = x""yes; then :
	16147	cat >>confdefs.h <<_ACEOF
	16148	#define HAVE_STRPTIME 1
	16149	_ACEOF
	16150
	16151	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strptime works" >&5
	16152	$as_echo_n "checking whether strptime works... " >&6; }
	16153	if test c${cross_compiling} = cno; then
	16154	if test "$cross_compiling" = yes; then :
	16155	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
	16156	$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
	16157	as_fn_error "cannot run test program while cross compiling
	16158	See \`config.log' for more details." "$LINENO" 5; }
	16159	else
	16160	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	16161	/* end confdefs.h. */
	16162
	16163	#define _XOPEN_SOURCE
	16164	#include <time.h>
	16165	int main(void) { struct tm tm; char *res;
	16166	res = strptime("20070207111842", "%Y%m%d%H%M%S", &tm);
	16167	if (!res) return 1; return 0; }
	16168
	16169	_ACEOF
	16170	if ac_fn_c_try_run "$LINENO"; then :
	16171	eval "ac_cv_c_strptime_works=yes"
	16172	else
	16173	eval "ac_cv_c_strptime_works=no"
	16174	fi
	16175	rm -f core .core core.conftest. gmon.out bb.out conftest$ac_exeext \
	16176	conftest.$ac_objext conftest.beam conftest.$ac_ext
	16177	fi
	16178
	16179	else
	16180	eval "ac_cv_c_strptime_works=maybe"
	16181	fi
	16182	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_strptime_works" >&5
	16183	$as_echo "$ac_cv_c_strptime_works" >&6; }
	16184	if test $ac_cv_c_strptime_works = no; then
	16185	case " $LIBOBJS " in
	16186	" strptime.$ac_objext " ) ;;
	16187	*) LIBOBJS="$LIBOBJS strptime.$ac_objext"
	16188	;;
	16189	esac
	16190
	16191	else
	16192
	16193	cat >>confdefs.h <<_ACEOF
	16194	#define STRPTIME_WORKS 1
	16195	_ACEOF
	16196
	16197	fi
	16198
	16199	else
	16200	case " $LIBOBJS " in
	16201	" strptime.$ac_objext " ) ;;
	16202	*) LIBOBJS="$LIBOBJS strptime.$ac_objext"
	16203	;;
	16204	esac
	16205
	16206	fi
	16207	done
	16208
16098	16209	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing setusercontext" >&5
16099	16210	$as_echo_n "checking for library containing setusercontext... " >&6; }
16100	16211	if test "${ac_cv_search_setusercontext+set}" = set; then :

16377	16488	# Check whether --with-ldns was given.
16378	16489	if test "${with_ldns+set}" = set; then :
16379	16490	withval=$with_ldns; specialldnsdir="$withval"
16380		if test "$withval" != ""; then
16381		CPPFLAGS="-I$withval/include $CPPFLAGS"
16382		LDFLAGS="-L$withval -L$withval/lib $LDFLAGS"
	16491	if test "$withval" != "yes"; then
	16492	if test "$withval" != ""; then
	16493	CPPFLAGS="-I$withval/include $CPPFLAGS"
	16494	LDFLAGS="-L$withval -L$withval/lib $LDFLAGS"
16383	16495
16384	16496	if test "x$enable_rpath" = xyes; then
16385	16497	if echo "$withval/lib" \| grep "^/" >/dev/null; then

16387	16499	fi
16388	16500	fi
16389	16501
	16502	fi
	16503	ldnsdir="$withval"
	16504
16390	16505	fi
16391		ldnsdir="$withval"
16392
16393	16506
16394	16507	fi
16395	16508

16483	16596	for ac_header in ldns/ldns.h
16484	16597	do :
16485	16598	ac_fn_c_check_header_compile "$LINENO" "ldns/ldns.h" "ac_cv_header_ldns_ldns_h" "$ac_includes_default
	16599	#ifdef HAVE_SYS_SOCKET_H
	16600	#include <sys/socket.h>
	16601	#endif
	16602
	16603	#ifdef HAVE_NETINET_IN_H
	16604	#include <netinet/in.h>
	16605	#endif
	16606
	16607	#ifdef HAVE_ARPA_INET_H
	16608	#include <arpa/inet.h>
	16609	#endif
	16610
	16611	#ifdef HAVE_WINSOCK2_H
	16612	#include <winsock2.h>
	16613	#endif
	16614
	16615	#ifdef HAVE_WS2TCPIP_H
	16616	#include <ws2tcpip.h>
	16617	#endif
	16618
16486	16619	"
16487	16620	if test "x$ac_cv_header_ldns_ldns_h" = x""yes; then :
16488	16621	cat >>confdefs.h <<_ACEOF

16500	16633	-a $ac_cv_func_ldns_key_EVP_load_gost_id = yes; then
16501	16634	:
16502	16635	else
16503		use_ldns_builtin="yes"
	16636	as_fn_error "No ldns library found (or not recent); install or update ldns library, use --with-ldns=path or --with-ldns-builtin" "$LINENO" 5
16504	16637	fi
16505	16638	fi
16506	16639

16604	16737
16605	16738
16606	16739
16607		ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8"
	16740	ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8"
16608	16741
16609	16742	ac_config_headers="$ac_config_headers config.h"
16610	16743

17113	17246	# report actual input values of CONFIG_FILES etc. instead of their
17114	17247	# values after options handling.
17115	17248	ac_log="
17116		This file was extended by unbound $as_me 1.4.6, which was
	17249	This file was extended by unbound $as_me 1.4.8, which was
17117	17250	generated by GNU Autoconf 2.65. Invocation command line was
17118	17251
17119	17252	CONFIG_FILES = $CONFIG_FILES

17179	17312	cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1
17180	17313	ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
17181	17314	ac_cs_version="\\
17182		unbound config.status 1.4.6
	17315	unbound config.status 1.4.8
17183	17316	configured by $0, generated by GNU Autoconf 2.65,
17184	17317	with options \\"\$ac_cs_config\\"
17185	17318

17559	17692	"doc/example.conf") CONFIG_FILES="$CONFIG_FILES doc/example.conf" ;;
17560	17693	"doc/libunbound.3") CONFIG_FILES="$CONFIG_FILES doc/libunbound.3" ;;
17561	17694	"doc/unbound.8") CONFIG_FILES="$CONFIG_FILES doc/unbound.8" ;;
	17695	"doc/unbound-anchor.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-anchor.8" ;;
17562	17696	"doc/unbound-checkconf.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-checkconf.8" ;;
17563	17697	"doc/unbound.conf.5") CONFIG_FILES="$CONFIG_FILES doc/unbound.conf.5" ;;
17564	17698	"doc/unbound-control.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-control.8" ;;

+122

-25

configure.ac less more

5	5	sinclude(acx_python.m4)
6	6	sinclude(ac_pkg_swig.m4)
7	7
8		AC_INIT(unbound, 1.4.6, unbound-bugs@nlnetlabs.nl, unbound)
	8	AC_INIT(unbound, 1.4.8, unbound-bugs@nlnetlabs.nl, unbound)
9	9
10	10	LIBUNBOUND_CURRENT=2
11		LIBUNBOUND_REVISION=6
	11	LIBUNBOUND_REVISION=8
12	12	LIBUNBOUND_AGE=0
13	13	# 1.0.0 had 0:12:0
14	14	# 1.0.1 had 0:13:0

30	30	# 1.4.4 had 2:4:0
31	31	# 1.4.5 had 2:5:0
32	32	# 1.4.6 had 2:6:0
	33	# 1.4.7 had 2:7:0
	34	# 1.4.8 had 2:8:0
33	35
34	36	# Current -- the number of the binary API that we're implementing
35	37	# Revision -- which iteration of the implementation of the binary

152	154	ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid)
153	155	AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location])
154	156
	157	AC_ARG_WITH(rootkey-file,
	158	AC_HELP_STRING([--with-rootkey-file=filename],
	159	[set default pathname to root key file (default run-dir/root.key). This file is read and written.]),
	160	UNBOUND_ROOTKEY_FILE="$withval",
	161	if test $on_mingw = no; then
	162	UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key"
	163	else
	164	UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key"
	165	fi
	166	)
	167	AC_SUBST(UNBOUND_ROOTKEY_FILE)
	168	ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey)
	169	AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location])
	170
	171	AC_ARG_WITH(rootcert-file,
	172	AC_HELP_STRING([--with-rootcert-file=filename],
	173	[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]),
	174	UNBOUND_ROOTCERT_FILE="$withval",
	175	if test $on_mingw = no; then
	176	UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem"
	177	else
	178	UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem"
	179	fi
	180	)
	181	AC_SUBST(UNBOUND_ROOTCERT_FILE)
	182	ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem)
	183	AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location])
	184
155	185	AC_ARG_WITH(username,
156	186	AC_HELP_STRING([--with-username=user],
157	187	[set default user that unbound changes to (default user is unbound)]),

172	202	AC_PROG_CC
173	203	ACX_DEPFLAG
174	204	ACX_DETERMINE_EXT_FLAGS_UNBOUND
175
176		# for Sun studio 11.
177		ACX_CHECK_COMPILER_FLAG(xO4, [CFLAGS="$CFLAGS -xO4"])
178		ACX_CHECK_COMPILER_FLAG(xtarget=generic, [CFLAGS="$CFLAGS -xtarget=generic"])
179	205
180	206	# debug mode flags warnings
181	207	AC_ARG_ENABLE(checking, AC_HELP_STRING([--enable-checking], [Enable warnings, asserts, makefile-dependencies]))

436	462	;;
437	463	esac
438	464
439		AC_ARG_ENABLE(gost, AC_HELP_STRING([--enable-gost], [Enable GOST support, experimental]))
	465	AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support]))
440	466	use_gost="no"
441	467	case "$enable_gost" in
442		yes)
	468	no)
	469	;;
	470	*)
443	471	AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL 1.0.0 is needed for GOST support])])
	472	AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([OpenSSL does not support ECC, needed for GOST support])])
444	473	use_gost="yes"
445	474	AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])
446		;;
447		no)
448		;;
449		*) dnl default
450		AC_CHECK_FUNC(EVP_PKEY_set_type_str, [
451		use_gost="yes"
452		AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])])
453	475	;;
454	476	esac
455	477

523	545	AC_CHECK_FUNCS([event_base_new]) # only in libevent 1.4.1 and later
524	546	AC_CHECK_FUNCS([event_base_get_method]) # only in libevent 1.4.3 and later
525	547	AC_CHECK_FUNCS([ev_loop]) # only in libev. (tested on 3.51)
	548	AC_CHECK_FUNCS([ev_default_loop]) # only in libev. (tested on 4.00)
526	549	if test -n "$BAK_LDFLAGS_SET"; then
527	550	LDFLAGS="$BAK_LDFLAGS"
528	551	fi
529	552	else
530	553	AC_DEFINE(USE_MINI_EVENT, 1, [Define if you want to use internal select based events])
531	554	fi
	555
	556	# check for libexpat
	557	AC_ARG_WITH(libexpat, AC_HELP_STRING([--with-libexpat=path],
	558	[specify explicit path for libexpat.]),
	559	[ ],[ withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" ])
	560	AC_MSG_CHECKING(for libexpat)
	561	found_libexpat="no"
	562	for dir in $withval ; do
	563	if test -f "$dir/include/expat.h"; then
	564	found_libexpat="yes"
	565	dnl assume /usr is in default path.
	566	if test "$dir" != "/usr"; then
	567	CPPFLAGS="$CPPFLAGS -I$dir/include"
	568	LDFLAGS="$LDFLAGS -L$dir/lib"
	569	fi
	570	AC_MSG_RESULT(found in $dir)
	571	break;
	572	fi
	573	done
	574	if test x_$found_libexpat != x_yes; then
	575	AC_ERROR([Could not find libexpat, expat.h])
	576	fi
	577	AC_CHECK_HEADERS([expat.h],,, [AC_INCLUDES_DEFAULT])
532	578
533	579	# set static linking if requested
534	580	AC_SUBST(staticexe)

605	651	])
606	652	fi
607	653
	654	# check wether strptime also works
	655	AC_DEFUN([AC_CHECK_STRPTIME_WORKS],
	656	[AC_REQUIRE([AC_PROG_CC])
	657	AC_MSG_CHECKING(whether strptime works)
	658	if test c${cross_compiling} = cno; then
	659	AC_TRY_RUN([
	660	#define _XOPEN_SOURCE
	661	#include <time.h>
	662	int main(void) { struct tm tm; char *res;
	663	res = strptime("20070207111842", "%Y%m%d%H%M%S", &tm);
	664	if (!res) return 1; return 0; }
	665	] , [eval "ac_cv_c_strptime_works=yes"], [eval "ac_cv_c_strptime_works=no"])
	666	else
	667	eval "ac_cv_c_strptime_works=maybe"
	668	fi
	669	AC_MSG_RESULT($ac_cv_c_strptime_works)
	670	if test $ac_cv_c_strptime_works = no; then
	671	AC_LIBOBJ(strptime)
	672	else
	673	AC_DEFINE_UNQUOTED([STRPTIME_WORKS], 1, [use default strptime.])
	674	fi
	675	])dnl
	676	AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])])
608	677	AC_SEARCH_LIBS([setusercontext], [util])
609	678	AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex])
610	679	AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])

629	698	AC_ARG_WITH(ldns, AC_HELP_STRING([--with-ldns=PATH],
630	699	[specify prefix of path of ldns library to use]),
631	700	[ specialldnsdir="$withval"
632		if test "$withval" != ""; then
633		CPPFLAGS="-I$withval/include $CPPFLAGS"
634		LDFLAGS="-L$withval -L$withval/lib $LDFLAGS"
635		ACX_RUNTIME_PATH_ADD([$withval/lib])
	701	if test "$withval" != "yes"; then
	702	if test "$withval" != ""; then
	703	CPPFLAGS="-I$withval/include $CPPFLAGS"
	704	LDFLAGS="-L$withval -L$withval/lib $LDFLAGS"
	705	ACX_RUNTIME_PATH_ADD([$withval/lib])
	706	fi
	707	ldnsdir="$withval"
	708	AC_SUBST(ldnsdir)
636	709	fi
637		ldnsdir="$withval"
638		AC_SUBST(ldnsdir)
639	710	])
640	711
641	712	AC_ARG_WITH(ldns-builtin, AC_HELP_STRING([--with-ldns-builtin],

654	725	else
655	726	ac_cv_func_ldns_key_EVP_load_gost_id="yes"
656	727	fi
657		AC_CHECK_HEADERS([ldns/ldns.h],,, [AC_INCLUDES_DEFAULT])
	728	AC_CHECK_HEADERS([ldns/ldns.h],,, [AC_INCLUDES_DEFAULT
	729	#ifdef HAVE_SYS_SOCKET_H
	730	#include <sys/socket.h>
	731	#endif
	732
	733	#ifdef HAVE_NETINET_IN_H
	734	#include <netinet/in.h>
	735	#endif
	736
	737	#ifdef HAVE_ARPA_INET_H
	738	#include <arpa/inet.h>
	739	#endif
	740
	741	#ifdef HAVE_WINSOCK2_H
	742	#include <winsock2.h>
	743	#endif
	744
	745	#ifdef HAVE_WS2TCPIP_H
	746	#include <ws2tcpip.h>
	747	#endif
	748	])
658	749	if test $ac_cv_lib_ldns_ldns_buffer_copy = yes \
659	750	-a $ac_cv_func_ldns_key_buf2rsa_raw = yes \
660	751	-a $ac_cv_header_ldns_ldns_h = yes \

663	754	dnl ldns was found
664	755	:
665	756	else
666		use_ldns_builtin="yes"
	757	AC_MSG_ERROR([No ldns library found (or not recent); install or update ldns library, use --with-ldns=path or --with-ldns-builtin])
667	758	fi
668	759	fi
669	760

772	863	char ctime_r(const time_t timep, char *buf);
773	864	#endif
774	865
775		#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && (defined(HAVE_PTHREAD) \|\| defined(HAVE_SOLARIS_THREADS))
	866	#if !defined(HAVE_STRPTIME) \|\| !defined(STRPTIME_WORKS)
	867	#define strptime unbound_strptime
	868	struct tm;
	869	char strptime(const char s, const char format, struct tm tm);
	870	#endif
	871
	872	#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) \|\| defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) \|\| defined(HAVE_SOLARIS_THREADS))
776	873	/* using version of libevent that is not threadsafe. */
777	874	# define LIBEVENT_SIGNAL_PROBLEM 1
778	875	#endif

818	915	#define UNBOUND_DNS_PORT 53
819	916	])
820	917
821		AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8])
	918	AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8])
822	919	AC_CONFIG_HEADER([config.h])
823	920	AC_OUTPUT

-3

contrib/README less more

6	6	* unbound.spec and unbound.init: RPM specfile and Linux rc.d initfile.
7	7	* update-anchor.sh: shell script that uses unbound-host to update a set
8	8	of trust anchor files. Run from cron twice a month.
9		* update-itar.sh: shell script that updates from itar.iana.org. Run from cron.
10		* split-itar.sh: shell script to split anchors.mf from itar.iana.org into
11		multiple key files so it can be used with auto-trust-anchor-file.
12	9	* unbound_munin_ : plugin for munin statistics report
13	10	* unbound_cacti.tar.gz : setup files for cacti statistics report
14	11	* selinux: the .fc and .te files for SElinux protection of the unbound daemon

-46

~~contrib/split-itar.sh~~ less more

0		#/usr/bin/env bash
1		# Contributed by Tom Hendrikx <tom@whyscream.net>
2
3		PROGNAME=$(basename $0)
4
5		usage() {
6		echo "$PROGNAME: split the anchors.mf file from IANA into separate files." >&2
7		echo "" >&2
8		echo "$PROGNAME uses 2 arguments:" >&2
9		echo " - the path to the anchors.mf, available at: https://itar.iana.org/" >&2
10		echo " - the directory to leave the files, defaults to '.' (current working dir)" >&2
11		exit 1
12		}
13
14		if [ -n "$1" ] && [ -r "$1" ]; then
15		itar="$1"
16		echo "Reading from: $itar"
17		else
18		echo "Error: no anchors file given" >&2
19		usage
20		fi
21
22		if [ -n "$2" ]; then
23		dir="$2"
24		else
25		dir=$(pwd)
26		fi
27
28		if [ ! -d "$dir" ]; then
29		echo "Error: $dir is not a directory" >&2
30		usage
31		fi
32
33		while read cn line; do
34		if [ $(expr match "$cn" '[a-zA-Z0-9-]*\.') -gt 0 ]; then
35		# first line of key
36		out="$dir/$cn"anchor
37		echo "writing key for $cn to: $out"
38		echo "$cn $line" > $out
39		elif [ "$cn" == "DS" ]; then
40		# second or later line of earlier defined key
41		echo " $cn $line" >> $out
42		fi
43		done < "$itar"
44
45		echo "Done."

-128

~~contrib/update-itar.sh~~ less more

0		#!/bin/sh
1		# update-itar.sh - update from the interim trust anchor repository
2		# Copyright 2009, W.C.A. Wijngaards
3		# This file is BSD licensed, see doc/LICENSE.
4
5		# --- Some settings
6
7		# directory where unbound works
8		thedir="."
9		# where is the file that unbound is going to read
10		ub_ta_file="$thedir/anchors.mf"
11		# where is the itar master file format
12		itar_url="ftp://ftp.iana.org/itar/anchors.mf"
13		# where is the itar PGP signature
14		itar_sig="ftp://ftp.iana.org/itar/anchors.mf.sig"
15
16		# which command to fetch urls, cmd $dest $url. "wget -O" "curl -o"
17		fetch_cmd="wget -O"
18		# file with pgp public key
19		pgp_pub_key_file="$thedir/update-itar.key"
20		# our pgp keyring (goes into .gnupg directory)
21		pgp_keyring_file="update-itar.ring"
22		# pgp command to use
23		pgp_cmd="gpg"
24
25
26		# --- The script is below
27		usage ( )
28		{
29		echo "usage: update-itar"
30		echo " Updates the trust anchors from the interim trust"
31		echo " anchor repository, https://itar.iana.org, and checks PGP sig."
32		echo
33		echo " Updates $ub_ta_file with the latest keys."
34		echo " Read that file from the unbound config with"
35		echo " trust-anchor-file: "'"'"$ub_ta_file"'"'
36		echo
37		echo " Exit code 0 means anchors updated, 1 no changes, "
38		echo " others are errors. So, in a cronjob you can do:"
39		echo " cd /usr/local/etc/unbound # your unbound work dir"
40		echo " ./update-itar.sh && unbound-control reload"
41		exit 2
42		}
43
44		if test $# -ne 0; then
45		usage
46		fi
47		tmpf="/tmp/update-itar.$$"
48
49		# one argument: explanation string
50		error_exit ( )
51		{
52		if test -f $tmpf.log; then cat $tmpf.log; fi
53		rm -f $tmpf $tmpf.sig $tmpf.log
54		echo "Error updating trust anchors: $1"
55		exit 2
56		}
57
58		if test ! -f $pgp_pub_key_file \|\| test ! -f $HOME/.gnupg/$pgp_keyring_file \|\| \
59		test "$pgp_pub_key_file" -nt $HOME/.gnupg/$pgp_keyring_file; then
60		# default key contents right here
61		if test ! -f $pgp_pub_key_file; then
62		echo "creating default IANA ITAR pgp key file"
63		cat >$pgp_pub_key_file <<EOF
64		-----BEGIN PGP PUBLIC KEY BLOCK-----
65		Version: GnuPG v1.4.5
66
67		mQGiBElr2DcRBAC+6YK6eSP7rzstvnMPQXMrpvVfuIR5FeTpGuwae9JP78V/iOXr
68		N0yW8Dn6kdAztCMuRizL1Ij9IgaD7pjn8h09VgR4cN4LDv75rcQeWLzNxKy4UNRF
69		aStL77RcIoTblBeCgHAK9FLzd0XfTGZCNaLNy9BYVSLyADOVDIqgBcrvBwCglz03
70		QhOMIgaSx/XuRh6kYtynZ6kD/2GXx6pFs57b7rww8yOpdurCSOMB1wuEXiIXznTI
71		06ARiib0G5VDvOdpy0LDU2526Q9f/WAERlhcExTgnTFigG4mRksUiDrrai4GIr+6
72		JaivcGFVYdZZ4mZ088jcwujS/UY3C0ryGR9ufYUDAnfx6frhSl6o6j5is+jeGndF
73		JYRAA/9B/1OXNVwFSiIxnP2aPUwsT1li1vaW8dhA/5PcuPLOVvEjPc1Pc16HGLhE
74		8CRmMn66LqB1ccInE5hLKGGvV3pctjan+IOhaq3OHt/a+buDtTPgykchMZ2k1AzT
75		RYk+gksxpIl6yTZsBH4hoRt8auxEJW8AiYbNtXXkNuWcoQL40bQsSUFOQSBUcnVz
76		dCBBbmNob3IgUmVwb3NpdG9yeSA8aXRhckBpYW5hLm9yZz6IYAQTEQIAIAUCSWvY
77		NwIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEPR9+zCB1GT0GUAAn29/TacF
78		Teh87dls8pmkjxS4pKf1AKCJS/MvzR54AblO4DNMyc9q0G4frrkCDQRJa9g3EAgA
79		ywoLxF4HVb9o926UIXw8JxNIzDPkt8galAcKRUmHQMNa/QA80WMl9Ia6DIxavGlV
80		I5O1fvms297RV2KSSBjKWn6G+0me80A7aw0eHNg7habM5VtzDz5DhJbQFdJV9aYV
81		DoTSnY6uR6iSSRrdZNaYdlCwDS8lBCnOKoGMArHzVCa2EdCBeCUY/eObOXtu8Gm3
82		nDkuWeLPv08/0lvtr6d6VoDUEVPEsJAPONEYtpz/D+EZddUraF+3JscWqfRApBOz
83		/8WHaeTNdzIH+h1ntktiizA6eH40EM6coQQxtIRsxg1DPTxofdovreMkcMI0EUUP
84		awDn8gDtgG3g6Ud5zCdknwAEDQf/W3rxrEN6OZxJvWti8Iu6KOgxtuINiAsimPPX
85		qy9KHowyEE9EMPzgADjWC9Reyusr4CwcootjWw7ryUwU0fXvVULKhg32NzLsx/Ci
86		WtgCPSR58WZ1KKhnoB05+PTrwzhU+u64Cd/vJtFqGxSrANl2FAkPswHJMr8dMwAz
87		uni7zzLJ+homW1T5AaixwmN3jeDHWshJH9E9JIhr5Y/8AzMl1V10r2u1c2ej0lBJ
88		Y4GegI5cYAEBerS9d+mrbPlvbJ8AfuAuEf0y/PWJh0z1+Kck5qIbXMn/rpMBYvLJ
89		Uj5CfqWlh8+hxqSYJDXtLm8hBiQFiMEew0jOc2Tw4F91OZ+jyYhJBBgRAgAJBQJJ
90		a9g3AhsMAAoJEPR9+zCB1GT0AUwAn2ZtBwAyVxppdeTqilXufUvAkvjbAJ9dUpR1
91		9a17/5BvDDJcIxSEKTJmDw==
92		=zCNZ
93		-----END PGP PUBLIC KEY BLOCK-----
94		EOF
95		fi
96		# import the new key
97		$pgp_cmd --no-default-keyring --keyring $pgp_keyring_file \
98		--primary-keyring $pgp_keyring_file \
99		--import $pgp_pub_key_file >$tmpf.log 2>&1 \
100		\|\| error_exit "could not import pgp public key into keyring"
101		fi
102
103		$fetch_cmd $tmpf $itar_url >$tmpf.log 2>&1 \
104		\|\| error_exit "fetching $itar_url failed"
105		tail -2 $tmpf \| grep "; End of file" >/dev/null 2>&1 \|\| \
106		error_exit "The file fetched from $itar_url was partial"
107		$fetch_cmd $tmpf.sig $itar_sig >$tmpf.log 2>&1 \
108		\|\| error_exit "fetching $itar_sig failed"
109
110		# check the file with pgp
111		$pgp_cmd --no-default-keyring --keyring $pgp_keyring_file \
112		--verify $tmpf.sig $tmpf >$tmpf.log 2>&1 \
113		\|\| error_exit "the PGP signature failed!"
114
115		# check for differences
116		val=1
117		if diff "$ub_ta_file" $tmpf 2>/dev/null ; then
118		# echo "The interim trust anchor repository did not change."
119		:
120		else
121		echo "Updating $ub_ta_file"
122		cp $tmpf $ub_ta_file
123		val=0
124		fi
125
126		rm -f $tmpf $tmpf.sig $tmpf.log
127		exit $val

+117

-0

contrib/validation-reporter.sh less more

	0	#!/bin/sh
	1	# validation reporter - reports validation failures to a collection server.
	2	# Copyright NLnet Labs, 2010
	3	# BSD license.
	4
	5
	6	###
	7	# Here is the configuration for the validation reporter
	8	# it greps the failure lines out of the log and sends them to a server.
	9
	10	# The pidfile for the reporter daemon.
	11	pidfile="/var/run/validation-reporter.pid"
	12
	13	# The logfile to watch for logged validation failures.
	14	logfile="/var/log/unbound.log"
	15
	16	# how to notify the upstream
	17	# nc is netcat, it sends tcp to given host port. It makes a tcp connection
	18	# and writes one log-line to it (grepped from the logfile).
	19	# the notify command can be: "nc the.server.name.org 1234"
	20	# the listening daemon could be: nc -lk 127.0.0.1 1234 >> outputfile &
	21	notify_cmd="nc localhost 1234"
	22
	23
	24	###
	25	# Below this line is the code for the validation reporter,
	26	# first the daemon itself, then the controller for the daemon.
	27	reporter_daemon() {
	28	trap "rm -f \"$pidfile\"" EXIT
	29	tail -f $logfile \| grep "unbound.*info: validation failure" \| \
	30	while read x; do
	31	echo "$x" \| $notify_cmd
	32	done
	33	}
	34
	35
	36	###
	37	# controller for daemon.
	38	start_daemon() {
	39	echo "starting reporter"
	40	nohup $0 rundaemon </dev/null >/dev/null 2>&1 &
	41	echo $! > "$pidfile"
	42	}
	43
	44	kill_daemon() {
	45	echo "stopping reporter"
	46	if test -s "$pidfile"; then
	47	kill `cat "$pidfile"`
	48	# check it is really dead
	49	if kill -0 `cat "$pidfile"` >/dev/null 2>&1; then
	50	sleep 1
	51	while kill -0 `cat "$pidfile"` >/dev/null 2>&1; do
	52	kill `cat "$pidfile"` >/dev/null 2>&1
	53	echo "waiting for reporter to stop"
	54	sleep 1
	55	done
	56	fi
	57	fi
	58	}
	59
	60	get_status_daemon() {
	61	if test -s "$pidfile"; then
	62	if kill -0 `cat "$pidfile"`; then
	63	return 0;
	64	fi
	65	fi
	66	return 1;
	67	}
	68
	69	restart_daemon() {
	70	kill_daemon
	71	start_daemon
	72	}
	73
	74	condrestart_daemon() {
	75	if get_status_daemon; then
	76	echo "reporter ("`cat "$pidfile"`") is running"
	77	exit 0
	78	fi
	79	start_daemon
	80	exit 0
	81	}
	82
	83	status_daemon() {
	84	if get_status_daemon; then
	85	echo "reporter ("`cat "$pidfile"`") is running"
	86	exit 0
	87	fi
	88	echo "reporter is not running"
	89	exit 1
	90	}
	91
	92	case "$1" in
	93	rundaemon)
	94	reporter_daemon
	95	;;
	96	start)
	97	start_daemon
	98	;;
	99	stop)
	100	kill_daemon
	101	;;
	102	restart)
	103	restart_daemon
	104	;;
	105	condrestart)
	106	condrestart_daemon
	107	;;
	108	status)
	109	status_daemon
	110	;;
	111	*)
	112	echo "Usage: $0 {start\|stop\|restart\|condrestart\|status}"
	113	exit 2
	114	;;
	115	esac
	116	exit $?

+27

-8

daemon/cachedump.c less more

801	801	{
802	802	char buf[257];
803	803	struct delegpt_addr* a;
804		int lame, dlame, rlame, rtt, edns_vs, to, lost;
	804	int lame, dlame, rlame, rto, edns_vs, to, delay, entry_ttl;
	805	struct rtt_info ri;
805	806	uint8_t edns_lame_known;
806	807	for(a = dp->target_list; a; a = a->next_target) {
807	808	addr_to_str(&a->addr, a->addrlen, buf, sizeof(buf));

812	813	return;
813	814	}
814	815	/* lookup in infra cache */
	816	entry_ttl = infra_get_host_rto(worker->env.infra_cache,
	817	&a->addr, a->addrlen, &ri, &delay, *worker->env.now);
	818	if(entry_ttl == -2 && ri.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
	819	if(!ssl_printf(ssl, "expired, rto %d msec.\n", ri.rto))
	820	return;
	821	continue;
	822	}
	823	if(entry_ttl == -1 \|\| entry_ttl == -2) {
	824	if(!ssl_printf(ssl, "not in infra cache.\n"))
	825	return;
	826	continue; /* skip stuff not in infra cache */
	827	}
	828
815	829	/* uses type_A because most often looked up, but other
816	830	* lameness won't be reported then */
817	831	if(!infra_get_lame_rtt(worker->env.infra_cache,
818	832	&a->addr, a->addrlen, dp->name, dp->namelen,
819		LDNS_RR_TYPE_A, &lame, &dlame, &rlame, &rtt, &lost,
	833	LDNS_RR_TYPE_A, &lame, &dlame, &rlame, &rto,
820	834	*worker->env.now)) {
821	835	if(!ssl_printf(ssl, "not in infra cache.\n"))
822	836	return;
823	837	continue; /* skip stuff not in infra cache */
824	838	}
825		if(!ssl_printf(ssl, "%s%s%s%srtt %d msec, %d lost. ",
	839	if(!ssl_printf(ssl, "%s%s%s%srto %d msec, ttl %d, ping %d "
	840	"var %d rtt %d",
826	841	lame?"LAME ":"", dlame?"NoDNSSEC ":"",
827	842	a->lame?"AddrWasParentSide ":"",
828		rlame?"NoAuthButRecursive ":"", rtt, lost))
	843	rlame?"NoAuthButRecursive ":"", rto, entry_ttl,
	844	ri.srtt, ri.rttvar, rtt_notimeout(&ri)))
829	845	return;
	846	if(delay)
	847	if(!ssl_printf(ssl, ", probedelay %d", delay))
	848	return;
830	849	if(infra_host(worker->env.infra_cache, &a->addr, a->addrlen,
831	850	*worker->env.now, &edns_vs, &edns_lame_known, &to)) {
832	851	if(edns_vs == -1) {
833		if(!ssl_printf(ssl, "noEDNS%s.",
834		edns_lame_known?" probed":""))
	852	if(!ssl_printf(ssl, ", noEDNS%s.",
	853	edns_lame_known?" probed":" assumed"))
835	854	return;
836	855	} else {
837		if(!ssl_printf(ssl, "EDNS %d%s.",
838		edns_vs, edns_lame_known?" probed":""))
	856	if(!ssl_printf(ssl, ", EDNS %d%s.", edns_vs,
	857	edns_lame_known?" probed":" assumed"))
839	858	return;
840	859	}
841	860	}

-3

daemon/daemon.c less more

448	448	*/
449	449	daemon_create_workers(daemon);
450	450
451		#ifdef HAVE_EV_LOOP
	451	#if defined(HAVE_EV_LOOP) \|\| defined(HAVE_EV_DEFAULT_LOOP)
452	452	/* in libev the first inited base gets signals */
453	453	if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports, 1))
454	454	fatal_exit("Could not initialize main thread");

462	462	/* Special handling for the main thread. This is the thread
463	463	* that handles signals and remote control.
464	464	*/
465		#ifndef HAVE_EV_LOOP
	465	#if !(defined(HAVE_EV_LOOP) \|\| defined(HAVE_EV_DEFAULT_LOOP))
466	466	/* libevent has the last inited base get signals (or any base) */
467	467	if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports, 1))
468	468	fatal_exit("Could not initialize main thread");

538	538	#endif
539	539	#if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
540	540	#ifndef S_SPLINT_S
541		sk_SSL_COMP_pop_free(comp_meth, (void*)CRYPTO_free);
	541	sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
542	542	#endif
543	543	#endif
544	544	#ifdef HAVE_OPENSSL_CONFIG

+143

-29

daemon/remote.c less more

58	58	#include "util/module.h"
59	59	#include "services/listen_dnsport.h"
60	60	#include "services/cache/rrset.h"
	61	#include "services/cache/infra.h"
61	62	#include "services/mesh.h"
62	63	#include "services/localzone.h"
63	64	#include "util/storage/slabhash.h"

1096	1097	send_ok(ssl);
1097	1098	}
1098	1099
	1100	/** flush infra cache */
	1101	static void
	1102	do_flush_infra(SSL* ssl, struct worker* worker, char* arg)
	1103	{
	1104	struct sockaddr_storage addr;
	1105	socklen_t len;
	1106	if(strcmp(arg, "all") == 0) {
	1107	slabhash_clear(worker->env.infra_cache->hosts);
	1108	send_ok(ssl);
	1109	return;
	1110	}
	1111	if(!ipstrtoaddr(arg, UNBOUND_DNS_PORT, &addr, &len)) {
	1112	(void)ssl_printf(ssl, "error parsing ip addr: '%s'\n", arg);
	1113	return;
	1114	}
	1115	infra_remove_host(worker->env.infra_cache, &addr, len);
	1116	send_ok(ssl);
	1117	}
	1118
1099	1119	/** flush requestlist */
1100	1120	static void
1101	1121	do_flush_requestlist(SSL* ssl, struct worker* worker)

1316	1336	return NULL;
1317	1337	}
1318	1338	/* add address */
1319		if(!delegpt_add_addr(dp, region, &addr, addrlen, 0, 0, 1)) {
	1339	if(!delegpt_add_addr(dp, region, &addr, addrlen, 0, 0)) {
1320	1340	(void)ssl_printf(ssl, "error out of memory\n");
1321	1341	return NULL;
1322	1342	}

1493	1513	}
1494	1514	}
1495	1515
	1516	/** structure for argument data for dump infra host */
	1517	struct infra_arg {
	1518	/** the infra cache */
	1519	struct infra_cache* infra;
	1520	/** the SSL connection */
	1521	SSL* ssl;
	1522	/** the time now */
	1523	uint32_t now;
	1524	/** ipstr */
	1525	char* ipstr;
	1526	};
	1527
	1528	/** callback for every lame element in the infra cache */
	1529	static void
	1530	dump_infra_lame(struct lruhash_entry* e, void* arg)
	1531	{
	1532	struct infra_arg* a = (struct infra_arg*)arg;
	1533	struct infra_lame_key* k = (struct infra_lame_key*)e->key;
	1534	struct infra_lame_data* d = (struct infra_lame_data*)e->data;
	1535	ldns_rdf* rdf;
	1536	size_t pos = 0;
	1537	char* nm;
	1538	/* skip expired */
	1539	if(d->ttl < a->now) {
	1540	return;
	1541	}
	1542	/* use ldns print for domain name */
	1543	if(ldns_wire2dname(&rdf, k->zonename, k->namelen, &pos)
	1544	!= LDNS_STATUS_OK)
	1545	return;
	1546	nm = ldns_rdf2str(rdf);
	1547	ldns_rdf_deep_free(rdf);
	1548	if(!ssl_printf(a->ssl, "%s lame %s ttl %d dnssec %d rec %d "
	1549	"A %d other %d\n", a->ipstr, nm, (int)(d->ttl - a->now),
	1550	d->isdnsseclame, d->rec_lame, d->lame_type_A, d->lame_other)) {
	1551	free(nm);
	1552	return;
	1553	}
	1554	free(nm);
	1555	}
	1556
	1557	/** callback for every host element in the infra cache */
	1558	static void
	1559	dump_infra_host(struct lruhash_entry* e, void* arg)
	1560	{
	1561	struct infra_arg* a = (struct infra_arg*)arg;
	1562	struct infra_host_key* k = (struct infra_host_key*)e->key;
	1563	struct infra_host_data* d = (struct infra_host_data*)e->data;
	1564	char ip_str[1024];
	1565	addr_to_str(&k->addr, k->addrlen, ip_str, sizeof(ip_str));
	1566	a->ipstr = ip_str;
	1567	/* skip expired stuff (only backed off) */
	1568	if(d->ttl < a->now) {
	1569	if(d->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
	1570	if(!ssl_printf(a->ssl, "%s expired rto %d\n", ip_str,
	1571	d->rtt.rto)) return;
	1572	}
	1573	if(d->lameness)
	1574	lruhash_traverse(d->lameness, 0, &dump_infra_lame, arg);
	1575	return;
	1576	}
	1577	if(!ssl_printf(a->ssl, "%s ttl %d ping %d var %d rtt %d rto %d "
	1578	"ednsknown %d edns %d delay %d\n",
	1579	ip_str, (int)(d->ttl - a->now),
	1580	d->rtt.srtt, d->rtt.rttvar, rtt_notimeout(&d->rtt), d->rtt.rto,
	1581	(int)d->edns_lame_known, (int)d->edns_version,
	1582	(int)(a->now<d->probedelay?d->probedelay-a->now:0)))
	1583	return;
	1584	if(d->lameness)
	1585	lruhash_traverse(d->lameness, 0, &dump_infra_lame, arg);
	1586	}
	1587
	1588	/** do the dump_infra command */
	1589	static void
	1590	do_dump_infra(SSL* ssl, struct worker* worker)
	1591	{
	1592	struct infra_arg arg;
	1593	arg.infra = worker->env.infra_cache;
	1594	arg.ssl = ssl;
	1595	arg.now = *worker->env.now;
	1596	slabhash_traverse(arg.infra->hosts, 0, &dump_infra_host, (void*)&arg);
	1597	}
	1598
1496	1599	/** do the log_reopen command */
1497	1600	static void
1498	1601	do_log_reopen(SSL* ssl, struct worker* worker)

1635	1738	}
1636	1739	}
1637	1740
	1741	/** check for name with end-of-string, space or tab after it */
	1742	static int
	1743	cmdcmp(char* p, const char* cmd, size_t len)
	1744	{
	1745	return strncmp(p,cmd,len)==0 && (p[len]==0\|\|p[len]==' '\|\|p[len]=='\t');
	1746	}
	1747
1638	1748	/** execute a remote control command */
1639	1749	static void
1640	1750	execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
1641	1751	struct worker* worker)
1642	1752	{
1643	1753	char* p = skipwhite(cmd);
1644		/* compare command - check longer strings first in case of substrings*/
1645		if(strncmp(p, "stop", 4) == 0) {
	1754	/* compare command */
	1755	if(cmdcmp(p, "stop", 4)) {
1646	1756	do_stop(ssl, rc);
1647	1757	return;
1648		} else if(strncmp(p, "reload", 6) == 0) {
	1758	} else if(cmdcmp(p, "reload", 6)) {
1649	1759	do_reload(ssl, rc);
1650	1760	return;
1651		} else if(strncmp(p, "stats_noreset", 13) == 0) {
	1761	} else if(cmdcmp(p, "stats_noreset", 13)) {
1652	1762	do_stats(ssl, rc, 0);
1653	1763	return;
1654		} else if(strncmp(p, "stats", 5) == 0) {
	1764	} else if(cmdcmp(p, "stats", 5)) {
1655	1765	do_stats(ssl, rc, 1);
1656	1766	return;
1657		} else if(strncmp(p, "status", 6) == 0) {
	1767	} else if(cmdcmp(p, "status", 6)) {
1658	1768	do_status(ssl, worker);
1659	1769	return;
1660		} else if(strncmp(p, "dump_cache", 10) == 0) {
	1770	} else if(cmdcmp(p, "dump_cache", 10)) {
1661	1771	(void)dump_cache(ssl, worker);
1662	1772	return;
1663		} else if(strncmp(p, "load_cache", 10) == 0) {
	1773	} else if(cmdcmp(p, "load_cache", 10)) {
1664	1774	if(load_cache(ssl, worker)) send_ok(ssl);
1665	1775	return;
1666		} else if(strncmp(p, "list_forwards", 13) == 0) {
	1776	} else if(cmdcmp(p, "list_forwards", 13)) {
1667	1777	do_list_forwards(ssl, worker);
1668	1778	return;
1669		} else if(strncmp(p, "list_stubs", 10) == 0) {
	1779	} else if(cmdcmp(p, "list_stubs", 10)) {
1670	1780	do_list_stubs(ssl, worker);
1671	1781	return;
1672		} else if(strncmp(p, "list_local_zones", 16) == 0) {
	1782	} else if(cmdcmp(p, "list_local_zones", 16)) {
1673	1783	do_list_local_zones(ssl, worker);
1674	1784	return;
1675		} else if(strncmp(p, "list_local_data", 15) == 0) {
	1785	} else if(cmdcmp(p, "list_local_data", 15)) {
1676	1786	do_list_local_data(ssl, worker);
1677	1787	return;
1678		} else if(strncmp(p, "forward", 7) == 0) {
	1788	} else if(cmdcmp(p, "forward", 7)) {
1679	1789	/* must always distribute this cmd */
1680	1790	if(rc) distribute_cmd(rc, ssl, cmd);
1681	1791	do_forward(ssl, worker, skipwhite(p+7));
1682	1792	return;
1683		} else if(strncmp(p, "flush_stats", 11) == 0) {
	1793	} else if(cmdcmp(p, "flush_stats", 11)) {
1684	1794	/* must always distribute this cmd */
1685	1795	if(rc) distribute_cmd(rc, ssl, cmd);
1686	1796	do_flush_stats(ssl, worker);
1687	1797	return;
1688		} else if(strncmp(p, "flush_requestlist", 17) == 0) {
	1798	} else if(cmdcmp(p, "flush_requestlist", 17)) {
1689	1799	/* must always distribute this cmd */
1690	1800	if(rc) distribute_cmd(rc, ssl, cmd);
1691	1801	do_flush_requestlist(ssl, worker);
1692	1802	return;
1693		} else if(strncmp(p, "lookup", 6) == 0) {
	1803	} else if(cmdcmp(p, "lookup", 6)) {
1694	1804	do_lookup(ssl, worker, skipwhite(p+6));
1695	1805	return;
1696	1806	}

1703	1813	distribute_cmd(rc, ssl, cmd);
1704	1814	}
1705	1815	#endif
1706		if(strncmp(p, "verbosity", 9) == 0) {
	1816	if(cmdcmp(p, "verbosity", 9)) {
1707	1817	do_verbosity(ssl, skipwhite(p+9));
1708		} else if(strncmp(p, "local_zone_remove", 17) == 0) {
	1818	} else if(cmdcmp(p, "local_zone_remove", 17)) {
1709	1819	do_zone_remove(ssl, worker, skipwhite(p+17));
1710		} else if(strncmp(p, "local_zone", 10) == 0) {
	1820	} else if(cmdcmp(p, "local_zone", 10)) {
1711	1821	do_zone_add(ssl, worker, skipwhite(p+10));
1712		} else if(strncmp(p, "local_data_remove", 17) == 0) {
	1822	} else if(cmdcmp(p, "local_data_remove", 17)) {
1713	1823	do_data_remove(ssl, worker, skipwhite(p+17));
1714		} else if(strncmp(p, "local_data", 10) == 0) {
	1824	} else if(cmdcmp(p, "local_data", 10)) {
1715	1825	do_data_add(ssl, worker, skipwhite(p+10));
1716		} else if(strncmp(p, "flush_zone", 10) == 0) {
	1826	} else if(cmdcmp(p, "flush_zone", 10)) {
1717	1827	do_flush_zone(ssl, worker, skipwhite(p+10));
1718		} else if(strncmp(p, "flush_type", 10) == 0) {
	1828	} else if(cmdcmp(p, "flush_type", 10)) {
1719	1829	do_flush_type(ssl, worker, skipwhite(p+10));
1720		} else if(strncmp(p, "flush", 5) == 0) {
	1830	} else if(cmdcmp(p, "flush_infra", 11)) {
	1831	do_flush_infra(ssl, worker, skipwhite(p+11));
	1832	} else if(cmdcmp(p, "flush", 5)) {
1721	1833	do_flush_name(ssl, worker, skipwhite(p+5));
1722		} else if(strncmp(p, "dump_requestlist", 16) == 0) {
	1834	} else if(cmdcmp(p, "dump_requestlist", 16)) {
1723	1835	do_dump_requestlist(ssl, worker);
1724		} else if(strncmp(p, "log_reopen", 10) == 0) {
	1836	} else if(cmdcmp(p, "dump_infra", 10)) {
	1837	do_dump_infra(ssl, worker);
	1838	} else if(cmdcmp(p, "log_reopen", 10)) {
1725	1839	do_log_reopen(ssl, worker);
1726		} else if(strncmp(p, "set_option", 10) == 0) {
	1840	} else if(cmdcmp(p, "set_option", 10)) {
1727	1841	do_set_option(ssl, worker, skipwhite(p+10));
1728		} else if(strncmp(p, "get_option", 10) == 0) {
	1842	} else if(cmdcmp(p, "get_option", 10)) {
1729	1843	do_get_option(ssl, worker, skipwhite(p+10));
1730	1844	} else {
1731	1845	(void)ssl_printf(ssl, "error unknown command '%s'\n", p);

-2

daemon/unbound.c less more

88	88	/** global debug value to keep track of heap memory allocation */
89	89	void* unbound_start_brk = 0;
90	90
91		#if !defined(HAVE_EVENT_BASE_GET_METHOD) && defined(HAVE_EV_LOOP)
	91	#if !defined(HAVE_EVENT_BASE_GET_METHOD) && (defined(HAVE_EV_LOOP) \|\| defined(HAVE_EV_DEFAULT_LOOP))
92	92	static const char* ev_backend2str(int b)
93	93	{
94	94	switch(b) {

121	121	*n = "libevent";
122	122	b = event_base_new();
123	123	*m = event_base_get_method(b);
124		# elif defined(HAVE_EV_LOOP)
	124	# elif defined(HAVE_EV_LOOP) \|\| defined(HAVE_EV_DEFAULT_LOOP)
125	125	*n = "libev";
126	126	b = (struct event_base*)ev_default_loop(EVFLAG_AUTO);
127	127	m = ev_backend2str(ev_backend((struct ev_loop)b));
128	128	# else
	129	*n = "unknown";
129	130	*m = "not obtainable";
130	131	b = NULL;
131	132	# endif

+18

-35

daemon/worker.c less more

177	177	+ sizeof(*worker->env.scratch_buffer)
178	178	+ ldns_buffer_capacity(worker->env.scratch_buffer)
179	179	+ forwards_get_mem(worker->env.fwds);
	180	if(worker->thread_num == 0)
	181	me += acl_list_get_mem(worker->daemon->acl);
180	182	if(cur_serv) {
181	183	me += serviced_get_mem(cur_serv);
182	184	}

282	284	return 0;
283	285	}
284	286
285		/** check request sanity. Returns error code, 0 OK, or -1 discard.
	287	/** check request sanity.
286	288	* @param pkt: the wire packet to examine for sanity.
287	289	* @param worker: parameters for checking.
	290	* @return error code, 0 OK, or -1 discard.
288	291	*/
289	292	static int
290	293	worker_check_request(ldns_buffer* pkt, struct worker* worker)

992	995	struct worker*
993	996	worker_create(struct daemon* daemon, int id, int* ports, int n)
994	997	{
	998	unsigned int seed;
995	999	struct worker* worker = (struct worker*)calloc(1,
996	1000	sizeof(struct worker));
997	1001	if(!worker)

1009	1013	free(worker);
1010	1014	return NULL;
1011	1015	}
	1016	/* create random state here to avoid locking trouble in RAND_bytes */
	1017	seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^
	1018	(((unsigned int)worker->thread_num)<<17);
	1019	/* shift thread_num so it does not match out pid bits */
	1020	if(!(worker->rndstate = ub_initstate(seed, daemon->rand))) {
	1021	seed = 0;
	1022	log_err("could not init random numbers.");
	1023	tube_delete(worker->cmd);
	1024	free(worker->ports);
	1025	free(worker);
	1026	return NULL;
	1027	}
	1028	seed = 0;
1012	1029	return worker;
1013	1030	}
1014	1031

1016	1033	worker_init(struct worker* worker, struct config_file *cfg,
1017	1034	struct listen_port* ports, int do_sigs)
1018	1035	{
1019		unsigned int seed;
1020	1036	worker->need_to_exit = 0;
1021	1037	worker->base = comm_base_create(do_sigs);
1022	1038	if(!worker->base) {

1061	1077	} else { /* !do_sigs */
1062	1078	worker->comsig = NULL;
1063	1079	}
1064		seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^
1065		(((unsigned int)worker->thread_num)<<17);
1066		/* shift thread_num so it does not match out pid bits */
1067		if(!(worker->rndstate = ub_initstate(seed, NULL))) {
1068		seed = 0;
1069		log_err("could not init random numbers.");
1070		worker_delete(worker);
1071		return 0;
1072		}
1073		seed = 0;
1074	1080	worker->front = listen_create(worker->base, ports,
1075	1081	cfg->msg_buffer_size, (int)cfg->incoming_num_tcp,
1076	1082	worker_handle_request, worker);

1123	1129	if(worker->thread_num == 0)
1124	1130	log_set_time(worker->env.now);
1125	1131	worker->env.worker = worker;
1126		worker->env.send_packet = &worker_send_packet;
1127	1132	worker->env.send_query = &worker_send_query;
1128	1133	worker->env.alloc = &worker->alloc;
1129	1134	worker->env.rnd = worker->rndstate;

1212	1217	free(worker);
1213	1218	}
1214	1219
1215		int
1216		worker_send_packet(ldns_buffer* pkt, struct sockaddr_storage* addr,
1217		socklen_t addrlen, int timeout, struct module_qstate* q, int use_tcp)
1218		{
1219		struct worker* worker = q->env->worker;
1220		if(use_tcp) {
1221		return pending_tcp_query(worker->back, pkt, addr, addrlen,
1222		timeout, worker_handle_reply, q) != 0;
1223		}
1224		return pending_udp_query(worker->back, pkt, addr, addrlen,
1225		timeout*1000, worker_handle_reply, q) != 0;
1226		}
1227
1228	1220	/** compare outbound entry qstates */
1229	1221	static int
1230	1222	outbound_entry_compare(void* a, void* b)

1274	1266	}
1275	1267
1276	1268	/* --- fake callbacks for fptr_wlist to work --- */
1277		int libworker_send_packet(ldns_buffer* ATTR_UNUSED(pkt),
1278		struct sockaddr_storage* ATTR_UNUSED(addr),
1279		socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(timeout),
1280		struct module_qstate* ATTR_UNUSED(q), int ATTR_UNUSED(use_tcp))
1281		{
1282		log_assert(0);
1283		return 0;
1284		}
1285
1286	1269	struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname),
1287	1270	size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype),
1288	1271	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),

-14

daemon/worker.h less more

164	164	void worker_sighandler(int sig, void* arg);
165	165
166	166	/**
167		* Worker service routine to send udp messages for modules.
168		* @param pkt: packet to send.
169		* @param addr: where to.
170		* @param addrlen: length of addr.
171		* @param timeout: seconds to wait until timeout.
172		* @param q: wich query state to reactivate upon return.
173		* @param use_tcp: true to use TCP, false for UDP.
174		* @return: false on failure (memory or socket related). no query was
175		* sent.
176		*/
177		int worker_send_packet(ldns_buffer* pkt, struct sockaddr_storage* addr,
178		socklen_t addrlen, int timeout, struct module_qstate* q, int use_tcp);
179
180		/**
181	167	* Worker service routine to send serviced queries to authoritative servers.
182	168	* @param qname: query name. (host order)
183	169	* @param qnamelen: length in bytes of qname, including trailing 0.

+245

-0

doc/Changelog less more

	0	18 January 2011: Wouter
	1	- ldns 1.6.8 tarball included.
	2
	3	17 January 2011: Wouter
	4	- add get and set option for harden-below-nxdomain feature.
	5	- iana portlist updated.
	6
	7	14 January 2011: Wouter
	8	- Fix so a changed NS RRset does not get moved name stuck on old
	9	server, for type NS the TTL is not increased.
	10
	11	13 January 2011: Wouter
	12	- Fix prefetch so it does not get stuck on old server for moved names.
	13
	14	12 January 2011: Wouter
	15	- iana portlist updated.
	16
	17	11 January 2011: Wouter
	18	- Fix insecure CNAME sequence marked as secure, reported by Bert
	19	Hubert.
	20
	21	10 January 2011: Wouter
	22	- faster lruhash get_mem routine.
	23
	24	4 January 2011: Wouter
	25	- bug#346: remove ITAR scripts from contrib, the service is discontinued, use the root.
	26	- iana portlist updated.
	27
	28	23 December 2010: Wouter
	29	- Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept.
	30
	31	21 December 2010: Wouter
	32	- algorithm compromise protection using the algorithms signalled in
	33	the DS record. Also, trust anchors, DLV, and RFC5011 receive this,
	34	and thus, if you have multiple algorithms in your trust-anchor-file
	35	then it will now behave different than before. Also, 5011 rollover
	36	for algorithms needs to be double-signature until the old algorithm
	37	is revoked.
	38	It is not an option, because I see no use to turn the security off.
	39	- iana portlist updated.
	40
	41	17 December 2010: Wouter
	42	- squelch 'tcp connect: bla' in logfile, (set verbosity 2 to see them).
	43	- fix validation in this case: CNAME to nodata for co-hosted opt-in
	44	NSEC3 insecure delegation, was bogus, fixed to be insecure.
	45
	46	16 December 2010: Wouter
	47	- Fix our 'BDS' license (typo reported by Xavier Belanger).
	48
	49	10 December 2010: Wouter
	50	- iana portlist updated.
	51	- review changes for unbound-anchor.
	52
	53	2 December 2010: Wouter
	54	- feature typetransparent localzone, does not block other RR types.
	55
	56	1 December 2010: Wouter
	57	- Fix bug#338: print address when socket creation fails.
	58
	59	30 November 2010: Wouter
	60	- Fix storage of EDNS failures in the infra cache.
	61	- iana portlist updated.
	62
	63	18 November 2010: Wouter
	64	- harden-below-nxdomain option, default off (because very old
	65	software may be incompatible). We could enable it by default in
	66	the future.
	67
	68	17 November 2010: Wouter
	69	- implement draft-vixie-dnsext-resimprove-00, we stop on NXDOMAIN.
	70	- make test output nicer.
	71
	72	15 November 2010: Wouter
	73	- silence 'tcp connect: broken pipe' and 'net down' at low verbosity.
	74	- iana portlist updated.
	75	- so-sndbuf option for very busy servers, a bit like so-rcvbuf.
	76
	77	9 November 2010: Wouter
	78	- unbound-anchor compiles with openssl 0.9.7.
	79
	80	8 November 2010: Wouter
	81	- release tag 1.4.7.
	82	- trunk is version 1.4.8.
	83	- Be lenient and accept imgw.pl malformed packet (like BIND).
	84
	85	5 November 2010: Wouter
	86	- do not synthesize a CNAME message from cache for qtype DS.
	87
	88	4 November 2010: Wouter
	89	- Use central entropy to seed threads.
	90
	91	3 November 2010: Wouter
	92	- Change the rtt used to probe EDNS-timeout hosts to 1000 msec.
	93
	94	2 November 2010: Wouter
	95	- tag 1.4.7rc1.
	96	- code review.
	97
	98	1 November 2010: Wouter
	99	- GOST code enabled by default (RFC 5933).
	100
	101	27 October 2010: Wouter
	102	- Fix uninit value in dump_infra print.
	103	- Fix validation failure for parent and child on same server with an
	104	insecure childzone and a CNAME from parent to child.
	105	- Configure detects libev-4.00.
	106
	107	26 October 2010: Wouter
	108	- dump_infra and flush_infra commands for unbound-control.
	109	- no timeout backoff if meanwhile a query succeeded.
	110	- Change of timeout code. No more lost and backoff in blockage.
	111	At 12sec timeout (and at least 2x lost before) one probe per IP
	112	is allowed only. At 120sec, the IP is blocked. After 15min, a
	113	120sec entry has a single retry packet.
	114
	115	25 October 2010: Wouter
	116	- Configure errors if ldns is not found.
	117
	118	22 October 2010: Wouter
	119	- Windows 7 fix for the installer.
	120
	121	21 October 2010: Wouter
	122	- Fix bug where fallback_tcp causes wrong roundtrip and edns
	123	observation to be noted in cache. Fix bug where EDNSprobe halted
	124	exponential backoff if EDNS status unknown.
	125	- new unresponsive host method, exponentially increasing block backoff.
	126	- iana portlist updated.
	127
	128	20 October 2010: Wouter
	129	- interface automatic works for some people with ip6 disabled.
	130	Therefore the error check is removed, so they can use the option.
	131
	132	19 October 2010: Wouter
	133	- Fix for request list growth, if a server has long timeout but the
	134	lost counter is low, then its effective rtt is the one without
	135	exponential backoff applied. Because the backoff is not working.
	136	The lost counter can then increase and the server is blacklisted,
	137	or the lost counter does not increase and the server is working
	138	for some queries.
	139
	140	18 October 2010: Wouter
	141	- iana portlist updated.
	142
	143	13 October 2010: Wouter
	144	- Fix TCP so it uses a random outgoing-interface.
	145	- unbound-anchor handles ADDPEND keystate.
	146
	147	11 October 2010: Wouter
	148	- Fix bug when DLV below a trust-anchor that uses NSEC3 optout where
	149	the zone has a secure delegation hosted on the same server did not
	150	verify as secure (it was insecure by mistake).
	151	- iana portlist updated.
	152	- ldns tarball updated (for reading cachedumps with bad RR data).
	153
	154	1 October 2010: Wouter
	155	- test for unbound-anchor. fix for reading certs.
	156	- Fix alloc_reg_release for longer uptime in out of memory conditions.
	157
	158	28 September 2010: Wouter
	159	- unbound-anchor working, it creates or updates a root.key file.
	160	Use it before you start the validator (e.g. at system boot time).
	161
	162	27 September 2010: Wouter
	163	- iana portlist updated.
	164
	165	24 September 2010: Wouter
	166	- bug#329: in example.conf show correct ipv4 link-local 169.254/16.
	167
	168	23 September 2010: Wouter
	169	- unbound-anchor app, unbound requires libexpat (xml parser library).
	170
	171	22 September 2010: Wouter
	172	- compliance with draft-ietf-dnsop-default-local-zones-14, removed
	173	reverse ipv6 orchid prefix from builtin list.
	174	- iana portlist updated.
	175
	176	17 September 2010: Wouter
	177	- DLV has downgrade protection again, because the RFC says so.
	178	- iana portlist updated.
	179
	180	16 September 2010: Wouter
	181	- Algorithm rollover operational reality intrudes, for trust-anchor,
	182	5011-store, and DLV-anchor if one key matches it's good enough.
	183	- iana portlist updated.
	184	- Fix reported validation error in out of memory condition.
	185
	186	15 September 2010: Wouter
	187	- Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
	188
	189	14 September 2010: Wouter
	190	- increased mesh-max-activation from 1000 to 3000 for crazy domains
	191	like _tcp.slb.com with 262 servers.
	192	- iana portlist updated.
	193
	194	13 September 2010: Wouter
	195	- bug#327: Fix for cannot access stub zones until the root is primed.
	196
	197	9 September 2010: Wouter
	198	- unresponsive servers are not completely blacklisted (because of
	199	firewalls), but also not probed all the time (because of the request
	200	list size it generates). The probe rate is 1%.
	201	- iana portlist updated.
	202
	203	20 August 2010: Wouter
	204	- openbsd-lint fixes: acl_list_get_mem used if debug-alloc enabled.
	205	iterator get_mem includes priv_get_mem. delegpt nodup removed.
	206	listen_pushback, query_info_allocqname, write_socket, send_packet,
	207	comm_point_set_cb_arg and listen_resume removed.
	208
	209	19 August 2010: Wouter
	210	- Fix bug#321: resolution of rs.ripe.net artifacts with 0x20.
	211	Delegpt structures checked for duplicates always.
	212	No more nameserver lookups generated when depth is full anyway.
	213	- example.conf notes how to do DNSSEC validation and track the root.
	214	- iana portlist updated.
	215
	216	18 August 2010: Wouter
	217	- Fix bug#322: configure does not respect CFLAGS on Solaris.
	218	Pass CFLAGS="-xO4 -xtarget=generic" on the configure command line
	219	if use sun-cc, but some systems need different flags.
	220
	221	16 August 2010: Wouter
	222	- Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP
	223	changes, uses m4_bpatsubst now.
	224	- make test (or make check) should be more portable and run the unit
	225	test and testbound scripts. (make longtest has special requirements).
	226
	227	13 August 2010: Wouter
	228	- More pleasant remote control command parsing.
	229	- documentation added for return values reported by doxygen 1.7.1.
	230	- iana portlist updated.
	231
	232	9 August 2010: Wouter
	233	- Fix name of rrset printed that failed validation.
	234
	235	5 August 2010: Wouter
	236	- Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
	237
	238	4 August 2010: Wouter
	239	- Fix validation in case a trust anchor enters into a zone with
	240	unsupported algorithms.
	241
0	242	3 August 2010: Wouter
1	243	- updated ldns tarball with bugfixes.
	244	- release tag 1.4.6.
	245	- trunk becomes 1.4.7 develop.
	246	- iana portlist updated.
2	247
3	248	22 July 2010: Wouter
4	249	- more error details on failed remote control connection.

+13

-4

doc/README less more

0		README for Unbound 1.4.6
	0	README for Unbound 1.4.8
1	1	Copyright 2007 NLnet Labs
2	2	http://unbound.net
3	3

27	27	of outgoing ports. This improves randomization and spoof
28	28	resistance. For the default of 16 ports the builtin alternative
29	29	works well and is a little faster.
	30	* --with-libexpat=/path/to/libexpat
	31	Can be set to the install directory of libexpat.
30	32	* --without-pthreads
31	33	This disables pthreads. Without this option the pthreads library
32	34	is detected automatically. Use this option to disable threading

58	60	* --with-chroot-dir=path
59	61	Set default chroot directory,
60	62	the default is /usr/local/etc/unbound.
	63	* --with-rootkey-file=path
	64	Set the default root.key path. This file is read and written.
	65	the default is /usr/local/etc/unbound/root.key
	66	* --with-rootcert-file=path
	67	Set the default root update certificate path. A builtin certificate
	68	is used if this file is empty or does not exist.
	69	the default is /usr/local/etc/unbound/icannbundle.pem
61	70	* --with-username=user
62	71	Set default user name to change to,
63	72	the default is the "unbound" user.

71	80	* --disable-gost
72	81	Disable support for GOST crypto, RFC 5933.
73	82
74		* 'make test' attempts to run a series of tests, depending on the support
75		programs that are installed.
	83	* 'make test' runs a series of self checks.
76	84
77	85	Known issues
78	86	------------

96	104	o On Solaris 5.10 some libtool packages from repositories do not work with
97	105	gcc, showing errors gcc: unrecognized option `-KPIC'
98	106	To solve this do ./configure libtool=./libtool [your options...].
	107	On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc.
99	108	o If unbound-control (or munin graphs) do not work, this can often be because
100	109	the unbound-control-setup script creates the keys with restricted
101	110	permissions, and the files need to be made readable or ownered by both the

118	127	Your Support
119	128	------------
120	129	NLnet Labs offers all of its software products as open source, most are
121		published under a BDS license. You can download them, not only from the
	130	published under a BSD license. You can download them, not only from the
122	131	NLnet Labs website but also through the various OS distributions for
123	132	which NSD, ldns, and Unbound are packaged. We therefore have little idea
124	133	who uses our software in production environments and have no direct ties

-6

doc/README.tests less more

0	0	README unbound tests
1	1
2		There is a test setup for unbound. Use
	2	For a quick test that runs unit tests and state machine tests, use
3	3	make test
4		To make and run the tests. The results are summarized at the end.
	4
	5	There is a long test setup for unbound that needs tools installed. Use
	6	make longtest
	7	To make and run the long tests. The results are summarized at the end.
5	8
6	9	You need to have the following programs installed and in your PATH.
7	10	* dig - from the bind-tools package. Used to send DNS queries.

11	14	* xxd and nc (optional) - for (malformed) packet transmission.
12	15	The optional programs are detected and can be omitted.
13	16
14		Without any support programs, unittest and testbound can still be used.
15		(cd testdata; ../testcode/mini_tpkg.sh exe 02-unittest.tpkg)
16		(cd testdata; ../testcode/mini_tpkg.sh exe 03-testbound.tpkg)
17
18	17	testdata/ contains the data for tests.
19	18	testcode/ contains scripts and c code for the tests.
20	19

+21

-6

doc/example.conf.in less more

77	77	# buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
78	78	# 0 is system default. Use 4m to catch query spikes for busy servers.
79	79	# so-rcvbuf: 0
	80
	81	# buffer size for UDP port 53 outgoing (SO_SNDBUF socket option).
	82	# 0 is system default. Use 4m to handle spikes on very busy servers.
	83	# so-sndbuf: 0
80	84
81	85	# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
82	86	# is set with msg-buffer-size). 1480 can solve fragmentation (timeouts).

252	256	# Default on, which insists on dnssec data for trust-anchored zones.
253	257	# harden-dnssec-stripped: yes
254	258
	259	# Harden against queries that fall under known nxdomain names.
	260	# Default off because very old software can be incompatible.
	261	# harden-below-nxdomain: no
	262
255	263	# Harden the referral path by performing additional queries for
256	264	# infrastructure data. Validates the replies (if possible).
257	265	# Default off, because the lookups burden the server. Experimental

270	278	# private-address: 10.0.0.0/8
271	279	# private-address: 172.16.0.0/12
272	280	# private-address: 192.168.0.0/16
273		# private-address: 192.254.0.0/16
	281	# private-address: 169.254.0.0/16
274	282	# private-address: fd00::/8
275	283	# private-address: fe80::/10
276	284

304	312	# separated by spaces. "iterator" or "validator iterator"
305	313	# module-config: "validator iterator"
306	314
	315	# File with trusted keys, kept uptodate using RFC5011 probes,
	316	# initial file like trust-anchor-file, then it stores metadata.
	317	# Use several entries, one per domain name, to track multiple zones.
	318	#
	319	# If you want to perform DNSSEC validation, run unbound-anchor before
	320	# you start unbound (i.e. in the system boot scripts). And enable:
	321	# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
	322
307	323	# File with DLV trusted keys. Same format as trust-anchor-file.
308	324	# There can be only one DLV configured, it is trusted from root down.
309	325	# Download http://ftp.isc.org/www/dlv/dlv.isc.org.key

312	328	# File with trusted keys for validation. Specify more than one file
313	329	# with several entries, one file per entry.
314	330	# Zone file format, with DS and DNSKEY entries.
	331	# Note this gets out of date, use auto-trust-anchor-file please.
315	332	# trust-anchor-file: ""
316	333
317		# File with trusted keys, kept uptodate using RFC5011 probes,
318		# initial file like trust-anchor-file, then it stores metadata.
319		# Use several entries, one per domain name, to track multiple zones.
320		# auto-trust-anchor-file: ""
321
322	334	# Trusted key for validation. DS or DNSKEY. specify the RR on a
323	335	# single line, surrounded by "". TTL is ignored. class is IN default.
	336	# Note this gets out of date, use auto-trust-anchor-file please.
324	337	# (These examples are from August 2007 and may not be valid anymore).
325	338	# trust-anchor: "nlnetlabs.nl. DNSKEY 257 3 5 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9N Lby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW 6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1U BYtEIQ=="
326	339	# trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"

329	342	# with several entries, one file per entry. Like trust-anchor-file
330	343	# but has a different file format. Format is BIND-9 style format,
331	344	# the trusted-keys { name flag proto algo "key"; }; clauses are read.
	345	# you need external update procedures to track changes in keys.
332	346	# trusted-keys-file: ""
333	347
334	348	# Ignore chain of trust. Domain is treated as insecure.

404	418	# o transparent gives local data, but resolves normally for other names
405	419	# o redirect serves the zone data for any subdomain in the zone.
406	420	# o nodefault can be used to normally resolve AS112 zones.
	421	# o typetransparent resolves normally for other types and other names
407	422	#
408	423	# defaults are localhost address, reverse for 127.0.0.1 and ::1
409	424	# and nxdomain for AS112 zones. If you configure one of these zones

-2

doc/libunbound.3.in less more

0		.TH "libunbound" "3" "Aug 3, 2010" "NLnet Labs" "unbound 1.4.6"
	0	.TH "libunbound" "3" "Jan 24, 2011" "NLnet Labs" "unbound 1.4.8"
1	1	.\"
2	2	.\" libunbound.3 -- unbound library functions manual
3	3	.\"

41	41	.B ub_ctx_zone_remove,
42	42	.B ub_ctx_data_add,
43	43	.B ub_ctx_data_remove
44		\- Unbound DNS validating resolver 1.4.6 functions.
	44	\- Unbound DNS validating resolver 1.4.8 functions.
45	45	.SH "SYNOPSIS"
46	46	.LP
47	47	.B #include <unbound.h>

+171

-0

doc/unbound-anchor.8.in less more

	0	.TH "unbound-anchor" "8" "Jan 24, 2011" "NLnet Labs" "unbound 1.4.8"
	1	.\"
	2	.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
	3	.\"
	4	.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
	5	.\"
	6	.\" See LICENSE for the license.
	7	.\"
	8	.\"
	9	.SH "NAME"
	10	.LP
	11	.B unbound\-anchor
	12	\- Unbound anchor utility.
	13	.SH "SYNOPSIS"
	14	.B unbound\-anchor
	15	.RB [ opts ]
	16	.SH "DESCRIPTION"
	17	.B Unbound\-anchor
	18	performs setup or update of the root trust anchor for DNSSEC validation.
	19	It can be run (as root) from the commandline, or run as part of startup
	20	scripts. Before you start the \fIunbound\fR(8) DNS server.
	21	.P
	22	Suggested usage:
	23	.P
	24	.nf
	25	# in the init scripts.
	26	# provide or update the root anchor (if necessary)
	27	unbound-anchor -a "@UNBOUND_ROOTKEY_FILE@"
	28	# start validating resolver
	29	# the unbound.conf contains:
	30	# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
	31	unbound -c unbound.conf
	32	.fi
	33	.P
	34	This tool provides builtin default contents for the root anchor and root
	35	update certificate files.
	36	.P
	37	It tests if the root anchor file works, and if not, and an update is possible,
	38	attempts to update the root anchor using the root update certificate.
	39	It performs a https fetch of root-anchors.xml and checks the results, if
	40	all checks are successful, it updates the root anchor file. Otherwise
	41	the root anchor file is unchanged. It performs RFC5011 tracking if the
	42	DNSSEC information available via the DNS makes that possible.
	43	.P
	44	If does not perform an update if the certificate is expired, if the network
	45	is down or other errors occur.
	46	.P
	47	The available options are:
	48	.TP
	49	.B \-a \fIfile
	50	The root anchor key file, that is read in and written out.
	51	Default is @UNBOUND_ROOTKEY_FILE@.
	52	If the file does not exist, or is empty, a builtin root key is written to it.
	53	.TP
	54	.B \-c \fIfile
	55	The root update certificate file, that is read in.
	56	Default is @UNBOUND_ROOTCERT_FILE@.
	57	If the file does not exist, or is empty, a builtin certificate is used.
	58	.TP
	59	.B \-l
	60	List the builtin root key and builtin root update certificate on stdout.
	61	.TP
	62	.B \-u \fIname
	63	The server name, it connects to https://name. Specify without https:// prefix.
	64	The default is "data.iana.org". It connects to the port specified with \-P.
	65	You can pass an IPv4 addres or IPv6 address (no brackets) if you want.
	66	.TP
	67	.B \-x \fIpath
	68	The pathname to the root\-anchors.xml file on the server. (forms URL with \-u).
	69	The default is /root\-anchors/root\-anchors.xml.
	70	.TP
	71	.B \-s \fIpath
	72	The pathname to the root\-anchors.p7s file on the server. (forms URL with \-u).
	73	The default is /root\-anchors/root\-anchors.p7s. This file has to be a PKCS7
	74	signature over the xml file, using the pem file (\-c) as trust anchor.
	75	.TP
	76	.B \-4
	77	Use IPv4 for domain resolution and contacting the server on https. Default is
	78	to use IPv4 and IPv6 where appropriate.
	79	.TP
	80	.B \-6
	81	Use IPv6 for domain resolution and contacting the server on https. Default is
	82	to use IPv4 and IPv6 where appropriate.
	83	.TP
	84	.B \-f \fIresolv.conf
	85	Use the given resolv.conf file. Not enabled by default, but you could try to
	86	pass /etc/resolv.conf on some systems. It contains the IP addresses of the
	87	recursive nameservers to use. However, since this tool could be used to
	88	bootstrap that very recursive nameserver, it would not be useful (since
	89	that server is not up yet, since we are bootstrapping it). It could be
	90	useful in a situation where you know an upstream cache is deployed (and
	91	running) and in captive portal situations.
	92	.TP
	93	.B \-r \fIroot.hints
	94	Use the given root.hints file (same syntax as the BIND and Unbound root hints
	95	file) to bootstrap domain resolution. By default a list of builtin root
	96	hints is used. Unbound\-anchor goes to the network itself for these roots,
	97	to resolve the server (\-u option) and to check the root DNSKEY records.
	98	It does so, because the tool when used for bootstrapping the recursive
	99	resolver, cannot use that recursive resolver itself because it is bootstrapping
	100	that server.
	101	.TP
	102	.B \-v
	103	More verbose. Once prints informational messages, multiple times may enable
	104	large debug amounts (such as full certificates or byte\-dumps of downloaded
	105	files). By default it prints almost nothing. It also prints nothing on
	106	errors by default; in that case the original root anchor file is simply
	107	left undisturbed, so that a recursive server can start right after it.
	108	.TP
	109	.B \-C \fIunbound.conf
	110	Debug option to read unbound.conf into the resolver process used.
	111	.TP
	112	.B \-P \fIport
	113	Set the port number to use for the https connection. The default is 443.
	114	.TP
	115	.B \-F
	116	Debug option to force update of the root anchor through downloading the xml
	117	file and verifying it with the certificate. By default it first tries to
	118	update by contacting the DNS, which uses much less bandwidth, is much
	119	faster (200 msec not 2 sec), and is nicer to the deployed infrastructure.
	120	With this option, it still attempts to do so (and may verbosely tell you),
	121	but then ignores the result and goes on to use the xml fallback method.
	122	.TP
	123	.B \-h
	124	Show the version and commandline option help.
	125	.TP
	126	.B \-v
	127	More verbose. Prints output detailing what happens.
	128	.SH "EXIT CODE"
	129	This tool exits with value 1 if the root anchor was updated using the
	130	certificate or if the builtin root-anchor was used. It exits with code
	131	0 if no update was necessary, if the update was possible with RFC5011
	132	tracking, or if an error occurred.
	133	.P
	134	You can check the exit value in this manner:
	135	.nf
	136	unbound-anchor -a "root.key" \|\| logger "Please check root.key"
	137	.fi
	138	Or something more suitable for your operational environment.
	139	.SH "TRUST"
	140	The root keys and update certificate included in this tool
	141	are provided for convenience and under the terms of our
	142	license (see the LICENSE file in the source distribution or
	143	http://unbound.nlnetlabs.nl/svn/trunk/LICENSE) and might be stale or
	144	not suitable to your purpose.
	145	.P
	146	By running "unbound\-anchor \-l" the keys and certificate that are
	147	configured in the code are printed for your convenience.
	148	.P
	149	The build\-in configuration can be overridden by providing a root\-cert
	150	file and a rootkey file.
	151	.SH "FILES"
	152	.TP
	153	.I @UNBOUND_ROOTKEY_FILE@
	154	The root anchor file, updated with 5011 tracking, and read and written to.
	155	The file is created if it does not exist.
	156	.TP
	157	.I @UNBOUND_ROOTCERT_FILE@
	158	The trusted self\-signed certificate that is used to verify the downloaded
	159	DNSSEC root trust anchor. You can update it by fetching it from
	160	https://data.iana.org/root\-anchors/icannbundle.pem (and validate it).
	161	If the file does not exist or is empty, a builtin version is used.
	162	.TP
	163	.I https://data.iana.org/root\-anchors/root\-anchors.xml
	164	Source for the root key information.
	165	.TP
	166	.I https://data.iana.org/root\-anchors/root\-anchors.p7s
	167	Signature on the root key information.
	168	.SH "SEE ALSO"
	169	\fIunbound.conf\fR(5),
	170	\fIunbound\fR(8).

-1

doc/unbound-checkconf.8.in less more

0		.TH "unbound-checkconf" "8" "Aug 3, 2010" "NLnet Labs" "unbound 1.4.6"
	0	.TH "unbound-checkconf" "8" "Jan 24, 2011" "NLnet Labs" "unbound 1.4.8"
1	1	.\"
2	2	.\" unbound-checkconf.8 -- unbound configuration checker manual
3	3	.\"

-1

doc/unbound-control.8.in less more

0		.TH "unbound-control" "8" "Aug 3, 2010" "NLnet Labs" "unbound 1.4.6"
	0	.TH "unbound-control" "8" "Jan 24, 2011" "NLnet Labs" "unbound 1.4.8"
1	1	.\"
2	2	.\" unbound-control.8 -- unbound remote control manual
3	3	.\"

140	140	Show what is worked on. Prints all queries that the server is currently
141	141	working on. Prints the time that users have been waiting. For internal
142	142	requests, no time is printed. And then prints out the module status.
	143	.TP
	144	.B flush_infra \fIall\|IP
	145	If all then entire infra cache is emptied. If a specific IP address, the
	146	entry for that address is removed from the cache. It contains EDNS, ping
	147	and lameness data.
	148	.TP
	149	.B dump_infra
	150	Show the contents of the infra cache.
143	151	.TP
144	152	.B set_option \fIopt: val
145	153	Set the option to the given value without a reload. The cache is therefore

-1

doc/unbound-host.1 less more

0		.TH "unbound\-host" "1" "Aug 3, 2010" "NLnet Labs" "unbound 1.4.6"
	0	.TH "unbound\-host" "1" "Jan 24, 2011" "NLnet Labs" "unbound 1.4.8"
1	1	.\"
2	2	.\" unbound-host.1 -- unbound DNS lookup utility
3	3	.\"

-2

doc/unbound.8.in less more

0		.TH "unbound" "8" "Aug 3, 2010" "NLnet Labs" "unbound 1.4.6"
	0	.TH "unbound" "8" "Jan 24, 2011" "NLnet Labs" "unbound 1.4.8"
1	1	.\"
2	2	.\" unbound.8 -- unbound manual
3	3	.\"

9	9	.SH "NAME"
10	10	.LP
11	11	.B unbound
12		\- Unbound DNS validating resolver 1.4.6.
	12	\- Unbound DNS validating resolver 1.4.8.
13	13	.SH "SYNOPSIS"
14	14	.LP
15	15	.B unbound

+35

-13

doc/unbound.conf.5.in less more

0		.TH "unbound.conf" "5" "Aug 3, 2010" "NLnet Labs" "unbound 1.4.6"
	0	.TH "unbound.conf" "5" "Jan 24, 2011" "NLnet Labs" "unbound 1.4.8"
1	1	.\"
2	2	.\" unbound.conf.5 -- unbound.conf manual
3	3	.\"

123	123	.TP
124	124	.B interface\-automatic: \fI<yes or no>
125	125	Detect source interface on UDP queries and copy them to replies. This
126		feature is experimental, and needs support in your OS for IPv6
127		(and its socket options) and IPv4 (and have source\-interface socket options).
128		Default value is no.
	126	feature is experimental, and needs support in your OS for particular socket
	127	options. Default value is no.
129	128	.TP
130	129	.B outgoing\-interface: \fI<ip address>
131	130	Interface to use to connect to the network. This interface is used to send

231	230	On OpenBSD change header and recompile kernel. On Solaris ndd \-set
232	231	/dev/udp udp_max_buf 8388608.
233	232	.TP
	233	.B so\-sndbuf: \fI<number>
	234	If not 0, then set the SO_SNDBUF socket option to get more buffer space on
	235	UDP port 53 outgoing queries. This for very busy servers handles spikes
	236	in answer traffic, otherwise 'send: resource temporarily unavailable'
	237	can get logged, the buffer overrun is also visible by netstat \-su.
	238	Default is 0 (use system value). Specify the number of bytes to ask
	239	for, try "4m" on a very busy server. The OS caps it at a maximum, on
	240	linux unbound needs root permission to bypass the limit, or the admin
	241	can use sysctl net.core.wmem_max. On BSD, Solaris changes are similar
	242	to so\-rcvbuf.
	243	.TP
234	244	.B rrset\-cache\-size: \fI<number>
235	245	Number of bytes size of the RRset cache. Default is 4 megabytes.
236	246	A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes

454	464	removes DNSSEC data from packets, or a zone changes from signed to
455	465	unsigned to badly signed often. If turned off you run the risk of a
456	466	downgrade attack that disables security for a zone. Default is on.
	467	.TP
	468	.B harden\-below\-nxdomain: \fI<yes or no>
	469	From draft-vixie-dnsext-resimprove, returns nxdomain to queries for a name
	470	below another name that is already known to be nxdomain. DNSSEC mandates
	471	noerror for empty nonterminals, hence this is possible. Very old software
	472	might return nxdomain for empty nonterminals (that usually happen for reverse
	473	IP address lookups), and thus may be incompatible with this. Default is off.
457	474	.TP
458	475	.B harden\-referral\-path: \fI<yes or no>
459	476	Harden the referral path by performing additional queries for

487	504	names using \fBprivate\-domain\fR. No private addresses are enabled
488	505	by default. We consider to enable this for the RFC1918 private IP
489	506	address space by default in later releases. That would enable private
490		addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 192.254.0.0/16
	507	addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16
491	508	fd00::/8 and fe80::/10, since the RFC standards say these addresses
492	509	should not be visible on the public internet. Turning on 127.0.0.0/8
493	510	would hinder many spamblocklists as they use that.

681	698	or gigabytes (1024*1024 bytes in a megabyte).
682	699	.TP
683	700	.B local\-zone: \fI<zone> <type>
684		Configure a local zone. The type determines the answer to give if there is
685		no match from local\-data. The types are deny, refuse, static, transparent,
686		redirect, nodefault, and are explained below. After that the default settings
687		are listed. Use local\-data: to enter data into the local zone. Answers for
688		local zones are authoritative DNS answers. By default the zones are class IN.
	701	Configure a local zone. The type determines the answer to give if
	702	there is no match from local\-data. The types are deny, refuse, static,
	703	transparent, redirect, nodefault, typetransparent, and are explained
	704	below. After that the default settings are listed. Use local\-data: to
	705	enter data into the local zone. Answers for local zones are authoritative
	706	DNS answers. By default the zones are class IN.
689	707	.IP
690	708	If you need more complicated authoritative data, with referrals, wildcards,
691	709	CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for

712	730	given in localdata, then a noerror nodata answer is returned.
713	731	If no local\-zone is given local\-data causes a transparent zone
714	732	to be created by default.
	733	.TP 10
	734	\h'5'\fItypetransparent\fR
	735	If there is a match from local data, the query is answered. If the query
	736	is for a different name, or for the same name but for a different type,
	737	the query is resolved normally. So, similar to transparent but types
	738	that are not listed in local data are resolved normally, so if an A record
	739	is in the local data that does not cause a nodata reply for AAAA queries.
715	740	.TP 10
716	741	\h'5'\fIredirect\fR
717	742	The query is answered from the local data for the zone name.

801	826	.TP 10
802	827	\h'5'\fIreverse RFC4291 IPv6 Link Local Addresses\fR
803	828	Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa.
804		.TP 10
805		\h'5'\fIreverse RFC4843 Orchid Prefix\fR
806		Reverse data for zone 0.1.1.0.0.2.ip6.arpa.
807	829	.TP 10
808	830	\h'5'\fIreverse IPv6 Example Prefix\fR
809	831	Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for

+982

-603

doc/unbound.doxygen less more

0		# Doxyfile 1.5.2
	0	# Doxyfile 1.7.1
1	1
2	2	# This file describes the settings to be used by the documentation system
3	3	# doxygen (www.doxygen.org) for a project

13	13	# Project related configuration options
14	14	#---------------------------------------------------------------------------
15	15
16		# This tag specifies the encoding used for all characters in the config file that
17		# follow. The default is UTF-8 which is also the encoding used for all text before
18		# the first occurrence of this tag. Doxygen uses libiconv (or the iconv built into
19		# libc) for the transcoding. See http://www.gnu.org/software/libiconv for the list of
20		# possible encodings.
21
22		# DOXYFILE_ENCODING = UTF-8
23
24		# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
	16	# This tag specifies the encoding used for all characters in the config file
	17	# that follow. The default is UTF-8 which is also the encoding used for all
	18	# text before the first occurrence of this tag. Doxygen uses libiconv (or the
	19	# iconv built into libc) for the transcoding. See
	20	# http://www.gnu.org/software/libiconv for the list of possible encodings.
	21
	22	DOXYFILE_ENCODING = UTF-8
	23
	24	# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
25	25	# by quotes) that should identify the project.
26	26
27	27	PROJECT_NAME = unbound
28	28
29		# The PROJECT_NUMBER tag can be used to enter a project or revision number.
30		# This could be handy for archiving the generated documentation or
	29	# The PROJECT_NUMBER tag can be used to enter a project or revision number.
	30	# This could be handy for archiving the generated documentation or
31	31	# if some version control system is used.
32	32
33	33	PROJECT_NUMBER = 0.1
34	34
35		# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
36		# base path where the generated documentation will be put.
37		# If a relative path is entered, it will be relative to the location
	35	# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
	36	# base path where the generated documentation will be put.
	37	# If a relative path is entered, it will be relative to the location
38	38	# where doxygen was started. If left blank the current directory will be used.
39	39
40	40	OUTPUT_DIRECTORY = doc
41	41
42		# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
43		# 4096 sub-directories (in 2 levels) under the output directory of each output
44		# format and will distribute the generated files over these directories.
45		# Enabling this option can be useful when feeding doxygen a huge amount of
46		# source files, where putting all generated files in the same directory would
	42	# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
	43	# 4096 sub-directories (in 2 levels) under the output directory of each output
	44	# format and will distribute the generated files over these directories.
	45	# Enabling this option can be useful when feeding doxygen a huge amount of
	46	# source files, where putting all generated files in the same directory would
47	47	# otherwise cause performance problems for the file system.
48	48
49	49	CREATE_SUBDIRS = NO
50	50
51		# The OUTPUT_LANGUAGE tag is used to specify the language in which all
52		# documentation generated by doxygen is written. Doxygen will use this
53		# information to generate all constant output in the proper language.
54		# The default language is English, other supported languages are:
55		# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
56		# Croatian, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian,
57		# Italian, Japanese, Japanese-en (Japanese with English messages), Korean,
58		# Korean-en, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian,
59		# Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian.
	51	# The OUTPUT_LANGUAGE tag is used to specify the language in which all
	52	# documentation generated by doxygen is written. Doxygen will use this
	53	# information to generate all constant output in the proper language.
	54	# The default language is English, other supported languages are:
	55	# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
	56	# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German,
	57	# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English
	58	# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian,
	59	# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak,
	60	# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese.
60	61
61	62	OUTPUT_LANGUAGE = English
62	63
63		# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
64		# include brief member descriptions after the members that are listed in
65		# the file and class documentation (similar to JavaDoc).
	64	# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
	65	# include brief member descriptions after the members that are listed in
	66	# the file and class documentation (similar to JavaDoc).
66	67	# Set to NO to disable this.
67	68
68	69	BRIEF_MEMBER_DESC = YES
69	70
70		# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
71		# the brief description of a member or function before the detailed description.
72		# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
	71	# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
	72	# the brief description of a member or function before the detailed description.
	73	# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
73	74	# brief descriptions will be completely suppressed.
74	75
75	76	REPEAT_BRIEF = YES
76	77
77		# This tag implements a quasi-intelligent brief description abbreviator
78		# that is used to form the text in various listings. Each string
79		# in this list, if found as the leading text of the brief description, will be
80		# stripped from the text and the result after processing the whole list, is
81		# used as the annotated text. Otherwise, the brief description is used as-is.
82		# If left blank, the following values are used ("$name" is automatically
83		# replaced with the name of the entity): "The $name class" "The $name widget"
84		# "The $name file" "is" "provides" "specifies" "contains"
	78	# This tag implements a quasi-intelligent brief description abbreviator
	79	# that is used to form the text in various listings. Each string
	80	# in this list, if found as the leading text of the brief description, will be
	81	# stripped from the text and the result after processing the whole list, is
	82	# used as the annotated text. Otherwise, the brief description is used as-is.
	83	# If left blank, the following values are used ("$name" is automatically
	84	# replaced with the name of the entity): "The $name class" "The $name widget"
	85	# "The $name file" "is" "provides" "specifies" "contains"
85	86	# "represents" "a" "an" "the"
86	87
87		ABBREVIATE_BRIEF =
88
89		# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
90		# Doxygen will generate a detailed section even if there is only a brief
	88	ABBREVIATE_BRIEF =
	89
	90	# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
	91	# Doxygen will generate a detailed section even if there is only a brief
91	92	# description.
92	93
93	94	ALWAYS_DETAILED_SEC = NO
94	95
95		# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
96		# inherited members of a class in the documentation of that class as if those
97		# members were ordinary class members. Constructors, destructors and assignment
	96	# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
	97	# inherited members of a class in the documentation of that class as if those
	98	# members were ordinary class members. Constructors, destructors and assignment
98	99	# operators of the base classes will not be shown.
99	100
100	101	INLINE_INHERITED_MEMB = NO
101	102
102		# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
103		# path before files name in the file list and in the header files. If set
	103	# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
	104	# path before files name in the file list and in the header files. If set
104	105	# to NO the shortest path that makes the file name unique will be used.
105	106
106	107	FULL_PATH_NAMES = YES
107	108
108		# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
109		# can be used to strip a user-defined part of the path. Stripping is
110		# only done if one of the specified strings matches the left-hand part of
111		# the path. The tag can be used to show relative paths in the file list.
112		# If left blank the directory from which doxygen is run is used as the
	109	# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
	110	# can be used to strip a user-defined part of the path. Stripping is
	111	# only done if one of the specified strings matches the left-hand part of
	112	# the path. The tag can be used to show relative paths in the file list.
	113	# If left blank the directory from which doxygen is run is used as the
113	114	# path to strip.
114	115
115		STRIP_FROM_PATH =
116
117		# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
118		# the path mentioned in the documentation of a class, which tells
119		# the reader which header file to include in order to use a class.
120		# If left blank only the name of the header file containing the class
121		# definition is used. Otherwise one should specify the include paths that
	116	STRIP_FROM_PATH =
	117
	118	# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
	119	# the path mentioned in the documentation of a class, which tells
	120	# the reader which header file to include in order to use a class.
	121	# If left blank only the name of the header file containing the class
	122	# definition is used. Otherwise one should specify the include paths that
122	123	# are normally passed to the compiler using the -I flag.
123	124
124		STRIP_FROM_INC_PATH =
125
126		# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
127		# (but less readable) file names. This can be useful is your file systems
	125	STRIP_FROM_INC_PATH =
	126
	127	# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
	128	# (but less readable) file names. This can be useful is your file systems
128	129	# doesn't support long names like on DOS, Mac, or CD-ROM.
129	130
130	131	SHORT_NAMES = NO
131	132
132		# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
133		# will interpret the first line (until the first dot) of a JavaDoc-style
134		# comment as the brief description. If set to NO, the JavaDoc
135		# comments will behave just like the Qt-style comments (thus requiring an
136		# explicit @brief command for a brief description.
	133	# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
	134	# will interpret the first line (until the first dot) of a JavaDoc-style
	135	# comment as the brief description. If set to NO, the JavaDoc
	136	# comments will behave just like regular Qt-style comments
	137	# (thus requiring an explicit @brief command for a brief description.)
137	138
138	139	JAVADOC_AUTOBRIEF = YES
139	140
140		# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
141		# treat a multi-line C++ special comment block (i.e. a block of //! or ///
142		# comments) as a brief description. This used to be the default behaviour.
143		# The new default is to treat a multi-line C++ comment block as a detailed
	141	# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
	142	# interpret the first line (until the first dot) of a Qt-style
	143	# comment as the brief description. If set to NO, the comments
	144	# will behave just like regular Qt-style comments (thus requiring
	145	# an explicit \brief command for a brief description.)
	146
	147	QT_AUTOBRIEF = NO
	148
	149	# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
	150	# treat a multi-line C++ special comment block (i.e. a block of //! or ///
	151	# comments) as a brief description. This used to be the default behaviour.
	152	# The new default is to treat a multi-line C++ comment block as a detailed
144	153	# description. Set this tag to YES if you prefer the old behaviour instead.
145	154
146	155	MULTILINE_CPP_IS_BRIEF = NO
147	156
148		# If the DETAILS_AT_TOP tag is set to YES then Doxygen
149		# will output the detailed description near the top, like JavaDoc.
150		# If set to NO, the detailed description appears after the member
151		# documentation.
152		#DETAILS_AT_TOP = NO
153
154		# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
155		# member inherits the documentation from any documented member that it
	157	# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
	158	# member inherits the documentation from any documented member that it
156	159	# re-implements.
157	160
158	161	INHERIT_DOCS = YES
159	162
160		# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
161		# a new page for each member. If set to NO, the documentation of a member will
	163	# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
	164	# a new page for each member. If set to NO, the documentation of a member will
162	165	# be part of the file/class/namespace that contains it.
163	166
164	167	SEPARATE_MEMBER_PAGES = NO
165	168
166		# The TAB_SIZE tag can be used to set the number of spaces in a tab.
	169	# The TAB_SIZE tag can be used to set the number of spaces in a tab.
167	170	# Doxygen uses this value to replace tabs by spaces in code fragments.
168	171
169	172	TAB_SIZE = 8
170	173
171		# This tag can be used to specify a number of aliases that acts
172		# as commands in the documentation. An alias has the form "name=value".
173		# For example adding "sideeffect=\par Side Effects:\n" will allow you to
174		# put the command \sideeffect (or @sideeffect) in the documentation, which
175		# will result in a user-defined paragraph with heading "Side Effects:".
	174	# This tag can be used to specify a number of aliases that acts
	175	# as commands in the documentation. An alias has the form "name=value".
	176	# For example adding "sideeffect=\par Side Effects:\n" will allow you to
	177	# put the command \sideeffect (or @sideeffect) in the documentation, which
	178	# will result in a user-defined paragraph with heading "Side Effects:".
176	179	# You can put \n's in the value part of an alias to insert newlines.
177	180
178		ALIASES =
179
180		# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
181		# sources only. Doxygen will then generate output that is more tailored for C.
182		# For instance, some of the names that are used will be different. The list
	181	ALIASES =
	182
	183	# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
	184	# sources only. Doxygen will then generate output that is more tailored for C.
	185	# For instance, some of the names that are used will be different. The list
183	186	# of all members will be omitted, etc.
184	187
185	188	OPTIMIZE_OUTPUT_FOR_C = YES
186	189
187		# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
188		# sources only. Doxygen will then generate output that is more tailored for Java.
189		# For instance, namespaces will be presented as packages, qualified scopes
190		# will look different, etc.
	190	# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
	191	# sources only. Doxygen will then generate output that is more tailored for
	192	# Java. For instance, namespaces will be presented as packages, qualified
	193	# scopes will look different, etc.
191	194
192	195	OPTIMIZE_OUTPUT_JAVA = NO
193	196
194		# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to
195		# include (a tag file for) the STL sources as input, then you should
196		# set this tag to YES in order to let doxygen match functions declarations and
197		# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
198		# func(std::string) {}). This also make the inheritance and collaboration
	197	# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
	198	# sources only. Doxygen will then generate output that is more tailored for
	199	# Fortran.
	200
	201	OPTIMIZE_FOR_FORTRAN = NO
	202
	203	# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
	204	# sources. Doxygen will then generate output that is tailored for
	205	# VHDL.
	206
	207	OPTIMIZE_OUTPUT_VHDL = NO
	208
	209	# Doxygen selects the parser to use depending on the extension of the files it
	210	# parses. With this tag you can assign which parser to use for a given extension.
	211	# Doxygen has a built-in mapping, but you can override or extend it using this
	212	# tag. The format is ext=language, where ext is a file extension, and language
	213	# is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C,
	214	# C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make
	215	# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C
	216	# (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions
	217	# you also need to set FILE_PATTERNS otherwise the files are not read by doxygen.
	218
	219	EXTENSION_MAPPING =
	220
	221	# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
	222	# to include (a tag file for) the STL sources as input, then you should
	223	# set this tag to YES in order to let doxygen match functions declarations and
	224	# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
	225	# func(std::string) {}). This also make the inheritance and collaboration
199	226	# diagrams that involve STL classes more complete and accurate.
200	227
201	228	BUILTIN_STL_SUPPORT = NO

203	230	# If you use Microsoft's C++/CLI language, you should set this option to YES to
204	231	# enable parsing support.
205	232
206		# CPP_CLI_SUPPORT = NO
207
208		# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
209		# tag is set to YES, then doxygen will reuse the documentation of the first
210		# member in the group (if any) for the other members of the group. By default
	233	CPP_CLI_SUPPORT = NO
	234
	235	# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
	236	# Doxygen will parse them like normal C++ but will assume all classes use public
	237	# instead of private inheritance when no explicit protection keyword is present.
	238
	239	SIP_SUPPORT = NO
	240
	241	# For Microsoft's IDL there are propget and propput attributes to indicate getter
	242	# and setter methods for a property. Setting this option to YES (the default)
	243	# will make doxygen to replace the get and set methods by a property in the
	244	# documentation. This will only work if the methods are indeed getting or
	245	# setting a simple type. If this is not the case, or you want to show the
	246	# methods anyway, you should set this option to NO.
	247
	248	IDL_PROPERTY_SUPPORT = YES
	249
	250	# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
	251	# tag is set to YES, then doxygen will reuse the documentation of the first
	252	# member in the group (if any) for the other members of the group. By default
211	253	# all members of a group must be documented explicitly.
212	254
213	255	DISTRIBUTE_GROUP_DOC = NO
214	256
215		# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
216		# the same type (for instance a group of public functions) to be put as a
217		# subgroup of that type (e.g. under the Public Functions section). Set it to
218		# NO to prevent subgrouping. Alternatively, this can be done per class using
	257	# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
	258	# the same type (for instance a group of public functions) to be put as a
	259	# subgroup of that type (e.g. under the Public Functions section). Set it to
	260	# NO to prevent subgrouping. Alternatively, this can be done per class using
219	261	# the \nosubgrouping command.
220	262
221	263	SUBGROUPING = YES
222	264
	265	# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
	266	# is documented as struct, union, or enum with the name of the typedef. So
	267	# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
	268	# with name TypeT. When disabled the typedef will appear as a member of a file,
	269	# namespace, or class. And the struct will be named TypeS. This can typically
	270	# be useful for C code in case the coding convention dictates that all compound
	271	# types are typedef'ed and only the typedef is referenced, never the tag name.
	272
	273	TYPEDEF_HIDES_STRUCT = NO
	274
	275	# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to
	276	# determine which symbols to keep in memory and which to flush to disk.
	277	# When the cache is full, less often used symbols will be written to disk.
	278	# For small to medium size projects (<1000 input files) the default value is
	279	# probably good enough. For larger projects a too small cache size can cause
	280	# doxygen to be busy swapping symbols to and from disk most of the time
	281	# causing a significant performance penality.
	282	# If the system has enough physical memory increasing the cache will improve the
	283	# performance by keeping more symbols in memory. Note that the value works on
	284	# a logarithmic scale so increasing the size by one will rougly double the
	285	# memory usage. The cache size is given by this formula:
	286	# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
	287	# corresponding to a cache size of 2^16 = 65536 symbols
	288
	289	SYMBOL_CACHE_SIZE = 0
	290
223	291	#---------------------------------------------------------------------------
224	292	# Build related configuration options
225	293	#---------------------------------------------------------------------------
226	294
227		# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
228		# documentation are documented, even if no documentation was available.
229		# Private class members and static file members will be hidden unless
	295	# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
	296	# documentation are documented, even if no documentation was available.
	297	# Private class members and static file members will be hidden unless
230	298	# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
231	299
232	300	EXTRACT_ALL = NO
233	301
234		# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
	302	# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
235	303	# will be included in the documentation.
236	304
237	305	EXTRACT_PRIVATE = YES
238	306
239		# If the EXTRACT_STATIC tag is set to YES all static members of a file
	307	# If the EXTRACT_STATIC tag is set to YES all static members of a file
240	308	# will be included in the documentation.
241	309
242	310	EXTRACT_STATIC = YES
243	311
244		# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
245		# defined locally in source files will be included in the documentation.
	312	# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
	313	# defined locally in source files will be included in the documentation.
246	314	# If set to NO only classes defined in header files are included.
247	315
248	316	EXTRACT_LOCAL_CLASSES = YES
249	317
250		# This flag is only useful for Objective-C code. When set to YES local
251		# methods, which are defined in the implementation section but not in
252		# the interface are included in the documentation.
	318	# This flag is only useful for Objective-C code. When set to YES local
	319	# methods, which are defined in the implementation section but not in
	320	# the interface are included in the documentation.
253	321	# If set to NO (the default) only methods in the interface are included.
254	322
255	323	EXTRACT_LOCAL_METHODS = YES
256	324
257		# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
258		# undocumented members of documented classes, files or namespaces.
259		# If set to NO (the default) these members will be included in the
260		# various overviews, but no documentation section is generated.
	325	# If this flag is set to YES, the members of anonymous namespaces will be
	326	# extracted and appear in the documentation as a namespace called
	327	# 'anonymous_namespace{file}', where file will be replaced with the base
	328	# name of the file that contains the anonymous namespace. By default
	329	# anonymous namespace are hidden.
	330
	331	EXTRACT_ANON_NSPACES = NO
	332
	333	# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
	334	# undocumented members of documented classes, files or namespaces.
	335	# If set to NO (the default) these members will be included in the
	336	# various overviews, but no documentation section is generated.
261	337	# This option has no effect if EXTRACT_ALL is enabled.
262	338
263	339	HIDE_UNDOC_MEMBERS = NO
264	340
265		# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
266		# undocumented classes that are normally visible in the class hierarchy.
267		# If set to NO (the default) these classes will be included in the various
	341	# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
	342	# undocumented classes that are normally visible in the class hierarchy.
	343	# If set to NO (the default) these classes will be included in the various
268	344	# overviews. This option has no effect if EXTRACT_ALL is enabled.
269	345
270	346	HIDE_UNDOC_CLASSES = NO
271	347
272		# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
273		# friend (class\|struct\|union) declarations.
274		# If set to NO (the default) these declarations will be included in the
	348	# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
	349	# friend (class\|struct\|union) declarations.
	350	# If set to NO (the default) these declarations will be included in the
275	351	# documentation.
276	352
277	353	HIDE_FRIEND_COMPOUNDS = NO
278	354
279		# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
280		# documentation blocks found inside the body of a function.
281		# If set to NO (the default) these blocks will be appended to the
	355	# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
	356	# documentation blocks found inside the body of a function.
	357	# If set to NO (the default) these blocks will be appended to the
282	358	# function's detailed documentation block.
283	359
284	360	HIDE_IN_BODY_DOCS = NO
285	361
286		# The INTERNAL_DOCS tag determines if documentation
287		# that is typed after a \internal command is included. If the tag is set
288		# to NO (the default) then the documentation will be excluded.
	362	# The INTERNAL_DOCS tag determines if documentation
	363	# that is typed after a \internal command is included. If the tag is set
	364	# to NO (the default) then the documentation will be excluded.
289	365	# Set it to YES to include the internal documentation.
290	366
291	367	INTERNAL_DOCS = NO
292	368
293		# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
294		# file names in lower-case letters. If set to YES upper-case letters are also
295		# allowed. This is useful if you have classes or files whose names only differ
296		# in case and if your file system supports case sensitive file names. Windows
	369	# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
	370	# file names in lower-case letters. If set to YES upper-case letters are also
	371	# allowed. This is useful if you have classes or files whose names only differ
	372	# in case and if your file system supports case sensitive file names. Windows
297	373	# and Mac users are advised to set this option to NO.
298	374
299	375	CASE_SENSE_NAMES = YES
300	376
301		# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
302		# will show members with their full class and namespace scopes in the
	377	# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
	378	# will show members with their full class and namespace scopes in the
303	379	# documentation. If set to YES the scope will be hidden.
304	380
305	381	HIDE_SCOPE_NAMES = NO
306	382
307		# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
308		# will put a list of the files that are included by a file in the documentation
	383	# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
	384	# will put a list of the files that are included by a file in the documentation
309	385	# of that file.
310	386
311	387	SHOW_INCLUDE_FILES = YES
312	388
313		# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
	389	# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen
	390	# will list include files with double quotes in the documentation
	391	# rather than with sharp brackets.
	392
	393	FORCE_LOCAL_INCLUDES = NO
	394
	395	# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
314	396	# is inserted in the documentation for inline members.
315	397
316	398	INLINE_INFO = YES
317	399
318		# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
319		# will sort the (detailed) documentation of file and class members
320		# alphabetically by member name. If set to NO the members will appear in
	400	# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
	401	# will sort the (detailed) documentation of file and class members
	402	# alphabetically by member name. If set to NO the members will appear in
321	403	# declaration order.
322	404
323	405	SORT_MEMBER_DOCS = NO
324	406
325		# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
326		# brief documentation of file, namespace and class members alphabetically
327		# by member name. If set to NO (the default) the members will appear in
	407	# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
	408	# brief documentation of file, namespace and class members alphabetically
	409	# by member name. If set to NO (the default) the members will appear in
328	410	# declaration order.
329	411
330	412	SORT_BRIEF_DOCS = NO
331	413
332		# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
333		# sorted by fully-qualified names, including namespaces. If set to
334		# NO (the default), the class list will be sorted only by class name,
335		# not including the namespace part.
	414	# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen
	415	# will sort the (brief and detailed) documentation of class members so that
	416	# constructors and destructors are listed first. If set to NO (the default)
	417	# the constructors will appear in the respective orders defined by
	418	# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS.
	419	# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO
	420	# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO.
	421
	422	SORT_MEMBERS_CTORS_1ST = NO
	423
	424	# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
	425	# hierarchy of group names into alphabetical order. If set to NO (the default)
	426	# the group names will appear in their defined order.
	427
	428	SORT_GROUP_NAMES = NO
	429
	430	# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
	431	# sorted by fully-qualified names, including namespaces. If set to
	432	# NO (the default), the class list will be sorted only by class name,
	433	# not including the namespace part.
336	434	# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
337		# Note: This option applies only to the class list, not to the
	435	# Note: This option applies only to the class list, not to the
338	436	# alphabetical list.
339	437
340	438	SORT_BY_SCOPE_NAME = NO
341	439
342		# The GENERATE_TODOLIST tag can be used to enable (YES) or
343		# disable (NO) the todo list. This list is created by putting \todo
	440	# The GENERATE_TODOLIST tag can be used to enable (YES) or
	441	# disable (NO) the todo list. This list is created by putting \todo
344	442	# commands in the documentation.
345	443
346	444	GENERATE_TODOLIST = YES
347	445
348		# The GENERATE_TESTLIST tag can be used to enable (YES) or
349		# disable (NO) the test list. This list is created by putting \test
	446	# The GENERATE_TESTLIST tag can be used to enable (YES) or
	447	# disable (NO) the test list. This list is created by putting \test
350	448	# commands in the documentation.
351	449
352	450	GENERATE_TESTLIST = YES
353	451
354		# The GENERATE_BUGLIST tag can be used to enable (YES) or
355		# disable (NO) the bug list. This list is created by putting \bug
	452	# The GENERATE_BUGLIST tag can be used to enable (YES) or
	453	# disable (NO) the bug list. This list is created by putting \bug
356	454	# commands in the documentation.
357	455
358	456	GENERATE_BUGLIST = YES
359	457
360		# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
361		# disable (NO) the deprecated list. This list is created by putting
	458	# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
	459	# disable (NO) the deprecated list. This list is created by putting
362	460	# \deprecated commands in the documentation.
363	461
364	462	GENERATE_DEPRECATEDLIST= YES
365	463
366		# The ENABLED_SECTIONS tag can be used to enable conditional
	464	# The ENABLED_SECTIONS tag can be used to enable conditional
367	465	# documentation sections, marked by \if sectionname ... \endif.
368	466
369		ENABLED_SECTIONS =
370
371		# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
372		# the initial value of a variable or define consists of for it to appear in
373		# the documentation. If the initializer consists of more lines than specified
374		# here it will be hidden. Use a value of 0 to hide initializers completely.
375		# The appearance of the initializer of individual variables and defines in the
376		# documentation can be controlled using \showinitializer or \hideinitializer
	467	ENABLED_SECTIONS =
	468
	469	# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
	470	# the initial value of a variable or define consists of for it to appear in
	471	# the documentation. If the initializer consists of more lines than specified
	472	# here it will be hidden. Use a value of 0 to hide initializers completely.
	473	# The appearance of the initializer of individual variables and defines in the
	474	# documentation can be controlled using \showinitializer or \hideinitializer
377	475	# command in the documentation regardless of this setting.
378	476
379	477	MAX_INITIALIZER_LINES = 30
380	478
381		# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
382		# at the bottom of the documentation of classes and structs. If set to YES the
	479	# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
	480	# at the bottom of the documentation of classes and structs. If set to YES the
383	481	# list will mention the files that were used to generate the documentation.
384	482
385	483	SHOW_USED_FILES = YES
386	484
387		# If the sources in your project are distributed over multiple directories
388		# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
	485	# If the sources in your project are distributed over multiple directories
	486	# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
389	487	# in the documentation. The default is NO.
390	488
391	489	SHOW_DIRECTORIES = YES
392	490
393		# The FILE_VERSION_FILTER tag can be used to specify a program or script that
394		# doxygen should invoke to get the current version for each file (typically from the
395		# version control system). Doxygen will invoke the program by executing (via
396		# popen()) the command <command> <input-file>, where <command> is the value of
397		# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
398		# provided by doxygen. Whatever the program writes to standard output
	491	# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
	492	# This will remove the Files entry from the Quick Index and from the
	493	# Folder Tree View (if specified). The default is YES.
	494
	495	SHOW_FILES = YES
	496
	497	# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
	498	# Namespaces page.
	499	# This will remove the Namespaces entry from the Quick Index
	500	# and from the Folder Tree View (if specified). The default is YES.
	501
	502	SHOW_NAMESPACES = YES
	503
	504	# The FILE_VERSION_FILTER tag can be used to specify a program or script that
	505	# doxygen should invoke to get the current version for each file (typically from
	506	# the version control system). Doxygen will invoke the program by executing (via
	507	# popen()) the command <command> <input-file>, where <command> is the value of
	508	# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
	509	# provided by doxygen. Whatever the program writes to standard output
399	510	# is used as the file version. See the manual for examples.
400	511
401		FILE_VERSION_FILTER =
	512	FILE_VERSION_FILTER =
	513
	514	# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed
	515	# by doxygen. The layout file controls the global structure of the generated
	516	# output files in an output format independent way. The create the layout file
	517	# that represents doxygen's defaults, run doxygen with the -l option.
	518	# You can optionally specify a file name after the option, if omitted
	519	# DoxygenLayout.xml will be used as the name of the layout file.
	520
	521	LAYOUT_FILE =
402	522
403	523	#---------------------------------------------------------------------------
404	524	# configuration options related to warning and progress messages
405	525	#---------------------------------------------------------------------------
406	526
407		# The QUIET tag can be used to turn on/off the messages that are generated
	527	# The QUIET tag can be used to turn on/off the messages that are generated
408	528	# by doxygen. Possible values are YES and NO. If left blank NO is used.
409	529
410	530	QUIET = YES
411	531
412		# The WARNINGS tag can be used to turn on/off the warning messages that are
413		# generated by doxygen. Possible values are YES and NO. If left blank
	532	# The WARNINGS tag can be used to turn on/off the warning messages that are
	533	# generated by doxygen. Possible values are YES and NO. If left blank
414	534	# NO is used.
415	535
416	536	WARNINGS = YES
417	537
418		# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
419		# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
	538	# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
	539	# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
420	540	# automatically be disabled.
421	541
422		WARN_IF_UNDOCUMENTED = YES
423
424		# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
425		# potential errors in the documentation, such as not documenting some
426		# parameters in a documented function, or documenting parameters that
	542	WARN_IF_UNDOCUMENTED = NO
	543
	544	# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
	545	# potential errors in the documentation, such as not documenting some
	546	# parameters in a documented function, or documenting parameters that
427	547	# don't exist or using markup commands wrongly.
428	548
429	549	WARN_IF_DOC_ERROR = YES
430	550
431		# This WARN_NO_PARAMDOC option can be abled to get warnings for
432		# functions that are documented, but have no documentation for their parameters
433		# or return value. If set to NO (the default) doxygen will only warn about
434		# wrong or incomplete parameter documentation, but not about the absence of
	551	# This WARN_NO_PARAMDOC option can be abled to get warnings for
	552	# functions that are documented, but have no documentation for their parameters
	553	# or return value. If set to NO (the default) doxygen will only warn about
	554	# wrong or incomplete parameter documentation, but not about the absence of
435	555	# documentation.
436	556
437	557	WARN_NO_PARAMDOC = YES
438	558
439		# The WARN_FORMAT tag determines the format of the warning messages that
440		# doxygen can produce. The string should contain the $file, $line, and $text
441		# tags, which will be replaced by the file and line number from which the
442		# warning originated and the warning text. Optionally the format may contain
443		# $version, which will be replaced by the version of the file (if it could
	559	# The WARN_FORMAT tag determines the format of the warning messages that
	560	# doxygen can produce. The string should contain the $file, $line, and $text
	561	# tags, which will be replaced by the file and line number from which the
	562	# warning originated and the warning text. Optionally the format may contain
	563	# $version, which will be replaced by the version of the file (if it could
444	564	# be obtained via FILE_VERSION_FILTER)
445	565
446	566	WARN_FORMAT = "$file:$line: $text"
447	567
448		# The WARN_LOGFILE tag can be used to specify a file to which warning
449		# and error messages should be written. If left blank the output is written
	568	# The WARN_LOGFILE tag can be used to specify a file to which warning
	569	# and error messages should be written. If left blank the output is written
450	570	# to stderr.
451	571
452		WARN_LOGFILE =
	572	WARN_LOGFILE =
453	573
454	574	#---------------------------------------------------------------------------
455	575	# configuration options related to the input files
456	576	#---------------------------------------------------------------------------
457	577
458		# The INPUT tag can be used to specify the files and/or directories that contain
459		# documented source files. You may enter file names like "myfile.cpp" or
460		# directories like "/usr/src/myproject". Separate the files or directories
	578	# The INPUT tag can be used to specify the files and/or directories that contain
	579	# documented source files. You may enter file names like "myfile.cpp" or
	580	# directories like "/usr/src/myproject". Separate the files or directories
461	581	# with spaces.
462	582
463	583	INPUT = .
464	584
465		# This tag can be used to specify the character encoding of the source files that
466		# doxygen parses. Internally doxygen uses the UTF-8 encoding, which is also the default
467		# input encoding. Doxygen uses libiconv (or the iconv built into libc) for the transcoding.
468		# See http://www.gnu.org/software/libiconv for the list of possible encodings.
469
470		# INPUT_ENCODING = UTF-8
471
472		# If the value of the INPUT tag contains directories, you can use the
473		# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
474		# and *.h) to filter out the source-files in the directories. If left
475		# blank the following patterns are tested:
476		# .c .cc .cxx .cpp .c++ .java .ii .ixx .ipp .i++ .inl .h .hh .hxx
477		# .hpp .h++ .idl .odl .cs .php .php3 .inc .m .mm *.py
478
479		FILE_PATTERNS =
480
481		# The RECURSIVE tag can be used to turn specify whether or not subdirectories
482		# should be searched for input files as well. Possible values are YES and NO.
	585	# This tag can be used to specify the character encoding of the source files
	586	# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
	587	# also the default input encoding. Doxygen uses libiconv (or the iconv built
	588	# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
	589	# the list of possible encodings.
	590
	591	INPUT_ENCODING = UTF-8
	592
	593	# If the value of the INPUT tag contains directories, you can use the
	594	# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
	595	# and *.h) to filter out the source-files in the directories. If left
	596	# blank the following patterns are tested:
	597	# .c .cc .cxx .cpp .c++ .java .ii .ixx .ipp .i++ .inl .h .hh .hxx
	598	# .hpp .h++ .idl .odl .cs .php .php3 .inc .m .mm .py .f90
	599
	600	FILE_PATTERNS =
	601
	602	# The RECURSIVE tag can be used to turn specify whether or not subdirectories
	603	# should be searched for input files as well. Possible values are YES and NO.
483	604	# If left blank NO is used.
484	605
485	606	RECURSIVE = YES
486	607
487		# The EXCLUDE tag can be used to specify files and/or directories that should
488		# excluded from the INPUT source files. This way you can easily exclude a
	608	# The EXCLUDE tag can be used to specify files and/or directories that should
	609	# excluded from the INPUT source files. This way you can easily exclude a
489	610	# subdirectory from a directory tree whose root is specified with the INPUT tag.
490	611
491	612	EXCLUDE = ./build \

494	615	util/configparser.h \
495	616	util/configlexer.c \
496	617	util/locks.h \
497		pythonmod/unboundmodule.py \
498		pythonmod/interface.h \
499		pythonmod/examples/resgen.py \
500		pythonmod/examples/resmod.py \
501		pythonmod/examples/resip.py \
502		libunbound/python/unbound.py \
503		libunbound/python/libunbound_wrap.c \
504		./ldns-src
505
506		# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
507		# directories that are symbolic links (a Unix filesystem feature) are excluded
	618	pythonmod/unboundmodule.py \
	619	pythonmod/interface.h \
	620	pythonmod/examples/resgen.py \
	621	pythonmod/examples/resmod.py \
	622	pythonmod/examples/resip.py \
	623	libunbound/python/unbound.py \
	624	libunbound/python/libunbound_wrap.c \
	625	./ldns-src
	626
	627	# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
	628	# directories that are symbolic links (a Unix filesystem feature) are excluded
508	629	# from the input.
509	630
510	631	EXCLUDE_SYMLINKS = NO
511	632
512		# If the value of the INPUT tag contains directories, you can use the
513		# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
514		# certain files from those directories. Note that the wildcards are matched
515		# against the file with absolute path, so to exclude all test directories
	633	# If the value of the INPUT tag contains directories, you can use the
	634	# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
	635	# certain files from those directories. Note that the wildcards are matched
	636	# against the file with absolute path, so to exclude all test directories
516	637	# for example use the pattern /test/
517	638
518		EXCLUDE_PATTERNS =
519
520		# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
521		# (namespaces, classes, functions, etc.) that should be excluded from the output.
522		# The symbol name can be a fully qualified name, a word, or if the wildcard * is used,
523		# a substring. Examples: ANamespace, AClass, AClass::ANamespace, ANamespace::*Test
524
525		# EXCLUDE_SYMBOLS =
526
527		# The EXAMPLE_PATH tag can be used to specify one or more files or
528		# directories that contain example code fragments that are included (see
	639	EXCLUDE_PATTERNS =
	640
	641	# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
	642	# (namespaces, classes, functions, etc.) that should be excluded from the
	643	# output. The symbol name can be a fully qualified name, a word, or if the
	644	# wildcard * is used, a substring. Examples: ANamespace, AClass,
	645	# AClass::ANamespace, ANamespace::*Test
	646
	647	EXCLUDE_SYMBOLS =
	648
	649	# The EXAMPLE_PATH tag can be used to specify one or more files or
	650	# directories that contain example code fragments that are included (see
529	651	# the \include command).
530	652
531		EXAMPLE_PATH =
532
533		# If the value of the EXAMPLE_PATH tag contains directories, you can use the
534		# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
535		# and *.h) to filter out the source-files in the directories. If left
	653	EXAMPLE_PATH =
	654
	655	# If the value of the EXAMPLE_PATH tag contains directories, you can use the
	656	# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
	657	# and *.h) to filter out the source-files in the directories. If left
536	658	# blank all files are included.
537	659
538		EXAMPLE_PATTERNS =
539
540		# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
541		# searched for input files to be used with the \include or \dontinclude
542		# commands irrespective of the value of the RECURSIVE tag.
	660	EXAMPLE_PATTERNS =
	661
	662	# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
	663	# searched for input files to be used with the \include or \dontinclude
	664	# commands irrespective of the value of the RECURSIVE tag.
543	665	# Possible values are YES and NO. If left blank NO is used.
544	666
545	667	EXAMPLE_RECURSIVE = NO
546	668
547		# The IMAGE_PATH tag can be used to specify one or more files or
548		# directories that contain image that are included in the documentation (see
	669	# The IMAGE_PATH tag can be used to specify one or more files or
	670	# directories that contain image that are included in the documentation (see
549	671	# the \image command).
550	672
551		IMAGE_PATH =
552
553		# The INPUT_FILTER tag can be used to specify a program that doxygen should
554		# invoke to filter for each input file. Doxygen will invoke the filter program
555		# by executing (via popen()) the command <filter> <input-file>, where <filter>
556		# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
557		# input file. Doxygen will then use the output that the filter program writes
558		# to standard output. If FILTER_PATTERNS is specified, this tag will be
	673	IMAGE_PATH =
	674
	675	# The INPUT_FILTER tag can be used to specify a program that doxygen should
	676	# invoke to filter for each input file. Doxygen will invoke the filter program
	677	# by executing (via popen()) the command <filter> <input-file>, where <filter>
	678	# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
	679	# input file. Doxygen will then use the output that the filter program writes
	680	# to standard output.
	681	# If FILTER_PATTERNS is specified, this tag will be
559	682	# ignored.
560	683
561		INPUT_FILTER =
562
563		# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
564		# basis. Doxygen will compare the file name with each pattern and apply the
565		# filter if there is a match. The filters are a list of the form:
566		# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
567		# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
	684	INPUT_FILTER =
	685
	686	# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
	687	# basis.
	688	# Doxygen will compare the file name with each pattern and apply the
	689	# filter if there is a match.
	690	# The filters are a list of the form:
	691	# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
	692	# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
568	693	# is applied to all files.
569	694
570		FILTER_PATTERNS =
571
572		# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
573		# INPUT_FILTER) will be used to filter the input files when producing source
	695	FILTER_PATTERNS =
	696
	697	# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
	698	# INPUT_FILTER) will be used to filter the input files when producing source
574	699	# files to browse (i.e. when SOURCE_BROWSER is set to YES).
575	700
576	701	FILTER_SOURCE_FILES = NO

579	704	# configuration options related to source browsing
580	705	#---------------------------------------------------------------------------
581	706
582		# If the SOURCE_BROWSER tag is set to YES then a list of source files will
583		# be generated. Documented entities will be cross-referenced with these sources.
584		# Note: To get rid of all source code in the generated output, make sure also
	707	# If the SOURCE_BROWSER tag is set to YES then a list of source files will
	708	# be generated. Documented entities will be cross-referenced with these sources.
	709	# Note: To get rid of all source code in the generated output, make sure also
585	710	# VERBATIM_HEADERS is set to NO.
586	711
587	712	SOURCE_BROWSER = NO
588	713
589		# Setting the INLINE_SOURCES tag to YES will include the body
	714	# Setting the INLINE_SOURCES tag to YES will include the body
590	715	# of functions and classes directly in the documentation.
591	716
592	717	INLINE_SOURCES = NO
593	718
594		# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
595		# doxygen to hide any special comment blocks from generated source code
	719	# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
	720	# doxygen to hide any special comment blocks from generated source code
596	721	# fragments. Normal C and C++ comments will always remain visible.
597	722
598	723	STRIP_CODE_COMMENTS = YES
599	724
600		# If the REFERENCED_BY_RELATION tag is set to YES (the default)
601		# then for each documented function all documented
	725	# If the REFERENCED_BY_RELATION tag is set to YES
	726	# then for each documented function all documented
602	727	# functions referencing it will be listed.
603	728
604	729	REFERENCED_BY_RELATION = YES
605	730
606		# If the REFERENCES_RELATION tag is set to YES (the default)
607		# then for each documented function all documented entities
	731	# If the REFERENCES_RELATION tag is set to YES
	732	# then for each documented function all documented entities
608	733	# called/used by that function will be listed.
609	734
610	735	REFERENCES_RELATION = YES

612	737	# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
613	738	# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
614	739	# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
615		# link to the source code. Otherwise they will link to the documentstion.
616
617		# REFERENCES_LINK_SOURCE = YES
618
619		# If the USE_HTAGS tag is set to YES then the references to source code
620		# will point to the HTML generated by the htags(1) tool instead of doxygen
621		# built-in source browser. The htags tool is part of GNU's global source
622		# tagging system (see http://www.gnu.org/software/global/global.html). You
	740	# link to the source code.
	741	# Otherwise they will link to the documentation.
	742
	743	REFERENCES_LINK_SOURCE = YES
	744
	745	# If the USE_HTAGS tag is set to YES then the references to source code
	746	# will point to the HTML generated by the htags(1) tool instead of doxygen
	747	# built-in source browser. The htags tool is part of GNU's global source
	748	# tagging system (see http://www.gnu.org/software/global/global.html). You
623	749	# will need version 4.8.6 or higher.
624	750
625	751	USE_HTAGS = NO
626	752
627		# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
628		# will generate a verbatim copy of the header file for each class for
	753	# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
	754	# will generate a verbatim copy of the header file for each class for
629	755	# which an include is specified. Set to NO to disable this.
630	756
631	757	VERBATIM_HEADERS = NO

634	760	# configuration options related to the alphabetical class index
635	761	#---------------------------------------------------------------------------
636	762
637		# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
638		# of all compounds will be generated. Enable this if the project
	763	# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
	764	# of all compounds will be generated. Enable this if the project
639	765	# contains a lot of classes, structs, unions or interfaces.
640	766
641	767	ALPHABETICAL_INDEX = YES
642	768
643		# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
644		# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
	769	# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
	770	# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
645	771	# in which this list will be split (can be a number in the range [1..20])
646	772
647	773	COLS_IN_ALPHA_INDEX = 5
648	774
649		# In case all classes in a project start with a common prefix, all
650		# classes will be put under the same header in the alphabetical index.
651		# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
	775	# In case all classes in a project start with a common prefix, all
	776	# classes will be put under the same header in the alphabetical index.
	777	# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
652	778	# should be ignored while generating the index headers.
653	779
654		IGNORE_PREFIX =
	780	IGNORE_PREFIX =
655	781
656	782	#---------------------------------------------------------------------------
657	783	# configuration options related to the HTML output
658	784	#---------------------------------------------------------------------------
659	785
660		# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
	786	# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
661	787	# generate HTML output.
662	788
663	789	GENERATE_HTML = YES
664	790
665		# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
666		# If a relative path is entered the value of OUTPUT_DIRECTORY will be
	791	# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
	792	# If a relative path is entered the value of OUTPUT_DIRECTORY will be
667	793	# put in front of it. If left blank `html' will be used as the default path.
668	794
669	795	HTML_OUTPUT = html
670	796
671		# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
672		# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
	797	# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
	798	# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
673	799	# doxygen will generate files with .html extension.
674	800
675	801	HTML_FILE_EXTENSION = .html
676	802
677		# The HTML_HEADER tag can be used to specify a personal HTML header for
678		# each generated HTML page. If it is left blank doxygen will generate a
	803	# The HTML_HEADER tag can be used to specify a personal HTML header for
	804	# each generated HTML page. If it is left blank doxygen will generate a
679	805	# standard header.
680	806
681		HTML_HEADER =
682
683		# The HTML_FOOTER tag can be used to specify a personal HTML footer for
684		# each generated HTML page. If it is left blank doxygen will generate a
	807	HTML_HEADER =
	808
	809	# The HTML_FOOTER tag can be used to specify a personal HTML footer for
	810	# each generated HTML page. If it is left blank doxygen will generate a
685	811	# standard footer.
686	812
687		HTML_FOOTER =
688
689		# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
690		# style sheet that is used by each HTML page. It can be used to
691		# fine-tune the look of the HTML output. If the tag is left blank doxygen
692		# will generate a default style sheet. Note that doxygen will try to copy
693		# the style sheet file to the HTML output directory, so don't put your own
	813	HTML_FOOTER =
	814
	815	# If the HTML_TIMESTAMP tag is set to YES then the generated HTML
	816	# documentation will contain the timesstamp.
	817
	818	HTML_TIMESTAMP = NO
	819
	820	# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
	821	# style sheet that is used by each HTML page. It can be used to
	822	# fine-tune the look of the HTML output. If the tag is left blank doxygen
	823	# will generate a default style sheet. Note that doxygen will try to copy
	824	# the style sheet file to the HTML output directory, so don't put your own
694	825	# stylesheet in the HTML output directory as well, or it will be erased!
695	826
696		HTML_STYLESHEET =
697
698		# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
699		# files or namespaces will be aligned in HTML using tables. If set to
	827	HTML_STYLESHEET =
	828
	829	# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output.
	830	# Doxygen will adjust the colors in the stylesheet and background images
	831	# according to this color. Hue is specified as an angle on a colorwheel,
	832	# see http://en.wikipedia.org/wiki/Hue for more information.
	833	# For instance the value 0 represents red, 60 is yellow, 120 is green,
	834	# 180 is cyan, 240 is blue, 300 purple, and 360 is red again.
	835	# The allowed range is 0 to 359.
	836
	837	#HTML_COLORSTYLE_HUE = 220
	838
	839	# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of
	840	# the colors in the HTML output. For a value of 0 the output will use
	841	# grayscales only. A value of 255 will produce the most vivid colors.
	842
	843	#HTML_COLORSTYLE_SAT = 100
	844
	845	# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to
	846	# the luminance component of the colors in the HTML output. Values below
	847	# 100 gradually make the output lighter, whereas values above 100 make
	848	# the output darker. The value divided by 100 is the actual gamma applied,
	849	# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2,
	850	# and 100 does not change the gamma.
	851
	852	#HTML_COLORSTYLE_GAMMA = 80
	853
	854	# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
	855	# page will contain the date and time when the page was generated. Setting
	856	# this to NO can help when comparing the output of multiple runs.
	857
	858	HTML_TIMESTAMP = YES
	859
	860	# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
	861	# files or namespaces will be aligned in HTML using tables. If set to
700	862	# NO a bullet list will be used.
701	863
702	864	HTML_ALIGN_MEMBERS = YES
703	865
704		# If the GENERATE_HTMLHELP tag is set to YES, additional index files
705		# will be generated that can be used as input for tools like the
706		# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
	866	# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
	867	# documentation will contain sections that can be hidden and shown after the
	868	# page has loaded. For this to work a browser that supports
	869	# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
	870	# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
	871
	872	HTML_DYNAMIC_SECTIONS = NO
	873
	874	# If the GENERATE_DOCSET tag is set to YES, additional index files
	875	# will be generated that can be used as input for Apple's Xcode 3
	876	# integrated development environment, introduced with OSX 10.5 (Leopard).
	877	# To create a documentation set, doxygen will generate a Makefile in the
	878	# HTML output directory. Running make will produce the docset in that
	879	# directory and running "make install" will install the docset in
	880	# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
	881	# it at startup.
	882	# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html
	883	# for more information.
	884
	885	GENERATE_DOCSET = NO
	886
	887	# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
	888	# feed. A documentation feed provides an umbrella under which multiple
	889	# documentation sets from a single provider (such as a company or product suite)
	890	# can be grouped.
	891
	892	DOCSET_FEEDNAME = "Doxygen generated docs"
	893
	894	# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
	895	# should uniquely identify the documentation set bundle. This should be a
	896	# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
	897	# will append .docset to the name.
	898
	899	DOCSET_BUNDLE_ID = org.doxygen.Project
	900
	901	# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify
	902	# the documentation publisher. This should be a reverse domain-name style
	903	# string, e.g. com.mycompany.MyDocSet.documentation.
	904
	905	#DOCSET_PUBLISHER_ID = org.doxygen.Publisher
	906
	907	# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher.
	908
	909	#DOCSET_PUBLISHER_NAME = Publisher
	910
	911	# If the GENERATE_HTMLHELP tag is set to YES, additional index files
	912	# will be generated that can be used as input for tools like the
	913	# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
707	914	# of the generated HTML documentation.
708	915
709	916	GENERATE_HTMLHELP = NO
710	917
711		# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
712		# be used to specify the file name of the resulting .chm file. You
713		# can add a path in front of the file if the result should not be
	918	# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
	919	# be used to specify the file name of the resulting .chm file. You
	920	# can add a path in front of the file if the result should not be
714	921	# written to the html output directory.
715	922
716		CHM_FILE =
717
718		# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
719		# be used to specify the location (absolute path including file name) of
720		# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
	923	CHM_FILE =
	924
	925	# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
	926	# be used to specify the location (absolute path including file name) of
	927	# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
721	928	# the HTML help compiler on the generated index.hhp.
722	929
723		HHC_LOCATION =
724
725		# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
726		# controls if a separate .chi index file is generated (YES) or that
	930	HHC_LOCATION =
	931
	932	# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
	933	# controls if a separate .chi index file is generated (YES) or that
727	934	# it should be included in the master .chm file (NO).
728	935
729	936	GENERATE_CHI = NO
730	937
731		# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
732		# controls whether a binary table of contents is generated (YES) or a
	938	# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
	939	# is used to encode HtmlHelp index (hhk), content (hhc) and project file
	940	# content.
	941
	942	CHM_INDEX_ENCODING =
	943
	944	# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
	945	# controls whether a binary table of contents is generated (YES) or a
733	946	# normal table of contents (NO) in the .chm file.
734	947
735	948	BINARY_TOC = NO
736	949
737		# The TOC_EXPAND flag can be set to YES to add extra items for group members
	950	# The TOC_EXPAND flag can be set to YES to add extra items for group members
738	951	# to the contents of the HTML help documentation and to the tree view.
739	952
740	953	TOC_EXPAND = NO
741	954
742		# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
743		# top of each HTML page. The value NO (the default) enables the index and
	955	# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
	956	# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated
	957	# that can be used as input for Qt's qhelpgenerator to generate a
	958	# Qt Compressed Help (.qch) of the generated HTML documentation.
	959
	960	GENERATE_QHP = NO
	961
	962	# If the QHG_LOCATION tag is specified, the QCH_FILE tag can
	963	# be used to specify the file name of the resulting .qch file.
	964	# The path specified is relative to the HTML output folder.
	965
	966	QCH_FILE =
	967
	968	# The QHP_NAMESPACE tag specifies the namespace to use when generating
	969	# Qt Help Project output. For more information please see
	970	# http://doc.trolltech.com/qthelpproject.html#namespace
	971
	972	QHP_NAMESPACE = org.doxygen.Project
	973
	974	# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating
	975	# Qt Help Project output. For more information please see
	976	# http://doc.trolltech.com/qthelpproject.html#virtual-folders
	977
	978	QHP_VIRTUAL_FOLDER = doc
	979
	980	# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to
	981	# add. For more information please see
	982	# http://doc.trolltech.com/qthelpproject.html#custom-filters
	983
	984	QHP_CUST_FILTER_NAME =
	985
	986	# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the
	987	# custom filter to add. For more information please see
	988	# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters">
	989	# Qt Help Project / Custom Filters</a>.
	990
	991	QHP_CUST_FILTER_ATTRS =
	992
	993	# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
	994	# project's
	995	# filter section matches.
	996	# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes">
	997	# Qt Help Project / Filter Attributes</a>.
	998
	999	QHP_SECT_FILTER_ATTRS =
	1000
	1001	# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can
	1002	# be used to specify the location of Qt's qhelpgenerator.
	1003	# If non-empty doxygen will try to run qhelpgenerator on the generated
	1004	# .qhp file.
	1005
	1006	QHG_LOCATION =
	1007
	1008	# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files
	1009	# will be generated, which together with the HTML files, form an Eclipse help
	1010	# plugin. To install this plugin and make it available under the help contents
	1011	# menu in Eclipse, the contents of the directory containing the HTML and XML
	1012	# files needs to be copied into the plugins directory of eclipse. The name of
	1013	# the directory within the plugins directory should be the same as
	1014	# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before
	1015	# the help appears.
	1016
	1017	GENERATE_ECLIPSEHELP = NO
	1018
	1019	# A unique identifier for the eclipse help plugin. When installing the plugin
	1020	# the directory name containing the HTML and XML files should also have
	1021	# this name.
	1022
	1023	ECLIPSE_DOC_ID = org.doxygen.Project
	1024
	1025	# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
	1026	# top of each HTML page. The value NO (the default) enables the index and
744	1027	# the value YES disables it.
745	1028
746	1029	DISABLE_INDEX = NO
747	1030
748		# This tag can be used to set the number of enum values (range [1..20])
	1031	# This tag can be used to set the number of enum values (range [1..20])
749	1032	# that doxygen will group on one line in the generated HTML documentation.
750	1033
751	1034	ENUM_VALUES_PER_LINE = 4
752	1035
753		# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
754		# generated containing a tree-like index structure (just like the one that
755		# is generated for HTML Help). For this to work a browser that supports
756		# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+,
757		# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
758		# probably better off using the HTML help feature.
	1036	# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
	1037	# structure should be generated to display hierarchical information.
	1038	# If the tag value is set to YES, a side panel will be generated
	1039	# containing a tree-like index structure (just like the one that
	1040	# is generated for HTML Help). For this to work a browser that supports
	1041	# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser).
	1042	# Windows users are probably better off using the HTML help feature.
759	1043
760	1044	GENERATE_TREEVIEW = NO
761	1045
762		# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
763		# used to set the initial width (in pixels) of the frame in which the tree
	1046	# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories,
	1047	# and Class Hierarchy pages using a tree view instead of an ordered list.
	1048
	1049	USE_INLINE_TREES = NO
	1050
	1051	# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
	1052	# used to set the initial width (in pixels) of the frame in which the tree
764	1053	# is shown.
765	1054
766	1055	TREEVIEW_WIDTH = 250
767	1056
	1057	# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open
	1058	# links to external symbols imported via tag files in a separate window.
	1059
	1060	#EXT_LINKS_IN_WINDOW = NO
	1061
	1062	# Use this tag to change the font size of Latex formulas included
	1063	# as images in the HTML documentation. The default is 10. Note that
	1064	# when you change the font size after a successful doxygen run you need
	1065	# to manually remove any form_*.png images from the HTML output directory
	1066	# to force them to be regenerated.
	1067
	1068	FORMULA_FONTSIZE = 10
	1069
	1070	# Use the FORMULA_TRANPARENT tag to determine whether or not the images
	1071	# generated for formulas are transparent PNGs. Transparent PNGs are
	1072	# not supported properly for IE 6.0, but are supported on all modern browsers.
	1073	# Note that when changing this option you need to delete any form_*.png files
	1074	# in the HTML output before the changes have effect.
	1075
	1076	#FORMULA_TRANSPARENT = YES
	1077
	1078	# When the SEARCHENGINE tag is enabled doxygen will generate a search box
	1079	# for the HTML output. The underlying search engine uses javascript
	1080	# and DHTML and should work on any modern browser. Note that when using
	1081	# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets
	1082	# (GENERATE_DOCSET) there is already a search function so this one should
	1083	# typically be disabled. For large projects the javascript based search engine
	1084	# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution.
	1085
	1086	SEARCHENGINE = NO
	1087
	1088	# When the SERVER_BASED_SEARCH tag is enabled the search engine will be
	1089	# implemented using a PHP enabled web server instead of at the web client
	1090	# using Javascript. Doxygen will generate the search PHP script and index
	1091	# file to put on the web server. The advantage of the server
	1092	# based approach is that it scales better to large projects and allows
	1093	# full text search. The disadvances is that it is more difficult to setup
	1094	# and does not have live searching capabilities.
	1095
	1096	SERVER_BASED_SEARCH = NO
	1097
768	1098	#---------------------------------------------------------------------------
769	1099	# configuration options related to the LaTeX output
770	1100	#---------------------------------------------------------------------------
771	1101
772		# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
	1102	# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
773	1103	# generate Latex output.
774	1104
775	1105	GENERATE_LATEX = NO
776	1106
777		# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
778		# If a relative path is entered the value of OUTPUT_DIRECTORY will be
	1107	# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
	1108	# If a relative path is entered the value of OUTPUT_DIRECTORY will be
779	1109	# put in front of it. If left blank `latex' will be used as the default path.
780	1110
781	1111	LATEX_OUTPUT = latex
782	1112
783		# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
	1113	# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
784	1114	# invoked. If left blank `latex' will be used as the default command name.
	1115	# Note that when enabling USE_PDFLATEX this option is only used for
	1116	# generating bitmaps for formulas in the HTML output, but not in the
	1117	# Makefile that is written to the output directory.
785	1118
786	1119	LATEX_CMD_NAME = latex
787	1120
788		# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
789		# generate index for LaTeX. If left blank `makeindex' will be used as the
	1121	# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
	1122	# generate index for LaTeX. If left blank `makeindex' will be used as the
790	1123	# default command name.
791	1124
792	1125	MAKEINDEX_CMD_NAME = makeindex
793	1126
794		# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
795		# LaTeX documents. This may be useful for small projects and may help to
	1127	# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
	1128	# LaTeX documents. This may be useful for small projects and may help to
796	1129	# save some trees in general.
797	1130
798	1131	COMPACT_LATEX = NO
799	1132
800		# The PAPER_TYPE tag can be used to set the paper type that is used
801		# by the printer. Possible values are: a4, a4wide, letter, legal and
	1133	# The PAPER_TYPE tag can be used to set the paper type that is used
	1134	# by the printer. Possible values are: a4, a4wide, letter, legal and
802	1135	# executive. If left blank a4wide will be used.
803	1136
804	1137	PAPER_TYPE = a4wide
805	1138
806		# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
	1139	# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
807	1140	# packages that should be included in the LaTeX output.
808	1141
809		EXTRA_PACKAGES =
810
811		# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
812		# the generated latex document. The header should contain everything until
813		# the first chapter. If it is left blank doxygen will generate a
	1142	EXTRA_PACKAGES =
	1143
	1144	# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
	1145	# the generated latex document. The header should contain everything until
	1146	# the first chapter. If it is left blank doxygen will generate a
814	1147	# standard header. Notice: only use this tag if you know what you are doing!
815	1148
816		LATEX_HEADER =
817
818		# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
819		# is prepared for conversion to pdf (using ps2pdf). The pdf file will
820		# contain links (just like the HTML output) instead of page references
	1149	LATEX_HEADER =
	1150
	1151	# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
	1152	# is prepared for conversion to pdf (using ps2pdf). The pdf file will
	1153	# contain links (just like the HTML output) instead of page references
821	1154	# This makes the output suitable for online browsing using a pdf viewer.
822	1155
823	1156	PDF_HYPERLINKS = NO
824	1157
825		# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
826		# plain latex in the generated Makefile. Set this option to YES to get a
	1158	# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
	1159	# plain latex in the generated Makefile. Set this option to YES to get a
827	1160	# higher quality PDF documentation.
828	1161
829	1162	USE_PDFLATEX = NO
830	1163
831		# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
832		# command to the generated LaTeX files. This will instruct LaTeX to keep
833		# running if errors occur, instead of asking the user for help.
	1164	# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
	1165	# command to the generated LaTeX files. This will instruct LaTeX to keep
	1166	# running if errors occur, instead of asking the user for help.
834	1167	# This option is also used when generating formulas in HTML.
835	1168
836	1169	LATEX_BATCHMODE = NO
837	1170
838		# If LATEX_HIDE_INDICES is set to YES then doxygen will not
839		# include the index chapters (such as File Index, Compound Index, etc.)
	1171	# If LATEX_HIDE_INDICES is set to YES then doxygen will not
	1172	# include the index chapters (such as File Index, Compound Index, etc.)
840	1173	# in the output.
841	1174
842	1175	LATEX_HIDE_INDICES = NO
843	1176
	1177	# If LATEX_SOURCE_CODE is set to YES then doxygen will include
	1178	# source code with syntax highlighting in the LaTeX output.
	1179	# Note that which sources are shown also depends on other settings
	1180	# such as SOURCE_BROWSER.
	1181
	1182	LATEX_SOURCE_CODE = NO
	1183
844	1184	#---------------------------------------------------------------------------
845	1185	# configuration options related to the RTF output
846	1186	#---------------------------------------------------------------------------
847	1187
848		# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
849		# The RTF output is optimized for Word 97 and may not look very pretty with
	1188	# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
	1189	# The RTF output is optimized for Word 97 and may not look very pretty with
850	1190	# other RTF readers or editors.
851	1191
852	1192	GENERATE_RTF = NO
853	1193
854		# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
855		# If a relative path is entered the value of OUTPUT_DIRECTORY will be
	1194	# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
	1195	# If a relative path is entered the value of OUTPUT_DIRECTORY will be
856	1196	# put in front of it. If left blank `rtf' will be used as the default path.
857	1197
858	1198	RTF_OUTPUT = rtf
859	1199
860		# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
861		# RTF documents. This may be useful for small projects and may help to
	1200	# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
	1201	# RTF documents. This may be useful for small projects and may help to
862	1202	# save some trees in general.
863	1203
864	1204	COMPACT_RTF = NO
865	1205
866		# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
867		# will contain hyperlink fields. The RTF file will
868		# contain links (just like the HTML output) instead of page references.
869		# This makes the output suitable for online browsing using WORD or other
870		# programs which support those fields.
	1206	# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
	1207	# will contain hyperlink fields. The RTF file will
	1208	# contain links (just like the HTML output) instead of page references.
	1209	# This makes the output suitable for online browsing using WORD or other
	1210	# programs which support those fields.
871	1211	# Note: wordpad (write) and others do not support links.
872	1212
873	1213	RTF_HYPERLINKS = NO
874	1214
875		# Load stylesheet definitions from file. Syntax is similar to doxygen's
876		# config file, i.e. a series of assignments. You only have to provide
	1215	# Load stylesheet definitions from file. Syntax is similar to doxygen's
	1216	# config file, i.e. a series of assignments. You only have to provide
877	1217	# replacements, missing definitions are set to their default value.
878	1218
879		RTF_STYLESHEET_FILE =
880
881		# Set optional variables used in the generation of an rtf document.
	1219	RTF_STYLESHEET_FILE =
	1220
	1221	# Set optional variables used in the generation of an rtf document.
882	1222	# Syntax is similar to doxygen's config file.
883	1223
884		RTF_EXTENSIONS_FILE =
	1224	RTF_EXTENSIONS_FILE =
885	1225
886	1226	#---------------------------------------------------------------------------
887	1227	# configuration options related to the man page output
888	1228	#---------------------------------------------------------------------------
889	1229
890		# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
	1230	# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
891	1231	# generate man pages
892	1232
893	1233	GENERATE_MAN = NO
894	1234
895		# The MAN_OUTPUT tag is used to specify where the man pages will be put.
896		# If a relative path is entered the value of OUTPUT_DIRECTORY will be
	1235	# The MAN_OUTPUT tag is used to specify where the man pages will be put.
	1236	# If a relative path is entered the value of OUTPUT_DIRECTORY will be
897	1237	# put in front of it. If left blank `man' will be used as the default path.
898	1238
899	1239	MAN_OUTPUT = man
900	1240
901		# The MAN_EXTENSION tag determines the extension that is added to
	1241	# The MAN_EXTENSION tag determines the extension that is added to
902	1242	# the generated man pages (default is the subroutine's section .3)
903	1243
904	1244	MAN_EXTENSION = .3
905	1245
906		# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
907		# then it will generate one additional man file for each entity
908		# documented in the real man page(s). These additional files
909		# only source the real man page, but without them the man command
	1246	# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
	1247	# then it will generate one additional man file for each entity
	1248	# documented in the real man page(s). These additional files
	1249	# only source the real man page, but without them the man command
910	1250	# would be unable to find the correct page. The default is NO.
911	1251
912	1252	MAN_LINKS = NO

915	1255	# configuration options related to the XML output
916	1256	#---------------------------------------------------------------------------
917	1257
918		# If the GENERATE_XML tag is set to YES Doxygen will
919		# generate an XML file that captures the structure of
	1258	# If the GENERATE_XML tag is set to YES Doxygen will
	1259	# generate an XML file that captures the structure of
920	1260	# the code including all documentation.
921	1261
922	1262	GENERATE_XML = YES
923	1263
924		# The XML_OUTPUT tag is used to specify where the XML pages will be put.
925		# If a relative path is entered the value of OUTPUT_DIRECTORY will be
	1264	# The XML_OUTPUT tag is used to specify where the XML pages will be put.
	1265	# If a relative path is entered the value of OUTPUT_DIRECTORY will be
926	1266	# put in front of it. If left blank `xml' will be used as the default path.
927	1267
928	1268	XML_OUTPUT = xml
929	1269
930		# The XML_SCHEMA tag can be used to specify an XML schema,
931		# which can be used by a validating XML parser to check the
	1270	# The XML_SCHEMA tag can be used to specify an XML schema,
	1271	# which can be used by a validating XML parser to check the
932	1272	# syntax of the XML files.
933	1273
934		XML_SCHEMA =
935
936		# The XML_DTD tag can be used to specify an XML DTD,
937		# which can be used by a validating XML parser to check the
	1274	XML_SCHEMA =
	1275
	1276	# The XML_DTD tag can be used to specify an XML DTD,
	1277	# which can be used by a validating XML parser to check the
938	1278	# syntax of the XML files.
939	1279
940		XML_DTD =
941
942		# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
943		# dump the program listings (including syntax highlighting
944		# and cross-referencing information) to the XML output. Note that
	1280	XML_DTD =
	1281
	1282	# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
	1283	# dump the program listings (including syntax highlighting
	1284	# and cross-referencing information) to the XML output. Note that
945	1285	# enabling this will significantly increase the size of the XML output.
946	1286
947	1287	XML_PROGRAMLISTING = YES

950	1290	# configuration options for the AutoGen Definitions output
951	1291	#---------------------------------------------------------------------------
952	1292
953		# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
954		# generate an AutoGen Definitions (see autogen.sf.net) file
955		# that captures the structure of the code including all
956		# documentation. Note that this feature is still experimental
	1293	# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
	1294	# generate an AutoGen Definitions (see autogen.sf.net) file
	1295	# that captures the structure of the code including all
	1296	# documentation. Note that this feature is still experimental
957	1297	# and incomplete at the moment.
958	1298
959	1299	GENERATE_AUTOGEN_DEF = NO

962	1302	# configuration options related to the Perl module output
963	1303	#---------------------------------------------------------------------------
964	1304
965		# If the GENERATE_PERLMOD tag is set to YES Doxygen will
966		# generate a Perl module file that captures the structure of
967		# the code including all documentation. Note that this
968		# feature is still experimental and incomplete at the
	1305	# If the GENERATE_PERLMOD tag is set to YES Doxygen will
	1306	# generate a Perl module file that captures the structure of
	1307	# the code including all documentation. Note that this
	1308	# feature is still experimental and incomplete at the
969	1309	# moment.
970	1310
971	1311	GENERATE_PERLMOD = NO
972	1312
973		# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
974		# the necessary Makefile rules, Perl scripts and LaTeX code to be able
	1313	# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
	1314	# the necessary Makefile rules, Perl scripts and LaTeX code to be able
975	1315	# to generate PDF and DVI output from the Perl module output.
976	1316
977	1317	PERLMOD_LATEX = NO
978	1318
979		# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
980		# nicely formatted so it can be parsed by a human reader. This is useful
981		# if you want to understand what is going on. On the other hand, if this
982		# tag is set to NO the size of the Perl module output will be much smaller
	1319	# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
	1320	# nicely formatted so it can be parsed by a human reader.
	1321	# This is useful
	1322	# if you want to understand what is going on.
	1323	# On the other hand, if this
	1324	# tag is set to NO the size of the Perl module output will be much smaller
983	1325	# and Perl will parse it just the same.
984	1326
985	1327	PERLMOD_PRETTY = YES
986	1328
987		# The names of the make variables in the generated doxyrules.make file
988		# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
989		# This is useful so different doxyrules.make files included by the same
	1329	# The names of the make variables in the generated doxyrules.make file
	1330	# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
	1331	# This is useful so different doxyrules.make files included by the same
990	1332	# Makefile don't overwrite each other's variables.
991	1333
992		PERLMOD_MAKEVAR_PREFIX =
993
994		#---------------------------------------------------------------------------
995		# Configuration options related to the preprocessor
996		#---------------------------------------------------------------------------
997
998		# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
999		# evaluate all C-preprocessor directives found in the sources and include
	1334	PERLMOD_MAKEVAR_PREFIX =
	1335
	1336	#---------------------------------------------------------------------------
	1337	# Configuration options related to the preprocessor
	1338	#---------------------------------------------------------------------------
	1339
	1340	# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
	1341	# evaluate all C-preprocessor directives found in the sources and include
1000	1342	# files.
1001	1343
1002	1344	ENABLE_PREPROCESSING = YES
1003	1345
1004		# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
1005		# names in the source code. If set to NO (the default) only conditional
1006		# compilation will be performed. Macro expansion can be done in a controlled
	1346	# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
	1347	# names in the source code. If set to NO (the default) only conditional
	1348	# compilation will be performed. Macro expansion can be done in a controlled
1007	1349	# way by setting EXPAND_ONLY_PREDEF to YES.
1008	1350
1009	1351	MACRO_EXPANSION = YES
1010	1352
1011		# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
1012		# then the macro expansion is limited to the macros specified with the
	1353	# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
	1354	# then the macro expansion is limited to the macros specified with the
1013	1355	# PREDEFINED and EXPAND_AS_DEFINED tags.
1014	1356
1015	1357	EXPAND_ONLY_PREDEF = YES
1016	1358
1017		# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
	1359	# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
1018	1360	# in the INCLUDE_PATH (see below) will be search if a #include is found.
1019	1361
1020	1362	SEARCH_INCLUDES = YES
1021	1363
1022		# The INCLUDE_PATH tag can be used to specify one or more directories that
1023		# contain include files that are not input files but should be processed by
	1364	# The INCLUDE_PATH tag can be used to specify one or more directories that
	1365	# contain include files that are not input files but should be processed by
1024	1366	# the preprocessor.
1025	1367
1026		INCLUDE_PATH =
1027
1028		# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
1029		# patterns (like .h and .hpp) to filter out the header-files in the
1030		# directories. If left blank, the patterns specified with FILE_PATTERNS will
	1368	INCLUDE_PATH =
	1369
	1370	# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
	1371	# patterns (like .h and .hpp) to filter out the header-files in the
	1372	# directories. If left blank, the patterns specified with FILE_PATTERNS will
1031	1373	# be used.
1032	1374
1033	1375	INCLUDE_FILE_PATTERNS = *.h
1034	1376
1035		# The PREDEFINED tag can be used to specify one or more macro names that
1036		# are defined before the preprocessor is started (similar to the -D option of
1037		# gcc). The argument of the tag is a list of macros of the form: name
1038		# or name=definition (no spaces). If the definition and the = are
1039		# omitted =1 is assumed. To prevent a macro definition from being
1040		# undefined via #undef or recursively expanded use the := operator
	1377	# The PREDEFINED tag can be used to specify one or more macro names that
	1378	# are defined before the preprocessor is started (similar to the -D option of
	1379	# gcc). The argument of the tag is a list of macros of the form: name
	1380	# or name=definition (no spaces). If the definition and the = are
	1381	# omitted =1 is assumed. To prevent a macro definition from being
	1382	# undefined via #undef or recursively expanded use the := operator
1041	1383	# instead of the = operator.
1042	1384
1043	1385	PREDEFINED = DOXYGEN
1044	1386
1045		# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
1046		# this tag can be used to specify a list of macro names that should be expanded.
1047		# The macro definition that is found in the sources will be used.
	1387	# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
	1388	# this tag can be used to specify a list of macro names that should be expanded.
	1389	# The macro definition that is found in the sources will be used.
1048	1390	# Use the PREDEFINED tag if you want to use a different macro definition.
1049	1391
1050	1392	EXPAND_AS_DEFINED = ATTR_UNUSED
1051	1393
1052		# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
1053		# doxygen's preprocessor will remove all function-like macros that are alone
1054		# on a line, have an all uppercase name, and do not end with a semicolon. Such
1055		# function macros are typically used for boiler-plate code, and will confuse
	1394	# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
	1395	# doxygen's preprocessor will remove all function-like macros that are alone
	1396	# on a line, have an all uppercase name, and do not end with a semicolon. Such
	1397	# function macros are typically used for boiler-plate code, and will confuse
1056	1398	# the parser if not removed.
1057	1399
1058	1400	SKIP_FUNCTION_MACROS = YES
1059	1401
1060	1402	#---------------------------------------------------------------------------
1061		# Configuration::additions related to external references
1062		#---------------------------------------------------------------------------
1063
1064		# The TAGFILES option can be used to specify one or more tagfiles.
1065		# Optionally an initial location of the external documentation
1066		# can be added for each tagfile. The format of a tag file without
1067		# this location is as follows:
1068		# TAGFILES = file1 file2 ...
1069		# Adding location for the tag files is done as follows:
1070		# TAGFILES = file1=loc1 "file2 = loc2" ...
1071		# where "loc1" and "loc2" can be relative or absolute paths or
1072		# URLs. If a location is present for each tag, the installdox tool
	1403	# Configuration::additions related to external references
	1404	#---------------------------------------------------------------------------
	1405
	1406	# The TAGFILES option can be used to specify one or more tagfiles.
	1407	# Optionally an initial location of the external documentation
	1408	# can be added for each tagfile. The format of a tag file without
	1409	# this location is as follows:
	1410	#
	1411	# TAGFILES = file1 file2 ...
	1412	# Adding location for the tag files is done as follows:
	1413	#
	1414	# TAGFILES = file1=loc1 "file2 = loc2" ...
	1415	# where "loc1" and "loc2" can be relative or absolute paths or
	1416	# URLs. If a location is present for each tag, the installdox tool
1073	1417	# does not have to be run to correct the links.
1074	1418	# Note that each tag file must have a unique name
1075	1419	# (where the name does NOT include the path)
1076		# If a tag file is not located in the directory in which doxygen
	1420	# If a tag file is not located in the directory in which doxygen
1077	1421	# is run, you must also specify the path to the tagfile here.
1078	1422
1079		TAGFILES =
1080
1081		# When a file name is specified after GENERATE_TAGFILE, doxygen will create
	1423	TAGFILES =
	1424
	1425	# When a file name is specified after GENERATE_TAGFILE, doxygen will create
1082	1426	# a tag file that is based on the input files it reads.
1083	1427
1084		GENERATE_TAGFILE =
1085
1086		# If the ALLEXTERNALS tag is set to YES all external classes will be listed
1087		# in the class index. If set to NO only the inherited external classes
	1428	GENERATE_TAGFILE =
	1429
	1430	# If the ALLEXTERNALS tag is set to YES all external classes will be listed
	1431	# in the class index. If set to NO only the inherited external classes
1088	1432	# will be listed.
1089	1433
1090	1434	ALLEXTERNALS = NO
1091	1435
1092		# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
1093		# in the modules index. If set to NO, only the current project's groups will
	1436	# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
	1437	# in the modules index. If set to NO, only the current project's groups will
1094	1438	# be listed.
1095	1439
1096	1440	EXTERNAL_GROUPS = YES
1097	1441
1098		# The PERL_PATH should be the absolute path and name of the perl script
	1442	# The PERL_PATH should be the absolute path and name of the perl script
1099	1443	# interpreter (i.e. the result of `which perl').
1100	1444
1101	1445	PERL_PATH = /usr/bin/perl
1102	1446
1103	1447	#---------------------------------------------------------------------------
1104		# Configuration options related to the dot tool
1105		#---------------------------------------------------------------------------
1106
1107		# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
1108		# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
1109		# or super classes. Setting the tag to NO turns the diagrams off. Note that
1110		# this option is superseded by the HAVE_DOT option below. This is only a
1111		# fallback. It is recommended to install and use dot, since it yields more
	1448	# Configuration options related to the dot tool
	1449	#---------------------------------------------------------------------------
	1450
	1451	# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
	1452	# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
	1453	# or super classes. Setting the tag to NO turns the diagrams off. Note that
	1454	# this option is superseded by the HAVE_DOT option below. This is only a
	1455	# fallback. It is recommended to install and use dot, since it yields more
1112	1456	# powerful graphs.
1113	1457
1114	1458	CLASS_DIAGRAMS = YES
1115	1459
1116		# You can define message sequence charts within doxygen comments using the \msc
1117		# command. Doxygen will then run the mscgen tool (see http://www.mcternan.me.uk/mscgen/) to
1118		# produce the chart and insert it in the documentation. The MSCGEN_PATH tag allows you to
1119		# specify the directory where the mscgen tool resides. If left empty the tool is assumed to
1120		# be found in the default search path.
1121
1122		# MSCGEN_PATH =
1123
1124		# If set to YES, the inheritance and collaboration graphs will hide
1125		# inheritance and usage relations if the target is undocumented
	1460	# You can define message sequence charts within doxygen comments using the \msc
	1461	# command. Doxygen will then run the mscgen tool (see
	1462	# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
	1463	# documentation. The MSCGEN_PATH tag allows you to specify the directory where
	1464	# the mscgen tool resides. If left empty the tool is assumed to be found in the
	1465	# default search path.
	1466
	1467	MSCGEN_PATH =
	1468
	1469	# If set to YES, the inheritance and collaboration graphs will hide
	1470	# inheritance and usage relations if the target is undocumented
1126	1471	# or is not a class.
1127	1472
1128	1473	HIDE_UNDOC_RELATIONS = YES
1129	1474
1130		# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
1131		# available from the path. This tool is part of Graphviz, a graph visualization
1132		# toolkit from AT&T and Lucent Bell Labs. The other options in this section
	1475	# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
	1476	# available from the path. This tool is part of Graphviz, a graph visualization
	1477	# toolkit from AT&T and Lucent Bell Labs. The other options in this section
1133	1478	# have no effect if this option is set to NO (the default)
1134	1479
1135	1480	HAVE_DOT = NO
1136	1481
1137		# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
1138		# will generate a graph for each documented class showing the direct and
1139		# indirect inheritance relations. Setting this tag to YES will force the
	1482	# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is
	1483	# allowed to run in parallel. When set to 0 (the default) doxygen will
	1484	# base this on the number of processors available in the system. You can set it
	1485	# explicitly to a value larger than 0 to get control over the balance
	1486	# between CPU load and processing speed.
	1487
	1488	#DOT_NUM_THREADS = 0
	1489
	1490	# By default doxygen will write a font called FreeSans.ttf to the output
	1491	# directory and reference it in all dot files that doxygen generates. This
	1492	# font does not include all possible unicode characters however, so when you need
	1493	# these (or just want a differently looking font) you can specify the font name
	1494	# using DOT_FONTNAME. You need need to make sure dot is able to find the font,
	1495	# which can be done by putting it in a standard location or by setting the
	1496	# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory
	1497	# containing the font.
	1498
	1499	DOT_FONTNAME = FreeSans.ttf
	1500
	1501	# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs.
	1502	# The default size is 10pt.
	1503
	1504	DOT_FONTSIZE = 10
	1505
	1506	# By default doxygen will tell dot to use the output directory to look for the
	1507	# FreeSans.ttf font (which doxygen will put there itself). If you specify a
	1508	# different font using DOT_FONTNAME you can set the path where dot
	1509	# can find it using this tag.
	1510
	1511	DOT_FONTPATH =
	1512
	1513	# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
	1514	# will generate a graph for each documented class showing the direct and
	1515	# indirect inheritance relations. Setting this tag to YES will force the
1140	1516	# the CLASS_DIAGRAMS tag to NO.
1141	1517
1142	1518	CLASS_GRAPH = YES
1143	1519
1144		# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
1145		# will generate a graph for each documented class showing the direct and
1146		# indirect implementation dependencies (inheritance, containment, and
	1520	# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
	1521	# will generate a graph for each documented class showing the direct and
	1522	# indirect implementation dependencies (inheritance, containment, and
1147	1523	# class references variables) of the class with other documented classes.
1148	1524
1149	1525	COLLABORATION_GRAPH = YES
1150	1526
1151		# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
	1527	# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
1152	1528	# will generate a graph for groups, showing the direct groups dependencies
1153	1529
1154	1530	GROUP_GRAPHS = YES
1155	1531
1156		# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
1157		# collaboration diagrams in a style similar to the OMG's Unified Modeling
	1532	# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
	1533	# collaboration diagrams in a style similar to the OMG's Unified Modeling
1158	1534	# Language.
1159	1535
1160	1536	UML_LOOK = NO
1161	1537
1162		# If set to YES, the inheritance and collaboration graphs will show the
	1538	# If set to YES, the inheritance and collaboration graphs will show the
1163	1539	# relations between templates and their instances.
1164	1540
1165	1541	TEMPLATE_RELATIONS = NO
1166	1542
1167		# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
1168		# tags are set to YES then doxygen will generate a graph for each documented
1169		# file showing the direct and indirect include dependencies of the file with
	1543	# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
	1544	# tags are set to YES then doxygen will generate a graph for each documented
	1545	# file showing the direct and indirect include dependencies of the file with
1170	1546	# other documented files.
1171	1547
1172	1548	INCLUDE_GRAPH = YES
1173	1549
1174		# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
1175		# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
1176		# documented header file showing the documented files that directly or
	1550	# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
	1551	# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
	1552	# documented header file showing the documented files that directly or
1177	1553	# indirectly include this file.
1178	1554
1179	1555	INCLUDED_BY_GRAPH = YES
1180	1556
1181		# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will
1182		# generate a call dependency graph for every global function or class method.
1183		# Note that enabling this option will significantly increase the time of a run.
1184		# So in most cases it will be better to enable call graphs for selected
1185		# functions only using the \callgraph command.
	1557	# If the CALL_GRAPH and HAVE_DOT options are set to YES then
	1558	# doxygen will generate a call dependency graph for every global function
	1559	# or class method. Note that enabling this option will significantly increase
	1560	# the time of a run. So in most cases it will be better to enable call graphs
	1561	# for selected functions only using the \callgraph command.
1186	1562
1187	1563	CALL_GRAPH = NO
1188	1564
1189		# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then doxygen will
1190		# generate a caller dependency graph for every global function or class method.
1191		# Note that enabling this option will significantly increase the time of a run.
1192		# So in most cases it will be better to enable caller graphs for selected
1193		# functions only using the \callergraph command.
1194
1195		# CALLER_GRAPH = NO
1196
1197		# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
	1565	# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
	1566	# doxygen will generate a caller dependency graph for every global function
	1567	# or class method. Note that enabling this option will significantly increase
	1568	# the time of a run. So in most cases it will be better to enable caller
	1569	# graphs for selected functions only using the \callergraph command.
	1570
	1571	CALLER_GRAPH = NO
	1572
	1573	# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
1198	1574	# will graphical hierarchy of all classes instead of a textual one.
1199	1575
1200	1576	GRAPHICAL_HIERARCHY = YES
1201	1577
1202		# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
1203		# then doxygen will show the dependencies a directory has on other directories
	1578	# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
	1579	# then doxygen will show the dependencies a directory has on other directories
1204	1580	# in a graphical way. The dependency relations are determined by the #include
1205	1581	# relations between the files in the directories.
1206	1582
1207	1583	DIRECTORY_GRAPH = YES
1208	1584
1209		# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
	1585	# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
1210	1586	# generated by dot. Possible values are png, jpg, or gif
1211	1587	# If left blank png will be used.
1212	1588
1213	1589	DOT_IMAGE_FORMAT = png
1214	1590
1215		# The tag DOT_PATH can be used to specify the path where the dot tool can be
	1591	# The tag DOT_PATH can be used to specify the path where the dot tool can be
1216	1592	# found. If left blank, it is assumed the dot tool can be found in the path.
1217	1593
1218		DOT_PATH =
1219
1220		# The DOTFILE_DIRS tag can be used to specify one or more directories that
1221		# contain dot files that are included in the documentation (see the
	1594	DOT_PATH =
	1595
	1596	# The DOTFILE_DIRS tag can be used to specify one or more directories that
	1597	# contain dot files that are included in the documentation (see the
1222	1598	# \dotfile command).
1223	1599
1224		DOTFILE_DIRS =
1225
1226		# The MAX_DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
1227		# nodes that will be shown in the graph. If the number of nodes in a graph
1228		# becomes larger than this value, doxygen will truncate the graph, which is
1229		# visualized by representing a node as a red box. Note that doxygen will always
1230		# show the root nodes and its direct children regardless of this setting.
1231
1232		# DOT_GRAPH_MAX_NODES = 50
1233
1234		# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
1235		# background. This is disabled by default, which results in a white background.
1236		# Warning: Depending on the platform used, enabling this option may lead to
1237		# badly anti-aliased labels on the edges of a graph (i.e. they become hard to
1238		# read).
	1600	DOTFILE_DIRS =
	1601
	1602	# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
	1603	# nodes that will be shown in the graph. If the number of nodes in a graph
	1604	# becomes larger than this value, doxygen will truncate the graph, which is
	1605	# visualized by representing a node as a red box. Note that doxygen if the
	1606	# number of direct children of the root node in a graph is already larger than
	1607	# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
	1608	# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
	1609
	1610	DOT_GRAPH_MAX_NODES = 50
	1611
	1612	# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
	1613	# graphs generated by dot. A depth value of 3 means that only nodes reachable
	1614	# from the root by following a path via at most 3 edges will be shown. Nodes
	1615	# that lay further from the root node will be omitted. Note that setting this
	1616	# option to 1 or 2 may greatly reduce the computation time needed for large
	1617	# code bases. Also note that the size of a graph can be further restricted by
	1618	# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
	1619
	1620	MAX_DOT_GRAPH_DEPTH = 0
	1621
	1622	# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
	1623	# background. This is disabled by default, because dot on Windows does not
	1624	# seem to support this out of the box. Warning: Depending on the platform used,
	1625	# enabling this option may lead to badly anti-aliased labels on the edges of
	1626	# a graph (i.e. they become hard to read).
1239	1627
1240	1628	DOT_TRANSPARENT = NO
1241	1629
1242		# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
1243		# files in one run (i.e. multiple -o and -T options on the command line). This
1244		# makes dot run faster, but since only newer versions of dot (>1.8.10)
	1630	# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
	1631	# files in one run (i.e. multiple -o and -T options on the command line). This
	1632	# makes dot run faster, but since only newer versions of dot (>1.8.10)
1245	1633	# support this, this feature is disabled by default.
1246	1634
1247	1635	DOT_MULTI_TARGETS = NO
1248	1636
1249		# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
1250		# generate a legend page explaining the meaning of the various boxes and
	1637	# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
	1638	# generate a legend page explaining the meaning of the various boxes and
1251	1639	# arrows in the dot generated graphs.
1252	1640
1253	1641	GENERATE_LEGEND = YES
1254	1642
1255		# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
1256		# remove the intermediate dot files that are used to generate
	1643	# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
	1644	# remove the intermediate dot files that are used to generate
1257	1645	# the various graphs.
1258	1646
1259	1647	DOT_CLEANUP = YES
1260
1261		#---------------------------------------------------------------------------
1262		# Configuration::additions related to the search engine
1263		#---------------------------------------------------------------------------
1264
1265		# The SEARCHENGINE tag specifies whether or not a search engine should be
1266		# used. If set to NO the values of all tags below this one will be ignored.
1267
1268		SEARCHENGINE = NO

+19

-20

iterator/iter_delegpt.c less more

80	80	}
81	81	for(a = dp->target_list; a; a = a->next_target) {
82	82	if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen,
83		a->bogus, a->lame, 0))
	83	a->bogus, a->lame))
84	84	return NULL;
85	85	}
86	86	return copy;

153	153	int
154	154	delegpt_add_target(struct delegpt* dp, struct regional* region,
155	155	uint8_t* name, size_t namelen, struct sockaddr_storage* addr,
156		socklen_t addrlen, int bogus, int lame, int nodup)
	156	socklen_t addrlen, int bogus, int lame)
157	157	{
158	158	struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen);
159	159	if(!ns) {

167	167	if(ns->got4 && ns->got6)
168	168	ns->resolved = 1;
169	169	}
170		return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame, nodup);
	170	return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame);
171	171	}
172	172
173	173	int
174	174	delegpt_add_addr(struct delegpt* dp, struct regional* region,
175	175	struct sockaddr_storage* addr, socklen_t addrlen, int bogus,
176		int lame, int nodup)
	176	int lame)
177	177	{
178	178	struct delegpt_addr* a;
179		if(nodup) {
180		if((a = delegpt_find_addr(dp, addr, addrlen))) {
181		if(bogus)
182		a->bogus = bogus;
183		if(!lame)
184		a->lame = 0;
185		return 1;
186		}
	179	/* check for duplicates */
	180	if((a = delegpt_find_addr(dp, addr, addrlen))) {
	181	if(bogus)
	182	a->bogus = bogus;
	183	if(!lame)
	184	a->lame = 0;
	185	return 1;
187	186	}
188	187
189	188	a = (struct delegpt_addr*)regional_alloc(region,

360	359	continue;
361	360
362	361	if(ntohs(s->rk.type) == LDNS_RR_TYPE_A) {
363		if(!delegpt_add_rrset_A(dp, region, s, 0, 0))
	362	if(!delegpt_add_rrset_A(dp, region, s, 0))
364	363	return NULL;
365	364	} else if(ntohs(s->rk.type) == LDNS_RR_TYPE_AAAA) {
366		if(!delegpt_add_rrset_AAAA(dp, region, s, 0, 0))
	365	if(!delegpt_add_rrset_AAAA(dp, region, s, 0))
367	366	return NULL;
368	367	}
369	368	}

393	392
394	393	int
395	394	delegpt_add_rrset_A(struct delegpt* dp, struct regional* region,
396		struct ub_packed_rrset_key* ak, int lame, int nodup)
	395	struct ub_packed_rrset_key* ak, int lame)
397	396	{
398	397	struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data;
399	398	size_t i;

408	407	memmove(&sa.sin_addr, d->rr_data[i]+2, INET_SIZE);
409	408	if(!delegpt_add_target(dp, region, ak->rk.dname,
410	409	ak->rk.dname_len, (struct sockaddr_storage*)&sa,
411		len, (d->security==sec_status_bogus), lame, nodup))
	410	len, (d->security==sec_status_bogus), lame))
412	411	return 0;
413	412	}
414	413	return 1;

416	415
417	416	int
418	417	delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region,
419		struct ub_packed_rrset_key* ak, int lame, int nodup)
	418	struct ub_packed_rrset_key* ak, int lame)
420	419	{
421	420	struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data;
422	421	size_t i;

431	430	memmove(&sa.sin6_addr, d->rr_data[i]+2, INET6_SIZE);
432	431	if(!delegpt_add_target(dp, region, ak->rk.dname,
433	432	ak->rk.dname_len, (struct sockaddr_storage*)&sa,
434		len, (d->security==sec_status_bogus), lame, nodup))
	433	len, (d->security==sec_status_bogus), lame))
435	434	return 0;
436	435	}
437	436	return 1;

446	445	if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_NS)
447	446	return delegpt_rrset_add_ns(dp, region, rrset, lame);
448	447	else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_A)
449		return delegpt_add_rrset_A(dp, region, rrset, lame, 1);
	448	return delegpt_add_rrset_A(dp, region, rrset, lame);
450	449	else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_AAAA)
451		return delegpt_add_rrset_AAAA(dp, region, rrset, lame, 1);
	450	return delegpt_add_rrset_AAAA(dp, region, rrset, lame);
452	451	log_warn("Unknown rrset type added to delegpt");
453	452	return 1;
454	453	}

-11

iterator/iter_delegpt.h less more

184	184	* @param regional: where to allocate the info.
185	185	* @param ns_rrset: NS rrset.
186	186	* @param lame: rrset is lame, disprefer it.
187		* return 0 on alloc error.
	187	* @return 0 on alloc error.
188	188	*/
189	189	int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional,
190	190	struct ub_packed_rrset_key* ns_rrset, int lame);

200	200	* @param addrlen: the length of addr.
201	201	* @param bogus: security status for the address, pass true if bogus.
202	202	* @param lame: address is lame.
203		* @param nodup: if true, no address duplicates are made by this add.
204		* name duplicates are always filtered.
205	203	* @return false on error.
206	204	*/
207	205	int delegpt_add_target(struct delegpt* dp, struct regional* regional,
208	206	uint8_t* name, size_t namelen, struct sockaddr_storage* addr,
209		socklen_t addrlen, int bogus, int lame, int nodup);
	207	socklen_t addrlen, int bogus, int lame);
210	208
211	209	/**
212	210	* Add A RRset to delegpt.

214	212	* @param regional: where to allocate the info.
215	213	* @param rrset: RRset A to add.
216	214	* @param lame: rrset is lame, disprefer it.
217		* @param nodup: if true, no duplicates are made by this add. takes time.
218	215	* @return 0 on alloc error.
219	216	*/
220	217	int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional,
221		struct ub_packed_rrset_key* rrset, int lame, int nodup);
	218	struct ub_packed_rrset_key* rrset, int lame);
222	219
223	220	/**
224	221	* Add AAAA RRset to delegpt.

226	223	* @param regional: where to allocate the info.
227	224	* @param rrset: RRset AAAA to add.
228	225	* @param lame: rrset is lame, disprefer it.
229		* @param nodup: if true, no duplicates are made by this add. takes time.
230	226	* @return 0 on alloc error.
231	227	*/
232	228	int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional,
233		struct ub_packed_rrset_key* rrset, int lame, int nodup);
	229	struct ub_packed_rrset_key* rrset, int lame);
234	230
235	231	/**
236	232	* Add any RRset to delegpt.

252	248	* @param addrlen: the length of addr.
253	249	* @param bogus: if address is bogus.
254	250	* @param lame: if address is lame.
255		* @param nodup: if true, no duplicates are made by this add. takes time.
256	251	* @return false on error.
257	252	*/
258	253	int delegpt_add_addr(struct delegpt* dp, struct regional* regional,
259		struct sockaddr_storage* addr, socklen_t addrlen, int bogus,
260		int lame, int nodup);
	254	struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int lame);
261	255
262	256	/**
263	257	* Find NS record in name list of delegation point.

-2

iterator/iter_fwd.c less more

214	214	s->name, p->str);
215	215	return 0;
216	216	}
217		if(!delegpt_add_addr(dp, fwd->region, &addr, addrlen,
218		0, 0, 1)) {
	217	if(!delegpt_add_addr(dp, fwd->region, &addr, addrlen, 0, 0)) {
219	218	log_err("out of memory");
220	219	return 0;
221	220	}

+11

-5

iterator/iter_hints.c less more

87	87	if(!delegpt_add_ns(dp, r, ldns_rdf_data(rdf), 0) \|\|
88	88	!extstrtoaddr(ip, &addr, &addrlen) \|\|
89	89	!delegpt_add_target(dp, r, ldns_rdf_data(rdf), ldns_rdf_size(rdf),
90		&addr, addrlen, 0, 0, 1)) {
	90	&addr, addrlen, 0, 0)) {
91	91	ldns_rdf_deep_free(rdf);
92	92	return 0;
93	93	}

228	228	s->name, p->str);
229	229	return 0;
230	230	}
231		if(!delegpt_add_addr(dp, hints->region, &addr, addrlen,
232		0, 0, 1)) {
	231	if(!delegpt_add_addr(dp, hints->region, &addr, addrlen, 0, 0)) {
233	232	log_err("out of memory");
234	233	return 0;
235	234	}

324	323	ldns_rdf_data(ldns_rr_owner(rr)),
325	324	ldns_rdf_size(ldns_rr_owner(rr)),
326	325	(struct sockaddr_storage*)&sa, len,
327		0, 0, 1)) {
	326	0, 0)) {
328	327	log_err("out of memory reading root hints");
329	328	goto stop_read;
330	329	}

340	339	ldns_rdf_data(ldns_rr_owner(rr)),
341	340	ldns_rdf_size(ldns_rr_owner(rr)),
342	341	(struct sockaddr_storage*)&sa, len,
343		0, 0, 1)) {
	342	0, 0)) {
344	343	log_err("out of memory reading root hints");
345	344	goto stop_read;
346	345	}

450	449	r = (struct iter_hints_stub*)name_tree_lookup(&hints->tree, qname,
451	450	len, labs, qclass);
452	451	if(!r) return NULL;
	452
	453	/* If there is no cache (root prime situation) */
	454	if(cache_dp == NULL) {
	455	if(r->dp->namelabs != 1)
	456	return r; /* no cache dp, use any non-root stub */
	457	return NULL;
	458	}
453	459
454	460	/*
455	461	* If the stub is same as the delegation we got

-11

iterator/iter_utils.c less more

182	182	uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now,
183	183	struct delegpt_addr* a)
184	184	{
185		int rtt, lame, reclame, dnsseclame, lost;
	185	int rtt, lame, reclame, dnsseclame;
186	186	if(a->bogus)
187	187	return -1; /* address of server is bogus */
188	188	if(donotq_lookup(iter_env->donotq, &a->addr, a->addrlen)) {

196	196	/* check lameness - need zone , class info */
197	197	if(infra_get_lame_rtt(env->infra_cache, &a->addr, a->addrlen,
198	198	name, namelen, qtype, &lame, &dnsseclame, &reclame,
199		&rtt, &lost, now)) {
	199	&rtt, now)) {
200	200	log_addr(VERB_ALGO, "servselect", &a->addr, a->addrlen);
201		verbose(VERB_ALGO, " rtt=%d lost=%d%s%s%s%s", rtt, lost,
	201	verbose(VERB_ALGO, " rtt=%d%s%s%s%s", rtt,
202	202	lame?" LAME":"",
203	203	dnsseclame?" DNSSEC_LAME":"",
204	204	reclame?" REC_LAME":"",
205	205	a->lame?" ADDR_LAME":"");
206	206	if(lame)
207	207	return -1; /* server is lame */
208		else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT &&
209		lost >= USEFUL_SERVER_MAX_LOST)
210		/* server is unresponsive, but keep trying slowly */
211		return USEFUL_SERVER_TOP_TIMEOUT+1;
	208	else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT)
	209	/* server is unresponsive */
	210	return USEFUL_SERVER_TOP_TIMEOUT;
212	211	/* select remainder from worst to best */
213	212	else if(reclame)
214	213	return rtt+USEFUL_SERVER_TOP_TIMEOUT3; / nonpref */

216	215	return rtt+USEFUL_SERVER_TOP_TIMEOUT2; / nonpref */
217	216	else if(a->lame)
218	217	return rtt+USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */
219		else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT) /* not blacklisted*/
220		return USEFUL_SERVER_TOP_TIMEOUT+1;
221	218	else return rtt;
222	219	}
223	220	/* no server information present */

851	848	log_rrset_key(VERB_ALGO, "found parent-side", akey);
852	849	ns->done_pside4 = 1;
853	850	/* a negative-cache-element has no addresses it adds */
854		if(!delegpt_add_rrset_A(dp, region, akey, 1, 1))
	851	if(!delegpt_add_rrset_A(dp, region, akey, 1))
855	852	log_err("malloc failure in lookup_parent_glue");
856	853	lock_rw_unlock(&akey->entry.lock);
857	854	}

863	860	log_rrset_key(VERB_ALGO, "found parent-side", akey);
864	861	ns->done_pside6 = 1;
865	862	/* a negative-cache-element has no addresses it adds */
866		if(!delegpt_add_rrset_AAAA(dp, region, akey, 1, 1))
	863	if(!delegpt_add_rrset_AAAA(dp, region, akey, 1))
867	864	log_err("malloc failure in lookup_parent_glue");
868	865	lock_rw_unlock(&akey->entry.lock);
869	866	}

-0

iterator/iter_utils.h less more

158	158	* @param qinfo: query name and type
159	159	* @param qflags: query flags with RD flag
160	160	* @param dp: delegpt to check.
	161	* @return true if dp is useless.
161	162	*/
162	163	int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
163	164	struct delegpt* dp);

+40

-11

iterator/iterator.c less more

322	322	(msg->rep->ns_numrrsets + msg->rep->ar_numrrsets) *
323	323	sizeof(struct ub_packed_rrset_key*));
324	324
325		/* if the rcode was NXDOMAIN, and we prepended DNAME/CNAMEs, then
326		* it should now be NOERROR. */
327		if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NXDOMAIN) {
328		FLAGS_SET_RCODE(msg->rep->flags, LDNS_RCODE_NOERROR);
329		}
	325	/* NXDOMAIN rcode can stay if we prepended DNAME/CNAMEs, because
	326	* this is what recursors should give. */
330	327	msg->rep->rrset_count += num_an + num_ns;
331	328	msg->rep->an_numrrsets += num_an;
332	329	msg->rep->ns_numrrsets += num_ns;

536	533	* @param ie: iterator global state.
537	534	* @param id: module id.
538	535	* @param qclass: the class to prime.
	536	* @return 0 on failure
539	537	*/
540	538	static int
541	539	prime_root(struct module_qstate* qstate, struct iter_qstate* iq,

595	593	* @param q: request name.
596	594	* @return true if a priming subrequest was made, false if not. The will only
597	595	* issue a priming request if it detects an unprimed stub.
	596	* Uses value of 2 to signal during stub-prime in root-prime situation
	597	* that a noprime-stub is available and resolution can continue.
598	598	*/
599	599	static int
600	600	prime_stub(struct module_qstate* qstate, struct iter_qstate* iq,

620	620
621	621	/* is it a noprime stub (always use) */
622	622	if(stub->noprime) {
	623	int r = 0;
	624	if(iq->dp == NULL) r = 2;
623	625	/* copy the dp out of the fixed hints structure, so that
624	626	* it can be changed when servicing this query */
625	627	iq->dp = delegpt_copy(stub_dp, qstate->region);

630	632	}
631	633	log_nametypeclass(VERB_DETAIL, "use stub", stub_dp->name,
632	634	LDNS_RR_TYPE_NS, q->qclass);
633		return 0;
	635	return r;
634	636	}
635	637
636	638	/* Otherwise, we need to (re)prime the stub. */

935	937	msg = val_neg_getmsg(qstate->env->neg_cache, &iq->qchase,
936	938	qstate->region, qstate->env->rrset_cache,
937	939	qstate->env->scratch_buffer,
938		qstate->env->now, 1/add SOA*/);
939		}
	940	qstate->env->now, 1/add SOA*/, NULL);
	941	}
	942	/* item taken from cache does not match our query name, thus
	943	* security needs to be re-examined later */
	944	if(msg && query_dname_compare(qstate->qinfo.qname,
	945	iq->qchase.qname) != 0)
	946	msg->rep->security = sec_status_unchecked;
940	947	}
941	948	if(msg) {
942	949	/* handle positive cache response */

1010	1017	delname = iq->qchase.qname;
1011	1018	delnamelen = iq->qchase.qname_len;
1012	1019	}
1013		if(iq->qchase.qtype == LDNS_RR_TYPE_DS \|\| iq->refetch_glue) {
	1020	if(iq->qchase.qtype == LDNS_RR_TYPE_DS \|\| iq->refetch_glue \|\|
	1021	(iq->qchase.qtype == LDNS_RR_TYPE_NS && qstate->prefetch_leeway)) {
1014	1022	/* remove first label from delname, root goes to hints,
1015	1023	* but only to fetch glue, not for qtype=DS. */
1016		if(dname_is_root(delname) && iq->refetch_glue)
	1024	/* also when prefetching an NS record, fetch it again from
	1025	* its parent, just as if it expired, so that you do not
	1026	* get stuck on an older nameserver that gives old NSrecords */
	1027	if(dname_is_root(delname) && (iq->refetch_glue \|\|
	1028	(iq->qchase.qtype == LDNS_RR_TYPE_NS &&
	1029	qstate->prefetch_leeway)))
1017	1030	delname = NULL; /* go to root priming */
1018	1031	else dname_remove_label(&delname, &delnamelen);
1019	1032	iq->refetch_glue = 0; /* if CNAME causes restart, no refetch */

1032	1045	/* If the cache has returned nothing, then we have a
1033	1046	* root priming situation. */
1034	1047	if(iq->dp == NULL) {
	1048	/* if there is a stub, then no root prime needed */
	1049	int r = prime_stub(qstate, iq, ie, id, &iq->qchase);
	1050	if(r == 2)
	1051	break; /* got noprime-stub-zone, continue */
	1052	else if(r)
	1053	return 0; /* stub prime request made */
1035	1054	if(forwards_lookup_root(qstate->env->fwds,
1036	1055	iq->qchase.qclass)) {
1037	1056	/* forward zone root, no root prime needed */

1301	1320	int missing;
1302	1321	int toget = 0;
1303	1322
	1323	if(iq->depth == ie->max_dependency_depth)
	1324	return 0;
	1325
1304	1326	iter_mark_cycle_targets(qstate, iq->dp);
1305	1327	missing = (int)delegpt_count_missing_targets(iq->dp);
1306	1328	log_assert(maxtargets != 0); /* that would not be useful */

1432	1454	qstate->ext_state[id] = module_wait_subquery;
1433	1455	return 0; /* and wait for them */
1434	1456	}
	1457	}
	1458	if(iq->depth == ie->max_dependency_depth) {
	1459	verbose(VERB_QUERY, "maxdepth and need more nameservers, fail");
	1460	return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
1435	1461	}
1436	1462	/* mark cycle targets for parent-side lookups */
1437	1463	iter_mark_pside_cycle_targets(qstate, iq->dp);

2382	2408	}
2383	2409	/* reset the query name back */
2384	2410	iq->response->qinfo = qstate->qinfo;
	2411	/* the security state depends on the combination */
	2412	iq->response->rep->security = sec_status_unchecked;
2385	2413	/* store message with the finished prepended items,
2386	2414	* but only if we did recursion. The nonrecursion referral
2387	2415	* from cache does not need to be stored in the msg cache. */

2657	2685	if(!ie)
2658	2686	return 0;
2659	2687	return sizeof(ie) + sizeof(int)((size_t)ie->max_dependency_depth+1)
2660		+ hints_get_mem(ie->hints) + donotq_get_mem(ie->donotq);
	2688	+ hints_get_mem(ie->hints) + donotq_get_mem(ie->donotq)
	2689	+ priv_get_mem(ie->priv);
2661	2690	}
2662	2691
2663	2692	/**

-0

iterator/iterator.h less more

74	74	* Chosen so that the UNKNOWN_SERVER_NICENESS falls within the band of a
75	75	* fast server, this causes server exploration as a side benefit. msec. */
76	76	#define RTT_BAND 400
	77	/** Start value for blacklisting a host, 2USEFUL_SERVER_TOP_TIMEOUT in sec /
	78	#define INFRA_BACKOFF_INITIAL 240
77	79
78	80	/**
79	81	* Global state for the iterator.

ldns-src.tar.gz less more

Binary diff not shown

-22

libunbound/libworker.c less more

184	184	libworker_delete(w);
185	185	return NULL;
186	186	}
187		w->env->send_packet = &libworker_send_packet;
188	187	w->env->send_query = &libworker_send_query;
189	188	w->env->detach_subs = &mesh_detach_subs;
190	189	w->env->attach_sub = &mesh_attach_sub;

670	669	slabhash_clear(w->env->msg_cache);
671	670	}
672	671
673		int libworker_send_packet(ldns_buffer* pkt, struct sockaddr_storage* addr,
674		socklen_t addrlen, int timeout, struct module_qstate* q, int use_tcp)
675		{
676		struct libworker* w = (struct libworker*)q->env->worker;
677		if(use_tcp) {
678		return pending_tcp_query(w->back, pkt, addr, addrlen,
679		timeout, libworker_handle_reply, q) != 0;
680		}
681		return pending_udp_query(w->back, pkt, addr, addrlen,
682		timeout*1000, libworker_handle_reply, q) != 0;
683		}
684
685	672	/** compare outbound entry qstates */
686	673	static int
687	674	outbound_entry_compare(void* a, void* b)

822	809	log_assert(0);
823	810	}
824	811
825		int worker_send_packet(ldns_buffer* ATTR_UNUSED(pkt),
826		struct sockaddr_storage* ATTR_UNUSED(addr),
827		socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(timeout),
828		struct module_qstate* ATTR_UNUSED(q), int ATTR_UNUSED(use_tcp))
829		{
830		log_assert(0);
831		return 0;
832		}
833
834	812	struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname),
835	813	size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype),
836	814	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),

-14

libunbound/libworker.h less more

107	107	void libworker_alloc_cleanup(void* arg);
108	108
109	109	/**
110		* Worker service routine to send udp messages for modules.
111		* @param pkt: packet to send.
112		* @param addr: where to.
113		* @param addrlen: length of addr.
114		* @param timeout: seconds to wait until timeout.
115		* @param q: wich query state to reactivate upon return.
116		* @param use_tcp: true to use TCP, false for UDP.
117		* @return: false on failure (memory or socket related). no query was
118		* sent.
119		*/
120		int libworker_send_packet(ldns_buffer* pkt, struct sockaddr_storage* addr,
121		socklen_t addrlen, int timeout, struct module_qstate* q, int use_tcp);
122
123		/**
124	110	* Worker service routine to send serviced queries to authoritative servers.
125	111	* @param qname: query name. (host order)
126	112	* @param qnamelen: length in bytes of qname, including trailing 0.

-0

pythonmod/pythonmod_utils.h less more

73	73	*
74	74	* @param qstate: module environment
75	75	* @param pkt: a ldns_buffer which contains ldns_packet data
	76	* @return 0 on failure, out of memory or parse error.
76	77	*/
77	78	int createResponse(struct module_qstate* qstate, ldns_buffer* pkt);
78	79

+39

-9

services/cache/dns.c less more

48	48	#include "util/module.h"
49	49	#include "util/net_help.h"
50	50	#include "util/regional.h"
	51	#include "util/config_file.h"
51	52
52	53	/** store rrsets in the rrset cache.
53	54	* @param env: module environment with caches.

179	180	akey = rrset_cache_lookup(env->rrset_cache, ns->name,
180	181	ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
181	182	if(akey) {
182		if(!delegpt_add_rrset_A(dp, region, akey, 0, 0)) {
	183	if(!delegpt_add_rrset_A(dp, region, akey, 0)) {
183	184	lock_rw_unlock(&akey->entry.lock);
184	185	return 0;
185	186	}

197	198	akey = rrset_cache_lookup(env->rrset_cache, ns->name,
198	199	ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
199	200	if(akey) {
200		if(!delegpt_add_rrset_AAAA(dp, region, akey, 0, 0)) {
	201	if(!delegpt_add_rrset_AAAA(dp, region, akey, 0)) {
201	202	lock_rw_unlock(&akey->entry.lock);
202	203	return 0;
203	204	}

229	230	akey = rrset_cache_lookup(env->rrset_cache, ns->name,
230	231	ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
231	232	if(akey) {
232		if(!delegpt_add_rrset_A(dp, region, akey, (int)ns->lame, 1)) {
	233	if(!delegpt_add_rrset_A(dp, region, akey, (int)ns->lame)) {
233	234	lock_rw_unlock(&akey->entry.lock);
234	235	return 0;
235	236	}

247	248	akey = rrset_cache_lookup(env->rrset_cache, ns->name,
248	249	ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
249	250	if(akey) {
250		if(!delegpt_add_rrset_AAAA(dp, region, akey, (int)ns->lame, 1)) {
	251	if(!delegpt_add_rrset_AAAA(dp, region, akey, (int)ns->lame)) {
251	252	lock_rw_unlock(&akey->entry.lock);
252	253	return 0;
253	254	}

416	417
417	418	/** generate dns_msg from cached message */
418	419	static struct dns_msg*
419		tomsg(struct module_env* env, struct msgreply_entry* e, struct reply_info* r,
	420	tomsg(struct module_env* env, struct query_info* q, struct reply_info* r,
420	421	struct regional* region, uint32_t now, struct regional* scratch)
421	422	{
422	423	struct dns_msg* msg;
423	424	size_t i;
424	425	if(now > r->ttl)
425	426	return NULL;
426		msg = gen_dns_msg(region, &e->key, r->rrset_count);
	427	msg = gen_dns_msg(region, q, r->rrset_count);
427	428	if(!msg)
428	429	return NULL;
429	430	msg->rep->flags = r->flags;

605	606	if(e) {
606	607	struct msgreply_entry* key = (struct msgreply_entry*)e->key;
607	608	struct reply_info* data = (struct reply_info*)e->data;
608		struct dns_msg* msg = tomsg(env, key, data, region, now,
	609	struct dns_msg* msg = tomsg(env, &key->key, data, region, now,
609	610	scratch);
610	611	if(msg) {
611	612	lock_rw_unlock(&e->lock);

629	630	lock_rw_unlock(&rrset->entry.lock);
630	631	}
631	632
632		/* see if we have CNAME for this domain */
633		if( (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
	633	/* see if we have CNAME for this domain,
	634	* but not for DS records (which are part of the parent) */
	635	if( qtype != LDNS_RR_TYPE_DS &&
	636	(rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
634	637	LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) {
635	638	struct dns_msg* msg = rrset_msg(rrset, region, now, &k);
636	639	if(msg) {

667	670	}
668	671	lock_rw_unlock(&rrset->entry.lock);
669	672	}
	673
	674	/* stop downwards cache search on NXDOMAIN.
	675	* Empty nonterminals are NOERROR, so an NXDOMAIN for foo
	676	* means bla.foo also does not exist. The DNSSEC proofs are
	677	* the same. We search upwards for NXDOMAINs. */
	678	if(env->cfg->harden_below_nxdomain)
	679	while(!dname_is_root(k.qname)) {
	680	dname_remove_label(&k.qname, &k.qname_len);
	681	h = query_info_hash(&k);
	682	e = slabhash_lookup(env->msg_cache, h, &k, 0);
	683	if(e) {
	684	struct reply_info* data = (struct reply_info*)e->data;
	685	struct dns_msg* msg;
	686	if(FLAGS_GET_RCODE(data->flags) == LDNS_RCODE_NXDOMAIN
	687	&& data->security != sec_status_bogus
	688	&& (msg=tomsg(env, &k, data, region, now, scratch))){
	689	lock_rw_unlock(&e->lock);
	690	msg->qinfo.qname=qname;
	691	msg->qinfo.qname_len=qnamelen;
	692	/* check that DNSSEC really works out */
	693	msg->rep->security = sec_status_unchecked;
	694	return msg;
	695	}
	696	lock_rw_unlock(&e->lock);
	697	}
	698	}
	699
670	700	return NULL;
671	701	}
672	702

+82

-9

services/cache/infra.c less more

46	46	#include "util/log.h"
47	47	#include "util/net_help.h"
48	48	#include "util/config_file.h"
	49	#include "iterator/iterator.h"
	50
	51	/** Timeout when only a single probe query per IP is allowed. */
	52	#define PROBE_MAXRTO 12000 /* in msec */
49	53
50	54	size_t
51	55	infra_host_sizefunc(void* k, void* ATTR_UNUSED(d))

100	104	infra->host_ttl = cfg->host_ttl;
101	105	infra->lame_ttl = cfg->lame_ttl;
102	106	infra->max_lame_size = cfg->infra_cache_lame_size;
	107	infra->jostle = cfg->jostle_time;
103	108	return infra;
104	109	}
105	110

121	126	infra->host_ttl = cfg->host_ttl;
122	127	infra->lame_ttl = cfg->lame_ttl;
123	128	infra->max_lame_size = cfg->infra_cache_lame_size;
	129	infra->jostle = cfg->jostle_time;
124	130	maxmem = cfg->infra_cache_numhosts *
125	131	(sizeof(struct infra_host_key)+sizeof(struct infra_host_data));
126	132	if(maxmem != slabhash_get_size(infra->hosts) \|\|

151	157	return h;
152	158	}
153	159
	160	void
	161	infra_remove_host(struct infra_cache* infra,
	162	struct sockaddr_storage* addr, socklen_t addrlen)
	163	{
	164	struct infra_host_key k;
	165	k.addrlen = addrlen;
	166	memcpy(&k.addr, addr, addrlen);
	167	k.entry.hash = hash_addr(addr, addrlen);
	168	k.entry.key = (void*)&k;
	169	k.entry.data = NULL;
	170	slabhash_remove(infra->hosts, k.entry.hash, &k);
	171	}
	172
154	173	/** lookup version that does not check host ttl (you check it) */
155	174	static struct lruhash_entry*
156	175	infra_lookup_host_nottl(struct infra_cache* infra,

196	215	rtt_init(&data->rtt);
197	216	data->edns_version = 0;
198	217	data->edns_lame_known = 0;
199		data->num_timeouts = 0;
	218	data->probedelay = 0;
200	219	}
201	220
202	221	/**

241	260	struct lruhash_entry* e = infra_lookup_host_nottl(infra, addr,
242	261	addrlen, 0);
243	262	struct infra_host_data* data;
	263	int wr = 0;
244	264	if(e && ((struct infra_host_data*)e->data)->ttl < timenow) {
245	265	/* it expired, try to reuse existing entry */
	266	int old = ((struct infra_host_data*)e->data)->rtt.rto;
246	267	lock_rw_unlock(&e->lock);
247	268	e = infra_lookup_host_nottl(infra, addr, addrlen, 1);
248	269	if(e) {

250	271	/* re-initialise */
251	272	/* do not touch lameness, it may be valid still */
252	273	host_entry_init(infra, e, timenow);
	274	wr = 1;
	275	/* TOP_TIMEOUT remains on reuse */
	276	if(old >= USEFUL_SERVER_TOP_TIMEOUT)
	277	((struct infra_host_data*)e->data)->rtt.rto
	278	= USEFUL_SERVER_TOP_TIMEOUT;
253	279	}
254	280	}
255	281	if(!e) {

268	294	*to = rtt_timeout(&data->rtt);
269	295	*edns_vs = data->edns_version;
270	296	*edns_lame_known = data->edns_lame_known;
	297	if(to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)4 <= *to) {
	298	/* delay other queries, this is the probe query */
	299	if(!wr) {
	300	lock_rw_unlock(&e->lock);
	301	e = infra_lookup_host_nottl(infra, addr, addrlen, 1);
	302	if(!e) { /* flushed from cache real fast, no use to
	303	allocate just for the probedelay */
	304	return 1;
	305	}
	306	data = (struct infra_host_data*)e->data;
	307	}
	308	/* add 999 to round up the timeout value from msec to sec,
	309	* then add a whole second so it is certain that this probe
	310	* has timed out before the next is allowed */
	311	data->probedelay = timenow + ((*to)+1999)/1000;
	312	}
271	313	lock_rw_unlock(&e->lock);
272	314	return 1;
273	315	}

455	497	if(data->rtt.rto >= RTT_MAX_TIMEOUT)
456	498	/* do not disqualify this server altogether, it is better
457	499	* than nothing */
458		data->rtt.rto = RTT_MAX_TIMEOUT-1;
	500	data->rtt.rto = RTT_MAX_TIMEOUT-1000;
459	501	lock_rw_unlock(&e->lock);
460	502	}
461	503

480	522	data = (struct infra_host_data*)e->data;
481	523	if(roundtrip == -1) {
482	524	rtt_lost(&data->rtt, orig_rtt);
483		if(data->num_timeouts<255)
484		data->num_timeouts++;
485	525	} else {
486	526	rtt_update(&data->rtt, roundtrip);
487		data->num_timeouts = 0;
	527	data->probedelay = 0;
488	528	}
489	529	if(data->rtt.rto > 0)
490	530	rto = data->rtt.rto;

493	533	slabhash_insert(infra->hosts, e->hash, e, e->data, NULL);
494	534	else { lock_rw_unlock(&e->lock); }
495	535	return rto;
	536	}
	537
	538	int infra_get_host_rto(struct infra_cache* infra,
	539	struct sockaddr_storage* addr, socklen_t addrlen,
	540	struct rtt_info* rtt, int* delay, uint32_t timenow)
	541	{
	542	struct lruhash_entry* e = infra_lookup_host_nottl(infra, addr,
	543	addrlen, 0);
	544	struct infra_host_data* data;
	545	int ttl = -2;
	546	if(!e) return -1;
	547	data = (struct infra_host_data*)e->data;
	548	if(data->ttl >= timenow) {
	549	ttl = (int)(data->ttl - timenow);
	550	memmove(rtt, &data->rtt, sizeof(*rtt));
	551	if(timenow < data->probedelay)
	552	*delay = (int)(data->probedelay - timenow);
	553	else *delay = 0;
	554	}
	555	lock_rw_unlock(&e->lock);
	556	return ttl;
496	557	}
497	558
498	559	int

514	575	/* have an entry, update the rtt, and the ttl */
515	576	data = (struct infra_host_data*)e->data;
516	577	/* do not update if noEDNS and stored is yesEDNS */
517		if(!(edns_version == -1 && data->edns_version != -1)) {
	578	if(!(edns_version == -1 && (data->edns_version != -1 &&
	579	data->edns_lame_known))) {
518	580	data->edns_version = edns_version;
519	581	data->edns_lame_known = 1;
520	582	}

529	591	infra_get_lame_rtt(struct infra_cache* infra,
530	592	struct sockaddr_storage* addr, socklen_t addrlen,
531	593	uint8_t* name, size_t namelen, uint16_t qtype,
532		int* lame, int* dnsseclame, int* reclame, int* rtt, int* lost,
533		uint32_t timenow)
	594	int* lame, int* dnsseclame, int* reclame, int* rtt, uint32_t timenow)
534	595	{
535	596	struct infra_host_data* host;
536	597	struct lruhash_entry* e = infra_lookup_host_nottl(infra, addr,

540	601	return 0;
541	602	host = (struct infra_host_data*)e->data;
542	603	*rtt = rtt_unclamped(&host->rtt);
543		*lost = (int)host->num_timeouts;
	604	if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
	605	&& rtt_notimeout(&host->rtt)*4 <= host->rtt.rto)
	606	/* single probe for this domain, and we are not probing */
	607	*rtt = USEFUL_SERVER_TOP_TIMEOUT;
544	608	/* check lameness first, if so, ttl on host does not matter anymore */
545	609	if(infra_lookup_lame(host, name, namelen, timenow,
546	610	&dlm, &rlm, &alm, &olm)) {

575	639	*dnsseclame = 0;
576	640	*reclame = 0;
577	641	if(timenow > host->ttl) {
	642	/* expired entry */
	643	/* see if this can be a re-probe of an unresponsive server */
	644	/* minus 1000 because that is outside of the RTTBAND, so
	645	* blacklisted servers stay blacklisted if this is chosen */
	646	if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
	647	*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
	648	lock_rw_unlock(&e->lock);
	649	return 1;
	650	}
578	651	lock_rw_unlock(&e->lock);
579	652	return 0;
580	653	}

+27

-6

services/cache/infra.h less more

63	63	struct infra_host_data {
64	64	/** TTL value for this entry. absolute time. */
65	65	uint32_t ttl;
	66	/** time in seconds (absolute) when probing re-commences, 0 disabled */
	67	uint32_t probedelay;
66	68	/** round trip times for timeout calculation */
67	69	struct rtt_info rtt;
68	70	/** Names of the zones that are lame. NULL=no lame zones. */

73	75	* EDNS lame is when EDNS queries or replies are dropped,
74	76	* and cause a timeout */
75	77	uint8_t edns_lame_known;
76		/** Number of consequtive timeouts; reset when reply arrives OK. */
77		uint8_t num_timeouts;
78	78	};
79	79
80	80	/**

119	119	int lame_ttl;
120	120	/** infra lame cache max memory per host, in bytes */
121	121	size_t max_lame_size;
	122	/** jostle timeout in msec */
	123	size_t jostle;
122	124	};
123	125
124	126	/** infra host cache default hash lookup size */

138	140	* @param infra: infrastructure cache to delete.
139	141	*/
140	142	void infra_delete(struct infra_cache* infra);
	143
	144	/** explicitly delete an infra host element */
	145	void infra_remove_host(struct infra_cache* infra,
	146	struct sockaddr_storage* addr, socklen_t addrlen);
141	147
142	148	/**
143	149	* Adjust infra cache to use updated configuration settings.

168	174	* Find host information to send a packet. Creates new entry if not found.
169	175	* Lameness is empty. EDNS is 0 (try with first), and rtt is returned for
170	176	* the first message to it.
	177	* Use this to send a packet only, because it also locks out others when
	178	* probing is restricted.
171	179	* @param infra: infrastructure cache.
172	180	* @param addr: host address.
173	181	* @param addrlen: length of addr.

260	268
261	269	/**
262	270	* Get Lameness information and average RTT if host is in the cache.
	271	* This information is to be used for server selection.
263	272	* @param infra: infrastructure cache.
264	273	* @param addr: host address.
265	274	* @param addrlen: length of addr.

272	281	* @param reclame: if function returns true, this is if it is recursion lame.
273	282	* @param rtt: if function returns true, this returns avg rtt of the server.
274	283	* The rtt value is unclamped and reflects recent timeouts.
275		* @param lost: number of queries lost in a row. Reset to 0 when an answer
276		* gets back. Gives a connectivity number.
277	284	* @param timenow: what time it is now.
278	285	* @return if found in cache, or false if not (or TTL bad).
279	286	*/
280	287	int infra_get_lame_rtt(struct infra_cache* infra,
281	288	struct sockaddr_storage* addr, socklen_t addrlen,
282	289	uint8_t* name, size_t namelen, uint16_t qtype,
283		int* lame, int* dnsseclame, int* reclame, int* rtt, int* lost,
284		uint32_t timenow);
	290	int* lame, int* dnsseclame, int* reclame, int* rtt, uint32_t timenow);
	291
	292	/**
	293	* Get additional (debug) info on timing.
	294	* @param infra: infra cache.
	295	* @param addr: host address.
	296	* @param addrlen: length of addr.
	297	* @param rtt: the rtt_info is copied into here (caller alloced return struct).
	298	* @param delay: probe delay (if any).
	299	* @param timenow: what time it is now.
	300	* @return TTL the infra host element is valid for. If -1: not found in cache.
	301	* TTL -2: found but expired.
	302	*/
	303	int infra_get_host_rto(struct infra_cache* infra,
	304	struct sockaddr_storage* addr, socklen_t addrlen,
	305	struct rtt_info* rtt, int* delay, uint32_t timenow);
285	306
286	307	/**
287	308	* Get memory used by the infra cache.

+27

-9

services/cache/rrset.c less more

119	119
120	120	/** see if rrset needs to be updated in the cache */
121	121	static int
122		need_to_update_rrset(void* nd, void* cd, uint32_t timenow, int equal)
	122	need_to_update_rrset(void* nd, void* cd, uint32_t timenow, int equal, int ns)
123	123	{
124	124	struct packed_rrset_data* newd = (struct packed_rrset_data*)nd;
125	125	struct packed_rrset_data* cached = (struct packed_rrset_data*)cd;

144	144	/* o item in cache has expired */
145	145	if( cached->ttl < timenow )
146	146	return 1;
147		/* o same trust, but different in data - insert it */
148		if( newd->trust == cached->trust && !equal )
149		return 1;
150		return 0;
	147	/* o same trust, but different in data - insert it */
	148	if( newd->trust == cached->trust && !equal ) {
	149	/* if this is type NS, do not 'stick' to owner that changes
	150	* the NS RRset, but use the old TTL for the new data, and
	151	* update to fetch the latest data. ttl is not expired, because
	152	* that check was before this one. */
	153	if(ns) {
	154	size_t i;
	155	newd->ttl = cached->ttl;
	156	for(i=0; i<(newd->count+newd->rrsig_count); i++)
	157	if(newd->rr_ttl[i] > newd->ttl)
	158	newd->rr_ttl[i] = newd->ttl;
	159	}
	160	return 1;
	161	}
	162	return 0;
151	163	}
152	164
153	165	/** Update RRSet special key ID */

190	202	equal = rrsetdata_equal((struct packed_rrset_data*)k->entry.
191	203	data, (struct packed_rrset_data*)e->data);
192	204	if(!need_to_update_rrset(k->entry.data, e->data, timenow,
193		equal)) {
	205	equal, (rrset_type==LDNS_RR_TYPE_NS))) {
194	206	/* cache is superior, return that value */
195	207	lock_rw_unlock(&e->lock);
196	208	ub_packed_rrset_parsedelete(k, alloc);

337	349	if(updata->trust > cachedata->trust)
338	350	cachedata->trust = updata->trust;
339	351	cachedata->security = updata->security;
340		cachedata->ttl = updata->ttl + now;
341		for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
342		cachedata->rr_ttl[i] = updata->rr_ttl[i]+now;
	352	/* for NS records only shorter TTLs, other types: update it */
	353	if(ntohs(rrset->rk.type) != LDNS_RR_TYPE_NS \|\|
	354	updata->ttl+now < cachedata->ttl \|\|
	355	cachedata->ttl < now \|\|
	356	updata->security == sec_status_bogus) {
	357	cachedata->ttl = updata->ttl + now;
	358	for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
	359	cachedata->rr_ttl[i] = updata->rr_ttl[i]+now;
	360	}
343	361	}
344	362	lock_rw_unlock(&e->lock);
345	363	}

+100

-49

services/listen_dnsport.c less more

89	89
90	90	int
91	91	create_udp_sock(int family, int socktype, struct sockaddr* addr,
92		socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv)
	92	socklen_t addrlen, int v6only, int* inuse, int* noproto,
	93	int rcv, int snd)
93	94	{
94	95	int s;
95	96	#if defined(IPV6_USE_MIN_MTU)

100	101	#endif
101	102	#if !defined(SO_RCVBUFFORCE) && !defined(SO_RCVBUF)
102	103	(void)rcv;
	104	#endif
	105	#if !defined(SO_SNDBUFFORCE) && !defined(SO_SNDBUF)
	106	(void)snd;
103	107	#endif
104	108	#ifndef IPV6_V6ONLY
105	109	(void)v6only;

182	186	# endif
183	187	#endif /* SO_RCVBUF */
184	188	}
	189	/* first do RCVBUF as the receive buffer is more important */
	190	if(snd) {
	191	#ifdef SO_SNDBUF
	192	int got;
	193	socklen_t slen = (socklen_t)sizeof(got);
	194	# ifdef SO_SNDBUFFORCE
	195	/* Linux specific: try to use root permission to override
	196	* system limits on sndbuf. The limit is stored in
	197	* /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */
	198	if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd,
	199	(socklen_t)sizeof(snd)) < 0) {
	200	if(errno != EPERM) {
	201	# ifndef USE_WINSOCK
	202	log_err("setsockopt(..., SO_SNDBUFFORCE, "
	203	"...) failed: %s", strerror(errno));
	204	close(s);
	205	# else
	206	log_err("setsockopt(..., SO_SNDBUFFORCE, "
	207	"...) failed: %s",
	208	wsa_strerror(WSAGetLastError()));
	209	closesocket(s);
	210	# endif
	211	*noproto = 0;
	212	*inuse = 0;
	213	return -1;
	214	}
	215	# endif /* SO_SNDBUFFORCE */
	216	if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd,
	217	(socklen_t)sizeof(snd)) < 0) {
	218	# ifndef USE_WINSOCK
	219	log_err("setsockopt(..., SO_SNDBUF, "
	220	"...) failed: %s", strerror(errno));
	221	close(s);
	222	# else
	223	log_err("setsockopt(..., SO_SNDBUF, "
	224	"...) failed: %s",
	225	wsa_strerror(WSAGetLastError()));
	226	closesocket(s);
	227	# endif
	228	*noproto = 0;
	229	*inuse = 0;
	230	return -1;
	231	}
	232	/* check if we got the right thing or if system
	233	* reduced to some system max. Warn if so */
	234	if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got,
	235	&slen) >= 0 && got < snd/2) {
	236	log_warn("so-sndbuf %u was not granted. "
	237	"Got %u. To fix: start with "
	238	"root permissions(linux) or sysctl "
	239	"bigger net.core.wmem_max(linux) or "
	240	"kern.ipc.maxsockbuf(bsd) values.",
	241	(unsigned)snd, (unsigned)got);
	242	}
	243	# ifdef SO_SNDBUFFORCE
	244	}
	245	# endif
	246	#endif /* SO_SNDBUF */
	247	}
185	248	if(family == AF_INET6) {
186	249	# if defined(IPV6_V6ONLY)
187	250	if(v6only) {

279	342	/* detect freebsd jail with no ipv6 permission */
280	343	if(family==AF_INET6 && errno==EINVAL)
281	344	*noproto = 1;
282		else if(errno != EADDRINUSE)
	345	else if(errno != EADDRINUSE) {
283	346	log_err("can't bind socket: %s", strerror(errno));
	347	log_addr(0, "failed address",
	348	(struct sockaddr_storage*)addr, addrlen);
	349	}
284	350	#endif /* EADDRINUSE */
285	351	close(s);
286	352	#else /* USE_WINSOCK */
287	353	if(WSAGetLastError() != WSAEADDRINUSE &&
288		WSAGetLastError() != WSAEADDRNOTAVAIL)
	354	WSAGetLastError() != WSAEADDRNOTAVAIL) {
289	355	log_err("can't bind socket: %s",
290	356	wsa_strerror(WSAGetLastError()));
	357	log_addr(0, "failed address",
	358	(struct sockaddr_storage*)addr, addrlen);
	359	}
291	360	closesocket(s);
292	361	#endif
293	362	return -1;

367	436	/* detect freebsd jail with no ipv6 permission */
368	437	if(addr->ai_family==AF_INET6 && errno==EINVAL)
369	438	*noproto = 1;
370		else log_err("can't bind socket: %s", strerror(errno));
	439	else {
	440	log_err("can't bind socket: %s", strerror(errno));
	441	log_addr(0, "failed address",
	442	(struct sockaddr_storage*)addr->ai_addr,
	443	addr->ai_addrlen);
	444	}
371	445	#else
372	446	log_err("can't bind socket: %s",
373	447	wsa_strerror(WSAGetLastError()));
	448	log_addr(0, "failed address",
	449	(struct sockaddr_storage*)addr->ai_addr,
	450	addr->ai_addrlen);
374	451	#endif
375	452	return -1;
376	453	}

393	470	*/
394	471	static int
395	472	make_sock(int stype, const char* ifname, const char* port,
396		struct addrinfo hints, int v6only, int noip6, size_t rcv)
	473	struct addrinfo hints, int v6only, int noip6, size_t rcv, size_t snd)
397	474	{
398	475	struct addrinfo *res = NULL;
399	476	int r, s, inuse, noproto;

419	496	if(stype == SOCK_DGRAM) {
420	497	verbose_print_addr(res);
421	498	s = create_udp_sock(res->ai_family, res->ai_socktype,
422		(struct sockaddr*)res->ai_addr,
423		res->ai_addrlen, v6only, &inuse, &noproto, (int)rcv);
	499	(struct sockaddr*)res->ai_addr, res->ai_addrlen,
	500	v6only, &inuse, &noproto, (int)rcv, (int)snd);
424	501	if(s == -1 && inuse) {
425	502	log_err("bind: address already in use");
426	503	} else if(s == -1 && noproto && hints->ai_family == AF_INET6){

439	516	/** make socket and first see if ifname contains port override info */
440	517	static int
441	518	make_sock_port(int stype, const char* ifname, const char* port,
442		struct addrinfo hints, int v6only, int noip6, size_t rcv)
	519	struct addrinfo hints, int v6only, int noip6, size_t rcv, size_t snd)
443	520	{
444	521	char* s = strchr(ifname, '@');
445	522	if(s) {

460	537	newif[s-ifname] = 0;
461	538	strncpy(p, s+1, sizeof(p));
462	539	p[strlen(s+1)]=0;
463		return make_sock(stype, newif, p, hints, v6only, noip6, rcv);
464		}
465		return make_sock(stype, ifname, port, hints, v6only, noip6, rcv);
	540	return make_sock(stype, newif, p, hints, v6only, noip6,
	541	rcv, snd);
	542	}
	543	return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd);
466	544	}
467	545
468	546	/**

552	630	* @param port: Port number to use (as string).
553	631	* @param list: list of open ports, appended to, changed to point to list head.
554	632	* @param rcv: receive buffer size for UDP
	633	* @param snd: send buffer size for UDP
555	634	* @return: returns false on error.
556	635	*/
557	636	static int
558	637	ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
559	638	struct addrinfo hints, const char port, struct listen_port** list,
560		size_t rcv)
	639	size_t rcv, size_t snd)
561	640	{
562	641	int s, noip6=0;
563	642	if(!do_udp && !do_tcp)
564	643	return 0;
565	644	if(do_auto) {
566	645	if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
567		&noip6, rcv)) == -1) {
	646	&noip6, rcv, snd)) == -1) {
568	647	if(noip6) {
569	648	log_warn("IPv6 protocol not available");
570	649	return 1;

585	664	} else if(do_udp) {
586	665	/* regular udp socket */
587	666	if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
588		&noip6, rcv)) == -1) {
	667	&noip6, rcv, snd)) == -1) {
589	668	if(noip6) {
590	669	log_warn("IPv6 protocol not available");
591	670	return 1;

603	682	}
604	683	if(do_tcp) {
605	684	if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
606		&noip6, 0)) == -1) {
	685	&noip6, 0, 0)) == -1) {
607	686	if(noip6) {
608	687	/log_warn("IPv6 protocol not available");/
609	688	return 1;

714	793	free(front);
715	794	}
716	795
717		void listen_pushback(struct listen_dnsport* listen)
718		{
719		struct listen_list *p;
720		log_assert(listen);
721		for(p = listen->cps; p; p = p->next)
722		{
723		if(p->com->type != comm_udp &&
724		p->com->type != comm_tcp_accept)
725		continue;
726		comm_point_stop_listening(p->com);
727		}
728		}
729
730		void listen_resume(struct listen_dnsport* listen)
731		{
732		struct listen_list *p;
733		log_assert(listen);
734		for(p = listen->cps; p; p = p->next)
735		{
736		if(p->com->type != comm_udp &&
737		p->com->type != comm_tcp_accept)
738		continue;
739		comm_point_start_listening(p->com, -1, -1);
740		}
741		}
742
743	796	struct listen_port*
744	797	listening_ports_open(struct config_file* cfg)
745	798	{

769	822	if(!do_ip4 && !do_ip6) {
770	823	return NULL;
771	824	}
772		if(do_auto && (!do_ip4 \|\| !do_ip6)) {
773		log_warn("interface_automatic option does not work when either do-ip4 or do-ip6 is not enabled. Disabling option.");
774		do_auto = 0;
775		}
776	825	/* create ip4 and ip6 ports so that return addresses are nice. */
777	826	if(do_auto \|\| cfg->num_ifs == 0) {
778	827	if(do_ip6) {
779	828	hints.ai_family = AF_INET6;
780	829	if(!ports_create_if(do_auto?"::0":"::1",
781	830	do_auto, cfg->do_udp, do_tcp,
782		&hints, portbuf, &list, cfg->socket_rcvbuf)) {
	831	&hints, portbuf, &list,
	832	cfg->so_rcvbuf, cfg->so_sndbuf)) {
783	833	listening_ports_free(list);
784	834	return NULL;
785	835	}

788	838	hints.ai_family = AF_INET;
789	839	if(!ports_create_if(do_auto?"0.0.0.0":"127.0.0.1",
790	840	do_auto, cfg->do_udp, do_tcp,
791		&hints, portbuf, &list, cfg->socket_rcvbuf)) {
	841	&hints, portbuf, &list,
	842	cfg->so_rcvbuf, cfg->so_sndbuf)) {
792	843	listening_ports_free(list);
793	844	return NULL;
794	845	}

800	851	hints.ai_family = AF_INET6;
801	852	if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
802	853	do_tcp, &hints, portbuf, &list,
803		cfg->socket_rcvbuf)) {
	854	cfg->so_rcvbuf, cfg->so_sndbuf)) {
804	855	listening_ports_free(list);
805	856	return NULL;
806	857	}

810	861	hints.ai_family = AF_INET;
811	862	if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
812	863	do_tcp, &hints, portbuf, &list,
813		cfg->socket_rcvbuf)) {
	864	cfg->so_rcvbuf, cfg->so_sndbuf)) {
814	865	listening_ports_free(list);
815	866	return NULL;
816	867	}

-20

services/listen_dnsport.h less more

130	130	comm_point_callback_t* cb, void* cb_arg);
131	131
132	132	/**
133		* Stop listening to the dnsports. Ports are still open but not checked
134		* for readability - performs pushback of the load.
135		* @param listen: the listening structs to stop listening on. Note that
136		* udp and tcp-accept handlers stop, but ongoing tcp-handlers are kept
137		* going, since its rude to 'reset connection by peer' them, instead,
138		* we keep them and the callback will be called when its ready. It can
139		* be dropped at that time. New tcp and udp queries can be served by
140		* other threads.
141		*/
142		void listen_pushback(struct listen_dnsport* listen);
143
144		/**
145		* Start listening again to the dnsports.
146		* Call after the listen_pushback has been called.
147		* @param listen: the listening structs to stop listening on.
148		*/
149		void listen_resume(struct listen_dnsport* listen);
150
151		/**
152	133	* delete the listening structure
153	134	* @param listen: listening structure.
154	135	*/

180	161	* @param noproto: on error, this is set true if cause is that the
181	162	IPv6 proto (family) is not available.
182	163	* @param rcv: set size on rcvbuf with socket option, if 0 it is not set.
	164	* @param snd: set size on sndbuf with socket option, if 0 it is not set.
183	165	* @return: the socket. -1 on error.
184	166	*/
185	167	int create_udp_sock(int family, int socktype, struct sockaddr* addr,
186		socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv);
	168	socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv,
	169	int snd);
187	170
188	171	/**
189	172	* Create and bind TCP listening socket

+11

-2

services/localzone.c less more

697	697	!add_as112_default(zones, cfg, buf, "9.e.f.ip6.arpa.") \|\|
698	698	!add_as112_default(zones, cfg, buf, "a.e.f.ip6.arpa.") \|\|
699	699	!add_as112_default(zones, cfg, buf, "b.e.f.ip6.arpa.") \|\|
700		!add_as112_default(zones, cfg, buf, "0.1.1.0.0.2.ip6.arpa.") \|\|
701	700	!add_as112_default(zones, cfg, buf, "8.b.d.0.1.0.0.2.ip6.arpa.")) {
702	701	log_err("out of memory adding default zone");
703	702	return 0;

967	966	log_nametypeclass(0, "transparent zone",
968	967	z->name, 0, z->dclass);
969	968	break;
	969	case local_zone_typetransparent:
	970	log_nametypeclass(0, "typetransparent zone",
	971	z->name, 0, z->dclass);
	972	break;
970	973	case local_zone_static:
971	974	log_nametypeclass(0, "static zone",
972	975	z->name, 0, z->dclass);

1095	1098	(uint16_t)ldns_buffer_begin(buf),
1096	1099	ldns_buffer_read_u16_at(buf, 2), edns);
1097	1100	return 1;
1098		}
	1101	} else if(z->type == local_zone_typetransparent) {
	1102	/* no NODATA or NXDOMAINS for this zone type */
	1103	return 0;
	1104	}
1099	1105	/* else z->type == local_zone_transparent */
1100	1106
1101	1107	/* if the zone is transparent and the name exists, but the type

1152	1158	case local_zone_refuse: return "refuse";
1153	1159	case local_zone_redirect: return "redirect";
1154	1160	case local_zone_transparent: return "transparent";
	1161	case local_zone_typetransparent: return "typetransparent";
1155	1162	case local_zone_static: return "static";
1156	1163	case local_zone_nodefault: return "nodefault";
1157	1164	}

1168	1175	*t = local_zone_static;
1169	1176	else if(strcmp(type, "transparent") == 0)
1170	1177	*t = local_zone_transparent;
	1178	else if(strcmp(type, "typetransparent") == 0)
	1179	*t = local_zone_typetransparent;
1171	1180	else if(strcmp(type, "redirect") == 0)
1172	1181	*t = local_zone_redirect;
1173	1182	else return 0;

-0

services/localzone.h less more

62	62	local_zone_static,
63	63	/** resolve normally */
64	64	local_zone_transparent,
	65	/** do not block types at localdata names */
	66	local_zone_typetransparent,
65	67	/** answer with data at zone apex */
66	68	local_zone_redirect,
67	69	/** remove default AS112 blocking contents for zone

-1

services/mesh.h less more

62	62	* Maximum number of mesh state activations. Any more is likely an
63	63	* infinite loop in the module. It is then terminated.
64	64	*/
65		#define MESH_MAX_ACTIVATION 1000
	65	#define MESH_MAX_ACTIVATION 3000
66	66
67	67	/**
68	68	* Max number of references-to-references-to-references.. search size.

+90

-12

services/outside_network.c less more

129	129	free(w);
130	130	}
131	131
	132	/**
	133	* Pick random outgoing-interface of that family, and bind it.
	134	* port set to 0 so OS picks a port number for us.
	135	* if it is the ANY address, do not bind.
	136	* @param w: tcp structure with destination address.
	137	* @param s: socket fd.
	138	* @return false on error, socket closed.
	139	*/
	140	static int
	141	pick_outgoing_tcp(struct waiting_tcp* w, int s)
	142	{
	143	struct port_if* pi = NULL;
	144	int num;
	145	#ifdef INET6
	146	if(addr_is_ip6(&w->addr, w->addrlen))
	147	num = w->outnet->num_ip6;
	148	else
	149	#endif
	150	num = w->outnet->num_ip4;
	151	if(num == 0) {
	152	log_err("no TCP outgoing interfaces of family");
	153	log_addr(VERB_OPS, "for addr", &w->addr, w->addrlen);
	154	#ifndef USE_WINSOCK
	155	close(s);
	156	#else
	157	closesocket(s);
	158	#endif
	159	return 0;
	160	}
	161	#ifdef INET6
	162	if(addr_is_ip6(&w->addr, w->addrlen))
	163	pi = &w->outnet->ip6_ifs[ub_random_max(w->outnet->rnd, num)];
	164	else
	165	#endif
	166	pi = &w->outnet->ip4_ifs[ub_random_max(w->outnet->rnd, num)];
	167	log_assert(pi);
	168	if(addr_is_any(&pi->addr, pi->addrlen)) {
	169	/* binding to the ANY interface is for listening sockets */
	170	return 1;
	171	}
	172	/* set port to 0 */
	173	if(addr_is_ip6(&pi->addr, pi->addrlen))
	174	((struct sockaddr_in6*)&pi->addr)->sin6_port = 0;
	175	else ((struct sockaddr_in*)&pi->addr)->sin_port = 0;
	176	if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) {
	177	#ifndef USE_WINSOCK
	178	log_err("outgoing tcp: bind: %s", strerror(errno));
	179	close(s);
	180	#else
	181	log_err("outgoing tcp: bind: %s",
	182	wsa_strerror(WSAGetLastError()));
	183	closesocket(s);
	184	#endif
	185	return 0;
	186	}
	187	log_addr(VERB_ALGO, "tcp bound to src", &pi->addr, pi->addrlen);
	188	return 1;
	189	}
	190
132	191	/** use next free buffer to service a tcp query */
133	192	static int
134	193	outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)

155	214	log_addr(0, "failed address", &w->addr, w->addrlen);
156	215	return 0;
157	216	}
	217	if(!pick_outgoing_tcp(w, s))
	218	return 0;
	219
158	220	fd_set_nonblock(s);
159	221	if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) {
160	222	#ifndef USE_WINSOCK

757	819	struct sockaddr_in6* sa = (struct sockaddr_in6*)addr;
758	820	sa->sin6_port = (in_port_t)htons((uint16_t)port);
759	821	fd = create_udp_sock(AF_INET6, SOCK_DGRAM,
760		(struct sockaddr*)addr, addrlen, 1, inuse, &noproto, 0);
	822	(struct sockaddr*)addr, addrlen, 1, inuse, &noproto,
	823	0, 0);
761	824	} else {
762	825	struct sockaddr_in* sa = (struct sockaddr_in*)addr;
763	826	sa->sin_port = (in_port_t)htons((uint16_t)port);
764	827	fd = create_udp_sock(AF_INET, SOCK_DGRAM,
765		(struct sockaddr*)addr, addrlen, 1, inuse, &noproto, 0);
	828	(struct sockaddr*)addr, addrlen, 1, inuse, &noproto,
	829	0, 0);
766	830	}
767	831	return fd;
768	832	}

1242	1306	if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, now, &vs,
1243	1307	&edns_lame_known, &rtt))
1244	1308	return 0;
	1309	sq->last_rtt = rtt;
	1310	verbose(VERB_ALGO, "EDNS lookup known=%d vs=%d", edns_lame_known, vs);
1245	1311	if(sq->status == serviced_initial) {
1246	1312	if(edns_lame_known == 0 && rtt > 5000 && rtt < 10001) {
1247	1313	/* perform EDNS lame probe - check if server is
1248	1314	* EDNS lame (EDNS queries to it are dropped) */
1249	1315	verbose(VERB_ALGO, "serviced query: send probe to see "
1250	1316	" if use of EDNS causes timeouts");
1251		rtt /= 10;
	1317	/* even 700 msec may be too small */
	1318	rtt = 1000;
1252	1319	sq->status = serviced_query_PROBE_EDNS;
1253	1320	} else if(vs != -1) {
1254	1321	sq->status = serviced_query_UDP_EDNS;

1258	1325	}
1259	1326	serviced_encode(sq, buff, sq->status == serviced_query_UDP_EDNS);
1260	1327	sq->last_sent_time = *sq->outnet->now_tv;
1261		sq->last_rtt = rtt;
1262	1328	sq->edns_lame_known = (int)edns_lame_known;
1263	1329	verbose(VERB_ALGO, "serviced query UDP timeout=%d msec", rtt);
1264	1330	sq->pending = pending_udp_query(sq->outnet, buff, &sq->addr,

1521	1587	serviced_callbacks(sq, error, c, rep);
1522	1588	return 0;
1523	1589	}
1524		if(sq->status == serviced_query_UDP_EDNS
	1590	if(!fallback_tcp) {
	1591	if(sq->status == serviced_query_UDP_EDNS
1525	1592	&& (LDNS_RCODE_WIRE(ldns_buffer_begin(c->buffer))
1526	1593	== LDNS_RCODE_FORMERR \|\| LDNS_RCODE_WIRE(
1527	1594	ldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOTIMPL)) {
1528	1595	/* try to get an answer by falling back without EDNS */
	1596	verbose(VERB_ALGO, "serviced query: attempt without EDNS");
1529	1597	sq->status = serviced_query_UDP_EDNS_fallback;
1530	1598	sq->retry = 0;
1531	1599	if(!serviced_udp_send(sq, c->buffer)) {
1532	1600	serviced_callbacks(sq, NETEVENT_CLOSED, c, rep);
1533	1601	}
1534	1602	return 0;
1535		} else if(sq->status == serviced_query_PROBE_EDNS) {
	1603	} else if(sq->status == serviced_query_PROBE_EDNS) {
1536	1604	/* probe without EDNS succeeds, so we conclude that this
1537	1605	* host likely has EDNS packets dropped */
1538	1606	log_addr(VERB_DETAIL, "timeouts, concluded that connection to "

1544	1612	log_err("Out of memory caching no edns for host");
1545	1613	}
1546	1614	sq->status = serviced_query_UDP;
1547		} else if(sq->status == serviced_query_UDP_EDNS &&
	1615	} else if(sq->status == serviced_query_UDP_EDNS &&
1548	1616	!sq->edns_lame_known) {
1549	1617	/* now we know that edns queries received answers store that */
	1618	log_addr(VERB_ALGO, "serviced query: EDNS works for",
	1619	&sq->addr, sq->addrlen);
1550	1620	if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
1551	1621	0, (uint32_t)now.tv_sec)) {
1552	1622	log_err("Out of memory caching edns works");
1553	1623	}
1554	1624	sq->edns_lame_known = 1;
1555		} else if(sq->status == serviced_query_UDP_EDNS_fallback &&
	1625	} else if(sq->status == serviced_query_UDP_EDNS_fallback &&
1556	1626	!sq->edns_lame_known && (LDNS_RCODE_WIRE(
1557	1627	ldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOERROR \|\|
1558	1628	LDNS_RCODE_WIRE(ldns_buffer_begin(c->buffer)) ==

1561	1631	/* the fallback produced a result that looks promising, note
1562	1632	* that this server should be approached without EDNS */
1563	1633	/* only store noEDNS in cache if domain is noDNSSEC */
1564		if(!sq->want_dnssec)
	1634	if(!sq->want_dnssec) {
	1635	log_addr(VERB_ALGO, "serviced query: EDNS fails for",
	1636	&sq->addr, sq->addrlen);
1565	1637	if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
1566	1638	-1, (uint32_t)now.tv_sec)) {
1567	1639	log_err("Out of memory caching no edns for host");
1568	1640	}
	1641	} else {
	1642	log_addr(VERB_ALGO, "serviced query: EDNS fails, but "
	1643	"not stored because need DNSSEC for", &sq->addr,
	1644	sq->addrlen);
	1645	}
1569	1646	sq->status = serviced_query_UDP;
1570		}
1571		if(now.tv_sec > sq->last_sent_time.tv_sec \|\|
	1647	}
	1648	if(now.tv_sec > sq->last_sent_time.tv_sec \|\|
1572	1649	(now.tv_sec == sq->last_sent_time.tv_sec &&
1573	1650	now.tv_usec > sq->last_sent_time.tv_usec)) {
1574	1651	/* convert from microseconds to milliseconds */

1579	1656	if(!infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen,
1580	1657	roundtime, sq->last_rtt, (uint32_t)now.tv_sec))
1581	1658	log_err("out of memory noting rtt.");
1582		}
	1659	}
	1660	} /* end of if_!fallback_tcp */
1583	1661	/* perform TC flag check and TCP fallback after updating our
1584	1662	* cache entries for EDNS status and RTT times */
1585	1663	if(LDNS_TC_WIRE(ldns_buffer_begin(c->buffer)) \|\| fallback_tcp) {

+2163

-0

smallapp/unbound-anchor.c less more

	0	/*
	1	* unbound-anchor.c - update the root anchor if necessary.
	2	*
	3	* Copyright (c) 2010, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file checks to see that the current 5011 keys work to prime the
	39	* current root anchor. If not a certificate is used to update the anchor.
	40	*
	41	* This is a concept solution for distribution of the DNSSEC root
	42	* trust anchor. It is a small tool, called "unbound-anchor", that
	43	* runs before the main validator starts. I.e. in the init script:
	44	* unbound-anchor; unbound. Thus it is meant to run at system boot time.
	45	*
	46	* Management-Abstract:
	47	* * first run: fill root.key file with hardcoded DS record.
	48	* * mostly: use RFC5011 tracking, quick . DNSKEY UDP query.
	49	* * failover: use builtin certificate, do https and update.
	50	* Special considerations:
	51	* * 30-days RFC5011 timer saves a lot of https traffic.
	52	* * DNSKEY probe must be NOERROR, saves a lot of https traffic.
	53	* * fail if clock before sign date of the root, if cert expired.
	54	* * if the root goes back to unsigned, deals with it.
	55	*
	56	* It has hardcoded the root DS anchors and the ICANN CA root certificate.
	57	* It allows with options to override those. It also takes root-hints (it
	58	* has to do a DNS resolve), and also has hardcoded defaults for those.
	59	*
	60	* Once it starts, just before the validator starts, it quickly checks if
	61	* the root anchor file needs to be updated. First it tries to use
	62	* RFC5011-tracking of the root key. If that fails (and for 30-days since
	63	* last successful probe), then it attempts to update using the
	64	* certificate. So most of the time, the RFC5011 tracking will work fine,
	65	* and within a couple milliseconds, the main daemon can start. It will
	66	* have only probed the . DNSKEY, not done expensive https transfers on the
	67	* root infrastructure.
	68	*
	69	* If there is no root key in the root.key file, it bootstraps the
	70	* RFC5011-tracking with its builtin DS anchors; if that fails it
	71	* bootstraps the RFC5011-tracking using the certificate. (again to avoid
	72	* https, and it is also faster).
	73	*
	74	* It uses the XML file by converting it to DS records and writing that to the
	75	* key file. Unbound can detect that the 'special comments' are gone, and
	76	* the file contains a list of normal DNSKEY/DS records, and uses that to
	77	* bootstrap 5011 (the KSK is made VALID).
	78	*
	79	* The certificate update is done by fetching root-anchors.xml and
	80	* root-anchors.p7s via SSL. The HTTPS certificate can be logged but is
	81	* not validated (https for channel security; the security comes from the
	82	* certificate). The 'data.iana.org' domain name A and AAAA are resolved
	83	* without DNSSEC. It tries a random IP until the transfer succeeds. It
	84	* then checks the p7s signature.
	85	*
	86	* On any failure, it leaves the root key file untouched. The main
	87	* validator has to cope with it, it cannot fix things (So a failure does
	88	* not go 'without DNSSEC', no downgrade). If it used its builtin stuff or
	89	* did the https, it exits with an exit code, so that this can trigger the
	90	* init script to log the event and potentially alert the operator that can
	91	* do a manual check.
	92	*
	93	* The date is also checked. Before 2010-07-15 is a failure (root not
	94	* signed yet; avoids attacks on system clock). The
	95	* last-successful-RFC5011-probe (if available) has to be more than 30 days
	96	* in the past (otherwise, RFC5011 should have worked). This keeps
	97	* unneccesary https traffic down. If the main certificate is expired, it
	98	* fails.
	99	*
	100	* The dates on the keys in the xml are checked (uses the libexpat xml
	101	* parser), only the valid ones are used to re-enstate RFC5011 tracking.
	102	* If 0 keys are valid, the zone has gone to insecure (a special marker is
	103	* written in the keyfile that tells the main validator daemon the zone is
	104	* insecure).
	105	*
	106	* Only the root ICANN CA is shipped, not the intermediate ones. The
	107	* intermediate CAs are included in the p7s file that was downloaded. (the
	108	* root cert is valid to 2028 and the intermediate to 2014, today).
	109	*
	110	* Obviously, the tool also has options so the operator can provide a new
	111	* keyfile, a new certificate and new URLs, and fresh root hints. By
	112	* default it logs nothing on failure and success; it 'just works'.
	113	*
	114	*/
	115
	116	#include "config.h"
	117	#include "libunbound/unbound.h"
	118	#include <ldns/rr.h>
	119	#include <expat.h>
	120	#ifndef HAVE_EXPAT_H
	121	#error "need libexpat to parse root-anchors.xml file."
	122	#endif
	123	#ifdef HAVE_GETOPT_H
	124	#include <getopt.h>
	125	#endif
	126	#ifdef HAVE_OPENSSL_SSL_H
	127	#include <openssl/ssl.h>
	128	#endif
	129	#ifdef HAVE_OPENSSL_ERR_H
	130	#include <openssl/err.h>
	131	#endif
	132	#ifdef HAVE_OPENSSL_RAND_H
	133	#include <openssl/rand.h>
	134	#endif
	135	#include <openssl/x509.h>
	136	#include <openssl/pem.h>
	137
	138	/** name of server in URL to fetch HTTPS from */
	139	#define URLNAME "data.iana.org"
	140	/** path on HTTPS server to xml file */
	141	#define XMLNAME "root-anchors/root-anchors.xml"
	142	/** path on HTTPS server to p7s file */
	143	#define P7SNAME "root-anchors/root-anchors.p7s"
	144	/** port number for https access */
	145	#define HTTPS_PORT 443
	146
	147	#ifdef USE_WINSOCK
	148	/* sneakily reuse the the wsa_strerror function, on windows */
	149	char* wsa_strerror(int err);
	150	#endif
	151
	152	/** verbosity for this application */
	153	static int verb = 0;
	154
	155	/** list of IP addresses */
	156	struct ip_list {
	157	/** next in list */
	158	struct ip_list* next;
	159	/** length of addr */
	160	socklen_t len;
	161	/** address ready to connect to */
	162	struct sockaddr_storage addr;
	163	/** has the address been used */
	164	int used;
	165	};
	166
	167	/** Give unbound-anchor usage, and exit (1). */
	168	static void
	169	usage()
	170	{
	171	printf("Usage: unbound-anchor [opts]\n");
	172	printf(" Setup or update root anchor. "
	173	"Most options have defaults.\n");
	174	printf(" Run this program before you start the validator.\n");
	175	printf("\n");
	176	printf(" The anchor and cert have default builtin content\n");
	177	printf(" if the file does not exist or is empty.\n");
	178	printf("\n");
	179	printf("-a file root key file, default %s\n", ROOT_ANCHOR_FILE);
	180	printf(" The key is input and output for this tool.\n");
	181	printf("-c file cert file, default %s\n", ROOT_CERT_FILE);
	182	printf("-l list builtin key and cert on stdout\n");
	183	printf("-u name server in https url, default %s\n", URLNAME);
	184	printf("-x path pathname to xml in url, default %s\n", XMLNAME);
	185	printf("-s path pathname to p7s in url, default %s\n", P7SNAME);
	186	printf("-4 work using IPv4 only\n");
	187	printf("-6 work using IPv6 only\n");
	188	printf("-f resolv.conf use given resolv.conf to resolve -u name\n");
	189	printf("-r root.hints use given root.hints to resolve -u name\n"
	190	" builtin root hints are used by default\n");
	191	printf("-v more verbose\n");
	192	printf("-C conf debug, read config\n");
	193	printf("-P port use port for https connect, default 443\n");
	194	printf("-F debug, force update with cert\n");
	195	printf("-h show this usage help\n");
	196	printf("Version %s\n", PACKAGE_VERSION);
	197	printf("BSD licensed, see LICENSE in source package for details.\n");
	198	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
	199	exit(1);
	200	}
	201
	202	/** return the built in root update certificate */
	203	static const char*
	204	get_builtin_cert(void)
	205	{
	206	return
	207	/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */
	208	"-----BEGIN CERTIFICATE-----\n"
	209	"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
	210	"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
	211	"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
	212	"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
	213	"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
	214	"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
	215	"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
	216	"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
	217	"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
	218	"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
	219	"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
	220	"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
	221	"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
	222	"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
	223	"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
	224	"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
	225	"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
	226	"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
	227	"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
	228	"-----END CERTIFICATE-----\n"
	229	;
	230	}
	231
	232	/** return the built in root DS trust anchor */
	233	static const char*
	234	get_builtin_ds(void)
	235	{
	236	return
	237	". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n";
	238	}
	239
	240	/** print hex data */
	241	static void
	242	print_data(char* msg, char* data, int len)
	243	{
	244	int i;
	245	printf("%s: ", msg);
	246	for(i=0; i<len; i++) {
	247	printf(" %2.2x", (unsigned char)data[i]);
	248	}
	249	printf("\n");
	250	}
	251
	252	/** print ub context creation error and exit */
	253	static void
	254	ub_ctx_error_exit(struct ub_ctx* ctx, const char* str, const char* str2)
	255	{
	256	ub_ctx_delete(ctx);
	257	if(str && str2 && verb) printf("%s: %s\n", str, str2);
	258	if(verb) printf("error: could not create unbound resolver context\n");
	259	exit(0);
	260	}
	261
	262	/**
	263	* Create a new unbound context with the commandline settings applied
	264	*/
	265	static struct ub_ctx*
	266	create_unbound_context(char* res_conf, char* root_hints, char* debugconf,
	267	int ip4only, int ip6only)
	268	{
	269	int r;
	270	struct ub_ctx* ctx = ub_ctx_create();
	271	if(!ctx) {
	272	if(verb) printf("out of memory\n");
	273	exit(0);
	274	}
	275	/* do not waste time and network traffic to fetch extra nameservers */
	276	r = ub_ctx_set_option(ctx, "target-fetch-policy:", "0 0 0 0 0");
	277	if(r && verb) printf("ctx targetfetchpolicy: %s\n", ub_strerror(r));
	278	/* read config file first, so its settings can be overridden */
	279	if(debugconf) {
	280	r = ub_ctx_config(ctx, debugconf);
	281	if(r) ub_ctx_error_exit(ctx, debugconf, ub_strerror(r));
	282	}
	283	if(res_conf) {
	284	r = ub_ctx_resolvconf(ctx, res_conf);
	285	if(r) ub_ctx_error_exit(ctx, res_conf, ub_strerror(r));
	286	}
	287	if(root_hints) {
	288	r = ub_ctx_set_option(ctx, "root-hints:", root_hints);
	289	if(r) ub_ctx_error_exit(ctx, root_hints, ub_strerror(r));
	290	}
	291	if(ip4only) {
	292	r = ub_ctx_set_option(ctx, "do-ip6:", "no");
	293	if(r) ub_ctx_error_exit(ctx, "ip4only", ub_strerror(r));
	294	}
	295	if(ip6only) {
	296	r = ub_ctx_set_option(ctx, "do-ip4:", "no");
	297	if(r) ub_ctx_error_exit(ctx, "ip6only", ub_strerror(r));
	298	}
	299	return ctx;
	300	}
	301
	302	/** printout certificate in detail */
	303	static void
	304	verb_cert(char* msg, X509* x)
	305	{
	306	if(verb == 0 \|\| verb == 1) return;
	307	if(verb == 2) {
	308	if(msg) printf("%s\n", msg);
	309	X509_print_ex_fp(stdout, x, 0, (unsigned long)-1
	310	^(X509_FLAG_NO_SUBJECT
	311	\|X509_FLAG_NO_ISSUER\|X509_FLAG_NO_VALIDITY));
	312	return;
	313	}
	314	if(msg) printf("%s\n", msg);
	315	X509_print_fp(stdout, x);
	316	}
	317
	318	/** printout certificates in detail */
	319	static void
	320	verb_certs(char* msg, STACK_OF(X509)* sk)
	321	{
	322	int i, num = sk_X509_num(sk);
	323	if(verb == 0 \|\| verb == 1) return;
	324	for(i=0; i<num; i++) {
	325	printf("%s (%d/%d)\n", msg, i, num);
	326	verb_cert(NULL, sk_X509_value(sk, i));
	327	}
	328	}
	329
	330	/** read certificates from a PEM bio */
	331	static STACK_OF(X509)*
	332	read_cert_bio(BIO* bio)
	333	{
	334	STACK_OF(X509) *sk = sk_X509_new_null();
	335	if(!sk) {
	336	if(verb) printf("out of memory\n");
	337	exit(0);
	338	}
	339	while(!BIO_eof(bio)) {
	340	X509* x = PEM_read_bio_X509(bio, NULL, 0, NULL);
	341	if(x == NULL) {
	342	if(verb) {
	343	printf("failed to read X509\n");
	344	ERR_print_errors_fp(stdout);
	345	}
	346	continue;
	347	}
	348	if(!sk_X509_push(sk, x)) {
	349	if(verb) printf("out of memory\n");
	350	exit(0);
	351	}
	352	}
	353	return sk;
	354	}
	355
	356	/* read the certificate file */
	357	static STACK_OF(X509)*
	358	read_cert_file(char* file)
	359	{
	360	STACK_OF(X509)* sk;
	361	FILE* in;
	362	int content = 0;
	363	char buf[128];
	364	if(file == NULL \|\| strcmp(file, "") == 0) {
	365	return NULL;
	366	}
	367	sk = sk_X509_new_null();
	368	if(!sk) {
	369	if(verb) printf("out of memory\n");
	370	exit(0);
	371	}
	372	in = fopen(file, "r");
	373	if(!in) {
	374	if(verb) printf("%s: %s\n", file, strerror(errno));
	375	#ifndef S_SPLINT_S
	376	sk_X509_pop_free(sk, X509_free);
	377	#endif
	378	return NULL;
	379	}
	380	while(!feof(in)) {
	381	X509* x = PEM_read_X509(in, NULL, 0, NULL);
	382	if(x == NULL) {
	383	if(verb) {
	384	printf("failed to read X509 file\n");
	385	ERR_print_errors_fp(stdout);
	386	}
	387	continue;
	388	}
	389	if(!sk_X509_push(sk, x)) {
	390	if(verb) printf("out of memory\n");
	391	fclose(in);
	392	exit(0);
	393	}
	394	content = 1;
	395	/* read away newline after --END CERT-- */
	396	if(!fgets(buf, (int)sizeof(buf), in))
	397	break;
	398	}
	399	fclose(in);
	400	if(!content) {
	401	if(verb) printf("%s is empty\n", file);
	402	#ifndef S_SPLINT_S
	403	sk_X509_pop_free(sk, X509_free);
	404	#endif
	405	return NULL;
	406	}
	407	return sk;
	408	}
	409
	410	/** read certificates from the builtin certificate */
	411	static STACK_OF(X509)*
	412	read_builtin_cert(void)
	413	{
	414	const char* builtin_cert = get_builtin_cert();
	415	STACK_OF(X509)* sk;
	416	BIO bio = BIO_new_mem_buf((void)builtin_cert,
	417	(int)strlen(builtin_cert));
	418	if(!bio) {
	419	if(verb) printf("out of memory\n");
	420	exit(0);
	421	}
	422	sk = read_cert_bio(bio);
	423	if(!sk) {
	424	if(verb) printf("internal error, out of memory\n");
	425	exit(0);
	426	}
	427	BIO_free(bio);
	428	return sk;
	429	}
	430
	431	/** read update cert file or use builtin */
	432	static STACK_OF(X509)*
	433	read_cert_or_builtin(char* file)
	434	{
	435	STACK_OF(X509) *sk = read_cert_file(file);
	436	if(!sk) {
	437	if(verb) printf("using builtin certificate\n");
	438	sk = read_builtin_cert();
	439	}
	440	if(verb) printf("have %d trusted certificates\n", sk_X509_num(sk));
	441	verb_certs("trusted certificates", sk);
	442	return sk;
	443	}
	444
	445	static void
	446	do_list_builtin(void)
	447	{
	448	const char* builtin_cert = get_builtin_cert();
	449	const char* builtin_ds = get_builtin_ds();
	450	printf("%s\n", builtin_ds);
	451	printf("%s\n", builtin_cert);
	452	exit(0);
	453	}
	454
	455	/** printout IP address with message */
	456	static void
	457	verb_addr(char* msg, struct ip_list* ip)
	458	{
	459	if(verb) {
	460	char out[100];
	461	void* a = &((struct sockaddr_in*)&ip->addr)->sin_addr;
	462	if(ip->len != (socklen_t)sizeof(struct sockaddr_in))
	463	a = &((struct sockaddr_in6*)&ip->addr)->sin6_addr;
	464
	465	if(inet_ntop((int)((struct sockaddr_in*)&ip->addr)->sin_family,
	466	a, out, (socklen_t)sizeof(out))==0)
	467	printf("%s (inet_ntop error)\n", msg);
	468	else printf("%s %s\n", msg, out);
	469	}
	470	}
	471
	472	/** free ip_list */
	473	static void
	474	ip_list_free(struct ip_list* p)
	475	{
	476	struct ip_list* np;
	477	while(p) {
	478	np = p->next;
	479	free(p);
	480	p = np;
	481	}
	482	}
	483
	484	/** create ip_list entry for a RR record */
	485	static struct ip_list*
	486	RR_to_ip(int tp, char* data, int len, int port)
	487	{
	488	struct ip_list* ip = (struct ip_list)calloc(1, sizeof(ip));
	489	uint16_t p = (uint16_t)port;
	490	if(tp == LDNS_RR_TYPE_A) {
	491	struct sockaddr_in* sa = (struct sockaddr_in*)&ip->addr;
	492	ip->len = (socklen_t)sizeof(*sa);
	493	sa->sin_family = AF_INET;
	494	sa->sin_port = (in_port_t)htons(p);
	495	if(len != (int)sizeof(sa->sin_addr)) {
	496	if(verb) printf("skipped badly formatted A\n");
	497	free(ip);
	498	return NULL;
	499	}
	500	memmove(&sa->sin_addr, data, sizeof(sa->sin_addr));
	501
	502	} else if(tp == LDNS_RR_TYPE_AAAA) {
	503	struct sockaddr_in6* sa = (struct sockaddr_in6*)&ip->addr;
	504	ip->len = (socklen_t)sizeof(*sa);
	505	sa->sin6_family = AF_INET6;
	506	sa->sin6_port = (in_port_t)htons(p);
	507	if(len != (int)sizeof(sa->sin6_addr)) {
	508	if(verb) printf("skipped badly formatted AAAA\n");
	509	free(ip);
	510	return NULL;
	511	}
	512	memmove(&sa->sin6_addr, data, sizeof(sa->sin6_addr));
	513	} else {
	514	if(verb) printf("internal error: bad type in RRtoip\n");
	515	free(ip);
	516	return NULL;
	517	}
	518	verb_addr("resolved server address", ip);
	519	return ip;
	520	}
	521
	522	/** Resolve name, type, class and add addresses to iplist */
	523	static void
	524	resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
	525	struct ip_list** head)
	526	{
	527	struct ub_result* res = NULL;
	528	int r;
	529	int i;
	530
	531	r = ub_resolve(ctx, host, tp, cl, &res);
	532	if(r) {
	533	if(verb) printf("error: resolve %s %s: %s\n", host,
	534	(tp==LDNS_RR_TYPE_A)?"A":"AAAA", ub_strerror(r));
	535	return;
	536	}
	537	if(!res) {
	538	if(verb) printf("out of memory\n");
	539	ub_ctx_delete(ctx);
	540	exit(0);
	541	}
	542	for(i = 0; res->data[i]; i++) {
	543	struct ip_list* ip = RR_to_ip(tp, res->data[i], res->len[i],
	544	port);
	545	if(!ip) continue;
	546	ip->next = *head;
	547	*head = ip;
	548	}
	549	ub_resolve_free(res);
	550	}
	551
	552	/** parse a text IP address into a sockaddr */
	553	static struct ip_list*
	554	parse_ip_addr(char* str, int port)
	555	{
	556	socklen_t len = 0;
	557	struct sockaddr_storage* addr = NULL;
	558	struct sockaddr_in6 a6;
	559	struct sockaddr_in a;
	560	struct ip_list* ip;
	561	uint16_t p = (uint16_t)port;
	562	memset(&a6, 0, sizeof(a6));
	563	memset(&a, 0, sizeof(a));
	564
	565	if(inet_pton(AF_INET6, str, &a6.sin6_addr) > 0) {
	566	/* it is an IPv6 */
	567	a6.sin6_family = AF_INET6;
	568	a6.sin6_port = (in_port_t)htons(p);
	569	addr = (struct sockaddr_storage*)&a6;
	570	len = (socklen_t)sizeof(struct sockaddr_in6);
	571	}
	572	if(inet_pton(AF_INET, str, &a.sin_addr) > 0) {
	573	/* it is an IPv4 */
	574	a.sin_family = AF_INET;
	575	a.sin_port = (in_port_t)htons(p);
	576	addr = (struct sockaddr_storage*)&a;
	577	len = (socklen_t)sizeof(struct sockaddr_in);
	578	}
	579	if(!len) return NULL;
	580	ip = (struct ip_list)calloc(1, sizeof(ip));
	581	if(!ip) {
	582	if(verb) printf("out of memory\n");
	583	exit(0);
	584	}
	585	ip->len = len;
	586	memmove(&ip->addr, addr, len);
	587	if(verb) printf("server address is %s\n", str);
	588	return ip;
	589	}
	590
	591	/**
	592	* Resolve a domain name (even though the resolver is down and there is
	593	* no trust anchor). Without DNSSEC validation.
	594	* @param host: the name to resolve.
	595	* If this name is an IP4 or IP6 address this address is returned.
	596	* @param port: the port number used for the returned IP structs.
	597	* @param res_conf: resolv.conf (if any).
	598	* @param root_hints: root hints (if any).
	599	* @param debugconf: unbound.conf for debugging options.
	600	* @param ip4only: use only ip4 for resolve and only lookup A
	601	* @param ip6only: use only ip6 for resolve and only lookup AAAA
	602	* default is to lookup A and AAAA using ip4 and ip6.
	603	* @return list of IP addresses.
	604	*/
	605	static struct ip_list*
	606	resolve_name(char* host, int port, char* res_conf, char* root_hints,
	607	char* debugconf, int ip4only, int ip6only)
	608	{
	609	struct ub_ctx* ctx;
	610	struct ip_list* list = NULL;
	611	/* first see if name is an IP address itself */
	612	if( (list=parse_ip_addr(host, port)) ) {
	613	return list;
	614	}
	615
	616	/* create resolver context */
	617	ctx = create_unbound_context(res_conf, root_hints, debugconf,
	618	ip4only, ip6only);
	619
	620	/* try resolution of A */
	621	if(!ip6only) {
	622	resolve_host_ip(ctx, host, port, LDNS_RR_TYPE_A,
	623	LDNS_RR_CLASS_IN, &list);
	624	}
	625
	626	/* try resolution of AAAA */
	627	if(!ip4only) {
	628	resolve_host_ip(ctx, host, port, LDNS_RR_TYPE_AAAA,
	629	LDNS_RR_CLASS_IN, &list);
	630	}
	631
	632	ub_ctx_delete(ctx);
	633	if(!list) {
	634	if(verb) printf("%s has no IP addresses I can use\n", host);
	635	exit(0);
	636	}
	637	return list;
	638	}
	639
	640	/** clear used flags */
	641	static void
	642	wipe_ip_usage(struct ip_list* p)
	643	{
	644	while(p) {
	645	p->used = 0;
	646	p = p->next;
	647	}
	648	}
	649
	650	/** cound unused IPs */
	651	static int
	652	count_unused(struct ip_list* p)
	653	{
	654	int num = 0;
	655	while(p) {
	656	if(!p->used) num++;
	657	p = p->next;
	658	}
	659	return num;
	660	}
	661
	662	/** pick random unused element from IP list */
	663	static struct ip_list*
	664	pick_random_ip(struct ip_list* list)
	665	{
	666	struct ip_list* p = list;
	667	int num = count_unused(list);
	668	int sel;
	669	if(num == 0) return NULL;
	670	/* not perfect, but random enough */
	671	sel = (int)ldns_get_random() % num;
	672	/* skip over unused elements that we did not select */
	673	while(sel > 0 && p) {
	674	if(!p->used) sel--;
	675	p = p->next;
	676	}
	677	/* find the next unused element */
	678	while(p && p->used)
	679	p = p->next;
	680	if(!p) return NULL; /* robustness */
	681	return p;
	682	}
	683
	684	/** close the fd */
	685	static void
	686	fd_close(int fd)
	687	{
	688	#ifndef USE_WINSOCK
	689	close(fd);
	690	#else
	691	closesocket(fd);
	692	#endif
	693	}
	694
	695	/** printout socket errno */
	696	static void
	697	print_sock_err(const char* msg)
	698	{
	699	#ifndef USE_WINSOCK
	700	if(verb) printf("%s: %s\n", msg, strerror(errno));
	701	#else
	702	if(verb) printf("%s: %s\n", msg, wsa_strerror(WSAGetLastError()));
	703	#endif
	704	}
	705
	706	/** connect to IP address */
	707	static int
	708	connect_to_ip(struct ip_list* ip)
	709	{
	710	int fd;
	711	verb_addr("connect to", ip);
	712	fd = socket(ip->len==(socklen_t)sizeof(struct sockaddr_in)?
	713	AF_INET:AF_INET6, SOCK_STREAM, 0);
	714	if(fd == -1) {
	715	print_sock_err("socket");
	716	return -1;
	717	}
	718	if(connect(fd, (struct sockaddr*)&ip->addr, ip->len) < 0) {
	719	print_sock_err("connect");
	720	fd_close(fd);
	721	return -1;
	722	}
	723	return fd;
	724	}
	725
	726	/** create SSL context */
	727	static SSL_CTX*
	728	setup_sslctx(void)
	729	{
	730	SSL_CTX* sslctx = SSL_CTX_new(SSLv23_client_method());
	731	if(!sslctx) {
	732	if(verb) printf("SSL_CTX_new error\n");
	733	return NULL;
	734	}
	735	return sslctx;
	736	}
	737
	738	/** initiate TLS on a connection */
	739	static SSL*
	740	TLS_initiate(SSL_CTX* sslctx, int fd)
	741	{
	742	X509* x;
	743	int r;
	744	SSL* ssl = SSL_new(sslctx);
	745	if(!ssl) {
	746	if(verb) printf("SSL_new error\n");
	747	return NULL;
	748	}
	749	SSL_set_connect_state(ssl);
	750	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
	751	if(!SSL_set_fd(ssl, fd)) {
	752	if(verb) printf("SSL_set_fd error\n");
	753	SSL_free(ssl);
	754	return NULL;
	755	}
	756	while(1) {
	757	ERR_clear_error();
	758	if( (r=SSL_do_handshake(ssl)) == 1)
	759	break;
	760	r = SSL_get_error(ssl, r);
	761	if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE) {
	762	if(verb) printf("SSL handshake failed\n");
	763	SSL_free(ssl);
	764	return NULL;
	765	}
	766	/* wants to be called again */
	767	}
	768	x = SSL_get_peer_certificate(ssl);
	769	if(!x) {
	770	if(verb) printf("Server presented no peer certificate\n");
	771	SSL_free(ssl);
	772	return NULL;
	773	}
	774	verb_cert("server SSL certificate", x);
	775	X509_free(x);
	776	return ssl;
	777	}
	778
	779	/** perform neat TLS shutdown */
	780	static void
	781	TLS_shutdown(int fd, SSL* ssl, SSL_CTX* sslctx)
	782	{
	783	/* shutdown the SSL connection nicely */
	784	if(SSL_shutdown(ssl) == 0) {
	785	SSL_shutdown(ssl);
	786	}
	787	SSL_free(ssl);
	788	SSL_CTX_free(sslctx);
	789	fd_close(fd);
	790	}
	791
	792	/** write a line over SSL */
	793	static int
	794	write_ssl_line(SSL* ssl, char* str, char* sec)
	795	{
	796	char buf[1024];
	797	size_t l;
	798	if(sec) {
	799	snprintf(buf, sizeof(buf), str, sec);
	800	} else {
	801	snprintf(buf, sizeof(buf), "%s", str);
	802	}
	803	l = strlen(buf);
	804	if(l+2 >= sizeof(buf)) {
	805	if(verb) printf("line too long\n");
	806	return 0;
	807	}
	808	if(verb >= 2) printf("SSL_write: %s\n", buf);
	809	buf[l] = '\r';
	810	buf[l+1] = '\n';
	811	buf[l+2] = 0;
	812	/* add \r\n */
	813	if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0) {
	814	if(verb) printf("could not SSL_write %s", str);
	815	return 0;
	816	}
	817	return 1;
	818	}
	819
	820	/** process header line, check rcode and keeping track of size */
	821	static int
	822	process_one_header(char* buf, size_t* clen, int* chunked)
	823	{
	824	if(verb>=2) printf("header: '%s'\n", buf);
	825	if(strncasecmp(buf, "HTTP/1.1 ", 9) == 0) {
	826	/* check returncode */
	827	if(buf[9] != '2') {
	828	if(verb) printf("bad status %s\n", buf+9);
	829	return 0;
	830	}
	831	} else if(strncasecmp(buf, "Content-Length: ", 16) == 0) {
	832	if(!*chunked)
	833	*clen = (size_t)atoi(buf+16);
	834	} else if(strncasecmp(buf, "Transfer-Encoding: chunked", 19+7) == 0) {
	835	*clen = 0;
	836	*chunked = 1;
	837	}
	838	return 1;
	839	}
	840
	841	/**
	842	* Read one line from SSL
	843	* zero terminates.
	844	* skips "\r\n" (but not copied to buf).
	845	* @param ssl: the SSL connection to read from (blocking).
	846	* @param buf: buffer to return line in.
	847	* @param len: size of the buffer.
	848	* @return 0 on error, 1 on success.
	849	*/
	850	static int
	851	read_ssl_line(SSL* ssl, char* buf, size_t len)
	852	{
	853	size_t n = 0;
	854	int r;
	855	int endnl = 0;
	856	while(1) {
	857	if(n >= len) {
	858	if(verb) printf("line too long\n");
	859	return 0;
	860	}
	861	if((r = SSL_read(ssl, buf+n, 1)) <= 0) {
	862	if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
	863	/* EOF */
	864	break;
	865	}
	866	if(verb) printf("could not SSL_read\n");
	867	return 0;
	868	}
	869	if(endnl && buf[n] == '\n') {
	870	break;
	871	} else if(endnl) {
	872	/* bad data */
	873	if(verb) printf("error: stray linefeeds\n");
	874	return 0;
	875	} else if(buf[n] == '\r') {
	876	/* skip \r, and also \n on the wire */
	877	endnl = 1;
	878	continue;
	879	} else if(buf[n] == '\n') {
	880	/* skip the \n, we are done */
	881	break;
	882	} else n++;
	883	}
	884	buf[n] = 0;
	885	return 1;
	886	}
	887
	888	/** read http headers and process them */
	889	static size_t
	890	read_http_headers(SSL* ssl, size_t* clen)
	891	{
	892	char buf[1024];
	893	int chunked = 0;
	894	*clen = 0;
	895	while(read_ssl_line(ssl, buf, sizeof(buf))) {
	896	if(buf[0] == 0)
	897	return 1;
	898	if(!process_one_header(buf, clen, &chunked))
	899	return 0;
	900	}
	901	return 0;
	902	}
	903
	904	/** read a data chunk */
	905	static char*
	906	read_data_chunk(SSL* ssl, size_t len)
	907	{
	908	size_t got = 0;
	909	int r;
	910	char* data = malloc(len+1);
	911	if(!data) {
	912	if(verb) printf("out of memory\n");
	913	return NULL;
	914	}
	915	while(got < len) {
	916	if((r = SSL_read(ssl, data+got, (int)(len-got))) <= 0) {
	917	if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
	918	/* EOF */
	919	if(verb) printf("could not SSL_read: unexpected EOF\n");
	920	free(data);
	921	return NULL;
	922	}
	923	if(verb) printf("could not SSL_read\n");
	924	free(data);
	925	return NULL;
	926	}
	927	if(verb >= 2) printf("at %d/%d\n", (int)got, (int)len);
	928	got += r;
	929	}
	930	if(verb>=2) printf("read %d data\n", (int)len);
	931	data[len] = 0;
	932	return data;
	933	}
	934
	935	/** parse chunk header */
	936	static int
	937	parse_chunk_header(char* buf, size_t* result)
	938	{
	939	char* e = NULL;
	940	size_t v = (size_t)strtol(buf, &e, 16);
	941	if(e == buf)
	942	return 0;
	943	*result = v;
	944	return 1;
	945	}
	946
	947	/** read chunked data from connection */
	948	static BIO*
	949	do_chunked_read(SSL* ssl)
	950	{
	951	char buf[1024];
	952	size_t len;
	953	char* body;
	954	BIO* mem = BIO_new(BIO_s_mem());
	955	if(verb>=3) printf("do_chunked_read\n");
	956	if(!mem) {
	957	if(verb) printf("out of memory\n");
	958	return NULL;
	959	}
	960	while(read_ssl_line(ssl, buf, sizeof(buf))) {
	961	/* read the chunked start line */
	962	if(verb>=2) printf("chunk header: %s\n", buf);
	963	if(!parse_chunk_header(buf, &len)) {
	964	BIO_free(mem);
	965	if(verb>=3) printf("could not parse chunk header\n");
	966	return NULL;
	967	}
	968	if(verb>=2) printf("chunk len: %d\n", (int)len);
	969	/* are we done? */
	970	if(len == 0) {
	971	char z = 0;
	972	/* skip end-of-chunk-trailer lines,
	973	* until the empty line after that */
	974	do {
	975	if(!read_ssl_line(ssl, buf, sizeof(buf))) {
	976	BIO_free(mem);
	977	return NULL;
	978	}
	979	} while (strlen(buf) > 0);
	980	/* end of chunks, zero terminate it */
	981	if(BIO_write(mem, &z, 1) <= 0) {
	982	if(verb) printf("out of memory\n");
	983	BIO_free(mem);
	984	return NULL;
	985	}
	986	return mem;
	987	}
	988	/* read the chunked body */
	989	body = read_data_chunk(ssl, len);
	990	if(!body) {
	991	BIO_free(mem);
	992	return NULL;
	993	}
	994	if(BIO_write(mem, body, (int)len) <= 0) {
	995	if(verb) printf("out of memory\n");
	996	free(body);
	997	BIO_free(mem);
	998	return NULL;
	999	}
	1000	free(body);
	1001	/* skip empty line after data chunk */
	1002	if(!read_ssl_line(ssl, buf, sizeof(buf))) {
	1003	BIO_free(mem);
	1004	return NULL;
	1005	}
	1006	}
	1007	BIO_free(mem);
	1008	return NULL;
	1009	}
	1010
	1011	/** start HTTP1.1 transaction on SSL */
	1012	static int
	1013	write_http_get(SSL* ssl, char* pathname, char* urlname)
	1014	{
	1015	if(write_ssl_line(ssl, "GET /%s HTTP/1.1", pathname) &&
	1016	write_ssl_line(ssl, "Host: %s", urlname) &&
	1017	write_ssl_line(ssl, "User-Agent: unbound-anchor/%s",
	1018	PACKAGE_VERSION) &&
	1019	/* We do not really do multiple queries per connection,
	1020	* but this header setting is also not needed.
	1021	* write_ssl_line(ssl, "Connection: close", NULL) &&*/
	1022	write_ssl_line(ssl, "", NULL)) {
	1023	return 1;
	1024	}
	1025	return 0;
	1026	}
	1027
	1028	/** read chunked data and zero terminate; len is without zero */
	1029	static char*
	1030	read_chunked_zero_terminate(SSL* ssl, size_t* len)
	1031	{
	1032	/* do the chunked version */
	1033	BIO* tmp = do_chunked_read(ssl);
	1034	char* data, *d = NULL;
	1035	size_t l;
	1036	if(!tmp) {
	1037	if(verb) printf("could not read from https\n");
	1038	return NULL;
	1039	}
	1040	l = (size_t)BIO_get_mem_data(tmp, &d);
	1041	if(verb>=2) printf("chunked data is %d\n", (int)l);
	1042	if(l == 0 \|\| d == NULL) {
	1043	if(verb) printf("out of memory\n");
	1044	return NULL;
	1045	}
	1046	*len = l-1;
	1047	data = (char*)malloc(l);
	1048	if(data == NULL) {
	1049	if(verb) printf("out of memory\n");
	1050	return NULL;
	1051	}
	1052	memcpy(data, d, l);
	1053	BIO_free(tmp);
	1054	return data;
	1055	}
	1056
	1057	/** read HTTP result from SSL */
	1058	static BIO*
	1059	read_http_result(SSL* ssl)
	1060	{
	1061	size_t len = 0;
	1062	char* data;
	1063	BIO* m;
	1064	if(!read_http_headers(ssl, &len)) {
	1065	return NULL;
	1066	}
	1067	if(len == 0) {
	1068	data = read_chunked_zero_terminate(ssl, &len);
	1069	} else {
	1070	data = read_data_chunk(ssl, len);
	1071	}
	1072	if(!data) return NULL;
	1073	if(verb >= 4) print_data("read data", data, (int)len);
	1074	m = BIO_new_mem_buf(data, (int)len);
	1075	if(!m) {
	1076	if(verb) printf("out of memory\n");
	1077	exit(0);
	1078	}
	1079	return m;
	1080	}
	1081
	1082	/** https to an IP addr, return BIO with pathname or NULL */
	1083	static BIO*
	1084	https_to_ip(struct ip_list* ip, char* pathname, char* urlname)
	1085	{
	1086	int fd;
	1087	SSL* ssl;
	1088	BIO* bio;
	1089	SSL_CTX* sslctx = setup_sslctx();
	1090	if(!sslctx) {
	1091	return NULL;
	1092	}
	1093	fd = connect_to_ip(ip);
	1094	if(fd == -1) {
	1095	SSL_CTX_free(sslctx);
	1096	return NULL;
	1097	}
	1098	ssl = TLS_initiate(sslctx, fd);
	1099	if(!ssl) {
	1100	SSL_CTX_free(sslctx);
	1101	fd_close(fd);
	1102	return NULL;
	1103	}
	1104	if(!write_http_get(ssl, pathname, urlname)) {
	1105	if(verb) printf("could not write to server\n");
	1106	SSL_free(ssl);
	1107	SSL_CTX_free(sslctx);
	1108	fd_close(fd);
	1109	return NULL;
	1110	}
	1111	bio = read_http_result(ssl);
	1112	TLS_shutdown(fd, ssl, sslctx);
	1113	return bio;
	1114	}
	1115
	1116	/**
	1117	* Do a HTTPS, HTTP1.1 over TLS, to fetch a file
	1118	* @param ip_list: list of IP addresses to use to fetch from.
	1119	* @param pathname: pathname of file on server to GET.
	1120	* @param urlname: name to pass as the virtual host for this request.
	1121	* @return a memory BIO with the file in it.
	1122	*/
	1123	static BIO*
	1124	https(struct ip_list* ip_list, char* pathname, char* urlname)
	1125	{
	1126	struct ip_list* ip;
	1127	BIO* bio = NULL;
	1128	/* try random address first, and work through the list */
	1129	wipe_ip_usage(ip_list);
	1130	while( (ip = pick_random_ip(ip_list)) ) {
	1131	ip->used = 1;
	1132	bio = https_to_ip(ip, pathname, urlname);
	1133	if(bio) break;
	1134	}
	1135	if(!bio) {
	1136	if(verb) printf("could not fetch %s\n", pathname);
	1137	exit(0);
	1138	} else {
	1139	if(verb) printf("fetched %s (%d bytes)\n",
	1140	pathname, (int)BIO_ctrl_pending(bio));
	1141	}
	1142	return bio;
	1143	}
	1144
	1145	/** free up a downloaded file BIO */
	1146	static void
	1147	free_file_bio(BIO* bio)
	1148	{
	1149	char* pp = NULL;
	1150	(void)BIO_reset(bio);
	1151	(void)BIO_get_mem_data(bio, &pp);
	1152	free(pp);
	1153	BIO_free(bio);
	1154	}
	1155
	1156	/** XML parse private data during the parse */
	1157	struct xml_data {
	1158	/** the parser, reference */
	1159	XML_Parser parser;
	1160	/** the current tag; malloced; or NULL outside of tags */
	1161	char* tag;
	1162	/** current date to use during the parse */
	1163	time_t date;
	1164	/** number of keys usefully read in */
	1165	int num_keys;
	1166	/** the compiled anchors as DS records */
	1167	BIO* ds;
	1168
	1169	/** do we want to use this anchor? */
	1170	int use_key;
	1171	/** the current anchor: Zone */
	1172	BIO* czone;
	1173	/** the current anchor: KeyTag */
	1174	BIO* ctag;
	1175	/** the current anchor: Algorithm */
	1176	BIO* calgo;
	1177	/** the current anchor: DigestType */
	1178	BIO* cdigtype;
	1179	/** the current anchor: Digest*/
	1180	BIO* cdigest;
	1181	};
	1182
	1183	/** The BIO for the tag */
	1184	static BIO*
	1185	xml_selectbio(struct xml_data* data, const char* tag)
	1186	{
	1187	BIO* b = NULL;
	1188	if(strcasecmp(tag, "KeyTag") == 0)
	1189	b = data->ctag;
	1190	else if(strcasecmp(tag, "Algorithm") == 0)
	1191	b = data->calgo;
	1192	else if(strcasecmp(tag, "DigestType") == 0)
	1193	b = data->cdigtype;
	1194	else if(strcasecmp(tag, "Digest") == 0)
	1195	b = data->cdigest;
	1196	return b;
	1197	}
	1198
	1199	/**
	1200	* XML handle character data, the data inside an element.
	1201	* @param userData: xml_data structure
	1202	* @param s: the character data. May not all be in one callback.
	1203	* NOT zero terminated.
	1204	* @param len: length of this part of the data.
	1205	*/
	1206	void
	1207	xml_charhandle(void userData, const XML_Char s, int len)
	1208	{
	1209	struct xml_data* data = (struct xml_data*)userData;
	1210	BIO* b = NULL;
	1211	/* skip characters outside of elements */
	1212	if(!data->tag)
	1213	return;
	1214	if(verb>=4) {
	1215	int i;
	1216	printf("%s%s charhandle: '",
	1217	data->use_key?"use ":"",
	1218	data->tag?data->tag:"none");
	1219	for(i=0; i<len; i++)
	1220	printf("%c", s[i]);
	1221	printf("'\n");
	1222	}
	1223	if(strcasecmp(data->tag, "Zone") == 0) {
	1224	if(BIO_write(data->czone, s, len) <= 0) {
	1225	if(verb) printf("out of memory in BIO_write\n");
	1226	exit(0);
	1227	}
	1228	return;
	1229	}
	1230	/* only store if key is used */
	1231	if(!data->use_key)
	1232	return;
	1233	b = xml_selectbio(data, data->tag);
	1234	if(b) {
	1235	if(BIO_write(b, s, len) <= 0) {
	1236	if(verb) printf("out of memory in BIO_write\n");
	1237	exit(0);
	1238	}
	1239	}
	1240	}
	1241
	1242	/**
	1243	* XML fetch value of particular attribute(by name) or NULL if not present.
	1244	* @param atts: attribute array (from xml_startelem).
	1245	* @param name: name of attribute to look for.
	1246	* @return the value or NULL. (ptr into atts).
	1247	*/
	1248	static const XML_Char*
	1249	find_att(const XML_Char *atts, XML_Char name)
	1250	{
	1251	int i;
	1252	for(i=0; atts[i]; i+=2) {
	1253	if(strcasecmp(atts[i], name) == 0)
	1254	return atts[i+1];
	1255	}
	1256	return NULL;
	1257	}
	1258
	1259	/**
	1260	* XML convert DateTime element to time_t.
	1261	* [-]CCYY-MM-DDThh:mm:ss[Z\|(+\|-)hh:mm]
	1262	* (with optional .ssssss fractional seconds)
	1263	* @param str: the string
	1264	* @return a time_t representation or 0 on failure.
	1265	*/
	1266	static time_t
	1267	xml_convertdate(const char* str)
	1268	{
	1269	time_t t = 0;
	1270	struct tm tm;
	1271	const char* s;
	1272	/* for this application, ignore minus in front;
	1273	* only positive dates are expected */
	1274	s = str;
	1275	if(s[0] == '-') s++;
	1276	memset(&tm, 0, sizeof(tm));
	1277	/* parse initial content of the string (lots of whitespace allowed) */
	1278	s = strptime(s, "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm);
	1279	if(!s) {
	1280	if(verb) printf("xml_convertdate parse failure %s\n", str);
	1281	return 0;
	1282	}
	1283	/* parse remainder of date string */
	1284	if(*s == '.') {
	1285	/* optional '.' and fractional seconds */
	1286	int frac = 0, n = 0;
	1287	if(sscanf(s+1, "%d%n", &frac, &n) < 1) {
	1288	if(verb) printf("xml_convertdate f failure %s\n", str);
	1289	return 0;
	1290	}
	1291	/* fraction is not used, time_t has second accuracy */
	1292	s++;
	1293	s+=n;
	1294	}
	1295	if(s == 'Z' \|\| s == 'z') {
	1296	/* nothing to do for this */
	1297	s++;
	1298	} else if(s == '+' \|\| s == '-') {
	1299	/* optional timezone spec: Z or +hh:mm or -hh:mm */
	1300	int hr = 0, mn = 0, n = 0;
	1301	if(sscanf(s+1, "%d:%d%n", &hr, &mn, &n) < 2) {
	1302	if(verb) printf("xml_convertdate tz failure %s\n", str);
	1303	return 0;
	1304	}
	1305	if(*s == '+') {
	1306	tm.tm_hour += hr;
	1307	tm.tm_min += mn;
	1308	} else {
	1309	tm.tm_hour -= hr;
	1310	tm.tm_min -= mn;
	1311	}
	1312	s++;
	1313	s += n;
	1314	}
	1315	if(*s != 0) {
	1316	/* not ended properly */
	1317	/* but ignore, (lenient) */
	1318	}
	1319
	1320	t = mktime(&tm);
	1321	if(t == (time_t)-1) {
	1322	if(verb) printf("xml_convertdate mktime failure\n");
	1323	return 0;
	1324	}
	1325	return t;
	1326	}
	1327
	1328	/**
	1329	* XML handle the KeyDigest start tag, check validity periods.
	1330	*/
	1331	static void
	1332	handle_keydigest(struct xml_data* data, const XML_Char **atts)
	1333	{
	1334	data->use_key = 0;
	1335	if(find_att(atts, "validFrom")) {
	1336	time_t from = xml_convertdate(find_att(atts, "validFrom"));
	1337	if(from == 0) {
	1338	if(verb) printf("error: xml cannot be parsed\n");
	1339	exit(0);
	1340	}
	1341	if(data->date < from)
	1342	return;
	1343	}
	1344	if(find_att(atts, "validUntil")) {
	1345	time_t until = xml_convertdate(find_att(atts, "validUntil"));
	1346	if(until == 0) {
	1347	if(verb) printf("error: xml cannot be parsed\n");
	1348	exit(0);
	1349	}
	1350	if(data->date > until)
	1351	return;
	1352	}
	1353	/* yes we want to use this key */
	1354	data->use_key = 1;
	1355	(void)BIO_reset(data->ctag);
	1356	(void)BIO_reset(data->calgo);
	1357	(void)BIO_reset(data->cdigtype);
	1358	(void)BIO_reset(data->cdigest);
	1359	}
	1360
	1361	/** See if XML element equals the zone name */
	1362	static int
	1363	xml_is_zone_name(BIO* zone, char* name)
	1364	{
	1365	char buf[1024];
	1366	char* z = NULL;
	1367	long zlen;
	1368	(void)BIO_seek(zone, 0);
	1369	zlen = BIO_get_mem_data(zone, &z);
	1370	if(!zlen \|\| !z) return 0;
	1371	/* zero terminate */
	1372	if(zlen >= (long)sizeof(buf)) return 0;
	1373	memmove(buf, z, (size_t)zlen);
	1374	buf[zlen] = 0;
	1375	/* compare */
	1376	return (strncasecmp(buf, name, strlen(name)) == 0);
	1377	}
	1378
	1379	/**
	1380	* XML start of element. This callback is called whenever an XML tag starts.
	1381	* XML_Char is UTF8.
	1382	* @param userData: the xml_data structure.
	1383	* @param name: the tag that starts.
	1384	* @param atts: array of strings, pairs of attr = value, ends with NULL.
	1385	* i.e. att[0]="att[1]" att[2]="att[3]" att[4]isNull
	1386	*/
	1387	static void
	1388	xml_startelem(void userData, const XML_Char name, const XML_Char **atts)
	1389	{
	1390	struct xml_data* data = (struct xml_data*)userData;
	1391	BIO* b;
	1392	if(verb>=4) printf("xml tag start '%s'\n", name);
	1393	free(data->tag);
	1394	data->tag = strdup(name);
	1395	if(!data->tag) {
	1396	if(verb) printf("out of memory\n");
	1397	exit(0);
	1398	}
	1399	if(verb>=4) {
	1400	int i;
	1401	for(i=0; atts[i]; i+=2) {
	1402	printf(" %s='%s'\n", atts[i], atts[i+1]);
	1403	}
	1404	}
	1405	/* handle attributes to particular types */
	1406	if(strcasecmp(name, "KeyDigest") == 0) {
	1407	handle_keydigest(data, atts);
	1408	return;
	1409	} else if(strcasecmp(name, "Zone") == 0) {
	1410	(void)BIO_reset(data->czone);
	1411	return;
	1412	}
	1413
	1414	/* for other types we prepare to pick up the data */
	1415	if(!data->use_key)
	1416	return;
	1417	b = xml_selectbio(data, data->tag);
	1418	if(b) {
	1419	/* empty it */
	1420	(void)BIO_reset(b);
	1421	}
	1422	}
	1423
	1424	/** Append str to bio */
	1425	static void
	1426	xml_append_str(BIO* b, const char* s)
	1427	{
	1428	if(BIO_write(b, s, (int)strlen(s)) <= 0) {
	1429	if(verb) printf("out of memory in BIO_write\n");
	1430	exit(0);
	1431	}
	1432	}
	1433
	1434	/** Append bio to bio */
	1435	static void
	1436	xml_append_bio(BIO* b, BIO* a)
	1437	{
	1438	char* z = NULL;
	1439	long i, len;
	1440	(void)BIO_seek(a, 0);
	1441	len = BIO_get_mem_data(a, &z);
	1442	if(!len \|\| !z) {
	1443	if(verb) printf("out of memory in BIO_write\n");
	1444	exit(0);
	1445	}
	1446	/* remove newlines in the data here */
	1447	for(i=0; i<len; i++) {
	1448	if(z[i] == '\r' \|\| z[i] == '\n')
	1449	z[i] = ' ';
	1450	}
	1451	/* write to BIO */
	1452	if(BIO_write(b, z, len) <= 0) {
	1453	if(verb) printf("out of memory in BIO_write\n");
	1454	exit(0);
	1455	}
	1456	}
	1457
	1458	/** write the parsed xml-DS to the DS list */
	1459	static void
	1460	xml_append_ds(struct xml_data* data)
	1461	{
	1462	/* write DS to accumulated DS */
	1463	xml_append_str(data->ds, ". IN DS ");
	1464	xml_append_bio(data->ds, data->ctag);
	1465	xml_append_str(data->ds, " ");
	1466	xml_append_bio(data->ds, data->calgo);
	1467	xml_append_str(data->ds, " ");
	1468	xml_append_bio(data->ds, data->cdigtype);
	1469	xml_append_str(data->ds, " ");
	1470	xml_append_bio(data->ds, data->cdigest);
	1471	xml_append_str(data->ds, "\n");
	1472	data->num_keys++;
	1473	}
	1474
	1475	/**
	1476	* XML end of element. This callback is called whenever an XML tag ends.
	1477	* XML_Char is UTF8.
	1478	* @param userData: the xml_data structure
	1479	* @param name: the tag that ends.
	1480	*/
	1481	static void
	1482	xml_endelem(void userData, const XML_Char name)
	1483	{
	1484	struct xml_data* data = (struct xml_data*)userData;
	1485	if(verb>=4) printf("xml tag end '%s'\n", name);
	1486	free(data->tag);
	1487	data->tag = NULL;
	1488	if(strcasecmp(name, "KeyDigest") == 0) {
	1489	if(data->use_key)
	1490	xml_append_ds(data);
	1491	data->use_key = 0;
	1492	} else if(strcasecmp(name, "Zone") == 0) {
	1493	if(!xml_is_zone_name(data->czone, ".")) {
	1494	if(verb) printf("xml not for the right zone\n");
	1495	exit(0);
	1496	}
	1497	}
	1498	}
	1499
	1500	/**
	1501	* XML parser setup of the callbacks for the tags
	1502	*/
	1503	static void
	1504	xml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now)
	1505	{
	1506	char buf[1024];
	1507	memset(data, 0, sizeof(*data));
	1508	XML_SetUserData(parser, data);
	1509	data->parser = parser;
	1510	data->date = now;
	1511	data->ds = BIO_new(BIO_s_mem());
	1512	data->ctag = BIO_new(BIO_s_mem());
	1513	data->czone = BIO_new(BIO_s_mem());
	1514	data->calgo = BIO_new(BIO_s_mem());
	1515	data->cdigtype = BIO_new(BIO_s_mem());
	1516	data->cdigest = BIO_new(BIO_s_mem());
	1517	if(!data->ds \|\| !data->ctag \|\| !data->calgo \|\| !data->czone \|\|
	1518	!data->cdigtype \|\| !data->cdigest) {
	1519	if(verb) printf("out of memory\n");
	1520	exit(0);
	1521	}
	1522	snprintf(buf, sizeof(buf), "; created by unbound-anchor on %s",
	1523	ctime(&now));
	1524	if(BIO_write(data->ds, buf, (int)strlen(buf)) <= 0) {
	1525	if(verb) printf("out of memory\n");
	1526	exit(0);
	1527	}
	1528	XML_SetElementHandler(parser, xml_startelem, xml_endelem);
	1529	XML_SetCharacterDataHandler(parser, xml_charhandle);
	1530	}
	1531
	1532	/**
	1533	* Perform XML parsing of the root-anchors file
	1534	* Its format description can be read here
	1535	* https://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.txt
	1536	* It uses libexpat.
	1537	* @param xml: BIO with xml data.
	1538	* @param now: the current time for checking DS validity periods.
	1539	* @return memoryBIO with the DS data in zone format.
	1540	* or NULL if the zone is insecure.
	1541	* (It exit()s on error)
	1542	*/
	1543	static BIO*
	1544	xml_parse(BIO* xml, time_t now)
	1545	{
	1546	char* pp;
	1547	int len;
	1548	XML_Parser parser;
	1549	struct xml_data data;
	1550
	1551	parser = XML_ParserCreate(NULL);
	1552	if(!parser) {
	1553	if(verb) printf("could not XML_ParserCreate\n");
	1554	exit(0);
	1555	}
	1556
	1557	/* setup callbacks */
	1558	xml_parse_setup(parser, &data, now);
	1559
	1560	/* parse it */
	1561	(void)BIO_reset(xml);
	1562	len = (int)BIO_get_mem_data(xml, &pp);
	1563	if(!len \|\| !pp) {
	1564	if(verb) printf("out of memory\n");
	1565	exit(0);
	1566	}
	1567	if(!XML_Parse(parser, pp, len, 1 /isfinal/ )) {
	1568	const char *e = XML_ErrorString(XML_GetErrorCode(parser));
	1569	if(verb) printf("XML_Parse failure %s\n", e?e:"");
	1570	exit(0);
	1571	}
	1572
	1573	/* parsed */
	1574	if(verb) printf("XML was parsed successfully, %d keys\n",
	1575	data.num_keys);
	1576	free(data.tag);
	1577	XML_ParserFree(parser);
	1578
	1579	if(verb >= 4) {
	1580	char* pp = NULL;
	1581	int len;
	1582	(void)BIO_seek(data.ds, 0);
	1583	len = BIO_get_mem_data(data.ds, &pp);
	1584	printf("got DS bio %d: '", len);
	1585	(void)fwrite(pp, (size_t)len, 1, stdout);
	1586	printf("'\n");
	1587	}
	1588	BIO_free(data.czone);
	1589	BIO_free(data.ctag);
	1590	BIO_free(data.calgo);
	1591	BIO_free(data.cdigtype);
	1592	BIO_free(data.cdigest);
	1593
	1594	if(data.num_keys == 0) {
	1595	/* the root zone seems to have gone insecure */
	1596	BIO_free(data.ds);
	1597	return NULL;
	1598	} else {
	1599	return data.ds;
	1600	}
	1601	}
	1602
	1603	/** verify a PKCS7 signature, false on failure */
	1604	static int
	1605	verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust)
	1606	{
	1607	PKCS7* p7;
	1608	X509_STORE *store = X509_STORE_new();
	1609	int secure = 0;
	1610	int i;
	1611	#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
	1612	X509_VERIFY_PARAM* param = X509_VERIFY_PARAM_new();
	1613	if(!param) {
	1614	if(verb) printf("out of memory\n");
	1615	X509_STORE_free(store);
	1616	return 0;
	1617	}
	1618	/* do the selfcheck on the root certificate; it checks that the
	1619	* input is valid */
	1620	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CHECK_SS_SIGNATURE);
	1621	if(store) X509_STORE_set1_param(store, param);
	1622	#endif
	1623	if(!store) {
	1624	if(verb) printf("out of memory\n");
	1625	#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
	1626	X509_VERIFY_PARAM_free(param);
	1627	#endif
	1628	return 0;
	1629	}
	1630
	1631	(void)BIO_reset(p7s);
	1632	(void)BIO_reset(data);
	1633
	1634	/* convert p7s to p7 (the signature) */
	1635	p7 = d2i_PKCS7_bio(p7s, NULL);
	1636	if(!p7) {
	1637	if(verb) printf("could not parse p7s signature file\n");
	1638	X509_STORE_free(store);
	1639	return 0;
	1640	}
	1641	if(verb >= 2) printf("parsed the PKCS7 signature\n");
	1642
	1643	/* convert trust to trusted certificate store */
	1644	for(i=0; i<sk_X509_num(trust); i++) {
	1645	if(!X509_STORE_add_cert(store, sk_X509_value(trust, i))) {
	1646	if(verb) printf("failed X509_STORE_add_cert\n");
	1647	X509_STORE_free(store);
	1648	PKCS7_free(p7);
	1649	return 0;
	1650	}
	1651	}
	1652	if(verb >= 2) printf("setup the X509_STORE\n");
	1653
	1654	if(PKCS7_verify(p7, NULL, store, data, NULL, 0) == 1) {
	1655	secure = 1;
	1656	if(verb) printf("the PKCS7 signature verified\n");
	1657	} else {
	1658	if(verb) {
	1659	ERR_print_errors_fp(stdout);
	1660	}
	1661	}
	1662
	1663	X509_STORE_free(store);
	1664	PKCS7_free(p7);
	1665	return secure;
	1666	}
	1667
	1668	/** write unsigned root anchor file, a 5011 revoked tp */
	1669	static void
	1670	write_unsigned_root(char* root_anchor_file)
	1671	{
	1672	FILE* out;
	1673	time_t now = time(NULL);
	1674	out = fopen(root_anchor_file, "w");
	1675	if(!out) {
	1676	if(verb) printf("%s: %s\n", root_anchor_file, strerror(errno));
	1677	return;
	1678	}
	1679	if(fprintf(out, "; autotrust trust anchor file\n"
	1680	";;REVOKED\n"
	1681	";;id: . 1\n"
	1682	"; This file was written by unbound-anchor on %s"
	1683	"; It indicates that the root does not use DNSSEC\n"
	1684	"; to restart DNSSEC overwrite this file with a\n"
	1685	"; valid trustanchor or (empty-it and run unbound-anchor)\n"
	1686	, ctime(&now)) < 0) {
	1687	if(verb) printf("failed to write 'unsigned' to %s\n",
	1688	root_anchor_file);
	1689	if(verb && errno != 0) printf("%s\n", strerror(errno));
	1690	}
	1691	fclose(out);
	1692	}
	1693
	1694	/** write root anchor file */
	1695	static void
	1696	write_root_anchor(char* root_anchor_file, BIO* ds)
	1697	{
	1698	char* pp = NULL;
	1699	int len;
	1700	FILE* out;
	1701	(void)BIO_seek(ds, 0);
	1702	len = BIO_get_mem_data(ds, &pp);
	1703	if(!len \|\| !pp) {
	1704	if(verb) printf("out of memory\n");
	1705	return;
	1706	}
	1707	out = fopen(root_anchor_file, "w");
	1708	if(!out) {
	1709	if(verb) printf("%s: %s\n", root_anchor_file, strerror(errno));
	1710	return;
	1711	}
	1712	if(fwrite(pp, (size_t)len, 1, out) != 1) {
	1713	if(verb) printf("failed to write all data to %s\n",
	1714	root_anchor_file);
	1715	if(verb && errno != 0) printf("%s\n", strerror(errno));
	1716	}
	1717	fclose(out);
	1718	}
	1719
	1720	/** Perform the verification and update of the trustanchor file */
	1721	static void
	1722	verify_and_update_anchor(char* root_anchor_file, BIO* xml, BIO* p7s,
	1723	STACK_OF(X509)* cert)
	1724	{
	1725	BIO* ds;
	1726
	1727	/* verify xml file */
	1728	if(!verify_p7sig(xml, p7s, cert)) {
	1729	printf("the PKCS7 signature failed\n");
	1730	exit(0);
	1731	}
	1732
	1733	/* parse the xml file into DS records */
	1734	ds = xml_parse(xml, time(NULL));
	1735	if(!ds) {
	1736	/* the root zone is unsigned now */
	1737	write_unsigned_root(root_anchor_file);
	1738	} else {
	1739	/* reinstate 5011 tracking */
	1740	write_root_anchor(root_anchor_file, ds);
	1741	}
	1742	BIO_free(ds);
	1743	}
	1744
	1745	#ifdef USE_WINSOCK
	1746	static void do_wsa_cleanup(void) { WSACleanup(); }
	1747	#endif
	1748
	1749	/** perform actual certupdate work */
	1750	static int
	1751	do_certupdate(char* root_anchor_file, char* root_cert_file,
	1752	char* urlname, char* xmlname, char* p7sname,
	1753	char* res_conf, char* root_hints, char* debugconf,
	1754	int ip4only, int ip6only, int port, struct ub_result* dnskey)
	1755	{
	1756	STACK_OF(X509)* cert;
	1757	BIO xml, p7s;
	1758	struct ip_list* ip_list = NULL;
	1759
	1760	/* read pem file or provide builtin */
	1761	cert = read_cert_or_builtin(root_cert_file);
	1762
	1763	/* lookup A, AAAA for the urlname (or parse urlname if IP address) */
	1764	ip_list = resolve_name(urlname, port, res_conf, root_hints, debugconf,
	1765	ip4only, ip6only);
	1766
	1767	#ifdef USE_WINSOCK
	1768	if(1) { /* libunbound finished, startup WSA for the https connection */
	1769	WSADATA wsa_data;
	1770	int r;
	1771	if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) {
	1772	if(verb) printf("WSAStartup failed: %s\n",
	1773	wsa_strerror(r));
	1774	exit(0);
	1775	}
	1776	atexit(&do_wsa_cleanup);
	1777	}
	1778	#endif
	1779
	1780	/* fetch the necessary files over HTTPS */
	1781	xml = https(ip_list, xmlname, urlname);
	1782	p7s = https(ip_list, p7sname, urlname);
	1783
	1784	/* verify and update the root anchor */
	1785	verify_and_update_anchor(root_anchor_file, xml, p7s, cert);
	1786	if(verb) printf("success: the anchor has been updated "
	1787	"using the cert\n");
	1788
	1789	free_file_bio(xml);
	1790	free_file_bio(p7s);
	1791	#ifndef S_SPLINT_S
	1792	sk_X509_pop_free(cert, X509_free);
	1793	#endif
	1794	ub_resolve_free(dnskey);
	1795	ip_list_free(ip_list);
	1796	return 1;
	1797	}
	1798
	1799	/**
	1800	* Try to read the root RFC5011 autotrust anchor file,
	1801	* @param file: filename.
	1802	* @return:
	1803	* 0 if does not exist or empty
	1804	* 1 if trust-point-revoked-5011
	1805	* 2 if it is OK.
	1806	*/
	1807	static int
	1808	try_read_anchor(char* file)
	1809	{
	1810	int empty = 1;
	1811	char line[10240];
	1812	char* p;
	1813	FILE* in = fopen(file, "r");
	1814	if(!in) {
	1815	/* only if the file does not exist, can we fix it */
	1816	if(errno != ENOENT) {
	1817	if(verb) printf("%s: %s\n", file, strerror(errno));
	1818	if(verb) printf("error: cannot access the file\n");
	1819	exit(0);
	1820	}
	1821	if(verb) printf("%s does not exist\n", file);
	1822	return 0;
	1823	}
	1824	while(fgets(line, (int)sizeof(line), in)) {
	1825	line[sizeof(line)-1] = 0;
	1826	if(strncmp(line, ";;REVOKED", 9) == 0) {
	1827	fclose(in);
	1828	if(verb) printf("%s : the trust point is revoked\n"
	1829	"and the zone is considered unsigned.\n"
	1830	"if you wish to re-enable, delete the file\n",
	1831	file);
	1832	return 1;
	1833	}
	1834	p=line;
	1835	while(p == ' ' \|\| p == '\t')
	1836	p++;
	1837	if(p[0]==0 \|\| p[0]=='\n' \|\| p[0]==';') continue;
	1838	/* this line is a line of content */
	1839	empty = 0;
	1840	}
	1841	fclose(in);
	1842	if(empty) {
	1843	if(verb) printf("%s is empty\n", file);
	1844	return 0;
	1845	}
	1846	if(verb) printf("%s has content\n", file);
	1847	return 2;
	1848	}
	1849
	1850	/** Write the builtin root anchor to a file */
	1851	static void
	1852	write_builtin_anchor(char* file)
	1853	{
	1854	const char* builtin_root_anchor = get_builtin_ds();
	1855	FILE* out = fopen(file, "w");
	1856	if(!out) {
	1857	if(verb) printf("%s: %s\n", file, strerror(errno));
	1858	if(verb) printf(" could not write builtin anchor\n");
	1859	return;
	1860	}
	1861	if(!fwrite(builtin_root_anchor, strlen(builtin_root_anchor), 1, out)) {
	1862	if(verb) printf("%s: %s\n", file, strerror(errno));
	1863	if(verb) printf(" could not complete write builtin anchor\n");
	1864	}
	1865	fclose(out);
	1866	}
	1867
	1868	/**
	1869	* Check the root anchor file.
	1870	* If does not exist, provide builtin and write file.
	1871	* If empty, provide builtin and write file.
	1872	* If trust-point-revoked-5011 file: make the program exit.
	1873	* @param root_anchor_file: filename of the root anchor.
	1874	* @param used_builtin: set to 1 if the builtin is written.
	1875	* @return 0 if trustpoint is insecure, 1 on success. Exit on failure.
	1876	*/
	1877	static int
	1878	provide_builtin(char* root_anchor_file, int* used_builtin)
	1879	{
	1880	/* try to read it */
	1881	switch(try_read_anchor(root_anchor_file))
	1882	{
	1883	case 0: /* no exist or empty */
	1884	write_builtin_anchor(root_anchor_file);
	1885	*used_builtin = 1;
	1886	break;
	1887	case 1: /* revoked tp */
	1888	return 0;
	1889	case 2: /* it is fine */
	1890	default:
	1891	break;
	1892	}
	1893	return 1;
	1894	}
	1895
	1896	/**
	1897	* add an autotrust anchor for the root to the context
	1898	*/
	1899	static void
	1900	add_5011_probe_root(struct ub_ctx* ctx, char* root_anchor_file)
	1901	{
	1902	int r;
	1903	r = ub_ctx_set_option(ctx, "auto-trust-anchor-file:", root_anchor_file);
	1904	if(r) {
	1905	if(verb) printf("add 5011 probe to ctx: %s\n", ub_strerror(r));
	1906	ub_ctx_delete(ctx);
	1907	exit(0);
	1908	}
	1909	}
	1910
	1911	/**
	1912	* Prime the root key and return the result. Exit on error.
	1913	* @param ctx: the unbound context to perform the priming with.
	1914	* @return: the result of the prime, on error it exit()s.
	1915	*/
	1916	static struct ub_result*
	1917	prime_root_key(struct ub_ctx* ctx)
	1918	{
	1919	struct ub_result* res = NULL;
	1920	int r;
	1921	r = ub_resolve(ctx, ".", LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, &res);
	1922	if(r) {
	1923	if(verb) printf("resolve DNSKEY: %s\n", ub_strerror(r));
	1924	ub_ctx_delete(ctx);
	1925	exit(0);
	1926	}
	1927	if(!res) {
	1928	if(verb) printf("out of memory\n");
	1929	ub_ctx_delete(ctx);
	1930	exit(0);
	1931	}
	1932	return res;
	1933	}
	1934
	1935	/** see if ADDPEND keys exist in autotrust file (if possible) */
	1936	static int
	1937	read_if_pending_keys(char* file)
	1938	{
	1939	FILE* in = fopen(file, "r");
	1940	char line[8192];
	1941	if(!in) {
	1942	if(verb>=2) printf("%s: %s\n", file, strerror(errno));
	1943	return 0;
	1944	}
	1945	while(fgets(line, (int)sizeof(line), in)) {
	1946	if(line[0]==';') continue;
	1947	if(strstr(line, "[ ADDPEND ]")) {
	1948	fclose(in);
	1949	if(verb) printf("RFC5011-state has ADDPEND keys\n");
	1950	return 1;
	1951	}
	1952	}
	1953	fclose(in);
	1954	return 0;
	1955	}
	1956
	1957	/** read last successful probe time from autotrust file (if possible) */
	1958	static int32_t
	1959	read_last_success_time(char* file)
	1960	{
	1961	FILE* in = fopen(file, "r");
	1962	char line[1024];
	1963	if(!in) {
	1964	if(verb) printf("%s: %s\n", file, strerror(errno));
	1965	return 0;
	1966	}
	1967	while(fgets(line, (int)sizeof(line), in)) {
	1968	if(strncmp(line, ";;last_success: ", 16) == 0) {
	1969	char* e;
	1970	time_t x = (unsigned int)strtol(line+16, &e, 10);
	1971	fclose(in);
	1972	if(line+16 == e) {
	1973	if(verb) printf("failed to parse "
	1974	"last_success probe time\n");
	1975	return 0;
	1976	}
	1977	if(verb) printf("last successful probe: %s", ctime(&x));
	1978	return (int32_t)x;
	1979	}
	1980	}
	1981	fclose(in);
	1982	if(verb) printf("no last_success probe time in anchor file\n");
	1983	return 0;
	1984	}
	1985
	1986	/**
	1987	* Read autotrust 5011 probe file and see if the date
	1988	* compared to the current date allows a certupdate.
	1989	* If the last successful probe was recent then 5011 cannot be behind,
	1990	* and the failure cannot be solved with a certupdate.
	1991	* The debugconf is to validation-override the date for testing.
	1992	* @param root_anchor_file: filename of root key
	1993	* @return true if certupdate is ok.
	1994	*/
	1995	static int
	1996	probe_date_allows_certupdate(char* root_anchor_file)
	1997	{
	1998	int has_pending_keys = read_if_pending_keys(root_anchor_file);
	1999	int32_t last_success = read_last_success_time(root_anchor_file);
	2000	int32_t now = (int32_t)time(NULL);
	2001	int32_t leeway = 30 * 24 * 3600; /* 30 days leeway */
	2002	/* if the date is before 2010-07-15:00.00.00 then the root has not
	2003	* been signed yet, and thus we refuse to take action. */
	2004	if(time(NULL) < xml_convertdate("2010-07-15T00:00:00")) {
	2005	if(verb) printf("the date is before the root was first signed,"
	2006	" please correct the clock\n");
	2007	return 0;
	2008	}
	2009	if(last_success == 0)
	2010	return 1; /* no probe time */
	2011	if(has_pending_keys)
	2012	return 1; /* key in ADDPEND state, a previous probe has
	2013	inserted that, and it was present in all recent probes,
	2014	but it has not become active. The 30 day timer may not have
	2015	expired, but we know(for sure) there is a rollover going on.
	2016	If we only managed to pickup the new key on its last day
	2017	of announcement (for example) this can happen. */
	2018	if(now - last_success < 0) {
	2019	if(verb) printf("the last successful probe is in the future,"
	2020	" clock was modified\n");
	2021	return 0;
	2022	}
	2023	if(now - last_success >= leeway) {
	2024	if(verb) printf("the last successful probe was more than 30 "
	2025	"days ago\n");
	2026	return 1;
	2027	}
	2028	if(verb) printf("the last successful probe is recent\n");
	2029	return 0;
	2030	}
	2031
	2032	/** perform the unbound-anchor work */
	2033	static int
	2034	do_root_update_work(char* root_anchor_file, char* root_cert_file,
	2035	char* urlname, char* xmlname, char* p7sname,
	2036	char* res_conf, char* root_hints, char* debugconf,
	2037	int ip4only, int ip6only, int force, int port)
	2038	{
	2039	struct ub_ctx* ctx;
	2040	struct ub_result* dnskey;
	2041	int used_builtin = 0;
	2042
	2043	/* see if builtin rootanchor needs to be provided, or if
	2044	* rootanchor is 'revoked-trust-point' */
	2045	if(!provide_builtin(root_anchor_file, &used_builtin))
	2046	return 0;
	2047
	2048	/* make unbound context with 5011-probe for root anchor,
	2049	* and probe . DNSKEY */
	2050	ctx = create_unbound_context(res_conf, root_hints, debugconf,
	2051	ip4only, ip6only);
	2052	add_5011_probe_root(ctx, root_anchor_file);
	2053	dnskey = prime_root_key(ctx);
	2054	ub_ctx_delete(ctx);
	2055
	2056	/* if secure: exit */
	2057	if(dnskey->secure && !force) {
	2058	if(verb) printf("success: the anchor is ok\n");
	2059	ub_resolve_free(dnskey);
	2060	return used_builtin;
	2061	}
	2062	if(force && verb) printf("debug cert update forced\n");
	2063
	2064	/* if not (and NOERROR): check date and do certupdate */
	2065	if((dnskey->rcode == 0 &&
	2066	probe_date_allows_certupdate(root_anchor_file)) \|\| force) {
	2067	if(do_certupdate(root_anchor_file, root_cert_file, urlname,
	2068	xmlname, p7sname, res_conf, root_hints, debugconf,
	2069	ip4only, ip6only, port, dnskey))
	2070	return 1;
	2071	return used_builtin;
	2072	}
	2073	if(verb) printf("fail: the anchor is NOT ok and could not be fixed\n");
	2074	ub_resolve_free(dnskey);
	2075	return used_builtin;
	2076	}
	2077
	2078	/** getopt global, in case header files fail to declare it. */
	2079	extern int optind;
	2080	/** getopt global, in case header files fail to declare it. */
	2081	extern char* optarg;
	2082
	2083	/** Main routine for unbound-anchor */
	2084	int main(int argc, char* argv[])
	2085	{
	2086	int c;
	2087	char* root_anchor_file = ROOT_ANCHOR_FILE;
	2088	char* root_cert_file = ROOT_CERT_FILE;
	2089	char* urlname = URLNAME;
	2090	char* xmlname = XMLNAME;
	2091	char* p7sname = P7SNAME;
	2092	char* res_conf = NULL;
	2093	char* root_hints = NULL;
	2094	char* debugconf = NULL;
	2095	int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT;
	2096	/* parse the options */
	2097	while( (c=getopt(argc, argv, "46C:FP:a:c:f:hlr:s:u:vx:")) != -1) {
	2098	switch(c) {
	2099	case 'l':
	2100	dolist = 1;
	2101	break;
	2102	case '4':
	2103	ip4only = 1;
	2104	break;
	2105	case '6':
	2106	ip6only = 1;
	2107	break;
	2108	case 'a':
	2109	root_anchor_file = optarg;
	2110	break;
	2111	case 'c':
	2112	root_cert_file = optarg;
	2113	break;
	2114	case 'u':
	2115	urlname = optarg;
	2116	break;
	2117	case 'x':
	2118	xmlname = optarg;
	2119	break;
	2120	case 's':
	2121	p7sname = optarg;
	2122	break;
	2123	case 'f':
	2124	res_conf = optarg;
	2125	break;
	2126	case 'r':
	2127	root_hints = optarg;
	2128	break;
	2129	case 'C':
	2130	debugconf = optarg;
	2131	break;
	2132	case 'F':
	2133	force = 1;
	2134	break;
	2135	case 'P':
	2136	port = atoi(optarg);
	2137	break;
	2138	case 'v':
	2139	verb++;
	2140	break;
	2141	case '?':
	2142	case 'h':
	2143	default:
	2144	usage();
	2145	}
	2146	}
	2147	argc -= optind;
	2148	argv += optind;
	2149	if(argc != 0)
	2150	usage();
	2151
	2152	ERR_load_crypto_strings();
	2153	ERR_load_SSL_strings();
	2154	OpenSSL_add_all_algorithms();
	2155	(void)SSL_library_init();
	2156
	2157	if(dolist) do_list_builtin();
	2158
	2159	return do_root_update_work(root_anchor_file, root_cert_file, urlname,
	2160	xmlname, p7sname, res_conf, root_hints, debugconf, ip4only,
	2161	ip6only, force, port);
	2162	}

-0

smallapp/unbound-control.c less more

95	95	printf(" flush_stats flush statistics, make zero\n");
96	96	printf(" flush_requestlist drop queries that are worked on\n");
97	97	printf(" dump_requestlist show what is worked on\n");
	98	printf(" flush_infra [all \| ip] remove ping, edns for one IP or all\n");
	99	printf(" dump_infra show ping and edns entries\n");
98	100	printf(" set_option opt: val set option to value, no reload\n");
99	101	printf(" get_option opt get option value\n");
100	102	printf(" list_stubs list stub-zones and root hints in use\n");

-18

smallapp/worker_cb.c less more

99	99	log_assert(0);
100	100	}
101	101
102		int worker_send_packet(ldns_buffer* ATTR_UNUSED(pkt),
103		struct sockaddr_storage* ATTR_UNUSED(addr),
104		socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(timeout),
105		struct module_qstate* ATTR_UNUSED(q), int ATTR_UNUSED(use_tcp))
106		{
107		log_assert(0);
108		return 0;
109		}
110
111	102	struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname),
112	103	size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype),
113	104	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),

137	128	worker_alloc_cleanup(void* ATTR_UNUSED(arg))
138	129	{
139	130	log_assert(0);
140		}
141
142		int libworker_send_packet(ldns_buffer* ATTR_UNUSED(pkt),
143		struct sockaddr_storage* ATTR_UNUSED(addr),
144		socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(timeout),
145		struct module_qstate* ATTR_UNUSED(q), int ATTR_UNUSED(use_tcp))
146		{
147		log_assert(0);
148		return 0;
149	131	}
150	132
151	133	struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname),

-1

testcode/checklocks.c less more

51	51	#ifdef USE_THREAD_DEBUG
52	52
53	53	/** How long to wait before lock attempt is a failure. */
54		#define CHECK_LOCK_TIMEOUT 30 /* seconds */
	54	#define CHECK_LOCK_TIMEOUT 120 /* seconds */
55	55	/** How long to wait before join attempt is a failure. */
56	56	#define CHECK_JOIN_TIMEOUT 120 /* seconds */
57	57

-2

testcode/do-tests.sh less more

4	4	NEED_LDNS_TESTNS='fwd_no_edns.tpkg fwd_tcp_tc.tpkg fwd_tcp.tpkg fwd_three_service.tpkg fwd_three.tpkg fwd_ttlexpire.tpkg fwd_udp.tpkg fwd_tcp_tc6.tpkg fwd_compress_c00c.tpkg fwd_ancil.tpkg stat_timer.tpkg 05-asynclook.tpkg stream_tcp.tpkg speed_cache.tpkg fwd_oneport.tpkg fwd_udptmout.tpkg fwd_waitudp.tpkg tcp_sigpipe.tpkg hostsfileosx.tpkg local_nodefault.tpkg fwd_zero.tpkg'
5	5	NEED_XXD='fwd_compress_c00c.tpkg fwd_zero.tpkg'
6	6	NEED_NC='fwd_compress_c00c.tpkg fwd_zero.tpkg'
7		NEED_CURL='06-ianaports.tpkg'
	7	NEED_CURL='06-ianaports.tpkg root_anchor.tpkg'
8	8	NEED_WHOAMI='07-confroot.tpkg'
9		NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg'
	9	NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg'
10	10	NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
11	11
12	12	# test if dig and ldns-testns are available.

-9

testcode/fake_event.c less more

227	227	* @param runtime: runtime.
228	228	* @param entry: if true, the entry that matches is returned.
229	229	* @param pend: if true, the outgoing message that matches is returned.
230		* return: true if pending query matches the now event.
	230	* @return: true if pending query matches the now event.
231	231	*/
232	232	static int
233	233	pending_matches_range(struct replay_runtime* runtime,

1118	1118	free(list);
1119	1119	}
1120	1120
1121		void listen_pushback(struct listen_dnsport* ATTR_UNUSED(listen))
1122		{
1123		}
1124
1125		void listen_resume(struct listen_dnsport* ATTR_UNUSED(listen))
1126		{
1127		}
1128
1129	1121	struct comm_point* comm_point_create_local(struct comm_base* ATTR_UNUSED(base),
1130	1122	int ATTR_UNUSED(fd), size_t ATTR_UNUSED(bufsize),
1131	1123	comm_point_callback_t* ATTR_UNUSED(callback),

-2

testcode/ldns-testpkts.c less more

257	257	* @param buf: is the buffer to store the result in
258	258	* @param offset: is the starting position in the result buffer
259	259	* @param buf_len: is the length of buf.
260		*
261		* This function returns the length of the result
	260	* @return This function returns the length of the result
262	261	*/
263	262	static size_t
264	263	hexstr2bin(char hexstr, int len, uint8_t buf, size_t offset, size_t buf_len)

-1

testcode/mini_tpkg.sh less more

79	79	mv $name.dir/* .
80	80
81	81	# EXE
82		echo "minitpkg exe $name"
83	82	echo "minitpkg exe $name" > $result
84	83	if test -f $name.pre; then
85	84	echo "minitpkg exe $name.pre"

+618

-0

testcode/petal.c less more

	0	/*
	1	* petal.c - https daemon that is small and beautiful.
	2	*
	3	* Copyright (c) 2010, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* HTTP1.1/SSL server.
	39	*/
	40
	41	#include "config.h"
	42	#ifdef HAVE_GETOPT_H
	43	#include <getopt.h>
	44	#endif
	45	#ifdef HAVE_OPENSSL_SSL_H
	46	#include <openssl/ssl.h>
	47	#endif
	48	#ifdef HAVE_OPENSSL_ERR_H
	49	#include <openssl/err.h>
	50	#endif
	51	#ifdef HAVE_OPENSSL_RAND_H
	52	#include <openssl/rand.h>
	53	#endif
	54	#include <openssl/x509.h>
	55	#include <openssl/pem.h>
	56	#include <ctype.h>
	57	#include <signal.h>
	58	#if defined(UNBOUND_ALLOC_LITE) \|\| defined(UNBOUND_ALLOC_STATS)
	59	#ifdef malloc
	60	#undef malloc
	61	#endif
	62	#ifdef free
	63	#undef free
	64	#endif
	65	#endif /* alloc lite or alloc stats */
	66
	67	/** verbosity for this application */
	68	static int verb = 0;
	69
	70	/** Give petal usage, and exit (1). */
	71	static void
	72	usage()
	73	{
	74	printf("Usage: petal [opts]\n");
	75	printf(" https daemon serves files from ./'host'/filename\n");
	76	printf(" (no hostname: from the 'default' directory)\n");
	77	printf("-a addr bind to this address, 127.0.0.1\n");
	78	printf("-p port port number, default 443\n");
	79	printf("-k keyfile SSL private key file (PEM), petal.key\n");
	80	printf("-c certfile SSL certificate file (PEM), petal.pem\n");
	81	printf("-v more verbose\n");
	82	printf("-h show this usage help\n");
	83	printf("Version %s\n", PACKAGE_VERSION);
	84	printf("BSD licensed, see LICENSE in source package for details.\n");
	85	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
	86	exit(1);
	87	}
	88
	89	/** fatal exit */
	90	static void print_exit(const char* str) {printf("error %s\n", str); exit(1);}
	91	/** print errno */
	92	static void log_errno(const char* str)
	93	{printf("error %s: %s\n", str, strerror(errno));}
	94
	95	/** parse a text IP address into a sockaddr */
	96	static int
	97	parse_ip_addr(char* str, int port, struct sockaddr_storage* ret, socklen_t* l)
	98	{
	99	socklen_t len = 0;
	100	struct sockaddr_storage* addr = NULL;
	101	struct sockaddr_in6 a6;
	102	struct sockaddr_in a;
	103	uint16_t p = (uint16_t)port;
	104	int fam = 0;
	105	memset(&a6, 0, sizeof(a6));
	106	memset(&a, 0, sizeof(a));
	107
	108	if(inet_pton(AF_INET6, str, &a6.sin6_addr) > 0) {
	109	/* it is an IPv6 */
	110	fam = AF_INET6;
	111	a6.sin6_family = AF_INET6;
	112	a6.sin6_port = (in_port_t)htons(p);
	113	addr = (struct sockaddr_storage*)&a6;
	114	len = (socklen_t)sizeof(struct sockaddr_in6);
	115	}
	116	if(inet_pton(AF_INET, str, &a.sin_addr) > 0) {
	117	/* it is an IPv4 */
	118	fam = AF_INET;
	119	a.sin_family = AF_INET;
	120	a.sin_port = (in_port_t)htons(p);
	121	addr = (struct sockaddr_storage*)&a;
	122	len = (socklen_t)sizeof(struct sockaddr_in);
	123	}
	124	if(!len) print_exit("cannot parse addr");
	125	*l = len;
	126	memmove(ret, addr, len);
	127	return fam;
	128	}
	129
	130	/** close the fd */
	131	static void
	132	fd_close(int fd)
	133	{
	134	#ifndef USE_WINSOCK
	135	close(fd);
	136	#else
	137	closesocket(fd);
	138	#endif
	139	}
	140
	141	/**
	142	* Read one line from SSL
	143	* zero terminates.
	144	* skips "\r\n" (but not copied to buf).
	145	* @param ssl: the SSL connection to read from (blocking).
	146	* @param buf: buffer to return line in.
	147	* @param len: size of the buffer.
	148	* @return 0 on error, 1 on success.
	149	*/
	150	static int
	151	read_ssl_line(SSL* ssl, char* buf, size_t len)
	152	{
	153	size_t n = 0;
	154	int r;
	155	int endnl = 0;
	156	while(1) {
	157	if(n >= len) {
	158	if(verb) printf("line too long\n");
	159	return 0;
	160	}
	161	if((r = SSL_read(ssl, buf+n, 1)) <= 0) {
	162	if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
	163	/* EOF */
	164	break;
	165	}
	166	if(verb) printf("could not SSL_read\n");
	167	return 0;
	168	}
	169	if(endnl && buf[n] == '\n') {
	170	break;
	171	} else if(endnl) {
	172	/* bad data */
	173	if(verb) printf("error: stray linefeeds\n");
	174	return 0;
	175	} else if(buf[n] == '\r') {
	176	/* skip \r, and also \n on the wire */
	177	endnl = 1;
	178	continue;
	179	} else if(buf[n] == '\n') {
	180	/* skip the \n, we are done */
	181	break;
	182	} else n++;
	183	}
	184	buf[n] = 0;
	185	return 1;
	186	}
	187
	188	/** process one http header */
	189	static int
	190	process_one_header(char* buf, char* file, size_t flen, char* host, size_t hlen,
	191	int* vs)
	192	{
	193	if(strncasecmp(buf, "GET ", 4) == 0) {
	194	char* e = strstr(buf, " HTTP/1.1");
	195	if(!e) e = strstr(buf, " http/1.1");
	196	if(!e) {
	197	e = strstr(buf, " HTTP/1.0");
	198	if(!e) e = strstr(buf, " http/1.0");
	199	if(!e) e = strrchr(buf, ' ');
	200	if(!e) e = strrchr(buf, '\t');
	201	if(e) *vs = 10;
	202	}
	203	if(e) *e = 0;
	204	if(strlen(buf) < 4) return 0;
	205	(void)strlcpy(file, buf+4, flen);
	206	} else if(strncasecmp(buf, "Host: ", 6) == 0) {
	207	(void)strlcpy(host, buf+6, hlen);
	208	}
	209	return 1;
	210	}
	211
	212	/** read http headers and process them */
	213	static int
	214	read_http_headers(SSL* ssl, char* file, size_t flen, char* host, size_t hlen,
	215	int* vs)
	216	{
	217	char buf[1024];
	218	file[0] = 0;
	219	host[0] = 0;
	220	while(read_ssl_line(ssl, buf, sizeof(buf))) {
	221	if(verb>=2) printf("read: %s\n", buf);
	222	if(buf[0] == 0)
	223	return 1;
	224	if(!process_one_header(buf, file, flen, host, hlen, vs))
	225	return 0;
	226	}
	227	return 0;
	228	}
	229
	230	/** setup SSL context */
	231	static SSL_CTX*
	232	setup_ctx(char* key, char* cert)
	233	{
	234	SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
	235	if(!ctx) print_exit("out of memory");
	236	(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
	237	if(!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM))
	238	print_exit("cannot read cert");
	239	if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
	240	print_exit("cannot read key");
	241	if(!SSL_CTX_check_private_key(ctx))
	242	print_exit("private key is not correct");
	243	if(!SSL_CTX_load_verify_locations(ctx, cert, NULL))
	244	print_exit("cannot load cert verify locations");
	245	return ctx;
	246	}
	247
	248	/** setup listening TCP */
	249	static int
	250	setup_fd(char* addr, int port)
	251	{
	252	struct sockaddr_storage ad;
	253	socklen_t len;
	254	int fd;
	255	int c = 1;
	256	int fam = parse_ip_addr(addr, port, &ad, &len);
	257	fd = socket(fam, SOCK_STREAM, 0);
	258	if(fd == -1) {
	259	log_errno("socket");
	260	return -1;
	261	}
	262	if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
	263	(void*)&c, (socklen_t) sizeof(int)) < 0) {
	264	log_errno("setsockopt(SOL_SOCKET, SO_REUSEADDR)");
	265	}
	266	if(bind(fd, (struct sockaddr*)&ad, len) == -1) {
	267	log_errno("bind");
	268	fd_close(fd);
	269	return -1;
	270	}
	271	if(listen(fd, 5) == -1) {
	272	log_errno("listen");
	273	fd_close(fd);
	274	return -1;
	275	}
	276	return fd;
	277	}
	278
	279	/** setup SSL connection to the client */
	280	static SSL*
	281	setup_ssl(int s, SSL_CTX* ctx)
	282	{
	283	SSL* ssl = SSL_new(ctx);
	284	if(!ssl) return NULL;
	285	SSL_set_accept_state(ssl);
	286	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
	287	if(!SSL_set_fd(ssl, s)) {
	288	SSL_free(ssl);
	289	return NULL;
	290	}
	291	return ssl;
	292	}
	293
	294	/** check a file name for safety */
	295	static int
	296	file_name_is_safe(char* s)
	297	{
	298	size_t l = strlen(s);
	299	if(s[0] != '/')
	300	return 0; /* must start with / */
	301	if(strstr(s, "/../"))
	302	return 0; /* no updirs in URL */
	303	if(l>=3 && s[l-1]=='.' && s[l-2]=='.' && s[l-3]=='/')
	304	return 0; /* ends with /.. */
	305	return 1;
	306	}
	307
	308	/** adjust host and filename */
	309	static void
	310	adjust_host_file(char* host, char* file)
	311	{
	312	size_t i, len;
	313	/* remove a port number if present */
	314	if(strrchr(host, ':'))
	315	*strrchr(host, ':') = 0;
	316	/* lowercase */
	317	len = strlen(host);
	318	for(i=0; i<len; i++)
	319	host[i] = tolower((unsigned char)host[i]);
	320	len = strlen(file);
	321	for(i=0; i<len; i++)
	322	file[i] = tolower((unsigned char)file[i]);
	323	}
	324
	325	/** check a host name for safety */
	326	static int
	327	host_name_is_safe(char* s)
	328	{
	329	if(strchr(s, '/'))
	330	return 0;
	331	if(strcmp(s, "..") == 0)
	332	return 0;
	333	if(strcmp(s, ".") == 0)
	334	return 0;
	335	return 1;
	336	}
	337
	338	/** provide file in whole transfer */
	339	static void
	340	provide_file_10(SSL* ssl, char* fname)
	341	{
	342	char* buf, *at;
	343	size_t len, avail, header_reserve=1024;
	344	FILE* in = fopen(fname,
	345	#ifndef USE_WINSOCK
	346	"r"
	347	#else
	348	"rb"
	349	#endif
	350	);
	351	int r;
	352	const char* rcode = "200 OK";
	353	if(!in) {
	354	char hdr[1024];
	355	rcode = "404 File not found";
	356	r = snprintf(hdr, sizeof(hdr), "HTTP/1.1 %s\r\n\r\n", rcode);
	357	if(SSL_write(ssl, hdr, r) <= 0) {
	358	/* write failure */
	359	}
	360	return;
	361	}
	362	fseek(in, 0, SEEK_END);
	363	len = (size_t)ftell(in);
	364	fseek(in, 0, SEEK_SET);
	365	/* plus some space for the header */
	366	buf = (char*)malloc(len+header_reserve);
	367	if(!buf) {
	368	fclose(in);
	369	return;
	370	}
	371	avail = len+header_reserve;
	372	at = buf;
	373	r = snprintf(at, avail, "HTTP/1.1 %s\r\n", rcode);
	374	at += r;
	375	avail -= r;
	376	r = snprintf(at, avail, "Server: petal/%s\r\n", PACKAGE_VERSION);
	377	at += r;
	378	avail -= r;
	379	r = snprintf(at, avail, "Content-Length: %u\r\n", (unsigned)len);
	380	at += r;
	381	avail -= r;
	382	r = snprintf(at, avail, "\r\n");
	383	at += r;
	384	avail -= r;
	385	if(avail < len) { /* robust */
	386	free(buf);
	387	fclose(in);
	388	return;
	389	}
	390	if(fread(at, 1, len, in) != len) {
	391	free(buf);
	392	fclose(in);
	393	return;
	394	}
	395	fclose(in);
	396	at += len;
	397	avail -= len;
	398	if(SSL_write(ssl, buf, at-buf) <= 0) {
	399	/* write failure */
	400	}
	401	free(buf);
	402	}
	403
	404	/** provide file over SSL, chunked encoding */
	405	static void
	406	provide_file_chunked(SSL* ssl, char* fname)
	407	{
	408	char buf[16384];
	409	char* at = buf;
	410	size_t avail = sizeof(buf);
	411	int r;
	412	FILE* in = fopen(fname,
	413	#ifndef USE_WINSOCK
	414	"r"
	415	#else
	416	"rb"
	417	#endif
	418	);
	419	const char* rcode = "200 OK";
	420	if(!in) {
	421	rcode = "404 File not found";
	422	}
	423
	424	/* print headers */
	425	r = snprintf(at, avail, "HTTP/1.1 %s\r\n", rcode);
	426	at += r;
	427	avail -= r;
	428	r = snprintf(at, avail, "Server: petal/%s\r\n", PACKAGE_VERSION);
	429	at += r;
	430	avail -= r;
	431	r = snprintf(at, avail, "Transfer-Encoding: chunked\r\n");
	432	at += r;
	433	avail -= r;
	434	r = snprintf(at, avail, "Connection: close\r\n");
	435	at += r;
	436	avail -= r;
	437	r = snprintf(at, avail, "\r\n");
	438	at += r;
	439	avail -= r;
	440	if(avail < 16) { /* robust */
	441	if(in) fclose(in);
	442	return;
	443	}
	444
	445	do {
	446	char tmpbuf[sizeof(buf)];
	447	/* read chunk; space-16 for xxxxCRLF..CRLF0CRLFCRLF (3 spare)*/
	448	size_t red = in?fread(tmpbuf, 1, avail-16, in):0;
	449	/* prepare chunk */
	450	r = snprintf(at, avail, "%x\r\n", (unsigned)red);
	451	if(verb >= 3)
	452	{printf("chunk len %x\n", (unsigned)red); fflush(stdout);}
	453	at += r;
	454	avail -= r;
	455	if(red != 0) {
	456	if(red > avail) break; /* robust */
	457	memmove(at, tmpbuf, red);
	458	at += red;
	459	avail -= red;
	460	r = snprintf(at, avail, "\r\n");
	461	at += r;
	462	avail -= r;
	463	}
	464	if(in && feof(in) && red != 0) {
	465	r = snprintf(at, avail, "0\r\n");
	466	at += r;
	467	avail -= r;
	468	}
	469	if(!in \|\| feof(in)) {
	470	r = snprintf(at, avail, "\r\n");
	471	at += r;
	472	avail -= r;
	473	}
	474	/* send chunk */
	475	if(SSL_write(ssl, buf, at-buf) <= 0) {
	476	/* SSL error */
	477	break;
	478	}
	479
	480	/* setup for next chunk */
	481	at = buf;
	482	avail = sizeof(buf);
	483	} while(in && !feof(in) && !ferror(in));
	484
	485	if(in) fclose(in);
	486	}
	487
	488	/** provide service to the ssl descriptor */
	489	static void
	490	service_ssl(SSL* ssl, struct sockaddr_storage* from, socklen_t falen)
	491	{
	492	char file[1024];
	493	char host[1024];
	494	char combined[2048];
	495	int vs = 11;
	496	if(!read_http_headers(ssl, file, sizeof(file), host, sizeof(host),
	497	&vs))
	498	return;
	499	adjust_host_file(host, file);
	500	if(host[0] == 0 \|\| !host_name_is_safe(host))
	501	(void)strlcpy(host, "default", sizeof(host));
	502	if(!file_name_is_safe(file)) {
	503	return;
	504	}
	505	snprintf(combined, sizeof(combined), "%s%s", host, file);
	506	if(verb) {
	507	char out[100];
	508	void* a = &((struct sockaddr_in*)from)->sin_addr;
	509	if(falen != (socklen_t)sizeof(struct sockaddr_in))
	510	a = &((struct sockaddr_in6*)from)->sin6_addr;
	511	out[0]=0;
	512	(void)inet_ntop((int)((struct sockaddr_in*)from)->sin_family,
	513	a, out, (socklen_t)sizeof(out));
	514	printf("%s requests %s\n", out, combined);
	515	fflush(stdout);
	516	}
	517	if(vs == 10)
	518	provide_file_10(ssl, combined);
	519	else provide_file_chunked(ssl, combined);
	520	}
	521
	522	/** provide ssl service */
	523	static void
	524	do_service(char* addr, int port, char* key, char* cert)
	525	{
	526	SSL_CTX* sslctx = setup_ctx(key, cert);
	527	int fd = setup_fd(addr, port);
	528	int go = 1;
	529	if(fd == -1) print_exit("could not setup sockets");
	530	if(verb) {printf("petal start\n"); fflush(stdout);}
	531	while(go) {
	532	struct sockaddr_storage from;
	533	socklen_t flen = (socklen_t)sizeof(from);
	534	int s = accept(fd, (struct sockaddr*)&from, &flen);
	535	if(verb) fflush(stdout);
	536	if(s != -1) {
	537	SSL* ssl = setup_ssl(s, sslctx);
	538	if(verb) fflush(stdout);
	539	if(ssl) {
	540	service_ssl(ssl, &from, flen);
	541	if(verb) fflush(stdout);
	542	SSL_shutdown(ssl);
	543	SSL_free(ssl);
	544	}
	545	fd_close(s);
	546	} else if (verb >=2) log_errno("accept");
	547	if(verb) fflush(stdout);
	548	}
	549	/* if we get a kill signal, the process dies and the OS reaps us */
	550	if(verb) printf("petal end\n");
	551	fd_close(fd);
	552	SSL_CTX_free(sslctx);
	553	}
	554
	555	/** getopt global, in case header files fail to declare it. */
	556	extern int optind;
	557	/** getopt global, in case header files fail to declare it. */
	558	extern char* optarg;
	559
	560	/** Main routine for petal */
	561	int main(int argc, char* argv[])
	562	{
	563	int c;
	564	int port = 443;
	565	char* addr = "127.0.0.1", key = "petal.key", cert = "petal.pem";
	566	#ifdef USE_WINSOCK
	567	WSADATA wsa_data;
	568	if((c=WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
	569	{ printf("WSAStartup failed\n"); exit(1); }
	570	atexit((void (*)(void))WSACleanup);
	571	#endif
	572
	573	/* parse the options */
	574	while( (c=getopt(argc, argv, "a:c:k:hp:v")) != -1) {
	575	switch(c) {
	576	case 'a':
	577	addr = optarg;
	578	break;
	579	case 'c':
	580	cert = optarg;
	581	break;
	582	case 'k':
	583	key = optarg;
	584	break;
	585	case 'p':
	586	port = atoi(optarg);
	587	break;
	588	case 'v':
	589	verb++;
	590	break;
	591	case '?':
	592	case 'h':
	593	default:
	594	usage();
	595	}
	596	}
	597	argc -= optind;
	598	argv += optind;
	599	if(argc != 0)
	600	usage();
	601
	602	#ifdef SIGPIPE
	603	(void)signal(SIGPIPE, SIG_IGN);
	604	#endif
	605	ERR_load_crypto_strings();
	606	ERR_load_SSL_strings();
	607	OpenSSL_add_all_algorithms();
	608	(void)SSL_library_init();
	609
	610	do_service(addr, port, key, cert);
	611
	612	CRYPTO_cleanup_all_ex_data();
	613	ERR_remove_state(0);
	614	ERR_free_strings();
	615	RAND_cleanup();
	616	return 0;
	617	}

-1

testcode/testbound.c less more

250	250	* Main fake event test program. Setup, teardown and report errors.
251	251	* @param argc: arg count.
252	252	* @param argv: array of commandline arguments.
	253	* @return program failure if test fails.
253	254	*/
254	255	int
255	256	main(int argc, char* argv[])

266	267	(void)putenv("TZ=UTC");
267	268
268	269	log_init(NULL, 0, NULL);
269		log_info("Start of %s testbound program.", PACKAGE_STRING);
270	270	/* determine commandline options for the daemon */
271	271	pass_argc = 1;
272	272	pass_argv[0] = "unbound";

320	320	testbound_usage();
321	321	return 1;
322	322	}
	323	log_info("Start of %s testbound program.", PACKAGE_STRING);
323	324	if(atexit(&remove_configfile) != 0)
324	325	fatal_exit("atexit() failed: %s", strerror(errno));
325	326

+46

-1

testcode/unitmain.c less more

303	303	unit_assert(ipstrtoaddr("2::ffff:192.168.0.2", 53, &a, &l));
304	304	unit_assert(!addr_is_ip4mapped(&a, l));
305	305	}
	306	/* test addr_is_any */
	307	unit_show_func("util/net_help.c", "addr_is_any");
	308	if(1) {
	309	struct sockaddr_storage a;
	310	socklen_t l = (socklen_t)sizeof(a);
	311	unit_assert(ipstrtoaddr("0.0.0.0", 53, &a, &l));
	312	unit_assert(addr_is_any(&a, l));
	313	unit_assert(ipstrtoaddr("0.0.0.0", 10053, &a, &l));
	314	unit_assert(addr_is_any(&a, l));
	315	unit_assert(ipstrtoaddr("0.0.0.0", 0, &a, &l));
	316	unit_assert(addr_is_any(&a, l));
	317	unit_assert(ipstrtoaddr("::0", 0, &a, &l));
	318	unit_assert(addr_is_any(&a, l));
	319	unit_assert(ipstrtoaddr("::0", 53, &a, &l));
	320	unit_assert(addr_is_any(&a, l));
	321	unit_assert(ipstrtoaddr("::1", 53, &a, &l));
	322	unit_assert(!addr_is_any(&a, l));
	323	unit_assert(ipstrtoaddr("2001:1667::1", 0, &a, &l));
	324	unit_assert(!addr_is_any(&a, l));
	325	unit_assert(ipstrtoaddr("2001::0", 0, &a, &l));
	326	unit_assert(!addr_is_any(&a, l));
	327	unit_assert(ipstrtoaddr("10.0.0.0", 0, &a, &l));
	328	unit_assert(!addr_is_any(&a, l));
	329	unit_assert(ipstrtoaddr("0.0.0.10", 0, &a, &l));
	330	unit_assert(!addr_is_any(&a, l));
	331	unit_assert(ipstrtoaddr("192.0.2.1", 0, &a, &l));
	332	unit_assert(!addr_is_any(&a, l));
	333	}
306	334	}
307	335
308	336	#include "util/config_file.h"

406	434	unit_assert( infra_edns_update(slab, &one, onelen, -1, now) );
407	435	unit_assert( infra_host(slab, &one, onelen,
408	436	now, &vs, &edns_lame, &to) );
409		unit_assert( vs == 0 && to == init*2 && edns_lame == 0);
	437	unit_assert( vs == -1 && to == init*2 && edns_lame == 1);
410	438
411	439	now += cfg->host_ttl + 10;
412	440	unit_assert( infra_host(slab, &one, onelen,

436	464	unit_assert(!dlame && !rlame && alame && olame);
437	465	lock_rw_unlock(&k->entry.lock);
438	466
	467	/* test that noEDNS cannot overwrite known-yesEDNS */
	468	now += cfg->host_ttl + 10;
	469	unit_assert( infra_host(slab, &one, onelen,
	470	now, &vs, &edns_lame, &to) );
	471	unit_assert( vs == 0 && to == init && edns_lame == 0 );
	472
	473	unit_assert( infra_edns_update(slab, &one, onelen, 0, now) );
	474	unit_assert( infra_host(slab, &one, onelen,
	475	now, &vs, &edns_lame, &to) );
	476	unit_assert( vs == 0 && to == init && edns_lame == 1 );
	477
	478	unit_assert( infra_edns_update(slab, &one, onelen, -1, now) );
	479	unit_assert( infra_host(slab, &one, onelen,
	480	now, &vs, &edns_lame, &to) );
	481	unit_assert( vs == 0 && to == init && edns_lame == 1 );
	482
439	483	infra_delete(slab);
440	484	config_delete(cfg);
441	485	}

486	530	* Main unit test program. Setup, teardown and report errors.
487	531	* @param argc: arg count.
488	532	* @param argv: array of commandline arguments.
	533	* @return program failure if test fails.
489	534	*/
490	535	int
491	536	main(int argc, char* argv[])

+10

-2

testcode/unitmsgparse.c less more

52	52
53	53	/** verbose message parse unit test */
54	54	static int vbmp = 0;
	55	/** do not accept formerr */
	56	static int check_formerr_gone = 0;
55	57	/** if matching within a section should disregard the order of RRs. */
56	58	static int matches_nolocation = 0;
57	59	/** see if RRSIGs are properly matched to RRsets. */

414	416	if(ret != 0) {
415	417	if(vbmp) printf("parse code %d: %s\n", ret,
416	418	ldns_lookup_by_id(ldns_rcodes, ret)->name);
417		if(ret == LDNS_RCODE_FORMERR)
	419	if(ret == LDNS_RCODE_FORMERR) {
	420	unit_assert(!check_formerr_gone);
418	421	checkformerr(pkt);
	422	}
419	423	unit_assert(ret != LDNS_RCODE_SERVFAIL);
420		} else {
	424	} else if(!check_formerr_gone) {
421	425	const size_t lim = 512;
422	426	ret = reply_info_encode(&qi, rep, id, flags, out, timenow,
423	427	region, 65535, (int)(edns.bits & EDNS_DO) );

598	602	check_rrsigs = 0;
599	603	matches_nolocation = 0;
600	604
	605	check_formerr_gone = 1;
	606	testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.8");
	607	check_formerr_gone = 0;
	608
601	609	/* cleanup */
602	610	alloc_clear(&alloc);
603	611	alloc_clear(&super_a);

+30

-1

testcode/unitverify.c less more

147	147	return 0;
148	148	}
149	149
	150	/** return number of rrs in an rrset */
	151	static size_t
	152	rrset_get_count(struct ub_packed_rrset_key* rrset)
	153	{
	154	struct packed_rrset_data* d = (struct packed_rrset_data*)
	155	rrset->entry.data;
	156	if(!d) return 0;
	157	return d->count;
	158	}
	159
	160	/** setup sig alg list from dnskey */
	161	static void
	162	setup_sigalg(struct ub_packed_rrset_key* dnskey, uint8_t* sigalg)
	163	{
	164	uint8_t a[ALGO_NEEDS_MAX];
	165	size_t i, n = 0;
	166	memset(a, 0, sizeof(a));
	167	for(i=0; i<rrset_get_count(dnskey); i++) {
	168	uint8_t algo = (uint8_t)dnskey_get_algo(dnskey, i);
	169	if(a[algo] == 0) {
	170	a[algo] = 1;
	171	sigalg[n++] = algo;
	172	}
	173	}
	174	sigalg[n] = 0;
	175	}
	176
150	177	/** verify and test one rrset against the key rrset */
151	178	static void
152	179	verifytest_rrset(struct module_env* env, struct val_env* ve,

155	182	{
156	183	enum sec_status sec;
157	184	char* reason = NULL;
	185	uint8_t sigalg[ALGO_NEEDS_MAX+1];
158	186	if(vsig) {
159	187	log_nametypeclass(VERB_QUERY, "verify of rrset",
160	188	rrset->rk.dname, ntohs(rrset->rk.type),
161	189	ntohs(rrset->rk.rrset_class));
162	190	}
163		sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, &reason);
	191	setup_sigalg(dnskey, sigalg); /* check all algorithms in the dnskey */
	192	sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason);
164	193	if(vsig) {
165	194	printf("verify outcome is: %s %s\n", sec_status_to_string(sec),
166	195	reason?reason:"");

testdata/03-testbound.tpkg less more

Binary diff not shown

testdata/10-unbound-anchor.tpkg less more

Binary diff not shown

-0

testdata/Kexample.com.+007+57024.ds less more

example.com. 3600 IN DS 57024 7 1 46d134be319b2cc910b9938f1cb25dc41abb27bf ; xicit-citor-vasin-rarus-nygir-nagam-zulor-dylos-gokar-ranor-zixyx

-0

testdata/Kexample.com.+007+57024.key less more

example.com. 3600 IN DNSKEY 257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}

+10

-0

testdata/Kexample.com.+007+57024.private less more

	0	Private-key-format: v1.2
	1	Algorithm: 7 (RSASHA1_NSEC3)
	2	Modulus: u+t7/Ar9ZV6iPRKLBWRMP415+8c+u71giotZjSb7QTk1g6kll1z48ZBBhHMU06W6BVm0WKua/kubPsY2IBJe0b8gWL/9KUTfQPEQpA6O3YXqpJlNnWdnlc4gwZPBbKng6gjR6CTklq8LmZBvJepyPzbLC3oXlncKadOFWXoy068=
	3	PublicExponent: AQAB
	4	PrivateExponent: WsmD1trAXS8BFpxUycARDksdecRizHTLpWN5WjZRAMvQzND1NlFWe+4DmSe4EiBo5JjYBlaxxNVmJUfBcnEtmTfED52KiOfvMQFS8ii+14UqZqLj6iyqh9MeWsxAzC3J0A+nBu7lAgqvwCCqrqSOmF/8EJSZWEGla8qWylKMgyE=
	5	Prime1: 4hE5iju9vDvbPCmy4+K6nwELakuyrcaxdvPxEUicSkbTpBRnIDuerGJySnuNbiLScq7WUyJsjLsq0wOFNCtlVw==
	6	Prime2: 1M0299YZUU0NxAGMFeKEQAvuO0r3zXbgURwLyXLoerhs1K6S1szT+/vgbPLwL55IR7A/LDa6u6SqMrqdGqb1aQ==
	7	Exponent1: csYd+YGVNdEJ4ISnLy24Y+vK2N+vyqxbAzKcjJLZzpgg8WfuZ539VDXzIr+RsX36bIE5jSGoDNclydY6tZ7mpw==
	8	Exponent2: yF2NMyAA6J8fpf069GQ6178kCeoVlv0mStiYdI5gPSSnPD4/fkaQFsPbVVoNMxjav71AThYeDo4Fvwwc3rpzeQ==
	9	Coefficient: gIrzPgL4XhCn/yP0qRCqBTmnqRLeEvRsYNz2T8gsyVGc9gyt/9ouhKOGGHmD2DJf7yWfJiQEEuhw+lBBTNNKtQ==

+437

-0

testdata/dlv_optout.rpl less more

	0	; config options
	1	; The island of trust is at example.com (the DLV repository)
	2	server:
	3	dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix"
	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test validator, DLV to zone below optout, check negative cache.
	14	; DLV example.com.
	15	; trust anchor at example.net but no secure delegation to
	16	; sub.example.net signed with DLV but not by parent.
	17	; parent uses optout NSEC3.
	18	; then a signed delegation to down.sub.example.net.
	19
	20	; K.ROOT-SERVERS.NET.
	21	RANGE_BEGIN 0 100
	22	ADDRESS 193.0.14.129
	23	ENTRY_BEGIN
	24	MATCH opcode qtype qname
	25	ADJUST copy_id
	26	REPLY QR NOERROR
	27	SECTION QUESTION
	28	. IN NS
	29	SECTION ANSWER
	30	. IN NS K.ROOT-SERVERS.NET.
	31	SECTION ADDITIONAL
	32	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	33	ENTRY_END
	34
	35	ENTRY_BEGIN
	36	MATCH opcode subdomain
	37	ADJUST copy_id copy_query
	38	REPLY QR NOERROR
	39	SECTION QUESTION
	40	com. IN A
	41	SECTION AUTHORITY
	42	com. IN NS a.gtld-servers.net.
	43	SECTION ADDITIONAL
	44	a.gtld-servers.net. IN A 192.5.6.30
	45	ENTRY_END
	46
	47	ENTRY_BEGIN
	48	MATCH opcode subdomain
	49	ADJUST copy_id copy_query
	50	REPLY QR NOERROR
	51	SECTION QUESTION
	52	net. IN A
	53	SECTION AUTHORITY
	54	net. IN NS a.gtld-servers.net.
	55	SECTION ADDITIONAL
	56	a.gtld-servers.net. IN A 192.5.6.30
	57	ENTRY_END
	58	RANGE_END
	59
	60	; a.gtld-servers.net.
	61	RANGE_BEGIN 0 100
	62	ADDRESS 192.5.6.30
	63	ENTRY_BEGIN
	64	MATCH opcode qtype qname
	65	ADJUST copy_id
	66	REPLY QR NOERROR
	67	SECTION QUESTION
	68	com. IN NS
	69	SECTION ANSWER
	70	com. IN NS a.gtld-servers.net.
	71	SECTION ADDITIONAL
	72	a.gtld-servers.net. IN A 192.5.6.30
	73	ENTRY_END
	74
	75	ENTRY_BEGIN
	76	MATCH opcode qtype qname
	77	ADJUST copy_id
	78	REPLY QR NOERROR
	79	SECTION QUESTION
	80	net. IN NS
	81	SECTION ANSWER
	82	net. IN NS a.gtld-servers.net.
	83	SECTION ADDITIONAL
	84	a.gtld-servers.net. IN A 192.5.6.30
	85	ENTRY_END
	86
	87	ENTRY_BEGIN
	88	MATCH opcode subdomain
	89	ADJUST copy_id copy_query
	90	REPLY QR NOERROR
	91	SECTION QUESTION
	92	example.com. IN A
	93	SECTION AUTHORITY
	94	example.com. IN NS ns.example.com.
	95	SECTION ADDITIONAL
	96	ns.example.com. IN A 1.2.3.4
	97	ENTRY_END
	98
	99	ENTRY_BEGIN
	100	MATCH opcode subdomain
	101	ADJUST copy_id copy_query
	102	REPLY QR NOERROR
	103	SECTION QUESTION
	104	example.net. IN A
	105	SECTION AUTHORITY
	106	example.net. IN NS ns.example.net.
	107	SECTION ADDITIONAL
	108	ns.example.net. IN A 1.2.3.5
	109	ENTRY_END
	110	RANGE_END
	111
	112	; ns.example.com.
	113	RANGE_BEGIN 0 100
	114	ADDRESS 1.2.3.4
	115	ENTRY_BEGIN
	116	MATCH opcode qtype qname
	117	ADJUST copy_id
	118	REPLY QR NOERROR
	119	SECTION QUESTION
	120	example.com. IN NS
	121	SECTION ANSWER
	122	example.com. IN NS ns.example.com.
	123	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	124	SECTION ADDITIONAL
	125	ns.example.com. IN A 1.2.3.4
	126	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	127	ENTRY_END
	128
	129	; response to DNSKEY priming query
	130	ENTRY_BEGIN
	131	MATCH opcode qtype qname
	132	ADJUST copy_id
	133	REPLY QR NOERROR
	134	SECTION QUESTION
	135	example.com. IN DNSKEY
	136	SECTION ANSWER
	137	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	138	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	139	SECTION AUTHORITY
	140	example.com. IN NS ns.example.com.
	141	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	142	SECTION ADDITIONAL
	143	ns.example.com. IN A 1.2.3.4
	144	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	145	ENTRY_END
	146
	147	; DLV query
	148	ENTRY_BEGIN
	149	MATCH opcode qtype qname
	150	ADJUST copy_id
	151	REPLY QR NOERROR
	152	SECTION QUESTION
	153	sub.example.net.example.com. IN DLV
	154	SECTION ANSWER
	155	sub.example.net.example.com. 3600 IN DLV 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox
	156	sub.example.net.example.com. 3600 IN RRSIG DLV 3 5 3600 20070926135752 20070829135752 2854 example.com. AAdhy87nuDEaxmc+k9pJHYnhKiEYL++OLPxzOdwEQOtsHi7jeD3lRDU= ;{id = 2854}
	157	SECTION AUTHORITY
	158	example.com. IN NS ns.example.com.
	159	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	160	SECTION ADDITIONAL
	161	ns.example.com. IN A 1.2.3.4
	162	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	163	ENTRY_END
	164
	165	ENTRY_BEGIN
	166	MATCH opcode qtype qname
	167	ADJUST copy_id
	168	REPLY QR NXDOMAIN
	169	SECTION QUESTION
	170	down.sub.example.net.example.com. IN DLV
	171	SECTION ANSWER
	172	SECTION AUTHORITY
	173	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	174	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	175	sub.example.net.example.com. IN NSEC zzz.example.net.example.com. RRSIG NSEC DLV
	176	sub.example.net.example.com. 3600 IN RRSIG NSEC 3 5 3600 20070926134150 20070829134150 2854 example.com. AG/M+H/lex1CMTIuO+JpdmTjCzt7XBsLtRLPDfYTykhxnnECzZwkMnQ= ;{id = 2854}
	177	SECTION ADDITIONAL
	178	ENTRY_END
	179
	180	ENTRY_BEGIN
	181	MATCH opcode qtype qname
	182	ADJUST copy_id
	183	REPLY QR NOERROR
	184	SECTION QUESTION
	185	net.example.com. IN DLV
	186	SECTION ANSWER
	187	SECTION AUTHORITY
	188	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	189	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	190	example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC
	191	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854}
	192	ENTRY_END
	193
	194	ENTRY_BEGIN
	195	MATCH opcode qtype qname
	196	ADJUST copy_id
	197	REPLY QR NXDOMAIN
	198	SECTION QUESTION
	199	com.example.com. IN DLV
	200	SECTION ANSWER
	201	SECTION AUTHORITY
	202	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	203	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	204	example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC
	205	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854}
	206	ENTRY_END
	207
	208	RANGE_END
	209
	210	; ns.example.net.
	211	RANGE_BEGIN 0 100
	212	ADDRESS 1.2.3.5
	213	; DS RR is
	214	; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	215	; DNSKEY prime query
	216	ENTRY_BEGIN
	217	MATCH opcode qtype qname
	218	ADJUST copy_id
	219	REPLY QR NOERROR
	220	SECTION QUESTION
	221	example.net. IN DNSKEY
	222	SECTION ANSWER
	223	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	224	example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
	225	SECTION AUTHORITY
	226	example.net. IN NS ns.example.net.
	227	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	228	SECTION ADDITIONAL
	229	ns.example.net. IN A 1.2.3.5
	230	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	231	ENTRY_END
	232
	233	; NS query
	234	ENTRY_BEGIN
	235	MATCH opcode qtype qname
	236	ADJUST copy_id
	237	REPLY QR NOERROR
	238	SECTION QUESTION
	239	example.net. IN NS
	240	SECTION ANSWER
	241	example.net. IN NS ns.example.net.
	242	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	243	SECTION ADDITIONAL
	244	ns.example.net. IN A 1.2.3.5
	245	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	246	ENTRY_END
	247
	248	; no DS to sub.example.net, optout NSEC3.
	249	; NSEC3PARAM 1 1 31 DE15C001
	250	; example.net. -> hk4jq0lg6q3bt992urc88dqten1k2be8.
	251	; sub.example.net. -> ecs17hqd0kf7dk9g1cjvevj25pginrf2.
	252	; *.example.net. -> 1tgbedpeeuubbsejh2dqvso62f8n4dk1.
	253	; down.sub.example.net. -> 9j1r8re9b1238vd907tilclgat1i0fre.
	254	ENTRY_BEGIN
	255	MATCH opcode qtype qname
	256	ADJUST copy_id
	257	REPLY QR NOERROR
	258	SECTION QUESTION
	259	sub.example.net. IN DS
	260	SECTION ANSWER
	261	SECTION AUTHORITY
	262	example.net. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	263	example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ELVULZHTRc0Qk06rSBRnB/T6sm1+AbAtdEJHN6PCsz2Z3s3E5A8NH7Krz0VzRaYIEUStnbAtuE3oP8XHWHBnyQ== ;{id = 30899}
	264	; CE is example.net
	265	hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. IN NSEC3 1 1 31 DE15C001 hl4jq0lg6q3bt992urc88dqten1k2be8 NS SOA NAPTR RRSIG DNSKEY NSEC3PARAM
	266	hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. n1dQKbRoB+X4K003RAhdUp6ZUP5dCiwQi+apGfLII8wmCUmw/cKiz7/Ijhs/+88hZwq/7yhlZM0D/yqAUKUiAA== ;{id = 30899}
	267	; NC covers sub.example.net
	268	ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. IN NSEC3 1 1 31 de15c001 efs17hqd0kf7dk9g1cjvevj25pginrf2 A RRSIG
	269	ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. oSVB7Dyp7/yaOlT8AFwBJZdqwRRSQ8XFzCpu1AP51JPIuhCg5byepdvY6UC3xXc7YVO6h74tpxFCGqLpRXwDoQ== ;{id = 30899}
	270	SECTION ADDITIONAL
	271	ENTRY_END
	272
	273	; delegation to sub.example.net, optout NSEC3.
	274	ENTRY_BEGIN
	275	MATCH opcode subdomain
	276	ADJUST copy_id copy_query
	277	REPLY QR NOERROR
	278	SECTION QUESTION
	279	sub.example.net. IN NS
	280	SECTION ANSWER
	281	SECTION AUTHORITY
	282	sub.example.net. IN NS ns.sub.example.net.
	283	hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. IN NSEC3 1 1 31 DE15C001 hl4jq0lg6q3bt992urc88dqten1k2be8 NS SOA NAPTR RRSIG DNSKEY NSEC3PARAM
	284	hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. n1dQKbRoB+X4K003RAhdUp6ZUP5dCiwQi+apGfLII8wmCUmw/cKiz7/Ijhs/+88hZwq/7yhlZM0D/yqAUKUiAA== ;{id = 30899}
	285	ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. IN NSEC3 1 1 31 de15c001 efs17hqd0kf7dk9g1cjvevj25pginrf2 A RRSIG
	286	ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. oSVB7Dyp7/yaOlT8AFwBJZdqwRRSQ8XFzCpu1AP51JPIuhCg5byepdvY6UC3xXc7YVO6h74tpxFCGqLpRXwDoQ== ;{id = 30899}
	287	SECTION ADDITIONAL
	288	ns.sub.example.net. IN A 1.2.3.6
	289	ENTRY_END
	290
	291
	292	RANGE_END
	293
	294	; ns.sub.example.net.
	295	RANGE_BEGIN 0 100
	296	ADDRESS 1.2.3.6
	297	; DS is
	298	; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox
	299	; DNSKEY query
	300	ENTRY_BEGIN
	301	MATCH opcode qtype qname
	302	ADJUST copy_id
	303	REPLY QR AA NOERROR
	304	SECTION QUESTION
	305	sub.example.net. IN DNSKEY
	306	SECTION ANSWER
	307	sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	308	sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899}
	309	SECTION AUTHORITY
	310	sub.example.net. IN NS ns.sub.example.net.
	311	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	312	SECTION ADDITIONAL
	313	ns.sub.example.net. IN A 1.2.3.6
	314	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	315	ENTRY_END
	316
	317	; NS query
	318	ENTRY_BEGIN
	319	MATCH opcode qtype qname
	320	ADJUST copy_id
	321	REPLY QR AA NOERROR
	322	SECTION QUESTION
	323	sub.example.net. IN NS
	324	SECTION ANSWER
	325	sub.example.net. IN NS ns.sub.example.net.
	326	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	327	SECTION ADDITIONAL
	328	ns.sub.example.net. IN A 1.2.3.6
	329	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	330	ENTRY_END
	331
	332	; www.sub.example.net query
	333	ENTRY_BEGIN
	334	MATCH opcode qtype qname
	335	ADJUST copy_id
	336	REPLY QR AA NOERROR
	337	SECTION QUESTION
	338	www.sub.example.net. IN A
	339	SECTION ANSWER
	340	www.sub.example.net. IN A 10.20.30.40
	341	www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899}
	342	SECTION AUTHORITY
	343	sub.example.net. IN NS ns.sub.example.net.
	344	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	345	SECTION ADDITIONAL
	346	ns.sub.example.net. IN A 1.2.3.6
	347	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	348	ENTRY_END
	349
	350	; DS for down.sub.example.net
	351	ENTRY_BEGIN
	352	MATCH opcode qtype qname
	353	ADJUST copy_id
	354	REPLY QR AA NOERROR
	355	SECTION QUESTION
	356	down.sub.example.net. IN DS
	357	SECTION ANSWER
	358	down.sub.example.net. 3600 IN DS 60946 5 1 c636304ab7cdb6272215aceac95a8d312ac7a4f6
	359	down.sub.example.net. 3600 IN RRSIG DS 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AMc8J534UF2+0PtPSNBw6RzN4Q5gXfnBXiUfpuT/MR1YtOE/5AP/0dTgvqvKRiFZx3NjOPeZmRnaabxkw0Qzrw== ;{id = 30899}
	360	SECTION AUTHORITY
	361	SECTION ADDITIONAL
	362	ENTRY_END
	363
	364	; delegation to down.sub.example.net
	365	ENTRY_BEGIN
	366	MATCH opcode subdomain
	367	ADJUST copy_id copy_query
	368	REPLY QR NOERROR
	369	SECTION QUESTION
	370	down.sub.example.net. IN NS
	371	SECTION ANSWER
	372	SECTION AUTHORITY
	373	down.sub.example.net. IN NS ns.down.sub.example.net.
	374	; the DS record is not given (like it was parent and child hosted on the same
	375	; server)
	376	;down.sub.example.net. 3600 IN DS 60946 5 1 c636304ab7cdb6272215aceac95a8d312ac7a4f6
	377	;down.sub.example.net. 3600 IN RRSIG DS 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AMc8J534UF2+0PtPSNBw6RzN4Q5gXfnBXiUfpuT/MR1YtOE/5AP/0dTgvqvKRiFZx3NjOPeZmRnaabxkw0Qzrw== ;{id = 30899}
	378	SECTION ADDITIONAL
	379	ns.down.sub.example.net. IN A 1.2.3.7
	380	ENTRY_END
	381
	382	RANGE_END
	383
	384	; ns.down.sub.example.net.
	385	RANGE_BEGIN 0 100
	386	ADDRESS 1.2.3.7
	387	; DNSKEY query
	388	ENTRY_BEGIN
	389	MATCH opcode qtype qname
	390	ADJUST copy_id
	391	REPLY QR AA NOERROR
	392	SECTION QUESTION
	393	down.sub.example.net. IN DNSKEY
	394	SECTION ANSWER
	395	down.sub.example.net. 3600 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
	396	down.sub.example.net. 3600 IN RRSIG DNSKEY 5 4 3600 20070926134150 20070829134150 60946 down.sub.example.net. lK5HNva/IPw0CS9BfBd16fqm5y9bgCSwGsBLBAA1d5SCcKep6AVrv6NFuXl12d1G3MdQ4ruHi6eDDO5dhtkfrw== ;{id = 60946}
	397	SECTION AUTHORITY
	398	SECTION ADDITIONAL
	399	ENTRY_END
	400
	401	; www.down.sub.example.net.
	402	ENTRY_BEGIN
	403	MATCH opcode qtype qname
	404	ADJUST copy_id
	405	REPLY QR AA NOERROR
	406	SECTION QUESTION
	407	www.down.sub.example.net. IN A
	408	SECTION ANSWER
	409	www.down.sub.example.net. IN A 10.20.30.44
	410	www.down.sub.example.net. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 60946 down.sub.example.net. Hg5WF/xW8PRth2rl1mZcYK8/pgGpM73e/fD+mH/XElEKgL9zq0ou8psA0I6OvMLGBN6RQeknQHRAy3D2/5k/Wg== ;{id = 60946}
	411	SECTION AUTHORITY
	412	SECTION ADDITIONAL
	413	ENTRY_END
	414
	415	RANGE_END
	416
	417	STEP 1 QUERY
	418	ENTRY_BEGIN
	419	REPLY RD DO
	420	SECTION QUESTION
	421	www.down.sub.example.net. IN A
	422	ENTRY_END
	423
	424	; recursion happens here.
	425	STEP 10 CHECK_ANSWER
	426	ENTRY_BEGIN
	427	MATCH all
	428	REPLY QR RD RA AD NOERROR
	429	SECTION QUESTION
	430	www.down.sub.example.net. IN A
	431	SECTION ANSWER
	432	www.down.sub.example.net. IN A 10.20.30.44
	433	www.down.sub.example.net. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 60946 down.sub.example.net. Hg5WF/xW8PRth2rl1mZcYK8/pgGpM73e/fD+mH/XElEKgL9zq0ou8psA0I6OvMLGBN6RQeknQHRAy3D2/5k/Wg== ;{id = 60946}
	434	ENTRY_END
	435
	436	SCENARIO_END

testdata/edns_cache.tpkg less more

Binary diff not shown

testdata/fwd_compress_c00c.tpkg less more

Binary diff not shown

-1

testdata/iter_cname_nx.rpl less more

144	144	STEP 10 CHECK_ANSWER
145	145	ENTRY_BEGIN
146	146	MATCH all
147		REPLY QR RD RA NOERROR
	147	REPLY QR RD RA NXDOMAIN
148	148	SECTION QUESTION
149	149	www.example.com. IN A
150	150	SECTION ANSWER

+272

-0

testdata/iter_domain_sale.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
	4	stub-zone:
	5	name: "."
	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	7	CONFIG_END
	8
	9	SCENARIO_BEGIN Test resolver with a domain sale
	10	; and the old operator is nasty, keeps running his server with the old data.
	11	; and lots of lookups keep going towards the domain.
	12	; eventually, the NS record has to timeout.
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode subdomain
	31	ADJUST copy_id copy_query
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net. (before sale of domain)
	43	RANGE_BEGIN 0 20
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode subdomain
	59	ADJUST copy_id copy_query
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; a.gtld-servers.net. (after sale of domain)
	71	RANGE_BEGIN 30 200
	72	ADDRESS 192.5.6.30
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	com. IN NS
	79	SECTION ANSWER
	80	com. IN NS a.gtld-servers.net.
	81	SECTION ADDITIONAL
	82	a.gtld-servers.net. IN A 192.5.6.30
	83	ENTRY_END
	84
	85	ENTRY_BEGIN
	86	MATCH opcode subdomain
	87	ADJUST copy_id copy_query
	88	REPLY QR NOERROR
	89	SECTION QUESTION
	90	example.com. IN A
	91	SECTION AUTHORITY
	92	example.com. IN NS ns.example.com.
	93	SECTION ADDITIONAL
	94	ns.example.com. IN A 8.8.8.8
	95	ENTRY_END
	96	RANGE_END
	97
	98	; ns.example.com. first owner
	99	RANGE_BEGIN 0 200
	100	ADDRESS 1.2.3.4
	101	ENTRY_BEGIN
	102	MATCH opcode qtype qname
	103	ADJUST copy_id
	104	REPLY QR AA NOERROR
	105	SECTION QUESTION
	106	example.com. IN NS
	107	SECTION ANSWER
	108	example.com. IN NS ns.example.com.
	109	SECTION ADDITIONAL
	110	ns.example.com. IN A 1.2.3.4
	111	ENTRY_END
	112
	113	ENTRY_BEGIN
	114	MATCH opcode qname
	115	ADJUST copy_id copy_query
	116	REPLY QR AA NOERROR
	117	SECTION QUESTION
	118	www.example.com. IN A
	119	SECTION ANSWER
	120	www.example.com. 3600 IN A 10.20.30.40
	121	SECTION AUTHORITY
	122	example.com. 3600 IN NS ns.example.com.
	123	SECTION ADDITIONAL
	124	ns.example.com. 3600 IN A 1.2.3.4
	125	ENTRY_END
	126
	127	; nxdomains for any name,type
	128	; last in RANGE so that it matches everything left over.
	129	; it includes the NS record.
	130	ENTRY_BEGIN
	131	MATCH opcode
	132	ADJUST copy_id copy_query
	133	REPLY QR AA NXDOMAIN
	134	SECTION QUESTION
	135	www.example.com. IN A
	136	SECTION ANSWER
	137	SECTION AUTHORITY
	138	example.com. 3600 IN SOA a. b. 1 2 3 4 5
	139	example.com. 3600 IN NS ns.example.com.
	140	SECTION ADDITIONAL
	141	ns.example.com. 3600 IN A 1.2.3.4
	142	ENTRY_END
	143	RANGE_END
	144
	145	; ns.example.com. new owner
	146	RANGE_BEGIN 0 200
	147	ADDRESS 8.8.8.8
	148	ENTRY_BEGIN
	149	MATCH opcode qtype qname
	150	ADJUST copy_id
	151	REPLY QR AA NOERROR
	152	SECTION QUESTION
	153	example.com. IN NS
	154	SECTION ANSWER
	155	example.com. IN NS ns.example.com.
	156	SECTION ADDITIONAL
	157	ns.example.com. IN A 8.8.8.8
	158	ENTRY_END
	159
	160	ENTRY_BEGIN
	161	MATCH opcode qtype qname
	162	ADJUST copy_id
	163	REPLY QR AA NOERROR
	164	SECTION QUESTION
	165	www.example.com. IN A
	166	SECTION ANSWER
	167	www.example.com. 3600 IN A 88.88.88.88
	168	SECTION AUTHORITY
	169	example.com. 3600 IN NS ns.example.com.
	170	SECTION ADDITIONAL
	171	ns.example.com. 3600 IN A 8.8.8.8
	172	ENTRY_END
	173	RANGE_END
	174
	175	; Fetch the old record from the old owner.
	176	STEP 1 QUERY
	177	ENTRY_BEGIN
	178	REPLY RD
	179	SECTION QUESTION
	180	www.example.com. IN A
	181	ENTRY_END
	182	; recursion happens here.
	183	STEP 5 CHECK_ANSWER
	184	ENTRY_BEGIN
	185	MATCH all ttl
	186	REPLY QR RD RA NOERROR
	187	SECTION QUESTION
	188	www.example.com. IN A
	189	SECTION ANSWER
	190	www.example.com. 3600 IN A 10.20.30.40
	191	SECTION AUTHORITY
	192	example.com. 3600 IN NS ns.example.com.
	193	SECTION ADDITIONAL
	194	ns.example.com. 3600 IN A 1.2.3.4
	195	ENTRY_END
	196
	197	; the domain is sold (right at this time).
	198	; but the information stays in the cache.
	199
	200	; after 1800 secs still the cached answer
	201	STEP 20 TIME_PASSES ELAPSE 1800
	202
	203	STEP 30 QUERY
	204	ENTRY_BEGIN
	205	REPLY RD
	206	SECTION QUESTION
	207	www.example.com. IN A
	208	ENTRY_END
	209	; recursion happens here.
	210	STEP 40 CHECK_ANSWER
	211	ENTRY_BEGIN
	212	MATCH all ttl
	213	REPLY QR RD RA NOERROR
	214	SECTION QUESTION
	215	www.example.com. IN A
	216	SECTION ANSWER
	217	www.example.com. 1800 IN A 10.20.30.40
	218	SECTION AUTHORITY
	219	example.com. 1800 IN NS ns.example.com.
	220	SECTION ADDITIONAL
	221	ns.example.com. 1800 IN A 1.2.3.4
	222	ENTRY_END
	223
	224	; and ask another query
	225	STEP 50 QUERY
	226	ENTRY_BEGIN
	227	REPLY RD
	228	SECTION QUESTION
	229	nx1.example.com. IN A
	230	ENTRY_END
	231	; recursion happens here.
	232	STEP 60 CHECK_ANSWER
	233	ENTRY_BEGIN
	234	MATCH all ttl
	235	REPLY QR RD RA NXDOMAIN
	236	SECTION QUESTION
	237	nx1.example.com. IN A
	238	SECTION ANSWER
	239	SECTION AUTHORITY
	240	example.com. 3600 IN SOA a. b. 1 2 3 4 5
	241	example.com. 3600 IN NS ns.example.com.
	242	SECTION ADDITIONAL
	243	ns.example.com. 3600 IN A 1.2.3.4
	244	ENTRY_END
	245
	246	; after another 1900 seconds the domain must have timed out.
	247	STEP 70 TIME_PASSES ELAPSE 1900
	248
	249	; the NS record should have timed out.
	250	STEP 80 QUERY
	251	ENTRY_BEGIN
	252	REPLY RD
	253	SECTION QUESTION
	254	www.example.com. IN A
	255	ENTRY_END
	256	; recursion happens here.
	257	STEP 90 CHECK_ANSWER
	258	ENTRY_BEGIN
	259	MATCH all ttl
	260	REPLY QR RD RA NOERROR
	261	SECTION QUESTION
	262	www.example.com. IN A
	263	SECTION ANSWER
	264	www.example.com. 3600 IN A 88.88.88.88
	265	SECTION AUTHORITY
	266	example.com. 3600 IN NS ns.example.com.
	267	SECTION ADDITIONAL
	268	ns.example.com. 3600 IN A 8.8.8.8
	269	ENTRY_END
	270
	271	SCENARIO_END

+340

-0

testdata/iter_domain_sale_nschange.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
	4	stub-zone:
	5	name: "."
	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	7	CONFIG_END
	8
	9	SCENARIO_BEGIN Test resolver with a domain sale and NS changes
	10	; and the old operator is nasty, keeps running his server with the old data.
	11	; and lots of lookups keep going towards the domain.
	12	; and the old server is changing the NS record of the old domain.
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode subdomain
	31	ADJUST copy_id copy_query
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net. (before sale of domain)
	43	RANGE_BEGIN 0 20
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode subdomain
	59	ADJUST copy_id copy_query
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; a.gtld-servers.net. (after sale of domain)
	71	RANGE_BEGIN 30 200
	72	ADDRESS 192.5.6.30
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	com. IN NS
	79	SECTION ANSWER
	80	com. IN NS a.gtld-servers.net.
	81	SECTION ADDITIONAL
	82	a.gtld-servers.net. IN A 192.5.6.30
	83	ENTRY_END
	84
	85	ENTRY_BEGIN
	86	MATCH opcode subdomain
	87	ADJUST copy_id copy_query
	88	REPLY QR NOERROR
	89	SECTION QUESTION
	90	example.com. IN A
	91	SECTION AUTHORITY
	92	example.com. IN NS ns.example.com.
	93	SECTION ADDITIONAL
	94	ns.example.com. IN A 8.8.8.8
	95	ENTRY_END
	96	RANGE_END
	97
	98	; ns.example.com. first owner
	99	RANGE_BEGIN 0 30
	100	ADDRESS 1.2.3.4
	101	ENTRY_BEGIN
	102	MATCH opcode qtype qname
	103	ADJUST copy_id
	104	REPLY QR AA NOERROR
	105	SECTION QUESTION
	106	example.com. IN NS
	107	SECTION ANSWER
	108	example.com. IN NS ns.example.com.
	109	SECTION ADDITIONAL
	110	ns.example.com. IN A 1.2.3.4
	111	ENTRY_END
	112
	113	ENTRY_BEGIN
	114	MATCH opcode qname
	115	ADJUST copy_id copy_query
	116	REPLY QR AA NOERROR
	117	SECTION QUESTION
	118	www.example.com. IN A
	119	SECTION ANSWER
	120	www.example.com. 3600 IN A 10.20.30.40
	121	SECTION AUTHORITY
	122	example.com. 3600 IN NS ns.example.com.
	123	SECTION ADDITIONAL
	124	ns.example.com. 3600 IN A 1.2.3.4
	125	ENTRY_END
	126
	127	; nxdomains for any name,type
	128	; last in RANGE so that it matches everything left over.
	129	; it includes the NS record.
	130	ENTRY_BEGIN
	131	MATCH opcode
	132	ADJUST copy_id copy_query
	133	REPLY QR AA NXDOMAIN
	134	SECTION QUESTION
	135	www.example.com. IN A
	136	SECTION ANSWER
	137	SECTION AUTHORITY
	138	example.com. 3600 IN SOA a. b. 1 2 3 4 5
	139	example.com. 3600 IN NS ns.example.com.
	140	SECTION ADDITIONAL
	141	ns.example.com. 3600 IN A 1.2.3.4
	142	ENTRY_END
	143	RANGE_END
	144
	145	; ns.example.com. first owner, NS changed
	146	RANGE_BEGIN 40 200
	147	ADDRESS 1.2.3.4
	148	ENTRY_BEGIN
	149	MATCH opcode qtype qname
	150	ADJUST copy_id
	151	REPLY QR AA NOERROR
	152	SECTION QUESTION
	153	example.com. IN NS
	154	SECTION ANSWER
	155	example.com. IN NS nsb.example.com.
	156	SECTION ADDITIONAL
	157	nsb.example.com. IN A 1.2.3.4
	158	ENTRY_END
	159
	160	ENTRY_BEGIN
	161	MATCH opcode qname
	162	ADJUST copy_id copy_query
	163	REPLY QR AA NOERROR
	164	SECTION QUESTION
	165	www.example.com. IN A
	166	SECTION ANSWER
	167	www.example.com. 3600 IN A 10.20.30.40
	168	SECTION AUTHORITY
	169	example.com. 3600 IN NS nsb.example.com.
	170	SECTION ADDITIONAL
	171	nsb.example.com. 3600 IN A 1.2.3.4
	172	ENTRY_END
	173
	174	; nxdomains for any name,type
	175	; last in RANGE so that it matches everything left over.
	176	; it includes the NS record.
	177	ENTRY_BEGIN
	178	MATCH opcode
	179	ADJUST copy_id copy_query
	180	REPLY QR AA NXDOMAIN
	181	SECTION QUESTION
	182	www.example.com. IN A
	183	SECTION ANSWER
	184	SECTION AUTHORITY
	185	example.com. 3600 IN SOA a. b. 1 2 3 4 5
	186	example.com. 3600 IN NS nsb.example.com.
	187	SECTION ADDITIONAL
	188	nsb.example.com. 3600 IN A 1.2.3.4
	189	ENTRY_END
	190	RANGE_END
	191
	192	; ns.example.com. new owner
	193	RANGE_BEGIN 0 200
	194	ADDRESS 8.8.8.8
	195	ENTRY_BEGIN
	196	MATCH opcode qtype qname
	197	ADJUST copy_id
	198	REPLY QR AA NOERROR
	199	SECTION QUESTION
	200	example.com. IN NS
	201	SECTION ANSWER
	202	example.com. IN NS ns.example.com.
	203	SECTION ADDITIONAL
	204	ns.example.com. IN A 8.8.8.8
	205	ENTRY_END
	206
	207	ENTRY_BEGIN
	208	MATCH opcode qtype qname
	209	ADJUST copy_id
	210	REPLY QR AA NOERROR
	211	SECTION QUESTION
	212	www.example.com. IN A
	213	SECTION ANSWER
	214	www.example.com. 3600 IN A 88.88.88.88
	215	SECTION AUTHORITY
	216	example.com. 3600 IN NS ns.example.com.
	217	SECTION ADDITIONAL
	218	ns.example.com. 3600 IN A 8.8.8.8
	219	ENTRY_END
	220	RANGE_END
	221
	222	; Fetch the old record from the old owner.
	223	STEP 1 QUERY
	224	ENTRY_BEGIN
	225	REPLY RD
	226	SECTION QUESTION
	227	www.example.com. IN A
	228	ENTRY_END
	229	; recursion happens here.
	230	STEP 5 CHECK_ANSWER
	231	ENTRY_BEGIN
	232	MATCH all ttl
	233	REPLY QR RD RA NOERROR
	234	SECTION QUESTION
	235	www.example.com. IN A
	236	SECTION ANSWER
	237	www.example.com. 3600 IN A 10.20.30.40
	238	SECTION AUTHORITY
	239	example.com. 3600 IN NS ns.example.com.
	240	SECTION ADDITIONAL
	241	ns.example.com. 3600 IN A 1.2.3.4
	242	ENTRY_END
	243
	244	; the domain is sold (right at this time).
	245	; but the information stays in the cache.
	246
	247	; after 1800 secs still the cached answer
	248	STEP 20 TIME_PASSES ELAPSE 1800
	249
	250	STEP 30 QUERY
	251	ENTRY_BEGIN
	252	REPLY RD
	253	SECTION QUESTION
	254	www.example.com. IN A
	255	ENTRY_END
	256	; recursion happens here.
	257	STEP 40 CHECK_ANSWER
	258	ENTRY_BEGIN
	259	MATCH all ttl
	260	REPLY QR RD RA NOERROR
	261	SECTION QUESTION
	262	www.example.com. IN A
	263	SECTION ANSWER
	264	www.example.com. 1800 IN A 10.20.30.40
	265	SECTION AUTHORITY
	266	example.com. 1800 IN NS ns.example.com.
	267	SECTION ADDITIONAL
	268	ns.example.com. 1800 IN A 1.2.3.4
	269	ENTRY_END
	270
	271	; and ask another query
	272	STEP 50 QUERY
	273	ENTRY_BEGIN
	274	REPLY RD
	275	SECTION QUESTION
	276	nx1.example.com. IN A
	277	ENTRY_END
	278	; recursion happens here.
	279	STEP 60 CHECK_ANSWER
	280	ENTRY_BEGIN
	281	MATCH all ttl
	282	REPLY QR RD RA NXDOMAIN
	283	SECTION QUESTION
	284	nx1.example.com. IN A
	285	SECTION ANSWER
	286	SECTION AUTHORITY
	287	example.com. 3600 IN SOA a. b. 1 2 3 4 5
	288	example.com. 3600 IN NS nsb.example.com.
	289	SECTION ADDITIONAL
	290	nsb.example.com. 3600 IN A 1.2.3.4
	291	ENTRY_END
	292
	293	STEP 62 QUERY
	294	ENTRY_BEGIN
	295	REPLY RD
	296	SECTION QUESTION
	297	nx1.example.com. IN A
	298	ENTRY_END
	299	; recursion happens here.
	300	STEP 63 CHECK_ANSWER
	301	ENTRY_BEGIN
	302	MATCH all ttl
	303	REPLY QR RD RA NXDOMAIN
	304	SECTION QUESTION
	305	nx1.example.com. IN A
	306	SECTION ANSWER
	307	SECTION AUTHORITY
	308	example.com. 3600 IN SOA a. b. 1 2 3 4 5
	309	example.com. 1800 IN NS nsb.example.com.
	310	SECTION ADDITIONAL
	311	nsb.example.com. 3600 IN A 1.2.3.4
	312	ENTRY_END
	313
	314	; after another 1900 seconds the domain must have timed out.
	315	STEP 70 TIME_PASSES ELAPSE 1900
	316
	317	; the NS record should have timed out.
	318	STEP 80 QUERY
	319	ENTRY_BEGIN
	320	REPLY RD
	321	SECTION QUESTION
	322	www.example.com. IN A
	323	ENTRY_END
	324	; recursion happens here.
	325	STEP 90 CHECK_ANSWER
	326	ENTRY_BEGIN
	327	MATCH all ttl
	328	REPLY QR RD RA NOERROR
	329	SECTION QUESTION
	330	www.example.com. IN A
	331	SECTION ANSWER
	332	www.example.com. 3600 IN A 88.88.88.88
	333	SECTION AUTHORITY
	334	example.com. 3600 IN NS ns.example.com.
	335	SECTION ADDITIONAL
	336	ns.example.com. 3600 IN A 8.8.8.8
	337	ENTRY_END
	338
	339	SCENARIO_END

+293

-0

testdata/iter_prefetch_ns.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3	prefetch: "yes"
	4
	5	stub-zone:
	6	name: "."
	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	8	CONFIG_END
	9
	10	SCENARIO_BEGIN Test resolver prefetch of NS record for moved domain
	11
	12	; K.ROOT-SERVERS.NET.
	13	RANGE_BEGIN 0 100
	14	ADDRESS 193.0.14.129
	15	ENTRY_BEGIN
	16	MATCH opcode qtype qname
	17	ADJUST copy_id
	18	REPLY QR NOERROR
	19	SECTION QUESTION
	20	. IN NS
	21	SECTION ANSWER
	22	. IN NS K.ROOT-SERVERS.NET.
	23	SECTION ADDITIONAL
	24	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	25	ENTRY_END
	26
	27	ENTRY_BEGIN
	28	MATCH opcode qtype qname
	29	ADJUST copy_id
	30	REPLY QR NOERROR
	31	SECTION QUESTION
	32	www.example.com. IN A
	33	SECTION AUTHORITY
	34	com. IN NS a.gtld-servers.net.
	35	SECTION ADDITIONAL
	36	a.gtld-servers.net. IN A 192.5.6.30
	37	ENTRY_END
	38	RANGE_END
	39
	40	; a.gtld-servers.net. (before sale of domain)
	41	RANGE_BEGIN 0 20
	42	ADDRESS 192.5.6.30
	43	ENTRY_BEGIN
	44	MATCH opcode qtype qname
	45	ADJUST copy_id
	46	REPLY QR NOERROR
	47	SECTION QUESTION
	48	com. IN NS
	49	SECTION ANSWER
	50	com. IN NS a.gtld-servers.net.
	51	SECTION ADDITIONAL
	52	a.gtld-servers.net. IN A 192.5.6.30
	53	ENTRY_END
	54
	55	ENTRY_BEGIN
	56	MATCH opcode subdomain
	57	ADJUST copy_id copy_query
	58	REPLY QR NOERROR
	59	SECTION QUESTION
	60	example.com. IN A
	61	SECTION AUTHORITY
	62	example.com. IN NS ns.example.com.
	63	SECTION ADDITIONAL
	64	ns.example.com. IN A 1.2.3.4
	65	ENTRY_END
	66	RANGE_END
	67
	68	; a.gtld-servers.net. (after sale of domain)
	69	RANGE_BEGIN 30 200
	70	ADDRESS 192.5.6.30
	71	ENTRY_BEGIN
	72	MATCH opcode qtype qname
	73	ADJUST copy_id
	74	REPLY QR NOERROR
	75	SECTION QUESTION
	76	com. IN NS
	77	SECTION ANSWER
	78	com. IN NS a.gtld-servers.net.
	79	SECTION ADDITIONAL
	80	a.gtld-servers.net. IN A 192.5.6.30
	81	ENTRY_END
	82
	83	ENTRY_BEGIN
	84	MATCH opcode subdomain
	85	ADJUST copy_id copy_query
	86	REPLY QR NOERROR
	87	SECTION QUESTION
	88	example.com. IN A
	89	SECTION AUTHORITY
	90	example.com. IN NS ns.example.com.
	91	SECTION ADDITIONAL
	92	ns.example.com. IN A 8.8.8.8
	93	ENTRY_END
	94	RANGE_END
	95
	96	; ns.example.com. first owner
	97	RANGE_BEGIN 0 200
	98	ADDRESS 1.2.3.4
	99	ENTRY_BEGIN
	100	MATCH opcode qtype qname
	101	ADJUST copy_id
	102	REPLY QR NOERROR
	103	SECTION QUESTION
	104	example.com. IN NS
	105	SECTION ANSWER
	106	example.com. IN NS ns.example.com.
	107	SECTION ADDITIONAL
	108	ns.example.com. IN A 1.2.3.4
	109	ENTRY_END
	110
	111	ENTRY_BEGIN
	112	MATCH opcode qtype qname
	113	ADJUST copy_id
	114	REPLY QR NOERROR
	115	SECTION QUESTION
	116	www.example.com. IN A
	117	SECTION ANSWER
	118	www.example.com. 3600 IN A 10.20.30.40
	119	SECTION AUTHORITY
	120	example.com. 3600 IN NS ns.example.com.
	121	SECTION ADDITIONAL
	122	ns.example.com. 3600 IN A 1.2.3.4
	123	ENTRY_END
	124	RANGE_END
	125
	126	; ns.example.com. new owner
	127	RANGE_BEGIN 0 200
	128	ADDRESS 8.8.8.8
	129	ENTRY_BEGIN
	130	MATCH opcode qtype qname
	131	ADJUST copy_id
	132	REPLY QR NOERROR
	133	SECTION QUESTION
	134	example.com. IN NS
	135	SECTION ANSWER
	136	example.com. IN NS ns.example.com.
	137	SECTION ADDITIONAL
	138	ns.example.com. IN A 8.8.8.8
	139	ENTRY_END
	140
	141	ENTRY_BEGIN
	142	MATCH opcode qtype qname
	143	ADJUST copy_id
	144	REPLY QR NOERROR
	145	SECTION QUESTION
	146	www.example.com. IN A
	147	SECTION ANSWER
	148	www.example.com. 3600 IN A 88.88.88.88
	149	SECTION AUTHORITY
	150	example.com. 3600 IN NS ns.example.com.
	151	SECTION ADDITIONAL
	152	ns.example.com. 3600 IN A 8.8.8.8
	153	ENTRY_END
	154	RANGE_END
	155
	156	STEP 1 QUERY
	157	ENTRY_BEGIN
	158	REPLY RD
	159	SECTION QUESTION
	160	www.example.com. IN A
	161	ENTRY_END
	162	; recursion happens here.
	163	STEP 5 CHECK_ANSWER
	164	ENTRY_BEGIN
	165	MATCH all ttl
	166	REPLY QR RD RA NOERROR
	167	SECTION QUESTION
	168	www.example.com. IN A
	169	SECTION ANSWER
	170	www.example.com. 3600 IN A 10.20.30.40
	171	SECTION AUTHORITY
	172	example.com. 3600 IN NS ns.example.com.
	173	SECTION ADDITIONAL
	174	ns.example.com. 3600 IN A 1.2.3.4
	175	ENTRY_END
	176
	177	STEP 10 QUERY
	178	ENTRY_BEGIN
	179	REPLY RD
	180	SECTION QUESTION
	181	example.com. IN NS
	182	ENTRY_END
	183	; recursion happens here.
	184	STEP 15 CHECK_ANSWER
	185	ENTRY_BEGIN
	186	MATCH all ttl
	187	REPLY QR RD RA NOERROR
	188	SECTION QUESTION
	189	example.com. IN NS
	190	SECTION ANSWER
	191	example.com. 3600 IN NS ns.example.com.
	192	SECTION AUTHORITY
	193	SECTION ADDITIONAL
	194	ns.example.com. 3600 IN A 1.2.3.4
	195	ENTRY_END
	196
	197	; after 1800 secs still the cached answer
	198	STEP 20 TIME_PASSES ELAPSE 1800
	199
	200	STEP 30 QUERY
	201	ENTRY_BEGIN
	202	REPLY RD
	203	SECTION QUESTION
	204	www.example.com. IN A
	205	ENTRY_END
	206	; recursion happens here.
	207	STEP 40 CHECK_ANSWER
	208	ENTRY_BEGIN
	209	MATCH all ttl
	210	REPLY QR RD RA NOERROR
	211	SECTION QUESTION
	212	www.example.com. IN A
	213	SECTION ANSWER
	214	www.example.com. 1800 IN A 10.20.30.40
	215	SECTION AUTHORITY
	216	example.com. 1800 IN NS ns.example.com.
	217	SECTION ADDITIONAL
	218	ns.example.com. 1800 IN A 1.2.3.4
	219	ENTRY_END
	220
	221	STEP 44 QUERY
	222	ENTRY_BEGIN
	223	REPLY RD
	224	SECTION QUESTION
	225	example.com. IN NS
	226	ENTRY_END
	227	; recursion happens here.
	228	STEP 45 CHECK_ANSWER
	229	ENTRY_BEGIN
	230	MATCH all ttl
	231	REPLY QR RD RA NOERROR
	232	SECTION QUESTION
	233	example.com. IN NS
	234	SECTION ANSWER
	235	example.com. 1800 IN NS ns.example.com.
	236	SECTION AUTHORITY
	237	SECTION ADDITIONAL
	238	ns.example.com. 1800 IN A 1.2.3.4
	239	ENTRY_END
	240
	241	; after 1440 we are 360 seconds before the expiry
	242	STEP 50 TIME_PASSES ELAPSE 1440
	243
	244	STEP 60 QUERY
	245	ENTRY_BEGIN
	246	REPLY RD
	247	SECTION QUESTION
	248	example.com. IN NS
	249	ENTRY_END
	250	; recursion happens here.
	251	STEP 70 CHECK_ANSWER
	252	ENTRY_BEGIN
	253	MATCH all ttl
	254	REPLY QR RD RA NOERROR
	255	SECTION QUESTION
	256	example.com. IN NS
	257	SECTION ANSWER
	258	example.com. 360 IN NS ns.example.com.
	259	SECTION AUTHORITY
	260	SECTION ADDITIONAL
	261	ns.example.com. 360 IN A 1.2.3.4
	262	ENTRY_END
	263
	264	STEP 80 TRAFFIC
	265	; let traffic flow for prefetch to happen
	266
	267	; after 360 + 2000 we are after the change to new owner.
	268	STEP 100 TIME_PASSES ELAPSE 2360
	269
	270	; the NS record should have timed out.
	271	STEP 120 QUERY
	272	ENTRY_BEGIN
	273	REPLY RD
	274	SECTION QUESTION
	275	www.example.com. IN A
	276	ENTRY_END
	277	; recursion happens here.
	278	STEP 130 CHECK_ANSWER
	279	ENTRY_BEGIN
	280	MATCH all ttl
	281	REPLY QR RD RA NOERROR
	282	SECTION QUESTION
	283	www.example.com. IN A
	284	SECTION ANSWER
	285	www.example.com. 3600 IN A 88.88.88.88
	286	SECTION AUTHORITY
	287	example.com. 3600 IN NS ns.example.com.
	288	SECTION ADDITIONAL
	289	ns.example.com. 3600 IN A 8.8.8.8
	290	ENTRY_END
	291
	292	SCENARIO_END

-1

testdata/iter_privaddr.rpl less more

4	4	private-address: 10.0.0.0/8
5	5	private-address: 172.16.0.0/12
6	6	private-address: 192.168.0.0/16
7		private-address: 192.254.0.0/16
	7	private-address: 169.254.0.0/16
8	8	private-address: fd00::/8
9	9	private-address: fe80::/10
10	10

+64

-0

testdata/iter_stub_noroot.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
	4	stub-zone:
	5	name: "."
	6	stub-addr: 81.187.81.187
	7	stub-zone:
	8	name: "lp0.eu"
	9	stub-addr: 81.2.80.65
	10	stub-prime: no
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test resolve of stub zone without root prime.
	14
	15	; this server does not respond. (for the root)
	16	RANGE_BEGIN 0 100
	17	ADDRESS 81.187.81.187
	18	ENTRY_BEGIN
	19	MATCH
	20	ADJUST copy_id copy_query
	21	REPLY QR SERVFAIL
	22	SECTION QUESTION
	23	. IN NS
	24	ENTRY_END
	25	RANGE_END
	26
	27	; lp0.eu server
	28	RANGE_BEGIN 0 100
	29	ADDRESS 81.2.80.65
	30	ENTRY_BEGIN
	31	MATCH opcode qtype qname
	32	ADJUST copy_id
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	proxima.lp0.eu. IN A
	36	SECTION ANSWER
	37	proxima.lp0.eu. IN A 81.2.80.65
	38	SECTION AUTHORITY
	39	lp0.eu. IN NS proxima.lp0.eu.
	40	ENTRY_END
	41	RANGE_END
	42
	43	STEP 1 QUERY
	44	ENTRY_BEGIN
	45	REPLY RD
	46	SECTION QUESTION
	47	proxima.lp0.eu. IN A
	48	ENTRY_END
	49
	50	; recursion happens here.
	51	STEP 10 CHECK_ANSWER
	52	ENTRY_BEGIN
	53	MATCH all
	54	REPLY QR RD RA NOERROR
	55	SECTION QUESTION
	56	proxima.lp0.eu. IN A
	57	SECTION ANSWER
	58	proxima.lp0.eu. IN A 81.2.80.65
	59	SECTION AUTHORITY
	60	lp0.eu. IN NS proxima.lp0.eu.
	61	ENTRY_END
	62
	63	SCENARIO_END

+109

-0

testdata/local_typetransparent.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	local-zone: "example.com." typetransparent
	4	local-data: "mail.example.com. IN A 10.20.30.40"
	5
	6	stub-zone:
	7	name: "."
	8	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	9	CONFIG_END
	10
	11	SCENARIO_BEGIN Test local data with typetransparent zone
	12
	13	; K.ROOT-SERVERS.NET.
	14	RANGE_BEGIN 0 100
	15	ADDRESS 193.0.14.129
	16	ENTRY_BEGIN
	17	MATCH opcode qtype qname
	18	ADJUST copy_id
	19	REPLY QR NOERROR
	20	SECTION QUESTION
	21	. IN NS
	22	SECTION ANSWER
	23	. IN NS K.ROOT-SERVERS.NET.
	24	SECTION ADDITIONAL
	25	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	26	ENTRY_END
	27
	28	ENTRY_BEGIN
	29	MATCH opcode qtype qname
	30	ADJUST copy_id
	31	REPLY QR AA NOERROR
	32	SECTION QUESTION
	33	mail.example.com. IN MX
	34	SECTION ANSWER
	35	mail.example.com. IN MX 100 mail.example.com.
	36	ENTRY_END
	37
	38	ENTRY_BEGIN
	39	MATCH opcode qtype qname
	40	ADJUST copy_id
	41	REPLY QR AA NOERROR
	42	SECTION QUESTION
	43	www.example.com. IN AAAA
	44	SECTION ANSWER
	45	www.example.com. IN AAAA 2001::1
	46	ENTRY_END
	47
	48	RANGE_END
	49
	50	STEP 1 QUERY
	51	ENTRY_BEGIN
	52	REPLY RD DO
	53	SECTION QUESTION
	54	mail.example.com. IN A
	55	ENTRY_END
	56	; get straight answer from localdata
	57
	58	STEP 10 CHECK_ANSWER
	59	ENTRY_BEGIN
	60	MATCH all
	61	REPLY QR AA RD RA NOERROR
	62	SECTION QUESTION
	63	mail.example.com. IN A
	64	SECTION ANSWER
	65	mail.example.com. IN A 10.20.30.40
	66	SECTION AUTHORITY
	67	ENTRY_END
	68
	69	STEP 20 QUERY
	70	ENTRY_BEGIN
	71	REPLY RD DO
	72	SECTION QUESTION
	73	mail.example.com. IN MX
	74	ENTRY_END
	75
	76	; get internet answer for other type.
	77
	78	STEP 30 CHECK_ANSWER
	79	ENTRY_BEGIN
	80	MATCH all
	81	REPLY QR RD RA NOERROR
	82	SECTION QUESTION
	83	mail.example.com. IN MX
	84	SECTION ANSWER
	85	mail.example.com. IN MX 100 mail.example.com.
	86	ENTRY_END
	87
	88	STEP 40 QUERY
	89	ENTRY_BEGIN
	90	REPLY RD DO
	91	SECTION QUESTION
	92	www.example.com. IN AAAA
	93	ENTRY_END
	94
	95	; get internet answer for other name.
	96
	97	STEP 50 CHECK_ANSWER
	98	ENTRY_BEGIN
	99	MATCH all
	100	REPLY QR RD RA NOERROR
	101	SECTION QUESTION
	102	www.example.com. IN AAAA
	103	SECTION ANSWER
	104	www.example.com. IN AAAA 2001::1
	105	ENTRY_END
	106
	107
	108	SCENARIO_END

testdata/root_anchor.tpkg less more

Binary diff not shown

+75

-0

testdata/stop_nxdomain.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3	harden-below-nxdomain: yes
	4
	5	stub-zone:
	6	name: "."
	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	8	CONFIG_END
	9
	10	SCENARIO_BEGIN Test stop cache search on nxdomain
	11
	12	; K.ROOT-SERVERS.NET.
	13	RANGE_BEGIN 0 100
	14	ADDRESS 193.0.14.129
	15	ENTRY_BEGIN
	16	MATCH opcode qtype qname
	17	ADJUST copy_id
	18	REPLY QR NOERROR
	19	SECTION QUESTION
	20	. IN NS
	21	SECTION ANSWER
	22	. IN NS K.ROOT-SERVERS.NET.
	23	SECTION ADDITIONAL
	24	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	25	ENTRY_END
	26
	27	ENTRY_BEGIN
	28	MATCH opcode qtype qname
	29	ADJUST copy_id
	30	REPLY QR AA NXDOMAIN
	31	SECTION QUESTION
	32	example.local. IN A
	33	SECTION AUTHORITY
	34	. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400
	35	ENTRY_END
	36	RANGE_END
	37
	38	STEP 1 QUERY
	39	ENTRY_BEGIN
	40	REPLY RD
	41	SECTION QUESTION
	42	example.local. IN A
	43	ENTRY_END
	44
	45	; recursion happens here.
	46	STEP 10 CHECK_ANSWER
	47	ENTRY_BEGIN
	48	MATCH all
	49	REPLY QR RD RA NXDOMAIN
	50	SECTION QUESTION
	51	example.local. IN A
	52	SECTION AUTHORITY
	53	. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400
	54	ENTRY_END
	55
	56	STEP 20 QUERY
	57	ENTRY_BEGIN
	58	REPLY RD
	59	SECTION QUESTION
	60	foo.example.local. IN A
	61	ENTRY_END
	62
	63	; this query does not get sent to K-ROOT.
	64	STEP 30 CHECK_ANSWER
	65	ENTRY_BEGIN
	66	MATCH all
	67	REPLY QR RD RA NXDOMAIN
	68	SECTION QUESTION
	69	foo.example.local. IN A
	70	SECTION AUTHORITY
	71	. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400
	72	ENTRY_END
	73
	74	SCENARIO_END

+13

-0

testdata/test_packets.8 less more

	0	; Test that FORMERR no longer happens.
	1	;-- next packet --
	2	; bad packet, had arcount=1 but EDNS record is missing.
	3	; from imgw.pl. BIND accepts it (but dig notes 'it is malformed').
	4	; therefore we leniently accept this.
	5	; header
	6	75D684100001000200000001
	7	; qd section
	8	04696D677702706C0000010001
	9	; answer section
	10	04696D677702706C000001000100000E100004C3BB560E
	11	04696D677702706C000001000100000E100004C3BB560D
	12

-1

testdata/ttl_msg.rpl less more

419	419	STEP 41 CHECK_ANSWER
420	420	ENTRY_BEGIN
421	421	MATCH all ttl
422		REPLY QR RD RA NOERROR
	422	REPLY QR RD RA NXDOMAIN
423	423	SECTION QUESTION
424	424	www.foo.com. IN A
425	425	SECTION ANSWER

+289

-0

testdata/val_cnameinsectopos.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	;trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test validator with an insecure cname to positive cached
	14
	15	; K.ROOT-SERVERS.NET.
	16	RANGE_BEGIN 0 100
	17	ADDRESS 193.0.14.129
	18	ENTRY_BEGIN
	19	MATCH opcode qtype qname
	20	ADJUST copy_id
	21	REPLY QR NOERROR
	22	SECTION QUESTION
	23	. IN NS
	24	SECTION ANSWER
	25	. IN NS K.ROOT-SERVERS.NET.
	26	SECTION ADDITIONAL
	27	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	28	ENTRY_END
	29
	30	ENTRY_BEGIN
	31	MATCH opcode qtype qname
	32	ADJUST copy_id
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	www.example.com. IN A
	36	SECTION AUTHORITY
	37	com. IN NS a.gtld-servers.net.
	38	SECTION ADDITIONAL
	39	a.gtld-servers.net. IN A 192.5.6.30
	40	ENTRY_END
	41
	42	ENTRY_BEGIN
	43	MATCH opcode qtype qname
	44	ADJUST copy_id
	45	REPLY QR NOERROR
	46	SECTION QUESTION
	47	www.example.net. IN A
	48	SECTION AUTHORITY
	49	net. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53	RANGE_END
	54
	55	; a.gtld-servers.net.
	56	RANGE_BEGIN 0 100
	57	ADDRESS 192.5.6.30
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
	87	www.example.com. IN A
	88	SECTION AUTHORITY
	89	example.com. IN NS ns.example.com.
	90	SECTION ADDITIONAL
	91	ns.example.com. IN A 1.2.3.4
	92	ENTRY_END
	93	ENTRY_BEGIN
	94	MATCH opcode qtype qname
	95	ADJUST copy_id
	96	REPLY QR NOERROR
	97	SECTION QUESTION
	98	www.example.net. IN A
	99	SECTION AUTHORITY
	100	example.net. IN NS ns.example.net.
	101	SECTION ADDITIONAL
	102	ns.example.net. IN A 1.2.3.5
	103	ENTRY_END
	104	RANGE_END
	105
	106	; ns.example.com.
	107	RANGE_BEGIN 0 100
	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
	122
	123	; response to DNSKEY priming query
	124	ENTRY_BEGIN
	125	MATCH opcode qtype qname
	126	ADJUST copy_id
	127	REPLY QR NOERROR
	128	SECTION QUESTION
	129	example.com. IN DNSKEY
	130	SECTION ANSWER
	131	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	132	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
	133	SECTION AUTHORITY
	134	example.com. IN NS ns.example.com.
	135	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	136	SECTION ADDITIONAL
	137	ns.example.com. IN A 1.2.3.4
	138	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	139	ENTRY_END
	140
	141	; response to query of interest
	142	ENTRY_BEGIN
	143	MATCH opcode qtype qname
	144	ADJUST copy_id
	145	REPLY QR NOERROR
	146	SECTION QUESTION
	147	www.example.com. IN A
	148	SECTION ANSWER
	149	www.example.com. IN CNAME www.example.net.
	150	www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
	151	SECTION AUTHORITY
	152	SECTION ADDITIONAL
	153	ENTRY_END
	154
	155	ENTRY_BEGIN
	156	MATCH opcode qtype qname
	157	ADJUST copy_id
	158	REPLY QR AA NOERROR
	159	SECTION QUESTION
	160	insecure.example.com. IN A
	161	SECTION ANSWER
	162	insecure.example.com. IN CNAME www.example.net.
	163	SECTION AUTHORITY
	164	SECTION ADDITIONAL
	165	ENTRY_END
	166	RANGE_END
	167
	168	; ns.example.net.
	169	RANGE_BEGIN 0 100
	170	ADDRESS 1.2.3.5
	171	ENTRY_BEGIN
	172	MATCH opcode qtype qname
	173	ADJUST copy_id
	174	REPLY QR NOERROR
	175	SECTION QUESTION
	176	example.net. IN NS
	177	SECTION ANSWER
	178	example.net. IN NS ns.example.net.
	179	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	180	SECTION ADDITIONAL
	181	ns.example.net. IN A 1.2.3.5
	182	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	183	ENTRY_END
	184
	185	; response to DNSKEY priming query
	186	ENTRY_BEGIN
	187	MATCH opcode qtype qname
	188	ADJUST copy_id
	189	REPLY QR NOERROR
	190	SECTION QUESTION
	191	example.net. IN DNSKEY
	192	SECTION ANSWER
	193	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	194	example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
	195	SECTION AUTHORITY
	196	example.net. IN NS ns.example.net.
	197	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	198	SECTION ADDITIONAL
	199	ns.example.net. IN A 1.2.3.5
	200	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	201	ENTRY_END
	202
	203	; response to query of interest
	204	ENTRY_BEGIN
	205	MATCH opcode qtype qname
	206	ADJUST copy_id
	207	REPLY QR NOERROR
	208	SECTION QUESTION
	209	www.example.net. IN A
	210	SECTION ANSWER
	211	www.example.net. IN A 11.12.13.14
	212	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
	213	SECTION AUTHORITY
	214	SECTION ADDITIONAL
	215	ENTRY_END
	216	RANGE_END
	217
	218	STEP 1 QUERY
	219	ENTRY_BEGIN
	220	REPLY RD DO
	221	SECTION QUESTION
	222	www.example.com. IN A
	223	ENTRY_END
	224
	225	; recursion happens here.
	226	STEP 10 CHECK_ANSWER
	227	ENTRY_BEGIN
	228	MATCH all
	229	REPLY QR RD RA NOERROR
	230	SECTION QUESTION
	231	www.example.com. IN A
	232	SECTION ANSWER
	233	www.example.com. IN CNAME www.example.net.
	234	www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
	235	www.example.net. IN A 11.12.13.14
	236	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
	237	SECTION AUTHORITY
	238	SECTION ADDITIONAL
	239	ENTRY_END
	240
	241
	242	; Get www.example.net validated in the cache.
	243	STEP 30 QUERY
	244	ENTRY_BEGIN
	245	REPLY RD DO
	246	SECTION QUESTION
	247	www.example.net. IN A
	248	ENTRY_END
	249
	250	; recursion happens here.
	251	STEP 40 CHECK_ANSWER
	252	ENTRY_BEGIN
	253	MATCH all
	254	REPLY QR RD RA AD NOERROR
	255	SECTION QUESTION
	256	www.example.net. IN A
	257	SECTION ANSWER
	258	www.example.net. IN A 11.12.13.14
	259	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
	260	SECTION AUTHORITY
	261	SECTION ADDITIONAL
	262	ENTRY_END
	263
	264
	265	; reference the cache object
	266	STEP 50 QUERY
	267	ENTRY_BEGIN
	268	REPLY RD DO
	269	SECTION QUESTION
	270	insecure.example.com. IN A
	271	ENTRY_END
	272
	273	STEP 60 CHECK_ANSWER
	274	ENTRY_BEGIN
	275	MATCH all
	276	REPLY QR RD RA NOERROR
	277	SECTION QUESTION
	278	insecure.example.com. IN A
	279	SECTION ANSWER
	280	insecure.example.com. IN CNAME www.example.net.
	281	www.example.net. IN A 11.12.13.14
	282	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
	283	SECTION AUTHORITY
	284	SECTION ADDITIONAL
	285	ENTRY_END
	286
	287
	288	SCENARIO_END

-1

testdata/val_cnamenx_dblnsec.rpl less more

156	156	STEP 10 CHECK_ANSWER
157	157	ENTRY_BEGIN
158	158	MATCH all
159		REPLY QR RD RA AD NOERROR
	159	REPLY QR RD RA AD NXDOMAIN
160	160	SECTION QUESTION
161	161	cname.example.com. IN A
162	162	SECTION ANSWER

-1

testdata/val_cnamenx_rcodenx.rpl less more

216	216	STEP 10 CHECK_ANSWER
217	217	ENTRY_BEGIN
218	218	MATCH all
219		REPLY QR RD RA AD NOERROR
	219	REPLY QR RD RA AD NXDOMAIN
220	220	SECTION QUESTION
221	221	www.example.com. IN A
222	222	SECTION ANSWER

+137

-0

testdata/val_cnametoinsecure.rpl less more

	0	; config options
	1	server:
	2	trust-anchor: "example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
	3	trust-anchor: "example.org. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
	4	val-override-date: "20091011000000"
	5
	6	forward-zone:
	7	name: "."
	8	forward-addr: 192.0.2.1
	9	CONFIG_END
	10
	11	SCENARIO_BEGIN Test validator with CNAME to insecure NSEC or NSEC3.
	12
	13	RANGE_BEGIN 0 100
	14	ADDRESS 192.0.2.1
	15
	16	ENTRY_BEGIN
	17	MATCH opcode qtype qname
	18	ADJUST copy_id
	19	REPLY QR NOERROR
	20	SECTION QUESTION
	21	example.com. IN DNSKEY
	22	SECTION ANSWER
	23	example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	24	example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.com. BeCk6+D0ysmO1+X0CjvXH55AO78C7Vxrq58C3YgO0wt2eTG/deZCiWI3bz+3OC64cICbJr5fvCfqUuJDABU/fw== ;{id = 30899}
	25	ENTRY_END
	26
	27	ENTRY_BEGIN
	28	MATCH opcode qtype qname
	29	ADJUST copy_id
	30	REPLY QR NOERROR
	31	SECTION QUESTION
	32	www.example.com. IN AAAA
	33	SECTION ANSWER
	34	www.example.com. 3600 IN CNAME unsafe.example.com.
	35	www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899}
	36	SECTION AUTHORITY
	37	; really an insecure delegation, but co-hosted on the server.
	38	unsafe.example.com. 3600 IN NSEC v.example.com. NS RRSIG NSEC
	39	unsafe.example.com. 3600 IN RRSIG NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899}
	40	ENTRY_END
	41
	42	ENTRY_BEGIN
	43	MATCH opcode qtype qname
	44	ADJUST copy_id
	45	REPLY QR NOERROR
	46	SECTION QUESTION
	47	unsafe.example.com. IN AAAA
	48	SECTION ANSWER
	49	; empty response
	50	ENTRY_END
	51
	52
	53	ENTRY_BEGIN
	54	MATCH opcode qtype qname
	55	ADJUST copy_id
	56	REPLY QR NOERROR
	57	SECTION QUESTION
	58	example.org. IN DNSKEY
	59	SECTION ANSWER
	60	example.org. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	61	example.org. 3600 IN RRSIG DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.org. rd9aoXbeaE0zyT96Z0sjN3Mz5Nz/wuRsIH1lwcjwUFmAAT7F+SjwVWeo8nGaTBd8JDSUdiL+VwotEE0I22RrnA== ;{id = 30899}
	62	ENTRY_END
	63
	64	ENTRY_BEGIN
	65	MATCH opcode qtype qname
	66	ADJUST copy_id
	67	REPLY QR NOERROR
	68	SECTION QUESTION
	69	www.example.org. IN AAAA
	70	SECTION ANSWER
	71	www.example.org. 3600 IN CNAME unsafe.example.org.
	72	www.example.org. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899}
	73	SECTION AUTHORITY
	74	; really an insecure delegation, but co-hosted on the server.
	75	; h(unsafe.example.org.) = ltchu0548v0cof8f25u2pj4mjf4shcms.
	76	ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS
	77	ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN RRSIG NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899}
	78	ENTRY_END
	79
	80	ENTRY_BEGIN
	81	MATCH opcode qtype qname
	82	ADJUST copy_id
	83	REPLY QR NOERROR
	84	SECTION QUESTION
	85	unsafe.example.org. IN AAAA
	86	SECTION ANSWER
	87	; empty response
	88	ENTRY_END
	89
	90	RANGE_END
	91
	92	; NSEC
	93	STEP 1 QUERY
	94	ENTRY_BEGIN
	95	REPLY RD DO
	96	SECTION QUESTION
	97	www.example.com. IN AAAA
	98	ENTRY_END
	99	; recursion happens here.
	100	STEP 10 CHECK_ANSWER
	101	ENTRY_BEGIN
	102	MATCH all
	103	REPLY QR RD RA NOERROR
	104	SECTION QUESTION
	105	www.example.com. IN AAAA
	106	SECTION ANSWER
	107	www.example.com. 3600 IN CNAME unsafe.example.com.
	108	www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899}
	109	SECTION AUTHORITY
	110	unsafe.example.com. 3600 IN NSEC v.example.com. NS RRSIG NSEC
	111	unsafe.example.com. 3600 IN RRSIG NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899}
	112	ENTRY_END
	113
	114	; NSEC3
	115	STEP 20 QUERY
	116	ENTRY_BEGIN
	117	REPLY RD DO
	118	SECTION QUESTION
	119	www.example.org. IN AAAA
	120	ENTRY_END
	121	; recursion happens here.
	122	STEP 30 CHECK_ANSWER
	123	ENTRY_BEGIN
	124	MATCH all
	125	REPLY QR RD RA NOERROR
	126	SECTION QUESTION
	127	www.example.org. IN AAAA
	128	SECTION ANSWER
	129	www.example.org. 3600 IN CNAME unsafe.example.org.
	130	www.example.org. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899}
	131	SECTION AUTHORITY
	132	ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS
	133	ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN RRSIG NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899}
	134	ENTRY_END
	135
	136	SCENARIO_END

+158

-0

testdata/val_cnametonsec.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with CNAME to insecure NSEC delegation
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response to query of interest
	106	ENTRY_BEGIN
	107	MATCH opcode qtype qname
	108	ADJUST copy_id
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	www.example.com. IN A
	112	SECTION ANSWER
	113	www.example.com. IN CNAME www.sub.example.com.
	114	www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
	115	SECTION AUTHORITY
	116	sub.example.com. IN NSEC zzz.example.com. NS
	117	sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134802 20070829134802 2854 example.com. AJPvjSrqGbe3ZBOxV9J3XyFeOqrcPfIYPIWnlmj6G+PebJdAkvwIu9o= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ENTRY_END
	120
	121	; this server also serves the zone sub.example.com.
	122	ENTRY_BEGIN
	123	MATCH opcode qtype qname
	124	ADJUST copy_id
	125	REPLY QR NOERROR
	126	SECTION QUESTION
	127	www.sub.example.com. IN A
	128	SECTION AUTHORITY
	129	sub.example.com. IN SOA a. b. 1 2 3 4 5
	130	ENTRY_END
	131
	132	RANGE_END
	133
	134	STEP 1 QUERY
	135	ENTRY_BEGIN
	136	REPLY RD DO
	137	SECTION QUESTION
	138	www.example.com. IN A
	139	ENTRY_END
	140
	141	; recursion happens here.
	142	STEP 10 CHECK_ANSWER
	143	ENTRY_BEGIN
	144	MATCH all
	145	REPLY QR RD RA NOERROR
	146	SECTION QUESTION
	147	www.example.com. IN A
	148	SECTION ANSWER
	149	www.example.com. IN CNAME www.sub.example.com.
	150	www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
	151	SECTION AUTHORITY
	152	sub.example.com. IN NSEC zzz.example.com. NS
	153	sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134802 20070829134802 2854 example.com. AJPvjSrqGbe3ZBOxV9J3XyFeOqrcPfIYPIWnlmj6G+PebJdAkvwIu9o= ;{id = 2854}
	154	sub.example.com. IN SOA a. b. 1 2 3 4 5
	155	ENTRY_END
	156
	157	SCENARIO_END

-1

testdata/val_cnametonx.rpl less more

216	216	STEP 10 CHECK_ANSWER
217	217	ENTRY_BEGIN
218	218	MATCH all
219		REPLY QR RD RA AD NOERROR
	219	REPLY QR RD RA AD NXDOMAIN
220	220	SECTION QUESTION
221	221	www.example.com. IN A
222	222	SECTION ANSWER

+162

-0

testdata/val_cnametooptin.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with CNAME to insecure optin NSEC3
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response to query of interest
	106	ENTRY_BEGIN
	107	MATCH opcode qtype qname
	108	ADJUST copy_id
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	www.example.com. IN A
	112	SECTION ANSWER
	113	www.example.com. IN CNAME www.sub.example.com.
	114	www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
	115	SECTION AUTHORITY
	116	; NSEC3PARAM 1 0 1 -
	117	; example.com. -> 9vq38lj9qs6s1aruer131mbtsfnvek2p.
	118	; sub.example.com. -> 7t1ect6t5vp0s7se8si9d07roqupr3gc.
	119	; www.example.com. -> 0lverorlcjoa2lji5rik0otij3lgoj3l.
	120	7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. IN NSEC3 1 0 1 - 7t1ect6t5vp0s7se8si9d07roqupr3gd NS
	121	7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134802 20070829134802 2854 example.com. AIiTSxI4hTDiDzo+bMaOKSvjIyoChgjY19y2NQG/Mtt80sNbDBY126I= ;{id = 2854}
	122	SECTION ADDITIONAL
	123	ENTRY_END
	124
	125	; this server also serves the zone sub.example.com.
	126	ENTRY_BEGIN
	127	MATCH opcode qtype qname
	128	ADJUST copy_id
	129	REPLY QR NOERROR
	130	SECTION QUESTION
	131	www.sub.example.com. IN A
	132	SECTION AUTHORITY
	133	sub.example.com. IN SOA a. b. 1 2 3 4 5
	134	ENTRY_END
	135
	136	RANGE_END
	137
	138	STEP 1 QUERY
	139	ENTRY_BEGIN
	140	REPLY RD DO
	141	SECTION QUESTION
	142	www.example.com. IN A
	143	ENTRY_END
	144
	145	; recursion happens here.
	146	STEP 10 CHECK_ANSWER
	147	ENTRY_BEGIN
	148	MATCH all
	149	REPLY QR RD RA NOERROR
	150	SECTION QUESTION
	151	www.example.com. IN A
	152	SECTION ANSWER
	153	www.example.com. IN CNAME www.sub.example.com.
	154	www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
	155	SECTION AUTHORITY
	156	7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. IN NSEC3 1 0 1 - 7t1ect6t5vp0s7se8si9d07roqupr3gd NS
	157	7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134802 20070829134802 2854 example.com. AIiTSxI4hTDiDzo+bMaOKSvjIyoChgjY19y2NQG/Mtt80sNbDBY126I= ;{id = 2854}
	158	sub.example.com. IN SOA a. b. 1 2 3 4 5
	159	ENTRY_END
	160
	161	SCENARIO_END

-1

testdata/val_cnamewctonx.rpl less more

218	218	STEP 10 CHECK_ANSWER
219	219	ENTRY_BEGIN
220	220	MATCH all
221		REPLY QR RD RA AD NOERROR
	221	REPLY QR RD RA AD NXDOMAIN
222	222	SECTION QUESTION
223	223	www.example.com. IN A
224	224	SECTION ANSWER

+206

-0

testdata/val_ds_gost.crpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with GOST DS digest
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.sub.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.sub.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response for delegation to sub.example.com.
	106	ENTRY_BEGIN
	107	MATCH opcode subdomain
	108	ADJUST copy_id copy_query
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	sub.example.com. IN A
	112	SECTION ANSWER
	113	SECTION AUTHORITY
	114	sub.example.com. IN NS ns.sub.example.com.
	115
	116	; GOST DS for sub.example.com.
	117	sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx
	118
	119	; SHA DS for sub.example.com.
	120	;sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax
	121	;sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex
	122
	123	sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADwjiGkzrz8RPRJ6LAB37cNEQxTXSaR6Stu/GwGvcQ7KVGH/Qw76ktI= ;{id = 2854}
	124
	125	SECTION ADDITIONAL
	126	ns.sub.example.com. IN A 1.2.3.6
	127	ENTRY_END
	128
	129	RANGE_END
	130
	131	; ns.sub.example.com.
	132	RANGE_BEGIN 0 100
	133	ADDRESS 1.2.3.6
	134	ENTRY_BEGIN
	135	MATCH opcode qtype qname
	136	ADJUST copy_id
	137	REPLY QR NOERROR
	138	SECTION QUESTION
	139	sub.example.com. IN NS
	140	SECTION ANSWER
	141	sub.example.com. IN NS ns.sub.example.com.
	142	sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. LAgerMKnwGgapo7tDs2jV8kjA+RminByvkR6qHineRDv4SYbRdDlCtYcFR4CoYo9aigLPej1WBmaZjFV+/7AVA== ;{id = 60385}
	143	SECTION ADDITIONAL
	144	ns.sub.example.com. IN A 1.2.3.6
	145	ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. qYVQEwiVNWwRRoDJxK3c3LaXtfvOm/YzOEzXbN2MxPHZXHaa2nCzWLsILNstot/wTAbrk4wNcT16gKxF5JguNw== ;{id = 60385}
	146	ENTRY_END
	147
	148	; response to DNSKEY priming query
	149	ENTRY_BEGIN
	150	MATCH opcode qtype qname
	151	ADJUST copy_id
	152	REPLY QR NOERROR
	153	SECTION QUESTION
	154	sub.example.com. IN DNSKEY
	155	SECTION ANSWER
	156	sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b}
	157	sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385}
	158	SECTION AUTHORITY
	159	sub.example.com. IN NS ns.sub.example.com.
	160	sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 3y6qmOn5GIytQQtXmdhkyL0+8Um7uNzOA0m0CkWFtzN81T98jHdGcCGNC3CIGMyhKaWKqPlOoSwIfm55fa4qRA== ;{id = 60385}
	161
	162	SECTION ADDITIONAL
	163	ns.sub.example.com. IN A 1.2.3.6
	164	ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. VS97UxG9Kn7DIYFCnBDJQ3n7sQ+aYF42/cU6s8jF1Y4nHSorKPFa0KHn0WVmaW33hA+Vs4BWTvJ1/JOpbiJskA== ;{id = 60385}
	165
	166	ENTRY_END
	167
	168	; response to query of interest
	169	ENTRY_BEGIN
	170	MATCH opcode qtype qname
	171	ADJUST copy_id
	172	REPLY QR NOERROR
	173	SECTION QUESTION
	174	www.sub.example.com. IN A
	175	SECTION ANSWER
	176	www.sub.example.com. IN A 11.11.11.11
	177	www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
	178
	179	SECTION AUTHORITY
	180	SECTION ADDITIONAL
	181	ENTRY_END
	182	RANGE_END
	183
	184	STEP 1 QUERY
	185	ENTRY_BEGIN
	186	REPLY RD DO
	187	SECTION QUESTION
	188	www.sub.example.com. IN A
	189	ENTRY_END
	190
	191	; recursion happens here.
	192	STEP 10 CHECK_ANSWER
	193	ENTRY_BEGIN
	194	MATCH all
	195	REPLY QR RD RA AD NOERROR
	196	SECTION QUESTION
	197	www.sub.example.com. IN A
	198	SECTION ANSWER
	199	www.sub.example.com. 3600 IN A 11.11.11.11
	200	www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
	201	SECTION AUTHORITY
	202	SECTION ADDITIONAL
	203	ENTRY_END
	204
	205	SCENARIO_END

-206

~~testdata/val_ds_gost.rpl~~ less more

0		; config options
1		; The island of trust is at example.com
2		server:
3		trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4		val-override-date: "20070916134226"
5		target-fetch-policy: "0 0 0 0 0"
6
7		stub-zone:
8		name: "."
9		stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
10		CONFIG_END
11
12		SCENARIO_BEGIN Test validator with GOST DS digest
13
14		; K.ROOT-SERVERS.NET.
15		RANGE_BEGIN 0 100
16		ADDRESS 193.0.14.129
17		ENTRY_BEGIN
18		MATCH opcode qtype qname
19		ADJUST copy_id
20		REPLY QR NOERROR
21		SECTION QUESTION
22		. IN NS
23		SECTION ANSWER
24		. IN NS K.ROOT-SERVERS.NET.
25		SECTION ADDITIONAL
26		K.ROOT-SERVERS.NET. IN A 193.0.14.129
27		ENTRY_END
28
29		ENTRY_BEGIN
30		MATCH opcode qtype qname
31		ADJUST copy_id
32		REPLY QR NOERROR
33		SECTION QUESTION
34		www.sub.example.com. IN A
35		SECTION AUTHORITY
36		com. IN NS a.gtld-servers.net.
37		SECTION ADDITIONAL
38		a.gtld-servers.net. IN A 192.5.6.30
39		ENTRY_END
40		RANGE_END
41
42		; a.gtld-servers.net.
43		RANGE_BEGIN 0 100
44		ADDRESS 192.5.6.30
45		ENTRY_BEGIN
46		MATCH opcode qtype qname
47		ADJUST copy_id
48		REPLY QR NOERROR
49		SECTION QUESTION
50		com. IN NS
51		SECTION ANSWER
52		com. IN NS a.gtld-servers.net.
53		SECTION ADDITIONAL
54		a.gtld-servers.net. IN A 192.5.6.30
55		ENTRY_END
56
57		ENTRY_BEGIN
58		MATCH opcode qtype qname
59		ADJUST copy_id
60		REPLY QR NOERROR
61		SECTION QUESTION
62		www.sub.example.com. IN A
63		SECTION AUTHORITY
64		example.com. IN NS ns.example.com.
65		SECTION ADDITIONAL
66		ns.example.com. IN A 1.2.3.4
67		ENTRY_END
68		RANGE_END
69
70		; ns.example.com.
71		RANGE_BEGIN 0 100
72		ADDRESS 1.2.3.4
73		ENTRY_BEGIN
74		MATCH opcode qtype qname
75		ADJUST copy_id
76		REPLY QR NOERROR
77		SECTION QUESTION
78		example.com. IN NS
79		SECTION ANSWER
80		example.com. IN NS ns.example.com.
81		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
82		SECTION ADDITIONAL
83		ns.example.com. IN A 1.2.3.4
84		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
85		ENTRY_END
86
87		; response to DNSKEY priming query
88		ENTRY_BEGIN
89		MATCH opcode qtype qname
90		ADJUST copy_id
91		REPLY QR NOERROR
92		SECTION QUESTION
93		example.com. IN DNSKEY
94		SECTION ANSWER
95		example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
96		example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
97		SECTION AUTHORITY
98		example.com. IN NS ns.example.com.
99		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
100		SECTION ADDITIONAL
101		ns.example.com. IN A 1.2.3.4
102		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
103		ENTRY_END
104
105		; response for delegation to sub.example.com.
106		ENTRY_BEGIN
107		MATCH opcode subdomain
108		ADJUST copy_id copy_query
109		REPLY QR NOERROR
110		SECTION QUESTION
111		sub.example.com. IN A
112		SECTION ANSWER
113		SECTION AUTHORITY
114		sub.example.com. IN NS ns.sub.example.com.
115
116		; GOST DS for sub.example.com.
117		sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx
118
119		; SHA DS for sub.example.com.
120		;sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax
121		;sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex
122
123		sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADwjiGkzrz8RPRJ6LAB37cNEQxTXSaR6Stu/GwGvcQ7KVGH/Qw76ktI= ;{id = 2854}
124
125		SECTION ADDITIONAL
126		ns.sub.example.com. IN A 1.2.3.6
127		ENTRY_END
128
129		RANGE_END
130
131		; ns.sub.example.com.
132		RANGE_BEGIN 0 100
133		ADDRESS 1.2.3.6
134		ENTRY_BEGIN
135		MATCH opcode qtype qname
136		ADJUST copy_id
137		REPLY QR NOERROR
138		SECTION QUESTION
139		sub.example.com. IN NS
140		SECTION ANSWER
141		sub.example.com. IN NS ns.sub.example.com.
142		sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. LAgerMKnwGgapo7tDs2jV8kjA+RminByvkR6qHineRDv4SYbRdDlCtYcFR4CoYo9aigLPej1WBmaZjFV+/7AVA== ;{id = 60385}
143		SECTION ADDITIONAL
144		ns.sub.example.com. IN A 1.2.3.6
145		ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. qYVQEwiVNWwRRoDJxK3c3LaXtfvOm/YzOEzXbN2MxPHZXHaa2nCzWLsILNstot/wTAbrk4wNcT16gKxF5JguNw== ;{id = 60385}
146		ENTRY_END
147
148		; response to DNSKEY priming query
149		ENTRY_BEGIN
150		MATCH opcode qtype qname
151		ADJUST copy_id
152		REPLY QR NOERROR
153		SECTION QUESTION
154		sub.example.com. IN DNSKEY
155		SECTION ANSWER
156		sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b}
157		sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385}
158		SECTION AUTHORITY
159		sub.example.com. IN NS ns.sub.example.com.
160		sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 3y6qmOn5GIytQQtXmdhkyL0+8Um7uNzOA0m0CkWFtzN81T98jHdGcCGNC3CIGMyhKaWKqPlOoSwIfm55fa4qRA== ;{id = 60385}
161
162		SECTION ADDITIONAL
163		ns.sub.example.com. IN A 1.2.3.6
164		ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. VS97UxG9Kn7DIYFCnBDJQ3n7sQ+aYF42/cU6s8jF1Y4nHSorKPFa0KHn0WVmaW33hA+Vs4BWTvJ1/JOpbiJskA== ;{id = 60385}
165
166		ENTRY_END
167
168		; response to query of interest
169		ENTRY_BEGIN
170		MATCH opcode qtype qname
171		ADJUST copy_id
172		REPLY QR NOERROR
173		SECTION QUESTION
174		www.sub.example.com. IN A
175		SECTION ANSWER
176		www.sub.example.com. IN A 11.11.11.11
177		www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
178
179		SECTION AUTHORITY
180		SECTION ADDITIONAL
181		ENTRY_END
182		RANGE_END
183
184		STEP 1 QUERY
185		ENTRY_BEGIN
186		REPLY RD DO
187		SECTION QUESTION
188		www.sub.example.com. IN A
189		ENTRY_END
190
191		; recursion happens here.
192		STEP 10 CHECK_ANSWER
193		ENTRY_BEGIN
194		MATCH all
195		REPLY QR RD RA AD NOERROR
196		SECTION QUESTION
197		www.sub.example.com. IN A
198		SECTION ANSWER
199		www.sub.example.com. 3600 IN A 11.11.11.11
200		www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
201		SECTION AUTHORITY
202		SECTION ADDITIONAL
203		ENTRY_END
204
205		SCENARIO_END

+244

-0

testdata/val_ds_gost_downgrade.crpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with GOST DS digest downgrade attack
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.sub.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode subdomain
	59	ADJUST copy_id copy_query
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR AA REFUSED
	77	SECTION QUESTION
	78	ns.example.com. IN AAAA
	79	ENTRY_END
	80
	81	ENTRY_BEGIN
	82	MATCH opcode qtype qname
	83	ADJUST copy_id
	84	REPLY QR NOERROR
	85	SECTION QUESTION
	86	example.com. IN NS
	87	SECTION ANSWER
	88	example.com. IN NS ns.example.com.
	89	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	90	SECTION ADDITIONAL
	91	ns.example.com. IN A 1.2.3.4
	92	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	93	ENTRY_END
	94
	95	; response to DNSKEY priming query
	96	ENTRY_BEGIN
	97	MATCH opcode qtype qname
	98	ADJUST copy_id
	99	REPLY QR NOERROR
	100	SECTION QUESTION
	101	example.com. IN DNSKEY
	102	SECTION ANSWER
	103	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	104	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
	105	SECTION AUTHORITY
	106	example.com. IN NS ns.example.com.
	107	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	108	SECTION ADDITIONAL
	109	ns.example.com. IN A 1.2.3.4
	110	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	111	ENTRY_END
	112
	113	; response for delegation to sub.example.com.
	114	ENTRY_BEGIN
	115	MATCH opcode subdomain
	116	ADJUST copy_id copy_query
	117	REPLY QR NOERROR
	118	SECTION QUESTION
	119	sub.example.com. IN A
	120	SECTION ANSWER
	121	SECTION AUTHORITY
	122	sub.example.com. IN NS ns.sub.example.com.
	123
	124	; downgrade: false GOST, correct SHA
	125
	126
	127	sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d028
	128
	129	; correct GOST DS for sub.example.com.
	130	; sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx
	131
	132	; SHA1 DS for sub.example.com.
	133	sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax
	134	; SHA256 DS for sub.example.com.
	135	sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex
	136
	137	; signs SHA1, SHA2 and GOST DSes
	138	sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADB1PPtGoPKRrhNtRtkqeqpgnZdbPOdJMgjdZVxPfgGCoMTu3JFQVbo= ;{id = 2854}
	139
	140	SECTION ADDITIONAL
	141	ns.sub.example.com. IN A 1.2.3.6
	142	ENTRY_END
	143
	144	RANGE_END
	145
	146	; ns.sub.example.com.
	147	RANGE_BEGIN 0 100
	148	ADDRESS 1.2.3.6
	149	ENTRY_BEGIN
	150	MATCH opcode qtype qname
	151	ADJUST copy_id
	152	REPLY QR NOERROR
	153	SECTION QUESTION
	154	sub.example.com. IN NS
	155	SECTION ANSWER
	156	sub.example.com. IN NS ns.sub.example.com.
	157	sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
	158
	159	SECTION ADDITIONAL
	160	ns.sub.example.com. IN A 1.2.3.6
	161	ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
	162	ENTRY_END
	163
	164	ENTRY_BEGIN
	165	MATCH opcode qtype qname
	166	ADJUST copy_id
	167	REPLY QR AA NOERROR
	168	SECTION QUESTION
	169	ns.sub.example.com. IN A
	170	SECTION ANSWER
	171	ns.sub.example.com. IN A 1.2.3.6
	172	ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
	173	SECTION AUTHORITY
	174	sub.example.com. IN NS ns.sub.example.com.
	175	sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
	176	ENTRY_END
	177
	178	; response to DNSKEY priming query
	179	ENTRY_BEGIN
	180	MATCH opcode qtype qname
	181	ADJUST copy_id
	182	REPLY QR NOERROR
	183	SECTION QUESTION
	184	sub.example.com. IN DNSKEY
	185	SECTION ANSWER
	186	sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b}
	187	sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385}
	188	SECTION AUTHORITY
	189	sub.example.com. IN NS ns.sub.example.com.
	190	sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
	191	SECTION ADDITIONAL
	192	ns.sub.example.com. IN A 1.2.3.6
	193	ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
	194	ENTRY_END
	195
	196	; response to query of interest
	197	ENTRY_BEGIN
	198	MATCH opcode qtype qname
	199	ADJUST copy_id
	200	REPLY QR NOERROR
	201	SECTION QUESTION
	202	www.sub.example.com. IN A
	203	SECTION ANSWER
	204	www.sub.example.com. IN A 11.11.11.11
	205	www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
	206
	207	SECTION AUTHORITY
	208	SECTION ADDITIONAL
	209	ENTRY_END
	210
	211	ENTRY_BEGIN
	212	MATCH opcode qtype qname
	213	ADJUST copy_id
	214	REPLY QR AA REFUSED
	215	SECTION QUESTION
	216	ns.sub.example.com. IN AAAA
	217	ENTRY_END
	218
	219	RANGE_END
	220
	221	STEP 1 QUERY
	222	ENTRY_BEGIN
	223	REPLY RD DO
	224	SECTION QUESTION
	225	www.sub.example.com. IN A
	226	ENTRY_END
	227
	228	; recursion happens here.
	229	; must servfail bogus
	230	STEP 10 CHECK_ANSWER
	231	ENTRY_BEGIN
	232	MATCH all
	233	REPLY QR RD RA SERVFAIL
	234	SECTION QUESTION
	235	www.sub.example.com. IN A
	236	SECTION ANSWER
	237	;www.sub.example.com. 3600 IN A 11.11.11.11
	238	;www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
	239	SECTION AUTHORITY
	240	SECTION ADDITIONAL
	241	ENTRY_END
	242
	243	SCENARIO_END

-244

~~testdata/val_ds_gost_downgrade.rpl~~ less more

0		; config options
1		; The island of trust is at example.com
2		server:
3		trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4		val-override-date: "20070916134226"
5		target-fetch-policy: "0 0 0 0 0"
6
7		stub-zone:
8		name: "."
9		stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
10		CONFIG_END
11
12		SCENARIO_BEGIN Test validator with GOST DS digest downgrade attack
13
14		; K.ROOT-SERVERS.NET.
15		RANGE_BEGIN 0 100
16		ADDRESS 193.0.14.129
17		ENTRY_BEGIN
18		MATCH opcode qtype qname
19		ADJUST copy_id
20		REPLY QR NOERROR
21		SECTION QUESTION
22		. IN NS
23		SECTION ANSWER
24		. IN NS K.ROOT-SERVERS.NET.
25		SECTION ADDITIONAL
26		K.ROOT-SERVERS.NET. IN A 193.0.14.129
27		ENTRY_END
28
29		ENTRY_BEGIN
30		MATCH opcode qtype qname
31		ADJUST copy_id
32		REPLY QR NOERROR
33		SECTION QUESTION
34		www.sub.example.com. IN A
35		SECTION AUTHORITY
36		com. IN NS a.gtld-servers.net.
37		SECTION ADDITIONAL
38		a.gtld-servers.net. IN A 192.5.6.30
39		ENTRY_END
40		RANGE_END
41
42		; a.gtld-servers.net.
43		RANGE_BEGIN 0 100
44		ADDRESS 192.5.6.30
45		ENTRY_BEGIN
46		MATCH opcode qtype qname
47		ADJUST copy_id
48		REPLY QR NOERROR
49		SECTION QUESTION
50		com. IN NS
51		SECTION ANSWER
52		com. IN NS a.gtld-servers.net.
53		SECTION ADDITIONAL
54		a.gtld-servers.net. IN A 192.5.6.30
55		ENTRY_END
56
57		ENTRY_BEGIN
58		MATCH opcode subdomain
59		ADJUST copy_id copy_query
60		REPLY QR NOERROR
61		SECTION QUESTION
62		example.com. IN A
63		SECTION AUTHORITY
64		example.com. IN NS ns.example.com.
65		SECTION ADDITIONAL
66		ns.example.com. IN A 1.2.3.4
67		ENTRY_END
68		RANGE_END
69
70		; ns.example.com.
71		RANGE_BEGIN 0 100
72		ADDRESS 1.2.3.4
73		ENTRY_BEGIN
74		MATCH opcode qtype qname
75		ADJUST copy_id
76		REPLY QR AA REFUSED
77		SECTION QUESTION
78		ns.example.com. IN AAAA
79		ENTRY_END
80
81		ENTRY_BEGIN
82		MATCH opcode qtype qname
83		ADJUST copy_id
84		REPLY QR NOERROR
85		SECTION QUESTION
86		example.com. IN NS
87		SECTION ANSWER
88		example.com. IN NS ns.example.com.
89		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
90		SECTION ADDITIONAL
91		ns.example.com. IN A 1.2.3.4
92		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
93		ENTRY_END
94
95		; response to DNSKEY priming query
96		ENTRY_BEGIN
97		MATCH opcode qtype qname
98		ADJUST copy_id
99		REPLY QR NOERROR
100		SECTION QUESTION
101		example.com. IN DNSKEY
102		SECTION ANSWER
103		example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
104		example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
105		SECTION AUTHORITY
106		example.com. IN NS ns.example.com.
107		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
108		SECTION ADDITIONAL
109		ns.example.com. IN A 1.2.3.4
110		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
111		ENTRY_END
112
113		; response for delegation to sub.example.com.
114		ENTRY_BEGIN
115		MATCH opcode subdomain
116		ADJUST copy_id copy_query
117		REPLY QR NOERROR
118		SECTION QUESTION
119		sub.example.com. IN A
120		SECTION ANSWER
121		SECTION AUTHORITY
122		sub.example.com. IN NS ns.sub.example.com.
123
124		; downgrade: false GOST, correct SHA
125
126
127		sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d028
128
129		; correct GOST DS for sub.example.com.
130		; sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx
131
132		; SHA1 DS for sub.example.com.
133		sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax
134		; SHA256 DS for sub.example.com.
135		sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex
136
137		; signs SHA1, SHA2 and GOST DSes
138		sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADB1PPtGoPKRrhNtRtkqeqpgnZdbPOdJMgjdZVxPfgGCoMTu3JFQVbo= ;{id = 2854}
139
140		SECTION ADDITIONAL
141		ns.sub.example.com. IN A 1.2.3.6
142		ENTRY_END
143
144		RANGE_END
145
146		; ns.sub.example.com.
147		RANGE_BEGIN 0 100
148		ADDRESS 1.2.3.6
149		ENTRY_BEGIN
150		MATCH opcode qtype qname
151		ADJUST copy_id
152		REPLY QR NOERROR
153		SECTION QUESTION
154		sub.example.com. IN NS
155		SECTION ANSWER
156		sub.example.com. IN NS ns.sub.example.com.
157		sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
158
159		SECTION ADDITIONAL
160		ns.sub.example.com. IN A 1.2.3.6
161		ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
162		ENTRY_END
163
164		ENTRY_BEGIN
165		MATCH opcode qtype qname
166		ADJUST copy_id
167		REPLY QR AA NOERROR
168		SECTION QUESTION
169		ns.sub.example.com. IN A
170		SECTION ANSWER
171		ns.sub.example.com. IN A 1.2.3.6
172		ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
173		SECTION AUTHORITY
174		sub.example.com. IN NS ns.sub.example.com.
175		sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
176		ENTRY_END
177
178		; response to DNSKEY priming query
179		ENTRY_BEGIN
180		MATCH opcode qtype qname
181		ADJUST copy_id
182		REPLY QR NOERROR
183		SECTION QUESTION
184		sub.example.com. IN DNSKEY
185		SECTION ANSWER
186		sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b}
187		sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385}
188		SECTION AUTHORITY
189		sub.example.com. IN NS ns.sub.example.com.
190		sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
191		SECTION ADDITIONAL
192		ns.sub.example.com. IN A 1.2.3.6
193		ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
194		ENTRY_END
195
196		; response to query of interest
197		ENTRY_BEGIN
198		MATCH opcode qtype qname
199		ADJUST copy_id
200		REPLY QR NOERROR
201		SECTION QUESTION
202		www.sub.example.com. IN A
203		SECTION ANSWER
204		www.sub.example.com. IN A 11.11.11.11
205		www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
206
207		SECTION AUTHORITY
208		SECTION ADDITIONAL
209		ENTRY_END
210
211		ENTRY_BEGIN
212		MATCH opcode qtype qname
213		ADJUST copy_id
214		REPLY QR AA REFUSED
215		SECTION QUESTION
216		ns.sub.example.com. IN AAAA
217		ENTRY_END
218
219		RANGE_END
220
221		STEP 1 QUERY
222		ENTRY_BEGIN
223		REPLY RD DO
224		SECTION QUESTION
225		www.sub.example.com. IN A
226		ENTRY_END
227
228		; recursion happens here.
229		; must servfail bogus
230		STEP 10 CHECK_ANSWER
231		ENTRY_BEGIN
232		MATCH all
233		REPLY QR RD RA SERVFAIL
234		SECTION QUESTION
235		www.sub.example.com. IN A
236		SECTION ANSWER
237		;www.sub.example.com. 3600 IN A 11.11.11.11
238		;www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
239		SECTION AUTHORITY
240		SECTION ADDITIONAL
241		ENTRY_END
242
243		SCENARIO_END

+201

-0

testdata/val_ds_sha2.crpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with SHA256 DS digest
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.sub.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.sub.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response for delegation to sub.example.com.
	106	ENTRY_BEGIN
	107	MATCH opcode subdomain
	108	ADJUST copy_id copy_query
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	sub.example.com. IN A
	112	SECTION ANSWER
	113	SECTION AUTHORITY
	114	sub.example.com. IN NS ns.sub.example.com.
	115
	116	; SHA256 DS for sub.example.com.
	117	sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
	118	sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AJ6FL7yKjrpEEO8WMKlG7TVZoGjgFblJeu0rkJCmJxfdeh6ysUlWQWs= ;{id = 2854}
	119
	120	; SHA1 DS for sub.example.com.
	121	;sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
	122	SECTION ADDITIONAL
	123	ns.sub.example.com. IN A 1.2.3.6
	124	ENTRY_END
	125
	126	RANGE_END
	127
	128	; ns.sub.example.com.
	129	RANGE_BEGIN 0 100
	130	ADDRESS 1.2.3.6
	131	ENTRY_BEGIN
	132	MATCH opcode qtype qname
	133	ADJUST copy_id
	134	REPLY QR NOERROR
	135	SECTION QUESTION
	136	sub.example.com. IN NS
	137	SECTION ANSWER
	138	sub.example.com. IN NS ns.sub.example.com.
	139	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	140	SECTION ADDITIONAL
	141	ns.sub.example.com. IN A 1.2.3.6
	142	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	143	ENTRY_END
	144
	145	; response to DNSKEY priming query
	146	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
	147	ENTRY_BEGIN
	148	MATCH opcode qtype qname
	149	ADJUST copy_id
	150	REPLY QR NOERROR
	151	SECTION QUESTION
	152	sub.example.com. IN DNSKEY
	153	SECTION ANSWER
	154	sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	155	sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
	156	SECTION AUTHORITY
	157	sub.example.com. IN NS ns.sub.example.com.
	158	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	159	SECTION ADDITIONAL
	160	ns.sub.example.com. IN A 1.2.3.6
	161	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	162	ENTRY_END
	163
	164	; response to query of interest
	165	ENTRY_BEGIN
	166	MATCH opcode qtype qname
	167	ADJUST copy_id
	168	REPLY QR NOERROR
	169	SECTION QUESTION
	170	www.sub.example.com. IN A
	171	SECTION ANSWER
	172	www.sub.example.com. IN A 11.11.11.11
	173	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
	174	SECTION AUTHORITY
	175	SECTION ADDITIONAL
	176	ENTRY_END
	177	RANGE_END
	178
	179	STEP 1 QUERY
	180	ENTRY_BEGIN
	181	REPLY RD DO
	182	SECTION QUESTION
	183	www.sub.example.com. IN A
	184	ENTRY_END
	185
	186	; recursion happens here.
	187	STEP 10 CHECK_ANSWER
	188	ENTRY_BEGIN
	189	MATCH all
	190	REPLY QR RD RA AD NOERROR
	191	SECTION QUESTION
	192	www.sub.example.com. IN A
	193	SECTION ANSWER
	194	www.sub.example.com. 3600 IN A 11.11.11.11
	195	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
	196	SECTION AUTHORITY
	197	SECTION ADDITIONAL
	198	ENTRY_END
	199
	200	SCENARIO_END

-201

~~testdata/val_ds_sha2.rpl~~ less more

0		; config options
1		; The island of trust is at example.com
2		server:
3		trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4		val-override-date: "20070916134226"
5		target-fetch-policy: "0 0 0 0 0"
6
7		stub-zone:
8		name: "."
9		stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
10		CONFIG_END
11
12		SCENARIO_BEGIN Test validator with SHA256 DS digest
13
14		; K.ROOT-SERVERS.NET.
15		RANGE_BEGIN 0 100
16		ADDRESS 193.0.14.129
17		ENTRY_BEGIN
18		MATCH opcode qtype qname
19		ADJUST copy_id
20		REPLY QR NOERROR
21		SECTION QUESTION
22		. IN NS
23		SECTION ANSWER
24		. IN NS K.ROOT-SERVERS.NET.
25		SECTION ADDITIONAL
26		K.ROOT-SERVERS.NET. IN A 193.0.14.129
27		ENTRY_END
28
29		ENTRY_BEGIN
30		MATCH opcode qtype qname
31		ADJUST copy_id
32		REPLY QR NOERROR
33		SECTION QUESTION
34		www.sub.example.com. IN A
35		SECTION AUTHORITY
36		com. IN NS a.gtld-servers.net.
37		SECTION ADDITIONAL
38		a.gtld-servers.net. IN A 192.5.6.30
39		ENTRY_END
40		RANGE_END
41
42		; a.gtld-servers.net.
43		RANGE_BEGIN 0 100
44		ADDRESS 192.5.6.30
45		ENTRY_BEGIN
46		MATCH opcode qtype qname
47		ADJUST copy_id
48		REPLY QR NOERROR
49		SECTION QUESTION
50		com. IN NS
51		SECTION ANSWER
52		com. IN NS a.gtld-servers.net.
53		SECTION ADDITIONAL
54		a.gtld-servers.net. IN A 192.5.6.30
55		ENTRY_END
56
57		ENTRY_BEGIN
58		MATCH opcode qtype qname
59		ADJUST copy_id
60		REPLY QR NOERROR
61		SECTION QUESTION
62		www.sub.example.com. IN A
63		SECTION AUTHORITY
64		example.com. IN NS ns.example.com.
65		SECTION ADDITIONAL
66		ns.example.com. IN A 1.2.3.4
67		ENTRY_END
68		RANGE_END
69
70		; ns.example.com.
71		RANGE_BEGIN 0 100
72		ADDRESS 1.2.3.4
73		ENTRY_BEGIN
74		MATCH opcode qtype qname
75		ADJUST copy_id
76		REPLY QR NOERROR
77		SECTION QUESTION
78		example.com. IN NS
79		SECTION ANSWER
80		example.com. IN NS ns.example.com.
81		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
82		SECTION ADDITIONAL
83		ns.example.com. IN A 1.2.3.4
84		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
85		ENTRY_END
86
87		; response to DNSKEY priming query
88		ENTRY_BEGIN
89		MATCH opcode qtype qname
90		ADJUST copy_id
91		REPLY QR NOERROR
92		SECTION QUESTION
93		example.com. IN DNSKEY
94		SECTION ANSWER
95		example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
96		example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
97		SECTION AUTHORITY
98		example.com. IN NS ns.example.com.
99		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
100		SECTION ADDITIONAL
101		ns.example.com. IN A 1.2.3.4
102		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
103		ENTRY_END
104
105		; response for delegation to sub.example.com.
106		ENTRY_BEGIN
107		MATCH opcode subdomain
108		ADJUST copy_id copy_query
109		REPLY QR NOERROR
110		SECTION QUESTION
111		sub.example.com. IN A
112		SECTION ANSWER
113		SECTION AUTHORITY
114		sub.example.com. IN NS ns.sub.example.com.
115
116		; SHA256 DS for sub.example.com.
117		sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
118		sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AJ6FL7yKjrpEEO8WMKlG7TVZoGjgFblJeu0rkJCmJxfdeh6ysUlWQWs= ;{id = 2854}
119
120		; SHA1 DS for sub.example.com.
121		;sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
122		SECTION ADDITIONAL
123		ns.sub.example.com. IN A 1.2.3.6
124		ENTRY_END
125
126		RANGE_END
127
128		; ns.sub.example.com.
129		RANGE_BEGIN 0 100
130		ADDRESS 1.2.3.6
131		ENTRY_BEGIN
132		MATCH opcode qtype qname
133		ADJUST copy_id
134		REPLY QR NOERROR
135		SECTION QUESTION
136		sub.example.com. IN NS
137		SECTION ANSWER
138		sub.example.com. IN NS ns.sub.example.com.
139		sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
140		SECTION ADDITIONAL
141		ns.sub.example.com. IN A 1.2.3.6
142		ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
143		ENTRY_END
144
145		; response to DNSKEY priming query
146		; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
147		ENTRY_BEGIN
148		MATCH opcode qtype qname
149		ADJUST copy_id
150		REPLY QR NOERROR
151		SECTION QUESTION
152		sub.example.com. IN DNSKEY
153		SECTION ANSWER
154		sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
155		sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
156		SECTION AUTHORITY
157		sub.example.com. IN NS ns.sub.example.com.
158		sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
159		SECTION ADDITIONAL
160		ns.sub.example.com. IN A 1.2.3.6
161		ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
162		ENTRY_END
163
164		; response to query of interest
165		ENTRY_BEGIN
166		MATCH opcode qtype qname
167		ADJUST copy_id
168		REPLY QR NOERROR
169		SECTION QUESTION
170		www.sub.example.com. IN A
171		SECTION ANSWER
172		www.sub.example.com. IN A 11.11.11.11
173		www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
174		SECTION AUTHORITY
175		SECTION ADDITIONAL
176		ENTRY_END
177		RANGE_END
178
179		STEP 1 QUERY
180		ENTRY_BEGIN
181		REPLY RD DO
182		SECTION QUESTION
183		www.sub.example.com. IN A
184		ENTRY_END
185
186		; recursion happens here.
187		STEP 10 CHECK_ANSWER
188		ENTRY_BEGIN
189		MATCH all
190		REPLY QR RD RA AD NOERROR
191		SECTION QUESTION
192		www.sub.example.com. IN A
193		SECTION ANSWER
194		www.sub.example.com. 3600 IN A 11.11.11.11
195		www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
196		SECTION AUTHORITY
197		SECTION ADDITIONAL
198		ENTRY_END
199
200		SCENARIO_END

+224

-0

testdata/val_ds_sha2_downgrade.crpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.sub.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.sub.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response for delegation to sub.example.com.
	106	ENTRY_BEGIN
	107	MATCH opcode subdomain
	108	ADJUST copy_id copy_query
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	sub.example.com. IN A
	112	SECTION ANSWER
	113	SECTION AUTHORITY
	114	sub.example.com. IN NS ns.sub.example.com.
	115
	116	; Downgrade attack: false SHA2, correct SHA1
	117
	118	; SHA256 DS for sub.example.com.
	119	;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
	120	; BAD SHA256 DS
	121	sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
	122
	123	; SHA1 DS for sub.example.com.
	124	sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
	125	sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
	126
	127	SECTION ADDITIONAL
	128	ns.sub.example.com. IN A 1.2.3.6
	129	ENTRY_END
	130
	131	RANGE_END
	132
	133	; ns.sub.example.com.
	134	RANGE_BEGIN 0 100
	135	ADDRESS 1.2.3.6
	136	ENTRY_BEGIN
	137	MATCH opcode qtype qname
	138	ADJUST copy_id
	139	REPLY QR NOERROR
	140	SECTION QUESTION
	141	sub.example.com. IN NS
	142	SECTION ANSWER
	143	sub.example.com. IN NS ns.sub.example.com.
	144	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	145	SECTION ADDITIONAL
	146	ns.sub.example.com. IN A 1.2.3.6
	147	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	148	ENTRY_END
	149
	150	; response to DNSKEY priming query
	151	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
	152	ENTRY_BEGIN
	153	MATCH opcode qtype qname
	154	ADJUST copy_id
	155	REPLY QR NOERROR
	156	SECTION QUESTION
	157	sub.example.com. IN DNSKEY
	158	SECTION ANSWER
	159	sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	160	sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
	161	SECTION AUTHORITY
	162	sub.example.com. IN NS ns.sub.example.com.
	163	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	164	SECTION ADDITIONAL
	165	ns.sub.example.com. IN A 1.2.3.6
	166	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	167	ENTRY_END
	168
	169	; response to query of interest
	170	ENTRY_BEGIN
	171	MATCH opcode qtype qname
	172	ADJUST copy_id
	173	REPLY QR NOERROR
	174	SECTION QUESTION
	175	www.sub.example.com. IN A
	176	SECTION ANSWER
	177	www.sub.example.com. IN A 11.11.11.11
	178	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
	179	SECTION AUTHORITY
	180	SECTION ADDITIONAL
	181	ENTRY_END
	182
	183	ENTRY_BEGIN
	184	MATCH opcode qtype qname
	185	ADJUST copy_id
	186	REPLY QR AA REFUSED
	187	SECTION QUESTION
	188	ns.sub.example.com. IN A
	189	ENTRY_END
	190
	191	ENTRY_BEGIN
	192	MATCH opcode qtype qname
	193	ADJUST copy_id
	194	REPLY QR AA REFUSED
	195	SECTION QUESTION
	196	ns.sub.example.com. IN AAAA
	197	ENTRY_END
	198
	199	RANGE_END
	200
	201	STEP 1 QUERY
	202	ENTRY_BEGIN
	203	REPLY RD DO
	204	SECTION QUESTION
	205	www.sub.example.com. IN A
	206	ENTRY_END
	207
	208	; recursion happens here.
	209	; must servfail, BOGUS
	210	STEP 10 CHECK_ANSWER
	211	ENTRY_BEGIN
	212	MATCH all
	213	REPLY QR RD RA SERVFAIL
	214	SECTION QUESTION
	215	www.sub.example.com. IN A
	216	SECTION ANSWER
	217	;www.sub.example.com. 3600 IN A 11.11.11.11
	218	;www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
	219	SECTION AUTHORITY
	220	SECTION ADDITIONAL
	221	ENTRY_END
	222
	223	SCENARIO_END

-224

~~testdata/val_ds_sha2_downgrade.rpl~~ less more

0		; config options
1		; The island of trust is at example.com
2		server:
3		trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4		val-override-date: "20070916134226"
5		target-fetch-policy: "0 0 0 0 0"
6
7		stub-zone:
8		name: "."
9		stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
10		CONFIG_END
11
12		SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1
13
14		; K.ROOT-SERVERS.NET.
15		RANGE_BEGIN 0 100
16		ADDRESS 193.0.14.129
17		ENTRY_BEGIN
18		MATCH opcode qtype qname
19		ADJUST copy_id
20		REPLY QR NOERROR
21		SECTION QUESTION
22		. IN NS
23		SECTION ANSWER
24		. IN NS K.ROOT-SERVERS.NET.
25		SECTION ADDITIONAL
26		K.ROOT-SERVERS.NET. IN A 193.0.14.129
27		ENTRY_END
28
29		ENTRY_BEGIN
30		MATCH opcode qtype qname
31		ADJUST copy_id
32		REPLY QR NOERROR
33		SECTION QUESTION
34		www.sub.example.com. IN A
35		SECTION AUTHORITY
36		com. IN NS a.gtld-servers.net.
37		SECTION ADDITIONAL
38		a.gtld-servers.net. IN A 192.5.6.30
39		ENTRY_END
40		RANGE_END
41
42		; a.gtld-servers.net.
43		RANGE_BEGIN 0 100
44		ADDRESS 192.5.6.30
45		ENTRY_BEGIN
46		MATCH opcode qtype qname
47		ADJUST copy_id
48		REPLY QR NOERROR
49		SECTION QUESTION
50		com. IN NS
51		SECTION ANSWER
52		com. IN NS a.gtld-servers.net.
53		SECTION ADDITIONAL
54		a.gtld-servers.net. IN A 192.5.6.30
55		ENTRY_END
56
57		ENTRY_BEGIN
58		MATCH opcode qtype qname
59		ADJUST copy_id
60		REPLY QR NOERROR
61		SECTION QUESTION
62		www.sub.example.com. IN A
63		SECTION AUTHORITY
64		example.com. IN NS ns.example.com.
65		SECTION ADDITIONAL
66		ns.example.com. IN A 1.2.3.4
67		ENTRY_END
68		RANGE_END
69
70		; ns.example.com.
71		RANGE_BEGIN 0 100
72		ADDRESS 1.2.3.4
73		ENTRY_BEGIN
74		MATCH opcode qtype qname
75		ADJUST copy_id
76		REPLY QR NOERROR
77		SECTION QUESTION
78		example.com. IN NS
79		SECTION ANSWER
80		example.com. IN NS ns.example.com.
81		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
82		SECTION ADDITIONAL
83		ns.example.com. IN A 1.2.3.4
84		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
85		ENTRY_END
86
87		; response to DNSKEY priming query
88		ENTRY_BEGIN
89		MATCH opcode qtype qname
90		ADJUST copy_id
91		REPLY QR NOERROR
92		SECTION QUESTION
93		example.com. IN DNSKEY
94		SECTION ANSWER
95		example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
96		example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
97		SECTION AUTHORITY
98		example.com. IN NS ns.example.com.
99		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
100		SECTION ADDITIONAL
101		ns.example.com. IN A 1.2.3.4
102		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
103		ENTRY_END
104
105		; response for delegation to sub.example.com.
106		ENTRY_BEGIN
107		MATCH opcode subdomain
108		ADJUST copy_id copy_query
109		REPLY QR NOERROR
110		SECTION QUESTION
111		sub.example.com. IN A
112		SECTION ANSWER
113		SECTION AUTHORITY
114		sub.example.com. IN NS ns.sub.example.com.
115
116		; Downgrade attack: false SHA2, correct SHA1
117
118		; SHA256 DS for sub.example.com.
119		;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
120		; BAD SHA256 DS
121		sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
122
123		; SHA1 DS for sub.example.com.
124		sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
125		sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
126
127		SECTION ADDITIONAL
128		ns.sub.example.com. IN A 1.2.3.6
129		ENTRY_END
130
131		RANGE_END
132
133		; ns.sub.example.com.
134		RANGE_BEGIN 0 100
135		ADDRESS 1.2.3.6
136		ENTRY_BEGIN
137		MATCH opcode qtype qname
138		ADJUST copy_id
139		REPLY QR NOERROR
140		SECTION QUESTION
141		sub.example.com. IN NS
142		SECTION ANSWER
143		sub.example.com. IN NS ns.sub.example.com.
144		sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
145		SECTION ADDITIONAL
146		ns.sub.example.com. IN A 1.2.3.6
147		ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
148		ENTRY_END
149
150		; response to DNSKEY priming query
151		; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
152		ENTRY_BEGIN
153		MATCH opcode qtype qname
154		ADJUST copy_id
155		REPLY QR NOERROR
156		SECTION QUESTION
157		sub.example.com. IN DNSKEY
158		SECTION ANSWER
159		sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
160		sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
161		SECTION AUTHORITY
162		sub.example.com. IN NS ns.sub.example.com.
163		sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
164		SECTION ADDITIONAL
165		ns.sub.example.com. IN A 1.2.3.6
166		ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
167		ENTRY_END
168
169		; response to query of interest
170		ENTRY_BEGIN
171		MATCH opcode qtype qname
172		ADJUST copy_id
173		REPLY QR NOERROR
174		SECTION QUESTION
175		www.sub.example.com. IN A
176		SECTION ANSWER
177		www.sub.example.com. IN A 11.11.11.11
178		www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
179		SECTION AUTHORITY
180		SECTION ADDITIONAL
181		ENTRY_END
182
183		ENTRY_BEGIN
184		MATCH opcode qtype qname
185		ADJUST copy_id
186		REPLY QR AA REFUSED
187		SECTION QUESTION
188		ns.sub.example.com. IN A
189		ENTRY_END
190
191		ENTRY_BEGIN
192		MATCH opcode qtype qname
193		ADJUST copy_id
194		REPLY QR AA REFUSED
195		SECTION QUESTION
196		ns.sub.example.com. IN AAAA
197		ENTRY_END
198
199		RANGE_END
200
201		STEP 1 QUERY
202		ENTRY_BEGIN
203		REPLY RD DO
204		SECTION QUESTION
205		www.sub.example.com. IN A
206		ENTRY_END
207
208		; recursion happens here.
209		; must servfail, BOGUS
210		STEP 10 CHECK_ANSWER
211		ENTRY_BEGIN
212		MATCH all
213		REPLY QR RD RA SERVFAIL
214		SECTION QUESTION
215		www.sub.example.com. IN A
216		SECTION ANSWER
217		;www.sub.example.com. 3600 IN A 11.11.11.11
218		;www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
219		SECTION AUTHORITY
220		SECTION ADDITIONAL
221		ENTRY_END
222
223		SCENARIO_END

-2

testdata/val_nodata_zonecut.rpl less more

130	130	; SOA record is missing in reply.
131	131	; Denies A, note this is the end of the NSEC chain.
132	132	; from wrong side of zone-cut
133		www.example.com. IN NSEC example.com. NS RRSIG NSEC
134		www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFCQcnUp3juEjo72FpC82jFwZ2DStAhQpwpdMvEycW2elKfxpDdIHlT5ERg== ;{id = 2854}
	133	www.example.com. 3600 IN NSEC example.com. NS DS RRSIG NSEC
	134	www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AA+3mzAYPyQ8G9EKxeyNM+UZY+RtCiS5BOkS8h4wSxMT3lfVdadGpn8= ;{id = 2854}
135	135	SECTION ADDITIONAL
136	136	ENTRY_END
137	137	RANGE_END

-1

testdata/val_nsec3_cname_sub.rpl less more

200	200	STEP 10 CHECK_ANSWER
201	201	ENTRY_BEGIN
202	202	MATCH all
203		REPLY QR RD RA AD NOERROR
	203	REPLY QR RD RA AD NXDOMAIN
204	204	SECTION QUESTION
205	205	www.example.com. IN A
206	206	SECTION ANSWER

+207

-0

testdata/val_nsec3_optout_ad.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. DS 57024 7 1 46d134be319b2cc910b9938f1cb25dc41abb27bf"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with optout NSEC3 response that gets no AD.
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode subdomain
	31	ADJUST copy_id copy_query
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode subdomain
	59	ADJUST copy_id copy_query
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 7 2 3600 20070926134150 20070829134150 57024 example.com. fIE3H2v3wAm3GPajsdgJn+A8R4Cp7dMXf1PSUQ8BfklzMBMJjpc0oM/S7u/HVLYQs1jx8CMdw2TZEpIPfo6Rl0TekDqNtVk6IBw1H+zxDFwf3v7UdOjm8s6FfoEJcZ5yEFV/Lps82NzHCR9uqprhv6ddQdAeVNA5QHis1c5Y1P0= ;{id = 57024}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 7 3 3600 20070926134150 20070829134150 57024 example.com. b0iX5vuTqngB5F0ORFrFLx8sAeTHGJVcPpD34iNFY71ZoFnHrHfAMWC3RAWz+nQ1NmH1oDdA8NTYN/aQQNzwEz4VmVYA2PANBSiwSY3q3gp9PWZU6CfRNf2dU/210H0y35FroQpADszmwC+Hlbcvll+bQj3fSyT2W/69kRVssj4= ;{id = 57024}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}
	96	example.com. 3600 IN RRSIG DNSKEY 7 2 3600 20070926134150 20070829134150 57024 example.com. lqOo8W7UffLZIKBoIJg8OAPkmCWptnstiLIg1bAtzuEZDZFr2KNZGv+5k6hbRJKYnZRLReY4v8G9Eg0GCC/44gLm8BZlnh/4jLOjMH9MKusFV/jNqz/HABITYn1pBwvVak7lzqN+bmL0KMyWf1MzPWilx4fM9YWinsQFILVLPL0= ;{id = 57024}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 7 2 3600 20070926134150 20070829134150 57024 example.com. fIE3H2v3wAm3GPajsdgJn+A8R4Cp7dMXf1PSUQ8BfklzMBMJjpc0oM/S7u/HVLYQs1jx8CMdw2TZEpIPfo6Rl0TekDqNtVk6IBw1H+zxDFwf3v7UdOjm8s6FfoEJcZ5yEFV/Lps82NzHCR9uqprhv6ddQdAeVNA5QHis1c5Y1P0= ;{id = 57024}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 7 3 3600 20070926134150 20070829134150 57024 example.com. b0iX5vuTqngB5F0ORFrFLx8sAeTHGJVcPpD34iNFY71ZoFnHrHfAMWC3RAWz+nQ1NmH1oDdA8NTYN/aQQNzwEz4VmVYA2PANBSiwSY3q3gp9PWZU6CfRNf2dU/210H0y35FroQpADszmwC+Hlbcvll+bQj3fSyT2W/69kRVssj4= ;{id = 57024}
	103	ENTRY_END
	104
	105	; response to query of interest
	106	ENTRY_BEGIN
	107	MATCH opcode qtype qname
	108	ADJUST copy_id
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	sub.example.com. IN DS
	112	SECTION ANSWER
	113	SECTION AUTHORITY
	114	example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
	115	example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
	116
	117	; optout
	118	; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk.
	119	; sub.example.com. -> kg19n32806c832kijdnglq8p9m2r5mdj.
	120	; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub.
	121	onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
	122	jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
	123
	124	onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
	125	jg19n32806c832kijdnglq8p9m2r5mdj.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
	126	SECTION ADDITIONAL
	127	ENTRY_END
	128
	129	ENTRY_BEGIN
	130	MATCH opcode qtype qname
	131	ADJUST copy_id
	132	REPLY QR NOERROR
	133	SECTION QUESTION
	134	sub.example.com. IN MX
	135	SECTION ANSWER
	136	SECTION AUTHORITY
	137	example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
	138	example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
	139
	140	; optout
	141	; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk.
	142	; sub.example.com. -> kg19n32806c832kijdnglq8p9m2r5mdj.
	143	; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub.
	144	onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
	145	jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
	146
	147	onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
	148	jg19n32806c832kijdnglq8p9m2r5mdj.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
	149	SECTION ADDITIONAL
	150	ENTRY_END
	151	RANGE_END
	152
	153	STEP 1 QUERY
	154	ENTRY_BEGIN
	155	REPLY RD DO
	156	SECTION QUESTION
	157	sub.example.com. IN MX
	158	ENTRY_END
	159
	160	; recursion happens here.
	161	; no AD flag on this because an optout NSEC3 is used.
	162	STEP 10 CHECK_ANSWER
	163	ENTRY_BEGIN
	164	MATCH all
	165	REPLY QR RD RA NOERROR
	166	SECTION QUESTION
	167	sub.example.com. IN MX
	168	SECTION ANSWER
	169	SECTION AUTHORITY
	170	example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
	171	example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
	172	onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
	173	onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
	174	jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
	175	jg19n32806c832kijdnglq8p9m2r5mdj.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
	176	SECTION ADDITIONAL
	177	ENTRY_END
	178
	179	STEP 20 QUERY
	180	ENTRY_BEGIN
	181	REPLY RD DO
	182	SECTION QUESTION
	183	sub.example.com. IN DS
	184	ENTRY_END
	185
	186	; recursion happens here.
	187	; no AD flag here because of RFC5155 9.2 section.
	188	; even though we are sure there is no DS, this is what the RFC says.
	189	STEP 30 CHECK_ANSWER
	190	ENTRY_BEGIN
	191	MATCH all
	192	REPLY QR RD RA NOERROR
	193	SECTION QUESTION
	194	sub.example.com. IN DS
	195	SECTION ANSWER
	196	SECTION AUTHORITY
	197	example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
	198	example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
	199	onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
	200	onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
	201	jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
	202	jg19n32806c832kijdnglq8p9m2r5mdj.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
	203	SECTION ADDITIONAL
	204	ENTRY_END
	205
	206	SCENARIO_END

+83

-0

testdata/val_stub_noroot.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3	trust-anchor: "lp0.eu. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
	4	val-override-date: "20100913111500"
	5	; the dlv anchor is completely ignored, but here to test that.
	6	dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 81.187.81.187
	11	stub-zone:
	12	name: "lp0.eu"
	13	stub-addr: 81.2.80.65
	14	stub-prime: no
	15	CONFIG_END
	16
	17	SCENARIO_BEGIN Test validation of stub zone without root prime.
	18
	19	; this server does not respond. (for the root)
	20	RANGE_BEGIN 0 100
	21	ADDRESS 81.187.81.187
	22	ENTRY_BEGIN
	23	MATCH
	24	ADJUST copy_id copy_query
	25	REPLY QR SERVFAIL
	26	SECTION QUESTION
	27	. IN NS
	28	ENTRY_END
	29	RANGE_END
	30
	31	; lp0.eu server
	32	RANGE_BEGIN 0 100
	33	ADDRESS 81.2.80.65
	34	ENTRY_BEGIN
	35	MATCH opcode qtype qname
	36	ADJUST copy_id
	37	REPLY QR NOERROR
	38	SECTION QUESTION
	39	lp0.eu. IN DNSKEY
	40	SECTION ANSWER
	41	lp0.eu. 3600 IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30900 (ksk), size = 512b}
	42	lp0.eu. 3600 IN RRSIG DNSKEY 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. zWYOT1zmB2k7hMl7mke7k1UNp4lDveUxi2EnF0tW++j2/qJopiAAcFHBo2GOo88jHcLWycurf0Qo+YGXfFbpEg== ;{id = 30900}
	43	ENTRY_END
	44
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	proxima.lp0.eu. IN A
	51	SECTION ANSWER
	52	proxima.lp0.eu. IN A 81.2.80.65
	53	proxima.lp0.eu. 3600 IN RRSIG A 5 3 3600 20101013111500 20100909111500 30900 lp0.eu. xwS3PLSlxh500pDYh/t6fnLzxQAra6n3nhzk4fVqLzwmneBIfcx4F/vO44wRzXSprz1UbMkVUcruTbQYlLFBEg== ;{id = 30900}
	54	SECTION AUTHORITY
	55	lp0.eu. IN NS proxima.lp0.eu.
	56	lp0.eu. 3600 IN RRSIG NS 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. KM7Zfwc1b0Ay8Ezer0ZAERPbmgGzKIrTfZMxzXzSkVx5DWirTtdgPTNVG/y9fkN4tUARNhElN2eb0ufb04Hdgw== ;{id = 30900}
	57	ENTRY_END
	58	RANGE_END
	59
	60	STEP 1 QUERY
	61	ENTRY_BEGIN
	62	REPLY RD DO
	63	SECTION QUESTION
	64	proxima.lp0.eu. IN A
	65	ENTRY_END
	66
	67	; recursion happens here.
	68	STEP 10 CHECK_ANSWER
	69	ENTRY_BEGIN
	70	MATCH all
	71	REPLY QR RD RA AD NOERROR
	72	SECTION QUESTION
	73	proxima.lp0.eu. IN A
	74	SECTION ANSWER
	75	proxima.lp0.eu. IN A 81.2.80.65
	76	proxima.lp0.eu. 3600 IN RRSIG A 5 3 3600 20101013111500 20100909111500 30900 lp0.eu. xwS3PLSlxh500pDYh/t6fnLzxQAra6n3nhzk4fVqLzwmneBIfcx4F/vO44wRzXSprz1UbMkVUcruTbQYlLFBEg== ;{id = 30900}
	77	SECTION AUTHORITY
	78	lp0.eu. IN NS proxima.lp0.eu.
	79	lp0.eu. 3600 IN RRSIG NS 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. KM7Zfwc1b0Ay8Ezer0ZAERPbmgGzKIrTfZMxzXzSkVx5DWirTtdgPTNVG/y9fkN4tUARNhElN2eb0ufb04Hdgw== ;{id = 30900}
	80	ENTRY_END
	81
	82	SCENARIO_END

+181

-0

testdata/val_ta_algo_dnskey.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
	4	trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test validator with multiple algorithm trust anchor
	14
	15	; K.ROOT-SERVERS.NET.
	16	RANGE_BEGIN 0 100
	17	ADDRESS 193.0.14.129
	18	ENTRY_BEGIN
	19	MATCH opcode qtype qname
	20	ADJUST copy_id
	21	REPLY QR NOERROR
	22	SECTION QUESTION
	23	. IN NS
	24	SECTION ANSWER
	25	. IN NS K.ROOT-SERVERS.NET.
	26	SECTION ADDITIONAL
	27	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	28	ENTRY_END
	29
	30	ENTRY_BEGIN
	31	MATCH opcode qtype qname
	32	ADJUST copy_id
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	www.example.com. IN A
	36	SECTION AUTHORITY
	37	com. IN NS a.gtld-servers.net.
	38	SECTION ADDITIONAL
	39	a.gtld-servers.net. IN A 192.5.6.30
	40	ENTRY_END
	41	RANGE_END
	42
	43	; a.gtld-servers.net.
	44	RANGE_BEGIN 0 100
	45	ADDRESS 192.5.6.30
	46	ENTRY_BEGIN
	47	MATCH opcode qtype qname
	48	ADJUST copy_id
	49	REPLY QR NOERROR
	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
	63	www.example.com. IN A
	64	SECTION AUTHORITY
	65	example.com. IN NS ns.example.com.
	66	SECTION ADDITIONAL
	67	ns.example.com. IN A 1.2.3.4
	68	ENTRY_END
	69	RANGE_END
	70
	71	; ns.example.com.
	72	RANGE_BEGIN 0 100
	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	84	SECTION ADDITIONAL
	85	ns.example.com. IN A 1.2.3.4
	86	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	87	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	88	ENTRY_END
	89
	90	ENTRY_BEGIN
	91	MATCH opcode qtype qname
	92	ADJUST copy_id
	93	REPLY QR AA NOERROR
	94	SECTION QUESTION
	95	ns.example.com. IN AAAA
	96	SECTION ANSWER
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	101	SECTION ADDITIONAL
	102	ns.example.com. IN A 1.2.3.4
	103	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	104	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	105	ENTRY_END
	106
	107
	108	; response to DNSKEY priming query
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN DNSKEY
	115	SECTION ANSWER
	116	example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	117	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
	118	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
	119	example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
	120	SECTION AUTHORITY
	121	example.com. IN NS ns.example.com.
	122	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	123	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	124	SECTION ADDITIONAL
	125	ns.example.com. IN A 1.2.3.4
	126	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	127	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	128	ENTRY_END
	129
	130	; response to query of interest
	131	ENTRY_BEGIN
	132	MATCH opcode qtype qname
	133	ADJUST copy_id
	134	REPLY QR NOERROR
	135	SECTION QUESTION
	136	www.example.com. IN A
	137	SECTION ANSWER
	138	www.example.com. IN A 10.20.30.40
	139	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
	140	www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
	141	SECTION AUTHORITY
	142	example.com. IN NS ns.example.com.
	143	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	144	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	145	SECTION ADDITIONAL
	146	ns.example.com. IN A 1.2.3.4
	147	www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
	148	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	149	ENTRY_END
	150	RANGE_END
	151
	152	STEP 1 QUERY
	153	ENTRY_BEGIN
	154	REPLY RD DO
	155	SECTION QUESTION
	156	www.example.com. IN A
	157	ENTRY_END
	158
	159	; recursion happens here.
	160	STEP 10 CHECK_ANSWER
	161	ENTRY_BEGIN
	162	MATCH all
	163	REPLY QR RD RA AD NOERROR
	164	SECTION QUESTION
	165	www.example.com. IN A
	166	SECTION ANSWER
	167	www.example.com. IN A 10.20.30.40
	168	www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
	169	www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
	170	SECTION AUTHORITY
	171	example.com. IN NS ns.example.com.
	172	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	173	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	174	SECTION ADDITIONAL
	175	ns.example.com. IN A 1.2.3.4
	176	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
	177	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	178	ENTRY_END
	179
	180	SCENARIO_END

+171

-0

testdata/val_ta_algo_missing.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
	4	trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
	5	trust-anchor: "example.com. 3600 IN DS 30899 7 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
	6	val-override-date: "20070916134226"
	7	target-fetch-policy: "0 0 0 0 0"
	8
	9	stub-zone:
	10	name: "."
	11	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	12	CONFIG_END
	13
	14	SCENARIO_BEGIN Test validator with multiple algorithm missing one
	15
	16	; K.ROOT-SERVERS.NET.
	17	RANGE_BEGIN 0 100
	18	ADDRESS 193.0.14.129
	19	ENTRY_BEGIN
	20	MATCH opcode qtype qname
	21	ADJUST copy_id
	22	REPLY QR NOERROR
	23	SECTION QUESTION
	24	. IN NS
	25	SECTION ANSWER
	26	. IN NS K.ROOT-SERVERS.NET.
	27	SECTION ADDITIONAL
	28	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	29	ENTRY_END
	30
	31	ENTRY_BEGIN
	32	MATCH opcode qtype qname
	33	ADJUST copy_id
	34	REPLY QR NOERROR
	35	SECTION QUESTION
	36	www.example.com. IN A
	37	SECTION AUTHORITY
	38	com. IN NS a.gtld-servers.net.
	39	SECTION ADDITIONAL
	40	a.gtld-servers.net. IN A 192.5.6.30
	41	ENTRY_END
	42	RANGE_END
	43
	44	; a.gtld-servers.net.
	45	RANGE_BEGIN 0 100
	46	ADDRESS 192.5.6.30
	47	ENTRY_BEGIN
	48	MATCH opcode qtype qname
	49	ADJUST copy_id
	50	REPLY QR NOERROR
	51	SECTION QUESTION
	52	com. IN NS
	53	SECTION ANSWER
	54	com. IN NS a.gtld-servers.net.
	55	SECTION ADDITIONAL
	56	a.gtld-servers.net. IN A 192.5.6.30
	57	ENTRY_END
	58
	59	ENTRY_BEGIN
	60	MATCH opcode qtype qname
	61	ADJUST copy_id
	62	REPLY QR NOERROR
	63	SECTION QUESTION
	64	www.example.com. IN A
	65	SECTION AUTHORITY
	66	example.com. IN NS ns.example.com.
	67	SECTION ADDITIONAL
	68	ns.example.com. IN A 1.2.3.4
	69	ENTRY_END
	70	RANGE_END
	71
	72	; ns.example.com.
	73	RANGE_BEGIN 0 100
	74	ADDRESS 1.2.3.4
	75	ENTRY_BEGIN
	76	MATCH opcode qtype qname
	77	ADJUST copy_id
	78	REPLY QR NOERROR
	79	SECTION QUESTION
	80	example.com. IN NS
	81	SECTION ANSWER
	82	example.com. IN NS ns.example.com.
	83	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	84	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	85	SECTION ADDITIONAL
	86	ns.example.com. IN A 1.2.3.4
	87	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	88	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	89	ENTRY_END
	90
	91	ENTRY_BEGIN
	92	MATCH opcode qtype qname
	93	ADJUST copy_id
	94	REPLY QR AA NOERROR
	95	SECTION QUESTION
	96	ns.example.com. IN AAAA
	97	SECTION ANSWER
	98	SECTION AUTHORITY
	99	example.com. IN NS ns.example.com.
	100	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	101	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	102	SECTION ADDITIONAL
	103	ns.example.com. IN A 1.2.3.4
	104	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	105	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	106	ENTRY_END
	107
	108
	109	; response to DNSKEY priming query
	110	ENTRY_BEGIN
	111	MATCH opcode qtype qname
	112	ADJUST copy_id
	113	REPLY QR NOERROR
	114	SECTION QUESTION
	115	example.com. IN DNSKEY
	116	SECTION ANSWER
	117	example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	118	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
	119	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
	120	example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
	121	SECTION AUTHORITY
	122	example.com. IN NS ns.example.com.
	123	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	124	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	125	SECTION ADDITIONAL
	126	ns.example.com. IN A 1.2.3.4
	127	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	128	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	129	ENTRY_END
	130
	131	; response to query of interest
	132	ENTRY_BEGIN
	133	MATCH opcode qtype qname
	134	ADJUST copy_id
	135	REPLY QR NOERROR
	136	SECTION QUESTION
	137	www.example.com. IN A
	138	SECTION ANSWER
	139	www.example.com. IN A 10.20.30.40
	140	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
	141	www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
	142	SECTION AUTHORITY
	143	example.com. IN NS ns.example.com.
	144	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	145	example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
	146	SECTION ADDITIONAL
	147	ns.example.com. IN A 1.2.3.4
	148	www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
	149	ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
	150	ENTRY_END
	151	RANGE_END
	152
	153	STEP 1 QUERY
	154	ENTRY_BEGIN
	155	REPLY RD DO
	156	SECTION QUESTION
	157	www.example.com. IN A
	158	ENTRY_END
	159
	160	; recursion happens here.
	161	STEP 10 CHECK_ANSWER
	162	ENTRY_BEGIN
	163	MATCH all
	164	REPLY QR RD RA SERVFAIL
	165	SECTION QUESTION
	166	www.example.com. IN A
	167	SECTION ANSWER
	168	ENTRY_END
	169
	170	SCENARIO_END

+39

-0

testdata/val_unsec_cname.rpl less more

255	255	SECTION ANSWER
256	256	a.b.sub.example.com. IN CNAME c.c.example.com.
257	257	ENTRY_END
	258
	259	ENTRY_BEGIN
	260	MATCH opcode qtype qname
	261	ADJUST copy_id
	262	REPLY QR AA NOERROR
	263	SECTION QUESTION
	264	a.b.sub.example.com. IN DS
	265	SECTION AUTHORITY
	266	b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
	267	ENTRY_END
258	268	RANGE_END
259	269
260	270	; server ns.c.example.com.

292	302	c.c.example.com. IN A
293	303	SECTION ANSWER
294	304	c.c.example.com. IN A 11.11.11.11
	305	ENTRY_END
	306
	307	ENTRY_BEGIN
	308	MATCH opcode qtype qname
	309	ADJUST copy_id
	310	REPLY QR AA NOERROR
	311	SECTION QUESTION
	312	c.c.example.com. IN DS
	313	SECTION AUTHORITY
	314	c.example.com. IN SOA C-EXAMPLE. c-example. 1 2 3 4 5
295	315	ENTRY_END
296	316	RANGE_END
297	317

316	336	SECTION ADDITIONAL
317	337	ENTRY_END
318	338
	339	; test that a DS query does not get CNAME redirected, but instead
	340	; asked to the right server that has to respond to it.
	341	STEP 20 QUERY
	342	ENTRY_BEGIN
	343	REPLY RD DO
	344	SECTION QUESTION
	345	a.b.sub.example.com. IN DS
	346	ENTRY_END
	347
	348	STEP 30 CHECK_ANSWER
	349	ENTRY_BEGIN
	350	MATCH all
	351	REPLY QR RD RA NOERROR
	352	SECTION QUESTION
	353	a.b.sub.example.com. IN DS
	354	SECTION AUTHORITY
	355	b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
	356	ENTRY_END
	357
319	358	SCENARIO_END

-0

util/alloc.c less more

321	321	regional_destroy(r);
322	322	return;
323	323	}
	324	if(!r) return;
324	325	regional_free_all(r);
325	326	log_assert(r->next == NULL);
326	327	r->next = (char*)alloc->reg_list;

+10

-4

util/config_file.c less more

139	139	cfg->root_hints = NULL;
140	140	cfg->do_daemonize = 1;
141	141	cfg->if_automatic = 0;
142		cfg->socket_rcvbuf = 0;
	142	cfg->so_rcvbuf = 0;
	143	cfg->so_sndbuf = 0;
143	144	cfg->num_ifs = 0;
144	145	cfg->ifs = NULL;
145	146	cfg->num_out_ifs = 0;

151	152	cfg->harden_large_queries = 0;
152	153	cfg->harden_glue = 1;
153	154	cfg->harden_dnssec_stripped = 1;
	155	cfg->harden_below_nxdomain = 0;
154	156	cfg->harden_referral_path = 0;
155	157	cfg->use_caps_bits_for_id = 0;
156	158	cfg->private_address = NULL;

333	335	else S_POW2("msg-cache-slabs:", msg_cache_slabs)
334	336	else S_SIZET_NONZERO("num-queries-per-thread:",num_queries_per_thread)
335	337	else S_SIZET_OR_ZERO("jostle-timeout:", jostle_time)
336		else S_MEMSIZE("so-rcvbuf:", socket_rcvbuf)
	338	else S_MEMSIZE("so-rcvbuf:", so_rcvbuf)
	339	else S_MEMSIZE("so-sndbuf:", so_sndbuf)
337	340	else S_MEMSIZE("rrset-cache-size:", rrset_cache_size)
338	341	else S_POW2("rrset-cache-slabs:", rrset_cache_slabs)
339	342	else S_YNO("prefetch:", prefetch)

358	361	else S_YNO("harden-short-bufsize:", harden_short_bufsize)
359	362	else S_YNO("harden-large-queries:", harden_large_queries)
360	363	else S_YNO("harden-dnssec-stripped:", harden_dnssec_stripped)
	364	else S_YNO("harden-below-nxdomain:", harden_below_nxdomain)
361	365	else S_YNO("harden-referral-path:", harden_referral_path)
362	366	else S_YNO("use-caps-for-id", use_caps_bits_for_id)
363	367	else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold)

552	556	else O_DEC(opt, "msg-cache-slabs", msg_cache_slabs)
553	557	else O_DEC(opt, "num-queries-per-thread", num_queries_per_thread)
554	558	else O_UNS(opt, "jostle-timeout", jostle_time)
555		else O_MEM(opt, "so-rcvbuf", socket_rcvbuf)
	559	else O_MEM(opt, "so-rcvbuf", so_rcvbuf)
	560	else O_MEM(opt, "so-sndbuf", so_sndbuf)
556	561	else O_MEM(opt, "rrset-cache-size", rrset_cache_size)
557	562	else O_DEC(opt, "rrset-cache-slabs", rrset_cache_slabs)
558	563	else O_YNO(opt, "prefetch-key", prefetch_key)

582	587	else O_YNO(opt, "harden-large-queries", harden_large_queries)
583	588	else O_YNO(opt, "harden-glue", harden_glue)
584	589	else O_YNO(opt, "harden-dnssec-stripped", harden_dnssec_stripped)
	590	else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain)
585	591	else O_YNO(opt, "harden-referral-path", harden_referral_path)
586	592	else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id)
587	593	else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold)

1391	1397	log_err("malloc failure in errinf_rrset");
1392	1398	return;
1393	1399	}
1394		dname_str(qstate->qinfo.qname, dname);
	1400	dname_str(rr->rk.dname, dname);
1395	1401	snprintf(buf, sizeof(buf), "for <%s %s %s>", dname, t, c);
1396	1402	free(t);
1397	1403	free(c);

-1

util/config_file.h less more

119	119	* and recvmsg/sendmsg ancillary data to detect interfaces, boolean */
120	120	int if_automatic;
121	121	/** SO_RCVBUF size to set on port 53 UDP socket */
122		size_t socket_rcvbuf;
	122	size_t so_rcvbuf;
	123	/** SO_SNDBUF size to set on port 53 UDP socket */
	124	size_t so_sndbuf;
123	125
124	126	/** number of interfaces to open. If 0 default all interfaces. */
125	127	int num_ifs;

153	155	int harden_glue;
154	156	/** harden against receiving no DNSSEC data for trust anchor */
155	157	int harden_dnssec_stripped;
	158	/** harden against queries that fall under known nxdomain names */
	159	int harden_below_nxdomain;
156	160	/** harden the referral path, query for NS,A,AAAA and validate */
157	161	int harden_referral_path;
158	162	/** use 0x20 bits in query as random ID bits */

+1446

-1412

util/configlexer.c less more

361	361	*yy_cp = '\0'; \
362	362	(yy_c_buf_p) = yy_cp;
363	363
364		#define YY_NUM_RULES 129
365		#define YY_END_OF_BUFFER 130
	364	#define YY_NUM_RULES 131
	365	#define YY_END_OF_BUFFER 132
366	366	/* This struct is not used in this scanner,
367	367	but its presence is necessary. */
368	368	struct yy_trans_info

370	370	flex_int32_t yy_verify;
371	371	flex_int32_t yy_nxt;
372	372	};
373		static yyconst flex_int16_t yy_accept[1214] =
	373	static yyconst flex_int16_t yy_accept[1236] =
374	374	{ 0,
375		1, 1, 111, 111, 115, 115, 119, 119, 123, 123,
376		1, 1, 130, 127, 1, 109, 109, 128, 2, 127,
377		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
378		127, 127, 127, 127, 127, 127, 127, 127, 128, 111,
379		112, 112, 113, 128, 115, 116, 116, 117, 128, 122,
380		119, 120, 120, 121, 128, 123, 124, 124, 125, 128,
381		126, 110, 2, 114, 126, 128, 127, 0, 1, 2,
382		2, 2, 2, 127, 127, 127, 127, 127, 127, 127,
383		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
384		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
385
386		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
387		127, 127, 127, 127, 127, 111, 0, 115, 0, 122,
388		0, 119, 123, 0, 126, 0, 2, 2, 126, 127,
389		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
390		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
391		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
392		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
393		127, 127, 127, 127, 127, 127, 127, 127, 126, 127,
394		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
395		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
396
397		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
398		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
399		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
400		127, 127, 127, 127, 127, 127, 126, 127, 127, 127,
401		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
402		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
403		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
404		127, 55, 127, 127, 127, 127, 127, 6, 127, 127,
405		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
406		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
407
408		127, 127, 127, 126, 127, 127, 127, 127, 127, 127,
409		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
410		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
411		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
412		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
413		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
414		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
415		127, 127, 127, 127, 126, 127, 127, 127, 127, 21,
416		127, 127, 127, 127, 127, 12, 13, 127, 15, 14,
417		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
418
419		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
420		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
421		127, 127, 107, 127, 127, 127, 127, 3, 127, 127,
422		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
423		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
424		126, 127, 127, 127, 127, 127, 127, 127, 127, 127,
425		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
426		127, 127, 127, 127, 118, 127, 127, 127, 127, 127,
427		127, 127, 127, 127, 127, 127, 24, 127, 127, 127,
428		127, 127, 127, 127, 25, 127, 127, 127, 127, 127,
429
430		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
431		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
432		127, 127, 127, 127, 68, 118, 127, 127, 127, 127,
433		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
434		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
435		127, 127, 127, 127, 67, 127, 127, 127, 127, 127,
436		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
437		127, 127, 127, 127, 53, 127, 127, 127, 127, 127,
438		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
439		127, 127, 127, 127, 127, 22, 127, 127, 127, 127,
440
441		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
442		127, 127, 127, 127, 127, 23, 127, 127, 127, 127,
443		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
444		127, 127, 127, 127, 127, 127, 127, 17, 127, 127,
445		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
446		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
447		127, 127, 127, 20, 127, 56, 57, 127, 54, 127,
448		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
449		127, 127, 5, 127, 127, 127, 127, 127, 127, 127,
450		127, 127, 127, 127, 127, 70, 127, 127, 127, 127,
451
452		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
453		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
454		93, 92, 127, 127, 127, 127, 127, 127, 127, 127,
455		127, 127, 127, 127, 127, 127, 127, 127, 26, 127,
456		127, 127, 127, 58, 127, 127, 127, 127, 127, 90,
457		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
458		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
459		127, 127, 127, 127, 127, 127, 127, 127, 45, 127,
460		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
461		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
462
463		127, 4, 127, 127, 127, 127, 127, 127, 127, 127,
464		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
465		127, 127, 127, 127, 127, 127, 127, 127, 127, 87,
466		127, 127, 127, 127, 127, 127, 127, 101, 88, 127,
467		16, 127, 127, 127, 127, 60, 61, 59, 127, 127,
468		127, 127, 127, 66, 127, 127, 127, 127, 127, 127,
469		127, 127, 89, 127, 127, 127, 127, 127, 127, 127,
470		127, 127, 127, 127, 127, 127, 127, 52, 127, 127,
471		127, 127, 127, 127, 127, 127, 127, 127, 127, 75,
472		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
473
474		127, 127, 33, 34, 127, 127, 127, 127, 127, 127,
475		127, 127, 127, 127, 127, 127, 127, 127, 65, 127,
476		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
477		127, 69, 127, 127, 127, 127, 127, 127, 127, 127,
478		127, 127, 127, 106, 127, 127, 127, 127, 127, 127,
479		127, 127, 127, 127, 127, 127, 79, 127, 82, 127,
480		127, 127, 127, 64, 127, 127, 99, 127, 127, 127,
481		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
482		127, 127, 127, 35, 36, 127, 41, 83, 127, 94,
483		91, 127, 29, 127, 85, 127, 127, 127, 127, 127,
484
485		7, 127, 51, 98, 127, 127, 127, 127, 127, 127,
486		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
487		127, 127, 127, 127, 127, 71, 127, 127, 108, 127,
488		127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
489		84, 28, 30, 127, 127, 127, 127, 127, 50, 127,
490		127, 127, 102, 127, 127, 127, 127, 127, 127, 48,
491		127, 127, 127, 127, 127, 127, 127, 127, 127, 104,
492		127, 127, 27, 127, 127, 127, 127, 127, 11, 127,
493		127, 127, 127, 127, 127, 10, 127, 127, 31, 127,
494		103, 127, 127, 127, 127, 127, 127, 127, 127, 127,
495
496		127, 78, 77, 127, 105, 100, 127, 127, 127, 127,
497		127, 127, 127, 127, 127, 37, 127, 127, 127, 127,
498		127, 32, 127, 127, 127, 72, 74, 127, 127, 127,
499		76, 127, 127, 127, 127, 127, 127, 127, 127, 127,
500		127, 127, 127, 127, 18, 127, 127, 127, 127, 127,
501		127, 127, 127, 127, 127, 127, 127, 97, 127, 127,
502		127, 127, 127, 127, 19, 127, 9, 127, 127, 95,
503		42, 127, 127, 127, 81, 127, 62, 127, 127, 44,
504		47, 43, 127, 38, 127, 8, 127, 127, 80, 127,
505		127, 127, 127, 39, 127, 96, 127, 127, 73, 63,
506
507		46, 40, 127, 127, 127, 127, 49, 127, 127, 127,
508		127, 86, 0
	375	1, 1, 113, 113, 117, 117, 121, 121, 125, 125,
	376	1, 1, 132, 129, 1, 111, 111, 130, 2, 129,
	377	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	378	129, 129, 129, 129, 129, 129, 129, 129, 130, 113,
	379	114, 114, 115, 130, 117, 118, 118, 119, 130, 124,
	380	121, 122, 122, 123, 130, 125, 126, 126, 127, 130,
	381	128, 112, 2, 116, 128, 130, 129, 0, 1, 2,
	382	2, 2, 2, 129, 129, 129, 129, 129, 129, 129,
	383	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	384	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	385
	386	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	387	129, 129, 129, 129, 129, 113, 0, 117, 0, 124,
	388	0, 121, 125, 0, 128, 0, 2, 2, 128, 129,
	389	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	390	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	391	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	392	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	393	129, 129, 129, 129, 129, 129, 129, 129, 128, 129,
	394	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	395	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	396
	397	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	398	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	399	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	400	129, 129, 129, 129, 129, 129, 129, 128, 129, 129,
	401	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	402	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	403	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	404	129, 129, 57, 129, 129, 129, 129, 129, 6, 129,
	405	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	406	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	407
	408	129, 129, 129, 129, 129, 128, 129, 129, 129, 129,
	409	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	410	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	411	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	412	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	413	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	414	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	415	129, 129, 129, 129, 129, 129, 129, 128, 129, 129,
	416	129, 129, 22, 129, 129, 129, 129, 129, 12, 13,
	417	129, 15, 14, 129, 129, 129, 129, 129, 129, 129,
	418
	419	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	420	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	421	129, 129, 129, 129, 129, 109, 129, 129, 129, 129,
	422	3, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	423	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	424	129, 129, 129, 129, 128, 129, 129, 129, 129, 129,
	425	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	426	129, 129, 129, 129, 129, 129, 129, 129, 129, 120,
	427	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	428	129, 25, 129, 129, 129, 129, 129, 129, 129, 26,
	429
	430	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	431	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	432	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	433	70, 120, 129, 129, 129, 129, 129, 129, 129, 129,
	434	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	435	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	436	129, 69, 129, 129, 129, 129, 129, 129, 129, 129,
	437	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	438	129, 55, 129, 129, 129, 129, 129, 129, 129, 129,
	439	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	440
	441	129, 129, 129, 23, 129, 129, 129, 129, 129, 129,
	442	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	443	129, 129, 129, 24, 129, 129, 129, 129, 129, 129,
	444	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	445	129, 129, 129, 129, 129, 129, 17, 129, 129, 129,
	446	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	447	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	448	129, 129, 20, 21, 129, 58, 59, 129, 56, 129,
	449	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	450	129, 129, 5, 129, 129, 129, 129, 129, 129, 129,
	451
	452	129, 129, 129, 129, 129, 72, 129, 129, 129, 129,
	453	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	454	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	455	129, 95, 94, 129, 129, 129, 129, 129, 129, 129,
	456	129, 129, 129, 129, 129, 129, 129, 129, 129, 27,
	457	129, 129, 129, 129, 60, 129, 129, 129, 129, 129,
	458	92, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	459	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	460	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	461	46, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	462
	463	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	464	129, 129, 129, 4, 129, 129, 129, 129, 129, 129,
	465	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	466	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	467	129, 89, 129, 129, 129, 129, 129, 129, 129, 103,
	468	90, 129, 16, 129, 129, 129, 129, 62, 63, 61,
	469	129, 129, 129, 129, 129, 129, 68, 129, 129, 129,
	470	129, 129, 129, 129, 129, 91, 129, 129, 129, 129,
	471	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	472	54, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	473
	474	129, 129, 77, 129, 129, 129, 129, 129, 129, 129,
	475	129, 129, 129, 129, 129, 34, 35, 129, 129, 129,
	476	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	477	129, 129, 67, 129, 129, 129, 129, 129, 129, 129,
	478	129, 129, 129, 129, 129, 71, 129, 129, 129, 129,
	479	129, 129, 129, 129, 129, 129, 129, 108, 129, 129,
	480	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	481	81, 129, 84, 129, 129, 129, 129, 66, 129, 129,
	482	101, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	483	129, 129, 129, 129, 129, 129, 129, 129, 36, 37,
	484
	485	129, 42, 85, 129, 96, 93, 129, 30, 129, 87,
	486	129, 129, 129, 129, 129, 7, 129, 53, 100, 129,
	487	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	488	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	489	73, 129, 129, 110, 129, 129, 129, 129, 129, 129,
	490	129, 129, 129, 129, 129, 129, 86, 29, 31, 129,
	491	129, 129, 129, 129, 52, 129, 129, 129, 104, 129,
	492	129, 129, 129, 129, 129, 50, 129, 129, 129, 129,
	493	129, 129, 129, 129, 129, 106, 129, 129, 28, 129,
	494	129, 129, 129, 129, 129, 11, 129, 129, 129, 129,
	495
	496	129, 129, 10, 129, 129, 32, 129, 105, 129, 129,
	497	129, 129, 129, 129, 129, 129, 129, 129, 80, 79,
	498	129, 107, 102, 129, 129, 129, 129, 129, 129, 129,
	499	129, 129, 129, 38, 129, 129, 129, 129, 129, 33,
	500	129, 129, 129, 74, 76, 129, 129, 129, 78, 129,
	501	129, 129, 129, 129, 129, 129, 129, 129, 129, 129,
	502	129, 129, 129, 18, 129, 129, 129, 129, 129, 129,
	503	129, 129, 129, 129, 129, 129, 99, 129, 129, 129,
	504	129, 129, 129, 129, 19, 129, 9, 129, 129, 97,
	505	43, 129, 129, 129, 83, 129, 64, 129, 129, 129,
	506
	507	45, 49, 44, 129, 39, 129, 8, 129, 129, 82,
	508	129, 129, 129, 48, 129, 40, 129, 98, 129, 129,
	509	75, 65, 47, 41, 129, 129, 129, 129, 51, 129,
	510	129, 129, 129, 88, 0
509	511	} ;
510	512
511	513	static yyconst flex_int32_t yy_ec[256] =

551	553	1, 1, 1, 1, 1
552	554	} ;
553	555
554		static yyconst flex_int16_t yy_base[1228] =
	556	static yyconst flex_int16_t yy_base[1250] =
555	557	{ 0,
556	558	0, 0, 63, 66, 69, 71, 77, 83, 88, 91,
557		129, 135, 438, 385, 95, 3481, 3481, 3481, 107, 110,
	559	129, 135, 438, 385, 95, 3563, 3563, 3563, 107, 110,
558	560	142, 140, 108, 50, 159, 147, 121, 148, 139, 170,
559	561	193, 169, 204, 200, 223, 206, 225, 252, 116, 380,
560		3481, 3481, 3481, 94, 379, 3481, 3481, 3481, 96, 362,
561		371, 3481, 3481, 3481, 209, 325, 3481, 3481, 3481, 102,
562		278, 3481, 268, 3481, 196, 216, 267, 282, 111, 0,
	562	3563, 3563, 3563, 94, 379, 3563, 3563, 3563, 96, 362,
	563	371, 3563, 3563, 3563, 209, 325, 3563, 3563, 3563, 102,
	564	278, 3563, 268, 3563, 196, 216, 267, 282, 111, 0,
563	565	293, 0, 0, 232, 199, 249, 251, 146, 273, 277,
564	566	246, 270, 294, 284, 279, 283, 285, 304, 297, 312,
565	567	290, 322, 330, 319, 331, 328, 336, 335, 324, 349,

570	572	360, 408, 419, 432, 431, 421, 450, 425, 479, 452,
571	573	438, 458, 437, 464, 462, 478, 486, 484, 476, 449,
572	574	491, 470, 503, 516, 496, 513, 509, 520, 525, 526,
573		518, 512, 529, 515, 530, 531, 528, 545, 539, 536,
574		547, 566, 562, 551, 575, 583, 584, 580, 559, 573,
575		577, 587, 586, 590, 588, 600, 613, 619, 621, 607,
576		609, 626, 627, 628, 594, 611, 638, 636, 634, 640,
577
578		648, 632, 643, 655, 650, 661, 671, 664, 658, 670,
579		668, 681, 686, 687, 682, 677, 685, 693, 710, 717,
580		701, 703, 726, 704, 720, 729, 727, 731, 728, 714,
581		721, 746, 743, 791, 753, 755, 719, 750, 756, 752,
582		770, 754, 760, 773, 784, 795, 781, 818, 792, 798,
583		808, 813, 821, 822, 811, 828, 835, 834, 848, 837,
584		832, 841, 853, 850, 859, 869, 867, 854, 873, 861,
585		871, 3481, 888, 870, 875, 886, 880, 3481, 881, 884,
586		898, 909, 913, 910, 899, 902, 908, 937, 903, 947,
587		922, 919, 907, 954, 941, 946, 951, 943, 949, 970,
588
589		968, 965, 972, 982, 961, 979, 976, 983, 933, 988,
590		989, 990, 1004, 995, 1012, 1019, 1024, 1025, 1026, 1028,
591		1009, 1032, 1029, 1042, 1036, 1038, 1021, 1039, 1031, 1070,
592		1048, 1054, 1052, 1059, 1076, 1064, 1069, 1058, 1081, 1089,
593		1090, 1079, 1094, 1096, 1108, 1095, 1119, 1099, 1122, 1106,
594		1125, 1131, 1130, 1114, 1139, 1121, 1120, 1129, 1149, 1152,
595		1146, 1155, 1148, 1135, 1156, 1161, 1162, 1165, 1173, 1179,
596		1175, 1183, 1176, 1187, 1181, 1194, 1200, 1188, 1217, 3481,
597		1202, 1203, 1198, 1211, 1208, 3481, 3481, 1205, 3481, 3481,
598		1224, 1231, 1235, 1244, 1268, 1236, 1229, 1227, 1242, 1250,
599
600		1254, 1246, 1264, 1267, 1256, 1266, 1281, 1277, 1283, 1291,
601		1290, 1297, 1295, 1303, 1307, 1302, 1304, 1299, 1319, 1313,
602		1336, 1316, 3481, 1334, 1325, 1340, 1342, 3481, 1323, 1346,
603		1347, 1330, 1350, 1356, 1348, 1365, 1360, 1380, 1366, 1376,
604		1386, 1368, 1393, 1369, 1387, 1381, 1392, 1402, 1403, 1400,
605		1401, 1395, 1420, 1406, 1407, 1421, 1460, 1437, 1415, 1428,
606		1432, 1418, 1447, 1448, 1453, 1478, 1458, 1470, 1456, 1484,
607		1483, 1480, 1474, 1409, 3481, 1481, 1492, 1496, 1487, 1497,
608		1503, 1498, 1521, 1508, 1518, 1537, 3481, 1519, 1531, 1533,
609		1535, 1541, 1542, 1545, 3481, 1551, 1548, 1553, 1539, 1562,
610
611		1568, 1569, 1579, 1567, 1583, 1570, 1565, 1577, 1594, 1597,
612		1600, 1580, 1609, 1612, 1601, 1587, 1604, 1605, 1608, 106,
613		1607, 1613, 1614, 1617, 3481, 90, 1624, 1630, 1628, 1641,
614		1657, 1649, 1644, 1647, 1651, 1652, 1655, 1659, 1646, 1653,
615		1672, 1668, 1685, 1673, 1689, 1681, 1683, 1682, 1684, 1688,
616		1697, 1707, 1709, 1704, 3481, 1712, 1710, 1715, 1716, 1750,
617		1714, 1738, 1711, 1743, 1746, 1754, 1745, 1734, 1761, 1762,
618		1758, 1756, 1782, 1757, 3481, 1772, 1765, 1748, 1783, 1775,
619		1793, 1786, 1781, 1805, 1792, 1812, 1814, 1810, 1816, 1802,
620		1809, 1821, 1827, 1824, 1828, 3481, 1838, 1844, 1841, 1851,
621
622		1843, 1831, 1848, 1856, 1840, 1853, 1865, 1854, 1862, 1866,
623		1863, 1868, 1869, 1879, 1875, 3481, 1904, 1881, 1887, 1908,
624		1892, 1896, 1895, 1893, 1903, 1909, 1922, 1911, 1924, 1915,
625		1932, 1931, 1926, 1943, 1954, 1956, 1960, 3481, 1952, 1949,
626		1945, 1966, 1965, 1950, 1972, 1971, 1967, 1970, 1976, 1981,
627		1987, 1983, 1991, 1984, 1975, 2005, 2002, 2008, 1999, 2020,
628		2016, 2003, 2028, 3481, 2029, 3481, 3481, 2034, 3481, 2035,
629		2022, 2014, 2040, 2036, 2052, 2033, 2056, 2032, 2047, 2064,
630		2050, 2065, 3481, 2055, 2061, 2085, 2067, 2078, 2079, 2074,
631		2084, 2044, 2088, 2090, 2101, 3481, 2105, 2093, 2106, 2094,
632
633		2121, 2111, 2103, 2114, 2134, 2124, 2135, 2125, 2127, 2133,
634		2128, 2131, 2161, 2145, 2148, 2152, 2149, 2156, 2169, 2166,
635		3481, 3481, 2174, 2175, 2167, 2194, 2180, 2191, 2185, 2190,
636		2201, 2197, 2205, 2195, 2207, 2222, 2211, 2208, 3481, 2202,
637		2235, 2230, 2242, 3481, 2231, 2237, 2221, 2243, 2238, 3481,
638		2241, 2267, 2268, 2269, 2270, 2272, 2253, 2262, 2260, 2265,
639		2278, 2295, 2288, 2297, 2292, 2285, 2293, 2311, 2304, 2314,
640		2289, 2300, 2306, 2303, 2326, 2328, 2329, 2332, 3481, 2336,
641		2324, 2343, 2319, 2345, 2347, 2346, 2334, 2337, 2348, 2355,
642		2366, 2351, 2378, 2363, 2371, 2381, 2382, 2370, 2385, 2373,
643
644		2395, 3481, 2362, 2405, 2394, 2409, 2402, 2412, 2410, 2400,
645		2413, 2406, 2418, 2421, 2429, 2435, 2438, 2458, 2439, 2441,
646		2446, 2447, 2456, 2451, 2442, 2465, 2448, 2468, 2469, 3481,
647		2476, 2471, 2472, 2478, 2477, 2483, 2491, 3481, 3481, 2490,
648		3481, 2511, 2495, 2492, 2498, 3481, 3481, 3481, 2497, 2503,
649		2487, 2519, 2526, 3481, 2515, 2530, 2516, 2524, 2529, 2532,
650		2518, 2534, 3481, 2547, 2553, 2548, 2540, 2565, 2543, 2567,
651		2571, 2578, 2579, 2559, 2568, 2582, 2580, 3481, 2570, 2576,
652		2587, 2596, 2609, 2592, 2610, 2600, 2604, 2614, 2619, 3481,
653		2620, 2607, 2593, 2633, 2629, 2639, 2623, 2640, 2649, 2645,
654
655		2643, 2647, 3481, 3481, 2652, 2662, 2663, 2656, 2670, 2669,
656		2665, 2672, 2660, 2674, 2679, 2657, 2682, 2687, 3481, 2700,
657		2697, 2699, 2714, 2711, 2716, 2704, 2718, 2719, 2709, 2722,
658		2723, 3481, 2724, 2732, 2721, 2733, 2734, 2741, 2750, 2756,
659		2754, 2739, 2762, 3481, 2763, 2738, 2768, 2759, 2765, 2755,
660		2773, 2760, 2779, 2784, 2777, 2790, 3481, 2781, 3481, 2798,
661		2808, 2814, 2815, 3481, 2803, 2800, 3481, 2810, 2817, 2819,
662		2825, 2820, 2826, 2827, 2811, 2828, 2852, 2837, 2854, 2845,
663		2858, 2859, 2864, 3481, 3481, 2868, 3481, 3481, 2862, 3481,
664		3481, 2865, 3481, 2870, 3481, 2872, 2873, 2855, 2856, 2875,
665
666		3481, 2876, 3481, 3481, 2899, 2906, 2905, 2909, 2900, 2893,
667		2901, 2902, 2903, 2896, 2917, 2925, 2892, 2926, 2935, 2898,
668		2933, 2932, 2949, 2951, 2924, 3481, 2937, 2957, 3481, 2963,
669		2959, 2952, 2953, 2972, 2973, 2966, 2969, 2974, 2975, 2983,
670		3481, 3481, 3481, 2984, 3002, 2987, 2991, 2990, 3481, 3007,
671		2993, 3009, 3481, 3021, 3001, 3015, 3020, 3032, 3018, 3481,
672		3028, 3033, 3035, 3029, 3027, 3041, 3050, 3057, 3058, 3481,
673		3056, 3051, 3481, 3066, 3064, 3065, 3071, 3067, 3481, 3060,
674		3062, 3075, 3077, 3087, 3092, 3481, 3096, 3094, 3481, 3082,
675		3481, 3090, 3111, 3113, 3115, 3118, 3102, 3114, 3084, 3125,
676
677		3122, 3481, 3481, 3121, 3481, 3481, 3117, 3123, 3132, 3119,
678		3152, 3140, 3138, 3147, 3141, 3481, 3163, 3153, 3169, 3168,
679		3167, 3481, 3173, 3158, 3150, 3481, 3481, 3181, 3188, 3183,
680		3481, 3196, 3195, 3187, 3190, 3207, 3202, 3193, 3203, 3216,
681		3198, 3208, 3226, 3231, 3481, 3237, 3220, 3219, 3242, 3244,
682		3230, 3238, 3232, 3255, 3248, 3256, 3243, 3481, 3261, 3272,
683		3273, 3274, 3275, 3278, 3481, 3283, 3481, 3281, 3285, 3481,
684		3481, 3286, 3291, 3287, 3481, 3293, 3481, 3276, 3300, 3481,
685		3481, 3481, 3295, 3481, 3302, 3481, 3297, 3301, 3481, 3308,
686		3309, 3315, 3330, 3481, 3332, 3481, 3322, 3336, 3481, 3481,
687
688		3481, 3481, 3335, 3318, 3340, 3341, 3481, 3329, 3333, 3327,
689		3348, 3481, 3481, 3389, 3396, 3403, 3410, 3417, 82, 3424,
690		3431, 3438, 3445, 3452, 3459, 3466, 3473
	575	518, 512, 529, 515, 530, 531, 528, 545, 539, 549,
	576	543, 552, 562, 555, 570, 582, 584, 583, 579, 580,
	577	578, 587, 588, 577, 590, 595, 613, 620, 622, 609,
	578	617, 628, 629, 615, 638, 627, 636, 634, 642, 626,
	579
	580	649, 644, 661, 654, 655, 678, 674, 663, 659, 671,
	581	673, 689, 683, 684, 676, 694, 686, 708, 710, 716,
	582	711, 704, 729, 707, 723, 730, 718, 731, 734, 736,
	583	719, 735, 745, 738, 790, 754, 761, 750, 755, 758,
	584	760, 751, 763, 784, 788, 794, 781, 807, 825, 798,
	585	800, 819, 823, 811, 824, 826, 833, 839, 840, 838,
	586	845, 860, 851, 853, 846, 862, 872, 868, 867, 865,
	587	875, 881, 3563, 890, 880, 885, 889, 888, 3563, 883,
	588	894, 897, 908, 918, 909, 904, 907, 915, 920, 936,
	589	923, 955, 928, 931, 940, 953, 942, 949, 958, 959,
	590
	591	950, 963, 974, 975, 976, 989, 1000, 985, 980, 995,
	592	1004, 999, 1001, 1002, 1003, 996, 1014, 1015, 1023, 1032,
	593	1034, 1041, 1018, 1038, 1042, 1051, 1044, 1047, 1029, 1050,
	594	1040, 1077, 1056, 1064, 1063, 1083, 1088, 1081, 1090, 1066,
	595	1091, 1093, 1098, 1100, 1084, 1112, 1104, 1103, 1129, 1142,
	596	1139, 1128, 1140, 1144, 1145, 1146, 1130, 1154, 1136, 1141,
	597	1161, 1153, 1164, 1156, 1157, 1163, 1174, 1169, 1187, 1190,
	598	1191, 1192, 1199, 1184, 1200, 1196, 1201, 1203, 1209, 1206,
	599	1217, 1239, 3563, 1220, 1237, 1225, 1242, 1230, 3563, 3563,
	600	1229, 3563, 3563, 1244, 1249, 1247, 1258, 1284, 1257, 1263,
	601
	602	1267, 1260, 1272, 1282, 1278, 1294, 1297, 1287, 1285, 1290,
	603	1315, 1311, 1323, 1332, 1330, 1329, 1331, 1336, 1319, 1340,
	604	1334, 1347, 1343, 1352, 1346, 3563, 1366, 1361, 1353, 1373,
	605	3563, 1356, 1364, 1378, 1382, 1370, 1381, 1380, 1392, 1396,
	606	1399, 1397, 1403, 1406, 1415, 1408, 1426, 1419, 1428, 1414,
	607	1421, 1440, 1423, 1438, 1439, 1436, 1448, 1441, 1445, 1430,
	608	1494, 1458, 1449, 1465, 1450, 1461, 1459, 1475, 1487, 1512,
	609	1479, 1490, 1506, 1514, 1517, 1508, 1509, 1500, 1498, 3563,
	610	1532, 1526, 1533, 1521, 1546, 1545, 1536, 1553, 1537, 1548,
	611	1570, 3563, 1556, 1563, 1564, 1572, 1565, 1566, 1580, 3563,
	612
	613	1606, 1599, 1583, 1590, 1588, 1584, 1604, 1607, 1610, 1613,
	614	1615, 1602, 1601, 1611, 1617, 1636, 1647, 1642, 1627, 1629,
	615	1637, 1655, 1638, 1644, 1648, 106, 1643, 1663, 1640, 1651,
	616	3563, 90, 1667, 1668, 1646, 1693, 1695, 1687, 1682, 1684,
	617	1697, 1685, 1686, 1704, 1688, 1707, 1712, 1699, 1725, 1713,
	618	1731, 1721, 1722, 1726, 1723, 1720, 1728, 1745, 1739, 1740,
	619	1747, 3563, 1757, 1753, 1750, 1774, 1786, 1762, 1767, 1789,
	620	1790, 1787, 1794, 1782, 1781, 1797, 1804, 1800, 1803, 1819,
	621	1809, 3563, 1811, 1814, 1821, 1826, 1824, 1817, 1827, 1832,
	622	1849, 1850, 1842, 1858, 1863, 1860, 1868, 1851, 1866, 1870,
	623
	624	1855, 1877, 1872, 3563, 1884, 1885, 1881, 1893, 1882, 1888,
	625	1892, 1894, 1896, 1899, 1900, 1897, 1905, 1910, 1913, 1909,
	626	1906, 1920, 1912, 3563, 1946, 1924, 1927, 1943, 1939, 1933,
	627	1955, 1942, 1949, 1952, 1962, 1966, 1976, 1969, 1960, 1982,
	628	1970, 1979, 1987, 1968, 1972, 2001, 3563, 1999, 1993, 1994,
	629	2015, 2016, 1998, 2018, 2026, 2011, 2014, 2020, 2027, 2009,
	630	2028, 2037, 2031, 2043, 2057, 2050, 2047, 2042, 2065, 2066,
	631	2058, 2041, 3563, 3563, 2076, 3563, 3563, 2067, 3563, 2077,
	632	2072, 2070, 2081, 2085, 2082, 2090, 2101, 2069, 2104, 2107,
	633	2097, 2114, 3563, 2103, 2106, 2122, 2105, 2124, 2133, 2134,
	634
	635	2130, 2143, 2138, 2140, 2139, 3563, 2150, 2148, 2156, 2160,
	636	2163, 2151, 2168, 2171, 2166, 2174, 2184, 2187, 2181, 2177,
	637	2182, 2180, 2200, 2178, 2190, 2198, 2201, 2205, 2216, 2221,
	638	2215, 3563, 3563, 2209, 2225, 2219, 2232, 2226, 2255, 2254,
	639	2236, 2251, 2248, 2253, 2245, 2258, 2268, 2257, 2259, 3563,
	640	2278, 2283, 2281, 2289, 3563, 2280, 2272, 2282, 2286, 2293,
	641	3563, 2303, 2308, 2313, 2316, 2317, 2297, 2304, 2319, 2326,
	642	2328, 2320, 2324, 2341, 2340, 2338, 2351, 2358, 2360, 2353,
	643	2364, 2345, 2349, 2347, 2355, 2371, 2373, 2377, 2385, 2383,
	644	3563, 2392, 2372, 2396, 2369, 2395, 2405, 2397, 2387, 2388,
	645
	646	2398, 2399, 2403, 2401, 2428, 2413, 2422, 2430, 2432, 2424,
	647	2438, 2426, 2445, 3563, 2443, 2446, 2442, 2456, 2444, 2469,
	648	2458, 2460, 2466, 2457, 2472, 2473, 2465, 2477, 2499, 2502,
	649	2501, 2494, 2514, 2500, 2507, 2503, 2492, 2518, 2498, 2526,
	650	2504, 3563, 2521, 2523, 2532, 2529, 2531, 2534, 2528, 3563,
	651	3563, 2542, 3563, 2545, 2547, 2543, 2551, 3563, 3563, 3563,
	652	2561, 2553, 2549, 2567, 2569, 2577, 3563, 2562, 2584, 2570,
	653	2574, 2578, 2587, 2588, 2580, 3563, 2601, 2581, 2598, 2610,
	654	2620, 2595, 2618, 2622, 2626, 2627, 2611, 2614, 2639, 2635,
	655	3563, 2617, 2628, 2652, 2645, 2656, 2651, 2658, 2661, 2644,
	656
	657	2659, 2667, 3563, 2671, 2655, 2672, 2676, 2684, 2689, 2686,
	658	2692, 2685, 2697, 2706, 2701, 3563, 3563, 2712, 2714, 2717,
	659	2703, 2720, 2722, 2716, 2724, 2708, 2719, 2730, 2736, 2739,
	660	2747, 2741, 3563, 2737, 2756, 2757, 2749, 2771, 2772, 2765,
	661	2773, 2775, 2761, 2779, 2785, 3563, 2786, 2790, 2774, 2794,
	662	2777, 2797, 2805, 2809, 2811, 2796, 2814, 3563, 2816, 2800,
	663	2818, 2817, 2823, 2812, 2835, 2832, 2822, 2839, 2838, 2850,
	664	3563, 2837, 3563, 2842, 2860, 2867, 2870, 3563, 2853, 2864,
	665	3563, 2869, 2877, 2873, 2881, 2880, 2886, 2884, 2894, 2888,
	666	2897, 2896, 2906, 2899, 2902, 2915, 2919, 2923, 3563, 3563,
	667
	668	2921, 3563, 3563, 2930, 3563, 3563, 2931, 3563, 2934, 3563,
	669	2939, 2935, 2924, 2916, 2932, 3563, 2953, 3563, 3563, 2950,
	670	2954, 2963, 2960, 2957, 2952, 2959, 2961, 2962, 2958, 2972,
	671	2966, 2965, 2983, 2981, 2980, 2992, 2993, 3007, 3008, 3009,
	672	3563, 2996, 3015, 3563, 3017, 3018, 3010, 3028, 3029, 3032,
	673	3005, 3022, 3030, 3035, 3034, 3038, 3563, 3563, 3563, 3040,
	674	3061, 3063, 3051, 3052, 3563, 3068, 3057, 3069, 3563, 3071,
	675	3059, 3073, 3078, 3084, 3086, 3563, 3077, 3096, 3097, 3091,
	676	3107, 3112, 3118, 3115, 3117, 3563, 3120, 3110, 3563, 3123,
	677	3114, 3121, 3129, 3131, 3134, 3563, 3136, 3141, 3135, 3137,
	678
	679	3158, 3162, 3563, 3142, 3159, 3563, 3171, 3563, 3154, 3175,
	680	3177, 3179, 3183, 3170, 3178, 3181, 3184, 3186, 3563, 3563,
	681	3185, 3563, 3563, 3195, 3201, 3197, 3199, 3204, 3218, 3205,
	682	3203, 3212, 3213, 3563, 3231, 3217, 3237, 3238, 3240, 3563,
	683	3244, 3239, 3230, 3563, 3563, 3241, 3258, 3245, 3563, 3265,
	684	3266, 3260, 3262, 3263, 3274, 3268, 3269, 3286, 3293, 3273,
	685	3289, 3291, 3300, 3563, 3303, 3287, 3290, 3309, 3319, 3304,
	686	3310, 3313, 3324, 3316, 3329, 3325, 3563, 3327, 3337, 3338,
	687	3345, 3347, 3343, 3353, 3563, 3356, 3563, 3358, 3354, 3563,
	688	3563, 3355, 3361, 3362, 3563, 3368, 3563, 3371, 3366, 3372,
	689
	690	3563, 3563, 3563, 3377, 3563, 3374, 3563, 3379, 3381, 3563,
	691	3384, 3387, 3392, 3563, 3397, 3563, 3407, 3563, 3398, 3408,
	692	3563, 3563, 3563, 3563, 3411, 3393, 3412, 3417, 3563, 3401,
	693	3418, 3403, 3421, 3563, 3563, 3471, 3478, 3485, 3492, 3499,
	694	82, 3506, 3513, 3520, 3527, 3534, 3541, 3548, 3555
691	695	} ;
692	696
693		static yyconst flex_int16_t yy_def[1228] =
	697	static yyconst flex_int16_t yy_def[1250] =
694	698	{ 0,
695		1213, 1, 1214, 1214, 1215, 1215, 1216, 1216, 1217, 1217,
696		1218, 1218, 1213, 1219, 1213, 1213, 1213, 1213, 1220, 1219,
697		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
698		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1221,
699		1213, 1213, 1213, 1221, 1222, 1213, 1213, 1213, 1222, 1223,
700		1213, 1213, 1213, 1213, 1223, 1224, 1213, 1213, 1213, 1224,
701		1225, 1213, 1226, 1213, 1225, 1225, 1219, 1219, 1213, 1227,
702		1220, 1227, 1220, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
703		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
704		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
705
706		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
707		1219, 1219, 1219, 1219, 1219, 1221, 1221, 1222, 1222, 1223,
708		1223, 1213, 1224, 1224, 1225, 1225, 1226, 1226, 1225, 1219,
709		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
710		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
711		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
712		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
713		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1225, 1219,
714		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
715		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
716
717		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
718		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
719		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
720		1219, 1219, 1219, 1219, 1219, 1219, 1225, 1219, 1219, 1219,
721		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
722		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
723		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
724		1219, 1213, 1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219,
725		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
726		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
727
728		1219, 1219, 1219, 1225, 1219, 1219, 1219, 1219, 1219, 1219,
729		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
730		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
731		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
732		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
733		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
734		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
735		1219, 1219, 1219, 1219, 1225, 1219, 1219, 1219, 1219, 1213,
736		1219, 1219, 1219, 1219, 1219, 1213, 1213, 1219, 1213, 1213,
737		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
738
739		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
740		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
741		1219, 1219, 1213, 1219, 1219, 1219, 1219, 1213, 1219, 1219,
742		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
743		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
744		1225, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
745		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
746		1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219,
747		1219, 1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219,
748		1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219,
749
750		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
751		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
752		1219, 1219, 1219, 1219, 1213, 1225, 1219, 1219, 1219, 1219,
753		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
754		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
755		1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219,
756		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
757		1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219,
758		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
759		1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219,
760
761		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
762		1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219,
763		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
764		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219,
765		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
766		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
767		1219, 1219, 1219, 1213, 1219, 1213, 1213, 1219, 1213, 1219,
768		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
769		1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
770		1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219,
771
772		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
773		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
774		1213, 1213, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
775		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213, 1219,
776		1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219, 1213,
777		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
778		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
779		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213, 1219,
780		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
781		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
782
783		1219, 1213, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
784		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
785		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213,
786		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213, 1213, 1219,
787		1213, 1219, 1219, 1219, 1219, 1213, 1213, 1213, 1219, 1219,
788		1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219, 1219,
789		1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
790		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219,
791		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213,
792		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
793
794		1219, 1219, 1213, 1213, 1219, 1219, 1219, 1219, 1219, 1219,
795		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213, 1219,
796		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
797		1219, 1213, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
798		1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219, 1219,
799		1219, 1219, 1219, 1219, 1219, 1219, 1213, 1219, 1213, 1219,
800		1219, 1219, 1219, 1213, 1219, 1219, 1213, 1219, 1219, 1219,
801		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
802		1219, 1219, 1219, 1213, 1213, 1219, 1213, 1213, 1219, 1213,
803		1213, 1219, 1213, 1219, 1213, 1219, 1219, 1219, 1219, 1219,
804
805		1213, 1219, 1213, 1213, 1219, 1219, 1219, 1219, 1219, 1219,
806		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
807		1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219, 1213, 1219,
808		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
809		1213, 1213, 1213, 1219, 1219, 1219, 1219, 1219, 1213, 1219,
810		1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219, 1219, 1213,
811		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213,
812		1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219, 1213, 1219,
813		1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219, 1213, 1219,
814		1213, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
815
816		1219, 1213, 1213, 1219, 1213, 1213, 1219, 1219, 1219, 1219,
817		1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219,
818		1219, 1213, 1219, 1219, 1219, 1213, 1213, 1219, 1219, 1219,
819		1213, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219, 1219,
820		1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219, 1219, 1219,
821		1219, 1219, 1219, 1219, 1219, 1219, 1219, 1213, 1219, 1219,
822		1219, 1219, 1219, 1219, 1213, 1219, 1213, 1219, 1219, 1213,
823		1213, 1219, 1219, 1219, 1213, 1219, 1213, 1219, 1219, 1213,
824		1213, 1213, 1219, 1213, 1219, 1213, 1219, 1219, 1213, 1219,
825		1219, 1219, 1219, 1213, 1219, 1213, 1219, 1219, 1213, 1213,
826
827		1213, 1213, 1219, 1219, 1219, 1219, 1213, 1219, 1219, 1219,
828		1219, 1213, 0, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
829		1213, 1213, 1213, 1213, 1213, 1213, 1213
	699	1235, 1, 1236, 1236, 1237, 1237, 1238, 1238, 1239, 1239,
	700	1240, 1240, 1235, 1241, 1235, 1235, 1235, 1235, 1242, 1241,
	701	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	702	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1243,
	703	1235, 1235, 1235, 1243, 1244, 1235, 1235, 1235, 1244, 1245,
	704	1235, 1235, 1235, 1235, 1245, 1246, 1235, 1235, 1235, 1246,
	705	1247, 1235, 1248, 1235, 1247, 1247, 1241, 1241, 1235, 1249,
	706	1242, 1249, 1242, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	707	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	708	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	709
	710	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	711	1241, 1241, 1241, 1241, 1241, 1243, 1243, 1244, 1244, 1245,
	712	1245, 1235, 1246, 1246, 1247, 1247, 1248, 1248, 1247, 1241,
	713	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	714	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	715	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	716	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	717	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1247, 1241,
	718	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	719	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	720
	721	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	722	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	723	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	724	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1247, 1241, 1241,
	725	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	726	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	727	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	728	1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1235, 1241,
	729	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	730	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	731
	732	1241, 1241, 1241, 1241, 1241, 1247, 1241, 1241, 1241, 1241,
	733	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	734	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	735	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	736	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	737	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	738	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	739	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1247, 1241, 1241,
	740	1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1235, 1235,
	741	1241, 1235, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	742
	743	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	744	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	745	1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241,
	746	1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	747	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	748	1241, 1241, 1241, 1241, 1247, 1241, 1241, 1241, 1241, 1241,
	749	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	750	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1235,
	751	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	752	1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1235,
	753
	754	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	755	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	756	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	757	1235, 1247, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	758	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	759	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	760	1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	761	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	762	1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	763	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	764
	765	1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241,
	766	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	767	1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241,
	768	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	769	1241, 1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241,
	770	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	771	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	772	1241, 1241, 1235, 1235, 1241, 1235, 1235, 1241, 1235, 1241,
	773	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	774	1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	775
	776	1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241,
	777	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	778	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	779	1241, 1235, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	780	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1235,
	781	1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241,
	782	1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	783	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	784	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	785	1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	786
	787	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	788	1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241,
	789	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	790	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	791	1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1235,
	792	1235, 1241, 1235, 1241, 1241, 1241, 1241, 1235, 1235, 1235,
	793	1241, 1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241,
	794	1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241,
	795	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	796	1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	797
	798	1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	799	1241, 1241, 1241, 1241, 1241, 1235, 1235, 1241, 1241, 1241,
	800	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	801	1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	802	1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241,
	803	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241,
	804	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	805	1235, 1241, 1235, 1241, 1241, 1241, 1241, 1235, 1241, 1241,
	806	1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	807	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1235, 1235,
	808
	809	1241, 1235, 1235, 1241, 1235, 1235, 1241, 1235, 1241, 1235,
	810	1241, 1241, 1241, 1241, 1241, 1235, 1241, 1235, 1235, 1241,
	811	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	812	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	813	1235, 1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241,
	814	1241, 1241, 1241, 1241, 1241, 1241, 1235, 1235, 1235, 1241,
	815	1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241, 1235, 1241,
	816	1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241,
	817	1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1235, 1241,
	818	1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241,
	819
	820	1241, 1241, 1235, 1241, 1241, 1235, 1241, 1235, 1241, 1241,
	821	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1235, 1235,
	822	1241, 1235, 1235, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	823	1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1235,
	824	1241, 1241, 1241, 1235, 1235, 1241, 1241, 1241, 1235, 1241,
	825	1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241, 1241,
	826	1241, 1241, 1241, 1235, 1241, 1241, 1241, 1241, 1241, 1241,
	827	1241, 1241, 1241, 1241, 1241, 1241, 1235, 1241, 1241, 1241,
	828	1241, 1241, 1241, 1241, 1235, 1241, 1235, 1241, 1241, 1235,
	829	1235, 1241, 1241, 1241, 1235, 1241, 1235, 1241, 1241, 1241,
	830
	831	1235, 1235, 1235, 1241, 1235, 1241, 1235, 1241, 1241, 1235,
	832	1241, 1241, 1241, 1235, 1241, 1235, 1241, 1235, 1241, 1241,
	833	1235, 1235, 1235, 1235, 1241, 1241, 1241, 1241, 1235, 1241,
	834	1241, 1241, 1241, 1235, 0, 1235, 1235, 1235, 1235, 1235,
	835	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235
830	836	} ;
831	837
832		static yyconst flex_int16_t yy_nxt[3547] =
	838	static yyconst flex_int16_t yy_nxt[3629] =
833	839	{ 0,
834	840	14, 15, 16, 17, 18, 19, 18, 14, 14, 14,
835	841	14, 18, 20, 14, 21, 22, 23, 24, 14, 25,

843	849	57, 58, 59, 57, 58, 59, 69, 116, 116, 118,
844	850
845	851	70, 44, 118, 86, 44, 123, 123, 49, 72, 49,
846		72, 72, 69, 72, 600, 55, 70, 67, 72, 67,
	852	72, 72, 69, 72, 608, 55, 70, 67, 72, 67,
847	853	67, 55, 67, 84, 74, 75, 60, 67, 126, 60,
848	854	15, 16, 17, 62, 63, 64, 15, 16, 17, 62,
849	855	63, 64, 76, 85, 68, 73, 68, 91, 68, 65,

878	884	121, 68, 68, 68, 167, 166, 68, 163, 175, 176,
879	885	165, 164, 68, 172, 68, 168, 178, 119, 117, 68,
880	886	171, 169, 174, 68, 173, 68, 177, 118, 186, 179,
881		118, 68, 188, 180, 182, 175, 176, 1213, 183, 120,
	887	118, 68, 188, 180, 182, 175, 176, 1235, 183, 120,
882	888	172, 120, 120, 178, 120, 125, 68, 125, 125, 72,
883	889	125, 72, 72, 126, 72, 68, 179, 68, 184, 68,
884		180, 182, 185, 68, 194, 183, 187, 1213, 195, 68,
885		68, 197, 1213, 1213, 196, 68, 68, 207, 199, 198,
886		205, 1213, 1213, 1213, 1213, 184, 128, 68, 68, 185,
887		68, 194, 204, 187, 189, 195, 68, 1213, 197, 190,
	890	180, 182, 185, 68, 194, 183, 187, 1235, 195, 68,
	891	68, 197, 1235, 1235, 196, 68, 68, 207, 199, 198,
	892	205, 1235, 1235, 1235, 1235, 184, 128, 68, 68, 185,
	893	68, 194, 204, 187, 189, 195, 68, 1235, 197, 190,
888	894
889	895	68, 196, 68, 200, 191, 199, 198, 205, 68, 201,
890	896	192, 193, 202, 203, 68, 208, 68, 68, 206, 204,

892	898	200, 191, 215, 210, 68, 217, 201, 192, 193, 202,
893	899	203, 68, 208, 218, 216, 206, 219, 68, 220, 221,
894	900	68, 68, 213, 68, 68, 211, 68, 222, 68, 223,
895		210, 224, 217, 68, 68, 226, 68, 68, 68, 68,
896		218, 216, 225, 219, 68, 220, 221, 68, 227, 228,
897		229, 230, 237, 68, 222, 68, 223, 231, 224, 68,
898		232, 234, 226, 235, 240, 1213, 239, 126, 1213, 225,
899
900		68, 253, 241, 238, 68, 227, 228, 229, 230, 237,
901		236, 68, 233, 68, 231, 68, 242, 243, 68, 244,
902		235, 68, 68, 239, 68, 68, 68, 245, 68, 241,
903		238, 246, 68, 247, 248, 249, 254, 236, 68, 233,
904		250, 257, 251, 242, 243, 68, 244, 68, 252, 68,
905		255, 68, 256, 1213, 245, 261, 260, 68, 246, 68,
906		247, 248, 249, 254, 68, 68, 68, 250, 264, 251,
907		68, 258, 68, 263, 68, 252, 68, 255, 68, 256,
908		259, 68, 261, 260, 262, 265, 68, 266, 68, 267,
909		268, 269, 1213, 68, 270, 271, 68, 272, 258, 68,
910
911		263, 273, 68, 276, 278, 277, 68, 259, 68, 68,
912		274, 262, 265, 275, 266, 68, 267, 268, 269, 68,
913		68, 270, 271, 68, 68, 68, 279, 281, 273, 280,
914		276, 68, 277, 283, 282, 284, 285, 274, 288, 68,
915		275, 68, 68, 286, 289, 290, 291, 287, 68, 1213,
916		1213, 304, 68, 279, 281, 68, 280, 126, 68, 68,
917		292, 282, 284, 285, 68, 68, 68, 68, 294, 68,
918		286, 289, 290, 291, 287, 303, 293, 308, 304, 302,
919		305, 68, 306, 307, 68, 309, 310, 292, 68, 1213,
920		68, 68, 68, 68, 68, 294, 1213, 314, 68, 311,
921
922		1213, 1213, 303, 293, 295, 296, 302, 305, 68, 306,
923		307, 68, 309, 310, 297, 312, 298, 299, 300, 68,
924		313, 301, 68, 317, 314, 318, 311, 315, 316, 68,
925		68, 295, 296, 68, 321, 319, 68, 322, 320, 330,
926		323, 297, 312, 298, 299, 300, 68, 313, 301, 68,
927		317, 68, 318, 324, 327, 325, 68, 329, 331, 68,
928		68, 321, 319, 328, 322, 320, 68, 323, 326, 332,
929		68, 334, 68, 68, 333, 68, 335, 337, 1213, 68,
930		324, 327, 325, 340, 329, 331, 68, 336, 68, 338,
931		328, 68, 68, 339, 343, 326, 332, 68, 334, 68,
932
933		341, 333, 342, 345, 337, 68, 344, 68, 68, 68,
934		340, 68, 346, 68, 336, 347, 338, 351, 68, 68,
935		339, 343, 68, 348, 68, 349, 68, 341, 352, 342,
936		345, 363, 350, 344, 359, 353, 68, 68, 354, 346,
937		68, 68, 347, 364, 380, 68, 68, 68, 68, 355,
938		348, 68, 349, 362, 360, 352, 356, 68, 363, 350,
939		68, 359, 353, 361, 357, 354, 365, 366, 376, 367,
940		364, 68, 1213, 369, 358, 68, 355, 368, 1213, 68,
941		362, 68, 370, 356, 68, 68, 371, 68, 372, 68,
942		361, 357, 68, 365, 366, 373, 367, 375, 374, 68,
943
944		369, 358, 377, 68, 368, 378, 68, 379, 68, 370,
945		68, 381, 382, 371, 68, 372, 383, 68, 384, 385,
946		126, 68, 373, 386, 375, 374, 68, 68, 68, 377,
947		387, 388, 378, 68, 379, 391, 389, 390, 381, 382,
948		1213, 392, 68, 383, 394, 384, 385, 68, 393, 395,
949		68, 396, 398, 1213, 397, 399, 400, 68, 1213, 68,
950		404, 405, 68, 68, 68, 412, 68, 68, 392, 68,
951		68, 394, 406, 407, 68, 393, 68, 68, 396, 398,
952		68, 397, 399, 400, 401, 411, 68, 404, 410, 402,
953		68, 408, 68, 403, 1213, 416, 68, 68, 413, 406,
954
955		407, 1213, 68, 414, 415, 1213, 422, 68, 68, 420,
956		423, 401, 411, 409, 68, 410, 402, 68, 408, 68,
957		403, 418, 416, 417, 419, 413, 425, 68, 68, 424,
958		414, 415, 68, 68, 68, 421, 420, 68, 427, 426,
959		409, 1213, 428, 429, 68, 430, 68, 432, 418, 433,
960		417, 419, 68, 425, 431, 434, 435, 68, 68, 68,
961		68, 437, 421, 68, 436, 440, 426, 68, 68, 68,
962		429, 438, 430, 68, 432, 439, 433, 68, 443, 442,
963		441, 431, 434, 444, 68, 1213, 68, 68, 437, 445,
964		68, 436, 440, 68, 68, 446, 449, 451, 438, 68,
965
966		68, 448, 439, 68, 447, 443, 442, 441, 452, 457,
967		444, 68, 450, 68, 68, 453, 445, 68, 458, 126,
968		454, 68, 446, 449, 451, 68, 68, 459, 448, 455,
969		460, 447, 68, 462, 461, 452, 68, 456, 68, 450,
970		68, 68, 453, 68, 463, 458, 68, 454, 464, 68,
971		465, 466, 472, 475, 459, 68, 455, 460, 473, 1213,
972		462, 461, 68, 474, 456, 68, 477, 68, 476, 68,
973		1213, 463, 478, 68, 68, 464, 479, 465, 1213, 472,
974		68, 480, 68, 467, 68, 473, 468, 481, 68, 484,
975		474, 469, 68, 477, 68, 476, 482, 470, 471, 478,
976
977		483, 487, 68, 479, 68, 68, 68, 486, 480, 485,
978		467, 488, 489, 468, 481, 68, 484, 494, 469, 68,
979		493, 68, 490, 482, 470, 471, 491, 483, 68, 68,
980		495, 492, 496, 68, 486, 68, 485, 68, 488, 489,
981		68, 68, 68, 497, 494, 68, 498, 493, 499, 490,
982		500, 68, 501, 491, 68, 504, 502, 68, 492, 496,
983		507, 68, 506, 68, 503, 510, 505, 512, 68, 1213,
984		508, 1213, 68, 498, 68, 499, 519, 500, 68, 501,
985		68, 509, 504, 502, 68, 68, 68, 507, 68, 506,
986		511, 503, 510, 505, 68, 513, 514, 508, 68, 515,
987
988		517, 520, 516, 68, 68, 518, 68, 68, 509, 523,
989		521, 525, 526, 1213, 68, 1213, 522, 511, 68, 68,
990		555, 527, 513, 514, 68, 68, 515, 517, 520, 516,
991		68, 68, 518, 68, 524, 528, 529, 521, 68, 126,
992		68, 68, 530, 522, 68, 68, 531, 68, 527, 1213,
993		541, 538, 537, 68, 539, 1213, 68, 540, 68, 68,
994		544, 524, 528, 529, 1213, 543, 68, 1213, 550, 530,
995		68, 1213, 542, 531, 532, 68, 533, 541, 538, 537,
996		534, 539, 535, 548, 540, 68, 68, 536, 556, 1213,
997		545, 68, 543, 549, 68, 550, 68, 546, 68, 542,
998
999		551, 532, 552, 533, 554, 553, 557, 534, 68, 535,
1000		548, 559, 68, 560, 536, 547, 68, 545, 68, 68,
1001		549, 68, 68, 561, 546, 68, 558, 551, 562, 552,
1002		68, 554, 553, 557, 68, 68, 68, 563, 559, 564,
1003		560, 68, 547, 565, 566, 567, 68, 568, 1213, 569,
1004		561, 570, 573, 558, 572, 562, 68, 68, 574, 68,
1005		576, 571, 575, 577, 563, 579, 564, 578, 1213, 68,
1006		565, 68, 567, 68, 568, 68, 569, 68, 570, 68,
1007		68, 572, 581, 68, 584, 582, 68, 576, 571, 68,
1008		577, 68, 579, 580, 578, 583, 587, 585, 596, 586,
1009
1010		68, 588, 592, 68, 1213, 68, 68, 68, 68, 581,
1011		589, 584, 582, 590, 591, 68, 593, 68, 68, 594,
1012		580, 68, 583, 587, 585, 68, 586, 595, 588, 592,
1013		598, 599, 68, 602, 597, 68, 601, 589, 68, 68,
1014		590, 591, 68, 68, 603, 68, 68, 68, 608, 605,
1015		68, 68, 68, 604, 595, 68, 606, 598, 599, 607,
1016		602, 597, 68, 601, 609, 610, 68, 613, 68, 611,
1017		616, 603, 612, 618, 1213, 617, 605, 1213, 614, 68,
1018		604, 615, 68, 606, 68, 68, 607, 68, 619, 68,
1019		68, 68, 610, 68, 613, 68, 611, 68, 620, 612,
1020
1021		618, 621, 617, 622, 623, 614, 68, 624, 615, 625,
1022		68, 68, 626, 1213, 629, 619, 627, 628, 641, 68,
1023		68, 68, 68, 68, 632, 620, 68, 68, 621, 634,
1024		622, 623, 636, 630, 624, 68, 625, 633, 639, 626,
1025		631, 629, 68, 627, 628, 68, 635, 68, 68, 68,
1026		68, 632, 68, 68, 68, 642, 634, 637, 640, 636,
1027		630, 638, 643, 646, 633, 639, 644, 631, 647, 648,
1028		645, 650, 68, 635, 649, 1213, 68, 658, 1213, 655,
1029		1213, 68, 642, 68, 68, 640, 68, 656, 68, 643,
1030		646, 657, 68, 644, 68, 68, 68, 645, 650, 68,
1031
1032		68, 649, 651, 68, 658, 660, 655, 652, 659, 653,
1033		68, 654, 661, 68, 656, 662, 664, 663, 657, 68,
1034		68, 68, 665, 666, 68, 667, 668, 669, 671, 651,
1035		68, 68, 660, 670, 652, 659, 653, 672, 654, 661,
1036		68, 674, 662, 68, 663, 676, 675, 68, 68, 665,
1037		68, 677, 68, 668, 68, 671, 673, 678, 679, 68,
1038		670, 681, 68, 680, 672, 68, 68, 683, 674, 68,
1039		682, 684, 686, 675, 1213, 690, 68, 1213, 68, 68,
1040		1213, 68, 68, 673, 678, 687, 68, 685, 681, 68,
1041		680, 68, 68, 688, 68, 689, 1213, 682, 684, 691,
1042
1043		68, 68, 690, 68, 68, 692, 68, 68, 693, 694,
1044		702, 695, 687, 68, 685, 696, 698, 68, 697, 68,
1045		688, 700, 689, 703, 699, 68, 691, 701, 704, 707,
1046		68, 68, 692, 68, 68, 693, 694, 702, 706, 705,
1047		708, 68, 68, 698, 709, 697, 68, 68, 700, 68,
1048		703, 699, 710, 68, 701, 704, 707, 711, 712, 713,
1049		68, 714, 68, 715, 68, 706, 705, 708, 717, 68,
1050		68, 709, 716, 720, 718, 719, 722, 721, 725, 710,
1051		723, 68, 1213, 68, 711, 712, 713, 68, 68, 724,
1052		68, 734, 68, 1213, 68, 717, 733, 726, 68, 716,
1053
1054		727, 718, 719, 68, 68, 68, 728, 723, 68, 68,
1055		68, 729, 730, 68, 68, 731, 724, 732, 734, 68,
1056		735, 68, 68, 733, 726, 68, 736, 727, 737, 68,
1057		738, 739, 740, 728, 741, 742, 743, 68, 729, 730,
1058		68, 68, 731, 68, 732, 744, 68, 735, 746, 745,
1059		747, 766, 68, 736, 68, 737, 748, 738, 68, 740,
1060		68, 741, 749, 750, 751, 753, 68, 68, 752, 754,
1061		68, 68, 68, 68, 68, 746, 745, 747, 68, 755,
1062		756, 757, 68, 748, 758, 68, 759, 764, 68, 749,
1063		68, 751, 753, 68, 68, 752, 754, 760, 761, 68,
1064
1065		765, 773, 68, 68, 1213, 68, 755, 756, 757, 762,
1066		763, 758, 68, 759, 764, 768, 68, 68, 769, 767,
1067		772, 770, 68, 68, 760, 761, 68, 765, 68, 771,
1068		777, 68, 68, 774, 776, 779, 762, 763, 1213, 68,
1069		775, 68, 768, 68, 68, 769, 767, 772, 770, 68,
1070		778, 780, 68, 784, 781, 785, 771, 777, 782, 68,
1071		774, 776, 68, 68, 783, 68, 68, 775, 786, 68,
1072		1213, 68, 68, 68, 791, 790, 787, 778, 780, 788,
1073		784, 781, 785, 68, 789, 782, 68, 68, 795, 792,
1074		68, 783, 793, 794, 68, 796, 802, 797, 801, 68,
1075
1076		800, 791, 790, 787, 68, 68, 788, 68, 1213, 812,
1077		1213, 789, 68, 68, 798, 795, 792, 799, 68, 793,
1078		794, 803, 796, 68, 797, 804, 805, 800, 68, 68,
1079		806, 807, 68, 68, 809, 68, 808, 811, 810, 68,
1080		68, 798, 813, 68, 799, 68, 68, 814, 803, 68,
1081		817, 819, 804, 805, 1213, 1213, 815, 806, 807, 68,
1082		68, 809, 816, 808, 811, 810, 818, 821, 68, 68,
1083		820, 830, 822, 68, 814, 68, 68, 817, 819, 68,
1084		68, 68, 823, 815, 824, 825, 826, 828, 829, 816,
1085		831, 68, 827, 818, 821, 834, 842, 820, 68, 822,
1086
1087		68, 832, 837, 68, 838, 68, 68, 68, 68, 823,
1088		68, 824, 825, 826, 828, 829, 68, 831, 833, 827,
1089		835, 836, 839, 68, 840, 841, 68, 68, 832, 837,
1090		68, 68, 843, 68, 845, 68, 844, 846, 68, 847,
1091		848, 68, 68, 850, 68, 833, 849, 835, 836, 68,
1092		852, 840, 68, 851, 855, 853, 854, 68, 1213, 843,
1093		1213, 845, 68, 844, 68, 859, 68, 68, 860, 856,
1094		68, 857, 68, 849, 68, 68, 858, 863, 874, 861,
1095		851, 68, 853, 68, 68, 68, 68, 862, 864, 68,
1096		865, 867, 859, 68, 866, 860, 856, 871, 857, 868,
1097
1098		68, 68, 869, 858, 68, 874, 861, 870, 68, 68,
1099		872, 68, 875, 878, 862, 864, 68, 865, 867, 68,
1100		68, 866, 873, 68, 871, 876, 868, 877, 879, 869,
1101		880, 881, 68, 68, 870, 884, 883, 872, 68, 882,
1102		68, 885, 1213, 68, 68, 888, 891, 68, 68, 873,
1103		68, 68, 876, 893, 877, 879, 68, 880, 881, 68,
1104		887, 886, 884, 883, 892, 889, 882, 68, 885, 890,
1105		894, 895, 898, 68, 896, 900, 68, 68, 897, 68,
1106		68, 899, 903, 904, 68, 68, 68, 887, 886, 68,
1107		902, 892, 901, 906, 68, 905, 68, 894, 895, 917,
1108
1109		907, 896, 1213, 68, 915, 897, 68, 68, 899, 68,
1110		68, 908, 913, 909, 68, 68, 68, 902, 914, 901,
1111		906, 68, 905, 910, 912, 68, 917, 907, 68, 68,
1112		68, 916, 918, 68, 911, 68, 68, 919, 908, 913,
1113		909, 68, 921, 1213, 926, 914, 920, 923, 922, 68,
1114		910, 912, 924, 68, 68, 925, 68, 68, 916, 918,
1115		931, 911, 68, 928, 68, 927, 929, 68, 68, 921,
1116		68, 926, 68, 920, 923, 922, 932, 930, 68, 924,
1117		933, 68, 925, 934, 935, 68, 68, 931, 938, 940,
1118		928, 68, 927, 929, 936, 937, 941, 68, 944, 939,
1119
1120		942, 943, 1213, 68, 930, 68, 68, 933, 68, 68,
1121		934, 935, 948, 956, 68, 938, 68, 68, 68, 945,
1122		68, 936, 937, 941, 950, 68, 939, 942, 943, 946,
1123		68, 68, 947, 949, 68, 951, 953, 954, 68, 948,
1124		956, 952, 68, 955, 957, 68, 945, 68, 68, 958,
1125		959, 950, 68, 960, 964, 961, 946, 68, 68, 947,
1126		949, 68, 951, 953, 954, 962, 965, 68, 952, 963,
1127		955, 68, 966, 967, 1213, 968, 958, 68, 68, 969,
1128		960, 68, 961, 68, 971, 68, 970, 68, 973, 977,
1129		68, 972, 962, 965, 68, 68, 963, 974, 68, 966,
1130
1131		68, 68, 968, 68, 975, 978, 969, 68, 68, 976,
1132		68, 971, 68, 970, 980, 973, 977, 68, 972, 979,
1133		68, 981, 984, 982, 974, 68, 983, 985, 986, 987,
1134		988, 975, 978, 990, 991, 68, 976, 68, 68, 989,
1135		992, 980, 68, 993, 995, 1213, 979, 68, 981, 68,
1136		982, 994, 68, 983, 68, 986, 68, 68, 997, 68,
1137		68, 68, 68, 996, 998, 1001, 989, 992, 999, 1002,
1138		68, 68, 68, 1003, 1004, 1005, 68, 68, 994, 68,
1139		1006, 1008, 1007, 1000, 1014, 997, 1011, 1009, 68, 1010,
1140		996, 998, 68, 68, 68, 999, 1002, 68, 68, 1012,
1141
1142		68, 68, 1005, 68, 1013, 1015, 68, 1006, 1008, 1007,
1143		1000, 68, 1016, 1011, 1009, 68, 1010, 68, 1017, 68,
1144		1018, 1019, 68, 1023, 1024, 1213, 1012, 1020, 68, 1022,
1145		1026, 1013, 1015, 1025, 1028, 1021, 68, 1029, 68, 1016,
1146		1027, 68, 1031, 1030, 1034, 1017, 68, 1018, 68, 68,
1147		1023, 1024, 68, 68, 1020, 68, 1022, 68, 68, 1032,
1148		1025, 1028, 1021, 68, 68, 68, 68, 1027, 1033, 1031,
1149		1030, 1035, 1036, 1041, 1037, 68, 1042, 1039, 1038, 1044,
1150		1040, 1043, 1046, 68, 1213, 1045, 1032, 1049, 1213, 1047,
1151		68, 1048, 68, 68, 68, 1033, 68, 68, 1035, 1036,
1152
1153		68, 1037, 68, 68, 1039, 1038, 68, 1040, 68, 1046,
1154		68, 68, 1045, 68, 68, 1050, 1047, 1213, 1048, 1051,
1155		1053, 1052, 1055, 1054, 1056, 1057, 1058, 1059, 1060, 1062,
1156		68, 68, 1213, 1065, 68, 1070, 68, 68, 68, 68,
1157		68, 68, 1050, 68, 68, 1061, 1051, 68, 1052, 1055,
1158		1054, 1056, 1057, 1058, 1059, 68, 1062, 1063, 1066, 1064,
1159		1065, 1067, 68, 68, 68, 1068, 1071, 1069, 1213, 1072,
1160		68, 68, 1061, 68, 1073, 68, 1080, 1079, 1213, 1074,
1161		1213, 1075, 1076, 1213, 1063, 1066, 1064, 68, 1067, 68,
1162		68, 68, 1068, 1071, 1069, 68, 1072, 68, 1086, 1077,
1163
1164		1081, 68, 1213, 1078, 68, 1082, 1074, 68, 1075, 1076,
1165		68, 68, 68, 68, 1083, 1084, 1085, 1087, 1089, 1088,
1166		1091, 68, 68, 1090, 1213, 68, 1077, 1081, 68, 68,
1167		1078, 68, 1082, 1092, 1093, 1094, 1095, 1097, 1102, 68,
1168		68, 1083, 1084, 1085, 1087, 68, 1088, 68, 1096, 1099,
1169		1090, 1100, 1103, 68, 1098, 1101, 68, 1104, 68, 68,
1170		1092, 1093, 1094, 1095, 1097, 68, 68, 68, 1105, 1106,
1171		68, 68, 1107, 68, 1108, 1096, 1099, 1213, 1100, 68,
1172		1109, 1098, 1101, 1112, 1110, 1111, 1116, 1113, 68, 68,
1173		1114, 1130, 1115, 1122, 68, 68, 68, 1117, 68, 1107,
1174
1175		68, 1108, 68, 68, 68, 68, 1118, 1109, 1119, 68,
1176		1112, 1110, 1111, 68, 1113, 68, 1120, 1114, 1121, 1115,
1177		68, 1123, 68, 1124, 1117, 68, 1126, 1125, 68, 1127,
1178		68, 1128, 68, 1118, 68, 1119, 1131, 1132, 1133, 1129,
1179		68, 1213, 1135, 1120, 1213, 1121, 1137, 1134, 1123, 68,
1180		1124, 68, 68, 68, 1125, 68, 68, 68, 1128, 68,
1181		68, 68, 1136, 68, 1132, 1133, 1129, 1141, 1138, 1135,
1182		68, 1139, 1142, 1137, 1134, 1140, 68, 1143, 68, 68,
1183		1145, 1149, 1144, 1146, 1213, 68, 1150, 1147, 68, 1136,
1184		68, 68, 1213, 1148, 1141, 1138, 68, 1151, 1139, 1142,
1185
1186		1152, 68, 1140, 1153, 1143, 68, 68, 68, 1149, 1144,
1187		1146, 68, 1154, 1150, 1147, 1155, 1157, 1156, 1158, 68,
1188		1148, 68, 1161, 1160, 1151, 68, 68, 1152, 68, 1159,
1189		1153, 68, 1162, 68, 68, 1163, 68, 1165, 1164, 1154,
1190		68, 68, 1155, 1157, 1156, 68, 68, 1166, 1167, 1161,
1191		1160, 1168, 1169, 1170, 68, 1171, 1159, 68, 68, 1162,
1192		1172, 1173, 1163, 1174, 68, 1164, 1175, 1177, 68, 68,
1193		68, 1176, 1213, 1178, 1166, 68, 68, 1179, 1168, 1169,
1194		68, 68, 68, 1180, 1181, 1182, 68, 1172, 1173, 1184,
1195		1174, 1183, 1186, 68, 68, 1185, 1213, 1213, 1176, 68,
1196
1197		1178, 1187, 1189, 1190, 1179, 1188, 1194, 1192, 1196, 1191,
1198		68, 68, 68, 68, 68, 1193, 68, 1195, 1183, 68,
1199		1199, 68, 1185, 68, 68, 68, 1200, 1197, 1187, 68,
1200		1190, 68, 1188, 68, 1192, 68, 1191, 1198, 68, 68,
1201		68, 1201, 1193, 1202, 1195, 1203, 68, 68, 1204, 1206,
1202		1205, 1207, 1213, 68, 1197, 1209, 68, 1211, 1210, 1212,
1203		68, 1208, 1213, 1213, 1198, 68, 1213, 68, 68, 1213,
1204		68, 68, 1203, 68, 68, 1204, 1206, 1205, 68, 68,
1205		1213, 1213, 1209, 1213, 1211, 1210, 68, 1213, 1208, 40,
1206		40, 40, 40, 40, 40, 40, 45, 45, 45, 45,
1207
1208		45, 45, 45, 50, 50, 50, 50, 50, 50, 50,
1209		56, 56, 56, 56, 56, 56, 56, 61, 61, 61,
1210		61, 61, 61, 61, 71, 71, 1213, 71, 71, 71,
1211		71, 116, 116, 1213, 1213, 1213, 116, 116, 118, 118,
1212		1213, 1213, 118, 1213, 118, 120, 1213, 1213, 1213, 1213,
1213		1213, 120, 123, 123, 1213, 1213, 1213, 123, 123, 125,
1214		1213, 1213, 1213, 1213, 1213, 125, 127, 127, 1213, 127,
1215		127, 127, 127, 72, 72, 1213, 72, 72, 72, 72,
1216		13, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1217		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1218
1219		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1220		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1221		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1222		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1223		1213, 1213, 1213, 1213, 1213, 1213
	901	210, 224, 217, 68, 68, 229, 68, 68, 68, 68,
	902	218, 216, 225, 219, 228, 220, 221, 68, 226, 227,
	903	230, 68, 232, 68, 222, 231, 223, 68, 224, 233,
	904	68, 235, 229, 68, 241, 1235, 236, 240, 1235, 225,
	905
	906	68, 228, 238, 243, 242, 226, 227, 230, 68, 232,
	907	239, 234, 231, 237, 245, 68, 68, 126, 68, 244,
	908	68, 68, 68, 236, 240, 68, 68, 246, 68, 238,
	909	243, 242, 247, 68, 248, 253, 249, 239, 234, 1235,
	910	237, 245, 251, 250, 252, 254, 244, 68, 256, 258,
	911	257, 68, 255, 68, 246, 68, 1235, 259, 68, 247,
	912	68, 248, 253, 249, 68, 68, 68, 68, 261, 251,
	913	250, 252, 68, 262, 68, 256, 68, 257, 264, 255,
	914	68, 260, 68, 263, 259, 265, 267, 68, 266, 1235,
	915	268, 269, 68, 68, 273, 261, 270, 68, 274, 68,
	916
	917	262, 68, 271, 272, 275, 264, 278, 276, 260, 68,
	918	263, 68, 68, 267, 68, 266, 68, 268, 269, 279,
	919	277, 68, 68, 270, 68, 274, 280, 68, 281, 271,
	920	272, 275, 68, 278, 276, 283, 284, 282, 285, 286,
	921	1235, 290, 68, 288, 287, 68, 68, 277, 68, 68,
	922	292, 289, 291, 280, 68, 281, 68, 68, 310, 294,
	923	293, 68, 283, 296, 282, 285, 286, 68, 68, 68,
	924	288, 287, 68, 68, 68, 295, 68, 292, 289, 291,
	925	304, 305, 306, 68, 308, 307, 294, 293, 126, 68,
	926	296, 309, 68, 68, 311, 1235, 68, 1235, 68, 68,
	927
	928	1235, 68, 295, 297, 298, 1235, 315, 304, 305, 306,
	929	312, 308, 307, 299, 313, 300, 301, 302, 309, 68,
	930	303, 311, 68, 316, 323, 314, 68, 320, 68, 319,
	931	297, 298, 68, 315, 317, 318, 68, 312, 68, 324,
	932	299, 313, 300, 301, 302, 68, 321, 303, 322, 68,
	933	316, 323, 314, 330, 320, 325, 319, 68, 326, 327,
	934	329, 68, 68, 68, 68, 331, 324, 332, 333, 334,
	935	335, 68, 328, 321, 336, 322, 68, 68, 68, 337,
	936	330, 340, 325, 68, 68, 326, 327, 329, 338, 68,
	937	339, 68, 331, 342, 1235, 333, 334, 335, 68, 328,
	938
	939	68, 336, 343, 68, 345, 68, 68, 341, 340, 346,
	940	68, 347, 344, 68, 348, 338, 353, 339, 68, 68,
	941	342, 68, 350, 68, 351, 349, 68, 68, 68, 343,
	942	356, 345, 68, 354, 341, 68, 346, 352, 347, 344,
	943	355, 348, 68, 366, 1235, 68, 68, 68, 358, 350,
	944	357, 351, 349, 68, 362, 359, 68, 356, 68, 365,
	945	354, 68, 363, 360, 352, 368, 68, 355, 369, 68,
	946	366, 364, 370, 361, 68, 358, 367, 357, 68, 374,
	947	68, 362, 359, 373, 371, 1235, 365, 68, 68, 372,
	948	360, 68, 368, 68, 375, 369, 68, 68, 364, 370,
	949
	950	361, 68, 377, 367, 378, 376, 374, 379, 380, 381,
	951	373, 371, 68, 68, 68, 383, 372, 387, 68, 382,
	952	388, 375, 384, 68, 385, 389, 390, 126, 386, 377,
	953	391, 378, 376, 68, 68, 380, 381, 68, 68, 68,
	954	68, 68, 68, 392, 387, 393, 382, 388, 394, 384,
	955	395, 385, 68, 68, 396, 386, 68, 397, 398, 399,
	956	401, 68, 1235, 400, 1235, 403, 402, 68, 407, 1235,
	957	68, 408, 68, 415, 1235, 1235, 68, 395, 68, 68,
	958	68, 396, 68, 409, 397, 68, 399, 401, 68, 68,
	959	400, 404, 403, 402, 68, 407, 405, 410, 1235, 1235,
	960
	961	406, 68, 68, 411, 68, 413, 414, 417, 416, 1235,
	962	409, 1235, 418, 420, 1235, 68, 419, 423, 404, 68,
	963	422, 68, 68, 405, 410, 412, 68, 406, 68, 68,
	964	411, 68, 413, 414, 417, 416, 68, 421, 68, 418,
	965	420, 68, 68, 419, 423, 424, 427, 422, 428, 425,
	966	68, 430, 412, 426, 429, 431, 1235, 1235, 432, 433,
	967	439, 434, 436, 1235, 421, 1235, 68, 68, 68, 435,
	968	437, 441, 424, 442, 68, 428, 440, 68, 68, 68,
	969	68, 429, 68, 68, 68, 432, 433, 438, 434, 436,
	970	443, 68, 68, 445, 68, 68, 435, 437, 441, 68,
	971
	972	442, 68, 68, 440, 444, 446, 447, 68, 449, 448,
	973	1235, 1235, 68, 451, 438, 450, 453, 443, 452, 455,
	974	445, 457, 68, 456, 1235, 68, 454, 461, 68, 68,
	975	68, 444, 446, 447, 68, 449, 448, 68, 68, 68,
	976	451, 126, 450, 453, 68, 452, 455, 68, 457, 458,
	977	456, 459, 462, 454, 463, 68, 465, 466, 68, 460,
	978	1235, 464, 469, 68, 467, 470, 468, 68, 68, 1235,
	979	1235, 480, 1235, 477, 1235, 68, 458, 68, 459, 462,
	980	68, 463, 68, 465, 466, 68, 460, 68, 464, 469,
	981	481, 467, 478, 468, 482, 68, 68, 471, 68, 472,
	982
	983	477, 68, 473, 479, 483, 68, 484, 474, 1235, 488,
	984	68, 485, 1235, 475, 476, 487, 68, 481, 486, 478,
	985	68, 482, 68, 68, 471, 68, 472, 489, 68, 473,
	986	479, 483, 68, 484, 474, 68, 488, 490, 485, 491,
	987	475, 476, 487, 492, 493, 486, 494, 1235, 497, 68,
	988	495, 1235, 499, 68, 489, 496, 498, 68, 500, 502,
	989	1235, 68, 501, 1235, 490, 506, 491, 68, 68, 68,
	990	68, 493, 68, 494, 68, 497, 503, 495, 68, 499,
	991	504, 68, 496, 498, 68, 68, 505, 507, 509, 501,
	992	68, 68, 506, 1235, 68, 508, 510, 512, 511, 68,
	993
	994	513, 514, 68, 503, 68, 515, 518, 504, 68, 516,
	995	1235, 68, 519, 505, 507, 509, 68, 1235, 68, 68,
	996	68, 517, 508, 510, 512, 511, 525, 513, 514, 521,
	997	68, 522, 515, 520, 68, 68, 516, 68, 524, 519,
	998	523, 68, 526, 527, 68, 528, 68, 529, 517, 531,
	999	532, 1235, 68, 68, 530, 537, 521, 68, 522, 68,
	1000	520, 68, 533, 534, 68, 524, 68, 523, 68, 526,
	1001	527, 535, 528, 543, 68, 546, 68, 126, 68, 68,
	1002	536, 530, 537, 68, 548, 544, 68, 68, 68, 533,
	1003	534, 545, 549, 547, 550, 554, 68, 68, 535, 68,
	1004
	1005	543, 1235, 546, 68, 1235, 1235, 1235, 536, 538, 562,
	1006	539, 548, 544, 68, 540, 555, 541, 68, 545, 549,
	1007	547, 542, 554, 1235, 551, 68, 557, 559, 68, 556,
	1008	561, 552, 68, 558, 560, 538, 68, 539, 68, 563,
	1009	564, 540, 555, 541, 68, 566, 68, 68, 542, 553,
	1010	68, 551, 68, 557, 559, 68, 556, 561, 552, 68,
	1011	558, 560, 567, 565, 68, 568, 569, 564, 571, 570,
	1012	68, 68, 566, 572, 68, 68, 553, 573, 579, 575,
	1013	576, 1235, 574, 68, 68, 578, 68, 580, 577, 567,
	1014	565, 68, 568, 569, 68, 571, 570, 585, 588, 1235,
	1015
	1016	572, 68, 68, 68, 68, 579, 575, 576, 68, 574,
	1017	68, 583, 578, 581, 584, 577, 586, 582, 68, 587,
	1018	589, 68, 68, 590, 585, 588, 68, 591, 68, 593,
	1019	592, 594, 595, 597, 601, 596, 602, 68, 583, 68,
	1020	68, 584, 68, 586, 68, 68, 587, 589, 68, 68,
	1021	590, 68, 598, 68, 591, 68, 593, 592, 594, 595,
	1022	597, 599, 596, 603, 600, 68, 604, 68, 605, 606,
	1023	611, 607, 609, 1235, 68, 68, 68, 615, 68, 598,
	1024	68, 68, 68, 610, 68, 68, 68, 612, 599, 68,
	1025	603, 600, 613, 68, 614, 605, 606, 611, 607, 609,
	1026
	1027	616, 68, 617, 618, 615, 68, 68, 619, 1235, 620,
	1028	610, 622, 623, 621, 612, 624, 1235, 625, 1235, 613,
	1029	68, 614, 68, 68, 68, 68, 68, 626, 627, 628,
	1030	618, 68, 1235, 68, 619, 68, 620, 68, 622, 623,
	1031	621, 629, 68, 630, 625, 68, 631, 632, 633, 634,
	1032	68, 68, 636, 635, 626, 627, 628, 637, 68, 68,
	1033	68, 68, 638, 68, 68, 639, 68, 641, 629, 68,
	1034	630, 640, 643, 631, 632, 633, 634, 68, 68, 636,
	1035	635, 644, 642, 68, 637, 68, 648, 649, 68, 638,
	1036	645, 68, 639, 646, 641, 68, 650, 647, 640, 643,
	1037
	1038	68, 1235, 651, 652, 656, 68, 653, 654, 644, 642,
	1039	655, 657, 68, 648, 649, 1235, 658, 645, 659, 68,
	1040	68, 1235, 1235, 1235, 68, 68, 665, 68, 68, 651,
	1041	652, 664, 68, 653, 654, 68, 670, 655, 68, 660,
	1042	666, 68, 68, 658, 661, 659, 662, 68, 663, 68,
	1043	667, 668, 68, 665, 669, 68, 671, 68, 664, 68,
	1044	673, 674, 68, 670, 68, 68, 660, 666, 672, 676,
	1045	68, 661, 675, 662, 677, 663, 678, 667, 668, 679,
	1046	68, 669, 680, 671, 683, 681, 682, 68, 68, 68,
	1047	685, 686, 687, 68, 684, 672, 68, 688, 68, 675,
	1048
	1049	689, 68, 690, 678, 68, 693, 68, 696, 68, 680,
	1050	68, 683, 681, 682, 692, 68, 1235, 685, 691, 68,
	1051	68, 684, 68, 68, 688, 700, 68, 694, 697, 690,
	1052	68, 68, 68, 695, 68, 68, 698, 68, 68, 699,
	1053	701, 692, 702, 68, 68, 691, 704, 68, 68, 703,
	1054	68, 68, 700, 705, 694, 697, 708, 706, 68, 709,
	1055	695, 707, 68, 698, 711, 68, 699, 701, 710, 702,
	1056	712, 68, 713, 704, 714, 725, 703, 68, 715, 726,
	1057	68, 68, 717, 708, 68, 719, 709, 68, 707, 720,
	1058	68, 711, 716, 68, 718, 710, 722, 712, 68, 713,
	1059
	1060	68, 714, 721, 724, 68, 715, 68, 68, 68, 717,
	1061	68, 723, 719, 727, 68, 728, 720, 68, 729, 716,
	1062	68, 718, 731, 722, 730, 68, 732, 733, 734, 721,
	1063	724, 68, 68, 736, 741, 735, 68, 68, 723, 68,
	1064	727, 737, 728, 744, 738, 729, 1235, 68, 753, 68,
	1065	739, 730, 68, 68, 68, 734, 68, 740, 68, 745,
	1066	742, 741, 735, 743, 68, 68, 68, 748, 737, 68,
	1067	744, 738, 746, 749, 747, 68, 750, 739, 755, 68,
	1068	68, 68, 751, 754, 740, 68, 745, 742, 68, 752,
	1069	743, 756, 1235, 761, 748, 68, 68, 759, 757, 746,
	1070
	1071	749, 747, 764, 68, 68, 68, 758, 68, 68, 751,
	1072	68, 760, 1235, 763, 68, 68, 752, 1235, 756, 68,
	1073	68, 762, 766, 68, 759, 757, 765, 767, 68, 764,
	1074	768, 770, 769, 758, 771, 68, 772, 1235, 760, 68,
	1075	763, 68, 68, 68, 68, 68, 776, 775, 762, 766,
	1076	777, 1235, 68, 765, 767, 773, 780, 768, 770, 769,
	1077	68, 771, 68, 772, 774, 779, 781, 784, 68, 778,
	1078	783, 68, 68, 776, 775, 785, 68, 68, 68, 1235,
	1079	786, 68, 773, 780, 782, 798, 68, 788, 68, 68,
	1080	790, 774, 779, 781, 68, 791, 778, 783, 68, 787,
	1081
	1082	789, 68, 785, 792, 68, 796, 68, 786, 794, 68,
	1083	793, 782, 68, 795, 788, 68, 68, 790, 68, 68,
	1084	68, 799, 68, 807, 797, 68, 787, 789, 68, 800,
	1085	792, 802, 796, 801, 803, 794, 68, 793, 68, 68,
	1086	795, 804, 806, 68, 805, 808, 812, 68, 799, 809,
	1087	807, 797, 810, 68, 68, 811, 800, 68, 802, 68,
	1088	801, 803, 813, 68, 68, 814, 1235, 815, 804, 806,
	1089	68, 805, 808, 812, 68, 816, 809, 817, 818, 810,
	1090	821, 819, 811, 68, 822, 824, 68, 820, 823, 68,
	1091	825, 68, 68, 68, 815, 68, 68, 68, 826, 829,
	1092
	1093	1235, 830, 816, 827, 817, 818, 68, 821, 819, 828,
	1094	68, 822, 831, 832, 820, 823, 68, 839, 68, 68,
	1095	68, 68, 833, 835, 68, 826, 829, 68, 830, 836,
	1096	827, 68, 837, 838, 834, 68, 828, 842, 840, 831,
	1097	832, 68, 68, 844, 839, 841, 68, 845, 846, 833,
	1098	835, 68, 854, 843, 68, 68, 836, 68, 68, 837,
	1099	838, 834, 68, 847, 68, 840, 68, 848, 849, 850,
	1100	844, 851, 841, 852, 845, 853, 68, 856, 68, 68,
	1101	843, 855, 858, 68, 859, 68, 857, 68, 860, 68,
	1102	847, 68, 861, 68, 848, 849, 68, 862, 68, 863,
	1103
	1104	852, 864, 68, 865, 856, 866, 867, 68, 855, 68,
	1105	68, 68, 868, 857, 876, 68, 1235, 1235, 872, 873,
	1106	869, 68, 870, 68, 862, 68, 68, 871, 864, 874,
	1107	68, 875, 866, 68, 68, 68, 68, 68, 877, 68,
	1108	878, 68, 880, 68, 879, 872, 873, 869, 881, 870,
	1109	884, 68, 882, 888, 871, 891, 874, 1235, 875, 887,
	1110	68, 883, 68, 885, 68, 877, 68, 878, 68, 880,
	1111	68, 879, 886, 889, 890, 881, 68, 884, 893, 882,
	1112	68, 68, 68, 68, 68, 892, 887, 896, 883, 897,
	1113	885, 894, 895, 898, 68, 68, 68, 899, 68, 886,
	1114
	1115	889, 890, 900, 68, 68, 893, 901, 68, 904, 902,
	1116	68, 68, 892, 903, 896, 68, 897, 905, 894, 895,
	1117	898, 906, 908, 907, 899, 911, 909, 914, 910, 900,
	1118	68, 912, 68, 913, 916, 915, 68, 68, 68, 68,
	1119	68, 68, 68, 917, 905, 68, 918, 919, 921, 908,
	1120	907, 920, 68, 909, 914, 910, 68, 923, 912, 68,
	1121	929, 68, 915, 926, 68, 922, 68, 68, 924, 68,
	1122	68, 927, 68, 918, 919, 921, 925, 930, 920, 931,
	1123	68, 68, 932, 68, 923, 68, 928, 68, 933, 68,
	1124	926, 68, 922, 934, 943, 924, 935, 937, 927, 68,
	1125
	1126	68, 938, 936, 925, 930, 68, 931, 68, 68, 932,
	1127	939, 941, 68, 928, 940, 68, 68, 942, 68, 68,
	1128	934, 943, 68, 935, 937, 68, 68, 944, 938, 936,
	1129	945, 946, 947, 68, 948, 949, 68, 939, 941, 68,
	1130	952, 940, 950, 951, 942, 953, 954, 956, 68, 68,
	1131	1235, 955, 68, 957, 944, 68, 68, 945, 68, 947,
	1132	68, 948, 949, 958, 68, 68, 68, 952, 959, 950,
	1133	951, 962, 953, 68, 956, 965, 960, 68, 955, 961,
	1134	957, 963, 68, 68, 967, 964, 966, 971, 968, 68,
	1135	68, 969, 970, 68, 68, 959, 68, 68, 962, 68,
	1136
	1137	973, 976, 965, 960, 972, 68, 961, 975, 963, 68,
	1138	68, 967, 964, 966, 68, 968, 974, 978, 969, 970,
	1139	979, 977, 68, 68, 68, 981, 983, 68, 976, 982,
	1140	68, 972, 980, 1235, 975, 68, 984, 985, 1235, 68,
	1141	987, 68, 986, 974, 68, 988, 68, 979, 977, 989,
	1142	68, 995, 68, 983, 68, 68, 982, 68, 68, 980,
	1143	68, 998, 68, 984, 985, 990, 991, 987, 68, 986,
	1144	993, 992, 988, 994, 68, 68, 989, 68, 995, 68,
	1145	996, 997, 999, 1000, 1002, 68, 1003, 68, 998, 1001,
	1146	1005, 1004, 990, 991, 68, 68, 1006, 993, 992, 68,
	1147
	1148	994, 1008, 1007, 68, 1009, 1010, 1011, 996, 997, 68,
	1149	68, 68, 68, 68, 1012, 68, 1001, 68, 1004, 1013,
	1150	1235, 1014, 1016, 68, 68, 1018, 1017, 1019, 68, 1007,
	1151	1021, 1009, 68, 1011, 68, 68, 1015, 1020, 68, 1023,
	1152	1022, 1012, 1027, 68, 1024, 1029, 1013, 68, 1014, 68,
	1153	68, 1025, 68, 1017, 68, 68, 68, 1021, 1026, 1028,
	1154	68, 68, 1032, 1015, 1020, 1030, 1023, 1022, 1031, 1027,
	1155	68, 1024, 1033, 68, 1034, 68, 68, 68, 1025, 1037,
	1156	68, 1235, 1035, 1039, 1041, 1026, 1028, 1038, 68, 1032,
	1157	1036, 68, 1030, 1040, 1043, 1031, 1042, 1044, 68, 1033,
	1158
	1159	1045, 1235, 68, 1047, 1235, 68, 1037, 68, 68, 1035,
	1160	1039, 68, 1049, 1050, 1038, 68, 1051, 1036, 68, 68,
	1161	1040, 1043, 68, 1042, 68, 1046, 68, 1045, 1048, 1052,
	1162	1047, 1053, 68, 1056, 68, 68, 1055, 68, 1054, 1049,
	1163	68, 1057, 1058, 1051, 68, 1059, 1060, 1061, 1064, 1063,
	1164	1235, 1062, 1046, 68, 68, 1048, 1052, 68, 1053, 68,
	1165	1056, 68, 68, 1055, 1065, 1054, 1066, 1067, 68, 68,
	1166	68, 1069, 68, 68, 1061, 1064, 1063, 68, 1062, 1068,
	1167	1070, 1071, 1072, 1076, 1073, 1074, 1077, 1235, 68, 1075,
	1168	68, 68, 68, 1066, 1067, 68, 68, 68, 68, 68,
	1169
	1170	68, 68, 1078, 68, 68, 1080, 1068, 1070, 1071, 1072,
	1171	68, 1073, 1074, 1077, 1079, 1081, 1075, 1082, 68, 68,
	1172	1086, 68, 1083, 1084, 1085, 1087, 1235, 1088, 1089, 1078,
	1173	68, 68, 1080, 1096, 68, 1095, 1091, 1097, 1090, 1235,
	1174	1235, 1079, 1081, 68, 1082, 68, 68, 68, 68, 1083,
	1175	1084, 1085, 1087, 68, 1088, 68, 68, 1092, 1093, 1094,
	1176	68, 1098, 1095, 1091, 1099, 1090, 68, 68, 68, 1100,
	1177	68, 1101, 68, 68, 1103, 1102, 68, 1104, 68, 1106,
	1178	1108, 1105, 1235, 1109, 1092, 1093, 1094, 1107, 1098, 68,
	1179	68, 1099, 1110, 1111, 1112, 68, 1100, 68, 1101, 68,
	1180
	1181	1113, 68, 1102, 1115, 1104, 1114, 68, 68, 1105, 68,
	1182	1109, 68, 1116, 1117, 1107, 68, 68, 1118, 1119, 1110,
	1183	1111, 1112, 68, 1120, 68, 1121, 1122, 1113, 1123, 68,
	1184	1115, 1235, 1114, 1125, 68, 68, 1124, 1126, 1127, 1116,
	1185	1117, 1128, 1235, 1130, 1118, 68, 1134, 1235, 68, 1129,
	1186	68, 1235, 68, 68, 1131, 68, 68, 1135, 68, 68,
	1187	1125, 68, 1138, 1124, 1126, 1127, 1132, 68, 1128, 68,
	1188	1130, 1133, 68, 68, 68, 68, 1129, 1136, 1137, 68,
	1189	68, 1131, 1140, 1139, 1135, 1141, 1235, 1142, 1148, 1138,
	1190	1144, 1143, 68, 1132, 1145, 1149, 68, 68, 1133, 1146,
	1191
	1192	68, 1150, 1151, 1147, 1136, 1137, 1235, 1235, 68, 68,
	1193	1139, 1155, 1141, 68, 1142, 68, 68, 68, 1143, 68,
	1194	1153, 68, 68, 68, 68, 1152, 1146, 1154, 1150, 1151,
	1195	1147, 1156, 1160, 68, 1157, 68, 1158, 68, 1155, 68,
	1196	1159, 68, 68, 68, 1161, 1162, 1163, 1153, 1164, 1235,
	1197	68, 68, 1152, 1165, 1154, 68, 68, 1170, 1156, 1160,
	1198	1166, 1157, 1168, 1158, 1167, 1172, 1169, 1159, 68, 68,
	1199	1171, 1161, 1162, 1163, 1177, 68, 68, 68, 68, 68,
	1200	1165, 1173, 68, 68, 1170, 1235, 1174, 1166, 1176, 1168,
	1201	1175, 1167, 1172, 1169, 1178, 1179, 68, 1171, 68, 1180,
	1202
	1203	68, 68, 1185, 68, 68, 1181, 68, 68, 1173, 1182,
	1204	1183, 68, 68, 1174, 1187, 1176, 1186, 1175, 1188, 1184,
	1205	1190, 1178, 1179, 1189, 68, 68, 1180, 68, 68, 68,
	1206	1191, 68, 1181, 1193, 1192, 1195, 1182, 1183, 68, 1196,
	1207	1197, 68, 68, 1186, 1194, 1188, 1184, 68, 68, 1201,
	1208	1189, 68, 1199, 1200, 68, 1198, 1202, 68, 1203, 1204,
	1209	1193, 1192, 68, 68, 1205, 68, 1196, 68, 1206, 1207,
	1210	1208, 1194, 1210, 1235, 1209, 68, 68, 1214, 1211, 1199,
	1211	1200, 68, 1198, 68, 1212, 68, 1204, 1215, 1216, 1217,
	1212	1218, 68, 68, 68, 68, 1206, 68, 1208, 1221, 68,
	1213
	1214	68, 1209, 1213, 1222, 68, 1211, 68, 1219, 1223, 68,
	1215	68, 1212, 68, 1220, 1215, 68, 1217, 68, 1224, 68,
	1216	1226, 1225, 68, 1229, 1228, 68, 1227, 1231, 1235, 1213,
	1217	68, 68, 1234, 1233, 1219, 68, 68, 1230, 1235, 68,
	1218	1220, 68, 1235, 1232, 1235, 68, 68, 1226, 1225, 68,
	1219	68, 1228, 1235, 1227, 1231, 68, 68, 1235, 1235, 68,
	1220	1233, 1235, 1235, 1235, 1230, 1235, 1235, 1235, 1235, 1235,
	1221	1232, 40, 40, 40, 40, 40, 40, 40, 45, 45,
	1222	45, 45, 45, 45, 45, 50, 50, 50, 50, 50,
	1223	50, 50, 56, 56, 56, 56, 56, 56, 56, 61,
	1224
	1225	61, 61, 61, 61, 61, 61, 71, 71, 1235, 71,
	1226	71, 71, 71, 116, 116, 1235, 1235, 1235, 116, 116,
	1227	118, 118, 1235, 1235, 118, 1235, 118, 120, 1235, 1235,
	1228	1235, 1235, 1235, 120, 123, 123, 1235, 1235, 1235, 123,
	1229	123, 125, 1235, 1235, 1235, 1235, 1235, 125, 127, 127,
	1230	1235, 127, 127, 127, 127, 72, 72, 1235, 72, 72,
	1231	72, 72, 13, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1232	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1233	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1234	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1235
	1236	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1237	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1238	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235
1224	1239	} ;
1225	1240
1226		static yyconst flex_int16_t yy_chk[3547] =
	1241	static yyconst flex_int16_t yy_chk[3629] =
1227	1242	{ 0,
1228	1243	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1229	1244	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,

1233	1248	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1234	1249	1, 1, 1, 1, 1, 3, 3, 3, 4, 4,
1235	1250	4, 5, 5, 6, 6, 5, 24, 6, 7, 7,
1236		7, 7, 1219, 7, 8, 8, 8, 8, 24, 8,
	1251	7, 7, 1241, 7, 8, 8, 8, 8, 24, 8,
1237	1252	9, 9, 9, 10, 10, 10, 15, 44, 44, 49,
1238	1253
1239	1254	15, 3, 49, 24, 4, 60, 60, 5, 19, 6,
1240		19, 19, 69, 19, 520, 7, 69, 39, 19, 39,
1241		39, 8, 39, 23, 20, 20, 9, 39, 526, 10,
	1255	19, 19, 69, 19, 526, 7, 69, 39, 19, 39,
	1256	39, 8, 39, 23, 20, 20, 9, 39, 532, 10,
1242	1257	11, 11, 11, 11, 11, 11, 12, 12, 12, 12,
1243		12, 12, 20, 23, 520, 19, 23, 27, 20, 11,
	1258	12, 12, 20, 23, 526, 19, 23, 27, 20, 11,
1244	1259	23, 20, 20, 125, 21, 12, 22, 117, 117, 27,
1245	1260	22, 21, 26, 22, 28, 29, 22, 11, 21, 20,
1246	1261	23, 25, 26, 12, 27, 78, 11, 29, 22, 25,

1286	1301	146, 139, 159, 154, 155, 161, 147, 139, 139, 147,
1287	1302	148, 153, 153, 162, 160, 151, 163, 157, 164, 165,
1288	1303	162, 156, 157, 164, 154, 155, 161, 166, 158, 167,
1289		154, 168, 161, 159, 160, 170, 167, 163, 165, 166,
1290		162, 160, 169, 163, 170, 164, 165, 169, 171, 172,
1291		173, 174, 179, 168, 166, 171, 167, 175, 168, 174,
1292		176, 177, 170, 178, 182, 0, 181, 179, 0, 169,
1293
1294		173, 195, 183, 180, 172, 171, 172, 173, 174, 179,
1295		178, 180, 176, 175, 175, 181, 184, 185, 178, 186,
1296		178, 176, 177, 181, 183, 182, 185, 187, 184, 183,
1297		180, 188, 195, 189, 190, 191, 196, 178, 186, 176,
1298		192, 199, 193, 184, 185, 190, 186, 191, 194, 196,
1299		197, 187, 198, 0, 187, 203, 202, 188, 188, 189,
1300		189, 190, 191, 196, 192, 193, 194, 192, 206, 193,
1301		202, 200, 199, 205, 198, 194, 197, 197, 200, 198,
1302		201, 203, 203, 202, 204, 207, 201, 208, 205, 209,
1303		210, 211, 0, 204, 212, 212, 209, 213, 200, 206,
1304
1305		205, 214, 208, 216, 218, 217, 211, 201, 210, 207,
1306		215, 204, 207, 215, 208, 216, 209, 210, 211, 212,
1307		215, 212, 212, 217, 213, 214, 219, 221, 214, 220,
1308		216, 218, 217, 223, 222, 224, 225, 215, 228, 221,
1309		215, 222, 224, 226, 229, 230, 231, 227, 219, 0,
1310		0, 237, 230, 219, 221, 220, 220, 237, 225, 231,
1311		232, 222, 224, 225, 223, 227, 229, 226, 233, 228,
1312		226, 229, 230, 231, 227, 236, 232, 241, 237, 235,
1313		238, 233, 239, 240, 232, 242, 243, 232, 238, 0,
1314		240, 235, 242, 236, 239, 233, 0, 247, 243, 244,
1315
1316		0, 0, 236, 232, 234, 234, 235, 238, 241, 239,
1317		240, 244, 242, 243, 234, 245, 234, 234, 234, 247,
1318		246, 234, 245, 249, 247, 250, 244, 248, 248, 234,
1319		249, 234, 234, 246, 253, 251, 250, 254, 252, 261,
1320		255, 234, 245, 234, 234, 234, 251, 246, 234, 255,
1321		249, 252, 250, 256, 258, 257, 248, 260, 262, 253,
1322		254, 253, 251, 259, 254, 252, 256, 255, 257, 263,
1323		261, 265, 258, 257, 264, 260, 266, 268, 0, 262,
1324		256, 258, 257, 271, 260, 262, 259, 267, 264, 269,
1325		259, 263, 268, 270, 275, 257, 263, 265, 265, 270,
1326
1327		273, 264, 274, 277, 268, 267, 276, 266, 274, 271,
1328		271, 269, 279, 275, 267, 280, 269, 284, 277, 279,
1329		270, 275, 280, 281, 276, 282, 273, 273, 285, 274,
1330		277, 292, 283, 276, 289, 286, 281, 285, 287, 279,
1331		286, 289, 280, 293, 309, 293, 287, 282, 284, 288,
1332		281, 283, 282, 291, 290, 285, 288, 292, 292, 283,
1333		291, 289, 286, 290, 288, 287, 294, 295, 305, 296,
1334		293, 309, 0, 298, 288, 288, 288, 297, 0, 295,
1335		291, 298, 299, 288, 296, 290, 300, 299, 301, 297,
1336		290, 288, 294, 294, 295, 302, 296, 304, 303, 305,
1337
1338		298, 288, 306, 302, 297, 307, 301, 308, 300, 299,
1339		303, 310, 311, 300, 307, 301, 312, 306, 313, 314,
1340		304, 308, 302, 315, 304, 303, 310, 311, 312, 306,
1341		316, 317, 307, 314, 308, 320, 318, 319, 310, 311,
1342		0, 321, 313, 312, 323, 313, 314, 321, 322, 324,
1343		315, 325, 327, 0, 326, 328, 329, 316, 0, 327,
1344		331, 332, 317, 318, 319, 338, 320, 323, 321, 329,
1345		322, 323, 333, 334, 325, 322, 326, 328, 325, 327,
1346		324, 326, 328, 329, 330, 337, 331, 331, 336, 330,
1347		333, 335, 332, 330, 0, 342, 338, 334, 339, 333,
1348
1349		334, 0, 336, 340, 341, 0, 348, 337, 330, 346,
1350		348, 330, 337, 335, 335, 336, 330, 342, 335, 339,
1351		330, 344, 342, 343, 345, 339, 350, 340, 341, 349,
1352		340, 341, 343, 346, 344, 347, 346, 348, 352, 351,
1353		335, 0, 352, 353, 350, 354, 345, 356, 344, 357,
1354		343, 345, 354, 350, 355, 358, 359, 347, 357, 356,
1355		349, 361, 347, 351, 360, 364, 351, 358, 353, 352,
1356		353, 362, 354, 364, 356, 363, 357, 355, 367, 366,
1357		365, 355, 358, 368, 361, 0, 363, 359, 361, 369,
1358		360, 360, 364, 362, 365, 370, 373, 375, 362, 366,
1359
1360		367, 372, 363, 368, 371, 367, 366, 365, 376, 381,
1361		368, 369, 374, 371, 373, 377, 369, 370, 382, 375,
1362		378, 372, 370, 373, 375, 374, 378, 383, 372, 379,
1363		384, 371, 376, 388, 385, 376, 383, 379, 377, 374,
1364		381, 382, 377, 388, 391, 382, 385, 378, 392, 384,
1365		393, 394, 396, 399, 383, 379, 379, 384, 397, 0,
1366		388, 385, 391, 398, 379, 398, 401, 397, 400, 392,
1367		0, 391, 402, 393, 396, 392, 403, 393, 0, 396,
1368		399, 404, 394, 395, 402, 397, 395, 405, 400, 408,
1369		398, 395, 401, 401, 405, 400, 406, 395, 395, 402,
1370
1371		407, 411, 403, 403, 406, 404, 395, 410, 404, 409,
1372		395, 412, 413, 395, 405, 408, 408, 418, 395, 407,
1373		417, 409, 414, 406, 395, 395, 415, 407, 411, 410,
1374		419, 416, 420, 413, 410, 412, 409, 418, 412, 413,
1375		416, 414, 417, 421, 418, 415, 422, 417, 424, 414,
1376		425, 420, 426, 415, 422, 429, 427, 419, 416, 420,
1377		432, 429, 431, 425, 427, 435, 430, 437, 432, 0,
1378		433, 0, 424, 422, 421, 424, 444, 425, 426, 426,
1379		427, 434, 429, 427, 430, 431, 435, 432, 433, 431,
1380		436, 427, 435, 430, 434, 438, 439, 433, 437, 440,
1381
1382		442, 445, 441, 436, 439, 443, 442, 444, 434, 448,
1383		446, 450, 451, 0, 440, 0, 447, 436, 438, 446,
1384		474, 452, 438, 439, 441, 445, 440, 442, 445, 441,
1385		447, 443, 443, 452, 449, 453, 454, 446, 450, 451,
1386		448, 449, 455, 447, 454, 455, 456, 474, 452, 0,
1387		462, 459, 458, 459, 460, 0, 462, 461, 453, 456,
1388		465, 449, 453, 454, 0, 464, 460, 0, 469, 455,
1389		461, 0, 463, 456, 457, 458, 457, 462, 459, 458,
1390		457, 460, 457, 467, 461, 463, 464, 457, 476, 0,
1391		466, 465, 464, 468, 469, 469, 467, 466, 457, 463,
1392
1393		470, 457, 471, 457, 473, 472, 477, 457, 468, 457,
1394		467, 479, 473, 480, 457, 466, 466, 466, 472, 476,
1395		468, 471, 470, 481, 466, 479, 478, 470, 482, 471,
1396		477, 473, 472, 477, 478, 480, 482, 483, 479, 484,
1397		480, 481, 466, 485, 486, 488, 484, 489, 0, 490,
1398		481, 491, 494, 478, 493, 482, 485, 488, 496, 483,
1399		497, 492, 496, 497, 483, 499, 484, 498, 0, 489,
1400		485, 490, 488, 491, 489, 486, 490, 499, 491, 492,
1401		493, 493, 501, 494, 504, 502, 497, 497, 492, 496,
1402		497, 498, 499, 500, 498, 503, 507, 505, 516, 506,
1403
1404		500, 508, 512, 507, 0, 504, 501, 502, 506, 501,
1405		509, 504, 502, 510, 511, 508, 513, 503, 512, 514,
1406		500, 505, 503, 507, 505, 516, 506, 515, 508, 512,
1407		518, 519, 509, 522, 517, 510, 521, 509, 511, 515,
1408		510, 511, 517, 518, 523, 521, 519, 513, 530, 527,
1409		514, 522, 523, 524, 515, 524, 528, 518, 519, 529,
1410		522, 517, 527, 521, 531, 532, 529, 535, 528, 533,
1411		538, 523, 534, 540, 0, 539, 527, 0, 536, 530,
1412		524, 537, 533, 528, 539, 534, 529, 532, 541, 535,
1413		536, 540, 532, 537, 535, 531, 533, 538, 542, 534,
1414
1415		540, 543, 539, 544, 545, 536, 542, 546, 537, 547,
1416		541, 544, 548, 0, 551, 541, 549, 550, 563, 546,
1417		548, 547, 549, 543, 554, 542, 550, 545, 543, 557,
1418		544, 545, 559, 552, 546, 551, 547, 556, 561, 548,
1419		553, 551, 554, 549, 550, 552, 558, 553, 557, 563,
1420		556, 554, 561, 558, 559, 564, 557, 560, 562, 559,
1421		552, 560, 565, 568, 556, 561, 566, 553, 569, 570,
1422		567, 572, 568, 558, 571, 0, 562, 578, 0, 574,
1423		0, 564, 564, 567, 565, 562, 578, 576, 560, 565,
1424		568, 577, 566, 566, 572, 574, 571, 567, 572, 569,
1425
1426		570, 571, 573, 577, 578, 580, 574, 573, 579, 573,
1427		576, 573, 581, 580, 576, 582, 584, 583, 577, 583,
1428		573, 579, 585, 586, 582, 587, 588, 589, 591, 573,
1429		585, 581, 580, 590, 573, 579, 573, 592, 573, 581,
1430		590, 594, 582, 584, 583, 597, 595, 591, 588, 585,
1431		586, 598, 587, 588, 589, 591, 593, 599, 600, 592,
1432		590, 602, 594, 601, 592, 593, 595, 604, 594, 602,
1433		603, 605, 607, 595, 0, 611, 597, 0, 605, 599,
1434		0, 601, 598, 593, 599, 608, 603, 606, 602, 600,
1435		601, 606, 608, 609, 604, 610, 0, 603, 605, 612,
1436
1437		609, 611, 611, 607, 610, 613, 612, 613, 614, 615,
1438		623, 617, 608, 615, 606, 617, 619, 614, 618, 618,
1439		609, 621, 610, 624, 620, 619, 612, 622, 625, 628,
1440		621, 624, 613, 623, 622, 614, 615, 623, 627, 626,
1441		629, 625, 617, 619, 630, 618, 620, 626, 621, 628,
1442		624, 620, 631, 630, 622, 625, 628, 632, 633, 634,
1443		627, 635, 629, 636, 633, 627, 626, 629, 639, 632,
1444		631, 630, 637, 642, 640, 641, 643, 642, 646, 631,
1445		644, 634, 0, 641, 632, 633, 634, 640, 644, 645,
1446		639, 655, 635, 0, 636, 639, 654, 647, 637, 637,
1447
1448		648, 640, 641, 643, 642, 647, 649, 644, 648, 646,
1449		645, 650, 651, 655, 649, 652, 645, 653, 655, 650,
1450		656, 652, 654, 654, 647, 651, 657, 648, 658, 653,
1451		659, 660, 661, 649, 662, 663, 665, 659, 650, 651,
1452		657, 662, 652, 656, 653, 668, 658, 656, 671, 670,
1453		672, 692, 672, 657, 661, 658, 673, 659, 660, 661,
1454		671, 662, 674, 675, 676, 678, 663, 665, 677, 679,
1455		678, 676, 668, 670, 674, 671, 670, 672, 673, 680,
1456		681, 682, 692, 673, 684, 679, 685, 690, 681, 674,
1457		675, 676, 678, 684, 677, 677, 679, 686, 687, 685,
1458
1459		691, 700, 680, 682, 0, 687, 680, 681, 682, 688,
1460		689, 684, 690, 685, 690, 694, 688, 689, 695, 693,
1461		699, 697, 691, 686, 686, 687, 693, 691, 694, 698,
1462		704, 698, 700, 701, 703, 706, 688, 689, 0, 695,
1463		702, 703, 694, 697, 699, 695, 693, 699, 697, 702,
1464		705, 707, 704, 711, 708, 712, 698, 704, 709, 701,
1465		701, 703, 706, 708, 710, 709, 711, 702, 713, 712,
1466		0, 710, 705, 707, 718, 717, 714, 705, 707, 715,
1467		711, 708, 712, 714, 716, 709, 715, 717, 723, 719,
1468		716, 710, 719, 720, 718, 724, 729, 725, 728, 713,
1469
1470		727, 718, 717, 714, 720, 725, 715, 719, 0, 740,
1471		0, 716, 723, 724, 726, 723, 719, 726, 727, 719,
1472		720, 730, 724, 729, 725, 731, 732, 727, 730, 728,
1473		733, 734, 726, 734, 736, 732, 735, 738, 737, 731,
1474		740, 726, 741, 733, 726, 735, 738, 742, 730, 737,
1475		745, 747, 731, 732, 0, 0, 743, 733, 734, 747,
1476		736, 736, 743, 735, 738, 737, 746, 749, 742, 745,
1477		748, 759, 751, 741, 742, 746, 749, 745, 747, 751,
1478		743, 748, 752, 743, 753, 754, 755, 757, 758, 743,
1479		760, 757, 756, 746, 749, 763, 771, 748, 759, 751,
1480
1481		758, 761, 766, 760, 767, 752, 753, 754, 755, 752,
1482		756, 753, 754, 755, 757, 758, 761, 760, 762, 756,
1483		764, 765, 768, 766, 769, 770, 763, 771, 761, 766,
1484		765, 767, 772, 762, 774, 764, 773, 775, 772, 776,
1485		777, 774, 769, 780, 773, 762, 778, 764, 765, 768,
1486		782, 769, 770, 781, 785, 783, 784, 783, 0, 772,
1487		0, 774, 781, 773, 775, 787, 776, 777, 788, 786,
1488		778, 786, 787, 778, 780, 788, 786, 791, 803, 789,
1489		781, 782, 783, 784, 786, 785, 789, 790, 792, 792,
1490		793, 795, 787, 790, 794, 788, 786, 799, 786, 796,
1491
1492		803, 794, 797, 786, 791, 803, 789, 798, 798, 795,
1493		800, 800, 804, 807, 790, 792, 793, 793, 795, 796,
1494		797, 794, 801, 799, 799, 805, 796, 806, 808, 797,
1495		809, 810, 805, 801, 798, 813, 812, 800, 810, 811,
1496		807, 814, 0, 804, 812, 817, 819, 806, 809, 801,
1497		808, 811, 805, 821, 806, 808, 813, 809, 810, 814,
1498		816, 815, 813, 812, 820, 818, 811, 815, 814, 818,
1499		822, 823, 826, 816, 824, 828, 817, 819, 825, 820,
1500		825, 827, 832, 833, 821, 822, 827, 816, 815, 824,
1501		831, 820, 829, 835, 823, 834, 818, 822, 823, 851,
1502
1503		836, 824, 0, 826, 849, 825, 828, 829, 827, 832,
1504		833, 837, 844, 840, 831, 835, 834, 831, 845, 829,
1505		835, 836, 834, 842, 843, 851, 851, 836, 840, 837,
1506		844, 850, 852, 843, 842, 849, 845, 853, 837, 844,
1507		840, 850, 856, 0, 861, 845, 855, 858, 857, 842,
1508		842, 843, 859, 855, 857, 860, 861, 852, 850, 852,
1509		867, 842, 858, 864, 853, 862, 865, 859, 856, 856,
1510		860, 861, 862, 855, 858, 857, 868, 866, 867, 859,
1511		869, 869, 860, 870, 871, 864, 866, 867, 874, 876,
1512		864, 865, 862, 865, 872, 873, 877, 874, 881, 875,
1513
1514		879, 880, 0, 868, 866, 870, 875, 869, 879, 871,
1515		870, 871, 884, 893, 880, 874, 872, 873, 877, 882,
1516		876, 872, 873, 877, 886, 881, 875, 879, 880, 883,
1517		884, 893, 883, 885, 882, 887, 889, 891, 886, 884,
1518		893, 888, 887, 892, 894, 892, 882, 883, 885, 895,
1519		896, 886, 888, 897, 901, 898, 883, 889, 891, 883,
1520		885, 897, 887, 889, 891, 899, 902, 895, 888, 900,
1521		892, 894, 905, 906, 0, 907, 895, 896, 898, 908,
1522		897, 901, 898, 900, 910, 902, 909, 899, 912, 916,
1523		905, 911, 899, 902, 908, 916, 900, 913, 913, 905,
1524
1525		906, 907, 907, 911, 914, 917, 908, 910, 909, 915,
1526		912, 910, 914, 909, 920, 912, 916, 915, 911, 918,
1527		917, 921, 924, 922, 913, 918, 923, 925, 926, 927,
1528		928, 914, 917, 930, 931, 921, 915, 922, 920, 929,
1529		933, 920, 926, 934, 936, 0, 918, 929, 921, 924,
1530		922, 935, 923, 923, 925, 926, 927, 928, 938, 935,
1531		930, 931, 933, 937, 939, 941, 929, 933, 940, 942,
1532		934, 936, 937, 943, 945, 946, 946, 942, 935, 938,
1533		947, 949, 948, 940, 955, 938, 952, 950, 939, 951,
1534		937, 939, 941, 950, 940, 940, 942, 948, 952, 953,
1535
1536		943, 945, 946, 949, 954, 956, 947, 947, 949, 948,
1537		940, 951, 958, 952, 950, 955, 951, 953, 960, 958,
1538		961, 962, 954, 966, 968, 0, 953, 963, 956, 965,
1539		970, 954, 956, 969, 972, 963, 960, 973, 966, 958,
1540		971, 965, 975, 974, 978, 960, 961, 961, 968, 975,
1541		966, 968, 962, 963, 963, 969, 965, 970, 972, 976,
1542		969, 972, 963, 971, 973, 974, 976, 971, 977, 975,
1543		974, 979, 980, 989, 981, 978, 992, 983, 982, 996,
1544		986, 994, 998, 980, 0, 997, 976, 1002, 0, 999,
1545		977, 1000, 979, 998, 999, 977, 981, 982, 979, 980,
1546
1547		989, 981, 983, 992, 983, 982, 986, 986, 994, 998,
1548		996, 997, 997, 1000, 1002, 1005, 999, 0, 1000, 1006,
1549		1008, 1007, 1010, 1009, 1011, 1012, 1013, 1014, 1015, 1017,
1550		1017, 1010, 0, 1020, 1014, 1025, 1020, 1005, 1009, 1011,
1551		1012, 1013, 1005, 1007, 1006, 1016, 1006, 1008, 1007, 1010,
1552		1009, 1011, 1012, 1013, 1014, 1015, 1017, 1018, 1021, 1019,
1553		1020, 1022, 1025, 1016, 1018, 1023, 1027, 1024, 0, 1028,
1554		1022, 1021, 1016, 1019, 1030, 1027, 1037, 1036, 0, 1031,
1555		0, 1032, 1033, 0, 1018, 1021, 1019, 1023, 1022, 1024,
1556		1032, 1033, 1023, 1027, 1024, 1028, 1028, 1031, 1046, 1034,
1557
1558		1038, 1030, 0, 1035, 1036, 1039, 1031, 1037, 1032, 1033,
1559		1034, 1035, 1038, 1039, 1040, 1044, 1045, 1047, 1050, 1048,
1560		1052, 1040, 1044, 1051, 0, 1046, 1034, 1038, 1048, 1047,
1561		1035, 1051, 1039, 1054, 1055, 1056, 1057, 1059, 1065, 1055,
1562		1045, 1040, 1044, 1045, 1047, 1050, 1048, 1052, 1058, 1062,
1563		1051, 1063, 1066, 1056, 1061, 1064, 1059, 1067, 1057, 1054,
1564		1054, 1055, 1056, 1057, 1059, 1065, 1061, 1064, 1068, 1069,
1565		1058, 1062, 1071, 1063, 1072, 1058, 1062, 0, 1063, 1066,
1566		1074, 1061, 1064, 1077, 1075, 1076, 1082, 1078, 1067, 1072,
1567		1080, 1099, 1081, 1090, 1071, 1068, 1069, 1083, 1080, 1071,
1568
1569		1081, 1072, 1075, 1076, 1074, 1078, 1084, 1074, 1085, 1077,
1570		1077, 1075, 1076, 1082, 1078, 1083, 1087, 1080, 1088, 1081,
1571		1090, 1092, 1099, 1093, 1083, 1084, 1095, 1094, 1092, 1096,
1572		1085, 1097, 1088, 1084, 1087, 1085, 1100, 1101, 1104, 1098,
1573		1097, 0, 1108, 1087, 0, 1088, 1110, 1107, 1092, 1093,
1574		1093, 1094, 1098, 1095, 1094, 1107, 1096, 1110, 1097, 1104,
1575		1101, 1108, 1109, 1100, 1101, 1104, 1098, 1114, 1111, 1108,
1576		1109, 1112, 1115, 1110, 1107, 1113, 1113, 1117, 1112, 1115,
1577		1119, 1124, 1118, 1120, 0, 1114, 1125, 1121, 1125, 1109,
1578		1111, 1118, 0, 1123, 1114, 1111, 1124, 1128, 1112, 1115,
1579
1580		1129, 1117, 1113, 1130, 1117, 1121, 1120, 1119, 1124, 1118,
1581		1120, 1123, 1132, 1125, 1121, 1133, 1135, 1134, 1136, 1128,
1582		1123, 1130, 1139, 1138, 1128, 1134, 1129, 1129, 1135, 1137,
1583		1130, 1138, 1140, 1133, 1132, 1141, 1141, 1143, 1142, 1132,
1584		1137, 1139, 1133, 1135, 1134, 1136, 1142, 1144, 1146, 1139,
1585		1138, 1147, 1148, 1149, 1140, 1150, 1137, 1148, 1147, 1140,
1586		1151, 1152, 1141, 1153, 1143, 1142, 1154, 1156, 1151, 1144,
1587		1153, 1155, 0, 1157, 1144, 1146, 1152, 1159, 1147, 1148,
1588		1149, 1157, 1150, 1160, 1161, 1162, 1155, 1151, 1152, 1164,
1589		1153, 1163, 1168, 1154, 1156, 1166, 0, 0, 1155, 1159,
1590
1591		1157, 1169, 1173, 1174, 1159, 1172, 1183, 1178, 1187, 1176,
1592		1160, 1161, 1162, 1163, 1178, 1179, 1164, 1185, 1163, 1168,
1593		1191, 1166, 1166, 1169, 1172, 1174, 1192, 1188, 1169, 1173,
1594		1174, 1176, 1172, 1183, 1178, 1187, 1176, 1190, 1179, 1188,
1595		1185, 1193, 1179, 1195, 1185, 1197, 1190, 1191, 1198, 1204,
1596		1203, 1205, 0, 1192, 1188, 1208, 1204, 1210, 1209, 1211,
1597		1197, 1206, 0, 0, 1190, 1210, 0, 1208, 1193, 0,
1598		1195, 1209, 1197, 1203, 1198, 1198, 1204, 1203, 1205, 1206,
1599		0, 0, 1208, 0, 1210, 1209, 1211, 0, 1206, 1214,
1600		1214, 1214, 1214, 1214, 1214, 1214, 1215, 1215, 1215, 1215,
1601
1602		1215, 1215, 1215, 1216, 1216, 1216, 1216, 1216, 1216, 1216,
1603		1217, 1217, 1217, 1217, 1217, 1217, 1217, 1218, 1218, 1218,
1604		1218, 1218, 1218, 1218, 1220, 1220, 0, 1220, 1220, 1220,
1605		1220, 1221, 1221, 0, 0, 0, 1221, 1221, 1222, 1222,
1606		0, 0, 1222, 0, 1222, 1223, 0, 0, 0, 0,
1607		0, 1223, 1224, 1224, 0, 0, 0, 1224, 1224, 1225,
1608		0, 0, 0, 0, 0, 1225, 1226, 1226, 0, 1226,
1609		1226, 1226, 1226, 1227, 1227, 0, 1227, 1227, 1227, 1227,
1610		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1611		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1612
1613		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1614		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1615		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1616		1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213, 1213,
1617		1213, 1213, 1213, 1213, 1213, 1213
	1304	154, 168, 161, 159, 160, 172, 167, 163, 165, 166,
	1305	162, 160, 169, 163, 171, 164, 165, 169, 170, 170,
	1306	173, 171, 175, 168, 166, 174, 167, 170, 168, 176,
	1307	172, 177, 172, 174, 182, 0, 178, 181, 0, 169,
	1308
	1309	173, 171, 179, 184, 183, 170, 170, 173, 175, 175,
	1310	180, 176, 174, 178, 186, 184, 181, 179, 180, 185,
	1311	176, 178, 177, 178, 181, 182, 183, 187, 185, 179,
	1312	184, 183, 188, 186, 189, 194, 190, 180, 176, 0,
	1313	178, 186, 192, 191, 193, 195, 185, 190, 197, 199,
	1314	198, 187, 196, 194, 187, 191, 0, 200, 188, 188,
	1315	189, 189, 194, 190, 200, 196, 192, 193, 202, 192,
	1316	191, 193, 198, 203, 197, 197, 195, 198, 205, 196,
	1317	199, 201, 202, 204, 200, 206, 208, 201, 207, 0,
	1318	209, 210, 204, 205, 213, 202, 211, 209, 214, 203,
	1319
	1320	203, 208, 212, 212, 215, 205, 217, 215, 201, 210,
	1321	204, 211, 207, 208, 215, 207, 206, 209, 210, 218,
	1322	216, 213, 214, 211, 217, 214, 219, 212, 220, 212,
	1323	212, 215, 216, 217, 215, 222, 223, 221, 224, 225,
	1324	0, 229, 222, 227, 226, 224, 218, 216, 219, 221,
	1325	231, 228, 230, 219, 220, 220, 227, 231, 242, 233,
	1326	232, 225, 222, 234, 221, 224, 225, 223, 226, 228,
	1327	227, 226, 229, 232, 230, 233, 234, 231, 228, 230,
	1328	236, 237, 238, 233, 240, 239, 233, 232, 238, 242,
	1329	234, 241, 236, 239, 243, 0, 240, 0, 241, 237,
	1330
	1331	0, 243, 233, 235, 235, 0, 247, 236, 237, 238,
	1332	244, 240, 239, 235, 245, 235, 235, 235, 241, 247,
	1333	235, 243, 244, 248, 254, 246, 245, 251, 235, 250,
	1334	235, 235, 246, 247, 249, 249, 250, 244, 251, 255,
	1335	235, 245, 235, 235, 235, 248, 252, 235, 253, 254,
	1336	248, 254, 246, 260, 251, 256, 250, 252, 257, 258,
	1337	259, 253, 255, 249, 256, 261, 255, 262, 263, 264,
	1338	265, 257, 258, 252, 266, 253, 260, 258, 259, 267,
	1339	260, 270, 256, 261, 265, 257, 258, 259, 268, 263,
	1340	269, 264, 261, 272, 0, 263, 264, 265, 262, 258,
	1341
	1342	266, 266, 274, 270, 276, 269, 268, 271, 270, 277,
	1343	267, 278, 275, 271, 280, 268, 285, 269, 275, 272,
	1344	272, 280, 282, 276, 283, 281, 278, 277, 274, 274,
	1345	288, 276, 281, 286, 271, 282, 277, 284, 278, 275,
	1346	287, 280, 286, 294, 0, 287, 283, 285, 290, 282,
	1347	289, 283, 281, 288, 291, 290, 284, 288, 289, 293,
	1348	286, 291, 292, 290, 284, 296, 293, 287, 297, 294,
	1349	294, 292, 298, 290, 290, 290, 295, 289, 295, 302,
	1350	297, 291, 290, 301, 299, 0, 293, 298, 301, 300,
	1351	290, 296, 296, 292, 303, 297, 299, 300, 292, 298,
	1352
	1353	290, 302, 305, 295, 306, 304, 302, 307, 308, 309,
	1354	301, 299, 303, 304, 305, 311, 300, 315, 309, 310,
	1355	316, 303, 312, 308, 313, 317, 318, 306, 314, 305,
	1356	319, 306, 304, 310, 316, 308, 309, 312, 307, 313,
	1357	314, 315, 311, 320, 315, 321, 310, 316, 322, 312,
	1358	323, 313, 317, 318, 324, 314, 323, 325, 326, 327,
	1359	329, 319, 0, 328, 0, 331, 330, 329, 333, 0,
	1360	320, 334, 321, 340, 0, 0, 324, 323, 331, 322,
	1361	325, 324, 327, 335, 325, 328, 327, 329, 330, 326,
	1362	328, 332, 331, 330, 333, 333, 332, 336, 0, 0,
	1363
	1364	332, 335, 334, 337, 340, 338, 339, 342, 341, 0,
	1365	335, 0, 343, 345, 0, 332, 344, 348, 332, 338,
	1366	347, 336, 345, 332, 336, 337, 337, 332, 339, 341,
	1367	337, 342, 338, 339, 342, 341, 343, 346, 344, 343,
	1368	345, 348, 347, 344, 348, 349, 351, 347, 352, 350,
	1369	346, 354, 337, 350, 353, 354, 0, 0, 355, 356,
	1370	362, 357, 359, 0, 346, 0, 352, 349, 357, 358,
	1371	360, 364, 349, 365, 359, 352, 363, 351, 353, 360,
	1372	350, 353, 354, 355, 356, 355, 356, 361, 357, 359,
	1373	366, 362, 358, 368, 364, 365, 358, 360, 364, 361,
	1374
	1375	365, 366, 363, 363, 367, 369, 370, 368, 372, 371,
	1376	0, 0, 367, 374, 361, 373, 376, 366, 375, 378,
	1377	368, 380, 374, 379, 0, 369, 377, 384, 370, 371,
	1378	372, 367, 369, 370, 376, 372, 371, 373, 375, 377,
	1379	374, 378, 373, 376, 380, 375, 378, 379, 380, 381,
	1380	379, 382, 385, 377, 386, 381, 388, 391, 384, 382,
	1381	0, 387, 396, 386, 394, 397, 395, 391, 388, 0,
	1382	0, 402, 0, 399, 0, 385, 381, 382, 382, 385,
	1383	387, 386, 394, 388, 391, 396, 382, 395, 387, 396,
	1384	403, 394, 400, 395, 404, 399, 397, 398, 402, 398,
	1385
	1386	399, 400, 398, 401, 405, 401, 406, 398, 0, 410,
	1387	403, 407, 0, 398, 398, 409, 405, 403, 408, 400,
	1388	404, 404, 398, 409, 398, 408, 398, 411, 410, 398,
	1389	401, 405, 406, 406, 398, 407, 410, 412, 407, 413,
	1390	398, 398, 409, 414, 415, 408, 416, 0, 419, 412,
	1391	417, 0, 421, 411, 411, 418, 420, 419, 422, 424,
	1392	0, 413, 423, 0, 412, 429, 413, 416, 415, 417,
	1393	414, 415, 421, 416, 418, 419, 425, 417, 420, 421,
	1394	427, 423, 418, 420, 425, 422, 428, 430, 432, 423,
	1395	424, 429, 429, 0, 432, 430, 433, 435, 434, 428,
	1396
	1397	436, 437, 433, 425, 427, 438, 441, 427, 436, 439,
	1398	0, 430, 442, 428, 430, 432, 434, 0, 438, 437,
	1399	435, 440, 430, 433, 435, 434, 448, 436, 437, 444,
	1400	439, 445, 438, 443, 440, 442, 439, 441, 447, 442,
	1401	446, 443, 449, 450, 444, 451, 446, 452, 440, 454,
	1402	455, 0, 450, 445, 453, 460, 444, 448, 445, 451,
	1403	443, 453, 456, 457, 447, 447, 449, 446, 460, 449,
	1404	450, 458, 451, 462, 456, 465, 454, 455, 452, 458,
	1405	459, 453, 460, 459, 467, 463, 457, 463, 465, 456,
	1406	457, 464, 468, 466, 469, 471, 462, 467, 458, 466,
	1407
	1408	462, 0, 465, 464, 0, 0, 0, 459, 461, 479,
	1409	461, 467, 463, 468, 461, 472, 461, 471, 464, 468,
	1410	466, 461, 471, 0, 470, 469, 474, 476, 472, 473,
	1411	478, 470, 461, 475, 477, 461, 479, 461, 478, 481,
	1412	482, 461, 472, 461, 473, 484, 476, 477, 461, 470,
	1413	470, 470, 474, 474, 476, 475, 473, 478, 470, 484,
	1414	475, 477, 485, 483, 482, 486, 487, 482, 489, 488,
	1415	481, 483, 484, 490, 487, 489, 470, 491, 498, 494,
	1416	495, 0, 493, 486, 485, 497, 490, 499, 496, 485,
	1417	483, 488, 486, 487, 493, 489, 488, 503, 506, 0,
	1418
	1419	490, 494, 495, 497, 498, 498, 494, 495, 491, 493,
	1420	496, 502, 497, 501, 502, 496, 504, 501, 499, 505,
	1421	507, 503, 506, 508, 503, 506, 505, 509, 504, 511,
	1422	510, 512, 513, 515, 519, 514, 520, 502, 502, 513,
	1423	512, 502, 507, 504, 501, 508, 505, 507, 509, 514,
	1424	508, 510, 516, 511, 509, 515, 511, 510, 512, 513,
	1425	515, 517, 514, 521, 518, 519, 522, 520, 523, 524,
	1426	529, 525, 527, 0, 516, 521, 523, 535, 529, 516,
	1427	518, 527, 524, 528, 535, 517, 525, 530, 517, 530,
	1428	521, 518, 533, 522, 534, 523, 524, 529, 525, 527,
	1429
	1430	536, 528, 537, 538, 535, 533, 534, 539, 0, 540,
	1431	528, 542, 543, 541, 530, 544, 0, 545, 0, 533,
	1432	539, 534, 540, 542, 543, 538, 545, 546, 547, 548,
	1433	538, 536, 0, 537, 539, 541, 540, 548, 542, 543,
	1434	541, 549, 544, 550, 545, 546, 551, 552, 553, 554,
	1435	547, 550, 556, 555, 546, 547, 548, 557, 556, 552,
	1436	553, 555, 558, 549, 554, 559, 557, 561, 549, 551,
	1437	550, 560, 564, 551, 552, 553, 554, 559, 560, 556,
	1438	555, 565, 563, 558, 557, 561, 568, 569, 565, 558,
	1439	566, 564, 559, 567, 561, 563, 570, 567, 560, 564,
	1440
	1441	568, 0, 571, 572, 576, 569, 573, 574, 565, 563,
	1442	575, 577, 566, 568, 569, 0, 578, 566, 579, 575,
	1443	574, 0, 0, 0, 567, 572, 583, 570, 571, 571,
	1444	572, 581, 573, 573, 574, 576, 588, 575, 578, 580,
	1445	584, 579, 577, 578, 580, 579, 580, 581, 580, 583,
	1446	585, 586, 584, 583, 587, 588, 589, 580, 581, 585,
	1447	591, 592, 587, 588, 586, 589, 580, 584, 590, 594,
	1448	590, 580, 593, 580, 595, 580, 596, 585, 586, 597,
	1449	593, 587, 598, 589, 601, 599, 600, 591, 592, 598,
	1450	603, 605, 606, 601, 602, 590, 594, 607, 596, 593,
	1451
	1452	608, 595, 609, 596, 599, 612, 597, 615, 600, 598,
	1453	603, 601, 599, 600, 611, 602, 0, 603, 610, 607,
	1454	609, 602, 605, 606, 607, 619, 610, 613, 616, 609,
	1455	611, 608, 612, 614, 613, 616, 617, 614, 615, 618,
	1456	620, 611, 621, 617, 621, 610, 623, 620, 618, 622,
	1457	623, 619, 619, 625, 613, 616, 627, 625, 622, 628,
	1458	614, 626, 626, 617, 630, 627, 618, 620, 629, 621,
	1459	631, 630, 632, 623, 633, 644, 622, 629, 634, 645,
	1460	632, 628, 636, 627, 625, 638, 628, 633, 626, 639,
	1461	634, 630, 635, 631, 637, 629, 641, 631, 639, 632,
	1462
	1463	635, 633, 640, 643, 636, 634, 644, 638, 641, 636,
	1464	645, 642, 638, 646, 637, 648, 639, 642, 649, 635,
	1465	640, 637, 651, 641, 650, 643, 651, 652, 653, 640,
	1466	643, 649, 650, 655, 660, 654, 653, 648, 642, 646,
	1467	646, 656, 648, 663, 657, 649, 0, 660, 672, 656,
	1468	658, 650, 657, 651, 652, 653, 654, 659, 658, 664,
	1469	661, 660, 654, 662, 655, 659, 661, 667, 656, 663,
	1470	663, 657, 665, 668, 666, 662, 669, 658, 678, 672,
	1471	668, 664, 670, 675, 659, 667, 664, 661, 666, 671,
	1472	662, 680, 0, 685, 667, 665, 671, 683, 681, 665,
	1473
	1474	668, 666, 688, 669, 670, 678, 682, 688, 682, 670,
	1475	681, 684, 0, 687, 675, 680, 671, 0, 680, 683,
	1476	685, 686, 690, 684, 683, 681, 689, 691, 686, 688,
	1477	692, 695, 694, 682, 696, 691, 697, 0, 684, 687,
	1478	687, 694, 689, 697, 695, 690, 701, 700, 686, 690,
	1479	702, 0, 692, 689, 691, 698, 705, 692, 695, 694,
	1480	696, 696, 698, 697, 699, 704, 707, 710, 701, 703,
	1481	709, 699, 700, 701, 700, 711, 703, 705, 704, 0,
	1482	712, 702, 698, 705, 708, 724, 708, 714, 707, 712,
	1483	716, 699, 704, 707, 709, 717, 703, 709, 710, 713,
	1484
	1485	715, 711, 711, 718, 715, 722, 713, 712, 720, 714,
	1486	719, 708, 716, 721, 714, 720, 724, 716, 722, 719,
	1487	721, 725, 717, 734, 723, 718, 713, 715, 725, 726,
	1488	718, 728, 722, 727, 729, 720, 726, 719, 723, 727,
	1489	721, 730, 731, 728, 730, 735, 738, 734, 725, 736,
	1490	734, 723, 737, 731, 729, 737, 726, 736, 728, 730,
	1491	727, 729, 739, 735, 738, 740, 0, 741, 730, 731,
	1492	737, 730, 735, 738, 741, 742, 736, 743, 744, 737,
	1493	747, 745, 737, 745, 748, 751, 743, 746, 749, 742,
	1494	752, 744, 740, 739, 741, 748, 746, 749, 753, 756,
	1495
	1496	0, 757, 742, 754, 743, 744, 747, 747, 745, 754,
	1497	757, 748, 758, 759, 746, 749, 751, 767, 756, 753,
	1498	758, 752, 760, 763, 759, 753, 756, 754, 757, 764,
	1499	754, 760, 765, 766, 762, 767, 754, 770, 768, 758,
	1500	759, 762, 768, 772, 767, 769, 763, 773, 774, 760,
	1501	763, 764, 782, 771, 765, 766, 764, 769, 772, 765,
	1502	766, 762, 773, 775, 770, 768, 771, 776, 777, 778,
	1503	772, 779, 769, 780, 773, 781, 776, 784, 775, 774,
	1504	771, 783, 786, 782, 787, 784, 785, 783, 788, 777,
	1505	775, 780, 789, 785, 776, 777, 778, 790, 779, 792,
	1506
	1507	780, 793, 781, 794, 784, 795, 796, 795, 783, 786,
	1508	793, 787, 797, 785, 803, 788, 0, 0, 799, 800,
	1509	798, 790, 798, 789, 790, 799, 800, 798, 793, 801,
	1510	792, 802, 795, 796, 794, 798, 801, 802, 804, 804,
	1511	805, 803, 807, 797, 806, 799, 800, 798, 808, 798,
	1512	811, 806, 809, 816, 798, 819, 801, 0, 802, 815,
	1513	807, 810, 810, 812, 812, 804, 805, 805, 808, 807,
	1514	809, 806, 813, 817, 818, 808, 811, 811, 821, 809,
	1515	817, 815, 819, 813, 816, 820, 815, 824, 810, 825,
	1516	812, 822, 823, 826, 818, 824, 821, 827, 822, 813,
	1517
	1518	817, 818, 828, 827, 823, 821, 829, 820, 831, 830,
	1519	825, 826, 820, 830, 824, 828, 825, 832, 822, 823,
	1520	826, 833, 835, 834, 827, 838, 836, 841, 837, 828,
	1521	837, 839, 832, 840, 844, 843, 839, 829, 834, 831,
	1522	830, 836, 841, 845, 832, 835, 846, 847, 849, 835,
	1523	834, 848, 833, 836, 841, 837, 838, 854, 839, 843,
	1524	862, 844, 843, 856, 840, 852, 849, 846, 854, 847,
	1525	845, 857, 848, 846, 847, 849, 855, 863, 848, 864,
	1526	852, 856, 865, 854, 854, 855, 861, 863, 866, 857,
	1527	856, 862, 852, 868, 878, 854, 869, 871, 857, 861,
	1528
	1529	868, 872, 870, 855, 863, 864, 864, 865, 870, 865,
	1530	873, 875, 871, 861, 874, 866, 872, 877, 875, 878,
	1531	868, 878, 869, 869, 871, 873, 874, 879, 872, 870,
	1532	880, 881, 882, 882, 883, 884, 879, 873, 875, 877,
	1533	887, 874, 885, 886, 877, 888, 889, 892, 880, 887,
	1534	0, 890, 888, 893, 879, 892, 883, 880, 881, 882,
	1535	884, 883, 884, 894, 885, 886, 893, 887, 895, 885,
	1536	886, 897, 888, 890, 892, 900, 896, 889, 890, 896,
	1537	893, 898, 900, 895, 902, 899, 901, 907, 904, 897,
	1538	894, 905, 906, 905, 896, 895, 898, 901, 897, 899,
	1539
	1540	909, 912, 900, 896, 908, 902, 896, 911, 898, 904,
	1541	906, 902, 899, 901, 907, 904, 910, 914, 905, 906,
	1542	915, 913, 908, 912, 910, 919, 921, 909, 912, 920,
	1543	911, 908, 918, 0, 911, 913, 922, 923, 0, 915,
	1544	925, 921, 924, 910, 914, 926, 926, 915, 913, 927,
	1545	918, 934, 919, 921, 924, 920, 920, 927, 922, 918,
	1546	923, 937, 925, 922, 923, 928, 929, 925, 928, 924,
	1547	931, 930, 926, 932, 929, 934, 927, 930, 934, 932,
	1548	935, 936, 938, 939, 941, 931, 942, 937, 937, 940,
	1549	944, 943, 928, 929, 935, 936, 945, 931, 930, 943,
	1550
	1551	932, 948, 947, 940, 949, 950, 951, 935, 936, 938,
	1552	939, 941, 949, 942, 952, 951, 940, 944, 943, 953,
	1553	0, 954, 955, 945, 947, 957, 956, 959, 948, 947,
	1554	961, 949, 950, 951, 956, 952, 954, 960, 960, 963,
	1555	962, 952, 967, 953, 964, 969, 953, 954, 954, 955,
	1556	964, 965, 957, 956, 959, 962, 961, 961, 966, 968,
	1557	967, 963, 974, 954, 960, 970, 963, 962, 972, 967,
	1558	966, 964, 975, 965, 976, 972, 969, 968, 965, 979,
	1559	974, 0, 977, 982, 984, 966, 968, 980, 970, 974,
	1560	977, 979, 970, 983, 986, 972, 985, 987, 975, 975,
	1561
	1562	988, 0, 980, 990, 0, 976, 979, 982, 977, 977,
	1563	982, 984, 992, 993, 980, 983, 994, 977, 986, 985,
	1564	983, 986, 988, 985, 987, 989, 990, 988, 991, 995,
	1565	990, 996, 989, 1001, 992, 991, 998, 994, 997, 992,
	1566	995, 1004, 1007, 994, 993, 1009, 1011, 1012, 1015, 1014,
	1567	0, 1013, 989, 996, 1014, 991, 995, 997, 996, 1001,
	1568	1001, 998, 1013, 998, 1017, 997, 1020, 1021, 1004, 1007,
	1569	1015, 1023, 1009, 1012, 1012, 1015, 1014, 1011, 1013, 1022,
	1570	1024, 1025, 1026, 1030, 1027, 1028, 1031, 0, 1020, 1029,
	1571	1025, 1017, 1021, 1020, 1021, 1024, 1029, 1026, 1023, 1027,
	1572
	1573	1028, 1022, 1032, 1032, 1031, 1034, 1022, 1024, 1025, 1026,
	1574	1030, 1027, 1028, 1031, 1033, 1035, 1029, 1036, 1035, 1034,
	1575	1040, 1033, 1037, 1038, 1039, 1042, 0, 1043, 1045, 1032,
	1576	1036, 1037, 1034, 1052, 1042, 1051, 1047, 1053, 1046, 0,
	1577	0, 1033, 1035, 1051, 1036, 1038, 1039, 1040, 1047, 1037,
	1578	1038, 1039, 1042, 1043, 1043, 1045, 1046, 1048, 1049, 1050,
	1579	1052, 1054, 1051, 1047, 1055, 1046, 1048, 1049, 1053, 1056,
	1580	1050, 1060, 1055, 1054, 1062, 1061, 1056, 1063, 1060, 1066,
	1581	1068, 1064, 0, 1070, 1048, 1049, 1050, 1067, 1054, 1063,
	1582	1064, 1055, 1071, 1072, 1073, 1067, 1056, 1071, 1060, 1061,
	1583
	1584	1074, 1062, 1061, 1077, 1063, 1075, 1066, 1068, 1064, 1070,
	1585	1070, 1072, 1078, 1079, 1067, 1077, 1073, 1080, 1081, 1071,
	1586	1072, 1073, 1074, 1082, 1075, 1083, 1084, 1074, 1085, 1080,
	1587	1077, 0, 1075, 1088, 1078, 1079, 1087, 1090, 1091, 1078,
	1588	1079, 1092, 0, 1094, 1080, 1081, 1099, 0, 1088, 1093,
	1589	1082, 0, 1091, 1084, 1095, 1085, 1083, 1100, 1087, 1092,
	1590	1088, 1090, 1104, 1087, 1090, 1091, 1097, 1093, 1092, 1094,
	1591	1094, 1098, 1095, 1099, 1097, 1100, 1093, 1101, 1102, 1098,
	1592	1104, 1095, 1107, 1105, 1100, 1109, 0, 1110, 1116, 1104,
	1593	1112, 1111, 1109, 1097, 1113, 1117, 1101, 1105, 1098, 1114,
	1594
	1595	1102, 1118, 1121, 1115, 1101, 1102, 0, 0, 1114, 1107,
	1596	1105, 1127, 1109, 1110, 1110, 1111, 1115, 1112, 1111, 1116,
	1597	1125, 1113, 1117, 1121, 1118, 1124, 1114, 1126, 1118, 1121,
	1598	1115, 1128, 1132, 1124, 1129, 1126, 1130, 1127, 1127, 1125,
	1599	1131, 1131, 1128, 1130, 1133, 1135, 1136, 1125, 1137, 0,
	1600	1132, 1133, 1124, 1138, 1126, 1136, 1129, 1146, 1128, 1132,
	1601	1139, 1129, 1142, 1130, 1141, 1148, 1143, 1131, 1143, 1135,
	1602	1147, 1133, 1135, 1136, 1154, 1137, 1138, 1142, 1139, 1146,
	1603	1138, 1150, 1141, 1148, 1146, 0, 1151, 1139, 1153, 1142,
	1604	1152, 1141, 1148, 1143, 1155, 1156, 1147, 1147, 1152, 1157,
	1605
	1606	1153, 1154, 1162, 1150, 1151, 1158, 1156, 1157, 1150, 1159,
	1607	1160, 1160, 1155, 1151, 1165, 1153, 1163, 1152, 1166, 1161,
	1608	1168, 1155, 1156, 1167, 1158, 1166, 1157, 1161, 1167, 1162,
	1609	1169, 1159, 1158, 1171, 1170, 1173, 1159, 1160, 1163, 1174,
	1610	1175, 1165, 1170, 1163, 1172, 1166, 1161, 1168, 1171, 1180,
	1611	1167, 1172, 1178, 1179, 1174, 1176, 1181, 1169, 1182, 1183,
	1612	1171, 1170, 1173, 1176, 1184, 1178, 1174, 1175, 1186, 1188,
	1613	1189, 1172, 1193, 0, 1192, 1179, 1180, 1199, 1194, 1178,
	1614	1179, 1183, 1176, 1181, 1196, 1182, 1183, 1200, 1204, 1206,
	1615	1208, 1184, 1189, 1192, 1186, 1186, 1188, 1189, 1212, 1193,
	1616
	1617	1194, 1192, 1198, 1213, 1199, 1194, 1196, 1209, 1215, 1198,
	1618	1200, 1196, 1206, 1211, 1200, 1204, 1206, 1208, 1217, 1209,
	1619	1220, 1219, 1211, 1227, 1226, 1212, 1225, 1230, 0, 1198,
	1620	1213, 1226, 1233, 1232, 1209, 1215, 1219, 1228, 0, 1230,
	1621	1211, 1232, 0, 1231, 0, 1217, 1220, 1220, 1219, 1225,
	1622	1227, 1226, 0, 1225, 1230, 1228, 1231, 0, 0, 1233,
	1623	1232, 0, 0, 0, 1228, 0, 0, 0, 0, 0,
	1624	1231, 1236, 1236, 1236, 1236, 1236, 1236, 1236, 1237, 1237,
	1625	1237, 1237, 1237, 1237, 1237, 1238, 1238, 1238, 1238, 1238,
	1626	1238, 1238, 1239, 1239, 1239, 1239, 1239, 1239, 1239, 1240,
	1627
	1628	1240, 1240, 1240, 1240, 1240, 1240, 1242, 1242, 0, 1242,
	1629	1242, 1242, 1242, 1243, 1243, 0, 0, 0, 1243, 1243,
	1630	1244, 1244, 0, 0, 1244, 0, 1244, 1245, 0, 0,
	1631	0, 0, 0, 1245, 1246, 1246, 0, 0, 0, 1246,
	1632	1246, 1247, 0, 0, 0, 0, 0, 1247, 1248, 1248,
	1633	0, 1248, 1248, 1248, 1248, 1249, 1249, 0, 1249, 1249,
	1634	1249, 1249, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1635	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1636	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1637	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1638
	1639	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1640	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235,
	1641	1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235
1618	1642	} ;
1619	1643
1620	1644	static yy_state_type yy_last_accepting_state;

1738	1762	#define YY_NO_INPUT 1
1739	1763	#endif
1740	1764
1741		#line 1741 "<stdout>"
	1765	#line 1765 "<stdout>"
1742	1766
1743	1767	#define INITIAL 0
1744	1768	#define quotedstring 1

1925	1949
1926	1950	#line 120 "util/configlexer.lex"
1927	1951
1928		#line 1928 "<stdout>"
	1952	#line 1952 "<stdout>"
1929	1953
1930	1954	if ( !(yy_init) )
1931	1955	{

1984	2008	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
1985	2009	{
1986	2010	yy_current_state = (int) yy_def[yy_current_state];
1987		if ( yy_current_state >= 1214 )
	2011	if ( yy_current_state >= 1236 )
1988	2012	yy_c = yy_meta[(unsigned int) yy_c];
1989	2013	}
1990	2014	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
1991	2015	++yy_cp;
1992	2016	}
1993		while ( yy_base[yy_current_state] != 3481 );
	2017	while ( yy_base[yy_current_state] != 3563 );
1994	2018
1995	2019	yy_find_action:
1996	2020	yy_act = yy_accept[yy_current_state];

2120	2144	case 21:
2121	2145	YY_RULE_SETUP
2122	2146	#line 144 "util/configlexer.lex"
	2147	{ YDVAR(1, VAR_SO_SNDBUF) }
	2148	YY_BREAK
	2149	case 22:
	2150	YY_RULE_SETUP
	2151	#line 145 "util/configlexer.lex"
2123	2152	{ YDVAR(1, VAR_CHROOT) }
2124	2153	YY_BREAK
2125		case 22:
2126		YY_RULE_SETUP
2127		#line 145 "util/configlexer.lex"
	2154	case 23:
	2155	YY_RULE_SETUP
	2156	#line 146 "util/configlexer.lex"
2128	2157	{ YDVAR(1, VAR_USERNAME) }
2129	2158	YY_BREAK
2130		case 23:
2131		YY_RULE_SETUP
2132		#line 146 "util/configlexer.lex"
	2159	case 24:
	2160	YY_RULE_SETUP
	2161	#line 147 "util/configlexer.lex"
2133	2162	{ YDVAR(1, VAR_DIRECTORY) }
2134	2163	YY_BREAK
2135		case 24:
2136		YY_RULE_SETUP
2137		#line 147 "util/configlexer.lex"
	2164	case 25:
	2165	YY_RULE_SETUP
	2166	#line 148 "util/configlexer.lex"
2138	2167	{ YDVAR(1, VAR_LOGFILE) }
2139	2168	YY_BREAK
2140		case 25:
2141		YY_RULE_SETUP
2142		#line 148 "util/configlexer.lex"
	2169	case 26:
	2170	YY_RULE_SETUP
	2171	#line 149 "util/configlexer.lex"
2143	2172	{ YDVAR(1, VAR_PIDFILE) }
2144	2173	YY_BREAK
2145		case 26:
2146		YY_RULE_SETUP
2147		#line 149 "util/configlexer.lex"
	2174	case 27:
	2175	YY_RULE_SETUP
	2176	#line 150 "util/configlexer.lex"
2148	2177	{ YDVAR(1, VAR_ROOT_HINTS) }
2149	2178	YY_BREAK
2150		case 27:
2151		YY_RULE_SETUP
2152		#line 150 "util/configlexer.lex"
	2179	case 28:
	2180	YY_RULE_SETUP
	2181	#line 151 "util/configlexer.lex"
2153	2182	{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) }
2154	2183	YY_BREAK
2155		case 28:
2156		YY_RULE_SETUP
2157		#line 151 "util/configlexer.lex"
	2184	case 29:
	2185	YY_RULE_SETUP
	2186	#line 152 "util/configlexer.lex"
2158	2187	{ YDVAR(1, VAR_MSG_BUFFER_SIZE) }
2159	2188	YY_BREAK
2160		case 29:
2161		YY_RULE_SETUP
2162		#line 152 "util/configlexer.lex"
	2189	case 30:
	2190	YY_RULE_SETUP
	2191	#line 153 "util/configlexer.lex"
2163	2192	{ YDVAR(1, VAR_MSG_CACHE_SIZE) }
2164	2193	YY_BREAK
2165		case 30:
2166		YY_RULE_SETUP
2167		#line 153 "util/configlexer.lex"
	2194	case 31:
	2195	YY_RULE_SETUP
	2196	#line 154 "util/configlexer.lex"
2168	2197	{ YDVAR(1, VAR_MSG_CACHE_SLABS) }
2169	2198	YY_BREAK
2170		case 31:
2171		YY_RULE_SETUP
2172		#line 154 "util/configlexer.lex"
	2199	case 32:
	2200	YY_RULE_SETUP
	2201	#line 155 "util/configlexer.lex"
2173	2202	{ YDVAR(1, VAR_RRSET_CACHE_SIZE) }
2174	2203	YY_BREAK
2175		case 32:
2176		YY_RULE_SETUP
2177		#line 155 "util/configlexer.lex"
	2204	case 33:
	2205	YY_RULE_SETUP
	2206	#line 156 "util/configlexer.lex"
2178	2207	{ YDVAR(1, VAR_RRSET_CACHE_SLABS) }
2179	2208	YY_BREAK
2180		case 33:
2181		YY_RULE_SETUP
2182		#line 156 "util/configlexer.lex"
	2209	case 34:
	2210	YY_RULE_SETUP
	2211	#line 157 "util/configlexer.lex"
2183	2212	{ YDVAR(1, VAR_CACHE_MAX_TTL) }
2184	2213	YY_BREAK
2185		case 34:
2186		YY_RULE_SETUP
2187		#line 157 "util/configlexer.lex"
	2214	case 35:
	2215	YY_RULE_SETUP
	2216	#line 158 "util/configlexer.lex"
2188	2217	{ YDVAR(1, VAR_CACHE_MIN_TTL) }
2189	2218	YY_BREAK
2190		case 35:
2191		YY_RULE_SETUP
2192		#line 158 "util/configlexer.lex"
	2219	case 36:
	2220	YY_RULE_SETUP
	2221	#line 159 "util/configlexer.lex"
2193	2222	{ YDVAR(1, VAR_INFRA_HOST_TTL) }
2194	2223	YY_BREAK
2195		case 36:
2196		YY_RULE_SETUP
2197		#line 159 "util/configlexer.lex"
	2224	case 37:
	2225	YY_RULE_SETUP
	2226	#line 160 "util/configlexer.lex"
2198	2227	{ YDVAR(1, VAR_INFRA_LAME_TTL) }
2199	2228	YY_BREAK
2200		case 37:
2201		YY_RULE_SETUP
2202		#line 160 "util/configlexer.lex"
	2229	case 38:
	2230	YY_RULE_SETUP
	2231	#line 161 "util/configlexer.lex"
2203	2232	{ YDVAR(1, VAR_INFRA_CACHE_SLABS) }
2204	2233	YY_BREAK
2205		case 38:
2206		YY_RULE_SETUP
2207		#line 161 "util/configlexer.lex"
	2234	case 39:
	2235	YY_RULE_SETUP
	2236	#line 162 "util/configlexer.lex"
2208	2237	{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
2209	2238	YY_BREAK
2210		case 39:
2211		YY_RULE_SETUP
2212		#line 162 "util/configlexer.lex"
	2239	case 40:
	2240	YY_RULE_SETUP
	2241	#line 163 "util/configlexer.lex"
2213	2242	{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
2214	2243	YY_BREAK
2215		case 40:
2216		YY_RULE_SETUP
2217		#line 163 "util/configlexer.lex"
	2244	case 41:
	2245	YY_RULE_SETUP
	2246	#line 164 "util/configlexer.lex"
2218	2247	{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
2219	2248	YY_BREAK
2220		case 41:
2221		YY_RULE_SETUP
2222		#line 164 "util/configlexer.lex"
	2249	case 42:
	2250	YY_RULE_SETUP
	2251	#line 165 "util/configlexer.lex"
2223	2252	{ YDVAR(1, VAR_JOSTLE_TIMEOUT) }
2224	2253	YY_BREAK
2225		case 42:
2226		YY_RULE_SETUP
2227		#line 165 "util/configlexer.lex"
	2254	case 43:
	2255	YY_RULE_SETUP
	2256	#line 166 "util/configlexer.lex"
2228	2257	{ YDVAR(1, VAR_TARGET_FETCH_POLICY) }
2229	2258	YY_BREAK
2230		case 43:
2231		YY_RULE_SETUP
2232		#line 166 "util/configlexer.lex"
	2259	case 44:
	2260	YY_RULE_SETUP
	2261	#line 167 "util/configlexer.lex"
2233	2262	{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }
2234	2263	YY_BREAK
2235		case 44:
2236		YY_RULE_SETUP
2237		#line 167 "util/configlexer.lex"
	2264	case 45:
	2265	YY_RULE_SETUP
	2266	#line 168 "util/configlexer.lex"
2238	2267	{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
2239	2268	YY_BREAK
2240		case 45:
2241		YY_RULE_SETUP
2242		#line 168 "util/configlexer.lex"
	2269	case 46:
	2270	YY_RULE_SETUP
	2271	#line 169 "util/configlexer.lex"
2243	2272	{ YDVAR(1, VAR_HARDEN_GLUE) }
2244	2273	YY_BREAK
2245		case 46:
2246		YY_RULE_SETUP
2247		#line 169 "util/configlexer.lex"
	2274	case 47:
	2275	YY_RULE_SETUP
	2276	#line 170 "util/configlexer.lex"
2248	2277	{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) }
2249	2278	YY_BREAK
2250		case 47:
2251		YY_RULE_SETUP
2252		#line 170 "util/configlexer.lex"
	2279	case 48:
	2280	YY_RULE_SETUP
	2281	#line 171 "util/configlexer.lex"
	2282	{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) }
	2283	YY_BREAK
	2284	case 49:
	2285	YY_RULE_SETUP
	2286	#line 172 "util/configlexer.lex"
2253	2287	{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) }
2254	2288	YY_BREAK
2255		case 48:
2256		YY_RULE_SETUP
2257		#line 171 "util/configlexer.lex"
	2289	case 50:
	2290	YY_RULE_SETUP
	2291	#line 173 "util/configlexer.lex"
2258	2292	{ YDVAR(1, VAR_USE_CAPS_FOR_ID) }
2259	2293	YY_BREAK
2260		case 49:
2261		YY_RULE_SETUP
2262		#line 172 "util/configlexer.lex"
	2294	case 51:
	2295	YY_RULE_SETUP
	2296	#line 174 "util/configlexer.lex"
2263	2297	{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }
2264	2298	YY_BREAK
2265		case 50:
2266		YY_RULE_SETUP
2267		#line 173 "util/configlexer.lex"
	2299	case 52:
	2300	YY_RULE_SETUP
	2301	#line 175 "util/configlexer.lex"
2268	2302	{ YDVAR(1, VAR_PRIVATE_ADDRESS) }
2269	2303	YY_BREAK
2270		case 51:
2271		YY_RULE_SETUP
2272		#line 174 "util/configlexer.lex"
	2304	case 53:
	2305	YY_RULE_SETUP
	2306	#line 176 "util/configlexer.lex"
2273	2307	{ YDVAR(1, VAR_PRIVATE_DOMAIN) }
2274	2308	YY_BREAK
2275		case 52:
2276		YY_RULE_SETUP
2277		#line 175 "util/configlexer.lex"
	2309	case 54:
	2310	YY_RULE_SETUP
	2311	#line 177 "util/configlexer.lex"
2278	2312	{ YDVAR(1, VAR_PREFETCH_KEY) }
2279	2313	YY_BREAK
2280		case 53:
2281		YY_RULE_SETUP
2282		#line 176 "util/configlexer.lex"
	2314	case 55:
	2315	YY_RULE_SETUP
	2316	#line 178 "util/configlexer.lex"
2283	2317	{ YDVAR(1, VAR_PREFETCH) }
2284	2318	YY_BREAK
2285		case 54:
2286		YY_RULE_SETUP
2287		#line 177 "util/configlexer.lex"
	2319	case 56:
	2320	YY_RULE_SETUP
	2321	#line 179 "util/configlexer.lex"
2288	2322	{ YDVAR(0, VAR_STUB_ZONE) }
2289	2323	YY_BREAK
2290		case 55:
2291		YY_RULE_SETUP
2292		#line 178 "util/configlexer.lex"
	2324	case 57:
	2325	YY_RULE_SETUP
	2326	#line 180 "util/configlexer.lex"
2293	2327	{ YDVAR(1, VAR_NAME) }
2294	2328	YY_BREAK
2295		case 56:
2296		YY_RULE_SETUP
2297		#line 179 "util/configlexer.lex"
	2329	case 58:
	2330	YY_RULE_SETUP
	2331	#line 181 "util/configlexer.lex"
2298	2332	{ YDVAR(1, VAR_STUB_ADDR) }
2299	2333	YY_BREAK
2300		case 57:
2301		YY_RULE_SETUP
2302		#line 180 "util/configlexer.lex"
	2334	case 59:
	2335	YY_RULE_SETUP
	2336	#line 182 "util/configlexer.lex"
2303	2337	{ YDVAR(1, VAR_STUB_HOST) }
2304	2338	YY_BREAK
2305		case 58:
2306		YY_RULE_SETUP
2307		#line 181 "util/configlexer.lex"
	2339	case 60:
	2340	YY_RULE_SETUP
	2341	#line 183 "util/configlexer.lex"
2308	2342	{ YDVAR(1, VAR_STUB_PRIME) }
2309	2343	YY_BREAK
2310		case 59:
2311		YY_RULE_SETUP
2312		#line 182 "util/configlexer.lex"
	2344	case 61:
	2345	YY_RULE_SETUP
	2346	#line 184 "util/configlexer.lex"
2313	2347	{ YDVAR(0, VAR_FORWARD_ZONE) }
2314	2348	YY_BREAK
2315		case 60:
2316		YY_RULE_SETUP
2317		#line 183 "util/configlexer.lex"
	2349	case 62:
	2350	YY_RULE_SETUP
	2351	#line 185 "util/configlexer.lex"
2318	2352	{ YDVAR(1, VAR_FORWARD_ADDR) }
2319	2353	YY_BREAK
2320		case 61:
2321		YY_RULE_SETUP
2322		#line 184 "util/configlexer.lex"
	2354	case 63:
	2355	YY_RULE_SETUP
	2356	#line 186 "util/configlexer.lex"
2323	2357	{ YDVAR(1, VAR_FORWARD_HOST) }
2324	2358	YY_BREAK
2325		case 62:
2326		YY_RULE_SETUP
2327		#line 185 "util/configlexer.lex"
	2359	case 64:
	2360	YY_RULE_SETUP
	2361	#line 187 "util/configlexer.lex"
2328	2362	{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) }
2329	2363	YY_BREAK
2330		case 63:
2331		YY_RULE_SETUP
2332		#line 186 "util/configlexer.lex"
	2364	case 65:
	2365	YY_RULE_SETUP
	2366	#line 188 "util/configlexer.lex"
2333	2367	{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) }
2334	2368	YY_BREAK
2335		case 64:
2336		YY_RULE_SETUP
2337		#line 187 "util/configlexer.lex"
	2369	case 66:
	2370	YY_RULE_SETUP
	2371	#line 189 "util/configlexer.lex"
2338	2372	{ YDVAR(2, VAR_ACCESS_CONTROL) }
2339	2373	YY_BREAK
2340		case 65:
2341		YY_RULE_SETUP
2342		#line 188 "util/configlexer.lex"
	2374	case 67:
	2375	YY_RULE_SETUP
	2376	#line 190 "util/configlexer.lex"
2343	2377	{ YDVAR(1, VAR_HIDE_IDENTITY) }
2344	2378	YY_BREAK
2345		case 66:
2346		YY_RULE_SETUP
2347		#line 189 "util/configlexer.lex"
	2379	case 68:
	2380	YY_RULE_SETUP
	2381	#line 191 "util/configlexer.lex"
2348	2382	{ YDVAR(1, VAR_HIDE_VERSION) }
2349	2383	YY_BREAK
2350		case 67:
2351		YY_RULE_SETUP
2352		#line 190 "util/configlexer.lex"
	2384	case 69:
	2385	YY_RULE_SETUP
	2386	#line 192 "util/configlexer.lex"
2353	2387	{ YDVAR(1, VAR_IDENTITY) }
2354	2388	YY_BREAK
2355		case 68:
2356		YY_RULE_SETUP
2357		#line 191 "util/configlexer.lex"
	2389	case 70:
	2390	YY_RULE_SETUP
	2391	#line 193 "util/configlexer.lex"
2358	2392	{ YDVAR(1, VAR_VERSION) }
2359	2393	YY_BREAK
2360		case 69:
2361		YY_RULE_SETUP
2362		#line 192 "util/configlexer.lex"
	2394	case 71:
	2395	YY_RULE_SETUP
	2396	#line 194 "util/configlexer.lex"
2363	2397	{ YDVAR(1, VAR_MODULE_CONF) }
2364	2398	YY_BREAK
2365		case 70:
2366		YY_RULE_SETUP
2367		#line 193 "util/configlexer.lex"
	2399	case 72:
	2400	YY_RULE_SETUP
	2401	#line 195 "util/configlexer.lex"
2368	2402	{ YDVAR(1, VAR_DLV_ANCHOR) }
2369	2403	YY_BREAK
2370		case 71:
2371		YY_RULE_SETUP
2372		#line 194 "util/configlexer.lex"
	2404	case 73:
	2405	YY_RULE_SETUP
	2406	#line 196 "util/configlexer.lex"
2373	2407	{ YDVAR(1, VAR_DLV_ANCHOR_FILE) }
2374	2408	YY_BREAK
2375		case 72:
2376		YY_RULE_SETUP
2377		#line 195 "util/configlexer.lex"
	2409	case 74:
	2410	YY_RULE_SETUP
	2411	#line 197 "util/configlexer.lex"
2378	2412	{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) }
2379	2413	YY_BREAK
2380		case 73:
2381		YY_RULE_SETUP
2382		#line 196 "util/configlexer.lex"
	2414	case 75:
	2415	YY_RULE_SETUP
	2416	#line 198 "util/configlexer.lex"
2383	2417	{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) }
2384	2418	YY_BREAK
2385		case 74:
2386		YY_RULE_SETUP
2387		#line 197 "util/configlexer.lex"
	2419	case 76:
	2420	YY_RULE_SETUP
	2421	#line 199 "util/configlexer.lex"
2388	2422	{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) }
2389	2423	YY_BREAK
2390		case 75:
2391		YY_RULE_SETUP
2392		#line 198 "util/configlexer.lex"
	2424	case 77:
	2425	YY_RULE_SETUP
	2426	#line 200 "util/configlexer.lex"
2393	2427	{ YDVAR(1, VAR_TRUST_ANCHOR) }
2394	2428	YY_BREAK
2395		case 76:
2396		YY_RULE_SETUP
2397		#line 199 "util/configlexer.lex"
	2429	case 78:
	2430	YY_RULE_SETUP
	2431	#line 201 "util/configlexer.lex"
2398	2432	{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) }
2399	2433	YY_BREAK
2400		case 77:
2401		YY_RULE_SETUP
2402		#line 200 "util/configlexer.lex"
	2434	case 79:
	2435	YY_RULE_SETUP
	2436	#line 202 "util/configlexer.lex"
2403	2437	{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) }
2404	2438	YY_BREAK
2405		case 78:
2406		YY_RULE_SETUP
2407		#line 201 "util/configlexer.lex"
	2439	case 80:
	2440	YY_RULE_SETUP
	2441	#line 203 "util/configlexer.lex"
2408	2442	{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) }
2409	2443	YY_BREAK
2410		case 79:
2411		YY_RULE_SETUP
2412		#line 202 "util/configlexer.lex"
	2444	case 81:
	2445	YY_RULE_SETUP
	2446	#line 204 "util/configlexer.lex"
2413	2447	{ YDVAR(1, VAR_BOGUS_TTL) }
2414	2448	YY_BREAK
2415		case 80:
2416		YY_RULE_SETUP
2417		#line 203 "util/configlexer.lex"
	2449	case 82:
	2450	YY_RULE_SETUP
	2451	#line 205 "util/configlexer.lex"
2418	2452	{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) }
2419	2453	YY_BREAK
2420		case 81:
2421		YY_RULE_SETUP
2422		#line 204 "util/configlexer.lex"
	2454	case 83:
	2455	YY_RULE_SETUP
	2456	#line 206 "util/configlexer.lex"
2423	2457	{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) }
2424	2458	YY_BREAK
2425		case 82:
2426		YY_RULE_SETUP
2427		#line 205 "util/configlexer.lex"
	2459	case 84:
	2460	YY_RULE_SETUP
	2461	#line 207 "util/configlexer.lex"
2428	2462	{ YDVAR(1, VAR_VAL_LOG_LEVEL) }
2429	2463	YY_BREAK
2430		case 83:
2431		YY_RULE_SETUP
2432		#line 206 "util/configlexer.lex"
	2464	case 85:
	2465	YY_RULE_SETUP
	2466	#line 208 "util/configlexer.lex"
2433	2467	{ YDVAR(1, VAR_KEY_CACHE_SIZE) }
2434	2468	YY_BREAK
2435		case 84:
2436		YY_RULE_SETUP
2437		#line 207 "util/configlexer.lex"
	2469	case 86:
	2470	YY_RULE_SETUP
	2471	#line 209 "util/configlexer.lex"
2438	2472	{ YDVAR(1, VAR_KEY_CACHE_SLABS) }
2439	2473	YY_BREAK
2440		case 85:
2441		YY_RULE_SETUP
2442		#line 208 "util/configlexer.lex"
	2474	case 87:
	2475	YY_RULE_SETUP
	2476	#line 210 "util/configlexer.lex"
2443	2477	{ YDVAR(1, VAR_NEG_CACHE_SIZE) }
2444	2478	YY_BREAK
2445		case 86:
2446		YY_RULE_SETUP
2447		#line 209 "util/configlexer.lex"
	2479	case 88:
	2480	YY_RULE_SETUP
	2481	#line 211 "util/configlexer.lex"
2448	2482	{
2449	2483	YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) }
2450	2484	YY_BREAK
2451		case 87:
2452		YY_RULE_SETUP
2453		#line 211 "util/configlexer.lex"
	2485	case 89:
	2486	YY_RULE_SETUP
	2487	#line 213 "util/configlexer.lex"
2454	2488	{ YDVAR(1, VAR_ADD_HOLDDOWN) }
2455	2489	YY_BREAK
2456		case 88:
2457		YY_RULE_SETUP
2458		#line 212 "util/configlexer.lex"
	2490	case 90:
	2491	YY_RULE_SETUP
	2492	#line 214 "util/configlexer.lex"
2459	2493	{ YDVAR(1, VAR_DEL_HOLDDOWN) }
2460	2494	YY_BREAK
2461		case 89:
2462		YY_RULE_SETUP
2463		#line 213 "util/configlexer.lex"
	2495	case 91:
	2496	YY_RULE_SETUP
	2497	#line 215 "util/configlexer.lex"
2464	2498	{ YDVAR(1, VAR_KEEP_MISSING) }
2465	2499	YY_BREAK
2466		case 90:
2467		YY_RULE_SETUP
2468		#line 214 "util/configlexer.lex"
	2500	case 92:
	2501	YY_RULE_SETUP
	2502	#line 216 "util/configlexer.lex"
2469	2503	{ YDVAR(1, VAR_USE_SYSLOG) }
2470	2504	YY_BREAK
2471		case 91:
2472		YY_RULE_SETUP
2473		#line 215 "util/configlexer.lex"
	2505	case 93:
	2506	YY_RULE_SETUP
	2507	#line 217 "util/configlexer.lex"
2474	2508	{ YDVAR(1, VAR_LOG_TIME_ASCII) }
2475	2509	YY_BREAK
2476		case 92:
2477		YY_RULE_SETUP
2478		#line 216 "util/configlexer.lex"
	2510	case 94:
	2511	YY_RULE_SETUP
	2512	#line 218 "util/configlexer.lex"
2479	2513	{ YDVAR(2, VAR_LOCAL_ZONE) }
2480	2514	YY_BREAK
2481		case 93:
2482		YY_RULE_SETUP
2483		#line 217 "util/configlexer.lex"
	2515	case 95:
	2516	YY_RULE_SETUP
	2517	#line 219 "util/configlexer.lex"
2484	2518	{ YDVAR(1, VAR_LOCAL_DATA) }
2485	2519	YY_BREAK
2486		case 94:
2487		YY_RULE_SETUP
2488		#line 218 "util/configlexer.lex"
	2520	case 96:
	2521	YY_RULE_SETUP
	2522	#line 220 "util/configlexer.lex"
2489	2523	{ YDVAR(1, VAR_LOCAL_DATA_PTR) }
2490	2524	YY_BREAK
2491		case 95:
2492		YY_RULE_SETUP
2493		#line 219 "util/configlexer.lex"
	2525	case 97:
	2526	YY_RULE_SETUP
	2527	#line 221 "util/configlexer.lex"
2494	2528	{ YDVAR(1, VAR_STATISTICS_INTERVAL) }
2495	2529	YY_BREAK
2496		case 96:
2497		YY_RULE_SETUP
2498		#line 220 "util/configlexer.lex"
	2530	case 98:
	2531	YY_RULE_SETUP
	2532	#line 222 "util/configlexer.lex"
2499	2533	{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
2500	2534	YY_BREAK
2501		case 97:
2502		YY_RULE_SETUP
2503		#line 221 "util/configlexer.lex"
	2535	case 99:
	2536	YY_RULE_SETUP
	2537	#line 223 "util/configlexer.lex"
2504	2538	{ YDVAR(1, VAR_EXTENDED_STATISTICS) }
2505	2539	YY_BREAK
2506		case 98:
2507		YY_RULE_SETUP
2508		#line 222 "util/configlexer.lex"
	2540	case 100:
	2541	YY_RULE_SETUP
	2542	#line 224 "util/configlexer.lex"
2509	2543	{ YDVAR(0, VAR_REMOTE_CONTROL) }
2510	2544	YY_BREAK
2511		case 99:
2512		YY_RULE_SETUP
2513		#line 223 "util/configlexer.lex"
	2545	case 101:
	2546	YY_RULE_SETUP
	2547	#line 225 "util/configlexer.lex"
2514	2548	{ YDVAR(1, VAR_CONTROL_ENABLE) }
2515	2549	YY_BREAK
2516		case 100:
2517		YY_RULE_SETUP
2518		#line 224 "util/configlexer.lex"
	2550	case 102:
	2551	YY_RULE_SETUP
	2552	#line 226 "util/configlexer.lex"
2519	2553	{ YDVAR(1, VAR_CONTROL_INTERFACE) }
2520	2554	YY_BREAK
2521		case 101:
2522		YY_RULE_SETUP
2523		#line 225 "util/configlexer.lex"
	2555	case 103:
	2556	YY_RULE_SETUP
	2557	#line 227 "util/configlexer.lex"
2524	2558	{ YDVAR(1, VAR_CONTROL_PORT) }
2525	2559	YY_BREAK
2526		case 102:
2527		YY_RULE_SETUP
2528		#line 226 "util/configlexer.lex"
	2560	case 104:
	2561	YY_RULE_SETUP
	2562	#line 228 "util/configlexer.lex"
2529	2563	{ YDVAR(1, VAR_SERVER_KEY_FILE) }
2530	2564	YY_BREAK
2531		case 103:
2532		YY_RULE_SETUP
2533		#line 227 "util/configlexer.lex"
	2565	case 105:
	2566	YY_RULE_SETUP
	2567	#line 229 "util/configlexer.lex"
2534	2568	{ YDVAR(1, VAR_SERVER_CERT_FILE) }
2535	2569	YY_BREAK
2536		case 104:
2537		YY_RULE_SETUP
2538		#line 228 "util/configlexer.lex"
	2570	case 106:
	2571	YY_RULE_SETUP
	2572	#line 230 "util/configlexer.lex"
2539	2573	{ YDVAR(1, VAR_CONTROL_KEY_FILE) }
2540	2574	YY_BREAK
2541		case 105:
2542		YY_RULE_SETUP
2543		#line 229 "util/configlexer.lex"
	2575	case 107:
	2576	YY_RULE_SETUP
	2577	#line 231 "util/configlexer.lex"
2544	2578	{ YDVAR(1, VAR_CONTROL_CERT_FILE) }
2545	2579	YY_BREAK
2546		case 106:
2547		YY_RULE_SETUP
2548		#line 230 "util/configlexer.lex"
	2580	case 108:
	2581	YY_RULE_SETUP
	2582	#line 232 "util/configlexer.lex"
2549	2583	{ YDVAR(1, VAR_PYTHON_SCRIPT) }
2550	2584	YY_BREAK
2551		case 107:
2552		YY_RULE_SETUP
2553		#line 231 "util/configlexer.lex"
	2585	case 109:
	2586	YY_RULE_SETUP
	2587	#line 233 "util/configlexer.lex"
2554	2588	{ YDVAR(0, VAR_PYTHON) }
2555	2589	YY_BREAK
2556		case 108:
2557		YY_RULE_SETUP
2558		#line 232 "util/configlexer.lex"
	2590	case 110:
	2591	YY_RULE_SETUP
	2592	#line 234 "util/configlexer.lex"
2559	2593	{ YDVAR(1, VAR_DOMAIN_INSECURE) }
2560	2594	YY_BREAK
2561		case 109:
2562		/* rule 109 can match eol */
2563		YY_RULE_SETUP
2564		#line 233 "util/configlexer.lex"
	2595	case 111:
	2596	/* rule 111 can match eol */
	2597	YY_RULE_SETUP
	2598	#line 235 "util/configlexer.lex"
2565	2599	{ LEXOUT(("NL\n")); cfg_parser->line++; }
2566	2600	YY_BREAK
2567	2601	/* Quoted strings. Strip leading and ending quotes */
2568		case 110:
2569		YY_RULE_SETUP
2570		#line 236 "util/configlexer.lex"
	2602	case 112:
	2603	YY_RULE_SETUP
	2604	#line 238 "util/configlexer.lex"
2571	2605	{ BEGIN(quotedstring); LEXOUT(("QS ")); }
2572	2606	YY_BREAK
2573	2607	case YY_STATE_EOF(quotedstring):
2574		#line 237 "util/configlexer.lex"
	2608	#line 239 "util/configlexer.lex"
2575	2609	{
2576	2610	yyerror("EOF inside quoted string");
2577	2611	if(--num_args == 0) { BEGIN(INITIAL); }
2578	2612	else { BEGIN(val); }
2579	2613	}
2580	2614	YY_BREAK
2581		case 111:
2582		YY_RULE_SETUP
2583		#line 242 "util/configlexer.lex"
	2615	case 113:
	2616	YY_RULE_SETUP
	2617	#line 244 "util/configlexer.lex"
2584	2618	{ LEXOUT(("STR(%s) ", yytext)); yymore(); }
2585	2619	YY_BREAK
2586		case 112:
2587		/* rule 112 can match eol */
2588		YY_RULE_SETUP
2589		#line 243 "util/configlexer.lex"
	2620	case 114:
	2621	/* rule 114 can match eol */
	2622	YY_RULE_SETUP
	2623	#line 245 "util/configlexer.lex"
2590	2624	{ yyerror("newline inside quoted string, no end \"");
2591	2625	cfg_parser->line++; BEGIN(INITIAL); }
2592	2626	YY_BREAK
2593		case 113:
2594		YY_RULE_SETUP
2595		#line 245 "util/configlexer.lex"
	2627	case 115:
	2628	YY_RULE_SETUP
	2629	#line 247 "util/configlexer.lex"
2596	2630	{
2597	2631	LEXOUT(("QE "));
2598	2632	if(--num_args == 0) { BEGIN(INITIAL); }

2605	2639	}
2606	2640	YY_BREAK
2607	2641	/* Single Quoted strings. Strip leading and ending quotes */
2608		case 114:
2609		YY_RULE_SETUP
2610		#line 257 "util/configlexer.lex"
	2642	case 116:
	2643	YY_RULE_SETUP
	2644	#line 259 "util/configlexer.lex"
2611	2645	{ BEGIN(singlequotedstr); LEXOUT(("SQS ")); }
2612	2646	YY_BREAK
2613	2647	case YY_STATE_EOF(singlequotedstr):
2614		#line 258 "util/configlexer.lex"
	2648	#line 260 "util/configlexer.lex"
2615	2649	{
2616	2650	yyerror("EOF inside quoted string");
2617	2651	if(--num_args == 0) { BEGIN(INITIAL); }
2618	2652	else { BEGIN(val); }
2619	2653	}
2620	2654	YY_BREAK
2621		case 115:
2622		YY_RULE_SETUP
2623		#line 263 "util/configlexer.lex"
	2655	case 117:
	2656	YY_RULE_SETUP
	2657	#line 265 "util/configlexer.lex"
2624	2658	{ LEXOUT(("STR(%s) ", yytext)); yymore(); }
2625	2659	YY_BREAK
2626		case 116:
2627		/* rule 116 can match eol */
2628		YY_RULE_SETUP
2629		#line 264 "util/configlexer.lex"
	2660	case 118:
	2661	/* rule 118 can match eol */
	2662	YY_RULE_SETUP
	2663	#line 266 "util/configlexer.lex"
2630	2664	{ yyerror("newline inside quoted string, no end '");
2631	2665	cfg_parser->line++; BEGIN(INITIAL); }
2632	2666	YY_BREAK
2633		case 117:
2634		YY_RULE_SETUP
2635		#line 266 "util/configlexer.lex"
	2667	case 119:
	2668	YY_RULE_SETUP
	2669	#line 268 "util/configlexer.lex"
2636	2670	{
2637	2671	LEXOUT(("SQE "));
2638	2672	if(--num_args == 0) { BEGIN(INITIAL); }

2645	2679	}
2646	2680	YY_BREAK
2647	2681	/* include: directive */
2648		case 118:
2649		YY_RULE_SETUP
2650		#line 278 "util/configlexer.lex"
	2682	case 120:
	2683	YY_RULE_SETUP
	2684	#line 280 "util/configlexer.lex"
2651	2685	{
2652	2686	LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); }
2653	2687	YY_BREAK
2654	2688	case YY_STATE_EOF(include):
2655		#line 280 "util/configlexer.lex"
	2689	#line 282 "util/configlexer.lex"
2656	2690	{
2657	2691	yyerror("EOF inside include directive");
2658	2692	BEGIN(inc_prev);
2659	2693	}
2660	2694	YY_BREAK
2661		case 119:
2662		YY_RULE_SETUP
2663		#line 284 "util/configlexer.lex"
	2695	case 121:
	2696	YY_RULE_SETUP
	2697	#line 286 "util/configlexer.lex"
2664	2698	{ LEXOUT(("ISP ")); /* ignore */ }
2665	2699	YY_BREAK
2666		case 120:
2667		/* rule 120 can match eol */
2668		YY_RULE_SETUP
2669		#line 285 "util/configlexer.lex"
	2700	case 122:
	2701	/* rule 122 can match eol */
	2702	YY_RULE_SETUP
	2703	#line 287 "util/configlexer.lex"
2670	2704	{ LEXOUT(("NL\n")); cfg_parser->line++;}
2671	2705	YY_BREAK
2672		case 121:
2673		YY_RULE_SETUP
2674		#line 286 "util/configlexer.lex"
	2706	case 123:
	2707	YY_RULE_SETUP
	2708	#line 288 "util/configlexer.lex"
2675	2709	{ LEXOUT(("IQS ")); BEGIN(include_quoted); }
2676	2710	YY_BREAK
2677		case 122:
2678		YY_RULE_SETUP
2679		#line 287 "util/configlexer.lex"
	2711	case 124:
	2712	YY_RULE_SETUP
	2713	#line 289 "util/configlexer.lex"
2680	2714	{
2681	2715	LEXOUT(("Iunquotedstr(%s) ", yytext));
2682	2716	config_start_include(yytext);

2684	2718	}
2685	2719	YY_BREAK
2686	2720	case YY_STATE_EOF(include_quoted):
2687		#line 292 "util/configlexer.lex"
	2721	#line 294 "util/configlexer.lex"
2688	2722	{
2689	2723	yyerror("EOF inside quoted string");
2690	2724	BEGIN(inc_prev);
2691	2725	}
2692	2726	YY_BREAK
2693		case 123:
2694		YY_RULE_SETUP
2695		#line 296 "util/configlexer.lex"
	2727	case 125:
	2728	YY_RULE_SETUP
	2729	#line 298 "util/configlexer.lex"
2696	2730	{ LEXOUT(("ISTR(%s) ", yytext)); yymore(); }
2697	2731	YY_BREAK
2698		case 124:
2699		/* rule 124 can match eol */
2700		YY_RULE_SETUP
2701		#line 297 "util/configlexer.lex"
	2732	case 126:
	2733	/* rule 126 can match eol */
	2734	YY_RULE_SETUP
	2735	#line 299 "util/configlexer.lex"
2702	2736	{ yyerror("newline before \" in include name");
2703	2737	cfg_parser->line++; BEGIN(inc_prev); }
2704	2738	YY_BREAK
2705		case 125:
2706		YY_RULE_SETUP
2707		#line 299 "util/configlexer.lex"
	2739	case 127:
	2740	YY_RULE_SETUP
	2741	#line 301 "util/configlexer.lex"
2708	2742	{
2709	2743	LEXOUT(("IQE "));
2710	2744	yytext[yyleng - 1] = '\0';

2714	2748	YY_BREAK
2715	2749	case YY_STATE_EOF(INITIAL):
2716	2750	case YY_STATE_EOF(val):
2717		#line 305 "util/configlexer.lex"
	2751	#line 307 "util/configlexer.lex"
2718	2752	{
2719	2753	yy_set_bol(1); /* Set beginning of line, so "^" rules match. */
2720	2754	if (config_include_stack_ptr == 0) {

2725	2759	}
2726	2760	}
2727	2761	YY_BREAK
2728		case 126:
2729		YY_RULE_SETUP
2730		#line 315 "util/configlexer.lex"
	2762	case 128:
	2763	YY_RULE_SETUP
	2764	#line 317 "util/configlexer.lex"
2731	2765	{ LEXOUT(("unquotedstr(%s) ", yytext));
2732	2766	if(--num_args == 0) { BEGIN(INITIAL); }
2733	2767	yylval.str = strdup(yytext); return STRING_ARG; }
2734	2768	YY_BREAK
2735		case 127:
2736		YY_RULE_SETUP
2737		#line 319 "util/configlexer.lex"
	2769	case 129:
	2770	YY_RULE_SETUP
	2771	#line 321 "util/configlexer.lex"
2738	2772	{
2739	2773	ub_c_error_msg("unknown keyword '%s'", yytext);
2740	2774	}
2741	2775	YY_BREAK
2742		case 128:
2743		YY_RULE_SETUP
2744		#line 323 "util/configlexer.lex"
	2776	case 130:
	2777	YY_RULE_SETUP
	2778	#line 325 "util/configlexer.lex"
2745	2779	{
2746	2780	ub_c_error_msg("stray '%s'", yytext);
2747	2781	}
2748	2782	YY_BREAK
2749		case 129:
2750		YY_RULE_SETUP
2751		#line 327 "util/configlexer.lex"
	2783	case 131:
	2784	YY_RULE_SETUP
	2785	#line 329 "util/configlexer.lex"
2752	2786	ECHO;
2753	2787	YY_BREAK
2754		#line 2754 "<stdout>"
	2788	#line 2788 "<stdout>"
2755	2789
2756	2790	case YY_END_OF_BUFFER:
2757	2791	{

3041	3075	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
3042	3076	{
3043	3077	yy_current_state = (int) yy_def[yy_current_state];
3044		if ( yy_current_state >= 1214 )
	3078	if ( yy_current_state >= 1236 )
3045	3079	yy_c = yy_meta[(unsigned int) yy_c];
3046	3080	}
3047	3081	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];

3069	3103	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
3070	3104	{
3071	3105	yy_current_state = (int) yy_def[yy_current_state];
3072		if ( yy_current_state >= 1214 )
	3106	if ( yy_current_state >= 1236 )
3073	3107	yy_c = yy_meta[(unsigned int) yy_c];
3074	3108	}
3075	3109	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
3076		yy_is_jam = (yy_current_state == 1213);
	3110	yy_is_jam = (yy_current_state == 1235);
3077	3111
3078	3112	return yy_is_jam ? 0 : yy_current_state;
3079	3113	}

3710	3744
3711	3745	#define YYTABLES_NAME "yytables"
3712	3746
3713		#line 327 "util/configlexer.lex"
3714
3715
3716
	3747	#line 329 "util/configlexer.lex"
	3748
	3749
	3750

-0

util/configlexer.lex less more

140	140	outgoing-interface{COLON} { YDVAR(1, VAR_OUTGOING_INTERFACE) }
141	141	interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) }
142	142	so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) }
	143	so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) }
143	144	chroot{COLON} { YDVAR(1, VAR_CHROOT) }
144	145	username{COLON} { YDVAR(1, VAR_USERNAME) }
145	146	directory{COLON} { YDVAR(1, VAR_DIRECTORY) }

166	167	harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
167	168	harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) }
168	169	harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) }
	170	harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) }
169	171	harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) }
170	172	use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) }
171	173	unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }

+673

-632

util/configparser.c less more

236	236	VAR_SO_RCVBUF = 368,
237	237	VAR_EDNS_BUFFER_SIZE = 369,
238	238	VAR_PREFETCH = 370,
239		VAR_PREFETCH_KEY = 371
	239	VAR_PREFETCH_KEY = 371,
	240	VAR_SO_SNDBUF = 372,
	241	VAR_HARDEN_BELOW_NXDOMAIN = 373
240	242	};
241	243	#endif
242	244	/* Tokens. */

354	356	#define VAR_EDNS_BUFFER_SIZE 369
355	357	#define VAR_PREFETCH 370
356	358	#define VAR_PREFETCH_KEY 371
	359	#define VAR_SO_SNDBUF 372
	360	#define VAR_HARDEN_BELOW_NXDOMAIN 373
357	361
358	362
359	363

370	374
371	375
372	376	/* Line 214 of yacc.c */
373		#line 375 "util/configparser.c"
	377	#line 379 "util/configparser.c"
374	378	} YYSTYPE;
375	379	# define YYSTYPE_IS_TRIVIAL 1
376	380	# define yystype YYSTYPE /* obsolescent; will be withdrawn */

382	386
383	387
384	388	/* Line 264 of yacc.c */
385		#line 387 "util/configparser.c"
	389	#line 391 "util/configparser.c"
386	390
387	391	#ifdef short
388	392	# undef short

597	601	/* YYFINAL -- State number of the termination state. */
598	602	#define YYFINAL 2
599	603	/* YYLAST -- Last index in YYTABLE. */
600		#define YYLAST 212
	604	#define YYLAST 216
601	605
602	606	/* YYNTOKENS -- Number of terminals. */
603		#define YYNTOKENS 117
	607	#define YYNTOKENS 119
604	608	/* YYNNTS -- Number of nonterminals. */
605		#define YYNNTS 120
	609	#define YYNNTS 122
606	610	/* YYNRULES -- Number of rules. */
607		#define YYNRULES 227
	611	#define YYNRULES 231
608	612	/* YYNRULES -- Number of states. */
609		#define YYNSTATES 332
	613	#define YYNSTATES 338
610	614
611	615	/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
612	616	#define YYUNDEFTOK 2
613		#define YYMAXUTOK 371
	617	#define YYMAXUTOK 373
614	618
615	619	#define YYTRANSLATE(YYX) \
616	620	((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)

655	659	85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
656	660	95, 96, 97, 98, 99, 100, 101, 102, 103, 104,
657	661	105, 106, 107, 108, 109, 110, 111, 112, 113, 114,
658		115, 116
	662	115, 116, 117, 118
659	663	};
660	664
661	665	#if YYDEBUG

673	677	144, 146, 148, 150, 152, 154, 156, 158, 160, 162,
674	678	164, 166, 168, 170, 172, 174, 176, 178, 180, 182,
675	679	184, 186, 188, 190, 192, 194, 196, 198, 200, 202,
676		204, 207, 208, 210, 212, 214, 216, 218, 221, 222,
677		224, 226, 228, 231, 234, 237, 240, 243, 246, 249,
678		252, 255, 258, 261, 264, 267, 270, 273, 276, 279,
679		282, 285, 288, 291, 294, 297, 300, 303, 306, 309,
680		312, 315, 318, 321, 324, 327, 330, 333, 336, 339,
681		342, 345, 348, 351, 354, 357, 360, 363, 366, 369,
682		372, 375, 378, 381, 384, 387, 390, 393, 396, 399,
683		402, 405, 408, 411, 414, 417, 420, 423, 426, 430,
684		433, 436, 439, 442, 445, 448, 451, 454, 457, 460,
685		463, 466, 469, 472, 475, 478, 481, 485, 488, 491,
686		494, 497, 500, 503, 506, 509, 512, 514, 517, 518,
687		520, 522, 524, 526, 528, 530, 532, 535, 538, 541,
688		544, 547, 550, 553, 555, 558, 559, 561
	680	204, 206, 208, 211, 212, 214, 216, 218, 220, 222,
	681	225, 226, 228, 230, 232, 235, 238, 241, 244, 247,
	682	250, 253, 256, 259, 262, 265, 268, 271, 274, 277,
	683	280, 283, 286, 289, 292, 295, 298, 301, 304, 307,
	684	310, 313, 316, 319, 322, 325, 328, 331, 334, 337,
	685	340, 343, 346, 349, 352, 355, 358, 361, 364, 367,
	686	370, 373, 376, 379, 382, 385, 388, 391, 394, 397,
	687	400, 403, 406, 409, 412, 415, 418, 421, 424, 427,
	688	430, 433, 436, 440, 443, 446, 449, 452, 455, 458,
	689	461, 464, 467, 470, 473, 476, 479, 482, 485, 488,
	690	491, 495, 498, 501, 504, 507, 510, 513, 516, 519,
	691	522, 524, 527, 528, 530, 532, 534, 536, 538, 540,
	692	542, 545, 548, 551, 554, 557, 560, 563, 565, 568,
	693	569, 571
689	694	};
690	695
691	696	/* YYRHS -- A `-1'-separated list of the rules' RHS. */
692	697	static const yytype_int16 yyrhs[] =
693	698	{
694		118, 0, -1, -1, 118, 119, -1, 120, 121, -1,
695		123, 124, -1, 126, 127, -1, 233, 234, -1, 223,
696		224, -1, 11, -1, 121, 122, -1, -1, 129, -1,
697		130, -1, 134, -1, 137, -1, 143, -1, 144, -1,
698		145, -1, 146, -1, 135, -1, 150, -1, 151, -1,
699		152, -1, 153, -1, 154, -1, 170, -1, 171, -1,
700		172, -1, 174, -1, 175, -1, 140, -1, 176, -1,
701		177, -1, 180, -1, 178, -1, 179, -1, 181, -1,
702		182, -1, 183, -1, 193, -1, 163, -1, 164, -1,
703		165, -1, 166, -1, 184, -1, 196, -1, 159, -1,
704		161, -1, 197, -1, 202, -1, 203, -1, 204, -1,
705		141, -1, 169, -1, 210, -1, 211, -1, 160, -1,
706		206, -1, 148, -1, 136, -1, 155, -1, 194, -1,
707		200, -1, 185, -1, 195, -1, 213, -1, 214, -1,
708		142, -1, 131, -1, 147, -1, 187, -1, 132, -1,
709		138, -1, 139, -1, 156, -1, 157, -1, 212, -1,
710		186, -1, 188, -1, 189, -1, 133, -1, 215, -1,
711		173, -1, 192, -1, 149, -1, 162, -1, 198, -1,
712		199, -1, 201, -1, 205, -1, 158, -1, 207, -1,
713		208, -1, 209, -1, 167, -1, 168, -1, 190, -1,
714		191, -1, 38, -1, 124, 125, -1, -1, 216, -1,
715		217, -1, 218, -1, 219, -1, 44, -1, 127, 128,
716		-1, -1, 220, -1, 221, -1, 222, -1, 13, 10,
717		-1, 12, 10, -1, 76, 10, -1, 79, 10, -1,
718		96, 10, -1, 14, 10, -1, 16, 10, -1, 67,
719		10, -1, 15, 10, -1, 80, 10, -1, 81, 10,
720		-1, 31, 10, -1, 60, 10, -1, 75, 10, -1,
721		17, 10, -1, 18, 10, -1, 19, 10, -1, 20,
722		10, -1, 77, 10, -1, 66, 10, -1, 101, 10,
723		-1, 21, 10, -1, 22, 10, -1, 23, 10, -1,
724		24, 10, -1, 25, 10, -1, 68, 10, -1, 82,
725		10, -1, 83, 10, -1, 109, 10, -1, 54, 10,
726		-1, 64, 10, -1, 55, 10, -1, 102, 10, -1,
727		48, 10, -1, 49, 10, -1, 50, 10, -1, 51,
728		10, -1, 113, 10, -1, 114, 10, -1, 61, 10,
729		-1, 26, 10, -1, 27, 10, -1, 28, 10, -1,
730		98, 10, -1, 29, 10, -1, 30, 10, -1, 32,
731		10, -1, 33, 10, -1, 35, 10, -1, 36, 10,
732		-1, 34, 10, -1, 41, 10, -1, 42, 10, -1,
733		43, 10, -1, 52, 10, -1, 71, 10, -1, 85,
	699	120, 0, -1, -1, 120, 121, -1, 122, 123, -1,
	700	125, 126, -1, 128, 129, -1, 237, 238, -1, 227,
	701	228, -1, 11, -1, 123, 124, -1, -1, 131, -1,
	702	132, -1, 136, -1, 139, -1, 145, -1, 146, -1,
	703	147, -1, 148, -1, 137, -1, 152, -1, 153, -1,
	704	154, -1, 155, -1, 156, -1, 173, -1, 174, -1,
	705	175, -1, 177, -1, 178, -1, 142, -1, 179, -1,
	706	180, -1, 183, -1, 181, -1, 182, -1, 184, -1,
	707	185, -1, 186, -1, 197, -1, 165, -1, 166, -1,
	708	167, -1, 168, -1, 187, -1, 200, -1, 161, -1,
	709	163, -1, 201, -1, 206, -1, 207, -1, 208, -1,
	710	143, -1, 172, -1, 214, -1, 215, -1, 162, -1,
	711	210, -1, 150, -1, 138, -1, 157, -1, 198, -1,
	712	204, -1, 188, -1, 199, -1, 217, -1, 218, -1,
	713	144, -1, 133, -1, 149, -1, 191, -1, 134, -1,
	714	140, -1, 141, -1, 158, -1, 159, -1, 216, -1,
	715	190, -1, 192, -1, 193, -1, 135, -1, 219, -1,
	716	176, -1, 196, -1, 151, -1, 164, -1, 202, -1,
	717	203, -1, 205, -1, 209, -1, 160, -1, 211, -1,
	718	212, -1, 213, -1, 169, -1, 171, -1, 194, -1,
	719	195, -1, 170, -1, 189, -1, 38, -1, 126, 127,
	720	-1, -1, 220, -1, 221, -1, 222, -1, 223, -1,
	721	44, -1, 129, 130, -1, -1, 224, -1, 225, -1,
	722	226, -1, 13, 10, -1, 12, 10, -1, 76, 10,
	723	-1, 79, 10, -1, 96, 10, -1, 14, 10, -1,
	724	16, 10, -1, 67, 10, -1, 15, 10, -1, 80,
	725	10, -1, 81, 10, -1, 31, 10, -1, 60, 10,
	726	-1, 75, 10, -1, 17, 10, -1, 18, 10, -1,
	727	19, 10, -1, 20, 10, -1, 77, 10, -1, 66,
	728	10, -1, 101, 10, -1, 21, 10, -1, 22, 10,
	729	-1, 23, 10, -1, 24, 10, -1, 25, 10, -1,
	730	68, 10, -1, 82, 10, -1, 83, 10, -1, 109,
	731	10, -1, 54, 10, -1, 64, 10, -1, 55, 10,
	732	-1, 102, 10, -1, 48, 10, -1, 49, 10, -1,
	733	50, 10, -1, 51, 10, -1, 113, 10, -1, 117,
	734	10, -1, 114, 10, -1, 61, 10, -1, 26, 10,
	735	-1, 27, 10, -1, 28, 10, -1, 98, 10, -1,
	736	29, 10, -1, 30, 10, -1, 32, 10, -1, 33,
	737	10, -1, 35, 10, -1, 36, 10, -1, 34, 10,
	738	-1, 41, 10, -1, 42, 10, -1, 43, 10, -1,
	739	52, 10, -1, 71, 10, -1, 118, 10, -1, 85,
734	740	10, -1, 78, 10, -1, 86, 10, -1, 87, 10,
735	741	-1, 115, 10, -1, 116, 10, -1, 100, 10, -1,
736	742	47, 10, -1, 69, 10, -1, 72, 10, 10, -1,

742	748	-1, 73, 10, 10, -1, 74, 10, -1, 97, 10,
743	749	-1, 37, 10, -1, 39, 10, -1, 40, 10, -1,
744	750	99, 10, -1, 37, 10, -1, 45, 10, -1, 46,
745		10, -1, 88, -1, 224, 225, -1, -1, 226, -1,
746		228, -1, 227, -1, 229, -1, 230, -1, 231, -1,
747		232, -1, 89, 10, -1, 91, 10, -1, 90, 10,
	751	10, -1, 88, -1, 228, 229, -1, -1, 230, -1,
	752	232, -1, 231, -1, 233, -1, 234, -1, 235, -1,
	753	236, -1, 89, 10, -1, 91, 10, -1, 90, 10,
748	754	-1, 92, 10, -1, 93, 10, -1, 94, 10, -1,
749		95, 10, -1, 103, -1, 234, 235, -1, -1, 236,
	755	95, 10, -1, 103, -1, 238, 239, -1, -1, 240,
750	756	-1, 104, 10, -1
751	757	};
752	758

762	768	141, 141, 142, 142, 143, 143, 144, 144, 144, 145,
763	769	145, 146, 146, 147, 147, 148, 148, 148, 149, 149,
764	770	150, 150, 151, 151, 152, 152, 153, 153, 154, 154,
765		154, 155, 155, 156, 156, 156, 157, 157, 157, 159,
766		171, 172, 173, 173, 173, 173, 175, 187, 188, 189,
767		189, 189, 191, 200, 209, 220, 229, 238, 247, 260,
768		275, 284, 293, 302, 311, 320, 329, 338, 347, 356,
769		365, 374, 388, 397, 404, 411, 418, 426, 433, 440,
770		447, 454, 462, 470, 478, 485, 492, 501, 510, 517,
771		524, 532, 545, 556, 564, 577, 586, 595, 603, 616,
772		625, 634, 643, 652, 665, 672, 682, 692, 702, 712,
773		722, 732, 739, 746, 755, 764, 773, 780, 790, 804,
774		811, 829, 842, 855, 864, 873, 882, 892, 902, 911,
775		918, 927, 936, 945, 953, 966, 974, 994, 1001, 1016,
776		1023, 1030, 1037, 1047, 1054, 1061, 1068, 1073, 1074, 1075,
777		1075, 1075, 1076, 1076, 1076, 1077, 1079, 1089, 1098, 1105,
778		1112, 1119, 1126, 1133, 1138, 1139, 1140, 1142
	771	154, 155, 155, 156, 156, 156, 157, 157, 157, 158,
	772	158, 160, 172, 173, 174, 174, 174, 174, 176, 188,
	773	189, 190, 190, 190, 192, 201, 210, 221, 230, 239,
	774	248, 261, 276, 285, 294, 303, 312, 321, 330, 339,
	775	348, 357, 366, 375, 389, 398, 405, 412, 419, 427,
	776	434, 441, 448, 455, 463, 471, 479, 486, 493, 502,
	777	511, 518, 525, 533, 541, 554, 565, 573, 586, 595,
	778	604, 612, 625, 634, 643, 652, 661, 674, 681, 691,
	779	701, 711, 721, 731, 741, 751, 758, 765, 774, 783,
	780	792, 799, 809, 823, 830, 848, 861, 874, 883, 892,
	781	901, 911, 921, 930, 937, 946, 955, 964, 972, 985,
	782	993, 1015, 1022, 1037, 1044, 1051, 1058, 1068, 1075, 1082,
	783	1089, 1094, 1095, 1096, 1096, 1096, 1097, 1097, 1097, 1098,
	784	1100, 1110, 1119, 1126, 1133, 1140, 1147, 1154, 1159, 1160,
	785	1161, 1163
779	786	};
780	787	#endif
781	788

820	827	"VAR_VAL_SIG_SKEW_MIN", "VAR_VAL_SIG_SKEW_MAX", "VAR_CACHE_MIN_TTL",
821	828	"VAR_VAL_LOG_LEVEL", "VAR_AUTO_TRUST_ANCHOR_FILE", "VAR_KEEP_MISSING",
822	829	"VAR_ADD_HOLDDOWN", "VAR_DEL_HOLDDOWN", "VAR_SO_RCVBUF",
823		"VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH", "VAR_PREFETCH_KEY", "$accept",
824		"toplevelvars", "toplevelvar", "serverstart", "contents_server",
825		"content_server", "stubstart", "contents_stub", "content_stub",
826		"forwardstart", "contents_forward", "content_forward",
827		"server_num_threads", "server_verbosity", "server_statistics_interval",
	830	"VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH", "VAR_PREFETCH_KEY",
	831	"VAR_SO_SNDBUF", "VAR_HARDEN_BELOW_NXDOMAIN", "$accept", "toplevelvars",
	832	"toplevelvar", "serverstart", "contents_server", "content_server",
	833	"stubstart", "contents_stub", "content_stub", "forwardstart",
	834	"contents_forward", "content_forward", "server_num_threads",
	835	"server_verbosity", "server_statistics_interval",
828	836	"server_statistics_cumulative", "server_extended_statistics",
829	837	"server_port", "server_interface", "server_outgoing_interface",
830	838	"server_outgoing_range", "server_outgoing_port_permit",

838	846	"server_trust_anchor_file", "server_trusted_keys_file",
839	847	"server_trust_anchor", "server_domain_insecure", "server_hide_identity",
840	848	"server_hide_version", "server_identity", "server_version",
841		"server_so_rcvbuf", "server_edns_buffer_size", "server_msg_buffer_size",
842		"server_msg_cache_size", "server_msg_cache_slabs",
843		"server_num_queries_per_thread", "server_jostle_timeout",
844		"server_rrset_cache_size", "server_rrset_cache_slabs",
845		"server_infra_host_ttl", "server_infra_lame_ttl",
846		"server_infra_cache_numhosts", "server_infra_cache_lame_size",
847		"server_infra_cache_slabs", "server_target_fetch_policy",
848		"server_harden_short_bufsize", "server_harden_large_queries",
849		"server_harden_glue", "server_harden_dnssec_stripped",
	849	"server_so_rcvbuf", "server_so_sndbuf", "server_edns_buffer_size",
	850	"server_msg_buffer_size", "server_msg_cache_size",
	851	"server_msg_cache_slabs", "server_num_queries_per_thread",
	852	"server_jostle_timeout", "server_rrset_cache_size",
	853	"server_rrset_cache_slabs", "server_infra_host_ttl",
	854	"server_infra_lame_ttl", "server_infra_cache_numhosts",
	855	"server_infra_cache_lame_size", "server_infra_cache_slabs",
	856	"server_target_fetch_policy", "server_harden_short_bufsize",
	857	"server_harden_large_queries", "server_harden_glue",
	858	"server_harden_dnssec_stripped", "server_harden_below_nxdomain",
850	859	"server_harden_referral_path", "server_use_caps_for_id",
851	860	"server_private_address", "server_private_domain", "server_prefetch",
852	861	"server_prefetch_key", "server_unwanted_reply_threshold",

885	894	335, 336, 337, 338, 339, 340, 341, 342, 343, 344,
886	895	345, 346, 347, 348, 349, 350, 351, 352, 353, 354,
887	896	355, 356, 357, 358, 359, 360, 361, 362, 363, 364,
888		365, 366, 367, 368, 369, 370, 371
	897	365, 366, 367, 368, 369, 370, 371, 372, 373
889	898	};
890	899	# endif
891	900
892	901	/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
893	902	static const yytype_uint8 yyr1[] =
894	903	{
895		0, 117, 118, 118, 119, 119, 119, 119, 119, 120,
896		121, 121, 122, 122, 122, 122, 122, 122, 122, 122,
897		122, 122, 122, 122, 122, 122, 122, 122, 122, 122,
898		122, 122, 122, 122, 122, 122, 122, 122, 122, 122,
899		122, 122, 122, 122, 122, 122, 122, 122, 122, 122,
900		122, 122, 122, 122, 122, 122, 122, 122, 122, 122,
901		122, 122, 122, 122, 122, 122, 122, 122, 122, 122,
902		122, 122, 122, 122, 122, 122, 122, 122, 122, 122,
903		122, 122, 122, 122, 122, 122, 122, 122, 122, 122,
904		122, 122, 122, 122, 122, 122, 122, 122, 122, 123,
905		124, 124, 125, 125, 125, 125, 126, 127, 127, 128,
906		128, 128, 129, 130, 131, 132, 133, 134, 135, 136,
	904	0, 119, 120, 120, 121, 121, 121, 121, 121, 122,
	905	123, 123, 124, 124, 124, 124, 124, 124, 124, 124,
	906	124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
	907	124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
	908	124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
	909	124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
	910	124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
	911	124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
	912	124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
	913	124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
	914	124, 125, 126, 126, 127, 127, 127, 127, 128, 129,
	915	129, 130, 130, 130, 131, 132, 133, 134, 135, 136,
907	916	137, 138, 139, 140, 141, 142, 143, 144, 145, 146,
908	917	147, 148, 149, 150, 151, 152, 153, 154, 155, 156,
909	918	157, 158, 159, 160, 161, 162, 163, 164, 165, 166,

912	921	187, 188, 189, 190, 191, 192, 193, 194, 195, 196,
913	922	197, 198, 199, 200, 201, 202, 203, 204, 205, 206,
914	923	207, 208, 209, 210, 211, 212, 213, 214, 215, 216,
915		217, 218, 219, 220, 221, 222, 223, 224, 224, 225,
916		225, 225, 225, 225, 225, 225, 226, 227, 228, 229,
917		230, 231, 232, 233, 234, 234, 235, 236
	924	217, 218, 219, 220, 221, 222, 223, 224, 225, 226,
	925	227, 228, 228, 229, 229, 229, 229, 229, 229, 229,
	926	230, 231, 232, 233, 234, 235, 236, 237, 238, 238,
	927	239, 240
918	928	};
919	929
920	930	/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */

930	940	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
931	941	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
932	942	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
933		2, 0, 1, 1, 1, 1, 1, 2, 0, 1,
934		1, 1, 2, 2, 2, 2, 2, 2, 2, 2,
	943	1, 1, 2, 0, 1, 1, 1, 1, 1, 2,
	944	0, 1, 1, 1, 2, 2, 2, 2, 2, 2,
935	945	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
936	946	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
937	947	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
938	948	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
939	949	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
940		2, 2, 2, 2, 2, 2, 2, 2, 3, 2,
941	950	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
942		2, 2, 2, 2, 2, 2, 3, 2, 2, 2,
943		2, 2, 2, 2, 2, 2, 1, 2, 0, 1,
944		1, 1, 1, 1, 1, 1, 2, 2, 2, 2,
945		2, 2, 2, 1, 2, 0, 1, 2
	951	2, 2, 3, 2, 2, 2, 2, 2, 2, 2,
	952	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	953	3, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	954	1, 2, 0, 1, 1, 1, 1, 1, 1, 1,
	955	2, 2, 2, 2, 2, 2, 2, 1, 2, 0,
	956	1, 2
946	957	};
947	958
948	959	/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state

950	961	means the default is an error. */
951	962	static const yytype_uint8 yydefact[] =
952	963	{
953		2, 0, 1, 9, 99, 106, 206, 223, 3, 11,
954		101, 108, 208, 225, 4, 5, 6, 8, 7, 0,
	964	2, 0, 1, 9, 101, 108, 210, 227, 3, 11,
	965	103, 110, 212, 229, 4, 5, 6, 8, 7, 0,
955	966	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
956	967	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
957	968	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,

960	971	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
961	972	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
962	973	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
963		0, 0, 0, 0, 0, 0, 10, 12, 13, 69,
964		72, 81, 14, 20, 60, 15, 73, 74, 31, 53,
965		68, 16, 17, 18, 19, 70, 59, 85, 21, 22,
966		23, 24, 25, 61, 75, 76, 91, 47, 57, 48,
967		86, 41, 42, 43, 44, 95, 96, 54, 26, 27,
968		28, 83, 29, 30, 32, 33, 35, 36, 34, 37,
969		38, 39, 45, 64, 78, 71, 79, 80, 97, 98,
970		84, 40, 62, 65, 46, 49, 87, 88, 63, 89,
971		50, 51, 52, 90, 58, 92, 93, 94, 55, 56,
972		77, 66, 67, 82, 0, 0, 0, 0, 100, 102,
973		103, 104, 105, 0, 0, 0, 107, 109, 110, 111,
974		0, 0, 0, 0, 0, 0, 0, 207, 209, 211,
975		210, 212, 213, 214, 215, 0, 224, 226, 113, 112,
976		117, 120, 118, 126, 127, 128, 129, 133, 134, 135,
977		136, 137, 153, 154, 155, 157, 158, 123, 159, 160,
978		163, 161, 162, 164, 165, 166, 176, 146, 147, 148,
979		149, 167, 179, 142, 144, 180, 185, 186, 187, 124,
980		152, 193, 194, 143, 189, 131, 119, 138, 177, 183,
981		168, 0, 0, 197, 125, 114, 130, 170, 115, 121,
982		122, 139, 140, 195, 169, 171, 172, 116, 198, 156,
983		175, 132, 145, 181, 182, 184, 188, 141, 192, 190,
984		191, 150, 151, 173, 174, 199, 200, 201, 202, 203,
985		204, 205, 216, 218, 217, 219, 220, 221, 222, 227,
986		178, 196
	974	0, 0, 0, 0, 0, 0, 0, 0, 10, 12,
	975	13, 69, 72, 81, 14, 20, 60, 15, 73, 74,
	976	31, 53, 68, 16, 17, 18, 19, 70, 59, 85,
	977	21, 22, 23, 24, 25, 61, 75, 76, 91, 47,
	978	57, 48, 86, 41, 42, 43, 44, 95, 99, 96,
	979	54, 26, 27, 28, 83, 29, 30, 32, 33, 35,
	980	36, 34, 37, 38, 39, 45, 64, 100, 78, 71,
	981	79, 80, 97, 98, 84, 40, 62, 65, 46, 49,
	982	87, 88, 63, 89, 50, 51, 52, 90, 58, 92,
	983	93, 94, 55, 56, 77, 66, 67, 82, 0, 0,
	984	0, 0, 102, 104, 105, 106, 107, 0, 0, 0,
	985	109, 111, 112, 113, 0, 0, 0, 0, 0, 0,
	986	0, 211, 213, 215, 214, 216, 217, 218, 219, 0,
	987	228, 230, 115, 114, 119, 122, 120, 128, 129, 130,
	988	131, 135, 136, 137, 138, 139, 156, 157, 158, 160,
	989	161, 125, 162, 163, 166, 164, 165, 167, 168, 169,
	990	180, 148, 149, 150, 151, 170, 183, 144, 146, 184,
	991	189, 190, 191, 126, 155, 197, 198, 145, 193, 133,
	992	121, 140, 181, 187, 171, 0, 0, 201, 127, 116,
	993	132, 174, 117, 123, 124, 141, 142, 199, 173, 175,
	994	176, 118, 202, 159, 179, 134, 147, 185, 186, 188,
	995	192, 143, 196, 194, 195, 152, 154, 177, 178, 153,
	996	172, 203, 204, 205, 206, 207, 208, 209, 220, 222,
	997	221, 223, 224, 225, 226, 231, 182, 200
987	998	};
988	999
989	1000	/* YYDEFGOTO[NTERM-NUM]. */
990	1001	static const yytype_int16 yydefgoto[] =
991	1002	{
992		-1, 1, 8, 9, 14, 106, 10, 15, 198, 11,
993		16, 206, 107, 108, 109, 110, 111, 112, 113, 114,
994		115, 116, 117, 118, 119, 120, 121, 122, 123, 124,
995		125, 126, 127, 128, 129, 130, 131, 132, 133, 134,
996		135, 136, 137, 138, 139, 140, 141, 142, 143, 144,
997		145, 146, 147, 148, 149, 150, 151, 152, 153, 154,
998		155, 156, 157, 158, 159, 160, 161, 162, 163, 164,
999		165, 166, 167, 168, 169, 170, 171, 172, 173, 174,
1000		175, 176, 177, 178, 179, 180, 181, 182, 183, 184,
1001		185, 186, 187, 188, 189, 190, 191, 192, 193, 199,
1002		200, 201, 202, 207, 208, 209, 12, 17, 217, 218,
1003		219, 220, 221, 222, 223, 224, 13, 18, 226, 227
	1003	-1, 1, 8, 9, 14, 108, 10, 15, 202, 11,
	1004	16, 210, 109, 110, 111, 112, 113, 114, 115, 116,
	1005	117, 118, 119, 120, 121, 122, 123, 124, 125, 126,
	1006	127, 128, 129, 130, 131, 132, 133, 134, 135, 136,
	1007	137, 138, 139, 140, 141, 142, 143, 144, 145, 146,
	1008	147, 148, 149, 150, 151, 152, 153, 154, 155, 156,
	1009	157, 158, 159, 160, 161, 162, 163, 164, 165, 166,
	1010	167, 168, 169, 170, 171, 172, 173, 174, 175, 176,
	1011	177, 178, 179, 180, 181, 182, 183, 184, 185, 186,
	1012	187, 188, 189, 190, 191, 192, 193, 194, 195, 196,
	1013	197, 203, 204, 205, 206, 211, 212, 213, 12, 17,
	1014	221, 222, 223, 224, 225, 226, 227, 228, 13, 18,
	1015	230, 231
1004	1016	};
1005	1017
1006	1018	/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing

1009	1021	static const yytype_int16 yypact[] =
1010	1022	{
1011	1023	-80, 76, -80, -80, -80, -80, -80, -80, -80, -80,
1012		-80, -80, -80, -80, -12, 40, 46, 16, -79, 17,
1013		18, 22, 23, 24, 68, 71, 72, 102, 103, 105,
1014		106, 107, 108, 109, 111, 112, 113, 114, 115, 116,
1015		117, 118, 119, 120, 121, 122, 123, 124, 125, 126,
1016		127, 128, 130, 131, 132, 133, 134, 135, 136, 137,
1017		138, 139, 140, 141, 142, 143, 144, 145, 146, 147,
1018		148, 149, 150, 151, 152, 153, 155, 156, 157, 158,
1019		159, 160, 161, 162, 163, 164, 165, 166, 167, 168,
1020		170, 171, 172, 173, 174, 175, 176, 177, 178, 179,
1021		180, 181, 182, 183, 184, 185, -80, -80, -80, -80,
	1024	-80, -80, -80, -80, -12, 40, 46, 18, -79, 16,
	1025	17, 22, 23, 24, 68, 71, 72, 105, 106, 107,
	1026	108, 109, 111, 112, 113, 114, 115, 116, 117, 118,
	1027	119, 120, 121, 122, 123, 124, 125, 126, 127, 128,
	1028	130, 131, 132, 133, 134, 135, 136, 137, 138, 139,
	1029	140, 141, 142, 143, 144, 145, 146, 147, 148, 149,
	1030	150, 151, 152, 153, 155, 156, 157, 158, 159, 160,
	1031	161, 162, 163, 164, 165, 166, 167, 168, 170, 171,
	1032	172, 173, 174, 175, 176, 177, 178, 179, 180, 181,
	1033	182, 183, 184, 185, 186, 187, 188, 189, -80, -80,
1022	1034	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1023	1035	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1024	1036	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,

1027	1039	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1028	1040	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1029	1041	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1030		-80, -80, -80, -80, 186, 187, 188, 189, -80, -80,
1031		-80, -80, -80, 190, 191, 192, -80, -80, -80, -80,
1032		193, 194, 195, 196, 197, 198, 199, -80, -80, -80,
1033		-80, -80, -80, -80, -80, 200, -80, -80, -80, -80,
	1042	-80, -80, -80, -80, -80, -80, -80, -80, 190, 191,
	1043	192, 193, -80, -80, -80, -80, -80, 194, 195, 196,
	1044	-80, -80, -80, -80, 197, 198, 199, 200, 201, 202,
	1045	203, -80, -80, -80, -80, -80, -80, -80, -80, 204,
1034	1046	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1035	1047	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1036	1048	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1037	1049	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1038	1050	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1039		-80, 201, 202, -80, -80, -80, -80, -80, -80, -80,
	1051	-80, -80, -80, -80, -80, 205, 206, -80, -80, -80,
1040	1052	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1041	1053	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1042	1054	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1043	1055	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1044		-80, -80
	1056	-80, -80, -80, -80, -80, -80, -80, -80
1045	1057	};
1046	1058
1047	1059	/* YYPGOTO[NTERM-NUM]. */

1058	1070	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1059	1071	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1060	1072	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
1061		-80, -80, -80, -80, -80, -80, -80, -80, -80, -80
	1073	-80, -80, -80, -80, -80, -80, -80, -80, -80, -80,
	1074	-80, -80
1062	1075	};
1063	1076
1064	1077	/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If

1070	1083	{
1071	1084	19, 20, 21, 22, 23, 24, 25, 26, 27, 28,
1072	1085	29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
1073		39, 40, 41, 42, 43, 225, 0, 228, 229, 44,
1074		45, 46, 230, 231, 232, 47, 48, 49, 50, 51,
	1086	39, 40, 41, 42, 43, 229, 232, 233, 0, 44,
	1087	45, 46, 234, 235, 236, 47, 48, 49, 50, 51,
1075	1088	52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
1076	1089	62, 63, 64, 65, 66, 67, 68, 69, 70, 71,
1077	1090	72, 73, 74, 75, 76, 77, 78, 79, 80, 81,
1078		82, 83, 84, 85, 86, 87, 2, 194, 233, 195,
1079		196, 234, 235, 203, 88, 89, 90, 3, 91, 92,
1080		93, 204, 205, 94, 95, 96, 97, 98, 99, 100,
1081		101, 102, 103, 104, 105, 210, 211, 212, 213, 214,
1082		215, 216, 236, 237, 4, 238, 239, 240, 241, 242,
1083		5, 243, 244, 245, 246, 247, 248, 249, 250, 251,
1084		252, 253, 254, 255, 256, 257, 258, 259, 260, 197,
1085		261, 262, 263, 264, 265, 266, 267, 268, 269, 270,
1086		271, 272, 273, 274, 275, 276, 277, 278, 279, 280,
1087		281, 282, 283, 284, 6, 285, 286, 287, 288, 289,
1088		290, 291, 292, 293, 294, 295, 296, 297, 298, 7,
1089		299, 300, 301, 302, 303, 304, 305, 306, 307, 308,
1090		309, 310, 311, 312, 313, 314, 315, 316, 317, 318,
1091		319, 320, 321, 322, 323, 324, 325, 326, 327, 328,
1092		329, 330, 331
	1091	82, 83, 84, 85, 86, 87, 2, 198, 237, 199,
	1092	200, 238, 239, 207, 88, 89, 90, 3, 91, 92,
	1093	93, 208, 209, 94, 95, 96, 97, 98, 99, 100,
	1094	101, 102, 103, 104, 105, 106, 107, 214, 215, 216,
	1095	217, 218, 219, 220, 4, 240, 241, 242, 243, 244,
	1096	5, 245, 246, 247, 248, 249, 250, 251, 252, 253,
	1097	254, 255, 256, 257, 258, 259, 260, 261, 262, 201,
	1098	263, 264, 265, 266, 267, 268, 269, 270, 271, 272,
	1099	273, 274, 275, 276, 277, 278, 279, 280, 281, 282,
	1100	283, 284, 285, 286, 6, 287, 288, 289, 290, 291,
	1101	292, 293, 294, 295, 296, 297, 298, 299, 300, 7,
	1102	301, 302, 303, 304, 305, 306, 307, 308, 309, 310,
	1103	311, 312, 313, 314, 315, 316, 317, 318, 319, 320,
	1104	321, 322, 323, 324, 325, 326, 327, 328, 329, 330,
	1105	331, 332, 333, 334, 335, 336, 337
1093	1106	};
1094	1107
1095	1108	static const yytype_int8 yycheck[] =
1096	1109	{
1097	1110	12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
1098	1111	22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
1099		32, 33, 34, 35, 36, 104, -1, 10, 10, 41,
	1112	32, 33, 34, 35, 36, 104, 10, 10, -1, 41,
1100	1113	42, 43, 10, 10, 10, 47, 48, 49, 50, 51,
1101	1114	52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
1102	1115	62, 63, 64, 65, 66, 67, 68, 69, 70, 71,

1104	1117	82, 83, 84, 85, 86, 87, 0, 37, 10, 39,
1105	1118	40, 10, 10, 37, 96, 97, 98, 11, 100, 101,
1106	1119	102, 45, 46, 105, 106, 107, 108, 109, 110, 111,
1107		112, 113, 114, 115, 116, 89, 90, 91, 92, 93,
1108		94, 95, 10, 10, 38, 10, 10, 10, 10, 10,
	1120	112, 113, 114, 115, 116, 117, 118, 89, 90, 91,
	1121	92, 93, 94, 95, 38, 10, 10, 10, 10, 10,
1109	1122	44, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1110	1123	10, 10, 10, 10, 10, 10, 10, 10, 10, 99,
1111	1124	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,

1115	1128	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1116	1129	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1117	1130	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1118		10, 10, 10
	1131	10, 10, 10, 10, 10, 10, 10
1119	1132	};
1120	1133
1121	1134	/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
1122	1135	symbol of state STATE-NUM. */
1123	1136	static const yytype_uint8 yystos[] =
1124	1137	{
1125		0, 118, 0, 11, 38, 44, 88, 103, 119, 120,
1126		123, 126, 223, 233, 121, 124, 127, 224, 234, 12,
	1138	0, 120, 0, 11, 38, 44, 88, 103, 121, 122,
	1139	125, 128, 227, 237, 123, 126, 129, 228, 238, 12,
1127	1140	13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
1128	1141	23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
1129	1142	33, 34, 35, 36, 41, 42, 43, 47, 48, 49,

1132	1145	70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
1133	1146	80, 81, 82, 83, 84, 85, 86, 87, 96, 97,
1134	1147	98, 100, 101, 102, 105, 106, 107, 108, 109, 110,
1135		111, 112, 113, 114, 115, 116, 122, 129, 130, 131,
	1148	111, 112, 113, 114, 115, 116, 117, 118, 124, 131,
1136	1149	132, 133, 134, 135, 136, 137, 138, 139, 140, 141,
1137	1150	142, 143, 144, 145, 146, 147, 148, 149, 150, 151,
1138	1151	152, 153, 154, 155, 156, 157, 158, 159, 160, 161,

1141	1154	182, 183, 184, 185, 186, 187, 188, 189, 190, 191,
1142	1155	192, 193, 194, 195, 196, 197, 198, 199, 200, 201,
1143	1156	202, 203, 204, 205, 206, 207, 208, 209, 210, 211,
1144		212, 213, 214, 215, 37, 39, 40, 99, 125, 216,
1145		217, 218, 219, 37, 45, 46, 128, 220, 221, 222,
1146		89, 90, 91, 92, 93, 94, 95, 225, 226, 227,
1147		228, 229, 230, 231, 232, 104, 235, 236, 10, 10,
	1157	212, 213, 214, 215, 216, 217, 218, 219, 37, 39,
	1158	40, 99, 127, 220, 221, 222, 223, 37, 45, 46,
	1159	130, 224, 225, 226, 89, 90, 91, 92, 93, 94,
	1160	95, 229, 230, 231, 232, 233, 234, 235, 236, 104,
	1161	239, 240, 10, 10, 10, 10, 10, 10, 10, 10,
1148	1162	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1149	1163	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1150	1164	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,

1154	1168	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1155	1169	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1156	1170	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1157		10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
1158		10, 10
	1171	10, 10, 10, 10, 10, 10, 10, 10
1159	1172	};
1160	1173
1161	1174	#define yyerrok (yyerrstatus = 0)

1975	1988	}
1976	1989	break;
1977	1990
1978		case 99:
1979
1980		/* Line 1455 of yacc.c */
1981		#line 160 "util/configparser.y"
	1991	case 101:
	1992
	1993	/* Line 1455 of yacc.c */
	1994	#line 161 "util/configparser.y"
1982	1995	{
1983	1996	struct config_stub* s;
1984	1997	OUTYY(("\nP(stub_zone:)\n"));

1991	2004	}
1992	2005	break;
1993	2006
1994		case 106:
1995
1996		/* Line 1455 of yacc.c */
1997		#line 176 "util/configparser.y"
	2007	case 108:
	2008
	2009	/* Line 1455 of yacc.c */
	2010	#line 177 "util/configparser.y"
1998	2011	{
1999	2012	struct config_stub* s;
2000	2013	OUTYY(("\nP(forward_zone:)\n"));

2007	2020	}
2008	2021	break;
2009	2022
2010		case 112:
2011
2012		/* Line 1455 of yacc.c */
2013		#line 192 "util/configparser.y"
	2023	case 114:
	2024
	2025	/* Line 1455 of yacc.c */
	2026	#line 193 "util/configparser.y"
2014	2027	{
2015	2028	OUTYY(("P(server_num_threads:%s)\n", (yyvsp[(2) - (2)].str)));
2016	2029	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2020	2033	}
2021	2034	break;
2022	2035
2023		case 113:
2024
2025		/* Line 1455 of yacc.c */
2026		#line 201 "util/configparser.y"
	2036	case 115:
	2037
	2038	/* Line 1455 of yacc.c */
	2039	#line 202 "util/configparser.y"
2027	2040	{
2028	2041	OUTYY(("P(server_verbosity:%s)\n", (yyvsp[(2) - (2)].str)));
2029	2042	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2033	2046	}
2034	2047	break;
2035	2048
2036		case 114:
2037
2038		/* Line 1455 of yacc.c */
2039		#line 210 "util/configparser.y"
	2049	case 116:
	2050
	2051	/* Line 1455 of yacc.c */
	2052	#line 211 "util/configparser.y"
2040	2053	{
2041	2054	OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[(2) - (2)].str)));
2042	2055	if(strcmp((yyvsp[(2) - (2)].str), "") == 0 \|\| strcmp((yyvsp[(2) - (2)].str), "0") == 0)

2048	2061	}
2049	2062	break;
2050	2063
2051		case 115:
2052
2053		/* Line 1455 of yacc.c */
2054		#line 221 "util/configparser.y"
	2064	case 117:
	2065
	2066	/* Line 1455 of yacc.c */
	2067	#line 222 "util/configparser.y"
2055	2068	{
2056	2069	OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[(2) - (2)].str)));
2057	2070	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2061	2074	}
2062	2075	break;
2063	2076
2064		case 116:
2065
2066		/* Line 1455 of yacc.c */
2067		#line 230 "util/configparser.y"
	2077	case 118:
	2078
	2079	/* Line 1455 of yacc.c */
	2080	#line 231 "util/configparser.y"
2068	2081	{
2069	2082	OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[(2) - (2)].str)));
2070	2083	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2074	2087	}
2075	2088	break;
2076	2089
2077		case 117:
2078
2079		/* Line 1455 of yacc.c */
2080		#line 239 "util/configparser.y"
	2090	case 119:
	2091
	2092	/* Line 1455 of yacc.c */
	2093	#line 240 "util/configparser.y"
2081	2094	{
2082	2095	OUTYY(("P(server_port:%s)\n", (yyvsp[(2) - (2)].str)));
2083	2096	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2087	2100	}
2088	2101	break;
2089	2102
2090		case 118:
2091
2092		/* Line 1455 of yacc.c */
2093		#line 248 "util/configparser.y"
	2103	case 120:
	2104
	2105	/* Line 1455 of yacc.c */
	2106	#line 249 "util/configparser.y"
2094	2107	{
2095	2108	OUTYY(("P(server_interface:%s)\n", (yyvsp[(2) - (2)].str)));
2096	2109	if(cfg_parser->cfg->num_ifs == 0)

2104	2117	}
2105	2118	break;
2106	2119
2107		case 119:
2108
2109		/* Line 1455 of yacc.c */
2110		#line 261 "util/configparser.y"
	2120	case 121:
	2121
	2122	/* Line 1455 of yacc.c */
	2123	#line 262 "util/configparser.y"
2111	2124	{
2112	2125	OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[(2) - (2)].str)));
2113	2126	if(cfg_parser->cfg->num_out_ifs == 0)

2123	2136	}
2124	2137	break;
2125	2138
2126		case 120:
2127
2128		/* Line 1455 of yacc.c */
2129		#line 276 "util/configparser.y"
	2139	case 122:
	2140
	2141	/* Line 1455 of yacc.c */
	2142	#line 277 "util/configparser.y"
2130	2143	{
2131	2144	OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[(2) - (2)].str)));
2132	2145	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2136	2149	}
2137	2150	break;
2138	2151
2139		case 121:
2140
2141		/* Line 1455 of yacc.c */
2142		#line 285 "util/configparser.y"
	2152	case 123:
	2153
	2154	/* Line 1455 of yacc.c */
	2155	#line 286 "util/configparser.y"
2143	2156	{
2144	2157	OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[(2) - (2)].str)));
2145	2158	if(!cfg_mark_ports((yyvsp[(2) - (2)].str), 1,

2149	2162	}
2150	2163	break;
2151	2164
2152		case 122:
2153
2154		/* Line 1455 of yacc.c */
2155		#line 294 "util/configparser.y"
	2165	case 124:
	2166
	2167	/* Line 1455 of yacc.c */
	2168	#line 295 "util/configparser.y"
2156	2169	{
2157	2170	OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[(2) - (2)].str)));
2158	2171	if(!cfg_mark_ports((yyvsp[(2) - (2)].str), 0,

2162	2175	}
2163	2176	break;
2164	2177
2165		case 123:
2166
2167		/* Line 1455 of yacc.c */
2168		#line 303 "util/configparser.y"
	2178	case 125:
	2179
	2180	/* Line 1455 of yacc.c */
	2181	#line 304 "util/configparser.y"
2169	2182	{
2170	2183	OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[(2) - (2)].str)));
2171	2184	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2175	2188	}
2176	2189	break;
2177	2190
2178		case 124:
2179
2180		/* Line 1455 of yacc.c */
2181		#line 312 "util/configparser.y"
	2191	case 126:
	2192
	2193	/* Line 1455 of yacc.c */
	2194	#line 313 "util/configparser.y"
2182	2195	{
2183	2196	OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[(2) - (2)].str)));
2184	2197	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2188	2201	}
2189	2202	break;
2190	2203
2191		case 125:
2192
2193		/* Line 1455 of yacc.c */
2194		#line 321 "util/configparser.y"
	2204	case 127:
	2205
	2206	/* Line 1455 of yacc.c */
	2207	#line 322 "util/configparser.y"
2195	2208	{
2196	2209	OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[(2) - (2)].str)));
2197	2210	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2201	2214	}
2202	2215	break;
2203	2216
2204		case 126:
2205
2206		/* Line 1455 of yacc.c */
2207		#line 330 "util/configparser.y"
	2217	case 128:
	2218
	2219	/* Line 1455 of yacc.c */
	2220	#line 331 "util/configparser.y"
2208	2221	{
2209	2222	OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[(2) - (2)].str)));
2210	2223	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2214	2227	}
2215	2228	break;
2216	2229
2217		case 127:
2218
2219		/* Line 1455 of yacc.c */
2220		#line 339 "util/configparser.y"
	2230	case 129:
	2231
	2232	/* Line 1455 of yacc.c */
	2233	#line 340 "util/configparser.y"
2221	2234	{
2222	2235	OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[(2) - (2)].str)));
2223	2236	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2227	2240	}
2228	2241	break;
2229	2242
2230		case 128:
2231
2232		/* Line 1455 of yacc.c */
2233		#line 348 "util/configparser.y"
	2243	case 130:
	2244
	2245	/* Line 1455 of yacc.c */
	2246	#line 349 "util/configparser.y"
2234	2247	{
2235	2248	OUTYY(("P(server_do_udp:%s)\n", (yyvsp[(2) - (2)].str)));
2236	2249	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2240	2253	}
2241	2254	break;
2242	2255
2243		case 129:
2244
2245		/* Line 1455 of yacc.c */
2246		#line 357 "util/configparser.y"
	2256	case 131:
	2257
	2258	/* Line 1455 of yacc.c */
	2259	#line 358 "util/configparser.y"
2247	2260	{
2248	2261	OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[(2) - (2)].str)));
2249	2262	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2253	2266	}
2254	2267	break;
2255	2268
2256		case 130:
2257
2258		/* Line 1455 of yacc.c */
2259		#line 366 "util/configparser.y"
	2269	case 132:
	2270
	2271	/* Line 1455 of yacc.c */
	2272	#line 367 "util/configparser.y"
2260	2273	{
2261	2274	OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[(2) - (2)].str)));
2262	2275	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2266	2279	}
2267	2280	break;
2268	2281
2269		case 131:
2270
2271		/* Line 1455 of yacc.c */
2272		#line 375 "util/configparser.y"
	2282	case 133:
	2283
	2284	/* Line 1455 of yacc.c */
	2285	#line 376 "util/configparser.y"
2273	2286	{
2274	2287	OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[(2) - (2)].str)));
2275	2288	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2284	2297	}
2285	2298	break;
2286	2299
2287		case 132:
2288
2289		/* Line 1455 of yacc.c */
2290		#line 389 "util/configparser.y"
	2300	case 134:
	2301
	2302	/* Line 1455 of yacc.c */
	2303	#line 390 "util/configparser.y"
2291	2304	{
2292	2305	OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[(2) - (2)].str)));
2293	2306	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2297	2310	}
2298	2311	break;
2299	2312
2300		case 133:
2301
2302		/* Line 1455 of yacc.c */
2303		#line 398 "util/configparser.y"
	2313	case 135:
	2314
	2315	/* Line 1455 of yacc.c */
	2316	#line 399 "util/configparser.y"
2304	2317	{
2305	2318	OUTYY(("P(server_chroot:%s)\n", (yyvsp[(2) - (2)].str)));
2306	2319	free(cfg_parser->cfg->chrootdir);

2308	2321	}
2309	2322	break;
2310	2323
2311		case 134:
2312
2313		/* Line 1455 of yacc.c */
2314		#line 405 "util/configparser.y"
	2324	case 136:
	2325
	2326	/* Line 1455 of yacc.c */
	2327	#line 406 "util/configparser.y"
2315	2328	{
2316	2329	OUTYY(("P(server_username:%s)\n", (yyvsp[(2) - (2)].str)));
2317	2330	free(cfg_parser->cfg->username);

2319	2332	}
2320	2333	break;
2321	2334
2322		case 135:
2323
2324		/* Line 1455 of yacc.c */
2325		#line 412 "util/configparser.y"
	2335	case 137:
	2336
	2337	/* Line 1455 of yacc.c */
	2338	#line 413 "util/configparser.y"
2326	2339	{
2327	2340	OUTYY(("P(server_directory:%s)\n", (yyvsp[(2) - (2)].str)));
2328	2341	free(cfg_parser->cfg->directory);

2330	2343	}
2331	2344	break;
2332	2345
2333		case 136:
2334
2335		/* Line 1455 of yacc.c */
2336		#line 419 "util/configparser.y"
	2346	case 138:
	2347
	2348	/* Line 1455 of yacc.c */
	2349	#line 420 "util/configparser.y"
2337	2350	{
2338	2351	OUTYY(("P(server_logfile:%s)\n", (yyvsp[(2) - (2)].str)));
2339	2352	free(cfg_parser->cfg->logfile);

2342	2355	}
2343	2356	break;
2344	2357
2345		case 137:
2346
2347		/* Line 1455 of yacc.c */
2348		#line 427 "util/configparser.y"
	2358	case 139:
	2359
	2360	/* Line 1455 of yacc.c */
	2361	#line 428 "util/configparser.y"
2349	2362	{
2350	2363	OUTYY(("P(server_pidfile:%s)\n", (yyvsp[(2) - (2)].str)));
2351	2364	free(cfg_parser->cfg->pidfile);

2353	2366	}
2354	2367	break;
2355	2368
2356		case 138:
2357
2358		/* Line 1455 of yacc.c */
2359		#line 434 "util/configparser.y"
	2369	case 140:
	2370
	2371	/* Line 1455 of yacc.c */
	2372	#line 435 "util/configparser.y"
2360	2373	{
2361	2374	OUTYY(("P(server_root_hints:%s)\n", (yyvsp[(2) - (2)].str)));
2362	2375	if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[(2) - (2)].str)))

2364	2377	}
2365	2378	break;
2366	2379
2367		case 139:
2368
2369		/* Line 1455 of yacc.c */
2370		#line 441 "util/configparser.y"
	2380	case 141:
	2381
	2382	/* Line 1455 of yacc.c */
	2383	#line 442 "util/configparser.y"
2371	2384	{
2372	2385	OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[(2) - (2)].str)));
2373	2386	free(cfg_parser->cfg->dlv_anchor_file);

2375	2388	}
2376	2389	break;
2377	2390
2378		case 140:
2379
2380		/* Line 1455 of yacc.c */
2381		#line 448 "util/configparser.y"
	2391	case 142:
	2392
	2393	/* Line 1455 of yacc.c */
	2394	#line 449 "util/configparser.y"
2382	2395	{
2383	2396	OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[(2) - (2)].str)));
2384	2397	if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[(2) - (2)].str)))

2386	2399	}
2387	2400	break;
2388	2401
2389		case 141:
2390
2391		/* Line 1455 of yacc.c */
2392		#line 455 "util/configparser.y"
	2402	case 143:
	2403
	2404	/* Line 1455 of yacc.c */
	2405	#line 456 "util/configparser.y"
2393	2406	{
2394	2407	OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[(2) - (2)].str)));
2395	2408	if(!cfg_strlist_insert(&cfg_parser->cfg->

2398	2411	}
2399	2412	break;
2400	2413
2401		case 142:
2402
2403		/* Line 1455 of yacc.c */
2404		#line 463 "util/configparser.y"
	2414	case 144:
	2415
	2416	/* Line 1455 of yacc.c */
	2417	#line 464 "util/configparser.y"
2405	2418	{
2406	2419	OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[(2) - (2)].str)));
2407	2420	if(!cfg_strlist_insert(&cfg_parser->cfg->

2410	2423	}
2411	2424	break;
2412	2425
2413		case 143:
2414
2415		/* Line 1455 of yacc.c */
2416		#line 471 "util/configparser.y"
	2426	case 145:
	2427
	2428	/* Line 1455 of yacc.c */
	2429	#line 472 "util/configparser.y"
2417	2430	{
2418	2431	OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[(2) - (2)].str)));
2419	2432	if(!cfg_strlist_insert(&cfg_parser->cfg->

2422	2435	}
2423	2436	break;
2424	2437
2425		case 144:
2426
2427		/* Line 1455 of yacc.c */
2428		#line 479 "util/configparser.y"
	2438	case 146:
	2439
	2440	/* Line 1455 of yacc.c */
	2441	#line 480 "util/configparser.y"
2429	2442	{
2430	2443	OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[(2) - (2)].str)));
2431	2444	if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[(2) - (2)].str)))

2433	2446	}
2434	2447	break;
2435	2448
2436		case 145:
2437
2438		/* Line 1455 of yacc.c */
2439		#line 486 "util/configparser.y"
	2449	case 147:
	2450
	2451	/* Line 1455 of yacc.c */
	2452	#line 487 "util/configparser.y"
2440	2453	{
2441	2454	OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[(2) - (2)].str)));
2442	2455	if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[(2) - (2)].str)))

2444	2457	}
2445	2458	break;
2446	2459
2447		case 146:
2448
2449		/* Line 1455 of yacc.c */
2450		#line 493 "util/configparser.y"
	2460	case 148:
	2461
	2462	/* Line 1455 of yacc.c */
	2463	#line 494 "util/configparser.y"
2451	2464	{
2452	2465	OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[(2) - (2)].str)));
2453	2466	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2457	2470	}
2458	2471	break;
2459	2472
2460		case 147:
2461
2462		/* Line 1455 of yacc.c */
2463		#line 502 "util/configparser.y"
	2473	case 149:
	2474
	2475	/* Line 1455 of yacc.c */
	2476	#line 503 "util/configparser.y"
2464	2477	{
2465	2478	OUTYY(("P(server_hide_version:%s)\n", (yyvsp[(2) - (2)].str)));
2466	2479	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2470	2483	}
2471	2484	break;
2472	2485
2473		case 148:
2474
2475		/* Line 1455 of yacc.c */
2476		#line 511 "util/configparser.y"
	2486	case 150:
	2487
	2488	/* Line 1455 of yacc.c */
	2489	#line 512 "util/configparser.y"
2477	2490	{
2478	2491	OUTYY(("P(server_identity:%s)\n", (yyvsp[(2) - (2)].str)));
2479	2492	free(cfg_parser->cfg->identity);

2481	2494	}
2482	2495	break;
2483	2496
2484		case 149:
2485
2486		/* Line 1455 of yacc.c */
2487		#line 518 "util/configparser.y"
	2497	case 151:
	2498
	2499	/* Line 1455 of yacc.c */
	2500	#line 519 "util/configparser.y"
2488	2501	{
2489	2502	OUTYY(("P(server_version:%s)\n", (yyvsp[(2) - (2)].str)));
2490	2503	free(cfg_parser->cfg->version);

2492	2505	}
2493	2506	break;
2494	2507
2495		case 150:
2496
2497		/* Line 1455 of yacc.c */
2498		#line 525 "util/configparser.y"
	2508	case 152:
	2509
	2510	/* Line 1455 of yacc.c */
	2511	#line 526 "util/configparser.y"
2499	2512	{
2500	2513	OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[(2) - (2)].str)));
2501		if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->socket_rcvbuf))
	2514	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->so_rcvbuf))
2502	2515	yyerror("buffer size expected");
2503	2516	free((yyvsp[(2) - (2)].str));
2504	2517	}
2505	2518	break;
2506	2519
2507		case 151:
2508
2509		/* Line 1455 of yacc.c */
2510		#line 533 "util/configparser.y"
	2520	case 153:
	2521
	2522	/* Line 1455 of yacc.c */
	2523	#line 534 "util/configparser.y"
	2524	{
	2525	OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[(2) - (2)].str)));
	2526	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->so_sndbuf))
	2527	yyerror("buffer size expected");
	2528	free((yyvsp[(2) - (2)].str));
	2529	}
	2530	break;
	2531
	2532	case 154:
	2533
	2534	/* Line 1455 of yacc.c */
	2535	#line 542 "util/configparser.y"
2511	2536	{
2512	2537	OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[(2) - (2)].str)));
2513	2538	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2521	2546	}
2522	2547	break;
2523	2548
2524		case 152:
2525
2526		/* Line 1455 of yacc.c */
2527		#line 546 "util/configparser.y"
	2549	case 155:
	2550
	2551	/* Line 1455 of yacc.c */
	2552	#line 555 "util/configparser.y"
2528	2553	{
2529	2554	OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[(2) - (2)].str)));
2530	2555	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2536	2561	}
2537	2562	break;
2538	2563
2539		case 153:
2540
2541		/* Line 1455 of yacc.c */
2542		#line 557 "util/configparser.y"
	2564	case 156:
	2565
	2566	/* Line 1455 of yacc.c */
	2567	#line 566 "util/configparser.y"
2543	2568	{
2544	2569	OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
2545	2570	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->msg_cache_size))

2548	2573	}
2549	2574	break;
2550	2575
2551		case 154:
2552
2553		/* Line 1455 of yacc.c */
2554		#line 565 "util/configparser.y"
	2576	case 157:
	2577
	2578	/* Line 1455 of yacc.c */
	2579	#line 574 "util/configparser.y"
2555	2580	{
2556	2581	OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
2557	2582	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2565	2590	}
2566	2591	break;
2567	2592
2568		case 155:
2569
2570		/* Line 1455 of yacc.c */
2571		#line 578 "util/configparser.y"
	2593	case 158:
	2594
	2595	/* Line 1455 of yacc.c */
	2596	#line 587 "util/configparser.y"
2572	2597	{
2573	2598	OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[(2) - (2)].str)));
2574	2599	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2578	2603	}
2579	2604	break;
2580	2605
2581		case 156:
2582
2583		/* Line 1455 of yacc.c */
2584		#line 587 "util/configparser.y"
	2606	case 159:
	2607
	2608	/* Line 1455 of yacc.c */
	2609	#line 596 "util/configparser.y"
2585	2610	{
2586	2611	OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[(2) - (2)].str)));
2587	2612	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2591	2616	}
2592	2617	break;
2593	2618
2594		case 157:
2595
2596		/* Line 1455 of yacc.c */
2597		#line 596 "util/configparser.y"
	2619	case 160:
	2620
	2621	/* Line 1455 of yacc.c */
	2622	#line 605 "util/configparser.y"
2598	2623	{
2599	2624	OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
2600	2625	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->rrset_cache_size))

2603	2628	}
2604	2629	break;
2605	2630
2606		case 158:
2607
2608		/* Line 1455 of yacc.c */
2609		#line 604 "util/configparser.y"
	2631	case 161:
	2632
	2633	/* Line 1455 of yacc.c */
	2634	#line 613 "util/configparser.y"
2610	2635	{
2611	2636	OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
2612	2637	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2620	2645	}
2621	2646	break;
2622	2647
2623		case 159:
2624
2625		/* Line 1455 of yacc.c */
2626		#line 617 "util/configparser.y"
	2648	case 162:
	2649
	2650	/* Line 1455 of yacc.c */
	2651	#line 626 "util/configparser.y"
2627	2652	{
2628	2653	OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2629	2654	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2633	2658	}
2634	2659	break;
2635	2660
2636		case 160:
2637
2638		/* Line 1455 of yacc.c */
2639		#line 626 "util/configparser.y"
	2661	case 163:
	2662
	2663	/* Line 1455 of yacc.c */
	2664	#line 635 "util/configparser.y"
2640	2665	{
2641	2666	OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2642	2667	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2646	2671	}
2647	2672	break;
2648	2673
2649		case 161:
2650
2651		/* Line 1455 of yacc.c */
2652		#line 635 "util/configparser.y"
	2674	case 164:
	2675
	2676	/* Line 1455 of yacc.c */
	2677	#line 644 "util/configparser.y"
2653	2678	{
2654	2679	OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[(2) - (2)].str)));
2655	2680	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2659	2684	}
2660	2685	break;
2661	2686
2662		case 162:
2663
2664		/* Line 1455 of yacc.c */
2665		#line 644 "util/configparser.y"
	2687	case 165:
	2688
	2689	/* Line 1455 of yacc.c */
	2690	#line 653 "util/configparser.y"
2666	2691	{
2667	2692	OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[(2) - (2)].str)));
2668	2693	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->

2672	2697	}
2673	2698	break;
2674	2699
2675		case 163:
2676
2677		/* Line 1455 of yacc.c */
2678		#line 653 "util/configparser.y"
	2700	case 166:
	2701
	2702	/* Line 1455 of yacc.c */
	2703	#line 662 "util/configparser.y"
2679	2704	{
2680	2705	OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
2681	2706	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2689	2714	}
2690	2715	break;
2691	2716
2692		case 164:
2693
2694		/* Line 1455 of yacc.c */
2695		#line 666 "util/configparser.y"
	2717	case 167:
	2718
	2719	/* Line 1455 of yacc.c */
	2720	#line 675 "util/configparser.y"
2696	2721	{
2697	2722	OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[(2) - (2)].str)));
2698	2723	free(cfg_parser->cfg->target_fetch_policy);

2700	2725	}
2701	2726	break;
2702	2727
2703		case 165:
2704
2705		/* Line 1455 of yacc.c */
2706		#line 673 "util/configparser.y"
	2728	case 168:
	2729
	2730	/* Line 1455 of yacc.c */
	2731	#line 682 "util/configparser.y"
2707	2732	{
2708	2733	OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[(2) - (2)].str)));
2709	2734	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2714	2739	}
2715	2740	break;
2716	2741
2717		case 166:
2718
2719		/* Line 1455 of yacc.c */
2720		#line 683 "util/configparser.y"
	2742	case 169:
	2743
	2744	/* Line 1455 of yacc.c */
	2745	#line 692 "util/configparser.y"
2721	2746	{
2722	2747	OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[(2) - (2)].str)));
2723	2748	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2728	2753	}
2729	2754	break;
2730	2755
2731		case 167:
2732
2733		/* Line 1455 of yacc.c */
2734		#line 693 "util/configparser.y"
	2756	case 170:
	2757
	2758	/* Line 1455 of yacc.c */
	2759	#line 702 "util/configparser.y"
2735	2760	{
2736	2761	OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[(2) - (2)].str)));
2737	2762	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2742	2767	}
2743	2768	break;
2744	2769
2745		case 168:
2746
2747		/* Line 1455 of yacc.c */
2748		#line 703 "util/configparser.y"
	2770	case 171:
	2771
	2772	/* Line 1455 of yacc.c */
	2773	#line 712 "util/configparser.y"
2749	2774	{
2750	2775	OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[(2) - (2)].str)));
2751	2776	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2756	2781	}
2757	2782	break;
2758	2783
2759		case 169:
2760
2761		/* Line 1455 of yacc.c */
2762		#line 713 "util/configparser.y"
	2784	case 172:
	2785
	2786	/* Line 1455 of yacc.c */
	2787	#line 722 "util/configparser.y"
	2788	{
	2789	OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[(2) - (2)].str)));
	2790	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
	2791	yyerror("expected yes or no.");
	2792	else cfg_parser->cfg->harden_below_nxdomain =
	2793	(strcmp((yyvsp[(2) - (2)].str), "yes")==0);
	2794	free((yyvsp[(2) - (2)].str));
	2795	}
	2796	break;
	2797
	2798	case 173:
	2799
	2800	/* Line 1455 of yacc.c */
	2801	#line 732 "util/configparser.y"
2763	2802	{
2764	2803	OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[(2) - (2)].str)));
2765	2804	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2770	2809	}
2771	2810	break;
2772	2811
2773		case 170:
2774
2775		/* Line 1455 of yacc.c */
2776		#line 723 "util/configparser.y"
	2812	case 174:
	2813
	2814	/* Line 1455 of yacc.c */
	2815	#line 742 "util/configparser.y"
2777	2816	{
2778	2817	OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[(2) - (2)].str)));
2779	2818	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2784	2823	}
2785	2824	break;
2786	2825
2787		case 171:
2788
2789		/* Line 1455 of yacc.c */
2790		#line 733 "util/configparser.y"
	2826	case 175:
	2827
	2828	/* Line 1455 of yacc.c */
	2829	#line 752 "util/configparser.y"
2791	2830	{
2792	2831	OUTYY(("P(server_private_address:%s)\n", (yyvsp[(2) - (2)].str)));
2793	2832	if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[(2) - (2)].str)))

2795	2834	}
2796	2835	break;
2797	2836
2798		case 172:
2799
2800		/* Line 1455 of yacc.c */
2801		#line 740 "util/configparser.y"
	2837	case 176:
	2838
	2839	/* Line 1455 of yacc.c */
	2840	#line 759 "util/configparser.y"
2802	2841	{
2803	2842	OUTYY(("P(server_private_domain:%s)\n", (yyvsp[(2) - (2)].str)));
2804	2843	if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[(2) - (2)].str)))

2806	2845	}
2807	2846	break;
2808	2847
2809		case 173:
2810
2811		/* Line 1455 of yacc.c */
2812		#line 747 "util/configparser.y"
	2848	case 177:
	2849
	2850	/* Line 1455 of yacc.c */
	2851	#line 766 "util/configparser.y"
2813	2852	{
2814	2853	OUTYY(("P(server_prefetch:%s)\n", (yyvsp[(2) - (2)].str)));
2815	2854	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2819	2858	}
2820	2859	break;
2821	2860
2822		case 174:
2823
2824		/* Line 1455 of yacc.c */
2825		#line 756 "util/configparser.y"
	2861	case 178:
	2862
	2863	/* Line 1455 of yacc.c */
	2864	#line 775 "util/configparser.y"
2826	2865	{
2827	2866	OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[(2) - (2)].str)));
2828	2867	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2832	2871	}
2833	2872	break;
2834	2873
2835		case 175:
2836
2837		/* Line 1455 of yacc.c */
2838		#line 765 "util/configparser.y"
	2874	case 179:
	2875
	2876	/* Line 1455 of yacc.c */
	2877	#line 784 "util/configparser.y"
2839	2878	{
2840	2879	OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[(2) - (2)].str)));
2841	2880	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2845	2884	}
2846	2885	break;
2847	2886
2848		case 176:
2849
2850		/* Line 1455 of yacc.c */
2851		#line 774 "util/configparser.y"
	2887	case 180:
	2888
	2889	/* Line 1455 of yacc.c */
	2890	#line 793 "util/configparser.y"
2852	2891	{
2853	2892	OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[(2) - (2)].str)));
2854	2893	if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[(2) - (2)].str)))

2856	2895	}
2857	2896	break;
2858	2897
2859		case 177:
2860
2861		/* Line 1455 of yacc.c */
2862		#line 781 "util/configparser.y"
	2898	case 181:
	2899
	2900	/* Line 1455 of yacc.c */
	2901	#line 800 "util/configparser.y"
2863	2902	{
2864	2903	OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[(2) - (2)].str)));
2865	2904	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2870	2909	}
2871	2910	break;
2872	2911
2873		case 178:
2874
2875		/* Line 1455 of yacc.c */
2876		#line 791 "util/configparser.y"
	2912	case 182:
	2913
	2914	/* Line 1455 of yacc.c */
	2915	#line 810 "util/configparser.y"
2877	2916	{
2878	2917	OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str)));
2879	2918	if(strcmp((yyvsp[(3) - (3)].str), "deny")!=0 && strcmp((yyvsp[(3) - (3)].str), "refuse")!=0 &&

2888	2927	}
2889	2928	break;
2890	2929
2891		case 179:
2892
2893		/* Line 1455 of yacc.c */
2894		#line 805 "util/configparser.y"
	2930	case 183:
	2931
	2932	/* Line 1455 of yacc.c */
	2933	#line 824 "util/configparser.y"
2895	2934	{
2896	2935	OUTYY(("P(server_module_conf:%s)\n", (yyvsp[(2) - (2)].str)));
2897	2936	free(cfg_parser->cfg->module_conf);

2899	2938	}
2900	2939	break;
2901	2940
2902		case 180:
2903
2904		/* Line 1455 of yacc.c */
2905		#line 812 "util/configparser.y"
	2941	case 184:
	2942
	2943	/* Line 1455 of yacc.c */
	2944	#line 831 "util/configparser.y"
2906	2945	{
2907	2946	OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[(2) - (2)].str)));
2908	2947	if(strlen((yyvsp[(2) - (2)].str)) == 0 \|\| strcmp((yyvsp[(2) - (2)].str), "0") == 0) {

2921	2960	}
2922	2961	break;
2923	2962
2924		case 181:
2925
2926		/* Line 1455 of yacc.c */
2927		#line 830 "util/configparser.y"
	2963	case 185:
	2964
	2965	/* Line 1455 of yacc.c */
	2966	#line 849 "util/configparser.y"
2928	2967	{
2929	2968	OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[(2) - (2)].str)));
2930	2969	if(strlen((yyvsp[(2) - (2)].str)) == 0 \|\| strcmp((yyvsp[(2) - (2)].str), "0") == 0) {

2938	2977	}
2939	2978	break;
2940	2979
2941		case 182:
2942
2943		/* Line 1455 of yacc.c */
2944		#line 843 "util/configparser.y"
	2980	case 186:
	2981
	2982	/* Line 1455 of yacc.c */
	2983	#line 862 "util/configparser.y"
2945	2984	{
2946	2985	OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[(2) - (2)].str)));
2947	2986	if(strlen((yyvsp[(2) - (2)].str)) == 0 \|\| strcmp((yyvsp[(2) - (2)].str), "0") == 0) {

2955	2994	}
2956	2995	break;
2957	2996
2958		case 183:
2959
2960		/* Line 1455 of yacc.c */
2961		#line 856 "util/configparser.y"
	2997	case 187:
	2998
	2999	/* Line 1455 of yacc.c */
	3000	#line 875 "util/configparser.y"
2962	3001	{
2963	3002	OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2964	3003	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2968	3007	}
2969	3008	break;
2970	3009
2971		case 184:
2972
2973		/* Line 1455 of yacc.c */
2974		#line 865 "util/configparser.y"
	3010	case 188:
	3011
	3012	/* Line 1455 of yacc.c */
	3013	#line 884 "util/configparser.y"
2975	3014	{
2976	3015	OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2977	3016	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2981	3020	}
2982	3021	break;
2983	3022
2984		case 185:
2985
2986		/* Line 1455 of yacc.c */
2987		#line 874 "util/configparser.y"
	3023	case 189:
	3024
	3025	/* Line 1455 of yacc.c */
	3026	#line 893 "util/configparser.y"
2988	3027	{
2989	3028	OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2990	3029	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2994	3033	}
2995	3034	break;
2996	3035
2997		case 186:
2998
2999		/* Line 1455 of yacc.c */
3000		#line 883 "util/configparser.y"
	3036	case 190:
	3037
	3038	/* Line 1455 of yacc.c */
	3039	#line 902 "util/configparser.y"
3001	3040	{
3002	3041	OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[(2) - (2)].str)));
3003	3042	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

3008	3047	}
3009	3048	break;
3010	3049
3011		case 187:
3012
3013		/* Line 1455 of yacc.c */
3014		#line 893 "util/configparser.y"
	3050	case 191:
	3051
	3052	/* Line 1455 of yacc.c */
	3053	#line 912 "util/configparser.y"
3015	3054	{
3016	3055	OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[(2) - (2)].str)));
3017	3056	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

3022	3061	}
3023	3062	break;
3024	3063
3025		case 188:
3026
3027		/* Line 1455 of yacc.c */
3028		#line 903 "util/configparser.y"
	3064	case 192:
	3065
	3066	/* Line 1455 of yacc.c */
	3067	#line 922 "util/configparser.y"
3029	3068	{
3030	3069	OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[(2) - (2)].str)));
3031	3070	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

3035	3074	}
3036	3075	break;
3037	3076
3038		case 189:
3039
3040		/* Line 1455 of yacc.c */
3041		#line 912 "util/configparser.y"
	3077	case 193:
	3078
	3079	/* Line 1455 of yacc.c */
	3080	#line 931 "util/configparser.y"
3042	3081	{
3043	3082	OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[(2) - (2)].str)));
3044	3083	free(cfg_parser->cfg->val_nsec3_key_iterations);

3046	3085	}
3047	3086	break;
3048	3087
3049		case 190:
3050
3051		/* Line 1455 of yacc.c */
3052		#line 919 "util/configparser.y"
	3088	case 194:
	3089
	3090	/* Line 1455 of yacc.c */
	3091	#line 938 "util/configparser.y"
3053	3092	{
3054	3093	OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[(2) - (2)].str)));
3055	3094	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

3059	3098	}
3060	3099	break;
3061	3100
3062		case 191:
3063
3064		/* Line 1455 of yacc.c */
3065		#line 928 "util/configparser.y"
	3101	case 195:
	3102
	3103	/* Line 1455 of yacc.c */
	3104	#line 947 "util/configparser.y"
3066	3105	{
3067	3106	OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[(2) - (2)].str)));
3068	3107	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

3072	3111	}
3073	3112	break;
3074	3113
3075		case 192:
3076
3077		/* Line 1455 of yacc.c */
3078		#line 937 "util/configparser.y"
	3114	case 196:
	3115
	3116	/* Line 1455 of yacc.c */
	3117	#line 956 "util/configparser.y"
3079	3118	{
3080	3119	OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[(2) - (2)].str)));
3081	3120	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

3085	3124	}
3086	3125	break;
3087	3126
3088		case 193:
3089
3090		/* Line 1455 of yacc.c */
3091		#line 946 "util/configparser.y"
	3127	case 197:
	3128
	3129	/* Line 1455 of yacc.c */
	3130	#line 965 "util/configparser.y"
3092	3131	{
3093	3132	OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
3094	3133	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->key_cache_size))

3097	3136	}
3098	3137	break;
3099	3138
3100		case 194:
3101
3102		/* Line 1455 of yacc.c */
3103		#line 954 "util/configparser.y"
	3139	case 198:
	3140
	3141	/* Line 1455 of yacc.c */
	3142	#line 973 "util/configparser.y"
3104	3143	{
3105	3144	OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
3106	3145	if(atoi((yyvsp[(2) - (2)].str)) == 0)

3114	3153	}
3115	3154	break;
3116	3155
3117		case 195:
3118
3119		/* Line 1455 of yacc.c */
3120		#line 967 "util/configparser.y"
	3156	case 199:
	3157
	3158	/* Line 1455 of yacc.c */
	3159	#line 986 "util/configparser.y"
3121	3160	{
3122	3161	OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
3123	3162	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->neg_cache_size))

3126	3165	}
3127	3166	break;
3128	3167
3129		case 196:
3130
3131		/* Line 1455 of yacc.c */
3132		#line 975 "util/configparser.y"
	3168	case 200:
	3169
	3170	/* Line 1455 of yacc.c */
	3171	#line 994 "util/configparser.y"
3133	3172	{
3134	3173	OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str)));
3135	3174	if(strcmp((yyvsp[(3) - (3)].str), "static")!=0 && strcmp((yyvsp[(3) - (3)].str), "deny")!=0 &&
3136	3175	strcmp((yyvsp[(3) - (3)].str), "refuse")!=0 && strcmp((yyvsp[(3) - (3)].str), "redirect")!=0 &&
3137		strcmp((yyvsp[(3) - (3)].str), "transparent")!=0 && strcmp((yyvsp[(3) - (3)].str), "nodefault")!=0)
	3176	strcmp((yyvsp[(3) - (3)].str), "transparent")!=0 && strcmp((yyvsp[(3) - (3)].str), "nodefault")!=0
	3177	&& strcmp((yyvsp[(3) - (3)].str), "typetransparent")!=0)
3138	3178	yyerror("local-zone type: expected static, deny, "
3139		"refuse, redirect, transparent or nodefault");
	3179	"refuse, redirect, transparent, "
	3180	"typetransparent or nodefault");
3140	3181	else if(strcmp((yyvsp[(3) - (3)].str), "nodefault")==0) {
3141	3182	if(!cfg_strlist_insert(&cfg_parser->cfg->
3142	3183	local_zones_nodefault, (yyvsp[(2) - (3)].str)))

3150	3191	}
3151	3192	break;
3152	3193
3153		case 197:
3154
3155		/* Line 1455 of yacc.c */
3156		#line 995 "util/configparser.y"
	3194	case 201:
	3195
	3196	/* Line 1455 of yacc.c */
	3197	#line 1016 "util/configparser.y"
3157	3198	{
3158	3199	OUTYY(("P(server_local_data:%s)\n", (yyvsp[(2) - (2)].str)));
3159	3200	if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[(2) - (2)].str)))

3161	3202	}
3162	3203	break;
3163	3204
3164		case 198:
3165
3166		/* Line 1455 of yacc.c */
3167		#line 1002 "util/configparser.y"
	3205	case 202:
	3206
	3207	/* Line 1455 of yacc.c */
	3208	#line 1023 "util/configparser.y"
3168	3209	{
3169	3210	char* ptr;
3170	3211	OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[(2) - (2)].str)));

3180	3221	}
3181	3222	break;
3182	3223
3183		case 199:
3184
3185		/* Line 1455 of yacc.c */
3186		#line 1017 "util/configparser.y"
	3224	case 203:
	3225
	3226	/* Line 1455 of yacc.c */
	3227	#line 1038 "util/configparser.y"
3187	3228	{
3188	3229	OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str)));
3189	3230	free(cfg_parser->cfg->stubs->name);

3191	3232	}
3192	3233	break;
3193	3234
3194		case 200:
3195
3196		/* Line 1455 of yacc.c */
3197		#line 1024 "util/configparser.y"
	3235	case 204:
	3236
	3237	/* Line 1455 of yacc.c */
	3238	#line 1045 "util/configparser.y"
3198	3239	{
3199	3240	OUTYY(("P(stub-host:%s)\n", (yyvsp[(2) - (2)].str)));
3200	3241	if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[(2) - (2)].str)))

3202	3243	}
3203	3244	break;
3204	3245
3205		case 201:
3206
3207		/* Line 1455 of yacc.c */
3208		#line 1031 "util/configparser.y"
	3246	case 205:
	3247
	3248	/* Line 1455 of yacc.c */
	3249	#line 1052 "util/configparser.y"
3209	3250	{
3210	3251	OUTYY(("P(stub-addr:%s)\n", (yyvsp[(2) - (2)].str)));
3211	3252	if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[(2) - (2)].str)))

3213	3254	}
3214	3255	break;
3215	3256
3216		case 202:
3217
3218		/* Line 1455 of yacc.c */
3219		#line 1038 "util/configparser.y"
	3257	case 206:
	3258
	3259	/* Line 1455 of yacc.c */
	3260	#line 1059 "util/configparser.y"
3220	3261	{
3221	3262	OUTYY(("P(stub-prime:%s)\n", (yyvsp[(2) - (2)].str)));
3222	3263	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

3227	3268	}
3228	3269	break;
3229	3270
3230		case 203:
3231
3232		/* Line 1455 of yacc.c */
3233		#line 1048 "util/configparser.y"
	3271	case 207:
	3272
	3273	/* Line 1455 of yacc.c */
	3274	#line 1069 "util/configparser.y"
3234	3275	{
3235	3276	OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str)));
3236	3277	free(cfg_parser->cfg->forwards->name);

3238	3279	}
3239	3280	break;
3240	3281
3241		case 204:
3242
3243		/* Line 1455 of yacc.c */
3244		#line 1055 "util/configparser.y"
	3282	case 208:
	3283
	3284	/* Line 1455 of yacc.c */
	3285	#line 1076 "util/configparser.y"
3245	3286	{
3246	3287	OUTYY(("P(forward-host:%s)\n", (yyvsp[(2) - (2)].str)));
3247	3288	if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[(2) - (2)].str)))

3249	3290	}
3250	3291	break;
3251	3292
3252		case 205:
3253
3254		/* Line 1455 of yacc.c */
3255		#line 1062 "util/configparser.y"
	3293	case 209:
	3294
	3295	/* Line 1455 of yacc.c */
	3296	#line 1083 "util/configparser.y"
3256	3297	{
3257	3298	OUTYY(("P(forward-addr:%s)\n", (yyvsp[(2) - (2)].str)));
3258	3299	if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[(2) - (2)].str)))

3260	3301	}
3261	3302	break;
3262	3303
3263		case 206:
3264
3265		/* Line 1455 of yacc.c */
3266		#line 1069 "util/configparser.y"
	3304	case 210:
	3305
	3306	/* Line 1455 of yacc.c */
	3307	#line 1090 "util/configparser.y"
3267	3308	{
3268	3309	OUTYY(("\nP(remote-control:)\n"));
3269	3310	}
3270	3311	break;
3271	3312
3272		case 216:
3273
3274		/* Line 1455 of yacc.c */
3275		#line 1080 "util/configparser.y"
	3313	case 220:
	3314
	3315	/* Line 1455 of yacc.c */
	3316	#line 1101 "util/configparser.y"
3276	3317	{
3277	3318	OUTYY(("P(control_enable:%s)\n", (yyvsp[(2) - (2)].str)));
3278	3319	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

3283	3324	}
3284	3325	break;
3285	3326
3286		case 217:
3287
3288		/* Line 1455 of yacc.c */
3289		#line 1090 "util/configparser.y"
	3327	case 221:
	3328
	3329	/* Line 1455 of yacc.c */
	3330	#line 1111 "util/configparser.y"
3290	3331	{
3291	3332	OUTYY(("P(control_port:%s)\n", (yyvsp[(2) - (2)].str)));
3292	3333	if(atoi((yyvsp[(2) - (2)].str)) == 0)

3296	3337	}
3297	3338	break;
3298	3339
3299		case 218:
3300
3301		/* Line 1455 of yacc.c */
3302		#line 1099 "util/configparser.y"
	3340	case 222:
	3341
	3342	/* Line 1455 of yacc.c */
	3343	#line 1120 "util/configparser.y"
3303	3344	{
3304	3345	OUTYY(("P(control_interface:%s)\n", (yyvsp[(2) - (2)].str)));
3305	3346	if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[(2) - (2)].str)))

3307	3348	}
3308	3349	break;
3309	3350
3310		case 219:
3311
3312		/* Line 1455 of yacc.c */
3313		#line 1106 "util/configparser.y"
	3351	case 223:
	3352
	3353	/* Line 1455 of yacc.c */
	3354	#line 1127 "util/configparser.y"
3314	3355	{
3315	3356	OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[(2) - (2)].str)));
3316	3357	free(cfg_parser->cfg->server_key_file);

3318	3359	}
3319	3360	break;
3320	3361
3321		case 220:
3322
3323		/* Line 1455 of yacc.c */
3324		#line 1113 "util/configparser.y"
	3362	case 224:
	3363
	3364	/* Line 1455 of yacc.c */
	3365	#line 1134 "util/configparser.y"
3325	3366	{
3326	3367	OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[(2) - (2)].str)));
3327	3368	free(cfg_parser->cfg->server_cert_file);

3329	3370	}
3330	3371	break;
3331	3372
3332		case 221:
3333
3334		/* Line 1455 of yacc.c */
3335		#line 1120 "util/configparser.y"
	3373	case 225:
	3374
	3375	/* Line 1455 of yacc.c */
	3376	#line 1141 "util/configparser.y"
3336	3377	{
3337	3378	OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[(2) - (2)].str)));
3338	3379	free(cfg_parser->cfg->control_key_file);

3340	3381	}
3341	3382	break;
3342	3383
3343		case 222:
3344
3345		/* Line 1455 of yacc.c */
3346		#line 1127 "util/configparser.y"
	3384	case 226:
	3385
	3386	/* Line 1455 of yacc.c */
	3387	#line 1148 "util/configparser.y"
3347	3388	{
3348	3389	OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[(2) - (2)].str)));
3349	3390	free(cfg_parser->cfg->control_cert_file);

3351	3392	}
3352	3393	break;
3353	3394
3354		case 223:
3355
3356		/* Line 1455 of yacc.c */
3357		#line 1134 "util/configparser.y"
	3395	case 227:
	3396
	3397	/* Line 1455 of yacc.c */
	3398	#line 1155 "util/configparser.y"
3358	3399	{
3359	3400	OUTYY(("\nP(python:)\n"));
3360	3401	}
3361	3402	break;
3362	3403
3363		case 227:
3364
3365		/* Line 1455 of yacc.c */
3366		#line 1143 "util/configparser.y"
	3404	case 231:
	3405
	3406	/* Line 1455 of yacc.c */
	3407	#line 1164 "util/configparser.y"
3367	3408	{
3368	3409	OUTYY(("P(python-script:%s)\n", (yyvsp[(2) - (2)].str)));
3369	3410	free(cfg_parser->cfg->python_script);

3374	3415
3375	3416
3376	3417	/* Line 1455 of yacc.c */
3377		#line 3379 "util/configparser.c"
	3418	#line 3420 "util/configparser.c"
3378	3419	default: break;
3379	3420	}
3380	3421	YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);

3586	3627
3587	3628
3588	3629	/* Line 1675 of yacc.c */
3589		#line 1148 "util/configparser.y"
	3630	#line 1169 "util/configparser.y"
3590	3631
3591	3632
3592	3633	/* parse helper routines could be here */

-2

util/configparser.h less more

151	151	VAR_SO_RCVBUF = 368,
152	152	VAR_EDNS_BUFFER_SIZE = 369,
153	153	VAR_PREFETCH = 370,
154		VAR_PREFETCH_KEY = 371
	154	VAR_PREFETCH_KEY = 371,
	155	VAR_SO_SNDBUF = 372,
	156	VAR_HARDEN_BELOW_NXDOMAIN = 373
155	157	};
156	158	#endif
157	159	/* Tokens. */

269	271	#define VAR_EDNS_BUFFER_SIZE 369
270	272	#define VAR_PREFETCH 370
271	273	#define VAR_PREFETCH_KEY 371
	274	#define VAR_SO_SNDBUF 372
	275	#define VAR_HARDEN_BELOW_NXDOMAIN 373
272	276
273	277
274	278

285	289
286	290
287	291	/* Line 1676 of yacc.c */
288		#line 290 "util/configparser.h"
	292	#line 294 "util/configparser.h"
289	293	} YYSTYPE;
290	294	# define YYSTYPE_IS_TRIVIAL 1
291	295	# define yystype YYSTYPE /* obsolescent; will be withdrawn */

+26

-5

util/configparser.y less more

100	100	%token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
101	101	%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
102	102	%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
103		%token VAR_PREFETCH_KEY
	103	%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_HARDEN_BELOW_NXDOMAIN
104	104
105	105	%%
106	106	toplevelvars: /* empty */ \| toplevelvars toplevelvar ;

153	153	server_val_sig_skew_max \| server_cache_min_ttl \| server_val_log_level \|
154	154	server_auto_trust_anchor_file \| server_add_holddown \|
155	155	server_del_holddown \| server_keep_missing \| server_so_rcvbuf \|
156		server_edns_buffer_size \| server_prefetch \| server_prefetch_key
	156	server_edns_buffer_size \| server_prefetch \| server_prefetch_key \|
	157	server_so_sndbuf \| server_harden_below_nxdomain
157	158	;
158	159	stubstart: VAR_STUB_ZONE
159	160	{

523	524	server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
524	525	{
525	526	OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
526		if(!cfg_parse_memsize($2, &cfg_parser->cfg->socket_rcvbuf))
	527	if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
	528	yyerror("buffer size expected");
	529	free($2);
	530	}
	531	;
	532	server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
	533	{
	534	OUTYY(("P(server_so_sndbuf:%s)\n", $2));
	535	if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
527	536	yyerror("buffer size expected");
528	537	free($2);
529	538	}

704	713	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
705	714	yyerror("expected yes or no.");
706	715	else cfg_parser->cfg->harden_dnssec_stripped =
	716	(strcmp($2, "yes")==0);
	717	free($2);
	718	}
	719	;
	720	server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
	721	{
	722	OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
	723	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
	724	yyerror("expected yes or no.");
	725	else cfg_parser->cfg->harden_below_nxdomain =
707	726	(strcmp($2, "yes")==0);
708	727	free($2);
709	728	}

975	994	OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
976	995	if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
977	996	strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
978		strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0)
	997	strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
	998	&& strcmp($3, "typetransparent")!=0)
979	999	yyerror("local-zone type: expected static, deny, "
980		"refuse, redirect, transparent or nodefault");
	1000	"refuse, redirect, transparent, "
	1001	"typetransparent or nodefault");
981	1002	else if(strcmp($3, "nodefault")==0) {
982	1003	if(!cfg_strlist_insert(&cfg_parser->cfg->
983	1004	local_zones_nodefault, $2))

-0

util/data/dname.h less more

256	256	* Count labels for the RRSIG signature label field.
257	257	* Like a normal labelcount, but "*" wildcard and "." root are not counted.
258	258	* @param dname: valid uncompressed wireformat.
	259	* @return number of labels like in RRSIG; '*' and '.' are not counted.
259	260	*/
260	261	int dname_signame_label_count(uint8_t* dname);
261	262

-2

util/data/msgparse.c less more

902	902	if((ret = parse_section(pkt, msg, region, LDNS_SECTION_AUTHORITY,
903	903	msg->nscount, &msg->ns_rrsets)) != 0)
904	904	return ret;
905		if((ret = parse_section(pkt, msg, region, LDNS_SECTION_ADDITIONAL,
906		msg->arcount, &msg->ar_rrsets)) != 0)
	905	if(ldns_buffer_remaining(pkt) == 0 && msg->arcount == 1) {
	906	/* BIND accepts leniently that an EDNS record is missing.
	907	* so, we do too. */
	908	} else if((ret = parse_section(pkt, msg, region,
	909	LDNS_SECTION_ADDITIONAL, msg->arcount, &msg->ar_rrsets)) != 0)
907	910	return ret;
908	911	/* if(ldns_buffer_remaining(pkt) > 0) { */
909	912	/* there is spurious data at end of packet. ignore */

-12

util/data/msgreply.c less more

515	515	return 1;
516	516	}
517	517
518		int
519		query_info_allocqname(struct query_info* m)
520		{
521		uint8_t* q = m->qname;
522		if(!(m->qname = (uint8_t*)malloc(m->qname_len))) {
523		log_err("query_info_allocqname: out of memory");
524		return 0; /* out of memory */
525		}
526		memcpy(m->qname, q, m->qname_len);
527		return 1;
528		}
529
530	518	/** tiny subroutine for msgreply_compare */
531	519	#define COMPARE_IT(x, y) \
532	520	if( (x) < (y) ) return -1; \

-7

util/data/msgreply.h less more

263	263	void reply_info_parsedelete(struct reply_info* rep, struct alloc_cache* alloc);
264	264
265	265	/**
266		* Allocate and copy the qname (obtained from query_info_parse()).
267		* @param m: the queryinfo structure.
268		* @return: 0 on alloc failure.
269		*/
270		int query_info_allocqname(struct query_info* m);
271
272		/**
273	266	* Compare two queryinfo structures, on query and type, class.
274	267	* It is _not_ sorted in canonical ordering.
275	268	* @param m1: struct query_info* , void* here to ease use as function pointer.

-10

util/fptr_wlist.c less more

244	244	return 0;
245	245	}
246	246
247		int
248		fptr_whitelist_modenv_send_packet(int (fptr)(ldns_buffer pkt,
249		struct sockaddr_storage* addr, socklen_t addrlen, int timeout,
250		struct module_qstate* q, int use_tcp))
251		{
252		if(fptr == &worker_send_packet) return 1;
253		else if(fptr == &libworker_send_packet) return 1;
254		return 0;
255		}
256
257	247	/** whitelist env->send_query callbacks */
258	248	int
259	249	fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)(

-10

util/fptr_wlist.h less more

183	183	int fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_t fptr);
184	184
185	185	/**
186		* Check function pointer whitelist for module_env send_packet callback values.
187		*
188		* @param fptr: function pointer to check.
189		* @return false if not in whitelist.
190		*/
191		int fptr_whitelist_modenv_send_packet(int (fptr)(ldns_buffer pkt,
192		struct sockaddr_storage* addr, socklen_t addrlen, int timeout,
193		struct module_qstate* q, int use_tcp));
194
195		/**
196	186	* Check function pointer whitelist for module_env send_query callback values.
197	187	*
198	188	* @param fptr: function pointer to check.

+26

-4

util/iana_ports.inc less more

3176	3176	3562,
3177	3177	3563,
3178	3178	3564,
3179		3566,
3180	3179	3567,
3181	3180	3568,
3182	3181	3569,

3843	3842	4404,
3844	3843	4405,
3845	3844	4406,
	3845	4425,
3846	3846	4426,
3847	3847	4430,
3848	3848	4441,

3864	3864	4457,
3865	3865	4458,
3866	3866	4484,
	3867	4486,
	3868	4488,
3867	3869	4500,
3868	3870	4535,
3869	3871	4536,

3936	3938	4700,
3937	3939	4701,
3938	3940	4702,
	3941	4725,
	3942	4726,
	3943	4727,
3939	3944	4728,
3940	3945	4729,
3941	3946	4730,

4073	4078	5100,
4074	4079	5101,
4075	4080	5102,
	4081	5104,
	4082	5105,
4076	4083	5111,
4077	4084	5112,
4078		5113,
4079	4085	5116,
4080	4086	5133,
4081	4087	5136,

4099	4105	5201,
4100	4106	5202,
4101	4107	5203,
4102		5222,
4103	4108	5223,
4104	4109	5224,
4105	4110	5225,

4119	4124	5252,
4120	4125	5264,
4121	4126	5265,
4122		5269,
4123	4127	5270,
4124	4128	5271,
4125	4129	5272,

4381	4385	6300,
4382	4386	6301,
4383	4387	6306,
	4388	6315,
4384	4389	6316,
4385	4390	6320,
4386	4391	6321,

4450	4455	6626,
4451	4456	6627,
4452	4457	6628,
	4458	6657,
4453	4459	6669,
4454	4460	6670,
4455	4461	6671,
4456	4462	6672,
4457	4463	6673,
4458	4464	6689,
	4465	6697,
4459	4466	6701,
4460	4467	6702,
4461	4468	6703,

4611	4618	7727,
4612	4619	7734,
4613	4620	7738,
	4621	7741,
4614	4622	7743,
4615	4623	7744,
4616	4624	7747,

4642	4650	7967,
4643	4651	7979,
4644	4652	7980,
	4653	7982,
4645	4654	7998,
4646	4655	7999,
4647	4656	8000,

4659	4668	8032,
4660	4669	8033,
4661	4670	8034,
	4671	8040,
4662	4672	8052,
4663	4673	8053,
4664	4674	8054,

4842	4852	9283,
4843	4853	9284,
4844	4854	9285,
	4855	9286,
4845	4856	9287,
4846	4857	9292,
4847	4858	9293,

4960	4971	10544,
4961	4972	10800,
4962	4973	10805,
	4974	10810,
4963	4975	10860,
4964	4976	10990,
4965	4977	11000,

4972	4984	11163,
4973	4985	11164,
4974	4986	11165,
	4987	11171,
4975	4988	11201,
4976	4989	11208,
4977	4990	11211,

4983	4996	11600,
4984	4997	11720,
4985	4998	11751,
	4999	11876,
	5000	11877,
4986	5001	11967,
4987	5002	12000,
4988	5003	12001,

5043	5058	15555,
5044	5059	15660,
5045	5060	15740,
	5061	15998,
	5062	16003,
5046	5063	16161,
5047	5064	16309,
5048	5065	16310,

5103	5120	20002,
5104	5121	20003,
5105	5122	20005,
	5123	20012,
5106	5124	20014,
5107	5125	20034,
5108	5126	20046,
	5127	20048,
5109	5128	20049,
5110	5129	20167,
5111	5130	20202,

5203	5222	30002,
5204	5223	30260,
5205	5224	30999,
	5225	31029,
5206	5226	31416,
5207	5227	31457,
5208	5228	31620,

5250	5270	40841,
5251	5271	40842,
5252	5272	40843,
	5273	40853,
5253	5274	41111,
5254	5275	41794,
5255	5276	41795,

5263	5284	43441,
5264	5285	44321,
5265	5286	44322,
	5287	44323,
5266	5288	44553,
5267	5289	44818,
5268	5290	45054,

-18

util/module.h less more

81	81	struct key_cache* key_cache;
82	82
83	83	/* --- services --- */
84		/**
85		* Direct access to the network, this packet gets sent to destination.
86		* Send DNS query to server. operate() should return with wait_reply.
87		* Later on a callback will cause operate() to be called with event
88		* timeout or reply. Replied packet is then in the query buffer.
89		* @param pkt: packet to send.
90		* @param addr: where to.
91		* @param addrlen: length of addr.
92		* @param timeout: seconds to wait until timeout.
93		* @param q: wich query state to reactivate upon return.
94		* @param use_tcp: set to true to send over TCP. 0 for UDP.
95		* @return: false on failure (memory or socket related). no query was
96		* sent.
97		*/
98		int (send_packet)(ldns_buffer pkt, struct sockaddr_storage* addr,
99		socklen_t addrlen, int timeout, struct module_qstate* q,
100		int use_tcp);
101
102	84	/**
103	85	* Send serviced DNS query to server. UDP/TCP and EDNS is handled.
104	86	* operate() should return with wait_reply. Later on a callback

+15

-24

util/net_help.c less more

60	60	}
61	61
62	62	int
63		write_socket(int s, const void *buf, size_t size)
64		{
65		const char* data = (const char*)buf;
66		size_t total_count = 0;
67
68		fd_set_block(s);
69		while (total_count < size) {
70		ssize_t count
71		= write(s, data + total_count, size - total_count);
72		if (count == -1) {
73		if (errno != EAGAIN && errno != EINTR) {
74		fd_set_nonblock(s);
75		return 0;
76		} else {
77		continue;
78		}
79		}
80		total_count += count;
81		}
82		fd_set_nonblock(s);
83		return 1;
84		}
85
86		int
87	63	fd_set_nonblock(int s)
88	64	{
89	65	#ifdef HAVE_FCNTL

501	477	&& memcmp(sinaddr, "\377\377\377\377", 4) == 0;
502	478	}
503	479
	480	int addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen)
	481	{
	482	int af = (int)((struct sockaddr_in*)addr)->sin_family;
	483	void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr;
	484	void* sin6addr = &((struct sockaddr_in6*)addr)->sin6_addr;
	485	if(af == AF_INET && addrlen>=(socklen_t)sizeof(struct sockaddr_in)
	486	&& memcmp(sinaddr, "\000\000\000\000", 4) == 0)
	487	return 1;
	488	else if(af==AF_INET6 && addrlen>=(socklen_t)sizeof(struct sockaddr_in6)
	489	&& memcmp(sin6addr, "\000\000\000\000\000\000\000\000"
	490	"\000\000\000\000\000\000\000\000", 16) == 0)
	491	return 1;
	492	return 0;
	493	}
	494
504	495	void sock_list_insert(struct sock_list** list, struct sockaddr_storage* addr,
505	496	socklen_t len, struct regional* region)
506	497	{

+10

-12

util/net_help.h less more

100	100	int str_is_ip6(const char* str);
101	101
102	102	/**
103		* Write (blocking) to a nonblocking socket.
104		* @param s: fd. Is set to be nonblocking at exit.
105		* @param buf: data buffer.
106		* @param size: length of data to send.
107		* @return: 0 on error. errno is set.
108		*/
109		int
110		write_socket(int s, const void *buf, size_t size);
111
112		/**
113	103	* Set fd nonblocking.
114	104	* @param s: file descriptor.
115	105	* @return: 0 on error (error is printed to log).

232	222	* Checkout address family.
233	223	* @param addr: the sockaddr to examine.
234	224	* @param len: the length of addr.
235		* return: true if sockaddr is ip6.
	225	* @return: true if sockaddr is ip6.
236	226	*/
237	227	int addr_is_ip6(struct sockaddr_storage* addr, socklen_t len);
238	228

271	261	char* buf, size_t len);
272	262
273	263	/**
274		* See if sockaddr is an ipv6 mapped ipv4 address, ::ffff:0.0.0.0
	264	* See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0"
275	265	* @param addr: address
276	266	* @param addrlen: length of address
277	267	* @return true if so

285	275	* @return true if so
286	276	*/
287	277	int addr_is_broadcast(struct sockaddr_storage* addr, socklen_t addrlen);
	278
	279	/**
	280	* See if sockaddr is 0.0.0.0 or ::0.
	281	* @param addr: address
	282	* @param addrlen: length of address
	283	* @return true if so
	284	*/
	285	int addr_is_any(struct sockaddr_storage* addr, socklen_t addrlen);
288	286
289	287	/**
290	288	* Insert new socket list item. If fails logs error.

+61

-70

util/netevent.c less more

175	175	/* use mini event time-sharing feature */
176	176	b->eb->base = event_init(&b->eb->secs, &b->eb->now);
177	177	#else
178		# ifdef HAVE_EV_LOOP
	178	# if defined(HAVE_EV_LOOP) \|\| defined(HAVE_EV_DEFAULT_LOOP)
179	179	/* libev */
180	180	if(sigs)
181	181	b->eb->base=(struct event_base *)ev_default_loop(EVFLAG_AUTO);

199	199	/* avoid event_get_method call which causes crashes even when
200	200	* not printing, because its result is passed */
201	201	verbose(VERB_ALGO,
202		#ifdef HAVE_EV_LOOP
	202	#if defined(HAVE_EV_LOOP) \|\| defined(HAVE_EV_DEFAULT_LOOP)
203	203	"libev"
204	204	#elif defined(USE_MINI_EVENT)
205	205	"event "

265	265	return b->eb->base;
266	266	}
267	267
	268	/** see if errno for udp has to be logged or not uses globals */
	269	static int
	270	udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen)
	271	{
	272	/* do not log transient errors (unless high verbosity) */
	273	#if defined(ENETUNREACH) \|\| defined(EHOSTDOWN) \|\| defined(EHOSTUNREACH) \|\| defined(ENETDOWN)
	274	switch(errno) {
	275	# ifdef ENETUNREACH
	276	case ENETUNREACH:
	277	# endif
	278	# ifdef EHOSTDOWN
	279	case EHOSTDOWN:
	280	# endif
	281	# ifdef EHOSTUNREACH
	282	case EHOSTUNREACH:
	283	# endif
	284	# ifdef ENETDOWN
	285	case ENETDOWN:
	286	# endif
	287	if(verbosity < VERB_ALGO)
	288	return 0;
	289	default:
	290	break;
	291	}
	292	#endif
	293	/* squelch errors where people deploy AAAA ::ffff:bla for
	294	* authority servers, which we try for intranets. */
	295	if(errno == EINVAL && addr_is_ip4mapped(
	296	(struct sockaddr_storage*)addr, addrlen) &&
	297	verbosity < VERB_DETAIL)
	298	return 0;
	299	/* SO_BROADCAST sockopt can give access to 255.255.255.255,
	300	* but a dns cache does not need it. */
	301	if(errno == EACCES && addr_is_broadcast(
	302	(struct sockaddr_storage*)addr, addrlen) &&
	303	verbosity < VERB_DETAIL)
	304	return 0;
	305	return 1;
	306	}
	307
268	308	/* send a UDP reply */
269	309	int
270	310	comm_point_send_udp_msg(struct comm_point c, ldns_buffer packet,

281	321	ldns_buffer_remaining(packet), 0,
282	322	addr, addrlen);
283	323	if(sent == -1) {
284		/* do not log transient errors (unless high verbosity) */
285		#if defined(ENETUNREACH) \|\| defined(EHOSTDOWN) \|\| defined(EHOSTUNREACH) \|\| defined(ENETDOWN)
286		switch(errno) {
287		# ifdef ENETUNREACH
288		case ENETUNREACH:
289		# endif
290		# ifdef EHOSTDOWN
291		case EHOSTDOWN:
292		# endif
293		# ifdef EHOSTUNREACH
294		case EHOSTUNREACH:
295		# endif
296		# ifdef ENETDOWN
297		case ENETDOWN:
298		# endif
299		if(verbosity < VERB_ALGO)
300		return 0;
301		default:
302		break;
303		}
304		#endif
305		/* squelch errors where people deploy AAAA ::ffff:bla for
306		* authority servers, which we try for intranets. */
307		if(errno == EINVAL && addr_is_ip4mapped(
308		(struct sockaddr_storage*)addr, addrlen) &&
309		verbosity < VERB_DETAIL)
310		return 0;
311		/* SO_BROADCAST sockopt can give access to 255.255.255.255,
312		* but a dns cache does not need it. */
313		if(errno == EACCES && addr_is_broadcast(
314		(struct sockaddr_storage*)addr, addrlen) &&
315		verbosity < VERB_DETAIL)
	324	if(!udp_send_errno_needs_log(addr, addrlen))
316	325	return 0;
317	326	#ifndef USE_WINSOCK
318	327	verbose(VERB_OPS, "sendto failed: %s", strerror(errno));

331	340	return 1;
332	341	}
333	342
	343	#if defined(AF_INET6) && defined(IPV6_PKTINFO) && (defined(HAVE_RECVMSG) \|\| defined(HAVE_SENDMSG))
334	344	/** print debug ancillary info */
335	345	static void p_ancil(const char* str, struct comm_reply* r)
336	346	{
337		#if defined(AF_INET6) && defined(IPV6_PKTINFO) && (defined(HAVE_RECVMSG) \|\| defined(HAVE_SENDMSG))
338	347	if(r->srctype != 4 && r->srctype != 6) {
339	348	log_info("%s: unknown srctype %d", str, r->srctype);
340	349	return;

370	379	}
371	380	buf1[sizeof(buf1)-1]=0;
372	381	log_info("%s: %s", str, buf1);
373		#endif
374		}
375		#else
376		(void)str;
377		(void)r;
378		#endif
379		}
	382	#endif /* IP_PKTINFO or PI_RECVDSTDADDR */
	383	}
	384	}
	385	#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG\|\|HAVE_SENDMSG */
380	386
381	387	/** send a UDP reply over specified interface*/
382	388	static int

430	436	#else
431	437	verbose(VERB_ALGO, "no IP_PKTINFO or IP_SENDSRCADDR");
432	438	msg.msg_control = NULL;
433		#endif
	439	#endif /* IP_PKTINFO or IP_SENDSRCADDR */
434	440	} else if(r->srctype == 6) {
435	441	msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
436	442	log_assert(msg.msg_controllen <= sizeof(control));

453	459	p_ancil("send_udp over interface", r);
454	460	sent = sendmsg(c->fd, &msg, 0);
455	461	if(sent == -1) {
	462	if(!udp_send_errno_needs_log(addr, addrlen))
	463	return 0;
456	464	verbose(VERB_OPS, "sendmsg failed: %s", strerror(errno));
457	465	log_addr(VERB_OPS, "remote address is",
458	466	(struct sockaddr_storage*)addr, addrlen);

471	479	(void)r;
472	480	log_err("sendmsg: IPV6_PKTINFO not supported");
473	481	return 0;
474		#endif
	482	#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_SENDMSG */
475	483	}
476	484
477	485	void

545	553	memmove(&rep.pktinfo.v4addr, CMSG_DATA(cmsg),
546	554	sizeof(struct in_addr));
547	555	break;
548		#endif
	556	#endif /* IP_PKTINFO or IP_RECVDSTADDR */
549	557	}
550	558	}
551	559	if(verbosity >= VERB_ALGO)

566	574	(void)arg;
567	575	fatal_exit("recvmsg: No support for IPV6_PKTINFO. "
568	576	"Please disable interface-automatic");
569		#endif
	577	#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG */
570	578	}
571	579
572	580	void

882	890	if(error == EINPROGRESS \|\| error == EWOULDBLOCK)
883	891	return 1; /* try again later */
884	892	#endif
885		#ifdef ECONNREFUSED
886		else if(error == ECONNREFUSED && verbosity < 2)
887		return 0; /* silence 'connection refused' */
888		#endif
889		#ifdef EHOSTUNREACH
890		else if(error == EHOSTUNREACH && verbosity < 2)
891		return 0; /* silence 'no route to host' */
892		#endif
893		#ifdef EHOSTDOWN
894		else if(error == EHOSTDOWN && verbosity < 2)
895		return 0; /* silence 'host is down' */
896		#endif
897		#ifdef ETIMEDOUT
898		else if(error == ETIMEDOUT && verbosity < 2)
899		return 0; /* silence 'connection timed out' */
900		#endif
	893	else if(error != 0 && verbosity < 2)
	894	return 0; /* silence lots of chatter in the logs */
901	895	else if(error != 0) {
902	896	log_err("tcp connect: %s", strerror(error));
903	897	#else /* USE_WINSOCK */

907	901	else if(error == WSAEWOULDBLOCK) {
908	902	winsock_tcp_wouldblock(&c->ev->ev, EV_WRITE);
909	903	return 1;
910		} else if(error == WSAECONNREFUSED \|\| error == WSAEHOSTUNREACH)
	904	} else if(error != 0 && verbosity < 2)
911	905	return 0;
912	906	else if(error != 0) {
913	907	log_err("tcp connect: %s", wsa_strerror(error));

935	929	#endif /* HAVE_WRITEV */
936	930	if(r == -1) {
937	931	#ifndef USE_WINSOCK
	932	#ifdef EPIPE
	933	if(errno == EPIPE && verbosity < 2)
	934	return 0; /* silence 'broken pipe' */
	935	#endif
938	936	if(errno == EINTR \|\| errno == EAGAIN)
939	937	return 1;
940	938	log_err("tcp writev: %s", strerror(errno));

1489	1487	}
1490	1488
1491	1489	void
1492		comm_point_set_cb_arg(struct comm_point* c, void *arg)
1493		{
1494		log_assert(c);
1495		c->cb_arg = arg;
1496		}
1497
1498		void
1499	1490	comm_point_send_reply(struct comm_reply *repinfo)
1500	1491	{
1501	1492	log_assert(repinfo && repinfo->c);

-7

util/netevent.h less more

403	403	void comm_point_delete(struct comm_point* c);
404	404
405	405	/**
406		* Reset the callback argument for a comm point.
407		* @param c: the comm point to change.
408		* @param arg: the new callback user argument.
409		*/
410		void comm_point_set_cb_arg(struct comm_point* c, void* arg);
411
412		/**
413	406	* Send reply. Put message into commpoint buffer.
414	407	* @param repinfo: The reply info copied from a commpoint callback call.
415	408	*/

-0

util/rtt.c less more

98	98	{
99	99	/* exponential backoff */
100	100
	101	/* if a query succeeded and put down the rto meanwhile, ignore this */
	102	if(rtt->rto < orig)
	103	return;
	104
101	105	/* the original rto is doubled, not the current one to make sure
102	106	* that the values in the cache are not increased by lots of
103	107	* queries simultaneously as they time out at the same time */

108	112	rtt->rto = RTT_MAX_TIMEOUT;
109	113	}
110	114	}
	115
	116	int rtt_notimeout(const struct rtt_info* rtt)
	117	{
	118	return calc_rto(rtt);
	119	}

-0

util/rtt.h less more

81	81	int rtt_unclamped(const struct rtt_info* rtt);
82	82
83	83	/**
	84	* RTT for valid responses. Without timeouts.
	85	* @param rtt: round trip statistics structure.
	86	* @return: value in msec.
	87	*/
	88	int rtt_notimeout(const struct rtt_info* rtt);
	89
	90	/**
84	91	* Update the statistics with a new roundtrip estimate observation.
85	92	* @param rtt: round trip statistics structure.
86	93	* @param ms: estimate of roundtrip time in milliseconds.

+12

-5

util/storage/lruhash.c less more

491	491	lruhash_get_mem(struct lruhash* table)
492	492	{
493	493	size_t s;
494		size_t i;
495	494	lock_quick_lock(&table->lock);
496	495	s = sizeof(struct lruhash) + table->space_used;
497		for(i=0; i<table->size; i++) {
498		s += sizeof(struct lruhash_bin) +
499		lock_get_mem(&table->array[i].lock);
500		}
	496	#ifdef USE_THREAD_DEBUG
	497	if(table->size != 0) {
	498	size_t i;
	499	for(i=0; i<table->size; i++)
	500	s += sizeof(struct lruhash_bin) +
	501	lock_get_mem(&table->array[i].lock);
	502	}
	503	#else /* no THREAD_DEBUG */
	504	if(table->size != 0)
	505	s += (table->size)*(sizeof(struct lruhash_bin) +
	506	lock_get_mem(&table->array[0].lock));
	507	#endif
501	508	lock_quick_unlock(&table->lock);
502	509	s += lock_get_mem(&table->lock);
503	510	return s;

+13

-21

validator/autotrust.c less more

971	971	struct trust_anchor* tp, struct ub_packed_rrset_key* rrset)
972	972	{
973	973	char* reason = NULL;
974		if(tp->ds_rrset) {
975		/* verify with ds, any will do to prime autotrust */
976		enum sec_status sec = val_verify_DNSKEY_with_DS(
977		env, ve, rrset, tp->ds_rrset, &reason);
978		verbose(VERB_ALGO, "autotrust: validate DNSKEY with DS: %s",
979		sec_status_to_string(sec));
980		if(sec == sec_status_secure) {
981		return 1;
982		}
983		}
984		if(tp->dnskey_rrset) {
985		/* verify with keys */
986		enum sec_status sec = val_verify_rrset(env, ve, rrset,
987		tp->dnskey_rrset, &reason);
988		verbose(VERB_ALGO, "autotrust: validate DNSKEY with keys: %s",
989		sec_status_to_string(sec));
990		if(sec == sec_status_secure) {
991		return 1;
992		}
993		}
994		return 0;
	974	uint8_t sigalg[ALGO_NEEDS_MAX+1];
	975	int downprot = 1;
	976	enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset,
	977	tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason);
	978	/* sigalg is ignored, it returns algorithms signalled to exist, but
	979	* in 5011 there are no other rrsets to check. if downprot is
	980	* enabled, then it checks that the DNSKEY is signed with all
	981	* algorithms available in the trust store. */
	982	verbose(VERB_ALGO, "autotrust: validate DNSKEY with anchor: %s",
	983	sec_status_to_string(sec));
	984	return sec == sec_status_secure;
995	985	}
996	986
997	987	/** Find minimum expiration interval from signatures */

1023	1013	char* reason = NULL;
1024	1014	verbose(VERB_ALGO, "seen REVOKE flag, check self-signed, rr %d",
1025	1015	(int)i);
	1016	/* no algorithm downgrade protection necessary, if it is selfsigned
	1017	* revoked it can be removed. */
1026	1018	sec = dnskey_verify_rrset(env, ve, dnskey_rrset, dnskey_rrset, i,
1027	1019	&reason);
1028	1020	return (sec == sec_status_secure);

-0

validator/autotrust.h less more

140	140	/**
141	141	* See if autotrust anchors are configured and how many.
142	142	* @param anchors: the trust anchors structure.
	143	* @return number of autotrust trust anchors
143	144	*/
144	145	size_t autr_get_num_anchors(struct val_anchors* anchors);
145	146

+28

-1

validator/val_kentry.c less more

57	57	s += packed_rrset_sizeof(kd->rrset_data);
58	58	if(kd->reason)
59	59	s += strlen(kd->reason)+1;
	60	if(kd->algo)
	61	s += strlen((char*)kd->algo)+1;
60	62	return s;
61	63	}
62	64

90	92	struct key_entry_data* kd = (struct key_entry_data*)data;
91	93	free(kd->reason);
92	94	free(kd->rrset_data);
	95	free(kd->algo);
93	96	free(kd);
94	97	}
95	98

135	138	if(!newd->reason)
136	139	return NULL;
137	140	}
	141	if(d->algo) {
	142	newd->algo = (uint8_t*)regional_strdup(region,
	143	(char*)d->algo);
	144	if(!newd->algo)
	145	return NULL;
	146	}
138	147	newk->entry.data = newd;
139	148	}
140	149	return newk;

189	198	return NULL;
190	199	}
191	200	}
	201	if(d->algo) {
	202	newd->algo = (uint8_t)strdup((char)d->algo);
	203	if(!newd->algo) {
	204	free(newd->rrset_data);
	205	free(newd->reason);
	206	free(newd);
	207	free(newk->name);
	208	free(newk);
	209	return NULL;
	210	}
	211	}
192	212	newk->entry.data = newd;
193	213	}
194	214	return newk;

266	286	d->reason = NULL;
267	287	d->rrset_type = LDNS_RR_TYPE_DNSKEY;
268	288	d->rrset_data = NULL;
	289	d->algo = NULL;
269	290	return k;
270	291	}
271	292
272	293	struct key_entry_key*
273	294	key_entry_create_rrset(struct regional* region,
274	295	uint8_t* name, size_t namelen, uint16_t dclass,
275		struct ub_packed_rrset_key* rrset, uint32_t now)
	296	struct ub_packed_rrset_key* rrset, uint8_t* sigalg, uint32_t now)
276	297	{
277	298	struct key_entry_key* k;
278	299	struct key_entry_data* d;

288	309	rd, packed_rrset_sizeof(rd));
289	310	if(!d->rrset_data)
290	311	return NULL;
	312	if(sigalg) {
	313	d->algo = (uint8_t)regional_strdup(region, (char)sigalg);
	314	if(!d->algo)
	315	return NULL;
	316	} else d->algo = NULL;
291	317	packed_rrset_ptr_fixup(d->rrset_data);
292	318	return k;
293	319	}

306	332	d->reason = NULL;
307	333	d->rrset_type = LDNS_RR_TYPE_DNSKEY;
308	334	d->rrset_data = NULL;
	335	d->algo = NULL;
309	336	return k;
310	337	}
311	338

-1

validator/val_kentry.h less more

79	79	struct packed_rrset_data* rrset_data;
80	80	/** not NULL sometimes to give reason why bogus */
81	81	char* reason;
	82	/** list of algorithms signalled, ends with 0, or NULL */
	83	uint8_t* algo;
82	84	/** DNS RR type of the rrset data (host order) */
83	85	uint16_t rrset_type;
84	86	/** if the key is bad: Bogus or malformed */

176	178	* @param namelen: length of name
177	179	* @param dclass: class of key entry. (host order);
178	180	* @param rrset: data for key entry. This is copied to the region.
	181	* @param sigalg: signalled algorithm list (or NULL).
179	182	* @param now: current time (added to ttl of rrset)
180	183	* @return new key entry or NULL on alloc failure
181	184	*/
182	185	struct key_entry_key* key_entry_create_rrset(struct regional* region,
183	186	uint8_t* name, size_t namelen, uint16_t dclass,
184		struct ub_packed_rrset_key* rrset, uint32_t now);
	187	struct ub_packed_rrset_key* rrset, uint8_t* sigalg, uint32_t now);
185	188
186	189	/**
187	190	* Create a bad entry, in the given region.

+16

-3

validator/val_neg.c less more

1254	1254	static struct dns_msg*
1255	1255	neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
1256	1256	int qlabs, ldns_buffer* buf, struct rrset_cache* rrset_cache,
1257		struct regional* region, uint32_t now)
	1257	struct regional* region, uint32_t now, uint8_t* topname)
1258	1258	{
1259	1259	struct dns_msg* msg;
1260	1260	struct val_neg_data* data;

1304	1304	return NULL;
1305	1305	return msg;
1306	1306	}
	1307
	1308	/* optout is not allowed without knowing the trust-anchor in use,
	1309	* otherwise the optout could spoof away that anchor */
	1310	if(!topname)
	1311	return NULL;
	1312
1307	1313	/* if there is no exact match, it must be in an optout span
1308	1314	* (an existing DS implies an NSEC3 must exist) */
1309	1315	nc_rrset = neg_nsec3_getnc(zone, hashnc, nclen, rrset_cache,

1378	1384	struct dns_msg*
1379	1385	val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
1380	1386	struct regional* region, struct rrset_cache* rrset_cache,
1381		ldns_buffer* buf, uint32_t now, int addsoa)
	1387	ldns_buffer* buf, uint32_t now, int addsoa, uint8_t* topname)
1382	1388	{
1383	1389	struct dns_msg* msg;
1384	1390	struct ub_packed_rrset_key* rrset;

1390	1396	/* only for DS queries */
1391	1397	if(qinfo->qtype != LDNS_RR_TYPE_DS)
1392	1398	return NULL;
	1399	log_assert(!topname \|\| dname_subdomain_c(qinfo->qname, topname));
1393	1400
1394	1401	/* see if info from neg cache is available
1395	1402	* For NSECs, because there is no optout; a DS next to a delegation

1425	1432	qinfo->qclass);
1426	1433	while(zone && !zone->in_use)
1427	1434	zone = zone->parent;
	1435	/* check that the zone is not too high up so that we do not pick data
	1436	* out of a zone that is above the last-seen key (or trust-anchor). */
	1437	if(zone && topname) {
	1438	if(!dname_subdomain_c(zone->name, topname))
	1439	zone = NULL;
	1440	}
1428	1441	if(!zone) {
1429	1442	lock_basic_unlock(&neg->lock);
1430	1443	return NULL;
1431	1444	}
1432	1445
1433	1446	msg = neg_nsec3_proof_ds(zone, qinfo->qname, qinfo->qname_len,
1434		zname_labs+1, buf, rrset_cache, region, now);
	1447	zname_labs+1, buf, rrset_cache, region, now, topname);
1435	1448	if(msg && addsoa && !add_soa(rrset_cache, now, region, msg, zone)) {
1436	1449	lock_basic_unlock(&neg->lock);
1437	1450	return NULL;

-1

validator/val_neg.h less more

241	241	* @param now: to check TTLs against.
242	242	* @param addsoa: if true, produce result for external consumption.
243	243	* if false, do not add SOA - for unbound-internal consumption.
	244	* @param topname: do not look higher than this name,
	245	* so that the result cannot be taken from a zone above the current
	246	* trust anchor. Which could happen with multiple islands of trust.
	247	* if NULL, then no trust anchor is used, but also the algorithm becomes
	248	* more conservative, especially for opt-out zones, since the receiver
	249	* may have a trust-anchor below the optout and thus the optout cannot
	250	* be used to create a proof from the negative cache.
244	251	* @return a reply message if something was found.
245	252	* This reply may still need validation.
246	253	* NULL if nothing found (or out of memory).

248	255	struct dns_msg* val_neg_getmsg(struct val_neg_cache* neg,
249	256	struct query_info* qinfo, struct regional* region,
250	257	struct rrset_cache* rrset_cache, ldns_buffer* buf, uint32_t now,
251		int addsoa);
	258	int addsoa, uint8_t* topname);
252	259
253	260
254	261	/** functions exposed for unit test **/

+21

-0

validator/val_nsec.c less more

424	424	return 0;
425	425	}
426	426
	427	int val_nsec_proves_insecuredelegation(struct ub_packed_rrset_key* nsec,
	428	struct query_info* qinfo)
	429	{
	430	if(nsec_has_type(nsec, LDNS_RR_TYPE_NS) &&
	431	!nsec_has_type(nsec, LDNS_RR_TYPE_DS) &&
	432	!nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) {
	433	/* see if nsec signals an insecure delegation */
	434	if(qinfo->qtype == LDNS_RR_TYPE_DS) {
	435	/* if type is DS and qname is equal to nsec, then it
	436	* is an exact match nsec, result not insecure */
	437	if(dname_strict_subdomain_c(qinfo->qname,
	438	nsec->rk.dname))
	439	return 1;
	440	} else {
	441	if(dname_subdomain_c(qinfo->qname, nsec->rk.dname))
	442	return 1;
	443	}
	444	}
	445	return 0;
	446	}
	447
427	448	uint8_t*
428	449	nsec_closest_encloser(uint8_t* qname, struct ub_packed_rrset_key* nsec)
429	450	{

+10

-0

validator/val_nsec.h less more

168	168	int val_nsec_check_dlv(struct query_info* qinfo,
169	169	struct reply_info* rep, uint8_t** nm, size_t* nm_len);
170	170
	171	/**
	172	* Determine if an nsec proves an insecure delegation towards the qname.
	173	* @param nsec: nsec rrset.
	174	* @param qinfo: what was queries for.
	175	* @return 0 if not, 1 if an NSEC that signals an insecure delegation to
	176	* the qname.
	177	*/
	178	int val_nsec_proves_insecuredelegation(struct ub_packed_rrset_key* nsec,
	179	struct query_info* qinfo);
	180
171	181	#endif /* VALIDATOR_VAL_NSEC_H */

+50

-24

validator/val_nsec3.c less more

934	934	* If set true, and the return value is true, then you can be
935	935	* certain that the ce.nc_rrset and ce.nc_rr are set properly.
936	936	* @param ce: closest encloser information is returned in here.
937		* @return false if no closest encloser could be proven.
938		* true if a closest encloser could be proven, ce is set.
939		*/
940		static int
	937	* @return bogus if no closest encloser could be proven.
	938	* secure if a closest encloser could be proven, ce is set.
	939	* insecure if the closest-encloser candidate turns out to prove
	940	* that an insecure delegation exists above the qname.
	941	*/
	942	static enum sec_status
941	943	nsec3_prove_closest_encloser(struct module_env* env, struct nsec3_filter* flt,
942	944	rbtree_t* ct, struct query_info* qinfo, int prove_does_not_exist,
943	945	struct ce_response* ce)

950	952	if(!nsec3_find_closest_encloser(env, flt, ct, qinfo, ce)) {
951	953	verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could "
952	954	"not find a candidate for the closest encloser.");
953		return 0;
	955	return sec_status_bogus;
954	956	}
955	957	log_nametypeclass(VERB_ALGO, "ce candidate", ce->ce, 0, 0);
956	958

958	960	if(prove_does_not_exist) {
959	961	verbose(VERB_ALGO, "nsec3 proveClosestEncloser: "
960	962	"proved that qname existed, bad");
961		return 0;
	963	return sec_status_bogus;
962	964	}
963	965	/* otherwise, we need to nothing else to prove that qname
964	966	* is its own closest encloser. */
965		return 1;
	967	return sec_status_secure;
966	968	}
967	969
968	970	/* If the closest encloser is actually a delegation, then the

970	972	* it should have been a DNAME response. */
971	973	if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_NS) &&
972	974	!nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_SOA)) {
	975	if(!nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DS)) {
	976	verbose(VERB_ALGO, "nsec3 proveClosestEncloser: "
	977	"closest encloser is insecure delegation");
	978	return sec_status_insecure;
	979	}
973	980	verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest "
974	981	"encloser was a delegation, bad");
975		return 0;
	982	return sec_status_bogus;
976	983	}
977	984	if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DNAME)) {
978	985	verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest "
979	986	"encloser was a DNAME, bad");
980		return 0;
	987	return sec_status_bogus;
981	988	}
982	989
983	990	/* Otherwise, we need to show that the next closer name is covered. */

986	993	&ce->nc_rrset, &ce->nc_rr)) {
987	994	verbose(VERB_ALGO, "nsec3: Could not find proof that the "
988	995	"candidate encloser was the closest encloser");
989		return 0;
990		}
991		return 1;
	996	return sec_status_bogus;
	997	}
	998	return sec_status_secure;
992	999	}
993	1000
994	1001	/** allocate a wildcard for the closest encloser */

1021	1028	size_t wclen;
1022	1029	struct ub_packed_rrset_key* wc_rrset;
1023	1030	int wc_rr;
	1031	enum sec_status sec;
1024	1032
1025	1033	/* First locate and prove the closest encloser to qname. We will
1026	1034	* use the variant that fails if the closest encloser turns out
1027	1035	* to be qname. */
1028		if(!nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce)) {
1029		verbose(VERB_ALGO, "nsec3 nameerror proof: failed to prove "
1030		"a closest encloser");
1031		return sec_status_bogus;
	1036	sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce);
	1037	if(sec != sec_status_secure) {
	1038	if(sec == sec_status_bogus)
	1039	verbose(VERB_ALGO, "nsec3 nameerror proof: failed "
	1040	"to prove a closest encloser");
	1041	else verbose(VERB_ALGO, "nsec3 nameerror proof: closest "
	1042	"nsec3 is an insecure delegation");
	1043	return sec;
1032	1044	}
1033	1045	log_nametypeclass(VERB_ALGO, "nsec3 namerror: proven ce=", ce.ce,0,0);
1034	1046

1081	1093	size_t wclen;
1082	1094	struct ub_packed_rrset_key* rrset;
1083	1095	int rr;
	1096	enum sec_status sec;
1084	1097
1085	1098	if(find_matching_nsec3(env, flt, ct, qinfo->qname, qinfo->qname_len,
1086	1099	&rrset, &rr)) {

1115	1128	} else if(qinfo->qtype != LDNS_RR_TYPE_DS &&
1116	1129	nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) &&
1117	1130	!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) {
	1131	if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) {
	1132	verbose(VERB_ALGO, "proveNodata: matching "
	1133	"NSEC3 is insecure delegation");
	1134	return sec_status_insecure;
	1135	}
1118	1136	verbose(VERB_ALGO, "proveNodata: matching "
1119	1137	"NSEC3 is a delegation, bogus");
1120	1138	return sec_status_bogus;

1125	1143	/* For cases 3 - 5, we need the proven closest encloser, and it
1126	1144	* can't match qname. Although, at this point, we know that it
1127	1145	* won't since we just checked that. */
1128		if(!nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce)) {
	1146	sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce);
	1147	if(sec == sec_status_bogus) {
1129	1148	verbose(VERB_ALGO, "proveNodata: did not match qname, "
1130	1149	"nor found a proven closest encloser.");
1131	1150	return sec_status_bogus;
	1151	} else if(sec==sec_status_insecure && qinfo->qtype!=LDNS_RR_TYPE_DS){
	1152	verbose(VERB_ALGO, "proveNodata: closest nsec3 is insecure "
	1153	"delegation.");
	1154	return sec_status_insecure;
1132	1155	}
1133	1156
1134	1157	/* Case 3: removed */

1178	1201	"-- no more options, bogus.");
1179	1202	return sec_status_bogus;
1180	1203	}
1181		/* the optout is a secure denial of DS records */
1182		if(qinfo->qtype != LDNS_RR_TYPE_DS)
1183		return sec_status_insecure;
1184		return sec_status_secure;
	1204	/* RFC5155 section 9.2: if nc has optout then no AD flag set */
	1205	return sec_status_insecure;
1185	1206	}
1186	1207
1187	1208	enum sec_status

1328	1349	}
1329	1350
1330	1351	/* Otherwise, we are probably in the opt-out case. */
1331		if(!nsec3_prove_closest_encloser(env, &flt, &ct, qinfo, 1, &ce)) {
	1352	if(nsec3_prove_closest_encloser(env, &flt, &ct, qinfo, 1, &ce)
	1353	!= sec_status_secure) {
	1354	/* an insecure delegation above the qname does not prove
	1355	* anything about this qname exactly, and bogus is bogus */
1332	1356	verbose(VERB_ALGO, "nsec3 provenods: did not match qname, "
1333	1357	"nor found a proven closest encloser.");
1334	1358	*reason = "no NSEC3 closest encloser";

1347	1371	"DS NOERROR/NODATA case";
1348	1372	return sec_status_bogus;
1349	1373	}
1350		return sec_status_secure;
	1374	/* RFC5155 section 9.2: if nc has optout then no AD flag set */
	1375	return sec_status_insecure;
1351	1376	}
1352	1377
1353	1378	enum sec_status

1372	1397	/* try nxdomain and nodata after another, while keeping the
1373	1398	* hash cache intact */
1374	1399
1375		if(nsec3_do_prove_nameerror(env, &flt, &ct, qinfo)==sec_status_secure)
	1400	sec = nsec3_do_prove_nameerror(env, &flt, &ct, qinfo);
	1401	if(sec==sec_status_secure)
1376	1402	return sec_status_secure;
1377	1403	sec = nsec3_do_prove_nodata(env, &flt, &ct, qinfo);
1378	1404	if(sec==sec_status_secure) {

+49

-12

validator/val_sigcrypt.c less more

154	154	* Get DNSKEY protocol value from rdata
155	155	* @param k: DNSKEY rrset.
156	156	* @param idx: which key.
	157	* @return protocol octet value
157	158	*/
158	159	static int
159	160	dnskey_get_protocol(struct ub_packed_rrset_key* k, size_t idx)

451	452	dnskey_idx));
452	453	}
453	454
454		void algo_needs_init_dnskey(struct algo_needs* n,
455		struct ub_packed_rrset_key* dnskey)
	455	void algo_needs_init_dnskey_add(struct algo_needs* n,
	456	struct ub_packed_rrset_key* dnskey, uint8_t* sigalg)
456	457	{
457	458	uint8_t algo;
458		size_t i, total = 0;
	459	size_t i, total = n->num;
459	460	size_t num = rrset_get_count(dnskey);
460	461
461		memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX);
462	462	for(i=0; i<num; i++) {
463	463	algo = (uint8_t)dnskey_get_algo(dnskey, i);
	464	if(!dnskey_algo_id_is_supported((int)algo))
	465	continue;
464	466	if(n->needs[algo] == 0) {
465	467	n->needs[algo] = 1;
	468	sigalg[total] = algo;
466	469	total++;
467	470	}
468	471	}
	472	sigalg[total] = 0;
469	473	n->num = total;
470	474	}
471	475
	476	void algo_needs_init_list(struct algo_needs* n, uint8_t* sigalg)
	477	{
	478	uint8_t algo;
	479	size_t total = 0;
	480
	481	memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX);
	482	while( (algo=*sigalg++) != 0) {
	483	log_assert(dnskey_algo_id_is_supported((int)algo));
	484	log_assert(n->needs[algo] == 0);
	485	n->needs[algo] = 1;
	486	total++;
	487	}
	488	n->num = total;
	489	}
	490
472	491	void algo_needs_init_ds(struct algo_needs* n, struct ub_packed_rrset_key* ds,
473		int fav_ds_algo)
	492	int fav_ds_algo, uint8_t* sigalg)
474	493	{
475	494	uint8_t algo;
476	495	size_t i, total = 0;

481	500	if(ds_get_digest_algo(ds, i) != fav_ds_algo)
482	501	continue;
483	502	algo = (uint8_t)ds_get_key_algo(ds, i);
	503	if(!dnskey_algo_id_is_supported((int)algo))
	504	continue;
	505	log_assert(algo != 0); /* we do not support 0 and is EOS */
484	506	if(n->needs[algo] == 0) {
485	507	n->needs[algo] = 1;
	508	sigalg[total] = algo;
486	509	total++;
487	510	}
488	511	}
	512	sigalg[total] = 0;
489	513	n->num = total;
490	514	}
491	515

527	551	enum sec_status
528	552	dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
529	553	struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
530		char** reason)
	554	uint8_t* sigalg, char** reason)
531	555	{
532	556	enum sec_status sec;
533	557	size_t i, num;

544	568	return sec_status_bogus;
545	569	}
546	570
547		algo_needs_init_dnskey(&needs, dnskey);
	571	if(sigalg) {
	572	algo_needs_init_list(&needs, sigalg);
	573	if(algo_needs_num_missing(&needs) == 0) {
	574	verbose(VERB_QUERY, "zone has no known algorithms");
	575	*reason = "zone has no known algorithms";
	576	return sec_status_insecure;
	577	}
	578	}
548	579	for(i=0; i<num; i++) {
549	580	sec = dnskeyset_verify_rrset_sig(env, ve, *env->now, rrset,
550	581	dnskey, i, &sortree, reason);
551	582	/* see which algorithm has been fixed up */
552	583	if(sec == sec_status_secure) {
553		if(algo_needs_set_secure(&needs,
	584	if(!sigalg)
	585	return sec; /* done! */
	586	else if(algo_needs_set_secure(&needs,
554	587	(uint8_t)rrset_get_sig_algo(rrset, i)))
555	588	return sec; /* done! */
556		} else if(sec == sec_status_bogus) {
	589	} else if(sigalg && sec == sec_status_bogus) {
557	590	algo_needs_set_bogus(&needs,
558	591	(uint8_t)rrset_get_sig_algo(rrset, i));
559	592	}
560	593	}
561	594	verbose(VERB_ALGO, "rrset failed to verify: no valid signatures for "
562	595	"%d algorithms", (int)algo_needs_num_missing(&needs));
563		if((alg=algo_needs_missing(&needs)) != 0) {
	596	if(sigalg && (alg=algo_needs_missing(&needs)) != 0) {
564	597	algo_needs_reason(env, alg, reason, "no signatures");
565	598	}
566	599	return sec_status_bogus;

576	609	(unsigned)alg);
577	610	*reason = regional_strdup(env->scratch, buf);
578	611	if(!*reason)
579		*reason = "%s with all algorithms";
	612	*reason = s;
580	613	}
581	614
582	615	enum sec_status

612	645	numchecked ++;
613	646	}
614	647	verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus");
615		if(!numchecked) *reason = "signatures from unknown keys";
	648	if(!numchecked) *reason = "signature missing";
616	649	return sec_status_bogus;
617	650	}
618	651

630	663	size_t numchecked = 0;
631	664	int buf_canon = 0;
632	665	verbose(VERB_ALGO, "verify sig %d %d", (int)tag, algo);
	666	if(!dnskey_algo_id_is_supported(algo)) {
	667	verbose(VERB_QUERY, "verify sig: unknown algorithm");
	668	return sec_status_insecure;
	669	}
633	670
634	671	for(i=0; i<num; i++) {
635	672	/* see if key matches keytag and algo */

+19

-5

validator/val_sigcrypt.h less more

51	51
52	52	/** number of entries in algorithm needs array */
53	53	#define ALGO_NEEDS_MAX 256
	54
54	55	/**
55	56	* Storage for algorithm needs. DNSKEY algorithms.
56	57	*/

68	69
69	70	/**
70	71	* Initialize algo needs structure, set algos from rrset as needed.
	72	* Results are added to an existing need structure.
71	73	* @param n: struct with storage.
72	74	* @param dnskey: algos from this struct set as necessary. DNSKEY set.
73		*/
74		void algo_needs_init_dnskey(struct algo_needs* n,
75		struct ub_packed_rrset_key* dnskey);
	75	* @param sigalg: adds to signalled algorithm list too.
	76	*/
	77	void algo_needs_init_dnskey_add(struct algo_needs* n,
	78	struct ub_packed_rrset_key* dnskey, uint8_t* sigalg);
	79
	80	/**
	81	* Initialize algo needs structure from a signalled algo list.
	82	* @param n: struct with storage.
	83	* @param sigalg: signalled algorithm list, numbers ends with 0.
	84	*/
	85	void algo_needs_init_list(struct algo_needs* n, uint8_t* sigalg);
76	86
77	87	/**
78	88	* Initialize algo needs structure, set algos from rrset as needed.
79	89	* @param n: struct with storage.
80	90	* @param ds: algos from this struct set as necessary. DS set.
81	91	* @param fav_ds_algo: filter to use only this DS algo.
	92	* @param sigalg: list of signalled algos, constructed as output,
	93	* provide size ALGO_NEEDS_MAX+1. list of algonumbers, ends with a zero.
82	94	*/
83	95	void algo_needs_init_ds(struct algo_needs* n, struct ub_packed_rrset_key* ds,
84		int fav_ds_algo);
	96	int fav_ds_algo, uint8_t* sigalg);
85	97
86	98	/**
87	99	* Mark this algorithm as a success, sec_secure, and see if we are done.

220	232	* @param ve: validator environment, date settings.
221	233	* @param rrset: to be validated.
222	234	* @param dnskey: DNSKEY rrset, keyset to try.
	235	* @param sigalg: if nonNULL provide downgrade protection otherwise one
	236	* algorithm is enough.
223	237	* @param reason: if bogus, a string returned, fixed or alloced in scratch.
224	238	* @return SECURE if one key in the set verifies one rrsig.
225	239	* UNCHECKED on allocation errors, unsupported algorithms, malformed data,

227	241	*/
228	242	enum sec_status dnskeyset_verify_rrset(struct module_env* env,
229	243	struct val_env* ve, struct ub_packed_rrset_key* rrset,
230		struct ub_packed_rrset_key* dnskey, char** reason);
	244	struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason);
231	245
232	246	/**
233	247	* verify rrset against one specific dnskey (from rrset)

+159

-19

validator/val_utils.c less more

94	94	return VAL_CLASS_REFERRAL;
95	95
96	96	/* dump bad messages */
97		if(rcode != LDNS_RCODE_NOERROR)
	97	if(rcode != LDNS_RCODE_NOERROR && rcode != LDNS_RCODE_NXDOMAIN)
98	98	return VAL_CLASS_UNKNOWN;
99		log_assert(rcode == LDNS_RCODE_NOERROR);
100	99	/* next check if the skip into the answer section shows no answer */
101	100	if(skip>0 && rep->an_numrrsets <= skip)
102	101	return VAL_CLASS_CNAMENOANSWER;
103	102
104	103	/* Next is NODATA */
105		if(rep->an_numrrsets == 0)
	104	if(rcode == LDNS_RCODE_NOERROR && rep->an_numrrsets == 0)
106	105	return VAL_CLASS_NODATA;
107	106
108	107	/* We distinguish between CNAME response and other positive/negative

110	109
111	110	/* We distinguish between ANY and CNAME or POSITIVE because
112	111	* ANY responses are validated differently. */
113		if(qinf->qtype == LDNS_RR_TYPE_ANY)
	112	if(rcode == LDNS_RCODE_NOERROR && qinf->qtype == LDNS_RR_TYPE_ANY)
114	113	return VAL_CLASS_ANY;
115	114
116	115	/* Note that DNAMEs will be ignored here, unless qtype=DNAME. Unless
117	116	* qtype=CNAME, this will yield a CNAME response. */
118	117	for(i=skip; i<rep->an_numrrsets; i++) {
119		if(ntohs(rep->rrsets[i]->rk.type) == qinf->qtype)
	118	if(rcode == LDNS_RCODE_NOERROR &&
	119	ntohs(rep->rrsets[i]->rk.type) == qinf->qtype)
120	120	return VAL_CLASS_POSITIVE;
121	121	if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME)
122	122	return VAL_CLASS_CNAME;

309	309	enum sec_status
310	310	val_verify_rrset(struct module_env* env, struct val_env* ve,
311	311	struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys,
312		char** reason)
	312	uint8_t* sigalg, char** reason)
313	313	{
314	314	enum sec_status sec;
315	315	struct packed_rrset_data* d = (struct packed_rrset_data*)rrset->

331	331	}
332	332	log_nametypeclass(VERB_ALGO, "verify rrset", rrset->rk.dname,
333	333	ntohs(rrset->rk.type), ntohs(rrset->rk.rrset_class));
334		sec = dnskeyset_verify_rrset(env, ve, rrset, keys, reason);
	334	sec = dnskeyset_verify_rrset(env, ve, rrset, keys, sigalg, reason);
335	335	verbose(VERB_ALGO, "verify result: %s", sec_status_to_string(sec));
336	336	regional_free_all(env->scratch);
337	337

377	377	dnskey.rk.dname_len = kkey->namelen;
378	378	dnskey.entry.key = &dnskey;
379	379	dnskey.entry.data = kd->rrset_data;
380		sec = val_verify_rrset(env, ve, rrset, &dnskey, reason);
	380	sec = val_verify_rrset(env, ve, rrset, &dnskey, kd->algo, reason);
381	381	return sec;
382	382	}
383	383

452	452	enum sec_status
453	453	val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve,
454	454	struct ub_packed_rrset_key* dnskey_rrset,
455		struct ub_packed_rrset_key* ds_rrset, char** reason)
	455	struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason)
456	456	{
457	457	/* as long as this is false, we can consider this DS rrset to be
458	458	* equivalent to no DS rrset. */

471	471	}
472	472
473	473	digest_algo = val_favorite_ds_algo(ds_rrset);
474		algo_needs_init_ds(&needs, ds_rrset, digest_algo);
	474	if(sigalg)
	475	algo_needs_init_ds(&needs, ds_rrset, digest_algo, sigalg);
475	476	num = rrset_get_count(ds_rrset);
476	477	for(i=0; i<num; i++) {
477	478	/* Check to see if we can understand this DS.

490	491	sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset,
491	492	ds_rrset, i, reason);
492	493	if(sec == sec_status_secure) {
493		if(algo_needs_set_secure(&needs,
	494	if(!sigalg \|\| algo_needs_set_secure(&needs,
494	495	(uint8_t)ds_get_key_algo(ds_rrset, i))) {
495	496	verbose(VERB_ALGO, "DS matched DNSKEY.");
496	497	return sec_status_secure;
497	498	}
498		} else if(sec == sec_status_bogus) {
	499	} else if(sigalg && sec == sec_status_bogus) {
499	500	algo_needs_set_bogus(&needs,
500	501	(uint8_t)ds_get_key_algo(ds_rrset, i));
501	502	}

511	512	}
512	513	/* If any were understandable, then it is bad. */
513	514	verbose(VERB_QUERY, "Failed to match any usable DS to a DNSKEY.");
514		if((alg=algo_needs_missing(&needs)) != 0) {
	515	if(sigalg && (alg=algo_needs_missing(&needs)) != 0) {
515	516	algo_needs_reason(env, alg, reason, "missing verification of "
516	517	"DNSKEY signature");
517	518	}

521	522	struct key_entry_key*
522	523	val_verify_new_DNSKEYs(struct regional* region, struct module_env* env,
523	524	struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset,
524		struct ub_packed_rrset_key* ds_rrset, char** reason)
525		{
	525	struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason)
	526	{
	527	uint8_t sigalg[ALGO_NEEDS_MAX+1];
526	528	enum sec_status sec = val_verify_DNSKEY_with_DS(env, ve,
527		dnskey_rrset, ds_rrset, reason);
	529	dnskey_rrset, ds_rrset, downprot?sigalg:NULL, reason);
528	530
529	531	if(sec == sec_status_secure) {
530	532	return key_entry_create_rrset(region,
531	533	ds_rrset->rk.dname, ds_rrset->rk.dname_len,
532	534	ntohs(ds_rrset->rk.rrset_class), dnskey_rrset,
533		*env->now);
	535	downprot?sigalg:NULL, *env->now);
534	536	} else if(sec == sec_status_insecure) {
535	537	return key_entry_create_null(region, ds_rrset->rk.dname,
536	538	ds_rrset->rk.dname_len,

539	541	}
540	542	return key_entry_create_bad(region, ds_rrset->rk.dname,
541	543	ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class),
	544	BOGUS_KEY_TTL, *env->now);
	545	}
	546
	547	enum sec_status
	548	val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve,
	549	struct ub_packed_rrset_key* dnskey_rrset,
	550	struct ub_packed_rrset_key* ta_ds,
	551	struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason)
	552	{
	553	/* as long as this is false, we can consider this anchor to be
	554	* equivalent to no anchor. */
	555	int has_useful_ta = 0, digest_algo = 0, alg;
	556	struct algo_needs needs;
	557	size_t i, num;
	558	enum sec_status sec;
	559
	560	if(ta_ds && (dnskey_rrset->rk.dname_len != ta_ds->rk.dname_len \|\|
	561	query_dname_compare(dnskey_rrset->rk.dname, ta_ds->rk.dname)
	562	!= 0)) {
	563	verbose(VERB_QUERY, "DNSKEY RRset did not match DS RRset "
	564	"by name");
	565	*reason = "DNSKEY RRset did not match DS RRset by name";
	566	return sec_status_bogus;
	567	}
	568	if(ta_dnskey && (dnskey_rrset->rk.dname_len != ta_dnskey->rk.dname_len
	569	\|\| query_dname_compare(dnskey_rrset->rk.dname, ta_dnskey->rk.dname)
	570	!= 0)) {
	571	verbose(VERB_QUERY, "DNSKEY RRset did not match anchor RRset "
	572	"by name");
	573	*reason = "DNSKEY RRset did not match anchor RRset by name";
	574	return sec_status_bogus;
	575	}
	576
	577	if(ta_ds)
	578	digest_algo = val_favorite_ds_algo(ta_ds);
	579	if(sigalg) {
	580	if(ta_ds)
	581	algo_needs_init_ds(&needs, ta_ds, digest_algo, sigalg);
	582	else memset(&needs, 0, sizeof(needs));
	583	if(ta_dnskey)
	584	algo_needs_init_dnskey_add(&needs, ta_dnskey, sigalg);
	585	}
	586	if(ta_ds) {
	587	num = rrset_get_count(ta_ds);
	588	for(i=0; i<num; i++) {
	589	/* Check to see if we can understand this DS.
	590	* And check it is the strongest digest */
	591	if(!ds_digest_algo_is_supported(ta_ds, i) \|\|
	592	!ds_key_algo_is_supported(ta_ds, i) \|\|
	593	ds_get_digest_algo(ta_ds, i) != digest_algo)
	594	continue;
	595
	596	/* Once we see a single DS with a known digestID and
	597	* algorithm, we cannot return INSECURE (with a
	598	* "null" KeyEntry). */
	599	has_useful_ta = true;
	600
	601	sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset,
	602	ta_ds, i, reason);
	603	if(sec == sec_status_secure) {
	604	if(!sigalg \|\| algo_needs_set_secure(&needs,
	605	(uint8_t)ds_get_key_algo(ta_ds, i))) {
	606	verbose(VERB_ALGO, "DS matched DNSKEY.");
	607	return sec_status_secure;
	608	}
	609	} else if(sigalg && sec == sec_status_bogus) {
	610	algo_needs_set_bogus(&needs,
	611	(uint8_t)ds_get_key_algo(ta_ds, i));
	612	}
	613	}
	614	}
	615
	616	/* None of the DS's worked out: check the DNSKEYs. */
	617	if(ta_dnskey) {
	618	num = rrset_get_count(ta_dnskey);
	619	for(i=0; i<num; i++) {
	620	/* Check to see if we can understand this DNSKEY */
	621	if(!dnskey_algo_is_supported(ta_dnskey, i))
	622	continue;
	623
	624	/* we saw a useful TA */
	625	has_useful_ta = true;
	626
	627	sec = dnskey_verify_rrset(env, ve, dnskey_rrset,
	628	ta_dnskey, i, reason);
	629	if(sec == sec_status_secure) {
	630	if(!sigalg \|\| algo_needs_set_secure(&needs,
	631	(uint8_t)dnskey_get_algo(ta_dnskey, i))) {
	632	verbose(VERB_ALGO, "anchor matched DNSKEY.");
	633	return sec_status_secure;
	634	}
	635	} else if(sigalg && sec == sec_status_bogus) {
	636	algo_needs_set_bogus(&needs,
	637	(uint8_t)dnskey_get_algo(ta_dnskey, i));
	638	}
	639	}
	640	}
	641
	642	/* If no DSs were understandable, then this is OK. */
	643	if(!has_useful_ta) {
	644	verbose(VERB_ALGO, "No usable trust anchors were found -- "
	645	"treating as insecure.");
	646	return sec_status_insecure;
	647	}
	648	/* If any were understandable, then it is bad. */
	649	verbose(VERB_QUERY, "Failed to match any usable anchor to a DNSKEY.");
	650	if(sigalg && (alg=algo_needs_missing(&needs)) != 0) {
	651	algo_needs_reason(env, alg, reason, "missing verification of "
	652	"DNSKEY signature");
	653	}
	654	return sec_status_bogus;
	655	}
	656
	657	struct key_entry_key*
	658	val_verify_new_DNSKEYs_with_ta(struct regional* region, struct module_env* env,
	659	struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset,
	660	struct ub_packed_rrset_key* ta_ds_rrset,
	661	struct ub_packed_rrset_key* ta_dnskey_rrset, int downprot,
	662	char** reason)
	663	{
	664	uint8_t sigalg[ALGO_NEEDS_MAX+1];
	665	enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve,
	666	dnskey_rrset, ta_ds_rrset, ta_dnskey_rrset,
	667	downprot?sigalg:NULL, reason);
	668
	669	if(sec == sec_status_secure) {
	670	return key_entry_create_rrset(region,
	671	dnskey_rrset->rk.dname, dnskey_rrset->rk.dname_len,
	672	ntohs(dnskey_rrset->rk.rrset_class), dnskey_rrset,
	673	downprot?sigalg:NULL, *env->now);
	674	} else if(sec == sec_status_insecure) {
	675	return key_entry_create_null(region, dnskey_rrset->rk.dname,
	676	dnskey_rrset->rk.dname_len,
	677	ntohs(dnskey_rrset->rk.rrset_class),
	678	rrset_get_ttl(dnskey_rrset), *env->now);
	679	}
	680	return key_entry_create_bad(region, dnskey_rrset->rk.dname,
	681	dnskey_rrset->rk.dname_len, ntohs(dnskey_rrset->rk.rrset_class),
542	682	BOGUS_KEY_TTL, *env->now);
543	683	}
544	684

907	1047
908	1048	struct dns_msg*
909	1049	val_find_DS(struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t c,
910		struct regional* region)
	1050	struct regional* region, uint8_t* topname)
911	1051	{
912	1052	struct dns_msg* msg;
913	1053	struct query_info qinfo;

936	1076	qinfo.qclass = c;
937	1077	/* do not add SOA to reply message, it is going to be used internal */
938	1078	msg = val_neg_getmsg(env->neg_cache, &qinfo, region, env->rrset_cache,
939		env->scratch_buffer, *env->now, 0);
	1079	env->scratch_buffer, *env->now, 0, topname);
940	1080	return msg;
941	1081	}

+66

-4

validator/val_utils.h less more

116	116	* @param ve: validator environment (verification settings)
117	117	* @param rrset: what to verify
118	118	* @param keys: dnskey rrset to verify with.
	119	* @param sigalg: if nonNULL provide downgrade protection otherwise one
	120	* algorithm is enough. Algo list is constructed in here.
119	121	* @param reason: reason of failure. Fixed string or alloced in scratch.
120	122	* @return security status of verification.
121	123	*/
122	124	enum sec_status val_verify_rrset(struct module_env* env, struct val_env* ve,
123	125	struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys,
124		char** reason);
	126	uint8_t* sigalg, char** reason);
125	127
126	128	/**
127	129	* Verify RRset with keys from a keyset.

143	145	* @param ve: validator environment (verification settings)
144	146	* @param dnskey_rrset: DNSKEY rrset to verify
145	147	* @param ds_rrset: DS rrset to verify with.
	148	* @param sigalg: if nonNULL provide downgrade protection otherwise one
	149	* algorithm is enough. The list of signalled algorithms is returned,
	150	* must have enough space for ALGO_NEEDS_MAX+1.
146	151	* @param reason: reason of failure. Fixed string or alloced in scratch.
147	152	* @return: sec_status_secure if a DS matches.
148	153	* sec_status_insecure if end of trust (i.e., unknown algorithms).

150	155	*/
151	156	enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env,
152	157	struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset,
153		struct ub_packed_rrset_key* ds_rrset, char** reason);
	158	struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason);
	159
	160	/**
	161	* Verify DNSKEYs with DS and DNSKEY rrset. Like val_verify_DNSKEY_with_DS
	162	* but for a trust anchor.
	163	* @param env: module environment (scratch buffer)
	164	* @param ve: validator environment (verification settings)
	165	* @param dnskey_rrset: DNSKEY rrset to verify
	166	* @param ta_ds: DS rrset to verify with.
	167	* @param ta_dnskey: DNSKEY rrset to verify with.
	168	* @param sigalg: if nonNULL provide downgrade protection otherwise one
	169	* algorithm is enough. The list of signalled algorithms is returned,
	170	* must have enough space for ALGO_NEEDS_MAX+1.
	171	* @param reason: reason of failure. Fixed string or alloced in scratch.
	172	* @return: sec_status_secure if a DS matches.
	173	* sec_status_insecure if end of trust (i.e., unknown algorithms).
	174	* sec_status_bogus if it fails.
	175	*/
	176	enum sec_status val_verify_DNSKEY_with_TA(struct module_env* env,
	177	struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset,
	178	struct ub_packed_rrset_key* ta_ds,
	179	struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason);
154	180
155	181	/**
156	182	* Verify new DNSKEYs with DS rrset. The DS contains hash values that should

162	188	* @param ve: validator environment (verification settings)
163	189	* @param dnskey_rrset: DNSKEY rrset to verify
164	190	* @param ds_rrset: DS rrset to verify with.
	191	* @param downprot: if true provide downgrade protection otherwise one
	192	* algorithm is enough.
165	193	* @param reason: reason of failure. Fixed string or alloced in scratch.
166	194	* @return a KeyEntry. This will either contain the now trusted
167	195	* dnskey_rrset, a "null" key entry indicating that this DS

171	199	* generally only occur in a private algorithm scenario: normally
172	200	* this sort of thing is checked before fetching the matching DNSKEY
173	201	* rrset.
	202	* if downprot is set, a key entry with an algo list is made.
174	203	*/
175	204	struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region,
176	205	struct module_env* env, struct val_env* ve,
177	206	struct ub_packed_rrset_key* dnskey_rrset,
178		struct ub_packed_rrset_key* ds_rrset, char** reason);
	207	struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason);
	208
	209
	210	/**
	211	* Verify rrset with trust anchor: DS and DNSKEY rrset.
	212	*
	213	* @param region: where to allocate key entry result.
	214	* @param env: module environment (scratch buffer)
	215	* @param ve: validator environment (verification settings)
	216	* @param dnskey_rrset: DNSKEY rrset to verify
	217	* @param ta_ds_rrset: DS rrset to verify with.
	218	* @param ta_dnskey_rrset: the DNSKEY rrset to verify with.
	219	* @param downprot: if true provide downgrade protection otherwise one
	220	* algorithm is enough.
	221	* @param reason: reason of failure. Fixed string or alloced in scratch.
	222	* @return a KeyEntry. This will either contain the now trusted
	223	* dnskey_rrset, a "null" key entry indicating that this DS
	224	* rrset/DNSKEY pair indicate an secure end to the island of trust
	225	* (i.e., unknown algorithms), or a "bad" KeyEntry if the dnskey
	226	* rrset fails to verify. Note that the "null" response should
	227	* generally only occur in a private algorithm scenario: normally
	228	* this sort of thing is checked before fetching the matching DNSKEY
	229	* rrset.
	230	* if downprot is set, a key entry with an algo list is made.
	231	*/
	232	struct key_entry_key* val_verify_new_DNSKEYs_with_ta(struct regional* region,
	233	struct module_env* env, struct val_env* ve,
	234	struct ub_packed_rrset_key* dnskey_rrset,
	235	struct ub_packed_rrset_key* ta_ds_rrset,
	236	struct ub_packed_rrset_key* ta_dnskey_rrset,
	237	int downprot, char** reason);
179	238
180	239	/**
181	240	* Determine if DS rrset is usable for validator or not.

332	391	* @param nmlen: length of name.
333	392	* @param c: class of DS RR.
334	393	* @param region: where to allocate result.
	394	* @param topname: name of the key that is currently in use, that will get
	395	* used to validate the result, and thus no higher entries from the
	396	* negative cache need to be examined.
335	397	* @return a dns_msg on success. NULL on failure.
336	398	*/
337	399	struct dns_msg* val_find_DS(struct module_env* env, uint8_t* nm, size_t nmlen,
338		uint16_t c, struct regional* region);
	400	uint16_t c, struct regional* region, uint8_t* topname);
339	401
340	402	#endif /* VALIDATOR_VAL_UTILS_H */

+40

-33

validator/validator.c less more

48	48	#include "validator/val_nsec.h"
49	49	#include "validator/val_nsec3.h"
50	50	#include "validator/val_neg.h"
	51	#include "validator/val_sigcrypt.h"
51	52	#include "validator/autotrust.h"
52	53	#include "services/cache/dns.h"
53	54	#include "util/data/dname.h"

694	695	if(val_nsec_proves_name_error(s, qchase->qname)) {
695	696	ce = nsec_closest_encloser(qchase->qname, s);
696	697	}
	698	if(val_nsec_proves_insecuredelegation(s, qchase)) {
	699	verbose(VERB_ALGO, "delegation is insecure");
	700	chase_reply->security = sec_status_insecure;
	701	return;
	702	}
697	703	} else if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) {
698	704	nsec3s_seen = 1;
699	705	}

772	778	if(val_nsec_proves_no_wc(s, qchase->qname,
773	779	qchase->qname_len))
774	780	has_valid_wnsec = 1;
	781	if(val_nsec_proves_insecuredelegation(s, qchase)) {
	782	verbose(VERB_ALGO, "delegation is insecure");
	783	chase_reply->security = sec_status_insecure;
	784	return;
	785	}
775	786	} else if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3)
776	787	nsec3s_seen = 1;
777	788	}

1115	1126	if(val_nsec_proves_no_wc(s, qchase->qname,
1116	1127	qchase->qname_len))
1117	1128	nxdomain_valid_wnsec = 1;
	1129	if(val_nsec_proves_insecuredelegation(s, qchase)) {
	1130	verbose(VERB_ALGO, "delegation is insecure");
	1131	chase_reply->security = sec_status_insecure;
	1132	return;
	1133	}
1118	1134	} else if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) {
1119	1135	nsec3s_seen = 1;
1120	1136	}

1487	1503	struct dns_msg* msg;
1488	1504	if(!qstate->blacklist && !vq->chain_blacklist &&
1489	1505	(msg=val_find_DS(qstate->env, target_key_name,
1490		target_key_len, vq->qchase.qclass, qstate->region)) ) {
	1506	target_key_len, vq->qchase.qclass, qstate->region,
	1507	vq->key_entry->name)) ) {
1491	1508	verbose(VERB_ALGO, "Process cached DS response");
1492	1509	process_ds_response(qstate, vq, id, LDNS_RCODE_NOERROR,
1493	1510	msg, &msg->qinfo, NULL);

2223	2240	struct key_entry_key* kkey = NULL;
2224	2241	enum sec_status sec = sec_status_unchecked;
2225	2242	char* reason = NULL;
	2243	int downprot = 1;
2226	2244
2227	2245	if(!dnskey_rrset) {
2228	2246	log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- "

2243	2261	return kkey;
2244	2262	}
2245	2263	/* attempt to verify with trust anchor DS and DNSKEY */
2246		if(ta->ds_rrset) {
2247		kkey = val_verify_new_DNSKEYs(qstate->region, qstate->env, ve,
2248		dnskey_rrset, ta->ds_rrset, &reason);
2249		if(!kkey) {
2250		log_err("out of memory: verifying prime DS");
2251		return NULL;
2252		}
2253		if(key_entry_isgood(kkey))
2254		sec = sec_status_secure;
2255		else
2256		sec = sec_status_bogus;
2257		verbose(VERB_DETAIL, "validate keys with anchor(DS): %s",
2258		sec_status_to_string(sec));
2259		}
2260		if(sec != sec_status_secure && ta->dnskey_rrset) {
2261		sec = val_verify_rrset(qstate->env, ve, dnskey_rrset,
2262		ta->dnskey_rrset, &reason);
2263		verbose(VERB_DETAIL, "validate keys with anchor(DNSKEY): %s",
2264		sec_status_to_string(sec));
2265		if(sec == sec_status_secure) {
2266		kkey = key_entry_create_rrset(qstate->region,
2267		ta->name, ta->namelen, ta->dclass,
2268		dnskey_rrset, *qstate->env->now);
2269		if(!kkey) {
2270		log_err("out of memory: allocate primed key");
2271		return NULL;
2272		}
2273		}
2274		}
	2264	kkey = val_verify_new_DNSKEYs_with_ta(qstate->region, qstate->env, ve,
	2265	dnskey_rrset, ta->ds_rrset, ta->dnskey_rrset, downprot,
	2266	&reason);
	2267	if(!kkey) {
	2268	log_err("out of memory: verifying prime TA");
	2269	return NULL;
	2270	}
	2271	if(key_entry_isgood(kkey))
	2272	sec = sec_status_secure;
	2273	else
	2274	sec = sec_status_bogus;
	2275	verbose(VERB_DETAIL, "validate keys with anchor(DS): %s",
	2276	sec_status_to_string(sec));
2275	2277
2276	2278	if(sec != sec_status_secure) {
2277	2279	log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- "

2373	2375	log_query_info(VERB_DETAIL, "validated DS", qinfo);
2374	2376	*ke = key_entry_create_rrset(qstate->region,
2375	2377	qinfo->qname, qinfo->qname_len, qinfo->qclass, ds,
2376		*qstate->env->now);
	2378	NULL, *qstate->env->now);
2377	2379	return (*ke) != NULL;
2378	2380	} else if(subtype == VAL_CLASS_NODATA \|\|
2379	2381	subtype == VAL_CLASS_NAMEERROR) {

2427	2429	msg->rep->rrsets + msg->rep->an_numrrsets,
2428	2430	msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason);
2429	2431	switch(sec) {
	2432	case sec_status_insecure:
	2433	/* case insecure also continues to unsigned
	2434	* space. If nsec3-iter-count too high or
	2435	* optout, then treat below as unsigned */
2430	2436	case sec_status_secure:
2431	2437	verbose(VERB_DETAIL, "NSEC3s for the "
2432	2438	"referral proved no DS.");

2445	2451	"referral did not prove no DS.");
2446	2452	errinf(qstate, reason);
2447	2453	goto return_bogus;
2448		case sec_status_insecure:
2449	2454	case sec_status_unchecked:
2450	2455	default:
2451	2456	/* NSEC3 proof did not work */

2610	2615	struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
2611	2616	struct key_entry_key* old = vq->key_entry;
2612	2617	struct ub_packed_rrset_key* dnskey = NULL;
	2618	int downprot;
2613	2619	char* reason = NULL;
2614	2620
2615	2621	if(rcode == LDNS_RCODE_NOERROR)

2645	2651	vq->state = VAL_VALIDATE_STATE;
2646	2652	return;
2647	2653	}
	2654	downprot = 1;
2648	2655	vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env,
2649		ve, dnskey, vq->ds_rrset, &reason);
	2656	ve, dnskey, vq->ds_rrset, downprot, &reason);
2650	2657
2651	2658	if(!vq->key_entry) {
2652	2659	log_err("out of memory in verify new DNSKEYs");

-1

winrc/README.txt less more

9	9	Unbound is a recursive DNS server. It does caching, full recursion, stub
10	10	recursion, DNSSEC validation, NSEC3, IPv6. More information can be found
11	11	at the http://unbound.net site. Unbound has been built and tested on
12		Windows XP and Windows Vista.
	12	Windows XP, Vista and 7.
13	13
14	14	At http://unbound.net/documentation is an install and configuration manual
15	15	for windows.

65	65	$ cd unbound-xxx
66	66	$ ./configure --enable-static-exe --with-ldns=../ldns-xxx
67	67	If you compiled openssl yourself, pass --with-ssl=../openssl-xxx too.
	68	If you compiled libexpat yourself, pass --with-libexpat=../expat-install too.
68	69	The configure options for libevent or threads are not applicable for
69	70	windows, because builtin alternatives for the windows platform are used.
70	71	$ make

+37

-0

winrc/rsrc_unbound_anchor.rc less more

	0	/*
	1	Unbound resource file for windows. For use with windres
	2	*/
	3	#include "winver.h"
	4	#include "config.h"
	5
	6	1 ICON "winrc/combined.ico"
	7
	8	1 VERSIONINFO
	9	FILEVERSION RSRC_PACKAGE_VERSION
	10	PRODUCTVERSION RSRC_PACKAGE_VERSION
	11	FILEFLAGSMASK 0
	12	FILEFLAGS 0
	13	FILEOS VOS__WINDOWS32
	14	FILETYPE VFT_APP
	15	FILESUBTYPE 0
	16	BEGIN
	17	BLOCK "StringFileInfo"
	18	BEGIN
	19	BLOCK "040904E4"
	20	BEGIN
	21	VALUE "CompanyName", "NLnet Labs"
	22	VALUE "FileDescription", "Unbound Anchor Utility"
	23	VALUE "FileVersion", PACKAGE_VERSION
	24	VALUE "InternalName", "unbound-anchor"
	25	VALUE "OriginalFilename", "unbound-anchor.exe"
	26	VALUE "ProductName", "unbound"
	27	VALUE "ProductVersion", PACKAGE_VERSION
	28	VALUE "LegalCopyright", "(C) 2010 NLnet Labs. Source is BSD licensed."
	29	END
	30	END
	31	BLOCK "VarFileInfo"
	32	BEGIN
	33	/* English(409), windows ANSI codepage (1252) */
	34	VALUE "Translation", 0x409, 0x1252
	35	END
	36	END

+35

-8

winrc/setup.nsi less more

69	69	# real work in postinstall
70	70	sectionEnd
71	71
72		section "DLV - dlv.isc.org" SectionDLV
	72	section "Root anchor - DNSSEC" SectionRootKey
	73	# add estimated size for key (Kb)
	74	AddSize 2
	75	sectionEnd
	76
	77	# the /o means it is not selected by default.
	78	section /o "DLV - dlv.isc.org" SectionDLV
73	79	# add estimated size for key (Kb)
74	80	AddSize 2
75	81	SetOutPath $INSTDIR

96	102	File "..\unbound-checkconf.exe"
97	103	File "..\unbound-control.exe"
98	104	File "..\unbound-host.exe"
	105	File "..\unbound-anchor.exe"
99	106	File "..\unbound-service-install.exe"
100	107	File "..\unbound-service-remove.exe"
101	108	File "..\anchor-update.exe"

103	110	File "service.conf"
104	111	File "..\doc\example.conf"
105	112
	113	# Store Root Key choice
	114	SectionGetFlags ${SectionRootKey} $R0
	115	IntOp $R0 $R0 & ${SF_SELECTED}
	116	${If} $R0 == ${SF_SELECTED}
	117	ClearErrors
	118	FileOpen $R1 "$INSTDIR\service.conf" a
	119	IfErrors done_rk
	120	FileSeek $R1 0 END
	121	FileWrite $R1 "$\nserver: auto-trust-anchor-file: $\"$INSTDIR\root.key$\"$\n"
	122	FileClose $R1
	123	done_rk:
	124	WriteRegStr HKLM "Software\Unbound" "RootAnchor" "$\"$INSTDIR\unbound-anchor.exe$\" -a $\"$INSTDIR\root.key$\" -c $\"$INSTDIR\icannbundle.pem$\""
	125	${Else}
	126	WriteRegStr HKLM "Software\Unbound" "RootAnchor" ""
	127	${EndIf}
	128
106	129	# Store DLV choice
107	130	SectionGetFlags ${SectionDLV} $R0
108	131	IntOp $R0 $R0 & ${SF_SELECTED}
109	132	${If} $R0 == ${SF_SELECTED}
110	133	ClearErrors
111	134	FileOpen $R1 "$INSTDIR\service.conf" a
112		IfErrors done
	135	IfErrors done_dlv
113	136	FileSeek $R1 0 END
114	137	FileWrite $R1 "$\nserver: dlv-anchor-file: $\"$INSTDIR\dlv.isc.org.key$\"$\n"
115	138	FileClose $R1
116		done:
	139	done_dlv:
117	140	WriteRegStr HKLM "Software\Unbound" "CronAction" "$\"$INSTDIR\anchor-update.exe$\" dlv.isc.org $\"$INSTDIR\dlv.isc.org.key$\""
118	141	${Else}
119		WriteRegStr HKLM "Software\Unbound" "CronAction" "$\"$INSTDIR\anchor-update.exe$\" "
	142	WriteRegStr HKLM "Software\Unbound" "CronAction" ""
120	143	${EndIf}
121	144
122	145	# store installation folder

150	173	sectionEnd
151	174
152	175	# set section descriptions
153		LangString DESC_unbound ${LANG_ENGLISH} "The base unbound DNS(SEC) validating caching resolver. $\r$\n$\r$\nIt can be found in the Services control panel, and a config file is in the Program Files folder."
154		LangString DESC_dlv ${LANG_ENGLISH} "Set up to use DLV with dlv.isc.org. Downloads the key with a leap of faith. $\r$\n$\r$\nThis provides public keys that are used for security verification."
	176	LangString DESC_unbound ${LANG_ENGLISH} "The base unbound DNS(SEC) validating caching resolver. $\r$\n$\r$\nStarted at boot from the Services control panel, logs to the Application Log, and the config file is its Program Files folder."
	177	LangString DESC_rootkey ${LANG_ENGLISH} "Set up to use the DNSSEC root trust anchor. It is automatically updated. $\r$\n$\r$\nThis provides the main key that is used for security verification."
	178	LangString DESC_dlv ${LANG_ENGLISH} "Set up to use DLV with dlv.isc.org. Downloads the key during install. $\r$\n$\r$\nIt fetches additional public keys that are used for security verification by querying the isc.org server with names encountered."
155	179
156	180	!insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
157	181	!insertmacro MUI_DESCRIPTION_TEXT ${SectionUnbound} $(DESC_unbound)
	182	!insertmacro MUI_DESCRIPTION_TEXT ${SectionRootKey} $(DESC_rootkey)
158	183	!insertmacro MUI_DESCRIPTION_TEXT ${SectionDLV} $(DESC_dlv)
159	184	!insertmacro MUI_FUNCTION_DESCRIPTION_END
160	185

179	204	Delete "$INSTDIR\unbound-checkconf.exe"
180	205	Delete "$INSTDIR\unbound-control.exe"
181	206	Delete "$INSTDIR\unbound-host.exe"
	207	Delete "$INSTDIR\unbound-anchor.exe"
182	208	Delete "$INSTDIR\unbound-service-install.exe"
183	209	Delete "$INSTDIR\unbound-service-remove.exe"
184	210	Delete "$INSTDIR\anchor-update.exe"

186	212	Delete "$INSTDIR\service.conf"
187	213	Delete "$INSTDIR\example.conf"
188	214	Delete "$INSTDIR\dlv.isc.org.key"
	215	Delete "$INSTDIR\root.key"
189	216	RMDir "$INSTDIR"
190	217
191	218	# start menu items

194	221	Delete "$SMPROGRAMS\$StartMenuFolder\unbound.net website.lnk"
195	222	RMDir "$SMPROGRAMS\$StartMenuFolder"
196	223
197		DeleteRegKey /ifempty HKLM "Software\Unbound"
198		sectionEnd
	224	DeleteRegKey HKLM "Software\Unbound"
	225	sectionEnd

+66

-3

winrc/win_svc.c less more

230	230	return result;
231	231	}
232	232
	233	/** wait for unbound-anchor process to finish */
	234	static void
	235	waitforubanchor(PROCESS_INFORMATION* pinfo)
	236	{
	237	/* we have 5 seconds scheduled for it, usually it will be very fast,
	238	* with only a UDP message or two (100 msec or so), but the https
	239	* connections could take some time */
	240	DWORD count = 7900;
	241	DWORD ret = WAIT_TIMEOUT;
	242	/* decrease timer every 1/10 second, we are still starting up */
	243	while(ret == WAIT_TIMEOUT) {
	244	ret = WaitForSingleObject(pinfo->hProcess, 100);
	245	if(count > 4000) count -= 100;
	246	else count--; /* go slow, it is taking long */
	247	if(count > 3000)
	248	report_status(SERVICE_START_PENDING, NO_ERROR, count);
	249	}
	250	verbose(VERB_ALGO, "unbound-anchor done");
	251	if(ret != WAIT_OBJECT_0) {
	252	return; /* did not end successfully */
	253	}
	254	if(!GetExitCodeProcess(pinfo->hProcess, &ret)) {
	255	log_err("GetExitCodeProcess failed");
	256	return;
	257	}
	258	verbose(VERB_ALGO, "unbound-anchor exit code is %d", (int)ret);
	259	if(ret != 0) {
	260	log_info("The root trust anchor has been updated.");
	261	}
	262	}
	263
	264
	265	/**
	266	* Perform root anchor update if so configured, by calling that process
	267	*/
	268	static void
	269	call_root_update(void)
	270	{
	271	char* rootanchor;
	272	rootanchor = lookup_reg_str("Software\\Unbound", "RootAnchor");
	273	if(rootanchor && strlen(rootanchor)>0) {
	274	STARTUPINFO sinfo;
	275	PROCESS_INFORMATION pinfo;
	276	memset(&pinfo, 0, sizeof(pinfo));
	277	memset(&sinfo, 0, sizeof(sinfo));
	278	sinfo.cb = sizeof(sinfo);
	279	verbose(VERB_ALGO, "rootanchor: %s", rootanchor);
	280	report_status(SERVICE_START_PENDING, NO_ERROR, 8000);
	281	if(!CreateProcess(NULL, rootanchor, NULL, NULL, 0,
	282	CREATE_NO_WINDOW, NULL, NULL, &sinfo, &pinfo))
	283	log_err("CreateProcess error for unbound-anchor.exe");
	284	else {
	285	waitforubanchor(&pinfo);
	286	CloseHandle(pinfo.hProcess);
	287	CloseHandle(pinfo.hThread);
	288	}
	289	}
	290	free(rootanchor);
	291	}
	292
233	293	/**
234	294	* Init service. Keeps calling status pending to tell service control
235	295	* manager that this process is not hanging.

341	401
342	402	service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
343	403	service_status.dwServiceSpecificExitCode = 0;
	404
	405	/* see if we have root anchor update enabled */
	406	call_root_update();
344	407
345	408	/* we are now starting up */
346	409	report_status(SERVICE_START_PENDING, NO_ERROR, 3000);

467	530	char* cronaction;
468	531	log_thread_set(&mynum);
469	532	cronaction = lookup_reg_str("Software\\Unbound", "CronAction");
470		if(cronaction) {
	533	if(cronaction && strlen(cronaction)>0) {
471	534	STARTUPINFO sinfo;
472	535	PROCESS_INFORMATION pinfo;
473	536	memset(&pinfo, 0, sizeof(pinfo));

482	545	CloseHandle(pinfo.hProcess);
483	546	CloseHandle(pinfo.hThread);
484	547	}
485		free(cronaction);
486		}
	548	}
	549	free(cronaction);
487	550	/* stop self */
488	551	CloseHandle(cron_thread);
489	552	cron_thread = NULL;