Codebase list unbound / upstream/1.15.0
New upstream version 1.15.0 Michael Tokarev 2 years ago
309 changed file(s) with 30747 addition(s) and 12140 deletion(s). Raw diff Collapse all Expand all
+0
-1
.gitattributes less more
0 testdata/*.[0-9] linguist-documentation
+0
-2
.github/FUNDING.yml less more
0 github: [NLnetLabs]
1 custom: ['https://nlnetlabs.nl/funding/']
+0
-58
.gitignore less more
0 *.lo
1 *.o
2 /.libs/
3 /.source
4 /Makefile
5 /autom4te.cache/
6 /config.h
7 /config.h.in~
8 /config.log
9 /config.status
10 /dnstap/dnstap_config.h
11 /dnscrypt/dnscrypt_config.h
12 /doc/example.conf
13 /doc/libunbound.3
14 /doc/unbound-anchor.8
15 /doc/unbound-checkconf.8
16 /doc/unbound-control.8
17 /doc/unbound-host.1
18 /doc/unbound.8
19 /doc/unbound.conf.5
20 /libtool
21 /libunbound.la
22 /_unbound.la
23 /smallapp/unbound-control-setup.sh
24 /unbound
25 /unbound-anchor
26 /unbound-checkconf
27 /unbound-control
28 /unbound-control-setup
29 /unbound-host
30 /unbound.h
31 /asynclook
32 /delayer
33 /dohclient
34 /lock-verify
35 /memstats
36 /perf
37 /petal
38 /pktview
39 /streamtcp
40 /unbound-dnstap-socket
41 /testbound
42 /unittest
43 /contrib/libunbound.pc
44 /contrib/unbound.service
45 /contrib/unbound.socket
46 /contrib/unbound_portable.service
47 /dnstap/dnstap.pb-c.c
48 /dnstap/dnstap.pb-c.h
49 /libunbound/python/libunbound_wrap.c
50 /libunbound/python/unbound.py
51 /pythonmod/interface.h
52 /pythonmod/unboundmodule.py
53 /testdata/result.*
54 /testdata/.done-*
55 /testdata/.perfstats.txt
56 /doc/html
57 /doc/xml
+0
-344
.travis.yml less more
0 language: c
1
2 git:
3 depth: 5
4
5 addons:
6 apt:
7 packages:
8 - libssl-dev
9 - libevent-dev
10 - libexpat-dev
11 - clang
12 homebrew:
13 packages:
14 - openssl
15 - libevent
16 - expat
17 update: true
18
19 jobs:
20 include:
21 - os: linux
22 name: GCC on Linux, Amd64
23 compiler: gcc
24 arch: amd64
25 env:
26 - CONFIG_OPTS="--enable-debug --disable-flto"
27 - os: linux
28 name: Clang on Linux, Amd64
29 compiler: clang
30 arch: amd64
31 env:
32 - CONFIG_OPTS="--enable-debug --disable-flto"
33 - os: osx
34 name: Clang on OS X, Amd64
35 compiler: clang
36 arch: amd64
37 env:
38 - TEST_OSX=yes
39 - CONFIG_OPTS="--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl/"
40 - os: linux
41 name: Libevent, GCC on Linux, Amd64
42 compiler: gcc
43 arch: amd64
44 env:
45 - TEST_LIBEVENT=yes
46 - CONFIG_OPTS="--with-libevent"
47 - os: linux
48 name: Libevent, Clang on Linux, Amd64
49 compiler: clang
50 arch: amd64
51 env:
52 - TEST_LIBEVENT=yes
53 - CONFIG_OPTS="--with-libevent"
54 - os: osx
55 name: Libevent, Clang on OS X, Amd64
56 compiler: clang
57 arch: amd64
58 env:
59 - TEST_OSX=yes
60 - TEST_LIBEVENT=yes
61 - CONFIG_OPTS="--with-ssl=/usr/local/opt/openssl/ --with-libevent=/usr/local/opt/libevent/"
62 - os: linux
63 name: UBsan, GCC on Linux, Amd64
64 compiler: gcc
65 arch: amd64
66 dist: bionic
67 env:
68 - TEST_UBSAN=yes
69 - os: linux
70 name: UBsan, Clang on Linux, Amd64
71 compiler: clang
72 arch: amd64
73 dist: bionic
74 env:
75 - TEST_UBSAN=yes
76 - os: linux
77 name: Asan, GCC on Linux, Amd64
78 compiler: gcc
79 arch: amd64
80 dist: bionic
81 env:
82 - TEST_ASAN=yes
83 - os: linux
84 name: Asan, Clang on Linux, Amd64
85 compiler: clang
86 arch: amd64
87 dist: bionic
88 env:
89 - TEST_ASAN=yes
90 - os: linux
91 name: GCC on Linux, Aarch64
92 compiler: gcc
93 arch: arm64
94 dist: bionic
95 env:
96 - CONFIG_OPTS="--enable-debug --disable-flto"
97 - os: linux
98 name: Clang on Linux, Aarch64
99 compiler: clang
100 arch: arm64
101 dist: bionic
102 env:
103 - CONFIG_OPTS="--enable-debug --disable-flto"
104 - os: linux
105 name: GCC on Linux, PowerPC64
106 compiler: gcc
107 arch: ppc64le
108 dist: bionic
109 env:
110 - CONFIG_OPTS="--enable-debug --disable-flto"
111 - os: linux
112 name: Clang on Linux, PowerPC64
113 compiler: clang
114 arch: ppc64le
115 dist: bionic
116 env:
117 - CONFIG_OPTS="--enable-debug --disable-flto"
118 - os: linux
119 name: GCC on Linux, s390x
120 compiler: gcc
121 arch: s390x
122 dist: bionic
123 env:
124 - CONFIG_OPTS="--enable-debug --disable-flto"
125 - os: linux
126 name: Clang on Linux, s390x
127 compiler: clang
128 arch: s390x
129 dist: bionic
130 env:
131 - CONFIG_OPTS="--enable-debug --disable-flto"
132 - os: osx
133 osx_image: xcode10
134 name: Apple iPhone on iOS, armv7
135 compiler: clang
136 env:
137 - TEST_IOS=yes
138 - AUTOTOOLS_HOST=armv7-apple-ios
139 - OPENSSL_HOST=ios-cross
140 - IOS_SDK=iPhoneOS
141 - IOS_CPU=armv7s
142 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
143 - os: osx
144 osx_image: xcode10
145 name: Apple iPhone on iOS, arm64
146 compiler: clang
147 env:
148 - TEST_IOS=yes
149 - AUTOTOOLS_HOST=aarch64-apple-ios
150 - OPENSSL_HOST=ios64-cross
151 - IOS_SDK=iPhoneOS
152 - IOS_CPU=arm64
153 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
154 - os: osx
155 osx_image: xcode10
156 name: Apple TV on iOS, arm64
157 compiler: clang
158 env:
159 - TEST_IOS=yes
160 - AUTOTOOLS_HOST=aarch64-apple-ios
161 - OPENSSL_HOST=ios64-cross
162 - IOS_SDK=AppleTVOS
163 - IOS_CPU=arm64
164 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
165 - os: osx
166 osx_image: xcode10
167 name: Apple Watch on iOS, armv7
168 compiler: clang
169 env:
170 - TEST_IOS=yes
171 - AUTOTOOLS_HOST=armv7-apple-ios
172 - OPENSSL_HOST=ios-cross
173 - IOS_SDK=WatchOS
174 - IOS_CPU=armv7k
175 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
176 - os: osx
177 osx_image: xcode10
178 name: iPhoneSimulator on OS X, i386
179 env:
180 - TEST_IOS=yes
181 - AUTOTOOLS_HOST=i386-apple-ios
182 - OPENSSL_HOST=iphoneos-cross
183 - IOS_CPU=i386
184 - IOS_SDK=iPhoneSimulator
185 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
186 - os: osx
187 osx_image: xcode10
188 name: iPhoneSimulator on OS X, x86_64
189 env:
190 - TEST_IOS=yes
191 - AUTOTOOLS_HOST=x86_64-apple-ios
192 - OPENSSL_HOST=iphoneos-cross
193 - IOS_CPU=x86_64
194 - IOS_SDK=iPhoneSimulator
195 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
196 - os: osx
197 osx_image: xcode10
198 name: AppleTVSimulator on OS X, x86_64
199 env:
200 - TEST_IOS=yes
201 - AUTOTOOLS_HOST=x86_64-apple-ios
202 - OPENSSL_HOST=iphoneos-cross
203 - IOS_CPU=x86_64
204 - IOS_SDK=AppleTVSimulator
205 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
206 - os: osx
207 osx_image: xcode10
208 name: WatchSimulator on OS X, i386
209 env:
210 - TEST_IOS=yes
211 - AUTOTOOLS_HOST=i386-apple-ios
212 - OPENSSL_HOST=iphoneos-cross
213 - IOS_CPU=i386
214 - IOS_SDK=WatchSimulator
215 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
216 - os: linux
217 name: Android armv7a, Linux, Amd64
218 compiler: clang
219 arch: amd64
220 dist: bionic
221 env:
222 - TEST_ANDROID=yes
223 - AUTOTOOLS_HOST=armv7a-linux-androideabi
224 - OPENSSL_HOST=android-arm
225 - ANDROID_CPU=armv7a
226 - ANDROID_API=23
227 - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU"
228 - ANDROID_SDK_ROOT="$HOME/android-sdk"
229 - ANDROID_NDK_ROOT="$HOME/android-ndk"
230 - os: linux
231 name: Android aarch64, Linux, Amd64
232 compiler: clang
233 arch: amd64
234 dist: bionic
235 env:
236 - TEST_ANDROID=yes
237 - AUTOTOOLS_HOST=aarch64-linux-android
238 - OPENSSL_HOST=android-arm64
239 - ANDROID_CPU=aarch64
240 - ANDROID_API=23
241 - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU"
242 - ANDROID_SDK_ROOT="$HOME/android-sdk"
243 - ANDROID_NDK_ROOT="$HOME/android-ndk"
244 - os: linux
245 name: Android x86, Linux, Amd64
246 compiler: clang
247 arch: amd64
248 dist: bionic
249 env:
250 - TEST_ANDROID=yes
251 - AUTOTOOLS_HOST=i686-linux-android
252 - OPENSSL_HOST=android-x86
253 - ANDROID_CPU=x86
254 - ANDROID_API=23
255 - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU"
256 - ANDROID_SDK_ROOT="$HOME/android-sdk"
257 - ANDROID_NDK_ROOT="$HOME/android-ndk"
258 - os: linux
259 name: Android x86_64, Linux, Amd64
260 compiler: clang
261 arch: amd64
262 dist: bionic
263 env:
264 - TEST_ANDROID=yes
265 - AUTOTOOLS_HOST=x86_64-linux-android
266 - OPENSSL_HOST=android-x86_64
267 - ANDROID_CPU=x86_64
268 - ANDROID_API=23
269 - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU"
270 - ANDROID_SDK_ROOT="$HOME/android-sdk"
271 - ANDROID_NDK_ROOT="$HOME/android-ndk"
272
273 allow_failures:
274 - os: linux
275 name: Android armv7a, Linux, Amd64
276 - os: linux
277 name: Android aarch64, Linux, Amd64
278 - os: linux
279 name: Android x86, Linux, Amd64
280 - os: linux
281 name: Android x86_64, Linux, Amd64
282
283 before_script:
284 - |
285 if [ "$TEST_ANDROID" = "yes" ]; then
286 ./contrib/android/install_tools.sh
287 elif [ "$TEST_IOS" = "yes" ]; then
288 ./contrib/ios/install_tools.sh
289 fi
290
291 # The Travis docs say to avoid calling exit in the script. It leads to
292 # some code duplication to avoid failures in cross-compiles. Also see
293 # https://docs.travis-ci.com/user/job-lifecycle/ in the Travis docs.
294 script:
295 - |
296 if [ "$TEST_UBSAN" = "yes" ]; then
297 export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover"
298 ./configure
299 make -j 2
300 make test
301 elif [ "$TEST_ASAN" = "yes" ]; then
302 export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address"
303 ./configure
304 make -j 2
305 make test
306 elif [ "$TEST_IOS" = "yes" ]; then
307 export AUTOTOOLS_BUILD="$(./config.guess)"
308 export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig"
309 source ./contrib/ios/setenv_ios.sh
310 ./contrib/ios/install_openssl.sh
311 ./contrib/ios/install_expat.sh
312 ./configure \
313 --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \
314 --prefix="$IOS_PREFIX" \
315 --with-ssl="$IOS_PREFIX" --disable-gost \
316 --with-libexpat="$IOS_PREFIX";
317 make -j 2
318 make install
319 elif [ "$TEST_ANDROID" = "yes" ]; then
320 export AUTOTOOLS_BUILD="$(./config.guess)"
321 export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig"
322 ./contrib/android/install_ndk.sh
323 source ./contrib/android/setenv_android.sh
324 ./contrib/android/install_openssl.sh
325 ./contrib/android/install_expat.sh
326 ./configure \
327 --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \
328 --prefix="$ANDROID_PREFIX" \
329 --with-ssl="$ANDROID_PREFIX" --disable-gost \
330 --with-libexpat="$ANDROID_PREFIX";
331 make -j 2
332 make install
333 elif [ "$TEST_OSX" = "yes" ]; then
334 ./configure --enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl/
335 make -j 2
336 make test
337 (cd testdata/clang-analysis.tdir; bash clang-analysis.test)
338 else
339 ./configure ${CONFIG_OPTS}
340 make -j 2
341 make test
342 (cd testdata/clang-analysis.tdir; bash clang-analysis.test)
343 fi
+225
-287
Makefile.in less more
6060 CFLAGS=-DSRCDIR=$(srcdir) @CFLAGS@
6161 LDFLAGS=@LDFLAGS@
6262 LIBS=@LIBS@
63 PYTHON_LIBS=@PYTHON_LIBS@
6364 LIBOBJS=@LIBOBJS@
6465 # filter out ctime_r from compat obj.
6566 LIBOBJ_WITHOUT_CTIME=@LIBOBJ_WITHOUT_CTIME@
8485 LINTFLAGS+="-Dsigset_t=long"
8586 # FreeBSD
8687 LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" "-D__uint32_t=uint32_t" "-D_Alignof(x)=x" "-D__aligned(x)=" "-D__requires_exclusive(x)=" "-D__requires_unlocked(x)=" "-D__locks_exclusive(x)=" "-D__trylocks_exclusive(x)=" "-D__unlocks(x)=" "-D__locks_shared(x)=" "-D__trylocks_shared(x)="
88 # GCC Docker
89 LINTFLAGS+=@GCC_DOCKER_LINTFLAGS@
8790
8891 INSTALL=$(SHELL) $(srcdir)/install-sh
8992
109112 IPSECMOD_SRC=ipsecmod/ipsecmod.c ipsecmod/ipsecmod-whitelist.c
110113 IPSECMOD_OBJ=@IPSECMOD_OBJ@
111114 IPSECMOD_HEADER=@IPSECMOD_HEADER@
115 CACHEDB_SRC=@CACHEDB_SRC@
116 CACHEDB_OBJ=@CACHEDB_OBJ@
112117 COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \
113118 util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \
114119 util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \
132137 validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \
133138 edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
134139 edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
135 cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \
140 $(CACHEDB_SRC) respip/respip.c $(CHECKLOCK_SRC) \
136141 $(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC)
137142 COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
138143 as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
144149 slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \
145150 autotrust.lo val_anchor.lo rpz.lo \
146151 validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
147 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \
152 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \
148153 $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
149154 $(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo
150155 COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
172177 testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
173178 testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
174179 testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \
175 testcode/unitecs.c testcode/unitauth.c
180 testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c \
181 testcode/unittcpreuse.c
176182 UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \
177183 unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \
178 readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo
184 readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo \
185 unittcpreuse.lo
179186 UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \
180187 $(COMPAT_OBJ)
181188 DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \
241248 DELAYER_OBJ=delayer.lo
242249 DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
243250 $(SLDNS_OBJ)
251 READZONE_SRC=testcode/readzone.c
252 READZONE_OBJ=readzone.lo
253 READZONE_OBJ_LINK=$(READZONE_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ)
244254 IPSET_SRC=@IPSET_SRC@
245255 IPSET_OBJ=@IPSET_OBJ@
246256 DNSTAP_SOCKET_SRC=dnstap/unbound-dnstap-socket.c
277287 $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\
278288 $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \
279289 $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \
280 $(DOHCLIENT_SRC)
290 $(DOHCLIENT_SRC) $(READZONE_SRC)
281291
282292 ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \
283293 $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \
286296 $(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) $(DNSTAP_SOCKET_OBJ)\
287297 $(COMPAT_OBJ) $(PYUNBOUND_OBJ) \
288298 $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) \
289 $(DOHCLIENT_OBJ)
299 $(DOHCLIENT_OBJ) $(READZONE_OBJ)
290300
291301 COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@
292302 LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS)
324334 lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \
325335 petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \
326336 $(DNSTAP_SOCKET_TESTBIN) dohclient$(EXEEXT) \
327 testbound$(EXEEXT) unittest$(EXEEXT)
337 testbound$(EXEEXT) unittest$(EXEEXT) readzone$(EXEEXT)
328338 tests: all $(TEST_BIN)
329339
330340 check: test
355365 $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS)
356366
357367 unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la
358 $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS)
368 $(LINK) -o $@ $(HOST_OBJ_LINK) libunbound.la $(SSLLIB) $(LIBS)
359369
360370 unbound-anchor$(EXEEXT): $(UBANCHOR_OBJ_LINK) libunbound.la
361 $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) -L. -L.libs -lunbound -lexpat $(SSLLIB) $(LIBS)
371 $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) libunbound.la -lexpat $(SSLLIB) $(LIBS)
362372
363373 unbound-service-install$(EXEEXT): $(SVCINST_OBJ_LINK)
364374 $(LINK) -o $@ $(SVCINST_OBJ_LINK) $(LIBS)
367377 $(LINK) -o $@ $(SVCUNINST_OBJ_LINK) $(LIBS)
368378
369379 anchor-update$(EXEEXT): $(ANCHORUPD_OBJ_LINK) libunbound.la
370 $(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) -L. -L.libs -lunbound $(LIBS)
380 $(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) libunbound.la $(LIBS)
371381
372382 unittest$(EXEEXT): $(UNITTEST_OBJ_LINK)
373383 $(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS)
388398 $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS)
389399
390400 asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la
391 $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS)
401 $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) libunbound.la $(SSLLIB) $(LIBS)
392402
393403 streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK)
394404 $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS)
401411
402412 delayer$(EXEEXT): $(DELAYER_OBJ_LINK)
403413 $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS)
414
415 readzone$(EXEEXT): $(READZONE_OBJ_LINK)
416 $(LINK) -o $@ $(READZONE_OBJ_LINK) $(SSLLIB) $(LIBS)
404417
405418 signit$(EXEEXT): testcode/signit.c
406419 $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS)
430443 dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h
431444 unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h $(srcdir)/dnstap/dtstream.h
432445 dynlibmod.lo dynlibdmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h
446 cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h
447 redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h
433448
434449 # dnscrypt
435450 dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \
463478
464479 # Pyunbound python unbound wrapper
465480 _unbound.la: libunbound_wrap.lo libunbound.la
466 $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) -L. -L.libs -lunbound
481 $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) -L. -L.libs libunbound.la $(PYTHON_LIBS)
467482
468483 util/config_file.c: util/configparser.h
469484 util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h
696711 rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \
697712 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \
698713 $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
699 $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h
714 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h \
715 $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h
700716 as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h
701717 dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \
702718 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \
785801 $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \
786802 $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
787803 $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
788 $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
804 $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outside_network.h \
805 $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
789806 $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
790807 $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
791808 $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
832849 $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
833850 $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
834851 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
835 $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
836 $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \
837 $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \
838 $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
839 $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h
852 $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
840853 view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \
841854 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
842855 $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
867880 $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
868881 $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
869882 $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
870 $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \
871
883 $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h
872884 alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
873885 $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
874886 $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
889901 $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
890902 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
891903 $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \
892 $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \
893 $(srcdir)/util/iana_ports.inc
904 $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc
894905 configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
895906 $(srcdir)/util/config_file.h util/configparser.h
896907 configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
919930 $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
920931 $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \
921932 $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
922 $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \
923 $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h
933 $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \
934 $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_sigcrypt.h \
935 $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h
924936 fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
925937 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
926938 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
929941 $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
930942 $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
931943 $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
932 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \
944 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
933945 $(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \
934946 $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
935947 $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
937949 $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
938950 $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
939951 $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \
940 $(srcdir)/libunbound/worker.h $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) \
941 $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \
942 $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
943 $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h
952 $(srcdir)/libunbound/worker.h
944953 locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
945954 log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
946 mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h
955 mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
956 $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
957 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
958 $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
959 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
960 $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
961 $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
962 $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
963 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
947964 module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
948965 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
949966 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
956973 $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
957974 $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
958975 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
959 $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h \
960
976 $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h
961977 net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
962978 $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
963979 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
964980 $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
965 $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
966
981 $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
967982 random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h
968983 rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
969984 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
10171032 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h
10181033 ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
10191034 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1020 $(srcdir)/util/tube.h \
1021
1035 $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
10221036 ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \
10231037 $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
10241038 $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
10281042 $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
10291043 $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
10301044 $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
1031 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
1032
1045 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
10331046 winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h
10341047 autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \
10351048 $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
10421055 $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
10431056 $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
10441057 $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
1045 $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \
1046
1058 $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h
10471059 val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \
10481060 $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
10491061 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \
10731085 val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \
10741086 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
10751087 $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
1076 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
1077
1078 val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \
1079 $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
1080 $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
1081 $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \
1082 $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
1088 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h
1089 val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \
1090 $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \
1091 $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \
1092 $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
10831093 $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
10841094 $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
10851095 val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \
10971107 val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \
10981108 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \
10991109 $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
1100 $(srcdir)/sldns/sbuffer.h \
1101
1110 $(srcdir)/sldns/sbuffer.h
11021111 val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
11031112 $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
11041113 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \
11051114 $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
11061115 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
11071116 $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
1108 $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \
1109 $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
1110
1117 $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \
1118 $(srcdir)/sldns/wire2str.h
11111119 val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
11121120 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
11131121 $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
11281136 $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
11291137 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
11301138 $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
1131 edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \
1132 $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
1133 subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \
1134 $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
1135 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
1136 $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
1137 $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
1138 $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
1139 $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
1140 $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1141 $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
1142 $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
1143 $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
1144 $(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \
1145 $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h
1139 edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h
1140 subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h
11461141 addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \
11471142 $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
11481143 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
11491144 $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h
1150 subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \
1151 $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
1152 $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
1153 $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \
1154 $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
1155 cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \
1156 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
1157 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
1158 $(srcdir)/sldns/rrdef.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
1159 $(srcdir)/util/config_file.h $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h \
1160 $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h \
1161 $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \
1162 $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h
1163 redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \
1164 $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
1165 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
1166 $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \
1167 $(srcdir)/sldns/sbuffer.h
1145 subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h
11681146 respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
11691147 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
11701148 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
11771155 $(srcdir)/util/regional.h
11781156 checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
11791157 $(srcdir)/testcode/checklocks.h
1180 dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \
1181 $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
1182 $(srcdir)/dnscrypt/dnscrypt.h \
1183 $(srcdir)/dnstap/dnstap.h \
1184 $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h dnstap/dnstap.pb-c.h
1185 dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \
1186
1187 dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \
1188 $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
1189 dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \
1190 $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \
1191 $(srcdir)/util/net_help.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
1192 $(srcdir)/dnscrypt/dnscrypt.h \
1193 $(srcdir)/sldns/sbuffer.h \
1194
1195 ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \
1196 $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
1197 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
1198 $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \
1199 $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
1200 $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \
1201 $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
1202 $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
1203 $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
1204 $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h
1205 ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \
1206 $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
1207 $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
1208 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \
1209 $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \
1210 $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
1211 ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \
1212 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
1213 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
1214 $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
1215 $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h
1158 ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h
1159 ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h
12161160 unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
12171161 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
12181162 $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h
12211165 $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
12221166 unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \
12231167 $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
1224 unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
1225 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
1168 unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
12261169 $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
12271170 $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \
12281171 $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
12631206 unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
12641207 $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
12651208 $(srcdir)/sldns/parseutil.h
1266 unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
1267 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \
1268 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
1269 $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \
1270 $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
1271 $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
1272 $(srcdir)/edns-subnet/edns-subnet.h
1209 unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h
12731210 unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \
12741211 $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
12751212 $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \
12801217 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h \
12811218 $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \
12821219 $(srcdir)/sldns/wire2str.h
1220 unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/util/log.h \
1221 $(srcdir)/testcode/unitmain.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/authzone.h \
1222 $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
1223 $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \
1224 $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
1225 $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
1226 $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
1227 $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
1228 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \
1229 $(srcdir)/validator/val_anchor.h
1230 unittcpreuse.lo unittcpreuse.o: $(srcdir)/testcode/unittcpreuse.c config.h $(srcdir)/services/outside_network.h \
1231 $(srcdir)/util/random.h
12831232 acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
12841233 $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
12851234 $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
12861235 $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
12871236 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
12881237 $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
1289 cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
1290 $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
1238 cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \
1239 $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
1240 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
1241 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1242 $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
1243 $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
1244 $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
1245 $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
1246 $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
1247 $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \
1248 $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
1249 $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
1250 $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
1251 daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
1252 $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
1253 $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
12911254 $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
1292 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1293 $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
1255 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
12941256 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
12951257 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
1296 $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
1297 $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
1298 $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
1299 $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
1300 $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
1301 $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \
1302 $(srcdir)/sldns/str2wire.h
1303 daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
1304 $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
1305 $(srcdir)/daemon/worker.h \
1258 $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
1259 $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
1260 $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
1261 $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
1262 $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \
1263 $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \
1264 $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h
1265 remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \
13061266 $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
1307 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1267 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
1268 $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \
13081269 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
13091270 $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
1310 $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
1311 $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
1312 $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
1313 $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
1314 $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
1315 $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
1316 $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
1317 $(srcdir)/sldns/keyraw.h
1318 remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
1319 $(srcdir)/daemon/remote.h \
1320 $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
1321 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
1322 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1323 $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
1324 $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
1325 $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
1271 $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
13261272 $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \
13271273 $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
13281274 $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
13471293 $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
13481294 $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
13491295 $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
1350 $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \
1351 $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
1352
1296 $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
13531297 unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
13541298 $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
1355 $(srcdir)/daemon/remote.h \
1356 $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
1357 $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1358 $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \
1359 $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \
1360 $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
1361 $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
1362 $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
1363 $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
1364 $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
1299 $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \
1300 $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \
1301 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
1302 $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
1303 $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \
1304 $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
1305 $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
1306 $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
1307 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
1308 $(srcdir)/util/ub_event.h
13651309 worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
13661310 $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
13671311 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
13691313 $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
13701314 $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
13711315 $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
1372 $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
1373 $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
1374 $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
1375 $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
1376 $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
1377 $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
1378 $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \
1379 $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
1380 $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
1381 $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
1382 $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
1383 $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
1316 $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
1317 $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
1318 $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
1319 $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
1320 $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
1321 $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
1322 $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
1323 $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
1324 $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
1325 $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
1326 $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
1327 $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
13841328 testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
13851329 $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
13861330 $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \
1387 $(srcdir)/daemon/remote.h \
1388 $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \
1389 $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
1390 $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
1391 $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
1392 $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
1393 $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
1331 $(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
1332 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
1333 $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \
1334 $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
1335 $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
1336 $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
1337 $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
13941338 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
13951339 $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
1396 $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
1397 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
1340 $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
1341 $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
13981342 testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
13991343 $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \
14001344 $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
14051349 $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
14061350 $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
14071351 $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
1408 $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
1409 $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
1410 $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
1411 $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
1412 $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
1413 $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
1414 $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \
1415 $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
1416 $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
1417 $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
1418 $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
1419 $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
1352 $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
1353 $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
1354 $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
1355 $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
1356 $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
1357 $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
1358 $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
1359 $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
1360 $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
1361 $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
1362 $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
1363 $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
14201364 acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
14211365 $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
14221366 $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
14231367 $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
14241368 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
14251369 $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
1426 daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
1427 $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
1428 $(srcdir)/daemon/worker.h \
1429 $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
1430 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1431 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
1432 $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
1433 $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
1434 $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
1435 $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
1436 $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
1437 $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
1438 $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
1439 $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
1440 $(srcdir)/sldns/keyraw.h
1370 daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
1371 $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
1372 $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
1373 $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
1374 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
1375 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
1376 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
1377 $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
1378 $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
1379 $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
1380 $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
1381 $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \
1382 $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \
1383 $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h
14411384 stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
14421385 $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
14431386 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
14511394 $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
14521395 $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
14531396 $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
1454 $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \
1455 $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
1456
1397 $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
14571398 replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
14581399 $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
14591400 $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \
14701411 $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
14711412 $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
14721413 $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
1473 $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
1414 $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/daemon/remote.h
14741415 lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
14751416 $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
14761417 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
15051446 $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
15061447 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
15071448 $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
1508 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
1509 $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h
1449 $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h
15101450 worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
15111451 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
15121452 $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
15401480 $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
15411481 $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
15421482 $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h
1543 libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
1544 $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
1545 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
1546 $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
1547 $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \
1548 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1549 $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \
1550 $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
1551 $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
1552 $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
1553 $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \
1554 $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \
1555 $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/storage/lookup3.h \
1556 $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \
1557 $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h
1483 libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \
1484 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
1485 $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
1486 $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \
1487 $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \
1488 $(srcdir)/dnscrypt/dnscrypt.h \
1489 $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
1490 $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
1491 $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
1492 $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \
1493 $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \
1494 $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
1495 $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
1496 $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
1497 $(srcdir)/sldns/str2wire.h
15581498 unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
1559 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
1560
1499 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
15611500 asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
15621501 $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
15631502 $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
1564 $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \
1565
1503 $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
15661504 streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
15671505 $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
15681506 $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
15691507 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \
1570 $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
1571
1508 $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
15721509 perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
15731510 $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
15741511 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
15751512 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
15761513 delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
15771514 $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
1578 unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
1579 $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
1580 $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \
1581 $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h \
1582 $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
1583 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
1584 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
1585 $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1586 $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h
1515 unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \
1516 $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \
1517 $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \
1518 $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
1519 $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
1520 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
1521 $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
1522 $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1523 $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h \
1524 $(srcdir)/services/listen_dnsport.h
15871525 unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
1588 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
1589
1590 petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
1591
1526 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h
1527 petal.lo petal.o: $(srcdir)/testcode/petal.c config.h
15921528 unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \
15931529 $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \
15941530 $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \
15951531 $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1596 $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
1597 dnstap/dnstap.pb-c.h \
1598 $(srcdir)/util/config_file.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
1599 pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \
1600 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
1601 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
1602 $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
1603 $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \
1604 $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
1605 $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \
1606
1532 $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/config_file.h \
1533 $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h \
1534 $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
1535 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
1536 $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
1537 $(srcdir)/daemon/remote.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
1538 $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
1539 $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
1540 $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \
1541 $(srcdir)/libunbound/unbound-event.h
1542 pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h \
1543 $(srcdir)/pythonmod/pythonmod_utils.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
1544 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
1545 $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h \
1546 $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/net_help.h \
1547 $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
1548 $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h
16071549 win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
16081550 $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
16091551 $(srcdir)/daemon/worker.h \
16111553 $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
16121554 $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
16131555 $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
1614 $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
1615 $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h
1556 $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \
1557 $(srcdir)/util/net_help.h
16161558 w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
16171559 unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
16181560 $(srcdir)/winrc/w_inst.h
16201562 $(srcdir)/winrc/w_inst.h
16211563 anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \
16221564 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h
1623 keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \
1624 $(srcdir)/sldns/rrdef.h \
1625
1565 keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h
16261566 sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h
16271567 wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
16281568 $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \
1629 $(srcdir)/sldns/keyraw.h \
1630 $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
1569 $(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
1570 $(srcdir)/util/log.h
16311571 parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \
16321572 $(srcdir)/sldns/sbuffer.h
16331573 parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h
16381578 $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
16391579 $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
16401580 $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
1641 $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h \
1642
1581 $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h
1582 readzone.lo readzone.o: $(srcdir)/testcode/readzone.c
16431583 ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
16441584 fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h
16451585 gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h
16541594 strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
16551595 strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
16561596 getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c
1657 getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \
1658
1597 getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
16591598 getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c
1660 getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \
1661
1599 getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
16621600 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
16631601 explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
16641602 arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
+1
-1
README-Travis.md less more
240240
241241 The fourth step builds OpenSSL and Expat. OpenSSL and Expat are built for iOS using the scripts `contrib/ios/install_openssl.sh` and `contrib/ios/install_expat.sh`. The scripts download, configure and install the latest release version of the libraries. The libraries are configured with `--prefix="$IOS_PREFIX"` so the headers are placed in `$IOS_PREFIX/include` directory, and the libraries are placed in the `$IOS_PREFIX/lib` directory.
242242
243 `IOS_PREFIX` is the value `$HOME/$IOS_SDK-$IOS_CPU`. The scheme handles both iOS SDKs and cpu architectures so the pair recieves a unique installation directory. The libraries will be installed in `$HOME/iPhoneOS-armv7s`, `$HOME/iPhoneOS-arm64`, `$HOME/iPhoneSimulator-i386`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported.
243 `IOS_PREFIX` is the value `$HOME/$IOS_SDK-$IOS_CPU`. The scheme handles both iOS SDKs and cpu architectures so the pair receives a unique installation directory. The libraries will be installed in `$HOME/iPhoneOS-armv7s`, `$HOME/iPhoneOS-arm64`, `$HOME/iPhoneSimulator-i386`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported.
244244
245245 `PKG_CONFIG_PATH` is an important variable. It is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/iPhoneOS-armv7s/lib/pkgconfig` and `$HOME/iPhoneOS-arm64/lib/pkgconfig`.
246246
+3
-2
README.md less more
22 [![Travis Build Status](https://travis-ci.org/NLnetLabs/unbound.svg?branch=master)](https://travis-ci.org/NLnetLabs/unbound)
33 [![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions)
44 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound)
5 [![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest)
56
67 Unbound is a validating, recursive, caching DNS resolver. It is designed to be
78 fast and lean and incorporates modern features based on open standards. If you
910 [create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new)
1011 or post a message on the [Unbound mailing list](https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users).
1112 You can learn more about Unbound by reading our
12 [documentation](https://nlnetlabs.nl/documentation/unbound/).
13 [documentation](https://unbound.docs.nlnetlabs.nl/).
1314
1415 ## Compiling
1516
3132
3233 All of Unbound's configuration options are described in the man pages, which
3334 will be installed and are available on the Unbound
34 [documentation page](https://nlnetlabs.nl/documentation/unbound/).
35 [documentation page](https://unbound.docs.nlnetlabs.nl/).
3536
3637 An example configuration file is located in
3738 [doc/example.conf](https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in).
+52
-17
acx_nlnetlabs.m4 less more
11 # Copyright 2009, Wouter Wijngaards, NLnet Labs.
22 # BSD licensed.
33 #
4 # Version 37
4 # Version 43
5 # 2021-08-17 fix sed script in ssldir split handling.
6 # 2021-08-17 fix for openssl to detect split version, with ssldir_include
7 # and ssldir_lib output directories.
8 # 2021-07-30 fix for openssl use of lib64 directory.
9 # 2021-06-14 fix nonblocking test to use host instead of target for mingw test.
10 # 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for
11 # 64bit compatibility.
12 # 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS.
513 # 2021-01-05 fix defun for aclocal
614 # 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE
715 # 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
641649 withval=$1
642650 if test x_$withval != x_no; then
643651 AC_MSG_CHECKING(for SSL)
652 if test -n "$withval"; then
653 dnl look for openssl install with different version, eg.
654 dnl in /usr/include/openssl11/openssl/ssl.h
655 dnl and /usr/lib64/openssl11/libssl.so
656 dnl with the --with-ssl=/usr/include/openssl11
657 if test ! -f "$withval/include/openssl/ssl.h" -a -f "$withval/openssl/ssl.h"; then
658 ssldir="$withval"
659 found_ssl="yes"
660 withval=""
661 ssldir_include="$ssldir"
662 dnl find the libdir
663 ssldir_lib=`echo $ssldir | sed -e 's/include/lib/'`
664 if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then
665 : # found here
666 else
667 ssldir_lib=`echo $ssldir | sed -e 's/include/lib64/'`
668 if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then
669 : # found here
670 else
671 AC_MSG_ERROR([Could not find openssl lib file, $ssldir_lib/libssl.[so,a], pass like "/usr/local" or "/usr/include/openssl11"])
672 fi
673 fi
674 fi
675 fi
644676 if test x_$withval = x_ -o x_$withval = x_yes; then
645677 withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr"
646678 fi
648680 ssldir="$dir"
649681 if test -f "$dir/include/openssl/ssl.h"; then
650682 found_ssl="yes"
651 AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.])
652 dnl assume /usr/include is already in the include-path.
653 if test "$ssldir" != "/usr"; then
654 CPPFLAGS="$CPPFLAGS -I$ssldir/include"
655 LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include"
656 fi
683 ssldir_include="$ssldir/include"
684 if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
685 ssldir_lib="$ssldir/lib64"
686 else
687 ssldir_lib="$ssldir/lib"
688 fi
657689 break;
658690 fi
659691 done
661693 AC_MSG_ERROR(Cannot find the SSL libraries in $withval)
662694 else
663695 AC_MSG_RESULT(found in $ssldir)
696 AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.])
664697 HAVE_SSL=yes
665 dnl assume /usr is already in the lib and dynlib paths.
666 if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
667 LDFLAGS="$LDFLAGS -L$ssldir/lib"
668 LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
669 ACX_RUNTIME_PATH_ADD([$ssldir/lib])
670 fi
698 dnl assume /usr is already in the include, lib and dynlib paths.
699 if test "$ssldir" != "/usr"; then
700 CPPFLAGS="$CPPFLAGS -I$ssldir_include"
701 LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir_include"
702 LDFLAGS="$LDFLAGS -L$ssldir_lib"
703 LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir_lib"
704 ACX_RUNTIME_PATH_ADD([$ssldir_lib])
705 fi
671706
672707 AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
673708 LIBS="$LIBS -lcrypto"
746781 AC_DEFUN([ACX_WITH_SSL],
747782 [
748783 AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
749 /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
784 /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr or specify like /usr/include/openssl11)]),[
750785 ],[
751786 withval="yes"
752787 ])
764799 AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
765800 [
766801 AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
767 /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
802 /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr or specify like /usr/include/openssl11)]),[
768803 ],[
769804 withval="yes"
770805 ])
887922 [
888923 echo '$3' >conftest.c
889924 echo 'void f(){ $2 }' >>conftest.c
890 if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then
925 if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
891926 eval "cv_cc_deprecated_$cache=no"
892927 else
893928 eval "cv_cc_deprecated_$cache=yes"
913948 AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN],
914949 [
915950 AC_MSG_CHECKING([if nonblocking sockets work])
916 if echo $target | grep mingw32 >/dev/null; then
951 if echo $host | grep mingw >/dev/null; then
917952 AC_MSG_RESULT([no (windows)])
918953 AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).])
919954 else
+8
-2
cachedb/cachedb.c less more
518518 sldns_buffer_set_limit(buf, lim);
519519 return 0;
520520 }
521 if(parse_extract_edns(prs, &edns, qstate->env->scratch) !=
521 if(parse_extract_edns_from_response_msg(prs, &edns, qstate->env->scratch) !=
522522 LDNS_RCODE_NOERROR) {
523523 sldns_buffer_set_limit(buf, lim);
524524 return 0;
616616 static int
617617 cachedb_intcache_lookup(struct module_qstate* qstate)
618618 {
619 uint8_t* dpname=NULL;
620 size_t dpnamelen=0;
619621 struct dns_msg* msg;
622 if(iter_stub_fwd_no_cache(qstate, &qstate->qinfo,
623 &dpname, &dpnamelen))
624 return 0; /* no cache for these queries */
620625 msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname,
621626 qstate->qinfo.qname_len, qstate->qinfo.qtype,
622627 qstate->qinfo.qclass, qstate->query_flags,
623628 qstate->region, qstate->env->scratch,
624 1 /* no partial messages with only a CNAME */
629 1, /* no partial messages with only a CNAME */
630 dpname, dpnamelen
625631 );
626632 if(!msg && qstate->env->neg_cache &&
627633 iter_qname_indicates_dnssec(qstate->env, &qstate->qinfo)) {
+1
-1
compat/ctime_r.c less more
3737 strcpy(buf, result);
3838 }
3939 lock_basic_unlock(&ctime_lock);
40 return result;
40 return buf;
4141 }
+661
-607
config.guess less more
00 #! /bin/sh
11 # Attempt to guess a canonical system name.
2 # Copyright 1992-2021 Free Software Foundation, Inc.
3
4 timestamp='2021-01-25'
2 # Copyright 1992-2022 Free Software Foundation, Inc.
3
4 # shellcheck disable=SC2006,SC2268 # see below for rationale
5
6 timestamp='2022-01-09'
57
68 # This file is free software; you can redistribute it and/or modify it
79 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
10 # the Free Software Foundation, either version 3 of the License, or
911 # (at your option) any later version.
1012 #
1113 # This program is distributed in the hope that it will be useful, but
3133 # Please send patches to <config-patches@gnu.org>.
3234
3335
34 me=$(echo "$0" | sed -e 's,.*/,,')
36 # The "shellcheck disable" line above the timestamp inhibits complaints
37 # about features and limitations of the classic Bourne shell that were
38 # superseded or lifted in POSIX. However, this script identifies a wide
39 # variety of pre-POSIX systems that do not have POSIX shells at all, and
40 # even some reasonably current systems (Solaris 10 as case-in-point) still
41 # have a pre-POSIX /bin/sh.
42
43
44 me=`echo "$0" | sed -e 's,.*/,,'`
3545
3646 usage="\
3747 Usage: $0 [OPTION]
4959 GNU config.guess ($timestamp)
5060
5161 Originally written by Per Bothner.
52 Copyright 1992-2021 Free Software Foundation, Inc.
62 Copyright 1992-2022 Free Software Foundation, Inc.
5363
5464 This is free software; see the source for copying conditions. There is NO
5565 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
8393 exit 1
8494 fi
8595
96 # Just in case it came from the environment.
97 GUESS=
98
8699 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a
87100 # compiler to aid in system detection is discouraged as it requires
88101 # temporary files to be created and, as you can see below, it is a
101114 # prevent multiple calls if $tmp is already set
102115 test "$tmp" && return 0
103116 : "${TMPDIR=/tmp}"
104 # shellcheck disable=SC2039
105 { tmp=$( (umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null) && test -n "$tmp" && test -d "$tmp" ; } ||
117 # shellcheck disable=SC2039,SC3028
118 { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
106119 { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
107120 { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
108121 { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
111124 ,,) echo "int x;" > "$dummy.c"
112125 for driver in cc gcc c89 c99 ; do
113126 if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
114 CC_FOR_BUILD="$driver"
127 CC_FOR_BUILD=$driver
115128 break
116129 fi
117130 done
130143 PATH=$PATH:/.attbin ; export PATH
131144 fi
132145
133 UNAME_MACHINE=$( (uname -m) 2>/dev/null) || UNAME_MACHINE=unknown
134 UNAME_RELEASE=$( (uname -r) 2>/dev/null) || UNAME_RELEASE=unknown
135 UNAME_SYSTEM=$( (uname -s) 2>/dev/null) || UNAME_SYSTEM=unknown
136 UNAME_VERSION=$( (uname -v) 2>/dev/null) || UNAME_VERSION=unknown
137
138 case "$UNAME_SYSTEM" in
146 UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
147 UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
148 UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
149 UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
150
151 case $UNAME_SYSTEM in
139152 Linux|GNU|GNU/*)
140153 LIBC=unknown
141154
156169 #endif
157170 #endif
158171 EOF
159 eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g')"
172 cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
173 eval "$cc_set_libc"
160174
161175 # Second heuristic to detect musl libc.
162176 if [ "$LIBC" = unknown ] &&
175189
176190 # Note: order is significant - the case branches are not exclusive.
177191
178 case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
192 case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
179193 *:NetBSD:*:*)
180194 # NetBSD (nbsd) targets should (where applicable) match one or
181195 # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
187201 #
188202 # Note: NetBSD doesn't particularly care about the vendor
189203 # portion of the name. We always set it to "unknown".
190 UNAME_MACHINE_ARCH=$( (uname -p 2>/dev/null || \
204 UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
191205 /sbin/sysctl -n hw.machine_arch 2>/dev/null || \
192206 /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
193 echo unknown))
194 case "$UNAME_MACHINE_ARCH" in
207 echo unknown)`
208 case $UNAME_MACHINE_ARCH in
195209 aarch64eb) machine=aarch64_be-unknown ;;
196210 armeb) machine=armeb-unknown ;;
197211 arm*) machine=arm-unknown ;;
199213 sh3eb) machine=sh-unknown ;;
200214 sh5el) machine=sh5le-unknown ;;
201215 earmv*)
202 arch=$(echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,')
203 endian=$(echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p')
204 machine="${arch}${endian}"-unknown
216 arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
217 endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
218 machine=${arch}${endian}-unknown
205219 ;;
206 *) machine="$UNAME_MACHINE_ARCH"-unknown ;;
220 *) machine=$UNAME_MACHINE_ARCH-unknown ;;
207221 esac
208222 # The Operating System including object format, if it has switched
209223 # to ELF recently (or will in the future) and ABI.
210 case "$UNAME_MACHINE_ARCH" in
224 case $UNAME_MACHINE_ARCH in
211225 earm*)
212226 os=netbsdelf
213227 ;;
228242 ;;
229243 esac
230244 # Determine ABI tags.
231 case "$UNAME_MACHINE_ARCH" in
245 case $UNAME_MACHINE_ARCH in
232246 earm*)
233247 expr='s/^earmv[0-9]/-eabi/;s/eb$//'
234 abi=$(echo "$UNAME_MACHINE_ARCH" | sed -e "$expr")
248 abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
235249 ;;
236250 esac
237251 # The OS release
239253 # thus, need a distinct triplet. However, they do not need
240254 # kernel version information, so it can be replaced with a
241255 # suitable tag, in the style of linux-gnu.
242 case "$UNAME_VERSION" in
256 case $UNAME_VERSION in
243257 Debian*)
244258 release='-gnu'
245259 ;;
246260 *)
247 release=$(echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2)
261 release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2`
248262 ;;
249263 esac
250264 # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
251265 # contains redundant information, the shorter form:
252266 # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
253 echo "$machine-${os}${release}${abi-}"
254 exit ;;
267 GUESS=$machine-${os}${release}${abi-}
268 ;;
255269 *:Bitrig:*:*)
256 UNAME_MACHINE_ARCH=$(arch | sed 's/Bitrig.//')
257 echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE"
258 exit ;;
270 UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
271 GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE
272 ;;
259273 *:OpenBSD:*:*)
260 UNAME_MACHINE_ARCH=$(arch | sed 's/OpenBSD.//')
261 echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE"
262 exit ;;
274 UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
275 GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE
276 ;;
277 *:SecBSD:*:*)
278 UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'`
279 GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE
280 ;;
263281 *:LibertyBSD:*:*)
264 UNAME_MACHINE_ARCH=$(arch | sed 's/^.*BSD\.//')
265 echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE"
266 exit ;;
282 UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
283 GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE
284 ;;
267285 *:MidnightBSD:*:*)
268 echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE"
269 exit ;;
286 GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE
287 ;;
270288 *:ekkoBSD:*:*)
271 echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE"
272 exit ;;
289 GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE
290 ;;
273291 *:SolidBSD:*:*)
274 echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE"
275 exit ;;
292 GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE
293 ;;
276294 *:OS108:*:*)
277 echo "$UNAME_MACHINE"-unknown-os108_"$UNAME_RELEASE"
278 exit ;;
295 GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE
296 ;;
279297 macppc:MirBSD:*:*)
280 echo powerpc-unknown-mirbsd"$UNAME_RELEASE"
281 exit ;;
298 GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE
299 ;;
282300 *:MirBSD:*:*)
283 echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE"
284 exit ;;
301 GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE
302 ;;
285303 *:Sortix:*:*)
286 echo "$UNAME_MACHINE"-unknown-sortix
287 exit ;;
304 GUESS=$UNAME_MACHINE-unknown-sortix
305 ;;
288306 *:Twizzler:*:*)
289 echo "$UNAME_MACHINE"-unknown-twizzler
290 exit ;;
307 GUESS=$UNAME_MACHINE-unknown-twizzler
308 ;;
291309 *:Redox:*:*)
292 echo "$UNAME_MACHINE"-unknown-redox
293 exit ;;
310 GUESS=$UNAME_MACHINE-unknown-redox
311 ;;
294312 mips:OSF1:*.*)
295 echo mips-dec-osf1
296 exit ;;
313 GUESS=mips-dec-osf1
314 ;;
297315 alpha:OSF1:*:*)
316 # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
317 trap '' 0
298318 case $UNAME_RELEASE in
299319 *4.0)
300 UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $3}')
320 UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
301321 ;;
302322 *5.*)
303 UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $4}')
323 UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
304324 ;;
305325 esac
306326 # According to Compaq, /usr/sbin/psrinfo has been available on
307327 # OSF/1 and Tru64 systems produced since 1995. I hope that
308328 # covers most systems running today. This code pipes the CPU
309329 # types through head -n 1, so we only detect the type of CPU 0.
310 ALPHA_CPU_TYPE=$(/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1)
311 case "$ALPHA_CPU_TYPE" in
330 ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
331 case $ALPHA_CPU_TYPE in
312332 "EV4 (21064)")
313333 UNAME_MACHINE=alpha ;;
314334 "EV4.5 (21064)")
345365 # A Tn.n version is a released field test version.
346366 # A Xn.n version is an unreleased experimental baselevel.
347367 # 1.2 uses "1.2" for uname -r.
348 echo "$UNAME_MACHINE"-dec-osf"$(echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)"
349 # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
350 exitcode=$?
351 trap '' 0
352 exit $exitcode ;;
368 OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
369 GUESS=$UNAME_MACHINE-dec-osf$OSF_REL
370 ;;
353371 Amiga*:UNIX_System_V:4.0:*)
354 echo m68k-unknown-sysv4
355 exit ;;
372 GUESS=m68k-unknown-sysv4
373 ;;
356374 *:[Aa]miga[Oo][Ss]:*:*)
357 echo "$UNAME_MACHINE"-unknown-amigaos
358 exit ;;
375 GUESS=$UNAME_MACHINE-unknown-amigaos
376 ;;
359377 *:[Mm]orph[Oo][Ss]:*:*)
360 echo "$UNAME_MACHINE"-unknown-morphos
361 exit ;;
378 GUESS=$UNAME_MACHINE-unknown-morphos
379 ;;
362380 *:OS/390:*:*)
363 echo i370-ibm-openedition
364 exit ;;
381 GUESS=i370-ibm-openedition
382 ;;
365383 *:z/VM:*:*)
366 echo s390-ibm-zvmoe
367 exit ;;
384 GUESS=s390-ibm-zvmoe
385 ;;
368386 *:OS400:*:*)
369 echo powerpc-ibm-os400
370 exit ;;
387 GUESS=powerpc-ibm-os400
388 ;;
371389 arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
372 echo arm-acorn-riscix"$UNAME_RELEASE"
373 exit ;;
390 GUESS=arm-acorn-riscix$UNAME_RELEASE
391 ;;
374392 arm*:riscos:*:*|arm*:RISCOS:*:*)
375 echo arm-unknown-riscos
376 exit ;;
393 GUESS=arm-unknown-riscos
394 ;;
377395 SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
378 echo hppa1.1-hitachi-hiuxmpp
379 exit ;;
396 GUESS=hppa1.1-hitachi-hiuxmpp
397 ;;
380398 Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
381399 # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
382 if test "$( (/bin/universe) 2>/dev/null)" = att ; then
383 echo pyramid-pyramid-sysv3
384 else
385 echo pyramid-pyramid-bsd
386 fi
387 exit ;;
400 case `(/bin/universe) 2>/dev/null` in
401 att) GUESS=pyramid-pyramid-sysv3 ;;
402 *) GUESS=pyramid-pyramid-bsd ;;
403 esac
404 ;;
388405 NILE*:*:*:dcosx)
389 echo pyramid-pyramid-svr4
390 exit ;;
406 GUESS=pyramid-pyramid-svr4
407 ;;
391408 DRS?6000:unix:4.0:6*)
392 echo sparc-icl-nx6
393 exit ;;
409 GUESS=sparc-icl-nx6
410 ;;
394411 DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
395 case $(/usr/bin/uname -p) in
396 sparc) echo sparc-icl-nx7; exit ;;
397 esac ;;
412 case `/usr/bin/uname -p` in
413 sparc) GUESS=sparc-icl-nx7 ;;
414 esac
415 ;;
398416 s390x:SunOS:*:*)
399 echo "$UNAME_MACHINE"-ibm-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')"
400 exit ;;
417 SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
418 GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL
419 ;;
401420 sun4H:SunOS:5.*:*)
402 echo sparc-hal-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
403 exit ;;
421 SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
422 GUESS=sparc-hal-solaris2$SUN_REL
423 ;;
404424 sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
405 echo sparc-sun-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')"
406 exit ;;
425 SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
426 GUESS=sparc-sun-solaris2$SUN_REL
427 ;;
407428 i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
408 echo i386-pc-auroraux"$UNAME_RELEASE"
409 exit ;;
429 GUESS=i386-pc-auroraux$UNAME_RELEASE
430 ;;
410431 i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
411432 set_cc_for_build
412433 SUN_ARCH=i386
415436 # This test works for both compilers.
416437 if test "$CC_FOR_BUILD" != no_compiler_found; then
417438 if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
418 (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
439 (CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \
419440 grep IS_64BIT_ARCH >/dev/null
420441 then
421442 SUN_ARCH=x86_64
422443 fi
423444 fi
424 echo "$SUN_ARCH"-pc-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
425 exit ;;
445 SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
446 GUESS=$SUN_ARCH-pc-solaris2$SUN_REL
447 ;;
426448 sun4*:SunOS:6*:*)
427449 # According to config.sub, this is the proper way to canonicalize
428450 # SunOS6. Hard to guess exactly what SunOS6 will be like, but
429451 # it's likely to be more like Solaris than SunOS4.
430 echo sparc-sun-solaris3"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
431 exit ;;
452 SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
453 GUESS=sparc-sun-solaris3$SUN_REL
454 ;;
432455 sun4*:SunOS:*:*)
433 case "$(/usr/bin/arch -k)" in
456 case `/usr/bin/arch -k` in
434457 Series*|S4*)
435 UNAME_RELEASE=$(uname -v)
458 UNAME_RELEASE=`uname -v`
436459 ;;
437460 esac
438461 # Japanese Language versions have a version number like `4.1.3-JL'.
439 echo sparc-sun-sunos"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/')"
440 exit ;;
462 SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'`
463 GUESS=sparc-sun-sunos$SUN_REL
464 ;;
441465 sun3*:SunOS:*:*)
442 echo m68k-sun-sunos"$UNAME_RELEASE"
443 exit ;;
466 GUESS=m68k-sun-sunos$UNAME_RELEASE
467 ;;
444468 sun*:*:4.2BSD:*)
445 UNAME_RELEASE=$( (sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null)
469 UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
446470 test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
447 case "$(/bin/arch)" in
471 case `/bin/arch` in
448472 sun3)
449 echo m68k-sun-sunos"$UNAME_RELEASE"
473 GUESS=m68k-sun-sunos$UNAME_RELEASE
450474 ;;
451475 sun4)
452 echo sparc-sun-sunos"$UNAME_RELEASE"
476 GUESS=sparc-sun-sunos$UNAME_RELEASE
453477 ;;
454478 esac
455 exit ;;
479 ;;
456480 aushp:SunOS:*:*)
457 echo sparc-auspex-sunos"$UNAME_RELEASE"
458 exit ;;
481 GUESS=sparc-auspex-sunos$UNAME_RELEASE
482 ;;
459483 # The situation for MiNT is a little confusing. The machine name
460484 # can be virtually everything (everything which is not
461485 # "atarist" or "atariste" at least should have a processor
465489 # MiNT. But MiNT is downward compatible to TOS, so this should
466490 # be no problem.
467491 atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
468 echo m68k-atari-mint"$UNAME_RELEASE"
469 exit ;;
492 GUESS=m68k-atari-mint$UNAME_RELEASE
493 ;;
470494 atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
471 echo m68k-atari-mint"$UNAME_RELEASE"
472 exit ;;
495 GUESS=m68k-atari-mint$UNAME_RELEASE
496 ;;
473497 *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
474 echo m68k-atari-mint"$UNAME_RELEASE"
475 exit ;;
498 GUESS=m68k-atari-mint$UNAME_RELEASE
499 ;;
476500 milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
477 echo m68k-milan-mint"$UNAME_RELEASE"
478 exit ;;
501 GUESS=m68k-milan-mint$UNAME_RELEASE
502 ;;
479503 hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
480 echo m68k-hades-mint"$UNAME_RELEASE"
481 exit ;;
504 GUESS=m68k-hades-mint$UNAME_RELEASE
505 ;;
482506 *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
483 echo m68k-unknown-mint"$UNAME_RELEASE"
484 exit ;;
507 GUESS=m68k-unknown-mint$UNAME_RELEASE
508 ;;
485509 m68k:machten:*:*)
486 echo m68k-apple-machten"$UNAME_RELEASE"
487 exit ;;
510 GUESS=m68k-apple-machten$UNAME_RELEASE
511 ;;
488512 powerpc:machten:*:*)
489 echo powerpc-apple-machten"$UNAME_RELEASE"
490 exit ;;
513 GUESS=powerpc-apple-machten$UNAME_RELEASE
514 ;;
491515 RISC*:Mach:*:*)
492 echo mips-dec-mach_bsd4.3
493 exit ;;
516 GUESS=mips-dec-mach_bsd4.3
517 ;;
494518 RISC*:ULTRIX:*:*)
495 echo mips-dec-ultrix"$UNAME_RELEASE"
496 exit ;;
519 GUESS=mips-dec-ultrix$UNAME_RELEASE
520 ;;
497521 VAX*:ULTRIX*:*:*)
498 echo vax-dec-ultrix"$UNAME_RELEASE"
499 exit ;;
522 GUESS=vax-dec-ultrix$UNAME_RELEASE
523 ;;
500524 2020:CLIX:*:* | 2430:CLIX:*:*)
501 echo clipper-intergraph-clix"$UNAME_RELEASE"
502 exit ;;
525 GUESS=clipper-intergraph-clix$UNAME_RELEASE
526 ;;
503527 mips:*:*:UMIPS | mips:*:*:RISCos)
504528 set_cc_for_build
505529 sed 's/^ //' << EOF > "$dummy.c"
524548 }
525549 EOF
526550 $CC_FOR_BUILD -o "$dummy" "$dummy.c" &&
527 dummyarg=$(echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p') &&
528 SYSTEM_NAME=$("$dummy" "$dummyarg") &&
551 dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
552 SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
529553 { echo "$SYSTEM_NAME"; exit; }
530 echo mips-mips-riscos"$UNAME_RELEASE"
531 exit ;;
554 GUESS=mips-mips-riscos$UNAME_RELEASE
555 ;;
532556 Motorola:PowerMAX_OS:*:*)
533 echo powerpc-motorola-powermax
534 exit ;;
557 GUESS=powerpc-motorola-powermax
558 ;;
535559 Motorola:*:4.3:PL8-*)
536 echo powerpc-harris-powermax
537 exit ;;
560 GUESS=powerpc-harris-powermax
561 ;;
538562 Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
539 echo powerpc-harris-powermax
540 exit ;;
563 GUESS=powerpc-harris-powermax
564 ;;
541565 Night_Hawk:Power_UNIX:*:*)
542 echo powerpc-harris-powerunix
543 exit ;;
566 GUESS=powerpc-harris-powerunix
567 ;;
544568 m88k:CX/UX:7*:*)
545 echo m88k-harris-cxux7
546 exit ;;
569 GUESS=m88k-harris-cxux7
570 ;;
547571 m88k:*:4*:R4*)
548 echo m88k-motorola-sysv4
549 exit ;;
572 GUESS=m88k-motorola-sysv4
573 ;;
550574 m88k:*:3*:R3*)
551 echo m88k-motorola-sysv3
552 exit ;;
575 GUESS=m88k-motorola-sysv3
576 ;;
553577 AViiON:dgux:*:*)
554578 # DG/UX returns AViiON for all architectures
555 UNAME_PROCESSOR=$(/usr/bin/uname -p)
579 UNAME_PROCESSOR=`/usr/bin/uname -p`
556580 if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110
557581 then
558582 if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \
559583 test "$TARGET_BINARY_INTERFACE"x = x
560584 then
561 echo m88k-dg-dgux"$UNAME_RELEASE"
585 GUESS=m88k-dg-dgux$UNAME_RELEASE
562586 else
563 echo m88k-dg-dguxbcs"$UNAME_RELEASE"
587 GUESS=m88k-dg-dguxbcs$UNAME_RELEASE
564588 fi
565589 else
566 echo i586-dg-dgux"$UNAME_RELEASE"
567 fi
568 exit ;;
590 GUESS=i586-dg-dgux$UNAME_RELEASE
591 fi
592 ;;
569593 M88*:DolphinOS:*:*) # DolphinOS (SVR3)
570 echo m88k-dolphin-sysv3
571 exit ;;
594 GUESS=m88k-dolphin-sysv3
595 ;;
572596 M88*:*:R3*:*)
573597 # Delta 88k system running SVR3
574 echo m88k-motorola-sysv3
575 exit ;;
598 GUESS=m88k-motorola-sysv3
599 ;;
576600 XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
577 echo m88k-tektronix-sysv3
578 exit ;;
601 GUESS=m88k-tektronix-sysv3
602 ;;
579603 Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
580 echo m68k-tektronix-bsd
581 exit ;;
604 GUESS=m68k-tektronix-bsd
605 ;;
582606 *:IRIX*:*:*)
583 echo mips-sgi-irix"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/g')"
584 exit ;;
607 IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'`
608 GUESS=mips-sgi-irix$IRIX_REL
609 ;;
585610 ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
586 echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
587 exit ;; # Note that: echo "'$(uname -s)'" gives 'AIX '
611 GUESS=romp-ibm-aix # uname -m gives an 8 hex-code CPU id
612 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
588613 i*86:AIX:*:*)
589 echo i386-ibm-aix
590 exit ;;
614 GUESS=i386-ibm-aix
615 ;;
591616 ia64:AIX:*:*)
592617 if test -x /usr/bin/oslevel ; then
593 IBM_REV=$(/usr/bin/oslevel)
618 IBM_REV=`/usr/bin/oslevel`
594619 else
595 IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
596 fi
597 echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV"
598 exit ;;
620 IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
621 fi
622 GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV
623 ;;
599624 *:AIX:2:3)
600625 if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
601626 set_cc_for_build
610635 exit(0);
611636 }
612637 EOF
613 if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy")
638 if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
614639 then
615 echo "$SYSTEM_NAME"
640 GUESS=$SYSTEM_NAME
616641 else
617 echo rs6000-ibm-aix3.2.5
642 GUESS=rs6000-ibm-aix3.2.5
618643 fi
619644 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
620 echo rs6000-ibm-aix3.2.4
645 GUESS=rs6000-ibm-aix3.2.4
621646 else
622 echo rs6000-ibm-aix3.2
623 fi
624 exit ;;
647 GUESS=rs6000-ibm-aix3.2
648 fi
649 ;;
625650 *:AIX:*:[4567])
626 IBM_CPU_ID=$(/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }')
651 IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
627652 if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
628653 IBM_ARCH=rs6000
629654 else
630655 IBM_ARCH=powerpc
631656 fi
632657 if test -x /usr/bin/lslpp ; then
633 IBM_REV=$(/usr/bin/lslpp -Lqc bos.rte.libc |
634 awk -F: '{ print $3 }' | sed s/[0-9]*$/0/)
658 IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \
659 awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
635660 else
636 IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
637 fi
638 echo "$IBM_ARCH"-ibm-aix"$IBM_REV"
639 exit ;;
661 IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
662 fi
663 GUESS=$IBM_ARCH-ibm-aix$IBM_REV
664 ;;
640665 *:AIX:*:*)
641 echo rs6000-ibm-aix
642 exit ;;
666 GUESS=rs6000-ibm-aix
667 ;;
643668 ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*)
644 echo romp-ibm-bsd4.4
645 exit ;;
669 GUESS=romp-ibm-bsd4.4
670 ;;
646671 ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
647 echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to
648 exit ;; # report: romp-ibm BSD 4.3
672 GUESS=romp-ibm-bsd$UNAME_RELEASE # 4.3 with uname added to
673 ;; # report: romp-ibm BSD 4.3
649674 *:BOSX:*:*)
650 echo rs6000-bull-bosx
651 exit ;;
675 GUESS=rs6000-bull-bosx
676 ;;
652677 DPX/2?00:B.O.S.:*:*)
653 echo m68k-bull-sysv3
654 exit ;;
678 GUESS=m68k-bull-sysv3
679 ;;
655680 9000/[34]??:4.3bsd:1.*:*)
656 echo m68k-hp-bsd
657 exit ;;
681 GUESS=m68k-hp-bsd
682 ;;
658683 hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
659 echo m68k-hp-bsd4.4
660 exit ;;
684 GUESS=m68k-hp-bsd4.4
685 ;;
661686 9000/[34678]??:HP-UX:*:*)
662 HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//')
663 case "$UNAME_MACHINE" in
687 HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
688 case $UNAME_MACHINE in
664689 9000/31?) HP_ARCH=m68000 ;;
665690 9000/[34]??) HP_ARCH=m68k ;;
666691 9000/[678][0-9][0-9])
667692 if test -x /usr/bin/getconf; then
668 sc_cpu_version=$(/usr/bin/getconf SC_CPU_VERSION 2>/dev/null)
669 sc_kernel_bits=$(/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null)
670 case "$sc_cpu_version" in
693 sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
694 sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
695 case $sc_cpu_version in
671696 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
672697 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
673698 532) # CPU_PA_RISC2_0
674 case "$sc_kernel_bits" in
699 case $sc_kernel_bits in
675700 32) HP_ARCH=hppa2.0n ;;
676701 64) HP_ARCH=hppa2.0w ;;
677702 '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
713738 exit (0);
714739 }
715740 EOF
716 (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=$("$dummy")
741 (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"`
717742 test -z "$HP_ARCH" && HP_ARCH=hppa
718743 fi ;;
719744 esac
738763 HP_ARCH=hppa64
739764 fi
740765 fi
741 echo "$HP_ARCH"-hp-hpux"$HPUX_REV"
742 exit ;;
766 GUESS=$HP_ARCH-hp-hpux$HPUX_REV
767 ;;
743768 ia64:HP-UX:*:*)
744 HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//')
745 echo ia64-hp-hpux"$HPUX_REV"
746 exit ;;
769 HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
770 GUESS=ia64-hp-hpux$HPUX_REV
771 ;;
747772 3050*:HI-UX:*:*)
748773 set_cc_for_build
749774 sed 's/^ //' << EOF > "$dummy.c"
771796 exit (0);
772797 }
773798 EOF
774 $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy") &&
799 $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
775800 { echo "$SYSTEM_NAME"; exit; }
776 echo unknown-hitachi-hiuxwe2
777 exit ;;
801 GUESS=unknown-hitachi-hiuxwe2
802 ;;
778803 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*)
779 echo hppa1.1-hp-bsd
780 exit ;;
804 GUESS=hppa1.1-hp-bsd
805 ;;
781806 9000/8??:4.3bsd:*:*)
782 echo hppa1.0-hp-bsd
783 exit ;;
807 GUESS=hppa1.0-hp-bsd
808 ;;
784809 *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
785 echo hppa1.0-hp-mpeix
786 exit ;;
810 GUESS=hppa1.0-hp-mpeix
811 ;;
787812 hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*)
788 echo hppa1.1-hp-osf
789 exit ;;
813 GUESS=hppa1.1-hp-osf
814 ;;
790815 hp8??:OSF1:*:*)
791 echo hppa1.0-hp-osf
792 exit ;;
816 GUESS=hppa1.0-hp-osf
817 ;;
793818 i*86:OSF1:*:*)
794819 if test -x /usr/sbin/sysversion ; then
795 echo "$UNAME_MACHINE"-unknown-osf1mk
820 GUESS=$UNAME_MACHINE-unknown-osf1mk
796821 else
797 echo "$UNAME_MACHINE"-unknown-osf1
798 fi
799 exit ;;
822 GUESS=$UNAME_MACHINE-unknown-osf1
823 fi
824 ;;
800825 parisc*:Lites*:*:*)
801 echo hppa1.1-hp-lites
802 exit ;;
826 GUESS=hppa1.1-hp-lites
827 ;;
803828 C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
804 echo c1-convex-bsd
805 exit ;;
829 GUESS=c1-convex-bsd
830 ;;
806831 C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
807832 if getsysinfo -f scalar_acc
808833 then echo c32-convex-bsd
810835 fi
811836 exit ;;
812837 C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
813 echo c34-convex-bsd
814 exit ;;
838 GUESS=c34-convex-bsd
839 ;;
815840 C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
816 echo c38-convex-bsd
817 exit ;;
841 GUESS=c38-convex-bsd
842 ;;
818843 C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
819 echo c4-convex-bsd
820 exit ;;
844 GUESS=c4-convex-bsd
845 ;;
821846 CRAY*Y-MP:*:*:*)
822 echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
823 exit ;;
847 CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
848 GUESS=ymp-cray-unicos$CRAY_REL
849 ;;
824850 CRAY*[A-Z]90:*:*:*)
825851 echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \
826852 | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
828854 -e 's/\.[^.]*$/.X/'
829855 exit ;;
830856 CRAY*TS:*:*:*)
831 echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
832 exit ;;
857 CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
858 GUESS=t90-cray-unicos$CRAY_REL
859 ;;
833860 CRAY*T3E:*:*:*)
834 echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
835 exit ;;
861 CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
862 GUESS=alphaev5-cray-unicosmk$CRAY_REL
863 ;;
836864 CRAY*SV1:*:*:*)
837 echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
838 exit ;;
865 CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
866 GUESS=sv1-cray-unicos$CRAY_REL
867 ;;
839868 *:UNICOS/mp:*:*)
840 echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
841 exit ;;
869 CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
870 GUESS=craynv-cray-unicosmp$CRAY_REL
871 ;;
842872 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
843 FUJITSU_PROC=$(uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)
844 FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///')
845 FUJITSU_REL=$(echo "$UNAME_RELEASE" | sed -e 's/ /_/')
846 echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
847 exit ;;
873 FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
874 FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
875 FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
876 GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
877 ;;
848878 5000:UNIX_System_V:4.*:*)
849 FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///')
850 FUJITSU_REL=$(echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/')
851 echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
852 exit ;;
879 FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
880 FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
881 GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
882 ;;
853883 i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
854 echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE"
855 exit ;;
884 GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE
885 ;;
856886 sparc*:BSD/OS:*:*)
857 echo sparc-unknown-bsdi"$UNAME_RELEASE"
858 exit ;;
887 GUESS=sparc-unknown-bsdi$UNAME_RELEASE
888 ;;
859889 *:BSD/OS:*:*)
860 echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE"
861 exit ;;
890 GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE
891 ;;
862892 arm:FreeBSD:*:*)
863 UNAME_PROCESSOR=$(uname -p)
893 UNAME_PROCESSOR=`uname -p`
864894 set_cc_for_build
865895 if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
866896 | grep -q __ARM_PCS_VFP
867897 then
868 echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabi
898 FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
899 GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi
869900 else
870 echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabihf
871 fi
872 exit ;;
901 FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
902 GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf
903 fi
904 ;;
873905 *:FreeBSD:*:*)
874 UNAME_PROCESSOR=$(/usr/bin/uname -p)
875 case "$UNAME_PROCESSOR" in
906 UNAME_PROCESSOR=`/usr/bin/uname -p`
907 case $UNAME_PROCESSOR in
876908 amd64)
877909 UNAME_PROCESSOR=x86_64 ;;
878910 i386)
879911 UNAME_PROCESSOR=i586 ;;
880912 esac
881 echo "$UNAME_PROCESSOR"-unknown-freebsd"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')"
882 exit ;;
913 FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
914 GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL
915 ;;
883916 i*:CYGWIN*:*)
884 echo "$UNAME_MACHINE"-pc-cygwin
885 exit ;;
917 GUESS=$UNAME_MACHINE-pc-cygwin
918 ;;
886919 *:MINGW64*:*)
887 echo "$UNAME_MACHINE"-pc-mingw64
888 exit ;;
920 GUESS=$UNAME_MACHINE-pc-mingw64
921 ;;
889922 *:MINGW*:*)
890 echo "$UNAME_MACHINE"-pc-mingw32
891 exit ;;
923 GUESS=$UNAME_MACHINE-pc-mingw32
924 ;;
892925 *:MSYS*:*)
893 echo "$UNAME_MACHINE"-pc-msys
894 exit ;;
926 GUESS=$UNAME_MACHINE-pc-msys
927 ;;
895928 i*:PW*:*)
896 echo "$UNAME_MACHINE"-pc-pw32
897 exit ;;
929 GUESS=$UNAME_MACHINE-pc-pw32
930 ;;
931 *:SerenityOS:*:*)
932 GUESS=$UNAME_MACHINE-pc-serenity
933 ;;
898934 *:Interix*:*)
899 case "$UNAME_MACHINE" in
935 case $UNAME_MACHINE in
900936 x86)
901 echo i586-pc-interix"$UNAME_RELEASE"
902 exit ;;
937 GUESS=i586-pc-interix$UNAME_RELEASE
938 ;;
903939 authenticamd | genuineintel | EM64T)
904 echo x86_64-unknown-interix"$UNAME_RELEASE"
905 exit ;;
940 GUESS=x86_64-unknown-interix$UNAME_RELEASE
941 ;;
906942 IA64)
907 echo ia64-unknown-interix"$UNAME_RELEASE"
908 exit ;;
943 GUESS=ia64-unknown-interix$UNAME_RELEASE
944 ;;
909945 esac ;;
910946 i*:UWIN*:*)
911 echo "$UNAME_MACHINE"-pc-uwin
912 exit ;;
947 GUESS=$UNAME_MACHINE-pc-uwin
948 ;;
913949 amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
914 echo x86_64-pc-cygwin
915 exit ;;
950 GUESS=x86_64-pc-cygwin
951 ;;
916952 prep*:SunOS:5.*:*)
917 echo powerpcle-unknown-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
918 exit ;;
953 SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
954 GUESS=powerpcle-unknown-solaris2$SUN_REL
955 ;;
919956 *:GNU:*:*)
920957 # the GNU system
921 echo "$(echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,')-unknown-$LIBC$(echo "$UNAME_RELEASE"|sed -e 's,/.*$,,')"
922 exit ;;
958 GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'`
959 GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'`
960 GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL
961 ;;
923962 *:GNU/*:*:*)
924963 # other systems with GNU libc and userland
925 echo "$UNAME_MACHINE-unknown-$(echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]")$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')-$LIBC"
926 exit ;;
964 GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"`
965 GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
966 GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC
967 ;;
927968 *:Minix:*:*)
928 echo "$UNAME_MACHINE"-unknown-minix
929 exit ;;
969 GUESS=$UNAME_MACHINE-unknown-minix
970 ;;
930971 aarch64:Linux:*:*)
931 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
932 exit ;;
972 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
973 ;;
933974 aarch64_be:Linux:*:*)
934975 UNAME_MACHINE=aarch64_be
935 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
936 exit ;;
976 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
977 ;;
937978 alpha:Linux:*:*)
938 case $(sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null) in
979 case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
939980 EV5) UNAME_MACHINE=alphaev5 ;;
940981 EV56) UNAME_MACHINE=alphaev56 ;;
941982 PCA56) UNAME_MACHINE=alphapca56 ;;
946987 esac
947988 objdump --private-headers /bin/sh | grep -q ld.so.1
948989 if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
949 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
950 exit ;;
951 arc:Linux:*:* | arceb:Linux:*:*)
952 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
953 exit ;;
990 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
991 ;;
992 arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*)
993 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
994 ;;
954995 arm*:Linux:*:*)
955996 set_cc_for_build
956997 if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
957998 | grep -q __ARM_EABI__
958999 then
959 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1000 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
9601001 else
9611002 if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
9621003 | grep -q __ARM_PCS_VFP
9631004 then
964 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi
1005 GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi
9651006 else
966 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf
1007 GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf
9671008 fi
9681009 fi
969 exit ;;
1010 ;;
9701011 avr32*:Linux:*:*)
971 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
972 exit ;;
1012 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1013 ;;
9731014 cris:Linux:*:*)
974 echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
975 exit ;;
1015 GUESS=$UNAME_MACHINE-axis-linux-$LIBC
1016 ;;
9761017 crisv32:Linux:*:*)
977 echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
978 exit ;;
1018 GUESS=$UNAME_MACHINE-axis-linux-$LIBC
1019 ;;
9791020 e2k:Linux:*:*)
980 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
981 exit ;;
1021 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1022 ;;
9821023 frv:Linux:*:*)
983 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
984 exit ;;
1024 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1025 ;;
9851026 hexagon:Linux:*:*)
986 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
987 exit ;;
1027 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1028 ;;
9881029 i*86:Linux:*:*)
989 echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
990 exit ;;
1030 GUESS=$UNAME_MACHINE-pc-linux-$LIBC
1031 ;;
9911032 ia64:Linux:*:*)
992 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
993 exit ;;
1033 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1034 ;;
9941035 k1om:Linux:*:*)
995 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
996 exit ;;
1036 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1037 ;;
9971038 loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
998 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
999 exit ;;
1039 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1040 ;;
10001041 m32r*:Linux:*:*)
1001 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1002 exit ;;
1042 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1043 ;;
10031044 m68*:Linux:*:*)
1004 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1005 exit ;;
1045 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1046 ;;
10061047 mips:Linux:*:* | mips64:Linux:*:*)
10071048 set_cc_for_build
10081049 IS_GLIBC=0
10471088 #endif
10481089 #endif
10491090 EOF
1050 eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI')"
1091 cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`
1092 eval "$cc_set_vars"
10511093 test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
10521094 ;;
10531095 mips64el:Linux:*:*)
1054 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1055 exit ;;
1096 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1097 ;;
10561098 openrisc*:Linux:*:*)
1057 echo or1k-unknown-linux-"$LIBC"
1058 exit ;;
1099 GUESS=or1k-unknown-linux-$LIBC
1100 ;;
10591101 or32:Linux:*:* | or1k*:Linux:*:*)
1060 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1061 exit ;;
1102 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1103 ;;
10621104 padre:Linux:*:*)
1063 echo sparc-unknown-linux-"$LIBC"
1064 exit ;;
1105 GUESS=sparc-unknown-linux-$LIBC
1106 ;;
10651107 parisc64:Linux:*:* | hppa64:Linux:*:*)
1066 echo hppa64-unknown-linux-"$LIBC"
1067 exit ;;
1108 GUESS=hppa64-unknown-linux-$LIBC
1109 ;;
10681110 parisc:Linux:*:* | hppa:Linux:*:*)
10691111 # Look for CPU level
1070 case $(grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2) in
1071 PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;;
1072 PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;;
1073 *) echo hppa-unknown-linux-"$LIBC" ;;
1112 case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
1113 PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;;
1114 PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;;
1115 *) GUESS=hppa-unknown-linux-$LIBC ;;
10741116 esac
1075 exit ;;
1117 ;;
10761118 ppc64:Linux:*:*)
1077 echo powerpc64-unknown-linux-"$LIBC"
1078 exit ;;
1119 GUESS=powerpc64-unknown-linux-$LIBC
1120 ;;
10791121 ppc:Linux:*:*)
1080 echo powerpc-unknown-linux-"$LIBC"
1081 exit ;;
1122 GUESS=powerpc-unknown-linux-$LIBC
1123 ;;
10821124 ppc64le:Linux:*:*)
1083 echo powerpc64le-unknown-linux-"$LIBC"
1084 exit ;;
1125 GUESS=powerpc64le-unknown-linux-$LIBC
1126 ;;
10851127 ppcle:Linux:*:*)
1086 echo powerpcle-unknown-linux-"$LIBC"
1087 exit ;;
1128 GUESS=powerpcle-unknown-linux-$LIBC
1129 ;;
10881130 riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*)
1089 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1090 exit ;;
1131 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1132 ;;
10911133 s390:Linux:*:* | s390x:Linux:*:*)
1092 echo "$UNAME_MACHINE"-ibm-linux-"$LIBC"
1093 exit ;;
1134 GUESS=$UNAME_MACHINE-ibm-linux-$LIBC
1135 ;;
10941136 sh64*:Linux:*:*)
1095 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1096 exit ;;
1137 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1138 ;;
10971139 sh*:Linux:*:*)
1098 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1099 exit ;;
1140 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1141 ;;
11001142 sparc:Linux:*:* | sparc64:Linux:*:*)
1101 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1102 exit ;;
1143 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1144 ;;
11031145 tile*:Linux:*:*)
1104 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1105 exit ;;
1146 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1147 ;;
11061148 vax:Linux:*:*)
1107 echo "$UNAME_MACHINE"-dec-linux-"$LIBC"
1108 exit ;;
1149 GUESS=$UNAME_MACHINE-dec-linux-$LIBC
1150 ;;
11091151 x86_64:Linux:*:*)
11101152 set_cc_for_build
11111153 LIBCABI=$LIBC
11141156 (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
11151157 grep IS_X32 >/dev/null
11161158 then
1117 LIBCABI="$LIBC"x32
1159 LIBCABI=${LIBC}x32
11181160 fi
11191161 fi
1120 echo "$UNAME_MACHINE"-pc-linux-"$LIBCABI"
1121 exit ;;
1162 GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI
1163 ;;
11221164 xtensa*:Linux:*:*)
1123 echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
1124 exit ;;
1165 GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
1166 ;;
11251167 i*86:DYNIX/ptx:4*:*)
11261168 # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
11271169 # earlier versions are messed up and put the nodename in both
11281170 # sysname and nodename.
1129 echo i386-sequent-sysv4
1130 exit ;;
1171 GUESS=i386-sequent-sysv4
1172 ;;
11311173 i*86:UNIX_SV:4.2MP:2.*)
11321174 # Unixware is an offshoot of SVR4, but it has its own version
11331175 # number series starting with 2...
11341176 # I am not positive that other SVR4 systems won't match this,
11351177 # I just have to hope. -- rms.
11361178 # Use sysv4.2uw... so that sysv4* matches it.
1137 echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION"
1138 exit ;;
1179 GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION
1180 ;;
11391181 i*86:OS/2:*:*)
11401182 # If we were able to find `uname', then EMX Unix compatibility
11411183 # is probably installed.
1142 echo "$UNAME_MACHINE"-pc-os2-emx
1143 exit ;;
1184 GUESS=$UNAME_MACHINE-pc-os2-emx
1185 ;;
11441186 i*86:XTS-300:*:STOP)
1145 echo "$UNAME_MACHINE"-unknown-stop
1146 exit ;;
1187 GUESS=$UNAME_MACHINE-unknown-stop
1188 ;;
11471189 i*86:atheos:*:*)
1148 echo "$UNAME_MACHINE"-unknown-atheos
1149 exit ;;
1190 GUESS=$UNAME_MACHINE-unknown-atheos
1191 ;;
11501192 i*86:syllable:*:*)
1151 echo "$UNAME_MACHINE"-pc-syllable
1152 exit ;;
1193 GUESS=$UNAME_MACHINE-pc-syllable
1194 ;;
11531195 i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
1154 echo i386-unknown-lynxos"$UNAME_RELEASE"
1155 exit ;;
1196 GUESS=i386-unknown-lynxos$UNAME_RELEASE
1197 ;;
11561198 i*86:*DOS:*:*)
1157 echo "$UNAME_MACHINE"-pc-msdosdjgpp
1158 exit ;;
1199 GUESS=$UNAME_MACHINE-pc-msdosdjgpp
1200 ;;
11591201 i*86:*:4.*:*)
1160 UNAME_REL=$(echo "$UNAME_RELEASE" | sed 's/\/MP$//')
1202 UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
11611203 if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
1162 echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL"
1204 GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL
11631205 else
1164 echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL"
1165 fi
1166 exit ;;
1206 GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL
1207 fi
1208 ;;
11671209 i*86:*:5:[678]*)
11681210 # UnixWare 7.x, OpenUNIX and OpenServer 6.
1169 case $(/bin/uname -X | grep "^Machine") in
1211 case `/bin/uname -X | grep "^Machine"` in
11701212 *486*) UNAME_MACHINE=i486 ;;
11711213 *Pentium) UNAME_MACHINE=i586 ;;
11721214 *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
11731215 esac
1174 echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}"
1175 exit ;;
1216 GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
1217 ;;
11761218 i*86:*:3.2:*)
11771219 if test -f /usr/options/cb.name; then
1178 UNAME_REL=$(sed -n 's/.*Version //p' </usr/options/cb.name)
1179 echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL"
1220 UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
1221 GUESS=$UNAME_MACHINE-pc-isc$UNAME_REL
11801222 elif /bin/uname -X 2>/dev/null >/dev/null ; then
1181 UNAME_REL=$( (/bin/uname -X|grep Release|sed -e 's/.*= //'))
1223 UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
11821224 (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
11831225 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
11841226 && UNAME_MACHINE=i586
11861228 && UNAME_MACHINE=i686
11871229 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
11881230 && UNAME_MACHINE=i686
1189 echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL"
1231 GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL
11901232 else
1191 echo "$UNAME_MACHINE"-pc-sysv32
1192 fi
1193 exit ;;
1233 GUESS=$UNAME_MACHINE-pc-sysv32
1234 fi
1235 ;;
11941236 pc:*:*:*)
11951237 # Left here for compatibility:
11961238 # uname -m prints for DJGPP always 'pc', but it prints nothing about
11981240 # Note: whatever this is, it MUST be the same as what config.sub
11991241 # prints for the "djgpp" host, or else GDB configure will decide that
12001242 # this is a cross-build.
1201 echo i586-pc-msdosdjgpp
1202 exit ;;
1243 GUESS=i586-pc-msdosdjgpp
1244 ;;
12031245 Intel:Mach:3*:*)
1204 echo i386-pc-mach3
1205 exit ;;
1246 GUESS=i386-pc-mach3
1247 ;;
12061248 paragon:*:*:*)
1207 echo i860-intel-osf1
1208 exit ;;
1249 GUESS=i860-intel-osf1
1250 ;;
12091251 i860:*:4.*:*) # i860-SVR4
12101252 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
1211 echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4
1253 GUESS=i860-stardent-sysv$UNAME_RELEASE # Stardent Vistra i860-SVR4
12121254 else # Add other i860-SVR4 vendors below as they are discovered.
1213 echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4
1214 fi
1215 exit ;;
1255 GUESS=i860-unknown-sysv$UNAME_RELEASE # Unknown i860-SVR4
1256 fi
1257 ;;
12161258 mini*:CTIX:SYS*5:*)
12171259 # "miniframe"
1218 echo m68010-convergent-sysv
1219 exit ;;
1260 GUESS=m68010-convergent-sysv
1261 ;;
12201262 mc68k:UNIX:SYSTEM5:3.51m)
1221 echo m68k-convergent-sysv
1222 exit ;;
1263 GUESS=m68k-convergent-sysv
1264 ;;
12231265 M680?0:D-NIX:5.3:*)
1224 echo m68k-diab-dnix
1225 exit ;;
1266 GUESS=m68k-diab-dnix
1267 ;;
12261268 M68*:*:R3V[5678]*:*)
12271269 test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
12281270 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
12291271 OS_REL=''
12301272 test -r /etc/.relid \
1231 && OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid)
1273 && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
12321274 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
12331275 && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
12341276 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
12391281 NCR*:*:4.2:* | MPRAS*:*:4.2:*)
12401282 OS_REL='.3'
12411283 test -r /etc/.relid \
1242 && OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid)
1284 && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
12431285 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
12441286 && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
12451287 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
12471289 /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
12481290 && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
12491291 m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
1250 echo m68k-unknown-lynxos"$UNAME_RELEASE"
1251 exit ;;
1292 GUESS=m68k-unknown-lynxos$UNAME_RELEASE
1293 ;;
12521294 mc68030:UNIX_System_V:4.*:*)
1253 echo m68k-atari-sysv4
1254 exit ;;
1295 GUESS=m68k-atari-sysv4
1296 ;;
12551297 TSUNAMI:LynxOS:2.*:*)
1256 echo sparc-unknown-lynxos"$UNAME_RELEASE"
1257 exit ;;
1298 GUESS=sparc-unknown-lynxos$UNAME_RELEASE
1299 ;;
12581300 rs6000:LynxOS:2.*:*)
1259 echo rs6000-unknown-lynxos"$UNAME_RELEASE"
1260 exit ;;
1301 GUESS=rs6000-unknown-lynxos$UNAME_RELEASE
1302 ;;
12611303 PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
1262 echo powerpc-unknown-lynxos"$UNAME_RELEASE"
1263 exit ;;
1304 GUESS=powerpc-unknown-lynxos$UNAME_RELEASE
1305 ;;
12641306 SM[BE]S:UNIX_SV:*:*)
1265 echo mips-dde-sysv"$UNAME_RELEASE"
1266 exit ;;
1307 GUESS=mips-dde-sysv$UNAME_RELEASE
1308 ;;
12671309 RM*:ReliantUNIX-*:*:*)
1268 echo mips-sni-sysv4
1269 exit ;;
1310 GUESS=mips-sni-sysv4
1311 ;;
12701312 RM*:SINIX-*:*:*)
1271 echo mips-sni-sysv4
1272 exit ;;
1313 GUESS=mips-sni-sysv4
1314 ;;
12731315 *:SINIX-*:*:*)
12741316 if uname -p 2>/dev/null >/dev/null ; then
1275 UNAME_MACHINE=$( (uname -p) 2>/dev/null)
1276 echo "$UNAME_MACHINE"-sni-sysv4
1317 UNAME_MACHINE=`(uname -p) 2>/dev/null`
1318 GUESS=$UNAME_MACHINE-sni-sysv4
12771319 else
1278 echo ns32k-sni-sysv
1279 fi
1280 exit ;;
1320 GUESS=ns32k-sni-sysv
1321 fi
1322 ;;
12811323 PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
12821324 # says <Richard.M.Bartel@ccMail.Census.GOV>
1283 echo i586-unisys-sysv4
1284 exit ;;
1325 GUESS=i586-unisys-sysv4
1326 ;;
12851327 *:UNIX_System_V:4*:FTX*)
12861328 # From Gerald Hewes <hewes@openmarket.com>.
12871329 # How about differentiating between stratus architectures? -djm
1288 echo hppa1.1-stratus-sysv4
1289 exit ;;
1330 GUESS=hppa1.1-stratus-sysv4
1331 ;;
12901332 *:*:*:FTX*)
12911333 # From seanf@swdc.stratus.com.
1292 echo i860-stratus-sysv4
1293 exit ;;
1334 GUESS=i860-stratus-sysv4
1335 ;;
12941336 i*86:VOS:*:*)
12951337 # From Paul.Green@stratus.com.
1296 echo "$UNAME_MACHINE"-stratus-vos
1297 exit ;;
1338 GUESS=$UNAME_MACHINE-stratus-vos
1339 ;;
12981340 *:VOS:*:*)
12991341 # From Paul.Green@stratus.com.
1300 echo hppa1.1-stratus-vos
1301 exit ;;
1342 GUESS=hppa1.1-stratus-vos
1343 ;;
13021344 mc68*:A/UX:*:*)
1303 echo m68k-apple-aux"$UNAME_RELEASE"
1304 exit ;;
1345 GUESS=m68k-apple-aux$UNAME_RELEASE
1346 ;;
13051347 news*:NEWS-OS:6*:*)
1306 echo mips-sony-newsos6
1307 exit ;;
1348 GUESS=mips-sony-newsos6
1349 ;;
13081350 R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
13091351 if test -d /usr/nec; then
1310 echo mips-nec-sysv"$UNAME_RELEASE"
1352 GUESS=mips-nec-sysv$UNAME_RELEASE
13111353 else
1312 echo mips-unknown-sysv"$UNAME_RELEASE"
1313 fi
1314 exit ;;
1354 GUESS=mips-unknown-sysv$UNAME_RELEASE
1355 fi
1356 ;;
13151357 BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
1316 echo powerpc-be-beos
1317 exit ;;
1358 GUESS=powerpc-be-beos
1359 ;;
13181360 BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
1319 echo powerpc-apple-beos
1320 exit ;;
1361 GUESS=powerpc-apple-beos
1362 ;;
13211363 BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
1322 echo i586-pc-beos
1323 exit ;;
1364 GUESS=i586-pc-beos
1365 ;;
13241366 BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
1325 echo i586-pc-haiku
1326 exit ;;
1367 GUESS=i586-pc-haiku
1368 ;;
13271369 x86_64:Haiku:*:*)
1328 echo x86_64-unknown-haiku
1329 exit ;;
1370 GUESS=x86_64-unknown-haiku
1371 ;;
13301372 SX-4:SUPER-UX:*:*)
1331 echo sx4-nec-superux"$UNAME_RELEASE"
1332 exit ;;
1373 GUESS=sx4-nec-superux$UNAME_RELEASE
1374 ;;
13331375 SX-5:SUPER-UX:*:*)
1334 echo sx5-nec-superux"$UNAME_RELEASE"
1335 exit ;;
1376 GUESS=sx5-nec-superux$UNAME_RELEASE
1377 ;;
13361378 SX-6:SUPER-UX:*:*)
1337 echo sx6-nec-superux"$UNAME_RELEASE"
1338 exit ;;
1379 GUESS=sx6-nec-superux$UNAME_RELEASE
1380 ;;
13391381 SX-7:SUPER-UX:*:*)
1340 echo sx7-nec-superux"$UNAME_RELEASE"
1341 exit ;;
1382 GUESS=sx7-nec-superux$UNAME_RELEASE
1383 ;;
13421384 SX-8:SUPER-UX:*:*)
1343 echo sx8-nec-superux"$UNAME_RELEASE"
1344 exit ;;
1385 GUESS=sx8-nec-superux$UNAME_RELEASE
1386 ;;
13451387 SX-8R:SUPER-UX:*:*)
1346 echo sx8r-nec-superux"$UNAME_RELEASE"
1347 exit ;;
1388 GUESS=sx8r-nec-superux$UNAME_RELEASE
1389 ;;
13481390 SX-ACE:SUPER-UX:*:*)
1349 echo sxace-nec-superux"$UNAME_RELEASE"
1350 exit ;;
1391 GUESS=sxace-nec-superux$UNAME_RELEASE
1392 ;;
13511393 Power*:Rhapsody:*:*)
1352 echo powerpc-apple-rhapsody"$UNAME_RELEASE"
1353 exit ;;
1394 GUESS=powerpc-apple-rhapsody$UNAME_RELEASE
1395 ;;
13541396 *:Rhapsody:*:*)
1355 echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE"
1356 exit ;;
1397 GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE
1398 ;;
13571399 arm64:Darwin:*:*)
1358 echo aarch64-apple-darwin"$UNAME_RELEASE"
1359 exit ;;
1400 GUESS=aarch64-apple-darwin$UNAME_RELEASE
1401 ;;
13601402 *:Darwin:*:*)
1361 UNAME_PROCESSOR=$(uname -p)
1403 UNAME_PROCESSOR=`uname -p`
13621404 case $UNAME_PROCESSOR in
13631405 unknown) UNAME_PROCESSOR=powerpc ;;
13641406 esac
13921434 # uname -m returns i386 or x86_64
13931435 UNAME_PROCESSOR=$UNAME_MACHINE
13941436 fi
1395 echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
1396 exit ;;
1437 GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE
1438 ;;
13971439 *:procnto*:*:* | *:QNX:[0123456789]*:*)
1398 UNAME_PROCESSOR=$(uname -p)
1440 UNAME_PROCESSOR=`uname -p`
13991441 if test "$UNAME_PROCESSOR" = x86; then
14001442 UNAME_PROCESSOR=i386
14011443 UNAME_MACHINE=pc
14021444 fi
1403 echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE"
1404 exit ;;
1445 GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE
1446 ;;
14051447 *:QNX:*:4*)
1406 echo i386-pc-qnx
1407 exit ;;
1448 GUESS=i386-pc-qnx
1449 ;;
14081450 NEO-*:NONSTOP_KERNEL:*:*)
1409 echo neo-tandem-nsk"$UNAME_RELEASE"
1410 exit ;;
1451 GUESS=neo-tandem-nsk$UNAME_RELEASE
1452 ;;
14111453 NSE-*:NONSTOP_KERNEL:*:*)
1412 echo nse-tandem-nsk"$UNAME_RELEASE"
1413 exit ;;
1454 GUESS=nse-tandem-nsk$UNAME_RELEASE
1455 ;;
14141456 NSR-*:NONSTOP_KERNEL:*:*)
1415 echo nsr-tandem-nsk"$UNAME_RELEASE"
1416 exit ;;
1457 GUESS=nsr-tandem-nsk$UNAME_RELEASE
1458 ;;
14171459 NSV-*:NONSTOP_KERNEL:*:*)
1418 echo nsv-tandem-nsk"$UNAME_RELEASE"
1419 exit ;;
1460 GUESS=nsv-tandem-nsk$UNAME_RELEASE
1461 ;;
14201462 NSX-*:NONSTOP_KERNEL:*:*)
1421 echo nsx-tandem-nsk"$UNAME_RELEASE"
1422 exit ;;
1463 GUESS=nsx-tandem-nsk$UNAME_RELEASE
1464 ;;
14231465 *:NonStop-UX:*:*)
1424 echo mips-compaq-nonstopux
1425 exit ;;
1466 GUESS=mips-compaq-nonstopux
1467 ;;
14261468 BS2000:POSIX*:*:*)
1427 echo bs2000-siemens-sysv
1428 exit ;;
1469 GUESS=bs2000-siemens-sysv
1470 ;;
14291471 DS/*:UNIX_System_V:*:*)
1430 echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE"
1431 exit ;;
1472 GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE
1473 ;;
14321474 *:Plan9:*:*)
14331475 # "uname -m" is not consistent, so use $cputype instead. 386
14341476 # is converted to i386 for consistency with other x86
14351477 # operating systems.
1436 # shellcheck disable=SC2154
1437 if test "$cputype" = 386; then
1478 if test "${cputype-}" = 386; then
14381479 UNAME_MACHINE=i386
1439 else
1440 UNAME_MACHINE="$cputype"
1441 fi
1442 echo "$UNAME_MACHINE"-unknown-plan9
1443 exit ;;
1480 elif test "x${cputype-}" != x; then
1481 UNAME_MACHINE=$cputype
1482 fi
1483 GUESS=$UNAME_MACHINE-unknown-plan9
1484 ;;
14441485 *:TOPS-10:*:*)
1445 echo pdp10-unknown-tops10
1446 exit ;;
1486 GUESS=pdp10-unknown-tops10
1487 ;;
14471488 *:TENEX:*:*)
1448 echo pdp10-unknown-tenex
1449 exit ;;
1489 GUESS=pdp10-unknown-tenex
1490 ;;
14501491 KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
1451 echo pdp10-dec-tops20
1452 exit ;;
1492 GUESS=pdp10-dec-tops20
1493 ;;
14531494 XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
1454 echo pdp10-xkl-tops20
1455 exit ;;
1495 GUESS=pdp10-xkl-tops20
1496 ;;
14561497 *:TOPS-20:*:*)
1457 echo pdp10-unknown-tops20
1458 exit ;;
1498 GUESS=pdp10-unknown-tops20
1499 ;;
14591500 *:ITS:*:*)
1460 echo pdp10-unknown-its
1461 exit ;;
1501 GUESS=pdp10-unknown-its
1502 ;;
14621503 SEI:*:*:SEIUX)
1463 echo mips-sei-seiux"$UNAME_RELEASE"
1464 exit ;;
1504 GUESS=mips-sei-seiux$UNAME_RELEASE
1505 ;;
14651506 *:DragonFly:*:*)
1466 echo "$UNAME_MACHINE"-unknown-dragonfly"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')"
1467 exit ;;
1507 DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
1508 GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL
1509 ;;
14681510 *:*VMS:*:*)
1469 UNAME_MACHINE=$( (uname -p) 2>/dev/null)
1470 case "$UNAME_MACHINE" in
1471 A*) echo alpha-dec-vms ; exit ;;
1472 I*) echo ia64-dec-vms ; exit ;;
1473 V*) echo vax-dec-vms ; exit ;;
1511 UNAME_MACHINE=`(uname -p) 2>/dev/null`
1512 case $UNAME_MACHINE in
1513 A*) GUESS=alpha-dec-vms ;;
1514 I*) GUESS=ia64-dec-vms ;;
1515 V*) GUESS=vax-dec-vms ;;
14741516 esac ;;
14751517 *:XENIX:*:SysV)
1476 echo i386-pc-xenix
1477 exit ;;
1518 GUESS=i386-pc-xenix
1519 ;;
14781520 i*86:skyos:*:*)
1479 echo "$UNAME_MACHINE"-pc-skyos"$(echo "$UNAME_RELEASE" | sed -e 's/ .*$//')"
1480 exit ;;
1521 SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`
1522 GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL
1523 ;;
14811524 i*86:rdos:*:*)
1482 echo "$UNAME_MACHINE"-pc-rdos
1483 exit ;;
1525 GUESS=$UNAME_MACHINE-pc-rdos
1526 ;;
1527 i*86:Fiwix:*:*)
1528 GUESS=$UNAME_MACHINE-pc-fiwix
1529 ;;
14841530 *:AROS:*:*)
1485 echo "$UNAME_MACHINE"-unknown-aros
1486 exit ;;
1531 GUESS=$UNAME_MACHINE-unknown-aros
1532 ;;
14871533 x86_64:VMkernel:*:*)
1488 echo "$UNAME_MACHINE"-unknown-esx
1489 exit ;;
1534 GUESS=$UNAME_MACHINE-unknown-esx
1535 ;;
14901536 amd64:Isilon\ OneFS:*:*)
1491 echo x86_64-unknown-onefs
1492 exit ;;
1537 GUESS=x86_64-unknown-onefs
1538 ;;
14931539 *:Unleashed:*:*)
1494 echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE"
1495 exit ;;
1540 GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE
1541 ;;
14961542 esac
1543
1544 # Do we have a guess based on uname results?
1545 if test "x$GUESS" != x; then
1546 echo "$GUESS"
1547 exit
1548 fi
14971549
14981550 # No uname command or uname output not recognized.
14991551 set_cc_for_build
15341586 #define __ARCHITECTURE__ "m68k"
15351587 #endif
15361588 int version;
1537 version=$( (hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null);
1589 version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
15381590 if (version < 4)
15391591 printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
15401592 else
16261678 }
16271679 EOF
16281680
1629 $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=$($dummy) &&
1681 $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` &&
16301682 { echo "$SYSTEM_NAME"; exit; }
16311683
16321684 # Apollos put the system type in the environment.
16341686
16351687 echo "$0: unable to guess system type" >&2
16361688
1637 case "$UNAME_MACHINE:$UNAME_SYSTEM" in
1689 case $UNAME_MACHINE:$UNAME_SYSTEM in
16381690 mips:Linux | mips64:Linux)
16391691 # If we got here on MIPS GNU/Linux, output extra information.
16401692 cat >&2 <<EOF
16561708 https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
16571709 EOF
16581710
1659 year=$(echo $timestamp | sed 's,-.*,,')
1711 our_year=`echo $timestamp | sed 's,-.*,,'`
1712 thisyear=`date +%Y`
16601713 # shellcheck disable=SC2003
1661 if test "$(expr "$(date +%Y)" - "$year")" -lt 3 ; then
1714 script_age=`expr "$thisyear" - "$our_year"`
1715 if test "$script_age" -lt 3 ; then
16621716 cat >&2 <<EOF
16631717
16641718 If $0 has already been updated, send the following data and any
16671721
16681722 config.guess timestamp = $timestamp
16691723
1670 uname -m = $( (uname -m) 2>/dev/null || echo unknown)
1671 uname -r = $( (uname -r) 2>/dev/null || echo unknown)
1672 uname -s = $( (uname -s) 2>/dev/null || echo unknown)
1673 uname -v = $( (uname -v) 2>/dev/null || echo unknown)
1674
1675 /usr/bin/uname -p = $( (/usr/bin/uname -p) 2>/dev/null)
1676 /bin/uname -X = $( (/bin/uname -X) 2>/dev/null)
1677
1678 hostinfo = $( (hostinfo) 2>/dev/null)
1679 /bin/universe = $( (/bin/universe) 2>/dev/null)
1680 /usr/bin/arch -k = $( (/usr/bin/arch -k) 2>/dev/null)
1681 /bin/arch = $( (/bin/arch) 2>/dev/null)
1682 /usr/bin/oslevel = $( (/usr/bin/oslevel) 2>/dev/null)
1683 /usr/convex/getsysinfo = $( (/usr/convex/getsysinfo) 2>/dev/null)
1724 uname -m = `(uname -m) 2>/dev/null || echo unknown`
1725 uname -r = `(uname -r) 2>/dev/null || echo unknown`
1726 uname -s = `(uname -s) 2>/dev/null || echo unknown`
1727 uname -v = `(uname -v) 2>/dev/null || echo unknown`
1728
1729 /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
1730 /bin/uname -X = `(/bin/uname -X) 2>/dev/null`
1731
1732 hostinfo = `(hostinfo) 2>/dev/null`
1733 /bin/universe = `(/bin/universe) 2>/dev/null`
1734 /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
1735 /bin/arch = `(/bin/arch) 2>/dev/null`
1736 /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
1737 /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
16841738
16851739 UNAME_MACHINE = "$UNAME_MACHINE"
16861740 UNAME_RELEASE = "$UNAME_RELEASE"
+35
-0
config.h.in less more
2626
2727 /* Whether daemon is deprecated */
2828 #undef DEPRECATED_DAEMON
29
30 /* Deprecate RSA 1024 bit length, makes that an unsupported key */
31 #undef DEPRECATE_RSA_1024
2932
3033 /* Define this to enable kernel based UDP source port randomization. */
3134 #undef DISABLE_EXPLICIT_PORT_RANDOMISATION
6871 /* If we have be64toh */
6972 #undef HAVE_BE64TOH
7073
74 /* Define to 1 if you have the `BIO_set_callback_ex' function. */
75 #undef HAVE_BIO_SET_CALLBACK_EX
76
7177 /* Define to 1 if you have the <bsd/stdlib.h> header file. */
7278 #undef HAVE_BSD_STDLIB_H
7379
311317 /* Define to 1 if you have the <ifaddrs.h> header file. */
312318 #undef HAVE_IFADDRS_H
313319
320 /* Define to 1 if you have the `if_nametoindex' function. */
321 #undef HAVE_IF_NAMETOINDEX
322
314323 /* Define to 1 if you have the `inet_aton' function. */
315324 #undef HAVE_INET_ATON
316325
371380 /* Define to 1 if you have the <netinet/tcp.h> header file. */
372381 #undef HAVE_NETINET_TCP_H
373382
383 /* Define to 1 if you have the <netioapi.h> header file. */
384 #undef HAVE_NETIOAPI_H
385
374386 /* Use libnettle for crypto */
375387 #undef HAVE_NETTLE
376388
425437 /* Define to 1 if you have the `OPENSSL_init_ssl' function. */
426438 #undef HAVE_OPENSSL_INIT_SSL
427439
440 /* Define to 1 if you have the <openssl/param_build.h> header file. */
441 #undef HAVE_OPENSSL_PARAM_BUILD_H
442
428443 /* Define to 1 if you have the <openssl/rand.h> header file. */
429444 #undef HAVE_OPENSSL_RAND_H
430445
434449 /* Define to 1 if you have the <openssl/ssl.h> header file. */
435450 #undef HAVE_OPENSSL_SSL_H
436451
452 /* Define to 1 if you have the `OSSL_PARAM_BLD_new' function. */
453 #undef HAVE_OSSL_PARAM_BLD_NEW
454
437455 /* Define if you have POSIX threads libraries and header files. */
438456 #undef HAVE_PTHREAD
439457
514532
515533 /* Define if you have the SSL libraries installed. */
516534 #undef HAVE_SSL
535
536 /* Define to 1 if you have the `SSL_CTX_set_alpn_protos' function. */
537 #undef HAVE_SSL_CTX_SET_ALPN_PROTOS
517538
518539 /* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */
519540 #undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
528549 function. */
529550 #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB
530551
552 /* Define to 1 if you have the `SSL_get0_alpn_selected' function. */
553 #undef HAVE_SSL_GET0_ALPN_SELECTED
554
531555 /* Define to 1 if you have the `SSL_get0_peername' function. */
532556 #undef HAVE_SSL_GET0_PEERNAME
557
558 /* Define to 1 if you have the `SSL_get1_peer_certificate' function. */
559 #undef HAVE_SSL_GET1_PEER_CERTIFICATE
533560
534561 /* Define to 1 if you have the `SSL_set1_host' function. */
535562 #undef HAVE_SSL_SET1_HOST
845872
846873 /* Define if you enable libevent */
847874 #undef USE_LIBEVENT
875
876 /* Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a
877 default outgoing port range. This is only for the libunbound on Linux and
878 does not affect unbound resolving daemon itself. This may severely limit
879 the number of available outgoing ports and thus decrease randomness. Define
880 this only when the target system restricts (e.g. some of SELinux enabled
881 distributions) the use of non-ephemeral ports. */
882 #undef USE_LINUX_IP_LOCAL_PORT_RANGE
848883
849884 /* Define if you want to use internal select based events */
850885 #undef USE_MINI_EVENT
+64
-34
config.sub less more
00 #! /bin/sh
11 # Configuration validation subroutine script.
2 # Copyright 1992-2021 Free Software Foundation, Inc.
3
4 timestamp='2021-01-08'
2 # Copyright 1992-2022 Free Software Foundation, Inc.
3
4 # shellcheck disable=SC2006,SC2268 # see below for rationale
5
6 timestamp='2022-01-03'
57
68 # This file is free software; you can redistribute it and/or modify it
79 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
10 # the Free Software Foundation, either version 3 of the License, or
911 # (at your option) any later version.
1012 #
1113 # This program is distributed in the hope that it will be useful, but
4951 # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
5052 # It is wrong to echo any other type of specification.
5153
52 me=$(echo "$0" | sed -e 's,.*/,,')
54 # The "shellcheck disable" line above the timestamp inhibits complaints
55 # about features and limitations of the classic Bourne shell that were
56 # superseded or lifted in POSIX. However, this script identifies a wide
57 # variety of pre-POSIX systems that do not have POSIX shells at all, and
58 # even some reasonably current systems (Solaris 10 as case-in-point) still
59 # have a pre-POSIX /bin/sh.
60
61 me=`echo "$0" | sed -e 's,.*/,,'`
5362
5463 usage="\
5564 Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
6675 version="\
6776 GNU config.sub ($timestamp)
6877
69 Copyright 1992-2021 Free Software Foundation, Inc.
78 Copyright 1992-2022 Free Software Foundation, Inc.
7079
7180 This is free software; see the source for copying conditions. There is NO
7281 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
111120
112121 # Split fields of configuration type
113122 # shellcheck disable=SC2162
123 saved_IFS=$IFS
114124 IFS="-" read field1 field2 field3 field4 <<EOF
115125 $1
116126 EOF
127 IFS=$saved_IFS
117128
118129 # Separate into logical components for further validation
119130 case $1 in
160171 # Prevent following clause from handling this valid os
161172 sun*os*)
162173 basic_machine=$field1
174 basic_os=$field2
175 ;;
176 zephyr*)
177 basic_machine=$field1-unknown
163178 basic_os=$field2
164179 ;;
165180 # Manufacturers
768783 vendor=hp
769784 ;;
770785 i*86v32)
771 cpu=$(echo "$1" | sed -e 's/86.*/86/')
786 cpu=`echo "$1" | sed -e 's/86.*/86/'`
772787 vendor=pc
773788 basic_os=sysv32
774789 ;;
775790 i*86v4*)
776 cpu=$(echo "$1" | sed -e 's/86.*/86/')
791 cpu=`echo "$1" | sed -e 's/86.*/86/'`
777792 vendor=pc
778793 basic_os=sysv4
779794 ;;
780795 i*86v)
781 cpu=$(echo "$1" | sed -e 's/86.*/86/')
796 cpu=`echo "$1" | sed -e 's/86.*/86/'`
782797 vendor=pc
783798 basic_os=sysv
784799 ;;
785800 i*86sol2)
786 cpu=$(echo "$1" | sed -e 's/86.*/86/')
801 cpu=`echo "$1" | sed -e 's/86.*/86/'`
787802 vendor=pc
788803 basic_os=solaris2
789804 ;;
916931 ;;
917932 leon-*|leon[3-9]-*)
918933 cpu=sparc
919 vendor=$(echo "$basic_machine" | sed 's/-.*//')
934 vendor=`echo "$basic_machine" | sed 's/-.*//'`
920935 ;;
921936
922937 *-*)
923938 # shellcheck disable=SC2162
939 saved_IFS=$IFS
924940 IFS="-" read cpu vendor <<EOF
925941 $basic_machine
926942 EOF
943 IFS=$saved_IFS
927944 ;;
928945 # We use `pc' rather than `unknown'
929946 # because (1) that's what they normally are, and
10021019 ;;
10031020
10041021 # Here we normalize CPU types with a missing or matching vendor
1022 armh-unknown | armh-alt)
1023 cpu=armv7l
1024 vendor=alt
1025 basic_os=${basic_os:-linux-gnueabihf}
1026 ;;
10051027 dpx20-unknown | dpx20-bull)
10061028 cpu=rs6000
10071029 vendor=bull
10831105 cpu=mipsisa64sb1el
10841106 ;;
10851107 sh5e[lb]-*)
1086 cpu=$(echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/')
1108 cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
10871109 ;;
10881110 spur-*)
10891111 cpu=spur
11011123 cpu=x86_64
11021124 ;;
11031125 xscale-* | xscalee[bl]-*)
1104 cpu=$(echo "$cpu" | sed 's/^xscale/arm/')
1105 ;;
1106 arm64-*)
1126 cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
1127 ;;
1128 arm64-* | aarch64le-*)
11071129 cpu=aarch64
11081130 ;;
11091131
11641186 | alphapca5[67] | alpha64pca5[67] \
11651187 | am33_2.0 \
11661188 | amdgcn \
1167 | arc | arceb \
1189 | arc | arceb | arc32 | arc64 \
11681190 | arm | arm[lb]e | arme[lb] | armv* \
11691191 | avr | avr32 \
11701192 | asmjs \
12031225 | mips64vr5900 | mips64vr5900el \
12041226 | mipsisa32 | mipsisa32el \
12051227 | mipsisa32r2 | mipsisa32r2el \
1228 | mipsisa32r3 | mipsisa32r3el \
1229 | mipsisa32r5 | mipsisa32r5el \
12061230 | mipsisa32r6 | mipsisa32r6el \
12071231 | mipsisa64 | mipsisa64el \
12081232 | mipsisa64r2 | mipsisa64r2el \
1233 | mipsisa64r3 | mipsisa64r3el \
1234 | mipsisa64r5 | mipsisa64r5el \
12091235 | mipsisa64r6 | mipsisa64r6el \
12101236 | mipsisa64sb1 | mipsisa64sb1el \
12111237 | mipsisa64sr71k | mipsisa64sr71kel \
12821308 if test x$basic_os != x
12831309 then
12841310
1285 # First recognize some ad-hoc caes, or perhaps split kernel-os, or else just
1311 # First recognize some ad-hoc cases, or perhaps split kernel-os, or else just
12861312 # set os.
12871313 case $basic_os in
12881314 gnu/linux*)
12891315 kernel=linux
1290 os=$(echo $basic_os | sed -e 's|gnu/linux|gnu|')
1316 os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'`
12911317 ;;
12921318 os2-emx)
12931319 kernel=os2
1294 os=$(echo $basic_os | sed -e 's|os2-emx|emx|')
1320 os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'`
12951321 ;;
12961322 nto-qnx*)
12971323 kernel=nto
1298 os=$(echo $basic_os | sed -e 's|nto-qnx|qnx|')
1324 os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'`
12991325 ;;
13001326 *-*)
13011327 # shellcheck disable=SC2162
1328 saved_IFS=$IFS
13021329 IFS="-" read kernel os <<EOF
13031330 $basic_os
13041331 EOF
1332 IFS=$saved_IFS
13051333 ;;
13061334 # Default OS when just kernel was specified
13071335 nto*)
13081336 kernel=nto
1309 os=$(echo $basic_os | sed -e 's|nto|qnx|')
1337 os=`echo "$basic_os" | sed -e 's|nto|qnx|'`
13101338 ;;
13111339 linux*)
13121340 kernel=linux
1313 os=$(echo $basic_os | sed -e 's|linux|gnu|')
1341 os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
13141342 ;;
13151343 *)
13161344 kernel=
13311359 os=cnk
13321360 ;;
13331361 solaris1 | solaris1.*)
1334 os=$(echo $os | sed -e 's|solaris1|sunos4|')
1362 os=`echo "$os" | sed -e 's|solaris1|sunos4|'`
13351363 ;;
13361364 solaris)
13371365 os=solaris2
13601388 os=sco3.2v4
13611389 ;;
13621390 sco3.2.[4-9]*)
1363 os=$(echo $os | sed -e 's/sco3.2./sco3.2v/')
1391 os=`echo "$os" | sed -e 's/sco3.2./sco3.2v/'`
13641392 ;;
13651393 sco*v* | scout)
13661394 # Don't match below
13901418 os=lynxos
13911419 ;;
13921420 mac[0-9]*)
1393 os=$(echo "$os" | sed -e 's|mac|macos|')
1421 os=`echo "$os" | sed -e 's|mac|macos|'`
13941422 ;;
13951423 opened*)
13961424 os=openedition
13991427 os=os400
14001428 ;;
14011429 sunos5*)
1402 os=$(echo "$os" | sed -e 's|sunos5|solaris2|')
1430 os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
14031431 ;;
14041432 sunos6*)
1405 os=$(echo "$os" | sed -e 's|sunos6|solaris3|')
1433 os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
14061434 ;;
14071435 wince*)
14081436 os=wince
14361464 ;;
14371465 # Preserve the version number of sinix5.
14381466 sinix5.*)
1439 os=$(echo $os | sed -e 's|sinix|sysv|')
1467 os=`echo "$os" | sed -e 's|sinix|sysv|'`
14401468 ;;
14411469 sinix*)
14421470 os=sysv4
16831711 # Now, validate our (potentially fixed-up) OS.
16841712 case $os in
16851713 # Sometimes we do "kernel-libc", so those need to count as OSes.
1686 musl* | newlib* | uclibc*)
1714 musl* | newlib* | relibc* | uclibc*)
16871715 ;;
16881716 # Likewise for "kernel-abi"
16891717 eabi* | gnueabi*)
17061734 | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \
17071735 | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \
17081736 | mirbsd* | netbsd* | dicos* | openedition* | ose* \
1709 | bitrig* | openbsd* | solidbsd* | libertybsd* | os108* \
1737 | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \
17101738 | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \
17111739 | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
17121740 | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
17131741 | udi* | lites* | ieee* | go32* | aux* | hcos* \
1714 | chorusrdb* | cegcc* | glidix* \
1742 | chorusrdb* | cegcc* | glidix* | serenity* \
17151743 | cygwin* | msys* | pe* | moss* | proelf* | rtems* \
17161744 | midipix* | mingw32* | mingw64* | mint* \
17171745 | uxpv* | beos* | mpeix* | udk* | moxiebox* \
17241752 | skyos* | haiku* | rdos* | toppers* | drops* | es* \
17251753 | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
17261754 | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
1727 | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx*)
1755 | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
1756 | fiwix* )
17281757 ;;
17291758 # This one is extra strict with allowed versions
17301759 sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
17411770 # As a final step for OS-related things, validate the OS-kernel combination
17421771 # (given a valid OS), if there is a kernel.
17431772 case $kernel-$os in
1744 linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* | linux-musl* | linux-uclibc* )
1773 linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
1774 | linux-musl* | linux-relibc* | linux-uclibc* )
17451775 ;;
17461776 uclinux-uclibc* )
17471777 ;;
1748 -dietlibc* | -newlib* | -musl* | -uclibc* )
1778 -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* )
17491779 # These are just libc implementations, not actual OSes, and thus
17501780 # require a kernel.
17511781 echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2
+202
-60
configure less more
00 #! /bin/sh
11 # Guess values for system-dependent variables and create Makefiles.
2 # Generated by GNU Autoconf 2.69 for unbound 1.13.1.
2 # Generated by GNU Autoconf 2.69 for unbound 1.15.0.
33 #
44 # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
55 #
590590 # Identity of this package.
591591 PACKAGE_NAME='unbound'
592592 PACKAGE_TARNAME='unbound'
593 PACKAGE_VERSION='1.13.1'
594 PACKAGE_STRING='unbound 1.13.1'
593 PACKAGE_VERSION='1.15.0'
594 PACKAGE_STRING='unbound 1.15.0'
595595 PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
596596 PACKAGE_URL=''
597597
642642 IPSET_SRC
643643 IPSECMOD_HEADER
644644 IPSECMOD_OBJ
645 CACHEDB_OBJ
646 CACHEDB_SRC
645647 DNSCRYPT_OBJ
646648 DNSCRYPT_SRC
647649 ENABLE_DNSCRYPT
679681 HAVE_SSL
680682 PC_CRYPTO_DEPENDENCY
681683 CONFIG_DATE
684 GCC_DOCKER_LINTFLAGS
682685 NETBSD_LINTFLAGS
683686 PYUNBOUND_UNINSTALL
684687 PYUNBOUND_INSTALL
694697 SWIG_LIB
695698 SWIG
696699 PC_PY_DEPENDENCY
700 PYTHON_LIBS
697701 PY_MAJOR_VERSION
698702 PYTHON_SITE_PKG
699703 PYTHON_LDFLAGS
874878 enable_gost
875879 enable_ecdsa
876880 enable_dsa
881 with_deprecate_rsa_1024
877882 enable_ed25519
878883 enable_ed448
879884 enable_event_api
897902 enable_ipset
898903 with_libmnl
899904 enable_explicit_port_randomisation
905 enable_linux_ip_local_port_range
900906 with_libunbound_only
901907 '
902908 ac_precious_vars='build_alias
14591465 # Omit some internal or obsolete options to make the list less imposing.
14601466 # This message is too long to be a string in the A/UX 3.1 sh.
14611467 cat <<_ACEOF
1462 \`configure' configures unbound 1.13.1 to adapt to many kinds of systems.
1468 \`configure' configures unbound 1.15.0 to adapt to many kinds of systems.
14631469
14641470 Usage: $0 [OPTION]... [VAR=VALUE]...
14651471
15241530
15251531 if test -n "$ac_init_help"; then
15261532 case $ac_init_help in
1527 short | recursive ) echo "Configuration of unbound 1.13.1:";;
1533 short | recursive ) echo "Configuration of unbound 1.15.0:";;
15281534 esac
15291535 cat <<\_ACEOF
15301536
15891595 --disable-explicit-port-randomisation
15901596 disable explicit source port randomisation and rely
15911597 on the kernel to provide random source ports
1598 --enable-linux-ip-local-port-range
1599 Define this to enable use of
1600 /proc/sys/net/ipv4/ip_local_port_range as a default
1601 outgoing port range. This is only for the libunbound
1602 on Linux and does not affect unbound resolving
1603 daemon itself. This may severely limit the number of
1604 available outgoing ports and thus decrease
1605 randomness. Define this only when the target system
1606 restricts (e.g. some of SELinux enabled
1607 distributions) the use of non-ephemeral ports.
15921608
15931609 Optional Packages:
15941610 --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
16341650 --with-nettle=path use libnettle as crypto library, installed at path.
16351651 --with-ssl=pathname enable SSL (will check /usr/local/ssl /usr/lib/ssl
16361652 /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw
1637 /usr)
1653 /usr or specify like /usr/include/openssl11)
16381654 --with-libbsd Use portable libbsd functions
1655 --with-deprecate-rsa-1024
1656 Deprecate RSA 1024 bit length, makes that an
1657 unsupported key, for use when OpenSSL FIPS refuses
1658 1024 bit verification
16391659 --with-libevent=pathname
16401660 use libevent (will check /usr/local /opt/local
16411661 /usr/lib /usr/pkg /usr/sfw /usr or you can specify
17521772 test -n "$ac_init_help" && exit $ac_status
17531773 if $ac_init_version; then
17541774 cat <<\_ACEOF
1755 unbound configure 1.13.1
1775 unbound configure 1.15.0
17561776 generated by GNU Autoconf 2.69
17571777
17581778 Copyright (C) 2012 Free Software Foundation, Inc.
24612481 This file contains any messages produced by compilers while
24622482 running configure, to aid debugging if configure makes a mistake.
24632483
2464 It was created by unbound $as_me 1.13.1, which was
2484 It was created by unbound $as_me 1.15.0, which was
24652485 generated by GNU Autoconf 2.69. Invocation command line was
24662486
24672487 $ $0 $@
28112831
28122832 UNBOUND_VERSION_MAJOR=1
28132833
2814 UNBOUND_VERSION_MINOR=13
2815
2816 UNBOUND_VERSION_MICRO=1
2834 UNBOUND_VERSION_MINOR=15
2835
2836 UNBOUND_VERSION_MICRO=0
28172837
28182838
28192839 LIBUNBOUND_CURRENT=9
2820 LIBUNBOUND_REVISION=12
2840 LIBUNBOUND_REVISION=15
28212841 LIBUNBOUND_AGE=1
28222842 # 1.0.0 had 0:12:0
28232843 # 1.0.1 had 0:13:0
28972917 # 1.12.0 had 9:10:1
28982918 # 1.13.0 had 9:11:1
28992919 # 1.13.1 had 9:12:1
2920 # 1.13.2 had 9:13:1
2921 # 1.14.0 had 9:14:1
2922 # 1.15.0 had 9:15:1
29002923
29012924 # Current -- the number of the binary API that we're implementing
29022925 # Revision -- which iteration of the implementation of the binary
41954218 esac
41964219
41974220 # are we on MinGW?
4198 if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes"
4199 else
4200 if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes"
4221 if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes"
4222 else
4223 if echo $host | grep mingw >/dev/null; then on_mingw="yes"
42014224 else on_mingw="no"; fi
42024225 fi
42034226
1460714630
1460814631
1460914632
14633 # pkg-config is only needed for these options, do not require it otherwise
14634 if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
1461014635
1461114636
1461214637
1472714752 PKG_CONFIG=""
1472814753 fi
1472914754 fi
14755 fi
1473014756
1473114757 # Checks for header files.
1473214758 for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h
1477514801 # Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
1477614802 for ac_header in TargetConditionals.h
1477714803 do :
14778 ac_fn_c_check_header_mongrel "$LINENO" "TargetConditionals.h" "ac_cv_header_TargetConditionals_h" "$ac_includes_default"
14804 ac_fn_c_check_header_compile "$LINENO" "TargetConditionals.h" "ac_cv_header_TargetConditionals_h" "$ac_includes_default
14805 "
1477914806 if test "x$ac_cv_header_TargetConditionals_h" = xyes; then :
1478014807 cat >>confdefs.h <<_ACEOF
1478114808 #define HAVE_TARGETCONDITIONALS_H 1
14809 _ACEOF
14810
14811 fi
14812
14813 done
14814
14815 for ac_header in netioapi.h
14816 do :
14817 ac_fn_c_check_header_compile "$LINENO" "netioapi.h" "ac_cv_header_netioapi_h" "$ac_includes_default
14818 #if HAVE_SYS_PARAM_H
14819 #include <sys/param.h>
14820 #endif
14821
14822 #ifdef HAVE_SYS_SOCKET_H
14823 #include <sys/socket.h>
14824 #endif
14825
14826 #ifdef HAVE_SYS_UIO_H
14827 #include <sys/uio.h>
14828 #endif
14829
14830 #ifdef HAVE_NETINET_IN_H
14831 #include <netinet/in.h>
14832 #endif
14833
14834 #ifdef HAVE_NETINET_TCP_H
14835 #include <netinet/tcp.h>
14836 #endif
14837
14838 #ifdef HAVE_ARPA_INET_H
14839 #include <arpa/inet.h>
14840 #endif
14841
14842 #ifdef HAVE_WINSOCK2_H
14843 #include <winsock2.h>
14844 #endif
14845
14846 #ifdef HAVE_WS2TCPIP_H
14847 #include <ws2tcpip.h>
14848 #endif
14849
14850 "
14851 if test "x$ac_cv_header_netioapi_h" = xyes; then :
14852 cat >>confdefs.h <<_ACEOF
14853 #define HAVE_NETIOAPI_H 1
1478214854 _ACEOF
1478314855
1478414856 fi
1529815370 fi
1529915371
1530015372
15301 # check wether strptime also works
15373 # check whether strptime also works
1530215374
1530315375 # check some functions of the OS before linking libs (while still runnable).
1530415376 for ac_header in unistd.h
1591715989
1591815990 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if nonblocking sockets work" >&5
1591915991 $as_echo_n "checking if nonblocking sockets work... " >&6; }
15920 if echo $target | grep mingw32 >/dev/null; then
15992 if echo $host | grep mingw >/dev/null; then
1592115993 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (windows)" >&5
1592215994 $as_echo "no (windows)" >&6; }
1592315995
1618516257
1618616258
1618716259 # check if we can use SO_REUSEPORT
16188 if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then
16260 reuseport_default=0
16261 if echo "$host" | $GREP -i -e linux >/dev/null; then reuseport_default=1; fi
16262 if echo "$host" | $GREP -i -e dragonfly >/dev/null; then reuseport_default=1; fi
16263 if test "$reuseport_default" = 1; then
1618916264
1619016265 $as_echo "#define REUSEPORT_DEFAULT 1" >>confdefs.h
1619116266
1752617601
1752717602 $as_echo "#define HAVE_PYTHON 1" >>confdefs.h
1752817603
17529 if test -n "$LIBS"; then
17530 LIBS="$PYTHON_LDFLAGS $LIBS"
17531 else
17532 LIBS="$PYTHON_LDFLAGS"
17604 if test x_$ub_with_pythonmod != x_no; then
17605 if test -n "$LIBS"; then
17606 LIBS="$PYTHON_LDFLAGS $LIBS"
17607 else
17608 LIBS="$PYTHON_LDFLAGS"
17609 fi
1753317610 fi
17611 PYTHON_LIBS="$PYTHON_LDFLAGS"
17612
1753417613 if test -n "$CPPFLAGS"; then
1753517614 CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
1753617615 else
1786017939 NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_'
1786117940
1786217941 fi
17942
17943 if test "`uname`" = "Linux"; then
17944 # splint cannot parse modern c99 header files
17945 GCC_DOCKER_LINTFLAGS='-syntax'
17946
17947 fi
1786317948 CONFIG_DATE=`date +%Y%m%d`
1786417949
1786517950
1796618051 if test x_$withval != x_no; then
1796718052 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL" >&5
1796818053 $as_echo_n "checking for SSL... " >&6; }
18054 if test -n "$withval"; then
18055 if test ! -f "$withval/include/openssl/ssl.h" -a -f "$withval/openssl/ssl.h"; then
18056 ssldir="$withval"
18057 found_ssl="yes"
18058 withval=""
18059 ssldir_include="$ssldir"
18060 ssldir_lib=`echo $ssldir | sed -e 's/include/lib/'`
18061 if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then
18062 : # found here
18063 else
18064 ssldir_lib=`echo $ssldir | sed -e 's/include/lib64/'`
18065 if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then
18066 : # found here
18067 else
18068 as_fn_error $? "Could not find openssl lib file, $ssldir_lib/libssl.so,a, pass like \"/usr/local\" or \"/usr/include/openssl11\"" "$LINENO" 5
18069 fi
18070 fi
18071 fi
18072 fi
1796918073 if test x_$withval = x_ -o x_$withval = x_yes; then
1797018074 withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr"
1797118075 fi
1797318077 ssldir="$dir"
1797418078 if test -f "$dir/include/openssl/ssl.h"; then
1797518079 found_ssl="yes"
17976
17977 cat >>confdefs.h <<_ACEOF
17978 #define HAVE_SSL /**/
17979 _ACEOF
17980
17981 if test "$ssldir" != "/usr"; then
17982 CPPFLAGS="$CPPFLAGS -I$ssldir/include"
17983 LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include"
17984 fi
18080 ssldir_include="$ssldir/include"
18081 if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
18082 ssldir_lib="$ssldir/lib64"
18083 else
18084 ssldir_lib="$ssldir/lib"
18085 fi
1798518086 break;
1798618087 fi
1798718088 done
1799018091 else
1799118092 { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $ssldir" >&5
1799218093 $as_echo "found in $ssldir" >&6; }
18094
18095 cat >>confdefs.h <<_ACEOF
18096 #define HAVE_SSL /**/
18097 _ACEOF
18098
1799318099 HAVE_SSL=yes
17994 if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
17995 LDFLAGS="$LDFLAGS -L$ssldir/lib"
17996 LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
18100 if test "$ssldir" != "/usr"; then
18101 CPPFLAGS="$CPPFLAGS -I$ssldir_include"
18102 LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir_include"
18103 LDFLAGS="$LDFLAGS -L$ssldir_lib"
18104 LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir_lib"
1799718105
1799818106 if test "x$enable_rpath" = xyes; then
17999 if echo "$ssldir/lib" | grep "^/" >/dev/null; then
18000 RUNTIME_PATH="$RUNTIME_PATH -R$ssldir/lib"
18107 if echo "$ssldir_lib" | grep "^/" >/dev/null; then
18108 RUNTIME_PATH="$RUNTIME_PATH -R$ssldir_lib"
1800118109 fi
1800218110 fi
1800318111
18004 fi
18112 fi
1800518113
1800618114 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sha256 in -lcrypto" >&5
1800718115 $as_echo_n "checking for EVP_sha256 in -lcrypto... " >&6; }
1828918397 conftest$ac_exeext conftest.$ac_ext
1829018398 SSLLIB="-lssl"
1829118399
18292 PC_CRYPTO_DEPENDENCY="libcrypto libssl"
18400 PC_CRYPTO_DEPENDENCY=""
1829318401
1829418402
1829518403 # check if -lcrypt32 is needed because CAPIENG needs that. (on windows)
1833018438
1833118439 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL" >&5
1833218440 $as_echo_n "checking for LibreSSL... " >&6; }
18333 if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
18441 if grep VERSION_TEXT $ssldir_include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
1833418442 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
1833518443 $as_echo "yes" >&6; }
1833618444
1838318491 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
1838418492 $as_echo "no" >&6; }
1838518493 fi
18386 for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h
18494 for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h
1838718495 do :
1838818496 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
1838918497 ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
1839718505
1839818506 done
1839918507
18400 for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params
18508 for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex
1840118509 do :
1840218510 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
1840318511 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
1841318521 # these check_funcs need -lssl
1841418522 BAKLIBS="$LIBS"
1841518523 LIBS="-lssl $LIBS"
18416 for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb
18524 for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate
1841718525 do :
1841818526 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
1841918527 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
1871918827 ;;
1872018828 esac
1872118829
18722 # check wether gost also works
18830 # check whether gost also works
1872318831
1872418832 # Check whether --enable-gost was given.
1872518833 if test "${enable_gost+set}" = set; then :
1875218860 if test c${cross_compiling} = cno; then
1875318861 BAKCFLAGS="$CFLAGS"
1875418862 if test -n "$ssldir"; then
18755 CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib"
18863 CFLAGS="$CFLAGS -Wl,-rpath,$ssldir_lib"
1875618864 fi
1875718865 if test "$cross_compiling" = yes; then :
1875818866 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
1893519043 # see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
1893619044 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openssl supports SHA2 and ECDSA with EVP" >&5
1893719045 $as_echo_n "checking if openssl supports SHA2 and ECDSA with EVP... " >&6; }
18938 if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "OpenSSL" >/dev/null; then
18939 if grep OPENSSL_VERSION_NUMBER $ssldir/include/openssl/opensslv.h | grep 0x0 >/dev/null; then
19046 if grep OPENSSL_VERSION_TEXT $ssldir_include/openssl/opensslv.h | grep "OpenSSL" >/dev/null; then
19047 if grep OPENSSL_VERSION_NUMBER $ssldir_include/openssl/opensslv.h | grep 0x0 >/dev/null; then
1894019048 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
1894119049 $as_echo "no" >&6; }
1894219050
1903019138 ;;
1903119139 esac
1903219140
19141
19142 # Check whether --with-deprecate-rsa-1024 was given.
19143 if test "${with_deprecate_rsa_1024+set}" = set; then :
19144 withval=$with_deprecate_rsa_1024;
19145 fi
19146
19147 if test "$with_deprecate_rsa_1024" = "yes"; then
19148
19149 $as_echo "#define DEPRECATE_RSA_1024 1" >>confdefs.h
19150
19151 fi
19152
1903319153 # Check whether --enable-ed25519 was given.
1903419154 if test "${enable_ed25519+set}" = set; then :
1903519155 enableval=$enable_ed25519;
1915619276
1915719277 case "$enable_tfo_client" in
1915819278 yes)
19159 case `uname` in
19160 Linux) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default
19279 case "$host_os" in
19280 linux*) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default
1916119281 #include <netinet/tcp.h>
1916219282
1916319283 "
1917319293 #define USE_MSG_FASTOPEN 1
1917419294 _ACEOF
1917519295
19176 ;;
19177 Darwin) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default
19296 ;;
19297 darwin*) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default
1917819298 #include <sys/socket.h>
1917919299
1918019300 "
1919019310 #define USE_OSX_MSG_FASTOPEN 1
1919119311 _ACEOF
1919219312
19193 ;;
19313 ;;
1919419314 esac
19195 ;;
19315 ;;
1919619316 no|*)
1919719317 ;;
1919819318 esac
2013120251
2013220252 echo '
2013320253 #include <stdlib.h>
20254 #include <unistd.h>
2013420255 ' >conftest.c
2013520256 echo 'void f(){ (void)daemon(0, 0); }' >>conftest.c
20136 if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then
20257 if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
2013720258 eval "cv_cc_deprecated_$cache=no"
2013820259 else
2013920260 eval "cv_cc_deprecated_$cache=yes"
2034620467
2034720468 fi
2034820469
20349 for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs
20470 for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs if_nametoindex
2035020471 do :
2035120472 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
2035220473 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
2040620527
2040720528
2040820529 # check if setreuid en setregid fail, on MacOSX10.4(darwin8).
20409 if echo $target_os | grep darwin8 > /dev/null; then
20530 if echo $host_os | grep darwin8 > /dev/null; then
2041020531
2041120532 $as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h
2041220533
2104321164 yes)
2104421165 COMMON_OBJ_ALL_SYMBOLS=""
2104521166 UBSYMS=""
21046 EXTRALINK="-L. -L.libs -lunbound"
21167 EXTRALINK="libunbound.la"
2104721168
2104821169 $as_echo "#define EXPORT_ALL_SYMBOLS 1" >>confdefs.h
2104921170
2149221613 yes)
2149321614
2149421615 $as_echo "#define USE_CACHEDB 1" >>confdefs.h
21616
21617 CACHEDB_SRC="cachedb/cachedb.c cachedb/redis.c"
21618
21619 CACHEDB_OBJ="cachedb.lo redis.lo"
2149521620
2149621621 ;;
2149721622 no|*)
2158721712 ;;
2158821713 esac
2158921714
21715 if echo "$host" | $GREP -i -e linux >/dev/null; then
21716 # Check whether --enable-linux-ip-local-port-range was given.
21717 if test "${enable_linux_ip_local_port_range+set}" = set; then :
21718 enableval=$enable_linux_ip_local_port_range;
21719 fi
21720
21721 case "$enable_linux_ip_local_port_range" in
21722 yes)
21723
21724 $as_echo "#define USE_LINUX_IP_LOCAL_PORT_RANGE 1" >>confdefs.h
21725
21726 ;;
21727 no|*)
21728 ;;
21729 esac
21730 fi
21731
2159021732
2159121733 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5
2159221734 $as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; }
2174321885
2174421886
2174521887
21746 version=1.13.1
21888 version=1.15.0
2174721889
2174821890 date=`date +'%b %e, %Y'`
2174921891
2226222404 # report actual input values of CONFIG_FILES etc. instead of their
2226322405 # values after options handling.
2226422406 ac_log="
22265 This file was extended by unbound $as_me 1.13.1, which was
22407 This file was extended by unbound $as_me 1.15.0, which was
2226622408 generated by GNU Autoconf 2.69. Invocation command line was
2226722409
2226822410 CONFIG_FILES = $CONFIG_FILES
2232822470 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
2232922471 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
2233022472 ac_cs_version="\\
22331 unbound config.status 1.13.1
22473 unbound config.status 1.15.0
2233222474 configured by $0, generated by GNU Autoconf 2.69,
2233322475 with options \\"\$ac_cs_config\\"
2233422476
+107
-36
configure.ac less more
99
1010 # must be numbers. ac_defun because of later processing
1111 m4_define([VERSION_MAJOR],[1])
12 m4_define([VERSION_MINOR],[13])
13 m4_define([VERSION_MICRO],[1])
12 m4_define([VERSION_MINOR],[15])
13 m4_define([VERSION_MICRO],[0])
1414 AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
1515 AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
1616 AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
1717 AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
1818
1919 LIBUNBOUND_CURRENT=9
20 LIBUNBOUND_REVISION=12
20 LIBUNBOUND_REVISION=15
2121 LIBUNBOUND_AGE=1
2222 # 1.0.0 had 0:12:0
2323 # 1.0.1 had 0:13:0
9797 # 1.12.0 had 9:10:1
9898 # 1.13.0 had 9:11:1
9999 # 1.13.1 had 9:12:1
100 # 1.13.2 had 9:13:1
101 # 1.14.0 had 9:14:1
102 # 1.15.0 had 9:15:1
100103
101104 # Current -- the number of the binary API that we're implementing
102105 # Revision -- which iteration of the implementation of the binary
145148 esac
146149
147150 # are we on MinGW?
148 if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes"
151 if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes"
149152 else
150 if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes"
153 if echo $host | grep mingw >/dev/null; then on_mingw="yes"
151154 else on_mingw="no"; fi
152155 fi
153156
383386 AC_CHECK_TOOL(STRIP, strip)
384387 ACX_LIBTOOL_C_ONLY
385388
389 # pkg-config is only needed for these options, do not require it otherwise
390 if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
386391 PKG_PROG_PKG_CONFIG
392 fi
387393
388394 # Checks for header files.
389395 AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h],,, [AC_INCLUDES_DEFAULT])
405411 ])
406412
407413 # Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
408 AC_CHECK_HEADERS([TargetConditionals.h])
414 AC_CHECK_HEADERS([TargetConditionals.h],,, [AC_INCLUDES_DEFAULT])
415 AC_CHECK_HEADERS([netioapi.h],,, [AC_INCLUDES_DEFAULT
416 #if HAVE_SYS_PARAM_H
417 #include <sys/param.h>
418 #endif
419
420 #ifdef HAVE_SYS_SOCKET_H
421 #include <sys/socket.h>
422 #endif
423
424 #ifdef HAVE_SYS_UIO_H
425 #include <sys/uio.h>
426 #endif
427
428 #ifdef HAVE_NETINET_IN_H
429 #include <netinet/in.h>
430 #endif
431
432 #ifdef HAVE_NETINET_TCP_H
433 #include <netinet/tcp.h>
434 #endif
435
436 #ifdef HAVE_ARPA_INET_H
437 #include <arpa/inet.h>
438 #endif
439
440 #ifdef HAVE_WINSOCK2_H
441 #include <winsock2.h>
442 #endif
443
444 #ifdef HAVE_WS2TCPIP_H
445 #include <ws2tcpip.h>
446 #endif
447 ])
409448
410449 # check for types.
411450 # Using own tests for int64* because autoconf builtin only give 32bit.
452491 AC_SEARCH_LIBS([inet_pton], [nsl])
453492 AC_SEARCH_LIBS([socket], [socket])
454493
455 # check wether strptime also works
494 # check whether strptime also works
456495 AC_DEFUN([AC_CHECK_STRPTIME_WORKS],
457496 [AC_REQUIRE([AC_PROG_CC])
458497 AC_MSG_CHECKING(whether strptime works)
488527 AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])])
489528
490529 # check if we can use SO_REUSEPORT
491 if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then
530 reuseport_default=0
531 if echo "$host" | $GREP -i -e linux >/dev/null; then reuseport_default=1; fi
532 if echo "$host" | $GREP -i -e dragonfly >/dev/null; then reuseport_default=1; fi
533 if test "$reuseport_default" = 1; then
492534 AC_DEFINE(REUSEPORT_DEFAULT, 1, [if REUSEPORT is enabled by default])
493535 else
494536 AC_DEFINE(REUSEPORT_DEFAULT, 0, [if REUSEPORT is enabled by default])
691733 AC_SUBST(PY_MAJOR_VERSION)
692734 # Have Python
693735 AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.])
694 if test -n "$LIBS"; then
695 LIBS="$PYTHON_LDFLAGS $LIBS"
696 else
697 LIBS="$PYTHON_LDFLAGS"
736 if test x_$ub_with_pythonmod != x_no; then
737 if test -n "$LIBS"; then
738 LIBS="$PYTHON_LDFLAGS $LIBS"
739 else
740 LIBS="$PYTHON_LDFLAGS"
741 fi
698742 fi
743 PYTHON_LIBS="$PYTHON_LDFLAGS"
744 AC_SUBST(PYTHON_LIBS)
699745 if test -n "$CPPFLAGS"; then
700746 CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
701747 else
767813 if test "`uname`" = "NetBSD"; then
768814 NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_'
769815 AC_SUBST(NETBSD_LINTFLAGS)
816 fi
817
818 if test "`uname`" = "Linux"; then
819 # splint cannot parse modern c99 header files
820 GCC_DOCKER_LINTFLAGS='-syntax'
821 AC_SUBST(GCC_DOCKER_LINTFLAGS)
770822 fi
771823 CONFIG_DATE=`date +%Y%m%d`
772824 AC_SUBST(CONFIG_DATE)
822874 ACX_LIB_SSL
823875 SSLLIB="-lssl"
824876
825 PC_CRYPTO_DEPENDENCY="libcrypto libssl"
877 PC_CRYPTO_DEPENDENCY=""
826878 AC_SUBST(PC_CRYPTO_DEPENDENCY)
827879
828880 # check if -lcrypt32 is needed because CAPIENG needs that. (on windows)
842894 ])
843895
844896 AC_MSG_CHECKING([for LibreSSL])
845 if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
897 if grep VERSION_TEXT $ssldir_include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
846898 AC_MSG_RESULT([yes])
847899 AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL])
848900 # libressl provides these compat functions, but they may also be
851903 else
852904 AC_MSG_RESULT([no])
853905 fi
854 AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h],,, [AC_INCLUDES_DEFAULT])
855 AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params])
906 AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT])
907 AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
856908
857909 # these check_funcs need -lssl
858910 BAKLIBS="$LIBS"
859911 LIBS="-lssl $LIBS"
860 AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb])
912 AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate])
861913 LIBS="$BAKLIBS"
862914
863915 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
9651017 ;;
9661018 esac
9671019
968 # check wether gost also works
1020 # check whether gost also works
9691021 AC_DEFUN([AC_CHECK_GOST_WORKS],
9701022 [AC_REQUIRE([AC_PROG_CC])
9711023 AC_MSG_CHECKING([if GOST works])
9721024 if test c${cross_compiling} = cno; then
9731025 BAKCFLAGS="$CFLAGS"
9741026 if test -n "$ssldir"; then
975 CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib"
1027 CFLAGS="$CFLAGS -Wl,-rpath,$ssldir_lib"
9761028 fi
9771029 AC_RUN_IFELSE([AC_LANG_SOURCE([[
9781030 #include <string.h>
10951147 ])
10961148 # see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
10971149 AC_MSG_CHECKING([if openssl supports SHA2 and ECDSA with EVP])
1098 if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "OpenSSL" >/dev/null; then
1099 if grep OPENSSL_VERSION_NUMBER $ssldir/include/openssl/opensslv.h | grep 0x0 >/dev/null; then
1150 if grep OPENSSL_VERSION_TEXT $ssldir_include/openssl/opensslv.h | grep "OpenSSL" >/dev/null; then
1151 if grep OPENSSL_VERSION_NUMBER $ssldir_include/openssl/opensslv.h | grep 0x0 >/dev/null; then
11001152 AC_MSG_RESULT([no])
11011153 AC_DEFINE_UNQUOTED([USE_ECDSA_EVP_WORKAROUND], [1], [Define this to enable an EVP workaround for older openssl])
11021154 else
11521204 # support DSA for DNSSEC Validation.
11531205 ;;
11541206 esac
1207
1208 AC_ARG_WITH(deprecate-rsa-1024, AS_HELP_STRING([--with-deprecate-rsa-1024],[Deprecate RSA 1024 bit length, makes that an unsupported key, for use when OpenSSL FIPS refuses 1024 bit verification]))
1209 if test "$with_deprecate_rsa_1024" = "yes"; then
1210 AC_DEFINE([DEPRECATE_RSA_1024], [1], [Deprecate RSA 1024 bit length, makes that an unsupported key])
1211 fi
11551212
11561213 AC_ARG_ENABLE(ed25519, AS_HELP_STRING([--disable-ed25519],[Disable ED25519 support]))
11571214 use_ed25519="no"
12091266 AC_ARG_ENABLE(tfo-client, AS_HELP_STRING([--enable-tfo-client],[Enable TCP Fast Open for client mode]))
12101267 case "$enable_tfo_client" in
12111268 yes)
1212 case `uname` in
1213 Linux) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
1214 [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])],
1215 [AC_INCLUDES_DEFAULT
1269 case "$host_os" in
1270 linux*) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
1271 [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])],
1272 [AC_INCLUDES_DEFAULT
12161273 #include <netinet/tcp.h>
12171274 ])
1218 AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.])
1219 ;;
1220 Darwin) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
1221 [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])],
1222 [AC_INCLUDES_DEFAULT
1275 AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.])
1276 ;;
1277 darwin*) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
1278 [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])],
1279 [AC_INCLUDES_DEFAULT
12231280 #include <sys/socket.h>
12241281 ])
1225 AC_DEFINE_UNQUOTED([USE_OSX_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.])
1226 ;;
1282 AC_DEFINE_UNQUOTED([USE_OSX_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.])
1283 ;;
12271284 esac
1228 ;;
1285 ;;
12291286 no|*)
12301287 ;;
12311288 esac
15071564 if test $ac_cv_func_daemon = yes; then
15081565 ACX_FUNC_DEPRECATED([daemon], [(void)daemon(0, 0);], [
15091566 #include <stdlib.h>
1567 #include <unistd.h>
15101568 ])
15111569 fi
15121570
15801638 AC_MSG_RESULT(no))
15811639
15821640 AC_SEARCH_LIBS([setusercontext], [util])
1583 AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs])
1641 AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs if_nametoindex])
15841642 AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
15851643 AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
15861644
15871645 # check if setreuid en setregid fail, on MacOSX10.4(darwin8).
1588 if echo $target_os | grep darwin8 > /dev/null; then
1646 if echo $host_os | grep darwin8 > /dev/null; then
15891647 AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
15901648 fi
15911649 AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [
17101768 yes)
17111769 COMMON_OBJ_ALL_SYMBOLS=""
17121770 UBSYMS=""
1713 EXTRALINK="-L. -L.libs -lunbound"
1771 EXTRALINK="libunbound.la"
17141772 AC_DEFINE(EXPORT_ALL_SYMBOLS, 1, [Define this if you enabled-allsymbols from libunbound to link binaries to it for smaller install size, but the libunbound export table is polluted by internal symbols])
17151773 ;;
17161774 no|*)
17771835 case "$enable_cachedb" in
17781836 yes)
17791837 AC_DEFINE([USE_CACHEDB], [1], [Define to 1 to use cachedb support])
1838 AC_SUBST([CACHEDB_SRC], ["cachedb/cachedb.c cachedb/redis.c"])
1839 AC_SUBST([CACHEDB_OBJ], ["cachedb.lo redis.lo"])
17801840 ;;
17811841 no|*)
17821842 # nothing
18461906 ;;
18471907 esac
18481908
1909 if echo "$host" | $GREP -i -e linux >/dev/null; then
1910 AC_ARG_ENABLE(linux-ip-local-port-range, AC_HELP_STRING([--enable-linux-ip-local-port-range], [Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports.]))
1911 case "$enable_linux_ip_local_port_range" in
1912 yes)
1913 AC_DEFINE([USE_LINUX_IP_LOCAL_PORT_RANGE], [1], [Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports.])
1914 ;;
1915 no|*)
1916 ;;
1917 esac
1918 fi
1919
18491920
18501921 AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
18511922 # on openBSD, the implicit rule make $< work.
+11
-0
contrib/Dockerfile.tests less more
0 FROM gcc:latest
1 WORKDIR /usr/src/unbound
2 RUN apt-get update
3 # install semantic parser & lexical analyzer
4 RUN apt-get install -y bison flex
5 # install packages used in tests
6 RUN apt-get install -y ldnsutils dnsutils xxd splint doxygen netcat
7 # accept short rsa keys, which are used in tests
8 RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf
9
10 CMD ["/bin/bash"]
+39
-39
contrib/aaaa-filter-iterator.patch less more
00 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
1 index f426ac5f..147fbfa9 100644
1 index 5a75e319..c6c6dbe2 100644
22 --- a/doc/unbound.conf.5.in
33 +++ b/doc/unbound.conf.5.in
4 @@ -872,6 +872,13 @@ potentially broken nameservers. A lot of domains will not be resolvable when
4 @@ -970,6 +970,13 @@ potentially broken nameservers. A lot of domains will not be resolvable when
55 this option in enabled. Only use if you know what you are doing.
66 This option only has effect when qname-minimisation is enabled. Default is no.
77 .TP
1616 Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
1717 and other denials, using information from previous NXDOMAINs answers.
1818 diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
19 index aae934dd..55c55de0 100644
19 index f093c1bf..e55a2246 100644
2020 --- a/iterator/iter_scrub.c
2121 +++ b/iterator/iter_scrub.c
22 @@ -667,6 +667,32 @@ static int sanitize_nsec_is_overreach(struct rrset_parse* rrset,
22 @@ -679,6 +679,32 @@ static int sanitize_nsec_is_overreach(sldns_buffer* pkt,
2323 return 0;
2424 }
2525
5252 /**
5353 * Given a response event, remove suspect RRsets from the response.
5454 * "Suspect" rrsets are potentially poison. Note that this routine expects
55 @@ -686,6 +712,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
55 @@ -698,6 +724,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
5656 struct query_info* qinfo, uint8_t* zonename, struct module_env* env,
5757 struct iter_env* ie)
5858 {
6060 int del_addi = 0; /* if additional-holding rrsets are deleted, we
6161 do not trust the normalized additional-A-AAAA any more */
6262 struct rrset_parse* rrset, *prev;
63 @@ -721,6 +748,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
63 @@ -733,6 +760,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
6464 rrset = rrset->rrset_all_next;
6565 }
6666
7474 /* At this point, we brutally remove ALL rrsets that aren't
7575 * children of the originating zone. The idea here is that,
7676 * as far as we know, the server that we contacted is ONLY
77 @@ -732,6 +766,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
77 @@ -744,6 +778,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
7878 rrset = msg->rrset_first;
7979 while(rrset) {
8080
100100 if( (rrset->type == LDNS_RR_TYPE_A ||
101101 rrset->type == LDNS_RR_TYPE_AAAA)) {
102102 diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c
103 index 7bc67da6..e10f547a 100644
103 index 2482a1f4..bd5ba243 100644
104104 --- a/iterator/iter_utils.c
105105 +++ b/iterator/iter_utils.c
106 @@ -175,6 +175,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
107 }
106 @@ -177,6 +177,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
108107 iter_env->supports_ipv6 = cfg->do_ip6;
109108 iter_env->supports_ipv4 = cfg->do_ip4;
109 iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
110110 + iter_env->aaaa_filter = cfg->aaaa_filter;
111111 return 1;
112112 }
113113
114114 diff --git a/iterator/iterator.c b/iterator/iterator.c
115 index 23b07ea9..ca29b48c 100644
115 index 54006940..768fe202 100644
116116 --- a/iterator/iterator.c
117117 +++ b/iterator/iterator.c
118 @@ -2127,6 +2127,53 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id)
118 @@ -2155,6 +2155,53 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id)
119119
120120 return 0;
121121 }
169169
170170 /**
171171 * This is the request event state where the request will be sent to one of
172 @@ -2186,6 +2233,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
172 @@ -2216,6 +2263,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
173173 return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
174174 }
175175
183183 /* Make sure we have a delegation point, otherwise priming failed
184184 * or another failure occurred */
185185 if(!iq->dp) {
186 @@ -3574,6 +3628,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
186 @@ -3648,6 +3702,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
187187 return 0;
188188 }
189189
245245 /*
246246 * Return priming query results to interested super querystates.
247247 *
248 @@ -3593,6 +3702,9 @@ iter_inform_super(struct module_qstate* qstate, int id,
248 @@ -3667,6 +3776,9 @@ iter_inform_super(struct module_qstate* qstate, int id,
249249 else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*)
250250 super->minfo[id])->state == DSNS_FIND_STATE)
251251 processDSNSResponse(qstate, id, super);
255255 else if(qstate->return_rcode != LDNS_RCODE_NOERROR)
256256 error_supers(qstate, id, super);
257257 else if(qstate->is_priming)
258 @@ -3630,6 +3742,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq,
258 @@ -3704,6 +3816,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq,
259259 case INIT_REQUEST_3_STATE:
260260 cont = processInitRequest3(qstate, iq, id);
261261 break;
265265 case QUERYTARGETS_STATE:
266266 cont = processQueryTargets(qstate, iq, ie, id);
267267 break;
268 @@ -3961,6 +4076,8 @@ iter_state_to_string(enum iter_state state)
268 @@ -4040,6 +4155,8 @@ iter_state_to_string(enum iter_state state)
269269 return "INIT REQUEST STATE (stage 2)";
270270 case INIT_REQUEST_3_STATE:
271271 return "INIT REQUEST STATE (stage 3)";
274274 case QUERYTARGETS_STATE :
275275 return "QUERY TARGETS STATE";
276276 case PRIME_RESP_STATE :
277 @@ -3985,6 +4102,7 @@ iter_state_is_responsestate(enum iter_state s)
277 @@ -4064,6 +4181,7 @@ iter_state_is_responsestate(enum iter_state s)
278278 case INIT_REQUEST_STATE :
279279 case INIT_REQUEST_2_STATE :
280280 case INIT_REQUEST_3_STATE :
283283 case COLLECT_CLASS_STATE :
284284 return 0;
285285 diff --git a/iterator/iterator.h b/iterator/iterator.h
286 index 342ac207..731948d1 100644
286 index 8b840528..a61c4195 100644
287287 --- a/iterator/iterator.h
288288 +++ b/iterator/iterator.h
289 @@ -135,6 +135,9 @@ struct iter_env {
289 @@ -133,6 +133,9 @@ struct iter_env {
290290 */
291291 int* target_fetch_policy;
292292
296296 /** lock on ratelimit counter */
297297 lock_basic_type queries_ratelimit_lock;
298298 /** number of queries that have been ratelimited */
299 @@ -186,6 +189,14 @@ enum iter_state {
299 @@ -187,6 +190,14 @@ enum iter_state {
300300 */
301301 INIT_REQUEST_3_STATE,
302302
311311 /**
312312 * Each time a delegation point changes for a given query or a
313313 * query times out and/or wakes up, this state is (re)visited.
314 @@ -375,6 +386,13 @@ struct iter_qstate {
314 @@ -376,6 +387,13 @@ struct iter_qstate {
315315 */
316316 int refetch_glue;
317317
326326 struct outbound_list outlist;
327327
328328 diff --git a/pythonmod/interface.i b/pythonmod/interface.i
329 index f08b575d..47f1bb2e 100644
329 index 1ca8686a..d91b19ec 100644
330330 --- a/pythonmod/interface.i
331331 +++ b/pythonmod/interface.i
332 @@ -975,6 +975,7 @@ struct config_file {
332 @@ -995,6 +995,7 @@ struct config_file {
333333 int harden_dnssec_stripped;
334334 int harden_referral_path;
335335 int use_caps_bits_for_id;
338338 struct config_strlist* private_domain;
339339 size_t unwanted_threshold;
340340 diff --git a/util/config_file.c b/util/config_file.c
341 index 0ab8614a..729fb147 100644
341 index 969d664b..8d94b008 100644
342342 --- a/util/config_file.c
343343 +++ b/util/config_file.c
344 @@ -218,6 +218,7 @@ config_create(void)
344 @@ -231,6 +231,7 @@ config_create(void)
345345 cfg->harden_referral_path = 0;
346346 cfg->harden_algo_downgrade = 0;
347347 cfg->use_caps_bits_for_id = 0;
350350 cfg->private_address = NULL;
351351 cfg->private_domain = NULL;
352352 diff --git a/util/config_file.h b/util/config_file.h
353 index e61257a3..dabaa7bb 100644
353 index c7c9a0a4..e3aa15b0 100644
354354 --- a/util/config_file.h
355355 +++ b/util/config_file.h
356 @@ -260,6 +260,8 @@ struct config_file {
356 @@ -285,6 +285,8 @@ struct config_file {
357357 int harden_algo_downgrade;
358358 /** use 0x20 bits in query as random ID bits */
359359 int use_caps_bits_for_id;
363363 struct config_strlist* caps_whitelist;
364364 /** strip away these private addrs from answers, no DNS Rebinding */
365365 diff --git a/util/configlexer.lex b/util/configlexer.lex
366 index 79a0edca..4eaec678 100644
366 index 34a0e5dd..c890be2a 100644
367367 --- a/util/configlexer.lex
368368 +++ b/util/configlexer.lex
369 @@ -304,6 +304,7 @@ harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) }
370 use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) }
369 @@ -317,6 +317,7 @@ use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) }
371370 caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) }
371 caps-exempt{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) }
372372 unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }
373373 +aaaa-filter{COLON} { YDVAR(1, VAR_AAAA_FILTER) }
374374 private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) }
375375 private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) }
376376 prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) }
377377 diff --git a/util/configparser.y b/util/configparser.y
378 index 1d0e8658..f284dd43 100644
378 index d4f965f9..8cc237c6 100644
379379 --- a/util/configparser.y
380380 +++ b/util/configparser.y
381381 @@ -97,6 +97,7 @@ extern struct config_parser_state* cfg_parser;
382 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
382 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
383383 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
384384 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
385385 +%token VAR_AAAA_FILTER
386386 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
387387 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
388388 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
389 @@ -233,6 +234,7 @@ content_server: server_num_threads | server_verbosity | server_port |
389 @@ -247,6 +248,7 @@ content_server: server_num_threads | server_verbosity | server_port |
390390 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
391391 server_harden_referral_path | server_private_address |
392 server_private_domain | server_extended_statistics |
392 server_private_domain | server_extended_statistics |
393393 + server_aaaa_filter |
394 server_local_data_ptr | server_jostle_timeout |
395 server_unwanted_reply_threshold | server_log_time_ascii |
396 server_domain_insecure | server_val_sig_skew_min |
397 @@ -1563,6 +1565,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
394 server_local_data_ptr | server_jostle_timeout |
395 server_unwanted_reply_threshold | server_log_time_ascii |
396 server_domain_insecure | server_val_sig_skew_min |
397 @@ -1754,6 +1756,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
398398 yyerror("out of memory");
399399 }
400400 ;
+1
-1
contrib/drop2rpz less more
33 #
44 # unbound.conf:
55 # rpz:
6 # name: "spamhaus-drop.rpz.local."
6 # name: "drop.spamhaus.org.rpz.local."
77 # zonefile: "/path/tp/spamhaus-drop.rpz.local"
88 # rpz-log: yes
99 # rpz-log-name: "spamhaus-drop"
+5
-3
contrib/ios/install_tools.sh less more
00 #!/usr/bin/env bash
11
22 # This step should install tools needed for all packages - OpenSSL, Expat and Unbound
3 echo "Updating tools"
4 brew update 1>/dev/null
3 # brew update hangs, so we try to skip that step.
4 #echo "Updating tools"
5 #brew update 1>/dev/null
56 echo "Installing tools"
67 # already installed are: autoconf automake libtool pkg-config
7 brew install curl perl 1>/dev/null
8 #brew install curl perl 1>/dev/null
9 HOMEBREW_NO_AUTO_UPDATE=1 brew install curl perl 1>/dev/null
+5
-0
contrib/unbound.service.in less more
5959 PrivateDevices=true
6060 PrivateTmp=true
6161 ProtectHome=true
62 ProtectClock=true
6263 ProtectControlGroups=true
64 ProtectKernelLogs=true
6365 ProtectKernelModules=true
66 # This breaks using socket options like 'so-rcvbuf'. Explicitly disable for visibility.
67 ProtectKernelTunables=false
68 ProtectProc=invisible
6469 ProtectSystem=strict
6570 RuntimeDirectory=unbound
6671 ConfigurationDirectory=unbound
+13
-7
contrib/unbound.spec less more
00 Summary: Validating, recursive, and caching DNS resolver
11 Name: unbound
2 Version: 1.4.18
2 Version: 1.13.1
33 Release: 1%{?dist}
44 License: BSD
55 Url: http://www.nlnetlabs.nl/unbound/
6 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
6 Source: http://www.nlnetlabs.nl/downloads/unbound/%{name}-%{version}.tar.gz
77 #Source1: unbound.init
88 Group: System Environment/Daemons
9 Requires: ldns
109 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
11 BuildRequires: flex, openssl-devel, expat-devel, ldns-devel
10 BuildRequires: flex, openssl-devel, expat-devel
1211
1312 %description
1413 Unbound is a validating, recursive, and caching DNS resolver.
4140 install -d 0755 %{buildroot}%{_initrddir}
4241 install -m 0755 contrib/unbound.init %{buildroot}%{_initrddir}/unbound
4342 # add symbolic link from /etc/unbound.conf -> /var/unbound/unbound.conf
44 ln -s %{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf
43 ln -s ../%{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf
4544 # remove static library from install (fedora packaging guidelines)
4645 rm -f %{buildroot}%{_libdir}/libunbound.a %{buildroot}%{_libdir}/libunbound.la
4746
5453 %attr(0755,root,root) %{_initrddir}/%{name}
5554 %attr(0700,%{name},%{name}) %dir %{_localstatedir}/%{name}
5655 %attr(0644,%{name},%{name}) %config(noreplace) %{_localstatedir}/%{name}/unbound.conf
57 %attr(0644,%{name},%{name}) %config(noreplace) %{_sysconfdir}/unbound.conf
56 %config(noreplace) %{_sysconfdir}/unbound.conf
5857 %{_sbindir}/*
5958 %{_mandir}/*/*
6059 %{_includedir}/*
6160 %{_libdir}/libunbound*
61 %{_libdir}/pkgconfig/libunbound*
6262
6363 %pre
6464 getent group unbound >/dev/null || groupadd -r unbound
8888 fi
8989
9090 %changelog
91 * Thu Jul 13 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8
91 * Thu Jun 10 2021 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.13.1
92 - ldns and ldns-devel no longer required. Fixed date. Version to 1.13.1.
93 - Removed symlink attr mode, made unbound.conf symlink relative.
94 - Added pkgconfig/libunbound.pc to the packaged files.
95 - fixed download url to nlnetlabs.nl download.
96
97 * Wed Jul 13 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8
9298 - ldns required and ldns-devel required for build, no more ldns-builtin.
9399
94100 * Thu Mar 17 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8
+37
-34
contrib/unbound_munin_ less more
1313 # Run the command unbound-control-setup to generate the key files.
1414 #
1515 # Environment variables for this script
16 # statefile - where to put temporary statefile.
1716 # unbound_conf - where the unbound.conf file is located.
1817 # unbound_control - where to find unbound-control executable.
1918 # spoof_warn - what level to warn about spoofing
2322 # with:
2423 # [unbound*]
2524 # user root
26 # env.statefile /usr/local/var/munin/plugin-state/unbound-state
2725 # env.unbound_conf /usr/local/etc/unbound/unbound.conf
2826 # env.unbound_control /usr/local/sbin/unbound-control
2927 # env.spoof_warn 1000
6563
6664 [unbound*]
6765 user root
68 env.statefile /usr/local/var/munin/plugin-state/unbound-state
6966 env.unbound_conf /usr/local/etc/unbound/unbound.conf
7067 env.unbound_control /usr/local/sbin/unbound-control
7168 env.spoof_warn 1000
9794
9895 =cut
9996
100 state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state}
97 state="${MUNIN_PLUGSTATE}/unbound.state"
98 seentags="${MUNIN_PLUGSTATE}/unbound-seentags.state"
10199 conf=${unbound_conf:-/usr/local/etc/unbound/unbound.conf}
102100 ctrl=${unbound_control:-/usr/local/sbin/unbound-control}
103101 warn=${spoof_warn:-1000}
120118 fi
121119 }
122120
121 # Update list of seen query types etc to seentags file. This is run while
122 # holding the lock, after the state file is updated.
123 update_seentags() {
124 tmplist="$(cat ${seentags} 2> /dev/null)
125 num.query.type.A
126 num.query.class.IN
127 num.query.opcode.QUERY
128 num.answer.rcode.NOERROR
129 "
130 (echo "${tmplist}"; grep ^num ${state} | sed -e 's/=.*//') | sort -u > ${seentags}
131 }
132
123133 # download the state from the unbound server.
124134 get_state ( ) {
125135 # obtain lock for fetching the state
126136 # because there is a race condition in fetching and writing to file
127137
128 # see if the lock is stale, if so, take it
138 # see if the lock is stale, if so, take it
129139 if test -f $lock ; then
130140 pid="`cat $lock 2>&1`"
131141 kill -0 "$pid" >/dev/null 2>&1
167177 rm -f $lock
168178 exit 1
169179 fi
180 update_seentags
170181 rm -f $lock
171182 }
172183
231242 echo "graph_args --base 1000 -l 0"
232243 echo "graph_vlabel queries / \${graph_period}"
233244 echo "graph_scale no"
234 echo "graph_category DNS"
245 echo "graph_category dns"
235246 for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state |
236247 sed -e 's/=.*//'`; do
237248 exist_config $x "queries handled by `basename $x .num.queries`"
255266 echo "graph_args --base 1000 -l 0"
256267 echo "graph_vlabel number of queries"
257268 echo "graph_scale no"
258 echo "graph_category DNS"
269 echo "graph_category dns"
259270 p_config "total.requestlist.avg" "Average size of queue on insert" "GAUGE"
260271 p_config "total.requestlist.max" "Max size of queue (in 5 min)" "GAUGE"
261272 p_config "total.requestlist.overwritten" "Number of queries replaced by new ones" "GAUGE"
266277 echo "graph_title Unbound memory usage"
267278 echo "graph_args --base 1024 -l 0"
268279 echo "graph_vlabel memory used in bytes"
269 echo "graph_category DNS"
280 echo "graph_category dns"
270281 p_config "mem.cache.rrset" "RRset cache memory" "GAUGE"
271282 p_config "mem.cache.message" "Message cache memory" "GAUGE"
272283 p_config "mem.mod.iterator" "Iterator module memory" "GAUGE"
282293 echo "graph_args --base 1000 -l 0"
283294 echo "graph_vlabel queries / \${graph_period}"
284295 echo "graph_scale no"
285 echo "graph_category DNS"
286 for x in `grep "^num.query.type" $state`; do
287 nm=`echo $x | sed -e 's/=.*$//'`
296 echo "graph_category dns"
297 for nm in `grep "^num.query.type" $seentags`; do
288298 tp=`echo $nm | sed -e s/num.query.type.//`
289299 p_config "$nm" "$tp" "ABSOLUTE"
290300 done
295305 echo "graph_args --base 1000 -l 0"
296306 echo "graph_vlabel queries / \${graph_period}"
297307 echo "graph_scale no"
298 echo "graph_category DNS"
299 for x in `grep "^num.query.class" $state`; do
300 nm=`echo $x | sed -e 's/=.*$//'`
308 echo "graph_category dns"
309 for nm in `grep "^num.query.class" $seentags`; do
301310 tp=`echo $nm | sed -e s/num.query.class.//`
302311 p_config "$nm" "$tp" "ABSOLUTE"
303312 done
308317 echo "graph_args --base 1000 -l 0"
309318 echo "graph_vlabel queries / \${graph_period}"
310319 echo "graph_scale no"
311 echo "graph_category DNS"
312 for x in `grep "^num.query.opcode" $state`; do
313 nm=`echo $x | sed -e 's/=.*$//'`
320 echo "graph_category dns"
321 for nm in `grep "^num.query.opcode" $seentags`; do
314322 tp=`echo $nm | sed -e s/num.query.opcode.//`
315323 p_config "$nm" "$tp" "ABSOLUTE"
316324 done
321329 echo "graph_args --base 1000 -l 0"
322330 echo "graph_vlabel answer packets / \${graph_period}"
323331 echo "graph_scale no"
324 echo "graph_category DNS"
325 for x in `grep "^num.answer.rcode" $state`; do
326 nm=`echo $x | sed -e 's/=.*$//'`
332 echo "graph_category dns"
333 for nm in `grep "^num.answer.rcode" $seentags`; do
327334 tp=`echo $nm | sed -e s/num.answer.rcode.//`
328335 p_config "$nm" "$tp" "ABSOLUTE"
329336 done
337344 echo "graph_args --base 1000 -l 0"
338345 echo "graph_vlabel queries / \${graph_period}"
339346 echo "graph_scale no"
340 echo "graph_category DNS"
347 echo "graph_category dns"
341348 p_config "num.query.flags.QR" "QR (query reply) flag" "ABSOLUTE"
342349 p_config "num.query.flags.AA" "AA (auth answer) flag" "ABSOLUTE"
343350 p_config "num.query.flags.TC" "TC (truncated) flag" "ABSOLUTE"
355362 echo "graph_args --base 1000 -l 0"
356363 echo "graph_vlabel queries / \${graph_period}"
357364 echo "graph_scale no"
358 echo "graph_category DNS"
365 echo "graph_category dns"
359366 echo hcache.label "cache hits"
360367 echo hcache.min 0
361368 echo hcache.type ABSOLUTE
466473 done
467474 ;;
468475 by_type)
469 for x in `grep "^num.query.type" $state`; do
470 nm=`echo $x | sed -e 's/=.*$//'`
471 print_value_line $nm $x
476 for nm in `grep "^num.query.type" $seentags`; do
477 print_value $nm
472478 done
473479 ;;
474480 by_class)
475 for x in `grep "^num.query.class" $state`; do
476 nm=`echo $x | sed -e 's/=.*$//'`
477 print_value_line $nm $x
481 for nm in `grep "^num.query.class" $seentags`; do
482 print_value $nm
478483 done
479484 ;;
480485 by_opcode)
481 for x in `grep "^num.query.opcode" $state`; do
482 nm=`echo $x | sed -e 's/=.*$//'`
483 print_value_line $nm $x
486 for nm in `grep "^num.query.opcode" $seentags`; do
487 print_value $nm
484488 done
485489 ;;
486490 by_rcode)
487 for x in `grep "^num.answer.rcode" $state`; do
488 nm=`echo $x | sed -e 's/=.*$//'`
489 print_value_line $nm $x
491 for nm in `grep "^num.answer.rcode" $seentags`; do
492 print_value $nm
490493 done
491494 print_value "num.answer.secure"
492495 print_value "num.answer.bogus"
+9
-7
daemon/daemon.c less more
209209 }
210210 #endif /* USE_WINSOCK */
211211 signal_handling_record();
212 checklock_start();
213212 #ifdef HAVE_SSL
214213 # ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
215214 ERR_load_crypto_strings();
279278 free(daemon);
280279 return NULL;
281280 }
281 listen_setup_locks();
282282 if(gettimeofday(&daemon->time_boot, NULL) < 0)
283283 log_err("gettimeofday: %s", strerror(errno));
284284 daemon->time_last_stat = daemon->time_boot;
319319 free(daemon->ports);
320320 daemon->ports = NULL;
321321 }
322 if(!resolve_interface_names(daemon->cfg, &resif, &num_resif))
322 if(!resolve_interface_names(daemon->cfg->ifs,
323 daemon->cfg->num_ifs, NULL, &resif, &num_resif))
323324 return 0;
324325 /* see if we want to reuseport */
325326 #ifdef SO_REUSEPORT
631632 fatal_exit("Could not set up per-view response IP sets");
632633 daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) ||
633634 have_view_respip_cfg;
634
635
636 /* setup modules */
637 daemon_setup_modules(daemon);
638
635639 /* read auth zonefiles */
636640 if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1,
637 &daemon->use_rpz))
641 &daemon->use_rpz, daemon->env, &daemon->mods))
638642 fatal_exit("auth_zones could not be setup");
639643
640644 /* Set-up EDNS strings */
641645 if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg))
642646 fatal_exit("Could not set up EDNS strings");
643
644 /* setup modules */
645 daemon_setup_modules(daemon);
646647
647648 /* response-ip-xxx options don't work as expected without the respip
648649 * module. To avoid run-time operational surprise we reject such
779780 alloc_clear(&daemon->superalloc);
780781 acl_list_delete(daemon->acl);
781782 tcl_list_delete(daemon->tcl);
783 listen_desetup_locks();
782784 free(daemon->chroot);
783785 free(daemon->pidfile);
784786 free(daemon->env);
+128
-44
daemon/remote.c less more
129129 {
130130 #ifndef S_SPLINT_S
131131 size_t leftover;
132 if(d == 0) {
132 if(d <= 0) {
133133 avg->tv_sec = 0;
134134 avg->tv_usec = 0;
135135 return;
138138 avg->tv_usec = sum->tv_usec / d;
139139 /* handle fraction from seconds divide */
140140 leftover = sum->tv_sec - avg->tv_sec*d;
141 avg->tv_usec += (leftover*1000000)/d;
141 if(leftover <= 0)
142 leftover = 0;
143 avg->tv_usec += (((long long)leftover)*((long long)1000000))/d;
144 if(avg->tv_sec < 0)
145 avg->tv_sec = 0;
146 if(avg->tv_usec < 0)
147 avg->tv_usec = 0;
142148 #endif
143149 }
144150
293299 */
294300 if(fd != -1) {
295301 #ifdef HAVE_CHOWN
302 chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
296303 if (cfg->username && cfg->username[0] &&
297304 cfg_uid != (uid_t)-1) {
298305 if(chown(ip, cfg_uid, cfg_gid) == -1)
300307 (unsigned)cfg_uid, (unsigned)cfg_gid,
301308 ip, strerror(errno));
302309 }
303 chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
304310 #else
305311 (void)cfg;
306312 #endif
363369 struct listen_port* l = NULL;
364370 log_assert(cfg->remote_control_enable && cfg->control_port);
365371 if(cfg->control_ifs.first) {
366 struct config_strlist* p;
367 for(p = cfg->control_ifs.first; p; p = p->next) {
368 if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
372 char** rcif = NULL;
373 int i, num_rcif = 0;
374 if(!resolve_interface_names(NULL, 0, cfg->control_ifs.first,
375 &rcif, &num_rcif)) {
376 return NULL;
377 }
378 for(i=0; i<num_rcif; i++) {
379 if(!add_open(rcif[i], cfg->control_port, &l, 1, cfg)) {
369380 listening_ports_free(l);
381 config_del_strarray(rcif, num_rcif);
370382 return NULL;
371383 }
372384 }
385 config_del_strarray(rcif, num_rcif);
373386 } else {
374387 /* defaults */
375388 if(cfg->do_ip6 &&
799812 iter = mod_get_mem(&worker->env, "iterator");
800813 respip = mod_get_mem(&worker->env, "respip");
801814 #ifdef CLIENT_SUBNET
802 subnet = mod_get_mem(&worker->env, "subnet");
815 subnet = mod_get_mem(&worker->env, "subnetcache");
803816 #endif /* CLIENT_SUBNET */
804817 #ifdef USE_IPSECMOD
805818 ipsecmod = mod_get_mem(&worker->env, "ipsecmod");
12901303 (void)ssl_printf(ssl, "removed %d zones\n", num);
12911304 }
12921305
1306 /** check syntax of newly added RR */
1307 static int
1308 check_RR_syntax(RES* ssl, char* str, int line)
1309 {
1310 uint8_t rr[LDNS_RR_BUF_SIZE];
1311 size_t len = sizeof(rr), dname_len = 0;
1312 int s = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600,
1313 NULL, 0, NULL, 0);
1314 if(s != 0) {
1315 char linestr[32];
1316 if(line == 0)
1317 linestr[0]=0;
1318 else snprintf(linestr, sizeof(linestr), "line %d ", line);
1319 if(!ssl_printf(ssl, "error parsing local-data at %sposition %d '%s': %s\n",
1320 linestr, LDNS_WIREPARSE_OFFSET(s), str,
1321 sldns_get_errorstr_parse(s)))
1322 return 0;
1323 return 0;
1324 }
1325 return 1;
1326 }
1327
12931328 /** Add new RR data */
12941329 static int
1295 perform_data_add(RES* ssl, struct local_zones* zones, char* arg)
1296 {
1330 perform_data_add(RES* ssl, struct local_zones* zones, char* arg, int line)
1331 {
1332 if(!check_RR_syntax(ssl, arg, line)) {
1333 return 0;
1334 }
12971335 if(!local_zones_add_RR(zones, arg)) {
12981336 ssl_printf(ssl,"error in syntax or out of memory, %s\n", arg);
12991337 return 0;
13051343 static void
13061344 do_data_add(RES* ssl, struct local_zones* zones, char* arg)
13071345 {
1308 if(!perform_data_add(ssl, zones, arg))
1346 if(!perform_data_add(ssl, zones, arg, 0))
13091347 return;
13101348 send_ok(ssl);
13111349 }
13151353 do_datas_add(RES* ssl, struct local_zones* zones)
13161354 {
13171355 char buf[2048];
1318 int num = 0;
1356 int num = 0, line = 0;
13191357 while(ssl_read_line(ssl, buf, sizeof(buf))) {
13201358 if(buf[0] == 0x04 && buf[1] == 0)
13211359 break; /* end of transmission */
1322 if(!perform_data_add(ssl, zones, buf)) {
1323 if(!ssl_printf(ssl, "error for input line: %s\n", buf))
1324 return;
1325 }
1326 else
1360 line++;
1361 if(perform_data_add(ssl, zones, buf, line))
13271362 num++;
13281363 }
13291364 (void)ssl_printf(ssl, "added %d datas\n", num);
19792014
19802015 /** parse args into delegpt */
19812016 static struct delegpt*
1982 parse_delegpt(RES* ssl, char* args, uint8_t* nm, int allow_names)
2017 parse_delegpt(RES* ssl, char* args, uint8_t* nm)
19832018 {
19842019 /* parse args and add in */
19852020 char* p = args;
20012036 }
20022037 /* parse address */
20032038 if(!authextstrtoaddr(todo, &addr, &addrlen, &auth_name)) {
2004 if(allow_names) {
2005 uint8_t* n = NULL;
2006 size_t ln;
2007 int lb;
2008 if(!parse_arg_name(ssl, todo, &n, &ln, &lb)) {
2009 (void)ssl_printf(ssl, "error cannot "
2010 "parse IP address or name "
2011 "'%s'\n", todo);
2012 delegpt_free_mlc(dp);
2013 return NULL;
2014 }
2015 if(!delegpt_add_ns_mlc(dp, n, 0)) {
2016 (void)ssl_printf(ssl, "error out of memory\n");
2017 free(n);
2018 delegpt_free_mlc(dp);
2019 return NULL;
2020 }
2021 free(n);
2022
2023 } else {
2039 uint8_t* dname= NULL;
2040 int port;
2041 dname = authextstrtodname(todo, &port, &auth_name);
2042 if(!dname) {
20242043 (void)ssl_printf(ssl, "error cannot parse"
2025 " IP address '%s'\n", todo);
2044 " '%s'\n", todo);
2045 delegpt_free_mlc(dp);
2046 return NULL;
2047 }
2048 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
2049 if(auth_name)
2050 log_err("no name verification functionality in "
2051 "ssl library, ignored name for %s", todo);
2052 #endif
2053 if(!delegpt_add_ns_mlc(dp, dname, 0, auth_name, port)) {
2054 (void)ssl_printf(ssl, "error out of memory\n");
2055 free(dname);
20262056 delegpt_free_mlc(dp);
20272057 return NULL;
20282058 }
20292059 } else {
20302060 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
20312061 if(auth_name)
2032 log_err("no name verification functionality in "
2062 log_err("no name verification functionality in "
20332063 "ssl library, ignored name for %s", todo);
20342064 #endif
20352065 /* add address */
20362066 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
2037 auth_name)) {
2067 auth_name, -1)) {
20382068 (void)ssl_printf(ssl, "error out of memory\n");
20392069 delegpt_free_mlc(dp);
20402070 return NULL;
20672097 forwards_delete_zone(fwd, LDNS_RR_CLASS_IN, root);
20682098 } else {
20692099 struct delegpt* dp;
2070 if(!(dp = parse_delegpt(ssl, args, root, 0)))
2100 if(!(dp = parse_delegpt(ssl, args, root)))
20712101 return;
20722102 if(!forwards_add_zone(fwd, LDNS_RR_CLASS_IN, dp)) {
20732103 (void)ssl_printf(ssl, "error out of memory\n");
21132143
21142144 /* parse dp */
21152145 if(dp) {
2116 if(!(*dp = parse_delegpt(ssl, args, *nm, 1))) {
2146 if(!(*dp = parse_delegpt(ssl, args, *nm))) {
21172147 free(*nm);
21182148 return 0;
21192149 }
25092539 uint8_t* nm = NULL;
25102540 struct auth_zones* az = worker->env.auth_zones;
25112541 struct auth_zone* z = NULL;
2542 struct auth_xfer* xfr = NULL;
2543 char* reason = NULL;
25122544 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
25132545 return;
25142546 if(az) {
25172549 if(z) {
25182550 lock_rw_wrlock(&z->lock);
25192551 }
2552 xfr = auth_xfer_find(az, nm, nmlen, LDNS_RR_CLASS_IN);
2553 if(xfr) {
2554 lock_basic_lock(&xfr->lock);
2555 }
25202556 lock_rw_unlock(&az->lock);
25212557 }
25222558 free(nm);
25232559 if(!z) {
2560 if(xfr) {
2561 lock_basic_unlock(&xfr->lock);
2562 }
25242563 (void)ssl_printf(ssl, "error no auth-zone %s\n", arg);
25252564 return;
25262565 }
25272566 if(!auth_zone_read_zonefile(z, worker->env.cfg)) {
25282567 lock_rw_unlock(&z->lock);
2568 if(xfr) {
2569 lock_basic_unlock(&xfr->lock);
2570 }
25292571 (void)ssl_printf(ssl, "error failed to read %s\n", arg);
25302572 return;
25312573 }
2574
2575 z->zone_expired = 0;
2576 if(xfr) {
2577 xfr->zone_expired = 0;
2578 if(!xfr_find_soa(z, xfr)) {
2579 if(z->data.count == 0) {
2580 lock_rw_unlock(&z->lock);
2581 lock_basic_unlock(&xfr->lock);
2582 (void)ssl_printf(ssl, "zone %s has no contents\n", arg);
2583 return;
2584 }
2585 lock_rw_unlock(&z->lock);
2586 lock_basic_unlock(&xfr->lock);
2587 (void)ssl_printf(ssl, "error: no SOA in zone after read %s\n", arg);
2588 return;
2589 }
2590 if(xfr->have_zone)
2591 xfr->lease_time = *worker->env.now;
2592 lock_basic_unlock(&xfr->lock);
2593 }
2594
2595 auth_zone_verify_zonemd(z, &worker->env, &worker->env.mesh->mods,
2596 &reason, 0, 0);
2597 if(reason && z->zone_expired) {
2598 lock_rw_unlock(&z->lock);
2599 (void)ssl_printf(ssl, "error zonemd for %s failed: %s\n",
2600 arg, reason);
2601 free(reason);
2602 return;
2603 } else if(reason && strcmp(reason, "ZONEMD verification successful")
2604 ==0) {
2605 (void)ssl_printf(ssl, "%s: %s\n", arg, reason);
2606 }
25322607 lock_rw_unlock(&z->lock);
2608 free(reason);
25332609 send_ok(ssl);
25342610 }
25352611
27832859 int all;
27842860 /** current time */
27852861 time_t now;
2862 /** if backoff is enabled */
2863 int backoff;
27862864 };
27872865
27882866 #define ip_ratelimit_list_arg ratelimit_list_arg
27962874 struct rate_data* d = (struct rate_data*)e->data;
27972875 char buf[257];
27982876 int lim = infra_find_ratelimit(a->infra, k->name, k->namelen);
2799 int max = infra_rate_max(d, a->now);
2877 int max = infra_rate_max(d, a->now, a->backoff);
28002878 if(a->all == 0) {
28012879 if(max < lim)
28022880 return;
28142892 struct ip_rate_key* k = (struct ip_rate_key*)e->key;
28152893 struct ip_rate_data* d = (struct ip_rate_data*)e->data;
28162894 int lim = infra_ip_ratelimit;
2817 int max = infra_rate_max(d, a->now);
2895 int max = infra_rate_max(d, a->now, a->backoff);
28182896 if(a->all == 0) {
28192897 if(max < lim)
28202898 return;
28322910 a.infra = worker->env.infra_cache;
28332911 a.now = *worker->env.now;
28342912 a.ssl = ssl;
2913 a.backoff = worker->env.cfg->ratelimit_backoff;
28352914 arg = skipwhite(arg);
28362915 if(strcmp(arg, "+a") == 0)
28372916 a.all = 1;
28502929 a.infra = worker->env.infra_cache;
28512930 a.now = *worker->env.now;
28522931 a.ssl = ssl;
2932 a.backoff = worker->env.cfg->ip_ratelimit_backoff;
28532933 arg = skipwhite(arg);
28542934 if(strcmp(arg, "+a") == 0)
28552935 a.all = 1;
32563336 if (!rc->use_cert) {
32573337 verbose(VERB_ALGO, "unauthenticated remote control connection");
32583338 } else if(SSL_get_verify_result(s->ssl) == X509_V_OK) {
3339 #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
3340 X509* x = SSL_get1_peer_certificate(s->ssl);
3341 #else
32593342 X509* x = SSL_get_peer_certificate(s->ssl);
3343 #endif
32603344 if(!x) {
32613345 verbose(VERB_DETAIL, "remote control connection "
32623346 "provided no client certificate");
+1
-1
daemon/stats.c less more
136136 set_subnet_stats(struct worker* worker, struct ub_server_stats* svr,
137137 int reset)
138138 {
139 int m = modstack_find(&worker->env.mesh->mods, "subnet");
139 int m = modstack_find(&worker->env.mesh->mods, "subnetcache");
140140 struct subnet_env* sne;
141141 if(m == -1)
142142 return;
+30
-0
daemon/unbound.c less more
196196 size_t total = numthread * perthread + misc;
197197 size_t avail;
198198 struct rlimit rlim;
199 size_t memsize_expect = cfg->msg_cache_size + cfg->rrset_cache_size
200 + (cfg->do_tcp?cfg->stream_wait_size:0)
201 + (cfg->ip_ratelimit?cfg->ip_ratelimit_size:0)
202 + (cfg->ratelimit?cfg->ratelimit_size:0)
203 + (cfg->dnscrypt?cfg->dnscrypt_shared_secret_cache_size + cfg->dnscrypt_nonce_cache_size:0)
204 + cfg->infra_cache_numhosts * (sizeof(struct infra_key)+sizeof(struct infra_data));
205 if(strstr(cfg->module_conf, "validator") && (cfg->trust_anchor_file_list || cfg->trust_anchor_list || cfg->auto_trust_anchor_file_list || cfg->trusted_keys_file_list)) {
206 memsize_expect += cfg->key_cache_size + cfg->neg_cache_size;
207 }
208 #ifdef HAVE_NGHTTP2_NGHTTP2_H
209 if(cfg_has_https(cfg)) {
210 memsize_expect += cfg->http_query_buffer_size + cfg->http_response_buffer_size;
211 }
212 #endif
213
214 #ifdef RLIMIT_AS
215 if(getrlimit(RLIMIT_AS, &rlim) == 0) {
216 if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY &&
217 rlim.rlim_cur < (rlim_t)memsize_expect) {
218 log_warn("the ulimit(max memory size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect);
219 }
220 }
221 #endif
222 if(getrlimit(RLIMIT_DATA, &rlim) == 0) {
223 if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY &&
224 rlim.rlim_cur < (rlim_t)memsize_expect) {
225 log_warn("the ulimit(data seg size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect);
226 }
227 }
199228
200229 if(total > 1024 &&
201230 strncmp(ub_event_get_version(), "mini-event", 10) == 0) {
751780 int cmdline_cfg = 0;
752781 #endif
753782
783 checklock_start();
754784 log_init(NULL, 0, NULL);
755785 log_ident_default = strrchr(argv[0],'/')?strrchr(argv[0],'/')+1:argv[0];
756786 log_ident_set_default(log_ident_default);
+73
-106
daemon/worker.c less more
6969 #include "util/edns.h"
7070 #include "iterator/iter_fwd.h"
7171 #include "iterator/iter_hints.h"
72 #include "iterator/iter_utils.h"
7273 #include "validator/autotrust.h"
7374 #include "validator/val_anchor.h"
7475 #include "respip/respip.h"
144145 (&worker->env, i);
145146 #ifdef CLIENT_SUBNET
146147 else if(strcmp(worker->env.mesh->mods.mod[i]->name,
147 "subnet")==0)
148 "subnetcache")==0)
148149 subnet += (*worker->env.mesh->mods.mod[i]->get_mem)
149150 (&worker->env, i);
150151 #endif /* CLIENT_SUBNET */
203204 (&worker->env, i);
204205 #ifdef CLIENT_SUBNET
205206 else if(strcmp(worker->env.mesh->mods.mod[i]->name,
206 "subnet")==0)
207 "subnetcache")==0)
207208 subnet += (*worker->env.mesh->mods.mod[i]->get_mem)
208209 (&worker->env, i);
209210 #endif /* CLIENT_SUBNET */
232233 if(!tube_write_msg(worker->cmd, (uint8_t*)&c, sizeof(c), 0)) {
233234 log_err("worker send cmd %d failed", (int)cmd);
234235 }
235 }
236
237 int
238 worker_handle_reply(struct comm_point* c, void* arg, int error,
239 struct comm_reply* reply_info)
240 {
241 struct module_qstate* q = (struct module_qstate*)arg;
242 struct worker* worker = q->env->worker;
243 struct outbound_entry e;
244 e.qstate = q;
245 e.qsent = NULL;
246
247 if(error != 0) {
248 mesh_report_reply(worker->env.mesh, &e, reply_info, error);
249 worker_mem_report(worker, NULL);
250 return 0;
251 }
252 /* sanity check. */
253 if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer))
254 || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) !=
255 LDNS_PACKET_QUERY
256 || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) {
257 /* error becomes timeout for the module as if this reply
258 * never arrived. */
259 mesh_report_reply(worker->env.mesh, &e, reply_info,
260 NETEVENT_TIMEOUT);
261 worker_mem_report(worker, NULL);
262 return 0;
263 }
264 mesh_report_reply(worker->env.mesh, &e, reply_info, NETEVENT_NOERROR);
265 worker_mem_report(worker, NULL);
266 return 0;
267236 }
268237
269238 int
479448 * Then check if it needs validation, if so, this routine fails,
480449 * so that iterator can prime and validator can verify rrsets.
481450 */
482 struct edns_data edns_bak;
483451 uint16_t udpsize = edns->udp_size;
484452 int secure = 0;
485453 time_t timenow = *worker->env.now;
538506 }
539507 }
540508 /* return this delegation from the cache */
541 edns_bak = *edns;
542509 edns->edns_version = EDNS_ADVERTISED_VERSION;
543510 edns->udp_size = EDNS_ADVERTISED_SIZE;
544511 edns->ext_rcode = 0;
548515 worker->env.now_tv))
549516 return 0;
550517 msg->rep->flags |= BIT_QR|BIT_RA;
551 if(!apply_edns_options(edns, &edns_bak, worker->env.cfg,
552 repinfo->c, worker->scratchpad) ||
553 !reply_info_answer_encode(&msg->qinfo, msg->rep, id, flags,
518 if(!reply_info_answer_encode(&msg->qinfo, msg->rep, id, flags,
554519 repinfo->c->buffer, 0, 1, worker->scratchpad,
555520 udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) {
556521 if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL,
557522 LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
558523 worker->env.now_tv))
559 edns->opt_list = NULL;
524 edns->opt_list_inplace_cb_out = NULL;
560525 error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
561526 &msg->qinfo, id, flags, edns);
562527 }
634599 struct reply_info* rep, uint16_t id, uint16_t flags,
635600 struct comm_reply* repinfo, struct edns_data* edns)
636601 {
637 struct edns_data edns_bak;
638602 time_t timenow = *worker->env.now;
639603 uint16_t udpsize = edns->udp_size;
640604 struct reply_info* encode_rep = rep;
715679 }
716680 } else *is_secure_answer = 0;
717681
718 edns_bak = *edns;
719682 edns->edns_version = EDNS_ADVERTISED_VERSION;
720683 edns->udp_size = EDNS_ADVERTISED_SIZE;
721684 edns->ext_rcode = 0;
752715 if(!*partial_repp)
753716 goto bail_out;
754717 }
755 } else if(!apply_edns_options(edns, &edns_bak, worker->env.cfg,
756 repinfo->c, worker->scratchpad) ||
757 !reply_info_answer_encode(qinfo, encode_rep, id, flags,
718 } else if(!reply_info_answer_encode(qinfo, encode_rep, id, flags,
758719 repinfo->c->buffer, timenow, 1, worker->scratchpad,
759720 udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer)) {
760721 if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL,
761722 LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
762723 worker->env.now_tv))
763 edns->opt_list = NULL;
724 edns->opt_list_inplace_cb_out = NULL;
764725 error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
765726 qinfo, id, flags, edns);
766727 }
819780 int i;
820781 unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt));
821782 unsigned int cd = LDNS_CD_WIRE(sldns_buffer_begin(pkt));
783 size_t udpsize = edns->udp_size;
784 edns->edns_version = EDNS_ADVERTISED_VERSION;
785 edns->udp_size = EDNS_ADVERTISED_SIZE;
786 edns->bits &= EDNS_DO;
787 if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL,
788 LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad,
789 worker->env.now_tv))
790 edns->opt_list_inplace_cb_out = NULL;
822791 sldns_buffer_clear(pkt);
823792 sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */
824793 sldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA));
834803 for(i=0; i<num; i++) {
835804 size_t len = strlen(str[i]);
836805 if(len>255) len=255; /* cap size of TXT record */
806 if(sldns_buffer_position(pkt)+2+2+2+4+2+1+len+
807 calc_edns_field_size(edns) > udpsize) {
808 sldns_buffer_write_u16_at(pkt, 6, i); /* ANCOUNT */
809 LDNS_TC_SET(sldns_buffer_begin(pkt));
810 break;
811 }
837812 sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */
838813 sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT);
839814 sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH);
843818 sldns_buffer_write(pkt, str[i], len);
844819 }
845820 sldns_buffer_flip(pkt);
846 edns->edns_version = EDNS_ADVERTISED_VERSION;
847 edns->udp_size = EDNS_ADVERTISED_SIZE;
848 edns->bits &= EDNS_DO;
849 if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL,
850 LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad,
851 worker->env.now_tv))
852 edns->opt_list = NULL;
853821 if(sldns_buffer_capacity(pkt) >=
854822 sldns_buffer_limit(pkt)+calc_edns_field_size(edns))
855823 attach_edns_record(pkt, edns);
10341002 edns->udp_size = EDNS_ADVERTISED_SIZE;
10351003 edns->ext_rcode = 0;
10361004 edns->bits &= EDNS_DO;
1037 edns->opt_list = NULL;
10381005 error_encode(pkt, rcode, qinfo,
10391006 *(uint16_t*)(void *)sldns_buffer_begin(pkt),
10401007 sldns_buffer_read_u16_at(pkt, 2), edns);
11651132 }
11661133 #endif
11671134 #ifdef USE_DNSTAP
1168 if(worker->dtenv.log_client_query_messages)
1169 dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, c->type,
1170 c->buffer);
1135 /*
1136 * sending src (client)/dst (local service) addresses over DNSTAP from incoming request handler
1137 */
1138 if(worker->dtenv.log_client_query_messages) {
1139 log_addr(VERB_ALGO, "request from client", &repinfo->addr, repinfo->addrlen);
1140 log_addr(VERB_ALGO, "to local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen);
1141 dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer);
1142 }
11711143 #endif
11721144 acladdr = acl_addr_lookup(worker->daemon->acl, &repinfo->addr,
11731145 repinfo->addrlen);
11941166
11951167 /* check if this query should be dropped based on source ip rate limiting */
11961168 if(!infra_ip_ratelimit_inc(worker->env.infra_cache, repinfo,
1197 *worker->env.now, c->buffer)) {
1169 *worker->env.now,
1170 worker->env.cfg->ip_ratelimit_backoff, c->buffer)) {
11981171 /* See if we are passed through with slip factor */
11991172 if(worker->env.cfg->ip_ratelimit_factor != 0 &&
12001173 ub_random_max(worker->env.rnd,
12661239 }
12671240 goto send_reply;
12681241 }
1269 if((ret=parse_edns_from_pkt(c->buffer, &edns, worker->scratchpad)) != 0) {
1242 if((ret=parse_edns_from_query_pkt(c->buffer, &edns, worker->env.cfg, c,
1243 worker->scratchpad)) != 0) {
12701244 struct edns_data reply_edns;
12711245 verbose(VERB_ALGO, "worker parse edns: formerror.");
12721246 log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
12811255 goto send_reply;
12821256 }
12831257 if(edns.edns_present) {
1284 struct edns_option* edns_opt;
12851258 if(edns.edns_version != 0) {
12861259 edns.ext_rcode = (uint8_t)(EDNS_RCODE_BADVERS>>4);
12871260 edns.edns_version = EDNS_ADVERTISED_VERSION;
12881261 edns.udp_size = EDNS_ADVERTISED_SIZE;
12891262 edns.bits &= EDNS_DO;
1290 edns.opt_list = NULL;
1263 edns.opt_list_in = NULL;
1264 edns.opt_list_out = NULL;
1265 edns.opt_list_inplace_cb_out = NULL;
12911266 edns.padding_block_size = 0;
12921267 verbose(VERB_ALGO, "query with bad edns version.");
12931268 log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
13061281 (int)edns.udp_size);
13071282 log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
13081283 edns.udp_size = NORMAL_UDP_SIZE;
1309 }
1310 if(c->type != comm_udp) {
1311 edns_opt = edns_opt_list_find(edns.opt_list, LDNS_EDNS_KEEPALIVE);
1312 if(edns_opt && edns_opt->opt_len > 0) {
1313 edns.ext_rcode = 0;
1314 edns.edns_version = EDNS_ADVERTISED_VERSION;
1315 edns.udp_size = EDNS_ADVERTISED_SIZE;
1316 edns.bits &= EDNS_DO;
1317 edns.opt_list = NULL;
1318 verbose(VERB_ALGO, "query with bad edns keepalive.");
1319 log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
1320 error_encode(c->buffer, LDNS_RCODE_FORMERR, &qinfo,
1321 *(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
1322 sldns_buffer_read_u16_at(c->buffer, 2), NULL);
1323 if(sldns_buffer_capacity(c->buffer) >=
1324 sldns_buffer_limit(c->buffer)+calc_edns_field_size(&edns))
1325 attach_edns_record(c->buffer, &edns);
1326 regional_free_all(worker->scratchpad);
1327 goto send_reply;
1328 }
13291284 }
13301285 }
13311286 if(edns.udp_size > worker->daemon->cfg->max_udp_size &&
13801335 goto send_reply;
13811336 }
13821337 if(worker->env.auth_zones &&
1383 rpz_apply_qname_trigger(worker->env.auth_zones,
1338 rpz_callback_from_worker_request(worker->env.auth_zones,
13841339 &worker->env, &qinfo, &edns, c->buffer, worker->scratchpad,
13851340 repinfo, acladdr->taglist, acladdr->taglen, &worker->stats)) {
13861341 regional_free_all(worker->scratchpad);
14781433 * this is a two-pass operation, and lookup_qinfo is different for
14791434 * each pass. We should still pass the original qinfo to
14801435 * answer_from_cache(), however, since it's used to build the reply. */
1481 if(!edns_bypass_cache_stage(edns.opt_list, &worker->env)) {
1436 if(!edns_bypass_cache_stage(edns.opt_list_in, &worker->env)) {
14821437 is_expired_answer = 0;
14831438 is_secure_answer = 0;
14841439 h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2));
15911546 if(is_secure_answer) worker->stats.ans_secure++;
15921547 }
15931548 #ifdef USE_DNSTAP
1594 if(worker->dtenv.log_client_response_messages)
1595 dt_msg_send_client_response(&worker->dtenv, &repinfo->addr,
1596 c->type, c->buffer);
1549 /*
1550 * sending src (client)/dst (local service) addresses over DNSTAP from send_reply code label (when we serviced local zone for ex.)
1551 */
1552 if(worker->dtenv.log_client_response_messages) {
1553 log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen);
1554 log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen);
1555 dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer);
1556 }
15971557 #endif
15981558 if(worker->env.cfg->log_replies)
15991559 {
18141774 &worker_alloc_cleanup, worker,
18151775 cfg->do_udp || cfg->udp_upstream_without_downstream,
18161776 worker->daemon->connect_sslctx, cfg->delay_close,
1817 cfg->tls_use_sni, dtenv, cfg->udp_connect);
1777 cfg->tls_use_sni, dtenv, cfg->udp_connect,
1778 cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout,
1779 cfg->tcp_auth_query_timeout);
18181780 if(!worker->back) {
18191781 log_err("could not create outgoing sockets");
18201782 worker_delete(worker);
18211783 return 0;
18221784 }
1785 iterator_set_ip46_support(&worker->daemon->mods, worker->daemon->env,
1786 worker->back);
18231787 /* start listening to commands */
18241788 if(!tube_setup_bg_listen(worker->cmd, worker->base,
18251789 &worker_handle_control_cmd, worker)) {
18661830 return 0;
18671831 }
18681832 worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env);
1833 if(!worker->env.mesh) {
1834 log_err("malloc failure");
1835 worker_delete(worker);
1836 return 0;
1837 }
18691838 /* Pass on daemon variables that we would need in the mesh area */
18701839 worker->env.mesh->use_response_ip = worker->daemon->use_response_ip;
18711840 worker->env.mesh->use_rpz = worker->daemon->use_rpz;
18761845 worker->env.kill_sub = &mesh_state_delete;
18771846 worker->env.detect_cycle = &mesh_detect_cycle;
18781847 worker->env.scratch_buffer = sldns_buffer_new(cfg->msg_buffer_size);
1848 if(!worker->env.scratch_buffer) {
1849 log_err("malloc failure");
1850 worker_delete(worker);
1851 return 0;
1852 }
18791853 if(!(worker->env.fwds = forwards_create()) ||
18801854 !forwards_apply_cfg(worker->env.fwds, cfg)) {
18811855 log_err("Could not set forward zones");
19131887 #endif
19141888 ) {
19151889 auth_xfer_pickup_initial(worker->env.auth_zones, &worker->env);
1890 auth_zones_pickup_zonemd_verify(worker->env.auth_zones,
1891 &worker->env);
19161892 }
19171893 #ifdef USE_DNSTAP
19181894 if(worker->daemon->cfg->dnstap
19281904 }
19291905 }
19301906 #endif /* USE_DNSTAP */
1931 if(!worker->env.mesh || !worker->env.scratch_buffer) {
1932 worker_delete(worker);
1933 return 0;
1934 }
19351907 worker_mem_report(worker, NULL);
19361908 /* if statistics enabled start timer */
19371909 if(worker->env.cfg->stat_interval > 0) {
19951967
19961968 struct outbound_entry*
19971969 worker_send_query(struct query_info* qinfo, uint16_t flags, int dnssec,
1998 int want_dnssec, int nocaps, struct sockaddr_storage* addr,
1999 socklen_t addrlen, uint8_t* zone, size_t zonelen, int ssl_upstream,
2000 char* tls_auth_name, struct module_qstate* q)
1970 int want_dnssec, int nocaps, int check_ratelimit,
1971 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
1972 size_t zonelen, int tcp_upstream, int ssl_upstream, char* tls_auth_name,
1973 struct module_qstate* q, int* was_ratelimited)
20011974 {
20021975 struct worker* worker = q->env->worker;
20031976 struct outbound_entry* e = (struct outbound_entry*)regional_alloc(
20061979 return NULL;
20071980 e->qstate = q;
20081981 e->qsent = outnet_serviced_query(worker->back, qinfo, flags, dnssec,
2009 want_dnssec, nocaps, q->env->cfg->tcp_upstream,
1982 want_dnssec, nocaps, check_ratelimit, tcp_upstream,
20101983 ssl_upstream, tls_auth_name, addr, addrlen, zone, zonelen, q,
2011 worker_handle_service_reply, e, worker->back->udp_buff, q->env);
1984 worker_handle_service_reply, e, worker->back->udp_buff, q->env,
1985 was_ratelimited);
20121986 if(!e->qsent) {
20131987 return NULL;
20141988 }
20522026 struct query_info* ATTR_UNUSED(qinfo),
20532027 uint16_t ATTR_UNUSED(flags), int ATTR_UNUSED(dnssec),
20542028 int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps),
2029 int ATTR_UNUSED(check_ratelimit),
20552030 struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen),
2056 uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen),
2031 uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream),
20572032 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name),
2058 struct module_qstate* ATTR_UNUSED(q))
2059 {
2060 log_assert(0);
2061 return 0;
2062 }
2063
2064 int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c),
2065 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
2066 struct comm_reply* ATTR_UNUSED(reply_info))
2033 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited))
20672034 {
20682035 log_assert(0);
20692036 return 0;
+9
-4
dns64/dns64.c less more
684684 switch(event) {
685685 case module_event_new:
686686 /* Tag this query as being new and fall through. */
687 iq = (struct dns64_qstate*)regional_alloc(
688 qstate->region, sizeof(*iq));
687 if (!(iq = (struct dns64_qstate*)regional_alloc(
688 qstate->region, sizeof(*iq)))) {
689 log_err("out of memory");
690 qstate->ext_state[id] = module_error;
691 return;
692 }
689693 qstate->minfo[id] = iq;
690694 iq->state = DNS64_NEW_QUERY;
691695 iq->started_no_cache_store = qstate->no_cache_store;
912916 sizeof(struct dns_msg))))
913917 return;
914918 super->return_msg->qinfo = super->qinfo;
915 super->return_msg->rep = reply_info_copy(qstate->return_msg->rep, NULL,
916 super->region);
919 if (!(super->return_msg->rep = reply_info_copy(qstate->return_msg->rep,
920 NULL, super->region)))
921 return;
917922
918923 /*
919924 * Adjust the domain name of the answer RR set so that it matches the
+4
-2
dnscrypt/dnscrypt.c less more
434434
435435 /**
436436 * Add the server nonce part to once.
437 * The nonce is made half of client nonce and the seconf half of the server
437 * The nonce is made half of client nonce and the second half of the server
438438 * nonce, both of them of size crypto_box_HALF_NONCEBYTES.
439439 * \param[in] nonce: a uint8_t* of size crypto_box_NONCEBYTES
440440 */
673673 /**
674674 * Insert local-zone and local-data into configuration.
675675 * In order to be able to serve certs over TXT, we can reuse the local-zone and
676 * local-data config option. The zone and qname are infered from the
676 * local-data config option. The zone and qname are inferred from the
677677 * provider_name and the content of the TXT record from the certificate content.
678678 * returns the number of certificate TXT record that were loaded.
679679 * < 0 in case of error.
862862 return cert_id;
863863 }
864864
865 #ifdef SODIUM_MISUSE_HANDLER
865866 static void
866867 sodium_misuse_handler(void)
867868 {
871872 " unbound in a chroot, make sure /dev/urandom is available. See"
872873 " https://www.unbound.net/documentation/unbound.conf.html");
873874 }
875 #endif
874876
875877
876878 /**
+2
-2
dnscrypt/dnscrypt.h less more
113113
114114 /**
115115 * handle a crypted dnscrypt request.
116 * Determine wether or not a query is coming over the dnscrypt listener and
116 * Determine whether or not a query is coming over the dnscrypt listener and
117117 * attempt to uncurve it or detect if it is a certificate query.
118118 * return 0 in case of failure.
119119 */
121121 struct comm_reply* repinfo);
122122 /**
123123 * handle an unencrypted dnscrypt request.
124 * Determine wether or not a query is going over the dnscrypt channel and
124 * Determine whether or not a query is going over the dnscrypt channel and
125125 * attempt to curve it unless it was not crypted like when it is a
126126 * certificate query.
127127 * \return 0 in case of failure.
+84
-40
dnstap/dnstap.c less more
301301
302302 static void
303303 dt_msg_fill_net(struct dt_msg *dm,
304 struct sockaddr_storage *ss,
304 struct sockaddr_storage *qs,
305 struct sockaddr_storage *rs,
305306 enum comm_point_type cptype,
306 ProtobufCBinaryData *addr, protobuf_c_boolean *has_addr,
307 uint32_t *port, protobuf_c_boolean *has_port)
308 {
309 log_assert(ss->ss_family == AF_INET6 || ss->ss_family == AF_INET);
310 if (ss->ss_family == AF_INET6) {
311 struct sockaddr_in6 *s = (struct sockaddr_in6 *) ss;
307 ProtobufCBinaryData *qaddr, protobuf_c_boolean *has_qaddr,
308 uint32_t *qport, protobuf_c_boolean *has_qport,
309 ProtobufCBinaryData *raddr, protobuf_c_boolean *has_raddr,
310 uint32_t *rport, protobuf_c_boolean *has_rport)
311 {
312 log_assert(qs->ss_family == AF_INET6 || qs->ss_family == AF_INET);
313 if (qs->ss_family == AF_INET6) {
314 struct sockaddr_in6 *q = (struct sockaddr_in6 *) qs;
312315
313316 /* socket_family */
314317 dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET6;
315318 dm->m.has_socket_family = 1;
316319
317320 /* addr: query_address or response_address */
318 addr->data = s->sin6_addr.s6_addr;
319 addr->len = 16; /* IPv6 */
320 *has_addr = 1;
321 qaddr->data = q->sin6_addr.s6_addr;
322 qaddr->len = 16; /* IPv6 */
323 *has_qaddr = 1;
321324
322325 /* port: query_port or response_port */
323 *port = ntohs(s->sin6_port);
324 *has_port = 1;
325 } else if (ss->ss_family == AF_INET) {
326 struct sockaddr_in *s = (struct sockaddr_in *) ss;
326 *qport = ntohs(q->sin6_port);
327 *has_qport = 1;
328 } else if (qs->ss_family == AF_INET) {
329 struct sockaddr_in *q = (struct sockaddr_in *) qs;
327330
328331 /* socket_family */
329332 dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET;
330333 dm->m.has_socket_family = 1;
331334
332335 /* addr: query_address or response_address */
333 addr->data = (uint8_t *) &s->sin_addr.s_addr;
334 addr->len = 4; /* IPv4 */
335 *has_addr = 1;
336 qaddr->data = (uint8_t *) &q->sin_addr.s_addr;
337 qaddr->len = 4; /* IPv4 */
338 *has_qaddr = 1;
336339
337340 /* port: query_port or response_port */
338 *port = ntohs(s->sin_port);
339 *has_port = 1;
340 }
341 *qport = ntohs(q->sin_port);
342 *has_qport = 1;
343 }
344
345 /*
346 * This block is to fill second set of fields in DNSTAP-message defined as request_/response_ names.
347 * Additional responsive structure is: struct sockaddr_storage *rs
348 */
349 if (rs && rs->ss_family == AF_INET6) {
350 struct sockaddr_in6 *r = (struct sockaddr_in6 *) rs;
351
352 /* addr: query_address or response_address */
353 raddr->data = r->sin6_addr.s6_addr;
354 raddr->len = 16; /* IPv6 */
355 *has_raddr = 1;
356
357 /* port: query_port or response_port */
358 *rport = ntohs(r->sin6_port);
359 *has_rport = 1;
360 } else if (rs && rs->ss_family == AF_INET) {
361 struct sockaddr_in *r = (struct sockaddr_in *) rs;
362
363 /* addr: query_address or response_address */
364 raddr->data = (uint8_t *) &r->sin_addr.s_addr;
365 raddr->len = 4; /* IPv4 */
366 *has_raddr = 1;
367
368 /* port: query_port or response_port */
369 *rport = ntohs(r->sin_port);
370 *has_rport = 1;
371 }
341372
342373 log_assert(cptype == comm_udp || cptype == comm_tcp);
343374 if (cptype == comm_udp) {
354385 void
355386 dt_msg_send_client_query(struct dt_env *env,
356387 struct sockaddr_storage *qsock,
388 struct sockaddr_storage *rsock,
357389 enum comm_point_type cptype,
358390 sldns_buffer *qmsg)
359391 {
373405 /* query_message */
374406 dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message);
375407
376 /* socket_family, socket_protocol, query_address, query_port */
408 /* socket_family, socket_protocol, query_address, query_port, response_address, response_port */
377409 log_assert(cptype == comm_udp || cptype == comm_tcp);
378 dt_msg_fill_net(&dm, qsock, cptype,
410 dt_msg_fill_net(&dm, qsock, rsock, cptype,
379411 &dm.m.query_address, &dm.m.has_query_address,
380 &dm.m.query_port, &dm.m.has_query_port);
412 &dm.m.query_port, &dm.m.has_query_port,
413 &dm.m.response_address, &dm.m.has_response_address,
414 &dm.m.response_port, &dm.m.has_response_port);
415
381416
382417 if (dt_pack(&dm.d, &dm.buf, &dm.len_buf))
383418 dt_send(env, dm.buf, dm.len_buf);
386421 void
387422 dt_msg_send_client_response(struct dt_env *env,
388423 struct sockaddr_storage *qsock,
424 struct sockaddr_storage *rsock,
389425 enum comm_point_type cptype,
390426 sldns_buffer *rmsg)
391427 {
405441 /* response_message */
406442 dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message);
407443
408 /* socket_family, socket_protocol, query_address, query_port */
444 /* socket_family, socket_protocol, query_address, query_port, response_address, response_port */
409445 log_assert(cptype == comm_udp || cptype == comm_tcp);
410 dt_msg_fill_net(&dm, qsock, cptype,
446 dt_msg_fill_net(&dm, qsock, rsock, cptype,
411447 &dm.m.query_address, &dm.m.has_query_address,
412 &dm.m.query_port, &dm.m.has_query_port);
448 &dm.m.query_port, &dm.m.has_query_port,
449 &dm.m.response_address, &dm.m.has_response_address,
450 &dm.m.response_port, &dm.m.has_response_port);
413451
414452 if (dt_pack(&dm.d, &dm.buf, &dm.len_buf))
415453 dt_send(env, dm.buf, dm.len_buf);
418456 void
419457 dt_msg_send_outside_query(struct dt_env *env,
420458 struct sockaddr_storage *rsock,
459 struct sockaddr_storage *qsock,
421460 enum comm_point_type cptype,
422461 uint8_t *zone, size_t zone_len,
423462 sldns_buffer *qmsg)
453492 /* query_message */
454493 dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message);
455494
456 /* socket_family, socket_protocol, response_address, response_port */
495 /* socket_family, socket_protocol, response_address, response_port, query_address, query_port */
457496 log_assert(cptype == comm_udp || cptype == comm_tcp);
458 dt_msg_fill_net(&dm, rsock, cptype,
497 dt_msg_fill_net(&dm, rsock, qsock, cptype,
459498 &dm.m.response_address, &dm.m.has_response_address,
460 &dm.m.response_port, &dm.m.has_response_port);
499 &dm.m.response_port, &dm.m.has_response_port,
500 &dm.m.query_address, &dm.m.has_query_address,
501 &dm.m.query_port, &dm.m.has_query_port);
461502
462503 if (dt_pack(&dm.d, &dm.buf, &dm.len_buf))
463504 dt_send(env, dm.buf, dm.len_buf);
465506
466507 void
467508 dt_msg_send_outside_response(struct dt_env *env,
468 struct sockaddr_storage *rsock,
469 enum comm_point_type cptype,
470 uint8_t *zone, size_t zone_len,
471 uint8_t *qbuf, size_t qbuf_len,
472 const struct timeval *qtime,
473 const struct timeval *rtime,
474 sldns_buffer *rmsg)
509 struct sockaddr_storage *rsock,
510 struct sockaddr_storage *qsock,
511 enum comm_point_type cptype,
512 uint8_t *zone, size_t zone_len,
513 uint8_t *qbuf, size_t qbuf_len,
514 const struct timeval *qtime,
515 const struct timeval *rtime,
516 sldns_buffer *rmsg)
475517 {
476518 struct dt_msg dm;
477519 uint16_t qflags;
478520
479 log_assert(qbuf_len >= sizeof(qflags));
521 (void)qbuf_len; log_assert(qbuf_len >= sizeof(qflags));
480522 memcpy(&qflags, qbuf, sizeof(qflags));
481523 qflags = ntohs(qflags);
482524
509551 /* response_message */
510552 dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message);
511553
512 /* socket_family, socket_protocol, response_address, response_port */
554 /* socket_family, socket_protocol, response_address, response_port, query_address, query_port */
513555 log_assert(cptype == comm_udp || cptype == comm_tcp);
514 dt_msg_fill_net(&dm, rsock, cptype,
556 dt_msg_fill_net(&dm, rsock, qsock, cptype,
515557 &dm.m.response_address, &dm.m.has_response_address,
516 &dm.m.response_port, &dm.m.has_response_port);
558 &dm.m.response_port, &dm.m.has_response_port,
559 &dm.m.query_address, &dm.m.has_query_address,
560 &dm.m.query_port, &dm.m.has_query_port);
517561
518562 if (dt_pack(&dm.d, &dm.buf, &dm.len_buf))
519563 dt_send(env, dm.buf, dm.len_buf);
+10
-2
dnstap/dnstap.h less more
122122 * Create and send a new dnstap "Message" event of type CLIENT_QUERY.
123123 * @param env: dnstap environment object.
124124 * @param qsock: address/port of client.
125 * @param rsock: local (service) address/port.
125126 * @param cptype: comm_udp or comm_tcp.
126127 * @param qmsg: query message.
127128 */
128129 void
129130 dt_msg_send_client_query(struct dt_env *env,
130131 struct sockaddr_storage *qsock,
132 struct sockaddr_storage *rsock,
131133 enum comm_point_type cptype,
132134 struct sldns_buffer *qmsg);
133135
135137 * Create and send a new dnstap "Message" event of type CLIENT_RESPONSE.
136138 * @param env: dnstap environment object.
137139 * @param qsock: address/port of client.
140 * @param rsock: local (service) address/port.
138141 * @param cptype: comm_udp or comm_tcp.
139142 * @param rmsg: response message.
140143 */
141144 void
142145 dt_msg_send_client_response(struct dt_env *env,
143146 struct sockaddr_storage *qsock,
147 struct sockaddr_storage *rsock,
144148 enum comm_point_type cptype,
145149 struct sldns_buffer *rmsg);
146150
149153 * FORWARDER_QUERY. The type used is dependent on the value of the RD bit
150154 * in the query header.
151155 * @param env: dnstap environment object.
152 * @param rsock: address/port of server the query is being sent to.
156 * @param rsock: address/port of server (upstream) the query is being sent to.
157 * @param qsock: address/port of server (local) the query is being sent from.
153158 * @param cptype: comm_udp or comm_tcp.
154159 * @param zone: query zone.
155160 * @param zone_len: length of zone.
158163 void
159164 dt_msg_send_outside_query(struct dt_env *env,
160165 struct sockaddr_storage *rsock,
166 struct sockaddr_storage *qsock,
161167 enum comm_point_type cptype,
162168 uint8_t *zone, size_t zone_len,
163169 struct sldns_buffer *qmsg);
167173 * FORWARDER_RESPONSE. The type used is dependent on the value of the RD bit
168174 * in the query header.
169175 * @param env: dnstap environment object.
170 * @param rsock: address/port of server the response was received from.
176 * @param rsock: address/port of server (upstream) the response was received from.
177 * @param qsock: address/port of server (local) the response was received to.
171178 * @param cptype: comm_udp or comm_tcp.
172179 * @param zone: query zone.
173180 * @param zone_len: length of zone.
180187 void
181188 dt_msg_send_outside_response(struct dt_env *env,
182189 struct sockaddr_storage *rsock,
190 struct sockaddr_storage *qsock,
183191 enum comm_point_type cptype,
184192 uint8_t *zone, size_t zone_len,
185193 uint8_t *qbuf, size_t qbuf_len,
+21
-16
dnstap/dtstream.c less more
187187
188188 /** start timer to wakeup dtio because there is content in the queue */
189189 static void
190 dt_msg_queue_start_timer(struct dt_msg_queue* mq)
191 {
192 struct timeval tv;
190 dt_msg_queue_start_timer(struct dt_msg_queue* mq, int wakeupnow)
191 {
192 struct timeval tv = {0};
193193 /* Start a timer to process messages to be logged.
194194 * If we woke up the dtio thread for every message, the wakeup
195195 * messages take up too much processing power. If the queue
203203
204204 /* do not start the timer if a timer already exists, perhaps
205205 * in another worker. So this variable is protected by a lock in
206 * dtio */
206 * dtio. */
207
208 /* If we need to wakeupnow, 0 the timer to force the callback. */
207209 lock_basic_lock(&mq->dtio->wakeup_timer_lock);
208210 if(mq->dtio->wakeup_timer_enabled) {
211 if(wakeupnow) {
212 comm_timer_set(mq->wakeup_timer, &tv);
213 }
209214 lock_basic_unlock(&mq->dtio->wakeup_timer_lock);
210215 return;
211216 }
212217 mq->dtio->wakeup_timer_enabled = 1; /* we are going to start one */
218
219 /* start the timer, in mq, in the event base of our worker */
220 if(!wakeupnow) {
221 tv.tv_sec = 1;
222 tv.tv_usec = 0;
223 }
224 comm_timer_set(mq->wakeup_timer, &tv);
213225 lock_basic_unlock(&mq->dtio->wakeup_timer_lock);
214
215 /* start the timer, in mq, in the event base of our worker */
216 tv.tv_sec = 1;
217 tv.tv_usec = 0;
218 comm_timer_set(mq->wakeup_timer, &tv);
219226 }
220227
221228 void
250257 entry->buf = buf;
251258 entry->len = len;
252259
253 /* aqcuire lock */
260 /* acquire lock */
254261 lock_basic_lock(&mq->lock);
255262 /* if list was empty, start timer for (eventual) wakeup */
256263 if(mq->first == NULL)
282289 /* release lock */
283290 lock_basic_unlock(&mq->lock);
284291
285 if(wakeupnow) {
286 dtio_wakeup(mq->dtio);
287 } else if(wakeupstarttimer) {
288 dt_msg_queue_start_timer(mq);
292 if(wakeupnow || wakeupstarttimer) {
293 dt_msg_queue_start_timer(mq, wakeupnow);
289294 }
290295 }
291296
929934 return 1;
930935 }
931936
932 /** write more of the current messsage. false if incomplete, true if
937 /** write more of the current message. false if incomplete, true if
933938 * the message is done */
934939 static int dtio_write_more(struct dt_io_thread* dtio)
935940 {
11801185 goto close_connection;
11811186 return 1;
11821187 } else {
1183 /* unknow content type */
1188 /* unknown content type */
11841189 verbose(VERB_ALGO, "dnstap: ACCEPT frame "
11851190 "contains unknown content type, "
11861191 "closing connection");
+19
-25
dnstap/unbound-dnstap-socket.c less more
10111011 if(verbosity) log_info("bidirectional stream");
10121012 if(!reply_with_accept(data)) {
10131013 tap_data_free(data);
1014 return;
10141015 }
10151016 } else if(data->len >= 4 && sldns_read_uint32(data->frame) ==
10161017 FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) {
11651166 /** signal handler for user quit */
11661167 static RETSIGTYPE main_sigh(int sig)
11671168 {
1168 if(!sig_quit)
1169 fprintf(stderr, "exit on signal %d\n", sig);
1169 if(!sig_quit) {
1170 char str[] = "exit on signal \n";
1171 str[15] = '0' + (sig/10)%10;
1172 str[16] = '0' + sig%10;
1173 /* simple cast to void will not silence Wunused-result */
1174 (void)!write(STDERR_FILENO, str, strlen(str));
1175 }
11701176 if(sig_base) {
11711177 ub_event_base_loopexit(sig_base);
11721178 sig_base = NULL;
12571263 memset(&tls_list, 0, sizeof(tls_list));
12581264
12591265 /* lock debug start (if any) */
1266 checklock_start();
12601267 log_ident_set("unbound-dnstap-socket");
12611268 log_init(0, 0, 0);
1262 checklock_start();
12631269
12641270 #ifdef SIGPIPE
12651271 if(signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
13741380 return 0;
13751381 }
13761382
1377 int worker_handle_reply(struct comm_point* ATTR_UNUSED(c),
1378 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1379 struct comm_reply* ATTR_UNUSED(reply_info))
1380 {
1381 log_assert(0);
1382 return 0;
1383 }
1384
13851383 int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c),
13861384 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
13871385 struct comm_reply* ATTR_UNUSED(reply_info))
14141412 struct outbound_entry* worker_send_query(
14151413 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags),
14161414 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
1417 int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr),
1415 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit),
1416 struct sockaddr_storage* ATTR_UNUSED(addr),
14181417 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
1419 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream),
1420 char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q))
1418 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream),
1419 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name),
1420 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited))
14211421 {
14221422 log_assert(0);
14231423 return 0;
14461446 struct outbound_entry* libworker_send_query(
14471447 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags),
14481448 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
1449 int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr),
1449 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit),
1450 struct sockaddr_storage* ATTR_UNUSED(addr),
14501451 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
1451 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream),
1452 char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q))
1453 {
1454 log_assert(0);
1455 return 0;
1456 }
1457
1458 int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c),
1459 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
1460 struct comm_reply* ATTR_UNUSED(reply_info))
1452 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream),
1453 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name),
1454 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited))
14611455 {
14621456 log_assert(0);
14631457 return 0;
+671
-0
doc/Changelog less more
0 3 February 2022: Wouter
1 - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
2
3 2 February 2022: George
4 - Merge PR #532 from Shchelk: Fix: buffer overflow bug.
5 - Merge PR #616: Update ratelimit logic. It also introduces
6 ratelimit-backoff and ip-ratelimit-backoff configuration options.
7 - Change aggressive-nsec default to yes.
8 - Merge PR #617: Update stub/forward-host notation to accept port and
9 tls-auth-name.
10 - Update stream_ssl.tdir test to also use the new forward-host
11 notation.
12
13 2 February 2022: Wouter
14 - Update version number in repo to 1.15.0 for upcoming release,
15 since it changes the aggressive-nsec default and the ratelimit change.
16 - Fix header comment for doxygen for authextstrtoaddr.
17 - please clang analyzer for loop in test code.
18 - Fix docker splint test to use more portable uname.
19 - Update contrib/aaaa-filter-iterator.patch with diff for current
20 software version.
21
22 1 February 2022: George
23 - Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
24 internals.
25
26 31 January 2022: George
27 - Fix review comment for use-after-free when failing to send UDP out.
28
29 31 January 2022: Wouter
30 - iana portlist update.
31
32 29 January 2022: George
33 - Fix tls-* and ssl-* documented alternate syntax to also be available
34 through remote-control and unbound-checkconf.
35 - Better cleanup on failed DoT/DoH listening socket creation.
36
37 26 January 2022: George
38 - Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC
39 document.
40
41 26 January 2022: Wouter
42 - Test for NSID in SERVFAIL response due to DNSSEC bogus.
43
44 25 January 2022: George
45 - Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in
46 serviced_udp_callback.
47 - Merge PR #612: TCP race condition.
48
49 25 January 2022: Wouter
50 - Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
51
52 19 January 2022: George
53 - For dnstap, do not wakeupnow right there. Instead zero the timer to
54 force the wakeup callback asap.
55
56 14 January 2022: George
57 - Merge PR #605:
58 - Fix EDNS to upstream where the same option could be attached
59 more than once.
60 - Add a region to serviced_query for allocations.
61
62 14 January 2022: Wouter
63 - Add rpz: for-downstream: yesno option, where the RPZ zone is
64 authoritatively answered for, so the RPZ zone contents can be
65 checked with DNS queries directed at the RPZ zone.
66 - For #602: Allow the module-config "subnetcache validator cachedb
67 iterator".
68
69 11 January 2022: George
70 - Fix prematurely terminated TCP queries when a reply has the same ID.
71
72 7 January 2022: Wouter
73 - Merge #600 from pemensik: Change file mode before changing file
74 owner.
75
76 5 January 2022: Wouter
77 - Fix for #596: fix that rpz return message is returned and not just
78 the rcode from the iterator return path. This fixes signal unset RA
79 after a CNAME.
80 - Fix unit tests for rpz now that the AA flag returns successfully from
81 the iterator loop.
82 - Fix for #596: add unit test for nsdname trigger and signal unset RA.
83 - Fix for #596: add unit test for nsip trigger and signal unset RA.
84 - Fix #598: Fix unbound-checkconf fatal error: module conf
85 'respip dns64 validator iterator' is not known to work.
86 - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
87 triggered operation.
88
89 4 January 2022: Wouter
90 - Fix #596: unset the RA bit when a query is blocked by an unbound
91 RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
92 signal that a domain is externally blocked to clients when it
93 is blocked with NXDOMAIN by unsetting RA.
94 - Fix to add test for rpz-signal-nxdomain-ra.
95 - Fix #596: only unset RA when NXDOMAIN is signalled.
96 - Fix that RPZ does not set RD flag on replies, it should be copied
97 from the query.
98
99 22 December 2021: George
100 - contrib/aaaa-filter-iterator.patch file renewed diff content to
101 apply cleanly to the current coderepo for the current code version.
102
103 20 December 2021: George
104 - Fix #591: Unbound-anchor manpage links to non-existent license file.
105
106 13 December 2021: George
107 - Add missing configure flags for optional features in the
108 documentation.
109 - Fix Unbound capitalization in the documentation.
110
111 13 December 2021: Wouter
112 - Fix to pick up other class local zone information before unlock.
113
114 10 December 2021: George
115 - Allow local-data for classes other than IN to inherit a configured
116 local-zone's type if possible, instead of defaulting to type
117 transparent as per the implicit rule.
118
119 10 December 2021: Wouter
120 - Add code similar to fix for ldns for tab between strings, for
121 consistency, the test case was not broken.
122
123 6 December 2021: Wouter
124 - Merge PR #581 from fobser: Fix -Wmissing-prototypes and -Wshadow
125 warnings in rpz.
126 - Fix validator debug output about DS support, print correct algorithm.
127
128 3 December 2021: Wouter
129 - Fix compile warning for if_nametoindex on windows 64bit.
130
131 1 December 2021: Wouter
132 - configure is set to 1.14.0, and release branch.
133 This was released as version 1.14.0 on 9 Dec 2021, with the doxygen
134 fix below included. The main branch continues as 1.14.1.
135 - Fix doc/unbound.doxygen to remove obsolete tag warning.
136
137 1 December 2021: George
138 - Merge PR #511 from yan12125: Reduce unnecessary linking.
139 - Merge PR #493 from Jaap: Fix generation of libunbound.pc.
140 - Merge PR #555 from fobser: Allow interface names as scope-id in IPv6
141 link-local addresses.
142 - Merge PR #562 from Willem: Reset keepalive per new tcp session.
143 - Merge PR #522 from sibeream: memory management violations fixed.
144 - Merge PR #530 from Shchelk: Fix: dereferencing a null pointer.
145 - Fix #454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared.
146 - Fix #574: Review fixes for size allocation.
147
148 30 November 2021: Wouter
149 - Fix to remove git tracking and ci information from release tarballs.
150 - iana portlist update.
151
152 29 November 2021: Wouter
153 - Merge PR #570 from rex4539: Fix typos.
154 - Fix for #570: regen aclocal.m4, fix configure.ac for spelling.
155 - Fix to make python module opt_list use opt_list_in.
156 - Fix #574: unbound-checkconf reports fatal error if interface names
157 are used as value for interfaces:
158 - Fix #574: Review fixes for it.
159 - Fix #576: [FR] UB_* error codes in unbound.h
160 - Fix #574: Review fix for spelling.
161
162 15 November 2021: Tom
163 - Improve EDNS option handling, now also works for synthesised
164 responses such as local-data and server.id CH TXT responses.
165
166 5 November 2021: George
167 - Fix for #558: fix loop in comm_point->tcp_free when a comm_point is
168 reclaimed more than once during callbacks.
169 - Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event.
170
171 5 November 2021: Wouter
172 - Fix that forward-zone name is documented as the full name of the
173 zone. It is not relative but a fully qualified domain name.
174 - Fix analyzer review failure in rpz action override code to not
175 crash on unlocking the local zone lock.
176 - Fix to remove unused code from rpz resolve client and action
177 function.
178 - Merge #565: unbound.service.in: Disable ProtectKernelTunables again.
179
180 2 November 2021: Wouter
181 - Fix #552: Unbound assumes index.html exists on RPZ host.
182
183 11 October 2021: Wouter
184 - Fix chaos replies to have truncation for short message lengths,
185 or long reply strings.
186 - Fix to protect custom regional create against small values.
187
188 4 October 2021: Wouter
189 - Fix to add example.conf note for outbound-msg-retry.
190
191 27 September 2021: Wouter
192 - Implement RFC8375: Special-Use Domain 'home.arpa.'.
193
194 21 September 2021: Wouter
195 - For crosscompile on windows, detect 64bit stackprotector library.
196 - Fix crosscompile shell syntax.
197 - Fix crosscompile windows to use libssp when it exists.
198 - For the windows compile script disable gost.
199 - Fix that on windows, use BIO_set_callback_ex instead of deprecated
200 BIO_set_callback.
201 - Fix crosscompile script for the shared build flags.
202
203 20 September 2021: Wouter
204 - Fix crosscompile on windows to work with openssl 3.0.0 the
205 link with ws2_32 needs -l:libssp.a for __strcpy_chk.
206 Also copy results from lib64 directory if needed.
207
208 10 September 2021: Wouter
209 - Fix initialisation errors reported by gcc sanitizer.
210 - Fix lock debug code for gcc sanitizer reports.
211 - Fix more initialisation errors reported by gcc sanitizer.
212
213 8 September 2021: Wouter
214 - Merged #41 from Moritz Schneider: made outbound-msg-retry
215 configurable.
216 - Small fixes for #41: changelog, conflicts resolved,
217 processQueryResponse takes an iterator env argument like other
218 functions in the iterator, no colon in string for set_option,
219 and some whitespace style, to make it similar to the rest.
220 - Fix for #41: change outbound retry to int to fix signed comparison
221 warnings.
222 - Fix root_anchor test to check with new icannbundle date.
223
224 3 September 2021: Wouter
225 - Fix #538: Fix subnetcache statistics.
226
227 1 September 2021: Wouter
228 - Fix tcp fastopen failure when disabled, try normal connect instead.
229
230 27 August 2021: Wouter
231 - Fix #533: Negative responses get cached even when setting
232 cache-max-negative-ttl: 1
233
234 25 August 2021: Wouter
235 - Merge #401: RPZ triggers. This add additional RPZ triggers,
236 unbound supports a full set of rpz triggers, and this now
237 includes nsdname, nsip and clientip triggers. Also actions
238 are fully supported, and this now includes the tcp-only action.
239 - Fix #536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.)
240 to insert into RPZ.
241 - Fix the stream wait stream_wait_count_lock and http2 buffer locks
242 setup and desetup from race condition.
243 - Fix RPZ locks. Do not unlock zones lock if requested and rpz find
244 zone does not find the zone. Readlock the clientip that is found
245 for ipbased triggers. Unlock the nsdname zone lock when done.
246 Unlock zone and ip in rpz nsip and nsdname callback. Unlock
247 authzone and localzone if clientip found in rpz worker call.
248 - Fix compile warning in libunbound for listen desetup routine.
249 - Fix asynclook unit test for setup of lockchecks before log.
250
251 20 August 2021: Wouter
252 - Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is
253 undefined.
254 - Fix #531: Fix: passed to proc after free.
255
256 17 August 2021: Wouter
257 - Fix that --with-ssl can use "/usr/include/openssl11" to pass the
258 location of a different openssl version.
259 - Fix #527: not sending quad9 cert to syslog (and may be more).
260 - Fix sed script in ssldir split handling.
261
262 16 August 2021: George
263 - Merge PR #528 from fobser: Make sldns_str2wire_svcparam_buf()
264 static.
265
266 16 August 2021: Wouter
267 - Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
268
269 13 August 2021: Wouter
270 - Support using system-wide crypto policies.
271 - Fix for #431: Squelch permission denied errors for udp connect,
272 and udp send, they are visible at higher verbosity settings.
273 - Fix zonemd verification of key that is not in DNS but in the zone
274 and needs a chain of trust.
275 - zonemd, fix order of bogus printout string manipulation.
276
277 12 August 2021: George
278 - Merge PR #514, from ziollek: Docker environment for run tests.
279 - For #514: generate configure.
280
281 12 August 2021: Wouter
282 - And 1.13.2rc1 became the 1.13.2 with the fix for the python module
283 build. The current code repository continues with version 1.13.3.
284 - Add test tool readzone to .gitignore.
285 - Merge #521: Update mini_event.c.
286 - Merge #523: fix: free() call more than once with the same pointer.
287 - Merge #519: Support for selective enabling tcp-upstream for
288 stub/forward zones.
289 - For #519: note stub-tcp-upstream and forward-tcp-upstream in
290 the example configuration file.
291 - For #519: yacc and lex. And fix python bindings, and test program
292 unbound-dnstap-socket.
293 - For #519: fix comments for doxygen.
294 - Fix to print error from unbound-anchor for writing to the key
295 file, also when not verbose.
296
297 5 August 2021: Wouter
298 - Tag for 1.13.2rc1 release.
299 - Fix #520: Unbound 1.13.2rc1 fails to build python module.
300
301 4 August 2021: George
302 - Merge PR #415 from sibeream: Use
303 /proc/sys/net/ipv4/ip_local_port_range to determine available outgoing
304 ports. (New --enable-linux-ip-local-port-range configuration option)
305 - Bump MAX_RESTART_COUNT to 11 from 8; in relation to #438. This
306 allows longer CNAME chains in Unbound.
307
308 4 August 2021: Wouter
309 - In unit test use openssl set security level to allow keys in test.
310 - Fix static analysis warnings about localzone locks that are unused.
311 - Fix missing locks in zonemd unit test.
312 - Fix readzone compile under debug config.
313 - Fix out of sourcedir run of zonemd unit tests.
314 - Fix libnettle zonemd unit test.
315 - Fix unit test zonemd_reload for use in run_vm.
316
317 3 August 2021: George
318 - Listen to read or write events after the SSL handshake.
319 Sticky events on windows would stick on read when write was needed.
320
321 3 August 2021: Wouter
322 - Merge PR #517 from dyunwei: #420 breaks the mesh reply list
323 function that need to reuse the dns answer.
324 - Annotate assertion into error printout; we think it may be an
325 error, but the situation looks harmless.
326 - Fix sign comparison warning on FreeBSD.
327
328 2 August 2021: Wouter
329 - Prepare for OpenSSL 3.0.0 provider API usage, move the sldns
330 keyraw functions to produce EVP_PKEY results.
331 - Move RSA and DSA to use OpenSSL 3.0.0 API.
332 - Move ECDSA functions to use OpenSSL 3.0.0 API.
333 - iana portlist update.
334 - Fix verbose printout failure in tcp reuse unit test.
335
336 30 July 2021: Wouter
337 - Fix #515: Compilation against openssl 3.0.0 beta2 is failing to
338 build unbound.
339 - For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and
340 SSL_get_peer_certificate.
341 - Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
342
343 26 July 2021: George
344 - Merge #513: Stream reuse, attempt to fix #411, #439, #469. This
345 introduces a couple of fixes for the stream reuse functionality
346 that could result in broken internal structures.
347
348 26 July 2021: Wouter
349 - Merge #512: unbound.service.in: upgrade hardening to latest
350 standards.
351 - Fix readzone unknown type print for memory resize.
352
353 21 July 2021: Wouter
354 - Fix that ldns_zone_new_frm_fp_l counts the line number for an empty
355 line after a comment.
356
357 16 July 2021: George
358 - Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
359
360 16 July 2021: Wouter
361 - Merge #510 from ndptech: Don't call a function which hasn't been
362 defined.
363 - Fix for #510: in depth, use ifdefs for windows api event calls.
364 - Fix spelling in doc/unbound.doxygen comment.
365 - Fix spelling in localzone.h comment.
366 - Fix unbound-control local_data and local_datas to print detailed
367 syntax errors.
368 - review fix to remove duplicate error printout.
369 - Insert header into testcode/readzone.c, it was missing.
370 - Fix from lint for ignored return value.
371 - Fix for older parsers for function call in serve expired get cached.
372
373 6 July 2021: Wouter
374 - iana portlist update.
375
376 5 July 2021: George
377 - Fix compiler warnings for #491.
378 - Fix clang-analysis warnings for testcode/readzone.c.
379
380 4 July 2021: George
381 - Fix Wunused-result compile warnings.
382
383 2 July 2021: Tom
384 - Merge PR #491: Add SVCB and HTTPS types and handling according to
385 draft-ietf-dnsop-svcb-https.
386
387 2 July 2021: Wouter
388 - Fix #506: Python Module Seems to Leak Memory if it Experiences an
389 Unhandled Exception.
390
391 25 June 2021: Wouter
392 - Fix up permissions on rpl data file in tests.
393 - Fix testbound newline treatment in moment_read and tempfile write.
394 - Fix configure grep for reuseport default for failure.
395 - Fix compat ctime_r return value
396 - Fix configure does not require pkg-config if not needed.
397 - Fix unit test in the ctime_r calls for autotrust and in testbound.
398 - Fix auth zone download on windows to unlink before rename.
399
400 24 June 2021: Wouter
401 - Add analyzer and port compile github workflow.
402
403 23 June 2021: Wouter
404 - Fix #503: DNS over HTTPS response truncated.
405 - Fix warnings reported by the gcc analyzer.
406
407 21 June 2021: George
408 - Fix #495: Documentation or implementation of "verbosity" option.
409
410 18 June 2021: Wouter
411 - Fix a number of warnings reported by the gcc analyzer.
412
413 15 June 2021: George
414 - Merge #440 by kimheino: Various fixes to contrib/unbound_munin_ file.
415
416 14 June 2021: Wouter
417 - Fix configure nonblocking test and onmingw test to use host.
418
419 10 June 2021: Wouter
420 - Fix #500: SPEC file in version 1.13.1 references version 1.4;
421 unable to build RPM from source.
422 - Fix contrib/unbound.spec, fixed url and comment.
423
424 9 June 2021: George
425 - Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
426 - Generated lexer and parser for #486; updated example.conf.
427 - Fix #413 (based on patch by k-ronny): unbound: does not compile
428 on macOS 11.1-x86_64 host.
429 - Use host_os instead of target_os in configure for Darwin8 build.
430
431 8 June 2021: George
432 - Fix unused variable warning when compiling with --enable-dnstap.
433
434 7 June 2021: George
435 - Merge #448 from shoeper: Update unbound-control.8.in, fix
436 rpz_disable typo.
437 - Fix #425: Document auth-zone supports communication with DNS
438 primary on nondefault port.
439
440 1 June 2021: George
441 - Fix test for zonemd-check option.
442
443 27 May 2021: Wouter
444 - Merge #496 from banburybill: Use build system endianness if
445 available, otherwise try to work it out.
446 - zonemd-check: yesno option, default no, enables the processing
447 of ZONEMD records for that zone.
448
449 25 May 2021: Wouter
450 - Move the NSEC3 max iterations count in line with the 150 value
451 used by BIND, Knot and PowerDNS. This sets the default value
452 for it in the configuration to 150 for all key sizes.
453 - Fix #492: module-config respip missing in unbound.conf.5.in man
454 page. Merges #494 from he32.
455 - For #492: Fix font highlighting for the man page on emacs.
456
457 21 May 2021: Wouter
458 - Test code has -q option for quiet output.
459
460 19 May 2021: George
461 - Fix for #411, #439, #469: Reset the DNS message ID when moving queries
462 between TCP streams.
463 - Refactor for uniform way to produce random DNS message IDs.
464
465 17 May 2021: Wouter
466 - Fix #489: Compile using MSYS2 MinGW 64-bit.
467
468 12 May 2021: Wouter
469 - Fix that auth-zone zonefiles use last TTL if no TTL is specified.
470
471 10 May 2021: Wouter
472 - Merge PR #487: ifdef RLIMIT_AS in recently added check.
473
474 7 May 2021: Wouter
475 - Fix #485: Unbound occasionally reports broken stats.
476 - Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
477 - Remove case fallthrough from deprecate-rsa-1024 code.
478
479 4 May 2021: George
480 - Fix for #367: only attempt to get the interface for queries that are no
481 longer on the tcp_waiting_list.
482 - Add more logging for out-of-memory cases.
483
484 4 May 2021: Wouter
485 - Merge #478: Allow configuration of TCP timeout while waiting for
486 response.
487 - Fix to squelch tcp socket bind failures when the interface is gone.
488 - Rerun flex and bison.
489
490 3 May 2021: Wouter
491 - Fix #481: Fix comment in configuration file.
492
493 29 April 2021: Wouter
494 - Add that log-servfail prints an IP address and more information
495 about one of the last failures for that query.
496
497 28 April 2021: George
498 - Fix compiler warning for signed/unsigned comparison for
499 max_reuse_tcp_queries.
500
501 28 April 2021: Wouter
502 - Fix #474: always_null and others inside view.
503
504 26 April 2021: Wouter
505 - Merge #470 from edevil: Allow configuration of persistent TCP
506 connections.
507
508 22 April 2021: Wouter
509 - Merge #466 from FGasper: Support OpenSSLs that lack
510 SSL_get0_alpn_selected.
511 - Fix #468: OpenSSL 1.0.1 can no longer build Unbound.
512 - Further fix for #468: detect SSL_CTX_set_alpn_protos for build with
513 OpenSSL 1.0.1.
514 - Fix that testcode dohclient has OpenSSL initialisation calls.
515
516 13 April 2021: George
517 - Fix documentation comment for files previously residing in checkconf/.
518 - Remove unused functions worker_handle_reply and libworker_handle_reply.
519
520 13 April 2021: Wouter
521 - Fix that nxdomain synthesis does not happen above the stub or
522 forward definition.
523
524 12 April 2021: George
525 - Fix (increase) verbosity level for iterator error log in
526 processQueryTargets().
527
528 12 April 2021: Wouter
529 - Fix permission denied sendto log, squelch the log messages
530 unless high verbosity is set.
531
532 9 April 2021: Wouter
533 - rebuild configure to set EXTRALINK to libunbound.la for #460.
534
535 7 April 2021: Wouter
536 - Fix for #411: Depth protect for crash on deleted element timeout.
537
538 1 April 2021: Wouter
539 - Merge #460 from orbea: build: Link with the libtool archive.
540 - Fix to stop IPv6 PMTU discovery.
541
542 31 March 2021: George
543 - Clean makedist.sh.
544
545 31 March 2021: Wouter
546 - Fix stack-protector change to not override other CFLAGS options.
547
548 30 March 2021: George
549 - Disable the use of stack-protector for cross compiled 32-bit windows
550 builds; relates to #444.
551
552 25 March 2021: Wouter
553 - Fix #429: Also fix end of transfer for http download of auth zones.
554
555 24 March 2021: Wouter
556 - Fix deprecation test to work for iOS TVOS and WatchOS, it uses
557 CFLAGS and CPPFLAGS and also checks if the item is unavailable.
558 - Travis, fix script to fail when tasks fail.
559 - Travis, fix warning in ubsan compile.
560 - Fix configure Targetconfiditionals.h header check, to use compile.
561 - Fix that cachedb does not produce empty object files when disabled.
562
563 23 March 2021: Wouter
564 - Travis enable all tests again. Clang analyzer only a couple times,
565 when there is a difference. homebrew updates disabled, so it does
566 not hang. removed trailing slashes from configure paths. Moved iOS
567 tests to allow-failure.
568 - travis, analyzer disabled on test without debug, that does not
569 run anway. Turn off failing tests except one. Update iOS test
570 to xcode image 12.2.
571
572 22 March 2021: George
573 - Fix unused-function warning when compiling with --enable-dnscrypt.
574 - Fix for #367: fix memory leak when cannot bind to listening port.
575 - Reformat pythonmod/pythonmod_utils.{c,h}.
576
577 22 March 2021: Wouter
578 - Merge #449 from orbea: build: Add missing linker flags.
579 - iana portlist update.
580 - Comment out nonworking OSX and IOS travis tests, vm fails to start.
581 - Fix compile error in listen_dnsport on Android.
582 - Fix memory leak reported by asan in rpz SOA record query name.
583
584 19 March 2021: Wouter
585 - Fix for #447: squelch connection refused tcp connection failures
586 from the log, unless verbosity is high.
587
588 17 March 2021: Wouter
589 - Fix #441: Minimal NSEC range not accepted for top level domains.
590
591 11 March 2021: Wouter
592 - Fix parse of LOC RR type for decimetres.
593
594 5 March 2021: Wouter
595 - Workaround for #439: prevent loops in the reuse rbtree.
596 - Debug output for #411 and #439: printout internal error and details.
597
598 4 March 2021: Wouter
599 - iana portlist update.
600 - Fix spurious errors about "Could not generate request: out of
601 memory". The mesh detect cycle routine no longer wrongly stops
602 the check when the calling mesh state is unique.
603
604 26 February 2021: George
605 - Fix for #367: rc_ports don't have ub_sock; skip cleaning up.
606
607 26 February 2021: Wouter
608 - Fix: Resolve interface names on control-interface too.
609
610 25 February 2021: Wouter
611 - Merge PR #367 : DNSTAP log local address. With code from PR #365
612 and fixes #368 : dnstap does not log the DNS message ID for
613 FORWARDER_QUERY.
614 - Fix to allow rpz with wildcard that applies to all TLDs at once.
615
616 24 February 2021: George
617 - Fix #384: (1) A minor request to improve the log (2) A minor bug in one
618 log message.
619 - ipsecmod: Better logging for detecting a cycle when attaching the
620 A/AAAA subquery.
621
622 24 February 2021: Wouter
623 - On startup of unbound it checks if rlimits on memory size look
624 sufficient for the configured cache size, and logs warning if not.
625 - Fix function documentation.
626 - Fix unit test for added ulimit checks.
627 - spelling fix in header.
628
629 23 February 2021: Wouter
630 - Fix for zonemd, that domain-insecure zones work without dnssec.
631 - Fix for zonemd, do not reject insecure result from trust anchor
632 validation step in dnssec chain of trust.
633
634 22 February 2021: Wouter
635 - Fix #431: Squelch permission denied errors for tcp connect
636 and udp connect from the logs, unless at high verbosity.
637 - Fix for zonemd, that nxdomain for the chain of trust is allowed
638 for island zones, it is treated as an insecure zone for verification.
639
640 18 February 2021: Wouter
641 - Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support.
642 ZONEMD records are checked for zones loaded as auth-zone,
643 with DNSSEC if available. There is an added option
644 zonemd-permissive-mode that makes it log but not fail wrong zones.
645 With zonemd-reject-absence for an auth-zone the presence of a
646 zonemd can be mandated for specific zones.
647 - Fix doxygen and pydoc warnings.
648 - Fix #429: rpz: url: with https: broken (regression in 1.13.1).
649 - rpz skip nsec3param records, and nicer log for unsupported actions.
650
651 15 February 2021: Wouter
652 - Fix #422: IPv6 fallback issues when IPv6 is not properly
653 enabled/configured.
654 - Fix to make tests work with support indicators set for iterator.
655 - Fix build on Python 3.10.
656
657 10 February 2021: Wouter
658 - Merge PR #420 from dyunwei: DOH not responsing with
659 "http2_query_read_done failure" logged.
660
661 9 February 2021: Wouter
662 - Fix for Python 3.9, no longer use deprecated functions of
663 PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now
664 none), PyParser_SimpleParseFile (now Py_CompileString).
665
666 4 February 2021: Wouter
667 - release 1.13.1rc2 tag on branch-1.13.1 with added changes of 2 feb.
668 This became 1.13.1 release tag on 9 feb. The main branch is set
669 to version 1.13.2.
670
0671 2 February 2021: Wouter
1672 - branch-1.13.1 is created, with release-1.13.1rc1 tag.
2673 - Fix dynlibmod link on rhel8 for -ldl inclusion.
+1
-1
doc/README less more
0 README for Unbound 1.13.1
0 README for Unbound 1.15.0
11 Copyright 2007 NLnet Labs
22 http://unbound.net
33
+8
-0
doc/README.tests less more
1414 * xxd and nc (optional) - for (malformed) packet transmission.
1515 The optional programs are detected and can be omitted.
1616
17 You can also use prepared Dockerfile to run tests inside docker based on latest gcc image:
18 * build container: docker build -t unbound-tester -f contrib/Dockerfile.tests .
19 * run container: docker run -it --mount type=bind,source="$(pwd)",target=/usr/src/unbound --rm unbound-tester
20 * configure environment: ./configure
21 * run test: make test
22 * run long tests: make longtest
23 It is worth to mention that you need to enable [ipv6 in your docker daemon configuration](https://docs.docker.com/config/daemon/ipv6/) because some tests need ipv6 network stack.
24
1725 testdata/ contains the data for tests.
1826 testcode/ contains scripts and c code for the tests.
1927
+76
-28
doc/example.conf.in less more
00 #
11 # Example configuration file.
22 #
3 # See unbound.conf(5) man page, version 1.13.1.
3 # See unbound.conf(5) man page, version 1.15.0.
44 #
55 # this is a comment.
66
8181 # num-queries-per-thread, or, use as many as the OS will allow you.
8282 # outgoing-range: 4096
8383
84 # permit unbound to use this port number or port range for
84 # permit Unbound to use this port number or port range for
8585 # making outgoing queries, using an outgoing interface.
8686 # outgoing-port-permit: 32768
8787
88 # deny unbound the use this of port number or port range for
88 # deny Unbound the use this of port number or port range for
8989 # making outgoing queries, using an outgoing interface.
90 # Use this to make sure unbound does not grab a UDP port that some
90 # Use this to make sure Unbound does not grab a UDP port that some
9191 # other server on this computer needs. The default is to avoid
9292 # IANA-assigned port numbers.
9393 # If multiple outgoing-port-permit and outgoing-port-avoid options
163163 # perform connect for UDP sockets to mitigate ICMP side channel.
164164 # udp-connect: yes
165165
166 # The number of retries when a non-positive response is received.
167 # outbound-msg-retry: 5
168
166169 # msec for waiting for an unknown server to reply. Increase if you
167170 # are behind a slow satellite link, to eg. 1128.
168171 # unknown-server-time-limit: 376
250253 # use-systemd: no
251254
252255 # Detach from the terminal, run in background, "yes" or "no".
253 # Set the value to "no" when unbound runs as systemd service.
256 # Set the value to "no" when Unbound runs as systemd service.
254257 # do-daemonize: yes
255258
256259 # control which clients are allowed to make (recursive) queries
303306 # The pid file can be absolute and outside of the chroot, it is
304307 # written just prior to performing the chroot and dropping permissions.
305308 #
306 # Additionally, unbound may need to access /dev/urandom (for entropy).
309 # Additionally, Unbound may need to access /dev/urandom (for entropy).
307310 # How to do this is specific to your OS.
308311 #
309312 # If you give "" no chroot is performed. The path must not end in a /.
370373 # enable to not answer trustanchor.unbound queries.
371374 # hide-trustanchor: no
372375
376 # enable to not set the User-Agent HTTP header.
377 # hide-http-user-agent: no
378
373379 # the identity to report. Leave "" or default to return hostname.
374380 # identity: ""
375381
378384
379385 # NSID identity (hex string, or "ascii_somestring"). default disabled.
380386 # nsid: "aabbccdd"
387
388 # User-Agent HTTP header to use. Leave "" or default to use package name
389 # and version.
390 # http-user-agent: ""
381391
382392 # the target fetch policy.
383393 # series of integers describing the policy per dependency depth.
431441
432442 # Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
433443 # and other denials, using information from previous NXDOMAINs answers.
434 # aggressive-nsec: no
444 # aggressive-nsec: yes
435445
436446 # Use 0x20-encoded random bits in the query to foil spoof attempts.
437447 # This feature is an experimental implementation of draft dns-0x20.
506516 # Use several entries, one per domain name, to track multiple zones.
507517 #
508518 # If you want to perform DNSSEC validation, run unbound-anchor before
509 # you start unbound (i.e. in the system boot scripts). And enable:
519 # you start Unbound (i.e. in the system boot scripts).
520 # And then enable the auto-trust-anchor-file config item.
510521 # Please note usage of unbound-anchor root anchor is at your own risk
511522 # and under the terms of our LICENSE (see that file in the source).
512523 # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
555566 # val-sig-skew-min: 3600
556567 # val-sig-skew-max: 86400
557568
569 # The maximum number the validator should restart validation with
570 # another authority in case of failed validation.
571 # val-max-restart: 5
572
558573 # Should additional section of secure message also be kept clean of
559574 # unsecure data. Useful to shield the users of this validator from
560575 # potential bogus data in the additional section. All unsigned data
569584 # val-permissive-mode: no
570585
571586 # Ignore the CD flag in incoming queries and refuse them bogus data.
572 # Enable it if the only clients of unbound are legacy servers (w2008)
587 # Enable it if the only clients of Unbound are legacy servers (w2008)
573588 # that set CD but cannot validate themselves.
574589 # ignore-cd-flag: no
575590
599614
600615 # Return the original TTL as received from the upstream name server rather
601616 # than the decrementing TTL as stored in the cache. Enabling this feature
602 # does not impact cache expiry, it only changes the TTL unbound embeds in
617 # does not impact cache expiry, it only changes the TTL Unbound embeds in
603618 # responses to queries. Note that enabling this feature implicitly disables
604619 # enforcement of the configured minimum and maximum TTL.
605620 # serve-original-ttl: no
612627 # keysize. Keep this table very short, as linear search is done.
613628 # A message with an NSEC3 with larger count is marked insecure.
614629 # List in ascending order the keysize and count values.
615 # val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500"
630 # val-nsec3-keysize-iterations: "1024 150 2048 150 4096 150"
631
632 # if enabled, ZONEMD verification failures do not block the zone.
633 # zonemd-permissive-mode: no
616634
617635 # instruct the auto-trust-anchor-file probing to add anchors after ttl.
618636 # add-holddown: 2592000 # 30 days
650668 # local-zone: "localhost." nodefault
651669 # local-zone: "127.in-addr.arpa." nodefault
652670 # local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
671 # local-zone: "home.arpa." nodefault
653672 # local-zone: "onion." nodefault
654673 # local-zone: "test." nodefault
655674 # local-zone: "invalid." nodefault
689708 # Add example.com into ipset
690709 # local-zone: "example.com" ipset
691710
692 # If unbound is running service for the local host then it is useful
711 # If Unbound is running service for the local host then it is useful
693712 # to perform lan-wide lookups to the upstream, and unblock the
694 # long list of local-zones above. If this unbound is a dns server
713 # long list of local-zones above. If this Unbound is a dns server
695714 # for a network of computers, disabled is better and stops information
696715 # leakage of local lan information.
697716 # unblock-lan-zones: no
840859 # 0 blocks when ratelimited, otherwise let 1/xth traffic through
841860 # ratelimit-factor: 10
842861
862 # Aggressive rate limit when the limit is reached and until demand has
863 # decreased in a 2 second rate window.
864 # ratelimit-backoff: no
865
843866 # override the ratelimit for a specific domain name.
844867 # give this setting multiple times to have multiple overrides.
845868 # ratelimit-for-domain: example.com 1000
860883 # 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
861884 # ip-ratelimit-factor: 10
862885
886 # Aggressive rate limit when the limit is reached and until demand has
887 # decreased in a 2 second rate window.
888 # ip-ratelimit-backoff: no
889
863890 # Limit the number of connections simultaneous from a netblock
864891 # tcp-connection-limit: 192.0.2.0/24 12
865892
869896 # the number of servers that will be used in the fast server selection.
870897 # fast-server-num: 3
871898
872 # Specific options for ipsecmod. unbound needs to be configured with
899 # Specific options for ipsecmod. Unbound needs to be configured with
873900 # --enable-ipsecmod for these to take effect.
874901 #
875902 # Enable or disable ipsecmod (it still needs to be defined in
881908 # listed in module-config (above).
882909 # ipsecmod-hook: "./my_executable"
883910 #
884 # When enabled unbound will reply with SERVFAIL if the return value of
911 # When enabled Unbound will reply with SERVFAIL if the return value of
885912 # the ipsecmod-hook is not 0.
886913 # ipsecmod-strict: no
887914 #
896923 # all domains are treated as being allowed.
897924 # ipsecmod-allow: "example.com"
898925 # ipsecmod-allow: "nlnetlabs.nl"
926
927 # Timeout for REUSE entries in milliseconds.
928 # tcp-reuse-timeout: 60000
929 # Max number of queries on a reuse connection.
930 # max-reuse-tcp-queries: 200
931 # Timeout in milliseconds for TCP queries to auth servers.
932 # tcp-auth-query-timeout: 3000
899933
900934
901935 # Python config section. To enable:
939973 # For local sockets this option is ignored, and TLS is not used.
940974 # control-use-cert: "yes"
941975
942 # unbound server key file.
976 # Unbound server key file.
943977 # server-key-file: "@UNBOUND_RUN_DIR@/unbound_server.key"
944978
945 # unbound server certificate file.
979 # Unbound server certificate file.
946980 # server-cert-file: "@UNBOUND_RUN_DIR@/unbound_server.pem"
947981
948982 # unbound-control key file.
964998 # stub-addr: 192.0.2.68
965999 # stub-prime: no
9661000 # stub-first: no
1001 # stub-tcp-upstream: no
9671002 # stub-tls-upstream: no
9681003 # stub-no-cache: no
9691004 # stub-zone:
9811016 # forward-addr: 192.0.2.68
9821017 # forward-addr: 192.0.2.73@5355 # forward to port 5355.
9831018 # forward-first: no
1019 # forward-tcp-upstream: no
9841020 # forward-tls-upstream: no
9851021 # forward-no-cache: no
9861022 # forward-zone:
10211057 # name: "example.org"
10221058 # for-downstream: yes
10231059 # for-upstream: yes
1060 # zonemd-check: no
1061 # zonemd-reject-absence: no
10241062 # zonefile: "example.org.zone"
10251063
10261064 # Views
10411079 # local-zone: "example.com" refuse
10421080
10431081 # DNSCrypt
1082 # To enable, use --enable-dnscrypt to configure before compiling.
10441083 # Caveats:
1045 # 1. the keys/certs cannot be produced by unbound. You can use dnscrypt-wrapper
1084 # 1. the keys/certs cannot be produced by Unbound. You can use dnscrypt-wrapper
10461085 # for this: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage
10471086 # 2. dnscrypt channel attaches to an interface. you MUST set interfaces to
10481087 # listen on `dnscrypt-port` with the follo0wing snippet:
10611100 # dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert
10621101
10631102 # CacheDB
1064 # Enable external backend DB as auxiliary cache. Specify the backend name
1103 # External backend DB as auxiliary cache.
1104 # To enable, use --enable-cachedb to configure before compiling.
1105 # Specify the backend name
10651106 # (default is "testframe", which has no use other than for debugging and
10661107 # testing) and backend-specific options. The 'cachedb' module must be
10671108 # included in module-config, just before the iterator module.
10711112 # secret-seed: "default"
10721113 #
10731114 # # For "redis" backend:
1115 # # (to enable, use --with-libhiredis to configure before compiling)
10741116 # # redis server's IP address or host name
10751117 # redis-server-host: 127.0.0.1
10761118 # # redis server's TCP port
10821124
10831125 # IPSet
10841126 # Add specify domain into set via ipset.
1085 # Note: To enable ipset unbound needs to run as root user.
1127 # To enable:
1128 # o use --enable-ipset to configure before compiling;
1129 # o Unbound then needs to run as root user.
10861130 # ipset:
10871131 # # set name for ip v4 addresses
10881132 # name-v4: "list-v4"
10901134 # name-v6: "list-v6"
10911135 #
10921136
1093 # Dnstap logging support, if compiled in. To enable, set the dnstap-enable
1094 # to yes and also some of dnstap-log-..-messages to yes. And select an
1095 # upstream log destination, by socket path, TCP or TLS destination.
1137 # Dnstap logging support, if compiled in by using --enable-dnstap to configure.
1138 # To enable, set the dnstap-enable to yes and also some of
1139 # dnstap-log-..-messages to yes. And select an upstream log destination, by
1140 # socket path, TCP or TLS destination.
10961141 # dnstap:
10971142 # dnstap-enable: no
10981143 # # if set to yes frame streams will be used in bidirectional mode
11051150 # dnstap-tls: yes
11061151 # # name for authenticating the upstream server. or "" disabled.
11071152 # dnstap-tls-server-name: ""
1108 # # if "", it uses the cert bundle from the main unbound config.
1153 # # if "", it uses the cert bundle from the main Unbound config.
11091154 # dnstap-tls-cert-bundle: ""
11101155 # # key file for client authentication, or "" disabled.
11111156 # dnstap-tls-client-key-file: ""
11251170 # dnstap-log-forwarder-response-messages: no
11261171
11271172 # Response Policy Zones
1128 # RPZ policies. Applied in order of configuration. QNAME and Response IP
1129 # Address trigger are the only supported triggers. Supported actions are:
1130 # NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. Policies can be loaded from
1131 # file, using zone transfer, or using HTTP. The respip module needs to be added
1173 # RPZ policies. Applied in order of configuration. QNAME, Response IP
1174 # Address, nsdname, nsip and clientip triggers are supported. Supported
1175 # actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp-only
1176 # and drop. Policies can be loaded from a file, or using zone
1177 # transfer, or using HTTP. The respip module needs to be added
11321178 # to the module-config, e.g.: module-config: "respip validator iterator".
11331179 # rpz:
11341180 # name: "rpz.example.com"
11401186 # rpz-cname-override: www.example.org
11411187 # rpz-log: yes
11421188 # rpz-log-name: "example policy"
1189 # rpz-signal-nxdomain-ra: no
1190 # for-downstream: no
11431191 # tags: "example"
+2
-2
doc/libunbound.3.in less more
0 .TH "libunbound" "3" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
0 .TH "libunbound" "3" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
11 .\"
22 .\" libunbound.3 -- unbound library functions manual
33 .\"
4343 .B ub_ctx_zone_remove,
4444 .B ub_ctx_data_add,
4545 .B ub_ctx_data_remove
46 \- Unbound DNS validating resolver 1.13.1 functions.
46 \- Unbound DNS validating resolver 1.15.0 functions.
4747 .SH "SYNOPSIS"
4848 .B #include <unbound.h>
4949 .LP
+4
-4
doc/unbound-anchor.8.in less more
0 .TH "unbound-anchor" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
0 .TH "unbound-anchor" "8" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
11 .\"
22 .\" unbound-anchor.8 -- unbound anchor maintenance utility manual
33 .\"
4040 .P
4141 It tests if the root anchor file works, and if not, and an update is possible,
4242 attempts to update the root anchor using the root update certificate.
43 It performs a https fetch of root-anchors.xml and checks the results (RFC7958),
43 It performs a https fetch of root-anchors.xml and checks the results (RFC7958),
4444 if all checks are successful, it updates the root anchor file. Otherwise
4545 the root anchor file is unchanged. It performs RFC5011 tracking if the
4646 DNSSEC information available via the DNS makes that possible.
158158 The root keys and update certificate included in this tool
159159 are provided for convenience and under the terms of our
160160 license (see the LICENSE file in the source distribution or
161 http://unbound.nlnetlabs.nl/svn/trunk/LICENSE) and might be stale or
161 https://github.com/NLnetLabs/unbound/blob/master/LICENSE) and might be stale or
162162 not suitable to your purpose.
163163 .P
164164 By running "unbound\-anchor \-l" the keys and certificate that are
184184 .I https://data.iana.org/root\-anchors/root\-anchors.p7s
185185 Signature on the root key information.
186186 .SH "SEE ALSO"
187 \fIunbound.conf\fR(5),
187 \fIunbound.conf\fR(5),
188188 \fIunbound\fR(8).
+9
-9
doc/unbound-checkconf.8.in less more
0 .TH "unbound-checkconf" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
0 .TH "unbound-checkconf" "8" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
11 .\"
22 .\" unbound-checkconf.8 -- unbound configuration checker manual
33 .\"
88 .\"
99 .SH "NAME"
1010 unbound\-checkconf
11 \- Check unbound configuration file for errors.
11 \- Check Unbound configuration file for errors.
1212 .SH "SYNOPSIS"
1313 .B unbound\-checkconf
1414 .RB [ \-h ]
2020 .B Unbound\-checkconf
2121 checks the configuration file for the
2222 \fIunbound\fR(8)
23 DNS resolver for syntax and other errors.
24 The config file syntax is described in
23 DNS resolver for syntax and other errors.
24 The config file syntax is described in
2525 \fIunbound.conf\fR(5).
2626 .P
2727 The available options are:
3333 Print full pathname, with chroot applied to it. Use with the \-o option.
3434 .TP
3535 .B \-o\fI option
36 If given, after checking the config file the value of this option is
36 If given, after checking the config file the value of this option is
3737 printed to stdout. For "" (disabled) options an empty line is printed.
3838 .TP
3939 .I cfgfile
40 The config file to read with settings for unbound. It is checked.
40 The config file to read with settings for Unbound. It is checked.
4141 If omitted, the config file at the default location is checked.
4242 .SH "EXIT CODE"
43 The unbound\-checkconf program exits with status code 1 on error,
43 The unbound\-checkconf program exits with status code 1 on error,
4444 0 for a correct config file.
4545 .SH "FILES"
4646 .TP
4747 .I @ub_conf_file@
48 unbound configuration file.
48 Unbound configuration file.
4949 .SH "SEE ALSO"
50 \fIunbound.conf\fR(5),
50 \fIunbound.conf\fR(5),
5151 \fIunbound\fR(8).
+44
-45
doc/unbound-control.8.in less more
0 .TH "unbound-control" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
0 .TH "unbound-control" "8" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
11 .\"
22 .\" unbound-control.8 -- unbound remote control manual
33 .\"
1313 .SH "SYNOPSIS"
1414 .B unbound\-control
1515 .RB [ \-hq ]
16 .RB [ \-c
16 .RB [ \-c
1717 .IR cfgfile ]
18 .RB [ \-s
18 .RB [ \-s
1919 .IR server ]
2020 .IR command
2121 .SH "DESCRIPTION"
2222 .B Unbound\-control
2323 performs remote administration on the \fIunbound\fR(8) DNS server.
24 It reads the configuration file, contacts the unbound server over SSL
24 It reads the configuration file, contacts the Unbound server over SSL
2525 sends the command and displays the result.
2626 .P
2727 The available options are:
4343 There are several commands that the server understands.
4444 .TP
4545 .B start
46 Start the server. Simply execs \fIunbound\fR(8). The unbound executable
47 is searched for in the \fBPATH\fR set in the environment. It is started
46 Start the server. Simply execs \fIunbound\fR(8). The Unbound executable
47 is searched for in the \fBPATH\fR set in the environment. It is started
4848 with the config file specified using \fI\-c\fR or the default config file.
4949 .TP
5050 .B stop
6464 attempt to close and open the syslog (which may not work if chrooted).
6565 .TP
6666 .B stats
67 Print statistics. Resets the internal counters to zero, this can be
68 controlled using the \fBstatistics\-cumulative\fR config statement.
67 Print statistics. Resets the internal counters to zero, this can be
68 controlled using the \fBstatistics\-cumulative\fR config statement.
6969 Statistics are printed with one [name]: [value] per line.
7070 .TP
7171 .B stats_noreset
7373 reset the internal counters to zero.
7474 .TP
7575 .B status
76 Display server status. Exit code 3 if not running (the connection to the
76 Display server status. Exit code 3 if not running (the connection to the
7777 port is refused), 1 on error, 0 if running.
7878 .TP
7979 .B local_zone \fIname\fR \fItype
8787 .B local_data \fIRR data...
8888 Add new local data, the given resource record. Like \fBlocal\-data\fR
8989 config statement, except for when no covering zone exists. In that case
90 this remote control command creates a transparent zone with the same
91 name as this record. This command is not good at returning detailed syntax
92 errors.
90 this remote control command creates a transparent zone with the same
91 name as this record.
9392 .TP
9493 .B local_data_remove \fIname
9594 Remove all RR data from local name. If the name already has no items,
9695 nothing happens. Often results in NXDOMAIN for the name (in a static zone),
97 but if the name has become an empty nonterminal (there is still data in
98 domain names below the removed name), NOERROR nodata answers are the
96 but if the name has become an empty nonterminal (there is still data in
97 domain names below the removed name), NOERROR nodata answers are the
9998 result for that name.
10099 .TP
101100 .B local_zones
125124 in this way is supported in order to aid with debugging.
126125 .TP
127126 .B lookup \fIname
128 Print to stdout the name servers that would be used to look up the
127 Print to stdout the name servers that would be used to look up the
129128 name specified.
130129 .TP
131130 .B flush \fIname
132131 Remove the name from the cache. Removes the types
133132 A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR.
134 Because that is fast to do. Other record types can be removed using
135 .B flush_type
136 or
133 Because that is fast to do. Other record types can be removed using
134 .B flush_type
135 or
137136 .B flush_zone\fR.
138137 .TP
139138 .B flush_type \fIname\fR \fItype
140139 Remove the name, type information from the cache.
141140 .TP
142141 .B flush_zone \fIname
143 Remove all information at or below the name from the cache.
142 Remove all information at or below the name from the cache.
144143 The rrsets and key entries are removed so that new lookups will be performed.
145144 This needs to walk and inspect the entire cache, and is a slow operation.
146145 The entries are set to expired in the implementation of this command (so,
187186 must be between the option and the value. Some values may not have an
188187 effect if set this way, the new values are not written to the config file,
189188 not all options are supported. This is different from the set_option call
190 in libunbound, where all values work because unbound has not been initialized.
189 in libunbound, where all values work because Unbound has not been initialized.
191190 .IP
192191 The values that work are: statistics\-interval, statistics\-cumulative,
193192 do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries,
227226 .TP
228227 .B insecure_add \fIzone
229228 Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf.
230 Adds to the running unbound without affecting the cache contents (which may
229 Adds to the running Unbound without affecting the cache contents (which may
231230 still be bogus, use \fBflush_zone\fR to remove it), does not affect the config file.
232231 .TP
233232 .B insecure_remove \fIzone
234233 Removes domain\-insecure for the given zone.
235234 .TP
236235 .B forward_add \fR[\fI+i\fR] \fIzone addr ...
237 Add a new forward zone to running unbound. With +i option also adds a
236 Add a new forward zone to running Unbound. With +i option also adds a
238237 \fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have
239238 a DNSSEC root trust anchor configured for other names).
240239 The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config
241240 in unbound.conf.
242241 .TP
243242 .B forward_remove \fR[\fI+i\fR] \fIzone
244 Remove a forward zone from running unbound. The +i also removes a
243 Remove a forward zone from running Unbound. The +i also removes a
245244 \fIdomain\-insecure\fR for the zone.
246245 .TP
247246 .B stub_add \fR[\fI+ip\fR] \fIzone addr ...
248 Add a new stub zone to running unbound. With +i option also adds a
247 Add a new stub zone to running Unbound. With +i option also adds a
249248 \fIdomain\-insecure\fR for the zone. With +p the stub zone is set to prime,
250249 without it it is set to notprime. The addr can be IP4, IP6 or nameserver
251250 names, like the \fIstub-zone\fR config in unbound.conf.
252251 .TP
253252 .B stub_remove \fR[\fI+i\fR] \fIzone
254 Remove a stub zone from running unbound. The +i also removes a
253 Remove a stub zone from running Unbound. The +i also removes a
255254 \fIdomain\-insecure\fR for the zone.
256255 .TP
257256 .B forward \fR[\fIoff\fR | \fIaddr ...\fR ]
258257 Setup forwarding mode. Configures if the server should ask other upstream
259 nameservers, should go to the internet root nameservers itself, or show
258 nameservers, should go to the internet root nameservers itself, or show
260259 the current config. You could pass the nameservers after a DHCP update.
261260 .IP
262261 Without arguments the current list of addresses used to forward all queries
296295 Reload the auth zone from zonefile. The zonefile is read in overwriting
297296 the current contents of the zone in memory. This changes the auth zone
298297 contents itself, not the cache contents. Such cache contents exists if
299 you set unbound to validate with for-upstream yes and that can be cleared
298 you set Unbound to validate with for-upstream yes and that can be cleared
300299 with \fBflush_zone\fR \fIzone\fR.
301300 .TP
302301 .B auth_zone_transfer \fIzone\fR
307306 .B rpz_enable \fIzone\fR
308307 Enable the RPZ zone if it had previously been disabled.
309308 .TP
310 .B rpz_enable \fIzone\fR
309 .B rpz_disable \fIzone\fR
311310 Disable the RPZ zone.
312311 .TP
313312 .B view_list_local_zones \fIview\fR
336335 .SH "EXIT CODE"
337336 The unbound\-control program exits with status code 1 on error, 0 on success.
338337 .SH "SET UP"
339 The setup requires a self\-signed certificate and private keys for both
338 The setup requires a self\-signed certificate and private keys for both
340339 the server and client. The script \fIunbound\-control\-setup\fR generates
341340 these in the default run directory, or with \-d in another directory.
342341 If you change the access control permissions on the key files you can decide
350349 a username in unbound.conf, the keys need read permission for the user
351350 credentials under which the daemon is started.
352351 The script preserves private keys present in the directory.
353 After running the script as root, turn on \fBcontrol\-enable\fR in
352 After running the script as root, turn on \fBcontrol\-enable\fR in
354353 \fIunbound.conf\fR.
355354 .SH "STATISTIC COUNTERS"
356355 The \fIstats\fR command shows a number of statistic counters.
417416 .TP
418417 .I threadX.recursion.time.median
419418 The median of the time it took to answer queries that needed recursive
420 processing. The median means that 50% of the user queries were answered in
421 less than this time. Because of big outliers (usually queries to non
419 processing. The median means that 50% of the user queries were answered in
420 less than this time. Because of big outliers (usually queries to non
422421 responsive servers), the average can be bigger than the median. This median
423422 has been calculated by interpolation from a histogram.
424423 .TP
544543 Also printed for other opcodes, UPDATE, ...
545544 .TP
546545 .I num.query.tcp
547 Number of queries that were made using TCP towards the unbound server.
546 Number of queries that were made using TCP towards the Unbound server.
548547 .TP
549548 .I num.query.tcpout
550 Number of queries that the unbound server made using TCP outgoing towards
549 Number of queries that the Unbound server made using TCP outgoing towards
551550 other servers.
552551 .TP
553552 .I num.query.tls
554 Number of queries that were made using TLS towards the unbound server.
553 Number of queries that were made using TLS towards the Unbound server.
555554 These are also counted in num.query.tcp, because TLS uses TCP.
556555 .TP
557556 .I num.query.tls.resume
558557 Number of TLS session resumptions, these are queries over TLS towards
559 the unbound server where the client negotiated a TLS session resumption key.
558 the Unbound server where the client negotiated a TLS session resumption key.
560559 .TP
561560 .I num.query.https
562 Number of queries that were made using HTTPS towards the unbound server.
561 Number of queries that were made using HTTPS towards the Unbound server.
563562 These are also counted in num.query.tcp and num.query.tls, because HTTPS
564563 uses TLS and TCP.
565564 .TP
566565 .I num.query.ipv6
567 Number of queries that were made using IPv6 towards the unbound server.
566 Number of queries that were made using IPv6 towards the Unbound server.
568567 .TP
569568 .I num.query.flags.RD
570569 The number of queries that had the RD flag set in the header.
571570 Also printed for flags QR, AA, TC, RA, Z, AD, CD.
572 Note that queries with flags QR, AA or TC may have been rejected
571 Note that queries with flags QR, AA or TC may have been rejected
573572 because of that.
574573 .TP
575574 .I num.query.edns.present
603602 Common for AAAA lookups when an A record exists, and no AAAA.
604603 .TP
605604 .I num.answer.secure
606 Number of answers that were secure. The answer validated correctly.
605 Number of answers that were secure. The answer validated correctly.
607606 The AD bit might have been set in some of these answers, where the client
608607 signalled (with DO or AD bit in the query) that they were ready to accept
609608 the AD bit in the answer.
644643 .I dnscrypt_shared_secret.cache.count
645644 The number of items in the shared secret cache. These are precomputed shared
646645 secrets for a given client public key/server secret key pair. Shared secrets
647 are CPU intensive and this cache allows unbound to avoid recomputing the
646 are CPU intensive and this cache allows Unbound to avoid recomputing the
648647 shared secret when multiple dnscrypt queries are sent from the same client.
649648 .TP
650649 .I dnscrypt_nonce.cache.count
684683 .TP
685684 .I num.rpz.action.<rpz_action>
686685 Number of queries answered using configured RPZ policy, per RPZ action type.
687 Possible actions are: nxdomain, nodata, passthru, drop, local_data, disabled,
688 and cname_override.
686 Possible actions are: nxdomain, nodata, passthru, drop, tcp\-only, local\-data,
687 disabled, and cname\-override.
689688 .SH "FILES"
690689 .TP
691690 .I @ub_conf_file@
692 unbound configuration file.
691 Unbound configuration file.
693692 .TP
694693 .I @UNBOUND_RUN_DIR@
695694 directory with private keys (unbound_server.key and unbound_control.key) and
696695 self\-signed certificates (unbound_server.pem and unbound_control.pem).
697696 .SH "SEE ALSO"
698 \fIunbound.conf\fR(5),
697 \fIunbound.conf\fR(5),
699698 \fIunbound\fR(8).
+8
-8
doc/unbound-host.1.in less more
0 .TH "unbound\-host" "1" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
0 .TH "unbound\-host" "1" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
11 .\"
22 .\" unbound-host.1 -- unbound DNS lookup utility
33 .\"
1414 .RB [ \-C
1515 .IR configfile ]
1616 .RB [ \-vdhr46D ]
17 .RB [ \-c
17 .RB [ \-c
1818 .IR class ]
1919 .RB [ \-t
2020 .IR type ]
2727 .I hostname
2828 .SH "DESCRIPTION"
2929 .B Unbound\-host
30 uses the unbound validating resolver to query for the hostname and display
31 results. With the \fB\-v\fR option it displays validation
30 uses the Unbound validating resolver to query for the hostname and display
31 results. With the \fB\-v\fR option it displays validation
3232 status: secure, insecure, bogus (security failure).
3333 .P
3434 By default it reads no configuration file whatsoever. It attempts to reach
35 the internet root servers. With \fB\-C\fR an unbound config file and with
35 the internet root servers. With \fB\-C\fR an Unbound config file and with
3636 \fB\-r\fR resolv.conf can be read.
3737 .P
3838 The available options are:
7272 .TP
7373 .B \-D
7474 Enables DNSSEC validation. Reads the root anchor from the default configured
75 root anchor at the default location, \fI@UNBOUND_ROOTKEY_FILE@\fR.
75 root anchor at the default location, \fI@UNBOUND_ROOTKEY_FILE@\fR.
7676 .TP
7777 .B \-f \fIkeyfile
7878 Reads keys from a file. Every line has a DS or DNSKEY record, in the format
109109 .P
110110 $ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153
111111 .SH "EXIT CODE"
112 The unbound\-host program exits with status code 1 on error,
112 The unbound\-host program exits with status code 1 on error,
113113 0 on no error. The data may not be available on exit code 0, exit code 1
114114 means the lookup encountered a fatal error.
115115 .SH "SEE ALSO"
116 \fIunbound.conf\fR(5),
116 \fIunbound.conf\fR(5),
117117 \fIunbound\fR(8).
+4
-4
doc/unbound.8.in less more
0 .TH "unbound" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
0 .TH "unbound" "8" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
11 .\"
22 .\" unbound.8 -- unbound manual
33 .\"
88 .\"
99 .SH "NAME"
1010 .B unbound
11 \- Unbound DNS validating resolver 1.13.1.
11 \- Unbound DNS validating resolver 1.15.0.
1212 .SH "SYNOPSIS"
1313 .B unbound
1414 .RB [ \-h ]
5656 Show the version number and commandline option help, and exit.
5757 .TP
5858 .B \-c\fI cfgfile
59 Set the config file with settings for unbound to read instead of reading the
59 Set the config file with settings for Unbound to read instead of reading the
6060 file at the default location, @ub_conf_file@. The syntax is
6161 described in \fIunbound.conf\fR(5).
6262 .TP
6969 .TP
7070 .B \-p
7171 Don't use a pidfile. This argument should only be used by supervision
72 systems which can ensure that only one instance of unbound will run
72 systems which can ensure that only one instance of Unbound will run
7373 concurrently.
7474 .TP
7575 .B \-v
+386
-129
doc/unbound.conf.5.in less more
0 .TH "unbound.conf" "5" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1"
0 .TH "unbound.conf" "5" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
11 .\"
22 .\" unbound.conf.5 -- unbound.conf manual
33 .\"
8888 clause.
8989 .TP
9090 .B verbosity: \fI<number>
91 The verbosity number, level 0 means no verbosity, only errors. Level 1
92 gives operational information. Level 2 gives detailed operational
93 information. Level 3 gives query level information, output per query.
94 Level 4 gives algorithm level information. Level 5 logs client
95 identification for cache misses. Default is level 1.
91 The verbosity number, level 0 means no verbosity, only errors. Level 1
92 gives operational information. Level 2 gives detailed operational
93 information including short information per query. Level 3 gives query level
94 information, output per query. Level 4 gives algorithm level information.
95 Level 5 logs client identification for cache misses. Default is level 1.
9696 The verbosity can also be increased from the commandline, see \fIunbound\fR(8).
9797 .TP
9898 .B statistics\-interval: \fI<seconds>
103103 This is because the median calculation requires data to be present.
104104 .TP
105105 .B statistics\-cumulative: \fI<yes or no>
106 If enabled, statistics are cumulative since starting unbound, without clearing
106 If enabled, statistics are cumulative since starting Unbound, without clearing
107107 the statistics counters after logging the statistics. Default is no.
108108 .TP
109109 .B extended\-statistics: \fI<yes or no>
135135 Listen on all addresses on all (current and future) interfaces, detect the
136136 source interface on UDP queries and copy them to replies. This is a lot like
137137 ip\-transparent, but this option services all interfaces whilst with
138 ip\-transparent you can select which (future) interfaces unbound provides
138 ip\-transparent you can select which (future) interfaces Unbound provides
139139 service on. This feature is experimental, and needs support in your OS for
140140 particular socket options. Default value is no.
141141 .TP
153153 If an IPv6 netblock is specified instead of an individual IPv6 address,
154154 outgoing UDP queries will use a randomised source address taken from the
155155 netblock to counter spoofing. Requires the IPv6 netblock to be routed to the
156 host running unbound, and requires OS support for unprivileged non-local binds
156 host running Unbound, and requires OS support for unprivileged non-local binds
157157 (currently only supported on Linux). Several netblocks may be specified with
158158 multiple
159159 .B outgoing\-interface:
173173 very large value is best, use libevent to make this possible.
174174 .TP
175175 .B outgoing\-port\-permit: \fI<port number or range>
176 Permit unbound to open this port or range of ports for use to send queries.
176 Permit Unbound to open this port or range of ports for use to send queries.
177177 A larger number of permitted outgoing ports increases resilience against
178178 spoofing attempts. Make sure these ports are not needed by other daemons.
179179 By default only ports above 1024 that have not been assigned by IANA are used.
186186 of allowed ports.
187187 .TP
188188 .B outgoing\-port\-avoid: \fI<port number or range>
189 Do not permit unbound to open this port or range of ports for use to send
190 queries. Use this to make sure unbound does not grab a port that another
189 Do not permit Unbound to open this port or range of ports for use to send
190 queries. Use this to make sure Unbound does not grab a port that another
191191 daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6.
192192 By default only ports above 1024 that have not been assigned by IANA are used.
193193 Give a port number or a range of the form "low\-high", without spaces.
288288 space on UDP port 53 incoming queries. So that short spikes on busy
289289 servers do not drop packets (see counter in netstat \-su). Default is
290290 0 (use system value). Otherwise, the number of bytes to ask for, try
291 "4m" on a busy server. The OS caps it at a maximum, on linux unbound
291 "4m" on a busy server. The OS caps it at a maximum, on linux Unbound
292292 needs root permission to bypass the limit, or the admin can use sysctl
293293 net.core.rmem_max. On BSD change kern.ipc.maxsockbuf in /etc/sysctl.conf.
294294 On OpenBSD change header and recompile kernel. On Solaris ndd \-set
301301 can get logged, the buffer overrun is also visible by netstat \-su.
302302 Default is 0 (use system value). Specify the number of bytes to ask
303303 for, try "4m" on a very busy server. The OS caps it at a maximum, on
304 linux unbound needs root permission to bypass the limit, or the admin
304 linux Unbound needs root permission to bypass the limit, or the admin
305305 can use sysctl net.core.wmem_max. On BSD, Solaris changes are similar
306306 to so\-rcvbuf.
307307 .TP
318318 evenly, reported for Linux systems (4.4.x).
319319 .TP
320320 .B ip\-transparent: \fI<yes or no>
321 If yes, then use IP_TRANSPARENT socket option on sockets where unbound
321 If yes, then use IP_TRANSPARENT socket option on sockets where Unbound
322322 is listening for incoming traffic. Default no. Allows you to bind to
323323 non\-local interfaces. For example for non\-existent IP addresses that
324324 are going to exist later on, with host failover configuration. This is
325325 a lot like interface\-automatic, but that one services all interfaces
326 and with this option you can select which (future) interfaces unbound
327 provides service on. This option needs unbound to be started with root
326 and with this option you can select which (future) interfaces Unbound
327 provides service on. This option needs Unbound to be started with root
328328 permissions on some systems. The option uses IP_BINDANY on FreeBSD systems
329329 and SO_BINDANY on OpenBSD systems.
330330 .TP
331331 .B ip\-freebind: \fI<yes or no>
332 If yes, then use IP_FREEBIND socket option on sockets where unbound
332 If yes, then use IP_FREEBIND socket option on sockets where Unbound
333333 is listening to incoming traffic. Default no. Allows you to bind to
334334 IP addresses that are nonlocal or do not exist, like when the network
335335 interface or IP address is down. Exists only on Linux, where the similar
449449 total number configured, and finally to 0 if the number of free buffers
450450 falls below 20% of the total number configured. A minimum timeout of
451451 200 milliseconds is observed regardless of the option value used.
452 .TP
453 .B tcp-reuse-timeout: \fI<msec>\fR
454 The period Unbound will keep TCP persistent connections open to
455 authority servers. This option defaults to 60000 milliseconds.
456 .TP
457 .B max-reuse-tcp-queries: \fI<number>\fR
458 The maximum number of queries that can be sent on a persistent TCP
459 connection.
460 This option defaults to 200 queries.
461 .TP
462 .B tcp-auth-query-timeout: \fI<number>\fR
463 Timeout in milliseconds for TCP queries to auth servers.
464 This option defaults to 3000 milliseconds.
452465 .TP
453466 .B edns-tcp-keepalive: \fI<yes or no>\fR
454467 Enable or disable EDNS TCP Keepalive. Default is no.
471484 .TP
472485 .B tcp\-upstream: \fI<yes or no>
473486 Enable or disable whether the upstream queries use TCP only for transport.
474 Default is no. Useful in tunneling scenarios.
487 Default is no. Useful in tunneling scenarios. If set to no you can specify
488 TCP transport only for selected forward or stub zones using forward-tcp-upstream
489 or stub-tcp-upstream respectively.
475490 .TP
476491 .B udp\-upstream\-without\-downstream: \fI<yes or no>
477492 Enable udp upstream even if do-udp is no. Default is no, and this does not
544559 .TP
545560 .B tls-session-ticket-keys: \fI<file>
546561 If not "", lists files with 80 bytes of random contents that are used to
547 perform TLS session resumption for clients using the unbound server.
562 perform TLS session resumption for clients using the Unbound server.
548563 These files contain the secret key for the TLS session tickets.
549564 First key use to encrypt and decrypt TLS session tickets.
550565 Other keys use to decrypt only. With this you can roll over to new keys,
582597 .B pad\-queries\-block\-size: \fI<number>
583598 The block size with which to pad queries sent over TLS upstreams.
584599 Default is 128.
600 .TP
585601 .B tls\-use\-sni: \fI<yes or no>
586602 Enable or disable sending the SNI extension on TLS connections.
587603 Default is yes.
625641 Default is no.
626642 .TP
627643 .B do\-daemonize: \fI<yes or no>
628 Enable or disable whether the unbound server forks into the background as
629 a daemon. Set the value to \fIno\fR when unbound runs as systemd service.
644 Enable or disable whether the Unbound server forks into the background as
645 a daemon. Set the value to \fIno\fR when Unbound runs as systemd service.
630646 Default is yes.
631647 .TP
632648 .B tcp\-connection\-limit: \fI<IP netblock> <limit>
653669 .IP
654670 The \fIallow\fR action does allow nonrecursive queries to access the
655671 local\-data that is configured. The reason is that this does not involve
656 the unbound server recursive lookup algorithm, and static data is served
672 the Unbound server recursive lookup algorithm, and static data is served
657673 in the reply. This supports normal operations where nonrecursive queries
658674 are made for the authoritative data. For nonrecursive queries any replies
659675 from the dynamic cache are refused.
725741 Unbound is not able to remove the pidfile after termination when it is located
726742 outside of the chroot directory.
727743 .IP
728 Additionally, unbound may need to access /dev/urandom (for entropy)
744 Additionally, Unbound may need to access /dev/urandom (for entropy)
729745 from inside the chroot.
730746 .IP
731747 If given a chroot is done to the given directory. By default chroot is
759775 SIGHUP.
760776 .TP
761777 .B use\-syslog: \fI<yes or no>
762 Sets unbound to send log messages to the syslogd, using
778 Sets Unbound to send log messages to the syslogd, using
763779 \fIsyslog\fR(3).
764780 The log facility LOG_DAEMON is used, with identity "unbound".
765781 The logfile setting is overridden when use\-syslog is turned on.
769785 If "" is given (default), then the name of the executable, usually "unbound"
770786 is used to report to the log. Enter a string to override it
771787 with that, which is useful on systems that run more than one instance of
772 unbound, with different configurations, so that the logs can be easily
788 Unbound, with different configurations, so that the logs can be easily
773789 distinguished against.
774790 .TP
775791 .B log\-time\-ascii: \fI<yes or no>
837853 Set the version to report. If set to "", the default, then the package
838854 version is returned.
839855 .TP
856 .B hide\-http\-user\-agent: \fI<yes or no>
857 If enabled the HTTP header User-Agent is not set. Use with caution as some
858 webserver configurations may reject HTTP requests lacking this header.
859 If needed, it is better to explicitly set the
860 .B http\-user\-agent
861 below.
862 .TP
863 .B http\-user\-agent: \fI<string>
864 Set the HTTP User-Agent header for outgoing HTTP requests. If set to "",
865 the default, then the package name and version are used.
866 .TP
840867 .B nsid:\fR <string>
841868 Add the specified nsid to the EDNS section of the answer when queried
842869 with an NSID EDNS enabled packet. As a sequence of hex characters or
846873 If enabled trustanchor.unbound queries are refused.
847874 .TP
848875 .B target\-fetch\-policy: \fI<"list of numbers">
849 Set the target fetch policy used by unbound to determine if it should fetch
876 Set the target fetch policy used by Unbound to determine if it should fetch
850877 nameserver target addresses opportunistically. The policy is described per
851878 dependency depth.
852879 .IP
853880 The number of values determines the maximum dependency depth
854 that unbound will pursue in answering a query.
881 that Unbound will pursue in answering a query.
855882 A value of \-1 means to fetch all targets opportunistically for that dependency
856883 depth. A value of 0 means to fetch on demand only. A positive value fetches
857884 that many targets opportunistically.
945972 .B aggressive\-nsec: \fI<yes or no>
946973 Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
947974 and other denials, using information from previous NXDOMAINs answers.
948 Default is no. It helps to reduce the query rate towards targets that get
975 Default is yes. It helps to reduce the query rate towards targets that get
949976 a very high nonexistent name lookup rate.
950977 .TP
951978 .B private\-address: \fI<IP address or subnet>
10021029 .TP
10031030 .B deny\-any: \fI<yes or no>
10041031 If yes, deny queries of type ANY with an empty response. Default is no.
1005 If disabled, unbound responds with a short list of resource records if some
1032 If disabled, Unbound responds with a short list of resource records if some
10061033 can be found in the cache and makes the upstream type ANY query if there
10071034 are none.
10081035 .TP
10111038 from the query ID, for speed and thread safety). Default is yes.
10121039 .TP
10131040 .B minimal-responses: \fI<yes or no>
1014 If yes, Unbound doesn't insert authority/additional sections into response
1041 If yes, Unbound does not insert authority/additional sections into response
10151042 messages when those sections are not required. This reduces response
10161043 size significantly, and may avoid TCP fallback for some responses.
10171044 This may cause a slight speedup. The default is yes, even though the DNS
10291056 .TP
10301057 .B module\-config: \fI<"module names">
10311058 Module configuration, a list of module names separated by spaces, surround
1032 the string with quotes (""). The modules can be validator, iterator.
1033 Setting this to "iterator" will result in a non\-validating server.
1034 Setting this to "validator iterator" will turn on DNSSEC validation.
1035 The ordering of the modules is important.
1036 You must also set trust\-anchors for validation to be useful.
1037 The default is "validator iterator". When the server is built with
1038 EDNS client subnet support the default is "subnetcache validator iterator".
1059 the string with quotes (""). The modules can be \fIrespip\fR,
1060 \fIvalidator\fR, or \fIiterator\fR (and possibly more, see below).
1061 Setting this to just "\fIiterator\fR" will result in a non\-validating
1062 server.
1063 Setting this to "\fIvalidator iterator\fR" will turn on DNSSEC validation.
1064 The ordering of the modules is significant, the order decides the
1065 order of processing.
1066 You must also set \fItrust\-anchors\fR for validation to be useful.
1067 Adding \fIrespip\fR to the front will cause RPZ processing to be done on
1068 all queries.
1069 The default is "\fIvalidator iterator\fR".
1070 .IP
1071 When the server is built with
1072 EDNS client subnet support the default is "\fIsubnetcache validator
1073 iterator\fR".
10391074 Most modules that need to be listed here have to be listed at the beginning
1040 of the line. The cachedb module has to be listed just before the iterator.
1075 of the line. The subnetcachedb module has to be listed just before
1076 the iterator.
10411077 The python module can be listed in different places, it then processes the
10421078 output of the module it is just before. The dynlib module can be listed pretty
10431079 much anywhere, it is only a very thin wrapper that allows dynamic libraries to
10531089 The probes are run several times per month, thus the machine must be online
10541090 frequently. The initial file can be one with contents as described in
10551091 \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated,
1056 so the unbound user must have write permission. Write permission to the file,
1092 so the Unbound user must have write permission. Write permission to the file,
10571093 but also to the directory it is in (to create a temporary file, which is
10581094 necessary to deal with filesystem full events), it must also be inside the
10591095 chroot (if that is used).
11161152 min and max very high makes the validator check the signature timestamps
11171153 less strictly.
11181154 .TP
1155 .B val\-max\-restart: \fI<number>
1156 The maximum number the validator should restart validation with
1157 another authority in case of failed validation. Default is 5.
1158 .TP
11191159 .B val\-bogus\-ttl: \fI<number>
11201160 The time to live for bogus data. This is data that has failed validation;
11211161 due to invalid signatures or other checks. The TTL from that data cannot be
11351175 that fails a line is printed to the logs. This way you can monitor what
11361176 happens with validation. Use a diagnosis tool, such as dig or drill,
11371177 to find out why validation is failing for these queries. At 2, not only
1138 the query that failed is printed but also the reason why unbound thought
1178 the query that failed is printed but also the reason why Unbound thought
11391179 it was wrong and which server sent the faulty data.
11401180 .TP
11411181 .B val\-permissive\-mode: \fI<yes or no>
11471187 The default value is "no".
11481188 .TP
11491189 .B ignore\-cd\-flag: \fI<yes or no>
1150 Instruct unbound to ignore the CD flag from clients and refuse to
1190 Instruct Unbound to ignore the CD flag from clients and refuse to
11511191 return bogus answers to them. Thus, the CD (Checking Disabled) flag
11521192 does not disable checking any more. This is useful if legacy (w2008)
11531193 servers that set the CD flag but cannot validate DNSSEC themselves are
1154 the clients, and then unbound provides them with DNSSEC protection.
1194 the clients, and then Unbound provides them with DNSSEC protection.
11551195 The default value is "no".
11561196 .TP
11571197 .B serve\-expired: \fI<yes or no>
1158 If enabled, unbound attempts to serve old responses from cache with a
1198 If enabled, Unbound attempts to serve old responses from cache with a
11591199 TTL of \fBserve\-expired\-reply\-ttl\fR in the response without waiting for the
11601200 actual resolution to finish. The actual resolution answer ends up in the cache
11611201 later on. Default is "no".
11861226 behavior. Default is 0.
11871227 .TP
11881228 .B serve\-original\-ttl: \fI<yes or no>
1189 If enabled, unbound will always return the original TTL as received from
1229 If enabled, Unbound will always return the original TTL as received from
11901230 the upstream name server rather than the decrementing TTL as
1191 stored in the cache. This feature may be useful if unbound serves as a
1192 front-end to a hidden authoritative name server. Enabling this feature does
1193 not impact cache expiry, it only changes the TTL unbound embeds in responses to
1231 stored in the cache. This feature may be useful if Unbound serves as a
1232 front-end to a hidden authoritative name server. Enabling this feature does
1233 not impact cache expiry, it only changes the TTL Unbound embeds in responses to
11941234 queries. Note that enabling this feature implicitly disables enforcement of
1195 the configured minimum and maximum TTL, as it is assumed users who enable this
1196 feature do not want unbound to change the TTL obtained from an upstream server.
1235 the configured minimum and maximum TTL, as it is assumed users who enable this
1236 feature do not want Unbound to change the TTL obtained from an upstream server.
11971237 Thus, the values set using \fBcache\-min\-ttl\fR and \fBcache\-max\-ttl\fR are
11981238 ignored.
11991239 Default is "no".
12001240 .TP
12011241 .B val\-nsec3\-keysize\-iterations: \fI<"list of values">
12021242 List of keysize and iteration count values, separated by spaces, surrounded
1203 by quotes. Default is "1024 150 2048 500 4096 2500". This determines the
1243 by quotes. Default is "1024 150 2048 150 4096 150". This determines the
12041244 maximum allowed NSEC3 iteration count before a message is simply marked
12051245 insecure instead of performing the many hashing iterations. The list must
12061246 be in ascending order and have at least one entry. If you set it to
12071247 "1024 65535" there is no restriction to NSEC3 iteration values.
12081248 This table must be kept short; a very long list could cause slower operation.
1249 .TP
1250 .B zonemd\-permissive\-mode: \fI<yes or no>
1251 If enabled the ZONEMD verification failures are only logged and do not cause
1252 the zone to be blocked and only return servfail. Useful for testing out
1253 if it works, or if the operator only wants to be notified of a problem without
1254 disrupting service. Default is no.
12091255 .TP
12101256 .B add\-holddown: \fI<seconds>
12111257 Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011
12481294 .TP
12491295 .B unblock\-lan\-zones: \fI<yes or no>
12501296 Default is disabled. If enabled, then for private address space,
1251 the reverse lookups are no longer filtered. This allows unbound when
1297 the reverse lookups are no longer filtered. This allows Unbound when
12521298 running as dns service on a host where it provides service for that host,
12531299 to put out all of the queries for the 'lan' upstream. When enabled,
12541300 only localhost, 127.0.0.1 reverse and ::1 reverse zones are configured
1255 with default local zones. Disable the option when unbound is running
1301 with default local zones. Disable the option when Unbound is running
12561302 as a (DHCP-) DNS network resolver for a group of machines, where such
12571303 lookups should be filtered (RFC compliance), this also stops potential
12581304 data leakage about the local network to the upstream DNS servers.
13561402 to the query. If the view first is no, it'll resolve normally. If view first
13571403 is enabled, it'll break perform that step and check the global answers.
13581404 For when the view has view specific overrides but some zone has to be
1359 answered from global local zone contents.
1405 answered from global local zone contents.
13601406 .TP 10
13611407 \h'5'\fInodefault\fR
13621408 Used to turn off default contents for AS112 zones. The other types
13651411 given zone. Use \fInodefault\fR if you use exactly that zone, if you want to
13661412 use a subzone, use \fItransparent\fR.
13671413 .P
1368 The default zones are localhost, reverse 127.0.0.1 and ::1, the onion, test,
1369 invalid and the AS112 zones. The AS112 zones are reverse DNS zones for
1370 private use and reserved IP addresses for which the servers on the internet
1371 cannot provide correct answers. They are configured by default to give
1372 nxdomain (no reverse information) answers. The defaults can be turned off
1373 by specifying your own local\-zone of that name, or using the 'nodefault'
1374 type. Below is a list of the default zone contents.
1414 The default zones are localhost, reverse 127.0.0.1 and ::1, the home.arpa,
1415 the onion, test, invalid and the AS112 zones. The AS112 zones are reverse
1416 DNS zones for private use and reserved IP addresses for which the servers
1417 on the internet cannot provide correct answers. They are configured by
1418 default to give nxdomain (no reverse information) answers. The defaults
1419 can be turned off by specifying your own local\-zone of that name, or
1420 using the 'nodefault' type. Below is a list of the default zone contents.
13751421 .TP 10
13761422 \h'5'\fIlocalhost\fR
13771423 The IP4 and IP6 localhost information is given. NS and SOA records are provided
14121458 PTR localhost."
14131459 .fi
14141460 .TP 10
1461 \h'5'\fIhome.arpa (RFC 8375)\fR
1462 Default content:
1463 .nf
1464 local\-zone: "home.arpa." static
1465 local\-data: "home.arpa. 10800 IN NS localhost."
1466 local\-data: "home.arpa. 10800 IN
1467 SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
1468 .fi
1469 .TP 10
14151470 \h'5'\fIonion (RFC 7686)\fR
14161471 Default content:
14171472 .nf
15061561 (both tagged and untagged) and regardless the type configured using
15071562 access\-control\-tag\-action.
15081563 .TP 5
1564 .B response\-ip: \fI<IP-netblock> <action>
1565 This requires use of the "respip" module.
1566 .IP
1567 If the IP address in an AAAA or A RR in the answer section of a
1568 response matches the specified IP netblock, the specified action will
1569 apply.
1570 \fI<action>\fR has generally the same semantics as that for
1571 \fIaccess-control-tag-action\fR, but there are some exceptions.
1572 .IP
1573 Actions for \fIresponse-ip\fR are different from those for
1574 \fIlocal-zone\fR in that in case of the former there is no point of
1575 such conditions as "the query matches it but there is no local data".
1576 Because of this difference, the semantics of \fIresponse-ip\fR actions
1577 are modified or simplified as follows: The \fIstatic, refuse,
1578 transparent, typetransparent,\fR and \fInodefault\fR actions are
1579 invalid for \fIresponse-ip\fR.
1580 Using any of these will cause the configuration to be rejected as
1581 faulty. The \fIdeny\fR action is non-conditional, i.e. it always
1582 results in dropping the corresponding query.
1583 The resolution result before applying the deny action is still cached
1584 and can be used for other queries.
1585 .TP 5
1586 .B response-ip-data: \fI<IP-netblock> <"resource record string">
1587 This requires use of the "respip" module.
1588 .IP
1589 This specifies the action data for \fIresponse-ip\fR with action being
1590 to redirect as specified by "\fIresource record string\fR". "Resource
1591 record string" is similar to that of \fIaccess-control-tag-action\fR,
1592 but it must be of either AAAA, A or CNAME types.
1593 If the IP-netblock is an IPv6/IPV4 prefix, the record
1594 must be AAAA/A respectively, unless it is a CNAME (which can be used
1595 for both versions of IP netblocks). If it is CNAME there must not be
1596 more than one \fIresponse-ip-data\fR for the same IP-netblock.
1597 Also, CNAME and other types of records must not coexist for the same
1598 IP-netblock, following the normal rules for CNAME records.
1599 The textual domain name for the CNAME does not have to be explicitly
1600 terminated with a dot ("."); the root name is assumed to be the origin
1601 for the name.
1602 .TP 5
1603 .B response-ip-tag: \fI<IP-netblock> <"list of tags">
1604 This requires use of the "respip" module.
1605 .IP
1606 Assign tags to response IP-netblocks. If the IP address in an AAAA or
1607 A RR in the answer section of a response matches the specified
1608 IP-netblock, the specified tags are assigned to the IP address.
1609 Then, if an \fIaccess-control-tag\fR is defined for the client and it
1610 includes one of the tags for the response IP, the corresponding
1611 \fIaccess-control-tag-action\fR will apply.
1612 Tag matching rule is the same as that for \fIaccess-control-tag\fR and
1613 \fIlocal-zones\fR.
1614 Unlike \fIlocal-zone-tag\fR, \fIresponse-ip-tag\fR can be defined for
1615 an IP-netblock even if no \fIresponse-ip\fR is defined for that
1616 netblock.
1617 If multiple \fIresponse-ip-tag\fR options are specified for the same
1618 IP-netblock in different statements, all but the first will be
1619 ignored.
1620 However, this will not be flagged as a configuration error, but the
1621 result is probably not what was intended.
1622 .IP
1623 Actions specified in an
1624 \fIaccess-control-tag-action\fR that has a matching tag with
1625 \fIresponse-ip-tag\fR can be those that are "invalid" for
1626 \fIresponse-ip\fR listed above, since \fIaccess-control-tag-action\fRs
1627 can be shared with local zones.
1628 For these actions, if they behave differently depending on whether
1629 local data exists or not in case of local zones, the behavior for
1630 \fIresponse-ip-data\fR will generally result in NOERROR/NODATA instead
1631 of NXDOMAIN, since the \fIresponse-ip\fR data are inherently type
1632 specific, and non-existence of data does not indicate anything about
1633 the existence or non-existence of the qname itself.
1634 For example, if the matching tag action is \fIstatic\fR but there is
1635 no data for the corresponding \fIresponse-ip\fR configuration, then
1636 the result will be NOERROR/NODATA.
1637 The only case where NXDOMAIN is returned is when an
1638 \fIalways_nxdomain\fR action applies.
1639 .TP 5
15091640 .B ratelimit: \fI<number or 0>
15101641 Enable ratelimiting of queries sent to nameserver for performing recursion.
15111642 If 0, the default, it is disabled. This option is experimental at this time.
15151646 ratelimited by this setting. The zone of the query is determined by examining
15161647 the nameservers for it, the zone name is used to keep track of the rate.
15171648 For example, 1000 may be a suitable value to stop the server from being
1518 overloaded with random names, and keeps unbound from sending traffic to the
1519 nameservers for those zones.
1649 overloaded with random names, and keeps Unbound from sending traffic to the
1650 nameservers for those zones. Configured forwarders are excluded from
1651 ratelimiting.
15201652 .TP 5
15211653 .B ratelimit\-size: \fI<memory size>
15221654 Give the size of the data structure in which the current ongoing rates are
15381670 and enter the cache, whilst also mitigating the traffic flow by the
15391671 factor given.
15401672 .TP 5
1673 .B ratelimit\-backoff: \fI<yes or no>
1674 If enabled, the ratelimit is treated as a hard failure instead of the default
1675 maximum allowed constant rate. When the limit is reached, traffic is
1676 ratelimited and demand continues to be kept track of for a 2 second rate
1677 window. No traffic is allowed, except for ratelimit\-factor, until demand
1678 decreases below the configured ratelimit for a 2 second rate window. Useful to
1679 set ratelimit to a suspicious rate to aggressively limit unusually high
1680 traffic. Default is off.
1681 .TP 5
15411682 .B ratelimit\-for\-domain: \fI<domain> <number qps or 0>
15421683 Override the global ratelimit for an exact match domain name with the listed
15431684 number. You can give this for any number of names. For example, for
15541695 A value of 0 will disable ratelimiting for domain names that end in this name.
15551696 .TP 5
15561697 .B ip\-ratelimit: \fI<number or 0>
1557 Enable global ratelimiting of queries accepted per ip address.
1698 Enable global ratelimiting of queries accepted per IP address.
15581699 If 0, the default, it is disabled. This option is experimental at this time.
15591700 The ratelimit is in queries per second that are allowed. More queries are
15601701 completely dropped and will not receive a reply, SERVFAIL or otherwise.
15801721 This can make ordinary queries complete (if repeatedly queried for),
15811722 and enter the cache, whilst also mitigating the traffic flow by the
15821723 factor given.
1724 .TP 5
1725 .B ip\-ratelimit\-backoff: \fI<yes or no>
1726 If enabled, the ratelimit is treated as a hard failure instead of the default
1727 maximum allowed constant rate. When the limit is reached, traffic is
1728 ratelimited and demand continues to be kept track of for a 2 second rate
1729 window. No traffic is allowed, except for ip\-ratelimit\-factor, until demand
1730 decreases below the configured ratelimit for a 2 second rate window. Useful to
1731 set ip\-ratelimit to a suspicious rate to aggressively limit unusually high
1732 traffic. Default is off.
1733 .TP 5
1734 .B outbound\-msg\-retry: \fI<number>
1735 The number of retries Unbound will do in case of a non positive response is
1736 received. If a forward nameserver is used, this is the number of retries per
1737 forward nameserver in case of throwaway response.
15831738 .TP 5
15841739 .B fast\-server\-permil: \fI<number>
15851740 Specify how many times out of 1000 to pick from the set of fastest servers.
16101765 .B remote\-control:
16111766 clause are the declarations for the remote control facility. If this is
16121767 enabled, the \fIunbound\-control\fR(8) utility can be used to send
1613 commands to the running unbound server. The server uses these clauses
1768 commands to the running Unbound server. The server uses these clauses
16141769 to setup TLSv1 security for the connection. The
16151770 \fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR
16161771 section for options. To setup the correct self\-signed certificates use the
16301785 .IP
16311786 If you set it to an absolute path, a local socket is used. The local socket
16321787 does not use the certificates and keys, so those files need not be present.
1633 To restrict access, unbound sets permissions on the file to the user and
1788 To restrict access, Unbound sets permissions on the file to the user and
16341789 group that is configured, the access bits are set to allow the group members
16351790 to access the control socket file. Put users that need to access the socket
16361791 in the that group. To restrict access further, create a directory to put
16501805 .B server\-key\-file: \fI<private key file>
16511806 Path to the server private key, by default unbound_server.key.
16521807 This file is generated by the \fIunbound\-control\-setup\fR utility.
1653 This file is used by the unbound server, but not by \fIunbound\-control\fR.
1808 This file is used by the Unbound server, but not by \fIunbound\-control\fR.
16541809 .TP 5
16551810 .B server\-cert\-file: \fI<certificate file.pem>
16561811 Path to the server self signed certificate, by default unbound_server.pem.
16571812 This file is generated by the \fIunbound\-control\-setup\fR utility.
1658 This file is used by the unbound server, and also by \fIunbound\-control\fR.
1813 This file is used by the Unbound server, and also by \fIunbound\-control\fR.
16591814 .TP 5
16601815 .B control\-key\-file: \fI<private key file>
16611816 Path to the control client private key, by default unbound_control.key.
16731828 .B stub\-zone:
16741829 clauses. Each with a name: and zero or more hostnames or IP addresses.
16751830 For the stub zone this list of nameservers is used. Class IN is assumed.
1676 The servers should be authority servers, not recursors; unbound performs
1831 The servers should be authority servers, not recursors; Unbound performs
16771832 the recursive processing itself for stub zones.
16781833 .P
16791834 The stub zone can be used to configure authoritative data to be used
16801835 by the resolver that cannot be accessed using the public internet servers.
16811836 This is useful for company\-local data or private zones. Setup an
16821837 authoritative server on a different host (or different port). Enter a config
1683 entry for unbound with
1838 entry for Unbound with
16841839 .B stub\-addr:
16851840 <ip address of host[@port]>.
1686 The unbound resolver can then access the data, without referring to the
1841 The Unbound resolver can then access the data, without referring to the
16871842 public internet for it.
16881843 .P
16891844 This setup allows DNSSEC signed zones to be served by that
16901845 authoritative server, in which case a trusted key entry with the public key
1691 can be put in config, so that unbound can validate the data and set the AD
1846 can be put in config, so that Unbound can validate the data and set the AD
16921847 bit on replies for the private zone (authoritative servers do not set the
1693 AD bit). This setup makes unbound capable of answering queries for the
1848 AD bit). This setup makes Unbound capable of answering queries for the
16941849 private zone, and can even set the AD bit ('authentic'), but the AA
16951850 ('authoritative') bit is not set on these replies.
16961851 .P
16981853 for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally
16991854 served zone. The insecure clause stops DNSSEC from invalidating the
17001855 zone. The local zone nodefault (or \fItransparent\fR) clause makes the
1701 (reverse\-) zone bypass unbound's filtering of RFC1918 zones.
1856 (reverse\-) zone bypass Unbound's filtering of RFC1918 zones.
17021857 .TP
17031858 .B name: \fI<domain name>
1704 Name of the stub zone.
1859 Name of the stub zone. This is the full domain name of the zone.
17051860 .TP
17061861 .B stub\-host: \fI<domain name>
17071862 Name of stub zone nameserver. Is itself resolved before it is used.
1863 To use a nondefault port for DNS communication append '@' with the port number.
1864 If tls is enabled, then you can append a '#' and a name, then it'll check the
1865 tls authentication certificates with that name. If you combine the '@'
1866 and '#', the '@' comes first. If only '#' is used the default port is the
1867 configured tls\-port.
17081868 .TP
17091869 .B stub\-addr: \fI<IP address>
17101870 IP address of stub zone nameserver. Can be IP 4 or IP 6.
17111871 To use a nondefault port for DNS communication append '@' with the port number.
1712 If tls is enabled, then you can append a '#' and a name, then it'll check
1713 the tls authentication certificates with that name. If you combine
1714 the '@' and '#', the '@' comes first.
1872 If tls is enabled, then you can append a '#' and a name, then it'll check the
1873 tls authentication certificates with that name. If you combine the '@'
1874 and '#', the '@' comes first. If only '#' is used the default port is the
1875 configured tls\-port.
17151876 .TP
17161877 .B stub\-prime: \fI<yes or no>
17171878 This option is by default no. If enabled it performs NS set priming,
17311892 .TP
17321893 .B stub\-ssl\-upstream: \fI<yes or no>
17331894 Alternate syntax for \fBstub\-tls\-upstream\fR.
1895 .TP
1896 .B stub\-tcp\-upstream: \fI<yes or no>
1897 If it is set to "yes" then upstream queries use TCP only for transport regardless of global flag tcp-upstream.
1898 Default is no.
17341899 .TP
17351900 .B stub\-no\-cache: \fI<yes or no>
17361901 Default is no. If enabled, data inside the stub is not cached. This is
17431908 addresses. For the forward zone this list of nameservers is used to
17441909 forward the queries to. The servers listed as \fBforward\-host:\fR and
17451910 \fBforward\-addr:\fR have to handle further recursion for the query. Thus,
1746 those servers are not authority servers, but are (just like unbound is)
1747 recursive servers too; unbound does not perform recursion itself for the
1911 those servers are not authority servers, but are (just like Unbound is)
1912 recursive servers too; Unbound does not perform recursion itself for the
17481913 forward zone, it lets the remote server do it. Class IN is assumed.
1749 CNAMEs are chased by unbound itself, asking the remote server for every
1914 CNAMEs are chased by Unbound itself, asking the remote server for every
17501915 name in the indirection chain, to protect the local cache from illegal
17511916 indirect referenced items.
17521917 A forward\-zone entry with name "." and a forward\-addr target will
17541919 the cache).
17551920 .TP
17561921 .B name: \fI<domain name>
1757 Name of the forward zone.
1922 Name of the forward zone. This is the full domain name of the zone.
17581923 .TP
17591924 .B forward\-host: \fI<domain name>
17601925 Name of server to forward to. Is itself resolved before it is used.
1926 To use a nondefault port for DNS communication append '@' with the port number.
1927 If tls is enabled, then you can append a '#' and a name, then it'll check the
1928 tls authentication certificates with that name. If you combine the '@'
1929 and '#', the '@' comes first. If only '#' is used the default port is the
1930 configured tls\-port.
17611931 .TP
17621932 .B forward\-addr: \fI<IP address>
17631933 IP address of server to forward to. Can be IP 4 or IP 6.
17641934 To use a nondefault port for DNS communication append '@' with the port number.
1765 If tls is enabled, then you can append a '#' and a name, then it'll check
1766 the tls authentication certificates with that name. If you combine
1767 the '@' and '#', the '@' comes first.
1935 If tls is enabled, then you can append a '#' and a name, then it'll check the
1936 tls authentication certificates with that name. If you combine the '@'
1937 and '#', the '@' comes first. If only '#' is used the default port is the
1938 configured tls\-port.
17681939 .IP
17691940 At high verbosity it logs the TLS certificate, with TLS enabled.
17701941 If you leave out the '#' and auth name from the forward\-addr, any
17721943 .TP
17731944 .B forward\-first: \fI<yes or no>
17741945 If a forwarded query is met with a SERVFAIL error, and this option is
1775 enabled, unbound will fall back to normal recursive resolution for this
1946 enabled, Unbound will fall back to normal recursive resolution for this
17761947 query as if no query forwarding had been specified. The default is "no".
17771948 .TP
17781949 .B forward\-tls\-upstream: \fI<yes or no>
17831954 .TP
17841955 .B forward\-ssl\-upstream: \fI<yes or no>
17851956 Alternate syntax for \fBforward\-tls\-upstream\fR.
1957 .TP
1958 .B forward\-tcp\-upstream: \fI<yes or no>
1959 If it is set to "yes" then upstream queries use TCP only for transport regardless of global flag tcp-upstream.
1960 Default is no.
17861961 .TP
17871962 .B forward\-no\-cache: \fI<yes or no>
17881963 Default is no. If enabled, data inside the forward is not cached. This is
17941969 The authority zone with the name closest to the name looked up is used.
17951970 Authority zones are processed after \fBlocal\-zones\fR and before
17961971 cache (\fBfor\-downstream:\fR \fIyes\fR), and when used in this manner
1797 make unbound respond like an authority server. Authority zones are also
1972 make Unbound respond like an authority server. Authority zones are also
17981973 processed after cache, just before going to the network to fetch
17991974 information for recursion (\fBfor\-upstream:\fR \fIyes\fR), and when used
18001975 in this manner provide a local copy of an authority server that speeds up
18171992 .B primary: \fI<IP address or host name>
18181993 Where to download a copy of the zone from, with AXFR and IXFR. Multiple
18191994 primaries can be specified. They are all tried if one fails.
1820 With the "ip#name" notation a AXFR over TLS can be used.
1995 To use a nondefault port for DNS communication append '@' with the port number.
1996 You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine
1997 the '@' and '#', the '@' comes first.
18211998 If you point it at another Unbound instance, it would not work because
18221999 that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
18232000 the zonefile as a text file from a webserver that would work.
18532030 allowed notify by default.
18542031 .TP
18552032 .B fallback\-enabled: \fI<yes or no>
1856 Default no. If enabled, unbound falls back to querying the internet as
2033 Default no. If enabled, Unbound falls back to querying the internet as
18572034 a resolver for this zone when lookups fail. For example for DNSSEC
18582035 validation failures.
18592036 .TP
18602037 .B for\-downstream: \fI<yes or no>
1861 Default yes. If enabled, unbound serves authority responses to
1862 downstream clients for this zone. This option makes unbound behave, for
2038 Default yes. If enabled, Unbound serves authority responses to
2039 downstream clients for this zone. This option makes Unbound behave, for
18632040 the queries with names in this zone, like one of the authority servers for
1864 that zone. Turn it off if you want unbound to provide recursion for the
2041 that zone. Turn it off if you want Unbound to provide recursion for the
18652042 zone but have a local copy of zone data. If for\-downstream is no and
1866 for\-upstream is yes, then unbound will DNSSEC validate the contents of the
2043 for\-upstream is yes, then Unbound will DNSSEC validate the contents of the
18672044 zone before serving the zone contents to clients and store validation
18682045 results in the cache.
18692046 .TP
18702047 .B for\-upstream: \fI<yes or no>
1871 Default yes. If enabled, unbound fetches data from this data collection
2048 Default yes. If enabled, Unbound fetches data from this data collection
18722049 for answering recursion queries. Instead of sending queries over the internet
18732050 to the authority servers for this zone, it'll fetch the data directly from
1874 the zone data. Turn it on when you want unbound to provide recursion for
2051 the zone data. Turn it on when you want Unbound to provide recursion for
18752052 downstream clients, and use the zone data as a local copy to speed up lookups.
2053 .TP
2054 .B zonemd\-check: \fI<yes or no>
2055 Enable this option to check ZONEMD records in the zone. Default is disabled.
2056 The ZONEMD record is a checksum over the zone data. This includes glue in
2057 the zone and data from the zone file, and excludes comments from the zone file.
2058 When there is a DNSSEC chain of trust, DNSSEC signatures are checked too.
2059 .TP
2060 .B zonemd\-reject\-absence: \fI<yes or no>
2061 Enable this option to reject the absence of the ZONEMD record. Without it,
2062 when zonemd is not there it is not checked. It is useful to enable for a
2063 nonDNSSEC signed zone where the operator wants to require the verification
2064 of a ZONEMD, hence a missing ZONEMD is a failure. The action upon
2065 failure is controlled by the \fBzonemd\-permissive\-mode\fR option, for
2066 log only or also block the zone. The default is no.
2067 .IP
2068 Without the option absence of a ZONEMD is only a failure when the zone is
2069 DNSSEC signed, and we have a trust anchor, and the DNSSEC verification of
2070 the absence of the ZONEMD fails. With the option enabled, the absence of
2071 a ZONEMD is always a failure, also for nonDNSSEC signed zones.
18762072 .TP
18772073 .B zonefile: \fI<filename>
18782074 The filename where the zone is stored. If not given then no zonefile is used.
1879 If the file does not exist or is empty, unbound will attempt to fetch zone
2075 If the file does not exist or is empty, Unbound will attempt to fetch zone
18802076 data (eg. from the primary servers).
18812077 .SS "View Options"
18822078 .LP
18832079 There may be multiple
18842080 .B view:
18852081 clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and
1886 \fBlocal\-data\fR elements. Views can also contain view\-first,
2082 \fBlocal\-data\fR elements. Views can also contain view\-first,
18872083 response\-ip, response\-ip\-data and local\-data\-ptr elements.
18882084 View can be mapped to requests by specifying the
18892085 view name in an \fBaccess\-control\-view\fR element. Options from matching
19762172 The
19772173 .B dnscrypt:
19782174 clause gives the settings of the dnscrypt channel. While those options are
1979 available, they are only meaningful if unbound was compiled with
2175 available, they are only meaningful if Unbound was compiled with
19802176 \fB\-\-enable\-dnscrypt\fR.
1981 Currently certificate and secret/public keys cannot be generated by unbound.
2177 Currently certificate and secret/public keys cannot be generated by Unbound.
19822178 You can use dnscrypt-wrapper to generate those: https://github.com/cofyc/\
19832179 dnscrypt-wrapper/blob/master/README.md#usage
19842180 .TP
20972293 .TP
20982294 .B min\-client\-subnet\-ipv4: \fI<number>\fR
20992295 Specifies the minimum prefix length of the IPv4 source mask we are willing to
2100 accept in queries. Shorter source masks result in REFUSED answers. Source mask
2296 accept in queries. Shorter source masks result in REFUSED answers. Source mask
21012297 of 0 is always accepted. Default is 0.
21022298 .TP
21032299 .B max\-ecs\-tree\-size\-ipv4: \fI<number>\fR
21102306 .SS "Opportunistic IPsec Support Module Options"
21112307 .LP
21122308 The IPsec module must be configured in the \fBmodule\-config:\fR "ipsecmod
2113 validator iterator" directive and be compiled into the daemon to be
2114 enabled. These settings go in the \fBserver:\fR section.
2309 validator iterator" directive and be compiled into Unbound by using
2310 \fB\-\-enable\-ipsecmod\fR to be enabled.
2311 These settings go in the \fBserver:\fR section.
21152312 .LP
2116 When unbound receives an A/AAAA query that is not in the cache and finds a
2313 When Unbound receives an A/AAAA query that is not in the cache and finds a
21172314 valid answer, it will withhold returning the answer and instead will generate
2118 an IPSECKEY subquery for the same domain name. If an answer was found, unbound
2315 an IPSECKEY subquery for the same domain name. If an answer was found, Unbound
21192316 will call an external hook passing the following arguments:
21202317 .TP 10
21212318 \h'5'\fIQNAME\fR
21442341 .B ipsecmod-enabled: \fI<yes or no>\fR
21452342 Specifies whether the IPsec module is enabled or not. The IPsec module still
21462343 needs to be defined in the \fBmodule\-config:\fR directive. This option
2147 facilitates turning on/off the module without restarting/reloading unbound.
2344 facilitates turning on/off the module without restarting/reloading Unbound.
21482345 Defaults to yes.
21492346 .TP
21502347 .B ipsecmod\-hook: \fI<filename>\fR
2151 Specifies the external hook that unbound will call with \fIsystem\fR(3). The
2348 Specifies the external hook that Unbound will call with \fIsystem\fR(3). The
21522349 file can be specified as an absolute/relative path. The file needs the proper
2153 permissions to be able to be executed by the same user that runs unbound. It
2350 permissions to be able to be executed by the same user that runs Unbound. It
21542351 must be present when the IPsec module is defined in the \fBmodule\-config:\fR
21552352 directive.
21562353 .TP
21572354 .B ipsecmod-strict: \fI<yes or no>\fR
2158 If enabled unbound requires the external hook to return a success value of 0.
2159 Failing to do so unbound will reply with SERVFAIL. The A/AAAA answer will also
2355 If enabled Unbound requires the external hook to return a success value of 0.
2356 Failing to do so Unbound will reply with SERVFAIL. The A/AAAA answer will also
21602357 not be cached. Defaults to no.
21612358 .TP
21622359 .B ipsecmod\-max-ttl: \fI<seconds>\fR
21642361 Defaults to 3600.
21652362 .TP
21662363 .B ipsecmod-ignore-bogus: \fI<yes or no>\fR
2167 Specifies the behaviour of unbound when the IPSECKEY answer is bogus. If set
2364 Specifies the behaviour of Unbound when the IPSECKEY answer is bogus. If set
21682365 to yes, the hook will be called and the A/AAAA answer will be returned to the
21692366 client. If set to no, the hook will not be called and the answer to the
21702367 A/AAAA query will be SERVFAIL. Mainly used for testing. Defaults to no.
21912388 query as usual, and stores the answer in the backend.
21922389 .P
21932390 This module interacts with the \fBserve\-expired\-*\fR options and will reply
2194 with expired data if unbound is configured for that. Currently the use
2391 with expired data if Unbound is configured for that. Currently the use
21952392 of \fBserve\-expired\-client\-timeout:\fR and
21962393 \fBserve\-expired\-reply\-ttl:\fR is not consistent for data originating from
21972394 the external cache as these will result in a reply with 0 TTL without trying to
22492446 .P
22502447 The following
22512448 .B cachedb
2252 otions are specific to the redis backend.
2449 options are specific to the redis backend.
22532450 .TP
22542451 .B redis-server-host: \fI<server address or name>\fR
22552452 The IP (either v6 or v4) address or domain name of the Redis server.
22702467 This option defaults to 100 milliseconds.
22712468 .TP
22722469 .B redis-expire-records: \fI<yes or no>
2273 If Redis record expiration is enabled. If yes, unbound sets timeout for Redis
2470 If Redis record expiration is enabled. If yes, Unbound sets timeout for Redis
22742471 records so that Redis can evict keys that have expired automatically. If
2275 unbound is configured with \fBserve-expired\fR and \fBserve-expired-ttl\fR is 0,
2472 Unbound is configured with \fBserve-expired\fR and \fBserve-expired-ttl\fR is 0,
22762473 this option is internally reverted to "no". Redis SETEX support is required
22772474 for this option (Redis >= 2.0.0).
22782475 This option defaults to no.
22792476 .SS DNSTAP Logging Options
2280 DNSTAP support, when compiled in, is enabled in the \fBdnstap:\fR section.
2477 DNSTAP support, when compiled in by using \fB\-\-enable\-dnstap\fR, is enabled
2478 in the \fBdnstap:\fR section.
22812479 This starts an extra thread (when compiled with threading) that writes
2282 the log information to the destination. If unbound is compiled without
2480 the log information to the destination. If Unbound is compiled without
22832481 threading it does not spawn a thread, but connects per-process to the
22842482 destination.
22852483 .TP
23372535 .TP
23382536 .B dnstap-log-resolver-query-messages: \fI<yes or no>
23392537 Enable to log resolver query messages. Default is no.
2340 These are messages from unbound to upstream servers.
2538 These are messages from Unbound to upstream servers.
23412539 .TP
23422540 .B dnstap-log-resolver-response-messages: \fI<yes or no>
23432541 Enable to log resolver response messages. Default is no.
2344 These are replies from upstream servers to unbound.
2542 These are replies from upstream servers to Unbound.
23452543 .TP
23462544 .B dnstap-log-client-query-messages: \fI<yes or no>
23472545 Enable to log client query messages. Default is no.
2348 These are client queries to unbound.
2546 These are client queries to Unbound.
23492547 .TP
23502548 .B dnstap-log-client-response-messages: \fI<yes or no>
23512549 Enable to log client response messages. Default is no.
2352 These are responses from unbound to clients.
2550 These are responses from Unbound to clients.
23532551 .TP
23542552 .B dnstap-log-forwarder-query-messages: \fI<yes or no>
23552553 Enable to log forwarder query messages. Default is no.
23642562 \fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.:
23652563 \fBmodule-config: "respip validator iterator"\fR.
23662564 .P
2367 Only the QNAME and Response IP Address triggers are supported. The supported RPZ
2368 actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. RPZ QNAME triggers
2369 are applied after
2370 \fBlocal-zones\fR and before \fBauth-zones\fR.
2565 QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported.
2566 Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp\-only
2567 and drop. RPZ QNAME triggers are applied after \fBlocal\-zones\fR and
2568 before \fBauth\-zones\fR.
2569 .P
2570 The rpz zone is formatted with a SOA start record as usual. The items in
2571 the zone are entries, that specify what to act on (the trigger) and what to
2572 do (the action). The trigger to act on is recorded in the name, the action
2573 to do is recorded as the resource record. The names all end in the zone
2574 name, so you could type the trigger names without a trailing dot in the
2575 zonefile.
2576 .P
2577 An example RPZ record, that answers example.com with NXDOMAIN
2578 .nf
2579 example.com CNAME .
2580 .fi
2581 .P
2582 The triggers are encoded in the name on the left
2583 .nf
2584 name query name
2585 netblock.rpz-client-ip client IP address
2586 netblock.rpz-ip response IP address in the answer
2587 name.rpz-nsdname nameserver name
2588 netblock.rpz-nsip nameserver IP address
2589 .fi
2590 The netblock is written as <netblocklen>.<ip address in reverse>.
2591 For IPv6 use 'zz' for '::'. Specify individual addresses with scope length
2592 of 32 or 128. For example, 24.10.100.51.198.rpz-ip is 198.51.100.10/24 and
2593 32.10.zz.db8.2001.rpz-ip is 2001:db8:0:0:0:0:0:10/32.
2594 .P
2595 The actions are specified with the record on the right
2596 .nf
2597 CNAME . nxdomain reply
2598 CNAME *. nodata reply
2599 CNAME rpz-passthru. do nothing, allow to continue
2600 CNAME rpz-drop. the query is dropped
2601 CNAME rpz-tcp-only. answer over TCP
2602 A 192.0.2.1 answer with this IP address
2603 .fi
2604 Other records like AAAA, TXT and other CNAMEs (not rpz-..) can also be used to
2605 answer queries with that content.
2606 .P
2607 The RPZ zones can be configured in the config file with these settings in the \fBrpz:\fR block.
23712608 .TP
23722609 .B name: \fI<zone name>
23732610 Name of the authority zone.
23752612 .B primary: \fI<IP address or host name>
23762613 Where to download a copy of the zone from, with AXFR and IXFR. Multiple
23772614 primaries can be specified. They are all tried if one fails.
2615 To use a nondefault port for DNS communication append '@' with the port number.
2616 You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine
2617 the '@' and '#', the '@' comes first.
2618 If you point it at another Unbound instance, it would not work because
2619 that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
2620 the zonefile as a text file from a webserver that would work.
2621 If you specify the hostname, you cannot use the domain from the zonefile,
2622 because it may not have that when retrieving that data, instead use a plain
2623 IP address to avoid a circular dependency on retrieving that IP address.
23782624 .TP
23792625 .B master: \fI<IP address or host name>
23802626 Alternate syntax for \fBprimary\fR.
24002646 .TP
24012647 .B zonefile: \fI<filename>
24022648 The filename where the zone is stored. If not given then no zonefile is used.
2403 If the file does not exist or is empty, unbound will attempt to fetch zone
2649 If the file does not exist or is empty, Unbound will attempt to fetch zone
24042650 data (eg. from the primary servers).
24052651 .TP
24062652 .B rpz\-action\-override: \fI<action>
24162662 .TP
24172663 .B rpz\-log\-name: \fI<name>
24182664 Specify a string to be part of the log line, for easy referencing.
2665 .TP
2666 .B rpz\-signal\-nxdomain\-ra: \fI<yes or no>
2667 Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA flag.
2668 This allows certain clients, like dnsmasq, to infer that the domain is
2669 externally blocked. Default is no.
2670 .TP
2671 .B for\-downstream: \fI<yes or no>
2672 If enabled the zone is authoritatively answered for and queries for the RPZ
2673 zone information are answered to downstream clients. This is useful for
2674 monitoring scripts, that can then access the SOA information to check if
2675 the rpz information is up to date. Default is no.
24192676 .TP
24202677 .B tags: \fI<list of tags>
24212678 Limit the policies from this RPZ clause to clients with a matching tag. Tags
24572714 .SH "FILES"
24582715 .TP
24592716 .I @UNBOUND_RUN_DIR@
2460 default unbound working directory.
2717 default Unbound working directory.
24612718 .TP
24622719 .I @UNBOUND_CHROOT_DIR@
24632720 default
24652722 location.
24662723 .TP
24672724 .I @ub_conf_file@
2468 unbound configuration file.
2725 Unbound configuration file.
24692726 .TP
24702727 .I @UNBOUND_PIDFILE@
2471 default unbound pidfile with process ID of the running daemon.
2728 default Unbound pidfile with process ID of the running daemon.
24722729 .TP
24732730 .I unbound.log
2474 unbound log file. default is to log to
2731 Unbound log file. default is to log to
24752732 \fIsyslog\fR(3).
24762733 .SH "SEE ALSO"
24772734 \fIunbound\fR(8),
+4
-4
doc/unbound.doxygen less more
278278 # For small to medium size projects (<1000 input files) the default value is
279279 # probably good enough. For larger projects a too small cache size can cause
280280 # doxygen to be busy swapping symbols to and from disk most of the time
281 # causing a significant performance penality.
281 # causing a significant performance penalty.
282282 # If the system has enough physical memory increasing the cache will improve the
283283 # performance by keeping more symbols in memory. Note that the value works on
284 # a logarithmic scale so increasing the size by one will rougly double the
284 # a logarithmic scale so increasing the size by one will roughly double the
285285 # memory usage. The cache size is given by this formula:
286286 # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
287287 # corresponding to a cache size of 2^16 = 65536 symbols
778778 # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
779779 # in which this list will be split (can be a number in the range [1..20])
780780
781 COLS_IN_ALPHA_INDEX = 5
781 #COLS_IN_ALPHA_INDEX = 5
782782
783783 # In case all classes in a project start with a common prefix, all
784784 # classes will be put under the same header in the alphabetical index.
10751075
10761076 FORMULA_FONTSIZE = 10
10771077
1078 # Use the FORMULA_TRANPARENT tag to determine whether or not the images
1078 # Use the FORMULA_TRANSPARENT tag to determine whether or not the images
10791079 # generated for formulas are transparent PNGs. Transparent PNGs are
10801080 # not supported properly for IE 6.0, but are supported on all modern browsers.
10811081 # Note that when changing this option you need to delete any form_*.png files
+1
-1
edns-subnet/edns-subnet.h less more
5858
5959 /**
6060 * copy the first n BITS from src to dst iff both src and dst
61 * are large enough, return 0 on succes
61 * are large enough, return 0 on success
6262 */
6363 int
6464 copy_clear(uint8_t* dst, size_t dstlen, uint8_t* src, size_t srclen, size_t n);
+19
-19
edns-subnet/subnetmod.c less more
149149
150150 /* Cache by default, might be disabled after parsing EDNS option
151151 * received from nameserver. */
152 if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo)) {
152 if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL)) {
153153 qstate->no_cache_store = 0;
154154 }
155155
204204 subnet_data_delete, NULL);
205205 slabhash_setmarkdel(sn_env->subnet_msg_cache, &subnet_markdel);
206206 if(!sn_env->subnet_msg_cache) {
207 log_err("subnet: could not create cache");
207 log_err("subnetcache: could not create cache");
208208 free(sn_env);
209209 env->modinfo[id] = NULL;
210210 return 0;
213213 sn_env->whitelist = ecs_whitelist_create();
214214 if(!sn_env->whitelist ||
215215 !ecs_whitelist_apply_cfg(sn_env->whitelist, env->cfg)) {
216 log_err("subnet: could not create ECS whitelist");
216 log_err("subnetcache: could not create ECS whitelist");
217217 slabhash_delete(sn_env->subnet_msg_cache);
218218 free(sn_env);
219219 env->modinfo[id] = NULL;
220220 return 0;
221221 }
222222
223 verbose(VERB_QUERY, "subnet: option registered (%d)",
223 verbose(VERB_QUERY, "subnetcache: option registered (%d)",
224224 env->cfg->client_subnet_opcode);
225225 /* Create new mesh state for all queries. */
226226 env->unique_mesh = 1;
227227 if(!edns_register_option(env->cfg->client_subnet_opcode,
228228 env->cfg->client_subnet_always_forward /* bypass cache */,
229229 0 /* no aggregation */, env)) {
230 log_err("subnet: could not register opcode");
230 log_err("subnetcache: could not register opcode");
231231 ecs_whitelist_delete(sn_env->whitelist);
232232 slabhash_delete(sn_env->subnet_msg_cache);
233233 free(sn_env);
364364 /* Step 2, find the correct tree */
365365 if (!(tree = get_tree(lru_entry->data, edns, sne, qstate->env->cfg))) {
366366 lock_rw_unlock(&lru_entry->lock);
367 log_err("Subnet cache insertion failed");
367 log_err("subnetcache: cache insertion failed");
368368 return;
369369 }
370370 lock_quick_lock(&sne->alloc.lock);
372372 lock_quick_unlock(&sne->alloc.lock);
373373 if (!rep) {
374374 lock_rw_unlock(&lru_entry->lock);
375 log_err("Subnet cache insertion failed");
375 log_err("subnetcache: cache insertion failed");
376376 return;
377377 }
378378
486486 /* We have not asked for subnet data */
487487 if (!sq->subnet_sent) {
488488 if (s_in->subnet_validdata)
489 verbose(VERB_QUERY, "subnet: received spurious data");
489 verbose(VERB_QUERY, "subnetcache: received spurious data");
490490 if (sq->subnet_downstream) /* Copy back to client */
491491 cp_edns_bad_response(c_out, c_in);
492492 return module_finished;
496496 if (!s_in->subnet_validdata) {
497497 /* The authority indicated no support for edns subnet. As a
498498 * consequence the answer ended up in the regular cache. It
499 * is still usefull to put it in the edns subnet cache for
499 * is still useful to put it in the edns subnet cache for
500500 * when a client explicitly asks for subnet specific answer. */
501 verbose(VERB_QUERY, "subnet: Authority indicates no support");
501 verbose(VERB_QUERY, "subnetcache: Authority indicates no support");
502502 if(!sq->started_no_cache_store) {
503503 lock_rw_wrlock(&sne->biglock);
504504 update_cache(qstate, id);
520520 s_out->subnet_source_mask))
521521 {
522522 /* we can not accept, restart query without option */
523 verbose(VERB_QUERY, "subnet: forged data");
523 verbose(VERB_QUERY, "subnetcache: forged data");
524524 s_out->subnet_validdata = 0;
525525 (void)edns_opt_list_remove(&qstate->edns_opts_back_out,
526526 qstate->env->cfg->client_subnet_opcode);
699699 struct subnet_env *sne = qstate->env->modinfo[id];
700700 struct subnet_qstate *sq = (struct subnet_qstate*)qstate->minfo[id];
701701
702 verbose(VERB_QUERY, "subnet[module %d] operate: extstate:%s "
702 verbose(VERB_QUERY, "subnetcache[module %d] operate: extstate:%s "
703703 "event:%s", id, strextstate(qstate->ext_state[id]),
704704 strmodulevent(event));
705 log_query_info(VERB_QUERY, "subnet operate: query", &qstate->qinfo);
705 log_query_info(VERB_QUERY, "subnetcache operate: query", &qstate->qinfo);
706706
707707 if((event == module_event_new || event == module_event_pass) &&
708708 sq == NULL) {
737737 /* No clients are interested in result or we could not
738738 * parse it, we don't do client subnet */
739739 sq->ecs_server_out.subnet_validdata = 0;
740 verbose(VERB_ALGO, "subnet: pass to next module");
740 verbose(VERB_ALGO, "subnetcache: pass to next module");
741741 qstate->ext_state[id] = module_wait_module;
742742 return;
743743 }
757757 if (lookup_and_reply(qstate, id, sq)) {
758758 sne->num_msg_cache++;
759759 lock_rw_unlock(&sne->biglock);
760 verbose(VERB_QUERY, "subnet: answered from cache");
760 verbose(VERB_QUERY, "subnetcache: answered from cache");
761761 qstate->ext_state[id] = module_finished;
762762
763763 ecs_opt_list_append(&sq->ecs_client_out,
797797
798798 /* pass request to next module */
799799 verbose(VERB_ALGO,
800 "subnet: not found in cache. pass to next module");
800 "subnetcache: not found in cache. pass to next module");
801801 qstate->ext_state[id] = module_wait_module;
802802 return;
803803 }
818818 /* We are being revisited */
819819 if(event == module_event_pass || event == module_event_new) {
820820 /* Just pass it on, we already did the work */
821 verbose(VERB_ALGO, "subnet: pass to next module");
821 verbose(VERB_ALGO, "subnetcache: pass to next module");
822822 qstate->ext_state[id] = module_wait_module;
823823 return;
824824 }
827827 qstate->ext_state[id] = module_finished;
828828 return;
829829 }
830 log_err("subnet: bad event %s", strmodulevent(event));
830 log_err("subnetcache: bad event %s", strmodulevent(event));
831831 qstate->ext_state[id] = module_error;
832832 return;
833833 }
860860 * The module function block
861861 */
862862 static struct module_func_block subnetmod_block = {
863 "subnet", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate,
863 "subnetcache", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate,
864864 &subnetmod_inform_super, &subnetmod_clear, &subnetmod_get_mem
865865 };
866866
+18
-1
ipsecmod/ipsecmod.c less more
3636 * \file
3737 *
3838 * This file contains a module that facilitates opportunistic IPsec. It does so
39 * by also quering for the IPSECKEY for A/AAAA queries and calling a
39 * by also querying for the IPSECKEY for A/AAAA queries and calling a
4040 * configurable hook (eg. signaling an IKE daemon) before replying.
4141 */
4242
150150 ask.qclass = qclass;
151151 ask.local_alias = NULL;
152152 log_query_info(VERB_ALGO, "ipsecmod: generate request", &ask);
153
154 /* Explicitly check for cycle before trying to attach. Will result in
155 * cleaner error message. The attach_sub code also checks for cycle but the
156 * message will be out of memory in both cases then. */
157 fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle));
158 if((*qstate->env->detect_cycle)(qstate, &ask,
159 (uint16_t)(BIT_RD|flags), 0, 0)) {
160 verbose(VERB_ALGO, "Could not generate request: cycle detected");
161 return 0;
162 }
163
153164 fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
154165 if(!(*qstate->env->attach_sub)(qstate, &ask,
155166 (uint16_t)(BIT_RD|flags), 0, 0, &newq)){
407418 if(!qstate->env->cfg->ipsecmod_ignore_bogus &&
408419 rrset_data->security == sec_status_bogus) {
409420 log_err("ipsecmod: bogus IPSECKEY");
421 errinf(qstate, "ipsecmod: bogus IPSECKEY");
410422 ipsecmod_error(qstate, id);
411423 return;
412424 }
414426 if(!call_hook(qstate, iq, ie) &&
415427 qstate->env->cfg->ipsecmod_strict) {
416428 log_err("ipsecmod: ipsecmod-hook failed");
429 errinf(qstate, "ipsecmod: ipsecmod-hook failed");
417430 ipsecmod_error(qstate, id);
418431 return;
419432 }
485498 qstate->qinfo.qname_len, LDNS_RR_TYPE_IPSECKEY,
486499 qstate->qinfo.qclass, 0)) {
487500 log_err("ipsecmod: could not generate subquery.");
501 errinf(qstate, "ipsecmod: could not generate subquery.");
488502 ipsecmod_error(qstate, id);
489503 }
490504 return;
508522 if((event == module_event_new || event == module_event_pass) &&
509523 iq == NULL) {
510524 if(!ipsecmod_new(qstate, id)) {
525 errinf(qstate, "ipsecmod: could not ipsecmod_new");
511526 ipsecmod_error(qstate, id);
512527 return;
513528 }
530545 }
531546 if(event == module_event_error) {
532547 verbose(VERB_ALGO, "got called with event error, giving up");
548 errinf(qstate, "ipsecmod: got called with event error");
533549 ipsecmod_error(qstate, id);
534550 return;
535551 }
540556 }
541557
542558 log_err("ipsecmod: bad event %s", strmodulevent(event));
559 errinf(qstate, "ipsecmod: operate got bad event");
543560 ipsecmod_error(qstate, id);
544561 return;
545562 }
+1
-1
ipsecmod/ipsecmod.h less more
3636 * \file
3737 *
3838 * This file contains a module that facilitates opportunistic IPsec. It does so
39 * by also quering for the IPSECKEY for A/AAAA queries and calling a
39 * by also querying for the IPSECKEY for A/AAAA queries and calling a
4040 * configurable hook (eg. signaling an IKE daemon) before replying.
4141 */
4242
+55
-21
iterator/iter_delegpt.c less more
7272 copy->bogus = dp->bogus;
7373 copy->has_parent_side_NS = dp->has_parent_side_NS;
7474 copy->ssl_upstream = dp->ssl_upstream;
75 copy->tcp_upstream = dp->tcp_upstream;
7576 for(ns = dp->nslist; ns; ns = ns->next) {
76 if(!delegpt_add_ns(copy, region, ns->name, ns->lame))
77 if(!delegpt_add_ns(copy, region, ns->name, ns->lame,
78 ns->tls_auth_name, ns->port))
7779 return NULL;
7880 copy->nslist->resolved = ns->resolved;
7981 copy->nslist->got4 = ns->got4;
8284 copy->nslist->done_pside6 = ns->done_pside6;
8385 }
8486 for(a = dp->target_list; a; a = a->next_target) {
85 if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen,
86 a->bogus, a->lame, a->tls_auth_name, NULL))
87 if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen,
88 a->bogus, a->lame, a->tls_auth_name, -1, NULL))
8789 return NULL;
8890 }
8991 return copy;
100102
101103 int
102104 delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name,
103 uint8_t lame)
105 uint8_t lame, char* tls_auth_name, int port)
104106 {
105107 struct delegpt_ns* ns;
106108 size_t len;
124126 ns->lame = lame;
125127 ns->done_pside4 = 0;
126128 ns->done_pside6 = 0;
129 ns->port = port;
130 if(tls_auth_name) {
131 ns->tls_auth_name = regional_strdup(region, tls_auth_name);
132 if(!ns->tls_auth_name)
133 return 0;
134 } else {
135 ns->tls_auth_name = NULL;
136 }
127137 return ns->name != 0;
128138 }
129139
157167 return NULL;
158168 }
159169
160 int
161 delegpt_add_target(struct delegpt* dp, struct regional* region,
162 uint8_t* name, size_t namelen, struct sockaddr_storage* addr,
170 int
171 delegpt_add_target(struct delegpt* dp, struct regional* region,
172 uint8_t* name, size_t namelen, struct sockaddr_storage* addr,
163173 socklen_t addrlen, uint8_t bogus, uint8_t lame, int* additions)
164174 {
165175 struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen);
175185 if(ns->got4 && ns->got6)
176186 ns->resolved = 1;
177187 }
178 return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame, NULL,
179 additions);
180 }
181
182 int
183 delegpt_add_addr(struct delegpt* dp, struct regional* region,
184 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus,
185 uint8_t lame, char* tls_auth_name, int* additions)
188 log_assert(ns->port>0);
189 return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame,
190 ns->tls_auth_name, ns->port, additions);
191 }
192
193 int
194 delegpt_add_addr(struct delegpt* dp, struct regional* region,
195 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus,
196 uint8_t lame, char* tls_auth_name, int port, int* additions)
186197 {
187198 struct delegpt_addr* a;
188199 log_assert(!dp->dp_type_mlc);
200 if(port != -1) {
201 log_assert(port>0);
202 sockaddr_store_port(addr, addrlen, port);
203 }
189204 /* check for duplicates */
190205 if((a = delegpt_find_addr(dp, addr, addrlen))) {
191206 if(bogus)
410425 (size_t)sldns_read_uint16(nsdata->rr_data[i]))
411426 continue; /* bad format */
412427 /* add rdata of NS (= wirefmt dname), skip rdatalen bytes */
413 if(!delegpt_add_ns(dp, region, nsdata->rr_data[i]+2, lame))
428 if(!delegpt_add_ns(dp, region, nsdata->rr_data[i]+2, lame,
429 NULL, UNBOUND_DNS_PORT))
414430 return 0;
415431 }
416432 return 1;
427443 log_assert(!dp->dp_type_mlc);
428444 memset(&sa, 0, len);
429445 sa.sin_family = AF_INET;
430 sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT);
431446 for(i=0; i<d->count; i++) {
432447 if(d->rr_len[i] != 2 + INET_SIZE)
433448 continue;
451466 log_assert(!dp->dp_type_mlc);
452467 memset(&sa, 0, len);
453468 sa.sin6_family = AF_INET6;
454 sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT);
455469 for(i=0; i<d->count; i++) {
456470 if(d->rr_len[i] != 2 + INET6_SIZE) /* rdatalen + len of IP6 */
457471 continue;
553567 while(n) {
554568 nn = n->next;
555569 free(n->name);
570 free(n->tls_auth_name);
556571 free(n);
557572 n = nn;
558573 }
575590 return (dp->name != NULL);
576591 }
577592
578 int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame)
593 int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame,
594 char* tls_auth_name, int port)
579595 {
580596 struct delegpt_ns* ns;
581597 size_t len;
602618 ns->lame = (uint8_t)lame;
603619 ns->done_pside4 = 0;
604620 ns->done_pside6 = 0;
621 ns->port = port;
622 if(tls_auth_name) {
623 ns->tls_auth_name = strdup(tls_auth_name);
624 if(!ns->tls_auth_name) {
625 free(ns->name);
626 free(ns);
627 return 0;
628 }
629 } else {
630 ns->tls_auth_name = NULL;
631 }
605632 return 1;
606633 }
607634
608635 int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr,
609 socklen_t addrlen, uint8_t bogus, uint8_t lame, char* tls_auth_name)
636 socklen_t addrlen, uint8_t bogus, uint8_t lame, char* tls_auth_name,
637 int port)
610638 {
611639 struct delegpt_addr* a;
612640 log_assert(dp->dp_type_mlc);
641 if(port != -1) {
642 log_assert(port>0);
643 sockaddr_store_port(addr, addrlen, port);
644 }
613645 /* check for duplicates */
614646 if((a = delegpt_find_addr(dp, addr, addrlen))) {
615647 if(bogus)
662694 if(ns->got4 && ns->got6)
663695 ns->resolved = 1;
664696 }
665 return delegpt_add_addr_mlc(dp, addr, addrlen, bogus, lame, NULL);
697 log_assert(ns->port>0);
698 return delegpt_add_addr_mlc(dp, addr, addrlen, bogus, lame,
699 ns->tls_auth_name, ns->port);
666700 }
667701
668702 size_t delegpt_get_mem(struct delegpt* dp)
+27
-11
iterator/iter_delegpt.h less more
8282 uint8_t dp_type_mlc;
8383 /** use SSL for upstream query */
8484 uint8_t ssl_upstream;
85 /** use TCP for upstream query */
86 uint8_t tcp_upstream;
8587 /** delegpt from authoritative zone that is locally hosted */
8688 uint8_t auth_dp;
8789 /*** no cache */
123125 * Also enabled if a parent-side cache entry exists, or a parent-side
124126 * negative-cache entry exists. */
125127 uint8_t done_pside6;
128 /** the TLS authentication name, (if not NULL) to use. */
129 char* tls_auth_name;
130 /** the port to use; it should mosty be the default 53 but configured
131 * upstreams can provide nondefault ports. */
132 int port;
126133 };
127134
128135 /**
188195 * @param regional: where to allocate the info.
189196 * @param name: domain name in wire format.
190197 * @param lame: name is lame, disprefer it.
191 * @return false on error.
192 */
193 int delegpt_add_ns(struct delegpt* dp, struct regional* regional,
194 uint8_t* name, uint8_t lame);
198 * @param tls_auth_name: TLS authentication name (or NULL).
199 * @param port: port to use for resolved addresses.
200 * @return false on error.
201 */
202 int delegpt_add_ns(struct delegpt* dp, struct regional* regional,
203 uint8_t* name, uint8_t lame, char* tls_auth_name, int port);
195204
196205 /**
197206 * Add NS rrset; calls add_ns repeatedly.
268277 * @param bogus: if address is bogus.
269278 * @param lame: if address is lame.
270279 * @param tls_auth_name: TLS authentication name (or NULL).
280 * @param port: the port to use; if -1 the port is taken from addr.
271281 * @param additions: will be set to 1 if a new address is added
272282 * @return false on error.
273283 */
274 int delegpt_add_addr(struct delegpt* dp, struct regional* regional,
284 int delegpt_add_addr(struct delegpt* dp, struct regional* regional,
275285 struct sockaddr_storage* addr, socklen_t addrlen,
276 uint8_t bogus, uint8_t lame, char* tls_auth_name, int* additions);
286 uint8_t bogus, uint8_t lame, char* tls_auth_name, int port,
287 int* additions);
277288
278289 /**
279290 * Find NS record in name list of delegation point.
401412 * @param dp: must have been created with delegpt_create_mlc.
402413 * @param name: the name to add.
403414 * @param lame: the name is lame, disprefer.
404 * @return false on error.
405 */
406 int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame);
415 * @param tls_auth_name: TLS authentication name (or NULL).
416 * @param port: port to use for resolved addresses.
417 * @return false on error.
418 */
419 int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame,
420 char* tls_auth_name, int port);
407421
408422 /**
409423 * add an address to a malloced delegation point.
410 * @param dp: must have been created with delegpt_create_mlc.
424 * @param dp: must have been created with delegpt_create_mlc.
411425 * @param addr: the address.
412426 * @param addrlen: the length of addr.
413427 * @param bogus: if address is bogus.
414428 * @param lame: if address is lame.
415429 * @param tls_auth_name: TLS authentication name (or NULL).
430 * @param port: the port to use; if -1 the port is taken from addr.
416431 * @return false on error.
417432 */
418433 int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr,
419 socklen_t addrlen, uint8_t bogus, uint8_t lame, char* tls_auth_name);
434 socklen_t addrlen, uint8_t bogus, uint8_t lame, char* tls_auth_name,
435 int port);
420436
421437 /**
422438 * Add target address to the delegation point.
+13
-5
iterator/iter_fwd.c less more
199199 }
200200
201201 /** set fwd host names */
202 static int
202 static int
203203 read_fwds_host(struct config_stub* s, struct delegpt* dp)
204204 {
205205 struct config_strlist* p;
206206 uint8_t* dname;
207 size_t dname_len;
207 char* tls_auth_name;
208 int port;
208209 for(p = s->hosts; p; p = p->next) {
209210 log_assert(p->str);
210 dname = sldns_str2wire_dname(p->str, &dname_len);
211 dname = authextstrtodname(p->str, &port, &tls_auth_name);
211212 if(!dname) {
212213 log_err("cannot parse forward %s server name: '%s'",
213214 s->name, p->str);
214215 return 0;
215216 }
216 if(!delegpt_add_ns_mlc(dp, dname, 0)) {
217 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
218 if(tls_auth_name)
219 log_err("no name verification functionality in "
220 "ssl library, ignored name for %s", p->str);
221 #endif
222 if(!delegpt_add_ns_mlc(dp, dname, 0, tls_auth_name, port)) {
217223 free(dname);
218224 log_err("out of memory");
219225 return 0;
244250 "ssl library, ignored name for %s", p->str);
245251 #endif
246252 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
247 tls_auth_name)) {
253 tls_auth_name, -1)) {
248254 log_err("out of memory");
249255 return 0;
250256 }
275281 dp->no_cache = s->no_cache;
276282 /* use SSL for queries to this forwarder */
277283 dp->ssl_upstream = (uint8_t)s->ssl_upstream;
284 /* use TCP for queries to this forwarder */
285 dp->tcp_upstream = (uint8_t)s->tcp_upstream;
278286 verbose(VERB_QUERY, "Forward zone server list:");
279287 delegpt_log(VERB_QUERY, dp);
280288 if(!forwards_insert(fwd, LDNS_RR_CLASS_IN, dp))
+16
-8
iterator/iter_hints.c less more
9898 log_err("could not parse %s", sv);
9999 return 0;
100100 }
101 if(!delegpt_add_ns_mlc(dp, dname, 0) ||
101 if(!delegpt_add_ns_mlc(dp, dname, 0, NULL, UNBOUND_DNS_PORT) ||
102102 !extstrtoaddr(ip, &addr, &addrlen) ||
103103 !delegpt_add_target_mlc(dp, dname, dname_len,
104104 &addr, addrlen, 0, 0)) {
212212 }
213213
214214 /** set stub host names */
215 static int
215 static int
216216 read_stubs_host(struct config_stub* s, struct delegpt* dp)
217217 {
218218 struct config_strlist* p;
219 size_t dname_len;
220219 uint8_t* dname;
220 char* tls_auth_name;
221 int port;
221222 for(p = s->hosts; p; p = p->next) {
222223 log_assert(p->str);
223 dname = sldns_str2wire_dname(p->str, &dname_len);
224 dname = authextstrtodname(p->str, &port, &tls_auth_name);
224225 if(!dname) {
225226 log_err("cannot parse stub %s nameserver name: '%s'",
226227 s->name, p->str);
227228 return 0;
228229 }
229 if(!delegpt_add_ns_mlc(dp, dname, 0)) {
230 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
231 if(tls_auth_name)
232 log_err("no name verification functionality in "
233 "ssl library, ignored name for %s", p->str);
234 #endif
235 if(!delegpt_add_ns_mlc(dp, dname, 0, tls_auth_name, port)) {
230236 free(dname);
231237 log_err("out of memory");
232238 return 0;
257263 "ssl library, ignored name for %s", p->str);
258264 #endif
259265 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
260 auth_name)) {
266 auth_name, -1)) {
261267 log_err("out of memory");
262268 return 0;
263269 }
286292 dp->no_cache = s->no_cache;
287293 /* ssl_upstream */
288294 dp->ssl_upstream = (uint8_t)s->ssl_upstream;
295 /* tcp_upstream */
296 dp->tcp_upstream = (uint8_t)s->tcp_upstream;
289297 delegpt_log(VERB_QUERY, dp);
290298 if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, !s->isprime))
291299 return 0;
335343 if(sldns_wirerr_get_type(rr, rr_len, dname_len)
336344 == LDNS_RR_TYPE_NS) {
337345 if(!delegpt_add_ns_mlc(dp, sldns_wirerr_get_rdata(rr,
338 rr_len, dname_len), 0)) {
346 rr_len, dname_len), 0, NULL, UNBOUND_DNS_PORT)) {
339347 log_err("out of memory reading root hints");
340348 goto stop_read;
341349 }
394402 delegpt_free_mlc(dp);
395403 return 1;
396404 }
405 delegpt_log(VERB_QUERY, dp);
397406 if(!hints_insert(hints, c, dp, 0)) {
398407 return 0;
399408 }
400 delegpt_log(VERB_QUERY, dp);
401409 return 1;
402410
403411 stop_read:
+18
-6
iterator/iter_scrub.c less more
639639
640640 /**
641641 * Check if right hand name in NSEC is within zone
642 * @param pkt: the packet buffer for decompression.
642643 * @param rrset: the NSEC rrset
643644 * @param zonename: the zone name.
644645 * @return true if BAD.
645646 */
646 static int sanitize_nsec_is_overreach(struct rrset_parse* rrset,
647 uint8_t* zonename)
647 static int sanitize_nsec_is_overreach(sldns_buffer* pkt,
648 struct rrset_parse* rrset, uint8_t* zonename)
648649 {
649650 struct rr_parse* rr;
650651 uint8_t* rhs;
651652 size_t len;
652653 log_assert(rrset->type == LDNS_RR_TYPE_NSEC);
653654 for(rr = rrset->rr_first; rr; rr = rr->next) {
655 size_t pos = sldns_buffer_position(pkt);
656 size_t rhspos;
654657 rhs = rr->ttl_data+4+2;
655658 len = sldns_read_uint16(rr->ttl_data+4);
656 if(!dname_valid(rhs, len)) {
657 /* malformed domain name in rdata */
659 rhspos = rhs-sldns_buffer_begin(pkt);
660 sldns_buffer_set_position(pkt, rhspos);
661 if(pkt_dname_len(pkt) == 0) {
662 /* malformed */
663 sldns_buffer_set_position(pkt, pos);
658664 return 1;
659665 }
660 if(!dname_subdomain_c(rhs, zonename)) {
666 if(sldns_buffer_position(pkt)-rhspos > len) {
667 /* outside of rdata boundaries */
668 sldns_buffer_set_position(pkt, pos);
669 return 1;
670 }
671 sldns_buffer_set_position(pkt, pos);
672 if(!pkt_sub(pkt, rhs, zonename)) {
661673 /* overreaching */
662674 return 1;
663675 }
790802 }
791803 /* check if right hand side of NSEC is within zone */
792804 if(rrset->type == LDNS_RR_TYPE_NSEC &&
793 sanitize_nsec_is_overreach(rrset, zonename)) {
805 sanitize_nsec_is_overreach(pkt, rrset, zonename)) {
794806 remove_rrset("sanitize: removing overreaching NSEC "
795807 "RRset:", pkt, msg, prev, &rrset);
796808 continue;
+110
-76
iterator/iter_utils.c less more
33 * Copyright (c) 2007, NLnet Labs. All rights reserved.
44 *
55 * This software is open source.
6 *
6 *
77 * Redistribution and use in source and binary forms, with or without
88 * modification, are permitted provided that the following conditions
99 * are met:
10 *
10 *
1111 * Redistributions of source code must retain the above copyright notice,
1212 * this list of conditions and the following disclaimer.
13 *
13 *
1414 * Redistributions in binary form must reproduce the above copyright notice,
1515 * this list of conditions and the following disclaimer in the documentation
1616 * and/or other materials provided with the distribution.
17 *
17 *
1818 * Neither the name of the NLNET LABS nor the names of its contributors may
1919 * be used to endorse or promote products derived from this software without
2020 * specific prior written permission.
21 *
21 *
2222 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
2323 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
2424 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
3636 * \file
3737 *
3838 * This file contains functions to assist the iterator module.
39 * Configuration options. Forward zones.
39 * Configuration options. Forward zones.
4040 */
4141 #include "config.h"
4242 #include "iterator/iter_utils.h"
4949 #include "services/cache/infra.h"
5050 #include "services/cache/dns.h"
5151 #include "services/cache/rrset.h"
52 #include "services/outside_network.h"
5253 #include "util/net_help.h"
5354 #include "util/module.h"
5455 #include "util/log.h"
139140 return 1;
140141 }
141142
142 int
143 int
143144 iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
144145 {
145146 int i;
149150 for(i=0; i<iter_env->max_dependency_depth+1; i++)
150151 verbose(VERB_QUERY, "target fetch policy for level %d is %d",
151152 i, iter_env->target_fetch_policy[i]);
152
153
153154 if(!iter_env->donotq)
154155 iter_env->donotq = donotq_create();
155156 if(!iter_env->donotq || !donotq_apply_cfg(iter_env->donotq, cfg)) {
174175 }
175176 iter_env->supports_ipv6 = cfg->do_ip6;
176177 iter_env->supports_ipv4 = cfg->do_ip4;
178 iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
177179 return 1;
178180 }
179181
210212 * dnsseclame servers get penalty
211213 * USEFUL_SERVER_TOP_TIMEOUT*3 ..
212214 * recursion lame servers get penalty
213 * UNKNOWN_SERVER_NICENESS
215 * UNKNOWN_SERVER_NICENESS
214216 * If no information is known about the server, this is
215217 * returned. 376 msec or so.
216218 * +BLACKLIST_PENALTY (of USEFUL_TOP_TIMEOUT*4) for dnssec failed IPs.
219221 * is turned off (so we do not discard the reply).
220222 * When a final value is chosen that is recursionlame; RD bit is set on query.
221223 * Because of the numbers this means recursionlame also have dnssec lameness
222 * checking turned off.
224 * checking turned off.
223225 */
224226 static int
225227 iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env,
226 uint8_t* name, size_t namelen, uint16_t qtype, time_t now,
228 uint8_t* name, size_t namelen, uint16_t qtype, time_t now,
227229 struct delegpt_addr* a)
228230 {
229231 int rtt, lame, reclame, dnsseclame;
241243 return -1; /* there is no ip4 available */
242244 }
243245 /* check lameness - need zone , class info */
244 if(infra_get_lame_rtt(env->infra_cache, &a->addr, a->addrlen,
245 name, namelen, qtype, &lame, &dnsseclame, &reclame,
246 if(infra_get_lame_rtt(env->infra_cache, &a->addr, a->addrlen,
247 name, namelen, qtype, &lame, &dnsseclame, &reclame,
246248 &rtt, now)) {
247249 log_addr(VERB_ALGO, "servselect", &a->addr, a->addrlen);
248250 verbose(VERB_ALGO, " rtt=%d%s%s%s%s", rtt,
280282 /** lookup RTT information, and also store fastest rtt (if any) */
281283 static int
282284 iter_fill_rtt(struct iter_env* iter_env, struct module_env* env,
283 uint8_t* name, size_t namelen, uint16_t qtype, time_t now,
285 uint8_t* name, size_t namelen, uint16_t qtype, time_t now,
284286 struct delegpt* dp, int* best_rtt, struct sock_list* blacklist,
285287 size_t* num_suitable_results)
286288 {
291293 if(dp->bogus)
292294 return 0; /* NS bogus, all bogus, nothing found */
293295 for(a=dp->result_list; a; a = a->next_result) {
294 a->sel_rtt = iter_filter_unsuitable(iter_env, env,
296 a->sel_rtt = iter_filter_unsuitable(iter_env, env,
295297 name, namelen, qtype, now, a);
296298 if(a->sel_rtt != -1) {
297299 if(sock_list_find(blacklist, &a->addr, a->addrlen))
327329 int rtt_band;
328330 size_t i;
329331 int* rtt_list, *rtt_index;
330
332
331333 if(num_results < 1 || n >= num_results) {
332334 return -1;
333335 }
359361 * returns number of best targets (or 0, no suitable targets) */
360362 static int
361363 iter_filter_order(struct iter_env* iter_env, struct module_env* env,
362 uint8_t* name, size_t namelen, uint16_t qtype, time_t now,
363 struct delegpt* dp, int* selected_rtt, int open_target,
364 uint8_t* name, size_t namelen, uint16_t qtype, time_t now,
365 struct delegpt* dp, int* selected_rtt, int open_target,
364366 struct sock_list* blacklist, time_t prefetch)
365367 {
366368 int got_num = 0, low_rtt = 0, swap_to_front, rtt_band = RTT_BAND, nth;
368370 struct delegpt_addr* a, *n, *prev=NULL;
369371
370372 /* fillup sel_rtt and find best rtt in the bunch */
371 got_num = iter_fill_rtt(iter_env, env, name, namelen, qtype, now, dp,
373 got_num = iter_fill_rtt(iter_env, env, name, namelen, qtype, now, dp,
372374 &low_rtt, blacklist, &num_results);
373 if(got_num == 0)
375 if(got_num == 0)
374376 return 0;
375377 if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT &&
376378 (delegpt_count_missing_targets(dp) > 0 || open_target > 0)) {
438440 prev = NULL;
439441 a = dp->result_list;
440442 for(i = 0; i < got_num; i++) {
443 if(!a) break; /* robustness */
441444 swap_to_front = 0;
442445 if(a->addr.ss_family != AF_INET6 && attempt == -1) {
443446 /* if we only have ip4 at low attempt count,
495498 prev = NULL;
496499 a = dp->result_list;
497500 for(i = 0; i < got_num; i++) {
501 if(!a) break; /* robustness */
498502 swap_to_front = 0;
499503 if(a->addr.ss_family != AF_INET && attempt == -1) {
500504 /* if we only have ip6 at low attempt count,
544548 return got_num;
545549 }
546550
547 struct delegpt_addr*
548 iter_server_selection(struct iter_env* iter_env,
549 struct module_env* env, struct delegpt* dp,
551 struct delegpt_addr*
552 iter_server_selection(struct iter_env* iter_env,
553 struct module_env* env, struct delegpt* dp,
550554 uint8_t* name, size_t namelen, uint16_t qtype, int* dnssec_lame,
551555 int* chase_to_rd, int open_target, struct sock_list* blacklist,
552556 time_t prefetch)
588592
589593 if(num == 1) {
590594 a = dp->result_list;
591 if(++a->attempts < OUTBOUND_MSG_RETRY)
595 if(++a->attempts < iter_env->outbound_msg_retry)
592596 return a;
593597 dp->result_list = a->next_result;
594598 return a;
598602 log_assert(num > 1);
599603 /* grab secure random number, to pick unexpected server.
600604 * also we need it to be threadsafe. */
601 sel = ub_random_max(env->rnd, num);
605 sel = ub_random_max(env->rnd, num);
602606 a = dp->result_list;
603607 prev = NULL;
604608 while(sel > 0 && a) {
608612 }
609613 if(!a) /* robustness */
610614 return NULL;
611 if(++a->attempts < OUTBOUND_MSG_RETRY)
615 if(++a->attempts < iter_env->outbound_msg_retry)
612616 return a;
613617 /* remove it from the delegation point result list */
614618 if(prev)
617621 return a;
618622 }
619623
620 struct dns_msg*
621 dns_alloc_msg(sldns_buffer* pkt, struct msg_parse* msg,
624 struct dns_msg*
625 dns_alloc_msg(sldns_buffer* pkt, struct msg_parse* msg,
622626 struct regional* region)
623627 {
624628 struct dns_msg* m = (struct dns_msg*)regional_alloc(region,
633637 return m;
634638 }
635639
636 struct dns_msg*
640 struct dns_msg*
637641 dns_copy_msg(struct dns_msg* from, struct regional* region)
638642 {
639643 struct dns_msg* m = (struct dns_msg*)regional_alloc(region,
649653 return m;
650654 }
651655
652 void
656 void
653657 iter_dns_store(struct module_env* env, struct query_info* msgqinf,
654658 struct reply_info* msgrep, int is_referral, time_t leeway, int pside,
655659 struct regional* region, uint16_t flags)
659663 log_err("out of memory: cannot store data in cache");
660664 }
661665
662 int
666 int
663667 iter_ns_probability(struct ub_randstate* rnd, int n, int m)
664668 {
665669 int sel;
667671 return 1;
668672 /* we do not need secure random numbers here, but
669673 * we do need it to be threadsafe, so we use this */
670 sel = ub_random_max(rnd, m);
674 sel = ub_random_max(rnd, m);
671675 return (sel < n);
672676 }
673677
684688 qinf.local_alias = NULL;
685689 fptr_ok(fptr_whitelist_modenv_detect_cycle(
686690 qstate->env->detect_cycle));
687 return (*qstate->env->detect_cycle)(qstate, &qinf,
691 return (*qstate->env->detect_cycle)(qstate, &qinf,
688692 (uint16_t)(BIT_RD|BIT_CD), qstate->is_priming,
689693 qstate->is_valrec);
690694 }
691695
692 void
696 void
693697 iter_mark_cycle_targets(struct module_qstate* qstate, struct delegpt* dp)
694698 {
695699 struct delegpt_ns* ns;
697701 if(ns->resolved)
698702 continue;
699703 /* see if this ns as target causes dependency cycle */
700 if(causes_cycle(qstate, ns->name, ns->namelen,
704 if(causes_cycle(qstate, ns->name, ns->namelen,
701705 LDNS_RR_TYPE_AAAA, qstate->qinfo.qclass) ||
702 causes_cycle(qstate, ns->name, ns->namelen,
706 causes_cycle(qstate, ns->name, ns->namelen,
703707 LDNS_RR_TYPE_A, qstate->qinfo.qclass)) {
704708 log_nametypeclass(VERB_QUERY, "skipping target due "
705709 "to dependency cycle (harden-glue: no may "
706 "fix some of the cycles)",
707 ns->name, LDNS_RR_TYPE_A,
710 "fix some of the cycles)",
711 ns->name, LDNS_RR_TYPE_A,
708712 qstate->qinfo.qclass);
709713 ns->resolved = 1;
710714 }
711715 }
712716 }
713717
714 void
718 void
715719 iter_mark_pside_cycle_targets(struct module_qstate* qstate, struct delegpt* dp)
716720 {
717721 struct delegpt_ns* ns;
719723 if(ns->done_pside4 && ns->done_pside6)
720724 continue;
721725 /* see if this ns as target causes dependency cycle */
722 if(causes_cycle(qstate, ns->name, ns->namelen,
726 if(causes_cycle(qstate, ns->name, ns->namelen,
723727 LDNS_RR_TYPE_A, qstate->qinfo.qclass)) {
724728 log_nametypeclass(VERB_QUERY, "skipping target due "
725729 "to dependency cycle", ns->name,
726730 LDNS_RR_TYPE_A, qstate->qinfo.qclass);
727731 ns->done_pside4 = 1;
728732 }
729 if(causes_cycle(qstate, ns->name, ns->namelen,
733 if(causes_cycle(qstate, ns->name, ns->namelen,
730734 LDNS_RR_TYPE_AAAA, qstate->qinfo.qclass)) {
731735 log_nametypeclass(VERB_QUERY, "skipping target due "
732736 "to dependency cycle", ns->name,
736740 }
737741 }
738742
739 int
740 iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
743 int
744 iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
741745 struct delegpt* dp)
742746 {
743747 struct delegpt_ns* ns;
756760 /* either available or unused targets */
757761 if(dp->usable_list || dp->result_list)
758762 return 0;
759
763
760764 /* see if query is for one of the nameservers, which is glue */
761765 if( (qinfo->qtype == LDNS_RR_TYPE_A ||
762766 qinfo->qtype == LDNS_RR_TYPE_AAAA) &&
763767 dname_subdomain_c(qinfo->qname, dp->name) &&
764768 delegpt_find_ns(dp, qinfo->qname, qinfo->qname_len))
765769 return 1;
766
770
767771 for(ns = dp->nslist; ns; ns = ns->next) {
768772 if(ns->resolved) /* skip failed targets */
769773 continue;
781785 return 0;
782786 /* a trust anchor exists above the name? */
783787 if((a=anchors_lookup(env->anchors, qinfo->qname, qinfo->qname_len,
784 qinfo->qclass))) {
788 qinfo->qclass))) {
785789 if(a->numDS == 0 && a->numDNSKEY == 0) {
786790 /* insecure trust point */
787791 lock_basic_unlock(&a->lock);
794798 return 0;
795799 }
796800
797 int
801 int
798802 iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
799803 struct dns_msg* msg, uint16_t dclass)
800804 {
838842 return 0;
839843 }
840844
841 int
845 int
842846 iter_msg_has_dnssec(struct dns_msg* msg)
843847 {
844848 size_t i;
871875 * and referral to example.com. NS ... , then origin zone
872876 * is .com. For a referral to sub.example.com. NS ... then
873877 * we do not know, since example.com. may be in between. */
874 for(i=0; i<msg->rep->an_numrrsets+msg->rep->ns_numrrsets;
878 for(i=0; i<msg->rep->an_numrrsets+msg->rep->ns_numrrsets;
875879 i++) {
876880 struct ub_packed_rrset_key* s = msg->rep->rrsets[i];
877881 if(ntohs(s->rk.type) == LDNS_RR_TYPE_NS &&
886890 return 0;
887891 }
888892 log_assert(type==RESPONSE_TYPE_ANSWER || type==RESPONSE_TYPE_CNAME);
889 /* not a referral, and not lame delegation (upwards), so,
893 /* not a referral, and not lame delegation (upwards), so,
890894 * any NS rrset must be from the zone itself */
891895 if(reply_find_rrset_section_an(msg->rep, dp->name, dp->namelen,
892896 LDNS_RR_TYPE_NS, dclass) ||
902906 }
903907
904908 /**
905 * check equality of two rrsets
909 * check equality of two rrsets
906910 * @param k1: rrset
907911 * @param k2: rrset
908912 * @return true if equal
931935 for(i=0; i<t; i++) {
932936 if(d1->rr_len[i] != d2->rr_len[i] ||
933937 /* no ttl check: d1->rr_ttl[i] != d2->rr_ttl[i] ||*/
934 memcmp(d1->rr_data[i], d2->rr_data[i],
938 memcmp(d1->rr_data[i], d2->rr_data[i],
935939 d1->rr_len[i]) != 0)
936940 return 0;
937941 }
962966 return 0;
963967 }
964968
965 int
969 int
966970 reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region)
967971 {
968972 size_t i;
10201024 return 1;
10211025 }
10221026
1023 void
1027 void
10241028 caps_strip_reply(struct reply_info* rep)
10251029 {
10261030 size_t i;
10621066 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN);
10631067 }
10641068
1065 void
1066 iter_store_parentside_rrset(struct module_env* env,
1069 void
1070 iter_store_parentside_rrset(struct module_env* env,
10671071 struct ub_packed_rrset_key* rrset)
10681072 {
10691073 struct rrset_ref ref;
11031107 }
11041108 }
11051109
1106 void iter_store_parentside_neg(struct module_env* env,
1110 void iter_store_parentside_neg(struct module_env* env,
11071111 struct query_info* qinfo, struct reply_info* rep)
11081112 {
11091113 /* TTL: NS from referral in iq->deleg_msg,
11101114 * or first RR from iq->response,
1111 * or servfail5secs if !iq->response */
1115 * or servfail5secs if !iq->response */
11121116 time_t ttl = NORR_TTL;
11131117 struct ub_packed_rrset_key* neg;
11141118 struct packed_rrset_data* newd;
11291133 neg->rk.type = htons(qinfo->qtype);
11301134 neg->rk.rrset_class = htons(qinfo->qclass);
11311135 neg->rk.flags = 0;
1132 neg->rk.dname = regional_alloc_init(env->scratch, qinfo->qname,
1136 neg->rk.dname = regional_alloc_init(env->scratch, qinfo->qname,
11331137 qinfo->qname_len);
11341138 if(!neg->rk.dname) {
11351139 log_err("out of memory in store_parentside_neg");
11371141 }
11381142 neg->rk.dname_len = qinfo->qname_len;
11391143 neg->entry.hash = rrset_key_hash(&neg->rk);
1140 newd = (struct packed_rrset_data*)regional_alloc_zero(env->scratch,
1144 newd = (struct packed_rrset_data*)regional_alloc_zero(env->scratch,
11411145 sizeof(struct packed_rrset_data) + sizeof(size_t) +
11421146 sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t));
11431147 if(!newd) {
11621166 iter_store_parentside_rrset(env, neg);
11631167 }
11641168
1165 int
1169 int
11661170 iter_lookup_parent_NS_from_cache(struct module_env* env, struct delegpt* dp,
11671171 struct regional* region, struct query_info* qinfo)
11681172 {
11691173 struct ub_packed_rrset_key* akey;
1170 akey = rrset_cache_lookup(env->rrset_cache, dp->name,
1171 dp->namelen, LDNS_RR_TYPE_NS, qinfo->qclass,
1174 akey = rrset_cache_lookup(env->rrset_cache, dp->name,
1175 dp->namelen, LDNS_RR_TYPE_NS, qinfo->qclass,
11721176 PACKED_RRSET_PARENT_SIDE, *env->now, 0);
11731177 if(akey) {
11741178 log_rrset_key(VERB_ALGO, "found parent-side NS in cache", akey);
11911195 size_t num = delegpt_count_targets(dp);
11921196 for(ns = dp->nslist; ns; ns = ns->next) {
11931197 /* get cached parentside A */
1194 akey = rrset_cache_lookup(env->rrset_cache, ns->name,
1195 ns->namelen, LDNS_RR_TYPE_A, qinfo->qclass,
1198 akey = rrset_cache_lookup(env->rrset_cache, ns->name,
1199 ns->namelen, LDNS_RR_TYPE_A, qinfo->qclass,
11961200 PACKED_RRSET_PARENT_SIDE, *env->now, 0);
11971201 if(akey) {
11981202 log_rrset_key(VERB_ALGO, "found parent-side", akey);
12031207 lock_rw_unlock(&akey->entry.lock);
12041208 }
12051209 /* get cached parentside AAAA */
1206 akey = rrset_cache_lookup(env->rrset_cache, ns->name,
1207 ns->namelen, LDNS_RR_TYPE_AAAA, qinfo->qclass,
1210 akey = rrset_cache_lookup(env->rrset_cache, ns->name,
1211 ns->namelen, LDNS_RR_TYPE_AAAA, qinfo->qclass,
12081212 PACKED_RRSET_PARENT_SIDE, *env->now, 0);
12091213 if(akey) {
12101214 log_rrset_key(VERB_ALGO, "found parent-side", akey);
12191223 return delegpt_count_targets(dp) != num;
12201224 }
12211225
1222 int
1223 iter_get_next_root(struct iter_hints* hints, struct iter_forwards* fwd,
1226 int
1227 iter_get_next_root(struct iter_hints* hints, struct iter_forwards* fwd,
12241228 uint16_t* c)
12251229 {
12261230 uint16_t c1 = *c, c2 = *c;
12421246 iter_scrub_ds(struct dns_msg* msg, struct ub_packed_rrset_key* ns, uint8_t* z)
12431247 {
12441248 /* Only the DS record for the delegation itself is expected.
1245 * We allow DS for everything between the bailiwick and the
1249 * We allow DS for everything between the bailiwick and the
12461250 * zonecut, thus DS records must be at or above the zonecut.
12471251 * And the DS records must be below the server authority zone.
12481252 * The answer section is already scrubbed. */
12561260 s->rk.dname, ntohs(s->rk.type),
12571261 ntohs(s->rk.rrset_class));
12581262 memmove(msg->rep->rrsets+i, msg->rep->rrsets+i+1,
1259 sizeof(struct ub_packed_rrset_key*) *
1263 sizeof(struct ub_packed_rrset_key*) *
12601264 (msg->rep->rrset_count-i-1));
12611265 msg->rep->ns_numrrsets--;
12621266 msg->rep->rrset_count--;
12801284 msg->rep->an_numrrsets = 0;
12811285 }
12821286
1283 void iter_dec_attempts(struct delegpt* dp, int d)
1287 void iter_dec_attempts(struct delegpt* dp, int d, int outbound_msg_retry)
12841288 {
12851289 struct delegpt_addr* a;
12861290 for(a=dp->target_list; a; a = a->next_target) {
1287 if(a->attempts >= OUTBOUND_MSG_RETRY) {
1291 if(a->attempts >= outbound_msg_retry) {
12881292 /* add back to result list */
12891293 a->next_result = dp->result_list;
12901294 dp->result_list = a;
12951299 }
12961300 }
12971301
1298 void iter_merge_retry_counts(struct delegpt* dp, struct delegpt* old)
1302 void iter_merge_retry_counts(struct delegpt* dp, struct delegpt* old,
1303 int outbound_msg_retry)
12991304 {
13001305 struct delegpt_addr* a, *o, *prev;
13011306 for(a=dp->target_list; a; a = a->next_target) {
13091314 prev = NULL;
13101315 a = dp->usable_list;
13111316 while(a) {
1312 if(a->attempts >= OUTBOUND_MSG_RETRY) {
1317 if(a->attempts >= outbound_msg_retry) {
13131318 log_addr(VERB_ALGO, "remove from usable list dp",
13141319 &a->addr, a->addrlen);
13151320 /* remove from result list */
13891394 }
13901395
13911396 int
1392 iter_stub_fwd_no_cache(struct module_qstate *qstate, struct query_info *qinf)
1397 iter_stub_fwd_no_cache(struct module_qstate *qstate, struct query_info *qinf,
1398 uint8_t** retdpname, size_t* retdpnamelen)
13931399 {
13941400 struct iter_hints_stub *stub;
13951401 struct delegpt *dp;
14181424 dname_str(stub->dp->name, dpname);
14191425 verbose(VERB_ALGO, "stub for %s %s has no_cache", qname, dpname);
14201426 }
1427 if(retdpname) {
1428 *retdpname = stub->dp->name;
1429 *retdpnamelen = stub->dp->namelen;
1430 }
14211431 return (stub->dp->no_cache);
14221432 }
14231433
14301440 dname_str(dp->name, dpname);
14311441 verbose(VERB_ALGO, "forward for %s %s has no_cache", qname, dpname);
14321442 }
1443 if(retdpname) {
1444 *retdpname = dp->name;
1445 *retdpnamelen = dp->namelen;
1446 }
14331447 return (dp->no_cache);
14341448 }
1449 if(retdpname) {
1450 *retdpname = NULL;
1451 *retdpnamelen = 0;
1452 }
14351453 return 0;
14361454 }
1455
1456 void iterator_set_ip46_support(struct module_stack* mods,
1457 struct module_env* env, struct outside_network* outnet)
1458 {
1459 int m = modstack_find(mods, "iterator");
1460 struct iter_env* ie = NULL;
1461 if(m == -1)
1462 return;
1463 ie = (struct iter_env*)env->modinfo[m];
1464 if(outnet->pending == NULL)
1465 return; /* we are in testbound, no rbtree for UDP */
1466 if(outnet->num_ip4 == 0)
1467 ie->supports_ipv4 = 0;
1468 if(outnet->num_ip6 == 0)
1469 ie->supports_ipv6 = 0;
1470 }
+28
-6
iterator/iter_utils.h less more
5858 struct module_qstate;
5959 struct sock_list;
6060 struct ub_packed_rrset_key;
61 struct module_stack;
62 struct outside_network;
6163
6264 /**
6365 * Process config options and set iterator module state.
129131 * can be prefetch-updates.
130132 * @param region: to copy modified (cache is better) rrs back to.
131133 * @param flags: with BIT_CD for dns64 AAAA translated queries.
132 * @return void, because we are not interested in alloc errors,
134 * return void, because we are not interested in alloc errors,
133135 * the iterator and validator can operate on the results in their
134136 * scratch space (the qstate.region) and are not dependent on the cache.
135137 * It is useful to log the alloc failure (for the server operator),
344346 * Remove query attempts from all available ips. For 0x20.
345347 * @param dp: delegpt.
346348 * @param d: decrease.
347 */
348 void iter_dec_attempts(struct delegpt* dp, int d);
349 * @param outbound_msg_retry: number of retries of outgoing queries
350 */
351 void iter_dec_attempts(struct delegpt* dp, int d, int outbound_msg_retry);
349352
350353 /**
351354 * Add retry counts from older delegpt to newer delegpt.
352355 * Does not waste time on timeout'd (or other failing) addresses.
353356 * @param dp: new delegationpoint.
354357 * @param old: old delegationpoint.
355 */
356 void iter_merge_retry_counts(struct delegpt* dp, struct delegpt* old);
358 * @param outbound_msg_retry: number of retries of outgoing queries
359 */
360 void iter_merge_retry_counts(struct delegpt* dp, struct delegpt* old,
361 int outbound_msg_retry);
357362
358363 /**
359364 * See if a DS response (type ANSWER) is too low: a nodata answer with
379384 * Lookup if no_cache is set in stub or fwd.
380385 * @param qstate: query state with env with hints and fwds.
381386 * @param qinf: query name to lookup for.
387 * @param retdpname: returns NULL or the deepest enclosing name of fwd or stub.
388 * This is the name under which the closest lookup is going to happen.
389 * Used for NXDOMAIN checks, above that it is an nxdomain from a
390 * different server and zone. You can pass NULL to not get it.
391 * @param retdpnamelen: returns the length of the dpname.
382392 * @return true if no_cache is set in stub or fwd.
383393 */
384394 int iter_stub_fwd_no_cache(struct module_qstate *qstate,
385 struct query_info *qinf);
395 struct query_info *qinf, uint8_t** retdpname, size_t* retdpnamelen);
396
397 /**
398 * Set support for IP4 and IP6 depending on outgoing interfaces
399 * in the outside network. If none, no support, so no use to lookup
400 * the AAAA and then attempt to use it if there is no outgoing-interface
401 * for it.
402 * @param mods: modstack to find iterator module in.
403 * @param env: module env, find iterator module (if one) in there.
404 * @param outnet: outside network structure.
405 */
406 void iterator_set_ip46_support(struct module_stack* mods,
407 struct module_env* env, struct outside_network* outnet);
386408
387409 #endif /* ITERATOR_ITER_UTILS_H */
+181
-102
iterator/iterator.c less more
584584 return 1;
585585 }
586586
587 /** add response specific error information for log servfail */
588 static void
589 errinf_reply(struct module_qstate* qstate, struct iter_qstate* iq)
590 {
591 if(qstate->env->cfg->val_log_level < 2 && !qstate->env->cfg->log_servfail)
592 return;
593 if((qstate->reply && qstate->reply->addrlen != 0) ||
594 (iq->fail_reply && iq->fail_reply->addrlen != 0)) {
595 char from[256], frm[512];
596 if(qstate->reply && qstate->reply->addrlen != 0)
597 addr_to_str(&qstate->reply->addr, qstate->reply->addrlen,
598 from, sizeof(from));
599 else
600 addr_to_str(&iq->fail_reply->addr, iq->fail_reply->addrlen,
601 from, sizeof(from));
602 snprintf(frm, sizeof(frm), "from %s", from);
603 errinf(qstate, frm);
604 }
605 if(iq->scrub_failures || iq->parse_failures) {
606 if(iq->scrub_failures)
607 errinf(qstate, "upstream response failed scrub");
608 if(iq->parse_failures)
609 errinf(qstate, "could not parse upstream response");
610 } else if(iq->response == NULL && iq->timeout_count != 0) {
611 errinf(qstate, "upstream server timeout");
612 } else if(iq->response == NULL) {
613 errinf(qstate, "no server to query");
614 if(iq->dp) {
615 if(iq->dp->target_list == NULL)
616 errinf(qstate, "no addresses for nameservers");
617 else errinf(qstate, "nameserver addresses not usable");
618 if(iq->dp->nslist == NULL)
619 errinf(qstate, "have no nameserver names");
620 if(iq->dp->bogus)
621 errinf(qstate, "NS record was dnssec bogus");
622 }
623 }
624 if(iq->response && iq->response->rep) {
625 if(FLAGS_GET_RCODE(iq->response->rep->flags) != 0) {
626 char rcode[256], rc[32];
627 (void)sldns_wire2str_rcode_buf(
628 FLAGS_GET_RCODE(iq->response->rep->flags),
629 rc, sizeof(rc));
630 snprintf(rcode, sizeof(rcode), "got %s", rc);
631 errinf(qstate, rcode);
632 } else {
633 /* rcode NOERROR */
634 if(iq->response->rep->an_numrrsets == 0) {
635 errinf(qstate, "nodata answer");
636 }
637 }
638 }
639 }
640
587641 /** see if last resort is possible - does config allow queries to parent */
588642 static int
589643 can_have_last_resort(struct module_env* env, uint8_t* nm, size_t nmlen,
12271281 processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
12281282 struct iter_env* ie, int id)
12291283 {
1230 uint8_t* delname;
1231 size_t delnamelen;
1284 uint8_t* delname, *dpname=NULL;
1285 size_t delnamelen, dpnamelen=0;
12321286 struct dns_msg* msg = NULL;
12331287
12341288 log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo);
12821336 /* This either results in a query restart (CNAME cache response), a
12831337 * terminating response (ANSWER), or a cache miss (null). */
12841338
1285 if (iter_stub_fwd_no_cache(qstate, &iq->qchase)) {
1339 if (iter_stub_fwd_no_cache(qstate, &iq->qchase, &dpname, &dpnamelen)) {
12861340 /* Asked to not query cache. */
12871341 verbose(VERB_ALGO, "no-cache set, going to the network");
12881342 qstate->no_cache_lookup = 1;
12971351 msg = dns_cache_lookup(qstate->env, iq->qchase.qname,
12981352 iq->qchase.qname_len, iq->qchase.qtype,
12991353 iq->qchase.qclass, qstate->query_flags,
1300 qstate->region, qstate->env->scratch, 0);
1354 qstate->region, qstate->env->scratch, 0, dpname,
1355 dpnamelen);
13011356 if(!msg && qstate->env->neg_cache &&
13021357 iter_qname_indicates_dnssec(qstate->env, &iq->qchase)) {
13031358 /* lookup in negative cache; may result in
14771532 if(!iq->ratelimit_ok && qstate->prefetch_leeway)
14781533 iq->ratelimit_ok = 1; /* allow prefetches, this keeps
14791534 otherwise valid data in the cache */
1480 if(!iq->ratelimit_ok && infra_ratelimit_exceeded(
1481 qstate->env->infra_cache, iq->dp->name,
1482 iq->dp->namelen, *qstate->env->now)) {
1483 /* and increment the rate, so that the rate for time
1484 * now will also exceed the rate, keeping cache fresh */
1485 (void)infra_ratelimit_inc(qstate->env->infra_cache,
1486 iq->dp->name, iq->dp->namelen,
1487 *qstate->env->now, &qstate->qinfo,
1488 qstate->reply);
1489 /* see if we are passed through with slip factor */
1490 if(qstate->env->cfg->ratelimit_factor != 0 &&
1491 ub_random_max(qstate->env->rnd,
1492 qstate->env->cfg->ratelimit_factor) == 1) {
1493 iq->ratelimit_ok = 1;
1494 log_nametypeclass(VERB_ALGO, "ratelimit allowed through for "
1495 "delegation point", iq->dp->name,
1496 LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN);
1497 } else {
1498 lock_basic_lock(&ie->queries_ratelimit_lock);
1499 ie->num_queries_ratelimited++;
1500 lock_basic_unlock(&ie->queries_ratelimit_lock);
1501 log_nametypeclass(VERB_ALGO, "ratelimit exceeded with "
1502 "delegation point", iq->dp->name,
1503 LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN);
1504 qstate->was_ratelimited = 1;
1505 errinf(qstate, "query was ratelimited");
1506 errinf_dname(qstate, "for zone", iq->dp->name);
1507 return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
1508 }
1509 }
15101535
15111536 /* see if this dp not useless.
15121537 * It is useless if:
19201945 * of a response. */
19211946 errinf(qstate, "all the configured stub or forward servers failed,");
19221947 errinf_dname(qstate, "at zone", iq->dp->name);
1948 errinf_reply(qstate, iq);
19231949 verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL");
19241950 return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
19251951 }
19311957 iq->chase_flags &= ~BIT_RD; /* go to authorities */
19321958 for(ns = p->nslist; ns; ns=ns->next) {
19331959 (void)delegpt_add_ns(iq->dp, qstate->region,
1934 ns->name, ns->lame);
1960 ns->name, ns->lame, ns->tls_auth_name,
1961 ns->port);
19351962 }
19361963 for(a = p->target_list; a; a=a->next_target) {
19371964 (void)delegpt_add_addr(iq->dp, qstate->region,
19381965 &a->addr, a->addrlen, a->bogus,
1939 a->lame, a->tls_auth_name, NULL);
1966 a->lame, a->tls_auth_name, -1, NULL);
19401967 }
19411968 }
19421969 iq->dp->has_parent_side_NS = 1;
20662093
20672094 errinf(qstate, "all servers for this domain failed,");
20682095 errinf_dname(qstate, "at zone", iq->dp->name);
2096 errinf_reply(qstate, iq);
20692097 verbose(VERB_QUERY, "out of query targets -- returning SERVFAIL");
20702098 /* fail -- no more targets, no more hope of targets, no hope
20712099 * of a response. */
21532181 int auth_fallback = 0;
21542182 uint8_t* qout_orig = NULL;
21552183 size_t qout_orig_len = 0;
2156
2157 /* NOTE: a request will encounter this state for each target it
2158 * needs to send a query to. That is, at least one per referral,
2184 int sq_check_ratelimit = 1;
2185 int sq_was_ratelimited = 0;
2186
2187 /* NOTE: a request will encounter this state for each target it
2188 * needs to send a query to. That is, at least one per referral,
21592189 * more if some targets timeout or return throwaway answers. */
21602190
21612191 log_query_info(VERB_QUERY, "processQueryTargets:", &qstate->qinfo);
22402270 iq->minimise_count++;
22412271 iq->timeout_count = 0;
22422272
2243 iter_dec_attempts(iq->dp, 1);
2273 iter_dec_attempts(iq->dp, 1, ie->outbound_msg_retry);
22442274
22452275 /* Limit number of iterations for QNAMEs with more
22462276 * than MAX_MINIMISE_COUNT labels. Send first MINIMISE_ONE_LAB
22872317 iq->qinfo_out.qname, iq->qinfo_out.qname_len,
22882318 iq->qinfo_out.qtype, iq->qinfo_out.qclass,
22892319 qstate->query_flags, qstate->region,
2290 qstate->env->scratch, 0);
2320 qstate->env->scratch, 0, iq->dp->name,
2321 iq->dp->namelen);
22912322 if(msg && FLAGS_GET_RCODE(msg->rep->flags) ==
22922323 LDNS_RCODE_NOERROR)
22932324 /* no need to send query if it is already
24412472 (int)iq->caps_server+1, (int)naddr*3);
24422473 iq->response = iq->caps_response;
24432474 iq->caps_fallback = 0;
2444 iter_dec_attempts(iq->dp, 3); /* space for fallback */
2475 iter_dec_attempts(iq->dp, 3, ie->outbound_msg_retry); /* space for fallback */
24452476 iq->num_current_queries++; /* RespState decrements it*/
24462477 iq->referral_count++; /* make sure we don't loop */
24472478 iq->sent_count = 0;
24692500
24702501 /* Add the current set of unused targets to our queue. */
24712502 delegpt_add_unused_targets(iq->dp);
2503
2504 if(qstate->env->auth_zones) {
2505 /* apply rpz triggers at query time */
2506 struct dns_msg* forged_response = rpz_callback_from_iterator_module(qstate, iq);
2507 if(forged_response != NULL) {
2508 qstate->ext_state[id] = module_finished;
2509 qstate->return_rcode = LDNS_RCODE_NOERROR;
2510 qstate->return_msg = forged_response;
2511 iq->response = forged_response;
2512 next_state(iq, FINISHED_STATE);
2513 if(!iter_prepend(iq, qstate->return_msg, qstate->region)) {
2514 log_err("rpz, prepend rrsets: out of memory");
2515 return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
2516 }
2517 return 0;
2518 }
2519 }
24722520
24732521 /* Select the next usable target, filtering out unsuitable targets. */
24742522 target = iter_server_selection(ie, qstate->env, iq->dp,
25292577 (int)iq->caps_server+1);
25302578 iq->response = iq->caps_response;
25312579 iq->caps_fallback = 0;
2532 iter_dec_attempts(iq->dp, 3); /* space for fallback */
2580 iter_dec_attempts(iq->dp, 3, ie->outbound_msg_retry); /* space for fallback */
25332581 iq->num_current_queries++; /* RespState decrements it*/
25342582 iq->referral_count++; /* make sure we don't loop */
25352583 iq->sent_count = 0;
25702618 return 0;
25712619 }
25722620
2573 /* if not forwarding, check ratelimits per delegationpoint name */
2574 if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) {
2575 if(!infra_ratelimit_inc(qstate->env->infra_cache, iq->dp->name,
2576 iq->dp->namelen, *qstate->env->now, &qstate->qinfo,
2577 qstate->reply)) {
2621 /* Do not check ratelimit for forwarding queries or if we already got a
2622 * pass. */
2623 sq_check_ratelimit = (!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok);
2624 /* We have a valid target. */
2625 if(verbosity >= VERB_QUERY) {
2626 log_query_info(VERB_QUERY, "sending query:", &iq->qinfo_out);
2627 log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name,
2628 &target->addr, target->addrlen);
2629 verbose(VERB_ALGO, "dnssec status: %s%s",
2630 iq->dnssec_expected?"expected": "not expected",
2631 iq->dnssec_lame_query?" but lame_query anyway": "");
2632 }
2633 fptr_ok(fptr_whitelist_modenv_send_query(qstate->env->send_query));
2634 outq = (*qstate->env->send_query)(&iq->qinfo_out,
2635 iq->chase_flags | (iq->chase_to_rd?BIT_RD:0),
2636 /* unset CD if to forwarder(RD set) and not dnssec retry
2637 * (blacklist nonempty) and no trust-anchors are configured
2638 * above the qname or on the first attempt when dnssec is on */
2639 EDNS_DO| ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&&
2640 !qstate->blacklist&&(!iter_qname_indicates_dnssec(qstate->env,
2641 &iq->qinfo_out)||target->attempts==1)?0:BIT_CD),
2642 iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted(
2643 ie, iq), sq_check_ratelimit, &target->addr, target->addrlen,
2644 iq->dp->name, iq->dp->namelen,
2645 (iq->dp->tcp_upstream || qstate->env->cfg->tcp_upstream),
2646 (iq->dp->ssl_upstream || qstate->env->cfg->ssl_upstream),
2647 target->tls_auth_name, qstate, &sq_was_ratelimited);
2648 if(!outq) {
2649 if(sq_was_ratelimited) {
25782650 lock_basic_lock(&ie->queries_ratelimit_lock);
25792651 ie->num_queries_ratelimited++;
25802652 lock_basic_unlock(&ie->queries_ratelimit_lock);
25842656 iq->dp->name);
25852657 return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
25862658 }
2587 }
2588
2589 /* We have a valid target. */
2590 if(verbosity >= VERB_QUERY) {
2591 log_query_info(VERB_QUERY, "sending query:", &iq->qinfo_out);
2592 log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name,
2659 log_addr(VERB_QUERY, "error sending query to auth server",
25932660 &target->addr, target->addrlen);
2594 verbose(VERB_ALGO, "dnssec status: %s%s",
2595 iq->dnssec_expected?"expected": "not expected",
2596 iq->dnssec_lame_query?" but lame_query anyway": "");
2597 }
2598 fptr_ok(fptr_whitelist_modenv_send_query(qstate->env->send_query));
2599 outq = (*qstate->env->send_query)(&iq->qinfo_out,
2600 iq->chase_flags | (iq->chase_to_rd?BIT_RD:0),
2601 /* unset CD if to forwarder(RD set) and not dnssec retry
2602 * (blacklist nonempty) and no trust-anchors are configured
2603 * above the qname or on the first attempt when dnssec is on */
2604 EDNS_DO| ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&&
2605 !qstate->blacklist&&(!iter_qname_indicates_dnssec(qstate->env,
2606 &iq->qinfo_out)||target->attempts==1)?0:BIT_CD),
2607 iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted(
2608 ie, iq), &target->addr, target->addrlen,
2609 iq->dp->name, iq->dp->namelen,
2610 (iq->dp->ssl_upstream || qstate->env->cfg->ssl_upstream),
2611 target->tls_auth_name, qstate);
2612 if(!outq) {
2613 log_addr(VERB_DETAIL, "error sending query to auth server",
2614 &target->addr, target->addrlen);
2615 if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok)
2616 infra_ratelimit_dec(qstate->env->infra_cache, iq->dp->name,
2617 iq->dp->namelen, *qstate->env->now);
26182661 if(qstate->env->cfg->qname_minimisation)
26192662 iq->minimisation_state = SKIP_MINIMISE_STATE;
26202663 return next_state(iq, QUERYTARGETS_STATE);
26482691 *
26492692 * @param qstate: query state.
26502693 * @param iq: iterator query state.
2694 * @param ie: iterator shared global environment.
26512695 * @param id: module id.
26522696 * @return true if the event requires more immediate processing, false if
26532697 * not. This is generally only true when forwarding the request to
26552699 */
26562700 static int
26572701 processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
2658 int id)
2702 struct iter_env* ie, int id)
26592703 {
26602704 int dnsseclame = 0;
26612705 enum response_type type;
2706
26622707 iq->num_current_queries--;
26632708
26642709 if(!inplace_cb_query_response_call(qstate->env, qstate, iq->response))
28562901 * delegation point, and back to the QUERYTARGETS_STATE. */
28572902 verbose(VERB_DETAIL, "query response was REFERRAL");
28582903
2859 if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) {
2860 /* we have a referral, no ratelimit, we can send
2861 * our queries to the given name */
2862 infra_ratelimit_dec(qstate->env->infra_cache,
2863 iq->dp->name, iq->dp->namelen,
2864 *qstate->env->now);
2865 }
2866
28672904 /* if hardened, only store referral if we asked for it */
28682905 if(!qstate->no_cache_store &&
28692906 (!qstate->env->cfg->harden_referral_path ||
29242961 }
29252962 if(iq->store_parent_NS && query_dname_compare(iq->dp->name,
29262963 iq->store_parent_NS->name) == 0)
2927 iter_merge_retry_counts(iq->dp, iq->store_parent_NS);
2964 iter_merge_retry_counts(iq->dp, iq->store_parent_NS,
2965 ie->outbound_msg_retry);
29282966 delegpt_log(VERB_ALGO, iq->dp);
29292967 /* Count this as a referral. */
29302968 iq->referral_count++;
29562994 qstate->env->detach_subs));
29572995 (*qstate->env->detach_subs)(qstate);
29582996 iq->num_target_queries = 0;
2997 iq->response = NULL;
2998 iq->fail_reply = NULL;
29592999 verbose(VERB_ALGO, "cleared outbound list for next round");
29603000 return next_state(iq, QUERYTARGETS_STATE);
29613001 } else if(type == RESPONSE_TYPE_CNAME) {
30003040 /* set the current request's qname to the new value. */
30013041 iq->qchase.qname = sname;
30023042 iq->qchase.qname_len = snamelen;
3043 if(qstate->env->auth_zones) {
3044 /* apply rpz qname triggers after cname */
3045 struct dns_msg* forged_response =
3046 rpz_callback_from_iterator_cname(qstate, iq);
3047 while(forged_response && reply_find_rrset_section_an(
3048 forged_response->rep, iq->qchase.qname,
3049 iq->qchase.qname_len, LDNS_RR_TYPE_CNAME,
3050 iq->qchase.qclass)) {
3051 /* another cname to follow */
3052 if(!handle_cname_response(qstate, iq, forged_response,
3053 &sname, &snamelen)) {
3054 errinf(qstate, "malloc failure, CNAME info");
3055 return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
3056 }
3057 iq->qchase.qname = sname;
3058 iq->qchase.qname_len = snamelen;
3059 forged_response =
3060 rpz_callback_from_iterator_cname(qstate, iq);
3061 }
3062 if(forged_response != NULL) {
3063 qstate->ext_state[id] = module_finished;
3064 qstate->return_rcode = LDNS_RCODE_NOERROR;
3065 qstate->return_msg = forged_response;
3066 iq->response = forged_response;
3067 next_state(iq, FINISHED_STATE);
3068 if(!iter_prepend(iq, qstate->return_msg, qstate->region)) {
3069 log_err("rpz after cname, prepend rrsets: out of memory");
3070 return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
3071 }
3072 qstate->return_msg->qinfo = qstate->qinfo;
3073 return 0;
3074 }
3075 }
30033076 /* Clear the query state, since this is a query restart. */
30043077 iq->deleg_msg = NULL;
30053078 iq->dp = NULL;
31273200 /* Convert our response to a delegation point */
31283201 dp = delegpt_from_message(qstate->return_msg, forq->region);
31293202 if(!dp) {
3130 /* if there is no convertable delegation point, then
3203 /* if there is no convertible delegation point, then
31313204 * the ANSWER type was (presumably) a negative answer. */
31323205 verbose(VERB_ALGO, "prime response was not a positive "
31333206 "ANSWER; failing");
32693342 log_err("out of memory adding pside glue");
32703343 }
32713344
3272 /* This response is relevant to the current query, so we
3273 * add (attempt to add, anyway) this target(s) and reactivate
3274 * the original event.
3275 * NOTE: we could only look for the AnswerRRset if the
3345 /* This response is relevant to the current query, so we
3346 * add (attempt to add, anyway) this target(s) and reactivate
3347 * the original event.
3348 * NOTE: we could only look for the AnswerRRset if the
32763349 * response type was ANSWER. */
32773350 rrset = reply_find_answer_rrset(&iq->qchase, qstate->return_msg->rep);
32783351 if(rrset) {
32793352 int additions = 0;
32803353 /* if CNAMEs have been followed - add new NS to delegpt. */
32813354 /* BTW. RFC 1918 says NS should not have got CNAMEs. Robust. */
3282 if(!delegpt_find_ns(foriq->dp, rrset->rk.dname,
3355 if(!delegpt_find_ns(foriq->dp, rrset->rk.dname,
32833356 rrset->rk.dname_len)) {
32843357 /* if dpns->lame then set newcname ns lame too */
3285 if(!delegpt_add_ns(foriq->dp, forq->region,
3286 rrset->rk.dname, dpns->lame))
3358 if(!delegpt_add_ns(foriq->dp, forq->region,
3359 rrset->rk.dname, dpns->lame, dpns->tls_auth_name,
3360 dpns->port))
32873361 log_err("out of memory adding cnamed-ns");
32883362 }
32893363 /* if dpns->lame then set the address(es) lame too */
36333707 cont = processQueryTargets(qstate, iq, ie, id);
36343708 break;
36353709 case QUERY_RESP_STATE:
3636 cont = processQueryResponse(qstate, iq, id);
3710 cont = processQueryResponse(qstate, iq, ie, id);
36373711 break;
36383712 case PRIME_RESP_STATE:
36393713 cont = processPrimeResponse(qstate, id);
37033777 iq->num_current_queries--;
37043778 /* need fresh attempts for the 0x20 fallback, if
37053779 * that was the cause for the failure */
3706 iter_dec_attempts(iq->dp, 3);
3780 iter_dec_attempts(iq->dp, 3, ie->outbound_msg_retry);
37073781 verbose(VERB_DETAIL, "Capsforid: timeouts, starting fallback");
37083782 goto handle_it;
37093783 }
37193793 }
37203794
37213795 /* parse message */
3796 iq->fail_reply = qstate->reply;
37223797 prs = (struct msg_parse*)regional_alloc(qstate->env->scratch,
37233798 sizeof(struct msg_parse));
37243799 if(!prs) {
37323807 sldns_buffer_set_position(pkt, 0);
37333808 if(parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) {
37343809 verbose(VERB_ALGO, "parse error on reply packet");
3810 iq->parse_failures++;
37353811 goto handle_it;
37363812 }
37373813 /* edns is not examined, but removed from message to help cache */
3738 if(parse_extract_edns(prs, &edns, qstate->env->scratch) !=
3739 LDNS_RCODE_NOERROR)
3814 if(parse_extract_edns_from_response_msg(prs, &edns, qstate->env->scratch) !=
3815 LDNS_RCODE_NOERROR) {
3816 iq->parse_failures++;
37403817 goto handle_it;
3818 }
37413819
37423820 /* Copy the edns options we may got from the back end */
3743 if(edns.opt_list) {
3744 qstate->edns_opts_back_in = edns_opt_copy_region(edns.opt_list,
3821 if(edns.opt_list_in) {
3822 qstate->edns_opts_back_in = edns_opt_copy_region(edns.opt_list_in,
37453823 qstate->region);
37463824 if(!qstate->edns_opts_back_in) {
37473825 log_err("out of memory on incoming message");
37713849 iq->num_current_queries--;
37723850 verbose(VERB_DETAIL, "Capsforid: scrub failed, starting fallback with no response");
37733851 }
3852 iq->scrub_failures++;
37743853 goto handle_it;
37753854 }
37763855
+12
-5
iterator/iterator.h less more
6060 * its subqueries */
6161 #define MAX_TARGET_NX 5
6262 /** max number of query restarts. Determines max number of CNAME chain. */
63 #define MAX_RESTART_COUNT 8
63 #define MAX_RESTART_COUNT 11
6464 /** max number of referrals. Makes sure resolver does not run away */
6565 #define MAX_REFERRAL_COUNT 130
6666 /** max number of queries-sent-out. Make sure large NS set does not loop */
7979 /**
8080 * number of labels from QNAME that are always send individually when using
8181 * QNAME minimisation, even when the number of labels of the QNAME is bigger
82 * tham MAX_MINIMISE_COUNT */
82 * than MAX_MINIMISE_COUNT */
8383 #define MINIMISE_ONE_LAB 4
8484 #define MINIMISE_MULTIPLE_LABS (MAX_MINIMISE_COUNT - MINIMISE_ONE_LAB)
8585 /** at what query-sent-count to stop target fetch policy */
9393 * Equals RTT_MAX_TIMEOUT
9494 */
9595 #define USEFUL_SERVER_TOP_TIMEOUT 120000
96 /** number of retries on outgoing queries */
97 #define OUTBOUND_MSG_RETRY 5
9896 /** RTT band, within this amount from the best, servers are chosen randomly.
9997 * Chosen so that the UNKNOWN_SERVER_NICENESS falls within the band of a
10098 * fast server, this causes server exploration as a side benefit. msec. */
138136 lock_basic_type queries_ratelimit_lock;
139137 /** number of queries that have been ratelimited */
140138 size_t num_queries_ratelimited;
139
140 /** number of retries on outgoing queries */
141 int outbound_msg_retry;
141142 };
142143
143144 /**
377378 /** list of pending queries to authoritative servers. */
378379 struct outbound_list outlist;
379380
380 /** QNAME minimisation state, RFC7816 */
381 /** QNAME minimisation state, RFC9156 */
381382 enum minimisation_state minimisation_state;
382383
383384 /** State for capsfail: QNAME minimisation state for comparisons. */
405406 int auth_zone_response;
406407 /** True if the auth_zones should not be consulted for the query */
407408 int auth_zone_avoid;
409 /** true if there have been scrubbing failures of reply packets */
410 int scrub_failures;
411 /** true if there have been parse failures of reply packets */
412 int parse_failures;
413 /** a failure printout address for last received answer */
414 struct comm_reply* fail_reply;
408415 };
409416
410417 /**
+5
-1
libunbound/context.c less more
4747 #include "services/cache/rrset.h"
4848 #include "services/cache/infra.h"
4949 #include "services/authzone.h"
50 #include "services/listen_dnsport.h"
5051 #include "util/data/msgreply.h"
5152 #include "util/storage/slabhash.h"
5253 #include "util/edns.h"
6869 } else {
6970 log_init(cfg->logfile, cfg->use_syslog, NULL);
7071 }
72 cfg_apply_local_port_policy(cfg, 65536);
7173 config_apply(cfg);
7274 if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
7375 return UB_INITFAIL;
76 listen_setup_locks();
7477 log_edns_known_options(VERB_ALGO, ctx->env);
7578 ctx->local_zones = local_zones_create();
7679 if(!ctx->local_zones)
7780 return UB_NOMEM;
7881 if(!local_zones_apply_cfg(ctx->local_zones, cfg))
7982 return UB_INITFAIL;
80 if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz))
83 if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz,
84 ctx->env, &ctx->mods))
8185 return UB_INITFAIL;
8286 if(!edns_strings_apply_cfg(ctx->env->edns_strings, cfg))
8387 return UB_INITFAIL;
+0
-29
libunbound/context.h less more
176176 };
177177
178178 /**
179 * The error constants
180 */
181 enum ub_ctx_err {
182 /** no error */
183 UB_NOERROR = 0,
184 /** socket operation. Set to -1, so that if an error from _fd() is
185 * passed (-1) it gives a socket error. */
186 UB_SOCKET = -1,
187 /** alloc failure */
188 UB_NOMEM = -2,
189 /** syntax error */
190 UB_SYNTAX = -3,
191 /** DNS service failed */
192 UB_SERVFAIL = -4,
193 /** fork() failed */
194 UB_FORKFAIL = -5,
195 /** cfg change after finalize() */
196 UB_AFTERFINAL = -6,
197 /** initialization failed (bad settings) */
198 UB_INITFAIL = -7,
199 /** error in pipe communication with async bg worker */
200 UB_PIPE = -8,
201 /** error reading from file (resolv.conf) */
202 UB_READFILE = -9,
203 /** error async_id does not exist or result already been delivered */
204 UB_NOID = -10
205 };
206
207 /**
208179 * Command codes for libunbound pipe.
209180 *
210181 * Serialization looks like this:
+4
-0
libunbound/libunbound.c less more
6363 #include "services/cache/infra.h"
6464 #include "services/cache/rrset.h"
6565 #include "services/authzone.h"
66 #include "services/listen_dnsport.h"
6667 #include "sldns/sbuffer.h"
6768 #ifdef HAVE_PTHREAD
6869 #include <signal.h>
184185 ub_randfree(ctx->seed_rnd);
185186 config_delete(ctx->env->cfg);
186187 modstack_desetup(&ctx->mods, ctx->env);
188 listen_desetup_locks();
187189 edns_known_options_delete(ctx->env);
188190 edns_strings_delete(ctx->env->edns_strings);
189191 free(ctx->env);
197199 ub_randfree(ctx->seed_rnd);
198200 config_delete(ctx->env->cfg);
199201 modstack_desetup(&ctx->mods, ctx->env);
202 listen_desetup_locks();
200203 edns_known_options_delete(ctx->env);
201204 edns_strings_delete(ctx->env->edns_strings);
202205 free(ctx->env);
343346 }
344347 ub_randfree(ctx->seed_rnd);
345348 alloc_clear(&ctx->superalloc);
349 listen_desetup_locks();
346350 traverse_postorder(&ctx->queries, delq, NULL);
347351 if(ctx_logfile_overridden) {
348352 log_file(NULL);
+40
-48
libunbound/libworker.c less more
240240 ports, numports, cfg->unwanted_threshold,
241241 cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,
242242 cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
243 cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect);
243 cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect,
244 cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout,
245 cfg->tcp_auth_query_timeout);
244246 w->env->outnet = w->back;
245247 if(!w->is_bg || w->is_bg_thread) {
246248 lock_basic_unlock(&ctx->cfglock);
453455 if(rep->rrset_count != 0)
454456 res->ttl = (int)rep->ttl;
455457 res->data = (char**)calloc(1, sizeof(char*));
458 if(!res->data)
459 return 0; /* out of memory */
456460 res->len = (int*)calloc(1, sizeof(int));
457 return (res->data && res->len);
461 if(!res->len) {
462 free(res->data);
463 res->data = NULL;
464 return 0; /* out of memory */
465 }
466 return 1;
458467 }
459468 data = (struct packed_rrset_data*)answer->entry.data;
460469 if(query_dname_compare(rq->qname, answer->rk.dname) != 0) {
462471 return 0; /* out of memory */
463472 } else res->canonname = NULL;
464473 res->data = (char**)calloc(data->count+1, sizeof(char*));
474 if(!res->data)
475 return 0; /* out of memory */
465476 res->len = (int*)calloc(data->count+1, sizeof(int));
466 if(!res->data || !res->len)
477 if(!res->len) {
478 free(res->data);
479 res->data = NULL;
467480 return 0; /* out of memory */
481 }
468482 for(i=0; i<data->count; i++) {
469483 /* remove rdlength from rdata */
470484 res->len[i] = (int)(data->rr_len[i] - 2);
471485 res->data[i] = memdup(data->rr_data[i]+2, (size_t)res->len[i]);
472 if(!res->data[i])
486 if(!res->data[i]) {
487 size_t j;
488 for(j=0; j<i; j++) {
489 free(res->data[j]);
490 res->data[j] = NULL;
491 }
492 free(res->data);
493 res->data = NULL;
494 free(res->len);
495 res->len = NULL;
473496 return 0; /* out of memory */
497 }
474498 }
475499 /* ttl for positive answers, from CNAME and answer RRs */
476500 if(data->count != 0) {
575599 edns->ext_rcode = 0;
576600 edns->edns_version = 0;
577601 edns->bits = EDNS_DO;
578 edns->opt_list = NULL;
602 edns->opt_list_in = NULL;
603 edns->opt_list_out = NULL;
604 edns->opt_list_inplace_cb_out = NULL;
579605 edns->padding_block_size = 0;
580606 if(sldns_buffer_capacity(w->back->udp_buff) < 65535)
581607 edns->udp_size = (uint16_t)sldns_buffer_capacity(
855881
856882 struct outbound_entry* libworker_send_query(struct query_info* qinfo,
857883 uint16_t flags, int dnssec, int want_dnssec, int nocaps,
884 int check_ratelimit,
858885 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
859 size_t zonelen, int ssl_upstream, char* tls_auth_name,
860 struct module_qstate* q)
886 size_t zonelen, int tcp_upstream, int ssl_upstream, char* tls_auth_name,
887 struct module_qstate* q, int* was_ratelimited)
861888 {
862889 struct libworker* w = (struct libworker*)q->env->worker;
863890 struct outbound_entry* e = (struct outbound_entry*)regional_alloc(
866893 return NULL;
867894 e->qstate = q;
868895 e->qsent = outnet_serviced_query(w->back, qinfo, flags, dnssec,
869 want_dnssec, nocaps, q->env->cfg->tcp_upstream, ssl_upstream,
896 want_dnssec, nocaps, check_ratelimit, tcp_upstream, ssl_upstream,
870897 tls_auth_name, addr, addrlen, zone, zonelen, q,
871 libworker_handle_service_reply, e, w->back->udp_buff, q->env);
898 libworker_handle_service_reply, e, w->back->udp_buff, q->env,
899 was_ratelimited);
872900 if(!e->qsent) {
873901 return NULL;
874902 }
875903 return e;
876 }
877
878 int
879 libworker_handle_reply(struct comm_point* c, void* arg, int error,
880 struct comm_reply* reply_info)
881 {
882 struct module_qstate* q = (struct module_qstate*)arg;
883 struct libworker* lw = (struct libworker*)q->env->worker;
884 struct outbound_entry e;
885 e.qstate = q;
886 e.qsent = NULL;
887
888 if(error != 0) {
889 mesh_report_reply(lw->env->mesh, &e, reply_info, error);
890 return 0;
891 }
892 /* sanity check. */
893 if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer))
894 || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) !=
895 LDNS_PACKET_QUERY
896 || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) {
897 /* error becomes timeout for the module as if this reply
898 * never arrived. */
899 mesh_report_reply(lw->env->mesh, &e, reply_info,
900 NETEVENT_TIMEOUT);
901 return 0;
902 }
903 mesh_report_reply(lw->env->mesh, &e, reply_info, NETEVENT_NOERROR);
904 return 0;
905904 }
906905
907906 int
946945 return 0;
947946 }
948947
949 int worker_handle_reply(struct comm_point* ATTR_UNUSED(c),
950 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
951 struct comm_reply* ATTR_UNUSED(reply_info))
952 {
953 log_assert(0);
954 return 0;
955 }
956
957948 int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c),
958949 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
959950 struct comm_reply* ATTR_UNUSED(reply_info))
986977 struct outbound_entry* worker_send_query(struct query_info* ATTR_UNUSED(qinfo),
987978 uint16_t ATTR_UNUSED(flags), int ATTR_UNUSED(dnssec),
988979 int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps),
980 int ATTR_UNUSED(check_ratelimit),
989981 struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen),
990 uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen),
982 uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream),
991983 int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name),
992 struct module_qstate* ATTR_UNUSED(q))
984 struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited))
993985 {
994986 log_assert(0);
995987 return 0;
+1
-1
libunbound/python/doc/examples/example4.rst less more
3030 else:
3131 print "Result is insecure"
3232
33 More detailed informations can be seen in libUnbound DNSSEC tutorial `here`_.
33 More detailed information can be seen in libUnbound DNSSEC tutorial `here`_.
3434
3535 .. _here: http://www.unbound.net/documentation/libunbound-tutorial-6.html
+9
-1
libunbound/python/libunbound.i less more
362362 ctx.debuglevel(3)
363363 ctx.debugout(fw)
364364
365 Another option is to print the debug informations to stderr output
365 Another option is to print the debug information to stderr output
366366
367367 ::
368368
915915 struct cb_data* id;
916916 id = (struct cb_data*) iddata;
917917 arglist = Py_BuildValue("(OiO)",id->data,status, SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_ub_result, 0 | 0 )); // Build argument list
918 #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9)
919 /* for python before 3.9 */
918920 fresult = PyEval_CallObject(id->func,arglist); // Call Python
921 #else
922 /* for python 3.9 and newer */
923 fresult = PyObject_Call(id->func,arglist,NULL);
924 #endif
919925 Py_DECREF(id->func);
920926 Py_DECREF(id->data);
921927 free(id);
929935 int r;
930936 struct cb_data* id;
931937 id = (struct cb_data*) malloc(sizeof(struct cb_data));
938 if(!id)
939 return -2; /* UB_NOMEM */
932940 id->data = mydata;
933941 id->func = pyfunc;
934942
+1
-1
libunbound/unbound-event.h less more
4040 *
4141 * Use ub_ctx_create_event_ub_base() to create an unbound context that uses
4242 * the user provided event base API. Then, use the ub_resolve_event call
43 * to add DNS resolve queries to the context. Those then run whith the
43 * to add DNS resolve queries to the context. Those then run with the
4444 * provided event_base, and when they are done you get a function callback.
4545 *
4646 * This method does not fork another process or create a thread, the effort
+31
-1
libunbound/unbound.h less more
223223 * It is called with
224224 * void* my_arg: your pointer to a (struct of) data of your choice,
225225 * or NULL.
226 * int err: if 0 all is OK, otherwise an error occured and no results
226 * int err: if 0 all is OK, otherwise an error occurred and no results
227227 * are forthcoming.
228228 * struct result: pointer to more detailed result structure.
229229 * This structure is allocated on the heap and needs to be
230230 * freed with ub_resolve_free(result);
231231 */
232232 typedef void (*ub_callback_type)(void*, int, struct ub_result*);
233
234 /**
235 * The error constants
236 */
237 enum ub_ctx_err {
238 /** no error */
239 UB_NOERROR = 0,
240 /** socket operation. Set to -1, so that if an error from _fd() is
241 * passed (-1) it gives a socket error. */
242 UB_SOCKET = -1,
243 /** alloc failure */
244 UB_NOMEM = -2,
245 /** syntax error */
246 UB_SYNTAX = -3,
247 /** DNS service failed */
248 UB_SERVFAIL = -4,
249 /** fork() failed */
250 UB_FORKFAIL = -5,
251 /** cfg change after finalize() */
252 UB_AFTERFINAL = -6,
253 /** initialization failed (bad settings) */
254 UB_INITFAIL = -7,
255 /** error in pipe communication with async bg worker */
256 UB_PIPE = -8,
257 /** error reading from file (resolv.conf) */
258 UB_READFILE = -9,
259 /** error async_id does not exist or result already been delivered */
260 UB_NOID = -10
261 };
233262
234263 /**
235264 * Create a resolving and validation context.
562591 /**
563592 * Convert error value to a human readable string.
564593 * @param err: error code from one of the libunbound functions.
594 * The error codes are from the type enum ub_ctx_err.
565595 * @return pointer to constant text string, zero terminated.
566596 */
567597 const char* ub_strerror(int err);
+16
-14
libunbound/worker.h less more
5757 * @param dnssec: if set, EDNS record will have DO bit set.
5858 * @param want_dnssec: signatures needed.
5959 * @param nocaps: ignore capsforid(if in config), do not perturb qname.
60 * @param check_ratelimit: if set, will check ratelimit before sending out.
6061 * @param addr: where to.
6162 * @param addrlen: length of addr.
6263 * @param zone: delegation point name.
6364 * @param zonelen: length of zone name wireformat dname.
65 * @param tcp_upstream: use TCP for upstream queries.
6466 * @param ssl_upstream: use SSL for upstream queries.
6567 * @param tls_auth_name: if ssl_upstream, use this name with TLS
6668 * authentication.
67 * @param q: wich query state to reactivate upon return.
69 * @param q: which query state to reactivate upon return.
70 * @param was_ratelimited: it will signal back if the query failed to pass the
71 * ratelimit check.
6872 * @return: false on failure (memory or socket related). no query was
6973 * sent.
7074 */
7175 struct outbound_entry* libworker_send_query(struct query_info* qinfo,
7276 uint16_t flags, int dnssec, int want_dnssec, int nocaps,
77 int check_ratelimit,
7378 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
74 size_t zonelen, int ssl_upstream, char* tls_auth_name,
75 struct module_qstate* q);
76
77 /** process incoming replies from the network */
78 int libworker_handle_reply(struct comm_point* c, void* arg, int error,
79 struct comm_reply* reply_info);
79 size_t zonelen, int tcp_upstream, int ssl_upstream, char* tls_auth_name,
80 struct module_qstate* q, int* was_ratelimited);
8081
8182 /** process incoming serviced query replies from the network */
8283 int libworker_handle_service_reply(struct comm_point* c, void* arg, int error,
112113 * @param dnssec: if set, EDNS record will have DO bit set.
113114 * @param want_dnssec: signatures needed.
114115 * @param nocaps: ignore capsforid(if in config), do not perturb qname.
116 * @param check_ratelimit: if set, will check ratelimit before sending out.
115117 * @param addr: where to.
116118 * @param addrlen: length of addr.
117119 * @param zone: wireformat dname of the zone.
118120 * @param zonelen: length of zone name.
121 * @param tcp_upstream: use TCP for upstream queries.
119122 * @param ssl_upstream: use SSL for upstream queries.
120123 * @param tls_auth_name: if ssl_upstream, use this name with TLS
121124 * authentication.
122 * @param q: wich query state to reactivate upon return.
125 * @param q: which query state to reactivate upon return.
126 * @param was_ratelimited: it will signal back if the query failed to pass the
127 * ratelimit check.
123128 * @return: false on failure (memory or socket related). no query was
124129 * sent.
125130 */
126131 struct outbound_entry* worker_send_query(struct query_info* qinfo,
127132 uint16_t flags, int dnssec, int want_dnssec, int nocaps,
133 int check_ratelimit,
128134 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
129 size_t zonelen, int ssl_upstream, char* tls_auth_name,
130 struct module_qstate* q);
135 size_t zonelen, int tcp_upstream, int ssl_upstream, char* tls_auth_name,
136 struct module_qstate* q, int* was_ratelimited);
131137
132138 /**
133139 * process control messages from the main thread. Frees the control
144150 /** handles callbacks from listening event interface */
145151 int worker_handle_request(struct comm_point* c, void* arg, int error,
146152 struct comm_reply* repinfo);
147
148 /** process incoming replies from the network */
149 int worker_handle_reply(struct comm_point* c, void* arg, int error,
150 struct comm_reply* reply_info);
151153
152154 /** process incoming serviced query replies from the network */
153155 int worker_handle_service_reply(struct comm_point* c, void* arg, int error,
+1
-1
pythonmod/doc/examples/example5.rst less more
8989 log_info("python: Option code {} was not found in the "
9090 "list.".format(code))
9191
92 .. note:: All occurences of the EDNS option code will be removed from the list:
92 .. note:: All occurrences of the EDNS option code will be removed from the list:
9393
9494
9595 Controlling other modules' cache behavior
+7
-7
pythonmod/doc/modules/functions.rst less more
9191 .. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region, \*\*kwargs)
9292
9393 Function prototype for callback functions used in
94 `register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_,
94 `register_inplace_cb_reply`, `register_inplace_cb_reply_cache`,
9595 `register_inplace_cb_reply_local` and `register_inplace_cb_reply_servfail`.
9696
9797 :param qinfo: :class:`query_info`
108108 .. function:: inplace_cb_query(qinfo, flags, qstate, addr, zone, region)
109109
110110 Function prototype for callback functions used in
111 `register_inplace_cb_query`_.
111 `register_inplace_cb_query`.
112112
113113 :param qinfo: :class:`query_info`
114114 :param flags: query flags (integer)
121121
122122 Register py_cb as an inplace reply callback function.
123123
124 :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable.
124 :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable.
125125 :param env: :class:`module_env`
126126 :param id: Module ID.
127127 :return: True on success, False otherwise
131131
132132 Register py_cb as an inplace reply_cache callback function.
133133
134 :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable.
134 :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable.
135135 :param env: :class:`module_env`
136136 :param id: Module ID.
137137 :return: True on success, False otherwise
141141
142142 Register py_cb as an inplace reply_local callback function.
143143
144 :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable.
144 :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable.
145145 :param env: :class:`module_env`
146146 :param id: Module ID.
147147 :return: True on success, False otherwise
151151
152152 Register py_cb as an inplace reply_servfail callback function.
153153
154 :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable.
154 :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable.
155155 :param env: :class:`module_env`
156156 :param id: Module ID.
157157 :return: True on success, False otherwise
161161
162162 Register py_cb as an inplace query callback function.
163163
164 :param py_cb: Python function that follows `inplace_cb_query`_'s prototype. **Must** be callable.
164 :param py_cb: Python function that follows `inplace_cb_query`'s prototype. **Must** be callable.
165165 :param env: :class:`module_env`
166166 :param id: Module ID.
167167 :return: True on success, False otherwise
+3
-3
pythonmod/doc/modules/struct.rst less more
1111
1212 .. attribute:: qinfo
1313
14 (:class:`query_info`) Informations about query being answered. Name, RR type, RR class.
14 (:class:`query_info`) Information about query being answered. Name, RR type, RR class.
1515
1616 .. attribute:: query_flags
1717
255255
256256 .. attribute:: qinfo
257257
258 (:class:`query_info`) Informations about query.
258 (:class:`query_info`) Information about query.
259259
260260 .. attribute:: rep
261261
439439
440440 .. method:: set_return_msg(self, qstate)
441441
442 This method fills qstate return message according to the given informations.
442 This method fills qstate return message according to the given information.
443443 It takes lists of RRs in each section of answer, created necessary RRsets in wire format and store the result in :attr:`qstate.return_msg`.
444444 Returns 1 if OK.
445445
+1
-1
pythonmod/doc/usecase.rst less more
2020
2121 DNS based Wake-On-Lan
2222 ---------------------
23 Controled by secured queries secured with private key.
23 Controlled by secured queries secured with private key.
2424
2525 Dynamic translation service
2626 ---------------------------
+1
-1
pythonmod/examples/edns.py less more
5454 # Return True on success, False on failure.
5555 #
5656 # edns_opt_list_remove(edns_opt_list, code):
57 # Remove all occurences of the given EDNS option code from the
57 # Remove all occurrences of the given EDNS option code from the
5858 # edns_opt_list.
5959 # Return True when at least one EDNS option was removed, False otherwise.
6060 #
+38
-17
pythonmod/interface.i less more
677677 uint8_t edns_version;
678678 uint16_t bits;
679679 uint16_t udp_size;
680 struct edns_option* opt_list;
680 struct edns_option* opt_list_in;
681 struct edns_option* opt_list_out;
682 struct edns_option* opt_list_inplace_cb_out;
683 uint16_t padding_block_size;
681684 };
682685 %inline %{
683686 struct edns_option** _edns_data_opt_list_get(struct edns_data* edns) {
684 return &edns->opt_list;
687 return &edns->opt_list_in;
685688 }
686689 %}
687690 %extend edns_data {
708711 /* --- services --- */
709712 struct outbound_entry* (*send_query)(struct query_info* qinfo,
710713 uint16_t flags, int dnssec, int want_dnssec, int nocaps,
714 int check_ratelimit,
711715 struct sockaddr_storage* addr, socklen_t addrlen,
712 uint8_t* zone, size_t zonelen, int ssl_upstream, char* tls_auth_name,
713 struct module_qstate* q);
716 uint8_t* zone, size_t zonelen, int tcp_upstream, int ssl_upstream,
717 char* tls_auth_name, struct module_qstate* q, int* was_ratelimited);
714718 void (*detach_subs)(struct module_qstate* qstate);
715719 int (*attach_sub)(struct module_qstate* qstate,
716720 struct query_info* qinfo, uint16_t qflags, int prime,
13401344 %pythoncode %{
13411345 class DNSMessage:
13421346 def __init__(self, rr_name, rr_type, rr_class = RR_CLASS_IN, query_flags = 0, default_ttl = 0):
1343 """Query flags is a combination of PKT_xx contants"""
1347 """Query flags is a combination of PKT_xx constants"""
13441348 self.rr_name = rr_name
13451349 self.rr_type = rr_type
13461350 self.rr_class = rr_class
15451549 {
15461550 PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo;
15471551 PyObject *py_rep, *py_repinfo, *py_region;
1548 PyObject *py_args, *py_kwargs, *result;
1552 PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL;
15491553 int res = 0;
15501554 double py_start_time = ((double)start_time->tv_sec) + ((double)start_time->tv_usec) / 1.0e6;
15511555
15601564 py_rep = SWIG_NewPointerObj((void*) rep, SWIGTYPE_p_reply_info, 0);
15611565 py_repinfo = SWIG_NewPointerObj((void*) repinfo, SWIGTYPE_p_comm_reply, 0);
15621566 py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0);
1563 py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep,
1564 rcode, py_edns, py_opt_list_out, py_region);
1565 py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time",
1566 py_start_time);
1567 result = PyObject_Call(func, py_args, py_kwargs);
1567 if(py_qinfo && py_qstate && py_rep && py_edns && py_opt_list_out
1568 && py_region && py_repinfo) {
1569 py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep,
1570 rcode, py_edns, py_opt_list_out, py_region);
1571 py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time",
1572 py_start_time);
1573 if(py_args && py_kwargs) {
1574 result = PyObject_Call(func, py_args, py_kwargs);
1575 } else {
1576 log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic");
1577 }
1578 } else {
1579 log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic");
1580 }
15681581 Py_XDECREF(py_edns);
15691582 Py_XDECREF(py_qstate);
15701583 Py_XDECREF(py_opt_list_out);
16231636 {
16241637 int res = 0;
16251638 PyObject *func = python_callback;
1639 PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL;
16261640
16271641 PyGILState_STATE gstate = PyGILState_Ensure();
16281642
16311645 PyObject *py_addr = SWIG_NewPointerObj((void *) addr, SWIGTYPE_p_sockaddr_storage, 0);
16321646 PyObject *py_zone = PyBytes_FromStringAndSize((const char *)zone, zonelen);
16331647 PyObject *py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0);
1634
1635 PyObject *py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region);
1636 PyObject *py_kwargs = Py_BuildValue("{}");
1637 PyObject *result = PyObject_Call(func, py_args, py_kwargs);
1638 if (result) {
1639 res = PyInt_AsLong(result);
1648 if(py_qinfo && py_qstate && py_addr && py_zone && py_region) {
1649 py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region);
1650 py_kwargs = Py_BuildValue("{}");
1651 if(py_args && py_kwargs) {
1652 result = PyObject_Call(func, py_args, py_kwargs);
1653 if (result) {
1654 res = PyInt_AsLong(result);
1655 }
1656 } else {
1657 log_err("pythonmod: malloc failure in python_inplace_cb_query_generic");
1658 }
1659 } else {
1660 log_err("pythonmod: malloc failure in python_inplace_cb_query_generic");
16401661 }
16411662
16421663 Py_XDECREF(py_qinfo);
+57
-1
pythonmod/pythonmod.c less more
244244 /* clear the exception, by not restoring it */
245245 /* Restore the exception state */
246246 /* PyErr_Restore(exc_typ, exc_val, exc_tb); */
247 /* when using PyErr_Restore there is no need to Py_XDECREF for
248 * these 3 pointers. */
249 Py_XDECREF(exc_typ);
250 Py_XDECREF(exc_val);
251 Py_XDECREF(exc_tb);
247252 }
248253
249254 int pythonmod_init(struct module_env* env, int id)
298303 PyImport_AppendInittab(SWIG_name, (void*)SWIG_init);
299304 #endif
300305 Py_Initialize();
306 #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION <= 6)
307 /* initthreads only for python 3.6 and older */
301308 PyEval_InitThreads();
309 #endif
302310 SWIG_init();
303311 mainthr = PyEval_SaveThread();
304312 }
334342 PyFileObject = PyFile_FromString((char*)pe->fname, "r");
335343 script_py = PyFile_AsFile(PyFileObject);
336344 #else
337 script_py = _Py_fopen(pe->fname, "r");
345 script_py = fopen(pe->fname, "r");
338346 #endif
339347 if (script_py == NULL)
340348 {
353361 /* TODO: deallocation of pe->... if an error occurs */
354362
355363 if (PyRun_SimpleFile(script_py, pe->fname) < 0) {
364 #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9)
365 /* for python before 3.9 */
356366 log_err("pythonmod: can't parse Python script %s", pe->fname);
357367 /* print the error to logs too, run it again */
358368 fseek(script_py, 0, SEEK_SET);
368378 /* ignore the NULL return of _node, it is NULL due to the parse failure
369379 * that we are expecting */
370380 (void)PyParser_SimpleParseFile(script_py, pe->fname, Py_file_input);
381 #else
382 /* for python 3.9 and newer */
383 char* fstr = NULL;
384 size_t flen = 0;
385 log_err("pythonmod: can't parse Python script %s", pe->fname);
386 /* print the error to logs too, run it again */
387 fseek(script_py, 0, SEEK_END);
388 flen = (size_t)ftell(script_py);
389 fstr = malloc(flen+1);
390 if(!fstr) {
391 log_err("malloc failure to print parse error");
392 PyGILState_Release(gil);
393 fclose(script_py);
394 return 0;
395 }
396 fseek(script_py, 0, SEEK_SET);
397 if(fread(fstr, flen, 1, script_py) < 1) {
398 log_err("file read failed to print parse error: %s: %s",
399 pe->fname, strerror(errno));
400 PyGILState_Release(gil);
401 fclose(script_py);
402 free(fstr);
403 return 0;
404 }
405 fstr[flen] = 0;
406 /* we compile the string, but do not run it, to stop side-effects */
407 /* ignore the NULL return of _node, it is NULL due to the parse failure
408 * that we are expecting */
409 (void)Py_CompileString(fstr, pe->fname, Py_file_input);
410 #endif
371411 log_py_err();
372412 PyGILState_Release(gil);
373413 fclose(script_py);
414 #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9)
415 /* no cleanup needed for python before 3.9 */
416 #else
417 /* cleanup for python 3.9 and newer */
418 free(fstr);
419 #endif
374420 return 0;
375421 }
376422 #if PY_MAJOR_VERSION < 3
519565 {
520566 /* create qstate */
521567 pq = qstate->minfo[id] = malloc(sizeof(struct pythonmod_qstate));
568 if(!pq) {
569 log_err("pythonmod_operate: malloc failure for qstate");
570 PyGILState_Release(gil);
571 return;
572 }
522573
523574 /* Initialize per query data */
524575 pq->data = PyDict_New();
576 if(!pq->data) {
577 log_err("pythonmod_operate: malloc failure for query data dict");
578 PyGILState_Release(gil);
579 return;
580 }
525581 }
526582
527583 /* Call operate */
+113
-108
pythonmod/pythonmod_utils.c less more
44 * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz)
55 *
66 * This software is open source.
7 *
7 *
88 * Redistribution and use in source and binary forms, with or without
99 * modification, are permitted provided that the following conditions
1010 * are met:
11 *
11 *
1212 * * Redistributions of source code must retain the above copyright notice,
1313 * this list of conditions and the following disclaimer.
14 *
14 *
1515 * * Redistributions in binary form must reproduce the above copyright notice,
1616 * this list of conditions and the following disclaimer in the documentation
1717 * and/or other materials provided with the distribution.
18 *
18 *
1919 * * Neither the name of the organization nor the names of its
2020 * contributors may be used to endorse or promote products derived from this
2121 * software without specific prior written permission.
5555 #undef _XOPEN_SOURCE
5656 #include <Python.h>
5757
58 /* Store the reply_info and query_info pair in message cache (qstate->msg_cache) */
59 int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, struct reply_info* msgrep, int is_referral)
60 {
61 if (!msgrep)
62 return 0;
63
64 if (msgrep->authoritative) /*authoritative answer can't be stored in cache*/
65 {
66 PyErr_SetString(PyExc_ValueError, "Authoritative answer can't be stored");
67 return 0;
68 }
69
70 return dns_cache_store(qstate->env, qinfo, msgrep, is_referral,
71 qstate->prefetch_leeway, 0, NULL, qstate->query_flags);
72 }
73
74 /* Invalidate the message associated with query_info stored in message cache */
75 void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo)
76 {
77 hashvalue_type h;
78 struct lruhash_entry* e;
79 struct reply_info *r;
80 size_t i, j;
81
82 h = query_info_hash(qinfo, qstate->query_flags);
83 if ((e=slabhash_lookup(qstate->env->msg_cache, h, qinfo, 0)))
84 {
85 r = (struct reply_info*)(e->data);
86 if (r)
87 {
88 r->ttl = 0;
89 if(rrset_array_lock(r->ref, r->rrset_count, *qstate->env->now)) {
90 for(i=0; i< r->rrset_count; i++)
91 {
92 struct packed_rrset_data* data =
93 (struct packed_rrset_data*) r->ref[i].key->entry.data;
94 if(i>0 && r->ref[i].key == r->ref[i-1].key)
95 continue;
96
97 data->ttl = r->ttl;
98 for(j=0; j<data->count + data->rrsig_count; j++)
99 data->rr_ttl[j] = r->ttl;
100 }
101 rrset_array_unlock(r->ref, r->rrset_count);
102 }
103 }
104 lock_rw_unlock(&e->lock);
105 } else {
106 log_info("invalidateQueryInCache: qinfo is not in cache");
107 }
58 /* Store the reply_info and query_info pair in message cache
59 * (qstate->msg_cache) */
60 int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo,
61 struct reply_info* msgrep, int is_referral)
62 {
63 if (!msgrep)
64 return 0;
65
66 /* authoritative answer can't be stored in cache */
67 if (msgrep->authoritative) {
68 PyErr_SetString(PyExc_ValueError,
69 "Authoritative answer can't be stored");
70 return 0;
71 }
72
73 return dns_cache_store(qstate->env, qinfo, msgrep, is_referral,
74 qstate->prefetch_leeway, 0, NULL, qstate->query_flags);
75 }
76
77 /* Invalidate the message associated with query_info stored in message cache */
78 void invalidateQueryInCache(struct module_qstate* qstate,
79 struct query_info* qinfo)
80 {
81 hashvalue_type h;
82 struct lruhash_entry* e;
83 struct reply_info *r;
84 size_t i, j;
85
86 h = query_info_hash(qinfo, qstate->query_flags);
87 if ((e=slabhash_lookup(qstate->env->msg_cache, h, qinfo, 0))) {
88 r = (struct reply_info*)(e->data);
89 if (r) {
90 r->ttl = 0;
91 if(rrset_array_lock(r->ref, r->rrset_count, *qstate->env->now)) {
92 for(i=0; i< r->rrset_count; i++) {
93 struct packed_rrset_data* data =
94 (struct packed_rrset_data*) r->ref[i].key->entry.data;
95 if(i>0 && r->ref[i].key == r->ref[i-1].key)
96 continue;
97
98 data->ttl = r->ttl;
99 for(j=0; j<data->count + data->rrsig_count; j++)
100 data->rr_ttl[j] = r->ttl;
101 }
102 rrset_array_unlock(r->ref, r->rrset_count);
103 }
104 }
105 lock_rw_unlock(&e->lock);
106 } else {
107 log_info("invalidateQueryInCache: qinfo is not in cache");
108 }
108109 }
109110
110111 /* Create response according to the ldns packet content */
111112 int createResponse(struct module_qstate* qstate, sldns_buffer* pkt)
112113 {
113 struct msg_parse* prs;
114 struct edns_data edns;
115
116 /* parse message */
117 prs = (struct msg_parse*) regional_alloc(qstate->env->scratch, sizeof(struct msg_parse));
118 if (!prs) {
119 log_err("storeResponse: out of memory on incoming message");
120 return 0;
121 }
122
123 memset(prs, 0, sizeof(*prs));
124 memset(&edns, 0, sizeof(edns));
125
126 sldns_buffer_set_position(pkt, 0);
127 if (parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) {
128 verbose(VERB_ALGO, "storeResponse: parse error on reply packet");
129 return 0;
130 }
131 /* edns is not examined, but removed from message to help cache */
132 if(parse_extract_edns(prs, &edns, qstate->env->scratch) !=
133 LDNS_RCODE_NOERROR)
134 return 0;
135
136 /* remove CD-bit, we asked for in case we handle validation ourself */
137 prs->flags &= ~BIT_CD;
138
139 /* allocate response dns_msg in region */
140 qstate->return_msg = (struct dns_msg*)regional_alloc(qstate->region, sizeof(struct dns_msg));
141 if (!qstate->return_msg)
142 return 0;
143
144 memset(qstate->return_msg, 0, sizeof(*qstate->return_msg));
145 if(!parse_create_msg(pkt, prs, NULL, &(qstate->return_msg)->qinfo, &(qstate->return_msg)->rep, qstate->region)) {
146 log_err("storeResponse: malloc failure: allocating incoming dns_msg");
147 return 0;
148 }
149
150 /* Make sure that the RA flag is set (since the presence of
151 * this module means that recursion is available) */
152 /* qstate->return_msg->rep->flags |= BIT_RA; */
153
154 /* Clear the AA flag */
155 /* FIXME: does this action go here or in some other module? */
156 /*qstate->return_msg->rep->flags &= ~BIT_AA; */
157
158 /* make sure QR flag is on */
159 /*qstate->return_msg->rep->flags |= BIT_QR; */
160
161 if(verbosity >= VERB_ALGO)
162 log_dns_msg("storeResponse: packet:", &qstate->return_msg->qinfo, qstate->return_msg->rep);
163
164 return 1;
114 struct msg_parse* prs;
115 struct edns_data edns;
116
117 /* parse message */
118 prs = (struct msg_parse*) regional_alloc(qstate->env->scratch,
119 sizeof(struct msg_parse));
120 if(!prs) {
121 log_err("createResponse: out of memory on incoming message");
122 return 0;
123 }
124
125 memset(prs, 0, sizeof(*prs));
126 memset(&edns, 0, sizeof(edns));
127
128 sldns_buffer_set_position(pkt, 0);
129 if(parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) {
130 verbose(VERB_ALGO, "createResponse: parse error on reply packet");
131 return 0;
132 }
133 /* edns is not examined, but removed from message to help cache */
134 if(parse_extract_edns_from_response_msg(prs, &edns, qstate->env->scratch) !=
135 LDNS_RCODE_NOERROR)
136 return 0;
137
138 /* remove CD-bit, we asked for in case we handle validation ourself */
139 prs->flags &= ~BIT_CD;
140
141 /* allocate response dns_msg in region */
142 qstate->return_msg = (struct dns_msg*) regional_alloc(qstate->region,
143 sizeof(struct dns_msg));
144 if(!qstate->return_msg)
145 return 0;
146
147 memset(qstate->return_msg, 0, sizeof(*qstate->return_msg));
148 if(!parse_create_msg(pkt, prs, NULL, &(qstate->return_msg)->qinfo,
149 &(qstate->return_msg)->rep, qstate->region)) {
150 log_err("createResponse: malloc failure: allocating incoming dns_msg");
151 return 0;
152 }
153
154 /* Make sure that the RA flag is set (since the presence of
155 * this module means that recursion is available) */
156 /* qstate->return_msg->rep->flags |= BIT_RA; */
157
158 /* Clear the AA flag */
159 /* FIXME: does this action go here or in some other module? */
160 /*qstate->return_msg->rep->flags &= ~BIT_AA; */
161
162 /* make sure QR flag is on */
163 /*qstate->return_msg->rep->flags |= BIT_QR; */
164
165 if(verbosity >= VERB_ALGO)
166 log_dns_msg("createResponse: packet:", &qstate->return_msg->qinfo,
167 qstate->return_msg->rep);
168
169 return 1;
165170 }
166171
167172
175180 sinaddr = &((struct sockaddr_in6*)&(reply->addr))->sin6_addr;
176181 dest[0] = 0;
177182 if (inet_ntop(af, sinaddr, dest, (socklen_t)maxlen) == 0)
178 return;
183 return;
179184 dest[maxlen-1] = 0;
180185 }
181186
189194 sinaddr = &((struct sockaddr_in6*)&(target->addr))->sin6_addr;
190195 dest[0] = 0;
191196 if (inet_ntop(af, sinaddr, dest, (socklen_t)maxlen) == 0)
192 return;
197 return;
193198 dest[maxlen-1] = 0;
194199 }
+31
-21
pythonmod/pythonmod_utils.h less more
00 /*
11 * pythonmod_utils.h: utils header file
2 *
2 *
33 * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz)
44 * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz)
55 *
66 * This software is open source.
7 *
7 *
88 * Redistribution and use in source and binary forms, with or without
99 * modification, are permitted provided that the following conditions
1010 * are met:
11 *
11 *
1212 * * Redistributions of source code must retain the above copyright notice,
1313 * this list of conditions and the following disclaimer.
14 *
14 *
1515 * * Redistributions in binary form must reproduce the above copyright notice,
1616 * this list of conditions and the following disclaimer in the documentation
1717 * and/or other materials provided with the distribution.
18 *
18 *
1919 * * Neither the name of the organization nor the names of its
2020 * contributors may be used to endorse or promote products derived from this
2121 * software without specific prior written permission.
4545 struct sldns_buffer;
4646
4747 /**
48 * Store the reply_info and query_info pair in message cache (qstate->msg_cache)
48 * Store the reply_info and query_info pair in message cache
49 * (qstate->msg_cache).
4950 *
5051 * @param qstate: module environment
5152 * @param qinfo: query info, the query for which answer is stored.
5253 * @param msgrep: reply in dns_msg
5354 * @param is_referral: If true, then the given message to be stored is a
54 * referral. The cache implementation may use this as a hint.
55 * It will store only the RRsets, not the message.
55 * referral. The cache implementation may use this as a hint.
56 * It will store only the RRsets, not the message.
5657 * @return 0 on alloc error (out of memory).
5758 */
58 int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, struct reply_info* msgrep, int is_referral);
59 int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo,
60 struct reply_info* msgrep, int is_referral);
5961
6062
6163 /**
62 * Invalidate the message associated with query_info stored in message cache.
64 * Invalidate the message associated with query_info stored in message cache.
6365 *
64 * This function invalidates the record in message cache associated with the given query only if such a record exists.
66 * This function invalidates the record in message cache associated with the
67 * given query only if such a record exists.
6568 *
6669 * @param qstate: module environment
6770 * @param qinfo: query info, the query for which answer is stored.
6871 */
69 void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo);
72 void invalidateQueryInCache(struct module_qstate* qstate,
73 struct query_info* qinfo);
7074
7175 /**
72 * Create response according to the ldns packet content
76 * Create response according to the ldns packet content.
7377 *
74 * This function fills qstate.return_msg up with data of a given packet
75 *
78 * This function fills qstate.return_msg up with data of a given packet
79 *
7680 * @param qstate: module environment
7781 * @param pkt: a sldns_buffer which contains sldns_packet data
7882 * @return 0 on failure, out of memory or parse error.
8084 int createResponse(struct module_qstate* qstate, struct sldns_buffer* pkt);
8185
8286 /**
83 * Convert reply->addr to string
84 * @param reply: comm reply with address in it.
85 * @param dest: destination string.
86 * @param maxlen: length of string buffer.
87 * Convert reply->addr to string.
88 * @param reply: comm reply with address in it.
89 * @param dest: destination string.
90 * @param maxlen: length of string buffer.
8791 */
8892 void reply_addr2str(struct comm_reply* reply, char* dest, int maxlen);
8993
90 /* Convert target->addr to string */
91 void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest, int maxlen);
94 /**
95 * Convert target->addr to string.
96 * @param target: delegpt_addr with address in it.
97 * @param dest: destination string.
98 * @param maxlen: length of string buffer.
99 */
100 void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest,
101 int maxlen);
92102
93103 #endif /* PYTHONMOD_UTILS_H */
+28
-49
respip/respip.c less more
2424 #include "respip/respip.h"
2525 #include "services/view.h"
2626 #include "sldns/rrdef.h"
27 #include "util/data/dname.h"
2728
2829
2930 /** Subset of resp_addr.node, used for inform-variant logging */
128129 struct resp_addr* prev;
129130 prev = (struct resp_addr*)rbtree_previous((struct rbnode_type*)node);
130131 lock_rw_destroy(&node->lock);
131 rbtree_delete(&set->ip_tree, node);
132 (void)rbtree_delete(&set->ip_tree, node);
132133 /* no free'ing, all allocated in region */
133134 if(!prev)
134135 addr_tree_init_parents((rbtree_type*)set);
482483 * This function returns the copied rrset key on success, and NULL on memory
483484 * allocation failure.
484485 */
485 static struct ub_packed_rrset_key*
486 copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region)
486 struct ub_packed_rrset_key*
487 respip_copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region)
487488 {
488489 struct ub_packed_rrset_key* ck = regional_alloc(region,
489490 sizeof(struct ub_packed_rrset_key));
601602 */
602603 static struct resp_addr*
603604 respip_addr_lookup(const struct reply_info *rep, struct respip_set* rs,
604 size_t* rrset_id)
605 size_t* rrset_id, size_t* rr_id)
605606 {
606607 size_t i;
607608 struct resp_addr* ra;
624625 &ss, addrlen);
625626 if(ra) {
626627 *rrset_id = i;
628 *rr_id = j;
627629 lock_rw_rdlock(&ra->lock);
628630 lock_rw_unlock(&rs->lock);
629631 return ra;
632634 }
633635 lock_rw_unlock(&rs->lock);
634636 return NULL;
635 }
636
637 /*
638 * Create a new reply_info based on 'rep'. The new info is based on
639 * the passed 'rep', but ignores any rrsets except for the first 'an_numrrsets'
640 * RRsets in the answer section. These answer rrsets are copied to the
641 * new info, up to 'copy_rrsets' rrsets (which must not be larger than
642 * 'an_numrrsets'). If an_numrrsets > copy_rrsets, the remaining rrsets array
643 * entries will be kept empty so the caller can fill them later. When rrsets
644 * are copied, they are shallow copied. The caller must ensure that the
645 * copied rrsets are valid throughout its lifetime and must provide appropriate
646 * mutex if it can be shared by multiple threads.
647 */
648 static struct reply_info *
649 make_new_reply_info(const struct reply_info* rep, struct regional* region,
650 size_t an_numrrsets, size_t copy_rrsets)
651 {
652 struct reply_info* new_rep;
653 size_t i;
654
655 /* create a base struct. we specify 'insecure' security status as
656 * the modified response won't be DNSSEC-valid. In our faked response
657 * the authority and additional sections will be empty (except possible
658 * EDNS0 OPT RR in the additional section appended on sending it out),
659 * so the total number of RRsets is an_numrrsets. */
660 new_rep = construct_reply_info_base(region, rep->flags,
661 rep->qdcount, rep->ttl, rep->prefetch_ttl,
662 rep->serve_expired_ttl, an_numrrsets, 0, 0, an_numrrsets,
663 sec_status_insecure);
664 if(!new_rep)
665 return NULL;
666 if(!reply_info_alloc_rrset_keys(new_rep, NULL, region))
667 return NULL;
668 for(i=0; i<copy_rrsets; i++)
669 new_rep->rrsets[i] = rep->rrsets[i];
670
671 return new_rep;
672637 }
673638
674639 /**
729694 "response-ip redirect with tag data [%d] %s",
730695 tag, (tag<num_tags?tagname[tag]:"null"));
731696 /* use copy_rrset() to 'normalize' memory layout */
732 rp = copy_rrset(&r, region);
697 rp = respip_copy_rrset(&r, region);
733698 if(!rp)
734699 return -1;
735700 }
742707 * rename the dname for other actions than redirect. This is because
743708 * response-ip-data isn't associated to any specific name. */
744709 if(rp == data) {
745 rp = copy_rrset(rp, region);
710 rp = respip_copy_rrset(rp, region);
746711 if(!rp)
747712 return -1;
748713 rp->rk.dname = rep->rrsets[rrset_id]->rk.dname;
806771 * is explicitly specified. */
807772 int rcode = (action == respip_always_nxdomain)?
808773 LDNS_RCODE_NXDOMAIN:LDNS_RCODE_NOERROR;
809
810774 /* We should empty the answer section except for any preceding
811775 * CNAMEs (in that case rrset_id > 0). Type-ANY case is
812776 * special as noted in respip_data_answer(). */
906870 size_t tag_datas_size;
907871 struct view* view = NULL;
908872 struct respip_set* ipset = NULL;
909 size_t rrset_id = 0;
873 size_t rrset_id = 0, rr_id = 0;
910874 enum respip_action action = respip_none;
911875 int tag = -1;
912876 struct resp_addr* raddr = NULL;
947911 lock_rw_rdlock(&view->lock);
948912 if(view->respip_set) {
949913 if((raddr = respip_addr_lookup(rep,
950 view->respip_set, &rrset_id))) {
914 view->respip_set, &rrset_id, &rr_id))) {
951915 /** for per-view respip directives the action
952916 * can only be direct (i.e. not tag-based) */
953917 action = raddr->action;
961925 }
962926 }
963927 if(!raddr && (raddr = respip_addr_lookup(rep, ipset,
964 &rrset_id))) {
928 &rrset_id, &rr_id))) {
965929 action = (enum respip_action)local_data_find_tag_action(
966930 raddr->taglist, raddr->taglen, ctaglist, ctaglen,
967931 tag_actions, tag_actions_size,
975939 if(!r->taglist || taglist_intersect(r->taglist,
976940 r->taglistlen, ctaglist, ctaglen)) {
977941 if((raddr = respip_addr_lookup(rep,
978 r->respip_set, &rrset_id))) {
942 r->respip_set, &rrset_id, &rr_id))) {
979943 if(!respip_use_rpz(raddr, r, &action, &data,
980944 &rpz_log, &log_name, &rpz_cname_override,
981945 region, &rpz_used)) {
986950 return 0;
987951 }
988952 if(rpz_used) {
953 if(verbosity >= VERB_ALGO) {
954 struct sockaddr_storage ss;
955 socklen_t ss_len = 0;
956 char nm[256], ip[256];
957 char qn[255+1];
958 if(!rdata2sockaddr(rep->rrsets[rrset_id]->entry.data, ntohs(rep->rrsets[rrset_id]->rk.type), rr_id, &ss, &ss_len))
959 snprintf(ip, sizeof(ip), "invalidRRdata");
960 else
961 addr_to_str(&ss, ss_len, ip, sizeof(ip));
962 dname_str(qinfo->qname, qn);
963 addr_to_str(&raddr->node.addr,
964 raddr->node.addrlen,
965 nm, sizeof(nm));
966 verbose(VERB_ALGO, "respip: rpz response-ip trigger %s/%d on %s %s with action %s", nm, raddr->node.net, qn, ip, rpz_action_to_string(respip_action_to_rpz_action(action)));
967 }
989968 /* break to make sure 'a' stays pointed
990969 * to used auth_zone, and keeps lock */
991970 break;
12081187 if(!new_rep)
12091188 return 0;
12101189 for(i=0,j=base_rep->an_numrrsets; i<tgt_rep->an_numrrsets; i++,j++) {
1211 new_rep->rrsets[j] = copy_rrset(tgt_rep->rrsets[i], region);
1190 new_rep->rrsets[j] = respip_copy_rrset(tgt_rep->rrsets[i], region);
12121191 if(!new_rep->rrsets[j])
12131192 return 0;
12141193 }
+3
-0
respip/respip.h less more
293293 */
294294 void
295295 respip_sockaddr_delete(struct respip_set* set, struct resp_addr* node);
296
297 struct ub_packed_rrset_key*
298 respip_copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region);
296299 #endif /* RESPIP_RESPIP_H */
+1515
-27
services/authzone.c less more
6666 #include "sldns/parseutil.h"
6767 #include "sldns/keyraw.h"
6868 #include "validator/val_nsec3.h"
69 #include "validator/val_nsec.h"
6970 #include "validator/val_secalgo.h"
71 #include "validator/val_sigcrypt.h"
72 #include "validator/val_anchor.h"
73 #include "validator/val_utils.h"
7074 #include <ctype.h>
7175
7276 /** bytes to use for NSEC3 hash buffer. 20 for sha1 */
7983 #define AUTH_PROBE_TIMEOUT_STOP 1000 /* msec */
8084 /* auth transfer timeout for TCP connections, in msec */
8185 #define AUTH_TRANSFER_TIMEOUT 10000 /* msec */
82 /* auth transfer max backoff for failed tranfers and probes */
86 /* auth transfer max backoff for failed transfers and probes */
8387 #define AUTH_TRANSFER_MAX_BACKOFF 86400 /* sec */
8488 /* auth http port number */
8589 #define AUTH_HTTP_PORT 80
238242 return 1;
239243 }
240244
241 /** add rrset to authority section (no additonal section rrsets yet) */
245 /** add rrset to authority section (no additional section rrsets yet) */
242246 static int
243247 msg_add_rrset_ns(struct auth_zone* z, struct regional* region,
244248 struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
17401744 return 1;
17411745 }
17421746
1747 /** offline verify for zonemd, while reading a zone file to immediately
1748 * spot bad hashes in zonefile as they are read.
1749 * Creates temp buffers, but uses anchors and validation environment
1750 * from the module_env. */
1751 static void
1752 zonemd_offline_verify(struct auth_zone* z, struct module_env* env_for_val,
1753 struct module_stack* mods)
1754 {
1755 struct module_env env;
1756 time_t now = 0;
1757 if(!z->zonemd_check)
1758 return;
1759 env = *env_for_val;
1760 env.scratch_buffer = sldns_buffer_new(env.cfg->msg_buffer_size);
1761 if(!env.scratch_buffer) {
1762 log_err("out of memory");
1763 goto clean_exit;
1764 }
1765 env.scratch = regional_create();
1766 if(!env.now) {
1767 env.now = &now;
1768 now = time(NULL);
1769 }
1770 if(!env.scratch) {
1771 log_err("out of memory");
1772 goto clean_exit;
1773 }
1774 auth_zone_verify_zonemd(z, &env, mods, NULL, 1, 0);
1775
1776 clean_exit:
1777 /* clean up and exit */
1778 sldns_buffer_free(env.scratch_buffer);
1779 regional_destroy(env.scratch);
1780 }
1781
17431782 /** read all auth zones from file (if they have) */
17441783 static int
1745 auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg)
1784 auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg,
1785 struct module_env* env, struct module_stack* mods)
17461786 {
17471787 struct auth_zone* z;
17481788 lock_rw_wrlock(&az->lock);
17531793 lock_rw_unlock(&az->lock);
17541794 return 0;
17551795 }
1796 if(z->zonefile && z->zonefile[0]!=0 && env)
1797 zonemd_offline_verify(z, env, mods);
17561798 lock_rw_unlock(&z->lock);
17571799 }
17581800 lock_rw_unlock(&az->lock);
17591801 return 1;
1802 }
1803
1804 /** fetch the content of a ZONEMD RR from the rdata */
1805 static int zonemd_fetch_parameters(struct auth_rrset* zonemd_rrset, size_t i,
1806 uint32_t* serial, int* scheme, int* hashalgo, uint8_t** hash,
1807 size_t* hashlen)
1808 {
1809 size_t rr_len;
1810 uint8_t* rdata;
1811 if(i >= zonemd_rrset->data->count)
1812 return 0;
1813 rr_len = zonemd_rrset->data->rr_len[i];
1814 if(rr_len < 2+4+1+1)
1815 return 0; /* too short, for rdlen+serial+scheme+algo */
1816 rdata = zonemd_rrset->data->rr_data[i];
1817 *serial = sldns_read_uint32(rdata+2);
1818 *scheme = rdata[6];
1819 *hashalgo = rdata[7];
1820 *hashlen = rr_len - 8;
1821 if(*hashlen == 0)
1822 *hash = NULL;
1823 else *hash = rdata+8;
1824 return 1;
1825 }
1826
1827 /**
1828 * See if the ZONEMD scheme, hash occurs more than once.
1829 * @param zonemd_rrset: the zonemd rrset to check with the RRs in it.
1830 * @param index: index of the original, this is allowed to have that
1831 * scheme and hashalgo, but other RRs should not have it.
1832 * @param scheme: the scheme to check for.
1833 * @param hashalgo: the hash algorithm to check for.
1834 * @return true if it occurs more than once.
1835 */
1836 static int zonemd_is_duplicate_scheme_hash(struct auth_rrset* zonemd_rrset,
1837 size_t index, int scheme, int hashalgo)
1838 {
1839 size_t j;
1840 for(j=0; j<zonemd_rrset->data->count; j++) {
1841 uint32_t serial2 = 0;
1842 int scheme2 = 0, hashalgo2 = 0;
1843 uint8_t* hash2 = NULL;
1844 size_t hashlen2 = 0;
1845 if(index == j) {
1846 /* this is the original */
1847 continue;
1848 }
1849 if(!zonemd_fetch_parameters(zonemd_rrset, j, &serial2,
1850 &scheme2, &hashalgo2, &hash2, &hashlen2)) {
1851 /* malformed, skip it */
1852 continue;
1853 }
1854 if(scheme == scheme2 && hashalgo == hashalgo2) {
1855 /* duplicate scheme, hash */
1856 verbose(VERB_ALGO, "zonemd duplicate for scheme %d "
1857 "and hash %d", scheme, hashalgo);
1858 return 1;
1859 }
1860 }
1861 return 0;
1862 }
1863
1864 /**
1865 * Check ZONEMDs if present for the auth zone. Depending on config
1866 * it can warn or fail on that. Checks the hash of the ZONEMD.
1867 * @param z: auth zone to check for.
1868 * caller must hold lock on zone.
1869 * @param env: module env for temp buffers.
1870 * @param reason: returned on failure.
1871 * @return false on failure, true if hash checks out.
1872 */
1873 static int auth_zone_zonemd_check_hash(struct auth_zone* z,
1874 struct module_env* env, char** reason)
1875 {
1876 /* loop over ZONEMDs and see which one is valid. if not print
1877 * failure (depending on config) */
1878 struct auth_data* apex;
1879 struct auth_rrset* zonemd_rrset;
1880 size_t i;
1881 struct regional* region = NULL;
1882 struct sldns_buffer* buf = NULL;
1883 uint32_t soa_serial = 0;
1884 region = env->scratch;
1885 regional_free_all(region);
1886 buf = env->scratch_buffer;
1887 if(!auth_zone_get_serial(z, &soa_serial)) {
1888 *reason = "zone has no SOA serial";
1889 return 0;
1890 }
1891
1892 apex = az_find_name(z, z->name, z->namelen);
1893 if(!apex) {
1894 *reason = "zone has no apex";
1895 return 0;
1896 }
1897 zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD);
1898 if(!zonemd_rrset || zonemd_rrset->data->count==0) {
1899 *reason = "zone has no ZONEMD";
1900 return 0; /* no RRset or no RRs in rrset */
1901 }
1902
1903 /* we have a ZONEMD, check if it is correct */
1904 for(i=0; i<zonemd_rrset->data->count; i++) {
1905 uint32_t serial = 0;
1906 int scheme = 0, hashalgo = 0;
1907 uint8_t* hash = NULL;
1908 size_t hashlen = 0;
1909 if(!zonemd_fetch_parameters(zonemd_rrset, i, &serial, &scheme,
1910 &hashalgo, &hash, &hashlen)) {
1911 /* malformed RR */
1912 *reason = "ZONEMD rdata malformed";
1913 continue;
1914 }
1915 /* check for duplicates */
1916 if(zonemd_is_duplicate_scheme_hash(zonemd_rrset, i, scheme,
1917 hashalgo)) {
1918 /* duplicate hash of the same scheme,hash
1919 * is not allowed. */
1920 *reason = "ZONEMD RRSet contains more than one RR "
1921 "with the same scheme and hash algorithm";
1922 continue;
1923 }
1924 regional_free_all(region);
1925 if(serial != soa_serial) {
1926 *reason = "ZONEMD serial is wrong";
1927 continue;
1928 }
1929 if(auth_zone_generate_zonemd_check(z, scheme, hashalgo,
1930 hash, hashlen, region, buf, reason)) {
1931 /* success */
1932 if(verbosity >= VERB_ALGO) {
1933 char zstr[255+1];
1934 dname_str(z->name, zstr);
1935 verbose(VERB_ALGO, "auth-zone %s ZONEMD hash is correct", zstr);
1936 }
1937 return 1;
1938 }
1939 /* try next one */
1940 }
1941 /* fail, we may have reason */
1942 if(!*reason)
1943 *reason = "no ZONEMD records found";
1944 if(verbosity >= VERB_ALGO) {
1945 char zstr[255+1];
1946 dname_str(z->name, zstr);
1947 verbose(VERB_ALGO, "auth-zone %s ZONEMD failed: %s", zstr, *reason);
1948 }
1949 return 0;
1950 }
1951
1952 /** find the apex SOA RRset, if it exists */
1953 struct auth_rrset* auth_zone_get_soa_rrset(struct auth_zone* z)
1954 {
1955 struct auth_data* apex;
1956 struct auth_rrset* soa;
1957 apex = az_find_name(z, z->name, z->namelen);
1958 if(!apex) return NULL;
1959 soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
1960 return soa;
17601961 }
17611962
17621963 /** find serial number of zone or false if none */
17781979 }
17791980
17801981 /** Find auth_zone SOA and populate the values in xfr(soa values). */
1781 static int
1982 int
17821983 xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr)
17831984 {
17841985 struct auth_data* apex;
19072108 z->for_downstream = c->for_downstream;
19082109 z->for_upstream = c->for_upstream;
19092110 z->fallback_enabled = c->fallback_enabled;
2111 z->zonemd_check = c->zonemd_check;
2112 z->zonemd_reject_absence = c->zonemd_reject_absence;
19102113 if(c->isrpz && !z->rpz){
19112114 if(!(z->rpz = rpz_create(c))){
19122115 fatal_exit("Could not setup RPZ zones");
19992202 }
20002203
20012204 int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg,
2002 int setup, int* is_rpz)
2205 int setup, int* is_rpz, struct module_env* env,
2206 struct module_stack* mods)
20032207 {
20042208 struct config_auth* p;
20052209 az_setall_deleted(az);
20152219 }
20162220 }
20172221 az_delete_deleted_zones(az);
2018 if(!auth_zones_read_zones(az, cfg))
2222 if(!auth_zones_read_zones(az, cfg, env, mods))
20192223 return 0;
20202224 if(setup) {
20212225 if(!auth_zones_setup_zones(az))
33133517
33143518 if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
33153519 rcode, edns, repinfo, temp, env->now_tv))
3316 edns->opt_list = NULL;
3520 edns->opt_list_inplace_cb_out = NULL;
33173521 error_encode(buf, rcode|BIT_AA, qinfo,
33183522 *(uint16_t*)sldns_buffer_begin(buf),
33193523 sldns_buffer_read_u16_at(buf, 2), edns);
49585162 lock_rw_unlock(&z->lock);
49595163 return;
49605164 }
5165 #ifdef UB_ON_WINDOWS
5166 (void)unlink(zfilename); /* windows does not replace file with rename() */
5167 #endif
49615168 if(rename(tmpfile, zfilename) < 0) {
49625169 log_err("could not rename(%s, %s): %s", tmpfile, zfilename,
49635170 strerror(errno));
49685175 lock_rw_unlock(&z->lock);
49695176 }
49705177
5178 /** reacquire locks and structures. Starts with no locks, ends
5179 * with xfr and z locks, if fail, no z lock */
5180 static int xfr_process_reacquire_locks(struct auth_xfer* xfr,
5181 struct module_env* env, struct auth_zone** z)
5182 {
5183 /* release xfr lock, then, while holding az->lock grab both
5184 * z->lock and xfr->lock */
5185 lock_rw_rdlock(&env->auth_zones->lock);
5186 *z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
5187 xfr->dclass);
5188 if(!*z) {
5189 lock_rw_unlock(&env->auth_zones->lock);
5190 lock_basic_lock(&xfr->lock);
5191 *z = NULL;
5192 return 0;
5193 }
5194 lock_rw_wrlock(&(*z)->lock);
5195 lock_basic_lock(&xfr->lock);
5196 lock_rw_unlock(&env->auth_zones->lock);
5197 return 1;
5198 }
5199
49715200 /** process chunk list and update zone in memory,
49725201 * return false if it did not work */
49735202 static int
49775206 struct auth_zone* z;
49785207
49795208 /* obtain locks and structures */
4980 /* release xfr lock, then, while holding az->lock grab both
4981 * z->lock and xfr->lock */
49825209 lock_basic_unlock(&xfr->lock);
4983 lock_rw_rdlock(&env->auth_zones->lock);
4984 z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
4985 xfr->dclass);
4986 if(!z) {
4987 lock_rw_unlock(&env->auth_zones->lock);
5210 if(!xfr_process_reacquire_locks(xfr, env, &z)) {
49885211 /* the zone is gone, ignore xfr results */
4989 lock_basic_lock(&xfr->lock);
4990 return 0;
4991 }
4992 lock_rw_wrlock(&z->lock);
4993 lock_basic_lock(&xfr->lock);
4994 lock_rw_unlock(&env->auth_zones->lock);
5212 return 0;
5213 }
5214 /* holding xfr and z locks */
49955215
49965216 /* apply data */
49975217 if(xfr->task_transfer->master->http) {
50265246 " (or malformed RR)", xfr->task_transfer->master->host);
50275247 return 0;
50285248 }
5249
5250 /* release xfr lock while verifying zonemd because it may have
5251 * to spawn lookups in the state machines */
5252 lock_basic_unlock(&xfr->lock);
5253 /* holding z lock */
5254 auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 0);
5255 if(z->zone_expired) {
5256 char zname[256];
5257 /* ZONEMD must have failed */
5258 /* reacquire locks, so we hold xfr lock on exit of routine,
5259 * and both xfr and z again after releasing xfr for potential
5260 * state machine mesh callbacks */
5261 lock_rw_unlock(&z->lock);
5262 if(!xfr_process_reacquire_locks(xfr, env, &z))
5263 return 0;
5264 dname_str(xfr->name, zname);
5265 verbose(VERB_ALGO, "xfr from %s: ZONEMD failed for %s, transfer is failed", xfr->task_transfer->master->host, zname);
5266 xfr->zone_expired = 1;
5267 lock_rw_unlock(&z->lock);
5268 return 0;
5269 }
5270 /* reacquire locks, so we hold xfr lock on exit of routine,
5271 * and both xfr and z again after releasing xfr for potential
5272 * state machine mesh callbacks */
5273 lock_rw_unlock(&z->lock);
5274 if(!xfr_process_reacquire_locks(xfr, env, &z))
5275 return 0;
5276 /* holding xfr and z locks */
5277
50295278 if(xfr->have_zone)
50305279 xfr->lease_time = *env->now;
50315280
51085357 edns.ext_rcode = 0;
51095358 edns.edns_version = 0;
51105359 edns.bits = EDNS_DO;
5111 edns.opt_list = NULL;
5360 edns.opt_list_in = NULL;
5361 edns.opt_list_out = NULL;
5362 edns.opt_list_inplace_cb_out = NULL;
51125363 edns.padding_block_size = 0;
51135364 if(sldns_buffer_capacity(buf) < 65535)
51145365 edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
51875438 xfr->task_transfer->cp = outnet_comm_point_for_http(
51885439 env->outnet, auth_xfer_transfer_http_callback, xfr,
51895440 &addr, addrlen, -1, master->ssl, master->host,
5190 master->file);
5441 master->file, env->cfg);
51915442 if(!xfr->task_transfer->cp) {
51925443 char zname[255+1], as[256];
51935444 dname_str(xfr->name, zname);
52095460 /* perform AXFR/IXFR */
52105461 /* set the packet to be written */
52115462 /* create new ID */
5212 xfr->task_transfer->id = (uint16_t)(ub_random(env->rnd)&0xffff);
5463 xfr->task_transfer->id = GET_RANDOM_ID(env->rnd);
52135464 xfr_create_ixfr_packet(xfr, env->scratch_buffer,
52145465 xfr->task_transfer->id, master);
52155466
60596310 /* create new ID for new probes, but not on timeout retries,
60606311 * this means we'll accept replies to previous retries to same ip */
60616312 if(timeout == AUTH_PROBE_TIMEOUT)
6062 xfr->task_probe->id = (uint16_t)(ub_random(env->rnd)&0xffff);
6313 xfr->task_probe->id = GET_RANDOM_ID(env->rnd);
60636314 xfr_create_soa_probe_packet(xfr, env->scratch_buffer,
60646315 xfr->task_probe->id);
60656316 /* we need to remove the cp if we have a different ip4/ip6 type now */
62416492 comm_point_delete(xfr->task_probe->cp);
62426493 xfr->task_probe->cp = NULL;
62436494
6244 /* if the result was not a successfull probe, we need
6495 /* if the result was not a successful probe, we need
62456496 * to send the next one */
62466497 xfr_probe_nextmaster(xfr);
62476498 xfr_probe_send_or_end(xfr, env);
62976548 edns.ext_rcode = 0;
62986549 edns.edns_version = 0;
62996550 edns.bits = EDNS_DO;
6300 edns.opt_list = NULL;
6551 edns.opt_list_in = NULL;
6552 edns.opt_list_out = NULL;
6553 edns.opt_list_inplace_cb_out = NULL;
63016554 edns.padding_block_size = 0;
63026555 if(sldns_buffer_capacity(buf) < 65535)
63036556 edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
69107163 while(p && *p == '/')
69117164 p++;
69127165 if(!p || p[0] == 0)
6913 *file = strdup("index.html");
7166 *file = strdup("/");
69147167 else *file = strdup(p);
69157168 if(!*file) {
69167169 log_err("malloc failure");
69327185 if(with_http)
69337186 for(p = c->urls; p; p = p->next) {
69347187 m = auth_master_new(&list);
7188 if(!m) return 0;
69357189 m->http = 1;
69367190 if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl))
69377191 return 0;
69387192 }
69397193 for(p = c->masters; p; p = p->next) {
69407194 m = auth_master_new(&list);
7195 if(!m) return 0;
69417196 m->ixfr = 1; /* this flag is not configurable */
69427197 m->host = strdup(p->str);
69437198 if(!m->host) {
69477202 }
69487203 for(p = c->allow_notify; p; p = p->next) {
69497204 m = auth_master_new(&list);
7205 if(!m) return 0;
69507206 m->allow_notify = 1;
69517207 m->host = strdup(p->str);
69527208 if(!m->host) {
69717227 return 1;
69727228 }
69737229 }
7230
7231 int zonemd_hashalgo_supported(int hashalgo)
7232 {
7233 if(hashalgo == ZONEMD_ALGO_SHA384) return 1;
7234 if(hashalgo == ZONEMD_ALGO_SHA512) return 1;
7235 return 0;
7236 }
7237
7238 int zonemd_scheme_supported(int scheme)
7239 {
7240 if(scheme == ZONEMD_SCHEME_SIMPLE) return 1;
7241 return 0;
7242 }
7243
7244 /** initialize hash for hashing with zonemd hash algo */
7245 static struct secalgo_hash* zonemd_digest_init(int hashalgo, char** reason)
7246 {
7247 struct secalgo_hash *h;
7248 if(hashalgo == ZONEMD_ALGO_SHA384) {
7249 /* sha384 */
7250 h = secalgo_hash_create_sha384();
7251 if(!h)
7252 *reason = "digest sha384 could not be created";
7253 return h;
7254 } else if(hashalgo == ZONEMD_ALGO_SHA512) {
7255 /* sha512 */
7256 h = secalgo_hash_create_sha512();
7257 if(!h)
7258 *reason = "digest sha512 could not be created";
7259 return h;
7260 }
7261 /* unknown hash algo */
7262 *reason = "unsupported algorithm";
7263 return NULL;
7264 }
7265
7266 /** update the hash for zonemd */
7267 static int zonemd_digest_update(int hashalgo, struct secalgo_hash* h,
7268 uint8_t* data, size_t len, char** reason)
7269 {
7270 if(hashalgo == ZONEMD_ALGO_SHA384) {
7271 if(!secalgo_hash_update(h, data, len)) {
7272 *reason = "digest sha384 failed";
7273 return 0;
7274 }
7275 return 1;
7276 } else if(hashalgo == ZONEMD_ALGO_SHA512) {
7277 if(!secalgo_hash_update(h, data, len)) {
7278 *reason = "digest sha512 failed";
7279 return 0;
7280 }
7281 return 1;
7282 }
7283 /* unknown hash algo */
7284 *reason = "unsupported algorithm";
7285 return 0;
7286 }
7287
7288 /** finish the hash for zonemd */
7289 static int zonemd_digest_finish(int hashalgo, struct secalgo_hash* h,
7290 uint8_t* result, size_t hashlen, size_t* resultlen, char** reason)
7291 {
7292 if(hashalgo == ZONEMD_ALGO_SHA384) {
7293 if(hashlen < 384/8) {
7294 *reason = "digest buffer too small for sha384";
7295 return 0;
7296 }
7297 if(!secalgo_hash_final(h, result, hashlen, resultlen)) {
7298 *reason = "digest sha384 finish failed";
7299 return 0;
7300 }
7301 return 1;
7302 } else if(hashalgo == ZONEMD_ALGO_SHA512) {
7303 if(hashlen < 512/8) {
7304 *reason = "digest buffer too small for sha512";
7305 return 0;
7306 }
7307 if(!secalgo_hash_final(h, result, hashlen, resultlen)) {
7308 *reason = "digest sha512 finish failed";
7309 return 0;
7310 }
7311 return 1;
7312 }
7313 /* unknown algo */
7314 *reason = "unsupported algorithm";
7315 return 0;
7316 }
7317
7318 /** add rrsets from node to the list */
7319 static size_t authdata_rrsets_to_list(struct auth_rrset** array,
7320 size_t arraysize, struct auth_rrset* first)
7321 {
7322 struct auth_rrset* rrset = first;
7323 size_t num = 0;
7324 while(rrset) {
7325 if(num >= arraysize)
7326 return num;
7327 array[num] = rrset;
7328 num++;
7329 rrset = rrset->next;
7330 }
7331 return num;
7332 }
7333
7334 /** compare rr list entries */
7335 static int rrlist_compare(const void* arg1, const void* arg2)
7336 {
7337 struct auth_rrset* r1 = *(struct auth_rrset**)arg1;
7338 struct auth_rrset* r2 = *(struct auth_rrset**)arg2;
7339 uint16_t t1, t2;
7340 if(r1 == NULL) t1 = LDNS_RR_TYPE_RRSIG;
7341 else t1 = r1->type;
7342 if(r2 == NULL) t2 = LDNS_RR_TYPE_RRSIG;
7343 else t2 = r2->type;
7344 if(t1 < t2)
7345 return -1;
7346 if(t1 > t2)
7347 return 1;
7348 return 0;
7349 }
7350
7351 /** add type RRSIG to rr list if not one there already,
7352 * this is to perform RRSIG collate processing at that point. */
7353 static void addrrsigtype_if_needed(struct auth_rrset** array,
7354 size_t arraysize, size_t* rrnum, struct auth_data* node)
7355 {
7356 if(az_domain_rrset(node, LDNS_RR_TYPE_RRSIG))
7357 return; /* already one there */
7358 if((*rrnum) >= arraysize)
7359 return; /* array too small? */
7360 array[*rrnum] = NULL; /* nothing there, but need entry in list */
7361 (*rrnum)++;
7362 }
7363
7364 /** collate the RRs in an RRset using the simple scheme */
7365 static int zonemd_simple_rrset(struct auth_zone* z, int hashalgo,
7366 struct secalgo_hash* h, struct auth_data* node,
7367 struct auth_rrset* rrset, struct regional* region,
7368 struct sldns_buffer* buf, char** reason)
7369 {
7370 /* canonicalize */
7371 struct ub_packed_rrset_key key;
7372 memset(&key, 0, sizeof(key));
7373 key.entry.key = &key;
7374 key.entry.data = rrset->data;
7375 key.rk.dname = node->name;
7376 key.rk.dname_len = node->namelen;
7377 key.rk.type = htons(rrset->type);
7378 key.rk.rrset_class = htons(z->dclass);
7379 if(!rrset_canonicalize_to_buffer(region, buf, &key)) {
7380 *reason = "out of memory";
7381 return 0;
7382 }
7383 regional_free_all(region);
7384
7385 /* hash */
7386 if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf),
7387 sldns_buffer_limit(buf), reason)) {
7388 return 0;
7389 }
7390 return 1;
7391 }
7392
7393 /** count number of RRSIGs in a domain name rrset list */
7394 static size_t zonemd_simple_count_rrsig(struct auth_rrset* rrset,
7395 struct auth_rrset** rrlist, size_t rrnum,
7396 struct auth_zone* z, struct auth_data* node)
7397 {
7398 size_t i, count = 0;
7399 if(rrset) {
7400 size_t j;
7401 for(j = 0; j<rrset->data->count; j++) {
7402 if(rrsig_rdata_get_type_covered(rrset->data->
7403 rr_data[j], rrset->data->rr_len[j]) ==
7404 LDNS_RR_TYPE_ZONEMD &&
7405 query_dname_compare(z->name, node->name)==0) {
7406 /* omit RRSIGs over type ZONEMD at apex */
7407 continue;
7408 }
7409 count++;
7410 }
7411 }
7412 for(i=0; i<rrnum; i++) {
7413 if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7414 query_dname_compare(z->name, node->name)==0) {
7415 /* omit RRSIGs over type ZONEMD at apex */
7416 continue;
7417 }
7418 count += (rrlist[i]?rrlist[i]->data->rrsig_count:0);
7419 }
7420 return count;
7421 }
7422
7423 /** allocate sparse rrset data for the number of entries in tepm region */
7424 static int zonemd_simple_rrsig_allocs(struct regional* region,
7425 struct packed_rrset_data* data, size_t count)
7426 {
7427 data->rr_len = regional_alloc(region, sizeof(*data->rr_len) * count);
7428 if(!data->rr_len) {
7429 return 0;
7430 }
7431 data->rr_ttl = regional_alloc(region, sizeof(*data->rr_ttl) * count);
7432 if(!data->rr_ttl) {
7433 return 0;
7434 }
7435 data->rr_data = regional_alloc(region, sizeof(*data->rr_data) * count);
7436 if(!data->rr_data) {
7437 return 0;
7438 }
7439 return 1;
7440 }
7441
7442 /** add the RRSIGs from the rrs in the domain into the data */
7443 static void add_rrlist_rrsigs_into_data(struct packed_rrset_data* data,
7444 size_t* done, struct auth_rrset** rrlist, size_t rrnum,
7445 struct auth_zone* z, struct auth_data* node)
7446 {
7447 size_t i;
7448 for(i=0; i<rrnum; i++) {
7449 size_t j;
7450 if(!rrlist[i])
7451 continue;
7452 if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7453 query_dname_compare(z->name, node->name)==0) {
7454 /* omit RRSIGs over type ZONEMD at apex */
7455 continue;
7456 }
7457 for(j = 0; j<rrlist[i]->data->rrsig_count; j++) {
7458 data->rr_len[*done] = rrlist[i]->data->rr_len[rrlist[i]->data->count + j];
7459 data->rr_ttl[*done] = rrlist[i]->data->rr_ttl[rrlist[i]->data->count + j];
7460 /* reference the rdata in the rrset, no need to
7461 * copy it, it is no longer needed at the end of
7462 * the routine */
7463 data->rr_data[*done] = rrlist[i]->data->rr_data[rrlist[i]->data->count + j];
7464 (*done)++;
7465 }
7466 }
7467 }
7468
7469 static void add_rrset_into_data(struct packed_rrset_data* data,
7470 size_t* done, struct auth_rrset* rrset,
7471 struct auth_zone* z, struct auth_data* node)
7472 {
7473 if(rrset) {
7474 size_t j;
7475 for(j = 0; j<rrset->data->count; j++) {
7476 if(rrsig_rdata_get_type_covered(rrset->data->
7477 rr_data[j], rrset->data->rr_len[j]) ==
7478 LDNS_RR_TYPE_ZONEMD &&
7479 query_dname_compare(z->name, node->name)==0) {
7480 /* omit RRSIGs over type ZONEMD at apex */
7481 continue;
7482 }
7483 data->rr_len[*done] = rrset->data->rr_len[j];
7484 data->rr_ttl[*done] = rrset->data->rr_ttl[j];
7485 /* reference the rdata in the rrset, no need to
7486 * copy it, it is no longer need at the end of
7487 * the routine */
7488 data->rr_data[*done] = rrset->data->rr_data[j];
7489 (*done)++;
7490 }
7491 }
7492 }
7493
7494 /** collate the RRSIGs using the simple scheme */
7495 static int zonemd_simple_rrsig(struct auth_zone* z, int hashalgo,
7496 struct secalgo_hash* h, struct auth_data* node,
7497 struct auth_rrset* rrset, struct auth_rrset** rrlist, size_t rrnum,
7498 struct regional* region, struct sldns_buffer* buf, char** reason)
7499 {
7500 /* the rrset pointer can be NULL, this means it is type RRSIG and
7501 * there is no ordinary type RRSIG there. The RRSIGs are stored
7502 * with the RRsets in their data.
7503 *
7504 * The RRset pointer can be nonNULL. This happens if there is
7505 * no RR that is covered by the RRSIG for the domain. Then this
7506 * RRSIG RR is stored in an rrset of type RRSIG. The other RRSIGs
7507 * are stored in the rrset entries for the RRs in the rr list for
7508 * the domain node. We need to collate the rrset's data, if any, and
7509 * the rrlist's rrsigs */
7510 /* if this is the apex, omit RRSIGs that cover type ZONEMD */
7511 /* build rrsig rrset */
7512 size_t done = 0;
7513 struct ub_packed_rrset_key key;
7514 struct packed_rrset_data data;
7515 memset(&key, 0, sizeof(key));
7516 memset(&data, 0, sizeof(data));
7517 key.entry.key = &key;
7518 key.entry.data = &data;
7519 key.rk.dname = node->name;
7520 key.rk.dname_len = node->namelen;
7521 key.rk.type = htons(LDNS_RR_TYPE_RRSIG);
7522 key.rk.rrset_class = htons(z->dclass);
7523 data.count = zonemd_simple_count_rrsig(rrset, rrlist, rrnum, z, node);
7524 if(!zonemd_simple_rrsig_allocs(region, &data, data.count)) {
7525 *reason = "out of memory";
7526 regional_free_all(region);
7527 return 0;
7528 }
7529 /* all the RRSIGs stored in the other rrsets for this domain node */
7530 add_rrlist_rrsigs_into_data(&data, &done, rrlist, rrnum, z, node);
7531 /* plus the RRSIGs stored in an rrset of type RRSIG for this node */
7532 add_rrset_into_data(&data, &done, rrset, z, node);
7533
7534 /* canonicalize */
7535 if(!rrset_canonicalize_to_buffer(region, buf, &key)) {
7536 *reason = "out of memory";
7537 regional_free_all(region);
7538 return 0;
7539 }
7540 regional_free_all(region);
7541
7542 /* hash */
7543 if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf),
7544 sldns_buffer_limit(buf), reason)) {
7545 return 0;
7546 }
7547 return 1;
7548 }
7549
7550 /** collate a domain's rrsets using the simple scheme */
7551 static int zonemd_simple_domain(struct auth_zone* z, int hashalgo,
7552 struct secalgo_hash* h, struct auth_data* node,
7553 struct regional* region, struct sldns_buffer* buf, char** reason)
7554 {
7555 const size_t rrlistsize = 65536;
7556 struct auth_rrset* rrlist[rrlistsize];
7557 size_t i, rrnum = 0;
7558 /* see if the domain is out of scope, the zone origin,
7559 * that would be omitted */
7560 if(!dname_subdomain_c(node->name, z->name))
7561 return 1; /* continue */
7562 /* loop over the rrsets in ascending order. */
7563 rrnum = authdata_rrsets_to_list(rrlist, rrlistsize, node->rrsets);
7564 addrrsigtype_if_needed(rrlist, rrlistsize, &rrnum, node);
7565 qsort(rrlist, rrnum, sizeof(*rrlist), rrlist_compare);
7566 for(i=0; i<rrnum; i++) {
7567 if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7568 query_dname_compare(z->name, node->name) == 0) {
7569 /* omit type ZONEMD at apex */
7570 continue;
7571 }
7572 if(rrlist[i] == NULL || rrlist[i]->type ==
7573 LDNS_RR_TYPE_RRSIG) {
7574 if(!zonemd_simple_rrsig(z, hashalgo, h, node,
7575 rrlist[i], rrlist, rrnum, region, buf, reason))
7576 return 0;
7577 } else if(!zonemd_simple_rrset(z, hashalgo, h, node,
7578 rrlist[i], region, buf, reason)) {
7579 return 0;
7580 }
7581 }
7582 return 1;
7583 }
7584
7585 /** collate the zone using the simple scheme */
7586 static int zonemd_simple_collate(struct auth_zone* z, int hashalgo,
7587 struct secalgo_hash* h, struct regional* region,
7588 struct sldns_buffer* buf, char** reason)
7589 {
7590 /* our tree is sorted in canonical order, so we can just loop over
7591 * the tree */
7592 struct auth_data* n;
7593 RBTREE_FOR(n, struct auth_data*, &z->data) {
7594 if(!zonemd_simple_domain(z, hashalgo, h, n, region, buf,
7595 reason))
7596 return 0;
7597 }
7598 return 1;
7599 }
7600
7601 int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme,
7602 int hashalgo, uint8_t* hash, size_t hashlen, size_t* resultlen,
7603 struct regional* region, struct sldns_buffer* buf, char** reason)
7604 {
7605 struct secalgo_hash* h = zonemd_digest_init(hashalgo, reason);
7606 if(!h) {
7607 if(!*reason)
7608 *reason = "digest init fail";
7609 return 0;
7610 }
7611 if(scheme == ZONEMD_SCHEME_SIMPLE) {
7612 if(!zonemd_simple_collate(z, hashalgo, h, region, buf, reason)) {
7613 if(!*reason) *reason = "scheme simple collate fail";
7614 secalgo_hash_delete(h);
7615 return 0;
7616 }
7617 }
7618 if(!zonemd_digest_finish(hashalgo, h, hash, hashlen, resultlen,
7619 reason)) {
7620 secalgo_hash_delete(h);
7621 *reason = "digest finish fail";
7622 return 0;
7623 }
7624 secalgo_hash_delete(h);
7625 return 1;
7626 }
7627
7628 int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme,
7629 int hashalgo, uint8_t* hash, size_t hashlen, struct regional* region,
7630 struct sldns_buffer* buf, char** reason)
7631 {
7632 uint8_t gen[512];
7633 size_t genlen = 0;
7634 if(!zonemd_hashalgo_supported(hashalgo)) {
7635 *reason = "unsupported algorithm";
7636 return 0;
7637 }
7638 if(!zonemd_scheme_supported(scheme)) {
7639 *reason = "unsupported scheme";
7640 return 0;
7641 }
7642 if(hashlen < 12) {
7643 /* the ZONEMD draft requires digests to fail if too small */
7644 *reason = "digest length too small, less than 12";
7645 return 0;
7646 }
7647 /* generate digest */
7648 if(!auth_zone_generate_zonemd_hash(z, scheme, hashalgo, gen,
7649 sizeof(gen), &genlen, region, buf, reason)) {
7650 /* reason filled in by zonemd hash routine */
7651 return 0;
7652 }
7653 /* check digest length */
7654 if(hashlen != genlen) {
7655 *reason = "incorrect digest length";
7656 if(verbosity >= VERB_ALGO) {
7657 verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d",
7658 scheme, hashalgo);
7659 log_hex("ZONEMD should be ", gen, genlen);
7660 log_hex("ZONEMD to check is", hash, hashlen);
7661 }
7662 return 0;
7663 }
7664 /* check digest */
7665 if(memcmp(hash, gen, genlen) != 0) {
7666 *reason = "incorrect digest";
7667 if(verbosity >= VERB_ALGO) {
7668 verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d",
7669 scheme, hashalgo);
7670 log_hex("ZONEMD should be ", gen, genlen);
7671 log_hex("ZONEMD to check is", hash, hashlen);
7672 }
7673 return 0;
7674 }
7675 return 1;
7676 }
7677
7678 /** log auth zone message with zone name in front. */
7679 static void auth_zone_log(uint8_t* name, enum verbosity_value level,
7680 const char* format, ...) ATTR_FORMAT(printf, 3, 4);
7681 static void auth_zone_log(uint8_t* name, enum verbosity_value level,
7682 const char* format, ...)
7683 {
7684 va_list args;
7685 va_start(args, format);
7686 if(verbosity >= level) {
7687 char str[255+1];
7688 char msg[MAXSYSLOGMSGLEN];
7689 dname_str(name, str);
7690 vsnprintf(msg, sizeof(msg), format, args);
7691 verbose(level, "auth zone %s %s", str, msg);
7692 }
7693 va_end(args);
7694 }
7695
7696 /** ZONEMD, dnssec verify the rrset with the dnskey */
7697 static int zonemd_dnssec_verify_rrset(struct auth_zone* z,
7698 struct module_env* env, struct module_stack* mods,
7699 struct ub_packed_rrset_key* dnskey, struct auth_data* node,
7700 struct auth_rrset* rrset, char** why_bogus, uint8_t* sigalg)
7701 {
7702 struct ub_packed_rrset_key pk;
7703 enum sec_status sec;
7704 struct val_env* ve;
7705 int m;
7706 m = modstack_find(mods, "validator");
7707 if(m == -1) {
7708 auth_zone_log(z->name, VERB_ALGO, "zonemd dnssec verify: have "
7709 "DNSKEY chain of trust, but no validator module");
7710 return 0;
7711 }
7712 ve = (struct val_env*)env->modinfo[m];
7713
7714 memset(&pk, 0, sizeof(pk));
7715 pk.entry.key = &pk;
7716 pk.entry.data = rrset->data;
7717 pk.rk.dname = node->name;
7718 pk.rk.dname_len = node->namelen;
7719 pk.rk.type = htons(rrset->type);
7720 pk.rk.rrset_class = htons(z->dclass);
7721 if(verbosity >= VERB_ALGO) {
7722 char typestr[32];
7723 typestr[0]=0;
7724 sldns_wire2str_type_buf(rrset->type, typestr, sizeof(typestr));
7725 auth_zone_log(z->name, VERB_ALGO,
7726 "zonemd: verify %s RRset with DNSKEY", typestr);
7727 }
7728 sec = dnskeyset_verify_rrset(env, ve, &pk, dnskey, sigalg, why_bogus,
7729 LDNS_SECTION_ANSWER, NULL);
7730 if(sec == sec_status_secure) {
7731 return 1;
7732 }
7733 if(why_bogus)
7734 auth_zone_log(z->name, VERB_ALGO, "DNSSEC verify was bogus: %s", *why_bogus);
7735 return 0;
7736 }
7737
7738 /** check for nsec3, the RR with params equal, if bitmap has the type */
7739 static int nsec3_of_param_has_type(struct auth_rrset* nsec3, int algo,
7740 size_t iter, uint8_t* salt, size_t saltlen, uint16_t rrtype)
7741 {
7742 int i, count = (int)nsec3->data->count;
7743 struct ub_packed_rrset_key pk;
7744 memset(&pk, 0, sizeof(pk));
7745 pk.entry.data = nsec3->data;
7746 for(i=0; i<count; i++) {
7747 int rralgo;
7748 size_t rriter, rrsaltlen;
7749 uint8_t* rrsalt;
7750 if(!nsec3_get_params(&pk, i, &rralgo, &rriter, &rrsalt,
7751 &rrsaltlen))
7752 continue; /* no parameters, malformed */
7753 if(rralgo != algo || rriter != iter || rrsaltlen != saltlen)
7754 continue; /* different parameters */
7755 if(saltlen != 0) {
7756 if(rrsalt == NULL || salt == NULL)
7757 continue;
7758 if(memcmp(rrsalt, salt, saltlen) != 0)
7759 continue; /* different salt parameters */
7760 }
7761 if(nsec3_has_type(&pk, i, rrtype))
7762 return 1;
7763 }
7764 return 0;
7765 }
7766
7767 /** Verify the absence of ZONEMD with DNSSEC by checking NSEC, NSEC3 type flag.
7768 * return false on failure, reason contains description of failure. */
7769 static int zonemd_check_dnssec_absence(struct auth_zone* z,
7770 struct module_env* env, struct module_stack* mods,
7771 struct ub_packed_rrset_key* dnskey, struct auth_data* apex,
7772 char** reason, char** why_bogus, uint8_t* sigalg)
7773 {
7774 struct auth_rrset* nsec = NULL;
7775 if(!apex) {
7776 *reason = "zone has no apex domain but ZONEMD missing";
7777 return 0;
7778 }
7779 nsec = az_domain_rrset(apex, LDNS_RR_TYPE_NSEC);
7780 if(nsec) {
7781 struct ub_packed_rrset_key pk;
7782 /* dnssec verify the NSEC */
7783 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex,
7784 nsec, why_bogus, sigalg)) {
7785 *reason = "DNSSEC verify failed for NSEC RRset";
7786 return 0;
7787 }
7788 /* check type bitmap */
7789 memset(&pk, 0, sizeof(pk));
7790 pk.entry.data = nsec->data;
7791 if(nsec_has_type(&pk, LDNS_RR_TYPE_ZONEMD)) {
7792 *reason = "DNSSEC NSEC bitmap says type ZONEMD exists";
7793 return 0;
7794 }
7795 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC verification of absence of ZONEMD secure");
7796 } else {
7797 /* NSEC3 perhaps ? */
7798 int algo;
7799 size_t iter, saltlen;
7800 uint8_t* salt;
7801 struct auth_rrset* nsec3param = az_domain_rrset(apex,
7802 LDNS_RR_TYPE_NSEC3PARAM);
7803 struct auth_data* match;
7804 struct auth_rrset* nsec3;
7805 if(!nsec3param) {
7806 *reason = "zone has no NSEC information but ZONEMD missing";
7807 return 0;
7808 }
7809 if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen)) {
7810 *reason = "zone has no NSEC information but ZONEMD missing";
7811 return 0;
7812 }
7813 /* find the NSEC3 record */
7814 match = az_nsec3_find_exact(z, z->name, z->namelen, algo,
7815 iter, salt, saltlen);
7816 if(!match) {
7817 *reason = "zone has no NSEC3 domain for the apex but ZONEMD missing";
7818 return 0;
7819 }
7820 nsec3 = az_domain_rrset(match, LDNS_RR_TYPE_NSEC3);
7821 if(!nsec3) {
7822 *reason = "zone has no NSEC3 RRset for the apex but ZONEMD missing";
7823 return 0;
7824 }
7825 /* dnssec verify the NSEC3 */
7826 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, match,
7827 nsec3, why_bogus, sigalg)) {
7828 *reason = "DNSSEC verify failed for NSEC3 RRset";
7829 return 0;
7830 }
7831 /* check type bitmap */
7832 if(nsec3_of_param_has_type(nsec3, algo, iter, salt, saltlen,
7833 LDNS_RR_TYPE_ZONEMD)) {
7834 *reason = "DNSSEC NSEC3 bitmap says type ZONEMD exists";
7835 return 0;
7836 }
7837 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC3 verification of absence of ZONEMD secure");
7838 }
7839
7840 return 1;
7841 }
7842
7843 /** Verify the SOA and ZONEMD DNSSEC signatures.
7844 * return false on failure, reason contains description of failure. */
7845 static int zonemd_check_dnssec_soazonemd(struct auth_zone* z,
7846 struct module_env* env, struct module_stack* mods,
7847 struct ub_packed_rrset_key* dnskey, struct auth_data* apex,
7848 struct auth_rrset* zonemd_rrset, char** reason, char** why_bogus,
7849 uint8_t* sigalg)
7850 {
7851 struct auth_rrset* soa;
7852 if(!apex) {
7853 *reason = "zone has no apex domain";
7854 return 0;
7855 }
7856 soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
7857 if(!soa) {
7858 *reason = "zone has no SOA RRset";
7859 return 0;
7860 }
7861 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, soa,
7862 why_bogus, sigalg)) {
7863 *reason = "DNSSEC verify failed for SOA RRset";
7864 return 0;
7865 }
7866 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex,
7867 zonemd_rrset, why_bogus, sigalg)) {
7868 *reason = "DNSSEC verify failed for ZONEMD RRset";
7869 return 0;
7870 }
7871 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC verification of SOA and ZONEMD RRsets secure");
7872 return 1;
7873 }
7874
7875 /**
7876 * Fail the ZONEMD verification.
7877 * @param z: auth zone that fails.
7878 * @param env: environment with config, to ignore failure or not.
7879 * @param reason: failure string description.
7880 * @param why_bogus: failure string for DNSSEC verification failure.
7881 * @param result: strdup result in here if not NULL.
7882 */
7883 static void auth_zone_zonemd_fail(struct auth_zone* z, struct module_env* env,
7884 char* reason, char* why_bogus, char** result)
7885 {
7886 char zstr[255+1];
7887 /* if fail: log reason, and depending on config also take action
7888 * and drop the zone, eg. it is gone from memory, set zone_expired */
7889 dname_str(z->name, zstr);
7890 if(!reason) reason = "verification failed";
7891 if(result) {
7892 if(why_bogus) {
7893 char res[1024];
7894 snprintf(res, sizeof(res), "%s: %s", reason,
7895 why_bogus);
7896 *result = strdup(res);
7897 } else {
7898 *result = strdup(reason);
7899 }
7900 if(!*result) log_err("out of memory");
7901 } else {
7902 log_warn("auth zone %s: ZONEMD verification failed: %s", zstr, reason);
7903 }
7904
7905 if(env->cfg->zonemd_permissive_mode) {
7906 verbose(VERB_ALGO, "zonemd-permissive-mode enabled, "
7907 "not blocking zone %s", zstr);
7908 return;
7909 }
7910
7911 /* expired means the zone gives servfail and is not used by
7912 * lookup if fallback_enabled*/
7913 z->zone_expired = 1;
7914 }
7915
7916 /**
7917 * Verify the zonemd with DNSSEC and hash check, with given key.
7918 * @param z: auth zone.
7919 * @param env: environment with config and temp buffers.
7920 * @param mods: module stack with validator env for verification.
7921 * @param dnskey: dnskey that we can use, or NULL. If nonnull, the key
7922 * has been verified and is the start of the chain of trust.
7923 * @param is_insecure: if true, the dnskey is not used, the zone is insecure.
7924 * And dnssec is not used. It is DNSSEC secure insecure or not under
7925 * a trust anchor.
7926 * @param sigalg: if nonNULL provide algorithm downgrade protection.
7927 * Otherwise one algorithm is enough. Must have space of ALGO_NEEDS_MAX+1.
7928 * @param result: if not NULL result reason copied here.
7929 */
7930 static void
7931 auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env,
7932 struct module_stack* mods, struct ub_packed_rrset_key* dnskey,
7933 int is_insecure, char** result, uint8_t* sigalg)
7934 {
7935 char* reason = NULL, *why_bogus = NULL;
7936 struct auth_data* apex = NULL;
7937 struct auth_rrset* zonemd_rrset = NULL;
7938 int zonemd_absent = 0, zonemd_absence_dnssecok = 0;
7939
7940 /* see if ZONEMD is present or absent. */
7941 apex = az_find_name(z, z->name, z->namelen);
7942 if(!apex) {
7943 zonemd_absent = 1;
7944 } else {
7945 zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD);
7946 if(!zonemd_rrset || zonemd_rrset->data->count==0) {
7947 zonemd_absent = 1;
7948 zonemd_rrset = NULL;
7949 }
7950 }
7951
7952 /* if no DNSSEC, done. */
7953 /* if no ZONEMD, and DNSSEC, use DNSKEY to verify NSEC or NSEC3 for
7954 * zone apex. Check ZONEMD bit is turned off or else fail */
7955 /* if ZONEMD, and DNSSEC, check DNSSEC signature on SOA and ZONEMD,
7956 * or else fail */
7957 if(!dnskey && !is_insecure) {
7958 auth_zone_zonemd_fail(z, env, "DNSKEY missing", NULL, result);
7959 return;
7960 } else if(!zonemd_rrset && dnskey && !is_insecure) {
7961 /* fetch, DNSSEC verify, and check NSEC/NSEC3 */
7962 if(!zonemd_check_dnssec_absence(z, env, mods, dnskey, apex,
7963 &reason, &why_bogus, sigalg)) {
7964 auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
7965 return;
7966 }
7967 zonemd_absence_dnssecok = 1;
7968 } else if(zonemd_rrset && dnskey && !is_insecure) {
7969 /* check DNSSEC verify of SOA and ZONEMD */
7970 if(!zonemd_check_dnssec_soazonemd(z, env, mods, dnskey, apex,
7971 zonemd_rrset, &reason, &why_bogus, sigalg)) {
7972 auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
7973 return;
7974 }
7975 }
7976
7977 if(zonemd_absent && z->zonemd_reject_absence) {
7978 auth_zone_zonemd_fail(z, env, "ZONEMD absent and that is not allowed by config", NULL, result);
7979 return;
7980 }
7981 if(zonemd_absent && zonemd_absence_dnssecok) {
7982 auth_zone_log(z->name, VERB_ALGO, "DNSSEC verified nonexistence of ZONEMD");
7983 if(result) {
7984 *result = strdup("DNSSEC verified nonexistence of ZONEMD");
7985 if(!*result) log_err("out of memory");
7986 }
7987 return;
7988 }
7989 if(zonemd_absent) {
7990 auth_zone_log(z->name, VERB_ALGO, "no ZONEMD present");
7991 if(result) {
7992 *result = strdup("no ZONEMD present");
7993 if(!*result) log_err("out of memory");
7994 }
7995 return;
7996 }
7997
7998 /* check ZONEMD checksum and report or else fail. */
7999 if(!auth_zone_zonemd_check_hash(z, env, &reason)) {
8000 auth_zone_zonemd_fail(z, env, reason, NULL, result);
8001 return;
8002 }
8003
8004 /* success! log the success */
8005 auth_zone_log(z->name, VERB_ALGO, "ZONEMD verification successful");
8006 if(result) {
8007 *result = strdup("ZONEMD verification successful");
8008 if(!*result) log_err("out of memory");
8009 }
8010 }
8011
8012 /**
8013 * verify the zone DNSKEY rrset from the trust anchor
8014 * This is possible because the anchor is for the zone itself, and can
8015 * thus apply straight to the zone DNSKEY set.
8016 * @param z: the auth zone.
8017 * @param env: environment with time and temp buffers.
8018 * @param mods: module stack for validator environment for dnssec validation.
8019 * @param anchor: trust anchor to use
8020 * @param is_insecure: returned, true if the zone is securely insecure.
8021 * @param why_bogus: if the routine fails, returns the failure reason.
8022 * @param keystorage: where to store the ub_packed_rrset_key that is created
8023 * on success. A pointer to it is returned on success.
8024 * @return the dnskey RRset, reference to zone data and keystorage, or
8025 * NULL on failure.
8026 */
8027 static struct ub_packed_rrset_key*
8028 zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env,
8029 struct module_stack* mods, struct trust_anchor* anchor,
8030 int* is_insecure, char** why_bogus,
8031 struct ub_packed_rrset_key* keystorage)
8032 {
8033 struct auth_data* apex;
8034 struct auth_rrset* dnskey_rrset;
8035 enum sec_status sec;
8036 struct val_env* ve;
8037 int m;
8038
8039 apex = az_find_name(z, z->name, z->namelen);
8040 if(!apex) {
8041 *why_bogus = "have trust anchor, but zone has no apex domain for DNSKEY";
8042 return 0;
8043 }
8044 dnskey_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_DNSKEY);
8045 if(!dnskey_rrset || dnskey_rrset->data->count==0) {
8046 *why_bogus = "have trust anchor, but zone has no DNSKEY";
8047 return 0;
8048 }
8049
8050 m = modstack_find(mods, "validator");
8051 if(m == -1) {
8052 *why_bogus = "have trust anchor, but no validator module";
8053 return 0;
8054 }
8055 ve = (struct val_env*)env->modinfo[m];
8056
8057 memset(keystorage, 0, sizeof(*keystorage));
8058 keystorage->entry.key = keystorage;
8059 keystorage->entry.data = dnskey_rrset->data;
8060 keystorage->rk.dname = apex->name;
8061 keystorage->rk.dname_len = apex->namelen;
8062 keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY);
8063 keystorage->rk.rrset_class = htons(z->dclass);
8064 auth_zone_log(z->name, VERB_QUERY,
8065 "zonemd: verify DNSKEY RRset with trust anchor");
8066 sec = val_verify_DNSKEY_with_TA(env, ve, keystorage, anchor->ds_rrset,
8067 anchor->dnskey_rrset, NULL, why_bogus, NULL);
8068 regional_free_all(env->scratch);
8069 if(sec == sec_status_secure) {
8070 /* success */
8071 *is_insecure = 0;
8072 return keystorage;
8073 } else if(sec == sec_status_insecure) {
8074 /* insecure */
8075 *is_insecure = 1;
8076 } else {
8077 /* bogus */
8078 *is_insecure = 0;
8079 auth_zone_log(z->name, VERB_ALGO,
8080 "zonemd: verify DNSKEY RRset with trust anchor failed: %s", *why_bogus);
8081 }
8082 return NULL;
8083 }
8084
8085 /** verify the DNSKEY from the zone with looked up DS record */
8086 static struct ub_packed_rrset_key*
8087 auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z,
8088 struct module_env* env, struct module_stack* mods,
8089 struct ub_packed_rrset_key* ds, int* is_insecure, char** why_bogus,
8090 struct ub_packed_rrset_key* keystorage, uint8_t* sigalg)
8091 {
8092 struct auth_data* apex;
8093 struct auth_rrset* dnskey_rrset;
8094 enum sec_status sec;
8095 struct val_env* ve;
8096 int m;
8097
8098 /* fetch DNSKEY from zone data */
8099 apex = az_find_name(z, z->name, z->namelen);
8100 if(!apex) {
8101 *why_bogus = "in verifywithDS, zone has no apex";
8102 return NULL;
8103 }
8104 dnskey_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_DNSKEY);
8105 if(!dnskey_rrset || dnskey_rrset->data->count==0) {
8106 *why_bogus = "in verifywithDS, zone has no DNSKEY";
8107 return NULL;
8108 }
8109
8110 m = modstack_find(mods, "validator");
8111 if(m == -1) {
8112 *why_bogus = "in verifywithDS, have no validator module";
8113 return NULL;
8114 }
8115 ve = (struct val_env*)env->modinfo[m];
8116
8117 memset(keystorage, 0, sizeof(*keystorage));
8118 keystorage->entry.key = keystorage;
8119 keystorage->entry.data = dnskey_rrset->data;
8120 keystorage->rk.dname = apex->name;
8121 keystorage->rk.dname_len = apex->namelen;
8122 keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY);
8123 keystorage->rk.rrset_class = htons(z->dclass);
8124 auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS");
8125 sec = val_verify_DNSKEY_with_DS(env, ve, keystorage, ds, sigalg,
8126 why_bogus, NULL);
8127 regional_free_all(env->scratch);
8128 if(sec == sec_status_secure) {
8129 /* success */
8130 return keystorage;
8131 } else if(sec == sec_status_insecure) {
8132 /* insecure */
8133 *is_insecure = 1;
8134 } else {
8135 /* bogus */
8136 *is_insecure = 0;
8137 if(*why_bogus == NULL)
8138 *why_bogus = "verify failed";
8139 auth_zone_log(z->name, VERB_ALGO,
8140 "zonemd: verify DNSKEY RRset with DS failed: %s",
8141 *why_bogus);
8142 }
8143 return NULL;
8144 }
8145
8146 /** callback for ZONEMD lookup of DNSKEY */
8147 void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
8148 enum sec_status sec, char* why_bogus, int ATTR_UNUSED(was_ratelimited))
8149 {
8150 struct auth_zone* z = (struct auth_zone*)arg;
8151 struct module_env* env;
8152 char* reason = NULL, *ds_bogus = NULL, *typestr="DNSKEY";
8153 struct ub_packed_rrset_key* dnskey = NULL, *ds = NULL;
8154 int is_insecure = 0, downprot;
8155 struct ub_packed_rrset_key keystorage;
8156 uint8_t sigalg[ALGO_NEEDS_MAX+1];
8157
8158 lock_rw_wrlock(&z->lock);
8159 env = z->zonemd_callback_env;
8160 /* release the env variable so another worker can pick up the
8161 * ZONEMD verification task if it wants to */
8162 z->zonemd_callback_env = NULL;
8163 if(!env || env->outnet->want_to_quit || z->zone_deleted) {
8164 lock_rw_unlock(&z->lock);
8165 return; /* stop on quit */
8166 }
8167 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DS)
8168 typestr = "DS";
8169 downprot = env->cfg->harden_algo_downgrade;
8170
8171 /* process result */
8172 if(sec == sec_status_bogus) {
8173 reason = why_bogus;
8174 if(!reason) {
8175 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8176 reason = "lookup of DNSKEY was bogus";
8177 else reason = "lookup of DS was bogus";
8178 }
8179 auth_zone_log(z->name, VERB_ALGO,
8180 "zonemd lookup of %s was bogus: %s", typestr, reason);
8181 } else if(rcode == LDNS_RCODE_NOERROR) {
8182 uint16_t wanted_qtype = z->zonemd_callback_qtype;
8183 struct regional* temp = env->scratch;
8184 struct query_info rq;
8185 struct reply_info* rep;
8186 memset(&rq, 0, sizeof(rq));
8187 rep = parse_reply_in_temp_region(buf, temp, &rq);
8188 if(rep && rq.qtype == wanted_qtype &&
8189 query_dname_compare(z->name, rq.qname) == 0 &&
8190 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
8191 /* parsed successfully */
8192 struct ub_packed_rrset_key* answer =
8193 reply_find_answer_rrset(&rq, rep);
8194 if(answer && sec == sec_status_secure) {
8195 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8196 dnskey = answer;
8197 else ds = answer;
8198 auth_zone_log(z->name, VERB_ALGO,
8199 "zonemd lookup of %s was secure", typestr);
8200 } else if(sec == sec_status_secure && !answer) {
8201 is_insecure = 1;
8202 auth_zone_log(z->name, VERB_ALGO,
8203 "zonemd lookup of %s has no content, but is secure, treat as insecure", typestr);
8204 } else if(sec == sec_status_insecure) {
8205 is_insecure = 1;
8206 auth_zone_log(z->name, VERB_ALGO,
8207 "zonemd lookup of %s was insecure", typestr);
8208 } else if(sec == sec_status_indeterminate) {
8209 is_insecure = 1;
8210 auth_zone_log(z->name, VERB_ALGO,
8211 "zonemd lookup of %s was indeterminate, treat as insecure", typestr);
8212 } else {
8213 auth_zone_log(z->name, VERB_ALGO,
8214 "zonemd lookup of %s has nodata", typestr);
8215 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8216 reason = "lookup of DNSKEY has nodata";
8217 else reason = "lookup of DS has nodata";
8218 }
8219 } else if(rep && rq.qtype == wanted_qtype &&
8220 query_dname_compare(z->name, rq.qname) == 0 &&
8221 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8222 sec == sec_status_secure) {
8223 /* secure nxdomain, so the zone is like some RPZ zone
8224 * that does not exist in the wider internet, with
8225 * a secure nxdomain answer outside of it. So we
8226 * treat the zonemd zone without a dnssec chain of
8227 * trust, as insecure. */
8228 is_insecure = 1;
8229 auth_zone_log(z->name, VERB_ALGO,
8230 "zonemd lookup of %s was secure NXDOMAIN, treat as insecure", typestr);
8231 } else if(rep && rq.qtype == wanted_qtype &&
8232 query_dname_compare(z->name, rq.qname) == 0 &&
8233 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8234 sec == sec_status_insecure) {
8235 is_insecure = 1;
8236 auth_zone_log(z->name, VERB_ALGO,
8237 "zonemd lookup of %s was insecure NXDOMAIN, treat as insecure", typestr);
8238 } else if(rep && rq.qtype == wanted_qtype &&
8239 query_dname_compare(z->name, rq.qname) == 0 &&
8240 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8241 sec == sec_status_indeterminate) {
8242 is_insecure = 1;
8243 auth_zone_log(z->name, VERB_ALGO,
8244 "zonemd lookup of %s was indeterminate NXDOMAIN, treat as insecure", typestr);
8245 } else {
8246 auth_zone_log(z->name, VERB_ALGO,
8247 "zonemd lookup of %s has no answer", typestr);
8248 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8249 reason = "lookup of DNSKEY has no answer";
8250 else reason = "lookup of DS has no answer";
8251 }
8252 } else {
8253 auth_zone_log(z->name, VERB_ALGO,
8254 "zonemd lookup of %s failed", typestr);
8255 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8256 reason = "lookup of DNSKEY failed";
8257 else reason = "lookup of DS failed";
8258 }
8259
8260 if(!reason && !is_insecure && !dnskey && ds) {
8261 dnskey = auth_zone_verify_zonemd_key_with_ds(z, env,
8262 &env->mesh->mods, ds, &is_insecure, &ds_bogus,
8263 &keystorage, downprot?sigalg:NULL);
8264 if(!dnskey && !is_insecure && !reason)
8265 reason = "DNSKEY verify with DS failed";
8266 }
8267
8268 if(reason) {
8269 auth_zone_zonemd_fail(z, env, reason, ds_bogus, NULL);
8270 lock_rw_unlock(&z->lock);
8271 return;
8272 }
8273
8274 auth_zone_verify_zonemd_with_key(z, env, &env->mesh->mods, dnskey,
8275 is_insecure, NULL, downprot?sigalg:NULL);
8276 regional_free_all(env->scratch);
8277 lock_rw_unlock(&z->lock);
8278 }
8279
8280 /** lookup DNSKEY for ZONEMD verification */
8281 static int
8282 zonemd_lookup_dnskey(struct auth_zone* z, struct module_env* env)
8283 {
8284 struct query_info qinfo;
8285 uint16_t qflags = BIT_RD;
8286 struct edns_data edns;
8287 sldns_buffer* buf = env->scratch_buffer;
8288 int fetch_ds = 0;
8289
8290 if(!z->fallback_enabled) {
8291 /* we cannot actually get the DNSKEY, because it is in the
8292 * zone we have ourselves, and it is not served yet
8293 * (possibly), so fetch type DS */
8294 fetch_ds = 1;
8295 }
8296 if(z->zonemd_callback_env) {
8297 /* another worker is already working on the callback
8298 * for the DNSKEY lookup for ZONEMD verification.
8299 * We do not also have to do ZONEMD verification, let that
8300 * worker do it */
8301 auth_zone_log(z->name, VERB_ALGO,
8302 "zonemd needs lookup of %s and that already is worked on by another worker", (fetch_ds?"DS":"DNSKEY"));
8303 return 1;
8304 }
8305
8306 /* use mesh_new_callback to lookup the DNSKEY,
8307 * and then wait for them to be looked up (in cache, or query) */
8308 qinfo.qname_len = z->namelen;
8309 qinfo.qname = z->name;
8310 qinfo.qclass = z->dclass;
8311 if(fetch_ds)
8312 qinfo.qtype = LDNS_RR_TYPE_DS;
8313 else qinfo.qtype = LDNS_RR_TYPE_DNSKEY;
8314 qinfo.local_alias = NULL;
8315 if(verbosity >= VERB_ALGO) {
8316 char buf1[512];
8317 char buf2[LDNS_MAX_DOMAINLEN+1];
8318 dname_str(z->name, buf2);
8319 snprintf(buf1, sizeof(buf1), "auth zone %s: lookup %s "
8320 "for zonemd verification", buf2,
8321 (fetch_ds?"DS":"DNSKEY"));
8322 log_query_info(VERB_ALGO, buf1, &qinfo);
8323 }
8324 edns.edns_present = 1;
8325 edns.ext_rcode = 0;
8326 edns.edns_version = 0;
8327 edns.bits = EDNS_DO;
8328 edns.opt_list_in = NULL;
8329 edns.opt_list_out = NULL;
8330 edns.opt_list_inplace_cb_out = NULL;
8331 if(sldns_buffer_capacity(buf) < 65535)
8332 edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
8333 else edns.udp_size = 65535;
8334
8335 /* store the worker-specific module env for the callback.
8336 * We can then reference this when the callback executes */
8337 z->zonemd_callback_env = env;
8338 z->zonemd_callback_qtype = qinfo.qtype;
8339 /* the callback can be called straight away */
8340 lock_rw_unlock(&z->lock);
8341 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
8342 &auth_zonemd_dnskey_lookup_callback, z)) {
8343 lock_rw_wrlock(&z->lock);
8344 log_err("out of memory lookup of %s for zonemd",
8345 (fetch_ds?"DS":"DNSKEY"));
8346 return 0;
8347 }
8348 lock_rw_wrlock(&z->lock);
8349 return 1;
8350 }
8351
8352 void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env,
8353 struct module_stack* mods, char** result, int offline, int only_online)
8354 {
8355 char* reason = NULL, *why_bogus = NULL;
8356 struct trust_anchor* anchor = NULL;
8357 struct ub_packed_rrset_key* dnskey = NULL;
8358 struct ub_packed_rrset_key keystorage;
8359 int is_insecure = 0;
8360 /* verify the ZONEMD if present.
8361 * If not present check if absence is allowed by DNSSEC */
8362 if(!z->zonemd_check)
8363 return;
8364 if(z->data.count == 0)
8365 return; /* no data */
8366
8367 /* if zone is under a trustanchor */
8368 /* is it equal to trustanchor - get dnskey's verified */
8369 /* else, find chain of trust by fetching DNSKEYs lookup for zone */
8370 /* result if that, if insecure, means no DNSSEC for the ZONEMD,
8371 * otherwise we have the zone DNSKEY for the DNSSEC verification. */
8372 if(env->anchors)
8373 anchor = anchors_lookup(env->anchors, z->name, z->namelen,
8374 z->dclass);
8375 if(anchor && anchor->numDS == 0 && anchor->numDNSKEY == 0) {
8376 /* domain-insecure trust anchor for unsigned zones */
8377 lock_basic_unlock(&anchor->lock);
8378 if(only_online)
8379 return;
8380 dnskey = NULL;
8381 is_insecure = 1;
8382 } else if(anchor && query_dname_compare(z->name, anchor->name) == 0) {
8383 if(only_online) {
8384 lock_basic_unlock(&anchor->lock);
8385 return;
8386 }
8387 /* equal to trustanchor, no need for online lookups */
8388 dnskey = zonemd_get_dnskey_from_anchor(z, env, mods, anchor,
8389 &is_insecure, &why_bogus, &keystorage);
8390 lock_basic_unlock(&anchor->lock);
8391 if(!dnskey && !reason && !is_insecure) {
8392 reason = "verify DNSKEY RRset with trust anchor failed";
8393 }
8394 } else if(anchor) {
8395 lock_basic_unlock(&anchor->lock);
8396 /* perform online lookups */
8397 if(offline)
8398 return;
8399 /* setup online lookups, and wait for them */
8400 if(zonemd_lookup_dnskey(z, env)) {
8401 /* wait for the lookup */
8402 return;
8403 }
8404 reason = "could not lookup DNSKEY for chain of trust";
8405 } else {
8406 /* the zone is not under a trust anchor */
8407 if(only_online)
8408 return;
8409 dnskey = NULL;
8410 is_insecure = 1;
8411 }
8412
8413 if(reason) {
8414 auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
8415 return;
8416 }
8417
8418 auth_zone_verify_zonemd_with_key(z, env, mods, dnskey, is_insecure,
8419 result, NULL);
8420 regional_free_all(env->scratch);
8421 }
8422
8423 void auth_zones_pickup_zonemd_verify(struct auth_zones* az,
8424 struct module_env* env)
8425 {
8426 struct auth_zone key;
8427 uint8_t savezname[255+1];
8428 size_t savezname_len;
8429 struct auth_zone* z;
8430 key.node.key = &key;
8431 lock_rw_rdlock(&az->lock);
8432 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
8433 lock_rw_wrlock(&z->lock);
8434 if(!z->zonemd_check) {
8435 lock_rw_unlock(&z->lock);
8436 continue;
8437 }
8438 key.dclass = z->dclass;
8439 key.namelabs = z->namelabs;
8440 if(z->namelen > sizeof(savezname)) {
8441 lock_rw_unlock(&z->lock);
8442 log_err("auth_zones_pickup_zonemd_verify: zone name too long");
8443 continue;
8444 }
8445 savezname_len = z->namelen;
8446 memmove(savezname, z->name, z->namelen);
8447 lock_rw_unlock(&az->lock);
8448 auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 1);
8449 lock_rw_unlock(&z->lock);
8450 lock_rw_rdlock(&az->lock);
8451 /* find the zone we had before, it is not deleted,
8452 * because we have a flag for that that is processed at
8453 * apply_cfg time */
8454 key.namelen = savezname_len;
8455 key.name = savezname;
8456 z = (struct auth_zone*)rbtree_search(&az->ztree, &key);
8457 if(!z)
8458 break;
8459 }
8460 lock_rw_unlock(&az->lock);
8461 }
+100
-1
services/authzone.h less more
131131 /** for upstream: this zone answers queries that unbound intends to
132132 * send upstream. */
133133 int for_upstream;
134 /** check ZONEMD records */
135 int zonemd_check;
136 /** reject absence of ZONEMD records */
137 int zonemd_reject_absence;
134138 /** RPZ zones */
135139 struct rpz* rpz;
140 /** store the env (worker thread specific) for the zonemd callbacks
141 * from the mesh with the results of the lookup, if nonNULL, some
142 * worker has already picked up the zonemd verification task and
143 * this worker does not have to do it as well. */
144 struct module_env* zonemd_callback_env;
145 /** for the zonemd callback, the type of data looked up */
146 uint16_t zonemd_callback_qtype;
136147 /** zone has been deleted */
137148 int zone_deleted;
138149 /** deletelist pointer, unused normally except during delete */
473484 * @param cfg: config to apply.
474485 * @param setup: if true, also sets up values in the auth zones structure
475486 * @param is_rpz: set to 1 if at least one RPZ zone is configured.
487 * @param env: environment for offline verification.
488 * @param mods: modules in environment.
476489 * @return false on failure.
477490 */
478491 int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg,
479 int setup, int* is_rpz);
492 int setup, int* is_rpz, struct module_env* env,
493 struct module_stack* mods);
480494
481495 /** initial pick up of worker timeouts, ties events to worker event loop
482496 * @param az: auth zones structure
621635 /** read auth zone from zonefile. caller must lock zone. false on failure */
622636 int auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg);
623637
638 /** find the apex SOA RRset, if it exists. NULL if no SOA RRset. */
639 struct auth_rrset* auth_zone_get_soa_rrset(struct auth_zone* z);
640
624641 /** find serial number of zone or false if none (no SOA record) */
625642 int auth_zone_get_serial(struct auth_zone* z, uint32_t* serial);
643
644 /** Find auth_zone SOA and populate the values in xfr(soa values). */
645 int xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr);
626646
627647 /** compare auth_zones for sorted rbtree */
628648 int auth_zone_cmp(const void* z1, const void* z2);
684704 */
685705 int compare_serial(uint32_t a, uint32_t b);
686706
707 /**
708 * Generate ZONEMD digest for the auth zone.
709 * @param z: the auth zone to digest.
710 * omits zonemd at apex and its RRSIG from the digest.
711 * @param scheme: the collation scheme to use. Numbers as defined for ZONEMD.
712 * @param hashalgo: the hash algo, from the registry defined for ZONEMD type.
713 * @param hash: the result buffer.
714 * @param buflen: size of the result buffer, must be large enough. or the
715 * routine fails.
716 * @param resultlen: size of the hash in the result buffer of the result.
717 * @param region: temp region for allocs during canonicalisation.
718 * @param buf: temp buffer during canonicalisation.
719 * @param reason: failure reason, returns a string, NULL on success.
720 * @return false on failure.
721 */
722 int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme,
723 int hashalgo, uint8_t* hash, size_t buflen, size_t* resultlen,
724 struct regional* region, struct sldns_buffer* buf, char** reason);
725
726 /** ZONEMD scheme definitions */
727 #define ZONEMD_SCHEME_SIMPLE 1
728
729 /** ZONEMD hash algorithm definition for SHA384 */
730 #define ZONEMD_ALGO_SHA384 1
731 /** ZONEMD hash algorithm definition for SHA512 */
732 #define ZONEMD_ALGO_SHA512 2
733
734 /** returns true if a zonemd hash algo is supported */
735 int zonemd_hashalgo_supported(int hashalgo);
736 /** returns true if a zonemd scheme is supported */
737 int zonemd_scheme_supported(int scheme);
738
739 /**
740 * Check ZONEMD digest for the auth zone.
741 * @param z: auth zone to digest.
742 * @param scheme: zonemd scheme.
743 * @param hashalgo: zonemd hash algorithm.
744 * @param hash: the hash to check.
745 * @param hashlen: length of hash buffer.
746 * @param region: temp region for allocs during canonicalisation.
747 * @param buf: temp buffer during canonicalisation.
748 * @param reason: string returned with failure reason.
749 * @return false on failure.
750 */
751 int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme,
752 int hashalgo, uint8_t* hash, size_t hashlen, struct regional* region,
753 struct sldns_buffer* buf, char** reason);
754
755 /**
756 * Perform ZONEMD checks and verification for the auth zone.
757 * This includes DNSSEC verification if applicable.
758 * @param z: auth zone to check. Caller holds lock. wrlock.
759 * @param env: with temp region, buffer and config.
760 * @param mods: module stack for validator env.
761 * @param result: if not NULL, result string strdupped in here.
762 * @param offline: if true, there is no spawned lookup when online is needed.
763 * Those zones are skipped for ZONEMD checking.
764 * @param only_online: if true, only for ZONEMD that need online lookup
765 * of DNSKEY chain of trust are processed.
766 */
767 void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env,
768 struct module_stack* mods, char** result, int offline,
769 int only_online);
770
771 /** mesh callback for zonemd on lookup of dnskey */
772 void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode,
773 struct sldns_buffer* buf, enum sec_status sec, char* why_bogus,
774 int was_ratelimited);
775
776 /**
777 * Check the ZONEMD records that need online DNSSEC chain lookups,
778 * for them spawn the lookup process to get it checked out.
779 * Attaches the lookup process to the worker event base and mesh state.
780 * @param az: auth zones, every zones is checked.
781 * @param env: env of the worker where the task is attached.
782 */
783 void auth_zones_pickup_zonemd_verify(struct auth_zones* az,
784 struct module_env* env);
785
687786 #endif /* SERVICES_AUTHZONE_H */
+4
-1
services/cache/dns.c less more
800800 dns_cache_lookup(struct module_env* env,
801801 uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
802802 uint16_t flags, struct regional* region, struct regional* scratch,
803 int no_partial)
803 int no_partial, uint8_t* dpname, size_t dpnamelen)
804804 {
805805 struct lruhash_entry* e;
806806 struct query_info k;
922922 * the same. We search upwards for NXDOMAINs. */
923923 if(env->cfg->harden_below_nxdomain) {
924924 while(!dname_is_root(k.qname)) {
925 if(dpname && dpnamelen
926 && !dname_subdomain_c(k.qname, dpname))
927 break; /* no synth nxdomain above the stub */
925928 dname_remove_label(&k.qname, &k.qname_len);
926929 h = query_info_hash(&k, flags);
927930 e = slabhash_lookup(env->msg_cache, h, &k, 0);
+3
-1
services/cache/dns.h less more
163163 * @param scratch: where to allocate temporary data.
164164 * @param no_partial: if true, only complete messages and not a partial
165165 * one (with only the start of the CNAME chain and not the rest).
166 * @param dpname: if not NULL, do not return NXDOMAIN above this name.
167 * @param dpnamelen: length of dpname.
166168 * @return new response message (alloced in region, rrsets do not have IDs).
167169 * or NULL on error or if not found in cache.
168170 * TTLs are made relative to the current time.
170172 struct dns_msg* dns_cache_lookup(struct module_env* env,
171173 uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
172174 uint16_t flags, struct regional* region, struct regional* scratch,
173 int no_partial);
175 int no_partial, uint8_t* dpname, size_t dpnamelen);
174176
175177 /**
176178 * find and add A and AAAA records for missing nameservers in delegpt
+50
-19
services/cache/infra.c less more
235235 sizeof(struct infra_cache));
236236 size_t maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
237237 sizeof(struct infra_data)+INFRA_BYTES_NAME);
238 if(!infra) {
239 return NULL;
240 }
238241 infra->hosts = slabhash_create(cfg->infra_cache_slabs,
239242 INFRA_HOST_STARTSIZE, maxmem, &infra_sizefunc, &infra_compfunc,
240243 &infra_delkeyfunc, &infra_deldatafunc, NULL);
894897 slabhash_insert(infra->client_ip_rates, h, &k->entry, d, NULL);
895898 }
896899
897 /** find the second and return its rate counter, if none, remove oldest */
898 static int* infra_rate_find_second(void* data, time_t t)
900 /** Find the second and return its rate counter. If none and should_add, remove
901 * oldest to accommodate. Else return none. */
902 static int* infra_rate_find_second_or_none(void* data, time_t t, int should_add)
899903 {
900904 struct rate_data* d = (struct rate_data*)data;
901905 int i, oldest;
903907 if(d->timestamp[i] == t)
904908 return &(d->qps[i]);
905909 }
910 if(!should_add) return NULL;
906911 /* remove oldest timestamp, and insert it at t with 0 qps */
907912 oldest = 0;
908913 for(i=0; i<RATE_WINDOW; i++) {
914919 return &(d->qps[oldest]);
915920 }
916921
917 int infra_rate_max(void* data, time_t now)
922 /** find the second and return its rate counter, if none, remove oldest to
923 * accommodate */
924 static int* infra_rate_give_second(void* data, time_t t)
925 {
926 return infra_rate_find_second_or_none(data, t, 1);
927 }
928
929 /** find the second and return its rate counter only if it exists. Caller
930 * should check for NULL return value */
931 static int* infra_rate_get_second(void* data, time_t t)
932 {
933 return infra_rate_find_second_or_none(data, t, 0);
934 }
935
936 int infra_rate_max(void* data, time_t now, int backoff)
918937 {
919938 struct rate_data* d = (struct rate_data*)data;
920939 int i, max = 0;
921940 for(i=0; i<RATE_WINDOW; i++) {
922 if(now-d->timestamp[i] <= RATE_WINDOW) {
923 if(d->qps[i] > max)
941 if(backoff) {
942 if(now-d->timestamp[i] <= RATE_WINDOW &&
943 d->qps[i] > max) {
924944 max = d->qps[i];
945 }
946 } else {
947 if(now == d->timestamp[i]) {
948 return d->qps[i];
949 }
925950 }
926951 }
927952 return max;
928953 }
929954
930955 int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
931 size_t namelen, time_t timenow, struct query_info* qinfo,
956 size_t namelen, time_t timenow, int backoff, struct query_info* qinfo,
932957 struct comm_reply* replylist)
933958 {
934959 int lim, max;
945970 /* find or insert ratedata */
946971 entry = infra_find_ratedata(infra, name, namelen, 1);
947972 if(entry) {
948 int premax = infra_rate_max(entry->data, timenow);
949 int* cur = infra_rate_find_second(entry->data, timenow);
973 int premax = infra_rate_max(entry->data, timenow, backoff);
974 int* cur = infra_rate_give_second(entry->data, timenow);
950975 (*cur)++;
951 max = infra_rate_max(entry->data, timenow);
976 max = infra_rate_max(entry->data, timenow, backoff);
952977 lock_rw_unlock(&entry->lock);
953978
954 if(premax < lim && max >= lim) {
979 if(premax <= lim && max > lim) {
955980 char buf[257], qnm[257], ts[12], cs[12], ip[128];
956981 dname_str(name, buf);
957982 dname_str(qinfo->qname, qnm);
966991 verbose(VERB_OPS, "ratelimit exceeded %s %d query %s %s %s", buf, lim, qnm, cs, ts);
967992 }
968993 }
969 return (max < lim);
994 return (max <= lim);
970995 }
971996
972997 /* create */
973998 infra_create_ratedata(infra, name, namelen, timenow);
974 return (1 < lim);
999 return (1 <= lim);
9751000 }
9761001
9771002 void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name,
9831008 return; /* not enabled */
9841009 entry = infra_find_ratedata(infra, name, namelen, 1);
9851010 if(!entry) return; /* not cached */
986 cur = infra_rate_find_second(entry->data, timenow);
1011 cur = infra_rate_get_second(entry->data, timenow);
1012 if(cur == NULL) {
1013 /* our timenow is not available anymore; nothing to decrease */
1014 lock_rw_unlock(&entry->lock);
1015 return;
1016 }
9871017 if((*cur) > 0)
9881018 (*cur)--;
9891019 lock_rw_unlock(&entry->lock);
9901020 }
9911021
9921022 int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
993 size_t namelen, time_t timenow)
1023 size_t namelen, time_t timenow, int backoff)
9941024 {
9951025 struct lruhash_entry* entry;
9961026 int lim, max;
10061036 entry = infra_find_ratedata(infra, name, namelen, 0);
10071037 if(!entry)
10081038 return 0; /* not cached */
1009 max = infra_rate_max(entry->data, timenow);
1039 max = infra_rate_max(entry->data, timenow, backoff);
10101040 lock_rw_unlock(&entry->lock);
10111041
10121042 return (max >= lim);
10231053 }
10241054
10251055 int infra_ip_ratelimit_inc(struct infra_cache* infra,
1026 struct comm_reply* repinfo, time_t timenow, struct sldns_buffer* buffer)
1056 struct comm_reply* repinfo, time_t timenow, int backoff,
1057 struct sldns_buffer* buffer)
10271058 {
10281059 int max;
10291060 struct lruhash_entry* entry;
10351066 /* find or insert ratedata */
10361067 entry = infra_find_ip_ratedata(infra, repinfo, 1);
10371068 if(entry) {
1038 int premax = infra_rate_max(entry->data, timenow);
1039 int* cur = infra_rate_find_second(entry->data, timenow);
1069 int premax = infra_rate_max(entry->data, timenow, backoff);
1070 int* cur = infra_rate_give_second(entry->data, timenow);
10401071 (*cur)++;
1041 max = infra_rate_max(entry->data, timenow);
1072 max = infra_rate_max(entry->data, timenow, backoff);
10421073 lock_rw_unlock(&entry->lock);
10431074
10441075 if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) {
+10
-6
services/cache/infra.h less more
367367 * @param name: zone name
368368 * @param namelen: zone name length
369369 * @param timenow: what time it is now.
370 * @param backoff: if backoff is enabled.
370371 * @param qinfo: for logging, query name.
371372 * @param replylist: for logging, querier's address (if any).
372373 * @return 1 if it could be incremented. 0 if the increment overshot the
374375 * Failures like alloc failures are not returned (probably as 1).
375376 */
376377 int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
377 size_t namelen, time_t timenow, struct query_info* qinfo,
378 size_t namelen, time_t timenow, int backoff, struct query_info* qinfo,
378379 struct comm_reply* replylist);
379380
380381 /**
397398 * @param name: zone name
398399 * @param namelen: zone name length
399400 * @param timenow: what time it is now.
401 * @param backoff: if backoff is enabled.
400402 * @return true if exceeded.
401403 */
402404 int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
403 size_t namelen, time_t timenow);
404
405 /** find the maximum rate stored, not too old. 0 if no information. */
406 int infra_rate_max(void* data, time_t now);
405 size_t namelen, time_t timenow, int backoff);
406
407 /** find the maximum rate stored. 0 if no information.
408 * When backoff is enabled look for the maximum in the whole RATE_WINDOW. */
409 int infra_rate_max(void* data, time_t now, int backoff);
407410
408411 /** find the ratelimit in qps for a domain. 0 if no limit for domain. */
409412 int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
414417 * @param infra: infra cache
415418 * @param repinfo: information about client
416419 * @param timenow: what time it is now.
420 * @param backoff: if backoff is enabled.
417421 * @param buffer: with query for logging.
418422 * @return 1 if it could be incremented. 0 if the increment overshot the
419423 * ratelimit and the query should be dropped. */
420424 int infra_ip_ratelimit_inc(struct infra_cache* infra,
421 struct comm_reply* repinfo, time_t timenow,
425 struct comm_reply* repinfo, time_t timenow, int backoff,
422426 struct sldns_buffer* buffer);
423427
424428 /**
+2
-2
services/cache/rrset.h less more
119119 * the new rrset. The reference may be changed if the cached rrset is
120120 * superior.
121121 * Before calling the rrset is presumed newly allocated and changeable.
122 * Afer calling you do not hold a lock, and the rrset is inserted in
122 * After calling you do not hold a lock, and the rrset is inserted in
123123 * the hashtable so you need a lock to change it.
124124 * @param alloc: how to allocate (and deallocate) the special rrset key.
125125 * @param timenow: current time (to see if ttl in cache is expired).
142142 * @param rrset: which rrset to cache as wildcard. This rrset is left
143143 * untouched.
144144 * @param ce: the closest encloser, will be uses to generate the wildcard dname.
145 * @param ce_len: the closest encloser lenght.
145 * @param ce_len: the closest encloser length.
146146 * @param alloc: how to allocate (and deallocate) the special rrset key.
147147 * @param timenow: current time (to see if ttl in cache is expired).
148148 */
+263
-110
services/listen_dnsport.c less more
129129 addr->ai_family==AF_INET6?"6":
130130 "_otherfam", buf,
131131 ntohs(((struct sockaddr_in*)addr->ai_addr)->sin_port));
132 }
133 }
134
135 void
136 verbose_print_unbound_socket(struct unbound_socket* ub_sock)
137 {
138 if(verbosity >= VERB_ALGO) {
139 log_info("listing of unbound_socket structure:");
140 verbose_print_addr(ub_sock->addr);
141 log_info("s is: %d, fam is: %s", ub_sock->s, ub_sock->fam == AF_INET?"AF_INET":"AF_INET6");
132142 }
133143 }
134144
441451 if(err != NULL)
442452 log_warn("error setting IP DiffServ codepoint %d on UDP socket: %s", dscp, err);
443453 if(family == AF_INET6) {
454 # if defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
455 int omit6_set = 0;
456 int action;
457 # endif
444458 # if defined(IPV6_V6ONLY)
445459 if(v6only) {
446460 int val=(v6only==2)?0:1;
489503 return -1;
490504 }
491505 # endif /* IPv6 MTU */
506 # if defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
507 # if defined(IP_PMTUDISC_OMIT)
508 action = IP_PMTUDISC_OMIT;
509 if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
510 &action, (socklen_t)sizeof(action)) < 0) {
511
512 if (errno != EINVAL) {
513 log_err("setsockopt(..., IPV6_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s",
514 strerror(errno));
515 sock_close(s);
516 *noproto = 0;
517 *inuse = 0;
518 return -1;
519 }
520 }
521 else
522 {
523 omit6_set = 1;
524 }
525 # endif
526 if (omit6_set == 0) {
527 action = IP_PMTUDISC_DONT;
528 if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
529 &action, (socklen_t)sizeof(action)) < 0) {
530 log_err("setsockopt(..., IPV6_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s",
531 strerror(errno));
532 sock_close(s);
533 *noproto = 0;
534 *inuse = 0;
535 return -1;
536 }
537 }
538 # endif /* IPV6_MTU_DISCOVER */
492539 } else if(family == AF_INET) {
493540 # if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
494541 /* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that
821868 ds = dscp << 2;
822869 switch(addrfamily) {
823870 case AF_INET6:
824 if(setsockopt(socket, IPPROTO_IPV6, IPV6_TCLASS, (void*)&ds, sizeof(ds)) < 0)
871 #ifdef IPV6_TCLASS
872 if(setsockopt(socket, IPPROTO_IPV6, IPV6_TCLASS, (void*)&ds,
873 sizeof(ds)) < 0)
825874 return sock_strerror(errno);
826875 break;
876 #else
877 return "IPV6_TCLASS not defined on this system";
878 #endif
827879 default:
828880 if(setsockopt(socket, IPPROTO_IP, IP_TOS, (void*)&ds, sizeof(ds)) < 0)
829881 return sock_strerror(errno);
915967 make_sock(int stype, const char* ifname, const char* port,
916968 struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
917969 int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind,
918 int use_systemd, int dscp)
970 int use_systemd, int dscp, struct unbound_socket* ub_sock)
919971 {
920972 struct addrinfo *res = NULL;
921973 int r, s, inuse, noproto;
9571009 *noip6 = 1;
9581010 }
9591011 }
960 freeaddrinfo(res);
1012
1013 ub_sock->addr = res;
1014 ub_sock->s = s;
1015 ub_sock->fam = hints->ai_family;
1016
9611017 return s;
9621018 }
9631019
9661022 make_sock_port(int stype, const char* ifname, const char* port,
9671023 struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
9681024 int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind,
969 int use_systemd, int dscp)
1025 int use_systemd, int dscp, struct unbound_socket* ub_sock)
9701026 {
9711027 char* s = strchr(ifname, '@');
9721028 if(s) {
9891045 p[strlen(s+1)]=0;
9901046 return make_sock(stype, newif, p, hints, v6only, noip6, rcv,
9911047 snd, reuseport, transparent, tcp_mss, nodelay, freebind,
992 use_systemd, dscp);
1048 use_systemd, dscp, ub_sock);
9931049 }
9941050 return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd,
9951051 reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd,
996 dscp);
1052 dscp, ub_sock);
9971053 }
9981054
9991055 /**
10011057 * @param list: list head. changed.
10021058 * @param s: fd.
10031059 * @param ftype: if fd is UDP.
1060 * @param ub_sock: socket with address.
10041061 * @return false on failure. list in unchanged then.
10051062 */
10061063 static int
1007 port_insert(struct listen_port** list, int s, enum listen_type ftype)
1064 port_insert(struct listen_port** list, int s, enum listen_type ftype, struct unbound_socket* ub_sock)
10081065 {
10091066 struct listen_port* item = (struct listen_port*)malloc(
10101067 sizeof(struct listen_port));
10131070 item->next = *list;
10141071 item->fd = s;
10151072 item->ftype = ftype;
1073 item->socket = ub_sock;
10161074 *list = item;
10171075 return 1;
10181076 }
10421100 return 0;
10431101 }
10441102 # else
1045 log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please "
1103 log_err("no IPV6_RECVPKTINFO and IPV6_PKTINFO options, please "
10461104 "disable interface-automatic or do-ip6 in config");
10471105 return 0;
10481106 # endif /* defined IPV6_RECVPKTINFO */
10891147 if(!p && atoi(port) == atoi(s->str))
10901148 return 1;
10911149 }
1092 return 0;
1093 }
1094
1095 /** see if interface is https, its port number == the https port number */
1096 static int
1097 if_is_https(const char* ifname, const char* port, int https_port)
1098 {
1099 char* p = strchr(ifname, '@');
1100 if(!p && atoi(port) == https_port)
1101 return 1;
1102 if(p && atoi(p+1) == https_port)
1103 return 1;
11041150 return 0;
11051151 }
11061152
11411187 int s, noip6=0;
11421188 int is_https = if_is_https(ifname, port, https_port);
11431189 int nodelay = is_https && http2_nodelay;
1190 struct unbound_socket* ub_sock;
11441191 #ifdef USE_DNSCRYPT
11451192 int is_dnscrypt = ((strchr(ifname, '@') &&
11461193 atoi(strchr(ifname, '@')+1) == dnscrypt_port) ||
11521199
11531200 if(!do_udp && !do_tcp)
11541201 return 0;
1202
11551203 if(do_auto) {
1204 ub_sock = calloc(1, sizeof(struct unbound_socket));
1205 if(!ub_sock)
1206 return 0;
11561207 if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
11571208 &noip6, rcv, snd, reuseport, transparent,
1158 tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) {
1209 tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) {
1210 freeaddrinfo(ub_sock->addr);
1211 free(ub_sock);
11591212 if(noip6) {
11601213 log_warn("IPv6 protocol not available");
11611214 return 1;
11651218 /* getting source addr packet info is highly non-portable */
11661219 if(!set_recvpktinfo(s, hints->ai_family)) {
11671220 sock_close(s);
1221 freeaddrinfo(ub_sock->addr);
1222 free(ub_sock);
11681223 return 0;
11691224 }
11701225 if(!port_insert(list, s,
1171 is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) {
1226 is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil, ub_sock)) {
11721227 sock_close(s);
1228 freeaddrinfo(ub_sock->addr);
1229 free(ub_sock);
11731230 return 0;
11741231 }
11751232 } else if(do_udp) {
1233 ub_sock = calloc(1, sizeof(struct unbound_socket));
1234 if(!ub_sock)
1235 return 0;
11761236 /* regular udp socket */
11771237 if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
11781238 &noip6, rcv, snd, reuseport, transparent,
1179 tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) {
1239 tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) {
1240 freeaddrinfo(ub_sock->addr);
1241 free(ub_sock);
11801242 if(noip6) {
11811243 log_warn("IPv6 protocol not available");
11821244 return 1;
11841246 return 0;
11851247 }
11861248 if(!port_insert(list, s,
1187 is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) {
1249 is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp, ub_sock)) {
11881250 sock_close(s);
1251 freeaddrinfo(ub_sock->addr);
1252 free(ub_sock);
11891253 return 0;
11901254 }
11911255 }
11931257 int is_ssl = if_is_ssl(ifname, port, ssl_port,
11941258 tls_additional_port);
11951259 enum listen_type port_type;
1260 ub_sock = calloc(1, sizeof(struct unbound_socket));
1261 if(!ub_sock)
1262 return 0;
11961263 if(is_ssl)
11971264 port_type = listen_type_ssl;
11981265 else if(is_https)
12031270 port_type = listen_type_tcp;
12041271 if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
12051272 &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay,
1206 freebind, use_systemd, dscp)) == -1) {
1273 freebind, use_systemd, dscp, ub_sock)) == -1) {
1274 freeaddrinfo(ub_sock->addr);
1275 free(ub_sock);
12071276 if(noip6) {
12081277 /*log_warn("IPv6 protocol not available");*/
12091278 return 1;
12121281 }
12131282 if(is_ssl)
12141283 verbose(VERB_ALGO, "setup TCP for SSL service");
1215 if(!port_insert(list, s, port_type)) {
1284 if(!port_insert(list, s, port_type, ub_sock)) {
12161285 sock_close(s);
1286 freeaddrinfo(ub_sock->addr);
1287 free(ub_sock);
12171288 return 0;
12181289 }
12191290 }
12391310 return 1;
12401311 }
12411312
1313 void listen_setup_locks(void)
1314 {
1315 if(!stream_wait_lock_inited) {
1316 lock_basic_init(&stream_wait_count_lock);
1317 stream_wait_lock_inited = 1;
1318 }
1319 if(!http2_query_buffer_lock_inited) {
1320 lock_basic_init(&http2_query_buffer_count_lock);
1321 http2_query_buffer_lock_inited = 1;
1322 }
1323 if(!http2_response_buffer_lock_inited) {
1324 lock_basic_init(&http2_response_buffer_count_lock);
1325 http2_response_buffer_lock_inited = 1;
1326 }
1327 }
1328
1329 void listen_desetup_locks(void)
1330 {
1331 if(stream_wait_lock_inited) {
1332 stream_wait_lock_inited = 0;
1333 lock_basic_destroy(&stream_wait_count_lock);
1334 }
1335 if(http2_query_buffer_lock_inited) {
1336 http2_query_buffer_lock_inited = 0;
1337 lock_basic_destroy(&http2_query_buffer_count_lock);
1338 }
1339 if(http2_response_buffer_lock_inited) {
1340 http2_response_buffer_lock_inited = 0;
1341 lock_basic_destroy(&http2_response_buffer_count_lock);
1342 }
1343 }
1344
12421345 struct listen_dnsport*
12431346 listen_create(struct comm_base* base, struct listen_port* ports,
12441347 size_t bufsize, int tcp_accept_count, int tcp_idle_timeout,
12601363 free(front);
12611364 return NULL;
12621365 }
1263 if(!stream_wait_lock_inited) {
1264 lock_basic_init(&stream_wait_count_lock);
1265 stream_wait_lock_inited = 1;
1266 }
1267 if(!http2_query_buffer_lock_inited) {
1268 lock_basic_init(&http2_query_buffer_count_lock);
1269 http2_query_buffer_lock_inited = 1;
1270 }
1271 if(!http2_response_buffer_lock_inited) {
1272 lock_basic_init(&http2_response_buffer_count_lock);
1273 http2_response_buffer_lock_inited = 1;
1274 }
12751366
12761367 /* create comm points as needed */
12771368 while(ports) {
12781369 struct comm_point* cp = NULL;
12791370 if(ports->ftype == listen_type_udp ||
12801371 ports->ftype == listen_type_udp_dnscrypt)
1281 cp = comm_point_create_udp(base, ports->fd,
1282 front->udp_buff, cb, cb_arg);
1372 cp = comm_point_create_udp(base, ports->fd,
1373 front->udp_buff, cb, cb_arg, ports->socket);
12831374 else if(ports->ftype == listen_type_tcp ||
12841375 ports->ftype == listen_type_tcp_dnscrypt)
1285 cp = comm_point_create_tcp(base, ports->fd,
1376 cp = comm_point_create_tcp(base, ports->fd,
12861377 tcp_accept_count, tcp_idle_timeout,
12871378 harden_large_queries, 0, NULL,
12881379 tcp_conn_limit, bufsize, front->udp_buff,
1289 ports->ftype, cb, cb_arg);
1380 ports->ftype, cb, cb_arg, ports->socket);
12901381 else if(ports->ftype == listen_type_ssl ||
12911382 ports->ftype == listen_type_http) {
1292 cp = comm_point_create_tcp(base, ports->fd,
1383 cp = comm_point_create_tcp(base, ports->fd,
12931384 tcp_accept_count, tcp_idle_timeout,
12941385 harden_large_queries,
12951386 http_max_streams, http_endpoint,
12961387 tcp_conn_limit, bufsize, front->udp_buff,
1297 ports->ftype, cb, cb_arg);
1298 if(http_notls && ports->ftype == listen_type_http)
1299 cp->ssl = NULL;
1300 else
1301 cp->ssl = sslctx;
1388 ports->ftype, cb, cb_arg, ports->socket);
13021389 if(ports->ftype == listen_type_http) {
13031390 if(!sslctx && !http_notls) {
1304 log_warn("HTTPS port configured, but no TLS "
1305 "tls-service-key or tls-service-pem "
1306 "set");
1391 log_warn("HTTPS port configured, but "
1392 "no TLS tls-service-key or "
1393 "tls-service-pem set");
13071394 }
13081395 #ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
1309 if(!http_notls)
1310 log_warn("Unbound is not compiled with an "
1311 "OpenSSL version supporting ALPN "
1312 " (OpenSSL >= 1.0.2). This is required "
1313 "to use DNS-over-HTTPS");
1396 if(!http_notls) {
1397 log_warn("Unbound is not compiled "
1398 "with an OpenSSL version "
1399 "supporting ALPN "
1400 "(OpenSSL >= 1.0.2). This "
1401 "is required to use "
1402 "DNS-over-HTTPS");
1403 }
13141404 #endif
13151405 #ifndef HAVE_NGHTTP2_NGHTTP2_H
13161406 log_warn("Unbound is not compiled with "
13201410 }
13211411 } else if(ports->ftype == listen_type_udpancil ||
13221412 ports->ftype == listen_type_udpancil_dnscrypt)
1323 cp = comm_point_create_udp_ancil(base, ports->fd,
1324 front->udp_buff, cb, cb_arg);
1413 cp = comm_point_create_udp_ancil(base, ports->fd,
1414 front->udp_buff, cb, cb_arg, ports->socket);
13251415 if(!cp) {
1326 log_err("can't create commpoint");
1416 log_err("can't create commpoint");
13271417 listen_delete(front);
13281418 return NULL;
13291419 }
1420 if(http_notls && ports->ftype == listen_type_http)
1421 cp->ssl = NULL;
1422 else
1423 cp->ssl = sslctx;
13301424 cp->dtenv = dtenv;
13311425 cp->do_not_close = 1;
13321426 #ifdef USE_DNSCRYPT
13871481 #endif
13881482 sldns_buffer_free(front->udp_buff);
13891483 free(front);
1390 if(stream_wait_lock_inited) {
1391 stream_wait_lock_inited = 0;
1392 lock_basic_destroy(&stream_wait_count_lock);
1393 }
1394 if(http2_query_buffer_lock_inited) {
1395 http2_query_buffer_lock_inited = 0;
1396 lock_basic_destroy(&http2_query_buffer_count_lock);
1397 }
1398 if(http2_response_buffer_lock_inited) {
1399 http2_response_buffer_lock_inited = 0;
1400 lock_basic_destroy(&http2_response_buffer_count_lock);
1401 }
14021484 }
14031485
14041486 #ifdef HAVE_GETIFADDRS
15051587 }
15061588 #endif /* HAVE_GETIFADDRS */
15071589
1508 int resolve_interface_names(struct config_file* cfg, char*** resif,
1509 int* num_resif)
1590 int resolve_interface_names(char** ifs, int num_ifs,
1591 struct config_strlist* list, char*** resif, int* num_resif)
15101592 {
15111593 #ifdef HAVE_GETIFADDRS
1512 int i;
15131594 struct ifaddrs *addrs = NULL;
1514 if(cfg->num_ifs == 0) {
1595 if(num_ifs == 0 && list == NULL) {
15151596 *resif = NULL;
15161597 *num_resif = 0;
15171598 return 1;
15221603 freeifaddrs(addrs);
15231604 return 0;
15241605 }
1525 for(i=0; i<cfg->num_ifs; i++) {
1526 if(!resolve_ifa_name(addrs, cfg->ifs[i], resif, num_resif)) {
1527 freeifaddrs(addrs);
1528 config_del_strarray(*resif, *num_resif);
1529 *resif = NULL;
1530 *num_resif = 0;
1531 return 0;
1532 }
1606 if(ifs) {
1607 int i;
1608 for(i=0; i<num_ifs; i++) {
1609 if(!resolve_ifa_name(addrs, ifs[i], resif, num_resif)) {
1610 freeifaddrs(addrs);
1611 config_del_strarray(*resif, *num_resif);
1612 *resif = NULL;
1613 *num_resif = 0;
1614 return 0;
1615 }
1616 }
1617 }
1618 if(list) {
1619 struct config_strlist* p;
1620 for(p = list; p; p = p->next) {
1621 if(!resolve_ifa_name(addrs, p->str, resif, num_resif)) {
1622 freeifaddrs(addrs);
1623 config_del_strarray(*resif, *num_resif);
1624 *resif = NULL;
1625 *num_resif = 0;
1626 return 0;
1627 }
1628 }
15331629 }
15341630 freeifaddrs(addrs);
15351631 return 1;
15361632 #else
1537 int i;
1538 if(cfg->num_ifs == 0) {
1633 struct config_strlist* p;
1634 if(num_ifs == 0 && list == NULL) {
15391635 *resif = NULL;
15401636 *num_resif = 0;
15411637 return 1;
15421638 }
1543 *num_resif = cfg->num_ifs;
1639 *num_resif = num_ifs;
1640 for(p = list; p; p = p->next) {
1641 (*num_resif)++;
1642 }
15441643 *resif = calloc(*num_resif, sizeof(**resif));
15451644 if(!*resif) {
15461645 log_err("out of memory");
15471646 return 0;
15481647 }
1549 for(i=0; i<*num_resif; i++) {
1550 (*resif)[i] = strdup(cfg->ifs[i]);
1551 if(!((*resif)[i])) {
1552 log_err("out of memory");
1553 config_del_strarray(*resif, *num_resif);
1554 *resif = NULL;
1555 *num_resif = 0;
1556 return 0;
1648 if(ifs) {
1649 int i;
1650 for(i=0; i<num_ifs; i++) {
1651 (*resif)[i] = strdup(ifs[i]);
1652 if(!((*resif)[i])) {
1653 log_err("out of memory");
1654 config_del_strarray(*resif, *num_resif);
1655 *resif = NULL;
1656 *num_resif = 0;
1657 return 0;
1658 }
1659 }
1660 }
1661 if(list) {
1662 int idx = num_ifs;
1663 for(p = list; p; p = p->next) {
1664 (*resif)[idx] = strdup(p->str);
1665 if(!((*resif)[idx])) {
1666 log_err("out of memory");
1667 config_del_strarray(*resif, *num_resif);
1668 *resif = NULL;
1669 *num_resif = 0;
1670 return 0;
1671 }
1672 idx++;
15571673 }
15581674 }
15591675 return 1;
16551771 }
16561772 }
16571773 }
1774
16581775 return list;
16591776 }
16601777
16651782 nx = list->next;
16661783 if(list->fd != -1) {
16671784 sock_close(list->fd);
1785 }
1786 /* rc_ports don't have ub_socket */
1787 if(list->socket) {
1788 freeaddrinfo(list->socket->addr);
1789 free(list->socket);
16681790 }
16691791 free(list);
16701792 list = nx;
23702492 "buffer already assigned to stream");
23712493 return -1;
23722494 }
2495
2496 /* the c->buffer might be used by mesh_send_reply and no be cleard
2497 * need to be cleared before use */
2498 sldns_buffer_clear(h2_session->c->buffer);
23732499 if(sldns_buffer_remaining(h2_session->c->buffer) <
23742500 sldns_buffer_remaining(h2_stream->qbuffer)) {
23752501 /* qbuffer will be free'd in frame close cb */
24992625 int ret;
25002626 if(frame->hd.type != NGHTTP2_HEADERS ||
25012627 frame->headers.cat != NGHTTP2_HCAT_REQUEST) {
2502 /* only interrested in request headers */
2628 /* only interested in request headers */
25032629 return 0;
25042630 }
25052631 if(!(h2_stream = http2_stream_create(frame->hd.stream_id))) {
25712697 return 0;
25722698 }
25732699
2574 if(!(b64len = sldns_b64url_pton(
2575 (char const *)start, length,
2576 sldns_buffer_current(h2_stream->qbuffer),
2577 expectb64len)) || b64len < 0) {
2578 lock_basic_lock(&http2_query_buffer_count_lock);
2579 http2_query_buffer_count -= expectb64len;
2580 lock_basic_unlock(&http2_query_buffer_count_lock);
2581 sldns_buffer_free(h2_stream->qbuffer);
2582 h2_stream->qbuffer = NULL;
2583 /* return without error, method can be an
2584 * unknown POST */
2585 return 1;
2700 if(sldns_b64_contains_nonurl((char const*)start, length)) {
2701 char buf[65536+4];
2702 verbose(VERB_ALGO, "HTTP2 stream contains wrong b64 encoding");
2703 /* copy to the scratch buffer temporarily to terminate the
2704 * string with a zero */
2705 if(length+1 > sizeof(buf)) {
2706 /* too long */
2707 lock_basic_lock(&http2_query_buffer_count_lock);
2708 http2_query_buffer_count -= expectb64len;
2709 lock_basic_unlock(&http2_query_buffer_count_lock);
2710 sldns_buffer_free(h2_stream->qbuffer);
2711 h2_stream->qbuffer = NULL;
2712 return 1;
2713 }
2714 memmove(buf, start, length);
2715 buf[length] = 0;
2716 if(!(b64len = sldns_b64_pton(buf, sldns_buffer_current(
2717 h2_stream->qbuffer), expectb64len)) || b64len < 0) {
2718 lock_basic_lock(&http2_query_buffer_count_lock);
2719 http2_query_buffer_count -= expectb64len;
2720 lock_basic_unlock(&http2_query_buffer_count_lock);
2721 sldns_buffer_free(h2_stream->qbuffer);
2722 h2_stream->qbuffer = NULL;
2723 return 1;
2724 }
2725 } else {
2726 if(!(b64len = sldns_b64url_pton(
2727 (char const *)start, length,
2728 sldns_buffer_current(h2_stream->qbuffer),
2729 expectb64len)) || b64len < 0) {
2730 lock_basic_lock(&http2_query_buffer_count_lock);
2731 http2_query_buffer_count -= expectb64len;
2732 lock_basic_unlock(&http2_query_buffer_count_lock);
2733 sldns_buffer_free(h2_stream->qbuffer);
2734 h2_stream->qbuffer = NULL;
2735 /* return without error, method can be an
2736 * unknown POST */
2737 return 1;
2738 }
25862739 }
25872740 sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len);
25882741 return 1;
26002753 * the HEADER */
26012754 if(frame->hd.type != NGHTTP2_HEADERS ||
26022755 frame->headers.cat != NGHTTP2_HCAT_REQUEST) {
2603 /* only interrested in request headers */
2756 /* only interested in request headers */
26042757 return 0;
26052758 }
26062759 if(!(h2_stream = nghttp2_session_get_stream_user_data(session,
26962849 h2_stream->query_too_large = 1;
26972850 return 0;
26982851 }
2699 /* guaranteed to only contian digits and be null terminated */
2852 /* guaranteed to only contain digits and be null terminated */
27002853 h2_stream->content_length = atoi((const char*)value);
27012854 if(h2_stream->content_length >
27022855 h2_session->c->http2_stream_max_qbuffer_size) {
27362889 /* setting this to msg-buffer-size can result in a lot
27372890 * of memory consuption. Most queries should fit in a
27382891 * single DATA frame, and most POST queries will
2739 * containt content-length which does not impose this
2892 * contain content-length which does not impose this
27402893 * limit. */
27412894 qlen = len;
27422895 }
+30
-3
services/listen_dnsport.h less more
101101 listen_type_http
102102 };
103103
104 /*
105 * socket properties (just like NSD nsd_socket structure definition)
106 */
107 struct unbound_socket {
108 /** socket-address structure */
109 struct addrinfo * addr;
110 /** socket descriptor returned by socket() syscall */
111 int s;
112 /** address family (AF_INET/IF_INET6) */
113 int fam;
114 };
115
104116 /**
105117 * Single linked list to store shared ports that have been
106118 * opened for use by all threads.
112124 int fd;
113125 /** type of file descriptor, udp or tcp */
114126 enum listen_type ftype;
127 /** fill in unbpound_socket structure for every opened socket at Unbound startup */
128 struct unbound_socket* socket;
115129 };
116130
117131 /**
135149 */
136150 void listening_ports_free(struct listen_port* list);
137151
152 struct config_strlist;
138153 /**
139154 * Resolve interface names in config and store result IP addresses
140 * @param cfg: config
155 * @param ifs: array of interfaces. The list of interface names, if not NULL.
156 * @param num_ifs: length of ifs array.
157 * @param list: if not NULL, this is used as the list of interface names.
141158 * @param resif: string array (malloced array of malloced strings) with
142159 * result. NULL if cfg has none.
143160 * @param num_resif: length of resif. Zero if cfg has zero num_ifs.
144161 * @return 0 on failure.
145162 */
146 int resolve_interface_names(struct config_file* cfg, char*** resif,
147 int* num_resif);
163 int resolve_interface_names(char** ifs, int num_ifs,
164 struct config_strlist* list, char*** resif, int* num_resif);
148165
149166 /**
150167 * Create commpoints with for this thread for the shared ports.
180197 * @param listen: listening structure.
181198 */
182199 void listen_delete(struct listen_dnsport* listen);
200
201 /** setup the locks for the listen ports */
202 void listen_setup_locks(void);
203 /** desetup the locks for the listen ports */
204 void listen_desetup_locks(void);
183205
184206 /**
185207 * delete listen_list of commpoints. Calls commpointdelete() on items.
423445
424446 char* set_ip_dscp(int socket, int addrfamily, int ds);
425447
448 /** for debug and profiling purposes only
449 * @param ub_sock: the structure containing created socket info we want to print or log for
450 */
451 void verbose_print_unbound_socket(struct unbound_socket* ub_sock);
452
426453 #endif /* LISTEN_DNSPORT_H */
+112
-41
services/localzone.c less more
5555 * with 16 bytes for an A record, a 64K packet has about 4000 max */
5656 #define LOCALZONE_RRSET_COUNT_MAX 4096
5757
58 /** print all RRsets in local zone */
59 static void
60 local_zone_out(struct local_zone* z)
61 {
62 struct local_data* d;
63 struct local_rrset* p;
64 RBTREE_FOR(d, struct local_data*, &z->data) {
65 for(p = d->rrsets; p; p = p->next) {
66 log_nametypeclass(NO_VERBOSE, "rrset", d->name,
67 ntohs(p->rrset->rk.type),
68 ntohs(p->rrset->rk.rrset_class));
69 }
70 }
71 }
72
73 static void
74 local_zone_print(struct local_zone* z)
75 {
76 char buf[64];
77 lock_rw_rdlock(&z->lock);
78 snprintf(buf, sizeof(buf), "%s zone",
79 local_zone_type2str(z->type));
80 log_nametypeclass(NO_VERBOSE, buf, z->name, 0, z->dclass);
81 local_zone_out(z);
82 lock_rw_unlock(&z->lock);
83 }
84
85 void local_zones_print(struct local_zones* zones)
86 {
87 struct local_zone* z;
88 lock_rw_rdlock(&zones->lock);
89 log_info("number of auth zones %u", (unsigned)zones->ztree.count);
90 RBTREE_FOR(z, struct local_zone*, &zones->ztree) {
91 local_zone_print(z);
92 }
93 lock_rw_unlock(&zones->lock);
94 }
95
5896 struct local_zones*
5997 local_zones_create(void)
6098 {
464502
465503 /* Mark the SOA record for the zone. This only marks the SOA rrset; the data
466504 * for the RR is entered later on local_zone_enter_rr() as with the other
467 * records. An artifical soa_negative record with a modified TTL (minimum of
505 * records. An artificial soa_negative record with a modified TTL (minimum of
468506 * the TTL and the SOA.MINIMUM) is also created and marked for usage with
469507 * negative answers and to avoid allocations during those answers. */
470508 static int
744782 lz_enter_zones(struct local_zones* zones, struct config_file* cfg)
745783 {
746784 struct config_str2list* p;
785 #ifndef THREADS_DISABLED
747786 struct local_zone* z;
787 #endif
748788 for(p = cfg->local_zones; p; p = p->next) {
749 if(!(z=lz_enter_zone(zones, p->str, p->str2,
789 if(!(
790 #ifndef THREADS_DISABLED
791 z=
792 #endif
793 lz_enter_zone(zones, p->str, p->str2,
750794 LDNS_RR_CLASS_IN)))
751795 return 0;
752796 lock_rw_unlock(&z->lock);
890934 return 0;
891935 }
892936 lock_rw_unlock(&z->lock);
937 }
938 /* home.arpa. zone (RFC 8375) */
939 if(!add_empty_default(zones, cfg, "home.arpa.")) {
940 log_err("out of memory adding default zone");
941 return 0;
893942 }
894943 /* onion. zone (RFC 7686) */
895944 if(!add_empty_default(zones, cfg, "onion.")) {
9981047 lock_rw_rdlock(&zones->lock);
9991048 if(!local_zones_lookup(zones, rr_name, len, labs, rr_class,
10001049 rr_type)) {
1050 /* Check if there is a zone that this could go
1051 * under but for different class; created zones are
1052 * always for LDNS_RR_CLASS_IN. Create the zone with
1053 * a different class but the same configured
1054 * local_zone_type. */
1055 struct local_zone* z = local_zones_lookup(zones,
1056 rr_name, len, labs, LDNS_RR_CLASS_IN, rr_type);
1057 if(z) {
1058 uint8_t* name = memdup(z->name, z->namelen);
1059 size_t znamelen = z->namelen;
1060 int znamelabs = z->namelabs;
1061 enum localzone_type ztype = z->type;
1062 lock_rw_unlock(&zones->lock);
1063 if(!name) {
1064 log_err("out of memory");
1065 free(rr_name);
1066 return 0;
1067 }
1068 if(!(
1069 #ifndef THREADS_DISABLED
1070 z =
1071 #endif
1072 lz_enter_zone_dname(zones, name,
1073 znamelen, znamelabs,
1074 ztype, rr_class))) {
1075 free(rr_name);
1076 return 0;
1077 }
1078 lock_rw_unlock(&z->lock);
1079 free(rr_name);
1080 continue;
1081 }
10011082 if(!have_name) {
10021083 dclass = rr_class;
10031084 nm = rr_name;
10261107 }
10271108 if(have_name) {
10281109 uint8_t* n2;
1110 #ifndef THREADS_DISABLED
10291111 struct local_zone* z;
1112 #endif
10301113 /* allocate zone of smallest shared topdomain to contain em */
10311114 n2 = nm;
10321115 dname_remove_labels(&n2, &nmlen, nmlabs - match);
10381121 }
10391122 log_nametypeclass(VERB_ALGO, "implicit transparent local-zone",
10401123 n2, 0, dclass);
1041 if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match,
1124 if(!(
1125 #ifndef THREADS_DISABLED
1126 z=
1127 #endif
1128 lz_enter_zone_dname(zones, n2, nmlen, match,
10421129 local_zone_transparent, dclass))) {
10431130 return 0;
10441131 }
12001287 key.namelabs = labs;
12011288 *exact = rbtree_find_less_equal(&zones->ztree, &key, &node);
12021289 return (struct local_zone*)node;
1203 }
1204
1205 /** print all RRsets in local zone */
1206 static void
1207 local_zone_out(struct local_zone* z)
1208 {
1209 struct local_data* d;
1210 struct local_rrset* p;
1211 RBTREE_FOR(d, struct local_data*, &z->data) {
1212 for(p = d->rrsets; p; p = p->next) {
1213 log_nametypeclass(NO_VERBOSE, "rrset", d->name,
1214 ntohs(p->rrset->rk.type),
1215 ntohs(p->rrset->rk.rrset_class));
1216 }
1217 }
1218 }
1219
1220 void local_zones_print(struct local_zones* zones)
1221 {
1222 struct local_zone* z;
1223 lock_rw_rdlock(&zones->lock);
1224 log_info("number of auth zones %u", (unsigned)zones->ztree.count);
1225 RBTREE_FOR(z, struct local_zone*, &zones->ztree) {
1226 char buf[64];
1227 lock_rw_rdlock(&z->lock);
1228 snprintf(buf, sizeof(buf), "%s zone",
1229 local_zone_type2str(z->type));
1230 log_nametypeclass(NO_VERBOSE, buf, z->name, 0, z->dclass);
1231 local_zone_out(z);
1232 lock_rw_unlock(&z->lock);
1233 }
1234 lock_rw_unlock(&zones->lock);
12351290 }
12361291
12371292 /** encode answer consisting of 1 rrset */
12811336
12821337 if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
12831338 rcode, edns, repinfo, temp, env->now_tv))
1284 edns->opt_list = NULL;
1339 edns->opt_list_inplace_cb_out = NULL;
12851340 error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
12861341 sldns_buffer_read_u16_at(buf, 2), edns);
12871342 }
15081563 /* write qname */
15091564 memmove(d->rr_data[0] + sizeof(uint16_t), qinfo->qname,
15101565 qinfo->qname_len - 1);
1511 /* write cname target wilcard wildcard label */
1566 /* write cname target wildcard label */
15121567 memmove(d->rr_data[0] + sizeof(uint16_t) +
15131568 qinfo->qname_len - 1, ctarget + 2,
15141569 ctargetlen - 2);
15551610 lr = local_data_find_type(ld, qinfo->qtype, 1);
15561611 /* local_zone_typetransparent */
15571612 return (lr == NULL);
1613 }
1614
1615 static inline int
1616 local_zone_is_udp_query(struct comm_reply* repinfo) {
1617 return repinfo != NULL
1618 ? (repinfo->c != NULL
1619 ? repinfo->c->type == comm_udp
1620 : 0)
1621 : 0;
15581622 }
15591623
15601624 int
15791643 lz_type == local_zone_redirect ||
15801644 lz_type == local_zone_inform_redirect ||
15811645 lz_type == local_zone_always_nxdomain ||
1582 lz_type == local_zone_always_nodata) {
1646 lz_type == local_zone_always_nodata ||
1647 (lz_type == local_zone_truncate
1648 && local_zone_is_udp_query(repinfo))) {
15831649 /* for static, reply nodata or nxdomain
15841650 * for redirect, reply nodata */
15851651 /* no additional section processing,
15891655 */
15901656 int rcode = (ld || lz_type == local_zone_redirect ||
15911657 lz_type == local_zone_inform_redirect ||
1592 lz_type == local_zone_always_nodata)?
1658 lz_type == local_zone_always_nodata ||
1659 lz_type == local_zone_truncate)?
15931660 LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN;
1594 if(z->soa && z->soa_negative)
1661 rcode = (lz_type == local_zone_truncate ? (rcode|BIT_TC) : rcode);
1662 if(z != NULL && z->soa && z->soa_negative)
15951663 return local_encode(qinfo, env, edns, repinfo, buf, temp,
15961664 z->soa_negative, 0, rcode);
15971665 local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode,
16481716 * does not, then we should make this noerror/nodata */
16491717 if(ld && ld->rrsets) {
16501718 int rcode = LDNS_RCODE_NOERROR;
1651 if(z->soa && z->soa_negative)
1719 if(z != NULL && z->soa && z->soa_negative)
16521720 return local_encode(qinfo, env, edns, repinfo, buf, temp,
16531721 z->soa_negative, 0, rcode);
16541722 local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode,
18471915 case local_zone_always_deny: return "always_deny";
18481916 case local_zone_always_null: return "always_null";
18491917 case local_zone_noview: return "noview";
1918 case local_zone_truncate: return "truncate";
18501919 case local_zone_invalid: return "invalid";
18511920 }
18521921 return "badtyped";
18861955 *t = local_zone_always_null;
18871956 else if(strcmp(type, "noview") == 0)
18881957 *t = local_zone_noview;
1958 else if(strcmp(type, "truncate") == 0)
1959 *t = local_zone_truncate;
18891960 else if(strcmp(type, "nodefault") == 0)
18901961 *t = local_zone_nodefault;
18911962 else return 0;
+6
-2
services/localzone.h less more
100100 local_zone_always_null,
101101 /** answer not from the view, but global or no-answer */
102102 local_zone_noview,
103 /** truncate the response; client should retry via tcp */
104 local_zone_truncate,
103105 /** Invalid type, cannot be used to generate answer */
104106 local_zone_invalid
105107 };
157159 rbtree_type data;
158160 /** if data contains zone apex SOA data, this is a ptr to it. */
159161 struct ub_packed_rrset_key* soa;
160 /** if data contains zone apex SOA data, this is a prt to an
162 /** if data contains zone apex SOA data, this is a ptr to an
161163 * artificial negative SOA rrset (TTL is the minimum of the TTL and the
162164 * SOA.MINIMUM). */
163165 struct ub_packed_rrset_key* soa_negative;
254256 * @param dclass: class to lookup.
255257 * @param dtype: type to lookup, if type DS a zone higher is used for zonecuts.
256258 * @param taglist: taglist to lookup.
257 * @param taglen: lenth of taglist.
259 * @param taglen: length of taglist.
258260 * @param ignoretags: lookup zone by name and class, regardless the
259261 * local-zone's tags.
260262 * @return closest local_zone or NULL if no covering zone is found.
562564 respip_always_nodata = local_zone_always_nodata,
563565 /** answer with nodata response */
564566 respip_always_deny = local_zone_always_deny,
567 /** RPZ: truncate answer in order to force switch to tcp */
568 respip_truncate = local_zone_truncate,
565569
566570 /* The rest of the values are only possible as
567571 * access-control-tag-action */
+69
-43
services/mesh.c less more
9898 {
9999 #ifndef S_SPLINT_S
100100 size_t leftover;
101 if(d == 0) {
101 if(d <= 0) {
102102 avg->tv_sec = 0;
103103 avg->tv_usec = 0;
104104 return;
107107 avg->tv_usec = sum->tv_usec / d;
108108 /* handle fraction from seconds divide */
109109 leftover = sum->tv_sec - avg->tv_sec*d;
110 avg->tv_usec += (leftover*1000000)/d;
110 if(leftover <= 0)
111 leftover = 0;
112 avg->tv_usec += (((long long)leftover)*((long long)1000000))/d;
113 if(avg->tv_sec < 0)
114 avg->tv_sec = 0;
115 if(avg->tv_usec < 0)
116 avg->tv_usec = 0;
111117 #endif
112118 }
113119
432438 mstate->s.serve_expired_data->get_cached_answer =
433439 mstate->s.serve_expired_data->get_cached_answer?
434440 mstate->s.serve_expired_data->get_cached_answer:
435 mesh_serve_expired_lookup;
441 &mesh_serve_expired_lookup;
436442
437443 /* In case this timer already popped, start it again */
438444 if(!mstate->s.serve_expired_data->timer) {
454460 struct edns_data* edns, struct comm_reply* rep, uint16_t qid)
455461 {
456462 struct mesh_state* s = NULL;
457 int unique = unique_mesh_state(edns->opt_list, mesh->env);
463 int unique = unique_mesh_state(edns->opt_list_in, mesh->env);
458464 int was_detached = 0;
459465 int was_noreply = 0;
460466 int added = 0;
498504 log_err("mesh_state_create: out of memory; SERVFAIL");
499505 if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL,
500506 LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv))
501 edns->opt_list = NULL;
507 edns->opt_list_inplace_cb_out = NULL;
502508 error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
503509 qinfo, qid, qflags, edns);
504510 comm_point_send_reply(rep);
507513 if(unique)
508514 mesh_state_make_unique(s);
509515 /* copy the edns options we got from the front */
510 if(edns->opt_list) {
511 s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list,
516 if(edns->opt_list_in) {
517 s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list_in,
512518 s->s.region);
513519 if(!s->s.edns_opts_front_in) {
514520 log_err("mesh_state_create: out of memory; SERVFAIL");
515521 if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL,
516522 NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv))
517 edns->opt_list = NULL;
523 edns->opt_list_inplace_cb_out = NULL;
518524 error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
519525 qinfo, qid, qflags, edns);
520526 comm_point_send_reply(rep);
587593 servfail_mem:
588594 if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, &s->s,
589595 NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv))
590 edns->opt_list = NULL;
596 edns->opt_list_inplace_cb_out = NULL;
591597 error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
592598 qinfo, qid, qflags, edns);
593599 comm_point_send_reply(rep);
602608 uint16_t qid, mesh_cb_func_type cb, void* cb_arg)
603609 {
604610 struct mesh_state* s = NULL;
605 int unique = unique_mesh_state(edns->opt_list, mesh->env);
611 int unique = unique_mesh_state(edns->opt_list_in, mesh->env);
606612 int timeout = mesh->env->cfg->serve_expired?
607613 mesh->env->cfg->serve_expired_client_timeout:0;
608614 int was_detached = 0;
625631 }
626632 if(unique)
627633 mesh_state_make_unique(s);
628 if(edns->opt_list) {
629 s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list,
634 if(edns->opt_list_in) {
635 s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list_in,
630636 s->s.region);
631637 if(!s->s.edns_opts_front_in) {
632638 return 0;
11381144 if(rcode == LDNS_RCODE_SERVFAIL) {
11391145 if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
11401146 rep, rcode, &r->edns, NULL, m->s.region, start_time))
1141 r->edns.opt_list = NULL;
1147 r->edns.opt_list_inplace_cb_out = NULL;
11421148 } else {
11431149 if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
11441150 &r->edns, NULL, m->s.region, start_time))
1145 r->edns.opt_list = NULL;
1151 r->edns.opt_list_inplace_cb_out = NULL;
11461152 }
11471153 fptr_ok(fptr_whitelist_mesh_cb(r->cb));
11481154 (*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL,
11761182 m->s.env->mesh->num_reply_addrs--;
11771183 }
11781184
1185 static inline int
1186 mesh_is_rpz_respip_tcponly_action(struct mesh_state const* m)
1187 {
1188 struct respip_action_info const* respip_info = m->s.respip_action_info;
1189 return respip_info == NULL
1190 ? 0
1191 : (respip_info->rpz_used
1192 && !respip_info->rpz_disabled
1193 && respip_info->action == respip_truncate);
1194 }
1195
1196 static inline int
1197 mesh_is_udp(struct mesh_reply const* r) {
1198 return r->query_reply.c->type == comm_udp;
1199 }
1200
11791201 /**
11801202 * Send reply to mesh reply entry
11811203 * @param m: mesh state to send it for.
11941216 struct timeval end_time;
11951217 struct timeval duration;
11961218 int secure;
1197 /* Copy the client's EDNS for later restore, to make sure the edns
1198 * compare is with the correct edns options. */
1199 struct edns_data edns_bak = r->edns;
12001219 /* briefly set the replylist to null in case the
12011220 * meshsendreply calls tcpreqinfo sendreply that
12021221 * comm_point_drops because of size, and then the
12031222 * null stops the mesh state remove and thus
12041223 * reply_list modification and accounting */
12051224 struct mesh_reply* rlist = m->reply_list;
1225
1226 /* rpz: apply actions */
1227 rcode = mesh_is_udp(r) && mesh_is_rpz_respip_tcponly_action(m)
1228 ? (rcode|BIT_TC) : rcode;
1229
12061230 /* examine security status */
12071231 if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) ||
12081232 m->s.env->cfg->ignore_cd) && rep &&
12411265 prev->edns.edns_present == r->edns.edns_present &&
12421266 prev->edns.bits == r->edns.bits &&
12431267 prev->edns.udp_size == r->edns.udp_size &&
1244 edns_opt_list_compare(prev->edns.opt_list, r->edns.opt_list)
1245 == 0) {
1268 edns_opt_list_compare(prev->edns.opt_list_out, r->edns.opt_list_out) == 0 &&
1269 edns_opt_list_compare(prev->edns.opt_list_inplace_cb_out, r->edns.opt_list_inplace_cb_out) == 0
1270 ) {
12461271 /* if the previous reply is identical to this one, fix ID */
12471272 if(prev_buffer != r_buffer)
12481273 sldns_buffer_copy(r_buffer, prev_buffer);
12581283 if(rcode == LDNS_RCODE_SERVFAIL) {
12591284 if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
12601285 rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time))
1261 r->edns.opt_list = NULL;
1286 r->edns.opt_list_inplace_cb_out = NULL;
12621287 } else {
12631288 if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
12641289 &r->edns, &r->query_reply, m->s.region, &r->start_time))
1265 r->edns.opt_list = NULL;
1290 r->edns.opt_list_inplace_cb_out = NULL;
12661291 }
12671292 error_encode(r_buffer, rcode, &m->s.qinfo, r->qid,
12681293 r->qflags, &r->edns);
12791304 m->s.qinfo.local_alias = r->local_alias;
12801305 if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep,
12811306 LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region, &r->start_time) ||
1282 !apply_edns_options(&r->edns, &edns_bak,
1283 m->s.env->cfg, r->query_reply.c,
1284 m->s.region) ||
12851307 !reply_info_answer_encode(&m->s.qinfo, rep, r->qid,
12861308 r->qflags, r_buffer, 0, 1, m->s.env->scratch,
12871309 udp_size, &r->edns, (int)(r->edns.bits & EDNS_DO),
12891311 {
12901312 if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
12911313 rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time))
1292 r->edns.opt_list = NULL;
1314 r->edns.opt_list_inplace_cb_out = NULL;
12931315 error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
12941316 &m->s.qinfo, r->qid, r->qflags, &r->edns);
12951317 }
1296 r->edns = edns_bak;
12971318 m->reply_list = NULL;
12981319 comm_point_send_reply(&r->query_reply);
12991320 m->reply_list = rlist;
13391360 }
13401361 if(mstate->s.return_rcode == LDNS_RCODE_SERVFAIL ||
13411362 (rep && FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_SERVFAIL)) {
1342 /* we are SERVFAILing; check for expired asnwer here */
1363 /* we are SERVFAILing; check for expired answer here */
13431364 mesh_serve_expired_callback(mstate);
13441365 if((mstate->reply_list || mstate->cb_list)
13451366 && mstate->s.env->cfg->log_servfail
14811502 r->cb = cb;
14821503 r->cb_arg = cb_arg;
14831504 r->edns = *edns;
1484 if(edns->opt_list) {
1485 r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
1486 s->s.region);
1487 if(!r->edns.opt_list)
1488 return 0;
1489 }
1505 if(edns->opt_list_in && !(r->edns.opt_list_in =
1506 edns_opt_copy_region(edns->opt_list_in, s->s.region)))
1507 return 0;
1508 if(edns->opt_list_out && !(r->edns.opt_list_out =
1509 edns_opt_copy_region(edns->opt_list_out, s->s.region)))
1510 return 0;
1511 if(edns->opt_list_inplace_cb_out && !(r->edns.opt_list_inplace_cb_out =
1512 edns_opt_copy_region(edns->opt_list_inplace_cb_out, s->s.region)))
1513 return 0;
14901514 r->qid = qid;
14911515 r->qflags = qflags;
14921516 r->next = s->cb_list;
15051529 return 0;
15061530 r->query_reply = *rep;
15071531 r->edns = *edns;
1508 if(edns->opt_list) {
1509 r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
1510 s->s.region);
1511 if(!r->edns.opt_list)
1512 return 0;
1513 }
1532 if(edns->opt_list_in && !(r->edns.opt_list_in =
1533 edns_opt_copy_region(edns->opt_list_in, s->s.region)))
1534 return 0;
1535 if(edns->opt_list_out && !(r->edns.opt_list_out =
1536 edns_opt_copy_region(edns->opt_list_out, s->s.region)))
1537 return 0;
1538 if(edns->opt_list_inplace_cb_out && !(r->edns.opt_list_inplace_cb_out =
1539 edns_opt_copy_region(edns->opt_list_inplace_cb_out, s->s.region)))
1540 return 0;
15141541 r->qid = qid;
15151542 r->qflags = qflags;
15161543 r->start_time = *s->s.env->now_tv;
15561583 return 0;
15571584
15581585 /* the rrset is not packed, like in the cache, but it is
1559 * individualy allocated with an allocator from localzone. */
1586 * individually allocated with an allocator from localzone. */
15601587 d = regional_alloc_zero(s->s.region, sizeof(*d));
15611588 if(!d)
15621589 return 0;
18121839 {
18131840 struct mesh_area* mesh = qstate->env->mesh;
18141841 struct mesh_state* dep_m = NULL;
1815 if(!mesh_state_is_unique(qstate->mesh_info))
1816 dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec);
1842 dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec);
18171843 return mesh_detect_cycle_found(qstate, dep_m);
18181844 }
18191845
19401966 while(1) {
19411967 fptr_ok(fptr_whitelist_serve_expired_lookup(
19421968 qstate->serve_expired_data->get_cached_answer));
1943 msg = qstate->serve_expired_data->get_cached_answer(qstate,
1969 msg = (*qstate->serve_expired_data->get_cached_answer)(qstate,
19441970 lookup_qinfo);
19451971 if(!msg)
19461972 return;
+32
-33
services/modstack.c less more
8787 return num;
8888 }
8989
90 void
90 void
9191 modstack_init(struct module_stack* stack)
9292 {
9393 stack->num = 0;
9494 stack->mod = NULL;
9595 }
9696
97 int
97 int
9898 modstack_config(struct module_stack* stack, const char* module_conf)
9999 {
100 int i;
101 verbose(VERB_QUERY, "module config: \"%s\"", module_conf);
102 stack->num = count_modules(module_conf);
103 if(stack->num == 0) {
104 log_err("error: no modules specified");
105 return 0;
106 }
107 if(stack->num > MAX_MODULE) {
108 log_err("error: too many modules (%d max %d)",
109 stack->num, MAX_MODULE);
110 return 0;
111 }
112 stack->mod = (struct module_func_block**)calloc((size_t)
113 stack->num, sizeof(struct module_func_block*));
114 if(!stack->mod) {
115 log_err("out of memory");
116 return 0;
117 }
118 for(i=0; i<stack->num; i++) {
119 stack->mod[i] = module_factory(&module_conf);
120 if(!stack->mod[i]) {
100 int i;
101 verbose(VERB_QUERY, "module config: \"%s\"", module_conf);
102 stack->num = count_modules(module_conf);
103 if(stack->num == 0) {
104 log_err("error: no modules specified");
105 return 0;
106 }
107 if(stack->num > MAX_MODULE) {
108 log_err("error: too many modules (%d max %d)",
109 stack->num, MAX_MODULE);
110 return 0;
111 }
112 stack->mod = (struct module_func_block**)calloc((size_t)
113 stack->num, sizeof(struct module_func_block*));
114 if(!stack->mod) {
115 log_err("out of memory");
116 return 0;
117 }
118 for(i=0; i<stack->num; i++) {
119 stack->mod[i] = module_factory(&module_conf);
120 if(!stack->mod[i]) {
121121 char md[256];
122122 snprintf(md, sizeof(md), "%s", module_conf);
123123 if(strchr(md, ' ')) *(strchr(md, ' ')) = 0;
124124 if(strchr(md, '\t')) *(strchr(md, '\t')) = 0;
125 log_err("Unknown value in module-config, module: '%s'."
125 log_err("Unknown value in module-config, module: '%s'."
126126 " This module is not present (not compiled in),"
127 " See the list of linked modules with unbound -h",
128 md);
129 return 0;
130 }
131 }
132 return 1;
127 " See the list of linked modules with unbound -V", md);
128 return 0;
129 }
130 }
131 return 1;
133132 }
134133
135134 /** The list of module names */
136135 const char**
137136 module_list_avail(void)
138137 {
139 /* these are the modules available */
140 static const char* names[] = {
138 /* these are the modules available */
139 static const char* names[] = {
141140 "dns64",
142141 #ifdef WITH_PYTHONMODULE
143142 "python",
155154 "subnetcache",
156155 #endif
157156 #ifdef USE_IPSET
158 "ipset",
157 "ipset",
159158 #endif
160159 "respip",
161160 "validator",
+1
-1
services/outbound_list.h less more
7878 * Clear the user owner outbound list structure.
7979 * Deletes serviced queries.
8080 * @param list: the list structure. It is cleared, but the list struct itself
81 * is callers responsability to delete.
81 * is callers responsibility to delete.
8282 */
8383 void outbound_list_clear(struct outbound_list* list);
8484
+579
-198
services/outside_network.c less more
8989 static void waiting_list_remove(struct outside_network* outnet,
9090 struct waiting_tcp* w);
9191
92 /** remove reused element from tree and lru list */
93 static void reuse_tcp_remove_tree_list(struct outside_network* outnet,
92 /** select a DNS ID for a TCP stream */
93 static uint16_t tcp_select_id(struct outside_network* outnet,
9494 struct reuse_tcp* reuse);
95
96 /** Perform serviced query UDP sending operation */
97 static int serviced_udp_send(struct serviced_query* sq, sldns_buffer* buff);
98
99 /** Send serviced query over TCP return false on initial failure */
100 static int serviced_tcp_send(struct serviced_query* sq, sldns_buffer* buff);
101
102 /** call the callbacks for a serviced query */
103 static void serviced_callbacks(struct serviced_query* sq, int error,
104 struct comm_point* c, struct comm_reply* rep);
95105
96106 int
97107 pending_cmp(const void* key1, const void* key2)
197207 * Pick random outgoing-interface of that family, and bind it.
198208 * port set to 0 so OS picks a port number for us.
199209 * if it is the ANY address, do not bind.
210 * @param pend: pending tcp structure, for storing the local address choice.
200211 * @param w: tcp structure with destination address.
201212 * @param s: socket fd.
202213 * @return false on error, socket closed.
203214 */
204215 static int
205 pick_outgoing_tcp(struct waiting_tcp* w, int s)
216 pick_outgoing_tcp(struct pending_tcp* pend, struct waiting_tcp* w, int s)
206217 {
207218 struct port_if* pi = NULL;
208219 int num;
220 pend->pi = NULL;
209221 #ifdef INET6
210222 if(addr_is_ip6(&w->addr, w->addrlen))
211223 num = w->outnet->num_ip6;
225237 #endif
226238 pi = &w->outnet->ip4_ifs[ub_random_max(w->outnet->rnd, num)];
227239 log_assert(pi);
240 pend->pi = pi;
228241 if(addr_is_any(&pi->addr, pi->addrlen)) {
229242 /* binding to the ANY interface is for listening sockets */
230243 return 1;
234247 ((struct sockaddr_in6*)&pi->addr)->sin6_port = 0;
235248 else ((struct sockaddr_in*)&pi->addr)->sin_port = 0;
236249 if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) {
237 log_err("outgoing tcp: bind: %s", sock_strerror(errno));
250 #ifndef USE_WINSOCK
251 #ifdef EADDRNOTAVAIL
252 if(!(verbosity < 4 && errno == EADDRNOTAVAIL))
253 #endif
254 #else /* USE_WINSOCK */
255 if(!(verbosity < 4 && WSAGetLastError() == WSAEADDRNOTAVAIL))
256 #endif
257 log_err("outgoing tcp: bind: %s", sock_strerror(errno));
238258 sock_close(s);
239259 return 0;
240260 }
336356 uint16_t port;
337357 char addrbuf[128];
338358 if(verbosity < v) return;
359 if(!reuse || !reuse->pending || !reuse->pending->c)
360 return;
339361 addr_to_str(&reuse->addr, reuse->addrlen, addrbuf, sizeof(addrbuf));
340362 port = ntohs(((struct sockaddr_in*)&reuse->addr)->sin_port);
341363 verbose(v, "%s %s#%u fd %d", msg, addrbuf, (unsigned)port,
355377 w->write_wait_next->write_wait_prev = NULL;
356378 else reuse->write_wait_last = NULL;
357379 w->write_wait_queued = 0;
380 w->write_wait_next = NULL;
381 w->write_wait_prev = NULL;
358382 return w;
359383 }
360384
362386 static void reuse_write_wait_remove(struct reuse_tcp* reuse,
363387 struct waiting_tcp* w)
364388 {
389 log_assert(w);
390 log_assert(w->write_wait_queued);
365391 if(!w)
366392 return;
367393 if(!w->write_wait_queued)
369395 if(w->write_wait_prev)
370396 w->write_wait_prev->write_wait_next = w->write_wait_next;
371397 else reuse->write_wait_first = w->write_wait_next;
398 log_assert(!w->write_wait_prev ||
399 w->write_wait_prev->write_wait_next != w->write_wait_prev);
372400 if(w->write_wait_next)
373401 w->write_wait_next->write_wait_prev = w->write_wait_prev;
374402 else reuse->write_wait_last = w->write_wait_prev;
403 log_assert(!w->write_wait_next
404 || w->write_wait_next->write_wait_prev != w->write_wait_next);
375405 w->write_wait_queued = 0;
406 w->write_wait_next = NULL;
407 w->write_wait_prev = NULL;
376408 }
377409
378410 /** push the element after the last on the writewait list */
383415 log_assert(!w->write_wait_queued);
384416 if(reuse->write_wait_last) {
385417 reuse->write_wait_last->write_wait_next = w;
418 log_assert(reuse->write_wait_last->write_wait_next !=
419 reuse->write_wait_last);
386420 w->write_wait_prev = reuse->write_wait_last;
387421 } else {
388422 reuse->write_wait_first = w;
395429 void
396430 reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w)
397431 {
432 #ifdef UNBOUND_DEBUG
433 rbnode_type* added;
434 #endif
398435 log_assert(w->id_node.key == NULL);
399436 w->id_node.key = w;
437 #ifdef UNBOUND_DEBUG
438 added =
439 #else
440 (void)
441 #endif
400442 rbtree_insert(&reuse->tree_by_id, &w->id_node);
443 log_assert(added); /* should have been added */
401444 }
402445
403446 /** find element in tree by id */
423466 }
424467
425468 /** insert into reuse tcp tree and LRU, false on failure (duplicate) */
426 static int
469 int
427470 reuse_tcp_insert(struct outside_network* outnet, struct pending_tcp* pend_tcp)
428471 {
429472 log_reuse_tcp(VERB_CLIENT, "reuse_tcp_insert", &pend_tcp->reuse);
430473 if(pend_tcp->reuse.item_on_lru_list) {
431474 if(!pend_tcp->reuse.node.key)
432 log_err("internal error: reuse_tcp_insert: on lru list without key");
475 log_err("internal error: reuse_tcp_insert: "
476 "in lru list without key");
433477 return 1;
434478 }
435479 pend_tcp->reuse.node.key = &pend_tcp->reuse;
436480 pend_tcp->reuse.pending = pend_tcp;
437481 if(!rbtree_insert(&outnet->tcp_reuse, &pend_tcp->reuse.node)) {
438 /* this is a duplicate connection, close this one */
439 verbose(VERB_CLIENT, "reuse_tcp_insert: duplicate connection");
440 pend_tcp->reuse.node.key = NULL;
441 return 0;
482 /* We are not in the LRU list but we are already in the
483 * tcp_reuse tree, strange.
484 * Continue to add ourselves to the LRU list. */
485 log_err("internal error: reuse_tcp_insert: in lru list but "
486 "not in the tree");
442487 }
443488 /* insert into LRU, first is newest */
444489 pend_tcp->reuse.lru_prev = NULL;
445490 if(outnet->tcp_reuse_first) {
446491 pend_tcp->reuse.lru_next = outnet->tcp_reuse_first;
492 log_assert(pend_tcp->reuse.lru_next != &pend_tcp->reuse);
447493 outnet->tcp_reuse_first->lru_prev = &pend_tcp->reuse;
494 log_assert(outnet->tcp_reuse_first->lru_prev !=
495 outnet->tcp_reuse_first);
448496 } else {
449497 pend_tcp->reuse.lru_next = NULL;
450498 outnet->tcp_reuse_last = &pend_tcp->reuse;
451499 }
452500 outnet->tcp_reuse_first = &pend_tcp->reuse;
453501 pend_tcp->reuse.item_on_lru_list = 1;
502 log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
503 (outnet->tcp_reuse_first && outnet->tcp_reuse_last));
504 log_assert(outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_next &&
505 outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_prev);
506 log_assert(outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_next &&
507 outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_prev);
454508 return 1;
455509 }
456510
510564 while(result && result != RBTREE_NULL &&
511565 reuse_cmp_addrportssl(result->key, &key_p.reuse) == 0) {
512566 if(((struct reuse_tcp*)result)->tree_by_id.count <
513 MAX_REUSE_TCP_QUERIES) {
567 outnet->max_reuse_tcp_queries) {
514568 /* same address, port, ssl-yes-or-no, and has
515569 * space for another query */
516570 return (struct reuse_tcp*)result;
566620 if(s == -1)
567621 return 0;
568622
569 if(!pick_outgoing_tcp(w, s))
623 if(!pick_outgoing_tcp(pend, w, s))
570624 return 0;
571625
572626 fd_set_nonblock(s);
688742 /** Touch the lru of a reuse_tcp element, it is in use.
689743 * This moves it to the front of the list, where it is not likely to
690744 * be closed. Items at the back of the list are closed to make space. */
691 static void
745 void
692746 reuse_tcp_lru_touch(struct outside_network* outnet, struct reuse_tcp* reuse)
693747 {
694748 if(!reuse->item_on_lru_list) {
695749 log_err("internal error: we need to touch the lru_list but item not in list");
696750 return; /* not on the list, no lru to modify */
697751 }
752 log_assert(reuse->lru_prev ||
753 (!reuse->lru_prev && outnet->tcp_reuse_first == reuse));
698754 if(!reuse->lru_prev)
699755 return; /* already first in the list */
700756 /* remove at current position */
701757 /* since it is not first, there is a previous element */
702758 reuse->lru_prev->lru_next = reuse->lru_next;
759 log_assert(reuse->lru_prev->lru_next != reuse->lru_prev);
703760 if(reuse->lru_next)
704761 reuse->lru_next->lru_prev = reuse->lru_prev;
705762 else outnet->tcp_reuse_last = reuse->lru_prev;
763 log_assert(!reuse->lru_next || reuse->lru_next->lru_prev != reuse->lru_next);
764 log_assert(outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_next &&
765 outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_prev);
706766 /* insert at the front */
707767 reuse->lru_prev = NULL;
708768 reuse->lru_next = outnet->tcp_reuse_first;
769 if(outnet->tcp_reuse_first) {
770 outnet->tcp_reuse_first->lru_prev = reuse;
771 }
772 log_assert(reuse->lru_next != reuse);
709773 /* since it is not first, it is not the only element and
710774 * lru_next is thus not NULL and thus reuse is now not the last in
711775 * the list, so outnet->tcp_reuse_last does not need to be modified */
712776 outnet->tcp_reuse_first = reuse;
777 log_assert(outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_next &&
778 outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_prev);
779 log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
780 (outnet->tcp_reuse_first && outnet->tcp_reuse_last));
781 }
782
783 /** Snip the last reuse_tcp element off of the LRU list */
784 struct reuse_tcp*
785 reuse_tcp_lru_snip(struct outside_network* outnet)
786 {
787 struct reuse_tcp* reuse = outnet->tcp_reuse_last;
788 if(!reuse) return NULL;
789 /* snip off of LRU */
790 log_assert(reuse->lru_next == NULL);
791 if(reuse->lru_prev) {
792 outnet->tcp_reuse_last = reuse->lru_prev;
793 reuse->lru_prev->lru_next = NULL;
794 } else {
795 outnet->tcp_reuse_last = NULL;
796 outnet->tcp_reuse_first = NULL;
797 }
798 log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
799 (outnet->tcp_reuse_first && outnet->tcp_reuse_last));
800 reuse->item_on_lru_list = 0;
801 reuse->lru_next = NULL;
802 reuse->lru_prev = NULL;
803 return reuse;
713804 }
714805
715806 /** call callback on waiting_tcp, if not NULL */
717808 waiting_tcp_callback(struct waiting_tcp* w, struct comm_point* c, int error,
718809 struct comm_reply* reply_info)
719810 {
720 if(w->cb) {
811 if(w && w->cb) {
721812 fptr_ok(fptr_whitelist_pending_tcp(w->cb));
722813 (void)(*w->cb)(c, w->cb_arg, error, reply_info);
723814 }
815 }
816
817 /** add waiting_tcp element to the outnet tcp waiting list */
818 static void
819 outnet_add_tcp_waiting(struct outside_network* outnet, struct waiting_tcp* w)
820 {
821 struct timeval tv;
822 log_assert(!w->on_tcp_waiting_list);
823 if(w->on_tcp_waiting_list)
824 return;
825 w->next_waiting = NULL;
826 if(outnet->tcp_wait_last)
827 outnet->tcp_wait_last->next_waiting = w;
828 else outnet->tcp_wait_first = w;
829 outnet->tcp_wait_last = w;
830 w->on_tcp_waiting_list = 1;
831 #ifndef S_SPLINT_S
832 tv.tv_sec = w->timeout/1000;
833 tv.tv_usec = (w->timeout%1000)*1000;
834 #endif
835 comm_timer_set(w->timer, &tv);
836 }
837
838 /** add waiting_tcp element as first to the outnet tcp waiting list */
839 static void
840 outnet_add_tcp_waiting_first(struct outside_network* outnet,
841 struct waiting_tcp* w, int reset_timer)
842 {
843 struct timeval tv;
844 log_assert(!w->on_tcp_waiting_list);
845 if(w->on_tcp_waiting_list)
846 return;
847 w->next_waiting = outnet->tcp_wait_first;
848 log_assert(w->next_waiting != w);
849 if(!outnet->tcp_wait_last)
850 outnet->tcp_wait_last = w;
851 outnet->tcp_wait_first = w;
852 w->on_tcp_waiting_list = 1;
853 if(reset_timer) {
854 #ifndef S_SPLINT_S
855 tv.tv_sec = w->timeout/1000;
856 tv.tv_usec = (w->timeout%1000)*1000;
857 #endif
858 comm_timer_set(w->timer, &tv);
859 }
860 log_assert(
861 (!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
862 (outnet->tcp_reuse_first && outnet->tcp_reuse_last));
724863 }
725864
726865 /** see if buffers can be used to service TCP queries */
728867 use_free_buffer(struct outside_network* outnet)
729868 {
730869 struct waiting_tcp* w;
731 while(outnet->tcp_free && outnet->tcp_wait_first
732 && !outnet->want_to_quit) {
870 while(outnet->tcp_wait_first && !outnet->want_to_quit) {
871 #ifdef USE_DNSTAP
872 struct pending_tcp* pend_tcp = NULL;
873 #endif
733874 struct reuse_tcp* reuse = NULL;
734875 w = outnet->tcp_wait_first;
876 log_assert(w->on_tcp_waiting_list);
735877 outnet->tcp_wait_first = w->next_waiting;
736878 if(outnet->tcp_wait_last == w)
737879 outnet->tcp_wait_last = NULL;
880 log_assert(
881 (!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
882 (outnet->tcp_reuse_first && outnet->tcp_reuse_last));
738883 w->on_tcp_waiting_list = 0;
739884 reuse = reuse_tcp_find(outnet, &w->addr, w->addrlen,
740885 w->ssl_upstream);
886 /* re-select an ID when moving to a new TCP buffer */
887 w->id = tcp_select_id(outnet, reuse);
888 LDNS_ID_SET(w->pkt, w->id);
741889 if(reuse) {
742890 log_reuse_tcp(VERB_CLIENT, "use free buffer for waiting tcp: "
743891 "found reuse", reuse);
892 #ifdef USE_DNSTAP
893 pend_tcp = reuse->pending;
894 #endif
744895 reuse_tcp_lru_touch(outnet, reuse);
745896 comm_timer_disable(w->timer);
746897 w->next_waiting = (void*)reuse->pending;
757908 reuse->pending->c->fd, reuse->pending,
758909 w);
759910 }
760 } else {
911 } else if(outnet->tcp_free) {
761912 struct pending_tcp* pend = w->outnet->tcp_free;
762913 rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp);
763914 pend->reuse.pending = pend;
767918 waiting_tcp_callback(w, NULL, NETEVENT_CLOSED,
768919 NULL);
769920 waiting_tcp_delete(w);
921 #ifdef USE_DNSTAP
922 w = NULL;
923 #endif
770924 }
771 }
772 }
773 }
774
775 /** add waiting_tcp element to the outnet tcp waiting list */
776 static void
777 outnet_add_tcp_waiting(struct outside_network* outnet, struct waiting_tcp* w)
778 {
779 struct timeval tv;
780 if(w->on_tcp_waiting_list)
781 return;
782 w->next_waiting = NULL;
783 if(outnet->tcp_wait_last)
784 outnet->tcp_wait_last->next_waiting = w;
785 else outnet->tcp_wait_first = w;
786 outnet->tcp_wait_last = w;
787 w->on_tcp_waiting_list = 1;
788 #ifndef S_SPLINT_S
789 tv.tv_sec = w->timeout/1000;
790 tv.tv_usec = (w->timeout%1000)*1000;
791 #endif
792 comm_timer_set(w->timer, &tv);
925 #ifdef USE_DNSTAP
926 pend_tcp = pend;
927 #endif
928 } else {
929 /* no reuse and no free buffer, put back at the start */
930 outnet_add_tcp_waiting_first(outnet, w, 0);
931 break;
932 }
933 #ifdef USE_DNSTAP
934 if(outnet->dtenv && pend_tcp && w && w->sq &&
935 (outnet->dtenv->log_resolver_query_messages ||
936 outnet->dtenv->log_forwarder_query_messages)) {
937 sldns_buffer tmp;
938 sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len);
939 dt_msg_send_outside_query(outnet->dtenv, &w->sq->addr,
940 &pend_tcp->pi->addr, comm_tcp, w->sq->zone,
941 w->sq->zonelen, &tmp);
942 }
943 #endif
944 }
793945 }
794946
795947 /** delete element from tree by id */
796948 static void
797949 reuse_tree_by_id_delete(struct reuse_tcp* reuse, struct waiting_tcp* w)
798950 {
951 #ifdef UNBOUND_DEBUG
952 rbnode_type* rem;
953 #endif
799954 log_assert(w->id_node.key != NULL);
955 #ifdef UNBOUND_DEBUG
956 rem =
957 #else
958 (void)
959 #endif
800960 rbtree_delete(&reuse->tree_by_id, w);
961 log_assert(rem); /* should have been there */
801962 w->id_node.key = NULL;
802963 }
803964
8561017 }
8571018
8581019 /** remove reused element from tree and lru list */
859 static void
1020 void
8601021 reuse_tcp_remove_tree_list(struct outside_network* outnet,
8611022 struct reuse_tcp* reuse)
8621023 {
8631024 verbose(VERB_CLIENT, "reuse_tcp_remove_tree_list");
8641025 if(reuse->node.key) {
8651026 /* delete it from reuse tree */
866 (void)rbtree_delete(&outnet->tcp_reuse, reuse);
1027 if(!rbtree_delete(&outnet->tcp_reuse, reuse)) {
1028 /* should not be possible, it should be there */
1029 char buf[256];
1030 addr_to_str(&reuse->addr, reuse->addrlen, buf,
1031 sizeof(buf));
1032 log_err("reuse tcp delete: node not present, internal error, %s ssl %d lru %d", buf, reuse->is_ssl, reuse->item_on_lru_list);
1033 }
8671034 reuse->node.key = NULL;
1035 /* defend against loops on broken tree by zeroing the
1036 * rbnode structure */
1037 memset(&reuse->node, 0, sizeof(reuse->node));
8681038 }
8691039 /* delete from reuse list */
8701040 if(reuse->item_on_lru_list) {
8731043 * and thus have a pending pointer to the struct */
8741044 log_assert(reuse->lru_prev->pending);
8751045 reuse->lru_prev->lru_next = reuse->lru_next;
1046 log_assert(reuse->lru_prev->lru_next != reuse->lru_prev);
8761047 } else {
8771048 log_assert(!reuse->lru_next || reuse->lru_next->pending);
8781049 outnet->tcp_reuse_first = reuse->lru_next;
1050 log_assert(!outnet->tcp_reuse_first ||
1051 (outnet->tcp_reuse_first !=
1052 outnet->tcp_reuse_first->lru_next &&
1053 outnet->tcp_reuse_first !=
1054 outnet->tcp_reuse_first->lru_prev));
8791055 }
8801056 if(reuse->lru_next) {
8811057 /* assert that members of the lru list are waiting
8821058 * and thus have a pending pointer to the struct */
8831059 log_assert(reuse->lru_next->pending);
8841060 reuse->lru_next->lru_prev = reuse->lru_prev;
1061 log_assert(reuse->lru_next->lru_prev != reuse->lru_next);
8851062 } else {
8861063 log_assert(!reuse->lru_prev || reuse->lru_prev->pending);
8871064 outnet->tcp_reuse_last = reuse->lru_prev;
888 }
1065 log_assert(!outnet->tcp_reuse_last ||
1066 (outnet->tcp_reuse_last !=
1067 outnet->tcp_reuse_last->lru_next &&
1068 outnet->tcp_reuse_last !=
1069 outnet->tcp_reuse_last->lru_prev));
1070 }
1071 log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
1072 (outnet->tcp_reuse_first && outnet->tcp_reuse_last));
8891073 reuse->item_on_lru_list = 0;
890 }
1074 reuse->lru_next = NULL;
1075 reuse->lru_prev = NULL;
1076 }
1077 reuse->pending = NULL;
8911078 }
8921079
8931080 /** helper function that deletes an element from the tree of readwait
9141101 struct pending_tcp* pend)
9151102 {
9161103 verbose(VERB_CLIENT, "decommission_pending_tcp");
917 pend->next_free = outnet->tcp_free;
918 outnet->tcp_free = pend;
1104 /* A certain code path can lead here twice for the same pending_tcp
1105 * creating a loop in the free pending_tcp list. */
1106 if(outnet->tcp_free != pend) {
1107 pend->next_free = outnet->tcp_free;
1108 outnet->tcp_free = pend;
1109 }
9191110 if(pend->reuse.node.key) {
9201111 /* needs unlink from the reuse tree to get deleted */
9211112 reuse_tcp_remove_tree_list(outnet, &pend->reuse);
9551146 }
9561147 }
9571148
1149 /** mark the entry for being in the cb_and_decommission stage */
1150 static void mark_for_cb_and_decommission(rbnode_type* node,
1151 void* ATTR_UNUSED(arg))
1152 {
1153 struct waiting_tcp* w = (struct waiting_tcp*)node->key;
1154 /* Mark the waiting_tcp to signal later code (serviced_delete) that
1155 * this item is part of the backed up tree_by_id and will be deleted
1156 * later. */
1157 w->in_cb_and_decommission = 1;
1158 /* Mark the serviced_query for deletion so that later code through
1159 * callbacks (iter_clear .. outnet_serviced_query_stop) won't
1160 * prematurely delete it. */
1161 if(w->cb)
1162 ((struct serviced_query*)w->cb_arg)->to_be_deleted = 1;
1163 }
1164
9581165 /** perform callbacks for failure and also decommission pending tcp.
9591166 * the callbacks remove references in sq->pending to the waiting_tcp
9601167 * members of the tree_by_id in the pending tcp. The pending_tcp is
9701177 pend->reuse.write_wait_first = NULL;
9711178 pend->reuse.write_wait_last = NULL;
9721179 decommission_pending_tcp(outnet, pend);
1180 if(store.root != NULL && store.root != RBTREE_NULL) {
1181 traverse_postorder(&store, &mark_for_cb_and_decommission, NULL);
1182 }
9731183 reuse_cb_readwait_for_failure(&store, error);
9741184 reuse_del_readwait(&store);
9751185 }
9761186
9771187 /** set timeout on tcp fd and setup read event to catch incoming dns msgs */
9781188 static void
979 reuse_tcp_setup_timeout(struct pending_tcp* pend_tcp)
1189 reuse_tcp_setup_timeout(struct pending_tcp* pend_tcp, int tcp_reuse_timeout)
9801190 {
9811191 log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_timeout", &pend_tcp->reuse);
982 comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT);
1192 comm_point_start_listening(pend_tcp->c, -1, tcp_reuse_timeout);
9831193 }
9841194
9851195 /** set timeout on tcp fd and setup read event to catch incoming dns msgs */
9861196 static void
987 reuse_tcp_setup_read_and_timeout(struct pending_tcp* pend_tcp)
1197 reuse_tcp_setup_read_and_timeout(struct pending_tcp* pend_tcp, int tcp_reuse_timeout)
9881198 {
9891199 log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_readtimeout", &pend_tcp->reuse);
9901200 sldns_buffer_clear(pend_tcp->c->buffer);
9911201 pend_tcp->c->tcp_is_reading = 1;
9921202 pend_tcp->c->tcp_byte_count = 0;
9931203 comm_point_stop_listening(pend_tcp->c);
994 comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT);
1204 comm_point_start_listening(pend_tcp->c, -1, tcp_reuse_timeout);
9951205 }
9961206
9971207 int
10011211 struct pending_tcp* pend = (struct pending_tcp*)arg;
10021212 struct outside_network* outnet = pend->reuse.outnet;
10031213 struct waiting_tcp* w = NULL;
1214 log_assert(pend->reuse.item_on_lru_list && pend->reuse.node.key);
10041215 verbose(VERB_ALGO, "outnettcp cb");
10051216 if(error == NETEVENT_TIMEOUT) {
10061217 if(pend->c->tcp_write_and_read) {
10471258 pend->reuse.cp_more_write_again = 0;
10481259 pend->c->tcp_is_reading = 1;
10491260 comm_point_stop_listening(pend->c);
1050 reuse_tcp_setup_timeout(pend);
1261 reuse_tcp_setup_timeout(pend, outnet->tcp_reuse_timeout);
10511262 }
10521263 return 0;
10531264 } else if(error != NETEVENT_NOERROR) {
10661277 c->buffer));
10671278 /* find the query the reply is for */
10681279 w = reuse_tcp_by_id_find(&pend->reuse, id);
1280 /* Make sure that the reply we got is at least for a
1281 * sent query with the same ID; the waiting_tcp that
1282 * gets a reply is assumed to not be waiting to be
1283 * sent. */
1284 if(w && (w->on_tcp_waiting_list || w->write_wait_queued))
1285 w = NULL;
10691286 }
10701287 }
10711288 if(error == NETEVENT_NOERROR && !w) {
10831300 }
10841301 }
10851302 if(w) {
1303 log_assert(!w->on_tcp_waiting_list);
1304 log_assert(!w->write_wait_queued);
10861305 reuse_tree_by_id_delete(&pend->reuse, w);
10871306 verbose(VERB_CLIENT, "outnet tcp callback query err %d buflen %d",
10881307 error, (int)sldns_buffer_limit(c->buffer));
11001319 * and there could be more bytes to read on the input */
11011320 if(pend->reuse.tree_by_id.count != 0)
11021321 pend->reuse.cp_more_read_again = 1;
1103 reuse_tcp_setup_read_and_timeout(pend);
1322 reuse_tcp_setup_read_and_timeout(pend, outnet->tcp_reuse_timeout);
11041323 return 0;
11051324 }
11061325 verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb: decommission it");
11421361 {
11431362 struct pending* pend;
11441363 /* process waiting queries */
1145 while(outnet->udp_wait_first && outnet->unused_fds
1364 while(outnet->udp_wait_first && outnet->unused_fds
11461365 && !outnet->want_to_quit) {
11471366 pend = outnet->udp_wait_first;
11481367 outnet->udp_wait_first = pend->next_waiting;
11511370 sldns_buffer_write(outnet->udp_buff, pend->pkt, pend->pkt_len);
11521371 sldns_buffer_flip(outnet->udp_buff);
11531372 free(pend->pkt); /* freeing now makes get_mem correct */
1154 pend->pkt = NULL;
1373 pend->pkt = NULL;
11551374 pend->pkt_len = 0;
1375 log_assert(!pend->sq->busy);
1376 pend->sq->busy = 1;
11561377 if(!randomize_and_send_udp(pend, outnet->udp_buff,
11571378 pend->timeout)) {
11581379 /* callback error on pending */
11621383 NETEVENT_CLOSED, NULL);
11631384 }
11641385 pending_delete(outnet, pend);
1386 } else {
1387 pend->sq->busy = 0;
11651388 }
11661389 }
11671390 }
12721495 (*num_ip4)++;
12731496 }
12741497 }
1275
12761498 }
12771499
12781500 void
13681590 int numavailports, size_t unwanted_threshold, int tcp_mss,
13691591 void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
13701592 void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv,
1371 int udp_connect)
1593 int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout,
1594 int tcp_auth_query_timeout)
13721595 {
13731596 struct outside_network* outnet = (struct outside_network*)
13741597 calloc(1, sizeof(struct outside_network));
13801603 comm_base_timept(base, &outnet->now_secs, &outnet->now_tv);
13811604 outnet->base = base;
13821605 outnet->num_tcp = num_tcp;
1606 outnet->max_reuse_tcp_queries = max_reuse_tcp_queries;
1607 outnet->tcp_reuse_timeout= tcp_reuse_timeout;
1608 outnet->tcp_auth_query_timeout = tcp_auth_query_timeout;
13831609 outnet->num_tcp_outgoing = 0;
13841610 outnet->infra = infra;
13851611 outnet->rnd = rnd;
14561682 return NULL;
14571683 }
14581684 pc->cp = comm_point_create_udp(outnet->base, -1,
1459 outnet->udp_buff, outnet_udp_cb, outnet);
1685 outnet->udp_buff, outnet_udp_cb, outnet, NULL);
14601686 if(!pc->cp) {
14611687 log_err("malloc failed");
14621688 free(pc);
15221748 serviced_node_del(rbnode_type* node, void* ATTR_UNUSED(arg))
15231749 {
15241750 struct serviced_query* sq = (struct serviced_query*)node;
1525 struct service_callback* p = sq->cblist, *np;
1526 free(sq->qbuf);
1527 free(sq->zone);
1528 free(sq->tls_auth_name);
1529 edns_opt_list_free(sq->opt_list);
1530 while(p) {
1531 np = p->next;
1532 free(p);
1533 p = np;
1534 }
1751 alloc_reg_release(sq->alloc, sq->region);
1752 if(sq->timer)
1753 comm_timer_delete(sq->timer);
15351754 free(sq);
15361755 }
15371756
16081827 size_t i;
16091828 for(i=0; i<outnet->num_tcp; i++)
16101829 if(outnet->tcp_conns[i]) {
1611 if(outnet->tcp_conns[i]->query &&
1612 !outnet->tcp_conns[i]->query->
1613 on_tcp_waiting_list) {
1830 struct pending_tcp* pend;
1831 pend = outnet->tcp_conns[i];
1832 if(pend->reuse.item_on_lru_list) {
16141833 /* delete waiting_tcp elements that
16151834 * the tcp conn is working on */
1616 struct pending_tcp* pend =
1617 (struct pending_tcp*)outnet->
1618 tcp_conns[i]->query->
1619 next_waiting;
16201835 decommission_pending_tcp(outnet, pend);
16211836 }
16221837 comm_point_delete(outnet->tcp_conns[i]->c);
1623 waiting_tcp_delete(outnet->tcp_conns[i]->query);
16241838 free(outnet->tcp_conns[i]);
1839 outnet->tcp_conns[i] = NULL;
16251840 }
16261841 free(outnet->tcp_conns);
1842 outnet->tcp_conns = NULL;
16271843 }
16281844 if(outnet->tcp_wait_first) {
16291845 struct waiting_tcp* p = outnet->tcp_wait_first, *np;
17411957 sldns_buffer* packet)
17421958 {
17431959 int id_tries = 0;
1744 pend->id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff;
1960 pend->id = GET_RANDOM_ID(outnet->rnd);
17451961 LDNS_ID_SET(sldns_buffer_begin(packet), pend->id);
17461962
17471963 /* insert in tree */
17481964 pend->node.key = pend;
17491965 while(!rbtree_insert(outnet->pending, &pend->node)) {
17501966 /* change ID to avoid collision */
1751 pend->id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff;
1967 pend->id = GET_RANDOM_ID(outnet->rnd);
17521968 LDNS_ID_SET(sldns_buffer_begin(packet), pend->id);
17531969 id_tries++;
17541970 if(id_tries == MAX_ID_RETRY) {
1755 pend->id=99999; /* non existant ID */
1971 pend->id=99999; /* non existent ID */
17561972 log_err("failed to generate unique ID, drop msg");
17571973 return 0;
17581974 }
17781994 # ifdef ENETDOWN
17791995 case ENETDOWN:
17801996 # endif
1997 case EPERM:
1998 case EACCES:
17811999 if(verbosity >= VERB_ALGO)
17822000 return 1;
17832001 return 0;
19302148 comm_timer_set(pend->timer, &tv);
19312149
19322150 #ifdef USE_DNSTAP
2151 /*
2152 * sending src (local service)/dst (upstream) addresses over DNSTAP
2153 * There are no chances to get the src (local service) addr if unbound
2154 * is not configured with specific outgoing IP-addresses. So we will
2155 * pass 0.0.0.0 (::) to argument for
2156 * dt_msg_send_outside_query()/dt_msg_send_outside_response() calls.
2157 */
19332158 if(outnet->dtenv &&
19342159 (outnet->dtenv->log_resolver_query_messages ||
1935 outnet->dtenv->log_forwarder_query_messages))
1936 dt_msg_send_outside_query(outnet->dtenv, &pend->addr, comm_udp,
1937 pend->sq->zone, pend->sq->zonelen, packet);
2160 outnet->dtenv->log_forwarder_query_messages)) {
2161 log_addr(VERB_ALGO, "from local addr", &pend->pc->pif->addr, pend->pc->pif->addrlen);
2162 log_addr(VERB_ALGO, "request to upstream", &pend->addr, pend->addrlen);
2163 dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp,
2164 pend->sq->zone, pend->sq->zonelen, packet);
2165 }
19382166 #endif
19392167 return 1;
19402168 }
19792207 sq->outnet->udp_wait_last = pend;
19802208 return pend;
19812209 }
2210 log_assert(!sq->busy);
2211 sq->busy = 1;
19822212 if(!randomize_and_send_udp(pend, packet, timeout)) {
19832213 pending_delete(sq->outnet, pend);
19842214 return NULL;
19852215 }
2216 sq->busy = 0;
19862217 return pend;
19872218 }
19882219
20102241 static void
20112242 reuse_tcp_close_oldest(struct outside_network* outnet)
20122243 {
2013 struct pending_tcp* pend;
2244 struct reuse_tcp* reuse;
20142245 verbose(VERB_CLIENT, "reuse_tcp_close_oldest");
2015 if(!outnet->tcp_reuse_last) return;
2016 pend = outnet->tcp_reuse_last->pending;
2017
2018 /* snip off of LRU */
2019 log_assert(pend->reuse.lru_next == NULL);
2020 if(pend->reuse.lru_prev) {
2021 outnet->tcp_reuse_last = pend->reuse.lru_prev;
2022 pend->reuse.lru_prev->lru_next = NULL;
2023 } else {
2024 outnet->tcp_reuse_last = NULL;
2025 outnet->tcp_reuse_first = NULL;
2026 }
2027 pend->reuse.item_on_lru_list = 0;
2028
2246 reuse = reuse_tcp_lru_snip(outnet);
2247 if(!reuse) return;
20292248 /* free up */
2030 reuse_cb_and_decommission(outnet, pend, NETEVENT_CLOSED);
2249 reuse_cb_and_decommission(outnet, reuse->pending, NETEVENT_CLOSED);
2250 }
2251
2252 static uint16_t
2253 tcp_select_id(struct outside_network* outnet, struct reuse_tcp* reuse)
2254 {
2255 if(reuse)
2256 return reuse_tcp_select_id(reuse, outnet);
2257 return GET_RANDOM_ID(outnet->rnd);
20312258 }
20322259
20332260 /** find spare ID value for reuse tcp stream. That is random and also does
20432270
20442271 /* make really sure the tree is not empty */
20452272 if(reuse->tree_by_id.count == 0) {
2046 id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff;
2273 id = GET_RANDOM_ID(outnet->rnd);
20472274 return id;
20482275 }
20492276
20502277 /* try to find random empty spots by picking them */
20512278 for(i = 0; i<try_random; i++) {
2052 id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff;
2279 id = GET_RANDOM_ID(outnet->rnd);
20532280 if(!reuse_tcp_by_id_find(reuse, id)) {
20542281 return id;
20552282 }
20562283 }
20572284
20582285 /* equally pick a random unused element from the tree that is
2059 * not in use. Pick a the n-th index of an ununused number,
2286 * not in use. Pick a the n-th index of an unused number,
20602287 * then loop over the empty spaces in the tree and find it */
20612288 log_assert(reuse->tree_by_id.count < 0xffff);
20622289 select = ub_random_max(outnet->rnd, 0xffff - reuse->tree_by_id.count);
21252352 reuse_tcp_lru_touch(sq->outnet, reuse);
21262353 }
21272354
2355 log_assert(!reuse || (reuse && pend));
21282356 /* if !pend but we have reuse streams, close a reuse stream
21292357 * to be able to open a new one to this target, no use waiting
21302358 * to reuse a file descriptor while another query needs to use
21322360 if(!pend) {
21332361 reuse_tcp_close_oldest(sq->outnet);
21342362 pend = sq->outnet->tcp_free;
2363 log_assert(!reuse || (pend == reuse->pending));
21352364 }
21362365
21372366 /* allocate space to store query */
21472376 w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp);
21482377 w->pkt_len = sldns_buffer_limit(packet);
21492378 memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len);
2150 if(reuse)
2151 w->id = reuse_tcp_select_id(reuse, sq->outnet);
2152 else w->id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff;
2379 w->id = tcp_select_id(sq->outnet, reuse);
21532380 LDNS_ID_SET(w->pkt, w->id);
21542381 memcpy(&w->addr, &sq->addr, sq->addrlen);
21552382 w->addrlen = sq->addrlen;
21662393 w->write_wait_next = NULL;
21672394 w->write_wait_queued = 0;
21682395 w->error_count = 0;
2396 #ifdef USE_DNSTAP
2397 w->sq = NULL;
2398 #endif
2399 w->in_cb_and_decommission = 0;
21692400 if(pend) {
21702401 /* we have a buffer available right now */
21712402 if(reuse) {
2403 log_assert(reuse == &pend->reuse);
21722404 /* reuse existing fd, write query and continue */
21732405 /* store query in tree by id */
21742406 verbose(VERB_CLIENT, "pending_tcp_query: reuse, store");
22002432 return NULL;
22012433 }
22022434 }
2435 #ifdef USE_DNSTAP
2436 if(sq->outnet->dtenv &&
2437 (sq->outnet->dtenv->log_resolver_query_messages ||
2438 sq->outnet->dtenv->log_forwarder_query_messages)) {
2439 /* use w->pkt, because it has the ID value */
2440 sldns_buffer tmp;
2441 sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len);
2442 dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr,
2443 &pend->pi->addr, comm_tcp, sq->zone,
2444 sq->zonelen, &tmp);
2445 }
2446 #endif
22032447 } else {
22042448 /* queue up */
22052449 /* waiting for a buffer on the outside network buffer wait
22062450 * list */
22072451 verbose(VERB_CLIENT, "pending_tcp_query: queue to wait");
2452 #ifdef USE_DNSTAP
2453 w->sq = sq;
2454 #endif
22082455 outnet_add_tcp_waiting(sq->outnet, w);
22092456 }
2210 #ifdef USE_DNSTAP
2211 if(sq->outnet->dtenv &&
2212 (sq->outnet->dtenv->log_resolver_query_messages ||
2213 sq->outnet->dtenv->log_forwarder_query_messages))
2214 dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr,
2215 comm_tcp, sq->zone, sq->zonelen, packet);
2216 #endif
22172457 return w;
22182458 }
22192459
22532493 return (struct serviced_query*)rbtree_search(outnet->serviced, &key);
22542494 }
22552495
2496 void
2497 serviced_timer_cb(void* arg)
2498 {
2499 struct serviced_query* sq = (struct serviced_query*)arg;
2500 struct outside_network* outnet = sq->outnet;
2501 verbose(VERB_ALGO, "serviced send timer");
2502 /* By the time this cb is called, if we don't have any registered
2503 * callbacks for this serviced_query anymore; do not send. */
2504 if(!sq->cblist)
2505 goto delete;
2506 /* perform first network action */
2507 if(outnet->do_udp && !(sq->tcp_upstream || sq->ssl_upstream)) {
2508 if(!serviced_udp_send(sq, outnet->udp_buff))
2509 goto delete;
2510 } else {
2511 if(!serviced_tcp_send(sq, outnet->udp_buff))
2512 goto delete;
2513 }
2514 /* Maybe by this time we don't have callbacks attached anymore. Don't
2515 * proactively try to delete; let it run and maybe another callback
2516 * will get attached by the time we get an answer. */
2517 return;
2518 delete:
2519 serviced_callbacks(sq, NETEVENT_CLOSED, NULL, NULL);
2520 }
2521
22562522 /** Create new serviced entry */
22572523 static struct serviced_query*
22582524 serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
22592525 int want_dnssec, int nocaps, int tcp_upstream, int ssl_upstream,
22602526 char* tls_auth_name, struct sockaddr_storage* addr, socklen_t addrlen,
22612527 uint8_t* zone, size_t zonelen, int qtype, struct edns_option* opt_list,
2262 size_t pad_queries_block_size)
2528 size_t pad_queries_block_size, struct alloc_cache* alloc,
2529 struct regional* region)
22632530 {
22642531 struct serviced_query* sq = (struct serviced_query*)malloc(sizeof(*sq));
2532 struct timeval t;
22652533 #ifdef UNBOUND_DEBUG
22662534 rbnode_type* ins;
22672535 #endif
22682536 if(!sq)
22692537 return NULL;
22702538 sq->node.key = sq;
2271 sq->qbuf = memdup(sldns_buffer_begin(buff), sldns_buffer_limit(buff));
2539 sq->alloc = alloc;
2540 sq->region = region;
2541 sq->qbuf = regional_alloc_init(region, sldns_buffer_begin(buff),
2542 sldns_buffer_limit(buff));
22722543 if(!sq->qbuf) {
2544 alloc_reg_release(alloc, region);
22732545 free(sq);
22742546 return NULL;
22752547 }
22762548 sq->qbuflen = sldns_buffer_limit(buff);
2277 sq->zone = memdup(zone, zonelen);
2549 sq->zone = regional_alloc_init(region, zone, zonelen);
22782550 if(!sq->zone) {
2279 free(sq->qbuf);
2551 alloc_reg_release(alloc, region);
22802552 free(sq);
22812553 return NULL;
22822554 }
22882560 sq->tcp_upstream = tcp_upstream;
22892561 sq->ssl_upstream = ssl_upstream;
22902562 if(tls_auth_name) {
2291 sq->tls_auth_name = strdup(tls_auth_name);
2563 sq->tls_auth_name = regional_strdup(region, tls_auth_name);
22922564 if(!sq->tls_auth_name) {
2293 free(sq->zone);
2294 free(sq->qbuf);
2565 alloc_reg_release(alloc, region);
22952566 free(sq);
22962567 return NULL;
22972568 }
23002571 }
23012572 memcpy(&sq->addr, addr, addrlen);
23022573 sq->addrlen = addrlen;
2303 sq->opt_list = NULL;
2304 if(opt_list) {
2305 sq->opt_list = edns_opt_copy_alloc(opt_list);
2306 if(!sq->opt_list) {
2307 free(sq->tls_auth_name);
2308 free(sq->zone);
2309 free(sq->qbuf);
2310 free(sq);
2311 return NULL;
2312 }
2313 }
2574 sq->opt_list = opt_list;
2575 sq->busy = 0;
2576 sq->timer = comm_timer_create(outnet->base, serviced_timer_cb, sq);
2577 if(!sq->timer) {
2578 alloc_reg_release(alloc, region);
2579 free(sq);
2580 return NULL;
2581 }
2582 memset(&t, 0, sizeof(t));
2583 comm_timer_set(sq->timer, &t);
23142584 sq->outnet = outnet;
23152585 sq->cblist = NULL;
23162586 sq->pending = NULL;
23192589 sq->to_be_deleted = 0;
23202590 sq->padding_block_size = pad_queries_block_size;
23212591 #ifdef UNBOUND_DEBUG
2322 ins =
2592 ins =
23232593 #else
23242594 (void)
23252595 #endif
23472617 prev = p;
23482618 p = p->next_waiting;
23492619 }
2620 /* waiting_list_remove is currently called only with items that are
2621 * already in the waiting list. */
2622 log_assert(0);
23502623 }
23512624
23522625 /** reuse tcp stream, remove serviced query from stream,
23852658 if(!reuse_tcp_insert(sq->outnet, pend_tcp)) {
23862659 return 0;
23872660 }
2388 reuse_tcp_setup_timeout(pend_tcp);
2661 reuse_tcp_setup_timeout(pend_tcp, sq->outnet->tcp_reuse_timeout);
23892662 return 1;
23902663 }
23912664 return 0;
24142687 struct waiting_tcp* w = (struct waiting_tcp*)
24152688 sq->pending;
24162689 verbose(VERB_CLIENT, "serviced_delete: TCP");
2690 log_assert(!(w->write_wait_queued && w->on_tcp_waiting_list));
24172691 /* if on stream-write-waiting list then
24182692 * remove from waiting list and waiting_tcp_delete */
24192693 if(w->write_wait_queued) {
24202694 struct pending_tcp* pend =
24212695 (struct pending_tcp*)w->next_waiting;
24222696 verbose(VERB_CLIENT, "serviced_delete: writewait");
2423 reuse_tree_by_id_delete(&pend->reuse, w);
2697 if(!w->in_cb_and_decommission)
2698 reuse_tree_by_id_delete(&pend->reuse, w);
24242699 reuse_write_wait_remove(&pend->reuse, w);
2425 waiting_tcp_delete(w);
2700 if(!w->in_cb_and_decommission)
2701 waiting_tcp_delete(w);
24262702 } else if(!w->on_tcp_waiting_list) {
24272703 struct pending_tcp* pend =
24282704 (struct pending_tcp*)w->next_waiting;
24292705 verbose(VERB_CLIENT, "serviced_delete: tcpreusekeep");
2706 /* w needs to stay on tree_by_id to not assign
2707 * the same ID; remove the callback since its
2708 * serviced_query will be gone. */
2709 w->cb = NULL;
24302710 if(!reuse_tcp_remove_serviced_keep(w, sq)) {
2431 reuse_cb_and_decommission(sq->outnet,
2432 pend, NETEVENT_CLOSED);
2711 if(!w->in_cb_and_decommission)
2712 reuse_cb_and_decommission(sq->outnet,
2713 pend, NETEVENT_CLOSED);
24332714 use_free_buffer(sq->outnet);
24342715 }
24352716 sq->pending = NULL;
24362717 } else {
24372718 verbose(VERB_CLIENT, "serviced_delete: tcpwait");
24382719 waiting_list_remove(sq->outnet, w);
2439 waiting_tcp_delete(w);
2720 if(!w->in_cb_and_decommission)
2721 waiting_tcp_delete(w);
24402722 }
24412723 }
24422724 }
25032785 edns.edns_present = 1;
25042786 edns.ext_rcode = 0;
25052787 edns.edns_version = EDNS_ADVERTISED_VERSION;
2506 edns.opt_list = sq->opt_list;
2788 edns.opt_list_in = NULL;
2789 edns.opt_list_out = sq->opt_list;
2790 edns.opt_list_inplace_cb_out = NULL;
25072791 if(sq->status == serviced_query_UDP_EDNS_FRAG) {
25082792 if(addr_is_ip6(&sq->addr, sq->addrlen)) {
25092793 if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE)
25262810 padding_option.opt_code = LDNS_EDNS_PADDING;
25272811 padding_option.opt_len = 0;
25282812 padding_option.opt_data = NULL;
2529 padding_option.next = edns.opt_list;
2530 edns.opt_list = &padding_option;
2813 padding_option.next = edns.opt_list_out;
2814 edns.opt_list_out = &padding_option;
25312815 edns.padding_block_size = sq->padding_block_size;
25322816 }
25332817 attach_edns_record(buff, &edns);
26842968 * use secondary buffer to store the query.
26852969 * This is a data copy, but faster than packet to server */
26862970 backlen = sldns_buffer_limit(c->buffer);
2687 backup_p = memdup(sldns_buffer_begin(c->buffer), backlen);
2971 backup_p = regional_alloc_init(sq->region,
2972 sldns_buffer_begin(c->buffer), backlen);
26882973 if(!backup_p) {
26892974 log_err("malloc failure in serviced query callbacks");
26902975 error = NETEVENT_CLOSED;
27022987 }
27032988 fptr_ok(fptr_whitelist_serviced_query(p->cb));
27042989 (void)(*p->cb)(c, p->cb_arg, error, rep);
2705 free(p);
27062990 }
27072991 if(backup_p) {
2708 free(backup_p);
27092992 sq->outnet->svcd_overhead = 0;
27102993 }
27112994 verbose(VERB_ALGO, "svcd callbacks end");
27193002 {
27203003 struct serviced_query* sq = (struct serviced_query*)arg;
27213004 struct comm_reply r2;
3005 #ifdef USE_DNSTAP
3006 struct waiting_tcp* w = (struct waiting_tcp*)sq->pending;
3007 struct pending_tcp* pend_tcp = NULL;
3008 struct port_if* pi = NULL;
3009 if(w && !w->on_tcp_waiting_list && w->next_waiting) {
3010 pend_tcp = (struct pending_tcp*)w->next_waiting;
3011 pi = pend_tcp->pi;
3012 }
3013 #endif
27223014 sq->pending = NULL; /* removed after this callback */
27233015 if(error != NETEVENT_NOERROR)
27243016 log_addr(VERB_QUERY, "tcp error for address",
27273019 infra_update_tcp_works(sq->outnet->infra, &sq->addr,
27283020 sq->addrlen, sq->zone, sq->zonelen);
27293021 #ifdef USE_DNSTAP
2730 if(error==NETEVENT_NOERROR && sq->outnet->dtenv &&
3022 /*
3023 * sending src (local service)/dst (upstream) addresses over DNSTAP
3024 */
3025 if(error==NETEVENT_NOERROR && pi && sq->outnet->dtenv &&
27313026 (sq->outnet->dtenv->log_resolver_response_messages ||
2732 sq->outnet->dtenv->log_forwarder_response_messages))
3027 sq->outnet->dtenv->log_forwarder_response_messages)) {
3028 log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen);
3029 log_addr(VERB_ALGO, "to local addr", &pi->addr, pi->addrlen);
27333030 dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr,
2734 c->type, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen,
2735 &sq->last_sent_time, sq->outnet->now_tv, c->buffer);
3031 &pi->addr, c->type, sq->zone, sq->zonelen, sq->qbuf,
3032 sq->qbuflen, &sq->last_sent_time, sq->outnet->now_tv,
3033 c->buffer);
3034 }
27363035 #endif
27373036 if(error==NETEVENT_NOERROR && sq->status == serviced_query_TCP_EDNS &&
27383037 (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) ==
28033102 sq->status==serviced_query_TCP_EDNS?"EDNS":"");
28043103 serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS);
28053104 sq->last_sent_time = *sq->outnet->now_tv;
2806 sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT,
3105 log_assert(!sq->busy);
3106 sq->busy = 1;
3107 sq->pending = pending_tcp_query(sq, buff, sq->outnet->tcp_auth_query_timeout,
28073108 serviced_tcp_callback, sq);
3109 sq->busy = 0;
28083110 if(!sq->pending) {
28093111 /* delete from tree so that a retry by above layer does not
28103112 * clash with this entry */
28313133 sq->last_sent_time = *sq->outnet->now_tv;
28323134 if(sq->tcp_upstream || sq->ssl_upstream) {
28333135 timeout = rtt;
2834 if(rtt >= UNKNOWN_SERVER_NICENESS && rtt < TCP_AUTH_QUERY_TIMEOUT)
2835 timeout = TCP_AUTH_QUERY_TIMEOUT;
3136 if(rtt >= UNKNOWN_SERVER_NICENESS && rtt < sq->outnet->tcp_auth_query_timeout)
3137 timeout = sq->outnet->tcp_auth_query_timeout;
28363138 } else {
2837 timeout = TCP_AUTH_QUERY_TIMEOUT;
2838 }
3139 timeout = sq->outnet->tcp_auth_query_timeout;
3140 }
3141 log_assert(!sq->busy);
3142 sq->busy = 1;
28393143 sq->pending = pending_tcp_query(sq, buff, timeout,
28403144 serviced_tcp_callback, sq);
3145 sq->busy = 0;
28413146 return sq->pending != NULL;
28423147 }
28433148
28863191 struct serviced_query* sq = (struct serviced_query*)arg;
28873192 struct outside_network* outnet = sq->outnet;
28883193 struct timeval now = *sq->outnet->now_tv;
3194 #ifdef USE_DNSTAP
3195 struct pending* p = (struct pending*)sq->pending;
3196 #endif
28893197
28903198 sq->pending = NULL; /* removed after callback */
28913199 if(error == NETEVENT_TIMEOUT) {
29233231 return 0;
29243232 }
29253233 #ifdef USE_DNSTAP
2926 if(error == NETEVENT_NOERROR && outnet->dtenv &&
2927 (outnet->dtenv->log_resolver_response_messages ||
2928 outnet->dtenv->log_forwarder_response_messages))
2929 dt_msg_send_outside_response(outnet->dtenv, &sq->addr, c->type,
2930 sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen,
2931 &sq->last_sent_time, sq->outnet->now_tv, c->buffer);
3234 /*
3235 * sending src (local service)/dst (upstream) addresses over DNSTAP
3236 */
3237 if(error == NETEVENT_NOERROR && outnet->dtenv && p->pc &&
3238 (outnet->dtenv->log_resolver_response_messages ||
3239 outnet->dtenv->log_forwarder_response_messages)) {
3240 log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen);
3241 log_addr(VERB_ALGO, "to local addr", &p->pc->pif->addr,
3242 p->pc->pif->addrlen);
3243 dt_msg_send_outside_response(outnet->dtenv, &sq->addr,
3244 &p->pc->pif->addr, c->type, sq->zone, sq->zonelen,
3245 sq->qbuf, sq->qbuflen, &sq->last_sent_time,
3246 sq->outnet->now_tv, c->buffer);
3247 }
29323248 #endif
29333249 if( (sq->status == serviced_query_UDP_EDNS
29343250 ||sq->status == serviced_query_UDP_EDNS_FRAG)
30173333 struct serviced_query*
30183334 outnet_serviced_query(struct outside_network* outnet,
30193335 struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec,
3020 int nocaps, int tcp_upstream, int ssl_upstream, char* tls_auth_name,
3021 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
3022 size_t zonelen, struct module_qstate* qstate,
3023 comm_point_callback_type* callback, void* callback_arg, sldns_buffer* buff,
3024 struct module_env* env)
3336 int nocaps, int check_ratelimit, int tcp_upstream, int ssl_upstream,
3337 char* tls_auth_name, struct sockaddr_storage* addr, socklen_t addrlen,
3338 uint8_t* zone, size_t zonelen, struct module_qstate* qstate,
3339 comm_point_callback_type* callback, void* callback_arg,
3340 sldns_buffer* buff, struct module_env* env, int* was_ratelimited)
30253341 {
30263342 struct serviced_query* sq;
30273343 struct service_callback* cb;
30283344 struct edns_string_addr* client_string_addr;
3029
3030 if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen,
3031 qstate, qstate->region))
3345 struct regional* region;
3346 struct edns_option* backed_up_opt_list = qstate->edns_opts_back_out;
3347 struct edns_option* per_upstream_opt_list = NULL;
3348 time_t timenow = 0;
3349
3350 /* If we have an already populated EDNS option list make a copy since
3351 * we may now add upstream specific EDNS options. */
3352 /* Use a region that could be attached to a serviced_query, if it needs
3353 * to be created. If an existing one is found then this region will be
3354 * destroyed here. */
3355 region = alloc_reg_obtain(env->alloc);
3356 if(!region) return NULL;
3357 if(qstate->edns_opts_back_out) {
3358 per_upstream_opt_list = edns_opt_copy_region(
3359 qstate->edns_opts_back_out, region);
3360 if(!per_upstream_opt_list) {
3361 alloc_reg_release(env->alloc, region);
30323362 return NULL;
3363 }
3364 qstate->edns_opts_back_out = per_upstream_opt_list;
3365 }
3366
3367 if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone,
3368 zonelen, qstate, region)) {
3369 alloc_reg_release(env->alloc, region);
3370 return NULL;
3371 }
3372 /* Restore the option list; we can explicitly use the copied one from
3373 * now on. */
3374 per_upstream_opt_list = qstate->edns_opts_back_out;
3375 qstate->edns_opts_back_out = backed_up_opt_list;
30333376
30343377 if((client_string_addr = edns_string_addr_lookup(
30353378 &env->edns_strings->client_strings, addr, addrlen))) {
3036 edns_opt_list_append(&qstate->edns_opts_back_out,
3379 edns_opt_list_append(&per_upstream_opt_list,
30373380 env->edns_strings->client_string_opcode,
30383381 client_string_addr->string_len,
3039 client_string_addr->string, qstate->region);
3382 client_string_addr->string, region);
30403383 }
30413384
30423385 serviced_gen_query(buff, qinfo->qname, qinfo->qname_len, qinfo->qtype,
30433386 qinfo->qclass, flags);
30443387 sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen,
3045 qstate->edns_opts_back_out);
3046 /* duplicate entries are included in the callback list, because
3047 * there is a counterpart registration by our caller that needs to
3048 * be doubly-removed (with callbacks perhaps). */
3049 if(!(cb = (struct service_callback*)malloc(sizeof(*cb))))
3050 return NULL;
3388 per_upstream_opt_list);
30513389 if(!sq) {
3390 /* Check ratelimit only for new serviced_query */
3391 if(check_ratelimit) {
3392 timenow = *env->now;
3393 if(!infra_ratelimit_inc(env->infra_cache, zone,
3394 zonelen, timenow, env->cfg->ratelimit_backoff,
3395 &qstate->qinfo, qstate->reply)) {
3396 /* Can we pass through with slip factor? */
3397 if(env->cfg->ratelimit_factor == 0 ||
3398 ub_random_max(env->rnd,
3399 env->cfg->ratelimit_factor) != 1) {
3400 *was_ratelimited = 1;
3401 alloc_reg_release(env->alloc, region);
3402 return NULL;
3403 }
3404 log_nametypeclass(VERB_ALGO,
3405 "ratelimit allowed through for "
3406 "delegation point", zone,
3407 LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN);
3408 }
3409 }
30523410 /* make new serviced query entry */
30533411 sq = serviced_create(outnet, buff, dnssec, want_dnssec, nocaps,
30543412 tcp_upstream, ssl_upstream, tls_auth_name, addr,
30553413 addrlen, zone, zonelen, (int)qinfo->qtype,
3056 qstate->edns_opts_back_out,
3414 per_upstream_opt_list,
30573415 ( ssl_upstream && env->cfg->pad_queries
3058 ? env->cfg->pad_queries_block_size : 0 ));
3416 ? env->cfg->pad_queries_block_size : 0 ),
3417 env->alloc, region);
30593418 if(!sq) {
3060 free(cb);
3419 if(check_ratelimit) {
3420 infra_ratelimit_dec(env->infra_cache,
3421 zone, zonelen, timenow);
3422 }
3423 alloc_reg_release(env->alloc, region);
30613424 return NULL;
30623425 }
3063 /* perform first network action */
3064 if(outnet->do_udp && !(tcp_upstream || ssl_upstream)) {
3065 if(!serviced_udp_send(sq, buff)) {
3066 (void)rbtree_delete(outnet->serviced, sq);
3067 serviced_node_del(&sq->node, NULL);
3068 free(cb);
3069 return NULL;
3426 if(!(cb = (struct service_callback*)regional_alloc(
3427 sq->region, sizeof(*cb)))) {
3428 if(check_ratelimit) {
3429 infra_ratelimit_dec(env->infra_cache,
3430 zone, zonelen, timenow);
30703431 }
3071 } else {
3072 if(!serviced_tcp_send(sq, buff)) {
3073 (void)rbtree_delete(outnet->serviced, sq);
3074 serviced_node_del(&sq->node, NULL);
3075 free(cb);
3076 return NULL;
3077 }
3432 (void)rbtree_delete(outnet->serviced, sq);
3433 serviced_node_del(&sq->node, NULL);
3434 return NULL;
3435 }
3436 /* No network action at this point; it will be invoked with the
3437 * serviced_query timer instead to run outside of the mesh. */
3438 } else {
3439 /* We don't need this region anymore. */
3440 alloc_reg_release(env->alloc, region);
3441 /* duplicate entries are included in the callback list, because
3442 * there is a counterpart registration by our caller that needs
3443 * to be doubly-removed (with callbacks perhaps). */
3444 if(!(cb = (struct service_callback*)regional_alloc(
3445 sq->region, sizeof(*cb)))) {
3446 return NULL;
30783447 }
30793448 }
30803449 /* add callback to list of callbacks */
30943463 if((*pp)->cb_arg == cb_arg) {
30953464 struct service_callback* del = *pp;
30963465 *pp = del->next;
3097 free(del);
30983466 return;
30993467 }
31003468 pp = &(*pp)->next;
31033471
31043472 void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg)
31053473 {
3106 if(!sq)
3474 if(!sq)
31073475 return;
31083476 callback_list_remove(sq, cb_arg);
31093477 /* if callbacks() routine scheduled deletion, let it do that */
3110 if(!sq->cblist && !sq->to_be_deleted) {
3478 if(!sq->cblist && !sq->busy && !sq->to_be_deleted) {
31113479 (void)rbtree_delete(sq->outnet->serviced, sq);
3112 serviced_delete(sq);
3480 serviced_delete(sq);
31133481 }
31143482 }
31153483
32023570 return NULL;
32033571 }
32043572 cp = comm_point_create_udp(outnet->base, fd, outnet->udp_buff,
3205 cb, cb_arg);
3573 cb, cb_arg, NULL);
32063574 if(!cp) {
32073575 log_err("malloc failure");
32083576 close(fd);
33083676 return cp;
33093677 }
33103678
3679 /** setup the User-Agent HTTP header based on http-user-agent configuration */
3680 static void
3681 setup_http_user_agent(sldns_buffer* buf, struct config_file* cfg)
3682 {
3683 if(cfg->hide_http_user_agent) return;
3684 if(cfg->http_user_agent==NULL || cfg->http_user_agent[0] == 0) {
3685 sldns_buffer_printf(buf, "User-Agent: %s/%s\r\n", PACKAGE_NAME,
3686 PACKAGE_VERSION);
3687 } else {
3688 sldns_buffer_printf(buf, "User-Agent: %s\r\n", cfg->http_user_agent);
3689 }
3690 }
3691
33113692 /** setup http request headers in buffer for sending query to destination */
33123693 static int
3313 setup_http_request(sldns_buffer* buf, char* host, char* path)
3694 setup_http_request(sldns_buffer* buf, char* host, char* path,
3695 struct config_file* cfg)
33143696 {
33153697 sldns_buffer_clear(buf);
33163698 sldns_buffer_printf(buf, "GET /%s HTTP/1.1\r\n", path);
33173699 sldns_buffer_printf(buf, "Host: %s\r\n", host);
3318 sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n",
3319 PACKAGE_VERSION);
3700 setup_http_user_agent(buf, cfg);
33203701 /* We do not really do multiple queries per connection,
33213702 * but this header setting is also not needed.
33223703 * sldns_buffer_printf(buf, "Connection: close\r\n") */
33323713 outnet_comm_point_for_http(struct outside_network* outnet,
33333714 comm_point_callback_type* cb, void* cb_arg,
33343715 struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
3335 int ssl, char* host, char* path)
3716 int ssl, char* host, char* path, struct config_file* cfg)
33363717 {
33373718 /* cp calls cb with err=NETEVENT_DONE when transfer is done */
33383719 struct comm_point* cp;
33683749 comm_point_start_listening(cp, fd, timeout);
33693750
33703751 /* setup http request in cp->buffer */
3371 if(!setup_http_request(cp->buffer, host, path)) {
3752 if(!setup_http_request(cp->buffer, host, path, cfg)) {
33723753 log_err("error setting up http request");
33733754 comm_point_delete(cp);
33743755 return NULL;
+60
-12
services/outside_network.h less more
4242 #ifndef OUTSIDE_NETWORK_H
4343 #define OUTSIDE_NETWORK_H
4444
45 #include "util/alloc.h"
4546 #include "util/rbtree.h"
47 #include "util/regional.h"
4648 #include "util/netevent.h"
4749 #include "dnstap/dnstap_config.h"
4850 struct pending;
6264 struct module_env;
6365 struct module_qstate;
6466 struct query_info;
67 struct config_file;
6568
6669 /**
6770 * Send queries to outside servers and wait for answers from servers.
157160 size_t num_tcp;
158161 /** number of tcp communication points in use. */
159162 size_t num_tcp_outgoing;
163 /** max number of queries on a reuse connection */
164 size_t max_reuse_tcp_queries;
165 /** timeout for REUSE entries in milliseconds. */
166 int tcp_reuse_timeout;
167 /** timeout in milliseconds for TCP queries to auth servers. */
168 int tcp_auth_query_timeout;
160169 /**
161170 * tree of still-open and waiting tcp connections for reuse.
162171 * can be closed and reopened to get a new tcp connection.
294303 struct outside_network* outnet;
295304 };
296305
297 /** max number of queries on a reuse connection */
298 #define MAX_REUSE_TCP_QUERIES 200
299 /** timeout for REUSE entries in milliseconds. */
300 #define REUSE_TIMEOUT 60000
301
302306 /**
303307 * A query that has an answer pending for it.
304308 */
343347 struct pending_tcp {
344348 /** next in list of free tcp comm points, or NULL. */
345349 struct pending_tcp* next_free;
350 /** port for of the outgoing interface that is used */
351 struct port_if* pi;
346352 /** tcp comm point it was sent on (and reply must come back on). */
347353 struct comm_point* c;
348354 /** the query being serviced, NULL if the pending_tcp is unused. */
407413 char* tls_auth_name;
408414 /** the packet was involved in an error, to stop looping errors */
409415 int error_count;
416 /** if true, the item is at the cb_and_decommission stage */
417 int in_cb_and_decommission;
418 #ifdef USE_DNSTAP
419 /** serviced query pointer for dnstap to get logging info, if nonNULL*/
420 struct serviced_query* sq;
421 #endif
410422 };
411423
412424 /**
503515 void* pending;
504516 /** block size with which to pad encrypted queries (default: 128) */
505517 size_t padding_block_size;
518 /** region for this serviced query. Will be cleared when this
519 * serviced_query will be deleted */
520 struct regional* region;
521 /** allocation service for the region */
522 struct alloc_cache* alloc;
523 /** flash timer to start the net I/O as a separate event */
524 struct comm_timer* timer;
525 /** true if serviced_query is currently doing net I/O and may block */
526 int busy;
506527 };
507528
508529 /**
533554 * @param tls_use_sni: if SNI is used for TLS connections.
534555 * @param dtenv: environment to send dnstap events with (if enabled).
535556 * @param udp_connect: if the udp_connect option is enabled.
557 * @param max_reuse_tcp_queries: max number of queries on a reuse connection.
558 * @param tcp_reuse_timeout: timeout for REUSE entries in milliseconds.
559 * @param tcp_auth_query_timeout: timeout in milliseconds for TCP queries to auth servers.
536560 * @return: the new structure (with no pending answers) or NULL on error.
537561 */
538562 struct outside_network* outside_network_create(struct comm_base* base,
542566 int numavailports, size_t unwanted_threshold, int tcp_mss,
543567 void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
544568 void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv,
545 int udp_connect);
569 int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout,
570 int tcp_auth_query_timeout);
546571
547572 /**
548573 * Delete outside_network structure.
606631 * @param want_dnssec: signatures are needed, without EDNS the answer is
607632 * likely to be useless.
608633 * @param nocaps: ignore use_caps_for_id and use unperturbed qname.
634 * @param check_ratelimit: if set, will check ratelimit before sending out.
609635 * @param tcp_upstream: use TCP for upstream queries.
610636 * @param ssl_upstream: use SSL for upstream queries.
611637 * @param tls_auth_name: when ssl_upstream is true, use this name to check
622648 * @param callback_arg: user argument to callback function.
623649 * @param buff: scratch buffer to create query contents in. Empty on exit.
624650 * @param env: the module environment.
651 * @param was_ratelimited: it will signal back if the query failed to pass the
652 * ratelimit check.
625653 * @return 0 on error, or pointer to serviced query that is used to answer
626654 * this serviced query may be shared with other callbacks as well.
627655 */
628656 struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
629657 struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec,
630 int nocaps, int tcp_upstream, int ssl_upstream, char* tls_auth_name,
631 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
632 size_t zonelen, struct module_qstate* qstate,
658 int nocaps, int check_ratelimit, int tcp_upstream, int ssl_upstream,
659 char* tls_auth_name, struct sockaddr_storage* addr, socklen_t addrlen,
660 uint8_t* zone, size_t zonelen, struct module_qstate* qstate,
633661 comm_point_callback_type* callback, void* callback_arg,
634 struct sldns_buffer* buff, struct module_env* env);
662 struct sldns_buffer* buff, struct module_env* env, int* was_ratelimited);
635663
636664 /**
637665 * Remove service query callback.
669697 /** insert element in tree by id */
670698 void reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w);
671699
700 /** insert element in tcp_reuse tree and LRU list */
701 int reuse_tcp_insert(struct outside_network* outnet,
702 struct pending_tcp* pend_tcp);
703
704 /** touch the LRU of the element */
705 void reuse_tcp_lru_touch(struct outside_network* outnet,
706 struct reuse_tcp* reuse);
707
708 /** remove element from tree and LRU list */
709 void reuse_tcp_remove_tree_list(struct outside_network* outnet,
710 struct reuse_tcp* reuse);
711
712 /** snip the last reuse_tcp element off of the LRU list if any */
713 struct reuse_tcp* reuse_tcp_lru_snip(struct outside_network* outnet);
714
672715 /** delete readwait waiting_tcp elements, deletes the elements in the list */
673716 void reuse_del_readwait(rbtree_type* tree_by_id);
674717
675718 /** get TCP file descriptor for address, returns -1 on failure,
676719 * tcp_mss is 0 or maxseg size to set for TCP packets. */
677 int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp);
720 int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen,
721 int tcp_mss, int dscp);
678722
679723 /**
680724 * Create udp commpoint suitable for sending packets to the destination.
728772 * @param ssl: set to true for https.
729773 * @param host: hostname to use for the destination. part of http request.
730774 * @param path: pathname to lookup, eg. name of the file on the destination.
775 * @param cfg: running configuration for User-Agent setup.
731776 * @return http_out commpoint, or NULL.
732777 */
733778 struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet,
734779 comm_point_callback_type* cb, void* cb_arg,
735780 struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
736 int ssl, char* host, char* path);
781 int ssl, char* host, char* path, struct config_file* cfg);
737782
738783 /** connect tcp connection to addr, 0 on failure */
739784 int outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen);
755800 /** callback for outgoing TCP timer event */
756801 void outnet_tcptimer(void* arg);
757802
803 /** callback to send serviced queries */
804 void serviced_timer_cb(void *arg);
805
758806 /** callback for serviced query UDP answers */
759807 int serviced_udp_callback(struct comm_point* c, void* arg, int error,
760808 struct comm_reply* rep);
+1613
-280
services/rpz.c less more
4949 #include "util/data/dname.h"
5050 #include "util/locks.h"
5151 #include "util/regional.h"
52 #include "util/data/msgencode.h"
53 #include "services/cache/dns.h"
54 #include "iterator/iterator.h"
55 #include "iterator/iter_delegpt.h"
56 #include "daemon/worker.h"
57
58 typedef struct resp_addr rpz_aclnode_type;
59
60 struct matched_delegation_point {
61 uint8_t* dname;
62 size_t dname_len;
63 };
5264
5365 /** string for RPZ action enum */
5466 const char*
5567 rpz_action_to_string(enum rpz_action a)
5668 {
5769 switch(a) {
58 case RPZ_NXDOMAIN_ACTION: return "nxdomain";
59 case RPZ_NODATA_ACTION: return "nodata";
60 case RPZ_PASSTHRU_ACTION: return "passthru";
61 case RPZ_DROP_ACTION: return "drop";
62 case RPZ_TCP_ONLY_ACTION: return "tcp_only";
63 case RPZ_INVALID_ACTION: return "invalid";
64 case RPZ_LOCAL_DATA_ACTION: return "local_data";
65 case RPZ_DISABLED_ACTION: return "disabled";
66 case RPZ_CNAME_OVERRIDE_ACTION: return "cname_override";
67 case RPZ_NO_OVERRIDE_ACTION: return "no_override";
68 }
69 return "unknown";
70 case RPZ_NXDOMAIN_ACTION: return "rpz-nxdomain";
71 case RPZ_NODATA_ACTION: return "rpz-nodata";
72 case RPZ_PASSTHRU_ACTION: return "rpz-passthru";
73 case RPZ_DROP_ACTION: return "rpz-drop";
74 case RPZ_TCP_ONLY_ACTION: return "rpz-tcp-only";
75 case RPZ_INVALID_ACTION: return "rpz-invalid";
76 case RPZ_LOCAL_DATA_ACTION: return "rpz-local-data";
77 case RPZ_DISABLED_ACTION: return "rpz-disabled";
78 case RPZ_CNAME_OVERRIDE_ACTION: return "rpz-cname-override";
79 case RPZ_NO_OVERRIDE_ACTION: return "rpz-no-override";
80 default: return "rpz-unknown-action";
81 }
7082 }
7183
7284 /** RPZ action enum for config string */
7385 static enum rpz_action
7486 rpz_config_to_action(char* a)
7587 {
76 if(strcmp(a, "nxdomain") == 0)
77 return RPZ_NXDOMAIN_ACTION;
78 else if(strcmp(a, "nodata") == 0)
79 return RPZ_NODATA_ACTION;
80 else if(strcmp(a, "passthru") == 0)
81 return RPZ_PASSTHRU_ACTION;
82 else if(strcmp(a, "drop") == 0)
83 return RPZ_DROP_ACTION;
84 else if(strcmp(a, "tcp_only") == 0)
85 return RPZ_TCP_ONLY_ACTION;
86 else if(strcmp(a, "cname") == 0)
87 return RPZ_CNAME_OVERRIDE_ACTION;
88 else if(strcmp(a, "disabled") == 0)
89 return RPZ_DISABLED_ACTION;
90 return RPZ_INVALID_ACTION;
88 if(strcmp(a, "nxdomain") == 0) return RPZ_NXDOMAIN_ACTION;
89 else if(strcmp(a, "nodata") == 0) return RPZ_NODATA_ACTION;
90 else if(strcmp(a, "passthru") == 0) return RPZ_PASSTHRU_ACTION;
91 else if(strcmp(a, "drop") == 0) return RPZ_DROP_ACTION;
92 else if(strcmp(a, "tcp_only") == 0) return RPZ_TCP_ONLY_ACTION;
93 else if(strcmp(a, "cname") == 0) return RPZ_CNAME_OVERRIDE_ACTION;
94 else if(strcmp(a, "disabled") == 0) return RPZ_DISABLED_ACTION;
95 else return RPZ_INVALID_ACTION;
9196 }
9297
9398 /** string for RPZ trigger enum */
95100 rpz_trigger_to_string(enum rpz_trigger r)
96101 {
97102 switch(r) {
98 case RPZ_QNAME_TRIGGER: return "qname";
99 case RPZ_CLIENT_IP_TRIGGER: return "client_ip";
100 case RPZ_RESPONSE_IP_TRIGGER: return "response_ip";
101 case RPZ_NSDNAME_TRIGGER: return "nsdname";
102 case RPZ_NSIP_TRIGGER: return "nsip";
103 case RPZ_INVALID_TRIGGER: return "invalid";
104 }
105 return "unknown";
103 case RPZ_QNAME_TRIGGER: return "rpz-qname";
104 case RPZ_CLIENT_IP_TRIGGER: return "rpz-client-ip";
105 case RPZ_RESPONSE_IP_TRIGGER: return "rpz-response-ip";
106 case RPZ_NSDNAME_TRIGGER: return "rpz-nsdname";
107 case RPZ_NSIP_TRIGGER: return "rpz-nsip";
108 case RPZ_INVALID_TRIGGER: return "rpz-invalid";
109 default: return "rpz-unknown-trigger";
110 }
106111 }
107112
108113 /**
137142 }
138143
139144 /**
140 * Classify RPZ action for RR type/rdata
141 * @param rr_type: the RR type
142 * @param rdatawl: RDATA with 2 bytes length
143 * @param rdatalen: the length of rdatawl (including its 2 bytes length)
144 * @return: the RPZ action
145 * The RR types that are to be ignored.
146 * DNSSEC RRs at the apex, and SOA and NS are ignored.
145147 */
146 static enum rpz_action
147 rpz_rr_to_action(uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen)
148 {
149 char* endptr;
150 uint8_t* rdata;
151 int rdatalabs;
152 uint8_t* tldlab = NULL;
153
148 static int
149 rpz_type_ignored(uint16_t rr_type)
150 {
154151 switch(rr_type) {
155152 case LDNS_RR_TYPE_SOA:
156153 case LDNS_RR_TYPE_NS:
161158 case LDNS_RR_TYPE_RRSIG:
162159 case LDNS_RR_TYPE_NSEC:
163160 case LDNS_RR_TYPE_NSEC3:
161 case LDNS_RR_TYPE_NSEC3PARAM:
162 return 1;
163 default:
164 break;
165 }
166 return 0;
167 }
168
169 /**
170 * Classify RPZ action for RR type/rdata
171 * @param rr_type: the RR type
172 * @param rdatawl: RDATA with 2 bytes length
173 * @param rdatalen: the length of rdatawl (including its 2 bytes length)
174 * @return: the RPZ action
175 */
176 static enum rpz_action
177 rpz_rr_to_action(uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen)
178 {
179 char* endptr;
180 uint8_t* rdata;
181 int rdatalabs;
182 uint8_t* tldlab = NULL;
183
184 switch(rr_type) {
185 case LDNS_RR_TYPE_SOA:
186 case LDNS_RR_TYPE_NS:
187 case LDNS_RR_TYPE_DNAME:
188 /* all DNSSEC-related RRs must be ignored */
189 case LDNS_RR_TYPE_DNSKEY:
190 case LDNS_RR_TYPE_DS:
191 case LDNS_RR_TYPE_RRSIG:
192 case LDNS_RR_TYPE_NSEC:
193 case LDNS_RR_TYPE_NSEC3:
194 case LDNS_RR_TYPE_NSEC3PARAM:
164195 return RPZ_INVALID_ACTION;
165196 case LDNS_RR_TYPE_CNAME:
166197 break;
206237 rpz_action_to_localzone_type(enum rpz_action a)
207238 {
208239 switch(a) {
209 case RPZ_NXDOMAIN_ACTION: return local_zone_always_nxdomain;
210 case RPZ_NODATA_ACTION: return local_zone_always_nodata;
211 case RPZ_DROP_ACTION: return local_zone_always_deny;
212 case RPZ_PASSTHRU_ACTION: return local_zone_always_transparent;
240 case RPZ_NXDOMAIN_ACTION: return local_zone_always_nxdomain;
241 case RPZ_NODATA_ACTION: return local_zone_always_nodata;
242 case RPZ_DROP_ACTION: return local_zone_always_deny;
243 case RPZ_PASSTHRU_ACTION: return local_zone_always_transparent;
213244 case RPZ_LOCAL_DATA_ACTION: /* fallthrough */
214245 case RPZ_CNAME_OVERRIDE_ACTION: return local_zone_redirect;
215 case RPZ_INVALID_ACTION: /* fallthrough */
216 case RPZ_TCP_ONLY_ACTION: /* fallthrough */
217 default: return local_zone_invalid;
246 case RPZ_TCP_ONLY_ACTION: return local_zone_truncate;
247 case RPZ_INVALID_ACTION: /* fallthrough */
248 default: return local_zone_invalid;
218249 }
219250 }
220251
222253 rpz_action_to_respip_action(enum rpz_action a)
223254 {
224255 switch(a) {
225 case RPZ_NXDOMAIN_ACTION: return respip_always_nxdomain;
226 case RPZ_NODATA_ACTION: return respip_always_nodata;
227 case RPZ_DROP_ACTION: return respip_always_deny;
228 case RPZ_PASSTHRU_ACTION: return respip_always_transparent;
229 case RPZ_LOCAL_DATA_ACTION: /* fallthrough */
256 case RPZ_NXDOMAIN_ACTION: return respip_always_nxdomain;
257 case RPZ_NODATA_ACTION: return respip_always_nodata;
258 case RPZ_DROP_ACTION: return respip_always_deny;
259 case RPZ_PASSTHRU_ACTION: return respip_always_transparent;
260 case RPZ_LOCAL_DATA_ACTION: /* fallthrough */
230261 case RPZ_CNAME_OVERRIDE_ACTION: return respip_redirect;
231 case RPZ_INVALID_ACTION: /* fallthrough */
232 case RPZ_TCP_ONLY_ACTION: /* fallthrough */
233 default: return respip_invalid;
262 case RPZ_TCP_ONLY_ACTION: return respip_truncate;
263 case RPZ_INVALID_ACTION: /* fallthrough */
264 default: return respip_invalid;
234265 }
235266 }
236267
238269 localzone_type_to_rpz_action(enum localzone_type lzt)
239270 {
240271 switch(lzt) {
241 case local_zone_always_nxdomain: return RPZ_NXDOMAIN_ACTION;
242 case local_zone_always_nodata: return RPZ_NODATA_ACTION;
243 case local_zone_always_deny: return RPZ_DROP_ACTION;
244 case local_zone_always_transparent: return RPZ_PASSTHRU_ACTION;
245 case local_zone_redirect: return RPZ_LOCAL_DATA_ACTION;
246 case local_zone_invalid:
247 default:
248 return RPZ_INVALID_ACTION;
272 case local_zone_always_nxdomain: return RPZ_NXDOMAIN_ACTION;
273 case local_zone_always_nodata: return RPZ_NODATA_ACTION;
274 case local_zone_always_deny: return RPZ_DROP_ACTION;
275 case local_zone_always_transparent: return RPZ_PASSTHRU_ACTION;
276 case local_zone_redirect: return RPZ_LOCAL_DATA_ACTION;
277 case local_zone_truncate: return RPZ_TCP_ONLY_ACTION;
278 case local_zone_invalid: /* fallthrough */
279 default: return RPZ_INVALID_ACTION;
249280 }
250281 }
251282
253284 respip_action_to_rpz_action(enum respip_action a)
254285 {
255286 switch(a) {
256 case respip_always_nxdomain: return RPZ_NXDOMAIN_ACTION;
257 case respip_always_nodata: return RPZ_NODATA_ACTION;
258 case respip_always_deny: return RPZ_DROP_ACTION;
259 case respip_always_transparent: return RPZ_PASSTHRU_ACTION;
260 case respip_redirect: return RPZ_LOCAL_DATA_ACTION;
261 case respip_invalid:
262 default:
263 return RPZ_INVALID_ACTION;
287 case respip_always_nxdomain: return RPZ_NXDOMAIN_ACTION;
288 case respip_always_nodata: return RPZ_NODATA_ACTION;
289 case respip_always_deny: return RPZ_DROP_ACTION;
290 case respip_always_transparent: return RPZ_PASSTHRU_ACTION;
291 case respip_redirect: return RPZ_LOCAL_DATA_ACTION;
292 case respip_truncate: return RPZ_TCP_ONLY_ACTION;
293 case respip_invalid: /* fallthrough */
294 default: return RPZ_INVALID_ACTION;
264295 }
265296 }
266297
296327 return RPZ_QNAME_TRIGGER;
297328 }
298329
299 void rpz_delete(struct rpz* r)
330 static inline struct clientip_synthesized_rrset*
331 rpz_clientip_synthesized_set_create(void)
332 {
333 struct clientip_synthesized_rrset* set = calloc(1, sizeof(*set));
334 if(set == NULL) {
335 return NULL;
336 }
337 set->region = regional_create();
338 if(set->region == NULL) {
339 free(set);
340 return NULL;
341 }
342 addr_tree_init(&set->entries);
343 lock_rw_init(&set->lock);
344 return set;
345 }
346
347 static void
348 rpz_clientip_synthesized_rr_delete(rbnode_type* n, void* ATTR_UNUSED(arg))
349 {
350 struct clientip_synthesized_rr* r = (struct clientip_synthesized_rr*)n->key;
351 lock_rw_destroy(&r->lock);
352 #ifdef THREADS_DISABLED
353 (void)r;
354 #endif
355 }
356
357 static inline void
358 rpz_clientip_synthesized_set_delete(struct clientip_synthesized_rrset* set)
359 {
360 if(set == NULL) {
361 return;
362 }
363 lock_rw_destroy(&set->lock);
364 traverse_postorder(&set->entries, rpz_clientip_synthesized_rr_delete, NULL);
365 regional_destroy(set->region);
366 free(set);
367 }
368
369 void
370 rpz_delete(struct rpz* r)
300371 {
301372 if(!r)
302373 return;
303374 local_zones_delete(r->local_zones);
375 local_zones_delete(r->nsdname_zones);
304376 respip_set_delete(r->respip_set);
377 rpz_clientip_synthesized_set_delete(r->client_set);
378 rpz_clientip_synthesized_set_delete(r->ns_set);
305379 regional_destroy(r->region);
306380 free(r->taglist);
307381 free(r->log_name);
313387 {
314388 /* must hold write lock on auth_zone */
315389 local_zones_delete(r->local_zones);
390 r->local_zones = NULL;
391 local_zones_delete(r->nsdname_zones);
392 r->nsdname_zones = NULL;
316393 respip_set_delete(r->respip_set);
394 r->respip_set = NULL;
395 rpz_clientip_synthesized_set_delete(r->client_set);
396 r->client_set = NULL;
397 rpz_clientip_synthesized_set_delete(r->ns_set);
398 r->ns_set = NULL;
317399 if(!(r->local_zones = local_zones_create())){
318400 return 0;
319401 }
402 r->nsdname_zones = local_zones_create();
403 if(r->nsdname_zones == NULL) {
404 return 0;
405 }
320406 if(!(r->respip_set = respip_set_create())) {
407 return 0;
408 }
409 if(!(r->client_set = rpz_clientip_synthesized_set_create())) {
410 return 0;
411 }
412 if(!(r->ns_set = rpz_clientip_synthesized_set_create())) {
321413 return 0;
322414 }
323415 return 1;
329421 lock_rw_wrlock(&r->respip_set->lock);
330422 addr_tree_init_parents(&r->respip_set->ip_tree);
331423 lock_rw_unlock(&r->respip_set->lock);
424
425 lock_rw_wrlock(&r->client_set->lock);
426 addr_tree_init_parents(&r->client_set->entries);
427 lock_rw_unlock(&r->client_set->lock);
428
429 lock_rw_wrlock(&r->ns_set->lock);
430 addr_tree_init_parents(&r->ns_set->entries);
431 lock_rw_unlock(&r->ns_set->lock);
332432 }
333433
334434 /** new rrset containing CNAME override, does not yet contain a dname */
392492 if(!(r->local_zones = local_zones_create())){
393493 goto err;
394494 }
495
496 r->nsdname_zones = local_zones_create();
497 if(r->local_zones == NULL){
498 goto err;
499 }
500
395501 if(!(r->respip_set = respip_set_create())) {
396502 goto err;
397503 }
504
505 r->client_set = rpz_clientip_synthesized_set_create();
506 if(r->client_set == NULL) {
507 goto err;
508 }
509
510 r->ns_set = rpz_clientip_synthesized_set_create();
511 if(r->ns_set == NULL) {
512 goto err;
513 }
514
398515 r->taglistlen = p->rpz_taglistlen;
399516 r->taglist = memdup(p->rpz_taglist, r->taglistlen);
400517 if(p->rpz_action_override) {
424541 }
425542 }
426543 r->log = p->rpz_log;
544 r->signal_nxdomain_ra = p->rpz_signal_nxdomain_ra;
427545 if(p->rpz_log_name) {
428546 if(!(r->log_name = strdup(p->rpz_log_name))) {
429547 log_err("malloc failure on RPZ log_name strdup");
435553 if(r) {
436554 if(r->local_zones)
437555 local_zones_delete(r->local_zones);
556 if(r->nsdname_zones)
557 local_zones_delete(r->nsdname_zones);
438558 if(r->respip_set)
439559 respip_set_delete(r->respip_set);
560 if(r->client_set != NULL)
561 rpz_clientip_synthesized_set_delete(r->client_set);
562 if(r->ns_set != NULL)
563 rpz_clientip_synthesized_set_delete(r->ns_set);
440564 if(r->taglist)
441565 free(r->taglist);
442566 if(r->region)
465589 return newdnamelen + 1; /* + 1 for root label */
466590 }
467591
468 /** Insert RR into RPZ's local-zone */
592 static void
593 rpz_insert_local_zones_trigger(struct local_zones* lz, uint8_t* dname,
594 size_t dnamelen, enum rpz_action a, uint16_t rrtype, uint16_t rrclass,
595 uint32_t ttl, uint8_t* rdata, size_t rdata_len, uint8_t* rr, size_t rr_len)
596 {
597 struct local_zone* z;
598 enum localzone_type tp = local_zone_always_transparent;
599 int dnamelabs = dname_count_labels(dname);
600 int newzone = 0;
601
602 if(a == RPZ_INVALID_ACTION) {
603 char str[255+1];
604 if(rrtype == LDNS_RR_TYPE_SOA || rrtype == LDNS_RR_TYPE_NS ||
605 rrtype == LDNS_RR_TYPE_DNAME ||
606 rrtype == LDNS_RR_TYPE_DNSKEY ||
607 rrtype == LDNS_RR_TYPE_RRSIG ||
608 rrtype == LDNS_RR_TYPE_NSEC ||
609 rrtype == LDNS_RR_TYPE_NSEC3PARAM ||
610 rrtype == LDNS_RR_TYPE_NSEC3 ||
611 rrtype == LDNS_RR_TYPE_DS) {
612 free(dname);
613 return; /* no need to log these types as unsupported */
614 }
615 dname_str(dname, str);
616 verbose(VERB_ALGO, "RPZ: qname trigger, %s skipping unsupported action: %s",
617 str, rpz_action_to_string(a));
618 free(dname);
619 return;
620 }
621
622 lock_rw_wrlock(&lz->lock);
623 /* exact match */
624 z = local_zones_find(lz, dname, dnamelen, dnamelabs, LDNS_RR_CLASS_IN);
625 if(z != NULL && a != RPZ_LOCAL_DATA_ACTION) {
626 char* rrstr = sldns_wire2str_rr(rr, rr_len);
627 if(rrstr == NULL) {
628 log_err("malloc error while inserting rpz nsdname trigger");
629 free(dname);
630 lock_rw_unlock(&lz->lock);
631 return;
632 }
633 if(rrstr[0])
634 rrstr[strlen(rrstr)-1]=0; /* remove newline */
635 verbose(VERB_ALGO, "rpz: skipping duplicate record: '%s'", rrstr);
636 free(rrstr);
637 free(dname);
638 lock_rw_unlock(&lz->lock);
639 return;
640 }
641 if(z == NULL) {
642 tp = rpz_action_to_localzone_type(a);
643 z = local_zones_add_zone(lz, dname, dnamelen,
644 dnamelabs, rrclass, tp);
645 if(z == NULL) {
646 log_warn("rpz: create failed");
647 lock_rw_unlock(&lz->lock);
648 /* dname will be free'd in failed local_zone_create() */
649 return;
650 }
651 newzone = 1;
652 }
653 if(a == RPZ_LOCAL_DATA_ACTION) {
654 char* rrstr = sldns_wire2str_rr(rr, rr_len);
655 if(rrstr == NULL) {
656 log_err("malloc error while inserting rpz nsdname trigger");
657 free(dname);
658 lock_rw_unlock(&lz->lock);
659 return;
660 }
661 lock_rw_wrlock(&z->lock);
662 local_zone_enter_rr(z, dname, dnamelen, dnamelabs, rrtype,
663 rrclass, ttl, rdata, rdata_len, rrstr);
664 lock_rw_unlock(&z->lock);
665 free(rrstr);
666 }
667 if(!newzone) {
668 free(dname);
669 }
670 lock_rw_unlock(&lz->lock);
671 }
672
673 static void
674 rpz_log_dname(char const* msg, uint8_t* dname, size_t dname_len)
675 {
676 char buf[LDNS_MAX_DOMAINLEN+1];
677 (void)dname_len;
678 dname_str(dname, buf);
679 verbose(VERB_ALGO, "rpz: %s: <%s>", msg, buf);
680 }
681
469682 static void
470683 rpz_insert_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
471684 enum rpz_action a, uint16_t rrtype, uint16_t rrclass, uint32_t ttl,
472685 uint8_t* rdata, size_t rdata_len, uint8_t* rr, size_t rr_len)
473686 {
474 struct local_zone* z;
475 enum localzone_type tp = local_zone_always_transparent;
476 int dnamelabs = dname_count_labels(dname);
477 char* rrstr;
478 int newzone = 0;
479
480 if(a == RPZ_TCP_ONLY_ACTION || a == RPZ_INVALID_ACTION) {
481 verbose(VERB_ALGO, "RPZ: skipping unsupported action: %s",
482 rpz_action_to_string(a));
687 if(a == RPZ_INVALID_ACTION) {
688 verbose(VERB_ALGO, "rpz: skipping invalid action");
483689 free(dname);
484690 return;
485691 }
486692
487 lock_rw_wrlock(&r->local_zones->lock);
488 /* exact match */
489 z = local_zones_find(r->local_zones, dname, dnamelen, dnamelabs,
490 LDNS_RR_CLASS_IN);
491 if(z && a != RPZ_LOCAL_DATA_ACTION) {
492 rrstr = sldns_wire2str_rr(rr, rr_len);
493 if(!rrstr) {
494 log_err("malloc error while inserting RPZ qname "
495 "trigger");
496 free(dname);
497 lock_rw_unlock(&r->local_zones->lock);
498 return;
499 }
500 verbose(VERB_ALGO, "RPZ: skipping duplicate record: '%s'",
501 rrstr);
693 rpz_insert_local_zones_trigger(r->local_zones, dname, dnamelen, a, rrtype,
694 rrclass, ttl, rdata, rdata_len, rr, rr_len);
695 }
696
697 static int
698 rpz_strip_nsdname_suffix(uint8_t* dname, size_t maxdnamelen,
699 uint8_t** stripdname, size_t* stripdnamelen)
700 {
701 uint8_t* tldstart = get_tld_label(dname, maxdnamelen);
702 uint8_t swap;
703 if(tldstart == NULL) {
704 if(dname == NULL) {
705 *stripdname = NULL;
706 *stripdnamelen = 0;
707 return 0;
708 }
709 *stripdname = memdup(dname, maxdnamelen);
710 if(!*stripdname) {
711 *stripdnamelen = 0;
712 log_err("malloc failure for rpz strip suffix");
713 return 0;
714 }
715 *stripdnamelen = maxdnamelen;
716 return 1;
717 }
718 /* shorten the domain name briefly,
719 * then we allocate a new name with the correct length */
720 swap = *tldstart;
721 *tldstart = 0;
722 (void)dname_count_size_labels(dname, stripdnamelen);
723 *stripdname = memdup(dname, *stripdnamelen);
724 *tldstart = swap;
725 if(!*stripdname) {
726 *stripdnamelen = 0;
727 log_err("malloc failure for rpz strip suffix");
728 return 0;
729 }
730 return 1;
731 }
732
733 static void
734 rpz_insert_nsdname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
735 enum rpz_action a, uint16_t rrtype, uint16_t rrclass, uint32_t ttl,
736 uint8_t* rdata, size_t rdata_len, uint8_t* rr, size_t rr_len)
737 {
738 uint8_t* dname_stripped = NULL;
739 size_t dnamelen_stripped = 0;
740
741 rpz_strip_nsdname_suffix(dname, dnamelen, &dname_stripped,
742 &dnamelen_stripped);
743 if(a == RPZ_INVALID_ACTION) {
744 verbose(VERB_ALGO, "rpz: skipping invalid action");
745 free(dname_stripped);
746 return;
747 }
748
749 /* dname_stripped is consumed or freed by the insert routine */
750 rpz_insert_local_zones_trigger(r->nsdname_zones, dname_stripped,
751 dnamelen_stripped, a, rrtype, rrclass, ttl, rdata, rdata_len,
752 rr, rr_len);
753 }
754
755 static int
756 rpz_insert_ipaddr_based_trigger(struct respip_set* set, struct sockaddr_storage* addr,
757 socklen_t addrlen, int net, enum rpz_action a, uint16_t rrtype,
758 uint16_t rrclass, uint32_t ttl, uint8_t* rdata, size_t rdata_len,
759 uint8_t* rr, size_t rr_len)
760 {
761 struct resp_addr* node;
762 char* rrstr;
763 enum respip_action respa = rpz_action_to_respip_action(a);
764
765 lock_rw_wrlock(&set->lock);
766 rrstr = sldns_wire2str_rr(rr, rr_len);
767 if(rrstr == NULL) {
768 log_err("malloc error while inserting rpz ipaddr based trigger");
769 lock_rw_unlock(&set->lock);
770 return 0;
771 }
772
773 node = respip_sockaddr_find_or_create(set, addr, addrlen, net, 1, rrstr);
774 if(node == NULL) {
775 lock_rw_unlock(&set->lock);
502776 free(rrstr);
503 free(dname);
504 lock_rw_unlock(&r->local_zones->lock);
777 return 0;
778 }
779
780 lock_rw_wrlock(&node->lock);
781 lock_rw_unlock(&set->lock);
782
783 node->action = respa;
784
785 if(a == RPZ_LOCAL_DATA_ACTION) {
786 respip_enter_rr(set->region, node, rrtype,
787 rrclass, ttl, rdata, rdata_len, rrstr, "");
788 }
789
790 lock_rw_unlock(&node->lock);
791 free(rrstr);
792 return 1;
793 }
794
795 static inline struct clientip_synthesized_rr*
796 rpz_clientip_ensure_entry(struct clientip_synthesized_rrset* set,
797 struct sockaddr_storage* addr, socklen_t addrlen, int net)
798 {
799 int insert_ok;
800 struct clientip_synthesized_rr* node =
801 (struct clientip_synthesized_rr*)addr_tree_find(&set->entries,
802 addr, addrlen, net);
803
804 if(node != NULL) { return node; }
805
806 /* node does not yet exist => allocate one */
807 node = regional_alloc_zero(set->region, sizeof(*node));
808 if(node == NULL) {
809 log_err("out of memory");
810 return NULL;
811 }
812
813 lock_rw_init(&node->lock);
814 node->action = RPZ_INVALID_ACTION;
815 insert_ok = addr_tree_insert(&set->entries, &node->node,
816 addr, addrlen, net);
817 if (!insert_ok) {
818 log_warn("rpz: unexpected: unable to insert clientip address node");
819 /* we can not free the just allocated node.
820 * theoretically a memleak */
821 return NULL;
822 }
823
824 return node;
825 }
826
827 static void
828 rpz_report_rrset_error(const char* msg, uint8_t* rr, size_t rr_len) {
829 char* rrstr = sldns_wire2str_rr(rr, rr_len);
830 if(rrstr == NULL) {
831 log_err("malloc error while inserting rpz clientip based record");
505832 return;
506833 }
507 if(!z) {
508 tp = rpz_action_to_localzone_type(a);
509 if(!(z = local_zones_add_zone(r->local_zones, dname, dnamelen,
510 dnamelabs, rrclass, tp))) {
511 log_warn("RPZ create failed");
512 lock_rw_unlock(&r->local_zones->lock);
513 /* dname will be free'd in failed local_zone_create() */
514 return;
515 }
516 newzone = 1;
517 }
834 log_err("rpz: unexpected: unable to insert %s: %s", msg, rrstr);
835 free(rrstr);
836 }
837
838 /* from localzone.c; difference is we don't have a dname */
839 static struct local_rrset*
840 rpz_clientip_new_rrset(struct regional* region,
841 struct clientip_synthesized_rr* raddr, uint16_t rrtype, uint16_t rrclass)
842 {
843 struct packed_rrset_data* pd;
844 struct local_rrset* rrset = (struct local_rrset*)
845 regional_alloc_zero(region, sizeof(*rrset));
846 if(rrset == NULL) {
847 log_err("out of memory");
848 return NULL;
849 }
850 rrset->next = raddr->data;
851 raddr->data = rrset;
852 rrset->rrset = (struct ub_packed_rrset_key*)
853 regional_alloc_zero(region, sizeof(*rrset->rrset));
854 if(rrset->rrset == NULL) {
855 log_err("out of memory");
856 return NULL;
857 }
858 rrset->rrset->entry.key = rrset->rrset;
859 pd = (struct packed_rrset_data*)regional_alloc_zero(region, sizeof(*pd));
860 if(pd == NULL) {
861 log_err("out of memory");
862 return NULL;
863 }
864 pd->trust = rrset_trust_prim_noglue;
865 pd->security = sec_status_insecure;
866 rrset->rrset->entry.data = pd;
867 rrset->rrset->rk.type = htons(rrtype);
868 rrset->rrset->rk.rrset_class = htons(rrclass);
869 rrset->rrset->rk.dname = regional_alloc_zero(region, 1);
870 if(rrset->rrset->rk.dname == NULL) {
871 log_err("out of memory");
872 return NULL;
873 }
874 rrset->rrset->rk.dname_len = 1;
875 return rrset;
876 }
877
878 static int
879 rpz_clientip_enter_rr(struct regional* region, struct clientip_synthesized_rr* raddr,
880 uint16_t rrtype, uint16_t rrclass, time_t ttl, uint8_t* rdata,
881 size_t rdata_len)
882 {
883 struct local_rrset* rrset;
884 if (rrtype == LDNS_RR_TYPE_CNAME && raddr->data != NULL) {
885 log_err("CNAME response-ip data can not co-exist with other "
886 "client-ip data");
887 return 0;
888 }
889
890 rrset = rpz_clientip_new_rrset(region, raddr, rrtype, rrclass);
891 if(raddr->data == NULL) {
892 return 0;
893 }
894
895 return rrset_insert_rr(region, rrset->rrset->entry.data, rdata, rdata_len, ttl, "");
896 }
897
898 static int
899 rpz_clientip_insert_trigger_rr(struct clientip_synthesized_rrset* set, struct sockaddr_storage* addr,
900 socklen_t addrlen, int net, enum rpz_action a, uint16_t rrtype,
901 uint16_t rrclass, uint32_t ttl, uint8_t* rdata, size_t rdata_len,
902 uint8_t* rr, size_t rr_len)
903 {
904 struct clientip_synthesized_rr* node;
905
906 lock_rw_wrlock(&set->lock);
907
908 node = rpz_clientip_ensure_entry(set, addr, addrlen, net);
909 if(node == NULL) {
910 lock_rw_unlock(&set->lock);
911 rpz_report_rrset_error("client ip address", rr, rr_len);
912 return 0;
913 }
914
915 lock_rw_wrlock(&node->lock);
916 lock_rw_unlock(&set->lock);
917
918 node->action = a;
518919 if(a == RPZ_LOCAL_DATA_ACTION) {
519 rrstr = sldns_wire2str_rr(rr, rr_len);
520 if(!rrstr) {
521 log_err("malloc error while inserting RPZ qname "
522 "trigger");
523 free(dname);
524 lock_rw_unlock(&r->local_zones->lock);
525 return;
526 }
527 lock_rw_wrlock(&z->lock);
528 local_zone_enter_rr(z, dname, dnamelen, dnamelabs,
529 rrtype, rrclass, ttl, rdata, rdata_len, rrstr);
530 lock_rw_unlock(&z->lock);
531 free(rrstr);
532 }
533 if(!newzone)
534 free(dname);
535 lock_rw_unlock(&r->local_zones->lock);
536 return;
920 if(!rpz_clientip_enter_rr(set->region, node, rrtype,
921 rrclass, ttl, rdata, rdata_len)) {
922 verbose(VERB_ALGO, "rpz: unable to insert clientip rr");
923 lock_rw_unlock(&node->lock);
924 return 0;
925 }
926
927 }
928
929 lock_rw_unlock(&node->lock);
930
931 return 1;
932 }
933
934 static int
935 rpz_insert_clientip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
936 enum rpz_action a, uint16_t rrtype, uint16_t rrclass, uint32_t ttl,
937 uint8_t* rdata, size_t rdata_len, uint8_t* rr, size_t rr_len)
938 {
939 struct sockaddr_storage addr;
940 socklen_t addrlen;
941 int net, af;
942
943 if(a == RPZ_INVALID_ACTION) {
944 return 0;
945 }
946
947 if(!netblockdnametoaddr(dname, dnamelen, &addr, &addrlen, &net, &af)) {
948 verbose(VERB_ALGO, "rpz: unable to parse client ip");
949 return 0;
950 }
951
952 return rpz_clientip_insert_trigger_rr(r->client_set, &addr, addrlen, net,
953 a, rrtype, rrclass, ttl, rdata, rdata_len, rr, rr_len);
954 }
955
956 static int
957 rpz_insert_nsip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen,
958 enum rpz_action a, uint16_t rrtype, uint16_t rrclass, uint32_t ttl,
959 uint8_t* rdata, size_t rdata_len, uint8_t* rr, size_t rr_len)
960 {
961 struct sockaddr_storage addr;
962 socklen_t addrlen;
963 int net, af;
964
965 if(a == RPZ_INVALID_ACTION) {
966 return 0;
967 }
968
969 if(!netblockdnametoaddr(dname, dnamelen, &addr, &addrlen, &net, &af)) {
970 verbose(VERB_ALGO, "rpz: unable to parse ns ip");
971 return 0;
972 }
973
974 return rpz_clientip_insert_trigger_rr(r->ns_set, &addr, addrlen, net,
975 a, rrtype, rrclass, ttl, rdata, rdata_len, rr, rr_len);
537976 }
538977
539978 /** Insert RR into RPZ's respip_set */
542981 enum rpz_action a, uint16_t rrtype, uint16_t rrclass, uint32_t ttl,
543982 uint8_t* rdata, size_t rdata_len, uint8_t* rr, size_t rr_len)
544983 {
545 struct resp_addr* node;
546984 struct sockaddr_storage addr;
547985 socklen_t addrlen;
548986 int net, af;
549 char* rrstr;
550 enum respip_action respa = rpz_action_to_respip_action(a);
551
552 if(a == RPZ_TCP_ONLY_ACTION || a == RPZ_INVALID_ACTION ||
553 respa == respip_invalid) {
554 verbose(VERB_ALGO, "RPZ: skipping unsupported action: %s",
555 rpz_action_to_string(a));
556 return 0;
557 }
558
559 if(!netblockdnametoaddr(dname, dnamelen, &addr, &addrlen, &net, &af))
560 return 0;
561
562 lock_rw_wrlock(&r->respip_set->lock);
563 rrstr = sldns_wire2str_rr(rr, rr_len);
564 if(!rrstr) {
565 log_err("malloc error while inserting RPZ respip trigger");
566 lock_rw_unlock(&r->respip_set->lock);
567 return 0;
568 }
569 if(!(node=respip_sockaddr_find_or_create(r->respip_set, &addr, addrlen,
570 net, 1, rrstr))) {
571 lock_rw_unlock(&r->respip_set->lock);
572 free(rrstr);
573 return 0;
574 }
575
576 lock_rw_wrlock(&node->lock);
577 lock_rw_unlock(&r->respip_set->lock);
578 node->action = respa;
579
580 if(a == RPZ_LOCAL_DATA_ACTION) {
581 respip_enter_rr(r->respip_set->region, node, rrtype,
582 rrclass, ttl, rdata, rdata_len, rrstr, "");
583 }
584 lock_rw_unlock(&node->lock);
585 free(rrstr);
586 return 1;
987
988 if(a == RPZ_INVALID_ACTION) {
989 return 0;
990 }
991
992 if(!netblockdnametoaddr(dname, dnamelen, &addr, &addrlen, &net, &af)) {
993 verbose(VERB_ALGO, "rpz: unable to parse response ip");
994 return 0;
995 }
996
997 if(a == RPZ_INVALID_ACTION ||
998 rpz_action_to_respip_action(a) == respip_invalid) {
999 char str[255+1];
1000 dname_str(dname, str);
1001 verbose(VERB_ALGO, "RPZ: respip trigger, %s skipping unsupported action: %s",
1002 str, rpz_action_to_string(a));
1003 return 0;
1004 }
1005
1006 return rpz_insert_ipaddr_based_trigger(r->respip_set, &addr, addrlen, net,
1007 a, rrtype, rrclass, ttl, rdata, rdata_len, rr, rr_len);
5871008 }
5881009
5891010 int
5971018 enum rpz_action a;
5981019 uint8_t* policydname;
5991020
1021 if(rpz_type_ignored(rr_type)) {
1022 /* this rpz action is not valid, eg. this is the SOA or NS RR */
1023 return 1;
1024 }
6001025 if(!dname_subdomain_c(dname, azname)) {
6011026 char* dname_str = sldns_wire2str_dname(dname, dnamelen);
6021027 char* azname_str = sldns_wire2str_dname(azname, aznamelen);
6031028 if(dname_str && azname_str) {
604 log_err("RPZ: name of record (%s) to insert into RPZ is not a "
1029 log_err("rpz: name of record (%s) to insert into RPZ is not a "
6051030 "subdomain of the configured name of the RPZ zone (%s)",
6061031 dname_str, azname_str);
6071032 } else {
608 log_err("RPZ: name of record to insert into RPZ is not a "
1033 log_err("rpz: name of record to insert into RPZ is not a "
6091034 "subdomain of the configured name of the RPZ zone");
6101035 }
6111036 free(dname_str);
6281053 t = rpz_dname_to_trigger(policydname, policydnamelen);
6291054 if(t == RPZ_INVALID_TRIGGER) {
6301055 free(policydname);
631 verbose(VERB_ALGO, "RPZ: skipping invalid trigger");
1056 verbose(VERB_ALGO, "rpz: skipping invalid trigger");
6321057 return 1;
6331058 }
6341059 if(t == RPZ_QNAME_TRIGGER) {
1060 /* policydname will be consumed, no free */
6351061 rpz_insert_qname_trigger(r, policydname, policydnamelen,
6361062 a, rr_type, rr_class, rr_ttl, rdatawl, rdatalen, rr,
6371063 rr_len);
638 }
639 else if(t == RPZ_RESPONSE_IP_TRIGGER) {
1064 } else if(t == RPZ_RESPONSE_IP_TRIGGER) {
6401065 rpz_insert_response_ip_trigger(r, policydname, policydnamelen,
6411066 a, rr_type, rr_class, rr_ttl, rdatawl, rdatalen, rr,
6421067 rr_len);
6431068 free(policydname);
644 }
645 else {
1069 } else if(t == RPZ_CLIENT_IP_TRIGGER) {
1070 rpz_insert_clientip_trigger(r, policydname, policydnamelen,
1071 a, rr_type, rr_class, rr_ttl, rdatawl, rdatalen, rr,
1072 rr_len);
6461073 free(policydname);
647 verbose(VERB_ALGO, "RPZ: skipping unsupported trigger: %s",
1074 } else if(t == RPZ_NSIP_TRIGGER) {
1075 rpz_insert_nsip_trigger(r, policydname, policydnamelen,
1076 a, rr_type, rr_class, rr_ttl, rdatawl, rdatalen, rr,
1077 rr_len);
1078 free(policydname);
1079 } else if(t == RPZ_NSDNAME_TRIGGER) {
1080 rpz_insert_nsdname_trigger(r, policydname, policydnamelen,
1081 a, rr_type, rr_class, rr_ttl, rdatawl, rdatalen, rr,
1082 rr_len);
1083 free(policydname);
1084 } else {
1085 free(policydname);
1086 verbose(VERB_ALGO, "rpz: skipping unsupported trigger: %s",
6481087 rpz_trigger_to_string(t));
6491088 }
6501089 return 1;
6521091
6531092 /**
6541093 * Find RPZ local-zone by qname.
655 * @param r: rpz containing local-zone tree
1094 * @param zones: local-zone tree
6561095 * @param qname: qname
6571096 * @param qname_len: length of qname
6581097 * @param qclass: qclass
659 * @param only_exact: if 1 only excact (non wildcard) matches are returned
1098 * @param only_exact: if 1 only exact (non wildcard) matches are returned
6601099 * @param wr: get write lock for local-zone if 1, read lock if 0
6611100 * @param zones_keep_lock: if set do not release the r->local_zones lock, this
6621101 * makes the caller of this function responsible for releasing the lock.
6631102 * @return: NULL or local-zone holding rd or wr lock
6641103 */
6651104 static struct local_zone*
666 rpz_find_zone(struct rpz* r, uint8_t* qname, size_t qname_len, uint16_t qclass,
1105 rpz_find_zone(struct local_zones* zones, uint8_t* qname, size_t qname_len, uint16_t qclass,
6671106 int only_exact, int wr, int zones_keep_lock)
6681107 {
6691108 uint8_t* ce;
6721111 uint8_t wc[LDNS_MAX_DOMAINLEN+1];
6731112 int exact;
6741113 struct local_zone* z = NULL;
1114
6751115 if(wr) {
676 lock_rw_wrlock(&r->local_zones->lock);
1116 lock_rw_wrlock(&zones->lock);
6771117 } else {
678 lock_rw_rdlock(&r->local_zones->lock);
679 }
680 z = local_zones_find_le(r->local_zones, qname, qname_len,
1118 lock_rw_rdlock(&zones->lock);
1119 }
1120 z = local_zones_find_le(zones, qname, qname_len,
6811121 dname_count_labels(qname),
6821122 LDNS_RR_CLASS_IN, &exact);
6831123 if(!z || (only_exact && !exact)) {
684 lock_rw_unlock(&r->local_zones->lock);
1124 if(!zones_keep_lock) {
1125 lock_rw_unlock(&zones->lock);
1126 }
6851127 return NULL;
6861128 }
6871129 if(wr) {
6901132 lock_rw_rdlock(&z->lock);
6911133 }
6921134 if(!zones_keep_lock) {
693 lock_rw_unlock(&r->local_zones->lock);
1135 lock_rw_unlock(&zones->lock);
6941136 }
6951137
6961138 if(exact)
7011143 * zone match, append '*' to that and do another lookup. */
7021144
7031145 ce = dname_get_shared_topdomain(z->name, qname);
704 if(!ce /* should not happen */ || !*ce /* root */) {
1146 if(!ce /* should not happen */) {
7051147 lock_rw_unlock(&z->lock);
7061148 if(zones_keep_lock) {
707 lock_rw_unlock(&r->local_zones->lock);
1149 lock_rw_unlock(&zones->lock);
7081150 }
7091151 return NULL;
7101152 }
7121154 if(ce_len+2 > sizeof(wc)) {
7131155 lock_rw_unlock(&z->lock);
7141156 if(zones_keep_lock) {
715 lock_rw_unlock(&r->local_zones->lock);
1157 lock_rw_unlock(&zones->lock);
7161158 }
7171159 return NULL;
7181160 }
7231165
7241166 if(!zones_keep_lock) {
7251167 if(wr) {
726 lock_rw_wrlock(&r->local_zones->lock);
1168 lock_rw_wrlock(&zones->lock);
7271169 } else {
728 lock_rw_rdlock(&r->local_zones->lock);
729 }
730 }
731 z = local_zones_find_le(r->local_zones, wc,
1170 lock_rw_rdlock(&zones->lock);
1171 }
1172 }
1173 z = local_zones_find_le(zones, wc,
7321174 ce_len+2, ce_labs+1, qclass, &exact);
7331175 if(!z || !exact) {
734 lock_rw_unlock(&r->local_zones->lock);
1176 lock_rw_unlock(&zones->lock);
7351177 return NULL;
7361178 }
7371179 if(wr) {
7401182 lock_rw_rdlock(&z->lock);
7411183 }
7421184 if(!zones_keep_lock) {
743 lock_rw_unlock(&r->local_zones->lock);
1185 lock_rw_unlock(&zones->lock);
7441186 }
7451187 return z;
7461188 }
7491191 * Remove RR from RPZ's local-data
7501192 * @param z: local-zone for RPZ, holding write lock
7511193 * @param policydname: dname of RR to remove
752 * @param policydnamelen: lenth of policydname
1194 * @param policydnamelen: length of policydname
7531195 * @param rr_type: RR type of RR to remove
7541196 * @param rdata: rdata of RR to remove
7551197 * @param rdatalen: length of rdata
8351277 {
8361278 struct local_zone* z;
8371279 int delete_zone = 1;
838 z = rpz_find_zone(r, dname, dnamelen, rr_class,
1280 z = rpz_find_zone(r->local_zones, dname, dnamelen, rr_class,
8391281 1 /* only exact */, 1 /* wr lock */, 1 /* keep lock*/);
8401282 if(!z) {
841 verbose(VERB_ALGO, "RPZ: cannot remove RR from IXFR, "
1283 verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, "
8421284 "RPZ domain not found");
8431285 return;
8441286 }
8741316 lock_rw_wrlock(&r->respip_set->lock);
8751317 if(!(node = (struct resp_addr*)addr_tree_find(
8761318 &r->respip_set->ip_tree, &addr, addrlen, net))) {
877 verbose(VERB_ALGO, "RPZ: cannot remove RR from IXFR, "
1319 verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, "
8781320 "RPZ domain not found");
8791321 lock_rw_unlock(&r->respip_set->lock);
8801322 return;
9271369
9281370 /** print log information for an applied RPZ policy. Based on local-zone's
9291371 * lz_inform_print().
1372 * The repinfo contains the reply address. If it is NULL, the module
1373 * state is used to report the first IP address (if any).
1374 * The dname is used, for the applied rpz, if NULL, addrnode is used.
9301375 */
9311376 static void
932 log_rpz_apply(uint8_t* dname, enum rpz_action a, struct query_info* qinfo,
933 struct comm_reply* repinfo, char* log_name)
934 {
935 char ip[128], txt[512];
1377 log_rpz_apply(char* trigger, uint8_t* dname, struct addr_tree_node* addrnode,
1378 enum rpz_action a, struct query_info* qinfo,
1379 struct comm_reply* repinfo, struct module_qstate* ms, char* log_name)
1380 {
1381 char ip[128], txt[512], portstr[32];
9361382 char dnamestr[LDNS_MAX_DOMAINLEN+1];
937 uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
938 dname_str(dname, dnamestr);
939 addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
940 if(log_name)
941 snprintf(txt, sizeof(txt), "RPZ applied [%s] %s %s %s@%u",
942 log_name, dnamestr, rpz_action_to_string(a), ip,
943 (unsigned)port);
944 else
945 snprintf(txt, sizeof(txt), "RPZ applied %s %s %s@%u",
946 dnamestr, rpz_action_to_string(a), ip, (unsigned)port);
1383 uint16_t port = 0;
1384 if(dname) {
1385 dname_str(dname, dnamestr);
1386 } else if(addrnode) {
1387 char addrbuf[128];
1388 addr_to_str(&addrnode->addr, addrnode->addrlen, addrbuf, sizeof(addrbuf));
1389 snprintf(dnamestr, sizeof(dnamestr), "%s/%d", addrbuf, addrnode->net);
1390 } else {
1391 dnamestr[0]=0;
1392 }
1393 if(repinfo) {
1394 addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
1395 port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
1396 } else if(ms && ms->mesh_info && ms->mesh_info->reply_list) {
1397 addr_to_str(&ms->mesh_info->reply_list->query_reply.addr, ms->mesh_info->reply_list->query_reply.addrlen, ip, sizeof(ip));
1398 port = ntohs(((struct sockaddr_in*)&ms->mesh_info->reply_list->query_reply.addr)->sin_port);
1399 } else {
1400 ip[0]=0;
1401 port = 0;
1402 }
1403 snprintf(portstr, sizeof(portstr), "@%u", (unsigned)port);
1404 snprintf(txt, sizeof(txt), "rpz: applied %s%s%s%s%s%s %s %s%s",
1405 (log_name?"[":""), (log_name?log_name:""), (log_name?"] ":""),
1406 (strcmp(trigger,"qname")==0?"":trigger),
1407 (strcmp(trigger,"qname")==0?"":" "),
1408 dnamestr, rpz_action_to_string(a),
1409 (ip[0]?ip:""), (ip[0]?portstr:""));
9471410 log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass);
9481411 }
9491412
950 int
951 rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
952 struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
953 struct regional* temp, struct comm_reply* repinfo,
954 uint8_t* taglist, size_t taglen, struct ub_server_stats* stats)
955 {
1413 static struct clientip_synthesized_rr*
1414 rpz_ipbased_trigger_lookup(struct clientip_synthesized_rrset* set,
1415 struct sockaddr_storage* addr, socklen_t addrlen, char* triggername)
1416 {
1417 struct clientip_synthesized_rr* raddr = NULL;
1418 enum rpz_action action = RPZ_INVALID_ACTION;
1419
1420 lock_rw_rdlock(&set->lock);
1421
1422 raddr = (struct clientip_synthesized_rr*)addr_tree_lookup(&set->entries,
1423 addr, addrlen);
1424 if(raddr != NULL) {
1425 lock_rw_rdlock(&raddr->lock);
1426 action = raddr->action;
1427 if(verbosity >= VERB_ALGO) {
1428 char ip[256], net[256];
1429 addr_to_str(addr, addrlen, ip, sizeof(ip));
1430 addr_to_str(&raddr->node.addr, raddr->node.addrlen,
1431 net, sizeof(net));
1432 verbose(VERB_ALGO, "rpz: trigger %s %s/%d on %s action=%s",
1433 triggername, net, raddr->node.net, ip, rpz_action_to_string(action));
1434 }
1435 }
1436 lock_rw_unlock(&set->lock);
1437
1438 return raddr;
1439 }
1440
1441 static inline
1442 struct clientip_synthesized_rr*
1443 rpz_resolve_client_action_and_zone(struct auth_zones* az, struct query_info* qinfo,
1444 struct comm_reply* repinfo, uint8_t* taglist, size_t taglen,
1445 struct ub_server_stats* stats,
1446 /* output parameters */
1447 struct local_zone** z_out, struct auth_zone** a_out, struct rpz** r_out)
1448 {
1449 struct clientip_synthesized_rr* node = NULL;
1450 struct auth_zone* a = NULL;
9561451 struct rpz* r = NULL;
957 struct auth_zone* a;
958 int ret;
959 enum localzone_type lzt;
9601452 struct local_zone* z = NULL;
961 struct local_data* ld = NULL;
1453
9621454 lock_rw_rdlock(&az->rpz_lock);
1455
9631456 for(a = az->rpz_first; a; a = a->rpz_az_next) {
9641457 lock_rw_rdlock(&a->lock);
9651458 r = a->rpz;
966 if(!r->disabled && (!r->taglist || taglist_intersect(r->taglist,
967 r->taglistlen, taglist, taglen))) {
968 z = rpz_find_zone(r, qinfo->qname, qinfo->qname_len,
969 qinfo->qclass, 0, 0, 0);
970 if(z && r->action_override == RPZ_DISABLED_ACTION) {
971 if(r->log)
972 log_rpz_apply(z->name,
973 r->action_override,
974 qinfo, repinfo, r->log_name);
975 /* TODO only register stats when stats_extended?
976 * */
977 stats->rpz_action[r->action_override]++;
1459 if(r->disabled) {
1460 lock_rw_unlock(&a->lock);
1461 continue;
1462 }
1463 if(r->taglist && !taglist_intersect(r->taglist,
1464 r->taglistlen, taglist, taglen)) {
1465 lock_rw_unlock(&a->lock);
1466 continue;
1467 }
1468 z = rpz_find_zone(r->local_zones, qinfo->qname, qinfo->qname_len,
1469 qinfo->qclass, 0, 0, 0);
1470 node = rpz_ipbased_trigger_lookup(r->client_set, &repinfo->addr, repinfo->addrlen, "clientip");
1471 if((z || node) && r->action_override == RPZ_DISABLED_ACTION) {
1472 if(r->log)
1473 log_rpz_apply((node?"clientip":"qname"),
1474 (z?z->name:NULL),
1475 (node?&node->node:NULL),
1476 r->action_override,
1477 qinfo, repinfo, NULL, r->log_name);
1478 stats->rpz_action[r->action_override]++;
1479 if(z != NULL) {
9781480 lock_rw_unlock(&z->lock);
9791481 z = NULL;
9801482 }
981 if(z)
982 break;
983 }
984 lock_rw_unlock(&a->lock); /* not found in this auth_zone */
985 }
1483 if(node != NULL) {
1484 lock_rw_unlock(&node->lock);
1485 node = NULL;
1486 }
1487 }
1488 if(z || node) {
1489 break;
1490 }
1491 /* not found in this auth_zone */
1492 lock_rw_unlock(&a->lock);
1493 }
1494
9861495 lock_rw_unlock(&az->rpz_lock);
987 if(!z)
988 return 0; /* not holding auth_zone.lock anymore */
989
990 log_assert(r);
991 if(r->action_override == RPZ_NO_OVERRIDE_ACTION)
992 lzt = z->type;
993 else
994 lzt = rpz_action_to_localzone_type(r->action_override);
995
1496
1497 *r_out = r;
1498 *a_out = a;
1499 *z_out = z;
1500
1501 return node;
1502 }
1503
1504 static inline int
1505 rpz_is_udp_query(struct comm_reply* repinfo) {
1506 return repinfo != NULL
1507 ? (repinfo->c != NULL
1508 ? repinfo->c->type == comm_udp
1509 : 0)
1510 : 0;
1511 }
1512
1513 /** encode answer consisting of 1 rrset */
1514 static int
1515 rpz_local_encode(struct module_env* env, struct query_info* qinfo,
1516 struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
1517 struct regional* temp, struct ub_packed_rrset_key* rrset, int ansec,
1518 int rcode, struct ub_packed_rrset_key* soa_rrset)
1519 {
1520 struct reply_info rep;
1521 uint16_t udpsize;
1522 struct ub_packed_rrset_key* rrsetlist[3];
1523
1524 memset(&rep, 0, sizeof(rep));
1525 rep.flags = (uint16_t)((BIT_QR | BIT_AA | BIT_RA) | rcode);
1526 rep.qdcount = 1;
1527 rep.rrset_count = ansec;
1528 rep.rrsets = rrsetlist;
1529 if(ansec > 0) {
1530 rep.an_numrrsets = 1;
1531 rep.rrsets[0] = rrset;
1532 rep.ttl = ((struct packed_rrset_data*)rrset->entry.data)->rr_ttl[0];
1533 }
1534 if(soa_rrset != NULL) {
1535 rep.ar_numrrsets = 1;
1536 rep.rrsets[rep.rrset_count] = soa_rrset;
1537 rep.rrset_count ++;
1538 if(rep.ttl < ((struct packed_rrset_data*)soa_rrset->entry.data)->rr_ttl[0]) {
1539 rep.ttl = ((struct packed_rrset_data*)soa_rrset->entry.data)->rr_ttl[0];
1540 }
1541 }
1542
1543 udpsize = edns->udp_size;
1544 edns->edns_version = EDNS_ADVERTISED_VERSION;
1545 edns->udp_size = EDNS_ADVERTISED_SIZE;
1546 edns->ext_rcode = 0;
1547 edns->bits &= EDNS_DO;
1548 if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns,
1549 repinfo, temp, env->now_tv) ||
1550 !reply_info_answer_encode(qinfo, &rep,
1551 *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2),
1552 buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) {
1553 error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
1554 *(uint16_t*)sldns_buffer_begin(buf),
1555 sldns_buffer_read_u16_at(buf, 2), edns);
1556 }
1557
1558 return 1;
1559 }
1560
1561 static struct local_rrset*
1562 rpz_find_synthesized_rrset(int qtype, struct clientip_synthesized_rr* data) {
1563 struct local_rrset* cursor = data->data;
1564 while( cursor != NULL) {
1565 struct packed_rrset_key* packed_rrset = &cursor->rrset->rk;
1566 if(htons(qtype) == packed_rrset->type) {
1567 return cursor;
1568 }
1569 cursor = cursor->next;
1570 }
1571 return NULL;
1572 }
1573
1574 /** allocate SOA record ubrrsetkey in region */
1575 static struct ub_packed_rrset_key*
1576 make_soa_ubrrset(struct auth_zone* auth_zone, struct auth_rrset* soa,
1577 struct regional* temp)
1578 {
1579 struct ub_packed_rrset_key csoa;
1580 if(!soa)
1581 return NULL;
1582 memset(&csoa, 0, sizeof(csoa));
1583 csoa.entry.key = &csoa;
1584 csoa.rk.rrset_class = htons(LDNS_RR_CLASS_IN);
1585 csoa.rk.type = htons(LDNS_RR_TYPE_SOA);
1586 csoa.rk.flags |= PACKED_RRSET_FIXEDTTL
1587 | PACKED_RRSET_RPZ;
1588 csoa.rk.dname = auth_zone->name;
1589 csoa.rk.dname_len = auth_zone->namelen;
1590 csoa.entry.hash = rrset_key_hash(&csoa.rk);
1591 csoa.entry.data = soa->data;
1592 return respip_copy_rrset(&csoa, temp);
1593 }
1594
1595 static void
1596 rpz_apply_clientip_localdata_action(struct clientip_synthesized_rr* raddr,
1597 struct module_env* env, struct query_info* qinfo,
1598 struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
1599 struct regional* temp, struct auth_zone* auth_zone)
1600 {
1601 struct local_rrset* rrset;
1602 enum rpz_action action = RPZ_INVALID_ACTION;
1603 struct ub_packed_rrset_key* rp = NULL;
1604 struct ub_packed_rrset_key* rsoa = NULL;
1605 int rcode = LDNS_RCODE_NOERROR|BIT_AA;
1606 int rrset_count = 1;
1607
1608 /* prepare synthesized answer for client */
1609 action = raddr->action;
1610 if(action == RPZ_LOCAL_DATA_ACTION && raddr->data == NULL ) {
1611 verbose(VERB_ALGO, "rpz: bug: local-data action but no local data");
1612 return;
1613 }
1614
1615 /* check query type / rr type */
1616 rrset = rpz_find_synthesized_rrset(qinfo->qtype, raddr);
1617 if(rrset == NULL) {
1618 verbose(VERB_ALGO, "rpz: unable to find local-data for query");
1619 rrset_count = 0;
1620 goto nodata;
1621 }
1622
1623 rp = respip_copy_rrset(rrset->rrset, temp);
1624 if(!rp) {
1625 verbose(VERB_ALGO, "rpz: local data action: out of memory");
1626 return;
1627 }
1628
1629 rp->rk.flags |= PACKED_RRSET_FIXEDTTL | PACKED_RRSET_RPZ;
1630 rp->rk.dname = qinfo->qname;
1631 rp->rk.dname_len = qinfo->qname_len;
1632 rp->entry.hash = rrset_key_hash(&rp->rk);
1633 nodata:
1634 if(auth_zone) {
1635 struct auth_rrset* soa = NULL;
1636 soa = auth_zone_get_soa_rrset(auth_zone);
1637 if(soa) {
1638 rsoa = make_soa_ubrrset(auth_zone, soa, temp);
1639 if(!rsoa) {
1640 verbose(VERB_ALGO, "rpz: local data action soa: out of memory");
1641 return;
1642 }
1643 }
1644 }
1645
1646 rpz_local_encode(env, qinfo, edns, repinfo, buf, temp, rp,
1647 rrset_count, rcode, rsoa);
1648 }
1649
1650 /** add additional section SOA record to the reply.
1651 * Since this gets fed into the normal iterator answer creation, it
1652 * gets minimal-responses applied to it, that can remove the additional SOA
1653 * again. */
1654 static int
1655 rpz_add_soa(struct reply_info* rep, struct module_qstate* ms,
1656 struct auth_zone* az)
1657 {
1658 struct auth_rrset* soa = NULL;
1659 struct ub_packed_rrset_key* rsoa = NULL;
1660 struct ub_packed_rrset_key** prevrrsets;
1661 if(!az) return 1;
1662 soa = auth_zone_get_soa_rrset(az);
1663 if(!soa) return 1;
1664 if(!rep) return 0;
1665 rsoa = make_soa_ubrrset(az, soa, ms->region);
1666 if(!rsoa) return 0;
1667 prevrrsets = rep->rrsets;
1668 rep->rrsets = regional_alloc_zero(ms->region,
1669 sizeof(*rep->rrsets)*(rep->rrset_count+1));
1670 if(!rep->rrsets)
1671 return 0;
1672 if(prevrrsets && rep->rrset_count > 0)
1673 memcpy(rep->rrsets, prevrrsets, rep->rrset_count*sizeof(*rep->rrsets));
1674 rep->rrset_count++;
1675 rep->ar_numrrsets++;
1676 rep->rrsets[rep->rrset_count-1] = rsoa;
1677 return 1;
1678 }
1679
1680 static inline struct dns_msg*
1681 rpz_dns_msg_new(struct regional* region)
1682 {
1683 struct dns_msg* msg =
1684 (struct dns_msg*)regional_alloc(region,
1685 sizeof(struct dns_msg));
1686 if(msg == NULL) { return NULL; }
1687 memset(msg, 0, sizeof(struct dns_msg));
1688
1689 return msg;
1690 }
1691
1692 static inline struct dns_msg*
1693 rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
1694 struct query_info* qinfo, struct auth_zone* az)
1695 {
1696 struct dns_msg* msg = rpz_dns_msg_new(ms->region);
1697 if(msg == NULL) { return msg; }
1698 msg->qinfo = *qinfo;
1699 msg->rep = construct_reply_info_base(ms->region,
1700 LDNS_RCODE_NOERROR | BIT_QR | BIT_AA | BIT_RA,
1701 1, /* qd */
1702 0, /* ttl */
1703 0, /* prettl */
1704 0, /* expttl */
1705 0, /* an */
1706 0, /* ns */
1707 0, /* ar */
1708 0, /* total */
1709 sec_status_insecure);
1710 if(msg->rep)
1711 msg->rep->authoritative = 1;
1712 if(!rpz_add_soa(msg->rep, ms, az))
1713 return NULL;
1714 return msg;
1715 }
1716
1717 static inline struct dns_msg*
1718 rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms,
1719 struct query_info* qinfo, struct auth_zone* az)
1720 {
1721 struct dns_msg* msg = rpz_dns_msg_new(ms->region);
1722 uint16_t flags;
1723 if(msg == NULL) { return msg; }
1724 msg->qinfo = *qinfo;
1725 flags = LDNS_RCODE_NXDOMAIN | BIT_QR | BIT_AA | BIT_RA;
1726 if(r->signal_nxdomain_ra)
1727 flags &= ~BIT_RA;
1728 msg->rep = construct_reply_info_base(ms->region,
1729 flags,
1730 1, /* qd */
1731 0, /* ttl */
1732 0, /* prettl */
1733 0, /* expttl */
1734 0, /* an */
1735 0, /* ns */
1736 0, /* ar */
1737 0, /* total */
1738 sec_status_insecure);
1739 if(msg->rep)
1740 msg->rep->authoritative = 1;
1741 if(!rpz_add_soa(msg->rep, ms, az))
1742 return NULL;
1743 return msg;
1744 }
1745
1746 static inline struct dns_msg*
1747 rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
1748 struct query_info* qi, struct local_rrset* rrset, struct auth_zone* az)
1749 {
1750 struct dns_msg* msg = NULL;
1751 struct reply_info* new_reply_info;
1752 struct ub_packed_rrset_key* rp;
1753
1754
1755 msg = rpz_dns_msg_new(ms->region);
1756 if(msg == NULL) { return NULL; }
1757
1758 new_reply_info = construct_reply_info_base(ms->region,
1759 LDNS_RCODE_NOERROR | BIT_QR | BIT_AA | BIT_RA,
1760 1, /* qd */
1761 0, /* ttl */
1762 0, /* prettl */
1763 0, /* expttl */
1764 1, /* an */
1765 0, /* ns */
1766 0, /* ar */
1767 1, /* total */
1768 sec_status_insecure);
1769 if(new_reply_info == NULL) {
1770 log_err("out of memory");
1771 return NULL;
1772 }
1773 new_reply_info->authoritative = 1;
1774 rp = respip_copy_rrset(rrset->rrset, ms->region);
1775 if(rp == NULL) {
1776 log_err("out of memory");
1777 return NULL;
1778 }
1779 rp->rk.dname = qi->qname;
1780 rp->rk.dname_len = qi->qname_len;
1781 /* this rrset is from the rpz data, or synthesized.
1782 * It is not actually from the network, so we flag it with this
1783 * flags as a fake RRset. If later the cache is used to look up
1784 * rrsets, then the fake ones are not returned (if you look without
1785 * the flag). For like CNAME lookups from the iterator or A, AAAA
1786 * lookups for nameserver targets, it would use the without flag
1787 * actual data. So that the actual network data and fake data
1788 * are kept track of separately. */
1789 rp->rk.flags |= PACKED_RRSET_RPZ;
1790 new_reply_info->rrsets[0] = rp;
1791 msg->rep = new_reply_info;
1792 if(!rpz_add_soa(msg->rep, ms, az))
1793 return NULL;
1794 return msg;
1795 }
1796
1797 static inline struct dns_msg*
1798 rpz_synthesize_nsip_localdata(struct rpz* r, struct module_qstate* ms,
1799 struct clientip_synthesized_rr* data, struct auth_zone* az)
1800 {
1801 struct query_info* qi = &ms->qinfo;
1802 struct local_rrset* rrset;
1803
1804 rrset = rpz_find_synthesized_rrset(qi->qtype, data);
1805 if(rrset == NULL) {
1806 verbose(VERB_ALGO, "rpz: nsip: no matching local data found");
1807 return NULL;
1808 }
1809
1810 return rpz_synthesize_localdata_from_rrset(r, ms, &ms->qinfo, rrset, az);
1811 }
1812
1813 /* copy'n'paste from localzone.c */
1814 static struct local_rrset*
1815 local_data_find_type(struct local_data* data, uint16_t type, int alias_ok)
1816 {
1817 struct local_rrset* p;
1818 type = htons(type);
1819 for(p = data->rrsets; p; p = p->next) {
1820 if(p->rrset->rk.type == type)
1821 return p;
1822 if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME))
1823 return p;
1824 }
1825 return NULL;
1826 }
1827
1828 /* based on localzone.c:local_data_answer() */
1829 static inline struct dns_msg*
1830 rpz_synthesize_nsdname_localdata(struct rpz* r, struct module_qstate* ms,
1831 struct local_zone* z, struct matched_delegation_point const* match,
1832 struct auth_zone* az)
1833 {
1834 struct local_data key;
1835 struct local_data* ld;
1836 struct local_rrset* rrset;
1837
1838 if(match->dname == NULL) { return NULL; }
1839
1840 key.node.key = &key;
1841 key.name = match->dname;
1842 key.namelen = match->dname_len;
1843 key.namelabs = dname_count_labels(match->dname);
1844
1845 rpz_log_dname("nsdname local data", key.name, key.namelen);
1846
1847 ld = (struct local_data*)rbtree_search(&z->data, &key.node);
1848 if(ld == NULL) {
1849 verbose(VERB_ALGO, "rpz: nsdname: impossible: qname not found");
1850 return NULL;
1851 }
1852
1853 rrset = local_data_find_type(ld, ms->qinfo.qtype, 1);
1854 if(rrset == NULL) {
1855 verbose(VERB_ALGO, "rpz: nsdname: no matching local data found");
1856 return NULL;
1857 }
1858
1859 return rpz_synthesize_localdata_from_rrset(r, ms, &ms->qinfo, rrset, az);
1860 }
1861
1862 /* like local_data_answer for qname triggers after a cname */
1863 static struct dns_msg*
1864 rpz_synthesize_qname_localdata_msg(struct rpz* r, struct module_qstate* ms,
1865 struct query_info* qinfo, struct local_zone* z, struct auth_zone* az)
1866 {
1867 struct local_data key;
1868 struct local_data* ld;
1869 struct local_rrset* rrset;
1870 key.node.key = &key;
1871 key.name = qinfo->qname;
1872 key.namelen = qinfo->qname_len;
1873 key.namelabs = dname_count_labels(qinfo->qname);
1874 ld = (struct local_data*)rbtree_search(&z->data, &key.node);
1875 if(ld == NULL) {
1876 verbose(VERB_ALGO, "rpz: qname after cname: name not found");
1877 return NULL;
1878 }
1879 rrset = local_data_find_type(ld, qinfo->qtype, 1);
1880 if(rrset == NULL) {
1881 verbose(VERB_ALGO, "rpz: qname after cname: type not found");
1882 return NULL;
1883 }
1884 return rpz_synthesize_localdata_from_rrset(r, ms, qinfo, rrset, az);
1885 }
1886
1887 static int
1888 rpz_synthesize_qname_localdata(struct module_env* env, struct rpz* r,
1889 struct local_zone* z, enum localzone_type lzt, struct query_info* qinfo,
1890 struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
1891 struct comm_reply* repinfo, struct ub_server_stats* stats)
1892 {
1893 struct local_data* ld = NULL;
1894 int ret = 0;
9961895 if(r->action_override == RPZ_CNAME_OVERRIDE_ACTION) {
997 qinfo->local_alias =
998 regional_alloc_zero(temp, sizeof(struct local_rrset));
999 if(!qinfo->local_alias) {
1000 lock_rw_unlock(&z->lock);
1001 lock_rw_unlock(&a->lock);
1896 qinfo->local_alias = regional_alloc_zero(temp, sizeof(struct local_rrset));
1897 if(qinfo->local_alias == NULL) {
10021898 return 0; /* out of memory */
10031899 }
1004 qinfo->local_alias->rrset =
1005 regional_alloc_init(temp, r->cname_override,
1006 sizeof(*r->cname_override));
1007 if(!qinfo->local_alias->rrset) {
1008 lock_rw_unlock(&z->lock);
1009 lock_rw_unlock(&a->lock);
1900 qinfo->local_alias->rrset = regional_alloc_init(temp, r->cname_override,
1901 sizeof(*r->cname_override));
1902 if(qinfo->local_alias->rrset == NULL) {
10101903 return 0; /* out of memory */
10111904 }
10121905 qinfo->local_alias->rrset->rk.dname = qinfo->qname;
10131906 qinfo->local_alias->rrset->rk.dname_len = qinfo->qname_len;
1014 if(r->log)
1015 log_rpz_apply(z->name, RPZ_CNAME_OVERRIDE_ACTION,
1016 qinfo, repinfo, r->log_name);
1907 if(r->log) {
1908 log_rpz_apply("qname", z->name, NULL, RPZ_CNAME_OVERRIDE_ACTION,
1909 qinfo, repinfo, NULL, r->log_name);
1910 }
10171911 stats->rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++;
1018 lock_rw_unlock(&z->lock);
1019 lock_rw_unlock(&a->lock);
10201912 return 0;
10211913 }
10221914
10231915 if(lzt == local_zone_redirect && local_data_answer(z, env, qinfo,
10241916 edns, repinfo, buf, temp, dname_count_labels(qinfo->qname),
10251917 &ld, lzt, -1, NULL, 0, NULL, 0)) {
1026 if(r->log)
1027 log_rpz_apply(z->name,
1918 if(r->log) {
1919 log_rpz_apply("qname", z->name, NULL,
10281920 localzone_type_to_rpz_action(lzt), qinfo,
1029 repinfo, r->log_name);
1921 repinfo, NULL, r->log_name);
1922 }
10301923 stats->rpz_action[localzone_type_to_rpz_action(lzt)]++;
1031 lock_rw_unlock(&z->lock);
1032 lock_rw_unlock(&a->lock);
10331924 return !qinfo->local_alias;
10341925 }
10351926
10361927 ret = local_zones_zone_answer(z, env, qinfo, edns, repinfo, buf, temp,
10371928 0 /* no local data used */, lzt);
1929 if(r->signal_nxdomain_ra && LDNS_RCODE_WIRE(sldns_buffer_begin(buf))
1930 == LDNS_RCODE_NXDOMAIN)
1931 LDNS_RA_CLR(sldns_buffer_begin(buf));
1932 if(r->log) {
1933 log_rpz_apply("qname", z->name, NULL, localzone_type_to_rpz_action(lzt),
1934 qinfo, repinfo, NULL, r->log_name);
1935 }
1936 stats->rpz_action[localzone_type_to_rpz_action(lzt)]++;
1937 return ret;
1938 }
1939
1940 static struct clientip_synthesized_rr*
1941 rpz_delegation_point_ipbased_trigger_lookup(struct rpz* rpz, struct iter_qstate* is)
1942 {
1943 struct delegpt_addr* cursor;
1944 struct clientip_synthesized_rr* action = NULL;
1945 if(is->dp == NULL) { return NULL; }
1946 for(cursor = is->dp->target_list;
1947 cursor != NULL;
1948 cursor = cursor->next_target) {
1949 if(cursor->bogus) { continue; }
1950 action = rpz_ipbased_trigger_lookup(rpz->ns_set, &cursor->addr,
1951 cursor->addrlen, "nsip");
1952 if(action != NULL) { return action; }
1953 }
1954 return NULL;
1955 }
1956
1957 static struct dns_msg*
1958 rpz_apply_nsip_trigger(struct module_qstate* ms, struct rpz* r,
1959 struct clientip_synthesized_rr* raddr, struct auth_zone* az)
1960 {
1961 enum rpz_action action = raddr->action;
1962 struct dns_msg* ret = NULL;
1963
1964 if(r->action_override != RPZ_NO_OVERRIDE_ACTION) {
1965 verbose(VERB_ALGO, "rpz: using override action=%s (replaces=%s)",
1966 rpz_action_to_string(r->action_override), rpz_action_to_string(action));
1967 action = r->action_override;
1968 }
1969
1970 if(action == RPZ_LOCAL_DATA_ACTION && raddr->data == NULL) {
1971 verbose(VERB_ALGO, "rpz: bug: nsip local data action but no local data");
1972 ret = rpz_synthesize_nodata(r, ms, &ms->qinfo, az);
1973 goto done;
1974 }
1975
1976 switch(action) {
1977 case RPZ_NXDOMAIN_ACTION:
1978 ret = rpz_synthesize_nxdomain(r, ms, &ms->qinfo, az);
1979 break;
1980 case RPZ_NODATA_ACTION:
1981 ret = rpz_synthesize_nodata(r, ms, &ms->qinfo, az);
1982 break;
1983 case RPZ_TCP_ONLY_ACTION:
1984 /* basically a passthru here but the tcp-only will be
1985 * honored before the query gets sent. */
1986 ms->respip_action_info->action = respip_truncate;
1987 ret = NULL;
1988 break;
1989 case RPZ_DROP_ACTION:
1990 ret = rpz_synthesize_nodata(r, ms, &ms->qinfo, az);
1991 ms->is_drop = 1;
1992 break;
1993 case RPZ_LOCAL_DATA_ACTION:
1994 ret = rpz_synthesize_nsip_localdata(r, ms, raddr, az);
1995 if(ret == NULL) { ret = rpz_synthesize_nodata(r, ms, &ms->qinfo, az); }
1996 break;
1997 case RPZ_PASSTHRU_ACTION:
1998 ret = NULL;
1999 break;
2000 default:
2001 verbose(VERB_ALGO, "rpz: nsip: bug: unhandled or invalid action: '%s'",
2002 rpz_action_to_string(action));
2003 ret = NULL;
2004 }
2005
2006 done:
10382007 if(r->log)
1039 log_rpz_apply(z->name, localzone_type_to_rpz_action(lzt),
1040 qinfo, repinfo, r->log_name);
1041 stats->rpz_action[localzone_type_to_rpz_action(lzt)]++;
2008 log_rpz_apply("nsip", NULL, &raddr->node,
2009 action, &ms->qinfo, NULL, ms, r->log_name);
2010 if(ms->env->worker)
2011 ms->env->worker->stats.rpz_action[action]++;
2012 lock_rw_unlock(&raddr->lock);
2013 return ret;
2014 }
2015
2016 static struct dns_msg*
2017 rpz_apply_nsdname_trigger(struct module_qstate* ms, struct rpz* r,
2018 struct local_zone* z, struct matched_delegation_point const* match,
2019 struct auth_zone* az)
2020 {
2021 struct dns_msg* ret = NULL;
2022 enum rpz_action action = localzone_type_to_rpz_action(z->type);
2023
2024 if(r->action_override != RPZ_NO_OVERRIDE_ACTION) {
2025 verbose(VERB_ALGO, "rpz: using override action=%s (replaces=%s)",
2026 rpz_action_to_string(r->action_override), rpz_action_to_string(action));
2027 action = r->action_override;
2028 }
2029
2030 switch(action) {
2031 case RPZ_NXDOMAIN_ACTION:
2032 ret = rpz_synthesize_nxdomain(r, ms, &ms->qinfo, az);
2033 break;
2034 case RPZ_NODATA_ACTION:
2035 ret = rpz_synthesize_nodata(r, ms, &ms->qinfo, az);
2036 break;
2037 case RPZ_TCP_ONLY_ACTION:
2038 /* basically a passthru here but the tcp-only will be
2039 * honored before the query gets sent. */
2040 ms->respip_action_info->action = respip_truncate;
2041 ret = NULL;
2042 break;
2043 case RPZ_DROP_ACTION:
2044 ret = rpz_synthesize_nodata(r, ms, &ms->qinfo, az);
2045 ms->is_drop = 1;
2046 break;
2047 case RPZ_LOCAL_DATA_ACTION:
2048 ret = rpz_synthesize_nsdname_localdata(r, ms, z, match, az);
2049 if(ret == NULL) { ret = rpz_synthesize_nodata(r, ms, &ms->qinfo, az); }
2050 break;
2051 case RPZ_PASSTHRU_ACTION:
2052 ret = NULL;
2053 break;
2054 default:
2055 verbose(VERB_ALGO, "rpz: nsip: bug: unhandled or invalid action: '%s'",
2056 rpz_action_to_string(action));
2057 ret = NULL;
2058 }
2059
2060 if(r->log)
2061 log_rpz_apply("nsdname", match->dname, NULL,
2062 action, &ms->qinfo, NULL, ms, r->log_name);
2063 if(ms->env->worker)
2064 ms->env->worker->stats.rpz_action[action]++;
2065 lock_rw_unlock(&z->lock);
2066 return ret;
2067 }
2068
2069 static struct local_zone*
2070 rpz_delegation_point_zone_lookup(struct delegpt* dp, struct local_zones* zones,
2071 uint16_t qclass,
2072 /* output parameter */
2073 struct matched_delegation_point* match)
2074 {
2075 struct delegpt_ns* nameserver;
2076 struct local_zone* z = NULL;
2077
2078 /* the rpz specs match the nameserver names (NS records), not the
2079 * name of the delegation point itself, to the nsdname triggers */
2080 for(nameserver = dp->nslist;
2081 nameserver != NULL;
2082 nameserver = nameserver->next) {
2083 z = rpz_find_zone(zones, nameserver->name, nameserver->namelen,
2084 qclass, 0, 0, 0);
2085 if(z != NULL) {
2086 match->dname = nameserver->name;
2087 match->dname_len = nameserver->namelen;
2088 if(verbosity >= VERB_ALGO) {
2089 char nm[255+1], zn[255+1];
2090 dname_str(match->dname, nm);
2091 dname_str(z->name, zn);
2092 if(strcmp(nm, zn) != 0)
2093 verbose(VERB_ALGO, "rpz: trigger nsdname %s on %s action=%s",
2094 zn, nm, rpz_action_to_string(localzone_type_to_rpz_action(z->type)));
2095 else
2096 verbose(VERB_ALGO, "rpz: trigger nsdname %s action=%s",
2097 nm, rpz_action_to_string(localzone_type_to_rpz_action(z->type)));
2098 }
2099 break;
2100 }
2101 }
2102
2103 return z;
2104 }
2105
2106 struct dns_msg*
2107 rpz_callback_from_iterator_module(struct module_qstate* ms, struct iter_qstate* is)
2108 {
2109 struct auth_zones* az;
2110 struct auth_zone* a;
2111 struct clientip_synthesized_rr* raddr = NULL;
2112 struct rpz* r = NULL;
2113 struct local_zone* z = NULL;
2114 struct matched_delegation_point match = {0};
2115
2116 if(ms->env == NULL || ms->env->auth_zones == NULL) { return 0; }
2117
2118 az = ms->env->auth_zones;
2119
2120 verbose(VERB_ALGO, "rpz: iterator module callback: have_rpz=%d", az->rpz_first != NULL);
2121
2122 lock_rw_rdlock(&az->rpz_lock);
2123
2124 /* precedence of RPZ works, loosely, like this:
2125 * CNAMEs in order of the CNAME chain. rpzs in the order they are
2126 * configured. In an RPZ: first client-IP addr, then QNAME, then
2127 * response IP, then NSDNAME, then NSIP. Longest match first. Smallest
2128 * one from a set. */
2129 /* we use the precedence rules for the topics and triggers that
2130 * are pertinent at this stage of the resolve processing */
2131 for(a = az->rpz_first; a != NULL; a = a->rpz_az_next) {
2132 lock_rw_rdlock(&a->lock);
2133 r = a->rpz;
2134 if(r->disabled) {
2135 lock_rw_unlock(&a->lock);
2136 continue;
2137 }
2138
2139 /* the nsdname has precedence over the nsip triggers */
2140 z = rpz_delegation_point_zone_lookup(is->dp, r->nsdname_zones,
2141 ms->qinfo.qclass, &match);
2142 if(z != NULL) {
2143 lock_rw_unlock(&a->lock);
2144 break;
2145 }
2146
2147 raddr = rpz_delegation_point_ipbased_trigger_lookup(r, is);
2148 if(raddr != NULL) {
2149 lock_rw_unlock(&a->lock);
2150 break;
2151 }
2152 lock_rw_unlock(&a->lock);
2153 }
2154
2155 lock_rw_unlock(&az->rpz_lock);
2156
2157 if(raddr == NULL && z == NULL) { return NULL; }
2158 else if(raddr != NULL) {
2159 if(z) {
2160 lock_rw_unlock(&z->lock);
2161 }
2162 return rpz_apply_nsip_trigger(ms, r, raddr, a);
2163 } else if(z != NULL) {
2164 if(raddr) {
2165 lock_rw_unlock(&raddr->lock);
2166 }
2167 return rpz_apply_nsdname_trigger(ms, r, z, &match, a);
2168 } else { return NULL; }
2169 }
2170
2171 struct dns_msg* rpz_callback_from_iterator_cname(struct module_qstate* ms,
2172 struct iter_qstate* is)
2173 {
2174 struct auth_zones* az;
2175 struct auth_zone* a = NULL;
2176 struct rpz* r = NULL;
2177 struct local_zone* z = NULL;
2178 enum localzone_type lzt;
2179 struct dns_msg* ret = NULL;
2180
2181 if(ms->env == NULL || ms->env->auth_zones == NULL) { return 0; }
2182 az = ms->env->auth_zones;
2183
2184 lock_rw_rdlock(&az->rpz_lock);
2185
2186 for(a = az->rpz_first; a; a = a->rpz_az_next) {
2187 lock_rw_rdlock(&a->lock);
2188 r = a->rpz;
2189 if(r->disabled) {
2190 lock_rw_unlock(&a->lock);
2191 continue;
2192 }
2193 z = rpz_find_zone(r->local_zones, is->qchase.qname,
2194 is->qchase.qname_len, is->qchase.qclass, 0, 0, 0);
2195 if(z && r->action_override == RPZ_DISABLED_ACTION) {
2196 if(r->log)
2197 log_rpz_apply("qname", z->name, NULL,
2198 r->action_override,
2199 &ms->qinfo, NULL, ms, r->log_name);
2200 if(ms->env->worker)
2201 ms->env->worker->stats.rpz_action[r->action_override]++;
2202 lock_rw_unlock(&z->lock);
2203 z = NULL;
2204 }
2205 if(z) {
2206 break;
2207 }
2208 /* not found in this auth_zone */
2209 lock_rw_unlock(&a->lock);
2210 }
2211 lock_rw_unlock(&az->rpz_lock);
2212
2213 if(z == NULL)
2214 return NULL;
2215 if(r->action_override == RPZ_NO_OVERRIDE_ACTION) {
2216 lzt = z->type;
2217 } else {
2218 lzt = rpz_action_to_localzone_type(r->action_override);
2219 }
2220
2221 if(verbosity >= VERB_ALGO) {
2222 char nm[255+1], zn[255+1];
2223 dname_str(is->qchase.qname, nm);
2224 dname_str(z->name, zn);
2225 if(strcmp(zn, nm) != 0)
2226 verbose(VERB_ALGO, "rpz: qname trigger after cname %s on %s, with action=%s",
2227 zn, nm, rpz_action_to_string(localzone_type_to_rpz_action(lzt)));
2228 else
2229 verbose(VERB_ALGO, "rpz: qname trigger after cname %s, with action=%s",
2230 nm, rpz_action_to_string(localzone_type_to_rpz_action(lzt)));
2231 }
2232 switch(localzone_type_to_rpz_action(lzt)) {
2233 case RPZ_NXDOMAIN_ACTION:
2234 ret = rpz_synthesize_nxdomain(r, ms, &is->qchase, a);
2235 break;
2236 case RPZ_NODATA_ACTION:
2237 ret = rpz_synthesize_nodata(r, ms, &is->qchase, a);
2238 break;
2239 case RPZ_TCP_ONLY_ACTION:
2240 /* basically a passthru here but the tcp-only will be
2241 * honored before the query gets sent. */
2242 ms->respip_action_info->action = respip_truncate;
2243 ret = NULL;
2244 break;
2245 case RPZ_DROP_ACTION:
2246 ret = rpz_synthesize_nodata(r, ms, &is->qchase, a);
2247 ms->is_drop = 1;
2248 break;
2249 case RPZ_LOCAL_DATA_ACTION:
2250 ret = rpz_synthesize_qname_localdata_msg(r, ms, &is->qchase, z, a);
2251 if(ret == NULL) { ret = rpz_synthesize_nodata(r, ms, &is->qchase, a); }
2252 break;
2253 case RPZ_PASSTHRU_ACTION:
2254 ret = NULL;
2255 break;
2256 default:
2257 verbose(VERB_ALGO, "rpz: qname trigger after cname: bug: unhandled or invalid action: '%s'",
2258 rpz_action_to_string(localzone_type_to_rpz_action(lzt)));
2259 ret = NULL;
2260 }
2261 lock_rw_unlock(&z->lock);
2262 lock_rw_unlock(&a->lock);
2263 return ret;
2264 }
2265
2266 static int
2267 rpz_apply_maybe_clientip_trigger(struct auth_zones* az, struct module_env* env,
2268 struct query_info* qinfo, struct edns_data* edns, struct comm_reply* repinfo,
2269 uint8_t* taglist, size_t taglen, struct ub_server_stats* stats,
2270 sldns_buffer* buf, struct regional* temp,
2271 /* output parameters */
2272 struct local_zone** z_out, struct auth_zone** a_out, struct rpz** r_out)
2273 {
2274 int ret = 0;
2275 enum rpz_action client_action;
2276 struct clientip_synthesized_rr* node = rpz_resolve_client_action_and_zone(
2277 az, qinfo, repinfo, taglist, taglen, stats, z_out, a_out, r_out);
2278
2279 client_action = ((node == NULL) ? RPZ_INVALID_ACTION : node->action);
2280
2281 if(*z_out == NULL || (client_action != RPZ_INVALID_ACTION &&
2282 client_action != RPZ_PASSTHRU_ACTION)) {
2283 if(client_action == RPZ_PASSTHRU_ACTION
2284 || client_action == RPZ_INVALID_ACTION
2285 || (client_action == RPZ_TCP_ONLY_ACTION
2286 && !rpz_is_udp_query(repinfo))) {
2287 ret = 0;
2288 goto done;
2289 }
2290 stats->rpz_action[client_action]++;
2291 if(client_action == RPZ_LOCAL_DATA_ACTION) {
2292 rpz_apply_clientip_localdata_action(node, env, qinfo,
2293 edns, repinfo, buf, temp, *a_out);
2294 } else {
2295 if(*r_out && (*r_out)->log)
2296 log_rpz_apply(
2297 (node?"clientip":"qname"),
2298 ((*z_out)?(*z_out)->name:NULL),
2299 (node?&node->node:NULL),
2300 client_action, qinfo, repinfo, NULL,
2301 (*r_out)->log_name);
2302 local_zones_zone_answer(*z_out /*likely NULL, no zone*/, env, qinfo, edns,
2303 repinfo, buf, temp, 0 /* no local data used */,
2304 rpz_action_to_localzone_type(client_action));
2305 if(*r_out && (*r_out)->signal_nxdomain_ra &&
2306 LDNS_RCODE_WIRE(sldns_buffer_begin(buf))
2307 == LDNS_RCODE_NXDOMAIN)
2308 LDNS_RA_CLR(sldns_buffer_begin(buf));
2309 }
2310 ret = 1;
2311 goto done;
2312 }
2313 ret = -1;
2314 done:
2315 if(node != NULL) {
2316 lock_rw_unlock(&node->lock);
2317 }
2318 return ret;
2319 }
2320
2321 int
2322 rpz_callback_from_worker_request(struct auth_zones* az, struct module_env* env,
2323 struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
2324 struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist,
2325 size_t taglen, struct ub_server_stats* stats)
2326 {
2327 struct rpz* r = NULL;
2328 struct auth_zone* a = NULL;
2329 struct local_zone* z = NULL;
2330 int ret;
2331 enum localzone_type lzt;
2332
2333 int clientip_trigger = rpz_apply_maybe_clientip_trigger(az, env, qinfo,
2334 edns, repinfo, taglist, taglen, stats, buf, temp, &z, &a, &r);
2335 if(clientip_trigger >= 0) {
2336 if(a) {
2337 lock_rw_unlock(&a->lock);
2338 }
2339 if(z) {
2340 lock_rw_unlock(&z->lock);
2341 }
2342 return clientip_trigger;
2343 }
2344
2345 if(z == NULL) {
2346 if(a) {
2347 lock_rw_unlock(&a->lock);
2348 }
2349 return 0;
2350 }
2351
2352 log_assert(r);
2353
2354 if(r->action_override == RPZ_NO_OVERRIDE_ACTION) {
2355 lzt = z->type;
2356 } else {
2357 lzt = rpz_action_to_localzone_type(r->action_override);
2358 }
2359
2360 if(verbosity >= VERB_ALGO) {
2361 char nm[255+1], zn[255+1];
2362 dname_str(qinfo->qname, nm);
2363 dname_str(z->name, zn);
2364 if(strcmp(zn, nm) != 0)
2365 verbose(VERB_ALGO, "rpz: qname trigger %s on %s with action=%s",
2366 zn, nm, rpz_action_to_string(localzone_type_to_rpz_action(lzt)));
2367 else
2368 verbose(VERB_ALGO, "rpz: qname trigger %s with action=%s",
2369 nm, rpz_action_to_string(localzone_type_to_rpz_action(lzt)));
2370 }
2371
2372 ret = rpz_synthesize_qname_localdata(env, r, z, lzt, qinfo, edns, buf, temp,
2373 repinfo, stats);
2374
10422375 lock_rw_unlock(&z->lock);
10432376 lock_rw_unlock(&a->lock);
10442377
+53
-3
services/rpz.h less more
4949 #include "sldns/sbuffer.h"
5050 #include "daemon/stats.h"
5151 #include "respip/respip.h"
52 struct iter_qstate;
5253
5354 /**
5455 * RPZ triggers, only the QNAME trigger is currently supported in Unbound.
8283 RPZ_CNAME_OVERRIDE_ACTION, /* RPZ CNAME action override*/
8384 };
8485
86 struct clientip_synthesized_rrset{
87 struct regional* region;
88 struct rbtree_type entries;
89 lock_rw_type lock; /* lock on the respip tree */
90 };
91
92 struct clientip_synthesized_rr {
93 /** node in address tree */
94 struct addr_tree_node node;
95 /** lock on the node item */
96 lock_rw_type lock;
97 /** tag bitlist */
98 uint8_t* taglist;
99 /** length of the taglist (in bytes) */
100 size_t taglen;
101 /** action for this address span */
102 enum rpz_action action;
103 /** "local data" for this node */
104 struct local_rrset* data;
105 };
106
85107 /**
86108 * RPZ containing policies. Pointed to from corresponding auth-zone. Part of a
87109 * linked list to keep configuration order. Iterating or changing the linked
91113 struct rpz {
92114 struct local_zones* local_zones;
93115 struct respip_set* respip_set;
116 struct clientip_synthesized_rrset* client_set;
117 struct clientip_synthesized_rrset* ns_set;
118 struct local_zones* nsdname_zones;
94119 uint8_t* taglist;
95120 size_t taglistlen;
96121 enum rpz_action action_override;
97122 struct ub_packed_rrset_key* cname_override;
98123 int log;
99124 char* log_name;
125 /** signal NXDOMAIN blocked with unset RA flag */
126 int signal_nxdomain_ra;
100127 struct regional* region;
101128 int disabled;
102129 };
146173 * @param temp: scratchpad
147174 * @param repinfo: reply info
148175 * @param taglist: taglist to lookup.
149 * @param taglen: lenth of taglist.
176 * @param taglen: length of taglist.
150177 * @param stats: worker stats struct
151178 * @return: 1 if client answer is ready, 0 to continue resolving
152179 */
153 int rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
180 int rpz_callback_from_worker_request(struct auth_zones* az, struct module_env* env,
154181 struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf,
155182 struct regional* temp, struct comm_reply* repinfo,
156183 uint8_t* taglist, size_t taglen, struct ub_server_stats* stats);
157184
158185 /**
186 * Callback to process when the iterator module is about to send queries.
187 * Checks for nsip and nsdname triggers.
188 * @param qstate: the query state.
189 * @param iq: iterator module query state.
190 * @return NULL if nothing is done. Or a new message with the contents from
191 * the rpz, based on the delegation point. It is allocated in the
192 * qstate region.
193 */
194 struct dns_msg* rpz_callback_from_iterator_module(struct module_qstate* qstate,
195 struct iter_qstate* iq);
196
197 /**
198 * Callback to process when the iterator module has followed a cname.
199 * There can be a qname trigger for the new query name.
200 * @param qstate: the query state.
201 * @param iq: iterator module query state.
202 * @return NULL if nothing is done. Or a new message with the contents from
203 * the rpz, based on the iq.qchase. It is allocated in the qstate region.
204 */
205 struct dns_msg* rpz_callback_from_iterator_cname(struct module_qstate* qstate,
206 struct iter_qstate* iq);
207
208 /**
159209 * Delete RPZ
160210 * @param r: RPZ struct to delete
161211 */
185235 respip_action_to_rpz_action(enum respip_action a);
186236
187237 /**
188 * Prepare RPZ after procesing feed content.
238 * Prepare RPZ after processing feed content.
189239 * @param r: RPZ to use
190240 */
191241 void rpz_finish_config(struct rpz* r);
+305
-46
sldns/keyraw.c less more
2525 #ifdef HAVE_OPENSSL_BN_H
2626 #include <openssl/bn.h>
2727 #endif
28 #ifdef HAVE_OPENSSL_RSA_H
29 #include <openssl/rsa.h>
30 #endif
31 #ifdef HAVE_OPENSSL_DSA_H
32 #include <openssl/dsa.h>
28 #ifdef HAVE_OPENSSL_PARAM_BUILD_H
29 # include <openssl/param_build.h>
30 #else
31 # ifdef HAVE_OPENSSL_RSA_H
32 # include <openssl/rsa.h>
33 # endif
34 # ifdef HAVE_OPENSSL_DSA_H
35 # include <openssl/dsa.h>
36 # endif
3337 #endif
3438 #endif /* HAVE_SSL */
3539
190194 }
191195 #endif /* USE_GOST */
192196
193 DSA *
194 sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
197 /* Retrieve params as BIGNUM from raw buffer */
198 static int
199 sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p,
200 BIGNUM** q, BIGNUM** g, BIGNUM** y)
195201 {
196202 uint8_t T;
197203 uint16_t length;
198204 uint16_t offset;
199 DSA *dsa;
200 BIGNUM *Q; BIGNUM *P;
201 BIGNUM *G; BIGNUM *Y;
202205
203206 if(len == 0)
204 return NULL;
207 return 0;
205208 T = (uint8_t)key[0];
206209 length = (64 + T * 8);
207210 offset = 1;
208211
209212 if (T > 8) {
210 return NULL;
213 return 0;
211214 }
212215 if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
213 return NULL;
214
215 Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
216 return 0;
217
218 *q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
216219 offset += SHA_DIGEST_LENGTH;
217220
218 P = BN_bin2bn(key+offset, (int)length, NULL);
221 *p = BN_bin2bn(key+offset, (int)length, NULL);
219222 offset += length;
220223
221 G = BN_bin2bn(key+offset, (int)length, NULL);
224 *g = BN_bin2bn(key+offset, (int)length, NULL);
222225 offset += length;
223226
224 Y = BN_bin2bn(key+offset, (int)length, NULL);
225
227 *y = BN_bin2bn(key+offset, (int)length, NULL);
228
229 if(!*q || !*p || !*g || !*y) {
230 BN_free(*q);
231 BN_free(*p);
232 BN_free(*g);
233 BN_free(*y);
234 return 0;
235 }
236 return 1;
237 }
238
239 #ifndef HAVE_OSSL_PARAM_BLD_NEW
240 DSA *
241 sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
242 {
243 DSA *dsa;
244 BIGNUM *Q=NULL, *P=NULL, *G=NULL, *Y=NULL;
245 if(!sldns_key_dsa_buf_bignum(key, len, &P, &Q, &G, &Y)) {
246 return NULL;
247 }
226248 /* create the key and set its properties */
227 if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
228 BN_free(Q);
229 BN_free(P);
230 BN_free(G);
231 BN_free(Y);
232 return NULL;
233 }
234 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
249 if(!(dsa = DSA_new())) {
250 return NULL;
251 }
252 #if OPENSSL_VERSION_NUMBER < 0x10100000 || \
253 (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x02070000f)
235254 #ifndef S_SPLINT_S
236255 dsa->p = P;
237256 dsa->q = Q;
260279
261280 return dsa;
262281 }
263
264 RSA *
265 sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
282 #endif /* HAVE_OSSL_PARAM_BLD_NEW */
283
284 EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len)
285 {
286 #ifdef HAVE_OSSL_PARAM_BLD_NEW
287 EVP_PKEY* evp_key = NULL;
288 EVP_PKEY_CTX* ctx;
289 BIGNUM *p=NULL, *q=NULL, *g=NULL, *y=NULL;
290 OSSL_PARAM_BLD* param_bld;
291 OSSL_PARAM* params = NULL;
292 if(!sldns_key_dsa_buf_bignum(key, len, &p, &q, &g, &y)) {
293 return NULL;
294 }
295
296 param_bld = OSSL_PARAM_BLD_new();
297 if(!param_bld) {
298 BN_free(p);
299 BN_free(q);
300 BN_free(g);
301 BN_free(y);
302 return NULL;
303 }
304 if(!OSSL_PARAM_BLD_push_BN(param_bld, "p", p) ||
305 !OSSL_PARAM_BLD_push_BN(param_bld, "g", g) ||
306 !OSSL_PARAM_BLD_push_BN(param_bld, "q", q) ||
307 !OSSL_PARAM_BLD_push_BN(param_bld, "pub", y)) {
308 OSSL_PARAM_BLD_free(param_bld);
309 BN_free(p);
310 BN_free(q);
311 BN_free(g);
312 BN_free(y);
313 return NULL;
314 }
315 params = OSSL_PARAM_BLD_to_param(param_bld);
316 OSSL_PARAM_BLD_free(param_bld);
317
318 ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
319 if(!ctx) {
320 OSSL_PARAM_free(params);
321 BN_free(p);
322 BN_free(q);
323 BN_free(g);
324 BN_free(y);
325 return NULL;
326 }
327 if(EVP_PKEY_fromdata_init(ctx) <= 0) {
328 EVP_PKEY_CTX_free(ctx);
329 OSSL_PARAM_free(params);
330 BN_free(p);
331 BN_free(q);
332 BN_free(g);
333 BN_free(y);
334 return NULL;
335 }
336 if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
337 EVP_PKEY_CTX_free(ctx);
338 OSSL_PARAM_free(params);
339 BN_free(p);
340 BN_free(q);
341 BN_free(g);
342 BN_free(y);
343 return NULL;
344 }
345
346 EVP_PKEY_CTX_free(ctx);
347 OSSL_PARAM_free(params);
348 BN_free(p);
349 BN_free(q);
350 BN_free(g);
351 BN_free(y);
352 return evp_key;
353 #else
354 DSA* dsa;
355 EVP_PKEY* evp_key = EVP_PKEY_new();
356 if(!evp_key) {
357 return NULL;
358 }
359 dsa = sldns_key_buf2dsa_raw(key, len);
360 if(!dsa) {
361 EVP_PKEY_free(evp_key);
362 return NULL;
363 }
364 if(EVP_PKEY_assign_DSA(evp_key, dsa) == 0) {
365 DSA_free(dsa);
366 EVP_PKEY_free(evp_key);
367 return NULL;
368 }
369 return evp_key;
370 #endif
371 }
372
373 /* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */
374 static int
375 sldns_key_rsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** n,
376 BIGNUM** e)
266377 {
267378 uint16_t offset;
268379 uint16_t exp;
269380 uint16_t int16;
270 RSA *rsa;
271 BIGNUM *modulus;
272 BIGNUM *exponent;
273381
274382 if (len == 0)
275 return NULL;
383 return 0;
276384 if (key[0] == 0) {
277385 if(len < 3)
278 return NULL;
386 return 0;
279387 memmove(&int16, key+1, 2);
280388 exp = ntohs(int16);
281389 offset = 3;
286394
287395 /* key length at least one */
288396 if(len < (size_t)offset + exp + 1)
289 return NULL;
397 return 0;
290398
291399 /* Exponent */
292 exponent = BN_new();
293 if(!exponent) return NULL;
294 (void) BN_bin2bn(key+offset, (int)exp, exponent);
400 *e = BN_new();
401 if(!*e) return 0;
402 (void) BN_bin2bn(key+offset, (int)exp, *e);
295403 offset += exp;
296404
297405 /* Modulus */
298 modulus = BN_new();
299 if(!modulus) {
300 BN_free(exponent);
301 return NULL;
406 *n = BN_new();
407 if(!*n) {
408 BN_free(*e);
409 return 0;
302410 }
303411 /* length of the buffer must match the key length! */
304 (void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
305
412 (void) BN_bin2bn(key+offset, (int)(len - offset), *n);
413 return 1;
414 }
415
416 #ifndef HAVE_OSSL_PARAM_BLD_NEW
417 RSA *
418 sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
419 {
420 BIGNUM* modulus = NULL;
421 BIGNUM* exponent = NULL;
422 RSA *rsa;
423 if(!sldns_key_rsa_buf_bignum(key, len, &modulus, &exponent))
424 return NULL;
306425 rsa = RSA_new();
307426 if(!rsa) {
308427 BN_free(exponent);
309428 BN_free(modulus);
310429 return NULL;
311430 }
312 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
431 #if OPENSSL_VERSION_NUMBER < 0x10100000 || \
432 (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x02070000f)
313433 #ifndef S_SPLINT_S
314434 rsa->n = modulus;
315435 rsa->e = exponent;
325445 #endif
326446
327447 return rsa;
448 }
449 #endif /* HAVE_OSSL_PARAM_BLD_NEW */
450
451 EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len)
452 {
453 #ifdef HAVE_OSSL_PARAM_BLD_NEW
454 EVP_PKEY* evp_key = NULL;
455 EVP_PKEY_CTX* ctx;
456 BIGNUM *n=NULL, *e=NULL;
457 OSSL_PARAM_BLD* param_bld;
458 OSSL_PARAM* params = NULL;
459
460 if(!sldns_key_rsa_buf_bignum(key, len, &n, &e)) {
461 return NULL;
462 }
463
464 param_bld = OSSL_PARAM_BLD_new();
465 if(!param_bld) {
466 BN_free(n);
467 BN_free(e);
468 return NULL;
469 }
470 if(!OSSL_PARAM_BLD_push_BN(param_bld, "n", n)) {
471 OSSL_PARAM_BLD_free(param_bld);
472 BN_free(n);
473 BN_free(e);
474 return NULL;
475 }
476 if(!OSSL_PARAM_BLD_push_BN(param_bld, "e", e)) {
477 OSSL_PARAM_BLD_free(param_bld);
478 BN_free(n);
479 BN_free(e);
480 return NULL;
481 }
482 params = OSSL_PARAM_BLD_to_param(param_bld);
483 OSSL_PARAM_BLD_free(param_bld);
484
485 ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
486 if(!ctx) {
487 OSSL_PARAM_free(params);
488 BN_free(n);
489 BN_free(e);
490 return NULL;
491 }
492 if(EVP_PKEY_fromdata_init(ctx) <= 0) {
493 EVP_PKEY_CTX_free(ctx);
494 OSSL_PARAM_free(params);
495 BN_free(n);
496 BN_free(e);
497 return NULL;
498 }
499 if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
500 EVP_PKEY_CTX_free(ctx);
501 OSSL_PARAM_free(params);
502 BN_free(n);
503 BN_free(e);
504 return NULL;
505 }
506
507 EVP_PKEY_CTX_free(ctx);
508 OSSL_PARAM_free(params);
509 BN_free(n);
510 BN_free(e);
511 return evp_key;
512 #else
513 RSA* rsa;
514 EVP_PKEY *evp_key = EVP_PKEY_new();
515 if(!evp_key) {
516 return NULL;
517 }
518 rsa = sldns_key_buf2rsa_raw(key, len);
519 if(!rsa) {
520 EVP_PKEY_free(evp_key);
521 return NULL;
522 }
523 if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) {
524 RSA_free(rsa);
525 EVP_PKEY_free(evp_key);
526 return NULL;
527 }
528 return evp_key;
529 #endif
328530 }
329531
330532 #ifdef USE_GOST
356558 EVP_PKEY*
357559 sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
358560 {
561 #ifdef HAVE_OSSL_PARAM_BLD_NEW
562 unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
563 EVP_PKEY *evp_key = NULL;
564 EVP_PKEY_CTX* ctx;
565 OSSL_PARAM_BLD* param_bld;
566 OSSL_PARAM* params = NULL;
567 char* group = NULL;
568
569 /* check length, which uncompressed must be 2 bignums */
570 if(algo == LDNS_ECDSAP256SHA256) {
571 if(keylen != 2*256/8) return NULL;
572 group = "prime256v1";
573 } else if(algo == LDNS_ECDSAP384SHA384) {
574 if(keylen != 2*384/8) return NULL;
575 group = "P-384";
576 } else {
577 return NULL;
578 }
579 if(keylen+1 > sizeof(buf)) { /* sanity check */
580 return NULL;
581 }
582 /* prepend the 0x04 for uncompressed format */
583 buf[0] = POINT_CONVERSION_UNCOMPRESSED;
584 memmove(buf+1, key, keylen);
585
586 param_bld = OSSL_PARAM_BLD_new();
587 if(!param_bld) {
588 return NULL;
589 }
590 if(!OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", group, 0) ||
591 !OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", buf, keylen+1)) {
592 OSSL_PARAM_BLD_free(param_bld);
593 return NULL;
594 }
595 params = OSSL_PARAM_BLD_to_param(param_bld);
596 OSSL_PARAM_BLD_free(param_bld);
597
598 ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
599 if(!ctx) {
600 OSSL_PARAM_free(params);
601 return NULL;
602 }
603 if(EVP_PKEY_fromdata_init(ctx) <= 0) {
604 EVP_PKEY_CTX_free(ctx);
605 OSSL_PARAM_free(params);
606 return NULL;
607 }
608 if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
609 EVP_PKEY_CTX_free(ctx);
610 OSSL_PARAM_free(params);
611 return NULL;
612 }
613 EVP_PKEY_CTX_free(ctx);
614 OSSL_PARAM_free(params);
615 return evp_key;
616 #else
359617 unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
360618 const unsigned char* pp = buf;
361619 EVP_PKEY *evp_key;
392650 return NULL;
393651 }
394652 return evp_key;
653 #endif /* HAVE_OSSL_PARAM_BLD_NEW */
395654 }
396655 #endif /* USE_ECDSA */
397656
+20
-0
sldns/keyraw.h less more
5656 /** Release the engine reference held for the GOST engine. */
5757 void sldns_key_EVP_unload_gost(void);
5858
59 #ifndef HAVE_OSSL_PARAM_BLD_NEW
5960 /**
6061 * Like sldns_key_buf2dsa, but uses raw buffer.
6162 * \param[in] key the uncompressed wireformat of the key.
6364 * \return a DSA * structure with the key material
6465 */
6566 DSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len);
67 #endif
68
69 /**
70 * Converts a holding buffer with DSA key material to EVP PKEY in openssl.
71 * \param[in] key the uncompressed wireformat of the key.
72 * \param[in] len length of key data
73 * \return the key or NULL on error.
74 */
75 EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len);
6676
6777 /**
6878 * Converts a holding buffer with key material to EVP PKEY in openssl.
8393 */
8494 EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
8595
96 #ifndef HAVE_OSSL_PARAM_BLD_NEW
8697 /**
8798 * Like sldns_key_buf2rsa, but uses raw buffer.
8899 * \param[in] key the uncompressed wireformat of the key.
90101 * \return a RSA * structure with the key material
91102 */
92103 RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len);
104 #endif
105
106 /**
107 * Converts a holding buffer with RSA key material to EVP PKEY in openssl.
108 * \param[in] key the uncompressed wireformat of the key.
109 * \param[in] len length of key data
110 * \return the key or NULL on error.
111 */
112 EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len);
93113
94114 /**
95115 * Converts a holding buffer with key material to EVP PKEY in openssl.
+3
-0
sldns/parse.c less more
147147 }
148148 if (c != '\0' && c != '\n') {
149149 *t++ = c;
150 }
151 if (c == '\n' && line_nr) {
152 *line_nr = *line_nr + 1;
150153 }
151154 if (c == '\\' && prev_c == '\\')
152155 prev_c = 0;
+0
-3
sldns/parse.h less more
152152 * the position to the first character that is not in *s.
153153 * \param[in] *buffer buffer to use
154154 * \param[in] *s characters to skip
155 * \return void
156155 */
157156 void sldns_bskipcs(struct sldns_buffer *buffer, const char *s);
158157
161160 * the position to the first character that is not in *s.
162161 * \param[in] *fp file to use
163162 * \param[in] *s characters to skip
164 * \return void
165163 */
166164 void sldns_fskipcs(FILE *fp, const char *s);
167165
172170 * \param[in] *fp file to use
173171 * \param[in] *s characters to skip
174172 * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
175 * \return void
176173 */
177174 void sldns_fskipcs_l(FILE *fp, const char *s, int *line_nr);
178175
+15
-0
sldns/parseutil.c less more
789789 }
790790 return sldns_b64_pton_base(src, srcsize, target, targsize, 1);
791791 }
792
793 int sldns_b64_contains_nonurl(char const *src, size_t srcsize)
794 {
795 const char* s = src;
796 while(*s && srcsize) {
797 char d = *s++;
798 srcsize--;
799 /* the '+' and the '/' and padding '=' is not allowed in b64
800 * url encoding */
801 if(d == '+' || d == '/' || d == '=') {
802 return 1;
803 }
804 }
805 return 0;
806 }
+2
-1
sldns/parseutil.h less more
5757 * The function interprets time as the number of seconds since epoch
5858 * with respect to now using serial arithmetics (rfc1982).
5959 * That number of seconds is then converted to broken-out time information.
60 * This is especially usefull when converting the inception and expiration
60 * This is especially useful when converting the inception and expiration
6161 * fields of RRSIG records.
6262 *
6363 * \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
101101 int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
102102 int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
103103 size_t targsize);
104 int sldns_b64_contains_nonurl(char const *src, size_t srcsize);
104105
105106 /**
106107 * calculates the size needed to store the result of b32_ntop
+12
-3
sldns/rrdef.c less more
148148 };
149149 static const sldns_rdf_type type_csync_wireformat[] = {
150150 LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC
151 };
152 static const sldns_rdf_type type_zonemd_wireformat[] = {
153 LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX
154 };
155 static const sldns_rdf_type type_svcb_wireformat[] = {
156 LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
151157 };
152158 /* nsec3 is some vars, followed by same type of data of nsec */
153159 static const sldns_rdf_type type_nsec3_wireformat[] = {
371377 {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
372378 /* 62 */
373379 {LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
374 {(enum sldns_enum_rr_type)0, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
375 {(enum sldns_enum_rr_type)0, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
376 {(enum sldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
380 /* 63 */
381 {LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
382 /* 64 */
383 {LDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 },
384 /* 65 */
385 {LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 },
377386 {(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
378387 {(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
379388 {(enum sldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+9
-1
sldns/rrdef.h less more
194194 LDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
195195 LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
196196 LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
197 LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */
198 LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
199 LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
197200
198201 LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
199202
351354 /** TSIG extended 16bit error value */
352355 LDNS_RDF_TYPE_TSIGERROR,
353356
357 /* draft-ietf-dnsop-svcb-https-05:
358 * each SvcParam consisting of a SvcParamKey=SvcParamValue pair or
359 * a standalone SvcParamKey */
360 LDNS_RDF_TYPE_SVCPARAM,
361
354362 /* Aliases */
355 LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC
363 LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC,
356364 };
357365 typedef enum sldns_enum_rdf_type sldns_rdf_type;
358366
+0
-2
sldns/sbuffer.h less more
201201 * the position is set to 0.
202202 *
203203 * \param[in] buffer the buffer to flip
204 * \return void
205204 */
206205 INLINE void sldns_buffer_flip(sldns_buffer *buffer)
207206 {
731730 /**
732731 * frees the buffer.
733732 * \param[in] *buffer the buffer to be freed
734 * \return void
735733 */
736734 void sldns_buffer_free(sldns_buffer *buffer);
737735
+691
-6
sldns/str2wire.c less more
2424 #include <netdb.h>
2525 #endif
2626
27 /** bits for the offset */
28 #define RET_OFFSET_MASK (((unsigned)(~LDNS_WIREPARSE_MASK))>>LDNS_WIREPARSE_SHIFT)
2729 /** return an error */
28 #define RET_ERR(e, off) ((int)((e)|((off)<<LDNS_WIREPARSE_SHIFT)))
30 #define RET_ERR(e, off) ((int)(((e)&LDNS_WIREPARSE_MASK)|(((off)&RET_OFFSET_MASK)<<LDNS_WIREPARSE_SHIFT)))
2931 /** Move parse error but keep its ID */
3032 #define RET_ERR_SHIFT(e, move) RET_ERR(LDNS_WIREPARSE_ERROR(e), LDNS_WIREPARSE_OFFSET(e)+(move));
31 #define LDNS_IP6ADDRLEN (128/8)
3233
3334 /*
3435 * No special care is taken, all dots are translated into
543544 {
544545 size_t slen;
545546
546 /* skip spaces */
547 /* skip spaces and tabs */
547548 while(sldns_buffer_remaining(strbuf) > 0 && !*quoted &&
548 *(sldns_buffer_current(strbuf)) == ' ') {
549 (*(sldns_buffer_current(strbuf)) == ' ' ||
550 *(sldns_buffer_current(strbuf)) == '\t')) {
549551 sldns_buffer_skip(strbuf, 1);
550552 }
551553
601603 size_t addstrlen = 0;
602604
603605 /* add space */
604 if(addlen < 1) return 0;
606 /* when addlen < 2, the token buffer is full considering the NULL byte
607 * from strlen and will lead to buffer overflow with the second
608 * assignement below. */
609 if(addlen < 2) return 0;
605610 token[*token_strlen] = ' ';
606611 token[++(*token_strlen)] = 0;
607612
612617 return 0;
613618 (*token_strlen) += addstrlen;
614619 return 1;
620 }
621
622 static int sldns_str2wire_svcparam_key_cmp(const void *a, const void *b)
623 {
624 return sldns_read_uint16(*(uint8_t**) a)
625 - sldns_read_uint16(*(uint8_t**) b);
626 }
627
628 /**
629 * Add constraints to the SVCB RRs which involve the whole set
630 */
631 static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len)
632 {
633 size_t nparams = 0, i;
634 uint8_t new_rdata[LDNS_MAX_RDFLEN];
635 uint8_t* new_rdata_ptr = new_rdata;
636 uint8_t* svcparams[MAX_NUMBER_OF_SVCPARAMS];
637 uint8_t* rdata_ptr = rdata;
638 uint16_t rdata_remaining = rdata_len;
639
640 /* find the SvcParams */
641 while (rdata_remaining) {
642 uint16_t svcbparam_len;
643
644 svcparams[nparams] = rdata_ptr;
645 if (rdata_remaining < 4)
646 return LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA;
647 svcbparam_len = sldns_read_uint16(rdata_ptr + 2);
648 rdata_remaining -= 4;
649 rdata_ptr += 4;
650
651 if (rdata_remaining < svcbparam_len)
652 return LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA;
653 rdata_remaining -= svcbparam_len;
654 rdata_ptr += svcbparam_len;
655
656 nparams += 1;
657 if (nparams >= MAX_NUMBER_OF_SVCPARAMS)
658 return LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS;
659 }
660
661 /* In draft-ietf-dnsop-svcb-https-06 Section 7:
662 *
663 * In wire format, the keys are represented by their numeric
664 * values in network byte order, concatenated in ascending order.
665 */
666 qsort((void *)svcparams
667 ,nparams
668 ,sizeof(uint8_t*)
669 ,sldns_str2wire_svcparam_key_cmp);
670
671
672 /* The code below revolves around sematic errors in the SVCParam set.
673 * So long as we do not distinguish between running Unbound as a primary
674 * or as a secondary, we default to secondary behavior and we ignore the
675 * sematic errors. */
676
677 #ifdef SVCB_SEMANTIC_ERRORS
678 {
679 uint8_t* mandatory = NULL;
680 /* In draft-ietf-dnsop-svcb-https-06 Section 7:
681 *
682 * Keys (...) MUST NOT appear more than once.
683 *
684 * If they key has already been seen, we have a duplicate
685 */
686 for(i=0; i < nparams; i++) {
687 uint16_t key = sldns_read_uint16(svcparams[i]);
688 if(i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1]))
689 return LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS;
690 if(key == SVCB_KEY_MANDATORY)
691 mandatory = svcparams[i];
692 }
693
694 /* 4. verify that all the SvcParamKeys in mandatory are present */
695 if(mandatory) {
696 /* Divide by sizeof(uint16_t)*/
697 uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t);
698
699 /* Guaranteed by sldns_str2wire_svcparam_key_value */
700 assert(mandatory_nkeys > 0);
701
702 for(i=0; i < mandatory_nkeys; i++) {
703 uint16_t mandatory_key = sldns_read_uint16(
704 mandatory
705 + 2 * sizeof(uint16_t)
706 + i * sizeof(uint16_t));
707 uint8_t found = 0;
708 size_t j;
709
710 for(j=0; j < nparams; j++) {
711 if(mandatory_key == sldns_read_uint16(svcparams[j])) {
712 found = 1;
713 break;
714 }
715 }
716
717 if(!found)
718 return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM;
719 }
720 }
721 }
722 #endif
723 /* Write rdata in correct order */
724 for (i = 0; i < nparams; i++) {
725 uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2)
726 + 2 * sizeof(uint16_t);
727
728 if ((unsigned)(new_rdata_ptr - new_rdata) + svcparam_len > sizeof(new_rdata))
729 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
730
731 memcpy(new_rdata_ptr, svcparams[i], svcparam_len);
732 new_rdata_ptr += svcparam_len;
733 }
734 memcpy(rdata, new_rdata, rdata_len);
735 return LDNS_WIREPARSE_ERR_OK;
615736 }
616737
617738 /** parse rdata from string into rr buffer(-remainder after dname). */
711832 /* write rdata length */
712833 sldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10));
713834 *rr_len = rr_cur_len;
835 /* SVCB/HTTPS handling */
836 if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) {
837 size_t rdata_len = rr_cur_len - dname_len - 10;
838 uint8_t *rdata = rr+dname_len + 10;
839
840 /* skip 1st rdata field SvcPriority (uint16_t) */
841 if (rdata_len < sizeof(uint16_t))
842 return LDNS_WIREPARSE_ERR_OK;
843
844 rdata_len -= sizeof(uint16_t);
845 rdata += sizeof(uint16_t);
846
847 /* skip 2nd rdata field dname */
848 while (rdata_len && *rdata != 0) {
849 uint8_t label_len;
850
851 if (*rdata & 0xC0)
852 return LDNS_WIREPARSE_ERR_OK;
853
854 label_len = *rdata + 1;
855 if (rdata_len < label_len)
856 return LDNS_WIREPARSE_ERR_OK;
857
858 rdata_len -= label_len;
859 rdata += label_len;
860 }
861 /* The root label is one more character, so smaller
862 * than 1 + 1 means no Svcparam Keys */
863 if (rdata_len < 2 || *rdata != 0)
864 return LDNS_WIREPARSE_ERR_OK;
865
866 rdata_len -= 1;
867 rdata += 1;
868 return sldns_str2wire_check_svcbparams(rdata, rdata_len);
869
870 }
714871 return LDNS_WIREPARSE_ERR_OK;
715872 }
716873
9281085 memmove(parse_state->prev_rr, rr, *dname_len);
9291086 parse_state->prev_rr_len = (*dname_len);
9301087 }
1088 if(r == LDNS_WIREPARSE_ERR_OK && parse_state) {
1089 parse_state->default_ttl = sldns_wirerr_get_ttl(
1090 rr, *len, *dname_len);
1091 }
9311092 return r;
9321093 }
9331094 return LDNS_WIREPARSE_ERR_OK;
1095 }
1096
1097 static int
1098 sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len)
1099 {
1100 char buf[64];
1101 char *endptr;
1102 unsigned long int key_value;
1103
1104 if (key_len >= 4 && key_len <= 8 && !strncmp(key, "key", 3)) {
1105 memcpy(buf, key + 3, key_len - 3);
1106 buf[key_len - 3] = 0;
1107 key_value = strtoul(buf, &endptr, 10);
1108
1109 if (endptr > buf /* digits seen */
1110 && *endptr == 0 /* no non-digit chars after digits */
1111 && key_value <= 65535) /* no overflow */
1112 return key_value;
1113
1114 } else switch (key_len) {
1115 case sizeof("mandatory")-1:
1116 if (!strncmp(key, "mandatory", sizeof("mandatory")-1))
1117 return SVCB_KEY_MANDATORY;
1118 if (!strncmp(key, "echconfig", sizeof("echconfig")-1))
1119 return SVCB_KEY_ECH; /* allow "echconfig as well as "ech" */
1120 break;
1121
1122 case sizeof("alpn")-1:
1123 if (!strncmp(key, "alpn", sizeof("alpn")-1))
1124 return SVCB_KEY_ALPN;
1125 if (!strncmp(key, "port", sizeof("port")-1))
1126 return SVCB_KEY_PORT;
1127 break;
1128
1129 case sizeof("no-default-alpn")-1:
1130 if (!strncmp( key , "no-default-alpn"
1131 , sizeof("no-default-alpn")-1))
1132 return SVCB_KEY_NO_DEFAULT_ALPN;
1133 break;
1134
1135 case sizeof("ipv4hint")-1:
1136 if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1))
1137 return SVCB_KEY_IPV4HINT;
1138 if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1))
1139 return SVCB_KEY_IPV6HINT;
1140 break;
1141
1142 case sizeof("ech")-1:
1143 if (!strncmp(key, "ech", sizeof("ech")-1))
1144 return SVCB_KEY_ECH;
1145 break;
1146
1147 default:
1148 break;
1149 }
1150
1151 /* Although the returned value might be used by the caller,
1152 * the parser has erred, so the zone will not be loaded.
1153 */
1154 return -1;
1155 }
1156
1157 static int
1158 sldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len)
1159 {
1160 unsigned long int port;
1161 char *endptr;
1162
1163 if (*rd_len < 6)
1164 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1165
1166 port = strtoul(val, &endptr, 10);
1167
1168 if (endptr > val /* digits seen */
1169 && *endptr == 0 /* no non-digit chars after digits */
1170 && port <= 65535) { /* no overflow */
1171
1172 sldns_write_uint16(rd, SVCB_KEY_PORT);
1173 sldns_write_uint16(rd + 2, sizeof(uint16_t));
1174 sldns_write_uint16(rd + 4, port);
1175 *rd_len = 6;
1176
1177 return LDNS_WIREPARSE_ERR_OK;
1178 }
1179
1180 return LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX;
1181 }
1182
1183 static int
1184 sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len)
1185 {
1186 size_t count;
1187 char ip_str[INET_ADDRSTRLEN+1];
1188 char *next_ip_str;
1189 size_t i;
1190
1191 for (i = 0, count = 1; val[i]; i++) {
1192 if (val[i] == ',')
1193 count += 1;
1194 if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
1195 return LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES;
1196 }
1197 }
1198
1199 if (*rd_len < (LDNS_IP4ADDRLEN * count) + 4)
1200 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1201
1202 /* count is number of comma's in val + 1; so the actual number of IPv4
1203 * addresses in val
1204 */
1205 sldns_write_uint16(rd, SVCB_KEY_IPV4HINT);
1206 sldns_write_uint16(rd + 2, LDNS_IP4ADDRLEN * count);
1207 *rd_len = 4;
1208
1209 while (count) {
1210 if (!(next_ip_str = strchr(val, ','))) {
1211 if (inet_pton(AF_INET, val, rd + *rd_len) != 1)
1212 break;
1213 *rd_len += LDNS_IP4ADDRLEN;
1214
1215 assert(count == 1);
1216
1217 } else if (next_ip_str - val >= (int)sizeof(ip_str))
1218 break;
1219
1220 else {
1221 memcpy(ip_str, val, next_ip_str - val);
1222 ip_str[next_ip_str - val] = 0;
1223 if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) {
1224 break;
1225 }
1226 *rd_len += LDNS_IP4ADDRLEN;
1227
1228 val = next_ip_str + 1;
1229 }
1230 count--;
1231 }
1232 if (count) /* verify that we parsed all values */
1233 return LDNS_WIREPARSE_ERR_SYNTAX_IP4;
1234
1235 return LDNS_WIREPARSE_ERR_OK;
1236 }
1237
1238 static int
1239 sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len)
1240 {
1241 size_t count;
1242 char ip_str[INET6_ADDRSTRLEN+1];
1243 char *next_ip_str;
1244 size_t i;
1245
1246 for (i = 0, count = 1; val[i]; i++) {
1247 if (val[i] == ',')
1248 count += 1;
1249 if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
1250 return LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES;
1251 }
1252 }
1253
1254 if (*rd_len < (LDNS_IP6ADDRLEN * count) + 4)
1255 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1256
1257 /* count is number of comma's in val + 1; so the actual number of IPv6
1258 * addresses in val
1259 */
1260 sldns_write_uint16(rd, SVCB_KEY_IPV6HINT);
1261 sldns_write_uint16(rd + 2, LDNS_IP6ADDRLEN * count);
1262 *rd_len = 4;
1263
1264 while (count) {
1265 if (!(next_ip_str = strchr(val, ','))) {
1266 if (inet_pton(AF_INET6, val, rd + *rd_len) != 1)
1267 break;
1268 *rd_len += LDNS_IP6ADDRLEN;
1269
1270 assert(count == 1);
1271
1272 } else if (next_ip_str - val >= (int)sizeof(ip_str))
1273 break;
1274
1275 else {
1276 memcpy(ip_str, val, next_ip_str - val);
1277 ip_str[next_ip_str - val] = 0;
1278 if (inet_pton(AF_INET6, ip_str, rd + *rd_len) != 1) {
1279 break;
1280 }
1281 *rd_len += LDNS_IP6ADDRLEN;
1282
1283 val = next_ip_str + 1;
1284 }
1285 count--;
1286 }
1287 if (count) /* verify that we parsed all values */
1288 return LDNS_WIREPARSE_ERR_SYNTAX_IP6;
1289
1290 return LDNS_WIREPARSE_ERR_OK;
1291 }
1292
1293 /* compare function used for sorting uint16_t's */
1294 static int
1295 sldns_network_uint16_cmp(const void *a, const void *b)
1296 {
1297 return ((int)sldns_read_uint16(a)) - ((int)sldns_read_uint16(b));
1298 }
1299
1300 static int
1301 sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len)
1302 {
1303 size_t i, count, val_len;
1304 char* next_key;
1305
1306 val_len = strlen(val);
1307
1308 for (i = 0, count = 1; val[i]; i++) {
1309 if (val[i] == ',')
1310 count += 1;
1311 if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
1312 return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS;
1313 }
1314 }
1315 if (sizeof(uint16_t) * (count + 2) > *rd_len)
1316 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1317
1318 sldns_write_uint16(rd, SVCB_KEY_MANDATORY);
1319 sldns_write_uint16(rd + 2, sizeof(uint16_t) * count);
1320 *rd_len = 4;
1321
1322 while (1) {
1323 int svcparamkey;
1324
1325 if (!(next_key = strchr(val, ','))) {
1326 svcparamkey = sldns_str2wire_svcparam_key_lookup(val, val_len);
1327
1328 if (svcparamkey < 0) {
1329 return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
1330 }
1331
1332 sldns_write_uint16(rd + *rd_len, svcparamkey);
1333 *rd_len += 2;
1334 break;
1335 } else {
1336 svcparamkey = sldns_str2wire_svcparam_key_lookup(val, next_key - val);
1337
1338 if (svcparamkey < 0) {
1339 return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
1340 }
1341
1342 sldns_write_uint16(rd + *rd_len,
1343 svcparamkey);
1344 *rd_len += 2;
1345 }
1346
1347 val_len -= next_key - val + 1;
1348 val = next_key + 1; /* skip the comma */
1349 }
1350
1351 /* In draft-ietf-dnsop-svcb-https-06 Section 7:
1352 *
1353 * "In wire format, the keys are represented by their numeric
1354 * values in network byte order, concatenated in ascending order."
1355 */
1356 qsort((void *)(rd + 4), count, sizeof(uint16_t), sldns_network_uint16_cmp);
1357
1358 /* The code below revolves around sematic errors in the SVCParam set.
1359 * So long as we do not distinguish between running Unbound as a primary
1360 * or as a secondary, we default to secondary behavior and we ignore the
1361 * semantic errors. */
1362 #ifdef SVCB_SEMANTIC_ERRORS
1363 /* In draft-ietf-dnsop-svcb-https-06 Section 8
1364 * automatically mandatory MUST NOT appear in its own value-list
1365 */
1366 if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY)
1367 return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY;
1368
1369 /* Guarantee key uniqueness. After the sort we only need to
1370 * compare neighbouring keys */
1371 if (count > 1) {
1372 for (i = 0; i < count - 1; i++) {
1373 uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i));
1374 uint16_t key = sldns_read_uint16(current_pos);
1375
1376 if (key == sldns_read_uint16(current_pos + 2)) {
1377 return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY;
1378 }
1379 }
1380 }
1381 #endif
1382 return LDNS_WIREPARSE_ERR_OK;
1383 }
1384
1385 static int
1386 sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len)
1387 {
1388 uint8_t buffer[LDNS_MAX_RDFLEN];
1389 int wire_len;
1390
1391 /* single 0 represents empty buffer */
1392 if(strcmp(val, "0") == 0) {
1393 if (*rd_len < 4)
1394 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1395 sldns_write_uint16(rd, SVCB_KEY_ECH);
1396 sldns_write_uint16(rd + 2, 0);
1397
1398 return LDNS_WIREPARSE_ERR_OK;
1399 }
1400
1401 wire_len = sldns_b64_pton(val, buffer, LDNS_MAX_RDFLEN);
1402
1403 if (wire_len <= 0) {
1404 return LDNS_WIREPARSE_ERR_SYNTAX_B64;
1405 } else if ((unsigned)wire_len + 4 > *rd_len) {
1406 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1407 } else {
1408 sldns_write_uint16(rd, SVCB_KEY_ECH);
1409 sldns_write_uint16(rd + 2, wire_len);
1410 memcpy(rd + 4, buffer, wire_len);
1411 *rd_len = 4 + wire_len;
1412
1413 return LDNS_WIREPARSE_ERR_OK;
1414 }
1415 }
1416
1417 static const char*
1418 sldns_str2wire_svcbparam_parse_next_unescaped_comma(const char *val)
1419 {
1420 while (*val) {
1421 /* Only return when the comma is not escaped*/
1422 if (*val == '\\'){
1423 ++val;
1424 if (!*val)
1425 break;
1426 } else if (*val == ',')
1427 return val;
1428
1429 val++;
1430 }
1431 return NULL;
1432 }
1433
1434 /* The source is already properly unescaped, this double unescaping is purely to allow for
1435 * comma's in comma separated alpn lists.
1436 *
1437 * In draft-ietf-dnsop-svcb-https-06 Section 7:
1438 * To enable simpler parsing, this SvcParamValue MUST NOT contain escape sequences.
1439 */
1440 static size_t
1441 sldns_str2wire_svcbparam_parse_copy_unescaped(uint8_t *dst,
1442 const char *src, size_t len)
1443 {
1444 uint8_t *orig_dst = dst;
1445
1446 while (len) {
1447 if (*src == '\\') {
1448 src++;
1449 len--;
1450 if (!len)
1451 break;
1452 }
1453 *dst++ = *src++;
1454 len--;
1455 }
1456 return (size_t)(dst - orig_dst);
1457 }
1458
1459 static int
1460 sldns_str2wire_svcbparam_alpn_value(const char* val,
1461 uint8_t* rd, size_t* rd_len)
1462 {
1463 uint8_t unescaped_dst[LDNS_MAX_RDFLEN];
1464 uint8_t *dst = unescaped_dst;
1465 const char *next_str;
1466 size_t str_len;
1467 size_t dst_len;
1468 size_t val_len;
1469
1470 val_len = strlen(val);
1471
1472 if (val_len > sizeof(unescaped_dst)) {
1473 return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE;
1474 }
1475 while (val_len) {
1476 size_t key_len;
1477
1478 str_len = (next_str = sldns_str2wire_svcbparam_parse_next_unescaped_comma(val))
1479 ? (size_t)(next_str - val) : val_len;
1480
1481 if (str_len > 255) {
1482 return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE;
1483 }
1484
1485 key_len = sldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len);
1486 *dst++ = key_len;
1487 dst += key_len;
1488
1489 if (!next_str)
1490 break;
1491
1492 /* skip the comma in the next iteration */
1493 val_len -= next_str - val + 1;
1494 val = next_str + 1;
1495 }
1496 dst_len = dst - unescaped_dst;
1497 if (*rd_len < 4 + dst_len)
1498 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1499 sldns_write_uint16(rd, SVCB_KEY_ALPN);
1500 sldns_write_uint16(rd + 2, dst_len);
1501 memcpy(rd + 4, unescaped_dst, dst_len);
1502 *rd_len = 4 + dst_len;
1503
1504 return LDNS_WIREPARSE_ERR_OK;
1505 }
1506
1507 static int
1508 sldns_str2wire_svcparam_value(const char *key, size_t key_len,
1509 const char *val, uint8_t* rd, size_t* rd_len)
1510 {
1511 size_t str_len;
1512 int svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len);
1513
1514 if (svcparamkey < 0) {
1515 return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
1516 }
1517
1518 /* key without value */
1519 if (val == NULL) {
1520 switch (svcparamkey) {
1521 #ifdef SVCB_SEMANTIC_ERRORS
1522 case SVCB_KEY_MANDATORY:
1523 case SVCB_KEY_ALPN:
1524 case SVCB_KEY_PORT:
1525 case SVCB_KEY_IPV4HINT:
1526 case SVCB_KEY_IPV6HINT:
1527 return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM;
1528 #endif
1529 default:
1530 if (*rd_len < 4)
1531 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1532 sldns_write_uint16(rd, svcparamkey);
1533 sldns_write_uint16(rd + 2, 0);
1534 *rd_len = 4;
1535
1536 return LDNS_WIREPARSE_ERR_OK;
1537 }
1538 }
1539
1540 /* value is non-empty */
1541 switch (svcparamkey) {
1542 case SVCB_KEY_PORT:
1543 return sldns_str2wire_svcparam_port(val, rd, rd_len);
1544 case SVCB_KEY_IPV4HINT:
1545 return sldns_str2wire_svcbparam_ipv4hint(val, rd, rd_len);
1546 case SVCB_KEY_IPV6HINT:
1547 return sldns_str2wire_svcbparam_ipv6hint(val, rd, rd_len);
1548 case SVCB_KEY_MANDATORY:
1549 return sldns_str2wire_svcbparam_mandatory(val, rd, rd_len);
1550 #ifdef SVCB_SEMANTIC_ERRORS
1551 case SVCB_KEY_NO_DEFAULT_ALPN:
1552 return LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE;
1553 #endif
1554 case SVCB_KEY_ECH:
1555 return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len);
1556 case SVCB_KEY_ALPN:
1557 return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len);
1558 default:
1559 str_len = strlen(val);
1560 if (*rd_len < 4 + str_len)
1561 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
1562 sldns_write_uint16(rd, svcparamkey);
1563 sldns_write_uint16(rd + 2, str_len);
1564 memcpy(rd + 4, val, str_len);
1565 *rd_len = 4 + str_len;
1566
1567 return LDNS_WIREPARSE_ERR_OK;
1568 }
1569
1570 return LDNS_WIREPARSE_ERR_GENERAL;
1571 }
1572
1573 static int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len)
1574 {
1575 const char* eq_pos;
1576 char unescaped_val[LDNS_MAX_RDFLEN];
1577 char* val_out = unescaped_val;
1578 const char* val_in;
1579
1580 eq_pos = strchr(str, '=');
1581
1582 /* case: key=value */
1583 if (eq_pos != NULL && eq_pos[1]) {
1584 val_in = eq_pos + 1;
1585
1586 /* unescape characters and "" blocks */
1587 if (*val_in == '"') {
1588 val_in++;
1589 while (*val_in != '"'
1590 && (unsigned)(val_out - unescaped_val + 1) < sizeof(unescaped_val)
1591 && sldns_parse_char( (uint8_t*) val_out, &val_in)) {
1592 val_out++;
1593 }
1594 } else {
1595 while ((unsigned)(val_out - unescaped_val + 1) < sizeof(unescaped_val)
1596 && sldns_parse_char( (uint8_t*) val_out, &val_in)) {
1597 val_out++;
1598 }
1599 }
1600 *val_out = 0;
1601
1602 return sldns_str2wire_svcparam_value(str, eq_pos - str,
1603 unescaped_val[0] ? unescaped_val : NULL, rd, rd_len);
1604 }
1605 /* case: key= */
1606 else if (eq_pos != NULL && !(eq_pos[1])) {
1607 return sldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len);
1608 }
1609 /* case: key */
1610 else {
1611 return sldns_str2wire_svcparam_value(str, strlen(str), NULL, rd, rd_len);
1612 }
9341613 }
9351614
9361615 int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
10051684 return sldns_str2wire_hip_buf(str, rd, len);
10061685 case LDNS_RDF_TYPE_INT16_DATA:
10071686 return sldns_str2wire_int16_data_buf(str, rd, len);
1687 case LDNS_RDF_TYPE_SVCPARAM:
1688 return sldns_str2wire_svcparam_buf(str, rd, len);
10081689 case LDNS_RDF_TYPE_UNKNOWN:
10091690 case LDNS_RDF_TYPE_SERVICE:
10101691 return LDNS_WIREPARSE_ERR_NOT_IMPL;
14902171 loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e)
14912172 {
14922173 uint32_t meters = 0, cm = 0, val;
2174 char* cm_endstr;
14932175 while (isblank((unsigned char)*my_str)) {
14942176 my_str++;
14952177 }
14962178 meters = (uint32_t)strtol(my_str, &my_str, 10);
14972179 if (*my_str == '.') {
14982180 my_str++;
1499 cm = (uint32_t)strtol(my_str, &my_str, 10);
2181 cm = (uint32_t)strtol(my_str, &cm_endstr, 10);
2182 if(cm_endstr == my_str + 1)
2183 cm *= 10;
2184 my_str = cm_endstr;
15002185 }
15012186 if (meters >= 1) {
15022187 *e = 2;
+32
-1
sldns/str2wire.h less more
2222 #endif
2323 struct sldns_struct_lookup_table;
2424
25 #define LDNS_IP4ADDRLEN (32/8)
26 #define LDNS_IP6ADDRLEN (128/8)
27
2528 /** buffer to read an RR, cannot be larger than 64K because of packet size */
2629 #define LDNS_RR_BUF_SIZE 65535 /* bytes */
2730 #define LDNS_DEFAULT_TTL 3600
31
32 /* SVCB keys currently defined in draft-ietf-dnsop-svcb-https */
33 #define SVCB_KEY_MANDATORY 0
34 #define SVCB_KEY_ALPN 1
35 #define SVCB_KEY_NO_DEFAULT_ALPN 2
36 #define SVCB_KEY_PORT 3
37 #define SVCB_KEY_IPV4HINT 4
38 #define SVCB_KEY_ECH 5
39 #define SVCB_KEY_IPV6HINT 6
40 #define SVCPARAMKEY_COUNT 7
41
42 #define MAX_NUMBER_OF_SVCPARAMS 64
43
44 #define SVCB_MAX_COMMA_SEPARATED_VALUES 1000
2845
2946 /*
3047 * To convert class and type to string see
169186 #define LDNS_WIREPARSE_MASK 0x0fff
170187 #define LDNS_WIREPARSE_SHIFT 12
171188 #define LDNS_WIREPARSE_ERROR(e) ((e)&LDNS_WIREPARSE_MASK)
172 #define LDNS_WIREPARSE_OFFSET(e) (((e)&~LDNS_WIREPARSE_MASK)>>LDNS_WIREPARSE_SHIFT)
189 #define LDNS_WIREPARSE_OFFSET(e) ((((unsigned)(e))&~LDNS_WIREPARSE_MASK)>>LDNS_WIREPARSE_SHIFT)
173190 /* use lookuptable to get error string, sldns_wireparse_errors */
174191 #define LDNS_WIREPARSE_ERR_OK 0
175192 #define LDNS_WIREPARSE_ERR_GENERAL 342
203220 #define LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370
204221 #define LDNS_WIREPARSE_ERR_INCLUDE 371
205222 #define LDNS_WIREPARSE_ERR_PARENTHESIS 372
223 #define LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY 373
224 #define LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 374
225 #define LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS 375
226 #define LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 376
227 #define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 377
228 #define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 378
229 #define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 379
230 #define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 380
231 #define LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX 381
232 #define LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES 382
233 #define LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES 383
234 #define LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 384
235 #define LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385
236 #define LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386
206237
207238 /**
208239 * Get reference to a constant string for the (parse) error.
+290
-0
sldns/wire2str.c less more
148148 { LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" },
149149 { LDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" },
150150 { LDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" },
151 { LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY, "Unknown SvcParamKey"},
152 { LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "SvcParam is missing a SvcParamValue"},
153 { LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"},
154 { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" },
155 { LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS,
156 "Too many SvcParams. Unbound only allows 63 entries" },
157 { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM,
158 "Mandatory SvcParamKey is missing"},
159 { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY,
160 "Keys in SvcParam mandatory MUST be unique" },
161 { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY,
162 "mandatory MUST not be included as mandatory parameter" },
163 { LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX,
164 "Could not parse port SvcParamValue" },
165 { LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES,
166 "Too many IPv4 addresses in ipv4hint" },
167 { LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES,
168 "Too many IPv6 addresses in ipv6hint" },
169 { LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE,
170 "Alpn strings need to be smaller than 255 chars"},
171 { LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE,
172 "No-default-alpn should not have a value" },
173 { LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA,
174 "General SVCParam error" },
151175 { 0, NULL }
152176 };
153177 sldns_lookup_table* sldns_wireparse_errors = sldns_wireparse_errors_data;
194218 { 0, NULL }
195219 };
196220 sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data;
221
222 /* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */
223 const char *svcparamkey_strs[] = {
224 "mandatory", "alpn", "no-default-alpn", "port",
225 "ipv4hint", "ech", "ipv6hint"
226 };
197227
198228 char* sldns_wire2str_pkt(uint8_t* data, size_t len)
199229 {
786816 unsigned i, counter=0;
787817 unsigned maxcompr = MAX_COMPRESS_PTRS; /* loop detection, max compr ptrs */
788818 int in_buf = 1;
819 size_t dname_len = 0;
789820 if(comprloop) {
790821 if(*comprloop != 0)
791822 maxcompr = 30; /* for like ipv6 reverse name, per label */
841872 labellen = (uint8_t)*dlen;
842873 else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
843874 labellen = (uint8_t)(pkt + pktlen - pos);
875 dname_len += ((size_t)labellen)+1;
876 if(dname_len > LDNS_MAX_DOMAINLEN) {
877 /* dname_len counts the uncompressed length we have
878 * seen so far, and the domain name has become too
879 * long, prevent the loop from printing overly long
880 * content. */
881 w += sldns_str_print(s, slen,
882 "ErrorDomainNameTooLong");
883 return w;
884 }
844885 for(i=0; i<(unsigned)labellen; i++) {
845886 w += dname_char_print(s, slen, *pos++);
846887 }
937978 (*d)+=4;
938979 (*dlen)-=4;
939980 return sldns_str_print(s, slen, "%u", (unsigned)ttl);
981 }
982
983 static int
984 sldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey)
985 {
986 if (svcparamkey < SVCPARAMKEY_COUNT) {
987 return sldns_str_print(s, slen, "%s", svcparamkey_strs[svcparamkey]);
988 }
989 else {
990 return sldns_str_print(s, slen, "key%d", (int)svcparamkey);
991 }
992 }
993
994 static int sldns_wire2str_svcparam_port2str(char** s,
995 size_t* slen, uint16_t data_len, uint8_t* data)
996 {
997 int w = 0;
998
999 if (data_len != 2)
1000 return -1; /* wireformat error, a short is 2 bytes */
1001 w = sldns_str_print(s, slen, "=%d", (int)sldns_read_uint16(data));
1002
1003 return w;
1004 }
1005
1006 static int sldns_wire2str_svcparam_ipv4hint2str(char** s,
1007 size_t* slen, uint16_t data_len, uint8_t* data)
1008 {
1009 char ip_str[INET_ADDRSTRLEN + 1];
1010
1011 int w = 0;
1012
1013 assert(data_len > 0);
1014
1015 if ((data_len % LDNS_IP4ADDRLEN) == 0) {
1016 if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
1017 return -1; /* wireformat error, incorrect size or inet family */
1018
1019 w += sldns_str_print(s, slen, "=%s", ip_str);
1020 data += LDNS_IP4ADDRLEN;
1021
1022 while ((data_len -= LDNS_IP4ADDRLEN) > 0) {
1023 if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
1024 return -1; /* wireformat error, incorrect size or inet family */
1025
1026 w += sldns_str_print(s, slen, ",%s", ip_str);
1027 data += LDNS_IP4ADDRLEN;
1028 }
1029 } else
1030 return -1;
1031
1032 return w;
1033 }
1034
1035 static int sldns_wire2str_svcparam_ipv6hint2str(char** s,
1036 size_t* slen, uint16_t data_len, uint8_t* data)
1037 {
1038 char ip_str[INET6_ADDRSTRLEN + 1];
1039
1040 int w = 0;
1041
1042 assert(data_len > 0);
1043
1044 if ((data_len % LDNS_IP6ADDRLEN) == 0) {
1045 if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
1046 return -1; /* wireformat error, incorrect size or inet family */
1047
1048 w += sldns_str_print(s, slen, "=%s", ip_str);
1049 data += LDNS_IP6ADDRLEN;
1050
1051 while ((data_len -= LDNS_IP6ADDRLEN) > 0) {
1052 if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
1053 return -1; /* wireformat error, incorrect size or inet family */
1054
1055 w += sldns_str_print(s, slen, ",%s", ip_str);
1056 data += LDNS_IP6ADDRLEN;
1057 }
1058 } else
1059 return -1;
1060
1061 return w;
1062 }
1063
1064 static int sldns_wire2str_svcparam_mandatory2str(char** s,
1065 size_t* slen, uint16_t data_len, uint8_t* data)
1066 {
1067 int w = 0;
1068
1069 assert(data_len > 0);
1070
1071 if (data_len % sizeof(uint16_t))
1072 return -1; // wireformat error, data_len must be multiple of shorts
1073 w += sldns_str_print(s, slen, "=");
1074 w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data));
1075 data += 2;
1076
1077 while ((data_len -= sizeof(uint16_t))) {
1078 w += sldns_str_print(s, slen, ",");
1079 w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data));
1080 data += 2;
1081 }
1082
1083 return w;
1084 }
1085
1086 static int sldns_wire2str_svcparam_alpn2str(char** s,
1087 size_t* slen, uint16_t data_len, uint8_t* data)
1088 {
1089 uint8_t *dp = (void *)data;
1090 int w = 0;
1091
1092 assert(data_len > 0); /* Guaranteed by sldns_wire2str_svcparam_scan */
1093
1094 w += sldns_str_print(s, slen, "=\"");
1095 while (data_len) {
1096 /* alpn is list of length byte (str_len) followed by a string of that size */
1097 uint8_t i, str_len = *dp++;
1098
1099 if (str_len > --data_len)
1100 return -1;
1101
1102 for (i = 0; i < str_len; i++) {
1103 if (dp[i] == '"' || dp[i] == '\\')
1104 w += sldns_str_print(s, slen, "\\\\\\%c", dp[i]);
1105
1106 else if (dp[i] == ',')
1107 w += sldns_str_print(s, slen, "\\\\%c", dp[i]);
1108
1109 else if (!isprint(dp[i]))
1110 w += sldns_str_print(s, slen, "\\%03u", (unsigned) dp[i]);
1111
1112 else
1113 w += sldns_str_print(s, slen, "%c", dp[i]);
1114 }
1115 dp += str_len;
1116 if ((data_len -= str_len))
1117 w += sldns_str_print(s, slen, "%s", ",");
1118 }
1119 w += sldns_str_print(s, slen, "\"");
1120
1121 return w;
1122 }
1123
1124 static int sldns_wire2str_svcparam_ech2str(char** s,
1125 size_t* slen, uint16_t data_len, uint8_t* data)
1126 {
1127 int size;
1128 int w = 0;
1129
1130 assert(data_len > 0); /* Guaranteed by sldns_wire2str_svcparam_scan */
1131
1132 w += sldns_str_print(s, slen, "=\"");
1133
1134 if ((size = sldns_b64_ntop(data, data_len, *s, *slen)) < 0)
1135 return -1;
1136
1137 (*s) += size;
1138 (*slen) -= size;
1139
1140 w += sldns_str_print(s, slen, "\"");
1141
1142 return w + size;
1143 }
1144
1145 int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
1146 {
1147 uint8_t ch;
1148 uint16_t svcparamkey, data_len;
1149 int written_chars = 0;
1150 int r, i;
1151
1152 /* verify that we have enough data to read svcparamkey and data_len */
1153 if(*dlen < 4)
1154 return -1;
1155
1156 svcparamkey = sldns_read_uint16(*d);
1157 data_len = sldns_read_uint16(*d+2);
1158 *d += 4;
1159 *dlen -= 4;
1160
1161 /* verify that we have data_len data */
1162 if (data_len > *dlen)
1163 return -1;
1164
1165 written_chars += sldns_print_svcparamkey(s, slen, svcparamkey);
1166 if (!data_len) {
1167
1168 /* Some SvcParams MUST have values */
1169 switch (svcparamkey) {
1170 case SVCB_KEY_ALPN:
1171 case SVCB_KEY_PORT:
1172 case SVCB_KEY_IPV4HINT:
1173 case SVCB_KEY_IPV6HINT:
1174 case SVCB_KEY_MANDATORY:
1175 return -1;
1176 default:
1177 return written_chars;
1178 }
1179 }
1180
1181 switch (svcparamkey) {
1182 case SVCB_KEY_PORT:
1183 r = sldns_wire2str_svcparam_port2str(s, slen, data_len, *d);
1184 break;
1185 case SVCB_KEY_IPV4HINT:
1186 r = sldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, *d);
1187 break;
1188 case SVCB_KEY_IPV6HINT:
1189 r = sldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, *d);
1190 break;
1191 case SVCB_KEY_MANDATORY:
1192 r = sldns_wire2str_svcparam_mandatory2str(s, slen, data_len, *d);
1193 break;
1194 case SVCB_KEY_NO_DEFAULT_ALPN:
1195 return -1; /* wireformat error, should not have a value */
1196 case SVCB_KEY_ALPN:
1197 r = sldns_wire2str_svcparam_alpn2str(s, slen, data_len, *d);
1198 break;
1199 case SVCB_KEY_ECH:
1200 r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d);
1201 break;
1202 default:
1203 r = sldns_str_print(s, slen, "=\"");
1204
1205 for (i = 0; i < data_len; i++) {
1206 ch = (*d)[i];
1207
1208 if (ch == '"' || ch == '\\')
1209 r += sldns_str_print(s, slen, "\\%c", ch);
1210
1211 else if (!isprint(ch))
1212 r += sldns_str_print(s, slen, "\\%03u", (unsigned) ch);
1213
1214 else
1215 r += sldns_str_print(s, slen, "%c", ch);
1216
1217 }
1218 r += sldns_str_print(s, slen, "\"");
1219 break;
1220 }
1221 if (r <= 0)
1222 return -1; /* wireformat error */
1223
1224 written_chars += r;
1225 *d += data_len;
1226 *dlen -= data_len;
1227 return written_chars;
9401228 }
9411229
9421230 int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
10161304 return sldns_wire2str_tag_scan(d, dlen, s, slen);
10171305 case LDNS_RDF_TYPE_LONG_STR:
10181306 return sldns_wire2str_long_str_scan(d, dlen, s, slen);
1307 case LDNS_RDF_TYPE_SVCPARAM:
1308 return sldns_wire2str_svcparam_scan(d, dlen, s, slen);
10191309 case LDNS_RDF_TYPE_TSIGERROR:
10201310 return sldns_wire2str_tsigerror_scan(d, dlen, s, slen);
10211311 }
+13
-1
sldns/wire2str.h less more
5858 char* sldns_wire2str_rr(uint8_t* rr, size_t len);
5959
6060 /**
61 * Conver wire dname to a string.
61 * Convert wire dname to a string.
6262 * @param dname: the dname in uncompressed wireformat.
6363 * @param dname_len: length of the dname.
6464 * @return string or NULL on failure.
494494 size_t len);
495495
496496 /**
497 * Convert wire SVCB to a string with user buffer.
498 * @param d: the SVCB data in uncompressed wireformat.
499 * @param dlen: length of the SVCB data.
500 * @param s: the string to write to.
501 * @param slen: length of string.
502 * @return the number of characters for this element, excluding zerobyte.
503 * Is larger or equal than str_len if output was truncated.
504 */
505 int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s,
506 size_t* slen);
507
508 /**
497509 * Scan wireformat rdf field to string, with user buffers.
498510 * It shifts the arguments to move along (see sldns_wire2str_pkt_scan).
499511 * @param data: wireformat data.
+4
-4
smallapp/unbound-anchor.c less more
20432043 const char* builtin_root_anchor = get_builtin_ds();
20442044 FILE* out = fopen(file, "w");
20452045 if(!out) {
2046 if(verb) printf("%s: %s\n", file, strerror(errno));
2047 if(verb) printf(" could not write builtin anchor\n");
2046 printf("could not write builtin anchor, to file %s: %s\n",
2047 file, strerror(errno));
20482048 return;
20492049 }
20502050 if(!fwrite(builtin_root_anchor, strlen(builtin_root_anchor), 1, out)) {
2051 if(verb) printf("%s: %s\n", file, strerror(errno));
2052 if(verb) printf(" could not complete write builtin anchor\n");
2051 printf("could not complete write builtin anchor, to file %s: %s\n",
2052 file, strerror(errno));
20532053 }
20542054 fclose(out);
20552055 }
+64
-12
smallapp/unbound-checkconf.c less more
00 /*
1 * checkconf/unbound-checkconf.c - config file checker for unbound.conf file.
1 * smallapp/unbound-checkconf.c - config file checker for unbound.conf file.
22 *
33 * Copyright (c) 2007, NLnet Labs. All rights reserved.
44 *
5353 #include "iterator/iter_hints.h"
5454 #include "validator/validator.h"
5555 #include "services/localzone.h"
56 #include "services/listen_dnsport.h"
5657 #include "services/view.h"
5758 #include "services/authzone.h"
5859 #include "respip/respip.h"
333334 int d;
334335 struct sockaddr_storage a;
335336 socklen_t alen;
336 int i, j;
337 int i, j, i2, j2;
338 char*** resif = NULL;
339 int* num_resif = NULL;
340
341 if(cfg->num_ifs != 0) {
342 resif = (char***)calloc(cfg->num_ifs, sizeof(char**));
343 if(!resif) fatal_exit("malloc failure");
344 num_resif = (int*)calloc(cfg->num_ifs, sizeof(int));
345 if(!num_resif) fatal_exit("malloc failure");
346 }
337347 for(i=0; i<cfg->num_ifs; i++) {
338 if(!extstrtoaddr(cfg->ifs[i], &a, &alen)) {
339 fatal_exit("cannot parse interface specified as '%s'",
340 cfg->ifs[i]);
341 }
342 for(j=0; j<cfg->num_ifs; j++) {
343 if(i!=j && strcmp(cfg->ifs[i], cfg->ifs[j])==0)
348 /* search for duplicates in IP or ifname arguments */
349 for(i2=0; i2<i; i2++) {
350 if(strcmp(cfg->ifs[i], cfg->ifs[i2]) == 0) {
344351 fatal_exit("interface: %s present twice, "
345352 "cannot bind same ports twice.",
346353 cfg->ifs[i]);
347 }
348 }
354 }
355 }
356 if(!resolve_interface_names(&cfg->ifs[i], 1, NULL, &resif[i],
357 &num_resif[i])) {
358 fatal_exit("could not resolve interface names, for %s",
359 cfg->ifs[i]);
360 }
361 /* search for duplicates in the returned addresses */
362 for(j=0; j<num_resif[i]; j++) {
363 if(!extstrtoaddr(resif[i][j], &a, &alen)) {
364 if(strcmp(cfg->ifs[i], resif[i][j]) != 0)
365 fatal_exit("cannot parse interface address '%s' from the interface specified as '%s'",
366 resif[i][j], cfg->ifs[i]);
367 else
368 fatal_exit("cannot parse interface specified as '%s'",
369 cfg->ifs[i]);
370 }
371 for(i2=0; i2<i; i2++) {
372 for(j2=0; j2<num_resif[i2]; j2++) {
373 if(strcmp(resif[i][j], resif[i2][j2])
374 == 0) {
375 char info1[1024], info2[1024];
376 if(strcmp(cfg->ifs[i], resif[i][j]) != 0)
377 snprintf(info1, sizeof(info1), "address %s from interface: %s", resif[i][j], cfg->ifs[i]);
378 else snprintf(info1, sizeof(info1), "interface: %s", cfg->ifs[i]);
379 if(strcmp(cfg->ifs[i2], resif[i2][j2]) != 0)
380 snprintf(info2, sizeof(info2), "address %s from interface: %s", resif[i2][j2], cfg->ifs[i2]);
381 else snprintf(info2, sizeof(info2), "interface: %s", cfg->ifs[i2]);
382 fatal_exit("%s present twice, cannot bind the same ports twice. The first entry is %s and the second is %s", resif[i][j], info2, info1);
383 }
384 }
385 }
386 }
387 }
388
389 for(i=0; i<cfg->num_ifs; i++) {
390 config_del_strarray(resif[i], num_resif[i]);
391 }
392 free(resif);
393 free(num_resif);
394
349395 for(i=0; i<cfg->num_out_ifs; i++) {
350396 if(!ipstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, &a, &alen) &&
351397 !netblockstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, &a, &alen, &d)) {
644690 && strcmp(cfg->module_conf, "dns64 iterator") != 0
645691 && strcmp(cfg->module_conf, "respip iterator") != 0
646692 && strcmp(cfg->module_conf, "respip validator iterator") != 0
693 && strcmp(cfg->module_conf, "respip dns64 validator iterator") != 0
694 && strcmp(cfg->module_conf, "respip dns64 iterator") != 0
647695 #ifdef WITH_PYTHONMODULE
648696 && strcmp(cfg->module_conf, "python iterator") != 0
649697 && strcmp(cfg->module_conf, "python respip iterator") != 0
738786 && strcmp(cfg->module_conf, "validator python cachedb iterator") != 0
739787 && strcmp(cfg->module_conf, "respip validator python cachedb iterator") != 0
740788 #endif
789 #if defined(CLIENT_SUBNET) && defined(USE_CACHEDB)
790 && strcmp(cfg->module_conf, "respip subnetcache validator cachedb iterator") != 0
791 && strcmp(cfg->module_conf, "subnetcache validator cachedb iterator") != 0
792 #endif
741793 #ifdef CLIENT_SUBNET
742794 && strcmp(cfg->module_conf, "subnetcache iterator") != 0
743795 && strcmp(cfg->module_conf, "respip subnetcache iterator") != 0
850902 {
851903 int is_rpz = 0;
852904 struct auth_zones* az = auth_zones_create();
853 if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz)) {
905 if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz, NULL, NULL)) {
854906 fatal_exit("Could not setup authority zones");
855907 }
856908 auth_zones_delete(az);
908960 const char* f;
909961 const char* opt = NULL;
910962 const char* cfgfile = CONFIGFILE;
963 checklock_start();
911964 log_ident_set("unbound-checkconf");
912965 log_init(NULL, 0, NULL);
913 checklock_start();
914966 #ifdef USE_WINSOCK
915967 /* use registry config file in preference to compiletime location */
916968 if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile")))
+31
-8
smallapp/unbound-control.c less more
00 /*
1 * checkconf/unbound-control.c - remote control utility for unbound.
1 * smallapp/unbound-control.c - remote control utility for unbound.
22 *
33 * Copyright (c) 2008, NLnet Labs. All rights reserved.
44 *
6262 #include "sldns/wire2str.h"
6363 #include "sldns/pkthdr.h"
6464 #include "services/rpz.h"
65 #include "services/listen_dnsport.h"
6566
6667 #ifdef HAVE_SYS_IPC_H
6768 #include "sys/ipc.h"
186187 {
187188 #ifndef S_SPLINT_S
188189 size_t leftover;
189 if(d == 0) {
190 if(d <= 0) {
190191 avg->tv_sec = 0;
191192 avg->tv_usec = 0;
192193 return;
195196 avg->tv_usec = sum->tv_usec / d;
196197 /* handle fraction from seconds divide */
197198 leftover = sum->tv_sec - avg->tv_sec*d;
198 avg->tv_usec += (leftover*1000000)/d;
199 if(leftover <= 0)
200 leftover = 0;
201 avg->tv_usec += (((long long)leftover)*((long long)1000000))/d;
202 if(avg->tv_sec < 0)
203 avg->tv_sec = 0;
204 if(avg->tv_usec < 0)
205 avg->tv_usec = 0;
199206 #endif
200207 }
201208
491498 {
492499 unsigned long err;
493500 err = ERR_peek_error();
494 if (ERR_GET_LIB(err) == ERR_LIB_SYS &&
495 (ERR_GET_FUNC(err) == SYS_F_FOPEN ||
496 ERR_GET_FUNC(err) == SYS_F_FREAD) ) {
501 if (ERR_GET_LIB(err) == ERR_LIB_SYS) {
497502 fprintf(stderr, "error: %s\n%s: %s\n",
498503 s, path, ERR_reason_error_string(err));
499504 exit(1);
582587 socklen_t addrlen;
583588 int addrfamily = 0, proto = IPPROTO_TCP;
584589 int fd, useport = 1;
590 char** rcif = NULL;
591 int num_rcif = 0;
585592 /* use svr or the first config entry */
586593 if(!svr) {
587594 if(cfg->control_ifs.first) {
588 svr = cfg->control_ifs.first->str;
595 struct sockaddr_storage addr2;
596 socklen_t addrlen2;
597 if(extstrtoaddr(cfg->control_ifs.first->str, &addr2,
598 &addrlen2)) {
599 svr = cfg->control_ifs.first->str;
600 } else {
601 if(!resolve_interface_names(NULL, 0,
602 cfg->control_ifs.first, &rcif,
603 &num_rcif)) {
604 fatal_exit("could not resolve interface names");
605 }
606 if(rcif == NULL || num_rcif == 0) {
607 fatal_exit("no control interfaces");
608 }
609 svr = rcif[0];
610 }
589611 } else if(cfg->do_ip4) {
590612 svr = "127.0.0.1";
591613 } else {
696718 break;
697719 }
698720 fd_set_block(fd);
721 config_del_strarray(rcif, num_rcif);
699722 return fd;
700723 }
701724
920943 extern int check_locking_order;
921944 check_locking_order = 0;
922945 #endif /* USE_THREAD_DEBUG */
946 checklock_start();
923947 log_ident_set("unbound-control");
924948 log_init(NULL, 0, NULL);
925 checklock_start();
926949 #ifdef USE_WINSOCK
927950 /* use registry config file in preference to compiletime location */
928951 if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile")))
+1
-1
smallapp/unbound-host.c less more
00 /*
1 * checkconf/unbound-host.c - replacement for host that supports validation.
1 * smallapp/unbound-host.c - replacement for host that supports validation.
22 *
33 * Copyright (c) 2007, NLnet Labs. All rights reserved.
44 *
+11
-23
smallapp/worker_cb.c less more
00 /*
1 * checkconf/worker_cb.c - fake callback routines to make fptr_wlist work
1 * smallapp/worker_cb.c - fake callback routines to make fptr_wlist work
22 *
33 * Copyright (c) 2007, NLnet Labs. All rights reserved.
44 *
6464 return 0;
6565 }
6666
67 int worker_handle_reply(struct comm_point* ATTR_UNUSED(c),
68 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
69 struct comm_reply* ATTR_UNUSED(reply_info))
70 {
71 log_assert(0);
72 return 0;
73 }
74
7567 int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c),
7668 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
7769 struct comm_reply* ATTR_UNUSED(reply_info))
10496 struct outbound_entry* worker_send_query(
10597 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags),
10698 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
107 int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr),
99 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit),
100 struct sockaddr_storage* ATTR_UNUSED(addr),
108101 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
109 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream),
110 char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q))
102 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream),
103 char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q),
104 int* ATTR_UNUSED(was_ratelimited))
111105 {
112106 log_assert(0);
113107 return 0;
136130 struct outbound_entry* libworker_send_query(
137131 struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags),
138132 int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
139 int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr),
133 int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit),
134 struct sockaddr_storage* ATTR_UNUSED(addr),
140135 socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
141 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream),
142 char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q))
143 {
144 log_assert(0);
145 return 0;
146 }
147
148 int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c),
149 void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
150 struct comm_reply* ATTR_UNUSED(reply_info))
136 size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream),
137 char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q),
138 int* ATTR_UNUSED(was_ratelimited))
151139 {
152140 log_assert(0);
153141 return 0;
+1
-1
testcode/asynclook.c less more
405405 struct lookinfo* lookups;
406406 int i, r, cancel=0, blocking=0, ext=0;
407407
408 checklock_start();
408409 /* init log now because solaris thr_key_create() is not threadsafe */
409410 log_init(0,0,0);
410411 /* lock debug start (if any) */
411 checklock_start();
412412
413413 /* create context */
414414 ctx = ub_ctx_create();
+5
-1
testcode/delayer.c less more
346346 /** signal handler for user quit */
347347 static RETSIGTYPE delayer_sigh(int sig)
348348 {
349 printf("exit on signal %d\n", sig);
349 char str[] = "exit on signal \n";
350 str[15] = '0' + (sig/10)%10;
351 str[16] = '0' + sig%10;
352 /* simple cast to void will not silence Wunused-result */
353 (void)!write(STDOUT_FILENO, str, strlen(str));
350354 do_quit = 1;
351355 }
352356
+9
-3
testcode/do-tests.sh less more
00 #!/usr/bin/env bash
11 . testdata/common.sh
2 quiet=0
3 if test "$1" = "-q"; then
4 quiet=1
5 tdirarg="-q"
6 shift
7 fi
28
39 NEED_SPLINT='00-lint.tdir'
410 NEED_DOXYGEN='01-doc.tdir'
3238 export -n NOTIFY_SOCKET
3339
3440 cd testdata;
35 sh ../testcode/mini_tdir.sh clean
41 sh ../testcode/mini_tdir.sh $tdirarg clean
3642 rm -f .perfstats.txt
3743 for test in `ls -d *.tdir`; do
3844 SKIP=0
5662 fi
5763 if test $SKIP -eq 0; then
5864 echo $test
59 sh ../testcode/mini_tdir.sh -a ../.. exe $test
65 sh ../testcode/mini_tdir.sh -a ../.. $tdirarg exe $test
6066 else
6167 echo "skip $test"
6268 fi
6369 done
64 sh ../testcode/mini_tdir.sh report
70 sh ../testcode/mini_tdir.sh $tdirarg report
6571 cat .perfstats.txt
+25
-4
testcode/dohclient.c less more
357357 }
358358
359359 if(sldns_buffer_remaining(h2_stream->buf) < len) {
360 log_err("received data chunck does not fit into buffer");
360 log_err("received data chunk does not fit into buffer");
361361 return NGHTTP2_ERR_CALLBACK_FAILURE;
362362 }
363363
422422
423423 if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) {
424424 log_err("failed to initialize nghttp2 callback");
425 free(h2_session);
425426 return NULL;
426427 }
427428 nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb);
500501 if(!no_tls) {
501502 ctx = connect_sslctx_create(NULL, NULL, NULL, 0);
502503 if(!ctx) fatal_exit("cannot create ssl ctx");
504 #ifdef HAVE_SSL_CTX_SET_ALPN_PROTOS
503505 SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3);
506 #endif
504507 ssl = outgoing_ssl_fd(ctx, fd);
505508 if(!ssl) {
506509 printf("cannot create ssl\n");
527530
528531 h2_session->block_select = 1;
529532
530 /* hande query */
533 /* handle query */
531534 for(i=0; i<count; i+=3) {
532535 buf = make_query(q[i], q[i+1], q[i+2]);
533536 submit_query(h2_session, buf);
567570 return 1;
568571 }
569572 #endif
573 checklock_start();
570574 log_init(0, 0, 0);
571 checklock_start();
572575
573576 h2_session = http2_session_create();
574577 if(!h2_session) fatal_exit("out of memory");
619622 return 1;
620623 }
621624
622
625 if(!no_tls) {
626 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
627 ERR_load_SSL_strings();
628 #endif
629 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
630 # ifndef S_SPLINT_S
631 OpenSSL_add_all_algorithms();
632 # endif
633 #else
634 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
635 | OPENSSL_INIT_ADD_ALL_DIGESTS
636 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
637 #endif
638 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
639 (void)SSL_library_init();
640 #else
641 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
642 #endif
643 }
623644 run(h2_session, port, no_tls, argc, argv);
624645
625646 checklock_stop();
+56
-19
testcode/fake_event.c less more
450450 struct comm_reply repinfo;
451451 memset(&repinfo, 0, sizeof(repinfo));
452452 repinfo.c = (struct comm_point*)calloc(1, sizeof(struct comm_point));
453 if(!repinfo.c)
454 fatal_exit("out of memory in fake_front_query");
453455 repinfo.addrlen = (socklen_t)sizeof(struct sockaddr_in);
454456 if(todo->addrlen != 0) {
455457 repinfo.addrlen = todo->addrlen;
596598 log_err("should be: %s", p->str);
597599 fatal_exit("autotrust_check failed");
598600 }
599 if(line[0]) line[strlen(line)-1] = 0; /* remove newline */
601 strip_end_white(line);
600602 expanded = macro_process(runtime->vars, runtime, p->str);
601603 if(!expanded)
602604 fatal_exit("could not expand macro line %d", lineno);
649651 log_err("should be: %s", p->str);
650652 fatal_exit("tempfile_check failed");
651653 }
652 if(line[0]) line[strlen(line)-1] = 0; /* remove newline */
654 strip_end_white(line);
653655 expanded = macro_process(runtime->vars, runtime, p->str);
654656 if(!expanded)
655657 fatal_exit("could not expand macro line %d", lineno);
908910 /* we return the runtime structure instead. */
909911 struct replay_runtime* runtime = (struct replay_runtime*)
910912 calloc(1, sizeof(struct replay_runtime));
913 if(!runtime)
914 fatal_exit("out of memory in fake_event.c:comm_base_create");
911915 runtime->scenario = saved_scenario;
912916 runtime->vars = macro_store_create();
913917 if(!runtime->vars) fatal_exit("out of memory");
10451049 void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param),
10461050 int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx),
10471051 int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
1048 struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect))
1052 struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect),
1053 int ATTR_UNUSED(max_reuse_tcp_queries), int ATTR_UNUSED(tcp_reuse_timeout),
1054 int ATTR_UNUSED(tcp_auth_query_timeout))
10491055 {
10501056 struct replay_runtime* runtime = (struct replay_runtime*)base;
10511057 struct outside_network* outnet = calloc(1,
11801186 struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
11811187 struct query_info* qinfo, uint16_t flags, int dnssec,
11821188 int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps),
1189 int ATTR_UNUSED(check_ratelimit),
11831190 int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream),
11841191 char* ATTR_UNUSED(tls_auth_name), struct sockaddr_storage* addr,
11851192 socklen_t addrlen, uint8_t* zone, size_t zonelen,
11861193 struct module_qstate* qstate, comm_point_callback_type* callback,
11871194 void* callback_arg, sldns_buffer* ATTR_UNUSED(buff),
1188 struct module_env* env)
1195 struct module_env* env, int* ATTR_UNUSED(was_ratelimited))
11891196 {
11901197 struct replay_runtime* runtime = (struct replay_runtime*)outnet->base;
11911198 struct fake_pending* pend = (struct fake_pending*)calloc(1,
12151222 if(1) {
12161223 struct edns_data edns;
12171224 struct edns_string_addr* client_string_addr;
1225 struct edns_option* backed_up_opt_list =
1226 qstate->edns_opts_back_out;
1227 struct edns_option* per_upstream_opt_list = NULL;
1228 /* If we have an already populated EDNS option list make a copy
1229 * since we may now add upstream specific EDNS options. */
1230 if(qstate->edns_opts_back_out) {
1231 per_upstream_opt_list = edns_opt_copy_region(
1232 qstate->edns_opts_back_out, qstate->region);
1233 if(!per_upstream_opt_list) {
1234 free(pend);
1235 fatal_exit("out of memory");
1236 }
1237 qstate->edns_opts_back_out = per_upstream_opt_list;
1238 }
12181239 if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen,
12191240 zone, zonelen, qstate, qstate->region)) {
12201241 free(pend);
12211242 return NULL;
1243 }
1244 /* Restore the option list; we can explicitly use the copied
1245 * one from now on. */
1246 per_upstream_opt_list = qstate->edns_opts_back_out;
1247 qstate->edns_opts_back_out = backed_up_opt_list;
1248 if((client_string_addr = edns_string_addr_lookup(
1249 &env->edns_strings->client_strings,
1250 addr, addrlen))) {
1251 edns_opt_list_append(&per_upstream_opt_list,
1252 env->edns_strings->client_string_opcode,
1253 client_string_addr->string_len,
1254 client_string_addr->string, qstate->region);
12221255 }
12231256 /* add edns */
12241257 edns.edns_present = 1;
12291262 if(dnssec)
12301263 edns.bits = EDNS_DO;
12311264 edns.padding_block_size = 0;
1232 if((client_string_addr = edns_string_addr_lookup(
1233 &env->edns_strings->client_strings,
1234 addr, addrlen))) {
1235 edns_opt_list_append(&qstate->edns_opts_back_out,
1236 env->edns_strings->client_string_opcode,
1237 client_string_addr->string_len,
1238 client_string_addr->string, qstate->region);
1239 }
1240 edns.opt_list = qstate->edns_opts_back_out;
1265 edns.opt_list_in = NULL;
1266 edns.opt_list_out = per_upstream_opt_list;
1267 edns.opt_list_inplace_cb_out = NULL;
12411268 attach_edns_record(pend->buffer, &edns);
12421269 }
12431270 memcpy(&pend->addr, addr, addrlen);
13051332 log_info("double delete of pending serviced query");
13061333 }
13071334
1308 int resolve_interface_names(struct config_file* ATTR_UNUSED(cfg),
1309 char*** ATTR_UNUSED(resif), int* ATTR_UNUSED(num_resif))
1335 int resolve_interface_names(char** ATTR_UNUSED(ifs), int ATTR_UNUSED(num_ifs),
1336 struct config_strlist* ATTR_UNUSED(list), char*** ATTR_UNUSED(resif),
1337 int* ATTR_UNUSED(num_resif))
13101338 {
13111339 return 1;
13121340 }
14141442 log_assert(0);
14151443 }
14161444
1445 void serviced_timer_cb(void *ATTR_UNUSED(arg))
1446 {
1447 log_assert(0);
1448 }
1449
14171450 void pending_udp_timer_delay_cb(void *ATTR_UNUSED(arg))
14181451 {
14191452 log_assert(0);
15301563 {
15311564 struct replay_runtime* runtime = (struct replay_runtime*)base;
15321565 struct fake_timer* t = (struct fake_timer*)calloc(1, sizeof(*t));
1566 if(!t)
1567 fatal_exit("out of memory in fake_event.c:comm_timer_create");
15331568 t->cb = cb;
15341569 t->cb_arg = cb_arg;
15351570 fptr_ok(fptr_whitelist_comm_timer(t->cb)); /* check in advance */
16281663 struct comm_point* comm_point_create_udp(struct comm_base *ATTR_UNUSED(base),
16291664 int ATTR_UNUSED(fd), sldns_buffer* ATTR_UNUSED(buffer),
16301665 comm_point_callback_type* ATTR_UNUSED(callback),
1631 void* ATTR_UNUSED(callback_arg))
1666 void* ATTR_UNUSED(callback_arg),
1667 struct unbound_socket* ATTR_UNUSED(socket))
16321668 {
16331669 log_assert(0);
16341670 return NULL;
17061742 addr_to_str((struct sockaddr_storage*)to_addr, to_addrlen,
17071743 addrbuf, sizeof(addrbuf));
17081744 if(verbosity >= VERB_ALGO) {
1709 if(buf[0] != 0) buf[strlen(buf)-1] = 0; /* del newline*/
1745 strip_end_white(buf);
17101746 log_info("tcp to %s: %s", addrbuf, buf);
17111747 }
17121748 log_assert(sldns_buffer_limit(query)-LDNS_HEADER_SIZE >= 2);
17381774 struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet,
17391775 comm_point_callback_type* cb, void* cb_arg,
17401776 struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
1741 int ssl, char* host, char* path)
1777 int ssl, char* host, char* path, struct config_file* cfg)
17421778 {
17431779 struct replay_runtime* runtime = (struct replay_runtime*)
17441780 outnet->base;
17601796 (void)ssl;
17611797 (void)host;
17621798 (void)path;
1799 (void)cfg;
17631800
17641801 /* handle http comm point and return contents from test script */
17651802 return (struct comm_point*)fc;
17961833 addr_to_str((struct sockaddr_storage*)addr, addrlen,
17971834 addrbuf, sizeof(addrbuf));
17981835 if(verbosity >= VERB_ALGO) {
1799 if(buf[0] != 0) buf[strlen(buf)-1] = 0; /* del newline*/
1836 strip_end_white(buf);
18001837 log_info("udp to %s: %s", addrbuf, buf);
18011838 }
18021839 log_assert(sldns_buffer_limit(packet)-LDNS_HEADER_SIZE >= 2);
+33
-0
testcode/lock_verify.c less more
386386 fprintf(stderr, "\n");
387387 }
388388
389 /** delete lock ref */
390 static void dellockref(rbnode_type* node, void* ATTR_UNUSED(arg))
391 {
392 struct lock_ref* o = (struct lock_ref*)node;
393 if(!o) return;
394 free(o->file);
395 free(o);
396 }
397
398 /** delete lock node */
399 static void delnode(rbnode_type* node, void* ATTR_UNUSED(arg))
400 {
401 struct order_lock* o = (struct order_lock*)node;
402 if(!o) return;
403 free(o->create_file);
404 if(o->smaller) {
405 traverse_postorder(o->smaller, &dellockref, NULL);
406 free(o->smaller);
407 }
408 free(o);
409 }
410
411 /** delete allocated memory */
412 static void locks_free(rbtree_type* all_locks)
413 {
414 if(!all_locks)
415 return;
416 traverse_postorder(all_locks, &delnode, NULL);
417 free(all_locks);
418 }
419
389420 /** main program to verify all traces passed */
390421 int
391422 main(int argc, char* argv[])
402433 usage();
403434 return 1;
404435 }
436 checklock_start();
405437 log_init(NULL, 0, NULL);
406438 log_ident_set("lock-verify");
407439 /* init */
420452 printf("checked %d locks in %d seconds with %d errors.\n",
421453 (int)all_locks->count, (int)(time(NULL)-starttime),
422454 errors_detected);
455 locks_free(all_locks);
423456 if(errors_detected) return 1;
424457 return 0;
425458 }
+32
-13
testcode/mini_tdir.sh less more
44 shift
55 shift
66 fi
7
7 quiet=0
8 if test "$1" = "-q"; then
9 quiet=1
10 shift
11 fi
12
813 if test "$1" = "clean"; then
9 echo "rm -f result.* .done* .tdir.var.master .tdir.var.test"
14 if test $quiet = 0; then
15 echo "rm -f result.* .done* .tdir.var.master .tdir.var.test"
16 fi
1017 rm -f result.* .done* .tdir.var.master .tdir.var.test
1118 exit 0
1219 fi
1320 if test "$1" = "fake"; then
14 echo "minitdir fake $2"
21 if test $quiet = 0; then
22 echo "minitdir fake $2"
23 fi
1524 echo "fake" > .done-`basename $2 .tdir`
1625 exit 0
1726 fi
3645 desc=`grep ^Description: "result.$name" | sed -e 's/Description: //'`
3746 fi
3847 if test -f ".done-$name"; then
39 if test "$1" != "-q"; then
48 if test $quiet = 0; then
4049 echo "** PASSED ** $timelen $name: $desc"
4150 pass=`expr $pass + 1`
4251 fi
6473 for result in *.tdir; do
6574 name=`basename $result .tdir`
6675 if test -f ".done-$name"; then
67 if test "$1" != "-q"; then
76 if test $quiet = 0; then
6877 echo "** PASSED ** : $name"
6978 fi
7079 else
8190 if test "$1" != 'exe'; then
8291 # usage
8392 echo "mini tdir. Reduced functionality for old shells."
84 echo " tdir exe <file>"
85 echo " tdir fake <file>"
86 echo " tdir clean"
93 echo " tdir [-q] exe <file>"
94 echo " tdir [-q] fake <file>"
95 echo " tdir [-q] clean"
8796 echo " tdir [-q|-f] report"
8897 exit 1
8998 fi
116125 fi
117126
118127 # Copy
119 echo "minitdir copy $1 to $dir"
128 if test $quiet = 0; then
129 echo "minitdir copy $1 to $dir"
130 fi
120131 mkdir $dir
121132 if cp --help 2>&1 | grep -- "-a" >/dev/null; then
122133 cp -a $name.tdir/* $dir/
130141 grep "Description:" $name.dsc >> $result 2>&1
131142 echo "DateRunStart: "`date "+%s" 2>/dev/null` >> $result
132143 if test -f $name.pre; then
133 echo "minitdir exe $name.pre"
144 if test $quiet = 0; then
145 echo "minitdir exe $name.pre"
146 fi
134147 echo "minitdir exe $name.pre" >> $result
135148 $shell $name.pre $args >> $result
136149 if test $? -ne 0; then
138151 fi
139152 fi
140153 if test -f $name.test; then
141 echo "minitdir exe $name.test"
154 if test $quiet = 0; then
155 echo "minitdir exe $name.test"
156 fi
142157 echo "minitdir exe $name.test" >> $result
143158 $shell $name.test $args >>$result 2>&1
144159 if test $? -ne 0; then
148163 else
149164 echo "$name: PASSED" >> $result
150165 echo "$name: PASSED" > ../.done-$name
151 echo "$name: PASSED"
166 if test $quiet = 0; then
167 echo "$name: PASSED"
168 fi
152169 success="yes"
153170 fi
154171 fi
155172 if test -f $name.post; then
156 echo "minitdir exe $name.post"
173 if test $quiet = 0; then
174 echo "minitdir exe $name.post"
175 fi
157176 echo "minitdir exe $name.post" >> $result
158177 $shell $name.post $args >> $result
159178 if test $? -ne 0; then
+1
-1
testcode/perf.c less more
574574 memset(&info, 0, sizeof(info));
575575 info.io_num = 16;
576576
577 checklock_start();
577578 log_init(NULL, 0, NULL);
578579 log_ident_set("perf");
579 checklock_start();
580580 #ifdef USE_WINSOCK
581581 if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
582582 fatal_exit("WSAStartup failed: %s", wsa_strerror(r));
+12
-4
testcode/petal.c less more
219219 host[0] = 0;
220220 while(read_ssl_line(ssl, buf, sizeof(buf))) {
221221 if(verb>=2) printf("read: %s\n", buf);
222 if(buf[0] == 0)
222 if(buf[0] == 0) {
223 int e = ERR_peek_error();
224 printf("error string: %s\n", ERR_reason_error_string(e));
223225 return 1;
226 }
224227 if(!process_one_header(buf, file, flen, host, hlen, vs))
225228 return 0;
226229 }
237240 (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
238241 #endif
239242 (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
240 if(!SSL_CTX_use_certificate_chain_file(ctx, cert))
243 #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
244 SSL_CTX_set_security_level(ctx, 0); /* for keys in tests */
245 #endif
246 if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) {
247 int e = ERR_peek_error();
248 printf("error string: %s\n", ERR_reason_error_string(e));
241249 print_exit("cannot read cert");
250 }
242251 if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
243252 print_exit("cannot read key");
244253 if(!SSL_CTX_check_private_key(ctx))
572581 {
573582 SSL_CTX* sslctx = setup_ctx(key, cert);
574583 int fd = setup_fd(addr, port);
575 int go = 1;
576584 if(fd == -1) print_exit("could not setup sockets");
577585 if(verb) {printf("petal start\n"); fflush(stdout);}
578 while(go) {
586 while(1) {
579587 struct sockaddr_storage from;
580588 socklen_t flen = (socklen_t)sizeof(from);
581589 int s;
+158
-0
testcode/readzone.c less more
0 /*
1 * testcode/readzone.c - readzone tool reads zonefiles
2 *
3 * Copyright (c) 2021, NLnet Labs. All rights reserved.
4 *
5 * This software is open source.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution.
17 *
18 * Neither the name of the NLNET LABS nor the names of its contributors may
19 * be used to endorse or promote products derived from this software without
20 * specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
28 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35 /**
36 * \file
37 * Command to read and echo a zonefile.
38 */
39
40 #include "config.h"
41 #include <stdio.h>
42 #include <stdlib.h>
43 #include <errno.h>
44 #include <string.h>
45 #include <unistd.h>
46
47 #include <stdint.h>
48 #include "sldns/str2wire.h"
49 #include "sldns/wire2str.h"
50
51 int print_usage(FILE *out, const char *progname)
52 {
53 fprintf(out, "usage: %s [ -u ] <zonefile> [<origin>]\n", progname);
54 fprintf(out, "\t-u\tprint in unknown type (RFC3597) format\n");
55 return out == stdout ? EXIT_SUCCESS : EXIT_FAILURE;
56 }
57
58 int main(int argc, char *const *argv)
59 {
60 char *progname = argv[0];
61 uint8_t rr[LDNS_RR_BUF_SIZE];
62 char *str = malloc(1024 * 1024);
63 size_t str_len = sizeof(str);
64 struct sldns_file_parse_state state;
65 FILE *in = NULL;
66 int s = -1;
67 int opt;
68 int print_in_unknown_type_format = 0;
69
70 while ((opt = getopt(argc, argv, "hu")) != -1) {
71 switch (opt) {
72 case 'h':
73 free(str);
74 return print_usage(stdout, progname);
75 case 'u':
76 print_in_unknown_type_format = 1;
77 break;
78 default:
79 free(str);
80 return print_usage(stderr, progname);
81 }
82 }
83 argc -= optind;
84 argv += optind;
85
86 memset(&state, 0, sizeof(state));
87 state.default_ttl = 3600;
88 state.lineno = 1;
89 if (argc == 2) {
90 state.origin_len = sizeof(state.origin);
91 s = sldns_str2wire_dname_buf(argv[1], state.origin
92 , &state.origin_len);
93 if (s) {
94 fprintf(stderr, "Error parsing origin: %s\n"
95 , sldns_get_errorstr_parse(s));
96 free(str);
97 return EXIT_FAILURE;
98 }
99 s = -1;
100 }
101 if (!str)
102 fprintf(stderr, "Memory allocation error: %s\n"
103 , strerror(errno));
104
105 else if (argc != 1 && argc != 2) {
106 free(str);
107 return print_usage(stderr, progname);
108 }
109
110 else if (!(in = fopen(argv[0], "r")))
111 fprintf(stderr, "Error opening \"%s\": %s\n"
112 , argv[0], strerror(errno));
113 else while (!feof(in)) {
114 size_t rr_len = sizeof(rr), dname_len = 0;
115 size_t written;
116
117 s = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len, &state);
118 if (s) {
119 fprintf( stderr, "parse error %d:%d: %s\n"
120 , state.lineno, LDNS_WIREPARSE_OFFSET(s)
121 , sldns_get_errorstr_parse(s));
122 break;
123 }
124 if (rr_len == 0)
125 continue;
126
127 if (print_in_unknown_type_format)
128 written = sldns_wire2str_rr_unknown_buf(
129 rr, rr_len, str, str_len);
130 else
131 written = sldns_wire2str_rr_buf(
132 rr, rr_len, str, str_len);
133
134 if (written > str_len) {
135 while (written > str_len)
136 str_len *= 2;
137 free(str);
138 if (!(str = malloc(str_len))) {
139 fprintf(stderr, "Memory allocation error: %s\n"
140 , strerror(errno));
141 s = -1;
142 break;
143 }
144 if (print_in_unknown_type_format)
145 (void) sldns_wire2str_rr_unknown_buf(
146 rr, rr_len, str, str_len);
147 else
148 (void) sldns_wire2str_rr_buf(
149 rr, rr_len, str, str_len);
150 }
151 fprintf(stdout, "%s", str);
152 }
153 if (in)
154 fclose(in);
155 free(str);
156 return !in || s ? EXIT_FAILURE : EXIT_SUCCESS;
157 }
+12
-13
testcode/replay.c less more
123123 free(rng);
124124 }
125125
126 /** strip whitespace from end of string */
127 static void
126 void
128127 strip_end_white(char* p)
129128 {
130129 size_t i;
226225 if(strncmp(line, "FILE_END", 8) == 0) {
227226 return;
228227 }
229 if(line[0]) line[strlen(line)-1] = 0; /* remove newline */
228 strip_end_white(line);
230229 if(!cfg_strlist_insert(last, strdup(line)))
231230 fatal_exit("malloc failure");
232231 last = &( (*last)->next );
248247 if(eq != '=')
249248 fatal_exit("no '=' in assign: %s", remain);
250249 remain += skip;
251 if(remain[0]) remain[strlen(remain)-1]=0; /* remove newline */
250 strip_end_white(remain);
252251 mom->string = strdup(remain);
253252 if(!mom->variable || !mom->string)
254253 fatal_exit("out of memory");
317316 mom->evt_type = repevt_autotrust_check;
318317 while(isspace((unsigned char)*remain))
319318 remain++;
320 if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n')
321 remain[strlen(remain)-1] = 0;
319 strip_end_white(remain);
322320 mom->autotrust_id = strdup(remain);
323321 if(!mom->autotrust_id) fatal_exit("out of memory");
324322 read_file_content(in, &pstate->lineno, mom);
326324 mom->evt_type = repevt_tempfile_check;
327325 while(isspace((unsigned char)*remain))
328326 remain++;
329 if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n')
330 remain[strlen(remain)-1] = 0;
327 strip_end_white(remain);
331328 mom->autotrust_id = strdup(remain);
332329 if(!mom->autotrust_id) fatal_exit("out of memory");
333330 read_file_content(in, &pstate->lineno, mom);
358355 m++;
359356 if(!extstrtoaddr(s, &mom->addr, &mom->addrlen))
360357 fatal_exit("bad infra_rtt address %s", s);
361 if(strlen(m)>0 && m[strlen(m)-1]=='\n')
362 m[strlen(m)-1] = 0;
358 strip_end_white(m);
363359 mom->variable = strdup(remain);
364360 mom->string = strdup(m);
365361 if(!mom->string) fatal_exit("out of memory");
374370 if(parse_keyword(&remain, "ADDRESS")) {
375371 while(isspace((unsigned char)*remain))
376372 remain++;
377 if(strlen(remain) > 0) /* remove \n */
378 remain[strlen(remain)-1] = 0;
373 strip_end_white(remain);
379374 if(!extstrtoaddr(remain, &mom->addr, &mom->addrlen)) {
380375 log_err("line %d: could not parse ADDRESS: %s",
381376 pstate->lineno, remain);
692687 return NULL;
693688 }
694689 ctime_r(&tt, buf);
695 if(buf[0]) buf[strlen(buf)-1]=0; /* remove trailing newline */
690 #ifdef USE_WINSOCK
691 if(strlen(buf) > 10 && buf[7]==' ' && buf[8]=='0')
692 buf[8]=' '; /* fix error in windows ctime */
693 #endif
694 strip_end_white(buf);
696695 return strdup(buf);
697696 }
698697
+3
-0
testcode/replay.h less more
424424 /** get oldest enabled fake timer */
425425 struct fake_timer* replay_get_oldest_timer(struct replay_runtime* runtime);
426426
427 /** strip whitespace from end of string */
428 void strip_end_white(char* p);
429
427430 /**
428431 * Create variable storage
429432 * @return new or NULL on failure.
+9
-3
testcode/streamtcp.c less more
396396 /** SIGPIPE handler */
397397 static RETSIGTYPE sigh(int sig)
398398 {
399 char str[] = "Got unhandled signal \n";
399400 if(sig == SIGPIPE) {
400 printf("got SIGPIPE, remote connection gone\n");
401 char* strpipe = "got SIGPIPE, remote connection gone\n";
402 /* simple cast to void will not silence Wunused-result */
403 (void)!write(STDOUT_FILENO, strpipe, strlen(strpipe));
401404 exit(1);
402405 }
403 printf("Got unhandled signal %d\n", sig);
406 str[21] = '0' + (sig/10)%10;
407 str[22] = '0' + sig%10;
408 /* simple cast to void will not silence Wunused-result */
409 (void)!write(STDOUT_FILENO, str, strlen(str));
404410 exit(1);
405411 }
406412 #endif /* SIGPIPE */
430436 #endif
431437
432438 /* lock debug start (if any) */
439 checklock_start();
433440 log_init(0, 0, 0);
434 checklock_start();
435441
436442 #ifdef SIGPIPE
437443 if(signal(SIGPIPE, &sigh) == SIG_ERR) {
+16
-4
testcode/testbound.c less more
167167 id++;
168168 if(*id == '\0')
169169 fatal_exit("TEMPFILE_NAME must have id, line %d", *lineno);
170 id[strlen(id)-1]=0; /* remove newline */
170 strip_end_white(id);
171171 fake_temp_file("_temp_", id, line, sizeof(line));
172172 fprintf(cfg, "\"%s\"\n", line);
173173 }
184184 id++;
185185 if(*id == '\0')
186186 fatal_exit("TEMPFILE_CONTENTS must have id, line %d", *lineno);
187 id[strlen(id)-1]=0; /* remove newline */
187 strip_end_white(id);
188188 fake_temp_file("_temp_", id, line, sizeof(line));
189189 /* open file and spool to it */
190190 spool = fopen(line, "w");
204204 char* tid = parse+17;
205205 while(isspace((unsigned char)*tid))
206206 tid++;
207 tid[strlen(tid)-1]=0; /* remove newline */
207 strip_end_white(tid);
208208 fake_temp_file("_temp_", tid, l2, sizeof(l2));
209209 snprintf(line, sizeof(line), "$INCLUDE %s\n", l2);
210210 }
229229 id++;
230230 if(*id == '\0')
231231 fatal_exit("AUTROTRUST_FILE must have id, line %d", *lineno);
232 id[strlen(id)-1]=0; /* remove newline */
232 strip_end_white(id);
233233 fake_temp_file("_auto_", id, line, sizeof(line));
234234 /* add option for the file */
235235 fprintf(cfg, "server: auto-trust-anchor-file: \"%s\"\n", line);
278278 fprintf(cfg, " username: \"\"\n");
279279 fprintf(cfg, " pidfile: \"\"\n");
280280 fprintf(cfg, " val-log-level: 2\n");
281 fprintf(cfg, " log-servfail: yes\n");
281282 fprintf(cfg, "remote-control: control-enable: no\n");
282283 while(fgets(line, MAX_LINE_LEN-1, in)) {
283284 parse = line;
372373 (void)unsetenv("NOTIFY_SOCKET");
373374 #endif /* HAVE_SYSTEMD */
374375
376 checklock_start();
375377 log_init(NULL, 0, NULL);
376378 /* determine commandline options for the daemon */
377379 pass_argc = 1;
602604 {
603605 return 0;
604606 }
607
608 void listen_setup_locks(void)
609 {
610 /* nothing */
611 }
612
613 void listen_desetup_locks(void)
614 {
615 /* nothing */
616 }
+14
-4
testcode/unitauth.c less more
467467 int i;
468468 char buf[256];
469469 for(i=0; i<tempno; i++) {
470 #ifdef USE_WINSOCK
471 snprintf(buf, sizeof(buf), "unbound.unittest.%u.%d",
472 (unsigned)getpid(), i);
473 #else
470474 snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d",
471475 (unsigned)getpid(), i);
476 #endif
472477 if(vbmp) printf("cleanup: unlink %s\n", buf);
473478 unlink(buf);
474479 }
482487 char *fname;
483488 FILE *out;
484489 size_t r;
490 #ifdef USE_WINSOCK
491 snprintf(buf, sizeof(buf), "unbound.unittest.%u.%d",
492 (unsigned)getpid(), tempno++);
493 #else
485494 snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d",
486495 (unsigned)getpid(), tempno++);
496 #endif
487497 fname = strdup(buf);
488498 if(!fname) fatal_exit("out of memory");
489499 /* if no string, just make the name */
516526 }
517527
518528 /** Add zone from file for testing */
519 static struct auth_zone*
520 addzone(struct auth_zones* az, const char* name, char* fname)
529 struct auth_zone*
530 authtest_addzone(struct auth_zones* az, const char* name, char* fname)
521531 {
522532 struct auth_zone* z;
523533 size_t nmlen;
592602
593603 az = auth_zones_create();
594604 unit_assert(az);
595 z = addzone(az, name, fname);
605 z = authtest_addzone(az, name, fname);
596606 unit_assert(z);
597607 outf = create_tmp_file(NULL);
598608 if(!auth_zone_write_file(z, outf)) {
843853 fname = create_tmp_file(zone);
844854 az = auth_zones_create();
845855 if(!az) fatal_exit("out of memory");
846 z = addzone(az, name, fname);
856 z = authtest_addzone(az, name, fname);
847857 if(!z) fatal_exit("could not read zone for queries test");
848858 del_tmp_file(fname);
849859
+1
-1
testcode/unitldns.c less more
4646 #include "sldns/parseutil.h"
4747
4848 /** verbose this unit test */
49 static int vbmp = 0;
49 static int vbmp = 0;
5050
5151 /** print buffer to hex into string */
5252 static void
+3
-48
testcode/unitmain.c less more
838838 respip_conf_actions_test();
839839 }
840840
841 #include "services/outside_network.h"
842 /** add number of new IDs to the reuse tree, randomly chosen */
843 static void tcpid_addmore(struct reuse_tcp* reuse,
844 struct outside_network* outnet, unsigned int addnum)
845 {
846 unsigned int i;
847 struct waiting_tcp* w;
848 for(i=0; i<addnum; i++) {
849 uint16_t id = reuse_tcp_select_id(reuse, outnet);
850 unit_assert(!reuse_tcp_by_id_find(reuse, id));
851 w = calloc(1, sizeof(*w));
852 unit_assert(w);
853 w->id = id;
854 w->outnet = outnet;
855 w->next_waiting = (void*)reuse->pending;
856 reuse_tree_by_id_insert(reuse, w);
857 }
858 }
859
860 /** fill up the reuse ID tree and test assertions */
861 static void tcpid_fillup(struct reuse_tcp* reuse,
862 struct outside_network* outnet)
863 {
864 int t, numtest=3;
865 for(t=0; t<numtest; t++) {
866 rbtree_init(&reuse->tree_by_id, reuse_id_cmp);
867 tcpid_addmore(reuse, outnet, 65535);
868 reuse_del_readwait(&reuse->tree_by_id);
869 }
870 }
871
872 /** test TCP ID selection */
873 static void tcpid_test(void)
874 {
875 struct pending_tcp pend;
876 struct outside_network outnet;
877 unit_show_func("services/outside_network.c", "reuse_tcp_select_id");
878 memset(&pend, 0, sizeof(pend));
879 pend.reuse.pending = &pend;
880 memset(&outnet, 0, sizeof(outnet));
881 outnet.rnd = ub_initstate(NULL);
882 rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp);
883 tcpid_fillup(&pend.reuse, &outnet);
884 ub_randfree(outnet.rnd);
885 }
886
887841 void unit_show_func(const char* file, const char* func)
888842 {
889843 printf("test %s:%s\n", file, func);
906860 int
907861 main(int argc, char* argv[])
908862 {
863 checklock_start();
909864 log_init(NULL, 0, NULL);
910865 if(argc != 1) {
911866 printf("usage: %s\n", argv[0]);
933888 if(NSS_NoDB_Init(".") != SECSuccess)
934889 fatal_exit("could not init NSS");
935890 #endif /* HAVE_SSL or HAVE_NSS*/
936 checklock_start();
937891 authzone_test();
938892 neg_test();
939893 rnd_test();
951905 slabhash_test();
952906 infra_test();
953907 ldns_test();
908 zonemd_test();
909 tcpreuse_test();
954910 msgparse_test();
955 tcpid_test();
956911 #ifdef CLIENT_SUBNET
957912 ecs_test();
958913 #endif /* CLIENT_SUBNET */
+4
-0
testcode/unitmain.h less more
7979 void ldns_test(void);
8080 /** unit test for auth zone functions */
8181 void authzone_test(void);
82 /** unit test for zonemd functions */
83 void zonemd_test(void);
84 /** unit test for tcp_reuse functions */
85 void tcpreuse_test(void);
8286
8387 #endif /* TESTCODE_UNITMAIN_H */
+236
-0
testcode/unittcpreuse.c less more
0 /*
1 * testcode/unittcpreuse.c - unit test for tcp_reuse.
2 *
3 * Copyright (c) 2021, NLnet Labs. All rights reserved.
4 *
5 * This software is open source.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution.
17 *
18 * Neither the name of the NLNET LABS nor the names of its contributors may
19 * be used to endorse or promote products derived from this software without
20 * specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
28 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35 /**
36 * \file
37 * Tests the tcp_reuse functionality.
38 */
39
40 #include "config.h"
41 #include "testcode/unitmain.h"
42 #include "util/log.h"
43 #include "util/random.h"
44 #include "services/outside_network.h"
45
46 /** add number of new IDs to the reuse tree, randomly chosen */
47 static void tcpid_addmore(struct reuse_tcp* reuse,
48 struct outside_network* outnet, unsigned int addnum)
49 {
50 unsigned int i;
51 struct waiting_tcp* w;
52 for(i=0; i<addnum; i++) {
53 uint16_t id = reuse_tcp_select_id(reuse, outnet);
54 unit_assert(!reuse_tcp_by_id_find(reuse, id));
55 w = calloc(1, sizeof(*w));
56 unit_assert(w);
57 w->id = id;
58 w->outnet = outnet;
59 w->next_waiting = (void*)reuse->pending;
60 reuse_tree_by_id_insert(reuse, w);
61 }
62 }
63
64 /** fill up the reuse ID tree and test assertions */
65 static void tcpid_fillup(struct reuse_tcp* reuse,
66 struct outside_network* outnet)
67 {
68 int t, numtest=3;
69 for(t=0; t<numtest; t++) {
70 rbtree_init(&reuse->tree_by_id, reuse_id_cmp);
71 tcpid_addmore(reuse, outnet, 65535);
72 reuse_del_readwait(&reuse->tree_by_id);
73 }
74 }
75
76 /** test TCP ID selection */
77 static void tcpid_test(void)
78 {
79 struct pending_tcp pend;
80 struct outside_network outnet;
81 unit_show_func("services/outside_network.c", "reuse_tcp_select_id");
82 memset(&pend, 0, sizeof(pend));
83 pend.reuse.pending = &pend;
84 memset(&outnet, 0, sizeof(outnet));
85 outnet.rnd = ub_initstate(NULL);
86 rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp);
87 tcpid_fillup(&pend.reuse, &outnet);
88 ub_randfree(outnet.rnd);
89 }
90
91 /** check that the tree has present number of nodes and the LRU is linked
92 * properly. */
93 static void check_tree_and_list(struct outside_network* outnet, int present)
94 {
95 int i;
96 struct reuse_tcp *reuse, *next_reuse;
97 unit_assert(present == (int)outnet->tcp_reuse.count);
98 if(present < 1) {
99 unit_assert(outnet->tcp_reuse_first == NULL);
100 unit_assert(outnet->tcp_reuse_last == NULL);
101 return;
102 }
103 unit_assert(outnet->tcp_reuse_first->item_on_lru_list);
104 unit_assert(!outnet->tcp_reuse_first->lru_prev);
105 reuse = outnet->tcp_reuse_first;
106 for(i=0; i<present-1; i++) {
107 unit_assert(reuse->item_on_lru_list);
108 unit_assert(reuse->lru_next);
109 unit_assert(reuse->lru_next != reuse);
110 next_reuse = reuse->lru_next;
111 unit_assert(next_reuse->lru_prev == reuse);
112 reuse = next_reuse;
113 }
114 unit_assert(!reuse->lru_next);
115 unit_assert(outnet->tcp_reuse_last->item_on_lru_list);
116 unit_assert(outnet->tcp_reuse_last == reuse);
117 }
118
119 /** creates pending_tcp. Copy of outside_network.c:create_pending_tcp without
120 * the comm_point creation */
121 static int create_pending_tcp(struct outside_network* outnet)
122 {
123 size_t i;
124 if(outnet->num_tcp == 0)
125 return 1; /* no tcp needed, nothing to do */
126 if(!(outnet->tcp_conns = (struct pending_tcp **)calloc(
127 outnet->num_tcp, sizeof(struct pending_tcp*))))
128 return 0;
129 for(i=0; i<outnet->num_tcp; i++) {
130 if(!(outnet->tcp_conns[i] = (struct pending_tcp*)calloc(1,
131 sizeof(struct pending_tcp))))
132 return 0;
133 outnet->tcp_conns[i]->next_free = outnet->tcp_free;
134 outnet->tcp_free = outnet->tcp_conns[i];
135 }
136 return 1;
137 }
138
139 /** empty the tcp_reuse tree and LRU list */
140 static void empty_tree(struct outside_network* outnet)
141 {
142 size_t i;
143 struct reuse_tcp* reuse;
144 reuse = outnet->tcp_reuse_first;
145 i = outnet->tcp_reuse.count;
146 while(reuse) {
147 reuse_tcp_remove_tree_list(outnet, reuse);
148 check_tree_and_list(outnet, --i);
149 reuse = outnet->tcp_reuse_first;
150 }
151 }
152
153 /** check removal of the LRU element on the given position of total elements */
154 static void check_removal(struct outside_network* outnet, int position, int total)
155 {
156 int i;
157 struct reuse_tcp* reuse;
158 empty_tree(outnet);
159 for(i=0; i<total; i++) {
160 reuse_tcp_insert(outnet, outnet->tcp_conns[i]);
161 }
162 check_tree_and_list(outnet, total);
163 reuse = outnet->tcp_reuse_first;
164 for(i=0; i<position; i++) reuse = reuse->lru_next;
165 reuse_tcp_remove_tree_list(outnet, reuse);
166 check_tree_and_list(outnet, total-1);
167 }
168
169 /** check snipping off the last element of the LRU with total elements */
170 static void check_snip(struct outside_network* outnet, int total)
171 {
172 int i;
173 struct reuse_tcp* reuse;
174 empty_tree(outnet);
175 for(i=0; i<total; i++) {
176 reuse_tcp_insert(outnet, outnet->tcp_conns[i]);
177 }
178 check_tree_and_list(outnet, total);
179 reuse = reuse_tcp_lru_snip(outnet);
180 while(reuse) {
181 reuse_tcp_remove_tree_list(outnet, reuse);
182 check_tree_and_list(outnet, --total);
183 reuse = reuse_tcp_lru_snip(outnet);
184 }
185 unit_assert(outnet->tcp_reuse_first == NULL);
186 unit_assert(outnet->tcp_reuse_last == NULL);
187 unit_assert(outnet->tcp_reuse.count == 0);
188 }
189
190 /** test tcp_reuse tree and LRU list functions */
191 static void tcp_reuse_tree_list_test(void)
192 {
193 size_t i;
194 struct outside_network outnet;
195 struct reuse_tcp* reuse;
196 memset(&outnet, 0, sizeof(outnet));
197 rbtree_init(&outnet.tcp_reuse, reuse_cmp);
198 outnet.num_tcp = 5;
199 outnet.tcp_reuse_max = outnet.num_tcp;
200 if(!create_pending_tcp(&outnet)) fatal_exit("out of memory");
201 /* add all to the tree */
202 unit_show_func("services/outside_network.c", "reuse_tcp_insert");
203 for(i=0; i<outnet.num_tcp; i++) {
204 reuse_tcp_insert(&outnet, outnet.tcp_conns[i]);
205 check_tree_and_list(&outnet, i+1);
206 }
207 /* check touching */
208 unit_show_func("services/outside_network.c", "reuse_tcp_lru_touch");
209 for(i=0; i<outnet.tcp_reuse.count; i++) {
210 for(reuse = outnet.tcp_reuse_first; reuse->lru_next; reuse = reuse->lru_next);
211 reuse_tcp_lru_touch(&outnet, reuse);
212 check_tree_and_list(&outnet, outnet.num_tcp);
213 }
214 /* check removal */
215 unit_show_func("services/outside_network.c", "reuse_tcp_remove_tree_list");
216 check_removal(&outnet, 2, 5);
217 check_removal(&outnet, 1, 3);
218 check_removal(&outnet, 1, 2);
219 /* check snip */
220 unit_show_func("services/outside_network.c", "reuse_tcp_lru_snip");
221 check_snip(&outnet, 4);
222
223 for(i=0; i<outnet.num_tcp; i++)
224 if(outnet.tcp_conns[i]) {
225 free(outnet.tcp_conns[i]);
226 }
227 free(outnet.tcp_conns);
228 }
229
230 void tcpreuse_test(void)
231 {
232 unit_show_feature("tcp_reuse");
233 tcpid_test();
234 tcp_reuse_tree_list_test();
235 }
+537
-0
testcode/unitzonemd.c less more
0 /*
1 * testcode/unitzonemd.c - unit test for zonemd.
2 *
3 * Copyright (c) 2020, NLnet Labs. All rights reserved.
4 *
5 * This software is open source.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution.
17 *
18 * Neither the name of the NLNET LABS nor the names of its contributors may
19 * be used to endorse or promote products derived from this software without
20 * specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
28 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35 /**
36 * \file
37 * Unit tests for ZONEMD functionality.
38 */
39
40 #include "config.h"
41 #include <ctype.h>
42 #include "util/log.h"
43 #include "testcode/unitmain.h"
44 #include "sldns/str2wire.h"
45 #include "services/authzone.h"
46 #include "util/data/dname.h"
47 #include "util/regional.h"
48 #include "validator/val_anchor.h"
49
50 #define xstr(s) str(s)
51 #define str(s) #s
52 #define SRCDIRSTR xstr(SRCDIR)
53
54 /** Add zone from file for testing */
55 struct auth_zone* authtest_addzone(struct auth_zones* az, const char* name,
56 char* fname);
57
58 /** zonemd unit test, generate a zonemd digest and check if correct */
59 static void zonemd_generate_test(const char* zname, char* zfile,
60 int scheme, int hashalgo, const char* digest)
61 {
62 uint8_t zonemd_hash[512];
63 size_t hashlen = 0;
64 char output[1024+1];
65 size_t i;
66 struct auth_zones* az;
67 struct auth_zone* z;
68 int result;
69 struct regional* region = NULL;
70 struct sldns_buffer* buf = NULL;
71 char* reason = NULL;
72 char* digestdup;
73
74 if(!zonemd_hashalgo_supported(hashalgo))
75 return; /* cannot test unsupported algo */
76
77 /* setup environment */
78 az = auth_zones_create();
79 unit_assert(az);
80 region = regional_create();
81 unit_assert(region);
82 buf = sldns_buffer_new(65535);
83 unit_assert(buf);
84
85 /* read file */
86 z = authtest_addzone(az, zname, zfile);
87 unit_assert(z);
88 lock_rw_wrlock(&z->lock);
89 z->zonemd_check = 1;
90 lock_rw_unlock(&z->lock);
91
92 /* create zonemd digest */
93 result = auth_zone_generate_zonemd_hash(z, scheme, hashalgo,
94 zonemd_hash, sizeof(zonemd_hash), &hashlen, region, buf,
95 &reason);
96 if(reason) printf("zonemd failure reason: %s\n", reason);
97 unit_assert(result);
98
99 /* check digest */
100 unit_assert(hashlen*2+1 <= sizeof(output));
101 for(i=0; i<hashlen; i++) {
102 const char* hexl = "0123456789ABCDEF";
103 output[i*2] = hexl[(zonemd_hash[i]&0xf0)>>4];
104 output[i*2+1] = hexl[zonemd_hash[i]&0xf];
105 }
106 output[hashlen*2] = 0;
107 digestdup = strdup(digest);
108 unit_assert(digestdup);
109 for(i=0; i<strlen(digestdup); i++) {
110 digestdup[i] = toupper(digestdup[i]);
111 }
112 if(verbosity >= VERB_ALGO) {
113 char zname[255+1];
114 dname_str(z->name, zname);
115 printf("zonemd generated for %s in %s with "
116 "scheme=%d hashalgo=%d\n", zname, z->zonefile,
117 scheme, hashalgo);
118 printf("digest %s\n", output);
119 printf("wanted %s\n", digestdup);
120 }
121 unit_assert(strcmp(output, digestdup) == 0);
122
123 /* delete environment */
124 free(digestdup);
125 auth_zones_delete(az);
126 regional_destroy(region);
127 sldns_buffer_free(buf);
128
129 if(verbosity >= VERB_ALGO) {
130 printf("\n");
131 }
132 }
133
134 /** loop over files and test generated zonemd digest */
135 static void zonemd_generate_tests(void)
136 {
137 unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_hash");
138 zonemd_generate_test("example.org", SRCDIRSTR "/testdata/zonemd.example1.zone",
139 1, 2, "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7");
140
141 /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
142 * from section A.1 */
143 zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a1.zone",
144 1, 1, "c68090d90a7aed716bc459f9340e3d7c1370d4d24b7e2fc3a1ddc0b9a87153b9a9713b3c9ae5cc27777f98b8e730044c");
145
146 /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
147 * from section A.2 */
148 zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a2.zone",
149 1, 1, "31cefb03814f5062ad12fa951ba0ef5f8da6ae354a415767246f7dc932ceb1e742a2108f529db6a33a11c01493de358d");
150
151 /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
152 * from section A.3 SHA384 digest */
153 zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a3.zone",
154 1, 1, "62e6cf51b02e54b9b5f967d547ce43136792901f9f88e637493daaf401c92c279dd10f0edb1c56f8080211f8480ee306");
155
156 /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
157 * from section A.3 SHA512 digest*/
158 zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a3.zone",
159 1, 2, "08cfa1115c7b948c4163a901270395ea226a930cd2cbcf2fa9a5e6eb85f37c8a4e114d884e66f176eab121cb02db7d652e0cc4827e7a3204f166b47e5613fd27");
160
161 /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
162 * from section A.4 */
163 zonemd_generate_test("uri.arpa", SRCDIRSTR "/testdata/zonemd.example_a4.zone",
164 1, 1, "1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fadc556439889a10eaf6f11d615900a4f996bd46279514e473");
165
166 /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
167 * from section A.5 */
168 zonemd_generate_test("root-servers.net", SRCDIRSTR "/testdata/zonemd.example_a5.zone",
169 1, 1, "f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a978a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79");
170 }
171
172 /** test the zonemd check routine */
173 static void zonemd_check_test(void)
174 {
175 const char* zname = "example.org";
176 char* zfile = SRCDIRSTR "/testdata/zonemd.example1.zone";
177 int scheme = 1;
178 int hashalgo = 2;
179 const char* digest = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7";
180 const char* digestwrong = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D48100";
181 uint8_t hash[512], hashwrong[512];
182 size_t hashlen = 0, hashwronglen = 0;
183 struct auth_zones* az;
184 struct auth_zone* z;
185 int result;
186 struct regional* region = NULL;
187 struct sldns_buffer* buf = NULL;
188 char* reason = NULL;
189
190 if(!zonemd_hashalgo_supported(hashalgo))
191 return; /* cannot test unsupported algo */
192 unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_check");
193
194 /* setup environment */
195 az = auth_zones_create();
196 unit_assert(az);
197 region = regional_create();
198 unit_assert(region);
199 buf = sldns_buffer_new(65535);
200 unit_assert(buf);
201
202 /* read file */
203 z = authtest_addzone(az, zname, zfile);
204 unit_assert(z);
205 lock_rw_wrlock(&z->lock);
206 z->zonemd_check = 1;
207 lock_rw_unlock(&z->lock);
208 hashlen = sizeof(hash);
209 if(sldns_str2wire_hex_buf(digest, hash, &hashlen) != 0) {
210 unit_assert(0); /* parse failure */
211 }
212 hashwronglen = sizeof(hashwrong);
213 if(sldns_str2wire_hex_buf(digestwrong, hashwrong, &hashwronglen) != 0) {
214 unit_assert(0); /* parse failure */
215 }
216
217 /* check return values of the check routine */
218 result = auth_zone_generate_zonemd_check(z, scheme, hashalgo,
219 hash, hashlen, region, buf, &reason);
220 unit_assert(result && reason == NULL);
221 result = auth_zone_generate_zonemd_check(z, 241, hashalgo,
222 hash, hashlen, region, buf, &reason);
223 unit_assert(!result && strcmp(reason, "unsupported scheme")==0);
224 result = auth_zone_generate_zonemd_check(z, scheme, 242,
225 hash, hashlen, region, buf, &reason);
226 unit_assert(!result && strcmp(reason, "unsupported algorithm")==0);
227 result = auth_zone_generate_zonemd_check(z, scheme, hashalgo,
228 hash, 2, region, buf, &reason);
229 unit_assert(!result && strcmp(reason, "digest length too small, less than 12")==0);
230 result = auth_zone_generate_zonemd_check(z, scheme, hashalgo,
231 hashwrong, hashwronglen, region, buf, &reason);
232 unit_assert(!result && strcmp(reason, "incorrect digest")==0);
233 result = auth_zone_generate_zonemd_check(z, scheme, hashalgo,
234 hashwrong, hashwronglen-3, region, buf, &reason);
235 unit_assert(!result && strcmp(reason, "incorrect digest length")==0);
236
237 /* delete environment */
238 auth_zones_delete(az);
239 regional_destroy(region);
240 sldns_buffer_free(buf);
241
242 if(verbosity >= VERB_ALGO) {
243 printf("\n");
244 }
245 }
246
247 /** zonemd test verify */
248 static void zonemd_verify_test(char* zname, char* zfile, char* tastr,
249 char* date_override, char* result_wanted)
250 {
251 time_t now = 0;
252 struct module_stack mods;
253 struct module_env env;
254 char* result = NULL;
255 struct auth_zone* z;
256
257 /* setup test harness */
258 memset(&mods, 0, sizeof(mods));
259 memset(&env, 0, sizeof(env));
260 env.scratch = regional_create();
261 if(!env.scratch)
262 fatal_exit("out of memory");
263 env.scratch_buffer = sldns_buffer_new(65553);
264 if(!env.scratch_buffer)
265 fatal_exit("out of memory");
266 env.cfg = config_create();
267 if(!env.cfg)
268 fatal_exit("out of memory");
269 env.now = &now;
270 env.cfg->val_date_override = cfg_convert_timeval(date_override);
271 if(!env.cfg->val_date_override)
272 fatal_exit("could not parse datetime %s", date_override);
273 if(env.cfg->module_conf)
274 free(env.cfg->module_conf);
275 env.cfg->module_conf = strdup("validator iterator");
276 if(!env.cfg->module_conf)
277 fatal_exit("out of memory");
278 if(tastr) {
279 if(!cfg_strlist_insert(&env.cfg->trust_anchor_list,
280 strdup(tastr)))
281 fatal_exit("out of memory");
282 }
283 env.anchors = anchors_create();
284 if(!env.anchors)
285 fatal_exit("out of memory");
286 env.auth_zones = auth_zones_create();
287 if(!env.auth_zones)
288 fatal_exit("out of memory");
289 modstack_init(&mods);
290 if(!modstack_setup(&mods, env.cfg->module_conf, &env))
291 fatal_exit("could not modstack_setup");
292 env.mesh = mesh_create(&mods, &env);
293 if(!env.mesh)
294 fatal_exit("out of memory");
295
296 /* load data */
297 z = authtest_addzone(env.auth_zones, zname, zfile);
298 if(!z)
299 fatal_exit("could not addzone %s %s", zname, zfile);
300
301 /* test */
302 lock_rw_wrlock(&z->lock);
303 z->zonemd_check = 1;
304 auth_zone_verify_zonemd(z, &env, &mods, &result, 1, 0);
305 lock_rw_unlock(&z->lock);
306 if(verbosity >= VERB_ALGO) {
307 printf("auth zone %s: ZONEMD verification %s: %s\n", zname,
308 (strcmp(result, "ZONEMD verification successful")==0?"successful":"failed"),
309 result);
310 }
311 if(!result)
312 fatal_exit("out of memory");
313 unit_assert(strcmp(result, result_wanted) == 0);
314 if(strcmp(result, "ZONEMD verification successful") == 0 ||
315 strcmp(result, "DNSSEC verified nonexistence of ZONEMD") == 0 ||
316 strcmp(result, "no ZONEMD present") == 0) {
317 lock_rw_rdlock(&z->lock);
318 unit_assert(!z->zone_expired);
319 lock_rw_unlock(&z->lock);
320 } else {
321 lock_rw_rdlock(&z->lock);
322 unit_assert(z->zone_expired);
323 lock_rw_unlock(&z->lock);
324 }
325 free(result);
326
327 /* desetup test harness */
328 mesh_delete(env.mesh);
329 modstack_desetup(&mods, &env);
330 auth_zones_delete(env.auth_zones);
331 anchors_delete(env.anchors);
332 config_delete(env.cfg);
333 regional_destroy(env.scratch);
334 sldns_buffer_free(env.scratch_buffer);
335
336 if(verbosity >= VERB_ALGO) {
337 printf("\n");
338 }
339 }
340
341 /** zonemd test verify suite */
342 static void zonemd_verify_tests(void)
343 {
344 unit_show_func("services/authzone.c", "auth_zone_verify_zonemd");
345 /* give trustanchor for unsigned zone, should fail */
346 zonemd_verify_test("example.org",
347 SRCDIRSTR "/testdata/zonemd.example1.zone",
348 "example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
349 "20180302005009",
350 "verify DNSKEY RRset with trust anchor failed: have trust anchor, but zone has no DNSKEY");
351 /* unsigned zone without ZONEMD in it */
352 zonemd_verify_test("example.org",
353 SRCDIRSTR "/testdata/zonemd.example1.zone",
354 NULL,
355 "20180302005009",
356 "no ZONEMD present");
357 /* no trust anchor, so it succeeds for zone with a correct ZONEMD */
358 zonemd_verify_test("example.com",
359 SRCDIRSTR "/testdata/zonemd.example2.zone",
360 NULL,
361 "20180302005009",
362 "ZONEMD verification successful");
363 /* trust anchor for another zone, so it is indeterminate */
364 zonemd_verify_test("example.com",
365 SRCDIRSTR "/testdata/zonemd.example2.zone",
366 "example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
367 "20180302005009",
368 "ZONEMD verification successful");
369
370 /* load a DNSSEC signed zone, but no trust anchor */
371 /* this zonefile has an incorrect ZONEMD digest, with correct
372 * DNSSEC signature. */
373 zonemd_verify_test("example.com",
374 SRCDIRSTR "/testdata/zonemd.example3.zone",
375 NULL,
376 "20180302005009",
377 "incorrect digest");
378 /* load a DNSSEC zone with NSEC3, but no trust anchor */
379 /* this zonefile has an incorrect ZONEMD digest, with correct
380 * DNSSEC signature. */
381 zonemd_verify_test("example.com",
382 SRCDIRSTR "/testdata/zonemd.example4.zone",
383 NULL,
384 "20180302005009",
385 "incorrect digest");
386 /* valid zonemd, in dnssec signed zone, no trust anchor*/
387 /* this zonefile has a correct ZONEMD digest and
388 * correct DNSSEC signature */
389 zonemd_verify_test("example.com",
390 SRCDIRSTR "/testdata/zonemd.example5.zone",
391 NULL,
392 "20180302005009",
393 "ZONEMD verification successful");
394 /* valid zonemd, in dnssec NSEC3 zone, no trust anchor*/
395 zonemd_verify_test("example.com",
396 SRCDIRSTR "/testdata/zonemd.example6.zone",
397 NULL,
398 "20180302005009",
399 "ZONEMD verification successful");
400
401 /* load a DNSSEC signed zone with a trust anchor, valid ZONEMD */
402 zonemd_verify_test("example.com",
403 SRCDIRSTR "/testdata/zonemd.example5.zone",
404 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
405 "20201020135527",
406 "ZONEMD verification successful");
407 /* load a DNSSEC NSEC3 signed zone with a trust anchor, valid ZONEMD */
408 zonemd_verify_test("example.com",
409 SRCDIRSTR "/testdata/zonemd.example6.zone",
410 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
411 "20201020135527",
412 "ZONEMD verification successful");
413
414 /* load a DNSSEC NSEC zone without ZONEMD */
415 zonemd_verify_test("example.com",
416 SRCDIRSTR "/testdata/zonemd.example7.zone",
417 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
418 "20201020135527",
419 "DNSSEC verified nonexistence of ZONEMD");
420 /* load a DNSSEC NSEC3 zone without ZONEMD */
421 zonemd_verify_test("example.com",
422 SRCDIRSTR "/testdata/zonemd.example8.zone",
423 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
424 "20201020135527",
425 "DNSSEC verified nonexistence of ZONEMD");
426
427 /* load DNSSEC zone but RRSIG on ZONEMD is wrong */
428 zonemd_verify_test("example.com",
429 SRCDIRSTR "/testdata/zonemd.example9.zone",
430 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
431 "20201020135527",
432 #ifdef HAVE_SSL
433 "DNSSEC verify failed for ZONEMD RRset: signature crypto failed"
434 #else /* HAVE_NETTLE */
435 "DNSSEC verify failed for ZONEMD RRset: RSA signature verification failed"
436 #endif
437 );
438 /* load DNSSEC zone but RRSIG on SOA is wrong */
439 zonemd_verify_test("example.com",
440 SRCDIRSTR "/testdata/zonemd.example10.zone",
441 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
442 "20201020135527",
443 #ifdef HAVE_SSL
444 "DNSSEC verify failed for SOA RRset: signature crypto failed"
445 #else /* HAVE_NETTLE */
446 "DNSSEC verify failed for SOA RRset: RSA signature verification failed"
447 #endif
448 );
449
450 /* load DNSSEC zone without ZONEMD, but NSEC bitmap says it exists */
451 zonemd_verify_test("example.com",
452 SRCDIRSTR "/testdata/zonemd.example11.zone",
453 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
454 "20201020135527",
455 "DNSSEC NSEC bitmap says type ZONEMD exists");
456 /* load DNSSEC zone without ZONEMD, but NSEC3 bitmap says it exists */
457 zonemd_verify_test("example.com",
458 SRCDIRSTR "/testdata/zonemd.example12.zone",
459 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
460 "20201020135527",
461 "DNSSEC NSEC3 bitmap says type ZONEMD exists");
462
463 /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC not okay */
464 zonemd_verify_test("example.com",
465 SRCDIRSTR "/testdata/zonemd.example13.zone",
466 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
467 "20201020135527",
468 #ifdef HAVE_SSL
469 "DNSSEC verify failed for NSEC RRset: signature crypto failed"
470 #else /* HAVE_NETTLE */
471 "DNSSEC verify failed for NSEC RRset: RSA signature verification failed"
472 #endif
473 );
474 /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC3 not okay */
475 zonemd_verify_test("example.com",
476 SRCDIRSTR "/testdata/zonemd.example14.zone",
477 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
478 "20201020135527",
479 #ifdef HAVE_SSL
480 "DNSSEC verify failed for NSEC3 RRset: signature crypto failed"
481 #else /* HAVE_NETTLE */
482 "DNSSEC verify failed for NSEC3 RRset: RSA signature verification failed"
483 #endif
484 );
485
486 /* load DNSSEC zone, with ZONEMD, but DNSKEY RRSIG is not okay. */
487 zonemd_verify_test("example.com",
488 SRCDIRSTR "/testdata/zonemd.example15.zone",
489 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
490 "20201020135527",
491 #ifdef HAVE_SSL
492 "verify DNSKEY RRset with trust anchor failed: signature crypto failed"
493 #else /* HAVE_NETTLE */
494 "verify DNSKEY RRset with trust anchor failed: RSA signature verification failed"
495 #endif
496 );
497 /* load DNSSEC zone, but trust anchor mismatches DNSKEY */
498 zonemd_verify_test("example.com",
499 SRCDIRSTR "/testdata/zonemd.example5.zone",
500 /* okay anchor is
501 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", */
502 "example.com. IN DS 55566 8 2 0000000000111111222223333444444dfcf92595148022f2c2fd98e5deee90af",
503 "20201020135527",
504 "verify DNSKEY RRset with trust anchor failed: DS hash mismatches key");
505 /* load DNSSEC zone, but trust anchor fails because the zone
506 * has expired signatures. We set the date for it */
507 zonemd_verify_test("example.com",
508 SRCDIRSTR "/testdata/zonemd.example5.zone",
509 "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
510 /* okay date: "20201020135527", */
511 "20221020135527",
512 "verify DNSKEY RRset with trust anchor failed: signature expired");
513
514 /* duplicate zonemd with same scheme and algorithm */
515 zonemd_verify_test("example.com",
516 SRCDIRSTR "/testdata/zonemd.example16.zone",
517 NULL,
518 "20180302005009",
519 "ZONEMD RRSet contains more than one RR with the same scheme and hash algorithm");
520 /* different capitalisation of ns name and owner names, should
521 * be canonicalized. */
522 zonemd_verify_test("example.com",
523 SRCDIRSTR "/testdata/zonemd.example17.zone",
524 NULL,
525 "20180302005009",
526 "ZONEMD verification successful");
527 }
528
529 /** zonemd unit tests */
530 void zonemd_test(void)
531 {
532 unit_show_feature("zonemd");
533 zonemd_generate_tests();
534 zonemd_check_test();
535 zonemd_verify_tests();
536 }
+1
-1
testdata/10-unbound-anchor.tdir/keys/unbound-control-setup less more
8080 echo " -d dir use directory to store keys and certificates."
8181 echo " default: $DESTDIR"
8282 echo "please run this command using the same user id that the "
83 echo "unboun daemon uses, it needs read privileges."
83 echo "unbound daemon uses, it needs read privileges."
8484 exit 1
8585 ;;
8686 esac
+1
-1
testdata/auth_xfr_ixfrmismatch.rpl less more
181181 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
182182 www.example.com. IN A 1.2.3.4
183183 mail.example.com. 3600 IN A 1.2.3.6
184 ; this is the delete of the nonexistant entry
184 ; this is the delete of the nonexistent entry
185185 nonexist.example.com. 3600 IN A 1.2.3.4
186186 example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600
187187 EXTRA_PACKET
+1
-0
testdata/auth_zonefile_dnssec.rpl less more
44 target-fetch-policy: "0 0 0 0 0"
55 fake-sha1: yes
66 trust-anchor-signaling: no
7 zonemd-permissive-mode: yes
78
89 auth-zone:
910 name: "example.com."
+1
-0
testdata/auth_zonefile_down.rpl less more
66 qname-minimisation: "no"
77 trust-anchor-signaling: no
88 aggressive-nsec: yes
9 zonemd-permissive-mode: yes
910
1011 auth-zone:
1112 name: "example.com."
+234
-0
testdata/auth_zonemd_anchor.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 ## url for http fetch
15 ## url:
16 ## queries from downstream clients get authoritative answers.
17 ## for-downstream: yes
18 for-downstream: no
19 ## queries are used to fetch authoritative answers from this zone,
20 ## instead of unbound itself sending queries there.
21 ## for-upstream: yes
22 for-upstream: yes
23 ## on failures with for-upstream, fallback to sending queries to
24 ## the authority servers
25 ## fallback-enabled: no
26 zonemd-check: yes
27
28 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
29 zonefile:
30 TEMPFILE_NAME example.com
31 ## this is the inline file /tmp/xxx.example.com
32 ## the tempfiles are deleted when the testrun is over.
33 TEMPFILE_CONTENTS example.com
34 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
35 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
36 example.com. 3600 IN NS ns.example.com.
37 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
38 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
39 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
40 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
41 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
42 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
43 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
44 bar.example.com. 3600 IN A 1.2.3.4
45 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
46 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
47 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
48 ding.example.com. 3600 IN A 1.2.3.4
49 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
50 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
51 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
52 foo.example.com. 3600 IN A 1.2.3.4
53 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
54 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
55 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
56 ns.example.com. 3600 IN A 127.0.0.1
57 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
58 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
59 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
60 www.example.com. 3600 IN A 127.0.0.1
61 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
62 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
63 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
64 TEMPFILE_END
65
66 stub-zone:
67 name: "."
68 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
69 CONFIG_END
70
71 SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with trust anchor
72
73 ; K.ROOT-SERVERS.NET.
74 RANGE_BEGIN 0 100
75 ADDRESS 193.0.14.129
76 ENTRY_BEGIN
77 MATCH opcode qtype qname
78 ADJUST copy_id
79 REPLY QR NOERROR
80 SECTION QUESTION
81 . IN NS
82 SECTION ANSWER
83 . IN NS K.ROOT-SERVERS.NET.
84 SECTION ADDITIONAL
85 K.ROOT-SERVERS.NET. IN A 193.0.14.129
86 ENTRY_END
87
88 ENTRY_BEGIN
89 MATCH opcode subdomain
90 ADJUST copy_id copy_query
91 REPLY QR NOERROR
92 SECTION QUESTION
93 com. IN NS
94 SECTION AUTHORITY
95 com. IN NS a.gtld-servers.net.
96 SECTION ADDITIONAL
97 a.gtld-servers.net. IN A 192.5.6.30
98 ENTRY_END
99 RANGE_END
100
101 ; a.gtld-servers.net.
102 RANGE_BEGIN 0 100
103 ADDRESS 192.5.6.30
104 ENTRY_BEGIN
105 MATCH opcode qtype qname
106 ADJUST copy_id
107 REPLY QR NOERROR
108 SECTION QUESTION
109 com. IN NS
110 SECTION ANSWER
111 com. IN NS a.gtld-servers.net.
112 SECTION ADDITIONAL
113 a.gtld-servers.net. IN A 192.5.6.30
114 ENTRY_END
115
116 ENTRY_BEGIN
117 MATCH opcode qname qtype
118 ADJUST copy_id
119 REPLY QR AA NOERROR
120 SECTION QUESTION
121 example.com. IN DS
122 SECTION ANSWER
123 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
124 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
125 ENTRY_END
126
127 ENTRY_BEGIN
128 MATCH opcode subdomain
129 ADJUST copy_id copy_query
130 REPLY QR NOERROR
131 SECTION QUESTION
132 example.com. IN NS
133 SECTION AUTHORITY
134 example.com. IN NS ns.example.com.
135 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
136 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
137 SECTION ADDITIONAL
138 ns.example.com. IN A 1.2.3.44
139 ENTRY_END
140
141 ENTRY_BEGIN
142 MATCH opcode qtype qname
143 ADJUST copy_id
144 REPLY QR AA NOERROR
145 SECTION QUESTION
146 com. IN DNSKEY
147 SECTION ANSWER
148 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
149 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
150 SECTION ADDITIONAL
151 ENTRY_END
152
153 RANGE_END
154
155 ; ns.example.net.
156 RANGE_BEGIN 0 100
157 ADDRESS 1.2.3.44
158 ENTRY_BEGIN
159 MATCH opcode qtype qname
160 ADJUST copy_id
161 REPLY QR NOERROR
162 SECTION QUESTION
163 example.net. IN NS
164 SECTION ANSWER
165 example.net. IN NS ns.example.net.
166 SECTION ADDITIONAL
167 ns.example.net. IN A 1.2.3.44
168 ENTRY_END
169
170 ENTRY_BEGIN
171 MATCH opcode qtype qname
172 ADJUST copy_id
173 REPLY QR NOERROR
174 SECTION QUESTION
175 ns.example.net. IN A
176 SECTION ANSWER
177 ns.example.net. IN A 1.2.3.44
178 SECTION AUTHORITY
179 example.net. IN NS ns.example.net.
180 ENTRY_END
181
182 ENTRY_BEGIN
183 MATCH opcode qtype qname
184 ADJUST copy_id
185 REPLY QR NOERROR
186 SECTION QUESTION
187 ns.example.net. IN AAAA
188 SECTION AUTHORITY
189 example.net. IN NS ns.example.net.
190 SECTION ADDITIONAL
191 www.example.net. IN A 1.2.3.44
192 ENTRY_END
193
194 ENTRY_BEGIN
195 MATCH opcode qtype qname
196 ADJUST copy_id
197 REPLY QR NOERROR
198 SECTION QUESTION
199 example.com. IN NS
200 SECTION ANSWER
201 example.com. IN NS ns.example.net.
202 ENTRY_END
203
204 ENTRY_BEGIN
205 MATCH opcode qtype qname
206 ADJUST copy_id
207 REPLY QR NOERROR
208 SECTION QUESTION
209 www.example.com. IN A
210 SECTION ANSWER
211 www.example.com. IN A 10.20.30.40
212 ENTRY_END
213 RANGE_END
214
215 STEP 1 QUERY
216 ENTRY_BEGIN
217 REPLY RD
218 SECTION QUESTION
219 www.example.com. IN A
220 ENTRY_END
221
222 ; recursion happens here.
223 STEP 20 CHECK_ANSWER
224 ENTRY_BEGIN
225 MATCH all
226 REPLY QR RD RA NOERROR
227 SECTION QUESTION
228 www.example.com. IN A
229 SECTION ANSWER
230 www.example.com. IN A 127.0.0.1
231 ENTRY_END
232
233 SCENARIO_END
+236
-0
testdata/auth_zonemd_anchor_fail.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 ; correct anchor
4 ; trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
5 ; wrong anchor
6 trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deeaaaaa"
7 trust-anchor-signaling: no
8 val-override-date: 20201020135527
9
10 auth-zone:
11 name: "example.com."
12 ## zonefile (or none).
13 ## zonefile: "example.com.zone"
14 ## master by IP address or hostname
15 ## can list multiple masters, each on one line.
16 ## master:
17 ## url for http fetch
18 ## url:
19 ## queries from downstream clients get authoritative answers.
20 ## for-downstream: yes
21 for-downstream: no
22 ## queries are used to fetch authoritative answers from this zone,
23 ## instead of unbound itself sending queries there.
24 ## for-upstream: yes
25 for-upstream: yes
26 ## on failures with for-upstream, fallback to sending queries to
27 ## the authority servers
28 ## fallback-enabled: no
29 zonemd-check: yes
30
31 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
32 zonefile:
33 TEMPFILE_NAME example.com
34 ## this is the inline file /tmp/xxx.example.com
35 ## the tempfiles are deleted when the testrun is over.
36 TEMPFILE_CONTENTS example.com
37 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
38 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
39 example.com. 3600 IN NS ns.example.com.
40 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
41 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
42 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
43 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
44 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
45 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
46 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
47 bar.example.com. 3600 IN A 1.2.3.4
48 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
49 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
50 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
51 ding.example.com. 3600 IN A 1.2.3.4
52 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
53 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
54 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
55 foo.example.com. 3600 IN A 1.2.3.4
56 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
57 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
58 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
59 ns.example.com. 3600 IN A 127.0.0.1
60 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
61 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
62 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
63 www.example.com. 3600 IN A 127.0.0.1
64 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
65 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
66 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
67 TEMPFILE_END
68
69 stub-zone:
70 name: "."
71 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
72 CONFIG_END
73
74 SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed trust anchor
75
76 ; K.ROOT-SERVERS.NET.
77 RANGE_BEGIN 0 100
78 ADDRESS 193.0.14.129
79 ENTRY_BEGIN
80 MATCH opcode qtype qname
81 ADJUST copy_id
82 REPLY QR NOERROR
83 SECTION QUESTION
84 . IN NS
85 SECTION ANSWER
86 . IN NS K.ROOT-SERVERS.NET.
87 SECTION ADDITIONAL
88 K.ROOT-SERVERS.NET. IN A 193.0.14.129
89 ENTRY_END
90
91 ENTRY_BEGIN
92 MATCH opcode subdomain
93 ADJUST copy_id copy_query
94 REPLY QR NOERROR
95 SECTION QUESTION
96 com. IN NS
97 SECTION AUTHORITY
98 com. IN NS a.gtld-servers.net.
99 SECTION ADDITIONAL
100 a.gtld-servers.net. IN A 192.5.6.30
101 ENTRY_END
102 RANGE_END
103
104 ; a.gtld-servers.net.
105 RANGE_BEGIN 0 100
106 ADDRESS 192.5.6.30
107 ENTRY_BEGIN
108 MATCH opcode qtype qname
109 ADJUST copy_id
110 REPLY QR NOERROR
111 SECTION QUESTION
112 com. IN NS
113 SECTION ANSWER
114 com. IN NS a.gtld-servers.net.
115 SECTION ADDITIONAL
116 a.gtld-servers.net. IN A 192.5.6.30
117 ENTRY_END
118
119 ENTRY_BEGIN
120 MATCH opcode qname qtype
121 ADJUST copy_id
122 REPLY QR AA NOERROR
123 SECTION QUESTION
124 example.com. IN DS
125 SECTION ANSWER
126 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
127 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
128 ENTRY_END
129
130 ENTRY_BEGIN
131 MATCH opcode subdomain
132 ADJUST copy_id copy_query
133 REPLY QR NOERROR
134 SECTION QUESTION
135 example.com. IN NS
136 SECTION AUTHORITY
137 example.com. IN NS ns.example.com.
138 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
139 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
140 SECTION ADDITIONAL
141 ns.example.com. IN A 1.2.3.44
142 ENTRY_END
143
144 ENTRY_BEGIN
145 MATCH opcode qtype qname
146 ADJUST copy_id
147 REPLY QR AA NOERROR
148 SECTION QUESTION
149 com. IN DNSKEY
150 SECTION ANSWER
151 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
152 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
153 SECTION ADDITIONAL
154 ENTRY_END
155
156 RANGE_END
157
158 ; ns.example.net.
159 RANGE_BEGIN 0 100
160 ADDRESS 1.2.3.44
161 ENTRY_BEGIN
162 MATCH opcode qtype qname
163 ADJUST copy_id
164 REPLY QR NOERROR
165 SECTION QUESTION
166 example.net. IN NS
167 SECTION ANSWER
168 example.net. IN NS ns.example.net.
169 SECTION ADDITIONAL
170 ns.example.net. IN A 1.2.3.44
171 ENTRY_END
172
173 ENTRY_BEGIN
174 MATCH opcode qtype qname
175 ADJUST copy_id
176 REPLY QR NOERROR
177 SECTION QUESTION
178 ns.example.net. IN A
179 SECTION ANSWER
180 ns.example.net. IN A 1.2.3.44
181 SECTION AUTHORITY
182 example.net. IN NS ns.example.net.
183 ENTRY_END
184
185 ENTRY_BEGIN
186 MATCH opcode qtype qname
187 ADJUST copy_id
188 REPLY QR NOERROR
189 SECTION QUESTION
190 ns.example.net. IN AAAA
191 SECTION AUTHORITY
192 example.net. IN NS ns.example.net.
193 SECTION ADDITIONAL
194 www.example.net. IN A 1.2.3.44
195 ENTRY_END
196
197 ENTRY_BEGIN
198 MATCH opcode qtype qname
199 ADJUST copy_id
200 REPLY QR NOERROR
201 SECTION QUESTION
202 example.com. IN NS
203 SECTION ANSWER
204 example.com. IN NS ns.example.net.
205 ENTRY_END
206
207 ENTRY_BEGIN
208 MATCH opcode qtype qname
209 ADJUST copy_id
210 REPLY QR NOERROR
211 SECTION QUESTION
212 www.example.com. IN A
213 SECTION ANSWER
214 www.example.com. IN A 10.20.30.40
215 ENTRY_END
216 RANGE_END
217
218 STEP 1 QUERY
219 ENTRY_BEGIN
220 REPLY RD
221 SECTION QUESTION
222 www.example.com. IN A
223 ENTRY_END
224
225 ; recursion happens here.
226 STEP 20 CHECK_ANSWER
227 ENTRY_BEGIN
228 MATCH all
229 REPLY QR RD RA SERVFAIL
230 SECTION QUESTION
231 www.example.com. IN A
232 SECTION ANSWER
233 ENTRY_END
234
235 SCENARIO_END
+234
-0
testdata/auth_zonemd_chain.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 ## url for http fetch
15 ## url:
16 ## queries from downstream clients get authoritative answers.
17 ## for-downstream: yes
18 for-downstream: no
19 ## queries are used to fetch authoritative answers from this zone,
20 ## instead of unbound itself sending queries there.
21 ## for-upstream: yes
22 for-upstream: yes
23 ## on failures with for-upstream, fallback to sending queries to
24 ## the authority servers
25 ## fallback-enabled: no
26 zonemd-check: yes
27
28 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
29 zonefile:
30 TEMPFILE_NAME example.com
31 ## this is the inline file /tmp/xxx.example.com
32 ## the tempfiles are deleted when the testrun is over.
33 TEMPFILE_CONTENTS example.com
34 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
35 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
36 example.com. 3600 IN NS ns.example.com.
37 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
38 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
39 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
40 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
41 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
42 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
43 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
44 bar.example.com. 3600 IN A 1.2.3.4
45 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
46 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
47 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
48 ding.example.com. 3600 IN A 1.2.3.4
49 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
50 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
51 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
52 foo.example.com. 3600 IN A 1.2.3.4
53 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
54 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
55 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
56 ns.example.com. 3600 IN A 127.0.0.1
57 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
58 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
59 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
60 www.example.com. 3600 IN A 127.0.0.1
61 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
62 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
63 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
64 TEMPFILE_END
65
66 stub-zone:
67 name: "."
68 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
69 CONFIG_END
70
71 SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with chain of trust
72
73 ; K.ROOT-SERVERS.NET.
74 RANGE_BEGIN 0 100
75 ADDRESS 193.0.14.129
76 ENTRY_BEGIN
77 MATCH opcode qtype qname
78 ADJUST copy_id
79 REPLY QR NOERROR
80 SECTION QUESTION
81 . IN NS
82 SECTION ANSWER
83 . IN NS K.ROOT-SERVERS.NET.
84 SECTION ADDITIONAL
85 K.ROOT-SERVERS.NET. IN A 193.0.14.129
86 ENTRY_END
87
88 ENTRY_BEGIN
89 MATCH opcode subdomain
90 ADJUST copy_id copy_query
91 REPLY QR NOERROR
92 SECTION QUESTION
93 com. IN NS
94 SECTION AUTHORITY
95 com. IN NS a.gtld-servers.net.
96 SECTION ADDITIONAL
97 a.gtld-servers.net. IN A 192.5.6.30
98 ENTRY_END
99 RANGE_END
100
101 ; a.gtld-servers.net.
102 RANGE_BEGIN 0 100
103 ADDRESS 192.5.6.30
104 ENTRY_BEGIN
105 MATCH opcode qtype qname
106 ADJUST copy_id
107 REPLY QR NOERROR
108 SECTION QUESTION
109 com. IN NS
110 SECTION ANSWER
111 com. IN NS a.gtld-servers.net.
112 SECTION ADDITIONAL
113 a.gtld-servers.net. IN A 192.5.6.30
114 ENTRY_END
115
116 ENTRY_BEGIN
117 MATCH opcode qname qtype
118 ADJUST copy_id
119 REPLY QR AA NOERROR
120 SECTION QUESTION
121 example.com. IN DS
122 SECTION ANSWER
123 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
124 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
125 ENTRY_END
126
127 ENTRY_BEGIN
128 MATCH opcode subdomain
129 ADJUST copy_id copy_query
130 REPLY QR NOERROR
131 SECTION QUESTION
132 example.com. IN NS
133 SECTION AUTHORITY
134 example.com. IN NS ns.example.com.
135 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
136 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
137 SECTION ADDITIONAL
138 ns.example.com. IN A 1.2.3.44
139 ENTRY_END
140
141 ENTRY_BEGIN
142 MATCH opcode qtype qname
143 ADJUST copy_id
144 REPLY QR AA NOERROR
145 SECTION QUESTION
146 com. IN DNSKEY
147 SECTION ANSWER
148 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
149 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
150 SECTION ADDITIONAL
151 ENTRY_END
152
153 RANGE_END
154
155 ; ns.example.net.
156 RANGE_BEGIN 0 100
157 ADDRESS 1.2.3.44
158 ENTRY_BEGIN
159 MATCH opcode qtype qname
160 ADJUST copy_id
161 REPLY QR NOERROR
162 SECTION QUESTION
163 example.net. IN NS
164 SECTION ANSWER
165 example.net. IN NS ns.example.net.
166 SECTION ADDITIONAL
167 ns.example.net. IN A 1.2.3.44
168 ENTRY_END
169
170 ENTRY_BEGIN
171 MATCH opcode qtype qname
172 ADJUST copy_id
173 REPLY QR NOERROR
174 SECTION QUESTION
175 ns.example.net. IN A
176 SECTION ANSWER
177 ns.example.net. IN A 1.2.3.44
178 SECTION AUTHORITY
179 example.net. IN NS ns.example.net.
180 ENTRY_END
181
182 ENTRY_BEGIN
183 MATCH opcode qtype qname
184 ADJUST copy_id
185 REPLY QR NOERROR
186 SECTION QUESTION
187 ns.example.net. IN AAAA
188 SECTION AUTHORITY
189 example.net. IN NS ns.example.net.
190 SECTION ADDITIONAL
191 www.example.net. IN A 1.2.3.44
192 ENTRY_END
193
194 ENTRY_BEGIN
195 MATCH opcode qtype qname
196 ADJUST copy_id
197 REPLY QR NOERROR
198 SECTION QUESTION
199 example.com. IN NS
200 SECTION ANSWER
201 example.com. IN NS ns.example.net.
202 ENTRY_END
203
204 ENTRY_BEGIN
205 MATCH opcode qtype qname
206 ADJUST copy_id
207 REPLY QR NOERROR
208 SECTION QUESTION
209 www.example.com. IN A
210 SECTION ANSWER
211 www.example.com. IN A 10.20.30.40
212 ENTRY_END
213 RANGE_END
214
215 STEP 1 QUERY
216 ENTRY_BEGIN
217 REPLY RD
218 SECTION QUESTION
219 www.example.com. IN A
220 ENTRY_END
221
222 ; recursion happens here.
223 STEP 20 CHECK_ANSWER
224 ENTRY_BEGIN
225 MATCH all
226 REPLY QR RD RA NOERROR
227 SECTION QUESTION
228 www.example.com. IN A
229 SECTION ANSWER
230 www.example.com. IN A 127.0.0.1
231 ENTRY_END
232
233 SCENARIO_END
+236
-0
testdata/auth_zonemd_chain_fail.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 ## url for http fetch
15 ## url:
16 ## queries from downstream clients get authoritative answers.
17 ## for-downstream: yes
18 for-downstream: no
19 ## queries are used to fetch authoritative answers from this zone,
20 ## instead of unbound itself sending queries there.
21 ## for-upstream: yes
22 for-upstream: yes
23 ## on failures with for-upstream, fallback to sending queries to
24 ## the authority servers
25 ## fallback-enabled: no
26 zonemd-check: yes
27
28 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
29 zonefile:
30 TEMPFILE_NAME example.com
31 ## this is the inline file /tmp/xxx.example.com
32 ## the tempfiles are deleted when the testrun is over.
33 TEMPFILE_CONTENTS example.com
34 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
35 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
36 example.com. 3600 IN NS ns.example.com.
37 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
38 ; dnskey is wrong:
39 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+AAAAA ;{id = 55566 (zsk), size = 1024b}
40 ; dnskey that was correct:
41 ;example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
42 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
43 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
44 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
45 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
46 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
47 bar.example.com. 3600 IN A 1.2.3.4
48 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
49 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
50 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
51 ding.example.com. 3600 IN A 1.2.3.4
52 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
53 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
54 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
55 foo.example.com. 3600 IN A 1.2.3.4
56 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
57 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
58 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
59 ns.example.com. 3600 IN A 127.0.0.1
60 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
61 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
62 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
63 www.example.com. 3600 IN A 127.0.0.1
64 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
65 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
66 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
67 TEMPFILE_END
68
69 stub-zone:
70 name: "."
71 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
72 CONFIG_END
73
74 SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed chain of trust
75
76 ; K.ROOT-SERVERS.NET.
77 RANGE_BEGIN 0 100
78 ADDRESS 193.0.14.129
79 ENTRY_BEGIN
80 MATCH opcode qtype qname
81 ADJUST copy_id
82 REPLY QR NOERROR
83 SECTION QUESTION
84 . IN NS
85 SECTION ANSWER
86 . IN NS K.ROOT-SERVERS.NET.
87 SECTION ADDITIONAL
88 K.ROOT-SERVERS.NET. IN A 193.0.14.129
89 ENTRY_END
90
91 ENTRY_BEGIN
92 MATCH opcode subdomain
93 ADJUST copy_id copy_query
94 REPLY QR NOERROR
95 SECTION QUESTION
96 com. IN NS
97 SECTION AUTHORITY
98 com. IN NS a.gtld-servers.net.
99 SECTION ADDITIONAL
100 a.gtld-servers.net. IN A 192.5.6.30
101 ENTRY_END
102 RANGE_END
103
104 ; a.gtld-servers.net.
105 RANGE_BEGIN 0 100
106 ADDRESS 192.5.6.30
107 ENTRY_BEGIN
108 MATCH opcode qtype qname
109 ADJUST copy_id
110 REPLY QR NOERROR
111 SECTION QUESTION
112 com. IN NS
113 SECTION ANSWER
114 com. IN NS a.gtld-servers.net.
115 SECTION ADDITIONAL
116 a.gtld-servers.net. IN A 192.5.6.30
117 ENTRY_END
118
119 ENTRY_BEGIN
120 MATCH opcode qname qtype
121 ADJUST copy_id
122 REPLY QR AA NOERROR
123 SECTION QUESTION
124 example.com. IN DS
125 SECTION ANSWER
126 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
127 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
128 ENTRY_END
129
130 ENTRY_BEGIN
131 MATCH opcode subdomain
132 ADJUST copy_id copy_query
133 REPLY QR NOERROR
134 SECTION QUESTION
135 example.com. IN NS
136 SECTION AUTHORITY
137 example.com. IN NS ns.example.com.
138 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
139 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
140 SECTION ADDITIONAL
141 ns.example.com. IN A 1.2.3.44
142 ENTRY_END
143
144 ENTRY_BEGIN
145 MATCH opcode qtype qname
146 ADJUST copy_id
147 REPLY QR AA NOERROR
148 SECTION QUESTION
149 com. IN DNSKEY
150 SECTION ANSWER
151 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
152 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
153 SECTION ADDITIONAL
154 ENTRY_END
155
156 RANGE_END
157
158 ; ns.example.net.
159 RANGE_BEGIN 0 100
160 ADDRESS 1.2.3.44
161 ENTRY_BEGIN
162 MATCH opcode qtype qname
163 ADJUST copy_id
164 REPLY QR NOERROR
165 SECTION QUESTION
166 example.net. IN NS
167 SECTION ANSWER
168 example.net. IN NS ns.example.net.
169 SECTION ADDITIONAL
170 ns.example.net. IN A 1.2.3.44
171 ENTRY_END
172
173 ENTRY_BEGIN
174 MATCH opcode qtype qname
175 ADJUST copy_id
176 REPLY QR NOERROR
177 SECTION QUESTION
178 ns.example.net. IN A
179 SECTION ANSWER
180 ns.example.net. IN A 1.2.3.44
181 SECTION AUTHORITY
182 example.net. IN NS ns.example.net.
183 ENTRY_END
184
185 ENTRY_BEGIN
186 MATCH opcode qtype qname
187 ADJUST copy_id
188 REPLY QR NOERROR
189 SECTION QUESTION
190 ns.example.net. IN AAAA
191 SECTION AUTHORITY
192 example.net. IN NS ns.example.net.
193 SECTION ADDITIONAL
194 www.example.net. IN A 1.2.3.44
195 ENTRY_END
196
197 ENTRY_BEGIN
198 MATCH opcode qtype qname
199 ADJUST copy_id
200 REPLY QR NOERROR
201 SECTION QUESTION
202 example.com. IN NS
203 SECTION ANSWER
204 example.com. IN NS ns.example.net.
205 ENTRY_END
206
207 ENTRY_BEGIN
208 MATCH opcode qtype qname
209 ADJUST copy_id
210 REPLY QR NOERROR
211 SECTION QUESTION
212 www.example.com. IN A
213 SECTION ANSWER
214 www.example.com. IN A 10.20.30.40
215 ENTRY_END
216 RANGE_END
217
218 STEP 1 QUERY
219 ENTRY_BEGIN
220 REPLY RD
221 SECTION QUESTION
222 www.example.com. IN A
223 ENTRY_END
224
225 ; recursion happens here.
226 STEP 20 CHECK_ANSWER
227 ENTRY_BEGIN
228 MATCH all
229 REPLY QR RD RA SERVFAIL
230 SECTION QUESTION
231 www.example.com. IN A
232 SECTION ANSWER
233 ENTRY_END
234
235 SCENARIO_END
+183
-0
testdata/auth_zonemd_file.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3
4 auth-zone:
5 name: "example.com."
6 ## zonefile (or none).
7 ## zonefile: "example.com.zone"
8 ## master by IP address or hostname
9 ## can list multiple masters, each on one line.
10 ## master:
11 ## url for http fetch
12 ## url:
13 ## queries from downstream clients get authoritative answers.
14 ## for-downstream: yes
15 for-downstream: no
16 ## queries are used to fetch authoritative answers from this zone,
17 ## instead of unbound itself sending queries there.
18 ## for-upstream: yes
19 for-upstream: yes
20 ## on failures with for-upstream, fallback to sending queries to
21 ## the authority servers
22 ## fallback-enabled: no
23 zonemd-check: yes
24
25 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
26 zonefile:
27 TEMPFILE_NAME example.com
28 ## this is the inline file /tmp/xxx.example.com
29 ## the tempfiles are deleted when the testrun is over.
30 TEMPFILE_CONTENTS example.com
31 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
32 example.com. IN NS ns.example.com.
33 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
34 www.example.com. IN A 127.0.0.1
35 ns.example.com. IN A 127.0.0.1
36 bar.example.com. IN A 1.2.3.4
37 ding.example.com. IN A 1.2.3.4
38 foo.example.com. IN A 1.2.3.4
39 TEMPFILE_END
40
41 stub-zone:
42 name: "."
43 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
44 CONFIG_END
45
46 SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile
47
48 ; K.ROOT-SERVERS.NET.
49 RANGE_BEGIN 0 100
50 ADDRESS 193.0.14.129
51 ENTRY_BEGIN
52 MATCH opcode qtype qname
53 ADJUST copy_id
54 REPLY QR NOERROR
55 SECTION QUESTION
56 . IN NS
57 SECTION ANSWER
58 . IN NS K.ROOT-SERVERS.NET.
59 SECTION ADDITIONAL
60 K.ROOT-SERVERS.NET. IN A 193.0.14.129
61 ENTRY_END
62
63 ENTRY_BEGIN
64 MATCH opcode subdomain
65 ADJUST copy_id copy_query
66 REPLY QR NOERROR
67 SECTION QUESTION
68 com. IN NS
69 SECTION AUTHORITY
70 com. IN NS a.gtld-servers.net.
71 SECTION ADDITIONAL
72 a.gtld-servers.net. IN A 192.5.6.30
73 ENTRY_END
74 RANGE_END
75
76 ; a.gtld-servers.net.
77 RANGE_BEGIN 0 100
78 ADDRESS 192.5.6.30
79 ENTRY_BEGIN
80 MATCH opcode qtype qname
81 ADJUST copy_id
82 REPLY QR NOERROR
83 SECTION QUESTION
84 com. IN NS
85 SECTION ANSWER
86 com. IN NS a.gtld-servers.net.
87 SECTION ADDITIONAL
88 a.gtld-servers.net. IN A 192.5.6.30
89 ENTRY_END
90
91 ENTRY_BEGIN
92 MATCH opcode subdomain
93 ADJUST copy_id copy_query
94 REPLY QR NOERROR
95 SECTION QUESTION
96 example.com. IN NS
97 SECTION AUTHORITY
98 example.com. IN NS ns.example.com.
99 SECTION ADDITIONAL
100 ns.example.com. IN A 1.2.3.44
101 ENTRY_END
102 RANGE_END
103
104 ; ns.example.net.
105 RANGE_BEGIN 0 100
106 ADDRESS 1.2.3.44
107 ENTRY_BEGIN
108 MATCH opcode qtype qname
109 ADJUST copy_id
110 REPLY QR NOERROR
111 SECTION QUESTION
112 example.net. IN NS
113 SECTION ANSWER
114 example.net. IN NS ns.example.net.
115 SECTION ADDITIONAL
116 ns.example.net. IN A 1.2.3.44
117 ENTRY_END
118
119 ENTRY_BEGIN
120 MATCH opcode qtype qname
121 ADJUST copy_id
122 REPLY QR NOERROR
123 SECTION QUESTION
124 ns.example.net. IN A
125 SECTION ANSWER
126 ns.example.net. IN A 1.2.3.44
127 SECTION AUTHORITY
128 example.net. IN NS ns.example.net.
129 ENTRY_END
130
131 ENTRY_BEGIN
132 MATCH opcode qtype qname
133 ADJUST copy_id
134 REPLY QR NOERROR
135 SECTION QUESTION
136 ns.example.net. IN AAAA
137 SECTION AUTHORITY
138 example.net. IN NS ns.example.net.
139 SECTION ADDITIONAL
140 www.example.net. IN A 1.2.3.44
141 ENTRY_END
142
143 ENTRY_BEGIN
144 MATCH opcode qtype qname
145 ADJUST copy_id
146 REPLY QR NOERROR
147 SECTION QUESTION
148 example.com. IN NS
149 SECTION ANSWER
150 example.com. IN NS ns.example.net.
151 ENTRY_END
152
153 ENTRY_BEGIN
154 MATCH opcode qtype qname
155 ADJUST copy_id
156 REPLY QR NOERROR
157 SECTION QUESTION
158 www.example.com. IN A
159 SECTION ANSWER
160 www.example.com. IN A 10.20.30.40
161 ENTRY_END
162 RANGE_END
163
164 STEP 1 QUERY
165 ENTRY_BEGIN
166 REPLY RD
167 SECTION QUESTION
168 www.example.com. IN A
169 ENTRY_END
170
171 ; recursion happens here.
172 STEP 20 CHECK_ANSWER
173 ENTRY_BEGIN
174 MATCH all
175 REPLY QR RD RA NOERROR
176 SECTION QUESTION
177 www.example.com. IN A
178 SECTION ANSWER
179 www.example.com. IN A 127.0.0.1
180 ENTRY_END
181
182 SCENARIO_END
+185
-0
testdata/auth_zonemd_file_fail.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3
4 auth-zone:
5 name: "example.com."
6 ## zonefile (or none).
7 ## zonefile: "example.com.zone"
8 ## master by IP address or hostname
9 ## can list multiple masters, each on one line.
10 ## master:
11 ## url for http fetch
12 ## url:
13 ## queries from downstream clients get authoritative answers.
14 ## for-downstream: yes
15 for-downstream: no
16 ## queries are used to fetch authoritative answers from this zone,
17 ## instead of unbound itself sending queries there.
18 ## for-upstream: yes
19 for-upstream: yes
20 ## on failures with for-upstream, fallback to sending queries to
21 ## the authority servers
22 ## fallback-enabled: no
23 zonemd-check: yes
24
25 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
26 zonefile:
27 TEMPFILE_NAME example.com
28 ## this is the inline file /tmp/xxx.example.com
29 ## the tempfiles are deleted when the testrun is over.
30 TEMPFILE_CONTENTS example.com
31 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
32 example.com. IN NS ns.example.com.
33 ; good zonemd
34 ;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
35 ; wrong zonemd
36 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA
37 www.example.com. IN A 127.0.0.1
38 ns.example.com. IN A 127.0.0.1
39 bar.example.com. IN A 1.2.3.4
40 ding.example.com. IN A 1.2.3.4
41 foo.example.com. IN A 1.2.3.4
42 TEMPFILE_END
43
44 stub-zone:
45 name: "."
46 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
47 CONFIG_END
48
49 SCENARIO_BEGIN Test authority zone with ZONEMD failure from zonefile
50
51 ; K.ROOT-SERVERS.NET.
52 RANGE_BEGIN 0 100
53 ADDRESS 193.0.14.129
54 ENTRY_BEGIN
55 MATCH opcode qtype qname
56 ADJUST copy_id
57 REPLY QR NOERROR
58 SECTION QUESTION
59 . IN NS
60 SECTION ANSWER
61 . IN NS K.ROOT-SERVERS.NET.
62 SECTION ADDITIONAL
63 K.ROOT-SERVERS.NET. IN A 193.0.14.129
64 ENTRY_END
65
66 ENTRY_BEGIN
67 MATCH opcode subdomain
68 ADJUST copy_id copy_query
69 REPLY QR NOERROR
70 SECTION QUESTION
71 com. IN NS
72 SECTION AUTHORITY
73 com. IN NS a.gtld-servers.net.
74 SECTION ADDITIONAL
75 a.gtld-servers.net. IN A 192.5.6.30
76 ENTRY_END
77 RANGE_END
78
79 ; a.gtld-servers.net.
80 RANGE_BEGIN 0 100
81 ADDRESS 192.5.6.30
82 ENTRY_BEGIN
83 MATCH opcode qtype qname
84 ADJUST copy_id
85 REPLY QR NOERROR
86 SECTION QUESTION
87 com. IN NS
88 SECTION ANSWER
89 com. IN NS a.gtld-servers.net.
90 SECTION ADDITIONAL
91 a.gtld-servers.net. IN A 192.5.6.30
92 ENTRY_END
93
94 ENTRY_BEGIN
95 MATCH opcode subdomain
96 ADJUST copy_id copy_query
97 REPLY QR NOERROR
98 SECTION QUESTION
99 example.com. IN NS
100 SECTION AUTHORITY
101 example.com. IN NS ns.example.com.
102 SECTION ADDITIONAL
103 ns.example.com. IN A 1.2.3.44
104 ENTRY_END
105 RANGE_END
106
107 ; ns.example.net.
108 RANGE_BEGIN 0 100
109 ADDRESS 1.2.3.44
110 ENTRY_BEGIN
111 MATCH opcode qtype qname
112 ADJUST copy_id
113 REPLY QR NOERROR
114 SECTION QUESTION
115 example.net. IN NS
116 SECTION ANSWER
117 example.net. IN NS ns.example.net.
118 SECTION ADDITIONAL
119 ns.example.net. IN A 1.2.3.44
120 ENTRY_END
121
122 ENTRY_BEGIN
123 MATCH opcode qtype qname
124 ADJUST copy_id
125 REPLY QR NOERROR
126 SECTION QUESTION
127 ns.example.net. IN A
128 SECTION ANSWER
129 ns.example.net. IN A 1.2.3.44
130 SECTION AUTHORITY
131 example.net. IN NS ns.example.net.
132 ENTRY_END
133
134 ENTRY_BEGIN
135 MATCH opcode qtype qname
136 ADJUST copy_id
137 REPLY QR NOERROR
138 SECTION QUESTION
139 ns.example.net. IN AAAA
140 SECTION AUTHORITY
141 example.net. IN NS ns.example.net.
142 SECTION ADDITIONAL
143 www.example.net. IN A 1.2.3.44
144 ENTRY_END
145
146 ENTRY_BEGIN
147 MATCH opcode qtype qname
148 ADJUST copy_id
149 REPLY QR NOERROR
150 SECTION QUESTION
151 example.com. IN NS
152 SECTION ANSWER
153 example.com. IN NS ns.example.net.
154 ENTRY_END
155
156 ENTRY_BEGIN
157 MATCH opcode qtype qname
158 ADJUST copy_id
159 REPLY QR NOERROR
160 SECTION QUESTION
161 www.example.com. IN A
162 SECTION ANSWER
163 www.example.com. IN A 10.20.30.40
164 ENTRY_END
165 RANGE_END
166
167 STEP 1 QUERY
168 ENTRY_BEGIN
169 REPLY RD
170 SECTION QUESTION
171 www.example.com. IN A
172 ENTRY_END
173
174 ; recursion happens here.
175 STEP 20 CHECK_ANSWER
176 ENTRY_BEGIN
177 MATCH all
178 REPLY QR RD RA SERVFAIL
179 SECTION QUESTION
180 www.example.com. IN A
181 SECTION ANSWER
182 ENTRY_END
183
184 SCENARIO_END
+215
-0
testdata/auth_zonemd_insecure.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 ## url for http fetch
15 ## url:
16 ## queries from downstream clients get authoritative answers.
17 ## for-downstream: yes
18 for-downstream: no
19 ## queries are used to fetch authoritative answers from this zone,
20 ## instead of unbound itself sending queries there.
21 ## for-upstream: yes
22 for-upstream: yes
23 ## on failures with for-upstream, fallback to sending queries to
24 ## the authority servers
25 ## fallback-enabled: no
26 zonemd-check: yes
27
28 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
29 zonefile:
30 TEMPFILE_NAME example.com
31 ## this is the inline file /tmp/xxx.example.com
32 ## the tempfiles are deleted when the testrun is over.
33 TEMPFILE_CONTENTS example.com
34 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
35 example.com. IN NS ns.example.com.
36 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
37 www.example.com. IN A 127.0.0.1
38 ns.example.com. IN A 127.0.0.1
39 bar.example.com. IN A 1.2.3.4
40 ding.example.com. IN A 1.2.3.4
41 foo.example.com. IN A 1.2.3.4
42 TEMPFILE_END
43
44 stub-zone:
45 name: "."
46 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
47 CONFIG_END
48
49 SCENARIO_BEGIN Test authority zone with ZONEMD that is securely insecure
50 ; the trust anchor finds an online delegation with an insecure DS referral.
51
52 ; K.ROOT-SERVERS.NET.
53 RANGE_BEGIN 0 100
54 ADDRESS 193.0.14.129
55 ENTRY_BEGIN
56 MATCH opcode qtype qname
57 ADJUST copy_id
58 REPLY QR NOERROR
59 SECTION QUESTION
60 . IN NS
61 SECTION ANSWER
62 . IN NS K.ROOT-SERVERS.NET.
63 SECTION ADDITIONAL
64 K.ROOT-SERVERS.NET. IN A 193.0.14.129
65 ENTRY_END
66
67 ENTRY_BEGIN
68 MATCH opcode subdomain
69 ADJUST copy_id copy_query
70 REPLY QR NOERROR
71 SECTION QUESTION
72 com. IN NS
73 SECTION AUTHORITY
74 com. IN NS a.gtld-servers.net.
75 SECTION ADDITIONAL
76 a.gtld-servers.net. IN A 192.5.6.30
77 ENTRY_END
78 RANGE_END
79
80 ; a.gtld-servers.net.
81 RANGE_BEGIN 0 100
82 ADDRESS 192.5.6.30
83 ENTRY_BEGIN
84 MATCH opcode qtype qname
85 ADJUST copy_id
86 REPLY QR NOERROR
87 SECTION QUESTION
88 com. IN NS
89 SECTION ANSWER
90 com. IN NS a.gtld-servers.net.
91 SECTION ADDITIONAL
92 a.gtld-servers.net. IN A 192.5.6.30
93 ENTRY_END
94
95 ENTRY_BEGIN
96 MATCH opcode qname qtype
97 ADJUST copy_id
98 REPLY QR AA NOERROR
99 SECTION QUESTION
100 example.com. IN DS
101 SECTION AUTHORITY
102 com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400
103 com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM=
104 example.com. IN NSEC foo.com. NS RRSIG
105 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
106 ENTRY_END
107
108 ENTRY_BEGIN
109 MATCH opcode subdomain
110 ADJUST copy_id copy_query
111 REPLY QR NOERROR
112 SECTION QUESTION
113 example.com. IN NS
114 SECTION AUTHORITY
115 example.com. IN NS ns.example.com.
116 example.com. IN NSEC foo.com. NS RRSIG
117 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
118 SECTION ADDITIONAL
119 ns.example.com. IN A 1.2.3.44
120 ENTRY_END
121
122 ENTRY_BEGIN
123 MATCH opcode qtype qname
124 ADJUST copy_id
125 REPLY QR AA NOERROR
126 SECTION QUESTION
127 com. IN DNSKEY
128 SECTION ANSWER
129 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
130 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
131 SECTION ADDITIONAL
132 ENTRY_END
133
134 RANGE_END
135
136 ; ns.example.net.
137 RANGE_BEGIN 0 100
138 ADDRESS 1.2.3.44
139 ENTRY_BEGIN
140 MATCH opcode qtype qname
141 ADJUST copy_id
142 REPLY QR NOERROR
143 SECTION QUESTION
144 example.net. IN NS
145 SECTION ANSWER
146 example.net. IN NS ns.example.net.
147 SECTION ADDITIONAL
148 ns.example.net. IN A 1.2.3.44
149 ENTRY_END
150
151 ENTRY_BEGIN
152 MATCH opcode qtype qname
153 ADJUST copy_id
154 REPLY QR NOERROR
155 SECTION QUESTION
156 ns.example.net. IN A
157 SECTION ANSWER
158 ns.example.net. IN A 1.2.3.44
159 SECTION AUTHORITY
160 example.net. IN NS ns.example.net.
161 ENTRY_END
162
163 ENTRY_BEGIN
164 MATCH opcode qtype qname
165 ADJUST copy_id
166 REPLY QR NOERROR
167 SECTION QUESTION
168 ns.example.net. IN AAAA
169 SECTION AUTHORITY
170 example.net. IN NS ns.example.net.
171 SECTION ADDITIONAL
172 www.example.net. IN A 1.2.3.44
173 ENTRY_END
174
175 ENTRY_BEGIN
176 MATCH opcode qtype qname
177 ADJUST copy_id
178 REPLY QR NOERROR
179 SECTION QUESTION
180 example.com. IN NS
181 SECTION ANSWER
182 example.com. IN NS ns.example.net.
183 ENTRY_END
184
185 ENTRY_BEGIN
186 MATCH opcode qtype qname
187 ADJUST copy_id
188 REPLY QR NOERROR
189 SECTION QUESTION
190 www.example.com. IN A
191 SECTION ANSWER
192 www.example.com. IN A 10.20.30.40
193 ENTRY_END
194 RANGE_END
195
196 STEP 1 QUERY
197 ENTRY_BEGIN
198 REPLY RD
199 SECTION QUESTION
200 www.example.com. IN A
201 ENTRY_END
202
203 ; recursion happens here.
204 STEP 20 CHECK_ANSWER
205 ENTRY_BEGIN
206 MATCH all
207 REPLY QR RD RA NOERROR
208 SECTION QUESTION
209 www.example.com. IN A
210 SECTION ANSWER
211 www.example.com. IN A 127.0.0.1
212 ENTRY_END
213
214 SCENARIO_END
+217
-0
testdata/auth_zonemd_insecure_absent.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 ## url for http fetch
15 ## url:
16 ## queries from downstream clients get authoritative answers.
17 ## for-downstream: yes
18 for-downstream: no
19 ## queries are used to fetch authoritative answers from this zone,
20 ## instead of unbound itself sending queries there.
21 ## for-upstream: yes
22 for-upstream: yes
23 ## on failures with for-upstream, fallback to sending queries to
24 ## the authority servers
25 ## fallback-enabled: no
26 zonemd-check: yes
27
28 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
29 zonefile:
30 TEMPFILE_NAME example.com
31 ## this is the inline file /tmp/xxx.example.com
32 ## the tempfiles are deleted when the testrun is over.
33 TEMPFILE_CONTENTS example.com
34 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
35 example.com. IN NS ns.example.com.
36 ; the missing ZONEMD record
37 ;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
38 www.example.com. IN A 127.0.0.1
39 ns.example.com. IN A 127.0.0.1
40 bar.example.com. IN A 1.2.3.4
41 ding.example.com. IN A 1.2.3.4
42 foo.example.com. IN A 1.2.3.4
43 TEMPFILE_END
44
45 stub-zone:
46 name: "."
47 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
48 CONFIG_END
49
50 SCENARIO_BEGIN Test authority zone with absent ZONEMD that is securely insecure
51 ; the trust anchor finds an online delegation with an insecure DS referral.
52 ; the ZONEMD is not there.
53
54 ; K.ROOT-SERVERS.NET.
55 RANGE_BEGIN 0 100
56 ADDRESS 193.0.14.129
57 ENTRY_BEGIN
58 MATCH opcode qtype qname
59 ADJUST copy_id
60 REPLY QR NOERROR
61 SECTION QUESTION
62 . IN NS
63 SECTION ANSWER
64 . IN NS K.ROOT-SERVERS.NET.
65 SECTION ADDITIONAL
66 K.ROOT-SERVERS.NET. IN A 193.0.14.129
67 ENTRY_END
68
69 ENTRY_BEGIN
70 MATCH opcode subdomain
71 ADJUST copy_id copy_query
72 REPLY QR NOERROR
73 SECTION QUESTION
74 com. IN NS
75 SECTION AUTHORITY
76 com. IN NS a.gtld-servers.net.
77 SECTION ADDITIONAL
78 a.gtld-servers.net. IN A 192.5.6.30
79 ENTRY_END
80 RANGE_END
81
82 ; a.gtld-servers.net.
83 RANGE_BEGIN 0 100
84 ADDRESS 192.5.6.30
85 ENTRY_BEGIN
86 MATCH opcode qtype qname
87 ADJUST copy_id
88 REPLY QR NOERROR
89 SECTION QUESTION
90 com. IN NS
91 SECTION ANSWER
92 com. IN NS a.gtld-servers.net.
93 SECTION ADDITIONAL
94 a.gtld-servers.net. IN A 192.5.6.30
95 ENTRY_END
96
97 ENTRY_BEGIN
98 MATCH opcode qname qtype
99 ADJUST copy_id
100 REPLY QR AA NOERROR
101 SECTION QUESTION
102 example.com. IN DS
103 SECTION AUTHORITY
104 com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400
105 com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM=
106 example.com. IN NSEC foo.com. NS RRSIG
107 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
108 ENTRY_END
109
110 ENTRY_BEGIN
111 MATCH opcode subdomain
112 ADJUST copy_id copy_query
113 REPLY QR NOERROR
114 SECTION QUESTION
115 example.com. IN NS
116 SECTION AUTHORITY
117 example.com. IN NS ns.example.com.
118 example.com. IN NSEC foo.com. NS RRSIG
119 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
120 SECTION ADDITIONAL
121 ns.example.com. IN A 1.2.3.44
122 ENTRY_END
123
124 ENTRY_BEGIN
125 MATCH opcode qtype qname
126 ADJUST copy_id
127 REPLY QR AA NOERROR
128 SECTION QUESTION
129 com. IN DNSKEY
130 SECTION ANSWER
131 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
132 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
133 SECTION ADDITIONAL
134 ENTRY_END
135
136 RANGE_END
137
138 ; ns.example.net.
139 RANGE_BEGIN 0 100
140 ADDRESS 1.2.3.44
141 ENTRY_BEGIN
142 MATCH opcode qtype qname
143 ADJUST copy_id
144 REPLY QR NOERROR
145 SECTION QUESTION
146 example.net. IN NS
147 SECTION ANSWER
148 example.net. IN NS ns.example.net.
149 SECTION ADDITIONAL
150 ns.example.net. IN A 1.2.3.44
151 ENTRY_END
152
153 ENTRY_BEGIN
154 MATCH opcode qtype qname
155 ADJUST copy_id
156 REPLY QR NOERROR
157 SECTION QUESTION
158 ns.example.net. IN A
159 SECTION ANSWER
160 ns.example.net. IN A 1.2.3.44
161 SECTION AUTHORITY
162 example.net. IN NS ns.example.net.
163 ENTRY_END
164
165 ENTRY_BEGIN
166 MATCH opcode qtype qname
167 ADJUST copy_id
168 REPLY QR NOERROR
169 SECTION QUESTION
170 ns.example.net. IN AAAA
171 SECTION AUTHORITY
172 example.net. IN NS ns.example.net.
173 SECTION ADDITIONAL
174 www.example.net. IN A 1.2.3.44
175 ENTRY_END
176
177 ENTRY_BEGIN
178 MATCH opcode qtype qname
179 ADJUST copy_id
180 REPLY QR NOERROR
181 SECTION QUESTION
182 example.com. IN NS
183 SECTION ANSWER
184 example.com. IN NS ns.example.net.
185 ENTRY_END
186
187 ENTRY_BEGIN
188 MATCH opcode qtype qname
189 ADJUST copy_id
190 REPLY QR NOERROR
191 SECTION QUESTION
192 www.example.com. IN A
193 SECTION ANSWER
194 www.example.com. IN A 10.20.30.40
195 ENTRY_END
196 RANGE_END
197
198 STEP 1 QUERY
199 ENTRY_BEGIN
200 REPLY RD
201 SECTION QUESTION
202 www.example.com. IN A
203 ENTRY_END
204
205 ; recursion happens here.
206 STEP 20 CHECK_ANSWER
207 ENTRY_BEGIN
208 MATCH all
209 REPLY QR RD RA NOERROR
210 SECTION QUESTION
211 www.example.com. IN A
212 SECTION ANSWER
213 www.example.com. IN A 127.0.0.1
214 ENTRY_END
215
216 SCENARIO_END
+218
-0
testdata/auth_zonemd_insecure_absent_reject.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 zonemd-check: yes
10 zonemd-reject-absence: yes
11 ## zonefile (or none).
12 ## zonefile: "example.com.zone"
13 ## master by IP address or hostname
14 ## can list multiple masters, each on one line.
15 ## master:
16 ## url for http fetch
17 ## url:
18 ## queries from downstream clients get authoritative answers.
19 ## for-downstream: yes
20 for-downstream: no
21 ## queries are used to fetch authoritative answers from this zone,
22 ## instead of unbound itself sending queries there.
23 ## for-upstream: yes
24 for-upstream: yes
25 ## on failures with for-upstream, fallback to sending queries to
26 ## the authority servers
27 ## fallback-enabled: no
28
29 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
30 zonefile:
31 TEMPFILE_NAME example.com
32 ## this is the inline file /tmp/xxx.example.com
33 ## the tempfiles are deleted when the testrun is over.
34 TEMPFILE_CONTENTS example.com
35 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
36 example.com. IN NS ns.example.com.
37 ; the missing ZONEMD record
38 ;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
39 www.example.com. IN A 127.0.0.1
40 ns.example.com. IN A 127.0.0.1
41 bar.example.com. IN A 1.2.3.4
42 ding.example.com. IN A 1.2.3.4
43 foo.example.com. IN A 1.2.3.4
44 TEMPFILE_END
45
46 stub-zone:
47 name: "."
48 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
49 CONFIG_END
50
51 SCENARIO_BEGIN Test authority zone with reject-absence ZONEMD that is securely insecure
52 ; the trust anchor finds an online delegation with an insecure DS referral.
53 ; the ZONEMD is not there. This is not allowed by the zonemd-reject-absence
54 ; option in config, so it fails the zone.
55
56 ; K.ROOT-SERVERS.NET.
57 RANGE_BEGIN 0 100
58 ADDRESS 193.0.14.129
59 ENTRY_BEGIN
60 MATCH opcode qtype qname
61 ADJUST copy_id
62 REPLY QR NOERROR
63 SECTION QUESTION
64 . IN NS
65 SECTION ANSWER
66 . IN NS K.ROOT-SERVERS.NET.
67 SECTION ADDITIONAL
68 K.ROOT-SERVERS.NET. IN A 193.0.14.129
69 ENTRY_END
70
71 ENTRY_BEGIN
72 MATCH opcode subdomain
73 ADJUST copy_id copy_query
74 REPLY QR NOERROR
75 SECTION QUESTION
76 com. IN NS
77 SECTION AUTHORITY
78 com. IN NS a.gtld-servers.net.
79 SECTION ADDITIONAL
80 a.gtld-servers.net. IN A 192.5.6.30
81 ENTRY_END
82 RANGE_END
83
84 ; a.gtld-servers.net.
85 RANGE_BEGIN 0 100
86 ADDRESS 192.5.6.30
87 ENTRY_BEGIN
88 MATCH opcode qtype qname
89 ADJUST copy_id
90 REPLY QR NOERROR
91 SECTION QUESTION
92 com. IN NS
93 SECTION ANSWER
94 com. IN NS a.gtld-servers.net.
95 SECTION ADDITIONAL
96 a.gtld-servers.net. IN A 192.5.6.30
97 ENTRY_END
98
99 ENTRY_BEGIN
100 MATCH opcode qname qtype
101 ADJUST copy_id
102 REPLY QR AA NOERROR
103 SECTION QUESTION
104 example.com. IN DS
105 SECTION AUTHORITY
106 com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400
107 com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM=
108 example.com. IN NSEC foo.com. NS RRSIG
109 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
110 ENTRY_END
111
112 ENTRY_BEGIN
113 MATCH opcode subdomain
114 ADJUST copy_id copy_query
115 REPLY QR NOERROR
116 SECTION QUESTION
117 example.com. IN NS
118 SECTION AUTHORITY
119 example.com. IN NS ns.example.com.
120 example.com. IN NSEC foo.com. NS RRSIG
121 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
122 SECTION ADDITIONAL
123 ns.example.com. IN A 1.2.3.44
124 ENTRY_END
125
126 ENTRY_BEGIN
127 MATCH opcode qtype qname
128 ADJUST copy_id
129 REPLY QR AA NOERROR
130 SECTION QUESTION
131 com. IN DNSKEY
132 SECTION ANSWER
133 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
134 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
135 SECTION ADDITIONAL
136 ENTRY_END
137
138 RANGE_END
139
140 ; ns.example.net.
141 RANGE_BEGIN 0 100
142 ADDRESS 1.2.3.44
143 ENTRY_BEGIN
144 MATCH opcode qtype qname
145 ADJUST copy_id
146 REPLY QR NOERROR
147 SECTION QUESTION
148 example.net. IN NS
149 SECTION ANSWER
150 example.net. IN NS ns.example.net.
151 SECTION ADDITIONAL
152 ns.example.net. IN A 1.2.3.44
153 ENTRY_END
154
155 ENTRY_BEGIN
156 MATCH opcode qtype qname
157 ADJUST copy_id
158 REPLY QR NOERROR
159 SECTION QUESTION
160 ns.example.net. IN A
161 SECTION ANSWER
162 ns.example.net. IN A 1.2.3.44
163 SECTION AUTHORITY
164 example.net. IN NS ns.example.net.
165 ENTRY_END
166
167 ENTRY_BEGIN
168 MATCH opcode qtype qname
169 ADJUST copy_id
170 REPLY QR NOERROR
171 SECTION QUESTION
172 ns.example.net. IN AAAA
173 SECTION AUTHORITY
174 example.net. IN NS ns.example.net.
175 SECTION ADDITIONAL
176 www.example.net. IN A 1.2.3.44
177 ENTRY_END
178
179 ENTRY_BEGIN
180 MATCH opcode qtype qname
181 ADJUST copy_id
182 REPLY QR NOERROR
183 SECTION QUESTION
184 example.com. IN NS
185 SECTION ANSWER
186 example.com. IN NS ns.example.net.
187 ENTRY_END
188
189 ENTRY_BEGIN
190 MATCH opcode qtype qname
191 ADJUST copy_id
192 REPLY QR NOERROR
193 SECTION QUESTION
194 www.example.com. IN A
195 SECTION ANSWER
196 www.example.com. IN A 10.20.30.40
197 ENTRY_END
198 RANGE_END
199
200 STEP 1 QUERY
201 ENTRY_BEGIN
202 REPLY RD
203 SECTION QUESTION
204 www.example.com. IN A
205 ENTRY_END
206
207 ; recursion happens here.
208 STEP 20 CHECK_ANSWER
209 ENTRY_BEGIN
210 MATCH all
211 REPLY QR RD RA SERVFAIL
212 SECTION QUESTION
213 www.example.com. IN A
214 SECTION ANSWER
215 ENTRY_END
216
217 SCENARIO_END
+218
-0
testdata/auth_zonemd_insecure_fail.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 ## url for http fetch
15 ## url:
16 ## queries from downstream clients get authoritative answers.
17 ## for-downstream: yes
18 for-downstream: no
19 ## queries are used to fetch authoritative answers from this zone,
20 ## instead of unbound itself sending queries there.
21 ## for-upstream: yes
22 for-upstream: yes
23 ## on failures with for-upstream, fallback to sending queries to
24 ## the authority servers
25 ## fallback-enabled: no
26 zonemd-check: yes
27
28 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
29 zonefile:
30 TEMPFILE_NAME example.com
31 ## this is the inline file /tmp/xxx.example.com
32 ## the tempfiles are deleted when the testrun is over.
33 TEMPFILE_CONTENTS example.com
34 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
35 example.com. IN NS ns.example.com.
36 ; correct ZONEMD
37 ;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
38 ; wrong ZONEMD
39 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA
40 www.example.com. IN A 127.0.0.1
41 ns.example.com. IN A 127.0.0.1
42 bar.example.com. IN A 1.2.3.4
43 ding.example.com. IN A 1.2.3.4
44 foo.example.com. IN A 1.2.3.4
45 TEMPFILE_END
46
47 stub-zone:
48 name: "."
49 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
50 CONFIG_END
51
52 SCENARIO_BEGIN Test authority zone with ZONEMD fail that is securely insecure
53 ; the trust anchor finds an online delegation with an insecure DS referral.
54 ; the ZONEMD is wrong, eg. the hash does not match the zone data.
55
56 ; K.ROOT-SERVERS.NET.
57 RANGE_BEGIN 0 100
58 ADDRESS 193.0.14.129
59 ENTRY_BEGIN
60 MATCH opcode qtype qname
61 ADJUST copy_id
62 REPLY QR NOERROR
63 SECTION QUESTION
64 . IN NS
65 SECTION ANSWER
66 . IN NS K.ROOT-SERVERS.NET.
67 SECTION ADDITIONAL
68 K.ROOT-SERVERS.NET. IN A 193.0.14.129
69 ENTRY_END
70
71 ENTRY_BEGIN
72 MATCH opcode subdomain
73 ADJUST copy_id copy_query
74 REPLY QR NOERROR
75 SECTION QUESTION
76 com. IN NS
77 SECTION AUTHORITY
78 com. IN NS a.gtld-servers.net.
79 SECTION ADDITIONAL
80 a.gtld-servers.net. IN A 192.5.6.30
81 ENTRY_END
82 RANGE_END
83
84 ; a.gtld-servers.net.
85 RANGE_BEGIN 0 100
86 ADDRESS 192.5.6.30
87 ENTRY_BEGIN
88 MATCH opcode qtype qname
89 ADJUST copy_id
90 REPLY QR NOERROR
91 SECTION QUESTION
92 com. IN NS
93 SECTION ANSWER
94 com. IN NS a.gtld-servers.net.
95 SECTION ADDITIONAL
96 a.gtld-servers.net. IN A 192.5.6.30
97 ENTRY_END
98
99 ENTRY_BEGIN
100 MATCH opcode qname qtype
101 ADJUST copy_id
102 REPLY QR AA NOERROR
103 SECTION QUESTION
104 example.com. IN DS
105 SECTION AUTHORITY
106 com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400
107 com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM=
108 example.com. IN NSEC foo.com. NS RRSIG
109 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
110 ENTRY_END
111
112 ENTRY_BEGIN
113 MATCH opcode subdomain
114 ADJUST copy_id copy_query
115 REPLY QR NOERROR
116 SECTION QUESTION
117 example.com. IN NS
118 SECTION AUTHORITY
119 example.com. IN NS ns.example.com.
120 example.com. IN NSEC foo.com. NS RRSIG
121 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
122 SECTION ADDITIONAL
123 ns.example.com. IN A 1.2.3.44
124 ENTRY_END
125
126 ENTRY_BEGIN
127 MATCH opcode qtype qname
128 ADJUST copy_id
129 REPLY QR AA NOERROR
130 SECTION QUESTION
131 com. IN DNSKEY
132 SECTION ANSWER
133 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
134 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
135 SECTION ADDITIONAL
136 ENTRY_END
137
138 RANGE_END
139
140 ; ns.example.net.
141 RANGE_BEGIN 0 100
142 ADDRESS 1.2.3.44
143 ENTRY_BEGIN
144 MATCH opcode qtype qname
145 ADJUST copy_id
146 REPLY QR NOERROR
147 SECTION QUESTION
148 example.net. IN NS
149 SECTION ANSWER
150 example.net. IN NS ns.example.net.
151 SECTION ADDITIONAL
152 ns.example.net. IN A 1.2.3.44
153 ENTRY_END
154
155 ENTRY_BEGIN
156 MATCH opcode qtype qname
157 ADJUST copy_id
158 REPLY QR NOERROR
159 SECTION QUESTION
160 ns.example.net. IN A
161 SECTION ANSWER
162 ns.example.net. IN A 1.2.3.44
163 SECTION AUTHORITY
164 example.net. IN NS ns.example.net.
165 ENTRY_END
166
167 ENTRY_BEGIN
168 MATCH opcode qtype qname
169 ADJUST copy_id
170 REPLY QR NOERROR
171 SECTION QUESTION
172 ns.example.net. IN AAAA
173 SECTION AUTHORITY
174 example.net. IN NS ns.example.net.
175 SECTION ADDITIONAL
176 www.example.net. IN A 1.2.3.44
177 ENTRY_END
178
179 ENTRY_BEGIN
180 MATCH opcode qtype qname
181 ADJUST copy_id
182 REPLY QR NOERROR
183 SECTION QUESTION
184 example.com. IN NS
185 SECTION ANSWER
186 example.com. IN NS ns.example.net.
187 ENTRY_END
188
189 ENTRY_BEGIN
190 MATCH opcode qtype qname
191 ADJUST copy_id
192 REPLY QR NOERROR
193 SECTION QUESTION
194 www.example.com. IN A
195 SECTION ANSWER
196 www.example.com. IN A 10.20.30.40
197 ENTRY_END
198 RANGE_END
199
200 STEP 1 QUERY
201 ENTRY_BEGIN
202 REPLY RD
203 SECTION QUESTION
204 www.example.com. IN A
205 ENTRY_END
206
207 ; recursion happens here.
208 STEP 20 CHECK_ANSWER
209 ENTRY_BEGIN
210 MATCH all
211 REPLY QR RD RA SERVFAIL
212 SECTION QUESTION
213 www.example.com. IN A
214 SECTION ANSWER
215 ENTRY_END
216
217 SCENARIO_END
+212
-0
testdata/auth_zonemd_nokey.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 ## url for http fetch
15 ## url:
16 ## queries from downstream clients get authoritative answers.
17 ## for-downstream: yes
18 for-downstream: no
19 ## queries are used to fetch authoritative answers from this zone,
20 ## instead of unbound itself sending queries there.
21 ## for-upstream: yes
22 for-upstream: yes
23 ## on failures with for-upstream, fallback to sending queries to
24 ## the authority servers
25 ## fallback-enabled: no
26 zonemd-check: yes
27
28 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
29 zonefile:
30 TEMPFILE_NAME example.com
31 ## this is the inline file /tmp/xxx.example.com
32 ## the tempfiles are deleted when the testrun is over.
33 TEMPFILE_CONTENTS example.com
34 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
35 example.com. IN NS ns.example.com.
36 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
37 www.example.com. IN A 127.0.0.1
38 ns.example.com. IN A 127.0.0.1
39 bar.example.com. IN A 1.2.3.4
40 ding.example.com. IN A 1.2.3.4
41 foo.example.com. IN A 1.2.3.4
42 TEMPFILE_END
43
44 stub-zone:
45 name: "."
46 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
47 CONFIG_END
48
49 SCENARIO_BEGIN Test authority zone with ZONEMD that lacks a DNSKEY
50 ; the zone has no DNSSEC, but the trust anchor requires it.
51
52 ; K.ROOT-SERVERS.NET.
53 RANGE_BEGIN 0 100
54 ADDRESS 193.0.14.129
55 ENTRY_BEGIN
56 MATCH opcode qtype qname
57 ADJUST copy_id
58 REPLY QR NOERROR
59 SECTION QUESTION
60 . IN NS
61 SECTION ANSWER
62 . IN NS K.ROOT-SERVERS.NET.
63 SECTION ADDITIONAL
64 K.ROOT-SERVERS.NET. IN A 193.0.14.129
65 ENTRY_END
66
67 ENTRY_BEGIN
68 MATCH opcode subdomain
69 ADJUST copy_id copy_query
70 REPLY QR NOERROR
71 SECTION QUESTION
72 com. IN NS
73 SECTION AUTHORITY
74 com. IN NS a.gtld-servers.net.
75 SECTION ADDITIONAL
76 a.gtld-servers.net. IN A 192.5.6.30
77 ENTRY_END
78 RANGE_END
79
80 ; a.gtld-servers.net.
81 RANGE_BEGIN 0 100
82 ADDRESS 192.5.6.30
83 ENTRY_BEGIN
84 MATCH opcode qtype qname
85 ADJUST copy_id
86 REPLY QR NOERROR
87 SECTION QUESTION
88 com. IN NS
89 SECTION ANSWER
90 com. IN NS a.gtld-servers.net.
91 SECTION ADDITIONAL
92 a.gtld-servers.net. IN A 192.5.6.30
93 ENTRY_END
94
95 ENTRY_BEGIN
96 MATCH opcode qname qtype
97 ADJUST copy_id
98 REPLY QR AA NOERROR
99 SECTION QUESTION
100 example.com. IN DS
101 SECTION ANSWER
102 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
103 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
104 ENTRY_END
105
106 ENTRY_BEGIN
107 MATCH opcode subdomain
108 ADJUST copy_id copy_query
109 REPLY QR NOERROR
110 SECTION QUESTION
111 example.com. IN NS
112 SECTION AUTHORITY
113 example.com. IN NS ns.example.com.
114 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
115 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
116 SECTION ADDITIONAL
117 ns.example.com. IN A 1.2.3.44
118 ENTRY_END
119
120 ENTRY_BEGIN
121 MATCH opcode qtype qname
122 ADJUST copy_id
123 REPLY QR AA NOERROR
124 SECTION QUESTION
125 com. IN DNSKEY
126 SECTION ANSWER
127 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
128 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
129 SECTION ADDITIONAL
130 ENTRY_END
131
132 RANGE_END
133
134 ; ns.example.net.
135 RANGE_BEGIN 0 100
136 ADDRESS 1.2.3.44
137 ENTRY_BEGIN
138 MATCH opcode qtype qname
139 ADJUST copy_id
140 REPLY QR NOERROR
141 SECTION QUESTION
142 example.net. IN NS
143 SECTION ANSWER
144 example.net. IN NS ns.example.net.
145 SECTION ADDITIONAL
146 ns.example.net. IN A 1.2.3.44
147 ENTRY_END
148
149 ENTRY_BEGIN
150 MATCH opcode qtype qname
151 ADJUST copy_id
152 REPLY QR NOERROR
153 SECTION QUESTION
154 ns.example.net. IN A
155 SECTION ANSWER
156 ns.example.net. IN A 1.2.3.44
157 SECTION AUTHORITY
158 example.net. IN NS ns.example.net.
159 ENTRY_END
160
161 ENTRY_BEGIN
162 MATCH opcode qtype qname
163 ADJUST copy_id
164 REPLY QR NOERROR
165 SECTION QUESTION
166 ns.example.net. IN AAAA
167 SECTION AUTHORITY
168 example.net. IN NS ns.example.net.
169 SECTION ADDITIONAL
170 www.example.net. IN A 1.2.3.44
171 ENTRY_END
172
173 ENTRY_BEGIN
174 MATCH opcode qtype qname
175 ADJUST copy_id
176 REPLY QR NOERROR
177 SECTION QUESTION
178 example.com. IN NS
179 SECTION ANSWER
180 example.com. IN NS ns.example.net.
181 ENTRY_END
182
183 ENTRY_BEGIN
184 MATCH opcode qtype qname
185 ADJUST copy_id
186 REPLY QR NOERROR
187 SECTION QUESTION
188 www.example.com. IN A
189 SECTION ANSWER
190 www.example.com. IN A 10.20.30.40
191 ENTRY_END
192 RANGE_END
193
194 STEP 1 QUERY
195 ENTRY_BEGIN
196 REPLY RD
197 SECTION QUESTION
198 www.example.com. IN A
199 ENTRY_END
200
201 ; recursion happens here.
202 STEP 20 CHECK_ANSWER
203 ENTRY_BEGIN
204 MATCH all
205 REPLY QR RD RA SERVFAIL
206 SECTION QUESTION
207 www.example.com. IN A
208 SECTION ANSWER
209 ENTRY_END
210
211 SCENARIO_END
+187
-0
testdata/auth_zonemd_permissive_mode.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 zonemd-permissive-mode: yes
4
5 auth-zone:
6 name: "example.com."
7 ## zonefile (or none).
8 ## zonefile: "example.com.zone"
9 ## master by IP address or hostname
10 ## can list multiple masters, each on one line.
11 ## master:
12 ## url for http fetch
13 ## url:
14 ## queries from downstream clients get authoritative answers.
15 ## for-downstream: yes
16 for-downstream: no
17 ## queries are used to fetch authoritative answers from this zone,
18 ## instead of unbound itself sending queries there.
19 ## for-upstream: yes
20 for-upstream: yes
21 ## on failures with for-upstream, fallback to sending queries to
22 ## the authority servers
23 ## fallback-enabled: no
24 zonemd-check: yes
25
26 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
27 zonefile:
28 TEMPFILE_NAME example.com
29 ## this is the inline file /tmp/xxx.example.com
30 ## the tempfiles are deleted when the testrun is over.
31 TEMPFILE_CONTENTS example.com
32 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
33 example.com. IN NS ns.example.com.
34 ; good zonemd
35 ;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
36 ; wrong zonemd
37 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA
38 www.example.com. IN A 127.0.0.1
39 ns.example.com. IN A 127.0.0.1
40 bar.example.com. IN A 1.2.3.4
41 ding.example.com. IN A 1.2.3.4
42 foo.example.com. IN A 1.2.3.4
43 TEMPFILE_END
44
45 stub-zone:
46 name: "."
47 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
48 CONFIG_END
49
50 SCENARIO_BEGIN Test zonemd permissive mode
51
52 ; K.ROOT-SERVERS.NET.
53 RANGE_BEGIN 0 100
54 ADDRESS 193.0.14.129
55 ENTRY_BEGIN
56 MATCH opcode qtype qname
57 ADJUST copy_id
58 REPLY QR NOERROR
59 SECTION QUESTION
60 . IN NS
61 SECTION ANSWER
62 . IN NS K.ROOT-SERVERS.NET.
63 SECTION ADDITIONAL
64 K.ROOT-SERVERS.NET. IN A 193.0.14.129
65 ENTRY_END
66
67 ENTRY_BEGIN
68 MATCH opcode subdomain
69 ADJUST copy_id copy_query
70 REPLY QR NOERROR
71 SECTION QUESTION
72 com. IN NS
73 SECTION AUTHORITY
74 com. IN NS a.gtld-servers.net.
75 SECTION ADDITIONAL
76 a.gtld-servers.net. IN A 192.5.6.30
77 ENTRY_END
78 RANGE_END
79
80 ; a.gtld-servers.net.
81 RANGE_BEGIN 0 100
82 ADDRESS 192.5.6.30
83 ENTRY_BEGIN
84 MATCH opcode qtype qname
85 ADJUST copy_id
86 REPLY QR NOERROR
87 SECTION QUESTION
88 com. IN NS
89 SECTION ANSWER
90 com. IN NS a.gtld-servers.net.
91 SECTION ADDITIONAL
92 a.gtld-servers.net. IN A 192.5.6.30
93 ENTRY_END
94
95 ENTRY_BEGIN
96 MATCH opcode subdomain
97 ADJUST copy_id copy_query
98 REPLY QR NOERROR
99 SECTION QUESTION
100 example.com. IN NS
101 SECTION AUTHORITY
102 example.com. IN NS ns.example.com.
103 SECTION ADDITIONAL
104 ns.example.com. IN A 1.2.3.44
105 ENTRY_END
106 RANGE_END
107
108 ; ns.example.net.
109 RANGE_BEGIN 0 100
110 ADDRESS 1.2.3.44
111 ENTRY_BEGIN
112 MATCH opcode qtype qname
113 ADJUST copy_id
114 REPLY QR NOERROR
115 SECTION QUESTION
116 example.net. IN NS
117 SECTION ANSWER
118 example.net. IN NS ns.example.net.
119 SECTION ADDITIONAL
120 ns.example.net. IN A 1.2.3.44
121 ENTRY_END
122
123 ENTRY_BEGIN
124 MATCH opcode qtype qname
125 ADJUST copy_id
126 REPLY QR NOERROR
127 SECTION QUESTION
128 ns.example.net. IN A
129 SECTION ANSWER
130 ns.example.net. IN A 1.2.3.44
131 SECTION AUTHORITY
132 example.net. IN NS ns.example.net.
133 ENTRY_END
134
135 ENTRY_BEGIN
136 MATCH opcode qtype qname
137 ADJUST copy_id
138 REPLY QR NOERROR
139 SECTION QUESTION
140 ns.example.net. IN AAAA
141 SECTION AUTHORITY
142 example.net. IN NS ns.example.net.
143 SECTION ADDITIONAL
144 www.example.net. IN A 1.2.3.44
145 ENTRY_END
146
147 ENTRY_BEGIN
148 MATCH opcode qtype qname
149 ADJUST copy_id
150 REPLY QR NOERROR
151 SECTION QUESTION
152 example.com. IN NS
153 SECTION ANSWER
154 example.com. IN NS ns.example.net.
155 ENTRY_END
156
157 ENTRY_BEGIN
158 MATCH opcode qtype qname
159 ADJUST copy_id
160 REPLY QR NOERROR
161 SECTION QUESTION
162 www.example.com. IN A
163 SECTION ANSWER
164 www.example.com. IN A 10.20.30.40
165 ENTRY_END
166 RANGE_END
167
168 STEP 1 QUERY
169 ENTRY_BEGIN
170 REPLY RD
171 SECTION QUESTION
172 www.example.com. IN A
173 ENTRY_END
174
175 ; recursion happens here.
176 STEP 20 CHECK_ANSWER
177 ENTRY_BEGIN
178 MATCH all
179 REPLY QR RD RA NOERROR
180 SECTION QUESTION
181 www.example.com. IN A
182 SECTION ANSWER
183 www.example.com. IN A 127.0.0.1
184 ENTRY_END
185
186 SCENARIO_END
+238
-0
testdata/auth_zonemd_xfr.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3
4 auth-zone:
5 name: "example.com."
6 ## zonefile (or none).
7 ## zonefile: "example.com.zone"
8 ## master by IP address or hostname
9 ## can list multiple masters, each on one line.
10 ## master:
11 master: 1.2.3.44
12 ## url for http fetch
13 ## url:
14 ## queries from downstream clients get authoritative answers.
15 ## for-downstream: yes
16 for-downstream: yes
17 ## queries are used to fetch authoritative answers from this zone,
18 ## instead of unbound itself sending queries there.
19 ## for-upstream: yes
20 for-upstream: yes
21 ## on failures with for-upstream, fallback to sending queries to
22 ## the authority servers
23 ## fallback-enabled: no
24 zonemd-check: yes
25
26 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
27 zonefile:
28 TEMPFILE_NAME example.com
29 ## this is the inline file /tmp/xxx.example.com
30 ## the tempfiles are deleted when the testrun is over.
31 TEMPFILE_CONTENTS example.com
32 TEMPFILE_END
33
34 stub-zone:
35 name: "."
36 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
37 CONFIG_END
38
39 SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD
40
41 ; K.ROOT-SERVERS.NET.
42 RANGE_BEGIN 0 100
43 ADDRESS 193.0.14.129
44 ENTRY_BEGIN
45 MATCH opcode qtype qname
46 ADJUST copy_id
47 REPLY QR NOERROR
48 SECTION QUESTION
49 . IN NS
50 SECTION ANSWER
51 . IN NS K.ROOT-SERVERS.NET.
52 SECTION ADDITIONAL
53 K.ROOT-SERVERS.NET. IN A 193.0.14.129
54 ENTRY_END
55
56 ENTRY_BEGIN
57 MATCH opcode subdomain
58 ADJUST copy_id copy_query
59 REPLY QR NOERROR
60 SECTION QUESTION
61 com. IN NS
62 SECTION AUTHORITY
63 com. IN NS a.gtld-servers.net.
64 SECTION ADDITIONAL
65 a.gtld-servers.net. IN A 192.5.6.30
66 ENTRY_END
67 RANGE_END
68
69 ; a.gtld-servers.net.
70 RANGE_BEGIN 0 100
71 ADDRESS 192.5.6.30
72 ENTRY_BEGIN
73 MATCH opcode qtype qname
74 ADJUST copy_id
75 REPLY QR NOERROR
76 SECTION QUESTION
77 com. IN NS
78 SECTION ANSWER
79 com. IN NS a.gtld-servers.net.
80 SECTION ADDITIONAL
81 a.gtld-servers.net. IN A 192.5.6.30
82 ENTRY_END
83
84 ENTRY_BEGIN
85 MATCH opcode subdomain
86 ADJUST copy_id copy_query
87 REPLY QR NOERROR
88 SECTION QUESTION
89 example.com. IN NS
90 SECTION AUTHORITY
91 example.com. IN NS ns.example.com.
92 SECTION ADDITIONAL
93 ns.example.com. IN A 1.2.3.44
94 ENTRY_END
95 RANGE_END
96
97 ; ns.example.net.
98 RANGE_BEGIN 0 100
99 ADDRESS 1.2.3.44
100 ENTRY_BEGIN
101 MATCH opcode qtype qname
102 ADJUST copy_id
103 REPLY QR NOERROR
104 SECTION QUESTION
105 example.net. IN NS
106 SECTION ANSWER
107 example.net. IN NS ns.example.net.
108 SECTION ADDITIONAL
109 ns.example.net. IN A 1.2.3.44
110 ENTRY_END
111
112 ENTRY_BEGIN
113 MATCH opcode qtype qname
114 ADJUST copy_id
115 REPLY QR NOERROR
116 SECTION QUESTION
117 ns.example.net. IN A
118 SECTION ANSWER
119 ns.example.net. IN A 1.2.3.44
120 SECTION AUTHORITY
121 example.net. IN NS ns.example.net.
122 ENTRY_END
123
124 ENTRY_BEGIN
125 MATCH opcode qtype qname
126 ADJUST copy_id
127 REPLY QR NOERROR
128 SECTION QUESTION
129 ns.example.net. IN AAAA
130 SECTION AUTHORITY
131 example.net. IN NS ns.example.net.
132 SECTION ADDITIONAL
133 www.example.net. IN A 1.2.3.44
134 ENTRY_END
135
136 ENTRY_BEGIN
137 MATCH opcode qtype qname
138 ADJUST copy_id
139 REPLY QR NOERROR
140 SECTION QUESTION
141 example.com. IN NS
142 SECTION ANSWER
143 example.com. IN NS ns.example.net.
144 ENTRY_END
145
146 ENTRY_BEGIN
147 MATCH opcode qtype qname
148 ADJUST copy_id
149 REPLY QR NOERROR
150 SECTION QUESTION
151 www.example.com. IN A
152 SECTION ANSWER
153 www.example.com. IN A 10.20.30.40
154 ENTRY_END
155
156 ENTRY_BEGIN
157 MATCH opcode qtype qname
158 ADJUST copy_id
159 REPLY QR NOERROR
160 SECTION QUESTION
161 example.com. IN SOA
162 SECTION ANSWER
163 ; serial, refresh, retry, expire, minimum
164 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
165 ENTRY_END
166
167 ENTRY_BEGIN
168 MATCH opcode qtype qname
169 ADJUST copy_id
170 REPLY QR AA NOERROR
171 SECTION QUESTION
172 example.com. IN AXFR
173 SECTION ANSWER
174 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
175 example.com. IN NS ns.example.com.
176 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
177 www.example.com. IN A 127.0.0.1
178 ns.example.com. IN A 127.0.0.1
179 bar.example.com. IN A 1.2.3.4
180 ding.example.com. IN A 1.2.3.4
181 foo.example.com. IN A 1.2.3.4
182 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
183 ENTRY_END
184 RANGE_END
185
186 STEP 1 QUERY
187 ENTRY_BEGIN
188 REPLY RD
189 SECTION QUESTION
190 www.example.com. IN A
191 ENTRY_END
192
193 ; recursion happens here.
194 STEP 20 CHECK_ANSWER
195 ENTRY_BEGIN
196 MATCH all
197 REPLY QR AA RD RA SERVFAIL
198 SECTION QUESTION
199 www.example.com. IN A
200 SECTION ANSWER
201 ENTRY_END
202
203 STEP 30 TIME_PASSES ELAPSE 10
204 STEP 40 TRAFFIC
205
206 STEP 50 QUERY
207 ENTRY_BEGIN
208 REPLY RD
209 SECTION QUESTION
210 www.example.com. IN A
211 ENTRY_END
212
213 ; recursion happens here.
214 STEP 60 CHECK_ANSWER
215 ENTRY_BEGIN
216 MATCH all
217 REPLY QR AA RD RA NOERROR
218 SECTION QUESTION
219 www.example.com. IN A
220 SECTION ANSWER
221 www.example.com. IN A 127.0.0.1
222 ENTRY_END
223
224 ; the zonefile was updated with new contents
225 STEP 70 CHECK_TEMPFILE example.com
226 FILE_BEGIN
227 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
228 example.com. 3600 IN NS ns.example.com.
229 example.com. 3600 IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
230 bar.example.com. 3600 IN A 1.2.3.4
231 ding.example.com. 3600 IN A 1.2.3.4
232 foo.example.com. 3600 IN A 1.2.3.4
233 ns.example.com. 3600 IN A 127.0.0.1
234 www.example.com. 3600 IN A 127.0.0.1
235 FILE_END
236
237 SCENARIO_END
+285
-0
testdata/auth_zonemd_xfr_anchor.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 master: 1.2.3.44
15 ## url for http fetch
16 ## url:
17 ## queries from downstream clients get authoritative answers.
18 ## for-downstream: yes
19 for-downstream: yes
20 ## queries are used to fetch authoritative answers from this zone,
21 ## instead of unbound itself sending queries there.
22 ## for-upstream: yes
23 for-upstream: yes
24 ## on failures with for-upstream, fallback to sending queries to
25 ## the authority servers
26 ## fallback-enabled: no
27 zonemd-check: yes
28
29 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
30 zonefile:
31 TEMPFILE_NAME example.com
32 ## this is the inline file /tmp/xxx.example.com
33 ## the tempfiles are deleted when the testrun is over.
34 TEMPFILE_CONTENTS example.com
35 TEMPFILE_END
36
37 stub-zone:
38 name: "."
39 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
40 CONFIG_END
41
42 SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with trust anchor
43
44 ; K.ROOT-SERVERS.NET.
45 RANGE_BEGIN 0 100
46 ADDRESS 193.0.14.129
47 ENTRY_BEGIN
48 MATCH opcode qtype qname
49 ADJUST copy_id
50 REPLY QR NOERROR
51 SECTION QUESTION
52 . IN NS
53 SECTION ANSWER
54 . IN NS K.ROOT-SERVERS.NET.
55 SECTION ADDITIONAL
56 K.ROOT-SERVERS.NET. IN A 193.0.14.129
57 ENTRY_END
58
59 ENTRY_BEGIN
60 MATCH opcode subdomain
61 ADJUST copy_id copy_query
62 REPLY QR NOERROR
63 SECTION QUESTION
64 com. IN NS
65 SECTION AUTHORITY
66 com. IN NS a.gtld-servers.net.
67 SECTION ADDITIONAL
68 a.gtld-servers.net. IN A 192.5.6.30
69 ENTRY_END
70 RANGE_END
71
72 ; a.gtld-servers.net.
73 RANGE_BEGIN 0 100
74 ADDRESS 192.5.6.30
75 ENTRY_BEGIN
76 MATCH opcode qtype qname
77 ADJUST copy_id
78 REPLY QR NOERROR
79 SECTION QUESTION
80 com. IN NS
81 SECTION ANSWER
82 com. IN NS a.gtld-servers.net.
83 SECTION ADDITIONAL
84 a.gtld-servers.net. IN A 192.5.6.30
85 ENTRY_END
86
87 ENTRY_BEGIN
88 MATCH opcode subdomain
89 ADJUST copy_id copy_query
90 REPLY QR NOERROR
91 SECTION QUESTION
92 example.com. IN NS
93 SECTION AUTHORITY
94 example.com. IN NS ns.example.com.
95 SECTION ADDITIONAL
96 ns.example.com. IN A 1.2.3.44
97 ENTRY_END
98 RANGE_END
99
100 ; ns.example.net.
101 RANGE_BEGIN 0 100
102 ADDRESS 1.2.3.44
103 ENTRY_BEGIN
104 MATCH opcode qtype qname
105 ADJUST copy_id
106 REPLY QR NOERROR
107 SECTION QUESTION
108 example.net. IN NS
109 SECTION ANSWER
110 example.net. IN NS ns.example.net.
111 SECTION ADDITIONAL
112 ns.example.net. IN A 1.2.3.44
113 ENTRY_END
114
115 ENTRY_BEGIN
116 MATCH opcode qtype qname
117 ADJUST copy_id
118 REPLY QR NOERROR
119 SECTION QUESTION
120 ns.example.net. IN A
121 SECTION ANSWER
122 ns.example.net. IN A 1.2.3.44
123 SECTION AUTHORITY
124 example.net. IN NS ns.example.net.
125 ENTRY_END
126
127 ENTRY_BEGIN
128 MATCH opcode qtype qname
129 ADJUST copy_id
130 REPLY QR NOERROR
131 SECTION QUESTION
132 ns.example.net. IN AAAA
133 SECTION AUTHORITY
134 example.net. IN NS ns.example.net.
135 SECTION ADDITIONAL
136 www.example.net. IN A 1.2.3.44
137 ENTRY_END
138
139 ENTRY_BEGIN
140 MATCH opcode qtype qname
141 ADJUST copy_id
142 REPLY QR NOERROR
143 SECTION QUESTION
144 example.com. IN NS
145 SECTION ANSWER
146 example.com. IN NS ns.example.net.
147 ENTRY_END
148
149 ENTRY_BEGIN
150 MATCH opcode qtype qname
151 ADJUST copy_id
152 REPLY QR NOERROR
153 SECTION QUESTION
154 www.example.com. IN A
155 SECTION ANSWER
156 www.example.com. IN A 10.20.30.40
157 ENTRY_END
158
159 ENTRY_BEGIN
160 MATCH opcode qtype qname
161 ADJUST copy_id
162 REPLY QR NOERROR
163 SECTION QUESTION
164 example.com. IN SOA
165 SECTION ANSWER
166 ; serial, refresh, retry, expire, minimum
167 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
168 ENTRY_END
169
170 ENTRY_BEGIN
171 MATCH opcode qtype qname
172 ADJUST copy_id
173 REPLY QR AA NOERROR
174 SECTION QUESTION
175 example.com. IN AXFR
176 SECTION ANSWER
177 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
178 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
179 example.com. 3600 IN NS ns.example.com.
180 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
181 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
182 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
183 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
184 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
185 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
186 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
187 bar.example.com. 3600 IN A 1.2.3.4
188 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
189 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
190 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
191 ding.example.com. 3600 IN A 1.2.3.4
192 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
193 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
194 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
195 foo.example.com. 3600 IN A 1.2.3.4
196 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
197 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
198 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
199 ns.example.com. 3600 IN A 127.0.0.1
200 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
201 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
202 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
203 www.example.com. 3600 IN A 127.0.0.1
204 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
205 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
206 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
207 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
208 ENTRY_END
209 RANGE_END
210
211 STEP 1 QUERY
212 ENTRY_BEGIN
213 REPLY RD
214 SECTION QUESTION
215 www.example.com. IN A
216 ENTRY_END
217
218 ; recursion happens here.
219 STEP 20 CHECK_ANSWER
220 ENTRY_BEGIN
221 MATCH all
222 REPLY QR AA RD RA SERVFAIL
223 SECTION QUESTION
224 www.example.com. IN A
225 SECTION ANSWER
226 ENTRY_END
227
228 STEP 30 TIME_PASSES ELAPSE 10
229 STEP 40 TRAFFIC
230
231 STEP 50 QUERY
232 ENTRY_BEGIN
233 REPLY RD
234 SECTION QUESTION
235 www.example.com. IN A
236 ENTRY_END
237
238 ; recursion happens here.
239 STEP 60 CHECK_ANSWER
240 ENTRY_BEGIN
241 MATCH all
242 REPLY QR AA RD RA NOERROR
243 SECTION QUESTION
244 www.example.com. IN A
245 SECTION ANSWER
246 www.example.com. IN A 127.0.0.1
247 ENTRY_END
248
249 ; the zonefile was updated with new contents
250 STEP 70 CHECK_TEMPFILE example.com
251 FILE_BEGIN
252 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
253 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
254 example.com. 3600 IN NS ns.example.com.
255 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
256 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD
257 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
258 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566}
259 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
260 example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F
261 example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
262 bar.example.com. 3600 IN A 1.2.3.4
263 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
264 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
265 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
266 ding.example.com. 3600 IN A 1.2.3.4
267 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
268 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
269 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
270 foo.example.com. 3600 IN A 1.2.3.4
271 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
272 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
273 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
274 ns.example.com. 3600 IN A 127.0.0.1
275 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
276 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
277 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
278 www.example.com. 3600 IN A 127.0.0.1
279 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
280 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
281 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
282 FILE_END
283
284 SCENARIO_END
+266
-0
testdata/auth_zonemd_xfr_anchor_fail.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 master: 1.2.3.44
15 ## url for http fetch
16 ## url:
17 ## queries from downstream clients get authoritative answers.
18 ## for-downstream: yes
19 for-downstream: yes
20 ## queries are used to fetch authoritative answers from this zone,
21 ## instead of unbound itself sending queries there.
22 ## for-upstream: yes
23 for-upstream: yes
24 ## on failures with for-upstream, fallback to sending queries to
25 ## the authority servers
26 ## fallback-enabled: no
27 zonemd-check: yes
28
29 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
30 zonefile:
31 TEMPFILE_NAME example.com
32 ## this is the inline file /tmp/xxx.example.com
33 ## the tempfiles are deleted when the testrun is over.
34 TEMPFILE_CONTENTS example.com
35 TEMPFILE_END
36
37 stub-zone:
38 name: "."
39 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
40 CONFIG_END
41
42 SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD fail with trust anchor
43
44 ; K.ROOT-SERVERS.NET.
45 RANGE_BEGIN 0 100
46 ADDRESS 193.0.14.129
47 ENTRY_BEGIN
48 MATCH opcode qtype qname
49 ADJUST copy_id
50 REPLY QR NOERROR
51 SECTION QUESTION
52 . IN NS
53 SECTION ANSWER
54 . IN NS K.ROOT-SERVERS.NET.
55 SECTION ADDITIONAL
56 K.ROOT-SERVERS.NET. IN A 193.0.14.129
57 ENTRY_END
58
59 ENTRY_BEGIN
60 MATCH opcode subdomain
61 ADJUST copy_id copy_query
62 REPLY QR NOERROR
63 SECTION QUESTION
64 com. IN NS
65 SECTION AUTHORITY
66 com. IN NS a.gtld-servers.net.
67 SECTION ADDITIONAL
68 a.gtld-servers.net. IN A 192.5.6.30
69 ENTRY_END
70 RANGE_END
71
72 ; a.gtld-servers.net.
73 RANGE_BEGIN 0 100
74 ADDRESS 192.5.6.30
75 ENTRY_BEGIN
76 MATCH opcode qtype qname
77 ADJUST copy_id
78 REPLY QR NOERROR
79 SECTION QUESTION
80 com. IN NS
81 SECTION ANSWER
82 com. IN NS a.gtld-servers.net.
83 SECTION ADDITIONAL
84 a.gtld-servers.net. IN A 192.5.6.30
85 ENTRY_END
86
87 ENTRY_BEGIN
88 MATCH opcode subdomain
89 ADJUST copy_id copy_query
90 REPLY QR NOERROR
91 SECTION QUESTION
92 example.com. IN NS
93 SECTION AUTHORITY
94 example.com. IN NS ns.example.com.
95 SECTION ADDITIONAL
96 ns.example.com. IN A 1.2.3.44
97 ENTRY_END
98 RANGE_END
99
100 ; ns.example.net.
101 RANGE_BEGIN 0 100
102 ADDRESS 1.2.3.44
103 ENTRY_BEGIN
104 MATCH opcode qtype qname
105 ADJUST copy_id
106 REPLY QR NOERROR
107 SECTION QUESTION
108 example.net. IN NS
109 SECTION ANSWER
110 example.net. IN NS ns.example.net.
111 SECTION ADDITIONAL
112 ns.example.net. IN A 1.2.3.44
113 ENTRY_END
114
115 ENTRY_BEGIN
116 MATCH opcode qtype qname
117 ADJUST copy_id
118 REPLY QR NOERROR
119 SECTION QUESTION
120 ns.example.net. IN A
121 SECTION ANSWER
122 ns.example.net. IN A 1.2.3.44
123 SECTION AUTHORITY
124 example.net. IN NS ns.example.net.
125 ENTRY_END
126
127 ENTRY_BEGIN
128 MATCH opcode qtype qname
129 ADJUST copy_id
130 REPLY QR NOERROR
131 SECTION QUESTION
132 ns.example.net. IN AAAA
133 SECTION AUTHORITY
134 example.net. IN NS ns.example.net.
135 SECTION ADDITIONAL
136 www.example.net. IN A 1.2.3.44
137 ENTRY_END
138
139 ENTRY_BEGIN
140 MATCH opcode qtype qname
141 ADJUST copy_id
142 REPLY QR NOERROR
143 SECTION QUESTION
144 example.com. IN NS
145 SECTION ANSWER
146 example.com. IN NS ns.example.net.
147 ENTRY_END
148
149 ENTRY_BEGIN
150 MATCH opcode qtype qname
151 ADJUST copy_id
152 REPLY QR NOERROR
153 SECTION QUESTION
154 www.example.com. IN A
155 SECTION ANSWER
156 www.example.com. IN A 10.20.30.40
157 ENTRY_END
158
159 ENTRY_BEGIN
160 MATCH opcode qtype qname
161 ADJUST copy_id
162 REPLY QR NOERROR
163 SECTION QUESTION
164 example.com. IN SOA
165 SECTION ANSWER
166 ; serial, refresh, retry, expire, minimum
167 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
168 ENTRY_END
169
170 ENTRY_BEGIN
171 MATCH opcode qtype qname
172 ADJUST copy_id
173 REPLY QR AA NOTIMPL
174 SECTION QUESTION
175 example.com. IN IXFR
176 SECTION ANSWER
177 ENTRY_END
178
179 ENTRY_BEGIN
180 MATCH opcode qtype qname
181 ADJUST copy_id
182 REPLY QR AA NOERROR
183 SECTION QUESTION
184 example.com. IN AXFR
185 SECTION ANSWER
186 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
187 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
188 example.com. 3600 IN NS ns.example.com.
189 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
190 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
191 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
192 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
193 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
194 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
195 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
196 ; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too.
197 bar.example.com. 3600 IN A 1.2.3.55
198 ; orig RR
199 ;bar.example.com. 3600 IN A 1.2.3.4
200 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
201 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
202 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
203 ding.example.com. 3600 IN A 1.2.3.4
204 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
205 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
206 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
207 foo.example.com. 3600 IN A 1.2.3.4
208 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
209 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
210 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
211 ns.example.com. 3600 IN A 127.0.0.1
212 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
213 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
214 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
215 www.example.com. 3600 IN A 127.0.0.1
216 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
217 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
218 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
219 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
220 ENTRY_END
221 RANGE_END
222
223 STEP 1 QUERY
224 ENTRY_BEGIN
225 REPLY RD
226 SECTION QUESTION
227 www.example.com. IN A
228 ENTRY_END
229
230 ; recursion happens here.
231 STEP 20 CHECK_ANSWER
232 ENTRY_BEGIN
233 MATCH all
234 REPLY QR AA RD RA SERVFAIL
235 SECTION QUESTION
236 www.example.com. IN A
237 SECTION ANSWER
238 ENTRY_END
239
240 STEP 30 TIME_PASSES ELAPSE 10
241 STEP 40 TRAFFIC
242
243 STEP 50 QUERY
244 ENTRY_BEGIN
245 REPLY RD
246 SECTION QUESTION
247 www.example.com. IN A
248 ENTRY_END
249
250 ; recursion happens here.
251 STEP 60 CHECK_ANSWER
252 ENTRY_BEGIN
253 MATCH all
254 REPLY QR AA RD RA SERVFAIL
255 SECTION QUESTION
256 www.example.com. IN A
257 SECTION ANSWER
258 ENTRY_END
259
260 ; the zonefile was updated with new contents
261 STEP 70 CHECK_TEMPFILE example.com
262 FILE_BEGIN
263 FILE_END
264
265 SCENARIO_END
+310
-0
testdata/auth_zonemd_xfr_chain.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 master: 1.2.3.44
15 ## url for http fetch
16 ## url:
17 ## queries from downstream clients get authoritative answers.
18 ## for-downstream: yes
19 for-downstream: yes
20 ## queries are used to fetch authoritative answers from this zone,
21 ## instead of unbound itself sending queries there.
22 ## for-upstream: yes
23 for-upstream: yes
24 ## on failures with for-upstream, fallback to sending queries to
25 ## the authority servers
26 ## fallback-enabled: no
27 zonemd-check: yes
28
29 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
30 zonefile:
31 TEMPFILE_NAME example.com
32 ## this is the inline file /tmp/xxx.example.com
33 ## the tempfiles are deleted when the testrun is over.
34 TEMPFILE_CONTENTS example.com
35 TEMPFILE_END
36
37 stub-zone:
38 name: "."
39 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
40 CONFIG_END
41
42 SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with chain of trust
43
44 ; K.ROOT-SERVERS.NET.
45 RANGE_BEGIN 0 100
46 ADDRESS 193.0.14.129
47 ENTRY_BEGIN
48 MATCH opcode qtype qname
49 ADJUST copy_id
50 REPLY QR NOERROR
51 SECTION QUESTION
52 . IN NS
53 SECTION ANSWER
54 . IN NS K.ROOT-SERVERS.NET.
55 SECTION ADDITIONAL
56 K.ROOT-SERVERS.NET. IN A 193.0.14.129
57 ENTRY_END
58
59 ENTRY_BEGIN
60 MATCH opcode subdomain
61 ADJUST copy_id copy_query
62 REPLY QR NOERROR
63 SECTION QUESTION
64 com. IN NS
65 SECTION AUTHORITY
66 com. IN NS a.gtld-servers.net.
67 SECTION ADDITIONAL
68 a.gtld-servers.net. IN A 192.5.6.30
69 ENTRY_END
70 RANGE_END
71
72 ; a.gtld-servers.net.
73 RANGE_BEGIN 0 100
74 ADDRESS 192.5.6.30
75 ENTRY_BEGIN
76 MATCH opcode qtype qname
77 ADJUST copy_id
78 REPLY QR NOERROR
79 SECTION QUESTION
80 com. IN NS
81 SECTION ANSWER
82 com. IN NS a.gtld-servers.net.
83 SECTION ADDITIONAL
84 a.gtld-servers.net. IN A 192.5.6.30
85 ENTRY_END
86
87 ENTRY_BEGIN
88 MATCH opcode qname qtype
89 ADJUST copy_id
90 REPLY QR AA NOERROR
91 SECTION QUESTION
92 example.com. IN DS
93 SECTION ANSWER
94 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
95 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
96 ENTRY_END
97
98 ENTRY_BEGIN
99 MATCH opcode subdomain
100 ADJUST copy_id copy_query
101 REPLY QR NOERROR
102 SECTION QUESTION
103 example.com. IN NS
104 SECTION AUTHORITY
105 example.com. IN NS ns.example.com.
106 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
107 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
108 SECTION ADDITIONAL
109 ns.example.com. IN A 1.2.3.44
110 ENTRY_END
111
112 ENTRY_BEGIN
113 MATCH opcode qtype qname
114 ADJUST copy_id
115 REPLY QR AA NOERROR
116 SECTION QUESTION
117 com. IN DNSKEY
118 SECTION ANSWER
119 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
120 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
121 SECTION ADDITIONAL
122 ENTRY_END
123 RANGE_END
124
125 ; ns.example.net.
126 RANGE_BEGIN 0 100
127 ADDRESS 1.2.3.44
128 ENTRY_BEGIN
129 MATCH opcode qtype qname
130 ADJUST copy_id
131 REPLY QR NOERROR
132 SECTION QUESTION
133 example.net. IN NS
134 SECTION ANSWER
135 example.net. IN NS ns.example.net.
136 SECTION ADDITIONAL
137 ns.example.net. IN A 1.2.3.44
138 ENTRY_END
139
140 ENTRY_BEGIN
141 MATCH opcode qtype qname
142 ADJUST copy_id
143 REPLY QR NOERROR
144 SECTION QUESTION
145 ns.example.net. IN A
146 SECTION ANSWER
147 ns.example.net. IN A 1.2.3.44
148 SECTION AUTHORITY
149 example.net. IN NS ns.example.net.
150 ENTRY_END
151
152 ENTRY_BEGIN
153 MATCH opcode qtype qname
154 ADJUST copy_id
155 REPLY QR NOERROR
156 SECTION QUESTION
157 ns.example.net. IN AAAA
158 SECTION AUTHORITY
159 example.net. IN NS ns.example.net.
160 SECTION ADDITIONAL
161 www.example.net. IN A 1.2.3.44
162 ENTRY_END
163
164 ENTRY_BEGIN
165 MATCH opcode qtype qname
166 ADJUST copy_id
167 REPLY QR NOERROR
168 SECTION QUESTION
169 example.com. IN NS
170 SECTION ANSWER
171 example.com. IN NS ns.example.net.
172 ENTRY_END
173
174 ENTRY_BEGIN
175 MATCH opcode qtype qname
176 ADJUST copy_id
177 REPLY QR NOERROR
178 SECTION QUESTION
179 www.example.com. IN A
180 SECTION ANSWER
181 www.example.com. IN A 10.20.30.40
182 ENTRY_END
183
184 ENTRY_BEGIN
185 MATCH opcode qtype qname
186 ADJUST copy_id
187 REPLY QR NOERROR
188 SECTION QUESTION
189 example.com. IN SOA
190 SECTION ANSWER
191 ; serial, refresh, retry, expire, minimum
192 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
193 ENTRY_END
194
195 ENTRY_BEGIN
196 MATCH opcode qtype qname
197 ADJUST copy_id
198 REPLY QR AA NOERROR
199 SECTION QUESTION
200 example.com. IN AXFR
201 SECTION ANSWER
202 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
203 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
204 example.com. 3600 IN NS ns.example.com.
205 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
206 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
207 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
208 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
209 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
210 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
211 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
212 bar.example.com. 3600 IN A 1.2.3.4
213 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
214 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
215 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
216 ding.example.com. 3600 IN A 1.2.3.4
217 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
218 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
219 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
220 foo.example.com. 3600 IN A 1.2.3.4
221 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
222 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
223 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
224 ns.example.com. 3600 IN A 127.0.0.1
225 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
226 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
227 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
228 www.example.com. 3600 IN A 127.0.0.1
229 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
230 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
231 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
232 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
233 ENTRY_END
234 RANGE_END
235
236 STEP 1 QUERY
237 ENTRY_BEGIN
238 REPLY RD
239 SECTION QUESTION
240 www.example.com. IN A
241 ENTRY_END
242
243 ; recursion happens here.
244 STEP 20 CHECK_ANSWER
245 ENTRY_BEGIN
246 MATCH all
247 REPLY QR AA RD RA SERVFAIL
248 SECTION QUESTION
249 www.example.com. IN A
250 SECTION ANSWER
251 ENTRY_END
252
253 STEP 30 TIME_PASSES ELAPSE 10
254 STEP 40 TRAFFIC
255
256 STEP 50 QUERY
257 ENTRY_BEGIN
258 REPLY RD
259 SECTION QUESTION
260 www.example.com. IN A
261 ENTRY_END
262
263 ; recursion happens here.
264 STEP 60 CHECK_ANSWER
265 ENTRY_BEGIN
266 MATCH all
267 REPLY QR AA RD RA NOERROR
268 SECTION QUESTION
269 www.example.com. IN A
270 SECTION ANSWER
271 www.example.com. IN A 127.0.0.1
272 ENTRY_END
273
274 ; the zonefile was updated with new contents
275 STEP 70 CHECK_TEMPFILE example.com
276 FILE_BEGIN
277 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
278 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
279 example.com. 3600 IN NS ns.example.com.
280 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
281 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD
282 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
283 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566}
284 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
285 example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F
286 example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
287 bar.example.com. 3600 IN A 1.2.3.4
288 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
289 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
290 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
291 ding.example.com. 3600 IN A 1.2.3.4
292 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
293 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
294 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
295 foo.example.com. 3600 IN A 1.2.3.4
296 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
297 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
298 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
299 ns.example.com. 3600 IN A 127.0.0.1
300 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
301 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
302 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
303 www.example.com. 3600 IN A 127.0.0.1
304 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
305 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
306 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
307 FILE_END
308
309 SCENARIO_END
+321
-0
testdata/auth_zonemd_xfr_chain_fail.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 master: 1.2.3.44
15 ## url for http fetch
16 ## url:
17 ## queries from downstream clients get authoritative answers.
18 ## for-downstream: yes
19 for-downstream: yes
20 ## queries are used to fetch authoritative answers from this zone,
21 ## instead of unbound itself sending queries there.
22 ## for-upstream: yes
23 for-upstream: yes
24 ## on failures with for-upstream, fallback to sending queries to
25 ## the authority servers
26 ## fallback-enabled: no
27 zonemd-check: yes
28
29 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
30 zonefile:
31 TEMPFILE_NAME example.com
32 ## this is the inline file /tmp/xxx.example.com
33 ## the tempfiles are deleted when the testrun is over.
34 TEMPFILE_CONTENTS example.com
35 TEMPFILE_END
36
37 stub-zone:
38 name: "."
39 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
40 CONFIG_END
41
42 SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD failure with chain of trust
43
44 ; K.ROOT-SERVERS.NET.
45 RANGE_BEGIN 0 100
46 ADDRESS 193.0.14.129
47 ENTRY_BEGIN
48 MATCH opcode qtype qname
49 ADJUST copy_id
50 REPLY QR NOERROR
51 SECTION QUESTION
52 . IN NS
53 SECTION ANSWER
54 . IN NS K.ROOT-SERVERS.NET.
55 SECTION ADDITIONAL
56 K.ROOT-SERVERS.NET. IN A 193.0.14.129
57 ENTRY_END
58
59 ENTRY_BEGIN
60 MATCH opcode subdomain
61 ADJUST copy_id copy_query
62 REPLY QR NOERROR
63 SECTION QUESTION
64 com. IN NS
65 SECTION AUTHORITY
66 com. IN NS a.gtld-servers.net.
67 SECTION ADDITIONAL
68 a.gtld-servers.net. IN A 192.5.6.30
69 ENTRY_END
70 RANGE_END
71
72 ; a.gtld-servers.net.
73 RANGE_BEGIN 0 100
74 ADDRESS 192.5.6.30
75 ENTRY_BEGIN
76 MATCH opcode qtype qname
77 ADJUST copy_id
78 REPLY QR NOERROR
79 SECTION QUESTION
80 com. IN NS
81 SECTION ANSWER
82 com. IN NS a.gtld-servers.net.
83 SECTION ADDITIONAL
84 a.gtld-servers.net. IN A 192.5.6.30
85 ENTRY_END
86
87 ENTRY_BEGIN
88 MATCH opcode qname qtype
89 ADJUST copy_id
90 REPLY QR AA NOERROR
91 SECTION QUESTION
92 example.com. IN DS
93 SECTION ANSWER
94 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
95 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
96 ENTRY_END
97
98 ENTRY_BEGIN
99 MATCH opcode subdomain
100 ADJUST copy_id copy_query
101 REPLY QR NOERROR
102 SECTION QUESTION
103 example.com. IN NS
104 SECTION AUTHORITY
105 example.com. IN NS ns.example.com.
106 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
107 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
108 SECTION ADDITIONAL
109 ns.example.com. IN A 1.2.3.44
110 ENTRY_END
111
112 ENTRY_BEGIN
113 MATCH opcode qtype qname
114 ADJUST copy_id
115 REPLY QR AA NOERROR
116 SECTION QUESTION
117 com. IN DNSKEY
118 SECTION ANSWER
119 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
120 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
121 SECTION ADDITIONAL
122 ENTRY_END
123 RANGE_END
124
125 ; ns.example.net.
126 RANGE_BEGIN 0 100
127 ADDRESS 1.2.3.44
128 ENTRY_BEGIN
129 MATCH opcode qtype qname
130 ADJUST copy_id
131 REPLY QR NOERROR
132 SECTION QUESTION
133 example.net. IN NS
134 SECTION ANSWER
135 example.net. IN NS ns.example.net.
136 SECTION ADDITIONAL
137 ns.example.net. IN A 1.2.3.44
138 ENTRY_END
139
140 ENTRY_BEGIN
141 MATCH opcode qtype qname
142 ADJUST copy_id
143 REPLY QR NOERROR
144 SECTION QUESTION
145 ns.example.net. IN A
146 SECTION ANSWER
147 ns.example.net. IN A 1.2.3.44
148 SECTION AUTHORITY
149 example.net. IN NS ns.example.net.
150 ENTRY_END
151
152 ENTRY_BEGIN
153 MATCH opcode qtype qname
154 ADJUST copy_id
155 REPLY QR NOERROR
156 SECTION QUESTION
157 ns.example.net. IN AAAA
158 SECTION AUTHORITY
159 example.net. IN NS ns.example.net.
160 SECTION ADDITIONAL
161 www.example.net. IN A 1.2.3.44
162 ENTRY_END
163
164 ENTRY_BEGIN
165 MATCH opcode qtype qname
166 ADJUST copy_id
167 REPLY QR NOERROR
168 SECTION QUESTION
169 example.com. IN NS
170 SECTION ANSWER
171 example.com. IN NS ns.example.net.
172 ENTRY_END
173
174 ENTRY_BEGIN
175 MATCH opcode qtype qname
176 ADJUST copy_id
177 REPLY QR NOERROR
178 SECTION QUESTION
179 www.example.com. IN A
180 SECTION ANSWER
181 www.example.com. IN A 10.20.30.40
182 ENTRY_END
183
184 ENTRY_BEGIN
185 MATCH opcode qtype qname
186 ADJUST copy_id
187 REPLY QR NOERROR
188 SECTION QUESTION
189 example.com. IN SOA
190 SECTION ANSWER
191 ; serial, refresh, retry, expire, minimum
192 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
193 ENTRY_END
194
195 ENTRY_BEGIN
196 MATCH opcode qtype qname
197 ADJUST copy_id
198 REPLY QR AA NOTIMPL
199 SECTION QUESTION
200 example.com. IN IXFR
201 SECTION ANSWER
202 ENTRY_END
203
204 ENTRY_BEGIN
205 MATCH opcode qtype qname
206 ADJUST copy_id
207 REPLY QR AA NOERROR
208 SECTION QUESTION
209 example.com. IN AXFR
210 SECTION ANSWER
211 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
212 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
213 example.com. 3600 IN NS ns.example.com.
214 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
215 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
216 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
217 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
218 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
219 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
220 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
221 ; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too.
222 bar.example.com. 3600 IN A 1.2.3.55
223 ; orig RR
224 ;bar.example.com. 3600 IN A 1.2.3.4
225 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
226 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
227 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
228 ding.example.com. 3600 IN A 1.2.3.4
229 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
230 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
231 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
232 foo.example.com. 3600 IN A 1.2.3.4
233 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
234 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
235 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
236 ns.example.com. 3600 IN A 127.0.0.1
237 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
238 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
239 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
240 www.example.com. 3600 IN A 127.0.0.1
241 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
242 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
243 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
244 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
245 ENTRY_END
246 RANGE_END
247
248 STEP 1 QUERY
249 ENTRY_BEGIN
250 REPLY RD
251 SECTION QUESTION
252 www.example.com. IN A
253 ENTRY_END
254
255 ; recursion happens here.
256 STEP 20 CHECK_ANSWER
257 ENTRY_BEGIN
258 MATCH all
259 REPLY QR AA RD RA SERVFAIL
260 SECTION QUESTION
261 www.example.com. IN A
262 SECTION ANSWER
263 ENTRY_END
264
265 STEP 30 TIME_PASSES ELAPSE 10
266 STEP 40 TRAFFIC
267
268 STEP 50 QUERY
269 ENTRY_BEGIN
270 REPLY RD
271 SECTION QUESTION
272 www.example.com. IN A
273 ENTRY_END
274
275 ; recursion happens here.
276 STEP 60 CHECK_ANSWER
277 ENTRY_BEGIN
278 MATCH all
279 REPLY QR AA RD RA SERVFAIL
280 SECTION QUESTION
281 www.example.com. IN A
282 SECTION ANSWER
283 ENTRY_END
284
285 ; the zonefile was updated with new contents
286 STEP 70 CHECK_TEMPFILE example.com
287 FILE_BEGIN
288 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
289 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
290 example.com. 3600 IN NS ns.example.com.
291 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
292 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD
293 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
294 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566}
295 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
296 example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F
297 example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
298 bar.example.com. 3600 IN A 1.2.3.55
299 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
300 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
301 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
302 ding.example.com. 3600 IN A 1.2.3.4
303 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
304 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
305 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
306 foo.example.com. 3600 IN A 1.2.3.4
307 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
308 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
309 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
310 ns.example.com. 3600 IN A 127.0.0.1
311 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
312 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
313 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
314 www.example.com. 3600 IN A 127.0.0.1
315 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
316 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
317 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
318 FILE_END
319
320 SCENARIO_END
+315
-0
testdata/auth_zonemd_xfr_chain_keyinxfr.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
4 trust-anchor-signaling: no
5 val-override-date: 20201020135527
6
7 auth-zone:
8 name: "example.com."
9 ## zonefile (or none).
10 ## zonefile: "example.com.zone"
11 ## master by IP address or hostname
12 ## can list multiple masters, each on one line.
13 ## master:
14 master: 1.2.3.44
15 ## url for http fetch
16 ## url:
17 ## queries from downstream clients get authoritative answers.
18 ## for-downstream: yes
19
20 ## The for-downstream and fallback are disabled, the key cannot be
21 ## retrieved by DNS lookup, it is in the xfr itself.
22 ## only after the zone is loaded can it be looked up.
23 for-downstream: no
24 ## queries are used to fetch authoritative answers from this zone,
25 ## instead of unbound itself sending queries there.
26 ## for-upstream: yes
27 for-upstream: yes
28 ## on failures with for-upstream, fallback to sending queries to
29 ## the authority servers
30 ## fallback-enabled: no
31 fallback-enabled: no
32 zonemd-check: yes
33
34 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
35 zonefile:
36 TEMPFILE_NAME example.com
37 ## this is the inline file /tmp/xxx.example.com
38 ## the tempfiles are deleted when the testrun is over.
39 TEMPFILE_CONTENTS example.com
40 TEMPFILE_END
41
42 stub-zone:
43 name: "."
44 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
45 CONFIG_END
46
47 SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with key in xfr
48
49 ; K.ROOT-SERVERS.NET.
50 RANGE_BEGIN 0 100
51 ADDRESS 193.0.14.129
52 ENTRY_BEGIN
53 MATCH opcode qtype qname
54 ADJUST copy_id
55 REPLY QR NOERROR
56 SECTION QUESTION
57 . IN NS
58 SECTION ANSWER
59 . IN NS K.ROOT-SERVERS.NET.
60 SECTION ADDITIONAL
61 K.ROOT-SERVERS.NET. IN A 193.0.14.129
62 ENTRY_END
63
64 ENTRY_BEGIN
65 MATCH opcode subdomain
66 ADJUST copy_id copy_query
67 REPLY QR NOERROR
68 SECTION QUESTION
69 com. IN NS
70 SECTION AUTHORITY
71 com. IN NS a.gtld-servers.net.
72 SECTION ADDITIONAL
73 a.gtld-servers.net. IN A 192.5.6.30
74 ENTRY_END
75 RANGE_END
76
77 ; a.gtld-servers.net.
78 RANGE_BEGIN 0 100
79 ADDRESS 192.5.6.30
80 ENTRY_BEGIN
81 MATCH opcode qtype qname
82 ADJUST copy_id
83 REPLY QR NOERROR
84 SECTION QUESTION
85 com. IN NS
86 SECTION ANSWER
87 com. IN NS a.gtld-servers.net.
88 SECTION ADDITIONAL
89 a.gtld-servers.net. IN A 192.5.6.30
90 ENTRY_END
91
92 ENTRY_BEGIN
93 MATCH opcode qname qtype
94 ADJUST copy_id
95 REPLY QR AA NOERROR
96 SECTION QUESTION
97 example.com. IN DS
98 SECTION ANSWER
99 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
100 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
101 ENTRY_END
102
103 ENTRY_BEGIN
104 MATCH opcode subdomain
105 ADJUST copy_id copy_query
106 REPLY QR NOERROR
107 SECTION QUESTION
108 example.com. IN NS
109 SECTION AUTHORITY
110 example.com. IN NS ns.example.com.
111 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af
112 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk=
113 SECTION ADDITIONAL
114 ns.example.com. IN A 1.2.3.44
115 ENTRY_END
116
117 ENTRY_BEGIN
118 MATCH opcode qtype qname
119 ADJUST copy_id
120 REPLY QR AA NOERROR
121 SECTION QUESTION
122 com. IN DNSKEY
123 SECTION ANSWER
124 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
125 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
126 SECTION ADDITIONAL
127 ENTRY_END
128 RANGE_END
129
130 ; ns.example.net.
131 RANGE_BEGIN 0 100
132 ADDRESS 1.2.3.44
133 ENTRY_BEGIN
134 MATCH opcode qtype qname
135 ADJUST copy_id
136 REPLY QR NOERROR
137 SECTION QUESTION
138 example.net. IN NS
139 SECTION ANSWER
140 example.net. IN NS ns.example.net.
141 SECTION ADDITIONAL
142 ns.example.net. IN A 1.2.3.44
143 ENTRY_END
144
145 ENTRY_BEGIN
146 MATCH opcode qtype qname
147 ADJUST copy_id
148 REPLY QR NOERROR
149 SECTION QUESTION
150 ns.example.net. IN A
151 SECTION ANSWER
152 ns.example.net. IN A 1.2.3.44
153 SECTION AUTHORITY
154 example.net. IN NS ns.example.net.
155 ENTRY_END
156
157 ENTRY_BEGIN
158 MATCH opcode qtype qname
159 ADJUST copy_id
160 REPLY QR NOERROR
161 SECTION QUESTION
162 ns.example.net. IN AAAA
163 SECTION AUTHORITY
164 example.net. IN NS ns.example.net.
165 SECTION ADDITIONAL
166 www.example.net. IN A 1.2.3.44
167 ENTRY_END
168
169 ENTRY_BEGIN
170 MATCH opcode qtype qname
171 ADJUST copy_id
172 REPLY QR NOERROR
173 SECTION QUESTION
174 example.com. IN NS
175 SECTION ANSWER
176 example.com. IN NS ns.example.net.
177 ENTRY_END
178
179 ENTRY_BEGIN
180 MATCH opcode qtype qname
181 ADJUST copy_id
182 REPLY QR NOERROR
183 SECTION QUESTION
184 www.example.com. IN A
185 SECTION ANSWER
186 www.example.com. IN A 10.20.30.40
187 ENTRY_END
188
189 ENTRY_BEGIN
190 MATCH opcode qtype qname
191 ADJUST copy_id
192 REPLY QR NOERROR
193 SECTION QUESTION
194 example.com. IN SOA
195 SECTION ANSWER
196 ; serial, refresh, retry, expire, minimum
197 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
198 ENTRY_END
199
200 ENTRY_BEGIN
201 MATCH opcode qtype qname
202 ADJUST copy_id
203 REPLY QR AA NOERROR
204 SECTION QUESTION
205 example.com. IN AXFR
206 SECTION ANSWER
207 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
208 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
209 example.com. 3600 IN NS ns.example.com.
210 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
211 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
212 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
213 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
214 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
215 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
216 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
217 bar.example.com. 3600 IN A 1.2.3.4
218 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
219 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
220 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
221 ding.example.com. 3600 IN A 1.2.3.4
222 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
223 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
224 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
225 foo.example.com. 3600 IN A 1.2.3.4
226 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
227 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
228 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
229 ns.example.com. 3600 IN A 127.0.0.1
230 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
231 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
232 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
233 www.example.com. 3600 IN A 127.0.0.1
234 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
235 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
236 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
237 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
238 ENTRY_END
239 RANGE_END
240
241 STEP 1 QUERY
242 ENTRY_BEGIN
243 REPLY RD
244 SECTION QUESTION
245 www.example.com. IN A
246 ENTRY_END
247
248 ; recursion happens here.
249 STEP 20 CHECK_ANSWER
250 ENTRY_BEGIN
251 MATCH all
252 REPLY QR RD RA SERVFAIL
253 SECTION QUESTION
254 www.example.com. IN A
255 SECTION ANSWER
256 ENTRY_END
257
258 STEP 30 TIME_PASSES ELAPSE 10
259 STEP 40 TRAFFIC
260
261 STEP 50 QUERY
262 ENTRY_BEGIN
263 REPLY RD
264 SECTION QUESTION
265 www.example.com. IN A
266 ENTRY_END
267
268 ; recursion happens here.
269 STEP 60 CHECK_ANSWER
270 ENTRY_BEGIN
271 MATCH all
272 REPLY QR RD RA NOERROR
273 SECTION QUESTION
274 www.example.com. IN A
275 SECTION ANSWER
276 www.example.com. IN A 127.0.0.1
277 ENTRY_END
278
279 ; the zonefile was updated with new contents
280 STEP 70 CHECK_TEMPFILE example.com
281 FILE_BEGIN
282 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
283 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
284 example.com. 3600 IN NS ns.example.com.
285 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
286 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD
287 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
288 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566}
289 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
290 example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F
291 example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
292 bar.example.com. 3600 IN A 1.2.3.4
293 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
294 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
295 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
296 ding.example.com. 3600 IN A 1.2.3.4
297 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
298 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
299 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
300 foo.example.com. 3600 IN A 1.2.3.4
301 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
302 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
303 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
304 ns.example.com. 3600 IN A 127.0.0.1
305 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
306 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
307 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
308 www.example.com. 3600 IN A 127.0.0.1
309 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
310 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
311 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
312 FILE_END
313
314 SCENARIO_END
+241
-0
testdata/auth_zonemd_xfr_fail.rpl less more
0 ; config options
1 server:
2 target-fetch-policy: "0 0 0 0 0"
3
4 auth-zone:
5 name: "example.com."
6 ## zonefile (or none).
7 ## zonefile: "example.com.zone"
8 ## master by IP address or hostname
9 ## can list multiple masters, each on one line.
10 ## master:
11 master: 1.2.3.44
12 ## url for http fetch
13 ## url:
14 ## queries from downstream clients get authoritative answers.
15 ## for-downstream: yes
16 for-downstream: yes
17 ## queries are used to fetch authoritative answers from this zone,
18 ## instead of unbound itself sending queries there.
19 ## for-upstream: yes
20 for-upstream: yes
21 ## on failures with for-upstream, fallback to sending queries to
22 ## the authority servers
23 ## fallback-enabled: no
24 zonemd-check: yes
25
26 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
27 zonefile:
28 TEMPFILE_NAME example.com
29 ## this is the inline file /tmp/xxx.example.com
30 ## the tempfiles are deleted when the testrun is over.
31 TEMPFILE_CONTENTS example.com
32 TEMPFILE_END
33
34 stub-zone:
35 name: "."
36 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
37 CONFIG_END
38
39 SCENARIO_BEGIN Test authority zone with AXFR with failed ZONEMD
40
41 ; K.ROOT-SERVERS.NET.
42 RANGE_BEGIN 0 100
43 ADDRESS 193.0.14.129
44 ENTRY_BEGIN
45 MATCH opcode qtype qname
46 ADJUST copy_id
47 REPLY QR NOERROR
48 SECTION QUESTION
49 . IN NS
50 SECTION ANSWER
51 . IN NS K.ROOT-SERVERS.NET.
52 SECTION ADDITIONAL
53 K.ROOT-SERVERS.NET. IN A 193.0.14.129
54 ENTRY_END
55
56 ENTRY_BEGIN
57 MATCH opcode subdomain
58 ADJUST copy_id copy_query
59 REPLY QR NOERROR
60 SECTION QUESTION
61 com. IN NS
62 SECTION AUTHORITY
63 com. IN NS a.gtld-servers.net.
64 SECTION ADDITIONAL
65 a.gtld-servers.net. IN A 192.5.6.30
66 ENTRY_END
67 RANGE_END
68
69 ; a.gtld-servers.net.
70 RANGE_BEGIN 0 100
71 ADDRESS 192.5.6.30
72 ENTRY_BEGIN
73 MATCH opcode qtype qname
74 ADJUST copy_id
75 REPLY QR NOERROR
76 SECTION QUESTION
77 com. IN NS
78 SECTION ANSWER
79 com. IN NS a.gtld-servers.net.
80 SECTION ADDITIONAL
81 a.gtld-servers.net. IN A 192.5.6.30
82 ENTRY_END
83
84 ENTRY_BEGIN
85 MATCH opcode subdomain
86 ADJUST copy_id copy_query
87 REPLY QR NOERROR
88 SECTION QUESTION
89 example.com. IN NS
90 SECTION AUTHORITY
91 example.com. IN NS ns.example.com.
92 SECTION ADDITIONAL
93 ns.example.com. IN A 1.2.3.44
94 ENTRY_END
95 RANGE_END
96
97 ; ns.example.net.
98 RANGE_BEGIN 0 100
99 ADDRESS 1.2.3.44
100 ENTRY_BEGIN
101 MATCH opcode qtype qname
102 ADJUST copy_id
103 REPLY QR NOERROR
104 SECTION QUESTION
105 example.net. IN NS
106 SECTION ANSWER
107 example.net. IN NS ns.example.net.
108 SECTION ADDITIONAL
109 ns.example.net. IN A 1.2.3.44
110 ENTRY_END
111
112 ENTRY_BEGIN
113 MATCH opcode qtype qname
114 ADJUST copy_id
115 REPLY QR NOERROR
116 SECTION QUESTION
117 ns.example.net. IN A
118 SECTION ANSWER
119 ns.example.net. IN A 1.2.3.44
120 SECTION AUTHORITY
121 example.net. IN NS ns.example.net.
122 ENTRY_END
123
124 ENTRY_BEGIN
125 MATCH opcode qtype qname
126 ADJUST copy_id
127 REPLY QR NOERROR
128 SECTION QUESTION
129 ns.example.net. IN AAAA
130 SECTION AUTHORITY
131 example.net. IN NS ns.example.net.
132 SECTION ADDITIONAL
133 www.example.net. IN A 1.2.3.44
134 ENTRY_END
135
136 ENTRY_BEGIN
137 MATCH opcode qtype qname
138 ADJUST copy_id
139 REPLY QR NOERROR
140 SECTION QUESTION
141 example.com. IN NS
142 SECTION ANSWER
143 example.com. IN NS ns.example.net.
144 ENTRY_END
145
146 ENTRY_BEGIN
147 MATCH opcode qtype qname
148 ADJUST copy_id
149 REPLY QR NOERROR
150 SECTION QUESTION
151 www.example.com. IN A
152 SECTION ANSWER
153 www.example.com. IN A 10.20.30.40
154 ENTRY_END
155
156 ENTRY_BEGIN
157 MATCH opcode qtype qname
158 ADJUST copy_id
159 REPLY QR NOERROR
160 SECTION QUESTION
161 example.com. IN SOA
162 SECTION ANSWER
163 ; serial, refresh, retry, expire, minimum
164 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
165 ENTRY_END
166
167 ENTRY_BEGIN
168 MATCH opcode qtype qname
169 ADJUST copy_id
170 REPLY QR AA NOTIMPL
171 SECTION QUESTION
172 example.com. IN IXFR
173 SECTION ANSWER
174 ENTRY_END
175
176 ENTRY_BEGIN
177 MATCH opcode qtype qname
178 ADJUST copy_id
179 REPLY QR AA NOERROR
180 SECTION QUESTION
181 example.com. IN AXFR
182 SECTION ANSWER
183 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
184 example.com. IN NS ns.example.com.
185 ; old zonemd
186 ;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
187 ; wrong zonemd
188 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA
189 www.example.com. IN A 127.0.0.1
190 ns.example.com. IN A 127.0.0.1
191 bar.example.com. IN A 1.2.3.4
192 ding.example.com. IN A 1.2.3.4
193 foo.example.com. IN A 1.2.3.4
194 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
195 ENTRY_END
196 RANGE_END
197
198 STEP 1 QUERY
199 ENTRY_BEGIN
200 REPLY RD
201 SECTION QUESTION
202 www.example.com. IN A
203 ENTRY_END
204
205 ; recursion happens here.
206 STEP 20 CHECK_ANSWER
207 ENTRY_BEGIN
208 MATCH all
209 REPLY QR AA RD RA SERVFAIL
210 SECTION QUESTION
211 www.example.com. IN A
212 SECTION ANSWER
213 ENTRY_END
214
215 STEP 30 TIME_PASSES ELAPSE 10
216 STEP 40 TRAFFIC
217
218 STEP 50 QUERY
219 ENTRY_BEGIN
220 REPLY RD
221 SECTION QUESTION
222 www.example.com. IN A
223 ENTRY_END
224
225 ; recursion happens here.
226 STEP 60 CHECK_ANSWER
227 ENTRY_BEGIN
228 MATCH all
229 REPLY QR AA RD RA SERVFAIL
230 SECTION QUESTION
231 www.example.com. IN A
232 SECTION ANSWER
233 ENTRY_END
234
235 ; the zonefile was updated with new contents
236 STEP 70 CHECK_TEMPFILE example.com
237 FILE_BEGIN
238 FILE_END
239
240 SCENARIO_END
+90
-0
testdata/edns_attached_once_per_upstream.rpl less more
0 ; config options
1 server:
2 edns-client-string: 10.0.0.0/24 "abc d"
3 outbound-msg-retry: 1
4
5 stub-zone:
6 name: "edns-string-abc."
7 stub-addr: 10.0.0.3
8 stub-first: yes
9
10 forward-zone:
11 name: "."
12 forward-addr: 10.0.0.1
13
14 CONFIG_END
15
16 SCENARIO_BEGIN Test that upstream specific EDNS is attached once; uses string tag option
17
18 RANGE_BEGIN 0 1000
19 ADDRESS 10.0.0.3
20 ENTRY_BEGIN
21 MATCH opcode qtype qname
22 ADJUST copy_id
23 REPLY QR SERVFAIL
24 SECTION QUESTION
25 edns-string-abc. IN A
26 ENTRY_END
27 RANGE_END
28
29 RANGE_BEGIN 0 1000
30 ADDRESS 10.0.0.1
31 ENTRY_BEGIN
32 MATCH opcode qtype qname
33 ADJUST copy_id
34 REPLY QR NOERROR
35 SECTION QUESTION
36 edns-string-abc. IN A
37 SECTION ANSWER
38 edns-string-abc. IN A 10.20.30.40
39 SECTION ADDITIONAL
40 ENTRY_END
41 RANGE_END
42
43 STEP 10 QUERY
44 ENTRY_BEGIN
45 REPLY RD
46 SECTION QUESTION
47 edns-string-abc. IN A
48 ENTRY_END
49
50 ; This will receive SERVFAIL and the next address will be queried
51 STEP 20 CHECK_OUT_QUERY ADDRESS 10.0.0.3
52 ENTRY_BEGIN
53 MATCH qname qtype opcode ednsdata
54 SECTION QUESTION
55 edns-string-abc. IN A
56 SECTION ADDITIONAL
57 HEX_EDNSDATA_BEGIN
58 fd e9 ; Opcode 65001
59 00 05 ; Length 5
60 61 62 63 20 64 ; "abc d"
61 HEX_EDNSDATA_END
62 ENTRY_END
63
64 ; This will receive the answer; makes sure that EDNS is attached once
65 STEP 22 CHECK_OUT_QUERY ADDRESS 10.0.0.1
66 ENTRY_BEGIN
67 MATCH qname qtype opcode ednsdata
68 SECTION QUESTION
69 edns-string-abc. IN A
70 SECTION ADDITIONAL
71 HEX_EDNSDATA_BEGIN
72 fd e9 ; Opcode 65001
73 00 05 ; Length 5
74 61 62 63 20 64 ; "abc d"
75 HEX_EDNSDATA_END
76 ENTRY_END
77
78
79 STEP 30 CHECK_ANSWER
80 ENTRY_BEGIN
81 MATCH all
82 REPLY QR RD RA NOERROR
83 SECTION QUESTION
84 edns-string-abc. IN A
85 SECTION ANSWER
86 edns-string-abc. IN A 10.20.30.40
87 ENTRY_END
88
89 SCENARIO_END
+1
-1
testdata/fwd.rpl less more
2727 SECTION QUESTION
2828 www.example.com. IN A
2929 ENTRY_END
30 ; unneccesary nothing steps.
30 ; unnecessary nothing steps.
3131 STEP 2 NOTHING
3232 STEP 3 NOTHING
3333 STEP 4 CHECK_ANSWER
+1
-1
testdata/fwd_any.rpl less more
5858 SECTION QUESTION
5959 www.example.com. IN A
6060 ENTRY_END
61 ; unneccesary nothing steps.
61 ; unnecessary nothing steps.
6262 STEP 20 NOTHING
6363 STEP 30 CHECK_ANSWER
6464 ENTRY_BEGIN
+1
-1
testdata/fwd_error.rpl less more
88 www.example.com. IN A
99 ENTRY_END
1010 ; But the pending query fails due to error (say TCP failure or malloc or ...)
11 ; This is iterator/iterator.h OUTBOUND_MSG_RETRY number of errors.
11 ; This is util/config_file.c outbound-msg-retry number of errors.
1212 STEP 2 ERROR
1313 STEP 3 ERROR
1414 STEP 4 ERROR
+27
-0
testdata/fwd_error_retries.rpl less more
0 ; config options
1 server:
2 outbound-msg-retry: 1
3
4 forward-zone:
5 name: "."
6 forward-addr: 216.0.0.1
7 CONFIG_END
8 SCENARIO_BEGIN Test basic forwarding with servfail and retry of 1
9 STEP 1 QUERY
10 ENTRY_BEGIN
11 REPLY RD
12 SECTION QUESTION
13 www.example.com. IN A
14 ENTRY_END
15 ; query fails with servfail, now we make only outgoing-msg-retry=1 retries
16 STEP 2 ERROR
17 ; returns servfail
18 STEP 14 CHECK_ANSWER
19 ENTRY_BEGIN
20 MATCH opcode qname qtype
21 SECTION QUESTION
22 REPLY SERVFAIL QR RD RA
23 MATCH all
24 www.example.com. IN A
25 ENTRY_END
26 SCENARIO_END
+1
-1
testdata/fwd_timeout.rpl less more
88 www.example.com. IN A
99 ENTRY_END
1010 ; But the pending query times out!
11 ; OUTBOUND_MSG_RETRY times timeout.
11 ; outbound-msg-retry times timeout.
1212 STEP 2 TIMEOUT
1313 STEP 3 TIMEOUT
1414 STEP 4 TIMEOUT
+20
-0
testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.conf less more
0 server:
1 verbosity: 5
2 # num-threads: 1
3 interface: 127.0.0.1
4 port: @PORT@
5 use-syslog: no
6 directory: ""
7 pidfile: "unbound.pid"
8 chroot: ""
9 username: ""
10 do-not-query-localhost: no
11 forward-zone:
12 name: "tcp.example.com"
13 forward-addr: "127.0.0.1@@TOPORT@"
14 forward-tcp-upstream: "yes"
15 forward-zone:
16 name: "udp.example.com"
17 forward-addr: "127.0.0.1@@TOPORT@"
18 forward-tcp-upstream: "no"
19
+16
-0
testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.dsc less more
0 BaseName: fwd_udp_with_tcp_upstream
1 Version: 1.0
2 Description: Forward an UDP packet to upstream via TCP and return reply.
3 CreationDate: Thu Aug 5 07:44:41 CEST 2021
4 Maintainer: ziollek
5 Category:
6 Component:
7 CmdDepends:
8 Depends:
9 Help:
10 Pre: fwd_udp_with_tcp_upstream.pre
11 Post: fwd_udp_with_tcp_upstream.post
12 Test: fwd_udp_with_tcp_upstream.test
13 AuxFiles:
14 Passed:
15 Failure:
+10
-0
testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.post less more
0 # #-- fwd_udp_with_tcp_upstream.post --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # source the test var file when it's there
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5 #
6 # do your teardown here
7 . ../common.sh
8 kill_pid $FWD_PID
9 kill_pid $UNBOUND_PID
+31
-0
testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.pre less more
0 # #-- fwd_udp_with_tcp_upstream.pre--#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 . ../common.sh
7 get_random_port 2
8 UNBOUND_PORT=$RND_PORT
9 FWD_PORT=$(($RND_PORT + 1))
10 echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
11 echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
12
13 # start forwarder
14 get_ldns_testns
15 $LDNS_TESTNS -p $FWD_PORT fwd_udp_with_tcp_upstream.testns >fwd.log 2>&1 &
16 FWD_PID=$!
17 echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
18
19 # make config file
20 sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < fwd_udp_with_tcp_upstream.conf > ub.conf
21 # start unbound in the background
22 PRE="../.."
23 $PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
24 UNBOUND_PID=$!
25 echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
26
27 cat .tpkg.var.test
28 wait_ldns_testns_up fwd.log
29 wait_unbound_up unbound.log
30
+35
-0
testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test less more
0 # #-- fwd_udp_with_tcp_upstream.test --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 PRE="../.."
7 # do the test
8 echo "> dig tcp.example.com."
9 dig @localhost -p $UNBOUND_PORT tcp.example.com. | tee outfile
10 echo "> cat logfiles"
11 cat fwd.log
12 cat unbound.log
13 echo "> check answer"
14 if grep "10.20.30.40" outfile; then
15 echo "OK"
16 else
17 echo "Not OK"
18 exit 1
19 fi
20
21 echo "> dig udp.example.com."
22 dig @localhost -p $UNBOUND_PORT udp.example.com. | tee outfile
23 echo "> cat logfiles"
24 cat fwd.log
25 cat unbound.log
26 echo "> check answer"
27 if grep "10.20.30.80" outfile; then
28 echo "OK"
29 else
30 echo "Not OK"
31 exit 1
32 fi
33
34 exit 0
+25
-0
testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.testns less more
0 ; nameserver test file
1 $ORIGIN example.com.
2 $TTL 3600
3
4 ENTRY_BEGIN
5 MATCH opcode qtype qname
6 MATCH TCP
7 REPLY QR AA NOERROR
8 ADJUST copy_id
9 SECTION QUESTION
10 tcp IN A
11 SECTION ANSWER
12 tcp IN A 10.20.30.40
13 ENTRY_END
14
15 ENTRY_BEGIN
16 MATCH opcode qtype qname
17 MATCH UDP
18 REPLY QR AA NOERROR
19 ADJUST copy_id
20 SECTION QUESTION
21 udp IN A
22 SECTION ANSWER
23 udp IN A 10.20.30.80
24 ENTRY_END
+1
-1
testdata/fwd_zero.tdir/fwd_zero.test less more
66 PRE="../.."
77
88 OPT="-i"
9 if nc -h 2>&1 | grep -- "-w secs" >/dev/null; then
9 if nc -h 2>&1 | grep -E -- "-w (timeout|secs)" >/dev/null; then
1010 OPT="-w"
1111 fi
1212
+3
-0
testdata/http_user_agent.tdir/127.0.0.1/example.com.zone less more
0 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
1 example.com. IN NS ns.example.net.
2 www.example.com. IN A 1.2.3.4
+24
-0
testdata/http_user_agent.tdir/http_user_agent.conf less more
0 auth-zone:
1 name: "example.com"
2 for-upstream: yes
3 for-downstream: yes
4 url: "https://127.0.0.1:@TOPORT@/example.com.zone"
5 remote-control:
6 control-enable: yes
7 control-interface: 127.0.0.1
8 control-port: @CONTROL_PORT@
9 server-key-file: "unbound_server.key"
10 server-cert-file: "unbound_server.pem"
11 control-key-file: "unbound_control.key"
12 control-cert-file: "unbound_control.pem"
13 server:
14 verbosity: 7
15 interface: 127.0.0.1
16 port: @PORT@
17 use-syslog: no
18 directory: ""
19 pidfile: "unbound.pid"
20 chroot: ""
21 username: ""
22 do-not-query-localhost: no
23 use-caps-for-id: yes
+16
-0
testdata/http_user_agent.tdir/http_user_agent.dsc less more
0 BaseName: http_user_agent
1 Version: 1.0
2 Description: Check the http-user-agent configuration
3 CreationDate: Wed 2 Jun 13:59:26 CEST 2021
4 Maintainer:
5 Category:
6 Component:
7 CmdDepends:
8 Depends:
9 Help:
10 Pre: http_user_agent.pre
11 Post: http_user_agent.post
12 Test: http_user_agent.test
13 AuxFiles:
14 Passed:
15 Failure:
+11
-0
testdata/http_user_agent.tdir/http_user_agent.post less more
0 # #-- http_user_agent.post --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # source the test var file when it's there
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5 #
6 # do your teardown here
7 PRE="../.."
8 . ../common.sh
9 kill_pid $UNBOUND_PID
10 kill_pid $PETAL_PID
+37
-0
testdata/http_user_agent.tdir/http_user_agent.pre less more
0 # #-- http_user_agent.pre--#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 PRE="../.."
7 . ../common.sh
8 get_random_port 3
9 UNBOUND_PORT=$RND_PORT
10 PETAL_PORT=$(($RND_PORT + 1))
11 CONTROL_PORT=$(($RND_PORT + 3))
12 echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
13 echo "PETAL_PORT=$PETAL_PORT" >> .tpkg.var.test
14 echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
15
16 get_make
17 (cd $PRE; $MAKE petal)
18
19 # start https daemon
20 # More verbosity because we need to see the HTTP headers
21 $PRE/petal -vv -a "127.0.0.1" -p $PETAL_PORT >petal.log 2>&1 &
22 PETAL_PID=$!
23 echo "PETAL_PID=$PETAL_PID" >> .tpkg.var.test
24 cat .tpkg.var.test
25 wait_petal_up petal.log
26
27 # make config file
28 sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$PETAL_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/'< http_user_agent.conf > ub.conf
29 # start unbound in the background
30 $PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
31 UNBOUND_PID=$!
32 echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
33
34 cat .tpkg.var.test
35 wait_unbound_up unbound.log
36
+103
-0
testdata/http_user_agent.tdir/http_user_agent.test less more
0 # #-- http_user_agent.test --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 PRE="../.."
7
8 # Query and check check that we get the correct answer from the auth_zone
9 query () {
10 echo "> dig www.example.com."
11 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
12 if grep SERVFAIL outfile; then
13 echo "> try again"
14 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
15 fi
16 if grep SERVFAIL outfile; then
17 echo "> try again"
18 sleep 1
19 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
20 fi
21 if grep SERVFAIL outfile; then
22 echo "> try again"
23 sleep 1
24 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
25 fi
26 if grep SERVFAIL outfile; then
27 echo "> try again"
28 sleep 1
29 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
30 fi
31 if grep SERVFAIL outfile; then
32 echo "> try again"
33 sleep 10
34 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
35 fi
36 if grep SERVFAIL outfile; then
37 echo "> try again"
38 sleep 10
39 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
40 fi
41 echo "> check answer"
42 if grep "1.2.3.4" outfile; then
43 echo "OK"
44 else
45 echo "Not OK"
46 exit 1
47 fi
48 }
49
50 # Reload the configuration and retransfer the zone
51 reload_and_retransfer () {
52 echo "> Reloading Unbound"
53 echo "$PRE/unbound-control -c ub.conf reload"
54 $PRE/unbound-control -c ub.conf reload
55 if test $? -ne 0; then
56 echo "wrong exit value from unbound-control"
57 exit 1
58 fi
59 echo "> Refetching example.com"
60 echo "$PRE/unbound-control -c ub.conf auth_zone_transfer example.com"
61 $PRE/unbound-control -c ub.conf auth_zone_transfer example.com
62 if test $? -ne 0; then
63 echo "wrong exit value from unbound-control"
64 exit 1
65 fi
66 }
67
68 # do the test
69 query
70 # add custom http-user-agent
71 echo "server: http-user-agent: customUA" >> ub.conf
72 reload_and_retransfer
73 query
74 # hide http-user-agent
75 echo "server: hide-http-user-agent: yes" >> ub.conf
76 reload_and_retransfer
77 query
78
79 echo "> cat logfiles"
80 cat petal.log
81 cat unbound.log
82
83 # check petal.log for the correct number of occurrences.
84 # It should be 2 User-Agents, one being the custom.
85 echo "> check User-Agent occurrences"
86 occurrences=`grep "User-Agent:" petal.log | wc -l`
87 echo $occurrences
88 if test $occurrences -eq 2; then
89 echo "OK"
90 else
91 echo "Not OK"
92 exit 1
93 fi
94 echo "> check custom User-Agent"
95 if grep "User-Agent: customUA" petal.log; then
96 echo "OK"
97 else
98 echo "Not OK"
99 exit 1
100 fi
101
102 exit 0
+21
-0
testdata/http_user_agent.tdir/petal.key less more
0 -----BEGIN RSA PRIVATE KEY-----
1 MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ
2 RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1
3 QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu
4 O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU
5 J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG
6 Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh
7 mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh
8 qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU
9 6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz
10 lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc
11 Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM
12 XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ
13 Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh
14 C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C
15 EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS
16 3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY
17 F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ
18 kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3
19 berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2
20 -----END RSA PRIVATE KEY-----
+14
-0
testdata/http_user_agent.tdir/petal.pem less more
0 -----BEGIN CERTIFICATE-----
1 MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw
2 ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT
3 BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd
4 OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03
5 /32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8
6 67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL
7 PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG
8 9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD
9 ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO
10 mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV
11 bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd
12 q7miNnkO8vd0maw=
13 -----END CERTIFICATE-----
+39
-0
testdata/http_user_agent.tdir/unbound_control.key less more
0 -----BEGIN RSA PRIVATE KEY-----
1 MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
2 1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
3 F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
4 ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
5 vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
6 IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
7 cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
8 lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
9 15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
10 LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
11 Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
12 YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
13 whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
14 lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
15 tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
16 U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
17 Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
18 Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
19 ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
20 1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
21 b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
22 ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
23 TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
24 tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
25 aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
26 A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
27 LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
28 R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
29 7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
30 7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
31 jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
32 BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
33 kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
34 qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
35 VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
36 MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
37 C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
38 -----END RSA PRIVATE KEY-----
+22
-0
testdata/http_user_agent.tdir/unbound_control.pem less more
0 -----BEGIN CERTIFICATE-----
1 MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
2 EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
3 WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
4 A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
5 OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
6 1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
7 NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
8 A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
9 Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
10 TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
11 nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
12 +i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
13 4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
14 hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
15 9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
16 ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
17 pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
18 72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
19 muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
20 uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
21 -----END CERTIFICATE-----
+39
-0
testdata/http_user_agent.tdir/unbound_server.key less more
0 -----BEGIN RSA PRIVATE KEY-----
1 MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
2 0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
3 GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
4 uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
5 WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
6 FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
7 q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
8 A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
9 7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
10 XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
11 iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
12 2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
13 MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
14 WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
15 O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
16 IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
17 qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
18 dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
19 bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
20 YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
21 7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
22 gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
23 5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
24 ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
25 oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
26 s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
27 zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
28 ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
29 oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
30 BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
31 mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
32 kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
33 7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
34 RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
35 jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
36 O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
37 MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
38 -----END RSA PRIVATE KEY-----
+22
-0
testdata/http_user_agent.tdir/unbound_server.pem less more
0 -----BEGIN CERTIFICATE-----
1 MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
2 EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
3 WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
4 igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
5 a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
6 4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
7 aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
8 TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
9 uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
10 +nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
11 XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
12 dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
13 84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
14 JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
15 fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
16 XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
17 qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
18 sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
19 yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
20 CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
21 -----END CERTIFICATE-----
+1
-1
testdata/iter_primenoglue.rpl less more
2727 SECTION ANSWER
2828 . IN NS K.ROOT-SERVERS.NET.
2929 SECTION ADDITIONAL
30 ; glue ommitted!
30 ; glue omitted!
3131 ;K.ROOT-SERVERS.NET. IN A 193.0.14.129
3232 ENTRY_END
3333
+1
-1
testdata/iter_scrub_dname_rev.rpl less more
1616 SCENARIO_BEGIN Test scrub of reversed DNAME and CNAME in answer section
1717
1818 RANGE_BEGIN 0 100
19 ; all adresses
19 ; all addresses
2020 ENTRY_BEGIN
2121 MATCH opcode qtype qname
2222 ADJUST copy_id
+1
-1
testdata/iter_scrub_dname_sec.rpl less more
1616 SCENARIO_BEGIN Test scrub of secure DNAME in answer section
1717
1818 RANGE_BEGIN 0 100
19 ; all adresses
19 ; all addresses
2020 ENTRY_BEGIN
2121 MATCH opcode qtype qname
2222 ADJUST copy_id
+54
-0
testdata/localdata.rpl less more
4444 local-data: "b.c.implicit. A 20.30.45.50"
4545 local-data: "c.c.implicit. A 20.30.44.50"
4646
47 ; create implicit data in the ANY domain
48 ; this should inherit the local_zone_type of the already configured
49 ; zone 'refuse.top.' and not be transparent
50 local-data: "refuse.top. ANY TXT implicit_non_transparent"
51
52 stub-zone:
53 name: "refuse.top"
54 stub-addr: 1.2.3.4
55
4756 CONFIG_END
4857 SCENARIO_BEGIN Test local data queries
58
59 RANGE_BEGIN 0 100
60 ADDRESS 1.2.3.4
61 ; This entry should never be queried
62 ENTRY_BEGIN
63 MATCH opcode qtype qname
64 ADJUST copy_id
65 REPLY QR NOERROR
66 SECTION QUESTION
67 www.refuse.top. IN A
68 SECTION ANSWER
69 www.refuse.top. IN A 5.5.5.5
70 ENTRY_END
71 RANGE_END
4972
5073 ; id.server.
5174 STEP 1 QUERY
389412 foo.null.top. IN AAAA ::0
390413 ENTRY_END
391414
415 ; refuse zone for implicit local-data with CLASS != IN
416 STEP 64 QUERY
417 ENTRY_BEGIN
418 SECTION QUESTION
419 refuse.top. ANY TXT
420 ENTRY_END
421 STEP 65 CHECK_ANSWER
422 ENTRY_BEGIN
423 MATCH all
424 REPLY QR RA AA NOERROR
425 SECTION QUESTION
426 refuse.top. ANY TXT
427 SECTION ANSWER
428 refuse.top. ANY TXT implicit_non_transparent
429 ENTRY_END
430
431 ; refuse zone for implicit local-data with CLASS != IN
432 STEP 66 QUERY
433 ENTRY_BEGIN
434 REPLY RD
435 SECTION QUESTION
436 www.refuse.top. ANY A
437 ENTRY_END
438 STEP 67 CHECK_ANSWER
439 ENTRY_BEGIN
440 MATCH all
441 REPLY QR RA RD AA REFUSED
442 SECTION QUESTION
443 www.refuse.top. ANY A
444 ENTRY_END
445
392446 SCENARIO_END
+174
-0
testdata/nsid_bogus.rpl less more
0 ; config options
1 ; The island of trust is at example.com
2 server:
3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
5 target-fetch-policy: "0 0 0 0 0"
6 qname-minimisation: "no"
7 fake-sha1: yes
8 trust-anchor-signaling: no
9 minimal-responses: no
10 nsid: "ascii_hopsa kidee"
11
12 stub-zone:
13 name: "."
14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
15 CONFIG_END
16
17 SCENARIO_BEGIN Test for NSID in SERVFAIL response due to DNSSEC bogus
18
19 ; K.ROOT-SERVERS.NET.
20 RANGE_BEGIN 0 100
21 ADDRESS 193.0.14.129
22 ENTRY_BEGIN
23 MATCH opcode qtype qname
24 ADJUST copy_id
25 REPLY QR NOERROR
26 SECTION QUESTION
27 . IN NS
28 SECTION ANSWER
29 . IN NS K.ROOT-SERVERS.NET.
30 SECTION ADDITIONAL
31 K.ROOT-SERVERS.NET. IN A 193.0.14.129
32 ENTRY_END
33
34 ENTRY_BEGIN
35 MATCH opcode qtype qname
36 ADJUST copy_id
37 REPLY QR NOERROR
38 SECTION QUESTION
39 www.example.com. IN A
40 SECTION AUTHORITY
41 com. IN NS a.gtld-servers.net.
42 SECTION ADDITIONAL
43 a.gtld-servers.net. IN A 192.5.6.30
44 ENTRY_END
45 RANGE_END
46
47 ; a.gtld-servers.net.
48 RANGE_BEGIN 0 100
49 ADDRESS 192.5.6.30
50 ENTRY_BEGIN
51 MATCH opcode qtype qname
52 ADJUST copy_id
53 REPLY QR NOERROR
54 SECTION QUESTION
55 com. IN NS
56 SECTION ANSWER
57 com. IN NS a.gtld-servers.net.
58 SECTION ADDITIONAL
59 a.gtld-servers.net. IN A 192.5.6.30
60 ENTRY_END
61
62 ENTRY_BEGIN
63 MATCH opcode qtype qname
64 ADJUST copy_id
65 REPLY QR NOERROR
66 SECTION QUESTION
67 www.example.com. IN A
68 SECTION AUTHORITY
69 example.com. IN NS ns.example.com.
70 SECTION ADDITIONAL
71 ns.example.com. IN A 1.2.3.4
72 ENTRY_END
73 RANGE_END
74
75 ; ns.example.com.
76 RANGE_BEGIN 0 100
77 ADDRESS 1.2.3.4
78 ENTRY_BEGIN
79 MATCH opcode qtype qname
80 ADJUST copy_id
81 REPLY QR NOERROR
82 SECTION QUESTION
83 example.com. IN NS
84 SECTION ANSWER
85 example.com. IN NS ns.example.com.
86 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
87 SECTION ADDITIONAL
88 ns.example.com. IN A 1.2.3.4
89 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
90 ENTRY_END
91
92 ; response to DNSKEY priming query
93 ENTRY_BEGIN
94 MATCH opcode qtype qname
95 ADJUST copy_id
96 REPLY QR NOERROR
97 SECTION QUESTION
98 example.com. IN DNSKEY
99 SECTION ANSWER
100 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
101 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
102 SECTION AUTHORITY
103 example.com. IN NS ns.example.com.
104 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
105 SECTION ADDITIONAL
106 ns.example.com. IN A 1.2.3.4
107 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
108 ENTRY_END
109
110 ; nodata for ns.example.com AAAA
111 ENTRY_BEGIN
112 MATCH opcode qtype qname
113 ADJUST copy_id
114 REPLY QR AA NOERROR
115 SECTION QUESTION
116 ns.example.com. IN AAAA
117 SECTION ANSWER
118 SECTION ADDITIONAL
119 ENTRY_END
120
121
122 ; response to query of interest
123 ENTRY_BEGIN
124 MATCH opcode qtype qname
125 ADJUST copy_id
126 REPLY QR NOERROR
127 SECTION QUESTION
128 www.example.com. IN A
129 SECTION ANSWER
130 www.example.com. IN A 10.20.30.40
131 ;good signature
132 ;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
133 ;missing
134 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2855 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4=
135 SECTION AUTHORITY
136 example.com. IN NS ns.example.com.
137 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
138 SECTION ADDITIONAL
139 ns.example.com. IN A 1.2.3.4
140 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
141 ENTRY_END
142 RANGE_END
143
144 STEP 1 QUERY
145 ENTRY_BEGIN
146 REPLY RD DO
147 SECTION QUESTION
148 www.example.com. IN A
149 SECTION ADDITIONAL
150 HEX_EDNSDATA_BEGIN
151 00 03 ; Opcode NSID (3)
152 00 00 ; Length 0
153 HEX_EDNSDATA_END
154 ENTRY_END
155
156 ; recursion happens here.
157 STEP 10 CHECK_ANSWER
158 ENTRY_BEGIN
159 MATCH all
160 REPLY QR RD RA DO SERVFAIL
161 SECTION QUESTION
162 www.example.com. IN A
163 SECTION ANSWER
164 SECTION ADDITIONAL
165 HEX_EDNSDATA_BEGIN
166 00 03 ; Opcode NSID (3)
167 00 0b ; Length 11
168 68 6F 70 73 61 20 ; "hopsa "
169 6B 69 64 65 65 ; "kidee"
170 HEX_EDNSDATA_END
171 ENTRY_END
172
173 SCENARIO_END
+1
-1
testdata/pylib.tdir/pylib.lookup.conf less more
1010 stub-zone:
1111 name: "example.com."
1212 stub-addr: "127.0.0.1@@TOPORT@"
13
13 stub-no-cache: yes
+21
-53
testdata/pylib.tdir/pylib.lookup.py less more
88 import unbound
99
1010 qname = "www.example.com"
11 qname2 = "www2.example.com"
1112 qtype = unbound.RR_TYPE_A
1213 qclass = unbound.RR_CLASS_IN
14
1315
1416 def create_context(config_file="ub.lookup.conf", asyncflag=False):
1517 """
6870 print("Failed async resolve with: {}".format(retval))
6971
7072
71 def test_ratelimit_fg_on(ctx):
72 """
73 Test resolving a ratelimited domain with a foreground worker.
74
75 """
76 ctx.set_option("ratelimit:", "1")
77 ctx.set_option("ratelimit-factor:", "0")
78 status, result = ctx.resolve(qname, qtype, qclass)
79 if status == 0 and result.was_ratelimited:
80 print("Ratelimit-fg-on: pass")
81 else:
82 print("Failed ratelimit-fg-on with: {}".format(status))
83
84
85 def test_ratelimit_fg_off(ctx):
86 """
87 Test resolving a non-ratelimited domain with a foreground worker.
88
89 """
90 status, result = ctx.resolve(qname, qtype, qclass)
91 if status == 0 and result.havedata:
92 print("Ratelimit-fg-off: {}".format(result.data.address_list))
93 else:
94 print("Failed ratelimit-fg-off with: {}".format(status))
95
96
9773 def test_ratelimit_bg_on(ctx):
9874 """
9975 Test resolving a ratelimited domain with a background worker.
10177 """
10278 ctx.set_option("ratelimit:", "1")
10379 ctx.set_option("ratelimit-factor:", "0")
104 cb_data = dict(done=False)
105 retval, async_id = ctx.resolve_async(qname, cb_data, callback, qtype, qclass)
106 while retval == 0 and not cb_data['done']:
107 time.sleep(0.1)
108 retval = ctx.process()
80 total_runs = 6
81 success_threshold = 4 # 2/3*total_runs
82 successes = 0
83 for i in range(total_runs):
84 cb_data = dict(done=False)
85 cb_data2 = dict(done=False)
86 retval, async_id = ctx.resolve_async(qname, cb_data, callback, qtype, qclass)
87 retval, async_id = ctx.resolve_async(qname2, cb_data2, callback, qtype, qclass)
10988
110 if cb_data.get('was_ratelimited'):
89 while retval == 0 and not (cb_data['done'] and cb_data['done']):
90 time.sleep(0.1)
91 retval = ctx.process()
92
93 if bool(cb_data.get('was_ratelimited')) ^ bool(cb_data2.get('was_ratelimited')):
94 successes += 1
95 if successes >= success_threshold:
96 break
97 time.sleep(1)
98 if successes >= success_threshold:
11199 print("Ratelimit-bg-on: pass")
112100 else:
113 print("Failed ratelimit-bg-on with: {}".format(status))
114
115
116 def test_ratelimit_bg_off(ctx):
117 """
118 Test resolving a non-ratelimited domain with a background worker.
119
120 """
121 cb_data = dict(done=False)
122 retval, async_id = ctx.resolve_async(qname, cb_data, callback, qtype, qclass)
123 while retval == 0 and not cb_data['done']:
124 time.sleep(0.1)
125 retval = ctx.process()
126
127 if cb_data.get('data'):
128 print("Ratelimit-bg-off: {}".format(cb_data['data'].address_list))
129 else:
130 print("Failed ratelimit-bg-off with: {}".format(status))
101 print("Failed ratelimit-bg-on")
131102
132103
133104 test_resolve(create_context())
134105 test_async_resolve(create_context(asyncflag=True))
135 test_ratelimit_fg_on(create_context())
136 test_ratelimit_fg_off(create_context())
137106 test_ratelimit_bg_on(create_context(asyncflag=True))
138 test_ratelimit_bg_off(create_context(asyncflag=True))
139107
140108 sys.exit(0)
+0
-18
testdata/pylib.tdir/pylib.test less more
4141 echo "Not OK (async resolve)"
4242 exit 1
4343 fi
44 if grep "Ratelimit-fg-on: pass" outfile; then
45 :
46 else
47 echo "Not OK (ratelimit-fg-on)"
48 exit 1
49 fi
50 if grep "Ratelimit-fg-off: \[.\?10.20.30.40.\?\]" outfile; then
51 :
52 else
53 echo "Not OK (ratelimit-fg-off)"
54 exit 1
55 fi
5644 if grep "Ratelimit-bg-on: pass" outfile; then
5745 :
5846 else
5947 echo "Not OK (ratelimit-bg-on)"
6048 exit 1
6149 fi
62 if grep "Ratelimit-bg-off: \[.\?10.20.30.40.\?\]" outfile; then
63 :
64 else
65 echo "Not OK (ratelimit-bg-off)"
66 exit 1
67 fi
6850
6951 echo "OK"
7052
+9
-0
testdata/pylib.tdir/pylib.testns less more
1111 www IN A 10.20.30.40
1212 ENTRY_END
1313
14 ENTRY_BEGIN
15 MATCH opcode qtype qname
16 REPLY QR AA NOERROR
17 ADJUST copy_id
18 SECTION QUESTION
19 www2 IN A
20 SECTION ANSWER
21 www2 IN A 10.20.30.40
22 ENTRY_END
+29
-0
testdata/ratelimit.tdir/ratelimit.conf less more
0 server:
1 verbosity: 5
2 # num-threads: 1
3 interface: 127.0.0.1
4 port: @PORT@
5 use-syslog: no
6 directory: .
7 pidfile: "unbound.pid"
8 chroot: ""
9 username: ""
10 do-not-query-localhost: no
11
12 ratelimit: 1
13 ratelimit-factor: 0
14
15 stub-zone:
16 name: "example.com."
17 stub-addr: "127.0.0.1@@TOPORT@"
18 stub-no-cache: yes
19
20 remote-control:
21 control-enable: yes
22 control-interface: 127.0.0.1
23 # control-interface: ::1
24 control-port: @CONTROL_PORT@
25 server-key-file: "unbound_server.key"
26 server-cert-file: "unbound_server.pem"
27 control-key-file: "unbound_control.key"
28 control-cert-file: "unbound_control.pem"
+16
-0
testdata/ratelimit.tdir/ratelimit.dsc less more
0 BaseName: ratelimit
1 Version: 1.0
2 Description: Test ratelimit.
3 CreationDate: Sun Jan 30 00:40:00 CET 2022
4 Maintainer: Yorgos Thessalonikefs
5 Category:
6 Component:
7 CmdDepends:
8 Depends:
9 Help:
10 Pre: ratelimit.pre
11 Post: ratelimit.post
12 Test: ratelimit.test
13 AuxFiles:
14 Passed:
15 Failure:
+14
-0
testdata/ratelimit.tdir/ratelimit.post less more
0 # #-- ratelimit.post --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # source the test var file when it's there
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5 #
6 # do your teardown here
7 . ../common.sh
8 kill_pid $STUB_PID
9 kill_pid $UNBOUND_PID
10 if test -f unbound.log; then
11 echo ">>> unbound log"
12 cat unbound.log
13 fi
+33
-0
testdata/ratelimit.tdir/ratelimit.pre less more
0 # #-- ratelimit.pre--#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 PRE="../.."
7 . ../common.sh
8 get_random_port 2
9 UNBOUND_PORT=$RND_PORT
10 STUB_PORT=$(($RND_PORT + 1))
11 CONTROL_PORT=$(($RND_PORT + 2))
12 echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
13 echo "STUB_PORT=$STUB_PORT" >> .tpkg.var.test
14 echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
15
16 # start ldns-testns
17 get_ldns_testns
18 $LDNS_TESTNS -v -p $STUB_PORT ratelimit.testns >stub.log 2>&1 &
19 STUB_PID=$!
20 echo "STUB_PID=$STUB_PID" >> .tpkg.var.test
21
22 # make config file
23 sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$STUB_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < ratelimit.conf > ub.conf
24 # start unbound in the background
25 $PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
26 UNBOUND_PID=$!
27 echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
28
29 wait_ldns_testns_up stub.log
30 wait_unbound_up unbound.log
31
32 cat .tpkg.var.test
+183
-0
testdata/ratelimit.tdir/ratelimit.test less more
0 # #-- ratelimit.test --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 PRE="../.."
7 . ../common.sh
8
9 get_make
10 (cd $PRE; $MAKE streamtcp)
11
12 # These tests rely on second time precision. To combat false negatives the
13 # tests run multiple times and we allow 1/3 of the runs to fail.
14 total_runs=6
15 success_threshold=4 # 2/3*total_runs
16
17 successes=0
18 echo "> Three parallel queries"
19 # For this test we send three parallel queries and we expect only one of them
20 # to be allowed through each second.
21 for i in $(seq 1 $total_runs); do
22 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
23 if test "$?" -ne 0; then
24 echo "exit status not OK"
25 echo "> cat logfiles"
26 cat outfile
27 cat unbound.log
28 echo "Not OK"
29 exit 1
30 fi
31 cat outfile
32 if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 2; then
33 ((successes++))
34 fi
35 # We don't have to wait for all the runs to complete if we know
36 # we passed the threshold.
37 if test $successes -ge $success_threshold; then
38 break
39 fi
40 sleep 1
41 done
42 if test $successes -ge $success_threshold; then
43 echo "Number of ratelimited queries OK for three parallel queries"
44 else
45 echo "Number of ratelimited queries not OK for three parallel queries"
46 echo "> cat logfiles"
47 cat outfile
48 cat unbound.log
49 echo "Number of ratelimited queries not OK for three parallel queries"
50 exit 1
51 fi
52
53 echo "> Activating ratelimit-factor"
54 echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3"
55 $PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3
56 if test $? -ne 0; then
57 echo "wrong exit value after success"
58 exit 1
59 fi
60
61 slipped_through=0
62 echo "> Three parallel queries with ratelimit-factor"
63 # For this test we send three parallel queries and we expect at least two of
64 # them to be allowed through at a given second; one from the ratelimit itself
65 # and one from the ratelimit-factor.
66 for i in {1..10}; do
67 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
68 if test "$?" -ne 0; then
69 echo "exit status not OK"
70 echo "> cat logfiles"
71 cat outfile
72 cat unbound.log
73 echo "Not OK"
74 exit 1
75 fi
76 cat outfile
77 if test `grep "rcode: SERVFAIL" outfile | wc -l` -lt 2; then
78 slipped_through=1
79 break
80 fi
81 sleep 2
82 done
83 if test $slipped_through -eq 0; then
84 echo "ratelimit-factor did not work"
85 echo "> cat logfiles"
86 cat outfile
87 cat unbound.log
88 echo "ratelimit-factor did not work"
89 exit 1
90 fi
91 echo "ratelimit-factor OK"
92
93 echo "> Disabling ratelimit-factor"
94 echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0"
95 $PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0
96 if test $? -ne 0; then
97 echo "wrong exit value after success"
98 exit 1
99 fi
100 echo "> Activating ratelimit-backoff"
101 echo "$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes"
102 $PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes
103 if test $? -ne 0; then
104 echo "wrong exit value after success"
105 exit 1
106 fi
107
108 successes=0
109 echo "> Three parallel queries with backoff"
110 # For this test we send three parallel queries. The ratelimit should be reached
111 # for that second. Then for the next second we again send three parallel
112 # queries and we expect none of them to be allowed through because of the
113 # backoff logic that keeps rolling the RATE_WINDOW based on demand.
114 for i in $(seq 1 $total_runs); do
115 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
116 if test "$?" -ne 0; then
117 echo "exit status not OK"
118 echo "> cat logfiles"
119 cat outfile
120 cat unbound.log
121 echo "Not OK"
122 exit 1
123 fi
124 sleep 1 # Limit is reached; it should also be active for the next second
125 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
126 if test "$?" -ne 0; then
127 echo "exit status not OK"
128 echo "> cat logfiles"
129 cat outfile
130 cat unbound.log
131 echo "Not OK"
132 exit 1
133 fi
134 cat outfile
135 if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 3; then
136 ((successes++))
137 fi
138 # We don't have to wait for all the runs to complete if we know
139 # we passed the threshold.
140 if test $successes -ge $success_threshold; then
141 break
142 fi
143 done
144
145 if test $successes -ge $success_threshold; then
146 echo "three parallel queries with backoff OK"
147 else
148 echo "Number of ratelimited queries not OK for three parallel queries with backoff"
149 echo "> cat logfiles"
150 cat outfile
151 cat unbound.log
152 echo "Number of ratelimited queries not OK for three parallel queries with backoff"
153 exit 1
154 fi
155
156 echo "> Three parallel queries after backoff RATE_WINDOW"
157 sleep 3 # Make sure the RATE_WINDOW is renewed
158 # For this test we make three parallel queries after the RATE_WINDOW has passed
159 # without any new demand and we expect at least one query to pass through. This
160 # is to check that the backoff logic does not insist on past (outside of
161 # RATE_WINDOW) limits.
162 $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1
163 if test "$?" -ne 0; then
164 echo "exit status not OK"
165 echo "> cat logfiles"
166 cat outfile
167 cat unbound.log
168 echo "Not OK"
169 exit 1
170 fi
171 cat outfile
172 if test `grep "rcode: NOERROR" outfile | wc -l` -gt 0; then
173 echo "Number of ratelimited queries OK for three parallel queries after backoff RATE_WINDOW"
174 else
175 echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW"
176 echo "> cat logfiles"
177 cat outfile
178 cat unbound.log
179 echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW"
180 exit 1
181 fi
182 exit 0
+13
-0
testdata/ratelimit.tdir/ratelimit.testns less more
0 ; nameserver test file
1 $ORIGIN example.com.
2 $TTL 3600
3
4 ENTRY_BEGIN
5 MATCH opcode qtype
6 REPLY QR AA NOERROR
7 ADJUST copy_id copy_query
8 SECTION QUESTION
9 wild IN A
10 SECTION ANSWER
11 wild IN A 10.20.30.40
12 ENTRY_END
+39
-0
testdata/ratelimit.tdir/unbound_control.key less more
0 -----BEGIN RSA PRIVATE KEY-----
1 MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
2 1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
3 F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
4 ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
5 vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
6 IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
7 cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
8 lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
9 15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
10 LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
11 Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
12 YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
13 whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
14 lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
15 tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
16 U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
17 Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
18 Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
19 ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
20 1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
21 b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
22 ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
23 TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
24 tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
25 aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
26 A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
27 LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
28 R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
29 7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
30 7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
31 jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
32 BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
33 kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
34 qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
35 VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
36 MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
37 C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
38 -----END RSA PRIVATE KEY-----
+22
-0
testdata/ratelimit.tdir/unbound_control.pem less more
0 -----BEGIN CERTIFICATE-----
1 MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
2 EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
3 WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
4 A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
5 OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
6 1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
7 NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
8 A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
9 Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
10 TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
11 nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
12 +i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
13 4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
14 hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
15 9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
16 ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
17 pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
18 72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
19 muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
20 uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
21 -----END CERTIFICATE-----
+39
-0
testdata/ratelimit.tdir/unbound_server.key less more
0 -----BEGIN RSA PRIVATE KEY-----
1 MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
2 0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
3 GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
4 uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
5 WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
6 FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
7 q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
8 A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
9 7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
10 XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
11 iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
12 2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
13 MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
14 WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
15 O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
16 IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
17 qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
18 dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
19 bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
20 YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
21 7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
22 gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
23 5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
24 ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
25 oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
26 s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
27 zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
28 ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
29 oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
30 BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
31 mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
32 kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
33 7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
34 RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
35 jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
36 O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
37 MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
38 -----END RSA PRIVATE KEY-----
+22
-0
testdata/ratelimit.tdir/unbound_server.pem less more
0 -----BEGIN CERTIFICATE-----
1 MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
2 EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
3 WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
4 igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
5 a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
6 4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
7 aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
8 TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
9 uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
10 +nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
11 XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
12 dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
13 84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
14 JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
15 fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
16 XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
17 qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
18 sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
19 yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
20 CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
21 -----END CERTIFICATE-----
+2
-2
testdata/root_anchor.tdir/root_anchor.test less more
2626
2727 echo ""
2828 # test that unbound-anchor, the builtin certificate, works
29 # so, force https with -F and the -c is a nonexistant file
29 # so, force https with -F and the -c is a nonexistent file
3030 $PRE/unbound-anchor -a test.cert -c test.pem -v -F
3131 # check that the test.cert file is OK.
3232 if $PRE/unbound-host -f test.cert -t SOA -v . 2>&1 | grep "(secure)"; then
3737 fi
3838
3939 # use curl to see if the PGP certificate has been updated.
40 curl --time-cond "20170203 10:00:00" https://data.iana.org/root-anchors/icannbundle.pem > newcert
40 curl --time-cond "20210908 17:00:00" https://data.iana.org/root-anchors/icannbundle.pem > newcert
4141 if test -n "`cat newcert`"; then
4242 echo "icannbundle.pem has been updated"
4343 cat newcert
+2
-2
testdata/root_key_sentinel.rpl less more
174174 SECTION QUESTION
175175 root-key-sentinel-not-ta-20326. IN A
176176 SECTION AUTHORITY
177 . 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018042300 1800 900 604800 86400
178 . 86400 IN RRSIG SOA 8 0 86400 20180506050000 20180423040000 39570 . LboVfcSRUSuBcZPpkkOO1N6KpGO6DBzOGL6UtSVUssycPzGIZctcIM0s Kb71iBf3rxFjNVlgCuNFb74WpCyRQ2coB2uUQXVA81A+P4Qb62/s3Nr2 pRGxayA1Y0Uq2M4CRkh3bjgn/cEcEFSWTl+xDVjZO8hX98JdQjYmrVui 4zEQhsMM03sqkmjkH88owibWK7HDl6O0n6Imer2hCsVTlFv7PSrBHlXP KntkIMDtbGHZW/BkKnA6P1jfAVfgXr70bRVaDRddLqJp3EX6EuR83osg 8q46170NgCMCKK3ePItJYF16SEADFKdOQs19CMTXAN7M1p4cnGk2yRG/ 68BmCg==
179177 . 86400 IN NSEC aaa. NS SOA RRSIG NSEC DNSKEY
180178 . 86400 IN RRSIG NSEC 8 0 86400 20180506050000 20180423040000 39570 . E1FeP4/GvcPksKXgas9pslduWU6+cqqSoJpgtCeymd6t7MORbnsQJdUo rjqbRtxvOOnv5g4uVZdv0krSc/eqw8HWEiCW0oZWYLcz+h8eI4htt4uv 8LciVgQn3Aspic2b8uWdPTJUPuc94esn5AJZDMK9VOTwZD2UVqbv/k9U 4LG0o56yRQshYTG2hiutFXLYmzFe2YmKct6G7W50O7s5hwxTqqRwv9av 1Q3UZUj/ZARNt9z53pygJsDPDX+L2q4lowtiHJCRPjijm8K3Bwb8uFsG 3YB20K9d3krack9c6gAMJzpgeuFQ/b2HxiZMJPvJ3tHqIhDn0U5qoZdT Xq0WTw==
181179 room. 86400 IN NSEC rs. NS DS RRSIG NSEC
182180 room. 86400 IN RRSIG NSEC 8 1 86400 20180506050000 20180423040000 39570 . Fmhf8s0yVixynVdO6VWLEctcvb7+3UK9gu+9BhUPBS0SNedhMwfyiYaR MzWU9P99gVYUT1G/vXRqbAabtD3Ccnt/ydUBguZq3pV5GL+7czeEbZ5z 8/LlS+wyw2OTe4DOKzBZ7oZAA/r/Tz2bhVA6kNyIKFXAmBXuh7I5Ty7H elbIWh7Lq7QjZwN9LL4M1kSNePH2cmS3Lu/scRf3m3fN/70sgoYzKNB7 +Hbi/YjXBbRIcj7tHA6iMoZLGPXRMJdb6NqJNIaDIDtOA95cFa4oRx2P usBW9lpXG0YY+KDm1J6UjxUP7TIn0yXt+c0vy2cz7zu++ZEkdU29WtBG dUQEaA==
181 . 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018042300 1800 900 604800 86400
182 . 86400 IN RRSIG SOA 8 0 86400 20180506050000 20180423040000 39570 . LboVfcSRUSuBcZPpkkOO1N6KpGO6DBzOGL6UtSVUssycPzGIZctcIM0s Kb71iBf3rxFjNVlgCuNFb74WpCyRQ2coB2uUQXVA81A+P4Qb62/s3Nr2 pRGxayA1Y0Uq2M4CRkh3bjgn/cEcEFSWTl+xDVjZO8hX98JdQjYmrVui 4zEQhsMM03sqkmjkH88owibWK7HDl6O0n6Imer2hCsVTlFv7PSrBHlXP KntkIMDtbGHZW/BkKnA6P1jfAVfgXr70bRVaDRddLqJp3EX6EuR83osg 8q46170NgCMCKK3ePItJYF16SEADFKdOQs19CMTXAN7M1p4cnGk2yRG/ 68BmCg==
183183 ENTRY_END
184184 SCENARIO_END
+264
-0
testdata/rpz_clientip.rpl less more
0 ; config options
1 server:
2 module-config: "respip validator iterator"
3 target-fetch-policy: "0 0 0 0 0"
4 qname-minimisation: no
5 minimal-responses: no
6 access-control: 192.0.0.0/8 allow
7
8 rpz:
9 name: "rpz.example.com."
10 zonefile:
11 TEMPFILE_NAME rpz.example.com
12 TEMPFILE_CONTENTS rpz.example.com
13 $ORIGIN example.com.
14 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
15 1379078166 28800 7200 604800 7200 )
16 3600 IN NS ns1.rpz.example.com.
17 3600 IN NS ns2.rpz.example.com.
18 $ORIGIN rpz.example.com.
19 24.0.0.0.192.rpz-client-ip CNAME .
20 24.0.1.0.192.rpz-client-ip CNAME *.
21 24.0.2.0.192.rpz-client-ip CNAME rpz-drop.
22 24.0.3.0.192.rpz-client-ip CNAME rpz-passthru.
23 24.0.4.0.192.rpz-client-ip CNAME rpz-tcp-only.
24 24.0.5.0.192.rpz-client-ip A 127.0.0.1
25 24.0.5.0.192.rpz-client-ip TXT "42"
26 TEMPFILE_END
27
28 stub-zone:
29 name: "a."
30 stub-addr: 10.20.30.40
31 CONFIG_END
32
33 SCENARIO_BEGIN Test RPZ client ip triggers
34
35 RANGE_BEGIN 0 100
36 ADDRESS 10.20.30.40
37 ENTRY_BEGIN
38 MATCH opcode qtype qname
39 ADJUST copy_id
40 REPLY QR NOERROR
41 SECTION QUESTION
42 a. IN NS
43 SECTION ANSWER
44 a. IN NS ns.a.
45 SECTION ADDITIONAL
46 ns.a IN A 10.20.30.40
47 ENTRY_END
48
49 ENTRY_BEGIN
50 MATCH opcode qtype qname
51 ADJUST copy_id
52 REPLY QR NOERROR
53 SECTION QUESTION
54 a.a. IN TXT
55 SECTION ANSWER
56 a.a. IN TXT "upstream txt rr a.a."
57 ENTRY_END
58
59 ENTRY_BEGIN
60 MATCH opcode qtype qname
61 ADJUST copy_id
62 REPLY QR NOERROR
63 SECTION QUESTION
64 a.a. IN A
65 SECTION ANSWER
66 a.a. IN A 10.20.30.40
67 ENTRY_END
68
69 ENTRY_BEGIN
70 MATCH opcode qtype qname
71 ADJUST copy_id
72 REPLY QR NOERROR
73 SECTION QUESTION
74 a.a. IN AAAA
75 SECTION ANSWER
76 a.a. IN AAAA 2001:db8::123
77 ENTRY_END
78
79 RANGE_END
80
81 ; unrelated client ip address -- passthru
82
83 STEP 10 QUERY
84 ENTRY_BEGIN
85 REPLY RD
86 SECTION QUESTION
87 a.a. IN TXT
88 ENTRY_END
89
90 STEP 11 CHECK_ANSWER
91 ENTRY_BEGIN
92 MATCH all
93 REPLY QR RD RA NOERROR
94 SECTION QUESTION
95 a.a. IN TXT
96 SECTION ANSWER
97 a.a. IN TXT "upstream txt rr a.a."
98 ENTRY_END
99
100 ; should be NXDOMAIN
101
102 STEP 20 QUERY ADDRESS 192.0.0.1
103 ENTRY_BEGIN
104 REPLY RD
105 SECTION QUESTION
106 a.a. IN TXT
107 ENTRY_END
108
109 STEP 21 CHECK_ANSWER
110 ENTRY_BEGIN
111 MATCH all
112 REPLY QR AA RD RA NXDOMAIN
113 SECTION QUESTION
114 a.a. IN TXT
115 SECTION ANSWER
116 ENTRY_END
117
118 ; should be NODATA
119
120 STEP 30 QUERY ADDRESS 192.0.1.1
121 ENTRY_BEGIN
122 REPLY RD
123 SECTION QUESTION
124 a.a. IN TXT
125 ENTRY_END
126
127 STEP 31 CHECK_ANSWER
128 ENTRY_BEGIN
129 MATCH all
130 REPLY QR AA RD RA NOERROR
131 SECTION QUESTION
132 a.a. IN TXT
133 SECTION ANSWER
134 ENTRY_END
135
136 ; should be PASSTHRU
137
138 STEP 40 QUERY ADDRESS 192.0.3.1
139 ENTRY_BEGIN
140 REPLY RD
141 SECTION QUESTION
142 a.a. IN TXT
143 ENTRY_END
144
145 STEP 41 CHECK_ANSWER
146 ENTRY_BEGIN
147 MATCH all
148 REPLY QR RD RA NOERROR
149 SECTION QUESTION
150 a.a. IN TXT
151 SECTION ANSWER
152 a.a. IN TXT "upstream txt rr a.a."
153 ENTRY_END
154
155 ; should be TRUNCATED
156
157 STEP 50 QUERY ADDRESS 192.0.4.1
158 ENTRY_BEGIN
159 REPLY RD
160 SECTION QUESTION
161 a.a. IN TXT
162 ENTRY_END
163
164 STEP 51 CHECK_ANSWER
165 ENTRY_BEGIN
166 MATCH all
167 REPLY QR AA TC RD RA NOERROR
168 SECTION QUESTION
169 a.a. IN TXT
170 SECTION ANSWER
171 ENTRY_END
172
173 ; should not be TRUNCATED via TCP
174
175 STEP 52 QUERY ADDRESS 192.0.4.1
176 ENTRY_BEGIN
177 MATCH TCP
178 REPLY RD
179 SECTION QUESTION
180 a.a. IN TXT
181 ENTRY_END
182
183 STEP 53 CHECK_ANSWER
184 ENTRY_BEGIN
185 MATCH all TCP
186 REPLY QR RD RA NOERROR
187 SECTION QUESTION
188 a.a. IN TXT
189 SECTION ANSWER
190 a.a. IN TXT "upstream txt rr a.a."
191 ENTRY_END
192
193 ; should be synthesized
194
195 STEP 60 QUERY ADDRESS 192.0.5.1
196 ENTRY_BEGIN
197 REPLY RD
198 SECTION QUESTION
199 a.a. IN A
200 ENTRY_END
201
202 STEP 61 CHECK_ANSWER
203 ENTRY_BEGIN
204 MATCH all
205 REPLY QR AA RD RA NOERROR
206 SECTION QUESTION
207 a.a. IN A
208 SECTION ANSWER
209 a.a. IN A 127.0.0.1
210 SECTION ADDITIONAL
211 rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 )
212 ENTRY_END
213
214 ; should be synthesized
215
216 STEP 62 QUERY ADDRESS 192.0.5.1
217 ENTRY_BEGIN
218 REPLY RD
219 SECTION QUESTION
220 a.a. IN TXT
221 ENTRY_END
222
223 STEP 63 CHECK_ANSWER
224 ENTRY_BEGIN
225 MATCH all
226 REPLY QR AA RD RA NOERROR
227 SECTION QUESTION
228 a.a. IN TXT
229 SECTION ANSWER
230 a.a. IN TXT "42"
231 SECTION ADDITIONAL
232 rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 )
233 ENTRY_END
234
235 ; should be synthesized NODATA
236
237 STEP 64 QUERY ADDRESS 192.0.5.1
238 ENTRY_BEGIN
239 REPLY RD
240 SECTION QUESTION
241 a.a. IN AAAA
242 ENTRY_END
243
244 STEP 65 CHECK_ANSWER
245 ENTRY_BEGIN
246 MATCH all
247 REPLY QR AA RD RA NOERROR
248 SECTION QUESTION
249 a.a. IN AAAA
250 SECTION ADDITIONAL
251 rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 )
252 ENTRY_END
253
254 ; should be DROPPED
255
256 STEP 90 QUERY ADDRESS 192.0.2.1
257 ENTRY_BEGIN
258 REPLY RD
259 SECTION QUESTION
260 a.a. IN TXT
261 ENTRY_END
262
263 SCENARIO_END
+390
-0
testdata/rpz_nsdname.rpl less more
0 ; config options
1 server:
2 module-config: "respip validator iterator"
3 target-fetch-policy: "0 0 0 0 0"
4 qname-minimisation: no
5 access-control: 192.0.0.0/8 allow
6
7 rpz:
8 name: "rpz.example.com."
9 rpz-log: yes
10 rpz-log-name: "rpz.example.com"
11 zonefile:
12 TEMPFILE_NAME rpz.example.com
13 TEMPFILE_CONTENTS rpz.example.com
14 $ORIGIN example.com.
15 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
16 1379078166 28800 7200 604800 7200 )
17 3600 IN NS ns1.rpz.example.com.
18 3600 IN NS ns2.rpz.example.com.
19 $ORIGIN rpz.example.com.
20 ns1.gotham.aa.rpz-nsdname CNAME .
21 ns1.gotham.bb.rpz-nsdname CNAME *.
22 ns1.gotham.cc.rpz-nsdname CNAME rpz-drop.
23 ns1.gotham.com.rpz-nsdname CNAME rpz-passthru.
24 ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only.
25 ns1.gotham.ff.rpz-nsdname A 127.0.0.1
26 ns1.gotham.ff.rpz-nsdname TXT "42"
27 TEMPFILE_END
28
29 stub-zone:
30 name: "."
31 stub-addr: 1.1.1.1
32 CONFIG_END
33
34 SCENARIO_BEGIN Test RPZ nsip triggers
35
36 ; . --------------------------------------------------------------------------
37 RANGE_BEGIN 0 100
38 ADDRESS 1.1.1.1
39 ENTRY_BEGIN
40 MATCH opcode qtype qname
41 ADJUST copy_id
42 REPLY QR NOERROR
43 SECTION QUESTION
44 . IN NS
45 SECTION ANSWER
46 . IN NS ns.root.
47 SECTION ADDITIONAL
48 ns.root IN A 1.1.1.1
49 ENTRY_END
50
51 ENTRY_BEGIN
52 MATCH opcode subdomain
53 ADJUST copy_id copy_query
54 REPLY QR NOERROR
55 SECTION QUESTION
56 com. IN A
57 SECTION AUTHORITY
58 com. IN NS ns1.com.
59 SECTION ADDITIONAL
60 ns1.com. IN A 8.8.8.8
61 ENTRY_END
62
63 ENTRY_BEGIN
64 MATCH opcode subdomain
65 ADJUST copy_id copy_query
66 REPLY QR NOERROR
67 SECTION QUESTION
68 aa. IN A
69 SECTION AUTHORITY
70 aa. IN NS ns1.aa.
71 SECTION ADDITIONAL
72 ns1.aa. IN A 8.8.0.8
73 ENTRY_END
74
75 ENTRY_BEGIN
76 MATCH opcode subdomain
77 ADJUST copy_id copy_query
78 REPLY QR NOERROR
79 SECTION QUESTION
80 bb. IN A
81 SECTION AUTHORITY
82 bb. IN NS ns1.bb.
83 SECTION ADDITIONAL
84 ns1.bb. IN A 8.8.1.8
85 ENTRY_END
86
87 ENTRY_BEGIN
88 MATCH opcode subdomain
89 ADJUST copy_id copy_query
90 REPLY QR NOERROR
91 SECTION QUESTION
92 cc. IN A
93 SECTION AUTHORITY
94 cc. IN NS ns1.cc.
95 SECTION ADDITIONAL
96 ns1.cc. IN A 8.8.2.8
97 ENTRY_END
98
99 ENTRY_BEGIN
100 MATCH opcode subdomain
101 ADJUST copy_id copy_query
102 REPLY QR NOERROR
103 SECTION QUESTION
104 dd. IN A
105 SECTION AUTHORITY
106 dd. IN NS ns1.dd.
107 SECTION ADDITIONAL
108 ns1.dd. IN A 8.8.3.8
109 ENTRY_END
110
111 ENTRY_BEGIN
112 MATCH opcode subdomain
113 ADJUST copy_id copy_query
114 REPLY QR NOERROR
115 SECTION QUESTION
116 ee. IN A
117 SECTION AUTHORITY
118 ee. IN NS ns1.ee.
119 SECTION ADDITIONAL
120 ns1.ee. IN A 8.8.5.8
121 ENTRY_END
122
123 ENTRY_BEGIN
124 MATCH opcode subdomain
125 ADJUST copy_id copy_query
126 REPLY QR NOERROR
127 SECTION QUESTION
128 ff. IN A
129 SECTION AUTHORITY
130 ff. IN NS ns1.ff.
131 SECTION ADDITIONAL
132 ns1.ff. IN A 8.8.6.8
133 ENTRY_END
134
135 RANGE_END
136
137 ; com. -----------------------------------------------------------------------
138 RANGE_BEGIN 0 100
139 ADDRESS 8.8.8.8
140
141 ENTRY_BEGIN
142 MATCH opcode qtype qname
143 ADJUST copy_id
144 REPLY QR NOERROR
145 SECTION QUESTION
146 com. IN NS
147 SECTION ANSWER
148 com. IN NS ns1.com.
149 SECTION ADDITIONAL
150 ns1.com. IN A 8.8.8.8
151 ENTRY_END
152
153 ENTRY_BEGIN
154 MATCH opcode subdomain
155 ADJUST copy_id copy_query
156 REPLY QR NOERROR
157 SECTION QUESTION
158 gotham.com. IN A
159 SECTION AUTHORITY
160 gotham.com. IN NS ns1.gotham.com.
161 SECTION ADDITIONAL
162 ns1.gotham.com. IN A 192.0.6.1
163 ENTRY_END
164
165 RANGE_END
166
167 ; aa. ------------------------------------------------------------------------
168 RANGE_BEGIN 0 100
169 ADDRESS 8.8.0.8
170
171 ENTRY_BEGIN
172 MATCH opcode qtype qname
173 ADJUST copy_id
174 REPLY QR NOERROR
175 SECTION QUESTION
176 aa. IN NS
177 SECTION ANSWER
178 aa. IN NS ns1.aa.
179 SECTION ADDITIONAL
180 ns1.aa. IN A 8.8.0.8
181 ENTRY_END
182
183 ENTRY_BEGIN
184 MATCH opcode subdomain
185 ADJUST copy_id copy_query
186 REPLY QR NOERROR
187 SECTION QUESTION
188 gotham.aa. IN A
189 SECTION AUTHORITY
190 gotham.aa. IN NS ns1.gotham.aa.
191 SECTION ADDITIONAL
192 ns1.gotham.aa. IN A 192.0.0.1
193 ENTRY_END
194
195 RANGE_END
196
197 ; bb. ------------------------------------------------------------------------
198 RANGE_BEGIN 0 100
199 ADDRESS 8.8.1.8
200
201 ENTRY_BEGIN
202 MATCH opcode qtype qname
203 ADJUST copy_id
204 REPLY QR NOERROR
205 SECTION QUESTION
206 bb. IN NS
207 SECTION ANSWER
208 bb. IN NS ns1.bb.
209 SECTION ADDITIONAL
210 ns1.bb. IN A 8.8.1.8
211 ENTRY_END
212
213 ENTRY_BEGIN
214 MATCH opcode subdomain
215 ADJUST copy_id copy_query
216 REPLY QR NOERROR
217 SECTION QUESTION
218 gotham.bb. IN A
219 SECTION AUTHORITY
220 gotham.bb. IN NS ns1.gotham.bb.
221 SECTION ADDITIONAL
222 ns1.gotham.bb. IN A 192.0.1.1
223 ENTRY_END
224
225 RANGE_END
226
227 ; ff. ------------------------------------------------------------------------
228 RANGE_BEGIN 0 100
229 ADDRESS 8.8.6.8
230
231 ENTRY_BEGIN
232 MATCH opcode qtype qname
233 ADJUST copy_id
234 REPLY QR NOERROR
235 SECTION QUESTION
236 ff. IN NS
237 SECTION ANSWER
238 ff. IN NS ns1.ff.
239 SECTION ADDITIONAL
240 ns1.ff. IN A 8.8.6.8
241 ENTRY_END
242
243 ENTRY_BEGIN
244 MATCH opcode subdomain
245 ADJUST copy_id copy_query
246 REPLY QR NOERROR
247 SECTION QUESTION
248 gotham.ff. IN A
249 SECTION AUTHORITY
250 gotham.ff. IN NS ns1.gotham.ff.
251 SECTION ADDITIONAL
252 ns1.gotham.ff. IN A 192.0.5.1
253 ENTRY_END
254
255 RANGE_END
256
257 ; ns1.gotham.com. ------------------------------------------------------------
258 RANGE_BEGIN 0 100
259 ADDRESS 192.0.6.1
260
261 ENTRY_BEGIN
262 MATCH opcode qtype qname
263 ADJUST copy_id
264 REPLY QR NOERROR
265 SECTION QUESTION
266 gotham.com. IN A
267 SECTION ANSWER
268 gotham.com. IN A 192.0.6.2
269 ENTRY_END
270
271 RANGE_END
272
273 ; ns1.gotham.aa. -------------------------------------------------------------
274 RANGE_BEGIN 0 100
275 ADDRESS 192.0.0.1
276
277 ENTRY_BEGIN
278 MATCH opcode qtype qname
279 ADJUST copy_id
280 REPLY QR NOERROR
281 SECTION QUESTION
282 gotham.aa. IN A
283 SECTION ANSWER
284 gotham.aa. IN A 192.0.0.2
285 ENTRY_END
286
287 RANGE_END
288
289 ; ns1.gotham.bb. -------------------------------------------------------------
290 RANGE_BEGIN 0 100
291 ADDRESS 192.0.1.1
292
293 ENTRY_BEGIN
294 MATCH opcode qtype qname
295 ADJUST copy_id
296 REPLY QR NOERROR
297 SECTION QUESTION
298 gotham.bb. IN A
299 SECTION ANSWER
300 gotham.bb. IN A 192.0.1.2
301 ENTRY_END
302
303 RANGE_END
304
305 ; ns1.gotham.ff. -------------------------------------------------------------
306 RANGE_BEGIN 0 100
307 ADDRESS 192.0.5.1
308
309 ENTRY_BEGIN
310 MATCH opcode qtype qname
311 ADJUST copy_id
312 REPLY QR NOERROR
313 SECTION QUESTION
314 gotham.ff. IN A
315 SECTION ANSWER
316 gotham.ff. IN A 192.0.5.2
317 ENTRY_END
318
319 RANGE_END
320
321 ; ----------------------------------------------------------------------------
322
323 STEP 1 QUERY
324 ENTRY_BEGIN
325 REPLY RD
326 SECTION QUESTION
327 gotham.com. IN A
328 ENTRY_END
329
330 STEP 2 CHECK_ANSWER
331 ENTRY_BEGIN
332 MATCH all
333 REPLY QR RD RA NOERROR
334 SECTION QUESTION
335 gotham.com. IN A
336 SECTION ANSWER
337 gotham.com. IN A 192.0.6.2
338 ENTRY_END
339
340 STEP 10 QUERY
341 ENTRY_BEGIN
342 REPLY RD
343 SECTION QUESTION
344 gotham.aa. IN A
345 ENTRY_END
346
347 STEP 11 CHECK_ANSWER
348 ENTRY_BEGIN
349 MATCH all
350 REPLY QR AA RD RA NXDOMAIN
351 SECTION QUESTION
352 gotham.aa. IN A
353 SECTION ANSWER
354 ENTRY_END
355
356 STEP 20 QUERY
357 ENTRY_BEGIN
358 REPLY RD
359 SECTION QUESTION
360 gotham.bb. IN A
361 ENTRY_END
362
363 STEP 21 CHECK_ANSWER
364 ENTRY_BEGIN
365 MATCH all
366 REPLY QR RD RA AA NOERROR
367 SECTION QUESTION
368 gotham.bb. IN A
369 SECTION ANSWER
370 ENTRY_END
371
372 STEP 30 QUERY
373 ENTRY_BEGIN
374 REPLY RD
375 SECTION QUESTION
376 gotham.ff. IN A
377 ENTRY_END
378
379 STEP 31 CHECK_ANSWER
380 ENTRY_BEGIN
381 MATCH all
382 REPLY QR RD RA AA NOERROR
383 SECTION QUESTION
384 gotham.ff. IN A
385 SECTION ANSWER
386 gotham.ff. IN A 127.0.0.1
387 ENTRY_END
388
389 SCENARIO_END
+408
-0
testdata/rpz_nsip.rpl less more
0 ; config options
1 server:
2 module-config: "respip validator iterator"
3 target-fetch-policy: "0 0 0 0 0"
4 qname-minimisation: no
5 access-control: 192.0.0.0/8 allow
6
7 rpz:
8 name: "rpz.example.com."
9 rpz-log: yes
10 rpz-log-name: "rpz.example.com"
11 zonefile:
12 TEMPFILE_NAME rpz.example.com
13 TEMPFILE_CONTENTS rpz.example.com
14 $ORIGIN example.com.
15 rpz 3600 IN SOA ns1.rpz.gotham.com. hostmaster.rpz.example.com. (
16 1379078166 28800 7200 604800 7200 )
17 3600 IN NS ns1.rpz.example.com.
18 3600 IN NS ns2.rpz.example.com.
19 $ORIGIN rpz.example.com.
20 24.0.0.0.192.rpz-nsip CNAME .
21 24.0.1.0.192.rpz-nsip CNAME *.
22 24.0.2.0.192.rpz-nsip CNAME rpz-drop.
23 24.0.3.0.192.rpz-nsip CNAME rpz-passthru.
24 24.0.4.0.192.rpz-nsip CNAME rpz-tcp-only.
25 24.0.5.0.192.rpz-nsip A 127.0.0.1
26 24.0.5.0.192.rpz-nsip TXT "42"
27 TEMPFILE_END
28
29 stub-zone:
30 name: "."
31 stub-addr: 1.1.1.1
32 CONFIG_END
33
34 SCENARIO_BEGIN Test RPZ nsip triggers
35
36 ; . --------------------------------------------------------------------------
37 RANGE_BEGIN 0 100
38 ADDRESS 1.1.1.1
39 ENTRY_BEGIN
40 MATCH opcode qtype qname
41 ADJUST copy_id
42 REPLY QR NOERROR
43 SECTION QUESTION
44 . IN NS
45 SECTION ANSWER
46 . IN NS ns.root.
47 SECTION ADDITIONAL
48 ns.root IN A 1.1.1.1
49 ENTRY_END
50
51 ENTRY_BEGIN
52 MATCH opcode subdomain
53 ADJUST copy_id copy_query
54 REPLY QR NOERROR
55 SECTION QUESTION
56 com. IN A
57 SECTION AUTHORITY
58 com. IN NS ns1.com.
59 SECTION ADDITIONAL
60 ns1.com. IN A 8.8.8.8
61 ENTRY_END
62
63 ENTRY_BEGIN
64 MATCH opcode subdomain
65 ADJUST copy_id copy_query
66 REPLY QR NOERROR
67 SECTION QUESTION
68 aa. IN A
69 SECTION AUTHORITY
70 aa. IN NS ns1.aa.
71 SECTION ADDITIONAL
72 ns1.aa. IN A 8.8.0.8
73 ENTRY_END
74
75 ENTRY_BEGIN
76 MATCH opcode subdomain
77 ADJUST copy_id copy_query
78 REPLY QR NOERROR
79 SECTION QUESTION
80 bb. IN A
81 SECTION AUTHORITY
82 bb. IN NS ns1.bb.
83 SECTION ADDITIONAL
84 ns1.bb. IN A 8.8.1.8
85 ENTRY_END
86
87 ENTRY_BEGIN
88 MATCH opcode subdomain
89 ADJUST copy_id copy_query
90 REPLY QR NOERROR
91 SECTION QUESTION
92 cc. IN A
93 SECTION AUTHORITY
94 cc. IN NS ns1.cc.
95 SECTION ADDITIONAL
96 ns1.cc. IN A 8.8.2.8
97 ENTRY_END
98
99 ENTRY_BEGIN
100 MATCH opcode subdomain
101 ADJUST copy_id copy_query
102 REPLY QR NOERROR
103 SECTION QUESTION
104 dd. IN A
105 SECTION AUTHORITY
106 dd. IN NS ns1.dd.
107 SECTION ADDITIONAL
108 ns1.dd. IN A 8.8.3.8
109 ENTRY_END
110
111 ENTRY_BEGIN
112 MATCH opcode subdomain
113 ADJUST copy_id copy_query
114 REPLY QR NOERROR
115 SECTION QUESTION
116 ee. IN A
117 SECTION AUTHORITY
118 ee. IN NS ns1.ee.
119 SECTION ADDITIONAL
120 ns1.ee. IN A 8.8.5.8
121 ENTRY_END
122
123 ENTRY_BEGIN
124 MATCH opcode subdomain
125 ADJUST copy_id copy_query
126 REPLY QR NOERROR
127 SECTION QUESTION
128 ff. IN A
129 SECTION AUTHORITY
130 ff. IN NS ns1.ff.
131 SECTION ADDITIONAL
132 ns1.ff. IN A 8.8.6.8
133 ENTRY_END
134
135 RANGE_END
136
137 ; com. -----------------------------------------------------------------------
138 RANGE_BEGIN 0 100
139 ADDRESS 8.8.8.8
140
141 ENTRY_BEGIN
142 MATCH opcode qtype qname
143 ADJUST copy_id
144 REPLY QR NOERROR
145 SECTION QUESTION
146 com. IN NS
147 SECTION ANSWER
148 com. IN NS ns1.com.
149 SECTION ADDITIONAL
150 ns1.com. IN A 8.8.8.8
151 ENTRY_END
152
153 ENTRY_BEGIN
154 MATCH opcode subdomain
155 ADJUST copy_id copy_query
156 REPLY QR NOERROR
157 SECTION QUESTION
158 gotham.com. IN A
159 SECTION AUTHORITY
160 gotham.com. IN NS ns1.gotham.com.
161 SECTION ADDITIONAL
162 ns1.gotham.com. IN A 192.0.6.1
163 ENTRY_END
164
165 RANGE_END
166
167 ; aa. ------------------------------------------------------------------------
168 RANGE_BEGIN 0 100
169 ADDRESS 8.8.0.8
170
171 ENTRY_BEGIN
172 MATCH opcode qtype qname
173 ADJUST copy_id
174 REPLY QR NOERROR
175 SECTION QUESTION
176 aa. IN NS
177 SECTION ANSWER
178 aa. IN NS ns1.aa.
179 SECTION ADDITIONAL
180 ns1.aa. IN A 8.8.0.8
181 ENTRY_END
182
183 ENTRY_BEGIN
184 MATCH opcode subdomain
185 ADJUST copy_id copy_query
186 REPLY QR NOERROR
187 SECTION QUESTION
188 gotham.aa. IN A
189 SECTION AUTHORITY
190 gotham.aa. IN NS ns1.gotham.aa.
191 SECTION ADDITIONAL
192 ns1.gotham.aa. IN A 192.0.0.1
193 ENTRY_END
194
195 RANGE_END
196
197 ; bb. ------------------------------------------------------------------------
198 RANGE_BEGIN 0 100
199 ADDRESS 8.8.1.8
200
201 ENTRY_BEGIN
202 MATCH opcode qtype qname
203 ADJUST copy_id
204 REPLY QR NOERROR
205 SECTION QUESTION
206 bb. IN NS
207 SECTION ANSWER
208 bb. IN NS ns1.bb.
209 SECTION ADDITIONAL
210 ns1.bb. IN A 8.8.1.8
211 ENTRY_END
212
213 ENTRY_BEGIN
214 MATCH opcode subdomain
215 ADJUST copy_id copy_query
216 REPLY QR NOERROR
217 SECTION QUESTION
218 gotham.bb. IN A
219 SECTION AUTHORITY
220 gotham.bb. IN NS ns1.gotham.bb.
221 SECTION ADDITIONAL
222 ns1.gotham.bb. IN A 192.0.1.1
223 ENTRY_END
224
225 RANGE_END
226
227 ; ff. ------------------------------------------------------------------------
228 RANGE_BEGIN 0 100
229 ADDRESS 8.8.6.8
230
231 ENTRY_BEGIN
232 MATCH opcode qtype qname
233 ADJUST copy_id
234 REPLY QR NOERROR
235 SECTION QUESTION
236 ff. IN NS
237 SECTION ANSWER
238 ff. IN NS ns1.ff.
239 SECTION ADDITIONAL
240 ns1.ff. IN A 8.8.6.8
241 ENTRY_END
242
243 ENTRY_BEGIN
244 MATCH opcode subdomain
245 ADJUST copy_id copy_query
246 REPLY QR NOERROR
247 SECTION QUESTION
248 gotham.ff. IN A
249 SECTION AUTHORITY
250 gotham.ff. IN NS ns1.gotham.ff.
251 SECTION ADDITIONAL
252 ns1.gotham.ff. IN A 192.0.5.1
253 ENTRY_END
254
255 RANGE_END
256
257 ; ns1.gotham.com. ------------------------------------------------------------
258 RANGE_BEGIN 0 100
259 ADDRESS 192.0.6.1
260
261 ENTRY_BEGIN
262 MATCH opcode qtype qname
263 ADJUST copy_id
264 REPLY QR NOERROR
265 SECTION QUESTION
266 gotham.com. IN A
267 SECTION ANSWER
268 gotham.com. IN A 192.0.6.2
269 ENTRY_END
270
271 RANGE_END
272
273 ; ns1.gotham.aa. -------------------------------------------------------------
274 RANGE_BEGIN 0 100
275 ADDRESS 192.0.0.1
276
277 ENTRY_BEGIN
278 MATCH opcode qtype qname
279 ADJUST copy_id
280 REPLY QR NOERROR
281 SECTION QUESTION
282 gotham.aa. IN A
283 SECTION ANSWER
284 gotham.aa. IN A 192.0.0.2
285 ENTRY_END
286
287 RANGE_END
288
289 ; ns1.gotham.bb. -------------------------------------------------------------
290 RANGE_BEGIN 0 100
291 ADDRESS 192.0.1.1
292
293 ENTRY_BEGIN
294 MATCH opcode qtype qname
295 ADJUST copy_id
296 REPLY QR NOERROR
297 SECTION QUESTION
298 gotham.bb. IN A
299 SECTION ANSWER
300 gotham.bb. IN A 192.0.1.2
301 ENTRY_END
302
303 RANGE_END
304
305 ; ns1.gotham.ff. -------------------------------------------------------------
306 RANGE_BEGIN 0 100
307 ADDRESS 192.0.5.1
308
309 ENTRY_BEGIN
310 MATCH opcode qtype qname
311 ADJUST copy_id
312 REPLY QR NOERROR
313 SECTION QUESTION
314 gotham.ff. IN A
315 SECTION ANSWER
316 gotham.ff. IN A 192.0.5.2
317 ENTRY_END
318
319 RANGE_END
320
321 ; ----------------------------------------------------------------------------
322
323 STEP 1 QUERY
324 ENTRY_BEGIN
325 REPLY RD
326 SECTION QUESTION
327 gotham.com. IN A
328 ENTRY_END
329
330 STEP 2 CHECK_ANSWER
331 ENTRY_BEGIN
332 MATCH all
333 REPLY QR RD RA NOERROR
334 SECTION QUESTION
335 gotham.com. IN A
336 SECTION ANSWER
337 gotham.com. IN A 192.0.6.2
338 ENTRY_END
339
340 STEP 10 QUERY
341 ENTRY_BEGIN
342 REPLY RD
343 SECTION QUESTION
344 gotham.aa. IN A
345 ENTRY_END
346
347 STEP 11 CHECK_ANSWER
348 ENTRY_BEGIN
349 MATCH all
350 REPLY QR AA RD RA NXDOMAIN
351 SECTION QUESTION
352 gotham.aa. IN A
353 SECTION ANSWER
354 ENTRY_END
355
356 STEP 20 QUERY
357 ENTRY_BEGIN
358 REPLY RD
359 SECTION QUESTION
360 gotham.bb. IN A
361 ENTRY_END
362
363 STEP 21 CHECK_ANSWER
364 ENTRY_BEGIN
365 MATCH all
366 REPLY QR RD RA AA NOERROR
367 SECTION QUESTION
368 gotham.bb. IN A
369 SECTION ANSWER
370 ENTRY_END
371
372 STEP 30 QUERY
373 ENTRY_BEGIN
374 REPLY RD
375 SECTION QUESTION
376 gotham.ff. IN A
377 ENTRY_END
378
379 STEP 31 CHECK_ANSWER
380 ENTRY_BEGIN
381 MATCH all
382 REPLY QR RD RA AA NOERROR
383 SECTION QUESTION
384 gotham.ff. IN A
385 SECTION ANSWER
386 gotham.ff. IN A 127.0.0.1
387 ENTRY_END
388
389 ; again with more cache items
390 STEP 40 QUERY
391 ENTRY_BEGIN
392 REPLY RD
393 SECTION QUESTION
394 gotham.ff. IN A
395 ENTRY_END
396
397 STEP 41 CHECK_ANSWER
398 ENTRY_BEGIN
399 MATCH all
400 REPLY QR RD RA AA NOERROR
401 SECTION QUESTION
402 gotham.ff. IN A
403 SECTION ANSWER
404 gotham.ff. IN A 127.0.0.1
405 ENTRY_END
406
407 SCENARIO_END
+103
-7
testdata/rpz_qname.rpl less more
3737 e CNAME *.a.example.
3838 *.e CNAME *.b.example.
3939 drop CNAME rpz-drop.
40 tcp CNAME rpz-tcp-only.
4041 TEMPFILE_END
4142
4243 stub-zone:
4546 stub-zone:
4647 name: "example."
4748 stub-addr: 10.20.30.50
49 stub-zone:
50 name: "tcp."
51 stub-addr: 10.20.30.60
4852 CONFIG_END
4953
5054 SCENARIO_BEGIN Test all support RPZ action for QNAME trigger
5155
5256 ; a.
53 RANGE_BEGIN 0 100
57 RANGE_BEGIN 0 1000
5458 ADDRESS 10.20.30.40
5559 ENTRY_BEGIN
5660 MATCH opcode qtype qname
8791 RANGE_END
8892
8993 ; example.
90 RANGE_BEGIN 0 100
94 RANGE_BEGIN 0 1000
9195 ADDRESS 10.20.30.50
9296 ENTRY_BEGIN
9397 MATCH opcode qtype qname
121125 something.e.b.example. IN TXT "*.b.example. answer from upstream ns"
122126 ENTRY_END
123127
128 ENTRY_BEGIN
129 MATCH opcode qtype qname
130 ADJUST copy_id
131 REPLY QR NOERROR
132 SECTION QUESTION
133 f.example. IN TXT
134 SECTION ANSWER
135 f.example. IN CNAME d.
136 ENTRY_END
137
138 RANGE_END
139
140 ; tcp.
141 RANGE_BEGIN 0 1000
142 ADDRESS 10.20.30.60
143 ENTRY_BEGIN
144 MATCH opcode qtype qname
145 ADJUST copy_id
146 REPLY QR NOERROR
147 SECTION QUESTION
148 tcp. IN NS
149 SECTION ANSWER
150 tcp. IN NS ns.example.
151 SECTION ADDITIONAL
152 ns.tcp IN A 10.20.30.60
153 ENTRY_END
154
155 ENTRY_BEGIN
156 MATCH opcode qtype qname
157 ADJUST copy_id
158 REPLY QR AA NOERROR
159 SECTION QUESTION
160 tcp. IN TXT
161 SECTION ANSWER
162 tcp. IN TXT "tcp. answer from upstream ns"
163 ENTRY_END
124164 RANGE_END
125165
126166 STEP 10 QUERY
294334 ENTRY_END
295335
296336 ; deny zone
297 STEP 90 QUERY
298 ENTRY_BEGIN
299 SECTION QUESTION
300 drop. IN TXT
301 ENTRY_END
337 ;STEP 90 QUERY
338 ;ENTRY_BEGIN
339 ;SECTION QUESTION
340 ;drop. IN TXT
341 ;ENTRY_END
342
343 ; tcp-only action
344
345 STEP 95 QUERY
346 ENTRY_BEGIN
347 REPLY RD
348 SECTION QUESTION
349 tcp. IN TXT
350 ENTRY_END
351
352 STEP 96 CHECK_ANSWER
353 ENTRY_BEGIN
354 MATCH all
355 REPLY QR RD RA AA TC NOERROR
356 SECTION QUESTION
357 tcp. IN TXT
358 SECTION ANSWER
359 ENTRY_END
360
361 STEP 97 QUERY
362 ENTRY_BEGIN
363 MATCH TCP
364 REPLY RD
365 SECTION QUESTION
366 tcp. IN TXT
367 ENTRY_END
368
369 STEP 98 CHECK_ANSWER
370 ENTRY_BEGIN
371 MATCH all TCP
372 REPLY QR RD RA NOERROR
373 SECTION QUESTION
374 tcp. IN TXT
375 SECTION ANSWER
376 tcp. IN TXT "tcp. answer from upstream ns"
377 ENTRY_END
378
379 ; check if the name after the CNAME has the qname trigger applied to it.
380 STEP 100 QUERY
381 ENTRY_BEGIN
382 REPLY RD
383 SECTION QUESTION
384 f.example. IN TXT
385 ENTRY_END
386
387 STEP 101 CHECK_ANSWER
388 ENTRY_BEGIN
389 MATCH all
390 REPLY QR RD RA AA NOERROR
391 SECTION QUESTION
392 f.example. IN TXT
393 SECTION ANSWER
394 f.example. IN CNAME d.
395 d. IN TXT "local data 2nd zone"
396 ENTRY_END
397
302398 ; no answer is checked at exit of testbound.
303399 SCENARIO_END
+117
-0
testdata/rpz_qname_tcponly.rpl less more
0 ; config options
1 server:
2 module-config: "respip validator iterator"
3 target-fetch-policy: "0 0 0 0 0"
4 qname-minimisation: no
5
6 rpz:
7 name: "rpz.example.com."
8 zonefile:
9 TEMPFILE_NAME rpz.example.com
10 TEMPFILE_CONTENTS rpz.example.com
11 $ORIGIN example.com.
12 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
13 1379078166 28800 7200 604800 7200 )
14 3600 IN NS ns1.rpz.example.com.
15 3600 IN NS ns2.rpz.example.com.
16 $ORIGIN rpz.example.com.
17 a.a CNAME rpz-passthru.
18 b.a CNAME rpz-tcp-only.
19 TEMPFILE_END
20
21 stub-zone:
22 name: "a."
23 stub-addr: 10.20.30.40
24 CONFIG_END
25
26 SCENARIO_BEGIN Test RPZ qname trigger and tcp-only action
27
28 RANGE_BEGIN 0 100
29 ADDRESS 10.20.30.40
30 ENTRY_BEGIN
31 MATCH opcode qtype qname
32 ADJUST copy_id
33 REPLY QR NOERROR
34 SECTION QUESTION
35 a. IN NS
36 SECTION ANSWER
37 a. IN NS ns.a.
38 SECTION ADDITIONAL
39 ns.a IN A 10.20.30.40
40 ENTRY_END
41
42 ENTRY_BEGIN
43 MATCH opcode qtype qname
44 ADJUST copy_id
45 REPLY QR NOERROR
46 SECTION QUESTION
47 a.a. IN TXT
48 SECTION ANSWER
49 a.a. IN TXT "upstream txt rr a.a."
50 ENTRY_END
51
52 ENTRY_BEGIN
53 MATCH opcode qtype qname
54 ADJUST copy_id
55 REPLY QR NOERROR
56 SECTION QUESTION
57 b.a. IN TXT
58 SECTION ANSWER
59 b.a. IN TXT "upstream txt rr b.a."
60 ENTRY_END
61
62 RANGE_END
63
64 STEP 10 QUERY
65 ENTRY_BEGIN
66 REPLY RD
67 SECTION QUESTION
68 a.a. IN TXT
69 ENTRY_END
70
71 STEP 11 CHECK_ANSWER
72 ENTRY_BEGIN
73 MATCH all
74 REPLY QR RD RA NOERROR
75 SECTION QUESTION
76 a.a. IN TXT
77 SECTION ANSWER
78 a.a. IN TXT "upstream txt rr a.a."
79 ENTRY_END
80
81 STEP 20 QUERY
82 ENTRY_BEGIN
83 MATCH UDP
84 REPLY RD
85 SECTION QUESTION
86 b.a. IN TXT
87 ENTRY_END
88
89 STEP 21 CHECK_ANSWER
90 ENTRY_BEGIN
91 MATCH all UDP
92 REPLY QR AA TC RD RA NOERROR
93 SECTION QUESTION
94 b.a. IN TXT
95 SECTION ANSWER
96 ENTRY_END
97
98 STEP 30 QUERY
99 ENTRY_BEGIN
100 MATCH TCP
101 REPLY RD
102 SECTION QUESTION
103 b.a. IN TXT
104 ENTRY_END
105
106 STEP 31 CHECK_ANSWER
107 ENTRY_BEGIN
108 MATCH all TCP
109 REPLY QR RD RA NOERROR
110 SECTION QUESTION
111 b.a. IN TXT
112 SECTION ANSWER
113 b.a. IN TXT "upstream txt rr b.a."
114 ENTRY_END
115
116 SCENARIO_END
+28
-0
testdata/rpz_respip.rpl less more
1919 16.0.0.10.10.rpz-ip CNAME .
2020 24.0.10.10.10.rpz-ip CNAME rpz-drop.
2121 32.10.10.10.10.rpz-ip CNAME rpz-passthru.
22 32.1.1.1.10.rpz-ip CNAME rpz-tcp-only.
2223 32.zz.db8.2001.rpz-ip CNAME *.
2324 48.zz.aa.db8.2001.rpz-ip CNAME .
2425 64.zz.bb.aa.db8.2001.rpz-ip CNAME rpz-drop.
216217 h. IN AAAA 2001:db8:aa:bb:cc::124
217218 ENTRY_END
218219
220 ENTRY_BEGIN
221 MATCH opcode qtype qname
222 ADJUST copy_id
223 REPLY QR NOERROR
224 SECTION QUESTION
225 y. IN A
226 SECTION ANSWER
227 y. IN A 10.1.1.1
228 ENTRY_END
229
219230 RANGE_END
220231
221232 STEP 1 QUERY
445456 e. IN AAAA
446457 ENTRY_END
447458 STEP 29 TIME_PASSES ELAPSE 12
459
460 STEP 30 QUERY
461 ENTRY_BEGIN
462 REPLY RD
463 SECTION QUESTION
464 y. IN A
465 ENTRY_END
466
467 STEP 31 CHECK_ANSWER
468 ENTRY_BEGIN
469 MATCH all
470 REPLY QR TC RD RA NOERROR
471 SECTION QUESTION
472 y. IN A
473 SECTION ANSWER
474 ENTRY_END
475
448476 SCENARIO_END
+207
-0
testdata/rpz_respip_tcponly.rpl less more
0 ; config options
1 server:
2 module-config: "respip validator iterator"
3 target-fetch-policy: "0 0 0 0 0"
4 qname-minimisation: no
5
6 rpz:
7 name: "rpz.example.com."
8 zonefile:
9 TEMPFILE_NAME rpz.example.com
10 TEMPFILE_CONTENTS rpz.example.com
11 $ORIGIN example.com.
12 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
13 1379078166 28800 7200 604800 7200 )
14 3600 IN NS ns1.rpz.example.com.
15 3600 IN NS ns2.rpz.example.com.
16 $ORIGIN rpz.example.com.
17 8.0.0.0.10.rpz-ip CNAME *.
18 16.0.0.10.10.rpz-ip CNAME .
19 24.0.10.10.10.rpz-ip CNAME rpz-drop.
20 32.10.10.10.10.rpz-ip CNAME rpz-passthru.
21 32.1.1.1.10.rpz-ip CNAME rpz-tcp-only.
22 TEMPFILE_END
23
24 stub-zone:
25 name: "."
26 stub-addr: 10.20.30.40
27 CONFIG_END
28
29 SCENARIO_BEGIN Test RPZ response IP address trigger and tcp-only action
30
31 RANGE_BEGIN 0 100
32 ADDRESS 10.20.30.40
33 ENTRY_BEGIN
34 MATCH opcode qtype qname
35 ADJUST copy_id
36 REPLY QR NOERROR
37 SECTION QUESTION
38 . IN NS
39 SECTION ANSWER
40 . IN NS ns.
41 SECTION ADDITIONAL
42 ns. IN A 10.20.30.40
43 ENTRY_END
44
45 ENTRY_BEGIN
46 MATCH opcode qtype qname
47 ADJUST copy_id
48 REPLY QR NOERROR
49 SECTION QUESTION
50 a. IN A
51 SECTION ANSWER
52 a. IN A 10.0.0.123
53 ENTRY_END
54
55 ENTRY_BEGIN
56 MATCH opcode qtype qname
57 ADJUST copy_id
58 REPLY QR NOERROR
59 SECTION QUESTION
60 b. IN A
61 SECTION ANSWER
62 b. IN A 10.1.0.123
63 ENTRY_END
64
65 ENTRY_BEGIN
66 MATCH opcode qtype qname
67 ADJUST copy_id
68 REPLY QR NOERROR
69 SECTION QUESTION
70 c. IN A
71 SECTION ANSWER
72 c. IN A 10.11.0.123
73 ENTRY_END
74
75 ENTRY_BEGIN
76 MATCH opcode qtype qname
77 ADJUST copy_id
78 REPLY QR NOERROR
79 SECTION QUESTION
80 d. IN A
81 SECTION ANSWER
82 d. IN A 10.10.0.123
83 ENTRY_END
84
85 ENTRY_BEGIN
86 MATCH opcode qtype qname
87 ADJUST copy_id
88 REPLY QR NOERROR
89 SECTION QUESTION
90 f. IN A
91 SECTION ANSWER
92 f. IN A 10.10.10.10
93 ENTRY_END
94
95 ENTRY_BEGIN
96 MATCH opcode qtype qname
97 ADJUST copy_id
98 REPLY QR NOERROR
99 SECTION QUESTION
100 y. IN A
101 SECTION ANSWER
102 y. IN A 10.1.1.1
103 ENTRY_END
104
105 RANGE_END
106
107 STEP 1 QUERY
108 ENTRY_BEGIN
109 REPLY RD
110 SECTION QUESTION
111 a. IN A
112 ENTRY_END
113
114 STEP 2 CHECK_ANSWER
115 ENTRY_BEGIN
116 MATCH all
117 REPLY QR RD RA NOERROR
118 SECTION QUESTION
119 a. IN A
120 SECTION ANSWER
121 ENTRY_END
122
123 STEP 10 QUERY
124 ENTRY_BEGIN
125 REPLY RD
126 SECTION QUESTION
127 b. IN A
128 ENTRY_END
129
130 STEP 11 CHECK_ANSWER
131 ENTRY_BEGIN
132 MATCH all
133 REPLY QR RD RA NOERROR
134 SECTION QUESTION
135 b. IN A
136 SECTION ANSWER
137 ENTRY_END
138
139 STEP 13 QUERY
140 ENTRY_BEGIN
141 REPLY RD
142 SECTION QUESTION
143 d. IN A
144 ENTRY_END
145
146 STEP 14 CHECK_ANSWER
147 ENTRY_BEGIN
148 MATCH all
149 REPLY QR RD RA NXDOMAIN
150 SECTION QUESTION
151 d. IN A
152 SECTION ANSWER
153 ENTRY_END
154
155 STEP 17 QUERY
156 ENTRY_BEGIN
157 REPLY RD
158 SECTION QUESTION
159 f. IN A
160 ENTRY_END
161
162 STEP 18 CHECK_ANSWER
163 ENTRY_BEGIN
164 MATCH all
165 REPLY QR RD RA NOERROR
166 SECTION QUESTION
167 f. IN A
168 SECTION ANSWER
169 f. IN A 10.10.10.10
170 ENTRY_END
171
172 STEP 30 QUERY
173 ENTRY_BEGIN
174 REPLY RD
175 SECTION QUESTION
176 y. IN A
177 ENTRY_END
178
179 STEP 31 CHECK_ANSWER
180 ENTRY_BEGIN
181 MATCH all
182 REPLY QR TC RD RA NOERROR
183 SECTION QUESTION
184 y. IN A
185 SECTION ANSWER
186 ENTRY_END
187
188 STEP 40 QUERY
189 ENTRY_BEGIN
190 MATCH TCP
191 REPLY RD
192 SECTION QUESTION
193 y. IN A
194 ENTRY_END
195
196 STEP 41 CHECK_ANSWER
197 ENTRY_BEGIN
198 MATCH all TCP
199 REPLY QR RD RA NOERROR
200 SECTION QUESTION
201 y. IN A
202 SECTION ANSWER
203 y. IN A 10.1.1.1
204 ENTRY_END
205
206 SCENARIO_END
+162
-0
testdata/rpz_rootwc.rpl less more
0 ; config options
1 server:
2 module-config: "respip validator iterator"
3 target-fetch-policy: "0 0 0 0 0"
4 qname-minimisation: no
5
6 rpz:
7 name: "rpz.example.com."
8 zonefile:
9 TEMPFILE_NAME rpz.example.com
10 TEMPFILE_CONTENTS rpz.example.com
11 $ORIGIN example.com.
12 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
13 1379078166 28800 7200 604800 7200 )
14 3600 IN NS ns1.rpz.example.com.
15 3600 IN NS ns2.rpz.example.com.
16 $ORIGIN rpz.example.com.
17 a CNAME .
18 a CNAME *. ; duplicate CNAME here on purpose
19 *.a TXT "wildcard local data"
20 * CNAME .
21 b.a CNAME *.
22 c.a CNAME rpz-passthru.
23 TEMPFILE_END
24
25 rpz:
26 name: "rpz2.example.com."
27 zonefile:
28 TEMPFILE_NAME rpz2.example.com
29 TEMPFILE_CONTENTS rpz2.example.com
30 $ORIGIN example.com.
31 rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
32 1379078166 28800 7200 604800 7200 )
33 3600 IN NS ns1.rpz.example.com.
34 3600 IN NS ns2.rpz.example.com.
35 $ORIGIN rpz2.example.com.
36 a TXT "local data 2nd zone"
37 d TXT "local data 2nd zone"
38 e CNAME *.a.example.
39 *.e CNAME *.b.example.
40 drop CNAME rpz-drop.
41 TEMPFILE_END
42
43 stub-zone:
44 name: "a."
45 stub-addr: 10.20.30.40
46 stub-zone:
47 name: "example."
48 stub-addr: 10.20.30.50
49 CONFIG_END
50
51 SCENARIO_BEGIN Test RPZ QNAME trigger for root wildcard.
52
53 ; a.
54 RANGE_BEGIN 0 100
55 ADDRESS 10.20.30.40
56 ENTRY_BEGIN
57 MATCH opcode qtype qname
58 ADJUST copy_id
59 REPLY QR NOERROR
60 SECTION QUESTION
61 a. IN NS
62 SECTION ANSWER
63 a. IN NS ns.a.
64 SECTION ADDITIONAL
65 ns.a IN A 10.20.30.40
66 ENTRY_END
67
68 ENTRY_BEGIN
69 MATCH opcode qtype qname
70 ADJUST copy_id
71 REPLY QR NOERROR
72 SECTION QUESTION
73 c.a. IN TXT
74 SECTION ANSWER
75 c.a. IN TXT "answer from upstream ns"
76 ENTRY_END
77
78 ENTRY_BEGIN
79 MATCH opcode qtype qname
80 ADJUST copy_id
81 REPLY QR NOERROR
82 SECTION QUESTION
83 x.b.a. IN TXT
84 SECTION ANSWER
85 x.b.a. IN TXT "answer from upstream ns"
86 ENTRY_END
87
88 RANGE_END
89
90 ; example.
91 RANGE_BEGIN 0 100
92 ADDRESS 10.20.30.50
93 ENTRY_BEGIN
94 MATCH opcode qtype qname
95 ADJUST copy_id
96 REPLY QR NOERROR
97 SECTION QUESTION
98 example. IN NS
99 SECTION ANSWER
100 example. IN NS ns.example.
101 SECTION ADDITIONAL
102 ns.example IN A 10.20.30.50
103 ENTRY_END
104
105 ENTRY_BEGIN
106 MATCH opcode qtype qname
107 ADJUST copy_id
108 REPLY QR NOERROR
109 SECTION QUESTION
110 e.a.example. IN TXT
111 SECTION ANSWER
112 e.a.example. IN TXT "e.a.example. answer from upstream ns"
113 ENTRY_END
114
115 ENTRY_BEGIN
116 MATCH opcode qtype qname
117 ADJUST copy_id
118 REPLY QR NOERROR
119 SECTION QUESTION
120 something.e.b.example. IN TXT
121 SECTION ANSWER
122 something.e.b.example. IN TXT "*.b.example. answer from upstream ns"
123 ENTRY_END
124
125 RANGE_END
126
127 STEP 10 QUERY
128 ENTRY_BEGIN
129 REPLY RD
130 SECTION QUESTION
131 x. IN TXT
132 ENTRY_END
133
134 ; wildcard deny all
135 STEP 20 CHECK_ANSWER
136 ENTRY_BEGIN
137 MATCH all
138 REPLY QR RD RA AA NXDOMAIN
139 SECTION QUESTION
140 x. IN TXT
141 SECTION ANSWER
142 ENTRY_END
143
144 STEP 30 QUERY
145 ENTRY_BEGIN
146 REPLY RD
147 SECTION QUESTION
148 y.tld. IN TXT
149 ENTRY_END
150
151 ; wildcard deny all
152 STEP 40 CHECK_ANSWER
153 ENTRY_BEGIN
154 MATCH all
155 REPLY QR RD RA AA NXDOMAIN
156 SECTION QUESTION
157 y.tld. IN TXT
158 SECTION ANSWER
159 ENTRY_END
160
161 SCENARIO_END
+254
-0
testdata/rpz_signal_nxdomain_ra.rpl less more
0 ; config options
1 server:
2 module-config: "respip validator iterator"
3 target-fetch-policy: "0 0 0 0 0"
4 qname-minimisation: no
5 access-control: 192.0.0.0/8 allow
6
7 rpz:
8 name: "rpz.example.com."
9 rpz-signal-nxdomain-ra: yes
10 zonefile:
11 TEMPFILE_NAME rpz.example.com
12 TEMPFILE_CONTENTS rpz.example.com
13 $ORIGIN example.com.
14 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
15 1379078166 28800 7200 604800 7200 )
16 3600 IN NS ns1.rpz.example.com.
17 3600 IN NS ns2.rpz.example.com.
18 $ORIGIN rpz.example.com.
19 a.a CNAME .
20 b.a CNAME .
21 ns1.a.rpz-nsdname CNAME .
22 24.0.0.0.192.rpz-nsip CNAME .
23 24.0.3.0.192.rpz-client-ip CNAME .
24 TEMPFILE_END
25
26 stub-zone:
27 name: "a."
28 stub-addr: 10.20.30.40
29 CONFIG_END
30
31 SCENARIO_BEGIN Test RPZ qname trigger and signal NXDOMAIN with unset RA.
32
33 RANGE_BEGIN 0 100
34 ADDRESS 10.20.30.40
35 ENTRY_BEGIN
36 MATCH opcode qtype qname
37 ADJUST copy_id
38 REPLY QR NOERROR
39 SECTION QUESTION
40 a. IN NS
41 SECTION ANSWER
42 a. IN NS ns.a.
43 SECTION ADDITIONAL
44 ns.a IN A 10.20.30.40
45 ENTRY_END
46
47 ENTRY_BEGIN
48 MATCH opcode qtype qname
49 ADJUST copy_id
50 REPLY QR NOERROR
51 SECTION QUESTION
52 a.a. IN TXT
53 SECTION ANSWER
54 a.a. IN TXT "upstream txt rr a.a."
55 ENTRY_END
56
57 ENTRY_BEGIN
58 MATCH opcode qtype qname
59 ADJUST copy_id
60 REPLY QR NOERROR
61 SECTION QUESTION
62 b.a. IN TXT
63 SECTION ANSWER
64 b.a. IN TXT "upstream txt rr b.a."
65 ENTRY_END
66
67 ENTRY_BEGIN
68 MATCH opcode qtype qname
69 ADJUST copy_id
70 REPLY QR NOERROR
71 SECTION QUESTION
72 c.a. IN TXT
73 SECTION ANSWER
74 c.a. IN CNAME b.a
75 ENTRY_END
76
77 ENTRY_BEGIN
78 MATCH opcode subdomain
79 ADJUST copy_id copy_query
80 REPLY QR NOERROR
81 SECTION QUESTION
82 d.a. IN NS
83 SECTION ANSWER
84 SECTION AUTHORITY
85 d.a. IN NS ns1.a.
86 SECTION ADDITIONAL
87 ns1.a. IN A 10.20.30.50
88 ENTRY_END
89
90 ENTRY_BEGIN
91 MATCH opcode subdomain
92 ADJUST copy_id copy_query
93 REPLY QR NOERROR
94 SECTION QUESTION
95 e.a. IN NS
96 SECTION ANSWER
97 SECTION AUTHORITY
98 e.a. IN NS ns2.a.
99 SECTION ADDITIONAL
100 ns2.a. IN A 192.0.0.5
101 ENTRY_END
102
103 ENTRY_BEGIN
104 MATCH opcode qtype qname
105 ADJUST copy_id
106 REPLY QR NOERROR
107 SECTION QUESTION
108 f.a. IN TXT
109 SECTION ANSWER
110 f.a. IN TXT "upstream txt rr f.a."
111 ENTRY_END
112
113 RANGE_END
114
115 RANGE_BEGIN 0 100
116 ADDRESS 10.20.30.50
117 ENTRY_BEGIN
118 MATCH opcode qtype qname
119 ADJUST copy_id
120 REPLY QR NOERROR
121 SECTION QUESTION
122 d.a. IN NS
123 SECTION ANSWER
124 d.a. IN NS ns1.a.
125 SECTION ADDITIONAL
126 ns1.a. IN A 10.20.30.50
127 ENTRY_END
128
129 ENTRY_BEGIN
130 MATCH opcode qtype qname
131 ADJUST copy_id
132 REPLY QR NOERROR
133 SECTION QUESTION
134 d.d.a. IN TXT
135 SECTION ANSWER
136 d.d.a. IN TXT "upstream answer for d.d.a"
137 ENTRY_END
138
139 RANGE_END
140
141 RANGE_BEGIN 0 100
142 ADDRESS 192.0.0.5
143 ENTRY_BEGIN
144 MATCH opcode qtype qname
145 ADJUST copy_id
146 REPLY QR NOERROR
147 SECTION QUESTION
148 e.a. IN NS
149 SECTION ANSWER
150 e.a. IN NS ns2.a.
151 SECTION ADDITIONAL
152 ns2.a. IN A 192.0.0.5
153 ENTRY_END
154
155 ENTRY_BEGIN
156 MATCH opcode qtype qname
157 ADJUST copy_id
158 REPLY QR NOERROR
159 SECTION QUESTION
160 e.e.a. IN TXT
161 SECTION ANSWER
162 e.e.a. IN TXT "upstream answer for e.e.a"
163 ENTRY_END
164
165 RANGE_END
166
167 ; qname trigger
168 STEP 10 QUERY
169 ENTRY_BEGIN
170 REPLY RD
171 SECTION QUESTION
172 a.a. IN TXT
173 ENTRY_END
174
175 STEP 11 CHECK_ANSWER
176 ENTRY_BEGIN
177 MATCH all
178 REPLY QR RD AA NXDOMAIN
179 SECTION QUESTION
180 a.a. IN TXT
181 SECTION ANSWER
182 ENTRY_END
183
184 ; qname trigger after cname
185 STEP 20 QUERY
186 ENTRY_BEGIN
187 REPLY RD
188 SECTION QUESTION
189 c.a. IN TXT
190 ENTRY_END
191
192 STEP 21 CHECK_ANSWER
193 ENTRY_BEGIN
194 MATCH all
195 REPLY QR RD AA NXDOMAIN
196 SECTION QUESTION
197 c.a. IN TXT
198 SECTION ANSWER
199 c.a. IN CNAME b.a
200 ENTRY_END
201
202 ; nsdname trigger
203 STEP 30 QUERY
204 ENTRY_BEGIN
205 REPLY RD
206 SECTION QUESTION
207 d.d.a. IN TXT
208 ENTRY_END
209
210 STEP 31 CHECK_ANSWER
211 ENTRY_BEGIN
212 MATCH all
213 REPLY QR RD AA NXDOMAIN
214 SECTION QUESTION
215 d.d.a. IN TXT
216 SECTION ANSWER
217 ENTRY_END
218
219 ; nsip trigger
220 STEP 40 QUERY
221 ENTRY_BEGIN
222 REPLY RD
223 SECTION QUESTION
224 e.e.a. IN TXT
225 ENTRY_END
226
227 STEP 41 CHECK_ANSWER
228 ENTRY_BEGIN
229 MATCH all
230 REPLY QR RD AA NXDOMAIN
231 SECTION QUESTION
232 e.e.a. IN TXT
233 SECTION ANSWER
234 ENTRY_END
235
236 ; clientip trigger
237 STEP 50 QUERY ADDRESS 192.0.3.1
238 ENTRY_BEGIN
239 REPLY RD
240 SECTION QUESTION
241 f.a. IN TXT
242 ENTRY_END
243
244 STEP 51 CHECK_ANSWER
245 ENTRY_BEGIN
246 MATCH all
247 REPLY QR AA RD NXDOMAIN
248 SECTION QUESTION
249 f.a. IN TXT
250 SECTION ANSWER
251 ENTRY_END
252
253 SCENARIO_END
+4
-0
testdata/stream_ssl.tdir/stream_ssl.clie.conf less more
1515 forward-zone:
1616 name: "."
1717 forward-addr: "127.0.0.1@@SERVPORT@#unbound"
18
19 forward-zone:
20 name: "test.host."
21 forward-host: "unbound.server@@SERVPORT@#unbound"
+2
-0
testdata/stream_ssl.tdir/stream_ssl.serv.conf less more
99 username: ""
1010 do-not-query-localhost: yes
1111 local-data: "www.example.com. IN A 10.20.30.40"
12 local-data: "unbound.server. IN A 127.0.0.1"
13 local-data: "test.host. IN A 1.2.3.4"
1214 ssl-port: @SERVPORT@
1315 ssl-service-key: "unbound_server.key"
1416 ssl-service-pem: "unbound_server.pem"
+34
-0
testdata/stream_ssl.tdir/stream_ssl.test less more
7272 exit 1
7373 fi
7474
75 rm -f outfile
76
77 # test client unbound (no SSL towards it, but it does SSL to the SSL service)
78 # test that forward-host notation also works.
79 echo "> dig test.host. A IN"
80 dig @127.0.0.1 -p $CLIE_PORT test.host. >outfile 2>&1
81 if test "$?" -ne 0; then
82 echo "exit status not OK"
83 echo "> cat logfiles"
84 cat outfile
85 echo "SSLSERVICE"
86 cat unboundserv.log
87 echo "SSLCLIENT"
88 cat unboundclie.log
89 echo "Not OK"
90 exit 1
91 else
92 echo "exit status OK"
93 fi
94 echo "> cat logfiles"
95 cat outfile
96 echo "SSLSERVICE"
97 cat unboundserv.log
98 echo "SSLCLIENT"
99 cat unboundclie.log
100 echo "> check answer"
101 if grep "1.2.3.4" outfile; then
102 echo "OK"
103 else
104 echo "Not OK"
105 exit 1
106 fi
107
108 rm -f outfile
75109 exit 0
+19
-0
testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.conf less more
0 server:
1 verbosity: 2
2 # num-threads: 1
3 interface: 127.0.0.1
4 port: @PORT@
5 use-syslog: no
6 directory: ""
7 pidfile: "unbound.pid"
8 chroot: ""
9 username: ""
10 do-not-query-localhost: no
11 stub-zone:
12 name: "tcp.example.com"
13 stub-addr: "127.0.0.1@@TOPORT@"
14 stub-tcp-upstream: "yes"
15 stub-zone:
16 name: "udp.example.com"
17 stub-addr: "127.0.0.1@@TOPORT@"
18 stub-tcp-upstream: "no"
+16
-0
testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.dsc less more
0 BaseName: stub_udp_with_tcp_upstream
1 Version: 1.0
2 Description: Stub server contacted via UDP with tcp upstream.
3 CreationDate: Thu Aug 5 07:44:41 CEST 2021
4 Maintainer: ziollek
5 Category:
6 Component:
7 CmdDepends:
8 Depends:
9 Help:
10 Pre: stub_udp_with_tcp_upstream.pre
11 Post: stub_udp_with_tcp_upstream.post
12 Test: stub_udp_with_tcp_upstream.test
13 AuxFiles:
14 Passed:
15 Failure:
+10
-0
testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.post less more
0 # #-- stub_udp_with_tcp_upstream.post --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # source the test var file when it's there
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5 #
6 # do your teardown here
7 . ../common.sh
8 kill_pid $FWD_PID
9 kill_pid $UNBOUND_PID
+35
-0
testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.pre less more
0 # #-- stub_udp_with_tcp_upstream.pre--#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5 . ../common.sh
6
7 get_random_port 2
8 UNBOUND_PORT=$RND_PORT
9 FWD_PORT=$(($RND_PORT + 1))
10 echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
11 echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
12
13 # start forwarder
14 get_ldns_testns
15 $LDNS_TESTNS -p $FWD_PORT stub_udp_with_tcp_upstream.testns >fwd.log 2>&1 &
16 FWD_PID=$!
17 echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
18
19 # make config file
20 sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < stub_udp_with_tcp_upstream.conf > ub.conf
21 # start unbound in the background
22 PRE="../.."
23 $PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
24 UNBOUND_PID=$!
25 echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
26
27 cat .tpkg.var.test
28
29 # wait for forwarder to come up
30 wait_ldns_testns_up fwd.log
31
32 # wait for unbound to come up
33 wait_unbound_up unbound.log
34
+37
-0
testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.test less more
0 # #-- stub_udp_with_tcp_upstream.test --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 PRE="../.."
7 # do the test
8 echo "> dig tcp.example.com."
9 dig @127.0.0.1 -p $UNBOUND_PORT tcp.example.com. | tee outfile
10 echo "> cat logfiles"
11 cat fwd.log
12 cat unbound.log
13 echo "> check answer"
14 if grep "10.20.30.40" outfile; then
15 echo "OK"
16 else
17 echo "Not OK"
18 exit 1
19 fi
20
21
22 # check if second stub is requested via udp
23 echo "> dig udp.example.com."
24 dig @127.0.0.1 -p $UNBOUND_PORT udp.example.com. | tee outfile
25 echo "> cat logfiles"
26 cat fwd.log
27 cat unbound.log
28 echo "> check answer"
29 if grep "10.20.30.80" outfile; then
30 echo "OK"
31 else
32 echo "Not OK"
33 exit 1
34 fi
35
36 exit 0
+48
-0
testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.testns less more
0 ; nameserver test file
1 $ORIGIN example.com.
2 $TTL 3600
3
4 ENTRY_BEGIN
5 MATCH opcode qtype qname
6 MATCH TCP
7 REPLY QR AA NOERROR
8 ADJUST copy_id
9 SECTION QUESTION
10 tcp IN A
11 SECTION ANSWER
12 tcp IN A 10.20.30.40
13 SECTION AUTHORITY
14 @ IN NS ns.example.com.
15 SECTION ADDITIONAL
16 ns IN A 127.0.0.1
17 ENTRY_END
18
19 ENTRY_BEGIN
20 MATCH opcode qtype qname
21 MATCH UDP
22 REPLY QR AA NOERROR
23 ADJUST copy_id
24 SECTION QUESTION
25 udp IN A
26 SECTION ANSWER
27 udp IN A 10.20.30.80
28 SECTION AUTHORITY
29 @ IN NS ns.example.com.
30 SECTION ADDITIONAL
31 ns IN A 127.0.0.1
32 ENTRY_END
33
34 ; root prime
35 ENTRY_BEGIN
36 MATCH opcode qtype qname
37 REPLY QR AA NOERROR
38 ADJUST copy_id
39 SECTION QUESTION
40 . IN NS
41 SECTION ANSWER
42 . IN NS root.server.
43 SECTION AUTHORITY
44 SECTION ADDITIONAL
45 root.server. IN A 127.0.0.1
46 ENTRY_END
47
+9
-0
testdata/svcb.tdir/crypto.cloudflare.com.zone less more
0 crypto.cloudflare.com. 3600 IN SOA jobs.ns.cloudflare.com. dns.cloudflare.com. (
1 2037099480 ; serial
2 10000 ; refresh (2 hours 46 minutes 40 seconds)
3 2400 ; retry (40 minutes)
4 604800 ; expire (1 week)
5 3600 ; minimum (1 hour)
6 )
7 crypto.cloudflare.com. 300 IN HTTPS 1 . alpn=h2 ipv4hint=162.159.135.79,162.159.136.79 echconfig=AEj+CgBETwAgACDeVpr34JzYHDGNFoGWhksj5mpBxradonbqH3X9+h7jHgAEAAEAAQAAABNjbG91ZGZsYXJlLWVzbmkuY29tAAA= ipv6hint=2606:4700:7::a29f:874f,2606:4700:7::a29f:884f
8
+16
-0
testdata/svcb.tdir/svcb.dsc less more
0 BaseName: svcb
1 Version: 1.0
2 Description: Test SVCB and HTTPS parsing
3 CreationDate: Fri May 25 12:51:22 UTC 2021
4 Maintainer: Tom Carpay
5 Category:
6 Component:
7 CmdDepends:
8 Depends:
9 Help:
10 Pre:
11 Post:
12 Test: svcb.test
13 AuxFiles:
14 Passed:
15 Failure:
+9
-0
testdata/svcb.tdir/svcb.failure-cases-01 less more
0 $ORIGIN failure-cases.
1 $TTL 3600
2
3 @ SOA primary admin 0 0 0 0 0
4
5 ; Here there are multiple instances of the same SvcParamKey in the mandatory list
6
7 f21 HTTPS 1 foo.example.com. ech="123"
8 f21 HTTPS 1 foo.example.com. echconfig="123"
+8
-0
testdata/svcb.tdir/svcb.failure-cases-02 less more
0 $ORIGIN failure-cases.
1 $TTL 3600
2
3 @ SOA primary admin 0 0 0 0 0
4
5 ; Port must be a positive number < 65536
6
7 f22 HTTPS 1 foo.example.com. port=65536
+8
-0
testdata/svcb.tdir/svcb.failure-cases-03 less more
0 $ORIGIN failure-cases.
1 $TTL 3600
2
3 @ SOA primary admin 0 0 0 0 0
4
5 ; 65 SvcParams is too many SvcParams; the limit is 64
6
7 f23 HTTPS 1 foo.example.com. ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a key165=a )
+8
-0
testdata/svcb.tdir/svcb.failure-cases-04 less more
0 $ORIGIN failure-cases.
1 $TTL 3600
2
3 @ SOA primary admin 0 0 0 0 0
4
5 ; 256 is too many characters for an alpn; maximum is 255
6
7 f23 HTTPS 1 foo.example.com. ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" )
+47
-0
testdata/svcb.tdir/svcb.success-cases.zone less more
0 $ORIGIN success-cases.
1 $TTL 3600
2
3 @ SOA primary admin 0 0 0 0 0
4
5
6 ; A particular key does not need to have a value
7
8 s01 SVCB 0 . key123
9
10
11 ; echconfig does not need to have a value
12
13 s02 SVCB 0 . echconfig
14
15
16 ; When "no-default-alpn" is specified in an RR, "alpn" must also be specified
17 ; in order for the RR to be "self-consistent"
18
19 s03 HTTPS 0 . alpn="h2,h3" no-default-alpn
20
21
22 ; SHOULD is not MUST (so allowed)
23 ; Zone-file implementations SHOULD enforce self-consistency
24
25 s04 HTTPS 0 . no-default-alpn
26
27
28 ; SHOULD is not MUST (so allowed)
29 ; (port and no-default-alpn are automatically mandatory keys with HTTPS)
30 ; Other automatically mandatory keys SHOULD NOT appear in the list either.
31
32 s05 HTTPS 0 . alpn="dot" no-default-alpn port=853 mandatory=port
33
34 ; Any valid base64 is okay for ech
35 s06 HTTPS 0 . ech="aGVsbG93b3JsZCE="
36
37 ; echconfig is an alias for ech
38 s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE="
39
40 ; maximum size allowed in a svcb rdata set (63 SvcParams)
41
42 s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a)
43
44 ; maximum alpn size allowed (255 characters)
45
46 s09 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" )
+10
-0
testdata/svcb.tdir/svcb.success-cases.zone.cmp less more
0 success-cases. 3600 IN SOA primary.success-cases. admin.success-cases. 0 0 0 0 0
1 s01.success-cases. 3600 IN SVCB 0 . key123
2 s02.success-cases. 3600 IN SVCB 0 . ech
3 s03.success-cases. 3600 IN HTTPS 0 . alpn="h2,h3" no-default-alpn
4 s04.success-cases. 3600 IN HTTPS 0 . no-default-alpn
5 s05.success-cases. 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853
6 s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE="
7 s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE="
8 s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a"
9 s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+97
-0
testdata/svcb.tdir/svcb.test less more
0 # #-- svcb.test --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6
7 # check and write the test vectors in their respective formats
8 PRE=../..
9 if ! $PRE/readzone svcb.test-vectors-pf.zone > svcb.test-vectors-pf.zone.out
10 then
11 echo "Could not parse presentation format zone"
12 exit 1
13
14 elif ! $PRE/readzone svcb.test-vectors-pf.zone.out > svcb.test-vectors-pf.zone.out.out
15 then
16 echo "Could not parse output from presentation format zone"
17 exit 1
18
19 elif ! $PRE/readzone svcb.test-vectors-wf.zone > svcb.test-vectors-wf.zone.out
20 then
21 echo "Could not parse RFC3597 formatted zone"
22 exit 1
23
24 elif ! $PRE/readzone svcb.test-vectors-wf.zone.out > svcb.test-vectors-wf.zone.out.out
25 then
26 echo "Could not parse output from RFC3597 formatted zone"
27 exit 1
28 else
29 echo "All test zones parsed successfully"
30 fi
31
32
33 # check the formatting of the written files
34 if ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-pf.zone.out.out
35 then
36 echo "Parsing inconsistency 1"
37 exit 1
38
39 elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out
40 then
41 echo "Parsing inconsistency 2"
42 exit 1
43
44 elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out.out
45 then
46 echo "Parsing inconsistency 3"
47 exit 1
48 else
49 echo "Parsing of SVCB and HTTPS was consistent"
50 fi
51
52
53 # check all the failure cases
54 if $PRE/readzone svcb.failure-cases-01
55 then
56 echo "Failure case 01: ech value is not base64 encoded"
57 echo "Incorrectly succeeded"
58 exit 1
59
60 elif $PRE/readzone svcb.failure-cases-02
61 then
62 echo "Failure case 02: port value needs to be a positive integer < 65536"
63 echo "Incorrectly succeeded"
64 exit 1
65
66 elif $PRE/readzone svcb.failure-cases-03
67 then
68 echo "Failure case 02: 65 SvcParams is too many SvcParams; the limit is 64"
69 echo "Incorrectly succeeded"
70 exit 1
71
72 elif $PRE/readzone svcb.failure-cases-04
73 then
74 echo "Failure case 04: 256 is too many characters for an alpn; maximum is 255"
75 echo "Incorrectly succeeded"
76 exit 1
77 else
78 echo "All failure cases test successfully"
79 fi
80
81
82 # check all the success and write them
83 if ! $PRE/readzone svcb.success-cases.zone > svcb.success-cases.zone.out
84 then
85 echo "Some particular success cases did not succeed to parse"
86 exit 1
87
88 elif ! diff svcb.success-cases.zone.out svcb.success-cases.zone.cmp
89 then
90 echo "Some success cases could not be printed"
91 exit 1
92 else
93 echo "All particular success cases parsed and printed successfully"
94 fi
95
96
+92
-0
testdata/svcb.tdir/svcb.test-vectors-pf.zone less more
0 $ORIGIN test-vectors.
1 $TTL 3600
2
3 @ SOA primary admin 1 3600 1800 7200 3600
4
5 NS primary
6 primary A 127.0.0.1
7 ; D.1. AliasForm
8
9 v01 SVCB 0 foo.example.com.
10
11 ; D.2. ServiceForm
12 ; The first form is the simple "use the ownername".
13
14 v02 SVCB 1 .
15
16 ; This vector only has a port.
17
18 v03 SVCB 16 foo.example.com. port=53
19
20 ; This example has a key that is not registered, its value is unquoted.
21
22 v04 SVCB 1 foo.example.com. key667=hello
23
24 ; This example has a key that is not registered, its value is quoted and
25 ; contains a decimal-escaped character.
26
27 v05 SVCB 1 foo.example.com. key667="hello\210qoo"
28
29 ; Here, two IPv6 hints are quoted in the presentation format.
30
31 v06 SVCB 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1"
32
33 ; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format.
34
35 v07 SVCB 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100"
36
37 ; In the next vector, neither the SvcParamValues nor the mandatory keys are
38 ; sorted in presentation format, but are correctly sorted in the wire-format.
39
40 v08 SVCB 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn
41 ipv4hint=192.0.2.1)
42
43 ; This last (two) vectors has an alpn value with an escaped comma and an
44 ; escaped backslash in two presentation formats.
45
46 v09 SVCB 16 foo.example.org. alpn="f\\\\oo\\,bar,h2"
47 v10 SVCB 16 foo.example.org. alpn=f\\\092oo\092,bar,h2
48
49
50 ; D.1. AliasForm
51
52 v11 HTTPS 0 foo.example.com.
53
54 ; D.2. ServiceForm
55 ; The first form is the simple "use the ownername".
56
57 v12 HTTPS 1 .
58
59 ; This vector only has a port.
60
61 v13 HTTPS 16 foo.example.com. port=53
62
63 ; This example has a key that is not registered, its value is unquoted.
64
65 v14 HTTPS 1 foo.example.com. key667=hello
66
67 ; This example has a key that is not registered, its value is quoted and
68 ; contains a decimal-escaped character.
69
70 v15 HTTPS 1 foo.example.com. key667="hello\210qoo"
71
72 ; Here, two IPv6 hints are quoted in the presentation format.
73
74 v16 HTTPS 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1"
75
76 ; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format.
77
78 v17 HTTPS 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100"
79
80 ; In the next vector, neither the SvcParamValues nor the mandatory keys are
81 ; sorted in presentation format, but are correctly sorted in the wire-format.
82
83 v18 HTTPS 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn
84 ipv4hint=192.0.2.1)
85
86 ; This last (two) vectors has an alpn value with an escaped comma and an
87 ; escaped backslash in two presentation formats.
88
89 v19 HTTPS 16 foo.example.org. alpn="f\\\\oo\\,bar,h2"
90 v20 HTTPS 16 foo.example.org. alpn=f\\\092oo\092,bar,h2
91
+232
-0
testdata/svcb.tdir/svcb.test-vectors-wf.zone less more
0 $ORIGIN test-vectors.
1 $TTL 3600
2
3 @ SOA primary admin 1 3600 1800 7200 3600
4
5 NS primary
6 primary A 127.0.0.1
7
8 ; D.1. AliasForm
9
10 v01 SVCB \# 19 (
11 00 00 ; priority
12 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
13 )
14
15 ; D.2. ServiceForm
16 ; The first form is the simple "use the ownername".
17
18 v02 SVCB \# 3 (
19 00 01 ; priority
20 00 ; target (root label)
21 )
22
23 ; This vector only has a port.
24
25 v03 SVCB \# 25 (
26 00 10 ; priority
27 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
28 00 03 ; key 3
29 00 02 ; length 2
30 00 35 ; value
31 )
32
33 ; This example has a key that is not registered, its value is unquoted.
34
35 v04 SVCB \# 28 (
36 00 01 ; priority
37 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
38 02 9b ; key 667
39 00 05 ; length 5
40 68 65 6c 6c 6f ; value
41 )
42
43 ; This example has a key that is not registered, its value is quoted and
44 ; contains a decimal-escaped character.
45
46 v05 SVCB \# 32 (
47 00 01 ; priority
48 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
49 02 9b ; key 667
50 00 09 ; length 9
51 68 65 6c 6c 6f d2 71 6f 6f ; value
52 )
53
54 ; Here, two IPv6 hints are quoted in the presentation format.
55
56 v06 SVCB \# 55 (
57 00 01 ; priority
58 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
59 00 06 ; key 6
60 00 20 ; length 32
61 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address
62 20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address
63 )
64
65 ; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format.
66
67 v07 SVCB \# 35 (
68 00 01 ; priority
69 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
70 00 06 ; key 6
71 00 10 ; length 16
72 20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address
73 )
74
75 ; In the next vector, neither the SvcParamValues nor the mandatory keys are
76 ; sorted in presentation format, but are correctly sorted in the wire-format.
77
78 v08 SVCB \# 48 (
79 00 10 ; priority
80 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
81 00 00 ; key 0
82 00 04 ; param length 4
83 00 01 ; value: key 1
84 00 04 ; value: key 4
85 00 01 ; key 1
86 00 09 ; param length 9
87 02 ; alpn length 2
88 68 32 ; alpn value
89 05 ; alpn length 5
90 68 33 2d 31 39 ; alpn value
91 00 04 ; key 4
92 00 04 ; param length 4
93 c0 00 02 01 ; param value
94 )
95
96 ; This last (two) vectors has an alpn value with an escaped comma and an
97 ; escaped backslash in two presentation formats.
98
99 v09 SVCB \# 35 (
100 00 10 ; priority
101 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
102 00 01 ; key 1
103 00 0c ; param length 12
104 08 ; alpn length 8
105 66 5c 6f 6f 2c 62 61 72 ; alpn value
106 02 ; alpn length 2
107 68 32 ; alpn value
108 )
109 v10 SVCB \# 35 (
110 00 10 ; priority
111 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
112 00 01 ; key 1
113 00 0c ; param length 12
114 08 ; alpn length 8
115 66 5c 6f 6f 2c 62 61 72 ; alpn value
116 02 ; alpn length 2
117 68 32 ; alpn value
118 )
119
120 ; D.1. AliasForm
121
122 v11 HTTPS \# 19 (
123 00 00 ; priority
124 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
125 )
126
127 ; D.2. ServiceForm
128 ; The first form is the simple "use the ownername".
129
130 v12 HTTPS \# 3 (
131 00 01 ; priority
132 00 ; target (root label)
133 )
134
135 ; This vector only has a port.
136
137 v13 HTTPS \# 25 (
138 00 10 ; priority
139 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
140 00 03 ; key 3
141 00 02 ; length 2
142 00 35 ; value
143 )
144
145 ; This example has a key that is not registered, its value is unquoted.
146
147 v14 HTTPS \# 28 (
148 00 01 ; priority
149 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
150 02 9b ; key 667
151 00 05 ; length 5
152 68 65 6c 6c 6f ; value
153 )
154
155 ; This example has a key that is not registered, its value is quoted and
156 ; contains a decimal-escaped character.
157
158 v15 HTTPS \# 32 (
159 00 01 ; priority
160 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
161 02 9b ; key 667
162 00 09 ; length 9
163 68 65 6c 6c 6f d2 71 6f 6f ; value
164 )
165
166 ; Here, two IPv6 hints are quoted in the presentation format.
167
168 v16 HTTPS \# 55 (
169 00 01 ; priority
170 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
171 00 06 ; key 6
172 00 20 ; length 32
173 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address
174 20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address
175 )
176
177 ; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format.
178
179 v17 HTTPS \# 35 (
180 00 01 ; priority
181 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
182 00 06 ; key 6
183 00 10 ; length 16
184 20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address
185 )
186
187 ; In the next vector, neither the SvcParamValues nor the mandatory keys are
188 ; sorted in presentation format, but are correctly sorted in the wire-format.
189
190 v18 HTTPS \# 48 (
191 00 10 ; priority
192 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
193 00 00 ; key 0
194 00 04 ; param length 4
195 00 01 ; value: key 1
196 00 04 ; value: key 4
197 00 01 ; key 1
198 00 09 ; param length 9
199 02 ; alpn length 2
200 68 32 ; alpn value
201 05 ; alpn length 5
202 68 33 2d 31 39 ; alpn value
203 00 04 ; key 4
204 00 04 ; param length 4
205 c0 00 02 01 ; param value
206 )
207
208 ; This last (two) vectors has an alpn value with an escaped comma and an
209 ; escaped backslash in two presentation formats.
210
211 v19 HTTPS \# 35 (
212 00 10 ; priority
213 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
214 00 01 ; key 1
215 00 0c ; param length 12
216 08 ; alpn length 8
217 66 5c 6f 6f 2c 62 61 72 ; alpn value
218 02 ; alpn length 2
219 68 32 ; alpn value
220 )
221 v20 HTTPS \# 35 (
222 00 10 ; priority
223 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
224 00 01 ; key 1
225 00 0c ; param length 12
226 08 ; alpn length 8
227 66 5c 6f 6f 2c 62 61 72 ; alpn value
228 02 ; alpn length 2
229 68 32 ; alpn value
230 )
231
+23
-0
testdata/test_ldnsrr.5 less more
150150 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 0 0
151151 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0
152152 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0
153
154 ; Test for ZONEMD
155 example.org. 86400 IN ZONEMD 5 1 2 c1b8eddf4ef128db88125ede9008d6ff0b33a047b8a8a4d77b00271f7d8e7ae5ccd6c86d8398f64f0de0615bf3121ffba6946a3cd5f32acbc4e8d0649b4a78e6
156 ; from draft-ietf-dnsop-dns-zone-digest-12#section-2.4
157 example.com. 86400 IN ZONEMD 2018031500 1 1 ( FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE 7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE )
158 ; from draft-ietf-dnsop-dns-zone-digest-12#section-A.1
159 example. 86400 IN ZONEMD 2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c )
160 ; from draft-ietf-dnsop-dns-zone-digest-12#section-A.2
161 example. 86400 IN ZONEMD 2018031900 1 1 ( 31cefb03814f5062 ad12fa951ba0ef5f 8da6ae354a415767 246f7dc932ceb1e7 42a2108f529db6a3 3a11c01493de358d )
162 non-apex.example. 900 IN ZONEMD 2018031900 1 1 ( 616c6c6f77656420 6275742069676e6f 7265642e20616c6c 6f77656420627574 2069676e6f726564 2e20616c6c6f7765 )
163 ; from draft-ietf-dnsop-dns-zone-digest-12#section-A.3
164 example. 86400 IN ZONEMD 2018031900 1 1 ( 62e6cf51b02e54b9 b5f967d547ce4313 6792901f9f88e637 493daaf401c92c27 9dd10f0edb1c56f8 080211f8480ee306 )
165 example. 86400 IN ZONEMD 2018031900 1 2 ( 08cfa1115c7b948c 4163a901270395ea 226a930cd2cbcf2f a9a5e6eb85f37c8a 4e114d884e66f176 eab121cb02db7d65 2e0cc4827e7a3204 f166b47e5613fd27 )
166 example. 86400 IN ZONEMD 2018031900 1 240 ( e2d523f654b9422a 96c5a8f44607bbee )
167 example. 86400 IN ZONEMD 2018031900 241 1 ( e1846540e33a9e41 89792d18d5d131f6 05fc283e )
168 ; from draft-ietf-dnsop-dns-zone-digest-12#section-A.4
169 uri.arpa. 3600 IN ZONEMD 2018100702 1 1 ( 1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fa dc556439889a10eaf6f11d615900a4f996bd46279514e473 )
170 ; from draft-ietf-dnsop-dns-zone-digest-12#section-A.5
171 root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 ( f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 )
172 ; from ldns issue #121, 0.10m was parsed as 0.01m.
173 foo. 12345 IN LOC 12 45 52.333 N 105 40 33.452 W -24m 0.1m 0.1m 0.1m
174 ; from ldns issue #147, fix #148, tab between quoted strings.
175 foo 12345 IN HINFO "hohum" "weirdo"
+26
-0
testdata/test_ldnsrr.c5 less more
187187 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0
188188 06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0F6012C0010EB0BE51BCDAC1151F2AAC4ED04BBD14365BC00000000
189189 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0
190 076578616D706C65036F726700003F0001000151800046000000050102C1B8EDDF4EF128DB88125EDE9008D6FF0B33A047B8A8A4D77B00271F7D8E7AE5CCD6C86D8398F64F0DE0615BF3121FFBA6946A3CD5F32ACBC4E8D0649B4A78E6
191 example.org. 86400 IN ZONEMD 5 1 2 C1B8EDDF4EF128DB88125EDE9008D6FF0B33A047B8A8A4D77B00271F7D8E7AE5CCD6C86D8398F64F0DE0615BF3121FFBA6946A3CD5F32ACBC4E8D0649B4A78E6
192 076578616D706C6503636F6D00003F00010001518000367848B78C0101FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE
193 example.com. 86400 IN ZONEMD 2018031500 1 1 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE
194 076578616D706C6500003F00010001518000367848B91C0101C68090D90A7AED716BC459F9340E3D7C1370D4D24B7E2FC3A1DDC0B9A87153B9A9713B3C9AE5CC27777F98B8E730044C
195 example. 86400 IN ZONEMD 2018031900 1 1 C68090D90A7AED716BC459F9340E3D7C1370D4D24B7E2FC3A1DDC0B9A87153B9A9713B3C9AE5CC27777F98B8E730044C
196 076578616D706C6500003F00010001518000367848B91C010131CEFB03814F5062AD12FA951BA0EF5F8DA6AE354A415767246F7DC932CEB1E742A2108F529DB6A33A11C01493DE358D
197 example. 86400 IN ZONEMD 2018031900 1 1 31CEFB03814F5062AD12FA951BA0EF5F8DA6AE354A415767246F7DC932CEB1E742A2108F529DB6A33A11C01493DE358D
198 086E6F6E2D61706578076578616D706C6500003F00010000038400367848B91C0101616C6C6F776564206275742069676E6F7265642E20616C6C6F776564206275742069676E6F7265642E20616C6C6F7765
199 non-apex.example. 900 IN ZONEMD 2018031900 1 1 616C6C6F776564206275742069676E6F7265642E20616C6C6F776564206275742069676E6F7265642E20616C6C6F7765
200 076578616D706C6500003F00010001518000367848B91C010162E6CF51B02E54B9B5F967D547CE43136792901F9F88E637493DAAF401C92C279DD10F0EDB1C56F8080211F8480EE306
201 example. 86400 IN ZONEMD 2018031900 1 1 62E6CF51B02E54B9B5F967D547CE43136792901F9F88E637493DAAF401C92C279DD10F0EDB1C56F8080211F8480EE306
202 076578616D706C6500003F00010001518000467848B91C010208CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204F166B47E5613FD27
203 example. 86400 IN ZONEMD 2018031900 1 2 08CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204F166B47E5613FD27
204 076578616D706C6500003F00010001518000167848B91C01F0E2D523F654B9422A96C5A8F44607BBEE
205 example. 86400 IN ZONEMD 2018031900 1 240 E2D523F654B9422A96C5A8F44607BBEE
206 076578616D706C6500003F000100015180001A7848B91CF101E1846540E33A9E4189792D18D5D131F605FC283E
207 example. 86400 IN ZONEMD 2018031900 241 1 E1846540E33A9E4189792D18D5D131F605FC283E
208 03757269046172706100003F000100000E1000367849C5DE01011291B78DDF7669B1A39D014D87626B709B55774C5D7D58FADC556439889A10EAF6F11D615900A4F996BD46279514E473
209 uri.arpa. 3600 IN ZONEMD 2018100702 1 1 1291B78DDF7669B1A39D014D87626B709B55774C5D7D58FADC556439889A10EAF6F11D615900A4F996BD46279514E473
210 0C726F6F742D73657276657273036E657400003F00010036EE8000367849A05C0101F1CA0CCD91BD5573D9F431C00EE0101B2545C97602BE0A978A3B11DBFC1C776D5B3E86AE3D973D6B5349BA7F04340F79
211 root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 F1CA0CCD91BD5573D9F431C00EE0101B2545C97602BE0A978A3B11DBFC1C776D5B3E86AE3D973D6B5349BA7F04340F79
212 03666F6F00001D00010000303900100011111182BD2D4D69530BD400988D20
213 foo. 12345 IN LOC 12 45 52.333 N 105 40 33.452 W -24m 0.10m 0.10m 0.10m
214 03666F6F00000D000100003039000D05686F68756D0677656972646F
215 foo. 12345 IN HINFO "hohum" "weirdo"
+1
-1
testdata/ttl_msg.rpl less more
410410 ; cause a lookup for nx1.example.com bypassing the cache.
411411 ; with bug; this causes msg ttl for nx1 to be time(NOW)+ttl.
412412 ; so 15+5 = 20
413 ; visiable in debug log as "msg ttl is %d"
413 ; visible in debug log as "msg ttl is %d"
414414 STEP 40 QUERY
415415 ENTRY_BEGIN
416416 REPLY RD
+1
-1
testdata/val_keyprefetch_verify.rpl less more
218218
219219 ; now the key gets prefetched and has to be verified with the anchor,
220220 ; not with the key itself.
221 ; this answer is from cache enyway.
221 ; this answer is from cache anyway.
222222 STEP 30 QUERY
223223 ENTRY_BEGIN
224224 REPLY RD DO
+1
-1
testdata/val_nodata_failwc.rpl less more
4141 SECTION AUTHORITY
4242 nsecwc.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
4343 nsecwc.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY=
44 ; NSEC has a label lenght of 3, indication that the original owner name is:
44 ; NSEC has a label length of 3, indication that the original owner name is:
4545 ; *.nsecwc.nlnetlabs.nl. The NSEC therefore does no prove the NODATA answer.
4646 _25._tcp.mail.nsecwc.nlnetlabs.nl. 3600 IN NSEC delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC
4747 _25._tcp.mail.nsecwc.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw=
+2
-2
testdata/val_nsec3_optout_cache.rpl less more
137137 b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA=
138138
139139 ; span around sub.example.com., same span as foo.example.com, but it has
140 ; just changed and it is now larger to accomodate sub.example.com.
140 ; just changed and it is now larger to accommodate sub.example.com.
141141 6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
142142 6obgmo062d9935unjnnj2su5otaj9334.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABzruSKUUcJRNlYDqZ4UmQH/WnzeXt9Gozp3chS4cR0sqsEeGjL54eQ=
143143
163163 b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA=
164164
165165 ; span around sub.example.com., same span as foo.example.com, but it has
166 ; just changed and it is now larger to accomodate sub.example.com.
166 ; just changed and it is now larger to accommodate sub.example.com.
167167 6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
168168 6obgmo062d9935unjnnj2su5otaj9334.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABzruSKUUcJRNlYDqZ4UmQH/WnzeXt9Gozp3chS4cR0sqsEeGjL54eQ=
169169
+4
-0
testdata/zonemd.example1.zone less more
0 example.org. IN SOA ns.example.org. hostmaster.example.org. 200154054 28800 7200 604800 3600
1 example.org. IN NS ns.example.org.
2 www.example.org. IN A 127.0.0.1
3 ns.example.org. IN A 127.0.0.1
+35
-0
testdata/zonemd.example10.zone less more
0 ; DNSSEC signed but RRSIG on SOA is wrong.
1
2 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
3 ; old sig
4 ; example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
5 ; wrong sig
6 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgeAAAAA=
7 example.com. 3600 IN NS ns.example.com.
8 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
9 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
10 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
11 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
12 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
13 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
14 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
15 bar.example.com. 3600 IN A 1.2.3.4
16 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
17 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
18 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
19 ding.example.com. 3600 IN A 1.2.3.4
20 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
21 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
22 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
23 foo.example.com. 3600 IN A 1.2.3.4
24 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
25 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
26 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
27 ns.example.com. 3600 IN A 127.0.0.1
28 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
29 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
30 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
31 www.example.com. 3600 IN A 127.0.0.1
32 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
33 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
34 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
+33
-0
testdata/zonemd.example11.zone less more
0 ; DNSSEC NSEC zone, but ZONEMD is missing
1
2 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
3 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
4 example.com. 3600 IN NS ns.example.com.
5 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
6 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
7 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
8 ; missing ZONEMD
9 ;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
10 ;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
11 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
12 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
13 bar.example.com. 3600 IN A 1.2.3.4
14 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
15 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
16 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
17 ding.example.com. 3600 IN A 1.2.3.4
18 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
19 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
20 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
21 foo.example.com. 3600 IN A 1.2.3.4
22 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
23 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
24 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
25 ns.example.com. 3600 IN A 127.0.0.1
26 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
27 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
28 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
29 www.example.com. 3600 IN A 127.0.0.1
30 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
31 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
32 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
+35
-0
testdata/zonemd.example12.zone less more
0 ; DNSSEC NSEC3 zone, but ZONEMD is missing
1
2 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
3 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
4 example.com. 3600 IN NS ns.example.com.
5 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
6 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
7 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
8 example.com. 3600 IN NSEC3PARAM 1 0 1 012345
9 example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw=
10 ; missing ZONEMD
11 ;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd
12 ;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k=
13 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63
14 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY=
15 bar.example.com. 3600 IN A 1.2.3.4
16 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
17 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG
18 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns=
19 ding.example.com. 3600 IN A 1.2.3.4
20 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
21 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG
22 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g=
23 foo.example.com. 3600 IN A 1.2.3.4
24 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
25 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG
26 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ=
27 ns.example.com. 3600 IN A 127.0.0.1
28 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
29 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG
30 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI=
31 www.example.com. 3600 IN A 127.0.0.1
32 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
33 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG
34 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU=
+33
-0
testdata/zonemd.example13.zone less more
0 ; DNSSEC NSEC zone without ZONEMD, but NSEC RRSIG is wrong
1
2 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
3 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
4 example.com. 3600 IN NS ns.example.com.
5 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
6 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
7 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
8 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY
9 ; old sig
10 ;example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA=
11 ; wrong sig
12 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVAAAAA=
13 bar.example.com. 3600 IN A 1.2.3.4
14 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
15 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
16 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
17 ding.example.com. 3600 IN A 1.2.3.4
18 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
19 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
20 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
21 foo.example.com. 3600 IN A 1.2.3.4
22 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
23 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
24 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
25 ns.example.com. 3600 IN A 127.0.0.1
26 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
27 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
28 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
29 www.example.com. 3600 IN A 127.0.0.1
30 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
31 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
32 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
+35
-0
testdata/zonemd.example14.zone less more
0 ; DNSSEC NSEC3 zone without ZONEMD, but NSEC3 RRSIG is wrong
1
2 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
3 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
4 example.com. 3600 IN NS ns.example.com.
5 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
6 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
7 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
8 example.com. 3600 IN NSEC3PARAM 1 0 1 012345
9 example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw=
10 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM
11 ; old sig
12 ;v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ=
13 ; wrong sig
14 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxAAAAA=
15 bar.example.com. 3600 IN A 1.2.3.4
16 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
17 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG
18 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns=
19 ding.example.com. 3600 IN A 1.2.3.4
20 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
21 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG
22 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g=
23 foo.example.com. 3600 IN A 1.2.3.4
24 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
25 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG
26 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ=
27 ns.example.com. 3600 IN A 127.0.0.1
28 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
29 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG
30 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI=
31 www.example.com. 3600 IN A 127.0.0.1
32 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
33 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG
34 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU=
+35
-0
testdata/zonemd.example15.zone less more
0 ; DNSSEC signed but DNSKEY RRSIG is wrong.
1
2 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
3 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
4 example.com. 3600 IN NS ns.example.com.
5 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
6 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
7 ; old sig
8 ;example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
9 ; wrong sig
10 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2AAAAA=
11 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
12 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
13 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
14 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
15 bar.example.com. 3600 IN A 1.2.3.4
16 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
17 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
18 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
19 ding.example.com. 3600 IN A 1.2.3.4
20 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
21 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
22 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
23 foo.example.com. 3600 IN A 1.2.3.4
24 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
25 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
26 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
27 ns.example.com. 3600 IN A 127.0.0.1
28 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
29 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
30 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
31 www.example.com. 3600 IN A 127.0.0.1
32 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
33 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
34 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
+11
-0
testdata/zonemd.example16.zone less more
0 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
1 example.com. IN NS ns.example.com.
2 ; the ZONEMD that should be in this file, without DNSSEC
3 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
4 ; duplicate zonemd with same scheme and algorithm (different at end)
5 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D720000
6 www.example.com. IN A 127.0.0.1
7 ns.example.com. IN A 127.0.0.1
8 bar.example.com. IN A 1.2.3.4
9 ding.example.com. IN A 1.2.3.4
10 foo.example.com. IN A 1.2.3.4
+11
-0
testdata/zonemd.example17.zone less more
0 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
1 ; capitalisation is different here.
2 exaMPLe.cOM. IN NS Ns.exaMPLe.cOm.
3 ; the ZONEMD that should be in this file, without DNSSEC
4 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
5 ; capitalisation is different here.
6 wWW.exAMPLe.cOM. IN A 127.0.0.1
7 ns.example.com. IN A 127.0.0.1
8 bar.example.com. IN A 1.2.3.4
9 ding.example.com. IN A 1.2.3.4
10 foo.example.com. IN A 1.2.3.4
+15
-0
testdata/zonemd.example2.zone less more
0 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
1 example.com. IN NS ns.example.com.
2 ; the ZONEMD that should be in this file, without DNSSEC
3 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
4 ; incorrect digest in example3 and example4.
5 ;example.com. IN TYPE63 \# 70 0BEE1BC60102EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
6 ; correct digest for example 5.
7 ;example.com. IN TYPE63 \# 70 0BEE1BC6010258F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F
8 ; correct digest for example 6.
9 ;example.com. IN TYPE63 \# 70 0BEE1BC6010246E31506F321C58DB811C934C6446141D651A8574FB21088A2BB6FEEC875FC8B60F50BEAE00E7F6554E2CF3CB048350EF92E2946137443E30079813DB4D1BFBD
10 www.example.com. IN A 127.0.0.1
11 ns.example.com. IN A 127.0.0.1
12 bar.example.com. IN A 1.2.3.4
13 ding.example.com. IN A 1.2.3.4
14 foo.example.com. IN A 1.2.3.4
+34
-0
testdata/zonemd.example3.zone less more
0 ; signed version of zonemd.example2.zone
1 ; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566
2 ; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature.
3
4 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
5 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
6 example.com. 3600 IN NS ns.example.com.
7 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
8 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
9 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
10 example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22
11 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8=
12 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
13 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
14 bar.example.com. 3600 IN A 1.2.3.4
15 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
16 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
17 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
18 ding.example.com. 3600 IN A 1.2.3.4
19 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
20 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
21 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
22 foo.example.com. 3600 IN A 1.2.3.4
23 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
24 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
25 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
26 ns.example.com. 3600 IN A 127.0.0.1
27 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
28 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
29 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
30 www.example.com. 3600 IN A 127.0.0.1
31 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
32 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
33 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
+36
-0
testdata/zonemd.example4.zone less more
0 ; signed with NSEC3, of zonemd.example.2.zone
1 ; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566
2 ; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature.
3
4 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
5 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
6 example.com. 3600 IN NS ns.example.com.
7 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
8 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
9 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
10 example.com. 3600 IN NSEC3PARAM 1 0 1 012345
11 example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw=
12 example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22
13 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8=
14 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63
15 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY=
16 bar.example.com. 3600 IN A 1.2.3.4
17 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
18 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG
19 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns=
20 ding.example.com. 3600 IN A 1.2.3.4
21 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
22 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG
23 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g=
24 foo.example.com. 3600 IN A 1.2.3.4
25 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
26 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG
27 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ=
28 ns.example.com. 3600 IN A 127.0.0.1
29 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
30 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG
31 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI=
32 www.example.com. 3600 IN A 127.0.0.1
33 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
34 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG
35 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU=
+34
-0
testdata/zonemd.example5.zone less more
0 ; signed version of zonemd.example2.zone
1 ; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566
2 ; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature.
3
4 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
5 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
6 example.com. 3600 IN NS ns.example.com.
7 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
8 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
9 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
10 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
11 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
12 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
13 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
14 bar.example.com. 3600 IN A 1.2.3.4
15 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
16 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
17 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
18 ding.example.com. 3600 IN A 1.2.3.4
19 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
20 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
21 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
22 foo.example.com. 3600 IN A 1.2.3.4
23 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
24 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
25 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
26 ns.example.com. 3600 IN A 127.0.0.1
27 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
28 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
29 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
30 www.example.com. 3600 IN A 127.0.0.1
31 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
32 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
33 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
+36
-0
testdata/zonemd.example6.zone less more
0 ; signed with NSEC3, of zonemd.example.2.zone
1 ; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566
2 ; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature.
3
4 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
5 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
6 example.com. 3600 IN NS ns.example.com.
7 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
8 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
9 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
10 example.com. 3600 IN NSEC3PARAM 1 0 1 012345
11 example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw=
12 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd
13 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k=
14 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63
15 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY=
16 bar.example.com. 3600 IN A 1.2.3.4
17 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
18 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG
19 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns=
20 ding.example.com. 3600 IN A 1.2.3.4
21 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
22 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG
23 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g=
24 foo.example.com. 3600 IN A 1.2.3.4
25 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
26 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG
27 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ=
28 ns.example.com. 3600 IN A 127.0.0.1
29 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
30 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG
31 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI=
32 www.example.com. 3600 IN A 127.0.0.1
33 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
34 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG
35 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU=
+31
-0
testdata/zonemd.example7.zone less more
0 ; DNSSEC NSEC zone without ZONEMD
1 ; created with
2 ; ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566
3 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
4 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
5 example.com. 3600 IN NS ns.example.com.
6 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
7 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
8 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
9 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY
10 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA=
11 bar.example.com. 3600 IN A 1.2.3.4
12 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
13 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
14 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
15 ding.example.com. 3600 IN A 1.2.3.4
16 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
17 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
18 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
19 foo.example.com. 3600 IN A 1.2.3.4
20 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
21 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
22 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
23 ns.example.com. 3600 IN A 127.0.0.1
24 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
25 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
26 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
27 www.example.com. 3600 IN A 127.0.0.1
28 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
29 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
30 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
+34
-0
testdata/zonemd.example8.zone less more
0 ; DNSSEC NSEC3 zone without ZONEMD
1 ; created with
2 ; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566
3
4 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
5 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
6 example.com. 3600 IN NS ns.example.com.
7 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
8 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
9 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
10 example.com. 3600 IN NSEC3PARAM 1 0 1 012345
11 example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw=
12 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM
13 v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ=
14 bar.example.com. 3600 IN A 1.2.3.4
15 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
16 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG
17 c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns=
18 ding.example.com. 3600 IN A 1.2.3.4
19 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
20 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG
21 r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g=
22 foo.example.com. 3600 IN A 1.2.3.4
23 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
24 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG
25 f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ=
26 ns.example.com. 3600 IN A 127.0.0.1
27 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
28 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG
29 2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI=
30 www.example.com. 3600 IN A 127.0.0.1
31 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
32 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG
33 91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU=
+35
-0
testdata/zonemd.example9.zone less more
0 ; signed zone but RRSIG on ZONEMD is wrong.
1
2 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
3 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM=
4 example.com. 3600 IN NS ns.example.com.
5 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg=
6 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
7 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA=
8 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f
9 ; old sig
10 ; example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y=
11 ; wrong sig
12 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVAAAAA=
13 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63
14 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo=
15 bar.example.com. 3600 IN A 1.2.3.4
16 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds=
17 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC
18 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0=
19 ding.example.com. 3600 IN A 1.2.3.4
20 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko=
21 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC
22 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU=
23 foo.example.com. 3600 IN A 1.2.3.4
24 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA=
25 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC
26 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s=
27 ns.example.com. 3600 IN A 127.0.0.1
28 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg=
29 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC
30 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A=
31 www.example.com. 3600 IN A 127.0.0.1
32 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ=
33 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC
34 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI=
+6
-0
testdata/zonemd.example_a1.zone less more
0 example. 86400 IN SOA ns1 admin 2018031900 ( 1800 900 604800 86400 )
1 86400 IN NS ns1
2 86400 IN NS ns2
3 86400 IN ZONEMD 2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c )
4 ns1 3600 IN A 203.0.113.63
5 ns2 3600 IN AAAA 2001:db8::63
+25
-0
testdata/zonemd.example_a2.zone less more
0 example. 86400 IN SOA ns1 admin 2018031900 (
1 1800 900 604800 86400 )
2 86400 IN NS ns1
3 86400 IN NS ns2
4 86400 IN ZONEMD 2018031900 1 1 (
5 31cefb03814f5062
6 ad12fa951ba0ef5f
7 8da6ae354a415767
8 246f7dc932ceb1e7
9 42a2108f529db6a3
10 3a11c01493de358d )
11 ns1 3600 IN A 203.0.113.63
12 ns2 3600 IN AAAA 2001:db8::63
13 occluded.sub 7200 IN TXT "I'm occluded but must be digested"
14 sub 7200 IN NS ns1
15 duplicate 300 IN TXT "I must be digested just once"
16 duplicate 300 IN TXT "I must be digested just once"
17 foo.test. 555 IN TXT "out-of-zone data must be excluded"
18 non-apex 900 IN ZONEMD 2018031900 1 1 (
19 616c6c6f77656420
20 6275742069676e6f
21 7265642e20616c6c
22 6f77656420627574
23 2069676e6f726564
24 2e20616c6c6f7765 )
+30
-0
testdata/zonemd.example_a3.zone less more
0 example. 86400 IN SOA ns1 admin 2018031900 (
1 1800 900 604800 86400 )
2 example. 86400 IN NS ns1.example.
3 example. 86400 IN NS ns2.example.
4 example. 86400 IN ZONEMD 2018031900 1 1 (
5 62e6cf51b02e54b9
6 b5f967d547ce4313
7 6792901f9f88e637
8 493daaf401c92c27
9 9dd10f0edb1c56f8
10 080211f8480ee306 )
11 example. 86400 IN ZONEMD 2018031900 1 2 (
12 08cfa1115c7b948c
13 4163a901270395ea
14 226a930cd2cbcf2f
15 a9a5e6eb85f37c8a
16 4e114d884e66f176
17 eab121cb02db7d65
18 2e0cc4827e7a3204
19 f166b47e5613fd27 )
20 example. 86400 IN ZONEMD 2018031900 1 240 (
21 e2d523f654b9422a
22 96c5a8f44607bbee )
23 example. 86400 IN ZONEMD 2018031900 241 1 (
24 e1846540e33a9e41
25 89792d18d5d131f6
26 05fc283e )
27 ns1.example. 3600 IN A 203.0.113.63
28 ns2.example. 86400 IN TXT "This example has multiple digests"
29 ns2.example. 3600 IN AAAA 2001:db8::63
+127
-0
testdata/zonemd.example_a4.zone less more
0 uri.arpa. 3600 IN SOA sns.dns.icann.org. (
1 noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 )
2 uri.arpa. 3600 IN RRSIG NSEC 8 2 3600 (
3 20181028142623 20181007205525 47155 uri.arpa.
4 eEC4w/oXLR1Epwgv4MBiDtSBsXhqrJVvJWUpbX8XpetAvD35bxwNCUTi
5 /pAJVUXefegWeiriD2rkTgCBCMmn7YQIm3gdR+HjY/+o3BXNQnz97f+e
6 HAE9EDDzoNVfL1PyV/2fde9tDeUuAGVVwmD399NGq9jWYMRpyri2kysr q/g= )
7 uri.arpa. 86400 IN RRSIG NS 8 2 86400 (
8 20181028172020 20181007175821 47155 uri.arpa.
9 ATyV2A2A8ZoggC+68u4GuP5MOUuR+2rr3eWOkEU55zAHld/7FiBxl4ln
10 4byJYy7NudUwlMOEXajqFZE7DVl8PpcvrP3HeeGaVzKqaWj+aus0jbKF
11 Bsvs2b1qDZemBfkz/IfAhUTJKnto0vSUicJKfItu0GjyYNJCz2CqEuGD Wxc= )
12 uri.arpa. 600 IN RRSIG MX 8 2 600 (
13 20181028170556 20181007175821 47155 uri.arpa.
14 e7/r3KXDohX1lyVavetFFObp8fB8aXT76HnN9KCQDxSnSghNM83UQV0t
15 lTtD8JVeN1mCvcNFZpagwIgB7XhTtm6Beur/m5ES+4uSnVeS6Q66HBZK
16 A3mR95IpevuVIZvvJ+GcCAQpBo6KRODYvJ/c/ZG6sfYWkZ7qg/Em5/+3 4UI= )
17 uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 (
18 20181028152832 20181007175821 15796 uri.arpa.
19 nzpbnh0OqsgBBP8St28pLvPEQ3wZAUdEBuUwil+rtjjWlYYiqjPxZ286
20 XF4Rq1usfV5x71jZz5IqswOaQgia91ylodFpLuXD6FTGs2nXGhNKkg1V
21 chHgtwj70mXU72GefVgo8TxrFYzxuEFP5ZTP92t97FVWVVyyFd86sbbR
22 6DZj3uA2wEvqBVLECgJLrMQ9Yy7MueJl3UA4h4E6zO2JY9Yp0W9woq0B
23 dqkkwYTwzogyYffPmGAJG91RJ2h6cHtFjEZe2MnaY2glqniZ0WT9vXXd
24 uFPm0KD9U77Ac+ZtctAF9tsZwSdAoL365E2L1usZbA+K0BnPPqGFJRJk
25 5R0A1w== )
26 uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 (
27 20181028152832 20181007175821 55480 uri.arpa.
28 lWtQV/5szQjkXmbcD47/+rOW8kJPksRFHlzxxmzt906+DBYyfrH6uq5X
29 nHvrUlQO6M12uhqDeL+bDFVgqSpNy+42/OaZvaK3J8EzPZVBHPJykKMV
30 63T83aAiJrAyHzOaEdmzLCpalqcEE2ImzlLHSafManRfJL8Yuv+JDZFj
31 2WDWfEcUuwkmIZWX11zxp+DxwzyUlRl7x4+ok5iKZWIg5UnBAf6B8T75
32 WnXzlhCw3F2pXI0a5LYg71L3Tp/xhjN6Yy9jGlIRf5BjB59X2zra3a2R
33 PkI09SSnuEwHyF1mDaV5BmQrLGRnCjvwXA7ho2m+vv4SP5dUdXf+GTeA
34 1HeBfw== )
35 uri.arpa. 3600 IN RRSIG SOA 8 2 3600 (
36 20181029114753 20181008222815 47155 uri.arpa.
37 qn8yBNoHDjGdT79U2Wu9IIahoS0YPOgYP8lG+qwPcrZ1BwGiHywuoUa2
38 Mx6BWZlg+HDyaxj2iOmox+IIqoUHhXUbO7IUkJFlgrOKCgAR2twDHrXu
39 9BUQHy9SoV16wYm3kBTEPyxW5FFm8vcdnKAF7sxSY8BbaYNpRIEjDx4A JUc= )
40 uri.arpa. 3600 IN NSEC ftp.uri.arpa. NS SOA (
41 MX RRSIG NSEC DNSKEY )
42 uri.arpa. 86400 IN NS a.iana-servers.net.
43 uri.arpa. 86400 IN NS b.iana-servers.net.
44 uri.arpa. 86400 IN NS c.iana-servers.net.
45 uri.arpa. 86400 IN NS ns2.lacnic.net.
46 uri.arpa. 86400 IN NS sec3.apnic.net.
47 uri.arpa. 600 IN MX 10 pechora.icann.org.
48 uri.arpa. 3600 IN DNSKEY 256 3 8 (
49 AwEAAcBi7tSart2J599zbYWspMNGN70IBWb4ziqyQYH9MTB/VCz6WyUK
50 uXunwiJJbbQ3bcLqTLWEw134B6cTMHrZpjTAb5WAwg4XcWUu8mdcPTiL
51 Bl6qVRlRD0WiFCTzuYUfkwsh1Rbr7rvrxSQhF5rh71zSpwV5jjjp65Wx
52 SdJjlH0B )
53 uri.arpa. 3600 IN DNSKEY 257 3 8 (
54 AwEAAbNVv6ulgRdO31MtAehz7j3ALRjwZglWesnzvllQl/+hBRZr9QoY
55 cO2I+DkO4Q1NKxox4DUIxj8SxPO3GwDuOFR9q2/CFi2O0mZjafbdYtWc
56 3zSdBbi3q0cwCIx7GuG9eqlL+pg7mdk9dgdNZfHwB0LnqTD8ebLPsrO/
57 Id7kBaiqYOfMlZnh2fp+2h6OOJZHtY0DK1UlssyB5PKsE0tVzo5s6zo9
58 iXKe5u+8WTMaGDY49vG80JPAKE7ezMiH/NZcUMiE0PRZ8D3foq2dYuS5
59 ym+vA83Z7v8A+Rwh4UGnjxKB8zmr803V0ASAmHz/gwH5Vb0nH+LObwFt
60 l3wpbp+Wpm8= )
61 uri.arpa. 3600 IN DNSKEY 257 3 8 (
62 AwEAAbwnFTakCvaUKsXji4mgmxZUJi1IygbnGahbkmFEa0L16J+TchKR
63 wcgzVfsxUGa2MmeA4hgkAooC3uy+tTmoMsgy8uq/JAj24DjiHzd46LfD
64 FK/qMidVqFpYSHeq2Vv5ojkuIsx4oe4KsafGWYNOczKZgH5loGjN2aJG
65 mrIm++XCphOskgCsQYl65MIzuXffzJyxlAuts+ecAIiVeqRaqQfr8LRU
66 7wIsLxinXirprtQrbor+EtvlHp9qXE6ARTZDzf4jvsNpKvLFZtmxzFf3
67 e/UJz5eHjpwDSiZL7xE8aE1o1nGfPtJx9ZnB3bapltaJ5wY+5XOCKgY0
68 xmJVvNQlwdE= )
69 ftp.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 (
70 20181028080856 20181007175821 47155 uri.arpa.
71 HClGAqPxzkYkAT7Q/QNtQeB6YrkP6EPOef+9Qo5/2zngwAewXEAQiyF9
72 jD1USJiroM11QqBS3v3aIdW/LXORs4Ez3hLcKNO1cKHsOuWAqzmE+BPP
73 Arfh8N95jqh/q6vpaB9UtMkQ53tM2fYU1GszOLN0knxbHgDHAh2axMGH lqM= )
74 ftp.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 (
75 20181028103644 20181007205525 47155 uri.arpa.
76 WoLi+vZzkxaoLr2IGZnwkRvcDf6KxiWQd1WZP/U+AWnV+7MiqsWPZaf0
77 9toRErerGoFOiOASNxZjBGJrRgjmavOM9U+LZSconP9zrNFd4dIu6kp5
78 YxlQJ0uHOvx1ZHFCj6lAt1ACUIw04ZhMydTmi27c8MzEOMepvn7iH7r7 k7k= )
79 ftp.uri.arpa. 3600 IN NSEC http.uri.arpa. NAPTR (
80 RRSIG NSEC )
81 ftp.uri.arpa. 604800 IN NAPTR 0 0 "" "" (
82 "!^ftp://([^:/?#]*).*$!\\1!i" . )
83 http.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 (
84 20181029010647 20181007175821 47155 uri.arpa.
85 U03NntQ73LHWpfLmUK8nMsqkwVsOGW2KdsyuHYAjqQSZvKbtmbv7HBmE
86 H1+Ii3Z+wtfdMZBy5aC/6sHdx69BfZJs16xumycMlAy6325DKTQbIMN+
87 ift9GrKBC7cgCd2msF/uzSrYxxg4MJQzBPvlkwXnY3b7eJSlIXisBIn7 3b8= )
88 http.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 (
89 20181029011815 20181007205525 47155 uri.arpa.
90 T7mRrdag+WSmG+n22mtBSQ/0Y3v+rdDnfQV90LN5Fq32N5K2iYFajF7F
91 Tp56oOznytfcL4fHrqOE0wRc9NWOCCUec9C7Wa1gJQcllEvgoAM+L6f0
92 RsEjWq6+9jvlLKMXQv0xQuMX17338uoD/xiAFQSnDbiQKxwWMqVAimv5 7Zs= )
93 http.uri.arpa. 3600 IN NSEC mailto.uri.arpa. NAPTR (
94 RRSIG NSEC )
95 http.uri.arpa. 604800 IN NAPTR 0 0 "" "" (
96 "!^http://([^:/?#]*).*$!\\1!i" . )
97 mailto.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 (
98 20181028110727 20181007175821 47155 uri.arpa.
99 GvxzVL85rEukwGqtuLxek9ipwjBMfTOFIEyJ7afC8HxVMs6mfFa/nEM/
100 IdFvvFg+lcYoJSQYuSAVYFl3xPbgrxVSLK125QutCFMdC/YjuZEnq5cl
101 fQciMRD7R3+znZfm8d8u/snLV9w4D+lTBZrJJUBe1Efc8vum5vvV7819 ZoY= )
102 mailto.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 (
103 20181028141825 20181007205525 47155 uri.arpa.
104 MaADUgc3fc5v++M0YmqjGk3jBdfIA5RuP62hUSlPsFZO4k37erjIGCfF
105 j+g84yc+QgbSde0PQHszl9fE/+SU5ZXiS9YdcbzSZxp2erFpZOTchrpg
106 916T4vx6i59scodjb0l6bDyZ+mtIPrc1w6b4hUyOUTsDQoAJYxdfEuMg Vy4= )
107 mailto.uri.arpa. 3600 IN NSEC urn.uri.arpa. NAPTR (
108 RRSIG NSEC )
109 mailto.uri.arpa. 604800 IN NAPTR 0 0 "" "" (
110 "!^mailto:(.*)@(.*)$!\\2!i" . )
111 urn.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 (
112 20181028123243 20181007175821 47155 uri.arpa.
113 Hgsw4Deops1O8uWyELGe6hpR/OEqCnTHvahlwiQkHhO5CSEQrbhmFAWe
114 UOkmGAdTEYrSz+skLRQuITRMwzyFf4oUkZihGyhZyzHbcxWfuDc/Pd/9
115 DSl56gdeBwy1evn5wBTms8yWQVkNtphbJH395gRqZuaJs3LD/qTyJ5Dp LvA= )
116 urn.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 (
117 20181029071816 20181007205525 47155 uri.arpa.
118 ALIZD0vBqAQQt40GQ0Efaj8OCyE9xSRJRdyvyn/H/wZVXFRFKrQYrLAS
119 D/K7q6CMTOxTRCu2J8yes63WJiaJEdnh+dscXzZkmOg4n5PsgZbkvUSW
120 BiGtxvz5jNncM0xVbkjbtByrvJQAO1cU1mnlDKe1FmVB1uLpVdA9Ib4J hMU= )
121 urn.uri.arpa. 3600 IN NSEC uri.arpa. NAPTR RRSIG (
122 NSEC )
123 urn.uri.arpa. 604800 IN NAPTR 0 0 "" "" (
124 "/urn:([^:]+)/\\1/i" . )
125 uri.arpa. 3600 IN SOA sns.dns.icann.org. (
126 noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 )
+48
-0
testdata/zonemd.example_a5.zone less more
0 root-servers.net. 3600000 IN SOA a.root-servers.net. (
1 nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 )
2 root-servers.net. 3600000 IN NS a.root-servers.net.
3 root-servers.net. 3600000 IN NS b.root-servers.net.
4 root-servers.net. 3600000 IN NS c.root-servers.net.
5 root-servers.net. 3600000 IN NS d.root-servers.net.
6 root-servers.net. 3600000 IN NS e.root-servers.net.
7 root-servers.net. 3600000 IN NS f.root-servers.net.
8 root-servers.net. 3600000 IN NS g.root-servers.net.
9 root-servers.net. 3600000 IN NS h.root-servers.net.
10 root-servers.net. 3600000 IN NS i.root-servers.net.
11 root-servers.net. 3600000 IN NS j.root-servers.net.
12 root-servers.net. 3600000 IN NS k.root-servers.net.
13 root-servers.net. 3600000 IN NS l.root-servers.net.
14 root-servers.net. 3600000 IN NS m.root-servers.net.
15 a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
16 a.root-servers.net. 3600000 IN A 198.41.0.4
17 b.root-servers.net. 3600000 IN MX 20 mail.isi.edu.
18 b.root-servers.net. 3600000 IN AAAA 2001:500:200::b
19 b.root-servers.net. 3600000 IN A 199.9.14.201
20 c.root-servers.net. 3600000 IN AAAA 2001:500:2::c
21 c.root-servers.net. 3600000 IN A 192.33.4.12
22 d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
23 d.root-servers.net. 3600000 IN A 199.7.91.13
24 e.root-servers.net. 3600000 IN AAAA 2001:500:a8::e
25 e.root-servers.net. 3600000 IN A 192.203.230.10
26 f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
27 f.root-servers.net. 3600000 IN A 192.5.5.241
28 g.root-servers.net. 3600000 IN AAAA 2001:500:12::d0d
29 g.root-servers.net. 3600000 IN A 192.112.36.4
30 h.root-servers.net. 3600000 IN AAAA 2001:500:1::53
31 h.root-servers.net. 3600000 IN A 198.97.190.53
32 i.root-servers.net. 3600000 IN MX 10 mx.i.root-servers.org.
33 i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
34 i.root-servers.net. 3600000 IN A 192.36.148.17
35 j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
36 j.root-servers.net. 3600000 IN A 192.58.128.30
37 k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
38 k.root-servers.net. 3600000 IN A 193.0.14.129
39 l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42
40 l.root-servers.net. 3600000 IN A 199.7.83.42
41 m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
42 m.root-servers.net. 3600000 IN A 202.12.27.33
43 root-servers.net. 3600000 IN SOA a.root-servers.net. (
44 nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 )
45 root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 (
46 f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97
47 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 )
+23
-0
testdata/zonemd_reload.tdir/zonemd_reload.conf less more
0 server:
1 verbosity: 7
2 # num-threads: 1
3 interface: 127.0.0.1
4 port: @PORT@
5 use-syslog: no
6 directory: ""
7 pidfile: "unbound.pid"
8 chroot: ""
9 username: ""
10 do-not-query-localhost: no
11 use-caps-for-id: yes
12 remote-control:
13 control-enable: yes
14 control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
15 control-use-cert: no
16 auth-zone:
17 name: "example.com"
18 for-upstream: yes
19 for-downstream: yes
20 zonefile: "zonemd_reload.zone"
21 zonemd-check: yes
22 #master: "127.0.0.1@@TOPORT@"
+16
-0
testdata/zonemd_reload.tdir/zonemd_reload.dsc less more
0 BaseName: zonemd_reload
1 Version: 1.0
2 Description: ZONEMD check after auth_zone_reload
3 CreationDate: Tue 23 Oct 12:00:00 CEST 2020
4 Maintainer: dr. W.C.A. Wijngaards
5 Category:
6 Component:
7 CmdDepends:
8 Depends:
9 Help:
10 Pre: zonemd_reload.pre
11 Post: zonemd_reload.post
12 Test: zonemd_reload.test
13 AuxFiles:
14 Passed:
15 Failure:
+14
-0
testdata/zonemd_reload.tdir/zonemd_reload.post less more
0 # #-- zonemd_reload.post --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # source the test var file when it's there
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5 #
6 # do your teardown here
7 . ../common.sh
8 echo "> cat logfiles"
9 cat fwd.log
10 cat unbound.log
11 kill_pid $FWD_PID
12 kill_pid $UNBOUND_PID
13 rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
+35
-0
testdata/zonemd_reload.tdir/zonemd_reload.pre less more
0 # #-- zonemd_reload.pre--#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 . ../common.sh
7 get_random_port 2
8 UNBOUND_PORT=$RND_PORT
9 FWD_PORT=$(($RND_PORT + 1))
10 echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
11 echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
12
13 # start forwarder
14 get_ldns_testns
15 $LDNS_TESTNS -p $FWD_PORT zonemd_reload.testns >fwd.log 2>&1 &
16 FWD_PID=$!
17 echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
18
19 # make config file
20 CONTROL_PATH=/tmp
21 CONTROL_PID=$$
22 sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < zonemd_reload.conf > ub.conf
23 # start unbound in the background
24 PRE="../.."
25 $PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
26 UNBOUND_PID=$!
27 echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
28 echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
29 echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
30
31 cat .tpkg.var.test
32 wait_ldns_testns_up fwd.log
33 wait_unbound_up unbound.log
34
+74
-0
testdata/zonemd_reload.tdir/zonemd_reload.test less more
0 # #-- zonemd_reload.test --#
1 # source the master var file when it's there
2 [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
3 # use .tpkg.var.test for in test variable passing
4 [ -f .tpkg.var.test ] && source .tpkg.var.test
5
6 PRE="../.."
7 # do the test
8 echo "> dig www.example.com."
9 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
10 if grep SERVFAIL outfile; then
11 echo "> try again"
12 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
13 fi
14 if grep SERVFAIL outfile; then
15 echo "> try again"
16 sleep 1
17 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
18 fi
19 if grep SERVFAIL outfile; then
20 echo "> try again"
21 sleep 1
22 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
23 fi
24 if grep SERVFAIL outfile; then
25 echo "> try again"
26 sleep 1
27 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
28 fi
29 if grep SERVFAIL outfile; then
30 echo "> try again"
31 sleep 10
32 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
33 fi
34 if grep SERVFAIL outfile; then
35 echo "> try again"
36 sleep 10
37 dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
38 fi
39 echo "> cat logfiles"
40 cat fwd.log
41 cat unbound.log
42 echo "> check answer"
43 if grep www.example.com outfile | grep "192.0.2.1"; then
44 echo "OK"
45 else
46 echo "Not OK"
47 exit 1
48 fi
49
50 echo "> unbound-control status"
51 $PRE/unbound-control -c ub.conf status
52 if test $? -ne 0; then
53 echo "wrong exit value."
54 exit 1
55 else
56 echo "exit value: OK"
57 fi
58
59 echo "> unbound-control auth_zone_reload example.com"
60 $PRE/unbound-control -c ub.conf auth_zone_reload example.com 2>&1 | tee outfile
61 if test $? -ne 0; then
62 echo "wrong exit value."
63 exit 1
64 fi
65 echo "> check unbound-control output"
66 if grep "example.com: ZONEMD verification successful" outfile; then
67 echo "OK"
68 else
69 echo "Not OK"
70 exit 1
71 fi
72
73 exit 0
+27
-0
testdata/zonemd_reload.tdir/zonemd_reload.testns less more
0 ENTRY_BEGIN
1 MATCH opcode qtype qname
2 ADJUST copy_id
3 REPLY QR AA NOERROR
4 SECTION QUESTION
5 example.com. IN SOA
6 SECTION ANSWER
7 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
8 ENTRY_END
9
10 ENTRY_BEGIN
11 MATCH opcode qtype qname
12 ADJUST copy_id
13 REPLY QR AA NOERROR
14 SECTION QUESTION
15 example.com. IN AXFR
16 SECTION ANSWER
17 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
18 example.com. IN NS ns.example.net.
19 EXTRA_PACKET
20 REPLY QR AA NOERROR
21 SECTION QUESTION
22 example.com. IN AXFR
23 SECTION ANSWER
24 www.example.com. IN A 1.2.3.4
25 example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
26 ENTRY_END
+8
-0
testdata/zonemd_reload.tdir/zonemd_reload.zone less more
0 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
1 example.com. IN NS ns.example.com.
2 example.com. IN ZONEMD 200154054 1 2 D207FBBD1403DC8FDDC0159AB1F4B4C54A2FEB814E5CB1E82841C51D1372E78E4F6C75F7A9D710CC78C54E2DB3B92D07C72990644F93E1C44AC356EACA3980C5
3 www.example.com. IN A 192.0.2.1
4 ns.example.com. IN A 192.0.2.1
5 bar.example.com. IN A 1.2.3.4
6 ding.example.com. IN A 1.2.3.4
7 foo.example.com. IN A 1.2.3.4
+105
-4
util/config_file.c less more
104104 cfg->do_ip6 = 1;
105105 cfg->do_udp = 1;
106106 cfg->do_tcp = 1;
107 cfg->tcp_reuse_timeout = 60 * 1000; /* 60s in milisecs */
108 cfg->max_reuse_tcp_queries = 200;
107109 cfg->tcp_upstream = 0;
108110 cfg->udp_upstream_without_downstream = 0;
109111 cfg->tcp_mss = 0;
110112 cfg->outgoing_tcp_mss = 0;
111113 cfg->tcp_idle_timeout = 30 * 1000; /* 30s in millisecs */
114 cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */
112115 cfg->do_tcp_keepalive = 0;
113116 cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */
114117 cfg->ssl_service_key = NULL;
234237 cfg->hide_identity = 0;
235238 cfg->hide_version = 0;
236239 cfg->hide_trustanchor = 0;
240 cfg->hide_http_user_agent = 0;
237241 cfg->identity = NULL;
238242 cfg->version = NULL;
243 cfg->http_user_agent = NULL;
239244 cfg->nsid_cfg_str = NULL;
240245 cfg->nsid = NULL;
241246 cfg->nsid_len = 0;
249254 cfg->val_date_override = 0;
250255 cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */
251256 cfg->val_sig_skew_max = 86400; /* at most timezone settings trouble */
257 cfg->val_max_restart = 5;
252258 cfg->val_clean_additional = 1;
253259 cfg->val_log_level = 0;
254260 cfg->val_log_squelch = 0;
255261 cfg->val_permissive_mode = 0;
256 cfg->aggressive_nsec = 0;
262 cfg->aggressive_nsec = 1;
257263 cfg->ignore_cd = 0;
258264 cfg->serve_expired = 0;
259265 cfg->serve_expired_ttl = 0;
261267 cfg->serve_expired_reply_ttl = 30;
262268 cfg->serve_expired_client_timeout = 0;
263269 cfg->serve_original_ttl = 0;
270 cfg->zonemd_permissive_mode = 0;
264271 cfg->add_holddown = 30*24*3600;
265272 cfg->del_holddown = 30*24*3600;
266273 cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */
304311 if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
305312 #endif
306313 if(!(cfg->val_nsec3_key_iterations =
307 strdup("1024 150 2048 500 4096 2500"))) goto error_exit;
314 strdup("1024 150 2048 150 4096 150"))) goto error_exit;
308315 #if defined(DNSTAP_SOCKET_PATH)
309316 if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH)))
310317 goto error_exit;
322329 cfg->ratelimit_below_domain = NULL;
323330 cfg->ip_ratelimit_factor = 10;
324331 cfg->ratelimit_factor = 10;
332 cfg->ip_ratelimit_backoff = 0;
333 cfg->ratelimit_backoff = 0;
334 cfg->outbound_msg_retry = 5;
325335 cfg->qname_minimisation = 1;
326336 cfg->qname_minimisation_strict = 0;
327337 cfg->shm_enable = 0;
515525 udp_upstream_without_downstream)
516526 else S_NUMBER_NONZERO("tcp-mss:", tcp_mss)
517527 else S_NUMBER_NONZERO("outgoing-tcp-mss:", outgoing_tcp_mss)
528 else S_NUMBER_NONZERO("tcp-auth-query-timeout:", tcp_auth_query_timeout)
518529 else S_NUMBER_NONZERO("tcp-idle-timeout:", tcp_idle_timeout)
530 else S_NUMBER_NONZERO("max-reuse-tcp-queries:", max_reuse_tcp_queries)
531 else S_NUMBER_NONZERO("tcp-reuse-timeout:", tcp_reuse_timeout)
519532 else S_YNO("edns-tcp-keepalive:", do_tcp_keepalive)
520533 else S_NUMBER_NONZERO("edns-tcp-keepalive-timeout:", tcp_keepalive_timeout)
521534 else S_YNO("ssl-upstream:", ssl_upstream)
535 else S_YNO("tls-upstream:", ssl_upstream)
522536 else S_STR("ssl-service-key:", ssl_service_key)
537 else S_STR("tls-service-key:", ssl_service_key)
523538 else S_STR("ssl-service-pem:", ssl_service_pem)
539 else S_STR("tls-service-pem:", ssl_service_pem)
524540 else S_NUMBER_NONZERO("ssl-port:", ssl_port)
541 else S_NUMBER_NONZERO("tls-port:", ssl_port)
542 else S_STR("ssl-cert-bundle:", tls_cert_bundle)
525543 else S_STR("tls-cert-bundle:", tls_cert_bundle)
526544 else S_YNO("tls-win-cert:", tls_win_cert)
545 else S_STRLIST("additional-ssl-port:", tls_additional_port)
527546 else S_STRLIST("additional-tls-port:", tls_additional_port)
528547 else S_STRLIST("tls-additional-ports:", tls_additional_port)
529548 else S_STRLIST("tls-additional-port:", tls_additional_port)
586605 else S_YNO("hide-identity:", hide_identity)
587606 else S_YNO("hide-version:", hide_version)
588607 else S_YNO("hide-trustanchor:", hide_trustanchor)
608 else S_YNO("hide-http-user-agent:", hide_http_user_agent)
589609 else S_STR("identity:", identity)
590610 else S_STR("version:", version)
611 else S_STR("http-user-agent:", http_user_agent)
591612 else if(strcmp(opt, "nsid:") == 0) {
592613 free(cfg->nsid_cfg_str);
593614 if (!(cfg->nsid_cfg_str = strdup(val)))
648669 else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout)
649670 else S_YNO("serve-original-ttl:", serve_original_ttl)
650671 else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations)
672 else S_YNO("zonemd-permissive-mode:", zonemd_permissive_mode)
651673 else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown)
652674 else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown)
653675 else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing)
738760 else S_POW2("ratelimit-slabs:", ratelimit_slabs)
739761 else S_NUMBER_OR_ZERO("ip-ratelimit-factor:", ip_ratelimit_factor)
740762 else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor)
763 else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
764 else S_YNO("ratelimit-backoff:", ratelimit_backoff)
765 else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
741766 else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
742767 else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
743768 else S_YNO("qname-minimisation:", qname_minimisation)
755780 #endif
756781 else if(strcmp(opt, "define-tag:") ==0) {
757782 return config_add_tag(cfg, val);
758 /* val_sig_skew_min and max are copied into val_env during init,
759 * so this does not update val_env with set_option */
783 /* val_sig_skew_min, max and val_max_restart are copied into val_env
784 * during init so this does not update val_env with set_option */
760785 } else if(strcmp(opt, "val-sig-skew-min:") == 0)
761786 { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_min = (int32_t)atoi(val); }
762787 else if(strcmp(opt, "val-sig-skew-max:") == 0)
763788 { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); }
789 else if(strcmp(opt, "val-max-restart:") == 0)
790 { IS_NUMBER_OR_ZERO; cfg->val_max_restart = (int32_t)atoi(val); }
764791 else if (strcmp(opt, "outgoing-interface:") == 0) {
765792 char* d = strdup(val);
766793 char** oi =
10041031 else O_YNO(opt, "udp-upstream-without-downstream", udp_upstream_without_downstream)
10051032 else O_DEC(opt, "tcp-mss", tcp_mss)
10061033 else O_DEC(opt, "outgoing-tcp-mss", outgoing_tcp_mss)
1034 else O_DEC(opt, "tcp-auth-query-timeout", tcp_auth_query_timeout)
10071035 else O_DEC(opt, "tcp-idle-timeout", tcp_idle_timeout)
1036 else O_DEC(opt, "max-reuse-tcp-queries", max_reuse_tcp_queries)
1037 else O_DEC(opt, "tcp-reuse-timeout", tcp_reuse_timeout)
10081038 else O_YNO(opt, "edns-tcp-keepalive", do_tcp_keepalive)
10091039 else O_DEC(opt, "edns-tcp-keepalive-timeout", tcp_keepalive_timeout)
10101040 else O_YNO(opt, "ssl-upstream", ssl_upstream)
1041 else O_YNO(opt, "tls-upstream", ssl_upstream)
10111042 else O_STR(opt, "ssl-service-key", ssl_service_key)
1043 else O_STR(opt, "tls-service-key", ssl_service_key)
10121044 else O_STR(opt, "ssl-service-pem", ssl_service_pem)
1045 else O_STR(opt, "tls-service-pem", ssl_service_pem)
10131046 else O_DEC(opt, "ssl-port", ssl_port)
1047 else O_DEC(opt, "tls-port", ssl_port)
1048 else O_STR(opt, "ssl-cert-bundle", tls_cert_bundle)
10141049 else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
10151050 else O_YNO(opt, "tls-win-cert", tls_win_cert)
1051 else O_LST(opt, "additional-ssl-port", tls_additional_port)
1052 else O_LST(opt, "additional-tls-port", tls_additional_port)
1053 else O_LST(opt, "tls-additional-ports", tls_additional_port)
10161054 else O_LST(opt, "tls-additional-port", tls_additional_port)
10171055 else O_LST(opt, "tls-session-ticket-keys", tls_session_ticket_keys.first)
10181056 else O_STR(opt, "tls-ciphers", tls_ciphers)
10401078 else O_YNO(opt, "hide-identity", hide_identity)
10411079 else O_YNO(opt, "hide-version", hide_version)
10421080 else O_YNO(opt, "hide-trustanchor", hide_trustanchor)
1081 else O_YNO(opt, "hide-http-user-agent", hide_http_user_agent)
10431082 else O_STR(opt, "identity", identity)
10441083 else O_STR(opt, "version", version)
1084 else O_STR(opt, "http-user-agent", http_user_agent)
10451085 else O_STR(opt, "nsid", nsid_cfg_str)
10461086 else O_STR(opt, "target-fetch-policy", target_fetch_policy)
10471087 else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize)
10691109 else O_DEC(opt, "serve-expired-client-timeout", serve_expired_client_timeout)
10701110 else O_YNO(opt, "serve-original-ttl", serve_original_ttl)
10711111 else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations)
1112 else O_YNO(opt, "zonemd-permissive-mode", zonemd_permissive_mode)
10721113 else O_UNS(opt, "add-holddown", add_holddown)
10731114 else O_UNS(opt, "del-holddown", del_holddown)
10741115 else O_UNS(opt, "keep-missing", keep_missing)
11731214 else O_LS2(opt, "ratelimit-below-domain", ratelimit_below_domain)
11741215 else O_DEC(opt, "ip-ratelimit-factor", ip_ratelimit_factor)
11751216 else O_DEC(opt, "ratelimit-factor", ratelimit_factor)
1217 else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
1218 else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
1219 else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
11761220 else O_DEC(opt, "fast-server-num", fast_server_num)
11771221 else O_DEC(opt, "fast-server-permil", fast_server_permil)
11781222 else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
11791223 else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max)
1224 else O_DEC(opt, "val-max-restart", val_max_restart)
11801225 else O_YNO(opt, "qname-minimisation", qname_minimisation)
11811226 else O_YNO(opt, "qname-minimisation-strict", qname_minimisation_strict)
11821227 else O_IFC(opt, "define-tag", num_tags, tagname)
15151560 #endif
15161561 free(cfg->identity);
15171562 free(cfg->version);
1563 free(cfg->http_user_agent);
15181564 free(cfg->nsid_cfg_str);
15191565 free(cfg->nsid);
15201566 free(cfg->module_conf);
16801726 return num;
16811727 }
16821728
1729 void cfg_apply_local_port_policy(struct config_file* cfg, int num) {
1730 (void)cfg;
1731 (void)num;
1732 #ifdef USE_LINUX_IP_LOCAL_PORT_RANGE
1733 {
1734 int i = 0;
1735 FILE* range_fd;
1736 if ((range_fd = fopen(LINUX_IP_LOCAL_PORT_RANGE_PATH, "r")) != NULL) {
1737 int min_port = 0;
1738 int max_port = num - 1;
1739 if (fscanf(range_fd, "%d %d", &min_port, &max_port) == 2) {
1740 for(i=0; i<min_port; i++) {
1741 cfg->outgoing_avail_ports[i] = 0;
1742 }
1743 for(i=max_port+1; i<num; i++) {
1744 cfg->outgoing_avail_ports[i] = 0;
1745 }
1746 } else {
1747 log_err("unexpected port range in %s",
1748 LINUX_IP_LOCAL_PORT_RANGE_PATH);
1749 }
1750 fclose(range_fd);
1751 } else {
1752 log_err("failed to read from file: %s (%s)",
1753 LINUX_IP_LOCAL_PORT_RANGE_PATH,
1754 strerror(errno));
1755 }
1756 }
1757 #endif
1758 }
1759
16831760 /** print error with file and line number */
16841761 static void ub_c_error_va_list(const char *fmt, va_list args)
16851762 {
26042681 return (cfg->control_ifs.first->str[0] != '/');
26052682 }
26062683
2684 /** see if interface is https, its port number == the https port number */
2685 int
2686 if_is_https(const char* ifname, const char* port, int https_port)
2687 {
2688 char* p = strchr(ifname, '@');
2689 if(!p && atoi(port) == https_port)
2690 return 1;
2691 if(p && atoi(p+1) == https_port)
2692 return 1;
2693 return 0;
2694 }
2695
2696 /** see if config contains https turned on */
2697 int cfg_has_https(struct config_file* cfg)
2698 {
2699 int i;
2700 char portbuf[32];
2701 snprintf(portbuf, sizeof(portbuf), "%d", cfg->port);
2702 for(i = 0; i<cfg->num_ifs; i++) {
2703 if(if_is_https(cfg->ifs[i], portbuf, cfg->https_port))
2704 return 1;
2705 }
2706 return 0;
2707 }
+55
-1
util/config_file.h less more
9292 int do_udp;
9393 /** do tcp query support. */
9494 int do_tcp;
95 /** max number of queries on a reuse connection. */
96 size_t max_reuse_tcp_queries;
97 /** timeout for REUSE entries in milliseconds. */
98 int tcp_reuse_timeout;
99 /** timeout in milliseconds for TCP queries to auth servers. */
100 int tcp_auth_query_timeout;
95101 /** tcp upstream queries (no UDP upstream queries) */
96102 int tcp_upstream;
97103 /** udp upstream enabled when no UDP downstream is enabled (do_udp no)*/
333339 int hide_version;
334340 /** do not report trustanchor (trustanchor.unbound) */
335341 int hide_trustanchor;
342 /** do not report the User-Agent HTTP header */
343 int hide_http_user_agent;
336344 /** identity, hostname is returned if "". */
337345 char* identity;
338346 /** version, package version returned if "". */
339347 char* version;
348 /** User-Agent for HTTP header */
349 char* http_user_agent;
340350 /** nsid */
341351 char *nsid_cfg_str;
342352 uint8_t *nsid;
366376 int32_t val_sig_skew_min;
367377 /** the maximum for signature clock skew */
368378 int32_t val_sig_skew_max;
379 /** max number of query restarts, number of IPs to probe */
380 int32_t val_max_restart;
369381 /** this value sets the number of seconds before revalidating bogus */
370382 int bogus_ttl;
371383 /** should validator clean additional section for secure msgs */
395407 int serve_original_ttl;
396408 /** nsec3 maximum iterations per key size, string */
397409 char* val_nsec3_key_iterations;
410 /** if zonemd failures are permitted, only logged */
411 int zonemd_permissive_mode;
398412 /** autotrust add holddown time, in seconds */
399413 unsigned int add_holddown;
400414 /** autotrust del holddown time, in seconds */
550564 size_t ip_ratelimit_size;
551565 /** ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
552566 int ip_ratelimit_factor;
567 /** ratelimit backoff, when on, if the limit is reached it is
568 * considered an attack and it backs off until 'demand' decreases over
569 * the RATE_WINDOW. */
570 int ip_ratelimit_backoff;
553571
554572 /** ratelimit for domains. 0 is off, otherwise qps (unless overridden) */
555573 int ratelimit;
563581 struct config_str2list* ratelimit_below_domain;
564582 /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
565583 int ratelimit_factor;
584 /** ratelimit backoff, when on, if the limit is reached it is
585 * considered an attack and it backs off until 'demand' decreases over
586 * the RATE_WINDOW. */
587 int ratelimit_backoff;
588
589 /** number of retries on outgoing queries */
590 int outbound_msg_retry;
566591 /** minimise outgoing QNAME and hide original QTYPE if possible */
567592 int qname_minimisation;
568593 /** minimise QNAME in strict mode, minimise according to RFC.
682707 int isprime;
683708 /** if forward-first is set (failover to without if fails) */
684709 int isfirst;
710 /** use tcp for queries to this stub */
711 int tcp_upstream;
685712 /** use SSL for queries to this stub */
686713 int ssl_upstream;
687714 /*** no cache */
726753 /** Always reply with this CNAME target if the cname override action is
727754 * used */
728755 char* rpz_cname;
756 /** signal nxdomain block with unset RA */
757 int rpz_signal_nxdomain_ra;
758 /** Check ZONEMD records for this zone */
759 int zonemd_check;
760 /** Reject absence of ZONEMD records, zone must have one */
761 int zonemd_reject_absence;
729762 };
730763
731764 /**
10871120 int cfg_parse_memsize(const char* str, size_t* res);
10881121
10891122 /**
1090 * Parse nsid from string into binary nsid. nsid is either a hexidecimal
1123 * Parse nsid from string into binary nsid. nsid is either a hexadecimal
10911124 * string or an ascii string prepended with ascii_ in which case the
10921125 * characters after ascii_ are simply copied.
10931126 * @param str: the string to parse.
11701203 * @return: number of ports in array or 0 on error.
11711204 */
11721205 int cfg_condense_ports(struct config_file* cfg, int** avail);
1206
1207 /**
1208 * Apply system specific port range policy.
1209 * @param cfg: config file.
1210 * @param num: size of the array (65536).
1211 */
1212 void cfg_apply_local_port_policy(struct config_file* cfg, int num);
11731213
11741214 /**
11751215 * Scan ports available
13001340 /** debug option for unit tests. */
13011341 extern int fake_dsa, fake_sha1;
13021342
1343 /** see if interface is https, its port number == the https port number */
1344 int if_is_https(const char* ifname, const char* port, int https_port);
1345
1346 /**
1347 * Return true if the config contains settings that enable https.
1348 * @param cfg: config information.
1349 * @return true if https ports are used for server.
1350 */
1351 int cfg_has_https(struct config_file* cfg);
1352
1353 #ifdef USE_LINUX_IP_LOCAL_PORT_RANGE
1354 #define LINUX_IP_LOCAL_PORT_RANGE_PATH "/proc/sys/net/ipv4/ip_local_port_range"
1355 #endif
1356
13031357 #endif /* UTIL_CONFIG_FILE_H */
13041358
+4324
-4049
util/configlexer.c less more
353353 (yy_hold_char) = *yy_cp; \
354354 *yy_cp = '\0'; \
355355 (yy_c_buf_p) = yy_cp;
356 #define YY_NUM_RULES 343
357 #define YY_END_OF_BUFFER 344
356 #define YY_NUM_RULES 358
357 #define YY_END_OF_BUFFER 359
358358 /* This struct is not used in this scanner,
359359 but its presence is necessary. */
360360 struct yy_trans_info
362362 flex_int32_t yy_verify;
363363 flex_int32_t yy_nxt;
364364 };
365 static const flex_int16_t yy_accept[3354] =
365 static const flex_int16_t yy_accept[3558] =
366366 { 0,
367 1, 1, 317, 317, 321, 321, 325, 325, 329, 329,
368 1, 1, 333, 333, 337, 337, 344, 341, 1, 315,
369 315, 342, 2, 341, 341, 341, 341, 341, 341, 341,
370 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
371 341, 341, 341, 341, 341, 342, 317, 318, 318, 319,
372 342, 321, 322, 322, 323, 342, 328, 325, 326, 326,
373 327, 342, 329, 330, 330, 331, 342, 340, 316, 2,
374 320, 340, 342, 336, 333, 334, 334, 335, 342, 337,
375 338, 338, 339, 342, 341, 0, 1, 2, 2, 2,
376 2, 341, 341, 341, 341, 341, 341, 341, 341, 341,
377
378 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
379 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
380 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
381 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
382 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
383 341, 341, 341, 341, 341, 341, 341, 341, 341, 317,
384 0, 321, 0, 328, 0, 325, 329, 0, 340, 0,
385 2, 2, 340, 336, 0, 333, 337, 0, 341, 341,
386 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
387 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
388
389 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
390 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
391 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
392 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
393 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
394 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
395 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
396 341, 340, 341, 341, 341, 341, 341, 341, 341, 341,
397 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
398 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
399
400 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
401 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
402 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
403 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
404 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
405 341, 341, 341, 341, 341, 341, 341, 341, 125, 341,
406 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
407 341, 341, 341, 341, 341, 341, 341, 341, 341, 134,
408 341, 341, 341, 341, 341, 341, 341, 340, 341, 341,
409 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
410
411 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
412 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
413 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
414 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
415 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
416 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
417 341, 341, 341, 341, 341, 341, 109, 341, 314, 341,
418 341, 341, 341, 341, 341, 341, 8, 341, 341, 341,
419 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
420 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
421
422 341, 341, 341, 341, 341, 341, 126, 341, 341, 341,
423 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
424 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
425 341, 341, 341, 341, 341, 341, 341, 139, 341, 340,
426 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
427 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
428 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
429 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
430 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
431 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
432
433 341, 341, 341, 341, 341, 341, 341, 307, 341, 341,
434 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
435 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
436 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
437 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
438 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
439 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
440 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
441 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
442 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
443
444 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
445 341, 341, 340, 341, 341, 341, 341, 341, 341, 341,
446 341, 341, 341, 341, 341, 64, 341, 341, 341, 341,
447 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
448 239, 341, 14, 15, 341, 19, 18, 341, 341, 223,
449 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
450 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
451 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
452 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
453 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
454
455 341, 132, 341, 341, 341, 341, 341, 341, 341, 341,
456 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
457 341, 341, 341, 341, 341, 221, 341, 341, 341, 341,
458 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
459 341, 341, 341, 341, 341, 3, 341, 341, 341, 341,
460 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
461 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
462 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
463 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
464 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
465
466 340, 341, 341, 341, 341, 341, 341, 341, 301, 341,
467 341, 300, 341, 341, 341, 341, 341, 341, 341, 341,
468 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
469 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
470 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
471 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
472 341, 341, 341, 341, 341, 341, 341, 341, 341, 324,
473 341, 341, 341, 341, 341, 341, 341, 341, 63, 341,
474 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
475 341, 341, 341, 341, 341, 67, 341, 270, 341, 341,
476
477 341, 341, 341, 341, 341, 341, 308, 309, 341, 341,
478 341, 341, 341, 341, 341, 68, 341, 341, 133, 341,
479 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
480 341, 341, 341, 129, 341, 341, 341, 341, 341, 341,
481 341, 341, 341, 210, 341, 341, 341, 341, 341, 341,
482 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
483 341, 341, 341, 341, 21, 341, 341, 341, 341, 341,
484 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
485 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
486 341, 341, 341, 341, 158, 341, 341, 340, 324, 341,
487
488 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
489 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
490 107, 341, 341, 341, 341, 341, 341, 341, 278, 341,
491 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
492 341, 341, 341, 341, 341, 341, 182, 341, 341, 341,
493 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
494 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
495 341, 341, 341, 341, 341, 341, 157, 341, 341, 341,
496 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
497 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
498
499 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
500 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
501 341, 106, 341, 341, 341, 341, 341, 341, 341, 341,
502 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
503 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
504 32, 341, 341, 341, 341, 341, 341, 341, 341, 341,
505 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
506 33, 341, 341, 341, 341, 341, 341, 341, 341, 341,
507 341, 341, 341, 341, 341, 341, 65, 341, 341, 341,
508 341, 341, 341, 341, 341, 341, 131, 340, 341, 341,
509
510 341, 341, 341, 124, 341, 341, 341, 341, 341, 341,
511 341, 341, 341, 341, 341, 341, 341, 341, 341, 66,
512 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
513 341, 341, 243, 341, 341, 341, 341, 341, 341, 341,
514 341, 341, 341, 341, 341, 341, 183, 341, 341, 341,
515 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
516 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
517 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
518 341, 341, 341, 341, 54, 341, 341, 341, 341, 341,
519 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
520
521 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
522 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
523 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
524 341, 341, 341, 341, 341, 341, 341, 261, 341, 341,
525 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
526 341, 341, 341, 341, 341, 341, 341, 58, 341, 59,
527 341, 341, 341, 341, 341, 110, 341, 111, 341, 341,
528 341, 341, 108, 341, 341, 341, 341, 341, 341, 341,
529 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
530 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
531
532 341, 341, 7, 341, 340, 341, 341, 341, 341, 341,
533 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
534 341, 341, 341, 232, 341, 341, 341, 341, 160, 341,
535 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
536 341, 341, 341, 341, 341, 244, 341, 341, 341, 341,
537 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
538 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
539 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
540 341, 341, 45, 341, 341, 341, 341, 341, 341, 341,
541 341, 341, 55, 341, 341, 341, 341, 341, 341, 341,
542
543 341, 341, 341, 341, 341, 341, 341, 202, 341, 201,
544 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
545 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
546 341, 341, 341, 341, 341, 341, 341, 341, 16, 17,
547 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
548 341, 341, 341, 69, 341, 341, 341, 341, 341, 341,
549 341, 341, 341, 341, 341, 341, 209, 341, 341, 341,
550 341, 341, 341, 113, 341, 112, 341, 341, 341, 341,
551 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
552 341, 341, 341, 341, 341, 341, 341, 341, 193, 341,
553
554 341, 341, 341, 341, 341, 341, 341, 140, 340, 341,
555 341, 341, 341, 341, 341, 341, 341, 341, 341, 101,
556 341, 341, 341, 341, 341, 341, 341, 341, 341, 89,
557 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
558 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
559 341, 341, 341, 341, 341, 222, 341, 341, 341, 341,
560 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
561 341, 341, 341, 341, 94, 341, 341, 341, 341, 341,
562 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
563 341, 341, 341, 341, 341, 341, 62, 341, 341, 341,
564
565 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
566 341, 341, 341, 341, 341, 196, 197, 341, 341, 341,
567 272, 341, 341, 341, 341, 341, 341, 341, 341, 341,
568 341, 341, 341, 6, 341, 341, 341, 341, 341, 341,
569 291, 341, 341, 341, 341, 341, 341, 341, 341, 341,
570 341, 341, 341, 341, 341, 341, 341, 341, 276, 341,
571 341, 341, 341, 341, 341, 302, 341, 341, 341, 341,
572 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
573 341, 341, 341, 341, 341, 341, 341, 42, 341, 341,
574 341, 341, 44, 341, 341, 341, 90, 341, 341, 341,
575
576 341, 341, 52, 341, 341, 341, 341, 341, 341, 341,
577 340, 341, 189, 341, 341, 341, 135, 341, 341, 341,
578 341, 341, 341, 341, 341, 341, 341, 214, 341, 190,
579 341, 341, 341, 229, 341, 341, 341, 341, 341, 341,
580 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
581 341, 341, 341, 341, 53, 341, 341, 341, 341, 341,
582 341, 341, 341, 341, 341, 137, 118, 341, 119, 341,
583 341, 341, 117, 341, 341, 341, 341, 341, 341, 341,
584 341, 155, 341, 341, 50, 341, 341, 341, 341, 341,
585 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
586
587 341, 260, 341, 341, 341, 341, 341, 341, 341, 341,
588 341, 191, 341, 341, 341, 341, 341, 194, 341, 200,
589 341, 341, 341, 341, 341, 228, 341, 341, 341, 341,
590 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
591 341, 341, 105, 341, 341, 341, 341, 341, 341, 341,
592 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
593 341, 130, 341, 341, 341, 341, 341, 341, 341, 60,
594 341, 341, 341, 26, 341, 341, 341, 341, 341, 341,
595 341, 341, 341, 20, 341, 341, 341, 341, 341, 341,
596 27, 36, 341, 165, 341, 341, 341, 341, 341, 341,
597
598 341, 341, 341, 341, 341, 341, 341, 340, 341, 341,
599 341, 341, 341, 341, 77, 79, 341, 341, 341, 341,
600 341, 341, 341, 341, 341, 341, 341, 341, 341, 280,
601 341, 341, 341, 341, 240, 341, 341, 341, 341, 341,
602 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
603 341, 341, 341, 341, 341, 341, 341, 120, 341, 341,
604 341, 341, 341, 341, 341, 341, 341, 154, 341, 46,
605 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
606 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
607 341, 295, 341, 341, 341, 341, 341, 341, 341, 341,
608
609 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
610 159, 341, 341, 341, 341, 341, 341, 341, 341, 341,
611 341, 341, 341, 289, 341, 341, 341, 220, 341, 341,
612 341, 341, 341, 341, 341, 341, 341, 305, 341, 341,
613 341, 341, 341, 341, 341, 341, 341, 341, 341, 176,
614 341, 341, 341, 341, 341, 341, 341, 341, 341, 114,
615 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
616 341, 341, 341, 341, 341, 341, 341, 341, 341, 171,
617 341, 184, 341, 341, 341, 341, 340, 341, 143, 341,
618 341, 341, 341, 341, 100, 341, 341, 341, 341, 212,
619
620 341, 341, 341, 341, 341, 341, 230, 341, 341, 341,
621 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
622 341, 341, 341, 252, 341, 341, 341, 341, 341, 341,
623 341, 341, 341, 341, 136, 341, 341, 341, 341, 341,
624 341, 341, 341, 341, 341, 341, 341, 341, 341, 175,
625 341, 341, 341, 341, 341, 341, 80, 341, 81, 341,
626 341, 341, 341, 341, 61, 298, 341, 341, 341, 341,
627 341, 88, 185, 341, 203, 341, 233, 341, 341, 195,
628 273, 341, 341, 341, 341, 341, 73, 341, 187, 341,
629 341, 341, 341, 341, 9, 341, 341, 341, 341, 341,
630
631 104, 341, 341, 341, 341, 265, 341, 341, 341, 341,
632 211, 341, 341, 341, 341, 341, 341, 341, 341, 341,
633 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
634 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
635 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
636 341, 341, 341, 341, 341, 341, 341, 340, 341, 341,
637 341, 341, 174, 341, 341, 341, 341, 341, 341, 341,
638 341, 341, 341, 161, 341, 279, 341, 341, 341, 341,
639 341, 251, 341, 341, 341, 341, 341, 341, 341, 341,
640 341, 341, 341, 224, 341, 341, 341, 341, 341, 271,
641
642 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
643 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
644 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
645 299, 341, 186, 341, 341, 341, 341, 341, 341, 341,
646 72, 74, 341, 341, 341, 341, 341, 341, 341, 341,
647 341, 103, 341, 341, 341, 341, 263, 341, 341, 341,
648 341, 275, 341, 341, 341, 341, 341, 341, 341, 341,
649 341, 341, 341, 341, 216, 34, 28, 30, 341, 341,
650 341, 341, 341, 341, 341, 341, 341, 35, 341, 29,
651 31, 341, 341, 341, 341, 341, 341, 341, 341, 99,
652
653 341, 341, 341, 341, 341, 341, 340, 341, 341, 341,
654 341, 341, 341, 341, 341, 341, 341, 341, 218, 215,
655 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
656 341, 341, 341, 341, 341, 341, 341, 341, 71, 341,
657 341, 341, 138, 341, 121, 341, 341, 341, 341, 341,
658 341, 341, 341, 156, 47, 341, 341, 341, 332, 13,
659 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
660 293, 341, 296, 341, 341, 341, 341, 341, 341, 341,
661 341, 341, 341, 12, 341, 341, 22, 341, 341, 341,
662 341, 341, 269, 341, 341, 341, 341, 277, 341, 341,
663
664 341, 75, 341, 226, 341, 341, 341, 341, 341, 217,
665 341, 341, 70, 341, 341, 341, 341, 23, 341, 43,
666 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
667 341, 341, 170, 169, 332, 341, 341, 341, 341, 341,
668 341, 341, 341, 341, 219, 213, 341, 231, 341, 341,
669 281, 341, 341, 341, 341, 341, 341, 341, 341, 341,
670 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
671 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
672 341, 341, 341, 82, 341, 341, 341, 341, 264, 341,
673 341, 341, 341, 199, 341, 341, 341, 341, 225, 341,
674
675 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
676 303, 304, 167, 341, 341, 76, 341, 341, 341, 341,
677 177, 341, 341, 341, 115, 116, 341, 341, 341, 341,
678 162, 341, 164, 341, 204, 341, 341, 341, 341, 168,
679 341, 341, 234, 341, 341, 341, 341, 341, 341, 341,
680 145, 341, 341, 341, 341, 341, 341, 341, 341, 341,
681 341, 341, 341, 242, 341, 341, 341, 341, 341, 341,
682 341, 312, 341, 24, 341, 274, 341, 341, 341, 341,
683 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
684 86, 205, 341, 341, 262, 341, 297, 341, 198, 341,
685
686 341, 341, 341, 56, 341, 341, 341, 341, 341, 341,
687 4, 341, 341, 341, 341, 128, 144, 341, 341, 341,
688 181, 341, 341, 341, 341, 341, 341, 341, 341, 341,
689 341, 341, 341, 341, 341, 341, 237, 37, 38, 341,
690 341, 341, 341, 341, 341, 341, 282, 341, 341, 341,
691 341, 341, 341, 341, 250, 341, 341, 341, 341, 341,
692 341, 341, 341, 208, 341, 341, 341, 341, 341, 341,
693 341, 341, 341, 341, 341, 341, 85, 341, 57, 268,
694 341, 238, 341, 341, 341, 341, 11, 341, 341, 341,
695 341, 341, 341, 341, 341, 127, 341, 341, 341, 341,
696
697 206, 91, 341, 40, 341, 341, 341, 341, 341, 341,
698 341, 341, 173, 341, 341, 341, 341, 341, 147, 341,
699 341, 341, 341, 241, 341, 341, 341, 341, 341, 249,
700 341, 341, 341, 341, 141, 341, 341, 341, 122, 123,
701 341, 341, 341, 93, 97, 92, 341, 341, 341, 341,
702 83, 341, 341, 341, 341, 341, 10, 341, 341, 341,
703 341, 341, 266, 306, 341, 341, 341, 341, 311, 39,
704 341, 341, 341, 341, 341, 172, 341, 341, 341, 341,
705 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
706 341, 341, 341, 341, 341, 341, 341, 341, 341, 98,
707
708 96, 341, 51, 341, 341, 84, 294, 341, 341, 341,
709 341, 341, 341, 341, 341, 341, 192, 341, 341, 341,
710 341, 341, 207, 341, 341, 341, 341, 341, 341, 341,
711 341, 163, 78, 341, 341, 341, 341, 341, 283, 341,
712 341, 341, 341, 341, 341, 341, 246, 341, 341, 245,
713 142, 341, 341, 95, 48, 341, 148, 149, 152, 153,
714 150, 151, 87, 292, 341, 341, 267, 341, 341, 341,
715 341, 166, 341, 341, 341, 341, 341, 236, 341, 341,
716 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
717 341, 341, 341, 341, 341, 341, 341, 341, 179, 178,
718
719 41, 341, 341, 341, 341, 341, 341, 341, 341, 341,
720 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
721 341, 341, 341, 290, 341, 341, 341, 341, 102, 341,
722 235, 341, 259, 287, 341, 341, 341, 341, 341, 341,
723 341, 341, 341, 341, 341, 313, 341, 49, 5, 341,
724 341, 227, 341, 341, 288, 341, 341, 341, 341, 341,
725 341, 341, 341, 341, 247, 25, 341, 341, 341, 341,
726 341, 341, 341, 341, 341, 341, 341, 341, 248, 341,
727 341, 341, 146, 341, 341, 341, 341, 341, 341, 341,
728 341, 180, 341, 188, 341, 341, 341, 341, 341, 341,
729
730 341, 341, 341, 284, 341, 341, 341, 341, 341, 341,
731 341, 341, 341, 341, 341, 341, 341, 341, 341, 341,
732 341, 310, 341, 341, 255, 341, 341, 341, 341, 341,
733 285, 341, 341, 341, 341, 341, 341, 286, 341, 341,
734 341, 253, 341, 256, 257, 341, 341, 341, 341, 341,
735 254, 258, 0
367 1, 1, 332, 332, 336, 336, 340, 340, 344, 344,
368 1, 1, 348, 348, 352, 352, 359, 356, 1, 330,
369 330, 357, 2, 356, 356, 356, 356, 356, 356, 356,
370 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
371 356, 356, 356, 356, 356, 357, 332, 333, 333, 334,
372 357, 336, 337, 337, 338, 357, 343, 340, 341, 341,
373 342, 357, 344, 345, 345, 346, 357, 355, 331, 2,
374 335, 355, 357, 351, 348, 349, 349, 350, 357, 352,
375 353, 353, 354, 357, 356, 0, 1, 2, 2, 2,
376 2, 356, 356, 356, 356, 356, 356, 356, 356, 356,
377
378 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
379 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
380 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
381 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
382 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
383 356, 356, 356, 356, 356, 356, 356, 356, 356, 332,
384 0, 336, 0, 343, 0, 340, 344, 0, 355, 0,
385 2, 2, 355, 351, 0, 348, 352, 0, 356, 356,
386 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
387 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
388
389 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
390 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
391 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
392 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
393 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
394 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
395 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
396 356, 355, 356, 356, 356, 356, 356, 356, 356, 356,
397 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
398 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
399
400 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
401 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
402 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
403 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
404 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
405 356, 356, 356, 356, 356, 356, 356, 356, 356, 130,
406 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
407 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
408 140, 356, 356, 356, 356, 356, 356, 356, 355, 356,
409 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
410
411 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
412 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
413 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
414 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
415 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
416 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
417 356, 356, 356, 356, 356, 356, 356, 356, 112, 356,
418 329, 356, 356, 356, 356, 356, 356, 356, 356, 8,
419 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
420 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
421
422 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
423 131, 356, 356, 356, 356, 356, 356, 356, 356, 356,
424 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
425 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
426 356, 356, 356, 356, 145, 356, 356, 355, 356, 356,
427 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
428 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
429 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
430 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
431 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
432
433 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
434 356, 356, 356, 356, 356, 356, 356, 322, 356, 356,
435 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
436 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
437 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
438 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
439 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
440 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
441 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
442 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
443
444 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
445 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
446 356, 356, 356, 356, 356, 356, 356, 356, 356, 355,
447 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
448 356, 356, 67, 356, 356, 356, 356, 356, 356, 356,
449 356, 356, 356, 356, 356, 356, 356, 251, 356, 14,
450 15, 356, 19, 18, 356, 356, 235, 356, 356, 356,
451 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
452 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
453 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
454
455 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
456 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
457 138, 356, 356, 356, 356, 356, 356, 356, 356, 356,
458 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
459 356, 356, 356, 356, 356, 356, 233, 356, 356, 356,
460 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
461 356, 356, 356, 356, 356, 356, 356, 3, 356, 356,
462 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
463 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
464 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
465
466 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
467 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
468 356, 356, 356, 356, 356, 356, 356, 355, 356, 356,
469 356, 356, 356, 356, 356, 316, 356, 356, 315, 356,
470 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
471 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
472 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
473 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
474 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
475 356, 356, 356, 356, 356, 356, 356, 356, 339, 356,
476
477 356, 356, 356, 356, 356, 356, 356, 66, 356, 356,
478 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
479 356, 356, 356, 356, 70, 356, 285, 356, 356, 356,
480 356, 356, 356, 356, 356, 356, 323, 324, 356, 356,
481 356, 356, 356, 356, 356, 356, 71, 356, 356, 139,
482 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
483 356, 356, 356, 356, 134, 356, 356, 356, 356, 356,
484 356, 356, 356, 356, 356, 222, 356, 356, 356, 356,
485 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
486 356, 356, 356, 356, 356, 356, 356, 356, 21, 356,
487
488 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
489 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
490 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
491 165, 356, 356, 356, 356, 356, 355, 339, 356, 356,
492 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
493 356, 356, 356, 356, 356, 356, 356, 356, 356, 110,
494 356, 356, 356, 356, 356, 356, 356, 293, 356, 356,
495 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
496 356, 356, 356, 356, 356, 191, 356, 356, 356, 356,
497 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
498
499 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
500 356, 356, 356, 356, 356, 356, 356, 164, 356, 356,
501 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
502 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
503 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
504 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
505 356, 356, 356, 356, 109, 356, 356, 356, 356, 356,
506 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
507 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
508 356, 356, 356, 356, 35, 356, 356, 356, 356, 356,
509
510 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
511 356, 356, 356, 356, 356, 356, 356, 36, 356, 356,
512 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
513 356, 356, 356, 68, 356, 356, 356, 356, 356, 356,
514 356, 356, 356, 356, 137, 356, 356, 356, 355, 356,
515 356, 356, 356, 356, 129, 356, 356, 356, 356, 356,
516 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
517 69, 356, 356, 356, 356, 356, 356, 356, 356, 356,
518 356, 356, 356, 255, 356, 356, 356, 356, 356, 356,
519 356, 356, 356, 356, 356, 356, 356, 192, 356, 356,
520
521 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
522 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
523 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
524 356, 356, 356, 356, 356, 356, 356, 356, 57, 356,
525 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
526 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
527 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
528 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
529 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
530 356, 356, 356, 273, 356, 356, 356, 356, 356, 356,
531
532 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
533 356, 356, 356, 356, 61, 356, 62, 356, 356, 356,
534 356, 356, 113, 356, 114, 356, 356, 356, 356, 356,
535 111, 356, 356, 356, 356, 356, 356, 356, 356, 356,
536 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
537 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
538 356, 356, 356, 7, 356, 356, 356, 356, 355, 356,
539 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
540 356, 356, 356, 356, 356, 356, 356, 244, 356, 356,
541 356, 356, 168, 356, 356, 356, 356, 356, 356, 356,
542
543 356, 356, 356, 356, 356, 356, 356, 356, 356, 256,
544 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
545 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
546 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
547 356, 356, 356, 356, 356, 356, 356, 356, 356, 48,
548 356, 356, 356, 356, 356, 356, 356, 356, 356, 58,
549 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
550 356, 356, 356, 356, 214, 356, 213, 356, 356, 356,
551 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
552 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
553
554 356, 356, 356, 356, 356, 356, 356, 16, 17, 356,
555 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
556 356, 356, 72, 356, 356, 356, 356, 356, 356, 356,
557 356, 356, 356, 356, 356, 356, 221, 356, 356, 356,
558 356, 356, 356, 116, 356, 115, 356, 356, 356, 356,
559 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
560 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
561 356, 205, 356, 356, 356, 356, 356, 356, 356, 356,
562 356, 146, 356, 356, 356, 355, 356, 356, 356, 356,
563 356, 356, 356, 356, 356, 356, 104, 356, 356, 356,
564
565 356, 356, 356, 356, 356, 356, 92, 356, 356, 356,
566 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
567 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
568 356, 356, 234, 356, 356, 356, 356, 356, 356, 356,
569 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
570 356, 356, 97, 356, 356, 356, 356, 356, 356, 356,
571 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
572 356, 356, 356, 356, 356, 356, 65, 356, 356, 356,
573 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
574 356, 356, 356, 356, 356, 208, 209, 356, 356, 356,
575
576 287, 356, 356, 356, 356, 356, 356, 356, 356, 356,
577 356, 356, 356, 356, 6, 356, 356, 356, 356, 356,
578 356, 356, 306, 356, 356, 356, 356, 356, 356, 356,
579 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
580 356, 291, 356, 356, 356, 356, 356, 356, 356, 317,
581 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
582 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
583 356, 356, 356, 356, 45, 356, 356, 356, 356, 47,
584 356, 356, 356, 93, 356, 356, 356, 356, 356, 55,
585 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
586
587 356, 355, 356, 201, 356, 356, 356, 141, 356, 356,
588 356, 356, 356, 356, 356, 356, 356, 356, 226, 356,
589 202, 356, 356, 356, 241, 356, 356, 356, 356, 356,
590 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
591 356, 356, 356, 356, 356, 56, 356, 356, 356, 356,
592 356, 356, 356, 356, 356, 356, 143, 122, 356, 123,
593 356, 356, 356, 356, 121, 356, 356, 356, 356, 356,
594 356, 356, 356, 356, 161, 356, 356, 53, 356, 356,
595 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
596 356, 356, 356, 356, 356, 272, 356, 356, 356, 356,
597
598 356, 356, 356, 356, 356, 203, 356, 356, 356, 356,
599 356, 206, 356, 212, 356, 356, 356, 356, 356, 356,
600 240, 356, 356, 356, 356, 356, 356, 356, 356, 356,
601 356, 356, 356, 356, 356, 356, 356, 356, 108, 356,
602 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
603 356, 356, 356, 356, 356, 356, 356, 356, 135, 356,
604 356, 356, 356, 356, 356, 356, 356, 63, 356, 356,
605 356, 29, 356, 356, 356, 356, 356, 356, 356, 356,
606 356, 356, 356, 356, 20, 356, 356, 356, 356, 356,
607 356, 30, 39, 356, 173, 356, 356, 356, 356, 356,
608
609 356, 356, 356, 356, 356, 356, 356, 356, 356, 199,
610 356, 356, 355, 356, 356, 356, 356, 356, 356, 80,
611 82, 356, 356, 356, 356, 356, 356, 356, 356, 356,
612 356, 356, 356, 356, 295, 356, 356, 356, 356, 252,
613 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
614 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
615 356, 356, 124, 356, 356, 356, 356, 356, 356, 356,
616 356, 356, 356, 356, 160, 356, 49, 356, 356, 356,
617 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
618 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
619
620 310, 356, 356, 356, 356, 356, 356, 356, 356, 356,
621 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
622 167, 356, 356, 356, 356, 356, 356, 356, 356, 356,
623 356, 356, 356, 356, 304, 356, 356, 356, 232, 356,
624 356, 356, 356, 356, 356, 356, 356, 356, 356, 320,
625 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
626 356, 356, 185, 356, 356, 356, 356, 356, 356, 356,
627 356, 356, 117, 356, 356, 356, 356, 356, 356, 356,
628 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
629 356, 356, 356, 356, 356, 180, 356, 193, 356, 356,
630
631 356, 356, 356, 356, 356, 355, 356, 149, 356, 356,
632 356, 356, 356, 103, 356, 356, 356, 356, 224, 356,
633 356, 356, 356, 356, 356, 242, 356, 356, 356, 356,
634 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
635 356, 356, 264, 356, 356, 356, 356, 356, 356, 356,
636 356, 356, 356, 142, 356, 356, 356, 356, 356, 356,
637 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
638 356, 184, 356, 356, 356, 356, 356, 356, 83, 356,
639 84, 356, 356, 356, 356, 356, 356, 64, 313, 356,
640 356, 356, 356, 356, 91, 194, 356, 215, 356, 245,
641
642 356, 356, 207, 288, 356, 356, 356, 356, 356, 356,
643 76, 356, 196, 356, 356, 356, 356, 356, 356, 9,
644 356, 356, 356, 356, 356, 107, 356, 356, 356, 356,
645 356, 277, 356, 356, 356, 356, 223, 356, 356, 356,
646 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
647 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
648 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
649 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
650 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
651 355, 356, 356, 356, 356, 183, 356, 356, 356, 356,
652
653 356, 356, 356, 356, 356, 356, 169, 356, 294, 356,
654 356, 356, 356, 356, 263, 356, 356, 356, 356, 356,
655 356, 356, 356, 356, 356, 356, 236, 356, 356, 356,
656 356, 356, 286, 356, 356, 356, 356, 356, 356, 356,
657 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
658 166, 356, 356, 356, 356, 356, 356, 356, 356, 356,
659 356, 356, 356, 356, 356, 356, 356, 314, 356, 195,
660 356, 356, 356, 356, 356, 356, 356, 356, 75, 77,
661 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
662 106, 356, 356, 356, 356, 356, 275, 356, 356, 356,
663
664 356, 290, 356, 356, 356, 356, 356, 356, 356, 356,
665 356, 356, 356, 356, 356, 228, 37, 31, 33, 356,
666 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
667 356, 38, 356, 32, 34, 356, 356, 356, 356, 356,
668 356, 356, 356, 102, 356, 179, 356, 356, 356, 356,
669 356, 356, 356, 355, 356, 356, 356, 356, 356, 356,
670 356, 356, 356, 356, 356, 230, 227, 356, 356, 356,
671 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
672 356, 356, 356, 356, 356, 74, 356, 356, 356, 144,
673 356, 125, 356, 356, 356, 356, 356, 356, 356, 356,
674
675 356, 356, 162, 50, 356, 356, 356, 347, 13, 356,
676 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
677 308, 356, 311, 356, 356, 356, 356, 356, 356, 356,
678 356, 356, 356, 356, 356, 12, 356, 356, 22, 356,
679 356, 356, 356, 356, 356, 281, 356, 356, 356, 356,
680 292, 356, 356, 356, 356, 78, 356, 238, 356, 356,
681 356, 356, 356, 229, 356, 356, 73, 356, 356, 356,
682 356, 356, 356, 23, 356, 356, 46, 356, 356, 356,
683 356, 356, 356, 356, 356, 356, 356, 356, 356, 178,
684 177, 356, 356, 347, 356, 356, 356, 356, 356, 356,
685
686 356, 356, 356, 231, 225, 356, 243, 356, 356, 296,
687 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
688 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
689 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
690 356, 356, 356, 356, 85, 356, 356, 356, 356, 356,
691 276, 356, 356, 356, 356, 211, 356, 356, 356, 356,
692 356, 237, 356, 356, 356, 356, 356, 356, 356, 356,
693 356, 283, 356, 356, 356, 318, 319, 175, 356, 356,
694 356, 79, 356, 356, 356, 356, 186, 356, 356, 356,
695 118, 120, 119, 356, 356, 356, 25, 356, 356, 170,
696
697 356, 172, 356, 216, 356, 356, 356, 356, 176, 356,
698 356, 356, 356, 246, 356, 356, 356, 356, 356, 356,
699 356, 151, 356, 356, 356, 356, 356, 356, 356, 356,
700 356, 356, 356, 356, 254, 356, 356, 356, 356, 356,
701 356, 356, 327, 356, 27, 356, 289, 356, 356, 356,
702 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
703 356, 356, 356, 89, 217, 356, 356, 356, 274, 356,
704 312, 356, 210, 356, 356, 356, 356, 356, 284, 59,
705 356, 356, 356, 356, 356, 356, 4, 356, 356, 356,
706 356, 133, 356, 150, 356, 356, 356, 190, 356, 356,
707
708 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
709 356, 356, 356, 356, 356, 356, 249, 40, 41, 356,
710 356, 356, 356, 356, 356, 356, 297, 356, 356, 356,
711 356, 356, 356, 356, 262, 356, 356, 356, 356, 356,
712 356, 356, 356, 220, 356, 356, 356, 356, 356, 356,
713 356, 356, 356, 356, 356, 356, 356, 356, 88, 356,
714 60, 356, 280, 356, 250, 356, 356, 356, 356, 356,
715 11, 356, 356, 356, 356, 356, 356, 356, 356, 132,
716 356, 356, 356, 356, 356, 218, 94, 356, 356, 43,
717 356, 356, 356, 356, 356, 356, 356, 356, 182, 356,
718
719 356, 356, 356, 356, 356, 356, 153, 356, 356, 356,
720 356, 253, 356, 356, 356, 356, 356, 261, 356, 356,
721 356, 356, 147, 356, 356, 356, 126, 128, 127, 356,
722 356, 356, 96, 100, 95, 163, 356, 356, 356, 356,
723 86, 282, 356, 356, 356, 356, 356, 356, 10, 356,
724 356, 356, 356, 356, 278, 321, 356, 356, 356, 356,
725 356, 356, 326, 42, 356, 356, 356, 356, 356, 181,
726 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
727 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
728 356, 356, 356, 356, 356, 101, 99, 356, 54, 356,
729
730 356, 87, 309, 356, 356, 356, 356, 24, 356, 356,
731 356, 356, 356, 204, 356, 356, 356, 356, 356, 356,
732 219, 356, 356, 356, 356, 356, 356, 356, 356, 200,
733 356, 356, 171, 81, 356, 356, 356, 356, 356, 298,
734 356, 356, 356, 356, 356, 356, 356, 258, 356, 356,
735 257, 148, 356, 356, 98, 51, 356, 154, 155, 158,
736 159, 156, 157, 90, 307, 356, 356, 279, 136, 356,
737 356, 356, 26, 356, 174, 356, 356, 356, 356, 198,
738 356, 248, 356, 356, 356, 356, 356, 356, 356, 356,
739 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
740
741 356, 356, 188, 187, 44, 356, 356, 356, 356, 356,
742 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
743 356, 356, 356, 356, 356, 356, 356, 305, 356, 356,
744 356, 356, 105, 356, 247, 356, 271, 302, 356, 356,
745 356, 356, 356, 356, 356, 356, 356, 356, 356, 328,
746 356, 52, 5, 356, 356, 239, 356, 356, 303, 356,
747 356, 356, 356, 356, 356, 356, 356, 356, 259, 28,
748 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
749 356, 356, 260, 356, 356, 356, 152, 356, 356, 356,
750 356, 356, 356, 356, 356, 189, 356, 197, 356, 356,
751
752 356, 356, 356, 356, 356, 356, 356, 299, 356, 356,
753 356, 356, 356, 356, 356, 356, 356, 356, 356, 356,
754 356, 356, 356, 356, 356, 325, 356, 356, 267, 356,
755 356, 356, 356, 356, 300, 356, 356, 356, 356, 356,
756 356, 301, 356, 356, 356, 265, 356, 268, 269, 356,
757 356, 356, 356, 356, 266, 270, 0
736758 } ;
737759
738760 static const YY_CHAR yy_ec[256] =
778800 1, 1, 1, 1, 1, 1
779801 } ;
780802
781 static const flex_int16_t yy_base[3372] =
803 static const flex_int16_t yy_base[3576] =
782804 { 0,
783805 0, 0, 64, 67, 70, 72, 78, 84, 89, 92,
784 131, 137, 112, 118, 123, 142, 429, 383, 96, 9568,
785 9568, 9568, 160, 185, 116, 183, 229, 132, 175, 173,
806 131, 137, 112, 118, 123, 142, 429, 383, 96,10178,
807 10178,10178, 160, 185, 116, 183, 229, 132, 175, 173,
786808 232, 50, 66, 120, 263, 275, 151, 323, 134, 375,
787 416, 286, 308, 283, 126, 237, 374, 9568, 9568, 9568,
788 95, 372, 9568, 9568, 9568, 186, 361, 373, 9568, 9568,
789 9568, 258, 309, 9568, 9568, 9568, 104, 293, 9568, 266,
790 9568, 167, 351, 281, 311, 9568, 9568, 9568, 369, 268,
791 9568, 9568, 9568, 146, 252, 378, 177, 0, 392, 0,
809 416, 286, 308, 283, 126, 237, 374,10178,10178,10178,
810 95, 372,10178,10178,10178, 186, 361, 373,10178,10178,
811 10178, 258, 309,10178,10178,10178, 104, 293,10178, 266,
812 10178, 167, 351, 281, 311,10178,10178,10178, 369, 268,
813 10178,10178,10178, 146, 252, 378, 177, 0, 392, 0,
792814 0, 303, 270, 235, 317, 362, 344, 384, 178, 177,
793815
794816 226, 420, 377, 330, 379, 402, 414, 419, 410, 453,
805827 734, 737, 724, 718, 745, 740, 749, 759, 766, 728,
806828 773, 760, 772, 787, 819, 789, 762, 797, 339, 802,
807829 827, 378, 808, 443, 832, 805, 699, 829, 725, 838,
808 836, 844, 843, 835, 852, 847, 866, 860, 849, 864,
809 875, 874, 871, 865, 868, 911, 885, 878, 893, 892,
810 894, 907, 908, 902, 913, 781, 909, 920, 921, 935,
811 912, 937, 930, 919, 943, 950, 948, 956, 957, 938,
812 958, 955, 953, 960, 954, 973, 969, 984, 994, 986,
813 993, 1002, 989, 995, 988, 996, 999, 987, 1013, 1014,
814 1022, 1026, 144, 1020, 1029, 1031, 1019, 1028, 1039, 1041,
815
816 1051, 1052, 1053, 1036, 1057, 1062, 1072, 1069, 1070, 1076,
817 1079, 1088, 1055, 1067, 1065, 1082, 1092, 1098, 1087, 1100,
818 1091, 1103, 1115, 1106, 1120, 1099, 1134, 1132, 1127, 1159,
819 1136, 1128, 1148, 1180, 1154, 1147, 1170, 1162, 1193, 1187,
820 1169, 1191, 1198, 1204, 1206, 1207, 1199, 1197, 1218, 1226,
821 1217, 1225, 1224, 1220, 1235, 1241, 1242, 1264, 9568, 1250,
822 1253, 1246, 1266, 1273, 1269, 1261, 1301, 1280, 1259, 1286,
823 1223, 1303, 1306, 1354, 1294, 1331, 1297, 1311, 1296, 9568,
824 1337, 1318, 1403, 1336, 1353, 1365, 1360, 1347, 1367, 1361,
825 1363, 1382, 1323, 1381, 1394, 1371, 1416, 1430, 1404, 1409,
826
827 1410, 1364, 1412, 1421, 1437, 1439, 1428, 1436, 1431, 1443,
828 1263, 1455, 1473, 1449, 1458, 1462, 1461, 1477, 1488, 1480,
829 1493, 1482, 1494, 1499, 1476, 1498, 1509, 1522, 1567, 1466,
830 1518, 1524, 1526, 1519, 1537, 1538, 1541, 1548, 1560, 1556,
831 1546, 1569, 1549, 1533, 1573, 1564, 1591, 1587, 1594, 1586,
832 1582, 1590, 1597, 1614, 1604, 1600, 1608, 1621, 1607, 1628,
833 1624, 1637, 1634, 1619, 1643, 1627, 9568, 1651, 9568, 1635,
834 1650, 1648, 1647, 1664, 1653, 1660, 9568, 1670, 1671, 1666,
835 1667, 1687, 1683, 1706, 1697, 1691, 1696, 1700, 1695, 1710,
836 1711, 1701, 1717, 1731, 1726, 1730, 1719, 1718, 1738, 1745,
837
838 1728, 1746, 1744, 1737, 1748, 1788, 9568, 1754, 1764, 1755,
839 1765, 1782, 1786, 1813, 1770, 1800, 1817, 1801, 1825, 1811,
840 1823, 1816, 1824, 1828, 1841, 1829, 1857, 1844, 1849, 1850,
841 1843, 1845, 1868, 1855, 1860, 1863, 1874, 9568, 1884, 1892,
842 1768, 1871, 1882, 1885, 1888, 1898, 1881, 1910, 1890, 1916,
843 1908, 1919, 1921, 1933, 1922, 1938, 1924, 1939, 1930, 1935,
844 1947, 1953, 1959, 1954, 1958, 1960, 1955, 1964, 1972, 1976,
845 1984, 1977, 1993, 1969, 1980, 1986, 1996, 1979, 2000, 1991,
846 2004, 1987, 2003, 2011, 2017, 2020, 2014, 2021, 2019, 2028,
847 2025, 2018, 2038, 2034, 2037, 2059, 2053, 2048, 2060, 2051,
848
849 2073, 2061, 2065, 2077, 2078, 2080, 2076, 9568, 2098, 2088,
850 2099, 2107, 2108, 2109, 2114, 2100, 2104, 2110, 2115, 2118,
851 2127, 2130, 2139, 2132, 2136, 2144, 2146, 2137, 2150, 2159,
852 2169, 2167, 2160, 2154, 2168, 2171, 2142, 2189, 2185, 2196,
853 2197, 2177, 2188, 2206, 2192, 2194, 2217, 2213, 2199, 2216,
854 2223, 2211, 2229, 2232, 2243, 2215, 2235, 2260, 2253, 2240,
855 2244, 2249, 2258, 2252, 2264, 2266, 2268, 2270, 2263, 2299,
856 2294, 2291, 2288, 2290, 2296, 2293, 2295, 2304, 2306, 2310,
857 2316, 2317, 2321, 2325, 2320, 2326, 2327, 2331, 2341, 2330,
858 2347, 2358, 2362, 2356, 2352, 2353, 2367, 2368, 2374, 2365,
859
860 2369, 2392, 2397, 2396, 2400, 2401, 2386, 2407, 2409, 2398,
861 2411, 2410, 2416, 2432, 2436, 2428, 2437, 2429, 2438, 2430,
862 2272, 2449, 2453, 2455, 2445, 9568, 2447, 2380, 2441, 2471,
863 2472, 2464, 2465, 2383, 2478, 2463, 2476, 2479, 2480, 2530,
864 9568, 2481, 9568, 9568, 2492, 9568, 9568, 2511, 2495, 9568,
865 2518, 2517, 2498, 2529, 2536, 2545, 2543, 2516, 2541, 2538,
866 2553, 2585, 2566, 2557, 2556, 2563, 2564, 2591, 2594, 2581,
867 2602, 2582, 2593, 2633, 2618, 2609, 2620, 2627, 2638, 2636,
868 2637, 2643, 2575, 2644, 2630, 2631, 2645, 2654, 2634, 2670,
869 2655, 2664, 2671, 2683, 2668, 2675, 2666, 2694, 2691, 2690,
870
871 2699, 9568, 2695, 2697, 2708, 2702, 2709, 2713, 2714, 2711,
872 2725, 2728, 2722, 2715, 2726, 2732, 2727, 2721, 2742, 2744,
873 2741, 2743, 2756, 2767, 2746, 9568, 2754, 2766, 2752, 2769,
874 2771, 2779, 2781, 2770, 2760, 2790, 2778, 2800, 2788, 2795,
875 2801, 2805, 2797, 2807, 2827, 9568, 2802, 2819, 2812, 2818,
876 2815, 2824, 2829, 2813, 2839, 2834, 2841, 2851, 2840, 2850,
877 2877, 2865, 2861, 2856, 2866, 2878, 2867, 2882, 2879, 2870,
878 2886, 2883, 2891, 2892, 2893, 2897, 2901, 2928, 2930, 2913,
879 2934, 2917, 2918, 2937, 2939, 2929, 2922, 2947, 2945, 2925,
880 2935, 2942, 2948, 2952, 2958, 2981, 2960, 2982, 2965, 2979,
881
882 2993, 2974, 2986, 2994, 2969, 2985, 2997, 2996, 9568, 2976,
883 3011, 9568, 3001, 2999, 3009, 3055, 3034, 3036, 3028, 3004,
884 3020, 3046, 3038, 3042, 3054, 3061, 3079, 3069, 3070, 3085,
885 3077, 3094, 3083, 3102, 3086, 3087, 3103, 3106, 3112, 3119,
886 3125, 3128, 3131, 381, 3130, 3110, 3121, 3120, 3167, 3137,
887 3145, 3129, 3151, 3152, 3156, 3174, 3157, 3170, 3172, 3169,
888 3165, 3198, 3192, 3188, 3194, 3199, 3205, 3207, 3202, 9568,
889 3212, 3220, 3208, 3219, 3215, 3241, 3235, 3226, 9568, 3234,
890 3239, 3236, 3246, 3247, 3238, 3253, 3244, 3255, 3261, 3265,
891 3251, 3267, 3280, 3272, 3295, 9568, 3282, 9568, 3279, 3285,
892
893 3283, 3287, 3297, 3296, 3312, 3313, 9568, 9568, 3314, 3321,
894 3299, 3326, 3322, 3320, 3323, 9568, 3327, 3356, 9568, 3333,
895 3349, 3341, 3339, 3351, 3347, 3358, 3354, 3377, 3353, 3380,
896 3372, 3379, 3374, 9568, 3386, 3370, 3385, 3397, 3392, 3394,
897 3400, 3404, 3383, 9568, 3414, 3407, 3419, 3431, 3428, 3424,
898 3421, 3434, 3441, 3422, 3426, 3436, 3435, 3430, 3449, 3459,
899 3466, 3468, 3469, 3464, 9568, 3457, 3458, 3482, 3476, 3479,
900 3480, 3483, 3470, 3485, 3484, 3491, 3502, 3512, 3505, 3508,
901 3503, 3529, 3530, 3511, 3528, 3527, 3515, 3531, 3524, 91,
902 3519, 3532, 3543, 3540, 9568, 3547, 3548, 3549, 128, 3557,
903
904 3558, 3567, 3572, 3574, 3578, 3560, 3586, 3587, 3575, 3585,
905 3593, 3592, 3589, 3594, 3604, 3596, 3606, 3619, 3600, 3610,
906 9568, 3628, 3618, 3616, 3624, 3635, 3620, 3644, 9568, 3646,
907 3647, 3652, 3654, 3662, 3651, 3661, 3653, 3668, 3673, 3678,
908 3674, 3685, 3689, 3684, 3691, 3687, 9568, 3703, 3699, 3710,
909 3707, 3712, 3718, 3714, 3713, 3720, 3719, 3724, 3733, 3725,
910 3731, 3734, 3745, 3746, 3750, 3742, 3747, 3751, 3759, 3761,
911 3760, 3769, 3763, 3772, 3774, 3765, 9568, 3805, 3787, 3790,
912 3799, 3791, 3794, 3808, 3803, 3825, 3800, 3809, 3820, 3821,
913 3860, 3826, 3835, 3848, 3827, 3840, 3849, 3862, 3854, 3872,
914
915 3863, 3853, 3881, 3900, 3887, 3866, 3885, 3893, 3892, 3888,
916 3898, 3922, 3923, 3921, 3924, 3947, 3930, 3917, 3932, 3939,
917 3941, 9568, 3942, 3836, 3927, 3955, 3975, 3962, 3954, 3972,
918 3966, 3969, 3968, 3981, 3970, 3990, 3985, 3993, 3992, 4004,
919 3996, 4007, 4008, 4003, 3997, 4013, 4025, 4011, 4029, 4030,
920 9568, 4036, 4041, 4028, 4035, 4050, 4031, 4054, 4059, 4056,
921 4043, 4048, 4065, 4052, 4073, 4062, 4075, 4058, 4088, 4066,
922 9568, 4092, 4083, 4096, 4091, 4099, 4089, 4103, 4109, 4115,
923 4113, 4116, 4111, 4100, 4127, 4124, 9568, 4118, 4149, 4141,
924 4154, 4143, 4131, 4142, 4155, 4139, 9568, 4145, 4147, 4148,
925
926 4162, 4168, 4172, 9568, 4170, 4176, 4164, 4165, 4181, 4174,
927 4182, 4201, 4186, 4189, 4192, 4199, 4207, 4195, 4216, 9568,
928 4205, 4230, 4217, 4227, 4231, 4226, 4223, 4234, 4251, 4233,
929 4244, 4241, 9568, 4269, 4243, 4261, 4280, 4258, 4263, 4266,
930 4276, 4282, 4273, 4274, 4290, 4278, 9568, 4283, 4288, 4301,
931 4311, 4309, 4302, 4304, 4307, 4314, 4308, 4316, 4317, 4322,
932 4329, 4340, 4335, 4346, 4334, 4349, 4354, 4350, 4357, 4343,
933 4359, 4373, 4376, 4369, 4374, 4382, 4364, 4368, 4392, 4399,
934 4403, 4404, 4401, 4405, 9568, 4408, 4407, 4409, 4394, 4410,
935 4400, 4398, 4416, 4419, 4424, 4434, 4443, 4438, 4435, 4458,
936
937 4460, 4436, 4463, 4440, 4447, 4467, 4468, 4453, 4457, 4470,
938 4462, 4487, 4475, 4483, 4479, 4490, 4510, 4489, 4493, 4494,
939 4499, 4495, 4503, 4514, 4506, 4528, 4519, 4523, 4520, 4527,
940 4543, 4539, 4545, 4535, 4551, 4540, 4555, 9568, 4546, 4558,
941 4562, 4559, 4565, 4568, 4578, 4598, 4582, 4586, 4589, 4592,
942 4603, 4591, 4602, 4605, 4595, 4608, 4600, 9568, 4610, 9568,
943 4612, 4626, 4616, 4641, 4625, 9568, 4640, 9568, 4643, 4648,
944 4634, 4635, 9568, 4653, 4637, 4654, 4658, 4661, 4644, 4647,
945 4664, 4668, 4678, 4680, 4681, 4683, 4675, 4667, 4696, 4690,
946 4693, 4707, 4686, 4715, 4714, 4702, 4720, 4708, 4725, 4728,
947
948 4724, 4735, 9568, 4719, 4717, 4738, 4723, 4734, 4744, 4741,
949 4768, 4767, 4755, 4757, 4773, 4765, 4771, 4759, 4785, 4783,
950 4794, 4770, 4796, 9568, 4791, 4807, 4789, 4803, 9568, 4806,
951 4795, 4812, 4823, 4814, 4802, 4810, 4839, 4826, 4830, 4831,
952 4829, 4856, 4836, 4840, 4841, 9568, 4852, 4868, 4853, 4879,
953 4864, 4870, 4886, 4872, 4883, 4889, 4897, 4880, 4881, 4875,
954 4895, 4876, 4912, 4903, 4923, 4920, 4924, 4904, 4921, 4928,
955 4929, 4917, 4913, 4916, 4918, 4943, 4944, 4919, 4940, 4945,
956 4964, 4950, 9568, 4956, 4961, 4962, 4979, 4960, 4970, 4974,
957 4976, 4977, 9568, 4978, 4988, 5004, 4987, 5010, 4997, 5002,
958
959 4995, 5000, 5014, 5005, 5021, 5040, 5017, 9568, 5036, 9568,
960 5032, 5031, 5042, 5053, 5050, 5046, 5063, 5054, 5055, 5067,
961 5060, 5069, 5078, 5072, 5076, 5079, 5095, 5091, 5045, 5075,
962 5089, 5101, 5090, 5096, 5103, 5126, 5106, 5117, 9568, 9568,
963 5115, 5121, 5131, 5127, 5136, 5142, 5149, 5148, 5146, 5134,
964 5141, 5153, 5186, 9568, 5168, 5170, 5161, 5187, 5195, 5175,
965 5194, 5201, 5198, 5190, 5205, 5200, 9568, 5188, 5197, 5210,
966 5213, 5220, 5212, 9568, 5228, 9568, 5215, 5222, 5235, 5237,
967 5231, 5232, 5238, 5240, 5248, 5256, 5262, 5247, 5266, 5257,
968 5258, 5259, 5280, 5275, 5287, 5268, 5281, 5273, 9568, 5292,
969
970 5274, 5295, 5293, 5301, 5304, 5302, 5289, 9568, 5315, 5308,
971 5310, 5313, 5318, 5322, 5334, 5329, 5337, 5335, 5336, 9568,
972 5333, 5326, 5356, 5353, 5340, 5349, 5366, 5369, 5377, 9568,
973 5373, 5375, 5374, 5381, 5376, 5385, 5383, 5370, 5367, 5380,
974 5391, 5401, 5414, 5411, 5410, 5408, 5416, 5417, 5404, 5440,
975 5427, 5415, 5429, 5400, 5413, 9568, 5436, 5441, 5442, 5444,
976 5463, 5459, 5461, 5470, 5474, 5456, 5477, 5479, 5457, 5472,
977 5481, 5490, 5500, 5495, 9568, 5501, 5491, 5515, 5486, 5513,
978 5512, 5499, 5518, 5514, 5517, 5503, 5526, 5528, 5530, 5520,
979 5551, 5534, 5542, 5546, 5553, 5547, 9568, 5576, 5558, 5562,
980
981 5573, 5541, 5568, 5587, 5579, 5578, 5580, 5584, 5582, 5585,
982 5596, 5595, 5618, 5620, 5604, 9568, 9568, 5621, 5602, 5623,
983 9568, 5625, 5609, 5631, 5633, 5628, 5626, 5635, 5629, 5613,
984 5636, 5644, 5651, 9568, 5668, 5677, 5654, 5672, 5680, 5681,
985 9568, 5663, 5685, 5684, 5686, 5678, 5669, 5696, 5690, 5695,
986 5701, 5694, 5723, 5708, 5731, 5707, 5717, 5729, 9568, 5710,
987 5714, 5734, 5738, 5721, 5728, 9568, 5726, 5748, 5761, 5758,
988 5759, 5769, 5767, 5766, 5773, 5753, 5770, 5780, 5776, 5763,
989 5785, 5792, 5787, 5801, 5813, 5814, 5812, 9568, 5808, 5807,
990 5800, 5821, 9568, 5822, 5830, 5797, 9568, 5836, 5811, 5841,
991
992 5839, 5857, 9568, 5842, 5849, 5843, 5831, 5864, 5838, 5866,
993 5862, 5859, 9568, 5863, 5858, 5869, 9568, 5876, 5887, 5872,
994 5892, 5880, 5902, 5889, 5903, 5899, 5901, 9568, 5904, 9568,
995 5914, 5906, 5911, 9568, 5913, 5922, 5915, 5921, 5937, 5938,
996 5945, 5948, 5953, 5935, 5947, 5936, 5939, 5963, 5952, 5964,
997 5942, 5959, 5970, 5962, 9568, 5992, 5978, 5989, 5979, 6000,
998 6002, 5995, 5987, 6005, 6017, 9568, 9568, 6009, 9568, 6015,
999 5997, 6023, 9568, 6006, 6027, 6022, 6026, 6045, 6049, 6047,
1000 6044, 9568, 6055, 6057, 9568, 6033, 6053, 6066, 6060, 6042,
1001 6061, 6062, 6068, 6071, 6084, 6085, 6086, 6087, 6076, 6090,
1002
1003 6103, 9568, 6080, 6083, 6104, 6115, 6107, 6117, 6118, 6130,
1004 6119, 9568, 6133, 6145, 6123, 6146, 6148, 9568, 6131, 9568,
1005 6136, 6144, 6149, 6157, 6150, 9568, 6168, 6165, 6156, 6163,
1006 6180, 6191, 6182, 6194, 6183, 6178, 6196, 6195, 6190, 6192,
1007 6213, 6207, 9568, 6205, 6219, 6202, 6210, 6220, 6216, 6244,
1008 6240, 6239, 6230, 6242, 6249, 6243, 6251, 6253, 6247, 6259,
1009 6266, 9568, 6278, 6271, 6267, 6297, 6277, 6286, 6291, 9568,
1010 6294, 6296, 6302, 9568, 6299, 6300, 6310, 6308, 6313, 6314,
1011 6309, 6324, 6327, 9568, 6333, 6336, 6323, 6339, 6350, 6340,
1012 9568, 9568, 6362, 9568, 6347, 6334, 6358, 6360, 6361, 6370,
1013
1014 6356, 6382, 6390, 6374, 6388, 6389, 6383, 6376, 6404, 6407,
1015 6412, 6408, 6406, 6402, 9568, 9568, 6424, 6427, 6421, 6432,
1016 6435, 6425, 6429, 6417, 6438, 6439, 6445, 6441, 6431, 9568,
1017 6456, 6451, 6457, 6455, 9568, 6452, 6476, 6462, 6478, 6486,
1018 6472, 6479, 6474, 6487, 6488, 6496, 6503, 6482, 6506, 6499,
1019 6509, 6504, 6513, 6523, 6522, 6521, 6529, 9568, 6533, 6526,
1020 6538, 6519, 6520, 6548, 6537, 6549, 6552, 9568, 6536, 9568,
1021 6564, 6556, 6568, 6578, 6581, 6582, 6583, 6576, 6579, 6585,
1022 6591, 6590, 6594, 6599, 6600, 6609, 6601, 6621, 6611, 6624,
1023 6626, 9568, 6627, 6614, 6617, 6623, 6639, 6640, 6628, 6643,
1024
1025 6638, 6645, 6648, 6641, 6652, 6669, 6657, 6667, 6664, 6658,
1026 9568, 6675, 6681, 6668, 6682, 6670, 6683, 6690, 6685, 6692,
1027 6699, 6696, 6698, 9568, 6706, 6703, 6724, 9568, 6709, 6708,
1028 6717, 6730, 6737, 6720, 6735, 6726, 6727, 9568, 6743, 6745,
1029 6748, 6736, 6753, 6756, 6752, 6759, 6764, 6779, 6791, 9568,
1030 6757, 6776, 6780, 6790, 6772, 6783, 6792, 6799, 6763, 9568,
1031 6815, 6822, 6787, 6798, 6807, 6835, 6832, 6834, 6808, 6830,
1032 6838, 6836, 6842, 6844, 6847, 6859, 6849, 6855, 6848, 9568,
1033 6857, 9568, 6858, 6880, 6863, 6886, 6883, 6869, 9568, 6876,
1034 6882, 6893, 6884, 6896, 9568, 6885, 6890, 6912, 6909, 9568,
1035
1036 6925, 6924, 6910, 6919, 6934, 6937, 9568, 6935, 6939, 6936,
1037 6945, 6948, 6940, 6944, 6933, 6952, 6958, 6959, 6962, 6976,
1038 6955, 6964, 6979, 9568, 6983, 6985, 6990, 6989, 6986, 6992,
1039 6982, 7003, 6993, 7005, 9568, 7019, 7006, 7011, 7009, 7021,
1040 7015, 7022, 7042, 7033, 7029, 7036, 7038, 7054, 7040, 9568,
1041 7052, 7056, 7063, 7046, 7062, 7069, 9568, 7066, 9568, 7073,
1042 7076, 7082, 7079, 7091, 9568, 9568, 7090, 7049, 7089, 7080,
1043 7099, 9568, 9568, 7110, 9568, 7093, 9568, 7109, 7097, 9568,
1044 9568, 7117, 7103, 7120, 7126, 7115, 9568, 7127, 9568, 7138,
1045 7133, 7130, 7121, 7136, 9568, 7132, 7142, 7150, 7152, 7139,
1046
1047 9568, 7158, 7160, 7153, 7159, 9568, 7175, 7173, 7163, 7165,
1048 9568, 7180, 7184, 7188, 7177, 7187, 7192, 7203, 7185, 7202,
1049 7194, 7208, 7198, 7207, 7212, 7228, 7231, 7236, 7237, 7226,
1050 7223, 7242, 7245, 7248, 7239, 7240, 7250, 7244, 7256, 7261,
1051 7257, 7259, 7271, 7269, 7278, 7277, 7272, 7286, 7273, 7274,
1052 7290, 7297, 7276, 7295, 7298, 7299, 7300, 7316, 7309, 7321,
1053 7317, 7319, 9568, 7313, 7325, 7312, 7342, 7337, 7344, 7348,
1054 7354, 7356, 7359, 9568, 7362, 9568, 7364, 7350, 7355, 7369,
1055 7352, 9568, 7377, 7380, 7378, 7379, 7375, 7381, 7383, 7389,
1056 7395, 7396, 7402, 9568, 7417, 7404, 7410, 7411, 7419, 9568,
1057
1058 7412, 7433, 7416, 7424, 7428, 7437, 7431, 7436, 7440, 7438,
1059 7450, 7453, 7446, 7460, 7462, 7470, 7471, 7477, 7464, 7459,
1060 7469, 7476, 7480, 7472, 7486, 7489, 7473, 7508, 7509, 7510,
1061 9568, 7495, 9568, 7515, 7499, 7513, 7500, 7523, 7512, 7527,
1062 9568, 9568, 7529, 7531, 7530, 7533, 7526, 7543, 7551, 7550,
1063 7559, 9568, 7552, 7560, 7566, 7555, 9568, 7554, 7577, 7578,
1064 7572, 9568, 7573, 7574, 7576, 7584, 7587, 7588, 7603, 7593,
1065 7600, 7601, 7599, 7609, 9568, 9568, 9568, 9568, 7617, 7610,
1066 7621, 7625, 7626, 7614, 7622, 7634, 7627, 9568, 7647, 9568,
1067 9568, 7646, 7650, 7643, 7658, 7648, 7641, 7653, 7659, 9568,
1068
1069 7649, 7666, 7674, 7673, 7672, 7681, 7692, 7689, 7690, 7684,
1070 7685, 7709, 7700, 7706, 7682, 7708, 7710, 7714, 9568, 9568,
1071 7712, 7718, 7717, 7726, 7723, 7733, 7729, 7736, 7742, 7744,
1072 7739, 7747, 7750, 7730, 7759, 7764, 7756, 7755, 9568, 7765,
1073 7763, 7776, 9568, 7769, 9568, 7775, 7782, 7766, 7785, 7788,
1074 7791, 7803, 7792, 9568, 9568, 7795, 7810, 7811, 9568, 9568,
1075 7802, 7796, 7807, 7820, 7825, 7814, 7827, 7824, 7835, 7823,
1076 9568, 7830, 9568, 7829, 7851, 7846, 7840, 7863, 7866, 7869,
1077 7868, 7862, 7872, 9568, 7871, 7861, 9568, 7876, 7878, 7875,
1078 7873, 7894, 9568, 7883, 7867, 7886, 7891, 9568, 7915, 7912,
1079
1080 7914, 9568, 7917, 9568, 7900, 7918, 7910, 7929, 7913, 9568,
1081 7906, 7927, 9568, 7930, 7931, 7932, 7921, 9568, 7933, 9568,
1082 7943, 7938, 7965, 7964, 7952, 7968, 7956, 7953, 7958, 7978,
1083 7974, 7973, 9568, 9568, 73, 7981, 7959, 7983, 7986, 7991,
1084 7980, 7962, 7984, 8002, 9568, 9568, 8007, 9568, 8008, 8014,
1085 9568, 7994, 8020, 8021, 8009, 8032, 8013, 8005, 8024, 8028,
1086 8042, 8057, 8047, 8043, 8055, 8071, 8072, 8054, 8075, 8076,
1087 8078, 8084, 8090, 8070, 8087, 8074, 8081, 8088, 8097, 8104,
1088 8101, 8102, 8103, 9568, 8125, 8126, 8124, 8114, 9568, 8133,
1089 8128, 8138, 8134, 9568, 8140, 8136, 8137, 8147, 9568, 8130,
1090
1091 8142, 8154, 8159, 8151, 8160, 8161, 8182, 8166, 8175, 8185,
1092 9568, 9568, 9568, 8186, 8180, 9568, 8190, 8178, 8169, 8181,
1093 9568, 8200, 8195, 8198, 9568, 9568, 8203, 8205, 8209, 8206,
1094 9568, 8208, 9568, 8213, 9568, 8218, 8219, 8237, 8230, 9568,
1095 8243, 8258, 9568, 8215, 8244, 8249, 8245, 8233, 8250, 8247,
1096 9568, 8263, 8268, 8277, 8267, 8260, 8271, 8270, 8279, 8274,
1097 8293, 8287, 8299, 9568, 8298, 8303, 8310, 8306, 8294, 8301,
1098 8309, 9568, 8311, 9568, 8317, 9568, 8314, 8319, 8318, 8338,
1099 8334, 8329, 8344, 8355, 8356, 8353, 8345, 8340, 8364, 8349,
1100 9568, 9568, 8369, 8370, 9568, 8365, 9568, 8373, 9568, 8372,
1101
1102 8378, 8382, 8376, 9568, 8385, 8384, 8392, 8328, 8379, 8391,
1103 9568, 8406, 8400, 8397, 8417, 9568, 9568, 8403, 8425, 8421,
1104 9568, 8413, 8422, 8432, 8418, 8436, 8431, 8430, 8427, 8451,
1105 8437, 8448, 8441, 8467, 8468, 8469, 9568, 9568, 9568, 8464,
1106 8452, 8478, 8477, 8481, 8485, 8474, 9568, 8488, 8486, 8495,
1107 8483, 8490, 8489, 8509, 9568, 8511, 8503, 8499, 8501, 8518,
1108 8512, 8516, 8526, 9568, 8525, 8537, 8539, 8528, 8541, 8540,
1109 8547, 8549, 8543, 8534, 8559, 8552, 9568, 8563, 9568, 9568,
1110 8553, 9568, 8555, 8566, 8567, 8564, 9568, 8575, 8569, 8578,
1111 8571, 8580, 8592, 8581, 8603, 9568, 8583, 8586, 8590, 8613,
1112
1113 9568, 9568, 8611, 9568, 8614, 8615, 8607, 8628, 8617, 8623,
1114 8625, 8627, 9568, 8619, 8633, 8630, 8637, 8645, 9568, 8655,
1115 8642, 8647, 8648, 9568, 8652, 8657, 8669, 8644, 8672, 9568,
1116 8676, 8671, 8688, 8680, 9568, 8682, 8690, 8692, 9568, 9568,
1117 8689, 8701, 8706, 9568, 9568, 9568, 8711, 8716, 8703, 8723,
1118 9568, 8724, 4983, 8727, 8736, 8735, 9568, 8726, 8732, 8740,
1119 8728, 8730, 9568, 9568, 8725, 8749, 8751, 8747, 9568, 9568,
1120 8750, 8753, 8757, 8755, 8766, 9568, 8752, 8776, 8788, 8765,
1121 8786, 8779, 8790, 8792, 8805, 8803, 8782, 8784, 8793, 8813,
1122 8819, 8806, 8810, 8828, 8821, 8829, 8835, 8823, 8831, 9568,
1123
1124 9568, 8839, 9568, 8842, 8834, 9568, 9568, 8844, 8847, 8849,
1125 8853, 8857, 8859, 8860, 8864, 8841, 9568, 8863, 8873, 8866,
1126 8865, 8858, 9568, 8862, 8879, 8868, 8869, 8876, 8896, 8886,
1127 8898, 9568, 9568, 8889, 8908, 8891, 8913, 8894, 9568, 8916,
1128 8925, 8915, 8921, 8903, 8909, 8931, 9568, 8939, 8923, 9568,
1129 9568, 8933, 8936, 9568, 9568, 8935, 9568, 9568, 9568, 9568,
1130 9568, 9568, 9568, 9568, 8950, 8954, 9568, 8952, 8967, 8968,
1131 8969, 9568, 8948, 8964, 8966, 8956, 8972, 9568, 8962, 8979,
1132 8975, 8999, 8989, 9007, 8992, 8991, 8993, 8998, 8996, 9000,
1133 9013, 8997, 9024, 9012, 9025, 9043, 9026, 9039, 9568, 9568,
1134
1135 9568, 9031, 9027, 9050, 9052, 9055, 9058, 9062, 9063, 9048,
1136 9049, 9065, 9073, 9075, 9056, 9072, 9070, 9077, 9086, 9079,
1137 9093, 9083, 9101, 9568, 9109, 9097, 9096, 9116, 9568, 9102,
1138 9568, 9104, 9568, 9568, 9119, 9120, 9118, 9108, 9137, 9138,
1139 9136, 9128, 9132, 9129, 9140, 9568, 9152, 9568, 9568, 9139,
1140 9142, 9568, 9143, 9154, 9568, 9153, 9166, 9155, 9159, 9163,
1141 9156, 9183, 9186, 9192, 9568, 9568, 9177, 9178, 9187, 9194,
1142 9190, 9212, 9207, 9204, 9211, 9215, 9210, 9217, 9568, 9225,
1143 9221, 9227, 9568, 9224, 9213, 9223, 9222, 9239, 9250, 9242,
1144 9233, 9568, 9262, 9568, 9264, 9266, 9260, 9252, 9253, 9254,
1145
1146 9269, 9277, 9273, 9568, 9257, 9294, 9284, 9300, 9305, 9302,
1147 9308, 9293, 9314, 9311, 9317, 9318, 9324, 9329, 9321, 9320,
1148 9330, 9568, 9323, 9334, 9568, 9332, 9350, 9335, 9341, 9364,
1149 9568, 9366, 9351, 9352, 9368, 9372, 9367, 9568, 9373, 9375,
1150 9376, 9568, 9379, 9568, 9568, 9380, 9386, 9389, 9388, 9390,
1151 9568, 9568, 9568, 9448, 9455, 9462, 9469, 9476, 9483, 9490,
1152 102, 9497, 9504, 9511, 9518, 9525, 9532, 9539, 9546, 9553,
1153 9560
830 836, 855, 843, 831, 845, 847, 869, 863, 865, 864,
831 874, 871, 866, 870, 868, 910, 882, 893, 895, 894,
832 922, 900, 928, 904, 920, 781, 913, 923, 933, 934,
833 917, 938, 927, 921, 940, 942, 958, 961, 962, 947,
834 966, 960, 956, 965, 957, 974, 955, 963, 985, 989,
835 990, 991, 992, 982, 993, 999, 1002, 1000, 1019, 1012,
836 1022, 1027, 144, 1014, 1029, 1034, 1017, 1016, 1042, 1043,
837
838 1039, 1041, 1058, 1049, 1069, 1065, 1070, 1074, 1072, 1066,
839 1084, 1085, 1061, 1064, 1062, 1089, 1086, 1100, 1088, 1113,
840 1099, 1101, 1120, 1105, 1122, 1112, 1139, 1132, 1126, 1161,
841 1127, 1137, 1162, 1169, 1165, 1144, 1164, 1183, 1198, 1199,
842 1156, 1201, 1189, 1196, 1215, 1200, 1210, 1220, 1217, 1223,
843 1229, 1225, 1234, 1231, 1235, 1244, 1226, 1148, 1271,10178,
844 1249, 1250, 1268, 1260, 1273, 1299, 1266, 1300, 1270, 1285,
845 1293, 1308, 1309, 1348, 1396, 1295, 1329, 1310, 1313, 1331,
846 10178, 1335, 1333, 1445, 1352, 1344, 1368, 1376, 1343, 1379,
847 1358, 1374, 1386, 1391, 1381, 1384, 1400, 1425, 1444, 1408,
848
849 1416, 1423, 1446, 1439, 1395, 1452, 1442, 1456, 1463, 1475,
850 1471, 1466, 1487, 1501, 1483, 1481, 1489, 1493, 1504, 1509,
851 1513, 1518, 1514, 1508, 1528, 1530, 1532, 1533, 1558, 1603,
852 1526, 1552, 1557, 1521, 1554, 1531, 1544, 1569, 1564, 1573,
853 1577, 1579, 1585, 1570, 1587, 1596, 1598, 1614, 1623, 1618,
854 1604, 1606, 1629, 1631, 1651, 1628, 1612, 1635, 1645, 1661,
855 1663, 1662, 1658, 1672, 1669, 1644, 1675, 1655,10178, 1680,
856 10178, 1684, 1686, 1685, 1689, 1688, 1712, 1699, 1702,10178,
857 1700, 1704, 1703, 1710, 1642, 1725, 1715, 1730, 1726, 1747,
858 1745, 1729, 1739, 1750, 1733, 1744, 1760, 1770, 1762, 1768,
859
860 1756, 1771, 1775, 1789, 1769, 1796, 1777, 1780, 1795, 1835,
861 10178, 1790, 1791, 1798, 1825, 1811, 1826, 1817, 1838, 1862,
862 1832, 1845, 1864, 1837, 1890, 1860, 1863, 1881, 1869, 1866,
863 1896, 1874, 1902, 1885, 1893, 1889, 1908, 1906, 1912, 1910,
864 1919, 1921, 1923, 1935,10178, 1936, 1939, 1947, 1839, 1932,
865 1942, 1937, 1946, 1961, 1959, 1954, 1962, 1978, 1955, 1982,
866 1991, 1926, 1981, 1997, 1983, 1996, 1984, 1985, 1989, 2010,
867 2019, 2014, 2034, 2018, 2015, 2032, 2006, 2036, 2039, 2024,
868 2048, 2023, 2037, 2050, 2042, 2033, 2046, 2064, 2051, 2045,
869 2063, 2066, 2089, 2065, 2083, 2078, 2081, 2074, 2097, 2084,
870
871 2079, 2102, 2101, 2103, 2111, 2094, 2112, 2108, 2129, 2115,
872 2135, 2125, 2134, 2146, 2148, 2152, 2130,10178, 2159, 2156,
873 2168, 2170, 2176, 2179, 2180, 2172, 2173, 2177, 2189, 2200,
874 2167, 2190, 2201, 2194, 2198, 2204, 2215, 2214, 2227, 2228,
875 2230, 2237, 2235, 2239, 2225, 2231, 2236, 2251, 2240, 2253,
876 2263, 2254, 2266, 2248, 2271, 2279, 2272, 2274, 2289, 2293,
877 2265, 2288, 2286, 2290, 2301, 2298, 2300, 2320, 2324, 2314,
878 2325, 2344, 2321, 2306, 2341, 2327, 2353, 2342, 2345, 2348,
879 2337, 2354, 2350, 2357, 2367, 2364, 2370, 2368, 2373, 2393,
880 2383, 2394, 2382, 2390, 2387, 2388, 2395, 2408, 2414, 2406,
881
882 2412, 2419, 2429, 2411, 2431, 2426, 2441, 2445, 2438, 2443,
883 2433, 2459, 2456, 2450, 2463, 2465, 2474, 2475, 2477, 2467,
884 2490, 2492, 2469, 2496, 2489, 2485, 2501, 2494, 2518, 2515,
885 2524, 2525, 2517, 2523, 2519, 2521, 2522, 2536, 2556, 2539,
886 2548, 2546,10178, 2541, 2545, 2544, 2563, 2562, 2551, 2559,
887 2584, 2561, 2578, 2575, 2570, 2579, 2625,10178, 2583,10178,
888 10178, 2591,10178,10178, 2604, 2609,10178, 2622, 2605, 2623,
889 2629, 2642, 2650, 2635, 2640, 2649, 2648, 2621, 2695, 2659,
890 2660, 2632, 2664, 2677, 2674, 2685, 2683, 2684, 2712, 2704,
891 2693, 2724, 2733, 2728, 2720, 2722, 2731, 2741, 2738, 2747,
892
893 2748, 2752, 2754, 2745, 2740, 2762, 2751, 2763, 2765, 2760,
894 2770, 2777, 2775, 2778, 2783, 2772, 2806, 2802, 2808, 2811,
895 10178, 2809, 2818, 2797, 2820, 2812, 2824, 2822, 2821, 2823,
896 2826, 2828, 2829, 2839, 2835, 2838, 2852, 2843, 2844, 2849,
897 2846, 2854, 2864, 2874, 2880, 2858,10178, 2869, 2873, 2865,
898 2888, 2885, 2895, 2892, 2896, 2881, 2902, 2890, 2918, 2900,
899 2925, 2913, 2912, 2923, 2919, 2917, 2945,10178, 2934, 2942,
900 2930, 2944, 2933, 2946, 2947, 2955, 2959, 2971, 2941, 2961,
901 2969, 2970, 2907, 2975, 2973, 2974, 2976, 2991, 2993, 3000,
902 2996, 3004, 3013, 3002, 3014, 3006, 3018, 3016, 3019, 3003,
903
904 3028, 3029, 3033, 3055, 3030, 3058, 3040, 3042, 3063, 3064,
905 3066, 3053, 3067, 3068, 3056, 3074, 3069, 3083, 3081, 3080,
906 3090, 3091, 3085, 3088, 3095, 3104, 3117, 3121, 3111, 3115,
907 3122, 3102, 3107, 3132, 3136,10178, 3134, 3125,10178, 3130,
908 3145, 3146, 3192, 3177, 3152, 3154, 3141, 3150, 3180, 3172,
909 3179, 3183, 3198, 3191, 3162, 3202, 3205, 3211, 3218, 3215,
910 3229, 3217, 3220, 3232, 3228, 3243, 3247, 3256, 3262, 3190,
911 381, 3267, 3244, 3250, 3245, 3296, 3253, 3273, 3268, 3272,
912 3280, 3286, 3279, 3285, 3303, 3300, 3306, 3305, 3293, 3329,
913 3314, 3318, 3323, 3320, 3333, 3335, 3350, 3337,10178, 3345,
914
915 3352, 3340, 3353, 3356, 3373, 3365, 3368,10178, 3362, 3366,
916 3372, 3378, 3367, 3382, 3385, 3384, 3392, 3393, 3395, 3399,
917 3409, 3410, 3412, 3396,10178, 3405,10178, 3411, 3422, 3419,
918 3428, 3427, 3426, 3435, 3452, 3453,10178,10178, 3454, 3451,
919 3462, 3466, 3469, 3456, 3455, 3475,10178, 3478, 3472,10178,
920 3497, 3473, 3477, 3486, 3492, 3489, 3482, 3496, 3515, 3500,
921 3517, 3499, 3524, 3516,10178, 3531, 3533, 3518, 3535, 3541,
922 3521, 3543, 3544, 3545, 3542,10178, 3547, 3559, 3555, 3560,
923 3565, 3569, 3566, 3580, 3588, 3567, 3571, 3577, 3592, 3586,
924 3596, 3605, 3606, 3598, 3604, 3611, 3613, 3619,10178, 3615,
925
926 3610, 3607, 3626, 3624, 3608, 3630, 3632, 3625, 3631, 3645,
927 3646, 3633, 3656, 3647, 3651, 3660, 3667, 3669, 3666, 3675,
928 3682, 3670, 3671, 3672, 3668, 91, 3673, 3692, 3695, 3678,
929 10178, 3696, 3704, 3702, 3712, 3716, 3700, 128, 3711, 3709,
930 3722, 3727, 3726, 3733, 3730, 3731, 3745, 3739, 3741, 3754,
931 3758, 3751, 3753, 3759, 3760, 3752, 3762, 3761, 3774,10178,
932 3770, 3781, 3782, 3784, 3798, 3785, 3802,10178, 3806, 3812,
933 3809, 3815, 3817, 3832, 3820, 3811, 3831, 3826, 3847, 3836,
934 3842, 3851, 3850, 3857, 3848,10178, 3860, 3861, 3865, 3869,
935 3875, 3881, 3863, 3871, 3888, 3882, 3902, 3891, 3893, 3892,
936
937 3898, 3913, 3908, 3915, 3895, 3779, 3916, 3918, 3930, 3931,
938 3928, 3937, 3932, 3925, 3941, 3959, 3940,10178, 3967, 3954,
939 3957, 3962, 3952, 3964, 3977, 3963, 3993, 3973, 3981, 3988,
940 3984, 4028, 3990, 3996, 4011, 4012, 4016, 4017, 4015, 4022,
941 4030, 4044, 4004, 4049, 4056, 4038, 4048, 4019, 4060, 4053,
942 4062, 4065, 4063, 4075, 4087, 4086, 4080, 4082, 4114, 4092,
943 4085, 4109, 4106, 4104,10178, 4094, 4102, 4120, 4118, 4140,
944 4137, 4121, 4144, 4125, 4142, 4141, 4153, 4148, 4158, 4155,
945 4165, 4166, 4167, 4179, 4176, 4182, 4188, 4178, 4161, 4192,
946 4198, 4185, 4202, 4205,10178, 4211, 4215, 4209, 4212, 4210,
947
948 4206, 4216, 4229, 4235, 4223, 4224, 4225, 4231, 4234, 4232,
949 4257, 4243, 4269, 4261, 4256, 4272, 4250,10178, 4275, 4264,
950 4277, 4271, 4281, 4289, 4295, 4291, 4298, 4306, 4305, 4293,
951 4308, 4312, 4302,10178, 4322, 4328, 4321, 4331, 4333, 4334,
952 4325, 4329, 4345, 4327,10178, 4346, 4332, 4352, 4342, 4348,
953 4353, 4369, 4370, 4360,10178, 4386, 4371, 4363, 4372, 4382,
954 4374, 4384, 4399, 4387, 4379, 4390, 4411, 4405, 4397, 4417,
955 10178, 4406, 4428, 4412, 4427, 4429, 4426, 4431, 4433, 4454,
956 4441, 4443, 4447,10178, 4470, 4465, 4455, 4476, 4460, 4457,
957 4467, 4475, 4486, 4472, 4478, 4495, 4481,10178, 4497, 4496,
958
959 4502, 4503, 4505, 4508, 4515, 4521, 4525, 4517, 4524, 4531,
960 4535, 4539, 4530, 4541, 4548, 4551, 4547, 4542, 4558, 4570,
961 4564, 4575, 4560, 4585, 4593, 4594, 4581, 4598, 4596, 4597,
962 4588, 4589, 4600, 4606, 4614, 4619, 4616, 4627,10178, 4618,
963 4625, 4626, 4620, 4622, 4636, 4624, 4633, 4641, 4637, 4651,
964 4643, 4644, 4653, 4679, 4681, 4662, 4686, 4664, 4669, 4684,
965 4668, 4671, 4674, 4685, 4697, 4699, 4696, 4692, 4702, 4706,
966 4701, 4710, 4708, 4713, 4717, 4719, 4720, 4728, 4729, 4726,
967 4721, 4748, 4743, 4745, 4746, 4757, 4760, 4756, 4763, 4766,
968 4765, 4768, 4780,10178, 4753, 4791, 4785, 4777, 4787, 4802,
969
970 4805, 4816, 4804, 4807, 4821, 4812, 4811, 4818, 4808, 4823,
971 4824, 4832, 4826, 4836,10178, 4838,10178, 4837, 4835, 4853,
972 4830, 4846,10178, 4861,10178, 4867, 4869, 4855, 4859, 4860,
973 10178, 4874, 4851, 4864, 4880, 4885, 4891, 4893, 4879, 4890,
974 4910, 4899, 4894, 4914, 4906, 4916, 4903, 4918, 4933, 4925,
975 4926, 4941, 4932, 4929, 4945, 4937, 4953, 4940, 4950, 4952,
976 4966, 4956, 4973,10178, 4982, 4983, 4972, 4987, 4979, 4976,
977 4974, 4997, 4977, 4998, 5006, 5003, 5000, 5009, 5011, 5019,
978 5021, 5012, 5035, 5036, 5045, 5022, 5050,10178, 5038, 5031,
979 5047, 5048,10178, 5046, 5033, 5060, 5069, 5053, 5058, 5056,
980
981 5079, 5085, 5072, 5077, 5075, 5102, 5096, 5087, 5107,10178,
982 5091, 5106, 5103, 5112, 5121, 5129, 5130, 5131, 5139, 5142,
983 5146, 5144, 5132, 5133, 5135, 5141, 5147, 5157, 5169, 5170,
984 5174, 5180, 5159, 5178, 5185, 5184, 5172, 5167, 5173, 5171,
985 5181, 5188, 5199, 5203, 5198, 5200, 5218, 5205, 5226,10178,
986 5216, 5222, 5225, 5208, 5217, 5230, 5236, 5227, 5245,10178,
987 5242, 5247, 5253, 5250, 5269, 5244, 5261, 5252, 5260, 5272,
988 5277, 5283, 5286, 5284,10178, 5294,10178, 5291, 5303, 5301,
989 5307, 5308, 5297, 5323, 5312, 5318, 5310, 5327, 5335, 5339,
990 5321, 5330, 5342, 5333, 5363, 5355, 5296, 5349, 5354, 5350,
991
992 5367, 5356, 5371, 5368, 5392, 5381, 5377,10178,10178, 5378,
993 5382, 5395, 5390, 5401, 5413, 5419, 5412, 5426, 5411, 5415,
994 5417, 5454,10178, 5438, 5428, 5437, 5445, 5446, 5398, 5439,
995 5467, 5473, 5464, 5461, 5476, 5468,10178, 5458, 5466, 5481,
996 5470, 5489, 5487,10178, 5482,10178, 5485, 5494, 5496, 5491,
997 5501, 5502, 5507, 5518, 5509, 5510, 5516, 5532, 5540, 5544,
998 5528, 5546, 5536, 5534, 5531, 5548, 5547, 5549, 5542, 5554,
999 5566,10178, 5562, 5545, 5574, 5577, 5568, 5580, 5581, 5587,
1000 5567,10178, 5589, 5593, 5595, 5591, 5604, 5599, 5605, 5594,
1001 5609, 5610, 5620, 5631, 5623, 5627,10178, 5621, 5622, 5646,
1002
1003 5632, 5625, 5647, 5645, 5654, 5656,10178, 5655, 5659, 5669,
1004 5663, 5664, 5673, 5674, 5658, 5666, 5671, 5679, 5687, 5694,
1005 5698, 5696, 5695, 5704, 5711, 5712, 5736, 5713, 5702, 5727,
1006 5684, 5722,10178, 5723, 5734, 5730, 5731, 5750, 5758, 5754,
1007 5756, 5762, 5744, 5765, 5766, 5763, 5775, 5776, 5786, 5783,
1008 5771, 5785,10178, 5781, 5777, 5805, 5801, 5782, 5813, 5817,
1009 5798, 5814, 5820, 5811, 5800, 5824, 5825, 5834, 5831, 5810,
1010 5852, 5822, 5832, 5840, 5859, 5848,10178, 5878, 5856, 5857,
1011 5853, 5863, 5861, 5886, 5880, 5882, 5873, 5885, 5884, 5895,
1012 5888, 5892, 5903, 5906, 5897,10178,10178, 5918, 5900, 5911,
1013
1014 10178, 5919, 5905, 5939, 5924, 5936, 5921, 5934, 5943, 5945,
1015 5930, 5957, 5933, 5946,10178, 5944, 5960, 5948, 5968, 5967,
1016 5969, 5976,10178, 5963, 5973, 5979, 5975, 5984, 5971, 5985,
1017 5994, 5987, 6005, 5992, 5990, 6012, 6027, 6028, 6009, 6015,
1018 6021,10178, 6018, 6022, 6042, 6033, 6026, 6032, 6019,10178,
1019 6039, 6059, 6061, 6064, 6066, 6067, 6068, 6065, 6073, 6077,
1020 6069, 6060, 6096, 6085, 6087, 6089, 6116, 6095, 6100, 6112,
1021 6106, 6118, 6120, 6122,10178, 6128, 6140, 6111, 6130,10178,
1022 6135, 6159, 6125,10178, 6134, 6139, 6136, 6148, 6155,10178,
1023 6157, 6166, 6161, 6171, 6149, 6176, 6158, 6182, 6179, 6162,
1024
1025 6175, 6185, 6192,10178, 6193, 6191, 6189,10178, 6208, 6212,
1026 6214, 6215, 6203, 6229, 6219, 6221, 6222, 6218,10178, 6231,
1027 10178, 6230, 6232, 6242,10178, 6235, 6239, 6256, 6264, 6258,
1028 6260, 6263, 6269, 6273, 6255, 6270, 6259, 6257, 6285, 6288,
1029 6286, 6280, 6292, 6287, 6294,10178, 6310, 6291, 6314, 6297,
1030 6325, 6318, 6319, 6312, 6324, 6321,10178,10178, 6330,10178,
1031 6337, 6339, 6343, 6346,10178, 6348, 6351, 6315, 6352, 6367,
1032 6345, 6353, 6376, 6373,10178, 6377, 6382,10178, 6361, 6379,
1033 6392, 6387, 6386, 6375, 6395, 6390, 6396, 6400, 6404, 6413,
1034 6411, 6417, 6407, 6420, 6439,10178, 6410, 6423, 6424, 6449,
1035
1036 6437, 6434, 6456, 6460, 6447,10178, 6464, 6468, 6453, 6472,
1037 6481,10178, 6466,10178, 6482, 6480, 6478, 6499, 6484, 6412,
1038 10178, 6504, 6496, 6512, 6487, 6514, 6516, 6515, 6517, 6507,
1039 6511, 6528, 6526, 6527, 6523, 6539, 6562, 6550,10178, 6541,
1040 6547, 6564, 6566, 6554, 6555, 6549, 6576, 6568, 6577, 6572,
1041 6593, 6580, 6571, 6585, 6604, 6575, 6603, 6596,10178, 6611,
1042 6607, 6620, 6597, 6626, 6613, 6624, 6617,10178, 6627, 6632,
1043 6643,10178, 6642, 6630, 6649, 6661, 6644, 6645, 6647, 6651,
1044 6654, 6659, 6653, 6678,10178, 6672, 6675, 6671, 6688, 6692,
1045 6694,10178,10178, 6690,10178, 6695, 6681, 6698, 6689, 6702,
1046
1047 6717, 6712, 6723, 6733, 6719, 6716, 6734, 6736, 6729,10178,
1048 6728, 6750, 6730, 6771, 6753, 6754, 6748, 6759, 6756,10178,
1049 10178, 6758, 6769, 6763, 6773, 6781, 6775, 6774, 6793, 6786,
1050 6788, 6804, 6800, 6798,10178, 6802, 6790, 6803, 6801,10178,
1051 6799, 6818, 6812, 6825, 6831, 6820, 6826, 6829, 6839, 6819,
1052 6843, 6850, 6845, 6852, 6847, 6837, 6863, 6859, 6856, 6867,
1053 6871, 6885,10178, 6883, 6874, 6876, 6877, 6886, 6884, 6887,
1054 6894, 6905, 6898, 6897,10178, 6911,10178, 6914, 6916, 6922,
1055 6929, 6920, 6934, 6932, 6936, 6935, 6938, 6947, 6944, 6950,
1056 6949, 6968, 6954, 6957, 6972, 6979, 6974, 6982, 6985, 6984,
1057
1058 10178, 6987, 6971, 6988, 6978, 6993, 6994, 7003, 7002, 7005,
1059 7004, 7009, 7020, 7026, 7027, 7014, 7029, 7016, 7030, 7015,
1060 10178, 7032, 7039, 7021, 7045, 7050, 7053, 7056, 7043, 7074,
1061 7069, 7057, 7064, 7080,10178, 7066, 7059, 7087,10178, 7072,
1062 7073, 7071, 7089, 7093, 7110, 7099, 7106, 7098, 7107,10178,
1063 7112, 7103, 7120, 7114, 7117, 7124, 7121, 7126, 7131, 7134,
1064 7144, 7154,10178, 6902, 7148, 7151, 7159, 7140, 7153, 7155,
1065 7163, 7162,10178, 7180, 7189, 7191, 7182, 7203, 7205, 7181,
1066 7195, 7209, 7201, 7208, 7192, 7198, 7223, 7218, 7222, 7225,
1067 7230, 7228, 7219, 7246, 7216,10178, 7236,10178, 7240, 7250,
1068
1069 7247, 7267, 7263, 7261, 7275, 7266, 7258,10178, 7252, 7265,
1070 7282, 7269, 7291,10178, 7277, 7285, 7295, 7294,10178, 7311,
1071 7308, 7297, 7303, 7319, 7322,10178, 7320, 7326, 7327, 7330,
1072 7331, 7325, 7336, 7337, 7338, 7333, 7341, 7343, 7347, 7372,
1073 7357, 7364,10178, 7373, 7376, 7380, 7378, 7381, 7384, 7365,
1074 7382, 7387, 7375,10178, 7389, 7398, 7399, 7402, 7409, 7397,
1075 7407, 7425, 7436, 7426, 7434, 7415, 7420, 7421, 7438, 7437,
1076 7441,10178, 7444, 7453, 7446, 7449, 7447, 7470,10178, 7466,
1077 10178, 7463, 7478, 7481, 7483, 7461, 7488,10178,10178, 7490,
1078 7496, 7480, 7495, 7491,10178,10178, 7498,10178, 7485,10178,
1079
1080 7506, 7508,10178,10178, 7504, 7502, 7505, 7529, 7532, 7538,
1081 10178, 7539,10178, 7545, 7521, 7542, 7530, 7522, 7547,10178,
1082 7531, 7551, 7548, 7555, 7562,10178, 7571, 7557, 7581, 7565,
1083 7570,10178, 7586, 7588, 7574, 7577,10178, 7598, 7596, 7597,
1084 7582, 7594, 7592, 7601, 7609, 7617, 7620, 7623, 7632, 7619,
1085 7621, 7638, 7640, 7642, 7645, 7649, 7644, 7633, 7647, 7653,
1086 7662, 7672, 7665, 7655, 7674, 7664, 7666, 7669, 7688, 7676,
1087 7694, 7697, 7696, 7693, 7691, 7704, 7690, 7701, 7699, 7709,
1088 7708, 7718, 7730, 7712, 7720, 7728, 7724, 7735, 7731, 7742,
1089 7747, 7751, 7754, 7745, 7746,10178, 7764, 7762, 7743, 7774,
1090
1091 7769, 7780, 7787, 7794, 7795, 7796,10178, 7798,10178, 7801,
1092 7788, 7789, 7786, 7793,10178, 7810, 7813, 7812, 7816, 7829,
1093 7821, 7815, 7825, 7828, 7832, 7848,10178, 7847, 7837, 7840,
1094 7844, 7854,10178, 7857, 7860, 7852, 7864, 7865, 7878, 7871,
1095 7872, 7876, 7879, 7869, 7893, 7901, 7902, 7884, 7889, 7908,
1096 10178, 7918, 7919, 7913, 7905, 7909, 7906, 7912, 7932, 7922,
1097 7927, 7928, 7939, 7941, 7930, 7945, 7956,10178, 7954,10178,
1098 7949, 7959, 7950, 7940, 7974, 7975, 7964, 7963,10178,10178,
1099 7968, 7976, 7989, 7993, 7981, 7986, 7997, 7987, 7995, 8008,
1100 10178, 8002, 8020, 8014, 8027, 8015,10178, 8019, 8013, 8016,
1101
1102 8030,10178, 8037, 8023, 8044, 8050, 8038, 8039, 8052, 8057,
1103 8047, 8053, 8055, 8061, 8068,10178,10178,10178,10178, 8071,
1104 8064, 8070, 8060, 8077, 8079, 8084, 8094, 8096, 8101, 8082,
1105 8095,10178, 8107,10178,10178, 8109, 8111, 8098, 8113, 8119,
1106 8123, 8117, 8125,10178, 8120,10178, 8143, 8144, 8136, 8131,
1107 8155, 8152, 8137, 8159, 8154, 8160, 8150, 8162, 8171, 8167,
1108 8173, 8170, 8186, 8190, 8193,10178,10178, 8183, 8202, 8200,
1109 8209, 8201, 8210, 8194, 8178, 8207, 8214, 8213, 8216, 8217,
1110 8205, 8221, 8229, 8234, 8233,10178, 8240, 8246, 8252,10178,
1111 8238,10178, 8249, 8257, 8258, 8241, 8256, 8261, 8266, 8279,
1112
1113 8278, 8286,10178,10178, 8274, 8276, 8288,10178,10178, 8281,
1114 8284, 8290, 8295, 8303, 8293, 8289, 8308, 8311, 8324, 8313,
1115 10178, 8314,10178, 8322, 8330, 8328, 8318, 8338, 8349, 8336,
1116 8351, 8347, 8340, 8333, 8357,10178, 8355, 8339,10178, 8373,
1117 8368, 8376, 8363, 8372, 8378,10178, 8382, 8369, 8386, 8388,
1118 10178, 8392, 8390, 8396, 8397,10178, 8402,10178, 8391, 8403,
1119 8400, 8431, 8410,10178, 8405, 8415,10178, 8434, 8436, 8440,
1120 8438, 8432, 8433,10178, 8444, 8429,10178, 8428, 8450, 8452,
1121 8451, 8439, 8457, 8449, 8464, 8456, 8469, 8485, 8483,10178,
1122 10178, 8474, 8481, 73, 8493, 8467, 8472, 8475, 8494, 8503,
1123
1124 8479, 8501, 8507,10178,10178, 8506,10178, 8508, 8512,10178,
1125 8498, 8521, 8517, 8519, 8535, 8529, 8532, 8527, 8526, 8543,
1126 8555, 8546, 8542, 8563, 8577, 8580, 8559, 8549, 8564, 8582,
1127 8588, 8593, 8595, 8581, 8598, 8579, 8574, 8604, 8606, 8609,
1128 8607, 8605, 8615, 8617,10178, 8602, 8613, 8616, 8641, 8630,
1129 10178, 8649, 8643, 8651, 8653,10178, 8652, 8645, 8656, 8657,
1130 8660,10178, 8655, 8659, 8661, 8663, 8662, 8672, 8684, 8682,
1131 8706,10178, 8689, 8694, 8700,10178,10178,10178, 8705, 8707,
1132 8698,10178, 8708, 8699, 8690, 8696,10178, 8719, 8711, 8716,
1133 10178,10178,10178, 8723, 8731, 8735,10178, 8725, 8754,10178,
1134
1135 8739,10178, 8732,10178, 8752, 8755, 8763, 8747,10178, 8762,
1136 8772, 8759, 8791,10178, 8761, 8769, 8770, 8784, 8778, 8782,
1137 8797,10178, 8781, 8799, 8805, 8803, 8788, 8809, 8786, 8811,
1138 8796, 8822, 8815, 8827,10178, 8831, 8834, 8841, 8843, 8826,
1139 8832, 8836,10178, 8830,10178, 8852,10178, 8842, 8862, 8863,
1140 8856, 8871, 8865, 8866, 8878, 8879, 8868, 8890, 8887, 8882,
1141 8893, 8894, 8897,10178,10178, 8899, 8895, 8904,10178, 8908,
1142 10178, 8910,10178, 8909, 8914, 8927, 8917, 8934,10178,10178,
1143 8938, 8920, 8936, 8870, 8926, 8923,10178, 8947, 8937, 8943,
1144 8955,10178, 8963,10178, 8953, 8976, 8972,10178, 8957, 8968,
1145
1146 8981, 8970, 8966, 8983, 8980, 8978, 8974, 8993, 8990, 8984,
1147 8995, 8992, 9001, 9021, 9022, 9026,10178,10178,10178, 9018,
1148 9011, 9037, 9033, 9032, 9039, 9023,10178, 9042, 9040, 9050,
1149 9044, 9049, 9061, 9046,10178, 9053, 9054, 9058, 9057, 9075,
1150 9067, 9071, 9080,10178, 9091, 9093, 9095, 9096, 9090, 9098,
1151 9100, 9108, 9109, 9111, 9099, 9106, 9120, 9114,10178, 9121,
1152 10178, 9124,10178, 9110,10178, 9118, 9122, 9115, 9128, 9142,
1153 10178, 9152, 9127, 9138, 9146, 9148, 9149, 9162, 9163,10178,
1154 9154, 9169, 9166, 9155, 9173,10178,10178, 9167, 9183,10178,
1155 9191, 9187, 9184, 9202, 9194, 9195, 9204, 9207,10178, 9205,
1156
1157 9211, 9197, 9200, 9218, 9214, 9222,10178, 9227, 9221, 9231,
1158 9232,10178, 9219, 9241, 9243, 9242, 9266,10178, 9267, 9253,
1159 9247, 9270,10178, 9256, 9262, 9264,10178,10178,10178, 9281,
1160 9282, 9291,10178,10178,10178,10178, 9285, 9296, 9286, 9306,
1161 10178,10178, 9307, 9312, 9316, 9317, 9321, 9320,10178, 9322,
1162 9326, 9325, 9311, 9323,10178,10178, 9330, 9339, 9340, 9336,
1163 9342, 9345,10178,10178, 9346, 9348, 9357, 9367, 9362,10178,
1164 9352, 9369, 9378, 9372, 9379, 9383, 9385, 9375, 9386, 9402,
1165 9400, 9398, 9394, 9401, 9388, 9415, 9417, 9404, 9424, 9431,
1166 9426, 9430, 9433, 9425, 9429,10178,10178, 9435,10178, 9437,
1167
1168 9436,10178,10178, 9439, 9448, 9454, 9455,10178, 9465, 9468,
1169 9469, 9470, 9447,10178, 9462, 9476, 9477, 9474, 9466, 9459,
1170 10178, 9480, 9472, 9484, 9475, 9481, 9497, 9486, 9485,10178,
1171 9500, 9516,10178,10178, 9501, 9517, 9496, 9524, 9508,10178,
1172 9527, 9534, 9518, 9528, 9512, 9523, 9521,10178, 9550, 9553,
1173 10178,10178, 9536, 9551,10178,10178, 9543,10178,10178,10178,
1174 10178,10178,10178,10178,10178, 9560, 9568,10178,10178, 9559,
1175 9573, 9574,10178, 9575,10178, 9558, 9567, 9578, 9564,10178,
1176 9583,10178, 9589, 9577, 9601, 9605, 9598, 9616, 9608, 9595,
1177 9600, 9603, 9604, 9611, 9627, 9625, 9615, 9628, 9645, 9651,
1178
1179 9638, 9652,10178,10178,10178, 9646, 9639, 9661, 9653, 9667,
1180 9668, 9670, 9671, 9655, 9663, 9672, 9676, 9686, 9679, 9678,
1181 9673, 9695, 9680, 9706, 9712, 9694, 9715,10178, 9716, 9702,
1182 9705, 9723,10178, 9710,10178, 9708,10178,10178, 9727, 9729,
1183 9720, 9721, 9739, 9750, 9732, 9736, 9741, 9753, 9761,10178,
1184 9762,10178,10178, 9743, 9745,10178, 9755, 9767,10178, 9754,
1185 9770, 9759, 9766, 9777, 9776, 9794, 9802, 9783,10178,10178,
1186 9788, 9782, 9792, 9812, 9809, 9789, 9817, 9815, 9819, 9823,
1187 9806, 9835,10178, 9813, 9826, 9832,10178, 9833, 9829, 9836,
1188 9830, 9842, 9859, 9846, 9853,10178, 9867,10178, 9871, 9869,
1189
1190 9872, 9855, 9860, 9870, 9884, 9886, 9876,10178, 9888, 9899,
1191 9890, 9901, 9906, 9915, 9912, 9903, 9921, 9918, 9929, 9924,
1192 9925, 9928, 9934, 9933, 9944,10178, 9937, 9947,10178, 9949,
1193 9952, 9948, 9950, 9971,10178, 9943, 9959, 9964, 9981, 9968,
1194 9980,10178, 9973, 9985, 9990,10178, 9984,10178,10178, 9996,
1195 9994, 9999, 9988, 9992,10178,10178,10178,10058,10065,10072,
1196 10079,10086,10093,10100, 102,10107,10114,10121,10128,10135,
1197 10142,10149,10156,10163,10170
11541198 } ;
11551199
1156 static const flex_int16_t yy_def[3372] =
1200 static const flex_int16_t yy_def[3576] =
11571201 { 0,
1158 3353, 1, 3354, 3354, 3355, 3355, 3356, 3356, 3357, 3357,
1159 3358, 3358, 3359, 3359, 3360, 3360, 3353, 3361, 3353, 3353,
1160 3353, 3353, 3362, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1161 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1162 3361, 3361, 3361, 3361, 3361, 3361, 3363, 3353, 3353, 3353,
1163 3363, 3364, 3353, 3353, 3353, 3364, 3365, 3353, 3353, 3353,
1164 3353, 3365, 3366, 3353, 3353, 3353, 3366, 3367, 3353, 3368,
1165 3353, 3367, 3367, 3369, 3353, 3353, 3353, 3353, 3369, 3370,
1166 3353, 3353, 3353, 3370, 3361, 3361, 3353, 3371, 3362, 3371,
1167 3362, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1168
1169 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1170 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1171 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1172 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1173 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1174 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3363,
1175 3363, 3364, 3364, 3365, 3365, 3353, 3366, 3366, 3367, 3367,
1176 3368, 3368, 3367, 3369, 3369, 3353, 3370, 3370, 3361, 3361,
1177 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1178 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1179
1180 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1181 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1182 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1183 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1184 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1185 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1186 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1187 3361, 3367, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1188 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1189 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1190
1191 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1192 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1193 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1194 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1195 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1196 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1197 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1198 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1199 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3367, 3361, 3361,
1200 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1201
1202 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1203 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1204 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1205 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1206 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1207 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1208 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361,
1209 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1210 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1211 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1212
1213 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1214 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1215 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1216 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3367,
1217 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1218 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1219 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1220 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1221 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1222 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1223
1224 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361,
1225 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1226 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1227 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1228 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1229 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1230 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1231 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1232 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1233 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1234
1235 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1236 3361, 3361, 3367, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1237 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1238 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1239 3353, 3361, 3353, 3353, 3361, 3353, 3353, 3361, 3361, 3353,
1240 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1241 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1242 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1243 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1244 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1245
1246 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1247 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1248 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1249 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1250 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1251 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1252 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1253 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1254 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1255 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1256
1257 3367, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1258 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1259 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1260 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1261 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1262 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1263 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1264 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1265 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1266 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361, 3361,
1267
1268 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361,
1269 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3353, 3361,
1270 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1271 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1272 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1273 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1274 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1275 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1276 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1277 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3367, 3367, 3361,
1278
1279 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1280 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1281 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1282 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1283 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1284 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1285 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1286 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1287 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1288 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1289
1290 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1291 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1292 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1293 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1294 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1295 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1296 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1297 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1298 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1299 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3367, 3361, 3361,
1300
1301 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1302 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1303 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1304 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1305 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1306 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1307 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1308 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1309 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1310 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1311
1312 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1313 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1314 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1315 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361,
1316 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1317 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353,
1318 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361, 3361,
1319 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1320 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1321 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1322
1323 3361, 3361, 3353, 3361, 3367, 3361, 3361, 3361, 3361, 3361,
1324 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1325 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361,
1326 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1327 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1328 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1329 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1330 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1331 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1332 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1333
1334 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353,
1335 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1336 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1337 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353,
1338 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1339 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1340 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1341 3361, 3361, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361,
1342 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1343 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1344
1345 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3367, 3361,
1346 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1347 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1348 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1349 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1350 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1351 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1352 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1353 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1354 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1355
1356 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1357 3361, 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361,
1358 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1359 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1360 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1361 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1362 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1363 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1364 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361,
1365 3361, 3361, 3353, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1366
1367 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1368 3367, 3361, 3353, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1369 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353,
1370 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1371 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1372 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1373 3361, 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3353, 3361,
1374 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1375 3361, 3353, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1376 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1377
1378 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1379 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353,
1380 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1381 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1382 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1383 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1384 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1385 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1386 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1387 3353, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1388
1389 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3367, 3361, 3361,
1390 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361,
1391 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1392 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1393 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1394 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361,
1395 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353,
1396 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1397 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1398 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1399
1400 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1401 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1402 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3353, 3361, 3361,
1403 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361,
1404 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1405 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1406 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1407 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1408 3361, 3353, 3361, 3361, 3361, 3361, 3367, 3361, 3353, 3361,
1409 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353,
1410
1411 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1412 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1413 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1414 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1415 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1416 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361,
1417 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361,
1418 3361, 3353, 3353, 3361, 3353, 3361, 3353, 3361, 3361, 3353,
1419 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361,
1420 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1421
1422 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1423 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1424 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1425 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1426 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1427 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3367, 3361, 3361,
1428 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1429 3361, 3361, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361,
1430 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1431 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353,
1432
1433 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1434 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1435 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1436 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1437 3353, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1438 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1439 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1440 3361, 3361, 3361, 3361, 3353, 3353, 3353, 3353, 3361, 3361,
1441 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353,
1442 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1443
1444 3361, 3361, 3361, 3361, 3361, 3361, 3367, 3361, 3361, 3361,
1445 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353,
1446 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1447 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1448 3361, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1449 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3353, 3353,
1450 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1451 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1452 3361, 3361, 3361, 3353, 3361, 3361, 3353, 3361, 3361, 3361,
1453 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3361,
1454
1455 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353,
1456 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3353,
1457 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1458 3361, 3361, 3353, 3353, 3367, 3361, 3361, 3361, 3361, 3361,
1459 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3353, 3361, 3361,
1460 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1461 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1462 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1463 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361,
1464 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361,
1465
1466 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1467 3353, 3353, 3353, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1468 3353, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361,
1469 3353, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3353,
1470 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1471 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1472 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1473 3361, 3353, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361,
1474 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1475 3353, 3353, 3361, 3361, 3353, 3361, 3353, 3361, 3353, 3361,
1476
1477 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1478 3353, 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361,
1479 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1480 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353, 3353, 3361,
1481 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1482 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1483 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1484 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3353,
1485 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1486 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1487
1488 3353, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1489 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1490 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353,
1491 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3353, 3353,
1492 3361, 3361, 3361, 3353, 3353, 3353, 3361, 3361, 3361, 3361,
1493 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1494 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361, 3353, 3353,
1495 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361,
1496 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1497 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353,
1498
1499 3353, 3361, 3353, 3361, 3361, 3353, 3353, 3361, 3361, 3361,
1500 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361,
1501 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1502 3361, 3353, 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1503 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3353,
1504 3353, 3361, 3361, 3353, 3353, 3361, 3353, 3353, 3353, 3353,
1505 3353, 3353, 3353, 3353, 3361, 3361, 3353, 3361, 3361, 3361,
1506 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361,
1507 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1508 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353,
1509
1510 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1511 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1512 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361,
1513 3353, 3361, 3353, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1514 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3353, 3361,
1515 3361, 3353, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1516 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361,
1517 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361,
1518 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1519 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1520
1521 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361,
1522 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361,
1523 3361, 3353, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361,
1524 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361,
1525 3361, 3353, 3361, 3353, 3353, 3361, 3361, 3361, 3361, 3361,
1526 3353, 3353, 0, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
1527 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
1528 3353
1202 3557, 1, 3558, 3558, 3559, 3559, 3560, 3560, 3561, 3561,
1203 3562, 3562, 3563, 3563, 3564, 3564, 3557, 3565, 3557, 3557,
1204 3557, 3557, 3566, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1205 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1206 3565, 3565, 3565, 3565, 3565, 3565, 3567, 3557, 3557, 3557,
1207 3567, 3568, 3557, 3557, 3557, 3568, 3569, 3557, 3557, 3557,
1208 3557, 3569, 3570, 3557, 3557, 3557, 3570, 3571, 3557, 3572,
1209 3557, 3571, 3571, 3573, 3557, 3557, 3557, 3557, 3573, 3574,
1210 3557, 3557, 3557, 3574, 3565, 3565, 3557, 3575, 3566, 3575,
1211 3566, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1212
1213 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1214 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1215 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1216 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1217 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1218 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3567,
1219 3567, 3568, 3568, 3569, 3569, 3557, 3570, 3570, 3571, 3571,
1220 3572, 3572, 3571, 3573, 3573, 3557, 3574, 3574, 3565, 3565,
1221 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1222 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1223
1224 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1225 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1226 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1227 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1228 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1229 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1230 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1231 3565, 3571, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1232 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1233 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1234
1235 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1236 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1237 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1238 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1239 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1240 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1241 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1242 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1243 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3571, 3565,
1244 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1245
1246 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1247 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1248 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1249 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1250 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1251 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1252 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1253 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1254 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1255 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1256
1257 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1258 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1259 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1260 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1261 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3571, 3565, 3565,
1262 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1263 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1264 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1265 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1266 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1267
1268 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1269 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1270 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1271 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1272 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1273 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1274 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1275 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1276 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1277 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1278
1279 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1280 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1281 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3571,
1282 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1283 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1284 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3557,
1285 3557, 3565, 3557, 3557, 3565, 3565, 3557, 3565, 3565, 3565,
1286 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1287 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1288 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1289
1290 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1291 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1292 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1293 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1294 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1295 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1296 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1297 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1298 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1299 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1300
1301 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1302 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1303 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3571, 3565, 3565,
1304 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3557, 3565,
1305 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1306 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1307 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1308 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1309 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1310 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1311
1312 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1313 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1314 3565, 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565, 3565,
1315 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3565, 3565,
1316 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3557,
1317 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1318 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1319 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1320 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1321 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1322
1323 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1324 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1325 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1326 3557, 3565, 3565, 3565, 3565, 3565, 3571, 3571, 3565, 3565,
1327 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1328 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1329 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1330 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1331 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1332 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1333
1334 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1335 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1336 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1337 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1338 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1339 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1340 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1341 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1342 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1343 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1344
1345 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1346 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1347 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1348 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1349 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3571, 3565,
1350 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1351 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1352 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1353 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1354 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1355
1356 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1357 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1358 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1359 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1360 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1361 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1362 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1363 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1364 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1365 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1366
1367 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1368 3565, 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565, 3565,
1369 3565, 3565, 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1370 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1371 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1372 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1373 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3571, 3565,
1374 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1375 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1376 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1377
1378 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1379 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1380 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1381 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1382 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1383 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1384 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1385 3565, 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565, 3565,
1386 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1387 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1388
1389 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3565,
1390 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1391 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1392 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1393 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565, 3565, 3565,
1394 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1395 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1396 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1397 3565, 3557, 3565, 3565, 3565, 3571, 3565, 3565, 3565, 3565,
1398 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1399
1400 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1401 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1402 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1403 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1404 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1405 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1406 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1407 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1408 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1409 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3565, 3565, 3565,
1410
1411 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1412 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1413 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1414 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1415 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1416 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1417 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1418 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3557,
1419 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3557,
1420 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1421
1422 3565, 3571, 3565, 3557, 3565, 3565, 3565, 3557, 3565, 3565,
1423 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1424 3557, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1425 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1426 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1427 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3565, 3557,
1428 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1429 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3557, 3565, 3565,
1430 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1431 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1432
1433 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1434 3565, 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1435 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1436 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1437 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1438 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1439 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1440 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1441 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1442 3565, 3557, 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1443
1444 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1445 3565, 3565, 3571, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1446 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1447 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3557,
1448 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1449 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1450 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1451 3565, 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565, 3565,
1452 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1453 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1454
1455 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1456 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1457 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1458 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3557, 3565,
1459 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1460 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1461 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1462 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1463 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1464 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565,
1465
1466 3565, 3565, 3565, 3565, 3565, 3571, 3565, 3557, 3565, 3565,
1467 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3557, 3565,
1468 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1469 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1470 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1471 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1472 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1473 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1474 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3565,
1475 3565, 3565, 3565, 3565, 3557, 3557, 3565, 3557, 3565, 3557,
1476
1477 3565, 3565, 3557, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1478 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1479 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1480 3565, 3557, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1481 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1482 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1483 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1484 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1485 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1486 3571, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1487
1488 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3557, 3565,
1489 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1490 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1491 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1492 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1493 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1494 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3557,
1495 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3557,
1496 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1497 3557, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1498
1499 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1500 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3557, 3557, 3565,
1501 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1502 3565, 3557, 3565, 3557, 3557, 3565, 3565, 3565, 3565, 3565,
1503 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565, 3565, 3565,
1504 3565, 3565, 3565, 3571, 3565, 3565, 3565, 3565, 3565, 3565,
1505 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3565, 3565, 3565,
1506 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1507 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3557,
1508 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1509
1510 3565, 3565, 3557, 3557, 3565, 3565, 3565, 3557, 3557, 3565,
1511 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1512 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1513 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3557, 3565,
1514 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1515 3557, 3565, 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565,
1516 3565, 3565, 3565, 3557, 3565, 3565, 3557, 3565, 3565, 3565,
1517 3565, 3565, 3565, 3557, 3565, 3565, 3557, 3565, 3565, 3565,
1518 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1519 3557, 3565, 3565, 3571, 3565, 3565, 3565, 3565, 3565, 3565,
1520
1521 3565, 3565, 3565, 3557, 3557, 3565, 3557, 3565, 3565, 3557,
1522 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1523 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1524 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1525 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1526 3557, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565,
1527 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1528 3565, 3557, 3565, 3565, 3565, 3557, 3557, 3557, 3565, 3565,
1529 3565, 3557, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1530 3557, 3557, 3557, 3565, 3565, 3565, 3557, 3565, 3565, 3557,
1531
1532 3565, 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3557, 3565,
1533 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1534 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1535 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1536 3565, 3565, 3557, 3565, 3557, 3565, 3557, 3565, 3565, 3565,
1537 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1538 3565, 3565, 3565, 3557, 3557, 3565, 3565, 3565, 3557, 3565,
1539 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3557, 3557,
1540 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1541 3565, 3557, 3565, 3557, 3565, 3565, 3565, 3557, 3565, 3565,
1542
1543 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1544 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3557, 3565,
1545 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1546 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1547 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1548 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1549 3557, 3565, 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1550 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1551 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3565, 3565, 3557,
1552 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1553
1554 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1555 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1556 3565, 3565, 3557, 3565, 3565, 3565, 3557, 3557, 3557, 3565,
1557 3565, 3565, 3557, 3557, 3557, 3557, 3565, 3565, 3565, 3565,
1558 3557, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565,
1559 3565, 3565, 3565, 3565, 3557, 3557, 3565, 3565, 3565, 3565,
1560 3565, 3565, 3557, 3557, 3565, 3565, 3565, 3565, 3565, 3557,
1561 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1562 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1563 3565, 3565, 3565, 3565, 3565, 3557, 3557, 3565, 3557, 3565,
1564
1565 3565, 3557, 3557, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1566 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565,
1567 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1568 3565, 3565, 3557, 3557, 3565, 3565, 3565, 3565, 3565, 3557,
1569 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1570 3557, 3557, 3565, 3565, 3557, 3557, 3565, 3557, 3557, 3557,
1571 3557, 3557, 3557, 3557, 3557, 3565, 3565, 3557, 3557, 3565,
1572 3565, 3565, 3557, 3565, 3557, 3565, 3565, 3565, 3565, 3557,
1573 3565, 3557, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1574 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1575
1576 3565, 3565, 3557, 3557, 3557, 3565, 3565, 3565, 3565, 3565,
1577 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1578 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1579 3565, 3565, 3557, 3565, 3557, 3565, 3557, 3557, 3565, 3565,
1580 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557,
1581 3565, 3557, 3557, 3565, 3565, 3557, 3565, 3565, 3557, 3565,
1582 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3557,
1583 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1584 3565, 3565, 3557, 3565, 3565, 3565, 3557, 3565, 3565, 3565,
1585 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3557, 3565, 3565,
1586
1587 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565,
1588 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565, 3565,
1589 3565, 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3557, 3565,
1590 3565, 3565, 3565, 3565, 3557, 3565, 3565, 3565, 3565, 3565,
1591 3565, 3557, 3565, 3565, 3565, 3557, 3565, 3557, 3557, 3565,
1592 3565, 3565, 3565, 3565, 3557, 3557, 0, 3557, 3557, 3557,
1593 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
1594 3557, 3557, 3557, 3557, 3557
15291595 } ;
15301596
1531 static const flex_int16_t yy_nxt[9635] =
1597 static const flex_int16_t yy_nxt[10245] =
15321598 { 0,
15331599 18, 19, 20, 21, 22, 23, 22, 18, 18, 18,
15341600 18, 18, 22, 24, 25, 26, 27, 28, 29, 18,
15411607 59, 60, 61, 120, 22, 58, 59, 60, 61, 86,
15421608 22, 64, 65, 66, 64, 65, 66, 87, 160, 160,
15431609
1544 1291, 88, 85, 51, 119, 86, 51, 167, 167, 56,
1610 1339, 88, 85, 51, 119, 86, 51, 167, 167, 56,
15451611 120, 56, 170, 75, 76, 77, 78, 62, 22, 75,
15461612 76, 77, 78, 62, 22, 81, 82, 83, 67, 97,
15471613 86, 67, 19, 20, 21, 69, 70, 71, 19, 20,
15481614 21, 69, 70, 71, 81, 82, 83, 121, 108, 177,
1549 177, 79, 72, 159, 409, 86, 97, 79, 72, 86,
1615 177, 79, 72, 159, 410, 86, 97, 79, 72, 86,
15501616 137, 90, 84, 90, 90, 86, 90, 170, 109, 178,
15511617 73, 86, 90, 86, 121, 108, 73, 176, 87, 72,
15521618 159, 84, 88, 86, 130, 72, 112, 137, 110, 162,
15711637 134, 152, 169, 135, 169, 169, 86, 169, 86, 184,
15721638 136, 153, 86, 131, 195, 154, 155, 132, 182, 86,
15731639 174, 133, 174, 174, 166, 174, 205, 134, 86, 85,
1574 135, 85, 85, 86, 85, 332, 184, 136, 138, 1148,
1640 135, 85, 85, 86, 85, 332, 184, 136, 138, 1187,
15751641 85, 195, 139, 90, 183, 90, 90, 206, 90, 185,
15761642
15771643 165, 86, 140, 141, 90, 142, 86, 193, 194, 197,
15781644 196, 163, 186, 161, 86, 138, 86, 86, 86, 139,
1579 86, 183, 86, 86, 206, 240, 185, 198, 3353, 140,
1645 86, 183, 86, 86, 206, 240, 185, 198, 3557, 140,
15801646 141, 91, 142, 143, 193, 194, 144, 196, 190, 186,
15811647 199, 86, 201, 145, 191, 200, 192, 146, 147, 86,
1582 334, 86, 240, 86, 198, 86, 207, 3353, 86, 86,
1583 143, 208, 3353, 144, 209, 190, 215, 199, 86, 201,
1648 334, 86, 240, 86, 198, 86, 207, 3557, 86, 86,
1649 143, 208, 3557, 144, 209, 190, 215, 199, 86, 201,
15841650 145, 191, 200, 192, 146, 147, 202, 203, 211, 86,
1585 210, 212, 86, 207, 204, 228, 86, 3353, 208, 217,
1586 216, 209, 86, 86, 213, 214, 3353, 86, 86, 86,
1587
1588 225, 3353, 86, 202, 203, 211, 218, 210, 212, 226,
1651 210, 212, 86, 207, 204, 228, 86, 3557, 208, 217,
1652 216, 209, 86, 86, 213, 214, 3557, 86, 86, 86,
1653
1654 225, 3557, 86, 202, 203, 211, 218, 210, 212, 226,
15891655 220, 204, 228, 86, 221, 223, 217, 216, 227, 229,
15901656 224, 213, 214, 86, 232, 230, 219, 225, 86, 253,
15911657 222, 86, 86, 218, 86, 231, 226, 220, 86, 86,
15921658 233, 221, 223, 86, 86, 227, 229, 224, 235, 86,
15931659 234, 232, 230, 219, 237, 236, 253, 222, 238, 86,
1594 3353, 239, 231, 86, 86, 241, 245, 233, 86, 246,
1595 86, 86, 86, 3353, 242, 235, 86, 234, 86, 247,
1596 248, 237, 236, 243, 251, 238, 3353, 86, 239, 244,
1597 3353, 249, 241, 245, 257, 250, 246, 86, 86, 3353,
1660 3557, 239, 231, 86, 86, 241, 245, 233, 86, 246,
1661 86, 86, 86, 3557, 242, 235, 86, 234, 86, 247,
1662 248, 237, 236, 243, 251, 238, 3557, 86, 239, 244,
1663 3557, 249, 241, 245, 257, 250, 246, 86, 86, 3557,
15981664
15991665 254, 242, 259, 261, 86, 258, 247, 248, 262, 86,
16001666 243, 251, 267, 86, 86, 260, 244, 255, 249, 86,
16011667 256, 257, 250, 86, 263, 266, 86, 254, 268, 259,
16021668 261, 270, 258, 264, 86, 262, 277, 269, 272, 267,
16031669 86, 271, 260, 86, 255, 265, 86, 256, 86, 86,
1604 3353, 263, 266, 86, 86, 268, 177, 177, 270, 3353,
1605 264, 3353, 170, 277, 269, 272, 3353, 273, 271, 3353,
1606 3353, 164, 265, 164, 164, 169, 164, 169, 169, 90,
1670 3557, 263, 266, 86, 86, 268, 177, 177, 270, 3557,
1671 264, 3557, 170, 277, 269, 272, 3557, 273, 271, 3557,
1672 3557, 164, 265, 164, 164, 169, 164, 169, 169, 90,
16071673 169, 90, 90, 174, 90, 174, 174, 274, 174, 86,
1608 3353, 276, 3353, 280, 273, 278, 281, 282, 283, 284,
1609
1610 86, 275, 279, 3353, 285, 86, 338, 3353, 3353, 86,
1674 3557, 276, 3557, 280, 273, 278, 281, 282, 283, 284,
1675
1676 86, 275, 279, 3557, 285, 86, 338, 3557, 3557, 86,
16111677 86, 86, 286, 290, 86, 86, 291, 172, 276, 86,
16121678 280, 86, 278, 281, 282, 283, 284, 287, 275, 279,
16131679 86, 285, 340, 288, 289, 86, 86, 293, 86, 286,
1614 290, 294, 86, 291, 301, 303, 3353, 302, 306, 3353,
1680 290, 294, 86, 291, 301, 303, 3557, 302, 306, 3557,
16151681 307, 304, 308, 86, 305, 314, 310, 86, 295, 86,
1616 288, 289, 86, 86, 86, 86, 311, 86, 294, 3353,
1682 288, 289, 86, 86, 86, 86, 311, 86, 294, 3557,
16171683 86, 301, 303, 86, 302, 306, 86, 307, 304, 86,
16181684 309, 305, 314, 310, 86, 295, 296, 312, 86, 318,
1619 317, 297, 313, 311, 326, 370, 298, 315, 86, 86,
1620
1621 316, 86, 299, 300, 319, 86, 325, 309, 3353, 86,
1622 3353, 86, 86, 296, 312, 329, 318, 317, 297, 313,
1623 86, 326, 370, 298, 315, 327, 86, 316, 86, 299,
1685 317, 297, 313, 311, 326, 371, 298, 315, 86, 86,
1686
1687 316, 86, 299, 300, 319, 86, 325, 309, 3557, 86,
1688 3557, 86, 86, 296, 312, 329, 318, 317, 297, 313,
1689 86, 326, 371, 298, 315, 327, 86, 316, 86, 299,
16241690 300, 319, 320, 325, 330, 321, 86, 322, 337, 335,
1625 333, 86, 329, 342, 86, 331, 339, 86, 3353, 323,
1626 344, 324, 327, 336, 341, 3353, 3353, 3353, 86, 320,
1627 345, 3353, 321, 343, 322, 337, 86, 333, 86, 351,
1628 346, 86, 331, 339, 86, 86, 323, 86, 324, 347,
1629 336, 341, 86, 86, 348, 349, 86, 345, 86, 352,
1630 343, 86, 353, 356, 350, 354, 351, 346, 355, 86,
1631
1632 357, 364, 360, 86, 86, 86, 347, 86, 361, 362,
1633 86, 348, 349, 86, 86, 367, 352, 86, 358, 353,
1634 356, 350, 354, 359, 86, 355, 363, 357, 373, 360,
1635 369, 86, 86, 86, 368, 361, 362, 365, 366, 372,
1636 371, 86, 374, 375, 376, 378, 86, 86, 86, 3353,
1637 86, 86, 86, 363, 377, 381, 379, 369, 86, 86,
1638 86, 368, 380, 383, 365, 366, 372, 371, 3353, 86,
1639 375, 384, 378, 386, 86, 387, 86, 86, 382, 388,
1640 390, 377, 86, 379, 389, 3353, 391, 86, 385, 86,
1641 392, 394, 86, 86, 170, 86, 86, 86, 384, 86,
1642
1643 386, 395, 387, 396, 393, 382, 388, 390, 86, 398,
1644 397, 389, 86, 391, 3353, 385, 399, 392, 401, 403,
1645 405, 400, 402, 86, 404, 86, 86, 86, 86, 406,
1646 396, 393, 86, 86, 86, 86, 407, 397, 86, 408,
1647 3353, 86, 411, 399, 412, 401, 403, 413, 400, 402,
1648 410, 404, 86, 86, 415, 414, 406, 416, 86, 86,
1649 419, 86, 420, 407, 421, 86, 408, 86, 86, 411,
1650 86, 412, 417, 418, 413, 86, 422, 410, 86, 423,
1651 86, 415, 414, 426, 416, 424, 428, 431, 3353, 420,
1652 86, 86, 86, 427, 86, 429, 86, 432, 433, 417,
1653
1654 418, 86, 425, 422, 86, 435, 86, 434, 86, 86,
1655 426, 86, 424, 436, 431, 86, 438, 437, 86, 430,
1656 427, 86, 439, 445, 432, 433, 86, 86, 441, 425,
1657 86, 86, 435, 440, 434, 443, 442, 86, 86, 86,
1658 436, 446, 86, 438, 437, 86, 430, 447, 3353, 439,
1659 445, 448, 444, 3353, 86, 441, 3353, 455, 456, 86,
1660 440, 3353, 443, 442, 3353, 457, 86, 86, 3353, 461,
1661 3353, 86, 462, 86, 447, 86, 464, 465, 448, 444,
1662 449, 469, 3353, 450, 455, 456, 86, 86, 451, 452,
1663 453, 454, 457, 86, 463, 458, 461, 459, 86, 462,
1664
1665 466, 86, 468, 464, 465, 467, 3353, 449, 86, 86,
1666 450, 477, 3353, 460, 478, 451, 452, 453, 454, 86,
1667 470, 463, 458, 471, 459, 472, 86, 475, 476, 468,
1668 86, 479, 86, 473, 474, 507, 86, 86, 86, 480,
1669 460, 478, 482, 86, 481, 86, 86, 470, 483, 487,
1670 471, 484, 472, 493, 475, 476, 86, 86, 479, 86,
1671 473, 474, 86, 86, 86, 86, 480, 485, 486, 482,
1672 492, 481, 505, 3353, 86, 483, 3353, 488, 484, 489,
1673 86, 86, 491, 494, 497, 86, 498, 499, 490, 86,
1674 495, 565, 86, 506, 485, 486, 496, 492, 86, 505,
1675
1676 86, 504, 86, 86, 488, 86, 489, 3353, 86, 491,
1677 494, 497, 86, 498, 499, 490, 500, 495, 565, 86,
1678 508, 509, 524, 496, 522, 86, 519, 510, 504, 501,
1679 545, 511, 502, 86, 503, 86, 86, 3353, 523, 512,
1680 86, 3353, 86, 500, 527, 86, 520, 508, 509, 524,
1681 86, 522, 525, 519, 510, 3353, 501, 86, 511, 502,
1682 3353, 503, 86, 535, 521, 523, 512, 513, 526, 514,
1683 86, 527, 537, 520, 536, 86, 86, 538, 539, 525,
1684 540, 556, 515, 3353, 543, 516, 170, 517, 542, 518,
1685 535, 521, 86, 86, 513, 526, 514, 548, 541, 86,
1686
1687 86, 536, 86, 86, 86, 539, 86, 540, 556, 515,
1688 86, 543, 516, 544, 517, 542, 518, 528, 529, 546,
1689 86, 86, 3353, 549, 548, 541, 547, 530, 558, 531,
1690 532, 533, 550, 86, 534, 3353, 553, 555, 563, 557,
1691 544, 554, 86, 86, 528, 529, 546, 551, 86, 86,
1692 559, 86, 561, 547, 530, 86, 531, 532, 533, 550,
1693 86, 534, 562, 553, 555, 552, 557, 86, 554, 86,
1694 86, 560, 566, 594, 551, 86, 86, 559, 86, 561,
1695 564, 569, 86, 567, 568, 3353, 570, 572, 86, 562,
1696 571, 573, 552, 3353, 86, 580, 577, 86, 560, 566,
1697
1698 86, 86, 574, 575, 583, 86, 3353, 564, 569, 578,
1699 3353, 3353, 86, 570, 572, 86, 86, 571, 573, 86,
1700 576, 86, 580, 577, 579, 581, 582, 86, 584, 574,
1701 575, 583, 86, 86, 3353, 585, 578, 86, 86, 595,
1702 598, 596, 597, 586, 599, 608, 3353, 576, 86, 3353,
1703 3353, 579, 581, 582, 587, 584, 588, 86, 86, 601,
1704 3353, 86, 585, 86, 602, 86, 595, 598, 596, 597,
1705 586, 600, 86, 604, 607, 603, 86, 86, 605, 3353,
1706 86, 587, 606, 588, 589, 86, 601, 86, 86, 610,
1707 609, 602, 590, 591, 612, 86, 592, 593, 600, 86,
1708
1709 604, 607, 603, 86, 611, 605, 86, 616, 86, 606,
1710 613, 589, 86, 614, 617, 615, 610, 609, 3353, 590,
1711 591, 86, 624, 592, 593, 86, 86, 618, 620, 86,
1712 86, 611, 621, 86, 616, 619, 86, 613, 622, 86,
1713 614, 617, 615, 86, 625, 623, 86, 86, 626, 624,
1714 627, 628, 629, 86, 618, 620, 630, 3353, 86, 621,
1715 86, 631, 619, 86, 632, 622, 86, 86, 633, 635,
1716 634, 625, 623, 86, 86, 626, 86, 627, 628, 629,
1717 636, 637, 86, 630, 639, 638, 86, 86, 631, 86,
1718 86, 632, 86, 644, 645, 633, 635, 634, 643, 86,
1719
1720 640, 642, 641, 86, 646, 86, 86, 636, 637, 86,
1721 86, 639, 638, 647, 648, 652, 650, 649, 655, 651,
1722 644, 653, 86, 3353, 3353, 643, 86, 640, 642, 641,
1723 86, 646, 657, 656, 86, 86, 86, 654, 658, 86,
1724 86, 648, 652, 650, 649, 86, 651, 661, 653, 86,
1725 86, 663, 660, 662, 664, 666, 86, 86, 86, 657,
1726 656, 659, 665, 667, 654, 86, 3353, 86, 669, 86,
1727 86, 681, 668, 670, 661, 714, 86, 86, 663, 660,
1728 662, 664, 666, 86, 86, 86, 679, 86, 659, 665,
1729 667, 680, 3353, 86, 86, 669, 682, 687, 681, 668,
1730
1731 670, 671, 684, 86, 86, 3353, 672, 86, 673, 86,
1732 683, 3353, 3353, 679, 674, 3353, 675, 688, 680, 676,
1733 677, 86, 691, 682, 687, 86, 678, 86, 671, 684,
1734 685, 696, 692, 672, 686, 673, 3353, 683, 694, 86,
1735 86, 674, 693, 675, 688, 689, 676, 677, 690, 691,
1736 86, 695, 86, 678, 699, 86, 86, 685, 696, 697,
1737 698, 686, 86, 86, 86, 694, 700, 86, 86, 693,
1738 701, 702, 689, 703, 705, 690, 708, 704, 695, 706,
1739 86, 699, 86, 86, 86, 707, 697, 698, 86, 86,
1740 710, 709, 711, 700, 86, 715, 86, 701, 702, 86,
1741
1742 703, 705, 86, 708, 704, 712, 706, 86, 713, 716,
1743 86, 720, 707, 86, 718, 722, 717, 710, 709, 711,
1744 86, 86, 715, 86, 86, 719, 721, 86, 3353, 86,
1745 723, 170, 712, 726, 3353, 713, 716, 86, 720, 725,
1746 727, 718, 722, 717, 724, 729, 728, 86, 730, 86,
1747 3353, 3353, 719, 721, 731, 86, 732, 723, 86, 3353,
1748 86, 86, 733, 86, 734, 740, 725, 743, 735, 86,
1749 741, 724, 86, 728, 86, 730, 744, 86, 86, 745,
1750 736, 731, 739, 732, 748, 742, 86, 737, 746, 733,
1751 738, 734, 86, 86, 86, 735, 747, 86, 86, 86,
1752
1753 749, 753, 751, 86, 752, 750, 757, 736, 86, 739,
1754 755, 86, 742, 754, 737, 86, 86, 738, 86, 86,
1755 756, 758, 759, 86, 762, 86, 86, 761, 753, 751,
1756 86, 752, 86, 757, 760, 86, 763, 755, 765, 86,
1757 754, 767, 86, 86, 764, 766, 3353, 756, 758, 759,
1758 86, 769, 768, 86, 761, 770, 86, 86, 86, 86,
1759 86, 760, 771, 763, 86, 765, 773, 86, 767, 772,
1760 774, 764, 766, 86, 775, 776, 86, 86, 769, 768,
1761 777, 780, 770, 778, 779, 3353, 781, 86, 3353, 771,
1762 86, 782, 86, 783, 784, 785, 772, 774, 86, 86,
1763
1764 86, 775, 776, 787, 86, 788, 786, 777, 780, 789,
1765 778, 779, 86, 781, 790, 86, 86, 86, 782, 86,
1766 783, 784, 785, 791, 794, 793, 3353, 86, 796, 798,
1767 787, 795, 3353, 786, 797, 800, 789, 86, 86, 86,
1768 799, 790, 802, 86, 808, 792, 86, 86, 86, 86,
1769 791, 794, 793, 86, 86, 796, 798, 86, 795, 801,
1770 803, 797, 800, 804, 805, 806, 86, 799, 809, 86,
1771 807, 86, 792, 818, 810, 86, 86, 814, 86, 811,
1772 812, 86, 813, 86, 815, 86, 801, 803, 817, 86,
1773 804, 805, 806, 86, 816, 809, 819, 807, 86, 86,
1774
1775 818, 810, 820, 821, 814, 824, 86, 86, 86, 813,
1776 86, 815, 822, 825, 823, 817, 86, 827, 826, 828,
1777 832, 816, 841, 3353, 86, 3353, 3353, 86, 86, 820,
1778 833, 86, 824, 86, 829, 86, 86, 834, 86, 822,
1779 835, 823, 837, 836, 827, 86, 828, 3353, 830, 831,
1780 86, 838, 86, 847, 86, 86, 86, 833, 839, 842,
1781 845, 829, 86, 849, 834, 846, 851, 835, 86, 837,
1782 836, 86, 3353, 840, 86, 830, 831, 843, 838, 86,
1783 847, 848, 86, 86, 909, 839, 842, 844, 86, 850,
1784 849, 86, 86, 851, 852, 856, 853, 86, 854, 86,
1785
1786 840, 855, 86, 86, 843, 86, 857, 86, 848, 86,
1787 858, 86, 859, 866, 844, 860, 850, 861, 3353, 864,
1788 3353, 852, 856, 853, 863, 854, 862, 86, 855, 86,
1789 86, 865, 86, 86, 86, 86, 867, 858, 86, 859,
1790 868, 871, 860, 86, 861, 86, 864, 878, 869, 86,
1791 872, 863, 870, 862, 873, 86, 86, 874, 865, 86,
1792 86, 875, 876, 867, 86, 86, 86, 868, 871, 86,
1793 86, 880, 877, 879, 878, 869, 884, 872, 881, 870,
1794 86, 873, 882, 883, 874, 886, 86, 916, 875, 876,
1795 922, 86, 86, 885, 889, 86, 888, 86, 880, 877,
1796
1797 879, 86, 887, 884, 86, 881, 86, 86, 86, 882,
1798 883, 890, 886, 86, 891, 892, 895, 893, 894, 86,
1799 885, 889, 86, 888, 898, 86, 896, 3353, 3353, 887,
1800 897, 86, 899, 901, 900, 86, 86, 86, 890, 86,
1801 86, 891, 892, 895, 893, 894, 86, 902, 86, 86,
1802 86, 898, 903, 896, 904, 170, 906, 897, 905, 899,
1803 901, 900, 910, 908, 907, 912, 914, 86, 86, 86,
1804 911, 86, 913, 917, 902, 86, 86, 86, 915, 903,
1805 86, 904, 924, 906, 86, 905, 86, 918, 86, 910,
1806 908, 907, 86, 914, 86, 921, 919, 911, 923, 913,
1807
1808 917, 920, 86, 86, 86, 915, 925, 3353, 935, 924,
1809 86, 86, 927, 938, 918, 86, 926, 86, 86, 86,
1810 86, 936, 921, 919, 3353, 923, 941, 3353, 920, 3353,
1811 3353, 86, 937, 925, 86, 935, 939, 86, 940, 927,
1812 938, 3353, 3353, 926, 928, 942, 946, 929, 936, 943,
1813 86, 930, 3353, 941, 931, 86, 86, 86, 944, 937,
1814 949, 932, 933, 939, 934, 940, 945, 947, 86, 86,
1815 948, 928, 942, 946, 929, 86, 943, 86, 930, 960,
1816 86, 931, 86, 957, 86, 944, 959, 979, 932, 933,
1817 958, 934, 86, 945, 947, 86, 86, 948, 950, 951,
1818
1819 961, 952, 86, 86, 953, 86, 960, 962, 968, 954,
1820 957, 964, 965, 959, 86, 955, 956, 958, 3353, 967,
1821 86, 86, 972, 963, 86, 950, 951, 961, 952, 966,
1822 86, 953, 86, 86, 962, 968, 954, 971, 964, 965,
1823 969, 86, 955, 956, 974, 970, 967, 973, 86, 972,
1824 963, 975, 977, 976, 981, 3353, 966, 86, 980, 86,
1825 978, 983, 982, 3353, 971, 985, 86, 3353, 987, 86,
1826 86, 974, 86, 86, 973, 86, 86, 86, 975, 977,
1827 976, 981, 86, 86, 86, 980, 984, 978, 983, 982,
1828 986, 988, 985, 86, 86, 987, 990, 989, 991, 992,
1829
1830 993, 994, 996, 86, 1000, 86, 997, 86, 995, 86,
1831 86, 998, 999, 984, 86, 1001, 1003, 986, 988, 1002,
1832 3353, 3353, 86, 990, 989, 991, 992, 993, 1004, 86,
1833 86, 1006, 1005, 86, 86, 995, 86, 1007, 86, 999,
1834 1008, 86, 1009, 1011, 3353, 1010, 1002, 86, 86, 1014,
1835 86, 1012, 86, 86, 86, 1004, 1016, 1013, 1006, 1005,
1836 86, 86, 1017, 1018, 86, 86, 86, 86, 1019, 1009,
1837 1011, 86, 1010, 1015, 1020, 1022, 1014, 1021, 1012, 3353,
1838 86, 86, 86, 86, 1013, 86, 1025, 1023, 1024, 1017,
1839 1018, 86, 1026, 86, 1027, 86, 1029, 1030, 1028, 86,
1840
1841 1015, 1035, 1022, 1032, 1021, 86, 86, 1033, 86, 86,
1842 86, 1031, 1034, 1025, 1023, 1024, 1043, 86, 86, 1026,
1843 86, 1027, 1036, 1029, 1030, 1028, 1038, 86, 1035, 86,
1844 1032, 1044, 1037, 1039, 86, 1046, 86, 1040, 1031, 86,
1845 86, 86, 1041, 1043, 86, 1045, 86, 1050, 1047, 1036,
1846 1042, 86, 86, 1038, 86, 1052, 1048, 86, 86, 1037,
1847 1039, 1049, 1046, 86, 1040, 3353, 86, 1054, 86, 1041,
1848 1055, 1051, 1045, 86, 1050, 1047, 1053, 1042, 86, 86,
1849 86, 1056, 1052, 1048, 1057, 1059, 1058, 1060, 1049, 86,
1850 86, 1065, 1061, 1063, 1054, 86, 1062, 1055, 1051, 1064,
1851
1852 86, 3353, 1066, 1053, 86, 86, 86, 1067, 1056, 86,
1853 3353, 1069, 1059, 1058, 1060, 1068, 86, 86, 86, 1061,
1854 1063, 86, 86, 1062, 1070, 86, 1064, 1071, 1072, 1066,
1855 86, 86, 86, 1073, 1067, 1074, 86, 1075, 1069, 1076,
1856 86, 1077, 1068, 1078, 1080, 1082, 1081, 3353, 1088, 1089,
1857 1079, 1070, 86, 1083, 1071, 1072, 86, 86, 1087, 3353,
1858 1073, 86, 1086, 1090, 86, 3353, 1076, 86, 86, 86,
1859 1078, 1084, 1082, 86, 86, 1088, 86, 1079, 86, 1085,
1860 1083, 86, 1091, 1092, 86, 1087, 86, 86, 1093, 1086,
1861 1090, 86, 1094, 3353, 1095, 1096, 1097, 86, 1084, 86,
1862
1863 1098, 1100, 1101, 1103, 86, 1099, 1085, 1102, 86, 1091,
1864 1092, 3353, 1107, 86, 1105, 86, 1121, 1104, 86, 1094,
1865 86, 86, 1096, 1097, 86, 86, 1109, 1106, 1100, 1101,
1866 1103, 1110, 170, 86, 1102, 86, 86, 1108, 86, 1107,
1867 86, 1105, 1111, 86, 1104, 3353, 3353, 1118, 86, 3353,
1868 86, 3353, 1119, 1109, 1106, 1120, 3353, 1122, 1110, 86,
1869 3353, 3353, 1123, 3353, 1108, 1124, 3353, 86, 1125, 1111,
1870 1112, 1126, 1113, 86, 1118, 86, 1114, 86, 1115, 1119,
1871 3353, 86, 1120, 1116, 1122, 86, 1128, 1127, 1117, 1123,
1872 1130, 1129, 1124, 86, 86, 1125, 1131, 1112, 1126, 1113,
1873
1874 86, 1132, 3353, 1114, 1134, 1115, 3353, 1137, 86, 86,
1875 1116, 1135, 1139, 1133, 1127, 1117, 86, 1130, 86, 1138,
1876 1140, 1136, 86, 1131, 86, 86, 86, 1142, 1132, 1141,
1877 1143, 1134, 1145, 86, 1137, 1146, 1144, 1149, 1135, 1139,
1878 1133, 86, 86, 1147, 1150, 86, 1138, 1140, 1136, 86,
1879 1152, 86, 1151, 3353, 1142, 1162, 1141, 1143, 86, 86,
1880 86, 1160, 1161, 1144, 86, 1164, 3353, 86, 86, 86,
1881 86, 1150, 1171, 1165, 3353, 1163, 86, 1152, 3353, 1151,
1882 1153, 3353, 1162, 1167, 86, 1154, 3353, 1155, 1160, 1161,
1883 86, 86, 1164, 1156, 1166, 86, 86, 1170, 1157, 1158,
1884
1885 1165, 1168, 1163, 1169, 86, 1159, 86, 1153, 86, 86,
1886 1167, 86, 1154, 86, 1155, 1172, 1173, 1177, 1174, 1180,
1887 1156, 1166, 1175, 1178, 1170, 1157, 1158, 86, 1168, 1176,
1888 1169, 86, 1159, 86, 1179, 1181, 1183, 86, 86, 1182,
1889 1184, 86, 1172, 1173, 86, 1174, 86, 86, 1185, 1175,
1890 1178, 86, 1186, 1191, 86, 1188, 1176, 1187, 86, 86,
1891 1189, 1179, 1181, 1183, 1190, 86, 1182, 1184, 1192, 1193,
1892 1194, 3353, 1199, 86, 86, 86, 1195, 86, 86, 1186,
1893 86, 1196, 1188, 86, 1187, 86, 86, 1189, 1200, 1198,
1894 86, 1190, 86, 1197, 86, 1192, 1193, 1194, 1201, 1199,
1895
1896 86, 1202, 1203, 1195, 86, 1205, 86, 3353, 1196, 3353,
1897 1204, 86, 1215, 1208, 1207, 1200, 1198, 1206, 86, 86,
1898 1197, 86, 86, 1210, 86, 1201, 86, 1209, 1202, 1211,
1899 1212, 1213, 1205, 1216, 86, 86, 86, 1204, 86, 1215,
1900 1208, 1207, 1214, 1217, 1206, 3353, 1223, 1218, 1219, 1224,
1901 1210, 86, 86, 86, 1209, 1220, 1211, 1212, 1213, 86,
1902 86, 86, 86, 1221, 1225, 86, 86, 1226, 1222, 1214,
1903 1217, 1227, 86, 1223, 1218, 1219, 1224, 1229, 86, 1228,
1904 86, 1231, 1220, 1230, 1232, 1233, 86, 1234, 86, 3353,
1905 86, 1225, 86, 86, 1226, 86, 1236, 86, 1227, 1235,
1906
1907 1237, 1238, 1240, 1239, 1229, 3353, 1228, 1246, 1231, 86,
1908 1230, 86, 1233, 86, 1241, 1243, 86, 1244, 86, 86,
1909 1242, 1245, 86, 1236, 86, 86, 1235, 1237, 1238, 1240,
1910 1239, 86, 1247, 86, 1246, 1248, 86, 1249, 1250, 86,
1911 1251, 1241, 1243, 86, 1244, 1252, 86, 1242, 1245, 1254,
1912 1259, 1253, 1256, 86, 1255, 1260, 1261, 1257, 86, 1247,
1913 86, 86, 1248, 86, 1249, 86, 1262, 86, 1258, 86,
1914 86, 1266, 1252, 86, 86, 86, 1254, 1259, 1253, 1256,
1915 86, 1255, 1260, 1263, 1257, 1264, 1265, 1267, 86, 1269,
1916 1268, 1271, 3353, 1270, 3353, 1258, 86, 86, 86, 1276,
1917
1918 1274, 1272, 3353, 86, 1273, 86, 1277, 86, 86, 86,
1919 1263, 3353, 1264, 1265, 1267, 86, 1275, 1268, 86, 86,
1920 1270, 86, 86, 86, 86, 1278, 1276, 1274, 1272, 1279,
1921 86, 1273, 1281, 1277, 1282, 1280, 1283, 1284, 1285, 1287,
1922 3353, 86, 86, 1275, 86, 1286, 1288, 86, 1290, 1292,
1923 86, 86, 1278, 1293, 86, 3353, 1279, 1289, 86, 1281,
1924 1297, 1282, 1280, 86, 3353, 1285, 86, 86, 86, 86,
1925 86, 86, 1286, 1288, 1294, 1290, 1292, 1295, 1296, 86,
1926 1293, 1298, 86, 1299, 1289, 1300, 86, 86, 170, 1302,
1927 1304, 1301, 1305, 1306, 1307, 1303, 86, 86, 3353, 86,
1928
1929 3353, 1294, 1309, 1308, 1295, 1296, 86, 1310, 1298, 1311,
1930 1299, 86, 1300, 86, 86, 1312, 1302, 86, 1301, 1305,
1931 1313, 1314, 1303, 1315, 86, 86, 86, 1318, 86, 1309,
1932 1308, 86, 86, 86, 1310, 86, 1311, 1316, 1317, 86,
1933 1320, 1319, 1312, 86, 1321, 86, 1322, 1313, 1314, 86,
1934 1315, 1323, 1325, 1324, 1318, 86, 3353, 86, 86, 86,
1935 1331, 1326, 1330, 86, 1316, 1317, 1333, 86, 1319, 1332,
1936 1327, 1321, 1328, 1322, 86, 1329, 1336, 1335, 1323, 1325,
1937 1324, 1334, 3353, 86, 1337, 86, 86, 1331, 1326, 1330,
1938 86, 86, 86, 86, 1339, 1340, 1332, 1327, 1338, 1328,
1939
1940 86, 86, 1329, 1336, 1335, 1341, 1343, 86, 1334, 1342,
1941 1344, 1337, 86, 86, 1345, 1347, 1348, 86, 1346, 3353,
1942 3353, 1339, 1340, 86, 86, 1338, 86, 1349, 86, 1351,
1943 86, 3353, 1341, 1343, 1352, 1353, 1342, 1344, 86, 1350,
1944 1354, 1345, 86, 1348, 1359, 1346, 86, 1355, 1357, 86,
1945 1356, 86, 86, 86, 1349, 1360, 1351, 86, 86, 86,
1946 1358, 1352, 1353, 86, 86, 1361, 1350, 1354, 1364, 1365,
1947 86, 1359, 86, 86, 1355, 1357, 1363, 1356, 1362, 1366,
1948 1368, 86, 1360, 1367, 86, 86, 86, 1358, 1369, 86,
1949 86, 1370, 1361, 1371, 1372, 1364, 1365, 1375, 86, 86,
1950
1951 86, 1374, 86, 1363, 86, 1362, 1366, 1368, 86, 1373,
1952 1367, 86, 1376, 86, 1377, 1369, 1378, 3353, 1370, 1379,
1953 1371, 1372, 1381, 1380, 1375, 1382, 86, 1383, 1374, 86,
1954 86, 1386, 1384, 86, 1389, 1387, 1373, 1385, 86, 86,
1955 1400, 1377, 86, 1378, 86, 1388, 1379, 86, 86, 1381,
1956 1380, 1397, 1382, 3353, 1383, 1399, 1398, 1401, 1386, 86,
1957 86, 1389, 1387, 1434, 86, 86, 86, 1400, 3353, 1403,
1958 1402, 1404, 1388, 1390, 86, 86, 1406, 1391, 1397, 86,
1959 1392, 1393, 3353, 1398, 1401, 1394, 1407, 86, 86, 1405,
1960 1434, 1395, 86, 86, 1408, 1396, 1412, 1402, 1404, 86,
1961
1962 1390, 86, 86, 1406, 1391, 86, 1413, 1392, 1393, 1415,
1963 3353, 86, 1394, 1407, 1416, 1409, 1405, 1410, 1395, 1411,
1964 86, 1408, 1396, 1412, 86, 1414, 86, 86, 1417, 1418,
1965 1419, 86, 86, 1413, 3353, 3353, 1415, 86, 1420, 86,
1966 1421, 1416, 1409, 1428, 1410, 1429, 1411, 1427, 3353, 1430,
1967 1431, 3353, 1414, 3353, 3353, 1417, 86, 1435, 1433, 3353,
1968 86, 86, 86, 86, 1432, 1420, 86, 1421, 1422, 86,
1969 1428, 86, 1429, 1423, 1427, 1424, 1436, 1425, 86, 1426,
1970 86, 86, 1437, 1439, 1435, 1433, 86, 1438, 1440, 1441,
1971 1443, 1432, 1442, 86, 86, 1422, 1446, 1447, 1448, 1444,
1972
1973 1423, 86, 1424, 1436, 1425, 86, 1426, 86, 86, 86,
1974 1439, 86, 1445, 1449, 86, 1440, 1441, 1443, 1450, 1442,
1975 86, 1451, 1452, 1446, 86, 1448, 1444, 1454, 1453, 86,
1976 1457, 86, 86, 1455, 1456, 86, 86, 1458, 1459, 1445,
1977 1449, 1460, 86, 86, 1461, 1450, 86, 86, 1451, 1452,
1978 86, 1462, 86, 3353, 1454, 1453, 1465, 1457, 1463, 1464,
1979 1455, 1456, 1466, 1467, 86, 1459, 1468, 86, 86, 86,
1980 86, 1461, 1469, 1470, 86, 86, 1471, 1473, 1462, 1478,
1981 86, 1472, 86, 1465, 1474, 1463, 1464, 86, 1475, 86,
1982 1467, 86, 1477, 86, 1476, 86, 1480, 86, 86, 1469,
1983
1984 1470, 86, 1479, 1471, 86, 86, 1478, 1481, 1472, 1486,
1985 1482, 1474, 86, 1483, 86, 1475, 1485, 1484, 1493, 1477,
1986 1487, 1476, 86, 1480, 1488, 1496, 1490, 86, 86, 1479,
1987 86, 86, 1489, 1491, 1481, 86, 1486, 1482, 86, 86,
1988 1483, 1492, 86, 1485, 1484, 1493, 1494, 1487, 86, 1495,
1989 86, 1488, 86, 1490, 86, 86, 1497, 86, 1498, 1489,
1990 1491, 1499, 1501, 86, 1500, 1502, 86, 1503, 1492, 1508,
1991 86, 1504, 1505, 1494, 3353, 1509, 1495, 1511, 86, 1506,
1992 86, 86, 86, 1507, 170, 1498, 86, 86, 86, 1501,
1993 1510, 1500, 1502, 86, 86, 3353, 1514, 1515, 1504, 1505,
1994
1995 1517, 86, 1512, 86, 86, 1516, 1506, 86, 1513, 86,
1996 1507, 86, 1518, 86, 1519, 86, 1523, 1510, 1520, 1524,
1997 86, 86, 1522, 1514, 1515, 86, 1521, 1517, 86, 1512,
1998 1525, 86, 1516, 1526, 86, 1513, 1527, 1528, 86, 1518,
1999 86, 1519, 1529, 1523, 86, 1520, 86, 1530, 1531, 1522,
2000 1534, 1532, 1533, 1521, 1539, 86, 86, 1525, 1540, 1543,
2001 1526, 1535, 86, 1527, 1536, 86, 86, 1541, 1537, 86,
2002 86, 1538, 86, 86, 1530, 1531, 1542, 1534, 1532, 1533,
2003 86, 1539, 86, 86, 1544, 1540, 1543, 1545, 1535, 1547,
2004 86, 1536, 1546, 1550, 1541, 1537, 1549, 86, 1538, 1551,
2005
2006 86, 1548, 86, 1552, 3353, 86, 1553, 1554, 86, 1556,
2007 1555, 1544, 86, 86, 1563, 86, 1547, 86, 1557, 86,
2008 1550, 86, 86, 1549, 1559, 1560, 1551, 86, 1548, 86,
2009 1552, 1558, 1561, 1553, 1554, 1562, 1556, 1555, 1564, 1565,
2010 86, 86, 1566, 86, 1567, 1557, 86, 86, 86, 1568,
2011 86, 1559, 1560, 86, 1571, 86, 86, 1570, 1558, 1561,
2012 1569, 86, 1562, 1572, 1573, 1564, 1565, 1575, 86, 1566,
2013 1574, 1567, 1579, 86, 86, 1578, 1568, 1576, 1577, 86,
2014 1580, 1571, 86, 1581, 1570, 86, 1583, 1569, 86, 86,
2015 1572, 1573, 1585, 86, 1575, 1582, 86, 1574, 86, 1579,
2016
2017 1584, 1586, 1578, 86, 1576, 1577, 1588, 86, 86, 1587,
2018 1589, 1590, 86, 86, 1591, 86, 3353, 3353, 1592, 1585,
2019 1593, 86, 1582, 1594, 1596, 1599, 1598, 1584, 1586, 3353,
2020 1595, 86, 1601, 86, 1597, 1600, 1587, 86, 86, 86,
2021 86, 1591, 86, 86, 86, 1592, 86, 86, 86, 86,
2022 1594, 1596, 1599, 1598, 1603, 86, 1602, 1595, 86, 1601,
2023 1604, 1597, 1600, 86, 1605, 1607, 1606, 1609, 1611, 1620,
2024 1608, 1613, 1610, 86, 86, 86, 1612, 86, 1614, 86,
2025 3353, 1603, 86, 1602, 1617, 1616, 86, 1604, 1615, 1618,
2026 1623, 1605, 86, 1606, 3353, 1611, 86, 86, 1613, 86,
2027
2028 1619, 86, 86, 1612, 1621, 1614, 86, 86, 1625, 86,
2029 1624, 1617, 1616, 1622, 86, 1615, 1618, 1626, 86, 1634,
2030 1627, 1631, 86, 3353, 1628, 1629, 86, 1619, 86, 86,
2031 1630, 1621, 86, 86, 86, 1625, 1632, 1624, 86, 1639,
2032 1622, 1633, 86, 1635, 1638, 86, 1634, 1627, 1631, 86,
2033 1636, 1628, 1629, 86, 1637, 1640, 1641, 1630, 86, 86,
2034 1643, 1642, 86, 1632, 3353, 1645, 86, 86, 1633, 1646,
2035 1635, 1638, 1644, 1647, 86, 1650, 1649, 1636, 86, 86,
2036 1654, 1637, 86, 1641, 86, 86, 1648, 1643, 1642, 1651,
2037 86, 1652, 1645, 1653, 86, 1655, 1646, 86, 86, 1644,
2038
2039 1647, 86, 1650, 1649, 86, 1656, 1659, 86, 1660, 1657,
2040 3353, 1658, 1667, 1648, 3353, 1666, 1651, 86, 1652, 1661,
2041 1653, 86, 1655, 1662, 3353, 86, 1664, 1665, 86, 1671,
2042 86, 86, 1663, 1659, 86, 1660, 1657, 86, 1658, 86,
2043 1668, 86, 86, 1670, 86, 1669, 1661, 86, 1672, 86,
2044 1662, 86, 1674, 1664, 1665, 86, 1671, 1673, 1675, 1663,
2045 1676, 3353, 1677, 1678, 86, 86, 3353, 1668, 1679, 1680,
2046 1670, 1682, 1669, 86, 86, 1681, 86, 1684, 1685, 86,
2047 86, 1686, 86, 86, 1673, 1675, 86, 86, 1683, 1677,
2048 1678, 1688, 86, 86, 1687, 1679, 1680, 86, 1682, 1693,
2049
2050 86, 1689, 1681, 86, 1684, 1685, 86, 86, 1686, 1694,
2051 1691, 1690, 1692, 1698, 86, 1683, 1695, 86, 1688, 86,
2052 86, 1687, 86, 1696, 1697, 86, 1693, 1699, 1689, 86,
2053 1700, 1708, 86, 1702, 1701, 86, 1694, 1691, 1690, 1692,
2054 1698, 86, 1703, 1695, 1705, 1709, 86, 86, 1704, 1711,
2055 1696, 1697, 1707, 86, 86, 1706, 170, 1700, 86, 86,
2056 1702, 1701, 86, 86, 86, 1712, 1713, 86, 1710, 1703,
2057 1714, 1705, 1709, 86, 86, 1704, 1711, 86, 1715, 1707,
2058 86, 1716, 1706, 86, 1717, 1720, 1721, 1718, 1722, 1719,
2059 3353, 1723, 1712, 1713, 86, 1710, 86, 1714, 86, 1724,
2060
2061 1725, 1726, 1727, 1728, 86, 1715, 86, 86, 1716, 86,
2062 86, 1717, 86, 1721, 1718, 1722, 1719, 1729, 1723, 1730,
2063 1731, 1732, 86, 1733, 86, 1735, 1724, 1725, 86, 1727,
2064 86, 1734, 1738, 86, 86, 86, 1736, 1739, 3353, 1741,
2065 1737, 86, 86, 1748, 1729, 86, 86, 1731, 1732, 86,
2066 1733, 86, 1735, 86, 1740, 1743, 1750, 1749, 1734, 1738,
2067 1742, 1744, 86, 1736, 1739, 86, 1741, 1737, 86, 86,
2068 86, 1745, 1751, 1752, 1746, 86, 1756, 1757, 86, 86,
2069 86, 1740, 1743, 1750, 1749, 1753, 1747, 1742, 1744, 1759,
2070 1754, 86, 86, 1758, 1755, 86, 1760, 1763, 1745, 1751,
2071
2072 1752, 1746, 1761, 86, 1762, 1765, 1764, 86, 1767, 86,
2073 1769, 86, 1753, 1747, 86, 86, 1759, 1754, 86, 86,
2074 86, 1755, 86, 1760, 1763, 86, 1766, 1768, 86, 1761,
2075 1770, 1772, 1765, 1764, 86, 1767, 86, 1771, 1774, 1773,
2076 1775, 3353, 86, 86, 1780, 1778, 1776, 1777, 1779, 1783,
2077 3353, 86, 86, 1766, 1768, 86, 86, 86, 86, 86,
2078 86, 1785, 86, 86, 1771, 1774, 1773, 86, 86, 1781,
2079 1782, 1780, 1778, 1776, 1777, 1779, 1783, 1784, 1786, 86,
2080 1788, 1787, 86, 86, 86, 1789, 1791, 1790, 1785, 86,
2081 1797, 3353, 1792, 3108, 3109, 86, 1781, 1782, 1793, 86,
2082
2083 86, 86, 1795, 86, 1784, 1786, 1794, 1788, 1787, 86,
2084 1796, 1800, 1789, 86, 1790, 86, 86, 86, 86, 1792,
2085 1798, 1799, 86, 1801, 1802, 1793, 86, 86, 1803, 1795,
2086 1805, 1804, 1807, 1794, 86, 1806, 86, 1796, 1800, 86,
2087 1808, 86, 3353, 86, 86, 1811, 1815, 1798, 1799, 86,
2088 1801, 1802, 1833, 86, 1816, 1803, 86, 1805, 1804, 1807,
2089 86, 1809, 1806, 1812, 1810, 1817, 1821, 1808, 1813, 1814,
2090 86, 86, 1811, 1815, 1818, 86, 1819, 1824, 1820, 86,
2091 1822, 86, 3353, 3353, 86, 86, 1825, 1834, 1809, 86,
2092 1812, 1810, 86, 86, 86, 1813, 1814, 1828, 1823, 86,
2093
2094 1827, 1818, 86, 1819, 1824, 1820, 86, 1822, 86, 1826,
2095 1829, 86, 1832, 1825, 86, 86, 1830, 86, 86, 1831,
2096 1837, 1835, 1838, 1842, 1828, 1823, 1836, 1827, 86, 86,
2097 86, 1839, 3353, 1840, 86, 86, 1826, 1829, 1841, 1832,
2098 86, 1843, 86, 1830, 1846, 86, 1831, 1837, 1835, 1838,
2099 1842, 1845, 1844, 1836, 86, 1847, 86, 1848, 1839, 1849,
2100 86, 3353, 1850, 1854, 1855, 86, 86, 3353, 1843, 1852,
2101 86, 1846, 1853, 86, 1856, 86, 1851, 3353, 1845, 1844,
2102 86, 86, 1847, 1857, 1848, 86, 1849, 86, 86, 1850,
2103 1854, 1855, 86, 1858, 1860, 1862, 1852, 1861, 1859, 1853,
2104
2105 86, 1856, 1864, 1851, 1863, 1865, 1866, 86, 1867, 86,
2106 1857, 3353, 1870, 3353, 86, 1868, 1869, 1874, 1871, 1878,
2107 1872, 1860, 1862, 1873, 1861, 86, 86, 86, 3353, 86,
2108 3353, 1863, 1865, 86, 86, 1876, 86, 86, 1875, 86,
2109 86, 1877, 1868, 1869, 86, 1871, 1880, 1872, 1879, 86,
2110 1873, 86, 86, 1881, 86, 1882, 1884, 1885, 1883, 86,
2111 1888, 86, 1876, 1890, 1886, 1875, 1887, 86, 1877, 1891,
2112 86, 86, 1892, 1880, 86, 1879, 86, 86, 1893, 86,
2113 1881, 1889, 1882, 1884, 1885, 1883, 86, 86, 1895, 1894,
2114 1896, 1886, 1897, 1887, 1899, 86, 86, 86, 86, 1892,
2115
2116 1898, 86, 1900, 1902, 1903, 86, 1904, 86, 1889, 1901,
2117 1906, 1905, 86, 86, 86, 1895, 1894, 1896, 1907, 86,
2118 86, 1908, 1913, 1909, 1910, 3353, 86, 1898, 86, 1900,
2119 1902, 86, 86, 1904, 86, 1912, 1901, 1906, 1905, 1911,
2120 86, 86, 1915, 86, 1914, 1907, 1917, 86, 1908, 86,
2121 1909, 1910, 86, 1916, 170, 1918, 1919, 86, 1923, 1920,
2122 1921, 86, 1912, 1924, 1922, 86, 1911, 1927, 86, 1915,
2123 1926, 1914, 86, 86, 86, 86, 86, 1925, 1928, 86,
2124 1916, 1933, 1918, 1919, 1929, 1923, 1920, 1921, 86, 1930,
2125 1931, 1922, 86, 1934, 1927, 86, 1932, 1926, 1937, 1936,
2126
2127 1935, 1939, 1938, 3353, 1925, 86, 86, 1956, 86, 86,
2128 1940, 1929, 86, 86, 86, 86, 86, 1931, 1942, 86,
2129 86, 1941, 86, 1932, 86, 1937, 1936, 1935, 1939, 1938,
2130 86, 1943, 1944, 1947, 1945, 1946, 1950, 1940, 1948, 86,
2131 86, 1955, 1954, 86, 1953, 1942, 1957, 86, 1941, 86,
2132 86, 1949, 86, 86, 86, 86, 86, 1951, 1943, 1944,
2133 1947, 1945, 1946, 1950, 1952, 1948, 86, 1958, 86, 1954,
2134 1960, 1953, 1959, 1957, 1965, 86, 1961, 1962, 1949, 86,
2135 86, 86, 1966, 86, 1951, 1963, 1967, 1964, 1968, 1969,
2136 1971, 1952, 1970, 1973, 1958, 86, 86, 1960, 86, 1959,
2137
2138 86, 1965, 86, 1961, 1962, 1972, 1974, 1975, 1977, 86,
2139 1976, 86, 1963, 86, 1964, 1968, 86, 1971, 86, 1970,
2140 86, 1978, 1979, 1980, 1982, 86, 1985, 1991, 1981, 86,
2141 86, 1983, 1972, 1974, 86, 1984, 1987, 1976, 86, 86,
2142 86, 1989, 86, 1988, 1986, 3353, 3353, 1990, 1978, 3353,
2143 1980, 86, 86, 86, 86, 1981, 86, 86, 1983, 86,
2144 1999, 3353, 1984, 1987, 2006, 86, 1996, 86, 1989, 86,
2145 1988, 1986, 1997, 86, 1990, 1992, 1993, 1994, 1998, 2000,
2146 86, 86, 1995, 2001, 2003, 86, 86, 2005, 2002, 2004,
2147 86, 2006, 86, 1996, 2008, 2007, 2012, 86, 2014, 1997,
2148
2149 2009, 86, 1992, 1993, 1994, 1998, 2000, 86, 3353, 1995,
2150 2010, 2003, 86, 2011, 2005, 86, 2004, 86, 86, 86,
2151 2013, 86, 2007, 86, 86, 2014, 86, 2009, 2015, 2016,
2152 3353, 2017, 2018, 2020, 86, 86, 2019, 2010, 2025, 2021,
2153 2011, 86, 2024, 86, 2022, 2026, 2023, 2013, 86, 2032,
2154 2030, 2031, 86, 2028, 2029, 2015, 2016, 86, 2017, 86,
2155 86, 2027, 86, 2019, 86, 86, 2021, 86, 86, 2024,
2156 86, 2022, 86, 2023, 86, 86, 2032, 2030, 2031, 2034,
2157 2028, 2029, 2033, 86, 2036, 2035, 2037, 2039, 2027, 3353,
2158 86, 2038, 2042, 86, 2041, 2040, 2043, 3353, 3353, 2045,
2159
2160 3353, 2046, 86, 2044, 3353, 3353, 2034, 86, 86, 2033,
2161 2049, 86, 2035, 2037, 2048, 2053, 86, 86, 2038, 86,
2162 86, 2041, 2040, 86, 86, 86, 2045, 2047, 2046, 86,
2163 2044, 2050, 2051, 86, 86, 86, 2052, 2049, 2054, 2055,
2164 86, 2048, 2059, 3353, 2056, 2057, 86, 86, 2060, 86,
2165 2062, 2061, 2063, 86, 2047, 2064, 86, 2065, 2050, 2051,
2166 86, 2058, 86, 2052, 2066, 86, 2055, 86, 86, 2059,
2167 86, 2056, 2057, 86, 2067, 2060, 2068, 86, 2061, 2063,
2168 2069, 2070, 2064, 2071, 2065, 2074, 2075, 86, 2058, 2072,
2169 3353, 2066, 86, 2078, 2073, 2079, 2076, 86, 86, 2081,
2170
2171 86, 2067, 86, 2068, 2095, 86, 86, 2069, 86, 86,
2172 2071, 2077, 86, 2075, 2082, 86, 2072, 2080, 2083, 86,
2173 2078, 2073, 2079, 2076, 86, 2084, 86, 2085, 2086, 2087,
2174 2088, 86, 2090, 2091, 2092, 2089, 86, 2093, 2077, 86,
2175 86, 2082, 2094, 2096, 2080, 2083, 86, 86, 3353, 2097,
2176 86, 86, 86, 86, 2085, 2086, 2087, 2088, 2098, 2090,
2177 86, 86, 2089, 2099, 2100, 2102, 2101, 2103, 2104, 86,
2178 86, 2105, 2106, 2107, 3353, 86, 2097, 86, 86, 2108,
2179 86, 86, 86, 2109, 2115, 2098, 2112, 2110, 86, 2111,
2180 2099, 2113, 2102, 2101, 2103, 2104, 86, 86, 86, 2106,
2181
2182 2114, 170, 86, 86, 2116, 86, 2108, 2119, 86, 2118,
2183 2109, 86, 2117, 2112, 2110, 86, 2111, 2121, 2113, 86,
2184 2120, 2123, 2122, 3353, 2126, 3353, 86, 2114, 86, 2124,
2185 2125, 86, 2129, 2130, 2119, 3353, 3353, 2127, 86, 2117,
2186 86, 86, 86, 86, 2121, 86, 2128, 2120, 2123, 2122,
2187 86, 2126, 86, 86, 86, 2132, 2124, 2125, 2131, 2129,
2188 86, 86, 2133, 2134, 2127, 2135, 2138, 2136, 2137, 2141,
2189 2139, 2142, 2143, 2128, 86, 86, 86, 86, 86, 2140,
2190 2144, 86, 2132, 3353, 86, 2131, 86, 86, 2146, 2133,
2191 2134, 86, 86, 2138, 2136, 2137, 2141, 2139, 86, 2143,
2192
2193 2145, 86, 86, 86, 3353, 2147, 2140, 2144, 2149, 86,
2194 2150, 2151, 3353, 2152, 3353, 2146, 2148, 86, 86, 2154,
2195 2155, 2158, 2156, 2153, 3353, 2160, 86, 2145, 86, 2164,
2196 2159, 86, 2147, 2162, 86, 2149, 86, 2150, 2151, 86,
2197 2152, 86, 2157, 2148, 86, 86, 2154, 2155, 86, 2156,
2198 2153, 2161, 2160, 2163, 86, 2165, 86, 2159, 2166, 2168,
2199 2162, 86, 86, 2167, 2169, 86, 86, 2170, 2172, 2157,
2200 2171, 2173, 86, 2174, 3353, 2178, 2176, 3353, 2161, 2175,
2201 2163, 86, 2165, 86, 86, 2166, 86, 3353, 86, 2179,
2202 2167, 2169, 86, 2177, 86, 2172, 86, 2171, 2173, 86,
2203
2204 86, 86, 2178, 2176, 2180, 86, 2175, 86, 2181, 2182,
2205 86, 2184, 2189, 2183, 2185, 86, 2179, 2186, 2190, 86,
2206 2177, 2187, 86, 86, 86, 86, 86, 2192, 2191, 86,
2207 3353, 2180, 3353, 2195, 2188, 2181, 2182, 2193, 2184, 2189,
2208 2183, 2185, 86, 86, 2186, 2190, 86, 2196, 2187, 2194,
2209 2198, 2197, 2203, 2200, 86, 2191, 86, 86, 86, 2199,
2210 2195, 2188, 86, 2201, 2193, 2205, 2204, 2202, 2211, 86,
2211 86, 2207, 86, 2206, 2196, 86, 2194, 2198, 2197, 2203,
2212 2200, 2208, 2209, 86, 86, 86, 2199, 86, 86, 86,
2213 2201, 2210, 2205, 2204, 2202, 86, 86, 2213, 2207, 2215,
2214
2215 2206, 2212, 86, 2219, 86, 2214, 3353, 86, 2208, 2209,
2216 2218, 2216, 2220, 2217, 2228, 2221, 2222, 86, 2210, 86,
2217 2223, 86, 86, 2229, 2213, 2224, 2215, 2225, 2212, 86,
2218 86, 86, 2214, 86, 86, 86, 2226, 2218, 2216, 2220,
2219 2217, 86, 2221, 2222, 86, 2227, 86, 2230, 2231, 86,
2220 2229, 2232, 86, 2234, 2225, 86, 3353, 2233, 86, 86,
2221 2235, 2238, 2236, 2226, 2240, 3353, 2241, 2239, 2242, 86,
2222 2237, 3353, 2227, 3353, 2230, 2231, 2243, 3353, 86, 86,
2223 2234, 86, 86, 86, 2233, 2247, 86, 2235, 86, 2236,
2224 86, 2240, 86, 2241, 2239, 2242, 2244, 2237, 86, 2245,
2225
2226 2248, 2251, 2246, 2243, 2249, 86, 86, 2252, 3353, 2250,
2227 86, 3353, 2247, 2255, 3353, 2253, 86, 86, 2254, 2256,
2228 2260, 3353, 3353, 2244, 2257, 86, 2245, 2248, 2251, 2246,
2229 86, 2259, 2258, 86, 2252, 86, 86, 2263, 86, 86,
2230 2255, 86, 2253, 2261, 2262, 2254, 2256, 86, 86, 86,
2231 2264, 2257, 86, 86, 2265, 2268, 2269, 2266, 2259, 2258,
2232 2267, 2271, 86, 86, 2263, 2274, 86, 2270, 2280, 2275,
2233 2261, 2262, 86, 86, 3353, 86, 3353, 2264, 86, 86,
2234 2272, 2265, 2268, 2269, 2266, 2276, 86, 2267, 2271, 86,
2235 2277, 2279, 2274, 2273, 2270, 86, 2275, 86, 2278, 86,
2236
2237 86, 86, 2282, 2281, 2284, 2283, 2285, 2272, 2286, 86,
2238 2287, 2288, 2276, 86, 2290, 170, 2289, 2277, 2279, 2291,
2239 2273, 86, 86, 2292, 2304, 2278, 2293, 86, 86, 86,
2240 2281, 2284, 2283, 2285, 2294, 2286, 2295, 2287, 2309, 3353,
2241 2296, 86, 2299, 86, 2300, 86, 86, 86, 2301, 2302,
2242 2292, 86, 2306, 2293, 2297, 2305, 86, 2307, 2308, 2303,
2243 86, 2294, 3353, 86, 86, 2298, 86, 2296, 86, 2299,
2244 86, 86, 2310, 2312, 86, 2301, 2302, 86, 86, 2306,
2245 86, 2297, 2305, 2311, 86, 2308, 2303, 2313, 3353, 2314,
2246 86, 86, 2298, 2315, 86, 86, 86, 2316, 3353, 2310,
2247
2248 2312, 86, 2319, 2318, 2322, 2317, 2321, 2320, 2324, 2326,
2249 2311, 86, 3353, 86, 2313, 86, 2314, 86, 86, 2325,
2250 2315, 86, 2323, 2327, 2316, 86, 86, 86, 2330, 2319,
2251 2318, 2322, 2317, 2321, 2320, 86, 2326, 2328, 86, 2329,
2252 2332, 2335, 86, 86, 2331, 86, 2325, 2333, 86, 2323,
2253 2327, 2334, 86, 2336, 2339, 2330, 2340, 2337, 86, 86,
2254 86, 86, 86, 2345, 2328, 86, 2329, 2332, 86, 2338,
2255 2342, 2331, 86, 2343, 2333, 86, 86, 86, 2334, 2341,
2256 2336, 2339, 2347, 2340, 2337, 2344, 2348, 86, 86, 2346,
2257 2345, 86, 2349, 2350, 3353, 86, 2338, 2342, 2352, 2351,
2258
2259 2343, 2353, 2357, 86, 2356, 2354, 2341, 86, 2358, 2347,
2260 2355, 2359, 2344, 2348, 2362, 86, 2346, 86, 86, 2349,
2261 86, 86, 86, 2365, 86, 2352, 2351, 2360, 2353, 86,
2262 86, 2356, 2354, 86, 2361, 2358, 2366, 2355, 86, 86,
2263 86, 2362, 2363, 2367, 2368, 2364, 2369, 2371, 86, 2370,
2264 86, 2372, 2373, 86, 2360, 2375, 86, 2377, 2379, 2374,
2265 86, 2361, 86, 86, 2380, 86, 86, 86, 2376, 2363,
2266 2367, 2368, 2364, 2369, 2371, 2378, 2370, 86, 86, 86,
2267 86, 2381, 86, 2382, 86, 2379, 2374, 86, 2383, 2385,
2268 2384, 86, 2386, 2387, 2389, 2376, 86, 86, 2393, 2388,
2269
2270 2390, 2391, 2378, 86, 2395, 2392, 86, 86, 86, 86,
2271 2382, 3353, 2398, 2394, 86, 2383, 2385, 2384, 3353, 2386,
2272 86, 86, 86, 2397, 86, 2393, 2388, 2390, 2391, 86,
2273 2396, 86, 2392, 2399, 2400, 86, 2401, 86, 86, 2398,
2274 2394, 2402, 86, 2403, 2404, 86, 2405, 86, 86, 2406,
2275 2397, 2407, 2408, 2409, 2410, 2411, 86, 2396, 3353, 86,
2276 2399, 2400, 2414, 86, 2424, 86, 86, 2413, 2402, 86,
2277 2403, 2404, 2418, 2405, 86, 86, 86, 2412, 2407, 2408,
2278 2409, 2410, 86, 2415, 86, 2419, 2416, 86, 3353, 2414,
2279 2417, 86, 86, 2420, 2413, 86, 86, 2426, 86, 2418,
2280
2281 2425, 2432, 86, 86, 2412, 2436, 2421, 2427, 2429, 2428,
2282 2415, 86, 2419, 2416, 2435, 86, 2431, 2417, 86, 86,
2283 2420, 2422, 86, 2423, 2426, 2430, 86, 2425, 2432, 86,
2284 86, 86, 2433, 2421, 2427, 2429, 2428, 86, 86, 2434,
2285 2437, 2435, 2438, 2431, 3353, 2441, 86, 86, 2422, 2439,
2286 2423, 2440, 2430, 2443, 86, 2442, 2449, 2444, 3353, 2433,
2287 3353, 86, 2450, 2445, 2451, 2446, 2434, 2437, 2447, 86,
2288 2455, 86, 2441, 86, 86, 86, 2439, 86, 2440, 2453,
2289 2443, 86, 2442, 86, 2444, 2448, 86, 86, 86, 2452,
2290 2445, 2451, 2446, 2454, 86, 2447, 86, 86, 86, 2456,
2291
2292 2458, 2459, 86, 2460, 2461, 2463, 2453, 2457, 86, 2466,
2293 2462, 2464, 2448, 3353, 3353, 86, 2452, 2465, 2467, 86,
2294 2454, 86, 170, 86, 86, 86, 2456, 2458, 2459, 86,
2295 2460, 2461, 86, 2469, 2457, 86, 2466, 2462, 2464, 2468,
2296 2470, 2471, 2472, 2473, 2465, 2467, 2474, 2476, 86, 86,
2297 2475, 86, 2479, 2478, 2477, 2480, 2482, 3353, 86, 2483,
2298 2469, 2481, 2489, 86, 86, 2484, 2468, 2470, 2471, 2472,
2299 2473, 3353, 86, 86, 86, 86, 86, 2475, 86, 86,
2300 2478, 2477, 2485, 86, 86, 2486, 2483, 86, 2481, 2488,
2301 2490, 86, 2484, 2487, 86, 3353, 2491, 86, 86, 2492,
2302
2303 2493, 86, 2494, 86, 3353, 2500, 2495, 2496, 3353, 2485,
2304 3353, 3353, 2486, 2497, 2498, 86, 2488, 2490, 86, 2499,
2305 2487, 86, 86, 2491, 86, 86, 2492, 2493, 86, 86,
2306 2501, 86, 86, 2495, 2496, 2505, 2502, 2506, 2503, 2508,
2307 2497, 2498, 86, 2504, 86, 86, 2499, 2507, 86, 2509,
2308 86, 2510, 3353, 2519, 86, 3353, 2529, 2501, 86, 2511,
2309 86, 86, 2505, 2502, 2506, 2503, 2508, 2512, 86, 2513,
2310 2504, 2514, 86, 2515, 2507, 86, 2516, 86, 2510, 86,
2311 2518, 86, 2520, 2521, 2517, 86, 2511, 2522, 86, 2524,
2312 3353, 86, 2531, 86, 2512, 86, 2513, 2525, 2514, 2523,
2313
2314 2515, 86, 86, 2516, 2527, 86, 2528, 2518, 86, 2520,
2315 2521, 2517, 86, 2530, 2522, 86, 2524, 2526, 86, 86,
2316 2532, 86, 2533, 2534, 2525, 2536, 2523, 2541, 86, 86,
2317 86, 2527, 86, 2528, 2537, 2535, 86, 2539, 86, 2542,
2318 2530, 2538, 86, 2540, 2526, 2543, 2544, 2532, 86, 86,
2319 2534, 2552, 2536, 2547, 86, 2546, 86, 2549, 2545, 86,
2320 86, 2537, 2535, 2548, 2539, 86, 86, 2554, 2538, 86,
2321 2540, 86, 86, 2544, 2550, 86, 2551, 86, 86, 2553,
2322 2547, 86, 2546, 2555, 2549, 2545, 2556, 2557, 2558, 86,
2323 2548, 86, 86, 2561, 2559, 2560, 2562, 86, 86, 86,
2324
2325 3353, 2550, 86, 2551, 86, 2563, 2553, 2564, 2565, 2566,
2326 2555, 2568, 86, 2556, 86, 2558, 86, 2567, 2570, 86,
2327 2561, 2559, 2560, 86, 86, 2571, 86, 86, 2569, 2574,
2328 2572, 86, 2563, 86, 2564, 2565, 2566, 86, 2568, 2573,
2329 2575, 86, 86, 2576, 2567, 2570, 86, 86, 2577, 2578,
2330 2579, 86, 2571, 2580, 3353, 2569, 2574, 2572, 2582, 2581,
2331 3353, 2583, 86, 2584, 2585, 86, 2573, 86, 2588, 2590,
2332 86, 2591, 2587, 3353, 3353, 86, 86, 2579, 86, 86,
2333 2580, 86, 2586, 86, 86, 2582, 2581, 86, 2583, 86,
2334 2584, 2585, 2589, 2593, 2592, 86, 86, 2594, 86, 2587,
2335
2336 86, 2595, 2600, 2597, 2596, 2598, 2599, 3353, 86, 2586,
2337 86, 86, 86, 86, 2602, 86, 86, 86, 2601, 2589,
2338 2593, 2592, 2608, 2604, 2594, 86, 2606, 2603, 2595, 86,
2339 2597, 2596, 2598, 2599, 86, 2605, 86, 86, 86, 86,
2340 2607, 2602, 2609, 2612, 2610, 2601, 2611, 2614, 86, 2608,
2341 2604, 86, 86, 2606, 2603, 170, 86, 2615, 86, 2613,
2342 86, 2617, 2605, 2616, 86, 2618, 2619, 2607, 2620, 2609,
2343 2612, 2610, 2621, 2611, 2614, 2622, 86, 2623, 2625, 2627,
2344 2624, 86, 3353, 86, 2615, 3353, 2613, 86, 2617, 86,
2345 2616, 86, 2618, 86, 86, 86, 2632, 2634, 86, 2621,
2346
2347 2626, 86, 2622, 86, 2623, 2625, 2627, 2624, 86, 2628,
2348 2629, 2631, 2630, 2633, 86, 2638, 86, 86, 86, 86,
2349 86, 2635, 86, 2632, 2634, 2636, 2637, 2626, 86, 2639,
2350 2640, 2643, 2642, 2644, 86, 86, 2628, 2629, 2631, 2630,
2351 2633, 86, 2638, 86, 2641, 2645, 2646, 2648, 2635, 86,
2352 86, 86, 2636, 2637, 2647, 86, 86, 2640, 86, 2642,
2353 2644, 2650, 2654, 86, 2649, 2655, 2651, 86, 2652, 2653,
2354 86, 2641, 86, 2646, 2648, 86, 86, 86, 2656, 86,
2355 2658, 2647, 2659, 2660, 2661, 86, 2663, 2670, 2650, 86,
2356 2657, 2649, 86, 2651, 2662, 2652, 2653, 2666, 86, 86,
2357
2358 2664, 86, 2665, 86, 2667, 2656, 2669, 2658, 86, 86,
2359 86, 86, 86, 2663, 2670, 86, 86, 2657, 2668, 86,
2360 2671, 2662, 2673, 2672, 2666, 86, 2674, 2664, 86, 2665,
2361 2676, 2667, 2678, 2669, 86, 3353, 2675, 2677, 86, 86,
2362 2679, 3353, 2684, 3353, 2680, 2668, 2683, 86, 86, 86,
2363 2672, 86, 86, 2674, 86, 2687, 2686, 2676, 2681, 2678,
2364 2685, 2682, 86, 2675, 2677, 86, 86, 2679, 86, 86,
2365 86, 2680, 86, 2683, 2688, 2690, 2692, 2689, 2693, 2691,
2366 2694, 2695, 86, 2686, 2698, 2681, 3353, 2685, 2682, 86,
2367 86, 86, 2701, 86, 86, 2700, 2702, 2699, 86, 86,
2368
2369 2704, 2688, 2690, 2692, 2689, 86, 2691, 2694, 2695, 2696,
2370 2697, 86, 86, 86, 2706, 86, 86, 86, 2703, 2701,
2371 2705, 2710, 2700, 86, 2699, 2708, 86, 86, 2707, 3353,
2372 2711, 2709, 86, 2713, 3353, 2716, 2696, 2697, 86, 86,
2373 86, 2706, 86, 2717, 2712, 2703, 2718, 2705, 86, 86,
2374 2714, 2715, 2708, 86, 2719, 2707, 86, 2711, 2709, 2720,
2375 86, 86, 2716, 2721, 86, 86, 86, 2722, 2725, 2723,
2376 2717, 2712, 2726, 86, 2727, 2724, 2729, 2714, 2715, 2728,
2377 86, 2719, 86, 2730, 2733, 86, 86, 86, 86, 86,
2378 2721, 2731, 86, 2734, 2722, 2725, 2723, 86, 86, 2726,
2379
2380 2732, 2727, 2724, 2729, 2735, 86, 2728, 2737, 2736, 2743,
2381 2730, 86, 86, 86, 2738, 2739, 2740, 2741, 2731, 2742,
2382 86, 86, 2745, 86, 86, 2744, 2746, 2732, 86, 86,
2383 2748, 170, 2749, 2750, 2737, 2736, 2743, 2747, 2751, 86,
2384 2752, 2738, 2739, 2755, 2741, 86, 2742, 86, 86, 86,
2385 2753, 86, 2744, 86, 3353, 2754, 86, 86, 2756, 2749,
2386 2758, 2757, 86, 2761, 2747, 86, 2762, 2752, 86, 86,
2387 2760, 2763, 86, 2764, 2759, 86, 3353, 2753, 86, 2765,
2388 2767, 86, 2754, 86, 2766, 2756, 86, 2758, 2757, 86,
2389 2761, 2768, 2770, 2769, 86, 86, 2772, 2760, 86, 2771,
2390
2391 2764, 2759, 86, 86, 86, 86, 2765, 2767, 86, 2774,
2392 2773, 2766, 2775, 2777, 86, 86, 2776, 2779, 2768, 2770,
2393 2769, 86, 3353, 2772, 86, 2778, 2771, 86, 2782, 2780,
2394 86, 86, 2784, 2781, 86, 86, 2774, 2773, 2783, 2775,
2395 2777, 86, 86, 2776, 2785, 2786, 86, 2789, 2787, 86,
2396 86, 2788, 2778, 86, 2790, 2782, 2780, 2791, 2794, 86,
2397 2781, 2792, 86, 86, 86, 2783, 86, 2793, 86, 86,
2398 2796, 2785, 2786, 2797, 86, 2787, 2798, 2795, 2788, 86,
2399 2799, 2790, 2800, 2804, 2791, 86, 2803, 3353, 2792, 2801,
2400 86, 2806, 2802, 2805, 2793, 3353, 2809, 2810, 2811, 2807,
2401
2402 86, 86, 86, 2812, 2795, 86, 86, 86, 86, 2800,
2403 86, 86, 86, 2803, 86, 86, 2801, 86, 2806, 2802,
2404 2805, 2808, 86, 2809, 2810, 86, 2807, 2813, 2814, 2816,
2405 86, 2815, 2817, 86, 2819, 2818, 2820, 2822, 2823, 86,
2406 2824, 2821, 2825, 2826, 3353, 86, 2828, 2827, 2808, 86,
2407 2831, 86, 86, 86, 86, 2814, 86, 86, 2815, 2817,
2408 86, 2819, 2818, 2829, 2822, 2823, 86, 2824, 86, 86,
2409 86, 86, 86, 2828, 2827, 2830, 2833, 86, 2832, 2834,
2410 2835, 2836, 86, 2837, 2838, 2839, 2840, 2848, 2842, 2841,
2411 2829, 86, 86, 2843, 2844, 86, 3353, 86, 86, 2849,
2412
2413 2850, 86, 2830, 86, 86, 2832, 2834, 86, 2836, 2847,
2414 2837, 2838, 86, 86, 2851, 2845, 2841, 86, 2846, 86,
2415 86, 2844, 86, 86, 2852, 86, 2849, 2850, 2853, 2854,
2416 86, 2855, 3353, 86, 2857, 2856, 2847, 2862, 2858, 2859,
2417 2864, 86, 2845, 2861, 86, 2846, 86, 86, 86, 2860,
2418 2863, 2852, 86, 86, 3353, 2853, 2854, 3353, 2855, 86,
2419 86, 2857, 2856, 86, 2862, 2858, 2859, 86, 2865, 3353,
2420 2861, 86, 2866, 2868, 2869, 2870, 2860, 2863, 2871, 2873,
2421 2867, 86, 86, 2872, 2874, 2875, 86, 2876, 3353, 2877,
2422 3353, 2878, 3353, 86, 86, 2865, 86, 2879, 2881, 2866,
2423
2424 2868, 2869, 2870, 2880, 2882, 2885, 2883, 2867, 3353, 86,
2425 86, 86, 2875, 86, 86, 86, 2877, 86, 2878, 2884,
2426 86, 2887, 2888, 86, 2879, 2881, 86, 86, 2886, 86,
2427 2880, 2882, 2885, 2883, 2889, 2890, 86, 2891, 2892, 2893,
2428 86, 86, 86, 86, 2894, 2895, 2884, 2896, 2887, 2888,
2429 2897, 2898, 2899, 86, 2904, 2886, 3353, 2900, 2901, 3353,
2430 2903, 2889, 2890, 86, 86, 86, 2893, 86, 2902, 86,
2431 2905, 2894, 86, 86, 2896, 86, 86, 86, 2898, 86,
2432 2906, 86, 2907, 2908, 2900, 2901, 86, 2903, 2909, 2910,
2433 86, 2912, 2916, 86, 2911, 2902, 2913, 2905, 86, 86,
2434
2435 86, 2914, 2917, 2915, 2918, 86, 2919, 2906, 86, 2907,
2436 2908, 2920, 2921, 2927, 86, 2909, 2922, 86, 2912, 86,
2437 86, 86, 2923, 2913, 86, 86, 2925, 2937, 2914, 86,
2438 2915, 2918, 2928, 2919, 86, 2930, 2931, 86, 2920, 86,
2439 2924, 2926, 86, 2922, 86, 86, 2929, 86, 86, 2923,
2440 2932, 2933, 86, 2925, 86, 3353, 2938, 86, 86, 2928,
2441 2934, 2939, 2930, 2931, 2943, 2941, 2940, 2924, 2926, 86,
2442 2944, 2935, 86, 2929, 2936, 3353, 86, 2932, 2933, 2947,
2443 3353, 2942, 86, 86, 86, 2945, 86, 2934, 86, 86,
2444 2948, 2943, 2941, 2940, 2946, 2949, 2951, 86, 2935, 86,
2445
2446 2953, 2936, 86, 2950, 2952, 3353, 86, 86, 2942, 86,
2447 86, 2955, 2945, 86, 2956, 3353, 86, 2948, 86, 2959,
2448 2957, 2946, 2949, 2951, 2954, 2960, 86, 2958, 2961, 2964,
2449 2950, 2952, 86, 86, 2967, 2990, 2962, 86, 86, 2965,
2450 86, 2956, 86, 2963, 2966, 86, 2959, 2957, 86, 86,
2451 86, 2954, 2960, 86, 2958, 2961, 86, 86, 86, 2968,
2452 2970, 2967, 2969, 2962, 2971, 3353, 2965, 86, 86, 2973,
2453 2963, 2966, 2972, 86, 2974, 2975, 2977, 86, 2976, 86,
2454 2978, 2979, 2980, 86, 86, 2982, 2968, 2970, 86, 2969,
2455 3353, 2971, 86, 2986, 86, 86, 2973, 2987, 2981, 2972,
2456
2457 2983, 2974, 2975, 86, 86, 2976, 2984, 2978, 86, 86,
2458 2985, 86, 86, 2989, 2991, 86, 2988, 86, 86, 2993,
2459 2986, 86, 2992, 86, 86, 2981, 2994, 2983, 2995, 2996,
2460 86, 86, 2998, 2984, 3001, 2997, 86, 2985, 2999, 86,
2461 2989, 2991, 86, 2988, 3002, 86, 2993, 3000, 3004, 2992,
2462 3003, 3007, 86, 2994, 3006, 2995, 86, 86, 3009, 3008,
2463 86, 86, 2997, 3353, 86, 2999, 86, 3005, 3010, 86,
2464 86, 86, 3011, 3012, 3000, 86, 86, 3003, 3007, 3013,
2465 86, 3006, 3015, 3014, 3017, 3018, 3008, 86, 3016, 3019,
2466 86, 86, 3021, 3353, 3005, 3010, 3020, 3027, 3024, 3011,
2467
2468 3012, 3353, 3353, 86, 3022, 3023, 86, 86, 86, 3015,
2469 3014, 3017, 3025, 86, 3026, 3016, 86, 86, 3028, 3029,
2470 86, 3030, 86, 3020, 86, 86, 3034, 86, 86, 86,
2471 3035, 3022, 3023, 3032, 86, 3031, 3033, 3039, 86, 3025,
2472 86, 3026, 86, 3036, 3037, 3028, 3029, 3038, 86, 3040,
2473 86, 86, 3044, 3034, 3042, 86, 3041, 86, 3043, 3045,
2474 3032, 3046, 3031, 3033, 86, 86, 3049, 86, 3047, 3050,
2475 3036, 3037, 3048, 86, 3038, 3051, 86, 3056, 86, 86,
2476 86, 3042, 86, 3041, 3052, 3043, 86, 3057, 86, 3053,
2477 3065, 86, 86, 3063, 86, 3047, 3050, 3060, 86, 3048,
2478
2479 3054, 3055, 86, 86, 3056, 86, 86, 3058, 86, 3059,
2480 86, 3052, 3061, 3062, 86, 3064, 3053, 86, 3066, 86,
2481 86, 3067, 86, 3069, 3060, 86, 3070, 3054, 3055, 86,
2482 3068, 86, 3071, 3072, 3058, 3073, 3059, 3076, 3353, 3061,
2483 3062, 3074, 86, 3075, 3077, 3066, 86, 3080, 3067, 3353,
2484 86, 3078, 86, 86, 86, 3353, 86, 3068, 86, 3071,
2485 3072, 3081, 86, 3082, 86, 3079, 86, 86, 3074, 86,
2486 3075, 3077, 86, 3084, 3080, 3083, 86, 3091, 3078, 3085,
2487 3086, 86, 3087, 86, 86, 3088, 86, 86, 3081, 3092,
2488 3082, 86, 3079, 3093, 86, 3095, 86, 3096, 3089, 3090,
2489
2490 3084, 3100, 3083, 3094, 3091, 3098, 3085, 3086, 86, 3087,
2491 86, 86, 3088, 3101, 3097, 86, 3092, 3099, 3353, 86,
2492 3093, 86, 3102, 3103, 3096, 3089, 3090, 86, 86, 86,
2493 3094, 86, 3098, 3104, 3105, 3106, 3107, 3110, 3111, 3353,
2494 86, 3097, 86, 3115, 3099, 86, 3112, 3113, 3353, 3102,
2495 86, 3114, 3117, 3116, 3353, 86, 3119, 3120, 3118, 3123,
2496 3104, 3105, 86, 86, 86, 86, 86, 86, 3122, 86,
2497 3115, 86, 3125, 3126, 86, 86, 3127, 3132, 3114, 86,
2498 3116, 3121, 3129, 3119, 3120, 3118, 86, 3124, 86, 86,
2499 86, 86, 86, 3128, 86, 3122, 86, 3130, 3133, 3125,
2500
2501 3126, 3131, 3353, 3127, 86, 86, 3134, 3135, 3121, 3129,
2502 3140, 3142, 3138, 3136, 3124, 86, 3137, 3139, 86, 3141,
2503 3128, 86, 3147, 86, 3130, 86, 3143, 86, 3131, 86,
2504 3144, 86, 86, 3134, 3135, 3148, 3145, 3146, 3142, 3149,
2505 3136, 3150, 86, 3137, 86, 86, 3141, 3151, 3153, 86,
2506 3152, 3154, 86, 3143, 3155, 3156, 3157, 3144, 86, 3158,
2507 86, 3159, 86, 3145, 3146, 3160, 3149, 86, 86, 3161,
2508 86, 3162, 3163, 86, 86, 3153, 3164, 3152, 86, 3165,
2509 86, 86, 3156, 86, 3166, 3167, 86, 3168, 86, 3169,
2510 3170, 3172, 86, 3171, 3174, 3173, 86, 86, 86, 86,
2511
2512 3175, 86, 86, 86, 86, 86, 3165, 86, 86, 3176,
2513 3178, 3166, 86, 3177, 3168, 86, 3169, 3170, 86, 3179,
2514 3171, 3174, 3173, 3180, 3183, 86, 3182, 3175, 86, 3181,
2515 86, 3184, 3185, 86, 3188, 86, 3176, 86, 3187, 3189,
2516 3177, 3186, 86, 3353, 3192, 3353, 3179, 86, 86, 3193,
2517 3180, 3183, 86, 3182, 86, 86, 3181, 3191, 3184, 3190,
2518 86, 3188, 86, 3194, 86, 3187, 3189, 3196, 3186, 3197,
2519 86, 3192, 86, 3195, 86, 86, 3193, 3198, 86, 3199,
2520 3200, 3201, 3204, 3202, 3191, 3203, 3190, 86, 3205, 86,
2521 3194, 86, 3209, 86, 3196, 86, 3197, 3207, 3206, 3353,
2522
2523 3195, 86, 3208, 86, 3198, 86, 86, 86, 86, 3204,
2524 3202, 86, 3203, 3210, 86, 3205, 3211, 3213, 86, 3209,
2525 3212, 3220, 3214, 3215, 3207, 3206, 3216, 3218, 86, 3208,
2526 86, 86, 86, 3217, 3219, 86, 86, 86, 86, 86,
2527 3210, 3221, 3223, 3211, 3213, 3222, 86, 3212, 3220, 3214,
2528 3215, 86, 86, 3216, 3218, 3224, 3226, 3227, 3225, 3228,
2529 3217, 3219, 3229, 86, 86, 86, 86, 3231, 3221, 3223,
2530 86, 3232, 3222, 3230, 3233, 3234, 3353, 3242, 86, 3235,
2531 3237, 3236, 86, 3226, 3227, 3225, 3228, 86, 86, 86,
2532 3238, 86, 3239, 3240, 86, 86, 3245, 86, 3232, 3241,
2533
2534 3230, 86, 86, 3243, 86, 3246, 3235, 3237, 3236, 86,
2535 3244, 86, 86, 3248, 86, 3247, 86, 3238, 86, 3239,
2536 3240, 3249, 86, 3245, 3250, 86, 3241, 3251, 3252, 3253,
2537 3243, 3255, 86, 3256, 3254, 86, 86, 3244, 3257, 3258,
2538 86, 86, 3247, 86, 3259, 3260, 3264, 86, 86, 3353,
2539 3353, 3250, 3265, 3262, 3251, 86, 3253, 86, 86, 86,
2540 3256, 3254, 3261, 3263, 3266, 3257, 3258, 86, 86, 3269,
2541 3270, 86, 3267, 3264, 3268, 86, 86, 86, 86, 86,
2542 3262, 86, 86, 3272, 3274, 3271, 3273, 3276, 3275, 3261,
2543 3263, 86, 86, 86, 86, 86, 3269, 3270, 86, 3267,
2544
2545 3277, 3268, 86, 3278, 3279, 86, 3283, 3284, 3281, 3280,
2546 3272, 3274, 3271, 3273, 3276, 3275, 86, 86, 3282, 3285,
2547 3286, 3287, 86, 3353, 3291, 86, 86, 3277, 3288, 86,
2548 3278, 86, 3289, 86, 3284, 3281, 3280, 3292, 3293, 3294,
2549 3295, 3290, 3297, 86, 3296, 3282, 86, 3286, 3287, 86,
2550 86, 86, 86, 3298, 86, 3288, 86, 3300, 3302, 3289,
2551 86, 86, 86, 86, 86, 3293, 86, 3295, 3290, 3297,
2552 3299, 3296, 86, 3301, 3353, 3303, 3304, 3307, 86, 3310,
2553 3298, 86, 3311, 3308, 3309, 3302, 3353, 3305, 3353, 86,
2554 3306, 86, 86, 86, 3312, 3314, 86, 3299, 3313, 86,
2555
2556 3301, 86, 3303, 86, 3307, 86, 3310, 3315, 86, 3311,
2557 3308, 3309, 86, 3317, 3305, 3316, 86, 3306, 3318, 3319,
2558 3353, 3312, 3314, 86, 3321, 3313, 3322, 3320, 3323, 3353,
2559 3325, 3324, 86, 86, 3315, 3331, 3353, 3329, 3353, 86,
2560 3317, 86, 3316, 3326, 86, 3318, 3319, 86, 3327, 3333,
2561 86, 3321, 3328, 86, 3320, 3323, 86, 86, 3324, 86,
2562 86, 3330, 86, 86, 3329, 3332, 3335, 3334, 86, 86,
2563 3326, 86, 3336, 86, 86, 3327, 3333, 3337, 3338, 3328,
2564 86, 3341, 3339, 3340, 3342, 3344, 3343, 3345, 3330, 86,
2565 86, 86, 3332, 3335, 3334, 3346, 3347, 3348, 3353, 3336,
2566
2567 3351, 3353, 3352, 86, 3337, 86, 86, 86, 3341, 3339,
2568 3340, 86, 86, 3343, 86, 86, 3353, 3349, 86, 86,
2569 3350, 3353, 3346, 3347, 3348, 86, 3353, 86, 86, 86,
2570 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
2571 3353, 3353, 3353, 3353, 3349, 3353, 3353, 3350, 47, 47,
1691 333, 86, 329, 342, 86, 331, 339, 86, 3557, 323,
1692 345, 324, 327, 336, 341, 3557, 346, 3557, 86, 320,
1693 3557, 3557, 321, 347, 322, 337, 86, 333, 86, 343,
1694 86, 86, 331, 339, 344, 86, 323, 86, 324, 348,
1695 336, 341, 86, 346, 86, 352, 86, 349, 350, 353,
1696 347, 354, 355, 356, 86, 3557, 343, 351, 357, 361,
1697
1698 358, 344, 86, 86, 86, 86, 348, 86, 86, 86,
1699 86, 363, 352, 86, 349, 350, 353, 359, 354, 355,
1700 356, 86, 360, 362, 351, 357, 361, 358, 364, 365,
1701 366, 367, 86, 86, 86, 368, 369, 370, 363, 86,
1702 374, 375, 373, 86, 372, 377, 3557, 379, 376, 86,
1703 362, 378, 86, 380, 381, 364, 86, 366, 367, 86,
1704 86, 86, 86, 369, 370, 382, 86, 86, 384, 373,
1705 395, 372, 86, 86, 379, 376, 385, 86, 378, 86,
1706 380, 86, 387, 388, 389, 391, 86, 390, 383, 392,
1707 394, 393, 396, 386, 86, 86, 86, 86, 399, 170,
1708
1709 86, 86, 86, 385, 86, 86, 397, 398, 401, 387,
1710 388, 389, 391, 86, 390, 383, 392, 394, 393, 400,
1711 386, 86, 404, 402, 86, 403, 406, 407, 86, 86,
1712 86, 86, 86, 397, 398, 401, 408, 405, 86, 86,
1713 409, 86, 412, 415, 411, 414, 400, 413, 3557, 404,
1714 402, 86, 403, 86, 407, 86, 86, 416, 86, 417,
1715 418, 86, 419, 408, 405, 420, 86, 409, 86, 412,
1716 415, 411, 414, 86, 413, 421, 422, 424, 86, 423,
1717 86, 86, 86, 428, 416, 427, 417, 418, 86, 419,
1718 425, 429, 430, 432, 433, 434, 3557, 86, 3557, 436,
1719
1720 86, 86, 421, 86, 86, 86, 423, 426, 86, 86,
1721 428, 86, 427, 86, 435, 437, 431, 425, 438, 3557,
1722 432, 433, 434, 86, 86, 86, 436, 86, 86, 439,
1723 440, 441, 3557, 442, 426, 443, 446, 444, 86, 86,
1724 86, 435, 437, 431, 86, 438, 447, 448, 456, 3557,
1725 449, 86, 86, 3557, 445, 490, 439, 440, 441, 86,
1726 442, 86, 443, 446, 444, 86, 86, 457, 471, 464,
1727 3557, 86, 3557, 3557, 448, 456, 86, 449, 86, 458,
1728 463, 445, 450, 86, 459, 451, 460, 86, 465, 3557,
1729 452, 453, 454, 455, 457, 86, 464, 466, 467, 461,
1730
1731 86, 86, 462, 86, 86, 468, 458, 463, 86, 450,
1732 469, 459, 451, 460, 470, 465, 474, 452, 453, 454,
1733 455, 478, 86, 475, 466, 467, 461, 3557, 86, 462,
1734 472, 479, 480, 473, 481, 86, 482, 86, 86, 86,
1735 86, 470, 483, 474, 476, 477, 3557, 3557, 478, 86,
1736 475, 485, 484, 489, 86, 486, 86, 472, 479, 86,
1737 473, 481, 86, 482, 86, 86, 487, 496, 86, 483,
1738 86, 476, 477, 86, 86, 497, 488, 498, 485, 484,
1739 489, 495, 486, 86, 491, 3557, 492, 3557, 86, 86,
1740 499, 508, 503, 487, 496, 493, 500, 3557, 509, 86,
1741
1742 510, 3557, 494, 488, 498, 86, 3557, 86, 495, 86,
1743 86, 491, 86, 492, 501, 504, 502, 499, 508, 503,
1744 511, 3557, 493, 500, 86, 509, 512, 525, 505, 494,
1745 3557, 506, 86, 507, 86, 3557, 3557, 528, 86, 86,
1746 529, 501, 504, 502, 526, 3557, 3557, 86, 86, 86,
1747 531, 3557, 86, 512, 525, 505, 3557, 530, 506, 533,
1748 507, 513, 527, 514, 528, 543, 532, 529, 86, 515,
1749 86, 526, 86, 516, 86, 544, 548, 531, 517, 542,
1750 545, 518, 170, 86, 530, 550, 533, 86, 513, 527,
1751 514, 86, 543, 532, 546, 551, 515, 86, 553, 3557,
1752
1753 516, 547, 566, 548, 3557, 517, 542, 86, 518, 519,
1754 549, 520, 550, 86, 3557, 86, 555, 552, 86, 554,
1755 86, 546, 551, 86, 521, 86, 556, 522, 547, 523,
1756 86, 524, 557, 3557, 86, 86, 519, 549, 520, 86,
1757 561, 558, 3557, 555, 552, 3557, 554, 86, 562, 3557,
1758 563, 521, 3557, 556, 522, 86, 523, 3557, 524, 534,
1759 535, 559, 86, 564, 86, 567, 565, 561, 558, 536,
1760 537, 538, 539, 540, 568, 562, 541, 563, 86, 560,
1761 569, 86, 571, 86, 86, 86, 534, 535, 559, 570,
1762 564, 86, 567, 565, 573, 86, 536, 537, 538, 539,
1763
1764 540, 568, 86, 541, 574, 86, 560, 569, 572, 578,
1765 86, 575, 576, 3557, 86, 577, 570, 579, 581, 580,
1766 86, 573, 86, 582, 583, 3557, 86, 588, 86, 585,
1767 3557, 574, 86, 604, 586, 572, 578, 607, 609, 589,
1768 86, 584, 577, 86, 579, 581, 580, 86, 86, 587,
1769 582, 583, 86, 86, 588, 590, 585, 86, 591, 593,
1770 86, 586, 592, 3557, 607, 86, 589, 86, 584, 86,
1771 86, 86, 86, 605, 606, 608, 587, 610, 594, 595,
1772 612, 3557, 590, 86, 3557, 591, 593, 611, 613, 592,
1773 596, 86, 597, 86, 614, 617, 86, 86, 616, 618,
1774
1775 605, 606, 608, 86, 610, 594, 595, 612, 86, 86,
1776 3557, 615, 86, 619, 611, 613, 86, 596, 86, 597,
1777 598, 614, 617, 620, 86, 616, 86, 621, 599, 600,
1778 622, 624, 601, 602, 623, 86, 603, 86, 615, 625,
1779 619, 3557, 86, 86, 631, 86, 626, 598, 627, 657,
1780 620, 86, 630, 86, 621, 599, 600, 86, 624, 601,
1781 602, 623, 86, 603, 628, 632, 625, 86, 86, 633,
1782 86, 631, 629, 626, 86, 627, 634, 640, 636, 630,
1783 635, 86, 637, 86, 86, 638, 639, 3557, 641, 642,
1784 86, 628, 632, 643, 86, 3557, 633, 86, 3557, 629,
1785
1786 86, 86, 86, 634, 640, 636, 645, 635, 86, 637,
1787 647, 86, 638, 639, 86, 641, 642, 644, 646, 86,
1788 643, 648, 659, 86, 86, 86, 651, 86, 86, 649,
1789 652, 650, 653, 645, 654, 655, 656, 647, 86, 86,
1790 668, 86, 86, 86, 644, 646, 658, 660, 648, 86,
1791 3557, 86, 661, 651, 86, 665, 649, 652, 650, 653,
1792 664, 654, 655, 656, 86, 86, 666, 662, 86, 86,
1793 663, 667, 86, 658, 660, 670, 669, 671, 86, 661,
1794 3557, 3557, 665, 86, 86, 674, 86, 664, 673, 86,
1795 675, 677, 3557, 666, 662, 86, 679, 663, 667, 86,
1796
1797 672, 86, 670, 669, 676, 681, 678, 86, 86, 86,
1798 86, 682, 674, 680, 86, 673, 86, 675, 677, 86,
1799 683, 3557, 692, 679, 693, 694, 3557, 672, 86, 86,
1800 86, 676, 681, 678, 86, 86, 3557, 86, 682, 3557,
1801 680, 695, 696, 697, 3557, 698, 731, 683, 684, 692,
1802 86, 693, 694, 685, 699, 686, 86, 3557, 706, 702,
1803 3557, 687, 703, 688, 86, 86, 689, 690, 695, 696,
1804 697, 86, 698, 691, 86, 684, 86, 86, 86, 700,
1805 685, 699, 686, 701, 86, 706, 702, 709, 687, 703,
1806 688, 710, 704, 689, 690, 705, 711, 707, 713, 86,
1807
1808 691, 86, 86, 86, 712, 86, 700, 708, 86, 714,
1809 701, 715, 717, 86, 709, 716, 719, 718, 710, 704,
1810 86, 720, 705, 711, 86, 713, 3557, 723, 86, 86,
1811 3557, 712, 86, 744, 708, 86, 714, 721, 715, 717,
1812 724, 86, 716, 719, 718, 86, 722, 86, 720, 86,
1813 726, 86, 725, 727, 723, 729, 732, 728, 86, 3557,
1814 86, 3557, 86, 730, 721, 86, 3557, 724, 734, 733,
1815 738, 86, 735, 722, 86, 86, 86, 726, 86, 725,
1816 727, 86, 729, 732, 728, 86, 170, 739, 736, 737,
1817 730, 741, 740, 86, 86, 734, 733, 738, 86, 735,
1818
1819 86, 86, 742, 743, 746, 745, 751, 747, 3557, 3557,
1820 749, 748, 750, 762, 739, 736, 737, 86, 741, 740,
1821 86, 86, 86, 86, 86, 752, 3557, 760, 86, 742,
1822 86, 765, 745, 751, 747, 86, 86, 749, 748, 750,
1823 753, 757, 756, 759, 761, 86, 758, 754, 763, 86,
1824 755, 764, 752, 86, 86, 766, 768, 86, 86, 771,
1825 767, 769, 86, 86, 772, 770, 773, 753, 775, 756,
1826 759, 86, 86, 86, 754, 86, 86, 755, 86, 774,
1827 776, 86, 778, 768, 86, 86, 771, 86, 769, 86,
1828 86, 772, 770, 773, 777, 775, 779, 780, 783, 781,
1829
1830 784, 792, 86, 86, 86, 86, 774, 776, 782, 778,
1831 785, 786, 787, 86, 3557, 3557, 3557, 86, 86, 788,
1832 86, 777, 86, 86, 780, 783, 781, 784, 86, 793,
1833 3557, 790, 789, 86, 794, 782, 86, 785, 786, 787,
1834 86, 86, 86, 791, 795, 799, 788, 86, 800, 796,
1835 86, 86, 797, 798, 86, 801, 793, 806, 790, 789,
1836 3557, 794, 802, 803, 86, 804, 807, 3557, 86, 86,
1837 791, 795, 799, 86, 86, 800, 796, 808, 805, 797,
1838 798, 3557, 801, 809, 806, 86, 810, 86, 3557, 802,
1839 803, 86, 804, 812, 813, 86, 817, 814, 86, 820,
1840
1841 815, 3557, 821, 816, 808, 805, 86, 86, 811, 86,
1842 809, 86, 86, 810, 818, 86, 86, 819, 86, 86,
1843 812, 813, 822, 817, 814, 823, 820, 815, 86, 86,
1844 816, 824, 825, 86, 828, 811, 826, 86, 827, 86,
1845 86, 818, 3557, 86, 819, 830, 829, 831, 832, 822,
1846 833, 3557, 823, 86, 86, 835, 834, 836, 824, 825,
1847 840, 842, 837, 826, 86, 827, 86, 86, 838, 86,
1848 86, 839, 830, 829, 86, 86, 86, 833, 86, 86,
1849 841, 843, 835, 834, 836, 844, 846, 86, 845, 837,
1850 86, 847, 86, 86, 3557, 838, 854, 848, 839, 849,
1851
1852 853, 3557, 86, 856, 86, 86, 850, 841, 843, 855,
1853 86, 86, 844, 86, 858, 845, 3557, 859, 86, 860,
1854 851, 852, 857, 854, 848, 86, 849, 86, 86, 86,
1855 856, 863, 86, 850, 869, 861, 855, 86, 864, 86,
1856 86, 858, 865, 870, 859, 86, 860, 851, 852, 857,
1857 862, 867, 866, 86, 3557, 871, 868, 879, 872, 86,
1858 86, 869, 861, 86, 86, 864, 86, 873, 877, 865,
1859 870, 3557, 874, 880, 3557, 875, 86, 862, 876, 866,
1860 86, 86, 871, 86, 86, 872, 878, 86, 881, 86,
1861 3557, 882, 86, 86, 873, 877, 86, 883, 884, 874,
1862
1863 880, 889, 875, 86, 885, 876, 86, 86, 886, 86,
1864 888, 892, 86, 878, 890, 881, 891, 887, 882, 893,
1865 3557, 86, 86, 3557, 883, 884, 86, 86, 894, 86,
1866 896, 885, 86, 86, 86, 886, 897, 888, 892, 895,
1867 898, 890, 902, 891, 887, 86, 893, 86, 903, 899,
1868 86, 86, 904, 86, 905, 894, 909, 896, 86, 900,
1869 901, 906, 3557, 897, 907, 86, 895, 898, 86, 902,
1870 86, 3557, 86, 911, 908, 903, 899, 86, 912, 904,
1871 86, 905, 86, 909, 86, 910, 900, 901, 906, 86,
1872 914, 907, 916, 915, 913, 86, 917, 3557, 86, 921,
1873
1874 911, 908, 86, 918, 86, 912, 86, 919, 86, 920,
1875 923, 924, 910, 86, 86, 922, 86, 914, 926, 916,
1876 915, 913, 925, 917, 86, 927, 921, 3557, 86, 86,
1877 918, 86, 928, 86, 919, 86, 920, 923, 924, 929,
1878 86, 930, 922, 931, 932, 926, 933, 934, 936, 925,
1879 3557, 939, 943, 3557, 170, 935, 86, 86, 86, 928,
1880 86, 86, 86, 86, 86, 940, 929, 941, 930, 937,
1881 931, 932, 942, 933, 934, 86, 944, 938, 86, 945,
1882 86, 950, 935, 86, 86, 86, 946, 86, 947, 948,
1883 86, 949, 940, 3557, 941, 86, 937, 951, 86, 942,
1884
1885 86, 86, 86, 944, 938, 952, 945, 953, 950, 86,
1886 962, 954, 3557, 946, 86, 947, 948, 86, 86, 3557,
1887 963, 3557, 86, 86, 951, 964, 967, 965, 976, 3557,
1888 86, 3557, 952, 3557, 953, 3557, 3557, 962, 954, 955,
1889 966, 3557, 956, 86, 86, 969, 957, 963, 86, 958,
1890 3557, 968, 964, 967, 965, 970, 959, 960, 972, 961,
1891 86, 86, 86, 971, 86, 986, 955, 966, 86, 956,
1892 973, 86, 969, 957, 86, 974, 958, 985, 968, 86,
1893 975, 86, 970, 959, 960, 972, 961, 86, 86, 86,
1894 971, 984, 986, 988, 987, 3557, 3557, 973, 86, 86,
1895
1896 992, 990, 974, 86, 985, 3557, 3557, 975, 977, 978,
1897 989, 979, 3557, 86, 980, 993, 86, 991, 984, 981,
1898 988, 987, 86, 86, 86, 982, 983, 992, 990, 994,
1899 996, 995, 86, 1001, 86, 977, 978, 989, 979, 997,
1900 998, 980, 993, 86, 991, 999, 981, 1000, 1003, 1002,
1901 3557, 86, 982, 983, 1004, 1005, 994, 996, 995, 86,
1902 1001, 86, 1006, 86, 1008, 1007, 997, 86, 1009, 1010,
1903 86, 1011, 86, 1016, 1000, 1003, 1002, 86, 1012, 86,
1904 86, 1004, 1005, 1013, 86, 1015, 86, 86, 1019, 1006,
1905 86, 86, 1007, 86, 1014, 1009, 1010, 1017, 1011, 86,
1906
1907 1016, 86, 86, 1018, 86, 1012, 1022, 1021, 1020, 86,
1908 1013, 86, 1015, 1023, 86, 1019, 86, 86, 1026, 1024,
1909 1025, 1014, 86, 1027, 1017, 1029, 1028, 1031, 1030, 1032,
1910 1018, 1033, 3557, 1022, 1021, 1020, 86, 1034, 1037, 1035,
1911 1038, 86, 3557, 1036, 3557, 86, 1024, 86, 86, 1039,
1912 86, 86, 1041, 1028, 1042, 1030, 1032, 86, 1047, 86,
1913 86, 86, 86, 86, 1034, 86, 1035, 86, 86, 1040,
1914 1036, 1043, 1045, 1044, 86, 1048, 1039, 86, 86, 1041,
1915 1046, 1042, 86, 86, 1049, 86, 1050, 1051, 86, 1052,
1916 1053, 86, 3557, 86, 1054, 3557, 1040, 86, 1043, 1045,
1917
1918 1044, 1055, 1048, 86, 86, 1056, 1057, 1046, 86, 1059,
1919 1058, 1049, 86, 86, 1089, 1063, 1052, 1053, 1061, 86,
1920 86, 1054, 1060, 1062, 86, 1064, 1066, 86, 1055, 86,
1921 1065, 86, 1056, 1057, 86, 86, 1059, 1058, 1067, 86,
1922 1068, 86, 1063, 1069, 1070, 1061, 86, 1072, 1075, 1060,
1923 1062, 86, 86, 1066, 1076, 1071, 86, 86, 86, 3557,
1924 1073, 1078, 86, 1077, 86, 1067, 1079, 1068, 1074, 86,
1925 1069, 1070, 86, 86, 1072, 1075, 1085, 1086, 1080, 1081,
1926 86, 86, 1071, 86, 86, 86, 86, 1073, 1078, 1082,
1927 1077, 1083, 1084, 1079, 86, 1074, 1090, 1091, 86, 1087,
1928
1929 86, 1088, 1092, 1085, 1086, 1080, 1081, 1093, 86, 86,
1930 86, 1095, 86, 86, 86, 86, 1082, 1094, 1083, 1084,
1931 1096, 1098, 1097, 1090, 1091, 1099, 1087, 1102, 1088, 1092,
1932 86, 3557, 86, 1100, 1093, 86, 1104, 1106, 1095, 86,
1933 1109, 86, 86, 86, 1094, 86, 1101, 1096, 1098, 1097,
1934 1103, 1105, 86, 86, 1102, 86, 1111, 86, 86, 1107,
1935 1100, 1108, 1110, 1104, 1106, 1112, 1113, 86, 86, 86,
1936 1115, 1116, 86, 1101, 1114, 3557, 1124, 1103, 1105, 86,
1937 3557, 86, 1117, 1111, 1118, 1121, 1107, 1123, 1108, 1122,
1938 1125, 1119, 86, 1113, 86, 86, 1126, 86, 1129, 1120,
1939
1940 1131, 1114, 86, 86, 3557, 86, 86, 86, 86, 1117,
1941 1127, 1118, 1121, 86, 1123, 1128, 1122, 1130, 1119, 86,
1942 86, 1133, 86, 1126, 86, 1132, 1120, 86, 1137, 86,
1943 86, 1140, 1134, 1138, 86, 1141, 1142, 1127, 1139, 1143,
1944 3557, 86, 1128, 86, 1130, 1135, 86, 1136, 1133, 1144,
1945 86, 1147, 1132, 1160, 86, 1148, 86, 3557, 1140, 1134,
1946 170, 86, 1141, 1142, 86, 1139, 1143, 1145, 1158, 86,
1947 1146, 86, 1135, 86, 1136, 86, 1144, 1149, 1147, 1150,
1948 86, 1159, 1148, 1169, 86, 86, 3557, 1161, 3557, 86,
1949 1157, 86, 3557, 86, 1145, 1158, 1162, 1146, 1167, 1163,
1950
1951 1165, 86, 1186, 1168, 1149, 1164, 1150, 1151, 1159, 1152,
1952 1169, 86, 3557, 1153, 1161, 1154, 86, 1157, 86, 86,
1953 1155, 1171, 86, 1162, 1166, 1156, 1163, 1165, 1170, 86,
1954 86, 86, 1164, 1172, 1151, 1174, 1152, 86, 1173, 1176,
1955 1153, 86, 1154, 1178, 86, 1175, 1177, 1155, 1171, 1181,
1956 86, 1166, 1156, 1179, 86, 1170, 86, 86, 1180, 86,
1957 1172, 1182, 1174, 1184, 1183, 1173, 1176, 86, 86, 1185,
1958 1178, 86, 1175, 1177, 1188, 1191, 1181, 1199, 1189, 3557,
1959 1179, 1190, 86, 86, 86, 1180, 86, 3557, 1182, 86,
1960 1200, 1183, 86, 1203, 1201, 86, 1202, 3557, 3557, 1205,
1961
1962 1211, 86, 1191, 1204, 1199, 1189, 86, 86, 1190, 1192,
1963 3557, 86, 86, 1206, 1193, 3557, 1194, 1200, 86, 86,
1964 1203, 1201, 1195, 1202, 86, 86, 1205, 1196, 1197, 1207,
1965 1204, 1208, 86, 1210, 1198, 86, 1192, 1209, 1213, 86,
1966 1206, 1193, 86, 1194, 86, 86, 1212, 1218, 1214, 1195,
1967 1216, 1215, 1221, 86, 1196, 1197, 1207, 86, 1208, 86,
1968 1210, 1198, 86, 1217, 1209, 1213, 1219, 1222, 86, 1220,
1969 1224, 1223, 86, 1212, 86, 1214, 86, 1216, 1215, 86,
1970 1226, 1225, 1227, 1229, 86, 1232, 3557, 1230, 1233, 86,
1971 1217, 86, 86, 1219, 1222, 86, 1220, 1224, 1223, 1228,
1972
1973 1231, 86, 1235, 1244, 86, 86, 86, 86, 1225, 1227,
1974 1229, 86, 86, 1234, 1230, 1233, 1236, 86, 1237, 1239,
1975 1240, 86, 3557, 86, 86, 1238, 1228, 1231, 1242, 1235,
1976 1241, 86, 86, 1245, 86, 86, 1248, 1246, 86, 3557,
1977 1234, 1243, 3557, 1236, 86, 1237, 1239, 1240, 86, 86,
1978 86, 86, 1238, 1250, 1247, 1242, 1251, 1241, 86, 1249,
1979 1245, 86, 1252, 1248, 1246, 86, 86, 86, 1243, 1253,
1980 1254, 1255, 1256, 1258, 86, 1257, 1259, 1260, 3557, 1264,
1981 1250, 1247, 1261, 1251, 1265, 3557, 1249, 3557, 1268, 1252,
1982 86, 86, 86, 86, 86, 86, 1253, 1254, 1255, 1256,
1983
1984 1262, 86, 1257, 1269, 1260, 86, 1263, 1273, 86, 1261,
1985 1266, 86, 86, 1267, 86, 1268, 86, 86, 1270, 1272,
1986 1271, 86, 1275, 1274, 1277, 86, 1278, 1262, 86, 3557,
1987 1269, 86, 1276, 1263, 1273, 86, 86, 1266, 86, 86,
1988 1267, 1279, 1280, 3557, 1281, 1270, 1272, 1271, 1282, 1286,
1989 1274, 1283, 1284, 1278, 86, 86, 86, 86, 1285, 1276,
1990 86, 1288, 1289, 86, 1287, 1291, 1290, 1294, 1279, 1280,
1991 86, 1281, 86, 1293, 86, 1282, 1286, 1295, 1283, 1284,
1992 86, 86, 86, 86, 86, 1285, 86, 1292, 1288, 1289,
1993 1296, 1287, 1291, 1290, 86, 1298, 1297, 1300, 86, 86,
1994
1995 1293, 1299, 1301, 1305, 86, 86, 86, 1303, 86, 1302,
1996 86, 1304, 1306, 1307, 1292, 1308, 86, 1296, 1310, 86,
1997 1318, 1309, 1298, 1297, 1300, 86, 1312, 86, 1299, 1301,
1998 1311, 86, 1313, 1316, 1303, 86, 1302, 86, 1304, 1315,
1999 1314, 1317, 1308, 86, 86, 86, 86, 86, 1309, 86,
2000 86, 1319, 86, 1320, 86, 1321, 1325, 1311, 86, 1313,
2001 1323, 1324, 1322, 86, 86, 86, 1315, 1314, 1317, 86,
2002 86, 86, 86, 1326, 1330, 1328, 1331, 1327, 1319, 3557,
2003 1320, 3557, 1321, 1325, 86, 86, 86, 1323, 1324, 1322,
2004 86, 1329, 1333, 1332, 1334, 86, 1337, 1336, 1338, 86,
2005
2006 1326, 1335, 1328, 1340, 1327, 86, 86, 86, 86, 86,
2007 86, 86, 86, 1341, 86, 1343, 1345, 86, 1329, 1333,
2008 1332, 86, 1346, 1337, 1336, 1338, 1342, 1344, 1335, 1347,
2009 1340, 86, 1349, 1348, 86, 86, 1351, 1350, 1357, 170,
2010 1341, 86, 1343, 86, 1353, 1355, 1352, 1354, 86, 1346,
2011 86, 86, 1358, 1342, 1344, 86, 1347, 3557, 1360, 1349,
2012 1348, 86, 1356, 1351, 1350, 86, 86, 1359, 1361, 86,
2013 86, 1353, 86, 1352, 1354, 1362, 1365, 1363, 86, 1364,
2014 86, 1368, 1371, 1367, 86, 1360, 1418, 1366, 1369, 1356,
2015 86, 86, 86, 86, 1359, 1361, 3557, 86, 86, 86,
2016
2017 86, 86, 1362, 1365, 1363, 1370, 1364, 1372, 1368, 86,
2018 1367, 1374, 1373, 86, 1366, 1369, 1375, 1376, 86, 1377,
2019 86, 86, 1381, 86, 86, 1382, 1383, 1384, 1378, 3557,
2020 1379, 3557, 1370, 1380, 1372, 1387, 1385, 86, 1374, 1373,
2021 3557, 86, 1388, 1375, 1376, 86, 1377, 1390, 86, 1381,
2022 86, 86, 1382, 1383, 86, 1378, 86, 1379, 1386, 86,
2023 1380, 1389, 1387, 1385, 1391, 86, 1393, 1392, 1394, 1388,
2024 86, 86, 1398, 3557, 1390, 86, 1395, 3557, 1399, 1397,
2025 1396, 86, 1400, 3557, 1404, 1386, 86, 86, 1389, 86,
2026 86, 1391, 1402, 1393, 1392, 1394, 86, 1403, 1405, 86,
2027
2028 86, 1401, 86, 1395, 86, 1399, 1397, 1396, 86, 1400,
2029 86, 1404, 1411, 1407, 86, 1406, 1412, 1408, 1410, 1402,
2030 86, 86, 1417, 3557, 1403, 1405, 1409, 86, 1401, 1413,
2031 86, 86, 86, 1416, 86, 3557, 3557, 86, 1415, 1411,
2032 1407, 86, 1406, 1412, 1408, 1410, 1414, 86, 1419, 1417,
2033 1420, 1421, 86, 1409, 86, 86, 1413, 86, 1422, 1423,
2034 1416, 1424, 1426, 1425, 86, 1415, 1428, 86, 1427, 86,
2035 86, 86, 1429, 1414, 1430, 1419, 86, 1420, 1421, 86,
2036 86, 1431, 1433, 1432, 1434, 1422, 1423, 1437, 1424, 1426,
2037 1425, 86, 1435, 86, 1436, 1427, 86, 1443, 86, 1429,
2038
2039 1438, 86, 86, 86, 1440, 1439, 86, 1441, 1431, 1433,
2040 1432, 1434, 86, 1442, 1437, 1451, 86, 1452, 1453, 1435,
2041 86, 1436, 1457, 86, 1443, 1454, 1467, 86, 3557, 86,
2042 3557, 1440, 86, 1455, 1441, 86, 3557, 1461, 1456, 1458,
2043 1442, 1444, 1451, 86, 1452, 1445, 3557, 1459, 1446, 1447,
2044 86, 86, 1454, 1448, 86, 86, 86, 1460, 86, 1449,
2045 1455, 86, 1462, 1450, 1461, 1456, 1458, 86, 1444, 86,
2046 1465, 1463, 1445, 1464, 1459, 1446, 1447, 86, 1466, 1470,
2047 1448, 1468, 1473, 86, 1460, 1469, 1449, 86, 86, 1462,
2048 1450, 1471, 86, 1472, 1474, 86, 1476, 1465, 1463, 86,
2049
2050 1464, 86, 86, 1475, 86, 1466, 1470, 1477, 1468, 1483,
2051 1489, 1484, 1469, 3557, 86, 3557, 1486, 1487, 1471, 86,
2052 1472, 86, 1485, 1476, 86, 86, 86, 1488, 3557, 1490,
2053 1475, 86, 3557, 86, 1477, 1478, 1483, 1489, 1484, 1492,
2054 1479, 86, 1480, 86, 1481, 86, 1482, 1493, 86, 1485,
2055 1491, 1498, 1494, 86, 1488, 1496, 1490, 86, 1495, 86,
2056 86, 1497, 1478, 1499, 86, 1503, 1492, 1479, 1504, 1480,
2057 3557, 1481, 1500, 1482, 1502, 3557, 86, 1491, 1498, 86,
2058 86, 86, 1496, 86, 1501, 1495, 1506, 86, 1497, 1505,
2059 1499, 3557, 86, 1507, 86, 1504, 1508, 86, 1513, 1500,
2060
2061 86, 1502, 1509, 1510, 86, 86, 86, 1511, 1512, 1514,
2062 1515, 1501, 1516, 1506, 1517, 86, 1505, 86, 86, 1518,
2063 1507, 86, 1523, 1508, 86, 1513, 1519, 86, 1525, 1509,
2064 1510, 86, 1520, 1522, 1511, 1512, 1514, 86, 1524, 1516,
2065 1521, 86, 1526, 1531, 86, 86, 1518, 3557, 86, 86,
2066 86, 86, 1527, 1519, 86, 86, 1528, 1529, 1530, 1520,
2067 1522, 1533, 86, 86, 86, 1524, 1532, 1521, 86, 1526,
2068 86, 86, 1534, 86, 86, 1535, 1536, 1538, 1537, 1527,
2069 1540, 3557, 86, 1528, 1529, 1530, 1539, 3557, 1533, 86,
2070 1541, 1542, 3557, 1532, 1543, 86, 86, 1544, 1545, 1534,
2071
2072 86, 3557, 1535, 86, 1538, 1537, 1548, 1540, 86, 1546,
2073 86, 86, 1547, 1539, 86, 1549, 86, 1541, 1542, 1550,
2074 86, 1543, 1551, 1552, 1544, 1545, 1553, 1555, 86, 1556,
2075 86, 1554, 86, 1548, 86, 1557, 1546, 86, 1558, 1547,
2076 1560, 86, 1549, 3557, 86, 86, 1550, 86, 1559, 1551,
2077 1552, 86, 1563, 1553, 1555, 1561, 1562, 1564, 1554, 1565,
2078 86, 86, 1567, 1566, 86, 1558, 86, 86, 86, 1569,
2079 86, 86, 86, 86, 1568, 1559, 1572, 1573, 1574, 1563,
2080 1570, 170, 1561, 1562, 86, 86, 1565, 86, 1571, 1567,
2081 1566, 86, 86, 1575, 3557, 1578, 1569, 1576, 3557, 86,
2082
2083 1581, 1568, 86, 1577, 1579, 1574, 1580, 1570, 86, 86,
2084 86, 86, 1583, 86, 1582, 1571, 1585, 1588, 86, 1584,
2085 1586, 86, 1578, 86, 1576, 86, 86, 1581, 1587, 86,
2086 1577, 1579, 1589, 1580, 1590, 1592, 86, 1591, 86, 1583,
2087 1593, 1582, 1594, 1585, 86, 86, 1584, 1586, 1595, 1596,
2088 86, 86, 1597, 3557, 3557, 1587, 86, 1604, 1598, 1589,
2089 1599, 1590, 1603, 1600, 1591, 86, 86, 86, 86, 1594,
2090 86, 1601, 86, 1605, 1602, 1595, 1596, 1606, 1608, 1597,
2091 86, 1607, 86, 1609, 1604, 1598, 86, 1599, 1610, 1603,
2092 1600, 1611, 1614, 86, 86, 1612, 86, 1613, 1601, 86,
2093
2094 1605, 1602, 1616, 1615, 86, 1608, 86, 3557, 1607, 86,
2095 1617, 86, 1618, 1619, 86, 86, 1623, 86, 1611, 1614,
2096 86, 1624, 1612, 1620, 1613, 86, 1621, 3557, 1627, 1616,
2097 1615, 3557, 1622, 3557, 86, 86, 86, 1617, 1625, 1618,
2098 1619, 86, 86, 1623, 86, 1629, 1626, 86, 1624, 1628,
2099 1620, 3557, 3557, 1621, 86, 1630, 86, 1631, 1635, 1622,
2100 86, 1634, 1632, 86, 86, 1625, 1633, 1636, 1637, 86,
2101 86, 3557, 1629, 1626, 86, 1639, 1628, 1638, 86, 1640,
2102 86, 86, 1630, 1641, 1631, 1635, 86, 86, 1634, 1632,
2103 86, 1642, 1644, 1633, 1636, 1637, 1643, 86, 1645, 86,
2104
2105 1646, 1647, 1639, 86, 1638, 3557, 1640, 1648, 1650, 86,
2106 1641, 1649, 3557, 1655, 86, 1651, 1652, 1654, 1642, 1644,
2107 86, 1656, 1653, 1643, 86, 1645, 1657, 86, 86, 1658,
2108 1660, 3557, 86, 86, 1648, 86, 86, 86, 1649, 86,
2109 1659, 1661, 1651, 1652, 1654, 86, 1664, 1662, 3557, 1653,
2110 1663, 1666, 1667, 86, 1668, 86, 1658, 86, 86, 86,
2111 1671, 86, 1665, 86, 86, 86, 86, 1659, 1661, 1669,
2112 1672, 1670, 86, 1664, 1662, 86, 86, 1663, 1666, 1667,
2113 86, 1668, 86, 86, 1673, 1683, 1674, 1671, 1676, 1665,
2114 86, 1675, 86, 1677, 1678, 1680, 1669, 1672, 1670, 1679,
2115
2116 1681, 86, 1684, 86, 1687, 1682, 1685, 86, 86, 1691,
2117 86, 1673, 1683, 86, 3557, 1686, 1688, 1694, 86, 1693,
2118 86, 1678, 1680, 86, 86, 86, 1679, 1681, 1689, 1684,
2119 1690, 86, 1682, 1685, 1703, 86, 86, 1692, 86, 1695,
2120 86, 86, 1686, 1688, 1696, 86, 1693, 86, 1697, 86,
2121 1698, 1699, 86, 1702, 1700, 1689, 86, 1690, 86, 86,
2122 86, 1703, 1701, 1704, 1692, 86, 1695, 86, 86, 1708,
2123 1707, 1696, 1709, 1710, 1705, 1697, 1706, 1698, 1699, 1711,
2124 1702, 1700, 86, 1718, 86, 86, 1713, 86, 3557, 1701,
2125 1704, 1712, 86, 1714, 1715, 86, 86, 1707, 1716, 86,
2126
2127 1710, 1705, 86, 1706, 86, 86, 1711, 86, 1719, 1721,
2128 1718, 1717, 1720, 1713, 1723, 1722, 86, 3557, 1712, 86,
2129 1714, 1715, 1724, 1725, 86, 1716, 86, 1730, 1728, 1729,
2130 86, 1726, 1727, 1736, 1731, 1719, 1721, 1742, 1717, 1720,
2131 1732, 86, 1722, 86, 86, 1734, 86, 86, 1737, 1724,
2132 86, 86, 1740, 1733, 1730, 86, 1729, 86, 1726, 1727,
2133 86, 1731, 86, 86, 1735, 86, 1741, 1732, 1738, 86,
2134 1739, 86, 1734, 1744, 86, 86, 86, 86, 1743, 1740,
2135 1733, 1746, 1745, 1747, 1751, 86, 3557, 1748, 1749, 1750,
2136 86, 1735, 86, 1741, 86, 1738, 1752, 1739, 86, 86,
2137
2138 86, 1753, 3557, 86, 1755, 1743, 86, 1761, 86, 1745,
2139 1747, 1751, 1757, 86, 1748, 1749, 1750, 1754, 86, 86,
2140 1756, 1758, 3557, 1752, 86, 1760, 3557, 1759, 1753, 86,
2141 86, 1755, 86, 86, 1761, 1762, 1763, 3557, 86, 1757,
2142 1765, 1772, 86, 1764, 1754, 86, 1767, 1756, 1758, 86,
2143 1766, 1768, 1760, 86, 1759, 86, 1769, 86, 1770, 1771,
2144 3557, 1773, 1762, 1763, 86, 86, 1775, 1765, 86, 1774,
2145 1764, 86, 86, 1767, 1776, 1778, 86, 1766, 1768, 86,
2146 86, 1777, 1779, 1769, 86, 1770, 1771, 1780, 1773, 86,
2147 1781, 86, 86, 1775, 1782, 86, 1774, 1784, 1783, 3557,
2148
2149 1788, 1776, 1778, 1791, 1785, 86, 1787, 1786, 1777, 1779,
2150 3557, 86, 86, 86, 1780, 86, 86, 1781, 170, 1793,
2151 1794, 86, 86, 1797, 1784, 1783, 86, 1788, 1789, 1790,
2152 1791, 1785, 1795, 1787, 1786, 1792, 86, 86, 1799, 86,
2153 1798, 1796, 86, 1807, 1800, 86, 1793, 1794, 86, 1801,
2154 86, 86, 1803, 1802, 1804, 1789, 1790, 1805, 86, 1795,
2155 86, 86, 1792, 1810, 1806, 1799, 1809, 1798, 1796, 1811,
2156 86, 1800, 86, 1812, 86, 86, 1801, 86, 1808, 1814,
2157 1802, 1804, 1813, 1816, 86, 86, 86, 86, 1815, 86,
2158 1810, 1806, 86, 1809, 1817, 86, 1811, 86, 1818, 86,
2159
2160 1812, 1820, 1819, 1825, 1826, 1808, 1814, 1821, 86, 1813,
2161 1816, 86, 1829, 3557, 86, 1815, 86, 1822, 86, 3557,
2162 1823, 1817, 1827, 1830, 86, 1818, 86, 1832, 1820, 1819,
2163 86, 1826, 1824, 1833, 1821, 86, 1834, 1835, 1828, 1829,
2164 1831, 86, 86, 3557, 1822, 86, 86, 1823, 1836, 1827,
2165 1830, 86, 1837, 1839, 1832, 1838, 3557, 1841, 3557, 1824,
2166 86, 1840, 1845, 1842, 1846, 1828, 1843, 1831, 86, 86,
2167 86, 86, 86, 1844, 86, 1836, 1847, 1848, 86, 1837,
2168 86, 86, 1838, 86, 1841, 86, 86, 1850, 1840, 1845,
2169 1842, 1849, 3557, 1843, 1851, 1852, 86, 1853, 86, 1856,
2170
2171 1844, 1854, 1855, 1858, 1857, 3557, 86, 1859, 86, 86,
2172 86, 86, 86, 86, 1860, 1871, 1864, 86, 1849, 86,
2173 86, 1851, 1852, 86, 86, 1861, 1856, 86, 1854, 1855,
2174 1858, 1857, 1865, 1862, 1859, 1863, 1866, 86, 86, 86,
2175 1868, 1860, 86, 1864, 86, 1867, 1869, 86, 3557, 1872,
2176 1870, 3557, 1861, 1875, 1877, 86, 86, 86, 1873, 1865,
2177 1862, 86, 1863, 1866, 86, 86, 86, 1868, 1874, 86,
2178 1879, 1882, 1867, 1869, 1880, 86, 1872, 1870, 1876, 1878,
2179 1875, 86, 1881, 86, 86, 1873, 86, 1883, 1884, 86,
2180 1885, 86, 86, 1886, 3557, 1874, 3557, 1879, 1882, 86,
2181
2182 86, 1880, 1888, 1914, 1887, 1876, 1878, 1889, 86, 1881,
2183 1890, 86, 1891, 1896, 1883, 1884, 86, 1885, 1895, 1897,
2184 1886, 1892, 86, 86, 1901, 86, 1893, 1899, 1894, 1888,
2185 86, 1887, 1898, 86, 1889, 86, 86, 1890, 1900, 1891,
2186 86, 1903, 86, 1902, 1904, 1895, 86, 86, 1892, 86,
2187 1905, 86, 1907, 1893, 1899, 1894, 1906, 86, 1908, 1898,
2188 86, 1915, 86, 1909, 1910, 1900, 86, 3557, 1903, 86,
2189 1902, 1904, 86, 1916, 86, 3557, 1913, 1905, 86, 1907,
2190 3557, 86, 1917, 1906, 1911, 1908, 1919, 1912, 86, 86,
2191 1909, 1910, 1918, 86, 86, 86, 1921, 1920, 1924, 1922,
2192
2193 1916, 1925, 86, 1913, 1923, 1948, 86, 86, 1928, 1917,
2194 86, 1911, 1927, 1919, 1912, 1926, 86, 86, 1929, 1918,
2195 86, 86, 1930, 1921, 1920, 1924, 1931, 3557, 1925, 86,
2196 1932, 86, 1933, 1935, 86, 1928, 1936, 86, 3557, 1927,
2197 86, 1938, 1926, 1937, 3557, 1929, 1934, 1940, 1939, 1930,
2198 86, 86, 86, 1931, 86, 1944, 86, 1932, 86, 1933,
2199 1935, 1941, 1946, 1936, 1943, 86, 1942, 86, 1938, 1949,
2200 1937, 1945, 1947, 1934, 1940, 1939, 86, 86, 86, 1950,
2201 1951, 1952, 1944, 1954, 86, 86, 1955, 1953, 1958, 1946,
2202 1956, 1943, 1957, 86, 1962, 1959, 1949, 86, 1945, 1947,
2203
2204 86, 3557, 1963, 86, 1960, 86, 86, 86, 1952, 86,
2205 1961, 1967, 86, 1955, 1953, 86, 1964, 1956, 1968, 1957,
2206 86, 86, 1959, 1969, 86, 1965, 86, 1966, 86, 1963,
2207 86, 1960, 1970, 86, 1972, 86, 1973, 1961, 1967, 1971,
2208 86, 86, 1974, 1964, 1975, 1968, 86, 1977, 86, 86,
2209 1969, 1978, 1965, 1979, 1966, 86, 1986, 86, 1980, 1970,
2210 1984, 1972, 1983, 1973, 1982, 1976, 1971, 86, 1981, 1974,
2211 86, 86, 1985, 86, 1990, 86, 1987, 1991, 3557, 86,
2212 1979, 86, 1988, 86, 86, 86, 86, 86, 86, 1983,
2213 1992, 1982, 1976, 86, 1993, 1981, 1989, 1995, 1996, 1985,
2214
2215 1994, 86, 1998, 1987, 1991, 86, 86, 86, 1997, 1988,
2216 2001, 2004, 1999, 86, 2000, 2002, 86, 1992, 2006, 86,
2217 86, 1993, 2008, 1989, 1995, 1996, 86, 1994, 86, 1998,
2218 170, 2003, 86, 86, 86, 1997, 2005, 2001, 86, 1999,
2219 2007, 2000, 2002, 86, 86, 2006, 2009, 2011, 86, 86,
2220 2010, 2012, 2013, 2015, 2014, 2017, 2016, 2019, 2003, 86,
2221 86, 86, 86, 2005, 86, 2018, 86, 2007, 2021, 2020,
2222 86, 86, 2022, 2009, 2011, 2025, 2024, 2010, 2012, 2013,
2223 2023, 2014, 2017, 2016, 86, 86, 86, 2027, 2026, 2028,
2224 2029, 2047, 2018, 86, 86, 86, 2020, 86, 86, 2022,
2225
2226 2030, 2031, 86, 86, 2033, 86, 3557, 2023, 86, 2032,
2227 86, 2034, 86, 86, 2027, 2026, 2028, 2029, 86, 2035,
2228 2036, 2038, 2037, 86, 3557, 3557, 86, 2030, 2031, 2045,
2229 2044, 2033, 2039, 86, 86, 86, 2032, 86, 2034, 2046,
2230 3557, 86, 3557, 86, 2041, 2040, 2035, 2036, 2038, 2037,
2231 86, 86, 86, 2042, 2049, 2048, 2045, 2044, 2051, 2039,
2232 2043, 86, 86, 2052, 2053, 2050, 86, 2056, 2057, 86,
2233 86, 2041, 2040, 86, 2058, 86, 2059, 2060, 2067, 2061,
2234 2042, 2049, 2048, 86, 2054, 2051, 2055, 2043, 2069, 86,
2235 2052, 2053, 2050, 86, 2056, 86, 2062, 86, 2065, 2066,
2236
2237 2068, 86, 86, 2059, 86, 86, 2061, 2070, 2063, 2064,
2238 86, 2054, 2071, 2055, 86, 86, 86, 2085, 2072, 2073,
2239 86, 86, 86, 2062, 86, 86, 2066, 2068, 2074, 2075,
2240 2076, 2077, 2078, 2080, 2070, 2063, 2064, 86, 2079, 86,
2241 86, 2081, 2082, 3557, 86, 2072, 2073, 2083, 2084, 86,
2242 86, 3557, 86, 86, 2090, 2074, 86, 2076, 2077, 86,
2243 2080, 86, 2091, 86, 86, 2079, 2093, 2099, 2081, 2082,
2244 86, 86, 2092, 86, 2083, 2084, 2086, 2087, 2088, 86,
2245 2094, 2090, 2097, 2089, 2098, 2095, 2100, 86, 2101, 2091,
2246 2096, 86, 86, 2102, 2099, 86, 86, 2106, 86, 2092,
2247
2248 86, 2103, 86, 2086, 2087, 2088, 2105, 2094, 2108, 2097,
2249 2089, 2098, 86, 2100, 2104, 2101, 2111, 86, 2112, 86,
2250 2109, 86, 2107, 86, 86, 86, 2110, 86, 2103, 2113,
2251 2114, 86, 2116, 2105, 86, 2108, 86, 2115, 2118, 86,
2252 2117, 2104, 86, 2111, 86, 86, 2119, 2109, 2121, 2107,
2253 86, 2130, 2120, 2110, 2122, 2132, 2113, 86, 86, 2116,
2254 86, 2123, 2124, 86, 2115, 2118, 2125, 2117, 2126, 86,
2255 2127, 2128, 86, 86, 2129, 86, 2135, 2131, 86, 2120,
2256 2138, 2122, 86, 86, 86, 86, 2134, 86, 2123, 2124,
2257 2136, 2139, 2140, 2125, 2137, 2126, 86, 2127, 2128, 86,
2258
2259 2133, 2129, 86, 2142, 2131, 2141, 86, 86, 86, 2144,
2260 86, 2145, 86, 2134, 86, 86, 2143, 2136, 86, 2140,
2261 2146, 2137, 2147, 86, 86, 2149, 86, 2133, 2148, 86,
2262 2142, 86, 2141, 86, 2150, 2151, 2144, 2154, 2145, 3557,
2263 3557, 2152, 2153, 2143, 86, 2159, 2162, 2146, 86, 2147,
2264 2156, 86, 2149, 2155, 86, 2148, 2157, 86, 86, 2158,
2265 86, 86, 2160, 2161, 2154, 86, 86, 86, 2152, 2153,
2266 2163, 86, 86, 2162, 2165, 2164, 3557, 2156, 86, 2168,
2267 2155, 86, 2166, 2157, 2169, 2172, 2158, 2167, 2170, 2160,
2268 2161, 2175, 3557, 2171, 3557, 2174, 3557, 2163, 86, 86,
2269
2270 86, 2165, 2164, 86, 86, 86, 86, 86, 86, 2166,
2271 2173, 2169, 86, 2176, 2167, 2170, 86, 2177, 2175, 2178,
2272 2171, 2179, 2174, 2180, 86, 2181, 86, 2182, 86, 2183,
2273 2185, 2184, 2196, 2186, 86, 86, 3557, 2173, 2187, 86,
2274 2176, 2197, 2192, 2191, 2177, 86, 2178, 2193, 2179, 2188,
2275 86, 86, 2181, 2199, 2182, 86, 2183, 86, 2184, 86,
2276 2186, 86, 2201, 2189, 86, 2187, 2194, 86, 2190, 86,
2277 2191, 2195, 2200, 86, 86, 86, 2188, 2198, 86, 86,
2278 2199, 2202, 2203, 2207, 2205, 2204, 2206, 86, 86, 2209,
2279 2189, 2210, 2208, 2211, 86, 2190, 86, 86, 86, 2200,
2280
2281 86, 86, 2213, 3557, 2198, 86, 2217, 2212, 2202, 2203,
2282 86, 2205, 2204, 2206, 86, 86, 2214, 2215, 86, 2208,
2283 2211, 86, 2216, 2218, 170, 2219, 2220, 2221, 86, 2213,
2284 86, 86, 86, 2217, 2212, 2222, 2223, 2224, 2225, 2227,
2285 2226, 3557, 86, 2214, 2215, 2229, 3557, 86, 2228, 2216,
2286 2218, 86, 2219, 86, 86, 2231, 2230, 86, 86, 2232,
2287 86, 86, 2222, 2233, 2224, 2225, 2227, 2226, 86, 86,
2288 86, 86, 2229, 2234, 86, 2228, 2235, 2237, 86, 2236,
2289 2238, 86, 2231, 2230, 2239, 2240, 2232, 2241, 2244, 2243,
2290 2233, 2242, 3557, 2247, 86, 86, 86, 86, 86, 86,
2291
2292 2234, 2245, 86, 86, 2237, 2246, 2236, 2238, 86, 86,
2293 2248, 2239, 86, 2249, 2241, 2244, 2243, 2250, 2242, 86,
2294 2251, 2254, 2270, 2252, 86, 86, 86, 86, 2245, 2256,
2295 86, 86, 2246, 86, 2253, 2255, 86, 2248, 2257, 2258,
2296 2249, 2261, 2263, 2259, 2250, 2260, 2262, 2251, 2254, 86,
2297 2252, 86, 2264, 86, 86, 3557, 2256, 86, 86, 2273,
2298 86, 2253, 2255, 86, 86, 2257, 2258, 2265, 2261, 86,
2299 2259, 2266, 2260, 2262, 2267, 2268, 86, 2269, 86, 2264,
2300 2272, 2271, 86, 2274, 86, 86, 2273, 86, 2275, 2277,
2301 86, 86, 86, 2276, 2265, 2278, 2279, 2280, 2266, 2281,
2302
2303 86, 2267, 2268, 2286, 2269, 2283, 86, 2272, 2271, 2284,
2304 2274, 3557, 86, 2282, 86, 86, 86, 2287, 86, 2318,
2305 2276, 86, 2278, 2279, 2280, 86, 86, 2285, 2289, 86,
2306 2286, 86, 2283, 2288, 86, 86, 2284, 2290, 2291, 86,
2307 2282, 2292, 2298, 86, 2287, 2293, 86, 2294, 2300, 86,
2308 86, 86, 86, 2295, 2285, 2289, 86, 2296, 2299, 86,
2309 2288, 2301, 86, 86, 2290, 2291, 2303, 2302, 2292, 2298,
2310 2297, 2304, 2293, 86, 2294, 2300, 86, 2305, 86, 2306,
2311 2295, 2307, 2308, 2309, 2296, 2299, 86, 2312, 86, 2310,
2312 3557, 3557, 86, 2303, 2302, 86, 3557, 2297, 2304, 86,
2313
2314 2311, 2314, 2315, 86, 2305, 86, 2306, 86, 2307, 2308,
2315 2309, 86, 2313, 2316, 2312, 2317, 2310, 86, 2319, 86,
2316 86, 86, 2320, 86, 2321, 2322, 86, 2311, 2314, 2315,
2317 2324, 2323, 2325, 2330, 2326, 86, 3557, 2327, 86, 2313,
2318 2316, 2328, 2317, 86, 2331, 2319, 86, 3557, 2332, 2320,
2319 86, 86, 2322, 86, 86, 86, 86, 2324, 2323, 2325,
2320 2329, 2326, 86, 2333, 2327, 86, 86, 86, 2328, 2334,
2321 2336, 2331, 2337, 2338, 2335, 2332, 2339, 2341, 86, 2340,
2322 86, 2343, 2342, 2344, 3557, 2345, 86, 2329, 86, 86,
2323 2333, 2346, 2350, 86, 86, 2351, 2354, 2336, 2352, 2337,
2324
2325 2338, 86, 2347, 86, 2341, 86, 2340, 86, 2343, 2342,
2326 86, 86, 2345, 2348, 86, 86, 86, 2353, 2346, 86,
2327 2355, 2349, 2351, 2354, 86, 2352, 2356, 2357, 2358, 2347,
2328 2361, 2359, 86, 2362, 2360, 86, 86, 2364, 2363, 3557,
2329 2348, 2366, 86, 86, 2353, 2365, 86, 2355, 2349, 2368,
2330 86, 2367, 86, 2356, 2357, 2358, 86, 2361, 2359, 86,
2331 2369, 2360, 2371, 86, 2364, 86, 86, 2370, 2366, 86,
2332 2372, 86, 2365, 2373, 2374, 2375, 2368, 2376, 2367, 2377,
2333 2380, 86, 86, 86, 86, 2379, 86, 2369, 86, 2371,
2334 86, 2378, 86, 86, 2370, 2381, 2382, 2372, 86, 2383,
2335
2336 86, 2374, 2375, 2384, 2376, 2385, 2377, 2380, 2388, 2386,
2337 86, 86, 2379, 2390, 86, 2387, 2391, 86, 2378, 2393,
2338 86, 2389, 2381, 2382, 2396, 2392, 2383, 86, 86, 86,
2339 2384, 86, 2385, 86, 86, 2388, 2386, 86, 2395, 2394,
2340 2390, 86, 2387, 2391, 2397, 2398, 2393, 2400, 2389, 2399,
2341 2401, 86, 2392, 2402, 2403, 86, 86, 2405, 86, 2404,
2342 2409, 2410, 86, 2411, 2406, 2395, 2394, 86, 86, 170,
2343 2414, 2397, 86, 86, 2400, 86, 2399, 2401, 2407, 2412,
2344 2402, 2403, 2415, 2408, 2418, 2419, 2404, 86, 2413, 86,
2345 2411, 2406, 86, 86, 2420, 86, 2416, 86, 86, 2421,
2346
2347 2423, 2425, 86, 2424, 2422, 2428, 2412, 2417, 86, 2415,
2348 86, 2418, 86, 86, 86, 2413, 2426, 2427, 2429, 2431,
2349 86, 2420, 2430, 2416, 3557, 86, 2421, 86, 2425, 86,
2350 2424, 2422, 86, 2432, 2417, 2434, 2433, 86, 86, 86,
2351 86, 86, 86, 86, 2427, 2429, 2431, 2435, 2437, 2430,
2352 2438, 86, 2436, 2442, 2439, 2443, 2441, 86, 86, 86,
2353 2432, 2440, 2434, 2433, 86, 86, 2444, 2448, 86, 2446,
2354 86, 3557, 2445, 2451, 2435, 2437, 86, 2438, 86, 2436,
2355 2442, 2439, 86, 2441, 86, 2447, 86, 2449, 2440, 86,
2356 2450, 86, 2452, 2444, 2448, 86, 2446, 2454, 86, 2445,
2357
2358 2451, 2453, 86, 2455, 2465, 2456, 86, 2457, 2458, 2551,
2359 86, 3557, 2447, 86, 2449, 86, 86, 2450, 2461, 2452,
2360 2460, 2459, 86, 86, 86, 86, 86, 2462, 2453, 2463,
2361 2455, 2464, 2456, 86, 2457, 2458, 86, 86, 2466, 2467,
2362 2469, 86, 2468, 2470, 86, 2461, 2472, 2460, 2459, 2473,
2363 86, 2474, 2471, 86, 2462, 86, 2463, 2478, 2464, 86,
2364 2475, 86, 2479, 2480, 2476, 2466, 2467, 2469, 86, 2468,
2365 2470, 86, 2477, 86, 86, 86, 2473, 86, 2474, 2471,
2366 2481, 2482, 2483, 86, 2478, 2484, 86, 2475, 86, 86,
2367 2480, 2476, 2485, 86, 2488, 2486, 86, 2489, 2487, 2477,
2368
2369 3557, 2490, 2494, 2492, 2491, 2495, 2496, 86, 2482, 2483,
2370 86, 86, 2484, 86, 2498, 3557, 2500, 86, 86, 2485,
2371 2493, 86, 2486, 86, 86, 2487, 86, 86, 2490, 2494,
2372 2492, 2491, 86, 86, 2497, 2499, 2501, 2502, 2503, 2504,
2373 2505, 86, 86, 86, 86, 2507, 2509, 2493, 86, 2510,
2374 2506, 2511, 2512, 86, 86, 86, 2508, 2513, 2517, 86,
2375 86, 2497, 2499, 2501, 2502, 86, 86, 2505, 86, 86,
2376 2515, 86, 2507, 2509, 2516, 3557, 2510, 2506, 86, 2512,
2377 2514, 2520, 86, 2508, 86, 2517, 3557, 2518, 2521, 86,
2378 2525, 2522, 86, 2524, 2523, 86, 86, 2515, 86, 2526,
2379
2380 2528, 2516, 2519, 86, 2527, 86, 2529, 2514, 86, 2531,
2381 86, 86, 86, 86, 2518, 2521, 2530, 2525, 2522, 86,
2382 2524, 2523, 2532, 2534, 2537, 2535, 86, 2528, 86, 2519,
2383 2533, 2527, 86, 2529, 2536, 2538, 2531, 86, 86, 2539,
2384 2540, 3557, 86, 2530, 2545, 86, 86, 2541, 2543, 86,
2385 2534, 86, 2535, 86, 2542, 2546, 86, 2533, 2547, 86,
2386 86, 2536, 2538, 86, 2544, 86, 2539, 2540, 2553, 2548,
2387 86, 2545, 2552, 86, 2541, 2543, 2554, 2555, 2556, 86,
2388 2558, 2542, 2546, 86, 2549, 2547, 2550, 86, 2557, 3557,
2389 86, 2544, 86, 86, 86, 2553, 2548, 2560, 86, 2552,
2390
2391 2559, 86, 86, 2554, 2555, 2556, 2561, 2558, 2562, 2563,
2392 2564, 2549, 2565, 2550, 2566, 2557, 2568, 3557, 2569, 86,
2393 86, 86, 2567, 2572, 2560, 2570, 2579, 2559, 86, 2571,
2394 86, 86, 2581, 2561, 86, 2562, 2563, 86, 2573, 2574,
2395 86, 2566, 86, 2575, 86, 2569, 2576, 86, 86, 2567,
2396 2572, 2577, 2570, 2580, 2578, 86, 2571, 86, 86, 2581,
2397 2585, 86, 86, 3557, 86, 2573, 2574, 86, 2582, 86,
2398 2575, 2584, 2583, 2576, 2586, 86, 2587, 3557, 2577, 86,
2399 2594, 2578, 2589, 2591, 2588, 86, 86, 2585, 2590, 86,
2400 2592, 86, 2593, 2595, 2596, 2582, 2597, 86, 2584, 2583,
2401
2402 86, 2599, 86, 2587, 86, 170, 86, 2594, 86, 2589,
2403 2591, 2588, 2598, 2600, 86, 2590, 86, 2592, 2602, 2593,
2404 2595, 86, 2601, 2597, 86, 2604, 2603, 2606, 2599, 2605,
2405 86, 2607, 2609, 86, 86, 2608, 86, 2612, 2613, 2598,
2406 2600, 2610, 86, 3557, 2611, 2602, 2614, 86, 2615, 2601,
2407 86, 2617, 2604, 2603, 2606, 3557, 2605, 2618, 86, 86,
2408 2621, 86, 2608, 2616, 86, 86, 86, 2619, 2610, 86,
2409 86, 2611, 86, 2614, 2620, 86, 86, 86, 2617, 2622,
2410 86, 2624, 86, 2623, 2618, 3557, 86, 2621, 3557, 2625,
2411 2616, 2626, 2627, 3557, 2619, 2628, 86, 2631, 2632, 2633,
2412
2413 2634, 2620, 2629, 86, 86, 2630, 2635, 3557, 2624, 3557,
2414 2623, 86, 86, 2640, 86, 86, 2625, 86, 2626, 86,
2415 86, 86, 2628, 86, 2631, 2632, 86, 2634, 86, 2629,
2416 2636, 2637, 2630, 2635, 2638, 2639, 86, 86, 86, 2641,
2417 2640, 86, 2642, 2643, 2644, 2646, 86, 2645, 86, 3557,
2418 3557, 2647, 2648, 2651, 86, 2649, 2655, 2636, 2637, 86,
2419 86, 2638, 2639, 2654, 86, 86, 2641, 2656, 2652, 2642,
2420 2650, 2644, 2646, 86, 2645, 86, 86, 86, 2647, 2648,
2421 86, 2653, 2649, 86, 2657, 86, 86, 2658, 86, 2659,
2422 2654, 2660, 86, 3557, 2656, 2652, 2661, 2650, 2662, 2663,
2423
2424 86, 2664, 86, 2666, 2667, 86, 2665, 2668, 2653, 86,
2425 2670, 2657, 2669, 3557, 2658, 2671, 2659, 86, 2660, 86,
2426 86, 2674, 86, 2661, 86, 2662, 2663, 86, 2664, 86,
2427 86, 2667, 2672, 2665, 86, 86, 2673, 86, 2676, 2669,
2428 2675, 86, 2671, 86, 86, 86, 2677, 86, 2674, 2678,
2429 2679, 2680, 2681, 2682, 3557, 2683, 2685, 3557, 2684, 2672,
2430 86, 86, 2687, 2673, 2686, 2676, 2688, 2675, 86, 86,
2431 86, 86, 2689, 2677, 2691, 2693, 2678, 86, 86, 2690,
2432 2682, 86, 2683, 2685, 86, 2684, 86, 86, 2694, 2687,
2433 86, 2686, 2692, 2688, 86, 2695, 86, 2696, 2697, 2689,
2434
2435 3557, 86, 2693, 2698, 86, 2699, 2690, 2700, 2702, 86,
2436 86, 2701, 2704, 86, 2703, 2705, 86, 2706, 2707, 2692,
2437 86, 86, 2695, 2708, 2696, 86, 3557, 86, 3557, 3557,
2438 2698, 86, 2699, 86, 2700, 86, 86, 86, 2701, 2704,
2439 86, 2703, 2705, 2709, 2706, 2707, 2710, 2711, 86, 2712,
2440 2708, 2713, 2716, 2714, 2717, 2715, 86, 2718, 86, 86,
2441 86, 2719, 86, 2721, 2722, 3557, 2723, 3557, 2720, 3557,
2442 2709, 86, 86, 2710, 2711, 2724, 2712, 86, 2713, 86,
2443 2714, 86, 2715, 86, 86, 2725, 86, 2727, 86, 2726,
2444 2721, 2722, 86, 2723, 86, 2720, 2729, 2731, 2728, 2730,
2445
2446 2732, 86, 2724, 86, 86, 86, 2734, 2733, 86, 2735,
2447 2738, 86, 2725, 86, 2727, 86, 2726, 2737, 2741, 2736,
2448 2744, 3557, 2740, 2729, 2731, 2728, 2730, 86, 2739, 86,
2449 86, 2742, 86, 86, 2733, 86, 86, 2738, 86, 2745,
2450 86, 2743, 2746, 86, 2737, 2741, 2736, 86, 86, 2740,
2451 2747, 86, 2748, 2749, 3557, 2739, 2753, 86, 2742, 86,
2452 2750, 2751, 3557, 86, 2755, 2752, 2745, 86, 2743, 86,
2453 86, 2754, 2757, 2758, 86, 2756, 3557, 2747, 2761, 2748,
2454 2749, 86, 86, 2753, 86, 86, 170, 2750, 2751, 2762,
2455 86, 2755, 2752, 86, 2759, 2763, 2760, 2764, 2754, 2757,
2456
2457 2758, 86, 2756, 86, 2765, 2761, 2766, 2767, 86, 2768,
2458 3557, 2769, 2772, 86, 2770, 3557, 2762, 2773, 2771, 86,
2459 2774, 2759, 2763, 2760, 2764, 86, 86, 86, 86, 2781,
2460 3557, 2765, 86, 86, 86, 86, 2768, 86, 2769, 2772,
2461 86, 2770, 2775, 2776, 2773, 2771, 2777, 2774, 2778, 86,
2462 2779, 86, 86, 2780, 86, 86, 2781, 2782, 2783, 2786,
2463 86, 2785, 2784, 2787, 86, 2789, 2790, 86, 86, 2775,
2464 2776, 86, 2792, 2777, 2788, 2778, 86, 2779, 2791, 86,
2465 2780, 3557, 2793, 86, 2782, 2783, 86, 86, 2785, 2784,
2466 2787, 86, 2789, 86, 2794, 2795, 86, 2796, 2797, 86,
2467
2468 2801, 2788, 2798, 86, 86, 2791, 2799, 2800, 86, 2793,
2469 86, 86, 2802, 2803, 2804, 86, 2805, 86, 86, 2806,
2470 2810, 2794, 2795, 86, 2796, 2797, 2807, 2801, 86, 2798,
2471 2808, 2809, 86, 2799, 2800, 2811, 2812, 2813, 2814, 2802,
2472 86, 86, 2821, 2805, 86, 86, 2806, 86, 86, 2815,
2473 2817, 86, 86, 2807, 2816, 2820, 2819, 86, 86, 2822,
2474 2818, 86, 2811, 2812, 2813, 2814, 86, 86, 2823, 86,
2475 2825, 86, 2828, 3557, 2827, 3557, 2815, 2817, 86, 86,
2476 86, 2816, 2820, 2819, 86, 2824, 2822, 2818, 86, 86,
2477 2826, 2829, 2830, 86, 2832, 86, 2831, 2825, 86, 2828,
2478
2479 2833, 2827, 86, 86, 2835, 2836, 2834, 86, 2837, 2839,
2480 2840, 3557, 2824, 86, 86, 86, 2838, 2826, 2829, 2830,
2481 86, 2832, 2841, 2831, 2842, 86, 86, 2833, 86, 2843,
2482 2845, 2835, 86, 2834, 86, 2837, 86, 2840, 2844, 2846,
2483 2847, 86, 2851, 2838, 2853, 2849, 2848, 86, 2850, 2841,
2484 2856, 2842, 86, 86, 86, 86, 2843, 2845, 86, 86,
2485 2854, 2852, 86, 2855, 2858, 2844, 86, 2847, 2860, 86,
2486 2857, 2853, 2849, 2848, 2859, 2850, 86, 86, 86, 2862,
2487 2864, 2861, 2867, 86, 2865, 2868, 86, 2854, 2852, 86,
2488 2855, 86, 86, 2863, 86, 2860, 86, 2857, 2866, 86,
2489
2490 86, 2859, 2869, 86, 2870, 2871, 2862, 86, 2861, 86,
2491 86, 2865, 2868, 2874, 2875, 2872, 86, 2873, 86, 2877,
2492 2863, 86, 2876, 86, 2880, 2866, 2878, 3557, 2879, 2869,
2493 2881, 2870, 2871, 86, 86, 86, 3557, 86, 2884, 2882,
2494 86, 2875, 2872, 2890, 2873, 2885, 86, 2886, 86, 2876,
2495 86, 2880, 86, 2878, 2883, 2879, 86, 2881, 86, 86,
2496 2887, 2888, 86, 2889, 86, 2884, 2882, 2891, 2893, 2892,
2497 86, 2894, 2885, 2895, 2886, 86, 86, 2896, 2899, 3557,
2498 2897, 2883, 86, 86, 2900, 2914, 2901, 2887, 2888, 86,
2499 2889, 86, 2898, 86, 86, 2893, 2892, 2902, 170, 86,
2500
2501 2895, 86, 2904, 2903, 2896, 2905, 86, 2897, 2906, 86,
2502 86, 2900, 86, 2901, 2907, 2908, 2909, 86, 2911, 2898,
2503 2913, 2910, 86, 2915, 2902, 86, 3557, 2912, 2921, 86,
2504 2903, 2916, 86, 86, 2917, 2906, 2922, 2919, 2920, 86,
2505 86, 86, 2908, 2918, 86, 2911, 86, 2913, 86, 86,
2506 2915, 2923, 86, 86, 2912, 86, 86, 2924, 2916, 2925,
2507 86, 2917, 2928, 2926, 2919, 2920, 2929, 2927, 86, 3557,
2508 2918, 2932, 86, 86, 2930, 2931, 3557, 86, 2923, 86,
2509 86, 2933, 2934, 2940, 2924, 86, 2925, 2935, 86, 2928,
2510 2926, 86, 2936, 2929, 2927, 86, 86, 86, 2932, 2937,
2511
2512 86, 2930, 2931, 2938, 2939, 86, 2941, 2945, 2933, 2934,
2513 2948, 3557, 2942, 86, 2935, 86, 2943, 86, 86, 2936,
2514 86, 2944, 2946, 86, 2947, 86, 2937, 86, 86, 86,
2515 2938, 2939, 86, 2941, 86, 2949, 2951, 2948, 2950, 2942,
2516 2956, 2953, 86, 2943, 2952, 2958, 2955, 86, 2944, 2946,
2517 86, 2947, 86, 86, 2954, 2957, 2959, 86, 2961, 2962,
2518 2963, 86, 2949, 86, 2967, 2950, 2960, 86, 2953, 86,
2519 2964, 2952, 86, 2955, 2965, 86, 2966, 86, 86, 86,
2520 2968, 2954, 2957, 2969, 2972, 3557, 86, 2963, 86, 2971,
2521 86, 2967, 2970, 2960, 86, 2974, 86, 2964, 2976, 2975,
2522
2523 2977, 2965, 86, 2966, 2978, 2973, 2979, 86, 86, 3557,
2524 2969, 86, 86, 2980, 2982, 86, 2971, 86, 2981, 2970,
2525 2984, 86, 2974, 2983, 2985, 86, 2975, 86, 2990, 86,
2526 86, 86, 2973, 2979, 2988, 86, 86, 2989, 2986, 86,
2527 2980, 86, 86, 2987, 86, 2981, 2991, 2984, 2992, 86,
2528 2983, 2985, 2993, 2994, 86, 2990, 2997, 2995, 2996, 2998,
2529 2999, 2988, 3000, 3002, 2989, 3001, 3003, 86, 86, 3004,
2530 86, 86, 86, 86, 3005, 86, 3008, 86, 86, 86,
2531 2994, 3011, 3007, 86, 2995, 2996, 2998, 2999, 86, 86,
2532 86, 86, 3001, 3003, 3006, 86, 86, 3009, 3012, 3010,
2533
2534 3013, 3005, 3015, 86, 3016, 3014, 86, 3017, 86, 3007,
2535 3019, 86, 3018, 86, 86, 3557, 3020, 3021, 86, 3022,
2536 86, 3006, 86, 3023, 86, 3012, 3010, 3025, 3024, 3015,
2537 3028, 3016, 86, 86, 3017, 3026, 3027, 86, 3035, 3018,
2538 86, 3557, 86, 3020, 3021, 86, 86, 86, 3029, 3030,
2539 3023, 86, 3031, 3034, 3025, 3024, 86, 3028, 86, 3032,
2540 86, 3047, 3026, 3027, 3033, 86, 86, 3557, 86, 3036,
2541 3037, 86, 3039, 3040, 86, 3029, 3030, 3048, 3038, 3031,
2542 3034, 86, 86, 3041, 3042, 86, 3032, 3044, 86, 3043,
2543 3046, 3033, 3045, 3557, 86, 3049, 3036, 3037, 86, 3039,
2544
2545 3040, 3050, 86, 86, 3048, 3038, 3051, 3557, 3052, 3053,
2546 3041, 3055, 3056, 86, 3064, 3054, 86, 3046, 86, 86,
2547 86, 86, 3049, 3058, 3060, 3065, 3061, 86, 3050, 3557,
2548 3057, 3066, 86, 3051, 86, 3052, 3053, 86, 3055, 3056,
2549 3059, 86, 3054, 86, 86, 86, 86, 3062, 86, 3063,
2550 3058, 3060, 86, 3061, 86, 86, 86, 3057, 3066, 3067,
2551 3068, 3069, 3070, 3071, 3073, 3557, 3074, 3059, 3557, 86,
2552 3072, 3079, 3557, 3080, 3062, 3557, 3063, 3075, 3076, 3081,
2553 86, 3077, 86, 3082, 86, 3078, 3067, 3068, 86, 3070,
2554 86, 86, 86, 3074, 86, 86, 86, 3072, 86, 86,
2555
2556 86, 86, 86, 3083, 3075, 3076, 3081, 3084, 3077, 3085,
2557 3082, 86, 3078, 3086, 3088, 3089, 3090, 3557, 3087, 3092,
2558 3094, 86, 3091, 86, 3093, 3095, 3097, 3096, 86, 86,
2559 3083, 3098, 3099, 86, 3084, 86, 3085, 86, 86, 86,
2560 3100, 3088, 3089, 3090, 86, 86, 86, 86, 3102, 3091,
2561 86, 3093, 3095, 3097, 3096, 86, 3103, 3104, 86, 3099,
2562 3101, 3105, 86, 3106, 86, 3107, 3557, 3100, 3111, 3108,
2563 86, 86, 3109, 3117, 86, 3102, 3110, 3557, 86, 3112,
2564 3557, 3118, 3119, 3103, 3104, 3114, 86, 3101, 3124, 3557,
2565 3106, 86, 3107, 86, 86, 3111, 3108, 3113, 86, 3109,
2566
2567 86, 86, 86, 3110, 3115, 3120, 3112, 3116, 86, 86,
2568 3121, 86, 3114, 3122, 3123, 3127, 3125, 86, 3128, 3130,
2569 86, 86, 3126, 86, 3113, 86, 3132, 86, 3131, 3133,
2570 86, 3115, 3120, 3129, 3116, 86, 86, 3121, 86, 3135,
2571 3122, 3123, 86, 3125, 86, 3128, 3130, 3136, 86, 3126,
2572 86, 3137, 3134, 3132, 86, 3131, 3139, 3140, 3138, 3141,
2573 3129, 86, 3143, 3142, 3144, 86, 86, 3145, 3557, 86,
2574 86, 86, 3148, 86, 3136, 86, 3557, 3174, 3137, 3134,
2575 86, 86, 86, 3139, 3140, 3138, 3141, 3146, 3147, 3143,
2576 3142, 86, 3149, 3150, 3145, 86, 3153, 3151, 3152, 3148,
2577
2578 3154, 86, 86, 3155, 86, 86, 3159, 86, 3156, 86,
2579 86, 3161, 3157, 3162, 3146, 3147, 3163, 86, 86, 3149,
2580 3150, 86, 3165, 3153, 3151, 3152, 86, 3154, 3160, 86,
2581 3155, 3158, 86, 86, 86, 3156, 86, 3166, 86, 3157,
2582 3162, 3164, 3167, 86, 3168, 3169, 3557, 86, 86, 86,
2583 3171, 3170, 3172, 86, 3176, 3160, 86, 3173, 3158, 86,
2584 3177, 3175, 86, 3178, 3166, 86, 86, 3180, 3164, 3167,
2585 3181, 3168, 3169, 86, 3179, 86, 86, 86, 3170, 3172,
2586 3186, 3176, 86, 3183, 3173, 3182, 86, 3177, 3175, 3184,
2587 3178, 3185, 86, 3187, 86, 3190, 86, 3188, 3189, 3193,
2588
2589 3195, 3179, 86, 3192, 3199, 86, 3194, 86, 3197, 86,
2590 3557, 86, 3182, 86, 3191, 86, 3184, 86, 3185, 86,
2591 86, 3196, 86, 86, 3188, 3189, 3193, 3198, 3200, 86,
2592 3192, 86, 86, 3194, 86, 3197, 3201, 3202, 3557, 3203,
2593 86, 3191, 3204, 3205, 3206, 3207, 3209, 3208, 3196, 3557,
2594 86, 3557, 3212, 3210, 3198, 3200, 3215, 86, 3218, 3211,
2595 86, 86, 86, 3201, 3202, 86, 3203, 3213, 3557, 3204,
2596 3205, 86, 86, 3557, 3208, 3214, 86, 3219, 86, 86,
2597 3210, 86, 3222, 86, 3220, 86, 3211, 3223, 86, 86,
2598 3216, 3217, 86, 86, 3213, 3221, 86, 86, 3224, 3225,
2599
2600 86, 3226, 3214, 3227, 3219, 3228, 86, 3229, 3557, 3222,
2601 86, 3220, 3233, 3230, 86, 3232, 3231, 3216, 3217, 86,
2602 3234, 3235, 3221, 3236, 3237, 3224, 3225, 3239, 3226, 86,
2603 86, 3240, 86, 3241, 86, 86, 3242, 86, 86, 86,
2604 3230, 3243, 3232, 3231, 3238, 86, 3246, 86, 86, 86,
2605 86, 3237, 3244, 86, 86, 3248, 3245, 86, 3240, 86,
2606 86, 86, 3247, 86, 3249, 3250, 86, 86, 3243, 3251,
2607 3254, 3238, 3252, 3246, 3255, 3256, 3258, 86, 3557, 3244,
2608 3253, 86, 3248, 3245, 3257, 86, 3260, 86, 86, 3247,
2609 3261, 86, 3250, 86, 86, 3263, 3251, 3254, 3259, 3252,
2610
2611 3262, 86, 86, 3264, 3265, 86, 86, 3253, 86, 3267,
2612 3266, 3257, 86, 3260, 3557, 3269, 3270, 3261, 3268, 3557,
2613 3557, 3272, 86, 86, 3271, 3259, 86, 3262, 3273, 3274,
2614 86, 3265, 3275, 86, 86, 3276, 86, 3266, 3277, 86,
2615 3278, 86, 3269, 86, 86, 3268, 86, 3279, 3272, 3283,
2616 86, 3271, 3280, 86, 3291, 3273, 3274, 86, 86, 3275,
2617 86, 86, 3276, 3281, 3282, 3277, 86, 3278, 3557, 3284,
2618 86, 86, 3285, 3286, 3279, 3287, 3283, 3294, 3557, 3280,
2619 86, 86, 86, 3288, 3289, 3290, 86, 3292, 3293, 3295,
2620 3281, 3282, 86, 3296, 3297, 86, 3284, 3299, 3557, 3285,
2621
2622 3286, 86, 3287, 86, 3294, 86, 86, 3298, 3557, 86,
2623 3288, 3289, 3290, 3300, 3292, 3293, 3295, 3301, 3302, 3303,
2624 86, 86, 3304, 3305, 86, 86, 3306, 3307, 3557, 3308,
2625 86, 3309, 3310, 3557, 3298, 86, 3311, 3314, 3557, 3312,
2626 3300, 3315, 3557, 3317, 3301, 86, 86, 3313, 3557, 3316,
2627 86, 86, 3557, 3320, 3321, 86, 86, 3557, 3557, 86,
2628 86, 86, 86, 3311, 86, 86, 3312, 3324, 3315, 86,
2629 3317, 3318, 3319, 3325, 3313, 86, 3316, 3322, 86, 86,
2630 3320, 86, 3328, 3323, 86, 86, 3329, 86, 3326, 3327,
2631 3330, 86, 3332, 3331, 3324, 3333, 86, 3334, 3318, 3319,
2632
2633 3325, 86, 3335, 3336, 3322, 3341, 86, 3339, 86, 3328,
2634 3323, 86, 3340, 3329, 86, 3326, 3327, 86, 86, 3332,
2635 3331, 3344, 86, 3337, 86, 86, 3338, 86, 3343, 3335,
2636 3336, 3342, 3345, 86, 3346, 3347, 3348, 86, 3349, 86,
2637 86, 86, 3351, 86, 3350, 3352, 3354, 3355, 3344, 3356,
2638 3337, 3358, 3353, 3338, 86, 3343, 86, 3357, 3342, 3345,
2639 3359, 3346, 3347, 86, 86, 86, 3360, 3361, 86, 86,
2640 86, 3350, 86, 3354, 86, 86, 86, 3362, 86, 3353,
2641 3363, 3364, 3365, 3367, 3357, 3366, 86, 86, 3368, 3369,
2642 3371, 3372, 3373, 86, 86, 3370, 3375, 3380, 86, 3379,
2643
2644 3557, 86, 3376, 3374, 86, 86, 3377, 86, 86, 86,
2645 3367, 86, 3366, 86, 86, 86, 86, 3371, 3372, 86,
2646 86, 3378, 3370, 86, 86, 86, 3379, 3381, 3382, 3376,
2647 3374, 3383, 3384, 3377, 3385, 86, 86, 3386, 3387, 86,
2648 86, 3389, 3388, 3392, 3390, 3391, 3557, 86, 3378, 3394,
2649 3557, 86, 3397, 3393, 3381, 86, 86, 86, 3383, 3384,
2650 86, 3385, 86, 86, 3386, 3387, 86, 86, 3395, 3388,
2651 3392, 3390, 3391, 86, 3396, 86, 3394, 3400, 3398, 3397,
2652 3393, 3399, 86, 3401, 3402, 3403, 3404, 3405, 3407, 86,
2653 86, 3557, 86, 3406, 3408, 3395, 3409, 86, 86, 86,
2654
2655 3412, 3396, 3557, 86, 3400, 3398, 86, 86, 3399, 3410,
2656 3401, 3402, 86, 86, 86, 3407, 86, 86, 3413, 3414,
2657 3406, 3408, 86, 3409, 3411, 3415, 3418, 3412, 86, 3416,
2658 3419, 3420, 3425, 3417, 86, 3557, 3410, 86, 3422, 86,
2659 86, 3421, 86, 86, 86, 3413, 3414, 86, 3423, 3424,
2660 86, 3411, 3415, 3418, 86, 86, 3416, 3419, 3420, 3425,
2661 3417, 3426, 3427, 3428, 86, 3422, 86, 86, 3421, 3430,
2662 3429, 3432, 3431, 3433, 3434, 3423, 3424, 86, 86, 3435,
2663 3446, 3436, 3437, 3438, 86, 86, 3439, 3441, 3426, 3427,
2664 86, 86, 86, 3442, 86, 3440, 3430, 3429, 3432, 3431,
2665
2666 86, 3434, 86, 3443, 3448, 3445, 86, 86, 3436, 86,
2667 86, 86, 86, 3439, 3441, 86, 3444, 86, 86, 86,
2668 3442, 3447, 3440, 3449, 3450, 86, 3451, 3452, 3453, 3454,
2669 3443, 3448, 3445, 86, 86, 3456, 3455, 3457, 3458, 3459,
2670 3461, 86, 3460, 3444, 86, 86, 3463, 86, 3447, 86,
2671 3449, 86, 3462, 3451, 86, 86, 3454, 3464, 3465, 86,
2672 86, 3466, 86, 3455, 3457, 3458, 86, 3461, 86, 3460,
2673 3468, 86, 3467, 3469, 3470, 86, 3471, 3472, 86, 3462,
2674 86, 3473, 86, 3474, 86, 3465, 3475, 3476, 3466, 86,
2675 3477, 3478, 86, 86, 86, 3483, 3489, 3468, 86, 3467,
2676
2677 86, 86, 3479, 3471, 3472, 86, 86, 3480, 3473, 86,
2678 3474, 3481, 3485, 3475, 3476, 86, 86, 3477, 3478, 3482,
2679 3484, 86, 86, 3486, 3487, 3496, 3488, 86, 86, 3479,
2680 3490, 86, 3491, 86, 3480, 3557, 3492, 3494, 3481, 3485,
2681 3493, 86, 3495, 3497, 3498, 86, 3482, 3484, 86, 3499,
2682 3486, 86, 86, 3488, 86, 3501, 86, 3490, 86, 3491,
2683 3500, 3502, 86, 3492, 3494, 86, 3504, 3493, 86, 86,
2684 3497, 86, 86, 3503, 86, 86, 3499, 3505, 3506, 3557,
2685 3507, 86, 3501, 3508, 3557, 86, 3512, 3500, 3502, 3511,
2686 3509, 3513, 86, 3510, 86, 3514, 3557, 3515, 86, 86,
2687
2688 3503, 3517, 3557, 3516, 3505, 3506, 86, 3507, 86, 86,
2689 86, 86, 3519, 3512, 3521, 86, 3511, 3509, 3513, 3522,
2690 3510, 3520, 3514, 86, 3515, 86, 3518, 86, 3517, 86,
2691 3516, 3524, 3523, 3526, 3525, 3527, 3529, 3557, 86, 3519,
2692 86, 3521, 86, 3528, 3530, 86, 3522, 3531, 3520, 3535,
2693 3533, 86, 3557, 3518, 86, 3542, 3557, 86, 3524, 3523,
2694 86, 3525, 3527, 86, 86, 3532, 3537, 86, 86, 3538,
2695 3528, 3530, 86, 86, 3531, 3534, 86, 3533, 3536, 3539,
2696 3546, 3540, 86, 86, 3541, 3548, 86, 86, 86, 86,
2697 3543, 86, 3532, 3537, 3545, 3544, 3538, 3549, 86, 3547,
2698
2699 3555, 3551, 3534, 86, 3556, 3536, 3539, 86, 3540, 3550,
2700 86, 3541, 86, 3552, 3557, 3557, 3557, 3543, 3557, 86,
2701 86, 3545, 3544, 86, 86, 3553, 3547, 86, 3551, 86,
2702 3554, 86, 3557, 86, 3557, 86, 3550, 3557, 86, 3557,
2703 3552, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
2704 3557, 3557, 3553, 3557, 3557, 3557, 3557, 3554, 47, 47,
25722705 47, 47, 47, 47, 47, 52, 52, 52, 52, 52,
25732706 52, 52, 57, 57, 57, 57, 57, 57, 57, 63,
25742707 63, 63, 63, 63, 63, 63, 68, 68, 68, 68,
25752708 68, 68, 68, 74, 74, 74, 74, 74, 74, 74,
2576 80, 80, 80, 80, 80, 80, 80, 89, 89, 3353,
2577
2578 89, 89, 89, 89, 160, 160, 3353, 3353, 3353, 160,
2579 160, 162, 162, 3353, 3353, 162, 3353, 162, 164, 3353,
2580 3353, 3353, 3353, 3353, 164, 167, 167, 3353, 3353, 3353,
2581 167, 167, 169, 3353, 3353, 3353, 3353, 3353, 169, 171,
2582 171, 3353, 171, 171, 171, 171, 174, 3353, 3353, 3353,
2583 3353, 3353, 174, 177, 177, 3353, 3353, 3353, 177, 177,
2584 90, 90, 3353, 90, 90, 90, 90, 17, 3353, 3353,
2585 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
2586 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
2587 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
2588
2589 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
2590 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
2591 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
2592 3353, 3353, 3353, 3353
2709
2710 80, 80, 80, 80, 80, 80, 80, 89, 89, 3557,
2711 89, 89, 89, 89, 160, 160, 3557, 3557, 3557, 160,
2712 160, 162, 162, 3557, 3557, 162, 3557, 162, 164, 3557,
2713 3557, 3557, 3557, 3557, 164, 167, 167, 3557, 3557, 3557,
2714 167, 167, 169, 3557, 3557, 3557, 3557, 3557, 169, 171,
2715 171, 3557, 171, 171, 171, 171, 174, 3557, 3557, 3557,
2716 3557, 3557, 174, 177, 177, 3557, 3557, 3557, 177, 177,
2717 90, 90, 3557, 90, 90, 90, 90, 17, 3557, 3557,
2718 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
2719 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
2720
2721 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
2722 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
2723 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
2724 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
2725 3557, 3557, 3557, 3557
25932726 } ;
25942727
2595 static const flex_int16_t yy_chk[9635] =
2728 static const flex_int16_t yy_chk[10245] =
25962729 { 0,
25972730 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
25982731 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
26052738 7, 7, 7, 33, 7, 8, 8, 8, 8, 32,
26062739 8, 9, 9, 9, 10, 10, 10, 19, 51, 51,
26072740
2608 1090, 19, 3361, 3, 32, 33, 4, 67, 67, 5,
2609 33, 6, 2735, 13, 13, 13, 13, 7, 13, 14,
2741 1126, 19, 3565, 3, 32, 33, 4, 67, 67, 5,
2742 33, 6, 2894, 13, 13, 13, 13, 7, 13, 14,
26102743 14, 14, 14, 8, 14, 15, 15, 15, 9, 25,
2611 1090, 10, 11, 11, 11, 11, 11, 11, 12, 12,
2744 1126, 10, 11, 11, 11, 11, 11, 11, 12, 12,
26122745 12, 12, 12, 12, 16, 16, 16, 34, 28, 84,
26132746 84, 13, 11, 45, 293, 25, 25, 14, 12, 34,
2614 39, 23, 15, 23, 23, 45, 23, 1099, 28, 177,
2747 39, 23, 15, 23, 23, 45, 23, 1138, 28, 177,
26152748 11, 28, 23, 39, 34, 28, 12, 176, 87, 11,
26162749 45, 16, 87, 293, 37, 12, 30, 39, 29, 56,
26172750 37, 174, 56, 72, 30, 28, 26, 169, 100, 23,
26352768 38, 43, 73, 38, 73, 73, 95, 73, 111, 97,
26362769 38, 43, 38, 38, 104, 43, 43, 38, 95, 104,
26372770 79, 38, 79, 79, 58, 79, 111, 38, 219, 86,
2638 38, 86, 86, 97, 86, 222, 97, 38, 40, 944,
2771 38, 86, 86, 97, 86, 222, 97, 38, 40, 971,
26392772 86, 104, 40, 89, 96, 89, 89, 112, 89, 98,
26402773
26412774 57, 96, 40, 40, 89, 40, 112, 103, 103, 106,
26422775 105, 52, 98, 47, 40, 40, 103, 222, 105, 40,
2643 944, 96, 18, 98, 112, 137, 98, 106, 17, 40,
2776 971, 96, 18, 98, 112, 137, 98, 106, 17, 40,
26442777 40, 89, 40, 41, 103, 103, 41, 105, 102, 98,
26452778 107, 106, 109, 41, 102, 108, 102, 41, 41, 109,
26462779 224, 137, 137, 107, 106, 41, 113, 0, 108, 102,
26872820 256, 217, 256, 197, 211, 218, 214, 211, 216, 197,
26882821 197, 214, 215, 216, 221, 215, 218, 215, 226, 225,
26892822 223, 220, 220, 231, 226, 221, 228, 223, 0, 215,
2690 233, 215, 218, 225, 230, 0, 0, 0, 215, 215,
2691 234, 0, 215, 232, 215, 226, 221, 223, 228, 239,
2692 235, 225, 221, 228, 234, 231, 215, 230, 215, 236,
2693 225, 230, 233, 232, 237, 238, 236, 234, 239, 240,
2694 232, 235, 241, 244, 238, 242, 239, 235, 243, 238,
2695
2696 245, 251, 247, 240, 244, 237, 236, 245, 248, 249,
2697 243, 237, 238, 242, 241, 253, 240, 248, 246, 241,
2698 244, 238, 242, 246, 247, 243, 250, 245, 259, 247,
2699 255, 250, 249, 251, 254, 248, 249, 252, 252, 258,
2700 257, 254, 260, 261, 262, 264, 252, 253, 257, 0,
2701 246, 261, 255, 250, 263, 267, 265, 255, 264, 258,
2702 259, 254, 266, 268, 252, 252, 258, 257, 0, 263,
2703 261, 269, 264, 270, 260, 271, 262, 270, 267, 272,
2704 274, 263, 265, 265, 273, 0, 275, 267, 269, 266,
2705 276, 278, 273, 275, 272, 268, 269, 271, 269, 274,
2706
2707 270, 279, 271, 280, 277, 267, 272, 274, 277, 282,
2708 281, 273, 276, 275, 0, 269, 283, 276, 285, 287,
2709 289, 284, 286, 278, 288, 280, 288, 285, 283, 290,
2710 280, 277, 281, 279, 284, 286, 291, 281, 287, 292,
2711 0, 282, 295, 283, 296, 285, 287, 297, 284, 286,
2712 294, 288, 289, 290, 299, 298, 290, 300, 297, 294,
2713 303, 291, 304, 291, 305, 292, 292, 298, 295, 295,
2714 296, 296, 301, 302, 297, 304, 306, 294, 299, 307,
2715 300, 299, 298, 309, 300, 308, 311, 313, 0, 304,
2716 301, 302, 303, 310, 313, 312, 305, 314, 315, 301,
2717
2718 302, 306, 308, 306, 315, 317, 314, 316, 308, 309,
2719 309, 307, 308, 318, 313, 310, 320, 319, 311, 312,
2720 310, 316, 321, 326, 314, 315, 319, 312, 323, 308,
2721 321, 317, 317, 322, 316, 325, 324, 318, 326, 320,
2722 318, 327, 322, 320, 319, 324, 312, 328, 0, 321,
2723 326, 329, 325, 0, 323, 323, 0, 331, 332, 325,
2724 322, 0, 325, 324, 0, 333, 329, 332, 0, 335,
2725 0, 328, 336, 327, 328, 331, 338, 338, 329, 325,
2726 330, 341, 0, 330, 331, 332, 336, 333, 330, 330,
2727 330, 330, 333, 335, 337, 334, 335, 334, 330, 336,
2728
2729 339, 338, 340, 338, 338, 339, 0, 330, 341, 337,
2730 330, 347, 0, 334, 348, 330, 330, 330, 330, 334,
2731 342, 337, 334, 342, 334, 343, 340, 345, 346, 340,
2732 342, 349, 339, 344, 344, 371, 348, 343, 347, 350,
2733 334, 348, 352, 344, 351, 345, 346, 342, 353, 357,
2734 342, 354, 343, 362, 345, 346, 351, 349, 349, 354,
2735 344, 344, 371, 353, 352, 350, 350, 355, 356, 352,
2736 361, 351, 369, 0, 355, 353, 0, 358, 354, 358,
2737 356, 357, 360, 363, 365, 362, 365, 366, 358, 360,
2738 364, 411, 361, 370, 355, 356, 364, 361, 369, 369,
2739
2740 366, 368, 411, 358, 358, 363, 358, 0, 365, 360,
2741 363, 365, 364, 365, 366, 358, 367, 364, 411, 368,
2742 372, 373, 379, 364, 377, 370, 375, 373, 368, 367,
2743 393, 373, 367, 375, 367, 379, 377, 0, 378, 373,
2744 367, 0, 372, 367, 382, 373, 376, 372, 373, 379,
2745 378, 377, 381, 375, 373, 0, 367, 382, 373, 367,
2746 0, 367, 393, 384, 376, 378, 373, 374, 381, 374,
2747 376, 382, 386, 376, 385, 384, 381, 386, 387, 381,
2748 388, 402, 374, 0, 391, 374, 388, 374, 390, 374,
2749 384, 376, 385, 374, 374, 381, 374, 396, 389, 387,
2750
2751 390, 385, 391, 402, 386, 387, 389, 388, 402, 374,
2752 396, 391, 374, 392, 374, 390, 374, 383, 383, 394,
2753 394, 392, 0, 397, 396, 389, 395, 383, 404, 383,
2754 383, 383, 397, 395, 383, 0, 399, 401, 409, 403,
2755 392, 400, 383, 399, 383, 383, 394, 398, 400, 401,
2756 405, 403, 407, 395, 383, 397, 383, 383, 383, 397,
2757 404, 383, 408, 399, 401, 398, 403, 407, 400, 398,
2758 409, 406, 412, 430, 398, 408, 405, 405, 406, 407,
2759 410, 414, 410, 413, 413, 0, 415, 417, 414, 408,
2760 416, 418, 398, 0, 412, 422, 420, 415, 406, 412,
2761
2762 417, 416, 419, 419, 425, 430, 0, 410, 414, 421,
2763 0, 0, 413, 415, 417, 425, 418, 416, 418, 420,
2764 419, 422, 422, 420, 421, 423, 424, 419, 426, 419,
2765 419, 425, 421, 423, 0, 427, 421, 426, 424, 431,
2766 434, 432, 433, 428, 435, 444, 0, 419, 427, 0,
2767 0, 421, 423, 424, 428, 426, 428, 431, 434, 437,
2768 0, 428, 427, 432, 438, 433, 431, 434, 432, 433,
2769 428, 436, 444, 440, 443, 439, 435, 436, 441, 0,
2770 437, 428, 442, 428, 429, 441, 437, 438, 443, 446,
2771 445, 438, 429, 429, 448, 440, 429, 429, 436, 439,
2772
2773 440, 443, 439, 446, 447, 441, 429, 452, 442, 442,
2774 449, 429, 445, 450, 453, 451, 446, 445, 0, 429,
2775 429, 451, 459, 429, 429, 450, 448, 454, 455, 452,
2776 447, 447, 456, 449, 452, 454, 453, 449, 457, 456,
2777 450, 453, 451, 455, 460, 458, 459, 457, 461, 459,
2778 462, 463, 464, 454, 454, 455, 465, 0, 464, 456,
2779 458, 466, 454, 461, 468, 457, 466, 460, 470, 472,
2780 471, 460, 458, 463, 470, 461, 462, 462, 463, 464,
2781 473, 474, 465, 465, 476, 475, 473, 472, 466, 471,
2782 468, 468, 475, 481, 482, 470, 472, 471, 480, 476,
2783
2784 478, 479, 478, 474, 483, 480, 481, 473, 474, 478,
2785 479, 476, 475, 484, 485, 488, 487, 486, 491, 487,
2786 481, 489, 483, 0, 0, 480, 482, 478, 479, 478,
2787 486, 483, 493, 492, 489, 487, 485, 490, 494, 488,
2788 492, 485, 488, 487, 486, 484, 487, 496, 489, 490,
2789 491, 498, 495, 497, 499, 501, 493, 498, 497, 493,
2790 492, 494, 500, 502, 490, 495, 0, 501, 504, 496,
2791 494, 510, 503, 505, 496, 541, 504, 499, 498, 495,
2792 497, 499, 501, 503, 500, 502, 508, 505, 494, 500,
2793 502, 509, 0, 508, 510, 504, 511, 515, 510, 503,
2794
2795 505, 506, 513, 509, 511, 0, 506, 541, 506, 515,
2796 512, 0, 0, 508, 506, 0, 506, 516, 509, 506,
2797 506, 512, 518, 511, 515, 513, 506, 506, 506, 513,
2798 514, 522, 519, 506, 514, 506, 0, 512, 520, 516,
2799 518, 506, 519, 506, 516, 517, 506, 506, 517, 518,
2800 520, 521, 514, 506, 525, 522, 517, 514, 522, 523,
2801 524, 514, 521, 523, 519, 520, 526, 524, 526, 519,
2802 527, 528, 517, 529, 531, 517, 534, 530, 521, 532,
2803 525, 525, 531, 528, 532, 533, 523, 524, 529, 530,
2804 536, 535, 537, 526, 534, 542, 527, 527, 528, 535,
2805
2806 529, 531, 536, 534, 530, 539, 532, 533, 540, 543,
2807 542, 547, 533, 537, 545, 549, 544, 536, 535, 537,
2808 547, 543, 542, 539, 544, 546, 548, 545, 0, 549,
2809 550, 540, 539, 553, 0, 540, 543, 546, 547, 552,
2810 554, 545, 549, 544, 551, 556, 555, 551, 557, 548,
2811 0, 0, 546, 548, 558, 550, 559, 550, 552, 0,
2812 553, 555, 560, 557, 561, 565, 552, 567, 562, 559,
2813 565, 551, 554, 555, 560, 557, 568, 556, 558, 569,
2814 563, 558, 564, 559, 572, 566, 561, 563, 570, 560,
2815 563, 561, 562, 564, 567, 562, 571, 565, 563, 566,
2816
2817 573, 576, 574, 568, 575, 573, 580, 563, 574, 564,
2818 578, 569, 566, 577, 563, 570, 572, 563, 578, 575,
2819 579, 581, 582, 571, 585, 576, 582, 584, 576, 574,
2820 580, 575, 573, 580, 583, 577, 586, 578, 588, 579,
2821 577, 590, 583, 581, 587, 589, 0, 579, 581, 582,
2822 584, 592, 591, 587, 584, 593, 585, 592, 589, 586,
2823 588, 583, 594, 586, 591, 588, 596, 590, 590, 595,
2824 597, 587, 589, 594, 598, 599, 595, 593, 592, 591,
2825 599, 600, 593, 599, 599, 0, 601, 598, 0, 594,
2826 600, 602, 597, 603, 604, 605, 595, 597, 596, 599,
2827
2828 602, 598, 599, 607, 603, 609, 606, 599, 600, 610,
2829 599, 599, 601, 601, 611, 607, 604, 605, 602, 606,
2830 603, 604, 605, 612, 614, 613, 0, 610, 616, 618,
2831 607, 615, 0, 606, 617, 620, 610, 609, 611, 616,
2832 619, 611, 622, 617, 628, 612, 612, 613, 614, 618,
2833 612, 614, 613, 615, 619, 616, 618, 620, 615, 621,
2834 623, 617, 620, 624, 625, 626, 621, 619, 629, 622,
2835 627, 624, 612, 637, 630, 625, 628, 633, 623, 631,
2836 631, 637, 632, 626, 634, 627, 621, 623, 636, 629,
2837 624, 625, 626, 634, 635, 629, 638, 627, 630, 633,
2838
2839 637, 630, 639, 640, 633, 643, 632, 635, 631, 632,
2840 636, 634, 641, 644, 642, 636, 642, 645, 644, 646,
2841 648, 635, 656, 0, 639, 0, 0, 643, 638, 639,
2842 649, 645, 643, 646, 647, 640, 641, 650, 649, 641,
2843 651, 642, 653, 652, 645, 644, 646, 0, 647, 647,
2844 652, 654, 648, 660, 656, 650, 647, 649, 655, 657,
2845 659, 647, 651, 662, 650, 659, 664, 651, 653, 653,
2846 652, 654, 0, 655, 657, 647, 647, 658, 654, 660,
2847 660, 661, 655, 661, 721, 655, 657, 658, 662, 663,
2848 662, 664, 659, 664, 665, 669, 666, 663, 667, 658,
2849
2850 655, 668, 669, 665, 658, 666, 670, 667, 661, 668,
2851 671, 721, 672, 679, 658, 673, 663, 674, 0, 677,
2852 0, 665, 669, 666, 676, 667, 675, 673, 668, 674,
2853 672, 678, 676, 671, 677, 675, 680, 671, 670, 672,
2854 681, 684, 673, 678, 674, 679, 677, 690, 682, 680,
2855 685, 676, 683, 675, 686, 681, 682, 687, 678, 685,
2856 683, 688, 688, 680, 684, 686, 687, 681, 684, 690,
2857 688, 692, 689, 691, 690, 682, 696, 685, 693, 683,
2858 689, 686, 694, 695, 687, 698, 691, 728, 688, 688,
2859 734, 695, 696, 697, 701, 694, 700, 692, 692, 689,
2860
2861 691, 693, 699, 696, 700, 693, 697, 698, 701, 694,
2862 695, 702, 698, 699, 703, 704, 707, 705, 706, 728,
2863 697, 701, 734, 700, 710, 707, 708, 0, 0, 699,
2864 709, 702, 711, 713, 712, 704, 703, 710, 702, 705,
2865 706, 703, 704, 707, 705, 706, 708, 714, 709, 712,
2866 711, 710, 715, 708, 716, 713, 718, 709, 717, 711,
2867 713, 712, 722, 720, 719, 723, 725, 716, 718, 720,
2868 722, 714, 724, 729, 714, 715, 717, 719, 727, 715,
2869 729, 716, 736, 718, 725, 717, 727, 730, 722, 722,
2870 720, 719, 723, 725, 724, 733, 731, 722, 735, 724,
2871
2872 729, 732, 736, 732, 733, 727, 737, 0, 742, 736,
2873 730, 731, 739, 749, 730, 737, 738, 735, 738, 739,
2874 742, 745, 733, 731, 0, 735, 753, 0, 732, 0,
2875 0, 745, 748, 737, 749, 742, 751, 753, 752, 739,
2876 749, 0, 0, 738, 740, 754, 758, 740, 745, 755,
2877 748, 740, 0, 753, 740, 758, 752, 751, 756, 748,
2878 761, 740, 740, 751, 740, 752, 757, 759, 754, 740,
2879 760, 740, 754, 758, 740, 755, 755, 760, 740, 766,
2880 759, 740, 757, 763, 756, 756, 765, 783, 740, 740,
2881 764, 740, 761, 757, 759, 765, 764, 760, 762, 762,
2882
2883 767, 762, 766, 767, 762, 763, 766, 768, 773, 762,
2884 763, 769, 770, 765, 783, 762, 762, 764, 0, 772,
2885 770, 772, 776, 768, 762, 762, 762, 767, 762, 771,
2886 768, 762, 773, 769, 768, 773, 762, 775, 769, 770,
2887 774, 771, 762, 762, 778, 774, 772, 777, 776, 776,
2888 768, 779, 781, 780, 785, 0, 771, 775, 784, 777,
2889 782, 787, 786, 0, 775, 789, 778, 0, 791, 785,
2890 786, 778, 774, 789, 777, 780, 781, 779, 779, 781,
2891 780, 785, 782, 784, 787, 784, 788, 782, 787, 786,
2892 790, 792, 789, 788, 791, 791, 794, 793, 795, 796,
2893
2894 797, 798, 800, 792, 804, 797, 801, 795, 799, 790,
2895 793, 801, 803, 788, 796, 805, 807, 790, 792, 806,
2896 0, 0, 794, 794, 793, 795, 796, 797, 808, 800,
2897 799, 810, 809, 798, 803, 799, 804, 811, 801, 803,
2898 812, 806, 813, 815, 0, 814, 806, 805, 807, 818,
2899 810, 816, 808, 809, 814, 808, 820, 817, 810, 809,
2900 818, 813, 821, 822, 811, 815, 817, 812, 823, 813,
2901 815, 816, 814, 819, 824, 827, 818, 825, 816, 0,
2902 821, 819, 822, 820, 817, 825, 830, 828, 829, 821,
2903 822, 829, 831, 827, 832, 823, 834, 835, 833, 835,
2904
2905 819, 839, 827, 837, 825, 828, 824, 838, 830, 834,
2906 831, 836, 838, 830, 828, 829, 847, 837, 832, 831,
2907 833, 832, 840, 834, 835, 833, 842, 839, 839, 836,
2908 837, 848, 841, 843, 840, 850, 843, 844, 836, 838,
2909 841, 847, 845, 847, 842, 849, 844, 854, 851, 840,
2910 845, 849, 854, 842, 851, 856, 852, 850, 848, 841,
2911 843, 853, 850, 852, 844, 0, 845, 858, 853, 845,
2912 859, 855, 849, 856, 854, 851, 857, 845, 855, 859,
2913 857, 860, 856, 852, 861, 863, 862, 864, 853, 860,
2914 858, 869, 865, 867, 858, 864, 866, 859, 855, 868,
2915
2916 863, 0, 870, 857, 862, 865, 867, 871, 860, 870,
2917 0, 873, 863, 862, 864, 872, 861, 866, 869, 865,
2918 867, 868, 872, 866, 874, 871, 868, 875, 876, 870,
2919 873, 874, 875, 877, 871, 878, 876, 879, 873, 880,
2920 877, 881, 872, 882, 884, 886, 885, 0, 891, 892,
2921 883, 874, 880, 887, 875, 876, 882, 883, 890, 0,
2922 877, 887, 889, 893, 890, 0, 880, 878, 886, 879,
2923 882, 888, 886, 881, 891, 891, 884, 883, 885, 888,
2924 887, 892, 894, 895, 889, 890, 888, 893, 896, 889,
2925 893, 894, 897, 0, 898, 899, 900, 895, 888, 897,
2926
2927 901, 902, 903, 905, 899, 901, 888, 904, 905, 894,
2928 895, 0, 910, 902, 907, 910, 920, 906, 900, 897,
2929 896, 898, 899, 900, 906, 903, 913, 908, 902, 903,
2930 905, 914, 901, 904, 904, 908, 907, 911, 914, 910,
2931 913, 907, 915, 920, 906, 0, 0, 917, 915, 0,
2932 911, 0, 918, 913, 908, 919, 0, 921, 914, 921,
2933 0, 0, 922, 0, 911, 923, 0, 919, 924, 915,
2934 916, 925, 916, 917, 917, 918, 916, 923, 916, 918,
2935 0, 924, 919, 916, 921, 922, 927, 926, 916, 922,
2936 928, 927, 923, 925, 916, 924, 929, 916, 925, 916,
2937
2938 926, 930, 0, 916, 931, 916, 0, 933, 928, 929,
2939 916, 932, 935, 930, 926, 916, 931, 928, 927, 934,
2940 936, 932, 933, 929, 930, 935, 936, 938, 930, 937,
2941 939, 931, 941, 932, 933, 942, 940, 945, 932, 935,
2942 930, 934, 937, 943, 946, 938, 934, 936, 932, 946,
2943 948, 939, 947, 0, 938, 952, 937, 939, 940, 948,
2944 947, 950, 951, 940, 941, 954, 0, 942, 952, 945,
2945 943, 946, 961, 955, 0, 953, 950, 948, 0, 947,
2946 949, 0, 952, 957, 951, 949, 0, 949, 950, 951,
2947 953, 954, 954, 949, 956, 955, 957, 960, 949, 949,
2948
2949 955, 958, 953, 959, 961, 949, 949, 949, 960, 958,
2950 957, 959, 949, 956, 949, 962, 963, 967, 964, 971,
2951 949, 956, 965, 968, 960, 949, 949, 964, 958, 966,
2952 959, 963, 949, 965, 969, 972, 974, 962, 966, 973,
2953 975, 969, 962, 963, 967, 964, 968, 973, 976, 965,
2954 968, 971, 977, 983, 975, 980, 966, 978, 974, 972,
2955 981, 969, 972, 974, 982, 978, 973, 975, 984, 985,
2956 986, 0, 991, 980, 977, 982, 987, 985, 981, 977,
2957 976, 988, 980, 987, 978, 983, 984, 981, 992, 990,
2958 991, 982, 986, 989, 988, 984, 985, 986, 993, 991,
2959
2960 989, 994, 995, 987, 990, 999, 992, 0, 988, 0,
2961 997, 994, 1011, 1002, 1001, 992, 990, 1000, 999, 993,
2962 989, 997, 1001, 1004, 1000, 993, 1002, 1003, 994, 1005,
2963 1006, 1009, 999, 1012, 995, 1004, 1003, 997, 1011, 1011,
2964 1002, 1001, 1010, 1013, 1000, 0, 1020, 1014, 1015, 1020,
2965 1004, 1005, 1006, 1009, 1003, 1017, 1005, 1006, 1009, 1014,
2966 1010, 1013, 1015, 1018, 1021, 1012, 1017, 1022, 1018, 1010,
2967 1013, 1023, 1020, 1020, 1014, 1015, 1020, 1025, 1023, 1024,
2968 1022, 1027, 1017, 1026, 1028, 1029, 1025, 1030, 1021, 0,
2969 1024, 1021, 1029, 1027, 1022, 1018, 1032, 1026, 1023, 1031,
2970
2971 1033, 1035, 1037, 1036, 1025, 0, 1024, 1043, 1027, 1036,
2972 1026, 1031, 1029, 1033, 1038, 1040, 1028, 1041, 1032, 1030,
2973 1039, 1042, 1043, 1032, 1037, 1035, 1031, 1033, 1035, 1037,
2974 1036, 1039, 1045, 1040, 1043, 1046, 1038, 1047, 1048, 1041,
2975 1049, 1038, 1040, 1042, 1041, 1050, 1046, 1039, 1042, 1052,
2976 1057, 1051, 1054, 1045, 1053, 1058, 1059, 1055, 1047, 1045,
2977 1051, 1054, 1046, 1050, 1047, 1055, 1060, 1049, 1056, 1058,
2978 1048, 1064, 1050, 1052, 1057, 1056, 1052, 1057, 1051, 1054,
2979 1053, 1053, 1058, 1061, 1055, 1062, 1063, 1066, 1059, 1068,
2980 1067, 1070, 0, 1069, 0, 1056, 1066, 1067, 1060, 1075,
2981
2982 1073, 1071, 0, 1064, 1072, 1061, 1076, 1062, 1063, 1073,
2983 1061, 0, 1062, 1063, 1066, 1069, 1074, 1067, 1070, 1071,
2984 1069, 1068, 1072, 1075, 1074, 1077, 1075, 1073, 1071, 1078,
2985 1076, 1072, 1080, 1076, 1081, 1079, 1082, 1083, 1084, 1086,
2986 0, 1077, 1081, 1074, 1079, 1085, 1087, 1080, 1089, 1091,
2987 1084, 1078, 1077, 1092, 1087, 0, 1078, 1088, 1091, 1080,
2988 1097, 1081, 1079, 1089, 0, 1084, 1086, 1085, 1082, 1083,
2989 1088, 1092, 1085, 1087, 1093, 1089, 1091, 1094, 1096, 1094,
2990 1092, 1098, 1093, 1100, 1088, 1101, 1096, 1097, 1098, 1103,
2991 1105, 1102, 1106, 1107, 1108, 1104, 1100, 1101, 0, 1106,
2992
2993 0, 1093, 1110, 1109, 1094, 1096, 1102, 1111, 1098, 1112,
2994 1100, 1103, 1101, 1104, 1109, 1113, 1103, 1105, 1102, 1106,
2995 1114, 1115, 1104, 1116, 1110, 1107, 1108, 1119, 1113, 1110,
2996 1109, 1112, 1111, 1114, 1111, 1116, 1112, 1117, 1118, 1119,
2997 1122, 1120, 1113, 1115, 1123, 1117, 1124, 1114, 1115, 1120,
2998 1116, 1125, 1127, 1126, 1119, 1124, 0, 1123, 1118, 1127,
2999 1131, 1128, 1130, 1125, 1117, 1118, 1133, 1122, 1120, 1132,
3000 1128, 1123, 1128, 1124, 1126, 1128, 1136, 1135, 1125, 1127,
3001 1126, 1134, 0, 1128, 1137, 1130, 1131, 1131, 1128, 1130,
3002 1135, 1132, 1137, 1133, 1139, 1140, 1132, 1128, 1138, 1128,
3003
3004 1136, 1134, 1128, 1136, 1135, 1141, 1143, 1138, 1134, 1142,
3005 1144, 1137, 1139, 1141, 1145, 1148, 1149, 1140, 1146, 0,
3006 0, 1139, 1140, 1144, 1142, 1138, 1146, 1150, 1143, 1152,
3007 1145, 0, 1141, 1143, 1153, 1154, 1142, 1144, 1149, 1151,
3008 1155, 1145, 1148, 1149, 1160, 1146, 1151, 1156, 1158, 1150,
3009 1157, 1152, 1155, 1154, 1150, 1161, 1152, 1153, 1157, 1156,
3010 1159, 1153, 1154, 1158, 1160, 1162, 1151, 1155, 1165, 1166,
3011 1161, 1160, 1159, 1162, 1156, 1158, 1164, 1157, 1163, 1167,
3012 1169, 1166, 1161, 1168, 1163, 1164, 1167, 1159, 1170, 1165,
3013 1168, 1171, 1162, 1172, 1173, 1165, 1166, 1176, 1169, 1171,
3014
3015 1170, 1175, 1173, 1164, 1176, 1163, 1167, 1169, 1172, 1174,
3016 1168, 1174, 1178, 1175, 1179, 1170, 1180, 0, 1171, 1181,
3017 1172, 1173, 1183, 1182, 1176, 1184, 1179, 1185, 1175, 1180,
3018 1182, 1187, 1186, 1183, 1190, 1188, 1174, 1186, 1181, 1187,
3019 1195, 1179, 1185, 1180, 1178, 1189, 1181, 1184, 1188, 1183,
3020 1182, 1192, 1184, 0, 1185, 1194, 1193, 1196, 1187, 1189,
3021 1190, 1190, 1188, 1224, 1186, 1192, 1195, 1195, 0, 1198,
3022 1197, 1199, 1189, 1191, 1193, 1224, 1201, 1191, 1192, 1196,
3023 1191, 1191, 0, 1193, 1196, 1191, 1202, 1194, 1197, 1200,
3024 1224, 1191, 1202, 1199, 1203, 1191, 1206, 1197, 1199, 1191,
3025
3026 1191, 1198, 1201, 1201, 1191, 1206, 1207, 1191, 1191, 1209,
3027 0, 1200, 1191, 1202, 1210, 1204, 1200, 1204, 1191, 1205,
3028 1203, 1203, 1191, 1206, 1207, 1208, 1205, 1210, 1211, 1212,
3029 1213, 1209, 1208, 1207, 0, 0, 1209, 1211, 1214, 1204,
3030 1215, 1210, 1204, 1218, 1204, 1219, 1205, 1217, 0, 1220,
3031 1220, 0, 1208, 0, 0, 1211, 1218, 1225, 1223, 0,
3032 1214, 1212, 1213, 1215, 1221, 1214, 1225, 1215, 1216, 1217,
3033 1218, 1219, 1219, 1216, 1217, 1216, 1226, 1216, 1220, 1216,
3034 1221, 1223, 1227, 1228, 1225, 1223, 1216, 1227, 1229, 1230,
3035 1232, 1221, 1231, 1229, 1226, 1216, 1235, 1236, 1237, 1233,
3036
3037 1216, 1228, 1216, 1226, 1216, 1231, 1216, 1233, 1232, 1235,
3038 1228, 1230, 1234, 1238, 1227, 1229, 1230, 1232, 1239, 1231,
3039 1234, 1240, 1241, 1235, 1237, 1237, 1233, 1243, 1242, 1236,
3040 1246, 1239, 1238, 1244, 1245, 1241, 1245, 1247, 1248, 1234,
3041 1238, 1249, 1244, 1240, 1250, 1239, 1242, 1243, 1240, 1241,
3042 1248, 1252, 1246, 0, 1243, 1242, 1255, 1246, 1253, 1254,
3043 1244, 1245, 1256, 1257, 1247, 1248, 1258, 1254, 1249, 1250,
3044 1257, 1250, 1259, 1260, 1255, 1252, 1261, 1263, 1252, 1268,
3045 1253, 1262, 1261, 1255, 1264, 1253, 1254, 1262, 1265, 1256,
3046 1257, 1264, 1267, 1258, 1266, 1260, 1270, 1268, 1259, 1259,
3047
3048 1260, 1266, 1269, 1261, 1263, 1270, 1268, 1272, 1262, 1277,
3049 1273, 1264, 1265, 1274, 1267, 1265, 1276, 1275, 1284, 1267,
3050 1278, 1266, 1273, 1270, 1279, 1288, 1281, 1269, 1277, 1269,
3051 1275, 1272, 1280, 1282, 1272, 1274, 1277, 1273, 1276, 1284,
3052 1274, 1283, 1278, 1276, 1275, 1284, 1285, 1278, 1279, 1286,
3053 1283, 1279, 1281, 1281, 1280, 1282, 1289, 1288, 1290, 1280,
3054 1282, 1291, 1293, 1286, 1292, 1294, 1285, 1295, 1283, 1301,
3055 1293, 1296, 1298, 1285, 0, 1302, 1286, 1305, 1296, 1299,
3056 1290, 1294, 1292, 1300, 1298, 1290, 1299, 1300, 1289, 1293,
3057 1303, 1292, 1294, 1291, 1295, 0, 1307, 1308, 1296, 1298,
3058
3059 1310, 1301, 1306, 1307, 1308, 1309, 1299, 1302, 1306, 1305,
3060 1300, 1303, 1311, 1310, 1312, 1306, 1316, 1303, 1313, 1317,
3061 1309, 1311, 1315, 1307, 1308, 1313, 1314, 1310, 1314, 1306,
3062 1318, 1315, 1309, 1319, 1318, 1306, 1321, 1322, 1316, 1311,
3063 1312, 1312, 1322, 1316, 1321, 1313, 1317, 1323, 1324, 1315,
3064 1327, 1325, 1326, 1314, 1330, 1319, 1323, 1318, 1331, 1335,
3065 1319, 1328, 1327, 1321, 1328, 1326, 1324, 1332, 1329, 1322,
3066 1325, 1329, 1330, 1328, 1323, 1324, 1334, 1327, 1325, 1326,
3067 1332, 1330, 1335, 1331, 1336, 1331, 1335, 1337, 1328, 1338,
3068 1329, 1328, 1337, 1341, 1332, 1329, 1340, 1338, 1329, 1342,
3069
3070 1336, 1339, 1339, 1343, 0, 1340, 1344, 1345, 1334, 1348,
3071 1346, 1336, 1343, 1344, 1355, 1341, 1338, 1346, 1349, 1337,
3072 1341, 1342, 1348, 1340, 1351, 1352, 1342, 1349, 1339, 1345,
3073 1343, 1350, 1353, 1344, 1345, 1354, 1348, 1346, 1356, 1357,
3074 1350, 1353, 1358, 1354, 1359, 1349, 1355, 1357, 1352, 1360,
3075 1351, 1351, 1352, 1356, 1363, 1358, 1359, 1362, 1350, 1353,
3076 1361, 1360, 1354, 1364, 1365, 1356, 1357, 1367, 1361, 1358,
3077 1366, 1359, 1371, 1365, 1363, 1370, 1360, 1368, 1369, 1362,
3078 1372, 1363, 1370, 1373, 1362, 1364, 1375, 1361, 1366, 1368,
3079 1364, 1365, 1377, 1367, 1367, 1374, 1369, 1366, 1371, 1371,
3080
3081 1376, 1378, 1370, 1377, 1368, 1369, 1380, 1378, 1374, 1379,
3082 1381, 1382, 1372, 1375, 1383, 1373, 0, 0, 1384, 1377,
3083 1386, 1376, 1374, 1387, 1389, 1392, 1391, 1376, 1378, 0,
3084 1388, 1379, 1394, 1389, 1390, 1393, 1379, 1392, 1380, 1391,
3085 1383, 1383, 1381, 1382, 1384, 1384, 1387, 1386, 1388, 1390,
3086 1387, 1389, 1392, 1391, 1396, 1393, 1395, 1388, 1394, 1394,
3087 1397, 1390, 1393, 1395, 1398, 1400, 1399, 1401, 1402, 1411,
3088 1400, 1404, 1401, 1396, 1399, 1402, 1403, 1398, 1405, 1404,
3089 0, 1396, 1397, 1395, 1408, 1407, 1405, 1397, 1406, 1409,
3090 1414, 1398, 1408, 1399, 0, 1402, 1409, 1400, 1404, 1401,
3091
3092 1410, 1411, 1403, 1403, 1412, 1405, 1406, 1407, 1416, 1410,
3093 1415, 1408, 1407, 1413, 1413, 1406, 1409, 1417, 1415, 1425,
3094 1418, 1422, 1414, 0, 1419, 1420, 1412, 1410, 1418, 1416,
3095 1421, 1412, 1419, 1420, 1422, 1416, 1423, 1415, 1421, 1430,
3096 1413, 1424, 1423, 1426, 1429, 1425, 1425, 1418, 1422, 1417,
3097 1427, 1419, 1420, 1424, 1428, 1431, 1432, 1421, 1427, 1429,
3098 1434, 1433, 1428, 1423, 0, 1436, 1430, 1426, 1424, 1437,
3099 1426, 1429, 1435, 1437, 1434, 1440, 1439, 1427, 1432, 1436,
3100 1444, 1428, 1431, 1432, 1433, 1439, 1437, 1434, 1433, 1441,
3101 1435, 1442, 1436, 1443, 1437, 1445, 1437, 1440, 1442, 1435,
3102
3103 1437, 1441, 1440, 1439, 1443, 1446, 1449, 1444, 1450, 1447,
3104 0, 1448, 1457, 1437, 0, 1456, 1441, 1445, 1442, 1451,
3105 1443, 1447, 1445, 1452, 0, 1448, 1454, 1455, 1449, 1463,
3106 1452, 1450, 1453, 1449, 1455, 1450, 1447, 1446, 1448, 1457,
3107 1459, 1453, 1451, 1462, 1454, 1461, 1451, 1456, 1464, 1459,
3108 1452, 1461, 1467, 1454, 1455, 1463, 1463, 1465, 1469, 1453,
3109 1470, 0, 1471, 1472, 1465, 1462, 0, 1459, 1474, 1475,
3110 1462, 1477, 1461, 1471, 1472, 1476, 1475, 1479, 1480, 1467,
3111 1464, 1481, 1469, 1479, 1465, 1469, 1480, 1470, 1478, 1471,
3112 1472, 1483, 1474, 1476, 1482, 1474, 1475, 1477, 1477, 1488,
3113
3114 1478, 1484, 1476, 1481, 1479, 1480, 1488, 1482, 1481, 1489,
3115 1486, 1485, 1487, 1493, 1487, 1478, 1490, 1483, 1483, 1484,
3116 1485, 1482, 1486, 1491, 1492, 1493, 1488, 1494, 1484, 1490,
3117 1495, 1504, 1491, 1497, 1496, 1489, 1489, 1486, 1485, 1487,
3118 1493, 1496, 1498, 1490, 1500, 1505, 1492, 1498, 1499, 1507,
3119 1491, 1492, 1502, 1495, 1494, 1501, 1505, 1495, 1504, 1497,
3120 1497, 1496, 1507, 1501, 1499, 1508, 1508, 1500, 1506, 1498,
3121 1509, 1500, 1505, 1508, 1502, 1499, 1507, 1506, 1510, 1502,
3122 1510, 1511, 1501, 1509, 1512, 1515, 1516, 1513, 1517, 1514,
3123 0, 1518, 1508, 1508, 1513, 1506, 1514, 1509, 1518, 1519,
3124
3125 1520, 1521, 1522, 1523, 1516, 1510, 1512, 1511, 1511, 1522,
3126 1517, 1512, 1515, 1516, 1513, 1517, 1514, 1525, 1518, 1526,
3127 1527, 1528, 1520, 1530, 1519, 1532, 1519, 1520, 1527, 1522,
3128 1525, 1531, 1535, 1521, 1531, 1523, 1533, 1536, 0, 1538,
3129 1534, 1535, 1528, 1543, 1525, 1530, 1526, 1527, 1528, 1536,
3130 1530, 1532, 1532, 1534, 1537, 1540, 1545, 1544, 1531, 1535,
3131 1539, 1541, 1533, 1533, 1536, 1538, 1538, 1534, 1541, 1539,
3132 1540, 1542, 1545, 1547, 1542, 1543, 1551, 1552, 1537, 1544,
3133 1545, 1537, 1540, 1545, 1544, 1548, 1542, 1539, 1541, 1554,
3134 1549, 1547, 1549, 1553, 1550, 1542, 1555, 1558, 1542, 1545,
3135
3136 1547, 1542, 1556, 1551, 1557, 1560, 1559, 1548, 1562, 1552,
3137 1564, 1554, 1548, 1542, 1560, 1562, 1554, 1549, 1550, 1558,
3138 1559, 1550, 1555, 1555, 1558, 1553, 1561, 1563, 1556, 1556,
3139 1565, 1567, 1560, 1559, 1561, 1562, 1557, 1566, 1569, 1568,
3140 1570, 0, 1564, 1568, 1575, 1573, 1571, 1572, 1574, 1578,
3141 0, 1563, 1573, 1561, 1563, 1574, 1572, 1575, 1578, 1566,
3142 1569, 1580, 1565, 1567, 1566, 1569, 1568, 1570, 1571, 1576,
3143 1577, 1575, 1573, 1571, 1572, 1574, 1578, 1579, 1581, 1579,
3144 1584, 1582, 1576, 1577, 1580, 1585, 1587, 1586, 1580, 1582,
3145 1594, 0, 1588, 3053, 3053, 1584, 1576, 1577, 1589, 1588,
3146
3147 1585, 1586, 1591, 1581, 1579, 1581, 1590, 1584, 1582, 1589,
3148 1592, 1597, 1585, 1590, 1586, 1591, 1592, 1594, 1587, 1588,
3149 1595, 1596, 3053, 1598, 1599, 1589, 1597, 1595, 1600, 1591,
3150 1602, 1601, 1604, 1590, 1601, 1603, 1599, 1592, 1597, 1602,
3151 1605, 1600, 0, 1596, 1604, 1607, 1612, 1595, 1596, 1598,
3152 1598, 1599, 1629, 1603, 1613, 1600, 1607, 1602, 1601, 1604,
3153 1605, 1606, 1603, 1609, 1606, 1614, 1618, 1605, 1609, 1611,
3154 1612, 1611, 1607, 1612, 1615, 1609, 1616, 1621, 1617, 1606,
3155 1619, 1613, 0, 0, 1629, 1616, 1622, 1630, 1606, 1615,
3156 1609, 1606, 1614, 1618, 1619, 1609, 1611, 1625, 1620, 1621,
3157
3158 1624, 1615, 1617, 1616, 1621, 1617, 1620, 1619, 1622, 1623,
3159 1626, 1624, 1628, 1622, 1630, 1625, 1627, 1623, 1626, 1627,
3160 1633, 1631, 1634, 1637, 1625, 1620, 1632, 1624, 1631, 1633,
3161 1628, 1635, 0, 1636, 1627, 1634, 1623, 1626, 1636, 1628,
3162 1632, 1638, 1635, 1627, 1643, 1637, 1627, 1633, 1631, 1634,
3163 1637, 1642, 1641, 1632, 1641, 1644, 1638, 1645, 1635, 1646,
3164 1642, 0, 1647, 1649, 1650, 1636, 1644, 0, 1638, 1648,
3165 1643, 1643, 1648, 1650, 1651, 1645, 1647, 0, 1642, 1641,
3166 1651, 1646, 1644, 1652, 1645, 1649, 1646, 1648, 1647, 1647,
3167 1649, 1650, 1652, 1653, 1655, 1657, 1648, 1656, 1653, 1648,
3168
3169 1657, 1651, 1659, 1647, 1658, 1660, 1661, 1655, 1662, 1656,
3170 1652, 0, 1665, 0, 1660, 1663, 1664, 1670, 1666, 1673,
3171 1668, 1655, 1657, 1669, 1656, 1653, 1658, 1668, 0, 1664,
3172 0, 1658, 1660, 1661, 1659, 1672, 1669, 1663, 1671, 1666,
3173 1662, 1672, 1663, 1664, 1665, 1666, 1677, 1668, 1675, 1670,
3174 1669, 1673, 1671, 1678, 1677, 1679, 1681, 1682, 1680, 1672,
3175 1685, 1678, 1672, 1686, 1683, 1671, 1684, 1675, 1672, 1687,
3176 1681, 1682, 1688, 1677, 1679, 1675, 1680, 1683, 1689, 1684,
3177 1678, 1685, 1679, 1681, 1682, 1680, 1688, 1685, 1691, 1690,
3178 1692, 1683, 1693, 1684, 1695, 1686, 1690, 1691, 1692, 1688,
3179
3180 1694, 1687, 1696, 1698, 1700, 1689, 1701, 1696, 1685, 1697,
3181 1703, 1702, 1698, 1701, 1694, 1691, 1690, 1692, 1704, 1693,
3182 1697, 1705, 1711, 1706, 1707, 0, 1695, 1694, 1707, 1696,
3183 1698, 1700, 1703, 1701, 1702, 1710, 1697, 1703, 1702, 1709,
3184 1704, 1706, 1713, 1705, 1712, 1704, 1715, 1710, 1705, 1711,
3185 1706, 1707, 1712, 1714, 1709, 1716, 1717, 1713, 1722, 1718,
3186 1719, 1714, 1710, 1723, 1721, 1722, 1709, 1726, 1716, 1713,
3187 1725, 1712, 1721, 1715, 1718, 1719, 1717, 1724, 1727, 1725,
3188 1714, 1733, 1716, 1717, 1728, 1722, 1718, 1719, 1726, 1729,
3189 1731, 1721, 1724, 1734, 1726, 1723, 1732, 1725, 1737, 1736,
3190
3191 1735, 1739, 1738, 0, 1724, 1727, 1739, 1754, 1728, 1738,
3192 1740, 1728, 1731, 1733, 1732, 1735, 1729, 1731, 1742, 1740,
3193 1734, 1741, 1737, 1732, 1736, 1737, 1736, 1735, 1739, 1738,
3194 1741, 1743, 1744, 1747, 1745, 1746, 1749, 1740, 1748, 1754,
3195 1742, 1753, 1752, 1749, 1751, 1742, 1755, 1746, 1741, 1745,
3196 1744, 1748, 1755, 1743, 1752, 1747, 1748, 1750, 1743, 1744,
3197 1747, 1745, 1746, 1749, 1750, 1748, 1751, 1757, 1753, 1752,
3198 1759, 1751, 1758, 1755, 1763, 1757, 1760, 1761, 1748, 1750,
3199 1758, 1759, 1764, 1760, 1750, 1762, 1765, 1762, 1766, 1767,
3200 1769, 1750, 1768, 1771, 1757, 1766, 1769, 1759, 1762, 1758,
3201
3202 1763, 1763, 1761, 1760, 1761, 1770, 1772, 1773, 1776, 1764,
3203 1774, 1770, 1762, 1765, 1762, 1766, 1767, 1769, 1768, 1768,
3204 1771, 1777, 1778, 1779, 1781, 1779, 1784, 1790, 1780, 1772,
3205 1777, 1782, 1770, 1772, 1774, 1783, 1786, 1774, 1782, 1773,
3206 1776, 1788, 1786, 1787, 1785, 0, 0, 1789, 1777, 0,
3207 1779, 1781, 1780, 1784, 1778, 1780, 1785, 1783, 1782, 1790,
3208 1795, 0, 1783, 1786, 1802, 1787, 1792, 1788, 1788, 1789,
3209 1787, 1785, 1793, 1792, 1789, 1791, 1791, 1791, 1794, 1796,
3210 1802, 1793, 1791, 1798, 1799, 1794, 1796, 1801, 1798, 1800,
3211 1791, 1802, 1795, 1792, 1804, 1803, 1808, 1799, 1810, 1793,
3212
3213 1805, 1800, 1791, 1791, 1791, 1794, 1796, 1803, 0, 1791,
3214 1806, 1799, 1801, 1807, 1801, 1798, 1800, 1806, 1805, 1807,
3215 1809, 1809, 1803, 1808, 1810, 1810, 1804, 1805, 1811, 1812,
3216 0, 1813, 1814, 1818, 1812, 1811, 1815, 1806, 1824, 1819,
3217 1807, 1819, 1823, 1815, 1820, 1825, 1822, 1809, 1823, 1831,
3218 1829, 1830, 1830, 1827, 1828, 1811, 1812, 1813, 1813, 1814,
3219 1818, 1826, 1820, 1815, 1822, 1827, 1819, 1826, 1829, 1823,
3220 1824, 1820, 1825, 1822, 1828, 1831, 1831, 1829, 1830, 1833,
3221 1827, 1828, 1832, 1832, 1836, 1835, 1837, 1839, 1826, 0,
3222 1833, 1838, 1843, 1837, 1842, 1840, 1844, 0, 0, 1846,
3223
3224 0, 1847, 1842, 1845, 0, 0, 1833, 1835, 1847, 1832,
3225 1850, 1838, 1835, 1837, 1849, 1854, 1836, 1846, 1838, 1839,
3226 1840, 1842, 1840, 1844, 1843, 1845, 1846, 1848, 1847, 1849,
3227 1845, 1851, 1852, 1852, 1850, 1848, 1853, 1850, 1855, 1856,
3228 1851, 1849, 1860, 0, 1857, 1858, 1856, 1854, 1861, 1860,
3229 1863, 1862, 1864, 1861, 1848, 1865, 1857, 1867, 1851, 1852,
3230 1864, 1858, 1853, 1853, 1868, 1867, 1856, 1865, 1858, 1860,
3231 1855, 1857, 1858, 1862, 1869, 1861, 1870, 1863, 1862, 1864,
3232 1871, 1872, 1865, 1873, 1867, 1875, 1876, 1868, 1858, 1874,
3233 0, 1868, 1876, 1879, 1874, 1880, 1877, 1870, 1871, 1882,
3234
3235 1869, 1869, 1880, 1870, 1896, 1874, 1873, 1871, 1872, 1877,
3236 1873, 1878, 1875, 1876, 1883, 1879, 1874, 1881, 1884, 1878,
3237 1879, 1874, 1880, 1877, 1881, 1885, 1883, 1886, 1887, 1889,
3238 1890, 1882, 1891, 1892, 1894, 1890, 1896, 1895, 1878, 1891,
3239 1884, 1883, 1895, 1898, 1881, 1884, 1890, 1889, 0, 1899,
3240 1899, 1887, 1885, 1886, 1886, 1887, 1889, 1890, 1900, 1891,
3241 1892, 1894, 1890, 1901, 1902, 1905, 1904, 1906, 1907, 1895,
3242 1907, 1908, 1909, 1910, 0, 1898, 1899, 1909, 1901, 1911,
3243 1900, 1904, 1906, 1912, 1920, 1900, 1916, 1914, 1905, 1915,
3244 1901, 1918, 1905, 1904, 1906, 1907, 1902, 1915, 1912, 1909,
3245
3246 1919, 1911, 1914, 1908, 1921, 1910, 1911, 1924, 1916, 1923,
3247 1912, 1920, 1922, 1916, 1914, 1918, 1915, 1926, 1918, 1922,
3248 1925, 1929, 1927, 0, 1933, 0, 1919, 1919, 1924, 1931,
3249 1932, 1921, 1937, 1938, 1924, 0, 0, 1935, 1926, 1922,
3250 1927, 1923, 1925, 1929, 1926, 1932, 1936, 1925, 1929, 1927,
3251 1933, 1933, 1935, 1931, 1937, 1940, 1931, 1932, 1939, 1937,
3252 1938, 1936, 1941, 1942, 1935, 1943, 1946, 1944, 1945, 1949,
3253 1947, 1950, 1951, 1936, 1944, 1946, 1939, 1940, 1947, 1948,
3254 1952, 1951, 1940, 0, 1941, 1939, 1945, 1942, 1954, 1941,
3255 1942, 1949, 1943, 1946, 1944, 1945, 1949, 1947, 1952, 1951,
3256
3257 1953, 1954, 1948, 1950, 0, 1956, 1948, 1952, 1957, 1953,
3258 1958, 1959, 0, 1960, 0, 1954, 1956, 1957, 1959, 1962,
3259 1963, 1968, 1964, 1961, 0, 1971, 1963, 1953, 1958, 1976,
3260 1970, 1956, 1956, 1974, 1962, 1957, 1971, 1958, 1959, 1960,
3261 1960, 1961, 1965, 1956, 1964, 1974, 1962, 1963, 1968, 1964,
3262 1961, 1972, 1971, 1975, 1970, 1977, 1965, 1970, 1978, 1980,
3263 1974, 1976, 1972, 1979, 1981, 1977, 1975, 1983, 1986, 1965,
3264 1984, 1987, 1986, 1988, 0, 1992, 1990, 0, 1972, 1989,
3265 1975, 1990, 1977, 1981, 1978, 1978, 1980, 0, 1979, 1993,
3266 1979, 1981, 1987, 1991, 1983, 1986, 1984, 1984, 1987, 1989,
3267
3268 1991, 1992, 1992, 1990, 1994, 1988, 1989, 1993, 1995, 1996,
3269 1994, 1998, 2003, 1997, 1999, 1999, 1993, 2000, 2004, 2003,
3270 1991, 2001, 2004, 1995, 1996, 1997, 1998, 2006, 2005, 2000,
3271 0, 1994, 0, 2009, 2001, 1995, 1996, 2007, 1998, 2003,
3272 1997, 1999, 2001, 2005, 2000, 2004, 2007, 2010, 2001, 2008,
3273 2013, 2011, 2019, 2015, 2006, 2005, 2008, 2009, 2011, 2014,
3274 2009, 2001, 2015, 2016, 2007, 2022, 2021, 2017, 2029, 2010,
3275 2019, 2024, 2013, 2023, 2010, 2021, 2008, 2013, 2011, 2019,
3276 2015, 2025, 2027, 2022, 2014, 2016, 2014, 2017, 2023, 2025,
3277 2016, 2028, 2022, 2021, 2017, 2029, 2024, 2031, 2024, 2033,
3278
3279 2023, 2030, 2030, 2037, 2028, 2032, 0, 2027, 2025, 2027,
3280 2036, 2034, 2038, 2035, 2046, 2039, 2040, 2036, 2028, 2031,
3281 2041, 2033, 2035, 2047, 2031, 2041, 2033, 2042, 2030, 2039,
3282 2032, 2040, 2032, 2034, 2038, 2037, 2044, 2036, 2034, 2038,
3283 2035, 2046, 2039, 2040, 2044, 2045, 2042, 2048, 2049, 2047,
3284 2047, 2050, 2041, 2052, 2042, 2049, 0, 2051, 2045, 2048,
3285 2053, 2055, 2054, 2044, 2057, 0, 2058, 2056, 2059, 2053,
3286 2054, 0, 2045, 0, 2048, 2049, 2060, 0, 2052, 2051,
3287 2052, 2054, 2056, 2050, 2051, 2064, 2059, 2053, 2055, 2054,
3288 2057, 2057, 2058, 2058, 2056, 2059, 2061, 2054, 2060, 2063,
3289
3290 2065, 2067, 2063, 2060, 2066, 2061, 2065, 2068, 0, 2066,
3291 2064, 0, 2064, 2072, 0, 2069, 2067, 2063, 2071, 2073,
3292 2078, 0, 0, 2061, 2075, 2068, 2063, 2065, 2067, 2063,
3293 2069, 2077, 2076, 2071, 2068, 2072, 2066, 2081, 2075, 2076,
3294 2072, 2073, 2069, 2079, 2080, 2071, 2073, 2078, 2081, 2077,
3295 2082, 2075, 2079, 2080, 2083, 2087, 2088, 2085, 2077, 2076,
3296 2086, 2090, 2087, 2082, 2081, 2095, 2083, 2089, 2101, 2096,
3297 2079, 2080, 2085, 2096, 0, 2086, 0, 2082, 2088, 2090,
3298 2093, 2083, 2087, 2088, 2085, 2097, 2095, 2086, 2090, 2089,
3299 2098, 2100, 2095, 2093, 2089, 2101, 2096, 2097, 2099, 2098,
3300
3301 2099, 2093, 2103, 2102, 2105, 2104, 2106, 2093, 2107, 2100,
3302 2108, 2109, 2097, 2104, 2110, 2108, 2109, 2098, 2100, 2111,
3303 2093, 2102, 2107, 2112, 2124, 2099, 2113, 2105, 2106, 2103,
3304 2102, 2105, 2104, 2106, 2114, 2107, 2117, 2108, 2129, 0,
3305 2118, 2114, 2119, 2109, 2120, 2113, 2110, 2112, 2121, 2122,
3306 2112, 2111, 2126, 2113, 2118, 2125, 2124, 2127, 2128, 2123,
3307 2119, 2114, 0, 2117, 2122, 2118, 2118, 2118, 2123, 2119,
3308 2129, 2120, 2131, 2133, 2121, 2121, 2122, 2125, 2126, 2126,
3309 2128, 2118, 2125, 2132, 2127, 2128, 2123, 2134, 0, 2136,
3310 2132, 2136, 2118, 2137, 2134, 2131, 2133, 2138, 0, 2131,
3311
3312 2133, 2138, 2141, 2140, 2144, 2139, 2143, 2142, 2146, 2148,
3313 2132, 2141, 0, 2143, 2134, 2137, 2136, 2139, 2142, 2147,
3314 2137, 2148, 2145, 2149, 2138, 2140, 2144, 2145, 2152, 2141,
3315 2140, 2144, 2139, 2143, 2142, 2146, 2148, 2150, 2150, 2151,
3316 2154, 2157, 2147, 2152, 2153, 2149, 2147, 2155, 2151, 2145,
3317 2149, 2156, 2153, 2159, 2162, 2152, 2163, 2160, 2162, 2163,
3318 2156, 2155, 2154, 2169, 2150, 2160, 2151, 2154, 2157, 2161,
3319 2165, 2153, 2159, 2166, 2155, 2169, 2165, 2161, 2156, 2164,
3320 2159, 2162, 2172, 2163, 2160, 2167, 2173, 2164, 2166, 2171,
3321 2169, 2167, 2174, 2175, 0, 2172, 2161, 2165, 2177, 2176,
3322
3323 2166, 2178, 2182, 2171, 2181, 2179, 2164, 2173, 2183, 2172,
3324 2180, 2184, 2167, 2173, 2187, 2178, 2171, 2174, 2179, 2174,
3325 2175, 2176, 2177, 2189, 2180, 2177, 2176, 2185, 2178, 2182,
3326 2181, 2181, 2179, 2183, 2186, 2183, 2190, 2180, 2184, 2185,
3327 2187, 2187, 2188, 2191, 2193, 2188, 2194, 2196, 2186, 2195,
3328 2189, 2197, 2198, 2194, 2185, 2200, 2195, 2202, 2204, 2199,
3329 2188, 2186, 2196, 2190, 2205, 2191, 2193, 2199, 2201, 2188,
3330 2191, 2193, 2188, 2194, 2196, 2203, 2195, 2201, 2197, 2198,
3331 2204, 2206, 2200, 2207, 2202, 2204, 2199, 2203, 2208, 2210,
3332 2209, 2205, 2212, 2213, 2215, 2201, 2207, 2210, 2219, 2214,
3333
3334 2216, 2217, 2203, 2209, 2220, 2218, 2208, 2214, 2206, 2216,
3335 2207, 0, 2223, 2219, 2212, 2208, 2210, 2209, 0, 2212,
3336 2213, 2215, 2217, 2222, 2219, 2219, 2214, 2216, 2217, 2218,
3337 2221, 2220, 2218, 2225, 2226, 2222, 2227, 2223, 2221, 2223,
3338 2219, 2229, 2226, 2230, 2231, 2225, 2232, 2230, 2229, 2233,
3339 2222, 2234, 2235, 2236, 2237, 2239, 2231, 2221, 0, 2234,
3340 2225, 2226, 2242, 2227, 2251, 2236, 2237, 2241, 2229, 2232,
3341 2230, 2231, 2246, 2232, 2235, 2242, 2233, 2240, 2234, 2235,
3342 2236, 2237, 2239, 2243, 2240, 2247, 2244, 2241, 0, 2242,
3343 2245, 2245, 2243, 2248, 2241, 2244, 2251, 2253, 2246, 2246,
3344
3345 2252, 2259, 2259, 2247, 2240, 2264, 2249, 2254, 2256, 2255,
3346 2243, 2255, 2247, 2244, 2263, 2252, 2258, 2245, 2248, 2253,
3347 2248, 2249, 2256, 2249, 2253, 2257, 2263, 2252, 2259, 2254,
3348 2249, 2257, 2261, 2249, 2254, 2256, 2255, 2264, 2258, 2262,
3349 2265, 2263, 2266, 2258, 0, 2269, 2265, 2269, 2249, 2267,
3350 2249, 2268, 2257, 2271, 2261, 2270, 2277, 2272, 0, 2261,
3351 0, 2262, 2278, 2273, 2279, 2274, 2262, 2265, 2275, 2270,
3352 2285, 2267, 2269, 2268, 2266, 2272, 2267, 2271, 2268, 2283,
3353 2271, 2273, 2270, 2274, 2272, 2276, 2275, 2279, 2277, 2281,
3354 2273, 2279, 2274, 2284, 2278, 2275, 2281, 2283, 2276, 2286,
3355
3356 2287, 2288, 2285, 2288, 2290, 2292, 2283, 2286, 2288, 2296,
3357 2291, 2293, 2276, 0, 0, 2290, 2281, 2294, 2297, 2284,
3358 2284, 2291, 2287, 2293, 2296, 2286, 2286, 2287, 2288, 2297,
3359 2288, 2290, 2292, 2299, 2286, 2294, 2296, 2291, 2293, 2298,
3360 2301, 2302, 2303, 2304, 2294, 2297, 2305, 2308, 2299, 2303,
3361 2306, 2298, 2311, 2310, 2309, 2312, 2314, 0, 2304, 2315,
3362 2299, 2313, 2321, 2302, 2301, 2316, 2298, 2301, 2302, 2303,
3363 2304, 0, 2315, 2305, 2308, 2310, 2306, 2306, 2309, 2313,
3364 2310, 2309, 2317, 2314, 2311, 2318, 2315, 2312, 2313, 2320,
3365 2322, 2316, 2316, 2319, 2321, 0, 2323, 2317, 2318, 2325,
3366
3367 2326, 2319, 2327, 2322, 0, 2333, 2328, 2329, 0, 2317,
3368 0, 0, 2318, 2330, 2331, 2320, 2320, 2322, 2323, 2332,
3369 2319, 2331, 2325, 2323, 2326, 2329, 2325, 2326, 2328, 2327,
3370 2334, 2330, 2333, 2328, 2329, 2339, 2336, 2340, 2337, 2342,
3371 2330, 2331, 2332, 2338, 2334, 2337, 2332, 2341, 2339, 2343,
3372 2338, 2344, 0, 2354, 2341, 0, 2368, 2334, 2336, 2345,
3373 2340, 2342, 2339, 2336, 2340, 2337, 2342, 2346, 2345, 2347,
3374 2338, 2348, 2344, 2349, 2341, 2346, 2351, 2347, 2344, 2349,
3375 2353, 2343, 2355, 2356, 2352, 2354, 2345, 2358, 2368, 2361,
3376 0, 2351, 2370, 2348, 2346, 2352, 2347, 2362, 2348, 2360,
3377
3378 2349, 2355, 2353, 2351, 2364, 2358, 2367, 2353, 2356, 2355,
3379 2356, 2352, 2360, 2369, 2358, 2361, 2361, 2363, 2363, 2370,
3380 2371, 2362, 2374, 2376, 2362, 2379, 2360, 2386, 2369, 2367,
3381 2364, 2364, 2376, 2367, 2382, 2378, 2379, 2384, 2371, 2388,
3382 2369, 2383, 2383, 2385, 2363, 2390, 2391, 2371, 2378, 2374,
3383 2376, 2400, 2379, 2394, 2386, 2393, 2382, 2397, 2392, 2384,
3384 2393, 2382, 2378, 2396, 2384, 2385, 2388, 2403, 2383, 2392,
3385 2385, 2396, 2391, 2391, 2398, 2394, 2399, 2390, 2400, 2402,
3386 2394, 2397, 2393, 2404, 2397, 2392, 2405, 2407, 2408, 2398,
3387 2396, 2399, 2404, 2412, 2409, 2410, 2413, 2402, 2405, 2403,
3388
3389 0, 2398, 2409, 2399, 2410, 2414, 2402, 2415, 2416, 2417,
3390 2404, 2419, 2408, 2405, 2407, 2408, 2415, 2418, 2421, 2412,
3391 2412, 2409, 2410, 2413, 2419, 2422, 2416, 2414, 2420, 2425,
3392 2423, 2417, 2414, 2421, 2415, 2416, 2417, 2423, 2419, 2424,
3393 2426, 2420, 2418, 2427, 2418, 2421, 2424, 2422, 2428, 2429,
3394 2430, 2425, 2422, 2431, 0, 2420, 2425, 2423, 2433, 2432,
3395 0, 2434, 2431, 2435, 2436, 2430, 2424, 2426, 2439, 2441,
3396 2427, 2442, 2438, 0, 0, 2428, 2429, 2430, 2435, 2436,
3397 2431, 2432, 2437, 2438, 2433, 2433, 2432, 2434, 2434, 2437,
3398 2435, 2436, 2440, 2444, 2443, 2439, 2441, 2445, 2442, 2438,
3399
3400 2440, 2446, 2451, 2448, 2447, 2449, 2450, 0, 2444, 2437,
3401 2443, 2447, 2449, 2450, 2453, 2453, 2446, 2445, 2452, 2440,
3402 2444, 2443, 2459, 2455, 2445, 2448, 2457, 2454, 2446, 2451,
3403 2448, 2447, 2449, 2450, 2454, 2456, 2452, 2455, 2456, 2457,
3404 2458, 2453, 2460, 2464, 2461, 2452, 2462, 2466, 2459, 2459,
3405 2455, 2466, 2464, 2457, 2454, 2458, 2461, 2467, 2462, 2465,
3406 2460, 2469, 2456, 2468, 2465, 2470, 2471, 2458, 2472, 2460,
3407 2464, 2461, 2473, 2462, 2466, 2475, 2468, 2477, 2479, 2481,
3408 2478, 2467, 0, 2469, 2467, 0, 2465, 2470, 2469, 2478,
3409 2468, 2481, 2470, 2471, 2479, 2472, 2487, 2489, 2473, 2473,
3410
3411 2480, 2475, 2475, 2477, 2477, 2479, 2481, 2478, 2480, 2483,
3412 2484, 2486, 2485, 2488, 2487, 2493, 2483, 2485, 2486, 2484,
3413 2488, 2490, 2489, 2487, 2489, 2491, 2492, 2480, 2490, 2495,
3414 2496, 2499, 2498, 2501, 2491, 2492, 2483, 2484, 2486, 2485,
3415 2488, 2493, 2493, 2496, 2497, 2502, 2503, 2505, 2490, 2497,
3416 2498, 2501, 2491, 2492, 2504, 2503, 2495, 2496, 2499, 2498,
3417 2501, 2507, 2511, 2504, 2506, 2512, 2508, 2505, 2509, 2510,
3418 2507, 2497, 2502, 2503, 2505, 2508, 2506, 2510, 2513, 2509,
3419 2515, 2504, 2516, 2517, 2518, 2513, 2520, 2527, 2507, 2511,
3420 2514, 2506, 2512, 2508, 2519, 2509, 2510, 2523, 2520, 2514,
3421
3422 2521, 2515, 2522, 2519, 2524, 2513, 2526, 2515, 2521, 2516,
3423 2517, 2524, 2527, 2520, 2527, 2522, 2518, 2514, 2525, 2523,
3424 2528, 2519, 2530, 2529, 2523, 2525, 2532, 2521, 2526, 2522,
3425 2535, 2524, 2537, 2526, 2532, 0, 2534, 2536, 2535, 2537,
3426 2538, 0, 2545, 0, 2539, 2525, 2544, 2528, 2529, 2530,
3427 2529, 2539, 2536, 2532, 2534, 2548, 2547, 2535, 2540, 2537,
3428 2546, 2543, 2538, 2534, 2536, 2547, 2540, 2538, 2543, 2545,
3429 2544, 2539, 2546, 2544, 2549, 2551, 2554, 2550, 2555, 2553,
3430 2556, 2558, 2548, 2547, 2561, 2540, 0, 2546, 2543, 2550,
3431 2549, 2553, 2565, 2558, 2556, 2564, 2566, 2563, 2551, 2554,
3432
3433 2568, 2549, 2551, 2554, 2550, 2555, 2553, 2556, 2558, 2559,
3434 2560, 2561, 2563, 2564, 2570, 2565, 2559, 2560, 2567, 2565,
3435 2569, 2574, 2564, 2566, 2563, 2572, 2567, 2568, 2571, 0,
3436 2579, 2573, 2570, 2581, 0, 2584, 2559, 2560, 2573, 2571,
3437 2572, 2570, 2569, 2585, 2580, 2567, 2586, 2569, 2574, 2580,
3438 2582, 2583, 2572, 2584, 2587, 2571, 2579, 2579, 2573, 2589,
3439 2581, 2585, 2584, 2592, 2582, 2583, 2587, 2593, 2596, 2594,
3440 2585, 2580, 2597, 2586, 2598, 2595, 2601, 2582, 2583, 2599,
3441 2597, 2587, 2594, 2602, 2605, 2592, 2589, 2596, 2601, 2593,
3442 2592, 2603, 2598, 2606, 2593, 2596, 2594, 2595, 2599, 2597,
3443
3444 2604, 2598, 2595, 2601, 2607, 2602, 2599, 2609, 2608, 2615,
3445 2602, 2605, 2604, 2603, 2610, 2611, 2612, 2613, 2603, 2614,
3446 2606, 2615, 2617, 2610, 2611, 2616, 2618, 2604, 2608, 2609,
3447 2622, 2607, 2623, 2624, 2609, 2608, 2615, 2621, 2624, 2613,
3448 2625, 2610, 2611, 2628, 2613, 2614, 2614, 2616, 2612, 2617,
3449 2626, 2621, 2616, 2618, 0, 2627, 2623, 2622, 2629, 2623,
3450 2631, 2630, 2625, 2634, 2621, 2624, 2635, 2625, 2627, 2634,
3451 2633, 2636, 2626, 2637, 2632, 2628, 0, 2626, 2631, 2638,
3452 2641, 2629, 2627, 2630, 2640, 2629, 2632, 2631, 2630, 2633,
3453 2634, 2642, 2646, 2644, 2638, 2637, 2648, 2633, 2635, 2647,
3454
3455 2637, 2632, 2641, 2636, 2640, 2648, 2638, 2641, 2644, 2650,
3456 2649, 2640, 2651, 2653, 2646, 2642, 2652, 2657, 2642, 2646,
3457 2644, 2647, 0, 2648, 2649, 2656, 2647, 2650, 2662, 2658,
3458 2651, 2653, 2664, 2661, 2656, 2662, 2650, 2649, 2663, 2651,
3459 2653, 2661, 2652, 2652, 2665, 2666, 2663, 2669, 2667, 2657,
3460 2658, 2668, 2656, 2666, 2670, 2662, 2658, 2672, 2676, 2664,
3461 2661, 2674, 2670, 2668, 2665, 2663, 2667, 2675, 2674, 2672,
3462 2678, 2665, 2666, 2679, 2669, 2667, 2680, 2677, 2668, 2677,
3463 2681, 2670, 2682, 2688, 2672, 2676, 2686, 0, 2674, 2683,
3464 2675, 2690, 2685, 2689, 2675, 0, 2694, 2695, 2696, 2691,
3465
3466 2686, 2682, 2678, 2697, 2677, 2679, 2695, 2681, 2680, 2682,
3467 2685, 2683, 2691, 2686, 2690, 2688, 2683, 2689, 2690, 2685,
3468 2689, 2692, 2694, 2694, 2695, 2696, 2691, 2699, 2700, 2703,
3469 2697, 2701, 2705, 2692, 2707, 2706, 2708, 2709, 2711, 2705,
3470 2712, 2708, 2714, 2715, 0, 2711, 2717, 2716, 2692, 2707,
3471 2722, 2700, 2709, 2701, 2699, 2700, 2703, 2706, 2701, 2705,
3472 2717, 2707, 2706, 2719, 2709, 2711, 2712, 2712, 2708, 2714,
3473 2715, 2716, 2719, 2717, 2716, 2721, 2724, 2722, 2723, 2725,
3474 2726, 2727, 2721, 2728, 2729, 2730, 2731, 2741, 2736, 2732,
3475 2719, 2725, 2728, 2736, 2737, 2727, 0, 2729, 2737, 2742,
3476
3477 2743, 2742, 2721, 2724, 2723, 2723, 2725, 2726, 2727, 2740,
3478 2728, 2729, 2732, 2731, 2744, 2738, 2732, 2730, 2739, 2741,
3479 2736, 2737, 2738, 2743, 2747, 2739, 2742, 2743, 2749, 2750,
3480 2740, 2752, 0, 2752, 2754, 2753, 2740, 2758, 2755, 2755,
3481 2760, 2744, 2738, 2757, 2758, 2739, 2747, 2749, 2755, 2756,
3482 2759, 2747, 2757, 2750, 0, 2749, 2750, 0, 2752, 2753,
3483 2754, 2754, 2753, 2759, 2758, 2755, 2755, 2760, 2761, 0,
3484 2757, 2756, 2762, 2763, 2764, 2765, 2756, 2759, 2766, 2767,
3485 2762, 2761, 2764, 2766, 2767, 2768, 2763, 2769, 0, 2770,
3486 0, 2771, 0, 2768, 2765, 2761, 2762, 2772, 2774, 2762,
3487
3488 2763, 2764, 2765, 2773, 2775, 2778, 2776, 2762, 0, 2774,
3489 2766, 2767, 2768, 2776, 2769, 2770, 2770, 2771, 2771, 2777,
3490 2777, 2780, 2781, 2772, 2772, 2774, 2775, 2778, 2779, 2773,
3491 2773, 2775, 2778, 2776, 2782, 2783, 2779, 2785, 2786, 2787,
3492 2781, 2782, 2783, 2780, 2788, 2790, 2777, 2791, 2780, 2781,
3493 2792, 2793, 2795, 2788, 2801, 2779, 0, 2796, 2797, 0,
3494 2800, 2782, 2783, 2787, 2785, 2786, 2787, 2791, 2798, 2800,
3495 2802, 2788, 2790, 2793, 2791, 2796, 2797, 2792, 2793, 2795,
3496 2803, 2801, 2804, 2805, 2796, 2797, 2798, 2800, 2806, 2807,
3497 2804, 2808, 2815, 2802, 2807, 2798, 2809, 2802, 2803, 2805,
3498
3499 2806, 2810, 2817, 2814, 2818, 2808, 2819, 2803, 2819, 2804,
3500 2805, 2820, 2822, 2830, 2809, 2806, 2823, 2818, 2808, 2815,
3501 2820, 2807, 2824, 2809, 2810, 2814, 2828, 2844, 2810, 2817,
3502 2814, 2818, 2832, 2819, 2823, 2836, 2837, 2824, 2820, 2822,
3503 2827, 2829, 2827, 2823, 2828, 2830, 2834, 2832, 2829, 2824,
3504 2838, 2839, 2834, 2828, 2844, 0, 2845, 2836, 2837, 2832,
3505 2841, 2846, 2836, 2837, 2850, 2848, 2847, 2827, 2829, 2839,
3506 2852, 2842, 2848, 2834, 2842, 0, 2838, 2838, 2839, 2855,
3507 0, 2849, 2841, 2845, 2847, 2853, 2850, 2841, 2846, 2849,
3508 2856, 2850, 2848, 2847, 2854, 2857, 2859, 2842, 2842, 2856,
3509
3510 2861, 2842, 2852, 2858, 2860, 0, 2855, 2853, 2849, 2858,
3511 2857, 2863, 2853, 2860, 2865, 0, 2854, 2856, 2859, 2868,
3512 2866, 2854, 2857, 2859, 2862, 2869, 2862, 2867, 2870, 2875,
3513 2858, 2860, 2861, 2869, 2879, 2908, 2871, 2865, 2863, 2877,
3514 2870, 2865, 2866, 2873, 2878, 2868, 2868, 2866, 2871, 2867,
3515 2873, 2862, 2869, 2877, 2867, 2870, 2875, 2879, 2878, 2880,
3516 2882, 2879, 2881, 2871, 2883, 0, 2877, 2908, 2882, 2885,
3517 2873, 2878, 2884, 2881, 2886, 2887, 2889, 2880, 2888, 2888,
3518 2890, 2893, 2894, 2883, 2887, 2898, 2880, 2882, 2890, 2881,
3519 0, 2883, 2886, 2903, 2884, 2885, 2885, 2905, 2896, 2884,
3520
3521 2900, 2886, 2887, 2889, 2896, 2888, 2901, 2890, 2893, 2894,
3522 2902, 2900, 2898, 2907, 2909, 2903, 2906, 2901, 2909, 2912,
3523 2903, 2902, 2910, 2906, 2905, 2896, 2913, 2900, 2914, 2915,
3524 2910, 2907, 2919, 2901, 2923, 2918, 2914, 2902, 2920, 2913,
3525 2907, 2909, 2918, 2906, 2924, 2912, 2912, 2922, 2926, 2910,
3526 2925, 2928, 2922, 2913, 2927, 2914, 2915, 2925, 2930, 2929,
3527 2920, 2923, 2918, 0, 2919, 2920, 2929, 2926, 2931, 2928,
3528 2927, 2924, 2932, 2933, 2922, 2926, 2931, 2925, 2928, 2934,
3529 2933, 2927, 2936, 2935, 2941, 2942, 2929, 2932, 2940, 2943,
3530 2930, 2941, 2945, 0, 2926, 2931, 2944, 2952, 2949, 2932,
3531
3532 2933, 0, 0, 2940, 2946, 2948, 2934, 2935, 2936, 2936,
3533 2935, 2941, 2950, 2946, 2951, 2940, 2943, 2942, 2953, 2953,
3534 2944, 2954, 2951, 2944, 2945, 2949, 2959, 2948, 2953, 2952,
3535 2960, 2946, 2948, 2957, 2950, 2956, 2958, 2965, 2958, 2950,
3536 2959, 2951, 2957, 2961, 2962, 2953, 2953, 2963, 2954, 2966,
3537 2956, 2961, 2970, 2959, 2968, 2962, 2967, 2960, 2969, 2971,
3538 2957, 2972, 2956, 2958, 2965, 2963, 2975, 2968, 2973, 2976,
3539 2961, 2962, 2974, 2974, 2963, 2978, 2966, 2986, 2967, 2970,
3540 2969, 2968, 2973, 2967, 2981, 2969, 2971, 2988, 2972, 2983,
3541 2997, 2976, 2981, 2994, 2983, 2973, 2976, 2991, 2975, 2974,
3542
3543 2984, 2985, 2978, 2986, 2986, 2984, 2985, 2989, 2989, 2990,
3544 2991, 2981, 2992, 2993, 2988, 2995, 2983, 2990, 2998, 2992,
3545 2994, 2999, 2997, 3003, 2991, 2998, 3005, 2984, 2985, 2999,
3546 3000, 2993, 3006, 3007, 2989, 3008, 2990, 3011, 0, 2992,
3547 2993, 3009, 2995, 3010, 3012, 2998, 3007, 3016, 2999, 0,
3548 3003, 3014, 3000, 3005, 3006, 0, 3009, 3000, 3014, 3006,
3549 3007, 3017, 3010, 3018, 3011, 3015, 3012, 3008, 3009, 3016,
3550 3010, 3012, 3015, 3021, 3016, 3020, 3017, 3028, 3014, 3022,
3551 3023, 3021, 3025, 3028, 3018, 3026, 3022, 3023, 3017, 3029,
3552 3018, 3025, 3015, 3031, 3020, 3033, 3026, 3034, 3027, 3027,
3553
3554 3021, 3041, 3020, 3032, 3028, 3037, 3022, 3023, 3027, 3025,
3555 3032, 3029, 3026, 3042, 3036, 3031, 3029, 3038, 0, 3034,
3556 3031, 3036, 3043, 3047, 3034, 3027, 3027, 3033, 3041, 3037,
3557 3032, 3038, 3037, 3048, 3049, 3050, 3052, 3054, 3054, 0,
3558 3042, 3036, 3049, 3058, 3038, 3043, 3055, 3055, 0, 3043,
3559 3047, 3056, 3060, 3059, 0, 3048, 3062, 3065, 3061, 3068,
3560 3048, 3049, 3050, 3052, 3065, 3058, 3054, 3061, 3067, 3062,
3561 3058, 3059, 3072, 3073, 3056, 3055, 3074, 3080, 3056, 3060,
3562 3059, 3066, 3077, 3062, 3065, 3061, 3068, 3071, 3066, 3071,
3563 3067, 3077, 3072, 3075, 3074, 3067, 3073, 3078, 3081, 3072,
3564
3565 3073, 3079, 0, 3074, 3080, 3075, 3082, 3083, 3066, 3077,
3566 3086, 3088, 3085, 3084, 3071, 3078, 3084, 3085, 3082, 3087,
3567 3075, 3087, 3093, 3088, 3078, 3081, 3089, 3079, 3079, 3083,
3568 3090, 3084, 3089, 3082, 3083, 3094, 3091, 3092, 3088, 3095,
3569 3084, 3096, 3086, 3084, 3085, 3092, 3087, 3097, 3099, 3093,
3570 3098, 3102, 3090, 3089, 3104, 3105, 3108, 3090, 3091, 3109,
3571 3095, 3110, 3098, 3091, 3092, 3111, 3095, 3094, 3096, 3112,
3572 3099, 3113, 3114, 3105, 3097, 3099, 3115, 3098, 3102, 3116,
3573 3116, 3104, 3105, 3108, 3118, 3119, 3109, 3120, 3110, 3121,
3574 3122, 3125, 3111, 3124, 3127, 3126, 3112, 3122, 3113, 3114,
3575
3576 3128, 3124, 3118, 3115, 3121, 3120, 3116, 3126, 3127, 3129,
3577 3131, 3118, 3119, 3130, 3120, 3128, 3121, 3122, 3125, 3134,
3578 3124, 3127, 3126, 3135, 3138, 3130, 3137, 3128, 3134, 3136,
3579 3136, 3140, 3141, 3138, 3144, 3129, 3129, 3131, 3143, 3145,
3580 3130, 3142, 3144, 0, 3149, 0, 3134, 3135, 3145, 3152,
3581 3135, 3138, 3137, 3137, 3142, 3140, 3136, 3148, 3140, 3146,
3582 3143, 3144, 3149, 3153, 3141, 3143, 3145, 3165, 3142, 3166,
3583 3146, 3149, 3152, 3156, 3156, 3153, 3152, 3168, 3148, 3169,
3584 3170, 3171, 3175, 3173, 3148, 3174, 3146, 3173, 3176, 3165,
3585 3153, 3168, 3181, 3166, 3165, 3176, 3166, 3179, 3177, 0,
3586
3587 3156, 3179, 3180, 3174, 3168, 3175, 3169, 3170, 3171, 3175,
3588 3173, 3177, 3174, 3182, 3181, 3176, 3183, 3185, 3180, 3181,
3589 3184, 3192, 3186, 3187, 3179, 3177, 3188, 3190, 3183, 3180,
3590 3186, 3185, 3187, 3189, 3191, 3189, 3192, 3188, 3182, 3190,
3591 3182, 3193, 3195, 3183, 3185, 3194, 3184, 3184, 3192, 3186,
3592 3187, 3194, 3191, 3188, 3190, 3196, 3198, 3202, 3197, 3203,
3593 3189, 3191, 3204, 3193, 3195, 3197, 3203, 3206, 3193, 3195,
3594 3202, 3207, 3194, 3205, 3208, 3209, 0, 3217, 3198, 3210,
3595 3212, 3211, 3196, 3198, 3202, 3197, 3203, 3210, 3211, 3204,
3596 3213, 3205, 3214, 3215, 3206, 3215, 3220, 3207, 3207, 3216,
3597
3598 3205, 3208, 3209, 3218, 3212, 3221, 3210, 3212, 3211, 3217,
3599 3219, 3216, 3213, 3223, 3214, 3222, 3218, 3213, 3220, 3214,
3600 3215, 3225, 3222, 3220, 3226, 3219, 3216, 3227, 3228, 3230,
3601 3218, 3235, 3221, 3236, 3232, 3227, 3226, 3219, 3237, 3238,
3602 3223, 3230, 3222, 3232, 3239, 3240, 3244, 3238, 3225, 0,
3603 0, 3226, 3245, 3242, 3227, 3228, 3230, 3237, 3235, 3236,
3604 3236, 3232, 3241, 3243, 3247, 3237, 3238, 3242, 3244, 3253,
3605 3254, 3243, 3250, 3244, 3251, 3241, 3239, 3240, 3250, 3245,
3606 3242, 3251, 3253, 3257, 3259, 3256, 3258, 3261, 3260, 3241,
3607 3243, 3247, 3256, 3254, 3258, 3261, 3253, 3254, 3259, 3250,
3608
3609 3262, 3251, 3260, 3263, 3264, 3257, 3270, 3271, 3268, 3267,
3610 3257, 3259, 3256, 3258, 3261, 3260, 3267, 3268, 3269, 3272,
3611 3273, 3274, 3262, 0, 3278, 3263, 3269, 3262, 3275, 3271,
3612 3263, 3264, 3276, 3270, 3271, 3268, 3267, 3280, 3281, 3282,
3613 3284, 3277, 3286, 3274, 3285, 3269, 3273, 3273, 3274, 3277,
3614 3275, 3272, 3285, 3287, 3276, 3275, 3278, 3289, 3291, 3276,
3615 3281, 3287, 3286, 3284, 3280, 3281, 3282, 3284, 3277, 3286,
3616 3288, 3285, 3291, 3290, 0, 3293, 3295, 3297, 3288, 3300,
3617 3287, 3290, 3301, 3298, 3299, 3291, 0, 3296, 0, 3289,
3618 3296, 3298, 3299, 3300, 3302, 3305, 3305, 3288, 3303, 3297,
3619
3620 3290, 3293, 3293, 3295, 3297, 3296, 3300, 3306, 3301, 3301,
3621 3298, 3299, 3303, 3308, 3296, 3307, 3302, 3296, 3309, 3310,
3622 0, 3302, 3305, 3307, 3312, 3303, 3313, 3311, 3314, 0,
3623 3316, 3315, 3312, 3306, 3306, 3323, 0, 3320, 0, 3308,
3624 3308, 3310, 3307, 3317, 3309, 3309, 3310, 3311, 3318, 3326,
3625 3314, 3312, 3319, 3313, 3311, 3314, 3315, 3316, 3315, 3320,
3626 3319, 3321, 3323, 3317, 3320, 3324, 3328, 3327, 3318, 3321,
3627 3317, 3326, 3329, 3324, 3328, 3318, 3326, 3330, 3332, 3319,
3628 3329, 3335, 3333, 3334, 3336, 3339, 3337, 3340, 3321, 3327,
3629 3333, 3334, 3324, 3328, 3327, 3341, 3343, 3346, 0, 3329,
3630
3631 3349, 0, 3350, 3330, 3330, 3332, 3337, 3335, 3335, 3333,
3632 3334, 3336, 3339, 3337, 3340, 3341, 0, 3347, 3343, 3346,
3633 3348, 0, 3341, 3343, 3346, 3347, 0, 3349, 3348, 3350,
3634 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3635 0, 0, 0, 0, 3347, 0, 0, 3348, 3354, 3354,
3636 3354, 3354, 3354, 3354, 3354, 3355, 3355, 3355, 3355, 3355,
3637 3355, 3355, 3356, 3356, 3356, 3356, 3356, 3356, 3356, 3357,
3638 3357, 3357, 3357, 3357, 3357, 3357, 3358, 3358, 3358, 3358,
3639 3358, 3358, 3358, 3359, 3359, 3359, 3359, 3359, 3359, 3359,
3640 3360, 3360, 3360, 3360, 3360, 3360, 3360, 3362, 3362, 0,
3641
3642 3362, 3362, 3362, 3362, 3363, 3363, 0, 0, 0, 3363,
3643 3363, 3364, 3364, 0, 0, 3364, 0, 3364, 3365, 0,
3644 0, 0, 0, 0, 3365, 3366, 3366, 0, 0, 0,
3645 3366, 3366, 3367, 0, 0, 0, 0, 0, 3367, 3368,
3646 3368, 0, 3368, 3368, 3368, 3368, 3369, 0, 0, 0,
3647 0, 0, 3369, 3370, 3370, 0, 0, 0, 3370, 3370,
3648 3371, 3371, 0, 3371, 3371, 3371, 3371, 3353, 3353, 3353,
3649 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
3650 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
3651 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
3652
3653 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
3654 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
3655 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353,
3656 3353, 3353, 3353, 3353
2823 233, 215, 218, 225, 230, 0, 234, 0, 215, 215,
2824 0, 0, 215, 235, 215, 226, 221, 223, 228, 232,
2825 234, 225, 221, 228, 232, 231, 215, 230, 215, 236,
2826 225, 230, 233, 234, 235, 239, 236, 237, 238, 240,
2827 235, 241, 242, 243, 232, 0, 232, 238, 244, 247,
2828
2829 245, 232, 238, 240, 239, 243, 236, 245, 237, 244,
2830 242, 249, 239, 241, 237, 238, 240, 246, 241, 242,
2831 243, 247, 246, 248, 238, 244, 247, 245, 250, 251,
2832 252, 252, 248, 250, 249, 253, 254, 255, 249, 252,
2833 259, 260, 258, 254, 257, 262, 0, 264, 261, 246,
2834 248, 263, 257, 265, 266, 250, 261, 252, 252, 255,
2835 264, 251, 258, 254, 255, 267, 263, 253, 268, 258,
2836 278, 257, 259, 260, 264, 261, 269, 262, 263, 265,
2837 265, 266, 270, 271, 272, 274, 270, 273, 267, 275,
2838 277, 276, 279, 269, 277, 273, 275, 267, 282, 272,
2839
2840 268, 269, 278, 269, 274, 271, 280, 281, 284, 270,
2841 271, 272, 274, 276, 273, 267, 275, 277, 276, 283,
2842 269, 284, 287, 285, 279, 286, 289, 290, 280, 281,
2843 282, 283, 285, 280, 281, 284, 291, 288, 286, 288,
2844 292, 287, 295, 298, 294, 297, 283, 296, 0, 287,
2845 285, 290, 286, 294, 290, 298, 297, 299, 289, 300,
2846 301, 291, 302, 291, 288, 303, 292, 292, 295, 295,
2847 298, 294, 297, 296, 296, 304, 305, 307, 301, 306,
2848 302, 299, 300, 310, 299, 309, 300, 301, 304, 302,
2849 308, 311, 312, 313, 314, 315, 0, 303, 0, 317,
2850
2851 313, 315, 304, 314, 306, 310, 306, 308, 305, 307,
2852 310, 309, 309, 308, 316, 318, 312, 308, 319, 0,
2853 313, 314, 315, 311, 312, 317, 317, 319, 316, 320,
2854 321, 322, 0, 323, 308, 324, 326, 325, 321, 318,
2855 322, 316, 318, 312, 324, 319, 327, 328, 331, 0,
2856 329, 326, 320, 0, 325, 358, 320, 321, 322, 323,
2857 323, 325, 324, 326, 325, 329, 331, 332, 341, 336,
2858 0, 328, 0, 0, 328, 331, 332, 329, 327, 333,
2859 335, 325, 330, 336, 334, 330, 334, 358, 337, 0,
2860 330, 330, 330, 330, 332, 341, 336, 338, 338, 334,
2861
2862 330, 333, 334, 337, 335, 339, 333, 335, 334, 330,
2863 339, 334, 330, 334, 340, 337, 343, 330, 330, 330,
2864 330, 346, 338, 344, 338, 338, 334, 0, 343, 334,
2865 342, 347, 348, 342, 349, 344, 350, 339, 340, 346,
2866 342, 340, 351, 343, 345, 345, 0, 0, 346, 347,
2867 344, 353, 352, 357, 345, 354, 349, 342, 347, 348,
2868 342, 349, 350, 350, 352, 357, 355, 362, 351, 351,
2869 354, 345, 345, 353, 355, 363, 356, 364, 353, 352,
2870 357, 361, 354, 356, 359, 0, 359, 0, 361, 362,
2871 365, 369, 367, 355, 362, 359, 365, 0, 370, 364,
2872
2873 371, 0, 359, 356, 364, 367, 0, 363, 361, 369,
2874 359, 359, 365, 359, 366, 368, 366, 365, 369, 367,
2875 372, 0, 359, 365, 370, 370, 373, 376, 368, 359,
2876 0, 368, 371, 368, 376, 0, 0, 378, 366, 368,
2877 379, 366, 368, 366, 377, 0, 0, 372, 373, 378,
2878 382, 0, 379, 373, 376, 368, 0, 380, 368, 383,
2879 368, 374, 377, 374, 378, 386, 382, 379, 377, 374,
2880 380, 377, 383, 374, 382, 387, 389, 382, 374, 385,
2881 387, 374, 389, 386, 380, 391, 383, 374, 374, 377,
2882 374, 385, 386, 382, 388, 392, 374, 391, 394, 0,
2883
2884 374, 388, 405, 389, 0, 374, 385, 387, 374, 375,
2885 390, 375, 391, 392, 0, 388, 396, 393, 390, 395,
2886 395, 388, 392, 396, 375, 393, 397, 375, 388, 375,
2887 394, 375, 398, 0, 405, 375, 375, 390, 375, 397,
2888 400, 398, 0, 396, 393, 0, 395, 400, 401, 0,
2889 402, 375, 0, 397, 375, 401, 375, 0, 375, 384,
2890 384, 399, 402, 403, 398, 406, 404, 400, 398, 384,
2891 384, 384, 384, 384, 407, 401, 384, 402, 404, 399,
2892 408, 407, 410, 399, 384, 403, 384, 384, 399, 409,
2893 403, 406, 406, 404, 412, 408, 384, 384, 384, 384,
2894
2895 384, 407, 409, 384, 413, 412, 399, 408, 411, 416,
2896 411, 414, 414, 0, 410, 415, 409, 417, 419, 418,
2897 416, 412, 415, 420, 420, 0, 413, 423, 417, 421,
2898 0, 413, 418, 431, 422, 411, 416, 434, 436, 424,
2899 414, 420, 415, 419, 417, 419, 418, 424, 420, 422,
2900 420, 420, 421, 423, 423, 425, 421, 422, 426, 428,
2901 434, 422, 427, 0, 434, 431, 424, 425, 420, 426,
2902 436, 427, 428, 432, 433, 435, 422, 437, 429, 429,
2903 439, 0, 425, 437, 0, 426, 428, 438, 440, 427,
2904 429, 432, 429, 435, 441, 444, 433, 429, 443, 445,
2905
2906 432, 433, 435, 439, 437, 429, 429, 439, 438, 444,
2907 0, 442, 440, 446, 438, 440, 441, 429, 442, 429,
2908 430, 441, 444, 447, 443, 443, 445, 448, 430, 430,
2909 449, 451, 430, 430, 450, 446, 430, 447, 442, 452,
2910 446, 0, 430, 451, 457, 452, 453, 430, 454, 485,
2911 447, 457, 456, 448, 448, 430, 430, 450, 451, 430,
2912 430, 450, 449, 430, 455, 458, 452, 456, 453, 459,
2913 454, 457, 455, 453, 458, 454, 460, 466, 462, 456,
2914 461, 485, 463, 466, 459, 464, 465, 0, 467, 468,
2915 455, 455, 458, 470, 468, 0, 459, 463, 0, 455,
2916
2917 460, 462, 461, 460, 466, 462, 473, 461, 465, 463,
2918 475, 464, 464, 465, 467, 467, 468, 472, 474, 470,
2919 470, 476, 487, 472, 474, 473, 479, 476, 475, 477,
2920 481, 478, 481, 473, 482, 483, 484, 475, 478, 481,
2921 495, 479, 483, 482, 472, 474, 486, 488, 476, 484,
2922 0, 477, 489, 479, 487, 492, 477, 481, 478, 481,
2923 491, 482, 483, 484, 486, 489, 493, 490, 492, 488,
2924 490, 494, 495, 486, 488, 497, 496, 498, 493, 489,
2925 0, 0, 492, 496, 491, 500, 490, 491, 499, 494,
2926 501, 503, 0, 493, 490, 501, 505, 490, 494, 497,
2927
2928 498, 499, 497, 496, 502, 507, 504, 500, 505, 498,
2929 502, 508, 500, 506, 503, 499, 507, 501, 503, 508,
2930 509, 0, 512, 505, 513, 514, 0, 498, 504, 512,
2931 513, 502, 507, 504, 509, 506, 0, 514, 508, 0,
2932 506, 515, 516, 517, 0, 518, 549, 509, 510, 512,
2933 516, 513, 514, 510, 519, 510, 518, 0, 524, 521,
2934 0, 510, 522, 510, 515, 517, 510, 510, 515, 516,
2935 517, 521, 518, 510, 510, 510, 524, 519, 549, 520,
2936 510, 519, 510, 520, 522, 524, 521, 526, 510, 522,
2937 510, 527, 523, 510, 510, 523, 528, 525, 530, 526,
2938
2939 510, 520, 527, 523, 529, 530, 520, 525, 529, 531,
2940 520, 532, 534, 532, 526, 533, 536, 535, 527, 523,
2941 528, 537, 523, 528, 534, 530, 0, 540, 536, 525,
2942 0, 529, 535, 562, 525, 531, 531, 538, 532, 534,
2943 541, 533, 533, 536, 535, 538, 539, 537, 537, 540,
2944 543, 539, 542, 544, 540, 547, 550, 546, 541, 0,
2945 542, 0, 543, 548, 538, 562, 0, 541, 552, 551,
2946 556, 550, 553, 539, 544, 546, 552, 543, 547, 542,
2947 544, 551, 547, 550, 546, 553, 548, 557, 554, 555,
2948 548, 559, 558, 556, 559, 552, 551, 556, 555, 553,
2949
2950 554, 557, 560, 561, 564, 563, 569, 565, 0, 0,
2951 567, 566, 568, 577, 557, 554, 555, 558, 559, 558,
2952 563, 560, 565, 567, 568, 570, 0, 575, 569, 560,
2953 561, 580, 563, 569, 565, 566, 564, 567, 566, 568,
2954 571, 573, 572, 574, 576, 577, 573, 571, 578, 570,
2955 571, 579, 570, 572, 575, 581, 582, 574, 571, 585,
2956 581, 583, 582, 580, 586, 584, 587, 571, 589, 572,
2957 574, 576, 586, 573, 571, 578, 583, 571, 579, 588,
2958 590, 585, 592, 582, 590, 587, 585, 581, 583, 584,
2959 589, 586, 584, 587, 591, 589, 593, 594, 597, 595,
2960
2961 598, 606, 591, 588, 594, 592, 588, 590, 596, 592,
2962 599, 600, 601, 598, 0, 0, 0, 596, 601, 602,
2963 597, 591, 595, 600, 594, 597, 595, 598, 593, 607,
2964 0, 604, 603, 606, 608, 596, 599, 599, 600, 601,
2965 603, 602, 604, 605, 609, 610, 602, 608, 611, 609,
2966 605, 607, 609, 609, 610, 612, 607, 617, 604, 603,
2967 0, 608, 613, 614, 612, 615, 619, 0, 609, 617,
2968 605, 609, 610, 613, 611, 611, 609, 620, 616, 609,
2969 609, 0, 612, 621, 617, 614, 622, 615, 0, 613,
2970 614, 616, 615, 623, 624, 620, 628, 625, 619, 631,
2971
2972 626, 0, 632, 627, 620, 616, 631, 621, 622, 622,
2973 621, 626, 627, 622, 629, 623, 628, 630, 624, 625,
2974 623, 624, 633, 628, 625, 634, 631, 626, 629, 632,
2975 627, 635, 636, 634, 639, 622, 637, 635, 638, 630,
2976 633, 629, 0, 636, 630, 641, 640, 642, 642, 633,
2977 643, 0, 634, 638, 637, 645, 644, 646, 635, 636,
2978 650, 652, 647, 637, 645, 638, 639, 640, 648, 641,
2979 646, 649, 641, 640, 643, 647, 642, 643, 644, 649,
2980 651, 653, 645, 644, 646, 654, 656, 654, 655, 647,
2981 648, 656, 650, 652, 0, 648, 661, 657, 649, 658,
2982
2983 660, 0, 651, 663, 661, 653, 659, 651, 653, 662,
2984 655, 657, 654, 658, 665, 655, 0, 666, 656, 667,
2985 659, 659, 664, 661, 657, 663, 658, 662, 659, 664,
2986 663, 669, 660, 659, 673, 668, 662, 666, 670, 667,
2987 665, 665, 671, 674, 666, 674, 667, 659, 659, 664,
2988 668, 672, 671, 670, 0, 675, 672, 683, 676, 668,
2989 673, 673, 668, 669, 671, 670, 676, 677, 681, 671,
2990 674, 0, 678, 684, 0, 679, 681, 668, 680, 671,
2991 675, 678, 675, 672, 679, 676, 682, 680, 685, 683,
2992 0, 686, 677, 682, 677, 681, 684, 687, 688, 678,
2993
2994 684, 692, 679, 686, 689, 680, 685, 688, 690, 687,
2995 691, 695, 689, 682, 693, 685, 694, 690, 686, 696,
2996 0, 693, 691, 0, 687, 688, 695, 696, 697, 694,
2997 699, 689, 690, 692, 697, 690, 700, 691, 695, 698,
2998 701, 693, 704, 694, 690, 700, 696, 698, 705, 702,
2999 704, 701, 706, 699, 707, 697, 711, 699, 702, 703,
3000 703, 708, 0, 700, 709, 706, 698, 701, 703, 704,
3001 705, 0, 711, 713, 710, 705, 702, 709, 714, 706,
3002 707, 707, 710, 711, 708, 712, 703, 703, 708, 714,
3003 716, 709, 718, 717, 715, 713, 719, 0, 712, 723,
3004
3005 713, 710, 715, 720, 716, 714, 720, 721, 723, 722,
3006 725, 726, 712, 717, 718, 724, 719, 716, 728, 718,
3007 717, 715, 727, 719, 726, 729, 723, 0, 725, 721,
3008 720, 722, 730, 728, 721, 724, 722, 725, 726, 731,
3009 727, 732, 724, 733, 734, 728, 735, 736, 738, 727,
3010 0, 740, 745, 0, 730, 737, 733, 729, 735, 730,
3011 736, 737, 734, 731, 732, 741, 731, 742, 732, 739,
3012 733, 734, 744, 735, 736, 738, 746, 739, 740, 747,
3013 744, 752, 737, 746, 745, 742, 748, 741, 749, 750,
3014 749, 751, 741, 0, 742, 739, 739, 753, 750, 744,
3015
3016 752, 748, 747, 746, 739, 754, 747, 755, 752, 755,
3017 759, 756, 0, 748, 754, 749, 750, 753, 756, 0,
3018 762, 0, 759, 751, 753, 765, 769, 766, 778, 0,
3019 762, 0, 754, 0, 755, 0, 0, 759, 756, 757,
3020 768, 0, 757, 765, 769, 771, 757, 762, 766, 757,
3021 0, 770, 765, 769, 766, 772, 757, 757, 774, 757,
3022 778, 768, 770, 773, 757, 782, 757, 768, 771, 757,
3023 775, 782, 771, 757, 774, 776, 757, 781, 770, 775,
3024 777, 772, 772, 757, 757, 774, 757, 777, 776, 773,
3025 773, 780, 782, 784, 783, 0, 0, 775, 780, 781,
3026
3027 787, 786, 776, 783, 781, 0, 0, 777, 779, 779,
3028 785, 779, 0, 785, 779, 788, 784, 786, 780, 779,
3029 784, 783, 787, 788, 786, 779, 779, 787, 786, 789,
3030 791, 790, 791, 795, 779, 779, 779, 785, 779, 792,
3031 793, 779, 788, 790, 786, 793, 779, 794, 797, 796,
3032 0, 789, 779, 779, 798, 799, 789, 791, 790, 795,
3033 795, 796, 800, 792, 802, 801, 792, 794, 803, 804,
3034 797, 805, 793, 810, 794, 797, 796, 799, 806, 805,
3035 798, 798, 799, 807, 804, 809, 800, 801, 813, 800,
3036 807, 802, 801, 803, 808, 803, 804, 811, 805, 810,
3037
3038 810, 806, 808, 812, 809, 806, 816, 815, 814, 811,
3039 807, 816, 809, 817, 813, 813, 812, 814, 820, 818,
3040 819, 808, 815, 820, 811, 823, 822, 825, 824, 826,
3041 812, 827, 0, 816, 815, 814, 824, 828, 831, 829,
3042 832, 818, 0, 830, 0, 817, 818, 819, 822, 833,
3043 820, 826, 835, 822, 836, 824, 826, 823, 841, 825,
3044 829, 828, 830, 827, 828, 831, 829, 832, 833, 834,
3045 830, 837, 839, 838, 835, 842, 833, 836, 834, 835,
3046 840, 836, 838, 839, 843, 841, 844, 845, 840, 846,
3047 848, 837, 0, 842, 849, 0, 834, 846, 837, 839,
3048
3049 838, 850, 842, 843, 850, 851, 852, 840, 848, 854,
3050 853, 843, 849, 844, 883, 858, 846, 848, 856, 845,
3051 856, 849, 855, 857, 852, 859, 860, 851, 850, 858,
3052 859, 854, 851, 852, 853, 855, 854, 853, 861, 860,
3053 862, 857, 858, 863, 864, 856, 883, 866, 869, 855,
3054 857, 863, 862, 860, 870, 865, 866, 859, 865, 0,
3055 867, 872, 864, 871, 861, 861, 873, 862, 867, 871,
3056 863, 864, 873, 869, 866, 869, 879, 880, 874, 875,
3057 879, 870, 865, 872, 867, 874, 875, 867, 872, 876,
3058 871, 877, 878, 873, 876, 867, 884, 885, 877, 881,
3059
3060 880, 882, 886, 879, 880, 874, 875, 887, 881, 882,
3061 878, 889, 885, 886, 884, 887, 876, 888, 877, 878,
3062 890, 892, 891, 884, 885, 893, 881, 896, 882, 886,
3063 888, 0, 889, 894, 887, 891, 898, 900, 889, 890,
3064 903, 894, 900, 892, 888, 896, 895, 890, 892, 891,
3065 897, 899, 893, 895, 896, 898, 905, 897, 899, 901,
3066 894, 902, 904, 898, 900, 906, 907, 901, 902, 905,
3067 909, 910, 903, 895, 908, 0, 917, 897, 899, 907,
3068 0, 908, 911, 905, 912, 914, 901, 916, 902, 915,
3069 918, 913, 912, 907, 904, 915, 919, 906, 922, 913,
3070
3071 924, 908, 909, 910, 0, 911, 913, 914, 917, 911,
3072 920, 912, 914, 916, 916, 921, 915, 923, 913, 920,
3073 919, 926, 918, 919, 923, 925, 913, 924, 928, 921,
3074 922, 930, 927, 928, 925, 931, 932, 920, 929, 933,
3075 0, 932, 921, 926, 923, 927, 933, 927, 926, 934,
3076 929, 938, 925, 947, 930, 940, 927, 0, 930, 927,
3077 928, 931, 931, 932, 938, 929, 933, 935, 945, 940,
3078 937, 934, 927, 937, 927, 935, 934, 941, 938, 942,
3079 947, 946, 940, 955, 941, 942, 0, 948, 0, 948,
3080 944, 945, 0, 946, 935, 945, 949, 937, 954, 950,
3081
3082 952, 955, 970, 954, 941, 951, 942, 943, 946, 943,
3083 955, 950, 0, 943, 948, 943, 944, 944, 951, 949,
3084 943, 957, 952, 949, 953, 943, 950, 952, 956, 970,
3085 954, 943, 951, 957, 943, 959, 943, 953, 958, 960,
3086 943, 956, 943, 962, 957, 959, 961, 943, 957, 965,
3087 958, 953, 943, 963, 960, 956, 962, 959, 964, 963,
3088 957, 966, 959, 968, 967, 958, 960, 965, 961, 969,
3089 962, 964, 959, 961, 972, 975, 965, 977, 973, 0,
3090 963, 974, 966, 973, 975, 964, 967, 0, 966, 974,
3091 978, 967, 977, 981, 979, 968, 980, 0, 0, 983,
3092
3093 989, 969, 975, 982, 977, 973, 972, 979, 974, 976,
3094 0, 980, 978, 984, 976, 0, 976, 978, 983, 981,
3095 981, 979, 976, 980, 984, 982, 983, 976, 976, 985,
3096 982, 986, 989, 988, 976, 976, 976, 987, 991, 986,
3097 984, 976, 985, 976, 988, 987, 990, 996, 992, 976,
3098 994, 993, 1000, 991, 976, 976, 985, 992, 986, 994,
3099 988, 976, 993, 995, 987, 991, 997, 1001, 990, 998,
3100 1003, 1002, 995, 990, 996, 992, 998, 994, 993, 1002,
3101 1005, 1004, 1006, 1009, 1000, 1012, 0, 1010, 1013, 997,
3102 995, 1001, 1003, 997, 1001, 1004, 998, 1003, 1002, 1007,
3103
3104 1011, 1009, 1015, 1024, 1006, 1010, 1013, 1007, 1004, 1006,
3105 1009, 1011, 1005, 1014, 1010, 1013, 1016, 1012, 1017, 1019,
3106 1020, 1014, 0, 1016, 1015, 1018, 1007, 1011, 1022, 1015,
3107 1021, 1017, 1018, 1026, 1019, 1024, 1030, 1028, 1020, 0,
3108 1014, 1023, 0, 1016, 1026, 1017, 1019, 1020, 1021, 1022,
3109 1028, 1023, 1018, 1032, 1029, 1022, 1033, 1021, 1030, 1031,
3110 1026, 1029, 1034, 1030, 1028, 1033, 1032, 1031, 1023, 1035,
3111 1036, 1039, 1040, 1042, 1034, 1041, 1043, 1044, 0, 1049,
3112 1032, 1029, 1045, 1033, 1049, 0, 1031, 0, 1052, 1034,
3113 1040, 1035, 1036, 1039, 1045, 1044, 1035, 1036, 1039, 1040,
3114
3115 1046, 1041, 1041, 1053, 1044, 1042, 1048, 1057, 1043, 1045,
3116 1051, 1049, 1052, 1051, 1046, 1052, 1053, 1048, 1054, 1056,
3117 1055, 1057, 1059, 1058, 1061, 1054, 1062, 1046, 1056, 0,
3118 1053, 1055, 1060, 1048, 1057, 1058, 1051, 1051, 1062, 1060,
3119 1051, 1063, 1064, 0, 1066, 1054, 1056, 1055, 1067, 1071,
3120 1058, 1068, 1069, 1062, 1059, 1064, 1061, 1068, 1070, 1060,
3121 1071, 1073, 1074, 1063, 1072, 1077, 1075, 1080, 1063, 1064,
3122 1066, 1066, 1067, 1079, 1069, 1067, 1071, 1081, 1068, 1069,
3123 1070, 1075, 1072, 1073, 1074, 1070, 1077, 1078, 1073, 1074,
3124 1082, 1072, 1077, 1075, 1079, 1084, 1083, 1086, 1078, 1080,
3125
3126 1079, 1085, 1087, 1091, 1081, 1083, 1086, 1089, 1082, 1088,
3127 1087, 1090, 1092, 1093, 1078, 1094, 1088, 1082, 1096, 1084,
3128 1105, 1095, 1084, 1083, 1086, 1090, 1098, 1085, 1085, 1087,
3129 1097, 1089, 1100, 1103, 1089, 1091, 1088, 1094, 1090, 1102,
3130 1101, 1104, 1094, 1095, 1092, 1093, 1102, 1105, 1095, 1101,
3131 1096, 1106, 1097, 1107, 1100, 1108, 1112, 1097, 1098, 1100,
3132 1110, 1111, 1109, 1104, 1108, 1103, 1102, 1101, 1104, 1106,
3133 1109, 1107, 1112, 1113, 1117, 1115, 1118, 1114, 1106, 0,
3134 1107, 0, 1108, 1112, 1110, 1111, 1114, 1110, 1111, 1109,
3135 1115, 1116, 1120, 1119, 1121, 1113, 1124, 1123, 1125, 1116,
3136
3137 1113, 1122, 1115, 1127, 1114, 1119, 1117, 1125, 1118, 1122,
3138 1123, 1124, 1127, 1128, 1120, 1130, 1133, 1130, 1116, 1120,
3139 1119, 1121, 1134, 1124, 1123, 1125, 1129, 1132, 1122, 1135,
3140 1127, 1128, 1137, 1136, 1129, 1132, 1140, 1139, 1146, 1137,
3141 1128, 1134, 1130, 1133, 1142, 1144, 1141, 1143, 1140, 1134,
3142 1139, 1135, 1147, 1129, 1132, 1136, 1135, 0, 1149, 1137,
3143 1136, 1141, 1145, 1140, 1139, 1143, 1142, 1148, 1150, 1145,
3144 1146, 1142, 1144, 1141, 1143, 1151, 1154, 1152, 1148, 1153,
3145 1149, 1157, 1161, 1156, 1147, 1149, 1206, 1155, 1158, 1145,
3146 1152, 1156, 1153, 1150, 1148, 1150, 0, 1151, 1154, 1155,
3147
3148 1158, 1157, 1151, 1154, 1152, 1159, 1153, 1162, 1157, 1161,
3149 1156, 1164, 1163, 1159, 1155, 1158, 1165, 1166, 1206, 1167,
3150 1162, 1163, 1169, 1164, 1166, 1170, 1171, 1172, 1167, 0,
3151 1167, 0, 1159, 1167, 1162, 1175, 1173, 1165, 1164, 1163,
3152 0, 1167, 1176, 1165, 1166, 1169, 1167, 1178, 1171, 1169,
3153 1176, 1170, 1170, 1171, 1172, 1167, 1173, 1167, 1174, 1175,
3154 1167, 1177, 1175, 1173, 1179, 1178, 1181, 1180, 1182, 1176,
3155 1177, 1174, 1187, 0, 1178, 1180, 1183, 0, 1188, 1185,
3156 1184, 1181, 1189, 0, 1193, 1174, 1179, 1185, 1177, 1183,
3157 1182, 1179, 1191, 1181, 1180, 1182, 1184, 1192, 1194, 1187,
3158
3159 1188, 1190, 1193, 1183, 1189, 1188, 1185, 1184, 1190, 1189,
3160 1194, 1193, 1199, 1196, 1191, 1195, 1200, 1197, 1198, 1191,
3161 1192, 1196, 1205, 0, 1192, 1194, 1197, 1195, 1190, 1201,
3162 1198, 1200, 1199, 1204, 1205, 0, 0, 1201, 1203, 1199,
3163 1196, 1197, 1195, 1200, 1197, 1198, 1202, 1203, 1207, 1205,
3164 1208, 1209, 1202, 1197, 1204, 1207, 1201, 1208, 1210, 1211,
3165 1204, 1212, 1214, 1213, 1214, 1203, 1216, 1211, 1215, 1209,
3166 1210, 1213, 1217, 1202, 1219, 1207, 1212, 1208, 1209, 1217,
3167 1215, 1220, 1222, 1221, 1223, 1210, 1211, 1226, 1212, 1214,
3168 1213, 1223, 1224, 1220, 1225, 1215, 1221, 1231, 1216, 1217,
3169
3170 1227, 1222, 1226, 1224, 1228, 1227, 1219, 1229, 1220, 1222,
3171 1221, 1223, 1228, 1230, 1226, 1233, 1225, 1234, 1235, 1224,
3172 1229, 1225, 1239, 1231, 1231, 1236, 1248, 1230, 0, 1233,
3173 0, 1228, 1227, 1237, 1229, 1234, 0, 1243, 1238, 1240,
3174 1230, 1232, 1233, 1243, 1234, 1232, 0, 1241, 1232, 1232,
3175 1235, 1236, 1236, 1232, 1239, 1237, 1238, 1242, 1248, 1232,
3176 1237, 1240, 1244, 1232, 1243, 1238, 1240, 1232, 1232, 1241,
3177 1246, 1245, 1232, 1245, 1241, 1232, 1232, 1246, 1247, 1251,
3178 1232, 1249, 1254, 1242, 1242, 1250, 1232, 1247, 1244, 1244,
3179 1232, 1252, 1250, 1253, 1255, 1245, 1257, 1246, 1245, 1249,
3180
3181 1245, 1251, 1253, 1256, 1252, 1247, 1251, 1258, 1249, 1260,
3182 1266, 1261, 1250, 0, 1254, 0, 1263, 1263, 1252, 1257,
3183 1253, 1258, 1262, 1257, 1261, 1256, 1255, 1264, 0, 1267,
3184 1256, 1260, 0, 1266, 1258, 1259, 1260, 1266, 1261, 1269,
3185 1259, 1267, 1259, 1264, 1259, 1263, 1259, 1270, 1262, 1262,
3186 1268, 1274, 1270, 1259, 1264, 1272, 1267, 1269, 1271, 1268,
3187 1272, 1273, 1259, 1275, 1274, 1279, 1269, 1259, 1280, 1259,
3188 0, 1259, 1276, 1259, 1278, 0, 1271, 1268, 1274, 1270,
3189 1276, 1275, 1272, 1273, 1277, 1271, 1282, 1278, 1273, 1281,
3190 1275, 0, 1277, 1283, 1280, 1280, 1284, 1279, 1289, 1276,
3191
3192 1289, 1278, 1285, 1286, 1281, 1282, 1283, 1287, 1288, 1290,
3193 1291, 1277, 1292, 1282, 1293, 1285, 1281, 1288, 1284, 1294,
3194 1283, 1286, 1300, 1284, 1292, 1289, 1296, 1287, 1302, 1285,
3195 1286, 1290, 1297, 1299, 1287, 1288, 1290, 1291, 1301, 1292,
3196 1298, 1293, 1303, 1308, 1294, 1301, 1294, 0, 1298, 1300,
3197 1296, 1299, 1304, 1296, 1297, 1302, 1305, 1306, 1307, 1297,
3198 1299, 1310, 1305, 1306, 1307, 1301, 1309, 1298, 1303, 1303,
3199 1308, 1310, 1311, 1309, 1304, 1312, 1313, 1315, 1314, 1304,
3200 1317, 0, 1312, 1305, 1306, 1307, 1316, 0, 1310, 1317,
3201 1319, 1320, 0, 1309, 1321, 1315, 1311, 1322, 1323, 1311,
3202
3203 1314, 0, 1312, 1320, 1315, 1314, 1326, 1317, 1313, 1324,
3204 1322, 1316, 1325, 1316, 1319, 1327, 1321, 1319, 1320, 1328,
3205 1323, 1321, 1329, 1330, 1322, 1323, 1331, 1333, 1324, 1335,
3206 1326, 1332, 1330, 1326, 1325, 1336, 1324, 1327, 1337, 1325,
3207 1339, 1333, 1327, 0, 1329, 1328, 1328, 1331, 1338, 1329,
3208 1330, 1332, 1342, 1331, 1333, 1340, 1341, 1343, 1332, 1344,
3209 1337, 1335, 1347, 1346, 1341, 1337, 1344, 1336, 1342, 1349,
3210 1338, 1347, 1339, 1340, 1348, 1338, 1352, 1353, 1354, 1342,
3211 1350, 1349, 1340, 1341, 1343, 1346, 1344, 1350, 1351, 1347,
3212 1346, 1348, 1351, 1356, 0, 1358, 1349, 1357, 0, 1354,
3213
3214 1361, 1348, 1358, 1357, 1359, 1354, 1360, 1350, 1352, 1353,
3215 1357, 1359, 1363, 1361, 1362, 1351, 1365, 1368, 1365, 1364,
3216 1366, 1360, 1358, 1362, 1357, 1356, 1364, 1361, 1367, 1366,
3217 1357, 1359, 1369, 1360, 1370, 1373, 1369, 1372, 1363, 1363,
3218 1373, 1362, 1374, 1365, 1368, 1372, 1364, 1366, 1375, 1376,
3219 1367, 1374, 1377, 0, 0, 1367, 1370, 1382, 1378, 1369,
3220 1379, 1370, 1381, 1379, 1372, 1377, 1375, 1373, 1376, 1374,
3221 1378, 1380, 1379, 1383, 1380, 1375, 1376, 1385, 1387, 1377,
3222 1381, 1386, 1382, 1388, 1382, 1378, 1383, 1379, 1388, 1381,
3223 1379, 1389, 1392, 1380, 1387, 1390, 1390, 1391, 1380, 1389,
3224
3225 1383, 1380, 1394, 1393, 1386, 1387, 1391, 0, 1386, 1385,
3226 1395, 1394, 1396, 1397, 1392, 1388, 1402, 1395, 1389, 1392,
3227 1397, 1403, 1390, 1399, 1391, 1393, 1400, 0, 1406, 1394,
3228 1393, 0, 1401, 0, 1396, 1400, 1399, 1395, 1404, 1396,
3229 1397, 1401, 1402, 1402, 1403, 1408, 1405, 1404, 1403, 1407,
3230 1399, 0, 0, 1400, 1405, 1409, 1408, 1410, 1414, 1401,
3231 1406, 1413, 1411, 1409, 1407, 1404, 1412, 1415, 1416, 1413,
3232 1410, 0, 1408, 1405, 1411, 1418, 1407, 1417, 1412, 1419,
3233 1414, 1418, 1409, 1420, 1410, 1414, 1417, 1415, 1413, 1411,
3234 1416, 1421, 1423, 1412, 1415, 1416, 1422, 1419, 1424, 1423,
3235
3236 1425, 1426, 1418, 1421, 1417, 0, 1419, 1427, 1429, 1420,
3237 1420, 1428, 0, 1434, 1422, 1430, 1431, 1433, 1421, 1423,
3238 1427, 1435, 1432, 1422, 1424, 1424, 1436, 1431, 1432, 1437,
3239 1440, 0, 1425, 1426, 1427, 1429, 1430, 1428, 1428, 1433,
3240 1438, 1441, 1430, 1431, 1433, 1434, 1444, 1442, 0, 1432,
3241 1443, 1446, 1447, 1435, 1448, 1437, 1437, 1440, 1436, 1443,
3242 1451, 1444, 1445, 1446, 1441, 1442, 1438, 1438, 1441, 1449,
3243 1452, 1450, 1447, 1444, 1442, 1445, 1449, 1443, 1446, 1447,
3244 1448, 1448, 1451, 1452, 1453, 1461, 1454, 1451, 1455, 1445,
3245 1450, 1454, 1453, 1455, 1456, 1458, 1449, 1452, 1450, 1457,
3246
3247 1459, 1456, 1462, 1458, 1465, 1460, 1463, 1461, 1459, 1469,
3248 1462, 1453, 1461, 1463, 0, 1464, 1466, 1472, 1454, 1471,
3249 1455, 1456, 1458, 1460, 1464, 1457, 1457, 1459, 1467, 1462,
3250 1468, 1468, 1460, 1463, 1481, 1467, 1465, 1470, 1466, 1473,
3251 1471, 1469, 1464, 1466, 1474, 1470, 1471, 1473, 1475, 1472,
3252 1476, 1477, 1474, 1480, 1478, 1467, 1475, 1468, 1476, 1477,
3253 1481, 1481, 1479, 1482, 1470, 1480, 1473, 1478, 1479, 1486,
3254 1485, 1474, 1487, 1488, 1483, 1475, 1484, 1476, 1477, 1489,
3255 1480, 1478, 1483, 1495, 1484, 1485, 1491, 1482, 0, 1479,
3256 1482, 1490, 1495, 1492, 1493, 1488, 1486, 1485, 1493, 1487,
3257
3258 1488, 1483, 1489, 1484, 1491, 1490, 1489, 1492, 1496, 1498,
3259 1495, 1493, 1497, 1491, 1500, 1499, 1498, 0, 1490, 1493,
3260 1492, 1493, 1501, 1502, 1497, 1493, 1499, 1507, 1505, 1506,
3261 1496, 1503, 1504, 1513, 1508, 1496, 1498, 1521, 1493, 1497,
3262 1509, 1500, 1499, 1503, 1501, 1511, 1504, 1509, 1514, 1501,
3263 1507, 1506, 1519, 1510, 1507, 1502, 1506, 1508, 1503, 1504,
3264 1505, 1508, 1510, 1511, 1512, 1513, 1520, 1509, 1516, 1521,
3265 1518, 1512, 1511, 1524, 1519, 1514, 1518, 1516, 1522, 1519,
3266 1510, 1527, 1526, 1528, 1533, 1522, 0, 1529, 1530, 1532,
3267 1533, 1512, 1520, 1520, 1528, 1516, 1534, 1518, 1529, 1530,
3268
3269 1524, 1535, 0, 1534, 1537, 1522, 1526, 1543, 1527, 1526,
3270 1528, 1533, 1539, 1532, 1529, 1530, 1532, 1536, 1539, 1535,
3271 1538, 1540, 0, 1534, 1536, 1542, 0, 1541, 1535, 1540,
3272 1537, 1537, 1538, 1543, 1543, 1544, 1545, 0, 1542, 1539,
3273 1547, 1554, 1547, 1546, 1536, 1545, 1549, 1538, 1540, 1541,
3274 1548, 1550, 1542, 1544, 1541, 1546, 1551, 1548, 1552, 1553,
3275 0, 1555, 1544, 1545, 1550, 1551, 1557, 1547, 1554, 1556,
3276 1546, 1553, 1549, 1549, 1558, 1560, 1556, 1548, 1550, 1558,
3277 1552, 1559, 1561, 1551, 1555, 1552, 1553, 1562, 1555, 1559,
3278 1563, 1560, 1557, 1557, 1565, 1562, 1556, 1567, 1566, 0,
3279
3280 1571, 1558, 1560, 1573, 1568, 1561, 1570, 1569, 1559, 1561,
3281 0, 1567, 1563, 1571, 1562, 1570, 1573, 1563, 1569, 1575,
3282 1576, 1565, 1566, 1579, 1567, 1566, 1568, 1571, 1572, 1572,
3283 1573, 1568, 1577, 1570, 1569, 1574, 1572, 1574, 1581, 1577,
3284 1580, 1578, 1576, 1590, 1582, 1575, 1575, 1576, 1578, 1583,
3285 1579, 1582, 1585, 1584, 1586, 1572, 1572, 1587, 1580, 1577,
3286 1581, 1586, 1574, 1594, 1589, 1581, 1592, 1580, 1578, 1595,
3287 1590, 1582, 1595, 1596, 1583, 1584, 1583, 1589, 1591, 1598,
3288 1584, 1586, 1597, 1600, 1585, 1594, 1591, 1592, 1599, 1587,
3289 1594, 1589, 1598, 1592, 1601, 1600, 1595, 1599, 1602, 1596,
3290
3291 1596, 1604, 1603, 1607, 1608, 1591, 1598, 1605, 1597, 1597,
3292 1600, 1603, 1611, 0, 1605, 1599, 1604, 1606, 1601, 0,
3293 1606, 1601, 1609, 1612, 1602, 1602, 1608, 1614, 1604, 1603,
3294 1611, 1608, 1606, 1615, 1605, 1607, 1616, 1617, 1609, 1611,
3295 1613, 1606, 1613, 0, 1606, 1612, 1609, 1606, 1618, 1609,
3296 1612, 1614, 1619, 1621, 1614, 1620, 0, 1623, 0, 1606,
3297 1615, 1622, 1627, 1624, 1628, 1609, 1625, 1613, 1616, 1617,
3298 1618, 1623, 1624, 1626, 1625, 1618, 1629, 1630, 1619, 1619,
3299 1626, 1620, 1620, 1622, 1623, 1621, 1627, 1632, 1622, 1627,
3300 1624, 1631, 0, 1625, 1633, 1634, 1628, 1635, 1633, 1638,
3301
3302 1626, 1636, 1637, 1640, 1639, 0, 1638, 1641, 1629, 1630,
3303 1640, 1637, 1639, 1631, 1642, 1654, 1646, 1634, 1631, 1632,
3304 1641, 1633, 1634, 1636, 1635, 1643, 1638, 1642, 1636, 1637,
3305 1640, 1639, 1647, 1644, 1641, 1645, 1648, 1645, 1643, 1646,
3306 1651, 1642, 1644, 1646, 1648, 1649, 1652, 1654, 0, 1655,
3307 1653, 0, 1643, 1658, 1661, 1651, 1655, 1647, 1656, 1647,
3308 1644, 1652, 1645, 1648, 1653, 1649, 1658, 1651, 1657, 1656,
3309 1663, 1666, 1649, 1652, 1664, 1657, 1655, 1653, 1659, 1662,
3310 1658, 1661, 1665, 1666, 1659, 1656, 1662, 1667, 1668, 1664,
3311 1669, 1668, 1663, 1670, 0, 1657, 0, 1663, 1666, 1669,
3312
3313 1667, 1664, 1672, 1697, 1671, 1659, 1662, 1673, 1665, 1665,
3314 1673, 1670, 1674, 1680, 1667, 1668, 1671, 1669, 1679, 1681,
3315 1670, 1676, 1672, 1674, 1685, 1673, 1676, 1683, 1678, 1672,
3316 1678, 1671, 1682, 1676, 1673, 1697, 1683, 1673, 1684, 1674,
3317 1680, 1687, 1679, 1686, 1688, 1679, 1681, 1682, 1676, 1687,
3318 1689, 1685, 1691, 1676, 1683, 1678, 1690, 1686, 1692, 1682,
3319 1691, 1698, 1684, 1693, 1694, 1684, 1688, 0, 1687, 1692,
3320 1686, 1688, 1694, 1699, 1689, 0, 1696, 1689, 1690, 1691,
3321 0, 1693, 1700, 1690, 1695, 1692, 1702, 1695, 1698, 1700,
3322 1693, 1694, 1701, 1699, 1696, 1702, 1704, 1703, 1706, 1705,
3323
3324 1699, 1707, 1695, 1696, 1705, 1729, 1701, 1704, 1712, 1700,
3325 1703, 1695, 1711, 1702, 1695, 1710, 1707, 1710, 1713, 1701,
3326 1706, 1711, 1714, 1704, 1703, 1706, 1715, 0, 1707, 1713,
3327 1715, 1705, 1716, 1717, 1712, 1712, 1717, 1729, 0, 1711,
3328 1714, 1719, 1710, 1718, 0, 1713, 1716, 1721, 1720, 1714,
3329 1719, 1717, 1715, 1715, 1720, 1725, 1721, 1715, 1716, 1716,
3330 1717, 1722, 1727, 1717, 1724, 1718, 1722, 1725, 1719, 1730,
3331 1718, 1726, 1728, 1716, 1721, 1720, 1726, 1724, 1730, 1731,
3332 1732, 1733, 1725, 1735, 1727, 1728, 1736, 1734, 1740, 1727,
3333 1738, 1724, 1739, 1722, 1743, 1741, 1730, 1738, 1726, 1728,
3334
3335 1734, 0, 1745, 1733, 1742, 1739, 1731, 1736, 1733, 1741,
3336 1742, 1750, 1732, 1736, 1734, 1735, 1747, 1738, 1751, 1739,
3337 1740, 1745, 1741, 1752, 1747, 1748, 1743, 1749, 1742, 1745,
3338 1750, 1742, 1753, 1748, 1755, 1749, 1756, 1742, 1750, 1754,
3339 1751, 1752, 1757, 1747, 1758, 1751, 1753, 1759, 1755, 1756,
3340 1752, 1760, 1748, 1761, 1749, 1757, 1768, 1754, 1762, 1753,
3341 1766, 1755, 1765, 1756, 1764, 1758, 1754, 1761, 1763, 1757,
3342 1765, 1758, 1767, 1764, 1773, 1763, 1769, 1774, 0, 1759,
3343 1761, 1769, 1770, 1760, 1774, 1762, 1767, 1766, 1768, 1765,
3344 1775, 1764, 1758, 1770, 1776, 1763, 1771, 1778, 1779, 1767,
3345
3346 1777, 1773, 1781, 1769, 1774, 1771, 1781, 1777, 1780, 1770,
3347 1785, 1788, 1783, 1775, 1784, 1786, 1776, 1775, 1790, 1778,
3348 1779, 1776, 1792, 1771, 1778, 1779, 1780, 1777, 1783, 1781,
3349 1786, 1787, 1784, 1790, 1785, 1780, 1789, 1785, 1788, 1783,
3350 1791, 1784, 1786, 1787, 1789, 1790, 1793, 1795, 1791, 1792,
3351 1794, 1796, 1798, 1800, 1799, 1802, 1801, 1804, 1787, 1793,
3352 1798, 1799, 1795, 1789, 1802, 1803, 1796, 1791, 1806, 1805,
3353 1794, 1801, 1808, 1793, 1795, 1811, 1810, 1794, 1796, 1798,
3354 1809, 1799, 1802, 1801, 1804, 1800, 1803, 1813, 1812, 1814,
3355 1815, 1831, 1803, 1805, 1808, 1806, 1805, 1815, 1809, 1808,
3356
3357 1816, 1817, 1811, 1812, 1819, 1816, 0, 1809, 1810, 1818,
3358 1817, 1820, 1813, 1814, 1813, 1812, 1814, 1815, 1818, 1821,
3359 1822, 1824, 1823, 1831, 0, 0, 1819, 1816, 1817, 1829,
3360 1828, 1819, 1825, 1820, 1823, 1822, 1818, 1821, 1820, 1830,
3361 0, 1829, 0, 1824, 1826, 1825, 1821, 1822, 1824, 1823,
3362 1825, 1826, 1828, 1827, 1834, 1832, 1829, 1828, 1836, 1825,
3363 1827, 1832, 1834, 1837, 1838, 1835, 1830, 1840, 1841, 1836,
3364 1837, 1826, 1825, 1835, 1842, 1827, 1843, 1844, 1851, 1845,
3365 1827, 1834, 1832, 1843, 1839, 1836, 1839, 1827, 1854, 1838,
3366 1837, 1838, 1835, 1840, 1840, 1841, 1846, 1839, 1849, 1850,
3367
3368 1852, 1842, 1846, 1843, 1844, 1845, 1845, 1855, 1847, 1848,
3369 1851, 1839, 1856, 1839, 1847, 1848, 1855, 1870, 1857, 1858,
3370 1854, 1858, 1850, 1846, 1852, 1849, 1850, 1852, 1859, 1860,
3371 1861, 1862, 1863, 1865, 1855, 1847, 1848, 1861, 1864, 1865,
3372 1857, 1866, 1867, 0, 1856, 1857, 1858, 1868, 1869, 1870,
3373 1864, 0, 1859, 1862, 1872, 1859, 1860, 1861, 1862, 1863,
3374 1865, 1872, 1873, 1866, 1867, 1864, 1875, 1881, 1866, 1867,
3375 1869, 1873, 1874, 1868, 1868, 1869, 1871, 1871, 1871, 1874,
3376 1876, 1872, 1879, 1871, 1880, 1878, 1882, 1876, 1883, 1873,
3377 1878, 1871, 1881, 1884, 1881, 1879, 1880, 1888, 1875, 1874,
3378
3379 1883, 1885, 1882, 1871, 1871, 1871, 1887, 1876, 1890, 1879,
3380 1871, 1880, 1887, 1882, 1886, 1883, 1893, 1878, 1894, 1885,
3381 1891, 1886, 1889, 1889, 1888, 1884, 1892, 1891, 1885, 1895,
3382 1898, 1892, 1900, 1887, 1890, 1890, 1895, 1899, 1903, 1899,
3383 1902, 1886, 1893, 1893, 1903, 1894, 1904, 1891, 1906, 1889,
3384 1900, 1916, 1905, 1892, 1907, 1918, 1895, 1898, 1902, 1900,
3385 1907, 1908, 1909, 1905, 1899, 1903, 1910, 1902, 1911, 1911,
3386 1912, 1913, 1913, 1908, 1914, 1906, 1921, 1917, 1904, 1905,
3387 1925, 1907, 1909, 1916, 1910, 1914, 1920, 1918, 1908, 1909,
3388 1922, 1926, 1927, 1910, 1924, 1911, 1912, 1912, 1913, 1917,
3389
3390 1919, 1914, 1924, 1929, 1917, 1928, 1920, 1919, 1921, 1931,
3391 1929, 1932, 1925, 1920, 1927, 1922, 1930, 1922, 1926, 1927,
3392 1933, 1924, 1934, 1928, 1930, 1936, 1932, 1919, 1935, 1935,
3393 1929, 1934, 1928, 1931, 1937, 1938, 1931, 1941, 1932, 0,
3394 0, 1939, 1940, 1930, 1933, 1946, 1949, 1933, 1939, 1934,
3395 1943, 1936, 1936, 1941, 1940, 1935, 1944, 1943, 1949, 1945,
3396 1941, 1944, 1947, 1948, 1941, 1947, 1937, 1938, 1939, 1940,
3397 1951, 1948, 1946, 1949, 1953, 1952, 0, 1943, 1951, 1956,
3398 1941, 1945, 1954, 1944, 1957, 1959, 1945, 1955, 1958, 1947,
3399 1948, 1962, 0, 1958, 0, 1961, 0, 1951, 1952, 1962,
3400
3401 1953, 1953, 1952, 1954, 1958, 1955, 1956, 1957, 1961, 1954,
3402 1960, 1957, 1959, 1963, 1955, 1958, 1960, 1964, 1962, 1965,
3403 1958, 1966, 1961, 1967, 1964, 1968, 1965, 1969, 1966, 1970,
3404 1972, 1971, 1983, 1973, 1968, 1963, 0, 1960, 1974, 1969,
3405 1963, 1985, 1979, 1978, 1964, 1971, 1965, 1981, 1966, 1976,
3406 1978, 1970, 1968, 1987, 1969, 1967, 1970, 1972, 1971, 1973,
3407 1973, 1974, 1989, 1977, 1983, 1974, 1982, 1976, 1977, 1979,
3408 1978, 1982, 1988, 1985, 1981, 1987, 1976, 1986, 1986, 1977,
3409 1987, 1991, 1992, 1996, 1994, 1993, 1995, 1988, 1995, 1998,
3410 1977, 1999, 1997, 2000, 1989, 1977, 1991, 1997, 1982, 1988,
3411
3412 1993, 2000, 2002, 0, 1986, 1992, 2007, 2001, 1991, 1992,
3413 1994, 1994, 1993, 1995, 2001, 1996, 2003, 2005, 1999, 1997,
3414 2000, 1998, 2006, 2009, 2002, 2010, 2011, 2012, 2007, 2002,
3415 2006, 2003, 2005, 2007, 2001, 2013, 2014, 2015, 2016, 2018,
3416 2017, 0, 2013, 2003, 2005, 2022, 0, 2009, 2020, 2006,
3417 2009, 2010, 2010, 2011, 2012, 2024, 2023, 2018, 2015, 2026,
3418 2016, 2017, 2013, 2027, 2015, 2016, 2018, 2017, 2014, 2022,
3419 2020, 2023, 2022, 2028, 2026, 2020, 2029, 2031, 2027, 2030,
3420 2032, 2024, 2024, 2023, 2033, 2034, 2026, 2035, 2038, 2037,
3421 2027, 2036, 0, 2041, 2035, 2028, 2038, 2030, 2037, 2031,
3422
3423 2028, 2039, 2032, 2029, 2031, 2040, 2030, 2032, 2033, 2036,
3424 2042, 2033, 2034, 2043, 2035, 2038, 2037, 2044, 2036, 2042,
3425 2045, 2048, 2068, 2047, 2039, 2041, 2044, 2040, 2039, 2050,
3426 2048, 2043, 2040, 2045, 2047, 2049, 2050, 2042, 2051, 2052,
3427 2043, 2055, 2059, 2053, 2044, 2054, 2056, 2045, 2048, 2047,
3428 2047, 2054, 2061, 2049, 2068, 0, 2050, 2052, 2053, 2071,
3429 2056, 2047, 2049, 2055, 2051, 2051, 2052, 2062, 2055, 2059,
3430 2053, 2063, 2054, 2056, 2064, 2066, 2061, 2067, 2062, 2061,
3431 2070, 2069, 2063, 2072, 2071, 2064, 2071, 2066, 2073, 2076,
3432 2067, 2069, 2072, 2074, 2062, 2077, 2079, 2080, 2063, 2081,
3433
3434 2079, 2064, 2066, 2086, 2067, 2083, 2070, 2070, 2069, 2084,
3435 2072, 0, 2074, 2082, 2084, 2073, 2076, 2087, 2080, 2120,
3436 2074, 2077, 2077, 2079, 2080, 2083, 2082, 2085, 2089, 2086,
3437 2086, 2081, 2083, 2088, 2085, 2087, 2084, 2090, 2091, 2088,
3438 2082, 2092, 2097, 2089, 2087, 2093, 2093, 2094, 2099, 2097,
3439 2091, 2120, 2090, 2095, 2085, 2089, 2092, 2095, 2098, 2094,
3440 2088, 2100, 2098, 2099, 2090, 2091, 2102, 2101, 2092, 2097,
3441 2095, 2103, 2093, 2102, 2094, 2099, 2101, 2104, 2095, 2105,
3442 2095, 2107, 2108, 2109, 2095, 2098, 2105, 2113, 2100, 2110,
3443 0, 0, 2109, 2102, 2101, 2103, 0, 2095, 2103, 2104,
3444
3445 2111, 2116, 2117, 2107, 2104, 2113, 2105, 2108, 2107, 2108,
3446 2109, 2110, 2115, 2118, 2113, 2119, 2110, 2117, 2122, 2116,
3447 2111, 2115, 2123, 2119, 2124, 2125, 2125, 2111, 2116, 2117,
3448 2127, 2126, 2128, 2133, 2129, 2123, 0, 2130, 2118, 2115,
3449 2118, 2131, 2119, 2122, 2134, 2122, 2130, 0, 2135, 2123,
3450 2131, 2124, 2125, 2126, 2128, 2127, 2129, 2127, 2126, 2128,
3451 2132, 2129, 2135, 2136, 2130, 2133, 2134, 2132, 2131, 2137,
3452 2138, 2134, 2140, 2141, 2137, 2135, 2142, 2144, 2136, 2143,
3453 2140, 2146, 2145, 2147, 0, 2148, 2141, 2132, 2146, 2138,
3454 2136, 2149, 2152, 2144, 2145, 2153, 2156, 2138, 2154, 2140,
3455
3456 2141, 2137, 2150, 2142, 2144, 2143, 2143, 2148, 2146, 2145,
3457 2153, 2150, 2148, 2151, 2156, 2147, 2149, 2155, 2149, 2152,
3458 2157, 2151, 2153, 2156, 2154, 2154, 2158, 2160, 2161, 2150,
3459 2163, 2161, 2151, 2164, 2162, 2158, 2163, 2165, 2164, 0,
3460 2151, 2167, 2157, 2155, 2155, 2166, 2161, 2157, 2151, 2170,
3461 2160, 2169, 2165, 2158, 2160, 2161, 2167, 2163, 2161, 2162,
3462 2171, 2162, 2174, 2166, 2165, 2164, 2169, 2173, 2167, 2174,
3463 2175, 2170, 2166, 2176, 2177, 2178, 2170, 2179, 2169, 2180,
3464 2183, 2173, 2171, 2177, 2178, 2182, 2179, 2171, 2175, 2174,
3465 2180, 2181, 2183, 2181, 2173, 2184, 2186, 2175, 2182, 2187,
3466
3467 2176, 2177, 2178, 2188, 2179, 2189, 2180, 2183, 2194, 2190,
3468 2188, 2186, 2182, 2196, 2187, 2191, 2197, 2184, 2181, 2199,
3469 2197, 2194, 2184, 2186, 2202, 2198, 2187, 2189, 2199, 2194,
3470 2188, 2190, 2189, 2191, 2196, 2194, 2190, 2198, 2201, 2200,
3471 2196, 2200, 2191, 2197, 2203, 2204, 2199, 2206, 2194, 2205,
3472 2207, 2202, 2198, 2208, 2209, 2206, 2201, 2212, 2205, 2211,
3473 2215, 2216, 2203, 2217, 2213, 2201, 2200, 2211, 2209, 2213,
3474 2222, 2203, 2204, 2207, 2206, 2208, 2205, 2207, 2214, 2218,
3475 2208, 2209, 2223, 2214, 2224, 2225, 2211, 2217, 2219, 2212,
3476 2217, 2213, 2215, 2216, 2226, 2219, 2223, 2222, 2218, 2227,
3477
3478 2229, 2231, 2224, 2230, 2228, 2234, 2218, 2223, 2223, 2223,
3479 2214, 2224, 2225, 2228, 2227, 2219, 2232, 2233, 2236, 2238,
3480 2226, 2226, 2237, 2223, 0, 2230, 2227, 2231, 2231, 2237,
3481 2230, 2228, 2229, 2239, 2223, 2242, 2241, 2234, 2241, 2233,
3482 2239, 2236, 2238, 2232, 2233, 2236, 2238, 2243, 2245, 2237,
3483 2246, 2243, 2244, 2250, 2247, 2251, 2249, 2242, 2250, 2246,
3484 2239, 2248, 2242, 2241, 2244, 2247, 2252, 2256, 2248, 2254,
3485 2245, 0, 2253, 2259, 2243, 2245, 2256, 2246, 2249, 2244,
3486 2250, 2247, 2251, 2249, 2253, 2255, 2255, 2257, 2248, 2252,
3487 2258, 2254, 2260, 2252, 2256, 2259, 2254, 2262, 2258, 2253,
3488
3489 2259, 2261, 2257, 2264, 2274, 2265, 2260, 2266, 2267, 2364,
3490 2261, 0, 2255, 2265, 2257, 2266, 2267, 2258, 2270, 2260,
3491 2269, 2268, 2264, 2269, 2262, 2268, 2270, 2271, 2261, 2272,
3492 2264, 2273, 2265, 2271, 2266, 2267, 2274, 2273, 2276, 2278,
3493 2280, 2364, 2279, 2281, 2272, 2270, 2283, 2269, 2268, 2284,
3494 2276, 2285, 2282, 2278, 2271, 2279, 2272, 2289, 2273, 2282,
3495 2286, 2280, 2290, 2291, 2287, 2276, 2278, 2280, 2281, 2279,
3496 2281, 2284, 2288, 2283, 2286, 2285, 2284, 2287, 2285, 2282,
3497 2292, 2293, 2294, 2289, 2289, 2295, 2288, 2286, 2291, 2290,
3498 2291, 2287, 2296, 2293, 2298, 2297, 2294, 2299, 2297, 2288,
3499
3500 0, 2300, 2305, 2303, 2302, 2306, 2307, 2292, 2293, 2294,
3501 2303, 2295, 2295, 2297, 2309, 0, 2311, 2305, 2296, 2296,
3502 2304, 2298, 2297, 2300, 2299, 2297, 2302, 2304, 2300, 2305,
3503 2303, 2302, 2306, 2307, 2308, 2310, 2312, 2313, 2314, 2315,
3504 2316, 2309, 2308, 2311, 2310, 2318, 2320, 2304, 2312, 2322,
3505 2317, 2323, 2324, 2316, 2320, 2318, 2319, 2325, 2329, 2313,
3506 2324, 2308, 2310, 2312, 2313, 2314, 2315, 2316, 2317, 2319,
3507 2327, 2322, 2318, 2320, 2328, 0, 2322, 2317, 2323, 2324,
3508 2326, 2331, 2329, 2319, 2325, 2329, 0, 2330, 2332, 2326,
3509 2337, 2333, 2327, 2336, 2334, 2328, 2332, 2327, 2337, 2338,
3510
3511 2341, 2328, 2330, 2333, 2340, 2336, 2342, 2326, 2331, 2344,
3512 2342, 2340, 2341, 2330, 2330, 2332, 2343, 2337, 2333, 2334,
3513 2336, 2334, 2345, 2347, 2351, 2348, 2338, 2341, 2343, 2330,
3514 2346, 2340, 2344, 2342, 2349, 2352, 2344, 2348, 2346, 2353,
3515 2354, 0, 2352, 2343, 2359, 2347, 2349, 2355, 2357, 2345,
3516 2347, 2351, 2348, 2354, 2356, 2360, 2355, 2346, 2361, 2353,
3517 2357, 2349, 2352, 2356, 2358, 2358, 2353, 2354, 2366, 2362,
3518 2359, 2359, 2365, 2360, 2355, 2357, 2367, 2368, 2369, 2368,
3519 2371, 2356, 2360, 2361, 2362, 2361, 2362, 2365, 2370, 0,
3520 2366, 2358, 2369, 2362, 2370, 2366, 2362, 2374, 2367, 2365,
3521
3522 2372, 2372, 2371, 2367, 2368, 2369, 2375, 2371, 2376, 2377,
3523 2378, 2362, 2379, 2362, 2380, 2370, 2382, 0, 2383, 2374,
3524 2380, 2377, 2381, 2386, 2374, 2384, 2393, 2372, 2375, 2385,
3525 2376, 2385, 2395, 2375, 2381, 2376, 2377, 2386, 2387, 2388,
3526 2383, 2380, 2378, 2389, 2379, 2383, 2390, 2384, 2382, 2381,
3527 2386, 2391, 2384, 2394, 2392, 2395, 2385, 2388, 2393, 2395,
3528 2401, 2389, 2387, 0, 2390, 2387, 2388, 2392, 2397, 2391,
3529 2389, 2400, 2399, 2390, 2402, 2397, 2403, 0, 2391, 2399,
3530 2409, 2392, 2404, 2406, 2403, 2394, 2401, 2401, 2405, 2400,
3531 2407, 2409, 2407, 2410, 2411, 2397, 2412, 2407, 2400, 2399,
3532
3533 2404, 2415, 2403, 2403, 2410, 2406, 2402, 2409, 2412, 2404,
3534 2406, 2403, 2413, 2416, 2405, 2405, 2415, 2407, 2418, 2407,
3535 2410, 2411, 2417, 2412, 2416, 2421, 2420, 2423, 2415, 2422,
3536 2413, 2424, 2427, 2418, 2417, 2425, 2422, 2430, 2431, 2413,
3537 2416, 2428, 2423, 0, 2429, 2418, 2432, 2421, 2433, 2417,
3538 2420, 2435, 2421, 2420, 2423, 0, 2422, 2436, 2424, 2427,
3539 2439, 2425, 2425, 2434, 2432, 2428, 2429, 2437, 2428, 2430,
3540 2431, 2429, 2436, 2432, 2438, 2433, 2434, 2435, 2435, 2440,
3541 2437, 2442, 2438, 2441, 2436, 0, 2439, 2439, 0, 2444,
3542 2434, 2445, 2446, 0, 2437, 2447, 2441, 2450, 2451, 2452,
3543
3544 2453, 2438, 2448, 2442, 2450, 2449, 2455, 0, 2442, 0,
3545 2441, 2440, 2444, 2460, 2453, 2445, 2444, 2447, 2445, 2446,
3546 2448, 2451, 2447, 2449, 2450, 2451, 2452, 2453, 2455, 2448,
3547 2456, 2457, 2449, 2455, 2458, 2459, 2460, 2456, 2457, 2461,
3548 2460, 2458, 2462, 2463, 2464, 2466, 2461, 2465, 2459, 0,
3549 0, 2467, 2468, 2471, 2466, 2469, 2476, 2456, 2457, 2467,
3550 2468, 2458, 2459, 2475, 2462, 2464, 2461, 2477, 2473, 2462,
3551 2470, 2464, 2466, 2465, 2465, 2463, 2470, 2469, 2467, 2468,
3552 2471, 2474, 2469, 2473, 2478, 2475, 2477, 2480, 2476, 2482,
3553 2475, 2483, 2474, 0, 2477, 2473, 2484, 2470, 2485, 2486,
3554
3555 2486, 2487, 2482, 2491, 2492, 2480, 2490, 2493, 2474, 2478,
3556 2497, 2478, 2494, 0, 2480, 2499, 2482, 2483, 2483, 2492,
3557 2484, 2505, 2485, 2484, 2499, 2485, 2486, 2487, 2487, 2490,
3558 2494, 2492, 2501, 2490, 2493, 2491, 2502, 2497, 2507, 2494,
3559 2506, 2506, 2499, 2505, 2507, 2501, 2508, 2502, 2505, 2509,
3560 2510, 2512, 2514, 2515, 0, 2516, 2518, 0, 2517, 2501,
3561 2515, 2518, 2521, 2502, 2519, 2507, 2522, 2506, 2508, 2517,
3562 2521, 2509, 2523, 2508, 2525, 2528, 2509, 2510, 2512, 2524,
3563 2515, 2516, 2516, 2518, 2514, 2517, 2519, 2523, 2529, 2521,
3564 2522, 2519, 2527, 2522, 2524, 2530, 2528, 2531, 2533, 2523,
3565
3566 0, 2525, 2528, 2534, 2530, 2535, 2524, 2536, 2539, 2531,
3567 2527, 2538, 2541, 2535, 2540, 2542, 2536, 2543, 2544, 2527,
3568 2529, 2541, 2530, 2545, 2531, 2533, 0, 2534, 0, 0,
3569 2534, 2543, 2535, 2542, 2536, 2539, 2540, 2538, 2538, 2541,
3570 2544, 2540, 2542, 2546, 2543, 2544, 2547, 2548, 2545, 2549,
3571 2545, 2550, 2553, 2551, 2554, 2552, 2546, 2555, 2550, 2547,
3572 2551, 2556, 2548, 2558, 2559, 0, 2560, 0, 2557, 0,
3573 2546, 2549, 2558, 2547, 2548, 2561, 2549, 2552, 2550, 2553,
3574 2551, 2554, 2552, 2557, 2555, 2562, 2559, 2564, 2556, 2563,
3575 2558, 2559, 2560, 2560, 2564, 2557, 2566, 2568, 2565, 2567,
3576
3577 2569, 2561, 2561, 2566, 2563, 2567, 2571, 2570, 2568, 2572,
3578 2575, 2562, 2562, 2565, 2564, 2570, 2563, 2574, 2578, 2573,
3579 2581, 0, 2577, 2566, 2568, 2565, 2567, 2569, 2576, 2577,
3580 2575, 2579, 2574, 2571, 2570, 2573, 2572, 2575, 2579, 2582,
3581 2578, 2580, 2583, 2576, 2574, 2578, 2573, 2581, 2580, 2577,
3582 2584, 2584, 2585, 2586, 0, 2576, 2590, 2582, 2579, 2585,
3583 2587, 2588, 0, 2587, 2592, 2589, 2582, 2586, 2580, 2583,
3584 2589, 2591, 2594, 2595, 2588, 2593, 0, 2584, 2599, 2585,
3585 2586, 2590, 2599, 2590, 2594, 2595, 2591, 2587, 2588, 2600,
3586 2592, 2592, 2589, 2593, 2597, 2601, 2598, 2602, 2591, 2594,
3587
3588 2595, 2598, 2593, 2597, 2603, 2599, 2604, 2605, 2601, 2606,
3589 0, 2608, 2612, 2600, 2610, 0, 2600, 2613, 2611, 2602,
3590 2614, 2597, 2601, 2598, 2602, 2613, 2603, 2611, 2612, 2622,
3591 0, 2603, 2614, 2604, 2605, 2606, 2606, 2608, 2608, 2612,
3592 2610, 2610, 2616, 2617, 2613, 2611, 2618, 2614, 2619, 2616,
3593 2620, 2618, 2617, 2621, 2622, 2619, 2622, 2623, 2624, 2628,
3594 2621, 2626, 2625, 2629, 2623, 2631, 2632, 2624, 2620, 2616,
3595 2617, 2625, 2635, 2618, 2630, 2619, 2629, 2620, 2634, 2630,
3596 2621, 0, 2636, 2631, 2623, 2624, 2628, 2626, 2626, 2625,
3597 2629, 2636, 2631, 2632, 2637, 2638, 2634, 2639, 2640, 2635,
3598
3599 2644, 2630, 2641, 2637, 2638, 2634, 2642, 2643, 2644, 2636,
3600 2640, 2641, 2645, 2646, 2647, 2642, 2648, 2639, 2643, 2649,
3601 2654, 2637, 2638, 2648, 2639, 2640, 2650, 2644, 2649, 2641,
3602 2652, 2653, 2645, 2642, 2643, 2655, 2656, 2657, 2658, 2645,
3603 2646, 2647, 2665, 2648, 2655, 2657, 2649, 2650, 2656, 2659,
3604 2661, 2658, 2654, 2650, 2660, 2664, 2663, 2652, 2653, 2666,
3605 2662, 2660, 2655, 2656, 2657, 2658, 2661, 2662, 2667, 2665,
3606 2671, 2659, 2674, 0, 2673, 0, 2659, 2661, 2663, 2674,
3607 2664, 2660, 2664, 2663, 2666, 2669, 2666, 2662, 2671, 2673,
3608 2672, 2675, 2676, 2669, 2678, 2667, 2677, 2671, 2672, 2674,
3609
3610 2681, 2673, 2678, 2677, 2683, 2684, 2682, 2681, 2685, 2687,
3611 2688, 0, 2669, 2675, 2676, 2682, 2686, 2672, 2675, 2676,
3612 2685, 2678, 2689, 2677, 2690, 2686, 2688, 2681, 2683, 2692,
3613 2694, 2683, 2684, 2682, 2689, 2685, 2687, 2688, 2693, 2695,
3614 2696, 2692, 2701, 2686, 2704, 2699, 2698, 2690, 2700, 2689,
3615 2707, 2690, 2699, 2694, 2696, 2700, 2692, 2694, 2698, 2693,
3616 2705, 2703, 2704, 2706, 2709, 2693, 2695, 2696, 2711, 2701,
3617 2708, 2704, 2699, 2698, 2710, 2700, 2703, 2707, 2708, 2713,
3618 2715, 2712, 2722, 2705, 2720, 2723, 2711, 2705, 2703, 2706,
3619 2706, 2709, 2712, 2714, 2713, 2711, 2710, 2708, 2721, 2723,
3620
3621 2714, 2710, 2724, 2721, 2725, 2726, 2713, 2715, 2712, 2722,
3622 2720, 2720, 2723, 2729, 2730, 2727, 2724, 2728, 2725, 2733,
3623 2714, 2730, 2731, 2726, 2738, 2721, 2736, 0, 2737, 2724,
3624 2739, 2725, 2726, 2727, 2731, 2728, 0, 2738, 2742, 2740,
3625 2729, 2730, 2727, 2750, 2728, 2743, 2733, 2745, 2736, 2731,
3626 2737, 2738, 2739, 2736, 2741, 2737, 2742, 2739, 2740, 2745,
3627 2747, 2748, 2741, 2749, 2743, 2742, 2740, 2751, 2753, 2752,
3628 2750, 2754, 2743, 2755, 2745, 2749, 2753, 2756, 2759, 0,
3629 2757, 2741, 2747, 2748, 2760, 2775, 2761, 2747, 2748, 2757,
3630 2749, 2752, 2758, 2755, 2751, 2753, 2752, 2762, 2754, 2756,
3631
3632 2755, 2758, 2764, 2763, 2756, 2765, 2760, 2757, 2768, 2762,
3633 2759, 2760, 2761, 2761, 2769, 2770, 2771, 2775, 2772, 2758,
3634 2774, 2771, 2768, 2776, 2762, 2763, 0, 2773, 2782, 2764,
3635 2763, 2777, 2765, 2774, 2778, 2768, 2783, 2780, 2781, 2770,
3636 2772, 2769, 2770, 2779, 2781, 2772, 2776, 2774, 2771, 2773,
3637 2776, 2784, 2778, 2777, 2773, 2779, 2780, 2785, 2777, 2787,
3638 2782, 2778, 2791, 2788, 2780, 2781, 2793, 2789, 2783, 0,
3639 2779, 2796, 2785, 2784, 2794, 2795, 0, 2791, 2784, 2787,
3640 2796, 2797, 2798, 2806, 2785, 2788, 2787, 2799, 2793, 2791,
3641 2788, 2789, 2800, 2793, 2789, 2797, 2794, 2795, 2796, 2801,
3642
3643 2798, 2794, 2795, 2802, 2805, 2799, 2807, 2813, 2797, 2798,
3644 2816, 0, 2810, 2805, 2799, 2806, 2811, 2801, 2800, 2800,
3645 2810, 2812, 2814, 2811, 2815, 2802, 2801, 2807, 2816, 2812,
3646 2802, 2805, 2815, 2807, 2813, 2817, 2819, 2816, 2818, 2810,
3647 2826, 2822, 2814, 2811, 2820, 2828, 2825, 2817, 2812, 2814,
3648 2818, 2815, 2820, 2822, 2824, 2827, 2829, 2827, 2831, 2832,
3649 2833, 2824, 2817, 2819, 2838, 2818, 2830, 2826, 2822, 2825,
3650 2834, 2820, 2834, 2825, 2835, 2830, 2837, 2828, 2838, 2833,
3651 2840, 2824, 2827, 2841, 2844, 0, 2832, 2833, 2829, 2843,
3652 2831, 2838, 2842, 2830, 2837, 2847, 2835, 2834, 2849, 2848,
3653
3654 2850, 2835, 2843, 2837, 2852, 2845, 2853, 2841, 2848, 0,
3655 2841, 2844, 2840, 2854, 2857, 2842, 2843, 2845, 2855, 2842,
3656 2860, 2847, 2847, 2859, 2861, 2849, 2848, 2850, 2866, 2853,
3657 2859, 2852, 2845, 2853, 2863, 2854, 2855, 2865, 2862, 2861,
3658 2854, 2857, 2860, 2862, 2865, 2855, 2868, 2860, 2869, 2863,
3659 2859, 2861, 2870, 2871, 2866, 2866, 2875, 2872, 2873, 2876,
3660 2878, 2863, 2879, 2881, 2865, 2880, 2882, 2878, 2876, 2883,
3661 2862, 2872, 2873, 2868, 2884, 2869, 2887, 2871, 2882, 2870,
3662 2871, 2892, 2886, 2875, 2872, 2873, 2876, 2878, 2884, 2879,
3663 2881, 2880, 2880, 2882, 2885, 2886, 2883, 2888, 2893, 2889,
3664
3665 2895, 2884, 2896, 2885, 2897, 2895, 2896, 2898, 2887, 2886,
3666 2900, 2897, 2899, 2892, 2898, 0, 2901, 2902, 2901, 2903,
3667 2893, 2885, 2889, 2906, 2888, 2893, 2889, 2909, 2908, 2896,
3668 2913, 2897, 2895, 2899, 2898, 2911, 2912, 2911, 2919, 2899,
3669 2902, 0, 2900, 2901, 2902, 2906, 2903, 2908, 2914, 2914,
3670 2906, 2909, 2915, 2918, 2909, 2908, 2913, 2913, 2914, 2916,
3671 2912, 2928, 2911, 2912, 2917, 2919, 2918, 0, 2916, 2920,
3672 2921, 2917, 2922, 2923, 2915, 2914, 2914, 2929, 2921, 2915,
3673 2918, 2923, 2920, 2924, 2925, 2922, 2916, 2926, 2928, 2925,
3674 2927, 2917, 2926, 0, 2921, 2930, 2920, 2921, 2927, 2922,
3675
3676 2923, 2931, 2924, 2929, 2929, 2921, 2932, 0, 2933, 2934,
3677 2924, 2936, 2937, 2937, 2946, 2935, 2925, 2927, 2936, 2926,
3678 2934, 2930, 2930, 2939, 2941, 2947, 2942, 2931, 2931, 0,
3679 2938, 2948, 2932, 2932, 2933, 2933, 2934, 2935, 2936, 2937,
3680 2940, 2946, 2935, 2938, 2942, 2939, 2941, 2943, 2940, 2944,
3681 2939, 2941, 2947, 2942, 2943, 2948, 2944, 2938, 2948, 2949,
3682 2950, 2952, 2953, 2954, 2957, 0, 2958, 2940, 0, 2950,
3683 2955, 2964, 0, 2965, 2943, 0, 2944, 2959, 2960, 2966,
3684 2949, 2961, 2953, 2967, 2958, 2963, 2949, 2950, 2952, 2953,
3685 2954, 2957, 2955, 2958, 2963, 2959, 2960, 2955, 2964, 2961,
3686
3687 2965, 2967, 2966, 2968, 2959, 2960, 2966, 2969, 2961, 2970,
3688 2967, 2968, 2963, 2971, 2973, 2974, 2975, 0, 2971, 2980,
3689 2983, 2970, 2979, 2969, 2981, 2984, 2986, 2985, 2973, 2985,
3690 2968, 2988, 2989, 2974, 2969, 2986, 2970, 2981, 2984, 2975,
3691 2990, 2973, 2974, 2975, 2979, 2971, 2980, 2983, 2995, 2979,
3692 2989, 2981, 2984, 2986, 2985, 2990, 2996, 2998, 2988, 2989,
3693 2994, 2999, 2994, 3001, 2998, 3003, 0, 2990, 3008, 3005,
3694 2995, 3003, 3006, 3015, 2996, 2995, 3007, 0, 3001, 3010,
3695 0, 3016, 3017, 2996, 2998, 3012, 3008, 2994, 3023, 0,
3696 3001, 3005, 3003, 2999, 3006, 3008, 3005, 3011, 3012, 3006,
3697
3698 3015, 3010, 3007, 3007, 3013, 3018, 3010, 3013, 3016, 3017,
3699 3019, 3011, 3012, 3020, 3021, 3026, 3024, 3019, 3027, 3029,
3700 3023, 3020, 3025, 3018, 3011, 3029, 3031, 3027, 3030, 3032,
3701 3013, 3013, 3018, 3028, 3013, 3031, 3021, 3019, 3024, 3034,
3702 3020, 3021, 3026, 3024, 3025, 3027, 3029, 3036, 3028, 3025,
3703 3030, 3037, 3033, 3031, 3033, 3030, 3039, 3040, 3038, 3041,
3704 3028, 3032, 3044, 3042, 3046, 3040, 3034, 3048, 0, 3044,
3705 3036, 3041, 3051, 3037, 3036, 3042, 0, 3084, 3037, 3033,
3706 3038, 3048, 3039, 3039, 3040, 3038, 3041, 3049, 3050, 3044,
3707 3042, 3046, 3052, 3053, 3048, 3051, 3056, 3054, 3055, 3051,
3708
3709 3057, 3049, 3050, 3058, 3053, 3054, 3062, 3057, 3059, 3084,
3710 3052, 3066, 3060, 3067, 3049, 3050, 3068, 3055, 3056, 3052,
3711 3053, 3060, 3072, 3056, 3054, 3055, 3059, 3057, 3063, 3058,
3712 3058, 3061, 3061, 3062, 3067, 3059, 3063, 3074, 3066, 3060,
3713 3067, 3070, 3075, 3068, 3076, 3077, 0, 3070, 3074, 3072,
3714 3081, 3078, 3082, 3075, 3086, 3063, 3077, 3083, 3061, 3082,
3715 3088, 3085, 3086, 3089, 3074, 3085, 3076, 3091, 3070, 3075,
3716 3093, 3076, 3077, 3078, 3090, 3083, 3089, 3081, 3078, 3082,
3717 3100, 3086, 3090, 3096, 3083, 3095, 3088, 3088, 3085, 3097,
3718 3089, 3099, 3095, 3101, 3091, 3104, 3099, 3102, 3103, 3106,
3719
3720 3108, 3090, 3093, 3105, 3112, 3103, 3107, 3100, 3110, 3102,
3721 0, 3097, 3095, 3107, 3104, 3096, 3097, 3106, 3099, 3105,
3722 3101, 3109, 3104, 3110, 3102, 3103, 3106, 3111, 3113, 3109,
3723 3105, 3112, 3108, 3107, 3111, 3110, 3114, 3115, 0, 3116,
3724 3113, 3104, 3120, 3121, 3122, 3123, 3125, 3124, 3109, 0,
3725 3121, 0, 3129, 3126, 3111, 3113, 3132, 3120, 3134, 3128,
3726 3114, 3115, 3126, 3114, 3115, 3116, 3116, 3130, 0, 3120,
3727 3121, 3124, 3123, 0, 3124, 3131, 3122, 3136, 3125, 3129,
3728 3126, 3128, 3139, 3131, 3137, 3134, 3128, 3140, 3132, 3130,
3729 3133, 3133, 3136, 3137, 3130, 3138, 3139, 3138, 3141, 3142,
3730
3731 3133, 3143, 3131, 3145, 3136, 3146, 3141, 3147, 0, 3139,
3732 3142, 3137, 3151, 3148, 3140, 3150, 3149, 3133, 3133, 3143,
3733 3152, 3153, 3138, 3154, 3155, 3141, 3142, 3157, 3143, 3149,
3734 3145, 3158, 3146, 3160, 3147, 3148, 3162, 3150, 3155, 3151,
3735 3148, 3164, 3150, 3149, 3156, 3156, 3168, 3152, 3153, 3164,
3736 3154, 3155, 3166, 3158, 3168, 3170, 3167, 3166, 3158, 3157,
3737 3160, 3167, 3169, 3162, 3172, 3173, 3173, 3169, 3164, 3174,
3738 3177, 3156, 3175, 3168, 3178, 3179, 3182, 3174, 0, 3166,
3739 3176, 3170, 3170, 3167, 3181, 3175, 3184, 3176, 3177, 3169,
3740 3185, 3172, 3173, 3181, 3184, 3189, 3174, 3177, 3183, 3175,
3741
3742 3188, 3178, 3179, 3191, 3192, 3183, 3188, 3176, 3182, 3194,
3743 3193, 3181, 3185, 3184, 0, 3196, 3197, 3185, 3195, 0,
3744 0, 3200, 3189, 3193, 3198, 3183, 3192, 3188, 3201, 3202,
3745 3191, 3192, 3203, 3195, 3196, 3204, 3202, 3193, 3205, 3203,
3746 3206, 3194, 3196, 3197, 3200, 3195, 3198, 3208, 3200, 3213,
3747 3201, 3198, 3209, 3205, 3221, 3201, 3202, 3204, 3213, 3203,
3748 3209, 3206, 3204, 3210, 3211, 3205, 3208, 3206, 0, 3214,
3749 3210, 3211, 3215, 3215, 3208, 3216, 3213, 3225, 0, 3209,
3750 3214, 3216, 3215, 3217, 3219, 3220, 3221, 3222, 3224, 3226,
3751 3210, 3211, 3220, 3230, 3231, 3224, 3214, 3237, 0, 3215,
3752
3753 3215, 3225, 3216, 3226, 3225, 3217, 3219, 3232, 0, 3222,
3754 3217, 3219, 3220, 3238, 3222, 3224, 3226, 3239, 3240, 3243,
3755 3230, 3231, 3244, 3244, 3237, 3239, 3245, 3245, 0, 3246,
3756 3232, 3247, 3247, 0, 3232, 3238, 3248, 3252, 0, 3250,
3757 3238, 3253, 0, 3257, 3239, 3240, 3243, 3251, 0, 3254,
3758 3253, 3244, 0, 3260, 3261, 3245, 3246, 0, 0, 3248,
3759 3247, 3250, 3254, 3248, 3252, 3251, 3250, 3266, 3253, 3257,
3760 3257, 3258, 3259, 3267, 3251, 3260, 3254, 3262, 3258, 3259,
3761 3260, 3261, 3271, 3265, 3262, 3265, 3272, 3266, 3268, 3269,
3762 3273, 3271, 3275, 3274, 3266, 3276, 3267, 3277, 3258, 3259,
3763
3764 3267, 3269, 3278, 3279, 3262, 3282, 3268, 3281, 3272, 3271,
3765 3265, 3274, 3281, 3272, 3278, 3268, 3269, 3273, 3275, 3275,
3766 3274, 3285, 3276, 3280, 3277, 3279, 3280, 3285, 3284, 3278,
3767 3279, 3283, 3286, 3283, 3287, 3288, 3289, 3282, 3290, 3281,
3768 3284, 3280, 3292, 3288, 3291, 3293, 3295, 3298, 3285, 3300,
3769 3280, 3304, 3294, 3280, 3286, 3284, 3287, 3301, 3283, 3286,
3770 3305, 3287, 3288, 3289, 3294, 3291, 3306, 3307, 3295, 3292,
3771 3290, 3291, 3293, 3295, 3298, 3301, 3300, 3309, 3304, 3294,
3772 3310, 3311, 3312, 3315, 3301, 3313, 3313, 3305, 3316, 3317,
3773 3319, 3320, 3322, 3306, 3307, 3318, 3324, 3329, 3320, 3328,
3774
3775 0, 3315, 3325, 3323, 3309, 3319, 3326, 3310, 3311, 3312,
3776 3315, 3323, 3313, 3318, 3325, 3316, 3317, 3319, 3320, 3322,
3777 3326, 3327, 3318, 3324, 3329, 3328, 3328, 3331, 3332, 3325,
3778 3323, 3335, 3336, 3326, 3337, 3337, 3327, 3338, 3339, 3331,
3779 3335, 3342, 3341, 3345, 3343, 3344, 0, 3339, 3327, 3347,
3780 0, 3345, 3353, 3346, 3331, 3332, 3336, 3343, 3335, 3336,
3781 3347, 3337, 3346, 3338, 3338, 3339, 3341, 3344, 3349, 3341,
3782 3345, 3343, 3344, 3342, 3350, 3353, 3347, 3366, 3354, 3353,
3783 3346, 3357, 3357, 3367, 3370, 3371, 3372, 3374, 3377, 3349,
3784 3354, 0, 3350, 3376, 3378, 3349, 3379, 3376, 3370, 3366,
3785
3786 3384, 3350, 0, 3379, 3366, 3354, 3377, 3367, 3357, 3381,
3787 3367, 3370, 3371, 3372, 3374, 3377, 3384, 3378, 3385, 3386,
3788 3376, 3378, 3381, 3379, 3383, 3387, 3390, 3384, 3383, 3388,
3789 3391, 3392, 3397, 3389, 3390, 0, 3381, 3387, 3394, 3391,
3790 3385, 3393, 3392, 3393, 3386, 3385, 3386, 3389, 3395, 3396,
3791 3394, 3383, 3387, 3390, 3397, 3388, 3388, 3391, 3392, 3397,
3792 3389, 3398, 3399, 3400, 3396, 3394, 3395, 3398, 3393, 3402,
3793 3401, 3407, 3406, 3408, 3409, 3395, 3396, 3401, 3407, 3410,
3794 3421, 3411, 3412, 3413, 3399, 3406, 3414, 3416, 3398, 3399,
3795 3400, 3402, 3409, 3417, 3414, 3415, 3402, 3401, 3407, 3406,
3796
3797 3408, 3409, 3415, 3418, 3423, 3420, 3410, 3411, 3411, 3412,
3798 3413, 3416, 3421, 3414, 3416, 3417, 3419, 3420, 3419, 3423,
3799 3417, 3422, 3415, 3424, 3425, 3418, 3426, 3427, 3429, 3430,
3800 3418, 3423, 3420, 3426, 3422, 3432, 3431, 3434, 3436, 3439,
3801 3441, 3430, 3440, 3419, 3431, 3424, 3443, 3436, 3422, 3434,
3802 3424, 3425, 3442, 3426, 3427, 3429, 3430, 3444, 3445, 3441,
3803 3442, 3446, 3432, 3431, 3434, 3436, 3439, 3441, 3440, 3440,
3804 3448, 3445, 3447, 3449, 3451, 3446, 3454, 3455, 3443, 3442,
3805 3447, 3457, 3454, 3458, 3455, 3445, 3460, 3461, 3446, 3444,
3806 3462, 3463, 3448, 3460, 3457, 3468, 3476, 3448, 3462, 3447,
3807
3808 3449, 3451, 3464, 3454, 3455, 3463, 3458, 3465, 3457, 3461,
3809 3458, 3466, 3472, 3460, 3461, 3465, 3464, 3462, 3463, 3467,
3810 3471, 3472, 3468, 3473, 3474, 3484, 3475, 3471, 3476, 3464,
3811 3477, 3473, 3478, 3466, 3465, 0, 3479, 3481, 3466, 3472,
3812 3480, 3467, 3482, 3485, 3486, 3481, 3467, 3471, 3475, 3488,
3813 3473, 3474, 3484, 3475, 3478, 3490, 3477, 3477, 3479, 3478,
3814 3489, 3491, 3480, 3479, 3481, 3485, 3493, 3480, 3489, 3491,
3815 3485, 3486, 3488, 3492, 3482, 3490, 3488, 3494, 3495, 0,
3816 3497, 3492, 3490, 3499, 0, 3494, 3502, 3489, 3491, 3501,
3817 3500, 3503, 3495, 3500, 3502, 3504, 0, 3505, 3493, 3503,
3818
3819 3492, 3507, 0, 3506, 3494, 3495, 3497, 3497, 3500, 3504,
3820 3499, 3501, 3510, 3502, 3512, 3507, 3501, 3500, 3503, 3513,
3821 3500, 3511, 3504, 3505, 3505, 3506, 3509, 3509, 3507, 3511,
3822 3506, 3515, 3514, 3517, 3516, 3518, 3520, 0, 3510, 3510,
3823 3512, 3512, 3516, 3519, 3521, 3513, 3513, 3522, 3511, 3527,
3824 3524, 3515, 0, 3509, 3514, 3536, 0, 3518, 3515, 3514,
3825 3517, 3516, 3518, 3520, 3521, 3523, 3530, 3522, 3519, 3531,
3826 3519, 3521, 3524, 3523, 3522, 3525, 3527, 3524, 3528, 3532,
3827 3540, 3533, 3536, 3525, 3534, 3543, 3528, 3532, 3530, 3533,
3828 3537, 3531, 3523, 3530, 3539, 3538, 3531, 3544, 3537, 3541,
3829
3830 3553, 3547, 3525, 3538, 3554, 3528, 3532, 3540, 3533, 3545,
3831 3534, 3534, 3543, 3550, 0, 0, 0, 3537, 0, 3541,
3832 3539, 3539, 3538, 3547, 3544, 3551, 3541, 3553, 3547, 3545,
3833 3552, 3554, 0, 3551, 0, 3550, 3545, 0, 3552, 0,
3834 3550, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3835 0, 0, 3551, 0, 0, 0, 0, 3552, 3558, 3558,
3836 3558, 3558, 3558, 3558, 3558, 3559, 3559, 3559, 3559, 3559,
3837 3559, 3559, 3560, 3560, 3560, 3560, 3560, 3560, 3560, 3561,
3838 3561, 3561, 3561, 3561, 3561, 3561, 3562, 3562, 3562, 3562,
3839 3562, 3562, 3562, 3563, 3563, 3563, 3563, 3563, 3563, 3563,
3840
3841 3564, 3564, 3564, 3564, 3564, 3564, 3564, 3566, 3566, 0,
3842 3566, 3566, 3566, 3566, 3567, 3567, 0, 0, 0, 3567,
3843 3567, 3568, 3568, 0, 0, 3568, 0, 3568, 3569, 0,
3844 0, 0, 0, 0, 3569, 3570, 3570, 0, 0, 0,
3845 3570, 3570, 3571, 0, 0, 0, 0, 0, 3571, 3572,
3846 3572, 0, 3572, 3572, 3572, 3572, 3573, 0, 0, 0,
3847 0, 0, 3573, 3574, 3574, 0, 0, 0, 3574, 3574,
3848 3575, 3575, 0, 3575, 3575, 3575, 3575, 3557, 3557, 3557,
3849 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
3850 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
3851
3852 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
3853 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
3854 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
3855 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557, 3557,
3856 3557, 3557, 3557, 3557
36573857 } ;
36583858
36593859 static yy_state_type yy_last_accepting_state;
38594059 }
38604060 #endif
38614061
3862 #line 3861 "<stdout>"
4062 #line 4061 "<stdout>"
38634063 #define YY_NO_INPUT 1
38644064 #line 191 "util/configlexer.lex"
38654065 #ifndef YY_NO_UNPUT
38684068 #ifndef YY_NO_INPUT
38694069 #define YY_NO_INPUT 1
38704070 #endif
3871 #line 3870 "<stdout>"
3872
3873 #line 3872 "<stdout>"
4071 #line 4070 "<stdout>"
4072
4073 #line 4072 "<stdout>"
38744074
38754075 #define INITIAL 0
38764076 #define quotedstring 1
40944294 {
40954295 #line 211 "util/configlexer.lex"
40964296
4097 #line 4096 "<stdout>"
4297 #line 4296 "<stdout>"
40984298
40994299 while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
41004300 {
41274327 while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
41284328 {
41294329 yy_current_state = (int) yy_def[yy_current_state];
4130 if ( yy_current_state >= 3354 )
4330 if ( yy_current_state >= 3558 )
41314331 yy_c = yy_meta[yy_c];
41324332 }
41334333 yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
41344334 ++yy_cp;
41354335 }
4136 while ( yy_base[yy_current_state] != 9568 );
4336 while ( yy_base[yy_current_state] != 10178 );
41374337
41384338 yy_find_action:
41394339 yy_act = yy_accept[yy_current_state];
42784478 case 24:
42794479 YY_RULE_SETUP
42804480 #line 238 "util/configlexer.lex"
4481 { YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) }
4482 YY_BREAK
4483 case 25:
4484 YY_RULE_SETUP
4485 #line 239 "util/configlexer.lex"
4486 { YDVAR(1, VAR_TCP_REUSE_TIMEOUT) }
4487 YY_BREAK
4488 case 26:
4489 YY_RULE_SETUP
4490 #line 240 "util/configlexer.lex"
4491 { YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) }
4492 YY_BREAK
4493 case 27:
4494 YY_RULE_SETUP
4495 #line 241 "util/configlexer.lex"
42814496 { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) }
42824497 YY_BREAK
4283 case 25:
4284 YY_RULE_SETUP
4285 #line 239 "util/configlexer.lex"
4498 case 28:
4499 YY_RULE_SETUP
4500 #line 242 "util/configlexer.lex"
42864501 { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) }
42874502 YY_BREAK
4288 case 26:
4289 YY_RULE_SETUP
4290 #line 240 "util/configlexer.lex"
4503 case 29:
4504 YY_RULE_SETUP
4505 #line 243 "util/configlexer.lex"
42914506 { YDVAR(1, VAR_SSL_UPSTREAM) }
42924507 YY_BREAK
4293 case 27:
4294 YY_RULE_SETUP
4295 #line 241 "util/configlexer.lex"
4508 case 30:
4509 YY_RULE_SETUP
4510 #line 244 "util/configlexer.lex"
42964511 { YDVAR(1, VAR_SSL_UPSTREAM) }
42974512 YY_BREAK
4298 case 28:
4299 YY_RULE_SETUP
4300 #line 242 "util/configlexer.lex"
4513 case 31:
4514 YY_RULE_SETUP
4515 #line 245 "util/configlexer.lex"
43014516 { YDVAR(1, VAR_SSL_SERVICE_KEY) }
43024517 YY_BREAK
4303 case 29:
4304 YY_RULE_SETUP
4305 #line 243 "util/configlexer.lex"
4518 case 32:
4519 YY_RULE_SETUP
4520 #line 246 "util/configlexer.lex"
43064521 { YDVAR(1, VAR_SSL_SERVICE_KEY) }
43074522 YY_BREAK
4308 case 30:
4309 YY_RULE_SETUP
4310 #line 244 "util/configlexer.lex"
4523 case 33:
4524 YY_RULE_SETUP
4525 #line 247 "util/configlexer.lex"
43114526 { YDVAR(1, VAR_SSL_SERVICE_PEM) }
43124527 YY_BREAK
4313 case 31:
4314 YY_RULE_SETUP
4315 #line 245 "util/configlexer.lex"
4528 case 34:
4529 YY_RULE_SETUP
4530 #line 248 "util/configlexer.lex"
43164531 { YDVAR(1, VAR_SSL_SERVICE_PEM) }
43174532 YY_BREAK
4318 case 32:
4319 YY_RULE_SETUP
4320 #line 246 "util/configlexer.lex"
4533 case 35:
4534 YY_RULE_SETUP
4535 #line 249 "util/configlexer.lex"
43214536 { YDVAR(1, VAR_SSL_PORT) }
43224537 YY_BREAK
4323 case 33:
4324 YY_RULE_SETUP
4325 #line 247 "util/configlexer.lex"
4538 case 36:
4539 YY_RULE_SETUP
4540 #line 250 "util/configlexer.lex"
43264541 { YDVAR(1, VAR_SSL_PORT) }
43274542 YY_BREAK
4328 case 34:
4329 YY_RULE_SETUP
4330 #line 248 "util/configlexer.lex"
4543 case 37:
4544 YY_RULE_SETUP
4545 #line 251 "util/configlexer.lex"
43314546 { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
43324547 YY_BREAK
4333 case 35:
4334 YY_RULE_SETUP
4335 #line 249 "util/configlexer.lex"
4548 case 38:
4549 YY_RULE_SETUP
4550 #line 252 "util/configlexer.lex"
43364551 { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
43374552 YY_BREAK
4338 case 36:
4339 YY_RULE_SETUP
4340 #line 250 "util/configlexer.lex"
4553 case 39:
4554 YY_RULE_SETUP
4555 #line 253 "util/configlexer.lex"
43414556 { YDVAR(1, VAR_TLS_WIN_CERT) }
4342 YY_BREAK
4343 case 37:
4344 YY_RULE_SETUP
4345 #line 251 "util/configlexer.lex"
4346 { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
4347 YY_BREAK
4348 case 38:
4349 YY_RULE_SETUP
4350 #line 252 "util/configlexer.lex"
4351 { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
4352 YY_BREAK
4353 case 39:
4354 YY_RULE_SETUP
4355 #line 253 "util/configlexer.lex"
4356 { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
43574557 YY_BREAK
43584558 case 40:
43594559 YY_RULE_SETUP
43634563 case 41:
43644564 YY_RULE_SETUP
43654565 #line 255 "util/configlexer.lex"
4566 { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
4567 YY_BREAK
4568 case 42:
4569 YY_RULE_SETUP
4570 #line 256 "util/configlexer.lex"
4571 { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
4572 YY_BREAK
4573 case 43:
4574 YY_RULE_SETUP
4575 #line 257 "util/configlexer.lex"
4576 { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
4577 YY_BREAK
4578 case 44:
4579 YY_RULE_SETUP
4580 #line 258 "util/configlexer.lex"
43664581 { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) }
43674582 YY_BREAK
4368 case 42:
4369 YY_RULE_SETUP
4370 #line 256 "util/configlexer.lex"
4583 case 45:
4584 YY_RULE_SETUP
4585 #line 259 "util/configlexer.lex"
43714586 { YDVAR(1, VAR_TLS_CIPHERS) }
43724587 YY_BREAK
4373 case 43:
4374 YY_RULE_SETUP
4375 #line 257 "util/configlexer.lex"
4588 case 46:
4589 YY_RULE_SETUP
4590 #line 260 "util/configlexer.lex"
43764591 { YDVAR(1, VAR_TLS_CIPHERSUITES) }
43774592 YY_BREAK
4378 case 44:
4379 YY_RULE_SETUP
4380 #line 258 "util/configlexer.lex"
4593 case 47:
4594 YY_RULE_SETUP
4595 #line 261 "util/configlexer.lex"
43814596 { YDVAR(1, VAR_TLS_USE_SNI) }
43824597 YY_BREAK
4383 case 45:
4384 YY_RULE_SETUP
4385 #line 259 "util/configlexer.lex"
4598 case 48:
4599 YY_RULE_SETUP
4600 #line 262 "util/configlexer.lex"
43864601 { YDVAR(1, VAR_HTTPS_PORT) }
43874602 YY_BREAK
4388 case 46:
4389 YY_RULE_SETUP
4390 #line 260 "util/configlexer.lex"
4603 case 49:
4604 YY_RULE_SETUP
4605 #line 263 "util/configlexer.lex"
43914606 { YDVAR(1, VAR_HTTP_ENDPOINT) }
43924607 YY_BREAK
4393 case 47:
4394 YY_RULE_SETUP
4395 #line 261 "util/configlexer.lex"
4608 case 50:
4609 YY_RULE_SETUP
4610 #line 264 "util/configlexer.lex"
43964611 { YDVAR(1, VAR_HTTP_MAX_STREAMS) }
43974612 YY_BREAK
4398 case 48:
4399 YY_RULE_SETUP
4400 #line 262 "util/configlexer.lex"
4613 case 51:
4614 YY_RULE_SETUP
4615 #line 265 "util/configlexer.lex"
44014616 { YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) }
44024617 YY_BREAK
4403 case 49:
4404 YY_RULE_SETUP
4405 #line 263 "util/configlexer.lex"
4618 case 52:
4619 YY_RULE_SETUP
4620 #line 266 "util/configlexer.lex"
44064621 { YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) }
44074622 YY_BREAK
4408 case 50:
4409 YY_RULE_SETUP
4410 #line 264 "util/configlexer.lex"
4623 case 53:
4624 YY_RULE_SETUP
4625 #line 267 "util/configlexer.lex"
44114626 { YDVAR(1, VAR_HTTP_NODELAY) }
44124627 YY_BREAK
4413 case 51:
4414 YY_RULE_SETUP
4415 #line 265 "util/configlexer.lex"
4628 case 54:
4629 YY_RULE_SETUP
4630 #line 268 "util/configlexer.lex"
44164631 { YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) }
44174632 YY_BREAK
4418 case 52:
4419 YY_RULE_SETUP
4420 #line 266 "util/configlexer.lex"
4633 case 55:
4634 YY_RULE_SETUP
4635 #line 269 "util/configlexer.lex"
44214636 { YDVAR(1, VAR_USE_SYSTEMD) }
44224637 YY_BREAK
4423 case 53:
4424 YY_RULE_SETUP
4425 #line 267 "util/configlexer.lex"
4638 case 56:
4639 YY_RULE_SETUP
4640 #line 270 "util/configlexer.lex"
44264641 { YDVAR(1, VAR_DO_DAEMONIZE) }
44274642 YY_BREAK
4428 case 54:
4429 YY_RULE_SETUP
4430 #line 268 "util/configlexer.lex"
4643 case 57:
4644 YY_RULE_SETUP
4645 #line 271 "util/configlexer.lex"
44314646 { YDVAR(1, VAR_INTERFACE) }
44324647 YY_BREAK
4433 case 55:
4434 YY_RULE_SETUP
4435 #line 269 "util/configlexer.lex"
4648 case 58:
4649 YY_RULE_SETUP
4650 #line 272 "util/configlexer.lex"
44364651 { YDVAR(1, VAR_INTERFACE) }
44374652 YY_BREAK
4438 case 56:
4439 YY_RULE_SETUP
4440 #line 270 "util/configlexer.lex"
4653 case 59:
4654 YY_RULE_SETUP
4655 #line 273 "util/configlexer.lex"
44414656 { YDVAR(1, VAR_OUTGOING_INTERFACE) }
44424657 YY_BREAK
4443 case 57:
4444 YY_RULE_SETUP
4445 #line 271 "util/configlexer.lex"
4658 case 60:
4659 YY_RULE_SETUP
4660 #line 274 "util/configlexer.lex"
44464661 { YDVAR(1, VAR_INTERFACE_AUTOMATIC) }
44474662 YY_BREAK
4448 case 58:
4449 YY_RULE_SETUP
4450 #line 272 "util/configlexer.lex"
4663 case 61:
4664 YY_RULE_SETUP
4665 #line 275 "util/configlexer.lex"
44514666 { YDVAR(1, VAR_SO_RCVBUF) }
44524667 YY_BREAK
4453 case 59:
4454 YY_RULE_SETUP
4455 #line 273 "util/configlexer.lex"
4668 case 62:
4669 YY_RULE_SETUP
4670 #line 276 "util/configlexer.lex"
44564671 { YDVAR(1, VAR_SO_SNDBUF) }
44574672 YY_BREAK
4458 case 60:
4459 YY_RULE_SETUP
4460 #line 274 "util/configlexer.lex"
4673 case 63:
4674 YY_RULE_SETUP
4675 #line 277 "util/configlexer.lex"
44614676 { YDVAR(1, VAR_SO_REUSEPORT) }
44624677 YY_BREAK
4463 case 61:
4464 YY_RULE_SETUP
4465 #line 275 "util/configlexer.lex"
4678 case 64:
4679 YY_RULE_SETUP
4680 #line 278 "util/configlexer.lex"
44664681 { YDVAR(1, VAR_IP_TRANSPARENT) }
44674682 YY_BREAK
4468 case 62:
4469 YY_RULE_SETUP
4470 #line 276 "util/configlexer.lex"
4683 case 65:
4684 YY_RULE_SETUP
4685 #line 279 "util/configlexer.lex"
44714686 { YDVAR(1, VAR_IP_FREEBIND) }
44724687 YY_BREAK
4473 case 63:
4474 YY_RULE_SETUP
4475 #line 277 "util/configlexer.lex"
4688 case 66:
4689 YY_RULE_SETUP
4690 #line 280 "util/configlexer.lex"
44764691 { YDVAR(1, VAR_IP_DSCP) }
44774692 YY_BREAK
4478 case 64:
4479 YY_RULE_SETUP
4480 #line 278 "util/configlexer.lex"
4693 case 67:
4694 YY_RULE_SETUP
4695 #line 281 "util/configlexer.lex"
44814696 { YDVAR(1, VAR_CHROOT) }
44824697 YY_BREAK
4483 case 65:
4484 YY_RULE_SETUP
4485 #line 279 "util/configlexer.lex"
4698 case 68:
4699 YY_RULE_SETUP
4700 #line 282 "util/configlexer.lex"
44864701 { YDVAR(1, VAR_USERNAME) }
44874702 YY_BREAK
4488 case 66:
4489 YY_RULE_SETUP
4490 #line 280 "util/configlexer.lex"
4703 case 69:
4704 YY_RULE_SETUP
4705 #line 283 "util/configlexer.lex"
44914706 { YDVAR(1, VAR_DIRECTORY) }
44924707 YY_BREAK
4493 case 67:
4494 YY_RULE_SETUP
4495 #line 281 "util/configlexer.lex"
4708 case 70:
4709 YY_RULE_SETUP
4710 #line 284 "util/configlexer.lex"
44964711 { YDVAR(1, VAR_LOGFILE) }
44974712 YY_BREAK
4498 case 68:
4499 YY_RULE_SETUP
4500 #line 282 "util/configlexer.lex"
4713 case 71:
4714 YY_RULE_SETUP
4715 #line 285 "util/configlexer.lex"
45014716 { YDVAR(1, VAR_PIDFILE) }
45024717 YY_BREAK
4503 case 69:
4504 YY_RULE_SETUP
4505 #line 283 "util/configlexer.lex"
4718 case 72:
4719 YY_RULE_SETUP
4720 #line 286 "util/configlexer.lex"
45064721 { YDVAR(1, VAR_ROOT_HINTS) }
45074722 YY_BREAK
4508 case 70:
4509 YY_RULE_SETUP
4510 #line 284 "util/configlexer.lex"
4723 case 73:
4724 YY_RULE_SETUP
4725 #line 287 "util/configlexer.lex"
45114726 { YDVAR(1, VAR_STREAM_WAIT_SIZE) }
45124727 YY_BREAK
4513 case 71:
4514 YY_RULE_SETUP
4515 #line 285 "util/configlexer.lex"
4728 case 74:
4729 YY_RULE_SETUP
4730 #line 288 "util/configlexer.lex"
45164731 { YDVAR(1, VAR_EDNS_BUFFER_SIZE) }
45174732 YY_BREAK
4518 case 72:
4519 YY_RULE_SETUP
4520 #line 286 "util/configlexer.lex"
4733 case 75:
4734 YY_RULE_SETUP
4735 #line 289 "util/configlexer.lex"
45214736 { YDVAR(1, VAR_MSG_BUFFER_SIZE) }
45224737 YY_BREAK
4523 case 73:
4524 YY_RULE_SETUP
4525 #line 287 "util/configlexer.lex"
4738 case 76:
4739 YY_RULE_SETUP
4740 #line 290 "util/configlexer.lex"
45264741 { YDVAR(1, VAR_MSG_CACHE_SIZE) }
45274742 YY_BREAK
4528 case 74:
4529 YY_RULE_SETUP
4530 #line 288 "util/configlexer.lex"
4743 case 77:
4744 YY_RULE_SETUP
4745 #line 291 "util/configlexer.lex"
45314746 { YDVAR(1, VAR_MSG_CACHE_SLABS) }
45324747 YY_BREAK
4533 case 75:
4534 YY_RULE_SETUP
4535 #line 289 "util/configlexer.lex"
4748 case 78:
4749 YY_RULE_SETUP
4750 #line 292 "util/configlexer.lex"
45364751 { YDVAR(1, VAR_RRSET_CACHE_SIZE) }
45374752 YY_BREAK
4538 case 76:
4539 YY_RULE_SETUP
4540 #line 290 "util/configlexer.lex"
4753 case 79:
4754 YY_RULE_SETUP
4755 #line 293 "util/configlexer.lex"
45414756 { YDVAR(1, VAR_RRSET_CACHE_SLABS) }
45424757 YY_BREAK
4543 case 77:
4544 YY_RULE_SETUP
4545 #line 291 "util/configlexer.lex"
4758 case 80:
4759 YY_RULE_SETUP
4760 #line 294 "util/configlexer.lex"
45464761 { YDVAR(1, VAR_CACHE_MAX_TTL) }
45474762 YY_BREAK
4548 case 78:
4549 YY_RULE_SETUP
4550 #line 292 "util/configlexer.lex"
4763 case 81:
4764 YY_RULE_SETUP
4765 #line 295 "util/configlexer.lex"
45514766 { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) }
45524767 YY_BREAK
4553 case 79:
4554 YY_RULE_SETUP
4555 #line 293 "util/configlexer.lex"
4768 case 82:
4769 YY_RULE_SETUP
4770 #line 296 "util/configlexer.lex"
45564771 { YDVAR(1, VAR_CACHE_MIN_TTL) }
45574772 YY_BREAK
4558 case 80:
4559 YY_RULE_SETUP
4560 #line 294 "util/configlexer.lex"
4773 case 83:
4774 YY_RULE_SETUP
4775 #line 297 "util/configlexer.lex"
45614776 { YDVAR(1, VAR_INFRA_HOST_TTL) }
45624777 YY_BREAK
4563 case 81:
4564 YY_RULE_SETUP
4565 #line 295 "util/configlexer.lex"
4778 case 84:
4779 YY_RULE_SETUP
4780 #line 298 "util/configlexer.lex"
45664781 { YDVAR(1, VAR_INFRA_LAME_TTL) }
45674782 YY_BREAK
4568 case 82:
4569 YY_RULE_SETUP
4570 #line 296 "util/configlexer.lex"
4783 case 85:
4784 YY_RULE_SETUP
4785 #line 299 "util/configlexer.lex"
45714786 { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
45724787 YY_BREAK
4573 case 83:
4574 YY_RULE_SETUP
4575 #line 297 "util/configlexer.lex"
4788 case 86:
4789 YY_RULE_SETUP
4790 #line 300 "util/configlexer.lex"
45764791 { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
45774792 YY_BREAK
4578 case 84:
4579 YY_RULE_SETUP
4580 #line 298 "util/configlexer.lex"
4793 case 87:
4794 YY_RULE_SETUP
4795 #line 301 "util/configlexer.lex"
45814796 { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
45824797 YY_BREAK
4583 case 85:
4584 YY_RULE_SETUP
4585 #line 299 "util/configlexer.lex"
4798 case 88:
4799 YY_RULE_SETUP
4800 #line 302 "util/configlexer.lex"
45864801 { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
45874802 YY_BREAK
4588 case 86:
4589 YY_RULE_SETUP
4590 #line 300 "util/configlexer.lex"
4803 case 89:
4804 YY_RULE_SETUP
4805 #line 303 "util/configlexer.lex"
45914806 { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
45924807 YY_BREAK
4593 case 87:
4594 YY_RULE_SETUP
4595 #line 301 "util/configlexer.lex"
4808 case 90:
4809 YY_RULE_SETUP
4810 #line 304 "util/configlexer.lex"
45964811 { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
45974812 YY_BREAK
4598 case 88:
4599 YY_RULE_SETUP
4600 #line 302 "util/configlexer.lex"
4813 case 91:
4814 YY_RULE_SETUP
4815 #line 305 "util/configlexer.lex"
46014816 { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
46024817 YY_BREAK
4603 case 89:
4604 YY_RULE_SETUP
4605 #line 303 "util/configlexer.lex"
4818 case 92:
4819 YY_RULE_SETUP
4820 #line 306 "util/configlexer.lex"
46064821 { YDVAR(1, VAR_DELAY_CLOSE) }
46074822 YY_BREAK
4608 case 90:
4609 YY_RULE_SETUP
4610 #line 304 "util/configlexer.lex"
4823 case 93:
4824 YY_RULE_SETUP
4825 #line 307 "util/configlexer.lex"
46114826 { YDVAR(1, VAR_UDP_CONNECT) }
46124827 YY_BREAK
4613 case 91:
4614 YY_RULE_SETUP
4615 #line 305 "util/configlexer.lex"
4828 case 94:
4829 YY_RULE_SETUP
4830 #line 308 "util/configlexer.lex"
46164831 { YDVAR(1, VAR_TARGET_FETCH_POLICY) }
46174832 YY_BREAK
4618 case 92:
4619 YY_RULE_SETUP
4620 #line 306 "util/configlexer.lex"
4833 case 95:
4834 YY_RULE_SETUP
4835 #line 309 "util/configlexer.lex"
46214836 { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }
46224837 YY_BREAK
4623 case 93:
4624 YY_RULE_SETUP
4625 #line 307 "util/configlexer.lex"
4838 case 96:
4839 YY_RULE_SETUP
4840 #line 310 "util/configlexer.lex"
46264841 { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
46274842 YY_BREAK
4628 case 94:
4629 YY_RULE_SETUP
4630 #line 308 "util/configlexer.lex"
4843 case 97:
4844 YY_RULE_SETUP
4845 #line 311 "util/configlexer.lex"
46314846 { YDVAR(1, VAR_HARDEN_GLUE) }
46324847 YY_BREAK
4633 case 95:
4634 YY_RULE_SETUP
4635 #line 309 "util/configlexer.lex"
4848 case 98:
4849 YY_RULE_SETUP
4850 #line 312 "util/configlexer.lex"
46364851 { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) }
46374852 YY_BREAK
4638 case 96:
4639 YY_RULE_SETUP
4640 #line 310 "util/configlexer.lex"
4853 case 99:
4854 YY_RULE_SETUP
4855 #line 313 "util/configlexer.lex"
46414856 { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) }
46424857 YY_BREAK
4643 case 97:
4644 YY_RULE_SETUP
4645 #line 311 "util/configlexer.lex"
4858 case 100:
4859 YY_RULE_SETUP
4860 #line 314 "util/configlexer.lex"
46464861 { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) }
46474862 YY_BREAK
4648 case 98:
4649 YY_RULE_SETUP
4650 #line 312 "util/configlexer.lex"
4863 case 101:
4864 YY_RULE_SETUP
4865 #line 315 "util/configlexer.lex"
46514866 { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) }
46524867 YY_BREAK
4653 case 99:
4654 YY_RULE_SETUP
4655 #line 313 "util/configlexer.lex"
4868 case 102:
4869 YY_RULE_SETUP
4870 #line 316 "util/configlexer.lex"
46564871 { YDVAR(1, VAR_USE_CAPS_FOR_ID) }
46574872 YY_BREAK
4658 case 100:
4659 YY_RULE_SETUP
4660 #line 314 "util/configlexer.lex"
4873 case 103:
4874 YY_RULE_SETUP
4875 #line 317 "util/configlexer.lex"
46614876 { YDVAR(1, VAR_CAPS_WHITELIST) }
46624877 YY_BREAK
4663 case 101:
4664 YY_RULE_SETUP
4665 #line 315 "util/configlexer.lex"
4878 case 104:
4879 YY_RULE_SETUP
4880 #line 318 "util/configlexer.lex"
46664881 { YDVAR(1, VAR_CAPS_WHITELIST) }
46674882 YY_BREAK
4668 case 102:
4669 YY_RULE_SETUP
4670 #line 316 "util/configlexer.lex"
4883 case 105:
4884 YY_RULE_SETUP
4885 #line 319 "util/configlexer.lex"
46714886 { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }
46724887 YY_BREAK
4673 case 103:
4674 YY_RULE_SETUP
4675 #line 317 "util/configlexer.lex"
4888 case 106:
4889 YY_RULE_SETUP
4890 #line 320 "util/configlexer.lex"
46764891 { YDVAR(1, VAR_PRIVATE_ADDRESS) }
46774892 YY_BREAK
4678 case 104:
4679 YY_RULE_SETUP
4680 #line 318 "util/configlexer.lex"
4893 case 107:
4894 YY_RULE_SETUP
4895 #line 321 "util/configlexer.lex"
46814896 { YDVAR(1, VAR_PRIVATE_DOMAIN) }
46824897 YY_BREAK
4683 case 105:
4684 YY_RULE_SETUP
4685 #line 319 "util/configlexer.lex"
4898 case 108:
4899 YY_RULE_SETUP
4900 #line 322 "util/configlexer.lex"
46864901 { YDVAR(1, VAR_PREFETCH_KEY) }
46874902 YY_BREAK
4688 case 106:
4689 YY_RULE_SETUP
4690 #line 320 "util/configlexer.lex"
4903 case 109:
4904 YY_RULE_SETUP
4905 #line 323 "util/configlexer.lex"
46914906 { YDVAR(1, VAR_PREFETCH) }
46924907 YY_BREAK
4693 case 107:
4694 YY_RULE_SETUP
4695 #line 321 "util/configlexer.lex"
4908 case 110:
4909 YY_RULE_SETUP
4910 #line 324 "util/configlexer.lex"
46964911 { YDVAR(1, VAR_DENY_ANY) }
46974912 YY_BREAK
4698 case 108:
4699 YY_RULE_SETUP
4700 #line 322 "util/configlexer.lex"
4913 case 111:
4914 YY_RULE_SETUP
4915 #line 325 "util/configlexer.lex"
47014916 { YDVAR(0, VAR_STUB_ZONE) }
47024917 YY_BREAK
4703 case 109:
4704 YY_RULE_SETUP
4705 #line 323 "util/configlexer.lex"
4918 case 112:
4919 YY_RULE_SETUP
4920 #line 326 "util/configlexer.lex"
47064921 { YDVAR(1, VAR_NAME) }
47074922 YY_BREAK
4708 case 110:
4709 YY_RULE_SETUP
4710 #line 324 "util/configlexer.lex"
4923 case 113:
4924 YY_RULE_SETUP
4925 #line 327 "util/configlexer.lex"
47114926 { YDVAR(1, VAR_STUB_ADDR) }
47124927 YY_BREAK
4713 case 111:
4714 YY_RULE_SETUP
4715 #line 325 "util/configlexer.lex"
4928 case 114:
4929 YY_RULE_SETUP
4930 #line 328 "util/configlexer.lex"
47164931 { YDVAR(1, VAR_STUB_HOST) }
47174932 YY_BREAK
4718 case 112:
4719 YY_RULE_SETUP
4720 #line 326 "util/configlexer.lex"
4933 case 115:
4934 YY_RULE_SETUP
4935 #line 329 "util/configlexer.lex"
47214936 { YDVAR(1, VAR_STUB_PRIME) }
47224937 YY_BREAK
4723 case 113:
4724 YY_RULE_SETUP
4725 #line 327 "util/configlexer.lex"
4938 case 116:
4939 YY_RULE_SETUP
4940 #line 330 "util/configlexer.lex"
47264941 { YDVAR(1, VAR_STUB_FIRST) }
47274942 YY_BREAK
4728 case 114:
4729 YY_RULE_SETUP
4730 #line 328 "util/configlexer.lex"
4943 case 117:
4944 YY_RULE_SETUP
4945 #line 331 "util/configlexer.lex"
47314946 { YDVAR(1, VAR_STUB_NO_CACHE) }
47324947 YY_BREAK
4733 case 115:
4734 YY_RULE_SETUP
4735 #line 329 "util/configlexer.lex"
4948 case 118:
4949 YY_RULE_SETUP
4950 #line 332 "util/configlexer.lex"
47364951 { YDVAR(1, VAR_STUB_SSL_UPSTREAM) }
47374952 YY_BREAK
4738 case 116:
4739 YY_RULE_SETUP
4740 #line 330 "util/configlexer.lex"
4953 case 119:
4954 YY_RULE_SETUP
4955 #line 333 "util/configlexer.lex"
47414956 { YDVAR(1, VAR_STUB_SSL_UPSTREAM) }
47424957 YY_BREAK
4743 case 117:
4744 YY_RULE_SETUP
4745 #line 331 "util/configlexer.lex"
4958 case 120:
4959 YY_RULE_SETUP
4960 #line 334 "util/configlexer.lex"
4961 { YDVAR(1, VAR_STUB_TCP_UPSTREAM) }
4962 YY_BREAK
4963 case 121:
4964 YY_RULE_SETUP
4965 #line 335 "util/configlexer.lex"
47464966 { YDVAR(0, VAR_FORWARD_ZONE) }
47474967 YY_BREAK
4748 case 118:
4749 YY_RULE_SETUP
4750 #line 332 "util/configlexer.lex"
4968 case 122:
4969 YY_RULE_SETUP
4970 #line 336 "util/configlexer.lex"
47514971 { YDVAR(1, VAR_FORWARD_ADDR) }
47524972 YY_BREAK
4753 case 119:
4754 YY_RULE_SETUP
4755 #line 333 "util/configlexer.lex"
4973 case 123:
4974 YY_RULE_SETUP
4975 #line 337 "util/configlexer.lex"
47564976 { YDVAR(1, VAR_FORWARD_HOST) }
47574977 YY_BREAK
4758 case 120:
4759 YY_RULE_SETUP
4760 #line 334 "util/configlexer.lex"
4978 case 124:
4979 YY_RULE_SETUP
4980 #line 338 "util/configlexer.lex"
47614981 { YDVAR(1, VAR_FORWARD_FIRST) }
47624982 YY_BREAK
4763 case 121:
4764 YY_RULE_SETUP
4765 #line 335 "util/configlexer.lex"
4983 case 125:
4984 YY_RULE_SETUP
4985 #line 339 "util/configlexer.lex"
47664986 { YDVAR(1, VAR_FORWARD_NO_CACHE) }
47674987 YY_BREAK
4768 case 122:
4769 YY_RULE_SETUP
4770 #line 336 "util/configlexer.lex"
4988 case 126:
4989 YY_RULE_SETUP
4990 #line 340 "util/configlexer.lex"
47714991 { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) }
47724992 YY_BREAK
4773 case 123:
4774 YY_RULE_SETUP
4775 #line 337 "util/configlexer.lex"
4993 case 127:
4994 YY_RULE_SETUP
4995 #line 341 "util/configlexer.lex"
47764996 { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) }
47774997 YY_BREAK
4778 case 124:
4779 YY_RULE_SETUP
4780 #line 338 "util/configlexer.lex"
4998 case 128:
4999 YY_RULE_SETUP
5000 #line 342 "util/configlexer.lex"
5001 { YDVAR(1, VAR_FORWARD_TCP_UPSTREAM) }
5002 YY_BREAK
5003 case 129:
5004 YY_RULE_SETUP
5005 #line 343 "util/configlexer.lex"
47815006 { YDVAR(0, VAR_AUTH_ZONE) }
47825007 YY_BREAK
4783 case 125:
4784 YY_RULE_SETUP
4785 #line 339 "util/configlexer.lex"
5008 case 130:
5009 YY_RULE_SETUP
5010 #line 344 "util/configlexer.lex"
47865011 { YDVAR(0, VAR_RPZ) }
47875012 YY_BREAK
4788 case 126:
4789 YY_RULE_SETUP
4790 #line 340 "util/configlexer.lex"
5013 case 131:
5014 YY_RULE_SETUP
5015 #line 345 "util/configlexer.lex"
47915016 { YDVAR(1, VAR_TAGS) }
47925017 YY_BREAK
4793 case 127:
4794 YY_RULE_SETUP
4795 #line 341 "util/configlexer.lex"
5018 case 132:
5019 YY_RULE_SETUP
5020 #line 346 "util/configlexer.lex"
47965021 { YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) }
47975022 YY_BREAK
4798 case 128:
4799 YY_RULE_SETUP
4800 #line 342 "util/configlexer.lex"
5023 case 133:
5024 YY_RULE_SETUP
5025 #line 347 "util/configlexer.lex"
48015026 { YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) }
48025027 YY_BREAK
4803 case 129:
4804 YY_RULE_SETUP
4805 #line 343 "util/configlexer.lex"
5028 case 134:
5029 YY_RULE_SETUP
5030 #line 348 "util/configlexer.lex"
48065031 { YDVAR(1, VAR_RPZ_LOG) }
48075032 YY_BREAK
4808 case 130:
4809 YY_RULE_SETUP
4810 #line 344 "util/configlexer.lex"
5033 case 135:
5034 YY_RULE_SETUP
5035 #line 349 "util/configlexer.lex"
48115036 { YDVAR(1, VAR_RPZ_LOG_NAME) }
48125037 YY_BREAK
4813 case 131:
4814 YY_RULE_SETUP
4815 #line 345 "util/configlexer.lex"
5038 case 136:
5039 YY_RULE_SETUP
5040 #line 350 "util/configlexer.lex"
5041 { YDVAR(1, VAR_RPZ_SIGNAL_NXDOMAIN_RA) }
5042 YY_BREAK
5043 case 137:
5044 YY_RULE_SETUP
5045 #line 351 "util/configlexer.lex"
48165046 { YDVAR(1, VAR_ZONEFILE) }
48175047 YY_BREAK
4818 case 132:
4819 YY_RULE_SETUP
4820 #line 346 "util/configlexer.lex"
5048 case 138:
5049 YY_RULE_SETUP
5050 #line 352 "util/configlexer.lex"
48215051 { YDVAR(1, VAR_MASTER) }
48225052 YY_BREAK
4823 case 133:
4824 YY_RULE_SETUP
4825 #line 347 "util/configlexer.lex"
5053 case 139:
5054 YY_RULE_SETUP
5055 #line 353 "util/configlexer.lex"
48265056 { YDVAR(1, VAR_MASTER) }
48275057 YY_BREAK
4828 case 134:
4829 YY_RULE_SETUP
4830 #line 348 "util/configlexer.lex"
5058 case 140:
5059 YY_RULE_SETUP
5060 #line 354 "util/configlexer.lex"
48315061 { YDVAR(1, VAR_URL) }
48325062 YY_BREAK
4833 case 135:
4834 YY_RULE_SETUP
4835 #line 349 "util/configlexer.lex"
5063 case 141:
5064 YY_RULE_SETUP
5065 #line 355 "util/configlexer.lex"
48365066 { YDVAR(1, VAR_ALLOW_NOTIFY) }
48375067 YY_BREAK
4838 case 136:
4839 YY_RULE_SETUP
4840 #line 350 "util/configlexer.lex"
5068 case 142:
5069 YY_RULE_SETUP
5070 #line 356 "util/configlexer.lex"
48415071 { YDVAR(1, VAR_FOR_DOWNSTREAM) }
48425072 YY_BREAK
4843 case 137:
4844 YY_RULE_SETUP
4845 #line 351 "util/configlexer.lex"
5073 case 143:
5074 YY_RULE_SETUP
5075 #line 357 "util/configlexer.lex"
48465076 { YDVAR(1, VAR_FOR_UPSTREAM) }
48475077 YY_BREAK
4848 case 138:
4849 YY_RULE_SETUP
4850 #line 352 "util/configlexer.lex"
5078 case 144:
5079 YY_RULE_SETUP
5080 #line 358 "util/configlexer.lex"
48515081 { YDVAR(1, VAR_FALLBACK_ENABLED) }
48525082 YY_BREAK
4853 case 139:
4854 YY_RULE_SETUP
4855 #line 353 "util/configlexer.lex"
5083 case 145:
5084 YY_RULE_SETUP
5085 #line 359 "util/configlexer.lex"
48565086 { YDVAR(0, VAR_VIEW) }
48575087 YY_BREAK
4858 case 140:
4859 YY_RULE_SETUP
4860 #line 354 "util/configlexer.lex"
5088 case 146:
5089 YY_RULE_SETUP
5090 #line 360 "util/configlexer.lex"
48615091 { YDVAR(1, VAR_VIEW_FIRST) }
48625092 YY_BREAK
4863 case 141:
4864 YY_RULE_SETUP
4865 #line 355 "util/configlexer.lex"
5093 case 147:
5094 YY_RULE_SETUP
5095 #line 361 "util/configlexer.lex"
48665096 { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) }
48675097 YY_BREAK
4868 case 142:
4869 YY_RULE_SETUP
4870 #line 356 "util/configlexer.lex"
5098 case 148:
5099 YY_RULE_SETUP
5100 #line 362 "util/configlexer.lex"
48715101 { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) }
48725102 YY_BREAK
4873 case 143:
4874 YY_RULE_SETUP
4875 #line 357 "util/configlexer.lex"
5103 case 149:
5104 YY_RULE_SETUP
5105 #line 363 "util/configlexer.lex"
48765106 { YDVAR(2, VAR_ACCESS_CONTROL) }
48775107 YY_BREAK
4878 case 144:
4879 YY_RULE_SETUP
4880 #line 358 "util/configlexer.lex"
5108 case 150:
5109 YY_RULE_SETUP
5110 #line 364 "util/configlexer.lex"
48815111 { YDVAR(1, VAR_SEND_CLIENT_SUBNET) }
48825112 YY_BREAK
4883 case 145:
4884 YY_RULE_SETUP
4885 #line 359 "util/configlexer.lex"
5113 case 151:
5114 YY_RULE_SETUP
5115 #line 365 "util/configlexer.lex"
48865116 { YDVAR(1, VAR_CLIENT_SUBNET_ZONE) }
48875117 YY_BREAK
4888 case 146:
4889 YY_RULE_SETUP
4890 #line 360 "util/configlexer.lex"
5118 case 152:
5119 YY_RULE_SETUP
5120 #line 366 "util/configlexer.lex"
48915121 { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) }
48925122 YY_BREAK
4893 case 147:
4894 YY_RULE_SETUP
4895 #line 361 "util/configlexer.lex"
5123 case 153:
5124 YY_RULE_SETUP
5125 #line 367 "util/configlexer.lex"
48965126 { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) }
48975127 YY_BREAK
4898 case 148:
4899 YY_RULE_SETUP
4900 #line 362 "util/configlexer.lex"
5128 case 154:
5129 YY_RULE_SETUP
5130 #line 368 "util/configlexer.lex"
49015131 { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) }
49025132 YY_BREAK
4903 case 149:
4904 YY_RULE_SETUP
4905 #line 363 "util/configlexer.lex"
5133 case 155:
5134 YY_RULE_SETUP
5135 #line 369 "util/configlexer.lex"
49065136 { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) }
49075137 YY_BREAK
4908 case 150:
4909 YY_RULE_SETUP
4910 #line 364 "util/configlexer.lex"
5138 case 156:
5139 YY_RULE_SETUP
5140 #line 370 "util/configlexer.lex"
49115141 { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) }
49125142 YY_BREAK
4913 case 151:
4914 YY_RULE_SETUP
4915 #line 365 "util/configlexer.lex"
5143 case 157:
5144 YY_RULE_SETUP
5145 #line 371 "util/configlexer.lex"
49165146 { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) }
49175147 YY_BREAK
4918 case 152:
4919 YY_RULE_SETUP
4920 #line 366 "util/configlexer.lex"
5148 case 158:
5149 YY_RULE_SETUP
5150 #line 372 "util/configlexer.lex"
49215151 { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) }
49225152 YY_BREAK
4923 case 153:
4924 YY_RULE_SETUP
4925 #line 367 "util/configlexer.lex"
5153 case 159:
5154 YY_RULE_SETUP
5155 #line 373 "util/configlexer.lex"
49265156 { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) }
49275157 YY_BREAK
4928 case 154:
4929 YY_RULE_SETUP
4930 #line 368 "util/configlexer.lex"
5158 case 160:
5159 YY_RULE_SETUP
5160 #line 374 "util/configlexer.lex"
49315161 { YDVAR(1, VAR_HIDE_IDENTITY) }
49325162 YY_BREAK
4933 case 155:
4934 YY_RULE_SETUP
4935 #line 369 "util/configlexer.lex"
5163 case 161:
5164 YY_RULE_SETUP
5165 #line 375 "util/configlexer.lex"
49365166 { YDVAR(1, VAR_HIDE_VERSION) }
49375167 YY_BREAK
4938 case 156:
4939 YY_RULE_SETUP
4940 #line 370 "util/configlexer.lex"
5168 case 162:
5169 YY_RULE_SETUP
5170 #line 376 "util/configlexer.lex"
49415171 { YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
49425172 YY_BREAK
4943 case 157:
4944 YY_RULE_SETUP
4945 #line 371 "util/configlexer.lex"
5173 case 163:
5174 YY_RULE_SETUP
5175 #line 377 "util/configlexer.lex"
5176 { YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) }
5177 YY_BREAK
5178 case 164:
5179 YY_RULE_SETUP
5180 #line 378 "util/configlexer.lex"
49465181 { YDVAR(1, VAR_IDENTITY) }
49475182 YY_BREAK
4948 case 158:
4949 YY_RULE_SETUP
4950 #line 372 "util/configlexer.lex"
5183 case 165:
5184 YY_RULE_SETUP
5185 #line 379 "util/configlexer.lex"
49515186 { YDVAR(1, VAR_VERSION) }
49525187 YY_BREAK
4953 case 159:
4954 YY_RULE_SETUP
4955 #line 373 "util/configlexer.lex"
5188 case 166:
5189 YY_RULE_SETUP
5190 #line 380 "util/configlexer.lex"
5191 { YDVAR(1, VAR_HTTP_USER_AGENT) }
5192 YY_BREAK
5193 case 167:
5194 YY_RULE_SETUP
5195 #line 381 "util/configlexer.lex"
49565196 { YDVAR(1, VAR_MODULE_CONF) }
49575197 YY_BREAK
4958 case 160:
4959 YY_RULE_SETUP
4960 #line 374 "util/configlexer.lex"
5198 case 168:
5199 YY_RULE_SETUP
5200 #line 382 "util/configlexer.lex"
49615201 { YDVAR(1, VAR_DLV_ANCHOR) }
49625202 YY_BREAK
4963 case 161:
4964 YY_RULE_SETUP
4965 #line 375 "util/configlexer.lex"
5203 case 169:
5204 YY_RULE_SETUP
5205 #line 383 "util/configlexer.lex"
49665206 { YDVAR(1, VAR_DLV_ANCHOR_FILE) }
49675207 YY_BREAK
4968 case 162:
4969 YY_RULE_SETUP
4970 #line 376 "util/configlexer.lex"
5208 case 170:
5209 YY_RULE_SETUP
5210 #line 384 "util/configlexer.lex"
49715211 { YDVAR(1, VAR_TRUST_ANCHOR_FILE) }
49725212 YY_BREAK
4973 case 163:
4974 YY_RULE_SETUP
4975 #line 377 "util/configlexer.lex"
5213 case 171:
5214 YY_RULE_SETUP
5215 #line 385 "util/configlexer.lex"
49765216 { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) }
49775217 YY_BREAK
4978 case 164:
4979 YY_RULE_SETUP
4980 #line 378 "util/configlexer.lex"
5218 case 172:
5219 YY_RULE_SETUP
5220 #line 386 "util/configlexer.lex"
49815221 { YDVAR(1, VAR_TRUSTED_KEYS_FILE) }
49825222 YY_BREAK
4983 case 165:
4984 YY_RULE_SETUP
4985 #line 379 "util/configlexer.lex"
5223 case 173:
5224 YY_RULE_SETUP
5225 #line 387 "util/configlexer.lex"
49865226 { YDVAR(1, VAR_TRUST_ANCHOR) }
49875227 YY_BREAK
4988 case 166:
4989 YY_RULE_SETUP
4990 #line 380 "util/configlexer.lex"
5228 case 174:
5229 YY_RULE_SETUP
5230 #line 388 "util/configlexer.lex"
49915231 { YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) }
49925232 YY_BREAK
4993 case 167:
4994 YY_RULE_SETUP
4995 #line 381 "util/configlexer.lex"
5233 case 175:
5234 YY_RULE_SETUP
5235 #line 389 "util/configlexer.lex"
49965236 { YDVAR(1, VAR_ROOT_KEY_SENTINEL) }
49975237 YY_BREAK
4998 case 168:
4999 YY_RULE_SETUP
5000 #line 382 "util/configlexer.lex"
5238 case 176:
5239 YY_RULE_SETUP
5240 #line 390 "util/configlexer.lex"
50015241 { YDVAR(1, VAR_VAL_OVERRIDE_DATE) }
50025242 YY_BREAK
5003 case 169:
5004 YY_RULE_SETUP
5005 #line 383 "util/configlexer.lex"
5243 case 177:
5244 YY_RULE_SETUP
5245 #line 391 "util/configlexer.lex"
50065246 { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) }
50075247 YY_BREAK
5008 case 170:
5009 YY_RULE_SETUP
5010 #line 384 "util/configlexer.lex"
5248 case 178:
5249 YY_RULE_SETUP
5250 #line 392 "util/configlexer.lex"
50115251 { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) }
50125252 YY_BREAK
5013 case 171:
5014 YY_RULE_SETUP
5015 #line 385 "util/configlexer.lex"
5253 case 179:
5254 YY_RULE_SETUP
5255 #line 393 "util/configlexer.lex"
5256 { YDVAR(1, VAR_VAL_MAX_RESTART) }
5257 YY_BREAK
5258 case 180:
5259 YY_RULE_SETUP
5260 #line 394 "util/configlexer.lex"
50165261 { YDVAR(1, VAR_BOGUS_TTL) }
50175262 YY_BREAK
5018 case 172:
5019 YY_RULE_SETUP
5020 #line 386 "util/configlexer.lex"
5263 case 181:
5264 YY_RULE_SETUP
5265 #line 395 "util/configlexer.lex"
50215266 { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) }
50225267 YY_BREAK
5023 case 173:
5024 YY_RULE_SETUP
5025 #line 387 "util/configlexer.lex"
5268 case 182:
5269 YY_RULE_SETUP
5270 #line 396 "util/configlexer.lex"
50265271 { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) }
50275272 YY_BREAK
5028 case 174:
5029 YY_RULE_SETUP
5030 #line 388 "util/configlexer.lex"
5273 case 183:
5274 YY_RULE_SETUP
5275 #line 397 "util/configlexer.lex"
50315276 { YDVAR(1, VAR_AGGRESSIVE_NSEC) }
50325277 YY_BREAK
5033 case 175:
5034 YY_RULE_SETUP
5035 #line 389 "util/configlexer.lex"
5278 case 184:
5279 YY_RULE_SETUP
5280 #line 398 "util/configlexer.lex"
50365281 { YDVAR(1, VAR_IGNORE_CD_FLAG) }
50375282 YY_BREAK
5038 case 176:
5039 YY_RULE_SETUP
5040 #line 390 "util/configlexer.lex"
5283 case 185:
5284 YY_RULE_SETUP
5285 #line 399 "util/configlexer.lex"
50415286 { YDVAR(1, VAR_SERVE_EXPIRED) }
50425287 YY_BREAK
5043 case 177:
5044 YY_RULE_SETUP
5045 #line 391 "util/configlexer.lex"
5288 case 186:
5289 YY_RULE_SETUP
5290 #line 400 "util/configlexer.lex"
50465291 { YDVAR(1, VAR_SERVE_EXPIRED_TTL) }
50475292 YY_BREAK
5048 case 178:
5049 YY_RULE_SETUP
5050 #line 392 "util/configlexer.lex"
5293 case 187:
5294 YY_RULE_SETUP
5295 #line 401 "util/configlexer.lex"
50515296 { YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) }
50525297 YY_BREAK
5053 case 179:
5054 YY_RULE_SETUP
5055 #line 393 "util/configlexer.lex"
5298 case 188:
5299 YY_RULE_SETUP
5300 #line 402 "util/configlexer.lex"
50565301 { YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) }
50575302 YY_BREAK
5058 case 180:
5059 YY_RULE_SETUP
5060 #line 394 "util/configlexer.lex"
5303 case 189:
5304 YY_RULE_SETUP
5305 #line 403 "util/configlexer.lex"
50615306 { YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) }
50625307 YY_BREAK
5063 case 181:
5064 YY_RULE_SETUP
5065 #line 395 "util/configlexer.lex"
5308 case 190:
5309 YY_RULE_SETUP
5310 #line 404 "util/configlexer.lex"
50665311 { YDVAR(1, VAR_SERVE_ORIGINAL_TTL) }
50675312 YY_BREAK
5068 case 182:
5069 YY_RULE_SETUP
5070 #line 396 "util/configlexer.lex"
5313 case 191:
5314 YY_RULE_SETUP
5315 #line 405 "util/configlexer.lex"
50715316 { YDVAR(1, VAR_FAKE_DSA) }
50725317 YY_BREAK
5073 case 183:
5074 YY_RULE_SETUP
5075 #line 397 "util/configlexer.lex"
5318 case 192:
5319 YY_RULE_SETUP
5320 #line 406 "util/configlexer.lex"
50765321 { YDVAR(1, VAR_FAKE_SHA1) }
50775322 YY_BREAK
5078 case 184:
5079 YY_RULE_SETUP
5080 #line 398 "util/configlexer.lex"
5323 case 193:
5324 YY_RULE_SETUP
5325 #line 407 "util/configlexer.lex"
50815326 { YDVAR(1, VAR_VAL_LOG_LEVEL) }
50825327 YY_BREAK
5083 case 185:
5084 YY_RULE_SETUP
5085 #line 399 "util/configlexer.lex"
5328 case 194:
5329 YY_RULE_SETUP
5330 #line 408 "util/configlexer.lex"
50865331 { YDVAR(1, VAR_KEY_CACHE_SIZE) }
50875332 YY_BREAK
5088 case 186:
5089 YY_RULE_SETUP
5090 #line 400 "util/configlexer.lex"
5333 case 195:
5334 YY_RULE_SETUP
5335 #line 409 "util/configlexer.lex"
50915336 { YDVAR(1, VAR_KEY_CACHE_SLABS) }
50925337 YY_BREAK
5093 case 187:
5094 YY_RULE_SETUP
5095 #line 401 "util/configlexer.lex"
5338 case 196:
5339 YY_RULE_SETUP
5340 #line 410 "util/configlexer.lex"
50965341 { YDVAR(1, VAR_NEG_CACHE_SIZE) }
50975342 YY_BREAK
5098 case 188:
5099 YY_RULE_SETUP
5100 #line 402 "util/configlexer.lex"
5343 case 197:
5344 YY_RULE_SETUP
5345 #line 411 "util/configlexer.lex"
51015346 {
51025347 YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) }
51035348 YY_BREAK
5104 case 189:
5105 YY_RULE_SETUP
5106 #line 404 "util/configlexer.lex"
5349 case 198:
5350 YY_RULE_SETUP
5351 #line 413 "util/configlexer.lex"
5352 { YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) }
5353 YY_BREAK
5354 case 199:
5355 YY_RULE_SETUP
5356 #line 414 "util/configlexer.lex"
5357 { YDVAR(1, VAR_ZONEMD_CHECK) }
5358 YY_BREAK
5359 case 200:
5360 YY_RULE_SETUP
5361 #line 415 "util/configlexer.lex"
5362 { YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) }
5363 YY_BREAK
5364 case 201:
5365 YY_RULE_SETUP
5366 #line 416 "util/configlexer.lex"
51075367 { YDVAR(1, VAR_ADD_HOLDDOWN) }
51085368 YY_BREAK
5109 case 190:
5110 YY_RULE_SETUP
5111 #line 405 "util/configlexer.lex"
5369 case 202:
5370 YY_RULE_SETUP
5371 #line 417 "util/configlexer.lex"
51125372 { YDVAR(1, VAR_DEL_HOLDDOWN) }
51135373 YY_BREAK
5114 case 191:
5115 YY_RULE_SETUP
5116 #line 406 "util/configlexer.lex"
5374 case 203:
5375 YY_RULE_SETUP
5376 #line 418 "util/configlexer.lex"
51175377 { YDVAR(1, VAR_KEEP_MISSING) }
51185378 YY_BREAK
5119 case 192:
5120 YY_RULE_SETUP
5121 #line 407 "util/configlexer.lex"
5379 case 204:
5380 YY_RULE_SETUP
5381 #line 419 "util/configlexer.lex"
51225382 { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) }
51235383 YY_BREAK
5124 case 193:
5125 YY_RULE_SETUP
5126 #line 408 "util/configlexer.lex"
5384 case 205:
5385 YY_RULE_SETUP
5386 #line 420 "util/configlexer.lex"
51275387 { YDVAR(1, VAR_USE_SYSLOG) }
51285388 YY_BREAK
5129 case 194:
5130 YY_RULE_SETUP
5131 #line 409 "util/configlexer.lex"
5389 case 206:
5390 YY_RULE_SETUP
5391 #line 421 "util/configlexer.lex"
51325392 { YDVAR(1, VAR_LOG_IDENTITY) }
51335393 YY_BREAK
5134 case 195:
5135 YY_RULE_SETUP
5136 #line 410 "util/configlexer.lex"
5394 case 207:
5395 YY_RULE_SETUP
5396 #line 422 "util/configlexer.lex"
51375397 { YDVAR(1, VAR_LOG_TIME_ASCII) }
51385398 YY_BREAK
5139 case 196:
5140 YY_RULE_SETUP
5141 #line 411 "util/configlexer.lex"
5399 case 208:
5400 YY_RULE_SETUP
5401 #line 423 "util/configlexer.lex"
51425402 { YDVAR(1, VAR_LOG_QUERIES) }
51435403 YY_BREAK
5144 case 197:
5145 YY_RULE_SETUP
5146 #line 412 "util/configlexer.lex"
5404 case 209:
5405 YY_RULE_SETUP
5406 #line 424 "util/configlexer.lex"
51475407 { YDVAR(1, VAR_LOG_REPLIES) }
51485408 YY_BREAK
5149 case 198:
5150 YY_RULE_SETUP
5151 #line 413 "util/configlexer.lex"
5409 case 210:
5410 YY_RULE_SETUP
5411 #line 425 "util/configlexer.lex"
51525412 { YDVAR(1, VAR_LOG_TAG_QUERYREPLY) }
51535413 YY_BREAK
5154 case 199:
5155 YY_RULE_SETUP
5156 #line 414 "util/configlexer.lex"
5414 case 211:
5415 YY_RULE_SETUP
5416 #line 426 "util/configlexer.lex"
51575417 { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) }
51585418 YY_BREAK
5159 case 200:
5160 YY_RULE_SETUP
5161 #line 415 "util/configlexer.lex"
5419 case 212:
5420 YY_RULE_SETUP
5421 #line 427 "util/configlexer.lex"
51625422 { YDVAR(1, VAR_LOG_SERVFAIL) }
51635423 YY_BREAK
5164 case 201:
5165 YY_RULE_SETUP
5166 #line 416 "util/configlexer.lex"
5424 case 213:
5425 YY_RULE_SETUP
5426 #line 428 "util/configlexer.lex"
51675427 { YDVAR(2, VAR_LOCAL_ZONE) }
51685428 YY_BREAK
5169 case 202:
5170 YY_RULE_SETUP
5171 #line 417 "util/configlexer.lex"
5429 case 214:
5430 YY_RULE_SETUP
5431 #line 429 "util/configlexer.lex"
51725432 { YDVAR(1, VAR_LOCAL_DATA) }
51735433 YY_BREAK
5174 case 203:
5175 YY_RULE_SETUP
5176 #line 418 "util/configlexer.lex"
5434 case 215:
5435 YY_RULE_SETUP
5436 #line 430 "util/configlexer.lex"
51775437 { YDVAR(1, VAR_LOCAL_DATA_PTR) }
51785438 YY_BREAK
5179 case 204:
5180 YY_RULE_SETUP
5181 #line 419 "util/configlexer.lex"
5439 case 216:
5440 YY_RULE_SETUP
5441 #line 431 "util/configlexer.lex"
51825442 { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) }
51835443 YY_BREAK
5184 case 205:
5185 YY_RULE_SETUP
5186 #line 420 "util/configlexer.lex"
5444 case 217:
5445 YY_RULE_SETUP
5446 #line 432 "util/configlexer.lex"
51875447 { YDVAR(1, VAR_INSECURE_LAN_ZONES) }
51885448 YY_BREAK
5189 case 206:
5190 YY_RULE_SETUP
5191 #line 421 "util/configlexer.lex"
5449 case 218:
5450 YY_RULE_SETUP
5451 #line 433 "util/configlexer.lex"
51925452 { YDVAR(1, VAR_STATISTICS_INTERVAL) }
51935453 YY_BREAK
5194 case 207:
5195 YY_RULE_SETUP
5196 #line 422 "util/configlexer.lex"
5454 case 219:
5455 YY_RULE_SETUP
5456 #line 434 "util/configlexer.lex"
51975457 { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
51985458 YY_BREAK
5199 case 208:
5200 YY_RULE_SETUP
5201 #line 423 "util/configlexer.lex"
5459 case 220:
5460 YY_RULE_SETUP
5461 #line 435 "util/configlexer.lex"
52025462 { YDVAR(1, VAR_EXTENDED_STATISTICS) }
52035463 YY_BREAK
5204 case 209:
5205 YY_RULE_SETUP
5206 #line 424 "util/configlexer.lex"
5464 case 221:
5465 YY_RULE_SETUP
5466 #line 436 "util/configlexer.lex"
52075467 { YDVAR(1, VAR_SHM_ENABLE) }
52085468 YY_BREAK
5209 case 210:
5210 YY_RULE_SETUP
5211 #line 425 "util/configlexer.lex"
5469 case 222:
5470 YY_RULE_SETUP
5471 #line 437 "util/configlexer.lex"
52125472 { YDVAR(1, VAR_SHM_KEY) }
52135473 YY_BREAK
5214 case 211:
5215 YY_RULE_SETUP
5216 #line 426 "util/configlexer.lex"
5474 case 223:
5475 YY_RULE_SETUP
5476 #line 438 "util/configlexer.lex"
52175477 { YDVAR(0, VAR_REMOTE_CONTROL) }
52185478 YY_BREAK
5219 case 212:
5220 YY_RULE_SETUP
5221 #line 427 "util/configlexer.lex"
5479 case 224:
5480 YY_RULE_SETUP
5481 #line 439 "util/configlexer.lex"
52225482 { YDVAR(1, VAR_CONTROL_ENABLE) }
52235483 YY_BREAK
5224 case 213:
5225 YY_RULE_SETUP
5226 #line 428 "util/configlexer.lex"
5484 case 225:
5485 YY_RULE_SETUP
5486 #line 440 "util/configlexer.lex"
52275487 { YDVAR(1, VAR_CONTROL_INTERFACE) }
52285488 YY_BREAK
5229 case 214:
5230 YY_RULE_SETUP
5231 #line 429 "util/configlexer.lex"
5489 case 226:
5490 YY_RULE_SETUP
5491 #line 441 "util/configlexer.lex"
52325492 { YDVAR(1, VAR_CONTROL_PORT) }
52335493 YY_BREAK
5234 case 215:
5235 YY_RULE_SETUP
5236 #line 430 "util/configlexer.lex"
5494 case 227:
5495 YY_RULE_SETUP
5496 #line 442 "util/configlexer.lex"
52375497 { YDVAR(1, VAR_CONTROL_USE_CERT) }
52385498 YY_BREAK
5239 case 216:
5240 YY_RULE_SETUP
5241 #line 431 "util/configlexer.lex"
5499 case 228:
5500 YY_RULE_SETUP
5501 #line 443 "util/configlexer.lex"
52425502 { YDVAR(1, VAR_SERVER_KEY_FILE) }
52435503 YY_BREAK
5244 case 217:
5245 YY_RULE_SETUP
5246 #line 432 "util/configlexer.lex"
5504 case 229:
5505 YY_RULE_SETUP
5506 #line 444 "util/configlexer.lex"
52475507 { YDVAR(1, VAR_SERVER_CERT_FILE) }
52485508 YY_BREAK
5249 case 218:
5250 YY_RULE_SETUP
5251 #line 433 "util/configlexer.lex"
5509 case 230:
5510 YY_RULE_SETUP
5511 #line 445 "util/configlexer.lex"
52525512 { YDVAR(1, VAR_CONTROL_KEY_FILE) }
52535513 YY_BREAK
5254 case 219:
5255 YY_RULE_SETUP
5256 #line 434 "util/configlexer.lex"
5514 case 231:
5515 YY_RULE_SETUP
5516 #line 446 "util/configlexer.lex"
52575517 { YDVAR(1, VAR_CONTROL_CERT_FILE) }
52585518 YY_BREAK
5259 case 220:
5260 YY_RULE_SETUP
5261 #line 435 "util/configlexer.lex"
5519 case 232:
5520 YY_RULE_SETUP
5521 #line 447 "util/configlexer.lex"
52625522 { YDVAR(1, VAR_PYTHON_SCRIPT) }
52635523 YY_BREAK
5264 case 221:
5265 YY_RULE_SETUP
5266 #line 436 "util/configlexer.lex"
5524 case 233:
5525 YY_RULE_SETUP
5526 #line 448 "util/configlexer.lex"
52675527 { YDVAR(0, VAR_PYTHON) }
52685528 YY_BREAK
5269 case 222:
5270 YY_RULE_SETUP
5271 #line 437 "util/configlexer.lex"
5529 case 234:
5530 YY_RULE_SETUP
5531 #line 449 "util/configlexer.lex"
52725532 { YDVAR(1, VAR_DYNLIB_FILE) }
52735533 YY_BREAK
5274 case 223:
5275 YY_RULE_SETUP
5276 #line 438 "util/configlexer.lex"
5534 case 235:
5535 YY_RULE_SETUP
5536 #line 450 "util/configlexer.lex"
52775537 { YDVAR(0, VAR_DYNLIB) }
52785538 YY_BREAK
5279 case 224:
5280 YY_RULE_SETUP
5281 #line 439 "util/configlexer.lex"
5539 case 236:
5540 YY_RULE_SETUP
5541 #line 451 "util/configlexer.lex"
52825542 { YDVAR(1, VAR_DOMAIN_INSECURE) }
52835543 YY_BREAK
5284 case 225:
5285 YY_RULE_SETUP
5286 #line 440 "util/configlexer.lex"
5544 case 237:
5545 YY_RULE_SETUP
5546 #line 452 "util/configlexer.lex"
52875547 { YDVAR(1, VAR_MINIMAL_RESPONSES) }
52885548 YY_BREAK
5289 case 226:
5290 YY_RULE_SETUP
5291 #line 441 "util/configlexer.lex"
5549 case 238:
5550 YY_RULE_SETUP
5551 #line 453 "util/configlexer.lex"
52925552 { YDVAR(1, VAR_RRSET_ROUNDROBIN) }
52935553 YY_BREAK
5294 case 227:
5295 YY_RULE_SETUP
5296 #line 442 "util/configlexer.lex"
5554 case 239:
5555 YY_RULE_SETUP
5556 #line 454 "util/configlexer.lex"
52975557 { YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) }
52985558 YY_BREAK
5299 case 228:
5300 YY_RULE_SETUP
5301 #line 443 "util/configlexer.lex"
5559 case 240:
5560 YY_RULE_SETUP
5561 #line 455 "util/configlexer.lex"
53025562 { YDVAR(1, VAR_MAX_UDP_SIZE) }
53035563 YY_BREAK
5304 case 229:
5305 YY_RULE_SETUP
5306 #line 444 "util/configlexer.lex"
5564 case 241:
5565 YY_RULE_SETUP
5566 #line 456 "util/configlexer.lex"
53075567 { YDVAR(1, VAR_DNS64_PREFIX) }
53085568 YY_BREAK
5309 case 230:
5310 YY_RULE_SETUP
5311 #line 445 "util/configlexer.lex"
5569 case 242:
5570 YY_RULE_SETUP
5571 #line 457 "util/configlexer.lex"
53125572 { YDVAR(1, VAR_DNS64_SYNTHALL) }
53135573 YY_BREAK
5314 case 231:
5315 YY_RULE_SETUP
5316 #line 446 "util/configlexer.lex"
5574 case 243:
5575 YY_RULE_SETUP
5576 #line 458 "util/configlexer.lex"
53175577 { YDVAR(1, VAR_DNS64_IGNORE_AAAA) }
53185578 YY_BREAK
5319 case 232:
5320 YY_RULE_SETUP
5321 #line 447 "util/configlexer.lex"
5579 case 244:
5580 YY_RULE_SETUP
5581 #line 459 "util/configlexer.lex"
53225582 { YDVAR(1, VAR_DEFINE_TAG) }
53235583 YY_BREAK
5324 case 233:
5325 YY_RULE_SETUP
5326 #line 448 "util/configlexer.lex"
5584 case 245:
5585 YY_RULE_SETUP
5586 #line 460 "util/configlexer.lex"
53275587 { YDVAR(2, VAR_LOCAL_ZONE_TAG) }
53285588 YY_BREAK
5329 case 234:
5330 YY_RULE_SETUP
5331 #line 449 "util/configlexer.lex"
5589 case 246:
5590 YY_RULE_SETUP
5591 #line 461 "util/configlexer.lex"
53325592 { YDVAR(2, VAR_ACCESS_CONTROL_TAG) }
53335593 YY_BREAK
5334 case 235:
5335 YY_RULE_SETUP
5336 #line 450 "util/configlexer.lex"
5594 case 247:
5595 YY_RULE_SETUP
5596 #line 462 "util/configlexer.lex"
53375597 { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) }
53385598 YY_BREAK
5339 case 236:
5340 YY_RULE_SETUP
5341 #line 451 "util/configlexer.lex"
5599 case 248:
5600 YY_RULE_SETUP
5601 #line 463 "util/configlexer.lex"
53425602 { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) }
53435603 YY_BREAK
5344 case 237:
5345 YY_RULE_SETUP
5346 #line 452 "util/configlexer.lex"
5604 case 249:
5605 YY_RULE_SETUP
5606 #line 464 "util/configlexer.lex"
53475607 { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) }
53485608 YY_BREAK
5349 case 238:
5350 YY_RULE_SETUP
5351 #line 453 "util/configlexer.lex"
5609 case 250:
5610 YY_RULE_SETUP
5611 #line 465 "util/configlexer.lex"
53525612 { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) }
53535613 YY_BREAK
5354 case 239:
5355 YY_RULE_SETUP
5356 #line 454 "util/configlexer.lex"
5614 case 251:
5615 YY_RULE_SETUP
5616 #line 466 "util/configlexer.lex"
53575617 { YDVAR(0, VAR_DNSTAP) }
53585618 YY_BREAK
5359 case 240:
5360 YY_RULE_SETUP
5361 #line 455 "util/configlexer.lex"
5619 case 252:
5620 YY_RULE_SETUP
5621 #line 467 "util/configlexer.lex"
53625622 { YDVAR(1, VAR_DNSTAP_ENABLE) }
53635623 YY_BREAK
5364 case 241:
5365 YY_RULE_SETUP
5366 #line 456 "util/configlexer.lex"
5624 case 253:
5625 YY_RULE_SETUP
5626 #line 468 "util/configlexer.lex"
53675627 { YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) }
53685628 YY_BREAK
5369 case 242:
5370 YY_RULE_SETUP
5371 #line 457 "util/configlexer.lex"
5629 case 254:
5630 YY_RULE_SETUP
5631 #line 469 "util/configlexer.lex"
53725632 { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) }
53735633 YY_BREAK
5374 case 243:
5375 YY_RULE_SETUP
5376 #line 458 "util/configlexer.lex"
5634 case 255:
5635 YY_RULE_SETUP
5636 #line 470 "util/configlexer.lex"
53775637 { YDVAR(1, VAR_DNSTAP_IP) }
53785638 YY_BREAK
5379 case 244:
5380 YY_RULE_SETUP
5381 #line 459 "util/configlexer.lex"
5639 case 256:
5640 YY_RULE_SETUP
5641 #line 471 "util/configlexer.lex"
53825642 { YDVAR(1, VAR_DNSTAP_TLS) }
53835643 YY_BREAK
5384 case 245:
5385 YY_RULE_SETUP
5386 #line 460 "util/configlexer.lex"
5644 case 257:
5645 YY_RULE_SETUP
5646 #line 472 "util/configlexer.lex"
53875647 { YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) }
53885648 YY_BREAK
5389 case 246:
5390 YY_RULE_SETUP
5391 #line 461 "util/configlexer.lex"
5649 case 258:
5650 YY_RULE_SETUP
5651 #line 473 "util/configlexer.lex"
53925652 { YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) }
53935653 YY_BREAK
5394 case 247:
5395 YY_RULE_SETUP
5396 #line 462 "util/configlexer.lex"
5654 case 259:
5655 YY_RULE_SETUP
5656 #line 474 "util/configlexer.lex"
53975657 {
53985658 YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) }
53995659 YY_BREAK
5400 case 248:
5401 YY_RULE_SETUP
5402 #line 464 "util/configlexer.lex"
5660 case 260:
5661 YY_RULE_SETUP
5662 #line 476 "util/configlexer.lex"
54035663 {
54045664 YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) }
54055665 YY_BREAK
5406 case 249:
5407 YY_RULE_SETUP
5408 #line 466 "util/configlexer.lex"
5666 case 261:
5667 YY_RULE_SETUP
5668 #line 478 "util/configlexer.lex"
54095669 { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) }
54105670 YY_BREAK
5411 case 250:
5412 YY_RULE_SETUP
5413 #line 467 "util/configlexer.lex"
5671 case 262:
5672 YY_RULE_SETUP
5673 #line 479 "util/configlexer.lex"
54145674 { YDVAR(1, VAR_DNSTAP_SEND_VERSION) }
54155675 YY_BREAK
5416 case 251:
5417 YY_RULE_SETUP
5418 #line 468 "util/configlexer.lex"
5676 case 263:
5677 YY_RULE_SETUP
5678 #line 480 "util/configlexer.lex"
54195679 { YDVAR(1, VAR_DNSTAP_IDENTITY) }
54205680 YY_BREAK
5421 case 252:
5422 YY_RULE_SETUP
5423 #line 469 "util/configlexer.lex"
5681 case 264:
5682 YY_RULE_SETUP
5683 #line 481 "util/configlexer.lex"
54245684 { YDVAR(1, VAR_DNSTAP_VERSION) }
54255685 YY_BREAK
5426 case 253:
5427 YY_RULE_SETUP
5428 #line 470 "util/configlexer.lex"
5686 case 265:
5687 YY_RULE_SETUP
5688 #line 482 "util/configlexer.lex"
54295689 {
54305690 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) }
54315691 YY_BREAK
5432 case 254:
5433 YY_RULE_SETUP
5434 #line 472 "util/configlexer.lex"
5692 case 266:
5693 YY_RULE_SETUP
5694 #line 484 "util/configlexer.lex"
54355695 {
54365696 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) }
54375697 YY_BREAK
5438 case 255:
5439 YY_RULE_SETUP
5440 #line 474 "util/configlexer.lex"
5698 case 267:
5699 YY_RULE_SETUP
5700 #line 486 "util/configlexer.lex"
54415701 {
54425702 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) }
54435703 YY_BREAK
5444 case 256:
5445 YY_RULE_SETUP
5446 #line 476 "util/configlexer.lex"
5704 case 268:
5705 YY_RULE_SETUP
5706 #line 488 "util/configlexer.lex"
54475707 {
54485708 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) }
54495709 YY_BREAK
5450 case 257:
5451 YY_RULE_SETUP
5452 #line 478 "util/configlexer.lex"
5710 case 269:
5711 YY_RULE_SETUP
5712 #line 490 "util/configlexer.lex"
54535713 {
54545714 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
54555715 YY_BREAK
5456 case 258:
5457 YY_RULE_SETUP
5458 #line 480 "util/configlexer.lex"
5716 case 270:
5717 YY_RULE_SETUP
5718 #line 492 "util/configlexer.lex"
54595719 {
54605720 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
54615721 YY_BREAK
5462 case 259:
5463 YY_RULE_SETUP
5464 #line 482 "util/configlexer.lex"
5722 case 271:
5723 YY_RULE_SETUP
5724 #line 494 "util/configlexer.lex"
54655725 { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) }
54665726 YY_BREAK
5467 case 260:
5468 YY_RULE_SETUP
5469 #line 483 "util/configlexer.lex"
5727 case 272:
5728 YY_RULE_SETUP
5729 #line 495 "util/configlexer.lex"
54705730 { YDVAR(1, VAR_IP_RATELIMIT) }
54715731 YY_BREAK
5472 case 261:
5473 YY_RULE_SETUP
5474 #line 484 "util/configlexer.lex"
5732 case 273:
5733 YY_RULE_SETUP
5734 #line 496 "util/configlexer.lex"
54755735 { YDVAR(1, VAR_RATELIMIT) }
54765736 YY_BREAK
5477 case 262:
5478 YY_RULE_SETUP
5479 #line 485 "util/configlexer.lex"
5737 case 274:
5738 YY_RULE_SETUP
5739 #line 497 "util/configlexer.lex"
54805740 { YDVAR(1, VAR_IP_RATELIMIT_SLABS) }
54815741 YY_BREAK
5482 case 263:
5483 YY_RULE_SETUP
5484 #line 486 "util/configlexer.lex"
5742 case 275:
5743 YY_RULE_SETUP
5744 #line 498 "util/configlexer.lex"
54855745 { YDVAR(1, VAR_RATELIMIT_SLABS) }
54865746 YY_BREAK
5487 case 264:
5488 YY_RULE_SETUP
5489 #line 487 "util/configlexer.lex"
5747 case 276:
5748 YY_RULE_SETUP
5749 #line 499 "util/configlexer.lex"
54905750 { YDVAR(1, VAR_IP_RATELIMIT_SIZE) }
54915751 YY_BREAK
5492 case 265:
5493 YY_RULE_SETUP
5494 #line 488 "util/configlexer.lex"
5752 case 277:
5753 YY_RULE_SETUP
5754 #line 500 "util/configlexer.lex"
54955755 { YDVAR(1, VAR_RATELIMIT_SIZE) }
54965756 YY_BREAK
5497 case 266:
5498 YY_RULE_SETUP
5499 #line 489 "util/configlexer.lex"
5757 case 278:
5758 YY_RULE_SETUP
5759 #line 501 "util/configlexer.lex"
55005760 { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) }
55015761 YY_BREAK
5502 case 267:
5503 YY_RULE_SETUP
5504 #line 490 "util/configlexer.lex"
5762 case 279:
5763 YY_RULE_SETUP
5764 #line 502 "util/configlexer.lex"
55055765 { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) }
55065766 YY_BREAK
5507 case 268:
5508 YY_RULE_SETUP
5509 #line 491 "util/configlexer.lex"
5767 case 280:
5768 YY_RULE_SETUP
5769 #line 503 "util/configlexer.lex"
55105770 { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) }
55115771 YY_BREAK
5512 case 269:
5513 YY_RULE_SETUP
5514 #line 492 "util/configlexer.lex"
5772 case 281:
5773 YY_RULE_SETUP
5774 #line 504 "util/configlexer.lex"
55155775 { YDVAR(1, VAR_RATELIMIT_FACTOR) }
55165776 YY_BREAK
5517 case 270:
5518 YY_RULE_SETUP
5519 #line 493 "util/configlexer.lex"
5777 case 282:
5778 YY_RULE_SETUP
5779 #line 505 "util/configlexer.lex"
5780 { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
5781 YY_BREAK
5782 case 283:
5783 YY_RULE_SETUP
5784 #line 506 "util/configlexer.lex"
5785 { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
5786 YY_BREAK
5787 case 284:
5788 YY_RULE_SETUP
5789 #line 507 "util/configlexer.lex"
5790 { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
5791 YY_BREAK
5792 case 285:
5793 YY_RULE_SETUP
5794 #line 508 "util/configlexer.lex"
55205795 { YDVAR(1, VAR_LOW_RTT) }
55215796 YY_BREAK
5522 case 271:
5523 YY_RULE_SETUP
5524 #line 494 "util/configlexer.lex"
5797 case 286:
5798 YY_RULE_SETUP
5799 #line 509 "util/configlexer.lex"
55255800 { YDVAR(1, VAR_FAST_SERVER_NUM) }
55265801 YY_BREAK
5527 case 272:
5528 YY_RULE_SETUP
5529 #line 495 "util/configlexer.lex"
5802 case 287:
5803 YY_RULE_SETUP
5804 #line 510 "util/configlexer.lex"
55305805 { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
55315806 YY_BREAK
5532 case 273:
5533 YY_RULE_SETUP
5534 #line 496 "util/configlexer.lex"
5807 case 288:
5808 YY_RULE_SETUP
5809 #line 511 "util/configlexer.lex"
55355810 { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
55365811 YY_BREAK
5537 case 274:
5538 YY_RULE_SETUP
5539 #line 497 "util/configlexer.lex"
5812 case 289:
5813 YY_RULE_SETUP
5814 #line 512 "util/configlexer.lex"
55405815 { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
55415816 YY_BREAK
5542 case 275:
5543 YY_RULE_SETUP
5544 #line 498 "util/configlexer.lex"
5817 case 290:
5818 YY_RULE_SETUP
5819 #line 513 "util/configlexer.lex"
55455820 { YDVAR(2, VAR_RESPONSE_IP_TAG) }
55465821 YY_BREAK
5547 case 276:
5548 YY_RULE_SETUP
5549 #line 499 "util/configlexer.lex"
5822 case 291:
5823 YY_RULE_SETUP
5824 #line 514 "util/configlexer.lex"
55505825 { YDVAR(2, VAR_RESPONSE_IP) }
55515826 YY_BREAK
5552 case 277:
5553 YY_RULE_SETUP
5554 #line 500 "util/configlexer.lex"
5827 case 292:
5828 YY_RULE_SETUP
5829 #line 515 "util/configlexer.lex"
55555830 { YDVAR(2, VAR_RESPONSE_IP_DATA) }
55565831 YY_BREAK
5557 case 278:
5558 YY_RULE_SETUP
5559 #line 501 "util/configlexer.lex"
5832 case 293:
5833 YY_RULE_SETUP
5834 #line 516 "util/configlexer.lex"
55605835 { YDVAR(0, VAR_DNSCRYPT) }
55615836 YY_BREAK
5562 case 279:
5563 YY_RULE_SETUP
5564 #line 502 "util/configlexer.lex"
5837 case 294:
5838 YY_RULE_SETUP
5839 #line 517 "util/configlexer.lex"
55655840 { YDVAR(1, VAR_DNSCRYPT_ENABLE) }
55665841 YY_BREAK
5567 case 280:
5568 YY_RULE_SETUP
5569 #line 503 "util/configlexer.lex"
5842 case 295:
5843 YY_RULE_SETUP
5844 #line 518 "util/configlexer.lex"
55705845 { YDVAR(1, VAR_DNSCRYPT_PORT) }
55715846 YY_BREAK
5572 case 281:
5573 YY_RULE_SETUP
5574 #line 504 "util/configlexer.lex"
5847 case 296:
5848 YY_RULE_SETUP
5849 #line 519 "util/configlexer.lex"
55755850 { YDVAR(1, VAR_DNSCRYPT_PROVIDER) }
55765851 YY_BREAK
5577 case 282:
5578 YY_RULE_SETUP
5579 #line 505 "util/configlexer.lex"
5852 case 297:
5853 YY_RULE_SETUP
5854 #line 520 "util/configlexer.lex"
55805855 { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) }
55815856 YY_BREAK
5582 case 283:
5583 YY_RULE_SETUP
5584 #line 506 "util/configlexer.lex"
5857 case 298:
5858 YY_RULE_SETUP
5859 #line 521 "util/configlexer.lex"
55855860 { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) }
55865861 YY_BREAK
5587 case 284:
5588 YY_RULE_SETUP
5589 #line 507 "util/configlexer.lex"
5862 case 299:
5863 YY_RULE_SETUP
5864 #line 522 "util/configlexer.lex"
55905865 { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) }
55915866 YY_BREAK
5592 case 285:
5593 YY_RULE_SETUP
5594 #line 508 "util/configlexer.lex"
5867 case 300:
5868 YY_RULE_SETUP
5869 #line 523 "util/configlexer.lex"
55955870 {
55965871 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) }
55975872 YY_BREAK
5598 case 286:
5599 YY_RULE_SETUP
5600 #line 510 "util/configlexer.lex"
5873 case 301:
5874 YY_RULE_SETUP
5875 #line 525 "util/configlexer.lex"
56015876 {
56025877 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) }
56035878 YY_BREAK
5604 case 287:
5605 YY_RULE_SETUP
5606 #line 512 "util/configlexer.lex"
5879 case 302:
5880 YY_RULE_SETUP
5881 #line 527 "util/configlexer.lex"
56075882 { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) }
56085883 YY_BREAK
5609 case 288:
5610 YY_RULE_SETUP
5611 #line 513 "util/configlexer.lex"
5884 case 303:
5885 YY_RULE_SETUP
5886 #line 528 "util/configlexer.lex"
56125887 { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) }
56135888 YY_BREAK
5614 case 289:
5615 YY_RULE_SETUP
5616 #line 514 "util/configlexer.lex"
5889 case 304:
5890 YY_RULE_SETUP
5891 #line 529 "util/configlexer.lex"
56175892 { YDVAR(1, VAR_PAD_RESPONSES) }
56185893 YY_BREAK
5619 case 290:
5620 YY_RULE_SETUP
5621 #line 515 "util/configlexer.lex"
5894 case 305:
5895 YY_RULE_SETUP
5896 #line 530 "util/configlexer.lex"
56225897 { YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) }
56235898 YY_BREAK
5624 case 291:
5625 YY_RULE_SETUP
5626 #line 516 "util/configlexer.lex"
5899 case 306:
5900 YY_RULE_SETUP
5901 #line 531 "util/configlexer.lex"
56275902 { YDVAR(1, VAR_PAD_QUERIES) }
56285903 YY_BREAK
5629 case 292:
5630 YY_RULE_SETUP
5631 #line 517 "util/configlexer.lex"
5904 case 307:
5905 YY_RULE_SETUP
5906 #line 532 "util/configlexer.lex"
56325907 { YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) }
56335908 YY_BREAK
5634 case 293:
5635 YY_RULE_SETUP
5636 #line 518 "util/configlexer.lex"
5909 case 308:
5910 YY_RULE_SETUP
5911 #line 533 "util/configlexer.lex"
56375912 { YDVAR(1, VAR_IPSECMOD_ENABLED) }
56385913 YY_BREAK
5639 case 294:
5640 YY_RULE_SETUP
5641 #line 519 "util/configlexer.lex"
5914 case 309:
5915 YY_RULE_SETUP
5916 #line 534 "util/configlexer.lex"
56425917 { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) }
56435918 YY_BREAK
5644 case 295:
5645 YY_RULE_SETUP
5646 #line 520 "util/configlexer.lex"
5919 case 310:
5920 YY_RULE_SETUP
5921 #line 535 "util/configlexer.lex"
56475922 { YDVAR(1, VAR_IPSECMOD_HOOK) }
56485923 YY_BREAK
5649 case 296:
5650 YY_RULE_SETUP
5651 #line 521 "util/configlexer.lex"
5924 case 311:
5925 YY_RULE_SETUP
5926 #line 536 "util/configlexer.lex"
56525927 { YDVAR(1, VAR_IPSECMOD_MAX_TTL) }
56535928 YY_BREAK
5654 case 297:
5655 YY_RULE_SETUP
5656 #line 522 "util/configlexer.lex"
5929 case 312:
5930 YY_RULE_SETUP
5931 #line 537 "util/configlexer.lex"
56575932 { YDVAR(1, VAR_IPSECMOD_WHITELIST) }
56585933 YY_BREAK
5659 case 298:
5660 YY_RULE_SETUP
5661 #line 523 "util/configlexer.lex"
5934 case 313:
5935 YY_RULE_SETUP
5936 #line 538 "util/configlexer.lex"
56625937 { YDVAR(1, VAR_IPSECMOD_WHITELIST) }
56635938 YY_BREAK
5664 case 299:
5665 YY_RULE_SETUP
5666 #line 524 "util/configlexer.lex"
5939 case 314:
5940 YY_RULE_SETUP
5941 #line 539 "util/configlexer.lex"
56675942 { YDVAR(1, VAR_IPSECMOD_STRICT) }
56685943 YY_BREAK
5669 case 300:
5670 YY_RULE_SETUP
5671 #line 525 "util/configlexer.lex"
5944 case 315:
5945 YY_RULE_SETUP
5946 #line 540 "util/configlexer.lex"
56725947 { YDVAR(0, VAR_CACHEDB) }
56735948 YY_BREAK
5674 case 301:
5675 YY_RULE_SETUP
5676 #line 526 "util/configlexer.lex"
5949 case 316:
5950 YY_RULE_SETUP
5951 #line 541 "util/configlexer.lex"
56775952 { YDVAR(1, VAR_CACHEDB_BACKEND) }
56785953 YY_BREAK
5679 case 302:
5680 YY_RULE_SETUP
5681 #line 527 "util/configlexer.lex"
5954 case 317:
5955 YY_RULE_SETUP
5956 #line 542 "util/configlexer.lex"
56825957 { YDVAR(1, VAR_CACHEDB_SECRETSEED) }
56835958 YY_BREAK
5684 case 303:
5685 YY_RULE_SETUP
5686 #line 528 "util/configlexer.lex"
5959 case 318:
5960 YY_RULE_SETUP
5961 #line 543 "util/configlexer.lex"
56875962 { YDVAR(1, VAR_CACHEDB_REDISHOST) }
56885963 YY_BREAK
5689 case 304:
5690 YY_RULE_SETUP
5691 #line 529 "util/configlexer.lex"
5964 case 319:
5965 YY_RULE_SETUP
5966 #line 544 "util/configlexer.lex"
56925967 { YDVAR(1, VAR_CACHEDB_REDISPORT) }
56935968 YY_BREAK
5694 case 305:
5695 YY_RULE_SETUP
5696 #line 530 "util/configlexer.lex"
5969 case 320:
5970 YY_RULE_SETUP
5971 #line 545 "util/configlexer.lex"
56975972 { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) }
56985973 YY_BREAK
5699 case 306:
5700 YY_RULE_SETUP
5701 #line 531 "util/configlexer.lex"
5974 case 321:
5975 YY_RULE_SETUP
5976 #line 546 "util/configlexer.lex"
57025977 { YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) }
57035978 YY_BREAK
5704 case 307:
5705 YY_RULE_SETUP
5706 #line 532 "util/configlexer.lex"
5979 case 322:
5980 YY_RULE_SETUP
5981 #line 547 "util/configlexer.lex"
57075982 { YDVAR(0, VAR_IPSET) }
57085983 YY_BREAK
5709 case 308:
5710 YY_RULE_SETUP
5711 #line 533 "util/configlexer.lex"
5984 case 323:
5985 YY_RULE_SETUP
5986 #line 548 "util/configlexer.lex"
57125987 { YDVAR(1, VAR_IPSET_NAME_V4) }
57135988 YY_BREAK
5714 case 309:
5715 YY_RULE_SETUP
5716 #line 534 "util/configlexer.lex"
5989 case 324:
5990 YY_RULE_SETUP
5991 #line 549 "util/configlexer.lex"
57175992 { YDVAR(1, VAR_IPSET_NAME_V6) }
57185993 YY_BREAK
5719 case 310:
5720 YY_RULE_SETUP
5721 #line 535 "util/configlexer.lex"
5994 case 325:
5995 YY_RULE_SETUP
5996 #line 550 "util/configlexer.lex"
57225997 { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
57235998 YY_BREAK
5724 case 311:
5725 YY_RULE_SETUP
5726 #line 536 "util/configlexer.lex"
5999 case 326:
6000 YY_RULE_SETUP
6001 #line 551 "util/configlexer.lex"
57276002 { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
57286003 YY_BREAK
5729 case 312:
5730 YY_RULE_SETUP
5731 #line 537 "util/configlexer.lex"
6004 case 327:
6005 YY_RULE_SETUP
6006 #line 552 "util/configlexer.lex"
57326007 { YDVAR(2, VAR_EDNS_CLIENT_STRING) }
57336008 YY_BREAK
5734 case 313:
5735 YY_RULE_SETUP
5736 #line 538 "util/configlexer.lex"
6009 case 328:
6010 YY_RULE_SETUP
6011 #line 553 "util/configlexer.lex"
57376012 { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) }
57386013 YY_BREAK
5739 case 314:
5740 YY_RULE_SETUP
5741 #line 539 "util/configlexer.lex"
6014 case 329:
6015 YY_RULE_SETUP
6016 #line 554 "util/configlexer.lex"
57426017 { YDVAR(1, VAR_NSID ) }
57436018 YY_BREAK
5744 case 315:
5745 /* rule 315 can match eol */
5746 YY_RULE_SETUP
5747 #line 540 "util/configlexer.lex"
6019 case 330:
6020 /* rule 330 can match eol */
6021 YY_RULE_SETUP
6022 #line 555 "util/configlexer.lex"
57486023 { LEXOUT(("NL\n")); cfg_parser->line++; }
57496024 YY_BREAK
57506025 /* Quoted strings. Strip leading and ending quotes */
5751 case 316:
5752 YY_RULE_SETUP
5753 #line 543 "util/configlexer.lex"
6026 case 331:
6027 YY_RULE_SETUP
6028 #line 558 "util/configlexer.lex"
57546029 { BEGIN(quotedstring); LEXOUT(("QS ")); }
57556030 YY_BREAK
57566031 case YY_STATE_EOF(quotedstring):
5757 #line 544 "util/configlexer.lex"
6032 #line 559 "util/configlexer.lex"
57586033 {
57596034 yyerror("EOF inside quoted string");
57606035 if(--num_args == 0) { BEGIN(INITIAL); }
57616036 else { BEGIN(val); }
57626037 }
57636038 YY_BREAK
5764 case 317:
5765 YY_RULE_SETUP
5766 #line 549 "util/configlexer.lex"
6039 case 332:
6040 YY_RULE_SETUP
6041 #line 564 "util/configlexer.lex"
57676042 { LEXOUT(("STR(%s) ", yytext)); yymore(); }
57686043 YY_BREAK
5769 case 318:
5770 /* rule 318 can match eol */
5771 YY_RULE_SETUP
5772 #line 550 "util/configlexer.lex"
6044 case 333:
6045 /* rule 333 can match eol */
6046 YY_RULE_SETUP
6047 #line 565 "util/configlexer.lex"
57736048 { yyerror("newline inside quoted string, no end \"");
57746049 cfg_parser->line++; BEGIN(INITIAL); }
57756050 YY_BREAK
5776 case 319:
5777 YY_RULE_SETUP
5778 #line 552 "util/configlexer.lex"
6051 case 334:
6052 YY_RULE_SETUP
6053 #line 567 "util/configlexer.lex"
57796054 {
57806055 LEXOUT(("QE "));
57816056 if(--num_args == 0) { BEGIN(INITIAL); }
57886063 }
57896064 YY_BREAK
57906065 /* Single Quoted strings. Strip leading and ending quotes */
5791 case 320:
5792 YY_RULE_SETUP
5793 #line 564 "util/configlexer.lex"
6066 case 335:
6067 YY_RULE_SETUP
6068 #line 579 "util/configlexer.lex"
57946069 { BEGIN(singlequotedstr); LEXOUT(("SQS ")); }
57956070 YY_BREAK
57966071 case YY_STATE_EOF(singlequotedstr):
5797 #line 565 "util/configlexer.lex"
6072 #line 580 "util/configlexer.lex"
57986073 {
57996074 yyerror("EOF inside quoted string");
58006075 if(--num_args == 0) { BEGIN(INITIAL); }
58016076 else { BEGIN(val); }
58026077 }
58036078 YY_BREAK
5804 case 321:
5805 YY_RULE_SETUP
5806 #line 570 "util/configlexer.lex"
6079 case 336:
6080 YY_RULE_SETUP
6081 #line 585 "util/configlexer.lex"
58076082 { LEXOUT(("STR(%s) ", yytext)); yymore(); }
58086083 YY_BREAK
5809 case 322:
5810 /* rule 322 can match eol */
5811 YY_RULE_SETUP
5812 #line 571 "util/configlexer.lex"
6084 case 337:
6085 /* rule 337 can match eol */
6086 YY_RULE_SETUP
6087 #line 586 "util/configlexer.lex"
58136088 { yyerror("newline inside quoted string, no end '");
58146089 cfg_parser->line++; BEGIN(INITIAL); }
58156090 YY_BREAK
5816 case 323:
5817 YY_RULE_SETUP
5818 #line 573 "util/configlexer.lex"
6091 case 338:
6092 YY_RULE_SETUP
6093 #line 588 "util/configlexer.lex"
58196094 {
58206095 LEXOUT(("SQE "));
58216096 if(--num_args == 0) { BEGIN(INITIAL); }
58286103 }
58296104 YY_BREAK
58306105 /* include: directive */
5831 case 324:
5832 YY_RULE_SETUP
5833 #line 585 "util/configlexer.lex"
6106 case 339:
6107 YY_RULE_SETUP
6108 #line 600 "util/configlexer.lex"
58346109 {
58356110 LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); }
58366111 YY_BREAK
58376112 case YY_STATE_EOF(include):
5838 #line 587 "util/configlexer.lex"
6113 #line 602 "util/configlexer.lex"
58396114 {
58406115 yyerror("EOF inside include directive");
58416116 BEGIN(inc_prev);
58426117 }
58436118 YY_BREAK
5844 case 325:
5845 YY_RULE_SETUP
5846 #line 591 "util/configlexer.lex"
6119 case 340:
6120 YY_RULE_SETUP
6121 #line 606 "util/configlexer.lex"
58476122 { LEXOUT(("ISP ")); /* ignore */ }
58486123 YY_BREAK
5849 case 326:
5850 /* rule 326 can match eol */
5851 YY_RULE_SETUP
5852 #line 592 "util/configlexer.lex"
6124 case 341:
6125 /* rule 341 can match eol */
6126 YY_RULE_SETUP
6127 #line 607 "util/configlexer.lex"
58536128 { LEXOUT(("NL\n")); cfg_parser->line++;}
58546129 YY_BREAK
5855 case 327:
5856 YY_RULE_SETUP
5857 #line 593 "util/configlexer.lex"
6130 case 342:
6131 YY_RULE_SETUP
6132 #line 608 "util/configlexer.lex"
58586133 { LEXOUT(("IQS ")); BEGIN(include_quoted); }
58596134 YY_BREAK
5860 case 328:
5861 YY_RULE_SETUP
5862 #line 594 "util/configlexer.lex"
6135 case 343:
6136 YY_RULE_SETUP
6137 #line 609 "util/configlexer.lex"
58636138 {
58646139 LEXOUT(("Iunquotedstr(%s) ", yytext));
58656140 config_start_include_glob(yytext, 0);
58676142 }
58686143 YY_BREAK
58696144 case YY_STATE_EOF(include_quoted):
5870 #line 599 "util/configlexer.lex"
6145 #line 614 "util/configlexer.lex"
58716146 {
58726147 yyerror("EOF inside quoted string");
58736148 BEGIN(inc_prev);
58746149 }
58756150 YY_BREAK
5876 case 329:
5877 YY_RULE_SETUP
5878 #line 603 "util/configlexer.lex"
6151 case 344:
6152 YY_RULE_SETUP
6153 #line 618 "util/configlexer.lex"
58796154 { LEXOUT(("ISTR(%s) ", yytext)); yymore(); }
58806155 YY_BREAK
5881 case 330:
5882 /* rule 330 can match eol */
5883 YY_RULE_SETUP
5884 #line 604 "util/configlexer.lex"
6156 case 345:
6157 /* rule 345 can match eol */
6158 YY_RULE_SETUP
6159 #line 619 "util/configlexer.lex"
58856160 { yyerror("newline before \" in include name");
58866161 cfg_parser->line++; BEGIN(inc_prev); }
58876162 YY_BREAK
5888 case 331:
5889 YY_RULE_SETUP
5890 #line 606 "util/configlexer.lex"
6163 case 346:
6164 YY_RULE_SETUP
6165 #line 621 "util/configlexer.lex"
58916166 {
58926167 LEXOUT(("IQE "));
58936168 yytext[yyleng - 1] = '\0';
58976172 YY_BREAK
58986173 case YY_STATE_EOF(INITIAL):
58996174 case YY_STATE_EOF(val):
5900 #line 612 "util/configlexer.lex"
6175 #line 627 "util/configlexer.lex"
59016176 {
59026177 LEXOUT(("LEXEOF "));
59036178 yy_set_bol(1); /* Set beginning of line, so "^" rules match. */
59126187 }
59136188 YY_BREAK
59146189 /* include-toplevel: directive */
5915 case 332:
5916 YY_RULE_SETUP
5917 #line 626 "util/configlexer.lex"
6190 case 347:
6191 YY_RULE_SETUP
6192 #line 641 "util/configlexer.lex"
59186193 {
59196194 LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel);
59206195 }
59216196 YY_BREAK
59226197 case YY_STATE_EOF(include_toplevel):
5923 #line 629 "util/configlexer.lex"
6198 #line 644 "util/configlexer.lex"
59246199 {
59256200 yyerror("EOF inside include_toplevel directive");
59266201 BEGIN(inc_prev);
59276202 }
59286203 YY_BREAK
5929 case 333:
5930 YY_RULE_SETUP
5931 #line 633 "util/configlexer.lex"
6204 case 348:
6205 YY_RULE_SETUP
6206 #line 648 "util/configlexer.lex"
59326207 { LEXOUT(("ITSP ")); /* ignore */ }
59336208 YY_BREAK
5934 case 334:
5935 /* rule 334 can match eol */
5936 YY_RULE_SETUP
5937 #line 634 "util/configlexer.lex"
6209 case 349:
6210 /* rule 349 can match eol */
6211 YY_RULE_SETUP
6212 #line 649 "util/configlexer.lex"
59386213 { LEXOUT(("NL\n")); cfg_parser->line++; }
59396214 YY_BREAK
5940 case 335:
5941 YY_RULE_SETUP
5942 #line 635 "util/configlexer.lex"
6215 case 350:
6216 YY_RULE_SETUP
6217 #line 650 "util/configlexer.lex"
59436218 { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); }
59446219 YY_BREAK
5945 case 336:
5946 YY_RULE_SETUP
5947 #line 636 "util/configlexer.lex"
6220 case 351:
6221 YY_RULE_SETUP
6222 #line 651 "util/configlexer.lex"
59486223 {
59496224 LEXOUT(("ITunquotedstr(%s) ", yytext));
59506225 config_start_include_glob(yytext, 1);
59536228 }
59546229 YY_BREAK
59556230 case YY_STATE_EOF(include_toplevel_quoted):
5956 #line 642 "util/configlexer.lex"
6231 #line 657 "util/configlexer.lex"
59576232 {
59586233 yyerror("EOF inside quoted string");
59596234 BEGIN(inc_prev);
59606235 }
59616236 YY_BREAK
5962 case 337:
5963 YY_RULE_SETUP
5964 #line 646 "util/configlexer.lex"
6237 case 352:
6238 YY_RULE_SETUP
6239 #line 661 "util/configlexer.lex"
59656240 { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); }
59666241 YY_BREAK
5967 case 338:
5968 /* rule 338 can match eol */
5969 YY_RULE_SETUP
5970 #line 647 "util/configlexer.lex"
6242 case 353:
6243 /* rule 353 can match eol */
6244 YY_RULE_SETUP
6245 #line 662 "util/configlexer.lex"
59716246 {
59726247 yyerror("newline before \" in include name");
59736248 cfg_parser->line++; BEGIN(inc_prev);
59746249 }
59756250 YY_BREAK
5976 case 339:
5977 YY_RULE_SETUP
5978 #line 651 "util/configlexer.lex"
6251 case 354:
6252 YY_RULE_SETUP
6253 #line 666 "util/configlexer.lex"
59796254 {
59806255 LEXOUT(("ITQE "));
59816256 yytext[yyleng - 1] = '\0';
59846259 return (VAR_FORCE_TOPLEVEL);
59856260 }
59866261 YY_BREAK
5987 case 340:
5988 YY_RULE_SETUP
5989 #line 659 "util/configlexer.lex"
6262 case 355:
6263 YY_RULE_SETUP
6264 #line 674 "util/configlexer.lex"
59906265 { LEXOUT(("unquotedstr(%s) ", yytext));
59916266 if(--num_args == 0) { BEGIN(INITIAL); }
59926267 yylval.str = strdup(yytext); return STRING_ARG; }
59936268 YY_BREAK
5994 case 341:
5995 YY_RULE_SETUP
5996 #line 663 "util/configlexer.lex"
6269 case 356:
6270 YY_RULE_SETUP
6271 #line 678 "util/configlexer.lex"
59976272 {
59986273 ub_c_error_msg("unknown keyword '%s'", yytext);
59996274 }
60006275 YY_BREAK
6001 case 342:
6002 YY_RULE_SETUP
6003 #line 667 "util/configlexer.lex"
6276 case 357:
6277 YY_RULE_SETUP
6278 #line 682 "util/configlexer.lex"
60046279 {
60056280 ub_c_error_msg("stray '%s'", yytext);
60066281 }
60076282 YY_BREAK
6008 case 343:
6009 YY_RULE_SETUP
6010 #line 671 "util/configlexer.lex"
6283 case 358:
6284 YY_RULE_SETUP
6285 #line 686 "util/configlexer.lex"
60116286 ECHO;
60126287 YY_BREAK
6013 #line 6012 "<stdout>"
6288 #line 6287 "<stdout>"
60146289
60156290 case YY_END_OF_BUFFER:
60166291 {
63056580 while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
63066581 {
63076582 yy_current_state = (int) yy_def[yy_current_state];
6308 if ( yy_current_state >= 3354 )
6583 if ( yy_current_state >= 3558 )
63096584 yy_c = yy_meta[yy_c];
63106585 }
63116586 yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
63336608 while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
63346609 {
63356610 yy_current_state = (int) yy_def[yy_current_state];
6336 if ( yy_current_state >= 3354 )
6611 if ( yy_current_state >= 3558 )
63376612 yy_c = yy_meta[yy_c];
63386613 }
63396614 yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
6340 yy_is_jam = (yy_current_state == 3353);
6615 yy_is_jam = (yy_current_state == 3557);
63416616
63426617 return yy_is_jam ? 0 : yy_current_state;
63436618 }
69767251
69777252 #define YYTABLES_NAME "yytables"
69787253
6979 #line 671 "util/configlexer.lex"
6980
6981
7254 #line 686 "util/configlexer.lex"
7255
7256
+15
-0
util/configlexer.lex less more
234234 tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) }
235235 outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) }
236236 tcp-idle-timeout{COLON} { YDVAR(1, VAR_TCP_IDLE_TIMEOUT) }
237 max-reuse-tcp-queries{COLON} { YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) }
238 tcp-reuse-timeout{COLON} { YDVAR(1, VAR_TCP_REUSE_TIMEOUT) }
239 tcp-auth-query-timeout{COLON} { YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) }
237240 edns-tcp-keepalive{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) }
238241 edns-tcp-keepalive-timeout{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) }
239242 ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) }
327330 stub-no-cache{COLON} { YDVAR(1, VAR_STUB_NO_CACHE) }
328331 stub-ssl-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) }
329332 stub-tls-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) }
333 stub-tcp-upstream{COLON} { YDVAR(1, VAR_STUB_TCP_UPSTREAM) }
330334 forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) }
331335 forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) }
332336 forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) }
334338 forward-no-cache{COLON} { YDVAR(1, VAR_FORWARD_NO_CACHE) }
335339 forward-ssl-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) }
336340 forward-tls-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) }
341 forward-tcp-upstream{COLON} { YDVAR(1, VAR_FORWARD_TCP_UPSTREAM) }
337342 auth-zone{COLON} { YDVAR(0, VAR_AUTH_ZONE) }
338343 rpz{COLON} { YDVAR(0, VAR_RPZ) }
339344 tags{COLON} { YDVAR(1, VAR_TAGS) }
341346 rpz-cname-override{COLON} { YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) }
342347 rpz-log{COLON} { YDVAR(1, VAR_RPZ_LOG) }
343348 rpz-log-name{COLON} { YDVAR(1, VAR_RPZ_LOG_NAME) }
349 rpz-signal-nxdomain-ra{COLON} { YDVAR(1, VAR_RPZ_SIGNAL_NXDOMAIN_RA) }
344350 zonefile{COLON} { YDVAR(1, VAR_ZONEFILE) }
345351 master{COLON} { YDVAR(1, VAR_MASTER) }
346352 primary{COLON} { YDVAR(1, VAR_MASTER) }
367373 hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) }
368374 hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) }
369375 hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
376 hide-http-user-agent{COLON} { YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) }
370377 identity{COLON} { YDVAR(1, VAR_IDENTITY) }
371378 version{COLON} { YDVAR(1, VAR_VERSION) }
379 http-user-agent{COLON} { YDVAR(1, VAR_HTTP_USER_AGENT) }
372380 module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) }
373381 dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) }
374382 dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) }
381389 val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) }
382390 val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) }
383391 val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) }
392 val-max-restart{COLON} { YDVAR(1, VAR_VAL_MAX_RESTART) }
384393 val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) }
385394 val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) }
386395 val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) }
400409 neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) }
401410 val-nsec3-keysize-iterations{COLON} {
402411 YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) }
412 zonemd-permissive-mode{COLON} { YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) }
413 zonemd-check{COLON} { YDVAR(1, VAR_ZONEMD_CHECK) }
414 zonemd-reject-absence{COLON} { YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) }
403415 add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) }
404416 del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) }
405417 keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) }
489501 ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) }
490502 ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) }
491503 ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }
504 ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
505 ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
506 outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
492507 low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) }
493508 fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) }
494509 low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
+3689
-3372
util/configparser.c less more
241241 VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */
242242 VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */
243243 VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */
244 VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */
245 VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */
246 VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */
247 VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */
248 VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */
249 VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */
250 VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */
251 VAR_PYTHON = 367, /* VAR_PYTHON */
252 VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */
253 VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */
254 VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */
255 VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */
256 VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */
257 VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */
258 VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */
259 VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */
260 VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */
261 VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */
262 VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */
263 VAR_PREFETCH = 379, /* VAR_PREFETCH */
264 VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */
265 VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */
266 VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */
267 VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */
268 VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */
269 VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */
270 VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */
271 VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */
272 VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */
273 VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */
274 VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */
275 VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */
276 VAR_SSL_PORT = 392, /* VAR_SSL_PORT */
277 VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */
278 VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */
279 VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */
280 VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */
281 VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */
282 VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */
283 VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */
284 VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */
285 VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
286 VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */
287 VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */
288 VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */
289 VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */
290 VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */
291 VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */
292 VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */
293 VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */
294 VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */
295 VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */
296 VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */
297 VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */
298 VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */
299 VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */
300 VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */
301 VAR_DNSTAP = 417, /* VAR_DNSTAP */
302 VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */
303 VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */
304 VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */
305 VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */
306 VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */
307 VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
308 VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
309 VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
310 VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */
311 VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */
312 VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */
313 VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */
314 VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */
315 VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
316 VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
317 VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
318 VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
319 VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
320 VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
321 VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */
322 VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */
323 VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */
324 VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */
325 VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */
326 VAR_IP_DSCP = 442, /* VAR_IP_DSCP */
327 VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
328 VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */
329 VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */
330 VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */
331 VAR_RATELIMIT = 447, /* VAR_RATELIMIT */
332 VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */
333 VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */
334 VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */
335 VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */
336 VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */
337 VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */
338 VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */
339 VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */
340 VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
341 VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */
342 VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
343 VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
344 VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
345 VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
346 VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
347 VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
348 VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */
349 VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */
350 VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */
351 VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */
352 VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */
353 VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */
354 VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */
355 VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */
356 VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */
357 VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */
358 VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */
359 VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */
360 VAR_VIEW = 476, /* VAR_VIEW */
361 VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */
362 VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */
363 VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */
364 VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */
365 VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */
366 VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */
367 VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
368 VAR_SERVE_ORIGINAL_TTL = 484, /* VAR_SERVE_ORIGINAL_TTL */
369 VAR_FAKE_DSA = 485, /* VAR_FAKE_DSA */
370 VAR_FAKE_SHA1 = 486, /* VAR_FAKE_SHA1 */
371 VAR_LOG_IDENTITY = 487, /* VAR_LOG_IDENTITY */
372 VAR_HIDE_TRUSTANCHOR = 488, /* VAR_HIDE_TRUSTANCHOR */
373 VAR_TRUST_ANCHOR_SIGNALING = 489, /* VAR_TRUST_ANCHOR_SIGNALING */
374 VAR_AGGRESSIVE_NSEC = 490, /* VAR_AGGRESSIVE_NSEC */
375 VAR_USE_SYSTEMD = 491, /* VAR_USE_SYSTEMD */
376 VAR_SHM_ENABLE = 492, /* VAR_SHM_ENABLE */
377 VAR_SHM_KEY = 493, /* VAR_SHM_KEY */
378 VAR_ROOT_KEY_SENTINEL = 494, /* VAR_ROOT_KEY_SENTINEL */
379 VAR_DNSCRYPT = 495, /* VAR_DNSCRYPT */
380 VAR_DNSCRYPT_ENABLE = 496, /* VAR_DNSCRYPT_ENABLE */
381 VAR_DNSCRYPT_PORT = 497, /* VAR_DNSCRYPT_PORT */
382 VAR_DNSCRYPT_PROVIDER = 498, /* VAR_DNSCRYPT_PROVIDER */
383 VAR_DNSCRYPT_SECRET_KEY = 499, /* VAR_DNSCRYPT_SECRET_KEY */
384 VAR_DNSCRYPT_PROVIDER_CERT = 500, /* VAR_DNSCRYPT_PROVIDER_CERT */
385 VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
386 VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
387 VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
388 VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
389 VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
390 VAR_PAD_RESPONSES = 506, /* VAR_PAD_RESPONSES */
391 VAR_PAD_RESPONSES_BLOCK_SIZE = 507, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
392 VAR_PAD_QUERIES = 508, /* VAR_PAD_QUERIES */
393 VAR_PAD_QUERIES_BLOCK_SIZE = 509, /* VAR_PAD_QUERIES_BLOCK_SIZE */
394 VAR_IPSECMOD_ENABLED = 510, /* VAR_IPSECMOD_ENABLED */
395 VAR_IPSECMOD_HOOK = 511, /* VAR_IPSECMOD_HOOK */
396 VAR_IPSECMOD_IGNORE_BOGUS = 512, /* VAR_IPSECMOD_IGNORE_BOGUS */
397 VAR_IPSECMOD_MAX_TTL = 513, /* VAR_IPSECMOD_MAX_TTL */
398 VAR_IPSECMOD_WHITELIST = 514, /* VAR_IPSECMOD_WHITELIST */
399 VAR_IPSECMOD_STRICT = 515, /* VAR_IPSECMOD_STRICT */
400 VAR_CACHEDB = 516, /* VAR_CACHEDB */
401 VAR_CACHEDB_BACKEND = 517, /* VAR_CACHEDB_BACKEND */
402 VAR_CACHEDB_SECRETSEED = 518, /* VAR_CACHEDB_SECRETSEED */
403 VAR_CACHEDB_REDISHOST = 519, /* VAR_CACHEDB_REDISHOST */
404 VAR_CACHEDB_REDISPORT = 520, /* VAR_CACHEDB_REDISPORT */
405 VAR_CACHEDB_REDISTIMEOUT = 521, /* VAR_CACHEDB_REDISTIMEOUT */
406 VAR_CACHEDB_REDISEXPIRERECORDS = 522, /* VAR_CACHEDB_REDISEXPIRERECORDS */
407 VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 523, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
408 VAR_FOR_UPSTREAM = 524, /* VAR_FOR_UPSTREAM */
409 VAR_AUTH_ZONE = 525, /* VAR_AUTH_ZONE */
410 VAR_ZONEFILE = 526, /* VAR_ZONEFILE */
411 VAR_MASTER = 527, /* VAR_MASTER */
412 VAR_URL = 528, /* VAR_URL */
413 VAR_FOR_DOWNSTREAM = 529, /* VAR_FOR_DOWNSTREAM */
414 VAR_FALLBACK_ENABLED = 530, /* VAR_FALLBACK_ENABLED */
415 VAR_TLS_ADDITIONAL_PORT = 531, /* VAR_TLS_ADDITIONAL_PORT */
416 VAR_LOW_RTT = 532, /* VAR_LOW_RTT */
417 VAR_LOW_RTT_PERMIL = 533, /* VAR_LOW_RTT_PERMIL */
418 VAR_FAST_SERVER_PERMIL = 534, /* VAR_FAST_SERVER_PERMIL */
419 VAR_FAST_SERVER_NUM = 535, /* VAR_FAST_SERVER_NUM */
420 VAR_ALLOW_NOTIFY = 536, /* VAR_ALLOW_NOTIFY */
421 VAR_TLS_WIN_CERT = 537, /* VAR_TLS_WIN_CERT */
422 VAR_TCP_CONNECTION_LIMIT = 538, /* VAR_TCP_CONNECTION_LIMIT */
423 VAR_FORWARD_NO_CACHE = 539, /* VAR_FORWARD_NO_CACHE */
424 VAR_STUB_NO_CACHE = 540, /* VAR_STUB_NO_CACHE */
425 VAR_LOG_SERVFAIL = 541, /* VAR_LOG_SERVFAIL */
426 VAR_DENY_ANY = 542, /* VAR_DENY_ANY */
427 VAR_UNKNOWN_SERVER_TIME_LIMIT = 543, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
428 VAR_LOG_TAG_QUERYREPLY = 544, /* VAR_LOG_TAG_QUERYREPLY */
429 VAR_STREAM_WAIT_SIZE = 545, /* VAR_STREAM_WAIT_SIZE */
430 VAR_TLS_CIPHERS = 546, /* VAR_TLS_CIPHERS */
431 VAR_TLS_CIPHERSUITES = 547, /* VAR_TLS_CIPHERSUITES */
432 VAR_TLS_USE_SNI = 548, /* VAR_TLS_USE_SNI */
433 VAR_IPSET = 549, /* VAR_IPSET */
434 VAR_IPSET_NAME_V4 = 550, /* VAR_IPSET_NAME_V4 */
435 VAR_IPSET_NAME_V6 = 551, /* VAR_IPSET_NAME_V6 */
436 VAR_TLS_SESSION_TICKET_KEYS = 552, /* VAR_TLS_SESSION_TICKET_KEYS */
437 VAR_RPZ = 553, /* VAR_RPZ */
438 VAR_TAGS = 554, /* VAR_TAGS */
439 VAR_RPZ_ACTION_OVERRIDE = 555, /* VAR_RPZ_ACTION_OVERRIDE */
440 VAR_RPZ_CNAME_OVERRIDE = 556, /* VAR_RPZ_CNAME_OVERRIDE */
441 VAR_RPZ_LOG = 557, /* VAR_RPZ_LOG */
442 VAR_RPZ_LOG_NAME = 558, /* VAR_RPZ_LOG_NAME */
443 VAR_DYNLIB = 559, /* VAR_DYNLIB */
444 VAR_DYNLIB_FILE = 560, /* VAR_DYNLIB_FILE */
445 VAR_EDNS_CLIENT_STRING = 561, /* VAR_EDNS_CLIENT_STRING */
446 VAR_EDNS_CLIENT_STRING_OPCODE = 562, /* VAR_EDNS_CLIENT_STRING_OPCODE */
447 VAR_NSID = 563 /* VAR_NSID */
244 VAR_TCP_REUSE_TIMEOUT = 360, /* VAR_TCP_REUSE_TIMEOUT */
245 VAR_MAX_REUSE_TCP_QUERIES = 361, /* VAR_MAX_REUSE_TCP_QUERIES */
246 VAR_EXTENDED_STATISTICS = 362, /* VAR_EXTENDED_STATISTICS */
247 VAR_LOCAL_DATA_PTR = 363, /* VAR_LOCAL_DATA_PTR */
248 VAR_JOSTLE_TIMEOUT = 364, /* VAR_JOSTLE_TIMEOUT */
249 VAR_STUB_PRIME = 365, /* VAR_STUB_PRIME */
250 VAR_UNWANTED_REPLY_THRESHOLD = 366, /* VAR_UNWANTED_REPLY_THRESHOLD */
251 VAR_LOG_TIME_ASCII = 367, /* VAR_LOG_TIME_ASCII */
252 VAR_DOMAIN_INSECURE = 368, /* VAR_DOMAIN_INSECURE */
253 VAR_PYTHON = 369, /* VAR_PYTHON */
254 VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */
255 VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */
256 VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */
257 VAR_VAL_MAX_RESTART = 373, /* VAR_VAL_MAX_RESTART */
258 VAR_CACHE_MIN_TTL = 374, /* VAR_CACHE_MIN_TTL */
259 VAR_VAL_LOG_LEVEL = 375, /* VAR_VAL_LOG_LEVEL */
260 VAR_AUTO_TRUST_ANCHOR_FILE = 376, /* VAR_AUTO_TRUST_ANCHOR_FILE */
261 VAR_KEEP_MISSING = 377, /* VAR_KEEP_MISSING */
262 VAR_ADD_HOLDDOWN = 378, /* VAR_ADD_HOLDDOWN */
263 VAR_DEL_HOLDDOWN = 379, /* VAR_DEL_HOLDDOWN */
264 VAR_SO_RCVBUF = 380, /* VAR_SO_RCVBUF */
265 VAR_EDNS_BUFFER_SIZE = 381, /* VAR_EDNS_BUFFER_SIZE */
266 VAR_PREFETCH = 382, /* VAR_PREFETCH */
267 VAR_PREFETCH_KEY = 383, /* VAR_PREFETCH_KEY */
268 VAR_SO_SNDBUF = 384, /* VAR_SO_SNDBUF */
269 VAR_SO_REUSEPORT = 385, /* VAR_SO_REUSEPORT */
270 VAR_HARDEN_BELOW_NXDOMAIN = 386, /* VAR_HARDEN_BELOW_NXDOMAIN */
271 VAR_IGNORE_CD_FLAG = 387, /* VAR_IGNORE_CD_FLAG */
272 VAR_LOG_QUERIES = 388, /* VAR_LOG_QUERIES */
273 VAR_LOG_REPLIES = 389, /* VAR_LOG_REPLIES */
274 VAR_LOG_LOCAL_ACTIONS = 390, /* VAR_LOG_LOCAL_ACTIONS */
275 VAR_TCP_UPSTREAM = 391, /* VAR_TCP_UPSTREAM */
276 VAR_SSL_UPSTREAM = 392, /* VAR_SSL_UPSTREAM */
277 VAR_TCP_AUTH_QUERY_TIMEOUT = 393, /* VAR_TCP_AUTH_QUERY_TIMEOUT */
278 VAR_SSL_SERVICE_KEY = 394, /* VAR_SSL_SERVICE_KEY */
279 VAR_SSL_SERVICE_PEM = 395, /* VAR_SSL_SERVICE_PEM */
280 VAR_SSL_PORT = 396, /* VAR_SSL_PORT */
281 VAR_FORWARD_FIRST = 397, /* VAR_FORWARD_FIRST */
282 VAR_STUB_SSL_UPSTREAM = 398, /* VAR_STUB_SSL_UPSTREAM */
283 VAR_FORWARD_SSL_UPSTREAM = 399, /* VAR_FORWARD_SSL_UPSTREAM */
284 VAR_TLS_CERT_BUNDLE = 400, /* VAR_TLS_CERT_BUNDLE */
285 VAR_STUB_TCP_UPSTREAM = 401, /* VAR_STUB_TCP_UPSTREAM */
286 VAR_FORWARD_TCP_UPSTREAM = 402, /* VAR_FORWARD_TCP_UPSTREAM */
287 VAR_HTTPS_PORT = 403, /* VAR_HTTPS_PORT */
288 VAR_HTTP_ENDPOINT = 404, /* VAR_HTTP_ENDPOINT */
289 VAR_HTTP_MAX_STREAMS = 405, /* VAR_HTTP_MAX_STREAMS */
290 VAR_HTTP_QUERY_BUFFER_SIZE = 406, /* VAR_HTTP_QUERY_BUFFER_SIZE */
291 VAR_HTTP_RESPONSE_BUFFER_SIZE = 407, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
292 VAR_HTTP_NODELAY = 408, /* VAR_HTTP_NODELAY */
293 VAR_HTTP_NOTLS_DOWNSTREAM = 409, /* VAR_HTTP_NOTLS_DOWNSTREAM */
294 VAR_STUB_FIRST = 410, /* VAR_STUB_FIRST */
295 VAR_MINIMAL_RESPONSES = 411, /* VAR_MINIMAL_RESPONSES */
296 VAR_RRSET_ROUNDROBIN = 412, /* VAR_RRSET_ROUNDROBIN */
297 VAR_MAX_UDP_SIZE = 413, /* VAR_MAX_UDP_SIZE */
298 VAR_DELAY_CLOSE = 414, /* VAR_DELAY_CLOSE */
299 VAR_UDP_CONNECT = 415, /* VAR_UDP_CONNECT */
300 VAR_UNBLOCK_LAN_ZONES = 416, /* VAR_UNBLOCK_LAN_ZONES */
301 VAR_INSECURE_LAN_ZONES = 417, /* VAR_INSECURE_LAN_ZONES */
302 VAR_INFRA_CACHE_MIN_RTT = 418, /* VAR_INFRA_CACHE_MIN_RTT */
303 VAR_INFRA_KEEP_PROBING = 419, /* VAR_INFRA_KEEP_PROBING */
304 VAR_DNS64_PREFIX = 420, /* VAR_DNS64_PREFIX */
305 VAR_DNS64_SYNTHALL = 421, /* VAR_DNS64_SYNTHALL */
306 VAR_DNS64_IGNORE_AAAA = 422, /* VAR_DNS64_IGNORE_AAAA */
307 VAR_DNSTAP = 423, /* VAR_DNSTAP */
308 VAR_DNSTAP_ENABLE = 424, /* VAR_DNSTAP_ENABLE */
309 VAR_DNSTAP_SOCKET_PATH = 425, /* VAR_DNSTAP_SOCKET_PATH */
310 VAR_DNSTAP_IP = 426, /* VAR_DNSTAP_IP */
311 VAR_DNSTAP_TLS = 427, /* VAR_DNSTAP_TLS */
312 VAR_DNSTAP_TLS_SERVER_NAME = 428, /* VAR_DNSTAP_TLS_SERVER_NAME */
313 VAR_DNSTAP_TLS_CERT_BUNDLE = 429, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
314 VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 430, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
315 VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
316 VAR_DNSTAP_SEND_IDENTITY = 432, /* VAR_DNSTAP_SEND_IDENTITY */
317 VAR_DNSTAP_SEND_VERSION = 433, /* VAR_DNSTAP_SEND_VERSION */
318 VAR_DNSTAP_BIDIRECTIONAL = 434, /* VAR_DNSTAP_BIDIRECTIONAL */
319 VAR_DNSTAP_IDENTITY = 435, /* VAR_DNSTAP_IDENTITY */
320 VAR_DNSTAP_VERSION = 436, /* VAR_DNSTAP_VERSION */
321 VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
322 VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
323 VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 439, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
324 VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
325 VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 441, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
326 VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
327 VAR_RESPONSE_IP_TAG = 443, /* VAR_RESPONSE_IP_TAG */
328 VAR_RESPONSE_IP = 444, /* VAR_RESPONSE_IP */
329 VAR_RESPONSE_IP_DATA = 445, /* VAR_RESPONSE_IP_DATA */
330 VAR_HARDEN_ALGO_DOWNGRADE = 446, /* VAR_HARDEN_ALGO_DOWNGRADE */
331 VAR_IP_TRANSPARENT = 447, /* VAR_IP_TRANSPARENT */
332 VAR_IP_DSCP = 448, /* VAR_IP_DSCP */
333 VAR_DISABLE_DNSSEC_LAME_CHECK = 449, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
334 VAR_IP_RATELIMIT = 450, /* VAR_IP_RATELIMIT */
335 VAR_IP_RATELIMIT_SLABS = 451, /* VAR_IP_RATELIMIT_SLABS */
336 VAR_IP_RATELIMIT_SIZE = 452, /* VAR_IP_RATELIMIT_SIZE */
337 VAR_RATELIMIT = 453, /* VAR_RATELIMIT */
338 VAR_RATELIMIT_SLABS = 454, /* VAR_RATELIMIT_SLABS */
339 VAR_RATELIMIT_SIZE = 455, /* VAR_RATELIMIT_SIZE */
340 VAR_OUTBOUND_MSG_RETRY = 456, /* VAR_OUTBOUND_MSG_RETRY */
341 VAR_RATELIMIT_FOR_DOMAIN = 457, /* VAR_RATELIMIT_FOR_DOMAIN */
342 VAR_RATELIMIT_BELOW_DOMAIN = 458, /* VAR_RATELIMIT_BELOW_DOMAIN */
343 VAR_IP_RATELIMIT_FACTOR = 459, /* VAR_IP_RATELIMIT_FACTOR */
344 VAR_RATELIMIT_FACTOR = 460, /* VAR_RATELIMIT_FACTOR */
345 VAR_IP_RATELIMIT_BACKOFF = 461, /* VAR_IP_RATELIMIT_BACKOFF */
346 VAR_RATELIMIT_BACKOFF = 462, /* VAR_RATELIMIT_BACKOFF */
347 VAR_SEND_CLIENT_SUBNET = 463, /* VAR_SEND_CLIENT_SUBNET */
348 VAR_CLIENT_SUBNET_ZONE = 464, /* VAR_CLIENT_SUBNET_ZONE */
349 VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 465, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
350 VAR_CLIENT_SUBNET_OPCODE = 466, /* VAR_CLIENT_SUBNET_OPCODE */
351 VAR_MAX_CLIENT_SUBNET_IPV4 = 467, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
352 VAR_MAX_CLIENT_SUBNET_IPV6 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
353 VAR_MIN_CLIENT_SUBNET_IPV4 = 469, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
354 VAR_MIN_CLIENT_SUBNET_IPV6 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
355 VAR_MAX_ECS_TREE_SIZE_IPV4 = 471, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
356 VAR_MAX_ECS_TREE_SIZE_IPV6 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
357 VAR_CAPS_WHITELIST = 473, /* VAR_CAPS_WHITELIST */
358 VAR_CACHE_MAX_NEGATIVE_TTL = 474, /* VAR_CACHE_MAX_NEGATIVE_TTL */
359 VAR_PERMIT_SMALL_HOLDDOWN = 475, /* VAR_PERMIT_SMALL_HOLDDOWN */
360 VAR_QNAME_MINIMISATION = 476, /* VAR_QNAME_MINIMISATION */
361 VAR_QNAME_MINIMISATION_STRICT = 477, /* VAR_QNAME_MINIMISATION_STRICT */
362 VAR_IP_FREEBIND = 478, /* VAR_IP_FREEBIND */
363 VAR_DEFINE_TAG = 479, /* VAR_DEFINE_TAG */
364 VAR_LOCAL_ZONE_TAG = 480, /* VAR_LOCAL_ZONE_TAG */
365 VAR_ACCESS_CONTROL_TAG = 481, /* VAR_ACCESS_CONTROL_TAG */
366 VAR_LOCAL_ZONE_OVERRIDE = 482, /* VAR_LOCAL_ZONE_OVERRIDE */
367 VAR_ACCESS_CONTROL_TAG_ACTION = 483, /* VAR_ACCESS_CONTROL_TAG_ACTION */
368 VAR_ACCESS_CONTROL_TAG_DATA = 484, /* VAR_ACCESS_CONTROL_TAG_DATA */
369 VAR_VIEW = 485, /* VAR_VIEW */
370 VAR_ACCESS_CONTROL_VIEW = 486, /* VAR_ACCESS_CONTROL_VIEW */
371 VAR_VIEW_FIRST = 487, /* VAR_VIEW_FIRST */
372 VAR_SERVE_EXPIRED = 488, /* VAR_SERVE_EXPIRED */
373 VAR_SERVE_EXPIRED_TTL = 489, /* VAR_SERVE_EXPIRED_TTL */
374 VAR_SERVE_EXPIRED_TTL_RESET = 490, /* VAR_SERVE_EXPIRED_TTL_RESET */
375 VAR_SERVE_EXPIRED_REPLY_TTL = 491, /* VAR_SERVE_EXPIRED_REPLY_TTL */
376 VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 492, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
377 VAR_SERVE_ORIGINAL_TTL = 493, /* VAR_SERVE_ORIGINAL_TTL */
378 VAR_FAKE_DSA = 494, /* VAR_FAKE_DSA */
379 VAR_FAKE_SHA1 = 495, /* VAR_FAKE_SHA1 */
380 VAR_LOG_IDENTITY = 496, /* VAR_LOG_IDENTITY */
381 VAR_HIDE_TRUSTANCHOR = 497, /* VAR_HIDE_TRUSTANCHOR */
382 VAR_HIDE_HTTP_USER_AGENT = 498, /* VAR_HIDE_HTTP_USER_AGENT */
383 VAR_HTTP_USER_AGENT = 499, /* VAR_HTTP_USER_AGENT */
384 VAR_TRUST_ANCHOR_SIGNALING = 500, /* VAR_TRUST_ANCHOR_SIGNALING */
385 VAR_AGGRESSIVE_NSEC = 501, /* VAR_AGGRESSIVE_NSEC */
386 VAR_USE_SYSTEMD = 502, /* VAR_USE_SYSTEMD */
387 VAR_SHM_ENABLE = 503, /* VAR_SHM_ENABLE */
388 VAR_SHM_KEY = 504, /* VAR_SHM_KEY */
389 VAR_ROOT_KEY_SENTINEL = 505, /* VAR_ROOT_KEY_SENTINEL */
390 VAR_DNSCRYPT = 506, /* VAR_DNSCRYPT */
391 VAR_DNSCRYPT_ENABLE = 507, /* VAR_DNSCRYPT_ENABLE */
392 VAR_DNSCRYPT_PORT = 508, /* VAR_DNSCRYPT_PORT */
393 VAR_DNSCRYPT_PROVIDER = 509, /* VAR_DNSCRYPT_PROVIDER */
394 VAR_DNSCRYPT_SECRET_KEY = 510, /* VAR_DNSCRYPT_SECRET_KEY */
395 VAR_DNSCRYPT_PROVIDER_CERT = 511, /* VAR_DNSCRYPT_PROVIDER_CERT */
396 VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 512, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
397 VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 513, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
398 VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 514, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
399 VAR_DNSCRYPT_NONCE_CACHE_SIZE = 515, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
400 VAR_DNSCRYPT_NONCE_CACHE_SLABS = 516, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
401 VAR_PAD_RESPONSES = 517, /* VAR_PAD_RESPONSES */
402 VAR_PAD_RESPONSES_BLOCK_SIZE = 518, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
403 VAR_PAD_QUERIES = 519, /* VAR_PAD_QUERIES */
404 VAR_PAD_QUERIES_BLOCK_SIZE = 520, /* VAR_PAD_QUERIES_BLOCK_SIZE */
405 VAR_IPSECMOD_ENABLED = 521, /* VAR_IPSECMOD_ENABLED */
406 VAR_IPSECMOD_HOOK = 522, /* VAR_IPSECMOD_HOOK */
407 VAR_IPSECMOD_IGNORE_BOGUS = 523, /* VAR_IPSECMOD_IGNORE_BOGUS */
408 VAR_IPSECMOD_MAX_TTL = 524, /* VAR_IPSECMOD_MAX_TTL */
409 VAR_IPSECMOD_WHITELIST = 525, /* VAR_IPSECMOD_WHITELIST */
410 VAR_IPSECMOD_STRICT = 526, /* VAR_IPSECMOD_STRICT */
411 VAR_CACHEDB = 527, /* VAR_CACHEDB */
412 VAR_CACHEDB_BACKEND = 528, /* VAR_CACHEDB_BACKEND */
413 VAR_CACHEDB_SECRETSEED = 529, /* VAR_CACHEDB_SECRETSEED */
414 VAR_CACHEDB_REDISHOST = 530, /* VAR_CACHEDB_REDISHOST */
415 VAR_CACHEDB_REDISPORT = 531, /* VAR_CACHEDB_REDISPORT */
416 VAR_CACHEDB_REDISTIMEOUT = 532, /* VAR_CACHEDB_REDISTIMEOUT */
417 VAR_CACHEDB_REDISEXPIRERECORDS = 533, /* VAR_CACHEDB_REDISEXPIRERECORDS */
418 VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 534, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
419 VAR_FOR_UPSTREAM = 535, /* VAR_FOR_UPSTREAM */
420 VAR_AUTH_ZONE = 536, /* VAR_AUTH_ZONE */
421 VAR_ZONEFILE = 537, /* VAR_ZONEFILE */
422 VAR_MASTER = 538, /* VAR_MASTER */
423 VAR_URL = 539, /* VAR_URL */
424 VAR_FOR_DOWNSTREAM = 540, /* VAR_FOR_DOWNSTREAM */
425 VAR_FALLBACK_ENABLED = 541, /* VAR_FALLBACK_ENABLED */
426 VAR_TLS_ADDITIONAL_PORT = 542, /* VAR_TLS_ADDITIONAL_PORT */
427 VAR_LOW_RTT = 543, /* VAR_LOW_RTT */
428 VAR_LOW_RTT_PERMIL = 544, /* VAR_LOW_RTT_PERMIL */
429 VAR_FAST_SERVER_PERMIL = 545, /* VAR_FAST_SERVER_PERMIL */
430 VAR_FAST_SERVER_NUM = 546, /* VAR_FAST_SERVER_NUM */
431 VAR_ALLOW_NOTIFY = 547, /* VAR_ALLOW_NOTIFY */
432 VAR_TLS_WIN_CERT = 548, /* VAR_TLS_WIN_CERT */
433 VAR_TCP_CONNECTION_LIMIT = 549, /* VAR_TCP_CONNECTION_LIMIT */
434 VAR_FORWARD_NO_CACHE = 550, /* VAR_FORWARD_NO_CACHE */
435 VAR_STUB_NO_CACHE = 551, /* VAR_STUB_NO_CACHE */
436 VAR_LOG_SERVFAIL = 552, /* VAR_LOG_SERVFAIL */
437 VAR_DENY_ANY = 553, /* VAR_DENY_ANY */
438 VAR_UNKNOWN_SERVER_TIME_LIMIT = 554, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
439 VAR_LOG_TAG_QUERYREPLY = 555, /* VAR_LOG_TAG_QUERYREPLY */
440 VAR_STREAM_WAIT_SIZE = 556, /* VAR_STREAM_WAIT_SIZE */
441 VAR_TLS_CIPHERS = 557, /* VAR_TLS_CIPHERS */
442 VAR_TLS_CIPHERSUITES = 558, /* VAR_TLS_CIPHERSUITES */
443 VAR_TLS_USE_SNI = 559, /* VAR_TLS_USE_SNI */
444 VAR_IPSET = 560, /* VAR_IPSET */
445 VAR_IPSET_NAME_V4 = 561, /* VAR_IPSET_NAME_V4 */
446 VAR_IPSET_NAME_V6 = 562, /* VAR_IPSET_NAME_V6 */
447 VAR_TLS_SESSION_TICKET_KEYS = 563, /* VAR_TLS_SESSION_TICKET_KEYS */
448 VAR_RPZ = 564, /* VAR_RPZ */
449 VAR_TAGS = 565, /* VAR_TAGS */
450 VAR_RPZ_ACTION_OVERRIDE = 566, /* VAR_RPZ_ACTION_OVERRIDE */
451 VAR_RPZ_CNAME_OVERRIDE = 567, /* VAR_RPZ_CNAME_OVERRIDE */
452 VAR_RPZ_LOG = 568, /* VAR_RPZ_LOG */
453 VAR_RPZ_LOG_NAME = 569, /* VAR_RPZ_LOG_NAME */
454 VAR_DYNLIB = 570, /* VAR_DYNLIB */
455 VAR_DYNLIB_FILE = 571, /* VAR_DYNLIB_FILE */
456 VAR_EDNS_CLIENT_STRING = 572, /* VAR_EDNS_CLIENT_STRING */
457 VAR_EDNS_CLIENT_STRING_OPCODE = 573, /* VAR_EDNS_CLIENT_STRING_OPCODE */
458 VAR_NSID = 574, /* VAR_NSID */
459 VAR_ZONEMD_PERMISSIVE_MODE = 575, /* VAR_ZONEMD_PERMISSIVE_MODE */
460 VAR_ZONEMD_CHECK = 576, /* VAR_ZONEMD_CHECK */
461 VAR_ZONEMD_REJECT_ABSENCE = 577, /* VAR_ZONEMD_REJECT_ABSENCE */
462 VAR_RPZ_SIGNAL_NXDOMAIN_RA = 578 /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
448463 };
449464 typedef enum yytokentype yytoken_kind_t;
450465 #endif
554569 #define VAR_CONTROL_KEY_FILE 357
555570 #define VAR_CONTROL_CERT_FILE 358
556571 #define VAR_CONTROL_USE_CERT 359
557 #define VAR_EXTENDED_STATISTICS 360
558 #define VAR_LOCAL_DATA_PTR 361
559 #define VAR_JOSTLE_TIMEOUT 362
560 #define VAR_STUB_PRIME 363
561 #define VAR_UNWANTED_REPLY_THRESHOLD 364
562 #define VAR_LOG_TIME_ASCII 365
563 #define VAR_DOMAIN_INSECURE 366
564 #define VAR_PYTHON 367
565 #define VAR_PYTHON_SCRIPT 368
566 #define VAR_VAL_SIG_SKEW_MIN 369
567 #define VAR_VAL_SIG_SKEW_MAX 370
568 #define VAR_CACHE_MIN_TTL 371
569 #define VAR_VAL_LOG_LEVEL 372
570 #define VAR_AUTO_TRUST_ANCHOR_FILE 373
571 #define VAR_KEEP_MISSING 374
572 #define VAR_ADD_HOLDDOWN 375
573 #define VAR_DEL_HOLDDOWN 376
574 #define VAR_SO_RCVBUF 377
575 #define VAR_EDNS_BUFFER_SIZE 378
576 #define VAR_PREFETCH 379
577 #define VAR_PREFETCH_KEY 380
578 #define VAR_SO_SNDBUF 381
579 #define VAR_SO_REUSEPORT 382
580 #define VAR_HARDEN_BELOW_NXDOMAIN 383
581 #define VAR_IGNORE_CD_FLAG 384
582 #define VAR_LOG_QUERIES 385
583 #define VAR_LOG_REPLIES 386
584 #define VAR_LOG_LOCAL_ACTIONS 387
585 #define VAR_TCP_UPSTREAM 388
586 #define VAR_SSL_UPSTREAM 389
587 #define VAR_SSL_SERVICE_KEY 390
588 #define VAR_SSL_SERVICE_PEM 391
589 #define VAR_SSL_PORT 392
590 #define VAR_FORWARD_FIRST 393
591 #define VAR_STUB_SSL_UPSTREAM 394
592 #define VAR_FORWARD_SSL_UPSTREAM 395
593 #define VAR_TLS_CERT_BUNDLE 396
594 #define VAR_HTTPS_PORT 397
595 #define VAR_HTTP_ENDPOINT 398
596 #define VAR_HTTP_MAX_STREAMS 399
597 #define VAR_HTTP_QUERY_BUFFER_SIZE 400
598 #define VAR_HTTP_RESPONSE_BUFFER_SIZE 401
599 #define VAR_HTTP_NODELAY 402
600 #define VAR_HTTP_NOTLS_DOWNSTREAM 403
601 #define VAR_STUB_FIRST 404
602 #define VAR_MINIMAL_RESPONSES 405
603 #define VAR_RRSET_ROUNDROBIN 406
604 #define VAR_MAX_UDP_SIZE 407
605 #define VAR_DELAY_CLOSE 408
606 #define VAR_UDP_CONNECT 409
607 #define VAR_UNBLOCK_LAN_ZONES 410
608 #define VAR_INSECURE_LAN_ZONES 411
609 #define VAR_INFRA_CACHE_MIN_RTT 412
610 #define VAR_INFRA_KEEP_PROBING 413
611 #define VAR_DNS64_PREFIX 414
612 #define VAR_DNS64_SYNTHALL 415
613 #define VAR_DNS64_IGNORE_AAAA 416
614 #define VAR_DNSTAP 417
615 #define VAR_DNSTAP_ENABLE 418
616 #define VAR_DNSTAP_SOCKET_PATH 419
617 #define VAR_DNSTAP_IP 420
618 #define VAR_DNSTAP_TLS 421
619 #define VAR_DNSTAP_TLS_SERVER_NAME 422
620 #define VAR_DNSTAP_TLS_CERT_BUNDLE 423
621 #define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424
622 #define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425
623 #define VAR_DNSTAP_SEND_IDENTITY 426
624 #define VAR_DNSTAP_SEND_VERSION 427
625 #define VAR_DNSTAP_BIDIRECTIONAL 428
626 #define VAR_DNSTAP_IDENTITY 429
627 #define VAR_DNSTAP_VERSION 430
628 #define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431
629 #define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432
630 #define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433
631 #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434
632 #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435
633 #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436
634 #define VAR_RESPONSE_IP_TAG 437
635 #define VAR_RESPONSE_IP 438
636 #define VAR_RESPONSE_IP_DATA 439
637 #define VAR_HARDEN_ALGO_DOWNGRADE 440
638 #define VAR_IP_TRANSPARENT 441
639 #define VAR_IP_DSCP 442
640 #define VAR_DISABLE_DNSSEC_LAME_CHECK 443
641 #define VAR_IP_RATELIMIT 444
642 #define VAR_IP_RATELIMIT_SLABS 445
643 #define VAR_IP_RATELIMIT_SIZE 446
644 #define VAR_RATELIMIT 447
645 #define VAR_RATELIMIT_SLABS 448
646 #define VAR_RATELIMIT_SIZE 449
647 #define VAR_RATELIMIT_FOR_DOMAIN 450
648 #define VAR_RATELIMIT_BELOW_DOMAIN 451
649 #define VAR_IP_RATELIMIT_FACTOR 452
650 #define VAR_RATELIMIT_FACTOR 453
651 #define VAR_SEND_CLIENT_SUBNET 454
652 #define VAR_CLIENT_SUBNET_ZONE 455
653 #define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456
654 #define VAR_CLIENT_SUBNET_OPCODE 457
655 #define VAR_MAX_CLIENT_SUBNET_IPV4 458
656 #define VAR_MAX_CLIENT_SUBNET_IPV6 459
657 #define VAR_MIN_CLIENT_SUBNET_IPV4 460
658 #define VAR_MIN_CLIENT_SUBNET_IPV6 461
659 #define VAR_MAX_ECS_TREE_SIZE_IPV4 462
660 #define VAR_MAX_ECS_TREE_SIZE_IPV6 463
661 #define VAR_CAPS_WHITELIST 464
662 #define VAR_CACHE_MAX_NEGATIVE_TTL 465
663 #define VAR_PERMIT_SMALL_HOLDDOWN 466
664 #define VAR_QNAME_MINIMISATION 467
665 #define VAR_QNAME_MINIMISATION_STRICT 468
666 #define VAR_IP_FREEBIND 469
667 #define VAR_DEFINE_TAG 470
668 #define VAR_LOCAL_ZONE_TAG 471
669 #define VAR_ACCESS_CONTROL_TAG 472
670 #define VAR_LOCAL_ZONE_OVERRIDE 473
671 #define VAR_ACCESS_CONTROL_TAG_ACTION 474
672 #define VAR_ACCESS_CONTROL_TAG_DATA 475
673 #define VAR_VIEW 476
674 #define VAR_ACCESS_CONTROL_VIEW 477
675 #define VAR_VIEW_FIRST 478
676 #define VAR_SERVE_EXPIRED 479
677 #define VAR_SERVE_EXPIRED_TTL 480
678 #define VAR_SERVE_EXPIRED_TTL_RESET 481
679 #define VAR_SERVE_EXPIRED_REPLY_TTL 482
680 #define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483
681 #define VAR_SERVE_ORIGINAL_TTL 484
682 #define VAR_FAKE_DSA 485
683 #define VAR_FAKE_SHA1 486
684 #define VAR_LOG_IDENTITY 487
685 #define VAR_HIDE_TRUSTANCHOR 488
686 #define VAR_TRUST_ANCHOR_SIGNALING 489
687 #define VAR_AGGRESSIVE_NSEC 490
688 #define VAR_USE_SYSTEMD 491
689 #define VAR_SHM_ENABLE 492
690 #define VAR_SHM_KEY 493
691 #define VAR_ROOT_KEY_SENTINEL 494
692 #define VAR_DNSCRYPT 495
693 #define VAR_DNSCRYPT_ENABLE 496
694 #define VAR_DNSCRYPT_PORT 497
695 #define VAR_DNSCRYPT_PROVIDER 498
696 #define VAR_DNSCRYPT_SECRET_KEY 499
697 #define VAR_DNSCRYPT_PROVIDER_CERT 500
698 #define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501
699 #define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502
700 #define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503
701 #define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504
702 #define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505
703 #define VAR_PAD_RESPONSES 506
704 #define VAR_PAD_RESPONSES_BLOCK_SIZE 507
705 #define VAR_PAD_QUERIES 508
706 #define VAR_PAD_QUERIES_BLOCK_SIZE 509
707 #define VAR_IPSECMOD_ENABLED 510
708 #define VAR_IPSECMOD_HOOK 511
709 #define VAR_IPSECMOD_IGNORE_BOGUS 512
710 #define VAR_IPSECMOD_MAX_TTL 513
711 #define VAR_IPSECMOD_WHITELIST 514
712 #define VAR_IPSECMOD_STRICT 515
713 #define VAR_CACHEDB 516
714 #define VAR_CACHEDB_BACKEND 517
715 #define VAR_CACHEDB_SECRETSEED 518
716 #define VAR_CACHEDB_REDISHOST 519
717 #define VAR_CACHEDB_REDISPORT 520
718 #define VAR_CACHEDB_REDISTIMEOUT 521
719 #define VAR_CACHEDB_REDISEXPIRERECORDS 522
720 #define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 523
721 #define VAR_FOR_UPSTREAM 524
722 #define VAR_AUTH_ZONE 525
723 #define VAR_ZONEFILE 526
724 #define VAR_MASTER 527
725 #define VAR_URL 528
726 #define VAR_FOR_DOWNSTREAM 529
727 #define VAR_FALLBACK_ENABLED 530
728 #define VAR_TLS_ADDITIONAL_PORT 531
729 #define VAR_LOW_RTT 532
730 #define VAR_LOW_RTT_PERMIL 533
731 #define VAR_FAST_SERVER_PERMIL 534
732 #define VAR_FAST_SERVER_NUM 535
733 #define VAR_ALLOW_NOTIFY 536
734 #define VAR_TLS_WIN_CERT 537
735 #define VAR_TCP_CONNECTION_LIMIT 538
736 #define VAR_FORWARD_NO_CACHE 539
737 #define VAR_STUB_NO_CACHE 540
738 #define VAR_LOG_SERVFAIL 541
739 #define VAR_DENY_ANY 542
740 #define VAR_UNKNOWN_SERVER_TIME_LIMIT 543
741 #define VAR_LOG_TAG_QUERYREPLY 544
742 #define VAR_STREAM_WAIT_SIZE 545
743 #define VAR_TLS_CIPHERS 546
744 #define VAR_TLS_CIPHERSUITES 547
745 #define VAR_TLS_USE_SNI 548
746 #define VAR_IPSET 549
747 #define VAR_IPSET_NAME_V4 550
748 #define VAR_IPSET_NAME_V6 551
749 #define VAR_TLS_SESSION_TICKET_KEYS 552
750 #define VAR_RPZ 553
751 #define VAR_TAGS 554
752 #define VAR_RPZ_ACTION_OVERRIDE 555
753 #define VAR_RPZ_CNAME_OVERRIDE 556
754 #define VAR_RPZ_LOG 557
755 #define VAR_RPZ_LOG_NAME 558
756 #define VAR_DYNLIB 559
757 #define VAR_DYNLIB_FILE 560
758 #define VAR_EDNS_CLIENT_STRING 561
759 #define VAR_EDNS_CLIENT_STRING_OPCODE 562
760 #define VAR_NSID 563
572 #define VAR_TCP_REUSE_TIMEOUT 360
573 #define VAR_MAX_REUSE_TCP_QUERIES 361
574 #define VAR_EXTENDED_STATISTICS 362
575 #define VAR_LOCAL_DATA_PTR 363
576 #define VAR_JOSTLE_TIMEOUT 364
577 #define VAR_STUB_PRIME 365
578 #define VAR_UNWANTED_REPLY_THRESHOLD 366
579 #define VAR_LOG_TIME_ASCII 367
580 #define VAR_DOMAIN_INSECURE 368
581 #define VAR_PYTHON 369
582 #define VAR_PYTHON_SCRIPT 370
583 #define VAR_VAL_SIG_SKEW_MIN 371
584 #define VAR_VAL_SIG_SKEW_MAX 372
585 #define VAR_VAL_MAX_RESTART 373
586 #define VAR_CACHE_MIN_TTL 374
587 #define VAR_VAL_LOG_LEVEL 375
588 #define VAR_AUTO_TRUST_ANCHOR_FILE 376
589 #define VAR_KEEP_MISSING 377
590 #define VAR_ADD_HOLDDOWN 378
591 #define VAR_DEL_HOLDDOWN 379
592 #define VAR_SO_RCVBUF 380
593 #define VAR_EDNS_BUFFER_SIZE 381
594 #define VAR_PREFETCH 382
595 #define VAR_PREFETCH_KEY 383
596 #define VAR_SO_SNDBUF 384
597 #define VAR_SO_REUSEPORT 385
598 #define VAR_HARDEN_BELOW_NXDOMAIN 386
599 #define VAR_IGNORE_CD_FLAG 387
600 #define VAR_LOG_QUERIES 388
601 #define VAR_LOG_REPLIES 389
602 #define VAR_LOG_LOCAL_ACTIONS 390
603 #define VAR_TCP_UPSTREAM 391
604 #define VAR_SSL_UPSTREAM 392
605 #define VAR_TCP_AUTH_QUERY_TIMEOUT 393
606 #define VAR_SSL_SERVICE_KEY 394
607 #define VAR_SSL_SERVICE_PEM 395
608 #define VAR_SSL_PORT 396
609 #define VAR_FORWARD_FIRST 397
610 #define VAR_STUB_SSL_UPSTREAM 398
611 #define VAR_FORWARD_SSL_UPSTREAM 399
612 #define VAR_TLS_CERT_BUNDLE 400
613 #define VAR_STUB_TCP_UPSTREAM 401
614 #define VAR_FORWARD_TCP_UPSTREAM 402
615 #define VAR_HTTPS_PORT 403
616 #define VAR_HTTP_ENDPOINT 404
617 #define VAR_HTTP_MAX_STREAMS 405
618 #define VAR_HTTP_QUERY_BUFFER_SIZE 406
619 #define VAR_HTTP_RESPONSE_BUFFER_SIZE 407
620 #define VAR_HTTP_NODELAY 408
621 #define VAR_HTTP_NOTLS_DOWNSTREAM 409
622 #define VAR_STUB_FIRST 410
623 #define VAR_MINIMAL_RESPONSES 411
624 #define VAR_RRSET_ROUNDROBIN 412
625 #define VAR_MAX_UDP_SIZE 413
626 #define VAR_DELAY_CLOSE 414
627 #define VAR_UDP_CONNECT 415
628 #define VAR_UNBLOCK_LAN_ZONES 416
629 #define VAR_INSECURE_LAN_ZONES 417
630 #define VAR_INFRA_CACHE_MIN_RTT 418
631 #define VAR_INFRA_KEEP_PROBING 419
632 #define VAR_DNS64_PREFIX 420
633 #define VAR_DNS64_SYNTHALL 421
634 #define VAR_DNS64_IGNORE_AAAA 422
635 #define VAR_DNSTAP 423
636 #define VAR_DNSTAP_ENABLE 424
637 #define VAR_DNSTAP_SOCKET_PATH 425
638 #define VAR_DNSTAP_IP 426
639 #define VAR_DNSTAP_TLS 427
640 #define VAR_DNSTAP_TLS_SERVER_NAME 428
641 #define VAR_DNSTAP_TLS_CERT_BUNDLE 429
642 #define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 430
643 #define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 431
644 #define VAR_DNSTAP_SEND_IDENTITY 432
645 #define VAR_DNSTAP_SEND_VERSION 433
646 #define VAR_DNSTAP_BIDIRECTIONAL 434
647 #define VAR_DNSTAP_IDENTITY 435
648 #define VAR_DNSTAP_VERSION 436
649 #define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 437
650 #define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 438
651 #define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 439
652 #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 440
653 #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 441
654 #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 442
655 #define VAR_RESPONSE_IP_TAG 443
656 #define VAR_RESPONSE_IP 444
657 #define VAR_RESPONSE_IP_DATA 445
658 #define VAR_HARDEN_ALGO_DOWNGRADE 446
659 #define VAR_IP_TRANSPARENT 447
660 #define VAR_IP_DSCP 448
661 #define VAR_DISABLE_DNSSEC_LAME_CHECK 449
662 #define VAR_IP_RATELIMIT 450
663 #define VAR_IP_RATELIMIT_SLABS 451
664 #define VAR_IP_RATELIMIT_SIZE 452
665 #define VAR_RATELIMIT 453
666 #define VAR_RATELIMIT_SLABS 454
667 #define VAR_RATELIMIT_SIZE 455
668 #define VAR_OUTBOUND_MSG_RETRY 456
669 #define VAR_RATELIMIT_FOR_DOMAIN 457
670 #define VAR_RATELIMIT_BELOW_DOMAIN 458
671 #define VAR_IP_RATELIMIT_FACTOR 459
672 #define VAR_RATELIMIT_FACTOR 460
673 #define VAR_IP_RATELIMIT_BACKOFF 461
674 #define VAR_RATELIMIT_BACKOFF 462
675 #define VAR_SEND_CLIENT_SUBNET 463
676 #define VAR_CLIENT_SUBNET_ZONE 464
677 #define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 465
678 #define VAR_CLIENT_SUBNET_OPCODE 466
679 #define VAR_MAX_CLIENT_SUBNET_IPV4 467
680 #define VAR_MAX_CLIENT_SUBNET_IPV6 468
681 #define VAR_MIN_CLIENT_SUBNET_IPV4 469
682 #define VAR_MIN_CLIENT_SUBNET_IPV6 470
683 #define VAR_MAX_ECS_TREE_SIZE_IPV4 471
684 #define VAR_MAX_ECS_TREE_SIZE_IPV6 472
685 #define VAR_CAPS_WHITELIST 473
686 #define VAR_CACHE_MAX_NEGATIVE_TTL 474
687 #define VAR_PERMIT_SMALL_HOLDDOWN 475
688 #define VAR_QNAME_MINIMISATION 476
689 #define VAR_QNAME_MINIMISATION_STRICT 477
690 #define VAR_IP_FREEBIND 478
691 #define VAR_DEFINE_TAG 479
692 #define VAR_LOCAL_ZONE_TAG 480
693 #define VAR_ACCESS_CONTROL_TAG 481
694 #define VAR_LOCAL_ZONE_OVERRIDE 482
695 #define VAR_ACCESS_CONTROL_TAG_ACTION 483
696 #define VAR_ACCESS_CONTROL_TAG_DATA 484
697 #define VAR_VIEW 485
698 #define VAR_ACCESS_CONTROL_VIEW 486
699 #define VAR_VIEW_FIRST 487
700 #define VAR_SERVE_EXPIRED 488
701 #define VAR_SERVE_EXPIRED_TTL 489
702 #define VAR_SERVE_EXPIRED_TTL_RESET 490
703 #define VAR_SERVE_EXPIRED_REPLY_TTL 491
704 #define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 492
705 #define VAR_SERVE_ORIGINAL_TTL 493
706 #define VAR_FAKE_DSA 494
707 #define VAR_FAKE_SHA1 495
708 #define VAR_LOG_IDENTITY 496
709 #define VAR_HIDE_TRUSTANCHOR 497
710 #define VAR_HIDE_HTTP_USER_AGENT 498
711 #define VAR_HTTP_USER_AGENT 499
712 #define VAR_TRUST_ANCHOR_SIGNALING 500
713 #define VAR_AGGRESSIVE_NSEC 501
714 #define VAR_USE_SYSTEMD 502
715 #define VAR_SHM_ENABLE 503
716 #define VAR_SHM_KEY 504
717 #define VAR_ROOT_KEY_SENTINEL 505
718 #define VAR_DNSCRYPT 506
719 #define VAR_DNSCRYPT_ENABLE 507
720 #define VAR_DNSCRYPT_PORT 508
721 #define VAR_DNSCRYPT_PROVIDER 509
722 #define VAR_DNSCRYPT_SECRET_KEY 510
723 #define VAR_DNSCRYPT_PROVIDER_CERT 511
724 #define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 512
725 #define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 513
726 #define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 514
727 #define VAR_DNSCRYPT_NONCE_CACHE_SIZE 515
728 #define VAR_DNSCRYPT_NONCE_CACHE_SLABS 516
729 #define VAR_PAD_RESPONSES 517
730 #define VAR_PAD_RESPONSES_BLOCK_SIZE 518
731 #define VAR_PAD_QUERIES 519
732 #define VAR_PAD_QUERIES_BLOCK_SIZE 520
733 #define VAR_IPSECMOD_ENABLED 521
734 #define VAR_IPSECMOD_HOOK 522
735 #define VAR_IPSECMOD_IGNORE_BOGUS 523
736 #define VAR_IPSECMOD_MAX_TTL 524
737 #define VAR_IPSECMOD_WHITELIST 525
738 #define VAR_IPSECMOD_STRICT 526
739 #define VAR_CACHEDB 527
740 #define VAR_CACHEDB_BACKEND 528
741 #define VAR_CACHEDB_SECRETSEED 529
742 #define VAR_CACHEDB_REDISHOST 530
743 #define VAR_CACHEDB_REDISPORT 531
744 #define VAR_CACHEDB_REDISTIMEOUT 532
745 #define VAR_CACHEDB_REDISEXPIRERECORDS 533
746 #define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 534
747 #define VAR_FOR_UPSTREAM 535
748 #define VAR_AUTH_ZONE 536
749 #define VAR_ZONEFILE 537
750 #define VAR_MASTER 538
751 #define VAR_URL 539
752 #define VAR_FOR_DOWNSTREAM 540
753 #define VAR_FALLBACK_ENABLED 541
754 #define VAR_TLS_ADDITIONAL_PORT 542
755 #define VAR_LOW_RTT 543
756 #define VAR_LOW_RTT_PERMIL 544
757 #define VAR_FAST_SERVER_PERMIL 545
758 #define VAR_FAST_SERVER_NUM 546
759 #define VAR_ALLOW_NOTIFY 547
760 #define VAR_TLS_WIN_CERT 548
761 #define VAR_TCP_CONNECTION_LIMIT 549
762 #define VAR_FORWARD_NO_CACHE 550
763 #define VAR_STUB_NO_CACHE 551
764 #define VAR_LOG_SERVFAIL 552
765 #define VAR_DENY_ANY 553
766 #define VAR_UNKNOWN_SERVER_TIME_LIMIT 554
767 #define VAR_LOG_TAG_QUERYREPLY 555
768 #define VAR_STREAM_WAIT_SIZE 556
769 #define VAR_TLS_CIPHERS 557
770 #define VAR_TLS_CIPHERSUITES 558
771 #define VAR_TLS_USE_SNI 559
772 #define VAR_IPSET 560
773 #define VAR_IPSET_NAME_V4 561
774 #define VAR_IPSET_NAME_V6 562
775 #define VAR_TLS_SESSION_TICKET_KEYS 563
776 #define VAR_RPZ 564
777 #define VAR_TAGS 565
778 #define VAR_RPZ_ACTION_OVERRIDE 566
779 #define VAR_RPZ_CNAME_OVERRIDE 567
780 #define VAR_RPZ_LOG 568
781 #define VAR_RPZ_LOG_NAME 569
782 #define VAR_DYNLIB 570
783 #define VAR_DYNLIB_FILE 571
784 #define VAR_EDNS_CLIENT_STRING 572
785 #define VAR_EDNS_CLIENT_STRING_OPCODE 573
786 #define VAR_NSID 574
787 #define VAR_ZONEMD_PERMISSIVE_MODE 575
788 #define VAR_ZONEMD_CHECK 576
789 #define VAR_ZONEMD_REJECT_ABSENCE 577
790 #define VAR_RPZ_SIGNAL_NXDOMAIN_RA 578
761791
762792 /* Value type. */
763793 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
767797
768798 char* str;
769799
770 #line 772 "util/configparser.c"
800 #line 802 "util/configparser.c"
771801
772802 };
773803 typedef union YYSTYPE YYSTYPE;
890920 YYSYMBOL_VAR_CONTROL_KEY_FILE = 102, /* VAR_CONTROL_KEY_FILE */
891921 YYSYMBOL_VAR_CONTROL_CERT_FILE = 103, /* VAR_CONTROL_CERT_FILE */
892922 YYSYMBOL_VAR_CONTROL_USE_CERT = 104, /* VAR_CONTROL_USE_CERT */
893 YYSYMBOL_VAR_EXTENDED_STATISTICS = 105, /* VAR_EXTENDED_STATISTICS */
894 YYSYMBOL_VAR_LOCAL_DATA_PTR = 106, /* VAR_LOCAL_DATA_PTR */
895 YYSYMBOL_VAR_JOSTLE_TIMEOUT = 107, /* VAR_JOSTLE_TIMEOUT */
896 YYSYMBOL_VAR_STUB_PRIME = 108, /* VAR_STUB_PRIME */
897 YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 109, /* VAR_UNWANTED_REPLY_THRESHOLD */
898 YYSYMBOL_VAR_LOG_TIME_ASCII = 110, /* VAR_LOG_TIME_ASCII */
899 YYSYMBOL_VAR_DOMAIN_INSECURE = 111, /* VAR_DOMAIN_INSECURE */
900 YYSYMBOL_VAR_PYTHON = 112, /* VAR_PYTHON */
901 YYSYMBOL_VAR_PYTHON_SCRIPT = 113, /* VAR_PYTHON_SCRIPT */
902 YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 114, /* VAR_VAL_SIG_SKEW_MIN */
903 YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 115, /* VAR_VAL_SIG_SKEW_MAX */
904 YYSYMBOL_VAR_CACHE_MIN_TTL = 116, /* VAR_CACHE_MIN_TTL */
905 YYSYMBOL_VAR_VAL_LOG_LEVEL = 117, /* VAR_VAL_LOG_LEVEL */
906 YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 118, /* VAR_AUTO_TRUST_ANCHOR_FILE */
907 YYSYMBOL_VAR_KEEP_MISSING = 119, /* VAR_KEEP_MISSING */
908 YYSYMBOL_VAR_ADD_HOLDDOWN = 120, /* VAR_ADD_HOLDDOWN */
909 YYSYMBOL_VAR_DEL_HOLDDOWN = 121, /* VAR_DEL_HOLDDOWN */
910 YYSYMBOL_VAR_SO_RCVBUF = 122, /* VAR_SO_RCVBUF */
911 YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 123, /* VAR_EDNS_BUFFER_SIZE */
912 YYSYMBOL_VAR_PREFETCH = 124, /* VAR_PREFETCH */
913 YYSYMBOL_VAR_PREFETCH_KEY = 125, /* VAR_PREFETCH_KEY */
914 YYSYMBOL_VAR_SO_SNDBUF = 126, /* VAR_SO_SNDBUF */
915 YYSYMBOL_VAR_SO_REUSEPORT = 127, /* VAR_SO_REUSEPORT */
916 YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 128, /* VAR_HARDEN_BELOW_NXDOMAIN */
917 YYSYMBOL_VAR_IGNORE_CD_FLAG = 129, /* VAR_IGNORE_CD_FLAG */
918 YYSYMBOL_VAR_LOG_QUERIES = 130, /* VAR_LOG_QUERIES */
919 YYSYMBOL_VAR_LOG_REPLIES = 131, /* VAR_LOG_REPLIES */
920 YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 132, /* VAR_LOG_LOCAL_ACTIONS */
921 YYSYMBOL_VAR_TCP_UPSTREAM = 133, /* VAR_TCP_UPSTREAM */
922 YYSYMBOL_VAR_SSL_UPSTREAM = 134, /* VAR_SSL_UPSTREAM */
923 YYSYMBOL_VAR_SSL_SERVICE_KEY = 135, /* VAR_SSL_SERVICE_KEY */
924 YYSYMBOL_VAR_SSL_SERVICE_PEM = 136, /* VAR_SSL_SERVICE_PEM */
925 YYSYMBOL_VAR_SSL_PORT = 137, /* VAR_SSL_PORT */
926 YYSYMBOL_VAR_FORWARD_FIRST = 138, /* VAR_FORWARD_FIRST */
927 YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 139, /* VAR_STUB_SSL_UPSTREAM */
928 YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 140, /* VAR_FORWARD_SSL_UPSTREAM */
929 YYSYMBOL_VAR_TLS_CERT_BUNDLE = 141, /* VAR_TLS_CERT_BUNDLE */
930 YYSYMBOL_VAR_HTTPS_PORT = 142, /* VAR_HTTPS_PORT */
931 YYSYMBOL_VAR_HTTP_ENDPOINT = 143, /* VAR_HTTP_ENDPOINT */
932 YYSYMBOL_VAR_HTTP_MAX_STREAMS = 144, /* VAR_HTTP_MAX_STREAMS */
933 YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 145, /* VAR_HTTP_QUERY_BUFFER_SIZE */
934 YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 146, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
935 YYSYMBOL_VAR_HTTP_NODELAY = 147, /* VAR_HTTP_NODELAY */
936 YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 148, /* VAR_HTTP_NOTLS_DOWNSTREAM */
937 YYSYMBOL_VAR_STUB_FIRST = 149, /* VAR_STUB_FIRST */
938 YYSYMBOL_VAR_MINIMAL_RESPONSES = 150, /* VAR_MINIMAL_RESPONSES */
939 YYSYMBOL_VAR_RRSET_ROUNDROBIN = 151, /* VAR_RRSET_ROUNDROBIN */
940 YYSYMBOL_VAR_MAX_UDP_SIZE = 152, /* VAR_MAX_UDP_SIZE */
941 YYSYMBOL_VAR_DELAY_CLOSE = 153, /* VAR_DELAY_CLOSE */
942 YYSYMBOL_VAR_UDP_CONNECT = 154, /* VAR_UDP_CONNECT */
943 YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 155, /* VAR_UNBLOCK_LAN_ZONES */
944 YYSYMBOL_VAR_INSECURE_LAN_ZONES = 156, /* VAR_INSECURE_LAN_ZONES */
945 YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 157, /* VAR_INFRA_CACHE_MIN_RTT */
946 YYSYMBOL_VAR_INFRA_KEEP_PROBING = 158, /* VAR_INFRA_KEEP_PROBING */
947 YYSYMBOL_VAR_DNS64_PREFIX = 159, /* VAR_DNS64_PREFIX */
948 YYSYMBOL_VAR_DNS64_SYNTHALL = 160, /* VAR_DNS64_SYNTHALL */
949 YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 161, /* VAR_DNS64_IGNORE_AAAA */
950 YYSYMBOL_VAR_DNSTAP = 162, /* VAR_DNSTAP */
951 YYSYMBOL_VAR_DNSTAP_ENABLE = 163, /* VAR_DNSTAP_ENABLE */
952 YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 164, /* VAR_DNSTAP_SOCKET_PATH */
953 YYSYMBOL_VAR_DNSTAP_IP = 165, /* VAR_DNSTAP_IP */
954 YYSYMBOL_VAR_DNSTAP_TLS = 166, /* VAR_DNSTAP_TLS */
955 YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 167, /* VAR_DNSTAP_TLS_SERVER_NAME */
956 YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 168, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
957 YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 169, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
958 YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 170, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
959 YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 171, /* VAR_DNSTAP_SEND_IDENTITY */
960 YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 172, /* VAR_DNSTAP_SEND_VERSION */
961 YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 173, /* VAR_DNSTAP_BIDIRECTIONAL */
962 YYSYMBOL_VAR_DNSTAP_IDENTITY = 174, /* VAR_DNSTAP_IDENTITY */
963 YYSYMBOL_VAR_DNSTAP_VERSION = 175, /* VAR_DNSTAP_VERSION */
964 YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 176, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
965 YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 177, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
966 YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 178, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
967 YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 179, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
968 YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 180, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
969 YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 181, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
970 YYSYMBOL_VAR_RESPONSE_IP_TAG = 182, /* VAR_RESPONSE_IP_TAG */
971 YYSYMBOL_VAR_RESPONSE_IP = 183, /* VAR_RESPONSE_IP */
972 YYSYMBOL_VAR_RESPONSE_IP_DATA = 184, /* VAR_RESPONSE_IP_DATA */
973 YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 185, /* VAR_HARDEN_ALGO_DOWNGRADE */
974 YYSYMBOL_VAR_IP_TRANSPARENT = 186, /* VAR_IP_TRANSPARENT */
975 YYSYMBOL_VAR_IP_DSCP = 187, /* VAR_IP_DSCP */
976 YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 188, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
977 YYSYMBOL_VAR_IP_RATELIMIT = 189, /* VAR_IP_RATELIMIT */
978 YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 190, /* VAR_IP_RATELIMIT_SLABS */
979 YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 191, /* VAR_IP_RATELIMIT_SIZE */
980 YYSYMBOL_VAR_RATELIMIT = 192, /* VAR_RATELIMIT */
981 YYSYMBOL_VAR_RATELIMIT_SLABS = 193, /* VAR_RATELIMIT_SLABS */
982 YYSYMBOL_VAR_RATELIMIT_SIZE = 194, /* VAR_RATELIMIT_SIZE */
983 YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 195, /* VAR_RATELIMIT_FOR_DOMAIN */
984 YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 196, /* VAR_RATELIMIT_BELOW_DOMAIN */
985 YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 197, /* VAR_IP_RATELIMIT_FACTOR */
986 YYSYMBOL_VAR_RATELIMIT_FACTOR = 198, /* VAR_RATELIMIT_FACTOR */
987 YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 199, /* VAR_SEND_CLIENT_SUBNET */
988 YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 200, /* VAR_CLIENT_SUBNET_ZONE */
989 YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 201, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
990 YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 202, /* VAR_CLIENT_SUBNET_OPCODE */
991 YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 203, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
992 YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 204, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
993 YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 205, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
994 YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 206, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
995 YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 207, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
996 YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 208, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
997 YYSYMBOL_VAR_CAPS_WHITELIST = 209, /* VAR_CAPS_WHITELIST */
998 YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 210, /* VAR_CACHE_MAX_NEGATIVE_TTL */
999 YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 211, /* VAR_PERMIT_SMALL_HOLDDOWN */
1000 YYSYMBOL_VAR_QNAME_MINIMISATION = 212, /* VAR_QNAME_MINIMISATION */
1001 YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 213, /* VAR_QNAME_MINIMISATION_STRICT */
1002 YYSYMBOL_VAR_IP_FREEBIND = 214, /* VAR_IP_FREEBIND */
1003 YYSYMBOL_VAR_DEFINE_TAG = 215, /* VAR_DEFINE_TAG */
1004 YYSYMBOL_VAR_LOCAL_ZONE_TAG = 216, /* VAR_LOCAL_ZONE_TAG */
1005 YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 217, /* VAR_ACCESS_CONTROL_TAG */
1006 YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 218, /* VAR_LOCAL_ZONE_OVERRIDE */
1007 YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 219, /* VAR_ACCESS_CONTROL_TAG_ACTION */
1008 YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 220, /* VAR_ACCESS_CONTROL_TAG_DATA */
1009 YYSYMBOL_VAR_VIEW = 221, /* VAR_VIEW */
1010 YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 222, /* VAR_ACCESS_CONTROL_VIEW */
1011 YYSYMBOL_VAR_VIEW_FIRST = 223, /* VAR_VIEW_FIRST */
1012 YYSYMBOL_VAR_SERVE_EXPIRED = 224, /* VAR_SERVE_EXPIRED */
1013 YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 225, /* VAR_SERVE_EXPIRED_TTL */
1014 YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 226, /* VAR_SERVE_EXPIRED_TTL_RESET */
1015 YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 227, /* VAR_SERVE_EXPIRED_REPLY_TTL */
1016 YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 228, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
1017 YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 229, /* VAR_SERVE_ORIGINAL_TTL */
1018 YYSYMBOL_VAR_FAKE_DSA = 230, /* VAR_FAKE_DSA */
1019 YYSYMBOL_VAR_FAKE_SHA1 = 231, /* VAR_FAKE_SHA1 */
1020 YYSYMBOL_VAR_LOG_IDENTITY = 232, /* VAR_LOG_IDENTITY */
1021 YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 233, /* VAR_HIDE_TRUSTANCHOR */
1022 YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 234, /* VAR_TRUST_ANCHOR_SIGNALING */
1023 YYSYMBOL_VAR_AGGRESSIVE_NSEC = 235, /* VAR_AGGRESSIVE_NSEC */
1024 YYSYMBOL_VAR_USE_SYSTEMD = 236, /* VAR_USE_SYSTEMD */
1025 YYSYMBOL_VAR_SHM_ENABLE = 237, /* VAR_SHM_ENABLE */
1026 YYSYMBOL_VAR_SHM_KEY = 238, /* VAR_SHM_KEY */
1027 YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 239, /* VAR_ROOT_KEY_SENTINEL */
1028 YYSYMBOL_VAR_DNSCRYPT = 240, /* VAR_DNSCRYPT */
1029 YYSYMBOL_VAR_DNSCRYPT_ENABLE = 241, /* VAR_DNSCRYPT_ENABLE */
1030 YYSYMBOL_VAR_DNSCRYPT_PORT = 242, /* VAR_DNSCRYPT_PORT */
1031 YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 243, /* VAR_DNSCRYPT_PROVIDER */
1032 YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 244, /* VAR_DNSCRYPT_SECRET_KEY */
1033 YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 245, /* VAR_DNSCRYPT_PROVIDER_CERT */
1034 YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 246, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
1035 YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 247, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
1036 YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 248, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
1037 YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 249, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
1038 YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 250, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
1039 YYSYMBOL_VAR_PAD_RESPONSES = 251, /* VAR_PAD_RESPONSES */
1040 YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 252, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
1041 YYSYMBOL_VAR_PAD_QUERIES = 253, /* VAR_PAD_QUERIES */
1042 YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 254, /* VAR_PAD_QUERIES_BLOCK_SIZE */
1043 YYSYMBOL_VAR_IPSECMOD_ENABLED = 255, /* VAR_IPSECMOD_ENABLED */
1044 YYSYMBOL_VAR_IPSECMOD_HOOK = 256, /* VAR_IPSECMOD_HOOK */
1045 YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 257, /* VAR_IPSECMOD_IGNORE_BOGUS */
1046 YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 258, /* VAR_IPSECMOD_MAX_TTL */
1047 YYSYMBOL_VAR_IPSECMOD_WHITELIST = 259, /* VAR_IPSECMOD_WHITELIST */
1048 YYSYMBOL_VAR_IPSECMOD_STRICT = 260, /* VAR_IPSECMOD_STRICT */
1049 YYSYMBOL_VAR_CACHEDB = 261, /* VAR_CACHEDB */
1050 YYSYMBOL_VAR_CACHEDB_BACKEND = 262, /* VAR_CACHEDB_BACKEND */
1051 YYSYMBOL_VAR_CACHEDB_SECRETSEED = 263, /* VAR_CACHEDB_SECRETSEED */
1052 YYSYMBOL_VAR_CACHEDB_REDISHOST = 264, /* VAR_CACHEDB_REDISHOST */
1053 YYSYMBOL_VAR_CACHEDB_REDISPORT = 265, /* VAR_CACHEDB_REDISPORT */
1054 YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 266, /* VAR_CACHEDB_REDISTIMEOUT */
1055 YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 267, /* VAR_CACHEDB_REDISEXPIRERECORDS */
1056 YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 268, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
1057 YYSYMBOL_VAR_FOR_UPSTREAM = 269, /* VAR_FOR_UPSTREAM */
1058 YYSYMBOL_VAR_AUTH_ZONE = 270, /* VAR_AUTH_ZONE */
1059 YYSYMBOL_VAR_ZONEFILE = 271, /* VAR_ZONEFILE */
1060 YYSYMBOL_VAR_MASTER = 272, /* VAR_MASTER */
1061 YYSYMBOL_VAR_URL = 273, /* VAR_URL */
1062 YYSYMBOL_VAR_FOR_DOWNSTREAM = 274, /* VAR_FOR_DOWNSTREAM */
1063 YYSYMBOL_VAR_FALLBACK_ENABLED = 275, /* VAR_FALLBACK_ENABLED */
1064 YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 276, /* VAR_TLS_ADDITIONAL_PORT */
1065 YYSYMBOL_VAR_LOW_RTT = 277, /* VAR_LOW_RTT */
1066 YYSYMBOL_VAR_LOW_RTT_PERMIL = 278, /* VAR_LOW_RTT_PERMIL */
1067 YYSYMBOL_VAR_FAST_SERVER_PERMIL = 279, /* VAR_FAST_SERVER_PERMIL */
1068 YYSYMBOL_VAR_FAST_SERVER_NUM = 280, /* VAR_FAST_SERVER_NUM */
1069 YYSYMBOL_VAR_ALLOW_NOTIFY = 281, /* VAR_ALLOW_NOTIFY */
1070 YYSYMBOL_VAR_TLS_WIN_CERT = 282, /* VAR_TLS_WIN_CERT */
1071 YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 283, /* VAR_TCP_CONNECTION_LIMIT */
1072 YYSYMBOL_VAR_FORWARD_NO_CACHE = 284, /* VAR_FORWARD_NO_CACHE */
1073 YYSYMBOL_VAR_STUB_NO_CACHE = 285, /* VAR_STUB_NO_CACHE */
1074 YYSYMBOL_VAR_LOG_SERVFAIL = 286, /* VAR_LOG_SERVFAIL */
1075 YYSYMBOL_VAR_DENY_ANY = 287, /* VAR_DENY_ANY */
1076 YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 288, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
1077 YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 289, /* VAR_LOG_TAG_QUERYREPLY */
1078 YYSYMBOL_VAR_STREAM_WAIT_SIZE = 290, /* VAR_STREAM_WAIT_SIZE */
1079 YYSYMBOL_VAR_TLS_CIPHERS = 291, /* VAR_TLS_CIPHERS */
1080 YYSYMBOL_VAR_TLS_CIPHERSUITES = 292, /* VAR_TLS_CIPHERSUITES */
1081 YYSYMBOL_VAR_TLS_USE_SNI = 293, /* VAR_TLS_USE_SNI */
1082 YYSYMBOL_VAR_IPSET = 294, /* VAR_IPSET */
1083 YYSYMBOL_VAR_IPSET_NAME_V4 = 295, /* VAR_IPSET_NAME_V4 */
1084 YYSYMBOL_VAR_IPSET_NAME_V6 = 296, /* VAR_IPSET_NAME_V6 */
1085 YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 297, /* VAR_TLS_SESSION_TICKET_KEYS */
1086 YYSYMBOL_VAR_RPZ = 298, /* VAR_RPZ */
1087 YYSYMBOL_VAR_TAGS = 299, /* VAR_TAGS */
1088 YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 300, /* VAR_RPZ_ACTION_OVERRIDE */
1089 YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 301, /* VAR_RPZ_CNAME_OVERRIDE */
1090 YYSYMBOL_VAR_RPZ_LOG = 302, /* VAR_RPZ_LOG */
1091 YYSYMBOL_VAR_RPZ_LOG_NAME = 303, /* VAR_RPZ_LOG_NAME */
1092 YYSYMBOL_VAR_DYNLIB = 304, /* VAR_DYNLIB */
1093 YYSYMBOL_VAR_DYNLIB_FILE = 305, /* VAR_DYNLIB_FILE */
1094 YYSYMBOL_VAR_EDNS_CLIENT_STRING = 306, /* VAR_EDNS_CLIENT_STRING */
1095 YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 307, /* VAR_EDNS_CLIENT_STRING_OPCODE */
1096 YYSYMBOL_VAR_NSID = 308, /* VAR_NSID */
1097 YYSYMBOL_YYACCEPT = 309, /* $accept */
1098 YYSYMBOL_toplevelvars = 310, /* toplevelvars */
1099 YYSYMBOL_toplevelvar = 311, /* toplevelvar */
1100 YYSYMBOL_force_toplevel = 312, /* force_toplevel */
1101 YYSYMBOL_serverstart = 313, /* serverstart */
1102 YYSYMBOL_contents_server = 314, /* contents_server */
1103 YYSYMBOL_content_server = 315, /* content_server */
1104 YYSYMBOL_stubstart = 316, /* stubstart */
1105 YYSYMBOL_contents_stub = 317, /* contents_stub */
1106 YYSYMBOL_content_stub = 318, /* content_stub */
1107 YYSYMBOL_forwardstart = 319, /* forwardstart */
1108 YYSYMBOL_contents_forward = 320, /* contents_forward */
1109 YYSYMBOL_content_forward = 321, /* content_forward */
1110 YYSYMBOL_viewstart = 322, /* viewstart */
1111 YYSYMBOL_contents_view = 323, /* contents_view */
1112 YYSYMBOL_content_view = 324, /* content_view */
1113 YYSYMBOL_authstart = 325, /* authstart */
1114 YYSYMBOL_contents_auth = 326, /* contents_auth */
1115 YYSYMBOL_content_auth = 327, /* content_auth */
1116 YYSYMBOL_rpz_tag = 328, /* rpz_tag */
1117 YYSYMBOL_rpz_action_override = 329, /* rpz_action_override */
1118 YYSYMBOL_rpz_cname_override = 330, /* rpz_cname_override */
1119 YYSYMBOL_rpz_log = 331, /* rpz_log */
1120 YYSYMBOL_rpz_log_name = 332, /* rpz_log_name */
1121 YYSYMBOL_rpzstart = 333, /* rpzstart */
1122 YYSYMBOL_contents_rpz = 334, /* contents_rpz */
1123 YYSYMBOL_content_rpz = 335, /* content_rpz */
1124 YYSYMBOL_server_num_threads = 336, /* server_num_threads */
1125 YYSYMBOL_server_verbosity = 337, /* server_verbosity */
1126 YYSYMBOL_server_statistics_interval = 338, /* server_statistics_interval */
1127 YYSYMBOL_server_statistics_cumulative = 339, /* server_statistics_cumulative */
1128 YYSYMBOL_server_extended_statistics = 340, /* server_extended_statistics */
1129 YYSYMBOL_server_shm_enable = 341, /* server_shm_enable */
1130 YYSYMBOL_server_shm_key = 342, /* server_shm_key */
1131 YYSYMBOL_server_port = 343, /* server_port */
1132 YYSYMBOL_server_send_client_subnet = 344, /* server_send_client_subnet */
1133 YYSYMBOL_server_client_subnet_zone = 345, /* server_client_subnet_zone */
1134 YYSYMBOL_server_client_subnet_always_forward = 346, /* server_client_subnet_always_forward */
1135 YYSYMBOL_server_client_subnet_opcode = 347, /* server_client_subnet_opcode */
1136 YYSYMBOL_server_max_client_subnet_ipv4 = 348, /* server_max_client_subnet_ipv4 */
1137 YYSYMBOL_server_max_client_subnet_ipv6 = 349, /* server_max_client_subnet_ipv6 */
1138 YYSYMBOL_server_min_client_subnet_ipv4 = 350, /* server_min_client_subnet_ipv4 */
1139 YYSYMBOL_server_min_client_subnet_ipv6 = 351, /* server_min_client_subnet_ipv6 */
1140 YYSYMBOL_server_max_ecs_tree_size_ipv4 = 352, /* server_max_ecs_tree_size_ipv4 */
1141 YYSYMBOL_server_max_ecs_tree_size_ipv6 = 353, /* server_max_ecs_tree_size_ipv6 */
1142 YYSYMBOL_server_interface = 354, /* server_interface */
1143 YYSYMBOL_server_outgoing_interface = 355, /* server_outgoing_interface */
1144 YYSYMBOL_server_outgoing_range = 356, /* server_outgoing_range */
1145 YYSYMBOL_server_outgoing_port_permit = 357, /* server_outgoing_port_permit */
1146 YYSYMBOL_server_outgoing_port_avoid = 358, /* server_outgoing_port_avoid */
1147 YYSYMBOL_server_outgoing_num_tcp = 359, /* server_outgoing_num_tcp */
1148 YYSYMBOL_server_incoming_num_tcp = 360, /* server_incoming_num_tcp */
1149 YYSYMBOL_server_interface_automatic = 361, /* server_interface_automatic */
1150 YYSYMBOL_server_do_ip4 = 362, /* server_do_ip4 */
1151 YYSYMBOL_server_do_ip6 = 363, /* server_do_ip6 */
1152 YYSYMBOL_server_do_udp = 364, /* server_do_udp */
1153 YYSYMBOL_server_do_tcp = 365, /* server_do_tcp */
1154 YYSYMBOL_server_prefer_ip4 = 366, /* server_prefer_ip4 */
1155 YYSYMBOL_server_prefer_ip6 = 367, /* server_prefer_ip6 */
1156 YYSYMBOL_server_tcp_mss = 368, /* server_tcp_mss */
1157 YYSYMBOL_server_outgoing_tcp_mss = 369, /* server_outgoing_tcp_mss */
1158 YYSYMBOL_server_tcp_idle_timeout = 370, /* server_tcp_idle_timeout */
1159 YYSYMBOL_server_tcp_keepalive = 371, /* server_tcp_keepalive */
1160 YYSYMBOL_server_tcp_keepalive_timeout = 372, /* server_tcp_keepalive_timeout */
1161 YYSYMBOL_server_tcp_upstream = 373, /* server_tcp_upstream */
1162 YYSYMBOL_server_udp_upstream_without_downstream = 374, /* server_udp_upstream_without_downstream */
1163 YYSYMBOL_server_ssl_upstream = 375, /* server_ssl_upstream */
1164 YYSYMBOL_server_ssl_service_key = 376, /* server_ssl_service_key */
1165 YYSYMBOL_server_ssl_service_pem = 377, /* server_ssl_service_pem */
1166 YYSYMBOL_server_ssl_port = 378, /* server_ssl_port */
1167 YYSYMBOL_server_tls_cert_bundle = 379, /* server_tls_cert_bundle */
1168 YYSYMBOL_server_tls_win_cert = 380, /* server_tls_win_cert */
1169 YYSYMBOL_server_tls_additional_port = 381, /* server_tls_additional_port */
1170 YYSYMBOL_server_tls_ciphers = 382, /* server_tls_ciphers */
1171 YYSYMBOL_server_tls_ciphersuites = 383, /* server_tls_ciphersuites */
1172 YYSYMBOL_server_tls_session_ticket_keys = 384, /* server_tls_session_ticket_keys */
1173 YYSYMBOL_server_tls_use_sni = 385, /* server_tls_use_sni */
1174 YYSYMBOL_server_https_port = 386, /* server_https_port */
1175 YYSYMBOL_server_http_endpoint = 387, /* server_http_endpoint */
1176 YYSYMBOL_server_http_max_streams = 388, /* server_http_max_streams */
1177 YYSYMBOL_server_http_query_buffer_size = 389, /* server_http_query_buffer_size */
1178 YYSYMBOL_server_http_response_buffer_size = 390, /* server_http_response_buffer_size */
1179 YYSYMBOL_server_http_nodelay = 391, /* server_http_nodelay */
1180 YYSYMBOL_server_http_notls_downstream = 392, /* server_http_notls_downstream */
1181 YYSYMBOL_server_use_systemd = 393, /* server_use_systemd */
1182 YYSYMBOL_server_do_daemonize = 394, /* server_do_daemonize */
1183 YYSYMBOL_server_use_syslog = 395, /* server_use_syslog */
1184 YYSYMBOL_server_log_time_ascii = 396, /* server_log_time_ascii */
1185 YYSYMBOL_server_log_queries = 397, /* server_log_queries */
1186 YYSYMBOL_server_log_replies = 398, /* server_log_replies */
1187 YYSYMBOL_server_log_tag_queryreply = 399, /* server_log_tag_queryreply */
1188 YYSYMBOL_server_log_servfail = 400, /* server_log_servfail */
1189 YYSYMBOL_server_log_local_actions = 401, /* server_log_local_actions */
1190 YYSYMBOL_server_chroot = 402, /* server_chroot */
1191 YYSYMBOL_server_username = 403, /* server_username */
1192 YYSYMBOL_server_directory = 404, /* server_directory */
1193 YYSYMBOL_server_logfile = 405, /* server_logfile */
1194 YYSYMBOL_server_pidfile = 406, /* server_pidfile */
1195 YYSYMBOL_server_root_hints = 407, /* server_root_hints */
1196 YYSYMBOL_server_dlv_anchor_file = 408, /* server_dlv_anchor_file */
1197 YYSYMBOL_server_dlv_anchor = 409, /* server_dlv_anchor */
1198 YYSYMBOL_server_auto_trust_anchor_file = 410, /* server_auto_trust_anchor_file */
1199 YYSYMBOL_server_trust_anchor_file = 411, /* server_trust_anchor_file */
1200 YYSYMBOL_server_trusted_keys_file = 412, /* server_trusted_keys_file */
1201 YYSYMBOL_server_trust_anchor = 413, /* server_trust_anchor */
1202 YYSYMBOL_server_trust_anchor_signaling = 414, /* server_trust_anchor_signaling */
1203 YYSYMBOL_server_root_key_sentinel = 415, /* server_root_key_sentinel */
1204 YYSYMBOL_server_domain_insecure = 416, /* server_domain_insecure */
1205 YYSYMBOL_server_hide_identity = 417, /* server_hide_identity */
1206 YYSYMBOL_server_hide_version = 418, /* server_hide_version */
1207 YYSYMBOL_server_hide_trustanchor = 419, /* server_hide_trustanchor */
1208 YYSYMBOL_server_identity = 420, /* server_identity */
1209 YYSYMBOL_server_version = 421, /* server_version */
1210 YYSYMBOL_server_nsid = 422, /* server_nsid */
1211 YYSYMBOL_server_so_rcvbuf = 423, /* server_so_rcvbuf */
1212 YYSYMBOL_server_so_sndbuf = 424, /* server_so_sndbuf */
1213 YYSYMBOL_server_so_reuseport = 425, /* server_so_reuseport */
1214 YYSYMBOL_server_ip_transparent = 426, /* server_ip_transparent */
1215 YYSYMBOL_server_ip_freebind = 427, /* server_ip_freebind */
1216 YYSYMBOL_server_ip_dscp = 428, /* server_ip_dscp */
1217 YYSYMBOL_server_stream_wait_size = 429, /* server_stream_wait_size */
1218 YYSYMBOL_server_edns_buffer_size = 430, /* server_edns_buffer_size */
1219 YYSYMBOL_server_msg_buffer_size = 431, /* server_msg_buffer_size */
1220 YYSYMBOL_server_msg_cache_size = 432, /* server_msg_cache_size */
1221 YYSYMBOL_server_msg_cache_slabs = 433, /* server_msg_cache_slabs */
1222 YYSYMBOL_server_num_queries_per_thread = 434, /* server_num_queries_per_thread */
1223 YYSYMBOL_server_jostle_timeout = 435, /* server_jostle_timeout */
1224 YYSYMBOL_server_delay_close = 436, /* server_delay_close */
1225 YYSYMBOL_server_udp_connect = 437, /* server_udp_connect */
1226 YYSYMBOL_server_unblock_lan_zones = 438, /* server_unblock_lan_zones */
1227 YYSYMBOL_server_insecure_lan_zones = 439, /* server_insecure_lan_zones */
1228 YYSYMBOL_server_rrset_cache_size = 440, /* server_rrset_cache_size */
1229 YYSYMBOL_server_rrset_cache_slabs = 441, /* server_rrset_cache_slabs */
1230 YYSYMBOL_server_infra_host_ttl = 442, /* server_infra_host_ttl */
1231 YYSYMBOL_server_infra_lame_ttl = 443, /* server_infra_lame_ttl */
1232 YYSYMBOL_server_infra_cache_numhosts = 444, /* server_infra_cache_numhosts */
1233 YYSYMBOL_server_infra_cache_lame_size = 445, /* server_infra_cache_lame_size */
1234 YYSYMBOL_server_infra_cache_slabs = 446, /* server_infra_cache_slabs */
1235 YYSYMBOL_server_infra_cache_min_rtt = 447, /* server_infra_cache_min_rtt */
1236 YYSYMBOL_server_infra_keep_probing = 448, /* server_infra_keep_probing */
1237 YYSYMBOL_server_target_fetch_policy = 449, /* server_target_fetch_policy */
1238 YYSYMBOL_server_harden_short_bufsize = 450, /* server_harden_short_bufsize */
1239 YYSYMBOL_server_harden_large_queries = 451, /* server_harden_large_queries */
1240 YYSYMBOL_server_harden_glue = 452, /* server_harden_glue */
1241 YYSYMBOL_server_harden_dnssec_stripped = 453, /* server_harden_dnssec_stripped */
1242 YYSYMBOL_server_harden_below_nxdomain = 454, /* server_harden_below_nxdomain */
1243 YYSYMBOL_server_harden_referral_path = 455, /* server_harden_referral_path */
1244 YYSYMBOL_server_harden_algo_downgrade = 456, /* server_harden_algo_downgrade */
1245 YYSYMBOL_server_use_caps_for_id = 457, /* server_use_caps_for_id */
1246 YYSYMBOL_server_caps_whitelist = 458, /* server_caps_whitelist */
1247 YYSYMBOL_server_private_address = 459, /* server_private_address */
1248 YYSYMBOL_server_private_domain = 460, /* server_private_domain */
1249 YYSYMBOL_server_prefetch = 461, /* server_prefetch */
1250 YYSYMBOL_server_prefetch_key = 462, /* server_prefetch_key */
1251 YYSYMBOL_server_deny_any = 463, /* server_deny_any */
1252 YYSYMBOL_server_unwanted_reply_threshold = 464, /* server_unwanted_reply_threshold */
1253 YYSYMBOL_server_do_not_query_address = 465, /* server_do_not_query_address */
1254 YYSYMBOL_server_do_not_query_localhost = 466, /* server_do_not_query_localhost */
1255 YYSYMBOL_server_access_control = 467, /* server_access_control */
1256 YYSYMBOL_server_module_conf = 468, /* server_module_conf */
1257 YYSYMBOL_server_val_override_date = 469, /* server_val_override_date */
1258 YYSYMBOL_server_val_sig_skew_min = 470, /* server_val_sig_skew_min */
1259 YYSYMBOL_server_val_sig_skew_max = 471, /* server_val_sig_skew_max */
1260 YYSYMBOL_server_cache_max_ttl = 472, /* server_cache_max_ttl */
1261 YYSYMBOL_server_cache_max_negative_ttl = 473, /* server_cache_max_negative_ttl */
1262 YYSYMBOL_server_cache_min_ttl = 474, /* server_cache_min_ttl */
1263 YYSYMBOL_server_bogus_ttl = 475, /* server_bogus_ttl */
1264 YYSYMBOL_server_val_clean_additional = 476, /* server_val_clean_additional */
1265 YYSYMBOL_server_val_permissive_mode = 477, /* server_val_permissive_mode */
1266 YYSYMBOL_server_aggressive_nsec = 478, /* server_aggressive_nsec */
1267 YYSYMBOL_server_ignore_cd_flag = 479, /* server_ignore_cd_flag */
1268 YYSYMBOL_server_serve_expired = 480, /* server_serve_expired */
1269 YYSYMBOL_server_serve_expired_ttl = 481, /* server_serve_expired_ttl */
1270 YYSYMBOL_server_serve_expired_ttl_reset = 482, /* server_serve_expired_ttl_reset */
1271 YYSYMBOL_server_serve_expired_reply_ttl = 483, /* server_serve_expired_reply_ttl */
1272 YYSYMBOL_server_serve_expired_client_timeout = 484, /* server_serve_expired_client_timeout */
1273 YYSYMBOL_server_serve_original_ttl = 485, /* server_serve_original_ttl */
1274 YYSYMBOL_server_fake_dsa = 486, /* server_fake_dsa */
1275 YYSYMBOL_server_fake_sha1 = 487, /* server_fake_sha1 */
1276 YYSYMBOL_server_val_log_level = 488, /* server_val_log_level */
1277 YYSYMBOL_server_val_nsec3_keysize_iterations = 489, /* server_val_nsec3_keysize_iterations */
1278 YYSYMBOL_server_add_holddown = 490, /* server_add_holddown */
1279 YYSYMBOL_server_del_holddown = 491, /* server_del_holddown */
1280 YYSYMBOL_server_keep_missing = 492, /* server_keep_missing */
1281 YYSYMBOL_server_permit_small_holddown = 493, /* server_permit_small_holddown */
1282 YYSYMBOL_server_key_cache_size = 494, /* server_key_cache_size */
1283 YYSYMBOL_server_key_cache_slabs = 495, /* server_key_cache_slabs */
1284 YYSYMBOL_server_neg_cache_size = 496, /* server_neg_cache_size */
1285 YYSYMBOL_server_local_zone = 497, /* server_local_zone */
1286 YYSYMBOL_server_local_data = 498, /* server_local_data */
1287 YYSYMBOL_server_local_data_ptr = 499, /* server_local_data_ptr */
1288 YYSYMBOL_server_minimal_responses = 500, /* server_minimal_responses */
1289 YYSYMBOL_server_rrset_roundrobin = 501, /* server_rrset_roundrobin */
1290 YYSYMBOL_server_unknown_server_time_limit = 502, /* server_unknown_server_time_limit */
1291 YYSYMBOL_server_max_udp_size = 503, /* server_max_udp_size */
1292 YYSYMBOL_server_dns64_prefix = 504, /* server_dns64_prefix */
1293 YYSYMBOL_server_dns64_synthall = 505, /* server_dns64_synthall */
1294 YYSYMBOL_server_dns64_ignore_aaaa = 506, /* server_dns64_ignore_aaaa */
1295 YYSYMBOL_server_define_tag = 507, /* server_define_tag */
1296 YYSYMBOL_server_local_zone_tag = 508, /* server_local_zone_tag */
1297 YYSYMBOL_server_access_control_tag = 509, /* server_access_control_tag */
1298 YYSYMBOL_server_access_control_tag_action = 510, /* server_access_control_tag_action */
1299 YYSYMBOL_server_access_control_tag_data = 511, /* server_access_control_tag_data */
1300 YYSYMBOL_server_local_zone_override = 512, /* server_local_zone_override */
1301 YYSYMBOL_server_access_control_view = 513, /* server_access_control_view */
1302 YYSYMBOL_server_response_ip_tag = 514, /* server_response_ip_tag */
1303 YYSYMBOL_server_ip_ratelimit = 515, /* server_ip_ratelimit */
1304 YYSYMBOL_server_ratelimit = 516, /* server_ratelimit */
1305 YYSYMBOL_server_ip_ratelimit_size = 517, /* server_ip_ratelimit_size */
1306 YYSYMBOL_server_ratelimit_size = 518, /* server_ratelimit_size */
1307 YYSYMBOL_server_ip_ratelimit_slabs = 519, /* server_ip_ratelimit_slabs */
1308 YYSYMBOL_server_ratelimit_slabs = 520, /* server_ratelimit_slabs */
1309 YYSYMBOL_server_ratelimit_for_domain = 521, /* server_ratelimit_for_domain */
1310 YYSYMBOL_server_ratelimit_below_domain = 522, /* server_ratelimit_below_domain */
1311 YYSYMBOL_server_ip_ratelimit_factor = 523, /* server_ip_ratelimit_factor */
1312 YYSYMBOL_server_ratelimit_factor = 524, /* server_ratelimit_factor */
1313 YYSYMBOL_server_low_rtt = 525, /* server_low_rtt */
1314 YYSYMBOL_server_fast_server_num = 526, /* server_fast_server_num */
1315 YYSYMBOL_server_fast_server_permil = 527, /* server_fast_server_permil */
1316 YYSYMBOL_server_qname_minimisation = 528, /* server_qname_minimisation */
1317 YYSYMBOL_server_qname_minimisation_strict = 529, /* server_qname_minimisation_strict */
1318 YYSYMBOL_server_pad_responses = 530, /* server_pad_responses */
1319 YYSYMBOL_server_pad_responses_block_size = 531, /* server_pad_responses_block_size */
1320 YYSYMBOL_server_pad_queries = 532, /* server_pad_queries */
1321 YYSYMBOL_server_pad_queries_block_size = 533, /* server_pad_queries_block_size */
1322 YYSYMBOL_server_ipsecmod_enabled = 534, /* server_ipsecmod_enabled */
1323 YYSYMBOL_server_ipsecmod_ignore_bogus = 535, /* server_ipsecmod_ignore_bogus */
1324 YYSYMBOL_server_ipsecmod_hook = 536, /* server_ipsecmod_hook */
1325 YYSYMBOL_server_ipsecmod_max_ttl = 537, /* server_ipsecmod_max_ttl */
1326 YYSYMBOL_server_ipsecmod_whitelist = 538, /* server_ipsecmod_whitelist */
1327 YYSYMBOL_server_ipsecmod_strict = 539, /* server_ipsecmod_strict */
1328 YYSYMBOL_server_edns_client_string = 540, /* server_edns_client_string */
1329 YYSYMBOL_server_edns_client_string_opcode = 541, /* server_edns_client_string_opcode */
1330 YYSYMBOL_stub_name = 542, /* stub_name */
1331 YYSYMBOL_stub_host = 543, /* stub_host */
1332 YYSYMBOL_stub_addr = 544, /* stub_addr */
1333 YYSYMBOL_stub_first = 545, /* stub_first */
1334 YYSYMBOL_stub_no_cache = 546, /* stub_no_cache */
1335 YYSYMBOL_stub_ssl_upstream = 547, /* stub_ssl_upstream */
1336 YYSYMBOL_stub_prime = 548, /* stub_prime */
1337 YYSYMBOL_forward_name = 549, /* forward_name */
1338 YYSYMBOL_forward_host = 550, /* forward_host */
1339 YYSYMBOL_forward_addr = 551, /* forward_addr */
1340 YYSYMBOL_forward_first = 552, /* forward_first */
1341 YYSYMBOL_forward_no_cache = 553, /* forward_no_cache */
1342 YYSYMBOL_forward_ssl_upstream = 554, /* forward_ssl_upstream */
1343 YYSYMBOL_auth_name = 555, /* auth_name */
1344 YYSYMBOL_auth_zonefile = 556, /* auth_zonefile */
1345 YYSYMBOL_auth_master = 557, /* auth_master */
1346 YYSYMBOL_auth_url = 558, /* auth_url */
1347 YYSYMBOL_auth_allow_notify = 559, /* auth_allow_notify */
1348 YYSYMBOL_auth_for_downstream = 560, /* auth_for_downstream */
1349 YYSYMBOL_auth_for_upstream = 561, /* auth_for_upstream */
1350 YYSYMBOL_auth_fallback_enabled = 562, /* auth_fallback_enabled */
1351 YYSYMBOL_view_name = 563, /* view_name */
1352 YYSYMBOL_view_local_zone = 564, /* view_local_zone */
1353 YYSYMBOL_view_response_ip = 565, /* view_response_ip */
1354 YYSYMBOL_view_response_ip_data = 566, /* view_response_ip_data */
1355 YYSYMBOL_view_local_data = 567, /* view_local_data */
1356 YYSYMBOL_view_local_data_ptr = 568, /* view_local_data_ptr */
1357 YYSYMBOL_view_first = 569, /* view_first */
1358 YYSYMBOL_rcstart = 570, /* rcstart */
1359 YYSYMBOL_contents_rc = 571, /* contents_rc */
1360 YYSYMBOL_content_rc = 572, /* content_rc */
1361 YYSYMBOL_rc_control_enable = 573, /* rc_control_enable */
1362 YYSYMBOL_rc_control_port = 574, /* rc_control_port */
1363 YYSYMBOL_rc_control_interface = 575, /* rc_control_interface */
1364 YYSYMBOL_rc_control_use_cert = 576, /* rc_control_use_cert */
1365 YYSYMBOL_rc_server_key_file = 577, /* rc_server_key_file */
1366 YYSYMBOL_rc_server_cert_file = 578, /* rc_server_cert_file */
1367 YYSYMBOL_rc_control_key_file = 579, /* rc_control_key_file */
1368 YYSYMBOL_rc_control_cert_file = 580, /* rc_control_cert_file */
1369 YYSYMBOL_dtstart = 581, /* dtstart */
1370 YYSYMBOL_contents_dt = 582, /* contents_dt */
1371 YYSYMBOL_content_dt = 583, /* content_dt */
1372 YYSYMBOL_dt_dnstap_enable = 584, /* dt_dnstap_enable */
1373 YYSYMBOL_dt_dnstap_bidirectional = 585, /* dt_dnstap_bidirectional */
1374 YYSYMBOL_dt_dnstap_socket_path = 586, /* dt_dnstap_socket_path */
1375 YYSYMBOL_dt_dnstap_ip = 587, /* dt_dnstap_ip */
1376 YYSYMBOL_dt_dnstap_tls = 588, /* dt_dnstap_tls */
1377 YYSYMBOL_dt_dnstap_tls_server_name = 589, /* dt_dnstap_tls_server_name */
1378 YYSYMBOL_dt_dnstap_tls_cert_bundle = 590, /* dt_dnstap_tls_cert_bundle */
1379 YYSYMBOL_dt_dnstap_tls_client_key_file = 591, /* dt_dnstap_tls_client_key_file */
1380 YYSYMBOL_dt_dnstap_tls_client_cert_file = 592, /* dt_dnstap_tls_client_cert_file */
1381 YYSYMBOL_dt_dnstap_send_identity = 593, /* dt_dnstap_send_identity */
1382 YYSYMBOL_dt_dnstap_send_version = 594, /* dt_dnstap_send_version */
1383 YYSYMBOL_dt_dnstap_identity = 595, /* dt_dnstap_identity */
1384 YYSYMBOL_dt_dnstap_version = 596, /* dt_dnstap_version */
1385 YYSYMBOL_dt_dnstap_log_resolver_query_messages = 597, /* dt_dnstap_log_resolver_query_messages */
1386 YYSYMBOL_dt_dnstap_log_resolver_response_messages = 598, /* dt_dnstap_log_resolver_response_messages */
1387 YYSYMBOL_dt_dnstap_log_client_query_messages = 599, /* dt_dnstap_log_client_query_messages */
1388 YYSYMBOL_dt_dnstap_log_client_response_messages = 600, /* dt_dnstap_log_client_response_messages */
1389 YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 601, /* dt_dnstap_log_forwarder_query_messages */
1390 YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 602, /* dt_dnstap_log_forwarder_response_messages */
1391 YYSYMBOL_pythonstart = 603, /* pythonstart */
1392 YYSYMBOL_contents_py = 604, /* contents_py */
1393 YYSYMBOL_content_py = 605, /* content_py */
1394 YYSYMBOL_py_script = 606, /* py_script */
1395 YYSYMBOL_dynlibstart = 607, /* dynlibstart */
1396 YYSYMBOL_contents_dl = 608, /* contents_dl */
1397 YYSYMBOL_content_dl = 609, /* content_dl */
1398 YYSYMBOL_dl_file = 610, /* dl_file */
1399 YYSYMBOL_server_disable_dnssec_lame_check = 611, /* server_disable_dnssec_lame_check */
1400 YYSYMBOL_server_log_identity = 612, /* server_log_identity */
1401 YYSYMBOL_server_response_ip = 613, /* server_response_ip */
1402 YYSYMBOL_server_response_ip_data = 614, /* server_response_ip_data */
1403 YYSYMBOL_dnscstart = 615, /* dnscstart */
1404 YYSYMBOL_contents_dnsc = 616, /* contents_dnsc */
1405 YYSYMBOL_content_dnsc = 617, /* content_dnsc */
1406 YYSYMBOL_dnsc_dnscrypt_enable = 618, /* dnsc_dnscrypt_enable */
1407 YYSYMBOL_dnsc_dnscrypt_port = 619, /* dnsc_dnscrypt_port */
1408 YYSYMBOL_dnsc_dnscrypt_provider = 620, /* dnsc_dnscrypt_provider */
1409 YYSYMBOL_dnsc_dnscrypt_provider_cert = 621, /* dnsc_dnscrypt_provider_cert */
1410 YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 622, /* dnsc_dnscrypt_provider_cert_rotated */
1411 YYSYMBOL_dnsc_dnscrypt_secret_key = 623, /* dnsc_dnscrypt_secret_key */
1412 YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 624, /* dnsc_dnscrypt_shared_secret_cache_size */
1413 YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 625, /* dnsc_dnscrypt_shared_secret_cache_slabs */
1414 YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 626, /* dnsc_dnscrypt_nonce_cache_size */
1415 YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 627, /* dnsc_dnscrypt_nonce_cache_slabs */
1416 YYSYMBOL_cachedbstart = 628, /* cachedbstart */
1417 YYSYMBOL_contents_cachedb = 629, /* contents_cachedb */
1418 YYSYMBOL_content_cachedb = 630, /* content_cachedb */
1419 YYSYMBOL_cachedb_backend_name = 631, /* cachedb_backend_name */
1420 YYSYMBOL_cachedb_secret_seed = 632, /* cachedb_secret_seed */
1421 YYSYMBOL_redis_server_host = 633, /* redis_server_host */
1422 YYSYMBOL_redis_server_port = 634, /* redis_server_port */
1423 YYSYMBOL_redis_timeout = 635, /* redis_timeout */
1424 YYSYMBOL_redis_expire_records = 636, /* redis_expire_records */
1425 YYSYMBOL_server_tcp_connection_limit = 637, /* server_tcp_connection_limit */
1426 YYSYMBOL_ipsetstart = 638, /* ipsetstart */
1427 YYSYMBOL_contents_ipset = 639, /* contents_ipset */
1428 YYSYMBOL_content_ipset = 640, /* content_ipset */
1429 YYSYMBOL_ipset_name_v4 = 641, /* ipset_name_v4 */
1430 YYSYMBOL_ipset_name_v6 = 642 /* ipset_name_v6 */
923 YYSYMBOL_VAR_TCP_REUSE_TIMEOUT = 105, /* VAR_TCP_REUSE_TIMEOUT */
924 YYSYMBOL_VAR_MAX_REUSE_TCP_QUERIES = 106, /* VAR_MAX_REUSE_TCP_QUERIES */
925 YYSYMBOL_VAR_EXTENDED_STATISTICS = 107, /* VAR_EXTENDED_STATISTICS */
926 YYSYMBOL_VAR_LOCAL_DATA_PTR = 108, /* VAR_LOCAL_DATA_PTR */
927 YYSYMBOL_VAR_JOSTLE_TIMEOUT = 109, /* VAR_JOSTLE_TIMEOUT */
928 YYSYMBOL_VAR_STUB_PRIME = 110, /* VAR_STUB_PRIME */
929 YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 111, /* VAR_UNWANTED_REPLY_THRESHOLD */
930 YYSYMBOL_VAR_LOG_TIME_ASCII = 112, /* VAR_LOG_TIME_ASCII */
931 YYSYMBOL_VAR_DOMAIN_INSECURE = 113, /* VAR_DOMAIN_INSECURE */
932 YYSYMBOL_VAR_PYTHON = 114, /* VAR_PYTHON */
933 YYSYMBOL_VAR_PYTHON_SCRIPT = 115, /* VAR_PYTHON_SCRIPT */
934 YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 116, /* VAR_VAL_SIG_SKEW_MIN */
935 YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 117, /* VAR_VAL_SIG_SKEW_MAX */
936 YYSYMBOL_VAR_VAL_MAX_RESTART = 118, /* VAR_VAL_MAX_RESTART */
937 YYSYMBOL_VAR_CACHE_MIN_TTL = 119, /* VAR_CACHE_MIN_TTL */
938 YYSYMBOL_VAR_VAL_LOG_LEVEL = 120, /* VAR_VAL_LOG_LEVEL */
939 YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 121, /* VAR_AUTO_TRUST_ANCHOR_FILE */
940 YYSYMBOL_VAR_KEEP_MISSING = 122, /* VAR_KEEP_MISSING */
941 YYSYMBOL_VAR_ADD_HOLDDOWN = 123, /* VAR_ADD_HOLDDOWN */
942 YYSYMBOL_VAR_DEL_HOLDDOWN = 124, /* VAR_DEL_HOLDDOWN */
943 YYSYMBOL_VAR_SO_RCVBUF = 125, /* VAR_SO_RCVBUF */
944 YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 126, /* VAR_EDNS_BUFFER_SIZE */
945 YYSYMBOL_VAR_PREFETCH = 127, /* VAR_PREFETCH */
946 YYSYMBOL_VAR_PREFETCH_KEY = 128, /* VAR_PREFETCH_KEY */
947 YYSYMBOL_VAR_SO_SNDBUF = 129, /* VAR_SO_SNDBUF */
948 YYSYMBOL_VAR_SO_REUSEPORT = 130, /* VAR_SO_REUSEPORT */
949 YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 131, /* VAR_HARDEN_BELOW_NXDOMAIN */
950 YYSYMBOL_VAR_IGNORE_CD_FLAG = 132, /* VAR_IGNORE_CD_FLAG */
951 YYSYMBOL_VAR_LOG_QUERIES = 133, /* VAR_LOG_QUERIES */
952 YYSYMBOL_VAR_LOG_REPLIES = 134, /* VAR_LOG_REPLIES */
953 YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 135, /* VAR_LOG_LOCAL_ACTIONS */
954 YYSYMBOL_VAR_TCP_UPSTREAM = 136, /* VAR_TCP_UPSTREAM */
955 YYSYMBOL_VAR_SSL_UPSTREAM = 137, /* VAR_SSL_UPSTREAM */
956 YYSYMBOL_VAR_TCP_AUTH_QUERY_TIMEOUT = 138, /* VAR_TCP_AUTH_QUERY_TIMEOUT */
957 YYSYMBOL_VAR_SSL_SERVICE_KEY = 139, /* VAR_SSL_SERVICE_KEY */
958 YYSYMBOL_VAR_SSL_SERVICE_PEM = 140, /* VAR_SSL_SERVICE_PEM */
959 YYSYMBOL_VAR_SSL_PORT = 141, /* VAR_SSL_PORT */
960 YYSYMBOL_VAR_FORWARD_FIRST = 142, /* VAR_FORWARD_FIRST */
961 YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 143, /* VAR_STUB_SSL_UPSTREAM */
962 YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 144, /* VAR_FORWARD_SSL_UPSTREAM */
963 YYSYMBOL_VAR_TLS_CERT_BUNDLE = 145, /* VAR_TLS_CERT_BUNDLE */
964 YYSYMBOL_VAR_STUB_TCP_UPSTREAM = 146, /* VAR_STUB_TCP_UPSTREAM */
965 YYSYMBOL_VAR_FORWARD_TCP_UPSTREAM = 147, /* VAR_FORWARD_TCP_UPSTREAM */
966 YYSYMBOL_VAR_HTTPS_PORT = 148, /* VAR_HTTPS_PORT */
967 YYSYMBOL_VAR_HTTP_ENDPOINT = 149, /* VAR_HTTP_ENDPOINT */
968 YYSYMBOL_VAR_HTTP_MAX_STREAMS = 150, /* VAR_HTTP_MAX_STREAMS */
969 YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 151, /* VAR_HTTP_QUERY_BUFFER_SIZE */
970 YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 152, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
971 YYSYMBOL_VAR_HTTP_NODELAY = 153, /* VAR_HTTP_NODELAY */
972 YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 154, /* VAR_HTTP_NOTLS_DOWNSTREAM */
973 YYSYMBOL_VAR_STUB_FIRST = 155, /* VAR_STUB_FIRST */
974 YYSYMBOL_VAR_MINIMAL_RESPONSES = 156, /* VAR_MINIMAL_RESPONSES */
975 YYSYMBOL_VAR_RRSET_ROUNDROBIN = 157, /* VAR_RRSET_ROUNDROBIN */
976 YYSYMBOL_VAR_MAX_UDP_SIZE = 158, /* VAR_MAX_UDP_SIZE */
977 YYSYMBOL_VAR_DELAY_CLOSE = 159, /* VAR_DELAY_CLOSE */
978 YYSYMBOL_VAR_UDP_CONNECT = 160, /* VAR_UDP_CONNECT */
979 YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 161, /* VAR_UNBLOCK_LAN_ZONES */
980 YYSYMBOL_VAR_INSECURE_LAN_ZONES = 162, /* VAR_INSECURE_LAN_ZONES */
981 YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 163, /* VAR_INFRA_CACHE_MIN_RTT */
982 YYSYMBOL_VAR_INFRA_KEEP_PROBING = 164, /* VAR_INFRA_KEEP_PROBING */
983 YYSYMBOL_VAR_DNS64_PREFIX = 165, /* VAR_DNS64_PREFIX */
984 YYSYMBOL_VAR_DNS64_SYNTHALL = 166, /* VAR_DNS64_SYNTHALL */
985 YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 167, /* VAR_DNS64_IGNORE_AAAA */
986 YYSYMBOL_VAR_DNSTAP = 168, /* VAR_DNSTAP */
987 YYSYMBOL_VAR_DNSTAP_ENABLE = 169, /* VAR_DNSTAP_ENABLE */
988 YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 170, /* VAR_DNSTAP_SOCKET_PATH */
989 YYSYMBOL_VAR_DNSTAP_IP = 171, /* VAR_DNSTAP_IP */
990 YYSYMBOL_VAR_DNSTAP_TLS = 172, /* VAR_DNSTAP_TLS */
991 YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 173, /* VAR_DNSTAP_TLS_SERVER_NAME */
992 YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 174, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
993 YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 175, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
994 YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 176, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
995 YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 177, /* VAR_DNSTAP_SEND_IDENTITY */
996 YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 178, /* VAR_DNSTAP_SEND_VERSION */
997 YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 179, /* VAR_DNSTAP_BIDIRECTIONAL */
998 YYSYMBOL_VAR_DNSTAP_IDENTITY = 180, /* VAR_DNSTAP_IDENTITY */
999 YYSYMBOL_VAR_DNSTAP_VERSION = 181, /* VAR_DNSTAP_VERSION */
1000 YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 182, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
1001 YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 183, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
1002 YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 184, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
1003 YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 185, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
1004 YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 186, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
1005 YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 187, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
1006 YYSYMBOL_VAR_RESPONSE_IP_TAG = 188, /* VAR_RESPONSE_IP_TAG */
1007 YYSYMBOL_VAR_RESPONSE_IP = 189, /* VAR_RESPONSE_IP */
1008 YYSYMBOL_VAR_RESPONSE_IP_DATA = 190, /* VAR_RESPONSE_IP_DATA */
1009 YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 191, /* VAR_HARDEN_ALGO_DOWNGRADE */
1010 YYSYMBOL_VAR_IP_TRANSPARENT = 192, /* VAR_IP_TRANSPARENT */
1011 YYSYMBOL_VAR_IP_DSCP = 193, /* VAR_IP_DSCP */
1012 YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 194, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
1013 YYSYMBOL_VAR_IP_RATELIMIT = 195, /* VAR_IP_RATELIMIT */
1014 YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 196, /* VAR_IP_RATELIMIT_SLABS */
1015 YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 197, /* VAR_IP_RATELIMIT_SIZE */
1016 YYSYMBOL_VAR_RATELIMIT = 198, /* VAR_RATELIMIT */
1017 YYSYMBOL_VAR_RATELIMIT_SLABS = 199, /* VAR_RATELIMIT_SLABS */
1018 YYSYMBOL_VAR_RATELIMIT_SIZE = 200, /* VAR_RATELIMIT_SIZE */
1019 YYSYMBOL_VAR_OUTBOUND_MSG_RETRY = 201, /* VAR_OUTBOUND_MSG_RETRY */
1020 YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 202, /* VAR_RATELIMIT_FOR_DOMAIN */
1021 YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 203, /* VAR_RATELIMIT_BELOW_DOMAIN */
1022 YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 204, /* VAR_IP_RATELIMIT_FACTOR */
1023 YYSYMBOL_VAR_RATELIMIT_FACTOR = 205, /* VAR_RATELIMIT_FACTOR */
1024 YYSYMBOL_VAR_IP_RATELIMIT_BACKOFF = 206, /* VAR_IP_RATELIMIT_BACKOFF */
1025 YYSYMBOL_VAR_RATELIMIT_BACKOFF = 207, /* VAR_RATELIMIT_BACKOFF */
1026 YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 208, /* VAR_SEND_CLIENT_SUBNET */
1027 YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 209, /* VAR_CLIENT_SUBNET_ZONE */
1028 YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 210, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
1029 YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 211, /* VAR_CLIENT_SUBNET_OPCODE */
1030 YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 212, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
1031 YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 213, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
1032 YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 214, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
1033 YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 215, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
1034 YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 216, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
1035 YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 217, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
1036 YYSYMBOL_VAR_CAPS_WHITELIST = 218, /* VAR_CAPS_WHITELIST */
1037 YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 219, /* VAR_CACHE_MAX_NEGATIVE_TTL */
1038 YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 220, /* VAR_PERMIT_SMALL_HOLDDOWN */
1039 YYSYMBOL_VAR_QNAME_MINIMISATION = 221, /* VAR_QNAME_MINIMISATION */
1040 YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 222, /* VAR_QNAME_MINIMISATION_STRICT */
1041 YYSYMBOL_VAR_IP_FREEBIND = 223, /* VAR_IP_FREEBIND */
1042 YYSYMBOL_VAR_DEFINE_TAG = 224, /* VAR_DEFINE_TAG */
1043 YYSYMBOL_VAR_LOCAL_ZONE_TAG = 225, /* VAR_LOCAL_ZONE_TAG */
1044 YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 226, /* VAR_ACCESS_CONTROL_TAG */
1045 YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 227, /* VAR_LOCAL_ZONE_OVERRIDE */
1046 YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 228, /* VAR_ACCESS_CONTROL_TAG_ACTION */
1047 YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 229, /* VAR_ACCESS_CONTROL_TAG_DATA */
1048 YYSYMBOL_VAR_VIEW = 230, /* VAR_VIEW */
1049 YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 231, /* VAR_ACCESS_CONTROL_VIEW */
1050 YYSYMBOL_VAR_VIEW_FIRST = 232, /* VAR_VIEW_FIRST */
1051 YYSYMBOL_VAR_SERVE_EXPIRED = 233, /* VAR_SERVE_EXPIRED */
1052 YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 234, /* VAR_SERVE_EXPIRED_TTL */
1053 YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 235, /* VAR_SERVE_EXPIRED_TTL_RESET */
1054 YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 236, /* VAR_SERVE_EXPIRED_REPLY_TTL */
1055 YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 237, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
1056 YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 238, /* VAR_SERVE_ORIGINAL_TTL */
1057 YYSYMBOL_VAR_FAKE_DSA = 239, /* VAR_FAKE_DSA */
1058 YYSYMBOL_VAR_FAKE_SHA1 = 240, /* VAR_FAKE_SHA1 */
1059 YYSYMBOL_VAR_LOG_IDENTITY = 241, /* VAR_LOG_IDENTITY */
1060 YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 242, /* VAR_HIDE_TRUSTANCHOR */
1061 YYSYMBOL_VAR_HIDE_HTTP_USER_AGENT = 243, /* VAR_HIDE_HTTP_USER_AGENT */
1062 YYSYMBOL_VAR_HTTP_USER_AGENT = 244, /* VAR_HTTP_USER_AGENT */
1063 YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 245, /* VAR_TRUST_ANCHOR_SIGNALING */
1064 YYSYMBOL_VAR_AGGRESSIVE_NSEC = 246, /* VAR_AGGRESSIVE_NSEC */
1065 YYSYMBOL_VAR_USE_SYSTEMD = 247, /* VAR_USE_SYSTEMD */
1066 YYSYMBOL_VAR_SHM_ENABLE = 248, /* VAR_SHM_ENABLE */
1067 YYSYMBOL_VAR_SHM_KEY = 249, /* VAR_SHM_KEY */
1068 YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 250, /* VAR_ROOT_KEY_SENTINEL */
1069 YYSYMBOL_VAR_DNSCRYPT = 251, /* VAR_DNSCRYPT */
1070 YYSYMBOL_VAR_DNSCRYPT_ENABLE = 252, /* VAR_DNSCRYPT_ENABLE */
1071 YYSYMBOL_VAR_DNSCRYPT_PORT = 253, /* VAR_DNSCRYPT_PORT */
1072 YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 254, /* VAR_DNSCRYPT_PROVIDER */
1073 YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 255, /* VAR_DNSCRYPT_SECRET_KEY */
1074 YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 256, /* VAR_DNSCRYPT_PROVIDER_CERT */
1075 YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 257, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
1076 YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 258, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
1077 YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 259, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
1078 YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 260, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
1079 YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 261, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
1080 YYSYMBOL_VAR_PAD_RESPONSES = 262, /* VAR_PAD_RESPONSES */
1081 YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 263, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
1082 YYSYMBOL_VAR_PAD_QUERIES = 264, /* VAR_PAD_QUERIES */
1083 YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 265, /* VAR_PAD_QUERIES_BLOCK_SIZE */
1084 YYSYMBOL_VAR_IPSECMOD_ENABLED = 266, /* VAR_IPSECMOD_ENABLED */
1085 YYSYMBOL_VAR_IPSECMOD_HOOK = 267, /* VAR_IPSECMOD_HOOK */
1086 YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 268, /* VAR_IPSECMOD_IGNORE_BOGUS */
1087 YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 269, /* VAR_IPSECMOD_MAX_TTL */
1088 YYSYMBOL_VAR_IPSECMOD_WHITELIST = 270, /* VAR_IPSECMOD_WHITELIST */
1089 YYSYMBOL_VAR_IPSECMOD_STRICT = 271, /* VAR_IPSECMOD_STRICT */
1090 YYSYMBOL_VAR_CACHEDB = 272, /* VAR_CACHEDB */
1091 YYSYMBOL_VAR_CACHEDB_BACKEND = 273, /* VAR_CACHEDB_BACKEND */
1092 YYSYMBOL_VAR_CACHEDB_SECRETSEED = 274, /* VAR_CACHEDB_SECRETSEED */
1093 YYSYMBOL_VAR_CACHEDB_REDISHOST = 275, /* VAR_CACHEDB_REDISHOST */
1094 YYSYMBOL_VAR_CACHEDB_REDISPORT = 276, /* VAR_CACHEDB_REDISPORT */
1095 YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 277, /* VAR_CACHEDB_REDISTIMEOUT */
1096 YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 278, /* VAR_CACHEDB_REDISEXPIRERECORDS */
1097 YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 279, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
1098 YYSYMBOL_VAR_FOR_UPSTREAM = 280, /* VAR_FOR_UPSTREAM */
1099 YYSYMBOL_VAR_AUTH_ZONE = 281, /* VAR_AUTH_ZONE */
1100 YYSYMBOL_VAR_ZONEFILE = 282, /* VAR_ZONEFILE */
1101 YYSYMBOL_VAR_MASTER = 283, /* VAR_MASTER */
1102 YYSYMBOL_VAR_URL = 284, /* VAR_URL */
1103 YYSYMBOL_VAR_FOR_DOWNSTREAM = 285, /* VAR_FOR_DOWNSTREAM */
1104 YYSYMBOL_VAR_FALLBACK_ENABLED = 286, /* VAR_FALLBACK_ENABLED */
1105 YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 287, /* VAR_TLS_ADDITIONAL_PORT */
1106 YYSYMBOL_VAR_LOW_RTT = 288, /* VAR_LOW_RTT */
1107 YYSYMBOL_VAR_LOW_RTT_PERMIL = 289, /* VAR_LOW_RTT_PERMIL */
1108 YYSYMBOL_VAR_FAST_SERVER_PERMIL = 290, /* VAR_FAST_SERVER_PERMIL */
1109 YYSYMBOL_VAR_FAST_SERVER_NUM = 291, /* VAR_FAST_SERVER_NUM */
1110 YYSYMBOL_VAR_ALLOW_NOTIFY = 292, /* VAR_ALLOW_NOTIFY */
1111 YYSYMBOL_VAR_TLS_WIN_CERT = 293, /* VAR_TLS_WIN_CERT */
1112 YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 294, /* VAR_TCP_CONNECTION_LIMIT */
1113 YYSYMBOL_VAR_FORWARD_NO_CACHE = 295, /* VAR_FORWARD_NO_CACHE */
1114 YYSYMBOL_VAR_STUB_NO_CACHE = 296, /* VAR_STUB_NO_CACHE */
1115 YYSYMBOL_VAR_LOG_SERVFAIL = 297, /* VAR_LOG_SERVFAIL */
1116 YYSYMBOL_VAR_DENY_ANY = 298, /* VAR_DENY_ANY */
1117 YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 299, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
1118 YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 300, /* VAR_LOG_TAG_QUERYREPLY */
1119 YYSYMBOL_VAR_STREAM_WAIT_SIZE = 301, /* VAR_STREAM_WAIT_SIZE */
1120 YYSYMBOL_VAR_TLS_CIPHERS = 302, /* VAR_TLS_CIPHERS */
1121 YYSYMBOL_VAR_TLS_CIPHERSUITES = 303, /* VAR_TLS_CIPHERSUITES */
1122 YYSYMBOL_VAR_TLS_USE_SNI = 304, /* VAR_TLS_USE_SNI */
1123 YYSYMBOL_VAR_IPSET = 305, /* VAR_IPSET */
1124 YYSYMBOL_VAR_IPSET_NAME_V4 = 306, /* VAR_IPSET_NAME_V4 */
1125 YYSYMBOL_VAR_IPSET_NAME_V6 = 307, /* VAR_IPSET_NAME_V6 */
1126 YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 308, /* VAR_TLS_SESSION_TICKET_KEYS */
1127 YYSYMBOL_VAR_RPZ = 309, /* VAR_RPZ */
1128 YYSYMBOL_VAR_TAGS = 310, /* VAR_TAGS */
1129 YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 311, /* VAR_RPZ_ACTION_OVERRIDE */
1130 YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 312, /* VAR_RPZ_CNAME_OVERRIDE */
1131 YYSYMBOL_VAR_RPZ_LOG = 313, /* VAR_RPZ_LOG */
1132 YYSYMBOL_VAR_RPZ_LOG_NAME = 314, /* VAR_RPZ_LOG_NAME */
1133 YYSYMBOL_VAR_DYNLIB = 315, /* VAR_DYNLIB */
1134 YYSYMBOL_VAR_DYNLIB_FILE = 316, /* VAR_DYNLIB_FILE */
1135 YYSYMBOL_VAR_EDNS_CLIENT_STRING = 317, /* VAR_EDNS_CLIENT_STRING */
1136 YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 318, /* VAR_EDNS_CLIENT_STRING_OPCODE */
1137 YYSYMBOL_VAR_NSID = 319, /* VAR_NSID */
1138 YYSYMBOL_VAR_ZONEMD_PERMISSIVE_MODE = 320, /* VAR_ZONEMD_PERMISSIVE_MODE */
1139 YYSYMBOL_VAR_ZONEMD_CHECK = 321, /* VAR_ZONEMD_CHECK */
1140 YYSYMBOL_VAR_ZONEMD_REJECT_ABSENCE = 322, /* VAR_ZONEMD_REJECT_ABSENCE */
1141 YYSYMBOL_VAR_RPZ_SIGNAL_NXDOMAIN_RA = 323, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
1142 YYSYMBOL_YYACCEPT = 324, /* $accept */
1143 YYSYMBOL_toplevelvars = 325, /* toplevelvars */
1144 YYSYMBOL_toplevelvar = 326, /* toplevelvar */
1145 YYSYMBOL_force_toplevel = 327, /* force_toplevel */
1146 YYSYMBOL_serverstart = 328, /* serverstart */
1147 YYSYMBOL_contents_server = 329, /* contents_server */
1148 YYSYMBOL_content_server = 330, /* content_server */
1149 YYSYMBOL_stubstart = 331, /* stubstart */
1150 YYSYMBOL_contents_stub = 332, /* contents_stub */
1151 YYSYMBOL_content_stub = 333, /* content_stub */
1152 YYSYMBOL_forwardstart = 334, /* forwardstart */
1153 YYSYMBOL_contents_forward = 335, /* contents_forward */
1154 YYSYMBOL_content_forward = 336, /* content_forward */
1155 YYSYMBOL_viewstart = 337, /* viewstart */
1156 YYSYMBOL_contents_view = 338, /* contents_view */
1157 YYSYMBOL_content_view = 339, /* content_view */
1158 YYSYMBOL_authstart = 340, /* authstart */
1159 YYSYMBOL_contents_auth = 341, /* contents_auth */
1160 YYSYMBOL_content_auth = 342, /* content_auth */
1161 YYSYMBOL_rpz_tag = 343, /* rpz_tag */
1162 YYSYMBOL_rpz_action_override = 344, /* rpz_action_override */
1163 YYSYMBOL_rpz_cname_override = 345, /* rpz_cname_override */
1164 YYSYMBOL_rpz_log = 346, /* rpz_log */
1165 YYSYMBOL_rpz_log_name = 347, /* rpz_log_name */
1166 YYSYMBOL_rpz_signal_nxdomain_ra = 348, /* rpz_signal_nxdomain_ra */
1167 YYSYMBOL_rpzstart = 349, /* rpzstart */
1168 YYSYMBOL_contents_rpz = 350, /* contents_rpz */
1169 YYSYMBOL_content_rpz = 351, /* content_rpz */
1170 YYSYMBOL_server_num_threads = 352, /* server_num_threads */
1171 YYSYMBOL_server_verbosity = 353, /* server_verbosity */
1172 YYSYMBOL_server_statistics_interval = 354, /* server_statistics_interval */
1173 YYSYMBOL_server_statistics_cumulative = 355, /* server_statistics_cumulative */
1174 YYSYMBOL_server_extended_statistics = 356, /* server_extended_statistics */
1175 YYSYMBOL_server_shm_enable = 357, /* server_shm_enable */
1176 YYSYMBOL_server_shm_key = 358, /* server_shm_key */
1177 YYSYMBOL_server_port = 359, /* server_port */
1178 YYSYMBOL_server_send_client_subnet = 360, /* server_send_client_subnet */
1179 YYSYMBOL_server_client_subnet_zone = 361, /* server_client_subnet_zone */
1180 YYSYMBOL_server_client_subnet_always_forward = 362, /* server_client_subnet_always_forward */
1181 YYSYMBOL_server_client_subnet_opcode = 363, /* server_client_subnet_opcode */
1182 YYSYMBOL_server_max_client_subnet_ipv4 = 364, /* server_max_client_subnet_ipv4 */
1183 YYSYMBOL_server_max_client_subnet_ipv6 = 365, /* server_max_client_subnet_ipv6 */
1184 YYSYMBOL_server_min_client_subnet_ipv4 = 366, /* server_min_client_subnet_ipv4 */
1185 YYSYMBOL_server_min_client_subnet_ipv6 = 367, /* server_min_client_subnet_ipv6 */
1186 YYSYMBOL_server_max_ecs_tree_size_ipv4 = 368, /* server_max_ecs_tree_size_ipv4 */
1187 YYSYMBOL_server_max_ecs_tree_size_ipv6 = 369, /* server_max_ecs_tree_size_ipv6 */
1188 YYSYMBOL_server_interface = 370, /* server_interface */
1189 YYSYMBOL_server_outgoing_interface = 371, /* server_outgoing_interface */
1190 YYSYMBOL_server_outgoing_range = 372, /* server_outgoing_range */
1191 YYSYMBOL_server_outgoing_port_permit = 373, /* server_outgoing_port_permit */
1192 YYSYMBOL_server_outgoing_port_avoid = 374, /* server_outgoing_port_avoid */
1193 YYSYMBOL_server_outgoing_num_tcp = 375, /* server_outgoing_num_tcp */
1194 YYSYMBOL_server_incoming_num_tcp = 376, /* server_incoming_num_tcp */
1195 YYSYMBOL_server_interface_automatic = 377, /* server_interface_automatic */
1196 YYSYMBOL_server_do_ip4 = 378, /* server_do_ip4 */
1197 YYSYMBOL_server_do_ip6 = 379, /* server_do_ip6 */
1198 YYSYMBOL_server_do_udp = 380, /* server_do_udp */
1199 YYSYMBOL_server_do_tcp = 381, /* server_do_tcp */
1200 YYSYMBOL_server_prefer_ip4 = 382, /* server_prefer_ip4 */
1201 YYSYMBOL_server_prefer_ip6 = 383, /* server_prefer_ip6 */
1202 YYSYMBOL_server_tcp_mss = 384, /* server_tcp_mss */
1203 YYSYMBOL_server_outgoing_tcp_mss = 385, /* server_outgoing_tcp_mss */
1204 YYSYMBOL_server_tcp_idle_timeout = 386, /* server_tcp_idle_timeout */
1205 YYSYMBOL_server_max_reuse_tcp_queries = 387, /* server_max_reuse_tcp_queries */
1206 YYSYMBOL_server_tcp_reuse_timeout = 388, /* server_tcp_reuse_timeout */
1207 YYSYMBOL_server_tcp_auth_query_timeout = 389, /* server_tcp_auth_query_timeout */
1208 YYSYMBOL_server_tcp_keepalive = 390, /* server_tcp_keepalive */
1209 YYSYMBOL_server_tcp_keepalive_timeout = 391, /* server_tcp_keepalive_timeout */
1210 YYSYMBOL_server_tcp_upstream = 392, /* server_tcp_upstream */
1211 YYSYMBOL_server_udp_upstream_without_downstream = 393, /* server_udp_upstream_without_downstream */
1212 YYSYMBOL_server_ssl_upstream = 394, /* server_ssl_upstream */
1213 YYSYMBOL_server_ssl_service_key = 395, /* server_ssl_service_key */
1214 YYSYMBOL_server_ssl_service_pem = 396, /* server_ssl_service_pem */
1215 YYSYMBOL_server_ssl_port = 397, /* server_ssl_port */
1216 YYSYMBOL_server_tls_cert_bundle = 398, /* server_tls_cert_bundle */
1217 YYSYMBOL_server_tls_win_cert = 399, /* server_tls_win_cert */
1218 YYSYMBOL_server_tls_additional_port = 400, /* server_tls_additional_port */
1219 YYSYMBOL_server_tls_ciphers = 401, /* server_tls_ciphers */
1220 YYSYMBOL_server_tls_ciphersuites = 402, /* server_tls_ciphersuites */
1221 YYSYMBOL_server_tls_session_ticket_keys = 403, /* server_tls_session_ticket_keys */
1222 YYSYMBOL_server_tls_use_sni = 404, /* server_tls_use_sni */
1223 YYSYMBOL_server_https_port = 405, /* server_https_port */
1224 YYSYMBOL_server_http_endpoint = 406, /* server_http_endpoint */
1225 YYSYMBOL_server_http_max_streams = 407, /* server_http_max_streams */
1226 YYSYMBOL_server_http_query_buffer_size = 408, /* server_http_query_buffer_size */
1227 YYSYMBOL_server_http_response_buffer_size = 409, /* server_http_response_buffer_size */
1228 YYSYMBOL_server_http_nodelay = 410, /* server_http_nodelay */
1229 YYSYMBOL_server_http_notls_downstream = 411, /* server_http_notls_downstream */
1230 YYSYMBOL_server_use_systemd = 412, /* server_use_systemd */
1231 YYSYMBOL_server_do_daemonize = 413, /* server_do_daemonize */
1232 YYSYMBOL_server_use_syslog = 414, /* server_use_syslog */
1233 YYSYMBOL_server_log_time_ascii = 415, /* server_log_time_ascii */
1234 YYSYMBOL_server_log_queries = 416, /* server_log_queries */
1235 YYSYMBOL_server_log_replies = 417, /* server_log_replies */
1236 YYSYMBOL_server_log_tag_queryreply = 418, /* server_log_tag_queryreply */
1237 YYSYMBOL_server_log_servfail = 419, /* server_log_servfail */
1238 YYSYMBOL_server_log_local_actions = 420, /* server_log_local_actions */
1239 YYSYMBOL_server_chroot = 421, /* server_chroot */
1240 YYSYMBOL_server_username = 422, /* server_username */
1241 YYSYMBOL_server_directory = 423, /* server_directory */
1242 YYSYMBOL_server_logfile = 424, /* server_logfile */
1243 YYSYMBOL_server_pidfile = 425, /* server_pidfile */
1244 YYSYMBOL_server_root_hints = 426, /* server_root_hints */
1245 YYSYMBOL_server_dlv_anchor_file = 427, /* server_dlv_anchor_file */
1246 YYSYMBOL_server_dlv_anchor = 428, /* server_dlv_anchor */
1247 YYSYMBOL_server_auto_trust_anchor_file = 429, /* server_auto_trust_anchor_file */
1248 YYSYMBOL_server_trust_anchor_file = 430, /* server_trust_anchor_file */
1249 YYSYMBOL_server_trusted_keys_file = 431, /* server_trusted_keys_file */
1250 YYSYMBOL_server_trust_anchor = 432, /* server_trust_anchor */
1251 YYSYMBOL_server_trust_anchor_signaling = 433, /* server_trust_anchor_signaling */
1252 YYSYMBOL_server_root_key_sentinel = 434, /* server_root_key_sentinel */
1253 YYSYMBOL_server_domain_insecure = 435, /* server_domain_insecure */
1254 YYSYMBOL_server_hide_identity = 436, /* server_hide_identity */
1255 YYSYMBOL_server_hide_version = 437, /* server_hide_version */
1256 YYSYMBOL_server_hide_trustanchor = 438, /* server_hide_trustanchor */
1257 YYSYMBOL_server_hide_http_user_agent = 439, /* server_hide_http_user_agent */
1258 YYSYMBOL_server_identity = 440, /* server_identity */
1259 YYSYMBOL_server_version = 441, /* server_version */
1260 YYSYMBOL_server_http_user_agent = 442, /* server_http_user_agent */
1261 YYSYMBOL_server_nsid = 443, /* server_nsid */
1262 YYSYMBOL_server_so_rcvbuf = 444, /* server_so_rcvbuf */
1263 YYSYMBOL_server_so_sndbuf = 445, /* server_so_sndbuf */
1264 YYSYMBOL_server_so_reuseport = 446, /* server_so_reuseport */
1265 YYSYMBOL_server_ip_transparent = 447, /* server_ip_transparent */
1266 YYSYMBOL_server_ip_freebind = 448, /* server_ip_freebind */
1267 YYSYMBOL_server_ip_dscp = 449, /* server_ip_dscp */
1268 YYSYMBOL_server_stream_wait_size = 450, /* server_stream_wait_size */
1269 YYSYMBOL_server_edns_buffer_size = 451, /* server_edns_buffer_size */
1270 YYSYMBOL_server_msg_buffer_size = 452, /* server_msg_buffer_size */
1271 YYSYMBOL_server_msg_cache_size = 453, /* server_msg_cache_size */
1272 YYSYMBOL_server_msg_cache_slabs = 454, /* server_msg_cache_slabs */
1273 YYSYMBOL_server_num_queries_per_thread = 455, /* server_num_queries_per_thread */
1274 YYSYMBOL_server_jostle_timeout = 456, /* server_jostle_timeout */
1275 YYSYMBOL_server_delay_close = 457, /* server_delay_close */
1276 YYSYMBOL_server_udp_connect = 458, /* server_udp_connect */
1277 YYSYMBOL_server_unblock_lan_zones = 459, /* server_unblock_lan_zones */
1278 YYSYMBOL_server_insecure_lan_zones = 460, /* server_insecure_lan_zones */
1279 YYSYMBOL_server_rrset_cache_size = 461, /* server_rrset_cache_size */
1280 YYSYMBOL_server_rrset_cache_slabs = 462, /* server_rrset_cache_slabs */
1281 YYSYMBOL_server_infra_host_ttl = 463, /* server_infra_host_ttl */
1282 YYSYMBOL_server_infra_lame_ttl = 464, /* server_infra_lame_ttl */
1283 YYSYMBOL_server_infra_cache_numhosts = 465, /* server_infra_cache_numhosts */
1284 YYSYMBOL_server_infra_cache_lame_size = 466, /* server_infra_cache_lame_size */
1285 YYSYMBOL_server_infra_cache_slabs = 467, /* server_infra_cache_slabs */
1286 YYSYMBOL_server_infra_cache_min_rtt = 468, /* server_infra_cache_min_rtt */
1287 YYSYMBOL_server_infra_keep_probing = 469, /* server_infra_keep_probing */
1288 YYSYMBOL_server_target_fetch_policy = 470, /* server_target_fetch_policy */
1289 YYSYMBOL_server_harden_short_bufsize = 471, /* server_harden_short_bufsize */
1290 YYSYMBOL_server_harden_large_queries = 472, /* server_harden_large_queries */
1291 YYSYMBOL_server_harden_glue = 473, /* server_harden_glue */
1292 YYSYMBOL_server_harden_dnssec_stripped = 474, /* server_harden_dnssec_stripped */
1293 YYSYMBOL_server_harden_below_nxdomain = 475, /* server_harden_below_nxdomain */
1294 YYSYMBOL_server_harden_referral_path = 476, /* server_harden_referral_path */
1295 YYSYMBOL_server_harden_algo_downgrade = 477, /* server_harden_algo_downgrade */
1296 YYSYMBOL_server_use_caps_for_id = 478, /* server_use_caps_for_id */
1297 YYSYMBOL_server_caps_whitelist = 479, /* server_caps_whitelist */
1298 YYSYMBOL_server_private_address = 480, /* server_private_address */
1299 YYSYMBOL_server_private_domain = 481, /* server_private_domain */
1300 YYSYMBOL_server_prefetch = 482, /* server_prefetch */
1301 YYSYMBOL_server_prefetch_key = 483, /* server_prefetch_key */
1302 YYSYMBOL_server_deny_any = 484, /* server_deny_any */
1303 YYSYMBOL_server_unwanted_reply_threshold = 485, /* server_unwanted_reply_threshold */
1304 YYSYMBOL_server_do_not_query_address = 486, /* server_do_not_query_address */
1305 YYSYMBOL_server_do_not_query_localhost = 487, /* server_do_not_query_localhost */
1306 YYSYMBOL_server_access_control = 488, /* server_access_control */
1307 YYSYMBOL_server_module_conf = 489, /* server_module_conf */
1308 YYSYMBOL_server_val_override_date = 490, /* server_val_override_date */
1309 YYSYMBOL_server_val_sig_skew_min = 491, /* server_val_sig_skew_min */
1310 YYSYMBOL_server_val_sig_skew_max = 492, /* server_val_sig_skew_max */
1311 YYSYMBOL_server_val_max_restart = 493, /* server_val_max_restart */
1312 YYSYMBOL_server_cache_max_ttl = 494, /* server_cache_max_ttl */
1313 YYSYMBOL_server_cache_max_negative_ttl = 495, /* server_cache_max_negative_ttl */
1314 YYSYMBOL_server_cache_min_ttl = 496, /* server_cache_min_ttl */
1315 YYSYMBOL_server_bogus_ttl = 497, /* server_bogus_ttl */
1316 YYSYMBOL_server_val_clean_additional = 498, /* server_val_clean_additional */
1317 YYSYMBOL_server_val_permissive_mode = 499, /* server_val_permissive_mode */
1318 YYSYMBOL_server_aggressive_nsec = 500, /* server_aggressive_nsec */
1319 YYSYMBOL_server_ignore_cd_flag = 501, /* server_ignore_cd_flag */
1320 YYSYMBOL_server_serve_expired = 502, /* server_serve_expired */
1321 YYSYMBOL_server_serve_expired_ttl = 503, /* server_serve_expired_ttl */
1322 YYSYMBOL_server_serve_expired_ttl_reset = 504, /* server_serve_expired_ttl_reset */
1323 YYSYMBOL_server_serve_expired_reply_ttl = 505, /* server_serve_expired_reply_ttl */
1324 YYSYMBOL_server_serve_expired_client_timeout = 506, /* server_serve_expired_client_timeout */
1325 YYSYMBOL_server_serve_original_ttl = 507, /* server_serve_original_ttl */
1326 YYSYMBOL_server_fake_dsa = 508, /* server_fake_dsa */
1327 YYSYMBOL_server_fake_sha1 = 509, /* server_fake_sha1 */
1328 YYSYMBOL_server_val_log_level = 510, /* server_val_log_level */
1329 YYSYMBOL_server_val_nsec3_keysize_iterations = 511, /* server_val_nsec3_keysize_iterations */
1330 YYSYMBOL_server_zonemd_permissive_mode = 512, /* server_zonemd_permissive_mode */
1331 YYSYMBOL_server_add_holddown = 513, /* server_add_holddown */
1332 YYSYMBOL_server_del_holddown = 514, /* server_del_holddown */
1333 YYSYMBOL_server_keep_missing = 515, /* server_keep_missing */
1334 YYSYMBOL_server_permit_small_holddown = 516, /* server_permit_small_holddown */
1335 YYSYMBOL_server_key_cache_size = 517, /* server_key_cache_size */
1336 YYSYMBOL_server_key_cache_slabs = 518, /* server_key_cache_slabs */
1337 YYSYMBOL_server_neg_cache_size = 519, /* server_neg_cache_size */
1338 YYSYMBOL_server_local_zone = 520, /* server_local_zone */
1339 YYSYMBOL_server_local_data = 521, /* server_local_data */
1340 YYSYMBOL_server_local_data_ptr = 522, /* server_local_data_ptr */
1341 YYSYMBOL_server_minimal_responses = 523, /* server_minimal_responses */
1342 YYSYMBOL_server_rrset_roundrobin = 524, /* server_rrset_roundrobin */
1343 YYSYMBOL_server_unknown_server_time_limit = 525, /* server_unknown_server_time_limit */
1344 YYSYMBOL_server_max_udp_size = 526, /* server_max_udp_size */
1345 YYSYMBOL_server_dns64_prefix = 527, /* server_dns64_prefix */
1346 YYSYMBOL_server_dns64_synthall = 528, /* server_dns64_synthall */
1347 YYSYMBOL_server_dns64_ignore_aaaa = 529, /* server_dns64_ignore_aaaa */
1348 YYSYMBOL_server_define_tag = 530, /* server_define_tag */
1349 YYSYMBOL_server_local_zone_tag = 531, /* server_local_zone_tag */
1350 YYSYMBOL_server_access_control_tag = 532, /* server_access_control_tag */
1351 YYSYMBOL_server_access_control_tag_action = 533, /* server_access_control_tag_action */
1352 YYSYMBOL_server_access_control_tag_data = 534, /* server_access_control_tag_data */
1353 YYSYMBOL_server_local_zone_override = 535, /* server_local_zone_override */
1354 YYSYMBOL_server_access_control_view = 536, /* server_access_control_view */
1355 YYSYMBOL_server_response_ip_tag = 537, /* server_response_ip_tag */
1356 YYSYMBOL_server_ip_ratelimit = 538, /* server_ip_ratelimit */
1357 YYSYMBOL_server_ratelimit = 539, /* server_ratelimit */
1358 YYSYMBOL_server_ip_ratelimit_size = 540, /* server_ip_ratelimit_size */
1359 YYSYMBOL_server_ratelimit_size = 541, /* server_ratelimit_size */
1360 YYSYMBOL_server_ip_ratelimit_slabs = 542, /* server_ip_ratelimit_slabs */
1361 YYSYMBOL_server_ratelimit_slabs = 543, /* server_ratelimit_slabs */
1362 YYSYMBOL_server_ratelimit_for_domain = 544, /* server_ratelimit_for_domain */
1363 YYSYMBOL_server_ratelimit_below_domain = 545, /* server_ratelimit_below_domain */
1364 YYSYMBOL_server_ip_ratelimit_factor = 546, /* server_ip_ratelimit_factor */
1365 YYSYMBOL_server_ratelimit_factor = 547, /* server_ratelimit_factor */
1366 YYSYMBOL_server_ip_ratelimit_backoff = 548, /* server_ip_ratelimit_backoff */
1367 YYSYMBOL_server_ratelimit_backoff = 549, /* server_ratelimit_backoff */
1368 YYSYMBOL_server_outbound_msg_retry = 550, /* server_outbound_msg_retry */
1369 YYSYMBOL_server_low_rtt = 551, /* server_low_rtt */
1370 YYSYMBOL_server_fast_server_num = 552, /* server_fast_server_num */
1371 YYSYMBOL_server_fast_server_permil = 553, /* server_fast_server_permil */
1372 YYSYMBOL_server_qname_minimisation = 554, /* server_qname_minimisation */
1373 YYSYMBOL_server_qname_minimisation_strict = 555, /* server_qname_minimisation_strict */
1374 YYSYMBOL_server_pad_responses = 556, /* server_pad_responses */
1375 YYSYMBOL_server_pad_responses_block_size = 557, /* server_pad_responses_block_size */
1376 YYSYMBOL_server_pad_queries = 558, /* server_pad_queries */
1377 YYSYMBOL_server_pad_queries_block_size = 559, /* server_pad_queries_block_size */
1378 YYSYMBOL_server_ipsecmod_enabled = 560, /* server_ipsecmod_enabled */
1379 YYSYMBOL_server_ipsecmod_ignore_bogus = 561, /* server_ipsecmod_ignore_bogus */
1380 YYSYMBOL_server_ipsecmod_hook = 562, /* server_ipsecmod_hook */
1381 YYSYMBOL_server_ipsecmod_max_ttl = 563, /* server_ipsecmod_max_ttl */
1382 YYSYMBOL_server_ipsecmod_whitelist = 564, /* server_ipsecmod_whitelist */
1383 YYSYMBOL_server_ipsecmod_strict = 565, /* server_ipsecmod_strict */
1384 YYSYMBOL_server_edns_client_string = 566, /* server_edns_client_string */
1385 YYSYMBOL_server_edns_client_string_opcode = 567, /* server_edns_client_string_opcode */
1386 YYSYMBOL_stub_name = 568, /* stub_name */
1387 YYSYMBOL_stub_host = 569, /* stub_host */
1388 YYSYMBOL_stub_addr = 570, /* stub_addr */
1389 YYSYMBOL_stub_first = 571, /* stub_first */
1390 YYSYMBOL_stub_no_cache = 572, /* stub_no_cache */
1391 YYSYMBOL_stub_ssl_upstream = 573, /* stub_ssl_upstream */
1392 YYSYMBOL_stub_tcp_upstream = 574, /* stub_tcp_upstream */
1393 YYSYMBOL_stub_prime = 575, /* stub_prime */
1394 YYSYMBOL_forward_name = 576, /* forward_name */
1395 YYSYMBOL_forward_host = 577, /* forward_host */
1396 YYSYMBOL_forward_addr = 578, /* forward_addr */
1397 YYSYMBOL_forward_first = 579, /* forward_first */
1398 YYSYMBOL_forward_no_cache = 580, /* forward_no_cache */
1399 YYSYMBOL_forward_ssl_upstream = 581, /* forward_ssl_upstream */
1400 YYSYMBOL_forward_tcp_upstream = 582, /* forward_tcp_upstream */
1401 YYSYMBOL_auth_name = 583, /* auth_name */
1402 YYSYMBOL_auth_zonefile = 584, /* auth_zonefile */
1403 YYSYMBOL_auth_master = 585, /* auth_master */
1404 YYSYMBOL_auth_url = 586, /* auth_url */
1405 YYSYMBOL_auth_allow_notify = 587, /* auth_allow_notify */
1406 YYSYMBOL_auth_zonemd_check = 588, /* auth_zonemd_check */
1407 YYSYMBOL_auth_zonemd_reject_absence = 589, /* auth_zonemd_reject_absence */
1408 YYSYMBOL_auth_for_downstream = 590, /* auth_for_downstream */
1409 YYSYMBOL_auth_for_upstream = 591, /* auth_for_upstream */
1410 YYSYMBOL_auth_fallback_enabled = 592, /* auth_fallback_enabled */
1411 YYSYMBOL_view_name = 593, /* view_name */
1412 YYSYMBOL_view_local_zone = 594, /* view_local_zone */
1413 YYSYMBOL_view_response_ip = 595, /* view_response_ip */
1414 YYSYMBOL_view_response_ip_data = 596, /* view_response_ip_data */
1415 YYSYMBOL_view_local_data = 597, /* view_local_data */
1416 YYSYMBOL_view_local_data_ptr = 598, /* view_local_data_ptr */
1417 YYSYMBOL_view_first = 599, /* view_first */
1418 YYSYMBOL_rcstart = 600, /* rcstart */
1419 YYSYMBOL_contents_rc = 601, /* contents_rc */
1420 YYSYMBOL_content_rc = 602, /* content_rc */
1421 YYSYMBOL_rc_control_enable = 603, /* rc_control_enable */
1422 YYSYMBOL_rc_control_port = 604, /* rc_control_port */
1423 YYSYMBOL_rc_control_interface = 605, /* rc_control_interface */
1424 YYSYMBOL_rc_control_use_cert = 606, /* rc_control_use_cert */
1425 YYSYMBOL_rc_server_key_file = 607, /* rc_server_key_file */
1426 YYSYMBOL_rc_server_cert_file = 608, /* rc_server_cert_file */
1427 YYSYMBOL_rc_control_key_file = 609, /* rc_control_key_file */
1428 YYSYMBOL_rc_control_cert_file = 610, /* rc_control_cert_file */
1429 YYSYMBOL_dtstart = 611, /* dtstart */
1430 YYSYMBOL_contents_dt = 612, /* contents_dt */
1431 YYSYMBOL_content_dt = 613, /* content_dt */
1432 YYSYMBOL_dt_dnstap_enable = 614, /* dt_dnstap_enable */
1433 YYSYMBOL_dt_dnstap_bidirectional = 615, /* dt_dnstap_bidirectional */
1434 YYSYMBOL_dt_dnstap_socket_path = 616, /* dt_dnstap_socket_path */
1435 YYSYMBOL_dt_dnstap_ip = 617, /* dt_dnstap_ip */
1436 YYSYMBOL_dt_dnstap_tls = 618, /* dt_dnstap_tls */
1437 YYSYMBOL_dt_dnstap_tls_server_name = 619, /* dt_dnstap_tls_server_name */
1438 YYSYMBOL_dt_dnstap_tls_cert_bundle = 620, /* dt_dnstap_tls_cert_bundle */
1439 YYSYMBOL_dt_dnstap_tls_client_key_file = 621, /* dt_dnstap_tls_client_key_file */
1440 YYSYMBOL_dt_dnstap_tls_client_cert_file = 622, /* dt_dnstap_tls_client_cert_file */
1441 YYSYMBOL_dt_dnstap_send_identity = 623, /* dt_dnstap_send_identity */
1442 YYSYMBOL_dt_dnstap_send_version = 624, /* dt_dnstap_send_version */
1443 YYSYMBOL_dt_dnstap_identity = 625, /* dt_dnstap_identity */
1444 YYSYMBOL_dt_dnstap_version = 626, /* dt_dnstap_version */
1445 YYSYMBOL_dt_dnstap_log_resolver_query_messages = 627, /* dt_dnstap_log_resolver_query_messages */
1446 YYSYMBOL_dt_dnstap_log_resolver_response_messages = 628, /* dt_dnstap_log_resolver_response_messages */
1447 YYSYMBOL_dt_dnstap_log_client_query_messages = 629, /* dt_dnstap_log_client_query_messages */
1448 YYSYMBOL_dt_dnstap_log_client_response_messages = 630, /* dt_dnstap_log_client_response_messages */
1449 YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 631, /* dt_dnstap_log_forwarder_query_messages */
1450 YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 632, /* dt_dnstap_log_forwarder_response_messages */
1451 YYSYMBOL_pythonstart = 633, /* pythonstart */
1452 YYSYMBOL_contents_py = 634, /* contents_py */
1453 YYSYMBOL_content_py = 635, /* content_py */
1454 YYSYMBOL_py_script = 636, /* py_script */
1455 YYSYMBOL_dynlibstart = 637, /* dynlibstart */
1456 YYSYMBOL_contents_dl = 638, /* contents_dl */
1457 YYSYMBOL_content_dl = 639, /* content_dl */
1458 YYSYMBOL_dl_file = 640, /* dl_file */
1459 YYSYMBOL_server_disable_dnssec_lame_check = 641, /* server_disable_dnssec_lame_check */
1460 YYSYMBOL_server_log_identity = 642, /* server_log_identity */
1461 YYSYMBOL_server_response_ip = 643, /* server_response_ip */
1462 YYSYMBOL_server_response_ip_data = 644, /* server_response_ip_data */
1463 YYSYMBOL_dnscstart = 645, /* dnscstart */
1464 YYSYMBOL_contents_dnsc = 646, /* contents_dnsc */
1465 YYSYMBOL_content_dnsc = 647, /* content_dnsc */
1466 YYSYMBOL_dnsc_dnscrypt_enable = 648, /* dnsc_dnscrypt_enable */
1467 YYSYMBOL_dnsc_dnscrypt_port = 649, /* dnsc_dnscrypt_port */
1468 YYSYMBOL_dnsc_dnscrypt_provider = 650, /* dnsc_dnscrypt_provider */
1469 YYSYMBOL_dnsc_dnscrypt_provider_cert = 651, /* dnsc_dnscrypt_provider_cert */
1470 YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 652, /* dnsc_dnscrypt_provider_cert_rotated */
1471 YYSYMBOL_dnsc_dnscrypt_secret_key = 653, /* dnsc_dnscrypt_secret_key */
1472 YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 654, /* dnsc_dnscrypt_shared_secret_cache_size */
1473 YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 655, /* dnsc_dnscrypt_shared_secret_cache_slabs */
1474 YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 656, /* dnsc_dnscrypt_nonce_cache_size */
1475 YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 657, /* dnsc_dnscrypt_nonce_cache_slabs */
1476 YYSYMBOL_cachedbstart = 658, /* cachedbstart */
1477 YYSYMBOL_contents_cachedb = 659, /* contents_cachedb */
1478 YYSYMBOL_content_cachedb = 660, /* content_cachedb */
1479 YYSYMBOL_cachedb_backend_name = 661, /* cachedb_backend_name */
1480 YYSYMBOL_cachedb_secret_seed = 662, /* cachedb_secret_seed */
1481 YYSYMBOL_redis_server_host = 663, /* redis_server_host */
1482 YYSYMBOL_redis_server_port = 664, /* redis_server_port */
1483 YYSYMBOL_redis_timeout = 665, /* redis_timeout */
1484 YYSYMBOL_redis_expire_records = 666, /* redis_expire_records */
1485 YYSYMBOL_server_tcp_connection_limit = 667, /* server_tcp_connection_limit */
1486 YYSYMBOL_ipsetstart = 668, /* ipsetstart */
1487 YYSYMBOL_contents_ipset = 669, /* contents_ipset */
1488 YYSYMBOL_content_ipset = 670, /* content_ipset */
1489 YYSYMBOL_ipset_name_v4 = 671, /* ipset_name_v4 */
1490 YYSYMBOL_ipset_name_v6 = 672 /* ipset_name_v6 */
14311491 };
14321492 typedef enum yysymbol_kind_t yysymbol_kind_t;
14331493
17371797 /* YYFINAL -- State number of the termination state. */
17381798 #define YYFINAL 2
17391799 /* YYLAST -- Last index in YYTABLE. */
1740 #define YYLAST 652
1800 #define YYLAST 687
17411801
17421802 /* YYNTOKENS -- Number of terminals. */
1743 #define YYNTOKENS 309
1803 #define YYNTOKENS 324
17441804 /* YYNNTS -- Number of nonterminals. */
1745 #define YYNNTS 334
1805 #define YYNNTS 349
17461806 /* YYNRULES -- Number of rules. */
1747 #define YYNRULES 644
1807 #define YYNRULES 675
17481808 /* YYNSTATES -- Number of states. */
1749 #define YYNSTATES 957
1750
1751 #define YYMAXUTOK 563
1809 #define YYNSTATES 1003
1810
1811 #define YYMAXUTOK 578
17521812
17531813
17541814 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM
18181878 275, 276, 277, 278, 279, 280, 281, 282, 283, 284,
18191879 285, 286, 287, 288, 289, 290, 291, 292, 293, 294,
18201880 295, 296, 297, 298, 299, 300, 301, 302, 303, 304,
1821 305, 306, 307, 308
1881 305, 306, 307, 308, 309, 310, 311, 312, 313, 314,
1882 315, 316, 317, 318, 319, 320, 321, 322, 323
18221883 };
18231884
18241885 #if YYDEBUG
18251886 /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */
18261887 static const yytype_int16 yyrline[] =
18271888 {
1828 0, 187, 187, 187, 188, 188, 189, 189, 190, 190,
1829 190, 191, 191, 192, 192, 193, 193, 194, 196, 202,
1830 207, 208, 209, 209, 209, 210, 210, 211, 211, 211,
1831 212, 212, 213, 213, 213, 214, 214, 215, 215, 215,
1832 216, 216, 216, 217, 217, 218, 218, 219, 219, 220,
1833 220, 221, 221, 222, 222, 223, 223, 224, 224, 225,
1834 225, 225, 226, 226, 226, 227, 227, 227, 228, 228,
1835 229, 229, 230, 230, 231, 231, 232, 232, 232, 233,
1836 233, 234, 234, 235, 235, 235, 236, 236, 237, 237,
1837 238, 238, 239, 239, 239, 240, 240, 241, 241, 242,
1838 242, 243, 243, 244, 244, 245, 245, 245, 246, 246,
1839 247, 247, 247, 248, 248, 248, 249, 249, 249, 250,
1840 250, 250, 250, 251, 252, 252, 252, 253, 253, 253,
1841 254, 254, 255, 255, 256, 256, 256, 257, 257, 257,
1842 258, 258, 259, 259, 259, 260, 260, 261, 261, 261,
1843 262, 262, 263, 263, 264, 264, 265, 266, 266, 267,
1844 267, 268, 268, 269, 270, 270, 271, 271, 272, 272,
1845 273, 273, 274, 274, 275, 275, 275, 276, 276, 277,
1846 277, 278, 278, 279, 280, 280, 281, 281, 282, 283,
1847 283, 284, 284, 285, 285, 286, 286, 287, 287, 287,
1848 288, 288, 288, 289, 289, 290, 291, 291, 292, 292,
1849 293, 293, 294, 294, 295, 295, 295, 296, 296, 296,
1850 297, 297, 297, 298, 298, 299, 299, 300, 300, 301,
1851 301, 302, 302, 304, 316, 317, 318, 318, 318, 318,
1852 318, 319, 319, 321, 333, 334, 335, 335, 335, 335,
1853 336, 336, 338, 352, 353, 354, 354, 354, 354, 355,
1854 355, 355, 357, 374, 375, 376, 376, 376, 376, 377,
1855 377, 377, 378, 381, 400, 417, 425, 435, 443, 460,
1856 461, 462, 462, 462, 462, 462, 463, 463, 463, 464,
1857 464, 466, 475, 484, 495, 504, 513, 522, 533, 542,
1858 554, 568, 583, 594, 611, 628, 645, 662, 677, 692,
1859 705, 720, 729, 738, 747, 756, 765, 774, 783, 792,
1860 801, 810, 819, 828, 837, 846, 859, 868, 881, 890,
1861 899, 908, 915, 922, 931, 938, 947, 955, 962, 969,
1862 977, 986, 994, 1010, 1018, 1026, 1034, 1042, 1050, 1059,
1863 1068, 1082, 1091, 1100, 1109, 1118, 1127, 1136, 1143, 1150,
1864 1176, 1184, 1191, 1198, 1205, 1212, 1220, 1228, 1236, 1243,
1865 1254, 1265, 1272, 1281, 1290, 1299, 1306, 1313, 1329, 1337,
1866 1345, 1355, 1365, 1375, 1389, 1397, 1410, 1421, 1429, 1442,
1867 1451, 1460, 1469, 1478, 1488, 1498, 1506, 1519, 1528, 1536,
1868 1545, 1553, 1566, 1575, 1585, 1592, 1602, 1612, 1622, 1632,
1869 1642, 1652, 1662, 1672, 1679, 1686, 1693, 1702, 1711, 1720,
1870 1729, 1736, 1746, 1766, 1773, 1791, 1804, 1817, 1826, 1835,
1871 1844, 1853, 1863, 1873, 1884, 1893, 1902, 1911, 1920, 1929,
1872 1938, 1947, 1960, 1973, 1982, 1989, 1998, 2007, 2016, 2025,
1873 2033, 2046, 2054, 2099, 2106, 2121, 2131, 2141, 2148, 2155,
1874 2162, 2171, 2179, 2193, 2214, 2235, 2247, 2259, 2271, 2280,
1875 2301, 2311, 2320, 2328, 2336, 2349, 2362, 2377, 2392, 2401,
1876 2410, 2416, 2425, 2434, 2444, 2454, 2464, 2473, 2483, 2492,
1877 2505, 2518, 2530, 2544, 2556, 2570, 2579, 2591, 2601, 2608,
1878 2615, 2624, 2633, 2643, 2653, 2663, 2670, 2677, 2686, 2695,
1879 2705, 2715, 2722, 2729, 2736, 2744, 2754, 2764, 2774, 2784,
1880 2823, 2833, 2841, 2849, 2864, 2873, 2878, 2879, 2880, 2880,
1881 2880, 2881, 2881, 2881, 2882, 2882, 2884, 2894, 2903, 2910,
1882 2917, 2924, 2931, 2938, 2945, 2950, 2951, 2952, 2952, 2952,
1883 2953, 2953, 2953, 2954, 2955, 2955, 2956, 2956, 2957, 2957,
1884 2958, 2959, 2960, 2961, 2962, 2963, 2965, 2974, 2984, 2991,
1885 2998, 3007, 3014, 3021, 3028, 3035, 3044, 3053, 3060, 3067,
1886 3077, 3087, 3097, 3107, 3117, 3127, 3132, 3133, 3134, 3136,
1887 3142, 3147, 3148, 3149, 3151, 3157, 3167, 3174, 3183, 3191,
1888 3196, 3197, 3199, 3199, 3199, 3200, 3200, 3201, 3202, 3203,
1889 3204, 3205, 3207, 3217, 3226, 3233, 3242, 3249, 3258, 3266,
1890 3279, 3287, 3300, 3305, 3306, 3307, 3307, 3308, 3308, 3308,
1891 3309, 3311, 3323, 3335, 3347, 3362, 3375, 3388, 3399, 3404,
1892 3405, 3406, 3406, 3408, 3423
1889 0, 194, 194, 194, 195, 195, 196, 196, 197, 197,
1890 197, 198, 198, 199, 199, 200, 200, 201, 203, 209,
1891 214, 215, 216, 216, 216, 217, 217, 218, 218, 218,
1892 219, 219, 220, 220, 220, 221, 221, 222, 222, 222,
1893 223, 223, 223, 224, 224, 225, 225, 226, 226, 227,
1894 227, 228, 228, 229, 229, 230, 230, 231, 231, 232,
1895 232, 232, 233, 233, 234, 234, 234, 235, 235, 235,
1896 236, 236, 237, 237, 238, 238, 239, 239, 240, 240,
1897 240, 241, 241, 242, 242, 243, 243, 243, 244, 244,
1898 245, 245, 246, 246, 247, 247, 247, 248, 248, 249,
1899 249, 250, 250, 251, 251, 252, 252, 253, 253, 254,
1900 254, 255, 255, 256, 256, 256, 257, 257, 257, 258,
1901 258, 258, 259, 259, 259, 259, 260, 261, 261, 261,
1902 262, 262, 262, 263, 263, 264, 264, 265, 265, 265,
1903 266, 266, 266, 267, 267, 268, 268, 268, 269, 269,
1904 270, 270, 270, 271, 271, 272, 272, 273, 273, 274,
1905 275, 275, 276, 276, 277, 277, 278, 278, 279, 279,
1906 280, 280, 281, 281, 282, 282, 283, 283, 284, 284,
1907 285, 285, 285, 286, 286, 287, 287, 288, 288, 289,
1908 290, 290, 291, 291, 292, 293, 293, 294, 294, 295,
1909 295, 296, 296, 297, 297, 297, 298, 298, 298, 299,
1910 299, 300, 301, 301, 302, 302, 303, 303, 304, 304,
1911 305, 305, 305, 306, 306, 306, 307, 307, 307, 308,
1912 308, 309, 309, 310, 310, 311, 311, 312, 312, 313,
1913 313, 314, 314, 317, 330, 331, 332, 332, 332, 332,
1914 332, 333, 333, 333, 335, 348, 349, 350, 350, 350,
1915 350, 351, 351, 351, 353, 368, 369, 370, 370, 370,
1916 370, 371, 371, 371, 373, 393, 394, 395, 395, 395,
1917 395, 396, 396, 396, 397, 397, 397, 400, 419, 436,
1918 444, 454, 461, 471, 489, 490, 491, 491, 491, 491,
1919 491, 492, 492, 492, 493, 493, 493, 493, 495, 504,
1920 513, 524, 533, 542, 551, 562, 571, 583, 597, 612,
1921 623, 640, 657, 674, 691, 706, 721, 734, 749, 758,
1922 767, 776, 785, 794, 803, 812, 821, 830, 839, 848,
1923 857, 866, 875, 888, 899, 910, 921, 930, 943, 952,
1924 961, 970, 977, 984, 993, 1000, 1009, 1017, 1024, 1031,
1925 1039, 1048, 1056, 1072, 1080, 1088, 1096, 1104, 1112, 1121,
1926 1130, 1144, 1153, 1162, 1171, 1180, 1189, 1198, 1205, 1212,
1927 1238, 1246, 1253, 1260, 1267, 1274, 1282, 1290, 1298, 1305,
1928 1316, 1327, 1334, 1343, 1352, 1361, 1370, 1377, 1384, 1391,
1929 1407, 1415, 1423, 1433, 1443, 1453, 1467, 1475, 1488, 1499,
1930 1507, 1520, 1529, 1538, 1547, 1556, 1566, 1576, 1584, 1597,
1931 1606, 1614, 1623, 1631, 1644, 1653, 1663, 1670, 1680, 1690,
1932 1700, 1710, 1720, 1730, 1740, 1750, 1757, 1764, 1771, 1780,
1933 1789, 1798, 1807, 1814, 1824, 1844, 1851, 1869, 1882, 1895,
1934 1908, 1917, 1926, 1935, 1944, 1954, 1964, 1975, 1984, 1993,
1935 2002, 2011, 2020, 2029, 2038, 2051, 2064, 2073, 2080, 2089,
1936 2098, 2107, 2116, 2125, 2133, 2146, 2154, 2199, 2206, 2221,
1937 2231, 2241, 2248, 2255, 2262, 2271, 2279, 2293, 2314, 2335,
1938 2347, 2359, 2371, 2380, 2401, 2410, 2419, 2427, 2435, 2448,
1939 2461, 2476, 2491, 2500, 2509, 2519, 2529, 2538, 2544, 2553,
1940 2562, 2572, 2582, 2592, 2601, 2611, 2620, 2633, 2646, 2658,
1941 2672, 2684, 2698, 2707, 2719, 2729, 2736, 2743, 2752, 2761,
1942 2771, 2781, 2791, 2801, 2808, 2815, 2824, 2833, 2843, 2853,
1943 2863, 2870, 2877, 2884, 2892, 2902, 2912, 2922, 2932, 2942,
1944 2952, 2998, 3008, 3016, 3024, 3039, 3048, 3053, 3054, 3055,
1945 3055, 3055, 3056, 3056, 3056, 3057, 3057, 3059, 3069, 3078,
1946 3085, 3092, 3099, 3106, 3113, 3120, 3125, 3126, 3127, 3127,
1947 3127, 3128, 3128, 3128, 3129, 3130, 3130, 3131, 3131, 3132,
1948 3132, 3133, 3134, 3135, 3136, 3137, 3138, 3140, 3149, 3159,
1949 3166, 3173, 3182, 3189, 3196, 3203, 3210, 3219, 3228, 3235,
1950 3242, 3252, 3262, 3272, 3282, 3292, 3302, 3307, 3308, 3309,
1951 3311, 3317, 3322, 3323, 3324, 3326, 3332, 3342, 3349, 3358,
1952 3366, 3371, 3372, 3374, 3374, 3374, 3375, 3375, 3376, 3377,
1953 3378, 3379, 3380, 3382, 3392, 3401, 3408, 3417, 3424, 3433,
1954 3441, 3454, 3462, 3475, 3480, 3481, 3482, 3482, 3483, 3483,
1955 3483, 3484, 3486, 3498, 3510, 3522, 3537, 3550, 3563, 3574,
1956 3579, 3580, 3581, 3581, 3583, 3598
18931957 };
18941958 #endif
18951959
19382002 "VAR_PRIVATE_DOMAIN", "VAR_REMOTE_CONTROL", "VAR_CONTROL_ENABLE",
19392003 "VAR_CONTROL_INTERFACE", "VAR_CONTROL_PORT", "VAR_SERVER_KEY_FILE",
19402004 "VAR_SERVER_CERT_FILE", "VAR_CONTROL_KEY_FILE", "VAR_CONTROL_CERT_FILE",
1941 "VAR_CONTROL_USE_CERT", "VAR_EXTENDED_STATISTICS", "VAR_LOCAL_DATA_PTR",
1942 "VAR_JOSTLE_TIMEOUT", "VAR_STUB_PRIME", "VAR_UNWANTED_REPLY_THRESHOLD",
1943 "VAR_LOG_TIME_ASCII", "VAR_DOMAIN_INSECURE", "VAR_PYTHON",
1944 "VAR_PYTHON_SCRIPT", "VAR_VAL_SIG_SKEW_MIN", "VAR_VAL_SIG_SKEW_MAX",
2005 "VAR_CONTROL_USE_CERT", "VAR_TCP_REUSE_TIMEOUT",
2006 "VAR_MAX_REUSE_TCP_QUERIES", "VAR_EXTENDED_STATISTICS",
2007 "VAR_LOCAL_DATA_PTR", "VAR_JOSTLE_TIMEOUT", "VAR_STUB_PRIME",
2008 "VAR_UNWANTED_REPLY_THRESHOLD", "VAR_LOG_TIME_ASCII",
2009 "VAR_DOMAIN_INSECURE", "VAR_PYTHON", "VAR_PYTHON_SCRIPT",
2010 "VAR_VAL_SIG_SKEW_MIN", "VAR_VAL_SIG_SKEW_MAX", "VAR_VAL_MAX_RESTART",
19452011 "VAR_CACHE_MIN_TTL", "VAR_VAL_LOG_LEVEL", "VAR_AUTO_TRUST_ANCHOR_FILE",
19462012 "VAR_KEEP_MISSING", "VAR_ADD_HOLDDOWN", "VAR_DEL_HOLDDOWN",
19472013 "VAR_SO_RCVBUF", "VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH",
19482014 "VAR_PREFETCH_KEY", "VAR_SO_SNDBUF", "VAR_SO_REUSEPORT",
19492015 "VAR_HARDEN_BELOW_NXDOMAIN", "VAR_IGNORE_CD_FLAG", "VAR_LOG_QUERIES",
19502016 "VAR_LOG_REPLIES", "VAR_LOG_LOCAL_ACTIONS", "VAR_TCP_UPSTREAM",
1951 "VAR_SSL_UPSTREAM", "VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM",
1952 "VAR_SSL_PORT", "VAR_FORWARD_FIRST", "VAR_STUB_SSL_UPSTREAM",
1953 "VAR_FORWARD_SSL_UPSTREAM", "VAR_TLS_CERT_BUNDLE", "VAR_HTTPS_PORT",
1954 "VAR_HTTP_ENDPOINT", "VAR_HTTP_MAX_STREAMS",
1955 "VAR_HTTP_QUERY_BUFFER_SIZE", "VAR_HTTP_RESPONSE_BUFFER_SIZE",
1956 "VAR_HTTP_NODELAY", "VAR_HTTP_NOTLS_DOWNSTREAM", "VAR_STUB_FIRST",
1957 "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE",
1958 "VAR_DELAY_CLOSE", "VAR_UDP_CONNECT", "VAR_UNBLOCK_LAN_ZONES",
1959 "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT",
1960 "VAR_INFRA_KEEP_PROBING", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL",
1961 "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE",
1962 "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", "VAR_DNSTAP_TLS",
1963 "VAR_DNSTAP_TLS_SERVER_NAME", "VAR_DNSTAP_TLS_CERT_BUNDLE",
1964 "VAR_DNSTAP_TLS_CLIENT_KEY_FILE", "VAR_DNSTAP_TLS_CLIENT_CERT_FILE",
1965 "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION",
1966 "VAR_DNSTAP_BIDIRECTIONAL", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION",
2017 "VAR_SSL_UPSTREAM", "VAR_TCP_AUTH_QUERY_TIMEOUT", "VAR_SSL_SERVICE_KEY",
2018 "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", "VAR_FORWARD_FIRST",
2019 "VAR_STUB_SSL_UPSTREAM", "VAR_FORWARD_SSL_UPSTREAM",
2020 "VAR_TLS_CERT_BUNDLE", "VAR_STUB_TCP_UPSTREAM",
2021 "VAR_FORWARD_TCP_UPSTREAM", "VAR_HTTPS_PORT", "VAR_HTTP_ENDPOINT",
2022 "VAR_HTTP_MAX_STREAMS", "VAR_HTTP_QUERY_BUFFER_SIZE",
2023 "VAR_HTTP_RESPONSE_BUFFER_SIZE", "VAR_HTTP_NODELAY",
2024 "VAR_HTTP_NOTLS_DOWNSTREAM", "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES",
2025 "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", "VAR_DELAY_CLOSE",
2026 "VAR_UDP_CONNECT", "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES",
2027 "VAR_INFRA_CACHE_MIN_RTT", "VAR_INFRA_KEEP_PROBING", "VAR_DNS64_PREFIX",
2028 "VAR_DNS64_SYNTHALL", "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP",
2029 "VAR_DNSTAP_ENABLE", "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP",
2030 "VAR_DNSTAP_TLS", "VAR_DNSTAP_TLS_SERVER_NAME",
2031 "VAR_DNSTAP_TLS_CERT_BUNDLE", "VAR_DNSTAP_TLS_CLIENT_KEY_FILE",
2032 "VAR_DNSTAP_TLS_CLIENT_CERT_FILE", "VAR_DNSTAP_SEND_IDENTITY",
2033 "VAR_DNSTAP_SEND_VERSION", "VAR_DNSTAP_BIDIRECTIONAL",
2034 "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION",
19672035 "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES",
19682036 "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES",
19692037 "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES",
19742042 "VAR_IP_TRANSPARENT", "VAR_IP_DSCP", "VAR_DISABLE_DNSSEC_LAME_CHECK",
19752043 "VAR_IP_RATELIMIT", "VAR_IP_RATELIMIT_SLABS", "VAR_IP_RATELIMIT_SIZE",
19762044 "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE",
1977 "VAR_RATELIMIT_FOR_DOMAIN", "VAR_RATELIMIT_BELOW_DOMAIN",
1978 "VAR_IP_RATELIMIT_FACTOR", "VAR_RATELIMIT_FACTOR",
1979 "VAR_SEND_CLIENT_SUBNET", "VAR_CLIENT_SUBNET_ZONE",
1980 "VAR_CLIENT_SUBNET_ALWAYS_FORWARD", "VAR_CLIENT_SUBNET_OPCODE",
1981 "VAR_MAX_CLIENT_SUBNET_IPV4", "VAR_MAX_CLIENT_SUBNET_IPV6",
1982 "VAR_MIN_CLIENT_SUBNET_IPV4", "VAR_MIN_CLIENT_SUBNET_IPV6",
1983 "VAR_MAX_ECS_TREE_SIZE_IPV4", "VAR_MAX_ECS_TREE_SIZE_IPV6",
1984 "VAR_CAPS_WHITELIST", "VAR_CACHE_MAX_NEGATIVE_TTL",
1985 "VAR_PERMIT_SMALL_HOLDDOWN", "VAR_QNAME_MINIMISATION",
1986 "VAR_QNAME_MINIMISATION_STRICT", "VAR_IP_FREEBIND", "VAR_DEFINE_TAG",
1987 "VAR_LOCAL_ZONE_TAG", "VAR_ACCESS_CONTROL_TAG",
1988 "VAR_LOCAL_ZONE_OVERRIDE", "VAR_ACCESS_CONTROL_TAG_ACTION",
1989 "VAR_ACCESS_CONTROL_TAG_DATA", "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW",
1990 "VAR_VIEW_FIRST", "VAR_SERVE_EXPIRED", "VAR_SERVE_EXPIRED_TTL",
2045 "VAR_OUTBOUND_MSG_RETRY", "VAR_RATELIMIT_FOR_DOMAIN",
2046 "VAR_RATELIMIT_BELOW_DOMAIN", "VAR_IP_RATELIMIT_FACTOR",
2047 "VAR_RATELIMIT_FACTOR", "VAR_IP_RATELIMIT_BACKOFF",
2048 "VAR_RATELIMIT_BACKOFF", "VAR_SEND_CLIENT_SUBNET",
2049 "VAR_CLIENT_SUBNET_ZONE", "VAR_CLIENT_SUBNET_ALWAYS_FORWARD",
2050 "VAR_CLIENT_SUBNET_OPCODE", "VAR_MAX_CLIENT_SUBNET_IPV4",
2051 "VAR_MAX_CLIENT_SUBNET_IPV6", "VAR_MIN_CLIENT_SUBNET_IPV4",
2052 "VAR_MIN_CLIENT_SUBNET_IPV6", "VAR_MAX_ECS_TREE_SIZE_IPV4",
2053 "VAR_MAX_ECS_TREE_SIZE_IPV6", "VAR_CAPS_WHITELIST",
2054 "VAR_CACHE_MAX_NEGATIVE_TTL", "VAR_PERMIT_SMALL_HOLDDOWN",
2055 "VAR_QNAME_MINIMISATION", "VAR_QNAME_MINIMISATION_STRICT",
2056 "VAR_IP_FREEBIND", "VAR_DEFINE_TAG", "VAR_LOCAL_ZONE_TAG",
2057 "VAR_ACCESS_CONTROL_TAG", "VAR_LOCAL_ZONE_OVERRIDE",
2058 "VAR_ACCESS_CONTROL_TAG_ACTION", "VAR_ACCESS_CONTROL_TAG_DATA",
2059 "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", "VAR_VIEW_FIRST",
2060 "VAR_SERVE_EXPIRED", "VAR_SERVE_EXPIRED_TTL",
19912061 "VAR_SERVE_EXPIRED_TTL_RESET", "VAR_SERVE_EXPIRED_REPLY_TTL",
19922062 "VAR_SERVE_EXPIRED_CLIENT_TIMEOUT", "VAR_SERVE_ORIGINAL_TTL",
19932063 "VAR_FAKE_DSA", "VAR_FAKE_SHA1", "VAR_LOG_IDENTITY",
1994 "VAR_HIDE_TRUSTANCHOR", "VAR_TRUST_ANCHOR_SIGNALING",
2064 "VAR_HIDE_TRUSTANCHOR", "VAR_HIDE_HTTP_USER_AGENT",
2065 "VAR_HTTP_USER_AGENT", "VAR_TRUST_ANCHOR_SIGNALING",
19952066 "VAR_AGGRESSIVE_NSEC", "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE",
19962067 "VAR_SHM_KEY", "VAR_ROOT_KEY_SENTINEL", "VAR_DNSCRYPT",
19972068 "VAR_DNSCRYPT_ENABLE", "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER",
20202091 "VAR_RPZ_ACTION_OVERRIDE", "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG",
20212092 "VAR_RPZ_LOG_NAME", "VAR_DYNLIB", "VAR_DYNLIB_FILE",
20222093 "VAR_EDNS_CLIENT_STRING", "VAR_EDNS_CLIENT_STRING_OPCODE", "VAR_NSID",
2023 "$accept", "toplevelvars", "toplevelvar", "force_toplevel",
2024 "serverstart", "contents_server", "content_server", "stubstart",
2025 "contents_stub", "content_stub", "forwardstart", "contents_forward",
2026 "content_forward", "viewstart", "contents_view", "content_view",
2027 "authstart", "contents_auth", "content_auth", "rpz_tag",
2028 "rpz_action_override", "rpz_cname_override", "rpz_log", "rpz_log_name",
2029 "rpzstart", "contents_rpz", "content_rpz", "server_num_threads",
2030 "server_verbosity", "server_statistics_interval",
2094 "VAR_ZONEMD_PERMISSIVE_MODE", "VAR_ZONEMD_CHECK",
2095 "VAR_ZONEMD_REJECT_ABSENCE", "VAR_RPZ_SIGNAL_NXDOMAIN_RA", "$accept",
2096 "toplevelvars", "toplevelvar", "force_toplevel", "serverstart",
2097 "contents_server", "content_server", "stubstart", "contents_stub",
2098 "content_stub", "forwardstart", "contents_forward", "content_forward",
2099 "viewstart", "contents_view", "content_view", "authstart",
2100 "contents_auth", "content_auth", "rpz_tag", "rpz_action_override",
2101 "rpz_cname_override", "rpz_log", "rpz_log_name",
2102 "rpz_signal_nxdomain_ra", "rpzstart", "contents_rpz", "content_rpz",
2103 "server_num_threads", "server_verbosity", "server_statistics_interval",
20312104 "server_statistics_cumulative", "server_extended_statistics",
20322105 "server_shm_enable", "server_shm_key", "server_port",
20332106 "server_send_client_subnet", "server_client_subnet_zone",
20412114 "server_interface_automatic", "server_do_ip4", "server_do_ip6",
20422115 "server_do_udp", "server_do_tcp", "server_prefer_ip4",
20432116 "server_prefer_ip6", "server_tcp_mss", "server_outgoing_tcp_mss",
2044 "server_tcp_idle_timeout", "server_tcp_keepalive",
2045 "server_tcp_keepalive_timeout", "server_tcp_upstream",
2046 "server_udp_upstream_without_downstream", "server_ssl_upstream",
2047 "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port",
2048 "server_tls_cert_bundle", "server_tls_win_cert",
2049 "server_tls_additional_port", "server_tls_ciphers",
2050 "server_tls_ciphersuites", "server_tls_session_ticket_keys",
2051 "server_tls_use_sni", "server_https_port", "server_http_endpoint",
2052 "server_http_max_streams", "server_http_query_buffer_size",
2053 "server_http_response_buffer_size", "server_http_nodelay",
2054 "server_http_notls_downstream", "server_use_systemd",
2055 "server_do_daemonize", "server_use_syslog", "server_log_time_ascii",
2056 "server_log_queries", "server_log_replies", "server_log_tag_queryreply",
2057 "server_log_servfail", "server_log_local_actions", "server_chroot",
2058 "server_username", "server_directory", "server_logfile",
2059 "server_pidfile", "server_root_hints", "server_dlv_anchor_file",
2060 "server_dlv_anchor", "server_auto_trust_anchor_file",
2061 "server_trust_anchor_file", "server_trusted_keys_file",
2062 "server_trust_anchor", "server_trust_anchor_signaling",
2063 "server_root_key_sentinel", "server_domain_insecure",
2064 "server_hide_identity", "server_hide_version", "server_hide_trustanchor",
2065 "server_identity", "server_version", "server_nsid", "server_so_rcvbuf",
2066 "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent",
2067 "server_ip_freebind", "server_ip_dscp", "server_stream_wait_size",
2068 "server_edns_buffer_size", "server_msg_buffer_size",
2069 "server_msg_cache_size", "server_msg_cache_slabs",
2070 "server_num_queries_per_thread", "server_jostle_timeout",
2071 "server_delay_close", "server_udp_connect", "server_unblock_lan_zones",
2072 "server_insecure_lan_zones", "server_rrset_cache_size",
2073 "server_rrset_cache_slabs", "server_infra_host_ttl",
2074 "server_infra_lame_ttl", "server_infra_cache_numhosts",
2075 "server_infra_cache_lame_size", "server_infra_cache_slabs",
2076 "server_infra_cache_min_rtt", "server_infra_keep_probing",
2077 "server_target_fetch_policy", "server_harden_short_bufsize",
2078 "server_harden_large_queries", "server_harden_glue",
2079 "server_harden_dnssec_stripped", "server_harden_below_nxdomain",
2080 "server_harden_referral_path", "server_harden_algo_downgrade",
2081 "server_use_caps_for_id", "server_caps_whitelist",
2082 "server_private_address", "server_private_domain", "server_prefetch",
2083 "server_prefetch_key", "server_deny_any",
2084 "server_unwanted_reply_threshold", "server_do_not_query_address",
2085 "server_do_not_query_localhost", "server_access_control",
2086 "server_module_conf", "server_val_override_date",
2087 "server_val_sig_skew_min", "server_val_sig_skew_max",
2117 "server_tcp_idle_timeout", "server_max_reuse_tcp_queries",
2118 "server_tcp_reuse_timeout", "server_tcp_auth_query_timeout",
2119 "server_tcp_keepalive", "server_tcp_keepalive_timeout",
2120 "server_tcp_upstream", "server_udp_upstream_without_downstream",
2121 "server_ssl_upstream", "server_ssl_service_key",
2122 "server_ssl_service_pem", "server_ssl_port", "server_tls_cert_bundle",
2123 "server_tls_win_cert", "server_tls_additional_port",
2124 "server_tls_ciphers", "server_tls_ciphersuites",
2125 "server_tls_session_ticket_keys", "server_tls_use_sni",
2126 "server_https_port", "server_http_endpoint", "server_http_max_streams",
2127 "server_http_query_buffer_size", "server_http_response_buffer_size",
2128 "server_http_nodelay", "server_http_notls_downstream",
2129 "server_use_systemd", "server_do_daemonize", "server_use_syslog",
2130 "server_log_time_ascii", "server_log_queries", "server_log_replies",
2131 "server_log_tag_queryreply", "server_log_servfail",
2132 "server_log_local_actions", "server_chroot", "server_username",
2133 "server_directory", "server_logfile", "server_pidfile",
2134 "server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor",
2135 "server_auto_trust_anchor_file", "server_trust_anchor_file",
2136 "server_trusted_keys_file", "server_trust_anchor",
2137 "server_trust_anchor_signaling", "server_root_key_sentinel",
2138 "server_domain_insecure", "server_hide_identity", "server_hide_version",
2139 "server_hide_trustanchor", "server_hide_http_user_agent",
2140 "server_identity", "server_version", "server_http_user_agent",
2141 "server_nsid", "server_so_rcvbuf", "server_so_sndbuf",
2142 "server_so_reuseport", "server_ip_transparent", "server_ip_freebind",
2143 "server_ip_dscp", "server_stream_wait_size", "server_edns_buffer_size",
2144 "server_msg_buffer_size", "server_msg_cache_size",
2145 "server_msg_cache_slabs", "server_num_queries_per_thread",
2146 "server_jostle_timeout", "server_delay_close", "server_udp_connect",
2147 "server_unblock_lan_zones", "server_insecure_lan_zones",
2148 "server_rrset_cache_size", "server_rrset_cache_slabs",
2149 "server_infra_host_ttl", "server_infra_lame_ttl",
2150 "server_infra_cache_numhosts", "server_infra_cache_lame_size",
2151 "server_infra_cache_slabs", "server_infra_cache_min_rtt",
2152 "server_infra_keep_probing", "server_target_fetch_policy",
2153 "server_harden_short_bufsize", "server_harden_large_queries",
2154 "server_harden_glue", "server_harden_dnssec_stripped",
2155 "server_harden_below_nxdomain", "server_harden_referral_path",
2156 "server_harden_algo_downgrade", "server_use_caps_for_id",
2157 "server_caps_whitelist", "server_private_address",
2158 "server_private_domain", "server_prefetch", "server_prefetch_key",
2159 "server_deny_any", "server_unwanted_reply_threshold",
2160 "server_do_not_query_address", "server_do_not_query_localhost",
2161 "server_access_control", "server_module_conf",
2162 "server_val_override_date", "server_val_sig_skew_min",
2163 "server_val_sig_skew_max", "server_val_max_restart",
20882164 "server_cache_max_ttl", "server_cache_max_negative_ttl",
20892165 "server_cache_min_ttl", "server_bogus_ttl",
20902166 "server_val_clean_additional", "server_val_permissive_mode",
20932169 "server_serve_expired_ttl_reset", "server_serve_expired_reply_ttl",
20942170 "server_serve_expired_client_timeout", "server_serve_original_ttl",
20952171 "server_fake_dsa", "server_fake_sha1", "server_val_log_level",
2096 "server_val_nsec3_keysize_iterations", "server_add_holddown",
2097 "server_del_holddown", "server_keep_missing",
2172 "server_val_nsec3_keysize_iterations", "server_zonemd_permissive_mode",
2173 "server_add_holddown", "server_del_holddown", "server_keep_missing",
20982174 "server_permit_small_holddown", "server_key_cache_size",
20992175 "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone",
21002176 "server_local_data", "server_local_data_ptr", "server_minimal_responses",
21082184 "server_ratelimit_size", "server_ip_ratelimit_slabs",
21092185 "server_ratelimit_slabs", "server_ratelimit_for_domain",
21102186 "server_ratelimit_below_domain", "server_ip_ratelimit_factor",
2111 "server_ratelimit_factor", "server_low_rtt", "server_fast_server_num",
2112 "server_fast_server_permil", "server_qname_minimisation",
2113 "server_qname_minimisation_strict", "server_pad_responses",
2114 "server_pad_responses_block_size", "server_pad_queries",
2115 "server_pad_queries_block_size", "server_ipsecmod_enabled",
2116 "server_ipsecmod_ignore_bogus", "server_ipsecmod_hook",
2117 "server_ipsecmod_max_ttl", "server_ipsecmod_whitelist",
2118 "server_ipsecmod_strict", "server_edns_client_string",
2119 "server_edns_client_string_opcode", "stub_name", "stub_host",
2120 "stub_addr", "stub_first", "stub_no_cache", "stub_ssl_upstream",
2121 "stub_prime", "forward_name", "forward_host", "forward_addr",
2122 "forward_first", "forward_no_cache", "forward_ssl_upstream", "auth_name",
2187 "server_ratelimit_factor", "server_ip_ratelimit_backoff",
2188 "server_ratelimit_backoff", "server_outbound_msg_retry",
2189 "server_low_rtt", "server_fast_server_num", "server_fast_server_permil",
2190 "server_qname_minimisation", "server_qname_minimisation_strict",
2191 "server_pad_responses", "server_pad_responses_block_size",
2192 "server_pad_queries", "server_pad_queries_block_size",
2193 "server_ipsecmod_enabled", "server_ipsecmod_ignore_bogus",
2194 "server_ipsecmod_hook", "server_ipsecmod_max_ttl",
2195 "server_ipsecmod_whitelist", "server_ipsecmod_strict",
2196 "server_edns_client_string", "server_edns_client_string_opcode",
2197 "stub_name", "stub_host", "stub_addr", "stub_first", "stub_no_cache",
2198 "stub_ssl_upstream", "stub_tcp_upstream", "stub_prime", "forward_name",
2199 "forward_host", "forward_addr", "forward_first", "forward_no_cache",
2200 "forward_ssl_upstream", "forward_tcp_upstream", "auth_name",
21232201 "auth_zonefile", "auth_master", "auth_url", "auth_allow_notify",
2124 "auth_for_downstream", "auth_for_upstream", "auth_fallback_enabled",
2125 "view_name", "view_local_zone", "view_response_ip",
2126 "view_response_ip_data", "view_local_data", "view_local_data_ptr",
2127 "view_first", "rcstart", "contents_rc", "content_rc",
2128 "rc_control_enable", "rc_control_port", "rc_control_interface",
2129 "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file",
2130 "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt",
2131 "content_dt", "dt_dnstap_enable", "dt_dnstap_bidirectional",
2132 "dt_dnstap_socket_path", "dt_dnstap_ip", "dt_dnstap_tls",
2133 "dt_dnstap_tls_server_name", "dt_dnstap_tls_cert_bundle",
2134 "dt_dnstap_tls_client_key_file", "dt_dnstap_tls_client_cert_file",
2135 "dt_dnstap_send_identity", "dt_dnstap_send_version",
2136 "dt_dnstap_identity", "dt_dnstap_version",
2202 "auth_zonemd_check", "auth_zonemd_reject_absence", "auth_for_downstream",
2203 "auth_for_upstream", "auth_fallback_enabled", "view_name",
2204 "view_local_zone", "view_response_ip", "view_response_ip_data",
2205 "view_local_data", "view_local_data_ptr", "view_first", "rcstart",
2206 "contents_rc", "content_rc", "rc_control_enable", "rc_control_port",
2207 "rc_control_interface", "rc_control_use_cert", "rc_server_key_file",
2208 "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file",
2209 "dtstart", "contents_dt", "content_dt", "dt_dnstap_enable",
2210 "dt_dnstap_bidirectional", "dt_dnstap_socket_path", "dt_dnstap_ip",
2211 "dt_dnstap_tls", "dt_dnstap_tls_server_name",
2212 "dt_dnstap_tls_cert_bundle", "dt_dnstap_tls_client_key_file",
2213 "dt_dnstap_tls_client_cert_file", "dt_dnstap_send_identity",
2214 "dt_dnstap_send_version", "dt_dnstap_identity", "dt_dnstap_version",
21372215 "dt_dnstap_log_resolver_query_messages",
21382216 "dt_dnstap_log_resolver_response_messages",
21392217 "dt_dnstap_log_client_query_messages",
21982276 525, 526, 527, 528, 529, 530, 531, 532, 533, 534,
21992277 535, 536, 537, 538, 539, 540, 541, 542, 543, 544,
22002278 545, 546, 547, 548, 549, 550, 551, 552, 553, 554,
2201 555, 556, 557, 558, 559, 560, 561, 562, 563
2279 555, 556, 557, 558, 559, 560, 561, 562, 563, 564,
2280 565, 566, 567, 568, 569, 570, 571, 572, 573, 574,
2281 575, 576, 577, 578
22022282 };
22032283 #endif
22042284
2205 #define YYPACT_NINF (-296)
2285 #define YYPACT_NINF (-310)
22062286
22072287 #define yypact_value_is_default(Yyn) \
22082288 ((Yyn) == YYPACT_NINF)
22162296 STATE-NUM. */
22172297 static const yytype_int16 yypact[] =
22182298 {
2219 -296, 0, -296, -296, -296, -296, -296, -296, -296, -296,
2220 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2221 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2222 -296, -296, 292, -42, -38, -43, -21, -44, -11, -96,
2223 -109, -295, -216, -245, -287, 3, 4, 13, 25, 26,
2224 27, 30, 31, 32, 33, 34, 35, 37, 38, 39,
2225 40, 41, 43, 44, 45, 46, 47, 48, 49, 50,
2226 51, 52, 54, 55, 84, 85, 88, 89, 91, 93,
2227 94, 95, 96, 98, 99, 100, 101, 103, 104, 105,
2228 106, 107, 108, 109, 110, 111, 112, 113, 114, 115,
2229 116, 117, 118, 119, 120, 121, 122, 123, 124, 125,
2230 126, 127, 128, 129, 132, 133, 134, 135, 136, 137,
2231 138, 139, 140, 141, 142, 143, 144, 145, 146, 147,
2232 148, 149, 150, 151, 153, 154, 155, 156, 157, 158,
2233 159, 160, 161, 162, 163, 164, 165, 166, 167, 168,
2234 169, 171, 172, 173, 174, 175, 176, 177, 178, 179,
2235 180, 181, 182, 183, 184, 185, 186, 187, 188, 189,
2236 190, 191, 192, 193, 194, 195, 196, 197, 198, 199,
2237 200, 201, 202, 203, 204, 205, 206, 207, 208, 209,
2238 210, 212, 213, 214, 215, 216, 220, 221, 222, 223,
2239 224, 225, 226, 228, 229, 231, 232, 234, 235, 237,
2240 239, 252, 253, 254, 255, 256, 257, 258, 259, 261,
2241 262, 263, 264, 265, 266, 267, 268, 269, 270, 271,
2242 272, 273, 274, 275, 276, 277, 278, 279, 280, 281,
2243 282, 283, 285, 286, 287, 289, 290, 291, 293, 327,
2244 328, 329, 330, 334, 335, 336, -296, -296, -296, -296,
2245 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2246 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2247 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2248 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2249 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2250 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2251 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2252 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2253 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2254 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2255 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2256 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2257 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2258 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2259 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2260 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2261 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2262 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2263 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2264 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2265 -296, -296, -296, -296, -296, -296, -296, -296, 378, 379,
2266 380, 381, 382, 383, 384, -296, -296, -296, -296, -296,
2267 -296, -296, -296, 385, 386, 390, 394, 395, 420, -296,
2268 -296, -296, -296, -296, -296, -296, 421, 422, 431, 444,
2269 445, 446, 447, -296, -296, -296, -296, -296, -296, -296,
2270 -296, 448, 449, 450, 451, 452, 453, 454, 455, -296,
2271 -296, -296, -296, -296, -296, -296, -296, -296, 456, 457,
2272 458, 459, 460, -296, -296, -296, -296, -296, -296, -296,
2273 -296, -296, -296, -296, 461, 462, 463, 503, 505, 522,
2274 523, 524, -296, -296, -296, -296, -296, -296, -296, -296,
2275 -296, 525, 526, 527, 528, 529, 530, 531, 532, 543,
2276 544, 545, 546, 547, 548, 549, 551, 552, 553, 554,
2277 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2278 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2279 555, -296, -296, 556, -296, -296, 557, 560, 563, 566,
2280 567, 576, 577, 578, 580, 581, -296, -296, -296, -296,
2281 -296, -296, -296, -296, -296, -296, -296, 582, 583, 584,
2282 585, 586, 587, -296, -296, -296, -296, -296, -296, -296,
2283 591, 592, -296, -296, -296, -296, -296, -296, -296, -296,
2284 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2285 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2286 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2287 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2288 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2289 -296, -296, -296, -296, -296, 593, 594, -296, -296, -296,
2290 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2291 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2292 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2293 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2294 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2295 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2296 -296, 595, 596, 597, -296, -296, -296, -296, -296, -296,
2297 -296, -296, -296, -296, 598, 599, -296, -296, -296, -296,
2298 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2299 -296, -296, -296, -296, -296, 600, 601, 602, 603, 604,
2300 605, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2301 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2302 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2303 -296, -296, -296, 606, -296, -296, -296, -296, -296, -296,
2304 -296, -296, -296, 607, -296, -296, -296, -296, -296, -296,
2305 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2306 608, -296, -296, 609, 610, -296, -296, -296, -296, -296,
2307 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2308 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2309 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2310 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2311 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2312 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2313 -296, -296, -296, -296, -296, 611, 612, 613, -296, -296,
2314 -296, -296, -296, -296, -296, -296, -296
2299 -310, 0, -310, -310, -310, -310, -310, -310, -310, -310,
2300 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2301 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2302 -310, -310, 303, -39, -32, -43, -30, -44, -42, -97,
2303 -110, -309, -229, -233, -303, 4, 6, 7, 8, 9,
2304 10, 23, 24, 25, 26, 27, 37, 38, 39, 40,
2305 41, 43, 44, 53, 54, 56, 57, 58, 59, 60,
2306 81, 82, 83, 84, 85, 87, 88, 89, 90, 91,
2307 92, 93, 95, 96, 98, 99, 101, 103, 107, 108,
2308 109, 110, 111, 112, 113, 114, 115, 116, 117, 118,
2309 119, 120, 121, 122, 123, 124, 125, 126, 127, 128,
2310 129, 130, 131, 132, 133, 134, 135, 138, 139, 140,
2311 141, 142, 143, 144, 145, 146, 147, 148, 149, 150,
2312 151, 152, 153, 154, 155, 156, 157, 159, 160, 161,
2313 162, 163, 164, 165, 166, 167, 168, 169, 170, 171,
2314 172, 173, 174, 175, 176, 177, 178, 180, 181, 182,
2315 183, 184, 185, 186, 187, 188, 189, 190, 191, 192,
2316 193, 194, 195, 196, 197, 198, 199, 200, 201, 202,
2317 203, 204, 205, 206, 207, 208, 209, 210, 211, 212,
2318 213, 214, 215, 216, 217, 218, 219, 221, 222, 223,
2319 224, 225, 226, 227, 232, 233, 234, 235, 236, 237,
2320 239, 248, 249, 250, 251, 254, 255, 261, 263, 264,
2321 265, 266, 267, 268, 270, 272, 273, 274, 275, 276,
2322 277, 278, 279, 280, 283, 284, 285, 286, 287, 288,
2323 289, 290, 291, 292, 293, 294, 296, 297, 298, 300,
2324 301, 302, 304, 338, 339, 340, 341, 345, 346, 347,
2325 389, 390, 391, 392, 393, 394, -310, -310, -310, -310,
2326 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2327 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2328 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2329 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2330 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2331 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2332 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2333 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2334 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2335 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2336 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2337 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2338 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2339 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2340 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2341 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2342 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2343 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2344 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2345 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2346 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2347 -310, -310, -310, -310, -310, -310, -310, -310, 395, 396,
2348 397, 403, 407, 408, 435, 436, -310, -310, -310, -310,
2349 -310, -310, -310, -310, -310, 437, 439, 440, 448, 461,
2350 462, 463, -310, -310, -310, -310, -310, -310, -310, -310,
2351 464, 465, 466, 467, 468, 469, 470, -310, -310, -310,
2352 -310, -310, -310, -310, -310, 471, 472, 473, 474, 475,
2353 476, 477, 478, 479, 480, -310, -310, -310, -310, -310,
2354 -310, -310, -310, -310, -310, -310, 523, 525, 544, 545,
2355 546, 547, -310, -310, -310, -310, -310, -310, -310, -310,
2356 -310, -310, -310, -310, -310, 548, 549, 550, 551, 552,
2357 553, 554, 565, -310, -310, -310, -310, -310, -310, -310,
2358 -310, -310, 566, 567, 568, 569, 570, 571, 573, 574,
2359 575, 576, 577, 578, 579, 582, 585, 588, 589, 598,
2360 599, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2361 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2362 -310, 600, -310, -310, 602, -310, -310, 603, 604, 605,
2363 606, 607, 608, 609, 614, 615, 616, -310, -310, -310,
2364 -310, -310, -310, -310, -310, -310, -310, -310, 617, 618,
2365 619, 620, 621, 622, -310, -310, -310, -310, -310, -310,
2366 -310, 623, 624, -310, -310, -310, -310, -310, -310, -310,
2367 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2368 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2369 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2370 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2371 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2372 -310, -310, -310, -310, -310, -310, 625, 626, -310, -310,
2373 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2374 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2375 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2376 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2377 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2378 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2379 -310, -310, -310, -310, -310, -310, 627, 628, 629, -310,
2380 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2381 630, 631, -310, -310, -310, -310, -310, -310, -310, -310,
2382 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2383 -310, -310, -310, 632, 633, 634, 635, 636, 637, -310,
2384 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2385 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2386 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2387 -310, -310, -310, 638, -310, -310, -310, -310, -310, -310,
2388 -310, -310, -310, 639, -310, -310, -310, -310, -310, -310,
2389 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2390 -310, -310, -310, 640, -310, -310, 641, 642, -310, -310,
2391 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2392 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2393 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2394 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2395 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2396 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2397 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2398 -310, 643, 644, 645, -310, -310, -310, -310, -310, -310,
2399 -310, -310, -310
23152400 };
23162401
23172402 /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
23192404 means the default is an error. */
23202405 static const yytype_int16 yydefact[] =
23212406 {
2322 2, 0, 1, 18, 19, 233, 243, 525, 585, 544,
2323 252, 599, 622, 262, 638, 278, 590, 3, 17, 21,
2324 235, 245, 254, 264, 280, 527, 546, 587, 592, 601,
2325 624, 640, 4, 5, 6, 10, 14, 15, 8, 9,
2407 2, 0, 1, 18, 19, 243, 254, 556, 616, 575,
2408 264, 630, 653, 274, 669, 293, 621, 3, 17, 21,
2409 245, 256, 266, 276, 295, 558, 577, 618, 623, 632,
2410 655, 671, 4, 5, 6, 10, 14, 15, 8, 9,
23262411 7, 16, 11, 12, 13, 0, 0, 0, 0, 0,
23272412 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
23282413 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
23442429 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
23452430 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
23462431 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2347 0, 0, 0, 0, 0, 0, 20, 22, 23, 86,
2348 89, 98, 200, 201, 24, 160, 161, 162, 163, 164,
2349 165, 166, 167, 168, 169, 37, 77, 25, 90, 91,
2350 48, 70, 85, 26, 27, 30, 31, 28, 29, 32,
2351 33, 34, 35, 36, 121, 212, 122, 124, 125, 126,
2352 214, 219, 215, 226, 227, 228, 229, 127, 128, 129,
2353 130, 131, 132, 133, 196, 87, 76, 102, 119, 120,
2354 224, 221, 123, 38, 39, 40, 41, 42, 78, 92,
2355 93, 108, 64, 74, 65, 204, 205, 103, 58, 59,
2356 203, 60, 61, 232, 112, 116, 137, 147, 174, 150,
2357 225, 113, 71, 43, 44, 45, 100, 138, 139, 140,
2358 141, 46, 47, 49, 50, 52, 53, 51, 145, 151,
2359 54, 55, 56, 62, 81, 117, 95, 146, 88, 170,
2360 96, 97, 114, 115, 222, 101, 57, 79, 82, 63,
2361 66, 104, 105, 80, 171, 106, 67, 68, 69, 213,
2362 118, 188, 189, 190, 191, 192, 193, 194, 202, 107,
2363 75, 109, 110, 111, 172, 72, 73, 94, 83, 84,
2364 99, 134, 135, 223, 136, 142, 143, 144, 175, 176,
2365 178, 180, 181, 179, 182, 197, 148, 149, 154, 155,
2366 152, 153, 156, 157, 159, 158, 216, 218, 217, 173,
2367 183, 184, 185, 186, 187, 206, 208, 207, 209, 210,
2368 211, 230, 231, 177, 195, 198, 199, 220, 0, 0,
2369 0, 0, 0, 0, 0, 234, 236, 237, 238, 240,
2370 241, 242, 239, 0, 0, 0, 0, 0, 0, 244,
2371 246, 247, 248, 249, 250, 251, 0, 0, 0, 0,
2372 0, 0, 0, 253, 255, 256, 259, 260, 257, 261,
2373 258, 0, 0, 0, 0, 0, 0, 0, 0, 263,
2374 265, 266, 267, 268, 272, 269, 270, 271, 0, 0,
2375 0, 0, 0, 283, 287, 288, 289, 290, 279, 281,
2376 282, 284, 285, 286, 0, 0, 0, 0, 0, 0,
2377 0, 0, 526, 528, 530, 529, 535, 531, 532, 533,
2378 534, 0, 0, 0, 0, 0, 0, 0, 0, 0,
23792432 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2380 545, 547, 549, 548, 550, 551, 552, 553, 554, 555,
2381 556, 557, 558, 559, 560, 561, 562, 563, 564, 565,
2382 0, 586, 588, 0, 591, 593, 0, 0, 0, 0,
2383 0, 0, 0, 0, 0, 0, 600, 602, 603, 604,
2384 606, 607, 605, 608, 609, 610, 611, 0, 0, 0,
2385 0, 0, 0, 623, 625, 626, 627, 628, 629, 630,
2386 0, 0, 639, 641, 642, 292, 291, 298, 311, 309,
2387 321, 317, 318, 322, 319, 320, 323, 324, 325, 326,
2388 327, 357, 358, 359, 360, 361, 387, 388, 389, 395,
2389 396, 314, 397, 398, 401, 399, 400, 404, 405, 406,
2390 420, 372, 373, 375, 376, 407, 423, 366, 368, 424,
2391 430, 431, 432, 315, 386, 449, 450, 367, 444, 350,
2392 310, 362, 421, 427, 408, 0, 0, 453, 316, 293,
2393 349, 412, 294, 312, 313, 363, 364, 451, 410, 414,
2394 415, 295, 454, 390, 419, 351, 371, 425, 426, 429,
2395 443, 365, 447, 445, 446, 378, 385, 416, 417, 379,
2396 380, 409, 434, 352, 353, 356, 328, 330, 331, 332,
2397 333, 334, 341, 342, 343, 344, 345, 346, 347, 455,
2398 456, 458, 391, 392, 393, 394, 402, 403, 459, 460,
2399 461, 0, 0, 0, 411, 381, 383, 595, 470, 474,
2400 472, 471, 475, 473, 0, 0, 478, 479, 299, 300,
2401 301, 302, 303, 304, 305, 306, 307, 308, 413, 428,
2402 448, 483, 484, 382, 462, 0, 0, 0, 0, 0,
2403 0, 435, 436, 437, 438, 439, 440, 441, 442, 596,
2404 374, 369, 433, 348, 296, 297, 370, 485, 486, 487,
2405 488, 489, 491, 490, 492, 493, 494, 329, 336, 480,
2406 482, 481, 335, 0, 355, 418, 457, 354, 384, 337,
2407 338, 340, 339, 0, 496, 377, 497, 498, 499, 503,
2408 502, 500, 501, 504, 505, 506, 507, 509, 508, 518,
2409 0, 522, 523, 0, 0, 524, 510, 516, 511, 512,
2410 513, 515, 517, 514, 273, 274, 275, 276, 277, 536,
2411 538, 537, 540, 541, 542, 543, 539, 566, 568, 569,
2412 570, 571, 572, 573, 574, 575, 576, 567, 577, 578,
2413 579, 580, 581, 582, 583, 584, 589, 594, 612, 613,
2414 614, 617, 615, 616, 618, 619, 620, 621, 631, 632,
2415 633, 634, 635, 636, 643, 644, 422, 452, 469, 597,
2416 598, 476, 477, 463, 464, 0, 0, 0, 468, 637,
2417 495, 519, 520, 521, 467, 465, 466
2433 0, 0, 0, 0, 0, 0, 20, 22, 23, 88,
2434 91, 100, 206, 207, 24, 166, 167, 168, 169, 170,
2435 171, 172, 173, 174, 175, 37, 79, 25, 92, 93,
2436 48, 72, 87, 26, 27, 30, 31, 28, 29, 32,
2437 33, 34, 240, 241, 242, 35, 36, 124, 218, 125,
2438 127, 128, 129, 220, 225, 221, 232, 233, 234, 235,
2439 130, 131, 132, 133, 134, 135, 136, 202, 89, 78,
2440 104, 122, 123, 230, 227, 126, 38, 39, 40, 41,
2441 42, 80, 94, 95, 111, 66, 76, 67, 210, 211,
2442 105, 58, 59, 209, 62, 60, 61, 63, 238, 115,
2443 119, 140, 150, 180, 153, 231, 116, 73, 43, 44,
2444 45, 102, 141, 142, 143, 144, 46, 47, 49, 50,
2445 52, 53, 51, 148, 154, 54, 55, 56, 64, 83,
2446 120, 97, 149, 90, 176, 98, 99, 117, 118, 228,
2447 103, 57, 81, 84, 65, 68, 106, 107, 108, 82,
2448 177, 109, 69, 70, 71, 219, 121, 194, 195, 196,
2449 197, 198, 199, 200, 208, 110, 77, 239, 112, 113,
2450 114, 178, 74, 75, 96, 85, 86, 101, 137, 138,
2451 229, 139, 145, 146, 147, 181, 182, 184, 186, 187,
2452 185, 188, 203, 151, 152, 157, 158, 155, 156, 159,
2453 160, 162, 161, 164, 163, 165, 222, 224, 223, 179,
2454 189, 190, 191, 192, 193, 212, 214, 213, 215, 216,
2455 217, 236, 237, 183, 201, 204, 205, 226, 0, 0,
2456 0, 0, 0, 0, 0, 0, 244, 246, 247, 248,
2457 250, 251, 252, 253, 249, 0, 0, 0, 0, 0,
2458 0, 0, 255, 257, 258, 259, 260, 261, 262, 263,
2459 0, 0, 0, 0, 0, 0, 0, 265, 267, 268,
2460 271, 272, 269, 273, 270, 0, 0, 0, 0, 0,
2461 0, 0, 0, 0, 0, 275, 277, 278, 279, 280,
2462 284, 285, 286, 281, 282, 283, 0, 0, 0, 0,
2463 0, 0, 298, 302, 303, 304, 305, 306, 294, 296,
2464 297, 299, 300, 301, 307, 0, 0, 0, 0, 0,
2465 0, 0, 0, 557, 559, 561, 560, 566, 562, 563,
2466 564, 565, 0, 0, 0, 0, 0, 0, 0, 0,
2467 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2468 0, 576, 578, 580, 579, 581, 582, 583, 584, 585,
2469 586, 587, 588, 589, 590, 591, 592, 593, 594, 595,
2470 596, 0, 617, 619, 0, 622, 624, 0, 0, 0,
2471 0, 0, 0, 0, 0, 0, 0, 631, 633, 634,
2472 635, 637, 638, 636, 639, 640, 641, 642, 0, 0,
2473 0, 0, 0, 0, 654, 656, 657, 658, 659, 660,
2474 661, 0, 0, 670, 672, 673, 309, 308, 315, 328,
2475 326, 338, 334, 335, 339, 336, 337, 340, 341, 342,
2476 346, 347, 377, 378, 379, 380, 381, 409, 410, 411,
2477 417, 418, 331, 419, 420, 423, 421, 422, 426, 427,
2478 428, 442, 392, 393, 396, 397, 429, 445, 386, 388,
2479 446, 453, 454, 455, 332, 408, 473, 474, 387, 467,
2480 370, 327, 382, 443, 450, 430, 0, 0, 477, 333,
2481 310, 369, 434, 311, 329, 330, 383, 384, 475, 432,
2482 436, 437, 344, 343, 312, 478, 412, 441, 371, 391,
2483 447, 448, 449, 452, 466, 385, 471, 469, 470, 400,
2484 407, 438, 439, 401, 402, 431, 457, 372, 373, 376,
2485 348, 350, 345, 351, 352, 353, 354, 361, 362, 363,
2486 364, 365, 366, 367, 479, 480, 482, 413, 414, 415,
2487 416, 424, 425, 483, 484, 485, 0, 0, 0, 433,
2488 403, 405, 626, 494, 498, 496, 495, 499, 497, 506,
2489 0, 0, 502, 503, 504, 505, 316, 317, 318, 319,
2490 320, 321, 322, 323, 324, 325, 435, 451, 472, 510,
2491 511, 404, 486, 0, 0, 0, 0, 0, 0, 458,
2492 459, 460, 461, 462, 463, 464, 465, 627, 394, 395,
2493 398, 389, 456, 368, 313, 314, 390, 512, 513, 514,
2494 515, 516, 518, 517, 519, 520, 521, 349, 356, 507,
2495 509, 508, 355, 0, 375, 440, 481, 374, 406, 357,
2496 358, 360, 359, 0, 523, 399, 468, 524, 525, 526,
2497 531, 529, 530, 527, 528, 532, 533, 534, 535, 537,
2498 538, 536, 549, 0, 553, 554, 0, 0, 555, 539,
2499 547, 540, 541, 542, 546, 548, 543, 544, 545, 287,
2500 288, 289, 290, 291, 292, 567, 569, 568, 571, 572,
2501 573, 574, 570, 597, 599, 600, 601, 602, 603, 604,
2502 605, 606, 607, 598, 608, 609, 610, 611, 612, 613,
2503 614, 615, 620, 625, 643, 644, 645, 648, 646, 647,
2504 649, 650, 651, 652, 662, 663, 664, 665, 666, 667,
2505 674, 675, 444, 476, 493, 628, 629, 500, 501, 487,
2506 488, 0, 0, 0, 492, 668, 522, 550, 551, 552,
2507 491, 489, 490
24182508 };
24192509
24202510 /* YYPGOTO[NTERM-NUM]. */
24212511 static const yytype_int16 yypgoto[] =
24222512 {
2423 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2424 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2425 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2426 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2427 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2428 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2429 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2430 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2431 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2432 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2433 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2434 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2435 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2436 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2437 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2438 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2439 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2440 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2441 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2442 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2443 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2444 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2445 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2446 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2447 -296, -296, -296, -296, -296, -296, 588, 589, 590, 614,
2448 615, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2449 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2450 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2451 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2452 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2453 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2454 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2455 -296, -296, -296, -296, -296, -296, -296, -296, -296, -296,
2456 -296, -296, -296, -296
2513 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2514 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2515 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2516 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2517 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2518 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2519 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2520 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2521 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2522 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2523 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2524 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2525 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2526 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2527 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2528 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2529 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2530 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2531 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2532 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2533 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2534 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2535 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2536 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2537 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2538 -310, -310, -310, -310, -310, -310, -310, -310, -310, -27,
2539 646, 647, 648, 649, -310, -310, 650, -310, -310, -310,
2540 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2541 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2542 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2543 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2544 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2545 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2546 -310, -310, -310, -310, -310, -310, -310, -310, -310, -310,
2547 -310, -310, -310, -310, -310, -310, -310, -310, -310
24572548 };
24582549
24592550 /* YYDEFGOTO[NTERM-NUM]. */
24602551 static const yytype_int16 yydefgoto[] =
24612552 {
2462 -1, 1, 17, 18, 19, 32, 256, 20, 33, 475,
2463 21, 34, 489, 22, 35, 503, 23, 36, 519, 533,
2464 534, 535, 536, 537, 24, 37, 538, 257, 258, 259,
2465 260, 261, 262, 263, 264, 265, 266, 267, 268, 269,
2466 270, 271, 272, 273, 274, 275, 276, 277, 278, 279,
2467 280, 281, 282, 283, 284, 285, 286, 287, 288, 289,
2468 290, 291, 292, 293, 294, 295, 296, 297, 298, 299,
2469 300, 301, 302, 303, 304, 305, 306, 307, 308, 309,
2470 310, 311, 312, 313, 314, 315, 316, 317, 318, 319,
2471 320, 321, 322, 323, 324, 325, 326, 327, 328, 329,
2472 330, 331, 332, 333, 334, 335, 336, 337, 338, 339,
2473 340, 341, 342, 343, 344, 345, 346, 347, 348, 349,
2474 350, 351, 352, 353, 354, 355, 356, 357, 358, 359,
2475 360, 361, 362, 363, 364, 365, 366, 367, 368, 369,
2476 370, 371, 372, 373, 374, 375, 376, 377, 378, 379,
2477 380, 381, 382, 383, 384, 385, 386, 387, 388, 389,
2478 390, 391, 392, 393, 394, 395, 396, 397, 398, 399,
2479 400, 401, 402, 403, 404, 405, 406, 407, 408, 409,
2480 410, 411, 412, 413, 414, 415, 416, 417, 418, 419,
2481 420, 421, 422, 423, 424, 425, 426, 427, 428, 429,
2482 430, 431, 432, 433, 434, 435, 436, 437, 438, 439,
2483 440, 441, 442, 443, 444, 445, 446, 447, 448, 449,
2484 450, 451, 452, 453, 454, 455, 456, 457, 458, 459,
2485 460, 461, 462, 476, 477, 478, 479, 480, 481, 482,
2486 490, 491, 492, 493, 494, 495, 520, 521, 522, 523,
2487 524, 525, 526, 527, 504, 505, 506, 507, 508, 509,
2488 510, 25, 38, 552, 553, 554, 555, 556, 557, 558,
2489 559, 560, 26, 39, 580, 581, 582, 583, 584, 585,
2490 586, 587, 588, 589, 590, 591, 592, 593, 594, 595,
2491 596, 597, 598, 599, 27, 40, 601, 602, 28, 41,
2492 604, 605, 463, 464, 465, 466, 29, 42, 616, 617,
2493 618, 619, 620, 621, 622, 623, 624, 625, 626, 30,
2494 43, 633, 634, 635, 636, 637, 638, 639, 467, 31,
2495 44, 642, 643, 644
2496 };
2497
2498 /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If
2499 positive, shift that token. If negative, reduce the rule whose
2500 number is the opposite. If YYTABLE_NINF, syntax error. */
2501 static const yytype_int16 yytable[] =
2502 {
2503 2, 511, 496, 468, 600, 469, 470, 483, 640, 641,
2504 603, 3, 4, 645, 646, 484, 485, 627, 628, 629,
2505 630, 631, 632, 647, 511, 606, 607, 608, 609, 610,
2506 611, 612, 613, 614, 615, 648, 649, 650, 497, 498,
2507 651, 652, 653, 654, 655, 656, 5, 657, 658, 659,
2508 660, 661, 6, 662, 663, 664, 665, 666, 667, 668,
2509 669, 670, 671, 499, 672, 673, 471, 561, 562, 563,
2510 564, 565, 566, 567, 568, 569, 570, 571, 572, 573,
2511 574, 575, 576, 577, 578, 579, 544, 545, 546, 547,
2512 548, 549, 550, 551, 674, 675, 7, 472, 676, 677,
2513 486, 678, 487, 679, 680, 681, 682, 473, 683, 684,
2514 685, 686, 8, 687, 688, 689, 690, 691, 692, 693,
2515 694, 695, 696, 697, 698, 699, 700, 701, 702, 703,
2516 704, 705, 706, 707, 708, 709, 710, 711, 712, 713,
2517 500, 501, 714, 715, 716, 717, 718, 719, 720, 721,
2518 722, 723, 724, 725, 726, 727, 728, 729, 730, 731,
2519 732, 733, 9, 734, 735, 736, 737, 738, 739, 740,
2520 741, 742, 743, 744, 745, 746, 747, 748, 749, 750,
2521 502, 751, 752, 753, 754, 755, 756, 757, 758, 759,
2522 760, 761, 762, 763, 764, 765, 766, 767, 768, 769,
2523 770, 771, 772, 773, 774, 775, 776, 777, 778, 779,
2524 780, 781, 782, 783, 784, 785, 786, 787, 788, 789,
2525 790, 10, 791, 792, 793, 794, 795, 513, 514, 515,
2526 796, 797, 798, 799, 800, 801, 802, 518, 803, 804,
2527 11, 805, 806, 474, 807, 808, 488, 809, 512, 810,
2528 513, 514, 515, 516, 517, 528, 529, 530, 531, 532,
2529 518, 12, 811, 812, 813, 814, 815, 816, 817, 818,
2530 13, 819, 820, 821, 822, 823, 824, 825, 826, 827,
2531 828, 829, 830, 831, 832, 833, 834, 835, 836, 837,
2532 838, 839, 840, 841, 14, 842, 843, 844, 15, 845,
2533 846, 847, 0, 848, 16, 45, 46, 47, 48, 49,
2534 50, 51, 52, 53, 54, 55, 56, 57, 58, 59,
2535 60, 61, 62, 63, 64, 65, 66, 67, 68, 69,
2536 70, 71, 72, 73, 74, 75, 76, 849, 850, 851,
2537 852, 77, 78, 79, 853, 854, 855, 80, 81, 82,
2538 83, 84, 85, 86, 87, 88, 89, 90, 91, 92,
2539 93, 94, 95, 96, 97, 98, 99, 100, 101, 102,
2540 103, 104, 105, 106, 107, 108, 109, 110, 111, 112,
2541 113, 114, 115, 116, 117, 118, 119, 120, 856, 857,
2542 858, 859, 860, 861, 862, 863, 864, 121, 122, 123,
2543 865, 124, 125, 126, 866, 867, 127, 128, 129, 130,
2544 131, 132, 133, 134, 135, 136, 137, 138, 139, 140,
2545 141, 142, 143, 144, 145, 146, 147, 148, 149, 150,
2546 868, 869, 870, 151, 152, 153, 154, 155, 156, 157,
2547 158, 871, 159, 160, 161, 162, 163, 164, 165, 166,
2548 167, 168, 169, 170, 872, 873, 874, 875, 876, 877,
2549 878, 879, 880, 881, 882, 883, 884, 885, 886, 887,
2550 888, 889, 890, 891, 171, 172, 173, 174, 175, 176,
2551 177, 178, 179, 180, 181, 182, 183, 184, 185, 186,
2552 187, 188, 189, 190, 191, 192, 193, 194, 195, 196,
2553 197, 198, 199, 200, 201, 202, 203, 204, 205, 206,
2554 207, 208, 209, 892, 210, 893, 211, 212, 213, 214,
2555 215, 216, 217, 218, 219, 220, 221, 222, 223, 224,
2556 225, 226, 894, 895, 896, 897, 898, 899, 900, 901,
2557 902, 903, 904, 227, 228, 229, 230, 231, 232, 233,
2558 234, 235, 236, 905, 906, 907, 908, 909, 910, 911,
2559 237, 912, 913, 914, 915, 916, 917, 918, 238, 239,
2560 919, 240, 241, 920, 242, 243, 921, 922, 244, 245,
2561 246, 247, 248, 249, 250, 251, 923, 924, 925, 252,
2562 926, 927, 928, 929, 930, 931, 932, 933, 253, 254,
2563 255, 934, 935, 936, 937, 938, 939, 940, 941, 942,
2564 943, 944, 945, 946, 947, 948, 949, 950, 951, 952,
2565 953, 954, 955, 956, 0, 539, 540, 541, 0, 0,
2566 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2567 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2568 0, 542, 543
2569 };
2570
2571 static const yytype_int16 yycheck[] =
2572 {
2573 0, 45, 45, 45, 113, 47, 48, 45, 295, 296,
2574 305, 11, 12, 10, 10, 53, 54, 262, 263, 264,
2575 265, 266, 267, 10, 45, 241, 242, 243, 244, 245,
2576 246, 247, 248, 249, 250, 10, 10, 10, 81, 82,
2577 10, 10, 10, 10, 10, 10, 46, 10, 10, 10,
2578 10, 10, 52, 10, 10, 10, 10, 10, 10, 10,
2579 10, 10, 10, 106, 10, 10, 108, 163, 164, 165,
2580 166, 167, 168, 169, 170, 171, 172, 173, 174, 175,
2581 176, 177, 178, 179, 180, 181, 97, 98, 99, 100,
2582 101, 102, 103, 104, 10, 10, 96, 139, 10, 10,
2583 138, 10, 140, 10, 10, 10, 10, 149, 10, 10,
2584 10, 10, 112, 10, 10, 10, 10, 10, 10, 10,
2585 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2586 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2587 183, 184, 10, 10, 10, 10, 10, 10, 10, 10,
2588 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2589 10, 10, 162, 10, 10, 10, 10, 10, 10, 10,
2590 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2591 223, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2592 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2593 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2594 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2595 10, 221, 10, 10, 10, 10, 10, 271, 272, 273,
2596 10, 10, 10, 10, 10, 10, 10, 281, 10, 10,
2597 240, 10, 10, 285, 10, 10, 284, 10, 269, 10,
2598 271, 272, 273, 274, 275, 299, 300, 301, 302, 303,
2599 281, 261, 10, 10, 10, 10, 10, 10, 10, 10,
2600 270, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2601 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2602 10, 10, 10, 10, 294, 10, 10, 10, 298, 10,
2603 10, 10, -1, 10, 304, 13, 14, 15, 16, 17,
2604 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
2605 28, 29, 30, 31, 32, 33, 34, 35, 36, 37,
2606 38, 39, 40, 41, 42, 43, 44, 10, 10, 10,
2607 10, 49, 50, 51, 10, 10, 10, 55, 56, 57,
2608 58, 59, 60, 61, 62, 63, 64, 65, 66, 67,
2609 68, 69, 70, 71, 72, 73, 74, 75, 76, 77,
2610 78, 79, 80, 81, 82, 83, 84, 85, 86, 87,
2611 88, 89, 90, 91, 92, 93, 94, 95, 10, 10,
2612 10, 10, 10, 10, 10, 10, 10, 105, 106, 107,
2613 10, 109, 110, 111, 10, 10, 114, 115, 116, 117,
2614 118, 119, 120, 121, 122, 123, 124, 125, 126, 127,
2615 128, 129, 130, 131, 132, 133, 134, 135, 136, 137,
2616 10, 10, 10, 141, 142, 143, 144, 145, 146, 147,
2617 148, 10, 150, 151, 152, 153, 154, 155, 156, 157,
2618 158, 159, 160, 161, 10, 10, 10, 10, 10, 10,
2619 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2620 10, 10, 10, 10, 182, 183, 184, 185, 186, 187,
2621 188, 189, 190, 191, 192, 193, 194, 195, 196, 197,
2622 198, 199, 200, 201, 202, 203, 204, 205, 206, 207,
2623 208, 209, 210, 211, 212, 213, 214, 215, 216, 217,
2624 218, 219, 220, 10, 222, 10, 224, 225, 226, 227,
2625 228, 229, 230, 231, 232, 233, 234, 235, 236, 237,
2626 238, 239, 10, 10, 10, 10, 10, 10, 10, 10,
2627 10, 10, 10, 251, 252, 253, 254, 255, 256, 257,
2628 258, 259, 260, 10, 10, 10, 10, 10, 10, 10,
2629 268, 10, 10, 10, 10, 10, 10, 10, 276, 277,
2630 10, 279, 280, 10, 282, 283, 10, 10, 286, 287,
2631 288, 289, 290, 291, 292, 293, 10, 10, 10, 297,
2632 10, 10, 10, 10, 10, 10, 10, 10, 306, 307,
2633 308, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2634 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2635 10, 10, 10, 10, -1, 37, 37, 37, -1, -1,
2636 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2637 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2638 -1, 37, 37
2639 };
2640
2641 /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
2642 symbol of state STATE-NUM. */
2643 static const yytype_int16 yystos[] =
2644 {
2645 0, 310, 0, 11, 12, 46, 52, 96, 112, 162,
2646 221, 240, 261, 270, 294, 298, 304, 311, 312, 313,
2647 316, 319, 322, 325, 333, 570, 581, 603, 607, 615,
2648 628, 638, 314, 317, 320, 323, 326, 334, 571, 582,
2649 604, 608, 616, 629, 639, 13, 14, 15, 16, 17,
2650 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
2651 28, 29, 30, 31, 32, 33, 34, 35, 36, 37,
2652 38, 39, 40, 41, 42, 43, 44, 49, 50, 51,
2653 55, 56, 57, 58, 59, 60, 61, 62, 63, 64,
2654 65, 66, 67, 68, 69, 70, 71, 72, 73, 74,
2655 75, 76, 77, 78, 79, 80, 81, 82, 83, 84,
2656 85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
2657 95, 105, 106, 107, 109, 110, 111, 114, 115, 116,
2658 117, 118, 119, 120, 121, 122, 123, 124, 125, 126,
2659 127, 128, 129, 130, 131, 132, 133, 134, 135, 136,
2660 137, 141, 142, 143, 144, 145, 146, 147, 148, 150,
2661 151, 152, 153, 154, 155, 156, 157, 158, 159, 160,
2662 161, 182, 183, 184, 185, 186, 187, 188, 189, 190,
2663 191, 192, 193, 194, 195, 196, 197, 198, 199, 200,
2664 201, 202, 203, 204, 205, 206, 207, 208, 209, 210,
2665 211, 212, 213, 214, 215, 216, 217, 218, 219, 220,
2666 222, 224, 225, 226, 227, 228, 229, 230, 231, 232,
2667 233, 234, 235, 236, 237, 238, 239, 251, 252, 253,
2668 254, 255, 256, 257, 258, 259, 260, 268, 276, 277,
2669 279, 280, 282, 283, 286, 287, 288, 289, 290, 291,
2670 292, 293, 297, 306, 307, 308, 315, 336, 337, 338,
2553 -1, 1, 17, 18, 19, 32, 266, 20, 33, 496,
2554 21, 34, 512, 22, 35, 527, 23, 36, 545, 562,
2555 563, 564, 565, 566, 567, 24, 37, 568, 267, 268,
2556 269, 270, 271, 272, 273, 274, 275, 276, 277, 278,
2557 279, 280, 281, 282, 283, 284, 285, 286, 287, 288,
2558 289, 290, 291, 292, 293, 294, 295, 296, 297, 298,
2559 299, 300, 301, 302, 303, 304, 305, 306, 307, 308,
2560 309, 310, 311, 312, 313, 314, 315, 316, 317, 318,
2561 319, 320, 321, 322, 323, 324, 325, 326, 327, 328,
2562 329, 330, 331, 332, 333, 334, 335, 336, 337, 338,
26712563 339, 340, 341, 342, 343, 344, 345, 346, 347, 348,
26722564 349, 350, 351, 352, 353, 354, 355, 356, 357, 358,
26732565 359, 360, 361, 362, 363, 364, 365, 366, 367, 368,
26822574 449, 450, 451, 452, 453, 454, 455, 456, 457, 458,
26832575 459, 460, 461, 462, 463, 464, 465, 466, 467, 468,
26842576 469, 470, 471, 472, 473, 474, 475, 476, 477, 478,
2685 479, 480, 481, 482, 483, 484, 485, 486, 487, 488,
2686 489, 490, 491, 492, 493, 494, 495, 496, 497, 498,
2687 499, 500, 501, 502, 503, 504, 505, 506, 507, 508,
2688 509, 510, 511, 512, 513, 514, 515, 516, 517, 518,
2689 519, 520, 521, 522, 523, 524, 525, 526, 527, 528,
2690 529, 530, 531, 532, 533, 534, 535, 536, 537, 538,
2691 539, 540, 541, 611, 612, 613, 614, 637, 45, 47,
2692 48, 108, 139, 149, 285, 318, 542, 543, 544, 545,
2693 546, 547, 548, 45, 53, 54, 138, 140, 284, 321,
2694 549, 550, 551, 552, 553, 554, 45, 81, 82, 106,
2695 183, 184, 223, 324, 563, 564, 565, 566, 567, 568,
2696 569, 45, 269, 271, 272, 273, 274, 275, 281, 327,
2697 555, 556, 557, 558, 559, 560, 561, 562, 299, 300,
2698 301, 302, 303, 328, 329, 330, 331, 332, 335, 555,
2699 556, 557, 558, 559, 97, 98, 99, 100, 101, 102,
2700 103, 104, 572, 573, 574, 575, 576, 577, 578, 579,
2701 580, 163, 164, 165, 166, 167, 168, 169, 170, 171,
2702 172, 173, 174, 175, 176, 177, 178, 179, 180, 181,
2703 583, 584, 585, 586, 587, 588, 589, 590, 591, 592,
2704 593, 594, 595, 596, 597, 598, 599, 600, 601, 602,
2705 113, 605, 606, 305, 609, 610, 241, 242, 243, 244,
2706 245, 246, 247, 248, 249, 250, 617, 618, 619, 620,
2707 621, 622, 623, 624, 625, 626, 627, 262, 263, 264,
2708 265, 266, 267, 630, 631, 632, 633, 634, 635, 636,
2709 295, 296, 640, 641, 642, 10, 10, 10, 10, 10,
2577 479, 480, 481, 482, 497, 498, 499, 500, 501, 502,
2578 503, 504, 513, 514, 515, 516, 517, 518, 519, 546,
2579 547, 548, 549, 550, 551, 552, 553, 554, 555, 528,
2580 529, 530, 531, 532, 533, 534, 25, 38, 583, 584,
2581 585, 586, 587, 588, 589, 590, 591, 26, 39, 611,
2582 612, 613, 614, 615, 616, 617, 618, 619, 620, 621,
2583 622, 623, 624, 625, 626, 627, 628, 629, 630, 27,
2584 40, 632, 633, 28, 41, 635, 636, 483, 484, 485,
2585 486, 29, 42, 647, 648, 649, 650, 651, 652, 653,
2586 654, 655, 656, 657, 30, 43, 664, 665, 666, 667,
2587 668, 669, 670, 487, 31, 44, 673, 674, 675
2588 };
2589
2590 /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If
2591 positive, shift that token. If negative, reduce the rule whose
2592 number is the opposite. If YYTABLE_NINF, syntax error. */
2593 static const yytype_int16 yytable[] =
2594 {
2595 2, 535, 520, 671, 672, 631, 488, 634, 489, 490,
2596 569, 3, 4, 505, 676, 535, 677, 678, 679, 680,
2597 681, 506, 507, 637, 638, 639, 640, 641, 642, 643,
2598 644, 645, 646, 682, 683, 684, 685, 686, 521, 522,
2599 658, 659, 660, 661, 662, 663, 5, 687, 688, 689,
2600 690, 691, 6, 692, 693, 575, 576, 577, 578, 579,
2601 580, 581, 582, 694, 695, 523, 696, 697, 698, 699,
2602 700, 491, 592, 593, 594, 595, 596, 597, 598, 599,
2603 600, 601, 602, 603, 604, 605, 606, 607, 608, 609,
2604 610, 701, 702, 703, 704, 705, 7, 706, 707, 708,
2605 709, 710, 711, 712, 492, 713, 714, 493, 715, 716,
2606 508, 717, 509, 718, 8, 510, 494, 719, 720, 721,
2607 722, 723, 724, 725, 726, 727, 728, 729, 730, 731,
2608 732, 733, 734, 735, 736, 737, 738, 739, 740, 741,
2609 742, 743, 744, 745, 746, 747, 524, 525, 748, 749,
2610 750, 751, 752, 753, 754, 755, 756, 757, 758, 759,
2611 760, 761, 762, 763, 764, 765, 766, 767, 9, 768,
2612 769, 770, 771, 772, 773, 774, 775, 776, 777, 778,
2613 779, 780, 781, 782, 783, 784, 785, 786, 787, 526,
2614 788, 789, 790, 791, 792, 793, 794, 795, 796, 797,
2615 798, 799, 800, 801, 802, 803, 804, 805, 806, 807,
2616 808, 809, 810, 811, 812, 813, 814, 815, 816, 817,
2617 818, 819, 820, 821, 822, 823, 824, 825, 826, 827,
2618 10, 828, 829, 830, 831, 832, 833, 834, 537, 538,
2619 539, 540, 835, 836, 837, 838, 839, 840, 542, 841,
2620 536, 11, 537, 538, 539, 540, 541, 495, 842, 843,
2621 844, 845, 542, 511, 846, 847, 556, 557, 558, 559,
2622 560, 848, 12, 849, 850, 851, 852, 853, 854, 561,
2623 855, 13, 856, 857, 858, 859, 860, 861, 862, 863,
2624 864, 543, 544, 865, 866, 867, 868, 869, 870, 871,
2625 872, 873, 874, 875, 876, 14, 877, 878, 879, 15,
2626 880, 881, 882, 0, 883, 16, 45, 46, 47, 48,
2627 49, 50, 51, 52, 53, 54, 55, 56, 57, 58,
2628 59, 60, 61, 62, 63, 64, 65, 66, 67, 68,
2629 69, 70, 71, 72, 73, 74, 75, 76, 884, 885,
2630 886, 887, 77, 78, 79, 888, 889, 890, 80, 81,
2631 82, 83, 84, 85, 86, 87, 88, 89, 90, 91,
2632 92, 93, 94, 95, 96, 97, 98, 99, 100, 101,
2633 102, 103, 104, 105, 106, 107, 108, 109, 110, 111,
2634 112, 113, 114, 115, 116, 117, 118, 119, 120, 891,
2635 892, 893, 894, 895, 896, 897, 898, 899, 121, 122,
2636 123, 124, 125, 900, 126, 127, 128, 901, 902, 129,
2637 130, 131, 132, 133, 134, 135, 136, 137, 138, 139,
2638 140, 141, 142, 143, 144, 145, 146, 147, 148, 149,
2639 150, 151, 152, 153, 154, 903, 904, 905, 155, 906,
2640 907, 156, 157, 158, 159, 160, 161, 162, 908, 163,
2641 164, 165, 166, 167, 168, 169, 170, 171, 172, 173,
2642 174, 909, 910, 911, 912, 913, 914, 915, 916, 917,
2643 918, 919, 920, 921, 922, 923, 924, 925, 926, 927,
2644 928, 175, 176, 177, 178, 179, 180, 181, 182, 183,
2645 184, 185, 186, 187, 188, 189, 190, 191, 192, 193,
2646 194, 195, 196, 197, 198, 199, 200, 201, 202, 203,
2647 204, 205, 206, 207, 208, 209, 210, 211, 212, 213,
2648 214, 215, 216, 929, 217, 930, 218, 219, 220, 221,
2649 222, 223, 224, 225, 226, 227, 228, 229, 230, 231,
2650 232, 233, 234, 235, 931, 932, 933, 934, 935, 936,
2651 937, 938, 939, 940, 941, 236, 237, 238, 239, 240,
2652 241, 242, 243, 244, 245, 942, 943, 944, 945, 946,
2653 947, 948, 246, 949, 950, 951, 952, 953, 954, 955,
2654 247, 248, 956, 249, 250, 957, 251, 252, 958, 959,
2655 253, 254, 255, 256, 257, 258, 259, 260, 960, 961,
2656 962, 261, 963, 964, 965, 966, 967, 968, 969, 970,
2657 262, 263, 264, 265, 971, 972, 973, 974, 975, 976,
2658 977, 978, 979, 980, 981, 982, 983, 984, 985, 986,
2659 987, 988, 989, 990, 991, 992, 993, 994, 995, 996,
2660 997, 998, 999, 1000, 1001, 1002, 0, 0, 0, 0,
2661 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2662 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2663 0, 0, 0, 570, 571, 572, 573, 574
2664 };
2665
2666 static const yytype_int16 yycheck[] =
2667 {
2668 0, 45, 45, 306, 307, 115, 45, 316, 47, 48,
2669 37, 11, 12, 45, 10, 45, 10, 10, 10, 10,
2670 10, 53, 54, 252, 253, 254, 255, 256, 257, 258,
2671 259, 260, 261, 10, 10, 10, 10, 10, 81, 82,
2672 273, 274, 275, 276, 277, 278, 46, 10, 10, 10,
2673 10, 10, 52, 10, 10, 97, 98, 99, 100, 101,
2674 102, 103, 104, 10, 10, 108, 10, 10, 10, 10,
2675 10, 110, 169, 170, 171, 172, 173, 174, 175, 176,
2676 177, 178, 179, 180, 181, 182, 183, 184, 185, 186,
2677 187, 10, 10, 10, 10, 10, 96, 10, 10, 10,
2678 10, 10, 10, 10, 143, 10, 10, 146, 10, 10,
2679 142, 10, 144, 10, 114, 147, 155, 10, 10, 10,
2680 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2681 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2682 10, 10, 10, 10, 10, 10, 189, 190, 10, 10,
2683 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2684 10, 10, 10, 10, 10, 10, 10, 10, 168, 10,
2685 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2686 10, 10, 10, 10, 10, 10, 10, 10, 10, 232,
2687 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2688 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2689 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2690 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2691 230, 10, 10, 10, 10, 10, 10, 10, 282, 283,
2692 284, 285, 10, 10, 10, 10, 10, 10, 292, 10,
2693 280, 251, 282, 283, 284, 285, 286, 296, 10, 10,
2694 10, 10, 292, 295, 10, 10, 310, 311, 312, 313,
2695 314, 10, 272, 10, 10, 10, 10, 10, 10, 323,
2696 10, 281, 10, 10, 10, 10, 10, 10, 10, 10,
2697 10, 321, 322, 10, 10, 10, 10, 10, 10, 10,
2698 10, 10, 10, 10, 10, 305, 10, 10, 10, 309,
2699 10, 10, 10, -1, 10, 315, 13, 14, 15, 16,
2700 17, 18, 19, 20, 21, 22, 23, 24, 25, 26,
2701 27, 28, 29, 30, 31, 32, 33, 34, 35, 36,
2702 37, 38, 39, 40, 41, 42, 43, 44, 10, 10,
2703 10, 10, 49, 50, 51, 10, 10, 10, 55, 56,
2704 57, 58, 59, 60, 61, 62, 63, 64, 65, 66,
2705 67, 68, 69, 70, 71, 72, 73, 74, 75, 76,
2706 77, 78, 79, 80, 81, 82, 83, 84, 85, 86,
2707 87, 88, 89, 90, 91, 92, 93, 94, 95, 10,
2708 10, 10, 10, 10, 10, 10, 10, 10, 105, 106,
2709 107, 108, 109, 10, 111, 112, 113, 10, 10, 116,
2710 117, 118, 119, 120, 121, 122, 123, 124, 125, 126,
2711 127, 128, 129, 130, 131, 132, 133, 134, 135, 136,
2712 137, 138, 139, 140, 141, 10, 10, 10, 145, 10,
2713 10, 148, 149, 150, 151, 152, 153, 154, 10, 156,
2714 157, 158, 159, 160, 161, 162, 163, 164, 165, 166,
2715 167, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2716 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2717 10, 188, 189, 190, 191, 192, 193, 194, 195, 196,
2718 197, 198, 199, 200, 201, 202, 203, 204, 205, 206,
2719 207, 208, 209, 210, 211, 212, 213, 214, 215, 216,
2720 217, 218, 219, 220, 221, 222, 223, 224, 225, 226,
2721 227, 228, 229, 10, 231, 10, 233, 234, 235, 236,
2722 237, 238, 239, 240, 241, 242, 243, 244, 245, 246,
2723 247, 248, 249, 250, 10, 10, 10, 10, 10, 10,
2724 10, 10, 10, 10, 10, 262, 263, 264, 265, 266,
2725 267, 268, 269, 270, 271, 10, 10, 10, 10, 10,
2726 10, 10, 279, 10, 10, 10, 10, 10, 10, 10,
2727 287, 288, 10, 290, 291, 10, 293, 294, 10, 10,
2728 297, 298, 299, 300, 301, 302, 303, 304, 10, 10,
2729 10, 308, 10, 10, 10, 10, 10, 10, 10, 10,
2730 317, 318, 319, 320, 10, 10, 10, 10, 10, 10,
2731 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2732 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2733 10, 10, 10, 10, 10, 10, -1, -1, -1, -1,
2734 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2735 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2736 -1, -1, -1, 37, 37, 37, 37, 37
2737 };
2738
2739 /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
2740 symbol of state STATE-NUM. */
2741 static const yytype_int16 yystos[] =
2742 {
2743 0, 325, 0, 11, 12, 46, 52, 96, 114, 168,
2744 230, 251, 272, 281, 305, 309, 315, 326, 327, 328,
2745 331, 334, 337, 340, 349, 600, 611, 633, 637, 645,
2746 658, 668, 329, 332, 335, 338, 341, 350, 601, 612,
2747 634, 638, 646, 659, 669, 13, 14, 15, 16, 17,
2748 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
2749 28, 29, 30, 31, 32, 33, 34, 35, 36, 37,
2750 38, 39, 40, 41, 42, 43, 44, 49, 50, 51,
2751 55, 56, 57, 58, 59, 60, 61, 62, 63, 64,
2752 65, 66, 67, 68, 69, 70, 71, 72, 73, 74,
2753 75, 76, 77, 78, 79, 80, 81, 82, 83, 84,
2754 85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
2755 95, 105, 106, 107, 108, 109, 111, 112, 113, 116,
2756 117, 118, 119, 120, 121, 122, 123, 124, 125, 126,
2757 127, 128, 129, 130, 131, 132, 133, 134, 135, 136,
2758 137, 138, 139, 140, 141, 145, 148, 149, 150, 151,
2759 152, 153, 154, 156, 157, 158, 159, 160, 161, 162,
2760 163, 164, 165, 166, 167, 188, 189, 190, 191, 192,
2761 193, 194, 195, 196, 197, 198, 199, 200, 201, 202,
2762 203, 204, 205, 206, 207, 208, 209, 210, 211, 212,
2763 213, 214, 215, 216, 217, 218, 219, 220, 221, 222,
2764 223, 224, 225, 226, 227, 228, 229, 231, 233, 234,
2765 235, 236, 237, 238, 239, 240, 241, 242, 243, 244,
2766 245, 246, 247, 248, 249, 250, 262, 263, 264, 265,
2767 266, 267, 268, 269, 270, 271, 279, 287, 288, 290,
2768 291, 293, 294, 297, 298, 299, 300, 301, 302, 303,
2769 304, 308, 317, 318, 319, 320, 330, 352, 353, 354,
2770 355, 356, 357, 358, 359, 360, 361, 362, 363, 364,
2771 365, 366, 367, 368, 369, 370, 371, 372, 373, 374,
2772 375, 376, 377, 378, 379, 380, 381, 382, 383, 384,
2773 385, 386, 387, 388, 389, 390, 391, 392, 393, 394,
2774 395, 396, 397, 398, 399, 400, 401, 402, 403, 404,
2775 405, 406, 407, 408, 409, 410, 411, 412, 413, 414,
2776 415, 416, 417, 418, 419, 420, 421, 422, 423, 424,
2777 425, 426, 427, 428, 429, 430, 431, 432, 433, 434,
2778 435, 436, 437, 438, 439, 440, 441, 442, 443, 444,
2779 445, 446, 447, 448, 449, 450, 451, 452, 453, 454,
2780 455, 456, 457, 458, 459, 460, 461, 462, 463, 464,
2781 465, 466, 467, 468, 469, 470, 471, 472, 473, 474,
2782 475, 476, 477, 478, 479, 480, 481, 482, 483, 484,
2783 485, 486, 487, 488, 489, 490, 491, 492, 493, 494,
2784 495, 496, 497, 498, 499, 500, 501, 502, 503, 504,
2785 505, 506, 507, 508, 509, 510, 511, 512, 513, 514,
2786 515, 516, 517, 518, 519, 520, 521, 522, 523, 524,
2787 525, 526, 527, 528, 529, 530, 531, 532, 533, 534,
2788 535, 536, 537, 538, 539, 540, 541, 542, 543, 544,
2789 545, 546, 547, 548, 549, 550, 551, 552, 553, 554,
2790 555, 556, 557, 558, 559, 560, 561, 562, 563, 564,
2791 565, 566, 567, 641, 642, 643, 644, 667, 45, 47,
2792 48, 110, 143, 146, 155, 296, 333, 568, 569, 570,
2793 571, 572, 573, 574, 575, 45, 53, 54, 142, 144,
2794 147, 295, 336, 576, 577, 578, 579, 580, 581, 582,
2795 45, 81, 82, 108, 189, 190, 232, 339, 593, 594,
2796 595, 596, 597, 598, 599, 45, 280, 282, 283, 284,
2797 285, 286, 292, 321, 322, 342, 583, 584, 585, 586,
2798 587, 588, 589, 590, 591, 592, 310, 311, 312, 313,
2799 314, 323, 343, 344, 345, 346, 347, 348, 351, 583,
2800 584, 585, 586, 587, 590, 97, 98, 99, 100, 101,
2801 102, 103, 104, 602, 603, 604, 605, 606, 607, 608,
2802 609, 610, 169, 170, 171, 172, 173, 174, 175, 176,
2803 177, 178, 179, 180, 181, 182, 183, 184, 185, 186,
2804 187, 613, 614, 615, 616, 617, 618, 619, 620, 621,
2805 622, 623, 624, 625, 626, 627, 628, 629, 630, 631,
2806 632, 115, 635, 636, 316, 639, 640, 252, 253, 254,
2807 255, 256, 257, 258, 259, 260, 261, 647, 648, 649,
2808 650, 651, 652, 653, 654, 655, 656, 657, 273, 274,
2809 275, 276, 277, 278, 660, 661, 662, 663, 664, 665,
2810 666, 306, 307, 670, 671, 672, 10, 10, 10, 10,
27102811 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
27112812 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
27122813 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
27372838 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
27382839 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
27392840 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2740 10, 10, 10, 10, 10, 10, 10
2841 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2842 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
2843 10, 10, 10
27412844 };
27422845
27432846 /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
27442847 static const yytype_int16 yyr1[] =
27452848 {
2746 0, 309, 310, 310, 311, 311, 311, 311, 311, 311,
2747 311, 311, 311, 311, 311, 311, 311, 311, 312, 313,
2748 314, 314, 315, 315, 315, 315, 315, 315, 315, 315,
2749 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2750 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2751 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2752 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2753 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2754 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2755 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2756 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2757 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2758 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2759 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2760 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2761 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2762 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2763 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2764 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2765 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2766 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2767 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2768 315, 315, 315, 315, 315, 315, 315, 315, 315, 315,
2769 315, 315, 315, 316, 317, 317, 318, 318, 318, 318,
2770 318, 318, 318, 319, 320, 320, 321, 321, 321, 321,
2771 321, 321, 322, 323, 323, 324, 324, 324, 324, 324,
2772 324, 324, 325, 326, 326, 327, 327, 327, 327, 327,
2773 327, 327, 327, 328, 329, 330, 331, 332, 333, 334,
2774 334, 335, 335, 335, 335, 335, 335, 335, 335, 335,
2775 335, 336, 337, 338, 339, 340, 341, 342, 343, 344,
2776 345, 346, 347, 348, 349, 350, 351, 352, 353, 354,
2777 355, 356, 357, 358, 359, 360, 361, 362, 363, 364,
2778 365, 366, 367, 368, 369, 370, 371, 372, 373, 374,
2779 375, 376, 377, 378, 379, 380, 381, 382, 383, 384,
2780 385, 386, 387, 388, 389, 390, 391, 392, 393, 394,
2781 395, 396, 397, 398, 399, 400, 401, 402, 403, 404,
2782 405, 406, 407, 408, 409, 410, 411, 412, 413, 414,
2783 415, 416, 417, 418, 419, 420, 421, 422, 423, 424,
2784 425, 426, 427, 428, 429, 430, 431, 432, 433, 434,
2785 435, 436, 437, 438, 439, 440, 441, 442, 443, 444,
2786 445, 446, 447, 448, 449, 450, 451, 452, 453, 454,
2787 455, 456, 457, 458, 459, 460, 461, 462, 463, 464,
2788 465, 466, 467, 468, 469, 470, 471, 472, 473, 474,
2789 475, 476, 477, 478, 479, 480, 481, 482, 483, 484,
2790 485, 486, 487, 488, 489, 490, 491, 492, 493, 494,
2791 495, 496, 497, 498, 499, 500, 501, 502, 503, 504,
2792 505, 506, 507, 508, 509, 510, 511, 512, 513, 514,
2793 515, 516, 517, 518, 519, 520, 521, 522, 523, 524,
2794 525, 526, 527, 528, 529, 530, 531, 532, 533, 534,
2795 535, 536, 537, 538, 539, 540, 541, 542, 543, 544,
2796 545, 546, 547, 548, 549, 550, 551, 552, 553, 554,
2797 555, 556, 557, 558, 559, 560, 561, 562, 563, 564,
2798 565, 566, 567, 568, 569, 570, 571, 571, 572, 572,
2799 572, 572, 572, 572, 572, 572, 573, 574, 575, 576,
2800 577, 578, 579, 580, 581, 582, 582, 583, 583, 583,
2801 583, 583, 583, 583, 583, 583, 583, 583, 583, 583,
2802 583, 583, 583, 583, 583, 583, 584, 585, 586, 587,
2803 588, 589, 590, 591, 592, 593, 594, 595, 596, 597,
2804 598, 599, 600, 601, 602, 603, 604, 604, 605, 606,
2805 607, 608, 608, 609, 610, 611, 612, 613, 614, 615,
2806 616, 616, 617, 617, 617, 617, 617, 617, 617, 617,
2807 617, 617, 618, 619, 620, 621, 622, 623, 624, 625,
2808 626, 627, 628, 629, 629, 630, 630, 630, 630, 630,
2809 630, 631, 632, 633, 634, 635, 636, 637, 638, 639,
2810 639, 640, 640, 641, 642
2849 0, 324, 325, 325, 326, 326, 326, 326, 326, 326,
2850 326, 326, 326, 326, 326, 326, 326, 326, 327, 328,
2851 329, 329, 330, 330, 330, 330, 330, 330, 330, 330,
2852 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2853 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2854 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2855 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2856 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2857 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2858 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2859 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2860 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2861 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2862 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2863 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2864 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2865 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2866 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2867 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2868 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2869 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2870 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2871 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2872 330, 330, 330, 330, 330, 330, 330, 330, 330, 330,
2873 330, 330, 330, 331, 332, 332, 333, 333, 333, 333,
2874 333, 333, 333, 333, 334, 335, 335, 336, 336, 336,
2875 336, 336, 336, 336, 337, 338, 338, 339, 339, 339,
2876 339, 339, 339, 339, 340, 341, 341, 342, 342, 342,
2877 342, 342, 342, 342, 342, 342, 342, 343, 344, 345,
2878 346, 347, 348, 349, 350, 350, 351, 351, 351, 351,
2879 351, 351, 351, 351, 351, 351, 351, 351, 352, 353,
2880 354, 355, 356, 357, 358, 359, 360, 361, 362, 363,
2881 364, 365, 366, 367, 368, 369, 370, 371, 372, 373,
2882 374, 375, 376, 377, 378, 379, 380, 381, 382, 383,
2883 384, 385, 386, 387, 388, 389, 390, 391, 392, 393,
2884 394, 395, 396, 397, 398, 399, 400, 401, 402, 403,
2885 404, 405, 406, 407, 408, 409, 410, 411, 412, 413,
2886 414, 415, 416, 417, 418, 419, 420, 421, 422, 423,
2887 424, 425, 426, 427, 428, 429, 430, 431, 432, 433,
2888 434, 435, 436, 437, 438, 439, 440, 441, 442, 443,
2889 444, 445, 446, 447, 448, 449, 450, 451, 452, 453,
2890 454, 455, 456, 457, 458, 459, 460, 461, 462, 463,
2891 464, 465, 466, 467, 468, 469, 470, 471, 472, 473,
2892 474, 475, 476, 477, 478, 479, 480, 481, 482, 483,
2893 484, 485, 486, 487, 488, 489, 490, 491, 492, 493,
2894 494, 495, 496, 497, 498, 499, 500, 501, 502, 503,
2895 504, 505, 506, 507, 508, 509, 510, 511, 512, 513,
2896 514, 515, 516, 517, 518, 519, 520, 521, 522, 523,
2897 524, 525, 526, 527, 528, 529, 530, 531, 532, 533,
2898 534, 535, 536, 537, 538, 539, 540, 541, 542, 543,
2899 544, 545, 546, 547, 548, 549, 550, 551, 552, 553,
2900 554, 555, 556, 557, 558, 559, 560, 561, 562, 563,
2901 564, 565, 566, 567, 568, 569, 570, 571, 572, 573,
2902 574, 575, 576, 577, 578, 579, 580, 581, 582, 583,
2903 584, 585, 586, 587, 588, 589, 590, 591, 592, 593,
2904 594, 595, 596, 597, 598, 599, 600, 601, 601, 602,
2905 602, 602, 602, 602, 602, 602, 602, 603, 604, 605,
2906 606, 607, 608, 609, 610, 611, 612, 612, 613, 613,
2907 613, 613, 613, 613, 613, 613, 613, 613, 613, 613,
2908 613, 613, 613, 613, 613, 613, 613, 614, 615, 616,
2909 617, 618, 619, 620, 621, 622, 623, 624, 625, 626,
2910 627, 628, 629, 630, 631, 632, 633, 634, 634, 635,
2911 636, 637, 638, 638, 639, 640, 641, 642, 643, 644,
2912 645, 646, 646, 647, 647, 647, 647, 647, 647, 647,
2913 647, 647, 647, 648, 649, 650, 651, 652, 653, 654,
2914 655, 656, 657, 658, 659, 659, 660, 660, 660, 660,
2915 660, 660, 661, 662, 663, 664, 665, 666, 667, 668,
2916 669, 669, 670, 670, 671, 672
28112917 };
28122918
28132919 /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */
28362942 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
28372943 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
28382944 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2945 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
28392946 1, 1, 1, 1, 2, 0, 1, 1, 1, 1,
2840 1, 1, 1, 1, 2, 0, 1, 1, 1, 1,
2841 1, 1, 1, 2, 0, 1, 1, 1, 1, 1,
2842 1, 1, 1, 2, 0, 1, 1, 1, 1, 1,
2843 1, 1, 1, 2, 2, 2, 2, 2, 1, 2,
2844 0, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2845 1, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2947 1, 1, 1, 1, 1, 2, 0, 1, 1, 1,
2948 1, 1, 1, 1, 1, 2, 0, 1, 1, 1,
2949 1, 1, 1, 1, 1, 2, 0, 1, 1, 1,
2950 1, 1, 1, 1, 1, 1, 1, 2, 2, 2,
2951 2, 2, 2, 1, 2, 0, 1, 1, 1, 1,
2952 1, 1, 1, 1, 1, 1, 1, 1, 2, 2,
28462953 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
28472954 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
28482955 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
28552962 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
28562963 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
28572964 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2965 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2966 2, 2, 2, 2, 3, 2, 2, 2, 2, 2,
2967 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2968 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2969 2, 2, 2, 2, 2, 2, 3, 2, 2, 2,
2970 2, 2, 2, 2, 2, 2, 2, 3, 3, 4,
2971 4, 4, 3, 3, 2, 2, 2, 2, 2, 2,
2972 3, 3, 2, 2, 2, 2, 2, 2, 2, 2,
2973 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
28582974 2, 2, 3, 2, 2, 2, 2, 2, 2, 2,
28592975 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
28602976 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2861 2, 2, 3, 2, 2, 2, 2, 2, 2, 2,
2862 2, 2, 2, 3, 3, 4, 4, 4, 3, 3,
2863 2, 2, 2, 2, 2, 2, 3, 3, 2, 2,
2977 3, 3, 3, 2, 2, 2, 1, 2, 0, 1,
2978 1, 1, 1, 1, 1, 1, 1, 2, 2, 2,
2979 2, 2, 2, 2, 2, 1, 2, 0, 1, 1,
2980 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2981 1, 1, 1, 1, 1, 1, 1, 2, 2, 2,
28642982 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2865 2, 2, 2, 2, 2, 3, 2, 2, 2, 2,
2866 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2867 2, 2, 2, 2, 2, 2, 2, 2, 2, 3,
2868 3, 3, 2, 2, 2, 1, 2, 0, 1, 1,
2869 1, 1, 1, 1, 1, 1, 2, 2, 2, 2,
2870 2, 2, 2, 2, 1, 2, 0, 1, 1, 1,
2871 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2872 1, 1, 1, 1, 1, 1, 2, 2, 2, 2,
2873 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2874 2, 2, 2, 2, 2, 1, 2, 0, 1, 2,
2875 1, 2, 0, 1, 2, 2, 2, 3, 3, 1,
2876 2, 0, 1, 1, 1, 1, 1, 1, 1, 1,
2877 1, 1, 2, 2, 2, 2, 2, 2, 2, 2,
2878 2, 2, 1, 2, 0, 1, 1, 1, 1, 1,
2879 1, 2, 2, 2, 2, 2, 2, 3, 1, 2,
2880 0, 1, 1, 2, 2
2983 2, 2, 2, 2, 2, 2, 1, 2, 0, 1,
2984 2, 1, 2, 0, 1, 2, 2, 2, 3, 3,
2985 1, 2, 0, 1, 1, 1, 1, 1, 1, 1,
2986 1, 1, 1, 2, 2, 2, 2, 2, 2, 2,
2987 2, 2, 2, 1, 2, 0, 1, 1, 1, 1,
2988 1, 1, 2, 2, 2, 2, 2, 2, 3, 1,
2989 2, 0, 1, 1, 2, 2
28812990 };
28822991
28832992
33583467 switch (yyn)
33593468 {
33603469 case 18:
3361 #line 197 "util/configparser.y"
3470 #line 204 "util/configparser.y"
33623471 {
33633472 OUTYY(("\nP(force-toplevel)\n"));
33643473 }
3365 #line 3367 "util/configparser.c"
3474 #line 3476 "util/configparser.c"
33663475 break;
33673476
33683477 case 19:
3369 #line 203 "util/configparser.y"
3370 {
3478 #line 210 "util/configparser.y"
3479 {
33713480 OUTYY(("\nP(server:)\n"));
33723481 }
3373 #line 3375 "util/configparser.c"
3374 break;
3375
3376 case 233:
3377 #line 305 "util/configparser.y"
3482 #line 3484 "util/configparser.c"
3483 break;
3484
3485 case 243:
3486 #line 318 "util/configparser.y"
33783487 {
33793488 struct config_stub* s;
3380 OUTYY(("\nP(stub_zone:)\n"));
3489 OUTYY(("\nP(stub_zone:)\n"));
33813490 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
33823491 if(s) {
33833492 s->next = cfg_parser->cfg->stubs;
33843493 cfg_parser->cfg->stubs = s;
3385 } else
3494 } else {
33863495 yyerror("out of memory");
3387 }
3388 #line 3390 "util/configparser.c"
3389 break;
3390
3391 case 243:
3392 #line 322 "util/configparser.y"
3496 }
3497 }
3498 #line 3500 "util/configparser.c"
3499 break;
3500
3501 case 254:
3502 #line 336 "util/configparser.y"
33933503 {
33943504 struct config_stub* s;
3395 OUTYY(("\nP(forward_zone:)\n"));
3505 OUTYY(("\nP(forward_zone:)\n"));
33963506 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
33973507 if(s) {
33983508 s->next = cfg_parser->cfg->forwards;
33993509 cfg_parser->cfg->forwards = s;
3400 } else
3510 } else {
34013511 yyerror("out of memory");
3402 }
3403 #line 3405 "util/configparser.c"
3404 break;
3405
3406 case 252:
3407 #line 339 "util/configparser.y"
3512 }
3513 }
3514 #line 3516 "util/configparser.c"
3515 break;
3516
3517 case 264:
3518 #line 354 "util/configparser.y"
34083519 {
34093520 struct config_view* s;
3410 OUTYY(("\nP(view:)\n"));
3521 OUTYY(("\nP(view:)\n"));
34113522 s = (struct config_view*)calloc(1, sizeof(struct config_view));
34123523 if(s) {
34133524 s->next = cfg_parser->cfg->views;
34143525 if(s->next && !s->next->name)
34153526 yyerror("view without name");
34163527 cfg_parser->cfg->views = s;
3417 } else
3528 } else {
34183529 yyerror("out of memory");
3419 }
3420 #line 3422 "util/configparser.c"
3421 break;
3422
3423 case 262:
3424 #line 358 "util/configparser.y"
3530 }
3531 }
3532 #line 3534 "util/configparser.c"
3533 break;
3534
3535 case 274:
3536 #line 374 "util/configparser.y"
34253537 {
34263538 struct config_auth* s;
3427 OUTYY(("\nP(auth_zone:)\n"));
3539 OUTYY(("\nP(auth_zone:)\n"));
34283540 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
34293541 if(s) {
34303542 s->next = cfg_parser->cfg->auths;
34333545 s->for_downstream = 1;
34343546 s->for_upstream = 1;
34353547 s->fallback_enabled = 0;
3548 s->zonemd_check = 0;
3549 s->zonemd_reject_absence = 0;
34363550 s->isrpz = 0;
3437 } else
3551 } else {
34383552 yyerror("out of memory");
3439 }
3440 #line 3442 "util/configparser.c"
3441 break;
3442
3443 case 273:
3444 #line 382 "util/configparser.y"
3553 }
3554 }
3555 #line 3557 "util/configparser.c"
3556 break;
3557
3558 case 287:
3559 #line 401 "util/configparser.y"
34453560 {
34463561 uint8_t* bitlist;
34473562 size_t len = 0;
34583573
34593574 }
34603575 }
3461 #line 3463 "util/configparser.c"
3462 break;
3463
3464 case 274:
3465 #line 401 "util/configparser.y"
3576 #line 3578 "util/configparser.c"
3577 break;
3578
3579 case 288:
3580 #line 420 "util/configparser.y"
34663581 {
34673582 OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str)));
34683583 if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 &&
34773592 cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str);
34783593 }
34793594 }
3480 #line 3482 "util/configparser.c"
3481 break;
3482
3483 case 275:
3484 #line 418 "util/configparser.y"
3595 #line 3597 "util/configparser.c"
3596 break;
3597
3598 case 289:
3599 #line 437 "util/configparser.y"
34853600 {
34863601 OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str)));
34873602 free(cfg_parser->cfg->auths->rpz_cname);
34883603 cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str);
34893604 }
3490 #line 3492 "util/configparser.c"
3491 break;
3492
3493 case 276:
3494 #line 426 "util/configparser.y"
3605 #line 3607 "util/configparser.c"
3606 break;
3607
3608 case 290:
3609 #line 445 "util/configparser.y"
34953610 {
34963611 OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str)));
34973612 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
34993614 else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0);
35003615 free((yyvsp[0].str));
35013616 }
3502 #line 3504 "util/configparser.c"
3503 break;
3504
3505 case 277:
3506 #line 436 "util/configparser.y"
3617 #line 3619 "util/configparser.c"
3618 break;
3619
3620 case 291:
3621 #line 455 "util/configparser.y"
35073622 {
35083623 OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str)));
35093624 free(cfg_parser->cfg->auths->rpz_log_name);
35103625 cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str);
35113626 }
3512 #line 3514 "util/configparser.c"
3513 break;
3514
3515 case 278:
3516 #line 444 "util/configparser.y"
3627 #line 3629 "util/configparser.c"
3628 break;
3629
3630 case 292:
3631 #line 462 "util/configparser.y"
3632 {
3633 OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", (yyvsp[0].str)));
3634 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
3635 yyerror("expected yes or no.");
3636 else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp((yyvsp[0].str), "yes")==0);
3637 free((yyvsp[0].str));
3638 }
3639 #line 3641 "util/configparser.c"
3640 break;
3641
3642 case 293:
3643 #line 472 "util/configparser.y"
35173644 {
35183645 struct config_auth* s;
35193646 OUTYY(("\nP(rpz:)\n"));
35263653 s->for_upstream = 0;
35273654 s->fallback_enabled = 0;
35283655 s->isrpz = 1;
3529 } else
3656 } else {
35303657 yyerror("out of memory");
3531 }
3532 #line 3534 "util/configparser.c"
3533 break;
3534
3535 case 291:
3536 #line 467 "util/configparser.y"
3537 {
3538 OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str)));
3658 }
3659 }
3660 #line 3662 "util/configparser.c"
3661 break;
3662
3663 case 308:
3664 #line 496 "util/configparser.y"
3665 {
3666 OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str)));
35393667 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
35403668 yyerror("number expected");
35413669 else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str));
35423670 free((yyvsp[0].str));
35433671 }
3544 #line 3546 "util/configparser.c"
3545 break;
3546
3547 case 292:
3548 #line 476 "util/configparser.y"
3549 {
3550 OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str)));
3672 #line 3674 "util/configparser.c"
3673 break;
3674
3675 case 309:
3676 #line 505 "util/configparser.y"
3677 {
3678 OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str)));
35513679 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
35523680 yyerror("number expected");
35533681 else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str));
35543682 free((yyvsp[0].str));
35553683 }
3556 #line 3558 "util/configparser.c"
3557 break;
3558
3559 case 293:
3560 #line 485 "util/configparser.y"
3561 {
3562 OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str)));
3684 #line 3686 "util/configparser.c"
3685 break;
3686
3687 case 310:
3688 #line 514 "util/configparser.y"
3689 {
3690 OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str)));
35633691 if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0)
35643692 cfg_parser->cfg->stat_interval = 0;
35653693 else if(atoi((yyvsp[0].str)) == 0)
35673695 else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str));
35683696 free((yyvsp[0].str));
35693697 }
3570 #line 3572 "util/configparser.c"
3571 break;
3572
3573 case 294:
3574 #line 496 "util/configparser.y"
3698 #line 3700 "util/configparser.c"
3699 break;
3700
3701 case 311:
3702 #line 525 "util/configparser.y"
35753703 {
35763704 OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str)));
35773705 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
35793707 else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0);
35803708 free((yyvsp[0].str));
35813709 }
3582 #line 3584 "util/configparser.c"
3583 break;
3584
3585 case 295:
3586 #line 505 "util/configparser.y"
3710 #line 3712 "util/configparser.c"
3711 break;
3712
3713 case 312:
3714 #line 534 "util/configparser.y"
35873715 {
35883716 OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str)));
35893717 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
35913719 else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0);
35923720 free((yyvsp[0].str));
35933721 }
3594 #line 3596 "util/configparser.c"
3595 break;
3596
3597 case 296:
3598 #line 514 "util/configparser.y"
3722 #line 3724 "util/configparser.c"
3723 break;
3724
3725 case 313:
3726 #line 543 "util/configparser.y"
35993727 {
36003728 OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str)));
36013729 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
36033731 else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0);
36043732 free((yyvsp[0].str));
36053733 }
3606 #line 3608 "util/configparser.c"
3607 break;
3608
3609 case 297:
3610 #line 523 "util/configparser.y"
3611 {
3612 OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str)));
3734 #line 3736 "util/configparser.c"
3735 break;
3736
3737 case 314:
3738 #line 552 "util/configparser.y"
3739 {
3740 OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str)));
36133741 if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0)
36143742 cfg_parser->cfg->shm_key = 0;
36153743 else if(atoi((yyvsp[0].str)) == 0)
36173745 else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str));
36183746 free((yyvsp[0].str));
36193747 }
3620 #line 3622 "util/configparser.c"
3621 break;
3622
3623 case 298:
3624 #line 534 "util/configparser.y"
3748 #line 3750 "util/configparser.c"
3749 break;
3750
3751 case 315:
3752 #line 563 "util/configparser.y"
36253753 {
36263754 OUTYY(("P(server_port:%s)\n", (yyvsp[0].str)));
36273755 if(atoi((yyvsp[0].str)) == 0)
36293757 else cfg_parser->cfg->port = atoi((yyvsp[0].str));
36303758 free((yyvsp[0].str));
36313759 }
3632 #line 3634 "util/configparser.c"
3633 break;
3634
3635 case 299:
3636 #line 543 "util/configparser.y"
3760 #line 3762 "util/configparser.c"
3761 break;
3762
3763 case 316:
3764 #line 572 "util/configparser.y"
36373765 {
36383766 #ifdef CLIENT_SUBNET
36393767 OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str)));
36443772 free((yyvsp[0].str));
36453773 #endif
36463774 }
3647 #line 3649 "util/configparser.c"
3648 break;
3649
3650 case 300:
3651 #line 555 "util/configparser.y"
3775 #line 3777 "util/configparser.c"
3776 break;
3777
3778 case 317:
3779 #line 584 "util/configparser.y"
36523780 {
36533781 #ifdef CLIENT_SUBNET
36543782 OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str)));
36603788 free((yyvsp[0].str));
36613789 #endif
36623790 }
3663 #line 3665 "util/configparser.c"
3664 break;
3665
3666 case 301:
3667 #line 569 "util/configparser.y"
3791 #line 3793 "util/configparser.c"
3792 break;
3793
3794 case 318:
3795 #line 598 "util/configparser.y"
36683796 {
36693797 #ifdef CLIENT_SUBNET
36703798 OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str)));
36783806 #endif
36793807 free((yyvsp[0].str));
36803808 }
3681 #line 3683 "util/configparser.c"
3682 break;
3683
3684 case 302:
3685 #line 584 "util/configparser.y"
3809 #line 3811 "util/configparser.c"
3810 break;
3811
3812 case 319:
3813 #line 613 "util/configparser.y"
36863814 {
36873815 #ifdef CLIENT_SUBNET
36883816 OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str)));
36923820 #endif
36933821 free((yyvsp[0].str));
36943822 }
3695 #line 3697 "util/configparser.c"
3696 break;
3697
3698 case 303:
3699 #line 595 "util/configparser.y"
3823 #line 3825 "util/configparser.c"
3824 break;
3825
3826 case 320:
3827 #line 624 "util/configparser.y"
37003828 {
37013829 #ifdef CLIENT_SUBNET
37023830 OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str)));
37123840 #endif
37133841 free((yyvsp[0].str));
37143842 }
3715 #line 3717 "util/configparser.c"
3716 break;
3717
3718 case 304:
3719 #line 612 "util/configparser.y"
3843 #line 3845 "util/configparser.c"
3844 break;
3845
3846 case 321:
3847 #line 641 "util/configparser.y"
37203848 {
37213849 #ifdef CLIENT_SUBNET
37223850 OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str)));
37323860 #endif
37333861 free((yyvsp[0].str));
37343862 }
3735 #line 3737 "util/configparser.c"
3736 break;
3737
3738 case 305:
3739 #line 629 "util/configparser.y"
3863 #line 3865 "util/configparser.c"
3864 break;
3865
3866 case 322:
3867 #line 658 "util/configparser.y"
37403868 {
37413869 #ifdef CLIENT_SUBNET
37423870 OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str)));
37523880 #endif
37533881 free((yyvsp[0].str));
37543882 }
3755 #line 3757 "util/configparser.c"
3756 break;
3757
3758 case 306:
3759 #line 646 "util/configparser.y"
3883 #line 3885 "util/configparser.c"
3884 break;
3885
3886 case 323:
3887 #line 675 "util/configparser.y"
37603888 {
37613889 #ifdef CLIENT_SUBNET
37623890 OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str)));
37723900 #endif
37733901 free((yyvsp[0].str));
37743902 }
3775 #line 3777 "util/configparser.c"
3776 break;
3777
3778 case 307:
3779 #line 663 "util/configparser.y"
3903 #line 3905 "util/configparser.c"
3904 break;
3905
3906 case 324:
3907 #line 692 "util/configparser.y"
37803908 {
37813909 #ifdef CLIENT_SUBNET
37823910 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str)));
37903918 #endif
37913919 free((yyvsp[0].str));
37923920 }
3793 #line 3795 "util/configparser.c"
3794 break;
3795
3796 case 308:
3797 #line 678 "util/configparser.y"
3921 #line 3923 "util/configparser.c"
3922 break;
3923
3924 case 325:
3925 #line 707 "util/configparser.y"
37983926 {
37993927 #ifdef CLIENT_SUBNET
38003928 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str)));
38083936 #endif
38093937 free((yyvsp[0].str));
38103938 }
3811 #line 3813 "util/configparser.c"
3812 break;
3813
3814 case 309:
3815 #line 693 "util/configparser.y"
3939 #line 3941 "util/configparser.c"
3940 break;
3941
3942 case 326:
3943 #line 722 "util/configparser.y"
38163944 {
38173945 OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str)));
38183946 if(cfg_parser->cfg->num_ifs == 0)
38193947 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
3820 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
3948 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
38213949 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
38223950 if(!cfg_parser->cfg->ifs)
38233951 yyerror("out of memory");
38243952 else
38253953 cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str);
38263954 }
3827 #line 3829 "util/configparser.c"
3828 break;
3829
3830 case 310:
3831 #line 706 "util/configparser.y"
3955 #line 3957 "util/configparser.c"
3956 break;
3957
3958 case 327:
3959 #line 735 "util/configparser.y"
38323960 {
38333961 OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str)));
38343962 if(cfg_parser->cfg->num_out_ifs == 0)
38353963 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
3836 else cfg_parser->cfg->out_ifs = realloc(
3837 cfg_parser->cfg->out_ifs,
3964 else cfg_parser->cfg->out_ifs = realloc(
3965 cfg_parser->cfg->out_ifs,
38383966 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
38393967 if(!cfg_parser->cfg->out_ifs)
38403968 yyerror("out of memory");
38423970 cfg_parser->cfg->out_ifs[
38433971 cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str);
38443972 }
3845 #line 3847 "util/configparser.c"
3846 break;
3847
3848 case 311:
3849 #line 721 "util/configparser.y"
3973 #line 3975 "util/configparser.c"
3974 break;
3975
3976 case 328:
3977 #line 750 "util/configparser.y"
38503978 {
38513979 OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str)));
38523980 if(atoi((yyvsp[0].str)) == 0)
38543982 else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str));
38553983 free((yyvsp[0].str));
38563984 }
3857 #line 3859 "util/configparser.c"
3858 break;
3859
3860 case 312:
3861 #line 730 "util/configparser.y"
3985 #line 3987 "util/configparser.c"
3986 break;
3987
3988 case 329:
3989 #line 759 "util/configparser.y"
38623990 {
38633991 OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str)));
3864 if(!cfg_mark_ports((yyvsp[0].str), 1,
3992 if(!cfg_mark_ports((yyvsp[0].str), 1,
38653993 cfg_parser->cfg->outgoing_avail_ports, 65536))
38663994 yyerror("port number or range (\"low-high\") expected");
38673995 free((yyvsp[0].str));
38683996 }
3869 #line 3871 "util/configparser.c"
3870 break;
3871
3872 case 313:
3873 #line 739 "util/configparser.y"
3997 #line 3999 "util/configparser.c"
3998 break;
3999
4000 case 330:
4001 #line 768 "util/configparser.y"
38744002 {
38754003 OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str)));
3876 if(!cfg_mark_ports((yyvsp[0].str), 0,
4004 if(!cfg_mark_ports((yyvsp[0].str), 0,
38774005 cfg_parser->cfg->outgoing_avail_ports, 65536))
38784006 yyerror("port number or range (\"low-high\") expected");
38794007 free((yyvsp[0].str));
38804008 }
3881 #line 3883 "util/configparser.c"
3882 break;
3883
3884 case 314:
3885 #line 748 "util/configparser.y"
4009 #line 4011 "util/configparser.c"
4010 break;
4011
4012 case 331:
4013 #line 777 "util/configparser.y"
38864014 {
38874015 OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str)));
38884016 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
38904018 else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str));
38914019 free((yyvsp[0].str));
38924020 }
3893 #line 3895 "util/configparser.c"
3894 break;
3895
3896 case 315:
3897 #line 757 "util/configparser.y"
4021 #line 4023 "util/configparser.c"
4022 break;
4023
4024 case 332:
4025 #line 786 "util/configparser.y"
38984026 {
38994027 OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str)));
39004028 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
39024030 else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str));
39034031 free((yyvsp[0].str));
39044032 }
3905 #line 3907 "util/configparser.c"
3906 break;
3907
3908 case 316:
3909 #line 766 "util/configparser.y"
4033 #line 4035 "util/configparser.c"
4034 break;
4035
4036 case 333:
4037 #line 795 "util/configparser.y"
39104038 {
39114039 OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str)));
39124040 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
39144042 else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0);
39154043 free((yyvsp[0].str));
39164044 }
3917 #line 3919 "util/configparser.c"
3918 break;
3919
3920 case 317:
3921 #line 775 "util/configparser.y"
4045 #line 4047 "util/configparser.c"
4046 break;
4047
4048 case 334:
4049 #line 804 "util/configparser.y"
39224050 {
39234051 OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str)));
39244052 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
39264054 else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0);
39274055 free((yyvsp[0].str));
39284056 }
3929 #line 3931 "util/configparser.c"
3930 break;
3931
3932 case 318:
3933 #line 784 "util/configparser.y"
4057 #line 4059 "util/configparser.c"
4058 break;
4059
4060 case 335:
4061 #line 813 "util/configparser.y"
39344062 {
39354063 OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str)));
39364064 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
39384066 else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0);
39394067 free((yyvsp[0].str));
39404068 }
3941 #line 3943 "util/configparser.c"
3942 break;
3943
3944 case 319:
3945 #line 793 "util/configparser.y"
4069 #line 4071 "util/configparser.c"
4070 break;
4071
4072 case 336:
4073 #line 822 "util/configparser.y"
39464074 {
39474075 OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str)));
39484076 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
39504078 else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0);
39514079 free((yyvsp[0].str));
39524080 }
3953 #line 3955 "util/configparser.c"
3954 break;
3955
3956 case 320:
3957 #line 802 "util/configparser.y"
4081 #line 4083 "util/configparser.c"
4082 break;
4083
4084 case 337:
4085 #line 831 "util/configparser.y"
39584086 {
39594087 OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str)));
39604088 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
39624090 else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0);
39634091 free((yyvsp[0].str));
39644092 }
3965 #line 3967 "util/configparser.c"
3966 break;
3967
3968 case 321:
3969 #line 811 "util/configparser.y"
4093 #line 4095 "util/configparser.c"
4094 break;
4095
4096 case 338:
4097 #line 840 "util/configparser.y"
39704098 {
39714099 OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str)));
39724100 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
39744102 else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0);
39754103 free((yyvsp[0].str));
39764104 }
3977 #line 3979 "util/configparser.c"
3978 break;
3979
3980 case 322:
3981 #line 820 "util/configparser.y"
4105 #line 4107 "util/configparser.c"
4106 break;
4107
4108 case 339:
4109 #line 849 "util/configparser.y"
39824110 {
39834111 OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str)));
39844112 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
39864114 else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0);
39874115 free((yyvsp[0].str));
39884116 }
3989 #line 3991 "util/configparser.c"
3990 break;
3991
3992 case 323:
3993 #line 829 "util/configparser.y"
4117 #line 4119 "util/configparser.c"
4118 break;
4119
4120 case 340:
4121 #line 858 "util/configparser.y"
39944122 {
39954123 OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str)));
3996 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
3997 yyerror("number expected");
3998 else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str));
3999 free((yyvsp[0].str));
4000 }
4001 #line 4003 "util/configparser.c"
4002 break;
4003
4004 case 324:
4005 #line 838 "util/configparser.y"
4124 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
4125 yyerror("number expected");
4126 else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str));
4127 free((yyvsp[0].str));
4128 }
4129 #line 4131 "util/configparser.c"
4130 break;
4131
4132 case 341:
4133 #line 867 "util/configparser.y"
40064134 {
40074135 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str)));
40084136 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
40104138 else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str));
40114139 free((yyvsp[0].str));
40124140 }
4013 #line 4015 "util/configparser.c"
4014 break;
4015
4016 case 325:
4017 #line 847 "util/configparser.y"
4141 #line 4143 "util/configparser.c"
4142 break;
4143
4144 case 342:
4145 #line 876 "util/configparser.y"
40184146 {
40194147 OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str)));
40204148 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
40264154 else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str));
40274155 free((yyvsp[0].str));
40284156 }
4029 #line 4031 "util/configparser.c"
4030 break;
4031
4032 case 326:
4033 #line 860 "util/configparser.y"
4157 #line 4159 "util/configparser.c"
4158 break;
4159
4160 case 343:
4161 #line 889 "util/configparser.y"
4162 {
4163 OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", (yyvsp[0].str)));
4164 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
4165 yyerror("number expected");
4166 else if (atoi((yyvsp[0].str)) < 1)
4167 cfg_parser->cfg->max_reuse_tcp_queries = 0;
4168 else cfg_parser->cfg->max_reuse_tcp_queries = atoi((yyvsp[0].str));
4169 free((yyvsp[0].str));
4170 }
4171 #line 4173 "util/configparser.c"
4172 break;
4173
4174 case 344:
4175 #line 900 "util/configparser.y"
4176 {
4177 OUTYY(("P(server_tcp_reuse_timeout:%s)\n", (yyvsp[0].str)));
4178 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
4179 yyerror("number expected");
4180 else if (atoi((yyvsp[0].str)) < 1)
4181 cfg_parser->cfg->tcp_reuse_timeout = 0;
4182 else cfg_parser->cfg->tcp_reuse_timeout = atoi((yyvsp[0].str));
4183 free((yyvsp[0].str));
4184 }
4185 #line 4187 "util/configparser.c"
4186 break;
4187
4188 case 345:
4189 #line 911 "util/configparser.y"
4190 {
4191 OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", (yyvsp[0].str)));
4192 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
4193 yyerror("number expected");
4194 else if (atoi((yyvsp[0].str)) < 1)
4195 cfg_parser->cfg->tcp_auth_query_timeout = 0;
4196 else cfg_parser->cfg->tcp_auth_query_timeout = atoi((yyvsp[0].str));
4197 free((yyvsp[0].str));
4198 }
4199 #line 4201 "util/configparser.c"
4200 break;
4201
4202 case 346:
4203 #line 922 "util/configparser.y"
40344204 {
40354205 OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str)));
40364206 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
40384208 else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0);
40394209 free((yyvsp[0].str));
40404210 }
4041 #line 4043 "util/configparser.c"
4042 break;
4043
4044 case 327:
4045 #line 869 "util/configparser.y"
4211 #line 4213 "util/configparser.c"
4212 break;
4213
4214 case 347:
4215 #line 931 "util/configparser.y"
40464216 {
40474217 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str)));
40484218 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
40544224 else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str));
40554225 free((yyvsp[0].str));
40564226 }
4057 #line 4059 "util/configparser.c"
4058 break;
4059
4060 case 328:
4061 #line 882 "util/configparser.y"
4227 #line 4229 "util/configparser.c"
4228 break;
4229
4230 case 348:
4231 #line 944 "util/configparser.y"
40624232 {
40634233 OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str)));
40644234 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
40664236 else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0);
40674237 free((yyvsp[0].str));
40684238 }
4069 #line 4071 "util/configparser.c"
4070 break;
4071
4072 case 329:
4073 #line 891 "util/configparser.y"
4239 #line 4241 "util/configparser.c"
4240 break;
4241
4242 case 349:
4243 #line 953 "util/configparser.y"
40744244 {
40754245 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str)));
40764246 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
40784248 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0);
40794249 free((yyvsp[0].str));
40804250 }
4081 #line 4083 "util/configparser.c"
4082 break;
4083
4084 case 330:
4085 #line 900 "util/configparser.y"
4251 #line 4253 "util/configparser.c"
4252 break;
4253
4254 case 350:
4255 #line 962 "util/configparser.y"
40864256 {
40874257 OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str)));
40884258 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
40904260 else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0);
40914261 free((yyvsp[0].str));
40924262 }
4093 #line 4095 "util/configparser.c"
4094 break;
4095
4096 case 331:
4097 #line 909 "util/configparser.y"
4263 #line 4265 "util/configparser.c"
4264 break;
4265
4266 case 351:
4267 #line 971 "util/configparser.y"
40984268 {
40994269 OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str)));
41004270 free(cfg_parser->cfg->ssl_service_key);
41014271 cfg_parser->cfg->ssl_service_key = (yyvsp[0].str);
41024272 }
4103 #line 4105 "util/configparser.c"
4104 break;
4105
4106 case 332:
4107 #line 916 "util/configparser.y"
4273 #line 4275 "util/configparser.c"
4274 break;
4275
4276 case 352:
4277 #line 978 "util/configparser.y"
41084278 {
41094279 OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str)));
41104280 free(cfg_parser->cfg->ssl_service_pem);
41114281 cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str);
41124282 }
4113 #line 4115 "util/configparser.c"
4114 break;
4115
4116 case 333:
4117 #line 923 "util/configparser.y"
4283 #line 4285 "util/configparser.c"
4284 break;
4285
4286 case 353:
4287 #line 985 "util/configparser.y"
41184288 {
41194289 OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str)));
41204290 if(atoi((yyvsp[0].str)) == 0)
41224292 else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str));
41234293 free((yyvsp[0].str));
41244294 }
4125 #line 4127 "util/configparser.c"
4126 break;
4127
4128 case 334:
4129 #line 932 "util/configparser.y"
4295 #line 4297 "util/configparser.c"
4296 break;
4297
4298 case 354:
4299 #line 994 "util/configparser.y"
41304300 {
41314301 OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str)));
41324302 free(cfg_parser->cfg->tls_cert_bundle);
41334303 cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str);
41344304 }
4135 #line 4137 "util/configparser.c"
4136 break;
4137
4138 case 335:
4139 #line 939 "util/configparser.y"
4305 #line 4307 "util/configparser.c"
4306 break;
4307
4308 case 355:
4309 #line 1001 "util/configparser.y"
41404310 {
41414311 OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str)));
41424312 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
41444314 else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0);
41454315 free((yyvsp[0].str));
41464316 }
4147 #line 4149 "util/configparser.c"
4148 break;
4149
4150 case 336:
4151 #line 948 "util/configparser.y"
4317 #line 4319 "util/configparser.c"
4318 break;
4319
4320 case 356:
4321 #line 1010 "util/configparser.y"
41524322 {
41534323 OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str)));
41544324 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
41554325 (yyvsp[0].str)))
41564326 yyerror("out of memory");
41574327 }
4158 #line 4160 "util/configparser.c"
4159 break;
4160
4161 case 337:
4162 #line 956 "util/configparser.y"
4328 #line 4330 "util/configparser.c"
4329 break;
4330
4331 case 357:
4332 #line 1018 "util/configparser.y"
41634333 {
41644334 OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str)));
41654335 free(cfg_parser->cfg->tls_ciphers);
41664336 cfg_parser->cfg->tls_ciphers = (yyvsp[0].str);
41674337 }
4168 #line 4170 "util/configparser.c"
4169 break;
4170
4171 case 338:
4172 #line 963 "util/configparser.y"
4338 #line 4340 "util/configparser.c"
4339 break;
4340
4341 case 358:
4342 #line 1025 "util/configparser.y"
41734343 {
41744344 OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str)));
41754345 free(cfg_parser->cfg->tls_ciphersuites);
41764346 cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str);
41774347 }
4178 #line 4180 "util/configparser.c"
4179 break;
4180
4181 case 339:
4182 #line 970 "util/configparser.y"
4348 #line 4350 "util/configparser.c"
4349 break;
4350
4351 case 359:
4352 #line 1032 "util/configparser.y"
41834353 {
41844354 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str)));
41854355 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
41864356 (yyvsp[0].str)))
41874357 yyerror("out of memory");
41884358 }
4189 #line 4191 "util/configparser.c"
4190 break;
4191
4192 case 340:
4193 #line 978 "util/configparser.y"
4359 #line 4361 "util/configparser.c"
4360 break;
4361
4362 case 360:
4363 #line 1040 "util/configparser.y"
41944364 {
41954365 OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str)));
41964366 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
41984368 else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0);
41994369 free((yyvsp[0].str));
42004370 }
4201 #line 4203 "util/configparser.c"
4202 break;
4203
4204 case 341:
4205 #line 987 "util/configparser.y"
4371 #line 4373 "util/configparser.c"
4372 break;
4373
4374 case 361:
4375 #line 1049 "util/configparser.y"
42064376 {
42074377 OUTYY(("P(server_https_port:%s)\n", (yyvsp[0].str)));
42084378 if(atoi((yyvsp[0].str)) == 0)
42104380 else cfg_parser->cfg->https_port = atoi((yyvsp[0].str));
42114381 free((yyvsp[0].str));
42124382 }
4213 #line 4215 "util/configparser.c"
4214 break;
4215
4216 case 342:
4217 #line 995 "util/configparser.y"
4383 #line 4385 "util/configparser.c"
4384 break;
4385
4386 case 362:
4387 #line 1057 "util/configparser.y"
42184388 {
42194389 OUTYY(("P(server_http_endpoint:%s)\n", (yyvsp[0].str)));
42204390 free(cfg_parser->cfg->http_endpoint);
42304400 cfg_parser->cfg->http_endpoint = (yyvsp[0].str);
42314401 }
42324402 }
4233 #line 4235 "util/configparser.c"
4234 break;
4235
4236 case 343:
4237 #line 1011 "util/configparser.y"
4403 #line 4405 "util/configparser.c"
4404 break;
4405
4406 case 363:
4407 #line 1073 "util/configparser.y"
42384408 {
42394409 OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str)));
42404410 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
42424412 else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str));
42434413 free((yyvsp[0].str));
42444414 }
4245 #line 4247 "util/configparser.c"
4246 break;
4247
4248 case 344:
4249 #line 1019 "util/configparser.y"
4415 #line 4417 "util/configparser.c"
4416 break;
4417
4418 case 364:
4419 #line 1081 "util/configparser.y"
42504420 {
42514421 OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str)));
42524422 if(!cfg_parse_memsize((yyvsp[0].str),
42544424 yyerror("memory size expected");
42554425 free((yyvsp[0].str));
42564426 }
4257 #line 4259 "util/configparser.c"
4258 break;
4259
4260 case 345:
4261 #line 1027 "util/configparser.y"
4427 #line 4429 "util/configparser.c"
4428 break;
4429
4430 case 365:
4431 #line 1089 "util/configparser.y"
42624432 {
42634433 OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str)));
42644434 if(!cfg_parse_memsize((yyvsp[0].str),
42664436 yyerror("memory size expected");
42674437 free((yyvsp[0].str));
42684438 }
4269 #line 4271 "util/configparser.c"
4270 break;
4271
4272 case 346:
4273 #line 1035 "util/configparser.y"
4439 #line 4441 "util/configparser.c"
4440 break;
4441
4442 case 366:
4443 #line 1097 "util/configparser.y"
42744444 {
42754445 OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str)));
42764446 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
42784448 else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0);
42794449 free((yyvsp[0].str));
42804450 }
4281 #line 4283 "util/configparser.c"
4282 break;
4283
4284 case 347:
4285 #line 1043 "util/configparser.y"
4451 #line 4453 "util/configparser.c"
4452 break;
4453
4454 case 367:
4455 #line 1105 "util/configparser.y"
42864456 {
42874457 OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str)));
42884458 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
42904460 else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0);
42914461 free((yyvsp[0].str));
42924462 }
4293 #line 4295 "util/configparser.c"
4294 break;
4295
4296 case 348:
4297 #line 1051 "util/configparser.y"
4463 #line 4465 "util/configparser.c"
4464 break;
4465
4466 case 368:
4467 #line 1113 "util/configparser.y"
42984468 {
42994469 OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str)));
43004470 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
43024472 else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0);
43034473 free((yyvsp[0].str));
43044474 }
4305 #line 4307 "util/configparser.c"
4306 break;
4307
4308 case 349:
4309 #line 1060 "util/configparser.y"
4475 #line 4477 "util/configparser.c"
4476 break;
4477
4478 case 369:
4479 #line 1122 "util/configparser.y"
43104480 {
43114481 OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str)));
43124482 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
43144484 else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0);
43154485 free((yyvsp[0].str));
43164486 }
4317 #line 4319 "util/configparser.c"
4318 break;
4319
4320 case 350:
4321 #line 1069 "util/configparser.y"
4487 #line 4489 "util/configparser.c"
4488 break;
4489
4490 case 370:
4491 #line 1131 "util/configparser.y"
43224492 {
43234493 OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str)));
43244494 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
43314501 #endif
43324502 free((yyvsp[0].str));
43334503 }
4334 #line 4336 "util/configparser.c"
4335 break;
4336
4337 case 351:
4338 #line 1083 "util/configparser.y"
4504 #line 4506 "util/configparser.c"
4505 break;
4506
4507 case 371:
4508 #line 1145 "util/configparser.y"
43394509 {
43404510 OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str)));
43414511 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
43434513 else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0);
43444514 free((yyvsp[0].str));
43454515 }
4346 #line 4348 "util/configparser.c"
4347 break;
4348
4349 case 352:
4350 #line 1092 "util/configparser.y"
4516 #line 4518 "util/configparser.c"
4517 break;
4518
4519 case 372:
4520 #line 1154 "util/configparser.y"
43514521 {
43524522 OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str)));
43534523 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
43554525 else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0);
43564526 free((yyvsp[0].str));
43574527 }
4358 #line 4360 "util/configparser.c"
4359 break;
4360
4361 case 353:
4362 #line 1101 "util/configparser.y"
4363 {
4364 OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str)));
4365 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4366 yyerror("expected yes or no.");
4367 else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0);
4368 free((yyvsp[0].str));
4369 }
4370 #line 4372 "util/configparser.c"
4371 break;
4372
4373 case 354:
4374 #line 1110 "util/configparser.y"
4375 {
4376 OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str)));
4377 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4378 yyerror("expected yes or no.");
4379 else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0);
4380 free((yyvsp[0].str));
4381 }
4382 #line 4384 "util/configparser.c"
4383 break;
4384
4385 case 355:
4386 #line 1119 "util/configparser.y"
4528 #line 4530 "util/configparser.c"
4529 break;
4530
4531 case 373:
4532 #line 1163 "util/configparser.y"
4533 {
4534 OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str)));
4535 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4536 yyerror("expected yes or no.");
4537 else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0);
4538 free((yyvsp[0].str));
4539 }
4540 #line 4542 "util/configparser.c"
4541 break;
4542
4543 case 374:
4544 #line 1172 "util/configparser.y"
4545 {
4546 OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str)));
4547 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4548 yyerror("expected yes or no.");
4549 else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0);
4550 free((yyvsp[0].str));
4551 }
4552 #line 4554 "util/configparser.c"
4553 break;
4554
4555 case 375:
4556 #line 1181 "util/configparser.y"
43874557 {
43884558 OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str)));
43894559 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
43914561 else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0);
43924562 free((yyvsp[0].str));
43934563 }
4394 #line 4396 "util/configparser.c"
4395 break;
4396
4397 case 356:
4398 #line 1128 "util/configparser.y"
4399 {
4400 OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str)));
4401 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4402 yyerror("expected yes or no.");
4403 else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0);
4404 free((yyvsp[0].str));
4405 }
4406 #line 4408 "util/configparser.c"
4407 break;
4408
4409 case 357:
4410 #line 1137 "util/configparser.y"
4564 #line 4566 "util/configparser.c"
4565 break;
4566
4567 case 376:
4568 #line 1190 "util/configparser.y"
4569 {
4570 OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str)));
4571 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4572 yyerror("expected yes or no.");
4573 else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0);
4574 free((yyvsp[0].str));
4575 }
4576 #line 4578 "util/configparser.c"
4577 break;
4578
4579 case 377:
4580 #line 1199 "util/configparser.y"
44114581 {
44124582 OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str)));
44134583 free(cfg_parser->cfg->chrootdir);
44144584 cfg_parser->cfg->chrootdir = (yyvsp[0].str);
44154585 }
4416 #line 4418 "util/configparser.c"
4417 break;
4418
4419 case 358:
4420 #line 1144 "util/configparser.y"
4586 #line 4588 "util/configparser.c"
4587 break;
4588
4589 case 378:
4590 #line 1206 "util/configparser.y"
44214591 {
44224592 OUTYY(("P(server_username:%s)\n", (yyvsp[0].str)));
44234593 free(cfg_parser->cfg->username);
44244594 cfg_parser->cfg->username = (yyvsp[0].str);
44254595 }
4426 #line 4428 "util/configparser.c"
4427 break;
4428
4429 case 359:
4430 #line 1151 "util/configparser.y"
4596 #line 4598 "util/configparser.c"
4597 break;
4598
4599 case 379:
4600 #line 1213 "util/configparser.y"
44314601 {
44324602 OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str)));
44334603 free(cfg_parser->cfg->directory);
44464616 cfg_parser->chroot)) == 0)
44474617 d += strlen(cfg_parser->chroot);
44484618 if(d[0]) {
4449 if(chdir(d))
4619 if(chdir(d))
44504620 log_err("cannot chdir to directory: %s (%s)",
44514621 d, strerror(errno));
44524622 }
44534623 }
44544624 }
4455 #line 4457 "util/configparser.c"
4456 break;
4457
4458 case 360:
4459 #line 1177 "util/configparser.y"
4625 #line 4627 "util/configparser.c"
4626 break;
4627
4628 case 380:
4629 #line 1239 "util/configparser.y"
44604630 {
44614631 OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str)));
44624632 free(cfg_parser->cfg->logfile);
44634633 cfg_parser->cfg->logfile = (yyvsp[0].str);
44644634 cfg_parser->cfg->use_syslog = 0;
44654635 }
4466 #line 4468 "util/configparser.c"
4467 break;
4468
4469 case 361:
4470 #line 1185 "util/configparser.y"
4636 #line 4638 "util/configparser.c"
4637 break;
4638
4639 case 381:
4640 #line 1247 "util/configparser.y"
44714641 {
44724642 OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str)));
44734643 free(cfg_parser->cfg->pidfile);
44744644 cfg_parser->cfg->pidfile = (yyvsp[0].str);
44754645 }
4476 #line 4478 "util/configparser.c"
4477 break;
4478
4479 case 362:
4480 #line 1192 "util/configparser.y"
4646 #line 4648 "util/configparser.c"
4647 break;
4648
4649 case 382:
4650 #line 1254 "util/configparser.y"
44814651 {
44824652 OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str)));
44834653 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str)))
44844654 yyerror("out of memory");
44854655 }
4486 #line 4488 "util/configparser.c"
4487 break;
4488
4489 case 363:
4490 #line 1199 "util/configparser.y"
4656 #line 4658 "util/configparser.c"
4657 break;
4658
4659 case 383:
4660 #line 1261 "util/configparser.y"
44914661 {
44924662 OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str)));
44934663 log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
44944664 free((yyvsp[0].str));
44954665 }
4496 #line 4498 "util/configparser.c"
4497 break;
4498
4499 case 364:
4500 #line 1206 "util/configparser.y"
4666 #line 4668 "util/configparser.c"
4667 break;
4668
4669 case 384:
4670 #line 1268 "util/configparser.y"
45014671 {
45024672 OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str)));
45034673 log_warn("option dlv-anchor ignored: DLV is decommissioned");
45044674 free((yyvsp[0].str));
45054675 }
4506 #line 4508 "util/configparser.c"
4507 break;
4508
4509 case 365:
4510 #line 1213 "util/configparser.y"
4676 #line 4678 "util/configparser.c"
4677 break;
4678
4679 case 385:
4680 #line 1275 "util/configparser.y"
45114681 {
45124682 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str)));
45134683 if(!cfg_strlist_insert(&cfg_parser->cfg->
45144684 auto_trust_anchor_file_list, (yyvsp[0].str)))
45154685 yyerror("out of memory");
45164686 }
4517 #line 4519 "util/configparser.c"
4518 break;
4519
4520 case 366:
4521 #line 1221 "util/configparser.y"
4687 #line 4689 "util/configparser.c"
4688 break;
4689
4690 case 386:
4691 #line 1283 "util/configparser.y"
45224692 {
45234693 OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str)));
45244694 if(!cfg_strlist_insert(&cfg_parser->cfg->
45254695 trust_anchor_file_list, (yyvsp[0].str)))
45264696 yyerror("out of memory");
45274697 }
4528 #line 4530 "util/configparser.c"
4529 break;
4530
4531 case 367:
4532 #line 1229 "util/configparser.y"
4698 #line 4700 "util/configparser.c"
4699 break;
4700
4701 case 387:
4702 #line 1291 "util/configparser.y"
45334703 {
45344704 OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str)));
45354705 if(!cfg_strlist_insert(&cfg_parser->cfg->
45364706 trusted_keys_file_list, (yyvsp[0].str)))
45374707 yyerror("out of memory");
45384708 }
4539 #line 4541 "util/configparser.c"
4540 break;
4541
4542 case 368:
4543 #line 1237 "util/configparser.y"
4709 #line 4711 "util/configparser.c"
4710 break;
4711
4712 case 388:
4713 #line 1299 "util/configparser.y"
45444714 {
45454715 OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str)));
45464716 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str)))
45474717 yyerror("out of memory");
45484718 }
4549 #line 4551 "util/configparser.c"
4550 break;
4551
4552 case 369:
4553 #line 1244 "util/configparser.y"
4719 #line 4721 "util/configparser.c"
4720 break;
4721
4722 case 389:
4723 #line 1306 "util/configparser.y"
45544724 {
45554725 OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str)));
45564726 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
45604730 (strcmp((yyvsp[0].str), "yes")==0);
45614731 free((yyvsp[0].str));
45624732 }
4563 #line 4565 "util/configparser.c"
4564 break;
4565
4566 case 370:
4567 #line 1255 "util/configparser.y"
4733 #line 4735 "util/configparser.c"
4734 break;
4735
4736 case 390:
4737 #line 1317 "util/configparser.y"
45684738 {
45694739 OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str)));
45704740 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
45744744 (strcmp((yyvsp[0].str), "yes")==0);
45754745 free((yyvsp[0].str));
45764746 }
4577 #line 4579 "util/configparser.c"
4578 break;
4579
4580 case 371:
4581 #line 1266 "util/configparser.y"
4747 #line 4749 "util/configparser.c"
4748 break;
4749
4750 case 391:
4751 #line 1328 "util/configparser.y"
45824752 {
45834753 OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str)));
45844754 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str)))
45854755 yyerror("out of memory");
45864756 }
4587 #line 4589 "util/configparser.c"
4588 break;
4589
4590 case 372:
4591 #line 1273 "util/configparser.y"
4757 #line 4759 "util/configparser.c"
4758 break;
4759
4760 case 392:
4761 #line 1335 "util/configparser.y"
45924762 {
45934763 OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str)));
45944764 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
45964766 else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0);
45974767 free((yyvsp[0].str));
45984768 }
4599 #line 4601 "util/configparser.c"
4600 break;
4601
4602 case 373:
4603 #line 1282 "util/configparser.y"
4769 #line 4771 "util/configparser.c"
4770 break;
4771
4772 case 393:
4773 #line 1344 "util/configparser.y"
46044774 {
46054775 OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str)));
46064776 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
46084778 else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0);
46094779 free((yyvsp[0].str));
46104780 }
4611 #line 4613 "util/configparser.c"
4612 break;
4613
4614 case 374:
4615 #line 1291 "util/configparser.y"
4781 #line 4783 "util/configparser.c"
4782 break;
4783
4784 case 394:
4785 #line 1353 "util/configparser.y"
46164786 {
46174787 OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str)));
46184788 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
46204790 else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0);
46214791 free((yyvsp[0].str));
46224792 }
4623 #line 4625 "util/configparser.c"
4624 break;
4625
4626 case 375:
4627 #line 1300 "util/configparser.y"
4793 #line 4795 "util/configparser.c"
4794 break;
4795
4796 case 395:
4797 #line 1362 "util/configparser.y"
4798 {
4799 OUTYY(("P(server_hide_user_agent:%s)\n", (yyvsp[0].str)));
4800 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4801 yyerror("expected yes or no.");
4802 else cfg_parser->cfg->hide_http_user_agent = (strcmp((yyvsp[0].str), "yes")==0);
4803 free((yyvsp[0].str));
4804 }
4805 #line 4807 "util/configparser.c"
4806 break;
4807
4808 case 396:
4809 #line 1371 "util/configparser.y"
46284810 {
46294811 OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str)));
46304812 free(cfg_parser->cfg->identity);
46314813 cfg_parser->cfg->identity = (yyvsp[0].str);
46324814 }
4633 #line 4635 "util/configparser.c"
4634 break;
4635
4636 case 376:
4637 #line 1307 "util/configparser.y"
4815 #line 4817 "util/configparser.c"
4816 break;
4817
4818 case 397:
4819 #line 1378 "util/configparser.y"
46384820 {
46394821 OUTYY(("P(server_version:%s)\n", (yyvsp[0].str)));
46404822 free(cfg_parser->cfg->version);
46414823 cfg_parser->cfg->version = (yyvsp[0].str);
46424824 }
4643 #line 4645 "util/configparser.c"
4644 break;
4645
4646 case 377:
4647 #line 1314 "util/configparser.y"
4825 #line 4827 "util/configparser.c"
4826 break;
4827
4828 case 398:
4829 #line 1385 "util/configparser.y"
4830 {
4831 OUTYY(("P(server_http_user_agent:%s)\n", (yyvsp[0].str)));
4832 free(cfg_parser->cfg->http_user_agent);
4833 cfg_parser->cfg->http_user_agent = (yyvsp[0].str);
4834 }
4835 #line 4837 "util/configparser.c"
4836 break;
4837
4838 case 399:
4839 #line 1392 "util/configparser.y"
46484840 {
46494841 OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str)));
46504842 free(cfg_parser->cfg->nsid_cfg_str);
46594851 yyerror("the NSID must be either a hex string or an "
46604852 "ascii character string prepended with ascii_.");
46614853 }
4662 #line 4664 "util/configparser.c"
4663 break;
4664
4665 case 378:
4666 #line 1330 "util/configparser.y"
4854 #line 4856 "util/configparser.c"
4855 break;
4856
4857 case 400:
4858 #line 1408 "util/configparser.y"
46674859 {
46684860 OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str)));
46694861 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf))
46704862 yyerror("buffer size expected");
46714863 free((yyvsp[0].str));
46724864 }
4673 #line 4675 "util/configparser.c"
4674 break;
4675
4676 case 379:
4677 #line 1338 "util/configparser.y"
4865 #line 4867 "util/configparser.c"
4866 break;
4867
4868 case 401:
4869 #line 1416 "util/configparser.y"
46784870 {
46794871 OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str)));
46804872 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf))
46814873 yyerror("buffer size expected");
46824874 free((yyvsp[0].str));
46834875 }
4684 #line 4686 "util/configparser.c"
4685 break;
4686
4687 case 380:
4688 #line 1346 "util/configparser.y"
4689 {
4690 OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str)));
4691 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4692 yyerror("expected yes or no.");
4693 else cfg_parser->cfg->so_reuseport =
4694 (strcmp((yyvsp[0].str), "yes")==0);
4695 free((yyvsp[0].str));
4696 }
4697 #line 4699 "util/configparser.c"
4698 break;
4699
4700 case 381:
4701 #line 1356 "util/configparser.y"
4702 {
4703 OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str)));
4704 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4705 yyerror("expected yes or no.");
4706 else cfg_parser->cfg->ip_transparent =
4707 (strcmp((yyvsp[0].str), "yes")==0);
4708 free((yyvsp[0].str));
4709 }
4710 #line 4712 "util/configparser.c"
4711 break;
4712
4713 case 382:
4714 #line 1366 "util/configparser.y"
4715 {
4716 OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str)));
4717 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4718 yyerror("expected yes or no.");
4719 else cfg_parser->cfg->ip_freebind =
4720 (strcmp((yyvsp[0].str), "yes")==0);
4721 free((yyvsp[0].str));
4722 }
4723 #line 4725 "util/configparser.c"
4724 break;
4725
4726 case 383:
4727 #line 1376 "util/configparser.y"
4876 #line 4878 "util/configparser.c"
4877 break;
4878
4879 case 402:
4880 #line 1424 "util/configparser.y"
4881 {
4882 OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str)));
4883 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4884 yyerror("expected yes or no.");
4885 else cfg_parser->cfg->so_reuseport =
4886 (strcmp((yyvsp[0].str), "yes")==0);
4887 free((yyvsp[0].str));
4888 }
4889 #line 4891 "util/configparser.c"
4890 break;
4891
4892 case 403:
4893 #line 1434 "util/configparser.y"
4894 {
4895 OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str)));
4896 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4897 yyerror("expected yes or no.");
4898 else cfg_parser->cfg->ip_transparent =
4899 (strcmp((yyvsp[0].str), "yes")==0);
4900 free((yyvsp[0].str));
4901 }
4902 #line 4904 "util/configparser.c"
4903 break;
4904
4905 case 404:
4906 #line 1444 "util/configparser.y"
4907 {
4908 OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str)));
4909 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
4910 yyerror("expected yes or no.");
4911 else cfg_parser->cfg->ip_freebind =
4912 (strcmp((yyvsp[0].str), "yes")==0);
4913 free((yyvsp[0].str));
4914 }
4915 #line 4917 "util/configparser.c"
4916 break;
4917
4918 case 405:
4919 #line 1454 "util/configparser.y"
47284920 {
47294921 OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str)));
47304922 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
47374929 cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str));
47384930 free((yyvsp[0].str));
47394931 }
4740 #line 4742 "util/configparser.c"
4741 break;
4742
4743 case 384:
4744 #line 1390 "util/configparser.y"
4932 #line 4934 "util/configparser.c"
4933 break;
4934
4935 case 406:
4936 #line 1468 "util/configparser.y"
47454937 {
47464938 OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str)));
47474939 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size))
47484940 yyerror("memory size expected");
47494941 free((yyvsp[0].str));
47504942 }
4751 #line 4753 "util/configparser.c"
4752 break;
4753
4754 case 385:
4755 #line 1398 "util/configparser.y"
4943 #line 4945 "util/configparser.c"
4944 break;
4945
4946 case 407:
4947 #line 1476 "util/configparser.y"
47564948 {
47574949 OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str)));
47584950 if(atoi((yyvsp[0].str)) == 0)
47644956 else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str));
47654957 free((yyvsp[0].str));
47664958 }
4767 #line 4769 "util/configparser.c"
4768 break;
4769
4770 case 386:
4771 #line 1411 "util/configparser.y"
4959 #line 4961 "util/configparser.c"
4960 break;
4961
4962 case 408:
4963 #line 1489 "util/configparser.y"
47724964 {
47734965 OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str)));
47744966 if(atoi((yyvsp[0].str)) == 0)
47784970 else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str));
47794971 free((yyvsp[0].str));
47804972 }
4781 #line 4783 "util/configparser.c"
4782 break;
4783
4784 case 387:
4785 #line 1422 "util/configparser.y"
4973 #line 4975 "util/configparser.c"
4974 break;
4975
4976 case 409:
4977 #line 1500 "util/configparser.y"
47864978 {
47874979 OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str)));
47884980 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size))
47894981 yyerror("memory size expected");
47904982 free((yyvsp[0].str));
47914983 }
4792 #line 4794 "util/configparser.c"
4793 break;
4794
4795 case 388:
4796 #line 1430 "util/configparser.y"
4984 #line 4986 "util/configparser.c"
4985 break;
4986
4987 case 410:
4988 #line 1508 "util/configparser.y"
47974989 {
47984990 OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str)));
4799 if(atoi((yyvsp[0].str)) == 0)
4991 if(atoi((yyvsp[0].str)) == 0) {
48004992 yyerror("number expected");
4801 else {
4993 } else {
48024994 cfg_parser->cfg->msg_cache_slabs = atoi((yyvsp[0].str));
48034995 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
48044996 yyerror("must be a power of 2");
48054997 }
48064998 free((yyvsp[0].str));
48074999 }
4808 #line 4810 "util/configparser.c"
4809 break;
4810
4811 case 389:
4812 #line 1443 "util/configparser.y"
5000 #line 5002 "util/configparser.c"
5001 break;
5002
5003 case 411:
5004 #line 1521 "util/configparser.y"
48135005 {
48145006 OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str)));
48155007 if(atoi((yyvsp[0].str)) == 0)
48175009 else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str));
48185010 free((yyvsp[0].str));
48195011 }
4820 #line 4822 "util/configparser.c"
4821 break;
4822
4823 case 390:
4824 #line 1452 "util/configparser.y"
5012 #line 5014 "util/configparser.c"
5013 break;
5014
5015 case 412:
5016 #line 1530 "util/configparser.y"
48255017 {
48265018 OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str)));
48275019 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
48295021 else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str));
48305022 free((yyvsp[0].str));
48315023 }
4832 #line 4834 "util/configparser.c"
4833 break;
4834
4835 case 391:
4836 #line 1461 "util/configparser.y"
5024 #line 5026 "util/configparser.c"
5025 break;
5026
5027 case 413:
5028 #line 1539 "util/configparser.y"
48375029 {
48385030 OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str)));
48395031 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
48415033 else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str));
48425034 free((yyvsp[0].str));
48435035 }
4844 #line 4846 "util/configparser.c"
4845 break;
4846
4847 case 392:
4848 #line 1470 "util/configparser.y"
5036 #line 5038 "util/configparser.c"
5037 break;
5038
5039 case 414:
5040 #line 1548 "util/configparser.y"
48495041 {
48505042 OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str)));
48515043 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
48535045 else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0);
48545046 free((yyvsp[0].str));
48555047 }
4856 #line 4858 "util/configparser.c"
4857 break;
4858
4859 case 393:
4860 #line 1479 "util/configparser.y"
5048 #line 5050 "util/configparser.c"
5049 break;
5050
5051 case 415:
5052 #line 1557 "util/configparser.y"
48615053 {
48625054 OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str)));
48635055 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
48645056 yyerror("expected yes or no.");
4865 else cfg_parser->cfg->unblock_lan_zones =
5057 else cfg_parser->cfg->unblock_lan_zones =
48665058 (strcmp((yyvsp[0].str), "yes")==0);
48675059 free((yyvsp[0].str));
48685060 }
4869 #line 4871 "util/configparser.c"
4870 break;
4871
4872 case 394:
4873 #line 1489 "util/configparser.y"
5061 #line 5063 "util/configparser.c"
5062 break;
5063
5064 case 416:
5065 #line 1567 "util/configparser.y"
48745066 {
48755067 OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str)));
48765068 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
48775069 yyerror("expected yes or no.");
4878 else cfg_parser->cfg->insecure_lan_zones =
5070 else cfg_parser->cfg->insecure_lan_zones =
48795071 (strcmp((yyvsp[0].str), "yes")==0);
48805072 free((yyvsp[0].str));
48815073 }
4882 #line 4884 "util/configparser.c"
4883 break;
4884
4885 case 395:
4886 #line 1499 "util/configparser.y"
5074 #line 5076 "util/configparser.c"
5075 break;
5076
5077 case 417:
5078 #line 1577 "util/configparser.y"
48875079 {
48885080 OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str)));
48895081 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size))
48905082 yyerror("memory size expected");
48915083 free((yyvsp[0].str));
48925084 }
4893 #line 4895 "util/configparser.c"
4894 break;
4895
4896 case 396:
4897 #line 1507 "util/configparser.y"
5085 #line 5087 "util/configparser.c"
5086 break;
5087
5088 case 418:
5089 #line 1585 "util/configparser.y"
48985090 {
48995091 OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str)));
4900 if(atoi((yyvsp[0].str)) == 0)
5092 if(atoi((yyvsp[0].str)) == 0) {
49015093 yyerror("number expected");
4902 else {
5094 } else {
49035095 cfg_parser->cfg->rrset_cache_slabs = atoi((yyvsp[0].str));
49045096 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
49055097 yyerror("must be a power of 2");
49065098 }
49075099 free((yyvsp[0].str));
49085100 }
4909 #line 4911 "util/configparser.c"
4910 break;
4911
4912 case 397:
4913 #line 1520 "util/configparser.y"
5101 #line 5103 "util/configparser.c"
5102 break;
5103
5104 case 419:
5105 #line 1598 "util/configparser.y"
49145106 {
49155107 OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str)));
49165108 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
49185110 else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str));
49195111 free((yyvsp[0].str));
49205112 }
4921 #line 4923 "util/configparser.c"
4922 break;
4923
4924 case 398:
4925 #line 1529 "util/configparser.y"
5113 #line 5115 "util/configparser.c"
5114 break;
5115
5116 case 420:
5117 #line 1607 "util/configparser.y"
49265118 {
49275119 OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str)));
49285120 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
49295121 "removed, use infra-host-ttl)", (yyvsp[0].str));
49305122 free((yyvsp[0].str));
49315123 }
4932 #line 4934 "util/configparser.c"
4933 break;
4934
4935 case 399:
4936 #line 1537 "util/configparser.y"
5124 #line 5126 "util/configparser.c"
5125 break;
5126
5127 case 421:
5128 #line 1615 "util/configparser.y"
49375129 {
49385130 OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str)));
49395131 if(atoi((yyvsp[0].str)) == 0)
49415133 else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str));
49425134 free((yyvsp[0].str));
49435135 }
4944 #line 4946 "util/configparser.c"
4945 break;
4946
4947 case 400:
4948 #line 1546 "util/configparser.y"
5136 #line 5138 "util/configparser.c"
5137 break;
5138
5139 case 422:
5140 #line 1624 "util/configparser.y"
49495141 {
49505142 OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str)));
49515143 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
49525144 "(option removed, use infra-cache-numhosts)", (yyvsp[0].str));
49535145 free((yyvsp[0].str));
49545146 }
4955 #line 4957 "util/configparser.c"
4956 break;
4957
4958 case 401:
4959 #line 1554 "util/configparser.y"
5147 #line 5149 "util/configparser.c"
5148 break;
5149
5150 case 423:
5151 #line 1632 "util/configparser.y"
49605152 {
49615153 OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str)));
4962 if(atoi((yyvsp[0].str)) == 0)
5154 if(atoi((yyvsp[0].str)) == 0) {
49635155 yyerror("number expected");
4964 else {
5156 } else {
49655157 cfg_parser->cfg->infra_cache_slabs = atoi((yyvsp[0].str));
49665158 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
49675159 yyerror("must be a power of 2");
49685160 }
49695161 free((yyvsp[0].str));
49705162 }
4971 #line 4973 "util/configparser.c"
4972 break;
4973
4974 case 402:
4975 #line 1567 "util/configparser.y"
5163 #line 5165 "util/configparser.c"
5164 break;
5165
5166 case 424:
5167 #line 1645 "util/configparser.y"
49765168 {
49775169 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str)));
49785170 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
49805172 else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str));
49815173 free((yyvsp[0].str));
49825174 }
4983 #line 4985 "util/configparser.c"
4984 break;
4985
4986 case 403:
4987 #line 1576 "util/configparser.y"
5175 #line 5177 "util/configparser.c"
5176 break;
5177
5178 case 425:
5179 #line 1654 "util/configparser.y"
49885180 {
49895181 OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str)));
49905182 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
49935185 (strcmp((yyvsp[0].str), "yes")==0);
49945186 free((yyvsp[0].str));
49955187 }
4996 #line 4998 "util/configparser.c"
4997 break;
4998
4999 case 404:
5000 #line 1586 "util/configparser.y"
5188 #line 5190 "util/configparser.c"
5189 break;
5190
5191 case 426:
5192 #line 1664 "util/configparser.y"
50015193 {
50025194 OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str)));
50035195 free(cfg_parser->cfg->target_fetch_policy);
50045196 cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str);
50055197 }
5006 #line 5008 "util/configparser.c"
5007 break;
5008
5009 case 405:
5010 #line 1593 "util/configparser.y"
5198 #line 5200 "util/configparser.c"
5199 break;
5200
5201 case 427:
5202 #line 1671 "util/configparser.y"
50115203 {
50125204 OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str)));
50135205 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
50145206 yyerror("expected yes or no.");
5015 else cfg_parser->cfg->harden_short_bufsize =
5207 else cfg_parser->cfg->harden_short_bufsize =
50165208 (strcmp((yyvsp[0].str), "yes")==0);
50175209 free((yyvsp[0].str));
50185210 }
5019 #line 5021 "util/configparser.c"
5020 break;
5021
5022 case 406:
5023 #line 1603 "util/configparser.y"
5211 #line 5213 "util/configparser.c"
5212 break;
5213
5214 case 428:
5215 #line 1681 "util/configparser.y"
50245216 {
50255217 OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str)));
50265218 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
50275219 yyerror("expected yes or no.");
5028 else cfg_parser->cfg->harden_large_queries =
5220 else cfg_parser->cfg->harden_large_queries =
50295221 (strcmp((yyvsp[0].str), "yes")==0);
50305222 free((yyvsp[0].str));
50315223 }
5032 #line 5034 "util/configparser.c"
5033 break;
5034
5035 case 407:
5036 #line 1613 "util/configparser.y"
5224 #line 5226 "util/configparser.c"
5225 break;
5226
5227 case 429:
5228 #line 1691 "util/configparser.y"
50375229 {
50385230 OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str)));
50395231 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
50405232 yyerror("expected yes or no.");
5041 else cfg_parser->cfg->harden_glue =
5233 else cfg_parser->cfg->harden_glue =
50425234 (strcmp((yyvsp[0].str), "yes")==0);
50435235 free((yyvsp[0].str));
50445236 }
5045 #line 5047 "util/configparser.c"
5046 break;
5047
5048 case 408:
5049 #line 1623 "util/configparser.y"
5237 #line 5239 "util/configparser.c"
5238 break;
5239
5240 case 430:
5241 #line 1701 "util/configparser.y"
50505242 {
50515243 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str)));
50525244 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
50535245 yyerror("expected yes or no.");
5054 else cfg_parser->cfg->harden_dnssec_stripped =
5246 else cfg_parser->cfg->harden_dnssec_stripped =
50555247 (strcmp((yyvsp[0].str), "yes")==0);
50565248 free((yyvsp[0].str));
50575249 }
5058 #line 5060 "util/configparser.c"
5059 break;
5060
5061 case 409:
5062 #line 1633 "util/configparser.y"
5250 #line 5252 "util/configparser.c"
5251 break;
5252
5253 case 431:
5254 #line 1711 "util/configparser.y"
50635255 {
50645256 OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str)));
50655257 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
50665258 yyerror("expected yes or no.");
5067 else cfg_parser->cfg->harden_below_nxdomain =
5259 else cfg_parser->cfg->harden_below_nxdomain =
50685260 (strcmp((yyvsp[0].str), "yes")==0);
50695261 free((yyvsp[0].str));
50705262 }
5071 #line 5073 "util/configparser.c"
5072 break;
5073
5074 case 410:
5075 #line 1643 "util/configparser.y"
5263 #line 5265 "util/configparser.c"
5264 break;
5265
5266 case 432:
5267 #line 1721 "util/configparser.y"
50765268 {
50775269 OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str)));
50785270 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
50795271 yyerror("expected yes or no.");
5080 else cfg_parser->cfg->harden_referral_path =
5272 else cfg_parser->cfg->harden_referral_path =
50815273 (strcmp((yyvsp[0].str), "yes")==0);
50825274 free((yyvsp[0].str));
50835275 }
5084 #line 5086 "util/configparser.c"
5085 break;
5086
5087 case 411:
5088 #line 1653 "util/configparser.y"
5276 #line 5278 "util/configparser.c"
5277 break;
5278
5279 case 433:
5280 #line 1731 "util/configparser.y"
50895281 {
50905282 OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str)));
50915283 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
50925284 yyerror("expected yes or no.");
5093 else cfg_parser->cfg->harden_algo_downgrade =
5285 else cfg_parser->cfg->harden_algo_downgrade =
50945286 (strcmp((yyvsp[0].str), "yes")==0);
50955287 free((yyvsp[0].str));
50965288 }
5097 #line 5099 "util/configparser.c"
5098 break;
5099
5100 case 412:
5101 #line 1663 "util/configparser.y"
5289 #line 5291 "util/configparser.c"
5290 break;
5291
5292 case 434:
5293 #line 1741 "util/configparser.y"
51025294 {
51035295 OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str)));
51045296 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
51055297 yyerror("expected yes or no.");
5106 else cfg_parser->cfg->use_caps_bits_for_id =
5298 else cfg_parser->cfg->use_caps_bits_for_id =
51075299 (strcmp((yyvsp[0].str), "yes")==0);
51085300 free((yyvsp[0].str));
51095301 }
5110 #line 5112 "util/configparser.c"
5111 break;
5112
5113 case 413:
5114 #line 1673 "util/configparser.y"
5302 #line 5304 "util/configparser.c"
5303 break;
5304
5305 case 435:
5306 #line 1751 "util/configparser.y"
51155307 {
51165308 OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str)));
51175309 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str)))
51185310 yyerror("out of memory");
51195311 }
5120 #line 5122 "util/configparser.c"
5121 break;
5122
5123 case 414:
5124 #line 1680 "util/configparser.y"
5312 #line 5314 "util/configparser.c"
5313 break;
5314
5315 case 436:
5316 #line 1758 "util/configparser.y"
51255317 {
51265318 OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str)));
51275319 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str)))
51285320 yyerror("out of memory");
51295321 }
5130 #line 5132 "util/configparser.c"
5131 break;
5132
5133 case 415:
5134 #line 1687 "util/configparser.y"
5322 #line 5324 "util/configparser.c"
5323 break;
5324
5325 case 437:
5326 #line 1765 "util/configparser.y"
51355327 {
51365328 OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str)));
51375329 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str)))
51385330 yyerror("out of memory");
51395331 }
5140 #line 5142 "util/configparser.c"
5141 break;
5142
5143 case 416:
5144 #line 1694 "util/configparser.y"
5332 #line 5334 "util/configparser.c"
5333 break;
5334
5335 case 438:
5336 #line 1772 "util/configparser.y"
51455337 {
51465338 OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str)));
51475339 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
51495341 else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0);
51505342 free((yyvsp[0].str));
51515343 }
5152 #line 5154 "util/configparser.c"
5153 break;
5154
5155 case 417:
5156 #line 1703 "util/configparser.y"
5344 #line 5346 "util/configparser.c"
5345 break;
5346
5347 case 439:
5348 #line 1781 "util/configparser.y"
51575349 {
51585350 OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str)));
51595351 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
51615353 else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0);
51625354 free((yyvsp[0].str));
51635355 }
5164 #line 5166 "util/configparser.c"
5165 break;
5166
5167 case 418:
5168 #line 1712 "util/configparser.y"
5356 #line 5358 "util/configparser.c"
5357 break;
5358
5359 case 440:
5360 #line 1790 "util/configparser.y"
51695361 {
51705362 OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str)));
51715363 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
51735365 else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0);
51745366 free((yyvsp[0].str));
51755367 }
5176 #line 5178 "util/configparser.c"
5177 break;
5178
5179 case 419:
5180 #line 1721 "util/configparser.y"
5368 #line 5370 "util/configparser.c"
5369 break;
5370
5371 case 441:
5372 #line 1799 "util/configparser.y"
51815373 {
51825374 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str)));
51835375 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
51855377 else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str));
51865378 free((yyvsp[0].str));
51875379 }
5188 #line 5190 "util/configparser.c"
5189 break;
5190
5191 case 420:
5192 #line 1730 "util/configparser.y"
5380 #line 5382 "util/configparser.c"
5381 break;
5382
5383 case 442:
5384 #line 1808 "util/configparser.y"
51935385 {
51945386 OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str)));
51955387 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str)))
51965388 yyerror("out of memory");
51975389 }
5198 #line 5200 "util/configparser.c"
5199 break;
5200
5201 case 421:
5202 #line 1737 "util/configparser.y"
5390 #line 5392 "util/configparser.c"
5391 break;
5392
5393 case 443:
5394 #line 1815 "util/configparser.y"
52035395 {
52045396 OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str)));
52055397 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
52065398 yyerror("expected yes or no.");
5207 else cfg_parser->cfg->donotquery_localhost =
5399 else cfg_parser->cfg->donotquery_localhost =
52085400 (strcmp((yyvsp[0].str), "yes")==0);
52095401 free((yyvsp[0].str));
52105402 }
5211 #line 5213 "util/configparser.c"
5212 break;
5213
5214 case 422:
5215 #line 1747 "util/configparser.y"
5403 #line 5405 "util/configparser.c"
5404 break;
5405
5406 case 444:
5407 #line 1825 "util/configparser.y"
52165408 {
52175409 OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
52185410 if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 &&
52195411 strcmp((yyvsp[0].str), "deny_non_local")!=0 &&
52205412 strcmp((yyvsp[0].str), "refuse_non_local")!=0 &&
5221 strcmp((yyvsp[0].str), "allow_setrd")!=0 &&
5222 strcmp((yyvsp[0].str), "allow")!=0 &&
5413 strcmp((yyvsp[0].str), "allow_setrd")!=0 &&
5414 strcmp((yyvsp[0].str), "allow")!=0 &&
52235415 strcmp((yyvsp[0].str), "allow_snoop")!=0) {
52245416 yyerror("expected deny, refuse, deny_non_local, "
52255417 "refuse_non_local, allow, allow_setrd or "
52315423 fatal_exit("out of memory adding acl");
52325424 }
52335425 }
5234 #line 5236 "util/configparser.c"
5235 break;
5236
5237 case 423:
5238 #line 1767 "util/configparser.y"
5426 #line 5428 "util/configparser.c"
5427 break;
5428
5429 case 445:
5430 #line 1845 "util/configparser.y"
52395431 {
52405432 OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str)));
52415433 free(cfg_parser->cfg->module_conf);
52425434 cfg_parser->cfg->module_conf = (yyvsp[0].str);
52435435 }
5244 #line 5246 "util/configparser.c"
5245 break;
5246
5247 case 424:
5248 #line 1774 "util/configparser.y"
5436 #line 5438 "util/configparser.c"
5437 break;
5438
5439 case 446:
5440 #line 1852 "util/configparser.y"
52495441 {
52505442 OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str)));
52515443 if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
52525444 cfg_parser->cfg->val_date_override = 0;
52535445 } else if(strlen((yyvsp[0].str)) == 14) {
5254 cfg_parser->cfg->val_date_override =
5446 cfg_parser->cfg->val_date_override =
52555447 cfg_convert_timeval((yyvsp[0].str));
52565448 if(!cfg_parser->cfg->val_date_override)
52575449 yyerror("bad date/time specification");
52625454 }
52635455 free((yyvsp[0].str));
52645456 }
5265 #line 5267 "util/configparser.c"
5266 break;
5267
5268 case 425:
5269 #line 1792 "util/configparser.y"
5457 #line 5459 "util/configparser.c"
5458 break;
5459
5460 case 447:
5461 #line 1870 "util/configparser.y"
52705462 {
52715463 OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str)));
52725464 if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
52785470 }
52795471 free((yyvsp[0].str));
52805472 }
5281 #line 5283 "util/configparser.c"
5282 break;
5283
5284 case 426:
5285 #line 1805 "util/configparser.y"
5473 #line 5475 "util/configparser.c"
5474 break;
5475
5476 case 448:
5477 #line 1883 "util/configparser.y"
52865478 {
52875479 OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str)));
52885480 if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
52945486 }
52955487 free((yyvsp[0].str));
52965488 }
5297 #line 5299 "util/configparser.c"
5298 break;
5299
5300 case 427:
5301 #line 1818 "util/configparser.y"
5489 #line 5491 "util/configparser.c"
5490 break;
5491
5492 case 449:
5493 #line 1896 "util/configparser.y"
5494 {
5495 OUTYY(("P(server_val_max_restart:%s)\n", (yyvsp[0].str)));
5496 if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
5497 cfg_parser->cfg->val_max_restart = 0;
5498 } else {
5499 cfg_parser->cfg->val_max_restart = atoi((yyvsp[0].str));
5500 if(!cfg_parser->cfg->val_max_restart)
5501 yyerror("number expected");
5502 }
5503 free((yyvsp[0].str));
5504 }
5505 #line 5507 "util/configparser.c"
5506 break;
5507
5508 case 450:
5509 #line 1909 "util/configparser.y"
53025510 {
53035511 OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str)));
53045512 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
53065514 else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str));
53075515 free((yyvsp[0].str));
53085516 }
5309 #line 5311 "util/configparser.c"
5310 break;
5311
5312 case 428:
5313 #line 1827 "util/configparser.y"
5517 #line 5519 "util/configparser.c"
5518 break;
5519
5520 case 451:
5521 #line 1918 "util/configparser.y"
53145522 {
53155523 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str)));
53165524 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
53185526 else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str));
53195527 free((yyvsp[0].str));
53205528 }
5321 #line 5323 "util/configparser.c"
5322 break;
5323
5324 case 429:
5325 #line 1836 "util/configparser.y"
5529 #line 5531 "util/configparser.c"
5530 break;
5531
5532 case 452:
5533 #line 1927 "util/configparser.y"
53265534 {
53275535 OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str)));
53285536 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
53305538 else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str));
53315539 free((yyvsp[0].str));
53325540 }
5333 #line 5335 "util/configparser.c"
5334 break;
5335
5336 case 430:
5337 #line 1845 "util/configparser.y"
5541 #line 5543 "util/configparser.c"
5542 break;
5543
5544 case 453:
5545 #line 1936 "util/configparser.y"
53385546 {
53395547 OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str)));
53405548 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
53425550 else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str));
53435551 free((yyvsp[0].str));
53445552 }
5345 #line 5347 "util/configparser.c"
5346 break;
5347
5348 case 431:
5349 #line 1854 "util/configparser.y"
5553 #line 5555 "util/configparser.c"
5554 break;
5555
5556 case 454:
5557 #line 1945 "util/configparser.y"
53505558 {
53515559 OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str)));
53525560 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
53535561 yyerror("expected yes or no.");
5354 else cfg_parser->cfg->val_clean_additional =
5562 else cfg_parser->cfg->val_clean_additional =
53555563 (strcmp((yyvsp[0].str), "yes")==0);
53565564 free((yyvsp[0].str));
53575565 }
5358 #line 5360 "util/configparser.c"
5359 break;
5360
5361 case 432:
5362 #line 1864 "util/configparser.y"
5566 #line 5568 "util/configparser.c"
5567 break;
5568
5569 case 455:
5570 #line 1955 "util/configparser.y"
53635571 {
53645572 OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str)));
53655573 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
53665574 yyerror("expected yes or no.");
5367 else cfg_parser->cfg->val_permissive_mode =
5575 else cfg_parser->cfg->val_permissive_mode =
53685576 (strcmp((yyvsp[0].str), "yes")==0);
53695577 free((yyvsp[0].str));
53705578 }
5371 #line 5373 "util/configparser.c"
5372 break;
5373
5374 case 433:
5375 #line 1874 "util/configparser.y"
5579 #line 5581 "util/configparser.c"
5580 break;
5581
5582 case 456:
5583 #line 1965 "util/configparser.y"
53765584 {
53775585 OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str)));
53785586 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
53825590 (strcmp((yyvsp[0].str), "yes")==0);
53835591 free((yyvsp[0].str));
53845592 }
5385 #line 5387 "util/configparser.c"
5386 break;
5387
5388 case 434:
5389 #line 1885 "util/configparser.y"
5593 #line 5595 "util/configparser.c"
5594 break;
5595
5596 case 457:
5597 #line 1976 "util/configparser.y"
53905598 {
53915599 OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str)));
53925600 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
53945602 else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0);
53955603 free((yyvsp[0].str));
53965604 }
5397 #line 5399 "util/configparser.c"
5398 break;
5399
5400 case 435:
5401 #line 1894 "util/configparser.y"
5605 #line 5607 "util/configparser.c"
5606 break;
5607
5608 case 458:
5609 #line 1985 "util/configparser.y"
54025610 {
54035611 OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str)));
54045612 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
54065614 else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0);
54075615 free((yyvsp[0].str));
54085616 }
5409 #line 5411 "util/configparser.c"
5410 break;
5411
5412 case 436:
5413 #line 1903 "util/configparser.y"
5617 #line 5619 "util/configparser.c"
5618 break;
5619
5620 case 459:
5621 #line 1994 "util/configparser.y"
54145622 {
54155623 OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str)));
54165624 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
54185626 else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str));
54195627 free((yyvsp[0].str));
54205628 }
5421 #line 5423 "util/configparser.c"
5422 break;
5423
5424 case 437:
5425 #line 1912 "util/configparser.y"
5629 #line 5631 "util/configparser.c"
5630 break;
5631
5632 case 460:
5633 #line 2003 "util/configparser.y"
54265634 {
54275635 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str)));
54285636 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
54305638 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0);
54315639 free((yyvsp[0].str));
54325640 }
5433 #line 5435 "util/configparser.c"
5434 break;
5435
5436 case 438:
5437 #line 1921 "util/configparser.y"
5641 #line 5643 "util/configparser.c"
5642 break;
5643
5644 case 461:
5645 #line 2012 "util/configparser.y"
54385646 {
54395647 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str)));
54405648 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
54425650 else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str));
54435651 free((yyvsp[0].str));
54445652 }
5445 #line 5447 "util/configparser.c"
5446 break;
5447
5448 case 439:
5449 #line 1930 "util/configparser.y"
5653 #line 5655 "util/configparser.c"
5654 break;
5655
5656 case 462:
5657 #line 2021 "util/configparser.y"
54505658 {
54515659 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str)));
54525660 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
54545662 else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str));
54555663 free((yyvsp[0].str));
54565664 }
5457 #line 5459 "util/configparser.c"
5458 break;
5459
5460 case 440:
5461 #line 1939 "util/configparser.y"
5665 #line 5667 "util/configparser.c"
5666 break;
5667
5668 case 463:
5669 #line 2030 "util/configparser.y"
54625670 {
54635671 OUTYY(("P(server_serve_original_ttl:%s)\n", (yyvsp[0].str)));
54645672 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
54665674 else cfg_parser->cfg->serve_original_ttl = (strcmp((yyvsp[0].str), "yes")==0);
54675675 free((yyvsp[0].str));
54685676 }
5469 #line 5471 "util/configparser.c"
5470 break;
5471
5472 case 441:
5473 #line 1948 "util/configparser.y"
5677 #line 5679 "util/configparser.c"
5678 break;
5679
5680 case 464:
5681 #line 2039 "util/configparser.y"
54745682 {
54755683 OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str)));
54765684 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
54825690 #endif
54835691 free((yyvsp[0].str));
54845692 }
5485 #line 5487 "util/configparser.c"
5486 break;
5487
5488 case 442:
5489 #line 1961 "util/configparser.y"
5693 #line 5695 "util/configparser.c"
5694 break;
5695
5696 case 465:
5697 #line 2052 "util/configparser.y"
54905698 {
54915699 OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str)));
54925700 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
54985706 #endif
54995707 free((yyvsp[0].str));
55005708 }
5501 #line 5503 "util/configparser.c"
5502 break;
5503
5504 case 443:
5505 #line 1974 "util/configparser.y"
5709 #line 5711 "util/configparser.c"
5710 break;
5711
5712 case 466:
5713 #line 2065 "util/configparser.y"
55065714 {
55075715 OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str)));
55085716 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
55105718 else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str));
55115719 free((yyvsp[0].str));
55125720 }
5513 #line 5515 "util/configparser.c"
5514 break;
5515
5516 case 444:
5517 #line 1983 "util/configparser.y"
5721 #line 5723 "util/configparser.c"
5722 break;
5723
5724 case 467:
5725 #line 2074 "util/configparser.y"
55185726 {
55195727 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str)));
55205728 free(cfg_parser->cfg->val_nsec3_key_iterations);
55215729 cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str);
55225730 }
5523 #line 5525 "util/configparser.c"
5524 break;
5525
5526 case 445:
5527 #line 1990 "util/configparser.y"
5731 #line 5733 "util/configparser.c"
5732 break;
5733
5734 case 468:
5735 #line 2081 "util/configparser.y"
5736 {
5737 OUTYY(("P(server_zonemd_permissive_mode:%s)\n", (yyvsp[0].str)));
5738 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
5739 yyerror("expected yes or no.");
5740 else cfg_parser->cfg->zonemd_permissive_mode = (strcmp((yyvsp[0].str), "yes")==0);
5741 free((yyvsp[0].str));
5742 }
5743 #line 5745 "util/configparser.c"
5744 break;
5745
5746 case 469:
5747 #line 2090 "util/configparser.y"
55285748 {
55295749 OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str)));
55305750 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
55325752 else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str));
55335753 free((yyvsp[0].str));
55345754 }
5535 #line 5537 "util/configparser.c"
5536 break;
5537
5538 case 446:
5539 #line 1999 "util/configparser.y"
5755 #line 5757 "util/configparser.c"
5756 break;
5757
5758 case 470:
5759 #line 2099 "util/configparser.y"
55405760 {
55415761 OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str)));
55425762 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
55445764 else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str));
55455765 free((yyvsp[0].str));
55465766 }
5547 #line 5549 "util/configparser.c"
5548 break;
5549
5550 case 447:
5551 #line 2008 "util/configparser.y"
5767 #line 5769 "util/configparser.c"
5768 break;
5769
5770 case 471:
5771 #line 2108 "util/configparser.y"
55525772 {
55535773 OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str)));
55545774 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
55565776 else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str));
55575777 free((yyvsp[0].str));
55585778 }
5559 #line 5561 "util/configparser.c"
5560 break;
5561
5562 case 448:
5563 #line 2017 "util/configparser.y"
5779 #line 5781 "util/configparser.c"
5780 break;
5781
5782 case 472:
5783 #line 2117 "util/configparser.y"
55645784 {
55655785 OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str)));
55665786 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
55695789 (strcmp((yyvsp[0].str), "yes")==0);
55705790 free((yyvsp[0].str));
55715791 }
5572 #line 5574 "util/configparser.c"
5573 break;
5574
5575 case 449:
5576 #line 2026 "util/configparser.y"
5792 #line 5794 "util/configparser.c"
5793 break;
5794
5795 case 473:
5796 #line 2126 "util/configparser.y"
55775797 {
55785798 OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str)));
55795799 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size))
55805800 yyerror("memory size expected");
55815801 free((yyvsp[0].str));
55825802 }
5583 #line 5585 "util/configparser.c"
5584 break;
5585
5586 case 450:
5587 #line 2034 "util/configparser.y"
5803 #line 5805 "util/configparser.c"
5804 break;
5805
5806 case 474:
5807 #line 2134 "util/configparser.y"
55885808 {
55895809 OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str)));
5590 if(atoi((yyvsp[0].str)) == 0)
5810 if(atoi((yyvsp[0].str)) == 0) {
55915811 yyerror("number expected");
5592 else {
5812 } else {
55935813 cfg_parser->cfg->key_cache_slabs = atoi((yyvsp[0].str));
55945814 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
55955815 yyerror("must be a power of 2");
55965816 }
55975817 free((yyvsp[0].str));
55985818 }
5599 #line 5601 "util/configparser.c"
5600 break;
5601
5602 case 451:
5603 #line 2047 "util/configparser.y"
5819 #line 5821 "util/configparser.c"
5820 break;
5821
5822 case 475:
5823 #line 2147 "util/configparser.y"
56045824 {
56055825 OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str)));
56065826 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size))
56075827 yyerror("memory size expected");
56085828 free((yyvsp[0].str));
56095829 }
5610 #line 5612 "util/configparser.c"
5611 break;
5612
5613 case 452:
5614 #line 2055 "util/configparser.y"
5830 #line 5832 "util/configparser.c"
5831 break;
5832
5833 case 476:
5834 #line 2155 "util/configparser.y"
56155835 {
56165836 OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
56175837 if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 &&
56505870 free((yyvsp[0].str));
56515871 #endif
56525872 } else {
5653 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
5873 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
56545874 (yyvsp[-1].str), (yyvsp[0].str)))
56555875 fatal_exit("out of memory adding local-zone");
56565876 }
56575877 }
5658 #line 5660 "util/configparser.c"
5659 break;
5660
5661 case 453:
5662 #line 2100 "util/configparser.y"
5878 #line 5880 "util/configparser.c"
5879 break;
5880
5881 case 477:
5882 #line 2200 "util/configparser.y"
56635883 {
56645884 OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str)));
56655885 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str)))
56665886 fatal_exit("out of memory adding local-data");
56675887 }
5668 #line 5670 "util/configparser.c"
5669 break;
5670
5671 case 454:
5672 #line 2107 "util/configparser.y"
5888 #line 5890 "util/configparser.c"
5889 break;
5890
5891 case 478:
5892 #line 2207 "util/configparser.y"
56735893 {
56745894 char* ptr;
56755895 OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str)));
56835903 yyerror("local-data-ptr could not be reversed");
56845904 }
56855905 }
5686 #line 5688 "util/configparser.c"
5687 break;
5688
5689 case 455:
5690 #line 2122 "util/configparser.y"
5906 #line 5908 "util/configparser.c"
5907 break;
5908
5909 case 479:
5910 #line 2222 "util/configparser.y"
56915911 {
56925912 OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str)));
56935913 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
56965916 (strcmp((yyvsp[0].str), "yes")==0);
56975917 free((yyvsp[0].str));
56985918 }
5699 #line 5701 "util/configparser.c"
5700 break;
5701
5702 case 456:
5703 #line 2132 "util/configparser.y"
5919 #line 5921 "util/configparser.c"
5920 break;
5921
5922 case 480:
5923 #line 2232 "util/configparser.y"
57045924 {
57055925 OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str)));
57065926 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
57095929 (strcmp((yyvsp[0].str), "yes")==0);
57105930 free((yyvsp[0].str));
57115931 }
5712 #line 5714 "util/configparser.c"
5713 break;
5714
5715 case 457:
5716 #line 2142 "util/configparser.y"
5932 #line 5934 "util/configparser.c"
5933 break;
5934
5935 case 481:
5936 #line 2242 "util/configparser.y"
57175937 {
57185938 OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str)));
57195939 cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str));
57205940 free((yyvsp[0].str));
57215941 }
5722 #line 5724 "util/configparser.c"
5723 break;
5724
5725 case 458:
5726 #line 2149 "util/configparser.y"
5942 #line 5944 "util/configparser.c"
5943 break;
5944
5945 case 482:
5946 #line 2249 "util/configparser.y"
57275947 {
57285948 OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str)));
57295949 cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str));
57305950 free((yyvsp[0].str));
57315951 }
5732 #line 5734 "util/configparser.c"
5733 break;
5734
5735 case 459:
5736 #line 2156 "util/configparser.y"
5952 #line 5954 "util/configparser.c"
5953 break;
5954
5955 case 483:
5956 #line 2256 "util/configparser.y"
57375957 {
57385958 OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str)));
57395959 free(cfg_parser->cfg->dns64_prefix);
57405960 cfg_parser->cfg->dns64_prefix = (yyvsp[0].str);
57415961 }
5742 #line 5744 "util/configparser.c"
5743 break;
5744
5745 case 460:
5746 #line 2163 "util/configparser.y"
5962 #line 5964 "util/configparser.c"
5963 break;
5964
5965 case 484:
5966 #line 2263 "util/configparser.y"
57475967 {
57485968 OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str)));
57495969 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
57515971 else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0);
57525972 free((yyvsp[0].str));
57535973 }
5754 #line 5756 "util/configparser.c"
5755 break;
5756
5757 case 461:
5758 #line 2172 "util/configparser.y"
5974 #line 5976 "util/configparser.c"
5975 break;
5976
5977 case 485:
5978 #line 2272 "util/configparser.y"
57595979 {
57605980 OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str)));
57615981 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
57625982 (yyvsp[0].str)))
57635983 fatal_exit("out of memory adding dns64-ignore-aaaa");
57645984 }
5765 #line 5767 "util/configparser.c"
5766 break;
5767
5768 case 462:
5769 #line 2180 "util/configparser.y"
5985 #line 5987 "util/configparser.c"
5986 break;
5987
5988 case 486:
5989 #line 2280 "util/configparser.y"
57705990 {
57715991 char* p, *s = (yyvsp[0].str);
57725992 OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str)));
57795999 }
57806000 free((yyvsp[0].str));
57816001 }
5782 #line 5784 "util/configparser.c"
5783 break;
5784
5785 case 463:
5786 #line 2194 "util/configparser.y"
6002 #line 6004 "util/configparser.c"
6003 break;
6004
6005 case 487:
6006 #line 2294 "util/configparser.y"
57876007 {
57886008 size_t len = 0;
57896009 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
58036023 }
58046024 }
58056025 }
5806 #line 5808 "util/configparser.c"
5807 break;
5808
5809 case 464:
5810 #line 2215 "util/configparser.y"
6026 #line 6028 "util/configparser.c"
6027 break;
6028
6029 case 488:
6030 #line 2315 "util/configparser.y"
58116031 {
58126032 size_t len = 0;
58136033 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
58276047 }
58286048 }
58296049 }
5830 #line 5832 "util/configparser.c"
5831 break;
5832
5833 case 465:
5834 #line 2236 "util/configparser.y"
6050 #line 6052 "util/configparser.c"
6051 break;
6052
6053 case 489:
6054 #line 2336 "util/configparser.y"
58356055 {
58366056 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
58376057 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
58426062 free((yyvsp[0].str));
58436063 }
58446064 }
5845 #line 5847 "util/configparser.c"
5846 break;
5847
5848 case 466:
5849 #line 2248 "util/configparser.y"
6065 #line 6067 "util/configparser.c"
6066 break;
6067
6068 case 490:
6069 #line 2348 "util/configparser.y"
58506070 {
58516071 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
58526072 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
58576077 free((yyvsp[0].str));
58586078 }
58596079 }
5860 #line 5862 "util/configparser.c"
5861 break;
5862
5863 case 467:
5864 #line 2260 "util/configparser.y"
6080 #line 6082 "util/configparser.c"
6081 break;
6082
6083 case 491:
6084 #line 2360 "util/configparser.y"
58656085 {
58666086 OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
58676087 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
58726092 free((yyvsp[0].str));
58736093 }
58746094 }
5875 #line 5877 "util/configparser.c"
5876 break;
5877
5878 case 468:
5879 #line 2272 "util/configparser.y"
6095 #line 6097 "util/configparser.c"
6096 break;
6097
6098 case 492:
6099 #line 2372 "util/configparser.y"
58806100 {
58816101 OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
58826102 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
58846104 yyerror("out of memory");
58856105 }
58866106 }
5887 #line 5889 "util/configparser.c"
5888 break;
5889
5890 case 469:
5891 #line 2281 "util/configparser.y"
6107 #line 6109 "util/configparser.c"
6108 break;
6109
6110 case 493:
6111 #line 2381 "util/configparser.y"
58926112 {
58936113 size_t len = 0;
58946114 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
59086128 }
59096129 }
59106130 }
5911 #line 5913 "util/configparser.c"
5912 break;
5913
5914 case 470:
5915 #line 2302 "util/configparser.y"
5916 {
5917 OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str)));
6131 #line 6133 "util/configparser.c"
6132 break;
6133
6134 case 494:
6135 #line 2402 "util/configparser.y"
6136 {
6137 OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str)));
59186138 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
59196139 yyerror("number expected");
59206140 else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str));
59216141 free((yyvsp[0].str));
59226142 }
5923 #line 5925 "util/configparser.c"
5924 break;
5925
5926 case 471:
5927 #line 2312 "util/configparser.y"
5928 {
5929 OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str)));
6143 #line 6145 "util/configparser.c"
6144 break;
6145
6146 case 495:
6147 #line 2411 "util/configparser.y"
6148 {
6149 OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str)));
59306150 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
59316151 yyerror("number expected");
59326152 else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str));
59336153 free((yyvsp[0].str));
59346154 }
5935 #line 5937 "util/configparser.c"
5936 break;
5937
5938 case 472:
5939 #line 2321 "util/configparser.y"
5940 {
5941 OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str)));
5942 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size))
5943 yyerror("memory size expected");
5944 free((yyvsp[0].str));
5945 }
5946 #line 5948 "util/configparser.c"
5947 break;
5948
5949 case 473:
5950 #line 2329 "util/configparser.y"
6155 #line 6157 "util/configparser.c"
6156 break;
6157
6158 case 496:
6159 #line 2420 "util/configparser.y"
6160 {
6161 OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str)));
6162 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size))
6163 yyerror("memory size expected");
6164 free((yyvsp[0].str));
6165 }
6166 #line 6168 "util/configparser.c"
6167 break;
6168
6169 case 497:
6170 #line 2428 "util/configparser.y"
59516171 {
59526172 OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str)));
59536173 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size))
59546174 yyerror("memory size expected");
59556175 free((yyvsp[0].str));
59566176 }
5957 #line 5959 "util/configparser.c"
5958 break;
5959
5960 case 474:
5961 #line 2337 "util/configparser.y"
5962 {
5963 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str)));
5964 if(atoi((yyvsp[0].str)) == 0)
5965 yyerror("number expected");
5966 else {
5967 cfg_parser->cfg->ip_ratelimit_slabs = atoi((yyvsp[0].str));
5968 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
5969 yyerror("must be a power of 2");
5970 }
5971 free((yyvsp[0].str));
5972 }
5973 #line 5975 "util/configparser.c"
5974 break;
5975
5976 case 475:
5977 #line 2350 "util/configparser.y"
6177 #line 6179 "util/configparser.c"
6178 break;
6179
6180 case 498:
6181 #line 2436 "util/configparser.y"
6182 {
6183 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str)));
6184 if(atoi((yyvsp[0].str)) == 0) {
6185 yyerror("number expected");
6186 } else {
6187 cfg_parser->cfg->ip_ratelimit_slabs = atoi((yyvsp[0].str));
6188 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
6189 yyerror("must be a power of 2");
6190 }
6191 free((yyvsp[0].str));
6192 }
6193 #line 6195 "util/configparser.c"
6194 break;
6195
6196 case 499:
6197 #line 2449 "util/configparser.y"
59786198 {
59796199 OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str)));
5980 if(atoi((yyvsp[0].str)) == 0)
6200 if(atoi((yyvsp[0].str)) == 0) {
59816201 yyerror("number expected");
5982 else {
6202 } else {
59836203 cfg_parser->cfg->ratelimit_slabs = atoi((yyvsp[0].str));
59846204 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
59856205 yyerror("must be a power of 2");
59866206 }
59876207 free((yyvsp[0].str));
59886208 }
5989 #line 5991 "util/configparser.c"
5990 break;
5991
5992 case 476:
5993 #line 2363 "util/configparser.y"
6209 #line 6211 "util/configparser.c"
6210 break;
6211
6212 case 500:
6213 #line 2462 "util/configparser.y"
59946214 {
59956215 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
59966216 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
60046224 "ratelimit-for-domain");
60056225 }
60066226 }
6007 #line 6009 "util/configparser.c"
6008 break;
6009
6010 case 477:
6011 #line 2378 "util/configparser.y"
6227 #line 6229 "util/configparser.c"
6228 break;
6229
6230 case 501:
6231 #line 2477 "util/configparser.y"
60126232 {
60136233 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
60146234 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
60226242 "ratelimit-below-domain");
60236243 }
60246244 }
6025 #line 6027 "util/configparser.c"
6026 break;
6027
6028 case 478:
6029 #line 2393 "util/configparser.y"
6030 {
6031 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str)));
6032 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
6033 yyerror("number expected");
6034 else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str));
6035 free((yyvsp[0].str));
6036 }
6037 #line 6039 "util/configparser.c"
6038 break;
6039
6040 case 479:
6041 #line 2402 "util/configparser.y"
6042 {
6043 OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str)));
6245 #line 6247 "util/configparser.c"
6246 break;
6247
6248 case 502:
6249 #line 2492 "util/configparser.y"
6250 {
6251 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str)));
6252 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
6253 yyerror("number expected");
6254 else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str));
6255 free((yyvsp[0].str));
6256 }
6257 #line 6259 "util/configparser.c"
6258 break;
6259
6260 case 503:
6261 #line 2501 "util/configparser.y"
6262 {
6263 OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str)));
60446264 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
60456265 yyerror("number expected");
60466266 else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str));
60476267 free((yyvsp[0].str));
60486268 }
6049 #line 6051 "util/configparser.c"
6050 break;
6051
6052 case 480:
6053 #line 2411 "util/configparser.y"
6054 {
6269 #line 6271 "util/configparser.c"
6270 break;
6271
6272 case 504:
6273 #line 2510 "util/configparser.y"
6274 {
6275 OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", (yyvsp[0].str)));
6276 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
6277 yyerror("expected yes or no.");
6278 else cfg_parser->cfg->ip_ratelimit_backoff =
6279 (strcmp((yyvsp[0].str), "yes")==0);
6280 free((yyvsp[0].str));
6281 }
6282 #line 6284 "util/configparser.c"
6283 break;
6284
6285 case 505:
6286 #line 2520 "util/configparser.y"
6287 {
6288 OUTYY(("P(server_ratelimit_backoff:%s)\n", (yyvsp[0].str)));
6289 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
6290 yyerror("expected yes or no.");
6291 else cfg_parser->cfg->ratelimit_backoff =
6292 (strcmp((yyvsp[0].str), "yes")==0);
6293 free((yyvsp[0].str));
6294 }
6295 #line 6297 "util/configparser.c"
6296 break;
6297
6298 case 506:
6299 #line 2530 "util/configparser.y"
6300 {
6301 OUTYY(("P(server_outbound_msg_retry:%s)\n", (yyvsp[0].str)));
6302 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
6303 yyerror("number expected");
6304 else cfg_parser->cfg->outbound_msg_retry = atoi((yyvsp[0].str));
6305 free((yyvsp[0].str));
6306 }
6307 #line 6309 "util/configparser.c"
6308 break;
6309
6310 case 507:
6311 #line 2539 "util/configparser.y"
6312 {
60556313 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
60566314 free((yyvsp[0].str));
60576315 }
6058 #line 6060 "util/configparser.c"
6059 break;
6060
6061 case 481:
6062 #line 2417 "util/configparser.y"
6063 {
6064 OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str)));
6316 #line 6318 "util/configparser.c"
6317 break;
6318
6319 case 508:
6320 #line 2545 "util/configparser.y"
6321 {
6322 OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str)));
60656323 if(atoi((yyvsp[0].str)) <= 0)
60666324 yyerror("number expected");
60676325 else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str));
60686326 free((yyvsp[0].str));
60696327 }
6070 #line 6072 "util/configparser.c"
6071 break;
6072
6073 case 482:
6074 #line 2426 "util/configparser.y"
6075 {
6076 OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str)));
6328 #line 6330 "util/configparser.c"
6329 break;
6330
6331 case 509:
6332 #line 2554 "util/configparser.y"
6333 {
6334 OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str)));
60776335 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
60786336 yyerror("number expected");
60796337 else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str));
60806338 free((yyvsp[0].str));
60816339 }
6082 #line 6084 "util/configparser.c"
6083 break;
6084
6085 case 483:
6086 #line 2435 "util/configparser.y"
6340 #line 6342 "util/configparser.c"
6341 break;
6342
6343 case 510:
6344 #line 2563 "util/configparser.y"
60876345 {
60886346 OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str)));
60896347 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
60906348 yyerror("expected yes or no.");
6091 else cfg_parser->cfg->qname_minimisation =
6349 else cfg_parser->cfg->qname_minimisation =
60926350 (strcmp((yyvsp[0].str), "yes")==0);
60936351 free((yyvsp[0].str));
60946352 }
6095 #line 6097 "util/configparser.c"
6096 break;
6097
6098 case 484:
6099 #line 2445 "util/configparser.y"
6353 #line 6355 "util/configparser.c"
6354 break;
6355
6356 case 511:
6357 #line 2573 "util/configparser.y"
61006358 {
61016359 OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str)));
61026360 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
61036361 yyerror("expected yes or no.");
6104 else cfg_parser->cfg->qname_minimisation_strict =
6362 else cfg_parser->cfg->qname_minimisation_strict =
61056363 (strcmp((yyvsp[0].str), "yes")==0);
61066364 free((yyvsp[0].str));
61076365 }
6108 #line 6110 "util/configparser.c"
6109 break;
6110
6111 case 485:
6112 #line 2455 "util/configparser.y"
6366 #line 6368 "util/configparser.c"
6367 break;
6368
6369 case 512:
6370 #line 2583 "util/configparser.y"
61136371 {
61146372 OUTYY(("P(server_pad_responses:%s)\n", (yyvsp[0].str)));
61156373 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
61186376 (strcmp((yyvsp[0].str), "yes")==0);
61196377 free((yyvsp[0].str));
61206378 }
6121 #line 6123 "util/configparser.c"
6122 break;
6123
6124 case 486:
6125 #line 2465 "util/configparser.y"
6379 #line 6381 "util/configparser.c"
6380 break;
6381
6382 case 513:
6383 #line 2593 "util/configparser.y"
61266384 {
61276385 OUTYY(("P(server_pad_responses_block_size:%s)\n", (yyvsp[0].str)));
61286386 if(atoi((yyvsp[0].str)) == 0)
61306388 else cfg_parser->cfg->pad_responses_block_size = atoi((yyvsp[0].str));
61316389 free((yyvsp[0].str));
61326390 }
6133 #line 6135 "util/configparser.c"
6134 break;
6135
6136 case 487:
6137 #line 2474 "util/configparser.y"
6391 #line 6393 "util/configparser.c"
6392 break;
6393
6394 case 514:
6395 #line 2602 "util/configparser.y"
61386396 {
61396397 OUTYY(("P(server_pad_queries:%s)\n", (yyvsp[0].str)));
61406398 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
61436401 (strcmp((yyvsp[0].str), "yes")==0);
61446402 free((yyvsp[0].str));
61456403 }
6146 #line 6148 "util/configparser.c"
6147 break;
6148
6149 case 488:
6150 #line 2484 "util/configparser.y"
6404 #line 6406 "util/configparser.c"
6405 break;
6406
6407 case 515:
6408 #line 2612 "util/configparser.y"
61516409 {
61526410 OUTYY(("P(server_pad_queries_block_size:%s)\n", (yyvsp[0].str)));
61536411 if(atoi((yyvsp[0].str)) == 0)
61556413 else cfg_parser->cfg->pad_queries_block_size = atoi((yyvsp[0].str));
61566414 free((yyvsp[0].str));
61576415 }
6158 #line 6160 "util/configparser.c"
6159 break;
6160
6161 case 489:
6162 #line 2493 "util/configparser.y"
6416 #line 6418 "util/configparser.c"
6417 break;
6418
6419 case 516:
6420 #line 2621 "util/configparser.y"
61636421 {
61646422 #ifdef USE_IPSECMOD
61656423 OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str)));
61716429 #endif
61726430 free((yyvsp[0].str));
61736431 }
6174 #line 6176 "util/configparser.c"
6175 break;
6176
6177 case 490:
6178 #line 2506 "util/configparser.y"
6432 #line 6434 "util/configparser.c"
6433 break;
6434
6435 case 517:
6436 #line 2634 "util/configparser.y"
61796437 {
61806438 #ifdef USE_IPSECMOD
61816439 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str)));
61876445 #endif
61886446 free((yyvsp[0].str));
61896447 }
6190 #line 6192 "util/configparser.c"
6191 break;
6192
6193 case 491:
6194 #line 2519 "util/configparser.y"
6448 #line 6450 "util/configparser.c"
6449 break;
6450
6451 case 518:
6452 #line 2647 "util/configparser.y"
61956453 {
61966454 #ifdef USE_IPSECMOD
61976455 OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str)));
62026460 free((yyvsp[0].str));
62036461 #endif
62046462 }
6205 #line 6207 "util/configparser.c"
6206 break;
6207
6208 case 492:
6209 #line 2531 "util/configparser.y"
6463 #line 6465 "util/configparser.c"
6464 break;
6465
6466 case 519:
6467 #line 2659 "util/configparser.y"
62106468 {
62116469 #ifdef USE_IPSECMOD
62126470 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str)));
62196477 free((yyvsp[0].str));
62206478 #endif
62216479 }
6222 #line 6224 "util/configparser.c"
6223 break;
6224
6225 case 493:
6226 #line 2545 "util/configparser.y"
6480 #line 6482 "util/configparser.c"
6481 break;
6482
6483 case 520:
6484 #line 2673 "util/configparser.y"
62276485 {
62286486 #ifdef USE_IPSECMOD
62296487 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str)));
62346492 free((yyvsp[0].str));
62356493 #endif
62366494 }
6237 #line 6239 "util/configparser.c"
6238 break;
6239
6240 case 494:
6241 #line 2557 "util/configparser.y"
6495 #line 6497 "util/configparser.c"
6496 break;
6497
6498 case 521:
6499 #line 2685 "util/configparser.y"
62426500 {
62436501 #ifdef USE_IPSECMOD
62446502 OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str)));
62516509 free((yyvsp[0].str));
62526510 #endif
62536511 }
6254 #line 6256 "util/configparser.c"
6255 break;
6256
6257 case 495:
6258 #line 2571 "util/configparser.y"
6512 #line 6514 "util/configparser.c"
6513 break;
6514
6515 case 522:
6516 #line 2699 "util/configparser.y"
62596517 {
62606518 OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
62616519 if(!cfg_str2list_insert(
62636521 fatal_exit("out of memory adding "
62646522 "edns-client-string");
62656523 }
6266 #line 6268 "util/configparser.c"
6267 break;
6268
6269 case 496:
6270 #line 2580 "util/configparser.y"
6524 #line 6526 "util/configparser.c"
6525 break;
6526
6527 case 523:
6528 #line 2708 "util/configparser.y"
62716529 {
62726530 OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str)));
62736531 if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
62786536 free((yyvsp[0].str));
62796537
62806538 }
6281 #line 6283 "util/configparser.c"
6282 break;
6283
6284 case 497:
6285 #line 2592 "util/configparser.y"
6539 #line 6541 "util/configparser.c"
6540 break;
6541
6542 case 524:
6543 #line 2720 "util/configparser.y"
62866544 {
62876545 OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
62886546 if(cfg_parser->cfg->stubs->name)
62916549 free(cfg_parser->cfg->stubs->name);
62926550 cfg_parser->cfg->stubs->name = (yyvsp[0].str);
62936551 }
6294 #line 6296 "util/configparser.c"
6295 break;
6296
6297 case 498:
6298 #line 2602 "util/configparser.y"
6552 #line 6554 "util/configparser.c"
6553 break;
6554
6555 case 525:
6556 #line 2730 "util/configparser.y"
62996557 {
63006558 OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str)));
63016559 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str)))
63026560 yyerror("out of memory");
63036561 }
6304 #line 6306 "util/configparser.c"
6305 break;
6306
6307 case 499:
6308 #line 2609 "util/configparser.y"
6562 #line 6564 "util/configparser.c"
6563 break;
6564
6565 case 526:
6566 #line 2737 "util/configparser.y"
63096567 {
63106568 OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str)));
63116569 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str)))
63126570 yyerror("out of memory");
63136571 }
6314 #line 6316 "util/configparser.c"
6315 break;
6316
6317 case 500:
6318 #line 2616 "util/configparser.y"
6572 #line 6574 "util/configparser.c"
6573 break;
6574
6575 case 527:
6576 #line 2744 "util/configparser.y"
63196577 {
63206578 OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str)));
63216579 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
63236581 else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
63246582 free((yyvsp[0].str));
63256583 }
6326 #line 6328 "util/configparser.c"
6327 break;
6328
6329 case 501:
6330 #line 2625 "util/configparser.y"
6584 #line 6586 "util/configparser.c"
6585 break;
6586
6587 case 528:
6588 #line 2753 "util/configparser.y"
63316589 {
63326590 OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str)));
63336591 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
63356593 else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0);
63366594 free((yyvsp[0].str));
63376595 }
6338 #line 6340 "util/configparser.c"
6339 break;
6340
6341 case 502:
6342 #line 2634 "util/configparser.y"
6596 #line 6598 "util/configparser.c"
6597 break;
6598
6599 case 529:
6600 #line 2762 "util/configparser.y"
63436601 {
63446602 OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str)));
63456603 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
63466604 yyerror("expected yes or no.");
6347 else cfg_parser->cfg->stubs->ssl_upstream =
6605 else cfg_parser->cfg->stubs->ssl_upstream =
63486606 (strcmp((yyvsp[0].str), "yes")==0);
63496607 free((yyvsp[0].str));
63506608 }
6351 #line 6353 "util/configparser.c"
6352 break;
6353
6354 case 503:
6355 #line 2644 "util/configparser.y"
6609 #line 6611 "util/configparser.c"
6610 break;
6611
6612 case 530:
6613 #line 2772 "util/configparser.y"
6614 {
6615 OUTYY(("P(stub-tcp-upstream:%s)\n", (yyvsp[0].str)));
6616 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
6617 yyerror("expected yes or no.");
6618 else cfg_parser->cfg->stubs->tcp_upstream =
6619 (strcmp((yyvsp[0].str), "yes")==0);
6620 free((yyvsp[0].str));
6621 }
6622 #line 6624 "util/configparser.c"
6623 break;
6624
6625 case 531:
6626 #line 2782 "util/configparser.y"
63566627 {
63576628 OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str)));
63586629 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
63596630 yyerror("expected yes or no.");
6360 else cfg_parser->cfg->stubs->isprime =
6631 else cfg_parser->cfg->stubs->isprime =
63616632 (strcmp((yyvsp[0].str), "yes")==0);
63626633 free((yyvsp[0].str));
63636634 }
6364 #line 6366 "util/configparser.c"
6365 break;
6366
6367 case 504:
6368 #line 2654 "util/configparser.y"
6635 #line 6637 "util/configparser.c"
6636 break;
6637
6638 case 532:
6639 #line 2792 "util/configparser.y"
63696640 {
63706641 OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
63716642 if(cfg_parser->cfg->forwards->name)
63746645 free(cfg_parser->cfg->forwards->name);
63756646 cfg_parser->cfg->forwards->name = (yyvsp[0].str);
63766647 }
6377 #line 6379 "util/configparser.c"
6378 break;
6379
6380 case 505:
6381 #line 2664 "util/configparser.y"
6648 #line 6650 "util/configparser.c"
6649 break;
6650
6651 case 533:
6652 #line 2802 "util/configparser.y"
63826653 {
63836654 OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str)));
63846655 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str)))
63856656 yyerror("out of memory");
63866657 }
6387 #line 6389 "util/configparser.c"
6388 break;
6389
6390 case 506:
6391 #line 2671 "util/configparser.y"
6658 #line 6660 "util/configparser.c"
6659 break;
6660
6661 case 534:
6662 #line 2809 "util/configparser.y"
63926663 {
63936664 OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str)));
63946665 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str)))
63956666 yyerror("out of memory");
63966667 }
6397 #line 6399 "util/configparser.c"
6398 break;
6399
6400 case 507:
6401 #line 2678 "util/configparser.y"
6668 #line 6670 "util/configparser.c"
6669 break;
6670
6671 case 535:
6672 #line 2816 "util/configparser.y"
64026673 {
64036674 OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str)));
64046675 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
64066677 else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
64076678 free((yyvsp[0].str));
64086679 }
6409 #line 6411 "util/configparser.c"
6410 break;
6411
6412 case 508:
6413 #line 2687 "util/configparser.y"
6680 #line 6682 "util/configparser.c"
6681 break;
6682
6683 case 536:
6684 #line 2825 "util/configparser.y"
64146685 {
64156686 OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str)));
64166687 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
64186689 else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0);
64196690 free((yyvsp[0].str));
64206691 }
6421 #line 6423 "util/configparser.c"
6422 break;
6423
6424 case 509:
6425 #line 2696 "util/configparser.y"
6692 #line 6694 "util/configparser.c"
6693 break;
6694
6695 case 537:
6696 #line 2834 "util/configparser.y"
64266697 {
64276698 OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str)));
64286699 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
64296700 yyerror("expected yes or no.");
6430 else cfg_parser->cfg->forwards->ssl_upstream =
6701 else cfg_parser->cfg->forwards->ssl_upstream =
64316702 (strcmp((yyvsp[0].str), "yes")==0);
64326703 free((yyvsp[0].str));
64336704 }
6434 #line 6436 "util/configparser.c"
6435 break;
6436
6437 case 510:
6438 #line 2706 "util/configparser.y"
6705 #line 6707 "util/configparser.c"
6706 break;
6707
6708 case 538:
6709 #line 2844 "util/configparser.y"
6710 {
6711 OUTYY(("P(forward-tcp-upstream:%s)\n", (yyvsp[0].str)));
6712 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
6713 yyerror("expected yes or no.");
6714 else cfg_parser->cfg->forwards->tcp_upstream =
6715 (strcmp((yyvsp[0].str), "yes")==0);
6716 free((yyvsp[0].str));
6717 }
6718 #line 6720 "util/configparser.c"
6719 break;
6720
6721 case 539:
6722 #line 2854 "util/configparser.y"
64396723 {
64406724 OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
64416725 if(cfg_parser->cfg->auths->name)
64446728 free(cfg_parser->cfg->auths->name);
64456729 cfg_parser->cfg->auths->name = (yyvsp[0].str);
64466730 }
6447 #line 6449 "util/configparser.c"
6448 break;
6449
6450 case 511:
6451 #line 2716 "util/configparser.y"
6731 #line 6733 "util/configparser.c"
6732 break;
6733
6734 case 540:
6735 #line 2864 "util/configparser.y"
64526736 {
64536737 OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str)));
64546738 free(cfg_parser->cfg->auths->zonefile);
64556739 cfg_parser->cfg->auths->zonefile = (yyvsp[0].str);
64566740 }
6457 #line 6459 "util/configparser.c"
6458 break;
6459
6460 case 512:
6461 #line 2723 "util/configparser.y"
6741 #line 6743 "util/configparser.c"
6742 break;
6743
6744 case 541:
6745 #line 2871 "util/configparser.y"
64626746 {
64636747 OUTYY(("P(master:%s)\n", (yyvsp[0].str)));
64646748 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str)))
64656749 yyerror("out of memory");
64666750 }
6467 #line 6469 "util/configparser.c"
6468 break;
6469
6470 case 513:
6471 #line 2730 "util/configparser.y"
6751 #line 6753 "util/configparser.c"
6752 break;
6753
6754 case 542:
6755 #line 2878 "util/configparser.y"
64726756 {
64736757 OUTYY(("P(url:%s)\n", (yyvsp[0].str)));
64746758 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str)))
64756759 yyerror("out of memory");
64766760 }
6477 #line 6479 "util/configparser.c"
6478 break;
6479
6480 case 514:
6481 #line 2737 "util/configparser.y"
6761 #line 6763 "util/configparser.c"
6762 break;
6763
6764 case 543:
6765 #line 2885 "util/configparser.y"
64826766 {
64836767 OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str)));
64846768 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
64856769 (yyvsp[0].str)))
64866770 yyerror("out of memory");
64876771 }
6488 #line 6490 "util/configparser.c"
6489 break;
6490
6491 case 515:
6492 #line 2745 "util/configparser.y"
6772 #line 6774 "util/configparser.c"
6773 break;
6774
6775 case 544:
6776 #line 2893 "util/configparser.y"
6777 {
6778 OUTYY(("P(zonemd-check:%s)\n", (yyvsp[0].str)));
6779 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
6780 yyerror("expected yes or no.");
6781 else cfg_parser->cfg->auths->zonemd_check =
6782 (strcmp((yyvsp[0].str), "yes")==0);
6783 free((yyvsp[0].str));
6784 }
6785 #line 6787 "util/configparser.c"
6786 break;
6787
6788 case 545:
6789 #line 2903 "util/configparser.y"
6790 {
6791 OUTYY(("P(zonemd-reject-absence:%s)\n", (yyvsp[0].str)));
6792 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
6793 yyerror("expected yes or no.");
6794 else cfg_parser->cfg->auths->zonemd_reject_absence =
6795 (strcmp((yyvsp[0].str), "yes")==0);
6796 free((yyvsp[0].str));
6797 }
6798 #line 6800 "util/configparser.c"
6799 break;
6800
6801 case 546:
6802 #line 2913 "util/configparser.y"
64936803 {
64946804 OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str)));
64956805 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
64986808 (strcmp((yyvsp[0].str), "yes")==0);
64996809 free((yyvsp[0].str));
65006810 }
6501 #line 6503 "util/configparser.c"
6502 break;
6503
6504 case 516:
6505 #line 2755 "util/configparser.y"
6811 #line 6813 "util/configparser.c"
6812 break;
6813
6814 case 547:
6815 #line 2923 "util/configparser.y"
65066816 {
65076817 OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str)));
65086818 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
65116821 (strcmp((yyvsp[0].str), "yes")==0);
65126822 free((yyvsp[0].str));
65136823 }
6514 #line 6516 "util/configparser.c"
6515 break;
6516
6517 case 517:
6518 #line 2765 "util/configparser.y"
6824 #line 6826 "util/configparser.c"
6825 break;
6826
6827 case 548:
6828 #line 2933 "util/configparser.y"
65196829 {
65206830 OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str)));
65216831 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
65246834 (strcmp((yyvsp[0].str), "yes")==0);
65256835 free((yyvsp[0].str));
65266836 }
6527 #line 6529 "util/configparser.c"
6528 break;
6529
6530 case 518:
6531 #line 2775 "util/configparser.y"
6837 #line 6839 "util/configparser.c"
6838 break;
6839
6840 case 549:
6841 #line 2943 "util/configparser.y"
65326842 {
65336843 OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
65346844 if(cfg_parser->cfg->views->name)
65376847 free(cfg_parser->cfg->views->name);
65386848 cfg_parser->cfg->views->name = (yyvsp[0].str);
65396849 }
6540 #line 6542 "util/configparser.c"
6541 break;
6542
6543 case 519:
6544 #line 2785 "util/configparser.y"
6850 #line 6852 "util/configparser.c"
6851 break;
6852
6853 case 550:
6854 #line 2953 "util/configparser.y"
65456855 {
65466856 OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
65476857 if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 &&
65516861 && strcmp((yyvsp[0].str), "always_transparent")!=0
65526862 && strcmp((yyvsp[0].str), "always_refuse")!=0
65536863 && strcmp((yyvsp[0].str), "always_nxdomain")!=0
6864 && strcmp((yyvsp[0].str), "always_nodata")!=0
6865 && strcmp((yyvsp[0].str), "always_deny")!=0
6866 && strcmp((yyvsp[0].str), "always_null")!=0
65546867 && strcmp((yyvsp[0].str), "noview")!=0
6555 && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) {
6868 && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0
6869 && strcmp((yyvsp[0].str), "inform_redirect") != 0
6870 && strcmp((yyvsp[0].str), "ipset") != 0) {
65566871 yyerror("local-zone type: expected static, deny, "
65576872 "refuse, redirect, transparent, "
65586873 "typetransparent, inform, inform_deny, "
6559 "always_transparent, always_refuse, "
6560 "always_nxdomain, noview or nodefault");
6874 "inform_redirect, always_transparent, "
6875 "always_refuse, always_nxdomain, "
6876 "always_nodata, always_deny, always_null, "
6877 "noview, nodefault or ipset");
65616878 free((yyvsp[-1].str));
65626879 free((yyvsp[0].str));
65636880 } else if(strcmp((yyvsp[0].str), "nodefault")==0) {
65746891 #endif
65756892 } else {
65766893 if(!cfg_str2list_insert(
6577 &cfg_parser->cfg->views->local_zones,
6894 &cfg_parser->cfg->views->local_zones,
65786895 (yyvsp[-1].str), (yyvsp[0].str)))
65796896 fatal_exit("out of memory adding local-zone");
65806897 }
65816898 }
6582 #line 6584 "util/configparser.c"
6583 break;
6584
6585 case 520:
6586 #line 2824 "util/configparser.y"
6899 #line 6901 "util/configparser.c"
6900 break;
6901
6902 case 551:
6903 #line 2999 "util/configparser.y"
65876904 {
65886905 OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
65896906 validate_respip_action((yyvsp[0].str));
65926909 fatal_exit("out of memory adding per-view "
65936910 "response-ip action");
65946911 }
6595 #line 6597 "util/configparser.c"
6596 break;
6597
6598 case 521:
6599 #line 2834 "util/configparser.y"
6912 #line 6914 "util/configparser.c"
6913 break;
6914
6915 case 552:
6916 #line 3009 "util/configparser.y"
66006917 {
66016918 OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str)));
66026919 if(!cfg_str2list_insert(
66036920 &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str)))
66046921 fatal_exit("out of memory adding response-ip-data");
66056922 }
6606 #line 6608 "util/configparser.c"
6607 break;
6608
6609 case 522:
6610 #line 2842 "util/configparser.y"
6923 #line 6925 "util/configparser.c"
6924 break;
6925
6926 case 553:
6927 #line 3017 "util/configparser.y"
66116928 {
66126929 OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str)));
66136930 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) {
66146931 fatal_exit("out of memory adding local-data");
66156932 }
66166933 }
6617 #line 6619 "util/configparser.c"
6618 break;
6619
6620 case 523:
6621 #line 2850 "util/configparser.y"
6934 #line 6936 "util/configparser.c"
6935 break;
6936
6937 case 554:
6938 #line 3025 "util/configparser.y"
66226939 {
66236940 char* ptr;
66246941 OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str)));
66326949 yyerror("local-data-ptr could not be reversed");
66336950 }
66346951 }
6635 #line 6637 "util/configparser.c"
6636 break;
6637
6638 case 524:
6639 #line 2865 "util/configparser.y"
6952 #line 6954 "util/configparser.c"
6953 break;
6954
6955 case 555:
6956 #line 3040 "util/configparser.y"
66406957 {
66416958 OUTYY(("P(view-first:%s)\n", (yyvsp[0].str)));
66426959 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
66446961 else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
66456962 free((yyvsp[0].str));
66466963 }
6647 #line 6649 "util/configparser.c"
6648 break;
6649
6650 case 525:
6651 #line 2874 "util/configparser.y"
6652 {
6653 OUTYY(("\nP(remote-control:)\n"));
6654 }
6655 #line 6657 "util/configparser.c"
6656 break;
6657
6658 case 536:
6659 #line 2885 "util/configparser.y"
6964 #line 6966 "util/configparser.c"
6965 break;
6966
6967 case 556:
6968 #line 3049 "util/configparser.y"
6969 {
6970 OUTYY(("\nP(remote-control:)\n"));
6971 }
6972 #line 6974 "util/configparser.c"
6973 break;
6974
6975 case 567:
6976 #line 3060 "util/configparser.y"
66606977 {
66616978 OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str)));
66626979 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
66636980 yyerror("expected yes or no.");
6664 else cfg_parser->cfg->remote_control_enable =
6981 else cfg_parser->cfg->remote_control_enable =
66656982 (strcmp((yyvsp[0].str), "yes")==0);
66666983 free((yyvsp[0].str));
66676984 }
6668 #line 6670 "util/configparser.c"
6669 break;
6670
6671 case 537:
6672 #line 2895 "util/configparser.y"
6985 #line 6987 "util/configparser.c"
6986 break;
6987
6988 case 568:
6989 #line 3070 "util/configparser.y"
66736990 {
66746991 OUTYY(("P(control_port:%s)\n", (yyvsp[0].str)));
66756992 if(atoi((yyvsp[0].str)) == 0)
66776994 else cfg_parser->cfg->control_port = atoi((yyvsp[0].str));
66786995 free((yyvsp[0].str));
66796996 }
6680 #line 6682 "util/configparser.c"
6681 break;
6682
6683 case 538:
6684 #line 2904 "util/configparser.y"
6997 #line 6999 "util/configparser.c"
6998 break;
6999
7000 case 569:
7001 #line 3079 "util/configparser.y"
66857002 {
66867003 OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str)));
66877004 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
66887005 yyerror("out of memory");
66897006 }
6690 #line 6692 "util/configparser.c"
6691 break;
6692
6693 case 539:
6694 #line 2911 "util/configparser.y"
7007 #line 7009 "util/configparser.c"
7008 break;
7009
7010 case 570:
7011 #line 3086 "util/configparser.y"
66957012 {
66967013 OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str)));
66977014 cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0);
66987015 free((yyvsp[0].str));
66997016 }
6700 #line 6702 "util/configparser.c"
6701 break;
6702
6703 case 540:
6704 #line 2918 "util/configparser.y"
7017 #line 7019 "util/configparser.c"
7018 break;
7019
7020 case 571:
7021 #line 3093 "util/configparser.y"
67057022 {
67067023 OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str)));
67077024 free(cfg_parser->cfg->server_key_file);
67087025 cfg_parser->cfg->server_key_file = (yyvsp[0].str);
67097026 }
6710 #line 6712 "util/configparser.c"
6711 break;
6712
6713 case 541:
6714 #line 2925 "util/configparser.y"
7027 #line 7029 "util/configparser.c"
7028 break;
7029
7030 case 572:
7031 #line 3100 "util/configparser.y"
67157032 {
67167033 OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str)));
67177034 free(cfg_parser->cfg->server_cert_file);
67187035 cfg_parser->cfg->server_cert_file = (yyvsp[0].str);
67197036 }
6720 #line 6722 "util/configparser.c"
6721 break;
6722
6723 case 542:
6724 #line 2932 "util/configparser.y"
7037 #line 7039 "util/configparser.c"
7038 break;
7039
7040 case 573:
7041 #line 3107 "util/configparser.y"
67257042 {
67267043 OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str)));
67277044 free(cfg_parser->cfg->control_key_file);
67287045 cfg_parser->cfg->control_key_file = (yyvsp[0].str);
67297046 }
6730 #line 6732 "util/configparser.c"
6731 break;
6732
6733 case 543:
6734 #line 2939 "util/configparser.y"
7047 #line 7049 "util/configparser.c"
7048 break;
7049
7050 case 574:
7051 #line 3114 "util/configparser.y"
67357052 {
67367053 OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str)));
67377054 free(cfg_parser->cfg->control_cert_file);
67387055 cfg_parser->cfg->control_cert_file = (yyvsp[0].str);
67397056 }
6740 #line 6742 "util/configparser.c"
6741 break;
6742
6743 case 544:
6744 #line 2946 "util/configparser.y"
7057 #line 7059 "util/configparser.c"
7058 break;
7059
7060 case 575:
7061 #line 3121 "util/configparser.y"
67457062 {
67467063 OUTYY(("\nP(dnstap:)\n"));
67477064 }
6748 #line 6750 "util/configparser.c"
6749 break;
6750
6751 case 566:
6752 #line 2966 "util/configparser.y"
7065 #line 7067 "util/configparser.c"
7066 break;
7067
7068 case 597:
7069 #line 3141 "util/configparser.y"
67537070 {
67547071 OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str)));
67557072 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
67577074 else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0);
67587075 free((yyvsp[0].str));
67597076 }
6760 #line 6762 "util/configparser.c"
6761 break;
6762
6763 case 567:
6764 #line 2975 "util/configparser.y"
7077 #line 7079 "util/configparser.c"
7078 break;
7079
7080 case 598:
7081 #line 3150 "util/configparser.y"
67657082 {
67667083 OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str)));
67677084 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
67707087 (strcmp((yyvsp[0].str), "yes")==0);
67717088 free((yyvsp[0].str));
67727089 }
6773 #line 6775 "util/configparser.c"
6774 break;
6775
6776 case 568:
6777 #line 2985 "util/configparser.y"
7090 #line 7092 "util/configparser.c"
7091 break;
7092
7093 case 599:
7094 #line 3160 "util/configparser.y"
67787095 {
67797096 OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str)));
67807097 free(cfg_parser->cfg->dnstap_socket_path);
67817098 cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str);
67827099 }
6783 #line 6785 "util/configparser.c"
6784 break;
6785
6786 case 569:
6787 #line 2992 "util/configparser.y"
7100 #line 7102 "util/configparser.c"
7101 break;
7102
7103 case 600:
7104 #line 3167 "util/configparser.y"
67887105 {
67897106 OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str)));
67907107 free(cfg_parser->cfg->dnstap_ip);
67917108 cfg_parser->cfg->dnstap_ip = (yyvsp[0].str);
67927109 }
6793 #line 6795 "util/configparser.c"
6794 break;
6795
6796 case 570:
6797 #line 2999 "util/configparser.y"
7110 #line 7112 "util/configparser.c"
7111 break;
7112
7113 case 601:
7114 #line 3174 "util/configparser.y"
67987115 {
67997116 OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str)));
68007117 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
68027119 else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0);
68037120 free((yyvsp[0].str));
68047121 }
6805 #line 6807 "util/configparser.c"
6806 break;
6807
6808 case 571:
6809 #line 3008 "util/configparser.y"
7122 #line 7124 "util/configparser.c"
7123 break;
7124
7125 case 602:
7126 #line 3183 "util/configparser.y"
68107127 {
68117128 OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str)));
68127129 free(cfg_parser->cfg->dnstap_tls_server_name);
68137130 cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str);
68147131 }
6815 #line 6817 "util/configparser.c"
6816 break;
6817
6818 case 572:
6819 #line 3015 "util/configparser.y"
7132 #line 7134 "util/configparser.c"
7133 break;
7134
7135 case 603:
7136 #line 3190 "util/configparser.y"
68207137 {
68217138 OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str)));
68227139 free(cfg_parser->cfg->dnstap_tls_cert_bundle);
68237140 cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str);
68247141 }
6825 #line 6827 "util/configparser.c"
6826 break;
6827
6828 case 573:
6829 #line 3022 "util/configparser.y"
7142 #line 7144 "util/configparser.c"
7143 break;
7144
7145 case 604:
7146 #line 3197 "util/configparser.y"
68307147 {
68317148 OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str)));
68327149 free(cfg_parser->cfg->dnstap_tls_client_key_file);
68337150 cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str);
68347151 }
6835 #line 6837 "util/configparser.c"
6836 break;
6837
6838 case 574:
6839 #line 3029 "util/configparser.y"
7152 #line 7154 "util/configparser.c"
7153 break;
7154
7155 case 605:
7156 #line 3204 "util/configparser.y"
68407157 {
68417158 OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str)));
68427159 free(cfg_parser->cfg->dnstap_tls_client_cert_file);
68437160 cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str);
68447161 }
6845 #line 6847 "util/configparser.c"
6846 break;
6847
6848 case 575:
6849 #line 3036 "util/configparser.y"
7162 #line 7164 "util/configparser.c"
7163 break;
7164
7165 case 606:
7166 #line 3211 "util/configparser.y"
68507167 {
68517168 OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str)));
68527169 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
68547171 else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0);
68557172 free((yyvsp[0].str));
68567173 }
6857 #line 6859 "util/configparser.c"
6858 break;
6859
6860 case 576:
6861 #line 3045 "util/configparser.y"
7174 #line 7176 "util/configparser.c"
7175 break;
7176
7177 case 607:
7178 #line 3220 "util/configparser.y"
68627179 {
68637180 OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str)));
68647181 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
68667183 else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0);
68677184 free((yyvsp[0].str));
68687185 }
6869 #line 6871 "util/configparser.c"
6870 break;
6871
6872 case 577:
6873 #line 3054 "util/configparser.y"
7186 #line 7188 "util/configparser.c"
7187 break;
7188
7189 case 608:
7190 #line 3229 "util/configparser.y"
68747191 {
68757192 OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str)));
68767193 free(cfg_parser->cfg->dnstap_identity);
68777194 cfg_parser->cfg->dnstap_identity = (yyvsp[0].str);
68787195 }
6879 #line 6881 "util/configparser.c"
6880 break;
6881
6882 case 578:
6883 #line 3061 "util/configparser.y"
7196 #line 7198 "util/configparser.c"
7197 break;
7198
7199 case 609:
7200 #line 3236 "util/configparser.y"
68847201 {
68857202 OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str)));
68867203 free(cfg_parser->cfg->dnstap_version);
68877204 cfg_parser->cfg->dnstap_version = (yyvsp[0].str);
68887205 }
6889 #line 6891 "util/configparser.c"
6890 break;
6891
6892 case 579:
6893 #line 3068 "util/configparser.y"
7206 #line 7208 "util/configparser.c"
7207 break;
7208
7209 case 610:
7210 #line 3243 "util/configparser.y"
68947211 {
68957212 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str)));
68967213 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
68997216 (strcmp((yyvsp[0].str), "yes")==0);
69007217 free((yyvsp[0].str));
69017218 }
6902 #line 6904 "util/configparser.c"
6903 break;
6904
6905 case 580:
6906 #line 3078 "util/configparser.y"
7219 #line 7221 "util/configparser.c"
7220 break;
7221
7222 case 611:
7223 #line 3253 "util/configparser.y"
69077224 {
69087225 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str)));
69097226 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
69127229 (strcmp((yyvsp[0].str), "yes")==0);
69137230 free((yyvsp[0].str));
69147231 }
6915 #line 6917 "util/configparser.c"
6916 break;
6917
6918 case 581:
6919 #line 3088 "util/configparser.y"
7232 #line 7234 "util/configparser.c"
7233 break;
7234
7235 case 612:
7236 #line 3263 "util/configparser.y"
69207237 {
69217238 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str)));
69227239 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
69257242 (strcmp((yyvsp[0].str), "yes")==0);
69267243 free((yyvsp[0].str));
69277244 }
6928 #line 6930 "util/configparser.c"
6929 break;
6930
6931 case 582:
6932 #line 3098 "util/configparser.y"
7245 #line 7247 "util/configparser.c"
7246 break;
7247
7248 case 613:
7249 #line 3273 "util/configparser.y"
69337250 {
69347251 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str)));
69357252 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
69387255 (strcmp((yyvsp[0].str), "yes")==0);
69397256 free((yyvsp[0].str));
69407257 }
6941 #line 6943 "util/configparser.c"
6942 break;
6943
6944 case 583:
6945 #line 3108 "util/configparser.y"
7258 #line 7260 "util/configparser.c"
7259 break;
7260
7261 case 614:
7262 #line 3283 "util/configparser.y"
69467263 {
69477264 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str)));
69487265 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
69517268 (strcmp((yyvsp[0].str), "yes")==0);
69527269 free((yyvsp[0].str));
69537270 }
6954 #line 6956 "util/configparser.c"
6955 break;
6956
6957 case 584:
6958 #line 3118 "util/configparser.y"
7271 #line 7273 "util/configparser.c"
7272 break;
7273
7274 case 615:
7275 #line 3293 "util/configparser.y"
69597276 {
69607277 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str)));
69617278 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
69647281 (strcmp((yyvsp[0].str), "yes")==0);
69657282 free((yyvsp[0].str));
69667283 }
6967 #line 6969 "util/configparser.c"
6968 break;
6969
6970 case 585:
6971 #line 3128 "util/configparser.y"
6972 {
6973 OUTYY(("\nP(python:)\n"));
6974 }
6975 #line 6977 "util/configparser.c"
6976 break;
6977
6978 case 589:
6979 #line 3137 "util/configparser.y"
7284 #line 7286 "util/configparser.c"
7285 break;
7286
7287 case 616:
7288 #line 3303 "util/configparser.y"
7289 {
7290 OUTYY(("\nP(python:)\n"));
7291 }
7292 #line 7294 "util/configparser.c"
7293 break;
7294
7295 case 620:
7296 #line 3312 "util/configparser.y"
69807297 {
69817298 OUTYY(("P(python-script:%s)\n", (yyvsp[0].str)));
69827299 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str)))
69837300 yyerror("out of memory");
69847301 }
6985 #line 6987 "util/configparser.c"
6986 break;
6987
6988 case 590:
6989 #line 3143 "util/configparser.y"
7302 #line 7304 "util/configparser.c"
7303 break;
7304
7305 case 621:
7306 #line 3318 "util/configparser.y"
69907307 {
69917308 OUTYY(("\nP(dynlib:)\n"));
69927309 }
6993 #line 6995 "util/configparser.c"
6994 break;
6995
6996 case 594:
6997 #line 3152 "util/configparser.y"
7310 #line 7312 "util/configparser.c"
7311 break;
7312
7313 case 625:
7314 #line 3327 "util/configparser.y"
69987315 {
69997316 OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str)));
70007317 if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str)))
70017318 yyerror("out of memory");
70027319 }
7003 #line 7005 "util/configparser.c"
7004 break;
7005
7006 case 595:
7007 #line 3158 "util/configparser.y"
7320 #line 7322 "util/configparser.c"
7321 break;
7322
7323 case 626:
7324 #line 3333 "util/configparser.y"
70087325 {
70097326 OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str)));
70107327 if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
70137330 (strcmp((yyvsp[0].str), "yes")==0);
70147331 free((yyvsp[0].str));
70157332 }
7016 #line 7018 "util/configparser.c"
7017 break;
7018
7019 case 596:
7020 #line 3168 "util/configparser.y"
7333 #line 7335 "util/configparser.c"
7334 break;
7335
7336 case 627:
7337 #line 3343 "util/configparser.y"
70217338 {
70227339 OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str)));
70237340 free(cfg_parser->cfg->log_identity);
70247341 cfg_parser->cfg->log_identity = (yyvsp[0].str);
70257342 }
7026 #line 7028 "util/configparser.c"
7027 break;
7028
7029 case 597:
7030 #line 3175 "util/configparser.y"
7343 #line 7345 "util/configparser.c"
7344 break;
7345
7346 case 628:
7347 #line 3350 "util/configparser.y"
70317348 {
70327349 OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
70337350 validate_respip_action((yyvsp[0].str));
70357352 (yyvsp[-1].str), (yyvsp[0].str)))
70367353 fatal_exit("out of memory adding response-ip");
70377354 }
7038 #line 7040 "util/configparser.c"
7039 break;
7040
7041 case 598:
7042 #line 3184 "util/configparser.y"
7355 #line 7357 "util/configparser.c"
7356 break;
7357
7358 case 629:
7359 #line 3359 "util/configparser.y"
70437360 {
70447361 OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str)));
70457362 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
70467363 (yyvsp[-1].str), (yyvsp[0].str)))
70477364 fatal_exit("out of memory adding response-ip-data");
70487365 }
7049 #line 7051 "util/configparser.c"
7050 break;
7051
7052 case 599:
7053 #line 3192 "util/configparser.y"
7366 #line 7368 "util/configparser.c"
7367 break;
7368
7369 case 630:
7370 #line 3367 "util/configparser.y"
70547371 {
70557372 OUTYY(("\nP(dnscrypt:)\n"));
70567373 }
7057 #line 7059 "util/configparser.c"
7058 break;
7059
7060 case 612:
7061 #line 3208 "util/configparser.y"
7374 #line 7376 "util/configparser.c"
7375 break;
7376
7377 case 643:
7378 #line 3383 "util/configparser.y"
70627379 {
70637380 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str)));
70647381 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
70667383 else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0);
70677384 free((yyvsp[0].str));
70687385 }
7069 #line 7071 "util/configparser.c"
7070 break;
7071
7072 case 613:
7073 #line 3218 "util/configparser.y"
7386 #line 7388 "util/configparser.c"
7387 break;
7388
7389 case 644:
7390 #line 3393 "util/configparser.y"
70747391 {
70757392 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str)));
70767393 if(atoi((yyvsp[0].str)) == 0)
70787395 else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str));
70797396 free((yyvsp[0].str));
70807397 }
7081 #line 7083 "util/configparser.c"
7082 break;
7083
7084 case 614:
7085 #line 3227 "util/configparser.y"
7398 #line 7400 "util/configparser.c"
7399 break;
7400
7401 case 645:
7402 #line 3402 "util/configparser.y"
70867403 {
70877404 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str)));
70887405 free(cfg_parser->cfg->dnscrypt_provider);
70897406 cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str);
70907407 }
7091 #line 7093 "util/configparser.c"
7092 break;
7093
7094 case 615:
7095 #line 3234 "util/configparser.y"
7408 #line 7410 "util/configparser.c"
7409 break;
7410
7411 case 646:
7412 #line 3409 "util/configparser.y"
70967413 {
70977414 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str)));
70987415 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
71007417 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
71017418 fatal_exit("out of memory adding dnscrypt-provider-cert");
71027419 }
7103 #line 7105 "util/configparser.c"
7104 break;
7105
7106 case 616:
7107 #line 3243 "util/configparser.y"
7420 #line 7422 "util/configparser.c"
7421 break;
7422
7423 case 647:
7424 #line 3418 "util/configparser.y"
71087425 {
71097426 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str)));
71107427 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str)))
71117428 fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
71127429 }
7113 #line 7115 "util/configparser.c"
7114 break;
7115
7116 case 617:
7117 #line 3250 "util/configparser.y"
7430 #line 7432 "util/configparser.c"
7431 break;
7432
7433 case 648:
7434 #line 3425 "util/configparser.y"
71187435 {
71197436 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str)));
71207437 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
71227439 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
71237440 fatal_exit("out of memory adding dnscrypt-secret-key");
71247441 }
7125 #line 7127 "util/configparser.c"
7126 break;
7127
7128 case 618:
7129 #line 3259 "util/configparser.y"
7442 #line 7444 "util/configparser.c"
7443 break;
7444
7445 case 649:
7446 #line 3434 "util/configparser.y"
71307447 {
7131 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str)));
7132 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
7133 yyerror("memory size expected");
7134 free((yyvsp[0].str));
7448 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str)));
7449 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
7450 yyerror("memory size expected");
7451 free((yyvsp[0].str));
71357452 }
7136 #line 7138 "util/configparser.c"
7137 break;
7138
7139 case 619:
7140 #line 3267 "util/configparser.y"
7453 #line 7455 "util/configparser.c"
7454 break;
7455
7456 case 650:
7457 #line 3442 "util/configparser.y"
71417458 {
7142 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str)));
7143 if(atoi((yyvsp[0].str)) == 0)
7144 yyerror("number expected");
7145 else {
7146 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi((yyvsp[0].str));
7147 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
7148 yyerror("must be a power of 2");
7149 }
7150 free((yyvsp[0].str));
7459 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str)));
7460 if(atoi((yyvsp[0].str)) == 0) {
7461 yyerror("number expected");
7462 } else {
7463 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi((yyvsp[0].str));
7464 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
7465 yyerror("must be a power of 2");
7466 }
7467 free((yyvsp[0].str));
71517468 }
7152 #line 7154 "util/configparser.c"
7153 break;
7154
7155 case 620:
7156 #line 3280 "util/configparser.y"
7469 #line 7471 "util/configparser.c"
7470 break;
7471
7472 case 651:
7473 #line 3455 "util/configparser.y"
71577474 {
7158 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str)));
7159 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size))
7160 yyerror("memory size expected");
7161 free((yyvsp[0].str));
7475 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str)));
7476 if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size))
7477 yyerror("memory size expected");
7478 free((yyvsp[0].str));
71627479 }
7163 #line 7165 "util/configparser.c"
7164 break;
7165
7166 case 621:
7167 #line 3288 "util/configparser.y"
7480 #line 7482 "util/configparser.c"
7481 break;
7482
7483 case 652:
7484 #line 3463 "util/configparser.y"
71687485 {
7169 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str)));
7170 if(atoi((yyvsp[0].str)) == 0)
7171 yyerror("number expected");
7172 else {
7173 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi((yyvsp[0].str));
7174 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
7175 yyerror("must be a power of 2");
7176 }
7177 free((yyvsp[0].str));
7486 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str)));
7487 if(atoi((yyvsp[0].str)) == 0) {
7488 yyerror("number expected");
7489 } else {
7490 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi((yyvsp[0].str));
7491 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
7492 yyerror("must be a power of 2");
7493 }
7494 free((yyvsp[0].str));
71787495 }
7179 #line 7181 "util/configparser.c"
7180 break;
7181
7182 case 622:
7183 #line 3301 "util/configparser.y"
7496 #line 7498 "util/configparser.c"
7497 break;
7498
7499 case 653:
7500 #line 3476 "util/configparser.y"
71847501 {
71857502 OUTYY(("\nP(cachedb:)\n"));
71867503 }
7187 #line 7189 "util/configparser.c"
7188 break;
7189
7190 case 631:
7191 #line 3312 "util/configparser.y"
7504 #line 7506 "util/configparser.c"
7505 break;
7506
7507 case 662:
7508 #line 3487 "util/configparser.y"
71927509 {
71937510 #ifdef USE_CACHEDB
71947511 OUTYY(("P(backend:%s)\n", (yyvsp[0].str)));
71997516 free((yyvsp[0].str));
72007517 #endif
72017518 }
7202 #line 7204 "util/configparser.c"
7203 break;
7204
7205 case 632:
7206 #line 3324 "util/configparser.y"
7519 #line 7521 "util/configparser.c"
7520 break;
7521
7522 case 663:
7523 #line 3499 "util/configparser.y"
72077524 {
72087525 #ifdef USE_CACHEDB
72097526 OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str)));
72147531 free((yyvsp[0].str));
72157532 #endif
72167533 }
7217 #line 7219 "util/configparser.c"
7218 break;
7219
7220 case 633:
7221 #line 3336 "util/configparser.y"
7534 #line 7536 "util/configparser.c"
7535 break;
7536
7537 case 664:
7538 #line 3511 "util/configparser.y"
72227539 {
72237540 #if defined(USE_CACHEDB) && defined(USE_REDIS)
72247541 OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str)));
72297546 free((yyvsp[0].str));
72307547 #endif
72317548 }
7232 #line 7234 "util/configparser.c"
7233 break;
7234
7235 case 634:
7236 #line 3348 "util/configparser.y"
7549 #line 7551 "util/configparser.c"
7550 break;
7551
7552 case 665:
7553 #line 3523 "util/configparser.y"
72377554 {
72387555 #if defined(USE_CACHEDB) && defined(USE_REDIS)
72397556 int port;
72477564 #endif
72487565 free((yyvsp[0].str));
72497566 }
7250 #line 7252 "util/configparser.c"
7251 break;
7252
7253 case 635:
7254 #line 3363 "util/configparser.y"
7567 #line 7569 "util/configparser.c"
7568 break;
7569
7570 case 666:
7571 #line 3538 "util/configparser.y"
72557572 {
72567573 #if defined(USE_CACHEDB) && defined(USE_REDIS)
72577574 OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str)));
72637580 #endif
72647581 free((yyvsp[0].str));
72657582 }
7266 #line 7268 "util/configparser.c"
7267 break;
7268
7269 case 636:
7270 #line 3376 "util/configparser.y"
7583 #line 7585 "util/configparser.c"
7584 break;
7585
7586 case 667:
7587 #line 3551 "util/configparser.y"
72717588 {
72727589 #if defined(USE_CACHEDB) && defined(USE_REDIS)
72737590 OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str)));
72797596 #endif
72807597 free((yyvsp[0].str));
72817598 }
7282 #line 7284 "util/configparser.c"
7283 break;
7284
7285 case 637:
7286 #line 3389 "util/configparser.y"
7599 #line 7601 "util/configparser.c"
7600 break;
7601
7602 case 668:
7603 #line 3564 "util/configparser.y"
72877604 {
72887605 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
72897606 if (atoi((yyvsp[0].str)) < 0)
72937610 fatal_exit("out of memory adding tcp connection limit");
72947611 }
72957612 }
7296 #line 7298 "util/configparser.c"
7297 break;
7298
7299 case 638:
7300 #line 3400 "util/configparser.y"
7613 #line 7615 "util/configparser.c"
7614 break;
7615
7616 case 669:
7617 #line 3575 "util/configparser.y"
73017618 {
73027619 OUTYY(("\nP(ipset:)\n"));
73037620 }
7304 #line 7306 "util/configparser.c"
7305 break;
7306
7307 case 643:
7308 #line 3409 "util/configparser.y"
7621 #line 7623 "util/configparser.c"
7622 break;
7623
7624 case 674:
7625 #line 3584 "util/configparser.y"
73097626 {
73107627 #ifdef USE_IPSET
73117628 OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str)));
73197636 free((yyvsp[0].str));
73207637 #endif
73217638 }
7322 #line 7324 "util/configparser.c"
7323 break;
7324
7325 case 644:
7326 #line 3424 "util/configparser.y"
7639 #line 7641 "util/configparser.c"
7640 break;
7641
7642 case 675:
7643 #line 3599 "util/configparser.y"
73277644 {
73287645 #ifdef USE_IPSET
73297646 OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str)));
73377654 free((yyvsp[0].str));
73387655 #endif
73397656 }
7340 #line 7342 "util/configparser.c"
7341 break;
7342
7343
7344 #line 7346 "util/configparser.c"
7657 #line 7659 "util/configparser.c"
7658 break;
7659
7660
7661 #line 7663 "util/configparser.c"
73457662
73467663 default: break;
73477664 }
75357852 return yyresult;
75367853 }
75377854
7538 #line 3438 "util/configparser.y"
7855 #line 3613 "util/configparser.y"
75397856
75407857
75417858 /* parse helper routines could be here */
+439
-409
util/configparser.h less more
155155 VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */
156156 VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */
157157 VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */
158 VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */
159 VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */
160 VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */
161 VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */
162 VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */
163 VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */
164 VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */
165 VAR_PYTHON = 367, /* VAR_PYTHON */
166 VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */
167 VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */
168 VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */
169 VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */
170 VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */
171 VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */
172 VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */
173 VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */
174 VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */
175 VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */
176 VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */
177 VAR_PREFETCH = 379, /* VAR_PREFETCH */
178 VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */
179 VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */
180 VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */
181 VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */
182 VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */
183 VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */
184 VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */
185 VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */
186 VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */
187 VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */
188 VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */
189 VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */
190 VAR_SSL_PORT = 392, /* VAR_SSL_PORT */
191 VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */
192 VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */
193 VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */
194 VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */
195 VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */
196 VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */
197 VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */
198 VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */
199 VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
200 VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */
201 VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */
202 VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */
203 VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */
204 VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */
205 VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */
206 VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */
207 VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */
208 VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */
209 VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */
210 VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */
211 VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */
212 VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */
213 VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */
214 VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */
215 VAR_DNSTAP = 417, /* VAR_DNSTAP */
216 VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */
217 VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */
218 VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */
219 VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */
220 VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */
221 VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
222 VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
223 VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
224 VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */
225 VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */
226 VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */
227 VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */
228 VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */
229 VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
230 VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
231 VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
232 VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
233 VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
234 VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
235 VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */
236 VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */
237 VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */
238 VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */
239 VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */
240 VAR_IP_DSCP = 442, /* VAR_IP_DSCP */
241 VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
242 VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */
243 VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */
244 VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */
245 VAR_RATELIMIT = 447, /* VAR_RATELIMIT */
246 VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */
247 VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */
248 VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */
249 VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */
250 VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */
251 VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */
252 VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */
253 VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */
254 VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
255 VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */
256 VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
257 VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
258 VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
259 VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
260 VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
261 VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
262 VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */
263 VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */
264 VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */
265 VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */
266 VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */
267 VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */
268 VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */
269 VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */
270 VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */
271 VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */
272 VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */
273 VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */
274 VAR_VIEW = 476, /* VAR_VIEW */
275 VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */
276 VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */
277 VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */
278 VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */
279 VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */
280 VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */
281 VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
282 VAR_SERVE_ORIGINAL_TTL = 484, /* VAR_SERVE_ORIGINAL_TTL */
283 VAR_FAKE_DSA = 485, /* VAR_FAKE_DSA */
284 VAR_FAKE_SHA1 = 486, /* VAR_FAKE_SHA1 */
285 VAR_LOG_IDENTITY = 487, /* VAR_LOG_IDENTITY */
286 VAR_HIDE_TRUSTANCHOR = 488, /* VAR_HIDE_TRUSTANCHOR */
287 VAR_TRUST_ANCHOR_SIGNALING = 489, /* VAR_TRUST_ANCHOR_SIGNALING */
288 VAR_AGGRESSIVE_NSEC = 490, /* VAR_AGGRESSIVE_NSEC */
289 VAR_USE_SYSTEMD = 491, /* VAR_USE_SYSTEMD */
290 VAR_SHM_ENABLE = 492, /* VAR_SHM_ENABLE */
291 VAR_SHM_KEY = 493, /* VAR_SHM_KEY */
292 VAR_ROOT_KEY_SENTINEL = 494, /* VAR_ROOT_KEY_SENTINEL */
293 VAR_DNSCRYPT = 495, /* VAR_DNSCRYPT */
294 VAR_DNSCRYPT_ENABLE = 496, /* VAR_DNSCRYPT_ENABLE */
295 VAR_DNSCRYPT_PORT = 497, /* VAR_DNSCRYPT_PORT */
296 VAR_DNSCRYPT_PROVIDER = 498, /* VAR_DNSCRYPT_PROVIDER */
297 VAR_DNSCRYPT_SECRET_KEY = 499, /* VAR_DNSCRYPT_SECRET_KEY */
298 VAR_DNSCRYPT_PROVIDER_CERT = 500, /* VAR_DNSCRYPT_PROVIDER_CERT */
299 VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
300 VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
301 VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
302 VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
303 VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
304 VAR_PAD_RESPONSES = 506, /* VAR_PAD_RESPONSES */
305 VAR_PAD_RESPONSES_BLOCK_SIZE = 507, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
306 VAR_PAD_QUERIES = 508, /* VAR_PAD_QUERIES */
307 VAR_PAD_QUERIES_BLOCK_SIZE = 509, /* VAR_PAD_QUERIES_BLOCK_SIZE */
308 VAR_IPSECMOD_ENABLED = 510, /* VAR_IPSECMOD_ENABLED */
309 VAR_IPSECMOD_HOOK = 511, /* VAR_IPSECMOD_HOOK */
310 VAR_IPSECMOD_IGNORE_BOGUS = 512, /* VAR_IPSECMOD_IGNORE_BOGUS */
311 VAR_IPSECMOD_MAX_TTL = 513, /* VAR_IPSECMOD_MAX_TTL */
312 VAR_IPSECMOD_WHITELIST = 514, /* VAR_IPSECMOD_WHITELIST */
313 VAR_IPSECMOD_STRICT = 515, /* VAR_IPSECMOD_STRICT */
314 VAR_CACHEDB = 516, /* VAR_CACHEDB */
315 VAR_CACHEDB_BACKEND = 517, /* VAR_CACHEDB_BACKEND */
316 VAR_CACHEDB_SECRETSEED = 518, /* VAR_CACHEDB_SECRETSEED */
317 VAR_CACHEDB_REDISHOST = 519, /* VAR_CACHEDB_REDISHOST */
318 VAR_CACHEDB_REDISPORT = 520, /* VAR_CACHEDB_REDISPORT */
319 VAR_CACHEDB_REDISTIMEOUT = 521, /* VAR_CACHEDB_REDISTIMEOUT */
320 VAR_CACHEDB_REDISEXPIRERECORDS = 522, /* VAR_CACHEDB_REDISEXPIRERECORDS */
321 VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 523, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
322 VAR_FOR_UPSTREAM = 524, /* VAR_FOR_UPSTREAM */
323 VAR_AUTH_ZONE = 525, /* VAR_AUTH_ZONE */
324 VAR_ZONEFILE = 526, /* VAR_ZONEFILE */
325 VAR_MASTER = 527, /* VAR_MASTER */
326 VAR_URL = 528, /* VAR_URL */
327 VAR_FOR_DOWNSTREAM = 529, /* VAR_FOR_DOWNSTREAM */
328 VAR_FALLBACK_ENABLED = 530, /* VAR_FALLBACK_ENABLED */
329 VAR_TLS_ADDITIONAL_PORT = 531, /* VAR_TLS_ADDITIONAL_PORT */
330 VAR_LOW_RTT = 532, /* VAR_LOW_RTT */
331 VAR_LOW_RTT_PERMIL = 533, /* VAR_LOW_RTT_PERMIL */
332 VAR_FAST_SERVER_PERMIL = 534, /* VAR_FAST_SERVER_PERMIL */
333 VAR_FAST_SERVER_NUM = 535, /* VAR_FAST_SERVER_NUM */
334 VAR_ALLOW_NOTIFY = 536, /* VAR_ALLOW_NOTIFY */
335 VAR_TLS_WIN_CERT = 537, /* VAR_TLS_WIN_CERT */
336 VAR_TCP_CONNECTION_LIMIT = 538, /* VAR_TCP_CONNECTION_LIMIT */
337 VAR_FORWARD_NO_CACHE = 539, /* VAR_FORWARD_NO_CACHE */
338 VAR_STUB_NO_CACHE = 540, /* VAR_STUB_NO_CACHE */
339 VAR_LOG_SERVFAIL = 541, /* VAR_LOG_SERVFAIL */
340 VAR_DENY_ANY = 542, /* VAR_DENY_ANY */
341 VAR_UNKNOWN_SERVER_TIME_LIMIT = 543, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
342 VAR_LOG_TAG_QUERYREPLY = 544, /* VAR_LOG_TAG_QUERYREPLY */
343 VAR_STREAM_WAIT_SIZE = 545, /* VAR_STREAM_WAIT_SIZE */
344 VAR_TLS_CIPHERS = 546, /* VAR_TLS_CIPHERS */
345 VAR_TLS_CIPHERSUITES = 547, /* VAR_TLS_CIPHERSUITES */
346 VAR_TLS_USE_SNI = 548, /* VAR_TLS_USE_SNI */
347 VAR_IPSET = 549, /* VAR_IPSET */
348 VAR_IPSET_NAME_V4 = 550, /* VAR_IPSET_NAME_V4 */
349 VAR_IPSET_NAME_V6 = 551, /* VAR_IPSET_NAME_V6 */
350 VAR_TLS_SESSION_TICKET_KEYS = 552, /* VAR_TLS_SESSION_TICKET_KEYS */
351 VAR_RPZ = 553, /* VAR_RPZ */
352 VAR_TAGS = 554, /* VAR_TAGS */
353 VAR_RPZ_ACTION_OVERRIDE = 555, /* VAR_RPZ_ACTION_OVERRIDE */
354 VAR_RPZ_CNAME_OVERRIDE = 556, /* VAR_RPZ_CNAME_OVERRIDE */
355 VAR_RPZ_LOG = 557, /* VAR_RPZ_LOG */
356 VAR_RPZ_LOG_NAME = 558, /* VAR_RPZ_LOG_NAME */
357 VAR_DYNLIB = 559, /* VAR_DYNLIB */
358 VAR_DYNLIB_FILE = 560, /* VAR_DYNLIB_FILE */
359 VAR_EDNS_CLIENT_STRING = 561, /* VAR_EDNS_CLIENT_STRING */
360 VAR_EDNS_CLIENT_STRING_OPCODE = 562, /* VAR_EDNS_CLIENT_STRING_OPCODE */
361 VAR_NSID = 563 /* VAR_NSID */
158 VAR_TCP_REUSE_TIMEOUT = 360, /* VAR_TCP_REUSE_TIMEOUT */
159 VAR_MAX_REUSE_TCP_QUERIES = 361, /* VAR_MAX_REUSE_TCP_QUERIES */
160 VAR_EXTENDED_STATISTICS = 362, /* VAR_EXTENDED_STATISTICS */
161 VAR_LOCAL_DATA_PTR = 363, /* VAR_LOCAL_DATA_PTR */
162 VAR_JOSTLE_TIMEOUT = 364, /* VAR_JOSTLE_TIMEOUT */
163 VAR_STUB_PRIME = 365, /* VAR_STUB_PRIME */
164 VAR_UNWANTED_REPLY_THRESHOLD = 366, /* VAR_UNWANTED_REPLY_THRESHOLD */
165 VAR_LOG_TIME_ASCII = 367, /* VAR_LOG_TIME_ASCII */
166 VAR_DOMAIN_INSECURE = 368, /* VAR_DOMAIN_INSECURE */
167 VAR_PYTHON = 369, /* VAR_PYTHON */
168 VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */
169 VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */
170 VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */
171 VAR_VAL_MAX_RESTART = 373, /* VAR_VAL_MAX_RESTART */
172 VAR_CACHE_MIN_TTL = 374, /* VAR_CACHE_MIN_TTL */
173 VAR_VAL_LOG_LEVEL = 375, /* VAR_VAL_LOG_LEVEL */
174 VAR_AUTO_TRUST_ANCHOR_FILE = 376, /* VAR_AUTO_TRUST_ANCHOR_FILE */
175 VAR_KEEP_MISSING = 377, /* VAR_KEEP_MISSING */
176 VAR_ADD_HOLDDOWN = 378, /* VAR_ADD_HOLDDOWN */
177 VAR_DEL_HOLDDOWN = 379, /* VAR_DEL_HOLDDOWN */
178 VAR_SO_RCVBUF = 380, /* VAR_SO_RCVBUF */
179 VAR_EDNS_BUFFER_SIZE = 381, /* VAR_EDNS_BUFFER_SIZE */
180 VAR_PREFETCH = 382, /* VAR_PREFETCH */
181 VAR_PREFETCH_KEY = 383, /* VAR_PREFETCH_KEY */
182 VAR_SO_SNDBUF = 384, /* VAR_SO_SNDBUF */
183 VAR_SO_REUSEPORT = 385, /* VAR_SO_REUSEPORT */
184 VAR_HARDEN_BELOW_NXDOMAIN = 386, /* VAR_HARDEN_BELOW_NXDOMAIN */
185 VAR_IGNORE_CD_FLAG = 387, /* VAR_IGNORE_CD_FLAG */
186 VAR_LOG_QUERIES = 388, /* VAR_LOG_QUERIES */
187 VAR_LOG_REPLIES = 389, /* VAR_LOG_REPLIES */
188 VAR_LOG_LOCAL_ACTIONS = 390, /* VAR_LOG_LOCAL_ACTIONS */
189 VAR_TCP_UPSTREAM = 391, /* VAR_TCP_UPSTREAM */
190 VAR_SSL_UPSTREAM = 392, /* VAR_SSL_UPSTREAM */
191 VAR_TCP_AUTH_QUERY_TIMEOUT = 393, /* VAR_TCP_AUTH_QUERY_TIMEOUT */
192 VAR_SSL_SERVICE_KEY = 394, /* VAR_SSL_SERVICE_KEY */
193 VAR_SSL_SERVICE_PEM = 395, /* VAR_SSL_SERVICE_PEM */
194 VAR_SSL_PORT = 396, /* VAR_SSL_PORT */
195 VAR_FORWARD_FIRST = 397, /* VAR_FORWARD_FIRST */
196 VAR_STUB_SSL_UPSTREAM = 398, /* VAR_STUB_SSL_UPSTREAM */
197 VAR_FORWARD_SSL_UPSTREAM = 399, /* VAR_FORWARD_SSL_UPSTREAM */
198 VAR_TLS_CERT_BUNDLE = 400, /* VAR_TLS_CERT_BUNDLE */
199 VAR_STUB_TCP_UPSTREAM = 401, /* VAR_STUB_TCP_UPSTREAM */
200 VAR_FORWARD_TCP_UPSTREAM = 402, /* VAR_FORWARD_TCP_UPSTREAM */
201 VAR_HTTPS_PORT = 403, /* VAR_HTTPS_PORT */
202 VAR_HTTP_ENDPOINT = 404, /* VAR_HTTP_ENDPOINT */
203 VAR_HTTP_MAX_STREAMS = 405, /* VAR_HTTP_MAX_STREAMS */
204 VAR_HTTP_QUERY_BUFFER_SIZE = 406, /* VAR_HTTP_QUERY_BUFFER_SIZE */
205 VAR_HTTP_RESPONSE_BUFFER_SIZE = 407, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
206 VAR_HTTP_NODELAY = 408, /* VAR_HTTP_NODELAY */
207 VAR_HTTP_NOTLS_DOWNSTREAM = 409, /* VAR_HTTP_NOTLS_DOWNSTREAM */
208 VAR_STUB_FIRST = 410, /* VAR_STUB_FIRST */
209 VAR_MINIMAL_RESPONSES = 411, /* VAR_MINIMAL_RESPONSES */
210 VAR_RRSET_ROUNDROBIN = 412, /* VAR_RRSET_ROUNDROBIN */
211 VAR_MAX_UDP_SIZE = 413, /* VAR_MAX_UDP_SIZE */
212 VAR_DELAY_CLOSE = 414, /* VAR_DELAY_CLOSE */
213 VAR_UDP_CONNECT = 415, /* VAR_UDP_CONNECT */
214 VAR_UNBLOCK_LAN_ZONES = 416, /* VAR_UNBLOCK_LAN_ZONES */
215 VAR_INSECURE_LAN_ZONES = 417, /* VAR_INSECURE_LAN_ZONES */
216 VAR_INFRA_CACHE_MIN_RTT = 418, /* VAR_INFRA_CACHE_MIN_RTT */
217 VAR_INFRA_KEEP_PROBING = 419, /* VAR_INFRA_KEEP_PROBING */
218 VAR_DNS64_PREFIX = 420, /* VAR_DNS64_PREFIX */
219 VAR_DNS64_SYNTHALL = 421, /* VAR_DNS64_SYNTHALL */
220 VAR_DNS64_IGNORE_AAAA = 422, /* VAR_DNS64_IGNORE_AAAA */
221 VAR_DNSTAP = 423, /* VAR_DNSTAP */
222 VAR_DNSTAP_ENABLE = 424, /* VAR_DNSTAP_ENABLE */
223 VAR_DNSTAP_SOCKET_PATH = 425, /* VAR_DNSTAP_SOCKET_PATH */
224 VAR_DNSTAP_IP = 426, /* VAR_DNSTAP_IP */
225 VAR_DNSTAP_TLS = 427, /* VAR_DNSTAP_TLS */
226 VAR_DNSTAP_TLS_SERVER_NAME = 428, /* VAR_DNSTAP_TLS_SERVER_NAME */
227 VAR_DNSTAP_TLS_CERT_BUNDLE = 429, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
228 VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 430, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
229 VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
230 VAR_DNSTAP_SEND_IDENTITY = 432, /* VAR_DNSTAP_SEND_IDENTITY */
231 VAR_DNSTAP_SEND_VERSION = 433, /* VAR_DNSTAP_SEND_VERSION */
232 VAR_DNSTAP_BIDIRECTIONAL = 434, /* VAR_DNSTAP_BIDIRECTIONAL */
233 VAR_DNSTAP_IDENTITY = 435, /* VAR_DNSTAP_IDENTITY */
234 VAR_DNSTAP_VERSION = 436, /* VAR_DNSTAP_VERSION */
235 VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
236 VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
237 VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 439, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
238 VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
239 VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 441, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
240 VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
241 VAR_RESPONSE_IP_TAG = 443, /* VAR_RESPONSE_IP_TAG */
242 VAR_RESPONSE_IP = 444, /* VAR_RESPONSE_IP */
243 VAR_RESPONSE_IP_DATA = 445, /* VAR_RESPONSE_IP_DATA */
244 VAR_HARDEN_ALGO_DOWNGRADE = 446, /* VAR_HARDEN_ALGO_DOWNGRADE */
245 VAR_IP_TRANSPARENT = 447, /* VAR_IP_TRANSPARENT */
246 VAR_IP_DSCP = 448, /* VAR_IP_DSCP */
247 VAR_DISABLE_DNSSEC_LAME_CHECK = 449, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
248 VAR_IP_RATELIMIT = 450, /* VAR_IP_RATELIMIT */
249 VAR_IP_RATELIMIT_SLABS = 451, /* VAR_IP_RATELIMIT_SLABS */
250 VAR_IP_RATELIMIT_SIZE = 452, /* VAR_IP_RATELIMIT_SIZE */
251 VAR_RATELIMIT = 453, /* VAR_RATELIMIT */
252 VAR_RATELIMIT_SLABS = 454, /* VAR_RATELIMIT_SLABS */
253 VAR_RATELIMIT_SIZE = 455, /* VAR_RATELIMIT_SIZE */
254 VAR_OUTBOUND_MSG_RETRY = 456, /* VAR_OUTBOUND_MSG_RETRY */
255 VAR_RATELIMIT_FOR_DOMAIN = 457, /* VAR_RATELIMIT_FOR_DOMAIN */
256 VAR_RATELIMIT_BELOW_DOMAIN = 458, /* VAR_RATELIMIT_BELOW_DOMAIN */
257 VAR_IP_RATELIMIT_FACTOR = 459, /* VAR_IP_RATELIMIT_FACTOR */
258 VAR_RATELIMIT_FACTOR = 460, /* VAR_RATELIMIT_FACTOR */
259 VAR_IP_RATELIMIT_BACKOFF = 461, /* VAR_IP_RATELIMIT_BACKOFF */
260 VAR_RATELIMIT_BACKOFF = 462, /* VAR_RATELIMIT_BACKOFF */
261 VAR_SEND_CLIENT_SUBNET = 463, /* VAR_SEND_CLIENT_SUBNET */
262 VAR_CLIENT_SUBNET_ZONE = 464, /* VAR_CLIENT_SUBNET_ZONE */
263 VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 465, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
264 VAR_CLIENT_SUBNET_OPCODE = 466, /* VAR_CLIENT_SUBNET_OPCODE */
265 VAR_MAX_CLIENT_SUBNET_IPV4 = 467, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
266 VAR_MAX_CLIENT_SUBNET_IPV6 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
267 VAR_MIN_CLIENT_SUBNET_IPV4 = 469, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
268 VAR_MIN_CLIENT_SUBNET_IPV6 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
269 VAR_MAX_ECS_TREE_SIZE_IPV4 = 471, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
270 VAR_MAX_ECS_TREE_SIZE_IPV6 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
271 VAR_CAPS_WHITELIST = 473, /* VAR_CAPS_WHITELIST */
272 VAR_CACHE_MAX_NEGATIVE_TTL = 474, /* VAR_CACHE_MAX_NEGATIVE_TTL */
273 VAR_PERMIT_SMALL_HOLDDOWN = 475, /* VAR_PERMIT_SMALL_HOLDDOWN */
274 VAR_QNAME_MINIMISATION = 476, /* VAR_QNAME_MINIMISATION */
275 VAR_QNAME_MINIMISATION_STRICT = 477, /* VAR_QNAME_MINIMISATION_STRICT */
276 VAR_IP_FREEBIND = 478, /* VAR_IP_FREEBIND */
277 VAR_DEFINE_TAG = 479, /* VAR_DEFINE_TAG */
278 VAR_LOCAL_ZONE_TAG = 480, /* VAR_LOCAL_ZONE_TAG */
279 VAR_ACCESS_CONTROL_TAG = 481, /* VAR_ACCESS_CONTROL_TAG */
280 VAR_LOCAL_ZONE_OVERRIDE = 482, /* VAR_LOCAL_ZONE_OVERRIDE */
281 VAR_ACCESS_CONTROL_TAG_ACTION = 483, /* VAR_ACCESS_CONTROL_TAG_ACTION */
282 VAR_ACCESS_CONTROL_TAG_DATA = 484, /* VAR_ACCESS_CONTROL_TAG_DATA */
283 VAR_VIEW = 485, /* VAR_VIEW */
284 VAR_ACCESS_CONTROL_VIEW = 486, /* VAR_ACCESS_CONTROL_VIEW */
285 VAR_VIEW_FIRST = 487, /* VAR_VIEW_FIRST */
286 VAR_SERVE_EXPIRED = 488, /* VAR_SERVE_EXPIRED */
287 VAR_SERVE_EXPIRED_TTL = 489, /* VAR_SERVE_EXPIRED_TTL */
288 VAR_SERVE_EXPIRED_TTL_RESET = 490, /* VAR_SERVE_EXPIRED_TTL_RESET */
289 VAR_SERVE_EXPIRED_REPLY_TTL = 491, /* VAR_SERVE_EXPIRED_REPLY_TTL */
290 VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 492, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
291 VAR_SERVE_ORIGINAL_TTL = 493, /* VAR_SERVE_ORIGINAL_TTL */
292 VAR_FAKE_DSA = 494, /* VAR_FAKE_DSA */
293 VAR_FAKE_SHA1 = 495, /* VAR_FAKE_SHA1 */
294 VAR_LOG_IDENTITY = 496, /* VAR_LOG_IDENTITY */
295 VAR_HIDE_TRUSTANCHOR = 497, /* VAR_HIDE_TRUSTANCHOR */
296 VAR_HIDE_HTTP_USER_AGENT = 498, /* VAR_HIDE_HTTP_USER_AGENT */
297 VAR_HTTP_USER_AGENT = 499, /* VAR_HTTP_USER_AGENT */
298 VAR_TRUST_ANCHOR_SIGNALING = 500, /* VAR_TRUST_ANCHOR_SIGNALING */
299 VAR_AGGRESSIVE_NSEC = 501, /* VAR_AGGRESSIVE_NSEC */
300 VAR_USE_SYSTEMD = 502, /* VAR_USE_SYSTEMD */
301 VAR_SHM_ENABLE = 503, /* VAR_SHM_ENABLE */
302 VAR_SHM_KEY = 504, /* VAR_SHM_KEY */
303 VAR_ROOT_KEY_SENTINEL = 505, /* VAR_ROOT_KEY_SENTINEL */
304 VAR_DNSCRYPT = 506, /* VAR_DNSCRYPT */
305 VAR_DNSCRYPT_ENABLE = 507, /* VAR_DNSCRYPT_ENABLE */
306 VAR_DNSCRYPT_PORT = 508, /* VAR_DNSCRYPT_PORT */
307 VAR_DNSCRYPT_PROVIDER = 509, /* VAR_DNSCRYPT_PROVIDER */
308 VAR_DNSCRYPT_SECRET_KEY = 510, /* VAR_DNSCRYPT_SECRET_KEY */
309 VAR_DNSCRYPT_PROVIDER_CERT = 511, /* VAR_DNSCRYPT_PROVIDER_CERT */
310 VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 512, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
311 VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 513, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
312 VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 514, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
313 VAR_DNSCRYPT_NONCE_CACHE_SIZE = 515, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
314 VAR_DNSCRYPT_NONCE_CACHE_SLABS = 516, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
315 VAR_PAD_RESPONSES = 517, /* VAR_PAD_RESPONSES */
316 VAR_PAD_RESPONSES_BLOCK_SIZE = 518, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
317 VAR_PAD_QUERIES = 519, /* VAR_PAD_QUERIES */
318 VAR_PAD_QUERIES_BLOCK_SIZE = 520, /* VAR_PAD_QUERIES_BLOCK_SIZE */
319 VAR_IPSECMOD_ENABLED = 521, /* VAR_IPSECMOD_ENABLED */
320 VAR_IPSECMOD_HOOK = 522, /* VAR_IPSECMOD_HOOK */
321 VAR_IPSECMOD_IGNORE_BOGUS = 523, /* VAR_IPSECMOD_IGNORE_BOGUS */
322 VAR_IPSECMOD_MAX_TTL = 524, /* VAR_IPSECMOD_MAX_TTL */
323 VAR_IPSECMOD_WHITELIST = 525, /* VAR_IPSECMOD_WHITELIST */
324 VAR_IPSECMOD_STRICT = 526, /* VAR_IPSECMOD_STRICT */
325 VAR_CACHEDB = 527, /* VAR_CACHEDB */
326 VAR_CACHEDB_BACKEND = 528, /* VAR_CACHEDB_BACKEND */
327 VAR_CACHEDB_SECRETSEED = 529, /* VAR_CACHEDB_SECRETSEED */
328 VAR_CACHEDB_REDISHOST = 530, /* VAR_CACHEDB_REDISHOST */
329 VAR_CACHEDB_REDISPORT = 531, /* VAR_CACHEDB_REDISPORT */
330 VAR_CACHEDB_REDISTIMEOUT = 532, /* VAR_CACHEDB_REDISTIMEOUT */
331 VAR_CACHEDB_REDISEXPIRERECORDS = 533, /* VAR_CACHEDB_REDISEXPIRERECORDS */
332 VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 534, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
333 VAR_FOR_UPSTREAM = 535, /* VAR_FOR_UPSTREAM */
334 VAR_AUTH_ZONE = 536, /* VAR_AUTH_ZONE */
335 VAR_ZONEFILE = 537, /* VAR_ZONEFILE */
336 VAR_MASTER = 538, /* VAR_MASTER */
337 VAR_URL = 539, /* VAR_URL */
338 VAR_FOR_DOWNSTREAM = 540, /* VAR_FOR_DOWNSTREAM */
339 VAR_FALLBACK_ENABLED = 541, /* VAR_FALLBACK_ENABLED */
340 VAR_TLS_ADDITIONAL_PORT = 542, /* VAR_TLS_ADDITIONAL_PORT */
341 VAR_LOW_RTT = 543, /* VAR_LOW_RTT */
342 VAR_LOW_RTT_PERMIL = 544, /* VAR_LOW_RTT_PERMIL */
343 VAR_FAST_SERVER_PERMIL = 545, /* VAR_FAST_SERVER_PERMIL */
344 VAR_FAST_SERVER_NUM = 546, /* VAR_FAST_SERVER_NUM */
345 VAR_ALLOW_NOTIFY = 547, /* VAR_ALLOW_NOTIFY */
346 VAR_TLS_WIN_CERT = 548, /* VAR_TLS_WIN_CERT */
347 VAR_TCP_CONNECTION_LIMIT = 549, /* VAR_TCP_CONNECTION_LIMIT */
348 VAR_FORWARD_NO_CACHE = 550, /* VAR_FORWARD_NO_CACHE */
349 VAR_STUB_NO_CACHE = 551, /* VAR_STUB_NO_CACHE */
350 VAR_LOG_SERVFAIL = 552, /* VAR_LOG_SERVFAIL */
351 VAR_DENY_ANY = 553, /* VAR_DENY_ANY */
352 VAR_UNKNOWN_SERVER_TIME_LIMIT = 554, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
353 VAR_LOG_TAG_QUERYREPLY = 555, /* VAR_LOG_TAG_QUERYREPLY */
354 VAR_STREAM_WAIT_SIZE = 556, /* VAR_STREAM_WAIT_SIZE */
355 VAR_TLS_CIPHERS = 557, /* VAR_TLS_CIPHERS */
356 VAR_TLS_CIPHERSUITES = 558, /* VAR_TLS_CIPHERSUITES */
357 VAR_TLS_USE_SNI = 559, /* VAR_TLS_USE_SNI */
358 VAR_IPSET = 560, /* VAR_IPSET */
359 VAR_IPSET_NAME_V4 = 561, /* VAR_IPSET_NAME_V4 */
360 VAR_IPSET_NAME_V6 = 562, /* VAR_IPSET_NAME_V6 */
361 VAR_TLS_SESSION_TICKET_KEYS = 563, /* VAR_TLS_SESSION_TICKET_KEYS */
362 VAR_RPZ = 564, /* VAR_RPZ */
363 VAR_TAGS = 565, /* VAR_TAGS */
364 VAR_RPZ_ACTION_OVERRIDE = 566, /* VAR_RPZ_ACTION_OVERRIDE */
365 VAR_RPZ_CNAME_OVERRIDE = 567, /* VAR_RPZ_CNAME_OVERRIDE */
366 VAR_RPZ_LOG = 568, /* VAR_RPZ_LOG */
367 VAR_RPZ_LOG_NAME = 569, /* VAR_RPZ_LOG_NAME */
368 VAR_DYNLIB = 570, /* VAR_DYNLIB */
369 VAR_DYNLIB_FILE = 571, /* VAR_DYNLIB_FILE */
370 VAR_EDNS_CLIENT_STRING = 572, /* VAR_EDNS_CLIENT_STRING */
371 VAR_EDNS_CLIENT_STRING_OPCODE = 573, /* VAR_EDNS_CLIENT_STRING_OPCODE */
372 VAR_NSID = 574, /* VAR_NSID */
373 VAR_ZONEMD_PERMISSIVE_MODE = 575, /* VAR_ZONEMD_PERMISSIVE_MODE */
374 VAR_ZONEMD_CHECK = 576, /* VAR_ZONEMD_CHECK */
375 VAR_ZONEMD_REJECT_ABSENCE = 577, /* VAR_ZONEMD_REJECT_ABSENCE */
376 VAR_RPZ_SIGNAL_NXDOMAIN_RA = 578 /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
362377 };
363378 typedef enum yytokentype yytoken_kind_t;
364379 #endif
468483 #define VAR_CONTROL_KEY_FILE 357
469484 #define VAR_CONTROL_CERT_FILE 358
470485 #define VAR_CONTROL_USE_CERT 359
471 #define VAR_EXTENDED_STATISTICS 360
472 #define VAR_LOCAL_DATA_PTR 361
473 #define VAR_JOSTLE_TIMEOUT 362
474 #define VAR_STUB_PRIME 363
475 #define VAR_UNWANTED_REPLY_THRESHOLD 364
476 #define VAR_LOG_TIME_ASCII 365
477 #define VAR_DOMAIN_INSECURE 366
478 #define VAR_PYTHON 367
479 #define VAR_PYTHON_SCRIPT 368
480 #define VAR_VAL_SIG_SKEW_MIN 369
481 #define VAR_VAL_SIG_SKEW_MAX 370
482 #define VAR_CACHE_MIN_TTL 371
483 #define VAR_VAL_LOG_LEVEL 372
484 #define VAR_AUTO_TRUST_ANCHOR_FILE 373
485 #define VAR_KEEP_MISSING 374
486 #define VAR_ADD_HOLDDOWN 375
487 #define VAR_DEL_HOLDDOWN 376
488 #define VAR_SO_RCVBUF 377
489 #define VAR_EDNS_BUFFER_SIZE 378
490 #define VAR_PREFETCH 379
491 #define VAR_PREFETCH_KEY 380
492 #define VAR_SO_SNDBUF 381
493 #define VAR_SO_REUSEPORT 382
494 #define VAR_HARDEN_BELOW_NXDOMAIN 383
495 #define VAR_IGNORE_CD_FLAG 384
496 #define VAR_LOG_QUERIES 385
497 #define VAR_LOG_REPLIES 386
498 #define VAR_LOG_LOCAL_ACTIONS 387
499 #define VAR_TCP_UPSTREAM 388
500 #define VAR_SSL_UPSTREAM 389
501 #define VAR_SSL_SERVICE_KEY 390
502 #define VAR_SSL_SERVICE_PEM 391
503 #define VAR_SSL_PORT 392
504 #define VAR_FORWARD_FIRST 393
505 #define VAR_STUB_SSL_UPSTREAM 394
506 #define VAR_FORWARD_SSL_UPSTREAM 395
507 #define VAR_TLS_CERT_BUNDLE 396
508 #define VAR_HTTPS_PORT 397
509 #define VAR_HTTP_ENDPOINT 398
510 #define VAR_HTTP_MAX_STREAMS 399
511 #define VAR_HTTP_QUERY_BUFFER_SIZE 400
512 #define VAR_HTTP_RESPONSE_BUFFER_SIZE 401
513 #define VAR_HTTP_NODELAY 402
514 #define VAR_HTTP_NOTLS_DOWNSTREAM 403
515 #define VAR_STUB_FIRST 404
516 #define VAR_MINIMAL_RESPONSES 405
517 #define VAR_RRSET_ROUNDROBIN 406
518 #define VAR_MAX_UDP_SIZE 407
519 #define VAR_DELAY_CLOSE 408
520 #define VAR_UDP_CONNECT 409
521 #define VAR_UNBLOCK_LAN_ZONES 410
522 #define VAR_INSECURE_LAN_ZONES 411
523 #define VAR_INFRA_CACHE_MIN_RTT 412
524 #define VAR_INFRA_KEEP_PROBING 413
525 #define VAR_DNS64_PREFIX 414
526 #define VAR_DNS64_SYNTHALL 415
527 #define VAR_DNS64_IGNORE_AAAA 416
528 #define VAR_DNSTAP 417
529 #define VAR_DNSTAP_ENABLE 418
530 #define VAR_DNSTAP_SOCKET_PATH 419
531 #define VAR_DNSTAP_IP 420
532 #define VAR_DNSTAP_TLS 421
533 #define VAR_DNSTAP_TLS_SERVER_NAME 422
534 #define VAR_DNSTAP_TLS_CERT_BUNDLE 423
535 #define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424
536 #define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425
537 #define VAR_DNSTAP_SEND_IDENTITY 426
538 #define VAR_DNSTAP_SEND_VERSION 427
539 #define VAR_DNSTAP_BIDIRECTIONAL 428
540 #define VAR_DNSTAP_IDENTITY 429
541 #define VAR_DNSTAP_VERSION 430
542 #define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431
543 #define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432
544 #define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433
545 #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434
546 #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435
547 #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436
548 #define VAR_RESPONSE_IP_TAG 437
549 #define VAR_RESPONSE_IP 438
550 #define VAR_RESPONSE_IP_DATA 439
551 #define VAR_HARDEN_ALGO_DOWNGRADE 440
552 #define VAR_IP_TRANSPARENT 441
553 #define VAR_IP_DSCP 442
554 #define VAR_DISABLE_DNSSEC_LAME_CHECK 443
555 #define VAR_IP_RATELIMIT 444
556 #define VAR_IP_RATELIMIT_SLABS 445
557 #define VAR_IP_RATELIMIT_SIZE 446
558 #define VAR_RATELIMIT 447
559 #define VAR_RATELIMIT_SLABS 448
560 #define VAR_RATELIMIT_SIZE 449
561 #define VAR_RATELIMIT_FOR_DOMAIN 450
562 #define VAR_RATELIMIT_BELOW_DOMAIN 451
563 #define VAR_IP_RATELIMIT_FACTOR 452
564 #define VAR_RATELIMIT_FACTOR 453
565 #define VAR_SEND_CLIENT_SUBNET 454
566 #define VAR_CLIENT_SUBNET_ZONE 455
567 #define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456
568 #define VAR_CLIENT_SUBNET_OPCODE 457
569 #define VAR_MAX_CLIENT_SUBNET_IPV4 458
570 #define VAR_MAX_CLIENT_SUBNET_IPV6 459
571 #define VAR_MIN_CLIENT_SUBNET_IPV4 460
572 #define VAR_MIN_CLIENT_SUBNET_IPV6 461
573 #define VAR_MAX_ECS_TREE_SIZE_IPV4 462
574 #define VAR_MAX_ECS_TREE_SIZE_IPV6 463
575 #define VAR_CAPS_WHITELIST 464
576 #define VAR_CACHE_MAX_NEGATIVE_TTL 465
577 #define VAR_PERMIT_SMALL_HOLDDOWN 466
578 #define VAR_QNAME_MINIMISATION 467
579 #define VAR_QNAME_MINIMISATION_STRICT 468
580 #define VAR_IP_FREEBIND 469
581 #define VAR_DEFINE_TAG 470
582 #define VAR_LOCAL_ZONE_TAG 471
583 #define VAR_ACCESS_CONTROL_TAG 472
584 #define VAR_LOCAL_ZONE_OVERRIDE 473
585 #define VAR_ACCESS_CONTROL_TAG_ACTION 474
586 #define VAR_ACCESS_CONTROL_TAG_DATA 475
587 #define VAR_VIEW 476
588 #define VAR_ACCESS_CONTROL_VIEW 477
589 #define VAR_VIEW_FIRST 478
590 #define VAR_SERVE_EXPIRED 479
591 #define VAR_SERVE_EXPIRED_TTL 480
592 #define VAR_SERVE_EXPIRED_TTL_RESET 481
593 #define VAR_SERVE_EXPIRED_REPLY_TTL 482
594 #define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483
595 #define VAR_SERVE_ORIGINAL_TTL 484
596 #define VAR_FAKE_DSA 485
597 #define VAR_FAKE_SHA1 486
598 #define VAR_LOG_IDENTITY 487
599 #define VAR_HIDE_TRUSTANCHOR 488
600 #define VAR_TRUST_ANCHOR_SIGNALING 489
601 #define VAR_AGGRESSIVE_NSEC 490
602 #define VAR_USE_SYSTEMD 491
603 #define VAR_SHM_ENABLE 492
604 #define VAR_SHM_KEY 493
605 #define VAR_ROOT_KEY_SENTINEL 494
606 #define VAR_DNSCRYPT 495
607 #define VAR_DNSCRYPT_ENABLE 496
608 #define VAR_DNSCRYPT_PORT 497
609 #define VAR_DNSCRYPT_PROVIDER 498
610 #define VAR_DNSCRYPT_SECRET_KEY 499
611 #define VAR_DNSCRYPT_PROVIDER_CERT 500
612 #define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501
613 #define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502
614 #define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503
615 #define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504
616 #define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505
617 #define VAR_PAD_RESPONSES 506
618 #define VAR_PAD_RESPONSES_BLOCK_SIZE 507
619 #define VAR_PAD_QUERIES 508
620 #define VAR_PAD_QUERIES_BLOCK_SIZE 509
621 #define VAR_IPSECMOD_ENABLED 510
622 #define VAR_IPSECMOD_HOOK 511
623 #define VAR_IPSECMOD_IGNORE_BOGUS 512
624 #define VAR_IPSECMOD_MAX_TTL 513
625 #define VAR_IPSECMOD_WHITELIST 514
626 #define VAR_IPSECMOD_STRICT 515
627 #define VAR_CACHEDB 516
628 #define VAR_CACHEDB_BACKEND 517
629 #define VAR_CACHEDB_SECRETSEED 518
630 #define VAR_CACHEDB_REDISHOST 519
631 #define VAR_CACHEDB_REDISPORT 520
632 #define VAR_CACHEDB_REDISTIMEOUT 521
633 #define VAR_CACHEDB_REDISEXPIRERECORDS 522
634 #define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 523
635 #define VAR_FOR_UPSTREAM 524
636 #define VAR_AUTH_ZONE 525
637 #define VAR_ZONEFILE 526
638 #define VAR_MASTER 527
639 #define VAR_URL 528
640 #define VAR_FOR_DOWNSTREAM 529
641 #define VAR_FALLBACK_ENABLED 530
642 #define VAR_TLS_ADDITIONAL_PORT 531
643 #define VAR_LOW_RTT 532
644 #define VAR_LOW_RTT_PERMIL 533
645 #define VAR_FAST_SERVER_PERMIL 534
646 #define VAR_FAST_SERVER_NUM 535
647 #define VAR_ALLOW_NOTIFY 536
648 #define VAR_TLS_WIN_CERT 537
649 #define VAR_TCP_CONNECTION_LIMIT 538
650 #define VAR_FORWARD_NO_CACHE 539
651 #define VAR_STUB_NO_CACHE 540
652 #define VAR_LOG_SERVFAIL 541
653 #define VAR_DENY_ANY 542
654 #define VAR_UNKNOWN_SERVER_TIME_LIMIT 543
655 #define VAR_LOG_TAG_QUERYREPLY 544
656 #define VAR_STREAM_WAIT_SIZE 545
657 #define VAR_TLS_CIPHERS 546
658 #define VAR_TLS_CIPHERSUITES 547
659 #define VAR_TLS_USE_SNI 548
660 #define VAR_IPSET 549
661 #define VAR_IPSET_NAME_V4 550
662 #define VAR_IPSET_NAME_V6 551
663 #define VAR_TLS_SESSION_TICKET_KEYS 552
664 #define VAR_RPZ 553
665 #define VAR_TAGS 554
666 #define VAR_RPZ_ACTION_OVERRIDE 555
667 #define VAR_RPZ_CNAME_OVERRIDE 556
668 #define VAR_RPZ_LOG 557
669 #define VAR_RPZ_LOG_NAME 558
670 #define VAR_DYNLIB 559
671 #define VAR_DYNLIB_FILE 560
672 #define VAR_EDNS_CLIENT_STRING 561
673 #define VAR_EDNS_CLIENT_STRING_OPCODE 562
674 #define VAR_NSID 563
486 #define VAR_TCP_REUSE_TIMEOUT 360
487 #define VAR_MAX_REUSE_TCP_QUERIES 361
488 #define VAR_EXTENDED_STATISTICS 362
489 #define VAR_LOCAL_DATA_PTR 363
490 #define VAR_JOSTLE_TIMEOUT 364
491 #define VAR_STUB_PRIME 365
492 #define VAR_UNWANTED_REPLY_THRESHOLD 366
493 #define VAR_LOG_TIME_ASCII 367
494 #define VAR_DOMAIN_INSECURE 368
495 #define VAR_PYTHON 369
496 #define VAR_PYTHON_SCRIPT 370
497 #define VAR_VAL_SIG_SKEW_MIN 371
498 #define VAR_VAL_SIG_SKEW_MAX 372
499 #define VAR_VAL_MAX_RESTART 373
500 #define VAR_CACHE_MIN_TTL 374
501 #define VAR_VAL_LOG_LEVEL 375
502 #define VAR_AUTO_TRUST_ANCHOR_FILE 376
503 #define VAR_KEEP_MISSING 377
504 #define VAR_ADD_HOLDDOWN 378
505 #define VAR_DEL_HOLDDOWN 379
506 #define VAR_SO_RCVBUF 380
507 #define VAR_EDNS_BUFFER_SIZE 381
508 #define VAR_PREFETCH 382
509 #define VAR_PREFETCH_KEY 383
510 #define VAR_SO_SNDBUF 384
511 #define VAR_SO_REUSEPORT 385
512 #define VAR_HARDEN_BELOW_NXDOMAIN 386
513 #define VAR_IGNORE_CD_FLAG 387
514 #define VAR_LOG_QUERIES 388
515 #define VAR_LOG_REPLIES 389
516 #define VAR_LOG_LOCAL_ACTIONS 390
517 #define VAR_TCP_UPSTREAM 391
518 #define VAR_SSL_UPSTREAM 392
519 #define VAR_TCP_AUTH_QUERY_TIMEOUT 393
520 #define VAR_SSL_SERVICE_KEY 394
521 #define VAR_SSL_SERVICE_PEM 395
522 #define VAR_SSL_PORT 396
523 #define VAR_FORWARD_FIRST 397
524 #define VAR_STUB_SSL_UPSTREAM 398
525 #define VAR_FORWARD_SSL_UPSTREAM 399
526 #define VAR_TLS_CERT_BUNDLE 400
527 #define VAR_STUB_TCP_UPSTREAM 401
528 #define VAR_FORWARD_TCP_UPSTREAM 402
529 #define VAR_HTTPS_PORT 403
530 #define VAR_HTTP_ENDPOINT 404
531 #define VAR_HTTP_MAX_STREAMS 405
532 #define VAR_HTTP_QUERY_BUFFER_SIZE 406
533 #define VAR_HTTP_RESPONSE_BUFFER_SIZE 407
534 #define VAR_HTTP_NODELAY 408
535 #define VAR_HTTP_NOTLS_DOWNSTREAM 409
536 #define VAR_STUB_FIRST 410
537 #define VAR_MINIMAL_RESPONSES 411
538 #define VAR_RRSET_ROUNDROBIN 412
539 #define VAR_MAX_UDP_SIZE 413
540 #define VAR_DELAY_CLOSE 414
541 #define VAR_UDP_CONNECT 415
542 #define VAR_UNBLOCK_LAN_ZONES 416
543 #define VAR_INSECURE_LAN_ZONES 417
544 #define VAR_INFRA_CACHE_MIN_RTT 418
545 #define VAR_INFRA_KEEP_PROBING 419
546 #define VAR_DNS64_PREFIX 420
547 #define VAR_DNS64_SYNTHALL 421
548 #define VAR_DNS64_IGNORE_AAAA 422
549 #define VAR_DNSTAP 423
550 #define VAR_DNSTAP_ENABLE 424
551 #define VAR_DNSTAP_SOCKET_PATH 425
552 #define VAR_DNSTAP_IP 426
553 #define VAR_DNSTAP_TLS 427
554 #define VAR_DNSTAP_TLS_SERVER_NAME 428
555 #define VAR_DNSTAP_TLS_CERT_BUNDLE 429
556 #define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 430
557 #define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 431
558 #define VAR_DNSTAP_SEND_IDENTITY 432
559 #define VAR_DNSTAP_SEND_VERSION 433
560 #define VAR_DNSTAP_BIDIRECTIONAL 434
561 #define VAR_DNSTAP_IDENTITY 435
562 #define VAR_DNSTAP_VERSION 436
563 #define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 437
564 #define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 438
565 #define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 439
566 #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 440
567 #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 441
568 #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 442
569 #define VAR_RESPONSE_IP_TAG 443
570 #define VAR_RESPONSE_IP 444
571 #define VAR_RESPONSE_IP_DATA 445
572 #define VAR_HARDEN_ALGO_DOWNGRADE 446
573 #define VAR_IP_TRANSPARENT 447
574 #define VAR_IP_DSCP 448
575 #define VAR_DISABLE_DNSSEC_LAME_CHECK 449
576 #define VAR_IP_RATELIMIT 450
577 #define VAR_IP_RATELIMIT_SLABS 451
578 #define VAR_IP_RATELIMIT_SIZE 452
579 #define VAR_RATELIMIT 453
580 #define VAR_RATELIMIT_SLABS 454
581 #define VAR_RATELIMIT_SIZE 455
582 #define VAR_OUTBOUND_MSG_RETRY 456
583 #define VAR_RATELIMIT_FOR_DOMAIN 457
584 #define VAR_RATELIMIT_BELOW_DOMAIN 458
585 #define VAR_IP_RATELIMIT_FACTOR 459
586 #define VAR_RATELIMIT_FACTOR 460
587 #define VAR_IP_RATELIMIT_BACKOFF 461
588 #define VAR_RATELIMIT_BACKOFF 462
589 #define VAR_SEND_CLIENT_SUBNET 463
590 #define VAR_CLIENT_SUBNET_ZONE 464
591 #define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 465
592 #define VAR_CLIENT_SUBNET_OPCODE 466
593 #define VAR_MAX_CLIENT_SUBNET_IPV4 467
594 #define VAR_MAX_CLIENT_SUBNET_IPV6 468
595 #define VAR_MIN_CLIENT_SUBNET_IPV4 469
596 #define VAR_MIN_CLIENT_SUBNET_IPV6 470
597 #define VAR_MAX_ECS_TREE_SIZE_IPV4 471
598 #define VAR_MAX_ECS_TREE_SIZE_IPV6 472
599 #define VAR_CAPS_WHITELIST 473
600 #define VAR_CACHE_MAX_NEGATIVE_TTL 474
601 #define VAR_PERMIT_SMALL_HOLDDOWN 475
602 #define VAR_QNAME_MINIMISATION 476
603 #define VAR_QNAME_MINIMISATION_STRICT 477
604 #define VAR_IP_FREEBIND 478
605 #define VAR_DEFINE_TAG 479
606 #define VAR_LOCAL_ZONE_TAG 480
607 #define VAR_ACCESS_CONTROL_TAG 481
608 #define VAR_LOCAL_ZONE_OVERRIDE 482
609 #define VAR_ACCESS_CONTROL_TAG_ACTION 483
610 #define VAR_ACCESS_CONTROL_TAG_DATA 484
611 #define VAR_VIEW 485
612 #define VAR_ACCESS_CONTROL_VIEW 486
613 #define VAR_VIEW_FIRST 487
614 #define VAR_SERVE_EXPIRED 488
615 #define VAR_SERVE_EXPIRED_TTL 489
616 #define VAR_SERVE_EXPIRED_TTL_RESET 490
617 #define VAR_SERVE_EXPIRED_REPLY_TTL 491
618 #define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 492
619 #define VAR_SERVE_ORIGINAL_TTL 493
620 #define VAR_FAKE_DSA 494
621 #define VAR_FAKE_SHA1 495
622 #define VAR_LOG_IDENTITY 496
623 #define VAR_HIDE_TRUSTANCHOR 497
624 #define VAR_HIDE_HTTP_USER_AGENT 498
625 #define VAR_HTTP_USER_AGENT 499
626 #define VAR_TRUST_ANCHOR_SIGNALING 500
627 #define VAR_AGGRESSIVE_NSEC 501
628 #define VAR_USE_SYSTEMD 502
629 #define VAR_SHM_ENABLE 503
630 #define VAR_SHM_KEY 504
631 #define VAR_ROOT_KEY_SENTINEL 505
632 #define VAR_DNSCRYPT 506
633 #define VAR_DNSCRYPT_ENABLE 507
634 #define VAR_DNSCRYPT_PORT 508
635 #define VAR_DNSCRYPT_PROVIDER 509
636 #define VAR_DNSCRYPT_SECRET_KEY 510
637 #define VAR_DNSCRYPT_PROVIDER_CERT 511
638 #define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 512
639 #define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 513
640 #define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 514
641 #define VAR_DNSCRYPT_NONCE_CACHE_SIZE 515
642 #define VAR_DNSCRYPT_NONCE_CACHE_SLABS 516
643 #define VAR_PAD_RESPONSES 517
644 #define VAR_PAD_RESPONSES_BLOCK_SIZE 518
645 #define VAR_PAD_QUERIES 519
646 #define VAR_PAD_QUERIES_BLOCK_SIZE 520
647 #define VAR_IPSECMOD_ENABLED 521
648 #define VAR_IPSECMOD_HOOK 522
649 #define VAR_IPSECMOD_IGNORE_BOGUS 523
650 #define VAR_IPSECMOD_MAX_TTL 524
651 #define VAR_IPSECMOD_WHITELIST 525
652 #define VAR_IPSECMOD_STRICT 526
653 #define VAR_CACHEDB 527
654 #define VAR_CACHEDB_BACKEND 528
655 #define VAR_CACHEDB_SECRETSEED 529
656 #define VAR_CACHEDB_REDISHOST 530
657 #define VAR_CACHEDB_REDISPORT 531
658 #define VAR_CACHEDB_REDISTIMEOUT 532
659 #define VAR_CACHEDB_REDISEXPIRERECORDS 533
660 #define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 534
661 #define VAR_FOR_UPSTREAM 535
662 #define VAR_AUTH_ZONE 536
663 #define VAR_ZONEFILE 537
664 #define VAR_MASTER 538
665 #define VAR_URL 539
666 #define VAR_FOR_DOWNSTREAM 540
667 #define VAR_FALLBACK_ENABLED 541
668 #define VAR_TLS_ADDITIONAL_PORT 542
669 #define VAR_LOW_RTT 543
670 #define VAR_LOW_RTT_PERMIL 544
671 #define VAR_FAST_SERVER_PERMIL 545
672 #define VAR_FAST_SERVER_NUM 546
673 #define VAR_ALLOW_NOTIFY 547
674 #define VAR_TLS_WIN_CERT 548
675 #define VAR_TCP_CONNECTION_LIMIT 549
676 #define VAR_FORWARD_NO_CACHE 550
677 #define VAR_STUB_NO_CACHE 551
678 #define VAR_LOG_SERVFAIL 552
679 #define VAR_DENY_ANY 553
680 #define VAR_UNKNOWN_SERVER_TIME_LIMIT 554
681 #define VAR_LOG_TAG_QUERYREPLY 555
682 #define VAR_STREAM_WAIT_SIZE 556
683 #define VAR_TLS_CIPHERS 557
684 #define VAR_TLS_CIPHERSUITES 558
685 #define VAR_TLS_USE_SNI 559
686 #define VAR_IPSET 560
687 #define VAR_IPSET_NAME_V4 561
688 #define VAR_IPSET_NAME_V6 562
689 #define VAR_TLS_SESSION_TICKET_KEYS 563
690 #define VAR_RPZ 564
691 #define VAR_TAGS 565
692 #define VAR_RPZ_ACTION_OVERRIDE 566
693 #define VAR_RPZ_CNAME_OVERRIDE 567
694 #define VAR_RPZ_LOG 568
695 #define VAR_RPZ_LOG_NAME 569
696 #define VAR_DYNLIB 570
697 #define VAR_DYNLIB_FILE 571
698 #define VAR_EDNS_CLIENT_STRING 572
699 #define VAR_EDNS_CLIENT_STRING_OPCODE 573
700 #define VAR_NSID 574
701 #define VAR_ZONEMD_PERMISSIVE_MODE 575
702 #define VAR_ZONEMD_CHECK 576
703 #define VAR_ZONEMD_REJECT_ABSENCE 577
704 #define VAR_RPZ_SIGNAL_NXDOMAIN_RA 578
675705
676706 /* Value type. */
677707 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
681711
682712 char* str;
683713
684 #line 686 "util/configparser.h"
714 #line 716 "util/configparser.h"
685715
686716 };
687717 typedef union YYSTYPE YYSTYPE;
+440
-265
util/configparser.y less more
33 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
44 *
55 * Copyright (c) 2007, NLnet Labs. All rights reserved.
6 *
6 *
77 * This software is open source.
8 *
8 *
99 * Redistribution and use in source and binary forms, with or without
1010 * modification, are permitted provided that the following conditions
1111 * are met:
12 *
12 *
1313 * Redistributions of source code must retain the above copyright notice,
1414 * this list of conditions and the following disclaimer.
15 *
15 *
1616 * Redistributions in binary form must reproduce the above copyright notice,
1717 * this list of conditions and the following disclaimer in the documentation
1818 * and/or other materials provided with the distribution.
19 *
19 *
2020 * Neither the name of the NLNET LABS nor the names of its contributors may
2121 * be used to endorse or promote products derived from this software without
2222 * specific prior written permission.
23 *
23 *
2424 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
2525 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
2626 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
8787 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
8888 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
8989 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
90 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
91 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
90 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
91 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
9292 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
9393 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
9494 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
9595 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
96 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
96 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
9797 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
9898 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
9999 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
100100 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
101101 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
102 %token VAR_CONTROL_USE_CERT
102 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
103103 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
104104 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
105105 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
106 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
107 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
108 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
109 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
110 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
111 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
112 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
106 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
107 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
108 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
109 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
110 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
111 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
112 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
113 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
113114 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
115 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
114116 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
115117 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
116118 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
136138 %token VAR_DISABLE_DNSSEC_LAME_CHECK
137139 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
138140 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
141 %token VAR_OUTBOUND_MSG_RETRY
139142 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
140143 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
144 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
141145 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
142146 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
143147 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
152156 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
153157 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
154158 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
159 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
155160 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
156161 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
157162 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
181186 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
182187 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
183188 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
189 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
190 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA
184191
185192 %%
186193 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
187194 toplevelvar: serverstart contents_server | stubstart contents_stub |
188 forwardstart contents_forward | pythonstart contents_py |
195 forwardstart contents_forward | pythonstart contents_py |
189196 rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
190197 dnscstart contents_dnsc | cachedbstart contents_cachedb |
191198 ipsetstart contents_ipset | authstart contents_auth |
199206 ;
200207 /* server: declaration */
201208 serverstart: VAR_SERVER
202 {
209 {
203210 OUTYY(("\nP(server:)\n"));
204211 }
205212 ;
211218 server_do_udp | server_do_tcp |
212219 server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
213220 server_tcp_keepalive | server_tcp_keepalive_timeout |
214 server_interface | server_chroot | server_username |
221 server_interface | server_chroot | server_username |
215222 server_directory | server_logfile | server_pidfile |
216223 server_msg_cache_size | server_msg_cache_slabs |
217 server_num_queries_per_thread | server_rrset_cache_size |
218 server_rrset_cache_slabs | server_outgoing_num_tcp |
219 server_infra_host_ttl | server_infra_lame_ttl |
224 server_num_queries_per_thread | server_rrset_cache_size |
225 server_rrset_cache_slabs | server_outgoing_num_tcp |
226 server_infra_host_ttl | server_infra_lame_ttl |
220227 server_infra_cache_slabs | server_infra_cache_numhosts |
221 server_infra_cache_lame_size | server_target_fetch_policy |
228 server_infra_cache_lame_size | server_target_fetch_policy |
222229 server_harden_short_bufsize | server_harden_large_queries |
223230 server_do_not_query_address | server_hide_identity |
224231 server_hide_version | server_identity | server_version |
232 server_hide_http_user_agent | server_http_user_agent |
225233 server_harden_glue | server_module_conf | server_trust_anchor_file |
226234 server_trust_anchor | server_val_override_date | server_bogus_ttl |
227235 server_val_clean_additional | server_val_permissive_mode |
228 server_incoming_num_tcp | server_msg_buffer_size |
229 server_key_cache_size | server_key_cache_slabs |
236 server_incoming_num_tcp | server_msg_buffer_size |
237 server_key_cache_size | server_key_cache_slabs |
230238 server_trusted_keys_file | server_val_nsec3_keysize_iterations |
231239 server_use_syslog | server_outgoing_interface | server_root_hints |
232240 server_do_not_query_localhost | server_cache_max_ttl |
233241 server_harden_dnssec_stripped | server_access_control |
234242 server_local_zone | server_local_data | server_interface_automatic |
235 server_statistics_interval | server_do_daemonize |
243 server_statistics_interval | server_do_daemonize |
236244 server_use_caps_for_id | server_statistics_cumulative |
237245 server_outgoing_port_permit | server_outgoing_port_avoid |
238246 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
239247 server_harden_referral_path | server_private_address |
240 server_private_domain | server_extended_statistics |
241 server_local_data_ptr | server_jostle_timeout |
242 server_unwanted_reply_threshold | server_log_time_ascii |
243 server_domain_insecure | server_val_sig_skew_min |
244 server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
245 server_auto_trust_anchor_file | server_add_holddown |
248 server_private_domain | server_extended_statistics |
249 server_local_data_ptr | server_jostle_timeout |
250 server_unwanted_reply_threshold | server_log_time_ascii |
251 server_domain_insecure | server_val_sig_skew_min |
252 server_val_sig_skew_max | server_val_max_restart |
253 server_cache_min_ttl | server_val_log_level |
254 server_auto_trust_anchor_file | server_add_holddown |
246255 server_del_holddown | server_keep_missing | server_so_rcvbuf |
247256 server_edns_buffer_size | server_prefetch | server_prefetch_key |
248257 server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
263272 server_ip_ratelimit_size | server_ratelimit_size |
264273 server_ratelimit_for_domain |
265274 server_ratelimit_below_domain | server_ratelimit_factor |
266 server_ip_ratelimit_factor | server_send_client_subnet |
267 server_client_subnet_zone | server_client_subnet_always_forward |
268 server_client_subnet_opcode |
275 server_ip_ratelimit_factor | server_ratelimit_backoff |
276 server_ip_ratelimit_backoff | server_outbound_msg_retry |
277 server_send_client_subnet | server_client_subnet_zone |
278 server_client_subnet_always_forward | server_client_subnet_opcode |
269279 server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
270280 server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
271281 server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
298308 server_stream_wait_size | server_tls_ciphers |
299309 server_tls_ciphersuites | server_tls_session_ticket_keys |
300310 server_tls_use_sni | server_edns_client_string |
301 server_edns_client_string_opcode | server_nsid
311 server_edns_client_string_opcode | server_nsid |
312 server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
313 server_tcp_reuse_timeout | server_tcp_auth_query_timeout
314
302315 ;
303316 stubstart: VAR_STUB_ZONE
304317 {
305318 struct config_stub* s;
306 OUTYY(("\nP(stub_zone:)\n"));
319 OUTYY(("\nP(stub_zone:)\n"));
307320 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
308321 if(s) {
309322 s->next = cfg_parser->cfg->stubs;
310323 cfg_parser->cfg->stubs = s;
311 } else
324 } else {
312325 yyerror("out of memory");
313 }
314 ;
315 contents_stub: contents_stub content_stub
326 }
327 }
328 ;
329 contents_stub: contents_stub content_stub
316330 | ;
317331 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
318 stub_no_cache | stub_ssl_upstream
332 stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
319333 ;
320334 forwardstart: VAR_FORWARD_ZONE
321335 {
322336 struct config_stub* s;
323 OUTYY(("\nP(forward_zone:)\n"));
337 OUTYY(("\nP(forward_zone:)\n"));
324338 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
325339 if(s) {
326340 s->next = cfg_parser->cfg->forwards;
327341 cfg_parser->cfg->forwards = s;
328 } else
342 } else {
329343 yyerror("out of memory");
330 }
331 ;
332 contents_forward: contents_forward content_forward
344 }
345 }
346 ;
347 contents_forward: contents_forward content_forward
333348 | ;
334349 content_forward: forward_name | forward_host | forward_addr | forward_first |
335 forward_no_cache | forward_ssl_upstream
350 forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
336351 ;
337352 viewstart: VAR_VIEW
338353 {
339354 struct config_view* s;
340 OUTYY(("\nP(view:)\n"));
355 OUTYY(("\nP(view:)\n"));
341356 s = (struct config_view*)calloc(1, sizeof(struct config_view));
342357 if(s) {
343358 s->next = cfg_parser->cfg->views;
344359 if(s->next && !s->next->name)
345360 yyerror("view without name");
346361 cfg_parser->cfg->views = s;
347 } else
362 } else {
348363 yyerror("out of memory");
349 }
350 ;
351 contents_view: contents_view content_view
364 }
365 }
366 ;
367 contents_view: contents_view content_view
352368 | ;
353369 content_view: view_name | view_local_zone | view_local_data | view_first |
354370 view_response_ip | view_response_ip_data | view_local_data_ptr
356372 authstart: VAR_AUTH_ZONE
357373 {
358374 struct config_auth* s;
359 OUTYY(("\nP(auth_zone:)\n"));
375 OUTYY(("\nP(auth_zone:)\n"));
360376 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
361377 if(s) {
362378 s->next = cfg_parser->cfg->auths;
365381 s->for_downstream = 1;
366382 s->for_upstream = 1;
367383 s->fallback_enabled = 0;
384 s->zonemd_check = 0;
385 s->zonemd_reject_absence = 0;
368386 s->isrpz = 0;
369 } else
387 } else {
370388 yyerror("out of memory");
371 }
372 ;
373 contents_auth: contents_auth content_auth
389 }
390 }
391 ;
392 contents_auth: contents_auth content_auth
374393 | ;
375394 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
376395 auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
377 auth_allow_notify
396 auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
378397 ;
379398
380399 rpz_tag: VAR_TAGS STRING_ARG
436455 OUTYY(("P(rpz_log_name:%s)\n", $2));
437456 free(cfg_parser->cfg->auths->rpz_log_name);
438457 cfg_parser->cfg->auths->rpz_log_name = $2;
458 }
459 ;
460 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
461 {
462 OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
463 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
464 yyerror("expected yes or no.");
465 else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
466 free($2);
439467 }
440468 ;
441469
452480 s->for_upstream = 0;
453481 s->fallback_enabled = 0;
454482 s->isrpz = 1;
455 } else
483 } else {
456484 yyerror("out of memory");
485 }
457486 }
458487 ;
459488 contents_rpz: contents_rpz content_rpz
460489 | ;
461490 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
462491 auth_allow_notify | rpz_action_override | rpz_cname_override |
463 rpz_log | rpz_log_name
464 ;
465 server_num_threads: VAR_NUM_THREADS STRING_ARG
466 {
467 OUTYY(("P(server_num_threads:%s)\n", $2));
492 rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
493 ;
494 server_num_threads: VAR_NUM_THREADS STRING_ARG
495 {
496 OUTYY(("P(server_num_threads:%s)\n", $2));
468497 if(atoi($2) == 0 && strcmp($2, "0") != 0)
469498 yyerror("number expected");
470499 else cfg_parser->cfg->num_threads = atoi($2);
471500 free($2);
472501 }
473502 ;
474 server_verbosity: VAR_VERBOSITY STRING_ARG
475 {
476 OUTYY(("P(server_verbosity:%s)\n", $2));
503 server_verbosity: VAR_VERBOSITY STRING_ARG
504 {
505 OUTYY(("P(server_verbosity:%s)\n", $2));
477506 if(atoi($2) == 0 && strcmp($2, "0") != 0)
478507 yyerror("number expected");
479508 else cfg_parser->cfg->verbosity = atoi($2);
480509 free($2);
481510 }
482511 ;
483 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
484 {
485 OUTYY(("P(server_statistics_interval:%s)\n", $2));
512 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
513 {
514 OUTYY(("P(server_statistics_interval:%s)\n", $2));
486515 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
487516 cfg_parser->cfg->stat_interval = 0;
488517 else if(atoi($2) == 0)
518547 free($2);
519548 }
520549 ;
521 server_shm_key: VAR_SHM_KEY STRING_ARG
522 {
523 OUTYY(("P(server_shm_key:%s)\n", $2));
550 server_shm_key: VAR_SHM_KEY STRING_ARG
551 {
552 OUTYY(("P(server_shm_key:%s)\n", $2));
524553 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
525554 cfg_parser->cfg->shm_key = 0;
526555 else if(atoi($2) == 0)
693722 OUTYY(("P(server_interface:%s)\n", $2));
694723 if(cfg_parser->cfg->num_ifs == 0)
695724 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
696 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
725 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
697726 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
698727 if(!cfg_parser->cfg->ifs)
699728 yyerror("out of memory");
706735 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
707736 if(cfg_parser->cfg->num_out_ifs == 0)
708737 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
709 else cfg_parser->cfg->out_ifs = realloc(
710 cfg_parser->cfg->out_ifs,
738 else cfg_parser->cfg->out_ifs = realloc(
739 cfg_parser->cfg->out_ifs,
711740 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
712741 if(!cfg_parser->cfg->out_ifs)
713742 yyerror("out of memory");
728757 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
729758 {
730759 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
731 if(!cfg_mark_ports($2, 1,
760 if(!cfg_mark_ports($2, 1,
732761 cfg_parser->cfg->outgoing_avail_ports, 65536))
733762 yyerror("port number or range (\"low-high\") expected");
734763 free($2);
737766 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
738767 {
739768 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
740 if(!cfg_mark_ports($2, 0,
769 if(!cfg_mark_ports($2, 0,
741770 cfg_parser->cfg->outgoing_avail_ports, 65536))
742771 yyerror("port number or range (\"low-high\") expected");
743772 free($2);
827856 server_tcp_mss: VAR_TCP_MSS STRING_ARG
828857 {
829858 OUTYY(("P(server_tcp_mss:%s)\n", $2));
830 if(atoi($2) == 0 && strcmp($2, "0") != 0)
831 yyerror("number expected");
832 else cfg_parser->cfg->tcp_mss = atoi($2);
833 free($2);
859 if(atoi($2) == 0 && strcmp($2, "0") != 0)
860 yyerror("number expected");
861 else cfg_parser->cfg->tcp_mss = atoi($2);
862 free($2);
834863 }
835864 ;
836865 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
852881 else if (atoi($2) < 1)
853882 cfg_parser->cfg->tcp_idle_timeout = 1;
854883 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
884 free($2);
885 }
886 ;
887 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
888 {
889 OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
890 if(atoi($2) == 0 && strcmp($2, "0") != 0)
891 yyerror("number expected");
892 else if (atoi($2) < 1)
893 cfg_parser->cfg->max_reuse_tcp_queries = 0;
894 else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
895 free($2);
896 }
897 ;
898 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
899 {
900 OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
901 if(atoi($2) == 0 && strcmp($2, "0") != 0)
902 yyerror("number expected");
903 else if (atoi($2) < 1)
904 cfg_parser->cfg->tcp_reuse_timeout = 0;
905 else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
906 free($2);
907 }
908 ;
909 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
910 {
911 OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
912 if(atoi($2) == 0 && strcmp($2, "0") != 0)
913 yyerror("number expected");
914 else if (atoi($2) < 1)
915 cfg_parser->cfg->tcp_auth_query_timeout = 0;
916 else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
855917 free($2);
856918 }
857919 ;
10971159 }
10981160 ;
10991161 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1100 {
1101 OUTYY(("P(server_log_replies:%s)\n", $2));
1102 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1103 yyerror("expected yes or no.");
1104 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1105 free($2);
1106 }
1107 ;
1162 {
1163 OUTYY(("P(server_log_replies:%s)\n", $2));
1164 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1165 yyerror("expected yes or no.");
1166 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1167 free($2);
1168 }
1169 ;
11081170 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1109 {
1110 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1111 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1112 yyerror("expected yes or no.");
1113 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1114 free($2);
1115 }
1116 ;
1171 {
1172 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1173 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1174 yyerror("expected yes or no.");
1175 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1176 free($2);
1177 }
1178 ;
11171179 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
11181180 {
11191181 OUTYY(("P(server_log_servfail:%s)\n", $2));
11241186 }
11251187 ;
11261188 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1127 {
1128 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1129 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1130 yyerror("expected yes or no.");
1131 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1132 free($2);
1133 }
1134 ;
1189 {
1190 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1191 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1192 yyerror("expected yes or no.");
1193 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1194 free($2);
1195 }
1196 ;
11351197 server_chroot: VAR_CHROOT STRING_ARG
11361198 {
11371199 OUTYY(("P(server_chroot:%s)\n", $2));
11651227 cfg_parser->chroot)) == 0)
11661228 d += strlen(cfg_parser->chroot);
11671229 if(d[0]) {
1168 if(chdir(d))
1230 if(chdir(d))
11691231 log_err("cannot chdir to directory: %s (%s)",
11701232 d, strerror(errno));
11711233 }
12951357 free($2);
12961358 }
12971359 ;
1360 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1361 {
1362 OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1363 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1364 yyerror("expected yes or no.");
1365 else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1366 free($2);
1367 }
1368 ;
12981369 server_identity: VAR_IDENTITY STRING_ARG
12991370 {
13001371 OUTYY(("P(server_identity:%s)\n", $2));
13071378 OUTYY(("P(server_version:%s)\n", $2));
13081379 free(cfg_parser->cfg->version);
13091380 cfg_parser->cfg->version = $2;
1381 }
1382 ;
1383 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1384 {
1385 OUTYY(("P(server_http_user_agent:%s)\n", $2));
1386 free(cfg_parser->cfg->http_user_agent);
1387 cfg_parser->cfg->http_user_agent = $2;
13101388 }
13111389 ;
13121390 server_nsid: VAR_NSID STRING_ARG
13421420 }
13431421 ;
13441422 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1345 {
1346 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1347 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1348 yyerror("expected yes or no.");
1349 else cfg_parser->cfg->so_reuseport =
1350 (strcmp($2, "yes")==0);
1351 free($2);
1352 }
1353 ;
1423 {
1424 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1425 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1426 yyerror("expected yes or no.");
1427 else cfg_parser->cfg->so_reuseport =
1428 (strcmp($2, "yes")==0);
1429 free($2);
1430 }
1431 ;
13541432 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1355 {
1356 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1357 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1358 yyerror("expected yes or no.");
1359 else cfg_parser->cfg->ip_transparent =
1360 (strcmp($2, "yes")==0);
1361 free($2);
1362 }
1363 ;
1433 {
1434 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1435 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1436 yyerror("expected yes or no.");
1437 else cfg_parser->cfg->ip_transparent =
1438 (strcmp($2, "yes")==0);
1439 free($2);
1440 }
1441 ;
13641442 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1365 {
1366 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1367 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1368 yyerror("expected yes or no.");
1369 else cfg_parser->cfg->ip_freebind =
1370 (strcmp($2, "yes")==0);
1371 free($2);
1372 }
1373 ;
1443 {
1444 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1445 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1446 yyerror("expected yes or no.");
1447 else cfg_parser->cfg->ip_freebind =
1448 (strcmp($2, "yes")==0);
1449 free($2);
1450 }
1451 ;
13741452 server_ip_dscp: VAR_IP_DSCP STRING_ARG
13751453 {
13761454 OUTYY(("P(server_ip_dscp:%s)\n", $2));
14281506 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
14291507 {
14301508 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1431 if(atoi($2) == 0)
1432 yyerror("number expected");
1433 else {
1509 if(atoi($2) == 0) {
1510 yyerror("number expected");
1511 } else {
14341512 cfg_parser->cfg->msg_cache_slabs = atoi($2);
14351513 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
14361514 yyerror("must be a power of 2");
14791557 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
14801558 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
14811559 yyerror("expected yes or no.");
1482 else cfg_parser->cfg->unblock_lan_zones =
1560 else cfg_parser->cfg->unblock_lan_zones =
14831561 (strcmp($2, "yes")==0);
14841562 free($2);
14851563 }
14891567 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
14901568 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
14911569 yyerror("expected yes or no.");
1492 else cfg_parser->cfg->insecure_lan_zones =
1570 else cfg_parser->cfg->insecure_lan_zones =
14931571 (strcmp($2, "yes")==0);
14941572 free($2);
14951573 }
15051583 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
15061584 {
15071585 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1508 if(atoi($2) == 0)
1509 yyerror("number expected");
1510 else {
1586 if(atoi($2) == 0) {
1587 yyerror("number expected");
1588 } else {
15111589 cfg_parser->cfg->rrset_cache_slabs = atoi($2);
15121590 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
15131591 yyerror("must be a power of 2");
15521630 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
15531631 {
15541632 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1555 if(atoi($2) == 0)
1556 yyerror("number expected");
1557 else {
1633 if(atoi($2) == 0) {
1634 yyerror("number expected");
1635 } else {
15581636 cfg_parser->cfg->infra_cache_slabs = atoi($2);
15591637 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
15601638 yyerror("must be a power of 2");
15931671 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
15941672 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
15951673 yyerror("expected yes or no.");
1596 else cfg_parser->cfg->harden_short_bufsize =
1674 else cfg_parser->cfg->harden_short_bufsize =
15971675 (strcmp($2, "yes")==0);
15981676 free($2);
15991677 }
16031681 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
16041682 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
16051683 yyerror("expected yes or no.");
1606 else cfg_parser->cfg->harden_large_queries =
1684 else cfg_parser->cfg->harden_large_queries =
16071685 (strcmp($2, "yes")==0);
16081686 free($2);
16091687 }
16131691 OUTYY(("P(server_harden_glue:%s)\n", $2));
16141692 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
16151693 yyerror("expected yes or no.");
1616 else cfg_parser->cfg->harden_glue =
1694 else cfg_parser->cfg->harden_glue =
16171695 (strcmp($2, "yes")==0);
16181696 free($2);
16191697 }
16231701 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
16241702 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
16251703 yyerror("expected yes or no.");
1626 else cfg_parser->cfg->harden_dnssec_stripped =
1704 else cfg_parser->cfg->harden_dnssec_stripped =
16271705 (strcmp($2, "yes")==0);
16281706 free($2);
16291707 }
16331711 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
16341712 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
16351713 yyerror("expected yes or no.");
1636 else cfg_parser->cfg->harden_below_nxdomain =
1714 else cfg_parser->cfg->harden_below_nxdomain =
16371715 (strcmp($2, "yes")==0);
16381716 free($2);
16391717 }
16431721 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
16441722 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
16451723 yyerror("expected yes or no.");
1646 else cfg_parser->cfg->harden_referral_path =
1724 else cfg_parser->cfg->harden_referral_path =
16471725 (strcmp($2, "yes")==0);
16481726 free($2);
16491727 }
16531731 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
16541732 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
16551733 yyerror("expected yes or no.");
1656 else cfg_parser->cfg->harden_algo_downgrade =
1734 else cfg_parser->cfg->harden_algo_downgrade =
16571735 (strcmp($2, "yes")==0);
16581736 free($2);
16591737 }
16631741 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
16641742 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
16651743 yyerror("expected yes or no.");
1666 else cfg_parser->cfg->use_caps_bits_for_id =
1744 else cfg_parser->cfg->use_caps_bits_for_id =
16671745 (strcmp($2, "yes")==0);
16681746 free($2);
16691747 }
17371815 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
17381816 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
17391817 yyerror("expected yes or no.");
1740 else cfg_parser->cfg->donotquery_localhost =
1818 else cfg_parser->cfg->donotquery_localhost =
17411819 (strcmp($2, "yes")==0);
17421820 free($2);
17431821 }
17481826 if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
17491827 strcmp($3, "deny_non_local")!=0 &&
17501828 strcmp($3, "refuse_non_local")!=0 &&
1751 strcmp($3, "allow_setrd")!=0 &&
1752 strcmp($3, "allow")!=0 &&
1829 strcmp($3, "allow_setrd")!=0 &&
1830 strcmp($3, "allow")!=0 &&
17531831 strcmp($3, "allow_snoop")!=0) {
17541832 yyerror("expected deny, refuse, deny_non_local, "
17551833 "refuse_non_local, allow, allow_setrd or "
17751853 if(*$2 == '\0' || strcmp($2, "0") == 0) {
17761854 cfg_parser->cfg->val_date_override = 0;
17771855 } else if(strlen($2) == 14) {
1778 cfg_parser->cfg->val_date_override =
1856 cfg_parser->cfg->val_date_override =
17791857 cfg_convert_timeval($2);
17801858 if(!cfg_parser->cfg->val_date_override)
17811859 yyerror("bad date/time specification");
18131891 free($2);
18141892 }
18151893 ;
1894 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
1895 {
1896 OUTYY(("P(server_val_max_restart:%s)\n", $2));
1897 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1898 cfg_parser->cfg->val_max_restart = 0;
1899 } else {
1900 cfg_parser->cfg->val_max_restart = atoi($2);
1901 if(!cfg_parser->cfg->val_max_restart)
1902 yyerror("number expected");
1903 }
1904 free($2);
1905 }
1906 ;
18161907 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
18171908 {
18181909 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
18541945 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
18551946 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
18561947 yyerror("expected yes or no.");
1857 else cfg_parser->cfg->val_clean_additional =
1948 else cfg_parser->cfg->val_clean_additional =
18581949 (strcmp($2, "yes")==0);
18591950 free($2);
18601951 }
18641955 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
18651956 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
18661957 yyerror("expected yes or no.");
1867 else cfg_parser->cfg->val_permissive_mode =
1958 else cfg_parser->cfg->val_permissive_mode =
18681959 (strcmp($2, "yes")==0);
18691960 free($2);
18701961 }
19852076 cfg_parser->cfg->val_nsec3_key_iterations = $2;
19862077 }
19872078 ;
2079 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2080 {
2081 OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2082 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2083 yyerror("expected yes or no.");
2084 else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2085 free($2);
2086 }
2087 ;
19882088 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
19892089 {
19902090 OUTYY(("P(server_add_holddown:%s)\n", $2));
20322132 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
20332133 {
20342134 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2035 if(atoi($2) == 0)
2036 yyerror("number expected");
2037 else {
2135 if(atoi($2) == 0) {
2136 yyerror("number expected");
2137 } else {
20382138 cfg_parser->cfg->key_cache_slabs = atoi($2);
20392139 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
20402140 yyerror("must be a power of 2");
20892189 free($3);
20902190 #endif
20912191 } else {
2092 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2192 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
20932193 $2, $3))
20942194 fatal_exit("out of memory adding local-zone");
20952195 }
22972397 }
22982398 }
22992399 ;
2300 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2301 {
2302 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2400 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2401 {
2402 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
23032403 if(atoi($2) == 0 && strcmp($2, "0") != 0)
23042404 yyerror("number expected");
23052405 else cfg_parser->cfg->ip_ratelimit = atoi($2);
23062406 free($2);
23072407 }
23082408 ;
2309
2310 server_ratelimit: VAR_RATELIMIT STRING_ARG
2311 {
2312 OUTYY(("P(server_ratelimit:%s)\n", $2));
2409 server_ratelimit: VAR_RATELIMIT STRING_ARG
2410 {
2411 OUTYY(("P(server_ratelimit:%s)\n", $2));
23132412 if(atoi($2) == 0 && strcmp($2, "0") != 0)
23142413 yyerror("number expected");
23152414 else cfg_parser->cfg->ratelimit = atoi($2);
23172416 }
23182417 ;
23192418 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2320 {
2321 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2322 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2323 yyerror("memory size expected");
2324 free($2);
2325 }
2326 ;
2419 {
2420 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2421 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2422 yyerror("memory size expected");
2423 free($2);
2424 }
2425 ;
23272426 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
23282427 {
23292428 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
23332432 }
23342433 ;
23352434 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2336 {
2337 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2338 if(atoi($2) == 0)
2339 yyerror("number expected");
2340 else {
2341 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2342 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2343 yyerror("must be a power of 2");
2344 }
2345 free($2);
2346 }
2347 ;
2435 {
2436 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2437 if(atoi($2) == 0) {
2438 yyerror("number expected");
2439 } else {
2440 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2441 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2442 yyerror("must be a power of 2");
2443 }
2444 free($2);
2445 }
2446 ;
23482447 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
23492448 {
23502449 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2351 if(atoi($2) == 0)
2352 yyerror("number expected");
2353 else {
2450 if(atoi($2) == 0) {
2451 yyerror("number expected");
2452 } else {
23542453 cfg_parser->cfg->ratelimit_slabs = atoi($2);
23552454 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
23562455 yyerror("must be a power of 2");
23882487 }
23892488 }
23902489 ;
2391 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2392 {
2393 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2394 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2395 yyerror("number expected");
2396 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2397 free($2);
2398 }
2399 ;
2400 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2401 {
2402 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2490 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2491 {
2492 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2493 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2494 yyerror("number expected");
2495 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2496 free($2);
2497 }
2498 ;
2499 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2500 {
2501 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
24032502 if(atoi($2) == 0 && strcmp($2, "0") != 0)
24042503 yyerror("number expected");
24052504 else cfg_parser->cfg->ratelimit_factor = atoi($2);
24062505 free($2);
24072506 }
24082507 ;
2409 server_low_rtt: VAR_LOW_RTT STRING_ARG
2410 {
2508 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2509 {
2510 OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2511 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2512 yyerror("expected yes or no.");
2513 else cfg_parser->cfg->ip_ratelimit_backoff =
2514 (strcmp($2, "yes")==0);
2515 free($2);
2516 }
2517 ;
2518 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2519 {
2520 OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2521 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2522 yyerror("expected yes or no.");
2523 else cfg_parser->cfg->ratelimit_backoff =
2524 (strcmp($2, "yes")==0);
2525 free($2);
2526 }
2527 ;
2528 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2529 {
2530 OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2531 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2532 yyerror("number expected");
2533 else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2534 free($2);
2535 }
2536 ;
2537 server_low_rtt: VAR_LOW_RTT STRING_ARG
2538 {
24112539 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
24122540 free($2);
24132541 }
24142542 ;
2415 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2416 {
2417 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2543 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2544 {
2545 OUTYY(("P(server_fast_server_num:%s)\n", $2));
24182546 if(atoi($2) <= 0)
24192547 yyerror("number expected");
24202548 else cfg_parser->cfg->fast_server_num = atoi($2);
24212549 free($2);
24222550 }
24232551 ;
2424 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2425 {
2426 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2552 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2553 {
2554 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
24272555 if(atoi($2) == 0 && strcmp($2, "0") != 0)
24282556 yyerror("number expected");
24292557 else cfg_parser->cfg->fast_server_permil = atoi($2);
24352563 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
24362564 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
24372565 yyerror("expected yes or no.");
2438 else cfg_parser->cfg->qname_minimisation =
2566 else cfg_parser->cfg->qname_minimisation =
24392567 (strcmp($2, "yes")==0);
24402568 free($2);
24412569 }
24452573 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
24462574 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
24472575 yyerror("expected yes or no.");
2448 else cfg_parser->cfg->qname_minimisation_strict =
2576 else cfg_parser->cfg->qname_minimisation_strict =
24492577 (strcmp($2, "yes")==0);
24502578 free($2);
24512579 }
26342762 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
26352763 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
26362764 yyerror("expected yes or no.");
2637 else cfg_parser->cfg->stubs->ssl_upstream =
2638 (strcmp($2, "yes")==0);
2639 free($2);
2640 }
2641 ;
2765 else cfg_parser->cfg->stubs->ssl_upstream =
2766 (strcmp($2, "yes")==0);
2767 free($2);
2768 }
2769 ;
2770 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
2771 {
2772 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
2773 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2774 yyerror("expected yes or no.");
2775 else cfg_parser->cfg->stubs->tcp_upstream =
2776 (strcmp($2, "yes")==0);
2777 free($2);
2778 }
2779 ;
26422780 stub_prime: VAR_STUB_PRIME STRING_ARG
26432781 {
26442782 OUTYY(("P(stub-prime:%s)\n", $2));
26452783 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
26462784 yyerror("expected yes or no.");
2647 else cfg_parser->cfg->stubs->isprime =
2785 else cfg_parser->cfg->stubs->isprime =
26482786 (strcmp($2, "yes")==0);
26492787 free($2);
26502788 }
26962834 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
26972835 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
26982836 yyerror("expected yes or no.");
2699 else cfg_parser->cfg->forwards->ssl_upstream =
2700 (strcmp($2, "yes")==0);
2701 free($2);
2702 }
2703 ;
2837 else cfg_parser->cfg->forwards->ssl_upstream =
2838 (strcmp($2, "yes")==0);
2839 free($2);
2840 }
2841 ;
2842 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
2843 {
2844 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
2845 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2846 yyerror("expected yes or no.");
2847 else cfg_parser->cfg->forwards->tcp_upstream =
2848 (strcmp($2, "yes")==0);
2849 free($2);
2850 }
2851 ;
27042852 auth_name: VAR_NAME STRING_ARG
27052853 {
27062854 OUTYY(("P(name:%s)\n", $2));
27382886 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
27392887 $2))
27402888 yyerror("out of memory");
2889 }
2890 ;
2891 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
2892 {
2893 OUTYY(("P(zonemd-check:%s)\n", $2));
2894 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2895 yyerror("expected yes or no.");
2896 else cfg_parser->cfg->auths->zonemd_check =
2897 (strcmp($2, "yes")==0);
2898 free($2);
2899 }
2900 ;
2901 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
2902 {
2903 OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
2904 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2905 yyerror("expected yes or no.");
2906 else cfg_parser->cfg->auths->zonemd_reject_absence =
2907 (strcmp($2, "yes")==0);
2908 free($2);
27412909 }
27422910 ;
27432911 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
27902958 && strcmp($3, "always_transparent")!=0
27912959 && strcmp($3, "always_refuse")!=0
27922960 && strcmp($3, "always_nxdomain")!=0
2961 && strcmp($3, "always_nodata")!=0
2962 && strcmp($3, "always_deny")!=0
2963 && strcmp($3, "always_null")!=0
27932964 && strcmp($3, "noview")!=0
2794 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) {
2965 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2966 && strcmp($3, "inform_redirect") != 0
2967 && strcmp($3, "ipset") != 0) {
27952968 yyerror("local-zone type: expected static, deny, "
27962969 "refuse, redirect, transparent, "
27972970 "typetransparent, inform, inform_deny, "
2798 "always_transparent, always_refuse, "
2799 "always_nxdomain, noview or nodefault");
2971 "inform_redirect, always_transparent, "
2972 "always_refuse, always_nxdomain, "
2973 "always_nodata, always_deny, always_null, "
2974 "noview, nodefault or ipset");
28002975 free($2);
28012976 free($3);
28022977 } else if(strcmp($3, "nodefault")==0) {
28132988 #endif
28142989 } else {
28152990 if(!cfg_str2list_insert(
2816 &cfg_parser->cfg->views->local_zones,
2991 &cfg_parser->cfg->views->local_zones,
28172992 $2, $3))
28182993 fatal_exit("out of memory adding local-zone");
28192994 }
28703045 }
28713046 ;
28723047 rcstart: VAR_REMOTE_CONTROL
2873 {
2874 OUTYY(("\nP(remote-control:)\n"));
2875 }
2876 ;
2877 contents_rc: contents_rc content_rc
3048 {
3049 OUTYY(("\nP(remote-control:)\n"));
3050 }
3051 ;
3052 contents_rc: contents_rc content_rc
28783053 | ;
28793054 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
28803055 rc_server_key_file | rc_server_cert_file | rc_control_key_file |
28853060 OUTYY(("P(control_enable:%s)\n", $2));
28863061 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
28873062 yyerror("expected yes or no.");
2888 else cfg_parser->cfg->remote_control_enable =
3063 else cfg_parser->cfg->remote_control_enable =
28893064 (strcmp($2, "yes")==0);
28903065 free($2);
28913066 }
31243299 }
31253300 ;
31263301 pythonstart: VAR_PYTHON
3127 {
3128 OUTYY(("\nP(python:)\n"));
3302 {
3303 OUTYY(("\nP(python:)\n"));
31293304 }
31303305 ;
31313306 contents_py: contents_py content_py
32563431 ;
32573432 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
32583433 {
3259 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3260 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3261 yyerror("memory size expected");
3262 free($2);
3434 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3435 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3436 yyerror("memory size expected");
3437 free($2);
32633438 }
32643439 ;
32653440 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
32663441 {
3267 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3268 if(atoi($2) == 0)
3269 yyerror("number expected");
3270 else {
3271 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3272 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3273 yyerror("must be a power of 2");
3274 }
3275 free($2);
3442 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3443 if(atoi($2) == 0) {
3444 yyerror("number expected");
3445 } else {
3446 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3447 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3448 yyerror("must be a power of 2");
3449 }
3450 free($2);
32763451 }
32773452 ;
32783453 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
32793454 {
3280 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3281 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3282 yyerror("memory size expected");
3283 free($2);
3455 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3456 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3457 yyerror("memory size expected");
3458 free($2);
32843459 }
32853460 ;
32863461 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
32873462 {
3288 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3289 if(atoi($2) == 0)
3290 yyerror("number expected");
3291 else {
3292 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3293 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3294 yyerror("must be a power of 2");
3295 }
3296 free($2);
3463 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3464 if(atoi($2) == 0) {
3465 yyerror("number expected");
3466 } else {
3467 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3468 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3469 yyerror("must be a power of 2");
3470 }
3471 free($2);
32973472 }
32983473 ;
32993474 cachedbstart: VAR_CACHEDB
+2
-2
util/data/dname.h less more
260260 * Snip off first label from a dname, returning the parent zone.
261261 * @param dname: from what to strip off. uncompressed wireformat.
262262 * @param len: length, adjusted to become less.
263 * @return stripped off, or "." if input was ".".
263 * return stripped off, or "." if input was ".".
264264 */
265265 void dname_remove_label(uint8_t** dname, size_t* len);
266266
270270 * @param len: length, adjusted to become less.
271271 * @param n: number of labels to strip off (from the left).
272272 * if 0, nothing happens.
273 * @return stripped off, or "." if input was ".".
273 * return stripped off, or "." if input was ".".
274274 */
275275 void dname_remove_labels(uint8_t** dname, size_t* len, int n);
276276
+16
-4
util/data/msgencode.c less more
795795 struct edns_option* opt;
796796 if(!edns || !edns->edns_present)
797797 return 0;
798 for(opt = edns->opt_list; opt; opt = opt->next) {
798 for(opt = edns->opt_list_inplace_cb_out; opt; opt = opt->next) {
799 rdatalen += 4 + opt->opt_len;
800 }
801 for(opt = edns->opt_list_out; opt; opt = opt->next) {
799802 rdatalen += 4 + opt->opt_len;
800803 }
801804 /* domain root '.' + type + class + ttl + rdatalen */
826829 rdatapos = sldns_buffer_position(pkt);
827830 sldns_buffer_write_u16(pkt, 0); /* rdatalen */
828831 /* write rdata */
829 for(opt=edns->opt_list; opt; opt=opt->next) {
832 for(opt=edns->opt_list_inplace_cb_out; opt; opt=opt->next) {
833 if (opt->opt_code == LDNS_EDNS_PADDING) {
834 padding_option = opt;
835 continue;
836 }
837 sldns_buffer_write_u16(pkt, opt->opt_code);
838 sldns_buffer_write_u16(pkt, opt->opt_len);
839 if(opt->opt_len != 0)
840 sldns_buffer_write(pkt, opt->opt_data, opt->opt_len);
841 }
842 for(opt=edns->opt_list_out; opt; opt=opt->next) {
830843 if (opt->opt_code == LDNS_EDNS_PADDING) {
831844 padding_option = opt;
832845 continue;
859872 sldns_buffer_skip(pkt, pad_sz);
860873 }
861874 }
862 if(edns->opt_list)
863 sldns_buffer_write_u16_at(pkt, rdatapos,
875 sldns_buffer_write_u16_at(pkt, rdatapos,
864876 sldns_buffer_position(pkt)-rdatapos-2);
865877 sldns_buffer_flip(pkt);
866878 }
+131
-23
util/data/msgparse.c less more
3636 * Routines for message parsing a packet buffer to a descriptive structure.
3737 */
3838 #include "config.h"
39 #include "util/config_file.h"
3940 #include "util/data/msgparse.h"
4041 #include "util/data/msgreply.h"
4142 #include "util/data/dname.h"
4243 #include "util/data/packed_rrset.h"
44 #include "util/netevent.h"
4345 #include "util/storage/lookup3.h"
4446 #include "util/regional.h"
4547 #include "sldns/rrdef.h"
937939 return 0;
938940 }
939941
942 static int
943 edns_opt_list_append_keepalive(struct edns_option** list, int msec,
944 struct regional* region)
945 {
946 uint8_t data[2]; /* For keepalive value */
947 data[0] = (uint8_t)((msec >> 8) & 0xff);
948 data[1] = (uint8_t)(msec & 0xff);
949 return edns_opt_list_append(list, LDNS_EDNS_KEEPALIVE, sizeof(data),
950 data, region);
951 }
952
940953 /** parse EDNS options from EDNS wireformat rdata */
941954 static int
942 parse_edns_options(uint8_t* rdata_ptr, size_t rdata_len,
943 struct edns_data* edns, struct regional* region)
944 {
955 parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len,
956 struct edns_data* edns, struct config_file* cfg, struct comm_point* c,
957 struct regional* region)
958 {
959 /* To respond with a Keepalive option, the client connection must have
960 * received one message with a TCP Keepalive EDNS option, and that
961 * option must have 0 length data. Subsequent messages sent on that
962 * connection will have a TCP Keepalive option.
963 *
964 * In the if-statement below, the option is added unsolicited. This
965 * means that the client has sent an KEEPALIVE option earlier. We know
966 * here this is true, because c->tcp_keepalive is set.
967 */
968 if (cfg && cfg->do_tcp_keepalive && c && c->type != comm_udp && c->tcp_keepalive) {
969 if(!edns_opt_list_append_keepalive(&edns->opt_list_out,
970 c->tcp_timeout_msec / 100, region)) {
971 log_err("out of memory");
972 return LDNS_RCODE_SERVFAIL;
973 }
974 }
975
945976 /* while still more options, and have code+len to read */
946977 /* ignores partial content (i.e. rdata len 3) */
947978 while(rdata_len >= 4) {
951982 rdata_len -= 4;
952983 if(opt_len > rdata_len)
953984 break; /* option code partial */
954 if(!edns_opt_append(edns, region, opt_code, opt_len,
955 rdata_ptr)) {
985
986 /* handle parse time edns options here */
987 switch(opt_code) {
988 case LDNS_EDNS_NSID:
989 if (!cfg || !cfg->nsid)
990 break;
991 if(!edns_opt_list_append(&edns->opt_list_out,
992 LDNS_EDNS_NSID, cfg->nsid_len,
993 cfg->nsid, region)) {
994 log_err("out of memory");
995 return LDNS_RCODE_SERVFAIL;
996 }
997 break;
998
999 case LDNS_EDNS_KEEPALIVE:
1000 /* To respond with a Keepalive option, the client
1001 * connection must have received one message with a TCP
1002 * Keepalive EDNS option, and that option must have 0
1003 * length data. Subsequent messages sent on that
1004 * connection will have a TCP Keepalive option.
1005 *
1006 * This should be the first time the client sends this
1007 * option, so c->tcp_keepalive is not set.
1008 * Besides adding the reply KEEPALIVE option,
1009 * c->tcp_keepalive will be set so that the
1010 * option will be added unsolicited in subsequent
1011 * responses (see the comment above the if-statement
1012 * at the start of this function).
1013 */
1014 if (!cfg || !cfg->do_tcp_keepalive || !c ||
1015 c->type == comm_udp || c->tcp_keepalive)
1016 break;
1017 if(opt_len) {
1018 verbose(VERB_ALGO, "query with bad edns keepalive.");
1019 return LDNS_RCODE_FORMERR;
1020 }
1021 if(!edns_opt_list_append_keepalive(&edns->opt_list_out,
1022 c->tcp_timeout_msec / 100,
1023 region)) {
1024 log_err("out of memory");
1025 return LDNS_RCODE_SERVFAIL;
1026 }
1027 c->tcp_keepalive = 1;
1028 break;
1029
1030 case LDNS_EDNS_PADDING:
1031 if(!cfg || !cfg->pad_responses ||
1032 !c || c->type != comm_tcp ||!c->ssl)
1033 break;
1034 if(!edns_opt_list_append(&edns->opt_list_out,
1035 LDNS_EDNS_PADDING,
1036 0, NULL, region)) {
1037 log_err("out of memory");
1038 return LDNS_RCODE_SERVFAIL;
1039 }
1040 edns->padding_block_size = cfg->pad_responses_block_size;
1041 break;
1042
1043 default:
1044 break;
1045 }
1046 if(!edns_opt_list_append(&edns->opt_list_in,
1047 opt_code, opt_len, rdata_ptr, region)) {
9561048 log_err("out of memory");
957 return 0;
1049 return LDNS_RCODE_SERVFAIL;
9581050 }
9591051 rdata_ptr += opt_len;
9601052 rdata_len -= opt_len;
9611053 }
962 return 1;
1054 return LDNS_RCODE_NOERROR;
9631055 }
9641056
9651057 int
966 parse_extract_edns(struct msg_parse* msg, struct edns_data* edns,
967 struct regional* region)
1058 parse_extract_edns_from_response_msg(struct msg_parse* msg,
1059 struct edns_data* edns, struct regional* region)
9681060 {
9691061 struct rrset_parse* rrset = msg->rrset_first;
9701062 struct rrset_parse* prev = 0;
10181110 edns->edns_version = found->rr_last->ttl_data[1];
10191111 edns->bits = sldns_read_uint16(&found->rr_last->ttl_data[2]);
10201112 edns->udp_size = ntohs(found->rrset_class);
1021 edns->opt_list = NULL;
1113 edns->opt_list_in = NULL;
1114 edns->opt_list_out = NULL;
1115 edns->opt_list_inplace_cb_out = NULL;
10221116 edns->padding_block_size = 0;
10231117
10241118 /* take the options */
10251119 rdata_len = found->rr_first->size-2;
10261120 rdata_ptr = found->rr_first->ttl_data+6;
1027 if(!parse_edns_options(rdata_ptr, rdata_len, edns, region))
1028 return 0;
1029
1121
1122 /* while still more options, and have code+len to read */
1123 /* ignores partial content (i.e. rdata len 3) */
1124 while(rdata_len >= 4) {
1125 uint16_t opt_code = sldns_read_uint16(rdata_ptr);
1126 uint16_t opt_len = sldns_read_uint16(rdata_ptr+2);
1127 rdata_ptr += 4;
1128 rdata_len -= 4;
1129 if(opt_len > rdata_len)
1130 break; /* option code partial */
1131
1132 if(!edns_opt_list_append(&edns->opt_list_in,
1133 opt_code, opt_len, rdata_ptr, region)) {
1134 log_err("out of memory");
1135 break;
1136 }
1137 rdata_ptr += opt_len;
1138 rdata_len -= opt_len;
1139 }
10301140 /* ignore rrsigs */
1031
1032 return 0;
1141 return LDNS_RCODE_NOERROR;
10331142 }
10341143
10351144 /** skip RR in packet */
10591168 }
10601169
10611170 int
1062 parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns,
1063 struct regional* region)
1171 parse_edns_from_query_pkt(sldns_buffer* pkt, struct edns_data* edns,
1172 struct config_file* cfg, struct comm_point* c, struct regional* region)
10641173 {
10651174 size_t rdata_len;
10661175 uint8_t* rdata_ptr;
10921201 edns->ext_rcode = sldns_buffer_read_u8(pkt); /* ttl used for bits */
10931202 edns->edns_version = sldns_buffer_read_u8(pkt);
10941203 edns->bits = sldns_buffer_read_u16(pkt);
1095 edns->opt_list = NULL;
1204 edns->opt_list_in = NULL;
1205 edns->opt_list_out = NULL;
1206 edns->opt_list_inplace_cb_out = NULL;
10961207 edns->padding_block_size = 0;
10971208
10981209 /* take the options */
11001211 if(sldns_buffer_remaining(pkt) < rdata_len)
11011212 return LDNS_RCODE_FORMERR;
11021213 rdata_ptr = sldns_buffer_current(pkt);
1103 if(!parse_edns_options(rdata_ptr, rdata_len, edns, region))
1104 return LDNS_RCODE_SERVFAIL;
1105
11061214 /* ignore rrsigs */
1107
1108 return 0;
1215 return parse_edns_options_from_query(rdata_ptr, rdata_len, edns, cfg,
1216 c, region);
11091217 }
11101218
11111219 void
+17
-6
util/data/msgparse.h less more
6969 struct rr_parse;
7070 struct regional;
7171 struct edns_option;
72 struct config_file;
73 struct comm_point;
7274
7375 /** number of buckets in parse rrset hash table. Must be power of 2. */
7476 #define PARSE_TABLE_SIZE 32
224226 uint16_t bits;
225227 /** UDP reassembly size. */
226228 uint16_t udp_size;
227 /** rdata element list, or NULL if none */
228 struct edns_option* opt_list;
229 /** rdata element list of options of an incoming packet created at
230 * parse time, or NULL if none */
231 struct edns_option* opt_list_in;
232 /** rdata element list of options to encode for outgoing packets,
233 * or NULL if none */
234 struct edns_option* opt_list_out;
235 /** rdata element list of outgoing edns options from modules
236 * or NULL if none */
237 struct edns_option* opt_list_inplace_cb_out;
229238 /** block size to pad */
230239 uint16_t padding_block_size;
231240 };
280289 * @return: 0 on success. or an RCODE on an error.
281290 * RCODE formerr if OPT in wrong section, and so on.
282291 */
283 int parse_extract_edns(struct msg_parse* msg, struct edns_data* edns,
284 struct regional* region);
292 int parse_extract_edns_from_response_msg(struct msg_parse* msg,
293 struct edns_data* edns, struct regional* region);
285294
286295 /**
287296 * If EDNS data follows a query section, extract it and initialize edns struct.
289298 * section. At end, right after EDNS data or no movement if failed.
290299 * @param edns: the edns data allocated by the caller. Does not have to be
291300 * initialised.
301 * @param cfg: the configuration (with nsid value etc.)
302 * @param c: commpoint to determine transport (if needed)
292303 * @param region: region to alloc results in (edns option contents)
293304 * @return: 0 on success, or an RCODE on error.
294305 * RCODE formerr if OPT is badly formatted and so on.
295306 */
296 int parse_edns_from_pkt(struct sldns_buffer* pkt, struct edns_data* edns,
297 struct regional* region);
307 int parse_edns_from_query_pkt(struct sldns_buffer* pkt, struct edns_data* edns,
308 struct config_file* cfg, struct comm_point* c, struct regional* region);
298309
299310 /**
300311 * Calculate hash value for rrset in packet.
+53
-38
util/data/msgreply.c less more
165165 return 1;
166166 }
167167
168 struct reply_info *
169 make_new_reply_info(const struct reply_info* rep, struct regional* region,
170 size_t an_numrrsets, size_t copy_rrsets)
171 {
172 struct reply_info* new_rep;
173 size_t i;
174
175 /* create a base struct. we specify 'insecure' security status as
176 * the modified response won't be DNSSEC-valid. In our faked response
177 * the authority and additional sections will be empty (except possible
178 * EDNS0 OPT RR in the additional section appended on sending it out),
179 * so the total number of RRsets is an_numrrsets. */
180 new_rep = construct_reply_info_base(region, rep->flags,
181 rep->qdcount, rep->ttl, rep->prefetch_ttl,
182 rep->serve_expired_ttl, an_numrrsets, 0, 0, an_numrrsets,
183 sec_status_insecure);
184 if(!new_rep)
185 return NULL;
186 if(!reply_info_alloc_rrset_keys(new_rep, NULL, region))
187 return NULL;
188 for(i=0; i<copy_rrsets; i++)
189 new_rep->rrsets[i] = rep->rrsets[i];
190
191 return new_rep;
192 }
193
168194 /** find the minimumttl in the rdata of SOA record */
169195 static time_t
170196 soa_find_minttl(struct rr_parse* rr)
195221 * minimum-ttl in the rdata of the SOA record */
196222 if(*rr_ttl > soa_find_minttl(rr))
197223 *rr_ttl = soa_find_minttl(rr);
198 if(*rr_ttl > MAX_NEG_TTL)
199 *rr_ttl = MAX_NEG_TTL;
200224 }
201225 if(!SERVE_ORIGINAL_TTL && (*rr_ttl < MIN_TTL))
202226 *rr_ttl = MIN_TTL;
203227 if(!SERVE_ORIGINAL_TTL && (*rr_ttl > MAX_TTL))
204228 *rr_ttl = MAX_TTL;
229 if(type == LDNS_RR_TYPE_SOA && section == LDNS_SECTION_AUTHORITY) {
230 /* max neg ttl overrides the min and max ttl of everything
231 * else, it is for a more specific record */
232 if(*rr_ttl > MAX_NEG_TTL)
233 *rr_ttl = MAX_NEG_TTL;
234 }
205235 if(*rr_ttl < data->ttl)
206236 data->ttl = *rr_ttl;
207237
328358 return 0;
329359 /* copy & decompress */
330360 if(!parse_rr_copy(pkt, pset, *data)) {
331 if(!region) free(*data);
361 if(!region) {
362 free(*data);
363 *data = NULL;
364 }
332365 return 0;
333366 }
334367 return 1;
393426 pk->rk.type = htons(pset->type);
394427 pk->rk.rrset_class = pset->rrset_class;
395428 /** read data part. */
396 if(!parse_create_rrset(pkt, pset, &data, region))
397 return 0;
429 if(!parse_create_rrset(pkt, pset, &data, region)) {
430 if(!region) {
431 free(pk->rk.dname);
432 pk->rk.dname = NULL;
433 }
434 return 0;
435 }
398436 pk->entry.data = (void*)data;
399437 pk->entry.key = (void*)pk;
400438 pk->entry.hash = pset->hash;
479517 if((ret = parse_packet(pkt, msg, region)) != 0) {
480518 return ret;
481519 }
482 if((ret = parse_extract_edns(msg, edns, region)) != 0)
520 if((ret = parse_extract_edns_from_response_msg(msg, edns, region)) != 0)
483521 return ret;
484522
485523 /* parse OK, allocate return structures */
486524 /* this also performs dname decompression */
487525 if(!parse_create_msg(pkt, msg, alloc, qinf, rep, NULL)) {
488526 query_info_clear(qinf);
489 reply_info_parsedelete(*rep, alloc);
490527 *rep = NULL;
491528 return LDNS_RCODE_SERVFAIL;
492529 }
824861 /* not particularly fast but flexible, make wireformat and print */
825862 sldns_buffer* buf = sldns_buffer_new(65535);
826863 struct regional* region = regional_create();
827 if(!reply_info_encode(qinfo, rep, 0, rep->flags, buf, 0,
864 if(!(buf && region)) {
865 log_err("%s: log_dns_msg: out of memory", str);
866 sldns_buffer_free(buf);
867 regional_destroy(region);
868 return;
869 }
870 if(!reply_info_encode(qinfo, rep, 0, rep->flags, buf, 0,
828871 region, 65535, 1, 0)) {
829 log_info("%s: log_dns_msg: out of memory", str);
872 log_err("%s: log_dns_msg: out of memory", str);
830873 } else {
831874 char* s = sldns_wire2str_pkt(sldns_buffer_begin(buf),
832875 sldns_buffer_limit(buf));
945988 return rep;
946989 }
947990
948 int edns_opt_append(struct edns_data* edns, struct regional* region,
949 uint16_t code, size_t len, uint8_t* data)
950 {
951 struct edns_option** prevp;
952 struct edns_option* opt;
953
954 /* allocate new element */
955 opt = (struct edns_option*)regional_alloc(region, sizeof(*opt));
956 if(!opt)
957 return 0;
958 opt->next = NULL;
959 opt->opt_code = code;
960 opt->opt_len = len;
961 opt->opt_data = NULL;
962 if(len > 0) {
963 opt->opt_data = regional_alloc_init(region, data, len);
964 if(!opt->opt_data)
965 return 0;
966 }
967
968 /* append at end of list */
969 prevp = &edns->opt_list;
970 while(*prevp != NULL)
971 prevp = &((*prevp)->next);
972 *prevp = opt;
973 return 1;
974 }
975
976991 int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len,
977992 uint8_t* data, struct regional* region)
978993 {
10531068 (void)(*(inplace_cb_reply_func_type*)cb->cb)(qinfo, qstate, rep,
10541069 rcode, edns, &opt_list_out, repinfo, region, start_time, cb->id, cb->cb_arg);
10551070 }
1056 edns->opt_list = opt_list_out;
1071 edns->opt_list_inplace_cb_out = opt_list_out;
10571072 return 1;
10581073 }
10591074
+15
-12
util/data/msgreply.h less more
381381 int reply_info_alloc_rrset_keys(struct reply_info* rep,
382382 struct alloc_cache* alloc, struct regional* region);
383383
384 /*
385 * Create a new reply_info based on 'rep'. The new info is based on
386 * the passed 'rep', but ignores any rrsets except for the first 'an_numrrsets'
387 * RRsets in the answer section. These answer rrsets are copied to the
388 * new info, up to 'copy_rrsets' rrsets (which must not be larger than
389 * 'an_numrrsets'). If an_numrrsets > copy_rrsets, the remaining rrsets array
390 * entries will be kept empty so the caller can fill them later. When rrsets
391 * are copied, they are shallow copied. The caller must ensure that the
392 * copied rrsets are valid throughout its lifetime and must provide appropriate
393 * mutex if it can be shared by multiple threads.
394 */
395 struct reply_info *
396 make_new_reply_info(const struct reply_info* rep, struct regional* region,
397 size_t an_numrrsets, size_t copy_rrsets);
398
384399 /**
385400 * Copy a parsed rrset into given key, decompressing and allocating rdata.
386401 * @param pkt: packet for decompression
501516 */
502517 void log_query_info(enum verbosity_value v, const char* str,
503518 struct query_info* qinf);
504
505 /**
506 * Append edns option to edns data structure
507 * @param edns: the edns data structure to append the edns option to.
508 * @param region: region to allocate the new edns option.
509 * @param code: the edns option's code.
510 * @param len: the edns option's length.
511 * @param data: the edns option's data.
512 * @return false on failure.
513 */
514 int edns_opt_append(struct edns_data* edns, struct regional* region,
515 uint16_t code, size_t len, uint8_t* data);
516519
517520 /**
518521 * Append edns option to edns option list
+8
-0
util/data/packed_rrset.h less more
6060 * updated on encoding in a reply. This flag is not expected to be set in
6161 * cached data. */
6262 #define PACKED_RRSET_FIXEDTTL 0x80000000
63 /** This rrset is from RPZ. It is not real, it is synthesized data to block
64 * access. The flag makes lookups, from cache in iterator, ignore the fake
65 * items and only use actual data. Eg. when the iterator looksup NS, CNAME,
66 * A and AAAA types, it then gets items without this flag that are the
67 * actual network. But messages with these records in it can be stored in
68 * the cache and retrieved for a reply. */
69 #define PACKED_RRSET_RPZ 0x8
6370
6471 /** number of rrs and rrsets for integer overflow protection. More than
6572 * this is not really possible (64K packet has much less RRs and RRsets) in
8794 * o PACKED_RRSET_PARENT_SIDE
8895 * o PACKED_RRSET_SOA_NEG
8996 * o PACKED_RRSET_FIXEDTTL (not supposed to be cached)
97 * o PACKED_RRSET_RPZ
9098 */
9199 uint32_t flags;
92100 /** the rrset type in network format */
+0
-50
util/edns.c less more
127127 return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen);
128128 }
129129
130 static int edns_keepalive(struct edns_data* edns_out, struct edns_data* edns_in,
131 struct comm_point* c, struct regional* region)
132 {
133 if(c->type == comm_udp)
134 return 1;
135
136 /* To respond with a Keepalive option, the client connection
137 * must have received one message with a TCP Keepalive EDNS option,
138 * and that option must have 0 length data. Subsequent messages
139 * sent on that connection will have a TCP Keepalive option.
140 */
141 if(c->tcp_keepalive ||
142 edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_KEEPALIVE)) {
143 int keepalive = c->tcp_timeout_msec / 100;
144 uint8_t data[2];
145 data[0] = (uint8_t)((keepalive >> 8) & 0xff);
146 data[1] = (uint8_t)(keepalive & 0xff);
147 if(!edns_opt_list_append(&edns_out->opt_list, LDNS_EDNS_KEEPALIVE,
148 sizeof(data), data, region))
149 return 0;
150 c->tcp_keepalive = 1;
151 }
152 return 1;
153 }
154
155 int apply_edns_options(struct edns_data* edns_out, struct edns_data* edns_in,
156 struct config_file* cfg, struct comm_point* c, struct regional* region)
157 {
158 if(cfg->do_tcp_keepalive &&
159 !edns_keepalive(edns_out, edns_in, c, region))
160 return 0;
161
162 if (cfg->nsid && edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_NSID)
163 && !edns_opt_list_append(&edns_out->opt_list,
164 LDNS_EDNS_NSID, cfg->nsid_len, cfg->nsid, region))
165 return 0;
166
167 if(!cfg->pad_responses || c->type != comm_tcp || !c->ssl
168 || !edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_PADDING)) {
169 ; /* pass */
170 }
171
172 else if(!edns_opt_list_append(&edns_out->opt_list, LDNS_EDNS_PADDING
173 , 0, NULL, region))
174 return 0;
175 else
176 edns_out->padding_block_size = cfg->pad_responses_block_size;
177
178 return 1;
179 }
+0
-12
util/edns.h less more
105105 edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
106106 socklen_t addrlen);
107107
108 /**
109 * Apply common EDNS options.
110 *
111 * @param edns_out: initialised edns information with outbound edns.
112 * @param edns_in: initialised edns information with received edns.
113 * @param cfg: configuration.
114 * @param c: comm channel.
115 * @param region: the region to allocate the edns options in.
116 */
117 int apply_edns_options(struct edns_data* edns_out, struct edns_data* edns_in,
118 struct config_file* cfg, struct comm_point* c, struct regional* region);
119
120108 #endif
+6
-7
util/fptr_wlist.c less more
137137 else if(fptr == &auth_xfer_probe_timer_callback) return 1;
138138 else if(fptr == &auth_xfer_transfer_timer_callback) return 1;
139139 else if(fptr == &mesh_serve_expired_callback) return 1;
140 else if(fptr == &serviced_timer_cb) return 1;
140141 #ifdef USE_DNSTAP
141142 else if(fptr == &mq_wakeup_cb) return 1;
142143 #endif
195196 fptr_whitelist_pending_udp(comm_point_callback_type *fptr)
196197 {
197198 if(fptr == &serviced_udp_callback) return 1;
198 else if(fptr == &worker_handle_reply) return 1;
199 else if(fptr == &libworker_handle_reply) return 1;
200199 return 0;
201200 }
202201
204203 fptr_whitelist_pending_tcp(comm_point_callback_type *fptr)
205204 {
206205 if(fptr == &serviced_tcp_callback) return 1;
207 else if(fptr == &worker_handle_reply) return 1;
208 else if(fptr == &libworker_handle_reply) return 1;
209206 return 0;
210207 }
211208
337334 int
338335 fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)(
339336 struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec,
340 int nocaps, struct sockaddr_storage* addr, socklen_t addrlen,
341 uint8_t* zone, size_t zonelen, int ssl_upstream, char* tls_auth_name,
342 struct module_qstate* q))
337 int nocaps, int check_ratelimit, struct sockaddr_storage* addr,
338 socklen_t addrlen, uint8_t* zone, size_t zonelen, int tcp_upstream,
339 int ssl_upstream, char* tls_auth_name, struct module_qstate* q,
340 int* was_ratelimited))
343341 {
344342 if(fptr == &worker_send_query) return 1;
345343 else if(fptr == &libworker_send_query) return 1;
582580 else if(fptr == &probe_answer_cb) return 1;
583581 else if(fptr == &auth_xfer_probe_lookup_callback) return 1;
584582 else if(fptr == &auth_xfer_transfer_lookup_callback) return 1;
583 else if(fptr == &auth_zonemd_dnskey_lookup_callback) return 1;
585584 return 0;
586585 }
587586
+4
-3
util/fptr_wlist.h less more
210210 */
211211 int fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)(
212212 struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec,
213 int nocaps, struct sockaddr_storage* addr, socklen_t addrlen,
214 uint8_t* zone, size_t zonelen, int ssl_upstream, char* tls_auth_name,
215 struct module_qstate* q));
213 int nocaps, int check_ratelimit, struct sockaddr_storage* addr,
214 socklen_t addrlen, uint8_t* zone, size_t zonelen, int tcp_upstream,
215 int ssl_upstream, char* tls_auth_name, struct module_qstate* q,
216 int* was_ratelimited));
216217
217218 /**
218219 * Check function pointer whitelist for module_env detach_subs callback values.
+5
-3
util/iana_ports.inc less more
117117 140,
118118 141,
119119 142,
120 143,
121120 144,
122121 145,
123122 146,
678677 990,
679678 991,
680679 992,
681 993,
682680 995,
683681 996,
684682 997,
25002498 2870,
25012499 2871,
25022500 2872,
2501 2873,
25032502 2874,
25042503 2875,
25052504 2876,
37843783 4308,
37853784 4309,
37863785 4310,
3786 4319,
37873787 4320,
37883788 4321,
37893789 4322,
40544054 5026,
40554055 5027,
40564056 5029,
4057 5030,
40584057 5031,
40594058 5042,
40604059 5043,
42454244 5504,
42464245 5505,
42474246 5506,
4247 5540,
42484248 5553,
42494249 5554,
42504250 5555,
47374737 8006,
47384738 8007,
47394739 8008,
4740 8017,
47404741 8019,
47414742 8020,
47424743 8021,
53775378 30999,
53785379 31016,
53795380 31029,
5381 31337,
53805382 31416,
53815383 31457,
53825384 31620,
+9
-0
util/mini_event.c less more
336336 FD_CLR(FD_SET_T ev->ev_fd, &ev->ev_base->writes);
337337 FD_CLR(FD_SET_T ev->ev_fd, &ev->ev_base->ready);
338338 FD_CLR(FD_SET_T ev->ev_fd, &ev->ev_base->content);
339 if(ev->ev_fd == ev->ev_base->maxfd) {
340 int i = ev->ev_base->maxfd - 1;
341 for (; i > 3; i--) {
342 if (NULL != ev->ev_base->fds[i]) {
343 break;
344 }
345 }
346 ev->ev_base->maxfd = i;
347 }
339348 }
340349 ev->added = 0;
341350 return 0;
+8
-3
util/module.h less more
349349 * EDNS, the answer is likely to be useless for this domain.
350350 * @param nocaps: do not use caps_for_id, use the qname as given.
351351 * (ignored if caps_for_id is disabled).
352 * @param check_ratelimit: if set, will check ratelimit before sending out.
352353 * @param addr: where to.
353354 * @param addrlen: length of addr.
354355 * @param zone: delegation point name.
355356 * @param zonelen: length of zone name.
357 * @param tcp_upstream: use TCP for upstream queries.
356358 * @param ssl_upstream: use SSL for upstream queries.
357359 * @param tls_auth_name: if ssl_upstream, use this name with TLS
358360 * authentication.
359 * @param q: wich query state to reactivate upon return.
361 * @param q: which query state to reactivate upon return.
362 * @param was_ratelimited: it will signal back if the query failed to pass the
363 * ratelimit check.
360364 * @return: false on failure (memory or socket related). no query was
361365 * sent. Or returns an outbound entry with qsent and qstate set.
362366 * This outbound_entry will be used on later module invocations
364368 */
365369 struct outbound_entry* (*send_query)(struct query_info* qinfo,
366370 uint16_t flags, int dnssec, int want_dnssec, int nocaps,
371 int check_ratelimit,
367372 struct sockaddr_storage* addr, socklen_t addrlen,
368 uint8_t* zone, size_t zonelen, int ssl_upstream,
369 char* tls_auth_name, struct module_qstate* q);
373 uint8_t* zone, size_t zonelen, int tcp_upstream, int ssl_upstream,
374 char* tls_auth_name, struct module_qstate* q, int* was_ratelimited);
370375
371376 /**
372377 * Detach-subqueries.
+63
-5
util/net_help.c less more
3737 */
3838
3939 #include "config.h"
40 #ifdef HAVE_SYS_TYPES_H
41 # include <sys/types.h>
42 #endif
43 #ifdef HAVE_NET_IF_H
44 #include <net/if.h>
45 #endif
46 #ifdef HAVE_NETIOAPI_H
47 #include <netioapi.h>
48 #endif
4049 #include "util/net_help.h"
4150 #include "util/log.h"
4251 #include "util/data/dname.h"
4554 #include "util/config_file.h"
4655 #include "sldns/parseutil.h"
4756 #include "sldns/wire2str.h"
57 #include "sldns/str2wire.h"
4858 #include <fcntl.h>
4959 #ifdef HAVE_OPENSSL_SSL_H
5060 #include <openssl/ssl.h>
265275 return 0;
266276 (void)strlcpy(buf, ip, sizeof(buf));
267277 buf[s-ip]=0;
268 sa->sin6_scope_id = (uint32_t)atoi(s+1);
278 #ifdef HAVE_IF_NAMETOINDEX
279 if (!(sa->sin6_scope_id = if_nametoindex(s+1)))
280 #endif /* HAVE_IF_NAMETOINDEX */
281 sa->sin6_scope_id = (uint32_t)atoi(s+1);
269282 ip = buf;
270283 }
271284 if(inet_pton((int)sa->sin6_family, ip, &sa->sin6_addr) <= 0) {
464477 }
465478 *auth_name = NULL;
466479 return ipstrtoaddr(str, port, addr, addrlen);
480 }
481
482 uint8_t* authextstrtodname(char* str, int* port, char** auth_name)
483 {
484 char* s;
485 uint8_t* dname;
486 size_t dname_len;
487 *port = UNBOUND_DNS_PORT;
488 *auth_name = NULL;
489 if((s=strchr(str, '@'))) {
490 char* hash = strchr(s+1, '#');
491 if(hash) {
492 *auth_name = hash+1;
493 } else {
494 *auth_name = NULL;
495 }
496 *port = atoi(s+1);
497 if(*port == 0) {
498 if(!hash && strcmp(s+1,"0")!=0)
499 return 0;
500 if(hash && strncmp(s+1,"0#",2)!=0)
501 return 0;
502 }
503 *s = 0;
504 dname = sldns_str2wire_dname(str, &dname_len);
505 *s = '@';
506 } else if((s=strchr(str, '#'))) {
507 *port = UNBOUND_DNS_OVER_TLS_PORT;
508 *auth_name = s+1;
509 *s = 0;
510 dname = sldns_str2wire_dname(str, &dname_len);
511 *s = '#';
512 } else {
513 dname = sldns_str2wire_dname(str, &dname_len);
514 }
515 return dname;
467516 }
468517
469518 /** store port number into sockaddr structure */
880929 BIO_write(bio, &nul, (int)sizeof(nul));
881930 len = BIO_get_mem_data(bio, &pp);
882931 if(len != 0 && pp) {
932 /* reduce size of cert printout */
933 char* s;
934 while((s=strstr(pp, " "))!=NULL)
935 memmove(s, s+1, strlen(s+1)+1);
936 while((s=strstr(pp, "\t\t"))!=NULL)
937 memmove(s, s+1, strlen(s+1)+1);
883938 verbose(level, "%s: \n%s", str, pp);
884939 }
885940 BIO_free(bio);
886941 }
887942 #endif /* HAVE_SSL */
888943
889 #if defined(HAVE_SSL) && defined(HAVE_NGHTTP2)
944 #if defined(HAVE_SSL) && defined(HAVE_NGHTTP2) && defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
890945 static int alpn_select_cb(SSL* ATTR_UNUSED(ssl), const unsigned char** out,
891946 unsigned char* outlen, const unsigned char* in, unsigned int inlen,
892947 void* ATTR_UNUSED(arg))
944999 }
9451000 #endif
9461001 #if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA)
1002 /* if we detect system-wide crypto policies, use those */
1003 if (access( "/etc/crypto-policies/config", F_OK ) != 0 ) {
9471004 /* if we have sha256, set the cipher list to have no known vulns */
948 if(!SSL_CTX_set_cipher_list(ctx, "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
949 log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
1005 if(!SSL_CTX_set_cipher_list(ctx, "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
1006 log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
1007 }
9501008 #endif
9511009
9521010 if((SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE) &
11711229 if((SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION) &
11721230 SSL_OP_NO_RENEGOTIATION) != SSL_OP_NO_RENEGOTIATION) {
11731231 log_crypto_err("could not set SSL_OP_NO_RENEGOTIATION");
1232 SSL_CTX_free(ctx);
11741233 return 0;
11751234 }
11761235 #endif
16081667 {
16091668 closesocket(socket);
16101669 }
1611
16121670 # endif /* USE_WINSOCK */
+20
-5
util/net_help.h less more
4141 #ifndef NET_HELP_H
4242 #define NET_HELP_H
4343 #include "util/log.h"
44 #include "util/random.h"
4445 struct sock_list;
4546 struct regional;
4647 struct config_strlist;
7576
7677 /** timeout in milliseconds for UDP queries to auth servers. */
7778 #define UDP_AUTH_QUERY_TIMEOUT 3000
78 /** timeout in milliseconds for TCP queries to auth servers. */
79 #define TCP_AUTH_QUERY_TIMEOUT 3000
8079 /** Advertised version of EDNS capabilities */
8180 #define EDNS_ADVERTISED_VERSION 0
8281 /** Advertised size of EDNS capabilities */
9392 /** DNSKEY secure entry point, KSK flag */
9493 #define DNSKEY_BIT_SEP 0x0001
9594
95 /** return a random 16-bit number given a random source */
96 #define GET_RANDOM_ID(rnd) (((unsigned)ub_random(rnd)>>8) & 0xffff)
97
9698 /** minimal responses when positive answer */
9799 extern int MINIMAL_RESPONSES;
98100
207209 /**
208210 * Convert address string, with "@port" appendix, to sockaddr.
209211 * It can also have an "#tls-auth-name" appendix (after the port).
210 * The returned tls-auth-name string is a pointer into the input string.
211 * Uses DNS port by default.
212 * The returned auth_name string is a pointer into the input string.
213 * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured.
212214 * @param str: the string
213215 * @param addr: where to store sockaddr.
214216 * @param addrlen: length of stored sockaddr is returned.
215217 * @param auth_name: returned pointer to tls_auth_name, or NULL if none.
216218 * @return 0 on error.
217219 */
218 int authextstrtoaddr(char* str, struct sockaddr_storage* addr,
220 int authextstrtoaddr(char* str, struct sockaddr_storage* addr,
219221 socklen_t* addrlen, char** auth_name);
222
223 /**
224 * Convert domain string, with "@port" appendix, to dname.
225 * It can also have an "#tls-auth-name" appendix (after the port).
226 * The return port is the parsed port.
227 * Uses DNS port by default; TLS port when a "#tls-auth-name" is configured.
228 * The returned auth_name string is a pointer into the input string.
229 * @param str: the string
230 * @param port: pointer to be assigned the parsed port value.
231 * @param auth_name: returned pointer to tls_auth_name, or NULL if none.
232 * @return pointer to the dname.
233 */
234 uint8_t* authextstrtodname(char* str, int* port, char** auth_name);
220235
221236 /**
222237 * Store port number into sockaddr structure
+153
-38
util/netevent.c less more
5050 #include "dnstap/dnstap.h"
5151 #include "dnscrypt/dnscrypt.h"
5252 #include "services/listen_dnsport.h"
53 #ifdef HAVE_SYS_TYPES_H
54 #include <sys/types.h>
55 #endif
56 #ifdef HAVE_SYS_SOCKET_H
57 #include <sys/socket.h>
58 #endif
59 #ifdef HAVE_NETDB_H
60 #include <netdb.h>
61 #endif
62
5363 #ifdef HAVE_OPENSSL_SSL_H
5464 #include <openssl/ssl.h>
5565 #endif
151161 static struct comm_point* comm_point_create_tcp_handler(
152162 struct comm_base *base, struct comm_point* parent, size_t bufsize,
153163 struct sldns_buffer* spoolbuf, comm_point_callback_type* callback,
154 void* callback_arg);
164 void* callback_arg, struct unbound_socket* socket);
155165
156166 /* -------- End of local definitions -------- */
157167
288298 # ifdef ENETDOWN
289299 case ENETDOWN:
290300 # endif
301 case EPERM:
302 case EACCES:
291303 if(verbosity < VERB_ALGO)
292304 return 0;
293305 default:
301313 /* 'Cannot assign requested address' also when disconnected */
302314 || (errno == EADDRNOTAVAIL)
303315 # endif
304 ) && verbosity < VERB_DETAIL)
316 ) && verbosity < VERB_ALGO)
305317 return 0;
306318 # ifdef EADDRINUSE
307319 /* If SO_REUSEADDR is set, we could try to connect to the same server
407419 log_info("%s: unknown srctype %d", str, r->srctype);
408420 return;
409421 }
422
410423 if(r->srctype == 6) {
424 #ifdef IPV6_PKTINFO
411425 char buf[1024];
412426 if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr,
413427 buf, (socklen_t)sizeof(buf)) == 0) {
415429 }
416430 buf[sizeof(buf)-1]=0;
417431 log_info("%s: %s %d", str, buf, r->pktinfo.v6info.ipi6_ifindex);
432 #endif
418433 } else if(r->srctype == 4) {
419434 #ifdef IP_PKTINFO
420435 char buf1[1024], buf2[1024];
802817 #endif
803818 c->tcp_is_reading = 1;
804819 c->tcp_byte_count = 0;
820 c->tcp_keepalive = 0;
805821 /* if more than half the tcp handlers are in use, use a shorter
806822 * timeout for this TCP connection, we need to make space for
807823 * other connections to be able to get attention */
927943
928944 #ifdef USE_WINSOCK
929945 static long win_bio_cb(BIO *b, int oper, const char* ATTR_UNUSED(argp),
930 int ATTR_UNUSED(argi), long argl, long retvalue)
946 #ifdef HAVE_BIO_SET_CALLBACK_EX
947 size_t ATTR_UNUSED(len),
948 #endif
949 int ATTR_UNUSED(argi), long argl,
950 #ifndef HAVE_BIO_SET_CALLBACK_EX
951 long retvalue
952 #else
953 int retvalue, size_t* ATTR_UNUSED(processed)
954 #endif
955 )
931956 {
932957 int wsa_err = WSAGetLastError(); /* store errcode before it is gone */
933958 verbose(VERB_ALGO, "bio_cb %d, %s %s %s", oper,
957982 {
958983 SSL* ssl = (SSL*)thessl;
959984 /* set them both just in case, but usually they are the same BIO */
985 #ifdef HAVE_BIO_SET_CALLBACK_EX
986 BIO_set_callback_ex(SSL_get_rbio(ssl), &win_bio_cb);
987 #else
960988 BIO_set_callback(SSL_get_rbio(ssl), &win_bio_cb);
989 #endif
961990 BIO_set_callback_arg(SSL_get_rbio(ssl), (char*)c->ev->ev);
991 #ifdef HAVE_BIO_SET_CALLBACK_EX
992 BIO_set_callback_ex(SSL_get_wbio(ssl), &win_bio_cb);
993 #else
962994 BIO_set_callback(SSL_get_wbio(ssl), &win_bio_cb);
995 #endif
963996 BIO_set_callback_arg(SSL_get_wbio(ssl), (char*)c->ev->ev);
964997 }
965998 #endif
10211054 /* clear leftover flags from previous use, and then set the
10221055 * correct event base for the event structure for libevent */
10231056 ub_event_free(c_hdl->ev->ev);
1057 c_hdl->ev->ev = NULL;
10241058 if((c_hdl->type == comm_tcp && c_hdl->tcp_req_info) ||
10251059 c_hdl->type == comm_local || c_hdl->type == comm_raw)
10261060 c_hdl->tcp_do_toggle_rw = 0;
10771111 /* grab the tcp handler buffers */
10781112 c->cur_tcp_count++;
10791113 c->tcp_free = c_hdl->tcp_free;
1114 c_hdl->tcp_free = NULL;
10801115 if(!c->tcp_free) {
10811116 /* stop accepting incoming queries for now. */
10821117 comm_point_stop_listening(c);
10981133 }
10991134 comm_point_close(c);
11001135 if(c->tcp_parent) {
1101 c->tcp_parent->cur_tcp_count--;
1102 c->tcp_free = c->tcp_parent->tcp_free;
1103 c->tcp_parent->tcp_free = c;
1136 if(c != c->tcp_parent->tcp_free) {
1137 c->tcp_parent->cur_tcp_count--;
1138 c->tcp_free = c->tcp_parent->tcp_free;
1139 c->tcp_parent->tcp_free = c;
1140 }
11041141 if(!c->tcp_free) {
11051142 /* re-enable listening on accept socket */
11061143 comm_point_start_listening(c->tcp_parent, -1, -1);
11081145 }
11091146 c->tcp_more_read_again = NULL;
11101147 c->tcp_more_write_again = NULL;
1148 c->tcp_byte_count = 0;
1149 sldns_buffer_clear(c->buffer);
11111150 }
11121151
11131152 /** do the callback when writing is done */
11991238 int r;
12001239 if(c->ssl_shake_state == comm_ssl_shake_hs_read) {
12011240 /* read condition satisfied back to writing */
1202 comm_point_listen_for_rw(c, 1, 1);
1241 comm_point_listen_for_rw(c, 0, 1);
12031242 c->ssl_shake_state = comm_ssl_shake_none;
12041243 return 1;
12051244 }
12561295 if((SSL_get_verify_mode(c->ssl)&SSL_VERIFY_PEER)) {
12571296 /* verification */
12581297 if(SSL_get_verify_result(c->ssl) == X509_V_OK) {
1298 #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
1299 X509* x = SSL_get1_peer_certificate(c->ssl);
1300 #else
12591301 X509* x = SSL_get_peer_certificate(c->ssl);
1302 #endif
12601303 if(!x) {
12611304 log_addr(VERB_ALGO, "SSL connection failed: "
12621305 "no certificate",
12821325 #endif
12831326 X509_free(x);
12841327 } else {
1328 #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
1329 X509* x = SSL_get1_peer_certificate(c->ssl);
1330 #else
12851331 X509* x = SSL_get_peer_certificate(c->ssl);
1332 #endif
12861333 if(x) {
12871334 log_cert(VERB_ALGO, "peer certificate", x);
12881335 X509_free(x);
12991346 c->repinfo.addrlen);
13001347 }
13011348
1349 #ifdef HAVE_SSL_GET0_ALPN_SELECTED
13021350 /* check if http2 use is negotiated */
13031351 if(c->type == comm_http && c->h2_session) {
13041352 const unsigned char *alpn;
13101358 c->use_h2 = 1;
13111359 }
13121360 }
1361 #endif
13131362
13141363 /* setup listen rw correctly */
13151364 if(c->tcp_is_reading) {
13161365 if(c->ssl_shake_state != comm_ssl_shake_read)
13171366 comm_point_listen_for_rw(c, 1, 0);
13181367 } else {
1319 comm_point_listen_for_rw(c, 1, 1);
1368 comm_point_listen_for_rw(c, 0, 1);
13201369 }
13211370 c->ssl_shake_state = comm_ssl_shake_none;
13221371 return 1;
13471396 return tcp_req_info_handle_read_close(c->tcp_req_info);
13481397 return 0; /* shutdown, closed */
13491398 } else if(want == SSL_ERROR_WANT_READ) {
1399 #ifdef USE_WINSOCK
13501400 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ);
1401 #endif
13511402 return 1; /* read more later */
13521403 } else if(want == SSL_ERROR_WANT_WRITE) {
13531404 c->ssl_shake_state = comm_ssl_shake_hs_write;
13951446 return tcp_req_info_handle_read_close(c->tcp_req_info);
13961447 return 0; /* shutdown, closed */
13971448 } else if(want == SSL_ERROR_WANT_READ) {
1449 #ifdef USE_WINSOCK
13981450 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ);
1451 #endif
13991452 return 1; /* read more later */
14001453 } else if(want == SSL_ERROR_WANT_WRITE) {
14011454 c->ssl_shake_state = comm_ssl_shake_hs_write;
14881541 comm_point_listen_for_rw(c, 1, 0);
14891542 return 1; /* wait for read condition */
14901543 } else if(want == SSL_ERROR_WANT_WRITE) {
1544 #ifdef USE_WINSOCK
14911545 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE);
1546 #endif
14921547 return 1; /* write more later */
14931548 } else if(want == SSL_ERROR_SYSCALL) {
14941549 #ifdef EPIPE
15381593 comm_point_listen_for_rw(c, 1, 0);
15391594 return 1; /* wait for read condition */
15401595 } else if(want == SSL_ERROR_WANT_WRITE) {
1596 #ifdef USE_WINSOCK
15411597 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE);
1598 #endif
15421599 return 1; /* write more later */
15431600 } else if(want == SSL_ERROR_SYSCALL) {
15441601 #ifdef EPIPE
16191676 if(errno == ECONNRESET && verbosity < 2)
16201677 return 0; /* silence reset by peer */
16211678 #endif
1679 #ifdef ECONNREFUSED
1680 if(errno == ECONNREFUSED && verbosity < 2)
1681 return 0; /* silence reset by peer */
1682 #endif
16221683 #ifdef ENETUNREACH
16231684 if(errno == ENETUNREACH && verbosity < 2)
16241685 return 0; /* silence it */
16471708 }
16481709 #endif
16491710 #else /* USE_WINSOCK */
1711 if(WSAGetLastError() == WSAECONNREFUSED && verbosity < 2)
1712 return 0;
1713 if(WSAGetLastError() == WSAEHOSTDOWN && verbosity < 2)
1714 return 0;
1715 if(WSAGetLastError() == WSAEHOSTUNREACH && verbosity < 2)
1716 return 0;
1717 if(WSAGetLastError() == WSAENETDOWN && verbosity < 2)
1718 return 0;
1719 if(WSAGetLastError() == WSAENETUNREACH && verbosity < 2)
1720 return 0;
16501721 if(WSAGetLastError() == WSAECONNRESET)
16511722 return 0;
16521723 if(WSAGetLastError() == WSAEINPROGRESS)
16801751 (int)sldns_buffer_limit(c->buffer));
16811752 }
16821753
1683 log_assert(sldns_buffer_remaining(c->buffer) > 0);
1754 if(sldns_buffer_remaining(c->buffer) == 0)
1755 log_err("in comm_point_tcp_handle_read buffer_remaining is not > 0 as expected, continuing with (harmless) 0 length recv");
16841756 r = recv(fd, (void*)sldns_buffer_current(c->buffer),
16851757 sldns_buffer_remaining(c->buffer), 0);
16861758 if(r == 0) {
18141886 if(errno == EINTR || errno == EAGAIN)
18151887 return 1;
18161888 /* Not handling EISCONN here as shouldn't ever hit that case.*/
1817 if(errno != EPIPE && errno != 0 && verbosity < 2)
1818 return 0; /* silence lots of chatter in the logs */
1819 if(errno != EPIPE && errno != 0) {
1889 if(errno != EPIPE
1890 #ifdef EOPNOTSUPP
1891 /* if /proc/sys/net/ipv4/tcp_fastopen is
1892 * disabled on Linux, sendmsg may return
1893 * 'Operation not supported', if so
1894 * fallthrough to ordinary connect. */
1895 && errno != EOPNOTSUPP
1896 #endif
1897 && errno != 0) {
1898 if(verbosity < 2)
1899 return 0; /* silence lots of chatter in the logs */
18201900 log_err_addr("tcp sendmsg", strerror(errno),
18211901 &c->repinfo.addr, c->repinfo.addrlen);
18221902 return 0;
18231903 }
1904 verbose(VERB_ALGO, "tcp sendmsg for fastopen failed (with %s), try normal connect", strerror(errno));
18241905 /* fallthrough to nonFASTOPEN
18251906 * (MSG_FASTOPEN on Linux 3 produces EPIPE)
18261907 * we need to perform connect() */
21532234 }
21542235 comm_point_close(c);
21552236 if(c->tcp_parent) {
2156 c->tcp_parent->cur_tcp_count--;
2157 c->tcp_free = c->tcp_parent->tcp_free;
2158 c->tcp_parent->tcp_free = c;
2237 if(c != c->tcp_parent->tcp_free) {
2238 c->tcp_parent->cur_tcp_count--;
2239 c->tcp_free = c->tcp_parent->tcp_free;
2240 c->tcp_parent->tcp_free = c;
2241 }
21592242 if(!c->tcp_free) {
21602243 /* re-enable listening on accept socket */
21612244 comm_point_start_listening(c->tcp_parent, -1, -1);
21962279 log_crypto_err("could not SSL_read");
21972280 return 0;
21982281 }
2282 verbose(VERB_ALGO, "ssl http read more skip to %d + %d",
2283 (int)sldns_buffer_position(c->buffer), (int)r);
21992284 sldns_buffer_skip(c->buffer, (ssize_t)r);
22002285 return 1;
22012286 #else
22322317 &c->repinfo.addr, c->repinfo.addrlen);
22332318 return 0;
22342319 }
2320 verbose(VERB_ALGO, "http read more skip to %d + %d",
2321 (int)sldns_buffer_position(c->buffer), (int)r);
22352322 sldns_buffer_skip(c->buffer, r);
22362323 return 1;
22372324 }
23692456 return 1;
23702457 }
23712458
2372 /** handle nonchunked data segment */
2459 /** handle nonchunked data segment, 0=fail, 1=wait */
23732460 static int
23742461 http_nonchunk_segment(struct comm_point* c)
23752462 {
23782465 * we are looking to read tcp_byte_count more data
23792466 * and then the transfer is done. */
23802467 size_t remainbufferlen;
2381 size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored;
2468 size_t got_now = sldns_buffer_limit(c->buffer);
23822469 if(c->tcp_byte_count <= got_now) {
23832470 /* done, this is the last data fragment */
23842471 c->http_stored = 0;
23872474 (void)(*c->callback)(c, c->cb_arg, NETEVENT_DONE, NULL);
23882475 return 1;
23892476 }
2390 c->tcp_byte_count -= got_now;
23912477 /* if we have the buffer space,
23922478 * read more data collected into the buffer */
23932479 remainbufferlen = sldns_buffer_capacity(c->buffer) -
23942480 sldns_buffer_limit(c->buffer);
2395 if(remainbufferlen >= c->tcp_byte_count ||
2396 remainbufferlen >= 2048) {
2481 if(remainbufferlen+got_now >= c->tcp_byte_count ||
2482 remainbufferlen >= (c->ssl?16384:2048)) {
23972483 size_t total = sldns_buffer_limit(c->buffer);
23982484 sldns_buffer_clear(c->buffer);
23992485 sldns_buffer_set_position(c->buffer, total);
24032489 }
24042490 /* call callback with this data amount, then
24052491 * wait for more */
2492 c->tcp_byte_count -= got_now;
24062493 c->http_stored = 0;
24072494 sldns_buffer_set_position(c->buffer, 0);
24082495 fptr_ok(fptr_whitelist_comm_point(c->callback));
27612848 return 0;
27622849 }
27632850
2851 if(c->http_stored >= sldns_buffer_position(c->buffer)) {
2852 /* read did not work but we wanted more data, there is
2853 * no bytes to process now. */
2854 return 1;
2855 }
27642856 sldns_buffer_flip(c->buffer);
27652857 /* if we are partway in a segment of data, position us at the point
27662858 * where we left off previously */
31833275
31843276 struct comm_point*
31853277 comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer,
3186 comm_point_callback_type* callback, void* callback_arg)
3278 comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket)
31873279 {
31883280 struct comm_point* c = (struct comm_point*)calloc(1,
31893281 sizeof(struct comm_point));
32223314 c->inuse = 0;
32233315 c->callback = callback;
32243316 c->cb_arg = callback_arg;
3317 c->socket = socket;
32253318 evbits = UB_EV_READ | UB_EV_PERSIST;
32263319 /* ub_event stuff */
32273320 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits,
32433336 struct comm_point*
32443337 comm_point_create_udp_ancil(struct comm_base *base, int fd,
32453338 sldns_buffer* buffer,
3246 comm_point_callback_type* callback, void* callback_arg)
3339 comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket)
32473340 {
32483341 struct comm_point* c = (struct comm_point*)calloc(1,
32493342 sizeof(struct comm_point));
32823375 #endif
32833376 c->callback = callback;
32843377 c->cb_arg = callback_arg;
3378 c->socket = socket;
32853379 evbits = UB_EV_READ | UB_EV_PERSIST;
32863380 /* ub_event stuff */
32873381 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits,
33043398 comm_point_create_tcp_handler(struct comm_base *base,
33053399 struct comm_point* parent, size_t bufsize,
33063400 struct sldns_buffer* spoolbuf, comm_point_callback_type* callback,
3307 void* callback_arg)
3401 void* callback_arg, struct unbound_socket* socket)
33083402 {
33093403 struct comm_point* c = (struct comm_point*)calloc(1,
33103404 sizeof(struct comm_point));
33603454 c->repinfo.c = c;
33613455 c->callback = callback;
33623456 c->cb_arg = callback_arg;
3457 c->socket = socket;
33633458 if(spoolbuf) {
33643459 c->tcp_req_info = tcp_req_info_create(spoolbuf);
33653460 if(!c->tcp_req_info) {
33993494 comm_point_create_http_handler(struct comm_base *base,
34003495 struct comm_point* parent, size_t bufsize, int harden_large_queries,
34013496 uint32_t http_max_streams, char* http_endpoint,
3402 comm_point_callback_type* callback, void* callback_arg)
3497 comm_point_callback_type* callback, void* callback_arg,
3498 struct unbound_socket* socket)
34033499 {
34043500 struct comm_point* c = (struct comm_point*)calloc(1,
34053501 sizeof(struct comm_point));
34533549 c->repinfo.c = c;
34543550 c->callback = callback;
34553551 c->cb_arg = callback_arg;
3552 c->socket = socket;
34563553
34573554 c->http_min_version = http_version_2;
34583555 c->http2_stream_max_qbuffer_size = bufsize;
35173614 uint32_t http_max_streams, char* http_endpoint,
35183615 struct tcl_list* tcp_conn_limit, size_t bufsize,
35193616 struct sldns_buffer* spoolbuf, enum listen_type port_type,
3520 comm_point_callback_type* callback, void* callback_arg)
3617 comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket)
35213618 {
35223619 struct comm_point* c = (struct comm_point*)calloc(1,
35233620 sizeof(struct comm_point));
35673664 #endif
35683665 c->callback = NULL;
35693666 c->cb_arg = NULL;
3667 c->socket = socket;
35703668 evbits = UB_EV_READ | UB_EV_PERSIST;
35713669 /* ub_event stuff */
35723670 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits,
35883686 port_type == listen_type_ssl ||
35893687 port_type == listen_type_tcp_dnscrypt) {
35903688 c->tcp_handlers[i] = comm_point_create_tcp_handler(base,
3591 c, bufsize, spoolbuf, callback, callback_arg);
3689 c, bufsize, spoolbuf, callback, callback_arg, socket);
35923690 } else if(port_type == listen_type_http) {
35933691 c->tcp_handlers[i] = comm_point_create_http_handler(
35943692 base, c, bufsize, harden_large_queries,
35953693 http_max_streams, http_endpoint,
3596 callback, callback_arg);
3694 callback, callback_arg, socket);
35973695 }
35983696 else {
35993697 log_err("could not create tcp handler, unknown listen "
38943992
38953993 /* close fd after removing from event lists, or epoll.. is messed up */
38963994 if(c->fd != -1 && !c->do_not_close) {
3995 #ifdef USE_WINSOCK
38973996 if(c->type == comm_tcp || c->type == comm_http) {
38983997 /* delete sticky events for the fd, it gets closed */
38993998 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ);
39003999 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE);
39014000 }
4001 #endif
39024002 verbose(VERB_ALGO, "close fd %d", c->fd);
39034003 sock_close(c->fd);
39044004 }
39694069 comm_point_send_udp_msg(repinfo->c, buffer,
39704070 (struct sockaddr*)&repinfo->addr, repinfo->addrlen, 0);
39714071 #ifdef USE_DNSTAP
3972 if(repinfo->c->dtenv != NULL &&
3973 repinfo->c->dtenv->log_client_response_messages)
3974 dt_msg_send_client_response(repinfo->c->dtenv,
3975 &repinfo->addr, repinfo->c->type, repinfo->c->buffer);
4072 /*
4073 * sending src (client)/dst (local service) addresses over DNSTAP from udp callback
4074 */
4075 if(repinfo->c->dtenv != NULL && repinfo->c->dtenv->log_client_response_messages) {
4076 log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen);
4077 log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen);
4078 dt_msg_send_client_response(repinfo->c->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->type, repinfo->c->buffer);
4079 }
39764080 #endif
39774081 } else {
39784082 #ifdef USE_DNSTAP
3979 if(repinfo->c->tcp_parent->dtenv != NULL &&
3980 repinfo->c->tcp_parent->dtenv->log_client_response_messages)
3981 dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv,
3982 &repinfo->addr, repinfo->c->type,
3983 ( repinfo->c->tcp_req_info
3984 ? repinfo->c->tcp_req_info->spool_buffer
3985 : repinfo->c->buffer ));
4083 /*
4084 * sending src (client)/dst (local service) addresses over DNSTAP from TCP callback
4085 */
4086 if(repinfo->c->tcp_parent->dtenv != NULL && repinfo->c->tcp_parent->dtenv->log_client_response_messages) {
4087 log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen);
4088 log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen);
4089 dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->type,
4090 ( repinfo->c->tcp_req_info? repinfo->c->tcp_req_info->spool_buffer: repinfo->c->buffer ));
4091 }
39864092 #endif
39874093 if(repinfo->c->tcp_req_info) {
39884094 tcp_req_info_send_reply(repinfo->c->tcp_req_info);
40694175 c->timeout->tv_sec = msec/1000;
40704176 c->timeout->tv_usec = (msec%1000)*1000;
40714177 #endif /* S_SPLINT_S */
4178 } else {
4179 if(msec == 0 || !c->timeout) {
4180 ub_event_del_bits(c->ev->ev, UB_EV_TIMEOUT);
4181 }
40724182 }
40734183 if(c->type == comm_tcp || c->type == comm_http) {
40744184 ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE);
40934203 }
40944204 if(ub_event_add(c->ev->ev, msec==0?NULL:c->timeout) != 0) {
40954205 log_err("event_add failed. in cpsl.");
4206 return;
40964207 }
40974208 c->event_added = 1;
40984209 }
41054216 log_err("event_del error to cplf");
41064217 }
41074218 c->event_added = 0;
4219 }
4220 if(!c->timeout) {
4221 ub_event_del_bits(c->ev->ev, UB_EV_TIMEOUT);
41084222 }
41094223 ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE);
41104224 if(rd) ub_event_add_bits(c->ev->ev, UB_EV_READ);
41114225 if(wr) ub_event_add_bits(c->ev->ev, UB_EV_WRITE);
41124226 if(ub_event_add(c->ev->ev, c->timeout) != 0) {
41134227 log_err("event_add failed. in cplf.");
4228 return;
41144229 }
41154230 c->event_added = 1;
41164231 }
+10
-4
util/netevent.h less more
6969 struct comm_reply;
7070 struct tcl_list;
7171 struct ub_event_base;
72 struct unbound_socket;
7273
7374 struct mesh_state;
7475 struct mesh_area;
167168 struct internal_event* ev;
168169 /** if the event is added or not */
169170 int event_added;
171
172 struct unbound_socket* socket;
170173
171174 /** file descriptor for communication point */
172175 int fd;
494497 * @param buffer: shared buffer by UDP sockets from this thread.
495498 * @param callback: callback function pointer.
496499 * @param callback_arg: will be passed to your callback function.
500 * @param socket: and opened socket properties will be passed to your callback function.
497501 * @return: returns the allocated communication point. NULL on error.
498502 * Sets timeout to NULL. Turns off TCP options.
499503 */
500504 struct comm_point* comm_point_create_udp(struct comm_base* base,
501505 int fd, struct sldns_buffer* buffer,
502 comm_point_callback_type* callback, void* callback_arg);
506 comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket);
503507
504508 /**
505509 * Create an UDP with ancillary data comm point. Calls malloc.
510514 * @param buffer: shared buffer by UDP sockets from this thread.
511515 * @param callback: callback function pointer.
512516 * @param callback_arg: will be passed to your callback function.
517 * @param socket: and opened socket properties will be passed to your callback function.
513518 * @return: returns the allocated communication point. NULL on error.
514519 * Sets timeout to NULL. Turns off TCP options.
515520 */
516521 struct comm_point* comm_point_create_udp_ancil(struct comm_base* base,
517522 int fd, struct sldns_buffer* buffer,
518 comm_point_callback_type* callback, void* callback_arg);
523 comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket);
519524
520525 /**
521526 * Create a TCP listener comm point. Calls malloc.
538543 * to select handler type to use.
539544 * @param callback: callback function pointer for TCP handlers.
540545 * @param callback_arg: will be passed to your callback function.
546 * @param socket: and opened socket properties will be passed to your callback function.
541547 * @return: returns the TCP listener commpoint. You can find the
542548 * TCP handlers in the array inside the listener commpoint.
543549 * returns NULL on error.
549555 struct tcl_list* tcp_conn_limit,
550556 size_t bufsize, struct sldns_buffer* spoolbuf,
551557 enum listen_type port_type,
552 comm_point_callback_type* callback, void* callback_arg);
558 comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket);
553559
554560 /**
555561 * Create an outgoing TCP commpoint. No file descriptor is opened, left at -1.
736742 void (*callback)(int, void*), void* cb_arg);
737743
738744 /**
739 * Bind signal struct to catch a signal. A signle comm_signal can be bound
745 * Bind signal struct to catch a signal. A single comm_signal can be bound
740746 * to multiple signals, calling comm_signal_bind multiple times.
741747 * @param comsig: the communication point, with callback information.
742748 * @param sig: signal number.
+2
-0
util/regional.c less more
102102 struct regional*
103103 regional_create_custom(size_t size)
104104 {
105 if(size < sizeof(struct regional))
106 size = sizeof(struct regional);
105107 return regional_create_custom_large_object(size,
106108 REGIONAL_LARGE_OBJECT_SIZE);
107109 }
+7
-1
util/shm_side/shm_main.c less more
129129
130130 /* Just release memory unused */
131131 free(daemon->shm_info);
132 daemon->shm_info = NULL;
132133
133134 return 0;
134135 }
142143
143144 /* Just release memory unused */
144145 free(daemon->shm_info);
146 daemon->shm_info = NULL;
145147
146148 return 0;
147149 }
155157
156158 /* Just release memory unused */
157159 free(daemon->shm_info);
160 daemon->shm_info = NULL;
158161
159162 return 0;
160163 }
169172
170173 /* Just release memory unused */
171174 free(daemon->shm_info);
175 daemon->shm_info = NULL;
172176
173177 return 0;
174178 }
209213 if (daemon->shm_info->ptr_arr)
210214 shmdt(daemon->shm_info->ptr_arr);
211215
216 free(daemon->shm_info);
217 daemon->shm_info = NULL;
212218 #else
213219 (void)daemon;
214220 #endif /* HAVE_SHMGET */
274280 shm_stat->mem.subnet = 0;
275281 #ifdef CLIENT_SUBNET
276282 shm_stat->mem.subnet = (long long)mod_get_mem(&worker->env,
277 "subnet");
283 "subnetcache");
278284 #endif
279285 /* ipsecmod mem value is available in shm, also when not enabled,
280286 * to make the struct easier to memmap by other applications,
+58
-44
util/storage/lookup3.c less more
5252 #include "util/storage/lookup3.h"
5353 #include <stdio.h> /* defines printf for tests */
5454 #include <time.h> /* defines time_t for timings in the test */
55 /*#include <stdint.h> defines uint32_t etc (from config.h) */
56 #include <sys/param.h> /* attempt to define endianness */
57 #ifdef HAVE_SYS_TYPES_H
58 # include <sys/types.h> /* attempt to define endianness (solaris) */
59 #endif
60 #if defined(linux) || defined(__OpenBSD__)
55
56 /*
57 * If our build system provides endianness info, signalled by
58 * HAVE_TARGET_ENDIANNESS and the presence or absence of TARGET_IS_BIG_ENDIAN,
59 * use that. Otherwise try to work out the endianness.
60 */
61 #if defined(HAVE_TARGET_ENDIANNESS)
62 # if defined(TARGET_IS_BIG_ENDIAN)
63 # define HASH_LITTLE_ENDIAN 0
64 # define HASH_BIG_ENDIAN 1
65 # else
66 # define HASH_LITTLE_ENDIAN 1
67 # define HASH_BIG_ENDIAN 0
68 # endif
69 #else
70 # include <sys/param.h> /* attempt to define endianness */
71 # ifdef HAVE_SYS_TYPES_H
72 # include <sys/types.h> /* attempt to define endianness (solaris) */
73 # endif
74 # if defined(linux) || defined(__OpenBSD__)
6175 # ifdef HAVE_ENDIAN_H
6276 # include <endian.h> /* attempt to define endianness */
6377 # else
6478 # include <machine/endian.h> /* on older OpenBSD */
6579 # endif
66 #endif
67 #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
68 #include <sys/endian.h> /* attempt to define endianness */
69 #endif
80 # endif
81 # if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
82 # include <sys/endian.h> /* attempt to define endianness */
83 # endif
84 /*
85 * My best guess at if you are big-endian or little-endian. This may
86 * need adjustment.
87 */
88 # if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
89 __BYTE_ORDER == __LITTLE_ENDIAN) || \
90 (defined(i386) || defined(__i386__) || defined(__i486__) || \
91 defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86))
92 # define HASH_LITTLE_ENDIAN 1
93 # define HASH_BIG_ENDIAN 0
94 # elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
95 __BYTE_ORDER == __BIG_ENDIAN) || \
96 (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel))
97 # define HASH_LITTLE_ENDIAN 0
98 # define HASH_BIG_ENDIAN 1
99 # elif defined(_MACHINE_ENDIAN_H_)
100 /* test for machine_endian_h protects failure if some are empty strings */
101 # if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN
102 # define HASH_LITTLE_ENDIAN 0
103 # define HASH_BIG_ENDIAN 1
104 # endif
105 # if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN
106 # define HASH_LITTLE_ENDIAN 1
107 # define HASH_BIG_ENDIAN 0
108 # endif /* _MACHINE_ENDIAN_H_ */
109 # else
110 # define HASH_LITTLE_ENDIAN 0
111 # define HASH_BIG_ENDIAN 0
112 # endif
113 #endif /* defined(HAVE_TARGET_ENDIANNESS) */
114
115 #define hashsize(n) ((uint32_t)1<<(n))
116 #define hashmask(n) (hashsize(n)-1)
117 #define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
70118
71119 /* random initial value */
72120 static uint32_t raninit = (uint32_t)0xdeadbeef;
76124 {
77125 raninit = v;
78126 }
79
80 /*
81 * My best guess at if you are big-endian or little-endian. This may
82 * need adjustment.
83 */
84 #if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
85 __BYTE_ORDER == __LITTLE_ENDIAN) || \
86 (defined(i386) || defined(__i386__) || defined(__i486__) || \
87 defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86))
88 # define HASH_LITTLE_ENDIAN 1
89 # define HASH_BIG_ENDIAN 0
90 #elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
91 __BYTE_ORDER == __BIG_ENDIAN) || \
92 (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel))
93 # define HASH_LITTLE_ENDIAN 0
94 # define HASH_BIG_ENDIAN 1
95 #elif defined(_MACHINE_ENDIAN_H_)
96 /* test for machine_endian_h protects failure if some are empty strings */
97 # if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN
98 # define HASH_LITTLE_ENDIAN 0
99 # define HASH_BIG_ENDIAN 1
100 # endif
101 # if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN
102 # define HASH_LITTLE_ENDIAN 1
103 # define HASH_BIG_ENDIAN 0
104 # endif /* _MACHINE_ENDIAN_H_ */
105 #else
106 # define HASH_LITTLE_ENDIAN 0
107 # define HASH_BIG_ENDIAN 0
108 #endif
109
110 #define hashsize(n) ((uint32_t)1<<(n))
111 #define hashmask(n) (hashsize(n)-1)
112 #define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
113127
114128 /*
115129 -------------------------------------------------------------------------------
+5
-1
util/tube.c less more
362362 }
363363 d += r;
364364 }
365 log_assert(*len < 65536*2);
365 if (*len >= 65536*2) {
366 log_err("tube msg length %u is too big", (unsigned)*len);
367 (void)fd_set_nonblock(fd);
368 return 0;
369 }
366370 *buf = (uint8_t*)malloc(*len);
367371 if(!*buf) {
368372 log_err("tube read out of memory");
+1
-1
util/ub_event.c less more
00 /*
1 * util/ub_event.c - directly call libevent (compatability) functions
1 * util/ub_event.c - directly call libevent (compatibility) functions
22 *
33 * Copyright (c) 2007, NLnet Labs. All rights reserved.
44 *
+2
-1
util/ub_event_pluggable.c less more
665665 fptr_ok(ev->vmt != &default_event_vmt ||
666666 ev->vmt->winsock_tcp_wouldblock ==
667667 my_winsock_tcp_wouldblock);
668 (*ev->vmt->winsock_tcp_wouldblock)(ev, eventbits);
668 if (ev->vmt->winsock_tcp_wouldblock)
669 (*ev->vmt->winsock_tcp_wouldblock)(ev, eventbits);
669670 }
670671 }
671672
+25
-10
validator/autotrust.c less more
10761076 return " UNKNOWN ";
10771077 }
10781078
1079 /** ctime r for autotrust */
1080 static char* autr_ctime_r(time_t* t, char* s)
1081 {
1082 ctime_r(t, s);
1083 #ifdef USE_WINSOCK
1084 if(strlen(s) > 10 && s[7]==' ' && s[8]=='0')
1085 s[8]=' '; /* fix error in windows ctime */
1086 #endif
1087 return s;
1088 }
1089
10791090 /** print ID to file */
10801091 static int
10811092 print_id(FILE* out, char* fname, uint8_t* nm, size_t nmlen, uint16_t dclass)
11221133 }
11231134 if(fprintf(out, ";;last_queried: %u ;;%s",
11241135 (unsigned int)tp->autr->last_queried,
1125 ctime_r(&(tp->autr->last_queried), tmi)) < 0 ||
1136 autr_ctime_r(&(tp->autr->last_queried), tmi)) < 0 ||
11261137 fprintf(out, ";;last_success: %u ;;%s",
11271138 (unsigned int)tp->autr->last_success,
1128 ctime_r(&(tp->autr->last_success), tmi)) < 0 ||
1139 autr_ctime_r(&(tp->autr->last_success), tmi)) < 0 ||
11291140 fprintf(out, ";;next_probe_time: %u ;;%s",
11301141 (unsigned int)tp->autr->next_probe_time,
1131 ctime_r(&(tp->autr->next_probe_time), tmi)) < 0 ||
1142 autr_ctime_r(&(tp->autr->next_probe_time), tmi)) < 0 ||
11321143 fprintf(out, ";;query_failed: %d\n", (int)tp->autr->query_failed)<0
11331144 || fprintf(out, ";;query_interval: %d\n",
11341145 (int)tp->autr->query_interval) < 0 ||
11591170 ";;lastchange=%u ;;%s", str, (int)ta->s,
11601171 trustanchor_state2str(ta->s), (int)ta->pending_count,
11611172 (unsigned int)ta->last_change,
1162 ctime_r(&(ta->last_change), tmi)) < 0) {
1173 autr_ctime_r(&(ta->last_change), tmi)) < 0) {
11631174 log_err("could not write to %s: %s", fn, strerror(errno));
11641175 free(str);
11651176 return 0;
15781589 for(ds_idx=0; ds_idx<num; ds_idx++) {
15791590 if(!ds_digest_algo_is_supported(ds_rrset, ds_idx) ||
15801591 !ds_key_algo_is_supported(ds_rrset, ds_idx) ||
1592 !dnskey_size_is_supported(dnskey_rrset, key_idx) ||
15811593 ds_get_digest_algo(ds_rrset, ds_idx) != d)
15821594 continue;
15831595 if(ds_get_key_algo(ds_rrset, ds_idx)
16321644 }
16331645 /* is a key of this type supported?. Note rr_list and
16341646 * packed_rrset are in the same order. */
1635 if(!dnskey_algo_is_supported(dnskey_rrset, i)) {
1647 if(!dnskey_algo_is_supported(dnskey_rrset, i) ||
1648 !dnskey_size_is_supported(dnskey_rrset, i)) {
16361649 /* skip unknown algorithm key, it is useless to us */
16371650 log_nametypeclass(VERB_DETAIL, "trust point has "
16381651 "unsupported algorithm at",
22612274 return;
22622275 }
22632276 if(str[0]) str[strlen(str)-1]=0; /* remove newline */
2264 ctime_r(&ta->last_change, buf);
2277 (void)autr_ctime_r(&ta->last_change, buf);
22652278 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
22662279 log_info("[%s] %s ;;state:%d ;;pending_count:%d%s%s last:%s",
22672280 trustanchor_state2str(ta->s), str, ta->s, ta->pending_count,
22882301 log_packed_rrset(NO_VERBOSE, "DNSKEY:", tp->dnskey_rrset);
22892302 }
22902303 log_info("file %s", tp->autr->file);
2291 ctime_r(&tp->autr->last_queried, buf);
2304 (void)autr_ctime_r(&tp->autr->last_queried, buf);
22922305 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
22932306 log_info("last_queried: %u %s", (unsigned)tp->autr->last_queried, buf);
2294 ctime_r(&tp->autr->last_success, buf);
2307 (void)autr_ctime_r(&tp->autr->last_success, buf);
22952308 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
22962309 log_info("last_success: %u %s", (unsigned)tp->autr->last_success, buf);
2297 ctime_r(&tp->autr->next_probe_time, buf);
2310 (void)autr_ctime_r(&tp->autr->next_probe_time, buf);
22982311 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
22992312 log_info("next_probe_time: %u %s", (unsigned)tp->autr->next_probe_time,
23002313 buf);
23632376 edns.ext_rcode = 0;
23642377 edns.edns_version = 0;
23652378 edns.bits = EDNS_DO;
2366 edns.opt_list = NULL;
2379 edns.opt_list_in = NULL;
2380 edns.opt_list_out = NULL;
2381 edns.opt_list_inplace_cb_out = NULL;
23672382 edns.padding_block_size = 0;
23682383 if(sldns_buffer_capacity(buf) < 65535)
23692384 edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
+6
-1
validator/val_anchor.c less more
970970 {
971971 size_t i, num = 0;
972972 for(i=0; i<ta->numDNSKEY; i++) {
973 if(!dnskey_algo_is_supported(ta->dnskey_rrset, i))
973 if(!dnskey_algo_is_supported(ta->dnskey_rrset, i) ||
974 !dnskey_size_is_supported(ta->dnskey_rrset, i))
974975 num++;
975976 }
976977 return num;
10471048 const char** zstr;
10481049 char* nm;
10491050 sldns_buffer* parsebuf = sldns_buffer_new(65535);
1051 if(!parsebuf) {
1052 log_err("malloc error in anchors_apply_cfg.");
1053 return 0;
1054 }
10501055 if(cfg->insecure_lan_zones) {
10511056 for(zstr = as112_zones; *zstr; zstr++) {
10521057 if(!anchor_insert_insecure(anchors, *zstr)) {
+1
-0
validator/val_nsec.c less more
179179 {
180180 struct packed_rrset_data* d = (struct packed_rrset_data*)
181181 nsec->entry.data;
182 if(!d) return 0;
182183 if(d->security == sec_status_secure)
183184 return 1;
184185 rrset_check_sec_status(env->rrset_cache, nsec, *env->now);
+203
-44
validator/val_secalgo.c less more
140140 #endif
141141 }
142142
143 /** hash structure for keeping track of running hashes */
144 struct secalgo_hash {
145 /** the openssl message digest context */
146 EVP_MD_CTX* ctx;
147 };
148
149 /** create secalgo hash with hash type */
150 static struct secalgo_hash* secalgo_hash_create_md(const EVP_MD* md)
151 {
152 struct secalgo_hash* h;
153 if(!md)
154 return NULL;
155 h = calloc(1, sizeof(*h));
156 if(!h)
157 return NULL;
158 h->ctx = EVP_MD_CTX_create();
159 if(!h->ctx) {
160 free(h);
161 return NULL;
162 }
163 if(!EVP_DigestInit_ex(h->ctx, md, NULL)) {
164 EVP_MD_CTX_destroy(h->ctx);
165 free(h);
166 return NULL;
167 }
168 return h;
169 }
170
171 struct secalgo_hash* secalgo_hash_create_sha384(void)
172 {
173 return secalgo_hash_create_md(EVP_sha384());
174 }
175
176 struct secalgo_hash* secalgo_hash_create_sha512(void)
177 {
178 return secalgo_hash_create_md(EVP_sha512());
179 }
180
181 int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
182 {
183 return EVP_DigestUpdate(hash->ctx, (unsigned char*)data,
184 (unsigned int)len);
185 }
186
187 int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
188 size_t maxlen, size_t* resultlen)
189 {
190 if(EVP_MD_CTX_size(hash->ctx) > (int)maxlen) {
191 *resultlen = 0;
192 log_err("secalgo_hash_final: hash buffer too small");
193 return 0;
194 }
195 *resultlen = EVP_MD_CTX_size(hash->ctx);
196 return EVP_DigestFinal_ex(hash->ctx, result, NULL);
197 }
198
199 void secalgo_hash_delete(struct secalgo_hash* hash)
200 {
201 if(!hash) return;
202 EVP_MD_CTX_destroy(hash->ctx);
203 free(hash);
204 }
205
143206 /**
144207 * Return size of DS digest according to its hash algorithm.
145208 * @param algo: DS digest algo.
449512 setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
450513 unsigned char* key, size_t keylen)
451514 {
452 #if defined(USE_DSA) && defined(USE_SHA1)
453 DSA* dsa;
454 #endif
455 RSA* rsa;
456
457515 switch(algo) {
458516 #if defined(USE_DSA) && defined(USE_SHA1)
459517 case LDNS_DSA:
460518 case LDNS_DSA_NSEC3:
461 *evp_key = EVP_PKEY_new();
519 *evp_key = sldns_key_dsa2pkey_raw(key, keylen);
462520 if(!*evp_key) {
463 log_err("verify: malloc failure in crypto");
464 return 0;
465 }
466 dsa = sldns_key_buf2dsa_raw(key, keylen);
467 if(!dsa) {
468 verbose(VERB_QUERY, "verify: "
469 "sldns_key_buf2dsa_raw failed");
470 return 0;
471 }
472 if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {
473 verbose(VERB_QUERY, "verify: "
474 "EVP_PKEY_assign_DSA failed");
521 verbose(VERB_QUERY, "verify: sldns_key_dsa2pkey failed");
475522 return 0;
476523 }
477524 #ifdef HAVE_EVP_DSS1
494541 #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
495542 case LDNS_RSASHA512:
496543 #endif
497 *evp_key = EVP_PKEY_new();
544 *evp_key = sldns_key_rsa2pkey_raw(key, keylen);
498545 if(!*evp_key) {
499 log_err("verify: malloc failure in crypto");
500 return 0;
501 }
502 rsa = sldns_key_buf2rsa_raw(key, keylen);
503 if(!rsa) {
504 verbose(VERB_QUERY, "verify: "
505 "sldns_key_buf2rsa_raw SHA failed");
506 return 0;
507 }
508 if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
509 verbose(VERB_QUERY, "verify: "
510 "EVP_PKEY_assign_RSA SHA failed");
546 verbose(VERB_QUERY, "verify: sldns_key_rsa2pkey SHA failed");
511547 return 0;
512548 }
513549
531567 #endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */
532568
533569 case LDNS_RSAMD5:
534 *evp_key = EVP_PKEY_new();
570 *evp_key = sldns_key_rsa2pkey_raw(key, keylen);
535571 if(!*evp_key) {
536 log_err("verify: malloc failure in crypto");
537 return 0;
538 }
539 rsa = sldns_key_buf2rsa_raw(key, keylen);
540 if(!rsa) {
541 verbose(VERB_QUERY, "verify: "
542 "sldns_key_buf2rsa_raw MD5 failed");
543 return 0;
544 }
545 if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
546 verbose(VERB_QUERY, "verify: "
547 "EVP_PKEY_assign_RSA MD5 failed");
572 verbose(VERB_QUERY, "verify: sldns_key_rsa2pkey MD5 failed");
548573 return 0;
549574 }
550575 *digest_type = EVP_md5();
820845 secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
821846 {
822847 (void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len);
848 }
849
850 /** the secalgo hash structure */
851 struct secalgo_hash {
852 /** hash context */
853 HASHContext* ctx;
854 };
855
856 /** create hash struct of type */
857 static struct secalgo_hash* secalgo_hash_create_type(HASH_HashType tp)
858 {
859 struct secalgo_hash* h = calloc(1, sizeof(*h));
860 if(!h)
861 return NULL;
862 h->ctx = HASH_Create(tp);
863 if(!h->ctx) {
864 free(h);
865 return NULL;
866 }
867 return h;
868 }
869
870 struct secalgo_hash* secalgo_hash_create_sha384(void)
871 {
872 return secalgo_hash_create_type(HASH_AlgSHA384);
873 }
874
875 struct secalgo_hash* secalgo_hash_create_sha512(void)
876 {
877 return secalgo_hash_create_type(HASH_AlgSHA512);
878 }
879
880 int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
881 {
882 HASH_Update(hash->ctx, (unsigned char*)data, (unsigned int)len);
883 return 1;
884 }
885
886 int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
887 size_t maxlen, size_t* resultlen)
888 {
889 unsigned int reslen = 0;
890 if(HASH_ResultLenContext(hash->ctx) > (unsigned int)maxlen) {
891 *resultlen = 0;
892 log_err("secalgo_hash_final: hash buffer too small");
893 return 0;
894 }
895 HASH_End(hash->ctx, (unsigned char*)result, &reslen,
896 (unsigned int)maxlen);
897 *resultlen = (size_t)reslen;
898 return 1;
899 }
900
901 void secalgo_hash_delete(struct secalgo_hash* hash)
902 {
903 if(!hash) return;
904 HASH_Destroy(hash->ctx);
905 free(hash);
823906 }
824907
825908 size_t
14501533 _digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res);
14511534 }
14521535
1536 /** secalgo hash structure */
1537 struct secalgo_hash {
1538 /** if it is 384 or 512 */
1539 int active;
1540 /** context for sha384 */
1541 struct sha384_ctx ctx384;
1542 /** context for sha512 */
1543 struct sha512_ctx ctx512;
1544 };
1545
1546 struct secalgo_hash* secalgo_hash_create_sha384(void)
1547 {
1548 struct secalgo_hash* h = calloc(1, sizeof(*h));
1549 if(!h)
1550 return NULL;
1551 h->active = 384;
1552 sha384_init(&h->ctx384);
1553 return h;
1554 }
1555
1556 struct secalgo_hash* secalgo_hash_create_sha512(void)
1557 {
1558 struct secalgo_hash* h = calloc(1, sizeof(*h));
1559 if(!h)
1560 return NULL;
1561 h->active = 512;
1562 sha512_init(&h->ctx512);
1563 return h;
1564 }
1565
1566 int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
1567 {
1568 if(hash->active == 384) {
1569 sha384_update(&hash->ctx384, len, data);
1570 } else if(hash->active == 512) {
1571 sha512_update(&hash->ctx512, len, data);
1572 } else {
1573 return 0;
1574 }
1575 return 1;
1576 }
1577
1578 int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
1579 size_t maxlen, size_t* resultlen)
1580 {
1581 if(hash->active == 384) {
1582 if(SHA384_DIGEST_SIZE > maxlen) {
1583 *resultlen = 0;
1584 log_err("secalgo_hash_final: hash buffer too small");
1585 return 0;
1586 }
1587 *resultlen = SHA384_DIGEST_SIZE;
1588 sha384_digest(&hash->ctx384, SHA384_DIGEST_SIZE,
1589 (unsigned char*)result);
1590 } else if(hash->active == 512) {
1591 if(SHA512_DIGEST_SIZE > maxlen) {
1592 *resultlen = 0;
1593 log_err("secalgo_hash_final: hash buffer too small");
1594 return 0;
1595 }
1596 *resultlen = SHA512_DIGEST_SIZE;
1597 sha512_digest(&hash->ctx512, SHA512_DIGEST_SIZE,
1598 (unsigned char*)result);
1599 } else {
1600 *resultlen = 0;
1601 return 0;
1602 }
1603 return 1;
1604 }
1605
1606 void secalgo_hash_delete(struct secalgo_hash* hash)
1607 {
1608 if(!hash) return;
1609 free(hash);
1610 }
1611
14531612 /**
14541613 * Return size of DS digest according to its hash algorithm.
14551614 * @param algo: DS digest algo.
+43
-0
validator/val_secalgo.h less more
4242 #ifndef VALIDATOR_VAL_SECALGO_H
4343 #define VALIDATOR_VAL_SECALGO_H
4444 struct sldns_buffer;
45 struct secalgo_hash;
4546
4647 /** Return size of nsec3 hash algorithm, 0 if not supported */
4748 size_t nsec3_hash_algo_size_supported(int id);
6566 * @param res: result is stored here (space 256/8 bytes).
6667 */
6768 void secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res);
69
70 /**
71 * Start a hash of type sha384. Allocates structure, then inits it,
72 * so that a series of updates can be performed, before the final result.
73 * @return hash structure. NULL on malloc failure or no support.
74 */
75 struct secalgo_hash* secalgo_hash_create_sha384(void);
76
77 /**
78 * Start a hash of type sha512. Allocates structure, then inits it,
79 * so that a series of updates can be performed, before the final result.
80 * @return hash structure. NULL on malloc failure or no support.
81 */
82 struct secalgo_hash* secalgo_hash_create_sha512(void);
83
84 /**
85 * Update a hash with more information to add to it.
86 * @param hash: the hash that is updated.
87 * @param data: data to add.
88 * @param len: length of data.
89 * @return false on failure.
90 */
91 int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len);
92
93 /**
94 * Get the final result of the hash.
95 * @param hash: the hash that has had updates to it.
96 * @param result: where to store the result.
97 * @param maxlen: length of the result buffer, eg. size of the allocation.
98 * If not large enough the routine fails.
99 * @param resultlen: the length of the result, returned to the caller.
100 * How much of maxlen is used.
101 * @return false on failure.
102 */
103 int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
104 size_t maxlen, size_t* resultlen);
105
106 /**
107 * Delete the hash structure.
108 * @param hash: the hash to delete.
109 */
110 void secalgo_hash_delete(struct secalgo_hash* hash);
68111
69112 /**
70113 * Return size of DS digest according to its hash algorithm.
+97
-1
validator/val_sigcrypt.c less more
383383 {
384384 return dnskey_algo_id_is_supported(dnskey_get_algo(dnskey_rrset,
385385 dnskey_idx));
386 }
387
388 int dnskey_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
389 size_t dnskey_idx)
390 {
391 #ifdef DEPRECATE_RSA_1024
392 uint8_t* rdata;
393 size_t len;
394 int alg = dnskey_get_algo(dnskey_rrset, dnskey_idx);
395 size_t keysize;
396
397 rrset_get_rdata(dnskey_rrset, dnskey_idx, &rdata, &len);
398 if(len < 2+4)
399 return 0;
400 keysize = sldns_rr_dnskey_key_size_raw(rdata+2+4, len-2-4, alg);
401
402 switch((sldns_algorithm)alg) {
403 case LDNS_RSAMD5:
404 case LDNS_RSASHA1:
405 case LDNS_RSASHA1_NSEC3:
406 case LDNS_RSASHA256:
407 case LDNS_RSASHA512:
408 /* reject RSA keys of 1024 bits and shorter */
409 if(keysize <= 1024)
410 return 0;
411 break;
412 default:
413 break;
414 }
415 #else
416 (void)dnskey_rrset; (void)dnskey_idx;
417 #endif /* DEPRECATE_RSA_1024 */
418 return 1;
419 }
420
421 int dnskeyset_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset)
422 {
423 size_t i, num = rrset_get_count(dnskey_rrset);
424 for(i=0; i<num; i++) {
425 if(!dnskey_size_is_supported(dnskey_rrset, i))
426 return 0;
427 }
428 return 1;
386429 }
387430
388431 void algo_needs_init_dnskey_add(struct algo_needs* n,
11861229 * section, to prevent that a wildcard synthesized NSEC can be used in
11871230 * the non-existence proves. */
11881231 if(ntohs(k->rk.type) == LDNS_RR_TYPE_NSEC &&
1189 section == LDNS_SECTION_AUTHORITY) {
1232 section == LDNS_SECTION_AUTHORITY && qstate) {
11901233 k->rk.dname = regional_alloc_init(qstate->region, can_owner,
11911234 can_owner_len);
11921235 if(!k->rk.dname)
11951238 }
11961239
11971240
1241 return 1;
1242 }
1243
1244 int
1245 rrset_canonicalize_to_buffer(struct regional* region, sldns_buffer* buf,
1246 struct ub_packed_rrset_key* k)
1247 {
1248 struct rbtree_type* sortree = NULL;
1249 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
1250 uint8_t* can_owner = NULL;
1251 size_t can_owner_len = 0;
1252 struct canon_rr* walk;
1253 struct canon_rr* rrs;
1254
1255 sortree = (struct rbtree_type*)regional_alloc(region,
1256 sizeof(rbtree_type));
1257 if(!sortree)
1258 return 0;
1259 if(d->count > RR_COUNT_MAX)
1260 return 0; /* integer overflow protection */
1261 rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count);
1262 if(!rrs) {
1263 return 0;
1264 }
1265 rbtree_init(sortree, &canonical_tree_compare);
1266 canonical_sort(k, d, sortree, rrs);
1267
1268 sldns_buffer_clear(buf);
1269 RBTREE_FOR(walk, struct canon_rr*, sortree) {
1270 /* see if there is enough space left in the buffer */
1271 if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4
1272 + d->rr_len[walk->rr_idx]) {
1273 log_err("verify: failed to canonicalize, "
1274 "rrset too big");
1275 return 0;
1276 }
1277 /* determine canonical owner name */
1278 if(can_owner)
1279 sldns_buffer_write(buf, can_owner, can_owner_len);
1280 else {
1281 can_owner = sldns_buffer_current(buf);
1282 sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len);
1283 query_dname_tolower(can_owner);
1284 can_owner_len = k->rk.dname_len;
1285 }
1286 sldns_buffer_write(buf, &k->rk.type, 2);
1287 sldns_buffer_write(buf, &k->rk.rrset_class, 2);
1288 sldns_buffer_write_u32(buf, d->rr_ttl[walk->rr_idx]);
1289 sldns_buffer_write(buf, d->rr_data[walk->rr_idx],
1290 d->rr_len[walk->rr_idx]);
1291 canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]);
1292 }
1293 sldns_buffer_flip(buf);
11981294 return 1;
11991295 }
12001296
+29
-0
validator/val_sigcrypt.h less more
178178 */
179179 int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
180180 size_t dnskey_idx);
181
182 /**
183 * See if the DNSKEY size at that algorithm is supported.
184 * @param dnskey_rrset: DNSKEY rrset.
185 * @param dnskey_idx: index of RR in rrset.
186 * @return true if supported.
187 */
188 int dnskey_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
189 size_t dnskey_idx);
190
191 /**
192 * See if the DNSKEY size at that algorithm is supported for all the
193 * RRs in the DNSKEY RRset.
194 * @param dnskey_rrset: DNSKEY rrset.
195 * @return true if supported.
196 */
197 int dnskeyset_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset);
181198
182199 /**
183200 * See if DS digest algorithm is supported
333350 int rrset_canonical_equal(struct regional* region,
334351 struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2);
335352
353 /**
354 * Canonicalize an rrset into the buffer. For an auth zone record, so
355 * this does not use a signature, or the RRSIG TTL or the wildcard label
356 * count from the RRSIG.
357 * @param region: temporary region.
358 * @param buf: the buffer to use.
359 * @param k: the rrset to insert.
360 * @return false on alloc error.
361 */
362 int rrset_canonicalize_to_buffer(struct regional* region,
363 struct sldns_buffer* buf, struct ub_packed_rrset_key* k);
364
336365 #endif /* VALIDATOR_VAL_SIGCRYPT_H */
+38
-9
validator/val_utils.c less more
417417 struct module_qstate* qstate)
418418 {
419419 enum sec_status sec = sec_status_bogus;
420 size_t i, num, numchecked = 0, numhashok = 0;
420 size_t i, num, numchecked = 0, numhashok = 0, numsizesupp = 0;
421421 num = rrset_get_count(dnskey_rrset);
422422 for(i=0; i<num; i++) {
423423 /* Skip DNSKEYs that don't match the basic criteria. */
440440 continue;
441441 }
442442 numhashok++;
443 if(!dnskey_size_is_supported(dnskey_rrset, i)) {
444 verbose(VERB_ALGO, "DS okay but that DNSKEY size is not supported");
445 numsizesupp++;
446 continue;
447 }
443448 verbose(VERB_ALGO, "DS match digest ok, trying signature");
444449
445450 /* Otherwise, we have a match! Make sure that the DNSKEY
450455 return sec;
451456 }
452457 /* If it didn't validate with the DNSKEY, try the next one! */
458 }
459 if(numsizesupp != 0) {
460 /* there is a working DS, but that DNSKEY is not supported */
461 return sec_status_insecure;
453462 }
454463 if(numchecked == 0)
455464 algo_needs_reason(env, ds_get_key_algo(ds_rrset, ds_idx),
518527 continue;
519528 }
520529
530 sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset,
531 ds_rrset, i, reason, qstate);
532 if(sec == sec_status_insecure)
533 continue;
534
521535 /* Once we see a single DS with a known digestID and
522536 * algorithm, we cannot return INSECURE (with a
523537 * "null" KeyEntry). */
524538 has_useful_ds = 1;
525539
526 sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset,
527 ds_rrset, i, reason, qstate);
528540 if(sec == sec_status_secure) {
529541 if(!sigalg || algo_needs_set_secure(&needs,
530542 (uint8_t)ds_get_key_algo(ds_rrset, i))) {
531543 verbose(VERB_ALGO, "DS matched DNSKEY.");
544 if(!dnskeyset_size_is_supported(dnskey_rrset)) {
545 verbose(VERB_ALGO, "DS works, but dnskeyset contain keys that are unsupported, treat as insecure");
546 return sec_status_insecure;
547 }
532548 return sec_status_secure;
533549 }
534550 } else if(sigalg && sec == sec_status_bogus) {
630646 ds_get_digest_algo(ta_ds, i) != digest_algo)
631647 continue;
632648
649 sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset,
650 ta_ds, i, reason, qstate);
651 if(sec == sec_status_insecure)
652 continue;
653
633654 /* Once we see a single DS with a known digestID and
634655 * algorithm, we cannot return INSECURE (with a
635656 * "null" KeyEntry). */
636657 has_useful_ta = 1;
637658
638 sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset,
639 ta_ds, i, reason, qstate);
640659 if(sec == sec_status_secure) {
641660 if(!sigalg || algo_needs_set_secure(&needs,
642661 (uint8_t)ds_get_key_algo(ta_ds, i))) {
643662 verbose(VERB_ALGO, "DS matched DNSKEY.");
663 if(!dnskeyset_size_is_supported(dnskey_rrset)) {
664 verbose(VERB_ALGO, "trustanchor works, but dnskeyset contain keys that are unsupported, treat as insecure");
665 return sec_status_insecure;
666 }
644667 return sec_status_secure;
645668 }
646669 } else if(sigalg && sec == sec_status_bogus) {
657680 /* Check to see if we can understand this DNSKEY */
658681 if(!dnskey_algo_is_supported(ta_dnskey, i))
659682 continue;
683 if(!dnskey_size_is_supported(ta_dnskey, i))
684 continue;
660685
661686 /* we saw a useful TA */
662687 has_useful_ta = 1;
667692 if(!sigalg || algo_needs_set_secure(&needs,
668693 (uint8_t)dnskey_get_algo(ta_dnskey, i))) {
669694 verbose(VERB_ALGO, "anchor matched DNSKEY.");
695 if(!dnskeyset_size_is_supported(dnskey_rrset)) {
696 verbose(VERB_ALGO, "trustanchor works, but dnskeyset contain keys that are unsupported, treat as insecure");
697 return sec_status_insecure;
698 }
670699 return sec_status_secure;
671700 }
672701 } else if(sigalg && sec == sec_status_bogus) {
737766 sldns_lookup_table *lt;
738767 char herr[64], aerr[64];
739768 lt = sldns_lookup_by_id(sldns_hashes,
740 (int)ds_get_digest_algo(ds_rrset, i));
769 (int)ds_get_digest_algo(ds_rrset, 0));
741770 if(lt) snprintf(herr, sizeof(herr), "%s", lt->name);
742771 else snprintf(herr, sizeof(herr), "%d",
743 (int)ds_get_digest_algo(ds_rrset, i));
772 (int)ds_get_digest_algo(ds_rrset, 0));
744773 lt = sldns_lookup_by_id(sldns_algorithms,
745 (int)ds_get_key_algo(ds_rrset, i));
774 (int)ds_get_key_algo(ds_rrset, 0));
746775 if(lt) snprintf(aerr, sizeof(aerr), "%s", lt->name);
747776 else snprintf(aerr, sizeof(aerr), "%d",
748 (int)ds_get_key_algo(ds_rrset, i));
777 (int)ds_get_key_algo(ds_rrset, 0));
749778 verbose(VERB_ALGO, "DS unsupported, hash %s %s, "
750779 "key algorithm %s %s", herr,
751780 (ds_digest_algo_is_supported(ds_rrset, 0)?
+12
-10
validator/validator.c less more
136136 val_env->date_override = cfg->val_date_override;
137137 val_env->skew_min = cfg->val_sig_skew_min;
138138 val_env->skew_max = cfg->val_sig_skew_max;
139 val_env->max_restart = cfg->val_max_restart;
139140 c = cfg_count_numbers(cfg->val_nsec3_key_iterations);
140141 if(c < 1 || (c&1)) {
141 log_err("validator: unparseable or odd nsec3 key "
142 log_err("validator: unparsable or odd nsec3 key "
142143 "iterations: %s", cfg->val_nsec3_key_iterations);
143144 return 0;
144145 }
482483 return 0;
483484 }
484485
485 /* Not interrested in subquery response. Restore the ext_state,
486 /* Not interested in subquery response. Restore the ext_state,
486487 * that might be changed by generate_request() */
487488 qstate->ext_state[id] = ext_state;
488489
14861487 enum val_classification subtype = val_classify_response(
14871488 qstate->query_flags, &qstate->qinfo, &vq->qchase,
14881489 vq->orig_msg->rep, vq->rrset_skip);
1489 if(vq->restart_count > VAL_MAX_RESTART_COUNT) {
1490 if(vq->restart_count > ve->max_restart) {
14901491 verbose(VERB_ALGO, "restart count exceeded");
14911492 return val_error(qstate, id);
14921493 }
16391640 errinf(qstate, key_entry_get_reason(vq->key_entry));
16401641 }
16411642 /* no retries, stop bothering the authority until timeout */
1642 vq->restart_count = VAL_MAX_RESTART_COUNT;
1643 vq->restart_count = ve->max_restart;
16431644 vq->chase_reply->security = sec_status_bogus;
16441645 vq->state = VAL_FINISHED_STATE;
16451646 return 1;
18471848 LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class);
18481849 vq->chase_reply->security = sec_status_bogus;
18491850 errinf(qstate, "while building chain of trust");
1850 if(vq->restart_count >= VAL_MAX_RESTART_COUNT)
1851 if(vq->restart_count >= ve->max_restart)
18511852 key_cache_insert(ve->kcache, vq->key_entry, qstate);
18521853 return 1;
18531854 }
20632064 * endless bogus revalidation */
20642065 if(vq->orig_msg->rep->security == sec_status_bogus) {
20652066 /* see if we can try again to fetch data */
2066 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2067 if(vq->restart_count < ve->max_restart) {
20672068 int restart_count = vq->restart_count+1;
20682069 verbose(VERB_ALGO, "validation failed, "
20692070 "blacklist and retry to fetch data");
26042605 int id, int rcode, struct dns_msg* msg, struct query_info* qinfo,
26052606 struct sock_list* origin)
26062607 {
2608 struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
26072609 struct key_entry_key* dske = NULL;
26082610 uint8_t* olds = vq->empty_DS_name;
26092611 vq->empty_DS_name = NULL;
26372639 vq->chain_blacklist = NULL; /* fresh blacklist for next part*/
26382640 /* Keep the forState.state on FINDKEY. */
26392641 } else if(key_entry_isbad(dske)
2640 && vq->restart_count < VAL_MAX_RESTART_COUNT) {
2642 && vq->restart_count < ve->max_restart) {
26412643 vq->empty_DS_name = olds;
26422644 val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1);
26432645 qstate->errinf = NULL;
26902692 /* bad response */
26912693 verbose(VERB_DETAIL, "Missing DNSKEY RRset in response to "
26922694 "DNSKEY query.");
2693 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2695 if(vq->restart_count < ve->max_restart) {
26942696 val_blacklist(&vq->chain_blacklist, qstate->region,
26952697 origin, 1);
26962698 qstate->errinf = NULL;
27292731 * state. */
27302732 if(!key_entry_isgood(vq->key_entry)) {
27312733 if(key_entry_isbad(vq->key_entry)) {
2732 if(vq->restart_count < VAL_MAX_RESTART_COUNT) {
2734 if(vq->restart_count < ve->max_restart) {
27332735 val_blacklist(&vq->chain_blacklist,
27342736 qstate->region, origin, 1);
27352737 qstate->errinf = NULL;
28062808 lock_basic_unlock(&ta->lock);
28072809 if(vq->key_entry) {
28082810 if(key_entry_isbad(vq->key_entry)
2809 && vq->restart_count < VAL_MAX_RESTART_COUNT) {
2811 && vq->restart_count < ve->max_restart) {
28102812 val_blacklist(&vq->chain_blacklist, qstate->region,
28112813 origin, 1);
28122814 qstate->errinf = NULL;
+4
-4
validator/validator.h less more
6363 */
6464 #define BOGUS_KEY_TTL 60 /* seconds */
6565
66 /** max number of query restarts, number of IPs to probe */
67 #define VAL_MAX_RESTART_COUNT 5
68
6966 /** Root key sentinel is ta preamble */
7067 #define SENTINEL_IS "root-key-sentinel-is-ta-"
7168 /** Root key sentinel is not ta preamble */
7269 #define SENTINEL_NOT "root-key-sentinel-not-ta-"
73 /** Root key sentinal keytag length */
70 /** Root key sentinel keytag length */
7471 #define SENTINEL_KEYTAG_LEN 5
7572
7673 /**
9390
9491 /** clock skew max for signatures */
9592 int32_t skew_max;
93
94 /** max number of query restarts, number of IPs to probe */
95 int32_t max_restart;
9696
9797 /** TTL for bogus data; used instead of untrusted TTL from data.
9898 * Bogus data will not be verified more often than this interval.