Commit upstream/1.2.1 - unbound

+35

-14

Makefile.in less more

1	1	# See the file LICENSE for the license
2	2
3	3	debug_enabled=@debug_enabled@
	4	ifeq "$(QUIET)" ""
4	5	ifeq ($(debug_enabled),yes)
5	6	QUIET=yes
6	7	else
7	8	QUIET=no
	9	endif
8	10	endif
9	11
10	12	ifeq "$(QUIET)" "yes"

33	35	ldnsdir=@ldnsdir@
34	36	staticexe=@staticexe@
35	37	configfile=@ub_conf_file@
	38	UNBOUND_RUN_DIR=@UNBOUND_RUN_DIR@
36	39	CHECKLOCK_SRC=@CHECKLOCK_SRC@
37	40
38	41	YACC=@YACC@

44	47	LIBS=@LIBS@
45	48	LIBOBJS=@LIBOBJS@
46	49	RUNTIME_PATH=@RUNTIME_PATH@
	50	DEPFLAG=@DEPFLAG@
47	51	DATE=$(shell date +%Y%m%d)
48	52	LIBTOOL=$(libtool)
49	53	ifeq "$(QUIET)" "yes"

75	79	DAEMON_OBJ=$(addprefix $(BUILD),$(DAEMON_SRC:.c=.lo)) $(COMPAT_OBJ)
76	80	CHECKCONF_SRC=smallapp/unbound-checkconf.c smallapp/worker_cb.c $(COMMON_SRC)
77	81	CHECKCONF_OBJ=$(addprefix $(BUILD),$(CHECKCONF_SRC:.c=.lo)) $(COMPAT_OBJ)
	82	CONTROL_SRC=smallapp/unbound-control.c smallapp/worker_cb.c $(COMMON_SRC)
	83	CONTROL_OBJ=$(addprefix $(BUILD),$(CONTROL_SRC:.c=.lo)) $(COMPAT_OBJ)
78	84	HOST_SRC=smallapp/unbound-host.c
79	85	HOST_OBJ=$(addprefix $(BUILD),$(HOST_SRC:.c=.lo)) $(COMPAT_OBJ)
80	86	TESTBOUND_SRC=testcode/testbound.c testcode/ldns-testpkts.c \

108	114	$(TESTBOUND_SRC) $(LOCKVERIFY_SRC) $(PKTVIEW_SRC) $(SIGNIT_SRC) \
109	115	$(MEMSTATS_SRC) $(CHECKCONF_SRC) $(LIBUNBOUND_SRC) $(HOST_SRC) \
110	116	$(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \
111		$(HARVEST_SRC) )
	117	$(HARVEST_SRC) $(CONTROL_SRC))
112	118	ALL_OBJ=$(addprefix $(BUILD),$(ALL_SRC:.c=.lo) \
113	119	$(addprefix compat/,$(LIBOBJS:.o=.lo))) $(COMPAT_OBJ)
114	120

125	131	@-if test ! -d $(dir $@); then $(INSTALL) -d $(patsubst %/,%,$(dir $@)); fi
126	132	$Q$(COMPILE) -c $< -o $@
127	133
128		all: $(COMMON_OBJ) unbound unbound-checkconf lib unbound-host
129
130		tests: all unittest testbound lock-verify pktview signit memstats \
131		asynclook streamtcp perf delayer harvest
	134	all: $(COMMON_OBJ) unbound unbound-checkconf lib unbound-host unbound-control unbound-control-setup
	135
	136	TEST_BIN=asynclook delayer harvest lock-verify memstats perf pktview signit \
	137	streamtcp testbound unittest
	138	tests: all $(TEST_BIN)
132	139
133	140	test: tests
134	141	if test -x "`which bash`"; then bash testcode/do-tests.sh; else sh testcode/do-tests.sh; fi

150	157
151	158	unbound: $(DAEMON_OBJ) $(ldnslib)
152	159	$(INFO) Link $@
153		$Q$(LINK) -o $@ $(sort $(DAEMON_OBJ)) $(LIBS)
	160	$Q$(LINK) -o $@ $(sort $(DAEMON_OBJ)) -lssl $(LIBS)
154	161
155	162	unbound-checkconf: $(CHECKCONF_OBJ) $(ldnslib)
156	163	$(INFO) Link $@
157	164	$Q$(LINK) -o $@ $(sort $(CHECKCONF_OBJ)) $(LIBS)
158	165
	166	unbound-control: $(CONTROL_OBJ) $(ldnslib)
	167	$(INFO) Link $@
	168	$Q$(LINK) -o $@ $(sort $(CONTROL_OBJ)) -lssl $(LIBS)
	169
159	170	unbound-host: $(HOST_OBJ) libunbound.la $(ldnslib)
160	171	$(INFO) Link $@
161	172	$Q$(LINK) -o $@ $(sort $(HOST_OBJ)) -L. -L.libs -lunbound $(LIBS)

166	177
167	178	testbound: $(TESTBOUND_OBJ) $(ldnslib)
168	179	$(INFO) Link $@
169		$Q$(LINK) -o $@ $(sort $(TESTBOUND_OBJ)) $(LIBS)
	180	$Q$(LINK) -o $@ $(sort $(TESTBOUND_OBJ)) -lssl $(LIBS)
170	181
171	182	lock-verify: $(LOCKVERIFY_OBJ) $(ldnslib)
172	183	$(INFO) Link $@

203	214	harvest: $(HARVEST_OBJ) $(ldnslib) libunbound.la
204	215	$(INFO) Link $@
205	216	$Q$(LINK) -o $@ $(sort $(HARVEST_OBJ)) $(LIBS) -L. -L.libs -lunbound
	217
	218	unbound-control-setup: $(srcdir)/smallapp/unbound-control-setup.sh
	219	$(INFO) Sed $@
	220	$Qsed -e 's:^DESTDIR=.*$$:DESTDIR=$(UNBOUND_RUN_DIR):' < $< > $@
	221	$Q-chmod +x $@
206	222
207	223	#testcode/ldns-testpkts.c: $(ldnsdir)/examples/ldns-testpkts.c \
208	224	# $(ldnsdir)/examples/ldns-testpkts.h

227	243
228	244	clean:
229	245	rm -f .o .d .lo ~ tags
230		rm -f unbound unbound-checkconf unbound-host
	246	rm -f unbound unbound-checkconf unbound-host unbound-control unbound-control-setup libunbound.la
231	247	rm -rf autom4te.cache .libs build doc/html
232	248
233	249	realclean: clean
234	250	rm -f config.status config.log config.h.in config.h
235	251	rm -f configure config.sub config.guess ltmain.sh aclocal.m4 libtool
236	252	rm -f util/configlexer.c util/configparser.c util/configparser.h
	253	rm -f $(TEST_BIN)
237	254	if test -d ldns-src; then rm -rf ldns-src; fi
238	255	rm -f Makefile
239	256

255	272	strip:
256	273	strip unbound
257	274	strip unbound-checkconf
	275	strip unbound-control
258	276	strip unbound-host
259	277
260	278	install:

268	286	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
269	287	$(LIBTOOL) --mode=install cp unbound $(DESTDIR)$(sbindir)/unbound
270	288	$(LIBTOOL) --mode=install cp unbound-checkconf $(DESTDIR)$(sbindir)/unbound-checkconf
	289	$(LIBTOOL) --mode=install cp unbound-control $(DESTDIR)$(sbindir)/unbound-control
271	290	$(LIBTOOL) --mode=install cp unbound-host $(DESTDIR)$(sbindir)/unbound-host
272	291	$(INSTALL) -c -m 644 doc/unbound.8 $(DESTDIR)$(mandir)/man8
273	292	$(INSTALL) -c -m 644 doc/unbound-checkconf.8 $(DESTDIR)$(mandir)/man8
	293	$(INSTALL) -c -m 644 doc/unbound-control.8 $(DESTDIR)$(mandir)/man8
274	294	$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
275	295	$(INSTALL) -c -m 644 $(srcdir)/doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
276	296	$(INSTALL) -c -m 644 doc/libunbound.3 $(DESTDIR)$(mandir)/man3
	297	$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
277	298	if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi
278	299	$(LIBTOOL) --mode=install cp $(srcdir)/libunbound/unbound.h $(DESTDIR)$(includedir)/unbound.h
279	300	$(LIBTOOL) --mode=install cp libunbound.la $(DESTDIR)$(libdir)
280	301	$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
281	302
282	303	uninstall:
283		rm -f -- $(DESTDIR)$(sbindir)/unbound $(DESTDIR)$(sbindir)/unbound-checkconf $(DESTDIR)$(sbindir)/unbound-host
284		rm -f -- $(DESTDIR)$(mandir)/man8/unbound.8 $(DESTDIR)$(mandir)/man8/unbound-checkconf.8 $(DESTDIR)$(mandir)/man5/unbound.conf.5
	304	rm -f -- $(DESTDIR)$(sbindir)/unbound $(DESTDIR)$(sbindir)/unbound-checkconf $(DESTDIR)$(sbindir)/unbound-host $(DESTDIR)$(sbindir)/unbound-control $(DESTDIR)$(sbindir)/unbound-control-setup
	305	rm -f -- $(DESTDIR)$(mandir)/man8/unbound.8 $(DESTDIR)$(mandir)/man8/unbound-checkconf.8 $(DESTDIR)$(mandir)/man5/unbound.conf.5 $(DESTDIR)$(mandir)/man8/unbound-control.8
285	306	rm -f -- $(DESTDIR)$(mandir)/man1/unbound-host.1 $(DESTDIR)$(mandir)/man3/libunbound.3
286	307	rm -f -- $(DESTDIR)$(includedir)/unbound.h
287	308	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la

291	312	download_ldns:
292	313	svn export https://www.nlnetlabs.nl/svn/ldns/trunk/makedist.sh ldns_makedist.sh
293	314	./ldns_makedist.sh -s -d https://www.nlnetlabs.nl/svn/ldns/trunk
294		mv ldns-_pre_.tar.gz ldns-src.tar.gz
295		rm ldns-_pre_.tar.gz.sha1 ldns_makedist.sh
	315	mv ldns-[0-9]*.tar.gz ldns-src.tar.gz
	316	rm ldns-*.tar.gz.sha1 ldns_makedist.sh
296	317
297	318	iana_update:
298	319	curl -o port-numbers.tmp http://www.iana.org/assignments/port-numbers
299		egrep -v "Unassigned\|Reserved" port-numbers.tmp \| awk '{ match($$0, "[0-9]+/udp"); if (RLENGTH > 0) print substr($$0, RSTART, RLENGTH - 4) ","}' \| sort -nu > portslist.tmp
	320	awk '/Unassigned\|Reserved/ {next;} { match($$0, "[0-9]+/udp"); if (RLENGTH > 0) print substr($$0, RSTART, RLENGTH - 4) ","}' port-numbers.tmp \| sort -nu > portslist.tmp
300	321	cat portslist.tmp > util/iana_ports.inc
301	322	rm -f port-numbers.tmp portslist.tmp
302	323

306	327	@if test ! -z "$(ldnsdir)" -a ! -e $(ldnsdir)/include/ldns/ldns.h; \
307	328	then (cd $(ldnsdir); $(MAKE) copy-headers); fi
308	329	@-if test ! -d $(dir $@); then $(INSTALL) -d $(patsubst %/,%,$(dir $@)); fi
309		$Q$(SHELL) -ec '$(CC) -MM $(CPPFLAGS) $(CFLAGS) $< \
	330	$Q$(SHELL) -ec '$(CC) $(DEPFLAG) $(CPPFLAGS) $(CFLAGS) $< \
310	331	\| sed '\''s!$.$\.o[ :]!$(dir $@)\1.lo $@ : !g'\'' > $@; \
311	332	[ -s $@ ] \|\| rm -f $@'
312	333

+4

-4

compat/fake-rfc2553.h less more

148	148	#ifdef getaddrinfo
149	149	# undef getaddrinfo
150	150	#endif
151		#define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d))
	151	#define getaddrinfo(a,b,c,d) (getaddrinfo_unbound(a,b,c,d))
152	152	int getaddrinfo(const char , const char ,
153	153	const struct addrinfo , struct addrinfo *);
154	154	#endif /* !HAVE_GETADDRINFO */
155	155
156	156	#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO)
157		#define gai_strerror(a) (ssh_gai_strerror(a))
	157	#define gai_strerror(a) (gai_strerror_unbound(a))
158	158	char *gai_strerror(int);
159	159	#endif /* !HAVE_GAI_STRERROR */
160	160
161	161	#ifndef HAVE_FREEADDRINFO
162		#define freeaddrinfo(a) (ssh_freeaddrinfo(a))
	162	#define freeaddrinfo(a) (freeaddrinfo_unbound(a))
163	163	void freeaddrinfo(struct addrinfo *);
164	164	#endif /* !HAVE_FREEADDRINFO */
165	165
166	166	#ifndef HAVE_GETNAMEINFO
167		#define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g))
	167	#define getnameinfo(a,b,c,d,e,f,g) (getnameinfo_unbound(a,b,c,d,e,f,g))
168	168	int getnameinfo(const struct sockaddr , size_t, char , size_t,
169	169	char *, size_t, int);
170	170	#endif /* !HAVE_GETNAMEINFO */

+0

-34

~~compat/socketpair.c~~ less more

0		/* socketpair.c - windows mingw32 replacement for socketpair.
1		* creates a pipe that works like a socketpair a bit
2		* Taken from libevent-1.4.3.stable WIN32-Code/misc.c
3		* License: BSD.
4		*/
5		#include "config.h"
6		#include <stdio.h>
7		#include <windows.h>
8
9		int
10		socketpair(int d, int type, int protocol, int *sv)
11		{
12		static int count;
13		char buf[64];
14		HANDLE fd;
15		DWORD dwMode;
16		(void)d; (void)type; (void)protocol;
17		sprintf(buf, "\\\\.\\pipe\\levent-%d", count++);
18		/* Create a duplex pipe which will behave like a socket pair */
19		fd = CreateNamedPipe(buf, PIPE_ACCESS_DUPLEX, PIPE_TYPE_BYTE \| PIPE_NOWAIT,
20		PIPE_UNLIMITED_INSTANCES, 4096, 4096, 0, NULL);
21		if (fd == INVALID_HANDLE_VALUE)
22		return (-1);
23		sv[0] = (int)fd;
24
25		fd = CreateFile(buf, GENERIC_READ\|GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
26		if (fd == INVALID_HANDLE_VALUE)
27		return (-1);
28		dwMode = PIPE_NOWAIT;
29		SetNamedPipeHandleState(fd, &dwMode, NULL, NULL);
30		sv[1] = (int)fd;
31
32		return (0);
33		}

+38

-11

config.h.in less more

5	5	/* Pathname to the Unbound configuration file */
6	6	#undef CONFIGFILE
7	7
	8	/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work
	9	*/
	10	#undef DARWIN_BROKEN_SETREUID
	11
8	12	/* Define if you want to use debug lock checking (slow). */
9	13	#undef ENABLE_LOCK_CHECKS
10	14

38	42	/* Define to 1 if you have the <event.h> header file. */
39	43	#undef HAVE_EVENT_H
40	44
	45	/* Define to 1 if you have the `EVP_sha1' function. */
	46	#undef HAVE_EVP_SHA1
	47
	48	/* Define to 1 if you have the `EVP_sha256' function. */
	49	#undef HAVE_EVP_SHA256
	50
	51	/* Define to 1 if you have the `EVP_sha512' function. */
	52	#undef HAVE_EVP_SHA512
	53
	54	/* Define to 1 if you have the `ev_loop' function. */
	55	#undef HAVE_EV_LOOP
	56
41	57	/* Define to 1 if you have the `fcntl' function. */
42	58	#undef HAVE_FCNTL
43	59

58	74
59	75	/* Define to 1 if you have the `getrlimit' function. */
60	76	#undef HAVE_GETRLIMIT
	77
	78	/* Define to 1 if you have the `glob' function. */
	79	#undef HAVE_GLOB
	80
	81	/* Define to 1 if you have the <glob.h> header file. */
	82	#undef HAVE_GLOB_H
61	83
62	84	/* Define to 1 if you have the `gmtime_r' function. */
63	85	#undef HAVE_GMTIME_R

135	157	/* Define to 1 if you have the `sendmsg' function. */
136	158	#undef HAVE_SENDMSG
137	159
	160	/* Define to 1 if you have the `setregid' function. */
	161	#undef HAVE_SETREGID
	162
	163	/* Define to 1 if you have the `setresgid' function. */
	164	#undef HAVE_SETRESGID
	165
	166	/* Define to 1 if you have the `setresuid' function. */
	167	#undef HAVE_SETRESUID
	168
	169	/* Define to 1 if you have the `setreuid' function. */
	170	#undef HAVE_SETREUID
	171
138	172	/* Define to 1 if you have the `setsid' function. */
139	173	#undef HAVE_SETSID
140	174

147	181	/* Define to 1 if you have the `snprintf' function. */
148	182	#undef HAVE_SNPRINTF
149	183
150		/* Define to 1 if you have the `socketpair' function. */
151		#undef HAVE_SOCKETPAIR
152
153	184	/* Using Solaris threads */
154	185	#undef HAVE_SOLARIS_THREADS
155	186

248	279
249	280	/* Define if mkdir has one argument. */
250	281	#undef MKDIR_HAS_ONE_ARG
	282
	283	/* Define if the network stack does not fully support nonblocking io (causes
	284	lower performance). */
	285	#undef NONBLOCKING_IS_BROKEN
251	286
252	287	/* Define to the address where bug reports for this package should be sent. */
253	288	#undef PACKAGE_BUGREPORT

531	566	struct tm gmtime_r(const time_t timep, struct tm *result);
532	567	#endif
533	568	#ifndef HAVE_GETADDRINFO
534		#define getaddrinfo getaddrinfo_unbound
535		#define gai_strerror gai_strerror_unbound
536		#define freeaddrinfo freeaddrinfo_unbound
537		#define getnameinfo getnameinfo_unbound
538	569	struct sockaddr_storage;
539	570	#include "compat/fake-rfc2553.h"
540	571	#endif
541
542	572	#ifndef HAVE_SLEEP
543	573	#define sleep(x) Sleep((x)1000) / on win32 */
544	574	#endif /* HAVE_SLEEP */

551	581	#ifndef HAVE_SRANDOM
552	582	#define srandom(x) srand(x) /* on win32, for tests only (bad random) */
553	583	#endif /* HAVE_SRANDOM */
554		#ifndef HAVE_SOCKETPAIR
555		int socketpair(int d, int type, int protocol, int *sv);
556		#endif
557	584
558	585	/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
559	586	#ifdef HAVE_WINSOCK2_H

+989

-184

configure less more

0	0	#! /bin/sh
1	1	# Guess values for system-dependent variables and create Makefiles.
2		# Generated by GNU Autoconf 2.61 for unbound 1.0.2.
	2	# Generated by GNU Autoconf 2.61 for unbound 1.2.1.
3	3	#
4	4	# Report bugs to <unbound-bugs@nlnetlabs.nl>.
5	5	#

723	723	# Identity of this package.
724	724	PACKAGE_NAME='unbound'
725	725	PACKAGE_TARNAME='unbound'
726		PACKAGE_VERSION='1.0.2'
727		PACKAGE_STRING='unbound 1.0.2'
	726	PACKAGE_VERSION='1.2.1'
	727	PACKAGE_STRING='unbound 1.2.1'
728	728	PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
729	729
730	730	# Factoring default headers for most tests.

818	818	UNBOUND_CHROOT_DIR
819	819	UNBOUND_PIDFILE
820	820	UNBOUND_USERNAME
	821	DEPFLAG
821	822	debug_enabled
822	823	libtool
823	824	AR

1367	1368	# Omit some internal or obsolete options to make the list less imposing.
1368	1369	# This message is too long to be a string in the A/UX 3.1 sh.
1369	1370	cat <<_ACEOF
1370		\`configure' configures unbound 1.0.2 to adapt to many kinds of systems.
	1371	\`configure' configures unbound 1.2.1 to adapt to many kinds of systems.
1371	1372
1372	1373	Usage: $0 [OPTION]... [VAR=VALUE]...
1373	1374

1432	1433
1433	1434	if test -n "$ac_init_help"; then
1434	1435	case $ac_init_help in
1435		short \| recursive ) echo "Configuration of unbound 1.0.2:";;
	1436	short \| recursive ) echo "Configuration of unbound 1.2.1:";;
1436	1437	esac
1437	1438	cat <<\_ACEOF
1438	1439

1565	1566	test -n "$ac_init_help" && exit $ac_status
1566	1567	if $ac_init_version; then
1567	1568	cat <<\_ACEOF
1568		unbound configure 1.0.2
	1569	unbound configure 1.2.1
1569	1570	generated by GNU Autoconf 2.61
1570	1571
1571	1572	Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,

1579	1580	This file contains any messages produced by compilers while
1580	1581	running configure, to aid debugging if configure makes a mistake.
1581	1582
1582		It was created by unbound $as_me 1.0.2, which was
	1583	It was created by unbound $as_me 1.2.1, which was
1583	1584	generated by GNU Autoconf 2.61. Invocation command line was
1584	1585
1585	1586	$ $0 $@

1934	1935
1935	1936
1936	1937	LIBUNBOUND_CURRENT=0
1937		LIBUNBOUND_REVISION=14
	1938	LIBUNBOUND_REVISION=18
1938	1939	LIBUNBOUND_AGE=0
1939	1940	# 1.0.0 had 0:12:0
1940	1941	# 1.0.1 had 0:13:0
1941	1942	# 1.0.2 had 0:14:0
	1943	# 1.1.0 had 0:15:0
	1944	# 1.1.1 had 0:16:0
	1945	# 1.2.0 had 0:17:0
	1946	# 1.2.1 had 0:18:0
1942	1947
1943	1948	# Current -- the number of the binary API that we're implementing
1944	1949	# Revision -- which iteration of the implementation of the binary

1962	1967
1963	1968
1964	1969
1965		CFLAGS=
	1970	CFLAGS="$CFLAGS"
1966	1971	ac_ext=c
1967	1972	ac_cpp='$CPP $CPPFLAGS'
1968	1973	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'

3398	3403
3399	3404
3400	3405
	3406
	3407
3401	3408	# if the given code compiles without the flag, execute argument 4
3402	3409	# if the given code only compiles with the flag, execute argument 3
3403	3410	# otherwise fail, execute argument 5.

3579	3586	fi
3580	3587
3581	3588
	3589	# test DEPFLAG
	3590	{ echo "$as_me:$LINENO: checking $CC dependency flag" >&5
	3591	echo $ECHO_N "checking $CC dependency flag... $ECHO_C" >&6; }
	3592	echo 'void f(){}' >conftest.c
	3593	if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then
	3594	DEPFLAG="-MM"
	3595	else
	3596	if test "`$CC -xM1 conftest.c 2>&1`" = "conftest.o: conftest.c"; then
	3597	DEPFLAG="-xM1"
	3598	else
	3599	DEPFLAG="-MM" # dunno do something
	3600	fi
	3601	fi
	3602	{ echo "$as_me:$LINENO: result: $DEPFLAG" >&5
	3603	echo "${ECHO_T}$DEPFLAG" >&6; }
	3604	rm -f conftest.c
	3605
	3606
	3607
	3608
	3609	{ echo "$as_me:$LINENO: checking whether $CC supports -std=c99" >&5
	3610	echo $ECHO_N "checking whether $CC supports -std=c99... $ECHO_C" >&6; }
	3611	cache=`echo std=c99 \| sed 'y%.=/+-%___p_%'`
	3612	if { as_var=cv_prog_cc_flag_$cache; eval "test \"\${$as_var+set}\" = set"; }; then
	3613	echo $ECHO_N "(cached) $ECHO_C" >&6
	3614	else
	3615
	3616	echo 'void f(){}' >conftest.c
	3617	if test -z "`$CC -std=c99 -c conftest.c 2>&1`"; then
	3618	eval "cv_prog_cc_flag_$cache=yes"
	3619	else
	3620	eval "cv_prog_cc_flag_$cache=no"
	3621	fi
	3622	rm -f conftest*
	3623
	3624	fi
	3625
	3626	if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
	3627	{ echo "$as_me:$LINENO: result: yes" >&5
	3628	echo "${ECHO_T}yes" >&6; }
	3629	:
	3630	C99FLAG="-std=c99"
	3631	else
	3632	{ echo "$as_me:$LINENO: result: no" >&5
	3633	echo "${ECHO_T}no" >&6; }
	3634	:
	3635
	3636	fi
	3637
	3638
	3639
	3640	{ echo "$as_me:$LINENO: checking whether $CC supports -xc99" >&5
	3641	echo $ECHO_N "checking whether $CC supports -xc99... $ECHO_C" >&6; }
	3642	cache=`echo xc99 \| sed 'y%.=/+-%___p_%'`
	3643	if { as_var=cv_prog_cc_flag_$cache; eval "test \"\${$as_var+set}\" = set"; }; then
	3644	echo $ECHO_N "(cached) $ECHO_C" >&6
	3645	else
	3646
	3647	echo 'void f(){}' >conftest.c
	3648	if test -z "`$CC -xc99 -c conftest.c 2>&1`"; then
	3649	eval "cv_prog_cc_flag_$cache=yes"
	3650	else
	3651	eval "cv_prog_cc_flag_$cache=no"
	3652	fi
	3653	rm -f conftest*
	3654
	3655	fi
	3656
	3657	if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
	3658	{ echo "$as_me:$LINENO: result: yes" >&5
	3659	echo "${ECHO_T}yes" >&6; }
	3660	:
	3661	C99FLAG="-xc99"
	3662	else
	3663	{ echo "$as_me:$LINENO: result: no" >&5
	3664	echo "${ECHO_T}no" >&6; }
	3665	:
	3666
	3667	fi
	3668
	3669
3582	3670	{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
3583	3671	echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
3584	3672	if test "${ac_cv_header_stdc+set}" = set; then

3946	4034
3947	4035
3948	4036
3949		{ echo "$as_me:$LINENO: checking whether we need -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC" >&5
3950		echo $ECHO_N "checking whether we need -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC... $ECHO_C" >&6; }
3951		cache=`echo -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE \| sed 'y%.=/+- %___p__%'`
	4037
	4038	{ echo "$as_me:$LINENO: checking whether $CC supports -Werror" >&5
	4039	echo $ECHO_N "checking whether $CC supports -Werror... $ECHO_C" >&6; }
	4040	cache=`echo Werror \| sed 'y%.=/+-%___p_%'`
	4041	if { as_var=cv_prog_cc_flag_$cache; eval "test \"\${$as_var+set}\" = set"; }; then
	4042	echo $ECHO_N "(cached) $ECHO_C" >&6
	4043	else
	4044
	4045	echo 'void f(){}' >conftest.c
	4046	if test -z "`$CC -Werror -c conftest.c 2>&1`"; then
	4047	eval "cv_prog_cc_flag_$cache=yes"
	4048	else
	4049	eval "cv_prog_cc_flag_$cache=no"
	4050	fi
	4051	rm -f conftest*
	4052
	4053	fi
	4054
	4055	if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
	4056	{ echo "$as_me:$LINENO: result: yes" >&5
	4057	echo "${ECHO_T}yes" >&6; }
	4058	:
	4059	ERRFLAG="-Werror"
	4060	else
	4061	{ echo "$as_me:$LINENO: result: no" >&5
	4062	echo "${ECHO_T}no" >&6; }
	4063	:
	4064	ERRFLAG="-errwarn"
	4065	fi
	4066
	4067
	4068
	4069	{ echo "$as_me:$LINENO: checking whether $CC supports -Wall" >&5
	4070	echo $ECHO_N "checking whether $CC supports -Wall... $ECHO_C" >&6; }
	4071	cache=`echo Wall \| sed 'y%.=/+-%___p_%'`
	4072	if { as_var=cv_prog_cc_flag_$cache; eval "test \"\${$as_var+set}\" = set"; }; then
	4073	echo $ECHO_N "(cached) $ECHO_C" >&6
	4074	else
	4075
	4076	echo 'void f(){}' >conftest.c
	4077	if test -z "`$CC -Wall -c conftest.c 2>&1`"; then
	4078	eval "cv_prog_cc_flag_$cache=yes"
	4079	else
	4080	eval "cv_prog_cc_flag_$cache=no"
	4081	fi
	4082	rm -f conftest*
	4083
	4084	fi
	4085
	4086	if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
	4087	{ echo "$as_me:$LINENO: result: yes" >&5
	4088	echo "${ECHO_T}yes" >&6; }
	4089	:
	4090	ERRFLAG="$ERRFLAG -Wall"
	4091	else
	4092	{ echo "$as_me:$LINENO: result: no" >&5
	4093	echo "${ECHO_T}no" >&6; }
	4094	:
	4095	ERRFLAG="$ERRFLAG -errfmt"
	4096	fi
	4097
	4098
	4099
	4100
	4101
	4102	{ echo "$as_me:$LINENO: checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC" >&5
	4103	echo $ECHO_N "checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC... $ECHO_C" >&6; }
	4104	cache=`echo $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE \| sed 'y%.=/+- %___p__%'`
3952	4105	if { as_var=cv_prog_cc_flag_needed_$cache; eval "test \"\${$as_var+set}\" = set"; }; then
3953	4106	echo $ECHO_N "(cached) $ECHO_C" >&6
3954	4107	else

3975	4128	time_t time = 0;
3976	4129	char *buf = NULL;
3977	4130	const char* str = NULL;
	4131	struct msghdr msg;
	4132	msg.msg_control = 0;
3978	4133	t = ctime_r(&time, buf);
3979	4134	tv.tv_usec = 10;
3980	4135	srandom(32);

3985	4140	}
3986	4141	' > conftest.c
3987	4142	echo 'void f(){}' >>conftest.c
3988		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	4143	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
3989	4144	eval "cv_prog_cc_flag_needed_$cache=no"
3990	4145	else
3991	4146
3992		if test -z "`$CC $CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE -Werror -Wall -c conftest.c 2>&1`"; then
	4147	if test -z "`$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1`"; then
3993	4148	eval "cv_prog_cc_flag_needed_$cache=yes"
3994	4149	else
3995	4150	eval "cv_prog_cc_flag_needed_$cache=fail"
3996	4151	#echo 'Test with flag fails too!'
3997	4152	#cat conftest.c
3998		#echo "$CC $CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE -Werror -Wall -c conftest.c 2>&1"
3999		#echo `$CC $CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE -Werror -Wall -c conftest.c`
	4153	#echo "$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1"
	4154	#echo `$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1`
4000	4155	#exit 1
4001	4156	fi
4002	4157

4009	4164	{ echo "$as_me:$LINENO: result: yes" >&5
4010	4165	echo "${ECHO_T}yes" >&6; }
4011	4166	:
4012		CFLAGS="$CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"
	4167	CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"
4013	4168	else
4014	4169	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
4015	4170	{ echo "$as_me:$LINENO: result: no" >&5
4016	4171	echo "${ECHO_T}no" >&6; }
	4172	#echo 'Test with flag is no!'
	4173	#cat conftest.c
	4174	#echo "$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1"
	4175	#echo `$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1`
	4176	#exit 1
4017	4177	:
4018	4178
4019	4179	else

4027	4187
4028	4188
4029	4189
4030		{ echo "$as_me:$LINENO: checking whether we need -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC" >&5
4031		echo $ECHO_N "checking whether we need -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC... $ECHO_C" >&6; }
4032		cache=`echo -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE \| sed 'y%.=/+- %___p__%'`
	4190
	4191	{ echo "$as_me:$LINENO: checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC" >&5
	4192	echo $ECHO_N "checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC... $ECHO_C" >&6; }
	4193	cache=`echo $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE \| sed 'y%.=/+- %___p__%'`
4033	4194	if { as_var=cv_prog_cc_flag_needed_$cache; eval "test \"\${$as_var+set}\" = set"; }; then
4034	4195	echo $ECHO_N "(cached) $ECHO_C" >&6
4035	4196	else

4056	4217	time_t time = 0;
4057	4218	char *buf = NULL;
4058	4219	const char* str = NULL;
	4220	struct msghdr msg;
	4221	msg.msg_control = 0;
4059	4222	t = ctime_r(&time, buf);
4060	4223	tv.tv_usec = 10;
4061	4224	srandom(32);

4066	4229	}
4067	4230	' > conftest.c
4068	4231	echo 'void f(){}' >>conftest.c
4069		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	4232	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
4070	4233	eval "cv_prog_cc_flag_needed_$cache=no"
4071	4234	else
4072	4235
4073		if test -z "`$CC $CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE -Werror -Wall -c conftest.c 2>&1`"; then
	4236	if test -z "`$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1`"; then
4074	4237	eval "cv_prog_cc_flag_needed_$cache=yes"
4075	4238	else
4076	4239	eval "cv_prog_cc_flag_needed_$cache=fail"
4077	4240	#echo 'Test with flag fails too!'
4078	4241	#cat conftest.c
4079		#echo "$CC $CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE -Werror -Wall -c conftest.c 2>&1"
4080		#echo `$CC $CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE -Werror -Wall -c conftest.c`
	4242	#echo "$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1"
	4243	#echo `$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1`
4081	4244	#exit 1
4082	4245	fi
4083	4246

4090	4253	{ echo "$as_me:$LINENO: result: yes" >&5
4091	4254	echo "${ECHO_T}yes" >&6; }
4092	4255	:
4093		CFLAGS="$CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"
	4256	CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"
4094	4257	else
4095	4258	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
4096	4259	{ echo "$as_me:$LINENO: result: no" >&5
4097	4260	echo "${ECHO_T}no" >&6; }
	4261	#echo 'Test with flag is no!'
	4262	#cat conftest.c
	4263	#echo "$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1"
	4264	#echo `$CC $CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE $ERRFLAG -c conftest.c 2>&1`
	4265	#exit 1
4098	4266	:
4099	4267
4100	4268	else

4108	4276
4109	4277
4110	4278
4111		{ echo "$as_me:$LINENO: checking whether we need -std=c99 as a flag for $CC" >&5
4112		echo $ECHO_N "checking whether we need -std=c99 as a flag for $CC... $ECHO_C" >&6; }
4113		cache=`echo -std=c99 \| sed 'y%.=/+- %___p__%'`
	4279
	4280	{ echo "$as_me:$LINENO: checking whether we need $C99FLAG as a flag for $CC" >&5
	4281	echo $ECHO_N "checking whether we need $C99FLAG as a flag for $CC... $ECHO_C" >&6; }
	4282	cache=`echo $C99FLAG \| sed 'y%.=/+- %___p__%'`
4114	4283	if { as_var=cv_prog_cc_flag_needed_$cache; eval "test \"\${$as_var+set}\" = set"; }; then
4115	4284	echo $ECHO_N "(cached) $ECHO_C" >&6
4116	4285	else

4124	4293	}
4125	4294	' > conftest.c
4126	4295	echo 'void f(){}' >>conftest.c
4127		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	4296	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
4128	4297	eval "cv_prog_cc_flag_needed_$cache=no"
4129	4298	else
4130	4299
4131		if test -z "`$CC $CFLAGS -std=c99 -Werror -Wall -c conftest.c 2>&1`"; then
	4300	if test -z "`$CC $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1`"; then
4132	4301	eval "cv_prog_cc_flag_needed_$cache=yes"
4133	4302	else
4134	4303	eval "cv_prog_cc_flag_needed_$cache=fail"
4135	4304	#echo 'Test with flag fails too!'
4136	4305	#cat conftest.c
4137		#echo "$CC $CFLAGS -std=c99 -Werror -Wall -c conftest.c 2>&1"
4138		#echo `$CC $CFLAGS -std=c99 -Werror -Wall -c conftest.c`
	4306	#echo "$CC $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1"
	4307	#echo `$CC $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1`
4139	4308	#exit 1
4140	4309	fi
4141	4310

4148	4317	{ echo "$as_me:$LINENO: result: yes" >&5
4149	4318	echo "${ECHO_T}yes" >&6; }
4150	4319	:
4151		CFLAGS="$CFLAGS -std=c99"
	4320	CFLAGS="$CFLAGS $C99FLAG"
4152	4321	else
4153	4322	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
4154	4323	{ echo "$as_me:$LINENO: result: no" >&5
4155	4324	echo "${ECHO_T}no" >&6; }
	4325	#echo 'Test with flag is no!'
	4326	#cat conftest.c
	4327	#echo "$CC $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1"
	4328	#echo `$CC $CFLAGS $C99FLAG $ERRFLAG -c conftest.c 2>&1`
	4329	#exit 1
4156	4330	:
4157	4331
4158	4332	else

4162	4336
4163	4337	fi
4164	4338	fi
	4339
4165	4340
4166	4341
4167	4342

4183	4358	}
4184	4359	' > conftest.c
4185	4360	echo 'void f(){}' >>conftest.c
4186		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	4361	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
4187	4362	eval "cv_prog_cc_flag_needed_$cache=no"
4188	4363	else
4189	4364
4190		if test -z "`$CC $CFLAGS -D_BSD_SOURCE -Werror -Wall -c conftest.c 2>&1`"; then
	4365	if test -z "`$CC $CFLAGS -D_BSD_SOURCE $ERRFLAG -c conftest.c 2>&1`"; then
4191	4366	eval "cv_prog_cc_flag_needed_$cache=yes"
4192	4367	else
4193	4368	eval "cv_prog_cc_flag_needed_$cache=fail"
4194	4369	#echo 'Test with flag fails too!'
4195	4370	#cat conftest.c
4196		#echo "$CC $CFLAGS -D_BSD_SOURCE -Werror -Wall -c conftest.c 2>&1"
4197		#echo `$CC $CFLAGS -D_BSD_SOURCE -Werror -Wall -c conftest.c`
	4371	#echo "$CC $CFLAGS -D_BSD_SOURCE $ERRFLAG -c conftest.c 2>&1"
	4372	#echo `$CC $CFLAGS -D_BSD_SOURCE $ERRFLAG -c conftest.c 2>&1`
4198	4373	#exit 1
4199	4374	fi
4200	4375

4212	4387	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
4213	4388	{ echo "$as_me:$LINENO: result: no" >&5
4214	4389	echo "${ECHO_T}no" >&6; }
	4390	#echo 'Test with flag is no!'
	4391	#cat conftest.c
	4392	#echo "$CC $CFLAGS -D_BSD_SOURCE $ERRFLAG -c conftest.c 2>&1"
	4393	#echo `$CC $CFLAGS -D_BSD_SOURCE $ERRFLAG -c conftest.c 2>&1`
	4394	#exit 1
4215	4395	:
4216	4396
4217	4397	else

4221	4401
4222	4402	fi
4223	4403	fi
	4404
4224	4405
4225	4406
4226	4407

4242	4423	}
4243	4424	' > conftest.c
4244	4425	echo 'void f(){}' >>conftest.c
4245		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	4426	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
4246	4427	eval "cv_prog_cc_flag_needed_$cache=no"
4247	4428	else
4248	4429
4249		if test -z "`$CC $CFLAGS -D_GNU_SOURCE -Werror -Wall -c conftest.c 2>&1`"; then
	4430	if test -z "`$CC $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1`"; then
4250	4431	eval "cv_prog_cc_flag_needed_$cache=yes"
4251	4432	else
4252	4433	eval "cv_prog_cc_flag_needed_$cache=fail"
4253	4434	#echo 'Test with flag fails too!'
4254	4435	#cat conftest.c
4255		#echo "$CC $CFLAGS -D_GNU_SOURCE -Werror -Wall -c conftest.c 2>&1"
4256		#echo `$CC $CFLAGS -D_GNU_SOURCE -Werror -Wall -c conftest.c`
	4436	#echo "$CC $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1"
	4437	#echo `$CC $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1`
4257	4438	#exit 1
4258	4439	fi
4259	4440

4271	4452	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
4272	4453	{ echo "$as_me:$LINENO: result: no" >&5
4273	4454	echo "${ECHO_T}no" >&6; }
	4455	#echo 'Test with flag is no!'
	4456	#cat conftest.c
	4457	#echo "$CC $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1"
	4458	#echo `$CC $CFLAGS -D_GNU_SOURCE $ERRFLAG -c conftest.c 2>&1`
	4459	#exit 1
4274	4460	:
4275	4461
4276	4462	else

4280	4466
4281	4467	fi
4282	4468	fi
	4469
	4470
	4471	# check again for GNU_SOURCE for setresgid. May fail if setresgid
	4472	# is not available at all. -D_FRSRESGID is to make this check unique.
	4473	# otherwise we would get the previous cached result.
	4474
	4475
	4476
	4477	{ echo "$as_me:$LINENO: checking whether we need -D_GNU_SOURCE -D_FRSRESGID as a flag for $CC" >&5
	4478	echo $ECHO_N "checking whether we need -D_GNU_SOURCE -D_FRSRESGID as a flag for $CC... $ECHO_C" >&6; }
	4479	cache=`echo -D_GNU_SOURCE -D_FRSRESGID \| sed 'y%.=/+- %___p__%'`
	4480	if { as_var=cv_prog_cc_flag_needed_$cache; eval "test \"\${$as_var+set}\" = set"; }; then
	4481	echo $ECHO_N "(cached) $ECHO_C" >&6
	4482	else
	4483
	4484	echo '
	4485	#include <unistd.h>
	4486
	4487	int test() {
	4488	int a = setresgid(0,0,0);
	4489	a = setresuid(0,0,0);
	4490	return a;
	4491	}
	4492	' > conftest.c
	4493	echo 'void f(){}' >>conftest.c
	4494	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
	4495	eval "cv_prog_cc_flag_needed_$cache=no"
	4496	else
	4497
	4498	if test -z "`$CC $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1`"; then
	4499	eval "cv_prog_cc_flag_needed_$cache=yes"
	4500	else
	4501	eval "cv_prog_cc_flag_needed_$cache=fail"
	4502	#echo 'Test with flag fails too!'
	4503	#cat conftest.c
	4504	#echo "$CC $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1"
	4505	#echo `$CC $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1`
	4506	#exit 1
	4507	fi
	4508
	4509	fi
	4510	rm -f conftest
	4511
	4512	fi
	4513
	4514	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
	4515	{ echo "$as_me:$LINENO: result: yes" >&5
	4516	echo "${ECHO_T}yes" >&6; }
	4517	:
	4518	CFLAGS="$CFLAGS -D_GNU_SOURCE"
	4519	else
	4520	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
	4521	{ echo "$as_me:$LINENO: result: no" >&5
	4522	echo "${ECHO_T}no" >&6; }
	4523	#echo 'Test with flag is no!'
	4524	#cat conftest.c
	4525	#echo "$CC $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1"
	4526	#echo `$CC $CFLAGS -D_GNU_SOURCE -D_FRSRESGID $ERRFLAG -c conftest.c 2>&1`
	4527	#exit 1
	4528	:
	4529
	4530	else
	4531	{ echo "$as_me:$LINENO: result: failed" >&5
	4532	echo "${ECHO_T}failed" >&6; }
	4533	:
	4534
	4535	fi
	4536	fi
	4537
4283	4538
4284	4539
4285	4540

4310	4565	}
4311	4566	' > conftest.c
4312	4567	echo 'void f(){}' >>conftest.c
4313		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	4568	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
4314	4569	eval "cv_prog_cc_flag_needed_$cache=no"
4315	4570	else
4316	4571
4317		if test -z "`$CC $CFLAGS -D_POSIX_C_SOURCE=200112 -Werror -Wall -c conftest.c 2>&1`"; then
	4572	if test -z "`$CC $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1`"; then
4318	4573	eval "cv_prog_cc_flag_needed_$cache=yes"
4319	4574	else
4320	4575	eval "cv_prog_cc_flag_needed_$cache=fail"
4321	4576	#echo 'Test with flag fails too!'
4322	4577	#cat conftest.c
4323		#echo "$CC $CFLAGS -D_POSIX_C_SOURCE=200112 -Werror -Wall -c conftest.c 2>&1"
4324		#echo `$CC $CFLAGS -D_POSIX_C_SOURCE=200112 -Werror -Wall -c conftest.c`
	4578	#echo "$CC $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1"
	4579	#echo `$CC $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1`
4325	4580	#exit 1
4326	4581	fi
4327	4582

4339	4594	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
4340	4595	{ echo "$as_me:$LINENO: result: no" >&5
4341	4596	echo "${ECHO_T}no" >&6; }
	4597	#echo 'Test with flag is no!'
	4598	#cat conftest.c
	4599	#echo "$CC $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1"
	4600	#echo `$CC $CFLAGS -D_POSIX_C_SOURCE=200112 $ERRFLAG -c conftest.c 2>&1`
	4601	#exit 1
4342	4602	:
4343	4603
4344	4604	else

4348	4608
4349	4609	fi
4350	4610	fi
	4611
4351	4612
4352	4613
4353	4614

4384	4645	}
4385	4646	' > conftest.c
4386	4647	echo 'void f(){}' >>conftest.c
4387		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	4648	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
4388	4649	eval "cv_prog_cc_flag_needed_$cache=no"
4389	4650	else
4390	4651
4391		if test -z "`$CC $CFLAGS -D__EXTENSIONS__ -Werror -Wall -c conftest.c 2>&1`"; then
	4652	if test -z "`$CC $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1`"; then
4392	4653	eval "cv_prog_cc_flag_needed_$cache=yes"
4393	4654	else
4394	4655	eval "cv_prog_cc_flag_needed_$cache=fail"
4395	4656	#echo 'Test with flag fails too!'
4396	4657	#cat conftest.c
4397		#echo "$CC $CFLAGS -D__EXTENSIONS__ -Werror -Wall -c conftest.c 2>&1"
4398		#echo `$CC $CFLAGS -D__EXTENSIONS__ -Werror -Wall -c conftest.c`
	4658	#echo "$CC $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1"
	4659	#echo `$CC $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1`
4399	4660	#exit 1
4400	4661	fi
4401	4662

4413	4674	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
4414	4675	{ echo "$as_me:$LINENO: result: no" >&5
4415	4676	echo "${ECHO_T}no" >&6; }
	4677	#echo 'Test with flag is no!'
	4678	#cat conftest.c
	4679	#echo "$CC $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1"
	4680	#echo `$CC $CFLAGS -D__EXTENSIONS__ $ERRFLAG -c conftest.c 2>&1`
	4681	#exit 1
4416	4682	:
4417	4683
4418	4684	else

5927	6193	;;
5928	6194	--irix6*)
5929	6195	# Find out which ABI we are using.
5930		echo '#line 5931 "configure"' > conftest.$ac_ext
	6196	echo '#line 6197 "configure"' > conftest.$ac_ext
5931	6197	if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
5932	6198	(eval $ac_compile) 2>&5
5933	6199	ac_status=$?

7241	7507	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
7242	7508	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
7243	7509	-e 's:$: $lt_compiler_flag:'`
7244		(eval echo "\"\$as_me:7245: $lt_compile\"" >&5)
	7510	(eval echo "\"\$as_me:7511: $lt_compile\"" >&5)
7245	7511	(eval "$lt_compile" 2>conftest.err)
7246	7512	ac_status=$?
7247	7513	cat conftest.err >&5
7248		echo "$as_me:7249: \$? = $ac_status" >&5
	7514	echo "$as_me:7515: \$? = $ac_status" >&5
7249	7515	if (exit $ac_status) && test -s "$ac_outfile"; then
7250	7516	# The compiler can only warn and ignore the option if not recognized
7251	7517	# So say no if there are warnings other than the usual output.

7531	7797	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
7532	7798	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
7533	7799	-e 's:$: $lt_compiler_flag:'`
7534		(eval echo "\"\$as_me:7535: $lt_compile\"" >&5)
	7800	(eval echo "\"\$as_me:7801: $lt_compile\"" >&5)
7535	7801	(eval "$lt_compile" 2>conftest.err)
7536	7802	ac_status=$?
7537	7803	cat conftest.err >&5
7538		echo "$as_me:7539: \$? = $ac_status" >&5
	7804	echo "$as_me:7805: \$? = $ac_status" >&5
7539	7805	if (exit $ac_status) && test -s "$ac_outfile"; then
7540	7806	# The compiler can only warn and ignore the option if not recognized
7541	7807	# So say no if there are warnings other than the usual output.

7635	7901	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
7636	7902	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
7637	7903	-e 's:$: $lt_compiler_flag:'`
7638		(eval echo "\"\$as_me:7639: $lt_compile\"" >&5)
	7904	(eval echo "\"\$as_me:7905: $lt_compile\"" >&5)
7639	7905	(eval "$lt_compile" 2>out/conftest.err)
7640	7906	ac_status=$?
7641	7907	cat out/conftest.err >&5
7642		echo "$as_me:7643: \$? = $ac_status" >&5
	7908	echo "$as_me:7909: \$? = $ac_status" >&5
7643	7909	if (exit $ac_status) && test -s out/conftest2.$ac_objext
7644	7910	then
7645	7911	# The compiler can only warn and ignore the option if not recognized

9986	10252	lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
9987	10253	lt_status=$lt_dlunknown
9988	10254	cat > conftest.$ac_ext <<EOF
9989		#line 9990 "configure"
	10255	#line 10256 "configure"
9990	10256	#include "confdefs.h"
9991	10257
9992	10258	#if HAVE_DLFCN_H

10086	10352	lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
10087	10353	lt_status=$lt_dlunknown
10088	10354	cat > conftest.$ac_ext <<EOF
10089		#line 10090 "configure"
	10355	#line 10356 "configure"
10090	10356	#include "confdefs.h"
10091	10357
10092	10358	#if HAVE_DLFCN_H

12506	12772	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
12507	12773	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
12508	12774	-e 's:$: $lt_compiler_flag:'`
12509		(eval echo "\"\$as_me:12510: $lt_compile\"" >&5)
	12775	(eval echo "\"\$as_me:12776: $lt_compile\"" >&5)
12510	12776	(eval "$lt_compile" 2>conftest.err)
12511	12777	ac_status=$?
12512	12778	cat conftest.err >&5
12513		echo "$as_me:12514: \$? = $ac_status" >&5
	12779	echo "$as_me:12780: \$? = $ac_status" >&5
12514	12780	if (exit $ac_status) && test -s "$ac_outfile"; then
12515	12781	# The compiler can only warn and ignore the option if not recognized
12516	12782	# So say no if there are warnings other than the usual output.

12610	12876	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
12611	12877	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
12612	12878	-e 's:$: $lt_compiler_flag:'`
12613		(eval echo "\"\$as_me:12614: $lt_compile\"" >&5)
	12879	(eval echo "\"\$as_me:12880: $lt_compile\"" >&5)
12614	12880	(eval "$lt_compile" 2>out/conftest.err)
12615	12881	ac_status=$?
12616	12882	cat out/conftest.err >&5
12617		echo "$as_me:12618: \$? = $ac_status" >&5
	12883	echo "$as_me:12884: \$? = $ac_status" >&5
12618	12884	if (exit $ac_status) && test -s out/conftest2.$ac_objext
12619	12885	then
12620	12886	# The compiler can only warn and ignore the option if not recognized

14174	14440	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
14175	14441	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
14176	14442	-e 's:$: $lt_compiler_flag:'`
14177		(eval echo "\"\$as_me:14178: $lt_compile\"" >&5)
	14443	(eval echo "\"\$as_me:14444: $lt_compile\"" >&5)
14178	14444	(eval "$lt_compile" 2>conftest.err)
14179	14445	ac_status=$?
14180	14446	cat conftest.err >&5
14181		echo "$as_me:14182: \$? = $ac_status" >&5
	14447	echo "$as_me:14448: \$? = $ac_status" >&5
14182	14448	if (exit $ac_status) && test -s "$ac_outfile"; then
14183	14449	# The compiler can only warn and ignore the option if not recognized
14184	14450	# So say no if there are warnings other than the usual output.

14278	14544	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
14279	14545	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
14280	14546	-e 's:$: $lt_compiler_flag:'`
14281		(eval echo "\"\$as_me:14282: $lt_compile\"" >&5)
	14547	(eval echo "\"\$as_me:14548: $lt_compile\"" >&5)
14282	14548	(eval "$lt_compile" 2>out/conftest.err)
14283	14549	ac_status=$?
14284	14550	cat out/conftest.err >&5
14285		echo "$as_me:14286: \$? = $ac_status" >&5
	14551	echo "$as_me:14552: \$? = $ac_status" >&5
14286	14552	if (exit $ac_status) && test -s out/conftest2.$ac_objext
14287	14553	then
14288	14554	# The compiler can only warn and ignore the option if not recognized

16467	16733	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
16468	16734	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
16469	16735	-e 's:$: $lt_compiler_flag:'`
16470		(eval echo "\"\$as_me:16471: $lt_compile\"" >&5)
	16736	(eval echo "\"\$as_me:16737: $lt_compile\"" >&5)
16471	16737	(eval "$lt_compile" 2>conftest.err)
16472	16738	ac_status=$?
16473	16739	cat conftest.err >&5
16474		echo "$as_me:16475: \$? = $ac_status" >&5
	16740	echo "$as_me:16741: \$? = $ac_status" >&5
16475	16741	if (exit $ac_status) && test -s "$ac_outfile"; then
16476	16742	# The compiler can only warn and ignore the option if not recognized
16477	16743	# So say no if there are warnings other than the usual output.

16757	17023	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
16758	17024	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
16759	17025	-e 's:$: $lt_compiler_flag:'`
16760		(eval echo "\"\$as_me:16761: $lt_compile\"" >&5)
	17026	(eval echo "\"\$as_me:17027: $lt_compile\"" >&5)
16761	17027	(eval "$lt_compile" 2>conftest.err)
16762	17028	ac_status=$?
16763	17029	cat conftest.err >&5
16764		echo "$as_me:16765: \$? = $ac_status" >&5
	17030	echo "$as_me:17031: \$? = $ac_status" >&5
16765	17031	if (exit $ac_status) && test -s "$ac_outfile"; then
16766	17032	# The compiler can only warn and ignore the option if not recognized
16767	17033	# So say no if there are warnings other than the usual output.

16861	17127	-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
16862	17128	-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
16863	17129	-e 's:$: $lt_compiler_flag:'`
16864		(eval echo "\"\$as_me:16865: $lt_compile\"" >&5)
	17130	(eval echo "\"\$as_me:17131: $lt_compile\"" >&5)
16865	17131	(eval "$lt_compile" 2>out/conftest.err)
16866	17132	ac_status=$?
16867	17133	cat out/conftest.err >&5
16868		echo "$as_me:16869: \$? = $ac_status" >&5
	17134	echo "$as_me:17135: \$? = $ac_status" >&5
16869	17135	if (exit $ac_status) && test -s out/conftest2.$ac_objext
16870	17136	then
16871	17137	# The compiler can only warn and ignore the option if not recognized

19692	19958
19693	19959
19694	19960
19695		for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h
	19961
	19962	for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h
19696	19963	do
19697	19964	as_ac_Header=`echo "ac_cv_header_$ac_header" \| $as_tr_sh`
19698	19965	{ echo "$as_me:$LINENO: checking for $ac_header" >&5

20922	21189
20923	21190	fi
20924	21191
	21192	if test x_$withval = x_no; then
	21193	{ { echo "$as_me:$LINENO: error: Need SSL library to do digital signature cryptography" >&5
	21194	echo "$as_me: error: Need SSL library to do digital signature cryptography" >&2;}
	21195	{ (exit 1); exit 1; }; }
	21196	fi
20925	21197	if test x_$withval != x_no; then
20926	21198	{ echo "$as_me:$LINENO: checking for SSL" >&5
20927	21199	echo $ECHO_N "checking for SSL... $ECHO_C" >&6; }

20956	21228
20957	21229	{ echo "$as_me:$LINENO: checking for HMAC_CTX_init in -lcrypto" >&5
20958	21230	echo $ECHO_N "checking for HMAC_CTX_init in -lcrypto... $ECHO_C" >&6; }
20959		ORIGLIBS="$LIBS"
20960	21231	LIBS="$LIBS -lcrypto"
20961	21232	cat >conftest.$ac_ext <<_ACEOF
20962	21233	/* confdefs.h. */

21257	21528
21258	21529	done
21259	21530
	21531
	21532
	21533
	21534	for ac_func in EVP_sha1 EVP_sha256 EVP_sha512
	21535	do
	21536	as_ac_var=`echo "ac_cv_func_$ac_func" \| $as_tr_sh`
	21537	{ echo "$as_me:$LINENO: checking for $ac_func" >&5
	21538	echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
	21539	if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
	21540	echo $ECHO_N "(cached) $ECHO_C" >&6
	21541	else
	21542	cat >conftest.$ac_ext <<_ACEOF
	21543	/* confdefs.h. */
	21544	_ACEOF
	21545	cat confdefs.h >>conftest.$ac_ext
	21546	cat >>conftest.$ac_ext <<_ACEOF
	21547	/* end confdefs.h. */
	21548	/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
	21549	For example, HP-UX 11i <limits.h> declares gettimeofday. */
	21550	#define $ac_func innocuous_$ac_func
	21551
	21552	/* System header to define __stub macros and hopefully few prototypes,
	21553	which can conflict with char $ac_func (); below.
	21554	Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
	21555	<limits.h> exists even on freestanding compilers. */
	21556
	21557	#ifdef __STDC__
	21558	# include <limits.h>
	21559	#else
	21560	# include <assert.h>
	21561	#endif
	21562
	21563	#undef $ac_func
	21564
	21565	/* Override any GCC internal prototype to avoid an error.
	21566	Use char because int might match the return type of a GCC
	21567	builtin and then its argument prototype would still apply. */
	21568	#ifdef __cplusplus
	21569	extern "C"
	21570	#endif
	21571	char $ac_func ();
	21572	/* The GNU C library defines this for functions which it implements
	21573	to always fail with ENOSYS. Some functions are actually named
	21574	something starting with __ and the normal name is an alias. */
	21575	#if defined __stub_$ac_func \|\| defined __stub___$ac_func
	21576	choke me
	21577	#endif
	21578
	21579	int
	21580	main ()
	21581	{
	21582	return $ac_func ();
	21583	;
	21584	return 0;
	21585	}
	21586	_ACEOF
	21587	rm -f conftest.$ac_objext conftest$ac_exeext
	21588	if { (ac_try="$ac_link"
	21589	case "(($ac_try" in
	21590	\" \| \` \| \\) ac_try_echo=\$ac_try;;
	21591	*) ac_try_echo=$ac_try;;
	21592	esac
	21593	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
	21594	(eval "$ac_link") 2>conftest.er1
	21595	ac_status=$?
	21596	grep -v '^ *+' conftest.er1 >conftest.err
	21597	rm -f conftest.er1
	21598	cat conftest.err >&5
	21599	echo "$as_me:$LINENO: \$? = $ac_status" >&5
	21600	(exit $ac_status); } && {
	21601	test -z "$ac_c_werror_flag" \|\|
	21602	test ! -s conftest.err
	21603	} && test -s conftest$ac_exeext &&
	21604	$as_test_x conftest$ac_exeext; then
	21605	eval "$as_ac_var=yes"
	21606	else
	21607	echo "$as_me: failed program was:" >&5
	21608	sed 's/^/\| /' conftest.$ac_ext >&5
	21609
	21610	eval "$as_ac_var=no"
	21611	fi
	21612
	21613	rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
	21614	conftest$ac_exeext conftest.$ac_ext
	21615	fi
	21616	ac_res=`eval echo '${'$as_ac_var'}'`
	21617	{ echo "$as_me:$LINENO: result: $ac_res" >&5
	21618	echo "${ECHO_T}$ac_res" >&6; }
	21619	if test `eval echo '${'$as_ac_var'}'` = yes; then
	21620	cat >>confdefs.h <<_ACEOF
	21621	#define `echo "HAVE_$ac_func" \| $as_tr_cpp` 1
	21622	_ACEOF
	21623
	21624	fi
	21625	done
	21626
	21627
	21628	# check if libssl needs libdl
	21629	BAKLIBS="$LIBS"
	21630	LIBS="-lssl $LIBS"
	21631	{ echo "$as_me:$LINENO: checking if libssl needs libdl" >&5
	21632	echo $ECHO_N "checking if libssl needs libdl... $ECHO_C" >&6; }
	21633	cat >conftest.$ac_ext <<_ACEOF
	21634	/* confdefs.h. */
	21635	_ACEOF
	21636	cat confdefs.h >>conftest.$ac_ext
	21637	cat >>conftest.$ac_ext <<_ACEOF
	21638	/* end confdefs.h. */
	21639
	21640	/* Override any GCC internal prototype to avoid an error.
	21641	Use char because int might match the return type of a GCC
	21642	builtin and then its argument prototype would still apply. */
	21643	#ifdef __cplusplus
	21644	extern "C"
	21645	#endif
	21646	char SSL_CTX_new ();
	21647	int
	21648	main ()
	21649	{
	21650	return SSL_CTX_new ();
	21651	;
	21652	return 0;
	21653	}
	21654	_ACEOF
	21655	rm -f conftest.$ac_objext conftest$ac_exeext
	21656	if { (ac_try="$ac_link"
	21657	case "(($ac_try" in
	21658	\" \| \` \| \\) ac_try_echo=\$ac_try;;
	21659	*) ac_try_echo=$ac_try;;
	21660	esac
	21661	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
	21662	(eval "$ac_link") 2>conftest.er1
	21663	ac_status=$?
	21664	grep -v '^ *+' conftest.er1 >conftest.err
	21665	rm -f conftest.er1
	21666	cat conftest.err >&5
	21667	echo "$as_me:$LINENO: \$? = $ac_status" >&5
	21668	(exit $ac_status); } && {
	21669	test -z "$ac_c_werror_flag" \|\|
	21670	test ! -s conftest.err
	21671	} && test -s conftest$ac_exeext &&
	21672	$as_test_x conftest$ac_exeext; then
	21673
	21674	{ echo "$as_me:$LINENO: result: no" >&5
	21675	echo "${ECHO_T}no" >&6; }
	21676	LIBS="$BAKLIBS"
	21677
	21678	else
	21679	echo "$as_me: failed program was:" >&5
	21680	sed 's/^/\| /' conftest.$ac_ext >&5
	21681
	21682
	21683	{ echo "$as_me:$LINENO: result: yes" >&5
	21684	echo "${ECHO_T}yes" >&6; }
	21685	LIBS="$BAKLIBS"
	21686	{ echo "$as_me:$LINENO: checking for library containing dlopen" >&5
	21687	echo $ECHO_N "checking for library containing dlopen... $ECHO_C" >&6; }
	21688	if test "${ac_cv_search_dlopen+set}" = set; then
	21689	echo $ECHO_N "(cached) $ECHO_C" >&6
	21690	else
	21691	ac_func_search_save_LIBS=$LIBS
	21692	cat >conftest.$ac_ext <<_ACEOF
	21693	/* confdefs.h. */
	21694	_ACEOF
	21695	cat confdefs.h >>conftest.$ac_ext
	21696	cat >>conftest.$ac_ext <<_ACEOF
	21697	/* end confdefs.h. */
	21698
	21699	/* Override any GCC internal prototype to avoid an error.
	21700	Use char because int might match the return type of a GCC
	21701	builtin and then its argument prototype would still apply. */
	21702	#ifdef __cplusplus
	21703	extern "C"
	21704	#endif
	21705	char dlopen ();
	21706	int
	21707	main ()
	21708	{
	21709	return dlopen ();
	21710	;
	21711	return 0;
	21712	}
	21713	_ACEOF
	21714	for ac_lib in '' dl; do
	21715	if test -z "$ac_lib"; then
	21716	ac_res="none required"
	21717	else
	21718	ac_res=-l$ac_lib
	21719	LIBS="-l$ac_lib $ac_func_search_save_LIBS"
	21720	fi
	21721	rm -f conftest.$ac_objext conftest$ac_exeext
	21722	if { (ac_try="$ac_link"
	21723	case "(($ac_try" in
	21724	\" \| \` \| \\) ac_try_echo=\$ac_try;;
	21725	*) ac_try_echo=$ac_try;;
	21726	esac
	21727	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
	21728	(eval "$ac_link") 2>conftest.er1
	21729	ac_status=$?
	21730	grep -v '^ *+' conftest.er1 >conftest.err
	21731	rm -f conftest.er1
	21732	cat conftest.err >&5
	21733	echo "$as_me:$LINENO: \$? = $ac_status" >&5
	21734	(exit $ac_status); } && {
	21735	test -z "$ac_c_werror_flag" \|\|
	21736	test ! -s conftest.err
	21737	} && test -s conftest$ac_exeext &&
	21738	$as_test_x conftest$ac_exeext; then
	21739	ac_cv_search_dlopen=$ac_res
	21740	else
	21741	echo "$as_me: failed program was:" >&5
	21742	sed 's/^/\| /' conftest.$ac_ext >&5
	21743
	21744
	21745	fi
	21746
	21747	rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
	21748	conftest$ac_exeext
	21749	if test "${ac_cv_search_dlopen+set}" = set; then
	21750	break
	21751	fi
	21752	done
	21753	if test "${ac_cv_search_dlopen+set}" = set; then
	21754	:
	21755	else
	21756	ac_cv_search_dlopen=no
	21757	fi
	21758	rm conftest.$ac_ext
	21759	LIBS=$ac_func_search_save_LIBS
	21760	fi
	21761	{ echo "$as_me:$LINENO: result: $ac_cv_search_dlopen" >&5
	21762	echo "${ECHO_T}$ac_cv_search_dlopen" >&6; }
	21763	ac_res=$ac_cv_search_dlopen
	21764	if test "$ac_res" != no; then
	21765	test "$ac_res" = "none required" \|\| LIBS="$ac_res $LIBS"
	21766
	21767	fi
	21768
	21769
	21770	fi
	21771
	21772	rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
	21773	conftest$ac_exeext conftest.$ac_ext
21260	21774
21261	21775	# check for thread library.
21262	21776

22922	23436	fi
22923	23437	done
22924	23438	# only in libevent 1.4.3 and later
	23439
	23440	for ac_func in ev_loop
	23441	do
	23442	as_ac_var=`echo "ac_cv_func_$ac_func" \| $as_tr_sh`
	23443	{ echo "$as_me:$LINENO: checking for $ac_func" >&5
	23444	echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
	23445	if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
	23446	echo $ECHO_N "(cached) $ECHO_C" >&6
	23447	else
	23448	cat >conftest.$ac_ext <<_ACEOF
	23449	/* confdefs.h. */
	23450	_ACEOF
	23451	cat confdefs.h >>conftest.$ac_ext
	23452	cat >>conftest.$ac_ext <<_ACEOF
	23453	/* end confdefs.h. */
	23454	/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
	23455	For example, HP-UX 11i <limits.h> declares gettimeofday. */
	23456	#define $ac_func innocuous_$ac_func
	23457
	23458	/* System header to define __stub macros and hopefully few prototypes,
	23459	which can conflict with char $ac_func (); below.
	23460	Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
	23461	<limits.h> exists even on freestanding compilers. */
	23462
	23463	#ifdef __STDC__
	23464	# include <limits.h>
	23465	#else
	23466	# include <assert.h>
	23467	#endif
	23468
	23469	#undef $ac_func
	23470
	23471	/* Override any GCC internal prototype to avoid an error.
	23472	Use char because int might match the return type of a GCC
	23473	builtin and then its argument prototype would still apply. */
	23474	#ifdef __cplusplus
	23475	extern "C"
	23476	#endif
	23477	char $ac_func ();
	23478	/* The GNU C library defines this for functions which it implements
	23479	to always fail with ENOSYS. Some functions are actually named
	23480	something starting with __ and the normal name is an alias. */
	23481	#if defined __stub_$ac_func \|\| defined __stub___$ac_func
	23482	choke me
	23483	#endif
	23484
	23485	int
	23486	main ()
	23487	{
	23488	return $ac_func ();
	23489	;
	23490	return 0;
	23491	}
	23492	_ACEOF
	23493	rm -f conftest.$ac_objext conftest$ac_exeext
	23494	if { (ac_try="$ac_link"
	23495	case "(($ac_try" in
	23496	\" \| \` \| \\) ac_try_echo=\$ac_try;;
	23497	*) ac_try_echo=$ac_try;;
	23498	esac
	23499	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
	23500	(eval "$ac_link") 2>conftest.er1
	23501	ac_status=$?
	23502	grep -v '^ *+' conftest.er1 >conftest.err
	23503	rm -f conftest.er1
	23504	cat conftest.err >&5
	23505	echo "$as_me:$LINENO: \$? = $ac_status" >&5
	23506	(exit $ac_status); } && {
	23507	test -z "$ac_c_werror_flag" \|\|
	23508	test ! -s conftest.err
	23509	} && test -s conftest$ac_exeext &&
	23510	$as_test_x conftest$ac_exeext; then
	23511	eval "$as_ac_var=yes"
	23512	else
	23513	echo "$as_me: failed program was:" >&5
	23514	sed 's/^/\| /' conftest.$ac_ext >&5
	23515
	23516	eval "$as_ac_var=no"
	23517	fi
	23518
	23519	rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
	23520	conftest$ac_exeext conftest.$ac_ext
	23521	fi
	23522	ac_res=`eval echo '${'$as_ac_var'}'`
	23523	{ echo "$as_me:$LINENO: result: $ac_res" >&5
	23524	echo "${ECHO_T}$ac_res" >&6; }
	23525	if test `eval echo '${'$as_ac_var'}'` = yes; then
	23526	cat >>confdefs.h <<_ACEOF
	23527	#define `echo "HAVE_$ac_func" \| $as_tr_cpp` 1
	23528	_ACEOF
	23529
	23530	fi
	23531	done
	23532	# only in libev. (tested on 3.51)
22925	23533	if test -n "$BAK_LDFLAGS"; then
22926	23534	LDFLAGS="$BAK_LDFLAGS"
22927	23535	fi

24459	25067
24460	25068
24461	25069
	25070
24462	25071	{ echo "$as_me:$LINENO: checking whether we need -D_LARGEFILE_SOURCE=1 as a flag for $CC" >&5
24463	25072	echo $ECHO_N "checking whether we need -D_LARGEFILE_SOURCE=1 as a flag for $CC... $ECHO_C" >&6; }
24464	25073	cache=`echo -D_LARGEFILE_SOURCE=1 \| sed 'y%.=/+- %___p__%'`

24474	25083	}
24475	25084	' > conftest.c
24476	25085	echo 'void f(){}' >>conftest.c
24477		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	25086	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
24478	25087	eval "cv_prog_cc_flag_needed_$cache=no"
24479	25088	else
24480	25089
24481		if test -z "`$CC $CFLAGS -D_LARGEFILE_SOURCE=1 -Werror -Wall -c conftest.c 2>&1`"; then
	25090	if test -z "`$CC $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1`"; then
24482	25091	eval "cv_prog_cc_flag_needed_$cache=yes"
24483	25092	else
24484	25093	eval "cv_prog_cc_flag_needed_$cache=fail"
24485	25094	#echo 'Test with flag fails too!'
24486	25095	#cat conftest.c
24487		#echo "$CC $CFLAGS -D_LARGEFILE_SOURCE=1 -Werror -Wall -c conftest.c 2>&1"
24488		#echo `$CC $CFLAGS -D_LARGEFILE_SOURCE=1 -Werror -Wall -c conftest.c`
	25096	#echo "$CC $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1"
	25097	#echo `$CC $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1`
24489	25098	#exit 1
24490	25099	fi
24491	25100

24503	25112	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
24504	25113	{ echo "$as_me:$LINENO: result: no" >&5
24505	25114	echo "${ECHO_T}no" >&6; }
	25115	#echo 'Test with flag is no!'
	25116	#cat conftest.c
	25117	#echo "$CC $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1"
	25118	#echo `$CC $CFLAGS -D_LARGEFILE_SOURCE=1 $ERRFLAG -c conftest.c 2>&1`
	25119	#exit 1
24506	25120	:
24507	25121
24508	25122	else

24661	25275
24662	25276
24663	25277
24664		for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev
	25278
	25279
	25280
	25281
	25282
	25283	for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob
24665	25284	do
24666	25285	as_ac_var=`echo "ac_cv_func_$ac_func" \| $as_tr_sh`
24667	25286	{ echo "$as_me:$LINENO: checking for $ac_func" >&5

24755	25374	done
24756	25375
24757	25376
	25377	# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
	25378	if echo $build_os \| grep darwin8 > /dev/null; then
	25379
	25380	cat >>confdefs.h <<\_ACEOF
	25381	#define DARWIN_BROKEN_SETREUID 1
	25382	_ACEOF
	25383
	25384	fi
	25385
	25386	# check if select and nonblocking sockets actually work.
	25387	{ echo "$as_me:$LINENO: checking if nonblocking sockets work" >&5
	25388	echo $ECHO_N "checking if nonblocking sockets work... $ECHO_C" >&6; }
	25389	if test "$cross_compiling" = yes; then
	25390
	25391	{ echo "$as_me:$LINENO: result: crosscompile(yes)" >&5
	25392	echo "${ECHO_T}crosscompile(yes)" >&6; }
	25393
	25394	else
	25395	cat >conftest.$ac_ext <<_ACEOF
	25396	/* confdefs.h. */
	25397	_ACEOF
	25398	cat confdefs.h >>conftest.$ac_ext
	25399	cat >>conftest.$ac_ext <<_ACEOF
	25400	/* end confdefs.h. */
	25401
	25402	#include <stdio.h>
	25403	#include <string.h>
	25404	#include <stdlib.h>
	25405	#include <fcntl.h>
	25406	#include <errno.h>
	25407	#ifdef HAVE_SYS_TYPES_H
	25408	#include <sys/types.h>
	25409	#endif
	25410	#ifdef HAVE_SYS_SOCKET_H
	25411	#include <sys/socket.h>
	25412	#endif
	25413	#ifdef HAVE_NETINET_IN_H
	25414	#include <netinet/in.h>
	25415	#endif
	25416	#ifdef HAVE_ARPA_INET_H
	25417	#include <arpa/inet.h>
	25418	#endif
	25419	#ifdef HAVE_UNISTD_H
	25420	#include <unistd.h>
	25421	#endif
	25422	#ifdef HAVE_TIME_H
	25423	#include <time.h>
	25424	#endif
	25425
	25426	int
	25427	main ()
	25428	{
	25429
	25430	int port;
	25431	int sfd, cfd;
	25432	int num = 10;
	25433	int i, p;
	25434	struct sockaddr_in a;
	25435	/* test if select and nonblocking reads work well together */
	25436	/* open port.
	25437	fork child to send 10 messages.
	25438	select to read.
	25439	then try to nonblocking read the 10 messages
	25440	then, nonblocking read must give EAGAIN
	25441	*/
	25442
	25443	port = 12345 + (time(0)%32);
	25444	sfd = socket(PF_INET, SOCK_DGRAM, 0);
	25445	if(sfd == -1) {
	25446	perror("socket");
	25447	return 1;
	25448	}
	25449	memset(&a, 0, sizeof(a));
	25450	a.sin_family = AF_INET;
	25451	a.sin_port = htons(port);
	25452	a.sin_addr.s_addr = inet_addr("127.0.0.1");
	25453	if(bind(sfd, (struct sockaddr*)&a, sizeof(a)) < 0) {
	25454	perror("bind");
	25455	return 1;
	25456	}
	25457	if(fcntl(sfd, F_SETFL, O_NONBLOCK) == -1) {
	25458	perror("fcntl");
	25459	return 1;
	25460	}
	25461
	25462	cfd = socket(PF_INET, SOCK_DGRAM, 0);
	25463	if(cfd == -1) {
	25464	perror("client socket");
	25465	return 1;
	25466	}
	25467	a.sin_port = 0;
	25468	if(bind(cfd, (struct sockaddr*)&a, sizeof(a)) < 0) {
	25469	perror("client bind");
	25470	return 1;
	25471	}
	25472	a.sin_port = htons(port);
	25473
	25474	/* no handler, causes exit in 10 seconds */
	25475	alarm(10);
	25476
	25477	/* send and receive on the socket */
	25478	if((p=fork()) == 0) {
	25479	for(i=0; i<num; i++) {
	25480	if(sendto(cfd, &i, sizeof(i), 0,
	25481	(struct sockaddr*)&a, sizeof(a)) < 0) {
	25482	perror("sendto");
	25483	return 1;
	25484	}
	25485	}
	25486	} else {
	25487	/* parent */
	25488	fd_set rset;
	25489	int x;
	25490	if(p == -1) {
	25491	perror("fork");
	25492	return 1;
	25493	}
	25494	FD_ZERO(&rset);
	25495	FD_SET(sfd, &rset);
	25496	if(select(sfd+1, &rset, NULL, NULL, NULL) < 1) {
	25497	perror("select");
	25498	return 1;
	25499	}
	25500	i = 0;
	25501	while(i < num) {
	25502	if(recv(sfd, &x, sizeof(x), 0) != sizeof(x)) {
	25503	if(errno == EAGAIN)
	25504	continue;
	25505	perror("recv");
	25506	return 1;
	25507	}
	25508	i++;
	25509	}
	25510	/* now we want to get EAGAIN: nonblocking goodness */
	25511	errno = 0;
	25512	recv(sfd, &x, sizeof(x), 0);
	25513	if(errno != EAGAIN) {
	25514	perror("trying to recv again");
	25515	return 1;
	25516	}
	25517	/* EAGAIN encountered */
	25518	}
	25519
	25520	close(sfd);
	25521	close(cfd);
	25522
	25523	;
	25524	return 0;
	25525	}
	25526	_ACEOF
	25527	rm -f conftest$ac_exeext
	25528	if { (ac_try="$ac_link"
	25529	case "(($ac_try" in
	25530	\" \| \` \| \\) ac_try_echo=\$ac_try;;
	25531	*) ac_try_echo=$ac_try;;
	25532	esac
	25533	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
	25534	(eval "$ac_link") 2>&5
	25535	ac_status=$?
	25536	echo "$as_me:$LINENO: \$? = $ac_status" >&5
	25537	(exit $ac_status); } && { ac_try='./conftest$ac_exeext'
	25538	{ (case "(($ac_try" in
	25539	\" \| \` \| \\) ac_try_echo=\$ac_try;;
	25540	*) ac_try_echo=$ac_try;;
	25541	esac
	25542	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
	25543	(eval "$ac_try") 2>&5
	25544	ac_status=$?
	25545	echo "$as_me:$LINENO: \$? = $ac_status" >&5
	25546	(exit $ac_status); }; }; then
	25547
	25548	{ echo "$as_me:$LINENO: result: yes" >&5
	25549	echo "${ECHO_T}yes" >&6; }
	25550
	25551	else
	25552	echo "$as_me: program exited with status $ac_status" >&5
	25553	echo "$as_me: failed program was:" >&5
	25554	sed 's/^/\| /' conftest.$ac_ext >&5
	25555
	25556	( exit $ac_status )
	25557
	25558	{ echo "$as_me:$LINENO: result: no" >&5
	25559	echo "${ECHO_T}no" >&6; }
	25560
	25561	cat >>confdefs.h <<\_ACEOF
	25562	#define NONBLOCKING_IS_BROKEN 1
	25563	_ACEOF
	25564
	25565
	25566	fi
	25567	rm -f core .core core.conftest. gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
	25568	fi
	25569
	25570
	25571
24758	25572	# check mkdir
24759	25573	{ echo "$as_me:$LINENO: checking whether mkdir has one arg" >&5
24760	25574	echo $ECHO_N "checking whether mkdir has one arg... $ECHO_C" >&6; }

25597	26411
25598	26412
25599	26413
25600		for ac_func in socketpair
25601		do
25602		as_ac_var=`echo "ac_cv_func_$ac_func" \| $as_tr_sh`
25603		{ echo "$as_me:$LINENO: checking for $ac_func" >&5
25604		echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
25605		if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
25606		echo $ECHO_N "(cached) $ECHO_C" >&6
25607		else
25608		cat >conftest.$ac_ext <<_ACEOF
25609		/* confdefs.h. */
25610		_ACEOF
25611		cat confdefs.h >>conftest.$ac_ext
25612		cat >>conftest.$ac_ext <<_ACEOF
25613		/* end confdefs.h. */
25614		/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
25615		For example, HP-UX 11i <limits.h> declares gettimeofday. */
25616		#define $ac_func innocuous_$ac_func
25617
25618		/* System header to define __stub macros and hopefully few prototypes,
25619		which can conflict with char $ac_func (); below.
25620		Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
25621		<limits.h> exists even on freestanding compilers. */
25622
25623		#ifdef __STDC__
25624		# include <limits.h>
25625		#else
25626		# include <assert.h>
25627		#endif
25628
25629		#undef $ac_func
25630
25631		/* Override any GCC internal prototype to avoid an error.
25632		Use char because int might match the return type of a GCC
25633		builtin and then its argument prototype would still apply. */
25634		#ifdef __cplusplus
25635		extern "C"
25636		#endif
25637		char $ac_func ();
25638		/* The GNU C library defines this for functions which it implements
25639		to always fail with ENOSYS. Some functions are actually named
25640		something starting with __ and the normal name is an alias. */
25641		#if defined __stub_$ac_func \|\| defined __stub___$ac_func
25642		choke me
25643		#endif
25644
25645		int
25646		main ()
25647		{
25648		return $ac_func ();
25649		;
25650		return 0;
25651		}
25652		_ACEOF
25653		rm -f conftest.$ac_objext conftest$ac_exeext
25654		if { (ac_try="$ac_link"
25655		case "(($ac_try" in
25656		\" \| \` \| \\) ac_try_echo=\$ac_try;;
25657		*) ac_try_echo=$ac_try;;
25658		esac
25659		eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
25660		(eval "$ac_link") 2>conftest.er1
25661		ac_status=$?
25662		grep -v '^ *+' conftest.er1 >conftest.err
25663		rm -f conftest.er1
25664		cat conftest.err >&5
25665		echo "$as_me:$LINENO: \$? = $ac_status" >&5
25666		(exit $ac_status); } && {
25667		test -z "$ac_c_werror_flag" \|\|
25668		test ! -s conftest.err
25669		} && test -s conftest$ac_exeext &&
25670		$as_test_x conftest$ac_exeext; then
25671		eval "$as_ac_var=yes"
25672		else
25673		echo "$as_me: failed program was:" >&5
25674		sed 's/^/\| /' conftest.$ac_ext >&5
25675
25676		eval "$as_ac_var=no"
25677		fi
25678
25679		rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
25680		conftest$ac_exeext conftest.$ac_ext
25681		fi
25682		ac_res=`eval echo '${'$as_ac_var'}'`
25683		{ echo "$as_me:$LINENO: result: $ac_res" >&5
25684		echo "${ECHO_T}$ac_res" >&6; }
25685		if test `eval echo '${'$as_ac_var'}'` = yes; then
25686		cat >>confdefs.h <<_ACEOF
25687		#define `echo "HAVE_$ac_func" \| $as_tr_cpp` 1
25688		_ACEOF
25689
25690		else
25691		case " $LIBOBJS " in
25692		" $ac_func.$ac_objext " ) ;;
25693		*) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
25694		;;
25695		esac
25696
25697		fi
25698		done
25699
25700
25701	26414	# check this after all other compilation checks, since the linking of the lib
25702	26415	# may break checks after this.
25703	26416

25846	26559
25847	26560	fi
25848	26561
	26562	{ echo "$as_me:$LINENO: checking for ldns_b32_ntop_extended_hex" >&5
	26563	echo $ECHO_N "checking for ldns_b32_ntop_extended_hex... $ECHO_C" >&6; }
	26564	if test "${ac_cv_func_ldns_b32_ntop_extended_hex+set}" = set; then
	26565	echo $ECHO_N "(cached) $ECHO_C" >&6
	26566	else
	26567	cat >conftest.$ac_ext <<_ACEOF
	26568	/* confdefs.h. */
	26569	_ACEOF
	26570	cat confdefs.h >>conftest.$ac_ext
	26571	cat >>conftest.$ac_ext <<_ACEOF
	26572	/* end confdefs.h. */
	26573	/* Define ldns_b32_ntop_extended_hex to an innocuous variant, in case <limits.h> declares ldns_b32_ntop_extended_hex.
	26574	For example, HP-UX 11i <limits.h> declares gettimeofday. */
	26575	#define ldns_b32_ntop_extended_hex innocuous_ldns_b32_ntop_extended_hex
	26576
	26577	/* System header to define __stub macros and hopefully few prototypes,
	26578	which can conflict with char ldns_b32_ntop_extended_hex (); below.
	26579	Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
	26580	<limits.h> exists even on freestanding compilers. */
	26581
	26582	#ifdef __STDC__
	26583	# include <limits.h>
	26584	#else
	26585	# include <assert.h>
	26586	#endif
	26587
	26588	#undef ldns_b32_ntop_extended_hex
	26589
	26590	/* Override any GCC internal prototype to avoid an error.
	26591	Use char because int might match the return type of a GCC
	26592	builtin and then its argument prototype would still apply. */
	26593	#ifdef __cplusplus
	26594	extern "C"
	26595	#endif
	26596	char ldns_b32_ntop_extended_hex ();
	26597	/* The GNU C library defines this for functions which it implements
	26598	to always fail with ENOSYS. Some functions are actually named
	26599	something starting with __ and the normal name is an alias. */
	26600	#if defined __stub_ldns_b32_ntop_extended_hex \|\| defined __stub___ldns_b32_ntop_extended_hex
	26601	choke me
	26602	#endif
	26603
	26604	int
	26605	main ()
	26606	{
	26607	return ldns_b32_ntop_extended_hex ();
	26608	;
	26609	return 0;
	26610	}
	26611	_ACEOF
	26612	rm -f conftest.$ac_objext conftest$ac_exeext
	26613	if { (ac_try="$ac_link"
	26614	case "(($ac_try" in
	26615	\" \| \` \| \\) ac_try_echo=\$ac_try;;
	26616	*) ac_try_echo=$ac_try;;
	26617	esac
	26618	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
	26619	(eval "$ac_link") 2>conftest.er1
	26620	ac_status=$?
	26621	grep -v '^ *+' conftest.er1 >conftest.err
	26622	rm -f conftest.er1
	26623	cat conftest.err >&5
	26624	echo "$as_me:$LINENO: \$? = $ac_status" >&5
	26625	(exit $ac_status); } && {
	26626	test -z "$ac_c_werror_flag" \|\|
	26627	test ! -s conftest.err
	26628	} && test -s conftest$ac_exeext &&
	26629	$as_test_x conftest$ac_exeext; then
	26630	ac_cv_func_ldns_b32_ntop_extended_hex=yes
	26631	else
	26632	echo "$as_me: failed program was:" >&5
	26633	sed 's/^/\| /' conftest.$ac_ext >&5
	26634
	26635	ac_cv_func_ldns_b32_ntop_extended_hex=no
	26636	fi
	26637
	26638	rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
	26639	conftest$ac_exeext conftest.$ac_ext
	26640	fi
	26641	{ echo "$as_me:$LINENO: result: $ac_cv_func_ldns_b32_ntop_extended_hex" >&5
	26642	echo "${ECHO_T}$ac_cv_func_ldns_b32_ntop_extended_hex" >&6; }
	26643	if test $ac_cv_func_ldns_b32_ntop_extended_hex = yes; then
	26644	:
	26645	else
	26646
	26647	{ { echo "$as_me:$LINENO: error: ldns version too old, need >=1.4.0" >&5
	26648	echo "$as_me: error: ldns version too old, need >=1.4.0" >&2;}
	26649	{ (exit 1); exit 1; }; }
	26650	fi
	26651
25849	26652
25850	26653	else
25851	26654

25884	26687
25885	26688
25886	26689
25887		ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-checkconf.8 doc/unbound.conf.5"
	26690	ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8"
25888	26691
25889	26692	ac_config_headers="$ac_config_headers config.h"
25890	26693

26284	27087	# report actual input values of CONFIG_FILES etc. instead of their
26285	27088	# values after options handling.
26286	27089	ac_log="
26287		This file was extended by unbound $as_me 1.0.2, which was
	27090	This file was extended by unbound $as_me 1.2.1, which was
26288	27091	generated by GNU Autoconf 2.61. Invocation command line was
26289	27092
26290	27093	CONFIG_FILES = $CONFIG_FILES

26333	27136	_ACEOF
26334	27137	cat >>$CONFIG_STATUS <<_ACEOF
26335	27138	ac_cs_version="\\
26336		unbound config.status 1.0.2
	27139	unbound config.status 1.2.1
26337	27140	configured by $0, generated by GNU Autoconf 2.61,
26338	27141	with options \\"`echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
26339	27142

26446	27249	"doc/unbound.8") CONFIG_FILES="$CONFIG_FILES doc/unbound.8" ;;
26447	27250	"doc/unbound-checkconf.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-checkconf.8" ;;
26448	27251	"doc/unbound.conf.5") CONFIG_FILES="$CONFIG_FILES doc/unbound.conf.5" ;;
	27252	"doc/unbound-control.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-control.8" ;;
26449	27253	"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
26450	27254
26451	27255	*) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5

26563	27367	UNBOUND_CHROOT_DIR!$UNBOUND_CHROOT_DIR$ac_delim
26564	27368	UNBOUND_PIDFILE!$UNBOUND_PIDFILE$ac_delim
26565	27369	UNBOUND_USERNAME!$UNBOUND_USERNAME$ac_delim
	27370	DEPFLAG!$DEPFLAG$ac_delim
26566	27371	debug_enabled!$debug_enabled$ac_delim
26567	27372	libtool!$libtool$ac_delim
26568	27373	AR!$AR$ac_delim

26600	27405	LTLIBOBJS!$LTLIBOBJS$ac_delim
26601	27406	_ACEOF
26602	27407
26603		if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 90; then
	27408	if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 91; then
26604	27409	break
26605	27410	elif $ac_last_try; then
26606	27411	{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5

+226

-28

configure.ac less more

1	1	# Process this file with autoconf to produce a configure script.
2	2	AC_PREREQ(2.56)
3	3
4		AC_INIT(unbound,1.0.2, unbound-bugs@nlnetlabs.nl, unbound)
	4	AC_INIT(unbound, 1.2.1, unbound-bugs@nlnetlabs.nl, unbound)
5	5
6	6	LIBUNBOUND_CURRENT=0
7		LIBUNBOUND_REVISION=14
	7	LIBUNBOUND_REVISION=18
8	8	LIBUNBOUND_AGE=0
9	9	# 1.0.0 had 0:12:0
10	10	# 1.0.1 had 0:13:0
11	11	# 1.0.2 had 0:14:0
	12	# 1.1.0 had 0:15:0
	13	# 1.1.1 had 0:16:0
	14	# 1.2.0 had 0:17:0
	15	# 1.2.1 had 0:18:0
12	16
13	17	# Current -- the number of the binary API that we're implementing
14	18	# Revision -- which iteration of the implementation of the binary

32	36	AC_SUBST(LIBUNBOUND_REVISION)
33	37	AC_SUBST(LIBUNBOUND_AGE)
34	38
35		CFLAGS=
	39	CFLAGS="$CFLAGS"
36	40	AC_AIX
37	41
38	42	dnl

117	121	fi
118	122	])
119	123
	124	dnl setup flags for CHECK_COMPILER_FLAG_NEEDED
	125	AC_DEFUN([CHECK_ERROR_FLAGS],
	126	[
	127	CHECK_COMPILER_FLAG(Werror, [ERRFLAG="-Werror"], [ERRFLAG="-errwarn"])
	128	CHECK_COMPILER_FLAG(Wall, [ERRFLAG="$ERRFLAG -Wall"],
	129	[ERRFLAG="$ERRFLAG -errfmt"])
	130	])
	131
120	132	dnl routine to help check for needed compiler flags.
121	133	# if the given code compiles without the flag, execute argument 4
122	134	# if the given code only compiles with the flag, execute argument 3

124	136	AC_DEFUN([CHECK_COMPILER_FLAG_NEEDED],
125	137	[
126	138	AC_REQUIRE([AC_PROG_CC])
	139	AC_REQUIRE([CHECK_ERROR_FLAGS])
127	140	AC_MSG_CHECKING(whether we need $1 as a flag for $CC)
128	141	cache=`echo $1 \| sed 'y%.=/+- %___p__%'`
129	142	AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache,
130	143	[
131	144	echo '$2' > conftest.c
132	145	echo 'void f(){}' >>conftest.c
133		if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
	146	if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
134	147	eval "cv_prog_cc_flag_needed_$cache=no"
135	148	else
136	149	[
137		if test -z "`$CC $CFLAGS $1 -Werror -Wall -c conftest.c 2>&1`"; then
	150	if test -z "`$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`"; then
138	151	eval "cv_prog_cc_flag_needed_$cache=yes"
139	152	else
140	153	eval "cv_prog_cc_flag_needed_$cache=fail"
141	154	#echo 'Test with flag fails too!'
142	155	#cat conftest.c
143		#echo "$CC $CFLAGS $1 -Werror -Wall -c conftest.c 2>&1"
144		#echo `$CC $CFLAGS $1 -Werror -Wall -c conftest.c`
	156	#echo "$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1"
	157	#echo `$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`
145	158	#exit 1
146	159	fi
147	160	]

155	168	else
156	169	if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then
157	170	AC_MSG_RESULT(no)
	171	#echo 'Test with flag is no!'
	172	#cat conftest.c
	173	#echo "$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1"
	174	#echo `$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`
	175	#exit 1
158	176	:
159	177	$4
160	178	else

171	189	CHECK_COMPILER_FLAG(g, [CFLAGS="$CFLAGS -g"])
172	190	CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"])
173	191
	192	# test DEPFLAG
	193	AC_MSG_CHECKING([$CC dependency flag])
	194	echo 'void f(){}' >conftest.c
	195	if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then
	196	DEPFLAG="-MM"
	197	else
	198	if test "`$CC -xM1 conftest.c 2>&1`" = "conftest.o: conftest.c"; then
	199	DEPFLAG="-xM1"
	200	else
	201	DEPFLAG="-MM" # dunno do something
	202	fi
	203	fi
	204	AC_MSG_RESULT($DEPFLAG)
	205	rm -f conftest.c
	206	AC_SUBST(DEPFLAG)
	207
	208	CHECK_COMPILER_FLAG(std=c99, [C99FLAG="-std=c99"])
	209	CHECK_COMPILER_FLAG(xc99, [C99FLAG="-xc99"])
	210
174	211	AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT])
175	212
176	213	# MinGW32 tests
177	214	AC_CHECK_HEADERS([winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT])
178	215	# end mingw32 tests
179	216
180		CHECK_COMPILER_FLAG_NEEDED(-std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE,
	217	CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE,
181	218	[
182	219	#include "confdefs.h"
183	220	#include <stdlib.h>

200	237	time_t time = 0;
201	238	char *buf = NULL;
202	239	const char* str = NULL;
	240	struct msghdr msg;
	241	msg.msg_control = 0;
203	242	t = ctime_r(&time, buf);
204	243	tv.tv_usec = 10;
205	244	srandom(32);

208	247	str = gai_strerror(0);
209	248	return a;
210	249	}
211		], [CFLAGS="$CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"])
212
213		CHECK_COMPILER_FLAG_NEEDED(-std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE,
	250	], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"])
	251
	252	CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE,
214	253	[
215	254	#include "confdefs.h"
216	255	#include <stdlib.h>

233	272	time_t time = 0;
234	273	char *buf = NULL;
235	274	const char* str = NULL;
	275	struct msghdr msg;
	276	msg.msg_control = 0;
236	277	t = ctime_r(&time, buf);
237	278	tv.tv_usec = 10;
238	279	srandom(32);

241	282	str = gai_strerror(0);
242	283	return a;
243	284	}
244		], [CFLAGS="$CFLAGS -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"])
245
246		CHECK_COMPILER_FLAG_NEEDED(-std=c99,
	285	], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"])
	286
	287	CHECK_COMPILER_FLAG_NEEDED($C99FLAG,
247	288	[
248	289	#include <stdbool.h>
249	290	#include <ctype.h>

251	292	int a = 0;
252	293	return a;
253	294	}
254		], [CFLAGS="$CFLAGS -std=c99"])
	295	], [CFLAGS="$CFLAGS $C99FLAG"])
255	296
256	297	CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE,
257	298	[

271	312	int test() {
272	313	struct in6_pktinfo inf;
273	314	int a = (int)sizeof(inf);
	315	return a;
	316	}
	317	], [CFLAGS="$CFLAGS -D_GNU_SOURCE"])
	318
	319	# check again for GNU_SOURCE for setresgid. May fail if setresgid
	320	# is not available at all. -D_FRSRESGID is to make this check unique.
	321	# otherwise we would get the previous cached result.
	322	CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE -D_FRSRESGID,
	323	[
	324	#include <unistd.h>
	325
	326	int test() {
	327	int a = setresgid(0,0,0);
	328	a = setresuid(0,0,0);
274	329	return a;
275	330	}
276	331	], [CFLAGS="$CFLAGS -D_GNU_SOURCE"])

423	478
424	479	# Checks for header files.
425	480	AC_HEADER_STDC
426		AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h],,, [AC_INCLUDES_DEFAULT])
	481	AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h],,, [AC_INCLUDES_DEFAULT])
427	482
428	483	# check for types
429	484	AC_CHECK_TYPE(int8_t, char)

495	550	],[
496	551	withval="yes"
497	552	])
	553	if test x_$withval = x_no; then
	554	AC_MSG_ERROR([Need SSL library to do digital signature cryptography])
	555	fi
498	556	if test x_$withval != x_no; then
499	557	AC_MSG_CHECKING(for SSL)
500	558	if test x_$withval = x_ -o x_$withval = x_yes; then

520	578	fi
521	579
522	580	AC_MSG_CHECKING([for HMAC_CTX_init in -lcrypto])
523		ORIGLIBS="$LIBS"
524	581	LIBS="$LIBS -lcrypto"
525	582	AC_TRY_LINK(, [
526	583	int HMAC_CTX_init(void);

553	610	AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
554	611	AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
555	612	AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
	613	AC_CHECK_FUNCS([EVP_sha1 EVP_sha256 EVP_sha512])
	614
	615	# check if libssl needs libdl
	616	BAKLIBS="$LIBS"
	617	LIBS="-lssl $LIBS"
	618	AC_MSG_CHECKING([if libssl needs libdl])
	619	AC_TRY_LINK_FUNC([SSL_CTX_new], [
	620	AC_MSG_RESULT([no])
	621	LIBS="$BAKLIBS"
	622	] , [
	623	AC_MSG_RESULT([yes])
	624	LIBS="$BAKLIBS"
	625	AC_SEARCH_LIBS([dlopen], [dl])
	626	])
556	627
557	628	# check for thread library.
558	629	AC_ARG_WITH(pthreads, AC_HELP_STRING([--with-pthreads],

671	742	AC_CHECK_FUNCS([event_base_free]) # only in libevent 1.2 and later
672	743	AC_CHECK_FUNCS([event_base_once]) # only in libevent 1.4? and later
673	744	AC_CHECK_FUNCS([event_base_get_method]) # only in libevent 1.4.3 and later
	745	AC_CHECK_FUNCS([ev_loop]) # only in libev. (tested on 3.51)
674	746	if test -n "$BAK_LDFLAGS"; then
675	747	LDFLAGS="$BAK_LDFLAGS"
676	748	fi

780	852	if test $ac_cv_func_getaddrinfo = no; then
781	853	AC_LIBOBJ([fake-rfc2553])
782	854	fi
783		AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev])
	855	AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob])
	856
	857	# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
	858	if echo $build_os \| grep darwin8 > /dev/null; then
	859	AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
	860	fi
	861
	862	# check if select and nonblocking sockets actually work.
	863	AC_MSG_CHECKING([if nonblocking sockets work])
	864	AC_RUN_IFELSE(AC_LANG_PROGRAM([
	865	#include <stdio.h>
	866	#include <string.h>
	867	#include <stdlib.h>
	868	#include <fcntl.h>
	869	#include <errno.h>
	870	#ifdef HAVE_SYS_TYPES_H
	871	#include <sys/types.h>
	872	#endif
	873	#ifdef HAVE_SYS_SOCKET_H
	874	#include <sys/socket.h>
	875	#endif
	876	#ifdef HAVE_NETINET_IN_H
	877	#include <netinet/in.h>
	878	#endif
	879	#ifdef HAVE_ARPA_INET_H
	880	#include <arpa/inet.h>
	881	#endif
	882	#ifdef HAVE_UNISTD_H
	883	#include <unistd.h>
	884	#endif
	885	#ifdef HAVE_TIME_H
	886	#include <time.h>
	887	#endif
	888	],[[
	889	int port;
	890	int sfd, cfd;
	891	int num = 10;
	892	int i, p;
	893	struct sockaddr_in a;
	894	/* test if select and nonblocking reads work well together */
	895	/* open port.
	896	fork child to send 10 messages.
	897	select to read.
	898	then try to nonblocking read the 10 messages
	899	then, nonblocking read must give EAGAIN
	900	*/
	901
	902	port = 12345 + (time(0)%32);
	903	sfd = socket(PF_INET, SOCK_DGRAM, 0);
	904	if(sfd == -1) {
	905	perror("socket");
	906	return 1;
	907	}
	908	memset(&a, 0, sizeof(a));
	909	a.sin_family = AF_INET;
	910	a.sin_port = htons(port);
	911	a.sin_addr.s_addr = inet_addr("127.0.0.1");
	912	if(bind(sfd, (struct sockaddr*)&a, sizeof(a)) < 0) {
	913	perror("bind");
	914	return 1;
	915	}
	916	if(fcntl(sfd, F_SETFL, O_NONBLOCK) == -1) {
	917	perror("fcntl");
	918	return 1;
	919	}
	920
	921	cfd = socket(PF_INET, SOCK_DGRAM, 0);
	922	if(cfd == -1) {
	923	perror("client socket");
	924	return 1;
	925	}
	926	a.sin_port = 0;
	927	if(bind(cfd, (struct sockaddr*)&a, sizeof(a)) < 0) {
	928	perror("client bind");
	929	return 1;
	930	}
	931	a.sin_port = htons(port);
	932
	933	/* no handler, causes exit in 10 seconds */
	934	alarm(10);
	935
	936	/* send and receive on the socket */
	937	if((p=fork()) == 0) {
	938	for(i=0; i<num; i++) {
	939	if(sendto(cfd, &i, sizeof(i), 0,
	940	(struct sockaddr*)&a, sizeof(a)) < 0) {
	941	perror("sendto");
	942	return 1;
	943	}
	944	}
	945	} else {
	946	/* parent */
	947	fd_set rset;
	948	int x;
	949	if(p == -1) {
	950	perror("fork");
	951	return 1;
	952	}
	953	FD_ZERO(&rset);
	954	FD_SET(sfd, &rset);
	955	if(select(sfd+1, &rset, NULL, NULL, NULL) < 1) {
	956	perror("select");
	957	return 1;
	958	}
	959	i = 0;
	960	while(i < num) {
	961	if(recv(sfd, &x, sizeof(x), 0) != sizeof(x)) {
	962	if(errno == EAGAIN)
	963	continue;
	964	perror("recv");
	965	return 1;
	966	}
	967	i++;
	968	}
	969	/* now we want to get EAGAIN: nonblocking goodness */
	970	errno = 0;
	971	recv(sfd, &x, sizeof(x), 0);
	972	if(errno != EAGAIN) {
	973	perror("trying to recv again");
	974	return 1;
	975	}
	976	/* EAGAIN encountered */
	977	}
	978
	979	close(sfd);
	980	close(cfd);
	981	]]), [
	982	AC_MSG_RESULT([yes])
	983	], [
	984	AC_MSG_RESULT([no])
	985	AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).])
	986	], [
	987	AC_MSG_RESULT([crosscompile(yes)])
	988	])
784	989
785	990	# check mkdir
786	991	AC_MSG_CHECKING([whether mkdir has one arg])

822	1027	AC_REPLACE_FUNCS(strlcpy)
823	1028	AC_REPLACE_FUNCS(memmove)
824	1029	AC_REPLACE_FUNCS(gmtime_r)
825		AC_REPLACE_FUNCS(socketpair) dnl for mingw32
826	1030
827	1031	# check this after all other compilation checks, since the linking of the lib
828	1032	# may break checks after this.

838	1042	AC_CHECK_LIB(ldns, ldns_buffer_copy, [
839	1043	dnl ldns was found, check compat functions
840	1044	AC_CHECK_LIB(ldns, [ldns_rr_free])
	1045	AC_CHECK_FUNC([ldns_b32_ntop_extended_hex],, [
	1046	AC_MSG_ERROR([ldns version too old, need >=1.4.0])])
841	1047	] , [
842	1048	dnl use the builtin ldns-src.tar.gz file to build ldns.
843	1049	if test ! -f $srcdir/ldns-src.tar.gz; then

1003	1209	struct tm gmtime_r(const time_t timep, struct tm *result);
1004	1210	#endif
1005	1211	#ifndef HAVE_GETADDRINFO
1006		#define getaddrinfo getaddrinfo_unbound
1007		#define gai_strerror gai_strerror_unbound
1008		#define freeaddrinfo freeaddrinfo_unbound
1009		#define getnameinfo getnameinfo_unbound
1010	1212	struct sockaddr_storage;
1011	1213	#include "compat/fake-rfc2553.h"
1012	1214	#endif
1013
1014	1215	#ifndef HAVE_SLEEP
1015	1216	#define sleep(x) Sleep((x)1000) / on win32 */
1016	1217	#endif /* HAVE_SLEEP */

1023	1224	#ifndef HAVE_SRANDOM
1024	1225	#define srandom(x) srand(x) /* on win32, for tests only (bad random) */
1025	1226	#endif /* HAVE_SRANDOM */
1026		#ifndef HAVE_SOCKETPAIR
1027		int socketpair(int d, int type, int protocol, int *sv);
1028		#endif
1029	1227
1030	1228	/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
1031	1229	#ifdef HAVE_WINSOCK2_H

1059	1257	#define UNBOUND_DNS_PORT 53
1060	1258	])
1061	1259
1062		AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-checkconf.8 doc/unbound.conf.5])
	1260	AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8])
1063	1261	AC_CONFIG_HEADER([config.h])
1064	1262	AC_OUTPUT

+2

-0

contrib/README less more

6	6	* unbound.spec and unbound.init: RPM specfile and Linux rc.d initfile.
7	7	* update-anchor.sh: shell script that uses unbound-host to update a set
8	8	of trust anchor files. Run from cron twice a month.
	9	* unbound_munin_ : plugin for munin statistics report
	10	* selinux: the .fc and .te files for SElinux protection of the unbound daemon

+4

-2

contrib/rc_d_unbound less more

14	14	name="unbound"
15	15	rcvar=`set_rcvar`
16	16
	17	load_rc_config $name
	18
17	19	command="/usr/local/sbin/unbound"
18		pidfile="/usr/local/etc/unbound/unbound.pid"
	20	pidfile=${unbound_pidfile:-"/usr/local/etc/unbound/unbound.pid"}
	21	command_args=${unbound_flags:-"-c /usr/local/etc/unbound/unbound.conf"}
19	22	extra_commands="reload"
20	23
21		load_rc_config $name
22	24	run_rc_command "$1"

+4

-0

contrib/selinux/unbound.fc less more

	0	/etc/unbound(/.*)? system_u:object_r:unbound_conf_t:s0
	1	/etc/rc\.d/init\.d/unbound -- system_u:object_r:unbound_initrc_exec_t:s0
	2	/usr/sbin/unbound -- system_u:object_r:unbound_exec_t:s0
	3	/var/run/unbound(/.*)? system_u:object_r:unbound_var_run_t:s0

+42

-0

contrib/selinux/unbound.te less more

	0	policy_module(unbound, 0.1.0)
	1
	2	type unbound_t;
	3	type unbound_conf_t;
	4	type unbound_exec_t;
	5	type unbound_initrc_exec_t;
	6	type unbound_var_run_t;
	7
	8	init_daemon_domain(unbound_t, unbound_exec_t)
	9	init_script_file(unbound_initrc_exec_t)
	10
	11	role system_r types unbound_t;
	12
	13	# XXX
	14	# unbound-{checkconf,control} are not protected. Do we need protect them?
	15
	16	# Unbound daemon
	17
	18	auth_use_nsswitch(unbound_t)
	19	dev_read_urand(unbound_t)
	20	corenet_all_recvfrom_unlabeled(unbound_t)
	21	corenet_tcp_bind_all_nodes(unbound_t)
	22	corenet_tcp_bind_dns_port(unbound_t)
	23	corenet_tcp_bind_rndc_port(unbound_t)
	24	corenet_udp_bind_all_nodes(unbound_t)
	25	corenet_udp_bind_all_unreserved_ports(unbound_t)
	26	corenet_udp_bind_dns_port(unbound_t)
	27	files_read_etc_files(unbound_t)
	28	files_pid_file(unbound_var_run_t)
	29	files_type(unbound_conf_t)
	30	libs_use_ld_so(unbound_t)
	31	libs_use_shared_libs(unbound_t)
	32	logging_send_syslog_msg(unbound_t)
	33	manage_files_pattern(unbound_t, unbound_var_run_t, unbound_var_run_t)
	34	miscfiles_read_localization(unbound_t)
	35	read_files_pattern(unbound_t, unbound_conf_t, unbound_conf_t)
	36
	37	allow unbound_t self:capability { setuid chown net_bind_service setgid dac_override };
	38	allow unbound_t self:tcp_socket create_stream_socket_perms;
	39	allow unbound_t self:udp_socket create_socket_perms;
	40
	41	###################################################

+119

-0

contrib/unbound.init_fedora less more

	0	#!/bin/sh
	1	#
	2	# unbound This shell script takes care of starting and stopping
	3	# unbound (DNS server).
	4	#
	5	# chkconfig: - 14 86
	6	# description: unbound is a Domain Name Server (DNS) \
	7	# that is used to resolve host names to IP addresses.
	8
	9	### BEGIN INIT INFO
	10	# Provides: unbound
	11	# Required-Start: $network $local_fs
	12	# Required-Stop: $network $local_fs
	13	# Should-Start: $syslog
	14	# Should-Stop: $syslog
	15	# Short-Description: unbound recursive Domain Name Server.
	16	# Description: unbound is a Domain Name Server (DNS)
	17	# that is used to resolve host names to IP addresses.
	18	### END INIT INFO
	19
	20	# Source function library.
	21	. /etc/rc.d/init.d/functions
	22
	23	exec="/usr/sbin/unbound"
	24	config="/var/lib/unbound/unbound.conf"
	25	rootdir="/var/lib/unbound"
	26	pidfile="/var/run/unbound/unbound.pid"
	27
	28	[ -e /etc/sysconfig/unbound ] && . /etc/sysconfig/unbound
	29
	30	lockfile=/var/lock/subsys/unbound
	31
	32	start() {
	33	[ -x $exec ] \|\| exit 5
	34	[ -f $config ] \|\| exit 6
	35	echo -n $"Starting unbound: "
	36
	37	if [ ! -e ${rootdir}/etc/resolv.conf ] \|\| /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then
	38	cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf
	39	fi;
	40	if [ ! -e ${rootdir}/etc/localtime ] \|\| /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then
	41	cp -fp /etc/localtime ${rootdir}/etc/localtime
	42	fi;
	43	mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1;
	44	mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1;
	45	mount --bind -n /var/run/unbound ${rootdir}/var/run/unbound >/dev/null 2>&1;
	46
	47	# if not running, start it up here
	48	daemon $exec
	49	retval=$?
	50	[ $retval -eq 0 ] && touch $lockfile
	51	echo
	52	}
	53
	54	stop() {
	55	echo -n $"Stopping unbound: "
	56	# stop it here, often "killproc unbound"
	57	killproc -p $pidfile unbound
	58	retval=$?
	59	[ $retval -eq 0 ] && rm -f $lockfile
	60	for mountfile in /dev/log /dev/random /etc/localtime /etc/resolv.conf /var/run/unbound
	61	do
	62	if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}''${mountfile}'' /proc/mounts; then
	63	umount ${rootdir}$mountfile >/dev/null 2>&1
	64	fi;
	65	done
	66	echo
	67	}
	68
	69	restart() {
	70	stop
	71	start
	72	}
	73
	74	reload() {
	75	kill -HUP `cat $pidfile`
	76	}
	77
	78	force_reload() {
	79	restart
	80	}
	81
	82	rh_status() {
	83	# run checks to determine if the service is running or use generic status
	84	status -p $pidfile unbound
	85	}
	86
	87	rh_status_q() {
	88	rh_status -p $pidfile >/dev/null 2>&1
	89	}
	90
	91	case "$1" in
	92	start)
	93	start
	94	;;
	95	stop)
	96	stop
	97	;;
	98	restart)
	99	restart
	100	;;
	101	reload)
	102	reload
	103	;;
	104	force-reload)
	105	force_reload
	106	;;
	107	status)
	108	rh_status
	109	;;
	110	condrestart\|try-restart)
	111	rh_status_q \|\| exit 0
	112	restart
	113	;;
	114	*)
	115	echo $"Usage: $0 {start\|stop\|status\|restart\|condrestart\|try-restart\|reload\|force-reload}"
	116	exit 2
	117	esac
	118	exit $?

+185

-0

contrib/unbound.spec_fedora less more

	0	Summary: Validating, recursive, and caching DNS(SEC) resolver
	1	Name: unbound
	2	Version: 1.1.0
	3	Release: 1%{?dist}
	4	License: BSD
	5	Url: http://www.nlnetlabs.nl/unbound/
	6	Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
	7	Source1: unbound.init
	8	Source2: unbound.conf
	9	Group: System Environment/Daemons
	10	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
	11	BuildRequires: flex, openssl-devel, ldns-devel >= 1.3.0, libevent-devel
	12	Requires(post): chkconfig
	13	Requires(preun): chkconfig
	14	Requires(preun): initscripts
	15	Requires(postun): initscripts
	16	Requires: ldns >= 1.3.0
	17	Requires(pre): shadow-utils
	18	# Is this obsolete?
	19	#Provides: caching-nameserver
	20
	21	%description
	22	Unbound is a validating, recursive, and caching DNS(SEC) resolver.
	23
	24	The C implementation of Unbound is developed and maintained by NLnet
	25	Labs. It is based on ideas and algorithms taken from a java prototype
	26	developed by Verisign labs, Nominet, Kirei and ep.net.
	27
	28	Unbound is designed as a set of modular components, so that also
	29	DNSSEC (secure DNS) validation and stub-resolvers (that do not run
	30	as a server, but are linked into an application) are easily possible.
	31
	32	%package devel
	33	Summary: Development package that includes the unbound header files
	34	Group: Development/Libraries
	35	Requires: %{name}-libs = %{version}-%{release}, openssl-devel, ldns-devel
	36	Requires: libevent-devel
	37
	38	%description devel
	39	The devel package contains the unbound library and the include files
	40
	41	%package libs
	42	Summary: Libraries used by the unbound server and client applications
	43	Group: Applications/System
	44	Requires(post): /sbin/ldconfig
	45	Requires(postun): /sbin/ldconfig
	46
	47	%description libs
	48	Contains libraries used by the unbound server and client applications
	49
	50	%prep
	51	%setup -q
	52
	53	%build
	54	%configure --with-ldns= --with-libevent --with-pthreads --with-ssl \
	55	--disable-rpath --enable-debug --disable-static \
	56	--with-run-dir=%{_localstatedir}/lib/%{name}\
	57	--with-conf-file=%{_localstatedir}/lib/%{name}/unbound.conf \
	58	--with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid
	59	%{__make} CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" QUIET=no %{?_smp_mflags}
	60
	61	%install
	62	rm -rf %{buildroot}
	63	%{__make} DESTDIR=%{buildroot} install
	64	install -d 0755 %{buildroot}%{_localstatedir}/lib/%{name}
	65	install -d 0755 %{buildroot}%{_initrddir}
	66	#install -m 0755 contrib/unbound.init %{buildroot}%{_initrddir}/unbound
	67	install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound
	68	#overwrite stock unbound.conf with our own
	69	install -m 0755 %{SOURCE2} %{buildroot}%{_localstatedir}/lib/%{name}
	70
	71	# add symbolic link from /etc/unbound.conf -> /var/unbound/unbound.conf
	72
	73	( cd %{buildroot}%{_sysconfdir}/ ; ln -s ..%{_localstatedir}/lib/unbound/unbound.conf )
	74	# remove static library from install (fedora packaging guidelines)
	75	rm -rf %{buildroot}%{_libdir}/*.la
	76
	77	# The chroot needs /dev/log, /dev/random, /etc/resolv.conf and /etc/localtime
	78	# but the init script uses mount --bind, so just create empty files
	79	mkdir -p %{buildroot}%{_localstatedir}/lib/unbound/etc \
	80	%{buildroot}%{_localstatedir}/lib/unbound/dev
	81	echo "Used for mount --bind in initscript" > %{buildroot}%{_localstatedir}/lib/unbound/etc/resolv.conf
	82	echo "Used for mount --bind in initscript" > %{buildroot}%{_localstatedir}/lib/unbound/etc/localtime
	83	echo "Used for mount --bind in initscript" > %{buildroot}%{_localstatedir}/lib/unbound/dev/log
	84	echo "Used for mount --bind in initscript" > %{buildroot}%{_localstatedir}/lib/unbound/dev/random
	85	mkdir -p %{buildroot}%{_localstatedir}/lib/unbound/var/run/unbound
	86	mkdir -p %{buildroot}%{_localstatedir}/run/unbound
	87
	88	%clean
	89	rm -rf ${RPM_BUILD_ROOT}
	90
	91	%files
	92	%defattr(-,root,root,-)
	93	%doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES
	94	%attr(0755,root,root) %{_initrddir}/%{name}
	95	# the chroot env
	96	%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}
	97	%attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}
	98	%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/dev
	99	%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/etc
	100	%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/var
	101	%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/var/run
	102	%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/var/run/unbound
	103	%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/unbound.conf
	104	%attr(0644,root,root) %config(noreplace) %{_localstatedir}/lib/%{name}/unbound.conf
	105	%attr(0644,root,root) %{_localstatedir}/lib/%{name}/dev/*
	106	%attr(0644,root,root) %{_localstatedir}/lib/%{name}/etc/*
	107	%{_sbindir}/*
	108	%{_mandir}//
	109
	110	%files devel
	111	%defattr(-,root,root,-)
	112	%{_libdir}/libunbound.so
	113	%{_includedir}/unbound.h
	114	%doc README
	115
	116	%files libs
	117	%defattr(-,root,root,-)
	118	%{_libdir}/libunbound.so.*
	119	%doc doc/README doc/LICENSE
	120
	121	%pre
	122	getent group unbound >/dev/null \|\| groupadd -r unbound
	123	getent passwd unbound >/dev/null \|\| \
	124	useradd -r -g unbound -d %{_localstatedir}/lib/%{name} -s /sbin/nologin \
	125	-c "Unbound DNS resolver" unbound
	126	exit 0
	127
	128	%post
	129	/sbin/chkconfig --add %{name}
	130
	131	%post libs -p /sbin/ldconfig
	132
	133
	134	%preun
	135	if [ $1 -eq 0 ]; then
	136	/sbin/service %{name} stop >/dev/null 2>&1
	137	/sbin/chkconfig --del %{name}
	138	fi
	139
	140	%postun
	141	if [ "$1" -ge "1" ]; then
	142	/sbin/service %{name} condrestart >/dev/null 2>&1 \|\| :
	143	fi
	144
	145	%postun libs -p /sbin/ldconfig
	146
	147	%changelog
	148	* Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5
	149	- Only call ldconfig in -libs package
	150	- Move configure into build section
	151	- devel subpackage should only depend on libs subpackage
	152
	153	* Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4
	154	- Fix CFLAGS getting lost in build
	155	- Don't enable interface-automatic:yes because that
	156	causes unbound to listen on 0.0.0.0 instead of 127.0.0.1
	157
	158	* Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3
	159	- Split off unbound-libs, make build verbose
	160
	161	* Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2
	162	- FSB compliance, chroot fixes, initscript fixes
	163
	164	* Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1
	165	- Upgraded to 1.0.2
	166
	167	* Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1
	168	- upgraded to new release
	169
	170	* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2
	171	- Build against ldns-1.3.0
	172
	173	* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1
	174	- Split of -devel package, fixed dependancies, make rpmlint happy
	175
	176	* Thu Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12
	177	- Using parts from ports collection entry by Jaap Akkerhuis.
	178	- Using Fedoraproject wiki guidelines.
	179
	180	* Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11
	181	- Initial version.
	182
	183
	184

+528

-0

contrib/unbound_munin_ less more

	0	#!/bin/sh
	1	#
	2	# plugin for munin to monitor usage of unbound servers.
	3	#
	4	# (C) 2008 W.C.A. Wijngaards. BSD Licensed.
	5	#
	6	# To install; enable statistics and unbound-control in unbound.conf
	7	# server: extended-statistics: yes
	8	# statistics-cumulative: no
	9	# statistics-interval: 0
	10	# remote-control: control-enable: yes
	11	# Run the command unbound-control-setup to generate the key files.
	12	#
	13	# Environment variables for this script
	14	# statefile - where to put temporary statefile.
	15	# unbound_conf - where the unbound.conf file is located.
	16	# unbound_control - where to find unbound-control executable.
	17	# spoof_warn - what level to warn about spoofing
	18	# spoof_crit - what level to crit about spoofing
	19	#
	20	# You can set them in your munin/plugin-conf.d/plugins.conf file
	21	# with:
	22	# [unbound*]
	23	# user root
	24	# env.statefile /usr/local/var/munin/plugin-state/unbound-state
	25	# env.unbound_conf /usr/local/etc/unbound/unbound.conf
	26	# env.unbound_control /usr/local/sbin/unbound-control
	27	# env.spoof_warn 1000
	28	# env.spoof_crit 100000
	29	#
	30	# This plugin can create different graphs depending on what name
	31	# you link it as (with ln -s) into the plugins directory
	32	# You can link it multiple times.
	33	# If you are only a casual user, the _hits and _by_type are most interesting,
	34	# possibly followed by _by_rcode.
	35	#
	36	# unbound_munin_hits - base volume, cache hits, unwanted traffic
	37	# unbound_munin_queue - to monitor the internal requestlist
	38	# unbound_munin_memory - memory usage
	39	# unbound_munin_by_type - incoming queries by type
	40	# unbound_munin_by_class - incoming queries by class
	41	# unbound_munin_by_opcode - incoming queries by opcode
	42	# unbound_munin_by_rcode - answers by rcode, validation status
	43	# unbound_munin_by_flags - incoming queries by flags
	44	# unbound_munin_histogram - histogram of query resolving times
	45	#
	46	# Magic markers - optional - used by installation scripts and
	47	# munin-config:
	48	#
	49	#%# family=contrib
	50	#%# capabilities=autoconf suggest
	51
	52	# POD documentation
	53	: <<=cut
	54	=head1 NAME
	55
	56	unbound_munin_ - Munin plugin to monitor the Unbound DNS resolver.
	57
	58	=head1 APPLICABLE SYSTEMS
	59
	60	System with unbound daemon.
	61
	62	=head1 CONFIGURATION
	63
	64	[unbound*]
	65	user root
	66	env.statefile /usr/local/var/munin/plugin-state/unbound-state
	67	env.unbound_conf /usr/local/etc/unbound/unbound.conf
	68	env.unbound_control /usr/local/sbin/unbound-control
	69	env.spoof_warn 1000
	70	env.spoof_crit 100000
	71
	72	Use the .env settings to override the defaults.
	73
	74	=head1 USAGE
	75
	76	Can be used to present different graphs. Use ln -s for that name in
	77	the plugins directory to enable the graph.
	78	unbound_munin_hits - base volume, cache hits, unwanted traffic
	79	unbound_munin_queue - to monitor the internal requestlist
	80	unbound_munin_memory - memory usage
	81	unbound_munin_by_type - incoming queries by type
	82	unbound_munin_by_class - incoming queries by class
	83	unbound_munin_by_opcode - incoming queries by opcode
	84	unbound_munin_by_rcode - answers by rcode, validation status
	85	unbound_munin_by_flags - incoming queries by flags
	86	unbound_munin_histogram - histogram of query resolving times
	87
	88	=head1 AUTHOR
	89
	90	Copyright 2008 W.C.A. Wijngaards
	91
	92	=head1 LICENSE
	93
	94	BSD
	95
	96	=cut
	97
	98	state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state}
	99	conf=${unbound_conf:-/usr/local/etc/unbound/unbound.conf}
	100	ctrl=${unbound_control:-/usr/local/sbin/unbound-control}
	101	warn=${spoof_warn:-1000}
	102	crit=${spoof_crit:-100000}
	103	lock=$state.lock
	104
	105	# number of seconds between polling attempts.
	106	# makes the statefile hang around for at least this many seconds,
	107	# so that multiple links of this script can share the results.
	108	lee=55
	109
	110	# to keep things within 19 characters
	111	ABBREV="-e s/total/t/ -e s/thread/t/ -e s/num/n/ -e s/query/q/ -e s/answer/a/ -e s/unwanted/u/ -e s/requestlist/ql/ -e s/type/t/ -e s/class/c/ -e s/opcode/o/ -e s/rcode/r/ -e s/edns/e/ -e s/mem/m/ -e s/cache/c/ -e s/mod/m/"
	112
	113	# get value from $1 into return variable $value
	114	get_value ( ) {
	115	value="`grep '^'$1'=' $state \| sed -e 's/^.*=//'`"
	116	if test "$value"x = ""x; then
	117	value="0"
	118	fi
	119	}
	120
	121	# download the state from the unbound server.
	122	get_state ( ) {
	123	# obtain lock for fetching the state
	124	# because there is a race condition in fetching and writing to file
	125	i=0
	126	while test ! -f $lock \|\| test "`cat $lock`" != $$; do
	127	while test -f $lock; do
	128	# wait
	129	i=`expr $i + 1`
	130	if test $i -gt 1000; then
	131	sleep 1;
	132	fi
	133	if test $i -gt 1500; then
	134	echo "error locking $lock" "=" `cat $lock`
	135	rm -f $lock
	136	exit 1
	137	fi
	138	done
	139	# try to get it
	140	echo $$ >$lock
	141	done
	142	# do not refetch if the file exists and only LEE seconds old
	143	if test -f $state; then
	144	now=`date +%s`
	145	get_value "time.now"
	146	value="`echo $value \| sed -e 's/\..*$//'`"
	147	if test $now -lt `expr $value + $lee`; then
	148	rm -f $lock
	149	return
	150	fi
	151	fi
	152	$ctrl -c $conf stats > $state
	153	if test $? -ne 0; then
	154	echo "error retrieving data from unbound server"
	155	rm -f $lock
	156	exit 1
	157	fi
	158	rm -f $lock
	159	}
	160
	161	if test "$1" = "autoconf" ; then
	162	if test ! -f $conf; then
	163	echo no "($conf does not exist)"
	164	exit 1
	165	fi
	166	if test ! -d `dirname $state`; then
	167	echo no "($state directory does not exist)"
	168	exit 1
	169	fi
	170	echo yes
	171	exit 0
	172	fi
	173
	174	if test "$1" = "suggest" ; then
	175	echo "hits"
	176	echo "queue"
	177	echo "memory"
	178	echo "by_type"
	179	echo "by_class"
	180	echo "by_opcode"
	181	echo "by_rcode"
	182	echo "by_flags"
	183	echo "histogram"
	184	exit 0
	185	fi
	186
	187	# determine my type, by name
	188	id=`echo $0 \| sed -e 's/^.*unbound_munin_//'`
	189	if test "$id"x = ""x; then
	190	# some default to keep people sane.
	191	id="hits"
	192	fi
	193
	194	# if $1 exists in statefile, config is echoed with label $2
	195	exist_config ( ) {
	196	mn=`echo $1 \| sed $ABBREV \| tr . _`
	197	if grep '^'$1'=' $state >/dev/null 2>&1; then
	198	echo "$mn.label $2"
	199	echo "$mn.min 0"
	200	fi
	201	}
	202
	203	# print label and min 0 for a name $1 in unbound format
	204	p_config ( ) {
	205	mn=`echo $1 \| sed $ABBREV \| tr . _`
	206	echo $mn.label "$2"
	207	echo $mn.min 0
	208	}
	209
	210	if test "$1" = "config" ; then
	211	if test ! -f $state; then
	212	get_state
	213	fi
	214	case $id in
	215	hits)
	216	echo "graph_title Unbound DNS traffic and cache hits"
	217	echo "graph_args --base 1000 -l 0"
	218	echo "graph_vlabel queries / second"
	219	echo "graph_category DNS"
	220	for x in thread0.num.queries thread1.num.queries \
	221	thread2.num.queries thread3.num.queries thread4.num.queries \
	222	thread5.num.queries thread6.num.queries thread7.num.queries; do
	223	exist_config $x "queries handled by `basename $x .num.queries`"
	224	done
	225	p_config "total.num.queries" "total queries from clients"
	226	p_config "total.num.cachehits" "cache hits"
	227	p_config "num.query.tcp" "TCP queries"
	228	p_config "num.query.ipv6" "IPv6 queries"
	229	p_config "unwanted.queries" "queries that failed acl"
	230	p_config "unwanted.replies" "unwanted or unsolicited replies"
	231	echo "u_replies.warning $warn"
	232	echo "u_replies.critical $crit"
	233	echo "graph_info DNS queries to the recursive resolver. The unwanted replies could be innocent duplicate packets, late replies, or spoof threats."
	234	;;
	235	queue)
	236	echo "graph_title Unbound requestlist size"
	237	echo "graph_args --base 1000 -l 0"
	238	echo "graph_vlabel number of queries"
	239	echo "graph_category DNS"
	240	p_config "total.requestlist.avg" "Average size of queue on insert"
	241	p_config "total.requestlist.max" "Max size of queue (in 5 min)"
	242	p_config "total.requestlist.overwritten" "Number of queries replaced by new ones"
	243	p_config "total.requestlist.exceeded" "Number of queries dropped due to lack of space"
	244	echo "graph_info The queries that did not hit the cache and need recursion service take up space in the requestlist. If there are too many queries, first queries get overwritten, and at last resort dropped."
	245	;;
	246	memory)
	247	echo "graph_title Unbound memory usage"
	248	echo "graph_args --base 1024 -l 0"
	249	echo "graph_vlabel memory used in bytes"
	250	echo "graph_category DNS"
	251	p_config "mem.total.sbrk" "Total memory"
	252	p_config "mem.cache.rrset" "RRset cache memory"
	253	p_config "mem.cache.message" "Message cache memory"
	254	p_config "mem.mod.iterator" "Iterator module memory"
	255	p_config "mem.mod.validator" "Validator module and key cache memory"
	256	echo "graph_info The memory used by unbound."
	257	;;
	258	by_type)
	259	echo "graph_title Unbound DNS queries by type"
	260	echo "graph_args --base 1000 -l 0"
	261	echo "graph_vlabel queries / second"
	262	echo "graph_category DNS"
	263	for x in `grep "^num.query.type" $state`; do
	264	nm=`echo $x \| sed -e 's/=.*$//'`
	265	tp=`echo $nm \| sed -e s/num.query.type.//`
	266	p_config "$nm" "$tp"
	267	done
	268	echo "graph_info queries by DNS RR type queried for"
	269	;;
	270	by_class)
	271	echo "graph_title Unbound DNS queries by class"
	272	echo "graph_args --base 1000 -l 0"
	273	echo "graph_vlabel queries / second"
	274	echo "graph_category DNS"
	275	for x in `grep "^num.query.class" $state`; do
	276	nm=`echo $x \| sed -e 's/=.*$//'`
	277	tp=`echo $nm \| sed -e s/num.query.class.//`
	278	p_config "$nm" "$tp"
	279	done
	280	echo "graph_info queries by DNS RR class queried for."
	281	;;
	282	by_opcode)
	283	echo "graph_title Unbound DNS queries by opcode"
	284	echo "graph_args --base 1000 -l 0"
	285	echo "graph_vlabel queries / second"
	286	echo "graph_category DNS"
	287	for x in `grep "^num.query.opcode" $state`; do
	288	nm=`echo $x \| sed -e 's/=.*$//'`
	289	tp=`echo $nm \| sed -e s/num.query.opcode.//`
	290	p_config "$nm" "$tp"
	291	done
	292	echo "graph_info queries by opcode in the query packet."
	293	;;
	294	by_rcode)
	295	echo "graph_title Unbound DNS answers by return code"
	296	echo "graph_args --base 1000 -l 0"
	297	echo "graph_vlabel answer packets / second"
	298	echo "graph_category DNS"
	299	for x in `grep "^num.answer.rcode" $state`; do
	300	nm=`echo $x \| sed -e 's/=.*$//'`
	301	tp=`echo $nm \| sed -e s/num.answer.rcode.//`
	302	p_config "$nm" "$tp"
	303	done
	304	p_config "num.answer.secure" "answer secure"
	305	p_config "num.answer.bogus" "answer bogus"
	306	p_config "num.rrset.bogus" "num rrsets marked bogus"
	307	echo "graph_info answers sorted by return value. rrsets bogus is the number of rrsets marked bogus per second by the validator"
	308	;;
	309	by_flags)
	310	echo "graph_title Unbound DNS incoming queries by flags"
	311	echo "graph_args --base 1000 -l 0"
	312	echo "graph_vlabel queries / second"
	313	echo "graph_category DNS"
	314	p_config "num.query.flags.QR" "QR (query reply) flag"
	315	p_config "num.query.flags.AA" "AA (auth answer) flag"
	316	p_config "num.query.flags.TC" "TC (truncated) flag"
	317	p_config "num.query.flags.RD" "RD (recursion desired) flag"
	318	p_config "num.query.flags.RA" "RA (rec avail) flag"
	319	p_config "num.query.flags.Z" "Z (zero) flag"
	320	p_config "num.query.flags.AD" "AD (auth data) flag"
	321	p_config "num.query.flags.CD" "CD (check disabled) flag"
	322	p_config "num.query.edns.present" "EDNS OPT present"
	323	p_config "num.query.edns.DO" "DO (DNSSEC OK) flag"
	324	echo "graph_info This graphs plots the flags inside incoming queries. For example, if QR, AA, TC, RA, Z flags are set, the query can be rejected. RD, AD, CD and DO are legitimately set by some software."
	325	;;
	326	histogram)
	327	echo "graph_title Unbound DNS histogram of reply time"
	328	echo "graph_args --base 1000 -l 0"
	329	echo "graph_vlabel queries / second"
	330	echo "graph_category DNS"
	331	echo hcache.label "cache hits"
	332	echo hcache.min 0
	333	echo hcache.draw AREA
	334	echo hcache.colour 999999
	335	echo h64ms.label "0 msec - 66 msec"
	336	echo h64ms.min 0
	337	echo h64ms.draw STACK
	338	echo h64ms.colour 0000FF
	339	echo h128ms.label "66 msec - 131 msec"
	340	echo h128ms.min 0
	341	echo h128ms.colour 1F00DF
	342	echo h128ms.draw STACK
	343	echo h256ms.label "131 msec - 262 msec"
	344	echo h256ms.min 0
	345	echo h256ms.draw STACK
	346	echo h256ms.colour 3F00BF
	347	echo h512ms.label "262 msec - 524 msec"
	348	echo h512ms.min 0
	349	echo h512ms.draw STACK
	350	echo h512ms.colour 5F009F
	351	echo h1s.label "524 msec - 1 sec"
	352	echo h1s.min 0
	353	echo h1s.draw STACK
	354	echo h1s.colour 7F007F
	355	echo h2s.label "1 sec - 2 sec"
	356	echo h2s.min 0
	357	echo h2s.draw STACK
	358	echo h2s.colour 9F005F
	359	echo h4s.label "2 sec - 4 sec"
	360	echo h4s.min 0
	361	echo h4s.draw STACK
	362	echo h4s.colour BF003F
	363	echo h8s.label "4 sec - 8 sec"
	364	echo h8s.min 0
	365	echo h8s.draw STACK
	366	echo h8s.colour DF001F
	367	echo h16s.label "8 sec - ..."
	368	echo h16s.min 0
	369	echo h16s.draw STACK
	370	echo h16s.colour FF0000
	371	echo "graph_info Histogram of the reply times for queries."
	372	;;
	373	esac
	374
	375	exit 0
	376	fi
	377
	378	# do the stats itself
	379	get_state
	380
	381	# get the time elapsed
	382	get_value "time.elapsed"
	383	if test $value = 0 \|\| test $value = "0.000000"; then
	384	echo "error: time elapsed 0 or could not retrieve data"
	385	exit 1
	386	fi
	387	elapsed="$value"
	388
	389	# print value for $1 / elapsed
	390	print_qps ( ) {
	391	mn=`echo $1 \| sed $ABBREV \| tr . _`
	392	get_value $1
	393	echo "$mn.value" `echo scale=6';' $value / $elapsed \| bc `
	394	}
	395
	396	# print qps if line already found in $2
	397	print_qps_line ( ) {
	398	mn=`echo $1 \| sed $ABBREV \| tr . _`
	399	value="`echo $2 \| sed -e 's/^.*=//'`"
	400	echo "$mn.value" `echo scale=6';' $value / $elapsed \| bc `
	401	}
	402
	403	# print value for $1
	404	print_value ( ) {
	405	mn=`echo $1 \| sed $ABBREV \| tr . _`
	406	get_value $1
	407	echo "$mn.value" $value
	408	}
	409
	410	case $id in
	411	hits)
	412	for x in thread0.num.queries thread1.num.queries thread2.num.queries \
	413	thread3.num.queries thread4.num.queries thread5.num.queries \
	414	thread6.num.queries thread7.num.queries total.num.queries \
	415	total.num.cachehits num.query.tcp num.query.ipv6 \
	416	unwanted.queries unwanted.replies; do
	417	if grep "^"$x"=" $state >/dev/null 2>&1; then
	418	print_qps $x
	419	fi
	420	done
	421	;;
	422	queue)
	423	for x in total.requestlist.avg total.requestlist.max \
	424	total.requestlist.overwritten total.requestlist.exceeded; do
	425	print_value $x
	426	done
	427	;;
	428	memory)
	429	for x in mem.total.sbrk mem.cache.rrset mem.cache.message \
	430	mem.mod.iterator mem.mod.validator; do
	431	print_value $x
	432	done
	433	;;
	434	by_type)
	435	for x in `grep "^num.query.type" $state`; do
	436	nm=`echo $x \| sed -e 's/=.*$//'`
	437	print_qps_line $nm $x
	438	done
	439	;;
	440	by_class)
	441	for x in `grep "^num.query.class" $state`; do
	442	nm=`echo $x \| sed -e 's/=.*$//'`
	443	print_qps_line $nm $x
	444	done
	445	;;
	446	by_opcode)
	447	for x in `grep "^num.query.opcode" $state`; do
	448	nm=`echo $x \| sed -e 's/=.*$//'`
	449	print_qps_line $nm $x
	450	done
	451	;;
	452	by_rcode)
	453	for x in `grep "^num.answer.rcode" $state`; do
	454	nm=`echo $x \| sed -e 's/=.*$//'`
	455	print_qps_line $nm $x
	456	done
	457	print_qps "num.answer.secure"
	458	print_qps "num.answer.bogus"
	459	print_qps "num.rrset.bogus"
	460	;;
	461	by_flags)
	462	for x in num.query.flags.QR num.query.flags.AA num.query.flags.TC num.query.flags.RD num.query.flags.RA num.query.flags.Z num.query.flags.AD num.query.flags.CD num.query.edns.present num.query.edns.DO; do
	463	print_qps $x
	464	done
	465	;;
	466	histogram)
	467	get_value total.num.cachehits
	468	echo hcache.value `echo scale=6';' $value / $elapsed \| bc `
	469	r=0
	470	for x in histogram.000000.000000.to.000000.000001 \
	471	histogram.000000.000001.to.000000.000002 \
	472	histogram.000000.000002.to.000000.000004 \
	473	histogram.000000.000004.to.000000.000008 \
	474	histogram.000000.000008.to.000000.000016 \
	475	histogram.000000.000016.to.000000.000032 \
	476	histogram.000000.000032.to.000000.000064 \
	477	histogram.000000.000064.to.000000.000128 \
	478	histogram.000000.000128.to.000000.000256 \
	479	histogram.000000.000256.to.000000.000512 \
	480	histogram.000000.000512.to.000000.001024 \
	481	histogram.000000.001024.to.000000.002048 \
	482	histogram.000000.002048.to.000000.004096 \
	483	histogram.000000.004096.to.000000.008192 \
	484	histogram.000000.008192.to.000000.016384 \
	485	histogram.000000.016384.to.000000.032768 \
	486	histogram.000000.032768.to.000000.065536; do
	487	get_value $x
	488	r=`expr $r + $value`
	489	done
	490	echo h64ms.value `echo scale=6';' $r / $elapsed \| bc `
	491	get_value histogram.000000.065536.to.000000.131072
	492	echo h128ms.value `echo scale=6';' $value / $elapsed \| bc `
	493	get_value histogram.000000.131072.to.000000.262144
	494	echo h256ms.value `echo scale=6';' $value / $elapsed \| bc `
	495	get_value histogram.000000.262144.to.000000.524288
	496	echo h512ms.value `echo scale=6';' $value / $elapsed \| bc `
	497	get_value histogram.000000.524288.to.000001.000000
	498	echo h1s.value `echo scale=6';' $value / $elapsed \| bc `
	499	get_value histogram.000001.000000.to.000002.000000
	500	echo h2s.value `echo scale=6';' $value / $elapsed \| bc `
	501	get_value histogram.000002.000000.to.000004.000000
	502	echo h4s.value `echo scale=6';' $value / $elapsed \| bc `
	503	get_value histogram.000004.000000.to.000008.000000
	504	echo h8s.value `echo scale=6';' $value / $elapsed \| bc `
	505	r=0
	506	for x in histogram.000008.000000.to.000016.000000 \
	507	histogram.000016.000000.to.000032.000000 \
	508	histogram.000032.000000.to.000064.000000 \
	509	histogram.000064.000000.to.000128.000000 \
	510	histogram.000128.000000.to.000256.000000 \
	511	histogram.000256.000000.to.000512.000000 \
	512	histogram.000512.000000.to.001024.000000 \
	513	histogram.001024.000000.to.002048.000000 \
	514	histogram.002048.000000.to.004096.000000 \
	515	histogram.004096.000000.to.008192.000000 \
	516	histogram.008192.000000.to.016384.000000 \
	517	histogram.016384.000000.to.032768.000000 \
	518	histogram.032768.000000.to.065536.000000 \
	519	histogram.065536.000000.to.131072.000000 \
	520	histogram.131072.000000.to.262144.000000 \
	521	histogram.262144.000000.to.524288.000000; do
	522	get_value $x
	523	r=`expr $r + $value`
	524	done
	525	echo h16s.value `echo scale=6';' $r / $elapsed \| bc `
	526	;;
	527	esac

+26

-15

contrib/update-anchor.sh less more

0	0	#!/bin/sh
1	1	# update-anchor.sh, update a trust anchor.
2		# this file is BSD licensed.
	2	# Copyright 2008, W.C.A. Wijngaards
	3	# This file is BSD licensed, see doc/LICENSE.
3	4
4	5	# which validating lookup to use.
5	6	ubhost=unbound-host
6	7
7		function usage()
	8	usage ( )
8	9	{
9	10	echo "usage: update-anchor [-b] <zone name> <trust anchor file>"
10	11	echo " performs an update of trust anchor file"

20	21	echo " name the files br.anchor se.anchor ..., and include them in"
21	22	echo " the validating resolver config file."
22	23	echo " put keys for the root in a file with the name root.anchor."
23		exit 1
	24	echo ""
	25	echo "Exit code 0 means anchors updated, 1 no changes, others are errors."
	26	exit 2
24	27	}
25	28
26	29	if test $# -eq 0; then

38	41	usage
39	42	fi
40	43
41		function do_update() {
	44	do_update ( ) {
42	45	# arguments: <zonename> <keyfile>
43	46	zonename="$1"
44	47	keyfile="$2"
	48	tmp2=$tmpfile.2
45	49
46	50	tmpfile="/tmp/update-anchor.$$"
47	51	$ubhost -v $filearg "$keyfile" -t DNSKEY "$zonename" >$tmpfile

66	70
67	71	if test $bindformat = "yes"; then
68	72	# are there any KSK keys on board?
69		echo 'trusted-keys {' > "$keyfile"
	73	echo 'trusted-keys {' > "$tmp2"
70	74	if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then
71	75	# store KSK keys in anchor file
72	76	grep '(secure)$' $tmpfile \| \
73	77	grep ' has DNSKEY record 257' \| \
74	78	sed -e 's/ (secure)$/";/' \| \
75	79	sed -e 's/ has DNSKEY record $[0-9]$ $[0-9]$ $[0-9]*$ /. \1 \2 \3 "/' \| \
76		sed -e 's/^\.\././' >> "$keyfile"
	80	sed -e 's/^\.\././' \| sort >> "$tmp2"
77	81	else
78	82	# store all keys in the anchor file
79	83	grep '(secure)$' $tmpfile \| \
80	84	sed -e 's/ (secure)$/";/' \| \
81	85	sed -e 's/ has DNSKEY record $[0-9]$ $[0-9]$ $[0-9]*$ /. \1 \2 \3 "/' \| \
82		sed -e 's/^\.\././' >> "$keyfile"
	86	sed -e 's/^\.\././' \| sort >> "$tmp2"
83	87	fi
84		echo '};' >> "$keyfile"
	88	echo '};' >> "$tmp2"
85	89	else #not bindformat
86	90	# are there any KSK keys on board?
87	91	if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then

90	94	grep ' has DNSKEY record 257' \| \
91	95	sed -e 's/ (secure)$//' \| \
92	96	sed -e 's/ has DNSKEY record /. IN DNSKEY /' \| \
93		sed -e 's/^\.\././' > "$keyfile"
	97	sed -e 's/^\.\././' \| sort > "$tmp2"
94	98	else
95	99	# store all keys in the anchor file
96	100	grep '(secure)$' $tmpfile \| \
97	101	sed -e 's/ (secure)$//' \| \
98	102	sed -e 's/ has DNSKEY record /. IN DNSKEY /' \| \
99		sed -e 's/^\.\././' > "$keyfile"
	103	sed -e 's/^\.\././' \| sort > "$tmp2"
100	104	fi
101	105	fi # endif-bindformat
102	106
103		echo "$zonename key file $keyfile updated."
	107	# copy over if changed
	108	diff $tmp2 $keyfile >/dev/null 2>&1
	109	if test $? -eq 1; then # 0 means no change, 2 means trouble.
	110	cat $tmp2 > $keyfile
	111	no_updated=0
	112	echo "$zonename key file $keyfile updated."
	113	else
	114	echo "$zonename key file $keyfile unchanged."
	115	fi
104	116
105		rm -f $tmpfile
	117	rm -f $tmpfile $tmp2
106	118	}
107	119
	120	no_updated=1
108	121	if test X"$1" = "X-d"; then
109	122	tdir="$2"
110	123	echo "start updating in $2"

127	140	fi
128	141	kfile="$2"
129	142	do_update $zname $kfile
130		exit $?
131	143	fi
132
133		exit 0
	144	exit $no_updated

+8

-82

daemon/acl_list.c less more

45	45	#include "util/config_file.h"
46	46	#include "util/net_help.h"
47	47
48		int
49		acl_list_cmp(const void* k1, const void* k2)
50		{
51		struct acl_addr* n1 = (struct acl_addr*)k1;
52		struct acl_addr* n2 = (struct acl_addr*)k2;
53		int r = sockaddr_cmp_addr(&n1->addr, n1->addrlen, &n2->addr,
54		n2->addrlen);
55		if(r != 0) return r;
56		if(n1->net < n2->net)
57		return -1;
58		if(n1->net > n2->net)
59		return 1;
60		return 0;
61		}
62
63	48	struct acl_list*
64	49	acl_list_create()
65	50	{

81	66	if(!acl)
82	67	return;
83	68	regional_destroy(acl->region);
84		free(acl->tree);
85	69	free(acl);
86	70	}
87	71

95	79	sizeof(struct acl_addr));
96	80	if(!node)
97	81	return 0;
98		node->node.key = node;
99		memcpy(&node->addr, addr, addrlen);
100		node->addrlen = addrlen;
101		node->net = net;
102		node->parent = NULL;
103	82	node->control = control;
104		if(!rbtree_insert(acl->tree, &node->node)) {
	83	if(!addr_tree_insert(&acl->tree, &node->node, addr, addrlen, net)) {
105	84	if(complain_duplicates)
106	85	verbose(VERB_QUERY, "duplicate acl address ignored.");
107	86	}

123	102	control = acl_deny;
124	103	else if(strcmp(s2, "refuse") == 0)
125	104	control = acl_refuse;
	105	else if(strcmp(s2, "allow_snoop") == 0)
	106	control = acl_allow_snoop;
126	107	else {
127	108	log_err("access control type %s unknown", str);
128	109	return 0;

152	133	return 1;
153	134	}
154	135
155		/** initialise parent pointers in the tree */
156		static void
157		acl_list_init_parents(struct acl_list* acl)
158		{
159		struct acl_addr* node, prev = NULL, p;
160		int m;
161		RBTREE_FOR(node, struct acl_addr*, acl->tree) {
162		node->parent = NULL;
163		if(!prev \|\| prev->addrlen != node->addrlen) {
164		prev = node;
165		continue;
166		}
167		m = addr_in_common(&prev->addr, prev->net, &node->addr,
168		node->net, node->addrlen);
169		/* sort order like: ::/0, 1::/2, 1::/4, ... 2::/2 */
170		/* find the previous, or parent-parent-parent */
171		for(p = prev; p; p = p->parent)
172		if(p->net <= m) {
173		/* ==: since prev matched m, this is closest*/
174		/* <: prev matches more, but is not a parent,
175		* this one is a (grand)parent */
176		node->parent = p;
177		break;
178		}
179		prev = node;
180		}
181		}
182
183	136	int
184	137	acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg)
185	138	{
186	139	regional_free_all(acl->region);
187		free(acl->tree);
188		acl->tree = rbtree_create(acl_list_cmp);
189		if(!acl->tree)
190		return 0;
	140	addr_tree_init(&acl->tree);
191	141	if(!read_acl_list(acl, cfg))
192	142	return 0;
193	143	/* insert defaults, with '0' to ignore them if they are duplicates */

203	153	if(!acl_list_str_cfg(acl, "::ffff:127.0.0.1", "allow", 0))
204	154	return 0;
205	155	}
206		acl_list_init_parents(acl);
	156	addr_tree_init_parents(&acl->tree);
207	157	return 1;
208	158	}
209	159

211	161	acl_list_lookup(struct acl_list* acl, struct sockaddr_storage* addr,
212	162	socklen_t addrlen)
213	163	{
214		/* lookup in the tree */
215		rbnode_t* res = NULL;
216		struct acl_addr* result;
217		struct acl_addr key;
218		key.node.key = &key;
219		memcpy(&key.addr, addr, addrlen);
220		key.addrlen = addrlen;
221		key.net = (addr_is_ip6(addr, addrlen)?128:32);
222		if(rbtree_find_less_equal(acl->tree, &key, &res)) {
223		/* exact */
224		result = (struct acl_addr*)res;
225		return result->control;
226		} else {
227		/* smaller element (or no element) */
228		int m;
229		result = (struct acl_addr*)res;
230		if(!result \|\| result->addrlen != addrlen)
231		return acl_deny;
232		/* count number of bits matched */
233		m = addr_in_common(&result->addr, result->net, addr,
234		key.net, addrlen);
235		while(result) { /* go up until addr is inside netblock */
236		if(result->net <= m)
237		return result->control;
238		result = result->parent;
239		}
240		}
	164	struct acl_addr* r = (struct acl_addr*)addr_tree_lookup(&acl->tree,
	165	addr, addrlen);
	166	if(r) return r->control;
241	167	return acl_deny;
242	168	}
243	169

+8

-17

daemon/acl_list.h less more

41	41
42	42	#ifndef DAEMON_ACL_LIST_H
43	43	#define DAEMON_ACL_LIST_H
44		#include "util/rbtree.h"
	44	#include "util/storage/dnstree.h"
45	45	struct config_file;
46	46	struct regional;
47	47

54	54	acl_deny = 0,
55	55	/** disallow access, send a polite 'REFUSED' reply */
56	56	acl_refuse,
57		/** allow full access */
58		acl_allow
	57	/** allow full access for recursion (+RD) queries */
	58	acl_allow,
	59	/** allow full access for all queries, recursion and cache snooping */
	60	acl_allow_snoop
59	61	};
60	62
61	63	/**

68	70	* Tree of the addresses that are allowed/blocked.
69	71	* contents of type acl_addr.
70	72	*/
71		rbtree_t* tree;
	73	rbtree_t tree;
72	74	};
73	75
74	76	/**

76	78	* An address span with access control information
77	79	*/
78	80	struct acl_addr {
79		/** redblacktree node, key is this structure: addr and addrlen, net */
80		rbnode_t node;
81		/** parent node in acl tree that encompasses this entry */
82		struct acl_addr* parent;
83		/** address */
84		struct sockaddr_storage addr;
85		/** length of addr */
86		socklen_t addrlen;
87		/** netblock size */
88		int net;
	81	/** node in address tree */
	82	struct addr_tree_node node;
89	83	/** access control on this netblock */
90	84	enum acl_access control;
91	85	};

127	121	*/
128	122	size_t acl_list_get_mem(struct acl_list* acl);
129	123
130		/** compare two acl list entries */
131		int acl_list_cmp(const void* k1, const void* k2);
132
133	124	#endif /* DAEMON_ACL_LIST_H */

+856

-0

daemon/cachedump.c less more

	0	/*
	1	* daemon/cachedump.c - dump the cache to text format.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains functions to read and write the cache(s)
	39	* to text format.
	40	*/
	41	#include "config.h"
	42	#include "daemon/cachedump.h"
	43	#include "daemon/remote.h"
	44	#include "daemon/worker.h"
	45	#include "services/cache/rrset.h"
	46	#include "services/cache/dns.h"
	47	#include "util/data/msgreply.h"
	48	#include "util/regional.h"
	49	#include "util/net_help.h"
	50	#include "util/data/dname.h"
	51	#include "iterator/iter_delegpt.h"
	52	#include "iterator/iter_utils.h"
	53
	54	/** convert to ldns rr */
	55	static ldns_rr*
	56	to_rr(struct ub_packed_rrset_key* k, struct packed_rrset_data* d,
	57	uint32_t now, size_t i, uint16_t type)
	58	{
	59	ldns_rr* rr = ldns_rr_new();
	60	ldns_rdf* rdf;
	61	ldns_status status;
	62	size_t pos;
	63	log_assert(i < d->count + d->rrsig_count);
	64	if(!rr) {
	65	return NULL;
	66	}
	67	ldns_rr_set_type(rr, type);
	68	ldns_rr_set_class(rr, ntohs(k->rk.rrset_class));
	69	if(d->rr_ttl[i] < now)
	70	ldns_rr_set_ttl(rr, 0);
	71	else ldns_rr_set_ttl(rr, d->rr_ttl[i] - now);
	72	pos = 0;
	73	status = ldns_wire2dname(&rdf, k->rk.dname, k->rk.dname_len, &pos);
	74	if(status != LDNS_STATUS_OK) {
	75	/* we drop detailed error in status */
	76	ldns_rr_free(rr);
	77	return NULL;
	78	}
	79	ldns_rr_set_owner(rr, rdf);
	80	pos = 0;
	81	status = ldns_wire2rdf(rr, d->rr_data[i], d->rr_len[i], &pos);
	82	if(status != LDNS_STATUS_OK) {
	83	/* we drop detailed error in status */
	84	ldns_rr_free(rr);
	85	return NULL;
	86	}
	87	return rr;
	88	}
	89
	90	/** dump one rrset zonefile line */
	91	static int
	92	dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k,
	93	struct packed_rrset_data* d, uint32_t now, size_t i, uint16_t type)
	94	{
	95	char* s;
	96	ldns_rr* rr = to_rr(k, d, now, i, type);
	97	if(!rr) {
	98	return ssl_printf(ssl, "BADRR\n");
	99	}
	100	s = ldns_rr2str(rr);
	101	ldns_rr_free(rr);
	102	if(!s) {
	103	return ssl_printf(ssl, "BADRR\n");
	104	}
	105	if(!ssl_printf(ssl, "%s", s)) {
	106	free(s);
	107	return 0;
	108	}
	109	free(s);
	110	return 1;
	111	}
	112
	113	/** dump rrset key and data info */
	114	static int
	115	dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
	116	struct packed_rrset_data* d, uint32_t now)
	117	{
	118	size_t i;
	119	/* rd lock held by caller */
	120	if(!k \|\| !d) return 1;
	121	if(d->ttl < now) return 1; /* expired */
	122
	123	/* meta line */
	124	if(!ssl_printf(ssl, ";rrset%s %u %u %u %d %d\n",
	125	(k->rk.flags & PACKED_RRSET_NSEC_AT_APEX)?" nsec_apex":"",
	126	(unsigned)(d->ttl - now),
	127	(unsigned)d->count, (unsigned)d->rrsig_count,
	128	(int)d->trust, (int)d->security
	129	))
	130	return 0;
	131	for(i=0; i<d->count; i++) {
	132	if(!dump_rrset_line(ssl, k, d, now, i, ntohs(k->rk.type)))
	133	return 0;
	134	}
	135	for(i=0; i<d->rrsig_count; i++) {
	136	if(!dump_rrset_line(ssl, k, d, now, i+d->count,
	137	LDNS_RR_TYPE_RRSIG))
	138	return 0;
	139	}
	140
	141	return 1;
	142	}
	143
	144	/** dump lruhash rrset cache */
	145	static int
	146	dump_rrset_lruhash(SSL* ssl, struct lruhash* h, uint32_t now)
	147	{
	148	struct lruhash_entry* e;
	149	/* lruhash already locked by caller */
	150	/* walk in order of lru; best first */
	151	for(e=h->lru_start; e; e = e->lru_next) {
	152	lock_rw_rdlock(&e->lock);
	153	if(!dump_rrset(ssl, (struct ub_packed_rrset_key*)e->key,
	154	(struct packed_rrset_data*)e->data, now)) {
	155	lock_rw_unlock(&e->lock);
	156	return 0;
	157	}
	158	lock_rw_unlock(&e->lock);
	159	}
	160	return 1;
	161	}
	162
	163	/** dump rrset cache */
	164	static int
	165	dump_rrset_cache(SSL* ssl, struct worker* worker)
	166	{
	167	struct rrset_cache* r = worker->env.rrset_cache;
	168	size_t slab;
	169	if(!ssl_printf(ssl, "START_RRSET_CACHE\n")) return 0;
	170	for(slab=0; slab<r->table.size; slab++) {
	171	lock_quick_lock(&r->table.array[slab]->lock);
	172	if(!dump_rrset_lruhash(ssl, r->table.array[slab],
	173	*worker->env.now)) {
	174	lock_quick_unlock(&r->table.array[slab]->lock);
	175	return 0;
	176	}
	177	lock_quick_unlock(&r->table.array[slab]->lock);
	178	}
	179	return ssl_printf(ssl, "END_RRSET_CACHE\n");
	180	}
	181
	182	/** dump message to rrset reference */
	183	static int
	184	dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
	185	{
	186	ldns_rdf* rdf;
	187	ldns_status status;
	188	size_t pos;
	189	char* nm, tp, cl;
	190
	191	pos = 0;
	192	status = ldns_wire2dname(&rdf, k->rk.dname, k->rk.dname_len, &pos);
	193	if(status != LDNS_STATUS_OK) {
	194	return ssl_printf(ssl, "BADREF\n");
	195	}
	196	nm = ldns_rdf2str(rdf);
	197	ldns_rdf_deep_free(rdf);
	198	tp = ldns_rr_type2str(ntohs(k->rk.type));
	199	cl = ldns_rr_class2str(ntohs(k->rk.rrset_class));
	200	if(!nm \|\| !cl \|\| !tp) {
	201	free(nm);
	202	free(tp);
	203	free(cl);
	204	return ssl_printf(ssl, "BADREF\n");
	205	}
	206	if(!ssl_printf(ssl, "%s %s %s %d\n", nm, cl, tp, (int)k->rk.flags)) {
	207	free(nm);
	208	free(tp);
	209	free(cl);
	210	return 0;
	211	}
	212	free(nm);
	213	free(tp);
	214	free(cl);
	215
	216	return 1;
	217	}
	218
	219	/** dump message entry */
	220	static int
	221	dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d,
	222	uint32_t now)
	223	{
	224	size_t i;
	225	char* nm, tp, cl;
	226	ldns_rdf* rdf;
	227	ldns_status status;
	228	size_t pos;
	229	if(!k \|\| !d) return 1;
	230	if(d->ttl < now) return 1; /* expired */
	231
	232	pos = 0;
	233	status = ldns_wire2dname(&rdf, k->qname, k->qname_len, &pos);
	234	if(status != LDNS_STATUS_OK) {
	235	return 1; /* skip this entry */
	236	}
	237	nm = ldns_rdf2str(rdf);
	238	ldns_rdf_deep_free(rdf);
	239	tp = ldns_rr_type2str(k->qtype);
	240	cl = ldns_rr_class2str(k->qclass);
	241	if(!nm \|\| !tp \|\| !cl) {
	242	free(nm);
	243	free(tp);
	244	free(cl);
	245	return 1; /* skip this entry */
	246	}
	247	if(!rrset_array_lock(d->ref, d->rrset_count, now)) {
	248	/* rrsets have timed out or do not exist */
	249	free(nm);
	250	free(tp);
	251	free(cl);
	252	return 1; /* skip this entry */
	253	}
	254
	255	/* meta line */
	256	if(!ssl_printf(ssl, "msg %s %s %s %d %d %u %d %u %u %u\n",
	257	nm, cl, tp,
	258	(int)d->flags, (int)d->qdcount,
	259	(unsigned)(d->ttl-now), (int)d->security,
	260	(unsigned)d->an_numrrsets,
	261	(unsigned)d->ns_numrrsets,
	262	(unsigned)d->ar_numrrsets)) {
	263	free(nm);
	264	free(tp);
	265	free(cl);
	266	rrset_array_unlock(d->ref, d->rrset_count);
	267	return 0;
	268	}
	269	free(nm);
	270	free(tp);
	271	free(cl);
	272
	273	for(i=0; i<d->rrset_count; i++) {
	274	if(!dump_msg_ref(ssl, d->rrsets[i])) {
	275	rrset_array_unlock(d->ref, d->rrset_count);
	276	return 0;
	277	}
	278	}
	279	rrset_array_unlock(d->ref, d->rrset_count);
	280
	281	return 1;
	282	}
	283
	284	/** copy msg to worker pad */
	285	static int
	286	copy_msg(struct regional* region, struct lruhash_entry* e,
	287	struct query_info k, struct reply_info d)
	288	{
	289	struct reply_info* rep = (struct reply_info*)e->data;
	290	d = (struct reply_info)regional_alloc_init(region, e->data,
	291	sizeof(struct reply_info) +
	292	sizeof(struct rrset_ref) * (rep->rrset_count-1) +
	293	sizeof(struct ub_packed_rrset_key) rep->rrset_count);
	294	if(!*d)
	295	return 0;
	296	(d)->rrsets = (struct ub_packed_rrset_key*)(
	297	(uint8_t)(&((d)->ref[0])) +
	298	sizeof(struct rrset_ref) * rep->rrset_count);
	299	k = (struct query_info)regional_alloc_init(region,
	300	e->key, sizeof(struct query_info));
	301	if(!*k)
	302	return 0;
	303	(*k)->qname = regional_alloc_init(region,
	304	(k)->qname, (k)->qname_len);
	305	return (*k)->qname != NULL;
	306	}
	307
	308	/** dump lruhash msg cache */
	309	static int
	310	dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
	311	{
	312	struct lruhash_entry* e;
	313	struct query_info* k;
	314	struct reply_info* d;
	315
	316	/* lruhash already locked by caller */
	317	/* walk in order of lru; best first */
	318	for(e=h->lru_start; e; e = e->lru_next) {
	319	regional_free_all(worker->scratchpad);
	320	lock_rw_rdlock(&e->lock);
	321	/* make copy of rrset in worker buffer */
	322	if(!copy_msg(worker->scratchpad, e, &k, &d)) {
	323	lock_rw_unlock(&e->lock);
	324	return 0;
	325	}
	326	lock_rw_unlock(&e->lock);
	327	/* release lock so we can lookup the rrset references
	328	* in the rrset cache */
	329	if(!dump_msg(ssl, k, d, *worker->env.now)) {
	330	return 0;
	331	}
	332	}
	333	return 1;
	334	}
	335
	336	/** dump msg cache */
	337	static int
	338	dump_msg_cache(SSL* ssl, struct worker* worker)
	339	{
	340	struct slabhash* sh = worker->env.msg_cache;
	341	size_t slab;
	342	if(!ssl_printf(ssl, "START_MSG_CACHE\n")) return 0;
	343	for(slab=0; slab<sh->size; slab++) {
	344	lock_quick_lock(&sh->array[slab]->lock);
	345	if(!dump_msg_lruhash(ssl, worker, sh->array[slab])) {
	346	lock_quick_unlock(&sh->array[slab]->lock);
	347	return 0;
	348	}
	349	lock_quick_unlock(&sh->array[slab]->lock);
	350	}
	351	return ssl_printf(ssl, "END_MSG_CACHE\n");
	352	}
	353
	354	int
	355	dump_cache(SSL* ssl, struct worker* worker)
	356	{
	357	if(!dump_rrset_cache(ssl, worker))
	358	return 0;
	359	if(!dump_msg_cache(ssl, worker))
	360	return 0;
	361	return ssl_printf(ssl, "EOF\n");
	362	}
	363
	364	/** read a line from ssl into buffer */
	365	static int
	366	ssl_read_buf(SSL* ssl, ldns_buffer* buf)
	367	{
	368	return ssl_read_line(ssl, (char*)ldns_buffer_begin(buf),
	369	ldns_buffer_capacity(buf));
	370	}
	371
	372	/** check fixed text on line */
	373	static int
	374	read_fixed(SSL* ssl, ldns_buffer* buf, const char* str)
	375	{
	376	if(!ssl_read_buf(ssl, buf)) return 0;
	377	return (strcmp((char*)ldns_buffer_begin(buf), str) == 0);
	378	}
	379
	380	/** load an RR into rrset */
	381	static int
	382	load_rr(SSL* ssl, ldns_buffer* buf, struct regional* region,
	383	struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
	384	unsigned int i, int is_rrsig, int* go_on, uint32_t now)
	385	{
	386	ldns_rr* rr;
	387	ldns_status status;
	388
	389	/* read the line */
	390	if(!ssl_read_buf(ssl, buf))
	391	return 0;
	392	if(strncmp((char*)ldns_buffer_begin(buf), "BADRR\n", 6) == 0) {
	393	*go_on = 0;
	394	return 1;
	395	}
	396	log_info("rd %s", (char*)ldns_buffer_begin(buf));
	397	status = ldns_rr_new_frm_str(&rr, (char*)ldns_buffer_begin(buf),
	398	LDNS_DEFAULT_TTL, NULL, NULL);
	399	if(status != LDNS_STATUS_OK) {
	400	(void)ssl_printf(ssl, "error cannot parse rr :%s: %s\n",
	401	ldns_get_errorstr_by_id(status),
	402	(char*)ldns_buffer_begin(buf));
	403	return 0;
	404	}
	405	if(is_rrsig && ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
	406	(void)ssl_printf(ssl, "error expected rrsig but got %s\n",
	407	(char*)ldns_buffer_begin(buf));
	408	return 0;
	409	}
	410
	411	/* convert ldns rr into packed_rr */
	412	d->rr_ttl[i] = ldns_rr_ttl(rr) + now;
	413	ldns_buffer_clear(buf);
	414	ldns_buffer_skip(buf, 2);
	415	status = ldns_rr_rdata2buffer_wire(buf, rr);
	416	if(status != LDNS_STATUS_OK) {
	417	(void)ssl_printf(ssl, "error cannot rr2wire :%s\n",
	418	ldns_get_errorstr_by_id(status));
	419	ldns_rr_free(rr);
	420	return 0;
	421	}
	422	ldns_buffer_flip(buf);
	423	ldns_buffer_write_u16_at(buf, 0, ldns_buffer_limit(buf) - 2);
	424
	425	d->rr_len[i] = ldns_buffer_limit(buf);
	426	d->rr_data[i] = (uint8_t*)regional_alloc_init(region,
	427	ldns_buffer_begin(buf), ldns_buffer_limit(buf));
	428	if(!d->rr_data[i]) {
	429	ldns_rr_free(rr);
	430	(void)ssl_printf(ssl, "error out of memory\n");
	431	return 0;
	432	}
	433
	434	/* if first entry, fill the key structure */
	435	if(i==0) {
	436	rk->rk.type = htons(ldns_rr_get_type(rr));
	437	rk->rk.rrset_class = htons(ldns_rr_get_class(rr));
	438	ldns_buffer_clear(buf);
	439	status = ldns_dname2buffer_wire(buf, ldns_rr_owner(rr));
	440	ldns_buffer_flip(buf);
	441	rk->rk.dname_len = ldns_buffer_limit(buf);
	442	rk->rk.dname = regional_alloc_init(region,
	443	ldns_buffer_begin(buf), ldns_buffer_limit(buf));
	444	if(!rk->rk.dname) {
	445	(void)ssl_printf(ssl, "error out of memory\n");
	446	ldns_rr_free(rr);
	447	return 0;
	448	}
	449	}
	450	ldns_rr_free(rr);
	451
	452	return 1;
	453	}
	454
	455	/** move entry into cache */
	456	static int
	457	move_into_cache(SSL* ssl, struct ub_packed_rrset_key* k,
	458	struct packed_rrset_data* d, struct worker* worker)
	459	{
	460	struct ub_packed_rrset_key* ak;
	461	struct packed_rrset_data* ad;
	462	size_t s, i, num = d->count + d->rrsig_count;
	463	struct rrset_ref ref;
	464	uint8_t* p;
	465
	466	ak = alloc_special_obtain(&worker->alloc);
	467	if(!ak) {
	468	(void)ssl_printf(ssl, "error out of memory\n");
	469	return 0;
	470	}
	471	ak->entry.data = NULL;
	472	ak->rk = k->rk;
	473	ak->entry.hash = rrset_key_hash(&k->rk);
	474	ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len);
	475	if(!ak->rk.dname) {
	476	(void)ssl_printf(ssl, "error out of memory\n");
	477	ub_packed_rrset_parsedelete(ak, &worker->alloc);
	478	return 0;
	479	}
	480	s = sizeof(ad) + (sizeof(size_t) + sizeof(uint8_t) +
	481	sizeof(uint32_t))* num;
	482	for(i=0; i<num; i++)
	483	s += d->rr_len[i];
	484	ad = (struct packed_rrset_data*)malloc(s);
	485	if(!ad) {
	486	ub_packed_rrset_parsedelete(ak, &worker->alloc);
	487	return 0;
	488	}
	489	p = (uint8_t*)ad;
	490	memmove(p, d, sizeof(*ad));
	491	p += sizeof(*ad);
	492	memmove(p, &d->rr_len[0], sizeof(size_t)*num);
	493	p += sizeof(size_t)*num;
	494	memmove(p, &d->rr_data[0], sizeof(uint8_t)num);
	495	p += sizeof(uint8_t)num;
	496	memmove(p, &d->rr_ttl[0], sizeof(uint32_t)*num);
	497	p += sizeof(uint32_t)*num;
	498	for(i=0; i<num; i++) {
	499	memmove(p, d->rr_data[i], d->rr_len[i]);
	500	p += d->rr_len[i];
	501	}
	502	packed_rrset_ptr_fixup(ad);
	503
	504	ak->entry.data = ad;
	505
	506	ref.key = ak;
	507	ref.id = ak->id;
	508	(void)rrset_cache_update(worker->env.rrset_cache, &ref,
	509	&worker->alloc, *worker->env.now);
	510	return 1;
	511	}
	512
	513	/** load an rrset entry */
	514	static int
	515	load_rrset(SSL* ssl, ldns_buffer* buf, struct worker* worker)
	516	{
	517	char* s = (char*)ldns_buffer_begin(buf);
	518	struct regional* region = worker->scratchpad;
	519	struct ub_packed_rrset_key* rk;
	520	struct packed_rrset_data* d;
	521	unsigned int ttl, rr_count, rrsig_count, trust, security;
	522	unsigned int i;
	523	int go_on = 1;
	524	regional_free_all(region);
	525
	526	rk = (struct ub_packed_rrset_key*)regional_alloc_zero(region,
	527	sizeof(*rk));
	528	d = (struct packed_rrset_data)regional_alloc_zero(region, sizeof(d));
	529	if(!rk \|\| !d) {
	530	(void) ssl_printf(ssl, "error out of memory\n");
	531	return 0;
	532	}
	533
	534	if(strncmp(s, ";rrset", 6) != 0) {
	535	(void)ssl_printf(ssl, "error expected ';rrset' but got %s\n",
	536	s);
	537	return 0;
	538	}
	539	s += 6;
	540	if(strncmp(s, " nsec_apex", 10) == 0) {
	541	s += 10;
	542	rk->rk.flags \|= PACKED_RRSET_NSEC_AT_APEX;
	543	}
	544	if(sscanf(s, " %u %u %u %u %u", &ttl, &rr_count, &rrsig_count,
	545	&trust, &security) != 5) {
	546	(void)ssl_printf(ssl, "error bad rrset spec %s\n", s);
	547	return 0;
	548	}
	549	if(rr_count == 0 && rrsig_count == 0)
	550	return 0;
	551	d->count = (size_t)rr_count;
	552	d->rrsig_count = (size_t)rrsig_count;
	553	d->security = (enum sec_status)security;
	554	d->trust = (enum rrset_trust)trust;
	555	d->ttl = (uint32_t)ttl + *worker->env.now;
	556
	557	d->rr_len = regional_alloc_zero(region,
	558	sizeof(size_t)*(d->count+d->rrsig_count));
	559	d->rr_ttl = regional_alloc_zero(region,
	560	sizeof(uint32_t)*(d->count+d->rrsig_count));
	561	d->rr_data = regional_alloc_zero(region,
	562	sizeof(uint8_t)(d->count+d->rrsig_count));
	563	if(!d->rr_len \|\| !d->rr_ttl \|\| !d->rr_data) {
	564	(void) ssl_printf(ssl, "error out of memory\n");
	565	return 0;
	566	}
	567
	568	/* read the rr's themselves */
	569	for(i=0; i<rr_count; i++) {
	570	if(!load_rr(ssl, buf, region, rk, d, i, 0,
	571	&go_on, *worker->env.now)) {
	572	return 0;
	573	}
	574	}
	575	for(i=0; i<rrsig_count; i++) {
	576	if(!load_rr(ssl, buf, region, rk, d, i+rr_count, 1,
	577	&go_on, *worker->env.now)) {
	578	return 0;
	579	}
	580	}
	581	if(!go_on) {
	582	/* skip this entry */
	583	return 1;
	584	}
	585
	586	return move_into_cache(ssl, rk, d, worker);
	587	}
	588
	589	/** load rrset cache */
	590	static int
	591	load_rrset_cache(SSL* ssl, struct worker* worker)
	592	{
	593	ldns_buffer* buf = worker->env.scratch_buffer;
	594	if(!read_fixed(ssl, buf, "START_RRSET_CACHE")) return 0;
	595	while(ssl_read_buf(ssl, buf) &&
	596	strcmp((char*)ldns_buffer_begin(buf), "END_RRSET_CACHE")!=0) {
	597	if(!load_rrset(ssl, buf, worker))
	598	return 0;
	599	}
	600	return 1;
	601	}
	602
	603	/** read qinfo from next three words */
	604	static char*
	605	load_qinfo(char* str, struct query_info* qinfo, ldns_buffer* buf,
	606	struct regional* region, SSL* ssl)
	607	{
	608	/* s is part of the buf */
	609	char* s = str;
	610	ldns_rr* rr;
	611	ldns_status status;
	612
	613	/* skip three words */
	614	s = strchr(str, ' ');
	615	if(s) s = strchr(s+1, ' ');
	616	if(s) s = strchr(s+1, ' ');
	617	if(!s) {
	618	(void)ssl_printf(ssl, "error line too short, %s\n", str);
	619	return NULL;
	620	}
	621	s[0] = 0;
	622	s++;
	623
	624	/* parse them */
	625	status = ldns_rr_new_question_frm_str(&rr, str, NULL, NULL);
	626	if(status != LDNS_STATUS_OK) {
	627	(void)ssl_printf(ssl, "error cannot parse: %s %s\n",
	628	ldns_get_errorstr_by_id(status), str);
	629	return NULL;
	630	}
	631	qinfo->qtype = ldns_rr_get_type(rr);
	632	qinfo->qclass = ldns_rr_get_class(rr);
	633	ldns_buffer_clear(buf);
	634	status = ldns_dname2buffer_wire(buf, ldns_rr_owner(rr));
	635	ldns_rr_free(rr);
	636	if(status != LDNS_STATUS_OK) {
	637	(void)ssl_printf(ssl, "error cannot dname2wire: %s\n",
	638	ldns_get_errorstr_by_id(status));
	639	return NULL;
	640	}
	641	ldns_buffer_flip(buf);
	642	qinfo->qname_len = ldns_buffer_limit(buf);
	643	qinfo->qname = (uint8_t*)regional_alloc_init(region,
	644	ldns_buffer_begin(buf), ldns_buffer_limit(buf));
	645	if(!qinfo->qname) {
	646	(void)ssl_printf(ssl, "error out of memory\n");
	647	return NULL;
	648	}
	649
	650	return s;
	651	}
	652
	653	/** load a msg rrset reference */
	654	static int
	655	load_ref(SSL* ssl, ldns_buffer* buf, struct worker* worker,
	656	struct regional region, struct ub_packed_rrset_key* rrset,
	657	int* go_on)
	658	{
	659	char* s = (char*)ldns_buffer_begin(buf);
	660	struct query_info qinfo;
	661	unsigned int flags;
	662	struct ub_packed_rrset_key* k;
	663
	664	/* read line */
	665	if(!ssl_read_buf(ssl, buf))
	666	return 0;
	667	if(strncmp(s, "BADREF", 6) == 0) {
	668	go_on = 0; / its bad, skip it and skip message */
	669	return 1;
	670	}
	671
	672	s = load_qinfo(s, &qinfo, buf, region, ssl);
	673	if(!s) {
	674	return 0;
	675	}
	676	if(sscanf(s, " %u", &flags) != 1) {
	677	(void)ssl_printf(ssl, "error cannot parse flags: %s\n", s);
	678	return 0;
	679	}
	680
	681	/* lookup in cache */
	682	k = rrset_cache_lookup(worker->env.rrset_cache, qinfo.qname,
	683	qinfo.qname_len, qinfo.qtype, qinfo.qclass,
	684	(uint32_t)flags, *worker->env.now, 0);
	685	if(!k) {
	686	/* not found or expired */
	687	*go_on = 0;
	688	return 1;
	689	}
	690
	691	/* store in result */
	692	rrset = packed_rrset_copy_region(k, region, worker->env.now);
	693	lock_rw_unlock(&k->entry.lock);
	694
	695	return (*rrset != NULL);
	696	}
	697
	698	/** load a msg entry */
	699	static int
	700	load_msg(SSL* ssl, ldns_buffer* buf, struct worker* worker)
	701	{
	702	struct regional* region = worker->scratchpad;
	703	struct query_info qinf;
	704	struct reply_info rep;
	705	char* s = (char*)ldns_buffer_begin(buf);
	706	unsigned int flags, qdcount, ttl, security, an, ns, ar;
	707	size_t i;
	708	int go_on = 1;
	709
	710	regional_free_all(region);
	711
	712	if(strncmp(s, "msg ", 4) != 0) {
	713	(void)ssl_printf(ssl, "error expected msg but got %s\n", s);
	714	return 0;
	715	}
	716	s += 4;
	717	s = load_qinfo(s, &qinf, buf, region, ssl);
	718	if(!s) {
	719	return 0;
	720	}
	721
	722	/* read remainder of line */
	723	if(sscanf(s, " %u %u %u %u %u %u %u", &flags, &qdcount, &ttl,
	724	&security, &an, &ns, &ar) != 7) {
	725	(void)ssl_printf(ssl, "error cannot parse numbers: %s\n", s);
	726	return 0;
	727	}
	728	rep.flags = (uint16_t)flags;
	729	rep.qdcount = (uint16_t)qdcount;
	730	rep.ttl = (uint32_t)ttl;
	731	rep.security = (enum sec_status)security;
	732	rep.an_numrrsets = (size_t)an;
	733	rep.ns_numrrsets = (size_t)ns;
	734	rep.ar_numrrsets = (size_t)ar;
	735	rep.rrset_count = (size_t)an+(size_t)ns+(size_t)ar;
	736	rep.rrsets = (struct ub_packed_rrset_key**)regional_alloc_zero(
	737	region, sizeof(struct ub_packed_rrset_key)rep.rrset_count);
	738
	739	/* fill repinfo with references */
	740	for(i=0; i<rep.rrset_count; i++) {
	741	if(!load_ref(ssl, buf, worker, region, &rep.rrsets[i],
	742	&go_on)) {
	743	return 0;
	744	}
	745	}
	746
	747	if(!go_on)
	748	return 1; /* skip this one, not all references satisfied */
	749
	750	if(!dns_cache_store(&worker->env, &qinf, &rep, 0)) {
	751	(void)ssl_printf(ssl, "error out of memory\n");
	752	return 0;
	753	}
	754	return 1;
	755	}
	756
	757	/** load msg cache */
	758	static int
	759	load_msg_cache(SSL* ssl, struct worker* worker)
	760	{
	761	ldns_buffer* buf = worker->env.scratch_buffer;
	762	if(!read_fixed(ssl, buf, "START_MSG_CACHE")) return 0;
	763	while(ssl_read_buf(ssl, buf) &&
	764	strcmp((char*)ldns_buffer_begin(buf), "END_MSG_CACHE")!=0) {
	765	if(!load_msg(ssl, buf, worker))
	766	return 0;
	767	}
	768	return 1;
	769	}
	770
	771	int
	772	load_cache(SSL* ssl, struct worker* worker)
	773	{
	774	if(!load_rrset_cache(ssl, worker))
	775	return 0;
	776	if(!load_msg_cache(ssl, worker))
	777	return 0;
	778	return read_fixed(ssl, worker->env.scratch_buffer, "EOF");
	779	}
	780
	781	int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
	782	size_t nmlen, int ATTR_UNUSED(nmlabs))
	783	{
	784	/* deep links into the iterator module */
	785	struct delegpt* dp;
	786	struct dns_msg* msg;
	787	struct regional* region = worker->scratchpad;
	788	char b[260];
	789	struct query_info qinfo;
	790	size_t i, n_ns, n_miss, n_addr, n_res, n_avail;
	791	regional_free_all(region);
	792	qinfo.qname = nm;
	793	qinfo.qname_len = nmlen;
	794	qinfo.qtype = LDNS_RR_TYPE_A;
	795	qinfo.qclass = LDNS_RR_CLASS_IN;
	796
	797	dname_str(nm, b);
	798	if(!ssl_printf(ssl, "The following name servers are used for lookup "
	799	"of %s\n", b))
	800	return 0;
	801
	802	while(1) {
	803	dp = dns_cache_find_delegation(&worker->env, nm, nmlen,
	804	qinfo.qtype, qinfo.qclass, region, &msg,
	805	*worker->env.now);
	806	if(!dp) {
	807	return ssl_printf(ssl, "no delegation from "
	808	"cache; goes to configured roots\n");
	809	}
	810	/* print the dp */
	811	for(i=0; i<msg->rep->rrset_count; i++) {
	812	struct ub_packed_rrset_key* k = msg->rep->rrsets[i];
	813	struct packed_rrset_data* d =
	814	(struct packed_rrset_data*)k->entry.data;
	815	if(d->security == sec_status_bogus) {
	816	if(!ssl_printf(ssl, "Address is BOGUS:\n"))
	817	return 0;
	818	}
	819	if(!dump_rrset(ssl, k, d, 0))
	820	return 0;
	821	}
	822	delegpt_count_ns(dp, &n_ns, &n_miss);
	823	delegpt_count_addr(dp, &n_addr, &n_res, &n_avail);
	824	/* since dp has not been used by iterator, all are available*/
	825	if(!ssl_printf(ssl, "Delegation with %d names, of which %d "
	826	"have no addresses in cache.\n"
	827	"It provides %d IP addresses. %s\n",
	828	(int)n_ns, (int)n_miss, (int)n_addr,
	829	(dp->bogus?"It is BOGUS":"") ))
	830	return 0;
	831	/* go up? */
	832	if(iter_dp_is_useless(&qinfo, BIT_RD, dp)) {
	833	if(!ssl_printf(ssl, "cache delegation was "
	834	"useless (no IP addresses)\n"))
	835	return 0;
	836	if(dname_is_root(nm)) {
	837	/* goes to root config */
	838	return ssl_printf(ssl, "no delegation from "
	839	"cache; goes to configured roots\n");
	840	} else {
	841	/* useless, goes up */
	842	nm = dp->name;
	843	nmlen = dp->namelen;
	844	dname_remove_label(&nm, &nmlen);
	845	dname_str(nm, b);
	846	if(!ssl_printf(ssl, "going up, lookup %s\n", b))
	847	return 0;
	848	continue;
	849	}
	850	} else
	851	break;
	852	}
	853
	854	return 1;
	855	}

+107

-0

daemon/cachedump.h less more

	0	/*
	1	* daemon/cachedump.h - dump the cache to text format.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains functions to read and write the cache(s)
	39	* to text format.
	40	*
	41	* The format of the file is as follows:
	42	* [RRset cache]
	43	* [Message cache]
	44	* EOF -- fixed string "EOF" before end of the file.
	45	*
	46	* The RRset cache is:
	47	* START_RRSET_CACHE
	48	* [rrset]*
	49	* END_RRSET_CACHE
	50	*
	51	* rrset is:
	52	* ;rrset [nsec_apex] TTL rr_count rrsig_count trust security
	53	* resource records, one per line, in zonefile format
	54	* rrsig records, one per line, in zonefile format
	55	* If the text conversion fails, BADRR is printed on the line.
	56	*
	57	* The Message cache is:
	58	* START_MSG_CACHE
	59	* [msg]*
	60	* END_MSG_CACHE
	61	*
	62	* msg is:
	63	* msg name class type flags qdcount ttl security an ns ar
	64	* list of rrset references, one per line. If conversion fails, BADREF
	65	* reference is:
	66	* name class type flags
	67	*
	68	* Expired cache entries are not printed.
	69	*/
	70
	71	#ifndef DAEMON_DUMPCACHE_H
	72	#define DAEMON_DUMPCACHE_H
	73	struct worker;
	74
	75	/**
	76	* Dump cache(s) to text
	77	* @param ssl: to print to
	78	* @param worker: worker that is available (buffers, etc) and has
	79	* ptrs to the caches.
	80	* @return false on ssl print error.
	81	*/
	82	int dump_cache(SSL* ssl, struct worker* worker);
	83
	84	/**
	85	* Load cache(s) from text
	86	* @param ssl: to read from
	87	* @param worker: worker that is available (buffers, etc) and has
	88	* ptrs to the caches.
	89	* @return false on ssl error.
	90	*/
	91	int load_cache(SSL* ssl, struct worker* worker);
	92
	93	/**
	94	* Print the delegation used to lookup for this name.
	95	* @param ssl: to read from
	96	* @param worker: worker that is available (buffers, etc) and has
	97	* ptrs to the caches.
	98	* @param nm: name to lookup
	99	* @param nmlen: length of name.
	100	* @param nmlabs: labels in name.
	101	* @return false on ssl error.
	102	*/
	103	int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
	104	size_t nmlen, int nmlabs);
	105
	106	#endif /* DAEMON_DUMPCACHE_H */

+48

-20

daemon/daemon.c less more

41	41	#include "config.h"
42	42	#include "daemon/daemon.h"
43	43	#include "daemon/worker.h"
	44	#include "daemon/remote.h"
44	45	#include "daemon/acl_list.h"
45	46	#include "util/log.h"
46	47	#include "util/config_file.h"

53	54	#include "services/modstack.h"
54	55	#include "util/module.h"
55	56	#include "util/random.h"
	57	#include "util/tube.h"
56	58	#include <signal.h>
57	59
58	60	/** How many quit requests happened. */

161	163	signal_handling_record();
162	164	checklock_start();
163	165	ERR_load_crypto_strings();
	166	ERR_load_SSL_strings();
	167	OpenSSL_add_all_algorithms();
	168	(void)SSL_library_init();
164	169	#ifdef HAVE_TZSET
165	170	/* init timezone info while we are not chrooted yet */
166	171	tzset();

179	184	free(daemon);
180	185	return NULL;
181	186	}
	187	if(gettimeofday(&daemon->time_boot, NULL) < 0)
	188	log_err("gettimeofday: %s", strerror(errno));
	189	daemon->time_last_stat = daemon->time_boot;
182	190	return daemon;
183	191	}
184	192

186	194	daemon_open_shared_ports(struct daemon* daemon)
187	195	{
188	196	log_assert(daemon);
189		if(daemon->cfg->port == daemon->listening_port)
190		return 1;
191		listening_ports_free(daemon->ports);
192		if(!(daemon->ports=listening_ports_open(daemon->cfg)))
193		return 0;
194		daemon->listening_port = daemon->cfg->port;
	197	if(daemon->cfg->port != daemon->listening_port) {
	198	listening_ports_free(daemon->ports);
	199	if(!(daemon->ports=listening_ports_open(daemon->cfg)))
	200	return 0;
	201	daemon->listening_port = daemon->cfg->port;
	202	}
	203	if(!daemon->cfg->remote_control_enable && daemon->rc_port) {
	204	listening_ports_free(daemon->rc_ports);
	205	daemon->rc_ports = NULL;
	206	daemon->rc_port = 0;
	207	}
	208	if(daemon->cfg->remote_control_enable &&
	209	daemon->cfg->control_port != daemon->rc_port) {
	210	listening_ports_free(daemon->rc_ports);
	211	if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg)))
	212	return 0;
	213	daemon->rc_port = daemon->cfg->control_port;
	214	}
195	215	return 1;
196	216	}
197	217

291	311	int i;
292	312	for(i=0; i<daemon->num; i++)
293	313	if(i!=thr) {
294		if(daemon->workers[i]->cmd_send_fd != -1) {
295		close(daemon->workers[i]->cmd_send_fd);
296		daemon->workers[i]->cmd_send_fd = -1;
297		}
298		if(daemon->workers[i]->cmd_recv_fd != -1) {
299		close(daemon->workers[i]->cmd_recv_fd);
300		daemon->workers[i]->cmd_recv_fd = -1;
	314	if(i==0) {
	315	/* only close read part, need to write stats */
	316	tube_close_read(daemon->workers[i]->cmd);
	317	} else {
	318	/* complete close channel to others */
	319	tube_delete(daemon->workers[i]->cmd);
	320	daemon->workers[i]->cmd = NULL;
301	321	}
302	322	}
303	323	}

315	335	ub_thread_blocksigs();
316	336	#ifdef THREADS_DISABLED
317	337	/* close pipe ends used by main */
318		close(worker->cmd_send_fd);
319		worker->cmd_send_fd = -1;
	338	tube_close_write(worker->cmd);
320	339	close_other_pipes(worker->daemon, worker->thread_num);
321	340	#endif
322	341	if(!worker_init(worker, worker->daemon->cfg, worker->daemon->ports, 0))

342	361	thread_start, daemon->workers[i]);
343	362	#ifdef THREADS_DISABLED
344	363	/* close pipe end of child */
345		close(daemon->workers[i]->cmd_recv_fd);
346		daemon->workers[i]->cmd_recv_fd = -1;
	364	tube_close_read(daemon->workers[i]->cmd);
347	365	#endif /* no threads */
348	366	}
349	367	}

361	379	/* skip i=0, is this thread */
362	380	/* use i=0 buffer for sending cmds; because we are #0 */
363	381	for(i=1; i<daemon->num; i++) {
364		worker_send_cmd(daemon->workers[i],
365		daemon->workers[0]->front->udp_buff, worker_cmd_quit);
	382	worker_send_cmd(daemon->workers[i], worker_cmd_quit);
366	383	}
367	384	/* wait for them to quit */
368	385	for(i=1; i<daemon->num; i++) {

391	408	* them to the newly created threads.
392	409	*/
393	410	daemon_create_workers(daemon);
	411
	412	#ifdef HAVE_EV_LOOP
	413	/* in libev the first inited base gets signals */
	414	if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports, 1))
	415	fatal_exit("Could not initialize main thread");
	416	#endif
394	417
395	418	/* Now create the threads and init the workers.
396	419	* By the way, this is thread #0 (the main thread).

398	421	daemon_start_others(daemon);
399	422
400	423	/* Special handling for the main thread. This is the thread
401		* that handles signals.
	424	* that handles signals and remote control.
402	425	*/
	426	#ifndef HAVE_EV_LOOP
	427	/* libevent has the last inited base get signals (or any base) */
403	428	if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports, 1))
404	429	fatal_exit("Could not initialize main thread");
	430	#endif
405	431	signal_handling_playback(daemon->workers[0]);
406	432
407	433	/* Start resolver service on main thread. */

448	474	return;
449	475	modstack_desetup(&daemon->mods, daemon->env);
450	476	listening_ports_free(daemon->ports);
	477	listening_ports_free(daemon->rc_ports);
451	478	if(daemon->env) {
452	479	slabhash_delete(daemon->env->msg_cache);
453	480	rrset_cache_delete(daemon->env->rrset_cache);

456	483	ub_randfree(daemon->rand);
457	484	alloc_clear(&daemon->superalloc);
458	485	acl_list_delete(daemon->acl);
	486	free(daemon->chroot);
459	487	free(daemon->pidfile);
460	488	free(daemon->env);
461	489	free(daemon);

+10

-0

daemon/daemon.h less more

61	61	struct daemon {
62	62	/** The config settings */
63	63	struct config_file* cfg;
	64	/** the chroot dir in use, NULL if none */
	65	char* chroot;
64	66	/** pidfile that is used */
65	67	char* pidfile;
66	68	/** port number that has ports opened. */
67	69	int listening_port;
68	70	/** listening ports, opened, to be shared by threads */
69	71	struct listen_port* ports;
	72	/** port number fore remote that has ports opened. */
	73	int rc_port;
	74	/** listening ports for remote control */
	75	struct listen_port* rc_ports;
70	76	/** num threads allocated */
71	77	int num;
72	78	/** the worker entries */

85	91	struct acl_list* acl;
86	92	/** local authority zones */
87	93	struct local_zones* local_zones;
	94	/** last time of statistics printout */
	95	struct timeval time_last_stat;
	96	/** time when daemon started */
	97	struct timeval time_boot;
88	98	};
89	99
90	100	/**

+1427

-0

daemon/remote.c less more

	0	/*
	1	* daemon/remote.c - remote control for the unbound daemon.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains the remote control functionality for the daemon.
	39	* The remote control can be performed using either the commandline
	40	* unbound-control tool, or a SSLv3/TLS capable web browser.
	41	* The channel is secured using SSLv3 or TLSv1, and certificates.
	42	* Both the server and the client(control tool) have their own keys.
	43	*/
	44	#include "config.h"
	45	#include "daemon/remote.h"
	46	#include "daemon/worker.h"
	47	#include "daemon/daemon.h"
	48	#include "daemon/stats.h"
	49	#include "daemon/cachedump.h"
	50	#include "util/log.h"
	51	#include "util/config_file.h"
	52	#include "util/net_help.h"
	53	#include "util/module.h"
	54	#include "services/listen_dnsport.h"
	55	#include "services/cache/rrset.h"
	56	#include "services/mesh.h"
	57	#include "services/localzone.h"
	58	#include "util/storage/slabhash.h"
	59	#include "util/fptr_wlist.h"
	60	#include "util/data/dname.h"
	61	#include "validator/validator.h"
	62	#include "validator/val_kcache.h"
	63	#include "validator/val_kentry.h"
	64
	65	#ifdef HAVE_SYS_TYPES_H
	66	# include <sys/types.h>
	67	#endif
	68	#ifdef HAVE_NETDB_H
	69	#include <netdb.h>
	70	#endif
	71
	72	/* just for portability */
	73	#ifdef SQ
	74	#undef SQ
	75	#endif
	76
	77	/** what to put on statistics lines between var and value, ": " or "=" */
	78	#define SQ "="
	79	/** if true, inhibits a lot of =0 lines from the stats output */
	80	static const int inhibit_zero = 1;
	81
	82	/** log ssl crypto err */
	83	static void
	84	log_crypto_err(const char* str)
	85	{
	86	/* error:[error code]:[library name]:[function name]:[reason string] */
	87	char buf[128];
	88	unsigned long e;
	89	ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
	90	log_err("%s crypto %s", str, buf);
	91	while( (e=ERR_get_error()) ) {
	92	ERR_error_string_n(e, buf, sizeof(buf));
	93	log_err("and additionally crypto %s", buf);
	94	}
	95	}
	96
	97	/** subtract timers and the values do not overflow or become negative */
	98	static void
	99	timeval_subtract(struct timeval* d, const struct timeval* end,
	100	const struct timeval* start)
	101	{
	102	#ifndef S_SPLINT_S
	103	time_t end_usec = end->tv_usec;;
	104	d->tv_sec = end->tv_sec - start->tv_sec;
	105	while(end_usec < start->tv_usec) {
	106	end_usec += 1000000;
	107	d->tv_sec--;
	108	}
	109	d->tv_usec = end_usec - start->tv_usec;
	110	#endif
	111	}
	112
	113	/** divide sum of timers to get average */
	114	static void
	115	timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
	116	{
	117	#ifndef S_SPLINT_S
	118	size_t leftover;
	119	if(d == 0) {
	120	avg->tv_sec = 0;
	121	avg->tv_usec = 0;
	122	return;
	123	}
	124	avg->tv_sec = sum->tv_sec / d;
	125	avg->tv_usec = sum->tv_usec / d;
	126	/* handle fraction from seconds divide */
	127	leftover = sum->tv_sec - avg->tv_sec*d;
	128	avg->tv_usec += (leftover*1000000)/d;
	129	#endif
	130	}
	131
	132	struct daemon_remote*
	133	daemon_remote_create(struct worker* worker)
	134	{
	135	char* s_cert;
	136	char* s_key;
	137	struct config_file* cfg = worker->daemon->cfg;
	138	struct daemon_remote* rc = (struct daemon_remote*)calloc(1,
	139	sizeof(*rc));
	140	if(!rc) {
	141	log_err("out of memory in daemon_remote_create");
	142	return NULL;
	143	}
	144	rc->worker = worker;
	145	rc->max_active = 10;
	146
	147	if(!cfg->remote_control_enable) {
	148	rc->ctx = NULL;
	149	return rc;
	150	}
	151	rc->ctx = SSL_CTX_new(SSLv23_server_method());
	152	if(!rc->ctx) {
	153	log_crypto_err("could not SSL_CTX_new");
	154	free(rc);
	155	return NULL;
	156	}
	157	/* no SSLv2 because has defects */
	158	if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
	159	log_crypto_err("could not set SSL_OP_NO_SSLv2");
	160	daemon_remote_delete(rc);
	161	return NULL;
	162	}
	163	s_cert = cfg->server_cert_file;
	164	s_key = cfg->server_key_file;
	165	if(cfg->chrootdir && cfg->chrootdir[0]) {
	166	if(strncmp(s_cert, cfg->chrootdir, strlen(cfg->chrootdir))==0)
	167	s_cert += strlen(cfg->chrootdir);
	168	if(strncmp(s_key, cfg->chrootdir, strlen(cfg->chrootdir))==0)
	169	s_key += strlen(cfg->chrootdir);
	170	}
	171	verbose(VERB_ALGO, "setup SSL certificates");
	172	if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)) {
	173	log_err("Error for server-cert-file: %s", s_cert);
	174	log_crypto_err("Error in SSL_CTX use_certificate_file");
	175	daemon_remote_delete(rc);
	176	return NULL;
	177	}
	178	if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) {
	179	log_err("Error for server-key-file: %s", s_key);
	180	log_crypto_err("Error in SSL_CTX use_PrivateKey_file");
	181	daemon_remote_delete(rc);
	182	return NULL;
	183	}
	184	if(!SSL_CTX_check_private_key(rc->ctx)) {
	185	log_err("Error for server-key-file: %s", s_key);
	186	log_crypto_err("Error in SSL_CTX check_private_key");
	187	daemon_remote_delete(rc);
	188	return NULL;
	189	}
	190	if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) {
	191	log_crypto_err("Error setting up SSL_CTX verify locations");
	192	daemon_remote_delete(rc);
	193	return NULL;
	194	}
	195	SSL_CTX_set_client_CA_list(rc->ctx, SSL_load_client_CA_file(s_cert));
	196	SSL_CTX_set_verify(rc->ctx, SSL_VERIFY_PEER, NULL);
	197
	198	return rc;
	199	}
	200
	201	void daemon_remote_delete(struct daemon_remote* rc)
	202	{
	203	struct rc_state* p, *np;
	204	if(!rc) return;
	205	/* but do not close the ports */
	206	listen_list_delete(rc->accept_list);
	207	/* do close these sockets */
	208	p = rc->busy_list;
	209	while(p) {
	210	np = p->next;
	211	if(p->ssl)
	212	SSL_free(p->ssl);
	213	comm_point_delete(p->c);
	214	free(p);
	215	p = np;
	216	}
	217	if(rc->ctx) {
	218	SSL_CTX_free(rc->ctx);
	219	}
	220	free(rc);
	221	}
	222
	223	/**
	224	* Add and open a new control port
	225	* @param ip: ip str
	226	* @param nr: port nr
	227	* @param list: list head
	228	* @param noproto_is_err: if lack of protocol support is an error.
	229	* @return false on failure.
	230	*/
	231	static int
	232	add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
	233	{
	234	struct addrinfo hints;
	235	struct addrinfo* res;
	236	struct listen_port* n;
	237	int noproto;
	238	int fd, r;
	239	char port[15];
	240	snprintf(port, sizeof(port), "%d", nr);
	241	port[sizeof(port)-1]=0;
	242	memset(&hints, 0, sizeof(hints));
	243	hints.ai_socktype = SOCK_STREAM;
	244	hints.ai_flags = AI_PASSIVE \| AI_NUMERICHOST;
	245	if((r = getaddrinfo(ip, port, &hints, &res)) != 0 \|\| !res) {
	246	#ifdef USE_WINSOCK
	247	if(!noproto_is_err && r == EAI_NONAME) {
	248	/* tried to lookup the address as name */
	249	return 1; /* return success, but do nothing */
	250	}
	251	#endif /* USE_WINSOCK */
	252	log_err("control interface %s:%s getaddrinfo: %s %s",
	253	ip?ip:"default", port, gai_strerror(r),
	254	#ifdef EAI_SYSTEM
	255	r==EAI_SYSTEM?(char*)strerror(errno):""
	256	#else
	257	""
	258	#endif
	259	);
	260	return 0;
	261	}
	262
	263	/* open fd */
	264	fd = create_tcp_accept_sock(res, 1, &noproto);
	265	freeaddrinfo(res);
	266	if(fd == -1 && noproto) {
	267	if(!noproto_is_err)
	268	return 1; /* return success, but do nothing */
	269	log_err("cannot open control interface %s %d : "
	270	"protocol not supported", ip, nr);
	271	return 0;
	272	}
	273	if(fd == -1) {
	274	log_err("cannot open control interface %s %d", ip, nr);
	275	return 0;
	276	}
	277
	278	/* alloc */
	279	n = (struct listen_port)calloc(1, sizeof(n));
	280	if(!n) {
	281	close(fd);
	282	log_err("out of memory");
	283	return 0;
	284	}
	285	n->next = *list;
	286	*list = n;
	287	n->fd = fd;
	288	return 1;
	289	}
	290
	291	struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
	292	{
	293	struct listen_port* l = NULL;
	294	log_assert(cfg->remote_control_enable && cfg->control_port);
	295	if(cfg->control_ifs) {
	296	struct config_strlist* p = cfg->control_ifs;
	297	for(p = cfg->control_ifs; p; p = p->next) {
	298	if(!add_open(p->str, cfg->control_port, &l, 1)) {
	299	listening_ports_free(l);
	300	return NULL;
	301	}
	302	}
	303	} else {
	304	/* defaults */
	305	if(cfg->do_ip6 &&
	306	!add_open("::1", cfg->control_port, &l, 0)) {
	307	listening_ports_free(l);
	308	return NULL;
	309	}
	310	if(cfg->do_ip4 &&
	311	!add_open("127.0.0.1", cfg->control_port, &l, 1)) {
	312	listening_ports_free(l);
	313	return NULL;
	314	}
	315	}
	316	return l;
	317	}
	318
	319	/** open accept commpoint */
	320	static int
	321	accept_open(struct daemon_remote* rc, int fd)
	322	{
	323	struct listen_list* n = (struct listen_list)malloc(sizeof(n));
	324	if(!n) {
	325	log_err("out of memory");
	326	return 0;
	327	}
	328	n->next = rc->accept_list;
	329	rc->accept_list = n;
	330	/* open commpt */
	331	n->com = comm_point_create_raw(rc->worker->base, fd, 0,
	332	&remote_accept_callback, rc);
	333	if(!n->com)
	334	return 0;
	335	/* keep this port open, its fd is kept in the rc portlist */
	336	n->com->do_not_close = 1;
	337	return 1;
	338	}
	339
	340	int daemon_remote_open_accept(struct daemon_remote* rc,
	341	struct listen_port* ports)
	342	{
	343	struct listen_port* p;
	344	for(p = ports; p; p = p->next) {
	345	if(!accept_open(rc, p->fd)) {
	346	log_err("could not create accept comm point");
	347	return 0;
	348	}
	349	}
	350	return 1;
	351	}
	352
	353	int remote_accept_callback(struct comm_point* c, void* arg, int err,
	354	struct comm_reply* ATTR_UNUSED(rep))
	355	{
	356	struct daemon_remote* rc = (struct daemon_remote*)arg;
	357	struct sockaddr_storage addr;
	358	socklen_t addrlen;
	359	int newfd;
	360	struct rc_state* n;
	361	if(err != NETEVENT_NOERROR) {
	362	log_err("error %d on remote_accept_callback", err);
	363	return 0;
	364	}
	365	/* perform the accept */
	366	newfd = comm_point_perform_accept(c, &addr, &addrlen);
	367	if(newfd == -1)
	368	return 0;
	369	/* create new commpoint unless we are servicing already */
	370	if(rc->active >= rc->max_active) {
	371	log_warn("drop incoming remote control: too many connections");
	372	comm_point_stop_listening(c);
	373	close(newfd);
	374	return 0;
	375	}
	376
	377	/* setup commpoint to service the remote control command */
	378	n = (struct rc_state)calloc(1, sizeof(n));
	379	if(!n) {
	380	log_err("out of memory");
	381	close(newfd);
	382	return 0;
	383	}
	384	/* start in reading state */
	385	n->c = comm_point_create_raw(rc->worker->base, newfd, 0,
	386	&remote_control_callback, n);
	387	if(!n->c) {
	388	log_err("out of memory");
	389	close(newfd);
	390	free(n);
	391	return 0;
	392	}
	393	log_addr(VERB_QUERY, "new control connection from", &addr, addrlen);
	394	n->c->do_not_close = 0;
	395	comm_point_stop_listening(n->c);
	396	comm_point_start_listening(n->c, -1, REMOTE_CONTROL_TCP_TIMEOUT);
	397	memcpy(&n->c->repinfo.addr, &addr, addrlen);
	398	n->c->repinfo.addrlen = addrlen;
	399	n->shake_state = rc_hs_read;
	400	n->ssl = SSL_new(rc->ctx);
	401	if(!n->ssl) {
	402	log_crypto_err("could not SSL_new");
	403	close(newfd);
	404	free(n);
	405	return 0;
	406	}
	407	SSL_set_accept_state(n->ssl);
	408	(void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY);
	409	if(!SSL_set_fd(n->ssl, newfd)) {
	410	log_crypto_err("could not SSL_set_fd");
	411	close(newfd);
	412	SSL_free(n->ssl);
	413	free(n);
	414	return 0;
	415	}
	416
	417	n->rc = rc;
	418	n->next = rc->busy_list;
	419	rc->busy_list = n;
	420	rc->active ++;
	421
	422	/* perform the first nonblocking read already, for windows,
	423	* so it can return wouldblock. could be faster too. */
	424	(void)remote_control_callback(n->c, n, NETEVENT_NOERROR, NULL);
	425	return 0;
	426	}
	427
	428	/** delete from list */
	429	static void
	430	state_list_remove_elem(struct rc_state** list, struct comm_point* c)
	431	{
	432	while(*list) {
	433	if( (*list)->c == c) {
	434	list = (list)->next;
	435	return;
	436	}
	437	list = &(*list)->next;
	438	}
	439	}
	440
	441	/** decrease active count and remove commpoint from busy list */
	442	static void
	443	clean_point(struct daemon_remote* rc, struct rc_state* s)
	444	{
	445	state_list_remove_elem(&rc->busy_list, s->c);
	446	rc->active --;
	447	if(s->ssl) {
	448	SSL_shutdown(s->ssl);
	449	SSL_free(s->ssl);
	450	}
	451	comm_point_delete(s->c);
	452	free(s);
	453	}
	454
	455	int
	456	ssl_print_text(SSL* ssl, const char* text)
	457	{
	458	int r;
	459	if(!ssl)
	460	return 0;
	461	ERR_clear_error();
	462	if((r=SSL_write(ssl, text, (int)strlen(text))) <= 0) {
	463	if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
	464	verbose(VERB_QUERY, "warning, in SSL_write, peer "
	465	"closed connection");
	466	return 0;
	467	}
	468	log_crypto_err("could not SSL_write");
	469	return 0;
	470	}
	471	return 1;
	472	}
	473
	474	/** print text over the ssl connection */
	475	static int
	476	ssl_print_vmsg(SSL* ssl, const char* format, va_list args)
	477	{
	478	char msg[1024];
	479	vsnprintf(msg, sizeof(msg), format, args);
	480	return ssl_print_text(ssl, msg);
	481	}
	482
	483	/** printf style printing to the ssl connection */
	484	int ssl_printf(SSL* ssl, const char* format, ...)
	485	{
	486	va_list args;
	487	int ret;
	488	va_start(args, format);
	489	ret = ssl_print_vmsg(ssl, format, args);
	490	va_end(args);
	491	return ret;
	492	}
	493
	494	int
	495	ssl_read_line(SSL* ssl, char* buf, size_t max)
	496	{
	497	int r;
	498	size_t len = 0;
	499	if(!ssl)
	500	return 0;
	501	while(len < max) {
	502	ERR_clear_error();
	503	if((r=SSL_read(ssl, buf+len, 1)) <= 0) {
	504	if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
	505	buf[len] = 0;
	506	return 1;
	507	}
	508	log_crypto_err("could not SSL_read");
	509	return 0;
	510	}
	511	if(buf[len] == '\n') {
	512	/* return string without \n */
	513	buf[len] = 0;
	514	return 1;
	515	}
	516	len++;
	517	}
	518	buf[max-1] = 0;
	519	log_err("control line too long (%d): %s", (int)max, buf);
	520	return 0;
	521	}
	522
	523	/** skip whitespace, return new pointer into string */
	524	static char*
	525	skipwhite(char* str)
	526	{
	527	/* EOS \0 is not a space */
	528	while( isspace(*str) )
	529	str++;
	530	return str;
	531	}
	532
	533	/** send the OK to the control client */
	534	static void send_ok(SSL* ssl)
	535	{
	536	(void)ssl_printf(ssl, "ok\n");
	537	}
	538
	539	/** do the stop command */
	540	static void
	541	do_stop(SSL* ssl, struct daemon_remote* rc)
	542	{
	543	rc->worker->need_to_exit = 1;
	544	comm_base_exit(rc->worker->base);
	545	send_ok(ssl);
	546	}
	547
	548	/** do the reload command */
	549	static void
	550	do_reload(SSL* ssl, struct daemon_remote* rc)
	551	{
	552	rc->worker->need_to_exit = 0;
	553	comm_base_exit(rc->worker->base);
	554	send_ok(ssl);
	555	}
	556
	557	/** do the verbosity command */
	558	static void
	559	do_verbosity(SSL* ssl, char* str)
	560	{
	561	int val = atoi(str);
	562	if(val == 0 && strcmp(str, "0") != 0) {
	563	ssl_printf(ssl, "error in verbosity number syntax: %s\n", str);
	564	return;
	565	}
	566	verbosity = val;
	567	send_ok(ssl);
	568	}
	569
	570	/** print stats from statinfo */
	571	static int
	572	print_stats(SSL* ssl, const char* nm, struct stats_info* s)
	573	{
	574	struct timeval avg;
	575	if(!ssl_printf(ssl, "%s.num.queries"SQ"%u\n", nm,
	576	(unsigned)s->svr.num_queries)) return 0;
	577	if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%u\n", nm,
	578	(unsigned)(s->svr.num_queries
	579	- s->svr.num_queries_missed_cache))) return 0;
	580	if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%u\n", nm,
	581	(unsigned)s->svr.num_queries_missed_cache)) return 0;
	582	if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%u\n", nm,
	583	(unsigned)s->mesh_replies_sent)) return 0;
	584	if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm,
	585	s->svr.num_queries_missed_cache?
	586	(double)s->svr.sum_query_list_size/
	587	s->svr.num_queries_missed_cache : 0.0)) return 0;
	588	if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%u\n", nm,
	589	(unsigned)s->svr.max_query_list_size)) return 0;
	590	if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%u\n", nm,
	591	(unsigned)s->mesh_jostled)) return 0;
	592	if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%u\n", nm,
	593	(unsigned)s->mesh_dropped)) return 0;
	594	if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%u\n", nm,
	595	(unsigned)s->mesh_num_states)) return 0;
	596	if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%u\n", nm,
	597	(unsigned)s->mesh_num_reply_states)) return 0;
	598	timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent);
	599	if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ"%d.%6.6d\n", nm,
	600	(int)avg.tv_sec, (int)avg.tv_usec)) return 0;
	601	if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm,
	602	s->mesh_time_median)) return 0;
	603	return 1;
	604	}
	605
	606	/** print stats for one thread */
	607	static int
	608	print_thread_stats(SSL* ssl, int i, struct stats_info* s)
	609	{
	610	char nm[16];
	611	snprintf(nm, sizeof(nm), "thread%d", i);
	612	nm[sizeof(nm)-1]=0;
	613	return print_stats(ssl, nm, s);
	614	}
	615
	616	/** print long number */
	617	static int
	618	print_longnum(SSL* ssl, char* desc, size_t x)
	619	{
	620	if(x > 102410241024) {
	621	/* more than a Gb */
	622	size_t front = x / (size_t)1000000;
	623	size_t back = x % (size_t)1000000;
	624	return ssl_printf(ssl, "%s%u%6.6u\n", desc,
	625	(unsigned)front, (unsigned)back);
	626	} else {
	627	return ssl_printf(ssl, "%s%u\n", desc, (unsigned)x);
	628	}
	629	}
	630
	631	/** print mem stats */
	632	static int
	633	print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
	634	{
	635	int m;
	636	size_t msg, rrset, val, iter;
	637	#ifdef HAVE_SBRK
	638	extern void* unbound_start_brk;
	639	void* cur = sbrk(0);
	640	if(!print_longnum(ssl, "mem.total.sbrk"SQ,
	641	(size_t)((char)cur - (char)unbound_start_brk))) return 0;
	642	#endif /* HAVE_SBRK */
	643	msg = slabhash_get_mem(daemon->env->msg_cache);
	644	rrset = slabhash_get_mem(&daemon->env->rrset_cache->table);
	645	val=0;
	646	iter=0;
	647	m = modstack_find(&worker->env.mesh->mods, "validator");
	648	if(m != -1) {
	649	fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
	650	mods.mod[m]->get_mem));
	651	val = (*worker->env.mesh->mods.mod[m]->get_mem)
	652	(&worker->env, m);
	653	}
	654	m = modstack_find(&worker->env.mesh->mods, "iterator");
	655	if(m != -1) {
	656	fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
	657	mods.mod[m]->get_mem));
	658	iter = (*worker->env.mesh->mods.mod[m]->get_mem)
	659	(&worker->env, m);
	660	}
	661
	662	if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset))
	663	return 0;
	664	if(!print_longnum(ssl, "mem.cache.message"SQ, msg))
	665	return 0;
	666	if(!print_longnum(ssl, "mem.mod.iterator"SQ, iter))
	667	return 0;
	668	if(!print_longnum(ssl, "mem.mod.validator"SQ, val))
	669	return 0;
	670	return 1;
	671	}
	672
	673	/** print uptime stats */
	674	static int
	675	print_uptime(SSL* ssl, struct worker* worker)
	676	{
	677	struct timeval now = *worker->env.now_tv;
	678	struct timeval up, dt;
	679	timeval_subtract(&up, &now, &worker->daemon->time_boot);
	680	timeval_subtract(&dt, &now, &worker->daemon->time_last_stat);
	681	worker->daemon->time_last_stat = now;
	682	if(!ssl_printf(ssl, "time.now"SQ"%d.%6.6d\n",
	683	(unsigned)now.tv_sec, (unsigned)now.tv_usec)) return 0;
	684	if(!ssl_printf(ssl, "time.up"SQ"%d.%6.6d\n",
	685	(unsigned)up.tv_sec, (unsigned)up.tv_usec)) return 0;
	686	if(!ssl_printf(ssl, "time.elapsed"SQ"%d.%6.6d\n",
	687	(unsigned)dt.tv_sec, (unsigned)dt.tv_usec)) return 0;
	688	return 1;
	689	}
	690
	691	/** print extended histogram */
	692	static int
	693	print_hist(SSL* ssl, struct stats_info* s)
	694	{
	695	struct timehist* hist;
	696	size_t i;
	697	hist = timehist_setup();
	698	if(!hist) {
	699	log_err("out of memory");
	700	return 0;
	701	}
	702	timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST);
	703	for(i=0; i<hist->num; i++) {
	704	if(!ssl_printf(ssl,
	705	"histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%u\n",
	706	(int)hist->buckets[i].lower.tv_sec,
	707	(int)hist->buckets[i].lower.tv_usec,
	708	(int)hist->buckets[i].upper.tv_sec,
	709	(int)hist->buckets[i].upper.tv_usec,
	710	(unsigned)hist->buckets[i].count)) {
	711	timehist_delete(hist);
	712	return 0;
	713	}
	714	}
	715	timehist_delete(hist);
	716	return 1;
	717	}
	718
	719	/** print extended stats */
	720	static int
	721	print_ext(SSL* ssl, struct stats_info* s)
	722	{
	723	int i;
	724	char nm[16];
	725	const ldns_rr_descriptor* desc;
	726	const ldns_lookup_table* lt;
	727	/* TYPE */
	728	for(i=0; i<STATS_QTYPE_NUM; i++) {
	729	if(inhibit_zero && s->svr.qtype[i] == 0)
	730	continue;
	731	desc = ldns_rr_descript((uint16_t)i);
	732	if(desc && desc->_name) {
	733	snprintf(nm, sizeof(nm), "%s", desc->_name);
	734	} else if (i == LDNS_RR_TYPE_IXFR) {
	735	snprintf(nm, sizeof(nm), "IXFR");
	736	} else if (i == LDNS_RR_TYPE_AXFR) {
	737	snprintf(nm, sizeof(nm), "AXFR");
	738	} else if (i == LDNS_RR_TYPE_MAILA) {
	739	snprintf(nm, sizeof(nm), "MAILA");
	740	} else if (i == LDNS_RR_TYPE_MAILB) {
	741	snprintf(nm, sizeof(nm), "MAILB");
	742	} else if (i == LDNS_RR_TYPE_ANY) {
	743	snprintf(nm, sizeof(nm), "ANY");
	744	} else {
	745	snprintf(nm, sizeof(nm), "TYPE%d", i);
	746	}
	747	if(!ssl_printf(ssl, "num.query.type.%s"SQ"%u\n",
	748	nm, (unsigned)s->svr.qtype[i])) return 0;
	749	}
	750	if(!inhibit_zero \|\| s->svr.qtype_big) {
	751	if(!ssl_printf(ssl, "num.query.type.other"SQ"%u\n",
	752	(unsigned)s->svr.qtype_big)) return 0;
	753	}
	754	/* CLASS */
	755	for(i=0; i<STATS_QCLASS_NUM; i++) {
	756	if(inhibit_zero && s->svr.qclass[i] == 0)
	757	continue;
	758	lt = ldns_lookup_by_id(ldns_rr_classes, i);
	759	if(lt && lt->name) {
	760	snprintf(nm, sizeof(nm), "%s", lt->name);
	761	} else {
	762	snprintf(nm, sizeof(nm), "CLASS%d", i);
	763	}
	764	if(!ssl_printf(ssl, "num.query.class.%s"SQ"%u\n",
	765	nm, (unsigned)s->svr.qclass[i])) return 0;
	766	}
	767	if(!inhibit_zero \|\| s->svr.qclass_big) {
	768	if(!ssl_printf(ssl, "num.query.class.other"SQ"%u\n",
	769	(unsigned)s->svr.qclass_big)) return 0;
	770	}
	771	/* OPCODE */
	772	for(i=0; i<STATS_OPCODE_NUM; i++) {
	773	if(inhibit_zero && s->svr.qopcode[i] == 0)
	774	continue;
	775	lt = ldns_lookup_by_id(ldns_opcodes, i);
	776	if(lt && lt->name) {
	777	snprintf(nm, sizeof(nm), "%s", lt->name);
	778	} else {
	779	snprintf(nm, sizeof(nm), "OPCODE%d", i);
	780	}
	781	if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%u\n",
	782	nm, (unsigned)s->svr.qopcode[i])) return 0;
	783	}
	784	/* transport */
	785	if(!ssl_printf(ssl, "num.query.tcp"SQ"%u\n",
	786	(unsigned)s->svr.qtcp)) return 0;
	787	if(!ssl_printf(ssl, "num.query.ipv6"SQ"%u\n",
	788	(unsigned)s->svr.qipv6)) return 0;
	789	/* flags */
	790	if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%u\n",
	791	(unsigned)s->svr.qbit_QR)) return 0;
	792	if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%u\n",
	793	(unsigned)s->svr.qbit_AA)) return 0;
	794	if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%u\n",
	795	(unsigned)s->svr.qbit_TC)) return 0;
	796	if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%u\n",
	797	(unsigned)s->svr.qbit_RD)) return 0;
	798	if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%u\n",
	799	(unsigned)s->svr.qbit_RA)) return 0;
	800	if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%u\n",
	801	(unsigned)s->svr.qbit_Z)) return 0;
	802	if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%u\n",
	803	(unsigned)s->svr.qbit_AD)) return 0;
	804	if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%u\n",
	805	(unsigned)s->svr.qbit_CD)) return 0;
	806	if(!ssl_printf(ssl, "num.query.edns.present"SQ"%u\n",
	807	(unsigned)s->svr.qEDNS)) return 0;
	808	if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%u\n",
	809	(unsigned)s->svr.qEDNS_DO)) return 0;
	810
	811	/* RCODE */
	812	for(i=0; i<STATS_RCODE_NUM; i++) {
	813	if(inhibit_zero && s->svr.ans_rcode[i] == 0)
	814	continue;
	815	lt = ldns_lookup_by_id(ldns_rcodes, i);
	816	if(lt && lt->name) {
	817	snprintf(nm, sizeof(nm), "%s", lt->name);
	818	} else {
	819	snprintf(nm, sizeof(nm), "RCODE%d", i);
	820	}
	821	if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%u\n",
	822	nm, (unsigned)s->svr.ans_rcode[i])) return 0;
	823	}
	824	if(!inhibit_zero \|\| s->svr.ans_rcode_nodata) {
	825	if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%u\n",
	826	(unsigned)s->svr.ans_rcode_nodata)) return 0;
	827	}
	828	/* validation */
	829	if(!ssl_printf(ssl, "num.answer.secure"SQ"%u\n",
	830	(unsigned)s->svr.ans_secure)) return 0;
	831	if(!ssl_printf(ssl, "num.answer.bogus"SQ"%u\n",
	832	(unsigned)s->svr.ans_bogus)) return 0;
	833	if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%u\n",
	834	(unsigned)s->svr.rrset_bogus)) return 0;
	835	/* threat detection */
	836	if(!ssl_printf(ssl, "unwanted.queries"SQ"%u\n",
	837	(unsigned)s->svr.unwanted_queries)) return 0;
	838	if(!ssl_printf(ssl, "unwanted.replies"SQ"%u\n",
	839	(unsigned)s->svr.unwanted_replies)) return 0;
	840	return 1;
	841	}
	842
	843	/** do the stats command */
	844	static void
	845	do_stats(SSL* ssl, struct daemon_remote* rc)
	846	{
	847	struct daemon* daemon = rc->worker->daemon;
	848	struct stats_info total;
	849	struct stats_info s;
	850	int i;
	851	/* gather all thread statistics in one place */
	852	for(i=0; i<daemon->num; i++) {
	853	server_stats_obtain(rc->worker, daemon->workers[i], &s);
	854	if(!print_thread_stats(ssl, i, &s))
	855	return;
	856	if(i == 0)
	857	total = s;
	858	else server_stats_add(&total, &s);
	859	}
	860	/* print the thread statistics */
	861	total.mesh_time_median /= (double)daemon->num;
	862	if(!print_stats(ssl, "total", &total))
	863	return;
	864	if(!print_uptime(ssl, rc->worker))
	865	return;
	866	if(daemon->cfg->stat_extended) {
	867	if(!print_mem(ssl, rc->worker, daemon))
	868	return;
	869	if(!print_hist(ssl, &total))
	870	return;
	871	if(!print_ext(ssl, &total))
	872	return;
	873	}
	874	}
	875
	876	/** parse commandline argument domain name */
	877	static int
	878	parse_arg_name(SSL* ssl, char* str, uint8_t** res, size_t* len, int* labs)
	879	{
	880	ldns_rdf* rdf;
	881	*res = NULL;
	882	*len = 0;
	883	*labs = 0;
	884	rdf = ldns_dname_new_frm_str(str);
	885	if(!rdf) {
	886	ssl_printf(ssl, "error cannot parse name %s\n", str);
	887	return 0;
	888	}
	889	*res = memdup(ldns_rdf_data(rdf), ldns_rdf_size(rdf));
	890	ldns_rdf_deep_free(rdf);
	891	if(!*res) {
	892	ssl_printf(ssl, "error out of memory\n");
	893	return 0;
	894	}
	895	labs = dname_count_size_labels(res, len);
	896	return 1;
	897	}
	898
	899	/** find second argument, modifies string */
	900	static int
	901	find_arg2(SSL* ssl, char* arg, char** arg2)
	902	{
	903	char* as = strchr(arg, ' ');
	904	char* at = strchr(arg, '\t');
	905	if(as && at) {
	906	if(at < as)
	907	as = at;
	908	as[0]=0;
	909	*arg2 = skipwhite(as+1);
	910	} else if(as) {
	911	as[0]=0;
	912	*arg2 = skipwhite(as+1);
	913	} else if(at) {
	914	at[0]=0;
	915	*arg2 = skipwhite(at+1);
	916	} else {
	917	ssl_printf(ssl, "error could not find next argument "
	918	"after %s\n", arg);
	919	return 0;
	920	}
	921	return 1;
	922	}
	923
	924	/** Add a new zone */
	925	static void
	926	do_zone_add(SSL* ssl, struct worker* worker, char* arg)
	927	{
	928	uint8_t* nm;
	929	int nmlabs;
	930	size_t nmlen;
	931	char* arg2;
	932	enum localzone_type t;
	933	struct local_zone* z;
	934	if(!find_arg2(ssl, arg, &arg2))
	935	return;
	936	if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
	937	return;
	938	if(!local_zone_str2type(arg2, &t)) {
	939	ssl_printf(ssl, "error not a zone type. %s\n", arg2);
	940	free(nm);
	941	return;
	942	}
	943	lock_quick_lock(&worker->daemon->local_zones->lock);
	944	if((z=local_zones_find(worker->daemon->local_zones, nm, nmlen,
	945	nmlabs, LDNS_RR_CLASS_IN))) {
	946	/* already present in tree */
	947	lock_rw_wrlock(&z->lock);
	948	z->type = t; /* update type anyway */
	949	lock_rw_unlock(&z->lock);
	950	free(nm);
	951	lock_quick_unlock(&worker->daemon->local_zones->lock);
	952	send_ok(ssl);
	953	return;
	954	}
	955	if(!local_zones_add_zone(worker->daemon->local_zones, nm, nmlen,
	956	nmlabs, LDNS_RR_CLASS_IN, t)) {
	957	lock_quick_unlock(&worker->daemon->local_zones->lock);
	958	ssl_printf(ssl, "error out of memory\n");
	959	return;
	960	}
	961	lock_quick_unlock(&worker->daemon->local_zones->lock);
	962	send_ok(ssl);
	963	}
	964
	965	/** Remove a zone */
	966	static void
	967	do_zone_remove(SSL* ssl, struct worker* worker, char* arg)
	968	{
	969	uint8_t* nm;
	970	int nmlabs;
	971	size_t nmlen;
	972	struct local_zone* z;
	973	if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
	974	return;
	975	lock_quick_lock(&worker->daemon->local_zones->lock);
	976	if((z=local_zones_find(worker->daemon->local_zones, nm, nmlen,
	977	nmlabs, LDNS_RR_CLASS_IN))) {
	978	/* present in tree */
	979	local_zones_del_zone(worker->daemon->local_zones, z);
	980	}
	981	lock_quick_unlock(&worker->daemon->local_zones->lock);
	982	free(nm);
	983	send_ok(ssl);
	984	}
	985
	986	/** Add new RR data */
	987	static void
	988	do_data_add(SSL* ssl, struct worker* worker, char* arg)
	989	{
	990	if(!local_zones_add_RR(worker->daemon->local_zones, arg,
	991	worker->env.scratch_buffer)) {
	992	ssl_printf(ssl,"error in syntax or out of memory, %s\n", arg);
	993	return;
	994	}
	995	send_ok(ssl);
	996	}
	997
	998	/** Remove RR data */
	999	static void
	1000	do_data_remove(SSL* ssl, struct worker* worker, char* arg)
	1001	{
	1002	uint8_t* nm;
	1003	int nmlabs;
	1004	size_t nmlen;
	1005	if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
	1006	return;
	1007	local_zones_del_data(worker->daemon->local_zones, nm,
	1008	nmlen, nmlabs, LDNS_RR_CLASS_IN);
	1009	free(nm);
	1010	send_ok(ssl);
	1011	}
	1012
	1013	/** cache lookup of nameservers */
	1014	static void
	1015	do_lookup(SSL* ssl, struct worker* worker, char* arg)
	1016	{
	1017	uint8_t* nm;
	1018	int nmlabs;
	1019	size_t nmlen;
	1020	if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
	1021	return;
	1022	(void)print_deleg_lookup(ssl, worker, nm, nmlen, nmlabs);
	1023	free(nm);
	1024	}
	1025
	1026	/** flush a type */
	1027	static void
	1028	do_flush_type(SSL* ssl, struct worker* worker, char* arg)
	1029	{
	1030	uint8_t* nm;
	1031	int nmlabs;
	1032	size_t nmlen;
	1033	char* arg2;
	1034	uint16_t t;
	1035	if(!find_arg2(ssl, arg, &arg2))
	1036	return;
	1037	if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
	1038	return;
	1039	t = ldns_get_rr_type_by_name(arg2);
	1040	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1041	t, LDNS_RR_CLASS_IN, 0);
	1042
	1043	free(nm);
	1044	send_ok(ssl);
	1045	}
	1046
	1047	/**
	1048	* Local info for deletion functions
	1049	*/
	1050	struct del_info {
	1051	/** worker */
	1052	struct worker* worker;
	1053	/** name to delete */
	1054	uint8_t* name;
	1055	/** length */
	1056	size_t len;
	1057	/** labels */
	1058	int labs;
	1059	/** time to invalidate to */
	1060	uint32_t expired;
	1061	/** number of rrsets removed */
	1062	size_t num_rrsets;
	1063	/** number of key entries removed */
	1064	size_t num_keys;
	1065	};
	1066
	1067	/** callback to delete rrsets in a zone */
	1068	static void
	1069	zone_del_rrset(struct lruhash_entry* e, void* arg)
	1070	{
	1071	/* entry is locked */
	1072	struct del_info* inf = (struct del_info*)arg;
	1073	struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key;
	1074	if(dname_subdomain_c(k->rk.dname, inf->name)) {
	1075	struct packed_rrset_data* d =
	1076	(struct packed_rrset_data*)e->data;
	1077	d->ttl = inf->expired;
	1078	inf->num_rrsets++;
	1079	}
	1080	}
	1081
	1082	/** callback to delete keys in zone */
	1083	static void
	1084	zone_del_kcache(struct lruhash_entry* e, void* arg)
	1085	{
	1086	/* entry is locked */
	1087	struct del_info* inf = (struct del_info*)arg;
	1088	struct key_entry_key* k = (struct key_entry_key*)e->key;
	1089	if(dname_subdomain_c(k->name, inf->name)) {
	1090	struct key_entry_data* d = (struct key_entry_data*)e->data;
	1091	d->ttl = inf->expired;
	1092	inf->num_keys++;
	1093	}
	1094	}
	1095
	1096	/** traverse a lruhash */
	1097	static void
	1098	lruhash_traverse(struct lruhash* h, int wr,
	1099	void (func)(struct lruhash_entry, void), void arg)
	1100	{
	1101	size_t i;
	1102	struct lruhash_entry* e;
	1103
	1104	lock_quick_lock(&h->lock);
	1105	for(i=0; i<h->size; i++) {
	1106	lock_quick_lock(&h->array[i].lock);
	1107	for(e = h->array[i].overflow_list; e; e = e->overflow_next) {
	1108	if(wr) {
	1109	lock_rw_wrlock(&e->lock);
	1110	} else {
	1111	lock_rw_rdlock(&e->lock);
	1112	}
	1113	(*func)(e, arg);
	1114	lock_rw_unlock(&e->lock);
	1115	}
	1116	lock_quick_unlock(&h->array[i].lock);
	1117	}
	1118	lock_quick_unlock(&h->lock);
	1119	}
	1120
	1121	/** traverse a slabhash */
	1122	static void
	1123	slabhash_traverse(struct slabhash* sh, int wr,
	1124	void (func)(struct lruhash_entry, void), void arg)
	1125	{
	1126	size_t i;
	1127	for(i=0; i<sh->size; i++)
	1128	lruhash_traverse(sh->array[i], wr, func, arg);
	1129	}
	1130
	1131	/** remove all rrsets and keys from zone from cache */
	1132	static void
	1133	do_flush_zone(SSL* ssl, struct worker* worker, char* arg)
	1134	{
	1135	uint8_t* nm;
	1136	int nmlabs;
	1137	size_t nmlen;
	1138	struct del_info inf;
	1139	int idx;
	1140	if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
	1141	return;
	1142	/* delete all RRs and key entries from zone */
	1143	/* what we do is to set them all expired */
	1144	inf.worker = worker;
	1145	inf.name = nm;
	1146	inf.len = nmlen;
	1147	inf.labs = nmlabs;
	1148	inf.expired = *worker->env.now;
	1149	inf.expired -= 3; /* handle 3 seconds skew between threads */
	1150	inf.num_rrsets = 0;
	1151	inf.num_keys = 0;
	1152	slabhash_traverse(&worker->env.rrset_cache->table, 1,
	1153	&zone_del_rrset, &inf);
	1154
	1155	/* and validator cache */
	1156	idx = modstack_find(&worker->daemon->mods, "validator");
	1157	if(idx != -1) {
	1158	struct val_env* ve = (struct val_env*)worker->env.modinfo[idx];
	1159	slabhash_traverse(ve->kcache->slab, 1, &zone_del_kcache, &inf);
	1160	}
	1161
	1162	free(nm);
	1163
	1164	(void)ssl_printf(ssl, "ok removed %u rrsets and %u key entries\n",
	1165	(unsigned)inf.num_rrsets, (unsigned)inf.num_keys);
	1166	}
	1167
	1168	/** remove name rrset from cache */
	1169	static void
	1170	do_flush_name(SSL* ssl, struct worker* worker, char* arg)
	1171	{
	1172	uint8_t* nm;
	1173	int nmlabs;
	1174	size_t nmlen;
	1175	if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
	1176	return;
	1177	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1178	LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN, 0);
	1179	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1180	LDNS_RR_TYPE_AAAA, LDNS_RR_CLASS_IN, 0);
	1181	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1182	LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN, 0);
	1183	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1184	LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, 0);
	1185	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1186	LDNS_RR_TYPE_CNAME, LDNS_RR_CLASS_IN, 0);
	1187	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1188	LDNS_RR_TYPE_DNAME, LDNS_RR_CLASS_IN, 0);
	1189	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1190	LDNS_RR_TYPE_MX, LDNS_RR_CLASS_IN, 0);
	1191	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1192	LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN, 0);
	1193	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1194	LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN, 0);
	1195	rrset_cache_remove(worker->env.rrset_cache, nm, nmlen,
	1196	LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN, 0);
	1197
	1198	free(nm);
	1199	send_ok(ssl);
	1200	}
	1201
	1202	/** do the status command */
	1203	static void
	1204	do_status(SSL* ssl, struct worker* worker)
	1205	{
	1206	int i;
	1207	time_t uptime;
	1208	if(!ssl_printf(ssl, "version: %s\n", PACKAGE_VERSION))
	1209	return;
	1210	if(!ssl_printf(ssl, "verbosity: %d\n", verbosity))
	1211	return;
	1212	if(!ssl_printf(ssl, "threads: %d\n", worker->daemon->num))
	1213	return;
	1214	if(!ssl_printf(ssl, "modules: %d [", worker->daemon->mods.num))
	1215	return;
	1216	for(i=0; i<worker->daemon->mods.num; i++) {
	1217	if(!ssl_printf(ssl, " %s", worker->daemon->mods.mod[i]->name))
	1218	return;
	1219	}
	1220	if(!ssl_printf(ssl, " ]\n"))
	1221	return;
	1222	uptime = (time_t)time(NULL) - (time_t)worker->daemon->time_boot.tv_sec;
	1223	if(!ssl_printf(ssl, "uptime: %u seconds\n", (unsigned)uptime))
	1224	return;
	1225	if(!ssl_printf(ssl, "unbound (pid %d) is running...\n",
	1226	(int)getpid()))
	1227	return;
	1228	}
	1229
	1230	/** tell other processes to execute the command */
	1231	void
	1232	distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd)
	1233	{
	1234	int i;
	1235	if(!cmd \|\| !ssl)
	1236	return;
	1237	/* skip i=0 which is me */
	1238	for(i=1; i<rc->worker->daemon->num; i++) {
	1239	worker_send_cmd(rc->worker->daemon->workers[i],
	1240	worker_cmd_remote);
	1241	if(!tube_write_msg(rc->worker->daemon->workers[i]->cmd,
	1242	(uint8_t*)cmd, strlen(cmd)+1, 0)) {
	1243	ssl_printf(ssl, "error could not distribute cmd\n");
	1244	return;
	1245	}
	1246	}
	1247	}
	1248
	1249	/** execute a remote control command */
	1250	static void
	1251	execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
	1252	struct worker* worker)
	1253	{
	1254	char* p = skipwhite(cmd);
	1255	/* compare command - check longer strings first in case of substrings*/
	1256	if(strncmp(p, "stop", 4) == 0) {
	1257	do_stop(ssl, rc);
	1258	return;
	1259	} else if(strncmp(p, "reload", 6) == 0) {
	1260	do_reload(ssl, rc);
	1261	return;
	1262	} else if(strncmp(p, "stats", 5) == 0) {
	1263	do_stats(ssl, rc);
	1264	return;
	1265	} else if(strncmp(p, "status", 6) == 0) {
	1266	do_status(ssl, worker);
	1267	return;
	1268	} else if(strncmp(p, "dump_cache", 10) == 0) {
	1269	(void)dump_cache(ssl, worker);
	1270	return;
	1271	} else if(strncmp(p, "load_cache", 10) == 0) {
	1272	if(load_cache(ssl, worker)) send_ok(ssl);
	1273	return;
	1274	} else if(strncmp(p, "lookup", 6) == 0) {
	1275	do_lookup(ssl, worker, skipwhite(p+6));
	1276	return;
	1277	}
	1278
	1279	#ifdef THREADS_DISABLED
	1280	/* other processes must execute the command as well */
	1281	/* commands that should not be distributed, returned above. */
	1282	if(rc) { /* only if this thread is the master (rc) thread */
	1283	/* done before the code below, which may split the string */
	1284	distribute_cmd(rc, ssl, cmd);
	1285	}
	1286	#endif
	1287	if(strncmp(p, "verbosity", 9) == 0) {
	1288	do_verbosity(ssl, skipwhite(p+9));
	1289	} else if(strncmp(p, "local_zone_remove", 17) == 0) {
	1290	do_zone_remove(ssl, worker, skipwhite(p+17));
	1291	} else if(strncmp(p, "local_zone", 10) == 0) {
	1292	do_zone_add(ssl, worker, skipwhite(p+10));
	1293	} else if(strncmp(p, "local_data_remove", 17) == 0) {
	1294	do_data_remove(ssl, worker, skipwhite(p+17));
	1295	} else if(strncmp(p, "local_data", 10) == 0) {
	1296	do_data_add(ssl, worker, skipwhite(p+10));
	1297	} else if(strncmp(p, "flush_zone", 10) == 0) {
	1298	do_flush_zone(ssl, worker, skipwhite(p+10));
	1299	} else if(strncmp(p, "flush_type", 10) == 0) {
	1300	do_flush_type(ssl, worker, skipwhite(p+10));
	1301	} else if(strncmp(p, "flush", 5) == 0) {
	1302	do_flush_name(ssl, worker, skipwhite(p+5));
	1303	} else {
	1304	(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
	1305	}
	1306	}
	1307
	1308	void
	1309	daemon_remote_exec(struct worker* worker)
	1310	{
	1311	/* read the cmd string */
	1312	uint8_t* msg = NULL;
	1313	uint32_t len = 0;
	1314	if(!tube_read_msg(worker->cmd, &msg, &len, 0)) {
	1315	log_err("daemon_remote_exec: tube_read_msg failed");
	1316	return;
	1317	}
	1318	verbose(VERB_ALGO, "remote exec distributed: %s", (char*)msg);
	1319	execute_cmd(NULL, NULL, (char*)msg, worker);
	1320	free(msg);
	1321	}
	1322
	1323	/** handle remote control request */
	1324	static void
	1325	handle_req(struct daemon_remote* rc, struct rc_state* s, SSL* ssl)
	1326	{
	1327	int r;
	1328	char magic[5];
	1329	char buf[1024];
	1330	#ifdef USE_WINSOCK
	1331	/* makes it possible to set the socket blocking again. */
	1332	/* basically removes it from winsock_event ... */
	1333	WSAEventSelect(s->c->fd, NULL, 0);
	1334	#endif
	1335	fd_set_block(s->c->fd);
	1336
	1337	/* try to read magic UBCT string */
	1338	ERR_clear_error();
	1339	if((r=SSL_read(ssl, magic, (int)sizeof(magic)-1)) <= 0) {
	1340	if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN)
	1341	return;
	1342	log_crypto_err("could not SSL_read");
	1343	return;
	1344	}
	1345	magic[4] = 0;
	1346	if( r != 4 \|\| strcmp(magic, "UBCT") != 0) {
	1347	verbose(VERB_QUERY, "control connection has bad magic string");
	1348	return;
	1349	}
	1350
	1351	/* read the command line */
	1352	if(!ssl_read_line(ssl, buf, sizeof(buf))) {
	1353	return;
	1354	}
	1355	verbose(VERB_DETAIL, "control cmd: %s", buf);
	1356
	1357	/* figure out what to do */
	1358	execute_cmd(rc, ssl, buf, rc->worker);
	1359	}
	1360
	1361	int remote_control_callback(struct comm_point* c, void* arg, int err,
	1362	struct comm_reply* ATTR_UNUSED(rep))
	1363	{
	1364	struct rc_state* s = (struct rc_state*)arg;
	1365	struct daemon_remote* rc = s->rc;
	1366	int r;
	1367	if(err != NETEVENT_NOERROR) {
	1368	if(err==NETEVENT_TIMEOUT)
	1369	log_err("remote control timed out");
	1370	clean_point(rc, s);
	1371	return 0;
	1372	}
	1373	/* (continue to) setup the SSL connection */
	1374	ERR_clear_error();
	1375	r = SSL_do_handshake(s->ssl);
	1376	if(r != 1) {
	1377	r = SSL_get_error(s->ssl, r);
	1378	if(r == SSL_ERROR_WANT_READ) {
	1379	if(s->shake_state == rc_hs_read) {
	1380	/* try again later */
	1381	return 0;
	1382	}
	1383	s->shake_state = rc_hs_read;
	1384	comm_point_listen_for_rw(c, 1, 0);
	1385	return 0;
	1386	} else if(r == SSL_ERROR_WANT_WRITE) {
	1387	if(s->shake_state == rc_hs_write) {
	1388	/* try again later */
	1389	return 0;
	1390	}
	1391	s->shake_state = rc_hs_write;
	1392	comm_point_listen_for_rw(c, 0, 1);
	1393	return 0;
	1394	} else {
	1395	log_crypto_err("remote control failed ssl");
	1396	clean_point(rc, s);
	1397	return 0;
	1398	}
	1399	}
	1400	s->shake_state = rc_none;
	1401
	1402	/* once handshake has completed, check authentication */
	1403	if(SSL_get_verify_result(s->ssl) == X509_V_OK) {
	1404	X509* x = SSL_get_peer_certificate(s->ssl);
	1405	if(!x) {
	1406	verbose(VERB_DETAIL, "remote control connection "
	1407	"provided no client certificate");
	1408	clean_point(rc, s);
	1409	return 0;
	1410	}
	1411	verbose(VERB_ALGO, "remote control connection authenticated");
	1412	X509_free(x);
	1413	} else {
	1414	verbose(VERB_DETAIL, "remote control connection failed to "
	1415	"authenticate with client certificate");
	1416	clean_point(rc, s);
	1417	return 0;
	1418	}
	1419
	1420	/* if OK start to actually handle the request */
	1421	handle_req(rc, s, s->ssl);
	1422
	1423	verbose(VERB_ALGO, "remote control operation completed");
	1424	clean_point(rc, s);
	1425	return 0;
	1426	}

+166

-0

daemon/remote.h less more

	0	/*
	1	* daemon/remote.h - remote control for the unbound daemon.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains the remote control functionality for the daemon.
	39	* The remote control can be performed using either the commandline
	40	* unbound-control tool, or a SSLv3/TLS capable web browser.
	41	* The channel is secured using SSLv3 or TLSv1, and certificates.
	42	* Both the server and the client(control tool) have their own keys.
	43	*/
	44
	45	#ifndef DAEMON_REMOTE_H
	46	#define DAEMON_REMOTE_H
	47	struct config_file;
	48	struct listen_list;
	49	struct listen_port;
	50	struct worker;
	51	struct comm_reply;
	52	struct comm_point;
	53	struct daemon_remote;
	54
	55	/** number of seconds timeout on incoming remote control handshake */
	56	#define REMOTE_CONTROL_TCP_TIMEOUT 120
	57
	58	/**
	59	* a busy control command connection, SSL state
	60	*/
	61	struct rc_state {
	62	/** the next item in list */
	63	struct rc_state* next;
	64	/** the commpoint */
	65	struct comm_point* c;
	66	/** in the handshake part */
	67	enum { rc_none, rc_hs_read, rc_hs_write } shake_state;
	68	/** the ssl state */
	69	SSL* ssl;
	70	/** the rc this is part of */
	71	struct daemon_remote* rc;
	72	};
	73
	74	/**
	75	* The remote control tool state.
	76	* The state is only created for the first thread, other threads
	77	* are called from this thread. Only the first threads listens to
	78	* the control port. The other threads do not, but are called on the
	79	* command channel(pipe) from the first thread.
	80	*/
	81	struct daemon_remote {
	82	/** the worker for this remote control */
	83	struct worker* worker;
	84	/** commpoints for accepting remote control connections */
	85	struct listen_list* accept_list;
	86	/** number of active commpoints that are handling remote control */
	87	int active;
	88	/** max active commpoints */
	89	int max_active;
	90	/** current commpoints busy; should be a short list, malloced */
	91	struct rc_state* busy_list;
	92	/** the SSL context for creating new SSL streams */
	93	SSL_CTX* ctx;
	94	};
	95
	96	/**
	97	* Create new remote control state for the daemon.
	98	* @param worker: worker with communication base. and links to command channels.
	99	* @return new state, or NULL on failure.
	100	*/
	101	struct daemon_remote* daemon_remote_create(struct worker* worker);
	102
	103	/**
	104	* remote control state to delete.
	105	* @param rc: state to delete.
	106	*/
	107	void daemon_remote_delete(struct daemon_remote* rc);
	108
	109	/**
	110	* Open and create listening ports for remote control.
	111	* @param cfg: config options.
	112	* @return list of ports or NULL on failure.
	113	* can be freed with listening_ports_free().
	114	*/
	115	struct listen_port* daemon_remote_open_ports(struct config_file* cfg);
	116
	117	/**
	118	* Setup comm points for accepting remote control connections.
	119	* @param rc: state
	120	* @param ports: already opened ports.
	121	* @return false on error.
	122	*/
	123	int daemon_remote_open_accept(struct daemon_remote* rc,
	124	struct listen_port* ports);
	125
	126	/**
	127	* Handle nonthreaded remote cmd execution.
	128	* @param worker: this worker (the remote worker).
	129	*/
	130	void daemon_remote_exec(struct worker* worker);
	131
	132	/** handle remote control accept callbacks */
	133	int remote_accept_callback(struct comm_point, void, int, struct comm_reply*);
	134
	135	/** handle remote control data callbacks */
	136	int remote_control_callback(struct comm_point, void, int, struct comm_reply*);
	137
	138	/**
	139	* Print fixed line of text over ssl connection in blocking mode
	140	* @param ssl: print to
	141	* @param text: the text.
	142	* @return false on connection failure.
	143	*/
	144	int ssl_print_text(SSL* ssl, const char* text);
	145
	146	/**
	147	* printf style printing to the ssl connection
	148	* @param ssl: the SSL connection to print to. Blocking.
	149	* @param format: printf style format string.
	150	* @return success or false on a network failure.
	151	*/
	152	int ssl_printf(SSL* ssl, const char* format, ...)
	153	ATTR_FORMAT(printf, 2, 3);
	154
	155	/**
	156	* Read until \n is encountered
	157	* If SSL signals EOF, the string up to then is returned (without \n).
	158	* @param ssl: the SSL connection to read from. blocking.
	159	* @param buf: buffer to read to.
	160	* @param max: size of buffer.
	161	* @return false on connection failure.
	162	*/
	163	int ssl_read_line(SSL* ssl, char* buf, size_t max);
	164
	165	#endif /* DAEMON_REMOTE_H */

+219

-5

daemon/stats.c less more

41	41	#include "config.h"
42	42	#include "daemon/stats.h"
43	43	#include "daemon/worker.h"
	44	#include "daemon/daemon.h"
44	45	#include "services/mesh.h"
45
46		void server_stats_init(struct server_stats* stats)
	46	#include "services/outside_network.h"
	47	#include "util/config_file.h"
	48	#include "util/tube.h"
	49	#include "util/timehist.h"
	50	#include "util/net_help.h"
	51	#include "validator/validator.h"
	52
	53	/** add timers and the values do not overflow or become negative */
	54	static void
	55	timeval_add(struct timeval* d, const struct timeval* add)
	56	{
	57	#ifndef S_SPLINT_S
	58	d->tv_sec += add->tv_sec;
	59	d->tv_usec += add->tv_usec;
	60	while(d->tv_usec > 1000000 ) {
	61	d->tv_usec -= 1000000;
	62	d->tv_sec++;
	63	}
	64	#endif
	65	}
	66
	67	void server_stats_init(struct server_stats* stats, struct config_file* cfg)
47	68	{
48	69	memset(stats, 0, sizeof(*stats));
	70	stats->extended = cfg->stat_extended;
49	71	}
50	72
51	73	void server_stats_querymiss(struct server_stats* stats, struct worker* worker)

56	78	stats->max_query_list_size = worker->env.mesh->all.count;
57	79	}
58	80
59		void server_stats_log(struct server_stats* stats, int threadnum)
	81	void server_stats_log(struct server_stats* stats, struct worker* worker,
	82	int threadnum)
60	83	{
61	84	log_info("server stats for thread %d: %u queries, "
62	85	"%u answers from cache, %u recursions",

69	92	stats->num_queries_missed_cache?
70	93	(double)stats->sum_query_list_size/
71	94	stats->num_queries_missed_cache : 0.0,
72		(unsigned)stats->num_query_list_exceeded);
73		}
	95	(unsigned)worker->env.mesh->stats_dropped);
	96	}
	97
	98	/** get rrsets bogus number from validator */
	99	static size_t
	100	get_rrset_bogus(struct worker* worker)
	101	{
	102	int m = modstack_find(&worker->env.mesh->mods, "validator");
	103	struct val_env* ve;
	104	size_t r;
	105	if(m == -1)
	106	return 0;
	107	ve = (struct val_env*)worker->env.modinfo[m];
	108	lock_basic_lock(&ve->bogus_lock);
	109	r = ve->num_rrset_bogus;
	110	if(!worker->env.cfg->stat_cumulative)
	111	ve->num_rrset_bogus = 0;
	112	lock_basic_unlock(&ve->bogus_lock);
	113	return r;
	114	}
	115
	116	void
	117	server_stats_compile(struct worker* worker, struct stats_info* s)
	118	{
	119	int i;
	120
	121	s->svr = worker->stats;
	122	s->mesh_num_states = worker->env.mesh->all.count;
	123	s->mesh_num_reply_states = worker->env.mesh->num_reply_states;
	124	s->mesh_jostled = worker->env.mesh->stats_jostled;
	125	s->mesh_dropped = worker->env.mesh->stats_dropped;
	126	s->mesh_replies_sent = worker->env.mesh->replies_sent;
	127	s->mesh_replies_sum_wait = worker->env.mesh->replies_sum_wait;
	128	s->mesh_time_median = timehist_quartile(worker->env.mesh->histogram,
	129	0.50);
	130
	131	/* add in the values from the mesh */
	132	s->svr.ans_secure += worker->env.mesh->ans_secure;
	133	s->svr.ans_bogus += worker->env.mesh->ans_bogus;
	134	s->svr.ans_rcode_nodata += worker->env.mesh->ans_nodata;
	135	for(i=0; i<16; i++)
	136	s->svr.ans_rcode[i] += worker->env.mesh->ans_rcode[i];
	137	timehist_export(worker->env.mesh->histogram, s->svr.hist,
	138	NUM_BUCKETS_HIST);
	139	/* values from outside network */
	140	s->svr.unwanted_replies = worker->back->unwanted_replies;
	141
	142	/* get and reset validator rrset bogus number */
	143	s->svr.rrset_bogus = get_rrset_bogus(worker);
	144
	145	if(!worker->env.cfg->stat_cumulative) {
	146	server_stats_init(&worker->stats, worker->env.cfg);
	147	mesh_stats_clear(worker->env.mesh);
	148	worker->back->unwanted_replies = 0;
	149	}
	150	}
	151
	152	void server_stats_obtain(struct worker* worker, struct worker* who,
	153	struct stats_info* s)
	154	{
	155	uint8_t *reply = NULL;
	156	uint32_t len = 0;
	157	if(worker == who) {
	158	/* just fill it in */
	159	server_stats_compile(worker, s);
	160	return;
	161	}
	162	/* communicate over tube */
	163	verbose(VERB_ALGO, "write stats cmd");
	164	worker_send_cmd(who, worker_cmd_stats);
	165	verbose(VERB_ALGO, "wait for stats reply");
	166	if(!tube_read_msg(worker->cmd, &reply, &len, 0))
	167	fatal_exit("failed to read stats over cmd channel");
	168	if(len != (uint32_t)sizeof(*s))
	169	fatal_exit("stats on cmd channel wrong length %d %d",
	170	(int)len, (int)sizeof(*s));
	171	memcpy(s, reply, (size_t)len);
	172	free(reply);
	173	}
	174
	175	void server_stats_reply(struct worker* worker)
	176	{
	177	struct stats_info s;
	178	server_stats_compile(worker, &s);
	179	verbose(VERB_ALGO, "write stats replymsg");
	180	if(!tube_write_msg(worker->daemon->workers[0]->cmd,
	181	(uint8_t*)&s, sizeof(s), 0))
	182	fatal_exit("could not write stat values over cmd channel");
	183	}
	184
	185	void server_stats_add(struct stats_info* total, struct stats_info* a)
	186	{
	187	total->svr.num_queries += a->svr.num_queries;
	188	total->svr.num_queries_missed_cache += a->svr.num_queries_missed_cache;
	189	total->svr.sum_query_list_size += a->svr.sum_query_list_size;
	190	/* the max size reached is upped to higher of both */
	191	if(a->svr.max_query_list_size > total->svr.max_query_list_size)
	192	total->svr.max_query_list_size = a->svr.max_query_list_size;
	193
	194	if(a->svr.extended) {
	195	int i;
	196	total->svr.qtype_big += a->svr.qtype_big;
	197	total->svr.qclass_big += a->svr.qclass_big;
	198	total->svr.qtcp += a->svr.qtcp;
	199	total->svr.qipv6 += a->svr.qipv6;
	200	total->svr.qbit_QR += a->svr.qbit_QR;
	201	total->svr.qbit_AA += a->svr.qbit_AA;
	202	total->svr.qbit_TC += a->svr.qbit_TC;
	203	total->svr.qbit_RD += a->svr.qbit_RD;
	204	total->svr.qbit_RA += a->svr.qbit_RA;
	205	total->svr.qbit_Z += a->svr.qbit_Z;
	206	total->svr.qbit_AD += a->svr.qbit_AD;
	207	total->svr.qbit_CD += a->svr.qbit_CD;
	208	total->svr.qEDNS += a->svr.qEDNS;
	209	total->svr.qEDNS_DO += a->svr.qEDNS_DO;
	210	total->svr.ans_rcode_nodata += a->svr.ans_rcode_nodata;
	211	total->svr.ans_secure += a->svr.ans_secure;
	212	total->svr.ans_bogus += a->svr.ans_bogus;
	213	total->svr.rrset_bogus += a->svr.rrset_bogus;
	214	total->svr.unwanted_replies += a->svr.unwanted_replies;
	215	total->svr.unwanted_queries += a->svr.unwanted_queries;
	216	for(i=0; i<STATS_QTYPE_NUM; i++)
	217	total->svr.qtype[i] += a->svr.qtype[i];
	218	for(i=0; i<STATS_QCLASS_NUM; i++)
	219	total->svr.qclass[i] += a->svr.qclass[i];
	220	for(i=0; i<STATS_OPCODE_NUM; i++)
	221	total->svr.qopcode[i] += a->svr.qopcode[i];
	222	for(i=0; i<STATS_RCODE_NUM; i++)
	223	total->svr.ans_rcode[i] += a->svr.ans_rcode[i];
	224	for(i=0; i<NUM_BUCKETS_HIST; i++)
	225	total->svr.hist[i] += a->svr.hist[i];
	226	}
	227
	228	total->mesh_num_states += a->mesh_num_states;
	229	total->mesh_num_reply_states += a->mesh_num_reply_states;
	230	total->mesh_jostled += a->mesh_jostled;
	231	total->mesh_dropped += a->mesh_dropped;
	232	total->mesh_replies_sent += a->mesh_replies_sent;
	233	timeval_add(&total->mesh_replies_sum_wait, &a->mesh_replies_sum_wait);
	234	/* the medians are averaged together, this is not as accurate as
	235	* taking the median over all of the data, but is good and fast
	236	* added up here, division later*/
	237	total->mesh_time_median += a->mesh_time_median;
	238	}
	239
	240	void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
	241	uint16_t qtype, uint16_t qclass, struct edns_data* edns,
	242	struct comm_reply* repinfo)
	243	{
	244	uint16_t flags = ldns_buffer_read_u16_at(c->buffer, 2);
	245	if(qtype < STATS_QTYPE_NUM)
	246	stats->qtype[qtype]++;
	247	else stats->qtype_big++;
	248	if(qclass < STATS_QCLASS_NUM)
	249	stats->qclass[qclass]++;
	250	else stats->qclass_big++;
	251	stats->qopcode[ LDNS_OPCODE_WIRE(ldns_buffer_begin(c->buffer)) ]++;
	252	if(c->type != comm_udp)
	253	stats->qtcp++;
	254	if(repinfo && addr_is_ip6(&repinfo->addr, repinfo->addrlen))
	255	stats->qipv6++;
	256	if( (flags&BIT_QR) )
	257	stats->qbit_QR++;
	258	if( (flags&BIT_AA) )
	259	stats->qbit_AA++;
	260	if( (flags&BIT_TC) )
	261	stats->qbit_TC++;
	262	if( (flags&BIT_RD) )
	263	stats->qbit_RD++;
	264	if( (flags&BIT_RA) )
	265	stats->qbit_RA++;
	266	if( (flags&BIT_Z) )
	267	stats->qbit_Z++;
	268	if( (flags&BIT_AD) )
	269	stats->qbit_AD++;
	270	if( (flags&BIT_CD) )
	271	stats->qbit_CD++;
	272	if(edns->edns_present) {
	273	stats->qEDNS++;
	274	if( (edns->bits & EDNS_DO) )
	275	stats->qEDNS_DO++;
	276	}
	277	}
	278
	279	void server_stats_insrcode(struct server_stats* stats, ldns_buffer* buf)
	280	{
	281	if(stats->extended && ldns_buffer_limit(buf) != 0) {
	282	int r = (int)LDNS_RCODE_WIRE( ldns_buffer_begin(buf) );
	283	stats->ans_rcode[r] ++;
	284	if(r == 0 && LDNS_ANCOUNT( ldns_buffer_begin(buf) ) == 0)
	285	stats->ans_rcode_nodata ++;
	286	}
	287	}

+151

-5

daemon/stats.h less more

41	41
42	42	#ifndef DAEMON_STATS_H
43	43	#define DAEMON_STATS_H
	44	#include "util/timehist.h"
44	45	struct worker;
	46	struct config_file;
	47	struct comm_point;
	48	struct comm_reply;
	49	struct edns_data;
	50
	51	/** number of qtype that is stored for in array */
	52	#define STATS_QTYPE_NUM 256
	53	/** number of qclass that is stored for in array */
	54	#define STATS_QCLASS_NUM 256
	55	/** number of rcodes in stats */
	56	#define STATS_RCODE_NUM 16
	57	/** number of opcodes in stats */
	58	#define STATS_OPCODE_NUM 16
45	59
46	60	/** per worker statistics */
47	61	struct server_stats {

57	71	size_t sum_query_list_size;
58	72	/** max value of query list size reached. */
59	73	size_t max_query_list_size;
60		/** number of times that the query_list_size was insufficient */
61		size_t num_query_list_exceeded;
	74
	75	/** Extended stats below (bool) */
	76	int extended;
	77
	78	/** qtype stats */
	79	size_t qtype[STATS_QTYPE_NUM];
	80	/** bigger qtype values not in array */
	81	size_t qtype_big;
	82	/** qclass stats */
	83	size_t qclass[STATS_QCLASS_NUM];
	84	/** bigger qclass values not in array */
	85	size_t qclass_big;
	86	/** query opcodes */
	87	size_t qopcode[STATS_OPCODE_NUM];
	88	/** number of queries over TCP */
	89	size_t qtcp;
	90	/** number of queries over IPv6 */
	91	size_t qipv6;
	92	/** number of queries with QR bit */
	93	size_t qbit_QR;
	94	/** number of queries with AA bit */
	95	size_t qbit_AA;
	96	/** number of queries with TC bit */
	97	size_t qbit_TC;
	98	/** number of queries with RD bit */
	99	size_t qbit_RD;
	100	/** number of queries with RA bit */
	101	size_t qbit_RA;
	102	/** number of queries with Z bit */
	103	size_t qbit_Z;
	104	/** number of queries with AD bit */
	105	size_t qbit_AD;
	106	/** number of queries with CD bit */
	107	size_t qbit_CD;
	108	/** number of queries with EDNS OPT record */
	109	size_t qEDNS;
	110	/** number of queries with EDNS with DO flag */
	111	size_t qEDNS_DO;
	112	/** answer rcodes */
	113	size_t ans_rcode[STATS_RCODE_NUM];
	114	/** answers with pseudo rcode 'nodata' */
	115	size_t ans_rcode_nodata;
	116	/** answers that were secure (AD) */
	117	size_t ans_secure;
	118	/** answers that were bogus (withheld as SERVFAIL) */
	119	size_t ans_bogus;
	120	/** rrsets marked bogus by validator */
	121	size_t rrset_bogus;
	122	/** unwanted traffic received on server-facing ports */
	123	size_t unwanted_replies;
	124	/** unwanted traffic received on client-facing ports */
	125	size_t unwanted_queries;
	126
	127	/** histogram data exported to array
	128	* if the array is the same size, no data is lost, and
	129	* if all histograms are same size (is so by default) then
	130	* adding up works well. */
	131	size_t hist[NUM_BUCKETS_HIST];
	132	};
	133
	134	/**
	135	* Statistics to send over the control pipe when asked
	136	* This struct is made to be memcpied, sent in binary.
	137	*/
	138	struct stats_info {
	139	/** the thread stats */
	140	struct server_stats svr;
	141
	142	/** mesh stats: current number of states */
	143	size_t mesh_num_states;
	144	/** mesh stats: current number of reply (user) states */
	145	size_t mesh_num_reply_states;
	146	/** mesh stats: number of reply states overwritten with a new one */
	147	size_t mesh_jostled;
	148	/** mesh stats: number of incoming queries dropped */
	149	size_t mesh_dropped;
	150	/** mesh stats: replies sent */
	151	size_t mesh_replies_sent;
	152	/** mesh stats: sum of waiting times for the replies */
	153	struct timeval mesh_replies_sum_wait;
	154	/** mesh stats: median of waiting times for replies (in sec) */
	155	double mesh_time_median;
62	156	};
63	157
64	158	/**
65	159	* Initialize server stats to 0.
66	160	* @param stats: what to init (this is alloced by the caller).
67		*/
68		void server_stats_init(struct server_stats* stats);
	161	* @param cfg: with extended statistics option.
	162	*/
	163	void server_stats_init(struct server_stats* stats, struct config_file* cfg);
69	164
70	165	/** add query if it missed the cache */
71	166	void server_stats_querymiss(struct server_stats* stats, struct worker* worker);
72	167
73	168	/** display the stats to the log */
74		void server_stats_log(struct server_stats* stats, int threadnum);
	169	void server_stats_log(struct server_stats* stats, struct worker* worker,
	170	int threadnum);
	171
	172	/**
	173	* Obtain the stats info for a given thread. Uses pipe to communicate.
	174	* @param worker: the worker that is executing (the first worker).
	175	* @param who: on who to get the statistics info.
	176	* @param s: the stats block to fill in.
	177	*/
	178	void server_stats_obtain(struct worker* worker, struct worker* who,
	179	struct stats_info* s);
	180
	181	/**
	182	* Compile stats into structure for this thread worker.
	183	* Also clears the statistics counters (if that is set by config file).
	184	* @param worker: the worker to compile stats for, also the executing worker.
	185	* @param s: stats block.
	186	*/
	187	void server_stats_compile(struct worker* worker, struct stats_info* s);
	188
	189	/**
	190	* Send stats over comm tube in reply to query cmd
	191	* @param worker: this worker.
	192	*/
	193	void server_stats_reply(struct worker* worker);
	194
	195	/**
	196	* Addup stat blocks.
	197	* @param total: sum of the two entries.
	198	* @param a: to add to it.
	199	*/
	200	void server_stats_add(struct stats_info* total, struct stats_info* a);
	201
	202	/**
	203	* Add stats for this query
	204	* @param stats: the stats
	205	* @param c: commpoint with type and buffer.
	206	* @param qtype: query type
	207	* @param qclass: query class
	208	* @param edns: edns record
	209	* @param repinfo: reply info with remote address
	210	*/
	211	void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
	212	uint16_t qtype, uint16_t qclass, struct edns_data* edns,
	213	struct comm_reply* repinfo);
	214
	215	/**
	216	* Add rcode for this query.
	217	* @param stats: the stats
	218	* @param buf: buffer with rcode. If buffer is length0: not counted.
	219	*/
	220	void server_stats_insrcode(struct server_stats* stats, ldns_buffer* buf);
75	221
76	222	#endif /* DAEMON_STATS_H */

+140

-57

daemon/unbound.c less more

51	51	#include "util/module.h"
52	52	#include <signal.h>
53	53	#include <fcntl.h>
	54	#include <openssl/crypto.h>
54	55	#ifdef HAVE_PWD_H
55	56	#include <pwd.h>
56	57	#endif

83	84	printf("-d do not fork into the background.\n");
84	85	printf("-v verbose (more times to increase verbosity)\n");
85	86	printf("Version %s\n", PACKAGE_VERSION);
86		printf("libevent %s, libldns %s\n",
87		event_get_version(), ldns_version());
	87	printf("libevent %s, libldns %s, %s\n",
	88	event_get_version(), ldns_version(),
	89	SSLeay_version(SSLEAY_VERSION));
88	90	printf("BSD licensed, see LICENSE in source package for details.\n");
89	91	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
90	92	}

94	96	checkrlimits(struct config_file* cfg)
95	97	{
96	98	#ifdef HAVE_GETRLIMIT
97		int list = ((cfg->do_ip4?1:0) + (cfg->do_ip6?1:0)) *
98		((cfg->do_udp?1:0) + (cfg->do_tcp?1 +
	99	/* list has number of ports to listen to, ifs number addresses */
	100	int list = ((cfg->do_udp?1:0) + (cfg->do_tcp?1 +
99	101	(int)cfg->incoming_num_tcp:0));
100		size_t ifs = (size_t)(cfg->num_ifs==0?1:cfg->num_ifs);
101		size_t listen_num = list*ifs;
	102	size_t listen_ifs = (size_t)(cfg->num_ifs==0?
	103	((cfg->do_ip4 && !cfg->if_automatic?1:0) +
	104	(cfg->do_ip6?1:0)):cfg->num_ifs);
	105	size_t listen_num = list*listen_ifs;
102	106	size_t outudpnum = (size_t)cfg->outgoing_num_ports;
103	107	size_t outtcpnum = cfg->outgoing_num_tcp;
104	108	size_t misc = 4; /* logfile, pidfile, stdout... */

129	133	log_warn("setrlimit: %s", strerror(errno));
130	134	log_warn("cannot increase max open fds from %u to %u",
131	135	(unsigned)avail, (unsigned)total+10);
	136	/* check that calculation below does not underflow,
	137	* with 15 as margin */
	138	if(numthread*perthread_noudp+15 > avail)
	139	fatal_exit("too much tcp. not enough fds.");
132	140	cfg->outgoing_num_ports = (int)((avail
133	141	- numthread*perthread_noudp
134	142	- 10 /* safety margin */) /numthread);

258	266
259	267	/**
260	268	* check old pid file.
261		* @param cfg: the config settings
	269	* @param pidfile: the file name of the pid file.
	270	* @param inchroot: if pidfile is inchroot and we can thus expect to
	271	* be able to delete it.
262	272	*/
263	273	static void
264		checkoldpid(struct config_file* cfg)
	274	checkoldpid(char* pidfile, int inchroot)
265	275	{
266	276	pid_t old;
267		char* file = cfg->pidfile;
268		if(cfg->chrootdir && cfg->chrootdir[0] &&
269		strncmp(file, cfg->chrootdir, strlen(cfg->chrootdir))==0) {
270		file += strlen(cfg->chrootdir);
271		}
272		if((old = readpid(file)) != -1) {
	277	if((old = readpid(pidfile)) != -1) {
273	278	/* see if it is still alive */
274	279	if(kill(old, 0) == 0 \|\| errno == EPERM)
275	280	log_warn("unbound is already running as pid %u.",
276	281	(unsigned)old);
277		else log_warn("did not exit gracefully last time (%u)",
	282	else if(inchroot)
	283	log_warn("did not exit gracefully last time (%u)",
278	284	(unsigned)old);
279	285	}
280	286	}

282	288
283	289	/** detach from command line */
284	290	static void
285		detach(struct config_file* cfg)
	291	detach(void)
286	292	{
287	293	#ifdef HAVE_WORKING_FORK
288	294	int fd;

291	297	case 0:
292	298	break;
293	299	case -1:
294		unlink(cfg->pidfile);
295	300	fatal_exit("fork failed: %s", strerror(errno));
296	301	default:
297	302	/* exit interactive session */

309	314	if (fd > 2)
310	315	(void)close(fd);
311	316	}
312		#else
313		(void)cfg;
314	317	#endif /* HAVE_WORKING_FORK */
315	318	}
316	319
317	320	/** daemonize, drop user priviliges and chroot if needed */
318	321	static void
319		do_chroot(struct daemon* daemon, struct config_file* cfg, int debug_mode,
320		char** cfgfile)
	322	perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
	323	const char** cfgfile)
321	324	{
322	325	#ifdef HAVE_GETPWNAM
323	326	uid_t uid;

327	330	memset(&gid, 112, sizeof(gid));
328	331	log_assert(cfg);
329	332
330		/* daemonize last to be able to print error to user */
331	333	if(cfg->username && cfg->username[0]) {
332	334	struct passwd *pwd;
333	335	if((pwd = getpwnam(cfg->username)) == NULL)

337	339	endpwent();
338	340	}
339	341	#endif
	342
	343	/* init syslog (as root) if needed, before daemonize, otherwise
	344	* a fork error could not be printed since daemonize closed stderr.*/
	345	if(cfg->use_syslog) {
	346	log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir);
	347	}
	348	/* if using a logfile, we cannot open it because the logfile would
	349	* be created with the wrong permissions, we cannot chown it because
	350	* we cannot chown system logfiles, so we do not open at all.
	351	* So, using a logfile, the user does not see errors unless -d is
	352	* given to unbound on the commandline. */
	353
	354	#ifdef HAVE_KILL
	355	/* check old pid file before forking */
	356	if(cfg->pidfile && cfg->pidfile[0]) {
	357	/* calculate position of pidfile */
	358	if(cfg->pidfile[0] == '/')
	359	daemon->pidfile = strdup(cfg->pidfile);
	360	else daemon->pidfile = fname_after_chroot(cfg->pidfile,
	361	cfg, 1);
	362	if(!daemon->pidfile)
	363	fatal_exit("pidfile alloc: out of memory");
	364	checkoldpid(daemon->pidfile,
	365	/* true if pidfile is inside chrootdir, or nochroot */
	366	!(cfg->chrootdir && cfg->chrootdir[0]) \|\|
	367	(cfg->chrootdir && cfg->chrootdir[0] &&
	368	strncmp(daemon->pidfile, cfg->chrootdir,
	369	strlen(cfg->chrootdir))==0));
	370	}
	371	#endif
	372
	373	/* daemonize because pid is needed by the writepid func */
	374	if(!debug_mode && cfg->do_daemonize) {
	375	detach();
	376	}
	377
	378	/* write new pidfile (while still root, so can be outside chroot) */
	379	#ifdef HAVE_KILL
	380	if(cfg->pidfile && cfg->pidfile[0]) {
	381	writepid(daemon->pidfile, getpid());
	382	if(!(cfg->chrootdir && cfg->chrootdir[0]) \|\|
	383	(cfg->chrootdir && cfg->chrootdir[0] &&
	384	strncmp(daemon->pidfile, cfg->chrootdir,
	385	strlen(cfg->chrootdir))==0)) {
	386	/* delete of pidfile could potentially work,
	387	* chown to get permissions */
	388	if(cfg->username && cfg->username[0]) {
	389	if(chown(daemon->pidfile, uid, gid) == -1) {
	390	fatal_exit("cannot chown %u.%u %s: %s",
	391	(unsigned)uid, (unsigned)gid,
	392	daemon->pidfile, strerror(errno));
	393	}
	394	}
	395	}
	396	}
	397	#else
	398	(void)daemon;
	399	#endif
	400
	401	/* box into the chroot */
340	402	#ifdef HAVE_CHROOT
341	403	if(cfg->chrootdir && cfg->chrootdir[0]) {
342	404	if(chdir(cfg->chrootdir)) {

351	413	if(strncmp(*cfgfile, cfg->chrootdir,
352	414	strlen(cfg->chrootdir)) == 0)
353	415	(*cfgfile) += strlen(cfg->chrootdir);
	416
	417	/* adjust stored pidfile for chroot */
	418	if(daemon->pidfile && daemon->pidfile[0] &&
	419	strncmp(daemon->pidfile, cfg->chrootdir,
	420	strlen(cfg->chrootdir))==0) {
	421	char* old = daemon->pidfile;
	422	daemon->pidfile = strdup(old+strlen(cfg->chrootdir));
	423	free(old);
	424	if(!daemon->pidfile)
	425	log_err("out of memory in pidfile adjust");
	426	}
	427	daemon->chroot = strdup(cfg->chrootdir);
	428	if(!daemon->chroot)
	429	log_err("out of memory in daemon chroot dir storage");
354	430	}
355	431	#else
356	432	(void)cfgfile;
357	433	#endif
	434	/* change to working directory inside chroot */
358	435	if(cfg->directory && cfg->directory[0]) {
359	436	char* dir = cfg->directory;
360	437	if(cfg->chrootdir && cfg->chrootdir[0] &&

369	446	verbose(VERB_QUERY, "chdir to %s", dir);
370	447	}
371	448	}
	449
	450	/* drop permissions after chroot, getpwnam, pidfile, syslog done*/
372	451	#ifdef HAVE_GETPWNAM
373	452	if(cfg->username && cfg->username[0]) {
	453	#ifdef HAVE_SETRESGID
	454	if(setresgid(gid,gid,gid) != 0)
	455	#elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)
	456	if(setregid(gid,gid) != 0)
	457	#else /* use setgid */
374	458	if(setgid(gid) != 0)
	459	#endif /* HAVE_SETRESGID */
375	460	fatal_exit("unable to set group id of %s: %s",
376	461	cfg->username, strerror(errno));
	462	#ifdef HAVE_SETRESUID
	463	if(setresuid(uid,uid,uid) != 0)
	464	#elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID)
	465	if(setreuid(uid,uid) != 0)
	466	#else /* use setuid */
377	467	if(setuid(uid) != 0)
	468	#endif /* HAVE_SETRESUID */
378	469	fatal_exit("unable to set user id of %s: %s",
379	470	cfg->username, strerror(errno));
380	471	verbose(VERB_QUERY, "drop user privileges, run as %s",
381	472	cfg->username);
382	473	}
383	474	#endif
384		#ifdef HAVE_KILL
385		/* check old pid file before forking */
386		if(cfg->pidfile && cfg->pidfile[0]) {
387		checkoldpid(cfg);
388		}
389		#endif
390
391		/* init logfile just before fork */
392		log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir);
393		if(!debug_mode && cfg->do_daemonize) {
394		detach(cfg);
395		}
396		#ifdef HAVE_KILL
397		if(cfg->pidfile && cfg->pidfile[0]) {
398		char* pf = cfg->pidfile;
399		if(cfg->chrootdir && cfg->chrootdir[0] &&
400		strncmp(pf, cfg->chrootdir, strlen(cfg->chrootdir))==0)
401		pf += strlen(cfg->chrootdir);
402		writepid(pf, getpid());
403		if(!(daemon->pidfile = strdup(pf)))
404		log_err("pidf: malloc failed");
405		}
406		#else
407		(void)daemon;
408		#endif
	475	/* file logging inited after chroot,chdir,setuid is done so that
	476	* it would succeed on SIGHUP as well */
	477	if(!cfg->use_syslog)
	478	log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir);
409	479	}
410	480
411	481	/**

416	486	* @param debug_mode: if set, do not daemonize.
417	487	*/
418	488	static void
419		run_daemon(char* cfgfile, int cmdline_verbose, int debug_mode)
	489	run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode)
420	490	{
421	491	struct config_file* cfg = NULL;
422	492	struct daemon* daemon = NULL;
423		int done_chroot = 0;
	493	int done_setup = 0;
424	494
425	495	if(!(daemon = daemon_init()))
426	496	fatal_exit("alloc failure");
427	497	while(!daemon->need_to_exit) {
428		if(done_chroot)
	498	if(done_setup)
429	499	verbose(VERB_OPS, "Restart of %s.", PACKAGE_STRING);
430	500	else verbose(VERB_OPS, "Start of %s.", PACKAGE_STRING);
431	501
432	502	/* config stuff */
433	503	if(!(cfg = config_create()))
434	504	fatal_exit("Could not alloc config defaults");
435		if(!config_read(cfg, cfgfile)) {
	505	if(!config_read(cfg, cfgfile, daemon->chroot)) {
436	506	if(errno != ENOENT)
437	507	fatal_exit("Could not read config file: %s",
438	508	cfgfile);

443	513	/* prepare */
444	514	if(!daemon_open_shared_ports(daemon))
445	515	fatal_exit("could not open ports");
446		if(!done_chroot) {
447		do_chroot(daemon, cfg, debug_mode, &cfgfile);
448		done_chroot = 1;
449		} else log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir);
	516	if(!done_setup) {
	517	perform_setup(daemon, cfg, debug_mode, &cfgfile);
	518	done_setup = 1;
	519	} else {
	520	/* reopen log after HUP to facilitate log rotation */
	521	if(!cfg->use_syslog)
	522	log_init(cfg->logfile, 0, cfg->chrootdir);
	523	}
450	524	/* work */
451	525	daemon_fork(daemon);
452	526

456	530	config_delete(cfg);
457	531	}
458	532	verbose(VERB_ALGO, "Exit cleanup.");
459		if(daemon->pidfile)
	533	/* this unlink may not work if the pidfile is located outside
	534	* of the chroot/workdir or we no longer have permissions */
	535	if(daemon->pidfile) {
	536	int fd;
	537	/* truncate pidfile */
	538	fd = open(daemon->pidfile, O_WRONLY \| O_TRUNC, 0644);
	539	if(fd != -1)
	540	close(fd);
	541	/* delete pidfile */
460	542	unlink(daemon->pidfile);
	543	}
461	544	daemon_delete(daemon);
462	545	}
463	546

476	559	main(int argc, char* argv[])
477	560	{
478	561	int c;
479		char* cfgfile = CONFIGFILE;
	562	const char* cfgfile = CONFIGFILE;
480	563	int cmdline_verbose = 0;
481	564	int debug_mode = 0;
482	565

+131

-81

daemon/worker.c less more

44	44	#include "util/random.h"
45	45	#include "daemon/worker.h"
46	46	#include "daemon/daemon.h"
	47	#include "daemon/remote.h"
47	48	#include "daemon/acl_list.h"
48	49	#include "util/netevent.h"
49	50	#include "util/config_file.h"

62	63	#include "util/data/msgencode.h"
63	64	#include "util/data/dname.h"
64	65	#include "util/fptr_wlist.h"
	66	#include "util/tube.h"
65	67
66	68	#ifdef HAVE_SYS_TYPES_H
67	69	# include <sys/types.h>

189	191	}
190	192
191	193	void
192		worker_send_cmd(struct worker* worker, ldns_buffer* buffer,
193		enum worker_commands cmd)
194		{
195		ldns_buffer_clear(buffer);
196		/* like DNS message, length data */
197		ldns_buffer_write_u16(buffer, sizeof(uint32_t));
198		ldns_buffer_write_u32(buffer, (uint32_t)cmd);
199		ldns_buffer_flip(buffer);
200		if(!write_socket(worker->cmd_send_fd, ldns_buffer_begin(buffer),
201		ldns_buffer_limit(buffer)))
202		log_err("write socket: %s", strerror(errno));
	194	worker_send_cmd(struct worker* worker, enum worker_commands cmd)
	195	{
	196	uint32_t c = (uint32_t)htonl(cmd);
	197	if(!tube_write_msg(worker->cmd, (uint8_t*)&c, sizeof(c), 0)) {
	198	log_err("worker send cmd %d failed", (int)cmd);
	199	}
203	200	}
204	201
205	202	int

213	210	e.qsent = NULL;
214	211
215	212	if(error != 0) {
216		mesh_report_reply(worker->env.mesh, &e, 0, reply_info);
	213	mesh_report_reply(worker->env.mesh, &e, reply_info, error);
217	214	worker_mem_report(worker, NULL);
218	215	return 0;
219	216	}

224	221	\|\| LDNS_QDCOUNT(ldns_buffer_begin(c->buffer)) > 1) {
225	222	/* error becomes timeout for the module as if this reply
226	223	* never arrived. */
227		mesh_report_reply(worker->env.mesh, &e, 0, reply_info);
	224	mesh_report_reply(worker->env.mesh, &e, reply_info,
	225	NETEVENT_TIMEOUT);
228	226	worker_mem_report(worker, NULL);
229	227	return 0;
230	228	}
231		mesh_report_reply(worker->env.mesh, &e, 1, reply_info);
	229	mesh_report_reply(worker->env.mesh, &e, reply_info, NETEVENT_NOERROR);
232	230	worker_mem_report(worker, NULL);
233	231	return 0;
234	232	}

243	241
244	242	verbose(VERB_ALGO, "worker svcd callback for qstate %p", e->qstate);
245	243	if(error != 0) {
246		mesh_report_reply(worker->env.mesh, e, 0, reply_info);
	244	mesh_report_reply(worker->env.mesh, e, reply_info, error);
247	245	worker_mem_report(worker, sq);
248	246	return 0;
249	247	}

255	253	/* error becomes timeout for the module as if this reply
256	254	* never arrived. */
257	255	verbose(VERB_ALGO, "worker: bad reply handled as timeout");
258		mesh_report_reply(worker->env.mesh, e, 0, reply_info);
	256	mesh_report_reply(worker->env.mesh, e, reply_info,
	257	NETEVENT_TIMEOUT);
259	258	worker_mem_report(worker, sq);
260	259	return 0;
261	260	}
262		mesh_report_reply(worker->env.mesh, e, 1, reply_info);
	261	mesh_report_reply(worker->env.mesh, e, reply_info, NETEVENT_NOERROR);
263	262	worker_mem_report(worker, sq);
264	263	return 0;
265	264	}

317	316	return 0;
318	317	}
319	318
320		int
321		worker_handle_control_cmd(struct comm_point* c, void* arg, int error,
322		struct comm_reply* ATTR_UNUSED(reply_info))
	319	void
	320	worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* msg,
	321	size_t len, int error, void* arg)
323	322	{
324	323	struct worker* worker = (struct worker*)arg;
325	324	enum worker_commands cmd;
326	325	if(error != NETEVENT_NOERROR) {
	326	free(msg);
327	327	if(error == NETEVENT_CLOSED)
328	328	comm_base_exit(worker->base);
329	329	else log_info("control event: %d", error);
330		return 0;
331		}
332		if(ldns_buffer_limit(c->buffer) != sizeof(uint32_t)) {
333		fatal_exit("bad control msg length %d",
334		(int)ldns_buffer_limit(c->buffer));
335		}
336		cmd = ldns_buffer_read_u32(c->buffer);
	330	return;
	331	}
	332	if(len != sizeof(uint32_t)) {
	333	fatal_exit("bad control msg length %d", (int)len);
	334	}
	335	cmd = ldns_read_uint32(msg);
	336	free(msg);
337	337	switch(cmd) {
338	338	case worker_cmd_quit:
339	339	verbose(VERB_ALGO, "got control cmd quit");
340	340	comm_base_exit(worker->base);
341	341	break;
	342	case worker_cmd_stats:
	343	verbose(VERB_ALGO, "got control cmd stats");
	344	server_stats_reply(worker);
	345	break;
	346	#ifdef THREADS_DISABLED
	347	case worker_cmd_remote:
	348	verbose(VERB_ALGO, "got control cmd remote");
	349	daemon_remote_exec(worker);
	350	break;
	351	#endif
342	352	default:
343	353	log_err("bad command %d", (int)cmd);
344	354	break;
345	355	}
346		return 0;
347	356	}
348	357
349	358	/** check if a delegation is secure */

439	448	error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
440	449	&msg->qinfo, id, flags, edns);
441	450	regional_free_all(worker->scratchpad);
	451	if(worker->stats.extended) {
	452	worker->stats.ans_bogus++;
	453	worker->stats.ans_rcode[LDNS_RCODE_SERVFAIL]++;
	454	}
442	455	return 1;
443	456	case sec_status_secure:
444	457	/* all rrsets are secure */

468	481	&msg->qinfo, id, flags, edns);
469	482	}
470	483	regional_free_all(worker->scratchpad);
	484	if(worker->stats.extended) {
	485	if(secure) worker->stats.ans_secure++;
	486	server_stats_insrcode(&worker->stats, repinfo->c->buffer);
	487	}
471	488	return 1;
472	489	}
473	490

519	536	int secure;
520	537	int must_validate = !(flags&BIT_CD) && worker->env.need_to_validate;
521	538	/* see if it is possible */
522		if(rep->ttl <= timenow) {
	539	if(rep->ttl < timenow) {
523	540	/* the rrsets may have been updated in the meantime.
524	541	* we will refetch the message format from the
525	542	* authoritative server

555	572	rrset_array_unlock_touch(worker->env.rrset_cache,
556	573	worker->scratchpad, rep->ref, rep->rrset_count);
557	574	regional_free_all(worker->scratchpad);
	575	if(worker->stats.extended) {
	576	worker->stats.ans_bogus ++;
	577	worker->stats.ans_rcode[LDNS_RCODE_SERVFAIL] ++;
	578	}
558	579	return 1;
559	580	} else if( rep->security == sec_status_unchecked && must_validate) {
560	581	verbose(VERB_ALGO, "Cache reply: unchecked entry needs "

588	609	rrset_array_unlock_touch(worker->env.rrset_cache, worker->scratchpad,
589	610	rep->ref, rep->rrset_count);
590	611	regional_free_all(worker->scratchpad);
	612	if(worker->stats.extended) {
	613	if(secure) worker->stats.ans_secure++;
	614	server_stats_insrcode(&worker->stats, repinfo->c->buffer);
	615	}
591	616	/* go and return this buffer to the client */
592	617	return 1;
593	618	}

702	727	repinfo->addrlen);
703	728	if(acl == acl_deny) {
704	729	comm_point_drop_reply(repinfo);
	730	if(worker->stats.extended)
	731	worker->stats.unwanted_queries++;
705	732	return 0;
706	733	} else if(acl == acl_refuse) {
707	734	ldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE);

713	740	log_addr(VERB_ALGO, "refused query from",
714	741	&repinfo->addr, repinfo->addrlen);
715	742	log_buf(VERB_ALGO, "refuse", c->buffer);
	743	if(worker->stats.extended)
	744	worker->stats.unwanted_queries++;
716	745	return 1;
717	746	}
718	747	if((ret=worker_check_request(c->buffer, worker)) != 0) {

729	758	/* see if query is in the cache */
730	759	if(!query_info_parse(&qinfo, c->buffer)) {
731	760	verbose(VERB_ALGO, "worker parse request: formerror.");
	761	ldns_buffer_rewind(c->buffer);
732	762	LDNS_QR_SET(ldns_buffer_begin(c->buffer));
733	763	LDNS_RCODE_SET(ldns_buffer_begin(c->buffer),
734	764	LDNS_RCODE_FORMERR);
	765	server_stats_insrcode(&worker->stats, c->buffer);
735	766	return 1;
736	767	}
737	768	if(qinfo.qtype == LDNS_RR_TYPE_AXFR \|\|

740	771	LDNS_QR_SET(ldns_buffer_begin(c->buffer));
741	772	LDNS_RCODE_SET(ldns_buffer_begin(c->buffer),
742	773	LDNS_RCODE_REFUSED);
	774	if(worker->stats.extended) {
	775	worker->stats.qtype[qinfo.qtype]++;
	776	server_stats_insrcode(&worker->stats, c->buffer);
	777	}
743	778	return 1;
744	779	}
745	780	if((ret=parse_edns_from_pkt(c->buffer, &edns)) != 0) {
746	781	verbose(VERB_ALGO, "worker parse edns: formerror.");
	782	ldns_buffer_rewind(c->buffer);
747	783	LDNS_QR_SET(ldns_buffer_begin(c->buffer));
748	784	LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), ret);
	785	server_stats_insrcode(&worker->stats, c->buffer);
749	786	return 1;
750	787	}
751	788	if(edns.edns_present && edns.edns_version != 0) {

778	815	ldns_buffer_flip(c->buffer);
779	816	return 1;
780	817	}
	818	if(worker->stats.extended)
	819	server_stats_insquery(&worker->stats, c, qinfo.qtype,
	820	qinfo.qclass, &edns, repinfo);
781	821	if(c->type != comm_udp)
782	822	edns.udp_size = 65535; /* max size for TCP replies */
783	823	if(qinfo.qclass == LDNS_RR_CLASS_CH && answer_chaos(worker, &qinfo,
784	824	&edns, c->buffer)) {
	825	server_stats_insrcode(&worker->stats, c->buffer);
785	826	return 1;
786	827	}
787	828	if(local_zones_answer(worker->daemon->local_zones, &qinfo, &edns,
788	829	c->buffer, worker->scratchpad)) {
789		return (ldns_buffer_limit(c->buffer) != 0);
	830	if(ldns_buffer_limit(c->buffer) == 0) {
	831	comm_point_drop_reply(repinfo);
	832	return 0;
	833	}
	834	server_stats_insrcode(&worker->stats, c->buffer);
	835	return 1;
	836	}
	837	if(!(LDNS_RD_WIRE(ldns_buffer_begin(c->buffer))) &&
	838	acl != acl_allow_snoop ) {
	839	ldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE);
	840	ldns_buffer_write_at(c->buffer, 4,
	841	(uint8_t*)"\0\0\0\0\0\0\0\0", 8);
	842	LDNS_QR_SET(ldns_buffer_begin(c->buffer));
	843	LDNS_RCODE_SET(ldns_buffer_begin(c->buffer),
	844	LDNS_RCODE_REFUSED);
	845	ldns_buffer_flip(c->buffer);
	846	server_stats_insrcode(&worker->stats, c->buffer);
	847	log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
	848	&repinfo->addr, repinfo->addrlen);
	849	return 1;
790	850	}
791	851	h = query_info_hash(&qinfo);
792	852	if((e=slabhash_lookup(worker->env.msg_cache, h, &qinfo, 0))) {

816	876	server_stats_querymiss(&worker->stats, worker);
817	877
818	878	/* grab a work request structure for this new request */
819		if(worker->env.mesh->all.count > worker->request_size) {
820		verbose(VERB_ALGO, "Too many requests active. "
821		"dropping incoming query.");
822		worker->stats.num_query_list_exceeded++;
823		comm_point_drop_reply(repinfo);
824		return 0;
825		} else if(worker->env.mesh->num_reply_addrs>worker->request_size*16) {
	879	if(worker->env.mesh->num_reply_addrs>worker->request_size*16) {
	880	/* protect our memory usage from storing reply addresses */
826	881	verbose(VERB_ALGO, "Too many requests queued. "
827	882	"dropping incoming query.");
828		worker->stats.num_query_list_exceeded++;
	883	worker->env.mesh->stats_dropped++;
829	884	comm_point_drop_reply(repinfo);
830	885	return 0;
831	886	}

889	944	void worker_stat_timer_cb(void* arg)
890	945	{
891	946	struct worker* worker = (struct worker*)arg;
892		server_stats_log(&worker->stats, worker->thread_num);
	947	server_stats_log(&worker->stats, worker, worker->thread_num);
893	948	mesh_stats(worker->env.mesh, "mesh has");
894	949	worker_mem_report(worker, NULL);
895	950	if(!worker->daemon->cfg->stat_cumulative) {
896		server_stats_init(&worker->stats);
	951	server_stats_init(&worker->stats, worker->env.cfg);
897	952	mesh_stats_clear(worker->env.mesh);
	953	worker->back->unwanted_replies = 0;
898	954	}
899	955	/* start next timer */
900	956	worker_restart_timer(worker);

915	971	}
916	972	worker->daemon = daemon;
917	973	worker->thread_num = id;
918		worker->cmd_send_fd = -1;
919		worker->cmd_recv_fd = -1;
920		if(id != 0) {
921		int sv[2];
922		/* create socketpair to communicate with worker */
923		if(socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) {
924		free(worker);
925		log_err("socketpair: %s", strerror(errno));
926		return NULL;
927		}
928		if(!fd_set_nonblock(sv[0]) \|\| !fd_set_nonblock(sv[1])) {
929		close(sv[0]);
930		close(sv[1]);
931		free(worker);
932		return NULL;
933		}
934		worker->cmd_send_fd = sv[0];
935		worker->cmd_recv_fd = sv[1];
	974	if(!(worker->cmd = tube_create())) {
	975	free(worker->ports);
	976	free(worker);
	977	return NULL;
936	978	}
937	979	return worker;
938	980	}

943	985	{
944	986	unsigned int seed;
945	987	worker->need_to_exit = 0;
946		worker->base = comm_base_create();
	988	worker->base = comm_base_create(do_sigs);
947	989	if(!worker->base) {
948	990	log_err("could not create event handling base");
949	991	worker_delete(worker);

975	1017	return 0;
976	1018	}
977	1019	#endif /* LIBEVENT_SIGNAL_PROBLEM */
	1020	if(!(worker->rc = daemon_remote_create(worker))) {
	1021	worker_delete(worker);
	1022	return 0;
	1023	}
	1024	if(!daemon_remote_open_accept(worker->rc,
	1025	worker->daemon->rc_ports)) {
	1026	worker_delete(worker);
	1027	return 0;
	1028	}
978	1029	} else { /* !do_sigs */
979		worker->comsig = 0;
	1030	worker->comsig = NULL;
	1031	worker->rc = NULL;
980	1032	}
981	1033	seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^
982	1034	(((unsigned int)worker->thread_num)<<17);

1001	1053	cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6,
1002	1054	cfg->do_tcp?cfg->outgoing_num_tcp:0,
1003	1055	worker->daemon->env->infra_cache, worker->rndstate,
1004		cfg->use_caps_bits_for_id, worker->ports, worker->numports);
	1056	cfg->use_caps_bits_for_id, worker->ports, worker->numports,
	1057	cfg->unwanted_threshold, &worker_alloc_cleanup, worker);
1005	1058	if(!worker->back) {
1006	1059	log_err("could not create outgoing sockets");
1007	1060	worker_delete(worker);
1008	1061	return 0;
1009	1062	}
1010		if(worker->thread_num != 0) {
1011		/* start listening to commands */
1012		if(!(worker->cmd_com=comm_point_create_local(worker->base,
1013		worker->cmd_recv_fd, cfg->msg_buffer_size,
1014		worker_handle_control_cmd, worker))) {
1015		log_err("could not create control compt.");
1016		worker_delete(worker);
1017		return 0;
1018		}
	1063	/* start listening to commands */
	1064	if(!tube_setup_bg_listen(worker->cmd, worker->base,
	1065	&worker_handle_control_cmd, worker)) {
	1066	log_err("could not create control compt.");
	1067	worker_delete(worker);
	1068	return 0;
1019	1069	}
1020	1070	worker->stat_timer = comm_timer_create(worker->base,
1021	1071	worker_stat_timer_cb, worker);

1033	1083	}
1034	1084	worker->request_size = cfg->num_queries_per_thread;
1035	1085
1036		server_stats_init(&worker->stats);
	1086	server_stats_init(&worker->stats, cfg);
1037	1087	alloc_init(&worker->alloc, &worker->daemon->superalloc,
1038	1088	worker->thread_num);
1039	1089	alloc_set_id_cleanup(&worker->alloc, &worker_alloc_cleanup, worker);

1079	1129	if(!worker)
1080	1130	return;
1081	1131	if(worker->env.mesh && verbosity >= VERB_OPS) {
1082		server_stats_log(&worker->stats, worker->thread_num);
	1132	server_stats_log(&worker->stats, worker, worker->thread_num);
1083	1133	mesh_stats(worker->env.mesh, "mesh has");
1084	1134	worker_mem_report(worker, NULL);
1085	1135	}

1088	1138	listen_delete(worker->front);
1089	1139	outside_network_delete(worker->back);
1090	1140	comm_signal_delete(worker->comsig);
1091		comm_point_delete(worker->cmd_com);
	1141	tube_delete(worker->cmd);
1092	1142	comm_timer_delete(worker->stat_timer);
	1143	daemon_remote_delete(worker->rc);
1093	1144	free(worker->ports);
1094	1145	if(worker->thread_num == 0)
1095	1146	log_set_time(NULL);
1096	1147	comm_base_delete(worker->base);
1097	1148	ub_randfree(worker->rndstate);
1098		/* close fds after deleting commpoints, to be sure.
1099		Also epoll does not like closing fd before event_del */
1100		if(worker->cmd_send_fd != -1)
1101		close(worker->cmd_send_fd);
1102		worker->cmd_send_fd = -1;
1103		if(worker->cmd_recv_fd != -1)
1104		close(worker->cmd_recv_fd);
1105		worker->cmd_recv_fd = -1;
1106	1149	alloc_clear(&worker->alloc);
1107	1150	regional_destroy(worker->scratchpad);
1108	1151	free(worker);

1198	1241	return 0;
1199	1242	}
1200	1243
	1244	void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
	1245	uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
	1246	int ATTR_UNUSED(error), void* ATTR_UNUSED(arg))
	1247	{
	1248	log_assert(0);
	1249	}
	1250
1201	1251	int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
1202	1252	{
1203	1253	log_assert(0);

+22

-16

daemon/worker.h less more

57	57	struct listen_port;
58	58	struct ub_randstate;
59	59	struct regional;
	60	struct tube;
	61	struct daemon_remote;
60	62
61	63	/** worker commands */
62	64	enum worker_commands {
63	65	/** make the worker quit */
64		worker_cmd_quit
	66	worker_cmd_quit,
	67	/** obtain statistics */
	68	worker_cmd_stats,
	69	/** execute remote control command */
	70	worker_cmd_remote
65	71	};
66	72
67	73	/**

75	81	struct daemon* daemon;
76	82	/** thread id */
77	83	ub_thread_t thr_id;
78		/** fd 0 of socketpair, write commands for worker to this one */
79		int cmd_send_fd;
80		/** fd 1 of socketpair, worker listens on this one */
81		int cmd_recv_fd;
	84	/** pipe, for commands for this worker */
	85	struct tube* cmd;
82	86	/** the event base this worker works with */
83	87	struct comm_base* base;
84	88	/** the frontside listening interface where request events come in */

95	99	struct comm_point* cmd_com;
96	100	/** timer for statistics */
97	101	struct comm_timer* stat_timer;
	102	/** remote control state (for first thread only) */
	103	struct daemon_remote* rc;
98	104
99	105	/** number of requests that can be handled by this worker */
100	106	size_t request_size;

150	156	/**
151	157	* Send a command to a worker. Uses blocking writes.
152	158	* @param worker: worker to send command to.
153		* @param buffer: an empty buffer to use.
154	159	* @param cmd: command to send.
155	160	*/
156		void worker_send_cmd(struct worker* worker, ldns_buffer* buffer,
157		enum worker_commands cmd);
	161	void worker_send_cmd(struct worker* worker, enum worker_commands cmd);
158	162
159	163	/**
160	164	* Worker signal handler function. User argument is the worker itself.

197	201	struct module_qstate* q);
198	202
199	203	/**
200		* process control messages from the main thread.
201		* @param c: comm point to read from.
202		* @param arg: worker.
203		* @param error: error status of comm point.
204		* @param reply_info: not used.
205		*/
206		int worker_handle_control_cmd(struct comm_point* c, void* arg, int error,
207		struct comm_reply* reply_info);
	204	* process control messages from the main thread. Frees the control
	205	* command message.
	206	* @param tube: tube control message came on.
	207	* @param msg: message contents. Is freed.
	208	* @param len: length of message.
	209	* @param error: if error (NETEVENT_*) happened.
	210	* @param arg: user argument
	211	*/
	212	void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
	213	int error, void* arg);
208	214
209	215	/** handles callbacks from listening event interface */
210	216	int worker_handle_request(struct comm_point* c, void* arg, int error,

+569

-9

doc/Changelog less more

0		6 August 2008: Wouter
1		- patch for scrubber that removes ends of CNAMEs, no more DNAMEs
2		from cache. Remove more irrelevant rrsets from the message.
3		- 1.0.2 svn tag created.
	0	5 February 2009: Wouter
	1	- ldns 1.5.0 rc as tarball included.
	2
	3	4 February 2009: Wouter
	4	- tag for release 1.2.1.
	5
	6	3 February 2009: Wouter
	7	- noted feature requests in doc/TODO.
	8	- printout more detailed errors on ssl certificate loading failures.
	9	- updated IANA portlist.
	10
	11	16 January 2009: Wouter
	12	- more quiet about ipv6 network failures, i.e. when ipv6 is not
	13	available (network unreachable). Debug still printed on high
	14	verbosity.
	15	- unbound-host -4 and -6 options. Stops annoying ipv6 errors when
	16	debugging with unbound-host -4 -d ...
	17	- more cycle detection for NS-check, addr-check, root-prime and
	18	stub-prime queries in the iterator. Avoids possible deadlock
	19	when priming fails.
	20
	21	15 January 2009: Wouter
	22	- bug #229: fixup configure checks for compilation with Solaris
	23	Sun cc compiler, ./configure CC=/opt/SUNWspro/bin/cc
	24	- fixup suncc warnings.
	25	- fix bug where unbound could crash using libevent 1.3 and older.
	26	- update testset for recent retry change.
	27
	28	14 January 2009: Wouter
	29	- 1.2.1 feature: negative caching for failed queries.
	30	Queries that failed are cached for 5 seconds (NORR_TTL).
	31	If the failure is local, like out of memory, it is not cached.
	32	- the TTL comparison for the cache used different comparisons,
	33	causing many cache responses that used the iterator and validator
	34	state machines unnecessarily.
	35	- retry from 4 to 5 so that EDNS drop retry is part of the first
	36	query resolve attempt, and cached error does not stop EDNS fallback.
	37	- remove debug prints that protect against bad referrals.
	38	- honor QUIET=no on make commandline (or QUIET=yes ).
	39
	40	13 January 2009: Wouter
	41	- fixed bug in lameness marking, removed printouts.
	42	- find NS rrset more cleanly for qtype NS.
	43	- Moved changes to 1.2.0 for release. Thanks to Mark Zealey for
	44	reporting and logs.
	45	- 1.2.1 feature: stops resolving AAAAs promiscuously when they
	46	are in the negative cache.
	47
	48	12 January 2009: Wouter
	49	- fixed bug in infrastructure lameness cache, did not lowercase
	50	name of zone to hash when setting lame.
	51	- lameness debugging printouts.
	52
	53	9 January 2009: Wouter
	54	- created svn tag for 1.2.0 release.
	55	- svn trunk contains 1.2.1 version number.
	56	- iana portlist updated for todays list.
	57	- removed debug print.
	58
	59	8 January 2009: Wouter
	60	- new version of ldns-trunk (today) included as tarball, fixed
	61	bug #224, building with -j race condition.
	62	- remove possible race condition in the test for race conditions.
	63
	64	7 January 2009: Wouter
	65	- version 1.2.0 in preparation.
	66	- feature to allow wildcards (*, ?, [], {}. ~) in trusted-keys-file
	67	statements. (Adapted from patch by Paul Wouters).
	68	- typo fix and iana portlist updated.
	69	- porting testsuite; unused var warning, and type fixup.
	70
	71	6 January 2009: Wouter
	72	- fixup packet-of-death when compiled with --enable-debug.
	73	A malformed packet could cause an internal assertion failure.
	74	- added test for HINFO canonicalisation behaviour.
	75	- fixup reported problem with transparent local-zone data where
	76	queries with different type could get nxdomain. Now queries
	77	with a different name get resolved normally, with different type
	78	get a correct NOERROR/NODATA answer.
	79	- HINFO no longer downcased for validation, making unbound compatible
	80	with bind and ldns.
	81	- fix reading included config files when chrooted.
	82	Give full path names for include files.
	83	Relative path names work if the start dir equals the working dir.
	84	- fix libunbound message transport when no packet buffer is available.
	85
	86	5 January 2009: Wouter
	87	- fixup getaddrinfo failure handling for remote control port.
	88	- added L.ROOT-SERVERS.NET. AAAA 2001:500:3::42 to builtin root hints.
	89	- fixup so it works with libev-3.51 from http://dist.schmorp.de/libev/
	90	- comm_timer_set performs base_set operation after event_add.
	91
	92	18 December 2008: Wouter
	93	- fixed bug reported by Duane Wessels: error in DLV lookup, would make
	94	some zones that had correct DLV keys as insecure.
	95	- follows -rc makedist from ldns changes (no _rc).
	96	- ldns tarball updated with 1.4.1rc for DLV unit test.
	97	- verbose prints about recursion lame detection and server selection.
	98	- fixup BSD port for infra host storage. It hashed wrongly.
	99	- fixup makedist snapshot name generation.
	100	- do not reopen syslog to avoid dev/log dependency.
	101
	102	17 December 2008: Wouter
	103	- follows ldns makedist.sh. -rc option. autom4te dir removed.
	104	- unbound-control status command.
	105	- extended statistics has a number of ipv6 queries counter.
	106	contrib/unbound_munin_ was updated to draw ipv6 in the hits graph.
	107
	108	16 December 2008: Wouter
	109	- follow makedist improvements from ldns, for maintainers prereleases.
	110	- snapshot version uses _ not - to help rpm distinguish the
	111	version number.
	112
	113	11 December 2008: Wouter
	114	- better fix for bug #219: use LOG_NDELAY with openlog() call.
	115	Thanks to Tamas Tevesz.
	116
	117	9 December 2008: Wouter
	118	- bug #221 fixed: unbound checkconf checks if key files exist if
	119	remote control is enabled. Also fixed NULL printf when not chrooted.
	120	- iana portlist updated.
	121
	122	3 December 2008: Wouter
	123	- Fix problem reported by Jaco Engelbrecht where unbound-control stats
	124	freezes up unbound if this was compiled without threading, and
	125	was using multiple processes.
	126	- iana portlist updated.
	127	- test for remote control with interprocess communication.
	128	- created command distribution mechanism so that remote control
	129	commands other than 'stats' work on all processes in a nonthreaded
	130	compiled version. dump/load cache work, on the first process.
	131	- fixup remote control local_data addition memory corruption bug.
	132
	133	1 December 2008: Wouter
	134	- SElinux policy files in contrib/selinux for the unbound daemon,
	135	by Paul Wouters and Adam Tkac.
	136
	137	25 November 2008: Wouter
	138	- configure complains when --without-ssl is given (bug #220).
	139	- skip unsupported feature tests on vista/mingw.
	140	- fixup testcode/streamtcp to work on vista/mingw.
	141	- root-hints test checks version of dig required.
	142	- blacklisted servers are polled at a low rate (1%) to see if they
	143	come back up. But not if there is some other working server.
	144
	145	24 November 2008: Wouter
	146	- document that the user of the server daemon needs read privileges
	147	on the keys and certificates generated by unbound-control-setup.
	148	This is different per system or distribution, usually, running the
	149	script under the same username as the server uses suffices.
	150	i.e. sudo -u unbound unbound-control-setup
	151	- testset port to vista/mingw.
	152	- tcp_sigpipe to freebsd port.
	153
	154	21 November 2008: Wouter
	155	- fixed tcp accept, errors were printed when they should not.
	156	- unbound-control-setup.sh removes read/write permissions other
	157	from the keys it creates (as suggested by Dmitriy Demidov).
	158
	159	20 November 2008: Wouter
	160	- fixup fatal error due to faulty error checking after tcp accept.
	161	- add check in rlimit to avoid integer underflow.
	162	- rlimit check with new formula; better estimate for number interfaces
	163	- nicer comments in rlimit check.
	164	- tag 1.1.1 created in svn.
	165	- trunk label is 1.1.2
	166
	167	19 November 2008: Wouter
	168	- bug #219: fixed so that syslog which delays opening until the first
	169	log line is written, gets a log line while not chroot'ed yet.
	170
	171	18 November 2008: Wouter
	172	- iana portlist updated.
	173	- removed cast in unit test debug print that was not 64bit safe.
	174	- trunk back to 1.1.0; copied to tags 1.1.0 release.
	175	- trunk to has version number 1.1.1 again.
	176	- in 1.1.1; make clean nicer. grammar in manpage.
	177
	178	17 November 2008: Wouter
	179	- theoretical fix for problems reported on mailing list.
	180	If a delegation point has no A but only AAAA and do-ip6 is no,
	181	resolution would fail. Fixed to ask for the A and AAAA records.
	182	It has to ask for both always, so that it can fail quietly, from
	183	TLD perspective, when a zone is only reachable on one transport.
	184	- test for above, only AAAA and doip6 is no. Fix causes A record
	185	for nameserver to be fetched.
	186	- fixup address duplication on cache fillup for delegation points.
	187	- testset updated for new query answer requirements.
	188
	189	14 November 2008: Wouter
	190	- created 1.1.0 release tag in svn.
	191	- trunk moved to 1.1.1
	192	- fixup unittest-neg for locking.
	193
	194	13 November 2008: Wouter
	195	- added fedora init and specfile to contrib (by Paul Wouters).
	196	- added configure check for ldns 1.4.0 (using its compat funcs).
	197	- neater comments in worker.h.
	198	- removed doc/plan and updated doc/TODO.
	199	- silenced EHOSTDOWN (verbosity 2 or higher to see it).
	200	- review comments from Jelte, Matthijs. Neater code.
	201
	202	12 November 2008: Wouter
	203	- add unbound-control manpage to makedist replace list.
	204
	205	11 November 2008: Wouter
	206	- unit test for negative cache, stress tests the refcounting.
	207	- fix for refcounting error that could cause fptr_wlist fatal exit
	208	in the negative cache rbtree (upcoming 1.1 feature). (Thanks to
	209	Attila Nagy for testing).
	210	- nicer comments in cachedump about failed RR to string conversion.
	211	- fix 32bit wrap around when printing large (4G and more) mem usage
	212	for extended statistics.
	213
	214	10 November 2008: Wouter
	215	- fixup the getaddrinfo compat code rename.
	216
	217	8 November 2008: Wouter
	218	- added configure check for eee build warning.
	219
	220	7 November 2008: Wouter
	221	- fix bug 217: fixed, setreuid and setregid do not work on MacOSX10.4.
	222	- detect nonblocking problems in network stack in configure script.
	223
	224	6 November 2008: Wouter
	225	- dname_priv must decompress the name before comparison.
	226	- iana portlist updated.
	227
	228	5 November 2008: Wouter
	229	- fixed possible memory leak in key_entry_key deletion.
	230	Would leak a couple bytes when trust anchors were replaced.
	231	- if query and reply qname overlap, the bytes are skipped not copied.
	232	- fixed file descriptor leak when messages were jostled out that
	233	had outstanding (TCP) replies.
	234	- DNAMEs used from cache have their synthesized CNAMEs initialized
	235	properly.
	236	- fixed file descriptor leak for localzone type deny (for TCP).
	237	- fixed memleak at exit for nsec3 negative cached zones.
	238	- fixed memleak for the keyword 'nodefault' when reading config.
	239	- made verbosity of 'edns incapable peer' warning higher, so you
	240	do not get spammed by it.
	241	- caught elusive Bad file descriptor error bug, that would print the
	242	error while unnecessarily try to listen to a closed fd. Fixed.
	243
	244	4 November 2008: Wouter
	245	- fixed -Wwrite-strings warnings that result in better code.
	246
	247	3 November 2008: Wouter
	248	- fixup build process for Mac OSX linker, use ldns b32 compat funcs.
	249	- generated configure with autoconf-2.61.
	250	- iana portlist updated.
	251	- detect if libssl needs libdl. For static linking with libssl.
	252	- changed to use new algorithm identifiers for sha256/sha512
	253	from ldns 1.4.0 (need very latest version).
	254	- updated the included ldns tarball.
	255	- proper detection of SHA256 and SHA512 functions (not just sizes).
	256
	257	23 October 2008: Wouter
	258	- a little more debug info for failure on signer names. prints names.
	259
	260	22 October 2008: Wouter
	261	- CFLAGS are picked up by configure from the environment.
	262	- iana portlist updated.
	263	- updated ldns to use 1.4.0-pre20081022 so it picks up CFLAGS too.
	264	- new stub-prime: yesno option. Default is off, so it does not prime.
	265	can be turned on to get same behaviour as previous unbound release.
	266	- made automated test that checks if builtin root hints are uptodate.
	267	- finished draft-wijngaards-dnsext-resolver-side-mitigation
	268	implementation. The unwanted-reply-threshold can be set.
	269	- fixup so fptr_whitelist test in alloc.c works.
	270
	271	21 October 2008: Wouter
	272	- fix update-anchors.sh, so it does not report different RR order
	273	as an update. Sorts the keys in the file. Updated copyright.
	274	- fixup testbound on windows, the command control pipe doesn't exist.
	275	- skip 08hostlib test on windows, no fork() available.
	276	- made unbound-remote work on windows.
	277
	278	20 October 2008: Wouter
	279	- quench a log message that is debug only.
	280	- iana portlist updated.
	281	- do not query bogus nameservers. It is like nameservers that have
	282	the NS or A or AAAA record bogus are listed as donotquery.
	283	- if server selection is faced with only bad choices, it will
	284	attempt to get more options to be fetched.
	285	- changed bogus-ttl default value from 900 to 60 seconds.
	286	In anticipation that operator caused failures are more likely than
	287	actual attacks at this time. And thus repeated validation helps
	288	the operators get the problem fixed sooner. It makes validation
	289	failures go away sooner (60 seconds after the zone is fixed).
	290	Also it is likely to try different nameserver targets every minute,
	291	so that if a zone is bad on one server but not another, it is
	292	likely to pick up the 'correct' one after a couple minutes,
	293	and if the TTL is big enough that solves validation for the zone.
	294	- fixup unbound-control compilation on windows.
	295
	296	17 October 2008: Wouter
	297	- port Leopard/G5: fixup type conversion size_t/uint32.
	298	please ranlib, stop file without symbols warning.
	299	- harden referral path now also validates the root after priming.
	300	It looks up the root NS authoritatively as well as the root servers
	301	and attemps to validate the entries.
	302
	303	16 October 2008: Wouter
	304	- Fixup negative TTL values appearing (reported by Attila Nagy).
	305
	306	15 October 2008: Wouter
	307	- better documentation for 0x20; remove fallback TODO, it is done.
	308	- harden-referral-path feature includes A, AAAA queries for glue,
	309	as well as very careful NS caching (only when doing NS query).
	310	A, AAAA use the delegation from the NS-query.
	311
	312	14 October 2008: Wouter
	313	- fwd_three.tpkg test was flaky. If the three requests hit the
	314	wrong threads by chance (or bad OS) then the test would fail.
	315	Made less flaky by increasing number of retries.
	316	- stub_udp.tpkg changed to work, give root hints. fixed ldns_dname_abs.
	317	- ldns tarball is snapshot of ldns r2759 (1.4.0-pre-20081014).
	318	Which includes the ldns_dname_absolute fix.
	319	- fwd_three test remains flaky now that unbound does not stop
	320	listening when full. Thus, removed timeout problem.
	321	It may be serviced by three threads, or maybe by one.
	322	Mostly only useful for lock-check testing now.
	323
	324	13 October 2008: Wouter
	325	- fixed recursion servers deployed as authoritative detection, so
	326	that as a last resort, a +RD query is sent there to get the
	327	correct answer.
	328	- iana port list update.
	329	- ldns tarball is snapshot of ldns r2759 (1.4.0-pre-20081013).
	330
	331	10 October 2008: Wouter
	332	- fixup tests - the negative cache contained the correct NSEC3s for
	333	two tests that are supposed to fail to validate.
	334
	335	9 October 2008: Wouter
	336	- negative cache caps max iterations of NSEC3 done.
	337	- NSEC3 negative cache for qtype DS works.
	338
	339	8 October 2008: Wouter
	340	- NSEC negative cache for DS.
	341
	342	6 October 2008: Wouter
	343	- jostle-timeout option, so you can config for slow links.
	344	- 0x20 fallback code. Tries 3xnumber of nameserver addresses
	345	queries that must all be the same. Sent to random nameservers.
	346	- documented choices for DoS, EDNS, 0x20.
	347
	348	2 October 2008: Wouter
	349	- fixup unlink of pidfile.
	350	- fixup SHA256 algorithm collation code.
	351	- contrib/update-anchor.sh does not overwrite anchors if not needed.
	352	exits 0 when a restart is needed, other values if not.
	353	so, update-anchor.sh -d mydir && /etc/rc.d/unbound restart
	354	can restart unbound exactly when needed.
	355
	356	30 September 2008: Wouter
	357	- fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1.
	358	- tests for sha256 support and downgrade resistance.
	359	- RSASHA256 and RSASHA512 support (using the draft in dnsext),
	360	using the drafted protocol numbers.
	361	- when using stub on localhost (127.0.0.1@10053) unbound works.
	362	Like when running NSD to host a local zone, on the same machine.
	363	The noprime feature. manpages more explanation. Added a test for it.
	364	- shorthand for reverse PTR, local-data-ptr: "1.2.3.4 www.ex.com"
	365
	366	29 September 2008: Wouter
	367	- EDNS lameness detection, if EDNS packets are dropped this is
	368	detected, eventually.
	369	- multiple query timeout rtt backoff does not backoff too much.
	370
	371	26 September 2008: Wouter
	372	- tests for remote-control.
	373	- small memory leak in exception during remote control fixed.
	374	- fixup for lock checking but not unchecking in remote control.
	375	- iana portlist updated.
	376
	377	23 September 2008: Wouter
	378	- Msg cache is loaded. A cache load enables cache responses.
	379	- unbound-control flush [name], flush_type and flush_zone.
	380
	381	22 September 2008: Wouter
	382	- dump_cache and load_cache statements in unbound-control.
	383	RRsets are dumped and loaded correctly.
	384	Msg cache is dumped.
	385
	386	19 September 2008: Wouter
	387	- locking on the localdata structure.
	388	- add and remove local zone and data with unbound-control.
	389	- ldns trunk snapshot updated, make tests work again.
	390
	391	18 September 2008: Wouter
	392	- fixup error in time calculation.
	393	- munin plugin improvements.
	394	- nicer abbreviations for high query types values (ixfr, axfr, any...)
	395	- documented the statistics output in unbound-control man page.
	396	- extended statistics prints out histogram, over unbound-control.
	397
	398	17 September 2008: Wouter
	399	- locking for threadsafe bogus rrset counter.
	400	- ldns trunk no longer exports b32 functions, provide compat.
	401	- ldns tarball updated.
	402	- testcode/ldns-testpkts.c const fixups.
	403	- fixed rcode stat printout.
	404	- munin plugin in contrib.
	405	- stats always printout uptime, because stats plugins need it.
	406
	407	16 September 2008: Wouter
	408	- extended-statistics: yesno config option.
	409	- unwanted replies spoof nearmiss detector.
	410	- iana portlist updated.
	411
	412	15 September 2008: Wouter
	413	- working start, stop, reload commands for unbound-control.
	414	- test for unbound-control working; better exit value for control.
	415	- verbosity control via unbound-control.
	416	- unbound-control stats.
	417
	418	12 September 2008: Wouter
	419	- removed browser control mentions. Proto speccy.
	420
	421	11 September 2008: Wouter
	422	- set nonblocking on new TCP streams, because linux does not inherit
	423	the socket options to the accepted socket.
	424	- fix TCP timeouts.
	425	- SSL protected connection between server and unbound-control.
	426
	427	10 September 2008: Wouter
	428	- remove memleak in privacy addresses on reloads and quits.
	429	- remote control work.
	430
	431	9 September 2008: Wouter
	432	- smallapp/unbound-control-setup.sh script to set up certificates.
	433
	434	4 September 2008: Wouter
	435	- scrubber scrubs away private addresses.
	436	- test for private addresses. man page entry.
	437	- code refactored for name and address tree lookups.
	438
	439	3 September 2008: Wouter
	440	- options for 'DNS Rebinding' protection: private-address and
	441	private-domain.
	442	- dnstree for reuse of routines that help with domain, addr lookups.
	443	- private-address and private-domain config option read, stored.
	444
	445	2 September 2008: Wouter
	446	- DoS protection features. Queries are jostled out to make room.
	447	- testbound can pass time, increasing the internal timer.
	448	- do not mark unsigned additionals bogus, leave unchecked, which
	449	is removed too.
	450
	451	1 September 2008: Wouter
	452	- disallow nonrecursive queries for cache snooping by default.
	453	You can allow is using access-control: <subnet> allow_snoop.
	454	The defaults do allow access no authoritative data without RD bit.
	455	- two tests for it and fixups of tests for nonrec refused.
	456
	457	29 August 2008: Wouter
	458	- version 1.1 number in trunk.
	459	- harden-referral-path option for query for NS records.
	460	Default turns off expensive, experimental option.
	461
	462	28 August 2008: Wouter
	463	- fixup logfile handling; it is created with correct permissions
	464	again. (from bugfix#199).
	465	Some errors are not written to logfile (pidfile writing, forking),
	466	and these are only visible by using the -d commandline flag.
	467
	468	27 August 2008: Wouter
	469	- daemon(3) is causing problems for people. Reverting the patch.
	470	bug#200, and 199 and 203 contain sideline discussion on it.
	471	- bug#199 fixed: pidfile can be outside chroot. openlog is done before
	472	chroot and drop permissions.
	473	- config option to set size of aggressive negative cache,
	474	neg-cache-size.
	475	- bug#203 fixed: dlv has been implemented.
	476
	477	26 August 2008: Wouter
	478	- test for insecure zone when DLV is in use, also does negative cache.
	479	- test for trustanchor when DLV is in use (the anchor works).
	480	- test for DLV used for a zone below a trustanchor.
	481	- added scrub filter for overreaching NSEC records and unit test.
	482	- iana portlist update
	483	- use of setresuid or setreuid when available.
	484	- use daemon(3) if available.
	485
	486	25 August 2008: Wouter
	487	- realclean patch from Robert Edmonds.
	488
	489	22 August 2008: Wouter
	490	- nicer debuglogging of DLV.
	491	- test with secure delegation inside the DLV repository.
	492
	493	21 August 2008: Wouter
	494	- negative cache code linked into validator, for DLV use.
	495	negative cache works for DLV.
	496	- iana portlist update.
	497	- dlv-anchor option for unit tests.
	498	- fixup NSEC_AT_APEX classification for short typemaps.
	499	- ldns-testns has subdomain checks, for unit tests.
	500
	501	20 August 2008: Wouter
	502	- negative cache code, reviewed.
	503
	504	18 August 2008: Wouter
	505	- changes info: in logfile to notice: info: or debug: depending on
	506	the verbosity of the statements. Better logfile message
	507	classification.
	508	- bug #208: extra rc.d unbound flexibility for freebsd/nanobsd.
	509
	510	15 August 2008: Wouter
	511	- DLV nsec code fixed for better detection of closest existing
	512	enclosers from NSEC responses.
	513	- DLV works, straight to the dlv repository, so not for production.
	514	- Iana port update.
	515
	516	14 August 2008: Wouter
	517	- synthesize DLV messages from the rrset cache, like done for DS.
	518
	519	13 August 2008: Wouter
	520	- bug #203: nicer do-auto log message when user sets incompatible
	521	options.
	522	- bug #204: variable name ameliorated in log.c.
	523	- bug #206: in iana_update, no egrep, but awk use.
	524	- ldns snapshot r2699 taken (includes DLV type).
	525	- DLV work, config file element, trust anchor read in.
	526
	527	12 August 2008: Wouter
	528	- finished adjusting testset to provide qtype NS answers.
	529
	530	11 August 2008: Wouter
	531	- Fixup rrset security updates overwriting 2181 trust status.
	532	This makes validated to be insecure data just as worthless as
	533	nonvalidated data, and 2181 rules prevent cache overwrites to them.
	534	- Fix assertion fail on bogus key handling.
	535	- dnssec lameness detection works on first query at trust apex.
	536	- NS queries get proper cache and dnssec lameness treatment.
	537	- fixup compilation without pthreads on linux.
	538
	539	8 August 2008: Wouter
	540	- NS queries are done after every referral.
	541	validator is used on those NS records (if anchors enabled).
	542
	543	7 August 2008: Wouter
	544	- Scrubber more strict. CNAME chains, DNAMEs from cache, other
	545	irrelevant rrsets removed.
	546	- 1.0.2 released from 1.0 support branch.
	547	- fixup update-anchor.sh to work both in BSD shell and bash.
4	548
5	549	5 August 2008: Wouter
6		- fixup DS test so apex nodata works again (from trunk).
	550	- fixup DS test so apex nodata works again.
7	551
8	552	4 August 2008: Wouter
9		- Bug #201 fixup from trunk; fixes segfault on exit cleanup
10		- iana port nrs updated.
	553	- iana port update.
	554	- TODO update.
	555	- fix bug 201: null ptr deref on cleanup while udp pkts wait for port.
	556	- added explanatory text for outgoing-port-permit in manpage.
11	557
12	558	30 July 2008: Wouter
13		- fixup DS qtype validation bug. (fix taken from trunk).
	559	- fixup bug qtype DS for unsigned zone and signed parent validation.
	560
	561	25 July 2008: Wouter
	562	- added original copyright statement of OpenBSD arc4random code.
	563	- created tube signaling solution on windows, as a pipe replacement.
	564	this makes background asynchronous resolution work on windows.
	565	- removed very insecure socketpair compat code. It also did not
	566	work with event_waiting. Solved by pipe replacement.
	567	- unbound -h prints openssl version number as well.
	568
	569	22 July 2008: Wouter
	570	- moved pipe actions to util/tube.c. easier porting and shared code.
	571	- check _raw() commpoint callbacks with fptr_wlist.
	572	- iana port update.
14	573
15	574	21 July 2008: Wouter
16	575	- #198: nicer entropy warning message. manpage OS hints.
17	576
18	577	19 July 2008: Wouter
19		- #198: fixup manpage to suggest entropy chroot fix.
	578	- #198: fixup man page to suggest chroot entropy fix.
20	579
21	580	18 July 2008: Wouter
22	581	- branch for 1.0 support.
	582	- trunk work on tube.c.
23	583
24	584	17 July 2008: Wouter
25	585	- fix bug #196, compile outside source tree.

+1

-1

doc/README less more

0		README for Unbound 1.0.2
	0	README for Unbound 1.2.1
1	1	Copyright 2007 NLnet Labs
2	2	http://unbound.net
3	3

+38

-39

doc/TODO less more

1	1	o understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
2	2	o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3
3	3	will result in proper negative responses.
4		o get serverselection algorithm out of local optimum.
5		make subtargets to get rtt info for a couple of targets, like fetch-policy.
6		or send out multiple queries to multiple servers.
7	4	o (option) where port 53 is used for send and receive, no other ports are used.
8	5	o (option) to not send replies to clients after a timeout of (say 5 secs) has
9	6	passed, but keep task active for later retries by client.

16	13	o windows version, auto update feature, a query to check for the version.
17	14	o command the server with TSIG inband. get-config, clearcache,
18	15	get stats, get memstats, get ..., reload, clear one zone from cache
19		o watch for spoof nearmisses. Keep counter of nearmisses and print that
20		in the stats lines, operator can determine what level is a redalert.
21	16	o NSID rfc 5001 support.
22	17	o timers rfc 5011 support.
23	18	o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.

25	20	o inspect date on executable, then warn user in log if its more than 1 year.
26	21	o (option) proactively prime root, stubs and trust anchors, feature.
27	22	early failure, faster on first query, but more traffic.
28		o On Windows use CryptGenRandom() to get random seed for arc4random.
29	23	o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
30	24	o library add function to validate input from app that is signed.
31	25	o add dynamic-update requests (making a dynupd request) to libunbound api.
32		o in an ipv6 connected only environment unbound cannot use outgoing IP6
33		to send to ip4to6 mapped hosts, need ip4to6map of NS and disable
34		V6ONLY socket option.
35	26	o SIG(0) and TSIG.
36	27	o support OPT record placement on recv anywhere in the additional section.
37	28	o add local-file: config with authority features.
38	29	o (option) to make local-data answers be secure for libunbound (default=no)
39	30	o (option) to make chroot: copy all needed files into jail (or make jail)
40	31	perhaps also print reminder to link /dev/random and sysloghack.
41		o (option) for extended statistics. If enabled (not by default) collect print
42		rcode, uptime, spoofnearmisses, cache size, qtype,
43		bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply.
44		perhaps also see which slow auth servers cause >1sec values.
45		stats-file possible with key: value or key=value lines in it.
46		stats on SIGUSR1. addup stats over threads.
47	32	o overhaul outside-network servicedquery to merge with udpwait and tcpwait,
48	33	to make timers in servicedquery independent of udpwait queues.
49		o 0x20 fallback so it can be enabled without trouble.
50	34	o check into rebinding ports for efficiency, configure time test.
51		o DLV is considered.
52	35	o EVP hardware crypto support.
	36	o option to ignore all inception and expiration dates for rrsigs.
	37	o option to use builtin ldns explicitly. Or stop shipping builtin tarball.
	38	o cleaner code; return and func statements on newline.
	39	o memcached module that sits before validator module; checks for memcached
	40	data (on local lan), stores recursion lookup. Provides one cache for
	41	multiple resolver machines, coherent reply content in anycast setup.
	42	o no openssl_add_all_algorithms, but only the ones necessary, less space.
53	43
54		Features soon after 1.0.
55		o EDNS fallback after timeout (firewall drops all edns traffic problem).
56		o IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?).
57		cumbersome to reverse notate by hand for the operator.
58		o zone name appending for local-data. Perhaps read zonefiles. Perhaps it is
59		too much authority feature creep.
60		o option to disable cache snooping from the clients (the nonRD queries),
61		with allow, refused, drop choices.
62
63		For 1.x; features that have been requested during the beta test.
64		o command channel for couple of tasks. Like rndc.
65		o see delegation; what servers would be used to get data for a name.
66		o force stats display; easier than parsing logfiles.
67		stats display added over threads, displayed in rddtool easy format.
68		o flush names or domains (all under a name) from the cache. Include NSes.
69		And the A, AAAA for its NSes.
70		o add/del static preload data to change the domain redirections.
71		o and maybe also start, stop, reload.
72
73
74		o on windows version, libunbound uses a NamedPipe, examine security status
75		make sure the OS makes it safe like on unix.
	44	*** Features features, for later
	45	* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
	46	* aggressive negative caching for NSEC, NSEC3.
	47	* multiple queries per question, server exploration, server selection.
	48	* support TSIG on queries, for validating resolver deployment.
	49	* retry-mode, where a bogus result triggers a retry-mode query, where a list
	50	of responses over a time interval is collected, and each is validated.
	51	or try in TCP mode. Do not 'try all servers several times', since we must
	52	not create packet storms with operator errors.
	53	* Windows port features
76	54	o on windows version, implement that OS ancillary data capabilities for
77	55	interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
	56	o local-zone directive with authority service, full authority server
	57	is a non-goal.
	58
	59	o configure option to force use of builtin ldns tarball.
	60	o make so revoke bit keys cannot verify signatures
	61	o option to print UTC timestamps instead of epoch in seconds.
	62	o print querier IP address on high loglevels.
	63
	64	o infra and lame cache: easier size config (in Mb), show usage in graphs.
	65	o #226: unbound_control dump_requestlist
	66	o #227: unbound_control flush_stats
	67	o unbound_control get_stats_noreset
	68	o unbound_control forward [addr {addr}] \| [off]
	69	o #231: unbound_checkconf options to output config file data.
	70	o config entry to denote that a zone is to be treated as unsigned (even if
	71	a DS exists to higher trust anchor).
	72	o see if we can use daemon(3), cleaner posix usage.
	73	o see if we can include the python bindings (contrib).
	74	o see if we can suport var:value (nospace) by parser.
	75	o remote control read ssl information while priviledged.
	76	o call initgroups(3) to drop secondary group permissions.

+66

-0

doc/control_proto_spec.txt less more

	0
	1	Specification for the unbound-control protocol.
	2
	3	Server listens on 953 TCP (localhost by default). Client connects,
	4	SSLv3 or TLSv1 connection setup (server selfsigned certificate,
	5	client has cert signed by server certificate).
	6
	7	Query and Response
	8	------------------
	9	Client sends
	10	UBCT [commandline] \n
	11	fixed string UBCT, then an ascii text line, with a command,
	12	some whitespace allowed. Line ends with '\n'.
	13
	14	Server executes command. And sends reply in ascii text over channel,
	15	closes the channel when done.
	16	in case of error the first line of the response is:
	17	error <descriptive text possible> \n
	18	or the remainder is data of the response, for many commands the
	19	response is 'ok\n'.
	20
	21	Queries and responses
	22	---------------------
	23	stop
	24	stops the server.
	25	reload
	26	reloads the config file, and flushes the cache.
	27	verbosity <new value>
	28	Change logging verbosity to new value.
	29	stats
	30	output is a list of [name]=[value] lines.
	31	clears the counters.
	32	dump_cache
	33	output is a text representation of the cache contents.
	34	data ends with a line 'EOF' before connection close.
	35	load_cache
	36	client sends cache contents (like from dump_cache), which is stored
	37	in the cache. end of data indicated with a line with 'EOF' on it.
	38	The data is sent after the query line.
	39	flush <name>
	40	flushes some information regarding the name from the cache.
	41	removes the A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR types.
	42	Does not remove other types.
	43	flush_type <name> <RR type>
	44	removes rrtype entry from the cache.
	45	flush_zone <name>
	46	removes name and everything below that name from the cache.
	47	has to search through the cache item by item, so this is slow.
	48	lookup <name>
	49	see what servers would be queried for a lookup of the given name.
	50	local_zone_remove <name of local-zone entry>
	51	the local-zone entry is removed.
	52	All data from the local zone is also deleted.
	53	If it did not exist, nothing happens.
	54	local_zone <name of local zone> <type>
	55	As the config file entry. Adds new local zone or updates
	56	existing zone type.
	57	local_data_remove <name>
	58	Removes local-data (all types) name.
	59	local_data <resource record string>
	60	Add new local data record (on the rest of the line).
	61	local_data_add www.example.com. IN A 192.0.2.2
	62	if no local_zone exists for it; a transparent zone with the same
	63	name as the data is created.
	64
	65

+93

-17

doc/example.conf.in less more

20	20
21	21	# enable cumulative statistics, without clearing them after printing.
22	22	# statistics-cumulative: no
	23
	24	# enable extended statistics (query types, answer codes, status)
	25	# printed from unbound-control. default off, because of speed.
	26	# extended-statistics: no
23	27
24	28	# number of threads to create. 1 disables threading.
25	29	# num-threads: 1

34	38	# interface: 2001:DB8::5
35	39
36	40	# enable this feature to copy the source address of queries to reply.
37		# Socket options not be supported on all platforms. experimental.
	41	# Socket options are not supported on all platforms. experimental.
38	42	# interface-automatic: no
39	43
40	44	# port to answer queries from

84	88	# the number of queries that a thread gets to service.
85	89	# num-queries-per-thread: 1024
86	90
	91	# if very busy, 50% queries run to completion, 50% get timeout in msec
	92	# jostle-timeout: 200
	93
87	94	# the amount of memory to use for the RRset cache.
88	95	# plain value in bytes or you can append k, m or G. default is "4Mb".
89	96	# rrset-cache-size: 4m

133	140	# control which clients are allowed to make (recursive) queries
134	141	# to this server. Specify classless netblocks with /size and action.
135	142	# By default everything is refused, except for localhost.
136		# Choose deny (drop message), refuse (polite error reply), allow.
	143	# Choose deny (drop message), refuse (polite error reply),
	144	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
137	145	# access-control: 0.0.0.0/0 refuse
138	146	# access-control: 127.0.0.0/8 allow
139	147	# access-control: ::0/0 refuse
140	148	# access-control: ::1 allow
141	149	# access-control: ::ffff:127.0.0.1 allow
142
	150
143	151	# if given, a chroot(2) is done to the given directory.
144	152	# i.e. you can chroot to the working directory, for example,
145	153	# for extra security, but make sure all files are in that directory.

149	157	# chroot has been performed the now defunct portion of the config
150	158	# file path is removed to be able to reread the config after a reload.
151	159	#
152		# All other file paths (working dir, pidfile, logfile, roothints,
	160	# All other file paths (working dir, logfile, roothints, and
153	161	# key files) can be specified in several ways:
154	162	# o as an absolute path relative to the new root.
155	163	# o as a relative path to the working directory.
156	164	# o as an absolute path relative to the original root.
157	165	# In the last case the path is adjusted to remove the unused portion.
158	166	#
159		# Additionally, unbound may need to access /dev/random (for entropy)
160		# and to /dev/log (if you use syslog) from inside the chroot.
	167	# The pid file can be absolute and outside of the chroot, it is
	168	# written just prior to performing the chroot and dropping permissions.
	169	#
	170	# Additionally, unbound may need to access /dev/random (for entropy).
161	171	# How to do this is specific to your OS.
162	172	#
163	173	# If you give "" no chroot is performed. The path must not end in a /.

181	191	# log to, with identity "unbound". If yes, it overrides the logfile.
182	192	# use-syslog: yes
183	193
184		# the pid file.
	194	# the pid file. Can be an absolute path outside of chroot/work dir.
185	195	# pidfile: "@UNBOUND_PIDFILE@"
186	196
187	197	# file to read root hints from.

224	234	# trigger insecure mode for that zone (like without a trustanchor).
225	235	# Default on, which insists on dnssec data for trust-anchored zones.
226	236	# harden-dnssec-stripped: yes
227
	237
	238	# Harden the referral path by performing additional queries for
	239	# infrastructure data. Validates the replies (if possible).
	240	# Default off, because the lookups burden the server. Experimental
	241	# implementation of draft-wijngaards-dnsext-resolver-side-mitigation.
	242	# harden-referral-path: no
	243
228	244	# Use 0x20-encoded random bits in the query to foil spoof attempts.
229		# Disabled by default, because some caching forwarders may not
230		# support this (if you have forward-zones). Most authority servers do.
231	245	# This feature is an experimental implementation of draft dns-0x20.
232		# It is known that some authority servers do not support 0x20, and
233		# resolution will fail for them. A solution is on the TODO list.
234	246	# use-caps-for-id: no
235	247
	248	# Enforce privacy of these addresses. Strips them away from answers.
	249	# It may cause DNSSEC validation to additionally mark it as bogus.
	250	# Protects against 'DNS Rebinding' (uses browser as network proxy).
	251	# Only 'private-domain' and 'local-data' names are allowed to have
	252	# these private addresses. No default.
	253	# private-address: 10.0.0.0/8
	254	# private-address: 172.16.0.0/12
	255	# private-address: 192.168.0.0/16
	256	# private-address: 192.254.0.0/16
	257	# private-address: fd00::/8
	258	# private-address: fe80::/10
	259
	260	# Allow the domain (and its subdomains) to contain private addresses.
	261	# local-data statements are allowed to contain private addresses too.
	262	# private-domain: "example.com"
	263
	264	# If nonzero, unwanted replies are not only reported in statistics,
	265	# but also a running total is kept per thread. If it reaches the
	266	# threshold, a warning is printed and a defensive action is taken,
	267	# the cache is cleared to flush potential poison out of it.
	268	# A suggested value is 10000000, the default is 0 (turned off).
	269	# unwanted-reply-threshold: 0
	270
236	271	# Do not query the following addresses. No DNS queries are sent there.
237	272	# List one address per entry. List classless netblocks with /size,
238	273	# do-not-query-address: 127.0.0.1/8

246	281	# separated by spaces. "iterator" or "validator iterator"
247	282	# module-config: "validator iterator"
248	283
	284	# File with DLV trusted keys. Same format as trust-anchor-file.
	285	# There can be only one DLV configured, it is trusted from root down.
	286	# Download https://secure.isc.org/ops/dlv/dlv.isc.org.key
	287	# dlv-anchor-file: "dlv.isc.org.key"
	288
249	289	# File with trusted keys for validation. Specify more than one file
250	290	# with several entries, one file per entry.
251	291	# Zone file format, with DS and DNSKEY entries.

262	302	# but has a different file format. Format is BIND-9 style format,
263	303	# the trusted-keys { name flag proto algo "key"; }; clauses are read.
264	304	# trusted-keys-file: ""
265
	305
266	306	# Override the date for validation with a specific fixed date.
267	307	# Do not set this unless you are debugging signature inception
268	308	# and expiration. "" or "0" turns the feature off.

270	310
271	311	# The time to live for bogus data, rrsets and messages. This avoids
272	312	# some of the revalidation, until the time interval expires. in secs.
273		# val-bogus-ttl: 900
	313	# val-bogus-ttl: 60
274	314
275	315	# Should additional section of secure message also be kept clean of
276	316	# unsecure data. Useful to shield the users of this validator from

299	339	# the number of slabs must be a power of 2.
300	340	# more slabs reduce lock contention, but fragment memory usage.
301	341	# key-cache-slabs: 4
	342
	343	# the amount of memory to use for the negative cache (used for DLV).
	344	# plain value in bytes or you can append k, m or G. default is "1Mb".
	345	# neg-cache-size: 1m
302	346
303	347	# a number of locally served zones can be configured.
304	348	# local-zone: <zone> <type>

306	350	# o deny serves local data (if any), else, drops queries.
307	351	# o refuse serves local data (if any), else, replies with error.
308	352	# o static serves local data, else, nxdomain or nodata answer.
309		# o transparent serves local data, else, resolves normally .
	353	# o transparent gives local data, but resolves normally for other names
310	354	# o redirect serves the zone data for any subdomain in the zone.
311	355	# o nodefault can be used to normally resolve AS112 zones.
312	356	#

329	373	# (this makes example.com, www.example.com, etc, all go to 192.0.2.3)
330	374	# local-zone: "example.com" redirect
331	375	# local-data: "example.com A 192.0.2.3"
332
	376	#
	377	# Shorthand to make PTR records, "IPv4 name" or "IPv6 name".
	378	# You can also add PTR records using local-data directly, but then
	379	# you need to do the reverse notation yourself.
	380	# local-data-ptr: "192.0.2.3 www.example.com"
	381
	382	# Remote control config section.
	383	remote-control:
	384	# Enable remote control with unbound-control(8) here.
	385	# set up the keys and certificates with unbound-control-setup.
	386	# control-enable: no
	387
	388	# what interfaces are listened to for remote control.
	389	# give 0.0.0.0 and ::0 to listen to all interfaces.
	390	# control-interface: 127.0.0.1
	391	# control-interface: ::1
	392
	393	# port number for remote control operations.
	394	# control-port: 953
	395
	396	# unbound server key file.
	397	# server-key-file: "@UNBOUND_RUN_DIR@/unbound_server.key"
	398
	399	# unbound server certificate file.
	400	# server-cert-file: "@UNBOUND_RUN_DIR@/unbound_server.pem"
	401
	402	# unbound-control key file.
	403	# control-key-file: "@UNBOUND_RUN_DIR@/unbound_control.key"
	404
	405	# unbound-control certificate file.
	406	# control-cert-file: "@UNBOUND_RUN_DIR@/unbound_control.pem"
333	407
334	408	# Stub zones.
335	409	# Create entries like below, to make all queries for 'example.com' and
336	410	# 'example.org' go to the given list of nameservers. list zero or more
337		# nameservers by hostname or by ipaddress.
	411	# nameservers by hostname or by ipaddress. If you set stub-prime to yes,
	412	# the list is treated as priming hints (default is no).
338	413	# stub-zone:
339	414	# name: "example.com"
340	415	# stub-addr: 192.0.2.68
	416	# stub-prime: "no"
341	417	# stub-zone:
342	418	# name: "example.org"
343	419	# stub-host: ns.example.com.

+2

-2

doc/libunbound.3.in less more

0		.TH "libunbound" "3" "Aug 7, 2008" "NLnet Labs" "unbound 1.0.2"
	0	.TH "libunbound" "3" "Feb 10, 2009" "NLnet Labs" "unbound 1.2.1"
1	1	.\"
2	2	.\" libunbound.3 -- unbound library functions manual
3	3	.\"

35	35	.B ub_cancel,
36	36	.B ub_resolve_free,
37	37	.B ub_strerror
38		\- Unbound DNS validating resolver 1.0.2 functions.
	38	\- Unbound DNS validating resolver 1.2.1 functions.
39	39	.SH "SYNOPSIS"
40	40	.LP
41	41	.B #include <unbound.h>

+0

-324

~~doc/plan~~ less more

0		Plan for Unbound.
1
2		Split into a set of boxes. Every box will take about 3 weeks to a month
3		to complete. The first set of of boxes (approx 5 months) will need coding
4		by a limited set of people. But after every box, a 0.x release is done,
5		which is then tested and code review is done.
6
7		Every box:
8		* implement the features
9		* documentation of those features
10		* test-framework for the new features
11		* tests for the new features
12		* speed test of this stage
13		* release of 0.x version (0.x for development only)
14		* a teleconference(jabber) held to discuss.
15		* code review internal couple of days, external a week or so,
16		while we continue the next box.
17
18		Roughly the boxes are as follows:
19		0.0 initial setup - results in network code that forwards queries
20		and returns the reply (no cache), but also testbed, svn, maillist.
21		One query at a time (nonblocking IO though).
22		0.1 threads - results in threaded forwarder
23		0.2 LRU hashtable, results in basic caching forwarder (no DNS parse)
24		0.3 First functionality - results in caching forwarder (with DNS parse,
25		query compare, RR specific updates).
26		0.4 Basic resolver - module layout, iterator module, scrubber module,
27		results in resolver that can service multiple queries per thread.
28		This stage takes longer, due to complexity in the iterator module.
29		Twice as long; one box for module layout, one box for iterator module.
30		0.5 Validator - validator module.
31		0.6 Bigger and better - Operational useful features (config, log, memory)
32		0.7 Put to a limited audience.
33		gamma/alpha core functionality test release, to a small audience.
34		partial functionality. For more extensive use and testing.
35		0.8 Local zones feature - localzones stubzones fwdzones, no leak rfc1918.
36		views support; for selective recursive service.
37		0.9 Library use - resolver validator lib (and test apps)
38		0.10 Corner cases - be able to resolve in the wild. Run fuzzers.
39		Run as many tests as we can think of.
40		Go through logs and check for long, unresolved cases
41		Use profiler.
42		0.11 Beta release. Run shadow for a resolver in production for several
43		weeks.
44		0.12 Features features
45		aggressive negative caching for NSEC, NSEC3.
46		multiple queries per question, server exploration, server selection.
47		option to use real entropy for randomness (mix it in once in a while).
48		check query, option to enforce qdsection checking (forgery-resilience).
49		NSID support.
50		Be able to prime roots using several queries (only NS on first).
51
52		For boxes 0.5-1.0 the planning is to be revised, at the 0.5 stage external
53		coders are welcome. Since the project is bigger, there is room for them.
54
55		This is a summary of the items. Below more detailed work items are spelled
56		out with a (tentative) directory structure for the project.
57
58
59		Styleguide:
60		* write working stuff. (it starts to work with no features)
61		* write tests immediately for every function, every feature.
62		* document as you go. (doxygen comments, manpages and readme).
63		* copyright every file BSD. comments every file. clean coding in C.
64		* every day discuss state of the nation for 10 minutes.
65
66		*** Initial setup
67		* setup svn repo. Makefile with automatic dependencies and configure script.
68		* link with ldns.
69		* listen_dnsport and outside_network services, (unit) tests for them.
70		* use libevent to listen on fds.
71		* setup test infrastructure (tpkg on checkin; testbed on labs test machines).
72		* daemon version that forwards queries. (listen, send) Tests for it.
73		* test by having the outside_net service grab answers from a
74		file instead of network, file of id priority answerpacket.
75		and what query to give this answer to, highprio matches first.
76
77		*** Threads
78		* first simple config file reading/writing and tests on config file.
79		(config option is forwarder: yes/no. Cache size. That sort of thing.)
80		(very simple format)
81		* First simple logging (to a file).
82		* Threads
83		* check if pthread lib is the one to use (sys specific is faster?).
84		* make config option to have threads.
85		* alloc threadable.
86		* locks.c
87		* Tests with and without threads.
88		* alloc_service. Tests for alloc service (unit tests in internal structs).
89		* threading for the network services.
90		* Make sure threading/libevent starts working on all test machines.
91		Use configure to turn off threading/libevent/...
92		-- use libevent packaged together if not in system.
93		-- maybe also for pthreads/...
94		* threaded forwarder version.
95		* speed test of threaded version.
96
97		*** LRU hashtable.
98		* mini msg/reply structure for LRU hashtable test, simple replay format.
99		* hashtable+LRU structure. Tests on structure.
100		* tests on enter/remove, finding items.
101		* tests on LRU movements.
102		* Test on speed of finding items.
103		* slabbed hashtable+LRU structure.
104		* Test locking; perhaps by having sleeps in some threads to force
105		locks to contend. helgrind.
106		* daemon upgraded to be a caching forwarder. So it stores all in cache.
107		Replies from cache. Tests on fake-caching forwarder functionality.
108		* timeout of data test
109		* finding data in cache.
110		* finding data not in cache.
111		* lru falloff of data.
112		* Speed test of fake-caching forwarder.
113
114		*** First functionality
115		* implement dname type and unit tests on it. (all corner cases, random cases)
116		* implement rrset type and tests. (all corner cases, random cases).
117		* msg-reply structure. unit tests of structure.
118		* Test of those rrset pointers
119		* daemon upgraded to be a caching forwarder. So it stores all in cache.
120		Replies from cache. Tests on caching forwarder functionality.
121		* timeout of data test
122		* finding data in cache.
123		* finding data not in cache.
124		* lru falloff of data.
125		* Test update of one rrset in cached packet.
126		* Speed test of caching forwarder.
127
128		*** Basic Resolver
129		* Create module interface and module caller algorithm.
130		* Daemon config to use modules. Test the module caller.
131		* Create basic iterator and scrubber modules.
132		* Test every state of the iterator by passing test data into
133		it.
134		* And scrubber.
135		* Daemon config as cache(iterator).
136		* Test daemon
137		* Speed test.
138
139		*** Validator
140		* Create validator
141		* Test validator on various conditions. By having stored set of
142		domains and RRs in those domains to return to validator.
143		* Validating resolver.
144		* Test resolver.
145		* Speed test.
146
147		*** Put to a limited audience
148		* The alpha/gamma core functionality, svn access to limited audience.
149		* Support features and requests as they arise.
150		* Provide real-world experiences.
151
152		*** Bigger and Better
153		* Config file syntax checker program. Tests on checker.
154		* Logging first class feature with config options.
155		X with logfile turnover to avoid Gbs of logs.
156		* use syslog optional.
157		* donotqueryaddresses with trie for blocking entire netblocks.
158		* Memory overhaul, special allocators for hashtable caches, and mesh qstates.
159		* keep a preallocated list of region-chunks per worker thread.
160		* allocate region struct and cleanup list in region itself; use
161		linked list cleanup list. unit test on this. do not call region
162		to avoid name-collision with nsd regions, 'regional'.
163		* read root hints from file.
164		* failover to next server in 1 second, instead of 100 seconds on one server.
165		X failure to return answer, w. reason (donotq, noanswer servers, cannot
166		find servers, validationfail w.classification, error),
167		with threadno, starttime and endtime and qname/type/class, prime/qflags,
168		from-clients, from-internal, has-subrequests, a nice error report,
169		so that an excerpt from those times can be made from the logs.
170		logfileparsing tool that makes these excerpts and emails them.
171		Not done; user can change verbosity and kill -HUP.
172		* clear cache as a callback from the new-rrset-id routine.
173		X make overload mode work; phase 0 all ok, phase 1 some threads close ports,
174		to let other threads pick up work. phase 2, all threads closed, so all open
175		the ports again and drop all non-cache-reply queries.
176		Keep mutexed num-overloaded-threads counter. thread incs it when it hits
177		max number of user queries serviced in mesh. threads decs it when it
178		falls below 90% of the max. if incs, and not all threads closed, phase 1,
179		else, phase 2 start is broadcast over command pipes. if decs, open ports
180		if phase 1, start servicing, phase is 0 again. Make robust against delays.
181		readme: max about 1 second worth of incoming queries, 10k perhaps,
182		or 1/number of seconds it takes start up of 10k.
183		Not done. Implement drop when full.
184		* the source includes a copy of the ldns lib for ease of building by
185		new users. Detect system installed ldns, if installed ldns is OK; use
186		dynamic linking against it, otherwise static linking against packaged ldns.
187		* no greedy TTL algo (and test).
188		* maximum TTL, cap incoming values, and config option.
189
190		*** Local zones feature.
191		* Build in local zone features. First the total stop for1912.
192		* Then 'local content' for minimal serving of localhost.localdomain,
193		and so on.
194		* Remember jakob's diagram. views support, selective recursive service:
195		* acl for allowed recursion (RD=1), then drop or refused query.
196		like 10.0.0.0/8 allow, 0.0.0.0/0 refuse, ... in-order.
197		perhaps also, same list to disallow RD=0 access, like;
198		allow_recursion, drop_recursion, refuse_recursion, drop_all
199		* static answers for queries, fixed RRs from cfg, option
200		query for that RR returns answer with that RR.
201		* blacklist (return fixed nxdomain for domain and below), option
202		can be used to block AS112 traffic, option to unblock a zone.
203		* after checking acl, do iter: static, blacklist, forwards, recurse.
204		* Forward-local-zone to NSD.
205		- in package, autoforkexec on localhost to do so.
206		- not included. Not necessary for localhost and AS112 service.
207		* forward local zone to remote server.
208		- not included. Not necessary for localhost and AS112 service.
209		* stub zones - send queries for a zone to configged nameserver.
210		- Can be used for complicated setups. So, run auth server on a
211		different port or pc, and stub it on the resolver. Resolver is
212		not auth for zones, but resolution works. This enforces the split
213		of recursive and auth servers.
214		* test local zones
215		* for speed
216		* for correctness on corner cases
217
218		*** Library use
219		* Create library that can do:
220		* resolver
221		* validator
222		* validating resolver.
223		* Test application that links the library. (Like /usr/bin/host+validating).
224		* Test it.
225
226		*** Corner cases
227		* Try to setup corner cases of (mis)configured DNS service/websites.
228		* Resolve msoft, google, yahoo, etc weird websites.
229		* Try to resolve many many different queries, perhaps compared with bind.
230		* create module testers, specific for the modules
231		* read a file with cache contents and settings, provide fake
232		environment for module-handle-state-X functions, then check
233		resulting module state structure to correct answer.
234		* speed test cache responses.
235		* using two servers, compare answer differences between bind and unbound.
236		this gives false differences due to changes in the rest of internet.
237
238		*** Beta release.
239		* Run shadow for a resolver in production for several weeks.
240		* Check logs for errors, long queries.
241		* Run in valgrind, speed profiling (as production shadow).
242
243		*** Features features
244		* aggressive negative caching for NSEC, NSEC3.
245		* multiple queries per question, server exploration, server selection.
246		* NSID support.
247		* support TSIG on queries, for validating resolver deployment.
248		* Nicer statistics
249		* private TTL, dTLS features.
250		* retry-mode, where a bogus result triggers a retry-mode query, where a list
251		of responses over a time interval is collected, and each is validated.
252		or try in TCP mode. Do not 'try all servers several times', since we must
253		not create packet storms with operator errors.
254		* draft-timers, DLV features.
255
256		treeshrew/
257		validator/ .c .h
258		module takes qname, qtype, asks next module for answer
259		and validates that answer.
260		iterator/ .c .h
261		module takes qname, qtype, iterative DNS queries
262		never asks next module.
263		services/
264		- Routines that provide the callback services for modules.
265
266		alloc_service: L1, L2 alloc service
267		outside_network: pending queries helpers.
268		pending query structure
269		listen_dnsport: listen port53 service.
270		request structure
271		type_caches/
272		rrset_cache
273		msg_cache
274		rrset and msg cache check local zones.
275		infra_cache
276		trusted_key_cache
277		util/
278		- Various components from which to build the rest.
279
280		storage/
281		rbtree: redblack tree, for L1 use.
282		- copy from NSD.
283		hashtable and hashfunc: for L1 use.
284		locked_hashtable: for L2 use. -- not needed.
285		fragment_hashtable: for L2 use.
286		fragment_rbtree: for L2 use.
287		slab_allocator: perhaps to support alloc service.
288
289		(in util/ itself)
290		locks: selected lock,unlock (spinlock/mutex).
291		config: reads, stores config file
292		netio: register callbacks to select().
293		- use libevent (!)
294		- copy from NSD.
295		log: error and log handling.
296		module.h: module interface
297		misc: time() wrapper for speed.
298
299		data/
300		msg_reply: qname/qtype/CD/qclass/reply store.
301		packed_rrset: main datatype
302		dname: compare, printf, parse
303
304		testcode/
305		main programs that do unit tests, using testdata
306		testdata/
307		daemon/
308		unbound.c for validating caching recursive dns server.
309		scheduler.c for the modules.
310
311		libunbound/
312		app linkable. Can be configged to do whatever,
313		validator, iterator, validating iterator, forwarding stub.
314		libforwardbound/
315		app linkable forwarding stub. Small lib.
316
317		ask_cachor/ .c .h
318		module takes qname, qtype, returns answer from msgcache.
319		could ask cached for answer (and wait for network, 10 ms).
320		if not in cache, asks next module.
321		cachord/
322		main.c, simple udp proto, query or store msg in cache.
323		supports option to save cache to disk (absolute time ttls).

+37

-0

doc/requirements.txt less more

205	205	The casing from the query name is used in preference to the casing
206	206	of the authority server. This is the same as BIND. RFC4343 allows either
207	207	behaviour.
	208
	209	o Denial of service protection
	210	If many queries are made, and they are made to names for which the
	211	authority servers do not respond, then the requestlist for unbound
	212	fills up fast. This results in denial of service for new queries.
	213	To combat this the first 50% of the requestlist can run to completion.
	214	The last 50% of the requestlist get (200 msec) at least and are replaced
	215	by newer queries when older (LIFO).
	216	When a new query comes in, and a place in the first 50% is available, this
	217	is preferred. Otherwise, it can replace older queries out of the last 50%.
	218	Thus, even long queries get a 50% chance to be resolved. And many 'short'
	219	one or two round-trip resolves can be done in the last 50% of the list.
	220	The timeout can be configured.
	221
	222	o EDNS fallback. Is done according to the EDNS RFC (and update draft-00).
	223	Unbound assumes EDNS 0 support for the first query. Then it can detect
	224	support (if the servers replies) or non-support (on a NOTIMPL or FORMERR).
	225	Some middleboxes drop EDNS 0 queries, mainly when forwarding, not when
	226	routing packets. To detect this, when timeouts keep happening, as the
	227	timeout approached 5-10 seconds, and EDNS status has not been detected yet,
	228	a single probe query is sent. This probe has a sub-second timeout, and
	229	if the server responds (quickly) without EDNS, this is cached for 15 min.
	230	This works very well when detecting an address that you use much - like
	231	a forwarder address - which is where the middleboxes need to be detected.
	232	Otherwise, it results in a 5 second wait time before EDNS timeout is
	233	detected, which is slow but it works at least.
	234	It minimizes the chances of a dropped query making a (DNSSEC) EDNS server
	235	falsely EDNS-nonsupporting, and thus DNSSEC-bogus, works well with
	236	middleboxes, and can detect the occasional authority that drops EDNS.
	237
	238	o 0x20 backoff.
	239	The draft describes to back off to the next server, and go through all
	240	servers several times. Unbound goes on get the full list of nameserver
	241	addresses, and then makes 3 * number of addresses queries.
	242	They are sent to a random server, but no one address more than 4 times.
	243	It succeeds if one has 0x20 intact, or else all are equal.
	244	Otherwise, servfail is returned to the client.

+1

-1

doc/unbound-checkconf.8.in less more

0		.TH "unbound-checkconf" "8" "Aug 7, 2008" "NLnet Labs" "unbound 1.0.2"
	0	.TH "unbound-checkconf" "8" "Feb 10, 2009" "NLnet Labs" "unbound 1.2.1"
1	1	.\"
2	2	.\" unbound-checkconf.8 -- unbound configuration checker manual
3	3	.\"

+322

-0

doc/unbound-control.8.in less more

	0	.TH "unbound-control" "8" "Feb 10, 2009" "NLnet Labs" "unbound 1.2.1"
	1	.\"
	2	.\" unbound-control.8 -- unbound remote control manual
	3	.\"
	4	.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
	5	.\"
	6	.\" See LICENSE for the license.
	7	.\"
	8	.\"
	9	.SH "NAME"
	10	.LP
	11	unbound-control
	12	\- Unbound remote server control utility.
	13	.SH "SYNOPSIS"
	14	.B unbound-control
	15	.RB [ \-h ]
	16	.RB [ \-c
	17	.IR cfgfile ]
	18	.RB [ \-s
	19	.IR server ]
	20	.IR command
	21	.SH "DESCRIPTION"
	22	.B Unbound-control
	23	performs remote administration on the \fIunbound\fR(8) DNS server.
	24	It reads the configuration file, contacts the unbound server over SSL
	25	sends the command and displays the result.
	26	.P
	27	The available options are:
	28	.TP
	29	.B \-h
	30	Show the version and commandline option help.
	31	.TP
	32	.B \-c \fIcfgfile
	33	The config file to read with settings. If not given the default
	34	config file @ub_conf_file@ is used.
	35	.TP
	36	.B \-s \fIserver[@port]
	37	IPv4 or IPv6 address of the server to contact. If not given, the
	38	address is read from the config file.
	39	.SH "COMMANDS"
	40	There are several commands that the server understands.
	41	.TP
	42	.B start
	43	Start the server. Simply execs \fIunbound\fR(8). The unbound executable
	44	is searched for in the \fBPATH\fR set in the environment. It is started
	45	with the config file specified using \fI\-c\fR or the default config file.
	46	.TP
	47	.B stop
	48	Stop the server. The server daemon exits.
	49	.TP
	50	.B reload
	51	Reload the server. This flushes the cache and reads the config file fresh.
	52	.TP
	53	.B verbosity \fInumber
	54	Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
	55	\fIunbound.conf\fR(5). This new setting lasts until the server is issued
	56	a reload (taken from config file again), or the next verbosity control command.
	57	.TP
	58	.B stats
	59	Print statistics. Resets the internal counters to zero, this can be
	60	controlled using the \fBstatistics\-cumulative\fR config statement.
	61	Statistics are printed with one [name]: [value] per line.
	62	.TP
	63	.B status
	64	Display server status. Exit code 3 if not running (the connection to the
	65	port is refused), 1 on error, 0 if running.
	66	.TP
	67	.B local_zone \fIname\fR \fItype
	68	Add new local zone with name and type. Like \fBlocal\-zone\fR config statement.
	69	If the zone already exists, the type is changed to the given argument.
	70	.TP
	71	.B local_zone_remove \fIname
	72	Remove the local zone with the given name. Removes all local data inside
	73	it. If the zone does not exist, the command succeeds.
	74	.TP
	75	.B local_data \fIRR data...
	76	Add new local data, the given resource record. Like \fBlocal\-data\fR
	77	config statement, except for when no covering zone exists. In that case
	78	this remote control command creates a transparent zone with the same
	79	name as this record. This command is not good at returning detailed syntax
	80	errors.
	81	.TP
	82	.B local_data_remove \fIname
	83	Remove all RR data from local name. If the name already has no items,
	84	nothing happens. Often results in NXDOMAIN for the name (in a static zone),
	85	but if the name has become an empty nonterminal (there is still data in
	86	domain names below the removed name), NOERROR nodata answers are the
	87	result for that name.
	88	.TP
	89	.B dump_cache
	90	The contents of the cache is printed in a text format to stdout. You can
	91	redirect it to a file to store the cache in a file.
	92	.TP
	93	.B load_cache
	94	The contents of the cache is loaded from stdin. Uses the same format as
	95	dump_cache uses. Loading the cache with old, or wrong data can result
	96	in old or wrong data returned to clients.
	97	.TP
	98	.B lookup \fIname
	99	Print to stdout the name servers that would be used to look up the
	100	name specified.
	101	.TP
	102	.B flush \fIname
	103	Remove the name from the cache. Removes the types
	104	A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR.
	105	Because that is fast to do. Other record types can be removed using
	106	.B flush_type
	107	or
	108	.B flush_zone\fR.
	109	.TP
	110	.B flush_type \fIname\fR \fItype
	111	Remove the name, type information from the cache.
	112	.TP
	113	.B flush_zone \fIname
	114	Remove all information at or below the name from the cache.
	115	The rrsets and key entries are removed so that new lookups will be performed.
	116	This needs to walk and inspect the entire cache, and is a slow operation.
	117	.SH "EXIT CODE"
	118	The unbound-control program exits with status code 1 on error, 0 on success.
	119	.SH "SET UP"
	120	The setup requires a self\-signed certificate and private keys for both
	121	the server and client. The script \fIunbound\-control\-setup\fR generates
	122	these in the default run directory, or with \-d in another directory.
	123	Run the script under the same username as you have configured in unbound.conf
	124	so that the daemon is permitted to read the files, for example with:
	125	.nf
	126	sudo \-u unbound unbound\-control\-setup
	127	.fi
	128	If you have not configured
	129	a username in unbound.conf, the keys need read permission for the user
	130	credentials under which the daemon is started.
	131	The script preserves private keys present in the directory.
	132	After running the script as root, turn on \fBcontrol-enable\fR in
	133	\fIunbound.conf\fR.
	134	.SH "STATISTIC COUNTERS"
	135	The \fIstats\fR command shows a number of statistic counters.
	136	.TP
	137	.I threadX.num.queries
	138	number of queries received by thread
	139	.TP
	140	.I threadX.num.cachehits
	141	number of queries that were successfully answered using a cache lookup
	142	.TP
	143	.I threadX.num.cachemiss
	144	number of queries that needed recursive processing
	145	.TP
	146	.I threadX.num.recursivereplies
	147	The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries.
	148	.TP
	149	.I threadX.requestlist.avg
	150	The average number of requests in the internal recursive processing request list on insert of a new incoming recursive processing query.
	151	.TP
	152	.I threadX.requestlist.max
	153	Maximum size attained by the internal recursive processing request list.
	154	.TP
	155	.I threadX.requestlist.overwritten
	156	Number of requests in the request list that were overwritten by newer entries. This happens if there is a flood of queries that recursive processing and the server has a hard time.
	157	.TP
	158	.I threadX.requestlist.exceeded
	159	Queries that were dropped because the request list was full. This happens if a flood of queries need recursive processing, and the server can not keep up.
	160	.TP
	161	.I threadX.requestlist.current.all
	162	Current size of the request list, includes internally generated queries (such
	163	as priming queries and glue lookups).
	164	.TP
	165	.I threadX.requestlist.current.user
	166	Current size of the request list, only the requests from client queries.
	167	.TP
	168	.I threadX.recursion.time.avg
	169	Average time it took to answer queries that needed recursive processing. Note that queries that were answered from the cache are not in this average.
	170	.TP
	171	.I threadX.recursion.time.median
	172	The median of the time it took to answer queries that needed recursive
	173	processing. The median means that 50% of the user queries were answered in
	174	less than this time. Because of big outliers (usually queries to non
	175	responsive servers), the average can be bigger than the median. This median
	176	has been calculated by interpolation from a histogram.
	177	.TP
	178	.I total.num.queries
	179	summed over threads.
	180	.TP
	181	.I total.num.cachehits
	182	summed over threads.
	183	.TP
	184	.I total.num.cachemiss
	185	summed over threads.
	186	.TP
	187	.I total.num.recursivereplies
	188	summed over threads.
	189	.TP
	190	.I total.requestlist.avg
	191	averaged over threads.
	192	.TP
	193	.I total.requestlist.max
	194	the maximum of the thread requestlist.max values.
	195	.TP
	196	.I total.requestlist.overwritten
	197	summed over threads.
	198	.TP
	199	.I total.requestlist.exceeded
	200	summed over threads.
	201	.TP
	202	.I total.requestlist.current.all
	203	summed over threads.
	204	.TP
	205	.I total.recursion.time.median
	206	averaged over threads.
	207	.TP
	208	.I time.now
	209	current time in seconds since 1970.
	210	.TP
	211	.I time.up
	212	uptime since server boot in seconds.
	213	.TP
	214	.I time.elapsed
	215	time since last statistics printout, in seconds.
	216	.SH EXTENDED STATISTICS
	217	.TP
	218	.I mem.total.sbrk
	219	If sbrk(2) is available, an estimate of the heap size of the program in number of bytes. Close to the total memory used by the program, as reported by top and ps. Could be wrong if the OS allocates memory non\-contiguously.
	220	.TP
	221	.I mem.cache.rrset
	222	Memory in bytes in use by the RRset cache.
	223	.TP
	224	.I mem.cache.message
	225	Memory in bytes in use by the message cache.
	226	.TP
	227	.I mem.mod.iterator
	228	Memory in bytes in use by the iterator module.
	229	.TP
	230	.I mem.mod.validator
	231	Memory in bytes in use by the validator module. Includes the key cache and
	232	negative cache.
	233	.TP
	234	.I histogram.<sec>.<usec>.to.<sec>.<usec>
	235	Shows a histogram, summed over all threads. Every element counts the
	236	recursive queries whose reply time fit between the lower and upper bound.
	237	Times larger or equal to the lowerbound, and smaller than the upper bound.
	238	There are 40 buckets, with bucket sizes doubling.
	239	.TP
	240	.I num.query.type.A
	241	The total number of queries over all threads with query type A.
	242	Printed for the other query types as well, but only for the types for which
	243	queries were received, thus =0 entries are omitted for brevity.
	244	.TP
	245	.I num.query.type.other
	246	Number of queries with query types 256-65535.
	247	.TP
	248	.I num.query.class.IN
	249	The total number of queries over all threads with query class IN (internet).
	250	Also printed for other classes (such as CH (CHAOS) sometimes used for
	251	debugging), or NONE, ANY, used by dynamic update.
	252	num.query.class.other is printed for classes 256-65535.
	253	.TP
	254	.I num.query.opcode.QUERY
	255	The total number of queries over all threads with query opcode QUERY.
	256	Also printed for other opcodes, UPDATE, ...
	257	.TP
	258	.I num.query.tcp
	259	Number of queries that were made using TCP towards the unbound server.
	260	.TP
	261	.I num.query.ipv6
	262	Number of queries that were made using IPv6 towards the unbound server.
	263	.TP
	264	.I num.query.flags.RD
	265	The number of queries that had the RD flag set in the header.
	266	Also printed for flags QR, AA, TC, RA, Z, AD, CD.
	267	Note that queries with flags QR, AA or TC may have been rejected
	268	because of that.
	269	.TP
	270	.I num.query.edns.present
	271	number of queries that had an EDNS OPT record present.
	272	.TP
	273	.I num.query.edns.DO
	274	number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set.
	275	These queries are also included in the num.query.edns.present number.
	276	.TP
	277	.I num.answer.rcode.NXDOMAIN
	278	The number of answers to queries, from cache or from recursion, that had the
	279	return code NXDOMAIN. Also printed for the other return codes.
	280	.TP
	281	.I num.answer.rcode.nodata
	282	The number of answers to queries that had the pseudo return code nodata.
	283	This means the actual return code was NOERROR, but additionally, no data was
	284	carried in the answer (making what is called a NOERROR/NODATA answer).
	285	These queries are also included in the num.answer.rcode.NOERROR number.
	286	Common for AAAA lookups when an A record exists, and no AAAA.
	287	.TP
	288	.I num.answer.secure
	289	Number of answers that were secure. The answer validated correctly.
	290	The AD bit might have been set in some of these answers, where the client
	291	signalled (with DO or AD bit in the query) that they were ready to accept
	292	the AD bit in the answer.
	293	.TP
	294	.I num.answer.bogus
	295	Number of answers that were bogus. These answers resulted in SERVFAIL
	296	to the client because the answer failed validation.
	297	.TP
	298	.I num.rrset.bogus
	299	The number of rrsets marked bogus by the validator. Increased for every
	300	RRset inspection that fails.
	301	.TP
	302	.I unwanted.queries
	303	Number of queries that were refused or dropped because they failed the
	304	access control settings.
	305	.TP
	306	.I unwanted.replies
	307	Replies that were unwanted or unsolicited. Could have been random traffic,
	308	delayed duplicates, very late answers, or could be spoofing attempts.
	309	Some low level of late answers and delayed duplicates are to be expected
	310	with the UDP protocol. Very high values could indicate a threat (spoofing).
	311	.SH "FILES"
	312	.TP
	313	.I @ub_conf_file@
	314	unbound configuration file.
	315	.TP
	316	.I @UNBOUND_RUN_DIR@
	317	directory with private keys (unbound_server.key and unbound_control.key) and
	318	self-signed certificates (unbound_server.pem and unbound_control.pem).
	319	.SH "SEE ALSO"
	320	\fIunbound.conf\fR(5),
	321	\fIunbound\fR(8).

+8

-2

doc/unbound-host.1 less more

0		.TH "unbound\-host" "1" "Aug 7, 2008" "NLnet Labs" "unbound 1.0.2"
	0	.TH "unbound\-host" "1" "Feb 10, 2009" "NLnet Labs" "unbound 1.2.1"
1	1	.\"
2	2	.\" unbound-host.1 -- unbound DNS lookup utility
3	3	.\"

13	13	.SH "SYNOPSIS"
14	14	.LP
15	15	.B unbound\-host
16		.RB [ \-vdhr ]
	16	.RB [ \-vdhr46 ]
17	17	.RB [ \-c
18	18	.IR class ]
19	19	.RB [ \-t

86	86	have been set by DHCP). More info in
87	87	.IR resolv.conf (5).
88	88	Breaks validation if those servers do not support DNSSEC.
	89	.TP
	90	.B \-4
	91	Use solely the IPv4 network for sending packets.
	92	.TP
	93	.B \-6
	94	Use solely the IPv6 network for sending packets.
89	95	.SH "EXAMPLES"
90	96	.LP
91	97	Some examples of use. The keys shown below are fakes, thus a security failure

+2

-2

doc/unbound.8.in less more

0		.TH "unbound" "8" "Aug 7, 2008" "NLnet Labs" "unbound 1.0.2"
	0	.TH "unbound" "8" "Feb 10, 2009" "NLnet Labs" "unbound 1.2.1"
1	1	.\"
2	2	.\" unbound.8 -- unbound manual
3	3	.\"

9	9	.SH "NAME"
10	10	.LP
11	11	.B unbound
12		\- Unbound DNS validating resolver 1.0.2.
	12	\- Unbound DNS validating resolver 1.2.1.
13	13	.SH "SYNOPSIS"
14	14	.LP
15	15	.B unbound

+185

-21

doc/unbound.conf.5.in less more

0		.TH "unbound.conf" "5" "Aug 7, 2008" "NLnet Labs" "unbound 1.0.2"
	0	.TH "unbound.conf" "5" "Feb 10, 2009" "NLnet Labs" "unbound 1.2.1"
1	1	.\"
2	2	.\" unbound.conf.5 -- unbound.conf manual
3	3	.\"

48	48	# unbound.conf(5) config file for unbound(8).
49	49	server:
50	50	directory: "/etc/unbound"
51		username: unbound # make sure it can write to pidfile.
	51	username: unbound
52	52	# make sure unbound can access entropy from inside the chroot.
53	53	# e.g. on linux the use these commands (on BSD, devfs(8) is used):
54	54	# mount --bind -n /dev/random /etc/unbound/dev/random

72	72	.B include:
73	73	directive. It can appear anywhere, and takes a single filename as an argument.
74	74	Processing continues as if the text from the included file was copied into
75		the config file at that point.
	75	the config file at that point. If also using chroot, using full path names
	76	for the included files works, relative pathnames for the included names work
	77	if the directory where the daemon is started equals its chroot/working
	78	directory.
76	79	.SS "Server Options"
77	80	These options are part of the
78	81	.B server:

87	90	see
88	91	\fIunbound\fR(8).
89	92	.TP
90		.B statistics-interval: \fI<seconds>
	93	.B statistics\-interval: \fI<seconds>
91	94	The number of seconds between printing statistics to the log for every thread.
92	95	Disable with value 0 or "". Default is disabled.
93	96	.TP
94		.B statistics-cumulative: \fI<yes or no>
	97	.B statistics\-cumulative: \fI<yes or no>
95	98	If enabled, statistics are cumulative since starting unbound, without clearing
96	99	the statistics counters after logging the statistics. Default is no.
	100	.TP
	101	.B extended\-statistics: \fI<yes or no>
	102	If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
	103	Default is off, because keeping track of more statistics takes time.
97	104	.TP
98	105	.B num\-threads: \fI<number>
99	106	The number of threads to create to serve clients. Use 1 for no threading.

136	143	spoofing attempts. Make sure these ports are not needed by other daemons.
137	144	By default only ports above 1024 that have not been assigned by IANA are used.
138	145	Give a port number or a range of the form "low-high", without spaces.
	146	.IP
	147	The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements
	148	are processed in the line order of the config file, adding the permitted ports
	149	and subtracting the avoided ports from the set of allowed ports. The
	150	processing starts with the non IANA allocated ports above 1024 in the set
	151	of allowed ports.
139	152	.TP
140	153	.B outgoing\-port\-avoid: \fI<port number or range>
141	154	Do not permit unbound to open this port or range of ports for use to send

171	184	.TP
172	185	.B num\-queries\-per\-thread: \fI<number>
173	186	The number of queries that every thread will service simultaneously.
174		If more queries arrive that need servicing, they are dropped. This forces
	187	If more queries arrive that need servicing, and no queries can be jostled out
	188	(see \fIjostle\-timeout\fR), then the queries are dropped. This forces
175	189	the client to resend after a timeout; allowing the server time to work on
176	190	the existing queries. Default 1024.
	191	.TP
	192	.B jostle\-timeout: \fI<msec>
	193	Timeout used when the server is very busy. Set to a value that usually
	194	results in one roundtrip to the authority servers. If too many queries
	195	arrive, then 50% of the queries are allowed to run to completion, and
	196	the other 50% are replaced with the new incoming query if they have already
	197	spent more than their allowed time. This protects against denial of
	198	service by slow queries or high query rates. Default 200 milliseconds.
177	199	.TP
178	200	.B rrset\-cache\-size: \fI<number>
179	201	Number of bytes size of the RRset cache. Default is 4 megabytes.

231	253	.TP
232	254	.B access\-control: \fI<IP netblock> <action>
233	255	The netblock is given as an IP4 or IP6 address with /size appended for a
234		classless network block. The action can be deny, refuse or allow.
235		Deny stops queries from hosts from that netblock.
236		Refuse stops queries too, but sends a DNS rcode REFUSED error message back.
237		Allow gives access to clients from that netblock.
238		By default only localhost is allowed, the rest is refused.
239		The default is refused, because that is protocol\-friendly. The DNS protocol
240		is not designed to handle dropped packets due to policy, and dropping may
241		result in (possibly excessive) retried queries.
	256	classless network block. The action can be \fIdeny\fR, \fIrefuse\fR,
	257	\fIallow\fR or \fIallow_snoop\fR.
	258	.IP
	259	The action \fIdeny\fR stops queries from hosts from that netblock.
	260	.IP
	261	The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED
	262	error message back.
	263	.IP
	264	The action \fIallow\fR gives access to clients from that netblock.
	265	It gives only access for recursion clients (which is
	266	what almost all clients need). Nonrecursive queries are refused.
	267	.IP
	268	The \fIallow\fR action does allow nonrecursive queries to access the
	269	local\-data that is configured. The reason is that this does not involve
	270	the unbound server recursive lookup algorithm, and static data is served
	271	in the reply. This supports normal operations where nonrecursive queries
	272	are made for the authoritative data. For nonrecursive queries any replies
	273	from the dynamic cache are refused.
	274	.IP
	275	The action \fIallow_snoop\fR gives nonrecursive access too. This give
	276	both recursive and non recursive access. The name \fIallow_snoop\fR refers
	277	to cache snooping, a technique to use nonrecursive queries to examine
	278	the cache contents (for malicious acts). However, nonrecursive queries can
	279	also be a valuable debugging tool (when you want to examine the cache
	280	contents). In that case use \fIallow_snoop\fR for your administration host.
	281	.IP
	282	By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd.
	283	The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS
	284	protocol is not designed to handle dropped packets due to policy, and
	285	dropping may result in (possibly excessive) retried queries.
242	286	.TP
243	287	.B chroot: \fI<directory>
244	288	If chroot is enabled, you should pass the configfile (from the

246	290	chroot has been performed the now defunct portion of the config
247	291	file path is removed to be able to reread the config after a reload.
248	292	.IP
249		All other file paths (working dir, pidfile, logfile, roothints,
	293	All other file paths (working dir, logfile, roothints, and
250	294	key files) can be specified in several ways:
251	295	as an absolute path relative to the new root,
252	296	as a relative path to the working directory, or
253	297	as an absolute path relative to the original root.
254	298	In the last case the path is adjusted to remove the unused portion.
255	299	.IP
	300	The pidfile can be either a relative path to the working directory, or
	301	an absolute path relative to the original root. It is written just prior
	302	to chroot and dropping permissions. This allows the pidfile to be
	303	/var/run/unbound.pid and the chroot to be /var/unbound, for example.
	304	.IP
256	305	Additionally, unbound may need to access /dev/random (for entropy)
257		and to /dev/log (if you use syslog) from inside the chroot.
	306	from inside the chroot.
258	307	.IP
259	308	If given a chroot is done to the given directory. The default is
260	309	"@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed.

359	408	unsigned to badly signed often. If turned off you run the risk of a
360	409	downgrade attack that disables security for a zone. Default is on.
361	410	.TP
	411	.B harden\-referral\-path: \fI<yes or no>
	412	Harden the referral path by performing additional queries for
	413	infrastructure data. Validates the replies if trust anchors are configured
	414	and the zones are signed. This enforces DNSSEC validation on nameserver
	415	NS sets and the nameserver addresses that are encountered on the referral
	416	path to the answer.
	417	Default off, because it burdens the authority servers, and it is
	418	not RFC standard, and could lead to performance problems because of the
	419	extra query load that is generated. Experimental option.
	420	.TP
362	421	.B use\-caps\-for\-id: \fI<yes or no>
363	422	Use 0x20-encoded random bits in the query to foil spoof attempts.
364	423	This perturbs the lowercase and uppercase of query names sent to
365	424	authority servers and checks if the reply still has the correct casing.
366		Disabled by default, because some caching forwarders may not
367		support this. It is known that some authority servers do not support 0x20,
368		and resolution will fail for them. A solution is on the TODO list.
	425	Disabled by default.
369	426	This feature is an experimental implementation of draft dns\-0x20.
	427	.TP
	428	.B private\-address: \fI<IP address or subnet>
	429	Give IPv4 of IPv6 addresses or classless subnets. These are addresses
	430	on your private network, and are not allowed to be returned for public
	431	internet names. Any occurence of such addresses are removed from
	432	DNS answers. Additionally, the DNSSEC validator may mark the answers
	433	bogus. This protects against so-called DNS Rebinding, where a user browser
	434	is turned into a network proxy, allowing remote access through the browser
	435	to other parts of your private network. Some names can be allowed to
	436	contain your private addresses, by default all the \fBlocal\-data\fR
	437	that you configured is allowed to, and you can specify additional
	438	names using \fBprivate\-domain\fR. No private addresses are enabled
	439	by default. We consider to enable this for the RFC1918 private IP
	440	address space by default in later releases. That would enable private
	441	addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 192.254.0.0/16
	442	fd00::/8 and fe80::/10, since the RFC standards say these addresses
	443	should not be visible on the public internet. Turning on 127.0.0.0/8
	444	would hinder many spamblocklists as they use that.
	445	.TP
	446	.B private\-domain: \fI<domain name>
	447	Allow this domain, and all its subdomains to contain private addresses.
	448	Give multiple times to allow multiple domain names to contain private
	449	addresses. Default is none.
	450	.TP
	451	.B unwanted\-reply\-threshold: \fI<number>
	452	If set, a total number of unwanted replies is kept track of in every thread.
	453	When it reaches the threshold, a defensive action is taken and a warning
	454	is printed to the log. The defensive action is to clear the rrset and
	455	message caches, hopefully flushing away any poison. A value of 10 million
	456	is suggested. Default is 0 (turned off).
370	457	.TP
371	458	.B do\-not\-query\-address: \fI<IP address>
372	459	Do not query the given IP address. Can be IP4 or IP6. Append /num to

403	490	with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR
404	491	but has a different file format. Format is BIND\-9 style format,
405	492	the trusted\-keys { name flag proto algo "key"; }; clauses are read.
	493	It is possible to use wildcards with this statement, the wildcard is
	494	expanded on start and on reload.
	495	.TP
	496	.B dlv\-anchor\-file: \fI<filename>
	497	File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and
	498	DNSKEY entries can be used in the file, in the same format as for
	499	\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more
	500	would be slow. The DLV configured is used as a root trusted DLV, this
	501	means that it is a lookaside for the root. Default is "", or no dlv anchor file.
	502	.TP
	503	.B dlv\-anchor: \fI<"Resource Record">
	504	Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline.
406	505	.TP
407	506	.B val\-override\-date: \fI<rrsig\-style date spec>
408	507	Default is "" or "0", which disables this debugging feature. If enabled by

413	512	.B val\-bogus\-ttl: \fI<number>
414	513	The time to live for bogus data. This is data that has failed validation;
415	514	due to invalid signatures or other checks. The TTL from that data cannot be
416		trusted, and this value is used instead. The value is in seconds, default 900.
	515	trusted, and this value is used instead. The value is in seconds, default 60.
417	516	The time interval prevents repeated revalidation of bogus data.
418	517	.TP
419	518	.B val\-clean\-additional: \fI<yes or no>

450	549	Must be set to a power of 2. Setting (close) to the number of cpus is a
451	550	reasonable guess.
452	551	.TP
	552	.B neg\-cache\-size: \fI<number>
	553	Number of bytes size of the aggressive negative cache. Default is 1 megabyte.
	554	A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
	555	or gigabytes (1024*1024 bytes in a megabyte).
	556	.TP
453	557	.B local\-zone: \fI<zone> <type>
454	558	Configure a local zone. The type determines the answer to give if there is
455	559	no match from local\-data. The types are deny, refuse, static, transparent,

477	581	.TP 10
478	582	\h'5'\fItransparent\fR
479	583	If there is a match from local data, the query is answered.
480		Otherwise, the query is resolved normally.
	584	Otherwise if the query has a different name, the query is resolved normally.
	585	If the query is for a name given in localdata but no such type of data is
	586	given in localdata, then a noerror nodata answer is returned.
481	587	If no local\-zone is given local\-data causes a transparent zone
482	588	to be created by default.
483	589	.TP 10

588	694	If you need more complicated authoritative data, with referrals, wildcards,
589	695	CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
590	696	it as detailed in the stub zone section below.
	697	.TP 5
	698	.B local\-data\-ptr: \fI"IPaddr name"
	699	Configure local data shorthand for a PTR record with the reversed IPv4 or
	700	IPv6 address and the host name. For example "192.0.2.4 www.example.com".
	701	TTL can be inserted like this: "2001:DB8::4 7200 www.example.com"
	702	.SS "Remote Control Options"
	703	In the
	704	.B remote\-control:
	705	clause are the declarations for the remote control facility. If this is
	706	enabled, the \fIunbound\-control\fR(8) utility can be used to send
	707	commands to the running unbound server. The server uses these clauses
	708	to setup SSLv3 / TLSv1 security for the connection. The
	709	\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR
	710	section for options. To setup the correct self-signed certificates use the
	711	\fIunbound\-control\-setup\fR(8) utility.
	712	.TP 5
	713	.B control\-enable: \fI<yes or no>
	714	The option is used to enable remote control, default is "no".
	715	If turned off, the server does not listen for control commands.
	716	.TP 5
	717	.B control\-interface: <ip address>
	718	Give IPv4 or IPv6 addresses to listen on for control commands.
	719	By default localhost (127.0.0.1 and ::1) is listened to.
	720	Use 0.0.0.0 and ::0 to listen to all interfaces.
	721	.TP 5
	722	.B control\-port: <port number>
	723	The port number to listen on for control commands, default is 953
	724	(that is the same port number named uses to listen to rndc).
	725	If you change this port number, and permissions have been dropped, a
	726	reload is not sufficient to open the port again, you must then restart.
	727	.TP 5
	728	.B server\-key\-file: "<private key file>"
	729	Path to the server private key, by default unbound_server.key.
	730	This file is generated by the \fIunbound\-control\-setup\fR utility.
	731	This file is used by the unbound server, but not by \fIunbound\-control\fR.
	732	.TP 5
	733	.B server\-cert\-file: "<certificate file.pem>"
	734	Path to the server self signed certificate, by default unbound_server.pem.
	735	This file is generated by the \fIunbound\-control\-setup\fR utility.
	736	This file is used by the unbound server, and also by \fIunbound\-control\fR.
	737	.TP 5
	738	.B control\-key\-file: "<private key file>"
	739	Path to the control client private key, by default unbound_control.key.
	740	This file is generated by the \fIunbound\-control\-setup\fR utility.
	741	This file is used by \fIunbound\-control\fR.
	742	.TP 5
	743	.B control\-cert\-file: "<certificate file.pem>"
	744	Path to the control client certificate, by default unbound_control.pem.
	745	This certificate has to be signed with the server certificate.
	746	This file is generated by the \fIunbound\-control\-setup\fR utility.
	747	This file is used by \fIunbound\-control\fR.
591	748	.SS "Stub Zone Options"
592	749	.LP
593	750	There may be multiple

622	779	.B stub\-addr: \fI<IP address>
623	780	IP address of stub zone nameserver. Can be IP 4 or IP 6.
624	781	To use a nondefault port for DNS communication append '@' with the port number.
	782	.TP
	783	.B stub\-prime: \fI<yes or no>
	784	This option is by default off. If enabled it performs NS set priming,
	785	which is similar to root hints, where it starts using the list of nameservers
	786	currently published by the zone. Thus, if the hint list is slightly outdated,
	787	the resolver picks up a correct list online.
625	788	.SS "Forward Zone Options"
626	789	.LP
627	790	There may be multiple

667	830	infra\-cache\-lame\-size: 1k
668	831	key\-cache\-size: 100k
669	832	key\-cache\-slabs: 1
	833	neg\-cache\-size: 10k
670	834	num\-queries\-per\-thread: 30
671	835	target\-fetch\-policy: "2 1 0 0 0 0"
672	836	harden\-large\-queries: "yes"

+1

-2

doc/unbound.doxygen less more

149	149	# will output the detailed description near the top, like JavaDoc.
150	150	# If set to NO, the detailed description appears after the member
151	151	# documentation.
152
153		DETAILS_AT_TOP = NO
	152	#DETAILS_AT_TOP = NO
154	153
155	154	# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
156	155	# member inherits the documentation from any documented member that it

+79

-21

iterator/iter_delegpt.c less more

71	71	if(!delegpt_add_ns(copy, region, ns->name))
72	72	return NULL;
73	73	copy->nslist->resolved = ns->resolved;
	74	copy->nslist->got4 = ns->got4;
	75	copy->nslist->got6 = ns->got6;
74	76	}
75	77	for(a = dp->target_list; a; a = a->next_target) {
76		if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen))
	78	if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen,
	79	a->bogus, 0))
77	80	return NULL;
78	81	}
79	82	return copy;

106	109	dp->nslist = ns;
107	110	ns->name = regional_alloc_init(region, name, ns->namelen);
108	111	ns->resolved = 0;
	112	ns->got4 = 0;
	113	ns->got6 = 0;
109	114	return 1;
110	115	}
111	116

123	128	return NULL;
124	129	}
125	130
	131	struct delegpt_addr*
	132	delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr,
	133	socklen_t addrlen)
	134	{
	135	struct delegpt_addr* p = dp->target_list;
	136	while(p) {
	137	if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0) {
	138	return p;
	139	}
	140	p = p->next_target;
	141	}
	142	return NULL;
	143	}
	144
126	145	int
127	146	delegpt_add_target(struct delegpt* dp, struct regional* region,
128	147	uint8_t* name, size_t namelen, struct sockaddr_storage* addr,
129		socklen_t addrlen)
	148	socklen_t addrlen, int bogus, int nodup)
130	149	{
131	150	struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen);
132	151	if(!ns) {
133	152	/* ignore it */
134	153	return 1;
135	154	}
136		ns->resolved = 1;
137		return delegpt_add_addr(dp, region, addr, addrlen);
	155	if(addr_is_ip6(addr, addrlen))
	156	ns->got6 = 1;
	157	else ns->got4 = 1;
	158	if(ns->got4 && ns->got6)
	159	ns->resolved = 1;
	160	return delegpt_add_addr(dp, region, addr, addrlen, bogus, nodup);
138	161	}
139	162
140	163	int
141	164	delegpt_add_addr(struct delegpt* dp, struct regional* region,
142		struct sockaddr_storage* addr, socklen_t addrlen)
143		{
144		struct delegpt_addr* a = (struct delegpt_addr*)regional_alloc(region,
	165	struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int nodup)
	166	{
	167	struct delegpt_addr* a;
	168	if(nodup) {
	169	if((a = delegpt_find_addr(dp, addr, addrlen))) {
	170	if(bogus)
	171	a->bogus = bogus;
	172	return 1;
	173	}
	174	}
	175
	176	a = (struct delegpt_addr*)regional_alloc(region,
145	177	sizeof(struct delegpt_addr));
146	178	if(!a)
147	179	return 0;

153	185	memcpy(&a->addr, addr, addrlen);
154	186	a->addrlen = addrlen;
155	187	a->attempts = 0;
	188	a->bogus = bogus;
156	189	return 1;
157	190	}
158	191
159		/** count NS and number missing */
160		static void
	192	void
161	193	delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing)
162	194	{
163	195	struct delegpt_ns* ns;

170	202	}
171	203	}
172	204
173		/** count addresses, and number in result and available lists */
174		static void
	205	void
175	206	delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres,
176	207	size_t* numavail)
177	208	{

212	243	if(verbosity >= VERB_ALGO) {
213	244	for(ns = dp->nslist; ns; ns = ns->next) {
214	245	dname_str(ns->name, buf);
215		log_info(" %s%s", buf, (ns->resolved?"*":""));
	246	log_info(" %s %s%s%s%s", buf, (ns->resolved?"*":""),
	247	(ns->got4?" A":""), (ns->got6?" AAAA":""),
	248	(dp->bogus?" BOGUS":"") );
216	249	}
217	250	for(a = dp->target_list; a; a = a->next_target) {
218		log_addr(VERB_ALGO, " ", &a->addr, a->addrlen);
	251	if(a->bogus)
	252	log_addr(VERB_ALGO, " BOGUS ",
	253	&a->addr, a->addrlen);
	254	else log_addr(VERB_ALGO, " ", &a->addr, a->addrlen);
219	255	}
220	256	}
221	257	}

294	330	continue;
295	331
296	332	if(ntohs(s->rk.type) == LDNS_RR_TYPE_A) {
297		if(!delegpt_add_rrset_A(dp, region, s))
	333	if(!delegpt_add_rrset_A(dp, region, s, 0))
298	334	return NULL;
299	335	} else if(ntohs(s->rk.type) == LDNS_RR_TYPE_AAAA) {
300		if(!delegpt_add_rrset_AAAA(dp, region, s))
	336	if(!delegpt_add_rrset_AAAA(dp, region, s, 0))
301	337	return NULL;
302	338	}
303	339	}

311	347	struct packed_rrset_data* nsdata = (struct packed_rrset_data*)
312	348	ns_rrset->entry.data;
313	349	size_t i;
	350	if(nsdata->security == sec_status_bogus)
	351	dp->bogus = 1;
314	352	for(i=0; i<nsdata->count; i++) {
315	353	if(nsdata->rr_len[i] < 2+1) continue; /* len + root label */
316	354	if(dname_valid(nsdata->rr_data[i]+2, nsdata->rr_len[i]-2) !=

325	363
326	364	int
327	365	delegpt_add_rrset_A(struct delegpt* dp, struct regional* region,
328		struct ub_packed_rrset_key* ak)
	366	struct ub_packed_rrset_key* ak, int nodup)
329	367	{
330	368	struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data;
331	369	size_t i;

340	378	memmove(&sa.sin_addr, d->rr_data[i]+2, INET_SIZE);
341	379	if(!delegpt_add_target(dp, region, ak->rk.dname,
342	380	ak->rk.dname_len, (struct sockaddr_storage*)&sa,
343		len))
	381	len, (d->security==sec_status_bogus), nodup))
344	382	return 0;
345	383	}
346	384	return 1;

348	386
349	387	int
350	388	delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region,
351		struct ub_packed_rrset_key* ak)
	389	struct ub_packed_rrset_key* ak, int nodup)
352	390	{
353	391	struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data;
354	392	size_t i;

363	401	memmove(&sa.sin6_addr, d->rr_data[i]+2, INET6_SIZE);
364	402	if(!delegpt_add_target(dp, region, ak->rk.dname,
365	403	ak->rk.dname_len, (struct sockaddr_storage*)&sa,
366		len))
	404	len, (d->security==sec_status_bogus), nodup))
367	405	return 0;
368	406	}
369	407	return 1;

378	416	if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_NS)
379	417	return delegpt_rrset_add_ns(dp, region, rrset);
380	418	else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_A)
381		return delegpt_add_rrset_A(dp, region, rrset);
	419	return delegpt_add_rrset_A(dp, region, rrset, 0);
382	420	else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_AAAA)
383		return delegpt_add_rrset_AAAA(dp, region, rrset);
	421	return delegpt_add_rrset_AAAA(dp, region, rrset, 0);
384	422	log_warn("Unknown rrset type added to delegpt");
385	423	return 1;
386	424	}
	425
	426	void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg)
	427	{
	428	struct reply_info* rep = (struct reply_info*)msg->entry.data;
	429	if(!rep) return;
	430
	431	/* if error or no answers */
	432	if(FLAGS_GET_RCODE(rep->flags) != 0 \|\| rep->an_numrrsets == 0) {
	433	struct delegpt_ns* ns = delegpt_find_ns(dp, msg->key.qname,
	434	msg->key.qname_len);
	435	if(ns) {
	436	if(msg->key.qtype == LDNS_RR_TYPE_A)
	437	ns->got4 = 1;
	438	else if(msg->key.qtype == LDNS_RR_TYPE_AAAA)
	439	ns->got6 = 1;
	440	if(ns->got4 && ns->got6)
	441	ns->resolved = 1;
	442	}
	443	}
	444	}

+50

-5

iterator/iter_delegpt.h less more

47	47	struct delegpt_addr;
48	48	struct dns_msg;
49	49	struct ub_packed_rrset_key;
	50	struct msgreply_entry;
50	51
51	52	/**
52	53	* Delegation Point.

69	70	struct delegpt_addr* usable_list;
70	71	/** the list of returned targets; subset of target_list */
71	72	struct delegpt_addr* result_list;
	73
	74	/** if true, the NS RRset was bogus. All info is bad. */
	75	int bogus;
72	76	};
73	77
74	78	/**

83	87	size_t namelen;
84	88	/**
85	89	* If the name has been resolved. false if not queried for yet.
86		* true if the address is known, or marked true if failed.
	90	* true if the A, AAAA queries have been generated.
	91	* marked true if those queries fail.
	92	* and marked true is got4 and got6 are both true.
87	93	*/
88	94	int resolved;
	95	/** if the ipv4 address is in the delegpt */
	96	uint8_t got4;
	97	/** if the ipv6 address is in the delegpt */
	98	uint8_t got6;
89	99	};
90	100
91	101	/**

107	117	int attempts;
108	118	/** rtt stored here in the selection algorithm */
109	119	int sel_rtt;
	120	/** if true, the A or AAAA RR was bogus, so this address is bad.
	121	* Also check the dp->bogus to see if everything is bogus. */
	122	int bogus;
110	123	};
111	124
112	125	/**

163	176	* @param namelen: length of name.
164	177	* @param addr: the address.
165	178	* @param addrlen: the length of addr.
	179	* @param bogus: security status for the address, pass true if bogus.
	180	* @param nodup: if true, no address duplicates are made by this add.
	181	* name duplicates are always filtered.
166	182	* @return false on error.
167	183	*/
168	184	int delegpt_add_target(struct delegpt* dp, struct regional* regional,
169	185	uint8_t* name, size_t namelen, struct sockaddr_storage* addr,
170		socklen_t addrlen);
	186	socklen_t addrlen, int bogus, int nodup);
171	187
172	188	/**
173	189	* Add A RRset to delegpt.
174	190	* @param dp: delegation point.
175	191	* @param regional: where to allocate the info.
176	192	* @param rrset: RRset A to add.
	193	* @param nodup: if true, no duplicates are made by this add. takes time.
177	194	* @return 0 on alloc error.
178	195	*/
179	196	int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional,
180		struct ub_packed_rrset_key* rrset);
	197	struct ub_packed_rrset_key* rrset, int nodup);
181	198
182	199	/**
183	200	* Add AAAA RRset to delegpt.
184	201	* @param dp: delegation point.
185	202	* @param regional: where to allocate the info.
186	203	* @param rrset: RRset AAAA to add.
	204	* @param nodup: if true, no duplicates are made by this add. takes time.
187	205	* @return 0 on alloc error.
188	206	*/
189	207	int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional,
190		struct ub_packed_rrset_key* rrset);
	208	struct ub_packed_rrset_key* rrset, int nodup);
191	209
192	210	/**
193	211	* Add any RRset to delegpt.
	212	* Does not check for duplicates added.
194	213	* @param dp: delegation point.
195	214	* @param regional: where to allocate the info.
196	215	* @param rrset: RRset to add, NS, A, AAAA.

205	224	* @param regional: where to allocate the info.
206	225	* @param addr: the address.
207	226	* @param addrlen: the length of addr.
	227	* @param bogus: if address is bogus.
	228	* @param nodup: if true, no duplicates are made by this add. takes time.
208	229	* @return false on error.
209	230	*/
210	231	int delegpt_add_addr(struct delegpt* dp, struct regional* regional,
211		struct sockaddr_storage* addr, socklen_t addrlen);
	232	struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int nodup);
212	233
213	234	/**
214	235	* Find NS record in name list of delegation point.

220	241	struct delegpt_ns* delegpt_find_ns(struct delegpt* dp, uint8_t* name,
221	242	size_t namelen);
222	243
	244	/**
	245	* Find address record in total list of delegation point.
	246	* @param dp: delegation point.
	247	* @param addr: address
	248	* @param addrlen: length of addr
	249	* @return the addr structure or NULL if not found.
	250	*/
	251	struct delegpt_addr* delegpt_find_addr(struct delegpt* dp,
	252	struct sockaddr_storage* addr, socklen_t addrlen);
	253
223	254	/**
224	255	* Print the delegation point to the log. For debugging.
225	256	* @param v: verbosity value that is needed to emit to log.
226	257	* @param dp: delegation point.
227	258	*/
228	259	void delegpt_log(enum verbosity_value v, struct delegpt* dp);
	260
	261	/** count NS and number missing for logging */
	262	void delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing);
	263
	264	/** count addresses, and number in result and available lists, for logging */
	265	void delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres,
	266	size_t* numavail);
229	267
230	268	/**
231	269	* Add all usable targets to the result list.

261	299	struct delegpt* delegpt_from_message(struct dns_msg* msg,
262	300	struct regional* regional);
263	301
	302	/**
	303	* Add negative message to delegation point.
	304	* @param dp: delegation point.
	305	* @param msg: the message added, marks off A or AAAA from an NS entry.
	306	*/
	307	void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg);
	308
264	309	#endif /* ITERATOR_ITER_DELEGPT_H */

+7

-84

iterator/iter_donotq.c less more

47	47	#include "util/config_file.h"
48	48	#include "util/net_help.h"
49	49
50		int
51		donotq_cmp(const void* k1, const void* k2)
52		{
53		struct iter_donotq_addr* n1 = (struct iter_donotq_addr*)k1;
54		struct iter_donotq_addr* n2 = (struct iter_donotq_addr*)k2;
55		int r = sockaddr_cmp_addr(&n1->addr, n1->addrlen, &n2->addr,
56		n2->addrlen);
57		if(r != 0) return r;
58		if(n1->net < n2->net)
59		return -1;
60		if(n1->net > n2->net)
61		return 1;
62		return 0;
63		}
64
65	50	struct iter_donotq*
66	51	donotq_create()
67	52	{

83	68	if(!dq)
84	69	return;
85	70	regional_destroy(dq->region);
86		free(dq->tree);
87	71	free(dq);
88	72	}
89	73

92	76	donotq_insert(struct iter_donotq* dq, struct sockaddr_storage* addr,
93	77	socklen_t addrlen, int net)
94	78	{
95		struct iter_donotq_addr* node = regional_alloc(dq->region,
96		sizeof(struct iter_donotq_addr));
	79	struct addr_tree_node* node = (struct addr_tree_node*)regional_alloc(
	80	dq->region, sizeof(*node));
97	81	if(!node)
98	82	return 0;
99		node->node.key = node;
100		memcpy(&node->addr, addr, addrlen);
101		node->addrlen = addrlen;
102		node->net = net;
103		node->parent = NULL;
104		if(!rbtree_insert(dq->tree, &node->node)) {
	83	if(!addr_tree_insert(&dq->tree, node, addr, addrlen, net)) {
105	84	verbose(VERB_QUERY, "duplicate donotquery address ignored.");
106	85	}
107	86	return 1;

139	118	return 1;
140	119	}
141	120
142		/** initialise parent pointers in the tree */
143		static void
144		donotq_init_parents(struct iter_donotq* donotq)
145		{
146		struct iter_donotq_addr* node, prev = NULL, p;
147		int m;
148		RBTREE_FOR(node, struct iter_donotq_addr*, donotq->tree) {
149		node->parent = NULL;
150		if(!prev \|\| prev->addrlen != node->addrlen) {
151		prev = node;
152		continue;
153		}
154		m = addr_in_common(&prev->addr, prev->net, &node->addr,
155		node->net, node->addrlen);
156		/* sort order like: ::/0, 1::/2, 1::/4, ... 2::/2 */
157		/* find the previous, or parent-parent-parent */
158		for(p = prev; p; p = p->parent)
159		if(p->net <= m) {
160		/* ==: since prev matched m, this is closest*/
161		/* <: prev matches more, but is not a parent,
162		* this one is a (grand)parent */
163		node->parent = p;
164		break;
165		}
166		prev = node;
167		}
168		}
169
170	121	int
171	122	donotq_apply_cfg(struct iter_donotq* dq, struct config_file* cfg)
172	123	{
173		free(dq->tree);
174		dq->tree = rbtree_create(donotq_cmp);
175		if(!dq->tree)
176		return 0;
	124	regional_free_all(dq->region);
	125	addr_tree_init(&dq->tree);
177	126	if(!read_donotq(dq, cfg))
178	127	return 0;
179	128	if(cfg->donotquery_localhost) {

184	133	return 0;
185	134	}
186	135	}
187		donotq_init_parents(dq);
	136	addr_tree_init_parents(&dq->tree);
188	137	return 1;
189	138	}
190	139

192	141	donotq_lookup(struct iter_donotq* donotq, struct sockaddr_storage* addr,
193	142	socklen_t addrlen)
194	143	{
195		/* lookup in the tree */
196		rbnode_t* res = NULL;
197		struct iter_donotq_addr* result;
198		struct iter_donotq_addr key;
199		key.node.key = &key;
200		memcpy(&key.addr, addr, addrlen);
201		key.addrlen = addrlen;
202		key.net = (addr_is_ip6(addr, addrlen)?128:32);
203		if(rbtree_find_less_equal(donotq->tree, &key, &res)) {
204		/* exact */
205		return 1;
206		} else {
207		/* smaller element (or no element) */
208		int m;
209		result = (struct iter_donotq_addr*)res;
210		if(!result \|\| result->addrlen != addrlen)
211		return 0;
212		/* count number of bits matched */
213		m = addr_in_common(&result->addr, result->net, addr,
214		key.net, addrlen);
215		while(result) { /* go up until addr is inside netblock */
216		if(result->net <= m)
217		return 1;
218		result = result->parent;
219		}
220		}
221		return 0;
	144	return addr_tree_lookup(&donotq->tree, addr, addrlen) != NULL;
222	145	}
223	146
224	147	size_t

+4

-23

iterator/iter_donotq.h less more

41	41
42	42	#ifndef ITERATOR_ITER_DONOTQ_H
43	43	#define ITERATOR_ITER_DONOTQ_H
44		#include "util/rbtree.h"
	44	#include "util/storage/dnstree.h"
45	45	struct iter_env;
46	46	struct config_file;
47	47	struct regional;

54	54	struct regional* region;
55	55	/**
56	56	* Tree of the address spans that are blocked.
57		* contents of type iter_donotq_addr.
	57	* contents of type addr_tree_node. Each node is an address span
	58	* that must not be used to send queries to.
58	59	*/
59		rbtree_t* tree;
60		};
61
62		/**
63		* Iterator donotquery address.
64		* An address span that must not be used to send queries to.
65		*/
66		struct iter_donotq_addr {
67		/** redblacktree node, key is this structure: addr and addrlen, net */
68		rbnode_t node;
69		/** address */
70		struct sockaddr_storage addr;
71		/** length of addr */
72		socklen_t addrlen;
73		/** netblock size */
74		int net;
75		/** parent node in donotq tree that encompasses this entry */
76		struct iter_donotq_addr* parent;
	60	rbtree_t tree;
77	61	};
78	62
79	63	/**

113	97	*/
114	98	size_t donotq_get_mem(struct iter_donotq* donotq);
115	99
116		/** compare two donotq entries */
117		int donotq_cmp(const void* k1, const void* k2);
118
119	100	#endif /* ITERATOR_ITER_DONOTQ_H */

+1

-1

iterator/iter_fwd.c less more

202	202	s->name, p->str);
203	203	return 0;
204	204	}
205		if(!delegpt_add_addr(dp, fwd->region, &addr, addrlen)) {
	205	if(!delegpt_add_addr(dp, fwd->region, &addr, addrlen, 0, 1)) {
206	206	log_err("out of memory");
207	207	return 0;
208	208	}

+47

-106

iterator/iter_hints.c less more

47	47	#include "util/net_help.h"
48	48	#include "util/data/dname.h"
49	49
50		int
51		stub_cmp(const void* k1, const void* k2)
52		{
53		int m;
54		struct iter_hints_stub* n1 = (struct iter_hints_stub*)k1;
55		struct iter_hints_stub* n2 = (struct iter_hints_stub*)k2;
56		if(n1->hint_class != n2->hint_class) {
57		if(n1->hint_class < n2->hint_class)
58		return -1;
59		return 1;
60		}
61		return dname_lab_cmp(n1->name, n1->namelabs, n2->name, n2->namelabs,
62		&m);
63		}
64
65	50	struct iter_hints*
66	51	hints_create()
67	52	{

83	68	if(!hints)
84	69	return;
85	70	regional_destroy(hints->region);
86		free(hints->tree);
87	71	free(hints);
88	72	}
89	73

101	85	if(!delegpt_add_ns(dp, r, ldns_rdf_data(rdf)) \|\|
102	86	!extstrtoaddr(ip, &addr, &addrlen) \|\|
103	87	!delegpt_add_target(dp, r, ldns_rdf_data(rdf), ldns_rdf_size(rdf),
104		&addr, addrlen)) {
	88	&addr, addrlen, 0, 1)) {
105	89	ldns_rdf_deep_free(rdf);
106	90	return 0;
107	91	}

148	132	if(!ah(dp, r, "H.ROOT-SERVERS.NET.", "2001:500:1::803f:235")) return 0;
149	133	if(!ah(dp, r, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) return 0;
150	134	if(!ah(dp, r, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) return 0;
	135	if(!ah(dp, r, "L.ROOT-SERVERS.NET.", "2001:500:3::42")) return 0;
151	136	if(!ah(dp, r, "M.ROOT-SERVERS.NET.", "2001:dc3::35")) return 0;
152	137	}
153	138	return dp;

155	140
156	141	/** insert new hint info into hint structure */
157	142	static int
158		hints_insert(struct iter_hints* hints, uint16_t c, struct delegpt* dp)
	143	hints_insert(struct iter_hints* hints, uint16_t c, struct delegpt* dp,
	144	int noprime)
159	145	{
160	146	struct iter_hints_stub* node = regional_alloc(hints->region,
161	147	sizeof(struct iter_hints_stub));
	148	uint8_t* nm;
162	149	if(!node)
163	150	return 0;
164		node->node.key = node;
165		node->hint_class = c;
166		node->name = regional_alloc_init(hints->region, dp->name, dp->namelen);
167		if(!node->name)
168		return 0;
169		node->namelen = dp->namelen;
170		node->namelabs = dp->namelabs;
	151	nm = regional_alloc_init(hints->region, dp->name, dp->namelen);
	152	if(!nm)
	153	return 0;
171	154	node->dp = dp;
172		if(!rbtree_insert(hints->tree, &node->node)) {
	155	node->noprime = (uint8_t)noprime;
	156	if(!name_tree_insert(&hints->tree, &node->node, nm, dp->namelen,
	157	dp->namelabs, c)) {
173	158	log_err("second hints ignored.");
174	159	}
175	160	return 1;
176		}
177
178		/** initialise parent pointers in the tree */
179		static void
180		init_parents(struct iter_hints* hints)
181		{
182		struct iter_hints_stub* node, prev = NULL, p;
183		int m;
184		RBTREE_FOR(node, struct iter_hints_stub*, hints->tree) {
185		node->parent = NULL;
186		if(!prev \|\| prev->hint_class != node->hint_class) {
187		prev = node;
188		continue;
189		}
190		(void)dname_lab_cmp(prev->name, prev->namelabs, node->name,
191		node->namelabs, &m); /* we know prev is smaller */
192		/* sort order like: . com. bla.com. zwb.com. net. */
193		/* find the previous, or parent-parent-parent */
194		for(p = prev; p; p = p->parent)
195		/* looking for name with few labels, a parent */
196		if(p->namelabs <= m) {
197		/* ==: since prev matched m, this is closest*/
198		/* <: prev matches more, but is not a parent,
199		* this one is a (grand)parent */
200		node->parent = p;
201		break;
202		}
203		prev = node;
204		}
205	161	}
206	162
207	163	/** set stub name */

268	224	s->name, p->str);
269	225	return 0;
270	226	}
271		if(!delegpt_add_addr(dp, hints->region, &addr, addrlen)) {
	227	if(!delegpt_add_addr(dp, hints->region, &addr, addrlen, 0, 1)) {
272	228	log_err("out of memory");
273	229	return 0;
274	230	}

291	247	!read_stubs_host(hints, s, dp) \|\|
292	248	!read_stubs_addr(hints, s, dp))
293	249	return 0;
294		if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp))
	250	if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, !s->isprime))
295	251	return 0;
296	252	delegpt_log(VERB_QUERY, dp);
297	253	}

360	316	if(!delegpt_add_target(dp, hints->region,
361	317	ldns_rdf_data(ldns_rr_owner(rr)),
362	318	ldns_rdf_size(ldns_rr_owner(rr)),
363		(struct sockaddr_storage*)&sa, len)) {
	319	(struct sockaddr_storage*)&sa, len,
	320	0, 1)) {
364	321	log_err("out of memory reading root hints");
365	322	goto stop_read;
366	323	}

375	332	if(!delegpt_add_target(dp, hints->region,
376	333	ldns_rdf_data(ldns_rr_owner(rr)),
377	334	ldns_rdf_size(ldns_rr_owner(rr)),
378		(struct sockaddr_storage*)&sa, len)) {
	335	(struct sockaddr_storage*)&sa, len,
	336	0, 1)) {
379	337	log_err("out of memory reading root hints");
380	338	goto stop_read;
381	339	}

396	354	log_warn("root hints %s: no NS content", fname);
397	355	return 1;
398	356	}
399		if(!hints_insert(hints, c, dp)) {
	357	if(!hints_insert(hints, c, dp, 0)) {
400	358	return 0;
401	359	}
402	360	delegpt_log(VERB_QUERY, dp);

434	392	int
435	393	hints_apply_cfg(struct iter_hints* hints, struct config_file* cfg)
436	394	{
437		free(hints->tree);
438		hints->tree = rbtree_create(stub_cmp);
439		if(!hints->tree)
440		return 0;
	395	regional_free_all(hints->region);
	396	name_tree_init(&hints->tree);
441	397
442	398	/* read root hints */
443	399	if(!read_root_hints_list(hints, cfg))

454	410	verbose(VERB_ALGO, "no config, using builtin root hints.");
455	411	if(!dp)
456	412	return 0;
457		if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp))
458		return 0;
459		}
460
461		init_parents(hints);
	413	if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, 0))
	414	return 0;
	415	}
	416
	417	name_tree_init_parents(&hints->tree);
462	418	return 1;
463	419	}
464	420

466	422	hints_lookup_root(struct iter_hints* hints, uint16_t qclass)
467	423	{
468	424	uint8_t rootlab = 0;
469		struct iter_hints_stub key, *stub;
470		key.node.key = &key;
471		key.hint_class = qclass;
472		key.name = &rootlab;
473		key.namelen = 1;
474		key.namelabs = 1;
475		stub = (struct iter_hints_stub*)rbtree_search(hints->tree, &key);
	425	struct iter_hints_stub *stub;
	426	stub = (struct iter_hints_stub*)name_tree_find(&hints->tree,
	427	&rootlab, 1, 1, qclass);
476	428	if(!stub)
477	429	return NULL;
478	430	return stub->dp;
479	431	}
480	432
481		struct delegpt*
	433	struct iter_hints_stub*
482	434	hints_lookup_stub(struct iter_hints* hints, uint8_t* qname,
483	435	uint16_t qclass, struct delegpt* cache_dp)
484	436	{
	437	size_t len;
	438	int labs;
	439	struct iter_hints_stub *r;
	440
485	441	/* first lookup the stub */
486		rbnode_t* res = NULL;
487		struct iter_hints_stub *result;
488		struct iter_hints_stub key;
489		key.node.key = &key;
490		key.hint_class = qclass;
491		key.name = qname;
492		key.namelabs = dname_count_size_labels(qname, &key.namelen);
493		if(rbtree_find_less_equal(hints->tree, &key, &res)) {
494		/* exact */
495		result = (struct iter_hints_stub*)res;
496		} else {
497		/* smaller element (or no element) */
498		int m;
499		result = (struct iter_hints_stub*)res;
500		if(!result \|\| result->hint_class != qclass)
501		return NULL;
502		/* count number of labels matched */
503		(void)dname_lab_cmp(result->name, result->namelabs, key.name,
504		key.namelabs, &m);
505		while(result) { /* go up until qname is subdomain of stub */
506		if(result->namelabs <= m)
507		break;
508		result = result->parent;
509		}
510		if(!result)
511		return NULL;
512		}
	442	labs = dname_count_size_labels(qname, &len);
	443	r = (struct iter_hints_stub*)name_tree_lookup(&hints->tree, qname,
	444	len, labs, qclass);
	445	if(!r) return NULL;
	446
	447	/*
	448	* If the stub is same as the delegation we got
	449	* And has noprime set, we need to 'prime' to use this stub instead.
	450	*/
	451	if(r->noprime && query_dname_compare(cache_dp->name, r->dp->name)==0)
	452	return r; /* use this stub instead of cached dp */
	453
513	454	/*
514	455	* If our cached delegation point is above the hint, we need to prime.
515	456	*/
516		if(dname_strict_subdomain(result->dp->name, result->dp->namelabs,
	457	if(dname_strict_subdomain(r->dp->name, r->dp->namelabs,
517	458	cache_dp->name, cache_dp->namelabs))
518		return result->dp; /* need to prime this stub */
	459	return r; /* need to prime this stub */
519	460	return NULL;
520	461	}
521	462

+8

-18

iterator/iter_hints.h less more

41	41
42	42	#ifndef ITERATOR_ITER_HINTS_H
43	43	#define ITERATOR_ITER_HINTS_H
44		#include "util/rbtree.h"
	44	#include "util/storage/dnstree.h"
45	45	struct iter_env;
46	46	struct config_file;
47	47	struct delegpt;

59	59	* a lookup on class, name will return an exact match or the closest
60	60	* match which gives the ancestor needed.
61	61	* contents of type iter_hints_stub. The class IN root is in here.
	62	* uses name_tree_node from dnstree.h.
62	63	*/
63		rbtree_t* tree;
	64	rbtree_t tree;
64	65	};
65	66
66	67	/**
67	68	* Iterator hints for a particular stub.
68	69	*/
69	70	struct iter_hints_stub {
70		/** redblacktree node, key is this structure: class and name */
71		rbnode_t node;
72		/** name */
73		uint8_t* name;
74		/** length of name */
75		size_t namelen;
76		/** number of labels in name */
77		int namelabs;
	71	/** tree sorted by name, class */
	72	struct name_tree_node node;
78	73	/** delegation point with hint information for this stub. */
79	74	struct delegpt* dp;
80		/** pointer to parent in stub hint tree (or NULL if none) */
81		struct iter_hints_stub* parent;
82		/** class of hints. host order. */
83		uint16_t hint_class;
	75	/** does the stub need to forego priming (like on other ports) */
	76	uint8_t noprime;
84	77	};
85	78
86	79	/**

123	116	* @return: A priming delegation point if there is a stub hint that must
124	117	* be primed, otherwise null.
125	118	*/
126		struct delegpt* hints_lookup_stub(struct iter_hints* hints,
	119	struct iter_hints_stub* hints_lookup_stub(struct iter_hints* hints,
127	120	uint8_t* qname, uint16_t qclass, struct delegpt* dp);
128	121
129	122	/**

133	126	*/
134	127	size_t hints_get_mem(struct iter_hints* hints);
135	128
136		/** compare two hint entries */
137		int stub_cmp(const void* k1, const void* k2);
138
139	129	#endif /* ITERATOR_ITER_HINTS_H */

+255

-0

iterator/iter_priv.c less more

	0	/*
	1	* iterator/iter_priv.c - iterative resolver private address and domain store
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains functions to assist the iterator module.
	39	* Keep track of the private addresses and lookup fast.
	40	*/
	41
	42	#include "config.h"
	43	#include "iterator/iter_priv.h"
	44	#include "util/regional.h"
	45	#include "util/log.h"
	46	#include "util/config_file.h"
	47	#include "util/data/dname.h"
	48	#include "util/data/msgparse.h"
	49	#include "util/net_help.h"
	50	#include "util/storage/dnstree.h"
	51
	52	struct iter_priv* priv_create()
	53	{
	54	struct iter_priv* priv = (struct iter_priv)calloc(1, sizeof(priv));
	55	if(!priv)
	56	return NULL;
	57	priv->region = regional_create();
	58	if(!priv->region) {
	59	priv_delete(priv);
	60	return NULL;
	61	}
	62	addr_tree_init(&priv->a);
	63	name_tree_init(&priv->n);
	64	return priv;
	65	}
	66
	67	void priv_delete(struct iter_priv* priv)
	68	{
	69	if(!priv) return;
	70	regional_destroy(priv->region);
	71	free(priv);
	72	}
	73
	74	/** Read private-addr declarations from config */
	75	static int read_addrs(struct iter_priv* priv, struct config_file* cfg)
	76	{
	77	/* parse addresses, report errors, insert into tree */
	78	struct config_strlist* p;
	79	struct addr_tree_node* n;
	80	struct sockaddr_storage addr;
	81	int net;
	82	socklen_t addrlen;
	83
	84	for(p = cfg->private_address; p; p = p->next) {
	85	log_assert(p->str);
	86	if(!netblockstrtoaddr(p->str, UNBOUND_DNS_PORT, &addr,
	87	&addrlen, &net)) {
	88	log_err("cannot parse private-address: %s", p->str);
	89	return 0;
	90	}
	91	n = (struct addr_tree_node*)regional_alloc(priv->region,
	92	sizeof(*n));
	93	if(!n) {
	94	log_err("out of memory");
	95	return 0;
	96	}
	97	if(!addr_tree_insert(&priv->a, n, &addr, addrlen, net)) {
	98	verbose(VERB_QUERY, "ignoring duplicate "
	99	"private-address: %s", p->str);
	100	}
	101	}
	102	return 1;
	103	}
	104
	105	/** Read private-domain declarations from config */
	106	static int read_names(struct iter_priv* priv, struct config_file* cfg)
	107	{
	108	/* parse names, report errors, insert into tree */
	109	struct config_strlist* p;
	110	struct name_tree_node* n;
	111	uint8_t* nm;
	112	size_t nm_len;
	113	int nm_labs;
	114	ldns_rdf* rdf;
	115
	116	for(p = cfg->private_domain; p; p = p->next) {
	117	log_assert(p->str);
	118	rdf = ldns_dname_new_frm_str(p->str);
	119	if(!rdf) {
	120	log_err("cannot parse private-domain: %s", p->str);
	121	return 0;
	122	}
	123	nm = ldns_rdf_data(rdf);
	124	nm_labs = dname_count_size_labels(nm, &nm_len);
	125	nm = (uint8_t*)regional_alloc_init(priv->region, nm, nm_len);
	126	ldns_rdf_deep_free(rdf);
	127	if(!nm) {
	128	log_err("out of memory");
	129	return 0;
	130	}
	131	n = (struct name_tree_node*)regional_alloc(priv->region,
	132	sizeof(*n));
	133	if(!n) {
	134	log_err("out of memory");
	135	return 0;
	136	}
	137	if(!name_tree_insert(&priv->n, n, nm, nm_len, nm_labs,
	138	LDNS_RR_CLASS_IN)) {
	139	verbose(VERB_QUERY, "ignoring duplicate "
	140	"private-domain: %s", p->str);
	141	}
	142	}
	143	return 1;
	144	}
	145
	146	int priv_apply_cfg(struct iter_priv* priv, struct config_file* cfg)
	147	{
	148	/* empty the current contents */
	149	regional_free_all(priv->region);
	150	addr_tree_init(&priv->a);
	151	name_tree_init(&priv->n);
	152
	153	/* read new contents */
	154	if(!read_addrs(priv, cfg))
	155	return 0;
	156	if(!read_names(priv, cfg))
	157	return 0;
	158
	159	/* prepare for lookups */
	160	addr_tree_init_parents(&priv->a);
	161	name_tree_init_parents(&priv->n);
	162	return 1;
	163	}
	164
	165	/**
	166	* See if an address is blocked.
	167	* @param priv: structure for address storage.
	168	* @param addr: address to check
	169	* @param addrlen: length of addr.
	170	* @return: true if the address must not be queried. false if unlisted.
	171	*/
	172	static int
	173	priv_lookup_addr(struct iter_priv* priv, struct sockaddr_storage* addr,
	174	socklen_t addrlen)
	175	{
	176	return addr_tree_lookup(&priv->a, addr, addrlen) != NULL;
	177	}
	178
	179	/**
	180	* See if a name is whitelisted.
	181	* @param priv: structure for address storage.
	182	* @param pkt: the packet (for compression ptrs).
	183	* @param name: name to check.
	184	* @param name_len: uncompressed length of the name to check.
	185	* @param dclass: class to check.
	186	* @return: true if the name is OK. false if unlisted.
	187	*/
	188	static int
	189	priv_lookup_name(struct iter_priv* priv, ldns_buffer* pkt,
	190	uint8_t* name, size_t name_len, uint16_t dclass)
	191	{
	192	size_t len;
	193	uint8_t decomp[256];
	194	int labs;
	195	if(name_len >= sizeof(decomp))
	196	return 0;
	197	dname_pkt_copy(pkt, decomp, name);
	198	labs = dname_count_size_labels(decomp, &len);
	199	log_assert(name_len == len);
	200	return name_tree_lookup(&priv->n, decomp, len, labs, dclass) != NULL;
	201	}
	202
	203	size_t priv_get_mem(struct iter_priv* priv)
	204	{
	205	if(!priv) return 0;
	206	return sizeof(*priv) + regional_get_mem(priv->region);
	207	}
	208
	209	int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt,
	210	struct rrset_parse* rrset)
	211	{
	212	/* see if it is a private name, that is allowed to have any */
	213	if(priv_lookup_name(priv, pkt, rrset->dname, rrset->dname_len,
	214	ntohs(rrset->rrset_class))) {
	215	return 0;
	216	} else {
	217	/* so its a public name, check the address */
	218	struct sockaddr_storage addr;
	219	socklen_t len;
	220	struct rr_parse* rr;
	221	if(rrset->type == LDNS_RR_TYPE_A) {
	222	struct sockaddr_in* sa = (struct sockaddr_in*)&addr;
	223	len = (socklen_t)sizeof(*sa);
	224	memset(sa, 0, len);
	225	sa->sin_family = AF_INET;
	226	sa->sin_port = (in_port_t)htons(UNBOUND_DNS_PORT);
	227	for(rr = rrset->rr_first; rr; rr = rr->next) {
	228	if(ldns_read_uint16(rr->ttl_data+4)
	229	!= INET_SIZE)
	230	continue;
	231	memmove(&sa->sin_addr, rr->ttl_data+4+2,
	232	INET_SIZE);
	233	if(priv_lookup_addr(priv, &addr, len))
	234	return 1;
	235	}
	236	} else if(rrset->type == LDNS_RR_TYPE_AAAA) {
	237	struct sockaddr_in6* sa = (struct sockaddr_in6*)&addr;
	238	len = (socklen_t)sizeof(*sa);
	239	memset(sa, 0, len);
	240	sa->sin6_family = AF_INET6;
	241	sa->sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT);
	242	for(rr = rrset->rr_first; rr; rr = rr->next) {
	243	if(ldns_read_uint16(rr->ttl_data+4)
	244	!= INET6_SIZE)
	245	continue;
	246	memmove(&sa->sin6_addr, rr->ttl_data+4+2,
	247	INET6_SIZE);
	248	if(priv_lookup_addr(priv, &addr, len))
	249	return 1;
	250	}
	251	}
	252	}
	253	return 0;
	254	}

+109

-0

iterator/iter_priv.h less more

	0	/*
	1	* iterator/iter_priv.h - iterative resolver private address and domain store
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains functions to assist the iterator module.
	39	* Keep track of the private addresses and lookup fast.
	40	*/
	41
	42	#ifndef ITERATOR_ITER_PRIV_H
	43	#define ITERATOR_ITER_PRIV_H
	44	#include "util/rbtree.h"
	45	struct iter_env;
	46	struct config_file;
	47	struct regional;
	48	struct rrset_parse;
	49
	50	/**
	51	* Iterator priv structure
	52	*/
	53	struct iter_priv {
	54	/** regional for allocation */
	55	struct regional* region;
	56	/**
	57	* Tree of the address spans that are blocked.
	58	* contents of type addr_tree_node.
	59	* No further data need, only presence or absence.
	60	*/
	61	rbtree_t a;
	62	/**
	63	* Tree of the domains spans that are allowed to contain
	64	* the blocked address spans.
	65	* contents of type name_tree_node.
	66	* No further data need, only presence or absence.
	67	*/
	68	rbtree_t n;
	69	};
	70
	71	/**
	72	* Create priv structure
	73	* @return new structure or NULL on error.
	74	*/
	75	struct iter_priv* priv_create();
	76
	77	/**
	78	* Delete priv structure.
	79	* @param priv: to delete.
	80	*/
	81	void priv_delete(struct iter_priv* priv);
	82
	83	/**
	84	* Process priv config.
	85	* @param priv: where to store.
	86	* @param cfg: config options.
	87	* @return 0 on error.
	88	*/
	89	int priv_apply_cfg(struct iter_priv* priv, struct config_file* cfg);
	90
	91	/**
	92	* See if rrset is bad.
	93	* @param priv: structure for private address storage.
	94	* @param pkt: packet to decompress rrset name in.
	95	* @param rrset: the rrset to examine, A or AAAA.
	96	* @return true if the rrset is bad and should be removed.
	97	*/
	98	int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt,
	99	struct rrset_parse* rrset);
	100
	101	/**
	102	* Get memory used by priv structure.
	103	* @param priv: structure for address storage.
	104	* @return bytes in use.
	105	*/
	106	size_t priv_get_mem(struct iter_priv* priv);
	107
	108	#endif /* ITERATOR_ITER_PRIV_H */

+5

-5

iterator/iter_resptype.c less more

115	115	/* make sure its not recursive when we don't want it to */
116	116	if( (msg->rep->flags&BIT_RA) &&
117	117	!(msg->rep->flags&BIT_AA) && !rdset)
118		return RESPONSE_TYPE_LAME;
	118	return RESPONSE_TYPE_REC_LAME;
119	119	return RESPONSE_TYPE_ANSWER;
120	120	}
121	121

199	199	/* we do our own recursion, thank you */
200	200	if( (msg->rep->flags&BIT_RA) &&
201	201	!(msg->rep->flags&BIT_AA) && !rdset)
202		return RESPONSE_TYPE_LAME;
	202	return RESPONSE_TYPE_REC_LAME;
203	203	return RESPONSE_TYPE_ANSWER;
204	204	}
205	205	}

221	221	* deployed and is responding nonAA */
222	222	if( (msg->rep->flags&BIT_RA) &&
223	223	!(msg->rep->flags&BIT_AA) && !rdset)
224		return RESPONSE_TYPE_LAME;
	224	return RESPONSE_TYPE_REC_LAME;
225	225	/* Or if a lame server is deployed,
226	226	* which gives ns==zone delegation from cache
227	227	* without AA bit as well, with nodata nosoa*/
228	228	if(msg->rep->an_numrrsets==0 &&
229	229	!(msg->rep->flags&BIT_AA) && !rdset)
230		return RESPONSE_TYPE_LAME;
	230	return RESPONSE_TYPE_REC_LAME;
231	231	return RESPONSE_TYPE_ANSWER;
232	232	}
233	233	/* If we are getting a referral upwards (or to

258	258	* be an entirely empty message) */
259	259	/* check if recursive answer; saying it has empty cache */
260	260	if( (msg->rep->flags&BIT_RA) && !(msg->rep->flags&BIT_AA) && !rdset)
261		return RESPONSE_TYPE_LAME;
	261	return RESPONSE_TYPE_REC_LAME;
262	262	return RESPONSE_TYPE_ANSWER;
263	263	}

+8

-1

iterator/iter_resptype.h less more

80	80	* 'lame' means that this particular response indicates that
81	81	* the nameserver knew nothing about the question.
82	82	*/
83		RESPONSE_TYPE_LAME
	83	RESPONSE_TYPE_LAME,
	84
	85	/**
	86	* Recursion lame means that the nameserver is some sort of
	87	* open recursor, and not authoritative for the question.
	88	* It may know something, but not authoritatively.
	89	*/
	90	RESPONSE_TYPE_REC_LAME
84	91	};
85	92
86	93	/**

+55

-5

iterator/iter_scrub.c less more

40	40	*/
41	41	#include "config.h"
42	42	#include "iterator/iter_scrub.h"
	43	#include "iterator/iterator.h"
	44	#include "iterator/iter_priv.h"
43	45	#include "services/cache/rrset.h"
44	46	#include "util/log.h"
45	47	#include "util/net_help.h"

97	99	return 1;
98	100	case LDNS_RR_TYPE_NAPTR:
99	101	/* TODO: NAPTR not supported, glue stripped off */
100		return 0;
101		default:
102	102	return 0;
103	103	}
104	104	return 0;

518	518	}
519	519
520	520	/**
	521	* Check if right hand name in NSEC is within zone
	522	* @param rrset: the NSEC rrset
	523	* @param zonename: the zone name.
	524	* @return true if BAD.
	525	*/
	526	static int sanitize_nsec_is_overreach(struct rrset_parse* rrset,
	527	uint8_t* zonename)
	528	{
	529	struct rr_parse* rr;
	530	uint8_t* rhs;
	531	size_t len;
	532	log_assert(rrset->type == LDNS_RR_TYPE_NSEC);
	533	for(rr = rrset->rr_first; rr; rr = rr->next) {
	534	rhs = rr->ttl_data+4+2;
	535	len = ldns_read_uint16(rr->ttl_data+4);
	536	if(!(len=dname_valid(rhs, len))) {
	537	/* malformed domain name in rdata */
	538	return 1;
	539	}
	540	if(!dname_subdomain_c(rhs, zonename)) {
	541	/* overreaching */
	542	return 1;
	543	}
	544	}
	545	/* all NSEC RRs OK */
	546	return 0;
	547	}
	548
	549	/**
521	550	* Given a response event, remove suspect RRsets from the response.
522	551	* "Suspect" rrsets are potentially poison. Note that this routine expects
523	552	* the response to be in a "normalized" state -- that is, all "irrelevant"

528	557	* @param qinfo: the question originally asked.
529	558	* @param zonename: name of server zone.
530	559	* @param env: module environment with config and cache.
	560	* @param ie: iterator environment with private address data.
531	561	* @return 0 on error.
532	562	*/
533	563	static int
534	564	scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg,
535		struct query_info* qinfo, uint8_t* zonename, struct module_env* env)
	565	struct query_info* qinfo, uint8_t* zonename, struct module_env* env,
	566	struct iter_env* ie)
536	567	{
537	568	struct rrset_parse* rrset, *prev;
538	569	prev = NULL;

576	607	prev = NULL;
577	608	rrset = msg->rrset_first;
578	609	while(rrset) {
	610
	611	/* remove private addresses */
	612	if( (rrset->type == LDNS_RR_TYPE_A \|\|
	613	rrset->type == LDNS_RR_TYPE_AAAA) &&
	614	priv_rrset_bad(ie->priv, pkt, rrset)) {
	615	/* set servfail, so the classification becomes
	616	* THROWAWAY, instead of LAME or other unwanted */
	617	FLAGS_SET_RCODE(msg->flags, LDNS_RCODE_SERVFAIL);
	618	remove_rrset("sanitize: removing public name with "
	619	"private address", pkt, msg, prev, &rrset);
	620	continue;
	621	}
579	622
580	623	/* skip DNAME records -- they will always be followed by a
581	624	* synthesized CNAME, which will be relevant.

607	650	continue;
608	651	}
609	652	}
	653	/* check if right hand side of NSEC is within zone */
	654	if(rrset->type == LDNS_RR_TYPE_NSEC &&
	655	sanitize_nsec_is_overreach(rrset, zonename)) {
	656	remove_rrset("sanitize: removing overreaching NSEC "
	657	"RRset:", pkt, msg, prev, &rrset);
	658	continue;
	659	}
610	660	prev = rrset;
611	661	rrset = rrset->rrset_all_next;
612	662	}

616	666	int
617	667	scrub_message(ldns_buffer* pkt, struct msg_parse* msg,
618	668	struct query_info* qinfo, uint8_t* zonename, struct regional* region,
619		struct module_env* env)
	669	struct module_env* env, struct iter_env* ie)
620	670	{
621	671	/* basic sanity checks */
622	672	log_nametypeclass(VERB_ALGO, "scrub for", zonename, LDNS_RR_TYPE_NS,

647	697	if(!scrub_normalize(pkt, msg, qinfo, region))
648	698	return 0;
649	699	/* delete all out-of-zone information */
650		if(!scrub_sanitize(pkt, msg, qinfo, zonename, env))
	700	if(!scrub_sanitize(pkt, msg, qinfo, zonename, env, ie))
651	701	return 0;
652	702	return 1;
653	703	}

+3

-1

iterator/iter_scrub.h less more

45	45	struct query_info;
46	46	struct regional;
47	47	struct module_env;
	48	struct iter_env;
48	49
49	50	/**
50	51	* Cleanup the passed dns message.

56	57	* Used to determine out of bailiwick information.
57	58	* @param regional: where to allocate (new) parts of the message.
58	59	* @param env: module environment with config settings and cache.
	60	* @param ie: iterator module environment data.
59	61	* @return: false if the message is total waste. true if scrubbed with success.
60	62	*/
61	63	int scrub_message(ldns_buffer* pkt, struct msg_parse* msg,
62	64	struct query_info* qinfo, uint8_t* zonename, struct regional* regional,
63		struct module_env* env);
	65	struct module_env* env, struct iter_env* ie);
64	66
65	67	#endif /* ITERATOR_ITER_SCRUB_H */

+153

-18

iterator/iter_utils.c less more

45	45	#include "iterator/iter_fwd.h"
46	46	#include "iterator/iter_donotq.h"
47	47	#include "iterator/iter_delegpt.h"
	48	#include "iterator/iter_priv.h"
48	49	#include "services/cache/infra.h"
49	50	#include "services/cache/dns.h"
50	51	#include "services/cache/rrset.h"

122	123	log_err("Could not set donotqueryaddresses");
123	124	return 0;
124	125	}
	126	if(!iter_env->priv)
	127	iter_env->priv = priv_create();
	128	if(!iter_env->priv \|\| !priv_apply_cfg(iter_env->priv, cfg)) {
	129	log_err("Could not set private addresses");
	130	return 0;
	131	}
125	132	iter_env->supports_ipv6 = cfg->do_ip6;
126	133	return 1;
127	134	}
128	135
129		/** filter out unsuitable targets, return rtt or -1 */
	136	/** filter out unsuitable targets
	137	* @param iter_env: iterator environment with ipv6-support flag.
	138	* @param env: module environment with infra cache.
	139	* @param name: zone name
	140	* @param namelen: length of name
	141	* @param qtype: query type (host order).
	142	* @param now: current time
	143	* @param a: address in delegation point we are examining.
	144	* @return an integer that signals the target suitability.
	145	* as follows:
	146	* -1: The address should be omitted from the list.
	147	* Because:
	148	* o The address is bogus (DNSSEC validation failure).
	149	* o Listed as donotquery
	150	* o is ipv6 but no ipv6 support (in operating system).
	151	* o is lame
	152	* Otherwise, an rtt in milliseconds.
	153	* 0 .. USEFUL_SERVER_TOP_TIMEOUT-1
	154	* The roundtrip time timeout estimate. less than 2 minutes.
	155	* Note that util/rtt.c has a MIN_TIMEOUT of 50 msec, thus
	156	* values 0 .. 49 are not used, unless that is changed.
	157	* USEFUL_SERVER_TOP_TIMEOUT
	158	* This value exactly is given for unresponsive blacklisted.
	159	* USEFUL_SERVER_TOP_TIMEOUT ..
	160	* dnsseclame servers get penalty
	161	* USEFUL_SERVER_TOP_TIMEOUT*2 ..
	162	* recursion lame servers get penalty
	163	* UNKNOWN_SERVER_NICENESS
	164	* If no information is known about the server, this is
	165	* returned. 376 msec or so.
	166	*
	167	* When a final value is chosen that is dnsseclame ; dnsseclameness checking
	168	* is turned off (so we do not discard the reply).
	169	* When a final value is chosen that is recursionlame; RD bit is set on query.
	170	* Because of the numbers this means recursionlame also have dnssec lameness
	171	* checking turned off.
	172	*/
130	173	static int
131	174	iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env,
132	175	uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now,
133	176	struct delegpt_addr* a)
134	177	{
135		int rtt;
136		int lame;
137		int dnsseclame;
	178	int rtt, lame, reclame, dnsseclame;
	179	if(a->bogus)
	180	return -1; /* address of server is bogus */
138	181	if(donotq_lookup(iter_env->donotq, &a->addr, a->addrlen)) {
139	182	return -1; /* server is on the donotquery list */
140	183	}

143	186	}
144	187	/* check lameness - need zone , class info */
145	188	if(infra_get_lame_rtt(env->infra_cache, &a->addr, a->addrlen,
146		name, namelen, qtype, &lame, &dnsseclame, &rtt, now)) {
	189	name, namelen, qtype, &lame, &dnsseclame, &reclame,
	190	&rtt, now)) {
	191	log_addr(VERB_ALGO, "servselect", &a->addr, a->addrlen);
	192	verbose(VERB_ALGO, " rtt=%d%s%s%s", rtt,
	193	lame?" LAME":"",
	194	dnsseclame?" DNSSEC_LAME":"",
	195	reclame?" REC_LAME":"");
147	196	if(lame)
148	197	return -1; /* server is lame */
149	198	else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT)
150		return -1; /* server is unresponsive */
151		else if(dnsseclame)
	199	/* server is unresponsive */
	200	return USEFUL_SERVER_TOP_TIMEOUT;
	201	else if(reclame)
	202	return rtt+USEFUL_SERVER_TOP_TIMEOUT2; / nonpref */
	203	else if(dnsseclame )
152	204	return rtt+USEFUL_SERVER_TOP_TIMEOUT; /* nonpref */
153	205	else return rtt;
154	206	}

164	216	{
165	217	int got_it = 0;
166	218	struct delegpt_addr* a;
	219	if(dp->bogus)
	220	return 0; /* NS bogus, all bogus, nothing found */
167	221	for(a=dp->result_list; a; a = a->next_result) {
168	222	a->sel_rtt = iter_filter_unsuitable(iter_env, env,
169	223	name, namelen, qtype, now, a);

194	248	&low_rtt);
195	249	if(got_num == 0)
196	250	return 0;
	251	if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT &&
	252	delegpt_count_missing_targets(dp) > 0)
	253	return 0; /* we want more choice. The best choice is a bad one.
	254	return 0 to force the caller to fetch more */
197	255
198	256	got_num = 0;
199	257	a = dp->result_list;

232	290	struct delegpt_addr*
233	291	iter_server_selection(struct iter_env* iter_env,
234	292	struct module_env* env, struct delegpt* dp,
235		uint8_t* name, size_t namelen, uint16_t qtype, int* dnssec_expected)
	293	uint8_t* name, size_t namelen, uint16_t qtype, int* dnssec_expected,
	294	int* chase_to_rd)
236	295	{
237	296	int sel;
238	297	int selrtt;

242	301
243	302	if(num == 0)
244	303	return NULL;
245		if(selrtt >= USEFUL_SERVER_TOP_TIMEOUT)
	304	verbose(VERB_ALGO, "selrtt %d", selrtt);
	305	if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
	306	verbose(VERB_ALGO, "chase to recursion lame server");
	307	*chase_to_rd = 1;
	308	}
	309	if(selrtt > USEFUL_SERVER_TOP_TIMEOUT) {
	310	verbose(VERB_ALGO, "chase to dnssec lame server");
246	311	*dnssec_expected = 0;
	312	}
	313	if(selrtt == USEFUL_SERVER_TOP_TIMEOUT) {
	314	verbose(VERB_ALGO, "chase to blacklisted lame server");
	315	/* the best choice is a blacklisted, unresponsive server,
	316	* we need to throttle down our traffic towards it */
	317	if(ub_random(env->rnd) % 100 != 1) {
	318	/* 99% of the time, drop query */
	319	return NULL;
	320	}
	321	}
	322
247	323	if(num == 1) {
248	324	a = dp->result_list;
249	325	if(++a->attempts < OUTBOUND_MSG_RETRY)

251	327	dp->result_list = a->next_result;
252	328	return a;
253	329	}
	330
254	331	/* randomly select a target from the list */
255	332	log_assert(num > 1);
256	333	/* we do not need secure random numbers here, but

364	441	}
365	442
366	443	int
367		iter_dp_is_useless(struct module_qstate* qstate, struct delegpt* dp)
	444	iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
	445	struct delegpt* dp)
368	446	{
369	447	struct delegpt_ns* ns;
370	448	/* check:

377	455	* o the query is for one of the nameservers in dp,
378	456	* and that nameserver is a glue-name for this dp.
379	457	*/
380		if(!(qstate->query_flags&BIT_RD))
	458	if(!(qflags&BIT_RD))
381	459	return 0;
382	460	/* either available or unused targets */
383	461	if(dp->usable_list \|\| dp->result_list)
384	462	return 0;
385	463
386	464	/* see if query is for one of the nameservers, which is glue */
387		if( (qstate->qinfo.qtype == LDNS_RR_TYPE_A \|\|
388		qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) &&
389		dname_subdomain_c(qstate->qinfo.qname, dp->name) &&
390		delegpt_find_ns(dp, qstate->qinfo.qname,
391		qstate->qinfo.qname_len))
	465	if( (qinfo->qtype == LDNS_RR_TYPE_A \|\|
	466	qinfo->qtype == LDNS_RR_TYPE_AAAA) &&
	467	dname_subdomain_c(qinfo->qname, dp->name) &&
	468	delegpt_find_ns(dp, qinfo->qname, qinfo->qname_len))
392	469	return 1;
393	470
394	471	for(ns = dp->nslist; ns; ns = ns->next) {

405	482	struct dns_msg* msg, uint16_t dclass)
406	483	{
407	484	/* information not available, !env->anchors can be common */
408		if(!env \|\| !env->anchors \|\| !dp \|\| !dp->name \|\| !msg \|\| !msg->rep)
	485	if(!env \|\| !env->anchors \|\| !dp \|\| !dp->name)
409	486	return 0;
410	487	/* a trust anchor exists with this name, RRSIGs expected */
411	488	if(anchor_find(env->anchors, dp->name, dp->namelabs, dp->namelen,
412	489	dclass))
413	490	return 1;
414	491	/* see if DS rrset was given, in AUTH section */
415		if(reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen,
	492	if(msg && msg->rep &&
	493	reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen,
416	494	LDNS_RR_TYPE_DS, dclass))
417	495	return 1;
418	496	return 0;

475	553	return 1;
476	554	return 0;
477	555	}
	556
	557	/**
	558	* check equality of two rrsets
	559	* @param k1: rrset
	560	* @param k2: rrset
	561	* @return true if equal
	562	*/
	563	static int
	564	rrset_equal(struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2)
	565	{
	566	struct packed_rrset_data* d1 = (struct packed_rrset_data*)
	567	k1->entry.data;
	568	struct packed_rrset_data* d2 = (struct packed_rrset_data*)
	569	k2->entry.data;
	570	size_t i, t;
	571	if(k1->rk.dname_len != k2->rk.dname_len \|\|
	572	k1->rk.flags != k2->rk.flags \|\|
	573	k1->rk.type != k2->rk.type \|\|
	574	k1->rk.rrset_class != k2->rk.rrset_class \|\|
	575	query_dname_compare(k1->rk.dname, k2->rk.dname) != 0)
	576	return 0;
	577	if(d1->ttl != d2->ttl \|\|
	578	d1->count != d2->count \|\|
	579	d1->rrsig_count != d2->rrsig_count \|\|
	580	d1->trust != d2->trust \|\|
	581	d1->security != d2->security)
	582	return 0;
	583	t = d1->count + d1->rrsig_count;
	584	for(i=0; i<t; i++) {
	585	if(d1->rr_len[i] != d2->rr_len[i] \|\|
	586	d1->rr_ttl[i] != d2->rr_ttl[i] \|\|
	587	memcmp(d1->rr_data[i], d2->rr_data[i],
	588	d1->rr_len[i]) != 0)
	589	return 0;
	590	}
	591	return 1;
	592	}
	593
	594	int
	595	reply_equal(struct reply_info* p, struct reply_info* q)
	596	{
	597	size_t i;
	598	if(p->flags != q->flags \|\|
	599	p->qdcount != q->qdcount \|\|
	600	p->ttl != q->ttl \|\|
	601	p->security != q->security \|\|
	602	p->an_numrrsets != q->an_numrrsets \|\|
	603	p->ns_numrrsets != q->ns_numrrsets \|\|
	604	p->ar_numrrsets != q->ar_numrrsets \|\|
	605	p->rrset_count != q->rrset_count)
	606	return 0;
	607	for(i=0; i<p->rrset_count; i++) {
	608	if(!rrset_equal(p->rrsets[i], q->rrsets[i]))
	609	return 0;
	610	}
	611	return 1;
	612	}

+18

-3

iterator/iter_utils.h less more

76	76	* @param qtype: query type that we want to send.
77	77	* @param dnssec_expected: set to 0, if a known dnssec-lame server is selected
78	78	* these are not preferred, but are used as a last resort.
	79	* @param chase_to_rd: set to 1 if a known recursion lame server is selected
	80	* these are not preferred, but are used as a last resort.
79	81	* @return best target or NULL if no target.
80	82	* if not null, that target is removed from the result list in the dp.
81	83	*/
82	84	struct delegpt_addr* iter_server_selection(struct iter_env* iter_env,
83	85	struct module_env* env, struct delegpt* dp, uint8_t* name,
84		size_t namelen, uint16_t qtype, int* dnssec_expected);
	86	size_t namelen, uint16_t qtype, int* dnssec_expected,
	87	int* chase_to_rd);
85	88
86	89	/**
87	90	* Allocate dns_msg from parsed msg, in regional.

134	137	/**
135	138	* See if delegation is useful or offers immediately no targets for
136	139	* further recursion.
137		* @param qstate: query state with RD flag and query name.
	140	* @param qinfo: query name and type
	141	* @param qflags: query flags with RD flag
138	142	* @param dp: delegpt to check.
139	143	*/
140		int iter_dp_is_useless(struct module_qstate* qstate, struct delegpt* dp);
	144	int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
	145	struct delegpt* dp);
141	146
142	147	/**
143	148	* See if delegation is expected to have DNSSEC information (RRSIGs) in

177	182	int iter_msg_from_zone(struct dns_msg* msg, struct delegpt* dp,
178	183	enum response_type type, uint16_t dclass);
179	184
	185	/**
	186	* Check if two replies are equal
	187	* For fallback procedures
	188	* @param p: reply one. The reply has rrset data pointers in region.
	189	* Does not check rrset-IDs
	190	* @param q: reply two
	191	* @return if one and two are equal.
	192	*/
	193	int reply_equal(struct reply_info* p, struct reply_info* q);
	194
180	195	#endif /* ITERATOR_ITER_UTILS_H */

+367

-33

iterator/iterator.c less more

48	48	#include "iterator/iter_delegpt.h"
49	49	#include "iterator/iter_resptype.h"
50	50	#include "iterator/iter_scrub.h"
	51	#include "iterator/iter_priv.h"
	52	#include "validator/val_neg.h"
51	53	#include "services/cache/dns.h"
52	54	#include "services/cache/infra.h"
53	55	#include "util/module.h"

57	59	#include "util/data/dname.h"
58	60	#include "util/data/msgencode.h"
59	61	#include "util/fptr_wlist.h"
	62	#include "util/config_file.h"
60	63
61	64	int
62	65	iter_init(struct module_env* env, int id)

83	86	return;
84	87	iter_env = (struct iter_env*)env->modinfo[id];
85	88	free(iter_env->target_fetch_policy);
	89	priv_delete(iter_env->priv);
86	90	hints_delete(iter_env->hints);
87	91	forwards_delete(iter_env->fwds);
88	92	donotq_delete(iter_env->donotq);

224	228	return 0;
225	229	}
226	230
	231	/**
	232	* Return an error to the client and cache the error code in the
	233	* message cache (so per qname, qtype, qclass).
	234	* @param qstate: our query state
	235	* @param id: module id
	236	* @param rcode: error code (DNS errcode).
	237	* @return: 0 for use by caller, to make notation easy, like:
	238	* return error_response(..).
	239	*/
	240	static int
	241	error_response_cache(struct module_qstate* qstate, int id, int rcode)
	242	{
	243	/* store in cache */
	244	struct reply_info err;
	245	memset(&err, 0, sizeof(err));
	246	err.flags = (uint16_t)(BIT_QR \| BIT_RA);
	247	FLAGS_SET_RCODE(err.flags, rcode);
	248	err.qdcount = 1;
	249	err.ttl = NORR_TTL;
	250	/* do not waste time trying to validate this servfail */
	251	err.security = sec_status_indeterminate;
	252	verbose(VERB_ALGO, "store error response in message cache");
	253	if(!iter_dns_store(qstate->env, &qstate->qinfo, &err, 0)) {
	254	log_err("error_response_cache: could not store error (nomem)");
	255	}
	256	return error_response(qstate, id, rcode);
	257	}
	258
227	259	/** check if prepend item is duplicate item */
228	260	static int
229	261	prepend_is_duplicate(struct ub_packed_rrset_key** sets, size_t to,

426	458	* request.
427	459	* @param subq_ret: if newly allocated, the subquerystate, or NULL if it does
428	460	* not need initialisation.
	461	* @param v: if true, validation is done on the subquery.
	462	* @param detcyc: if true, cycle detection is done on the subquery.
429	463	* @return false on error (malloc).
430	464	*/
431	465	static int
432	466	generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype,
433	467	uint16_t qclass, struct module_qstate* qstate, int id,
434	468	struct iter_qstate* iq, enum iter_state initial_state,
435		enum iter_state final_state, struct module_qstate** subq_ret)
	469	enum iter_state final_state, struct module_qstate** subq_ret, int v,
	470	int detcyc)
436	471	{
437	472	struct module_qstate* subq = NULL;
438	473	struct iter_qstate* subiq = NULL;

452	487	* the resolution chain, which might have a validator. We are
453	488	* uninterested in validating things not on the direct resolution
454	489	* path. */
455		qflags \|= BIT_CD;
	490	if(!v)
	491	qflags \|= BIT_CD;
	492
	493	if(detcyc) {
	494	fptr_ok(fptr_whitelist_modenv_detect_cycle(
	495	qstate->env->detect_cycle));
	496	if((*qstate->env->detect_cycle)(qstate, &qinf, qflags, prime)){
	497	log_query_info(VERB_DETAIL, "cycle detected", &qinf);
	498	return 0;
	499	}
	500	}
456	501
457	502	/* attach subquery, lookup existing or make a new one */
458	503	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));

520	565	* the normal INIT state logic (which would cause an infloop). */
521	566	if(!generate_sub_request((uint8_t*)"\000", 1, LDNS_RR_TYPE_NS,
522	567	qclass, qstate, id, iq, QUERYTARGETS_STATE, PRIME_RESP_STATE,
523		&subq)) {
524		log_err("out of memory priming root");
	568	&subq, 0, 1)) {
	569	verbose(VERB_ALGO, "could not prime root");
525	570	return 0;
526	571	}
527	572	if(subq) {

531	576	subiq->dp = dp;
532	577	/* there should not be any target queries. */
533	578	subiq->num_target_queries = 0;
	579	subiq->dnssec_expected = iter_indicates_dnssec(
	580	qstate->env, subiq->dp, NULL, subq->qinfo.qclass);
534	581	}
535	582
536	583	/* this module stops, our submodule starts, and does the query. */

557	604	{
558	605	/* Lookup the stub hint. This will return null if the stub doesn't
559	606	* need to be re-primed. */
560		struct delegpt* stub_dp = hints_lookup_stub(ie->hints, qname, qclass,
561		iq->dp);
	607	struct iter_hints_stub* stub = hints_lookup_stub(ie->hints,
	608	qname, qclass, iq->dp);
	609	struct delegpt* stub_dp;
562	610	struct module_qstate* subq;
563	611	/* The stub (if there is one) does not need priming. */
564		if(!stub_dp)
	612	if(!stub)
565	613	return 0;
	614	stub_dp = stub->dp;
	615
	616	/* is it a noprime stub (always use) */
	617	if(stub->noprime) {
	618	iq->dp = delegpt_copy(stub_dp, qstate->region);
	619	if(!iq->dp) {
	620	log_err("out of memory priming stub");
	621	(void)error_response(qstate, id, LDNS_RCODE_SERVFAIL);
	622	return 1; /* return 1 to make module stop, with error */
	623	}
	624	log_nametypeclass(VERB_DETAIL, "use stub", stub_dp->name,
	625	LDNS_RR_TYPE_NS, qclass);
	626	return 0;
	627	}
566	628
567	629	/* Otherwise, we need to (re)prime the stub. */
568	630	log_nametypeclass(VERB_DETAIL, "priming stub", stub_dp->name,

572	634	* redundant INIT state processing. */
573	635	if(!generate_sub_request(stub_dp->name, stub_dp->namelen,
574	636	LDNS_RR_TYPE_NS, qclass, qstate, id, iq,
575		QUERYTARGETS_STATE, PRIME_RESP_STATE, &subq)) {
576		log_err("out of memory priming stub");
	637	QUERYTARGETS_STATE, PRIME_RESP_STATE, &subq, 0, 1)) {
	638	verbose(VERB_ALGO, "could not prime stub");
577	639	(void)error_response(qstate, id, LDNS_RCODE_SERVFAIL);
578	640	return 1; /* return 1 to make module stop, with error */
579	641	}

597	659	* missing targets. */
598	660	subiq->num_target_queries = 0;
599	661	subiq->wait_priming_stub = 1;
	662	subiq->dnssec_expected = iter_indicates_dnssec(
	663	qstate->env, subiq->dp, NULL, subq->qinfo.qclass);
600	664	}
601	665
602	666	/* this module stops, our submodule starts, and does the query. */
603	667	qstate->ext_state[id] = module_wait_subquery;
604	668	return 1;
	669	}
	670
	671	/**
	672	* Generate A and AAAA checks for glue that is in-zone for the referral
	673	* we just got to obtain authoritative information on the adresses.
	674	*
	675	* @param qstate: the qtstate that triggered the need to prime.
	676	* @param iq: iterator query state.
	677	* @param id: module id.
	678	*/
	679	static void
	680	generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq,
	681	int id)
	682	{
	683	struct module_qstate* subq;
	684	size_t i;
	685	struct reply_info* rep = iq->response->rep;
	686	struct ub_packed_rrset_key* s;
	687	log_assert(iq->dp);
	688
	689	/* walk through additional, and check if in-zone,
	690	* only relevant A, AAAA are left after scrub anyway */
	691	for(i=rep->an_numrrsets+rep->ns_numrrsets; i<rep->rrset_count; i++) {
	692	s = rep->rrsets[i];
	693	/* check ALL addresses that are transmitted in additional*/
	694	/* is it an address ? */
	695	if( !(ntohs(s->rk.type)==LDNS_RR_TYPE_A \|\|
	696	ntohs(s->rk.type)==LDNS_RR_TYPE_AAAA)) {
	697	continue;
	698	}
	699	/* is this query the same as the A/AAAA check for it */
	700	if(qstate->qinfo.qtype == ntohs(s->rk.type) &&
	701	qstate->qinfo.qclass == ntohs(s->rk.rrset_class) &&
	702	query_dname_compare(qstate->qinfo.qname,
	703	s->rk.dname)==0 &&
	704	(qstate->query_flags&BIT_RD) &&
	705	!(qstate->query_flags&BIT_CD))
	706	continue;
	707
	708	/* generate subrequest for it */
	709	log_nametypeclass(VERB_ALGO, "schedule addr fetch",
	710	s->rk.dname, ntohs(s->rk.type),
	711	ntohs(s->rk.rrset_class));
	712	if(!generate_sub_request(s->rk.dname, s->rk.dname_len,
	713	ntohs(s->rk.type), ntohs(s->rk.rrset_class),
	714	qstate, id, iq,
	715	INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 1)) {
	716	verbose(VERB_ALGO, "could not generate addr check");
	717	return;
	718	}
	719	/* ignore subq - not need for more init */
	720	}
	721	}
	722
	723	/**
	724	* Generate a NS check request to obtain authoritative information
	725	* on an NS rrset.
	726	*
	727	* @param qstate: the qtstate that triggered the need to prime.
	728	* @param iq: iterator query state.
	729	* @param id: module id.
	730	*/
	731	static void
	732	generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id)
	733	{
	734	struct module_qstate* subq;
	735	log_assert(iq->dp);
	736
	737	/* is this query the same as the nscheck? */
	738	if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS &&
	739	query_dname_compare(iq->dp->name, qstate->qinfo.qname)==0 &&
	740	(qstate->query_flags&BIT_RD) && !(qstate->query_flags&BIT_CD)){
	741	/* spawn off A, AAAA queries for in-zone glue to check */
	742	generate_a_aaaa_check(qstate, iq, id);
	743	return;
	744	}
	745
	746	log_nametypeclass(VERB_ALGO, "schedule ns fetch",
	747	iq->dp->name, LDNS_RR_TYPE_NS, iq->qchase.qclass);
	748	if(!generate_sub_request(iq->dp->name, iq->dp->namelen,
	749	LDNS_RR_TYPE_NS, iq->qchase.qclass, qstate, id, iq,
	750	INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 1)) {
	751	verbose(VERB_ALGO, "could not generate ns check");
	752	return;
	753	}
	754	if(subq) {
	755	struct iter_qstate* subiq =
	756	(struct iter_qstate*)subq->minfo[id];
	757
	758	/* make copy to avoid use of stub dp by different qs/threads */
	759	/* refetch glue to start higher up the tree */
	760	subiq->refetch_glue = 1;
	761	subiq->dp = delegpt_copy(iq->dp, subq->region);
	762	if(!subiq->dp) {
	763	log_err("out of memory generating ns check, copydp");
	764	fptr_ok(fptr_whitelist_modenv_kill_sub(
	765	qstate->env->kill_sub));
	766	(*qstate->env->kill_sub)(subq);
	767	return;
	768	}
	769	}
605	770	}
606	771
607	772	/**

685	850	msg = dns_cache_lookup(qstate->env, iq->qchase.qname,
686	851	iq->qchase.qname_len, iq->qchase.qtype,
687	852	iq->qchase.qclass, qstate->region, qstate->env->scratch);
	853	if(!msg && qstate->env->neg_cache) {
	854	/* lookup in negative cache; may result in
	855	* NOERROR/NODATA or NXDOMAIN answers that need validation */
	856	msg = val_neg_getmsg(qstate->env->neg_cache, &iq->qchase,
	857	qstate->region, qstate->env->rrset_cache,
	858	qstate->env->scratch_buffer, *qstate->env->now);
	859	}
688	860	if(msg) {
689	861	/* handle positive cache response */
690	862	enum response_type type = response_type_from_cache(msg,

706	878	iq->qchase.qname_len = slen;
707	879	/* This is a query restart, even if it is a cheap
708	880	* one. */
	881	iq->dp = NULL;
	882	iq->refetch_glue = 0;
709	883	iq->query_restart_count++;
710	884	return next_state(iq, INIT_REQUEST_STATE);
711	885	}

723	897	log_err("alloc failure for forward dp");
724	898	return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
725	899	}
	900	iq->refetch_glue = 0;
726	901	/* the request has been forwarded.
727	902	* forwarded requests need to be immediately sent to the
728	903	* next state, QUERYTARGETS. */

788	963	* could be useless but lead to loops (bumping into the
789	964	* same server reply) if useless-checked.
790	965	*/
791		if(iter_dp_is_useless(qstate, iq->dp)) {
	966	if(iter_dp_is_useless(&qstate->qinfo, qstate->query_flags,
	967	iq->dp)) {
792	968	if(dname_is_root(iq->dp->name)) {
793	969	/* use safety belt */
794	970	verbose(VERB_QUERY, "Cache has root NS but "

920	1096	{
921	1097	struct module_qstate* subq;
922	1098	if(!generate_sub_request(name, namelen, qtype, qclass, qstate,
923		id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq))
	1099	id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0))
924	1100	return 0;
925	1101	if(subq) {
926	1102	struct iter_qstate* subiq =

929	1105	verbose(VERB_ALGO, "refetch of target glue");
930	1106	subiq->refetch_glue = 1;
931	1107	subiq->dp = delegpt_copy(iq->dp, subq->region);
	1108	subiq->dnssec_expected = iter_indicates_dnssec(
	1109	qstate->env, subiq->dp, NULL,
	1110	subq->qinfo.qclass);
932	1111	}
933	1112	}
934	1113	log_nametypeclass(VERB_QUERY, "new target", name, qtype, qclass);

988	1167	continue;
989	1168	}
990	1169
991		if(ie->supports_ipv6) {
	1170	if(ie->supports_ipv6 && !ns->got6) {
992	1171	/* Send the AAAA request. */
993	1172	if(!generate_target_query(qstate, iq, id,
994	1173	ns->name, ns->namelen,

997	1176	query_count++;
998	1177	}
999	1178	/* Send the A request. */
1000		if(!generate_target_query(qstate, iq, id,
1001		ns->name, ns->namelen,
1002		LDNS_RR_TYPE_A, iq->qchase.qclass))
1003		return 0;
1004		query_count++;
	1179	if(!ns->got4) {
	1180	if(!generate_target_query(qstate, iq, id,
	1181	ns->name, ns->namelen,
	1182	LDNS_RR_TYPE_A, iq->qchase.qclass))
	1183	return 0;
	1184	query_count++;
	1185	}
1005	1186
1006	1187	/* mark this target as in progress. */
1007	1188	ns->resolved = 1;

1080	1261	tf_policy = ie->target_fetch_policy[iq->depth];
1081	1262	}
1082	1263
	1264	/* if in 0x20 fallback get as many targets as possible */
	1265	if(iq->caps_fallback) {
	1266	int extra = 0;
	1267	size_t naddr, nres, navail;
	1268	if(!query_for_targets(qstate, iq, ie, id, -1, &extra)) {
	1269	return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
	1270	}
	1271	iq->num_target_queries += extra;
	1272	if(iq->num_target_queries > 0) {
	1273	/* wait to get all targets, we want to try em */
	1274	verbose(VERB_ALGO, "wait for all targets for fallback");
	1275	return 0;
	1276	}
	1277	/* did we do enough fallback queries already? */
	1278	delegpt_count_addr(iq->dp, &naddr, &nres, &navail);
	1279	/* the current caps_server is the number of fallbacks sent.
	1280	* the original query is one that matched too, so we have
	1281	* caps_server+1 number of matching queries now */
	1282	if(iq->caps_server+1 >= naddr*3) {
	1283	/* we're done, process the response */
	1284	verbose(VERB_ALGO, "0x20 fallback had %d responses "
	1285	"match for %d wanted, done.",
	1286	(int)iq->caps_server+1, (int)naddr*3);
	1287	iq->caps_fallback = 0;
	1288	iq->state = QUERY_RESP_STATE;
	1289	return 1;
	1290	}
	1291	verbose(VERB_ALGO, "0x20 fallback number %d",
	1292	(int)iq->caps_server);
	1293
1083	1294	/* if there is a policy to fetch missing targets
1084	1295	* opportunistically, do it. we rely on the fact that once a
1085	1296	* query (or queries) for a missing name have been issued,
1086	1297	* they will not be show up again. */
1087		if(tf_policy != 0) {
	1298	} else if(tf_policy != 0) {
1088	1299	int extra = 0;
1089	1300	verbose(VERB_ALGO, "attempt to get extra %d targets",
1090	1301	tf_policy);

1100	1311	/* Select the next usable target, filtering out unsuitable targets. */
1101	1312	target = iter_server_selection(ie, qstate->env, iq->dp,
1102	1313	iq->dp->name, iq->dp->namelen, iq->qchase.qtype,
1103		&iq->dnssec_expected);
	1314	&iq->dnssec_expected, &iq->chase_to_rd);
1104	1315
1105	1316	/* If no usable target was selected... */
1106	1317	if(!target) {

1135	1346	"returning SERVFAIL");
1136	1347	/* fail -- no more targets, no more hope
1137	1348	* of targets, no hope of a response. */
1138		return error_response(qstate, id,
	1349	return error_response_cache(qstate, id,
1139	1350	LDNS_RCODE_SERVFAIL);
1140	1351	}
1141	1352	}

1165	1376	outq = (*qstate->env->send_query)(
1166	1377	iq->qchase.qname, iq->qchase.qname_len,
1167	1378	iq->qchase.qtype, iq->qchase.qclass,
1168		iq->chase_flags, EDNS_DO\|BIT_CD,
	1379	iq->chase_flags \| (iq->chase_to_rd?BIT_RD:0), EDNS_DO\|BIT_CD,
1169	1380	&target->addr, target->addrlen, qstate);
1170	1381	if(!outq) {
1171		verbose(VERB_OPS, "error sending query to auth server; "
1172		"skip this address");
1173		log_addr(VERB_OPS, "error for address:",
	1382	log_addr(VERB_DETAIL, "error sending query to auth server",
1174	1383	&target->addr, target->addrlen);
1175	1384	return next_state(iq, QUERYTARGETS_STATE);
1176	1385	}

1180	1389
1181	1390	return 0;
1182	1391	}
	1392
	1393	/** find NS rrset in given list */
	1394	static struct ub_packed_rrset_key*
	1395	find_NS(struct reply_info* rep, size_t from, size_t to)
	1396	{
	1397	size_t i;
	1398	for(i=from; i<to; i++) {
	1399	if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NS)
	1400	return rep->rrsets[i];
	1401	}
	1402	return NULL;
	1403	}
	1404
1183	1405
1184	1406	/**
1185	1407	* Process the query response. All queries end up at this state first. This

1202	1424	enum response_type type;
1203	1425	iq->num_current_queries--;
1204	1426	if(iq->response == NULL) {
	1427	iq->chase_to_rd = 0;
1205	1428	verbose(VERB_ALGO, "query response was timeout");
1206	1429	return next_state(iq, QUERYTARGETS_STATE);
1207	1430	}
1208		type = response_type_from_server((int)(iq->chase_flags&BIT_RD),
	1431	type = response_type_from_server(
	1432	(int)((iq->chase_flags&BIT_RD) \|\| iq->chase_to_rd),
1209	1433	iq->response, &iq->qchase, iq->dp);
	1434	iq->chase_to_rd = 0;
1210	1435	if(type == RESPONSE_TYPE_REFERRAL && (iq->chase_flags&BIT_RD)) {
1211	1436	/* When forwarding (RD bit is set), we handle referrals
1212	1437	* differently. No queries should be sent elsewhere */

1214	1439	}
1215	1440	if(iq->dnssec_expected && !(iq->chase_flags&BIT_RD)
1216	1441	&& type != RESPONSE_TYPE_LAME
	1442	&& type != RESPONSE_TYPE_REC_LAME
1217	1443	&& type != RESPONSE_TYPE_THROWAWAY
1218	1444	&& type != RESPONSE_TYPE_UNTYPED) {
1219	1445	/* a possible answer, see if it is missing DNSSEC */

1226	1452	iq->qchase.qclass)) {
1227	1453	type = RESPONSE_TYPE_LAME;
1228	1454	dnsseclame = 1;
	1455	}
	1456	}
	1457	/* see if referral brings us close to the target */
	1458	if(type == RESPONSE_TYPE_REFERRAL) {
	1459	struct ub_packed_rrset_key* ns = find_NS(
	1460	iq->response->rep, iq->response->rep->an_numrrsets,
	1461	iq->response->rep->an_numrrsets
	1462	+ iq->response->rep->ns_numrrsets);
	1463	if(!ns) ns = find_NS(iq->response->rep, 0,
	1464	iq->response->rep->an_numrrsets);
	1465	if(!ns \|\| !dname_strict_subdomain_c(ns->rk.dname, iq->dp->name)
	1466	\|\| !dname_subdomain_c(iq->qchase.qname, ns->rk.dname)){
	1467	verbose(VERB_ALGO, "bad referral, throwaway");
	1468	type = RESPONSE_TYPE_THROWAWAY;
1229	1469	}
1230	1470	}
1231	1471

1250	1490	* delegation point, and back to the QUERYTARGETS_STATE. */
1251	1491	verbose(VERB_DETAIL, "query response was REFERRAL");
1252	1492
1253		/* Store the referral under the current query */
1254		if(!iter_dns_store(qstate->env, &iq->response->qinfo,
1255		iq->response->rep, 1))
1256		return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
	1493	/* if hardened, only store referral if we asked for it */
	1494	if(!qstate->env->cfg->harden_referral_path \|\|
	1495	( qstate->qinfo.qtype == LDNS_RR_TYPE_NS
	1496	&& (qstate->query_flags&BIT_RD)
	1497	&& !(qstate->query_flags&BIT_CD)
	1498	/* we know that all other NS rrsets are scrubbed
	1499	* away, thus on referral only one is left.
	1500	* see if that equals the query name... */
	1501	&& reply_find_rrset_section_ns(iq->response->rep,
	1502	qstate->qinfo.qname, qstate->qinfo.qname_len,
	1503	LDNS_RR_TYPE_NS, qstate->qinfo.qclass)
	1504	)) {
	1505	/* Store the referral under the current query */
	1506	if(!iter_dns_store(qstate->env, &iq->response->qinfo,
	1507	iq->response->rep, 1))
	1508	return error_response(qstate, id,
	1509	LDNS_RCODE_SERVFAIL);
	1510	if(qstate->env->neg_cache)
	1511	val_neg_addreferral(qstate->env->neg_cache,
	1512	iq->response->rep, iq->dp->name);
	1513	}
1257	1514
1258	1515	/* Reset the event state, setting the current delegation
1259	1516	* point to the referral. */

1271	1528	* along, indicating dnssec is expected for next zone */
1272	1529	iq->dnssec_expected = iter_indicates_dnssec(qstate->env,
1273	1530	iq->dp, iq->response, iq->qchase.qclass);
	1531
	1532	/* spawn off NS and addr to auth servers for the NS we just
	1533	* got in the referral. This gets authoritative answer
	1534	* (answer section trust level) rrset.
	1535	* right after, we detach the subs, answer goes to cache. */
	1536	if(qstate->env->cfg->harden_referral_path)
	1537	generate_ns_check(qstate, iq, id);
1274	1538
1275	1539	/* stop current outstanding queries.
1276	1540	* FIXME: should the outstanding queries be waited for and

1331	1595	/* Cache the LAMEness. */
1332	1596	verbose(VERB_DETAIL, "query response was %sLAME",
1333	1597	dnsseclame?"DNSSEC ":"");
1334		if(qstate->reply) {
	1598	if(!dname_subdomain_c(iq->qchase.qname, iq->dp->name)) {
	1599	log_err("mark lame: mismatch in qname and dpname");
	1600	/* throwaway this reply below */
	1601	} else if(qstate->reply) {
1335	1602	/* need addr for lameness cache, but we may have
1336	1603	* gotten this from cache, so test to be sure */
1337	1604	if(!infra_set_lame(qstate->env->infra_cache,
1338	1605	&qstate->reply->addr, qstate->reply->addrlen,
1339	1606	iq->dp->name, iq->dp->namelen,
1340		*qstate->env->now, dnsseclame,
	1607	*qstate->env->now, dnsseclame, 0,
1341	1608	iq->qchase.qtype))
1342	1609	log_err("mark host lame: out of memory");
1343	1610	} else log_err("%slame response from cache",
1344	1611	dnsseclame?"DNSSEC ":"");
	1612	} else if(type == RESPONSE_TYPE_REC_LAME) {
	1613	/* Cache the LAMEness. */
	1614	verbose(VERB_DETAIL, "query response REC_LAME: "
	1615	"recursive but not authoritative server");
	1616	if(!dname_subdomain_c(iq->qchase.qname, iq->dp->name)) {
	1617	log_err("mark rec_lame: mismatch in qname and dpname");
	1618	/* throwaway this reply below */
	1619	} else if(qstate->reply) {
	1620	/* need addr for lameness cache, but we may have
	1621	* gotten this from cache, so test to be sure */
	1622	verbose(VERB_DETAIL, "mark as REC_LAME");
	1623	if(!infra_set_lame(qstate->env->infra_cache,
	1624	&qstate->reply->addr, qstate->reply->addrlen,
	1625	iq->dp->name, iq->dp->namelen,
	1626	*qstate->env->now, 0, 1, iq->qchase.qtype))
	1627	log_err("mark host lame: out of memory");
	1628	}
1345	1629	} else if(type == RESPONSE_TYPE_THROWAWAY) {
1346	1630	/* LAME and THROWAWAY responses are handled the same way.
1347	1631	* In this case, the event is just sent directly back to

1433	1717	} else {
1434	1718	qstate->return_rcode = LDNS_RCODE_SERVFAIL;
1435	1719	qstate->return_msg = NULL;
	1720	}
	1721
	1722	/* validate the root or stub after priming (if enabled).
	1723	* This is the same query as the prime query, but with validation.
	1724	* Now that we are primed, the additional queries that validation
	1725	* may need can be resolved, such as DLV. */
	1726	if(qstate->env->cfg->harden_referral_path) {
	1727	struct module_qstate* subq = NULL;
	1728	log_nametypeclass(VERB_ALGO, "schedule prime validation",
	1729	qstate->qinfo.qname, qstate->qinfo.qtype,
	1730	qstate->qinfo.qclass);
	1731	if(!generate_sub_request(qstate->qinfo.qname,
	1732	qstate->qinfo.qname_len, qstate->qinfo.qtype,
	1733	qstate->qinfo.qclass, qstate, id, iq,
	1734	INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 1)) {
	1735	verbose(VERB_ALGO, "could not generate prime check");
	1736	}
	1737	generate_a_aaaa_check(qstate, iq, id);
1436	1738	}
1437	1739
1438	1740	/* This event is finished. */

1680	1982	if(event == module_event_noreply \|\| event == module_event_error) {
1681	1983	goto handle_it;
1682	1984	}
1683		if(event != module_event_reply \|\| !qstate->reply) {
	1985	if( (event != module_event_reply && event != module_event_capsfail)
	1986	\|\| !qstate->reply) {
1684	1987	log_err("Bad event combined with response");
1685	1988	outbound_list_remove(&iq->outlist, outbound);
1686	1989	(void)error_response(qstate, id, LDNS_RCODE_SERVFAIL);

1711	2014
1712	2015	/* normalize and sanitize: easy to delete items from linked lists */
1713	2016	if(!scrub_message(pkt, prs, &iq->qchase, iq->dp->name,
1714		qstate->env->scratch, qstate->env))
	2017	qstate->env->scratch, qstate->env, ie))
1715	2018	goto handle_it;
1716	2019
1717	2020	/* allocate response dns_msg in region */

1724	2027	if(verbosity >= VERB_ALGO)
1725	2028	log_dns_msg("incoming scrubbed packet:", &iq->response->qinfo,
1726	2029	iq->response->rep);
	2030
	2031	if(event == module_event_capsfail) {
	2032	if(!iq->caps_fallback) {
	2033	/* start fallback */
	2034	iq->caps_fallback = 1;
	2035	iq->caps_server = 0;
	2036	iq->caps_reply = iq->response->rep;
	2037	iq->state = QUERYTARGETS_STATE;
	2038	iq->num_current_queries--;
	2039	verbose(VERB_DETAIL, "Capsforid: starting fallback");
	2040	goto handle_it;
	2041	} else {
	2042	/* check if reply is the same, otherwise, fail */
	2043	if(!reply_equal(iq->response->rep, iq->caps_reply)) {
	2044	verbose(VERB_DETAIL, "Capsforid fallback: "
	2045	"getting different replies, failed");
	2046	outbound_list_remove(&iq->outlist, outbound);
	2047	(void)error_response(qstate, id,
	2048	LDNS_RCODE_SERVFAIL);
	2049	return;
	2050	}
	2051	/* continue the fallback procedure at next server */
	2052	iq->caps_server++;
	2053	iq->state = QUERYTARGETS_STATE;
	2054	iq->num_current_queries--;
	2055	verbose(VERB_DETAIL, "Capsforid: reply is equal. "
	2056	"go to next fallback");
	2057	goto handle_it;
	2058	}
	2059	}
	2060	iq->caps_fallback = 0; /* if we were in fallback, 0x20 is OK now */
1727	2061
1728	2062	handle_it:
1729	2063	outbound_list_remove(&iq->outlist, outbound);

+14

-1

iterator/iterator.h less more

49	49	struct iter_forwards;
50	50	struct iter_donotq;
51	51	struct iter_prep_list;
	52	struct iter_priv;
52	53
53	54	/** max number of query restarts. Determines max number of CNAME chain. */
54	55	#define MAX_RESTART_COUNT 8

64	65	*/
65	66	#define USEFUL_SERVER_TOP_TIMEOUT 120000
66	67	/** number of retries on outgoing queries */
67		#define OUTBOUND_MSG_RETRY 4
	68	#define OUTBOUND_MSG_RETRY 5
68	69	/** RTT band, within this amount from the best, servers are chosen randomly.
69	70	* Chosen so that the UNKNOWN_SERVER_NICENESS falls within the band of a
70	71	* fast server, this causes server exploration as a side benefit. msec. */

90	91
91	92	/** A set of inetaddrs that should never be queried. */
92	93	struct iter_donotq* donotq;
	94
	95	/** private address space and private domains */
	96	struct iter_priv* priv;
93	97
94	98	/** The maximum dependency depth that this resolver will pursue. */
95	99	int max_dependency_depth;

205	209	struct query_info qchase;
206	210	/** query flags to use when chasing the answer (i.e. RD flag) */
207	211	uint16_t chase_flags;
	212	/** true if we set RD bit because of last resort recursion lame query*/
	213	int chase_to_rd;
208	214
209	215	/**
210	216	* This is the current delegation point for an in-progress query. This

212	218	* (sub)queried for vs which ones have already been visited.
213	219	*/
214	220	struct delegpt* dp;
	221
	222	/** state for 0x20 fallback when capsfail happens, 0 not a fallback */
	223	int caps_fallback;
	224	/** state for capsfail: current server number to try */
	225	size_t caps_server;
	226	/** state for capsfail: stored query for comparisons */
	227	struct reply_info* caps_reply;
215	228
216	229	/** Current delegation message - returned for non-RD queries */
217	230	struct dns_msg* deleg_msg;

ldns-src.tar.gz less more

Binary diff not shown

+5

-4

libunbound/context.h less more

46	46	#include "libunbound/unbound.h"
47	47	#include "util/data/packed_rrset.h"
48	48	struct libworker;
	49	struct tube;
49	50
50	51	/**
51	52	* The context structure

58	59	/* --- pipes --- */
59	60	/** mutex on query write pipe */
60	61	lock_basic_t qqpipe_lock;
61		/** the query write pipe, [0] read from, [1] write on */
62		int qqpipe[2];
	62	/** the query write pipe */
	63	struct tube* qq_pipe;
63	64	/** mutex on result read pipe */
64	65	lock_basic_t rrpipe_lock;
65		/** the result read pipe, [0] read from, [1] write on */
66		int rrpipe[2];
	66	/** the result read pipe */
	67	struct tube* rr_pipe;
67	68
68	69	/* --- shared data --- */
69	70	/** mutex for access to env.cfg, finalized and dothread */

+22

-68

libunbound/libunbound.c less more

53	53	#include "util/log.h"
54	54	#include "util/random.h"
55	55	#include "util/net_help.h"
	56	#include "util/tube.h"
56	57	#include "services/modstack.h"
57	58	#include "services/localzone.h"
58	59	#include "services/cache/infra.h"

94	95	return NULL;
95	96	}
96	97	seed = 0;
97		if(socketpair(AF_UNIX, SOCK_STREAM, 0, ctx->qqpipe) == -1) {
98		ub_randfree(ctx->seed_rnd);
99		free(ctx);
100		return NULL;
101		}
102		if(socketpair(AF_UNIX, SOCK_STREAM, 0, ctx->rrpipe) == -1) {
	98	if((ctx->qq_pipe = tube_create()) == NULL) {
103	99	int e = errno;
104		close(ctx->qqpipe[0]);
105		close(ctx->qqpipe[1]);
106	100	ub_randfree(ctx->seed_rnd);
107	101	free(ctx);
108	102	errno = e;
109	103	return NULL;
110	104	}
111		#ifndef USE_WINSOCK
112		if(!fd_set_nonblock(ctx->rrpipe[0]) \|\|
113		!fd_set_nonblock(ctx->rrpipe[1]) \|\|
114		!fd_set_nonblock(ctx->qqpipe[0]) \|\|
115		!fd_set_nonblock(ctx->qqpipe[1])) {
	105	if((ctx->rr_pipe = tube_create()) == NULL) {
116	106	int e = errno;
117		close(ctx->rrpipe[0]);
118		close(ctx->rrpipe[1]);
119		close(ctx->qqpipe[0]);
120		close(ctx->qqpipe[1]);
	107	tube_delete(ctx->qq_pipe);
121	108	ub_randfree(ctx->seed_rnd);
122	109	free(ctx);
123	110	errno = e;
124	111	return NULL;
125	112	}
126		#endif /* !USE_WINSOCK - it is a pipe(nonsocket) on windows) */
127	113	lock_basic_init(&ctx->qqpipe_lock);
128	114	lock_basic_init(&ctx->rrpipe_lock);
129	115	lock_basic_init(&ctx->cfglock);
130	116	ctx->env = (struct module_env)calloc(1, sizeof(ctx->env));
131	117	if(!ctx->env) {
132		close(ctx->rrpipe[0]);
133		close(ctx->rrpipe[1]);
134		close(ctx->qqpipe[0]);
135		close(ctx->qqpipe[1]);
	118	tube_delete(ctx->qq_pipe);
	119	tube_delete(ctx->rr_pipe);
136	120	ub_randfree(ctx->seed_rnd);
137	121	free(ctx);
138	122	errno = ENOMEM;

140	124	}
141	125	ctx->env->cfg = config_create_forlib();
142	126	if(!ctx->env->cfg) {
143		close(ctx->rrpipe[0]);
144		close(ctx->rrpipe[1]);
145		close(ctx->qqpipe[0]);
146		close(ctx->qqpipe[1]);
	127	tube_delete(ctx->qq_pipe);
	128	tube_delete(ctx->rr_pipe);
147	129	free(ctx->env);
148	130	ub_randfree(ctx->seed_rnd);
149	131	free(ctx);

179	161	uint32_t cmd = UB_LIBCMD_QUIT;
180	162	lock_basic_unlock(&ctx->cfglock);
181	163	lock_basic_lock(&ctx->qqpipe_lock);
182		(void)libworker_write_msg(ctx->qqpipe[1], (uint8_t*)&cmd,
	164	(void)tube_write_msg(ctx->qq_pipe, (uint8_t*)&cmd,
183	165	(uint32_t)sizeof(cmd), 0);
184	166	lock_basic_unlock(&ctx->qqpipe_lock);
185	167	lock_basic_lock(&ctx->rrpipe_lock);
186		while(libworker_read_msg(ctx->rrpipe[0], &msg, &len, 0)) {
	168	while(tube_read_msg(ctx->rr_pipe, &msg, &len, 0)) {
187	169	/* discard all results except a quit confirm */
188	170	if(context_serial_getcmd(msg, len) == UB_LIBCMD_QUIT) {
189	171	free(msg);

221	203	lock_basic_destroy(&ctx->qqpipe_lock);
222	204	lock_basic_destroy(&ctx->rrpipe_lock);
223	205	lock_basic_destroy(&ctx->cfglock);
224		if(ctx->qqpipe[0] != -1)
225		close(ctx->qqpipe[0]);
226		if(ctx->qqpipe[1] != -1)
227		close(ctx->qqpipe[1]);
228		if(ctx->rrpipe[0] != -1)
229		close(ctx->rrpipe[0]);
230		if(ctx->rrpipe[1] != -1)
231		close(ctx->rrpipe[1]);
232		ctx->qqpipe[0] = -1;
233		ctx->qqpipe[1] = -1;
234		ctx->rrpipe[0] = -1;
235		ctx->rrpipe[1] = -1;
	206	tube_delete(ctx->qq_pipe);
	207	tube_delete(ctx->rr_pipe);
236	208	if(ctx->env) {
237	209	slabhash_delete(ctx->env->msg_cache);
238	210	rrset_cache_delete(ctx->env->rrset_cache);

273	245	lock_basic_unlock(&ctx->cfglock);
274	246	return UB_AFTERFINAL;
275	247	}
276		if(!config_read(ctx->env->cfg, fname)) {
	248	if(!config_read(ctx->env->cfg, fname, NULL)) {
277	249	lock_basic_unlock(&ctx->cfglock);
278	250	return UB_SYNTAX;
279	251	}

375	347	return UB_NOERROR;
376	348	}
377	349
378		/** perform a select() on the result read pipe */
379		static int
380		pollit(struct ub_ctx* ctx, struct timeval* t)
381		{
382		fd_set r;
383		#ifndef S_SPLINT_S
384		FD_ZERO(&r);
385		FD_SET(FD_SET_T ctx->rrpipe[0], &r);
386		#endif
387		if(select(ctx->rrpipe[0]+1, &r, NULL, NULL, t) == -1) {
388		return 0;
389		}
390		errno = 0;
391		return FD_ISSET(ctx->rrpipe[0], &r);
392		}
393
394	350	int
395	351	ub_poll(struct ub_ctx* ctx)
396	352	{
397		struct timeval t;
398		memset(&t, 0, sizeof(t));
399	353	/* no need to hold lock while testing for readability. */
400		return pollit(ctx, &t);
	354	return tube_poll(ctx->rr_pipe);
401	355	}
402	356
403	357	int
404	358	ub_fd(struct ub_ctx* ctx)
405	359	{
406		return ctx->rrpipe[0];
	360	return tube_read_fd(ctx->rr_pipe);
407	361	}
408	362
409	363	/** process answer from bg worker */

500	454	while(1) {
501	455	msg = NULL;
502	456	lock_basic_lock(&ctx->rrpipe_lock);
503		r = libworker_read_msg(ctx->rrpipe[0], &msg, &len, 1);
	457	r = tube_read_msg(ctx->rr_pipe, &msg, &len, 1);
504	458	lock_basic_unlock(&ctx->rrpipe_lock);
505	459	if(r == 0)
506	460	return UB_PIPE;
507	461	else if(r == -1)
508		return UB_NOERROR;
	462	break;
509	463	if(!process_answer(ctx, msg, len)) {
510	464	free(msg);
511	465	return UB_PIPE;

526	480	uint8_t* msg;
527	481	uint32_t len;
528	482	/* this is basically the same loop as _process(), but with changes.
529		* holds the rrpipe lock and waits with pollit */
	483	* holds the rrpipe lock and waits with tube_wait */
530	484	while(1) {
531	485	lock_basic_lock(&ctx->rrpipe_lock);
532	486	lock_basic_lock(&ctx->cfglock);

543	497	* o possibly decrementing num_async
544	498	* do callback without lock
545	499	*/
546		r = pollit(ctx, NULL);
	500	r = tube_wait(ctx->rr_pipe);
547	501	if(r) {
548		r = libworker_read_msg(ctx->rrpipe[0], &msg, &len, 1);
	502	r = tube_read_msg(ctx->rr_pipe, &msg, &len, 1);
549	503	if(r == 0) {
550	504	lock_basic_unlock(&ctx->rrpipe_lock);
551	505	return UB_PIPE;

666	620	lock_basic_unlock(&ctx->cfglock);
667	621
668	622	lock_basic_lock(&ctx->qqpipe_lock);
669		if(!libworker_write_msg(ctx->qqpipe[1], msg, len, 0)) {
	623	if(!tube_write_msg(ctx->qq_pipe, msg, len, 0)) {
670	624	lock_basic_unlock(&ctx->qqpipe_lock);
671	625	free(msg);
672	626	return UB_PIPE;

704	658	}
705	659	/* send cancel to background worker */
706	660	lock_basic_lock(&ctx->qqpipe_lock);
707		if(!libworker_write_msg(ctx->qqpipe[1], msg, len, 0)) {
	661	if(!tube_write_msg(ctx->qq_pipe, msg, len, 0)) {
708	662	lock_basic_unlock(&ctx->qqpipe_lock);
709	663	free(msg);
710	664	return UB_PIPE;

+73

-283

libunbound/libworker.c less more

59	59	#include "util/data/dname.h"
60	60	#include "util/data/msgreply.h"
61	61	#include "util/data/msgencode.h"
	62	#include "util/tube.h"
62	63
63	64	/** handle new query command for bg worker */
64	65	static void handle_newq(struct libworker* w, uint8_t* buf, uint32_t len);

77	78	ub_randfree(w->env->rnd);
78	79	free(w->env);
79	80	}
80		free(w->cmd_msg);
81	81	outside_network_delete(w->back);
82		comm_point_delete(w->cmd_com);
83		comm_point_delete(w->res_com);
84	82	comm_base_delete(w->base);
85	83	free(w);
86	84	}

142	140	}
143	141	seed = 0;
144	142
145		w->base = comm_base_create();
	143	w->base = comm_base_create(0);
146	144	if(!w->base) {
147	145	libworker_delete(w);
148	146	return NULL;

160	158	cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6,
161	159	cfg->do_tcp?cfg->outgoing_num_tcp:0,
162	160	w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id,
163		ports, numports);
	161	ports, numports, cfg->unwanted_threshold,
	162	&libworker_alloc_cleanup, w);
164	163	if(!w->is_bg \|\| w->is_bg_thread) {
165	164	lock_basic_unlock(&ctx->cfglock);
166	165	}

229	228	}
230	229
231	230	/** handle control command coming into server */
232		int
233		libworker_handle_control_cmd(struct comm_point* c, void* arg,
234		int ATTR_UNUSED(err), struct comm_reply* ATTR_UNUSED(rep))
	231	void
	232	libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
	233	uint8_t* msg, size_t len, int err, void* arg)
235	234	{
236	235	struct libworker* w = (struct libworker*)arg;
237		ssize_t r;
238
239		if(w->cmd_read < sizeof(w->cmd_len)) {
240		/* complete reading the length of control msg */
241		r = read(c->fd, ((uint8_t*)&w->cmd_len) + w->cmd_read,
242		sizeof(w->cmd_len) - w->cmd_read);
243		if(r==0) {
244		/* error has happened or */
245		/* parent closed pipe, must have exited somehow */
246		/* it is of no use to go on, exit */
247		comm_base_exit(w->base);
248		return 0;
249		}
250		if(r==-1) {
251		if(errno != EAGAIN && errno != EINTR) {
252		log_err("rpipe error: %s", strerror(errno));
253		}
254		/* nothing to read now, try later */
255		return 0;
256		}
257		w->cmd_read += r;
258		if(w->cmd_read < sizeof(w->cmd_len)) {
259		/* not complete, try later */
260		return 0;
261		}
262		w->cmd_msg = (uint8_t*)calloc(1, w->cmd_len);
263		if(!w->cmd_msg) {
264		log_err("malloc failure");
265		w->cmd_read = 0;
266		return 0;
267		}
268		}
269		/* cmd_len has been read, read remainder */
270		r = read(c->fd, w->cmd_msg + w->cmd_read - sizeof(w->cmd_len),
271		w->cmd_len - (w->cmd_read - sizeof(w->cmd_len)));
272		if(r==0) {
273		/* error has happened or */
274		/* parent closed pipe, must have exited somehow */
	236
	237	if(err != 0) {
	238	free(msg);
275	239	/* it is of no use to go on, exit */
276	240	comm_base_exit(w->base);
277		return 0;
278		}
279		if(r==-1) {
280		/* nothing to read now, try later */
281		if(errno != EAGAIN && errno != EINTR) {
282		log_err("rpipe error: %s", strerror(errno));
283		}
284		return 0;
285		}
286		w->cmd_read += r;
287		if(w->cmd_read < sizeof(w->cmd_len) + w->cmd_len) {
288		/* not complete, try later */
289		return 0;
290		}
291		w->cmd_read = 0;
292		libworker_do_cmd(w, w->cmd_msg, w->cmd_len); /* also frees the buf */
293		w->cmd_msg = NULL;
294		return 0;
295		}
296
297		/** handle opportunity to write result back */
298		int
299		libworker_handle_result_write(struct comm_point* c, void* arg,
300		int ATTR_UNUSED(err), struct comm_reply* ATTR_UNUSED(rep))
301		{
302		struct libworker* w = (struct libworker*)arg;
303		struct libworker_res_list* item = w->res_list;
304		ssize_t r;
305		if(!item) {
306		comm_point_stop_listening(c);
307		return 0;
308		}
309		if(w->res_write < sizeof(item->len)) {
310		r = write(c->fd, ((uint8_t*)&item->len) + w->res_write,
311		sizeof(item->len) - w->res_write);
312		if(r == -1) {
313		if(errno != EAGAIN && errno != EINTR) {
314		log_err("wpipe error: %s", strerror(errno));
315		}
316		return 0; /* try again later */
317		}
318		if(r == 0) {
319		/* error on pipe, must have exited somehow */
320		/* it is of no use to go on, exit */
321		comm_base_exit(w->base);
322		return 0;
323		}
324		w->res_write += r;
325		if(w->res_write < sizeof(item->len))
326		return 0;
327		}
328		r = write(c->fd, item->buf + w->res_write - sizeof(item->len),
329		item->len - (w->res_write - sizeof(item->len)));
330		if(r == -1) {
331		if(errno != EAGAIN && errno != EINTR) {
332		log_err("wpipe error: %s", strerror(errno));
333		}
334		return 0; /* try again later */
335		}
336		if(r == 0) {
337		/* error on pipe, must have exited somehow */
338		/* it is of no use to go on, exit */
339		comm_base_exit(w->base);
340		return 0;
341		}
342		w->res_write += r;
343		if(w->res_write < sizeof(item->len) + item->len)
344		return 0;
345		/* done this result, remove it */
346		free(item->buf);
347		item->buf = NULL;
348		w->res_list = w->res_list->next;
349		free(item);
350		if(!w->res_list) {
351		w->res_last = NULL;
352		comm_point_stop_listening(c);
353		}
354		w->res_write = 0;
355		return 0;
	241	return;
	242	}
	243	libworker_do_cmd(w, msg, len); /* also frees the buf */
356	244	}
357	245
358	246	/** the background thread func */

361	249	{
362	250	/* setup */
363	251	uint32_t m;
364		int fd;
365	252	struct libworker* w = (struct libworker*)arg;
366	253	struct ub_ctx* ctx = w->ctx;
367	254	log_thread_set(&w->thread_num);

369	256	/* we are forked */
370	257	w->is_bg_thread = 0;
371	258	/* close non-used parts of the pipes */
372		if(ctx->qqpipe[1] != -1) {
373		close(ctx->qqpipe[1]);
374		ctx->qqpipe[1] = -1;
375		}
376		if(ctx->rrpipe[0] != -1) {
377		close(ctx->rrpipe[0]);
378		ctx->rrpipe[0] = -1;
379		}
	259	tube_close_write(ctx->qq_pipe);
	260	tube_close_read(ctx->rr_pipe);
380	261	#endif
381	262	if(!w) {
382	263	log_err("libunbound bg worker init failed, nomem");
383	264	return NULL;
384	265	}
385		if(!(w->cmd_com=comm_point_create_raw(w->base, ctx->qqpipe[0], 0,
386		libworker_handle_control_cmd, w))) {
387		log_err("libunbound bg worker init failed, no cmdcom");
388		return NULL;
389		}
390		if(!(w->res_com=comm_point_create_raw(w->base, ctx->rrpipe[1], 1,
391		libworker_handle_result_write, w))) {
392		log_err("libunbound bg worker init failed, no rescom");
	266	if(!tube_setup_bg_listen(ctx->qq_pipe, w->base,
	267	libworker_handle_control_cmd, w)) {
	268	log_err("libunbound bg worker init failed, no bglisten");
	269	return NULL;
	270	}
	271	if(!tube_setup_bg_write(ctx->rr_pipe, w->base)) {
	272	log_err("libunbound bg worker init failed, no bgwrite");
393	273	return NULL;
394	274	}
395	275

397	277	comm_base_dispatch(w->base);
398	278
399	279	/* cleanup */
400		fd = ctx->rrpipe[1];
401		ctx->rrpipe[1] = -1;
402	280	m = UB_LIBCMD_QUIT;
	281	tube_remove_bg_listen(w->ctx->qq_pipe);
	282	tube_remove_bg_write(w->ctx->rr_pipe);
403	283	libworker_delete(w);
404		close(ctx->qqpipe[0]);
405		ctx->qqpipe[0] = -1;
406		(void)libworker_write_msg(fd, (uint8_t*)&m, (uint32_t)sizeof(m), 0);
407		close(fd);
	284	(void)tube_write_msg(ctx->rr_pipe, (uint8_t*)&m,
	285	(uint32_t)sizeof(m), 0);
	286	#ifdef THREADS_DISABLED
	287	/* close pipes from forked process before exit */
	288	tube_close_read(ctx->qq_pipe);
	289	tube_close_write(ctx->rr_pipe);
	290	#endif
408	291	return NULL;
409	292	}
410	293

433	316	w = libworker_setup(ctx, 1);
434	317	if(!w) fatal_exit("out of memory");
435	318	/* close non-used parts of the pipes */
436		close(ctx->qqpipe[1]);
437		close(ctx->rrpipe[0]);
438		ctx->qqpipe[1] = -1;
439		ctx->rrpipe[0] = -1;
	319	tube_close_write(ctx->qq_pipe);
	320	tube_close_read(ctx->rr_pipe);
440	321	(void)libworker_dobg(w);
441	322	exit(0);
442	323	break;

653	534	{
654	535	uint8_t* msg = NULL;
655	536	uint32_t len = 0;
656		struct libworker_res_list* item;
657	537
658	538	/* serialize and delete unneeded q */
659	539	if(w->is_bg_thread) {
660	540	lock_basic_lock(&w->ctx->cfglock);
661		q->msg_len = ldns_buffer_remaining(pkt);
662		q->msg = memdup(ldns_buffer_begin(pkt), q->msg_len);
663		if(!q->msg)
664		msg = context_serialize_answer(q, UB_NOMEM, NULL, &len);
665		else msg = context_serialize_answer(q, err, NULL, &len);
	541	if(pkt) {
	542	q->msg_len = ldns_buffer_remaining(pkt);
	543	q->msg = memdup(ldns_buffer_begin(pkt), q->msg_len);
	544	if(!q->msg)
	545	msg = context_serialize_answer(q, UB_NOMEM,
	546	NULL, &len);
	547	else msg = context_serialize_answer(q, err,
	548	NULL, &len);
	549	} else msg = context_serialize_answer(q, err, NULL, &len);
666	550	lock_basic_unlock(&w->ctx->cfglock);
667	551	} else {
668	552	msg = context_serialize_answer(q, err, pkt, &len);

675	559	log_err("out of memory for async answer");
676	560	return;
677	561	}
678		item = (struct libworker_res_list)malloc(sizeof(item));
679		if(!item) {
680		free(msg);
	562	if(!tube_queue_item(w->ctx->rr_pipe, msg, len)) {
681	563	log_err("out of memory for async answer");
682	564	return;
683		}
684		item->buf = msg;
685		item->len = len;
686		item->next = NULL;
687		/* add at back of list, since the first one may be partially written */
688		if(w->res_last)
689		w->res_last->next = item;
690		else w->res_list = item;
691		w->res_last = item;
692		if(w->res_list == w->res_last) {
693		/* first added item, start the write process */
694		comm_point_start_listening(w->res_com, -1, -1);
695	565	}
696	566	}
697	567

829	699	e.qsent = NULL;
830	700
831	701	if(error != 0) {
832		mesh_report_reply(lw->env->mesh, &e, 0, reply_info);
	702	mesh_report_reply(lw->env->mesh, &e, reply_info, error);
833	703	return 0;
834	704	}
835	705	/* sanity check. */

839	709	\|\| LDNS_QDCOUNT(ldns_buffer_begin(c->buffer)) > 1) {
840	710	/* error becomes timeout for the module as if this reply
841	711	* never arrived. */
842		mesh_report_reply(lw->env->mesh, &e, 0, reply_info);
	712	mesh_report_reply(lw->env->mesh, &e, reply_info,
	713	NETEVENT_TIMEOUT);
843	714	return 0;
844	715	}
845		mesh_report_reply(lw->env->mesh, &e, 1, reply_info);
	716	mesh_report_reply(lw->env->mesh, &e, reply_info, NETEVENT_NOERROR);
846	717	return 0;
847	718	}
848	719

854	725	struct libworker* lw = (struct libworker*)e->qstate->env->worker;
855	726
856	727	if(error != 0) {
857		mesh_report_reply(lw->env->mesh, e, 0, reply_info);
	728	mesh_report_reply(lw->env->mesh, e, reply_info, error);
858	729	return 0;
859	730	}
860	731	/* sanity check. */

864	735	\|\| LDNS_QDCOUNT(ldns_buffer_begin(c->buffer)) > 1) {
865	736	/* error becomes timeout for the module as if this reply
866	737	* never arrived. */
867		mesh_report_reply(lw->env->mesh, e, 0, reply_info);
	738	mesh_report_reply(lw->env->mesh, e, reply_info,
	739	NETEVENT_TIMEOUT);
868	740	return 0;
869	741	}
870		mesh_report_reply(lw->env->mesh, e, 1, reply_info);
871		return 0;
872		}
873
874		int
875		libworker_write_msg(int fd, uint8_t* buf, uint32_t len, int nonblock)
876		{
877		ssize_t r;
878		/* test */
879		if(nonblock) {
880		r = write(fd, &len, sizeof(len));
881		if(r == -1) {
882		if(errno==EINTR \|\| errno==EAGAIN)
883		return -1;
884		log_err("msg write failed: %s", strerror(errno));
885		return -1; /* can still continue, perhaps */
886		}
887		} else r = 0;
888		if(!fd_set_block(fd))
889		return 0;
890		/* write remainder */
891		if(r != (ssize_t)sizeof(len)) {
892		if(write(fd, (char*)(&len)+r, sizeof(len)-r) == -1) {
893		log_err("msg write failed: %s", strerror(errno));
894		(void)fd_set_nonblock(fd);
895		return 0;
896		}
897		}
898		if(write(fd, buf, len) == -1) {
899		log_err("msg write failed: %s", strerror(errno));
900		(void)fd_set_nonblock(fd);
901		return 0;
902		}
903		if(!fd_set_nonblock(fd))
904		return 0;
905		return 1;
906		}
907
908		int
909		libworker_read_msg(int fd, uint8_t** buf, uint32_t* len, int nonblock)
910		{
911		ssize_t r;
912
913		/* test */
914		*len = 0;
915		if(nonblock) {
916		r = read(fd, len, sizeof(*len));
917		if(r == -1) {
918		if(errno==EINTR \|\| errno==EAGAIN)
919		return -1;
920		log_err("msg read failed: %s", strerror(errno));
921		return -1; /* we can still continue, perhaps */
922		}
923		if(r == 0) /* EOF */
924		return 0;
925		} else r = 0;
926		if(!fd_set_block(fd))
927		return 0;
928		/* read remainder */
929		if(r != (ssize_t)sizeof(*len)) {
930		if((r=read(fd, (char)(len)+r, sizeof(len)-r)) == -1) {
931		log_err("msg read failed: %s", strerror(errno));
932		(void)fd_set_nonblock(fd);
933		return 0;
934		}
935		if(r == 0) /* EOF */ {
936		(void)fd_set_nonblock(fd);
937		return 0;
938		}
939		}
940		buf = (uint8_t)malloc(*len);
941		if(!*buf) {
942		log_err("out of memory");
943		(void)fd_set_nonblock(fd);
944		return 0;
945		}
946		if((r=read(fd, buf, len)) == -1) {
947		log_err("msg read failed: %s", strerror(errno));
948		(void)fd_set_nonblock(fd);
949		free(*buf);
950		return 0;
951		}
952		if(r == 0) { /* EOF */
953		(void)fd_set_nonblock(fd);
954		free(*buf);
955		return 0;
956		}
957		if(!fd_set_nonblock(fd)) {
958		free(*buf);
959		return 0;
960		}
961		return 1;
	742	mesh_report_reply(lw->env->mesh, e, reply_info, NETEVENT_NOERROR);
	743	return 0;
962	744	}
963	745
964	746	/* --- fake callbacks for fptr_wlist to work --- */
965		int worker_handle_control_cmd(struct comm_point* ATTR_UNUSED(c),
966		void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
967		struct comm_reply* ATTR_UNUSED(reply_info))
968		{
969		log_assert(0);
970		return 0;
	747	void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
	748	uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
	749	int ATTR_UNUSED(error), void* ATTR_UNUSED(arg))
	750	{
	751	log_assert(0);
971	752	}
972	753
973	754	int worker_handle_request(struct comm_point* ATTR_UNUSED(c),

989	770	int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c),
990	771	void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
991	772	struct comm_reply* ATTR_UNUSED(reply_info))
	773	{
	774	log_assert(0);
	775	return 0;
	776	}
	777
	778	int remote_accept_callback(struct comm_point* ATTR_UNUSED(c),
	779	void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
	780	struct comm_reply* ATTR_UNUSED(repinfo))
	781	{
	782	log_assert(0);
	783	return 0;
	784	}
	785
	786	int remote_control_callback(struct comm_point* ATTR_UNUSED(c),
	787	void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
	788	struct comm_reply* ATTR_UNUSED(repinfo))
992	789	{
993	790	log_assert(0);
994	791	return 0;

1024	821	log_assert(0);
1025	822	}
1026	823
1027		int
1028		acl_list_cmp(const void* ATTR_UNUSED(k1), const void* ATTR_UNUSED(k2))
1029		{
1030		log_assert(0);
1031		return 0;
1032		}
1033
1034	824	void worker_stat_timer_cb(void* ATTR_UNUSED(arg))
1035	825	{
1036	826	log_assert(0);

+5

-70

libunbound/libworker.h less more

54	54	struct module_qstate;
55	55	struct comm_point;
56	56	struct comm_reply;
57		struct libworker_res_list;
58	57	struct regional;
	58	struct tube;
59	59
60	60	/**
61	61	* The library-worker status structure

80	80	struct outside_network* back;
81	81	/** random() table for this worker. */
82	82	struct ub_randstate* rndstate;
83
84		/** commpoint to listen to commands */
85		struct comm_point* cmd_com;
86		/** are we currently reading a command, 0 if not, else bytecount */
87		size_t cmd_read;
88		/** size of current read command, may be partially read */
89		uint32_t cmd_len;
90		/** the current read command content, malloced, can be partially read*/
91		uint8_t* cmd_msg;
92
93		/** commpoint to write results back */
94		struct comm_point* res_com;
95		/** are we curently writing a result, 0 if not, else bytecount into
96		* the res_list first entry. */
97		size_t res_write;
98		/** list of outstanding results to be written back */
99		struct libworker_res_list* res_list;
100		/** last in list */
101		struct libworker_res_list* res_last;
102		};
103
104		/**
105		* List of results (arbitrary command serializations) to write back
106		*/
107		struct libworker_res_list {
108		/** next in list */
109		struct libworker_res_list* next;
110		/** serialized buffer to write */
111		uint8_t* buf;
112		/** length to write */
113		uint32_t len;
114	83	};
115	84
116	85	/**

179	148	struct comm_reply* reply_info);
180	149
181	150	/** handle control command coming into server */
182		int libworker_handle_control_cmd(struct comm_point* c, void* arg,
183		int err, struct comm_reply* rep);
	151	void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
	152	int err, void* arg);
184	153
185	154	/** handle opportunity to write result back */
186		int libworker_handle_result_write(struct comm_point* c, void* arg,
187		int err, struct comm_reply* rep);
188
189		/**
190		* Write length bytes followed by message.
191		* @param fd: the socket to write on. Is nonblocking.
192		* Set to blocking by the function,
193		* and back to non-blocking at exit of function.
194		* @param buf: the message.
195		* @param len: length of message.
196		* @param nonblock: if set to true, the first write is nonblocking.
197		* If the first write fails the function returns -1.
198		* If set false, the first write is blocking.
199		* @return: all remainder writes are nonblocking.
200		* return 0 on error, in that case blocking/nonblocking of socket is
201		* unknown.
202		* return 1 if all OK.
203		*/
204		int libworker_write_msg(int fd, uint8_t* buf, uint32_t len, int nonblock);
205
206		/**
207		* Read length bytes followed by message.
208		* @param fd: the socket to write on. Is nonblocking.
209		* Set to blocking by the function,
210		* and back to non-blocking at exit of function.
211		* @param buf: the message, malloced.
212		* @param len: length of message, returned.
213		* @param nonblock: if set to true, the first read is nonblocking.
214		* If the first read fails the function returns -1.
215		* If set false, the first read is blocking.
216		* @return: all remainder reads are nonblocking.
217		* return 0 on error, in that case blocking/nonblocking of socket is
218		* unknown. On EOF 0 is returned.
219		* return 1 if all OK.
220		*/
221		int libworker_read_msg(int fd, uint8_t** buf, uint32_t* len, int nonblock);
	155	void libworker_handle_result_write(struct tube* tube, uint8_t* msg, size_t len,
	156	int err, void* arg);
222	157
223	158	/**
224	159	* fill result from parsed message, on error fills servfail

+92

-69

services/cache/dns.c less more

100	100	slabhash_insert(env->msg_cache, hash, &e->entry, rep, env->alloc);
101	101	}
102	102
103		/** allocate rrset in region - no more locks needed */
104		static struct ub_packed_rrset_key*
105		copy_rrset(struct ub_packed_rrset_key* key, struct regional* region,
106		uint32_t now)
107		{
108		struct ub_packed_rrset_key* ck = regional_alloc(region,
109		sizeof(struct ub_packed_rrset_key));
110		struct packed_rrset_data* d;
111		struct packed_rrset_data* data = (struct packed_rrset_data*)
112		key->entry.data;
113		size_t dsize, i;
114		if(!ck)
115		return NULL;
116		ck->id = key->id;
117		memset(&ck->entry, 0, sizeof(ck->entry));
118		ck->entry.hash = key->entry.hash;
119		ck->entry.key = ck;
120		ck->rk = key->rk;
121		ck->rk.dname = regional_alloc_init(region, key->rk.dname,
122		key->rk.dname_len);
123		if(!ck->rk.dname)
124		return NULL;
125		dsize = packed_rrset_sizeof(data);
126		d = (struct packed_rrset_data*)regional_alloc_init(region, data, dsize);
127		if(!d)
128		return NULL;
129		ck->entry.data = d;
130		packed_rrset_ptr_fixup(d);
131		/* make TTLs relative - once per rrset */
132		for(i=0; i<d->count + d->rrsig_count; i++)
133		d->rr_ttl[i] -= now;
134		d->ttl -= now;
135		return ck;
136		}
137
138	103	/** find closest NS or DNAME and returns the rrset (locked) */
139	104	static struct ub_packed_rrset_key*
140	105	find_closest_of_type(struct module_env* env, uint8_t* qname, size_t qnamelen,

170	135	struct dns_msg* msg, uint32_t now)
171	136	{
172	137	if((msg->rep->rrsets[msg->rep->rrset_count] =
173		copy_rrset(rrset, region, now))) {
	138	packed_rrset_copy_region(rrset, region, now))) {
174	139	msg->rep->ar_numrrsets++;
175	140	msg->rep->rrset_count++;
176	141	}
	142	}
	143
	144	/** lookup message in message cache */
	145	static struct msgreply_entry*
	146	msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen,
	147	uint16_t qtype, uint16_t qclass, uint32_t now, int wr)
	148	{
	149	struct lruhash_entry* e;
	150	struct query_info k;
	151	hashvalue_t h;
	152
	153	k.qname = qname;
	154	k.qname_len = qnamelen;
	155	k.qtype = qtype;
	156	k.qclass = qclass;
	157	h = query_info_hash(&k);
	158	e = slabhash_lookup(env->msg_cache, h, &k, wr);
	159
	160	if(!e) return NULL;
	161	if( now > ((struct reply_info*)e->data)->ttl ) {
	162	lock_rw_unlock(&e->lock);
	163	return NULL;
	164	}
	165	return (struct msgreply_entry*)e->key;
177	166	}
178	167
179	168	/** find and add A and AAAA records for nameservers in delegpt */

183	172	struct dns_msg** msg)
184	173	{
185	174	struct delegpt_ns* ns;
	175	struct msgreply_entry* neg;
186	176	struct ub_packed_rrset_key* akey;
187	177	for(ns = dp->nslist; ns; ns = ns->next) {
188	178	akey = rrset_cache_lookup(env->rrset_cache, ns->name,
189	179	ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
190	180	if(akey) {
191		if(!delegpt_add_rrset_A(dp, region, akey)) {
	181	if(!delegpt_add_rrset_A(dp, region, akey, 0)) {
192	182	lock_rw_unlock(&akey->entry.lock);
193	183	return 0;
194	184	}
195	185	if(msg)
196	186	addr_to_additional(akey, region, *msg, now);
197	187	lock_rw_unlock(&akey->entry.lock);
	188	} else {
	189	neg = msg_cache_lookup(env, ns->name, ns->namelen,
	190	LDNS_RR_TYPE_A, qclass, now, 0);
	191	if(neg) {
	192	delegpt_add_neg_msg(dp, neg);
	193	lock_rw_unlock(&neg->entry.lock);
	194	}
198	195	}
199	196	akey = rrset_cache_lookup(env->rrset_cache, ns->name,
200	197	ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
201	198	if(akey) {
202		if(!delegpt_add_rrset_AAAA(dp, region, akey)) {
	199	if(!delegpt_add_rrset_AAAA(dp, region, akey, 0)) {
203	200	lock_rw_unlock(&akey->entry.lock);
204	201	return 0;
205	202	}
206	203	if(msg)
207	204	addr_to_additional(akey, region, *msg, now);
208	205	lock_rw_unlock(&akey->entry.lock);
	206	} else {
	207	neg = msg_cache_lookup(env, ns->name, ns->namelen,
	208	LDNS_RR_TYPE_AAAA, qclass, now, 0);
	209	if(neg) {
	210	delegpt_add_neg_msg(dp, neg);
	211	lock_rw_unlock(&neg->entry.lock);
	212	}
209	213	}
210	214	}
211	215	return 1;

217	221	struct regional* region, struct delegpt* dp)
218	222	{
219	223	struct delegpt_ns* ns;
	224	struct msgreply_entry* neg;
220	225	struct ub_packed_rrset_key* akey;
221	226	uint32_t now = *env->now;
222	227	for(ns = dp->nslist; ns; ns = ns->next) {

225	230	akey = rrset_cache_lookup(env->rrset_cache, ns->name,
226	231	ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
227	232	if(akey) {
228		if(!delegpt_add_rrset_A(dp, region, akey)) {
	233	if(!delegpt_add_rrset_A(dp, region, akey, 1)) {
229	234	lock_rw_unlock(&akey->entry.lock);
230	235	return 0;
231	236	}
232	237	log_nametypeclass(VERB_ALGO, "found in cache",
233	238	ns->name, LDNS_RR_TYPE_A, qclass);
234	239	lock_rw_unlock(&akey->entry.lock);
	240	} else {
	241	neg = msg_cache_lookup(env, ns->name, ns->namelen,
	242	LDNS_RR_TYPE_A, qclass, now, 0);
	243	if(neg) {
	244	delegpt_add_neg_msg(dp, neg);
	245	lock_rw_unlock(&neg->entry.lock);
	246	}
235	247	}
236	248	akey = rrset_cache_lookup(env->rrset_cache, ns->name,
237	249	ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
238	250	if(akey) {
239		if(!delegpt_add_rrset_AAAA(dp, region, akey)) {
	251	if(!delegpt_add_rrset_AAAA(dp, region, akey, 1)) {
240	252	lock_rw_unlock(&akey->entry.lock);
241	253	return 0;
242	254	}
243	255	log_nametypeclass(VERB_ALGO, "found in cache",
244	256	ns->name, LDNS_RR_TYPE_AAAA, qclass);
245	257	lock_rw_unlock(&akey->entry.lock);
	258	} else {
	259	neg = msg_cache_lookup(env, ns->name, ns->namelen,
	260	LDNS_RR_TYPE_AAAA, qclass, now, 0);
	261	if(neg) {
	262	delegpt_add_neg_msg(dp, neg);
	263	lock_rw_unlock(&neg->entry.lock);
	264	}
246	265	}
247	266	}
248	267	return 1;

270	289	if(rrset) {
271	290	/* add it to auth section. This is the second rrset. */
272	291	if((msg->rep->rrsets[msg->rep->rrset_count] =
273		copy_rrset(rrset, region, now))) {
	292	packed_rrset_copy_region(rrset, region, now))) {
274	293	msg->rep->ns_numrrsets++;
275	294	msg->rep->rrset_count++;
276	295	}

278	297	}
279	298	}
280	299
281		/** create referral message with NS and query */
282		static struct dns_msg*
283		create_msg(uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
284		struct regional* region, struct ub_packed_rrset_key* nskey,
285		struct packed_rrset_data* nsdata, uint32_t now)
	300	struct dns_msg*
	301	dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype,
	302	uint16_t qclass, struct regional* region, size_t capacity)
286	303	{
287	304	struct dns_msg* msg = (struct dns_msg*)regional_alloc(region,
288	305	sizeof(struct dns_msg));

295	312	msg->qinfo.qtype = qtype;
296	313	msg->qinfo.qclass = qclass;
297	314	/* non-packed reply_info, because it needs to grow the array */
298		msg->rep = (struct reply_info*)regional_alloc(region,
	315	msg->rep = (struct reply_info*)regional_alloc_zero(region,
299	316	sizeof(struct reply_info)-sizeof(struct rrset_ref));
300	317	if(!msg->rep)
301	318	return NULL;
302		memset(msg->rep, 0,
303		sizeof(struct reply_info)-sizeof(struct rrset_ref));
304	319	msg->rep->flags = BIT_QR; /* with QR, no AA */
305	320	msg->rep->qdcount = 1;
306		/* allocate the array to as much as we could need:
307		* NS rrset + DS/NSEC rrset +
308		* A rrset for every NS RR
309		* AAAA rrset for every NS RR
310		*/
311	321	msg->rep->rrsets = (struct ub_packed_rrset_key**)
312	322	regional_alloc(region,
313		(2 + nsdata->count2)sizeof(struct ub_packed_rrset_key*));
	323	capacitysizeof(struct ub_packed_rrset_key));
314	324	if(!msg->rep->rrsets)
315	325	return NULL;
316		msg->rep->rrsets[0] = copy_rrset(nskey, region, now);
317		if(!msg->rep->rrsets[0])
318		return NULL;
	326	return msg;
	327	}
	328
	329	int
	330	dns_msg_authadd(struct dns_msg* msg, struct regional* region,
	331	struct ub_packed_rrset_key* rrset, uint32_t now)
	332	{
	333	if(!(msg->rep->rrsets[msg->rep->rrset_count++] =
	334	packed_rrset_copy_region(rrset, region, now)))
	335	return 0;
319	336	msg->rep->ns_numrrsets++;
320		msg->rep->rrset_count++;
321		return msg;
	337	return 1;
322	338	}
323	339
324	340	struct delegpt*

345	361	}
346	362	/* create referral message */
347	363	if(msg) {
348		*msg = create_msg(qname, qnamelen, qtype, qclass, region,
349		nskey, nsdata, now);
350		if(!*msg) {
	364	/* allocate the array to as much as we could need:
	365	* NS rrset + DS/NSEC rrset +
	366	* A rrset for every NS RR
	367	* AAAA rrset for every NS RR
	368	*/
	369	*msg = dns_msg_create(qname, qnamelen, qtype, qclass, region,
	370	2 + nsdata->count*2);
	371	if(!msg \|\| !dns_msg_authadd(msg, region, nskey, now)) {
351	372	lock_rw_unlock(&nskey->entry.lock);
352	373	log_err("find_delegation: out of memory");
353	374	return NULL;

413	434	if(!rrset_array_lock(r->ref, r->rrset_count, now))
414	435	return NULL;
415	436	for(i=0; i<msg->rep->rrset_count; i++) {
416		msg->rep->rrsets[i] = copy_rrset(r->rrsets[i], region, now);
	437	msg->rep->rrsets[i] = packed_rrset_copy_region(r->rrsets[i],
	438	region, now);
417	439	if(!msg->rep->rrsets[i]) {
418	440	rrset_array_unlock(r->ref, r->rrset_count);
419	441	return NULL;

445	467	msg->rep->ns_numrrsets = 0;
446	468	msg->rep->ar_numrrsets = 0;
447	469	msg->rep->rrset_count = 1;
448		msg->rep->rrsets[0] = copy_rrset(rrset, region, now);
	470	msg->rep->rrsets[0] = packed_rrset_copy_region(rrset, region, now);
449	471	if(!msg->rep->rrsets[0]) /* copy CNAME */
450	472	return NULL;
451	473	return msg;

479	501	msg->rep->ns_numrrsets = 0;
480	502	msg->rep->ar_numrrsets = 0;
481	503	msg->rep->rrset_count = 1;
482		msg->rep->rrsets[0] = copy_rrset(rrset, region, now);
	504	msg->rep->rrsets[0] = packed_rrset_copy_region(rrset, region, now);
483	505	if(!msg->rep->rrsets[0]) /* copy DNAME */
484	506	return NULL;
485	507	/* synth CNAME rrset */

514	536	return NULL;
515	537	ck->rk.dname_len = q->qname_len;
516	538	ck->entry.hash = rrset_key_hash(&ck->rk);
517		newd = (struct packed_rrset_data*)regional_alloc(region,
	539	newd = (struct packed_rrset_data*)regional_alloc_zero(region,
518	540	sizeof(struct packed_rrset_data) + sizeof(size_t) +
519	541	sizeof(uint8_t*) + sizeof(uint32_t) + sizeof(uint16_t)
520	542	+ newlen);

594	616	lock_rw_unlock(&rrset->entry.lock);
595	617	}
596	618
597		/* construct DS, DNSKEY messages from rrset cache. */
598		if((qtype == LDNS_RR_TYPE_DS \|\| qtype == LDNS_RR_TYPE_DNSKEY) &&
	619	/* construct DS, DNSKEY, DLV messages from rrset cache. */
	620	if((qtype == LDNS_RR_TYPE_DS \|\| qtype == LDNS_RR_TYPE_DNSKEY \|\|
	621	qtype == LDNS_RR_TYPE_DLV) &&
599	622	(rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
600	623	qtype, qclass, 0, now, 0))) {
601	624	/* if the rrset is from the additional section, and the

+26

-0

services/cache/dns.h less more

136	136	int cache_fill_missing(struct module_env* env, uint16_t qclass,
137	137	struct regional* region, struct delegpt* dp);
138	138
	139	/**
	140	* Utility, create new, unpacked data structure for cache response.
	141	* QR bit set, no AA. Query set as indicated. Space for number of rrsets.
	142	* @param qname: query section name
	143	* @param qnamelen: len of qname
	144	* @param qtype: query section type
	145	* @param qclass: query section class
	146	* @param region: where to alloc.
	147	* @param capacity: number of rrsets space to create in the array.
	148	* @return new dns_msg struct or NULL on mem fail.
	149	*/
	150	struct dns_msg* dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype,
	151	uint16_t qclass, struct regional* region, size_t capacity);
	152
	153	/**
	154	* Add rrset to authority section in unpacked dns_msg message. Must have enough
	155	* space left, does not grow the array.
	156	* @param msg: msg to put it in.
	157	* @param region: region to alloc in
	158	* @param rrset: to add in authority section
	159	* @param now: now.
	160	* @return true if worked, false on fail
	161	*/
	162	int dns_msg_authadd(struct dns_msg* msg, struct regional* region,
	163	struct ub_packed_rrset_key* rrset, uint32_t now);
	164
139	165	#endif /* SERVICES_CACHE_DNS_H */

+50

-20

services/cache/infra.c less more

135	135	hash_addr(struct sockaddr_storage* addr, socklen_t addrlen)
136	136	{
137	137	hashvalue_t h = 0xab;
138		h = hashlittle(&addrlen, sizeof(addrlen), h);
139		h = hashlittle(addr, addrlen, h);
	138	/* select the pieces to hash, some OS have changing data inside */
	139	if(addr_is_ip6(addr, addrlen)) {
	140	struct sockaddr_in6* in6 = (struct sockaddr_in6*)addr;
	141	h = hashlittle(&in6->sin6_family, sizeof(in6->sin6_family), h);
	142	h = hashlittle(&in6->sin6_port, sizeof(in6->sin6_port), h);
	143	h = hashlittle(&in6->sin6_addr, INET6_SIZE, h);
	144	} else {
	145	struct sockaddr_in* in = (struct sockaddr_in*)addr;
	146	h = hashlittle(&in->sin_family, sizeof(in->sin_family), h);
	147	h = hashlittle(&in->sin_port, sizeof(in->sin_port), h);
	148	h = hashlittle(&in->sin_addr, INET_SIZE, h);
	149	}
140	150	return h;
141	151	}
142	152

207	217	data->ttl = tm + infra->host_ttl;
208	218	data->lameness = NULL;
209	219	data->edns_version = 0;
	220	data->edns_lame_known = 0;
210	221	rtt_init(&data->rtt);
211	222	return &key->entry;
212	223	}
213	224
214	225	int
215	226	infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
216		socklen_t addrlen, uint32_t timenow, int* edns_vs, int* to)
	227	socklen_t addrlen, uint32_t timenow, int* edns_vs,
	228	uint8_t* edns_lame_known, int* to)
217	229	{
218	230	struct lruhash_entry* e = infra_lookup_host_nottl(infra, addr,
219	231	addrlen, 0);

230	242	rtt_init(&data->rtt);
231	243	/* do not touch lameness, it may be valid still */
232	244	data->edns_version = 0;
	245	data->edns_lame_known = 0;
233	246	}
234	247	}
235	248	if(!e) {

239	252	data = (struct infra_host_data*)e->data;
240	253	*to = rtt_timeout(&data->rtt);
241	254	*edns_vs = data->edns_version;
	255	*edns_lame_known = data->edns_lame_known;
242	256	slabhash_insert(infra->hosts, e->hash, e, data, NULL);
243	257	return 1;
244	258	}

246	260	data = (struct infra_host_data*)e->data;
247	261	*to = rtt_timeout(&data->rtt);
248	262	*edns_vs = data->edns_version;
	263	*edns_lame_known = data->edns_lame_known;
249	264	lock_rw_unlock(&e->lock);
250	265	return 1;
251	266	}
252	267
253	268	/** hash lameness key */
254	269	static hashvalue_t
255		hash_lameness(uint8_t* name, size_t namelen)
256		{
257		return hashlittle(name, namelen, 0xab);
	270	hash_lameness(uint8_t* name)
	271	{
	272	return dname_query_hash(name, 0xab);
258	273	}
259	274
260	275	int
261	276	infra_lookup_lame(struct infra_host_data* host,
262	277	uint8_t* name, size_t namelen, uint32_t timenow,
263		int* dlame, int* alame, int* olame)
	278	int* dlame, int* rlame, int* alame, int* olame)
264	279	{
265	280	struct lruhash_entry* e;
266	281	struct infra_lame_key k;
267	282	struct infra_lame_data *d;
268	283	if(!host->lameness)
269	284	return 0;
270		k.entry.hash = hash_lameness(name, namelen);
	285	k.entry.hash = hash_lameness(name);
271	286	k.zonename = name;
272	287	k.namelen = namelen;
273	288	k.entry.key = (void*)&k;

281	296	return 0;
282	297	}
283	298	*dlame = d->isdnsseclame;
	299	*rlame = d->rec_lame;
284	300	*alame = d->lame_type_A;
285	301	*olame = d->lame_other;
286	302	lock_rw_unlock(&e->lock);
287		return dlame \|\| alame \|\| *olame;
	303	return dlame \|\| rlame \|\| alame \|\| olame;
288	304	}
289	305
290	306	size_t

331	347	infra_set_lame(struct infra_cache* infra,
332	348	struct sockaddr_storage* addr, socklen_t addrlen,
333	349	uint8_t* name, size_t namelen, uint32_t timenow, int dnsseclame,
334		uint16_t qtype)
	350	int reclame, uint16_t qtype)
335	351	{
336	352	struct infra_host_data* data;
337	353	struct lruhash_entry* e;

358	374	return 0;
359	375	}
360	376	lock_rw_init(&k->entry.lock);
361		k->entry.hash = hash_lameness(name, namelen);
	377	k->entry.hash = hash_lameness(name);
362	378	k->entry.key = (void*)k;
363	379	k->entry.data = (void*)d;
364	380	d->ttl = timenow + infra->lame_ttl;
365	381	d->isdnsseclame = dnsseclame;
366		d->lame_type_A = (!dnsseclame && qtype == LDNS_RR_TYPE_A);
367		d->lame_other = (!dnsseclame && qtype != LDNS_RR_TYPE_A);
	382	d->rec_lame = reclame;
	383	d->lame_type_A = (!dnsseclame && !reclame && qtype == LDNS_RR_TYPE_A);
	384	d->lame_other = (!dnsseclame && !reclame && qtype != LDNS_RR_TYPE_A);
368	385	k->namelen = namelen;
369	386	e = infra_lookup_host_nottl(infra, addr, addrlen, 1);
370	387	if(!e) {

398	415	}
399	416	} else {
400	417	/* lookup existing lameness entry (if any) and merge data */
401		int dlame, alame, olame;
	418	int dlame, rlame, alame, olame;
402	419	if(infra_lookup_lame(data, name, namelen, timenow,
403		&dlame, &alame, &olame)) {
	420	&dlame, &rlame, &alame, &olame)) {
404	421	/* merge data into new structure */
405	422	if(dlame) d->isdnsseclame = 1;
	423	if(rlame) d->rec_lame = 1;
406	424	if(alame) d->lame_type_A = 1;
407	425	if(olame) d->lame_other = 1;
408	426	}

437	455	int
438	456	infra_rtt_update(struct infra_cache* infra,
439	457	struct sockaddr_storage* addr, socklen_t addrlen,
440		int roundtrip, uint32_t timenow)
	458	int roundtrip, int orig_rtt, uint32_t timenow)
441	459	{
442	460	struct lruhash_entry* e = infra_lookup_host_nottl(infra, addr,
443	461	addrlen, 1);

453	471	data = (struct infra_host_data*)e->data;
454	472	data->ttl = timenow + infra->host_ttl;
455	473	if(roundtrip == -1)
456		rtt_lost(&data->rtt);
	474	rtt_lost(&data->rtt, orig_rtt);
457	475	else rtt_update(&data->rtt, roundtrip);
458	476	if(data->rtt.rto > 0)
459	477	rto = data->rtt.rto;

482	500	data = (struct infra_host_data*)e->data;
483	501	data->ttl = timenow + infra->host_ttl;
484	502	data->edns_version = edns_version;
	503	data->edns_lame_known = 1;
485	504
486	505	if(needtoinsert)
487	506	slabhash_insert(infra->hosts, e->hash, e, e->data, NULL);

493	512	infra_get_lame_rtt(struct infra_cache* infra,
494	513	struct sockaddr_storage* addr, socklen_t addrlen,
495	514	uint8_t* name, size_t namelen, uint16_t qtype,
496		int* lame, int* dnsseclame, int* rtt, uint32_t timenow)
	515	int* lame, int* dnsseclame, int* reclame, int* rtt, uint32_t timenow)
497	516	{
498	517	struct infra_host_data* host;
499	518	struct lruhash_entry* e = infra_lookup_host_nottl(infra, addr,
500	519	addrlen, 0);
501		int dlm, alm, olm;
	520	int dlm, rlm, alm, olm;
502	521	if(!e)
503	522	return 0;
504	523	host = (struct infra_host_data*)e->data;
505	524	*rtt = rtt_unclamped(&host->rtt);
506	525	/* check lameness first, if so, ttl on host does not matter anymore */
507		if(infra_lookup_lame(host, name, namelen, timenow, &dlm, &alm, &olm)) {
	526	if(infra_lookup_lame(host, name, namelen, timenow,
	527	&dlm, &rlm, &alm, &olm)) {
508	528	if(alm && qtype == LDNS_RR_TYPE_A) {
509	529	lock_rw_unlock(&e->lock);
510	530	*lame = 1;
511	531	*dnsseclame = 0;
	532	*reclame = 0;
512	533	return 1;
513	534	} else if(olm && qtype != LDNS_RR_TYPE_A) {
514	535	lock_rw_unlock(&e->lock);
515	536	*lame = 1;
516	537	*dnsseclame = 0;
	538	*reclame = 0;
517	539	return 1;
518	540	} else if(dlm) {
519	541	lock_rw_unlock(&e->lock);
520	542	*lame = 0;
521	543	*dnsseclame = 1;
	544	*reclame = 0;
	545	return 1;
	546	} else if(rlm) {
	547	lock_rw_unlock(&e->lock);
	548	*lame = 0;
	549	*dnsseclame = 0;
	550	*reclame = 1;
522	551	return 1;
523	552	}
524	553	/* no lameness for this type of query */
525	554	}
526	555	*lame = 0;
527	556	*dnsseclame = 0;
	557	*reclame = 0;
528	558	if(timenow > host->ttl) {
529	559	lock_rw_unlock(&e->lock);
530	560	return 0;

+20

-5

services/cache/infra.h less more

69	69	struct lruhash* lameness;
70	70	/** edns version that the host supports, -1 means no EDNS */
71	71	int edns_version;
	72	/** if the EDNS lameness is already known or not.
	73	* EDNS lame is when EDNS queries or replies are dropped,
	74	* and cause a timeout */
	75	uint8_t edns_lame_known;
72	76	};
73	77
74	78	/**

93	97	/** is the host lame (does not serve the zone authoritatively),
94	98	* or is the host dnssec lame (does not serve DNSSEC data) */
95	99	int isdnsseclame;
	100	/** is the host recursion lame (not AA, but RA) */
	101	int rec_lame;
96	102	/** the host is lame (not authoritative) for A records */
97	103	int lame_type_A;
98	104	/** the host is lame (not authoritative) for other query types */

165	171	* @param addrlen: length of addr.
166	172	* @param timenow: what time it is now.
167	173	* @param edns_vs: edns version it supports, is returned.
	174	* @param edns_lame_known: if EDNS lame (EDNS is dropped in transit) has
	175	* already been probed, is returned.
168	176	* @param to: timeout to use, is returned.
169	177	* @return: 0 on error.
170	178	*/
171	179	int infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
172		socklen_t addrlen, uint32_t timenow, int* edns_vs, int* to);
	180	socklen_t addrlen, uint32_t timenow, int* edns_vs,
	181	uint8_t* edns_lame_known, int* to);
173	182
174	183	/**
175	184	* Check for lameness of this server for a particular zone.

179	188	* @param namelen: length of domain name.
180	189	* @param timenow: what time it is now.
181	190	* @param dlame: if the function returns true, is set true if dnssec lame.
	191	* @param rlame: if the function returns true, is set true if recursion lame.
182	192	* @param alame: if the function returns true, is set true if qtype A lame.
183	193	* @param olame: if the function returns true, is set true if qtype other lame.
184	194	* @return: 0 if not lame or unknown or timed out, 1 if lame
185	195	*/
186	196	int infra_lookup_lame(struct infra_host_data* host,
187	197	uint8_t* name, size_t namelen, uint32_t timenow,
188		int* dlame, int* alame, int* olame);
	198	int* dlame, int* rlame, int* alame, int* olame);
189	199
190	200	/**
191	201	* Set a host to be lame for the given zone.

197	207	* @param timenow: what time it is now.
198	208	* @param dnsseclame: if true the host is set dnssec lame.
199	209	* if false, the host is marked lame (not serving the zone).
	210	* @param reclame: if true host is a recursor not AA server.
	211	* if false, dnsseclame or marked lame.
200	212	* @param qtype: the query type for which it is lame.
201	213	* @return: 0 on error.
202	214	*/
203	215	int infra_set_lame(struct infra_cache* infra,
204	216	struct sockaddr_storage* addr, socklen_t addrlen,
205	217	uint8_t* name, size_t namelen, uint32_t timenow, int dnsseclame,
206		uint16_t qtype);
	218	int reclame, uint16_t qtype);
207	219
208	220	/**
209	221	* Update rtt information for the host.

212	224	* @param addrlen: length of addr.
213	225	* @param roundtrip: estimate of roundtrip time in milliseconds or -1 for
214	226	* timeout.
	227	* @param orig_rtt: original rtt for the query that timed out (roundtrip==-1).
	228	* ignored if roundtrip != -1.
215	229	* @param timenow: what time it is now.
216	230	* @return: 0 on error. new rto otherwise.
217	231	*/
218	232	int infra_rtt_update(struct infra_cache* infra,
219	233	struct sockaddr_storage* addr, socklen_t addrlen,
220		int roundtrip, uint32_t timenow);
	234	int roundtrip, int orig_rtt, uint32_t timenow);
221	235
222	236	/**
223	237	* Update information for the host, store that a TCP transaction works.

252	266	* @param lame: if function returns true, this returns lameness of the zone.
253	267	* @param dnsseclame: if function returns true, this returns if the zone
254	268	* is dnssec-lame.
	269	* @param reclame: if function returns true, this is if it is recursion lame.
255	270	* @param rtt: if function returns true, this returns avg rtt of the server.
256	271	* The rtt value is unclamped and reflects recent timeouts.
257	272	* @param timenow: what time it is now.

260	275	int infra_get_lame_rtt(struct infra_cache* infra,
261	276	struct sockaddr_storage* addr, socklen_t addrlen,
262	277	uint8_t* name, size_t namelen, uint16_t qtype,
263		int* lame, int* dnsseclame, int* rtt, uint32_t timenow);
	278	int* lame, int* dnsseclame, int* reclame, int* rtt, uint32_t timenow);
264	279
265	280	/**
266	281	* Get memory used by the infra cache.

+37

-6

services/cache/rrset.c less more

123	123	{
124	124	struct packed_rrset_data* newd = (struct packed_rrset_data*)nd;
125	125	struct packed_rrset_data* cached = (struct packed_rrset_data*)cd;
126		/* o store if rrset has been validated */
127		if( newd->security > cached->security) {
	126	/* o store if rrset has been validated
	127	* everything better than bogus data
	128	* secure is preferred */
	129	if( newd->security == sec_status_secure &&
	130	cached->security != sec_status_secure)
128	131	return 1;
129		}
	132	if( cached->security == sec_status_bogus &&
	133	newd->security != sec_status_bogus && !equal)
	134	return 1;
130	135	/* o if current RRset is more trustworthy - insert it */
131	136	if( newd->trust > cached->trust ) {
132	137	/* if the cached rrset is bogus, and this one equal,

328	333	}
329	334	/* update the cached rrset */
330	335	if(updata->security > cachedata->security) {
331		cachedata->trust = updata->trust;
	336	size_t i;
	337	if(updata->trust > cachedata->trust)
	338	cachedata->trust = updata->trust;
332	339	cachedata->security = updata->security;
333	340	cachedata->ttl = updata->ttl + now;
	341	for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
	342	cachedata->rr_ttl[i] = updata->rr_ttl[i]+now;
334	343	}
335	344	lock_rw_unlock(&e->lock);
336	345	}

357	366	}
358	367	if(cachedata->security > updata->security) {
359	368	updata->security = cachedata->security;
360		if(cachedata->security == sec_status_bogus)
	369	if(cachedata->security == sec_status_bogus) {
	370	size_t i;
361	371	updata->ttl = cachedata->ttl - now;
362		updata->trust = cachedata->trust;
	372	for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
	373	if(cachedata->rr_ttl[i] < now)
	374	updata->rr_ttl[i] = 0;
	375	else updata->rr_ttl[i] =
	376	cachedata->rr_ttl[i]-now;
	377	}
	378	if(cachedata->trust > updata->trust)
	379	updata->trust = cachedata->trust;
363	380	}
364	381	lock_rw_unlock(&e->lock);
365	382	}
	383
	384	void rrset_cache_remove(struct rrset_cache* r, uint8_t* nm, size_t nmlen,
	385	uint16_t type, uint16_t dclass, uint32_t flags)
	386	{
	387	struct ub_packed_rrset_key key;
	388	key.entry.key = &key;
	389	key.rk.dname = nm;
	390	key.rk.dname_len = nmlen;
	391	key.rk.rrset_class = htons(dclass);
	392	key.rk.type = htons(type);
	393	key.rk.flags = flags;
	394	key.entry.hash = rrset_key_hash(&key.rk);
	395	slabhash_remove(&r->table, key.entry.hash, &key);
	396	}

+12

-0

services/cache/rrset.h less more

208	208	void rrset_check_sec_status(struct rrset_cache* r,
209	209	struct ub_packed_rrset_key* rrset, uint32_t now);
210	210
	211	/**
	212	* Remove an rrset from the cache, by name and type and flags
	213	* @param r: rrset cache
	214	* @param nm: name of rrset
	215	* @param nmlen: length of name
	216	* @param type: type of rrset
	217	* @param dclass: class of rrset, host order
	218	* @param flags: flags of rrset, host order
	219	*/
	220	void rrset_cache_remove(struct rrset_cache* r, uint8_t* nm, size_t nmlen,
	221	uint16_t type, uint16_t dclass, uint32_t flags);
	222
211	223	/** mark rrset to be deleted, set id=0 */
212	224	void rrset_markdel(void* key);
213	225

+14

-16

services/listen_dnsport.c less more

189	189	return s;
190	190	}
191	191
192		/**
193		* Create and bind TCP listening socket
194		* @param addr: address info ready to make socket.
195		* @param v6only: enable ip6 only flag on ip6 sockets.
196		* @param noproto: if error caused by lack of protocol support.
197		* @return: the socket. -1 on error.
198		*/
199		static int
	192	int
200	193	create_tcp_accept_sock(struct addrinfo addr, int v6only, int noproto)
201	194	{
202	195	int s;

531	524	return front;
532	525	}
533	526
534		void
535		listen_delete(struct listen_dnsport* front)
536		{
537		struct listen_list p, pn;
538		if(!front)
539		return;
540		p = front->cps;
	527	void
	528	listen_list_delete(struct listen_list* list)
	529	{
	530	struct listen_list p = list, pn;
541	531	while(p) {
542	532	pn = p->next;
543	533	comm_point_delete(p->com);
544	534	free(p);
545	535	p = pn;
546	536	}
	537	}
	538
	539	void
	540	listen_delete(struct listen_dnsport* front)
	541	{
	542	if(!front)
	543	return;
	544	listen_list_delete(front->cps);
547	545	ldns_buffer_free(front->udp_buff);
548	546	free(front);
549	547	}

604	602	return NULL;
605	603	}
606	604	if(do_auto && (!do_ip4 \|\| !do_ip6)) {
607		log_warn("interface_automatic option does not work when IP4 or IP6 is not enabled. Disabling option.");
	605	log_warn("interface_automatic option does not work when either do-ip4 or do-ip6 is not enabled. Disabling option.");
608	606	do_auto = 0;
609	607	}
610	608	/* create ip4 and ip6 ports so that return addresses are nice. */

+17

-0

services/listen_dnsport.h less more

45	45	#include "util/netevent.h"
46	46	struct listen_list;
47	47	struct config_file;
	48	struct addrinfo;
48	49
49	50	/**
50	51	* Listening for queries structure.

155	156	void listen_delete(struct listen_dnsport* listen);
156	157
157	158	/**
	159	* delete listen_list of commpoints. Calls commpointdelete() on items.
	160	* This may close the fds or not depending on flags.
	161	* @param list: to delete.
	162	*/
	163	void listen_list_delete(struct listen_list* list);
	164
	165	/**
158	166	* get memory size used by the listening structs
159	167	* @param listen: listening structure.
160	168	* @return: size in bytes.

177	185	int create_udp_sock(int family, int socktype, struct sockaddr* addr,
178	186	socklen_t addrlen, int v6only, int* inuse, int* noproto);
179	187
	188	/**
	189	* Create and bind TCP listening socket
	190	* @param addr: address info ready to make socket.
	191	* @param v6only: enable ip6 only flag on ip6 sockets.
	192	* @param noproto: if error caused by lack of protocol support.
	193	* @return: the socket. -1 on error.
	194	*/
	195	int create_tcp_accept_sock(struct addrinfo addr, int v6only, int noproto);
	196
180	197	#endif /* LISTEN_DNSPORT_H */

+319

-38

services/localzone.c less more

56	56	if(!zones)
57	57	return NULL;
58	58	rbtree_init(&zones->ztree, &local_zone_cmp);
	59	lock_quick_init(&zones->lock);
	60	lock_protect(&zones->lock, &zones->ztree, sizeof(zones->ztree));
	61	/* also lock protects the rbnode's in struct local_zone */
59	62	return zones;
60	63	}
61	64

72	75	{
73	76	if(!zones)
74	77	return;
	78	lock_quick_destroy(&zones->lock);
75	79	/* walk through zones and delete them all */
76	80	traverse_postorder(&zones->ztree, lzdel, NULL);
77	81	free(zones);

82	86	{
83	87	if(!z)
84	88	return;
	89	lock_rw_destroy(&z->lock);
85	90	regional_destroy(z->region);
86	91	free(z->name);
87	92	free(z);

136	141	return 1;
137	142	}
138	143
139		/** enter a new zone with allocated dname */
	144	/** create a new localzone */
140	145	static struct local_zone*
141		lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len,
142		int labs, enum localzone_type t, uint16_t dclass)
	146	local_zone_create(uint8_t* nm, size_t len, int labs,
	147	enum localzone_type t, uint16_t dclass)
143	148	{
144	149	struct local_zone* z = (struct local_zone)calloc(1, sizeof(z));
145	150	if(!z) {
146		log_err("out of memory");
147	151	return NULL;
148	152	}
149	153	z->node.key = z;

152	156	z->name = nm;
153	157	z->namelen = len;
154	158	z->namelabs = labs;
	159	lock_rw_init(&z->lock);
155	160	z->region = regional_create();
156	161	if(!z->region) {
157		log_err("out of memory");
158	162	free(z);
159	163	return NULL;
160	164	}
161	165	rbtree_init(&z->data, &local_data_cmp);
	166	lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_t));
	167	/* also the zones->lock protects node, parent, name, class /
	168	return z;
	169	}
	170
	171	/** enter a new zone with allocated dname returns with WRlock */
	172	static struct local_zone*
	173	lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len,
	174	int labs, enum localzone_type t, uint16_t c)
	175	{
	176	struct local_zone* z = local_zone_create(nm, len, labs, t, c);
	177	if(!z) {
	178	log_err("out of memory");
	179	return NULL;
	180	}
	181
162	182	/* add to rbtree */
	183	lock_quick_lock(&zones->lock);
	184	lock_rw_wrlock(&z->lock);
163	185	if(!rbtree_insert(&zones->ztree, &z->node)) {
164	186	log_warn("duplicate local-zone");
	187	lock_rw_unlock(&z->lock);
165	188	local_zone_delete(z);
	189	lock_quick_unlock(&zones->lock);
166	190	return NULL;
167	191	}
	192	lock_quick_unlock(&zones->lock);
168	193	return z;
169	194	}
170	195

182	207	log_err("bad zone name %s %s", name, type);
183	208	return NULL;
184	209	}
185		if(strcmp(type, "deny") == 0)
186		t = local_zone_deny;
187		else if(strcmp(type, "refuse") == 0)
188		t = local_zone_refuse;
189		else if(strcmp(type, "static") == 0)
190		t = local_zone_static;
191		else if(strcmp(type, "transparent") == 0)
192		t = local_zone_transparent;
193		else if(strcmp(type, "redirect") == 0)
194		t = local_zone_redirect;
195		else {
	210	if(!local_zone_str2type(type, &t)) {
196	211	log_err("bad lz_enter_zone type %s %s", name, type);
197	212	free(nm);
198	213	return NULL;

372	387	return 1;
373	388	}
374	389
375		/** find a node, create it if not and all its empty nonterminal parents */
376		static int
377		lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen,
378		int nmlabs, struct local_data** res)
	390	/** find a data node by exact name */
	391	static struct local_data*
	392	lz_find_node(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs)
379	393	{
380	394	struct local_data key;
381		struct local_data* ld;
382	395	key.node.key = &key;
383	396	key.name = nm;
384	397	key.namelen = nmlen;
385	398	key.namelabs = nmlabs;
386		ld = (struct local_data*)rbtree_search(&z->data, &key.node);
	399	return (struct local_data*)rbtree_search(&z->data, &key.node);
	400	}
	401
	402	/** find a node, create it if not and all its empty nonterminal parents */
	403	static int
	404	lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen,
	405	int nmlabs, struct local_data** res)
	406	{
	407	struct local_data* ld = lz_find_node(z, nm, nmlen, nmlabs);
387	408	if(!ld) {
388	409	/* create a domain name to store rr. */
389	410	ld = (struct local_data*)regional_alloc_zero(z->region,

479	500	size_t len;
480	501	int labs;
481	502	struct local_zone* z;
	503	int r;
482	504	if(!get_rr_nameclass(rr, &rr_name, &rr_class)) {
483	505	log_err("bad rr %s", rr);
484	506	return 0;
485	507	}
486	508	labs = dname_count_size_labels(rr_name, &len);
	509	lock_quick_lock(&zones->lock);
487	510	z = local_zones_lookup(zones, rr_name, len, labs, rr_class);
488		if(!z)
	511	if(!z) {
	512	lock_quick_unlock(&zones->lock);
489	513	fatal_exit("internal error: no zone for rr %s", rr);
	514	}
	515	lock_rw_wrlock(&z->lock);
	516	lock_quick_unlock(&zones->lock);
490	517	free(rr_name);
491		return lz_enter_rr_into_zone(z, buf, rr);
	518	r = lz_enter_rr_into_zone(z, buf, rr);
	519	lock_rw_unlock(&z->lock);
	520	return r;
492	521	}
493	522
494	523	/** parse local-zone: statements */

496	525	lz_enter_zones(struct local_zones* zones, struct config_file* cfg)
497	526	{
498	527	struct config_str2list* p;
	528	struct local_zone* z;
499	529	for(p = cfg->local_zones; p; p = p->next) {
500		if(!lz_enter_zone(zones, p->str, p->str2, LDNS_RR_CLASS_IN))
	530	if(!(z=lz_enter_zone(zones, p->str, p->str2,
	531	LDNS_RR_CLASS_IN)))
501	532	return 0;
	533	lock_rw_unlock(&z->lock);
502	534	}
503	535	return 1;
504	536	}

514	546	log_err("bad name %s", name);
515	547	return 0;
516	548	}
	549	lock_quick_lock(&zones->lock);
517	550	if(rbtree_search(&zones->ztree, &z.node)) {
	551	lock_quick_unlock(&zones->lock);
518	552	free(z.name);
519	553	return 1;
520	554	}
	555	lock_quick_unlock(&zones->lock);
521	556	free(z.name);
522	557	return 0;
523	558	}

544	579	/** enter AS112 default zone */
545	580	static int
546	581	add_as112_default(struct local_zones* zones, struct config_file* cfg,
547		ldns_buffer* buf, char* name)
	582	ldns_buffer* buf, const char* name)
548	583	{
549	584	struct local_zone* z;
550	585	char str[1024]; /* known long enough */

554	589	return 0;
555	590	snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. "
556	591	"nobody.invalid. 1 3600 1200 604800 10800", name);
557		if(!lz_enter_rr_into_zone(z, buf, str))
558		return 0;
	592	if(!lz_enter_rr_into_zone(z, buf, str)) {
	593	lock_rw_unlock(&z->lock);
	594	return 0;
	595	}
559	596	snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name);
560		if(!lz_enter_rr_into_zone(z, buf, str))
561		return 0;
	597	if(!lz_enter_rr_into_zone(z, buf, str)) {
	598	lock_rw_unlock(&z->lock);
	599	return 0;
	600	}
	601	lock_rw_unlock(&z->lock);
562	602	return 1;
563	603	}
564	604

584	624	!lz_enter_rr_into_zone(z, buf,
585	625	"localhost. 10800 IN AAAA ::1")) {
586	626	log_err("out of memory adding default zone");
	627	if(z) { lock_rw_unlock(&z->lock); }
587	628	return 0;
588	629	}
	630	lock_rw_unlock(&z->lock);
589	631	}
590	632	/* reverse ip4 zone */
591	633	if(!lz_exists(zones, "127.in-addr.arpa.") &&

600	642	!lz_enter_rr_into_zone(z, buf,
601	643	"1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.")) {
602	644	log_err("out of memory adding default zone");
	645	if(z) { lock_rw_unlock(&z->lock); }
603	646	return 0;
604	647	}
	648	lock_rw_unlock(&z->lock);
605	649	}
606	650	/* reverse ip6 zone */
607	651	if(!lz_exists(zones, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") &&

616	660	!lz_enter_rr_into_zone(z, buf,
617	661	"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.")) {
618	662	log_err("out of memory adding default zone");
	663	if(z) { lock_rw_unlock(&z->lock); }
619	664	return 0;
620	665	}
	666	lock_rw_unlock(&z->lock);
621	667	}
622	668	if ( !add_as112_default(zones, cfg, buf, "10.in-addr.arpa.") \|\|
623	669	!add_as112_default(zones, cfg, buf, "16.172.in-addr.arpa.") \|\|

660	706	{
661	707	struct local_zone* node, prev = NULL, p;
662	708	int m;
	709	lock_quick_lock(&zones->lock);
663	710	RBTREE_FOR(node, struct local_zone*, &zones->ztree) {
	711	lock_rw_wrlock(&node->lock);
664	712	node->parent = NULL;
665	713	if(!prev \|\| prev->dclass != node->dclass) {
666	714	prev = node;
	715	lock_rw_unlock(&node->lock);
667	716	continue;
668	717	}
669	718	(void)dname_lab_cmp(prev->name, prev->namelabs, node->name,

680	729	break;
681	730	}
682	731	prev = node;
	732	lock_rw_unlock(&node->lock);
683	733	}
	734	lock_quick_unlock(&zones->lock);
684	735	}
685	736
686	737	/** enter implicit transparent zone for local-data: without local-zone: */

710	761	return 0;
711	762	}
712	763	labs = dname_count_size_labels(rr_name, &len);
	764	lock_quick_lock(&zones->lock);
713	765	if(!local_zones_lookup(zones, rr_name, len, labs, rr_class)) {
714	766	if(!have_name) {
715	767	dclass = rr_class;

724	776	/* process other classes later */
725	777	free(rr_name);
726	778	have_other_classes = 1;
	779	lock_quick_unlock(&zones->lock);
727	780	continue;
728	781	}
729	782	/* find smallest shared topdomain */

734	787	match = m;
735	788	}
736	789	} else free(rr_name);
	790	lock_quick_unlock(&zones->lock);
737	791	}
738	792	if(have_name) {
739	793	uint8_t* n2;
	794	struct local_zone* z;
740	795	/* allocate zone of smallest shared topdomain to contain em */
741	796	n2 = nm;
742	797	dname_remove_labels(&n2, &nmlen, nmlabs - match);

748	803	}
749	804	log_nametypeclass(VERB_ALGO, "implicit transparent local-zone",
750	805	n2, 0, dclass);
751		if(!lz_enter_zone_dname(zones, n2, nmlen, match,
752		local_zone_transparent, dclass)) {
	806	if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match,
	807	local_zone_transparent, dclass))) {
753	808	return 0;
754	809	}
	810	lock_rw_unlock(&z->lock);
755	811	}
756	812	if(have_other_classes) {
757	813	/* restart to setup other class */

853	909	}
854	910	}
855	911
	912	struct local_zone*
	913	local_zones_find(struct local_zones* zones,
	914	uint8_t* name, size_t len, int labs, uint16_t dclass)
	915	{
	916	struct local_zone key;
	917	key.node.key = &key;
	918	key.dclass = dclass;
	919	key.name = name;
	920	key.namelen = len;
	921	key.namelabs = labs;
	922	/* exact */
	923	return (struct local_zone*)rbtree_search(&zones->ztree, &key);
	924	}
	925
856	926	/** print all RRsets in local zone */
857	927	static void
858	928	local_zone_out(struct local_zone* z)

871	941	void local_zones_print(struct local_zones* zones)
872	942	{
873	943	struct local_zone* z;
	944	lock_quick_lock(&zones->lock);
874	945	log_info("number of auth zones %u", (unsigned)zones->ztree.count);
875	946	RBTREE_FOR(z, struct local_zone*, &zones->ztree) {
	947	lock_rw_rdlock(&z->lock);
876	948	switch(z->type) {
877	949	case local_zone_deny:
878	950	log_nametypeclass(0, "deny zone",

900	972	break;
901	973	}
902	974	local_zone_out(z);
903		}
	975	lock_rw_unlock(&z->lock);
	976	}
	977	lock_quick_unlock(&zones->lock);
904	978	}
905	979
906	980	/** encode answer consisting of 1 rrset */

1018	1092	return 1;
1019	1093	}
1020	1094	/* else z->type == local_zone_transparent */
	1095
	1096	/* if the zone is transparent and the name exists, but the type
	1097	* does not, then we should make this noerror/nodata */
	1098	if(ld && ld->rrsets) {
	1099	int rcode = LDNS_RCODE_NOERROR;
	1100	if(z->soa)
	1101	return local_encode(qinfo, edns, buf, temp,
	1102	z->soa, 0, rcode);
	1103	error_encode(buf, (rcode\|BIT_AA), qinfo,
	1104	(uint16_t)ldns_buffer_begin(buf),
	1105	ldns_buffer_read_u16_at(buf, 2), edns);
	1106	return 1;
	1107	}
	1108
1021	1109	/* stop here, and resolve further on */
1022	1110	return 0;
1023	1111	}

1031	1119	* - look at zone type for negative response. */
1032	1120	int labs = dname_count_labels(qinfo->qname);
1033	1121	struct local_data* ld;
1034		struct local_zone* z = local_zones_lookup(zones, qinfo->qname,
	1122	struct local_zone* z;
	1123	int r;
	1124	lock_quick_lock(&zones->lock);
	1125	z = local_zones_lookup(zones, qinfo->qname,
1035	1126	qinfo->qname_len, labs, qinfo->qclass);
1036		if(!z) return 0;
1037		if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld))
	1127	if(!z) {
	1128	lock_quick_unlock(&zones->lock);
	1129	return 0;
	1130	}
	1131	lock_rw_rdlock(&z->lock);
	1132	lock_quick_unlock(&zones->lock);
	1133
	1134	if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) {
	1135	lock_rw_unlock(&z->lock);
1038	1136	return 1;
1039		return lz_zone_answer(z, qinfo, edns, buf, temp, ld);
1040		}
	1137	}
	1138	r = lz_zone_answer(z, qinfo, edns, buf, temp, ld);
	1139	lock_rw_unlock(&z->lock);
	1140	return r;
	1141	}
	1142
	1143	int local_zone_str2type(const char* type, enum localzone_type* t)
	1144	{
	1145	if(strcmp(type, "deny") == 0)
	1146	*t = local_zone_deny;
	1147	else if(strcmp(type, "refuse") == 0)
	1148	*t = local_zone_refuse;
	1149	else if(strcmp(type, "static") == 0)
	1150	*t = local_zone_static;
	1151	else if(strcmp(type, "transparent") == 0)
	1152	*t = local_zone_transparent;
	1153	else if(strcmp(type, "redirect") == 0)
	1154	*t = local_zone_redirect;
	1155	else return 0;
	1156	return 1;
	1157	}
	1158
	1159	/** iterate over the kiddies of the given name and set their parent ptr */
	1160	static void
	1161	set_kiddo_parents(struct local_zone* z, struct local_zone* match,
	1162	struct local_zone* newp)
	1163	{
	1164	/* both zones and z are locked already */
	1165	/* in the sorted rbtree, the kiddies of z are located after z */
	1166	/* z must be present in the tree */
	1167	struct local_zone* p = z;
	1168	p = (struct local_zone*)rbtree_next(&p->node);
	1169	while(p!=(struct local_zone*)RBTREE_NULL &&
	1170	p->dclass == z->dclass && dname_strict_subdomain(p->name,
	1171	p->namelabs, z->name, z->namelabs)) {
	1172	/* update parent ptr */
	1173	/* only when matches with existing parent pointer, so that
	1174	* deeper child structures are not touched, i.e.
	1175	* update of x, and a.x, b.x, f.b.x, g.b.x, c.x, y
	1176	* gets to update a.x, b.x and c.x */
	1177	lock_rw_wrlock(&p->lock);
	1178	if(p->parent == match)
	1179	p->parent = newp;
	1180	lock_rw_unlock(&p->lock);
	1181	p = (struct local_zone*)rbtree_next(&p->node);
	1182	}
	1183	}
	1184
	1185	struct local_zone* local_zones_add_zone(struct local_zones* zones,
	1186	uint8_t* name, size_t len, int labs, uint16_t dclass,
	1187	enum localzone_type tp)
	1188	{
	1189	/* create */
	1190	struct local_zone* z = local_zone_create(name, len, labs, tp, dclass);
	1191	if(!z) return NULL;
	1192	lock_rw_wrlock(&z->lock);
	1193
	1194	/* find the closest parent */
	1195	z->parent = local_zones_find(zones, name, len, labs, dclass);
	1196
	1197	/* insert into the tree */
	1198	if(!rbtree_insert(&zones->ztree, &z->node)) {
	1199	/* duplicate entry! */
	1200	lock_rw_unlock(&z->lock);
	1201	local_zone_delete(z);
	1202	log_err("internal: duplicate entry in local_zones_add_zone");
	1203	return NULL;
	1204	}
	1205
	1206	/* set parent pointers right */
	1207	set_kiddo_parents(z, z->parent, z);
	1208
	1209	lock_rw_unlock(&z->lock);
	1210	return z;
	1211	}
	1212
	1213	void local_zones_del_zone(struct local_zones* zones, struct local_zone* z)
	1214	{
	1215	/* fix up parents in tree */
	1216	lock_rw_wrlock(&z->lock);
	1217	set_kiddo_parents(z, z, z->parent);
	1218
	1219	/* remove from tree */
	1220	(void)rbtree_delete(&zones->ztree, z);
	1221
	1222	/* delete the zone */
	1223	lock_rw_unlock(&z->lock);
	1224	local_zone_delete(z);
	1225	}
	1226
	1227	int
	1228	local_zones_add_RR(struct local_zones* zones, const char* rr, ldns_buffer* buf)
	1229	{
	1230	uint8_t* rr_name;
	1231	uint16_t rr_class;
	1232	size_t len;
	1233	int labs;
	1234	struct local_zone* z;
	1235	int r;
	1236	if(!get_rr_nameclass(rr, &rr_name, &rr_class)) {
	1237	return 0;
	1238	}
	1239	labs = dname_count_size_labels(rr_name, &len);
	1240	lock_quick_lock(&zones->lock);
	1241	z = local_zones_lookup(zones, rr_name, len, labs, rr_class);
	1242	if(!z) {
	1243	z = local_zones_add_zone(zones, rr_name, len, labs, rr_class,
	1244	local_zone_transparent);
	1245	if(!z) {
	1246	lock_quick_unlock(&zones->lock);
	1247	return 0;
	1248	}
	1249	} else {
	1250	free(rr_name);
	1251	}
	1252	lock_rw_wrlock(&z->lock);
	1253	lock_quick_unlock(&zones->lock);
	1254	r = lz_enter_rr_into_zone(z, buf, rr);
	1255	lock_rw_unlock(&z->lock);
	1256	return r;
	1257	}
	1258
	1259	/** returns true if the node is terminal so no deeper domain names exist */
	1260	static int
	1261	is_terminal(struct local_data* d)
	1262	{
	1263	/* for empty nonterminals, the deeper domain names are sorted
	1264	* right after them, so simply check the next name in the tree
	1265	*/
	1266	struct local_data* n = (struct local_data*)rbtree_next(&d->node);
	1267	if(n == (struct local_data*)RBTREE_NULL)
	1268	return 1; /* last in tree, no deeper node */
	1269	if(dname_strict_subdomain(n->name, n->namelabs, d->name, d->namelabs))
	1270	return 0; /* there is a deeper node */
	1271	return 1;
	1272	}
	1273
	1274	/** delete empty terminals from tree when final data is deleted */
	1275	static void
	1276	del_empty_term(struct local_zone* z, struct local_data* d,
	1277	uint8_t* name, size_t len, int labs)
	1278	{
	1279	while(d && d->rrsets == NULL && is_terminal(d)) {
	1280	/* is this empty nonterminal? delete */
	1281	/* note, no memory recycling in zone region */
	1282	(void)rbtree_delete(&z->data, d);
	1283
	1284	/* go up and to the next label */
	1285	if(dname_is_root(name))
	1286	return;
	1287	dname_remove_label(&name, &len);
	1288	labs--;
	1289	d = lz_find_node(z, name, len, labs);
	1290	}
	1291	}
	1292
	1293	void local_zones_del_data(struct local_zones* zones,
	1294	uint8_t* name, size_t len, int labs, uint16_t dclass)
	1295	{
	1296	/* find zone */
	1297	struct local_zone* z;
	1298	struct local_data* d;
	1299	lock_quick_lock(&zones->lock);
	1300	z = local_zones_lookup(zones, name, len, labs, dclass);
	1301	if(!z) {
	1302	/* no such zone, we're done */
	1303	lock_quick_unlock(&zones->lock);
	1304	return;
	1305	}
	1306	lock_rw_wrlock(&z->lock);
	1307	lock_quick_unlock(&zones->lock);
	1308
	1309	/* find the domain */
	1310	d = lz_find_node(z, name, len, labs);
	1311	/* no memory recycling for zone deletions ... */
	1312	d->rrsets = NULL;
	1313	/* did we delete the soa record ? */
	1314	if(query_dname_compare(d->name, z->name) == 0)
	1315	z->soa = NULL;
	1316
	1317	/* cleanup the empty nonterminals for this name */
	1318	del_empty_term(z, d, name, len, labs);
	1319
	1320	lock_rw_unlock(&z->lock);
	1321	}

+83

-1

services/localzone.h less more

41	41	#ifndef SERVICES_LOCALZONE_H
42	42	#define SERVICES_LOCALZONE_H
43	43	#include "util/rbtree.h"
	44	#include "util/locks.h"
44	45	struct ub_packed_rrset_key;
45	46	struct regional;
46	47	struct config_file;

70	71
71	72	/**
72	73	* Authoritative local zones storage, shared.
73		* This tree is fixed at startup, so, readonly, no locks or mutexes necessary.
74	74	*/
75	75	struct local_zones {
	76	/** lock on the localzone tree */
	77	lock_quick_t lock;
76	78	/** rbtree of struct local_zone */
77	79	rbtree_t ztree;
78	80	};

95	97	/** the class of this zone.
96	98	* uses 'dclass' to not conflict with c++ keyword class. */
97	99	uint16_t dclass;
	100
	101	/** lock on the data in the structure
	102	* For the node, parent, name, namelen, namelabs, dclass, you
	103	* need to also hold the zones_tree lock to change them (or to
	104	* delete this zone) */
	105	lock_rw_t lock;
98	106
99	107	/** how to process zone */
100	108	enum localzone_type type;

150	158
151	159	/**
152	160	* Apply config settings; setup the local authoritative data.
	161	* Takes care of locking.
153	162	* @param zones: is set up.
154	163	* @param cfg: config data.
155	164	* @return false on error.

181	190
182	191	/**
183	192	* Lookup zone that contains the given name, class.
	193	* User must lock the tree or result zone.
184	194	* @param zones: the zones tree
185	195	* @param name: dname to lookup
186	196	* @param len: length of name.

193	203
194	204	/**
195	205	* Debug helper. Print all zones
	206	* Takes care of locking.
196	207	* @param zones: the zones tree
197	208	*/
198	209	void local_zones_print(struct local_zones* zones);
199	210
200	211	/**
201	212	* Answer authoritatively for local zones.
	213	* Takes care of locking.
202	214	* @param zones: the stored zones (shared, read only).
203	215	* @param qinfo: query info (parsed).
204	216	* @param edns: edns info (parsed).

211	223	int local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
212	224	struct edns_data* edns, ldns_buffer* buf, struct regional* temp);
213	225
	226	/**
	227	* Parse the string into localzone type.
	228	*
	229	* @param str: string to parse
	230	* @param t: local zone type returned here.
	231	* @return 0 on parse error.
	232	*/
	233	int local_zone_str2type(const char* str, enum localzone_type* t);
	234
	235	/**
	236	* Find zone that with exactly given name, class.
	237	* User must lock the tree or result zone.
	238	* @param zones: the zones tree
	239	* @param name: dname to lookup
	240	* @param len: length of name.
	241	* @param labs: labelcount of name.
	242	* @param dclass: class to lookup.
	243	* @return the exact local_zone or NULL.
	244	*/
	245	struct local_zone* local_zones_find(struct local_zones* zones,
	246	uint8_t* name, size_t len, int labs, uint16_t dclass);
	247
	248	/**
	249	* Add a new zone. Caller must hold the zones lock.
	250	* Adjusts the other zones as well (parent pointers) after insertion.
	251	* The zone must NOT exist (returns NULL and logs error).
	252	* @param zones: the zones tree
	253	* @param name: dname to add
	254	* @param len: length of name.
	255	* @param labs: labelcount of name.
	256	* @param dclass: class to add.
	257	* @param tp: type.
	258	* @return local_zone or NULL on error, caller must printout memory error.
	259	*/
	260	struct local_zone* local_zones_add_zone(struct local_zones* zones,
	261	uint8_t* name, size_t len, int labs, uint16_t dclass,
	262	enum localzone_type tp);
	263
	264	/**
	265	* Delete a zone. Caller must hold the zones lock.
	266	* Adjusts the other zones as well (parent pointers) after insertion.
	267	* @param zones: the zones tree
	268	* @param zone: the zone to delete from tree. Also deletes zone from memory.
	269	*/
	270	void local_zones_del_zone(struct local_zones* zones, struct local_zone* zone);
	271
	272	/**
	273	* Add RR data into the localzone data.
	274	* Looks up the zone, if no covering zone, a transparent zone with the
	275	* name of the RR is created.
	276	* @param zones: the zones tree. Not locked by caller.
	277	* @param rr: string with on RR.
	278	* @param buf: buffer for scratch.
	279	* @return false on failure.
	280	*/
	281	int local_zones_add_RR(struct local_zones* zones, const char* rr,
	282	ldns_buffer* buf);
	283
	284	/**
	285	* Remove data from domain name in the tree.
	286	* All types are removed. No effect if zone or name does not exist.
	287	* @param zones: zones tree.
	288	* @param name: dname to remove
	289	* @param len: length of name.
	290	* @param labs: labelcount of name.
	291	* @param dclass: class to remove.
	292	*/
	293	void local_zones_del_data(struct local_zones* zones,
	294	uint8_t* name, size_t len, int labs, uint16_t dclass);
	295
214	296	#endif /* SERVICES_LOCALZONE_H */

+207

-53

services/mesh.c less more

53	53	#include "util/timehist.h"
54	54	#include "util/fptr_wlist.h"
55	55	#include "util/alloc.h"
	56	#include "util/config_file.h"
	57
	58	/** subtract timers and the values do not overflow or become negative */
	59	static void
	60	timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start)
	61	{
	62	#ifndef S_SPLINT_S
	63	time_t end_usec = end->tv_usec;;
	64	d->tv_sec = end->tv_sec - start->tv_sec;
	65	while(end_usec < start->tv_usec) {
	66	end_usec += 1000000;
	67	d->tv_sec--;
	68	}
	69	d->tv_usec = end_usec - start->tv_usec;
	70	#endif
	71	}
	72
	73	/** add timers and the values do not overflow or become negative */
	74	static void
	75	timeval_add(struct timeval* d, const struct timeval* add)
	76	{
	77	#ifndef S_SPLINT_S
	78	d->tv_sec += add->tv_sec;
	79	d->tv_usec += add->tv_usec;
	80	while(d->tv_usec > 1000000 ) {
	81	d->tv_usec -= 1000000;
	82	d->tv_sec++;
	83	}
	84	#endif
	85	}
	86
	87	/** divide sum of timers to get average */
	88	static void
	89	timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
	90	{
	91	#ifndef S_SPLINT_S
	92	size_t leftover;
	93	if(d == 0) {
	94	avg->tv_sec = 0;
	95	avg->tv_usec = 0;
	96	return;
	97	}
	98	avg->tv_sec = sum->tv_sec / d;
	99	avg->tv_usec = sum->tv_usec / d;
	100	/* handle fraction from seconds divide */
	101	leftover = sum->tv_sec - avg->tv_sec*d;
	102	avg->tv_usec += (leftover*1000000)/d;
	103	#endif
	104	}
	105
	106	/** histogram compare of time values */
	107	static int
	108	timeval_smaller(const struct timeval* x, const struct timeval* y)
	109	{
	110	#ifndef S_SPLINT_S
	111	if(x->tv_sec < y->tv_sec)
	112	return 1;
	113	else if(x->tv_sec == y->tv_sec) {
	114	if(x->tv_usec <= y->tv_usec)
	115	return 1;
	116	else return 0;
	117	}
	118	else return 0;
	119	#endif
	120	}
56	121
57	122	int
58	123	mesh_state_compare(const void* ap, const void* bp)

107	172	mesh->num_reply_addrs = 0;
108	173	mesh->num_reply_states = 0;
109	174	mesh->num_detached_states = 0;
	175	mesh->num_forever_states = 0;
	176	mesh->stats_jostled = 0;
	177	mesh->stats_dropped = 0;
	178	mesh->max_reply_states = env->cfg->num_queries_per_thread;
	179	mesh->max_forever_states = (mesh->max_reply_states+1)/2;
	180	#ifndef S_SPLINT_S
	181	mesh->jostle_max.tv_sec = (time_t)(env->cfg->jostle_time / 1000);
	182	mesh->jostle_max.tv_usec = (time_t)((env->cfg->jostle_time % 1000)
	183	*1000);
	184	#endif
110	185	return mesh;
111	186	}
112	187

129	204	free(mesh);
130	205	}
131	206
	207	int mesh_make_new_space(struct mesh_area* mesh)
	208	{
	209	struct mesh_state* m = mesh->jostle_last;
	210	/* free space is available */
	211	if(mesh->num_reply_states < mesh->max_reply_states)
	212	return 1;
	213	/* try to kick out a jostle-list item */
	214	if(m && m->reply_list && m->list_select == mesh_jostle_list) {
	215	/* how old is it? */
	216	struct timeval age;
	217	timeval_subtract(&age, mesh->env->now_tv,
	218	&m->reply_list->start_time);
	219	if(timeval_smaller(&mesh->jostle_max, &age)) {
	220	/* its a goner */
	221	log_nametypeclass(VERB_ALGO, "query jostled out to "
	222	"make space for a new one",
	223	m->s.qinfo.qname, m->s.qinfo.qtype,
	224	m->s.qinfo.qclass);
	225	/* notify supers */
	226	if(m->super_set.count > 0) {
	227	verbose(VERB_ALGO, "notify supers of failure");
	228	m->s.return_msg = NULL;
	229	m->s.return_rcode = LDNS_RCODE_SERVFAIL;
	230	mesh_walk_supers(mesh, m);
	231	}
	232	mesh->stats_jostled ++;
	233	mesh_state_delete(&m->s);
	234	return 1;
	235	}
	236	}
	237	/* no space for new item */
	238	return 0;
	239	}
	240
132	241	void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
133	242	uint16_t qflags, struct edns_data* edns, struct comm_reply* rep,
134	243	uint16_t qid)

137	246	int was_detached = 0;
138	247	int was_noreply = 0;
139	248	int added = 0;
	249	/* does this create a new reply state? */
	250	if(!s \|\| s->list_select == mesh_no_list) {
	251	if(!mesh_make_new_space(mesh)) {
	252	verbose(VERB_ALGO, "Too many queries. dropping "
	253	"incoming query.");
	254	comm_point_drop_reply(rep);
	255	mesh->stats_dropped ++;
	256	return;
	257	}
	258	}
140	259	/* see if it already exists, if not, create one */
141	260	if(!s) {
142	261	struct rbnode_t* n;

177	296	mesh->num_reply_states ++;
178	297	}
179	298	mesh->num_reply_addrs++;
	299	if(s->list_select == mesh_no_list) {
	300	/* move to either the forever or the jostle_list */
	301	if(mesh->num_forever_states < mesh->max_forever_states) {
	302	mesh->num_forever_states ++;
	303	mesh_list_insert(s, &mesh->forever_first,
	304	&mesh->forever_last);
	305	s->list_select = mesh_forever_list;
	306	} else {
	307	mesh_list_insert(s, &mesh->jostle_first,
	308	&mesh->jostle_last);
	309	s->list_select = mesh_jostle_list;
	310	}
	311	}
180	312	if(added)
181	313	mesh_run(mesh, s, module_event_new, NULL);
182	314	}

190	322	int was_detached = 0;
191	323	int was_noreply = 0;
192	324	int added = 0;
	325	/* there are no limits on the number of callbacks */
	326
193	327	/* see if it already exists, if not, create one */
194	328	if(!s) {
195	329	struct rbnode_t* n;

228	362	}
229	363
230	364	void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e,
231		int is_ok, struct comm_reply* reply)
232		{
	365	struct comm_reply* reply, int what)
	366	{
	367	enum module_ev event = module_event_reply;
233	368	e->qstate->reply = reply;
234		mesh_run(mesh, e->qstate->mesh_info,
235		is_ok?module_event_reply:module_event_noreply, e);
	369	if(what != NETEVENT_NOERROR) {
	370	event = module_event_noreply;
	371	if(what == NETEVENT_CAPSFAIL)
	372	event = module_event_capsfail;
	373	}
	374	mesh_run(mesh, e->qstate->mesh_info, event, e);
236	375	}
237	376
238	377	struct mesh_state*

256	395	mstate->node.key = mstate;
257	396	mstate->run_node.key = mstate;
258	397	mstate->reply_list = NULL;
	398	mstate->list_select = mesh_no_list;
	399	mstate->replies_sent = 0;
259	400	rbtree_init(&mstate->super_set, &mesh_state_ref_compare);
260	401	rbtree_init(&mstate->sub_set, &mesh_state_ref_compare);
261	402	mstate->num_activated = 0;

294	435	int i;
295	436	if(!mstate)
296	437	return;
	438	/* drop unsent replies */
	439	if(!mstate->replies_sent) {
	440	struct mesh_reply* rep;
	441	for(rep=mstate->reply_list; rep; rep=rep->next) {
	442	comm_point_drop_reply(&rep->query_reply);
	443	}
	444	}
	445
297	446	/* de-init modules */
298	447	mesh = mstate->s.env->mesh;
299	448	for(i=0; i<mesh->mods.num; i++) {

316	465	mstate = qstate->mesh_info;
317	466	mesh = mstate->s.env->mesh;
318	467	mesh_detach_subs(&mstate->s);
	468	if(mstate->list_select == mesh_forever_list) {
	469	mesh->num_forever_states --;
	470	mesh_list_remove(mstate, &mesh->forever_first,
	471	&mesh->forever_last);
	472	} else if(mstate->list_select == mesh_jostle_list) {
	473	mesh_list_remove(mstate, &mesh->jostle_first,
	474	&mesh->jostle_last);
	475	}
319	476	if(!mstate->reply_list && !mstate->cb_list
320	477	&& mstate->super_set.count == 0) {
321	478	log_assert(mesh->num_detached_states > 0);

411	568	n = rbtree_insert(&super->sub_set, &subref->node);
412	569	log_assert(n != NULL);
413	570	return 1;
414		}
415
416		/** subtract timers and the values do not overflow or become negative */
417		static void
418		timeval_subtract(struct timeval* d, struct timeval* end, struct timeval* start)
419		{
420		#ifndef S_SPLINT_S
421		d->tv_sec = end->tv_sec - start->tv_sec;
422		while(end->tv_usec < start->tv_usec) {
423		end->tv_usec += 1000000;
424		d->tv_sec--;
425		}
426		d->tv_usec = end->tv_usec - start->tv_usec;
427		#endif
428		}
429
430		/** add timers and the values do not overflow or become negative */
431		static void
432		timeval_add(struct timeval* d, struct timeval* add)
433		{
434		#ifndef S_SPLINT_S
435		d->tv_sec += add->tv_sec;
436		d->tv_usec += add->tv_usec;
437		while(d->tv_usec > 1000000 ) {
438		d->tv_usec -= 1000000;
439		d->tv_sec++;
440		}
441		#endif
442		}
443
444		/** divide sum of timers to get average */
445		static void
446		timeval_divide(struct timeval* avg, struct timeval* sum, size_t d)
447		{
448		#ifndef S_SPLINT_S
449		size_t leftover;
450		if(d == 0) {
451		avg->tv_sec = 0;
452		avg->tv_usec = 0;
453		return;
454		}
455		avg->tv_sec = sum->tv_sec / d;
456		avg->tv_usec = sum->tv_usec / d;
457		/* handle fraction from seconds divide */
458		leftover = sum->tv_sec - avg->tv_sec*d;
459		avg->tv_usec += (leftover*1000000)/d;
460		#endif
461	571	}
462	572
463	573	/**

522	632	if(m->s.env->need_to_validate && !(r->qflags&BIT_CD) && rep &&
523	633	rep->security <= sec_status_bogus) {
524	634	rcode = LDNS_RCODE_SERVFAIL;
	635	if(m->s.env->cfg->stat_extended)
	636	m->s.env->mesh->ans_bogus++;
525	637	}
526	638	if(rep && rep->security == sec_status_secure)
527	639	secure = 1;

574	686	m->s.env->mesh->replies_sent++;
575	687	timeval_add(&m->s.env->mesh->replies_sum_wait, &duration);
576	688	timehist_insert(m->s.env->mesh->histogram, &duration);
	689	if(m->s.env->cfg->stat_extended) {
	690	uint16_t rc = FLAGS_GET_RCODE(ldns_buffer_read_u16_at(r->
	691	query_reply.c->buffer, 2));
	692	if(secure) m->s.env->mesh->ans_secure++;
	693	m->s.env->mesh->ans_rcode[ rc ] ++;
	694	if(rc == 0 && LDNS_ANCOUNT(ldns_buffer_begin(r->
	695	query_reply.c->buffer)) == 0)
	696	m->s.env->mesh->ans_nodata++;
	697	}
577	698	}
578	699
579	700	void mesh_query_done(struct mesh_state* mstate)

587	708	mesh_send_reply(mstate, mstate->s.return_rcode, rep, r, prev);
588	709	prev = r;
589	710	}
	711	mstate->replies_sent = 1;
590	712	for(c = mstate->cb_list; c; c = c->next) {
591	713	mesh_do_callback(mstate, mstate->s.return_rcode, rep, c);
592	714	}

784	906	{
785	907	verbose(VERB_DETAIL, "%s %u recursion states (%u with reply, "
786	908	"%u detached), %u waiting replies, %u recursion replies "
787		"sent", str, (unsigned)mesh->all.count,
	909	"sent, %d replies dropped, %d states jostled out",
	910	str, (unsigned)mesh->all.count,
788	911	(unsigned)mesh->num_reply_states,
789	912	(unsigned)mesh->num_detached_states,
790	913	(unsigned)mesh->num_reply_addrs,
791		(unsigned)mesh->replies_sent);
	914	(unsigned)mesh->replies_sent,
	915	(unsigned)mesh->stats_dropped,
	916	(unsigned)mesh->stats_jostled);
792	917	if(mesh->replies_sent > 0) {
793	918	struct timeval avg;
794	919	timeval_divide(&avg, &mesh->replies_sum_wait,

808	933	mesh->replies_sent = 0;
809	934	mesh->replies_sum_wait.tv_sec = 0;
810	935	mesh->replies_sum_wait.tv_usec = 0;
	936	mesh->stats_jostled = 0;
	937	mesh->stats_dropped = 0;
811	938	timehist_clear(mesh->histogram);
	939	mesh->ans_secure = 0;
	940	mesh->ans_bogus = 0;
	941	memset(&mesh->ans_rcode[0], 0, sizeof(size_t)*16);
	942	mesh->ans_nodata = 0;
812	943	}
813	944
814	945	size_t

849	980	return 1;
850	981	return 0;
851	982	}
	983
	984	void mesh_list_insert(struct mesh_state* m, struct mesh_state** fp,
	985	struct mesh_state** lp)
	986	{
	987	/* insert as last element */
	988	m->prev = *lp;
	989	m->next = NULL;
	990	if(*lp)
	991	(*lp)->next = m;
	992	else *fp = m;
	993	*lp = m;
	994	}
	995
	996	void mesh_list_remove(struct mesh_state* m, struct mesh_state** fp,
	997	struct mesh_state** lp)
	998	{
	999	if(m->next)
	1000	m->next->prev = m->prev;
	1001	else *lp = m->prev;
	1002	if(m->prev)
	1003	m->prev->next = m->next;
	1004	else *fp = m->next;
	1005	}

+72

-3

services/mesh.h less more

88	88	* an empty set of super-states, thus are 'toplevel' or detached
89	89	* internal opportunistic queries */
90	90	size_t num_detached_states;
91
	91	/** number of reply states in the forever list */
	92	size_t num_forever_states;
	93
	94	/** max total number of reply states to have */
	95	size_t max_reply_states;
	96	/** max forever number of reply states to have */
	97	size_t max_forever_states;
	98
	99	/** stats, cumulative number of reply states jostled out */
	100	size_t stats_jostled;
	101	/** stats, cumulative number of incoming client msgs dropped */
	102	size_t stats_dropped;
92	103	/** number of replies sent */
93	104	size_t replies_sent;
94	105	/** sum of waiting times for the replies */
95	106	struct timeval replies_sum_wait;
96	107	/** histogram of time values */
97	108	struct timehist* histogram;
	109	/** (extended stats) secure replies */
	110	size_t ans_secure;
	111	/** (extended stats) bogus replies */
	112	size_t ans_bogus;
	113	/** (extended stats) rcodes in replies */
	114	size_t ans_rcode[16];
	115	/** (extended stats) rcode nodata in replies */
	116	size_t ans_nodata;
	117
	118	/** double linked list of the run-to-completion query states.
	119	* These are query states with a reply */
	120	struct mesh_state* forever_first;
	121	/** last entry in run forever list */
	122	struct mesh_state* forever_last;
	123
	124	/** double linked list of the query states that can be jostled out
	125	* by new queries if too old. These are query states with a reply */
	126	struct mesh_state* jostle_first;
	127	/** last entry in jostle list - this is the entry that is newest */
	128	struct mesh_state* jostle_last;
	129	/** timeout for jostling. if age is lower, it does not get jostled. */
	130	struct timeval jostle_max;
98	131	};
99	132
100	133	/**

126	159	rbtree_t sub_set;
127	160	/** number of activations for the mesh state */
128	161	size_t num_activated;
	162
	163	/** previous in linked list for reply states */
	164	struct mesh_state* prev;
	165	/** next in linked list for reply states */
	166	struct mesh_state* next;
	167	/** if this state is in the forever list, jostle list, or neither */
	168	enum mesh_list_select { mesh_no_list, mesh_forever_list,
	169	mesh_jostle_list } list_select;
	170
	171	/** true if replies have been sent out (at end for alignment) */
	172	uint8_t replies_sent;
129	173	};
130	174
131	175	/**

247	291	*
248	292	* @param mesh: the query mesh.
249	293	* @param e: outbound entry, with query state to run and reply pointer.
250		* @param is_ok: if true, reply is OK, otherwise a timeout happened.
251	294	* @param reply: the comm point reply info.
	295	* @param what: NETEVENT_* error code (if not 0, what is wrong, TIMEOUT).
252	296	*/
253	297	void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e,
254		int is_ok, struct comm_reply* reply);
	298	struct comm_reply* reply, int what);
255	299
256	300	/* ------------------- Functions for module environment --------------- */
257	301

456	500	/** compare two mesh references */
457	501	int mesh_state_ref_compare(const void* ap, const void* bp);
458	502
	503	/**
	504	* Make space for another recursion state for a reply in the mesh
	505	* @param mesh: mesh area
	506	* @return false if no space is available.
	507	*/
	508	int mesh_make_new_space(struct mesh_area* mesh);
	509
	510	/**
	511	* Insert mesh state into a double linked list. Inserted at end.
	512	* @param m: mesh state.
	513	* @param fp: pointer to the first-elem-pointer of the list.
	514	* @param lp: pointer to the last-elem-pointer of the list.
	515	*/
	516	void mesh_list_insert(struct mesh_state* m, struct mesh_state** fp,
	517	struct mesh_state** lp);
	518
	519	/**
	520	* Remove mesh state from a double linked list. Remove from any position.
	521	* @param m: mesh state.
	522	* @param fp: pointer to the first-elem-pointer of the list.
	523	* @param lp: pointer to the last-elem-pointer of the list.
	524	*/
	525	void mesh_list_remove(struct mesh_state* m, struct mesh_state** fp,
	526	struct mesh_state** lp);
	527
459	528	#endif /* SERVICES_MESH_H */

+11

-0

services/modstack.c less more

164	164	free(stack->mod);
165	165	stack->mod = NULL;
166	166	}
	167
	168	int
	169	modstack_find(struct module_stack* stack, const char* name)
	170	{
	171	int i;
	172	for(i=0; i<stack->num; i++) {
	173	if(strcmp(stack->mod[i]->name, name) == 0)
	174	return i;
	175	}
	176	return -1;
	177	}

+8

-0

services/modstack.h less more

95	95	*/
96	96	void modstack_desetup(struct module_stack* stack, struct module_env* env);
97	97
	98	/**
	99	* Find index of module by name.
	100	* @param stack: to look in
	101	* @param name: the name to look for
	102	* @return -1 on failure, otherwise index number.
	103	*/
	104	int modstack_find(struct module_stack* stack, const char* name);
	105
98	106	#endif /* SERVICES_MODSTACK_H */

+104

-33

services/outside_network.c less more

328	328	if(!p) {
329	329	verbose(VERB_QUERY, "received unwanted or unsolicited udp reply dropped.");
330	330	log_buf(VERB_ALGO, "dropped message", c->buffer);
	331	outnet->unwanted_replies++;
	332	if(outnet->unwanted_threshold && ++outnet->unwanted_total
	333	>= outnet->unwanted_threshold) {
	334	log_warn("unwanted reply total reached threshold (%u)"
	335	" you may be under attack."
	336	" defensive action: clearing the cache",
	337	(unsigned)outnet->unwanted_threshold);
	338	fptr_ok(fptr_whitelist_alloc_cleanup(
	339	outnet->unwanted_action));
	340	(*outnet->unwanted_action)(outnet->unwanted_param);
	341	outnet->unwanted_total = 0;
	342	}
331	343	return 0;
332	344	}
333	345

336	348	if(p->pc->cp != c) {
337	349	verbose(VERB_QUERY, "received reply id,addr on wrong port. "
338	350	"dropped.");
	351	outnet->unwanted_replies++;
	352	if(outnet->unwanted_threshold && ++outnet->unwanted_total
	353	>= outnet->unwanted_threshold) {
	354	log_warn("unwanted reply total reached threshold (%u)"
	355	" you may be under attack."
	356	" defensive action: clearing the cache",
	357	(unsigned)outnet->unwanted_threshold);
	358	fptr_ok(fptr_whitelist_alloc_cleanup(
	359	outnet->unwanted_action));
	360	(*outnet->unwanted_action)(outnet->unwanted_param);
	361	outnet->unwanted_total = 0;
	362	}
339	363	return 0;
340	364	}
341	365	comm_timer_disable(p->timer);

441	465	size_t num_ports, char** ifs, int num_ifs, int do_ip4,
442	466	int do_ip6, size_t num_tcp, struct infra_cache* infra,
443	467	struct ub_randstate* rnd, int use_caps_for_id, int* availports,
444		int numavailports)
	468	int numavailports, size_t unwanted_threshold,
	469	void (unwanted_action)(void), void* unwanted_param)
445	470	{
446	471	struct outside_network* outnet = (struct outside_network*)
447	472	calloc(1, sizeof(struct outside_network));

456	481	outnet->infra = infra;
457	482	outnet->rnd = rnd;
458	483	outnet->svcd_overhead = 0;
	484	outnet->unwanted_threshold = unwanted_threshold;
	485	outnet->unwanted_action = unwanted_action;
	486	outnet->unwanted_param = unwanted_param;
459	487	outnet->use_caps_for_id = use_caps_for_id;
460	488	if(numavailports == 0) {
461	489	log_err("no outgoing ports available");

668	696	if(!p)
669	697	return;
670	698	if(outnet && outnet->udp_wait_first &&
671		(p->next_waiting \|\| p == outnet->udp_wait_last) ) {
672		/* delete from waiting list, if it is in the waiting list */
673		struct pending* prev = NULL, *x = outnet->udp_wait_first;
674		while(x && x != p) {
675		prev = x;
676		x = x->next_waiting;
677		}
678		if(x) {
679		log_assert(x == p);
680		if(prev)
681		prev->next_waiting = p->next_waiting;
682		else outnet->udp_wait_first = p->next_waiting;
683		if(outnet->udp_wait_last == p)
684		outnet->udp_wait_last = prev;
685		}
686		}
	699	(p->next_waiting \|\| p == outnet->udp_wait_last) ) {
	700	/* delete from waiting list, if it is in the waiting list */
	701	struct pending* prev = NULL, *x = outnet->udp_wait_first;
	702	while(x && x != p) {
	703	prev = x;
	704	x = x->next_waiting;
	705	}
	706	if(x) {
	707	log_assert(x == p);
	708	if(prev)
	709	prev->next_waiting = p->next_waiting;
	710	else outnet->udp_wait_first = p->next_waiting;
	711	if(outnet->udp_wait_last == p)
	712	outnet->udp_wait_last = prev;
	713	}
	714	}
687	715	if(outnet) {
688	716	(void)rbtree_delete(outnet->pending, p->node.key);
689	717	}

1081	1109	if(sq->pending) {
1082	1110	/* clear up the pending query */
1083	1111	if(sq->status == serviced_query_UDP_EDNS \|\|
1084		sq->status == serviced_query_UDP) {
	1112	sq->status == serviced_query_UDP \|\|
	1113	sq->status == serviced_query_PROBE_EDNS) {
1085	1114	struct pending* p = (struct pending*)sq->pending;
1086	1115	if(p->pc)
1087	1116	portcomm_loweruse(sq->outnet, p->pc);

1181	1210	serviced_udp_send(struct serviced_query* sq, ldns_buffer* buff)
1182	1211	{
1183	1212	int rtt, vs;
	1213	uint8_t edns_lame_known;
1184	1214	uint32_t now = *sq->outnet->now_secs;
1185	1215
1186	1216	if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, now, &vs,
1187		&rtt))
	1217	&edns_lame_known, &rtt))
1188	1218	return 0;
1189	1219	if(sq->status == serviced_initial) {
1190		if(vs != -1)
	1220	if(edns_lame_known == 0 && rtt > 5000) {
	1221	/* perform EDNS lame probe - check if server is
	1222	* EDNS lame (EDNS queries to it are dropped) */
	1223	verbose(VERB_ALGO, "serviced query: send probe to see "
	1224	" if use of EDNS causes timeouts");
	1225	rtt /= 10;
	1226	sq->status = serviced_query_PROBE_EDNS;
	1227	} else if(vs != -1) {
1191	1228	sq->status = serviced_query_UDP_EDNS;
1192		else sq->status = serviced_query_UDP;
	1229	} else {
	1230	sq->status = serviced_query_UDP;
	1231	}
1193	1232	}
1194	1233	serviced_encode(sq, buff, sq->status == serviced_query_UDP_EDNS);
1195	1234	sq->last_sent_time = *sq->outnet->now_tv;
	1235	sq->last_rtt = rtt;
	1236	sq->edns_lame_known = (int)edns_lame_known;
1196	1237	verbose(VERB_ALGO, "serviced query UDP timeout=%d msec", rtt);
1197	1238	sq->pending = pending_udp_query(sq->outnet, buff, &sq->addr,
1198	1239	sq->addrlen, rtt, serviced_udp_callback, sq);

1268	1309	== LDNS_RCODE_NOERROR \|\|
1269	1310	LDNS_RCODE_WIRE(ldns_buffer_begin(c->buffer))
1270	1311	== LDNS_RCODE_NXDOMAIN)) {
1271		verbose(VERB_OPS, "no qname in reply to check 0x20ID");
1272		log_addr(VERB_OPS, "from server",
	1312	verbose(VERB_DETAIL, "no qname in reply to check 0x20ID");
	1313	log_addr(VERB_DETAIL, "from server",
1273	1314	&sq->addr, sq->addrlen);
1274		log_buf(VERB_OPS, "for packet", c->buffer);
	1315	log_buf(VERB_DETAIL, "for packet", c->buffer);
1275	1316	error = NETEVENT_CLOSED;
1276	1317	c = NULL;
1277	1318	} else if(ldns_buffer_read_u16_at(c->buffer, 4) > 0 &&
1278	1319	!serviced_check_qname(c->buffer, sq->qbuf,
1279	1320	sq->qbuflen)) {
1280		verbose(VERB_OPS, "wrong 0x20-ID in reply qname, "
1281		"answer dropped");
1282		log_addr(VERB_OPS, "from server",
	1321	verbose(VERB_DETAIL, "wrong 0x20-ID in reply qname");
	1322	log_addr(VERB_DETAIL, "from server",
1283	1323	&sq->addr, sq->addrlen);
1284		log_buf(VERB_OPS, "for packet", c->buffer);
1285		error = NETEVENT_CLOSED;
1286		c = NULL;
	1324	log_buf(VERB_DETAIL, "for packet", c->buffer);
	1325	error = NETEVENT_CAPSFAIL;
	1326	/* and cleanup too */
	1327	pkt_dname_tolower(c->buffer,
	1328	ldns_buffer_at(c->buffer, 12));
1287	1329	} else {
1288	1330	verbose(VERB_ALGO, "good 0x20-ID in reply qname");
1289	1331	/* cleanup caps, prettier cache contents. */

1389	1431	sq->pending = NULL; /* removed after callback */
1390	1432	if(error == NETEVENT_TIMEOUT) {
1391	1433	int rto = 0;
	1434	if(sq->status == serviced_query_PROBE_EDNS) {
	1435	/* non-EDNS probe failed; not an EDNS lame server */
	1436	if(!infra_edns_update(outnet->infra, &sq->addr,
	1437	sq->addrlen, 0, (uint32_t)now.tv_sec)) {
	1438	log_err("Out of memory caching edns works");
	1439	}
	1440	sq->status = serviced_query_UDP_EDNS;
	1441	}
1392	1442	sq->retry++;
1393	1443	if(!(rto=infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen,
1394		-1, (uint32_t)now.tv_sec)))
	1444	-1, sq->last_rtt, (uint32_t)now.tv_sec)))
1395	1445	log_err("out of memory in UDP exponential backoff");
1396	1446	if(sq->retry < OUTBOUND_UDP_RETRY) {
1397	1447	log_name_addr(VERB_ALGO, "retry query", sq->qbuf+10,

1436	1486	return 0;
1437	1487	}
1438	1488	/* yay! an answer */
	1489	if(sq->status == serviced_query_PROBE_EDNS) {
	1490	/* probe without EDNS succeeds, so we conclude that this
	1491	* host likely has EDNS packets dropped */
	1492	log_addr(VERB_DETAIL, "timeouts, concluded that connection to "
	1493	"host drops EDNS packets", &sq->addr, sq->addrlen);
	1494	if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
	1495	-1, (uint32_t)now.tv_sec)) {
	1496	log_err("Out of memory caching no edns for host");
	1497	}
	1498	sq->status = serviced_query_UDP;
	1499	} else if(sq->status == serviced_query_UDP_EDNS &&
	1500	!sq->edns_lame_known) {
	1501	/* now we know that edns queries received answers store that */
	1502	if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
	1503	0, (uint32_t)now.tv_sec)) {
	1504	log_err("Out of memory caching edns works");
	1505	}
	1506	sq->edns_lame_known = 1;
	1507	}
1439	1508	if(now.tv_sec > sq->last_sent_time.tv_sec \|\|
1440	1509	(now.tv_sec == sq->last_sent_time.tv_sec &&
1441	1510	now.tv_usec > sq->last_sent_time.tv_usec)) {

1445	1514	verbose(VERB_ALGO, "measured roundtrip at %d msec", roundtime);
1446	1515	log_assert(roundtime >= 0);
1447	1516	if(!infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen,
1448		roundtime, (uint32_t)now.tv_sec))
	1517	roundtime, sq->last_rtt, (uint32_t)now.tv_sec))
1449	1518	log_err("out of memory noting rtt.");
1450	1519	}
1451	1520	serviced_callbacks(sq, error, c, rep);

1628	1697	for(sb = sq->cblist; sb; sb = sb->next)
1629	1698	s += sizeof(*sb);
1630	1699	if(sq->status == serviced_query_UDP_EDNS \|\|
1631		sq->status == serviced_query_UDP) {
	1700	sq->status == serviced_query_UDP \|\|
	1701	sq->status == serviced_query_PROBE_EDNS) {
1632	1702	s += sizeof(struct pending);
1633	1703	s += comm_timer_get_mem(NULL);
1634	1704	} else {

1643	1713	}
1644	1714	return s;
1645	1715	}
	1716

+23

-2

services/outside_network.h less more

76	76	/** use x20 bits to encode additional ID random bits */
77	77	int use_caps_for_id;
78	78
	79	/** number of unwanted replies received (for statistics) */
	80	size_t unwanted_replies;
	81	/** cumulative total of unwanted replies (for defense) */
	82	size_t unwanted_total;
	83	/** threshold when to take defensive action. If 0 then never. */
	84	size_t unwanted_threshold;
	85	/** what action to take, called when defensive action is needed */
	86	void (unwanted_action)(void);
	87	/** user param for action */
	88	void* unwanted_param;
	89
79	90	/** linked list of available commpoints, unused file descriptors,
80	91	* for use as outgoing UDP ports. cp.fd=-1 in them. */
81	92	struct port_comm* unused_fds;

291	302	/** TCP with EDNS sent */
292	303	serviced_query_TCP_EDNS,
293	304	/** TCP without EDNS sent */
294		serviced_query_TCP
	305	serviced_query_TCP,
	306	/** probe to test EDNS lameness (EDNS is dropped) */
	307	serviced_query_PROBE_EDNS
295	308	}
296	309	/** variable with current status */
297	310	status;

301	314	int retry;
302	315	/** time last UDP was sent */
303	316	struct timeval last_sent_time;
	317	/** rtt of last (UDP) message */
	318	int last_rtt;
	319	/** do we know edns probe status already, for UDP_EDNS queries */
	320	int edns_lame_known;
304	321	/** outside network this is part of */
305	322	struct outside_network* outnet;
306	323	/** list of interested parties that need callback on results. */

325	342	* @param use_caps_for_id: enable to use 0x20 bits to encode id randomness.
326	343	* @param availports: array of available ports.
327	344	* @param numavailports: number of available ports in array.
	345	* @param unwanted_threshold: when to take defensive action.
	346	* @param unwanted_action: the action to take.
	347	* @param unwanted_param: user parameter to action.
328	348	* @return: the new structure (with no pending answers) or NULL on error.
329	349	*/
330	350	struct outside_network* outside_network_create(struct comm_base* base,
331	351	size_t bufsize, size_t num_ports, char** ifs, int num_ifs,
332	352	int do_ip4, int do_ip6, size_t num_tcp, struct infra_cache* infra,
333	353	struct ub_randstate* rnd, int use_caps_for_id, int* availports,
334		int numavailports);
	354	int numavailports, size_t unwanted_threshold,
	355	void (unwanted_action)(void), void* unwanted_param);
335	356
336	357	/**
337	358	* Delete outside_network structure.

+92

-82

smallapp/unbound-checkconf.c less more

56	56	#ifdef HAVE_SYS_STAT_H
57	57	#include <sys/stat.h>
58	58	#endif
	59	#ifdef HAVE_GLOB_H
	60	#include <glob.h>
	61	#endif
59	62
60	63	/** Give checkconf usage, and exit (1). */
61	64	static void

215	218	return 1;
216	219	}
217	220
218		/** convert a filename to full pathname in original filesys
219		* @param fname: the path name to convert.
220		* Must not be null or empty.
221		* @param cfg: config struct for chroot and chdir (if set).
222		* @param use_chdir: if false, only chroot is applied.
223		* @return pointer to static buffer which is: [chroot][chdir]fname
224		*/
225		static char*
226		fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir)
227		{
228		static char buf[1024];
229		int slashit = 0;
230		buf[0] = 0;
231		if(cfg->chrootdir && cfg->chrootdir[0] &&
232		strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) {
233		/* already full pathname, return it */
234		strncpy(buf, fname, sizeof(buf)-1);
235		buf[sizeof(buf)-1] = 0;
236		return buf;
237		}
238		/* chroot */
239		if(cfg->chrootdir && cfg->chrootdir[0]) {
240		/* start with chrootdir */
241		strncpy(buf, cfg->chrootdir, sizeof(buf)-1);
242		slashit = 1;
243		}
244		/* chdir */
245		if(fname[0] == '/' \|\| !use_chdir) {
246		/* full path, no chdir */
247		} else if(cfg->directory && cfg->directory[0]) {
248		/* prepend chdir */
249		if(slashit && cfg->directory[0] != '/')
250		strncat(buf, "/", sizeof(buf)-strlen(buf)-1);
251		if(strncmp(cfg->chrootdir, cfg->directory,
252		strlen(cfg->chrootdir)) == 0)
253		strncat(buf, cfg->directory+strlen(cfg->chrootdir),
254		sizeof(buf)-strlen(buf)-1);
255		else strncat(buf, cfg->directory, sizeof(buf)-strlen(buf)-1);
256		slashit = 1;
257		}
258		/* fname */
259		if(slashit && fname[0] != '/')
260		strncat(buf, "/", sizeof(buf)-strlen(buf)-1);
261		strncat(buf, fname, sizeof(buf)-strlen(buf)-1);
262		buf[sizeof(buf)-1] = 0;
263		return buf;
264		}
265
266	221	/** get base dir of a fname */
267	222	static char*
268		basedir(const char* fname, struct config_file* cfg)
269		{
270		char* d = fname_after_chroot(fname, cfg, 1);
271		char* rev = strrchr(d, '/');
	223	basedir(char* fname)
	224	{
	225	char* rev;
	226	if(!fname) fatal_exit("out of memory");
	227	rev = strrchr(fname, '/');
272	228	if(!rev) return NULL;
273		if(d == rev) return NULL;
	229	if(fname == rev) return NULL;
274	230	rev[0] = 0;
275		return d;
	231	return fname;
	232	}
	233
	234	/** check chroot for a file string */
	235	static void
	236	check_chroot_string(const char* desc, char** ss,
	237	const char* chrootdir, struct config_file* cfg)
	238	{
	239	char* str = *ss;
	240	if(str && str[0]) {
	241	*ss = fname_after_chroot(str, cfg, 1);
	242	if(!*ss) fatal_exit("out of memory");
	243	if(!is_file(*ss)) {
	244	if(chrootdir && chrootdir[0])
	245	fatal_exit("%s: \"%s\" does not exist in "
	246	"chrootdir %s", desc, str, chrootdir);
	247	else
	248	fatal_exit("%s: \"%s\" does not exist",
	249	desc, str);
	250	}
	251	/* put in a new full path for continued checking */
	252	free(str);
	253	}
276	254	}
277	255
278	256	/** check file list, every file must be inside the chroot location */

281	259	const char* chrootdir, struct config_file* cfg)
282	260	{
283	261	struct config_strlist* p;
284		char* old;
285	262	for(p=list; p; p=p->next) {
286		if(p->str && p->str[0]) {
287		if(!is_file(fname_after_chroot(p->str, cfg, 1))) {
288		fatal_exit("%s: \"%s\" does not exist in chrootdir %s",
289		desc, p->str, chrootdir);
290		}
291		old = p->str;
292		/* put in a new full path for continued checking */
293		p->str = strdup(fname_after_chroot(p->str, cfg, 1));
294		free(old);
295		}
	263	check_chroot_string(desc, &p->str, chrootdir, cfg);
	264	}
	265	}
	266
	267	/** check file list, with wildcard processing */
	268	static void
	269	check_chroot_filelist_wild(const char* desc, struct config_strlist* list,
	270	const char* chrootdir, struct config_file* cfg)
	271	{
	272	struct config_strlist* p;
	273	for(p=list; p; p=p->next) {
	274	#ifdef HAVE_GLOB
	275	if(strchr(p->str, '*') \|\| strchr(p->str, '[') \|\|
	276	strchr(p->str, '?') \|\| strchr(p->str, '{') \|\|
	277	strchr(p->str, '~')) {
	278	char* s = p->str;
	279	/* adjust whole pattern for chroot and check later */
	280	p->str = fname_after_chroot(p->str, cfg, 1);
	281	free(s);
	282	} else
	283	#endif /* HAVE_GLOB */
	284	check_chroot_string(desc, &p->str, chrootdir, cfg);
296	285	}
297	286	}
298	287
299	288	/** check configuration for errors */
300	289	static void
301		morechecks(struct config_file* cfg, char* fname)
	290	morechecks(struct config_file* cfg, const char* fname)
302	291	{
303	292	warn_hosts("stub-host", cfg->stubs);
304	293	warn_hosts("forward-host", cfg->forwards);

335	324	fatal_exit("config file %s is not inside chroot %s",
336	325	buf, cfg->chrootdir);
337	326	}
338		if(cfg->directory && cfg->directory[0] && !is_dir(
339		fname_after_chroot(cfg->directory, cfg, 0))) {
340		fatal_exit("bad chdir directory");
	327	if(cfg->directory && cfg->directory[0]) {
	328	char* ad = fname_after_chroot(cfg->directory, cfg, 0);
	329	if(!ad) fatal_exit("out of memory");
	330	if(!is_dir(ad)) fatal_exit("bad chdir directory");
	331	free(ad);
341	332	}
342	333	if( (cfg->chrootdir && cfg->chrootdir[0]) \|\|
343	334	(cfg->directory && cfg->directory[0])) {
344		if(cfg->pidfile && cfg->pidfile[0] &&
345		basedir(cfg->pidfile, cfg) &&
346		!is_dir(basedir(cfg->pidfile, cfg))) {
347		fatal_exit("pidfile directory does not exist");
348		}
349		if(cfg->logfile && cfg->logfile[0] &&
350		basedir(cfg->logfile, cfg) &&
351		!is_dir(basedir(cfg->logfile, cfg))) {
352		fatal_exit("logfile directory does not exist");
	335	if(cfg->pidfile && cfg->pidfile[0]) {
	336	char* ad = (cfg->pidfile[0]=='/')?strdup(cfg->pidfile):
	337	fname_after_chroot(cfg->pidfile, cfg, 1);
	338	char* bd = basedir(ad);
	339	if(bd && !is_dir(bd))
	340	fatal_exit("pidfile directory does not exist");
	341	free(ad);
	342	}
	343	if(cfg->logfile && cfg->logfile[0]) {
	344	char* ad = fname_after_chroot(cfg->logfile, cfg, 1);
	345	char* bd = basedir(ad);
	346	if(bd && !is_dir(bd))
	347	fatal_exit("logfile directory does not exist");
	348	free(ad);
353	349	}
354	350	}
355	351

357	353	cfg->root_hints, cfg->chrootdir, cfg);
358	354	check_chroot_filelist("trust-anchor-file",
359	355	cfg->trust_anchor_file_list, cfg->chrootdir, cfg);
360		check_chroot_filelist("trusted-keys-file",
	356	check_chroot_filelist_wild("trusted-keys-file",
361	357	cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
	358	check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
	359	cfg->chrootdir, cfg);
362	360	/* remove chroot setting so that modules are not stripping pathnames*/
363	361	free(cfg->chrootdir);
364	362	cfg->chrootdir = NULL;

376	374	endpwent();
377	375	}
378	376	#endif
	377	if(cfg->remote_control_enable) {
	378	check_chroot_string("server-key-file", &cfg->server_key_file,
	379	cfg->chrootdir, cfg);
	380	check_chroot_string("server-cert-file", &cfg->server_cert_file,
	381	cfg->chrootdir, cfg);
	382	if(!is_file(cfg->control_key_file))
	383	fatal_exit("control-key-file: \"%s\" does not exist",
	384	cfg->control_key_file);
	385	if(!is_file(cfg->control_cert_file))
	386	fatal_exit("control-cert-file: \"%s\" does not exist",
	387	cfg->control_cert_file);
	388	}
379	389
380	390	localzonechecks(cfg);
381	391	}
382	392
383	393	/** check config file */
384	394	static void
385		checkconf(char* cfgfile)
	395	checkconf(const char* cfgfile)
386	396	{
387	397	struct config_file* cfg = config_create();
388	398	if(!cfg)
389	399	fatal_exit("out of memory");
390		if(!config_read(cfg, cfgfile)) {
	400	if(!config_read(cfg, cfgfile, NULL)) {
391	401	/* config_read prints messages to stderr */
392	402	config_delete(cfg);
393	403	exit(1);

408	418	int main(int argc, char* argv[])
409	419	{
410	420	int c;
411		char* f;
	421	const char* f;
412	422	log_ident_set("unbound-checkconf");
413	423	log_init(NULL, 0, NULL);
414	424	checklock_start();

+156

-0

smallapp/unbound-control-setup.sh less more

	0	#!/bin/sh
	1	#
	2	# unbound-control-setup.sh - set up SSL certificates for unbound-control
	3	#
	4	# Copyright (c) 2008, NLnet Labs. All rights reserved.
	5	#
	6	# This software is open source.
	7	#
	8	# Redistribution and use in source and binary forms, with or without
	9	# modification, are permitted provided that the following conditions
	10	# are met:
	11	#
	12	# Redistributions of source code must retain the above copyright notice,
	13	# this list of conditions and the following disclaimer.
	14	#
	15	# Redistributions in binary form must reproduce the above copyright notice,
	16	# this list of conditions and the following disclaimer in the documentation
	17	# and/or other materials provided with the distribution.
	18	#
	19	# Neither the name of the NLNET LABS nor the names of its contributors may
	20	# be used to endorse or promote products derived from this software without
	21	# specific prior written permission.
	22	#
	23	# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	24	# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	25	# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	26	# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	27	# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	28	# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	29	# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	30	# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	31	# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	32	# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	33	# POSSIBILITY OF SUCH DAMAGE.
	34
	35	# settings:
	36
	37	# directory for files
	38	DESTDIR=/usr/local/etc/unbound
	39
	40	# issuer and subject name for certificates
	41	SERVERNAME=unbound
	42	CLIENTNAME=unbound-control
	43
	44	# validity period for certificates
	45	DAYS=7200
	46
	47	# size of keys in bits
	48	BITS=1024
	49
	50	# base name for unbound server keys
	51	SVR_BASE=unbound_server
	52
	53	# base name for unbound-control keys
	54	CTL_BASE=unbound_control
	55
	56	# end of options
	57
	58	# functions:
	59	error ( ) {
	60	echo "$0 fatal error: $1"
	61	exit 1
	62	}
	63
	64	# check arguments:
	65	while test $# -ne 0; do
	66	case $1 in
	67	-d)
	68	if test $# -eq 1; then error "need argument for -d"; fi
	69	DESTDIR="$2"
	70	shift
	71	;;
	72	*)
	73	echo "unbound-control-setup.sh - setup SSL keys for unbound-control"
	74	echo " -d dir use directory to store keys and certificates."
	75	echo " default: $DESTDIR"
	76	echo "please run this command using the same user id that the "
	77	echo "unboun daemon uses, it needs read privileges."
	78	exit 1
	79	;;
	80	esac
	81	shift
	82	done
	83
	84	# go!:
	85	echo "setup in directory $DESTDIR"
	86	cd "$DESTDIR" \|\| error "could not cd"
	87
	88	# create certificate keys; do not recreate if they already exist.
	89	if test -f $SVR_BASE.key; then
	90	echo "$SVR_BASE.key exists"
	91	else
	92	echo "generating $SVR_BASE.key"
	93	openssl genrsa -out $SVR_BASE.key $BITS \|\| error "could not genrsa"
	94	fi
	95	if test -f $CTL_BASE.key; then
	96	echo "$CTL_BASE.key exists"
	97	else
	98	echo "generating $CTL_BASE.key"
	99	openssl genrsa -out $CTL_BASE.key $BITS \|\| error "could not genrsa"
	100	fi
	101
	102	# create self-signed cert for server
	103	cat >request.cfg <<EOF
	104	[req]
	105	default_bits=$BITS
	106	default_md=sha1
	107	prompt=no
	108	distinguished_name=req_distinguished_name
	109
	110	[req_distinguished_name]
	111	commonName=$SERVERNAME
	112	EOF
	113	test -f request.cfg \|\| error "could not create request.cfg"
	114
	115	echo "create $SVR_BASE.pem (self signed certificate)"
	116	openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out $SVR_BASE.pem \|\| error "could not create $SVR_BASE.pem"
	117	# create trusted usage pem
	118	openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
	119
	120	# create client request and sign it, piped
	121	cat >request.cfg <<EOF
	122	[req]
	123	default_bits=$BITS
	124	default_md=sha1
	125	prompt=no
	126	distinguished_name=req_distinguished_name
	127
	128	[req_distinguished_name]
	129	commonName=$CLIENTNAME
	130	EOF
	131	test -f request.cfg \|\| error "could not create request.cfg"
	132
	133	echo "create $CTL_BASE.pem (signed client certificate)"
	134	openssl req -key $CTL_BASE.key -config request.cfg -new \| openssl x509 -req -days $DAYS -CA $SVR_BASE"_trust.pem" -CAkey $SVR_BASE.key -CAcreateserial -out $CTL_BASE.pem
	135	test -f $CTL_BASE.pem \|\| error "could not create $CTL_BASE.pem"
	136	# create trusted usage pem
	137	# openssl x509 -in $CTL_BASE.pem -addtrust clientAuth -out $CTL_BASE"_trust.pem"
	138
	139	# see details with openssl x509 -noout -text < $SVR_BASE.pem
	140	# echo "create $CTL_BASE""_browser.pfx (web client certificate)"
	141	# echo "create webbrowser PKCS#12 .PFX certificate file. In Firefox import in:"
	142	# echo "preferences - advanced - encryption - view certificates - your certs"
	143	# echo "empty password is used, simply click OK on the password dialog box."
	144	# openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" \|\| error "could not create browser certificate"
	145
	146	# remove unused permissions
	147	chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
	148
	149	# remove crap
	150	rm -f request.cfg
	151	rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl"
	152
	153	echo "Setup success. Certificates created. Enable in unbound.conf file to use"
	154
	155	exit 0

+383

-0

smallapp/unbound-control.c less more

	0	/*
	1	* checkconf/unbound-control.c - remote control utility for unbound.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* The remote control utility contacts the unbound server over ssl and
	39	* sends the command, receives the answer, and displays the result
	40	* from the commandline.
	41	*/
	42
	43	#include "config.h"
	44	#include "util/log.h"
	45	#include "util/config_file.h"
	46	#include "util/locks.h"
	47	#include "util/net_help.h"
	48
	49	/** Give unbound-control usage, and exit (1). */
	50	static void
	51	usage()
	52	{
	53	printf("Usage: unbound-control [options] command\n");
	54	printf(" Remote control utility for unbound server.\n");
	55	printf("Options:\n");
	56	printf(" -c file config file, default is %s\n", CONFIGFILE);
	57	printf(" -s ip[@port] server address, if omitted config is used.\n");
	58	printf(" -h show this usage help.\n");
	59	printf("Commands:\n");
	60	printf(" start start server; runs unbound(8)\n");
	61	printf(" stop stops the server\n");
	62	printf(" reload reloads the server\n");
	63	printf(" stats print statistics\n");
	64	printf(" status display status of server\n");
	65	printf(" verbosity [number] change logging detail\n");
	66	printf(" local_zone [name] [type] add new local zone\n");
	67	printf(" local_zone_remove [name] remove local zone and its contents\n");
	68	printf(" local_data [RR data...] add local data, for example\n");
	69	printf(" local_data www.example.com A 192.0.2.1\n");
	70	printf(" local_data_remove [name] remove local RR data from name\n");
	71	printf(" dump_cache print cache to stdout\n");
	72	printf(" load_cache load cache from stdin\n");
	73	printf(" lookup [name] print nameservers for name\n");
	74	printf(" flush [name] flushes common types for name from cache\n");
	75	printf(" types: A, AAAA, MX, PTR, NS,\n");
	76	printf(" SOA, CNAME, DNAME, SRV, NAPTR\n");
	77	printf(" flush_type [name] [type] flush name, type from cache\n");
	78	printf(" flush_zone [name] flush everything at or under name\n");
	79	printf(" from rr and dnssec caches\n");
	80	printf("Version %s\n", PACKAGE_VERSION);
	81	printf("BSD licensed, see LICENSE in source package for details.\n");
	82	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
	83	exit(1);
	84	}
	85
	86	/** exit with ssl error */
	87	static void ssl_err(const char* s)
	88	{
	89	fprintf(stderr, "error: %s\n", s);
	90	ERR_print_errors_fp(stderr);
	91	exit(1);
	92	}
	93
	94	/** setup SSL context */
	95	static SSL_CTX*
	96	setup_ctx(struct config_file* cfg)
	97	{
	98	char* s_cert, c_key, c_cert;
	99	SSL_CTX* ctx;
	100
	101	s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
	102	c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
	103	c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
	104	if(!s_cert \|\| !c_key \|\| !c_cert)
	105	fatal_exit("out of memory");
	106	ctx = SSL_CTX_new(SSLv23_client_method());
	107	if(!ctx)
	108	ssl_err("could not allocate SSL_CTX pointer");
	109	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
	110	ssl_err("could not set SSL_OP_NO_SSLv2");
	111	if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) \|\|
	112	!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
	113	\|\| !SSL_CTX_check_private_key(ctx))
	114	ssl_err("Error setting up SSL_CTX client key and cert");
	115	if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
	116	ssl_err("Error setting up SSL_CTX verify, server cert");
	117	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
	118
	119	free(s_cert);
	120	free(c_key);
	121	free(c_cert);
	122	return ctx;
	123	}
	124
	125	/** contact the server with TCP connect */
	126	static int
	127	contact_server(const char* svr, struct config_file* cfg, int statuscmd)
	128	{
	129	struct sockaddr_storage addr;
	130	socklen_t addrlen;
	131	int fd;
	132	/* use svr or the first config entry */
	133	if(!svr) {
	134	if(cfg->control_ifs)
	135	svr = cfg->control_ifs->str;
	136	else svr = "127.0.0.1";
	137	/* config 0 addr (everything), means ask localhost */
	138	if(strcmp(svr, "0.0.0.0") == 0)
	139	svr = "127.0.0.1";
	140	else if(strcmp(svr, "::0") == 0 \|\|
	141	strcmp(svr, "0::0") == 0 \|\|
	142	strcmp(svr, "0::") == 0 \|\|
	143	strcmp(svr, "::") == 0)
	144	svr = "::1";
	145	}
	146	if(strchr(svr, '@')) {
	147	if(!extstrtoaddr(svr, &addr, &addrlen))
	148	fatal_exit("could not parse IP@port: %s", svr);
	149	} else {
	150	if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
	151	fatal_exit("could not parse IP: %s", svr);
	152	}
	153	fd = socket(addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET,
	154	SOCK_STREAM, 0);
	155	if(fd == -1) {
	156	#ifndef USE_WINSOCK
	157	fatal_exit("socket: %s", strerror(errno));
	158	#else
	159	fatal_exit("socket: %s", wsa_strerror(WSAGetLastError()));
	160	#endif
	161	}
	162	if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) {
	163	log_addr(0, "address", &addr, addrlen);
	164	#ifndef USE_WINSOCK
	165	log_err("connect: %s", strerror(errno));
	166	if(errno == ECONNREFUSED && statuscmd) {
	167	printf("unbound is stopped\n");
	168	exit(3);
	169	}
	170	#else
	171	log_err("connect: %s", wsa_strerror(WSAGetLastError()));
	172	if(WSAGetLastError() == WSAECONNREFUSED && statuscmd) {
	173	printf("unbound is stopped\n");
	174	exit(3);
	175	}
	176	#endif
	177	exit(1);
	178	}
	179	return fd;
	180	}
	181
	182	/** setup SSL on the connection */
	183	static SSL*
	184	setup_ssl(SSL_CTX* ctx, int fd)
	185	{
	186	SSL* ssl;
	187	X509* x;
	188	int r;
	189
	190	ssl = SSL_new(ctx);
	191	if(!ssl)
	192	ssl_err("could not SSL_new");
	193	SSL_set_connect_state(ssl);
	194	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
	195	if(!SSL_set_fd(ssl, fd))
	196	ssl_err("could not SSL_set_fd");
	197	while(1) {
	198	ERR_clear_error();
	199	if( (r=SSL_do_handshake(ssl)) == 1)
	200	break;
	201	r = SSL_get_error(ssl, r);
	202	if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE)
	203	ssl_err("SSL handshake failed");
	204	/* wants to be called again */
	205	}
	206
	207	/* check authenticity of server */
	208	if(SSL_get_verify_result(ssl) != X509_V_OK)
	209	ssl_err("SSL verification failed");
	210	x = SSL_get_peer_certificate(ssl);
	211	if(!x)
	212	ssl_err("Server presented no peer certificate");
	213	X509_free(x);
	214	return ssl;
	215	}
	216
	217	/** send stdin to server */
	218	static void
	219	send_file(SSL* ssl, FILE* in, char* buf, size_t sz)
	220	{
	221	while(fgets(buf, (int)sz, in)) {
	222	if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0)
	223	ssl_err("could not SSL_write contents");
	224	}
	225	}
	226
	227	/** send command and display result */
	228	static int
	229	go_cmd(SSL* ssl, int argc, char* argv[])
	230	{
	231	const char* pre="UBCT";
	232	const char* space=" ";
	233	const char* newline="\n";
	234	int was_error = 0, first_line = 1;
	235	int r, i;
	236	char buf[1024];
	237	if(SSL_write(ssl, pre, (int)strlen(pre)) <= 0)
	238	ssl_err("could not SSL_write");
	239	for(i=0; i<argc; i++) {
	240	if(SSL_write(ssl, space, (int)strlen(space)) <= 0)
	241	ssl_err("could not SSL_write");
	242	if(SSL_write(ssl, argv[i], (int)strlen(argv[i])) <= 0)
	243	ssl_err("could not SSL_write");
	244	}
	245	if(SSL_write(ssl, newline, (int)strlen(newline)) <= 0)
	246	ssl_err("could not SSL_write");
	247
	248	if(argc == 1 && strcmp(argv[0], "load_cache") == 0) {
	249	send_file(ssl, stdin, buf, sizeof(buf));
	250	}
	251
	252	while(1) {
	253	ERR_clear_error();
	254	if((r = SSL_read(ssl, buf, (int)sizeof(buf)-1)) <= 0) {
	255	if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
	256	/* EOF */
	257	break;
	258	}
	259	ssl_err("could not SSL_read");
	260	}
	261	buf[r] = 0;
	262	printf("%s", buf);
	263	if(first_line && strncmp(buf, "error", 5) == 0)
	264	was_error = 1;
	265	first_line = 0;
	266	}
	267	return was_error;
	268	}
	269
	270	/** go ahead and read config, contact server and perform command and display */
	271	static int
	272	go(const char* cfgfile, char* svr, int argc, char* argv[])
	273	{
	274	struct config_file* cfg;
	275	int fd, ret;
	276	SSL_CTX* ctx;
	277	SSL* ssl;
	278
	279	/* read config */
	280	if(!(cfg = config_create()))
	281	fatal_exit("out of memory");
	282	if(!config_read(cfg, cfgfile, NULL))
	283	fatal_exit("could not read config file");
	284	if(!cfg->remote_control_enable)
	285	log_warn("control-enable is 'no' in the config file.");
	286	ctx = setup_ctx(cfg);
	287
	288	/* contact server */
	289	fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0);
	290	ssl = setup_ssl(ctx, fd);
	291
	292	/* send command */
	293	ret = go_cmd(ssl, argc, argv);
	294
	295	SSL_free(ssl);
	296	close(fd);
	297	SSL_CTX_free(ctx);
	298	config_delete(cfg);
	299	return ret;
	300	}
	301
	302	/** getopt global, in case header files fail to declare it. */
	303	extern int optind;
	304	/** getopt global, in case header files fail to declare it. */
	305	extern char* optarg;
	306
	307	/** Main routine for unbound-control */
	308	int main(int argc, char* argv[])
	309	{
	310	int c, ret;
	311	const char* cfgfile = CONFIGFILE;
	312	char* svr = NULL;
	313	#ifdef USE_WINSOCK
	314	int r;
	315	WSADATA wsa_data;
	316	#endif
	317	#ifdef USE_THREAD_DEBUG
	318	/* stop the file output from unbound-control, overwites the servers */
	319	extern int check_locking_order;
	320	check_locking_order = 0;
	321	#endif /* USE_THREAD_DEBUG */
	322	log_ident_set("unbound-control");
	323	log_init(NULL, 0, NULL);
	324	checklock_start();
	325	#ifdef USE_WINSOCK
	326	if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
	327	fatal_exit("WSAStartup failed: %s", wsa_strerror(r));
	328	#endif
	329
	330	ERR_load_crypto_strings();
	331	ERR_load_SSL_strings();
	332	OpenSSL_add_all_algorithms();
	333	(void)SSL_library_init();
	334
	335	if(!RAND_status()) {
	336	/* try to seed it */
	337	unsigned char buf[256];
	338	unsigned int v, seed=(unsigned)time(NULL) ^ (unsigned)getpid();
	339	size_t i;
	340	for(i=0; i<256/sizeof(v); i++) {
	341	memmove(buf+i*sizeof(v), &v, sizeof(v));
	342	v = v*seed + (unsigned int)i;
	343	}
	344	RAND_seed(buf, 256);
	345	log_warn("no entropy, seeding openssl PRNG with time\n");
	346	}
	347
	348	/* parse the options */
	349	while( (c=getopt(argc, argv, "c:s:h")) != -1) {
	350	switch(c) {
	351	case 'c':
	352	cfgfile = optarg;
	353	break;
	354	case 's':
	355	svr = optarg;
	356	break;
	357	case '?':
	358	case 'h':
	359	default:
	360	usage();
	361	}
	362	}
	363	argc -= optind;
	364	argv += optind;
	365	if(argc == 0)
	366	usage();
	367	if(argc >= 1 && strcmp(argv[0], "start")==0) {
	368	if(execlp("unbound", "unbound", "-c", cfgfile,
	369	(char*)NULL) < 0) {
	370	fatal_exit("could not exec unbound: %s",
	371	strerror(errno));
	372	}
	373	}
	374
	375	ret = go(cfgfile, svr, argc, argv);
	376
	377	#ifdef USE_WINSOCK
	378	WSACleanup();
	379	#endif
	380	checklock_stop();
	381	return ret;
	382	}

+11

-3

smallapp/unbound-host.c less more

50	50	static void
51	51	usage()
52	52	{
53		printf("Usage: unbound-host [-vdhr] [-c class] [-t type] hostname\n");
	53	printf("Usage: unbound-host [-vdhr46] [-c class] [-t type] hostname\n");
54	54	printf(" [-y key] [-f keyfile] [-F namedkeyfile]\n");
55	55	printf(" [-C configfile]\n");
56	56	printf(" Queries the DNS for information.\n");

68	68	printf(" breaks validation if the fwder does not do DNSSEC.\n");
69	69	printf(" -v be more verbose, shows nodata and security.\n");
70	70	printf(" -d debug, traces the action, -d -d shows more.\n");
	71	printf(" -4 use ipv4 network, avoid ipv6.\n");
	72	printf(" -6 use ipv6 network, avoid ipv4.\n");
71	73	printf(" -h show this usage help.\n");
72	74	printf("Version %s\n", PACKAGE_VERSION);
73	75	printf("BSD licensed, see LICENSE in source package for details.\n");

98	100	{
99	101	struct in6_addr addr;
100	102	/* [nibble.]{32}.ip6.arpa. is less than 128 */
101		char* hex = "0123456789abcdef";
	103	const char* hex = "0123456789abcdef";
102	104	char buf[128];
103	105	char *p;
104	106	int i;

412	414	}
413	415
414	416	/* parse the options */
415		while( (c=getopt(argc, argv, "F:c:df:hrt:vy:C:")) != -1) {
	417	while( (c=getopt(argc, argv, "46F:c:df:hrt:vy:C:")) != -1) {
416	418	switch(c) {
	419	case '4':
	420	check_ub_res(ub_ctx_set_option(ctx, "do-ip6:", "no"));
	421	break;
	422	case '6':
	423	check_ub_res(ub_ctx_set_option(ctx, "do-ip4:", "no"));
	424	break;
417	425	case 'c':
418	426	qclass = optarg;
419	427	break;

+30

-14

smallapp/worker_cb.c less more

44	44	struct comm_reply;
45	45	struct comm_point;
46	46	struct module_qstate;
47
48		int worker_handle_control_cmd(struct comm_point* ATTR_UNUSED(c),
49		void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
50		struct comm_reply* ATTR_UNUSED(reply_info))
51		{
52		log_assert(0);
53		return 0;
	47	struct tube;
	48
	49	void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
	50	uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
	51	int ATTR_UNUSED(error), void* ATTR_UNUSED(arg))
	52	{
	53	log_assert(0);
54	54	}
55	55
56	56	int worker_handle_request(struct comm_point* ATTR_UNUSED(c),

72	72	int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c),
73	73	void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
74	74	struct comm_reply* ATTR_UNUSED(reply_info))
	75	{
	76	log_assert(0);
	77	return 0;
	78	}
	79
	80	int remote_accept_callback(struct comm_point* ATTR_UNUSED(c),
	81	void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
	82	struct comm_reply* ATTR_UNUSED(repinfo))
	83	{
	84	log_assert(0);
	85	return 0;
	86	}
	87
	88	int remote_control_callback(struct comm_point* ATTR_UNUSED(c),
	89	void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
	90	struct comm_reply* ATTR_UNUSED(repinfo))
75	91	{
76	92	log_assert(0);
77	93	return 0;

107	123	log_assert(0);
108	124	}
109	125
110		int
111		acl_list_cmp(const void* ATTR_UNUSED(k1), const void* ATTR_UNUSED(k2))
112		{
113		log_assert(0);
114		return 0;
115		}
116
117	126	int libworker_send_packet(ldns_buffer* ATTR_UNUSED(pkt),
118	127	struct sockaddr_storage* ATTR_UNUSED(addr),
119	128	socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(timeout),

147	156	{
148	157	log_assert(0);
149	158	return 0;
	159	}
	160
	161	void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
	162	uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
	163	int ATTR_UNUSED(error), void* ATTR_UNUSED(arg))
	164	{
	165	log_assert(0);
150	166	}
151	167
152	168	int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))

+28

-12

testcode/asynclook.c less more

44	44	#include "util/locks.h"
45	45	#include "util/log.h"
46	46
	47	/** keeping track of the async ids */
	48	struct track_id {
	49	/** the id to pass to libunbound to cancel */
	50	int id;
	51	/** true if cancelled */
	52	int cancel;
	53	/** a lock on this structure for thread safety */
	54	lock_basic_t lock;
	55	};
	56
47	57	/**
48	58	* result list for the lookups
49	59	*/

232	242	static void
233	243	ext_callback(void* mydata, int err, struct ub_result* result)
234	244	{
235		int* my_id = (int*)mydata;
	245	struct track_id* my_id = (struct track_id*)mydata;
236	246	int doprint = 0;
237	247	if(my_id) {
238	248	/* I have an id, make sure we are not cancelled */
239		if(*my_id == 0) {
240		printf("error: query returned, but was cancelled\n");
	249	lock_basic_lock(&my_id->lock);
	250	if(doprint)
	251	printf("cb %d: ", my_id->id);
	252	if(my_id->cancel) {
	253	printf("error: query id=%d returned, but was cancelled\n",
	254	my_id->id);
241	255	abort();
242	256	exit(1);
243	257	}
244		if(doprint)
245		printf("cb %d: ", *my_id);
	258	lock_basic_unlock(&my_id->lock);
246	259	}
247	260	ext_check_result("ext_callback", err, result);
248	261	log_assert(result);

263	276	struct ext_thr_info* inf = (struct ext_thr_info*)arg;
264	277	int i, r;
265	278	struct ub_result* result;
266		int* async_ids = NULL;
	279	struct track_id* async_ids = NULL;
267	280	log_thread_set(&inf->thread_num);
268	281	if(inf->thread_num > NUMTHR*2/3) {
269		async_ids = (int*)calloc((size_t)inf->numq, sizeof(int));
	282	async_ids = (struct track_id*)calloc((size_t)inf->numq, sizeof(struct track_id));
270	283	if(!async_ids) {
271	284	printf("out of memory\n");
272	285	exit(1);
	286	}
	287	for(i=0; i<inf->numq; i++) {
	288	lock_basic_init(&async_ids[i].lock);
273	289	}
274	290	}
275	291	for(i=0; i<inf->numq; i++) {

277	293	r = ub_resolve_async(inf->ctx,
278	294	inf->argv[i%inf->argc], LDNS_RR_TYPE_A,
279	295	LDNS_RR_CLASS_IN, &async_ids[i], ext_callback,
280		&async_ids[i]);
	296	&async_ids[i].id);
281	297	checkerr("ub_resolve_async", r);
282	298	if(i > 100) {
283		r = ub_cancel(inf->ctx, async_ids[i-100]);
	299	lock_basic_lock(&async_ids[i-100].lock);
	300	r = ub_cancel(inf->ctx, async_ids[i-100].id);
	301	async_ids[i-100].cancel=1;
	302	lock_basic_unlock(&async_ids[i-100].lock);
284	303	checkerr("ub_cancel", r);
285		}
286		if(i > 200) {
287		async_ids[i-200]=0;
288	304	}
289	305	} else if(inf->thread_num > NUMTHR/2) {
290	306	/* async */

+4

-4

testcode/delayer.c less more

965	965
966	966	/** delayer main service routine */
967	967	static void
968		service(char* bind_str, int bindport, char* serv_str, size_t memsize,
969		int delay_msec)
	968	service(const char* bind_str, int bindport, const char* serv_str,
	969	size_t memsize, int delay_msec)
970	970	{
971	971	struct sockaddr_storage bind_addr, srv_addr;
972	972	socklen_t bind_len, srv_len;

1097	1097	int main(int argc, char** argv)
1098	1098	{
1099	1099	int c; /* defaults */
1100		char* server = "127.0.0.1@53";
1101		char* bindto = "0.0.0.0";
	1100	const char* server = "127.0.0.1@53";
	1101	const char* bindto = "0.0.0.0";
1102	1102	int bindport = 0;
1103	1103	size_t memsize = 1010241024;
1104	1104	int delay = 100;

+13

-13

testcode/do-tests.sh less more

1	1
2	2	NEED_SPLINT='00-lint.tpkg'
3	3	NEED_DOXYGEN='01-doc.tpkg'
4		NEED_LDNS_TESTNS='fwd_no_edns.tpkg fwd_tcp_tc.tpkg fwd_tcp.tpkg fwd_three_service.tpkg fwd_three.tpkg fwd_ttlexpire.tpkg fwd_udp.tpkg fwd_tcp_tc6.tpkg fwd_compress_c00c.tpkg fwd_ancil.tpkg stat_timer.tpkg 05-asynclook.tpkg stream_tcp.tpkg speed_cache.tpkg fwd_oneport.tpkg fwd_udptmout.tpkg fwd_waitudp.tpkg tcp_sigpipe.tpkg hostsfileosx.tpkg local_nodefault.tpkg'
5		NEED_XXD='fwd_compress_c00c.tpkg'
6		NEED_NC='fwd_compress_c00c.tpkg'
	4	NEED_LDNS_TESTNS='fwd_no_edns.tpkg fwd_tcp_tc.tpkg fwd_tcp.tpkg fwd_three_service.tpkg fwd_three.tpkg fwd_ttlexpire.tpkg fwd_udp.tpkg fwd_tcp_tc6.tpkg fwd_compress_c00c.tpkg fwd_ancil.tpkg stat_timer.tpkg 05-asynclook.tpkg stream_tcp.tpkg speed_cache.tpkg fwd_oneport.tpkg fwd_udptmout.tpkg fwd_waitudp.tpkg tcp_sigpipe.tpkg hostsfileosx.tpkg local_nodefault.tpkg fwd_zero.tpkg'
	5	NEED_XXD='fwd_compress_c00c.tpkg fwd_zero.tpkg'
	6	NEED_NC='fwd_compress_c00c.tpkg fwd_zero.tpkg'
7	7	NEED_CURL='06-ianaports.tpkg'
8	8	NEED_WHOAMI='07-confroot.tpkg'
9	9	NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg'
10		NEED_JOBCONTROL='tcp_sigpipe.tpkg'
11
12		# test if job control - and also signals - are available (not on mingw).
13		if wait %% 2>&1 \| grep "job control not enabled" >/dev/null 2>&1; then
14		JOBCONTROL=no
15		else
16		JOBCONTROL=yes
17		fi
	10	NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
18	11
19	12	# test for ipv6, uses streamptcp peculiarity.
20	13	if ./streamtcp -f ::1 2>&1 \| grep "not supported" >/dev/null 2>&1; then
21	14	HAVE_IPV6=no
22	15	else
23	16	HAVE_IPV6=yes
	17	fi
	18
	19	# test mingw. no signals and so on.
	20	if uname \| grep MINGW >/dev/null; then
	21	HAVE_MINGW=yes
	22	else
	23	HAVE_MINGW=no
24	24	fi
25	25
26	26	cd testdata;

68	68	SKIP=1;
69	69	fi
70	70	fi
71		if echo $NEED_JOBCONTROL \| grep $test >/dev/null; then
72		if test "$JOBCONTROL" = no; then
	71	if echo $NEED_NOMINGW \| grep $test >/dev/null; then
	72	if test "$HAVE_MINGW" = yes; then
73	73	SKIP=1;
74	74	fi
75	75	fi

+75

-6

testcode/fake_event.c less more

56	56	#include "testcode/ldns-testpkts.h"
57	57	#include "util/log.h"
58	58	#include <signal.h>
	59	struct worker;
59	60
60	61	/** Global variable: the scenario. Saved here for when event_init is done. */
61	62	static struct replay_scenario* saved_scenario = NULL;
	63
	64	/** add timers and the values do not overflow or become negative */
	65	static void
	66	timeval_add(struct timeval* d, const struct timeval* add)
	67	{
	68	#ifndef S_SPLINT_S
	69	d->tv_sec += add->tv_sec;
	70	d->tv_usec += add->tv_usec;
	71	while(d->tv_usec > 1000000 ) {
	72	d->tv_usec -= 1000000;
	73	d->tv_sec++;
	74	}
	75	#endif
	76	}
62	77
63	78	void
64	79	fake_event_init(struct replay_scenario* scen)

97	112	case repevt_front_query: return "QUERY";
98	113	case repevt_front_reply: return "CHECK_ANSWER";
99	114	case repevt_timeout: return "TIMEOUT";
	115	case repevt_time_passes: return "TIME_PASSES";
100	116	case repevt_back_reply: return "REPLY";
101	117	case repevt_back_query: return "CHECK_OUT_QUERY";
102	118	case repevt_error: return "ERROR";
103	119	default: return "UNKNOWN";
104		};
	120	}
105	121	}
106	122
107	123	/** delete a fake pending */

380	396	struct fake_pending* p = runtime->pending_list;
381	397	struct comm_reply repinfo;
382	398	struct comm_point c;
383		void* cb_arg = p->cb_arg;
384		comm_point_callback_t* cb = p->callback;
	399	void* cb_arg;
	400	comm_point_callback_t* cb;
385	401
386	402	memset(&c, 0, sizeof(c));
387	403	if(!p) fatal_exit("No pending queries.");
	404	cb_arg = p->cb_arg;
	405	cb = p->callback;
388	406	log_assert(todo->qname == NULL); /* or find that one */
389	407	c.buffer = ldns_buffer_new(runtime->bufsize);
390	408	c.type = comm_udp;

403	421	}
404	422	/* delete the pending item. */
405	423	ldns_buffer_free(c.buffer);
	424	}
	425
	426	/** pass time */
	427	static void
	428	time_passes(struct replay_runtime* runtime, struct replay_moment* mom)
	429	{
	430	timeval_add(&runtime->now_tv, &mom->elapse);
	431	runtime->now_secs = (uint32_t)runtime->now_tv.tv_sec;
	432	#ifndef S_SPLINT_S
	433	log_info("elapsed %d.%6.6d now %d.%6.6d",
	434	(int)mom->elapse.tv_sec, (int)mom->elapse.tv_usec,
	435	(int)runtime->now_tv.tv_sec, (int)runtime->now_tv.tv_usec);
	436	#endif
406	437	}
407	438
408	439	/**

468	499	advance_moment(runtime);
469	500	fake_pending_callback(runtime, mom, NETEVENT_CLOSED);
470	501	break;
	502	case repevt_time_passes:
	503	time_passes(runtime, runtime->now);
	504	advance_moment(runtime);
	505	break;
471	506	default:
472	507	fatal_exit("testbound: unknown event type %d",
473	508	runtime->now->evt_type);

514	549	if(runtime->pending_list) {
515	550	struct fake_pending* p;
516	551	log_err("testbound: there are still messages pending.");
517		for(p = runtime->pending_list; p; p=p->next)
	552	for(p = runtime->pending_list; p; p=p->next) {
518	553	log_pkt("pending msg", p->pkt);
	554	log_addr(0, "pending to", &p->addr, p->addrlen);
	555	}
519	556	fatal_exit("testbound: there are still messages pending.");
520	557	}
521	558	if(runtime->answer_list) {

558	595	}
559	596
560	597	struct comm_base*
561		comm_base_create()
	598	comm_base_create(int ATTR_UNUSED(sigs))
562	599	{
563	600	/* we return the runtime structure instead. */
564	601	struct replay_runtime* runtime = (struct replay_runtime*)

687	724	struct infra_cache* ATTR_UNUSED(infra),
688	725	struct ub_randstate* ATTR_UNUSED(rnd),
689	726	int ATTR_UNUSED(use_caps_for_id), int* ATTR_UNUSED(availports),
690		int ATTR_UNUSED(numavailports))
	727	int ATTR_UNUSED(numavailports), size_t ATTR_UNUSED(unwanted_threshold),
	728	void (unwanted_action)(void), void* ATTR_UNUSED(unwanted_param))
691	729	{
692	730	struct outside_network* outnet = calloc(1,
693	731	sizeof(struct outside_network));
	732	(void)unwanted_action;
694	733	if(!outnet)
695	734	return NULL;
696	735	outnet->base = base;

944	983	return calloc(1, 1);
945	984	}
946	985
	986	struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base),
	987	int ATTR_UNUSED(fd), int ATTR_UNUSED(writing),
	988	comm_point_callback_t* ATTR_UNUSED(callback),
	989	void* ATTR_UNUSED(callback_arg))
	990	{
	991	/* no pipe comm possible */
	992	return calloc(1, 1);
	993	}
	994
	995	void comm_point_start_listening(struct comm_point* ATTR_UNUSED(c),
	996	int ATTR_UNUSED(newfd), int ATTR_UNUSED(sec))
	997	{
	998	/* no bg write pipe comm possible */
	999	}
	1000
	1001	void comm_point_stop_listening(struct comm_point* ATTR_UNUSED(c))
	1002	{
	1003	/* no bg write pipe comm possible */
	1004	}
	1005
947	1006	/* only cmd com _local gets deleted */
948	1007	void comm_point_delete(struct comm_point* c)
949	1008	{

1095	1154	free(timer);
1096	1155	}
1097	1156
	1157	struct event_base* comm_base_internal(struct comm_base* ATTR_UNUSED(b))
	1158	{
	1159	/* no pipe comm possible in testbound */
	1160	return NULL;
	1161	}
	1162
	1163	void daemon_remote_exec(struct worker* ATTR_UNUSED(worker))
	1164	{
	1165	}
	1166
1098	1167	/********* End of Dummy routines *********/

+2

-2

testcode/harvest.c less more

167	167	static int hverb = 0;
168	168
169	169	/** exit with error */
170		static void error_exit(char* str)
	170	static void error_exit(const char* str)
171	171	{
172	172	printf("error: %s\n", str);
173	173	exit(1);

234	234
235	235	/** create label entry */
236	236	static struct labdata*
237		lab_create(char* name)
	237	lab_create(const char* name)
238	238	{
239	239	struct labdata* lab = (struct labdata)calloc(1, sizeof(lab));
240	240	if(!lab) error_exit("out of memory");

+39

-15

testcode/ldns-testpkts.c less more

60	60	* @param keyword: the keyword to match
61	61	* @return: true if keyword present. False otherwise, and str unchanged.
62	62	*/
63		static bool str_keyword(const char** str, const char* keyword)
	63	static bool str_keyword(char** str, const char* keyword)
64	64	{
65	65	size_t len = strlen(keyword);
66	66	assert(str && keyword);

91	91	}
92	92
93	93	/** parse MATCH line */
94		static void matchline(const char* line, struct entry* e)
95		{
96		const char* parse = line;
	94	static void matchline(char* line, struct entry* e)
	95	{
	96	char* parse = line;
97	97	while(*parse) {
98	98	if(isendline(*parse))
99	99	return;

103	103	e->match_qtype = true;
104	104	} else if(str_keyword(&parse, "qname")) {
105	105	e->match_qname = true;
	106	} else if(str_keyword(&parse, "subdomain")) {
	107	e->match_subdomain = true;
106	108	} else if(str_keyword(&parse, "all")) {
107	109	e->match_all = true;
108	110	} else if(str_keyword(&parse, "ttl")) {
109	111	e->match_ttl = true;
110	112	} else if(str_keyword(&parse, "DO")) {
111	113	e->match_do = true;
	114	} else if(str_keyword(&parse, "noedns")) {
	115	e->match_noedns = true;
112	116	} else if(str_keyword(&parse, "UDP")) {
113	117	e->match_transport = transport_udp;
114	118	} else if(str_keyword(&parse, "TCP")) {

128	132	}
129	133
130	134	/** parse REPLY line */
131		static void replyline(const char* line, ldns_pkt *reply)
132		{
133		const char* parse = line;
	135	static void replyline(char* line, ldns_pkt *reply)
	136	{
	137	char* parse = line;
134	138	while(*parse) {
135	139	if(isendline(*parse))
136	140	return;

193	197	}
194	198
195	199	/** parse ADJUST line */
196		static void adjustline(const char* line, struct entry* e,
	200	static void adjustline(char* line, struct entry* e,
197	201	struct reply_packet* pkt)
198	202	{
199		const char* parse = line;
	203	char* parse = line;
200	204	while(*parse) {
201	205	if(isendline(*parse))
202	206	return;

226	230	e->match_opcode = false;
227	231	e->match_qtype = false;
228	232	e->match_qname = false;
	233	e->match_subdomain = false;
229	234	e->match_all = false;
230	235	e->match_ttl = false;
231	236	e->match_do = false;
	237	e->match_noedns = false;
232	238	e->match_serial = false;
233	239	e->ixfr_soa_serial = 0;
234	240	e->match_transport = transport_any;

409	415	{
410	416	struct entry* current = NULL;
411	417	char line[MAX_LINE];
412		const char* parse;
	418	char* parse;
413	419	ldns_pkt_section add_section = LDNS_SECTION_QUESTION;
414	420	struct reply_packet *cur_reply = NULL;
415	421	bool reading_hex = false;

435	441	cur_reply = entry_add_reply(current);
436	442	continue;
437	443	} else if(str_keyword(&parse, "$ORIGIN")) {
438		get_origin(name, lineno, origin, (char)parse);
	444	get_origin(name, *lineno, origin, parse);
439	445	continue;
440	446	} else if(str_keyword(&parse, "$TTL")) {
441	447	*default_ttl = (uint32_t)atoi(parse);

483	489	/* it must be a RR, parse and add to packet. */
484	490	ldns_rr* n = NULL;
485	491	ldns_status status;
486		status = ldns_rr_new_frm_str(&n, parse, *default_ttl,
487		*origin, prev_rr);
488		if (status != LDNS_STATUS_OK)
	492	if(add_section == LDNS_SECTION_QUESTION)
	493	status = ldns_rr_new_question_frm_str(
	494	&n, parse, *origin, prev_rr);
	495	else status = ldns_rr_new_frm_str(&n, parse,
	496	default_ttl, origin, prev_rr);
	497	if(status != LDNS_STATUS_OK)
489	498	error("%s line %d:\n\t%s: %s", name, *lineno,
490	499	ldns_get_errorstr_by_id(status), parse);
491	500	ldns_pkt_push_rr(cur_reply->reply, add_section, n);

633	642	{ verbose(3, "allmatch: nscount different"); return 0;}
634	643	if(ldns_pkt_arcount(q) != ldns_pkt_arcount(p))
635	644	{ verbose(3, "allmatch: arcount different"); return 0;}
636		if(!match_list(ldns_pkt_question(q), ldns_pkt_question(p), mttl))
	645	if(!match_list(ldns_pkt_question(q), ldns_pkt_question(p), 0))
637	646	{ verbose(3, "allmatch: qd section different"); return 0;}
638	647	if(!match_list(ldns_pkt_answer(q), ldns_pkt_answer(p), mttl))
639	648	{ verbose(3, "allmatch: an section different"); return 0;}

671	680	continue;
672	681	}
673	682	}
	683	if(p->match_subdomain) {
	684	if(!get_owner(query_pkt) \|\| !get_owner(reply) \|\|
	685	(ldns_dname_compare(get_owner(query_pkt),
	686	get_owner(reply)) != 0 &&
	687	!ldns_dname_is_subdomain(
	688	get_owner(query_pkt), get_owner(reply))))
	689	{
	690	verbose(3, "bad subdomain\n");
	691	continue;
	692	}
	693	}
674	694	if(p->match_serial && get_serial(query_pkt) != p->ixfr_soa_serial) {
675	695	verbose(3, "bad serial\n");
676	696	continue;
677	697	}
678	698	if(p->match_do && !ldns_pkt_edns_do(query_pkt)) {
679	699	verbose(3, "no DO bit set\n");
	700	continue;
	701	}
	702	if(p->match_noedns && ldns_pkt_edns(query_pkt)) {
	703	verbose(3, "bad; EDNS OPT present\n");
680	704	continue;
681	705	}
682	706	if(p->match_transport != transport_any && p->match_transport != transport) {

+6

-0

testcode/ldns-testpkts.h less more

41	41	; if you leave it out, any opcode matches this entry.
42	42	; 'qtype' makes the query match the qtype from the reply
43	43	; 'qname' makes the query match the qname from the reply
	44	; 'subdomain' makes the query match subdomains of qname from the reply
44	45	; 'serial=1023' makes the query match if ixfr serial is 1023.
45	46	; 'all' has to match header byte for byte and all rrs in packet.
46	47	; 'ttl' used with all, rrs in packet must also have matching TTLs.
47	48	; 'DO' will match only queries with DO bit set.
	49	; 'noedns' matches queries without EDNS OPT records.
48	50	MATCH [opcode] [qtype] [qname] [serial=<value>] [all] [ttl]
49	51	MATCH [UDP\|TCP] DO
50	52	MATCH ...

156	158	bool match_qtype;
157	159	/** match qname with answer qname */
158	160	bool match_qname;
	161	/** match qname as subdomain of answer qname */
	162	bool match_subdomain;
159	163	/** match SOA serial number, from auth section */
160	164	bool match_serial;
161	165	/** match all of the packet */

164	168	bool match_ttl;
165	169	/** match DO bit */
166	170	bool match_do;
	171	/** match absence of EDNS OPT record in query */
	172	bool match_noedns;
167	173	/** match query serial with this value. */
168	174	uint32_t ixfr_soa_serial;
169	175	/** match on UDP/TCP */

+19

-1

testcode/replay.c less more

53	53	* @return: true if found, false if not.
54	54	*/
55	55	static int
56		parse_keyword(char** line, char* keyword)
	56	parse_keyword(char** line, const char* keyword)
57	57	{
58	58	size_t len = (size_t)strlen(keyword);
59	59	if(strncmp(*line, keyword, len) == 0) {

220	220	readentry = 1;
221	221	} else if(parse_keyword(&remain, "TIMEOUT")) {
222	222	mom->evt_type = repevt_timeout;
	223	} else if(parse_keyword(&remain, "TIME_PASSES")) {
	224	mom->evt_type = repevt_time_passes;
223	225	} else if(parse_keyword(&remain, "ERROR")) {
224	226	mom->evt_type = repevt_error;
225	227	} else {

240	242	free(mom);
241	243	return NULL;
242	244	}
	245	}
	246	if(parse_keyword(&remain, "ELAPSE")) {
	247	double sec;
	248	errno = 0;
	249	sec = strtod(remain, &remain);
	250	if(sec == 0. && errno != 0) {
	251	log_err("line %d: could not parse ELAPSE: %s (%s)",
	252	*lineno, remain, strerror(errno));
	253	free(mom);
	254	return NULL;
	255	}
	256	#ifndef S_SPLINT_S
	257	mom->elapse.tv_sec = (int)sec;
	258	mom->elapse.tv_usec = (int)((sec - (double)mom->elapse.tv_sec)
	259	*1000000. + 0.5);
	260	#endif
243	261	}
244	262
245	263	if(readentry) {

+7

-0

testcode/replay.h less more

57	57	* o CHECK_OUT_QUERY - followed by entry (if copy-id it is also reply).
58	58	* o REPLY - followed by entry
59	59	* o TIMEOUT
	60	* o TIME_PASSES ELAPSE [seconds] - increase 'now' time counter, can be
	61	* a floating point number.
60	62	* o ERROR
61	63	* ; following entry starts on the next line, ENTRY_BEGIN.
62	64	* ; more STEP items

148	150	repevt_front_reply,
149	151	/** timeout */
150	152	repevt_timeout,
	153	/** time passes */
	154	repevt_time_passes,
151	155	/** reply arrives from the network */
152	156	repevt_back_reply,
153	157	/** test fails if query to the network does not match */

160	164
161	165	/** The sent packet must match this. Incoming events, the data. */
162	166	struct entry* match;
	167
	168	/** the amount of time that passes */
	169	struct timeval elapse;
163	170
164	171	/** address that must be matched, or packet remote host address. */
165	172	struct sockaddr_storage addr;

+5

-4

testcode/streamtcp.c less more

61	61
62	62	/** open TCP socket to svr */
63	63	static int
64		open_svr(char* svr, int udp)
	64	open_svr(const char* svr, int udp)
65	65	{
66	66	struct sockaddr_storage addr;
67	67	socklen_t addrlen;
68	68	int fd = -1;
69	69	/* svr can be ip@port */
	70	memset(&addr, 0, sizeof(addr));
70	71	if(!extstrtoaddr(svr, &addr, &addrlen)) {
71	72	printf("fatal: bad server specs '%s'\n", svr);
72	73	exit(1);

95	96	/** write a query over the TCP fd */
96	97	static void
97	98	write_q(int fd, int udp, ldns_buffer* buf, int id,
98		char* strname, char* strtype, char* strclass)
	99	const char* strname, const char* strtype, const char* strclass)
99	100	{
100	101	struct query_info qinfo;
101	102	ldns_rdf* rdf;

209	210
210	211	/** send the TCP queries and print answers */
211	212	static void
212		send_em(char* svr, int udp, int noanswer, int num, char** qs)
	213	send_em(const char* svr, int udp, int noanswer, int num, char** qs)
213	214	{
214	215	ldns_buffer* buf = ldns_buffer_new(65553);
215	216	int fd = open_svr(svr, udp);

250	251	int main(int argc, char** argv)
251	252	{
252	253	int c;
253		char* svr = "127.0.0.1";
	254	const char* svr = "127.0.0.1";
254	255	int udp = 0;
255	256	int noanswer = 0;
256	257

+55

-4

testcode/testbound.c less more

41	41	#include "testcode/ldns-testpkts.h"
42	42	#include "testcode/replay.h"
43	43	#include "testcode/fake_event.h"
	44	#include "daemon/remote.h"
44	45
45	46	/**
46	47	* include the main program from the unbound daemon.

63	64	printf("\ttest the unbound daemon.\n");
64	65	printf("-h this help\n");
65	66	printf("-p file playback text file\n");
	67	printf("-2 detect SHA256 support (exit code 0 or 1)\n");
66	68	printf("-o str unbound commandline options separated by spaces.\n");
67	69	printf("Version %s\n", PACKAGE_VERSION);
68	70	printf("BSD licensed, see LICENSE file in source package.\n");

79	81	* @param pass_argv: the argv to pass to unbound. Modified.
80	82	*/
81	83	static void
82		add_opts(char* optarg, int* pass_argc, char* pass_argv[])
83		{
84		char p = optarg, np;
	84	add_opts(const char* optarg, int* pass_argc, char* pass_argv[])
	85	{
	86	const char p = optarg, np;
85	87	size_t len;
86	88	while(p && isspace((int)*p))
87	89	p++;

221	223	pass_argc = 1;
222	224	pass_argv[0] = "unbound";
223	225	add_opts("-d", &pass_argc, pass_argv);
224		while( (c=getopt(argc, argv, "ho:p:")) != -1) {
	226	while( (c=getopt(argc, argv, "2ho:p:")) != -1) {
225	227	switch(c) {
	228	case '2':
	229	#ifdef HAVE_EVP_SHA256
	230	printf("SHA256 supported\n");
	231	exit(0);
	232	#else
	233	printf("SHA256 not supported\n");
	234	exit(1);
	235	#endif
	236	break;
226	237	case 'p':
227	238	playback_file = optarg;
228	239	break;

267	278	log_info("Testbound Exit Success");
268	279	return res;
269	280	}
	281
	282	/* fake remote control */
	283	struct listen_port* daemon_remote_open_ports(struct config_file*
	284	ATTR_UNUSED(cfg))
	285	{
	286	return NULL;
	287	}
	288
	289	struct daemon_remote* daemon_remote_create(struct worker* ATTR_UNUSED(worker))
	290	{
	291	return (struct daemon_remote*)calloc(1,1);
	292	}
	293
	294	void daemon_remote_delete(struct daemon_remote* rc)
	295	{
	296	free(rc);
	297	}
	298
	299	int daemon_remote_open_accept(struct daemon_remote* ATTR_UNUSED(rc),
	300	struct listen_port* ATTR_UNUSED(ports))
	301	{
	302	return 1;
	303	}
	304
	305	int remote_accept_callback(struct comm_point* ATTR_UNUSED(c),
	306	void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
	307	struct comm_reply* ATTR_UNUSED(repinfo))
	308	{
	309	log_assert(0);
	310	return 0;
	311	}
	312
	313	int remote_control_callback(struct comm_point* ATTR_UNUSED(c),
	314	void* ATTR_UNUSED(arg), int ATTR_UNUSED(error),
	315	struct comm_reply* ATTR_UNUSED(repinfo))
	316	{
	317	log_assert(0);
	318	return 0;
	319	}
	320

+39

-40

testcode/unitmain.c less more

88	88	static void
89	89	net_test()
90	90	{
91		char* t4[] = {"\000\000\000\000",
	91	const char* t4[] = {"\000\000\000\000",
92	92	"\200\000\000\000",
93	93	"\300\000\000\000",
94	94	"\340\000\000\000",

288	288	rtt_init(&r);
289	289	/* initial value sensible */
290	290	unit_assert( rtt_timeout(&r) == init );
291		rtt_lost(&r);
	291	rtt_lost(&r, init);
292	292	unit_assert( rtt_timeout(&r) == init*2 );
293		rtt_lost(&r);
	293	rtt_lost(&r, init*2);
294	294	unit_assert( rtt_timeout(&r) == init*4 );
295	295	rtt_update(&r, 4000);
296	296	unit_assert( rtt_timeout(&r) >= 2000 );
297		rtt_lost(&r);
	297	rtt_lost(&r, rtt_timeout(&r) );
298	298	for(i=0; i<100; i++) {
299		rtt_lost(&r);
	299	rtt_lost(&r, rtt_timeout(&r) );
300	300	unit_assert( rtt_timeout(&r) > RTT_MIN_TIMEOUT-1);
301	301	unit_assert( rtt_timeout(&r) < RTT_MAX_TIMEOUT+1);
302	302	}

308	308	static void
309	309	infra_test()
310	310	{
311		int one = 1;
	311	struct sockaddr_storage one;
	312	socklen_t onelen;
312	313	uint8_t* zone = (uint8_t*)"\007example\003com\000";
313	314	size_t zonelen = 13;
314	315	struct infra_cache* slab;
315	316	struct config_file* cfg = config_create();
316	317	uint32_t now = 0;
	318	uint8_t edns_lame;
317	319	int vs, to;
318	320	struct infra_host_key* k;
319	321	struct infra_host_data* d;
320	322	int init = 376;
321		int dlame, alame, olame;
	323	int dlame, rlame, alame, olame;
	324
	325	unit_assert(ipstrtoaddr("127.0.0.1", 53, &one, &onelen));
322	326
323	327	slab = infra_create(cfg);
324	328	unit_assert( infra_host(slab, (struct sockaddr_storage*)&one,
325		(socklen_t)sizeof(int), now, &vs, &to) );
326		unit_assert( vs == 0 && to == init );
327
328		unit_assert( infra_rtt_update(slab, (struct sockaddr_storage*)&one,
329		(socklen_t)sizeof(int), -1, now) );
330		unit_assert( infra_host(slab, (struct sockaddr_storage*)&one,
331		(socklen_t)sizeof(int), now, &vs, &to) );
332		unit_assert( vs == 0 && to == init*2 );
333
334		unit_assert( infra_edns_update(slab, (struct sockaddr_storage*)&one,
335		(socklen_t)sizeof(int), -1, now) );
336		unit_assert( infra_host(slab, (struct sockaddr_storage*)&one,
337		(socklen_t)sizeof(int), now, &vs, &to) );
338		unit_assert( vs == -1 && to == init*2 );
	329	(socklen_t)sizeof(int), now, &vs, &edns_lame, &to) );
	330	unit_assert( vs == 0 && to == init && edns_lame == 0 );
	331
	332	unit_assert( infra_rtt_update(slab, &one, onelen, -1, init, now) );
	333	unit_assert( infra_host(slab, &one, onelen,
	334	now, &vs, &edns_lame, &to) );
	335	unit_assert( vs == 0 && to == init*2 && edns_lame == 0 );
	336
	337	unit_assert( infra_edns_update(slab, &one, onelen, -1, now) );
	338	unit_assert( infra_host(slab, &one, onelen,
	339	now, &vs, &edns_lame, &to) );
	340	unit_assert( vs == -1 && to == init*2 && edns_lame == 1);
339	341
340	342	now += cfg->host_ttl + 10;
341		unit_assert( infra_host(slab, (struct sockaddr_storage*)&one,
342		(socklen_t)sizeof(int), now, &vs, &to) );
343		unit_assert( vs == 0 && to == init );
	343	unit_assert( infra_host(slab, &one, onelen,
	344	now, &vs, &edns_lame, &to) );
	345	unit_assert( vs == 0 && to == init && edns_lame == 0 );
344	346
345		unit_assert( infra_set_lame(slab, (struct sockaddr_storage*)&one,
346		(socklen_t)sizeof(int), zone, zonelen, now, 0,
347		LDNS_RR_TYPE_A) );
348		unit_assert( (d=infra_lookup_host(slab, (struct sockaddr_storage*)&one,
349		(socklen_t)sizeof(int), 0, now, &k)) );
	347	unit_assert( infra_set_lame(slab, &one, onelen,
	348	zone, zonelen, now, 0, 0, LDNS_RR_TYPE_A) );
	349	unit_assert( (d=infra_lookup_host(slab, &one, onelen, 0, now, &k)) );
350	350	unit_assert( d->ttl == now+cfg->host_ttl );
351	351	unit_assert( d->edns_version == 0 );
352	352	unit_assert( infra_lookup_lame(d, zone, zonelen, now,
353		&dlame, &alame, &olame) );
354		unit_assert(!dlame && alame && !olame);
	353	&dlame, &rlame, &alame, &olame) );
	354	unit_assert(!dlame && !rlame && alame && !olame);
355	355	unit_assert( !infra_lookup_lame(d, zone, zonelen,
356		now+cfg->lame_ttl+10, &dlame, &alame, &olame) );
	356	now+cfg->lame_ttl+10, &dlame, &rlame, &alame, &olame) );
357	357	unit_assert( !infra_lookup_lame(d, (uint8_t*)"\000", 1, now,
358		&dlame, &alame, &olame) );
	358	&dlame, &rlame, &alame, &olame) );
359	359	lock_rw_unlock(&k->entry.lock);
360	360
361	361	/* test merge of data */
362		unit_assert( infra_set_lame(slab, (struct sockaddr_storage*)&one,
363		(socklen_t)sizeof(int), zone, zonelen, now, 0,
364		LDNS_RR_TYPE_AAAA) );
365		unit_assert( (d=infra_lookup_host(slab, (struct sockaddr_storage*)&one,
366		(socklen_t)sizeof(int), 0, now, &k)) );
	362	unit_assert( infra_set_lame(slab, &one, onelen,
	363	zone, zonelen, now, 0, 0, LDNS_RR_TYPE_AAAA) );
	364	unit_assert( (d=infra_lookup_host(slab, &one, onelen, 0, now, &k)) );
367	365	unit_assert( infra_lookup_lame(d, zone, zonelen, now,
368		&dlame, &alame, &olame) );
369		unit_assert(!dlame && alame && olame);
	366	&dlame, &rlame, &alame, &olame) );
	367	unit_assert(!dlame && !rlame && alame && olame);
370	368	lock_rw_unlock(&k->entry.lock);
371	369
372	370	infra_delete(slab);

411	409	printf("Start of %s unit test.\n", PACKAGE_STRING);
412	410	ERR_load_crypto_strings();
413	411	checklock_start();
	412	neg_test();
414	413	rnd_test();
415	414	verify_test();
416	415	net_test();

+2

-0

testcode/unitmain.h less more

62	62	void anchors_test();
63	63	/** unit test for verification functions */
64	64	void verify_test();
	65	/** unit test for negative cache functions */
	66	void neg_test();
65	67
66	68	#endif /* TESTCODE_UNITMAIN_H */

+541

-0

testcode/unitneg.c less more

	0	/*
	1	* testcode/unitneg.c - unit test for negative cache routines.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*
	34	*/
	35	/**
	36	* \file
	37	* Calls negative cache unit tests. Exits with code 1 on a failure.
	38	*/
	39
	40	#include "config.h"
	41	#include "util/log.h"
	42	#include "util/net_help.h"
	43	#include "util/data/packed_rrset.h"
	44	#include "util/data/dname.h"
	45	#include "testcode/unitmain.h"
	46	#include "validator/val_neg.h"
	47
	48	/** verbose unit test for negative cache */
	49	static int negverbose = 0;
	50
	51	/** debug printout of neg cache */
	52	static void print_neg_cache(struct val_neg_cache* neg)
	53	{
	54	char buf[1024];
	55	struct val_neg_zone* z;
	56	struct val_neg_data* d;
	57	printf("neg_cache print\n");
	58	printf("memuse %d of %d\n", (int)neg->use, (int)neg->max);
	59	printf("maxiter %d\n", (int)neg->nsec3_max_iter);
	60	printf("%d zones\n", (int)neg->tree.count);
	61	RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) {
	62	dname_str(z->name, buf);
	63	printf("%24s", buf);
	64	printf(" len=%2.2d labs=%d inuse=%d count=%d tree.count=%d\n",
	65	(int)z->len, z->labs, (int)z->in_use, z->count,
	66	(int)z->tree.count);
	67	}
	68	RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) {
	69	printf("\n");
	70	dname_print(stdout, NULL, z->name);
	71	printf(" zone details\n");
	72	printf("len=%2.2d labs=%d inuse=%d count=%d tree.count=%d\n",
	73	(int)z->len, z->labs, (int)z->in_use, z->count,
	74	(int)z->tree.count);
	75	if(z->parent) {
	76	printf("parent=");
	77	dname_print(stdout, NULL, z->parent->name);
	78	printf("\n");
	79	} else {
	80	printf("parent=NULL\n");
	81	}
	82
	83	RBTREE_FOR(d, struct val_neg_data*, &z->tree) {
	84	dname_str(d->name, buf);
	85	printf("%24s", buf);
	86	printf(" len=%2.2d labs=%d inuse=%d count=%d\n",
	87	(int)d->len, d->labs, (int)d->in_use, d->count);
	88	}
	89	}
	90	}
	91
	92	/** get static pointer to random zone name */
	93	static char* get_random_zone()
	94	{
	95	static char zname[256];
	96	int labels = random() % 3;
	97	int i;
	98	char* p = zname;
	99	int labnum;
	100
	101	for(i=0; i<labels; i++) {
	102	labnum = random()%10;
	103	snprintf(p, 256-(p-zname), "\003%3.3d", labnum);
	104	p+=4;
	105	}
	106	snprintf(p, 256-(p-zname), "\007example\003com");
	107	return zname;
	108	}
	109
	110	/** get static pointer to random data names from and to */
	111	static void get_random_data(char fromp, char top, char* zname)
	112	{
	113	static char buf1[256], buf2[256];
	114	int type;
	115	int lab1, lab2;
	116	int labnum1[10], labnum2[10];
	117	int i;
	118	char* p;
	119
	120	*fromp = buf1;
	121	*top = buf2;
	122	type = random()%10;
	123
	124	if(type == 0) {
	125	/* ENT */
	126	lab1 = random() %3 + 1;
	127	lab2 = lab1 + random()%3 + 1;
	128	for(i=0; i<lab1; i++) {
	129	labnum1[i] = random()%100;
	130	labnum2[i] = labnum1[i];
	131	}
	132	for(i=lab1; i<lab2; i++) {
	133	labnum2[i] = random()%100;
	134	}
	135	} else if(type == 1) {
	136	/* end of zone */
	137	lab2 = 0;
	138	lab1 = random()%3 + 1;
	139	for(i=0; i<lab1; i++) {
	140	labnum1[i] = random()%100;
	141	}
	142	} else if(type == 2) {
	143	/* start of zone */
	144	lab1 = 0;
	145	lab2 = random()%3 + 1;
	146	for(i=0; i<lab2; i++) {
	147	labnum2[i] = random()%100;
	148	}
	149	} else {
	150	/* normal item */
	151	int common = random()%3;
	152	lab1 = random() %3 + 1;
	153	lab2 = random() %3 + 1;
	154	for(i=0; i<common; i++) {
	155	labnum1[i] = random()%100;
	156	labnum2[i] = labnum1[i];
	157	}
	158	labnum1[common] = random()%100;
	159	labnum2[common] = labnum1[common] + random()%20;
	160	for(i=common; i<lab1; i++)
	161	labnum1[i] = random()%100;
	162	for(i=common; i<lab2; i++)
	163	labnum2[i] = random()%100;
	164	}
	165
	166	/* construct first */
	167	p = buf1;
	168	for(i=0; i<lab1; i++) {
	169	snprintf(p, 256-(p-buf1), "\003%3.3d", labnum1[i]);
	170	p+=4;
	171	}
	172	snprintf(p, 256-(p-buf1), "%s", zname);
	173
	174	/* construct 2nd */
	175	p = buf2+2;
	176	for(i=0; i<lab2; i++) {
	177	snprintf(p, 256-(p-buf2)-3, "\003%3.3d", labnum2[i]);
	178	p+=4;
	179	}
	180	snprintf(p, 256-(p-buf2)-3, "%s", zname);
	181	buf2[0] = (char)(strlen(buf2+2)+1);
	182	buf2[1] = 0;
	183
	184	if(negverbose) {
	185	log_nametypeclass(0, "add from", (uint8_t*)buf1, 0, 0);
	186	log_nametypeclass(0, "add to ", (uint8_t*)buf2+2, 0, 0);
	187	}
	188	}
	189
	190	/** add a random item */
	191	static void add_item(struct val_neg_cache* neg)
	192	{
	193	struct val_neg_zone* z;
	194	struct packed_rrset_data rd;
	195	struct ub_packed_rrset_key nsec;
	196	size_t rr_len;
	197	uint32_t rr_ttl;
	198	uint8_t* rr_data;
	199	char* zname = get_random_zone();
	200	char* from, *to;
	201
	202	lock_basic_lock(&neg->lock);
	203	if(negverbose)
	204	log_nametypeclass(0, "add to zone", (uint8_t*)zname, 0, 0);
	205	z = neg_find_zone(neg, (uint8_t*)zname, strlen(zname)+1,
	206	LDNS_RR_CLASS_IN);
	207	if(!z) {
	208	z = neg_create_zone(neg, (uint8_t*)zname, strlen(zname)+1,
	209	LDNS_RR_CLASS_IN);
	210	}
	211	unit_assert(z);
	212	val_neg_zone_take_inuse(z);
	213
	214	/* construct random NSEC item */
	215	get_random_data(&from, &to, zname);
	216
	217	/* create nsec and insert it */
	218	memset(&rd, 0, sizeof(rd));
	219	memset(&nsec, 0, sizeof(nsec));
	220	nsec.rk.dname = (uint8_t*)from;
	221	nsec.rk.dname_len = strlen(from)+1;
	222	nsec.rk.type = htons(LDNS_RR_TYPE_NSEC);
	223	nsec.rk.rrset_class = htons(LDNS_RR_CLASS_IN);
	224	nsec.entry.data = &rd;
	225	rd.security = sec_status_secure;
	226	rd.count = 1;
	227	rd.rr_len = &rr_len;
	228	rr_len = 19;
	229	rd.rr_ttl = &rr_ttl;
	230	rr_ttl = 0;
	231	rd.rr_data = &rr_data;
	232	rr_data = (uint8_t*)to;
	233
	234	neg_insert_data(neg, z, &nsec);
	235	lock_basic_unlock(&neg->lock);
	236	}
	237
	238	/** remove a random item */
	239	static void remove_item(struct val_neg_cache* neg)
	240	{
	241	int n, i;
	242	struct val_neg_data* d;
	243	rbnode_t* walk;
	244	struct val_neg_zone* z;
	245
	246	lock_basic_lock(&neg->lock);
	247	if(neg->tree.count == 0) {
	248	lock_basic_unlock(&neg->lock);
	249	return; /* nothing to delete */
	250	}
	251
	252	/* pick a random zone */
	253	walk = rbtree_first(&neg->tree); /* first highest parent, big count */
	254	z = (struct val_neg_zone*)walk;
	255	n = random() % (int)(z->count);
	256	if(negverbose)
	257	printf("neg stress delete zone %d\n", n);
	258	i=0;
	259	walk = rbtree_first(&neg->tree);
	260	z = (struct val_neg_zone*)walk;
	261	while(i!=n+1 && walk && walk != RBTREE_NULL && !z->in_use) {
	262	walk = rbtree_next(walk);
	263	z = (struct val_neg_zone*)walk;
	264	if(z->in_use)
	265	i++;
	266	}
	267	if(!walk \|\| walk == RBTREE_NULL) {
	268	lock_basic_unlock(&neg->lock);
	269	return;
	270	}
	271	if(!z->in_use) {
	272	lock_basic_unlock(&neg->lock);
	273	return;
	274	}
	275	if(negverbose)
	276	log_nametypeclass(0, "delete zone", z->name, 0, 0);
	277
	278	/* pick a random nsec item. - that is in use */
	279	walk = rbtree_first(&z->tree); /* first is highest parent */
	280	d = (struct val_neg_data*)walk;
	281	n = random() % (int)(d->count);
	282	if(negverbose)
	283	printf("neg stress delete item %d\n", n);
	284	i=0;
	285	walk = rbtree_first(&z->tree);
	286	d = (struct val_neg_data*)walk;
	287	while(i!=n+1 && walk && walk != RBTREE_NULL && !d->in_use) {
	288	walk = rbtree_next(walk);
	289	d = (struct val_neg_data*)walk;
	290	if(d->in_use)
	291	i++;
	292	}
	293	if(!walk \|\| walk == RBTREE_NULL) {
	294	lock_basic_unlock(&neg->lock);
	295	return;
	296	}
	297	if(d->in_use) {
	298	if(negverbose)
	299	log_nametypeclass(0, "neg delete item:", d->name, 0, 0);
	300	neg_delete_data(neg, d);
	301	}
	302	lock_basic_unlock(&neg->lock);
	303	}
	304
	305	/** sum up the zone trees */
	306	static size_t sumtrees_all(struct val_neg_cache* neg)
	307	{
	308	size_t res = 0;
	309	struct val_neg_zone* z;
	310	RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) {
	311	res += z->tree.count;
	312	}
	313	return res;
	314	}
	315
	316	/** sum up the zone trees, in_use only */
	317	static size_t sumtrees_inuse(struct val_neg_cache* neg)
	318	{
	319	size_t res = 0;
	320	struct val_neg_zone* z;
	321	struct val_neg_data* d;
	322	RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) {
	323	/* get count of highest parent for num in use */
	324	d = (struct val_neg_data*)rbtree_first(&z->tree);
	325	if(d && (rbnode_t*)d!=RBTREE_NULL)
	326	res += d->count;
	327	}
	328	return res;
	329	}
	330
	331	/** check if lru is still valid */
	332	static void check_lru(struct val_neg_cache* neg)
	333	{
	334	struct val_neg_data* p, *np;
	335	size_t num = 0;
	336	size_t inuse;
	337	p = neg->first;
	338	while(p) {
	339	if(!p->prev) {
	340	unit_assert(neg->first == p);
	341	}
	342	np = p->next;
	343	if(np) {
	344	unit_assert(np->prev == p);
	345	} else {
	346	unit_assert(neg->last == p);
	347	}
	348	num++;
	349	p = np;
	350	}
	351	inuse = sumtrees_inuse(neg);
	352	if(negverbose)
	353	printf("num lru %d, inuse %d, all %d\n",
	354	(int)num, (int)sumtrees_inuse(neg),
	355	(int)sumtrees_all(neg));
	356	unit_assert( num == inuse);
	357	unit_assert( inuse <= sumtrees_all(neg));
	358	}
	359
	360	/** sum up number of items inuse in subtree */
	361	static int sum_subtree_inuse(struct val_neg_zone* zone,
	362	struct val_neg_data* data)
	363	{
	364	struct val_neg_data* d;
	365	int num = 0;
	366	RBTREE_FOR(d, struct val_neg_data*, &zone->tree) {
	367	if(dname_subdomain_c(d->name, data->name)) {
	368	if(d->in_use)
	369	num++;
	370	}
	371	}
	372	return num;
	373	}
	374
	375	/** sum up number of items inuse in subtree */
	376	static int sum_zone_subtree_inuse(struct val_neg_cache* neg,
	377	struct val_neg_zone* zone)
	378	{
	379	struct val_neg_zone* z;
	380	int num = 0;
	381	RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) {
	382	if(dname_subdomain_c(z->name, zone->name)) {
	383	if(z->in_use)
	384	num++;
	385	}
	386	}
	387	return num;
	388	}
	389
	390	/** check point in data tree */
	391	static void check_data(struct val_neg_zone* zone, struct val_neg_data* data)
	392	{
	393	unit_assert(data->count > 0);
	394	if(data->parent) {
	395	unit_assert(data->parent->count >= data->count);
	396	if(data->parent->in_use) {
	397	unit_assert(data->parent->count > data->count);
	398	}
	399	unit_assert(data->parent->labs == data->labs-1);
	400	/* and parent must be one label shorter */
	401	unit_assert(data->name[0] == (data->len-data->parent->len-1));
	402	unit_assert(query_dname_compare(data->name + data->name[0]+1,
	403	data->parent->name) == 0);
	404	} else {
	405	/* must be apex */
	406	unit_assert(dname_is_root(data->name));
	407	}
	408	/* tree property: */
	409	unit_assert(data->count == sum_subtree_inuse(zone, data));
	410	}
	411
	412	/** check if tree of data in zone is valid */
	413	static void checkzonetree(struct val_neg_zone* zone)
	414	{
	415	struct val_neg_data* d;
	416
	417	/* check all data in tree */
	418	RBTREE_FOR(d, struct val_neg_data*, &zone->tree) {
	419	check_data(zone, d);
	420	}
	421	}
	422
	423	/** check if negative cache is still valid */
	424	static void check_zone_invariants(struct val_neg_cache* neg,
	425	struct val_neg_zone* zone)
	426	{
	427	unit_assert(zone->nsec3_hash == 0);
	428	unit_assert(zone->tree.cmp == &val_neg_data_compare);
	429	unit_assert(zone->count != 0);
	430
	431	if(zone->tree.count == 0)
	432	unit_assert(!zone->in_use);
	433	else {
	434	if(!zone->in_use) {
	435	/* details on error */
	436	log_nametypeclass(0, "zone", zone->name, 0, 0);
	437	log_err("inuse %d count=%d tree.count=%d",
	438	zone->in_use, zone->count,
	439	(int)zone->tree.count);
	440	if(negverbose)
	441	print_neg_cache(neg);
	442	}
	443	unit_assert(zone->in_use);
	444	}
	445
	446	if(zone->parent) {
	447	unit_assert(zone->parent->count >= zone->count);
	448	if(zone->parent->in_use) {
	449	unit_assert(zone->parent->count > zone->count);
	450	}
	451	unit_assert(zone->parent->labs == zone->labs-1);
	452	/* and parent must be one label shorter */
	453	unit_assert(zone->name[0] == (zone->len-zone->parent->len-1));
	454	unit_assert(query_dname_compare(zone->name + zone->name[0]+1,
	455	zone->parent->name) == 0);
	456	} else {
	457	/* must be apex */
	458	unit_assert(dname_is_root(zone->name));
	459	}
	460	/* tree property: */
	461	unit_assert(zone->count == sum_zone_subtree_inuse(neg, zone));
	462
	463	/* check structure of zone data tree */
	464	checkzonetree(zone);
	465	}
	466
	467	/** check if negative cache is still valid */
	468	static void check_neg_invariants(struct val_neg_cache* neg)
	469	{
	470	struct val_neg_zone* z;
	471	/* check structure of LRU list */
	472	lock_basic_lock(&neg->lock);
	473	check_lru(neg);
	474	unit_assert(neg->max == 1024*1024);
	475	unit_assert(neg->nsec3_max_iter == 1500);
	476	unit_assert(neg->tree.cmp == &val_neg_zone_compare);
	477
	478	if(neg->tree.count == 0) {
	479	/* empty */
	480	unit_assert(neg->tree.count == 0);
	481	unit_assert(neg->first == NULL);
	482	unit_assert(neg->last == NULL);
	483	unit_assert(neg->use == 0);
	484	lock_basic_unlock(&neg->lock);
	485	return;
	486	}
	487
	488	unit_assert(neg->first != NULL);
	489	unit_assert(neg->last != NULL);
	490
	491	RBTREE_FOR(z, struct val_neg_zone*, &neg->tree) {
	492	check_zone_invariants(neg, z);
	493	}
	494	lock_basic_unlock(&neg->lock);
	495	}
	496
	497	/** perform stress test on insert and delete in neg cache */
	498	static void stress_test(struct val_neg_cache* neg)
	499	{
	500	int i;
	501	if(negverbose)
	502	printf("negcache test\n");
	503	for(i=0; i<100; i++) {
	504	if(random() % 10 < 8)
	505	add_item(neg);
	506	else remove_item(neg);
	507	check_neg_invariants(neg);
	508	}
	509	/* empty it */
	510	if(negverbose)
	511	printf("neg stress empty\n");
	512	while(neg->first) {
	513	remove_item(neg);
	514	check_neg_invariants(neg);
	515	}
	516	if(negverbose)
	517	printf("neg stress emptied\n");
	518	unit_assert(neg->first == NULL);
	519	/* insert again */
	520	for(i=0; i<100; i++) {
	521	if(random() % 10 < 8)
	522	add_item(neg);
	523	else remove_item(neg);
	524	check_neg_invariants(neg);
	525	}
	526	}
	527
	528	void neg_test()
	529	{
	530	struct val_neg_cache* neg;
	531	srandom(48);
	532
	533	/* create with defaults */
	534	neg = val_neg_create(NULL, 1500);
	535	unit_assert(neg);
	536
	537	stress_test(neg);
	538
	539	neg_cache_delete(neg);
	540	}

+18

-4

testcode/unitverify.c less more

133	133
134	134	/** return true if answer should be bogus */
135	135	static int
136		should_be_bogus(struct ub_packed_rrset_key* rrset)
	136	should_be_bogus(struct ub_packed_rrset_key* rrset, struct query_info* qinfo)
137	137	{
138	138	struct packed_rrset_data* d = (struct packed_rrset_data*)rrset->
139	139	entry.data;
140	140	if(d->rrsig_count == 0)
141	141	return 1;
	142	/* name 'bogus' as first label signals bogus */
	143	if(rrset->rk.dname_len > 6 && memcmp(rrset->rk.dname+1, "bogus", 5)==0)
	144	return 1;
	145	if(qinfo->qname_len > 6 && memcmp(qinfo->qname+1, "bogus", 5)==0)
	146	return 1;
142	147	return 0;
143	148	}
144	149
145	150	/** verify and test one rrset against the key rrset */
146	151	static void
147	152	verifytest_rrset(struct module_env* env, struct val_env* ve,
148		struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey)
	153	struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
	154	struct query_info* qinfo)
149	155	{
150	156	enum sec_status sec;
151	157	if(vsig) {

157	163	if(vsig) {
158	164	printf("verify outcome is: %s\n", sec_status_to_string(sec));
159	165	}
160		if(should_be_bogus(rrset)) {
	166	if(should_be_bogus(rrset, qinfo)) {
161	167	unit_assert(sec == sec_status_bogus);
162	168	} else {
163	169	unit_assert(sec == sec_status_secure);

184	190	entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep);
185	191
186	192	for(i=0; i<rep->rrset_count; i++) {
187		verifytest_rrset(env, ve, rep->rrsets[i], dnskey);
	193	verifytest_rrset(env, ve, rep->rrsets[i], dnskey, &qinfo);
188	194	}
189	195
190	196	reply_info_parsedelete(rep, alloc);

467	473	verifytest_file("testdata/test_signatures.6", "20080416005004");
468	474	verifytest_file("testdata/test_signatures.7", "20070829144150");
469	475	verifytest_file("testdata/test_signatures.8", "20070829144150");
	476	#ifdef HAVE_EVP_SHA256
	477	verifytest_file("testdata/test_signatures.9", "20070829144150");
	478	verifytest_file("testdata/test_signatures.11", "20070829144150");
	479	#endif
	480	#ifdef HAVE_EVP_SHA512
	481	verifytest_file("testdata/test_signatures.10", "20070829144150");
	482	#endif
	483	verifytest_file("testdata/test_signatures.12", "20090107100022");
470	484	dstest_file("testdata/test_ds_sig.1");
471	485	nsectest();
472	486	nsec3_hash_test("testdata/test_nsec3_hash.1");

testdata/03-testbound.tpkg less more

Binary diff not shown

testdata/06-ianaports.tpkg less more

Binary diff not shown

testdata/07-confroot.tpkg less more

Binary diff not shown

testdata/08-host-lib.tpkg less more

Binary diff not shown

testdata/09-unbound-control.tpkg less more

Binary diff not shown

+1

-0

testdata/Kexample.com.+008+01443.ds less more

0

example.com. 3600 IN DS 1443 8 1 54f8ccd08089fd8b7c1b51d487eadf1c527dece4 ; xihaz-mufit-bybem-nezam-ryzuc-rugyt-gucyv-pulec-sygyl-tiriv-goxox

+1

-0

testdata/Kexample.com.+008+01443.key less more

0

example.com. 3600 IN DNSKEY 256 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1443 (zsk), size = 1024b}

+10

-0

testdata/Kexample.com.+008+01443.private less more

	0	Private-key-format: v1.2
	1	Algorithm: 8 (RSASHA256)
	2	Modulus: t31aqPMTY/KfPbU4bl2hJ/2EXMyvl2HPPbBpne9Nr7SjmvsCNMCqYDXIf8Hf5oAyKFSbm5xlJ9Wqjv6Q5pETzIWP1qK86YDWfX4kt68mr+jK9DKPFA3ZBvz0vJo1RPmgpkiIv67LKE1bcoNHdJJtD8YHBA0MdVxmL4kNHdELSvs=
	3	PublicExponent: AQAB
	4	PrivateExponent: azCanqnpgPDCX90Wyzp9I4xxH3kfdrLXyzTcbjvWyTcggC/0WPbYUP36U8/hSZlIM9FBWgVh/oROb9x8r4S+6DT5k3tdhI303AL6bC8x1PBCzHjXBmYa9JvPKx/7a1hpSVOw9iJJh0Y4IclrfA8Ssdqxkj5QdNvR1CqDYTvIH/E=
	5	Prime1: 4yIEKoY9ew1mX7+MUA8T1sGp64VzTiFpnn/8eomwdYVEsX6Sg563qLEn6IuORxrqCz8Ae3qfgVkT0J96ArURsw==
	6	Prime2: zs9dU2j2jlToxIXtKu+YeO7QCKd1gVP6beI9IxjMYm21opsVvJ/xMlHu9aocGuCgvfmFyu/ShhsF/IPlFkvtmQ==
	7	Exponent1: EAy8TKD1wTc+L6/iY1ndZgSDVFA2yKOVygxzM9l87aEALKasBb72bWYvUsBhymZ9eVP3XcJZeRNpUgmi3oQa/w==
	8	Exponent2: nukr9wmyWo/YBBo8sT9F07b9V4kFe4jB52luPOezNPbEGNw+CaCEv3vBuDcsPWLZYOC488Tv6WgeY3gdsdJKEQ==
	9	Coefficient: Fr7ARq2yRTv8+1ZAAwv2gbDa92RZxdZzj9hpC+/64kjCxq5//2haIhU/wtgDbBlr99Uk90cXf6F8AeaqCYgjLQ==

+1

-0

testdata/Kexample.com.+010+18320.ds less more

0

example.com. 3600 IN DS 18320 10 1 c75d2cba6104e3962f93f326b1cbbee877e22f2d ; xucoh-torir-pamyb-gomon-kyrun-fased-kuses-rizuv-motov-dered-texyx

+1

-0

testdata/Kexample.com.+010+18320.key less more

0

example.com. 3600 IN DNSKEY 256 3 10 AwEAAb3HJP1WF0wWvk9VqqZ2+xTpURPSwyiZcNRlO/hAXJisMA4/ZN2Kf0aNGewVDa6IhT8ehww5FBvVJm3R1KW/hqO+H3WzvCBpVDv1JdDqZvHMGiqEd2lCfKz4+fxuJ+HeUJBZlTz6pm9Rlqevry5uB7sKpgddDe2fK9CFCr7M1BzX ;{id = 18320 (zsk), size = 1024b}

+10

-0

testdata/Kexample.com.+010+18320.private less more

	0	Private-key-format: v1.2
	1	Algorithm: 10 (RSASHA512)
	2	Modulus: vcck/VYXTBa+T1Wqpnb7FOlRE9LDKJlw1GU7+EBcmKwwDj9k3Yp/Ro0Z7BUNroiFPx6HDDkUG9UmbdHUpb+Go74fdbO8IGlUO/Ul0Opm8cwaKoR3aUJ8rPj5/G4n4d5QkFmVPPqmb1GWp6+vLm4HuwqmB10N7Z8r0IUKvszUHNc=
	3	PublicExponent: AQAB
	4	PrivateExponent: i12zzFdsxHPvTlOa/qRhvvmYkPY2W5pTQacWYzjgxz2sDMqBSDBtR2JXpwfPBF09fRzuEAvauJXPotZ1U0NTm6erHSB7KaJN0GZRwNVty8MCoKjr3gDR1b82rEUexr3cTfq6+7ij8GZvhEY7vGNGKYyrj5t+wwZP9D/XB2okwAE=
	5	Prime1: 6lwq8K9nQC2Sxu2Vhp4a/q0cCEAk57GWdegBJW5btVYz1v87mgvR3x/tAXVgQhpwUk3U9L6wSR1z8HhEfEbp+Q==
	6	Prime2: z00jjSIdxRyE0XE3GKST0cZmFVc67Ov9OtV+tfFKbutR1ZokKqX4oEBf12rQDJgeBjCOoBAZOVwB8XLHlcNxTw==
	7	Exponent1: yOgWT5quks/+wdYulua3EZhpLZF/kbgl2hH32ZTPvZaWfjrzZ022ruZ5kQSEbman34alhuJp0WQUXhNb8oYAUQ==
	8	Exponent2: ewXvXDlr62diVx1WMjSxWOPh/zY2TRY7wOeke/tHTg4vEZGZdwnqQ8gQWLoV3/OCle/JJKqJHaZBrPWOBo3nNw==
	9	Coefficient: sMfUpptJTxBdhqgUVbunh6xtTpZWQ+tyR2DeLom2enXAFqiMBbhjgFA7CptPpsQFqkghdRvnz1JG2QYKLuWbbw==

+275

-0

testdata/dlv_anchor.rpl less more

	0	; config options
	1	; The island of trust is at example.com (the DLV repository)
	2	server:
	3	dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with DLV anchor
	13	; positive response for DLV.
	14
	15	; K.ROOT-SERVERS.NET.
	16	RANGE_BEGIN 0 100
	17	ADDRESS 193.0.14.129
	18	ENTRY_BEGIN
	19	MATCH opcode qtype qname
	20	ADJUST copy_id
	21	REPLY QR NOERROR
	22	SECTION QUESTION
	23	. IN NS
	24	SECTION ANSWER
	25	. IN NS K.ROOT-SERVERS.NET.
	26	SECTION ADDITIONAL
	27	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	28	ENTRY_END
	29
	30	ENTRY_BEGIN
	31	MATCH opcode subdomain
	32	ADJUST copy_id copy_query
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	com. IN A
	36	SECTION AUTHORITY
	37	com. IN NS a.gtld-servers.net.
	38	SECTION ADDITIONAL
	39	a.gtld-servers.net. IN A 192.5.6.30
	40	ENTRY_END
	41
	42	ENTRY_BEGIN
	43	MATCH opcode subdomain
	44	ADJUST copy_id copy_query
	45	REPLY QR NOERROR
	46	SECTION QUESTION
	47	net. IN A
	48	SECTION AUTHORITY
	49	net. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53	RANGE_END
	54
	55	; a.gtld-servers.net.
	56	RANGE_BEGIN 0 100
	57	ADDRESS 192.5.6.30
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode subdomain
	84	ADJUST copy_id copy_query
	85	REPLY QR NOERROR
	86	SECTION QUESTION
	87	example.com. IN A
	88	SECTION AUTHORITY
	89	example.com. IN NS ns.example.com.
	90	SECTION ADDITIONAL
	91	ns.example.com. IN A 1.2.3.4
	92	ENTRY_END
	93
	94	ENTRY_BEGIN
	95	MATCH opcode subdomain
	96	ADJUST copy_id copy_query
	97	REPLY QR NOERROR
	98	SECTION QUESTION
	99	example.net. IN A
	100	SECTION AUTHORITY
	101	example.net. IN NS ns.example.net.
	102	SECTION ADDITIONAL
	103	ns.example.net. IN A 1.2.3.5
	104	ENTRY_END
	105	RANGE_END
	106
	107	; ns.example.com.
	108	RANGE_BEGIN 0 100
	109	ADDRESS 1.2.3.4
	110	ENTRY_BEGIN
	111	MATCH opcode qtype qname
	112	ADJUST copy_id
	113	REPLY QR NOERROR
	114	SECTION QUESTION
	115	example.com. IN NS
	116	SECTION ANSWER
	117	example.com. IN NS ns.example.com.
	118	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	119	SECTION ADDITIONAL
	120	ns.example.com. IN A 1.2.3.4
	121	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	122	ENTRY_END
	123
	124	; response to DNSKEY priming query
	125	ENTRY_BEGIN
	126	MATCH opcode qtype qname
	127	ADJUST copy_id
	128	REPLY QR NOERROR
	129	SECTION QUESTION
	130	example.com. IN DNSKEY
	131	SECTION ANSWER
	132	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	133	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	134	SECTION AUTHORITY
	135	example.com. IN NS ns.example.com.
	136	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	137	SECTION ADDITIONAL
	138	ns.example.com. IN A 1.2.3.4
	139	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	140	ENTRY_END
	141
	142	; DLV query
	143	ENTRY_BEGIN
	144	MATCH opcode qtype qname
	145	ADJUST copy_id
	146	REPLY QR NOERROR
	147	SECTION QUESTION
	148	example.net.example.com. IN DLV
	149	SECTION ANSWER
	150	example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	151	example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854}
	152	SECTION AUTHORITY
	153	example.com. IN NS ns.example.com.
	154	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	155	SECTION ADDITIONAL
	156	ns.example.com. IN A 1.2.3.4
	157	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	158	ENTRY_END
	159
	160	ENTRY_BEGIN
	161	MATCH opcode qtype qname
	162	ADJUST copy_id
	163	REPLY QR NOERROR
	164	SECTION QUESTION
	165	net.example.com. IN DLV
	166	SECTION ANSWER
	167	SECTION AUTHORITY
	168	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	169	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	170	example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
	171	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
	172	ENTRY_END
	173
	174	ENTRY_BEGIN
	175	MATCH opcode qtype qname
	176	ADJUST copy_id
	177	REPLY QR NXDOMAIN
	178	SECTION QUESTION
	179	com.example.com. IN DLV
	180	SECTION ANSWER
	181	SECTION AUTHORITY
	182	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	183	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	184	example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
	185	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
	186	ENTRY_END
	187
	188	RANGE_END
	189
	190	; ns.example.net.
	191	RANGE_BEGIN 0 100
	192	ADDRESS 1.2.3.5
	193	; DS RR is
	194	; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	195	; DNSKEY prime query
	196	ENTRY_BEGIN
	197	MATCH opcode qtype qname
	198	ADJUST copy_id
	199	REPLY QR NOERROR
	200	SECTION QUESTION
	201	example.net. IN DNSKEY
	202	SECTION ANSWER
	203	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	204	example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
	205	SECTION AUTHORITY
	206	example.net. IN NS ns.example.net.
	207	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	208	SECTION ADDITIONAL
	209	ns.example.net. IN A 1.2.3.5
	210	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	211	ENTRY_END
	212
	213	; NS query
	214	ENTRY_BEGIN
	215	MATCH opcode qtype qname
	216	ADJUST copy_id
	217	REPLY QR NOERROR
	218	SECTION QUESTION
	219	example.net. IN NS
	220	SECTION ANSWER
	221	example.net. IN NS ns.example.net.
	222	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	223	SECTION ADDITIONAL
	224	ns.example.net. IN A 1.2.3.5
	225	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	226	ENTRY_END
	227
	228	; www.example.net query
	229	ENTRY_BEGIN
	230	MATCH opcode qtype qname
	231	ADJUST copy_id
	232	REPLY QR NOERROR
	233	SECTION QUESTION
	234	www.example.net. IN A
	235	SECTION ANSWER
	236	www.example.net. 3600 IN A 10.20.30.40
	237	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
	238	SECTION AUTHORITY
	239	example.net. IN NS ns.example.net.
	240	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	241	SECTION ADDITIONAL
	242	ns.example.net. IN A 1.2.3.5
	243	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	244	ENTRY_END
	245
	246
	247	RANGE_END
	248
	249	STEP 1 QUERY
	250	ENTRY_BEGIN
	251	REPLY RD DO
	252	SECTION QUESTION
	253	www.example.net. IN A
	254	ENTRY_END
	255
	256	; recursion happens here.
	257	STEP 10 CHECK_ANSWER
	258	ENTRY_BEGIN
	259	MATCH all
	260	REPLY QR RD RA AD NOERROR
	261	SECTION QUESTION
	262	www.example.net. IN A
	263	SECTION ANSWER
	264	www.example.net. 3600 IN A 10.20.30.40
	265	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
	266	SECTION AUTHORITY
	267	example.net. IN NS ns.example.net.
	268	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	269	SECTION ADDITIONAL
	270	ns.example.net. IN A 1.2.3.5
	271	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	272	ENTRY_END
	273
	274	SCENARIO_END

+350

-0

testdata/dlv_ask_higher.rpl less more

	0	; config options
	1	; The island of trust is at example.com (the DLV repository)
	2	server:
	3	dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with DLV where it needs to ask higher up in dlv.
	13	; at first negative DLV response, it needs to ask higher.
	14	; the SOA record in that negative reponse has a big span (if interpreted as NSEC)
	15	; then a positive response for DLV.
	16
	17	; K.ROOT-SERVERS.NET.
	18	RANGE_BEGIN 0 100
	19	ADDRESS 193.0.14.129
	20	ENTRY_BEGIN
	21	MATCH opcode qtype qname
	22	ADJUST copy_id
	23	REPLY QR NOERROR
	24	SECTION QUESTION
	25	. IN NS
	26	SECTION ANSWER
	27	. IN NS K.ROOT-SERVERS.NET.
	28	SECTION ADDITIONAL
	29	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	30	ENTRY_END
	31
	32	ENTRY_BEGIN
	33	MATCH opcode subdomain
	34	ADJUST copy_id copy_query
	35	REPLY QR NOERROR
	36	SECTION QUESTION
	37	com. IN A
	38	SECTION AUTHORITY
	39	com. IN NS a.gtld-servers.net.
	40	SECTION ADDITIONAL
	41	a.gtld-servers.net. IN A 192.5.6.30
	42	ENTRY_END
	43
	44	ENTRY_BEGIN
	45	MATCH opcode subdomain
	46	ADJUST copy_id copy_query
	47	REPLY QR NOERROR
	48	SECTION QUESTION
	49	net. IN A
	50	SECTION AUTHORITY
	51	net. IN NS a.gtld-servers.net.
	52	SECTION ADDITIONAL
	53	a.gtld-servers.net. IN A 192.5.6.30
	54	ENTRY_END
	55	RANGE_END
	56
	57	; a.gtld-servers.net.
	58	RANGE_BEGIN 0 100
	59	ADDRESS 192.5.6.30
	60	ENTRY_BEGIN
	61	MATCH opcode qtype qname
	62	ADJUST copy_id
	63	REPLY QR NOERROR
	64	SECTION QUESTION
	65	com. IN NS
	66	SECTION ANSWER
	67	com. IN NS a.gtld-servers.net.
	68	SECTION ADDITIONAL
	69	a.gtld-servers.net. IN A 192.5.6.30
	70	ENTRY_END
	71
	72	ENTRY_BEGIN
	73	MATCH opcode qtype qname
	74	ADJUST copy_id
	75	REPLY QR NOERROR
	76	SECTION QUESTION
	77	net. IN NS
	78	SECTION ANSWER
	79	net. IN NS a.gtld-servers.net.
	80	SECTION ADDITIONAL
	81	a.gtld-servers.net. IN A 192.5.6.30
	82	ENTRY_END
	83
	84	ENTRY_BEGIN
	85	MATCH opcode subdomain
	86	ADJUST copy_id copy_query
	87	REPLY QR NOERROR
	88	SECTION QUESTION
	89	example.com. IN A
	90	SECTION AUTHORITY
	91	example.com. IN NS ns.example.com.
	92	SECTION ADDITIONAL
	93	ns.example.com. IN A 1.2.3.4
	94	ENTRY_END
	95
	96	ENTRY_BEGIN
	97	MATCH opcode subdomain
	98	ADJUST copy_id copy_query
	99	REPLY QR NOERROR
	100	SECTION QUESTION
	101	example.net. IN A
	102	SECTION AUTHORITY
	103	example.net. IN NS ns.example.net.
	104	SECTION ADDITIONAL
	105	ns.example.net. IN A 1.2.3.5
	106	ENTRY_END
	107	RANGE_END
	108
	109	; ns.example.com.
	110	RANGE_BEGIN 0 100
	111	ADDRESS 1.2.3.4
	112	ENTRY_BEGIN
	113	MATCH opcode qtype qname
	114	ADJUST copy_id
	115	REPLY QR NOERROR
	116	SECTION QUESTION
	117	example.com. IN NS
	118	SECTION ANSWER
	119	example.com. IN NS ns.example.com.
	120	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	121	SECTION ADDITIONAL
	122	ns.example.com. IN A 1.2.3.4
	123	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	124	ENTRY_END
	125
	126	; response to DNSKEY priming query
	127	ENTRY_BEGIN
	128	MATCH opcode qtype qname
	129	ADJUST copy_id
	130	REPLY QR NOERROR
	131	SECTION QUESTION
	132	example.com. IN DNSKEY
	133	SECTION ANSWER
	134	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	135	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	136	SECTION AUTHORITY
	137	example.com. IN NS ns.example.com.
	138	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	139	SECTION ADDITIONAL
	140	ns.example.com. IN A 1.2.3.4
	141	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	142	ENTRY_END
	143
	144	; failed DLV query
	145	ENTRY_BEGIN
	146	MATCH opcode qtype qname
	147	ADJUST copy_id
	148	REPLY QR AA NXDOMAIN
	149	SECTION QUESTION
	150	sub.example.net.example.com. IN DLV
	151	SECTION ANSWER
	152	SECTION AUTHORITY
	153	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	154	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	155	example.net.example.com IN NSEC not.example.com. RRSIG NSEC DLV
	156	example.net.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AKz/e6KOw8gCx6wnpIatBwKb0WOPBTWmNNMg91XR/wlJQ9Z2+qICPmA= ;{id = 2854}
	157	example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
	158	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
	159	SECTION ADDITIONAL
	160	ENTRY_END
	161
	162	; DLV query
	163	ENTRY_BEGIN
	164	MATCH opcode qtype qname
	165	ADJUST copy_id
	166	REPLY QR NOERROR
	167	SECTION QUESTION
	168	example.net.example.com. IN DLV
	169	SECTION ANSWER
	170	example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	171	example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854}
	172	SECTION AUTHORITY
	173	example.com. IN NS ns.example.com.
	174	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	175	SECTION ADDITIONAL
	176	ns.example.com. IN A 1.2.3.4
	177	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	178	ENTRY_END
	179
	180	ENTRY_BEGIN
	181	MATCH opcode qtype qname
	182	ADJUST copy_id
	183	REPLY QR NOERROR
	184	SECTION QUESTION
	185	net.example.com. IN DLV
	186	SECTION ANSWER
	187	SECTION AUTHORITY
	188	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	189	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	190	example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
	191	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
	192	ENTRY_END
	193
	194	ENTRY_BEGIN
	195	MATCH opcode qtype qname
	196	ADJUST copy_id
	197	REPLY QR NXDOMAIN
	198	SECTION QUESTION
	199	com.example.com. IN DLV
	200	SECTION ANSWER
	201	SECTION AUTHORITY
	202	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	203	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	204	example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
	205	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
	206	ENTRY_END
	207
	208	RANGE_END
	209
	210	; ns.example.net.
	211	RANGE_BEGIN 0 100
	212	ADDRESS 1.2.3.5
	213	; DS RR is
	214	; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	215	; DNSKEY prime query
	216	ENTRY_BEGIN
	217	MATCH opcode qtype qname
	218	ADJUST copy_id
	219	REPLY QR NOERROR
	220	SECTION QUESTION
	221	example.net. IN DNSKEY
	222	SECTION ANSWER
	223	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	224	example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
	225	SECTION AUTHORITY
	226	example.net. IN NS ns.example.net.
	227	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	228	SECTION ADDITIONAL
	229	ns.example.net. IN A 1.2.3.5
	230	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	231	ENTRY_END
	232
	233	; NS query
	234	ENTRY_BEGIN
	235	MATCH opcode qtype qname
	236	ADJUST copy_id
	237	REPLY QR NOERROR
	238	SECTION QUESTION
	239	example.net. IN NS
	240	SECTION ANSWER
	241	example.net. IN NS ns.example.net.
	242	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	243	SECTION ADDITIONAL
	244	ns.example.net. IN A 1.2.3.5
	245	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	246	ENTRY_END
	247
	248	; www.sub.example.net query
	249	ENTRY_BEGIN
	250	MATCH opcode subdomain
	251	ADJUST copy_id copy_query
	252	REPLY QR NOERROR
	253	SECTION QUESTION
	254	sub.example.net. IN A
	255	SECTION ANSWER
	256	SECTION AUTHORITY
	257	sub.example.net. IN NS ns.sub.example.net.
	258	sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox
	259	sub.example.net. 3600 IN RRSIG DS 5 3 3600 20070926134150 20070829134150 30899 example.net. nM5HAlRsrLurc5mUNKwCye5X6LSH53pLgSeyni4wb6Jd2J48ZRWwrVvy7IpyvI75+Wlu3aGOjv/kEyVaizChRQ== ;{id = 30899}
	260	SECTION ADDITIONAL
	261	ns.sub.example.net. IN A 1.2.3.6
	262	ENTRY_END
	263
	264	RANGE_END
	265
	266	; ns.sub.example.net.
	267	RANGE_BEGIN 0 100
	268	ADDRESS 1.2.3.6
	269	; DS
	270	; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox
	271	; DNSKEY prime query
	272	ENTRY_BEGIN
	273	MATCH opcode qtype qname
	274	ADJUST copy_id
	275	REPLY QR NOERROR
	276	SECTION QUESTION
	277	sub.example.net. IN DNSKEY
	278	SECTION ANSWER
	279	sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	280	sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899}
	281	SECTION AUTHORITY
	282	sub.example.net. IN NS ns.sub.example.net.
	283	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	284	SECTION ADDITIONAL
	285	ns.sub.example.net. IN A 1.2.3.6
	286	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	287	ENTRY_END
	288
	289	; NS query
	290	ENTRY_BEGIN
	291	MATCH opcode qtype qname
	292	ADJUST copy_id
	293	REPLY QR NOERROR
	294	SECTION QUESTION
	295	sub.example.net. IN NS
	296	SECTION ANSWER
	297	sub.example.net. IN NS ns.sub.example.net.
	298	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	299	SECTION ADDITIONAL
	300	ns.sub.example.net. IN A 1.2.3.6
	301	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	302	ENTRY_END
	303
	304	; www.sub.example.net query
	305	ENTRY_BEGIN
	306	MATCH opcode qtype qname
	307	ADJUST copy_id
	308	REPLY QR NOERROR
	309	SECTION QUESTION
	310	www.sub.example.net. IN A
	311	SECTION ANSWER
	312	www.sub.example.net. 3600 IN A 10.20.30.40
	313	www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899}
	314	SECTION AUTHORITY
	315	sub.example.net. IN NS ns.sub.example.net.
	316	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	317	SECTION ADDITIONAL
	318	ns.sub.example.net. IN A 1.2.3.6
	319	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	320	ENTRY_END
	321
	322	RANGE_END
	323
	324	STEP 1 QUERY
	325	ENTRY_BEGIN
	326	REPLY RD DO
	327	SECTION QUESTION
	328	www.sub.example.net. IN A
	329	ENTRY_END
	330
	331	; recursion happens here.
	332	STEP 10 CHECK_ANSWER
	333	ENTRY_BEGIN
	334	MATCH all
	335	REPLY QR RD RA AD NOERROR
	336	SECTION QUESTION
	337	www.sub.example.net. IN A
	338	SECTION ANSWER
	339	www.sub.example.net. 3600 IN A 10.20.30.40
	340	www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899}
	341	SECTION AUTHORITY
	342	sub.example.net. IN NS ns.sub.example.net.
	343	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	344	SECTION ADDITIONAL
	345	ns.sub.example.net. IN A 1.2.3.6
	346	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	347	ENTRY_END
	348
	349	SCENARIO_END

+351

-0

testdata/dlv_below_ta.rpl less more

	0	; config options
	1	; The island of trust is at example.com (the DLV repository)
	2	server:
	3	dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix"
	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test validator, use DLV for nonDSed zone below trustanchor.
	14	; DLV example.com.
	15	; trust anchor at example.net but no secure delegation to
	16	; sub.example.net signed with DLV but not by parent.
	17
	18	; K.ROOT-SERVERS.NET.
	19	RANGE_BEGIN 0 100
	20	ADDRESS 193.0.14.129
	21	ENTRY_BEGIN
	22	MATCH opcode qtype qname
	23	ADJUST copy_id
	24	REPLY QR NOERROR
	25	SECTION QUESTION
	26	. IN NS
	27	SECTION ANSWER
	28	. IN NS K.ROOT-SERVERS.NET.
	29	SECTION ADDITIONAL
	30	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	31	ENTRY_END
	32
	33	ENTRY_BEGIN
	34	MATCH opcode subdomain
	35	ADJUST copy_id copy_query
	36	REPLY QR NOERROR
	37	SECTION QUESTION
	38	com. IN A
	39	SECTION AUTHORITY
	40	com. IN NS a.gtld-servers.net.
	41	SECTION ADDITIONAL
	42	a.gtld-servers.net. IN A 192.5.6.30
	43	ENTRY_END
	44
	45	ENTRY_BEGIN
	46	MATCH opcode subdomain
	47	ADJUST copy_id copy_query
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	net. IN A
	51	SECTION AUTHORITY
	52	net. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56	RANGE_END
	57
	58	; a.gtld-servers.net.
	59	RANGE_BEGIN 0 100
	60	ADDRESS 192.5.6.30
	61	ENTRY_BEGIN
	62	MATCH opcode qtype qname
	63	ADJUST copy_id
	64	REPLY QR NOERROR
	65	SECTION QUESTION
	66	com. IN NS
	67	SECTION ANSWER
	68	com. IN NS a.gtld-servers.net.
	69	SECTION ADDITIONAL
	70	a.gtld-servers.net. IN A 192.5.6.30
	71	ENTRY_END
	72
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	net. IN NS
	79	SECTION ANSWER
	80	net. IN NS a.gtld-servers.net.
	81	SECTION ADDITIONAL
	82	a.gtld-servers.net. IN A 192.5.6.30
	83	ENTRY_END
	84
	85	ENTRY_BEGIN
	86	MATCH opcode subdomain
	87	ADJUST copy_id copy_query
	88	REPLY QR NOERROR
	89	SECTION QUESTION
	90	example.com. IN A
	91	SECTION AUTHORITY
	92	example.com. IN NS ns.example.com.
	93	SECTION ADDITIONAL
	94	ns.example.com. IN A 1.2.3.4
	95	ENTRY_END
	96
	97	ENTRY_BEGIN
	98	MATCH opcode subdomain
	99	ADJUST copy_id copy_query
	100	REPLY QR NOERROR
	101	SECTION QUESTION
	102	example.net. IN A
	103	SECTION AUTHORITY
	104	example.net. IN NS ns.example.net.
	105	SECTION ADDITIONAL
	106	ns.example.net. IN A 1.2.3.5
	107	ENTRY_END
	108	RANGE_END
	109
	110	; ns.example.com.
	111	RANGE_BEGIN 0 100
	112	ADDRESS 1.2.3.4
	113	ENTRY_BEGIN
	114	MATCH opcode qtype qname
	115	ADJUST copy_id
	116	REPLY QR NOERROR
	117	SECTION QUESTION
	118	example.com. IN NS
	119	SECTION ANSWER
	120	example.com. IN NS ns.example.com.
	121	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	122	SECTION ADDITIONAL
	123	ns.example.com. IN A 1.2.3.4
	124	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	125	ENTRY_END
	126
	127	; response to DNSKEY priming query
	128	ENTRY_BEGIN
	129	MATCH opcode qtype qname
	130	ADJUST copy_id
	131	REPLY QR NOERROR
	132	SECTION QUESTION
	133	example.com. IN DNSKEY
	134	SECTION ANSWER
	135	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	136	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	137	SECTION AUTHORITY
	138	example.com. IN NS ns.example.com.
	139	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	140	SECTION ADDITIONAL
	141	ns.example.com. IN A 1.2.3.4
	142	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	143	ENTRY_END
	144
	145	; DLV query
	146	ENTRY_BEGIN
	147	MATCH opcode qtype qname
	148	ADJUST copy_id
	149	REPLY QR NOERROR
	150	SECTION QUESTION
	151	sub.example.net.example.com. IN DLV
	152	SECTION ANSWER
	153	sub.example.net.example.com. 3600 IN DLV 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox
	154	sub.example.net.example.com. 3600 IN RRSIG DLV 3 5 3600 20070926135752 20070829135752 2854 example.com. AAdhy87nuDEaxmc+k9pJHYnhKiEYL++OLPxzOdwEQOtsHi7jeD3lRDU= ;{id = 2854}
	155	SECTION AUTHORITY
	156	example.com. IN NS ns.example.com.
	157	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	158	SECTION ADDITIONAL
	159	ns.example.com. IN A 1.2.3.4
	160	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	161	ENTRY_END
	162
	163	ENTRY_BEGIN
	164	MATCH opcode qtype qname
	165	ADJUST copy_id
	166	REPLY QR NOERROR
	167	SECTION QUESTION
	168	net.example.com. IN DLV
	169	SECTION ANSWER
	170	SECTION AUTHORITY
	171	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	172	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	173	example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC
	174	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854}
	175	ENTRY_END
	176
	177	ENTRY_BEGIN
	178	MATCH opcode qtype qname
	179	ADJUST copy_id
	180	REPLY QR NXDOMAIN
	181	SECTION QUESTION
	182	com.example.com. IN DLV
	183	SECTION ANSWER
	184	SECTION AUTHORITY
	185	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	186	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	187	example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC
	188	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854}
	189	ENTRY_END
	190
	191	RANGE_END
	192
	193	; ns.example.net.
	194	RANGE_BEGIN 0 100
	195	ADDRESS 1.2.3.5
	196	; DS RR is
	197	; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	198	; DNSKEY prime query
	199	ENTRY_BEGIN
	200	MATCH opcode qtype qname
	201	ADJUST copy_id
	202	REPLY QR NOERROR
	203	SECTION QUESTION
	204	example.net. IN DNSKEY
	205	SECTION ANSWER
	206	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	207	example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
	208	SECTION AUTHORITY
	209	example.net. IN NS ns.example.net.
	210	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	211	SECTION ADDITIONAL
	212	ns.example.net. IN A 1.2.3.5
	213	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	214	ENTRY_END
	215
	216	; NS query
	217	ENTRY_BEGIN
	218	MATCH opcode qtype qname
	219	ADJUST copy_id
	220	REPLY QR NOERROR
	221	SECTION QUESTION
	222	example.net. IN NS
	223	SECTION ANSWER
	224	example.net. IN NS ns.example.net.
	225	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	226	SECTION ADDITIONAL
	227	ns.example.net. IN A 1.2.3.5
	228	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	229	ENTRY_END
	230
	231	; no DS to sub.example.net, securely insecure.
	232	ENTRY_BEGIN
	233	MATCH opcode qtype qname
	234	ADJUST copy_id
	235	REPLY QR NOERROR
	236	SECTION QUESTION
	237	sub.example.net. IN DS
	238	SECTION ANSWER
	239	SECTION AUTHORITY
	240	example.net. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	241	example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ELVULZHTRc0Qk06rSBRnB/T6sm1+AbAtdEJHN6PCsz2Z3s3E5A8NH7Krz0VzRaYIEUStnbAtuE3oP8XHWHBnyQ== ;{id = 30899}
	242	sub.example.net. IN NSEC tut.example.net. NS NSEC
	243	sub.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. eNJ2OPjMhGKvg70aYT9l9Uo1lJsqmDqVRMlHibv6t+CNjljytI9Vwbao17oV0cjIksmESAewReb73x9fmVIgEQ== ;{id = 30899}
	244	SECTION ADDITIONAL
	245	ENTRY_END
	246
	247	; delegation to sub.example.net, securely insecure.
	248	ENTRY_BEGIN
	249	MATCH opcode subdomain
	250	ADJUST copy_id copy_query
	251	REPLY QR NOERROR
	252	SECTION QUESTION
	253	sub.example.net. IN NS
	254	SECTION ANSWER
	255	SECTION AUTHORITY
	256	sub.example.net. IN NS ns.sub.example.net.
	257	sub.example.net. IN NSEC tut.example.net. NS NSEC
	258	sub.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. eNJ2OPjMhGKvg70aYT9l9Uo1lJsqmDqVRMlHibv6t+CNjljytI9Vwbao17oV0cjIksmESAewReb73x9fmVIgEQ== ;{id = 30899}
	259	SECTION ADDITIONAL
	260	ns.sub.example.net. IN A 1.2.3.6
	261	ENTRY_END
	262
	263
	264	RANGE_END
	265
	266	; ns.sub.example.net.
	267	RANGE_BEGIN 0 100
	268	ADDRESS 1.2.3.6
	269	; DS is
	270	; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox
	271	; DNSKEY query
	272	ENTRY_BEGIN
	273	MATCH opcode qtype qname
	274	ADJUST copy_id
	275	REPLY QR AA NOERROR
	276	SECTION QUESTION
	277	sub.example.net. IN DNSKEY
	278	SECTION ANSWER
	279	sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	280	sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899}
	281	SECTION AUTHORITY
	282	sub.example.net. IN NS ns.sub.example.net.
	283	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	284	SECTION ADDITIONAL
	285	ns.sub.example.net. IN A 1.2.3.6
	286	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	287	ENTRY_END
	288
	289	; NS query
	290	ENTRY_BEGIN
	291	MATCH opcode qtype qname
	292	ADJUST copy_id
	293	REPLY QR AA NOERROR
	294	SECTION QUESTION
	295	sub.example.net. IN NS
	296	SECTION ANSWER
	297	sub.example.net. IN NS ns.sub.example.net.
	298	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	299	SECTION ADDITIONAL
	300	ns.sub.example.net. IN A 1.2.3.6
	301	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	302	ENTRY_END
	303
	304	; www.sub.example.net query
	305	ENTRY_BEGIN
	306	MATCH opcode qtype qname
	307	ADJUST copy_id
	308	REPLY QR AA NOERROR
	309	SECTION QUESTION
	310	www.sub.example.net. IN A
	311	SECTION ANSWER
	312	www.sub.example.net. IN A 10.20.30.40
	313	www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899}
	314	SECTION AUTHORITY
	315	sub.example.net. IN NS ns.sub.example.net.
	316	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	317	SECTION ADDITIONAL
	318	ns.sub.example.net. IN A 1.2.3.6
	319	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	320	ENTRY_END
	321
	322
	323	RANGE_END
	324
	325	STEP 1 QUERY
	326	ENTRY_BEGIN
	327	REPLY RD DO
	328	SECTION QUESTION
	329	www.sub.example.net. IN A
	330	ENTRY_END
	331
	332	; recursion happens here.
	333	STEP 10 CHECK_ANSWER
	334	ENTRY_BEGIN
	335	MATCH all
	336	REPLY QR RD RA AD NOERROR
	337	SECTION QUESTION
	338	www.sub.example.net. IN A
	339	SECTION ANSWER
	340	www.sub.example.net. IN A 10.20.30.40
	341	www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899}
	342	SECTION AUTHORITY
	343	sub.example.net. IN NS ns.sub.example.net.
	344	sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899}
	345	SECTION ADDITIONAL
	346	ns.sub.example.net. IN A 1.2.3.6
	347	ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899}
	348	ENTRY_END
	349
	350	SCENARIO_END

+331

-0

testdata/dlv_delegation.rpl less more

	0	; config options
	1	; The island of trust is at example.com (the DLV repository)
	2	server:
	3	dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with delegation in DLV repository
	13	; positive response for DLV.
	14	; but the DLV repository has a (secure) delegation inside it.
	15
	16	; K.ROOT-SERVERS.NET.
	17	RANGE_BEGIN 0 100
	18	ADDRESS 193.0.14.129
	19	ENTRY_BEGIN
	20	MATCH opcode qtype qname
	21	ADJUST copy_id
	22	REPLY QR NOERROR
	23	SECTION QUESTION
	24	. IN NS
	25	SECTION ANSWER
	26	. IN NS K.ROOT-SERVERS.NET.
	27	SECTION ADDITIONAL
	28	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	29	ENTRY_END
	30
	31	ENTRY_BEGIN
	32	MATCH opcode subdomain
	33	ADJUST copy_id copy_query
	34	REPLY QR NOERROR
	35	SECTION QUESTION
	36	com. IN A
	37	SECTION AUTHORITY
	38	com. IN NS a.gtld-servers.net.
	39	SECTION ADDITIONAL
	40	a.gtld-servers.net. IN A 192.5.6.30
	41	ENTRY_END
	42
	43	ENTRY_BEGIN
	44	MATCH opcode subdomain
	45	ADJUST copy_id copy_query
	46	REPLY QR NOERROR
	47	SECTION QUESTION
	48	net. IN A
	49	SECTION AUTHORITY
	50	net. IN NS a.gtld-servers.net.
	51	SECTION ADDITIONAL
	52	a.gtld-servers.net. IN A 192.5.6.30
	53	ENTRY_END
	54	RANGE_END
	55
	56	; a.gtld-servers.net.
	57	RANGE_BEGIN 0 100
	58	ADDRESS 192.5.6.30
	59	ENTRY_BEGIN
	60	MATCH opcode qtype qname
	61	ADJUST copy_id
	62	REPLY QR NOERROR
	63	SECTION QUESTION
	64	com. IN NS
	65	SECTION ANSWER
	66	com. IN NS a.gtld-servers.net.
	67	SECTION ADDITIONAL
	68	a.gtld-servers.net. IN A 192.5.6.30
	69	ENTRY_END
	70
	71	ENTRY_BEGIN
	72	MATCH opcode qtype qname
	73	ADJUST copy_id
	74	REPLY QR NOERROR
	75	SECTION QUESTION
	76	net. IN NS
	77	SECTION ANSWER
	78	net. IN NS a.gtld-servers.net.
	79	SECTION ADDITIONAL
	80	a.gtld-servers.net. IN A 192.5.6.30
	81	ENTRY_END
	82
	83	ENTRY_BEGIN
	84	MATCH opcode subdomain
	85	ADJUST copy_id copy_query
	86	REPLY QR NOERROR
	87	SECTION QUESTION
	88	example.com. IN A
	89	SECTION AUTHORITY
	90	example.com. IN NS ns.example.com.
	91	SECTION ADDITIONAL
	92	ns.example.com. IN A 1.2.3.4
	93	ENTRY_END
	94
	95	ENTRY_BEGIN
	96	MATCH opcode subdomain
	97	ADJUST copy_id copy_query
	98	REPLY QR NOERROR
	99	SECTION QUESTION
	100	example.net. IN A
	101	SECTION AUTHORITY
	102	example.net. IN NS ns.example.net.
	103	SECTION ADDITIONAL
	104	ns.example.net. IN A 1.2.3.5
	105	ENTRY_END
	106	RANGE_END
	107
	108	; ns.example.com.
	109	RANGE_BEGIN 0 100
	110	ADDRESS 1.2.3.4
	111	ENTRY_BEGIN
	112	MATCH opcode qtype qname
	113	ADJUST copy_id
	114	REPLY QR NOERROR
	115	SECTION QUESTION
	116	example.com. IN NS
	117	SECTION ANSWER
	118	example.com. IN NS ns.example.com.
	119	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	120	SECTION ADDITIONAL
	121	ns.example.com. IN A 1.2.3.4
	122	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	123	ENTRY_END
	124
	125	; response to DNSKEY priming query
	126	ENTRY_BEGIN
	127	MATCH opcode qtype qname
	128	ADJUST copy_id
	129	REPLY QR NOERROR
	130	SECTION QUESTION
	131	example.com. IN DNSKEY
	132	SECTION ANSWER
	133	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	134	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	135	SECTION AUTHORITY
	136	example.com. IN NS ns.example.com.
	137	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	138	SECTION ADDITIONAL
	139	ns.example.com. IN A 1.2.3.4
	140	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	141	ENTRY_END
	142
	143	; referral to the net.example.com DLV server
	144	ENTRY_BEGIN
	145	MATCH opcode subdomain
	146	ADJUST copy_id copy_query
	147	REPLY QR NOERROR
	148	SECTION QUESTION
	149	net.example.com. IN DLV
	150	SECTION ANSWER
	151	SECTION AUTHORITY
	152	net.example.com. NS ns.net.example.com.
	153	net.example.com. 3600 IN DS 2854 3 1 24d80cd822bc4083cf491b7f055890345a77dd9b ; xenat-myfat-memir-sabym-fefig-nakol-zucyh-megef-gakel-lolyn-ruxox
	154	net.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AA0APyTN12wzj1XmDEZe+wrPE1hkLAINKT8cT9zGup7zX3O8R4Ki2N8= ;{id = 2854}
	155	SECTION ADDITIONAL
	156	ns.net.example.com. A 1.2.3.6
	157	ENTRY_END
	158
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NXDOMAIN
	163	SECTION QUESTION
	164	com.example.com. IN DLV
	165	SECTION ANSWER
	166	SECTION AUTHORITY
	167	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	168	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	169	example.com IN NSEC net.example.com. SOA NS RRSIG NSEC
	170	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJEvfI+tX6Y1OF0h1CNHERJjXaaTsmLWTMLgXk4UYJl8JjAikCpsf9Q= ;{id = 2854}
	171	ENTRY_END
	172
	173	RANGE_END
	174
	175	; ns.net.example.com.
	176	RANGE_BEGIN 0 100
	177	ADDRESS 1.2.3.6
	178	; NS query
	179	ENTRY_BEGIN
	180	MATCH opcode qtype qname
	181	ADJUST copy_id
	182	REPLY QR NOERROR
	183	SECTION QUESTION
	184	net.example.com. IN NS
	185	SECTION ANSWER
	186	net.example.com. NS ns.net.example.com.
	187	net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854}
	188	SECTION ADDITIONAL
	189	ns.net.example.com. A 1.2.3.6
	190	ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854}
	191	ENTRY_END
	192
	193	; DNSKEY query
	194	ENTRY_BEGIN
	195	MATCH opcode qtype qname
	196	ADJUST copy_id
	197	REPLY QR NOERROR
	198	SECTION QUESTION
	199	net.example.com. IN DNSKEY
	200	SECTION ANSWER
	201	net.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	202	net.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926134150 20070829134150 2854 net.example.com. ADgKDV1Yi2iFOXFUN1XkvBU7KW/rdtGcOEdc9VMIxfIKDo5h24E5fqs= ;{id = 2854}
	203	SECTION AUTHORITY
	204	net.example.com. NS ns.net.example.com.
	205	net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854}
	206	SECTION ADDITIONAL
	207	ns.net.example.com. A 1.2.3.6
	208	ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854}
	209	ENTRY_END
	210
	211	; DLV apex
	212	ENTRY_BEGIN
	213	MATCH opcode qtype qname
	214	ADJUST copy_id
	215	REPLY QR NOERROR
	216	SECTION QUESTION
	217	net.example.com. IN DLV
	218	SECTION ANSWER
	219	SECTION AUTHORITY
	220	net.example.com. SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	221	net.example.com. 3600 IN RRSIG SOA 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AKAjedAeGWRHaqhDhNhbTvVUQMgCspiD4GNC7dMVbEZSd87AFcqwg1Y= ;{id = 2854}
	222	net.example.com. NSEC example.net.example.com. SOA NS DNSKEY RRSIG NSEC
	223	net.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AAHqj3xDqng7ZuNFn89sTjTo2qfuXTv0yR6v8mZ1+L5mCsOwjpGXrJw= ;{id = 2854}
	224	SECTION ADDITIONAL
	225	ENTRY_END
	226
	227	; DLV of interest
	228	ENTRY_BEGIN
	229	MATCH opcode qtype qname
	230	ADJUST copy_id
	231	REPLY QR NOERROR
	232	SECTION QUESTION
	233	example.net.example.com. IN DLV
	234	SECTION ANSWER
	235	example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	236	example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AIZmoTbAlXYwLknm84i7sbglbHr1Iq7t0yyTENO/MsPj7K/mvEQAI/g= ;{id = 2854}
	237	SECTION AUTHORITY
	238	net.example.com. NS ns.net.example.com.
	239	net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854}
	240	SECTION ADDITIONAL
	241	ns.net.example.com. A 1.2.3.6
	242	ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854}
	243	ENTRY_END
	244
	245	RANGE_END
	246
	247	; ns.example.net.
	248	RANGE_BEGIN 0 100
	249	ADDRESS 1.2.3.5
	250	; DS RR is
	251	; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	252	; DNSKEY prime query
	253	ENTRY_BEGIN
	254	MATCH opcode qtype qname
	255	ADJUST copy_id
	256	REPLY QR NOERROR
	257	SECTION QUESTION
	258	example.net. IN DNSKEY
	259	SECTION ANSWER
	260	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	261	example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
	262	SECTION AUTHORITY
	263	example.net. IN NS ns.example.net.
	264	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	265	SECTION ADDITIONAL
	266	ns.example.net. IN A 1.2.3.5
	267	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	268	ENTRY_END
	269
	270	; NS query
	271	ENTRY_BEGIN
	272	MATCH opcode qtype qname
	273	ADJUST copy_id
	274	REPLY QR NOERROR
	275	SECTION QUESTION
	276	example.net. IN NS
	277	SECTION ANSWER
	278	example.net. IN NS ns.example.net.
	279	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	280	SECTION ADDITIONAL
	281	ns.example.net. IN A 1.2.3.5
	282	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	283	ENTRY_END
	284
	285	; www.example.net query
	286	ENTRY_BEGIN
	287	MATCH opcode qtype qname
	288	ADJUST copy_id
	289	REPLY QR NOERROR
	290	SECTION QUESTION
	291	www.example.net. IN A
	292	SECTION ANSWER
	293	www.example.net. 3600 IN A 10.20.30.40
	294	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
	295	SECTION AUTHORITY
	296	example.net. IN NS ns.example.net.
	297	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	298	SECTION ADDITIONAL
	299	ns.example.net. IN A 1.2.3.5
	300	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	301	ENTRY_END
	302
	303	RANGE_END
	304
	305	STEP 1 QUERY
	306	ENTRY_BEGIN
	307	REPLY RD DO
	308	SECTION QUESTION
	309	www.example.net. IN A
	310	ENTRY_END
	311
	312	; recursion happens here.
	313	STEP 10 CHECK_ANSWER
	314	ENTRY_BEGIN
	315	MATCH all
	316	REPLY QR RD RA AD NOERROR
	317	SECTION QUESTION
	318	www.example.net. IN A
	319	SECTION ANSWER
	320	www.example.net. 3600 IN A 10.20.30.40
	321	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
	322	SECTION AUTHORITY
	323	example.net. IN NS ns.example.net.
	324	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	325	SECTION ADDITIONAL
	326	ns.example.net. IN A 1.2.3.5
	327	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	328	ENTRY_END
	329
	330	SCENARIO_END

+250

-0

testdata/dlv_insecure.rpl less more

	0	; config options
	1	; The island of trust is at example.com (the DLV repository)
	2	server:
	3	dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	harden-referral-path: no
	6	target-fetch-policy: "0 0 0 0 0"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test validator with insecure zone with no DLV
	14
	15	; K.ROOT-SERVERS.NET.
	16	RANGE_BEGIN 0 100
	17	ADDRESS 193.0.14.129
	18	ENTRY_BEGIN
	19	MATCH opcode qtype qname
	20	ADJUST copy_id
	21	REPLY QR NOERROR
	22	SECTION QUESTION
	23	. IN NS
	24	SECTION ANSWER
	25	. IN NS K.ROOT-SERVERS.NET.
	26	SECTION ADDITIONAL
	27	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	28	ENTRY_END
	29
	30	ENTRY_BEGIN
	31	MATCH opcode subdomain
	32	ADJUST copy_id copy_query
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	com. IN A
	36	SECTION AUTHORITY
	37	com. IN NS a.gtld-servers.net.
	38	SECTION ADDITIONAL
	39	a.gtld-servers.net. IN A 192.5.6.30
	40	ENTRY_END
	41
	42	ENTRY_BEGIN
	43	MATCH opcode subdomain
	44	ADJUST copy_id copy_query
	45	REPLY QR NOERROR
	46	SECTION QUESTION
	47	net. IN A
	48	SECTION AUTHORITY
	49	net. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53	RANGE_END
	54
	55	; a.gtld-servers.net.
	56	RANGE_BEGIN 0 100
	57	ADDRESS 192.5.6.30
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode subdomain
	84	ADJUST copy_id copy_query
	85	REPLY QR NOERROR
	86	SECTION QUESTION
	87	example.com. IN A
	88	SECTION AUTHORITY
	89	example.com. IN NS ns.example.com.
	90	SECTION ADDITIONAL
	91	ns.example.com. IN A 1.2.3.4
	92	ENTRY_END
	93
	94	ENTRY_BEGIN
	95	MATCH opcode subdomain
	96	ADJUST copy_id copy_query
	97	REPLY QR NOERROR
	98	SECTION QUESTION
	99	example.net. IN A
	100	SECTION AUTHORITY
	101	example.net. IN NS ns.example.net.
	102	SECTION ADDITIONAL
	103	ns.example.net. IN A 1.2.3.5
	104	ENTRY_END
	105	RANGE_END
	106
	107	; ns.example.com.
	108	RANGE_BEGIN 0 100
	109	ADDRESS 1.2.3.4
	110	ENTRY_BEGIN
	111	MATCH opcode qtype qname
	112	ADJUST copy_id
	113	REPLY QR NOERROR
	114	SECTION QUESTION
	115	example.com. IN NS
	116	SECTION ANSWER
	117	example.com. IN NS ns.example.com.
	118	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	119	SECTION ADDITIONAL
	120	ns.example.com. IN A 1.2.3.4
	121	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	122	ENTRY_END
	123
	124	; response to DNSKEY priming query
	125	ENTRY_BEGIN
	126	MATCH opcode qtype qname
	127	ADJUST copy_id
	128	REPLY QR NOERROR
	129	SECTION QUESTION
	130	example.com. IN DNSKEY
	131	SECTION ANSWER
	132	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	133	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	134	SECTION AUTHORITY
	135	example.com. IN NS ns.example.com.
	136	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	137	SECTION ADDITIONAL
	138	ns.example.com. IN A 1.2.3.4
	139	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	140	ENTRY_END
	141
	142	; DLV query
	143	; could be picked out of the negative cache due to NS queries in between.
	144	ENTRY_BEGIN
	145	MATCH opcode qtype qname
	146	ADJUST copy_id
	147	REPLY QR NXDOMAIN
	148	SECTION QUESTION
	149	www.example.net.example.com. IN DLV
	150	SECTION ANSWER
	151	SECTION AUTHORITY
	152	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	153	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	154	example.com. IN NS ns.example.com.
	155	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	156	example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC
	157	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854}
	158	SECTION ADDITIONAL
	159	ns.example.com. IN A 1.2.3.4
	160	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	161	ENTRY_END
	162
	163	ENTRY_BEGIN
	164	MATCH opcode qtype qname
	165	ADJUST copy_id
	166	REPLY QR NXDOMAIN
	167	SECTION QUESTION
	168	net.example.com. IN DLV
	169	SECTION ANSWER
	170	SECTION AUTHORITY
	171	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	172	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	173	example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC
	174	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854}
	175	ENTRY_END
	176
	177	ENTRY_BEGIN
	178	MATCH opcode qtype qname
	179	ADJUST copy_id
	180	REPLY QR NXDOMAIN
	181	SECTION QUESTION
	182	com.example.com. IN DLV
	183	SECTION ANSWER
	184	SECTION AUTHORITY
	185	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	186	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	187	example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC
	188	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854}
	189	ENTRY_END
	190
	191	RANGE_END
	192
	193	; ns.example.net.
	194	RANGE_BEGIN 0 100
	195	ADDRESS 1.2.3.5
	196	; NS query
	197	ENTRY_BEGIN
	198	MATCH opcode qtype qname
	199	ADJUST copy_id
	200	REPLY QR NOERROR
	201	SECTION QUESTION
	202	example.net. IN NS
	203	SECTION ANSWER
	204	example.net. IN NS ns.example.net.
	205	SECTION ADDITIONAL
	206	ns.example.net. IN A 1.2.3.5
	207	ENTRY_END
	208
	209	; www.example.net query
	210	ENTRY_BEGIN
	211	MATCH opcode qtype qname
	212	ADJUST copy_id
	213	REPLY QR NOERROR
	214	SECTION QUESTION
	215	www.example.net. IN A
	216	SECTION ANSWER
	217	www.example.net. 3600 IN A 10.20.30.40
	218	SECTION AUTHORITY
	219	example.net. IN NS ns.example.net.
	220	SECTION ADDITIONAL
	221	ns.example.net. IN A 1.2.3.5
	222	ENTRY_END
	223
	224
	225	RANGE_END
	226
	227	STEP 1 QUERY
	228	ENTRY_BEGIN
	229	REPLY RD DO
	230	SECTION QUESTION
	231	www.example.net. IN A
	232	ENTRY_END
	233
	234	; recursion happens here.
	235	STEP 10 CHECK_ANSWER
	236	ENTRY_BEGIN
	237	MATCH all
	238	REPLY QR RD RA NOERROR
	239	SECTION QUESTION
	240	www.example.net. IN A
	241	SECTION ANSWER
	242	www.example.net. 3600 IN A 10.20.30.40
	243	SECTION AUTHORITY
	244	example.net. IN NS ns.example.net.
	245	SECTION ADDITIONAL
	246	ns.example.net. IN A 1.2.3.5
	247	ENTRY_END
	248
	249	SCENARIO_END

+274

-0

testdata/dlv_unused.rpl less more

	0	; config options
	1	; The island of trust is at example.com (the DLV repository)
	2	server:
	3	dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix"
	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test validator, DLV anchor unused because trustanchor works.
	14
	15	; K.ROOT-SERVERS.NET.
	16	RANGE_BEGIN 0 100
	17	ADDRESS 193.0.14.129
	18	ENTRY_BEGIN
	19	MATCH opcode qtype qname
	20	ADJUST copy_id
	21	REPLY QR NOERROR
	22	SECTION QUESTION
	23	. IN NS
	24	SECTION ANSWER
	25	. IN NS K.ROOT-SERVERS.NET.
	26	SECTION ADDITIONAL
	27	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	28	ENTRY_END
	29
	30	ENTRY_BEGIN
	31	MATCH opcode subdomain
	32	ADJUST copy_id copy_query
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	com. IN A
	36	SECTION AUTHORITY
	37	com. IN NS a.gtld-servers.net.
	38	SECTION ADDITIONAL
	39	a.gtld-servers.net. IN A 192.5.6.30
	40	ENTRY_END
	41
	42	ENTRY_BEGIN
	43	MATCH opcode subdomain
	44	ADJUST copy_id copy_query
	45	REPLY QR NOERROR
	46	SECTION QUESTION
	47	net. IN A
	48	SECTION AUTHORITY
	49	net. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53	RANGE_END
	54
	55	; a.gtld-servers.net.
	56	RANGE_BEGIN 0 100
	57	ADDRESS 192.5.6.30
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode subdomain
	84	ADJUST copy_id copy_query
	85	REPLY QR NOERROR
	86	SECTION QUESTION
	87	example.com. IN A
	88	SECTION AUTHORITY
	89	example.com. IN NS ns.example.com.
	90	SECTION ADDITIONAL
	91	ns.example.com. IN A 1.2.3.4
	92	ENTRY_END
	93
	94	ENTRY_BEGIN
	95	MATCH opcode subdomain
	96	ADJUST copy_id copy_query
	97	REPLY QR NOERROR
	98	SECTION QUESTION
	99	example.net. IN A
	100	SECTION AUTHORITY
	101	example.net. IN NS ns.example.net.
	102	SECTION ADDITIONAL
	103	ns.example.net. IN A 1.2.3.5
	104	ENTRY_END
	105	RANGE_END
	106
	107	; ns.example.com.
	108	RANGE_BEGIN 0 100
	109	ADDRESS 1.2.3.4
	110	ENTRY_BEGIN
	111	MATCH opcode qtype qname
	112	ADJUST copy_id
	113	REPLY QR NOERROR
	114	SECTION QUESTION
	115	example.com. IN NS
	116	SECTION ANSWER
	117	example.com. IN NS ns.example.com.
	118	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	119	SECTION ADDITIONAL
	120	ns.example.com. IN A 1.2.3.4
	121	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	122	ENTRY_END
	123
	124	; response to DNSKEY priming query
	125	ENTRY_BEGIN
	126	MATCH opcode qtype qname
	127	ADJUST copy_id
	128	REPLY QR NOERROR
	129	SECTION QUESTION
	130	example.com. IN DNSKEY
	131	SECTION ANSWER
	132	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	133	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	134	SECTION AUTHORITY
	135	example.com. IN NS ns.example.com.
	136	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	137	SECTION ADDITIONAL
	138	ns.example.com. IN A 1.2.3.4
	139	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	140	ENTRY_END
	141
	142	; DLV query
	143	ENTRY_BEGIN
	144	MATCH opcode qtype qname
	145	ADJUST copy_id
	146	REPLY QR NXDOMAIN
	147	SECTION QUESTION
	148	example.net.example.com. IN DLV
	149	SECTION ANSWER
	150	SECTION AUTHORITY
	151	example.com. IN NS ns.example.com.
	152	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	153	example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC
	154	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854}
	155	SECTION ADDITIONAL
	156	ns.example.com. IN A 1.2.3.4
	157	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	158	ENTRY_END
	159
	160	ENTRY_BEGIN
	161	MATCH opcode qtype qname
	162	ADJUST copy_id
	163	REPLY QR NXDOMAIN
	164	SECTION QUESTION
	165	net.example.com. IN DLV
	166	SECTION ANSWER
	167	SECTION AUTHORITY
	168	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	169	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	170	example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC
	171	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854}
	172	ENTRY_END
	173
	174	ENTRY_BEGIN
	175	MATCH opcode qtype qname
	176	ADJUST copy_id
	177	REPLY QR NXDOMAIN
	178	SECTION QUESTION
	179	com.example.com. IN DLV
	180	SECTION ANSWER
	181	SECTION AUTHORITY
	182	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
	183	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
	184	example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC
	185	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854}
	186	ENTRY_END
	187
	188	RANGE_END
	189
	190	; ns.example.net.
	191	RANGE_BEGIN 0 100
	192	ADDRESS 1.2.3.5
	193	; DS RR is
	194	; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
	195	; DNSKEY prime query
	196	ENTRY_BEGIN
	197	MATCH opcode qtype qname
	198	ADJUST copy_id
	199	REPLY QR NOERROR
	200	SECTION QUESTION
	201	example.net. IN DNSKEY
	202	SECTION ANSWER
	203	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	204	example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
	205	SECTION AUTHORITY
	206	example.net. IN NS ns.example.net.
	207	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	208	SECTION ADDITIONAL
	209	ns.example.net. IN A 1.2.3.5
	210	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	211	ENTRY_END
	212
	213	; NS query
	214	ENTRY_BEGIN
	215	MATCH opcode qtype qname
	216	ADJUST copy_id
	217	REPLY QR NOERROR
	218	SECTION QUESTION
	219	example.net. IN NS
	220	SECTION ANSWER
	221	example.net. IN NS ns.example.net.
	222	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	223	SECTION ADDITIONAL
	224	ns.example.net. IN A 1.2.3.5
	225	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	226	ENTRY_END
	227
	228	; www.example.net query
	229	ENTRY_BEGIN
	230	MATCH opcode qtype qname
	231	ADJUST copy_id
	232	REPLY QR NOERROR
	233	SECTION QUESTION
	234	www.example.net. IN A
	235	SECTION ANSWER
	236	www.example.net. 3600 IN A 10.20.30.40
	237	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
	238	SECTION AUTHORITY
	239	example.net. IN NS ns.example.net.
	240	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	241	SECTION ADDITIONAL
	242	ns.example.net. IN A 1.2.3.5
	243	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	244	ENTRY_END
	245
	246	RANGE_END
	247
	248	STEP 1 QUERY
	249	ENTRY_BEGIN
	250	REPLY RD DO
	251	SECTION QUESTION
	252	www.example.net. IN A
	253	ENTRY_END
	254
	255	; recursion happens here.
	256	STEP 10 CHECK_ANSWER
	257	ENTRY_BEGIN
	258	MATCH all
	259	REPLY QR RD RA AD NOERROR
	260	SECTION QUESTION
	261	www.example.net. IN A
	262	SECTION ANSWER
	263	www.example.net. 3600 IN A 10.20.30.40
	264	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
	265	SECTION AUTHORITY
	266	example.net. IN NS ns.example.net.
	267	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	268	SECTION ADDITIONAL
	269	ns.example.net. IN A 1.2.3.5
	270	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	271	ENTRY_END
	272
	273	SCENARIO_END

testdata/edns_lame.tpkg less more

Binary diff not shown

+61

-1

testdata/fetch_glue.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

41	44	ADJUST copy_id
42	45	REPLY QR NOERROR
43	46	SECTION QUESTION
44		www.example.com. IN A
	47	com. IN NS
	48	SECTION ANSWER
	49	com. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53
	54	ENTRY_BEGIN
	55	MATCH opcode qtype qname
	56	ADJUST copy_id
	57	REPLY QR NOERROR
	58	SECTION QUESTION
	59	www.example.com. IN A
	60	SECTION AUTHORITY
	61	example.com. IN NS ns.example.com.
	62	; is missing the glue!
	63	ENTRY_END
	64
	65	ENTRY_BEGIN
	66	MATCH opcode qtype qname
	67	ADJUST copy_id
	68	REPLY QR NOERROR
	69	SECTION QUESTION
	70	example.com. IN NS
45	71	SECTION AUTHORITY
46	72	example.com. IN NS ns.example.com.
47	73	; is missing the glue!

78	104	ADJUST copy_id
79	105	REPLY QR NOERROR
80	106	SECTION QUESTION
	107	example.com. IN NS
	108	SECTION ANSWER
	109	example.com. IN NS ns.example.com.
	110	SECTION ADDITIONAL
	111	ns.example.com. IN A 1.2.3.4
	112	ENTRY_END
	113
	114	ENTRY_BEGIN
	115	MATCH opcode qtype qname
	116	ADJUST copy_id
	117	REPLY QR NOERROR
	118	SECTION QUESTION
81	119	www.example.com. IN A
82	120	SECTION ANSWER
83	121	www.example.com. IN A 10.20.30.40

145	183	ns.example.com IN AAAA
146	184	ENTRY_END
147	185
	186	; some more recursion needed.
	187	; to finish the NS query
	188	STEP 40 QUERY
	189	ENTRY_BEGIN
	190	REPLY RD
	191	SECTION QUESTION
	192	. IN NS
	193	ENTRY_END
	194
	195	STEP 41 CHECK_ANSWER
	196	ENTRY_BEGIN
	197	MATCH all
	198	REPLY QR RD RA NOERROR
	199	SECTION QUESTION
	200	. IN NS
	201	SECTION ANSWER
	202	. IN NS K.ROOT-SERVERS.NET.
	203	SECTION AUTHORITY
	204	SECTION ADDITIONAL
	205	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	206	ENTRY_END
	207
148	208	SCENARIO_END

+63

-3

testdata/fetch_glue_cname.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

39	42	ENTRY_BEGIN
40	43	MATCH opcode qtype qname
41	44	ADJUST copy_id
42		REPLY QR NOERROR
43		SECTION QUESTION
44		www.example.com. IN A
	45	REPLY QR AA NOERROR
	46	SECTION QUESTION
	47	com. IN NS
	48	SECTION ANSWER
	49	com. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53
	54	ENTRY_BEGIN
	55	MATCH opcode qtype qname
	56	ADJUST copy_id
	57	REPLY QR NOERROR
	58	SECTION QUESTION
	59	www.example.com. IN A
	60	SECTION AUTHORITY
	61	example.com. IN NS ns.example.com.
	62	; is missing the glue!
	63	ENTRY_END
	64
	65	ENTRY_BEGIN
	66	MATCH opcode qtype qname
	67	ADJUST copy_id
	68	REPLY QR NOERROR
	69	SECTION QUESTION
	70	example.com. IN NS
45	71	SECTION AUTHORITY
46	72	example.com. IN NS ns.example.com.
47	73	; is missing the glue!

90	116	ADJUST copy_id
91	117	REPLY QR NOERROR
92	118	SECTION QUESTION
	119	example.com. IN NS
	120	SECTION ANSWER
	121	example.com. IN NS ns.example.com.
	122	SECTION ADDITIONAL
	123	ns.example.com. IN A 1.2.3.4
	124	ENTRY_END
	125
	126	ENTRY_BEGIN
	127	MATCH opcode qtype qname
	128	ADJUST copy_id
	129	REPLY QR NOERROR
	130	SECTION QUESTION
93	131	www.example.com. IN A
94	132	SECTION ANSWER
95	133	www.example.com. IN A 10.20.30.40

157	195	ns.example.com IN AAAA
158	196	ENTRY_END
159	197
	198	; some more recursion needed.
	199	; to finish the NS query
	200	STEP 40 QUERY
	201	ENTRY_BEGIN
	202	REPLY RD
	203	SECTION QUESTION
	204	. IN NS
	205	ENTRY_END
	206
	207	STEP 41 CHECK_ANSWER
	208	ENTRY_BEGIN
	209	MATCH all
	210	REPLY QR RD RA NOERROR
	211	SECTION QUESTION
	212	. IN NS
	213	SECTION ANSWER
	214	. IN NS K.ROOT-SERVERS.NET.
	215	SECTION AUTHORITY
	216	SECTION ADDITIONAL
	217	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	218	ENTRY_END
	219
160	220	SCENARIO_END

+1

-0

testdata/fwd.rpl less more

23	23
24	24	STEP 1 QUERY
25	25	ENTRY_BEGIN
	26	REPLY RD
26	27	SECTION QUESTION
27	28	www.example.com. IN A
28	29	ENTRY_END

testdata/fwd_ancil.tpkg less more

Binary diff not shown

testdata/fwd_capsid.tpkg less more

Binary diff not shown

testdata/fwd_capsid_fallback.tpkg less more

Binary diff not shown

+90

-0

testdata/fwd_droptoomany.rpl less more

	0	; config options go here.
	1	server:
	2	num-queries-per-thread: 1
	3	forward-zone:
	4	name: "."
	5	forward-addr: 216.0.0.1
	6	CONFIG_END
	7	SCENARIO_BEGIN Test too many queries asked, last is dropped.
	8
	9	; query responses from authority servers.
	10	RANGE_BEGIN 0 100
	11	ENTRY_BEGIN
	12	MATCH opcode qtype qname
	13	ADJUST copy_id
	14	REPLY QR RD RA NOERROR
	15	SECTION QUESTION
	16	www.example.net. IN A
	17	SECTION ANSWER
	18	www.example.net. IN A 10.20.30.40
	19	SECTION AUTHORITY
	20	www.example.net. IN NS ns.example.net.
	21	SECTION ADDITIONAL
	22	ns.example.net. IN A 10.20.30.50
	23	ENTRY_END
	24	RANGE_END
	25
	26	STEP 1 QUERY
	27	ENTRY_BEGIN
	28	REPLY RD
	29	SECTION QUESTION
	30	www.example.com. IN A
	31	ENTRY_END
	32
	33	STEP 2 CHECK_OUT_QUERY
	34	ENTRY_BEGIN
	35	MATCH qname qtype opcode
	36	SECTION QUESTION
	37	www.example.com. IN A
	38	ENTRY_END
	39
	40	; NO REPLY (this step is not needed)
	41	STEP 3 NOTHING
	42
	43	; another query
	44	STEP 4 QUERY
	45	ENTRY_BEGIN
	46	REPLY RD
	47	SECTION QUESTION
	48	www.example.net. IN A
	49	ENTRY_END
	50
	51	; reply from first query returns
	52	STEP 5 REPLY
	53	ENTRY_BEGIN
	54	MATCH opcode qtype qname
	55	ADJUST copy_id
	56	REPLY QR RD RA NOERROR
	57	SECTION QUESTION
	58	www.example.com. IN A
	59	SECTION ANSWER
	60	www.example.com. IN A 10.20.30.40
	61	SECTION AUTHORITY
	62	www.example.com. IN NS ns.example.com.
	63	SECTION ADDITIONAL
	64	ns.example.com. IN A 10.20.30.50
	65	ENTRY_END
	66
	67	STEP 10 CHECK_ANSWER
	68	ENTRY_BEGIN
	69	MATCH opcode qname qtype
	70	SECTION QUESTION
	71	www.example.com. IN A
	72	SECTION ANSWER
	73	www.example.com. IN A 10.20.30.40
	74	ENTRY_END
	75
	76	; This answer does not arrive, the query was dropped
	77	;STEP 11 CHECK_ANSWER
	78	;ENTRY_BEGIN
	79	;MATCH opcode qname qtype
	80	;SECTION QUESTION
	81	;www.example.net. IN A
	82	;SECTION ANSWER
	83	;www.example.net. IN A 10.20.30.40
	84	;ENTRY_END
	85	SCENARIO_END
	86
	87	; testbound checks before exit:
	88	; * no more pending queries outstanding.
	89	; * and no answers that have not been checked.

+3

-1

testdata/fwd_error.rpl less more

3	3	SCENARIO_BEGIN Forwarder and an error happens on server query.
4	4	STEP 1 QUERY
5	5	ENTRY_BEGIN
	6	REPLY RD
6	7	SECTION QUESTION
7	8	www.example.com. IN A
8	9	ENTRY_END

12	13	STEP 3 ERROR
13	14	STEP 4 ERROR
14	15	STEP 5 ERROR
	16	STEP 6 ERROR
15	17	; returns servfail
16	18	STEP 14 CHECK_ANSWER
17	19	ENTRY_BEGIN
18	20	MATCH opcode qname qtype
19	21	SECTION QUESTION
20		REPLY SERVFAIL QR RA
	22	REPLY SERVFAIL QR RD RA
21	23	MATCH all
22	24	www.example.com. IN A
23	25	ENTRY_END

+110

-0

testdata/fwd_jostle.rpl less more

	0	; config options go here.
	1	; This is one forever, one jostle.
	2	server:
	3	num-queries-per-thread: 2
	4	forward-zone:
	5	name: "."
	6	forward-addr: 216.0.0.1
	7	CONFIG_END
	8	SCENARIO_BEGIN Test too many queries asked, last is too recent to be jostled
	9
	10	; fill the forever slot.
	11	STEP 1 QUERY
	12	ENTRY_BEGIN
	13	REPLY RD
	14	SECTION QUESTION
	15	www.example.com. IN A
	16	ENTRY_END
	17
	18	STEP 2 CHECK_OUT_QUERY
	19	ENTRY_BEGIN
	20	MATCH qname qtype opcode
	21	SECTION QUESTION
	22	www.example.com. IN A
	23	ENTRY_END
	24
	25	; NO REPLY (this step is not needed)
	26	STEP 3 NOTHING
	27
	28	;something enters the jostle slot.
	29	STEP 4 QUERY
	30	ENTRY_BEGIN
	31	REPLY RD
	32	SECTION QUESTION
	33	www.example.net. IN A
	34	ENTRY_END
	35
	36	STEP 5 CHECK_OUT_QUERY
	37	ENTRY_BEGIN
	38	MATCH qname qtype opcode
	39	SECTION QUESTION
	40	www.example.net. IN A
	41	ENTRY_END
	42
	43	; something else tries to replace the entry in the jostle slot.
	44	; but the entry in the jostle slot is too recent.
	45	STEP 6 QUERY
	46	ENTRY_BEGIN
	47	REPLY RD
	48	SECTION QUESTION
	49	www.example.org. IN A
	50	ENTRY_END
	51
	52	; reply from latest query returns
	53	STEP 7 REPLY
	54	ENTRY_BEGIN
	55	MATCH opcode qtype qname
	56	ADJUST copy_id
	57	REPLY QR RD RA NOERROR
	58	SECTION QUESTION
	59	www.example.net. IN A
	60	SECTION ANSWER
	61	www.example.net. IN A 10.20.30.42
	62	SECTION AUTHORITY
	63	www.example.net. IN NS ns.example.net.
	64	SECTION ADDITIONAL
	65	ns.example.net. IN A 10.20.30.50
	66	ENTRY_END
	67
	68	; answer to last query
	69	STEP 8 CHECK_ANSWER
	70	ENTRY_BEGIN
	71	MATCH opcode qname qtype
	72	SECTION QUESTION
	73	www.example.net. IN A
	74	SECTION ANSWER
	75	www.example.net. IN A 10.20.30.42
	76	ENTRY_END
	77
	78
	79	; reply from first query returns
	80	STEP 10 REPLY
	81	ENTRY_BEGIN
	82	MATCH opcode qtype qname
	83	ADJUST copy_id
	84	REPLY QR RD RA NOERROR
	85	SECTION QUESTION
	86	www.example.com. IN A
	87	SECTION ANSWER
	88	www.example.com. IN A 10.20.30.40
	89	SECTION AUTHORITY
	90	www.example.com. IN NS ns.example.com.
	91	SECTION ADDITIONAL
	92	ns.example.com. IN A 10.20.30.50
	93	ENTRY_END
	94
	95	; answer to first query
	96	STEP 11 CHECK_ANSWER
	97	ENTRY_BEGIN
	98	MATCH opcode qname qtype
	99	SECTION QUESTION
	100	www.example.com. IN A
	101	SECTION ANSWER
	102	www.example.com. IN A 10.20.30.40
	103	ENTRY_END
	104
	105	SCENARIO_END
	106
	107	; testbound checks before exit:
	108	; * no more pending queries outstanding.
	109	; * and no answers that have not been checked.

+113

-0

testdata/fwd_jostle_out.rpl less more

	0	; config options go here.
	1	; This is one forever, one jostle.
	2	server:
	3	num-queries-per-thread: 2
	4	forward-zone:
	5	name: "."
	6	forward-addr: 216.0.0.1
	7	CONFIG_END
	8	SCENARIO_BEGIN Test too many queries asked, last one jostled out to make space
	9
	10	; fill the forever slot.
	11	STEP 1 QUERY
	12	ENTRY_BEGIN
	13	REPLY RD
	14	SECTION QUESTION
	15	www.example.com. IN A
	16	ENTRY_END
	17
	18	STEP 2 CHECK_OUT_QUERY
	19	ENTRY_BEGIN
	20	MATCH qname qtype opcode
	21	SECTION QUESTION
	22	www.example.com. IN A
	23	ENTRY_END
	24
	25	; NO REPLY (this step is not needed)
	26	STEP 3 NOTHING
	27
	28	;something enters the jostle slot.
	29	STEP 4 QUERY
	30	ENTRY_BEGIN
	31	REPLY RD
	32	SECTION QUESTION
	33	www.example.net. IN A
	34	ENTRY_END
	35
	36	STEP 5 CHECK_OUT_QUERY
	37	ENTRY_BEGIN
	38	MATCH qname qtype opcode
	39	SECTION QUESTION
	40	www.example.net. IN A
	41	ENTRY_END
	42
	43	; 300 msec passes
	44	STEP 6 TIME_PASSES ELAPSE 0.300
	45
	46	; something else tries to replace the entry in the jostle slot.
	47	; and it works because the entry is now too old.
	48	STEP 8 QUERY
	49	ENTRY_BEGIN
	50	REPLY RD
	51	SECTION QUESTION
	52	www.example.org. IN A
	53	ENTRY_END
	54
	55	; reply from latest query returns
	56	STEP 9 REPLY
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR RD RA NOERROR
	61	SECTION QUESTION
	62	www.example.org. IN A
	63	SECTION ANSWER
	64	www.example.org. IN A 10.20.30.42
	65	SECTION AUTHORITY
	66	www.example.org. IN NS ns.example.org.
	67	SECTION ADDITIONAL
	68	ns.example.org. IN A 10.20.30.50
	69	ENTRY_END
	70
	71	; answer to last query
	72	STEP 10 CHECK_ANSWER
	73	ENTRY_BEGIN
	74	MATCH opcode qname qtype
	75	SECTION QUESTION
	76	www.example.org. IN A
	77	SECTION ANSWER
	78	www.example.org. IN A 10.20.30.42
	79	ENTRY_END
	80
	81
	82	; reply from first query returns
	83	STEP 11 REPLY
	84	ENTRY_BEGIN
	85	MATCH opcode qtype qname
	86	ADJUST copy_id
	87	REPLY QR RD RA NOERROR
	88	SECTION QUESTION
	89	www.example.com. IN A
	90	SECTION ANSWER
	91	www.example.com. IN A 10.20.30.40
	92	SECTION AUTHORITY
	93	www.example.com. IN NS ns.example.com.
	94	SECTION ADDITIONAL
	95	ns.example.com. IN A 10.20.30.50
	96	ENTRY_END
	97
	98	; answer to first query
	99	STEP 12 CHECK_ANSWER
	100	ENTRY_BEGIN
	101	MATCH opcode qname qtype
	102	SECTION QUESTION
	103	www.example.com. IN A
	104	SECTION ANSWER
	105	www.example.com. IN A 10.20.30.40
	106	ENTRY_END
	107
	108	SCENARIO_END
	109
	110	; testbound checks before exit:
	111	; * no more pending queries outstanding.
	112	; * and no answers that have not been checked.

+2

-0

testdata/fwd_notcached.rpl less more

13	13
14	14	STEP 1 QUERY
15	15	ENTRY_BEGIN
	16	REPLY RD
16	17	SECTION QUESTION
17	18	www.example.com. IN A
18	19	ENTRY_END

49	50	; another query, different, so not from cache.
50	51	STEP 5 QUERY
51	52	ENTRY_BEGIN
	53	REPLY RD
52	54	SECTION QUESTION
53	55	www.example.net. IN A
54	56	ENTRY_END

testdata/fwd_three.tpkg less more

Binary diff not shown

+3

-1

testdata/fwd_timeout.rpl less more

3	3	SCENARIO_BEGIN Forwarder and a timeout happens on server query.
4	4	STEP 1 QUERY
5	5	ENTRY_BEGIN
	6	REPLY RD
6	7	SECTION QUESTION
7	8	www.example.com. IN A
8	9	ENTRY_END

12	13	STEP 3 TIMEOUT
13	14	STEP 4 TIMEOUT
14	15	STEP 5 TIMEOUT
	16	STEP 6 TIMEOUT
15	17	; returns servfail
16	18	STEP 14 CHECK_ANSWER
17	19	ENTRY_BEGIN
18	20	MATCH opcode qname qtype
19	21	SECTION QUESTION
20		REPLY SERVFAIL QR RA
	22	REPLY SERVFAIL QR RA RD
21	23	MATCH all
22	24	www.example.com. IN A
23	25	ENTRY_END

+3

-1

testdata/fwd_two.rpl less more

0	0	; config options go here.
1	1	server:
2		num-queries-per-thread: 1
	2	num-queries-per-thread: 2
3	3	forward-zone:
4	4	name: "."
5	5	forward-addr: 216.0.0.1

25	25
26	26	STEP 1 QUERY
27	27	ENTRY_BEGIN
	28	REPLY RD
28	29	SECTION QUESTION
29	30	www.example.com. IN A
30	31	ENTRY_END

42	43	; another query
43	44	STEP 4 QUERY
44	45	ENTRY_BEGIN
	46	REPLY RD
45	47	SECTION QUESTION
46	48	www.example.net. IN A
47	49	ENTRY_END

testdata/fwd_waitudp.tpkg less more

Binary diff not shown

testdata/fwd_zero.tpkg less more

Binary diff not shown

+39

-0

testdata/iter_cname_double.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

43	46	ADJUST copy_id
44	47	REPLY QR NOERROR
45	48	SECTION QUESTION
	49	com. IN NS
	50	SECTION ANSWER
	51	com. IN NS a.gtld-servers.net.
	52	SECTION ADDITIONAL
	53	a.gtld-servers.net. IN A 192.5.6.30
	54	ENTRY_END
	55
	56	ENTRY_BEGIN
	57	MATCH opcode qtype qname
	58	ADJUST copy_id
	59	REPLY QR NOERROR
	60	SECTION QUESTION
46	61	www.example.com. IN A
47	62	SECTION AUTHORITY
48	63	example.com. IN NS ns.example.com.

66	81	; ns.example.com.
67	82	RANGE_BEGIN 0 100
68	83	ADDRESS 1.2.3.4
	84	ENTRY_BEGIN
	85	MATCH opcode qtype qname
	86	ADJUST copy_id
	87	REPLY QR NOERROR
	88	SECTION QUESTION
	89	example.com. IN NS
	90	SECTION ANSWER
	91	example.com. IN NS ns.example.com.
	92	SECTION ADDITIONAL
	93	ns.example.com. IN A 1.2.3.4
	94	ENTRY_END
	95
69	96	ENTRY_BEGIN
70	97	MATCH opcode qtype qname
71	98	ADJUST copy_id

97	124	SECTION AUTHORITY
98	125	SECTION ADDITIONAL
99	126	ENTRY_END
	127
	128	ENTRY_BEGIN
	129	MATCH opcode qtype qname
	130	ADJUST copy_id
	131	REPLY QR NOERROR
	132	SECTION QUESTION
	133	next.com. IN NS
	134	SECTION ANSWER
	135	next.com. IN NS ns.next.com.
	136	SECTION ADDITIONAL
	137	ns.next.com. IN A 1.2.3.5
	138	ENTRY_END
100	139	RANGE_END
101	140
102	141	STEP 1 QUERY

+39

-0

testdata/iter_cname_nx.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

41	44	ADJUST copy_id
42	45	REPLY QR NOERROR
43	46	SECTION QUESTION
	47	com. IN NS
	48	SECTION ANSWER
	49	com. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53
	54	ENTRY_BEGIN
	55	MATCH opcode qtype qname
	56	ADJUST copy_id
	57	REPLY QR NOERROR
	58	SECTION QUESTION
44	59	www.example.com. IN A
45	60	SECTION AUTHORITY
46	61	example.com. IN NS ns.example.com.

64	79	; ns.example.com.
65	80	RANGE_BEGIN 0 100
66	81	ADDRESS 1.2.3.4
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
	87	example.com. IN NS
	88	SECTION ANSWER
	89	example.com. IN NS ns.example.com.
	90	SECTION ADDITIONAL
	91	ns.example.com. IN A 1.2.3.4
	92	ENTRY_END
	93
67	94	ENTRY_BEGIN
68	95	MATCH opcode qtype qname
69	96	ADJUST copy_id

92	119	SECTION AUTHORITY
93	120	SECTION ADDITIONAL
94	121	ENTRY_END
	122
	123	ENTRY_BEGIN
	124	MATCH opcode qtype qname
	125	ADJUST copy_id
	126	REPLY QR NOERROR
	127	SECTION QUESTION
	128	next.com. IN NS
	129	SECTION ANSWER
	130	next.com. IN NS ns.next.com.
	131	SECTION ADDITIONAL
	132	ns.next.com. IN A 1.2.3.5
	133	ENTRY_END
95	134	RANGE_END
96	135
97	136	STEP 1 QUERY

+39

-0

testdata/iter_cname_qnamecopy.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

41	44	ADJUST copy_id
42	45	REPLY QR NOERROR
43	46	SECTION QUESTION
	47	com. IN NS
	48	SECTION ANSWER
	49	com. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53
	54	ENTRY_BEGIN
	55	MATCH opcode qtype qname
	56	ADJUST copy_id
	57	REPLY QR NOERROR
	58	SECTION QUESTION
44	59	www.example.com. IN A
45	60	SECTION AUTHORITY
46	61	example.com. IN NS ns.example.com.

67	82	ENTRY_BEGIN
68	83	MATCH opcode qtype qname
69	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
	87	example.com. IN NS
	88	SECTION ANSWER
	89	example.com. IN NS ns.example.com.
	90	SECTION ADDITIONAL
	91	ns.example.com. IN A 1.2.3.4
	92	ENTRY_END
	93
	94	ENTRY_BEGIN
	95	MATCH opcode qtype qname
	96	ADJUST copy_id
70	97	REPLY QR AA NOERROR
71	98	SECTION QUESTION
72	99	www.example.com. IN A

90	117	SECTION AUTHORITY
91	118	next.com. IN SOA next.com. next.com. 2007090400 28800 7200 604800 18000
92	119	SECTION ADDITIONAL
	120	ENTRY_END
	121
	122	ENTRY_BEGIN
	123	MATCH opcode qtype qname
	124	ADJUST copy_id
	125	REPLY QR NOERROR
	126	SECTION QUESTION
	127	next.com. IN NS
	128	SECTION ANSWER
	129	next.com. IN NS ns.next.com.
	130	SECTION ADDITIONAL
	131	ns.next.com. IN A 1.2.3.5
93	132	ENTRY_END
94	133	RANGE_END
95	134

+27

-0

testdata/iter_cycle.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

78	81	ADJUST copy_id
79	82	REPLY QR NOERROR
80	83	SECTION QUESTION
	84	com. IN NS
	85	SECTION ANSWER
	86	com. IN NS a.gtld-servers.net.
	87	SECTION ADDITIONAL
	88	a.gtld-servers.net. IN A 192.5.6.30
	89	ENTRY_END
	90
	91	ENTRY_BEGIN
	92	MATCH opcode qtype qname
	93	ADJUST copy_id
	94	REPLY QR NOERROR
	95	SECTION QUESTION
81	96	ns.example.com. IN A
82	97	SECTION AUTHORITY
83	98	example.com. IN NS ns.example.net.

103	118	; e.gtld-servers.net.
104	119	RANGE_BEGIN 0 100
105	120	ADDRESS 192.12.94.30
	121	ENTRY_BEGIN
	122	MATCH opcode qtype qname
	123	ADJUST copy_id
	124	REPLY QR NOERROR
	125	SECTION QUESTION
	126	net. IN NS
	127	SECTION ANSWER
	128	net. IN NS e.gtld-servers.net.
	129	SECTION ADDITIONAL
	130	e.gtld-servers.net. IN A 192.12.94.30
	131	ENTRY_END
	132
106	133	ENTRY_BEGIN
107	134	MATCH opcode qtype qname
108	135	ADJUST copy_id

+50

-0

testdata/iter_cycle_noh.rpl less more

0	0	; config options
1	1	server:
2	2	harden-glue: "no"
	3	target-fetch-policy: "0 0 0 0 0"
	4
3	5	stub-zone:
4	6	name: "."
5	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

81	83	ADJUST copy_id
82	84	REPLY QR NOERROR
83	85	SECTION QUESTION
	86	com. IN NS
	87	SECTION ANSWER
	88	com. IN NS a.gtld-servers.net.
	89	SECTION ADDITIONAL
	90	a.gtld-servers.net. IN A 192.5.6.30
	91	ENTRY_END
	92
	93	ENTRY_BEGIN
	94	MATCH opcode qtype qname
	95	ADJUST copy_id
	96	REPLY QR NOERROR
	97	SECTION QUESTION
84	98	ns.example.com. IN A
85	99	SECTION AUTHORITY
86	100	example.com. IN NS ns.example.net.

109	123	ADJUST copy_id
110	124	REPLY QR NOERROR
111	125	SECTION QUESTION
	126	net. IN NS
	127	SECTION ANSWER
	128	net. IN NS e.gtld-servers.net.
	129	SECTION ADDITIONAL
	130	e.gtld-servers.net. IN A 192.12.94.30
	131	ENTRY_END
	132
	133	ENTRY_BEGIN
	134	MATCH opcode qtype qname
	135	ADJUST copy_id
	136	REPLY QR NOERROR
	137	SECTION QUESTION
112	138	ns.example.net. IN A
113	139	SECTION AUTHORITY
114	140	example.net. IN NS ns.example.com.

132	158	; ns.example.net.
133	159	RANGE_BEGIN 0 100
134	160	ADDRESS 1.2.3.1
	161	ENTRY_BEGIN
	162	MATCH opcode qtype qname
	163	ADJUST copy_id
	164	REPLY QR NOERROR
	165	SECTION QUESTION
	166	example.net. IN NS
	167	SECTION ANSWER
	168	example.net. IN NS ns.example.com.
	169	SECTION ADDITIONAL
	170	ns.example.com. IN A 1.2.3.2
	171	ENTRY_END
	172
	173	ENTRY_BEGIN
	174	MATCH opcode qtype qname
	175	ADJUST copy_id
	176	REPLY QR NOERROR
	177	SECTION QUESTION
	178	example.com. IN NS
	179	SECTION ANSWER
	180	example.com. IN NS ns.example.net.
	181	SECTION ADDITIONAL
	182	ns.example.net. IN A 1.2.3.1
	183	ENTRY_END
	184
135	185	ENTRY_BEGIN
136	186	MATCH opcode qtype qname
137	187	ADJUST copy_id

+172

-59

testdata/iter_dnsseclame_ds.rpl less more

26	26	ENTRY_END
27	27
28	28	ENTRY_BEGIN
29		MATCH opcode qtype qname
30		ADJUST copy_id
31		REPLY QR NOERROR
32		SECTION QUESTION
33		www.sub.example.com. IN A
	29	MATCH opcode subdomain
	30	ADJUST copy_id copy_query
	31	REPLY QR NOERROR
	32	SECTION QUESTION
	33	com. IN A
34	34	SECTION AUTHORITY
35	35	com. IN NS a.gtld-servers.net.
36	36	SECTION ADDITIONAL

38	38	ENTRY_END
39	39
40	40	ENTRY_BEGIN
	41	MATCH opcode subdomain
	42	ADJUST copy_id copy_query
	43	REPLY QR NOERROR
	44	SECTION QUESTION
	45	net. IN A
	46	SECTION AUTHORITY
	47	net. IN NS e.gtld-servers.net.
	48	SECTION ADDITIONAL
	49	e.gtld-servers.net. IN A 192.12.94.30
	50	ENTRY_END
	51
	52	ENTRY_BEGIN
	53	MATCH opcode qtype qname
	54	ADJUST copy_id
	55	REPLY QR NOERROR
	56	SECTION QUESTION
	57	ns.example.net. IN AAAA
	58	SECTION AUTHORITY
	59	net. IN NS e.gtld-servers.net.
	60	SECTION ADDITIONAL
	61	e.gtld-servers.net. IN A 192.12.94.30
	62	ENTRY_END
	63	RANGE_END
	64
	65	; a.gtld-servers.net.
	66	RANGE_BEGIN 0 100
	67	ADDRESS 192.5.6.30
	68	ENTRY_BEGIN
	69	MATCH opcode qtype qname
	70	ADJUST copy_id
	71	REPLY QR NOERROR
	72	SECTION QUESTION
	73	com. IN NS
	74	SECTION ANSWER
	75	com. IN NS a.gtld-servers.net.
	76	SECTION ADDITIONAL
	77	a.gtld-servers.net. IN A 192.5.6.30
	78	ENTRY_END
	79
	80	ENTRY_BEGIN
	81	MATCH opcode subdomain
	82	ADJUST copy_id copy_query
	83	REPLY QR NOERROR
	84	SECTION QUESTION
	85	example.com. IN A
	86	SECTION AUTHORITY
	87	example.com. IN NS ns.example.com.
	88	SECTION ADDITIONAL
	89	ns.example.com. IN A 1.2.3.55
	90	ENTRY_END
	91	RANGE_END
	92
	93	; e.gtld-servers.net.
	94	RANGE_BEGIN 0 100
	95	ADDRESS 192.12.94.30
	96	ENTRY_BEGIN
	97	MATCH opcode qtype qname
	98	ADJUST copy_id
	99	REPLY QR NOERROR
	100	SECTION QUESTION
	101	net. IN NS
	102	SECTION ANSWER
	103	net. IN NS e.gtld-servers.net.
	104	SECTION ADDITIONAL
	105	e.gtld-servers.net. IN A 192.12.94.30
	106	ENTRY_END
	107
	108	ENTRY_BEGIN
	109	MATCH opcode qtype qname
	110	ADJUST copy_id
	111	REPLY QR AA NOERROR
	112	SECTION QUESTION
	113	e.gtld-servers.net. IN AAAA
	114	SECTION ANSWER
	115	ENTRY_END
	116
	117	ENTRY_BEGIN
	118	MATCH opcode qtype qname
	119	ADJUST copy_id
	120	REPLY QR AA NOERROR
	121	SECTION QUESTION
	122	a.gtld-servers.net. IN AAAA
	123	SECTION ANSWER
	124	ENTRY_END
	125
	126	ENTRY_BEGIN
41	127	MATCH opcode qtype qname
42	128	ADJUST copy_id
43	129	REPLY QR NOERROR
44	130	SECTION QUESTION
45	131	ns.example.net. IN A
46	132	SECTION AUTHORITY
47		net. IN NS e.gtld-servers.net.
48		SECTION ADDITIONAL
49		e.gtld-servers.net. IN A 192.12.94.30
	133	example.net. IN NS ns.example.net.
	134	SECTION ADDITIONAL
	135	ns.example.net. IN A 1.2.3.44
50	136	ENTRY_END
51	137
52	138	ENTRY_BEGIN

56	142	SECTION QUESTION
57	143	ns.example.net. IN AAAA
58	144	SECTION AUTHORITY
59		net. IN NS e.gtld-servers.net.
60		SECTION ADDITIONAL
61		e.gtld-servers.net. IN A 192.12.94.30
62		ENTRY_END
63		RANGE_END
64
65		; a.gtld-servers.net.
66		RANGE_BEGIN 0 100
67		ADDRESS 192.5.6.30
68		ENTRY_BEGIN
69		MATCH opcode qtype qname
70		ADJUST copy_id
71		REPLY QR NOERROR
72		SECTION QUESTION
73		www.sub.example.com. IN A
74		SECTION AUTHORITY
75		example.com. IN NS ns.example.com.
76		SECTION ADDITIONAL
77		ns.example.com. IN A 1.2.3.55
78		ENTRY_END
79		RANGE_END
80
81		; e.gtld-servers.net.
82		RANGE_BEGIN 0 100
83		ADDRESS 192.12.94.30
84		ENTRY_BEGIN
85		MATCH opcode qtype qname
86		ADJUST copy_id
87		REPLY QR NOERROR
88		SECTION QUESTION
89		ns.example.net. IN A
90		SECTION AUTHORITY
91	145	example.net. IN NS ns.example.net.
92	146	SECTION ADDITIONAL
93	147	ns.example.net. IN A 1.2.3.44
94	148	ENTRY_END
95
96		ENTRY_BEGIN
97		MATCH opcode qtype qname
98		ADJUST copy_id
99		REPLY QR NOERROR
100		SECTION QUESTION
101		ns.example.net. IN AAAA
102		SECTION AUTHORITY
	149	RANGE_END
	150
	151	; ns.example.net.
	152	RANGE_BEGIN 0 100
	153	ADDRESS 1.2.3.44
	154	ENTRY_BEGIN
	155	MATCH opcode qtype qname
	156	ADJUST copy_id
	157	REPLY QR NOERROR
	158	SECTION QUESTION
	159	example.net. IN NS
	160	SECTION ANSWER
103	161	example.net. IN NS ns.example.net.
104	162	SECTION ADDITIONAL
105	163	ns.example.net. IN A 1.2.3.44
106	164	ENTRY_END
107		RANGE_END
108
109		; ns.example.net.
110		RANGE_BEGIN 0 100
111		ADDRESS 1.2.3.44
	165
112	166	ENTRY_BEGIN
113	167	MATCH opcode qtype qname
114	168	ADJUST copy_id

151	205	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
152	206	ENTRY_END
153	207
	208	ENTRY_BEGIN
	209	MATCH opcode qtype qname
	210	ADJUST copy_id
	211	REPLY QR AA NOERROR
	212	SECTION QUESTION
	213	sub.example.com. IN NS
	214	SECTION ANSWER
	215	sub.example.com. IN NS ns.sub.example.com.
	216	sub.example.com. IN NS ns.example.net.
	217	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
	218	SECTION ADDITIONAL
	219	ns.sub.example.com. IN A 1.2.3.6
	220	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	221	ENTRY_END
	222
154	223	; response to query of interest
155	224	ENTRY_BEGIN
156	225	MATCH opcode qtype qname

164	233	SECTION AUTHORITY
165	234	SECTION ADDITIONAL
166	235	ENTRY_END
	236
	237	ENTRY_BEGIN
	238	MATCH opcode qtype qname
	239	ADJUST copy_id
	240	REPLY QR AA NOERROR
	241	SECTION QUESTION
	242	ns.sub.example.com. IN AAAA
	243	SECTION ANSWER
	244	ENTRY_END
167	245	RANGE_END
168	246
169	247	; ns.example.com.
170	248	RANGE_BEGIN 0 100
171	249	ADDRESS 1.2.3.55
	250	ENTRY_BEGIN
	251	MATCH opcode qtype qname
	252	ADJUST copy_id
	253	REPLY QR NOERROR
	254	SECTION QUESTION
	255	example.com. IN NS
	256	SECTION ANSWER
	257	example.com. IN NS ns.example.com.
	258	SECTION ADDITIONAL
	259	ns.example.com. IN A 1.2.3.55
	260	ENTRY_END
	261
172	262	ENTRY_BEGIN
173	263	MATCH opcode qtype qname
174	264	ADJUST copy_id

202	292	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
203	293	ENTRY_END
204	294
	295
205	296	; correct delegation with DS
206	297	ENTRY_BEGIN
207		MATCH opcode qtype qname
208		ADJUST copy_id
209		REPLY QR AA NOERROR
210		SECTION QUESTION
211		www.sub.example.com. IN A
	298	MATCH opcode subdomain
	299	ADJUST copy_id copy_query
	300	REPLY QR AA NOERROR
	301	SECTION QUESTION
	302	sub.example.com. IN A
212	303	SECTION ANSWER
213	304	SECTION AUTHORITY
214	305	sub.example.com. IN NS ns.sub.example.com.

242	333	RANGE_BEGIN 0 100
243	334	ADDRESS 1.2.3.6
244	335
	336	ENTRY_BEGIN
	337	MATCH opcode qtype qname
	338	ADJUST copy_id
	339	REPLY QR AA NOERROR
	340	SECTION QUESTION
	341	sub.example.com. IN NS
	342	SECTION ANSWER
	343	sub.example.com. IN NS ns.sub.example.com.
	344	sub.example.com. IN NS ns.example.net.
	345	SECTION ADDITIONAL
	346	ns.sub.example.com. IN A 1.2.3.6
	347	ENTRY_END
	348
	349
245	350	; response to DNSKEY priming query
246	351	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
247	352	ENTRY_BEGIN

257	362	sub.example.com. IN NS ns.example.net.
258	363	SECTION ADDITIONAL
259	364	ns.sub.example.com. IN A 1.2.3.6
	365	ENTRY_END
	366
	367	ENTRY_BEGIN
	368	MATCH opcode qtype qname
	369	ADJUST copy_id
	370	REPLY QR AA NOERROR
	371	SECTION QUESTION
	372	ns.sub.example.com. IN AAAA
	373	SECTION ANSWER
260	374	ENTRY_END
261	375
262	376	; response to query of interest

296	410	www.sub.example.com. IN A 11.11.11.11
297	411	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
298	412	ENTRY_END
299
300	413	SCENARIO_END

+74

-0

testdata/iter_dnsseclame_ds_ok.rpl less more

1	1	server:
2	2	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
3	3	val-override-date: "20070916134226"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

60	61	SECTION ADDITIONAL
61	62	e.gtld-servers.net. IN A 192.12.94.30
62	63	ENTRY_END
	64
63	65	RANGE_END
64	66
65	67	; a.gtld-servers.net.

68	70	ENTRY_BEGIN
69	71	MATCH opcode qtype qname
70	72	ADJUST copy_id
	73	REPLY QR AA NOERROR
	74	SECTION QUESTION
	75	com. IN NS
	76	SECTION ANSWER
	77	com. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
71	85	REPLY QR NOERROR
72	86	SECTION QUESTION
73	87	www.sub.example.com. IN A

86	100	ADJUST copy_id
87	101	REPLY QR NOERROR
88	102	SECTION QUESTION
	103	net. IN NS
	104	SECTION ANSWER
	105	net. IN NS e.gtld-servers.net.
	106	SECTION ADDITIONAL
	107	e.gtld-servers.net. IN A 192.12.94.30
	108	ENTRY_END
	109
	110	ENTRY_BEGIN
	111	MATCH opcode qtype qname
	112	ADJUST copy_id
	113	REPLY QR NOERROR
	114	SECTION QUESTION
89	115	ns.example.net. IN A
90	116	SECTION AUTHORITY
91	117	example.net. IN NS ns.example.net.

109	135	; ns.example.net.
110	136	RANGE_BEGIN 0 100
111	137	ADDRESS 1.2.3.44
	138	ENTRY_BEGIN
	139	MATCH opcode qtype qname
	140	ADJUST copy_id
	141	REPLY QR NOERROR
	142	SECTION QUESTION
	143	example.net. IN NS
	144	SECTION ANSWER
	145	example.net. IN NS ns.example.net.
	146	SECTION ADDITIONAL
	147	ns.example.net. IN A 1.2.3.44
	148	ENTRY_END
	149
112	150	ENTRY_BEGIN
113	151	MATCH opcode qtype qname
114	152	ADJUST copy_id

169	207	; ns.example.com.
170	208	RANGE_BEGIN 0 100
171	209	ADDRESS 1.2.3.55
	210	ENTRY_BEGIN
	211	MATCH opcode qtype qname
	212	ADJUST copy_id
	213	REPLY QR NOERROR
	214	SECTION QUESTION
	215	example.com. IN NS
	216	SECTION ANSWER
	217	example.com. IN NS ns.example.com.
	218	SECTION ADDITIONAL
	219	ns.example.com. IN A 1.2.3.55
	220	ENTRY_END
	221
172	222	ENTRY_BEGIN
173	223	MATCH opcode qtype qname
174	224	ADJUST copy_id

242	292	RANGE_BEGIN 0 100
243	293	ADDRESS 1.2.3.6
244	294
	295	ENTRY_BEGIN
	296	MATCH opcode qtype qname
	297	ADJUST copy_id
	298	REPLY QR NOERROR
	299	SECTION QUESTION
	300	sub.example.com. IN NS
	301	SECTION ANSWER
	302	sub.example.com. IN NS ns.sub.example.com.
	303	sub.example.com. IN NS ns.example.net.
	304	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
	305	SECTION ADDITIONAL
	306	ns.sub.example.com. IN A 1.2.3.6
	307	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	308	ENTRY_END
	309
245	310	; response to DNSKEY priming query
246	311	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
247	312	ENTRY_BEGIN

266	331	www.sub.example.com. IN A 11.11.11.11
267	332	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
268	333	ENTRY_END
	334
	335	ENTRY_BEGIN
	336	MATCH opcode qtype qname
	337	ADJUST copy_id
	338	REPLY QR AA NOERROR
	339	SECTION QUESTION
	340	ns.sub.example.com. IN AAAA
	341	SECTION ANSWER
	342	ENTRY_END
269	343	RANGE_END
270	344
271	345

+103

-11

testdata/iter_dnsseclame_ta.rpl less more

26	26	ENTRY_END
27	27
28	28	ENTRY_BEGIN
29		MATCH opcode qtype qname
30		ADJUST copy_id
31		REPLY QR NOERROR
32		SECTION QUESTION
33		www.example.com. IN A
	29	MATCH opcode subdomain
	30	ADJUST copy_id copy_query
	31	REPLY QR NOERROR
	32	SECTION QUESTION
	33	com. IN A
34	34	SECTION AUTHORITY
35	35	com. IN NS a.gtld-servers.net.
36	36	SECTION ADDITIONAL

38	38	ENTRY_END
39	39
40	40	ENTRY_BEGIN
41		MATCH opcode qtype qname
42		ADJUST copy_id
43		REPLY QR NOERROR
44		SECTION QUESTION
45		ns.example.net. IN A
	41	MATCH opcode subdomain
	42	ADJUST copy_id copy_query
	43	REPLY QR NOERROR
	44	SECTION QUESTION
	45	net. IN A
46	46	SECTION AUTHORITY
47	47	net. IN NS e.gtld-servers.net.
48	48	SECTION ADDITIONAL

70	70	ADJUST copy_id
71	71	REPLY QR NOERROR
72	72	SECTION QUESTION
73		www.example.com. IN A
	73	com. IN NS
	74	SECTION ANSWER
	75	com. IN NS a.gtld-servers.net.
	76	SECTION ADDITIONAL
	77	a.gtld-servers.net. IN A 192.5.6.30
	78	ENTRY_END
	79
	80	ENTRY_BEGIN
	81	MATCH opcode subdomain
	82	ADJUST copy_id copy_query
	83	REPLY QR NOERROR
	84	SECTION QUESTION
	85	example.com. IN A
74	86	SECTION AUTHORITY
75	87	example.com. IN NS ns.example.com.
76	88	example.com. IN NS ns.example.net.

89	101	ADJUST copy_id
90	102	REPLY QR NOERROR
91	103	SECTION QUESTION
	104	net. IN NS
	105	SECTION ANSWER
	106	net. IN NS e.gtld-servers.net.
	107	SECTION ADDITIONAL
	108	e.gtld-servers.net. IN A 192.12.94.30
	109	ENTRY_END
	110
	111	ENTRY_BEGIN
	112	MATCH opcode qtype qname
	113	ADJUST copy_id
	114	REPLY QR NOERROR
	115	SECTION QUESTION
	116	a.gtld-servers.net. IN AAAA
	117	SECTION ANSWER
	118	ENTRY_END
	119
	120	ENTRY_BEGIN
	121	MATCH opcode qtype qname
	122	ADJUST copy_id
	123	REPLY QR NOERROR
	124	SECTION QUESTION
	125	e.gtld-servers.net. IN AAAA
	126	SECTION ANSWER
	127	ENTRY_END
	128
	129	ENTRY_BEGIN
	130	MATCH opcode qtype qname
	131	ADJUST copy_id
	132	REPLY QR NOERROR
	133	SECTION QUESTION
92	134	ns.example.net. IN A
93	135	SECTION AUTHORITY
94	136	example.net. IN NS ns.example.net.

112	154	; ns.example.net.
113	155	RANGE_BEGIN 0 100
114	156	ADDRESS 1.2.3.44
	157	ENTRY_BEGIN
	158	MATCH opcode qtype qname
	159	ADJUST copy_id
	160	REPLY QR NOERROR
	161	SECTION QUESTION
	162	example.net. IN NS
	163	SECTION ANSWER
	164	example.net. IN NS ns.example.net.
	165	SECTION ADDITIONAL
	166	ns.example.net. IN A 1.2.3.44
	167	ENTRY_END
	168
115	169	ENTRY_BEGIN
116	170	MATCH opcode qtype qname
117	171	ADJUST copy_id

151	205	ENTRY_BEGIN
152	206	MATCH opcode qtype qname
153	207	ADJUST copy_id
	208	REPLY QR NOERROR
	209	SECTION QUESTION
	210	example.com. IN NS
	211	SECTION ANSWER
	212	example.com. IN NS ns.example.com.
	213	example.com. IN NS ns.example.net.
	214	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134802 20070829134802 2854 example.com. AJwwYIUGH7HgjehzPVkrVUFmFkSGGksGjUX+/zqpCOG9a/cgGC+n40I= ;{id = 2854}
	215	SECTION ADDITIONAL
	216	ns.example.com. IN A 1.2.3.55
	217	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134802 20070829134802 2854 example.com. ABUu7ITHLl6vfuWzedIp03igXknUR1gYPBl8X6uIDrvraN1bjQJPXME= ;{id = 2854}
	218	ENTRY_END
	219
	220	ENTRY_BEGIN
	221	MATCH opcode qtype qname
	222	ADJUST copy_id
154	223	REPLY QR AA NOERROR
155	224	SECTION QUESTION
156	225	www.example.com. IN A

158	227	www.example.com. IN A 10.20.30.40
159	228	www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
160	229	ENTRY_END
	230
	231	ENTRY_BEGIN
	232	MATCH opcode qtype qname
	233	ADJUST copy_id
	234	REPLY QR AA NOERROR
	235	SECTION QUESTION
	236	ns.example.com. IN AAAA
	237	SECTION ANSWER
	238	ENTRY_END
161	239	RANGE_END
162	240
163	241	; ns.example.com.

191	269	example.com. IN DNSKEY
192	270	SECTION ANSWER
193	271	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	272	ENTRY_END
	273
	274	; lame NS response
	275	ENTRY_BEGIN
	276	MATCH opcode qtype qname
	277	ADJUST copy_id
	278	REPLY QR NOERROR
	279	SECTION QUESTION
	280	example.com. IN NS
	281	SECTION ANSWER
	282	example.com. IN NS ns.example.com.
	283	example.com. IN NS ns.example.net.
	284	SECTION ADDITIONAL
	285	ns.example.com. IN A 1.2.3.55
194	286	ENTRY_END
195	287
196	288	; the lame response. No RRSIGS.

+76

-0

testdata/iter_dnsseclame_ta_ok.rpl less more

1	1	server:
2	2	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
3	3	val-override-date: "20070916134226"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

70	71	ADJUST copy_id
71	72	REPLY QR NOERROR
72	73	SECTION QUESTION
	74	com. IN NS
	75	SECTION ANSWER
	76	com. IN NS a.gtld-servers.net.
	77	SECTION ADDITIONAL
	78	a.gtld-servers.net. IN A 192.5.6.30
	79	ENTRY_END
	80
	81	ENTRY_BEGIN
	82	MATCH opcode qtype qname
	83	ADJUST copy_id
	84	REPLY QR NOERROR
	85	SECTION QUESTION
73	86	www.example.com. IN A
74	87	SECTION AUTHORITY
75	88	example.com. IN NS ns.example.com.

87	100	ADJUST copy_id
88	101	REPLY QR NOERROR
89	102	SECTION QUESTION
	103	net. IN NS
	104	SECTION ANSWER
	105	net. IN NS e.gtld-servers.net.
	106	SECTION ADDITIONAL
	107	e.gtld-servers.net. IN A 192.12.94.30
	108	ENTRY_END
	109
	110	ENTRY_BEGIN
	111	MATCH opcode qtype qname
	112	ADJUST copy_id
	113	REPLY QR NOERROR
	114	SECTION QUESTION
90	115	ns.example.net. IN A
91	116	SECTION AUTHORITY
92	117	example.net. IN NS ns.example.net.

113	138	ENTRY_BEGIN
114	139	MATCH opcode qtype qname
115	140	ADJUST copy_id
	141	REPLY QR NOERROR
	142	SECTION QUESTION
	143	example.net. IN NS
	144	SECTION ANSWER
	145	example.net. IN NS ns.example.net.
	146	SECTION ADDITIONAL
	147	ns.example.net. IN A 1.2.3.44
	148	ENTRY_END
	149
	150	ENTRY_BEGIN
	151	MATCH opcode qtype qname
	152	ADJUST copy_id
116	153	REPLY QR AA NOERROR
117	154	SECTION QUESTION
118	155	ns.example.net. IN A

132	169	example.net. IN NS ns.example.net.
133	170	SECTION ADDITIONAL
134	171	ns.example.net. IN A 1.2.3.44
	172	ENTRY_END
	173
	174	ENTRY_BEGIN
	175	MATCH opcode qtype qname
	176	ADJUST copy_id
	177	REPLY QR NOERROR
	178	SECTION QUESTION
	179	example.com. IN NS
	180	SECTION ANSWER
	181	example.com. IN NS ns.example.com.
	182	example.com. IN NS ns.example.net.
	183	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134802 20070829134802 2854 example.com. AJwwYIUGH7HgjehzPVkrVUFmFkSGGksGjUX+/zqpCOG9a/cgGC+n40I= ;{id = 2854}
	184	SECTION ADDITIONAL
	185	ns.example.com. IN A 1.2.3.55
	186	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134802 20070829134802 2854 example.com. ABUu7ITHLl6vfuWzedIp03igXknUR1gYPBl8X6uIDrvraN1bjQJPXME= ;{id = 2854}
135	187	ENTRY_END
136	188
137	189	; response to DNSKEY priming query

156	208	www.example.com. IN A 10.20.30.40
157	209	www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
158	210	ENTRY_END
	211
	212	ENTRY_BEGIN
	213	MATCH opcode qtype qname
	214	ADJUST copy_id
	215	REPLY QR AA NOERROR
	216	SECTION QUESTION
	217	ns.example.com. IN AAAA
	218	SECTION ANSWER
	219	ENTRY_END
159	220	RANGE_END
160	221
161	222	; ns.example.com.

191	252	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
192	253	ENTRY_END
193	254
	255	ENTRY_BEGIN
	256	MATCH opcode qtype qname
	257	ADJUST copy_id
	258	REPLY QR NOERROR
	259	SECTION QUESTION
	260	example.com. IN NS
	261	SECTION ANSWER
	262	example.com. IN NS ns.example.com.
	263	example.com. IN NS ns.example.net.
	264	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134802 20070829134802 2854 example.com. AJwwYIUGH7HgjehzPVkrVUFmFkSGGksGjUX+/zqpCOG9a/cgGC+n40I= ;{id = 2854}
	265	SECTION ADDITIONAL
	266	ns.example.com. IN A 1.2.3.55
	267	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134802 20070829134802 2854 example.com. ABUu7ITHLl6vfuWzedIp03igXknUR1gYPBl8X6uIDrvraN1bjQJPXME= ;{id = 2854}
	268	ENTRY_END
	269
194	270	; response is not lame.
195	271	ENTRY_BEGIN
196	272	MATCH opcode qtype qname

+38

-2

testdata/iter_donotq127.rpl less more

30	30	ADJUST copy_id
31	31	REPLY QR NOERROR
32	32	SECTION QUESTION
33		www.example.com. IN A
	33	a.gtld-servers.net. IN AAAA
	34	SECTION ANSWER
	35	ENTRY_END
	36
	37	ENTRY_BEGIN
	38	MATCH opcode subdomain
	39	ADJUST copy_id copy_query
	40	REPLY QR NOERROR
	41	SECTION QUESTION
	42	com. IN A
34	43	SECTION AUTHORITY
35	44	com. IN NS a.gtld-servers.net.
36	45	SECTION ADDITIONAL

46	55	ADJUST copy_id
47	56	REPLY QR NOERROR
48	57	SECTION QUESTION
49		www.example.com. IN A
	58	com. IN NS
	59	SECTION ANSWER
	60	com. IN NS a.gtld-servers.net.
	61	SECTION ADDITIONAL
	62	a.gtld-servers.net. IN A 192.5.6.30
	63	ENTRY_END
	64
	65	ENTRY_BEGIN
	66	MATCH opcode subdomain
	67	ADJUST copy_id copy_query
	68	REPLY QR NOERROR
	69	SECTION QUESTION
	70	example.com. IN A
50	71	SECTION AUTHORITY
51	72	example.com. IN NS ns.example.com.
52	73	example.com. IN NS ns2.example.com.

60	81	; ns.example.com.
61	82	RANGE_BEGIN 0 100
62	83	ADDRESS 1.2.3.4
	84	ENTRY_BEGIN
	85	MATCH opcode qtype qname
	86	ADJUST copy_id
	87	REPLY QR NOERROR
	88	SECTION QUESTION
	89	example.com. IN NS
	90	SECTION ANSWER
	91	example.com. IN NS ns.example.com.
	92	example.com. IN NS ns2.example.com.
	93	SECTION ADDITIONAL
	94	;ns.example.com. IN A 1.2.3.4
	95	ns.example.com. IN A 127.255.255.255
	96	ns2.example.com. IN A 127.0.0.2
	97	ENTRY_END
	98
63	99	ENTRY_BEGIN
64	100	MATCH opcode qtype qname
65	101	ADJUST copy_id

+85

-15

testdata/iter_emptydp.rpl less more

27	27	ENTRY_END
28	28
29	29	ENTRY_BEGIN
30		MATCH opcode qtype qname
31		ADJUST copy_id
32		REPLY QR NOERROR
33		SECTION QUESTION
34		www.example.com. IN A
	30	MATCH opcode subdomain
	31	ADJUST copy_id copy_query
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	com. IN A
35	35	SECTION AUTHORITY
36	36	com. IN NS a.gtld-servers.net.
37	37
38	38	; sneak in some data into the cache to simulate partial data after timeouts
	39	; gets scrubbed anyway.
39	40	example.net. NS ns.example.net.
40	41
41	42	SECTION ADDITIONAL

43	44	ENTRY_END
44	45
45	46	ENTRY_BEGIN
46		MATCH opcode qname
47		ADJUST copy_id copy_query
48		REPLY QR NOERROR
49		SECTION QUESTION
50		ns.example.net. IN A
	47	MATCH opcode subdomain
	48	ADJUST copy_id copy_query
	49	REPLY QR NOERROR
	50	SECTION QUESTION
	51	net. IN A
51	52	SECTION AUTHORITY
52	53	net. IN NS a.gtld-servers.net.
53	54	SECTION ADDITIONAL

60	61	ADDRESS 192.5.6.30
61	62	; com zone
62	63	ENTRY_BEGIN
63		MATCH opcode qtype qname
64		ADJUST copy_id
65		REPLY QR NOERROR
66		SECTION QUESTION
67		www.example.com. IN A
	64	MATCH opcode qname
	65	ADJUST copy_id copy_query
	66	REPLY QR NOERROR
	67	SECTION QUESTION
	68	com. IN NS
	69	SECTION ANSWER
	70	com. IN NS a.gtld-servers.net.
	71	SECTION ADDITIONAL
	72	a.gtld-servers.net. IN A 192.5.6.30
	73	ENTRY_END
	74
	75	ENTRY_BEGIN
	76	MATCH opcode subdomain
	77	ADJUST copy_id copy_query
	78	REPLY QR NOERROR
	79	SECTION QUESTION
	80	example.com. IN A
68	81	SECTION AUTHORITY
69	82	example.com. IN NS ns.example.net.
70	83	SECTION ADDITIONAL
71	84	ENTRY_END
72	85
73	86	; net zone
	87	ENTRY_BEGIN
	88	MATCH opcode qname
	89	ADJUST copy_id copy_query
	90	REPLY QR NOERROR
	91	SECTION QUESTION
	92	net. IN NS
	93	SECTION ANSWER
	94	net. IN NS a.gtld-servers.net.
	95	SECTION ADDITIONAL
	96	a.gtld-servers.net. IN A 192.5.6.30
	97	ENTRY_END
	98
	99	ENTRY_BEGIN
	100	MATCH opcode qname
	101	ADJUST copy_id copy_query
	102	REPLY QR NOERROR
	103	SECTION QUESTION
	104	a.gtld-servers.net. IN AAAA
	105	SECTION ANSWER
	106	ENTRY_END
	107
74	108	ENTRY_BEGIN
75	109	MATCH opcode qname
76	110	ADJUST copy_id copy_query

89	123	ADDRESS 1.2.3.4
90	124	; example.net. zone
91	125	ENTRY_BEGIN
	126	MATCH opcode qname
	127	ADJUST copy_id copy_query
	128	REPLY QR NOERROR
	129	SECTION QUESTION
	130	example.net. IN NS
	131	SECTION ANSWER
	132	example.net. NS ns.example.net.
	133	SECTION ADDITIONAL
	134	ns.example.net. IN A 1.2.3.4
	135	ENTRY_END
	136
	137	ENTRY_BEGIN
92	138	MATCH opcode qtype qname
93	139	ADJUST copy_id
94	140	REPLY QR AA NOERROR

108	154	ENTRY_END
109	155
110	156	; example.com. zone
	157	ENTRY_BEGIN
	158	MATCH opcode qname qtype
	159	ADJUST copy_id copy_query
	160	REPLY QR NOERROR
	161	SECTION QUESTION
	162	example.com. IN NS
	163	SECTION ANSWER
	164	example.com. IN NS ns.example.com.
	165	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	166	SECTION ADDITIONAL
	167	ns.example.com. IN A 1.2.3.4
	168	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	169	ENTRY_END
	170
	171	ENTRY_BEGIN
	172	MATCH opcode qname qtype
	173	ADJUST copy_id copy_query
	174	REPLY QR NOERROR
	175	SECTION QUESTION
	176	ns.example.com. IN AAAA
	177	SECTION ANSWER
	178	; bogus
	179	ENTRY_END
	180
111	181	; response to DNSKEY priming query
112	182	ENTRY_BEGIN
113	183	MATCH opcode qtype qname

+176

-20

testdata/iter_emptydp_for_glue.rpl less more

35	35	ENTRY_END
36	36
37	37	ENTRY_BEGIN
38		MATCH opcode qtype qname
39		ADJUST copy_id
40		REPLY QR NOERROR
41		SECTION QUESTION
42		www.example.com. IN A
	38	MATCH opcode subdomain
	39	ADJUST copy_id copy_query
	40	REPLY QR NOERROR
	41	SECTION QUESTION
	42	com. IN A
43	43	SECTION AUTHORITY
44	44	com. IN NS a.gtld-servers.net.
45	45
46	46	; sneak in some data into the cache to simulate partial data after timeouts
	47	; gets scrubbed away now ....
47	48	example.com. NS ns.example.net.
48	49	example.com. NS ns.example.org.
49	50	example.net. NS ns.example.net.

56	57	ENTRY_END
57	58
58	59	ENTRY_BEGIN
59		MATCH opcode qname
60		ADJUST copy_id copy_query
61		REPLY QR NOERROR
62		SECTION QUESTION
63		ns.example.net. IN A
	60	MATCH opcode subdomain
	61	ADJUST copy_id copy_query
	62	REPLY QR NOERROR
	63	SECTION QUESTION
	64	net. IN A
64	65	SECTION AUTHORITY
65	66	net. IN NS a.gtld-servers.net.
66	67	SECTION ADDITIONAL

68	69	ENTRY_END
69	70
70	71	ENTRY_BEGIN
71		MATCH opcode qname
72		ADJUST copy_id copy_query
73		REPLY QR NOERROR
74		SECTION QUESTION
75		ns.example.org. IN A
	72	MATCH opcode subdomain
	73	ADJUST copy_id copy_query
	74	REPLY QR NOERROR
	75	SECTION QUESTION
	76	org. IN A
76	77	SECTION AUTHORITY
77	78	org. IN NS a.gtld-servers.net.
78	79	SECTION ADDITIONAL

85	86	ADDRESS 192.5.6.30
86	87	; com zone
87	88	ENTRY_BEGIN
88		MATCH opcode qtype qname
89		ADJUST copy_id
90		REPLY QR NOERROR
91		SECTION QUESTION
92		www.example.com. IN A
	89	MATCH opcode qname
	90	ADJUST copy_id copy_query
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	com. IN A
	94	SECTION ANSWER
	95	com. IN NS a.gtld-servers.net.
	96	SECTION ADDITIONAL
	97	a.gtld-servers.net. IN A 192.5.6.30
	98	ENTRY_END
	99
	100	ENTRY_BEGIN
	101	MATCH opcode subdomain
	102	ADJUST copy_id copy_query
	103	REPLY QR NOERROR
	104	SECTION QUESTION
	105	example.com. IN A
93	106	SECTION AUTHORITY
94	107	example.com. NS ns.example.net.
95	108	example.com. NS ns.example.org.

103	116	ADJUST copy_id copy_query
104	117	REPLY QR NOERROR
105	118	SECTION QUESTION
	119	net. IN A
	120	SECTION ANSWER
	121	net. IN NS a.gtld-servers.net.
	122	SECTION ADDITIONAL
	123	a.gtld-servers.net. IN A 192.5.6.30
	124	ENTRY_END
	125
	126	ENTRY_BEGIN
	127	MATCH opcode qname
	128	ADJUST copy_id copy_query
	129	REPLY QR NOERROR
	130	SECTION QUESTION
	131	a.gtld-servers.net. IN AAAA
	132	SECTION ANSWER
	133	ENTRY_END
	134
	135	ENTRY_BEGIN
	136	MATCH opcode qname
	137	ADJUST copy_id copy_query
	138	REPLY QR NOERROR
	139	SECTION QUESTION
106	140	ns.example.net. IN A
107	141	SECTION AUTHORITY
108	142	example.net. NS ns.example.net.

112	146	ENTRY_END
113	147
114	148	; org zone
	149	ENTRY_BEGIN
	150	MATCH opcode qname
	151	ADJUST copy_id copy_query
	152	REPLY QR NOERROR
	153	SECTION QUESTION
	154	org. IN A
	155	SECTION ANSWER
	156	org. IN NS a.gtld-servers.net.
	157	SECTION ADDITIONAL
	158	a.gtld-servers.net. IN A 192.5.6.30
	159	ENTRY_END
	160
115	161	ENTRY_BEGIN
116	162	MATCH opcode qname
117	163	ADJUST copy_id copy_query

131	177	ADDRESS 1.2.3.4
132	178	; example.org. zone
133	179	ENTRY_BEGIN
	180	MATCH opcode qname
	181	ADJUST copy_id copy_query
	182	REPLY QR NOERROR
	183	SECTION QUESTION
	184	example.org. IN NS
	185	SECTION ANSWER
	186	example.org. NS ns.example.net.
	187	example.org. NS ns.example.org.
	188	SECTION ADDITIONAL
	189	ns.example.org. IN A 1.2.3.5
	190	ENTRY_END
	191
	192	ENTRY_BEGIN
134	193	MATCH opcode qtype qname
135	194	ADJUST copy_id
136	195	REPLY QR AA NOERROR

151	210
152	211	; example.net. zone
153	212	ENTRY_BEGIN
	213	MATCH opcode qname
	214	ADJUST copy_id copy_query
	215	REPLY QR NOERROR
	216	SECTION QUESTION
	217	example.net. IN NS
	218	SECTION ANSWER
	219	example.net. NS ns.example.net.
	220	example.net. NS ns.example.org.
	221	SECTION ADDITIONAL
	222	ns.example.net. IN A 1.2.3.4
	223	ENTRY_END
	224
	225	ENTRY_BEGIN
154	226	MATCH opcode qtype qname
155	227	ADJUST copy_id
156	228	REPLY QR AA NOERROR

170	242	ENTRY_END
171	243
172	244	; example.com. zone
	245	ENTRY_BEGIN
	246	MATCH opcode qtype qname
	247	ADJUST copy_id
	248	REPLY QR NOERROR
	249	SECTION QUESTION
	250	example.com. IN NS
	251	SECTION ANSWER
	252	example.com. IN NS ns.example.com.
	253	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	254	SECTION ADDITIONAL
	255	ns.example.com. IN A 1.2.3.4
	256	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	257	ENTRY_END
	258
	259	ENTRY_BEGIN
	260	MATCH opcode qtype qname
	261	ADJUST copy_id
	262	REPLY QR NOERROR
	263	SECTION QUESTION
	264	ns.example.com. IN AAAA
	265	SECTION ANSWER
	266	; bogus message.
	267	ENTRY_END
	268
173	269	; response to DNSKEY priming query
174	270	ENTRY_BEGIN
175	271	MATCH opcode qtype qname

213	309
214	310	; example.org. zone
215	311	ENTRY_BEGIN
	312	MATCH opcode qname
	313	ADJUST copy_id copy_query
	314	REPLY QR NOERROR
	315	SECTION QUESTION
	316	example.org. IN NS
	317	SECTION ANSWER
	318	example.org. NS ns.example.net.
	319	example.org. NS ns.example.org.
	320	SECTION ADDITIONAL
	321	ns.example.org. IN A 1.2.3.5
	322	ENTRY_END
	323
	324	ENTRY_BEGIN
216	325	MATCH opcode qtype qname
217	326	ADJUST copy_id
218	327	REPLY QR AA NOERROR

233	342
234	343	; example.net. zone
235	344	ENTRY_BEGIN
	345	MATCH opcode qname
	346	ADJUST copy_id copy_query
	347	REPLY QR NOERROR
	348	SECTION QUESTION
	349	example.net. IN NS
	350	SECTION ANSWER
	351	example.net. NS ns.example.net.
	352	example.net. NS ns.example.org.
	353	SECTION ADDITIONAL
	354	ns.example.net. IN A 1.2.3.4
	355	ENTRY_END
	356
	357	ENTRY_BEGIN
236	358	MATCH opcode qtype qname
237	359	ADJUST copy_id
238	360	REPLY QR AA NOERROR

252	374	ENTRY_END
253	375
254	376	; example.com. zone
	377	ENTRY_BEGIN
	378	MATCH opcode qtype qname
	379	ADJUST copy_id
	380	REPLY QR NOERROR
	381	SECTION QUESTION
	382	example.com. IN NS
	383	SECTION ANSWER
	384	example.com. IN NS ns.example.com.
	385	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	386	SECTION ADDITIONAL
	387	ns.example.com. IN A 1.2.3.4
	388	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	389	ENTRY_END
	390
255	391	; response to DNSKEY priming query
256	392	ENTRY_BEGIN
257	393	MATCH opcode qtype qname

333	469	SECTION ADDITIONAL
334	470	ENTRY_END
335	471
	472	; make sure NS fetch is done.
	473	STEP 14 QUERY
	474	ENTRY_BEGIN
	475	REPLY RD
	476	SECTION QUESTION
	477	example.org. IN NS
	478	ENTRY_END
	479
	480	STEP 15 CHECK_ANSWER
	481	ENTRY_BEGIN
	482	MATCH ; none
	483	REPLY QR RD RA NOERROR
	484	SECTION QUESTION
	485	ns.example.net. IN AAAA
	486	SECTION ANSWER
	487	SECTION AUTHORITY
	488	SECTION ADDITIONAL
	489	ENTRY_END
	490
	491
336	492	SCENARIO_END

+135

-0

testdata/iter_got6only.rpl less more

	0	; config options
	1	server:
	2	do-ip6: no
	3	target-fetch-policy: "0 0 0 0 0 "
	4	stub-zone:
	5	name: "."
	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	7	CONFIG_END
	8
	9	SCENARIO_BEGIN Test iterator when only ip6 in dp but doip6 is no
	10
	11	; K.ROOT-SERVERS.NET.
	12	RANGE_BEGIN 0 100
	13	ADDRESS 193.0.14.129
	14	ENTRY_BEGIN
	15	MATCH opcode qtype qname
	16	ADJUST copy_id
	17	REPLY QR NOERROR
	18	SECTION QUESTION
	19	. IN NS
	20	SECTION ANSWER
	21	. IN NS K.ROOT-SERVERS.NET.
	22	SECTION ADDITIONAL
	23	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	24	ENTRY_END
	25
	26	ENTRY_BEGIN
	27	MATCH opcode qtype qname
	28	ADJUST copy_id
	29	REPLY QR NOERROR
	30	SECTION QUESTION
	31	www.example.com. IN A
	32	SECTION AUTHORITY
	33	com. IN NS a.gtld-servers.net.
	34	SECTION ADDITIONAL
	35	a.gtld-servers.net. IN A 192.5.6.30
	36	ENTRY_END
	37	RANGE_END
	38
	39	; a.gtld-servers.net.
	40	RANGE_BEGIN 0 100
	41	ADDRESS 192.5.6.30
	42	ENTRY_BEGIN
	43	MATCH opcode qtype qname
	44	ADJUST copy_id
	45	REPLY QR NOERROR
	46	SECTION QUESTION
	47	com. IN NS
	48	SECTION ANSWER
	49	com. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53
	54	ENTRY_BEGIN
	55	MATCH opcode qtype qname
	56	ADJUST copy_id
	57	REPLY QR NOERROR
	58	SECTION QUESTION
	59	www.example.com. IN A
	60	SECTION AUTHORITY
	61	example.com. IN NS ns.bla.com.
	62	SECTION ADDITIONAL
	63	; not included
	64	;ns.bla.com. IN A 1.2.3.4
	65
	66	; and this one is useless because do-ip6 is "no"
	67	ns.bla.com. IN AAAA ::53
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	ns.bla.com. IN A
	76	SECTION ANSWER
	77	ns.bla.com. IN A 1.2.3.4
	78	ENTRY_END
	79
	80	RANGE_END
	81
	82	; ns.example.com.
	83	RANGE_BEGIN 0 100
	84	ADDRESS 1.2.3.4
	85	ENTRY_BEGIN
	86	MATCH opcode qtype qname
	87	ADJUST copy_id
	88	REPLY QR NOERROR
	89	SECTION QUESTION
	90	example.com. IN NS
	91	SECTION ANSWER
	92	example.com. IN NS ns.example.com.
	93	SECTION ADDITIONAL
	94	ns.example.com. IN A 1.2.3.4
	95	ENTRY_END
	96
	97	ENTRY_BEGIN
	98	MATCH opcode qtype qname
	99	ADJUST copy_id
	100	REPLY QR NOERROR
	101	SECTION QUESTION
	102	www.example.com. IN A
	103	SECTION ANSWER
	104	www.example.com. IN A 10.20.30.40
	105	SECTION AUTHORITY
	106	example.com. IN NS ns.example.com.
	107	SECTION ADDITIONAL
	108	ns.example.com. IN A 1.2.3.4
	109	ENTRY_END
	110	RANGE_END
	111
	112	STEP 1 QUERY
	113	ENTRY_BEGIN
	114	REPLY RD
	115	SECTION QUESTION
	116	www.example.com. IN A
	117	ENTRY_END
	118
	119	; recursion happens here.
	120	STEP 10 CHECK_ANSWER
	121	ENTRY_BEGIN
	122	MATCH all
	123	REPLY QR RD RA NOERROR
	124	SECTION QUESTION
	125	www.example.com. IN A
	126	SECTION ANSWER
	127	www.example.com. IN A 10.20.30.40
	128	SECTION AUTHORITY
	129	example.com. IN NS ns.example.com.
	130	SECTION ADDITIONAL
	131	ns.example.com. IN A 1.2.3.4
	132	ENTRY_END
	133
	134	SCENARIO_END

+42

-5

testdata/iter_lame_aaaa.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

21	24	ENTRY_END
22	25
23	26	ENTRY_BEGIN
24		MATCH opcode qtype qname
25		ADJUST copy_id
	27	MATCH opcode subdomain
	28	ADJUST copy_id copy_query
26	29	REPLY QR NOERROR
27	30	SECTION QUESTION
28		example.com. IN AAAA
	31	com. IN AAAA
29	32	SECTION AUTHORITY
30	33	com. IN NS a.gtld-servers.net.
31	34	SECTION ADDITIONAL

37	40	RANGE_BEGIN 0 100
38	41	ADDRESS 192.5.6.30
39	42	ENTRY_BEGIN
40		MATCH opcode qtype qname
41		ADJUST copy_id
	43	MATCH opcode subdomain
	44	ADJUST copy_id copy_query
42	45	REPLY QR NOERROR
43	46	SECTION QUESTION
44	47	example.com. IN AAAA

47	50	SECTION ADDITIONAL
48	51	ns.example.com. IN A 1.2.3.4
49	52	ENTRY_END
	53
	54	ENTRY_BEGIN
	55	MATCH opcode qtype qname
	56	ADJUST copy_id
	57	REPLY QR NOERROR
	58	SECTION QUESTION
	59	com. IN NS
	60	SECTION ANSWER
	61	com. IN NS a.gtld-servers.net.
	62	SECTION ADDITIONAL
	63	a.gtld-servers.net. IN A 192.5.6.30
	64	ENTRY_END
50	65	RANGE_END
51	66
52	67	; ns.example.com.
53	68	RANGE_BEGIN 0 100
54	69	ADDRESS 1.2.3.4
	70
	71	ENTRY_BEGIN
	72	MATCH opcode qtype qname
	73	ADJUST copy_id
	74	REPLY QR NOERROR
	75	SECTION QUESTION
	76	ns.example.com. IN AAAA
	77	SECTION ANSWER
	78	ENTRY_END
	79
	80	ENTRY_BEGIN
	81	MATCH opcode qtype qname
	82	ADJUST copy_id
	83	REPLY QR NOERROR
	84	SECTION QUESTION
	85	example.com. IN NS
	86	SECTION ANSWER
	87	example.com. IN NS ns.example.com.
	88	SECTION ADDITIONAL
	89	ns.example.com. IN A 1.2.3.4
	90	ENTRY_END
	91
55	92
56	93	; response to AAAA query
57	94	ENTRY_BEGIN

+51

-0

testdata/iter_lame_noaa.rpl less more

0	0	; config options
	1	server:
	2	harden-referral-path: no
	3	target-fetch-policy: "0 0 0 0 0"
	4
1	5	stub-zone:
2	6	name: "."
3	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

65	69	SECTION QUESTION
66	70	www.example.com. IN A
67	71	ENTRY_END
	72
	73	; answer the NS queries that have been generated
	74	; STEP 62 CHECK_OUT_QUERY
	75	; ENTRY_BEGIN
	76	; MATCH qname qtype opcode
	77	; SECTION QUESTION
	78	; com. IN NS
	79	; ENTRY_END
	80	;
	81	; STEP 63 REPLY
	82	; ; ENTRY_BEGIN
	83	; MATCH opcode qtype qname
	84	; ADJUST copy_id
	85	; REPLY QR AA NOERROR
	86	; SECTION QUESTION
	87	; com. IN NS
	88	; SECTION ANSWER
	89	; com. IN NS a.gtld-servers.net.
	90	; SECTION ADDITIONAL
	91	; a.gtld-servers.net. IN A 192.5.6.30
	92	; ENTRY_END
	93
68	94	STEP 70 REPLY
69	95	ENTRY_BEGIN
70	96	MATCH opcode qtype qname

88	114	SECTION QUESTION
89	115	www.example.com. IN A
90	116	ENTRY_END
	117
	118	; STEP 82 CHECK_OUT_QUERY
	119	; ENTRY_BEGIN
	120	; MATCH qname qtype opcode
	121	; SECTION QUESTION
	122	; example.com. IN NS
	123	; ENTRY_END
	124	;
	125	; STEP 83 REPLY
	126	; ENTRY_BEGIN
	127	; MATCH opcode qtype qname
	128	; ADJUST copy_id
	129	; REPLY QR AA NOERROR
	130	; SECTION QUESTION
	131	; example.com. IN NS
	132	; SECTION ANSWER
	133	; example.com. IN NS ns1.example.com.
	134	; example.com. IN NS ns2.example.com.
	135	; SECTION ADDITIONAL
	136	; ns1.example.com. IN A 168.192.2.2
	137	; ns2.example.com. IN A 168.192.3.3
	138	; ENTRY_END
	139	;
91	140	STEP 90 REPLY
92	141	ENTRY_BEGIN
93	142	MATCH opcode qtype qname

112	161	SECTION QUESTION
113	162	www.example.com. IN A
114	163	ENTRY_END
	164
115	165	STEP 110 REPLY
116	166	ENTRY_BEGIN
117	167	MATCH opcode qtype qname

129	179	ns2.example.com. IN A 168.192.3.3
130	180	ENTRY_END
131	181
	182
132	183	; is the final answer correct?
133	184	STEP 200 CHECK_ANSWER
134	185	ENTRY_BEGIN

+27

-6

testdata/iter_lamescrub.rpl less more

21	21	ENTRY_END
22	22
23	23	ENTRY_BEGIN
24		MATCH opcode qtype qname
25		ADJUST copy_id
	24	MATCH opcode subdomain
	25	ADJUST copy_id copy_query
26	26	REPLY QR NOERROR
27	27	SECTION QUESTION
28		www.example.com. IN A
	28	com. IN A
29	29	SECTION AUTHORITY
30	30	com. IN NS a.gtld-servers.net.
31	31	SECTION ADDITIONAL
32	32	a.gtld-servers.net. IN A 192.5.6.30
	33	ENTRY_END
	34
	35	ENTRY_BEGIN
	36	MATCH opcode qtype qname
	37	ADJUST copy_id
	38	REPLY QR NOERROR
	39	SECTION QUESTION
	40	a.gtld-servers.net. IN AAAA
	41	SECTION ANSWER
33	42	ENTRY_END
34	43	RANGE_END
35	44

41	50	ADJUST copy_id
42	51	REPLY QR NOERROR
43	52	SECTION QUESTION
44		www.example.com. IN A
	53	com. IN NS
	54	SECTION ANSWER
	55	com. IN NS a.gtld-servers.net.
	56	SECTION ADDITIONAL
	57	a.gtld-servers.net. IN A 192.5.6.30
	58	ENTRY_END
	59
	60	ENTRY_BEGIN
	61	MATCH opcode subdomain
	62	ADJUST copy_id
	63	REPLY QR NOERROR
	64	SECTION QUESTION
	65	example.com. IN A
45	66	SECTION AUTHORITY
46	67	example.com. IN NS ns.example.com.
47	68	SECTION ADDITIONAL

54	75	RANGE_BEGIN 0 100
55	76	ADDRESS 1.2.3.4
56	77	ENTRY_BEGIN
57		MATCH opcode qtype qname
58		ADJUST copy_id
	78	MATCH opcode
	79	ADJUST copy_id copy_query
59	80	REPLY QR RD NOERROR
60	81	SECTION QUESTION
61	82	www.example.com. IN A

+278

-0

testdata/iter_ns_spoof.rpl less more

	0	; config options
	1	server:
	2	harden-referral-path: yes
	3	target-fetch-policy: "0 0 0 0 0"
	4	stub-zone:
	5	name: "."
	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	7	CONFIG_END
	8
	9	SCENARIO_BEGIN Test NS record spoof protection.
	10
	11	; K.ROOT-SERVERS.NET.
	12	RANGE_BEGIN 0 100
	13	ADDRESS 193.0.14.129
	14	ENTRY_BEGIN
	15	MATCH opcode qtype qname
	16	ADJUST copy_id
	17	REPLY QR NOERROR
	18	SECTION QUESTION
	19	. IN NS
	20	SECTION ANSWER
	21	. IN NS K.ROOT-SERVERS.NET.
	22	SECTION ADDITIONAL
	23	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	24	ENTRY_END
	25
	26	ENTRY_BEGIN
	27	MATCH opcode subdomain
	28	ADJUST copy_id copy_query
	29	REPLY QR NOERROR
	30	SECTION QUESTION
	31	com. IN NS
	32	SECTION AUTHORITY
	33	com. IN NS a.gtld-servers.net.
	34	SECTION ADDITIONAL
	35	a.gtld-servers.net. IN A 192.5.6.30
	36	ENTRY_END
	37
	38	; for simplicity the root server is authoritative for root-servers.net
	39	; and also for gtld-servers.net
	40	ENTRY_BEGIN
	41	MATCH opcode qtype qname
	42	ADJUST copy_id
	43	REPLY QR AA NOERROR
	44	SECTION QUESTION
	45	K.ROOT-SERVERS.NET. IN A
	46	SECTION ANSWER
	47	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	48	ENTRY_END
	49
	50	ENTRY_BEGIN
	51	MATCH opcode qtype qname
	52	ADJUST copy_id
	53	REPLY QR AA NOERROR
	54	SECTION QUESTION
	55	a.gtld-servers.net. IN A
	56	SECTION ANSWER
	57	a.gtld-servers.net. IN A 192.5.6.30
	58	ENTRY_END
	59
	60	RANGE_END
	61
	62	; a.gtld-servers.net.
	63	RANGE_BEGIN 0 100
	64	ADDRESS 192.5.6.30
	65	ENTRY_BEGIN
	66	MATCH opcode subdomain
	67	ADJUST copy_id copy_query
	68	REPLY QR NOERROR
	69	SECTION QUESTION
	70	example.com. IN NS
	71	SECTION AUTHORITY
	72	example.com. IN NS ns.example.com.
	73	SECTION ADDITIONAL
	74	ns.example.com. IN A 1.2.3.4
	75	ENTRY_END
	76
	77	ENTRY_BEGIN
	78	MATCH opcode qtype qname
	79	ADJUST copy_id
	80	REPLY QR NOERROR
	81	SECTION QUESTION
	82	com. IN NS
	83	SECTION ANSWER
	84	com. IN NS a.gtld-servers.net.
	85	SECTION ADDITIONAL
	86	a.gtld-servers.net. IN A 192.5.6.30
	87	ENTRY_END
	88	RANGE_END
	89
	90	; ns.example.com.
	91	RANGE_BEGIN 0 100
	92	ADDRESS 1.2.3.4
	93	ENTRY_BEGIN
	94	MATCH opcode qtype qname
	95	ADJUST copy_id
	96	REPLY QR NOERROR
	97	SECTION QUESTION
	98	www.example.com. IN A
	99	SECTION ANSWER
	100	www.example.com. IN A 10.20.30.40
	101	SECTION AUTHORITY
	102	example.com. IN NS ns.example.com.
	103	SECTION ADDITIONAL
	104	ns.example.com. IN A 1.2.3.4
	105	ENTRY_END
	106
	107	ENTRY_BEGIN
	108	MATCH opcode qtype qname
	109	ADJUST copy_id
	110	REPLY QR NOERROR
	111	SECTION QUESTION
	112	mail.example.com. IN A
	113	SECTION ANSWER
	114	mail.example.com. IN A 10.20.30.50
	115	SECTION AUTHORITY
	116	example.com. IN NS ns.example.com.
	117	SECTION ADDITIONAL
	118	ns.example.com. IN A 1.2.3.4
	119	ENTRY_END
	120
	121	ENTRY_BEGIN
	122	MATCH opcode qtype qname
	123	ADJUST copy_id
	124	REPLY QR AA NOERROR
	125	SECTION QUESTION
	126	example.com. IN NS
	127	SECTION ANSWER
	128	example.com. IN NS ns.example.com.
	129	SECTION ADDITIONAL
	130	ns.example.com. IN A 1.2.3.4
	131	ENTRY_END
	132
	133	ENTRY_BEGIN
	134	MATCH opcode qtype qname
	135	ADJUST copy_id
	136	REPLY QR AA NOERROR
	137	SECTION QUESTION
	138	ns.example.com. IN A
	139	SECTION ANSWER
	140	ns.example.com. IN A 1.2.3.4
	141	SECTION AUTHORITY
	142	example.com. IN NS ns.example.com.
	143	ENTRY_END
	144
	145	;; answer to the spoofed query ; spoofed reply answer.
	146	; here we put it in the nameserver for ease.
	147	ENTRY_BEGIN
	148	MATCH opcode qtype qname
	149	ADJUST copy_id
	150	REPLY QR NOERROR
	151	SECTION QUESTION
	152	bad123.example.com. IN A
	153	SECTION ANSWER
	154	bad123.example.com. IN A 6.6.6.6
	155	SECTION AUTHORITY
	156	; evil NS set.
	157	example.com. IN NS bad123.example.com.
	158	ENTRY_END
	159
	160	RANGE_END
	161
	162	; evil server
	163	RANGE_BEGIN 0 100
	164	ADDRESS 6.6.6.6
	165	ENTRY_BEGIN
	166	MATCH opcode qtype qname
	167	ADJUST copy_id
	168	REPLY QR NOERROR
	169	SECTION QUESTION
	170	www.example.com. IN A
	171	SECTION ANSWER
	172	www.example.com. IN A 6.6.6.6
	173	SECTION AUTHORITY
	174	example.com. IN NS bad123.example.com.
	175	SECTION ADDITIONAL
	176	bad123.example.com. IN A 6.6.6.6
	177	ENTRY_END
	178
	179	ENTRY_BEGIN
	180	MATCH opcode qtype qname
	181	ADJUST copy_id
	182	REPLY QR NOERROR
	183	SECTION QUESTION
	184	mail.example.com. IN A
	185	SECTION ANSWER
	186	mail.example.com. IN A 6.6.6.6
	187	SECTION AUTHORITY
	188	example.com. IN NS bad123.example.com.
	189	SECTION ADDITIONAL
	190	bad123.example.com. IN A 6.6.6.6
	191	ENTRY_END
	192
	193	ENTRY_BEGIN
	194	MATCH opcode qtype qname
	195	ADJUST copy_id
	196	REPLY QR NOERROR
	197	SECTION QUESTION
	198	bad123.example.com. IN A
	199	SECTION ANSWER
	200	bad123.example.com. IN A 6.6.6.6
	201	SECTION AUTHORITY
	202	; evil NS set.
	203	example.com. IN NS bad123.example.com.
	204	ENTRY_END
	205	RANGE_END
	206
	207	STEP 1 QUERY
	208	ENTRY_BEGIN
	209	REPLY RD
	210	SECTION QUESTION
	211	www.example.com. IN A
	212	ENTRY_END
	213
	214	; recursion happens here.
	215	STEP 10 CHECK_ANSWER
	216	ENTRY_BEGIN
	217	MATCH all
	218	REPLY QR RD RA NOERROR
	219	SECTION QUESTION
	220	www.example.com. IN A
	221	SECTION ANSWER
	222	www.example.com. IN A 10.20.30.40
	223	SECTION AUTHORITY
	224	example.com. IN NS ns.example.com.
	225	SECTION ADDITIONAL
	226	ns.example.com. IN A 1.2.3.4
	227	ENTRY_END
	228
	229	; spoofed query
	230	STEP 20 QUERY
	231	ENTRY_BEGIN
	232	REPLY RD
	233	SECTION QUESTION
	234	bad123.example.com. IN A
	235	ENTRY_END
	236
	237	; recursion happens here.
	238	STEP 30 CHECK_ANSWER
	239	ENTRY_BEGIN
	240	; no matching here, just accept the answer to the spoofed query.
	241	; it is wrong, but only one query ...
	242	; this test is to check further on, that we still have the right nameserver.
	243	;MATCH all
	244	REPLY QR RD RA NOERROR
	245	SECTION QUESTION
	246	bad123.example.com. IN A
	247	SECTION ANSWER
	248	bad123.example.com. IN A 6.6.6.6
	249	SECTION AUTHORITY
	250	example.com. IN NS ns.example.com.
	251	SECTION ADDITIONAL
	252	ns.example.com. IN A 1.2.3.4
	253	ENTRY_END
	254
	255	; a new query
	256	STEP 40 QUERY
	257	ENTRY_BEGIN
	258	REPLY RD
	259	SECTION QUESTION
	260	mail.example.com. IN A
	261	ENTRY_END
	262
	263	STEP 50 CHECK_ANSWER
	264	ENTRY_BEGIN
	265	MATCH all
	266	REPLY QR RD RA NOERROR
	267	SECTION QUESTION
	268	mail.example.com. IN A
	269	SECTION ANSWER
	270	mail.example.com. IN A 10.20.30.50
	271	SECTION AUTHORITY
	272	example.com. IN NS ns.example.com.
	273	SECTION ADDITIONAL
	274	ns.example.com. IN A 1.2.3.4
	275	ENTRY_END
	276
	277	SCENARIO_END

+110

-10

testdata/iter_primenoglue.rpl less more

28	28	ENTRY_END
29	29
30	30	ENTRY_BEGIN
31		MATCH opcode qname
32		ADJUST copy_id copy_query
33		REPLY QR NOERROR
34		SECTION QUESTION
35		K.ROOT-SERVERS.NET. IN A
	31	MATCH opcode subdomain
	32	ADJUST copy_id copy_query
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	net. IN A
36	36	SECTION AUTHORITY
37	37	net. IN NS a.gtld-servers.net.
38	38	SECTION ADDITIONAL

49	49	com. IN NS a.gtld-servers.net.
50	50
51	51	; sneak in some data into the cache to simulate partial data after timeouts
	52	; scrubbed away...
52	53	example.net. NS ns.example.net.
53	54
54	55	SECTION ADDITIONAL

73	74	ADDRESS 192.5.6.30
74	75	; com zone
75	76	ENTRY_BEGIN
76		MATCH opcode qtype qname
77		ADJUST copy_id
78		REPLY QR NOERROR
79		SECTION QUESTION
80		www.example.com. IN A
	77	MATCH opcode qname
	78	ADJUST copy_id copy_query
	79	REPLY QR NOERROR
	80	SECTION QUESTION
	81	com. IN NS
	82	SECTION ANSWER
	83	com. IN NS a.gtld-servers.net.
	84	SECTION ADDITIONAL
	85	a.gtld-servers.net. IN A 192.5.6.30
	86	ENTRY_END
	87
	88	ENTRY_BEGIN
	89	MATCH opcode subdomain
	90	ADJUST copy_id copy_query
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN A
81	94	SECTION AUTHORITY
82	95	example.com. IN NS ns.example.net.
83	96	SECTION ADDITIONAL

89	102	ADJUST copy_id copy_query
90	103	REPLY QR NOERROR
91	104	SECTION QUESTION
	105	net. IN NS
	106	SECTION ANSWER
	107	net. IN NS a.gtld-servers.net.
	108	SECTION ADDITIONAL
	109	a.gtld-servers.net. IN A 192.5.6.30
	110	ENTRY_END
	111
	112	ENTRY_BEGIN
	113	MATCH opcode qtype qname
	114	ADJUST copy_id copy_query
	115	REPLY QR NOERROR
	116	SECTION QUESTION
	117	A.ROOT-SERVERS.NET. IN AAAA
	118	SECTION ANSWER
	119	ENTRY_END
	120
	121	ENTRY_BEGIN
	122	MATCH opcode qname
	123	ADJUST copy_id copy_query
	124	REPLY QR NOERROR
	125	SECTION QUESTION
	126	a.gtld-servers.net. IN AAAA
	127	SECTION ANSWER
	128	ENTRY_END
	129
	130	ENTRY_BEGIN
	131	MATCH opcode qname
	132	ADJUST copy_id copy_query
	133	REPLY QR NOERROR
	134	SECTION QUESTION
92	135	K.ROOT-SERVERS.NET. IN A
93	136	SECTION AUTHORITY
94	137	ROOT-SERVERS.NET. IN NS A.ROOT-SERVERS.NET.
95	138	SECTION ADDITIONAL
96	139	A.ROOT-SERVERS.NET. IN A 198.41.0.4
	140	ENTRY_END
	141
	142	ENTRY_BEGIN
	143	MATCH opcode qname
	144	ADJUST copy_id copy_query
	145	REPLY QR NOERROR
	146	SECTION QUESTION
	147	K.ROOT-SERVERS.NET. IN AAAA
	148	SECTION ANSWER
97	149	ENTRY_END
98	150
99	151	ENTRY_BEGIN

112	164	; A.ROOT-SERVERS.NET.
113	165	RANGE_BEGIN 0 100
114	166	ADDRESS 198.41.0.4
	167	ENTRY_BEGIN
	168	MATCH opcode qname qtype
	169	ADJUST copy_id copy_query
	170	REPLY QR NOERROR
	171	SECTION QUESTION
	172	ROOT-SERVERS.NET. IN NS
	173	SECTION ANSWER
	174	ROOT-SERVERS.NET. IN NS A.ROOT-SERVERS.NET.
	175	SECTION ADDITIONAL
	176	A.ROOT-SERVERS.NET. IN A 198.41.0.4
	177	ENTRY_END
	178
115	179	ENTRY_BEGIN
116	180	MATCH opcode qtype qname
117	181	ADJUST copy_id

138	202	ADDRESS 1.2.3.4
139	203	; example.net. zone
140	204	ENTRY_BEGIN
	205	MATCH opcode qname
	206	ADJUST copy_id copy_query
	207	REPLY QR NOERROR
	208	SECTION QUESTION
	209	example.net. IN NS
	210	SECTION ANSWER
	211	example.net. NS ns.example.net.
	212	SECTION ADDITIONAL
	213	ns.example.net. IN A 1.2.3.4
	214	ENTRY_END
	215
	216	ENTRY_BEGIN
141	217	MATCH opcode qtype qname
142	218	ADJUST copy_id
143	219	REPLY QR AA NOERROR

157	233	ENTRY_END
158	234
159	235	; example.com. zone
	236	ENTRY_BEGIN
	237	MATCH opcode qtype qname
	238	ADJUST copy_id
	239	REPLY QR NOERROR
	240	SECTION QUESTION
	241	example.com. IN NS
	242	SECTION ANSWER
	243	example.com. IN NS ns.example.com.
	244	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	245	SECTION ADDITIONAL
	246	ns.example.com. IN A 1.2.3.4
	247	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	248	ENTRY_END
	249
	250	ENTRY_BEGIN
	251	MATCH opcode qname qtype
	252	ADJUST copy_id copy_query
	253	REPLY QR NOERROR
	254	SECTION QUESTION
	255	ns.example.com. IN AAAA
	256	SECTION ANSWER
	257	ENTRY_END
	258
	259
160	260	; response to DNSKEY priming query
161	261	ENTRY_BEGIN
162	262	MATCH opcode qtype qname

+234

-0

testdata/iter_privaddr.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
	4	private-address: 10.0.0.0/8
	5	private-address: 172.16.0.0/12
	6	private-address: 192.168.0.0/16
	7	private-address: 192.254.0.0/16
	8	private-address: fd00::/8
	9	private-address: fe80::/10
	10
	11	private-domain: "example.net"
	12
	13	stub-zone:
	14	name: "."
	15	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	16
	17	CONFIG_END
	18
	19	SCENARIO_BEGIN Test iterator scrubber with private addresses.
	20
	21	; K.ROOT-SERVERS.NET.
	22	RANGE_BEGIN 0 100
	23	ADDRESS 193.0.14.129
	24	ENTRY_BEGIN
	25	MATCH opcode qtype qname
	26	ADJUST copy_id
	27	REPLY QR NOERROR
	28	SECTION QUESTION
	29	. IN NS
	30	SECTION ANSWER
	31	. IN NS K.ROOT-SERVERS.NET.
	32	SECTION ADDITIONAL
	33	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	34	ENTRY_END
	35
	36	ENTRY_BEGIN
	37	MATCH opcode subdomain
	38	ADJUST copy_id copy_query
	39	REPLY QR NOERROR
	40	SECTION QUESTION
	41	com. IN A
	42	SECTION AUTHORITY
	43	com. IN NS a.gtld-servers.net.
	44	SECTION ADDITIONAL
	45	a.gtld-servers.net. IN A 192.5.6.30
	46	ENTRY_END
	47
	48	; root server authoritative for example.net too.
	49	ENTRY_BEGIN
	50	MATCH opcode qtype qname
	51	ADJUST copy_id
	52	REPLY QR NOERROR
	53	SECTION QUESTION
	54	mail.example.net. IN A
	55	SECTION ANSWER
	56	mail.example.net. IN A 10.20.30.40
	57	ENTRY_END
	58	RANGE_END
	59
	60	; a.gtld-servers.net.
	61	RANGE_BEGIN 0 100
	62	ADDRESS 192.5.6.30
	63	ENTRY_BEGIN
	64	MATCH opcode qtype qname
	65	ADJUST copy_id
	66	REPLY QR NOERROR
	67	SECTION QUESTION
	68	com. IN NS
	69	SECTION ANSWER
	70	com. IN NS a.gtld-servers.net.
	71	SECTION ADDITIONAL
	72	a.gtld-servers.net. IN A 192.5.6.30
	73	ENTRY_END
	74
	75	ENTRY_BEGIN
	76	MATCH opcode subdomain
	77	ADJUST copy_id copy_query
	78	REPLY QR NOERROR
	79	SECTION QUESTION
	80	example.com. IN A
	81	SECTION AUTHORITY
	82	example.com. IN NS ns.example.com.
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ENTRY_END
	86	RANGE_END
	87
	88	; ns.example.com.
	89	RANGE_BEGIN 0 100
	90	ADDRESS 1.2.3.4
	91	ENTRY_BEGIN
	92	MATCH opcode qtype qname
	93	ADJUST copy_id
	94	REPLY QR NOERROR
	95	SECTION QUESTION
	96	example.com. IN NS
	97	SECTION ANSWER
	98	example.com. IN NS ns.example.com.
	99	SECTION ADDITIONAL
	100	ns.example.com. IN A 1.2.3.4
	101	ENTRY_END
	102
	103	ENTRY_BEGIN
	104	MATCH opcode qtype qname
	105	ADJUST copy_id
	106	REPLY QR NOERROR
	107	SECTION QUESTION
	108	ns.example.com. IN AAAA
	109	SECTION ANSWER
	110	ENTRY_END
	111
	112	ENTRY_BEGIN
	113	MATCH opcode qtype qname
	114	ADJUST copy_id
	115	REPLY QR NOERROR
	116	SECTION QUESTION
	117	www.example.com. IN A
	118	SECTION ANSWER
	119	www.example.com. IN A 192.20.30.40
	120	SECTION AUTHORITY
	121	example.com. IN NS ns.example.com.
	122	SECTION ADDITIONAL
	123	ns.example.com. IN A 1.2.3.4
	124	ENTRY_END
	125
	126	ENTRY_BEGIN
	127	MATCH opcode qtype qname
	128	ADJUST copy_id
	129	REPLY QR NOERROR
	130	SECTION QUESTION
	131	mail.example.com. IN AAAA
	132	SECTION ANSWER
	133	mail.example.com. IN AAAA fe80::15
	134	SECTION AUTHORITY
	135	example.com. IN NS ns.example.com.
	136	SECTION ADDITIONAL
	137	ns.example.com. IN A 1.2.3.4
	138	ENTRY_END
	139
	140	ENTRY_BEGIN
	141	MATCH opcode qtype qname
	142	ADJUST copy_id
	143	REPLY QR NOERROR
	144	SECTION QUESTION
	145	foo.example.com. IN A
	146	SECTION ANSWER
	147	foo.example.com. IN A 10.20.30.40
	148	SECTION AUTHORITY
	149	example.com. IN NS ns.example.com.
	150	SECTION ADDITIONAL
	151	ns.example.com. IN A 1.2.3.4
	152	ENTRY_END
	153	RANGE_END
	154
	155	; public address is not scrubbed
	156	STEP 1 QUERY
	157	ENTRY_BEGIN
	158	REPLY RD
	159	SECTION QUESTION
	160	www.example.com. IN A
	161	ENTRY_END
	162
	163	; recursion happens here.
	164	STEP 2 CHECK_ANSWER
	165	ENTRY_BEGIN
	166	MATCH all
	167	REPLY QR RD RA NOERROR
	168	SECTION QUESTION
	169	www.example.com. IN A
	170	SECTION ANSWER
	171	www.example.com. IN A 192.20.30.40
	172	SECTION AUTHORITY
	173	example.com. IN NS ns.example.com.
	174	SECTION ADDITIONAL
	175	ns.example.com. IN A 1.2.3.4
	176	ENTRY_END
	177
	178	; IPv4 address is scrubbed
	179	STEP 3 QUERY
	180	ENTRY_BEGIN
	181	REPLY RD
	182	SECTION QUESTION
	183	foo.example.com. IN A
	184	ENTRY_END
	185
	186	; recursion happens here.
	187	STEP 10 CHECK_ANSWER
	188	ENTRY_BEGIN
	189	MATCH all
	190	REPLY QR RD RA SERVFAIL
	191	SECTION QUESTION
	192	foo.example.com. IN A
	193	SECTION ANSWER
	194	; scrubbed away
	195	;foo.example.com. IN A 10.20.30.40
	196	ENTRY_END
	197
	198	; IPv6 address is scrubbed
	199	STEP 20 QUERY
	200	ENTRY_BEGIN
	201	REPLY RD
	202	SECTION QUESTION
	203	mail.example.com. IN AAAA
	204	ENTRY_END
	205
	206	STEP 30 CHECK_ANSWER
	207	ENTRY_BEGIN
	208	MATCH all
	209	REPLY QR RD RA SERVFAIL
	210	SECTION QUESTION
	211	mail.example.com. IN AAAA
	212	SECTION ANSWER
	213	ENTRY_END
	214
	215	; allowed domain is not scrubbed.
	216	STEP 40 QUERY
	217	ENTRY_BEGIN
	218	REPLY RD
	219	SECTION QUESTION
	220	mail.example.net. IN A
	221	ENTRY_END
	222
	223	STEP 50 CHECK_ANSWER
	224	ENTRY_BEGIN
	225	MATCH all
	226	REPLY QR RD RA NOERROR
	227	SECTION QUESTION
	228	mail.example.net. IN A
	229	SECTION ANSWER
	230	mail.example.net. IN A 10.20.30.40
	231	ENTRY_END
	232
	233	SCENARIO_END

+130

-55

testdata/iter_ranoaa_lame.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

25	28	ENTRY_END
26	29
27	30	ENTRY_BEGIN
28		MATCH opcode qtype qname
29		ADJUST copy_id
30		REPLY QR NOERROR
31		SECTION QUESTION
32		www.example.com. IN A
	31	MATCH opcode subdomain
	32	ADJUST copy_id copy_query
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	com. IN A
33	36	SECTION AUTHORITY
34	37	com. IN NS a.gtld-servers.net.
35	38	SECTION ADDITIONAL

37	40	ENTRY_END
38	41
39	42	ENTRY_BEGIN
40		MATCH opcode qtype qname
41		ADJUST copy_id
42		REPLY QR NOERROR
43		SECTION QUESTION
44		ns.example.net. IN A
	43	MATCH opcode subdomain
	44	ADJUST copy_id copy_query
	45	REPLY QR NOERROR
	46	SECTION QUESTION
	47	net. IN A
45	48	SECTION AUTHORITY
46	49	net. IN NS e.gtld-servers.net.
47	50	SECTION ADDITIONAL
48	51	e.gtld-servers.net. IN A 192.12.94.30
49	52	ENTRY_END
50
51		ENTRY_BEGIN
52		MATCH opcode qtype qname
53		ADJUST copy_id
54		REPLY QR NOERROR
55		SECTION QUESTION
56		ns.example.net. IN AAAA
57		SECTION AUTHORITY
58		net. IN NS e.gtld-servers.net.
59		SECTION ADDITIONAL
60		e.gtld-servers.net. IN A 192.12.94.30
61		ENTRY_END
62	53	RANGE_END
63	54
64	55	; a.gtld-servers.net.

69	60	ADJUST copy_id
70	61	REPLY QR NOERROR
71	62	SECTION QUESTION
72		www.example.com. IN A
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode subdomain
	72	ADJUST copy_id copy_query
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	example.com. IN A
73	76	SECTION AUTHORITY
74	77	example.com. IN NS ns.example.com.
75	78	example.com. IN NS ns.example.net.

88	91	ADJUST copy_id
89	92	REPLY QR NOERROR
90	93	SECTION QUESTION
	94	net. IN NS
	95	SECTION ANSWER
	96	net. IN NS e.gtld-servers.net.
	97	SECTION ADDITIONAL
	98	e.gtld-servers.net. IN A 192.12.94.30
	99	ENTRY_END
	100
	101	ENTRY_BEGIN
	102	MATCH opcode subdomain
	103	ADJUST copy_id copy_query
	104	REPLY QR NOERROR
	105	SECTION QUESTION
	106	example.net. IN A
	107	SECTION AUTHORITY
	108	example.net. IN NS ns.example.net.
	109	SECTION ADDITIONAL
	110	ns.example.net. IN A 1.2.3.44
	111	ENTRY_END
	112	RANGE_END
	113
	114	; ns.example.net.
	115	RANGE_BEGIN 0 100
	116	ADDRESS 1.2.3.44
	117	ENTRY_BEGIN
	118	MATCH opcode qtype qname
	119	ADJUST copy_id
	120	REPLY QR NOERROR
	121	SECTION QUESTION
	122	example.net. IN NS
	123	SECTION ANSWER
	124	example.net. IN NS ns.example.net.
	125	SECTION ADDITIONAL
	126	ns.example.net. IN A 1.2.3.44
	127	ENTRY_END
	128
	129	ENTRY_BEGIN
	130	MATCH opcode qtype qname
	131	ADJUST copy_id
	132	REPLY QR AA NOERROR
	133	SECTION QUESTION
	134	example.com. IN NS
	135	SECTION ANSWER
	136	example.com. IN NS ns.example.com.
	137	example.com. IN NS ns.example.net.
	138	SECTION ADDITIONAL
	139	ns.example.net IN A 1.2.3.44
	140	ENTRY_END
	141
	142	ENTRY_BEGIN
	143	MATCH opcode qtype qname
	144	ADJUST copy_id
	145	REPLY QR NOERROR
	146	SECTION QUESTION
91	147	ns.example.net. IN A
92		SECTION AUTHORITY
93		example.net. IN NS ns.example.net.
94		SECTION ADDITIONAL
95		ns.example.net. IN A 1.2.3.44
	148	SECTION ANSWER
	149	ns.example.net. IN A 1.2.3.44
	150	SECTION AUTHORITY
	151	example.net. IN NS ns.example.net.
96	152	ENTRY_END
97	153
98	154	ENTRY_BEGIN

104	160	SECTION AUTHORITY
105	161	example.net. IN NS ns.example.net.
106	162	SECTION ADDITIONAL
107		ns.example.net. IN A 1.2.3.44
108		ENTRY_END
109		RANGE_END
110
111		; ns.example.net.
112		RANGE_BEGIN 0 100
113		ADDRESS 1.2.3.44
114		ENTRY_BEGIN
115		MATCH opcode qtype qname
116		ADJUST copy_id
117		REPLY QR NOERROR
118		SECTION QUESTION
119		ns.example.net. IN A
120		SECTION ANSWER
121		ns.example.net. IN A 1.2.3.44
122		SECTION AUTHORITY
123		example.net. IN NS ns.example.net.
124		ENTRY_END
125
126		ENTRY_BEGIN
127		MATCH opcode qtype qname
128		ADJUST copy_id
129		REPLY QR NOERROR
130		SECTION QUESTION
131		ns.example.net. IN AAAA
132		SECTION AUTHORITY
133		example.net. IN NS ns.example.net.
134		SECTION ADDITIONAL
135	163	www.example.net. IN A 1.2.3.44
136	164	ENTRY_END
137	165

149	177	SECTION ADDITIONAL
150	178	ns.example.net IN A 1.2.3.44
151	179	ENTRY_END
	180
	181	ENTRY_BEGIN
	182	MATCH opcode qtype qname
	183	ADJUST copy_id
	184	REPLY QR NOERROR
	185	SECTION QUESTION
	186	ns.example.com. IN AAAA
	187	SECTION ANSWER
	188	ENTRY_END
	189
152	190	RANGE_END
153	191
154	192	; ns.example.com.

157	195	ENTRY_BEGIN
158	196	MATCH opcode qtype qname
159	197	ADJUST copy_id
	198	REPLY QR AA NOERROR
	199	SECTION QUESTION
	200	example.com. IN NS
	201	SECTION ANSWER
	202	example.com. IN NS ns.example.com.
	203	example.com. IN NS ns.example.net.
	204	SECTION ADDITIONAL
	205	ns.example.com. IN A 1.2.3.55
	206	ENTRY_END
	207
	208	ENTRY_BEGIN
	209	MATCH opcode qtype qname
	210	ADJUST copy_id
160	211	REPLY QR NOERROR
161	212	SECTION QUESTION
162	213	ns.example.com. IN A
163	214	SECTION ANSWER
164	215	ns.example.com. IN A 1.2.3.55
	216	ENTRY_END
	217
	218	ENTRY_BEGIN
	219	MATCH opcode qtype qname
	220	ADJUST copy_id
	221	REPLY QR NOERROR
	222	SECTION QUESTION
	223	ns.example.com. IN AAAA
	224	SECTION ANSWER
165	225	ENTRY_END
166	226
167	227	ENTRY_BEGIN

214	274	;ns.example.net IN A 1.2.3.44
215	275	ENTRY_END
216	276
	277	; query still pending
	278	STEP 30 QUERY
	279	ENTRY_BEGIN
	280	REPLY RD
	281	SECTION QUESTION
	282	ns.example.net. IN AAAA
	283	ENTRY_END
	284
	285	; query still pending
	286	STEP 40 CHECK_ANSWER
	287	ENTRY_BEGIN
	288	REPLY RD RA
	289	SECTION QUESTION
	290	ENTRY_END
	291
217	292	SCENARIO_END

+165

-0

testdata/iter_reclame_one.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
	4	stub-zone:
	5	name: "."
	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	7	CONFIG_END
	8
	9	SCENARIO_BEGIN Test iterative resolve with a recursion lame server.
	10	; The scenario has a domain with two servers, one is lame the other doesn't
	11	; so depending on the randomly chosen server that goes first, it may
	12	; select the nonlame or the lame server first.
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	example.com. IN NS lame.example.com.
	66	SECTION ADDITIONAL
	67	ns.example.com. IN A 1.2.3.4
	68	lame.example.com. IN A 1.2.3.5
	69	ENTRY_END
	70	RANGE_END
	71
	72	; ns.example.com.
	73	RANGE_BEGIN 0 100
	74	ADDRESS 1.2.3.4
	75	ENTRY_BEGIN
	76	MATCH opcode qtype qname
	77	ADJUST copy_id
	78	REPLY QR AA NOERROR
	79	SECTION QUESTION
	80	example.com. IN NS
	81	SECTION ANSWER
	82	example.com. IN NS ns.example.com.
	83	example.com. IN NS lame.example.com.
	84	SECTION ADDITIONAL
	85	ns.example.com. IN A 1.2.3.4
	86	lame.example.com. IN A 1.2.3.5
	87	ENTRY_END
	88
	89	ENTRY_BEGIN
	90	MATCH opcode qtype qname
	91	ADJUST copy_id
	92	REPLY QR AA NOERROR
	93	SECTION QUESTION
	94	www.example.com. IN A
	95	SECTION ANSWER
	96	www.example.com. IN A 10.20.30.40
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. IN NS lame.example.com.
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	lame.example.com. IN A 1.2.3.5
	103	ENTRY_END
	104	RANGE_END
	105
	106	; lame.example.com.
	107	RANGE_BEGIN 0 100
	108	ADDRESS 1.2.3.5
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR RA NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. IN NS lame.example.com.
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	lame.example.com. IN A 1.2.3.5
	121	ENTRY_END
	122
	123	ENTRY_BEGIN
	124	MATCH opcode qtype qname
	125	ADJUST copy_id
	126	REPLY QR RA NOERROR
	127	SECTION QUESTION
	128	www.example.com. IN A
	129	SECTION ANSWER
	130	www.example.com. IN A 10.20.30.40
	131	SECTION AUTHORITY
	132	example.com. IN NS ns.example.com.
	133	example.com. IN NS lame.example.com.
	134	SECTION ADDITIONAL
	135	ns.example.com. IN A 1.2.3.4
	136	lame.example.com. IN A 1.2.3.5
	137	ENTRY_END
	138	RANGE_END
	139
	140	STEP 1 QUERY
	141	ENTRY_BEGIN
	142	REPLY RD
	143	SECTION QUESTION
	144	www.example.com. IN A
	145	ENTRY_END
	146
	147	; recursion happens here.
	148	STEP 10 CHECK_ANSWER
	149	ENTRY_BEGIN
	150	MATCH all
	151	REPLY QR RD RA NOERROR
	152	SECTION QUESTION
	153	www.example.com. IN A
	154	SECTION ANSWER
	155	www.example.com. IN A 10.20.30.40
	156	SECTION AUTHORITY
	157	example.com. IN NS ns.example.com.
	158	example.com. IN NS lame.example.com.
	159	SECTION ADDITIONAL
	160	ns.example.com. IN A 1.2.3.4
	161	lame.example.com. IN A 1.2.3.5
	162	ENTRY_END
	163
	164	SCENARIO_END

+182

-0

testdata/iter_reclame_two.rpl less more

	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
	4	stub-zone:
	5	name: "."
	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	7	CONFIG_END
	8
	9	SCENARIO_BEGIN Test iterative resolve with two recursion lame servers.
	10	; both servers are recursion lame. The iterator tries both servers,
	11	; but they are both lame. Then it concludes that it only has reclame.
	12
	13	; K.ROOT-SERVERS.NET.
	14	RANGE_BEGIN 0 100
	15	ADDRESS 193.0.14.129
	16	ENTRY_BEGIN
	17	MATCH opcode qtype qname
	18	ADJUST copy_id
	19	REPLY QR NOERROR
	20	SECTION QUESTION
	21	. IN NS
	22	SECTION ANSWER
	23	. IN NS K.ROOT-SERVERS.NET.
	24	SECTION ADDITIONAL
	25	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	26	ENTRY_END
	27
	28	ENTRY_BEGIN
	29	MATCH opcode subdomain
	30	ADJUST copy_id copy_query
	31	REPLY QR NOERROR
	32	SECTION QUESTION
	33	com. IN A
	34	SECTION AUTHORITY
	35	com. IN NS a.gtld-servers.net.
	36	SECTION ADDITIONAL
	37	a.gtld-servers.net. IN A 192.5.6.30
	38	ENTRY_END
	39	RANGE_END
	40
	41	; a.gtld-servers.net.
	42	RANGE_BEGIN 0 100
	43	ADDRESS 192.5.6.30
	44	ENTRY_BEGIN
	45	MATCH opcode qtype qname
	46	ADJUST copy_id
	47	REPLY QR NOERROR
	48	SECTION QUESTION
	49	com. IN NS
	50	SECTION ANSWER
	51	com. IN NS a.gtld-servers.net.
	52	SECTION ADDITIONAL
	53	a.gtld-servers.net. IN A 192.5.6.30
	54	ENTRY_END
	55
	56	ENTRY_BEGIN
	57	MATCH opcode subdomain
	58	ADJUST copy_id copy_query
	59	REPLY QR NOERROR
	60	SECTION QUESTION
	61	example.com. IN A
	62	SECTION AUTHORITY
	63	example.com. IN NS ns.example.com.
	64	example.com. IN NS lame.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	lame.example.com. IN A 1.2.3.5
	68	ENTRY_END
	69	RANGE_END
	70
	71	; ns.example.com.
	72	RANGE_BEGIN 0 100
	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR RA NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. IN NS lame.example.com.
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	lame.example.com. IN A 1.2.3.5
	86	ENTRY_END
	87
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR RA NOERROR
	92	SECTION QUESTION
	93	ns.example.com. IN AAAA
	94	SECTION ANSWER
	95	ENTRY_END
	96
	97	ENTRY_BEGIN
	98	MATCH opcode qtype qname
	99	ADJUST copy_id
	100	REPLY QR RA NOERROR
	101	SECTION QUESTION
	102	lame.example.com. IN AAAA
	103	SECTION ANSWER
	104	ENTRY_END
	105
	106	ENTRY_BEGIN
	107	MATCH opcode qtype qname
	108	ADJUST copy_id
	109	REPLY QR RA NOERROR
	110	SECTION QUESTION
	111	www.example.com. IN A
	112	SECTION ANSWER
	113	www.example.com. IN A 10.20.30.40
	114	SECTION AUTHORITY
	115	example.com. IN NS ns.example.com.
	116	example.com. IN NS lame.example.com.
	117	SECTION ADDITIONAL
	118	ns.example.com. IN A 1.2.3.4
	119	lame.example.com. IN A 1.2.3.5
	120	ENTRY_END
	121	RANGE_END
	122
	123	; lame.example.com.
	124	RANGE_BEGIN 0 100
	125	ADDRESS 1.2.3.5
	126	ENTRY_BEGIN
	127	MATCH opcode qtype qname
	128	ADJUST copy_id
	129	REPLY QR RA NOERROR
	130	SECTION QUESTION
	131	example.com. IN NS
	132	SECTION ANSWER
	133	example.com. IN NS ns.example.com.
	134	example.com. IN NS lame.example.com.
	135	SECTION ADDITIONAL
	136	ns.example.com. IN A 1.2.3.4
	137	lame.example.com. IN A 1.2.3.5
	138	ENTRY_END
	139
	140	ENTRY_BEGIN
	141	MATCH opcode
	142	ADJUST copy_id copy_query
	143	REPLY QR RA NOERROR
	144	SECTION QUESTION
	145	www.example.com. IN A
	146	SECTION ANSWER
	147	www.example.com. IN A 10.20.30.40
	148	SECTION AUTHORITY
	149	example.com. IN NS ns.example.com.
	150	example.com. IN NS lame.example.com.
	151	SECTION ADDITIONAL
	152	ns.example.com. IN A 1.2.3.4
	153	lame.example.com. IN A 1.2.3.5
	154	ENTRY_END
	155	RANGE_END
	156
	157	STEP 1 QUERY
	158	ENTRY_BEGIN
	159	REPLY RD
	160	SECTION QUESTION
	161	www.example.com. IN A
	162	ENTRY_END
	163
	164	; recursion happens here.
	165	STEP 10 CHECK_ANSWER
	166	ENTRY_BEGIN
	167	MATCH all
	168	REPLY QR RD RA NOERROR
	169	SECTION QUESTION
	170	www.example.com. IN A
	171	SECTION ANSWER
	172	www.example.com. IN A 10.20.30.40
	173	SECTION AUTHORITY
	174	example.com. IN NS ns.example.com.
	175	example.com. IN NS lame.example.com.
	176	SECTION ADDITIONAL
	177	ns.example.com. IN A 1.2.3.4
	178	lame.example.com. IN A 1.2.3.5
	179	ENTRY_END
	180
	181	SCENARIO_END

+49

-0

testdata/iter_recurse.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

65	68	ADJUST copy_id
66	69	REPLY QR NOERROR
67	70	SECTION QUESTION
	71	com. IN NS
	72	SECTION ANSWER
	73	com. IN NS a.gtld-servers.net.
	74	SECTION ADDITIONAL
	75	a.gtld-servers.net. IN A 192.5.6.30
	76	ENTRY_END
	77
	78	ENTRY_BEGIN
	79	MATCH opcode qtype qname
	80	ADJUST copy_id
	81	REPLY QR NOERROR
	82	SECTION QUESTION
68	83	www.example.com. IN A
69	84	SECTION AUTHORITY
70	85	example.com. IN NS ns.example.net.

79	94	ADJUST copy_id
80	95	REPLY QR NOERROR
81	96	SECTION QUESTION
	97	net. IN NS
	98	SECTION ANSWER
	99	net. IN NS e.gtld-servers.net.
	100	SECTION ADDITIONAL
	101	e.gtld-servers.net. IN A 192.12.94.30
	102	ENTRY_END
	103
	104	ENTRY_BEGIN
	105	MATCH opcode qtype qname
	106	ADJUST copy_id
	107	REPLY QR NOERROR
	108	SECTION QUESTION
82	109	ns.example.net. IN A
83	110	SECTION AUTHORITY
84	111	example.net. IN NS ns.example.net.

107	134	ADJUST copy_id
108	135	REPLY QR NOERROR
109	136	SECTION QUESTION
	137	example.net. IN NS
	138	SECTION ANSWER
	139	example.net. IN NS ns.example.net.
	140	SECTION ADDITIONAL
	141	ns.example.net. IN A 1.2.3.44
	142	ENTRY_END
	143
	144	ENTRY_BEGIN
	145	MATCH opcode qtype qname
	146	ADJUST copy_id
	147	REPLY QR NOERROR
	148	SECTION QUESTION
110	149	ns.example.net. IN A
111	150	SECTION ANSWER
112	151	ns.example.net. IN A 1.2.3.44

124	163	example.net. IN NS ns.example.net.
125	164	SECTION ADDITIONAL
126	165	www.example.net. IN A 1.2.3.44
	166	ENTRY_END
	167
	168	ENTRY_BEGIN
	169	MATCH opcode qtype qname
	170	ADJUST copy_id
	171	REPLY QR NOERROR
	172	SECTION QUESTION
	173	example.com. IN NS
	174	SECTION ANSWER
	175	example.com. IN NS ns.example.net.
127	176	ENTRY_END
128	177
129	178	ENTRY_BEGIN

+32

-5

testdata/iter_req_qname.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

21	24	ENTRY_END
22	25
23	26	ENTRY_BEGIN
24		MATCH opcode qtype qname
25		ADJUST copy_id
	27	MATCH opcode subdomain
	28	ADJUST copy_id copy_query
26	29	REPLY QR NOERROR
27	30	SECTION QUESTION
28		www.example.com. IN A
	31	com. IN A
29	32	SECTION AUTHORITY
30	33	com. IN NS a.gtld-servers.net.
31	34	SECTION ADDITIONAL

41	44	ADJUST copy_id
42	45	REPLY QR NOERROR
43	46	SECTION QUESTION
44		www.example.com. IN A
	47	com. IN NS
	48	SECTION ANSWER
	49	com. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53
	54	ENTRY_BEGIN
	55	MATCH opcode subdomain
	56	ADJUST copy_id copy_query
	57	REPLY QR NOERROR
	58	SECTION QUESTION
	59	example.com. IN A
45	60	SECTION AUTHORITY
46	61	example.com. IN NS ns.example.com.
47	62	SECTION ADDITIONAL

50	65	RANGE_END
51	66
52	67	; ns.example.com.
53		; always the same reply since we cannot match anything from the qsection.
54	68	RANGE_BEGIN 0 100
55	69	ADDRESS 1.2.3.4
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	example.com. IN NS
	76	SECTION ANSWER
	77	example.com. IN NS ns.example.com.
	78	SECTION ADDITIONAL
	79	ns.example.com. IN A 1.2.3.4
	80	ENTRY_END
	81
	82	; always the same reply since we cannot match anything from the qsection.
56	83	ENTRY_BEGIN
57	84	MATCH opcode
58	85	ADJUST copy_id

+27

-0

testdata/iter_resolve.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
	3
1	4	stub-zone:
2	5	name: "."
3	6	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

41	44	ADJUST copy_id
42	45	REPLY QR NOERROR
43	46	SECTION QUESTION
	47	com. IN NS
	48	SECTION ANSWER
	49	com. IN NS a.gtld-servers.net.
	50	SECTION ADDITIONAL
	51	a.gtld-servers.net. IN A 192.5.6.30
	52	ENTRY_END
	53
	54	ENTRY_BEGIN
	55	MATCH opcode qtype qname
	56	ADJUST copy_id
	57	REPLY QR NOERROR
	58	SECTION QUESTION
44	59	www.example.com. IN A
45	60	SECTION AUTHORITY
46	61	example.com. IN NS ns.example.com.

52	67	; ns.example.com.
53	68	RANGE_BEGIN 0 100
54	69	ADDRESS 1.2.3.4
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	example.com. IN NS
	76	SECTION ANSWER
	77	example.com. IN NS ns.example.com.
	78	SECTION ADDITIONAL
	79	ns.example.com. IN A 1.2.3.4
	80	ENTRY_END
	81
55	82	ENTRY_BEGIN
56	83	MATCH opcode qtype qname
57	84	ADJUST copy_id

+44

-0

testdata/iter_scrub_cname_an.rpl less more

0	0	; config options
	1	server:
	2	harden-referral-path: no
	3	target-fetch-policy: "0 0 0 0 0"
	4
1	5	stub-zone:
2	6	name: "."
3	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

59	63	SECTION QUESTION
60	64	www.example.com. IN A
61	65	ENTRY_END
	66
	67	; STEP 62 CHECK_OUT_QUERY
	68	; ENTRY_BEGIN
	69	; MATCH qname qtype opcode
	70	; SECTION QUESTION
	71	; com. IN NS
	72	; ENTRY_END
	73	; STEP 63 REPLY
	74	; ENTRY_BEGIN
	75	; MATCH opcode qtype qname
	76	; ADJUST copy_id
	77	; REPLY QR NOERROR
	78	; SECTION QUESTION
	79	; com. IN NS
	80	; SECTION ANSWER
	81	; com. IN NS a.gtld-servers.net.
	82	; SECTION ADDITIONAL
	83	; a.gtld-servers.net. IN A 192.5.6.30
	84	; ENTRY_END
	85
62	86	STEP 70 REPLY
63	87	ENTRY_BEGIN
64	88	MATCH opcode qtype qname

79	103	SECTION QUESTION
80	104	www.example.com. IN A
81	105	ENTRY_END
	106
	107	; STEP 82 CHECK_OUT_QUERY
	108	; ENTRY_BEGIN
	109	; MATCH qname qtype opcode
	110	; SECTION QUESTION
	111	; example.com. IN NS
	112	; ENTRY_END
	113	; STEP 83 REPLY
	114	; ENTRY_BEGIN
	115	; MATCH opcode qtype qname
	116	; ADJUST copy_id
	117	; REPLY QR NOERROR
	118	; SECTION QUESTION
	119	; example.com. IN NS
	120	; SECTION ANSWER
	121	; example.com. IN NS ns1.example.com.
	122	; SECTION ADDITIONAL
	123	; ns1.example.com. IN A 168.192.2.2
	124	; ENTRY_END
	125
82	126	STEP 90 REPLY
83	127	ENTRY_BEGIN
84	128	MATCH opcode qtype qname

+44

-0

testdata/iter_scrub_dname_insec.rpl less more

0	0	; config options
	1	server:
	2	harden-referral-path: no
	3	target-fetch-policy: "0 0 0 0 0"
	4
1	5	stub-zone:
2	6	name: "."
3	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

59	63	SECTION QUESTION
60	64	x.y.example.com. IN A
61	65	ENTRY_END
	66
	67	; STEP 62 CHECK_OUT_QUERY
	68	; ENTRY_BEGIN
	69	; MATCH qname qtype opcode
	70	; SECTION QUESTION
	71	; com. IN NS
	72	; ENTRY_END
	73	; STEP 63 REPLY
	74	; ENTRY_BEGIN
	75	; MATCH opcode qtype qname
	76	; ADJUST copy_id
	77	; REPLY QR NOERROR
	78	; SECTION QUESTION
	79	; com. IN NS
	80	; SECTION ANSWER
	81	; com. IN NS a.gtld-servers.net.
	82	; SECTION ADDITIONAL
	83	; a.gtld-servers.net. IN A 192.5.6.30
	84	; ENTRY_END
	85
62	86	STEP 70 REPLY
63	87	ENTRY_BEGIN
64	88	MATCH opcode qtype qname

78	102	SECTION QUESTION
79	103	x.y.example.com. IN A
80	104	ENTRY_END
	105
	106	; STEP 82 CHECK_OUT_QUERY
	107	; ENTRY_BEGIN
	108	; MATCH qname qtype opcode
	109	; SECTION QUESTION
	110	; example.com. IN NS
	111	; ENTRY_END
	112	; STEP 83 REPLY
	113	; ENTRY_BEGIN
	114	; MATCH opcode qtype qname
	115	; ADJUST copy_id
	116	; REPLY QR NOERROR
	117	; SECTION QUESTION
	118	; example.com. IN NS
	119	; SECTION ANSWER
	120	; example.com. IN NS ns1.example.com.
	121	; SECTION ADDITIONAL
	122	; ns1.example.com. IN A 168.192.2.2
	123	; ENTRY_END
	124
81	125	STEP 90 REPLY
82	126	ENTRY_BEGIN
83	127	MATCH opcode qtype qname

+59

-73

testdata/iter_scrub_dname_sec.rpl less more

2	2	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
3	3	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
5	7	stub-zone:
6	8	name: "."
7	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

9	11
10	12	SCENARIO_BEGIN Test scrub of secure DNAME in answer section
11	13
12		STEP 10 QUERY
13		ENTRY_BEGIN
14		REPLY RD DO
15		SECTION QUESTION
16		x.y.example.com. IN A
17		ENTRY_END
18
19		; root prime is sent
20		STEP 20 CHECK_OUT_QUERY
21		ENTRY_BEGIN
22		MATCH qname qtype opcode
	14	RANGE_BEGIN 0 100
	15	; all adresses
	16	ENTRY_BEGIN
	17	MATCH opcode qtype qname
	18	ADJUST copy_id
	19	REPLY QR AA NOERROR
23	20	SECTION QUESTION
24	21	. IN NS
25		ENTRY_END
26		STEP 30 REPLY
27		ENTRY_BEGIN
28		MATCH opcode qtype qname
29		ADJUST copy_id
30		REPLY QR AA NOERROR
31		SECTION QUESTION
32		. IN NS
33	22	SECTION ANSWER
34	23	. IN NS K.ROOT-SERVERS.NET.
35	24	SECTION ADDITIONAL
36	25	K.ROOT-SERVERS.NET. IN A 193.0.14.129
37	26	ENTRY_END
38	27
39		; query sent to root server
40		STEP 40 CHECK_OUT_QUERY
41		ENTRY_BEGIN
42		MATCH qname qtype opcode
43		SECTION QUESTION
44		x.y.example.com. IN A
45		ENTRY_END
46		STEP 50 REPLY
	28	; ENTRY_BEGIN
	29	; MATCH opcode qtype qname
	30	; ADJUST copy_id
	31	; REPLY QR NOERROR
	32	; SECTION QUESTION
	33	; x.y.example.com. IN A
	34	; SECTION AUTHORITY
	35	; com. IN NS a.gtld-servers.net.
	36	; SECTION ADDITIONAL
	37	; a.gtld-servers.net. IN A 192.5.6.30
	38	; ENTRY_END
	39
47	40	ENTRY_BEGIN
48	41	MATCH opcode qtype qname
49	42	ADJUST copy_id
50	43	REPLY QR NOERROR
51	44	SECTION QUESTION
52		x.y.example.com. IN A
53		SECTION AUTHORITY
	45	com. IN NS
	46	SECTION ANSWER
54	47	com. IN NS a.gtld-servers.net.
55	48	SECTION ADDITIONAL
56	49	a.gtld-servers.net. IN A 192.5.6.30
57	50	ENTRY_END
58	51
59		; query sent to .com server
60		STEP 60 CHECK_OUT_QUERY
61		ENTRY_BEGIN
62		MATCH qname qtype opcode
63		SECTION QUESTION
64		x.y.example.com. IN A
65		ENTRY_END
66		STEP 70 REPLY
67		ENTRY_BEGIN
68		MATCH opcode qtype qname
69		ADJUST copy_id
70		REPLY QR NOERROR
71		SECTION QUESTION
72		x.y.example.com. IN A
73		SECTION AUTHORITY
74		example.com. IN NS ns1.example.com.
75		SECTION ADDITIONAL
76		ns1.example.com. IN A 168.192.2.2
77		ENTRY_END
78
79		; query sent to example.com. server
80		STEP 80 CHECK_OUT_QUERY
81		ENTRY_BEGIN
82		MATCH qname qtype opcode
83		SECTION QUESTION
84		x.y.example.com. IN A
85		ENTRY_END
86		STEP 90 REPLY
	52	; ENTRY_BEGIN
	53	; MATCH opcode qtype qname
	54	; ADJUST copy_id
	55	; REPLY QR NOERROR
	56	; SECTION QUESTION
	57	; x.y.example.com. IN A
	58	; SECTION AUTHORITY
	59	; example.com. IN NS ns1.example.com.
	60	; SECTION ADDITIONAL
	61	; ns1.example.com. IN A 168.192.2.2
	62	; ENTRY_END
	63
87	64	ENTRY_BEGIN
88	65	MATCH opcode qtype qname
89	66	ADJUST copy_id

103	80	ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AKcUlwrSz2xYKnQ7b7oMblRa0rKjfUNT900bIkGjLKLWDUGc8mKZE2M= ;{id = 2854}
104	81	ENTRY_END
105	82
106		STEP 100 CHECK_OUT_QUERY
107		ENTRY_BEGIN
108		MATCH qname qtype opcode
109		SECTION QUESTION
110		x.z.example.com. IN A
111		ENTRY_END
112		STEP 110 REPLY
113	83	ENTRY_BEGIN
114	84	MATCH opcode qtype qname
115	85	ADJUST copy_id

127	97	ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854}
128	98	ENTRY_END
129	99
130		; DNSKEY prime
131		STEP 115 CHECK_OUT_QUERY
132		ENTRY_BEGIN
133		MATCH qname qtype opcode
134		SECTION QUESTION
135		example.com. IN DNSKEY
136		ENTRY_END
137		STEP 116 REPLY
	100	ENTRY_BEGIN
	101	MATCH opcode qtype qname
	102	ADJUST copy_id
	103	REPLY QR NOERROR
	104	SECTION QUESTION
	105	example.com. IN NS
	106	SECTION ANSWER
	107	example.com. IN NS ns1.example.com.
	108	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ACHcJehLt4Hz+rAdxMPE96o7HJAEFohFXbxrKYlG+0WLfYAvH2nxU8k= ;{id = 2854}
	109	SECTION ADDITIONAL
	110	ns1.example.com. IN A 168.192.2.2
	111	ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AInP69g8uR1n/aRg4gmGu8UoM+zZYgjOqbNN2IvOxw3bk/q+g05jKg0= ;{id = 2854}
	112	ENTRY_END
	113
138	114	ENTRY_BEGIN
139	115	MATCH opcode qtype qname
140	116	ADJUST copy_id

148	124	SECTION ADDITIONAL
149	125	ENTRY_END
150	126
	127
	128	RANGE_END
	129
	130	STEP 10 QUERY
	131	ENTRY_BEGIN
	132	REPLY RD DO
	133	SECTION QUESTION
	134	x.y.example.com. IN A
	135	ENTRY_END
	136
151	137	; answer to first query (simply puts DNAME in cache)
152		STEP 120 CHECK_ANSWER
	138	STEP 90 CHECK_ANSWER
153	139	ENTRY_BEGIN
154	140	MATCH all
155	141	REPLY QR RD RA AD DO

testdata/local_norec.tpkg less more

Binary diff not shown

testdata/local_nosnoop.tpkg less more

Binary diff not shown

+78

-0

testdata/local_transparent_sametype.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	local-zone: "example.com." transparent
	4	local-data: "mail.example.com. IN A 10.20.30.40"
	5
	6	stub-zone:
	7	name: "."
	8	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	9	CONFIG_END
	10
	11	SCENARIO_BEGIN Test local data with transparent zone queried for types
	12
	13	; K.ROOT-SERVERS.NET.
	14	RANGE_BEGIN 0 100
	15	ADDRESS 193.0.14.129
	16	ENTRY_BEGIN
	17	MATCH opcode qtype qname
	18	ADJUST copy_id
	19	REPLY QR NOERROR
	20	SECTION QUESTION
	21	. IN NS
	22	SECTION ANSWER
	23	. IN NS K.ROOT-SERVERS.NET.
	24	SECTION ADDITIONAL
	25	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	26	ENTRY_END
	27
	28	ENTRY_BEGIN
	29	MATCH opcode qtype qname
	30	ADJUST copy_id
	31	REPLY QR AA NXDOMAIN
	32	SECTION QUESTION
	33	mail.example.com. IN AAAA
	34	SECTION ANSWER
	35	SECTION AUTHORITY
	36	. IN SOA invalid. invalid. 1 2 3 4 5
	37	ENTRY_END
	38	RANGE_END
	39
	40	STEP 1 QUERY
	41	ENTRY_BEGIN
	42	REPLY RD DO
	43	SECTION QUESTION
	44	mail.example.com. IN A
	45	ENTRY_END
	46	; get straight answer from localdata
	47
	48	STEP 10 CHECK_ANSWER
	49	ENTRY_BEGIN
	50	MATCH all
	51	REPLY QR AA RD RA NOERROR
	52	SECTION QUESTION
	53	mail.example.com. IN A
	54	SECTION ANSWER
	55	mail.example.com. IN A 10.20.30.40
	56	SECTION AUTHORITY
	57	ENTRY_END
	58
	59	STEP 20 QUERY
	60	ENTRY_BEGIN
	61	REPLY RD DO
	62	SECTION QUESTION
	63	mail.example.com. IN AAAA
	64	ENTRY_END
	65	; must be NOERROR/NODATA because of A record, not NXDOMAIN from internet.
	66
	67	STEP 30 CHECK_ANSWER
	68	ENTRY_BEGIN
	69	MATCH all
	70	REPLY QR AA RD RA NOERROR
	71	SECTION QUESTION
	72	mail.example.com. IN AAAA
	73	SECTION ANSWER
	74	SECTION AUTHORITY
	75	ENTRY_END
	76
	77	SCENARIO_END

+149

-86

testdata/nomem_cnametopos.rpl less more

29	29	ENTRY_END
30	30
31	31	ENTRY_BEGIN
32		MATCH opcode qname
	32	MATCH opcode qtype qname
	33	ADJUST copy_id
	34	REPLY QR NOERROR
	35	SECTION QUESTION
	36	a.gtld-servers.net. IN A
	37	SECTION ANSWER
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40
	41	ENTRY_BEGIN
	42	MATCH opcode qtype qname
	43	ADJUST copy_id
	44	REPLY QR NOERROR
	45	SECTION QUESTION
	46	a.gtld-servers.net. IN AAAA
	47	SECTION ANSWER
	48	ENTRY_END
	49
	50	ENTRY_BEGIN
	51	MATCH opcode qtype qname
	52	ADJUST copy_id
	53	REPLY QR NOERROR
	54	SECTION QUESTION
	55	ns.example.net. IN AAAA
	56	SECTION ANSWER
	57	ENTRY_END
	58
	59	ENTRY_BEGIN
	60	MATCH opcode subdomain
	61	ADJUST copy_id copy_query
	62	REPLY QR NOERROR
	63	SECTION QUESTION
	64	com. IN A
	65	SECTION AUTHORITY
	66	com. IN NS a.gtld-servers.net.
	67	SECTION ADDITIONAL
	68	a.gtld-servers.net. IN A 192.5.6.30
	69	ENTRY_END
	70
	71	ENTRY_BEGIN
	72	MATCH opcode qname
	73	ADJUST copy_id copy_query
	74	REPLY QR NOERROR
	75	SECTION QUESTION
	76	www.example.net. IN A
	77	SECTION AUTHORITY
	78	net. IN NS a.gtld-servers.net.
	79	SECTION ADDITIONAL
	80	a.gtld-servers.net. IN A 192.5.6.30
	81	ENTRY_END
	82
	83	ENTRY_BEGIN
	84	MATCH opcode qname
	85	ADJUST copy_id copy_query
	86	REPLY QR NOERROR
	87	SECTION QUESTION
	88	example.net. IN A
	89	SECTION AUTHORITY
	90	net. IN NS a.gtld-servers.net.
	91	SECTION ADDITIONAL
	92	a.gtld-servers.net. IN A 192.5.6.30
	93	ENTRY_END
	94	RANGE_END
	95
	96	; a.gtld-servers.net.
	97	RANGE_BEGIN 0 100
	98	ADDRESS 192.5.6.30
	99	ENTRY_BEGIN
	100	MATCH opcode qname qtype
	101	ADJUST copy_id copy_query
	102	REPLY QR NOERROR
	103	SECTION QUESTION
	104	com. IN NS
	105	SECTION ANSWER
	106	com. IN NS a.gtld-servers.net.
	107	SECTION ADDITIONAL
	108	a.gtld-servers.net. IN A 192.5.6.30
	109	ENTRY_END
	110
	111	ENTRY_BEGIN
	112	MATCH opcode qname qtype
	113	ADJUST copy_id copy_query
	114	REPLY QR NOERROR
	115	SECTION QUESTION
	116	net. IN NS
	117	SECTION ANSWER
	118	net. IN NS a.gtld-servers.net.
	119	SECTION ADDITIONAL
	120	a.gtld-servers.net. IN A 192.5.6.30
	121	ENTRY_END
	122
	123	ENTRY_BEGIN
	124	MATCH opcode subdomain
33	125	ADJUST copy_id copy_query
34	126	REPLY QR NOERROR
35	127	SECTION QUESTION
36	128	example.com. IN A
37	129	SECTION AUTHORITY
38		com. IN NS a.gtld-servers.net.
39		SECTION ADDITIONAL
40		a.gtld-servers.net. IN A 192.5.6.30
41		ENTRY_END
42
43		ENTRY_BEGIN
44		MATCH opcode qname
45		ADJUST copy_id copy_query
46		REPLY QR NOERROR
47		SECTION QUESTION
48		www.example.com. IN A
49		SECTION AUTHORITY
50		com. IN NS a.gtld-servers.net.
51		SECTION ADDITIONAL
52		a.gtld-servers.net. IN A 192.5.6.30
	130	example.com. IN NS ns.example.com.
	131	SECTION ADDITIONAL
	132	ns.example.com. IN A 1.2.3.4
	133	ENTRY_END
	134
	135	ENTRY_BEGIN
	136	MATCH opcode qname
	137	ADJUST copy_id copy_query
	138	REPLY QR NOERROR
	139	SECTION QUESTION
	140	example.net. IN A
	141	SECTION AUTHORITY
	142	example.net. IN NS ns.example.net.
	143	SECTION ADDITIONAL
	144	ns.example.net. IN A 1.2.3.5
53	145	ENTRY_END
54	146
55	147	ENTRY_BEGIN

59	151	SECTION QUESTION
60	152	www.example.net. IN A
61	153	SECTION AUTHORITY
62		net. IN NS a.gtld-servers.net.
63		SECTION ADDITIONAL
64		a.gtld-servers.net. IN A 192.5.6.30
65		ENTRY_END
66
67		ENTRY_BEGIN
68		MATCH opcode qname
69		ADJUST copy_id copy_query
70		REPLY QR NOERROR
71		SECTION QUESTION
72		example.net. IN A
73		SECTION AUTHORITY
74		net. IN NS a.gtld-servers.net.
75		SECTION ADDITIONAL
76		a.gtld-servers.net. IN A 192.5.6.30
77		ENTRY_END
78		RANGE_END
79
80		; a.gtld-servers.net.
81		RANGE_BEGIN 0 100
82		ADDRESS 192.5.6.30
83		ENTRY_BEGIN
84		MATCH opcode qname
85		ADJUST copy_id copy_query
86		REPLY QR NOERROR
87		SECTION QUESTION
88		example.com. IN A
89		SECTION AUTHORITY
	154	example.net. IN NS ns.example.net.
	155	SECTION ADDITIONAL
	156	ns.example.net. IN A 1.2.3.5
	157	ENTRY_END
	158	RANGE_END
	159
	160	; ns.example.com.
	161	RANGE_BEGIN 0 100
	162	ADDRESS 1.2.3.4
	163	ENTRY_BEGIN
	164	MATCH opcode qname qtype
	165	ADJUST copy_id copy_query
	166	REPLY QR NOERROR
	167	SECTION QUESTION
	168	example.com. IN NS
	169	SECTION ANSWER
90	170	example.com. IN NS ns.example.com.
	171	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
91	172	SECTION ADDITIONAL
92	173	ns.example.com. IN A 1.2.3.4
93		ENTRY_END
94
95		ENTRY_BEGIN
96		MATCH opcode qname
97		ADJUST copy_id copy_query
98		REPLY QR NOERROR
99		SECTION QUESTION
100		www.example.com. IN A
101		SECTION AUTHORITY
102		example.com. IN NS ns.example.com.
103		SECTION ADDITIONAL
104		ns.example.com. IN A 1.2.3.4
105		ENTRY_END
106
107		ENTRY_BEGIN
108		MATCH opcode qname
109		ADJUST copy_id copy_query
110		REPLY QR NOERROR
111		SECTION QUESTION
112		example.net. IN A
113		SECTION AUTHORITY
114		example.net. IN NS ns.example.net.
115		SECTION ADDITIONAL
116		ns.example.net. IN A 1.2.3.5
117		ENTRY_END
118
119		ENTRY_BEGIN
120		MATCH opcode qname
121		ADJUST copy_id copy_query
122		REPLY QR NOERROR
123		SECTION QUESTION
124		www.example.net. IN A
125		SECTION AUTHORITY
126		example.net. IN NS ns.example.net.
127		SECTION ADDITIONAL
128		ns.example.net. IN A 1.2.3.5
129		ENTRY_END
130		RANGE_END
131
132		; ns.example.com.
133		RANGE_BEGIN 0 100
134		ADDRESS 1.2.3.4
	174	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	175	ENTRY_END
	176
	177	ENTRY_BEGIN
	178	MATCH opcode qname qtype
	179	ADJUST copy_id copy_query
	180	REPLY QR NOERROR
	181	SECTION QUESTION
	182	ns.example.com. IN AAAA
	183	SECTION ANSWER
	184	ENTRY_END
135	185
136	186	; response to DNSKEY priming query
137	187	ENTRY_BEGIN

169	219	; ns.example.net.
170	220	RANGE_BEGIN 0 100
171	221	ADDRESS 1.2.3.5
	222	ENTRY_BEGIN
	223	MATCH opcode qname qtype
	224	ADJUST copy_id copy_query
	225	REPLY QR NOERROR
	226	SECTION QUESTION
	227	example.net. IN NS
	228	SECTION ANSWER
	229	example.net. IN NS ns.example.net.
	230	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	231	SECTION ADDITIONAL
	232	ns.example.net. IN A 1.2.3.5
	233	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	234	ENTRY_END
172	235
173	236	; response to DNSKEY priming query
174	237	ENTRY_BEGIN

testdata/remote-threaded.tpkg less more

Binary diff not shown

testdata/root_hints.tpkg less more

Binary diff not shown

testdata/stub_udp.tpkg less more

Binary diff not shown

testdata/tcp_sigpipe.tpkg less more

Binary diff not shown

+24

-0

testdata/test_signatures.10 less more

	0	; Signature test file
	1
	2	; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification.
	3	; later entries are verified with it.
	4
	5	; Test RSASHA512 signatures.
	6
	7	; RSA key from ldns tool
	8	ENTRY_BEGIN
	9	SECTION QUESTION
	10	sub.example.com. IN DNSKEY
	11	SECTION ANSWER
	12	example.com. 3600 IN DNSKEY 256 3 10 AwEAAb3HJP1WF0wWvk9VqqZ2+xTpURPSwyiZcNRlO/hAXJisMA4/ZN2Kf0aNGewVDa6IhT8ehww5FBvVJm3R1KW/hqO+H3WzvCBpVDv1JdDqZvHMGiqEd2lCfKz4+fxuJ+HeUJBZlTz6pm9Rlqevry5uB7sKpgddDe2fK9CFCr7M1BzX ;{id = 18320 (zsk), size = 1024b}
	13	ENTRY_END
	14
	15	; entry to test
	16	ENTRY_BEGIN
	17	SECTION QUESTION
	18	www.example.com. IN A
	19	SECTION ANSWER
	20	www.example.com. 3600 IN A 192.0.2.66
	21	www.example.com. 3600 IN RRSIG A 10 3 3600 20070926134150 20070829134150 18320 example.com. m0FS92Zg6oyJE7CEwa4o2hkV+U6M/Xvniem/vLo9pz4tsAv7xxlMgT0Q8Uxl+pugiHTMSJ78V6fG/Kv6FZgesxKu70mLHQo1SjAgozRHuNwUB6cD8yeOeX0WafbRW4IfvSs6uauc+/SRukBFhJMdiX/IXw3syUGfntm03jcpWoc= ;{id = 18320}
	22	ENTRY_END
	23

+56

-0

testdata/test_signatures.11 less more

	0	; Signature test file
	1
	2	; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification.
	3	; later entries are verified with it.
	4
	5	; Test multiple signature algos: RSASHA1 + RSASHA256 signatures.
	6
	7	; RSA key from ldns tool
	8	ENTRY_BEGIN
	9	SECTION QUESTION
	10	sub.example.com. IN DNSKEY
	11	SECTION ANSWER
	12	example.com. 3600 IN DNSKEY 256 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1443 (zsk), size = 1024b}
	13	example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	14	ENTRY_END
	15
	16	; both signatures valid
	17	ENTRY_BEGIN
	18	SECTION QUESTION
	19	www.example.com. IN A
	20	SECTION ANSWER
	21	www.example.com. 3600 IN A 192.0.2.66
	22	www.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1443 example.com. sX+BZ6Qdq0Td/THR1HgOnWh9URNP03KMEgjpnRGbS74NqlmlqLU3HcimOT/lUD7xsZTeOIWw5kAcQePxU3UrjS5gsIttIXAfrHFmOtTsyb0O4w0/RpR0QYxRl1hk4zQRPzHeEkgxNTe+y9V9gYe7iv9OddXsfwEnmqQiXk+tdsU= ;{id = 1443}
	23	www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Ip2xOAgSq3HdeGEMyQ0jafKNOOJO7Ca+huBgBPSj7B3txTlP9hBzlV0rb0XULymEiQLSpIPm4EY7xzom7z6aKA== ;{id = 30899}
	24	ENTRY_END
	25
	26	; the SHA1 invalid
	27	ENTRY_BEGIN
	28	SECTION QUESTION
	29	bogus.example.com. IN A
	30	SECTION ANSWER
	31	bogus.example.com. 3600 IN A 192.0.2.66
	32	bogus.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1443 example.com. qaYKAK9+t5HggYjHduA5d3A3i41HoU0ct0yqNzsYQqElFkH0d1aTjRDExD0PGeVbMTocMBru+ID9cLot3kwgn8aZL6UI3AwV6MR+0lianuA8DyhuqpD8OwkZ+LJxNsfq3t5ospXlBhyaI95S7lC3N6dsHDj4qtOwyE42fnQkedE= ;{id = 1443}
	33	bogus.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Ip2xOAgSq3HdeGEMyQ0jafKNOOJO7Ca+huBgBPSj7B3txTlP9hBzlV0rb0XULymEiQLSpIPm4EY7xzom7z6aKA== ;{id = 30899}
	34	ENTRY_END
	35
	36	; the SHA256 invalid
	37	ENTRY_BEGIN
	38	SECTION QUESTION
	39	bogus.example.com. IN A
	40	SECTION ANSWER
	41	bogus.example.com. 3600 IN A 192.0.2.66
	42	bogus.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1443 example.com. sX+BZ6Qdq0Td/THR1HgOnWh9URNP03KMEgjpnRGbS74NqlmlqLU3HcimOT/lUD7xsZTeOIWw5kAcQePxU3UrjS5gsIttIXAfrHFmOtTsyb0O4w0/RpR0QYxRl1hk4zQRPzHeEkgxNTe+y9V9gYe7iv9OddXsfwEnmqQiXk+tdsU= ;{id = 1443}
	43	bogus.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. EetlYQbmdt8deu6LIOYTxwHsMnivWBaxClTlLTPooUjgE+upQfCbG25mdY/wx+lM8fthKry+z65YACR8opA0Sw== ;{id = 30899}
	44	ENTRY_END
	45
	46	; SHA1 and SHA256 not valid
	47	ENTRY_BEGIN
	48	SECTION QUESTION
	49	bogus.example.com. IN A
	50	SECTION ANSWER
	51	bogus.example.com. 3600 IN A 192.0.2.66
	52	bogus.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1443 example.com. sX+BZ6Qdq0Td/THR1HgOnWh9URNP03KMEgjpnRGbS74NqlmlqLU3HcimOT/lUD7xsZTeOIWw5kAcQePxU3UrjS5gsIttIXAfrHFmOtTsyb0O4w0/RpR0QYxRl1hk4zQRPzHeEkgxNTe+y9V9gYe7iv9OddXsfwEnmqQiXk+tdsU= ;{id = 1443}
	53	bogus.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Ip2xOAgSq3HdeGEMyQ0jafKNOOJO7Ca+huBgBPSj7B3txTlP9hBzlV0rb0XULymEiQLSpIPm4EY7xzom7z6aKA== ;{id = 30899}
	54	ENTRY_END
	55

+55

-0

testdata/test_signatures.12 less more

	0	; Signature test file
	1
	2	; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification.
	3	; later entries are verified with it.
	4
	5	; Test HINFO canonicalisation
	6
	7	; RSA key from ldns tool
	8	ENTRY_BEGIN
	9	SECTION QUESTION
	10	jelte.nlnetlabs.nl. IN DNSKEY
	11	SECTION ANSWER
	12	jelte.nlnetlabs.nl. 3600 IN DNSKEY 256 3 5 AwEAAawmHBgxeOiaYE4JpNU+CBqEj7xGB1o6ThEsUmtjsbmTnsJ89uWv 2PudzhQKCR1hJtuxVxG0Aw4mwHlAy+SoWHp8NXW1JYVA5qbvYhUUUM3l +ZFImaMhShhlviJJDLla5nmB5pyNYbC4wxqkCs51mzJY1abbCmZepmQL IlprTjUL
	13	ENTRY_END
	14
	15	; check that signatures work
	16	ENTRY_BEGIN
	17	SECTION QUESTION
	18	jelte.nlnetlabs.nl. IN NS
	19	SECTION ANSWER
	20	jelte.nlnetlabs.nl. 3600 IN NS ns1.jelte.nlnetlabs.nl.
	21	jelte.nlnetlabs.nl. 3600 IN NS ns2.jelte.nlnetlabs.nl.
	22	jelte.nlnetlabs.nl. 3600 IN RRSIG NS 5 3 3600 20090203100022 20090106100022 48885 jelte.nlnetlabs.nl. E3G8ZsCvUw56EKxYA4JzjYaB3ojLpdmQdUHOPSxlWK43haSuxpFERGRc P7AhiMjcYcoJcR+LWQr0uOFVnW8VcFFdy8u7Gs9MNAIWs5+jOaI3WDRC reee7K/NEBiubQCdm7UPA894VNM5oiLCa1waMoMD+LfEeijuN4N09HqY 6eo=
	23	ENTRY_END
	24
	25	; currently this fails due to the design of canonicalisation in unbound.
	26	; HINFO record signed with ldns, HINFO in uppercase, signature uppercase
	27	ENTRY_BEGIN
	28	SECTION QUESTION
	29	jelte.nlnetlabs.nl. IN HINFO
	30	SECTION ANSWER
	31	jelte.nlnetlabs.nl. 3600 IN HINFO "Jelte" "Machine van"
	32	jelte.nlnetlabs.nl. 3600 IN RRSIG HINFO 5 3 3600 20090203100022 20090106100022 48885 jelte.nlnetlabs.nl. eRig3NjIIgBTmQiN7AREmplgiY6OOtVwCNZgF5UAoYFAE1K1tl5WLqe9 FmTcVtaNUzFdgYv+TD93NNYdV0uxJkr+rS2sSykGf9OIlxevFm+rW2ya 4/Y+5GIN77eN9q9/6ULQRdsX3p8w1fhloiDXk+tgCaw+cJJElMEE1Avw 2dY=
	33	ENTRY_END
	34
	35
	36	; HINFO record signed with ldns, HINFO in lowercase, signature lowercase
	37	ENTRY_BEGIN
	38	SECTION QUESTION
	39	jelte.nlnetlabs.nl. IN HINFO
	40	SECTION ANSWER
	41	jelte.nlnetlabs.nl. 3600 IN HINFO "jelte" "machine van"
	42	jelte.nlnetlabs.nl. 3600 IN RRSIG HINFO 5 3 3600 20090203105558 20090106105558 48885 jelte.nlnetlabs.nl. UwFKSqH9oau3nCdJ4i6iYamo2izgMCKy1K8ec0IkhniUONKaIGiRNz8/ QrLAeBHhMnLQYNV/GBprNjvnPyYLG/6bWYUBxvP6pCG4oDEmNY7QF9di I6So5Ycv0ZWaYoT/NYStUj1fLNZ4xCdNXVLA7Oi5PRMeOvPQIvMG3hHK Ja0=
	43	ENTRY_END
	44
	45	; HINFO record signed with ldns, HINFO in uppercase, signature lowercase
	46	; (signer canonicalised)
	47	ENTRY_BEGIN
	48	SECTION QUESTION
	49	bogus.jelte.nlnetlabs.nl. IN HINFO
	50	SECTION ANSWER
	51	jelte.nlnetlabs.nl. 3600 IN HINFO "Jelte" "Machine van"
	52	jelte.nlnetlabs.nl. 3600 IN RRSIG HINFO 5 3 3600 20090203105558 20090106105558 48885 jelte.nlnetlabs.nl. UwFKSqH9oau3nCdJ4i6iYamo2izgMCKy1K8ec0IkhniUONKaIGiRNz8/ QrLAeBHhMnLQYNV/GBprNjvnPyYLG/6bWYUBxvP6pCG4oDEmNY7QF9di I6So5Ycv0ZWaYoT/NYStUj1fLNZ4xCdNXVLA7Oi5PRMeOvPQIvMG3hHK Ja0=
	53	ENTRY_END
	54

+23

-0

testdata/test_signatures.9 less more

	0	; Signature test file
	1
	2	; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification.
	3	; later entries are verified with it.
	4
	5	; Test RSASHA256 signatures.
	6
	7	; RSA key from ldns tool
	8	ENTRY_BEGIN
	9	SECTION QUESTION
	10	sub.example.com. IN DNSKEY
	11	SECTION ANSWER
	12	example.com. 3600 IN DNSKEY 256 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1443 (zsk), size = 1024b}
	13	ENTRY_END
	14
	15	; entry to test
	16	ENTRY_BEGIN
	17	SECTION QUESTION
	18	www.example.com. IN A
	19	SECTION ANSWER
	20	www.example.com. 3600 IN A 192.0.2.66
	21	www.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1443 example.com. sX+BZ6Qdq0Td/THR1HgOnWh9URNP03KMEgjpnRGbS74NqlmlqLU3HcimOT/lUD7xsZTeOIWw5kAcQePxU3UrjS5gsIttIXAfrHFmOtTsyb0O4w0/RpR0QYxRl1hk4zQRPzHeEkgxNTe+y9V9gYe7iv9OddXsfwEnmqQiXk+tdsU= ;{id = 1443}
	22	ENTRY_END

+26

-0

testdata/trust_cname_chain.rpl less more

0	0	; config options
	1	server:
	2	target-fetch-policy: "0 0 0 0 0"
1	3	stub-zone:
2	4	name: "."
3	5	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.

41	43	ADJUST copy_id copy_query
42	44	REPLY QR NOERROR
43	45	SECTION QUESTION
	46	com. IN NS
	47	SECTION ANSWER
	48	com. IN NS a.gtld-servers.net.
	49	SECTION ADDITIONAL
	50	a.gtld-servers.net. IN A 192.5.6.30
	51	ENTRY_END
	52
	53	ENTRY_BEGIN
	54	MATCH opcode qtype
	55	ADJUST copy_id copy_query
	56	REPLY QR NOERROR
	57	SECTION QUESTION
44	58	www.example.com. IN A
45	59	SECTION AUTHORITY
46	60	example.com. IN NS ns.example.com.

52	66	; ns.example.com.
53	67	RANGE_BEGIN 0 100
54	68	ADDRESS 1.2.3.4
	69	ENTRY_BEGIN
	70	MATCH opcode qtype
	71	ADJUST copy_id copy_query
	72	REPLY QR NOERROR
	73	SECTION QUESTION
	74	example.com. IN NS
	75	SECTION ANSWER
	76	example.com. IN NS ns.example.com.
	77	SECTION ADDITIONAL
	78	ns.example.com. IN A 1.2.3.4
	79	ENTRY_END
	80
55	81	ENTRY_BEGIN
56	82	MATCH opcode qtype qname
57	83	ADJUST copy_id

+26

-0

testdata/val_adbit.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_anchor_nx.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
50	63	www.sub.example.com. IN A
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

+26

-0

testdata/val_anchor_nx_nosig.rpl less more

2	2	server:
3	3	trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.sub.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+39

-0

testdata/val_ans_dsent.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	328.0.0.194.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

146	172	; ns.sub.example.com. for zone 0.0.194.example.com.
147	173	RANGE_BEGIN 0 100
148	174	ADDRESS 1.2.3.6
	175	ENTRY_BEGIN
	176	MATCH opcode qtype qname
	177	ADJUST copy_id
	178	REPLY QR NOERROR
	179	SECTION QUESTION
	180	0.0.194.example.com. IN NS
	181	SECTION ANSWER
	182	0.0.194.example.com. IN NS ns.sub.example.com.
	183	0.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
	184	SECTION ADDITIONAL
	185	ns.sub.example.com. IN A 1.2.3.6
	186	ENTRY_END
	187
149	188
150	189	; response to DNSKEY priming query
151	190	; 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c

+38

-0

testdata/val_ans_nx.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

49	50	ADJUST copy_id
50	51	REPLY QR NOERROR
51	52	SECTION QUESTION
	53	com. IN NS
	54	SECTION ANSWER
	55	com. IN NS a.gtld-servers.net.
	56	SECTION ADDITIONAL
	57	a.gtld-servers.net. IN A 192.5.6.30
	58	ENTRY_END
	59
	60	ENTRY_BEGIN
	61	MATCH opcode qtype qname
	62	ADJUST copy_id
	63	REPLY QR NOERROR
	64	SECTION QUESTION
52	65	328.0.0.194.example.com. IN A
53	66	SECTION AUTHORITY
54	67	example.com. IN NS ns.example.com.

60	73	; ns.example.com.
61	74	RANGE_BEGIN 0 100
62	75	ADDRESS 1.2.3.4
	76	ENTRY_BEGIN
	77	MATCH opcode qtype qname
	78	ADJUST copy_id
	79	REPLY QR NOERROR
	80	SECTION QUESTION
	81	example.com. IN NS
	82	SECTION ANSWER
	83	example.com. IN NS ns.example.com.
	84	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	85	SECTION ADDITIONAL
	86	ns.example.com. IN A 1.2.3.4
	87	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	88	ENTRY_END
63	89
64	90	; response to DNSKEY priming query
65	91	ENTRY_BEGIN

149	175	; ns.sub.example.com. for zone 0.0.194.example.com.
150	176	RANGE_BEGIN 0 100
151	177	ADDRESS 1.2.3.6
	178	ENTRY_BEGIN
	179	MATCH opcode qtype qname
	180	ADJUST copy_id
	181	REPLY QR NOERROR
	182	SECTION QUESTION
	183	0.0.194.example.com. IN NS
	184	SECTION ANSWER
	185	0.0.194.example.com. IN NS ns.sub.example.com.
	186	0.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
	187	SECTION ADDITIONAL
	188	ns.sub.example.com. IN A 1.2.3.6
	189	ENTRY_END
152	190
153	191	; response to DNSKEY priming query
154	192	; 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c

+26

-0

testdata/val_any.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	example.com. IN ANY
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_any_dname.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	example.com. IN ANY
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_cname_loop1.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_cname_loop2.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_cname_loop3.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+28

-2

testdata/val_cnamenx_dblnsec.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	cname.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

96	122	; qname denial
97	123	wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG
98	124	wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
99		SECTIO ADDITIONAL
	125	SECTION ADDITIONAL
100	126	ENTRY_END
101	127
102	128	ENTRY_BEGIN

115	141	; qname denial
116	142	wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG
117	143	wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
118		SECTIO ADDITIONAL
	144	SECTION ADDITIONAL
119	145	ENTRY_END
120	146	RANGE_END
121	147

+51

-0

testdata/val_cnamenx_rcodenx.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

118	156	; ns.example.net.
119	157	RANGE_BEGIN 0 100
120	158	ADDRESS 1.2.3.5
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NOERROR
	163	SECTION QUESTION
	164	example.net. IN NS
	165	SECTION ANSWER
	166	example.net. IN NS ns.example.net.
	167	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	168	SECTION ADDITIONAL
	169	ns.example.net. IN A 1.2.3.5
	170	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	171	ENTRY_END
121	172
122	173	; response to DNSKEY priming query
123	174	ENTRY_BEGIN

+51

-0

testdata/val_cnameqtype.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN CNAME
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

118	156	; ns.example.net.
119	157	RANGE_BEGIN 0 100
120	158	ADDRESS 1.2.3.5
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NOERROR
	163	SECTION QUESTION
	164	example.net. IN NS
	165	SECTION ANSWER
	166	example.net. IN NS ns.example.net.
	167	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	168	SECTION ADDITIONAL
	169	ns.example.net. IN A 1.2.3.5
	170	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	171	ENTRY_END
121	172
122	173	; response to DNSKEY priming query
123	174	ENTRY_BEGIN

+51

-0

testdata/val_cnametodname.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN DNAME
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

118	156	; ns.example.net.
119	157	RANGE_BEGIN 0 100
120	158	ADDRESS 1.2.3.5
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NOERROR
	163	SECTION QUESTION
	164	example.net. IN NS
	165	SECTION ANSWER
	166	example.net. IN NS ns.example.net.
	167	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	168	SECTION ADDITIONAL
	169	ns.example.net. IN A 1.2.3.5
	170	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	171	ENTRY_END
121	172
122	173	; response to DNSKEY priming query
123	174	ENTRY_BEGIN

+89

-0

testdata/val_cnametodnametocnametopos.rpl less more

4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	trust-anchor: "example.org. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
6	6	val-override-date: "20070916134226"
	7	target-fetch-policy: "0 0 0 0 0"
7	8
8	9	stub-zone:
9	10	name: "."

72	73	ADJUST copy_id
73	74	REPLY QR NOERROR
74	75	SECTION QUESTION
	76	com. IN NS
	77	SECTION ANSWER
	78	com. IN NS a.gtld-servers.net.
	79	SECTION ADDITIONAL
	80	a.gtld-servers.net. IN A 192.5.6.30
	81	ENTRY_END
	82
	83	ENTRY_BEGIN
	84	MATCH opcode qtype qname
	85	ADJUST copy_id
	86	REPLY QR NOERROR
	87	SECTION QUESTION
	88	net. IN NS
	89	SECTION ANSWER
	90	net. IN NS a.gtld-servers.net.
	91	SECTION ADDITIONAL
	92	a.gtld-servers.net. IN A 192.5.6.30
	93	ENTRY_END
	94
	95	ENTRY_BEGIN
	96	MATCH opcode qtype qname
	97	ADJUST copy_id
	98	REPLY QR NOERROR
	99	SECTION QUESTION
	100	org. IN NS
	101	SECTION ANSWER
	102	org. IN NS a.gtld-servers.net.
	103	SECTION ADDITIONAL
	104	a.gtld-servers.net. IN A 192.5.6.30
	105	ENTRY_END
	106
	107	ENTRY_BEGIN
	108	MATCH opcode qtype qname
	109	ADJUST copy_id
	110	REPLY QR NOERROR
	111	SECTION QUESTION
75	112	www.example.com. IN A
76	113	SECTION AUTHORITY
77	114	example.com. IN NS ns.example.com.

105	142	; ns.example.com.
106	143	RANGE_BEGIN 0 100
107	144	ADDRESS 1.2.3.4
	145	ENTRY_BEGIN
	146	MATCH opcode qtype qname
	147	ADJUST copy_id
	148	REPLY QR NOERROR
	149	SECTION QUESTION
	150	example.com. IN NS
	151	SECTION ANSWER
	152	example.com. IN NS ns.example.com.
	153	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	154	SECTION ADDITIONAL
	155	ns.example.com. IN A 1.2.3.4
	156	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	157	ENTRY_END
108	158
109	159	; response to DNSKEY priming query
110	160	ENTRY_BEGIN

174	224	; ns.example.net.
175	225	RANGE_BEGIN 0 100
176	226	ADDRESS 1.2.3.5
	227	ENTRY_BEGIN
	228	MATCH opcode qtype qname
	229	ADJUST copy_id
	230	REPLY QR NOERROR
	231	SECTION QUESTION
	232	example.net. IN NS
	233	SECTION ANSWER
	234	example.net. IN NS ns.example.net.
	235	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	236	SECTION ADDITIONAL
	237	ns.example.net. IN A 1.2.3.5
	238	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	239	ENTRY_END
177	240
178	241	; response to DNSKEY priming query
179	242	ENTRY_BEGIN

225	288	; ns.sub.example.com.
226	289	RANGE_BEGIN 0 100
227	290	ADDRESS 1.2.3.6
	291	ENTRY_BEGIN
	292	MATCH opcode qtype qname
	293	ADJUST copy_id
	294	REPLY QR NOERROR
	295	SECTION QUESTION
	296	sub.example.com. IN NS
	297	SECTION ANSWER
	298	sub.example.com. IN NS ns.sub.example.com.
	299	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	300	SECTION ADDITIONAL
	301	ns.sub.example.com. IN A 1.2.3.6
	302	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	303	ENTRY_END
228	304
229	305	; response to DNSKEY priming query
230	306	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3

263	339	; ns.example.org.
264	340	RANGE_BEGIN 0 100
265	341	ADDRESS 1.2.3.7
	342	ENTRY_BEGIN
	343	MATCH opcode qtype qname
	344	ADJUST copy_id
	345	REPLY QR NOERROR
	346	SECTION QUESTION
	347	example.org. IN NS
	348	SECTION ANSWER
	349	example.org. IN NS ns.example.org.
	350	example.org. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.org. MCwCFAE1sQemdwqUPt4Qo+mr59a66DlFAhRV1mftIFs2YnkmIWsGtikIOJvh5A== ;{id = 2854}
	351	SECTION ADDITIONAL
	352	ns.example.org. IN A 1.2.3.7
	353	ns.example.org. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFQC0yXaA8ywsZF+7dHukVIBFD820wQIUONbyI+UX9SDSDFmFnr+ApuTEooY= ;{id = 2854}
	354	ENTRY_END
266	355
267	356	; response to DNSKEY priming query
268	357	ENTRY_BEGIN

+51

-0

testdata/val_cnametonodata.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

118	156	; ns.example.net.
119	157	RANGE_BEGIN 0 100
120	158	ADDRESS 1.2.3.5
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NOERROR
	163	SECTION QUESTION
	164	example.net. IN NS
	165	SECTION ANSWER
	166	example.net. IN NS ns.example.net.
	167	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	168	SECTION ADDITIONAL
	169	ns.example.net. IN A 1.2.3.5
	170	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	171	ENTRY_END
121	172
122	173	; response to DNSKEY priming query
123	174	ENTRY_BEGIN

+51

-0

testdata/val_cnametonx.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

118	156	; ns.example.net.
119	157	RANGE_BEGIN 0 100
120	158	ADDRESS 1.2.3.5
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NOERROR
	163	SECTION QUESTION
	164	example.net. IN NS
	165	SECTION ANSWER
	166	example.net. IN NS ns.example.net.
	167	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	168	SECTION ADDITIONAL
	169	ns.example.net. IN A 1.2.3.5
	170	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	171	ENTRY_END
121	172
122	173	; response to DNSKEY priming query
123	174	ENTRY_BEGIN

+51

-0

testdata/val_cnametopos.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

118	156	; ns.example.net.
119	157	RANGE_BEGIN 0 100
120	158	ADDRESS 1.2.3.5
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NOERROR
	163	SECTION QUESTION
	164	example.net. IN NS
	165	SECTION ANSWER
	166	example.net. IN NS ns.example.net.
	167	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	168	SECTION ADDITIONAL
	169	ns.example.net. IN A 1.2.3.5
	170	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	171	ENTRY_END
121	172
122	173	; response to DNSKEY priming query
123	174	ENTRY_BEGIN

+51

-0

testdata/val_cnametoposnowc.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

118	156	; ns.example.net.
119	157	RANGE_BEGIN 0 100
120	158	ADDRESS 1.2.3.5
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NOERROR
	163	SECTION QUESTION
	164	example.net. IN NS
	165	SECTION ANSWER
	166	example.net. IN NS ns.example.net.
	167	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	168	SECTION ADDITIONAL
	169	ns.example.net. IN A 1.2.3.5
	170	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	171	ENTRY_END
121	172
122	173	; response to DNSKEY priming query
123	174	ENTRY_BEGIN

+52

-0

testdata/val_cnametoposwc.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

118	156	; ns.example.net.
119	157	RANGE_BEGIN 0 100
120	158	ADDRESS 1.2.3.5
	159	ENTRY_BEGIN
	160	MATCH opcode qtype qname
	161	ADJUST copy_id
	162	REPLY QR NOERROR
	163	SECTION QUESTION
	164	example.net. IN NS
	165	SECTION ANSWER
	166	example.net. IN NS ns.example.net.
	167	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	168	SECTION ADDITIONAL
	169	ns.example.net. IN A 1.2.3.5
	170	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	171	ENTRY_END
	172
121	173
122	174	; response to DNSKEY priming query
123	175	ENTRY_BEGIN

+51

-0

testdata/val_cnamewctonodata.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

120	158	; ns.example.net.
121	159	RANGE_BEGIN 0 100
122	160	ADDRESS 1.2.3.5
	161	ENTRY_BEGIN
	162	MATCH opcode qtype qname
	163	ADJUST copy_id
	164	REPLY QR NOERROR
	165	SECTION QUESTION
	166	example.net. IN NS
	167	SECTION ANSWER
	168	example.net. IN NS ns.example.net.
	169	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	170	SECTION ADDITIONAL
	171	ns.example.net. IN A 1.2.3.5
	172	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	173	ENTRY_END
123	174
124	175	; response to DNSKEY priming query
125	176	ENTRY_BEGIN

+51

-0

testdata/val_cnamewctonx.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

120	158	; ns.example.net.
121	159	RANGE_BEGIN 0 100
122	160	ADDRESS 1.2.3.5
	161	ENTRY_BEGIN
	162	MATCH opcode qtype qname
	163	ADJUST copy_id
	164	REPLY QR NOERROR
	165	SECTION QUESTION
	166	example.net. IN NS
	167	SECTION ANSWER
	168	example.net. IN NS ns.example.net.
	169	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	170	SECTION ADDITIONAL
	171	ns.example.net. IN A 1.2.3.5
	172	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	173	ENTRY_END
123	174
124	175	; response to DNSKEY priming query
125	176	ENTRY_BEGIN

+51

-0

testdata/val_cnamewctoposwc.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

123	161	; ns.example.net.
124	162	RANGE_BEGIN 0 100
125	163	ADDRESS 1.2.3.5
	164	ENTRY_BEGIN
	165	MATCH opcode qtype qname
	166	ADJUST copy_id
	167	REPLY QR NOERROR
	168	SECTION QUESTION
	169	example.net. IN NS
	170	SECTION ANSWER
	171	example.net. IN NS ns.example.net.
	172	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	173	SECTION ADDITIONAL
	174	ns.example.net. IN A 1.2.3.5
	175	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	176	ENTRY_END
126	177
127	178	; response to DNSKEY priming query
128	179	ENTRY_BEGIN

+76

-16

testdata/val_dnametoolong.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

27	28	ENTRY_END
28	29
29	30	ENTRY_BEGIN
30		MATCH opcode qtype qname
31		ADJUST copy_id
32		REPLY QR NOERROR
33		SECTION QUESTION
34		www.example.com. IN A
	31	MATCH opcode subdomain
	32	ADJUST copy_id copy_query
	33	REPLY QR NOERROR
	34	SECTION QUESTION
	35	com. IN A
35	36	SECTION AUTHORITY
36	37	com. IN NS a.gtld-servers.net.
37	38	SECTION ADDITIONAL

39	40	ENTRY_END
40	41
41	42	ENTRY_BEGIN
42		MATCH opcode qtype qname
43		ADJUST copy_id
44		REPLY QR NOERROR
45		SECTION QUESTION
46		www.example.net. IN A
	43	MATCH opcode subdomain
	44	ADJUST copy_id copy_query
	45	REPLY QR NOERROR
	46	SECTION QUESTION
	47	net. IN A
47	48	SECTION AUTHORITY
48	49	net. IN NS a.gtld-servers.net.
49	50	SECTION ADDITIONAL

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
62		www.example.com. IN A
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode subdomain
	84	ADJUST copy_id copy_query
	85	REPLY QR NOERROR
	86	SECTION QUESTION
	87	example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.
65	90	SECTION ADDITIONAL
66	91	ns.example.com. IN A 1.2.3.4
67	92	ENTRY_END
68	93	ENTRY_BEGIN
69		MATCH opcode qtype qname
70		ADJUST copy_id
71		REPLY QR NOERROR
72		SECTION QUESTION
73		www.example.net. IN A
	94	MATCH opcode subdomain
	95	ADJUST copy_id copy_query
	96	REPLY QR NOERROR
	97	SECTION QUESTION
	98	example.net. IN A
74	99	SECTION AUTHORITY
75	100	example.net. IN NS ns.example.net.
76	101	SECTION ADDITIONAL

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
	122
	123	ENTRY_BEGIN
	124	MATCH opcode qtype qname
	125	ADJUST copy_id
	126	REPLY QR NOERROR
	127	SECTION QUESTION
	128	ns.example.com. IN AAAA
	129	SECTION ANSWER
	130	ENTRY_END
84	131
85	132	; response to DNSKEY priming query
86	133	ENTRY_BEGIN

123	170	; ns.example.net.
124	171	RANGE_BEGIN 0 100
125	172	ADDRESS 1.2.3.5
	173	ENTRY_BEGIN
	174	MATCH opcode qtype qname
	175	ADJUST copy_id
	176	REPLY QR NOERROR
	177	SECTION QUESTION
	178	example.net. IN NS
	179	SECTION ANSWER
	180	example.net. IN NS ns.example.net.
	181	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	182	SECTION ADDITIONAL
	183	ns.example.net. IN A 1.2.3.5
	184	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	185	ENTRY_END
126	186
127	187	; response to DNSKEY priming query
128	188	ENTRY_BEGIN

+51

-0

testdata/val_dnametopos.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

120	158	; ns.example.net.
121	159	RANGE_BEGIN 0 100
122	160	ADDRESS 1.2.3.5
	161	ENTRY_BEGIN
	162	MATCH opcode qtype qname
	163	ADJUST copy_id
	164	REPLY QR NOERROR
	165	SECTION QUESTION
	166	example.net. IN NS
	167	SECTION ANSWER
	168	example.net. IN NS ns.example.net.
	169	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	170	SECTION ADDITIONAL
	171	ns.example.net. IN A 1.2.3.5
	172	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	173	ENTRY_END
123	174
124	175	; response to DNSKEY priming query
125	176	ENTRY_BEGIN

+51

-0

testdata/val_dnametoposwc.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

120	158	; ns.example.net.
121	159	RANGE_BEGIN 0 100
122	160	ADDRESS 1.2.3.5
	161	ENTRY_BEGIN
	162	MATCH opcode qtype qname
	163	ADJUST copy_id
	164	REPLY QR NOERROR
	165	SECTION QUESTION
	166	example.net. IN NS
	167	SECTION ANSWER
	168	example.net. IN NS ns.example.net.
	169	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	170	SECTION ADDITIONAL
	171	ns.example.net. IN A 1.2.3.5
	172	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	173	ENTRY_END
123	174
124	175	; response to DNSKEY priming query
125	176	ENTRY_BEGIN

+51

-0

testdata/val_dnamewc.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

59	60	ADJUST copy_id
60	61	REPLY QR NOERROR
61	62	SECTION QUESTION
	63	com. IN NS
	64	SECTION ANSWER
	65	com. IN NS a.gtld-servers.net.
	66	SECTION ADDITIONAL
	67	a.gtld-servers.net. IN A 192.5.6.30
	68	ENTRY_END
	69
	70	ENTRY_BEGIN
	71	MATCH opcode qtype qname
	72	ADJUST copy_id
	73	REPLY QR NOERROR
	74	SECTION QUESTION
	75	net. IN NS
	76	SECTION ANSWER
	77	net. IN NS a.gtld-servers.net.
	78	SECTION ADDITIONAL
	79	a.gtld-servers.net. IN A 192.5.6.30
	80	ENTRY_END
	81
	82	ENTRY_BEGIN
	83	MATCH opcode qtype qname
	84	ADJUST copy_id
	85	REPLY QR NOERROR
	86	SECTION QUESTION
62	87	www.sub.example.com. IN A
63	88	SECTION AUTHORITY
64	89	example.com. IN NS ns.example.com.

81	106	; ns.example.com.
82	107	RANGE_BEGIN 0 100
83	108	ADDRESS 1.2.3.4
	109	ENTRY_BEGIN
	110	MATCH opcode qtype qname
	111	ADJUST copy_id
	112	REPLY QR NOERROR
	113	SECTION QUESTION
	114	example.com. IN NS
	115	SECTION ANSWER
	116	example.com. IN NS ns.example.com.
	117	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	118	SECTION ADDITIONAL
	119	ns.example.com. IN A 1.2.3.4
	120	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	121	ENTRY_END
84	122
85	123	; response to DNSKEY priming query
86	124	ENTRY_BEGIN

124	162	; ns.example.net.
125	163	RANGE_BEGIN 0 100
126	164	ADDRESS 1.2.3.5
	165	ENTRY_BEGIN
	166	MATCH opcode qtype qname
	167	ADJUST copy_id
	168	REPLY QR NOERROR
	169	SECTION QUESTION
	170	example.net. IN NS
	171	SECTION ANSWER
	172	example.net. IN NS ns.example.net.
	173	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	174	SECTION ADDITIONAL
	175	ns.example.net. IN A 1.2.3.5
	176	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	177	ENTRY_END
127	178
128	179	; response to DNSKEY priming query
129	180	ENTRY_BEGIN

+201

-0

testdata/val_ds_sha2.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with SHA256 DS digest
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.sub.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.sub.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response for delegation to sub.example.com.
	106	ENTRY_BEGIN
	107	MATCH opcode subdomain
	108	ADJUST copy_id copy_query
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	sub.example.com. IN A
	112	SECTION ANSWER
	113	SECTION AUTHORITY
	114	sub.example.com. IN NS ns.sub.example.com.
	115
	116	; SHA256 DS for sub.example.com.
	117	sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
	118	sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AJ6FL7yKjrpEEO8WMKlG7TVZoGjgFblJeu0rkJCmJxfdeh6ysUlWQWs= ;{id = 2854}
	119
	120	; SHA1 DS for sub.example.com.
	121	;sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
	122	SECTION ADDITIONAL
	123	ns.sub.example.com. IN A 1.2.3.6
	124	ENTRY_END
	125
	126	RANGE_END
	127
	128	; ns.sub.example.com.
	129	RANGE_BEGIN 0 100
	130	ADDRESS 1.2.3.6
	131	ENTRY_BEGIN
	132	MATCH opcode qtype qname
	133	ADJUST copy_id
	134	REPLY QR NOERROR
	135	SECTION QUESTION
	136	sub.example.com. IN NS
	137	SECTION ANSWER
	138	sub.example.com. IN NS ns.sub.example.com.
	139	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	140	SECTION ADDITIONAL
	141	ns.sub.example.com. IN A 1.2.3.6
	142	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	143	ENTRY_END
	144
	145	; response to DNSKEY priming query
	146	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
	147	ENTRY_BEGIN
	148	MATCH opcode qtype qname
	149	ADJUST copy_id
	150	REPLY QR NOERROR
	151	SECTION QUESTION
	152	sub.example.com. IN DNSKEY
	153	SECTION ANSWER
	154	sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	155	sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
	156	SECTION AUTHORITY
	157	sub.example.com. IN NS ns.sub.example.com.
	158	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	159	SECTION ADDITIONAL
	160	ns.sub.example.com. IN A 1.2.3.6
	161	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	162	ENTRY_END
	163
	164	; response to query of interest
	165	ENTRY_BEGIN
	166	MATCH opcode qtype qname
	167	ADJUST copy_id
	168	REPLY QR NOERROR
	169	SECTION QUESTION
	170	www.sub.example.com. IN A
	171	SECTION ANSWER
	172	www.sub.example.com. IN A 11.11.11.11
	173	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
	174	SECTION AUTHORITY
	175	SECTION ADDITIONAL
	176	ENTRY_END
	177	RANGE_END
	178
	179	STEP 1 QUERY
	180	ENTRY_BEGIN
	181	REPLY RD DO
	182	SECTION QUESTION
	183	www.sub.example.com. IN A
	184	ENTRY_END
	185
	186	; recursion happens here.
	187	STEP 10 CHECK_ANSWER
	188	ENTRY_BEGIN
	189	MATCH all
	190	REPLY QR RD RA AD NOERROR
	191	SECTION QUESTION
	192	www.sub.example.com. IN A
	193	SECTION ANSWER
	194	www.sub.example.com. 3600 IN A 11.11.11.11
	195	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
	196	SECTION AUTHORITY
	197	SECTION ADDITIONAL
	198	ENTRY_END
	199
	200	SCENARIO_END

+207

-0

testdata/val_ds_sha2_downgrade.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.sub.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.sub.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response for delegation to sub.example.com.
	106	ENTRY_BEGIN
	107	MATCH opcode subdomain
	108	ADJUST copy_id copy_query
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	sub.example.com. IN A
	112	SECTION ANSWER
	113	SECTION AUTHORITY
	114	sub.example.com. IN NS ns.sub.example.com.
	115
	116	; Downgrade attack: false SHA2, correct SHA1
	117
	118	; SHA256 DS for sub.example.com.
	119	;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
	120	; BAD SHA256 DS
	121	sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
	122
	123	; SHA1 DS for sub.example.com.
	124	sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
	125	sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
	126
	127	SECTION ADDITIONAL
	128	ns.sub.example.com. IN A 1.2.3.6
	129	ENTRY_END
	130
	131	RANGE_END
	132
	133	; ns.sub.example.com.
	134	RANGE_BEGIN 0 100
	135	ADDRESS 1.2.3.6
	136	ENTRY_BEGIN
	137	MATCH opcode qtype qname
	138	ADJUST copy_id
	139	REPLY QR NOERROR
	140	SECTION QUESTION
	141	sub.example.com. IN NS
	142	SECTION ANSWER
	143	sub.example.com. IN NS ns.sub.example.com.
	144	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	145	SECTION ADDITIONAL
	146	ns.sub.example.com. IN A 1.2.3.6
	147	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	148	ENTRY_END
	149
	150	; response to DNSKEY priming query
	151	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
	152	ENTRY_BEGIN
	153	MATCH opcode qtype qname
	154	ADJUST copy_id
	155	REPLY QR NOERROR
	156	SECTION QUESTION
	157	sub.example.com. IN DNSKEY
	158	SECTION ANSWER
	159	sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	160	sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
	161	SECTION AUTHORITY
	162	sub.example.com. IN NS ns.sub.example.com.
	163	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	164	SECTION ADDITIONAL
	165	ns.sub.example.com. IN A 1.2.3.6
	166	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	167	ENTRY_END
	168
	169	; response to query of interest
	170	ENTRY_BEGIN
	171	MATCH opcode qtype qname
	172	ADJUST copy_id
	173	REPLY QR NOERROR
	174	SECTION QUESTION
	175	www.sub.example.com. IN A
	176	SECTION ANSWER
	177	www.sub.example.com. IN A 11.11.11.11
	178	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
	179	SECTION AUTHORITY
	180	SECTION ADDITIONAL
	181	ENTRY_END
	182	RANGE_END
	183
	184	STEP 1 QUERY
	185	ENTRY_BEGIN
	186	REPLY RD DO
	187	SECTION QUESTION
	188	www.sub.example.com. IN A
	189	ENTRY_END
	190
	191	; recursion happens here.
	192	; must servfail, BOGUS
	193	STEP 10 CHECK_ANSWER
	194	ENTRY_BEGIN
	195	MATCH all
	196	REPLY QR RD RA SERVFAIL
	197	SECTION QUESTION
	198	www.sub.example.com. IN A
	199	SECTION ANSWER
	200	;www.sub.example.com. 3600 IN A 11.11.11.11
	201	;www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
	202	SECTION AUTHORITY
	203	SECTION ADDITIONAL
	204	ENTRY_END
	205
	206	SCENARIO_END

+42

-0

testdata/val_entds.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	RANGE_BEGIN 0 100
47	48	ADDRESS 192.5.6.30
48	49	ENTRY_BEGIN
	50	MATCH opcode qtype qname
	51	ADJUST copy_id
	52	REPLY QR NOERROR
	53	SECTION QUESTION
	54	com. IN NS
	55	SECTION ANSWER
	56	com. IN NS a.gtld-servers.net.
	57	SECTION ADDITIONAL
	58	a.gtld-servers.net. IN A 192.5.6.30
	59	ENTRY_END
	60
	61	ENTRY_BEGIN
49	62	MATCH opcode qtype
50	63	ADJUST copy_id copy_query
51	64	REPLY QR NOERROR

61	74	; ns.example.com.
62	75	RANGE_BEGIN 0 100
63	76	ADDRESS 1.2.3.4
	77	ENTRY_BEGIN
	78	MATCH opcode qtype qname
	79	ADJUST copy_id
	80	REPLY QR NOERROR
	81	SECTION QUESTION
	82	example.com. IN NS
	83	SECTION ANSWER
	84	example.com. IN NS ns.example.com.
	85	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	86	SECTION ADDITIONAL
	87	ns.example.com. IN A 1.2.3.4
	88	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	89	ENTRY_END
64	90
65	91	; response to DNSKEY priming query
66	92	ENTRY_BEGIN

124	150	; ns.c.5.6.example.com.
125	151	RANGE_BEGIN 0 100
126	152	ADDRESS 1.2.3.6
	153	ENTRY_BEGIN
	154	MATCH opcode qtype qname
	155	ADJUST copy_id
	156	REPLY AA QR NOERROR
	157	SECTION QUESTION
	158	c.5.6.example.com. IN NS
	159	SECTION ANSWER
	160	ENTRY_END
127	161
128	162	; response to DNSKEY priming query
129	163	ENTRY_BEGIN

180	214	; ns.b.3.4.c.5.6.example.com.
181	215	RANGE_BEGIN 0 100
182	216	ADDRESS 1.2.3.7
	217	ENTRY_BEGIN
	218	MATCH opcode qtype qname
	219	ADJUST copy_id
	220	REPLY QR AA NOERROR
	221	SECTION QUESTION
	222	b.3.4.c.5.6.example.com. IN NS
	223	SECTION ANSWER
	224	ENTRY_END
183	225
184	226	; response to DNSKEY priming query
185	227	ENTRY_BEGIN

+40

-4

testdata/val_faildnskey.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6	# test that default value of harden-dnssec-stripped is still yes.
6	7
7	8	stub-zone:

27	28	ENTRY_END
28	29
29	30	ENTRY_BEGIN
30		MATCH opcode qtype qname
31		ADJUST copy_id
	31	MATCH opcode subdomain
	32	ADJUST copy_id copy_query
32	33	REPLY QR NOERROR
33	34	SECTION QUESTION
34		www.example.com. IN A
	35	com. IN A
35	36	SECTION AUTHORITY
36	37	com. IN NS a.gtld-servers.net.
37	38	SECTION ADDITIONAL

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
50		www.example.com. IN A
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode subdomain
	60	ADJUST copy_id copy_query
	61	REPLY QR NOERROR
	62	SECTION QUESTION
	63	example.com. IN A
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.
53	66	SECTION ADDITIONAL

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

95	121	ns.example.com. IN A 1.2.3.4
96	122	www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
97	123	ENTRY_END
	124
	125	ENTRY_BEGIN
	126	MATCH opcode qtype qname
	127	ADJUST copy_id
	128	REPLY QR NOERROR
	129	SECTION QUESTION
	130	ns.example.com. IN AAAA
	131	SECTION ANSWER
	132	ENTRY_END
	133
98	134	RANGE_END
99	135
100	136	STEP 1 QUERY

+40

-4

testdata/val_faildnskey_ok.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
5	5	harden-dnssec-stripped: no
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

27	28	ENTRY_END
28	29
29	30	ENTRY_BEGIN
30		MATCH opcode qtype qname
31		ADJUST copy_id
	31	MATCH opcode subdomain
	32	ADJUST copy_id copy_query
32	33	REPLY QR NOERROR
33	34	SECTION QUESTION
34		www.example.com. IN A
	35	com. IN A
35	36	SECTION AUTHORITY
36	37	com. IN NS a.gtld-servers.net.
37	38	SECTION ADDITIONAL

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
50		www.example.com. IN A
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode subdomain
	60	ADJUST copy_id copy_query
	61	REPLY QR NOERROR
	62	SECTION QUESTION
	63	example.com. IN A
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.
53	66	SECTION ADDITIONAL

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

95	121	ns.example.com. IN A 1.2.3.4
96	122	www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
97	123	ENTRY_END
	124
	125	ENTRY_BEGIN
	126	MATCH opcode qtype qname
	127	ADJUST copy_id
	128	REPLY QR NOERROR
	129	SECTION QUESTION
	130	ns.example.com. IN AAAA
	131	SECTION ANSWER
	132	ENTRY_END
	133
98	134	RANGE_END
99	135
100	136	STEP 1 QUERY

+26

-0

testdata/val_mal_wc.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	b.example.com. IN DS
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_noadwhennodo.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodata.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodata_ent.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodata_entwc.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodata_failsig.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodata_hasdata.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodata_zonecut.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodatawc.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodatawc_badce.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodatawc_nodeny.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nodatawc_one.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+30

-4

testdata/val_nokeyprime.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

26	27	ENTRY_END
27	28
28	29	ENTRY_BEGIN
29		MATCH opcode qtype qname
30		ADJUST copy_id
	30	MATCH opcode subdomain
	31	ADJUST copy_id copy_query
31	32	REPLY QR NOERROR
32	33	SECTION QUESTION
33		www.example.com. IN A
	34	com. IN A
34	35	SECTION AUTHORITY
35	36	com. IN NS a.gtld-servers.net.
36	37	SECTION ADDITIONAL

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
49		www.example.com. IN A
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode subdomain
	59	ADJUST copy_id copy_query
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.
52	65	SECTION ADDITIONAL

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+9

-0

testdata/val_nsec3_b1_nameerror.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b1_nameerror_noce.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b1_nameerror_nonc.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm 3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b1_nameerror_nowc.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b21_nodataent.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b21_nodataent_wr.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b2_nodata.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b2_nodata_nons.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+37

-0

testdata/val_nsec3_b3_optout.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

113	122	ADJUST copy_id
114	123	REPLY QR AA NOERROR
115	124	SECTION QUESTION
	125	c.example. IN NS
	126	SECTION ANSWER
	127	c.example. NS ns1.c.example.
	128	c.example. NS ns2.c.example.
	129	SECTION ADDITIONAL
	130	ns1.c.example. A 192.0.2.7
	131	ns2.c.example. A 192.0.2.8
	132	ENTRY_END
	133
	134	ENTRY_BEGIN
	135	MATCH opcode qtype qname
	136	ADJUST copy_id
	137	REPLY QR AA NOERROR
	138	SECTION QUESTION
116	139	mc.c.example. IN MX
117	140	SECTION ANSWER
118	141	mc.c.example. IN MX 50 mx.c.example.

128	151	; ns2.c.example.
129	152	RANGE_BEGIN 0 100
130	153	ADDRESS 192.0.2.8
	154	ENTRY_BEGIN
	155	MATCH opcode qtype qname
	156	ADJUST copy_id
	157	REPLY QR AA NOERROR
	158	SECTION QUESTION
	159	c.example. IN NS
	160	SECTION ANSWER
	161	c.example. NS ns1.c.example.
	162	c.example. NS ns2.c.example.
	163	SECTION ADDITIONAL
	164	ns1.c.example. A 192.0.2.7
	165	ns2.c.example. A 192.0.2.8
	166	ENTRY_END
	167
131	168	ENTRY_BEGIN
132	169	MATCH opcode qtype qname
133	170	ADJUST copy_id

+213

-0

testdata/val_nsec3_b3_optout_negcache.rpl less more

	0	; config options
	1	server:
	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
	5
	6	stub-zone:
	7	name: "."
	8	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	9	CONFIG_END
	10
	11	SCENARIO_BEGIN Test validator NSEC3 B.3 referral optout with negative cache.
	12
	13	; K.ROOT-SERVERS.NET.
	14	RANGE_BEGIN 0 100
	15	ADDRESS 193.0.14.129
	16	ENTRY_BEGIN
	17	MATCH opcode qtype qname
	18	ADJUST copy_id
	19	REPLY QR NOERROR
	20	SECTION QUESTION
	21	. IN NS
	22	SECTION ANSWER
	23	. IN NS K.ROOT-SERVERS.NET.
	24	SECTION ADDITIONAL
	25	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	26	ENTRY_END
	27
	28	ENTRY_BEGIN
	29	MATCH opcode
	30	ADJUST copy_id copy_query
	31	REPLY QR NOERROR
	32	SECTION QUESTION
	33	. IN A
	34	SECTION AUTHORITY
	35	example. IN NS ns1.example.
	36	; leave out to make unbound take ns1
	37	;example. IN NS ns2.example.
	38	SECTION ADDITIONAL
	39	ns1.example. IN A 192.0.2.1
	40	; leave out to make unbound take ns1
	41	;ns2.example. IN A 192.0.2.2
	42	ENTRY_END
	43	RANGE_END
	44
	45	; ns1.example.
	46	RANGE_BEGIN 0 100
	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
	56
	57	; response to DNSKEY priming query
	58
	59	ENTRY_BEGIN
	60	MATCH opcode qtype qname
	61	ADJUST copy_id
	62	REPLY QR NOERROR
	63	SECTION QUESTION
	64	example. IN DNSKEY
	65	SECTION ANSWER
	66	example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
	67	example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
	68	example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
	69	ENTRY_END
	70
	71	ENTRY_BEGIN
	72	MATCH opcode qtype qname
	73	ADJUST copy_id
	74	REPLY QR AA DO NOERROR
	75	SECTION QUESTION
	76	mc.c.example. IN MX
	77	SECTION AUTHORITY
	78	c.example. NS ns1.c.example.
	79	c.example. NS ns2.c.example.
	80
	81	;; NSEC3 RR that covers the "next closer" name (c.example)
	82	;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
	83	35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
	84	35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
	85
	86	;; NSEC3 RR that matches the closest encloser (example)
	87	;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
	88	0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
	89	0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
	90
	91	SECTION ADDITIONAL
	92	ns1.c.example. A 192.0.2.7
	93	ns2.c.example. A 192.0.2.8
	94
	95	ENTRY_END
	96
	97
	98	; DS must be gotten from neg cache
	99	; ENTRY_BEGIN
	100	; MATCH opcode qtype qname
	101	; ADJUST copy_id
	102	; REPLY QR AA DO NOERROR
	103	; SECTION QUESTION
	104	; c.example. IN DS
	105	; SECTION AUTHORITY
	106	; ;; NSEC3 RR that covers the "next closer" name (c.example)
	107	; ;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
	108	; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
	109	; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
	110	;
	111	; ;; NSEC3 RR that matches the closest encloser (example)
	112	; ;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
	113	; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
	114	; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
	115	; ENTRY_END
	116
	117	RANGE_END
	118
	119	; ns1.c.example.
	120	RANGE_BEGIN 0 100
	121	ADDRESS 192.0.2.7
	122	ENTRY_BEGIN
	123	MATCH opcode qtype qname
	124	ADJUST copy_id
	125	REPLY QR AA NOERROR
	126	SECTION QUESTION
	127	c.example. IN NS
	128	SECTION ANSWER
	129	c.example. NS ns1.c.example.
	130	c.example. NS ns2.c.example.
	131	SECTION ADDITIONAL
	132	ns1.c.example. A 192.0.2.7
	133	ns2.c.example. A 192.0.2.8
	134	ENTRY_END
	135
	136	ENTRY_BEGIN
	137	MATCH opcode qtype qname
	138	ADJUST copy_id
	139	REPLY QR AA NOERROR
	140	SECTION QUESTION
	141	mc.c.example. IN MX
	142	SECTION ANSWER
	143	mc.c.example. IN MX 50 mx.c.example.
	144	SECTION AUTHORITY
	145	c.example. NS ns1.c.example.
	146	c.example. NS ns2.c.example.
	147	SECTION ADDITIONAL
	148	ns1.c.example. A 192.0.2.7
	149	ns2.c.example. A 192.0.2.8
	150	ENTRY_END
	151	RANGE_END
	152
	153	; ns2.c.example.
	154	RANGE_BEGIN 0 100
	155	ADDRESS 192.0.2.8
	156	ENTRY_BEGIN
	157	MATCH opcode qtype qname
	158	ADJUST copy_id
	159	REPLY QR AA NOERROR
	160	SECTION QUESTION
	161	c.example. IN NS
	162	SECTION ANSWER
	163	c.example. NS ns1.c.example.
	164	c.example. NS ns2.c.example.
	165	SECTION ADDITIONAL
	166	ns1.c.example. A 192.0.2.7
	167	ns2.c.example. A 192.0.2.8
	168	ENTRY_END
	169
	170	ENTRY_BEGIN
	171	MATCH opcode qtype qname
	172	ADJUST copy_id
	173	REPLY QR AA NOERROR
	174	SECTION QUESTION
	175	mc.c.example. IN MX
	176	SECTION ANSWER
	177	mc.c.example. IN MX 50 mx.c.example.
	178	SECTION AUTHORITY
	179	c.example. NS ns1.c.example.
	180	c.example. NS ns2.c.example.
	181	SECTION ADDITIONAL
	182	ns1.c.example. A 192.0.2.7
	183	ns2.c.example. A 192.0.2.8
	184	ENTRY_END
	185	RANGE_END
	186
	187
	188	STEP 1 QUERY
	189	ENTRY_BEGIN
	190	REPLY RD DO
	191	SECTION QUESTION
	192	mc.c.example. IN MX
	193	ENTRY_END
	194
	195	; recursion happens here.
	196	STEP 10 CHECK_ANSWER
	197	ENTRY_BEGIN
	198	MATCH all
	199	REPLY QR RD RA NOERROR
	200	SECTION QUESTION
	201	mc.c.example. IN MX
	202	SECTION ANSWER
	203	mc.c.example. IN MX 50 mx.c.example.
	204	SECTION AUTHORITY
	205	c.example. NS ns1.c.example.
	206	c.example. NS ns2.c.example.
	207	SECTION ADDITIONAL
	208	ns1.c.example. A 192.0.2.7
	209	ns2.c.example. A 192.0.2.8
	210	ENTRY_END
	211
	212	SCENARIO_END

+39

-2

testdata/val_nsec3_b3_optout_noce.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

76	85
77	86	;; NSEC3 RR that matches the closest encloser (example)
78	87	;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
79		0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
80		0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
	88	; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
	89	; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
81	90
82	91	SECTION ADDITIONAL
83	92	ns1.c.example. A 192.0.2.7

113	122	ADJUST copy_id
114	123	REPLY QR AA NOERROR
115	124	SECTION QUESTION
	125	c.example. IN NS
	126	SECTION ANSWER
	127	c.example. NS ns1.c.example.
	128	c.example. NS ns2.c.example.
	129	SECTION ADDITIONAL
	130	ns1.c.example. A 192.0.2.7
	131	ns2.c.example. A 192.0.2.8
	132	ENTRY_END
	133
	134	ENTRY_BEGIN
	135	MATCH opcode qtype qname
	136	ADJUST copy_id
	137	REPLY QR AA NOERROR
	138	SECTION QUESTION
116	139	mc.c.example. IN MX
117	140	SECTION ANSWER
118	141	mc.c.example. IN MX 50 mx.c.example.

128	151	; ns2.c.example.
129	152	RANGE_BEGIN 0 100
130	153	ADDRESS 192.0.2.8
	154	ENTRY_BEGIN
	155	MATCH opcode qtype qname
	156	ADJUST copy_id
	157	REPLY QR AA NOERROR
	158	SECTION QUESTION
	159	c.example. IN NS
	160	SECTION ANSWER
	161	c.example. NS ns1.c.example.
	162	c.example. NS ns2.c.example.
	163	SECTION ADDITIONAL
	164	ns1.c.example. A 192.0.2.7
	165	ns2.c.example. A 192.0.2.8
	166	ENTRY_END
	167
131	168	ENTRY_BEGIN
132	169	MATCH opcode qtype qname
133	170	ADJUST copy_id

+39

-2

testdata/val_nsec3_b3_optout_nonc.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

71	80
72	81	;; NSEC3 RR that covers the "next closer" name (c.example)
73	82	;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
74		35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
75		35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
	83	; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
	84	; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
76	85
77	86	;; NSEC3 RR that matches the closest encloser (example)
78	87	;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom

113	122	ADJUST copy_id
114	123	REPLY QR AA NOERROR
115	124	SECTION QUESTION
	125	c.example. IN NS
	126	SECTION ANSWER
	127	c.example. NS ns1.c.example.
	128	c.example. NS ns2.c.example.
	129	SECTION ADDITIONAL
	130	ns1.c.example. A 192.0.2.7
	131	ns2.c.example. A 192.0.2.8
	132	ENTRY_END
	133
	134	ENTRY_BEGIN
	135	MATCH opcode qtype qname
	136	ADJUST copy_id
	137	REPLY QR AA NOERROR
	138	SECTION QUESTION
116	139	mc.c.example. IN MX
117	140	SECTION ANSWER
118	141	mc.c.example. IN MX 50 mx.c.example.

128	151	; ns2.c.example.
129	152	RANGE_BEGIN 0 100
130	153	ADDRESS 192.0.2.8
	154	ENTRY_BEGIN
	155	MATCH opcode qtype qname
	156	ADJUST copy_id
	157	REPLY QR AA NOERROR
	158	SECTION QUESTION
	159	c.example. IN NS
	160	SECTION ANSWER
	161	c.example. NS ns1.c.example.
	162	c.example. NS ns2.c.example.
	163	SECTION ADDITIONAL
	164	ns1.c.example. A 192.0.2.7
	165	ns2.c.example. A 192.0.2.8
	166	ENTRY_END
	167
131	168	ENTRY_BEGIN
132	169	MATCH opcode qtype qname
133	170	ADJUST copy_id

+9

-0

testdata/val_nsec3_b4_wild.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b4_wild_wr.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b5_wcnodata.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b5_wcnodata_noce.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b5_wcnodata_nonc.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+9

-0

testdata/val_nsec3_b5_wcnodata_nowc.rpl less more

1	1	server:
2	2	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
3	3	val-override-date: "20120420235959"
	4	target-fetch-policy: "0 0 0 0 0"
4	5
5	6	stub-zone:
6	7	name: "."

44	45	; ns1.example.
45	46	RANGE_BEGIN 0 100
46	47	ADDRESS 192.0.2.1
	48	ENTRY_BEGIN
	49	MATCH opcode qtype qname
	50	ADJUST copy_id copy_query
	51	REPLY QR REFUSED
	52	SECTION QUESTION
	53	example. IN NS
	54	SECTION ANSWER
	55	ENTRY_END
47	56
48	57	; response to DNSKEY priming query
49	58

+37

-0

testdata/val_nsec3_cname_ds.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.sub.example.com. IN DS
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

112	138	; ns.sub.example.com.
113	139	RANGE_BEGIN 0 100
114	140	ADDRESS 1.2.3.10
	141	ENTRY_BEGIN
	142	MATCH opcode qtype qname
	143	ADJUST copy_id
	144	REPLY QR NOERROR
	145	SECTION QUESTION
	146	sub.example.com. IN NS
	147	SECTION ANSWER
	148	sub.example.com. IN NS ns.sub.example.com.
	149	SECTION ADDITIONAL
	150	ns.sub.example.com. IN A 1.2.3.10
	151	ENTRY_END
115	152
116	153	; response to DNSKEY priming query
117	154	ENTRY_BEGIN

+37

-0

testdata/val_nsec3_cname_par.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
50	63	www.sub.example.com. IN A
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

113	139	; ns.sub.example.com.
114	140	RANGE_BEGIN 0 100
115	141	ADDRESS 1.2.3.10
	142	ENTRY_BEGIN
	143	MATCH opcode qtype qname
	144	ADJUST copy_id
	145	REPLY QR NOERROR
	146	SECTION QUESTION
	147	sub.example.com. IN NS
	148	SECTION ANSWER
	149	sub.example.com. IN NS ns.sub.example.com.
	150	SECTION ADDITIONAL
	151	ns.sub.example.com. IN A 1.2.3.10
	152	ENTRY_END
116	153
117	154	; response to DNSKEY priming query
118	155	ENTRY_BEGIN

+37

-0

testdata/val_nsec3_cname_sub.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
50	63	www.example.com. IN A
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

114	140	; ns.sub.example.com.
115	141	RANGE_BEGIN 0 100
116	142	ADDRESS 1.2.3.10
	143	ENTRY_BEGIN
	144	MATCH opcode qtype qname
	145	ADJUST copy_id
	146	REPLY QR NOERROR
	147	SECTION QUESTION
	148	sub.example.com. IN NS
	149	SECTION ANSWER
	150	sub.example.com. IN NS ns.sub.example.com.
	151	SECTION ADDITIONAL
	152	ns.sub.example.com. IN A 1.2.3.10
	153	ENTRY_END
117	154
118	155	; response to DNSKEY priming query
119	156	ENTRY_BEGIN

+26

-0

testdata/val_nsec3_iter_high.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
5	5	val-nsec3-keysize-iterations: "1024 100 2048 200 4096 500"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
50	63	www.example.com. IN A
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

+26

-0

testdata/val_nsec3_nodatawccname.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+35

-0

testdata/val_nsec3_nods.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.sub.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

132	158	; ns.sub.example.com.
133	159	RANGE_BEGIN 0 100
134	160	ADDRESS 1.2.3.10
	161	ENTRY_BEGIN
	162	MATCH opcode qtype qname
	163	ADJUST copy_id
	164	REPLY QR REFUSED
	165	SECTION QUESTION
	166	sub.example.com. IN NS
	167	SECTION ANSWER
	168	ENTRY_END
	169
135	170
136	171	; response to DNSKEY priming query
137	172	ENTRY_BEGIN

+34

-0

testdata/val_nsec3_nods_badopt.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.sub.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

138	164	; ns.sub.example.com.
139	165	RANGE_BEGIN 0 100
140	166	ADDRESS 1.2.3.10
	167	ENTRY_BEGIN
	168	MATCH opcode qtype qname
	169	ADJUST copy_id
	170	REPLY QR REFUSED
	171	SECTION QUESTION
	172	sub.example.com. IN NS
	173	SECTION ANSWER
	174	ENTRY_END
141	175
142	176	; response to DNSKEY priming query
143	177	ENTRY_BEGIN

+219

-0

testdata/val_nsec3_nods_negcache.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with NSEC3 with no DS referral from neg cache.
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.sub.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.sub.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response to query of interest
	106	ENTRY_BEGIN
	107	MATCH opcode qtype qname
	108	ADJUST copy_id
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	www.example.com. IN A
	112	SECTION AUTHORITY
	113	example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
	114	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
	115
	116	; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
	117	s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
	118	s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
	119
	120	ENTRY_END
	121
	122	; refer to server one down
	123	ENTRY_BEGIN
	124	MATCH opcode qtype qname
	125	ADJUST copy_id
	126	REPLY QR NOERROR
	127	SECTION QUESTION
	128	www.sub.example.com. IN A
	129	SECTION AUTHORITY
	130	sub.example.com. IN NS ns.sub.example.com.
	131	; proof that there is no DS here.
	132	;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
	133	;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
	134	; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
	135	8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
	136	8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
	137
	138	SECTION ADDITIONAL
	139	ns.sub.example.com. IN A 1.2.3.10
	140	ENTRY_END
	141
	142	; get DS proof from neg cache
	143	; ENTRY_BEGIN
	144	; MATCH opcode qtype qname
	145	; ADJUST copy_id
	146	; REPLY QR NOERROR
	147	; SECTION QUESTION
	148	; sub.example.com. IN DS
	149	; SECTION AUTHORITY
	150	; ; proof that there is no DS here.
	151	; ;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
	152	; ;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
	153	; ; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
	154	; 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
	155	; 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
	156	; ENTRY_END
	157	RANGE_END
	158
	159	; ns.sub.example.com.
	160	RANGE_BEGIN 0 100
	161	ADDRESS 1.2.3.10
	162	ENTRY_BEGIN
	163	MATCH opcode qtype qname
	164	ADJUST copy_id
	165	REPLY QR REFUSED
	166	SECTION QUESTION
	167	sub.example.com. IN NS
	168	SECTION ANSWER
	169	ENTRY_END
	170
	171
	172	; response to DNSKEY priming query
	173	ENTRY_BEGIN
	174	MATCH opcode qtype qname
	175	ADJUST copy_id
	176	REPLY QR NOERROR
	177	SECTION QUESTION
	178	sub.example.com. IN DNSKEY
	179	SECTION ANSWER
	180	sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	181	sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
	182
	183	ENTRY_END
	184
	185	ENTRY_BEGIN
	186	MATCH opcode qtype qname
	187	ADJUST copy_id
	188	REPLY QR NOERROR
	189	SECTION QUESTION
	190	www.sub.example.com. IN A
	191	SECTION ANSWER
	192	www.sub.example.com. IN A 1.2.3.123
	193	www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
	194	ENTRY_END
	195	RANGE_END
	196
	197	STEP 1 QUERY
	198	ENTRY_BEGIN
	199	REPLY RD DO
	200	SECTION QUESTION
	201	www.sub.example.com. IN A
	202	ENTRY_END
	203
	204	; recursion happens here.
	205	STEP 10 CHECK_ANSWER
	206	ENTRY_BEGIN
	207	MATCH all
	208	REPLY QR RD RA NOERROR
	209	SECTION QUESTION
	210	www.sub.example.com. IN A
	211	SECTION ANSWER
	212	www.sub.example.com. IN A 1.2.3.123
	213	www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
	214	SECTION AUTHORITY
	215	SECTION ADDITIONAL
	216	ENTRY_END
	217
	218	SCENARIO_END

+34

-0

testdata/val_nsec3_nods_soa.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
50	63	www.sub.example.com. IN A
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

133	159	; ns.sub.example.com.
134	160	RANGE_BEGIN 0 100
135	161	ADDRESS 1.2.3.10
	162	ENTRY_BEGIN
	163	MATCH opcode qtype qname
	164	ADJUST copy_id
	165	REPLY QR REFUSED
	166	SECTION QUESTION
	167	sub.example.com. IN NS
	168	SECTION ANSWER
	169	ENTRY_END
136	170
137	171	; response to DNSKEY priming query
138	172	ENTRY_BEGIN

+26

-0

testdata/val_nsec3_wcany.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN ANY
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nsec3_wcany_nodeny.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN ANY
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+27

-1

testdata/val_nx.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

93	119	; qname denial
94	120	wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG
95	121	wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
96		SECTIO ADDITIONAL
	122	SECTION ADDITIONAL
97	123	ENTRY_END
98	124	RANGE_END
99	125

+27

-1

testdata/val_nx_nodeny.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

93	119	; qname denial
94	120	;wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG
95	121	;wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
96		SECTIO ADDITIONAL
	122	SECTION ADDITIONAL
97	123	ENTRY_END
98	124	RANGE_END
99	125

+27

-1

testdata/val_nx_nowc.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

93	119	; qname denial
94	120	wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG
95	121	wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
96		SECTIO ADDITIONAL
	122	SECTION ADDITIONAL
97	123	ENTRY_END
98	124	RANGE_END
99	125

+26

-0

testdata/val_nx_nsec3_collision.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_nx_nsec3_params.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+147

-0

testdata/val_nx_overreach.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with overreaching NSEC record
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response to query of interest
	106	ENTRY_BEGIN
	107	MATCH opcode qtype qname
	108	ADJUST copy_id
	109	REPLY QR NXDOMAIN
	110	SECTION QUESTION
	111	www.example.com. IN A
	112	SECTION ANSWER
	113	SECTION AUTHORITY
	114	example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
	115	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
	116	; wildcard denial
	117	example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG
	118	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
	119	; qname denial
	120	; The overreaching NSEC record; it tries to deny other .com zones!
	121	wab.example.com. IN NSEC wzz.foo.com. A NSEC RRSIG
	122	wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AEimIB2N5u7AQOb5IBMnckASZ4MlhBxziJy+zVUjLov/s7q85j8eWQc= ;{id = 2854}
	123	SECTION ADDITIONAL
	124	ENTRY_END
	125	RANGE_END
	126
	127	STEP 1 QUERY
	128	ENTRY_BEGIN
	129	REPLY RD DO
	130	SECTION QUESTION
	131	www.example.com. IN A
	132	ENTRY_END
	133
	134	; recursion happens here.
	135	STEP 10 CHECK_ANSWER
	136	ENTRY_BEGIN
	137	MATCH all
	138	REPLY QR RD RA SERVFAIL
	139	SECTION QUESTION
	140	www.example.com. IN A
	141	SECTION ANSWER
	142	SECTION AUTHORITY
	143	SECTION ADDITIONAL
	144	ENTRY_END
	145
	146	SCENARIO_END

+26

-0

testdata/val_positive.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+30

-4

testdata/val_positive_nosigs.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

26	27	ENTRY_END
27	28
28	29	ENTRY_BEGIN
29		MATCH opcode qtype qname
30		ADJUST copy_id
	30	MATCH opcode subdomain
	31	ADJUST copy_id copy_query
31	32	REPLY QR NOERROR
32	33	SECTION QUESTION
33		www.example.com. IN A
	34	com. IN A
34	35	SECTION AUTHORITY
35	36	com. IN NS a.gtld-servers.net.
36	37	SECTION ADDITIONAL

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
49		www.example.com. IN A
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode subdomain
	59	ADJUST copy_id copy_query
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.
52	65	SECTION ADDITIONAL

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_positive_wc.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_positive_wc_nodeny.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_qds_badanc.rpl less more

2	2	server:
3	3	trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
50	63	sub.example.com. IN DS
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

+26

-0

testdata/val_qds_oneanc.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	sub.example.com. IN DS
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

+26

-0

testdata/val_qds_twoanc.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
5	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
6	7
7	8	stub-zone:
8	9	name: "."

47	48	ADJUST copy_id
48	49	REPLY QR NOERROR
49	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION ANSWER
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id
	61	REPLY QR NOERROR
	62	SECTION QUESTION
50	63	sub.example.com. IN DS
51	64	SECTION AUTHORITY
52	65	example.com. IN NS ns.example.com.

58	71	; ns.example.com.
59	72	RANGE_BEGIN 0 100
60	73	ADDRESS 1.2.3.4
	74	ENTRY_BEGIN
	75	MATCH opcode qtype qname
	76	ADJUST copy_id
	77	REPLY QR NOERROR
	78	SECTION QUESTION
	79	example.com. IN NS
	80	SECTION ANSWER
	81	example.com. IN NS ns.example.com.
	82	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	83	SECTION ADDITIONAL
	84	ns.example.com. IN A 1.2.3.4
	85	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	86	ENTRY_END
61	87
62	88	; response to DNSKEY priming query
63	89	ENTRY_BEGIN

+68

-0

testdata/val_refer_unsignadd.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
5	5	val-override-date: "20070916134226"
	6	access-control: 127.0.0.1 allow_snoop
	7	target-fetch-policy: "0 0 0 0 0"
6	8
7	9	stub-zone:
8	10	name: "."

61	63	RANGE_BEGIN 0 100
62	64	ADDRESS 192.5.6.30
63	65	ENTRY_BEGIN
	66	MATCH opcode qtype qname
	67	ADJUST copy_id
	68	REPLY QR NOERROR
	69	SECTION QUESTION
	70	com. IN NS
	71	SECTION ANSWER
	72	com. IN NS a.gtld-servers.net.
	73	SECTION ADDITIONAL
	74	a.gtld-servers.net. IN A 192.5.6.30
	75	ENTRY_END
	76
	77	ENTRY_BEGIN
	78	MATCH opcode qtype qname
	79	ADJUST copy_id
	80	REPLY QR NOERROR
	81	SECTION QUESTION
	82	net. IN NS
	83	SECTION ANSWER
	84	net. IN NS a.gtld-servers.net.
	85	SECTION ADDITIONAL
	86	a.gtld-servers.net. IN A 192.5.6.30
	87	ENTRY_END
	88
	89	ENTRY_BEGIN
64	90	MATCH opcode qname
65	91	ADJUST copy_id copy_query
66	92	REPLY QR NOERROR

89	115	; ns.example.com.
90	116	RANGE_BEGIN 0 100
91	117	ADDRESS 1.2.3.4
	118	ENTRY_BEGIN
	119	MATCH opcode qtype qname
	120	ADJUST copy_id
	121	REPLY QR NOERROR
	122	SECTION QUESTION
	123	example.com. IN NS
	124	SECTION ANSWER
	125	example.com. IN NS ns.example.com.
	126	example.com. IN NS ns.example.net.
	127	example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
	128	SECTION ADDITIONAL
	129	ns.example.com. IN A 1.2.3.4
	130	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	131	ENTRY_END
92	132
93	133	; response to example.com. DNSKEY priming query
94	134	ENTRY_BEGIN

126	166	; ns.example.net.
127	167	RANGE_BEGIN 0 100
128	168	ADDRESS 1.2.3.5
	169	ENTRY_BEGIN
	170	MATCH opcode qtype qname
	171	ADJUST copy_id
	172	REPLY QR NOERROR
	173	SECTION QUESTION
	174	example.com. IN NS
	175	SECTION ANSWER
	176	example.com. IN NS ns.example.com.
	177	example.com. IN NS ns.example.net.
	178	example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
	179	SECTION ADDITIONAL
	180	ns.example.com. IN A 1.2.3.4
	181	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	182	ENTRY_END
129	183
130	184	; example.com zone in ns.example.net.
131	185	; response to example.com. DNSKEY priming query

161	215	ENTRY_END
162	216
163	217	; example.net zone in ns.example.net.
	218	ENTRY_BEGIN
	219	MATCH opcode qtype qname
	220	ADJUST copy_id
	221	REPLY QR NOERROR
	222	SECTION QUESTION
	223	example.net. IN NS
	224	SECTION ANSWER
	225	example.net. IN NS ns.example.net.
	226	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
	227	SECTION ADDITIONAL
	228	ns.example.net. IN A 1.2.3.5
	229	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
	230	ENTRY_END
	231
164	232	; response to DNSKEY priming query
165	233	ENTRY_BEGIN
166	234	MATCH opcode qtype qname

+32

-4

testdata/val_referd.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	harden-referral-path: no
	6	access-control: 127.0.0.1 allow_snoop
	7	target-fetch-policy: "0 0 0 0 0"
5	8
6	9	stub-zone:
7	10	name: "."

46	49	ADJUST copy_id
47	50	REPLY QR NOERROR
48	51	SECTION QUESTION
	52	com. IN NS
	53	SECTION ANSWER
	54	com. IN NS a.gtld-servers.net.
	55	SECTION ADDITIONAL
	56	a.gtld-servers.net. IN A 192.5.6.30
	57	ENTRY_END
	58
	59	ENTRY_BEGIN
	60	MATCH opcode qtype qname
	61	ADJUST copy_id
	62	REPLY QR NOERROR
	63	SECTION QUESTION
49	64	www.example.com. IN A
50	65	SECTION AUTHORITY
51	66	example.com. IN NS ns.example.com.

57	72	; ns.example.com.
58	73	RANGE_BEGIN 0 100
59	74	ADDRESS 1.2.3.4
	75	ENTRY_BEGIN
	76	MATCH opcode qtype qname
	77	ADJUST copy_id
	78	REPLY QR NOERROR
	79	SECTION QUESTION
	80	example.com. IN NS
	81	SECTION ANSWER
	82	example.com. IN NS ns.example.com.
	83	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	84	SECTION ADDITIONAL
	85	ns.example.com. IN A 1.2.3.4
	86	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
	87	ENTRY_END
60	88
61	89	; response to DNSKEY priming query
62	90	ENTRY_BEGIN

73	101	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
74	102	SECTION ADDITIONAL
75	103	ns.example.com. IN A 1.2.3.4
76		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	104	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
77	105	ENTRY_END
78	106
79	107	ENTRY_BEGIN

84	112	www.example.com. IN A
85	113	SECTION ANSWER
86	114	www.example.com. IN A 10.20.30.40
87		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
	115	www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AD8qRJvXxOtmSuy8Ogyo0roA294qOtNT2E1m05kSU0jbxN4qLYn0OmU= ;{id = 2854}
88	116	SECTION AUTHORITY
89	117	example.com. IN NS ns.example.com.
90	118	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
91	119	SECTION ADDITIONAL
92	120	ns.example.com. IN A 1.2.3.4
93		www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
	121	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
94	122	ENTRY_END
95	123	RANGE_END
96	124

133	161	bla.example.com. IN A
134	162	SECTION ANSWER
135	163	SECTION AUTHORITY
136		example.com. IN NS ns.example.com.
	164	example.com. IN NS ns.example.com.
137	165	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
138	166	SECTION ADDITIONAL
139	167	ns.example.com. IN A 1.2.3.4

+90

-10

testdata/val_referglue.rpl less more

3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
5	5	directory: ""
	6	access-control: 127.0.0.1 allow_snoop
	7	target-fetch-policy: "0 0 0 0 0"
6	8
7	9	stub-zone:
8	10	name: "."

47	49	ADJUST copy_id
48	50	REPLY QR NOERROR
49	51	SECTION QUESTION
	52	com. IN NS
	53	SECTION ANSWER
	54	com. IN NS a.gtld-servers.net.
	55	SECTION ADDITIONAL
	56	a.gtld-servers.net. IN A 192.5.6.30
	57	ENTRY_END
	58
	59	ENTRY_BEGIN
	60	MATCH opcode qtype qname
	61	ADJUST copy_id
	62	REPLY QR NOERROR
	63	SECTION QUESTION
50	64	www.example.com. IN A
51	65	SECTION AUTHORITY
52	66	example.com. IN NS ns.example.com.

58	72	; ns.example.com.
59	73	RANGE_BEGIN 0 100
60	74	ADDRESS 1.2.3.4
	75	ENTRY_BEGIN
	76	MATCH opcode qtype qname
	77	ADJUST copy_id
	78	REPLY QR NOERROR
	79	SECTION QUESTION
	80	example.com. IN NS
	81	SECTION ANSWER
	82	example.com. IN NS ns.example.com.
	83	example.com. IN NS ns2.sub.example.com.
	84	example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
	85	SECTION ADDITIONAL
	86	ns.example.com. IN A 1.2.3.4
	87	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
	88	ns2.sub.example.com. IN A 100.200.30.40
	89	ENTRY_END
	90
	91	; referral, for all types
	92	ENTRY_BEGIN
	93	MATCH opcode qname
	94	ADJUST copy_id
	95	REPLY QR NOERROR
	96	SECTION QUESTION
	97	ns2.sub.example.com. IN A
	98	SECTION AUTHORITY
	99	sub.example.com. IN NS ns2.sub.example.com.
	100	sub.example.com. IN NSEC tlib.example.com. NS RRSIG NSEC
	101	sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABdrfr+eKT1syk2qFlV01wLOqQdvNMpEtPmGAM6CrtyQAje/ddXSi9A= ;{id = 2854}
	102	ns2.sub.example.com. IN A 100.200.30.40
	103	ENTRY_END
61	104
62	105	; response to DNSKEY priming query
63	106	ENTRY_BEGIN

71	114	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
72	115	SECTION AUTHORITY
73	116	example.com. IN NS ns.example.com.
74		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
75		SECTION ADDITIONAL
76		ns.example.com. IN A 1.2.3.4
77		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	117	example.com. IN NS ns2.sub.example.com.
	118	example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
	119	SECTION ADDITIONAL
	120	ns.example.com. IN A 1.2.3.4
	121	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
	122	ns2.sub.example.com. IN A 100.200.30.40
78	123	ENTRY_END
79	124
80	125	ENTRY_BEGIN

112	157	; ns2.sub.example.com.
113	158	RANGE_BEGIN 0 100
114	159	ADDRESS 100.200.30.40
	160	ENTRY_BEGIN
	161	MATCH opcode qtype qname
	162	ADJUST copy_id
	163	REPLY QR NOERROR
	164	SECTION QUESTION
	165	example.com. IN NS
	166	SECTION ANSWER
	167	example.com. IN NS ns.example.com.
	168	example.com. IN NS ns2.sub.example.com.
	169	example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
	170	SECTION ADDITIONAL
	171	ns.example.com. IN A 1.2.3.4
	172	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
	173	ENTRY_END
115	174
116	175	; response to DNSKEY priming query
117	176	ENTRY_BEGIN

125	184	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
126	185	SECTION AUTHORITY
127	186	example.com. IN NS ns.example.com.
128		example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
129		SECTION ADDITIONAL
130		ns.example.com. IN A 1.2.3.4
131		ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	187	example.com. IN NS ns2.sub.example.com.
	188	example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
	189	SECTION ADDITIONAL
	190	ns.example.com. IN A 1.2.3.4
	191	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
132	192	ENTRY_END
133	193
134	194	ENTRY_BEGIN

161	221	sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC
162	222	sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854}
163	223	ENTRY_END
	224
	225	ENTRY_BEGIN
	226	MATCH opcode qname qtype
	227	ADJUST copy_id
	228	REPLY QR NOERROR
	229	SECTION QUESTION
	230	ns2.sub.example.com. IN A
	231	SECTION ANSWER
	232	ns2.sub.example.com. IN A 100.200.30.40
	233	ENTRY_END
	234
	235	ENTRY_BEGIN
	236	MATCH opcode qname qtype
	237	ADJUST copy_id
	238	REPLY QR NOERROR
	239	SECTION QUESTION
	240	ns2.sub.example.com. IN AAAA
	241	SECTION ANSWER
	242	ENTRY_END
	243
164	244	RANGE_END
165	245
166	246

205	285	bla.example.com. IN A
206	286	SECTION ANSWER
207	287	SECTION AUTHORITY
208		example.com. IN NS ns.example.com.
209		example.com. IN NS ns2.sub.example.com.
	288	example.com. 3600 IN NS ns.example.com.
	289	example.com. 3600 IN NS ns2.sub.example.com.
210	290	example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
211	291	SECTION ADDITIONAL
212	292	ns.example.com. IN A 1.2.3.4

+39

-0

testdata/val_secds.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.sub.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

112	138	; ns.sub.example.com.
113	139	RANGE_BEGIN 0 100
114	140	ADDRESS 1.2.3.6
	141	ENTRY_BEGIN
	142	MATCH opcode qtype qname
	143	ADJUST copy_id
	144	REPLY QR NOERROR
	145	SECTION QUESTION
	146	sub.example.com. IN NS
	147	SECTION ANSWER
	148	sub.example.com. IN NS ns.sub.example.com.
	149	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	150	SECTION ADDITIONAL
	151	ns.sub.example.com. IN A 1.2.3.6
	152	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	153	ENTRY_END
115	154
116	155	; response to DNSKEY priming query
117	156	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3

+73

-0

testdata/val_unsec_cname.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	a.b.sub.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

141	167	; ns.sub.example.com.
142	168	RANGE_BEGIN 0 100
143	169	ADDRESS 1.2.3.6
	170	ENTRY_BEGIN
	171	MATCH opcode qtype qname
	172	ADJUST copy_id
	173	REPLY QR NOERROR
	174	SECTION QUESTION
	175	sub.example.com. IN NS
	176	SECTION ANSWER
	177	sub.example.com. IN NS ns.sub.example.com.
	178	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
	179	SECTION ADDITIONAL
	180	ns.sub.example.com. IN A 1.2.3.6
	181	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
	182	ENTRY_END
144	183
145	184	; response to DNSKEY priming query
146	185	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3

194	233	; server ns.b.sub.example.com.
195	234	RANGE_BEGIN 0 100
196	235	ADDRESS 1.2.3.7
	236	ENTRY_BEGIN
	237	MATCH opcode qtype qname
	238	ADJUST copy_id
	239	REPLY QR AA NOERROR
	240	SECTION QUESTION
	241	b.sub.example.com. IN NS
	242	SECTION ANSWER
	243	b.sub.example.com. IN NS ns.b.sub.example.com.
	244	SECTION ADDITIONAL
	245	ns.b.sub.example.com. IN A 1.2.3.7
	246	ENTRY_END
197	247
198	248	ENTRY_BEGIN
199	249	; query of interest, give a cname to another unsecure zone.

210	260	; server ns.c.example.com.
211	261	RANGE_BEGIN 0 100
212	262	ADDRESS 1.2.3.8
	263	ENTRY_BEGIN
	264	MATCH opcode qtype qname
	265	ADJUST copy_id
	266	REPLY QR AA NOERROR
	267	SECTION QUESTION
	268	c.sub.example.com. IN NS
	269	SECTION ANSWER
	270	c.sub.example.com. IN NS ns.c.sub.example.com.
	271	SECTION ADDITIONAL
	272	ns.c.sub.example.com. IN A 1.2.3.8
	273	ENTRY_END
	274
	275	ENTRY_BEGIN
	276	MATCH opcode qtype qname
	277	ADJUST copy_id
	278	REPLY QR NOERROR
	279	SECTION QUESTION
	280	c.example.com. IN NS
	281	SECTION ANSWER
	282	c.example.com. IN NS ns.c.example.com.
	283	SECTION ADDITIONAL
	284	ns.c.example.com. IN A 1.2.3.8
	285	ENTRY_END
213	286
214	287	ENTRY_BEGIN
215	288	MATCH opcode qtype qname

+37

-0

testdata/val_unsecds.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	www.sub.example.com. IN A
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

115	141	; ns.sub.example.com.
116	142	RANGE_BEGIN 0 100
117	143	ADDRESS 1.2.3.6
	144	ENTRY_BEGIN
	145	MATCH opcode qtype qname
	146	ADJUST copy_id
	147	REPLY QR NOERROR
	148	SECTION QUESTION
	149	sub.example.com. IN NS
	150	SECTION ANSWER
	151	sub.example.com. IN NS ns.sub.example.com.
	152	SECTION ADDITIONAL
	153	ns.sub.example.com. IN A 1.2.3.6
	154	ENTRY_END
118	155
119	156	; response to query of interest
120	157	ENTRY_BEGIN

+192

-0

testdata/val_unsecds_negcache.rpl less more

	0	; config options
	1	; The island of trust is at example.com
	2	server:
	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator with insecure delegation and DS negative cache
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode qtype qname
	31	ADJUST copy_id
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	www.sub.example.com. IN A
	35	SECTION AUTHORITY
	36	com. IN NS a.gtld-servers.net.
	37	SECTION ADDITIONAL
	38	a.gtld-servers.net. IN A 192.5.6.30
	39	ENTRY_END
	40	RANGE_END
	41
	42	; a.gtld-servers.net.
	43	RANGE_BEGIN 0 100
	44	ADDRESS 192.5.6.30
	45	ENTRY_BEGIN
	46	MATCH opcode qtype qname
	47	ADJUST copy_id
	48	REPLY QR NOERROR
	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
	62	www.sub.example.com. IN A
	63	SECTION AUTHORITY
	64	example.com. IN NS ns.example.com.
	65	SECTION ADDITIONAL
	66	ns.example.com. IN A 1.2.3.4
	67	ENTRY_END
	68	RANGE_END
	69
	70	; ns.example.com.
	71	RANGE_BEGIN 0 100
	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
	86
	87	; response to DNSKEY priming query
	88	ENTRY_BEGIN
	89	MATCH opcode qtype qname
	90	ADJUST copy_id
	91	REPLY QR NOERROR
	92	SECTION QUESTION
	93	example.com. IN DNSKEY
	94	SECTION ANSWER
	95	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
	96	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
	97	SECTION AUTHORITY
	98	example.com. IN NS ns.example.com.
	99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	100	SECTION ADDITIONAL
	101	ns.example.com. IN A 1.2.3.4
	102	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	103	ENTRY_END
	104
	105	; response for delegation to sub.example.com.
	106	ENTRY_BEGIN
	107	MATCH opcode qtype qname
	108	ADJUST copy_id
	109	REPLY QR NOERROR
	110	SECTION QUESTION
	111	www.sub.example.com. IN A
	112	SECTION ANSWER
	113	SECTION AUTHORITY
	114	sub.example.com. IN NS ns.sub.example.com.
	115	sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC
	116	sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
	117	SECTION ADDITIONAL
	118	ns.sub.example.com. IN A 1.2.3.6
	119	ENTRY_END
	120
	121	; query for missing DS record.
	122	; get it from the negative cache instead!
	123	;ENTRY_BEGIN
	124	;MATCH opcode qtype qname
	125	;ADJUST copy_id
	126	;REPLY QR NOERROR
	127	;SECTION QUESTION
	128	;sub.example.com. IN DS
	129	;SECTION ANSWER
	130	;SECTION AUTHORITY
	131	;example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
	132	;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
	133	;sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC
	134	;sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
	135	;SECTION ADDITIONAL
	136	;ns.sub.example.com. IN A 1.2.3.6
	137	;ENTRY_END
	138
	139
	140	RANGE_END
	141
	142	; ns.sub.example.com.
	143	RANGE_BEGIN 0 100
	144	ADDRESS 1.2.3.6
	145	ENTRY_BEGIN
	146	MATCH opcode qtype qname
	147	ADJUST copy_id
	148	REPLY QR NOERROR
	149	SECTION QUESTION
	150	sub.example.com. IN NS
	151	SECTION ANSWER
	152	sub.example.com. IN NS ns.sub.example.com.
	153	SECTION ADDITIONAL
	154	ns.sub.example.com. IN A 1.2.3.6
	155	ENTRY_END
	156
	157	; response to query of interest
	158	ENTRY_BEGIN
	159	MATCH opcode qtype qname
	160	ADJUST copy_id
	161	REPLY QR NOERROR
	162	SECTION QUESTION
	163	www.sub.example.com. IN A
	164	SECTION ANSWER
	165	www.sub.example.com. IN A 11.11.11.11
	166	SECTION AUTHORITY
	167	SECTION ADDITIONAL
	168	ENTRY_END
	169	RANGE_END
	170
	171	STEP 1 QUERY
	172	ENTRY_BEGIN
	173	REPLY RD DO
	174	SECTION QUESTION
	175	www.sub.example.com. IN A
	176	ENTRY_END
	177
	178	; recursion happens here.
	179	STEP 10 CHECK_ANSWER
	180	ENTRY_BEGIN
	181	MATCH all
	182	REPLY QR RD RA NOERROR
	183	SECTION QUESTION
	184	www.sub.example.com. IN A
	185	SECTION ANSWER
	186	www.sub.example.com. 3600 IN A 11.11.11.11
	187	SECTION AUTHORITY
	188	SECTION ADDITIONAL
	189	ENTRY_END
	190
	191	SCENARIO_END

+37

-0

testdata/val_unsecds_qtypeds.rpl less more

2	2	server:
3	3	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	4	val-override-date: "20070916134226"
	5	target-fetch-policy: "0 0 0 0 0"
5	6
6	7	stub-zone:
7	8	name: "."

46	47	ADJUST copy_id
47	48	REPLY QR NOERROR
48	49	SECTION QUESTION
	50	com. IN NS
	51	SECTION ANSWER
	52	com. IN NS a.gtld-servers.net.
	53	SECTION ADDITIONAL
	54	a.gtld-servers.net. IN A 192.5.6.30
	55	ENTRY_END
	56
	57	ENTRY_BEGIN
	58	MATCH opcode qtype qname
	59	ADJUST copy_id
	60	REPLY QR NOERROR
	61	SECTION QUESTION
49	62	sub.example.com. IN DS
50	63	SECTION AUTHORITY
51	64	example.com. IN NS ns.example.com.

57	70	; ns.example.com.
58	71	RANGE_BEGIN 0 100
59	72	ADDRESS 1.2.3.4
	73	ENTRY_BEGIN
	74	MATCH opcode qtype qname
	75	ADJUST copy_id
	76	REPLY QR NOERROR
	77	SECTION QUESTION
	78	example.com. IN NS
	79	SECTION ANSWER
	80	example.com. IN NS ns.example.com.
	81	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
	82	SECTION ADDITIONAL
	83	ns.example.com. IN A 1.2.3.4
	84	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
	85	ENTRY_END
60	86
61	87	; response to DNSKEY priming query
62	88	ENTRY_BEGIN

115	141	; ns.sub.example.com.
116	142	RANGE_BEGIN 0 100
117	143	ADDRESS 1.2.3.6
	144	ENTRY_BEGIN
	145	MATCH opcode qtype qname
	146	ADJUST copy_id copy_query
	147	REPLY QR NOERROR
	148	SECTION QUESTION
	149	sub.example.com. IN NS
	150	SECTION ANSWER
	151	sub.example.com. IN NS ns.sub.example.com.
	152	SECTION ADDITIONAL
	153	ns.sub.example.com. IN A 1.2.3.6
	154	ENTRY_END
118	155
119	156	; response to query of interest
120	157	ENTRY_BEGIN

+8

-4

testdata/version_bind_hide.rpl less more

10	10	; version.bind.
11	11	STEP 1 QUERY
12	12	ENTRY_BEGIN
	13	REPLY RD
13	14	SECTION QUESTION
14	15	version.bind. CH TXT
15	16	ENTRY_END
16	17	STEP 2 CHECK_ANSWER
17	18	ENTRY_BEGIN
18	19	MATCH all
19		REPLY QR RA REFUSED
	20	REPLY QR RD RA REFUSED
20	21	SECTION QUESTION
21	22	version.bind. CH TXT
22	23	ENTRY_END

24	25	; version.server.
25	26	STEP 3 QUERY
26	27	ENTRY_BEGIN
	28	REPLY RD
27	29	SECTION QUESTION
28	30	version.server. CH TXT
29	31	ENTRY_END
30	32	STEP 4 CHECK_ANSWER
31	33	ENTRY_BEGIN
32	34	MATCH all
33		REPLY QR RA REFUSED
	35	REPLY QR RD RA REFUSED
34	36	SECTION QUESTION
35	37	version.server. CH TXT
36	38	ENTRY_END

38	40	; hostname.bind.
39	41	STEP 5 QUERY
40	42	ENTRY_BEGIN
	43	REPLY RD
41	44	SECTION QUESTION
42	45	hostname.bind. CH TXT
43	46	ENTRY_END
44	47	STEP 6 CHECK_ANSWER
45	48	ENTRY_BEGIN
46	49	MATCH all
47		REPLY QR RA REFUSED
	50	REPLY QR RD RA REFUSED
48	51	SECTION QUESTION
49	52	hostname.bind. CH TXT
50	53	ENTRY_END

52	55	; id.server.
53	56	STEP 7 QUERY
54	57	ENTRY_BEGIN
	58	REPLY RD
55	59	SECTION QUESTION
56	60	id.server. CH TXT
57	61	ENTRY_END
58	62	STEP 8 CHECK_ANSWER
59	63	ENTRY_BEGIN
60	64	MATCH all
61		REPLY QR RA REFUSED
	65	REPLY QR RD RA REFUSED
62	66	SECTION QUESTION
63	67	id.server. CH TXT
64	68	ENTRY_END

+1

-1

util/alloc.c less more

168	168	uint64_t id = alloc->next_id++;
169	169	if(id == alloc->last_id) {
170	170	log_warn("rrset alloc: out of 64bit ids. Clearing cache.");
171		fptr_whitelist_alloc_cleanup(alloc->cleanup);
	171	fptr_ok(fptr_whitelist_alloc_cleanup(alloc->cleanup));
172	172	(*alloc->cleanup)(alloc->cleanup_arg);
173	173
174	174	/* start back at first number / / like in alloc_init*/

+281

-9

util/config_file.c less more

74	74	cfg->verbosity = 1;
75	75	cfg->stat_interval = 0;
76	76	cfg->stat_cumulative = 0;
	77	cfg->stat_extended = 0;
77	78	cfg->num_threads = 1;
78	79	cfg->port = UNBOUND_DNS_PORT;
79	80	cfg->do_ip4 = 1;

92	93	cfg->msg_cache_size = 4 * 1024 * 1024;
93	94	cfg->msg_cache_slabs = 4;
94	95	cfg->num_queries_per_thread = 1024;
	96	cfg->jostle_time = 200;
95	97	cfg->rrset_cache_size = 4 * 1024 * 1024;
96	98	cfg->rrset_cache_slabs = 4;
97	99	cfg->host_ttl = 900;
98	100	cfg->lame_ttl = 900;
99		cfg->bogus_ttl = 900;
	101	cfg->bogus_ttl = 60;
100	102	cfg->max_ttl = 3600 * 24;
101	103	cfg->infra_cache_slabs = 4;
102	104	cfg->infra_cache_numhosts = 10000;

128	130	cfg->harden_large_queries = 0;
129	131	cfg->harden_glue = 1;
130	132	cfg->harden_dnssec_stripped = 1;
	133	cfg->harden_referral_path = 0;
131	134	cfg->use_caps_bits_for_id = 0;
	135	cfg->private_address = NULL;
	136	cfg->private_domain = NULL;
	137	cfg->unwanted_threshold = 0;
132	138	cfg->hide_identity = 0;
133	139	cfg->hide_version = 0;
134	140	cfg->identity = NULL;

136	142	cfg->trust_anchor_file_list = NULL;
137	143	cfg->trust_anchor_list = NULL;
138	144	cfg->trusted_keys_file_list = NULL;
	145	cfg->dlv_anchor_file = NULL;
	146	cfg->dlv_anchor_list = NULL;
139	147	cfg->val_date_override = 0;
140	148	cfg->val_clean_additional = 1;
141	149	cfg->val_permissive_mode = 0;
142	150	cfg->key_cache_size = 4 * 1024 * 1024;
143	151	cfg->key_cache_slabs = 4;
	152	cfg->neg_cache_size = 1 * 1024 * 1024;
144	153	cfg->local_zones = NULL;
145	154	cfg->local_zones_nodefault = NULL;
146	155	cfg->local_data = NULL;
	156
	157	cfg->remote_control_enable = 0;
	158	cfg->control_ifs = NULL;
	159	cfg->control_port = 953;
	160	if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key")))
	161	goto error_exit;
	162	if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem")))
	163	goto error_exit;
	164	if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key")))
	165	goto error_exit;
	166	if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem")))
	167	goto error_exit;
	168
147	169	if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
148	170	if(!(cfg->val_nsec3_key_iterations =
149	171	strdup("1024 150 2048 500 4096 2500"))) goto error_exit;

172	194	cfg->use_syslog = 0;
173	195	cfg->key_cache_size = 1024*1024;
174	196	cfg->key_cache_slabs = 1;
	197	cfg->neg_cache_size = 100 * 1024;
175	198	cfg->donotquery_localhost = 0; /* allow, so that you can ask a
176	199	forward nameserver running on localhost */
177	200	return cfg;

205	228	} else if(strcmp(opt, "num_threads:") == 0) {
206	229	/* not supported, library must have 1 thread in bgworker */
207	230	return 0;
	231	} else if(strcmp(opt, "extended-statistics:") == 0) {
	232	IS_YES_OR_NO;
	233	cfg->stat_extended = (strcmp(val, "yes") == 0);
208	234	} else if(strcmp(opt, "do-ip4:") == 0) {
209	235	IS_YES_OR_NO;
210	236	cfg->do_ip4 = (strcmp(val, "yes") == 0);

243	269	} else if(strcmp(opt, "num-queries-per-thread:") == 0) {
244	270	IS_NONZERO_NUMBER;
245	271	cfg->num_queries_per_thread = (size_t)atoi(val);
	272	} else if(strcmp(opt, "jostle-timeout:") == 0) {
	273	IS_NUMBER_OR_ZERO;
	274	cfg->jostle_time = (size_t)atoi(val);
246	275	} else if(strcmp(opt, "rrset-cache-size:") == 0) {
247	276	return cfg_parse_memsize(val, &cfg->rrset_cache_size);
248	277	} else if(strcmp(opt, "rrset-cache-slabs:") == 0) {

289	318	} else if(strcmp(opt, "harden-dnssec-stripped:") == 0) {
290	319	IS_YES_OR_NO;
291	320	cfg->harden_dnssec_stripped = (strcmp(val, "yes") == 0);
	321	} else if(strcmp(opt, "harden-referral-path:") == 0) {
	322	IS_YES_OR_NO;
	323	cfg->harden_referral_path = (strcmp(val, "yes") == 0);
	324	} else if(strcmp(opt, "private-address:") == 0) {
	325	return cfg_strlist_insert(&cfg->private_address, strdup(val));
	326	} else if(strcmp(opt, "private-domain:") == 0) {
	327	return cfg_strlist_insert(&cfg->private_domain, strdup(val));
	328	} else if(strcmp(opt, "unwanted-reply-threshold:") == 0) {
	329	IS_NUMBER_OR_ZERO;
	330	cfg->unwanted_threshold = (size_t)atoi(val);
292	331	} else if(strcmp(opt, "do-not-query-localhost:") == 0) {
293	332	IS_YES_OR_NO;
294	333	cfg->donotquery_localhost = (strcmp(val, "yes") == 0);

302	341	strdup(val));
303	342	} else if(strcmp(opt, "trusted-keys-file:") == 0) {
304	343	return cfg_strlist_insert(&cfg->trusted_keys_file_list,
	344	strdup(val));
	345	} else if(strcmp(opt, "dlv-anchor-file:") == 0) {
	346	free(cfg->dlv_anchor_file);
	347	return (cfg->dlv_anchor_file = strdup(val)) != NULL;
	348	} else if(strcmp(opt, "dlv-anchor:") == 0) {
	349	return cfg_strlist_insert(&cfg->dlv_anchor_list,
305	350	strdup(val));
306	351	} else if(strcmp(opt, "val-override-date:") == 0) {
307	352	if(strcmp(val, "") == 0 \|\| strcmp(val, "0") == 0) {

330	375	} else if(strcmp(opt, "key-cache-slabs:") == 0) {
331	376	IS_POW2_NUMBER;
332	377	cfg->key_cache_slabs = (size_t)atoi(val);
	378	} else if(strcmp(opt, "neg-cache-size:") == 0) {
	379	return cfg_parse_memsize(val, &cfg->neg_cache_size);
333	380	} else if(strcmp(opt, "local-data:") == 0) {
334	381	return cfg_strlist_insert(&cfg->local_data, strdup(val));
	382	} else if(strcmp(opt, "control-enable:") == 0) {
	383	IS_YES_OR_NO;
	384	cfg->remote_control_enable = (strcmp(val, "yes") == 0);
	385	} else if(strcmp(opt, "control-interface:") == 0) {
	386	return cfg_strlist_insert(&cfg->control_ifs, strdup(val));
	387	} else if(strcmp(opt, "control-port:") == 0) {
	388	IS_NONZERO_NUMBER;
	389	cfg->control_port = atoi(val);
	390	} else if(strcmp(opt, "server-key-file:") == 0) {
	391	free(cfg->server_key_file);
	392	return (cfg->server_key_file = strdup(val)) != NULL;
	393	} else if(strcmp(opt, "server-cert-file:") == 0) {
	394	free(cfg->server_cert_file);
	395	return (cfg->server_cert_file = strdup(val)) != NULL;
	396	} else if(strcmp(opt, "control-key-file:") == 0) {
	397	free(cfg->control_key_file);
	398	return (cfg->control_key_file = strdup(val)) != NULL;
	399	} else if(strcmp(opt, "control-cert-file:") == 0) {
	400	free(cfg->control_cert_file);
	401	return (cfg->control_cert_file = strdup(val)) != NULL;
335	402	} else if(strcmp(opt, "module-config:") == 0) {
336	403	free(cfg->module_conf);
337	404	return (cfg->module_conf = strdup(val)) != NULL;

344	411
345	412	/** initialize the global cfg_parser object */
346	413	static void
347		create_cfg_parser(struct config_file* cfg, char* filename)
	414	create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot)
348	415	{
349	416	static struct config_parser_state st;
350	417	cfg_parser = &st;

352	419	cfg_parser->line = 1;
353	420	cfg_parser->errors = 0;
354	421	cfg_parser->cfg = cfg;
	422	cfg_parser->chroot = chroot;
355	423	}
356	424
357	425	int
358		config_read(struct config_file* cfg, char* filename)
	426	config_read(struct config_file* cfg, const char* filename, const char* chroot)
359	427	{
360	428	FILE *in;
361		if(!filename)
	429	char fname = (char)filename;
	430	if(!fname)
362	431	return 1;
363		in = fopen(filename, "r");
	432	in = fopen(fname, "r");
364	433	if(!in) {
365		log_err("Could not open %s: %s", filename, strerror(errno));
366		return 0;
367		}
368		create_cfg_parser(cfg, filename);
	434	log_err("Could not open %s: %s", fname, strerror(errno));
	435	return 0;
	436	}
	437	create_cfg_parser(cfg, fname, chroot);
369	438	ub_c_in = in;
370	439	ub_c_parse();
371	440	fclose(in);

448	517	free(cfg->version);
449	518	free(cfg->module_conf);
450	519	free(cfg->outgoing_avail_ports);
	520	config_delstrlist(cfg->private_address);
	521	config_delstrlist(cfg->private_domain);
451	522	config_delstrlist(cfg->trust_anchor_file_list);
452	523	config_delstrlist(cfg->trusted_keys_file_list);
453	524	config_delstrlist(cfg->trust_anchor_list);
	525	free(cfg->dlv_anchor_file);
	526	config_delstrlist(cfg->dlv_anchor_list);
454	527	config_deldblstrlist(cfg->acls);
455	528	free(cfg->val_nsec3_key_iterations);
456	529	config_deldblstrlist(cfg->local_zones);
457	530	config_delstrlist(cfg->local_zones_nodefault);
458	531	config_delstrlist(cfg->local_data);
	532	config_delstrlist(cfg->control_ifs);
	533	free(cfg->server_key_file);
	534	free(cfg->server_cert_file);
	535	free(cfg->control_key_file);
	536	free(cfg->control_cert_file);
459	537	free(cfg);
460	538	}
461	539

728	806	MAX_TTL = (uint32_t)config->max_ttl;
729	807	}
730	808
	809	/**
	810	* Calculate string length of full pathname in original filesys
	811	* @param fname: the path name to convert.
	812	* Must not be null or empty.
	813	* @param cfg: config struct for chroot and chdir (if set).
	814	* @param use_chdir: if false, only chroot is applied.
	815	* @return length of string.
	816	* remember to allocate one more for 0 at end in mallocs.
	817	*/
	818	static size_t
	819	strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir)
	820	{
	821	size_t len = 0;
	822	int slashit = 0;
	823	if(cfg->chrootdir && cfg->chrootdir[0] &&
	824	strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) {
	825	/* already full pathname, return it */
	826	return strlen(fname);
	827	}
	828	/* chroot */
	829	if(cfg->chrootdir && cfg->chrootdir[0]) {
	830	/* start with chrootdir */
	831	len += strlen(cfg->chrootdir);
	832	slashit = 1;
	833	}
	834	/* chdir */
	835	if(fname[0] == '/' \|\| !use_chdir) {
	836	/* full path, no chdir */
	837	} else if(cfg->directory && cfg->directory[0]) {
	838	/* prepend chdir */
	839	if(slashit && cfg->directory[0] != '/')
	840	len++;
	841	if(cfg->chrootdir && cfg->chrootdir[0] &&
	842	strncmp(cfg->chrootdir, cfg->directory,
	843	strlen(cfg->chrootdir)) == 0)
	844	len += strlen(cfg->directory)-strlen(cfg->chrootdir);
	845	else len += strlen(cfg->directory);
	846	slashit = 1;
	847	}
	848	/* fname */
	849	if(slashit && fname[0] != '/')
	850	len++;
	851	len += strlen(fname);
	852	return len;
	853	}
	854
	855	char*
	856	fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir)
	857	{
	858	size_t len = strlen_after_chroot(fname, cfg, use_chdir);
	859	int slashit = 0;
	860	char* buf = (char*)malloc(len+1);
	861	if(!buf)
	862	return NULL;
	863	buf[0] = 0;
	864	/* is fname already in chroot ? */
	865	if(cfg->chrootdir && cfg->chrootdir[0] &&
	866	strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) {
	867	/* already full pathname, return it */
	868	strncpy(buf, fname, len);
	869	buf[len] = 0;
	870	return buf;
	871	}
	872	/* chroot */
	873	if(cfg->chrootdir && cfg->chrootdir[0]) {
	874	/* start with chrootdir */
	875	strncpy(buf, cfg->chrootdir, len);
	876	slashit = 1;
	877	}
	878	/* chdir */
	879	if(fname[0] == '/' \|\| !use_chdir) {
	880	/* full path, no chdir */
	881	} else if(cfg->directory && cfg->directory[0]) {
	882	/* prepend chdir */
	883	if(slashit && cfg->directory[0] != '/')
	884	strncat(buf, "/", len-strlen(buf));
	885	/* is the directory already in the chroot? */
	886	if(cfg->chrootdir && cfg->chrootdir[0] &&
	887	strncmp(cfg->chrootdir, cfg->directory,
	888	strlen(cfg->chrootdir)) == 0)
	889	strncat(buf, cfg->directory+strlen(cfg->chrootdir),
	890	len-strlen(buf));
	891	else strncat(buf, cfg->directory, len-strlen(buf));
	892	slashit = 1;
	893	}
	894	/* fname */
	895	if(slashit && fname[0] != '/')
	896	strncat(buf, "/", len-strlen(buf));
	897	strncat(buf, fname, len-strlen(buf));
	898	buf[len] = 0;
	899	return buf;
	900	}
	901
	902	/** return next space character in string */
	903	static char* next_space_pos(char* str)
	904	{
	905	char* sp = strchr(str, ' ');
	906	char* tab = strchr(str, '\t');
	907	if(!tab && !sp)
	908	return NULL;
	909	if(!sp) return tab;
	910	if(!tab) return sp;
	911	return (sp<tab)?sp:tab;
	912	}
	913
	914	/** return last space character in string */
	915	static char* last_space_pos(char* str)
	916	{
	917	char* sp = strrchr(str, ' ');
	918	char* tab = strrchr(str, '\t');
	919	if(!tab && !sp)
	920	return NULL;
	921	if(!sp) return tab;
	922	if(!tab) return sp;
	923	return (sp>tab)?sp:tab;
	924	}
	925
	926	char* cfg_ptr_reverse(char* str)
	927	{
	928	char* ip, *ip_end;
	929	char* name;
	930	char* result;
	931	char buf[1024];
	932	struct sockaddr_storage addr;
	933	socklen_t addrlen;
	934
	935	/* parse it as: [IP] [between stuff] [name] */
	936	ip = str;
	937	while(ip && isspace(ip))
	938	ip++;
	939	if(!*ip) {
	940	log_err("syntax error: too short: %s", str);
	941	return NULL;
	942	}
	943	ip_end = next_space_pos(ip);
	944	if(!ip_end \|\| !*ip_end) {
	945	log_err("syntax error: expected name: %s", str);
	946	return NULL;
	947	}
	948
	949	name = last_space_pos(ip_end);
	950	if(!name \|\| !*name) {
	951	log_err("syntax error: expected name: %s", str);
	952	return NULL;
	953	}
	954
	955	sscanf(ip, "%100s", buf);
	956	buf[sizeof(buf)-1]=0;
	957
	958	if(!ipstrtoaddr(buf, UNBOUND_DNS_PORT, &addr, &addrlen)) {
	959	log_err("syntax error: cannot parse address: %s", str);
	960	return NULL;
	961	}
	962
	963	/* reverse IPv4:
	964	* ddd.ddd.ddd.ddd.in-addr-arpa.
	965	* IPv6: (h.){32}.ip6.arpa. */
	966
	967	if(addr_is_ip6(&addr, addrlen)) {
	968	struct in6_addr* ad = &((struct sockaddr_in6*)&addr)->sin6_addr;
	969	const char* hex = "0123456789abcdef";
	970	char *p = buf;
	971	int i;
	972	for(i=15; i>=0; i--) {
	973	uint8_t b = ((uint8_t*)ad)[i];
	974	*p++ = hex[ (b&0x0f) ];
	975	*p++ = '.';
	976	*p++ = hex[ (b&0xf0) >> 4 ];
	977	*p++ = '.';
	978	}
	979	snprintf(buf+164, sizeof(buf)-164, "ip6.arpa. ");
	980	} else {
	981	struct in_addr* ad = &((struct sockaddr_in*)&addr)->sin_addr;
	982	snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa. ",
	983	(unsigned)((uint8_t)ad)[3], (unsigned)((uint8_t)ad)[2],
	984	(unsigned)((uint8_t)ad)[1], (unsigned)((uint8_t)ad)[0]);
	985	}
	986
	987	/* printed the reverse address, now the between goop and name on end */
	988	while(ip_end && isspace(ip_end))
	989	ip_end++;
	990	if(name>ip_end) {
	991	snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%.*s",
	992	(int)(name-ip_end), ip_end);
	993	}
	994	snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), " PTR %s", name);
	995
	996	result = strdup(buf);
	997	if(!result) {
	998	log_err("out of memory parsing %s", str);
	999	return NULL;
	1000	}
	1001	return result;
	1002	}

+59

-1

util/config_file.h less more

56	56	int stat_interval;
57	57	/** if false, statistics values are reset after printing them */
58	58	int stat_cumulative;
	59	/** if true, the statistics are kept in greater detail */
	60	int stat_extended;
59	61
60	62	/** number of threads to create */
61	63	int num_threads;

88	90	size_t msg_cache_slabs;
89	91	/** number of queries every thread can service */
90	92	size_t num_queries_per_thread;
	93	/** number of msec to wait before items can be jostled out */
	94	size_t jostle_time;
91	95	/** size of the rrset cache */
92	96	size_t rrset_cache_size;
93	97	/** slabs in the rrset cache */

142	146	int harden_glue;
143	147	/** harden against receiving no DNSSEC data for trust anchor */
144	148	int harden_dnssec_stripped;
	149	/** harden the referral path, query for NS,A,AAAA and validate */
	150	int harden_referral_path;
145	151	/** use 0x20 bits in query as random ID bits */
146	152	int use_caps_bits_for_id;
	153	/** strip away these private addrs from answers, no DNS Rebinding */
	154	struct config_strlist* private_address;
	155	/** allow domain (and subdomains) to use private address space */
	156	struct config_strlist* private_domain;
	157	/** what threshold for unwanted action. */
	158	size_t unwanted_threshold;
147	159
148	160	/** chrootdir, if not "" or chroot will be done */
149	161	char* chrootdir;

177	189	struct config_strlist* trust_anchor_list;
178	190	/** files with trusted DNSKEYs in named.conf format, list */
179	191	struct config_strlist* trusted_keys_file_list;
	192	/** DLV anchor file */
	193	char* dlv_anchor_file;
	194	/** DLV anchor inline */
	195	struct config_strlist* dlv_anchor_list;
180	196
181	197	/** the number of seconds maximal TTL used for RRsets and messages */
182	198	int max_ttl;

195	211	size_t key_cache_size;
196	212	/** slabs in the key cache. */
197	213	size_t key_cache_slabs;
	214	/** size of the neg cache */
	215	size_t neg_cache_size;
198	216
199	217	/** local zones config */
200	218	struct config_str2list* local_zones;

202	220	struct config_strlist* local_zones_nodefault;
203	221	/** local data RRs configged */
204	222	struct config_strlist* local_data;
	223
	224	/** remote control section. enable toggle. */
	225	int remote_control_enable;
	226	/** the interfaces the remote control should listen on */
	227	struct config_strlist* control_ifs;
	228	/** port number for the control port */
	229	int control_port;
	230	/** private key file for server */
	231	char* server_key_file;
	232	/** certificate file for server */
	233	char* server_cert_file;
	234	/** private key file for unbound-control */
	235	char* control_key_file;
	236	/** certificate file for unbound-control */
	237	char* control_cert_file;
205	238
206	239	/** daemonize, i.e. fork into the background. */
207	240	int do_daemonize;

219	252	struct config_strlist* hosts;
220	253	/** list of stub nameserver addresses (IP address) */
221	254	struct config_strlist* addrs;
	255	/** if stub-prime is set */
	256	int isprime;
222	257	};
223	258
224	259	/**

259	294	* Read the config file from the specified filename.
260	295	* @param config: where options are stored into, must be freshly created.
261	296	* @param filename: name of configfile. If NULL nothing is done.
	297	* @param chroot: if not NULL, the chroot dir currently in use (for include).
262	298	* @return: false on error. In that case errno is set, ENOENT means
263	299	* file not found.
264	300	*/
265		int config_read(struct config_file* config, char* filename);
	301	int config_read(struct config_file* config, const char* filename,
	302	const char* chroot);
266	303
267	304	/**
268	305	* Destroy the config file structure.

378	415	* @return the number of ports available for use.
379	416	*/
380	417	int cfg_scan_ports(int* avail, int num);
	418
	419	/**
	420	* Convert a filename to full pathname in original filesys
	421	* @param fname: the path name to convert.
	422	* Must not be null or empty.
	423	* @param cfg: config struct for chroot and chdir (if set).
	424	* @param use_chdir: if false, only chroot is applied.
	425	* @return pointer to malloced buffer which is: [chroot][chdir]fname
	426	* or NULL on malloc failure.
	427	*/
	428	char* fname_after_chroot(const char* fname, struct config_file* cfg,
	429	int use_chdir);
	430
	431	/**
	432	* Convert a ptr shorthand into a full reverse-notation PTR record.
	433	* @param str: input string, "IP name"
	434	* @return: malloced string "reversed-ip-name PTR name"
	435	*/
	436	char* cfg_ptr_reverse(char* str);
381	437
382	438	/**
383	439	* Used during options parsing

391	447	int errors;
392	448	/** the result of parsing is stored here. */
393	449	struct config_file* cfg;
	450	/** the current chroot dir (or NULL if none) */
	451	const char* chroot;
394	452	};
395	453
396	454	/** global config parser object used during config parsing */

+1342

-1023

util/configlexer.c less more

360	360	*yy_cp = '\0'; \
361	361	(yy_c_buf_p) = yy_cp;
362	362
363		#define YY_NUM_RULES 92
364		#define YY_END_OF_BUFFER 93
	363	#define YY_NUM_RULES 111
	364	#define YY_END_OF_BUFFER 112
365	365	/* This struct is not used in this scanner,
366	366	but its presence is necessary. */
367	367	struct yy_trans_info

369	369	flex_int32_t yy_verify;
370	370	flex_int32_t yy_nxt;
371	371	};
372		static yyconst flex_int16_t yy_accept[807] =
	372	static yyconst flex_int16_t yy_accept[1025] =
373	373	{ 0,
374		1, 1, 76, 76, 80, 80, 84, 84, 88, 88,
375		93, 91, 1, 74, 75, 2, 79, 91, 91, 91,
376		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
377		91, 91, 91, 91, 92, 76, 77, 92, 78, 92,
378		80, 81, 82, 92, 87, 84, 85, 86, 92, 88,
379		89, 90, 92, 91, 0, 1, 2, 2, 2, 2,
380		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
381		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
382		91, 91, 91, 91, 91, 91, 91, 91, 76, 0,
383		80, 0, 87, 0, 84, 88, 0, 91, 91, 91,
384
385		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
386		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
387		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
388		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
389		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
390		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
391		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
392		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
393		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
394		91, 45, 91, 91, 91, 91, 6, 91, 91, 91,
395
396		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
397		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
398		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
399		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
400		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
401		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
402		91, 91, 91, 91, 91, 20, 91, 91, 12, 13,
403		91, 15, 14, 91, 91, 91, 91, 91, 91, 91,
404		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
405		91, 91, 91, 91, 91, 91, 91, 3, 91, 91,
406
407		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
408		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
409		91, 91, 91, 91, 91, 91, 91, 91, 83, 91,
410		91, 91, 91, 91, 91, 91, 91, 23, 91, 91,
411		91, 91, 91, 91, 24, 91, 91, 91, 91, 91,
412		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
413		91, 91, 91, 57, 91, 91, 91, 91, 91, 91,
414		91, 91, 91, 91, 91, 91, 91, 91, 56, 91,
415		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
416		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
417
418		91, 91, 91, 91, 21, 91, 91, 91, 91, 91,
419		91, 91, 91, 22, 91, 91, 91, 91, 91, 91,
420		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
421		17, 91, 91, 91, 91, 91, 91, 91, 91, 91,
422		91, 91, 91, 91, 91, 91, 46, 47, 44, 91,
423		91, 91, 91, 91, 91, 91, 91, 91, 91, 5,
424		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
425		91, 91, 91, 91, 91, 91, 91, 91, 91, 71,
426		70, 91, 91, 91, 91, 91, 91, 91, 91, 91,
427		25, 91, 91, 91, 91, 91, 91, 69, 91, 91,
428
429		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
430		91, 41, 91, 91, 91, 91, 91, 91, 91, 91,
431		91, 91, 91, 91, 91, 91, 91, 91, 4, 91,
432		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
433		91, 91, 91, 91, 91, 91, 91, 16, 91, 49,
434		50, 48, 91, 91, 91, 91, 55, 91, 91, 91,
435		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
436		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
437		61, 91, 91, 91, 91, 91, 91, 91, 91, 31,
438		91, 91, 91, 91, 91, 54, 91, 91, 91, 91,
439
440		91, 91, 91, 91, 91, 58, 91, 91, 91, 91,
441		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
442		91, 91, 63, 91, 91, 91, 91, 53, 91, 91,
443		91, 91, 91, 91, 91, 91, 91, 32, 33, 91,
444		66, 91, 91, 27, 91, 91, 91, 91, 91, 91,
445		7, 91, 91, 91, 91, 91, 91, 91, 91, 91,
446		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
447		91, 91, 91, 67, 26, 28, 91, 91, 91, 91,
448		91, 91, 91, 91, 91, 91, 91, 91, 43, 91,
449		91, 91, 91, 91, 91, 91, 91, 91, 11, 91,
450
451		91, 91, 91, 91, 91, 10, 91, 91, 29, 91,
452		91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
453		91, 91, 91, 91, 91, 91, 34, 91, 91, 91,
454		91, 91, 30, 91, 91, 91, 59, 60, 91, 91,
455		62, 91, 91, 91, 91, 91, 91, 91, 91, 91,
456		91, 18, 91, 91, 91, 91, 91, 91, 91, 91,
457		91, 91, 91, 91, 91, 91, 91, 19, 91, 9,
458		91, 91, 72, 38, 91, 91, 65, 51, 91, 91,
459		40, 39, 91, 35, 91, 8, 91, 64, 91, 91,
460		91, 36, 91, 73, 91, 52, 42, 37, 91, 91,
461
462		91, 91, 91, 91, 68, 0
	374	1, 1, 95, 95, 99, 99, 103, 103, 107, 107,
	375	112, 110, 1, 93, 94, 2, 98, 110, 110, 110,
	376	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	377	110, 110, 110, 110, 110, 110, 111, 95, 96, 111,
	378	97, 111, 99, 100, 101, 111, 106, 103, 104, 105,
	379	111, 107, 108, 109, 111, 110, 0, 1, 2, 2,
	380	2, 2, 110, 110, 110, 110, 110, 110, 110, 110,
	381	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	382	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	383	110, 110, 110, 110, 110, 110, 110, 110, 95, 0,
	384
	385	99, 0, 106, 0, 103, 107, 0, 110, 110, 110,
	386	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	387	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	388	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	389	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	390	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	391	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	392	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	393	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	394	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	395
	396	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	397	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	398	110, 50, 110, 110, 110, 110, 110, 6, 110, 110,
	399	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	400	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	401	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	402	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	403	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	404	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	405	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	406
	407	110, 110, 110, 110, 110, 110, 110, 110, 20, 110,
	408	110, 110, 110, 12, 13, 110, 15, 14, 110, 110,
	409	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	410	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	411	110, 110, 110, 110, 110, 110, 110, 110, 3, 110,
	412	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	413	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	414	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	415	110, 110, 110, 110, 110, 102, 110, 110, 110, 110,
	416	110, 110, 110, 110, 110, 23, 110, 110, 110, 110,
	417
	418	110, 110, 110, 24, 110, 110, 110, 110, 110, 110,
	419	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	420	110, 110, 110, 110, 110, 110, 110, 110, 63, 110,
	421	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	422	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	423	110, 62, 110, 110, 110, 110, 110, 110, 110, 110,
	424	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	425	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	426	110, 110, 110, 110, 110, 110, 21, 110, 110, 110,
	427	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	428
	429	22, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	430	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	431	17, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	432	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	433	110, 110, 110, 51, 52, 110, 49, 110, 110, 110,
	434	110, 110, 110, 110, 110, 110, 110, 110, 5, 110,
	435	110, 110, 110, 110, 110, 110, 110, 65, 110, 110,
	436	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	437	110, 110, 110, 110, 110, 110, 110, 110, 110, 80,
	438	79, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	439
	440	110, 110, 110, 110, 25, 110, 110, 110, 110, 53,
	441	110, 110, 110, 110, 110, 78, 110, 110, 110, 110,
	442	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	443	110, 110, 110, 110, 110, 110, 42, 110, 110, 110,
	444	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	445	110, 110, 110, 110, 110, 110, 110, 4, 110, 110,
	446	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	447	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	448	110, 110, 110, 110, 110, 110, 88, 110, 16, 110,
	449	110, 55, 56, 54, 110, 110, 110, 110, 110, 61,
	450
	451	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	452	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	453	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	454	110, 69, 110, 110, 110, 110, 110, 110, 110, 110,
	455	110, 31, 110, 110, 110, 110, 110, 110, 110, 110,
	456	110, 110, 110, 110, 60, 110, 110, 110, 110, 110,
	457	110, 110, 110, 110, 110, 110, 64, 110, 110, 110,
	458	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	459	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	460	71, 110, 110, 110, 110, 59, 110, 86, 110, 110,
	461
	462	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	463	110, 110, 32, 33, 110, 38, 74, 110, 81, 110,
	464	27, 110, 76, 110, 110, 110, 110, 110, 7, 110,
	465	48, 85, 110, 110, 110, 110, 110, 110, 110, 110,
	466	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	467	66, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	468	110, 110, 110, 75, 26, 28, 110, 110, 110, 110,
	469	110, 47, 110, 110, 110, 89, 110, 110, 110, 110,
	470	110, 110, 45, 110, 110, 110, 110, 110, 110, 91,
	471	110, 110, 110, 110, 110, 110, 110, 11, 110, 110,
	472
	473	110, 110, 110, 110, 10, 110, 110, 29, 110, 90,
	474	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	475	92, 87, 110, 110, 110, 110, 110, 110, 110, 110,
	476	110, 34, 110, 110, 110, 110, 110, 30, 110, 110,
	477	110, 67, 68, 110, 110, 110, 70, 110, 110, 110,
	478	110, 110, 110, 110, 110, 110, 110, 110, 110, 18,
	479	110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
	480	110, 84, 110, 110, 110, 110, 110, 110, 19, 110,
	481	9, 110, 110, 82, 39, 110, 110, 110, 73, 57,
	482	110, 110, 41, 44, 40, 110, 35, 110, 8, 110,
	483
	484	110, 72, 110, 110, 110, 36, 110, 83, 110, 110,
	485	58, 43, 37, 110, 110, 110, 110, 46, 110, 110,
	486	110, 110, 77, 0
463	487	} ;
464	488
465	489	static yyconst flex_int32_t yy_ec[256] =

471	495	1, 1, 1, 1, 8, 1, 1, 1, 1, 1,
472	496	9, 10, 1, 11, 1, 1, 1, 12, 1, 1,
473	497	1, 1, 1, 1, 13, 14, 15, 16, 17, 18,
474		19, 20, 21, 1, 22, 23, 24, 25, 26, 27,
475		28, 29, 30, 31, 32, 33, 34, 35, 36, 37,
476		1, 38, 1, 1, 1, 1, 39, 40, 41, 42,
477
478		43, 44, 45, 46, 47, 1, 48, 49, 50, 51,
479		52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
480		62, 63, 1, 1, 1, 1, 1, 1, 1, 1,
	498	19, 20, 21, 22, 23, 24, 25, 26, 27, 28,
	499	29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
	500	1, 39, 1, 1, 1, 1, 40, 41, 42, 43,
	501
	502	44, 45, 46, 47, 48, 49, 50, 51, 52, 53,
	503	54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
	504	64, 65, 1, 1, 1, 1, 1, 1, 1, 1,
481	505	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
482	506	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
483	507	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,

494	518	1, 1, 1, 1, 1
495	519	} ;
496	520
497		static yyconst flex_int32_t yy_meta[64] =
	521	static yyconst flex_int32_t yy_meta[66] =
498	522	{ 0,
499	523	1, 2, 3, 4, 5, 1, 6, 1, 1, 1,
500	524	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,

502	526	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
503	527	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
504	528	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
505		1, 1, 1
	529	1, 1, 1, 1, 1
506	530	} ;
507	531
508		static yyconst flex_int16_t yy_base[818] =
	532	static yyconst flex_int16_t yy_base[1036] =
509	533	{ 0,
510		0, 0, 61, 64, 67, 69, 75, 81, 86, 89,
511		2283, 2244, 94, 2303, 2303, 99, 2303, 80, 95, 88,
512		84, 104, 107, 112, 118, 122, 115, 125, 138, 139,
513		144, 133, 82, 167, 191, 2238, 2303, 2303, 2303, 93,
514		2210, 2303, 2303, 162, 2208, 2241, 2303, 2303, 195, 2204,
515		2303, 2303, 126, 2200, 207, 201, 0, 211, 0, 0,
516		189, 193, 188, 190, 73, 191, 195, 206, 204, 220,
517		201, 221, 236, 222, 230, 231, 234, 237, 244, 245,
518		246, 256, 257, 263, 255, 269, 265, 271, 2199, 252,
519		2195, 182, 2194, 315, 2226, 2189, 300, 289, 270, 272,
520
521		304, 332, 291, 307, 316, 305, 329, 306, 322, 320,
522		333, 344, 337, 328, 356, 330, 358, 362, 353, 354,
523		359, 360, 370, 390, 367, 377, 405, 379, 402, 388,
524		403, 383, 407, 411, 398, 421, 414, 415, 424, 437,
525		430, 433, 429, 432, 453, 440, 459, 456, 451, 458,
526		470, 427, 455, 450, 478, 465, 493, 475, 497, 483,
527		507, 500, 489, 503, 498, 546, 496, 516, 509, 518,
528		519, 520, 536, 556, 524, 537, 542, 553, 545, 567,
529		564, 577, 571, 593, 585, 594, 596, 587, 599, 589,
530		600, 2187, 590, 597, 603, 607, 2186, 620, 636, 617,
531
532		619, 639, 622, 646, 648, 626, 652, 642, 644, 643,
533		659, 666, 665, 670, 662, 674, 530, 675, 681, 540,
534		694, 699, 698, 702, 700, 703, 701, 706, 695, 708,
535		709, 730, 716, 720, 732, 739, 749, 745, 747, 748,
536		735, 742, 758, 760, 777, 766, 768, 778, 771, 774,
537		764, 790, 789, 781, 783, 786, 792, 797, 800, 815,
538		804, 823, 816, 807, 833, 2063, 818, 824, 1951, 1950,
539		827, 1949, 1932, 841, 859, 847, 822, 830, 845, 850,
540		861, 858, 867, 871, 873, 878, 876, 875, 883, 885,
541		887, 889, 903, 907, 910, 905, 919, 1883, 913, 921,
542
543		909, 911, 917, 915, 930, 934, 931, 933, 935, 957,
544		959, 946, 953, 947, 967, 956, 948, 951, 973, 974,
545		979, 977, 984, 997, 999, 989, 991, 1008, 1829, 1015,
546		1011, 1000, 1010, 1024, 1026, 1013, 1025, 1773, 1028, 1040,
547		1041, 1034, 1048, 1051, 1682, 1037, 1050, 1058, 1063, 1059,
548		1057, 1060, 1067, 1071, 1077, 1076, 1092, 1082, 1085, 78,
549		1084, 1086, 1089, 1649, 1096, 1103, 1094, 1105, 1112, 1115,
550		1111, 1116, 1110, 1124, 1106, 1120, 1129, 1138, 1639, 1139,
551		1145, 1140, 1156, 1162, 1137, 1166, 1163, 1164, 1155, 1173,
552		1170, 1176, 1195, 1165, 1189, 1187, 1200, 1207, 1211, 1198,
553
554		1206, 1213, 1216, 1220, 1501, 1190, 1199, 1223, 1219, 1229,
555		1235, 1231, 1232, 1416, 1234, 1239, 1237, 1244, 1253, 1246,
556		1263, 1245, 1257, 1260, 1261, 1271, 1276, 1284, 1288, 1292,
557		1408, 1278, 1298, 1299, 1297, 1309, 1290, 1294, 1295, 1302,
558		1306, 1316, 1310, 1327, 1328, 1335, 1403, 1389, 1388, 1337,
559		1329, 1320, 1331, 1347, 1332, 1348, 1350, 1358, 1346, 1371,
560		1361, 1363, 1374, 1341, 1366, 1375, 1376, 1380, 1393, 1390,
561		1377, 1391, 1386, 1401, 1354, 1404, 1405, 1406, 1429, 1322,
562		1283, 1409, 1415, 1434, 1372, 1428, 1427, 1425, 1430, 1435,
563		1280, 1461, 1459, 1450, 1453, 1449, 1460, 1203, 1463, 1474,
564
565		1475, 1476, 1483, 1484, 1479, 1465, 1487, 1495, 1497, 1499,
566		1508, 1194, 1516, 1518, 1491, 1519, 1524, 1517, 1503, 1507,
567		1512, 1514, 1545, 1525, 1527, 1534, 1548, 1540, 1158, 1542,
568		1567, 1550, 1557, 1552, 1560, 1566, 1571, 1588, 1581, 1586,
569		1576, 1585, 1574, 1595, 1573, 1590, 1603, 1150, 1607, 1131,
570		1079, 1033, 1613, 1606, 1602, 1610, 1001, 1600, 1616, 1605,
571		1612, 1624, 1626, 1627, 1642, 1638, 1646, 1629, 1651, 1655,
572		1653, 1643, 1652, 1663, 1665, 1676, 1650, 1673, 1675, 1668,
573		993, 1689, 1684, 1698, 1694, 1686, 1701, 1702, 1706, 950,
574		1710, 1708, 1691, 1717, 1718, 943, 1720, 1713, 1729, 1744,
575
576		1726, 1742, 1735, 1750, 1736, 904, 1748, 1756, 1739, 1743,
577		1752, 1763, 1776, 1759, 1762, 1771, 1755, 1785, 1779, 1786,
578		1797, 1792, 893, 1781, 1799, 1803, 1798, 856, 1805, 1807,
579		1801, 1823, 1831, 1824, 1833, 1832, 1841, 825, 814, 1844,
580		746, 1815, 1842, 728, 1847, 1818, 1850, 1846, 1827, 1855,
581		721, 1857, 1854, 1864, 1867, 1868, 1874, 1878, 1852, 1882,
582		1870, 1873, 1886, 1880, 1901, 1890, 1896, 1908, 1903, 1918,
583		1905, 1912, 1906, 692, 690, 682, 1916, 1917, 1936, 1923,
584		1924, 1940, 1929, 1952, 1933, 1939, 1955, 1959, 677, 1943,
585		1963, 1965, 1958, 1966, 1976, 1973, 1979, 1984, 633, 1977,
586
587		1983, 2000, 1997, 1996, 2002, 631, 2003, 1999, 613, 2015,
588		1998, 2019, 2013, 2018, 2031, 2021, 2039, 2036, 2044, 2032,
589		2041, 2025, 2047, 2028, 2046, 2037, 582, 2058, 2042, 2064,
590		2065, 2062, 574, 2068, 2072, 2075, 568, 551, 2079, 2084,
591		491, 2081, 2074, 2082, 2087, 2097, 2106, 2091, 2103, 2104,
592		2109, 490, 2120, 2105, 2112, 2126, 2127, 2123, 2117, 2139,
593		2144, 2130, 2140, 2151, 2154, 2150, 2157, 486, 2160, 481,
594		2158, 2159, 385, 376, 2163, 2162, 312, 303, 2149, 2165,
595		302, 299, 2172, 296, 2174, 293, 2173, 194, 2175, 2179,
596		2182, 187, 2196, 185, 2201, 154, 143, 141, 2184, 2188,
597
598		2193, 2198, 2191, 2206, 129, 2303, 2249, 2255, 2261, 2267,
599		138, 2273, 2279, 2285, 74, 2290, 2296
	534	0, 0, 63, 66, 69, 71, 77, 83, 88, 91,
	535	2242, 2197, 95, 2969, 2969, 102, 2969, 84, 98, 107,
	536	76, 90, 111, 117, 108, 125, 109, 126, 154, 80,
	537	147, 158, 164, 160, 152, 194, 214, 2168, 2969, 2969,
	538	2969, 116, 2161, 2969, 2969, 96, 2135, 2168, 2969, 2969,
	539	220, 2126, 2969, 2969, 224, 2069, 235, 170, 0, 239,
	540	0, 0, 167, 211, 206, 209, 217, 215, 75, 220,
	541	225, 227, 242, 244, 254, 229, 228, 256, 261, 251,
	542	255, 270, 266, 269, 287, 276, 290, 285, 292, 281,
	543	284, 309, 295, 311, 297, 318, 316, 315, 2046, 226,
	544
	545	2040, 185, 1936, 356, 1968, 1920, 360, 334, 327, 329,
	546	338, 336, 212, 382, 362, 347, 368, 373, 363, 395,
	547	361, 387, 381, 384, 397, 406, 394, 420, 421, 424,
	548	431, 425, 411, 416, 413, 430, 429, 441, 428, 434,
	549	458, 457, 447, 468, 471, 474, 463, 456, 473, 479,
	550	470, 477, 485, 498, 487, 493, 507, 513, 497, 518,
	551	522, 526, 509, 512, 515, 530, 505, 535, 538, 536,
	552	534, 539, 569, 552, 556, 560, 549, 558, 573, 581,
	553	568, 585, 570, 579, 583, 593, 596, 594, 589, 599,
	554	608, 648, 598, 625, 612, 597, 626, 617, 627, 628,
	555
	556	633, 658, 652, 654, 655, 676, 649, 669, 678, 657,
	557	682, 679, 609, 689, 696, 691, 641, 690, 699, 703,
	558	707, 1912, 710, 712, 713, 716, 720, 1836, 722, 731,
	559	737, 748, 723, 727, 754, 747, 760, 751, 756, 752,
	560	775, 773, 774, 766, 768, 791, 787, 784, 795, 792,
	561	808, 797, 801, 807, 812, 820, 821, 831, 829, 830,
	562	833, 836, 835, 837, 839, 822, 845, 832, 867, 853,
	563	849, 858, 874, 877, 857, 880, 884, 888, 885, 865,
	564	881, 893, 894, 897, 907, 920, 932, 909, 915, 918,
	565	912, 922, 935, 939, 934, 936, 928, 950, 945, 946,
	566
	567	943, 947, 949, 960, 973, 970, 980, 985, 1833, 992,
	568	971, 987, 975, 1826, 1788, 974, 1750, 1692, 999, 996,
	569	1027, 988, 1006, 1000, 994, 1001, 1028, 1017, 1035, 1037,
	570	1021, 1030, 1042, 1056, 1047, 1050, 1054, 1067, 1068, 1061,
	571	1073, 1077, 1082, 1010, 1083, 1085, 1088, 1090, 1653, 1087,
	572	1103, 1100, 1109, 1094, 1116, 1110, 1129, 1127, 1113, 1121,
	573	1134, 1117, 1140, 1144, 1135, 1137, 1143, 1142, 1157, 1128,
	574	1197, 1151, 1167, 1169, 1164, 1161, 1210, 1178, 1177, 1194,
	575	1188, 1190, 1187, 1204, 1207, 1612, 1230, 1229, 1220, 1228,
	576	1237, 1234, 1244, 1226, 1238, 1610, 1233, 1253, 1257, 1267,
	577
	578	1265, 1250, 1271, 1603, 1282, 1266, 1268, 1284, 1285, 1291,
	579	1294, 1289, 1299, 1293, 1295, 1298, 1301, 1318, 1309, 1336,
	580	1320, 1337, 1321, 1324, 140, 1323, 1330, 1317, 1601, 1344,
	581	1347, 1348, 1345, 1346, 1349, 1355, 1352, 1365, 1368, 1373,
	582	1369, 1380, 1374, 1375, 1372, 1382, 1394, 1387, 1398, 1399,
	583	1397, 1500, 1408, 1415, 1407, 1424, 1432, 1418, 1440, 1436,
	584	1433, 1430, 1425, 1445, 1451, 1448, 1457, 1465, 1458, 1467,
	585	1459, 1449, 1469, 1472, 1466, 1478, 1487, 1498, 1502, 1503,
	586	1492, 1505, 1506, 1504, 1509, 1514, 1475, 1520, 1524, 1527,
	587	1517, 1516, 1528, 1525, 1530, 1519, 1555, 1538, 1534, 1542,
	588
	589	1442, 1567, 1544, 1548, 1553, 1564, 1557, 1565, 1562, 1569,
	590	1571, 1583, 1572, 1593, 1589, 1586, 1606, 1613, 1616, 1617,
	591	1439, 1609, 1600, 1625, 1622, 1620, 1627, 1605, 1623, 1629,
	592	1636, 1643, 1637, 1644, 1634, 1656, 1652, 1646, 1667, 1663,
	593	1654, 1676, 1680, 1428, 1421, 1677, 1381, 1675, 1673, 1664,
	594	1691, 1682, 1698, 1679, 1707, 1700, 1706, 1693, 1371, 1695,
	595	1694, 1709, 1715, 1723, 1734, 1725, 1726, 1367, 1738, 1721,
	596	1730, 1733, 1727, 1744, 1757, 1763, 1759, 1748, 1760, 1761,
	597	1755, 1770, 1771, 1765, 1774, 1778, 1787, 1791, 1752, 1334,
	598	1328, 1795, 1790, 1807, 1797, 1815, 1813, 1805, 1810, 1817,
	599
	600	1814, 1820, 1844, 1821, 1322, 1824, 1853, 1848, 1855, 1275,
	601	1849, 1841, 1842, 1840, 1852, 1264, 1867, 1869, 1872, 1884,
	602	1865, 1863, 1881, 1899, 1886, 1885, 1896, 1906, 1900, 1907,
	603	1914, 1895, 1917, 1918, 1919, 1921, 1255, 1925, 1910, 1935,
	604	1913, 1932, 1939, 1942, 1923, 1933, 1937, 1946, 1945, 1948,
	605	1958, 1970, 1959, 1963, 1973, 1965, 1966, 1227, 1994, 1983,
	606	1976, 1980, 1997, 2003, 1993, 1992, 2000, 2004, 2001, 2018,
	607	2019, 2041, 2021, 2024, 2029, 2030, 2039, 2025, 2038, 2031,
	608	2035, 2044, 2048, 2055, 2058, 2052, 1217, 2066, 1203, 2071,
	609	2067, 1170, 1160, 1159, 2059, 2073, 2088, 2082, 2092, 1154,
	610
	611	2075, 2096, 2080, 2094, 2100, 2102, 2093, 2098, 2099, 2111,
	612	2116, 2130, 2110, 2127, 2140, 2139, 2141, 2129, 2128, 2153,
	613	2145, 2133, 2137, 2158, 2172, 2156, 2164, 2169, 2166, 2171,
	614	2183, 1148, 2188, 2175, 2192, 2190, 2195, 2193, 2202, 2213,
	615	2205, 1146, 2198, 2223, 2225, 2224, 2230, 2233, 2227, 2219,
	616	2222, 2234, 2231, 2245, 1102, 2244, 2246, 2254, 2274, 2256,
	617	2276, 2264, 2278, 2279, 2261, 2284, 1070, 2282, 2285, 2270,
	618	2290, 2281, 2286, 2293, 2294, 2298, 2305, 2300, 2315, 2302,
	619	2317, 2319, 2325, 2312, 2329, 2320, 2327, 2332, 2342, 2339,
	620	1065, 2344, 2340, 2347, 2354, 1064, 2353, 1063, 2369, 2368,
	621
	622	2377, 2374, 2376, 2362, 2363, 2380, 2357, 2381, 2370, 2388,
	623	2390, 2392, 1058, 1023, 2401, 1022, 1015, 2411, 977, 2416,
	624	972, 2418, 924, 2426, 2422, 2408, 2405, 2425, 908, 2431,
	625	876, 869, 2428, 2432, 2435, 2436, 2429, 2419, 2453, 2454,
	626	2457, 2450, 2444, 2463, 2421, 2455, 2460, 2471, 2474, 2478,
	627	862, 2467, 2482, 2477, 2489, 2490, 2495, 2496, 2491, 2492,
	628	2499, 2501, 2504, 847, 828, 824, 2505, 2518, 2527, 2522,
	629	2512, 739, 2529, 2517, 2533, 734, 2539, 2528, 2534, 2541,
	630	2548, 2551, 726, 2547, 2560, 2564, 2556, 2558, 2572, 693,
	631	2574, 2570, 2573, 2575, 2581, 2587, 2585, 685, 2586, 2591,
	632
	633	2593, 2595, 2599, 2611, 621, 2614, 2606, 616, 2624, 606,
	634	2608, 2626, 2622, 2629, 2630, 2618, 2633, 2643, 2640, 2638,
	635	600, 542, 2639, 2651, 2645, 2646, 2656, 2648, 2650, 2670,
	636	2660, 491, 2678, 2666, 2644, 2686, 2673, 452, 2683, 2687,
	637	2669, 444, 414, 2693, 2700, 2695, 404, 2697, 2696, 2703,
	638	2712, 2716, 2714, 2726, 2730, 2710, 2719, 2740, 2739, 366,
	639	2747, 2728, 2727, 2750, 2751, 2737, 2746, 2752, 2768, 2769,
	640	2761, 360, 2765, 2781, 2782, 2784, 2785, 2786, 357, 2788,
	641	356, 2787, 2793, 355, 354, 2783, 2794, 2795, 349, 348,
	642	2799, 2797, 346, 342, 337, 2802, 304, 2826, 288, 2804,
	643
	644	2808, 282, 2814, 2806, 2834, 278, 2836, 234, 2825, 2838,
	645	193, 174, 127, 2840, 2822, 2843, 2845, 115, 2833, 2841,
	646	2857, 2847, 59, 2969, 2915, 2921, 2927, 2933, 88, 2939,
	647	2945, 2951, 76, 2956, 2962
600	648	} ;
601	649
602		static yyconst flex_int16_t yy_def[818] =
	650	static yyconst flex_int16_t yy_def[1036] =
603	651	{ 0,
604		806, 1, 807, 807, 808, 808, 809, 809, 810, 810,
605		806, 811, 806, 806, 806, 812, 806, 811, 811, 811,
606		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
607		811, 811, 811, 811, 811, 813, 806, 806, 806, 813,
608		814, 806, 806, 814, 815, 806, 806, 806, 815, 816,
609		806, 806, 816, 811, 811, 806, 817, 812, 817, 812,
610		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
611		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
612		811, 811, 811, 811, 811, 811, 811, 811, 813, 813,
613		814, 814, 815, 815, 806, 816, 816, 811, 811, 811,
614
615		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
616		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
617		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
618		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
619		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
620		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
621		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
622		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
623		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
624		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
625
626		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
627		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
628		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
629		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
630		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
631		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
632		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
633		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
634		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
635		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
636
637		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
638		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
639		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
640		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
641		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
642		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
643		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
644		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
645		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
646		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
647
648		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
649		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
650		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
651		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
652		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
653		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
654		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
655		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
656		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
657		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
658
659		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
660		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
661		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
662		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
663		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
664		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
665		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
666		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
667		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
668		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
669
670		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
671		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
672		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
673		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
674		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
675		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
676		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
677		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
678		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
679		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
680
681		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
682		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
683		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
684		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
685		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
686		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
687		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
688		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
689		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
690		811, 811, 811, 811, 811, 811, 811, 811, 811, 811,
691
692		811, 811, 811, 811, 811, 0, 806, 806, 806, 806,
693		806, 806, 806, 806, 806, 806, 806
	652	1024, 1, 1025, 1025, 1026, 1026, 1027, 1027, 1028, 1028,
	653	1024, 1029, 1024, 1024, 1024, 1030, 1024, 1029, 1029, 1029,
	654	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	655	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1031, 1024, 1024,
	656	1024, 1031, 1032, 1024, 1024, 1032, 1033, 1024, 1024, 1024,
	657	1033, 1034, 1024, 1024, 1034, 1029, 1029, 1024, 1035, 1030,
	658	1035, 1030, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	659	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	660	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	661	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1031, 1031,
	662
	663	1032, 1032, 1033, 1033, 1024, 1034, 1034, 1029, 1029, 1029,
	664	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	665	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	666	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	667	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	668	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	669	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	670	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	671	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	672	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	673
	674	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	675	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	676	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	677	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	678	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	679	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	680	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	681	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	682	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	683	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	684
	685	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	686	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	687	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	688	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	689	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	690	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	691	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	692	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	693	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	694	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	695
	696	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	697	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	698	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	699	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	700	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	701	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	702	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	703	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	704	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	705	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	706
	707	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	708	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	709	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	710	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	711	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	712	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	713	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	714	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	715	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	716	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	717
	718	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	719	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	720	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	721	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	722	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	723	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	724	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	725	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	726	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	727	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	728
	729	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	730	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	731	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	732	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	733	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	734	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	735	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	736	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	737	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	738	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	739
	740	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	741	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	742	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	743	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	744	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	745	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	746	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	747	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	748	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	749	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	750
	751	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	752	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	753	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	754	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	755	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	756	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	757	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	758	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	759	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	760	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	761
	762	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	763	1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029, 1029,
	764	1029, 1029, 1029, 0, 1024, 1024, 1024, 1024, 1024, 1024,
	765	1024, 1024, 1024, 1024, 1024
694	766	} ;
695	767
696		static yyconst flex_int16_t yy_nxt[2367] =
	768	static yyconst flex_int16_t yy_nxt[3035] =
697	769	{ 0,
698	770	12, 13, 14, 14, 15, 16, 17, 12, 12, 12,
699		12, 12, 18, 12, 19, 20, 12, 21, 12, 22,
700		23, 24, 25, 26, 27, 28, 29, 12, 30, 31,
701		32, 33, 34, 12, 12, 12, 12, 35, 18, 12,
702		19, 20, 12, 21, 12, 22, 23, 24, 25, 26,
703		27, 28, 29, 12, 30, 31, 32, 33, 34, 12,
704		12, 12, 12, 37, 38, 39, 37, 38, 39, 42,
705		38, 42, 38, 43, 93, 43, 46, 47, 47, 48,
706		102, 38, 46, 47, 47, 48, 408, 38, 51, 51,
707		52, 51, 51, 52, 61, 56, 89, 89, 40, 57,
708
709		59, 40, 59, 59, 44, 59, 44, 62, 64, 66,
710		55, 86, 49, 65, 63, 55, 67, 55, 49, 55,
711		61, 55, 69, 53, 68, 55, 53, 75, 71, 96,
712		96, 70, 55, 62, 64, 66, 60, 86, 54, 65,
713		63, 55, 67, 72, 55, 84, 76, 73, 69, 55,
714		68, 74, 55, 75, 71, 55, 77, 70, 78, 55,
715		82, 85, 55, 79, 80, 91, 55, 81, 91, 72,
716		55, 84, 76, 73, 83, 55, 55, 74, 55, 87,
717		55, 55, 77, 88, 78, 91, 82, 85, 91, 79,
718		80, 55, 54, 81, 54, 54, 93, 54, 93, 93,
719
720		83, 93, 56, 98, 55, 87, 57, 99, 54, 88,
721		54, 54, 59, 54, 59, 59, 100, 59, 101, 103,
722		106, 105, 55, 104, 55, 55, 55, 55, 55, 98,
723		55, 55, 55, 99, 107, 111, 110, 108, 55, 112,
724		114, 55, 100, 55, 101, 103, 106, 105, 60, 104,
725		109, 113, 118, 115, 116, 89, 89, 55, 55, 55,
726		107, 111, 110, 108, 117, 112, 114, 55, 55, 123,
727		120, 55, 119, 55, 55, 121, 109, 113, 118, 115,
728		116, 55, 55, 55, 122, 127, 126, 128, 124, 131,
729		117, 125, 55, 55, 55, 123, 120, 132, 119, 129,
730
731		55, 121, 55, 96, 96, 130, 55, 55, 55, 55,
732		122, 127, 126, 128, 124, 131, 93, 125, 93, 93,
733		133, 93, 140, 132, 139, 129, 55, 147, 55, 142,
734		55, 130, 141, 55, 145, 151, 55, 153, 146, 55,
735		55, 55, 55, 55, 55, 148, 133, 134, 140, 55,
736		139, 143, 135, 55, 144, 142, 136, 55, 141, 55,
737		145, 149, 137, 138, 146, 55, 55, 55, 150, 55,
738		55, 148, 152, 134, 55, 158, 154, 143, 135, 155,
739		144, 55, 136, 156, 157, 162, 166, 149, 137, 138,
740		55, 55, 159, 55, 150, 55, 55, 55, 152, 55,
741
742		160, 158, 154, 161, 55, 155, 163, 55, 171, 156,
743		157, 162, 164, 55, 55, 167, 55, 169, 159, 170,
744		55, 172, 55, 173, 174, 55, 160, 55, 176, 161,
745		177, 168, 163, 165, 171, 55, 178, 180, 192, 55,
746		55, 167, 55, 169, 55, 170, 175, 172, 55, 173,
747		174, 55, 55, 179, 176, 183, 177, 168, 55, 165,
748		182, 55, 178, 181, 55, 184, 55, 55, 185, 55,
749		55, 188, 175, 186, 55, 195, 197, 55, 187, 179,
750		189, 183, 193, 190, 191, 194, 182, 55, 55, 181,
751		55, 184, 55, 55, 185, 55, 55, 188, 196, 186,
752
753		198, 195, 55, 201, 187, 199, 189, 55, 193, 190,
754		191, 194, 55, 200, 202, 55, 203, 205, 55, 204,
755		55, 213, 207, 55, 196, 216, 55, 55, 55, 201,
756		55, 199, 206, 55, 55, 55, 214, 55, 215, 200,
757		55, 266, 203, 205, 55, 204, 55, 213, 207, 217,
758		218, 269, 219, 55, 222, 55, 55, 55, 206, 208,
759		209, 55, 214, 223, 215, 220, 221, 55, 224, 226,
760		210, 211, 212, 55, 55, 217, 218, 55, 219, 55,
761		222, 225, 55, 55, 229, 208, 209, 227, 55, 223,
762		55, 231, 230, 55, 224, 226, 210, 211, 212, 228,
763
764		232, 55, 233, 235, 55, 55, 234, 225, 55, 236,
765		229, 55, 239, 227, 55, 237, 241, 231, 230, 55,
766		238, 240, 55, 242, 55, 228, 55, 55, 233, 243,
767		55, 55, 234, 55, 55, 236, 55, 55, 239, 244,
768		55, 237, 241, 245, 55, 246, 238, 240, 247, 242,
769		55, 248, 251, 252, 55, 243, 55, 55, 249, 55,
770		254, 255, 253, 55, 256, 244, 258, 257, 55, 264,
771		55, 246, 259, 55, 247, 250, 55, 248, 251, 55,
772		55, 55, 261, 55, 249, 55, 254, 255, 253, 55,
773		256, 260, 258, 257, 262, 263, 55, 265, 259, 55,
774
775		267, 250, 55, 55, 268, 270, 271, 55, 261, 272,
776		275, 55, 55, 273, 55, 274, 276, 260, 55, 55,
777		262, 263, 277, 265, 279, 278, 267, 55, 284, 55,
778		268, 55, 55, 280, 285, 55, 55, 55, 55, 55,
779		55, 274, 276, 55, 281, 55, 55, 286, 277, 282,
780		279, 278, 283, 55, 284, 288, 289, 55, 55, 280,
781		285, 291, 290, 293, 292, 55, 294, 55, 287, 55,
782		281, 303, 55, 286, 295, 282, 55, 298, 283, 55,
783		296, 288, 55, 55, 55, 55, 55, 291, 290, 293,
784		292, 297, 294, 300, 287, 55, 301, 55, 299, 302,
785
786		295, 55, 304, 55, 305, 55, 296, 306, 55, 308,
787		309, 55, 307, 310, 55, 55, 311, 297, 55, 300,
788		55, 316, 301, 55, 299, 302, 55, 55, 304, 55,
789		305, 312, 313, 306, 55, 308, 309, 55, 307, 310,
790		315, 55, 311, 314, 55, 317, 318, 316, 321, 319,
791		327, 55, 55, 55, 320, 55, 329, 312, 313, 55,
792		55, 55, 55, 326, 55, 328, 315, 55, 330, 314,
793		55, 317, 318, 331, 322, 319, 327, 323, 55, 333,
794		320, 324, 55, 332, 55, 334, 338, 55, 325, 326,
795		336, 328, 335, 55, 330, 55, 55, 339, 55, 331,
796
797		322, 337, 340, 323, 55, 333, 341, 324, 55, 332,
798		55, 334, 55, 55, 325, 55, 336, 342, 335, 343,
799		55, 345, 55, 339, 55, 344, 55, 337, 340, 346,
800		55, 347, 341, 348, 352, 351, 349, 354, 350, 353,
801		55, 55, 55, 342, 55, 343, 55, 55, 55, 357,
802		55, 344, 55, 356, 55, 346, 55, 347, 55, 348,
803		352, 351, 349, 355, 350, 353, 358, 55, 55, 359,
804		55, 55, 55, 360, 361, 357, 362, 363, 364, 356,
805		55, 365, 366, 55, 55, 55, 367, 55, 55, 355,
806		55, 370, 358, 55, 55, 359, 55, 368, 371, 360,
807
808		361, 373, 362, 363, 55, 369, 374, 365, 366, 375,
809		55, 55, 367, 377, 55, 372, 55, 370, 376, 379,
810		378, 55, 380, 368, 371, 381, 55, 373, 55, 382,
811		55, 369, 374, 383, 55, 375, 55, 55, 55, 377,
812		384, 372, 385, 386, 376, 55, 378, 55, 55, 387,
813		55, 381, 55, 388, 391, 382, 389, 390, 393, 383,
814		392, 55, 55, 55, 395, 55, 384, 394, 385, 386,
815		55, 55, 396, 399, 55, 387, 400, 55, 55, 388,
816		391, 401, 389, 390, 403, 55, 392, 55, 55, 398,
817		395, 397, 402, 394, 55, 55, 55, 55, 396, 399,
818
819		55, 404, 400, 405, 55, 414, 410, 401, 55, 407,
820		413, 406, 409, 55, 55, 398, 55, 397, 402, 55,
821		412, 55, 55, 55, 411, 415, 55, 404, 416, 55,
822		417, 55, 410, 55, 422, 407, 418, 406, 409, 420,
823		55, 419, 55, 55, 432, 423, 412, 55, 55, 55,
824		411, 415, 55, 55, 416, 421, 417, 55, 425, 424,
825		422, 55, 418, 426, 427, 420, 55, 419, 55, 430,
826		428, 423, 429, 431, 55, 55, 55, 55, 433, 434,
827		437, 421, 55, 436, 425, 424, 438, 55, 435, 426,
828		427, 439, 55, 55, 444, 55, 428, 455, 429, 55,
829
830		55, 55, 55, 55, 433, 434, 456, 55, 445, 436,
831		55, 447, 438, 55, 435, 440, 446, 439, 448, 441,
832		444, 442, 449, 443, 55, 451, 55, 55, 450, 452,
833		457, 55, 55, 453, 445, 55, 55, 55, 454, 458,
834		55, 440, 446, 55, 55, 441, 460, 442, 55, 443,
835		55, 451, 465, 55, 450, 452, 55, 55, 459, 453,
836		55, 461, 462, 470, 454, 458, 55, 464, 55, 55,
837		463, 55, 55, 466, 55, 468, 55, 467, 465, 469,
838		472, 55, 55, 55, 459, 471, 473, 461, 462, 470,
839		55, 476, 475, 464, 55, 477, 463, 55, 55, 466,
840
841		55, 468, 474, 467, 478, 469, 472, 479, 55, 480,
842		481, 471, 473, 55, 482, 55, 483, 55, 475, 484,
843		55, 55, 490, 485, 486, 55, 487, 55, 474, 55,
844		478, 55, 55, 479, 55, 55, 55, 488, 491, 55,
845		482, 489, 493, 55, 492, 484, 55, 55, 490, 485,
846		486, 494, 487, 55, 495, 496, 497, 55, 498, 55,
847		500, 518, 499, 488, 55, 55, 55, 489, 55, 55,
848		492, 501, 55, 502, 55, 503, 507, 494, 55, 528,
849		495, 496, 497, 55, 55, 55, 500, 55, 499, 504,
850		506, 55, 510, 505, 508, 55, 511, 501, 55, 502,
851
852		55, 503, 507, 55, 512, 509, 513, 514, 55, 55,
853		516, 55, 55, 55, 55, 504, 506, 55, 510, 505,
854		508, 515, 511, 55, 517, 55, 55, 55, 55, 524,
855		55, 509, 513, 514, 519, 520, 516, 521, 55, 529,
856		55, 55, 55, 55, 525, 55, 55, 515, 531, 522,
857		517, 523, 55, 55, 526, 524, 527, 530, 532, 533,
858		519, 520, 55, 521, 55, 55, 55, 55, 534, 537,
859		525, 55, 55, 535, 531, 522, 548, 523, 539, 536,
860		526, 538, 527, 530, 532, 533, 55, 55, 540, 542,
861		55, 543, 544, 541, 549, 537, 55, 55, 55, 535,
862
863		55, 547, 55, 545, 539, 536, 550, 538, 551, 546,
864		552, 55, 55, 55, 540, 542, 55, 543, 544, 541,
865		55, 55, 553, 554, 55, 555, 556, 547, 55, 545,
866		557, 558, 55, 562, 55, 546, 55, 563, 55, 559,
867		55, 560, 564, 567, 55, 55, 561, 568, 553, 55,
868		565, 55, 556, 55, 55, 55, 55, 566, 572, 562,
869		570, 55, 55, 563, 55, 559, 571, 560, 564, 567,
870		569, 55, 561, 568, 573, 575, 565, 55, 579, 55,
871		574, 576, 55, 566, 572, 55, 570, 55, 582, 55,
872		578, 577, 571, 583, 55, 580, 569, 55, 584, 581,
873
874		585, 575, 587, 55, 55, 588, 574, 576, 55, 586,
875		55, 55, 589, 55, 590, 595, 578, 577, 55, 591,
876		593, 596, 55, 55, 584, 55, 585, 55, 598, 592,
877		597, 588, 55, 594, 600, 586, 599, 55, 589, 55,
878		55, 595, 55, 55, 55, 591, 601, 55, 602, 55,
879		55, 605, 603, 55, 598, 592, 597, 606, 604, 594,
880		600, 55, 599, 55, 55, 607, 55, 608, 609, 610,
881		613, 611, 601, 617, 602, 55, 55, 605, 603, 55,
882		55, 614, 612, 55, 604, 620, 55, 55, 55, 55,
883		55, 607, 55, 608, 609, 610, 615, 611, 616, 617,
884
885		55, 619, 55, 618, 622, 55, 621, 614, 612, 623,
886		55, 620, 55, 55, 624, 625, 626, 628, 627, 55,
887		631, 55, 615, 55, 616, 629, 55, 619, 55, 618,
888		622, 55, 621, 630, 634, 55, 635, 638, 55, 55,
889		624, 625, 626, 55, 627, 55, 631, 55, 632, 633,
890		55, 629, 636, 639, 55, 55, 637, 55, 640, 630,
891		634, 641, 635, 55, 643, 642, 55, 644, 645, 647,
892		651, 646, 55, 55, 632, 633, 55, 648, 636, 55,
893		55, 55, 637, 653, 640, 55, 654, 55, 649, 55,
894		643, 642, 55, 55, 645, 647, 55, 646, 652, 55,
895
896		55, 655, 650, 648, 656, 663, 657, 659, 55, 653,
897		55, 660, 654, 55, 649, 662, 55, 658, 55, 661,
898		664, 665, 55, 55, 652, 677, 674, 655, 650, 55,
899		656, 666, 657, 659, 55, 55, 55, 660, 55, 667,
900		55, 662, 55, 658, 55, 661, 664, 665, 668, 670,
901		669, 671, 55, 675, 672, 55, 673, 666, 676, 680,
902		55, 55, 678, 689, 55, 667, 55, 683, 55, 55,
903		55, 681, 679, 682, 668, 670, 669, 671, 55, 55,
904		672, 55, 673, 55, 55, 680, 684, 55, 678, 55,
905		686, 55, 55, 683, 55, 685, 687, 681, 679, 682,
906
907		688, 55, 690, 692, 55, 55, 691, 55, 694, 693,
908		55, 55, 684, 695, 699, 55, 686, 55, 696, 55,
909		55, 685, 687, 55, 697, 700, 688, 55, 690, 692,
910		701, 705, 691, 55, 694, 693, 703, 698, 55, 695,
911		55, 702, 55, 55, 696, 55, 704, 706, 707, 55,
912		697, 709, 708, 55, 55, 55, 701, 705, 710, 713,
913		55, 55, 703, 698, 711, 712, 55, 702, 716, 55,
914		55, 714, 704, 55, 707, 715, 55, 55, 708, 717,
915		55, 718, 720, 719, 710, 713, 55, 55, 55, 55,
916		711, 712, 55, 722, 716, 55, 55, 714, 721, 723,
917
918		55, 715, 55, 55, 724, 717, 725, 718, 720, 719,
919		55, 727, 726, 55, 55, 729, 55, 728, 730, 722,
920		55, 55, 732, 731, 721, 723, 733, 736, 734, 737,
921		724, 735, 725, 55, 55, 55, 55, 55, 726, 55,
922		55, 729, 738, 728, 730, 739, 740, 741, 732, 731,
923		55, 745, 55, 736, 734, 55, 55, 735, 55, 742,
924		744, 743, 55, 746, 747, 55, 748, 749, 55, 55,
925		751, 739, 750, 55, 55, 752, 55, 745, 55, 55,
926		753, 55, 754, 55, 55, 742, 744, 743, 755, 746,
927		747, 758, 748, 749, 756, 55, 751, 760, 750, 55,
928
929		55, 55, 55, 761, 759, 55, 753, 762, 754, 55,
930		757, 55, 55, 763, 755, 768, 55, 758, 55, 55,
931		756, 55, 765, 760, 55, 769, 764, 766, 55, 761,
932		759, 770, 767, 762, 55, 771, 757, 773, 774, 763,
933		55, 55, 55, 55, 772, 775, 55, 776, 765, 55,
934		777, 769, 764, 766, 55, 778, 780, 55, 767, 779,
935		55, 771, 781, 55, 55, 782, 783, 55, 784, 786,
936		772, 775, 785, 776, 788, 787, 55, 55, 789, 790,
937		791, 55, 780, 792, 794, 779, 55, 55, 55, 793,
938		796, 55, 783, 797, 55, 55, 55, 55, 785, 55,
939
940		55, 787, 55, 795, 789, 790, 791, 798, 801, 55,
941		55, 55, 55, 799, 800, 793, 55, 805, 802, 55,
942		804, 55, 803, 55, 55, 55, 97, 95, 55, 795,
943		55, 94, 92, 55, 801, 55, 90, 55, 55, 799,
944		800, 97, 95, 55, 802, 94, 804, 92, 803, 36,
945		36, 36, 36, 36, 36, 41, 41, 41, 41, 41,
946		41, 45, 45, 45, 45, 45, 45, 50, 50, 50,
947		50, 50, 50, 58, 58, 90, 58, 58, 58, 89,
948		89, 55, 806, 806, 89, 91, 91, 806, 806, 91,
949		96, 96, 806, 806, 806, 96, 59, 59, 806, 59,
950
951		59, 59, 11, 806, 806, 806, 806, 806, 806, 806,
952		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
953		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
954		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
955		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
956		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
957		806, 806, 806, 806, 806, 806
	771	12, 12, 18, 12, 19, 20, 21, 22, 12, 23,
	772	24, 25, 26, 27, 28, 29, 30, 31, 12, 32,
	773	33, 34, 35, 36, 12, 12, 12, 12, 37, 18,
	774	12, 19, 20, 21, 22, 12, 23, 24, 25, 26,
	775	27, 28, 29, 30, 31, 12, 32, 33, 34, 35,
	776	36, 12, 12, 12, 12, 39, 40, 41, 39, 40,
	777	41, 44, 40, 44, 40, 45, 103, 45, 48, 49,
	778	49, 50, 114, 40, 48, 49, 49, 50, 56, 40,
	779	53, 53, 54, 53, 53, 54, 58, 57, 63, 101,
	780
	781	59, 42, 101, 61, 42, 61, 61, 46, 61, 46,
	782	64, 70, 84, 57, 57, 51, 71, 65, 57, 99,
	783	99, 51, 57, 72, 66, 63, 55, 67, 57, 55,
	784	68, 73, 74, 69, 76, 78, 57, 64, 70, 84,
	785	62, 77, 75, 71, 65, 57, 57, 57, 490, 57,
	786	72, 66, 79, 57, 67, 57, 80, 68, 73, 74,
	787	69, 76, 78, 57, 57, 57, 81, 85, 77, 75,
	788	82, 58, 93, 86, 88, 59, 87, 95, 57, 79,
	789	91, 108, 96, 80, 89, 57, 83, 90, 101, 94,
	790	57, 101, 57, 81, 85, 92, 57, 82, 57, 93,
	791
	792	86, 88, 57, 87, 95, 57, 97, 91, 108, 96,
	793	98, 89, 57, 83, 90, 56, 94, 56, 56, 153,
	794	56, 103, 92, 103, 103, 109, 103, 106, 106, 99,
	795	99, 57, 57, 97, 111, 110, 56, 98, 56, 56,
	796	61, 56, 61, 61, 57, 61, 112, 57, 113, 57,
	797	57, 115, 109, 57, 116, 57, 117, 118, 57, 123,
	798	119, 111, 110, 57, 124, 57, 57, 57, 120, 128,
	799	125, 121, 57, 112, 126, 113, 127, 62, 115, 129,
	800	57, 116, 57, 117, 118, 122, 123, 119, 130, 57,
	801	131, 124, 57, 57, 57, 120, 128, 125, 121, 57,
	802
	803	132, 126, 133, 127, 57, 134, 129, 57, 57, 136,
	804	135, 138, 122, 139, 57, 130, 57, 131, 137, 57,
	805	57, 140, 57, 57, 142, 57, 57, 132, 57, 133,
	806	57, 144, 134, 57, 145, 57, 136, 135, 138, 146,
	807	139, 141, 57, 143, 147, 137, 149, 57, 140, 57,
	808	148, 142, 152, 57, 57, 150, 57, 103, 144, 103,
	809	103, 145, 103, 106, 106, 57, 146, 57, 141, 151,
	810	143, 147, 57, 149, 57, 57, 57, 148, 159, 152,
	811	57, 160, 150, 161, 57, 57, 57, 57, 163, 162,
	812	166, 169, 57, 57, 57, 57, 151, 154, 57, 57,
	813
	814	57, 57, 155, 167, 57, 159, 57, 156, 160, 170,
	815	161, 57, 168, 157, 158, 163, 162, 166, 164, 57,
	816	57, 165, 57, 171, 154, 57, 172, 173, 178, 155,
	817	167, 175, 57, 57, 156, 57, 170, 174, 176, 168,
	818	157, 158, 57, 177, 57, 164, 180, 179, 165, 57,
	819	171, 57, 57, 172, 57, 178, 181, 183, 57, 57,
	820	182, 184, 57, 57, 174, 185, 57, 57, 57, 57,
	821	177, 186, 57, 180, 179, 187, 193, 188, 190, 57,
	822	189, 192, 57, 181, 183, 57, 195, 182, 184, 196,
	823	57, 199, 185, 194, 57, 57, 57, 200, 186, 198,
	824
	825	191, 57, 187, 193, 188, 197, 57, 189, 57, 57,
	826	201, 57, 57, 195, 202, 57, 196, 57, 199, 203,
	827	194, 204, 206, 57, 200, 57, 198, 191, 205, 57,
	828	207, 57, 197, 209, 214, 57, 57, 201, 208, 212,
	829	210, 202, 213, 57, 211, 57, 203, 57, 204, 206,
	830	57, 57, 216, 57, 218, 205, 57, 207, 215, 217,
	831	57, 214, 219, 222, 57, 208, 212, 210, 57, 213,
	832	223, 211, 57, 57, 57, 226, 57, 57, 227, 216,
	833	57, 218, 220, 221, 228, 215, 217, 57, 224, 219,
	834	57, 225, 231, 229, 57, 233, 57, 223, 57, 230,
	835
	836	235, 232, 226, 234, 250, 227, 57, 57, 57, 220,
	837	221, 57, 236, 239, 238, 224, 269, 57, 225, 57,
	838	229, 57, 233, 57, 247, 237, 230, 57, 232, 240,
	839	234, 57, 57, 241, 57, 57, 57, 57, 57, 236,
	840	239, 238, 249, 252, 57, 248, 57, 57, 273, 255,
	841	57, 247, 237, 254, 57, 57, 240, 251, 253, 57,
	842	241, 242, 243, 57, 57, 57, 57, 256, 257, 249,
	843	252, 57, 248, 244, 245, 246, 255, 266, 262, 57,
	844	254, 259, 260, 258, 251, 253, 57, 57, 242, 243,
	845	57, 261, 57, 57, 263, 57, 57, 267, 264, 268,
	846
	847	244, 245, 246, 272, 266, 262, 270, 57, 259, 260,
	848	258, 265, 271, 274, 57, 275, 57, 57, 261, 277,
	849	57, 263, 278, 57, 267, 264, 268, 57, 57, 57,
	850	272, 57, 280, 270, 57, 276, 281, 57, 265, 271,
	851	274, 57, 275, 282, 279, 57, 277, 284, 57, 278,
	852	57, 57, 287, 283, 57, 286, 285, 288, 57, 280,
	853	57, 57, 276, 281, 57, 57, 289, 294, 297, 57,
	854	282, 279, 57, 290, 284, 57, 295, 57, 293, 287,
	855	283, 291, 296, 285, 288, 57, 57, 299, 298, 57,
	856	57, 292, 57, 289, 57, 297, 302, 301, 57, 300,
	857
	858	290, 303, 307, 295, 57, 293, 57, 304, 291, 296,
	859	306, 57, 57, 57, 299, 298, 308, 305, 292, 309,
	860	310, 312, 57, 302, 301, 57, 300, 311, 303, 57,
	861	57, 314, 315, 57, 304, 57, 313, 306, 316, 57,
	862	317, 318, 321, 308, 305, 57, 57, 310, 312, 319,
	863	57, 320, 322, 324, 311, 323, 331, 326, 57, 57,
	864	57, 325, 57, 313, 336, 330, 57, 57, 57, 57,
	865	57, 57, 332, 57, 57, 57, 319, 57, 320, 322,
	866	324, 327, 323, 57, 326, 57, 328, 57, 325, 333,
	867	329, 57, 330, 335, 341, 57, 57, 337, 338, 332,
	868
	869	57, 340, 339, 57, 345, 57, 342, 57, 327, 343,
	870	344, 334, 57, 328, 57, 57, 333, 329, 57, 57,
	871	335, 341, 57, 57, 337, 338, 57, 346, 340, 339,
	872	351, 57, 57, 342, 347, 57, 343, 344, 334, 348,
	873	350, 353, 355, 349, 352, 57, 57, 57, 354, 357,
	874	57, 356, 358, 57, 346, 359, 57, 351, 57, 363,
	875	57, 347, 57, 364, 362, 365, 57, 350, 353, 361,
	876	57, 352, 57, 57, 57, 354, 357, 57, 356, 358,
	877	360, 57, 359, 57, 57, 57, 363, 57, 57, 366,
	878	364, 362, 365, 367, 369, 368, 361, 370, 57, 371,
	879
	880	372, 374, 375, 377, 383, 386, 373, 360, 57, 57,
	881	57, 57, 57, 57, 376, 57, 366, 405, 57, 387,
	882	367, 369, 368, 57, 370, 57, 57, 372, 374, 375,
	883	57, 383, 57, 373, 57, 384, 385, 57, 57, 57,
	884	388, 376, 378, 389, 57, 379, 387, 390, 57, 393,
	885	380, 391, 392, 57, 394, 57, 381, 382, 396, 57,
	886	57, 57, 384, 385, 397, 57, 57, 388, 57, 378,
	887	389, 398, 379, 57, 390, 57, 393, 380, 391, 392,
	888	57, 394, 395, 381, 382, 57, 399, 400, 57, 402,
	889	401, 397, 57, 404, 57, 403, 57, 406, 398, 57,
	890
	891	408, 57, 57, 57, 409, 57, 57, 411, 57, 395,
	892	407, 57, 410, 399, 400, 57, 402, 401, 412, 415,
	893	57, 57, 403, 57, 406, 57, 57, 408, 57, 414,
	894	413, 409, 57, 416, 411, 417, 418, 407, 57, 410,
	895	57, 57, 419, 420, 421, 412, 415, 57, 57, 423,
	896	422, 57, 424, 429, 57, 57, 414, 413, 425, 57,
	897	416, 427, 417, 431, 426, 57, 57, 57, 441, 419,
	898	420, 421, 57, 57, 428, 57, 423, 422, 57, 424,
	899	57, 57, 57, 430, 57, 425, 57, 437, 427, 57,
	900	431, 426, 57, 438, 439, 57, 440, 57, 57, 57,
	901
	902	446, 428, 57, 445, 448, 57, 447, 57, 57, 449,
	903	430, 432, 450, 433, 437, 57, 57, 434, 452, 435,
	904	438, 439, 442, 440, 436, 57, 57, 446, 57, 443,
	905	445, 448, 57, 447, 451, 57, 449, 453, 432, 450,
	906	433, 57, 57, 454, 434, 57, 435, 444, 57, 442,
	907	455, 436, 456, 457, 458, 57, 443, 460, 57, 462,
	908	459, 451, 467, 461, 57, 57, 57, 57, 57, 463,
	909	454, 57, 57, 464, 444, 57, 57, 455, 468, 456,
	910	457, 458, 57, 465, 460, 466, 462, 459, 57, 467,
	911	461, 57, 471, 57, 469, 57, 463, 470, 473, 472,
	912
	913	464, 474, 57, 57, 57, 57, 57, 475, 476, 57,
	914	465, 480, 466, 57, 481, 482, 484, 479, 477, 471,
	915	57, 469, 57, 57, 470, 473, 472, 57, 474, 57,
	916	478, 57, 57, 57, 475, 476, 57, 57, 480, 57,
	917	483, 481, 482, 485, 479, 477, 486, 57, 487, 489,
	918	492, 488, 491, 493, 495, 57, 57, 478, 57, 57,
	919	57, 57, 57, 501, 496, 499, 57, 483, 57, 494,
	920	497, 498, 57, 486, 57, 57, 489, 492, 488, 491,
	921	493, 500, 57, 57, 57, 57, 57, 57, 503, 504,
	922	57, 496, 499, 57, 502, 506, 494, 497, 498, 505,
	923
	924	507, 508, 509, 57, 512, 57, 57, 57, 500, 57,
	925	57, 57, 57, 57, 510, 503, 504, 515, 57, 57,
	926	57, 502, 506, 511, 513, 57, 505, 507, 508, 509,
	927	514, 512, 57, 516, 517, 57, 57, 57, 518, 520,
	928	519, 510, 522, 521, 515, 57, 57, 523, 524, 525,
	929	511, 513, 528, 57, 527, 526, 57, 514, 529, 57,
	930	516, 517, 57, 57, 530, 518, 57, 519, 57, 522,
	931	57, 57, 531, 536, 57, 524, 525, 57, 57, 539,
	932	57, 527, 526, 57, 538, 532, 57, 57, 540, 57,
	933	533, 530, 534, 537, 535, 57, 57, 57, 544, 531,
	934
	935	536, 541, 542, 57, 57, 57, 539, 57, 543, 545,
	936	57, 538, 532, 57, 547, 540, 57, 533, 546, 534,
	937	537, 535, 550, 548, 549, 57, 552, 554, 541, 542,
	938	57, 555, 553, 551, 556, 543, 57, 557, 57, 559,
	939	57, 57, 57, 57, 57, 546, 558, 57, 562, 550,
	940	548, 549, 57, 552, 57, 57, 560, 57, 57, 553,
	941	551, 561, 57, 57, 557, 57, 57, 563, 57, 564,
	942	565, 566, 57, 558, 567, 562, 57, 570, 568, 572,
	943	57, 569, 57, 560, 571, 576, 57, 573, 561, 577,
	944	574, 57, 575, 57, 563, 57, 564, 565, 566, 578,
	945
	946	57, 579, 57, 57, 570, 57, 572, 57, 569, 57,
	947	57, 571, 576, 580, 573, 581, 577, 574, 582, 575,
	948	584, 57, 583, 585, 57, 587, 578, 57, 579, 586,
	949	588, 57, 589, 591, 593, 594, 590, 592, 57, 57,
	950	580, 57, 581, 57, 57, 582, 601, 57, 57, 583,
	951	57, 57, 587, 595, 57, 57, 586, 588, 57, 596,
	952	57, 57, 594, 57, 592, 57, 597, 57, 598, 599,
	953	600, 602, 57, 601, 57, 57, 603, 604, 605, 606,
	954	595, 57, 57, 608, 57, 607, 596, 609, 610, 611,
	955	57, 57, 57, 597, 57, 598, 599, 600, 602, 612,
	956
	957	613, 57, 57, 603, 604, 57, 606, 614, 615, 616,
	958	617, 57, 607, 57, 57, 57, 611, 57, 57, 618,
	959	57, 620, 619, 621, 622, 623, 612, 613, 625, 57,
	960	57, 57, 57, 57, 614, 615, 57, 617, 57, 626,
	961	624, 627, 632, 629, 57, 57, 618, 57, 620, 619,
	962	621, 622, 623, 57, 630, 625, 628, 631, 634, 57,
	963	635, 57, 633, 57, 57, 57, 626, 624, 57, 632,
	964	629, 57, 57, 636, 637, 638, 57, 639, 644, 651,
	965	642, 630, 57, 628, 631, 634, 57, 635, 57, 633,
	966	57, 640, 641, 57, 643, 57, 645, 57, 57, 57,
	967
	968	636, 57, 638, 57, 639, 646, 651, 642, 57, 57,
	969	647, 649, 57, 648, 650, 652, 57, 656, 640, 641,
	970	653, 643, 657, 645, 658, 57, 57, 654, 57, 57,
	971	655, 666, 646, 57, 660, 57, 659, 647, 649, 662,
	972	648, 650, 652, 57, 656, 57, 661, 653, 57, 663,
	973	665, 57, 57, 57, 654, 57, 664, 655, 57, 57,
	974	667, 660, 57, 659, 57, 668, 662, 674, 671, 669,
	975	672, 57, 673, 661, 57, 670, 663, 665, 57, 57,
	976	57, 675, 57, 664, 677, 680, 57, 57, 678, 681,
	977	57, 57, 668, 57, 674, 671, 669, 672, 676, 673,
	978
	979	679, 57, 670, 57, 682, 57, 683, 57, 675, 684,
	980	57, 677, 680, 686, 685, 678, 681, 687, 689, 57,
	981	688, 690, 57, 57, 57, 676, 691, 679, 692, 693,
	982	694, 682, 696, 57, 57, 695, 684, 57, 57, 697,
	983	686, 685, 698, 700, 57, 57, 701, 688, 57, 699,
	984	57, 57, 57, 691, 705, 57, 57, 57, 107, 57,
	985	710, 57, 695, 57, 706, 702, 697, 703, 707, 105,
	986	57, 57, 704, 57, 104, 57, 699, 57, 708, 713,
	987	57, 705, 709, 57, 57, 715, 57, 710, 712, 711,
	988	719, 706, 702, 717, 703, 707, 57, 57, 721, 704,
	989
	990	714, 57, 716, 57, 57, 708, 713, 720, 57, 709,
	991	718, 57, 715, 722, 57, 712, 711, 726, 57, 724,
	992	717, 57, 725, 723, 727, 721, 730, 714, 733, 716,
	993	57, 57, 57, 728, 720, 57, 735, 718, 57, 57,
	994	722, 57, 57, 729, 726, 739, 724, 734, 731, 725,
	995	723, 727, 732, 736, 737, 742, 57, 57, 741, 57,
	996	728, 738, 57, 57, 740, 743, 751, 57, 57, 57,
	997	729, 744, 746, 57, 734, 745, 57, 57, 102, 57,
	998	736, 737, 57, 748, 100, 741, 57, 750, 738, 747,
	999	57, 740, 743, 57, 749, 754, 57, 57, 744, 746,
	1000
	1001	753, 752, 745, 755, 57, 57, 756, 57, 757, 57,
	1002	748, 57, 758, 57, 750, 764, 747, 759, 57, 762,
	1003	57, 749, 754, 760, 765, 761, 57, 753, 752, 763,
	1004	57, 57, 57, 756, 57, 757, 57, 57, 57, 758,
	1005	57, 767, 764, 769, 759, 766, 762, 768, 57, 57,
	1006	760, 765, 761, 770, 57, 771, 763, 772, 773, 774,
	1007	775, 776, 778, 777, 107, 57, 57, 57, 57, 105,
	1008	769, 57, 766, 104, 768, 57, 782, 57, 57, 57,
	1009	770, 779, 771, 57, 772, 773, 774, 783, 776, 778,
	1010	777, 57, 780, 784, 57, 781, 57, 785, 786, 102,
	1011
	1012	787, 791, 57, 782, 57, 788, 100, 57, 779, 57,
	1013	57, 789, 790, 57, 783, 792, 796, 794, 797, 780,
	1014	784, 57, 781, 793, 785, 786, 57, 787, 57, 795,
	1015	57, 57, 788, 57, 798, 57, 57, 799, 789, 790,
	1016	57, 1024, 792, 57, 794, 797, 801, 800, 802, 804,
	1017	793, 57, 805, 803, 807, 1024, 795, 57, 809, 1024,
	1018	57, 57, 57, 57, 799, 57, 806, 813, 57, 57,
	1019	810, 57, 57, 801, 800, 802, 804, 808, 811, 805,
	1020	803, 807, 57, 57, 57, 809, 812, 814, 815, 816,
	1021	817, 818, 57, 806, 57, 819, 821, 810, 820, 57,
	1022
	1023	822, 823, 57, 825, 808, 811, 827, 826, 57, 829,
	1024	824, 831, 57, 812, 57, 815, 57, 57, 818, 57,
	1025	57, 828, 57, 57, 57, 820, 832, 822, 57, 834,
	1026	825, 57, 57, 827, 826, 830, 57, 824, 57, 833,
	1027	57, 836, 835, 57, 837, 838, 839, 840, 828, 842,
	1028	57, 1024, 841, 57, 843, 57, 834, 57, 57, 846,
	1029	845, 847, 830, 57, 857, 57, 833, 57, 836, 835,
	1030	57, 837, 838, 839, 840, 844, 848, 57, 57, 841,
	1031	57, 843, 57, 849, 850, 57, 846, 845, 851, 852,
	1032	853, 57, 57, 854, 855, 57, 856, 859, 858, 1024,
	1033
	1034	57, 57, 844, 848, 860, 862, 57, 57, 57, 861,
	1035	849, 850, 57, 863, 57, 57, 852, 853, 57, 57,
	1036	854, 855, 864, 856, 859, 858, 57, 865, 57, 866,
	1037	57, 860, 862, 867, 868, 869, 861, 1024, 870, 57,
	1038	863, 871, 872, 57, 873, 874, 57, 876, 878, 57,
	1039	1024, 875, 877, 1024, 57, 883, 57, 57, 885, 57,
	1040	57, 868, 869, 57, 57, 870, 57, 57, 871, 57,
	1041	57, 873, 874, 57, 57, 878, 879, 880, 875, 877,
	1042	881, 882, 57, 884, 887, 885, 886, 888, 57, 890,
	1043	889, 57, 57, 57, 892, 57, 891, 893, 57, 899,
	1044
	1045	1024, 57, 898, 879, 880, 57, 1024, 881, 882, 57,
	1046	884, 887, 57, 886, 888, 57, 57, 889, 894, 895,
	1047	57, 892, 896, 891, 893, 900, 897, 57, 57, 57,
	1048	57, 901, 904, 57, 57, 902, 903, 57, 905, 57,
	1049	908, 907, 57, 57, 910, 894, 895, 909, 906, 896,
	1050	57, 911, 900, 897, 913, 57, 57, 914, 901, 904,
	1051	57, 912, 902, 903, 915, 57, 57, 57, 907, 921,
	1052	916, 57, 57, 917, 909, 906, 918, 57, 911, 57,
	1053	919, 913, 920, 922, 914, 57, 57, 925, 912, 57,
	1054	923, 915, 1024, 924, 57, 926, 57, 916, 57, 928,
	1055
	1056	917, 927, 57, 918, 932, 929, 1024, 919, 57, 920,
	1057	57, 57, 57, 57, 925, 933, 930, 923, 934, 57,
	1058	924, 931, 926, 57, 57, 57, 928, 935, 927, 57,
	1059	937, 57, 929, 57, 936, 938, 941, 57, 940, 939,
	1060	942, 943, 933, 930, 57, 934, 57, 944, 931, 57,
	1061	946, 947, 57, 948, 935, 960, 57, 937, 945, 1024,
	1062	57, 936, 57, 941, 57, 940, 939, 57, 57, 949,
	1063	950, 57, 953, 952, 944, 951, 57, 57, 57, 954,
	1064	948, 57, 57, 57, 57, 945, 57, 955, 57, 57,
	1065	956, 957, 958, 962, 57, 959, 949, 950, 57, 953,
	1066
	1067	952, 961, 951, 963, 57, 965, 954, 57, 57, 966,
	1068	964, 57, 967, 969, 955, 968, 57, 956, 957, 958,
	1069	962, 57, 959, 972, 57, 57, 970, 1024, 961, 971,
	1070	963, 57, 965, 57, 57, 57, 966, 964, 57, 967,
	1071	969, 57, 968, 973, 974, 975, 976, 977, 57, 978,
	1072	57, 979, 57, 970, 57, 980, 971, 57, 981, 982,
	1073	983, 984, 985, 1024, 57, 57, 57, 986, 57, 987,
	1074	973, 974, 975, 976, 977, 57, 978, 57, 57, 989,
	1075	990, 992, 980, 988, 57, 57, 982, 983, 57, 57,
	1076	57, 991, 993, 994, 986, 995, 987, 997, 999, 57,
	1077
	1078	998, 996, 1001, 57, 1024, 1002, 57, 57, 992, 1000,
	1079	988, 1003, 1005, 1006, 1024, 1008, 1024, 1011, 991, 57,
	1080	57, 57, 57, 57, 57, 57, 57, 998, 996, 1001,
	1081	1004, 57, 57, 57, 1009, 57, 1000, 57, 1003, 1005,
	1082	57, 1007, 57, 1010, 57, 1012, 57, 1013, 1014, 1024,
	1083	1015, 1024, 57, 1017, 1018, 1016, 1024, 1004, 1023, 1020,
	1084	57, 1009, 1024, 57, 57, 1019, 1021, 1024, 1007, 1024,
	1085	1010, 57, 57, 1024, 57, 1014, 57, 1015, 57, 57,
	1086	1017, 57, 1016, 57, 1024, 57, 1020, 1022, 1024, 1024,
	1087	1024, 1024, 1019, 1021, 1024, 57, 1024, 1024, 1024, 1024,
	1088
	1089	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1090	1024, 1024, 1024, 1024, 1022, 38, 38, 38, 38, 38,
	1091	38, 43, 43, 43, 43, 43, 43, 47, 47, 47,
	1092	47, 47, 47, 52, 52, 52, 52, 52, 52, 60,
	1093	60, 1024, 60, 60, 60, 99, 99, 1024, 1024, 1024,
	1094	99, 101, 101, 1024, 1024, 101, 106, 106, 1024, 1024,
	1095	1024, 106, 61, 61, 1024, 61, 61, 61, 11, 1024,
	1096	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1097	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1098	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1099
	1100	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1101	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1102	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1103	1024, 1024, 1024, 1024
958	1104	} ;
959	1105
960		static yyconst flex_int16_t yy_chk[2367] =
	1106	static yyconst flex_int16_t yy_chk[3035] =
961	1107	{ 0,
962	1108	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
963	1109	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,

965	1111	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
966	1112	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
967	1113	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
968		1, 1, 1, 3, 3, 3, 4, 4, 4, 5,
969		5, 6, 6, 5, 815, 6, 7, 7, 7, 7,
970		65, 7, 8, 8, 8, 8, 360, 8, 9, 9,
971		9, 10, 10, 10, 18, 13, 40, 40, 3, 13,
972
973		16, 4, 16, 16, 5, 16, 6, 19, 20, 21,
974		65, 33, 7, 20, 19, 360, 22, 18, 8, 33,
975		18, 21, 23, 9, 22, 20, 10, 27, 24, 53,
976		53, 23, 19, 19, 20, 21, 16, 33, 811, 20,
977		19, 22, 22, 25, 23, 32, 27, 26, 23, 24,
978		22, 26, 27, 27, 24, 25, 28, 23, 29, 26,
979		31, 32, 28, 29, 30, 44, 805, 30, 44, 25,
980		32, 32, 27, 26, 31, 29, 30, 26, 798, 34,
981		797, 31, 28, 34, 29, 92, 31, 32, 92, 29,
982		30, 796, 35, 30, 35, 35, 49, 35, 49, 49,
983
984		31, 49, 56, 61, 34, 34, 56, 62, 55, 34,
985		55, 55, 58, 55, 58, 58, 63, 58, 64, 66,
986		69, 68, 794, 67, 792, 63, 61, 64, 66, 61,
987		62, 788, 67, 62, 70, 72, 71, 70, 71, 72,
988		74, 69, 63, 68, 64, 66, 69, 68, 58, 67,
989		70, 73, 78, 75, 76, 90, 90, 70, 72, 74,
990		70, 72, 71, 70, 77, 72, 74, 75, 76, 83,
991		80, 77, 79, 73, 78, 81, 70, 73, 78, 75,
992		76, 79, 80, 81, 82, 86, 85, 87, 83, 99,
993		77, 84, 85, 82, 83, 83, 80, 100, 79, 88,
994
995		84, 81, 87, 97, 97, 98, 86, 99, 88, 100,
996		82, 86, 85, 87, 83, 99, 94, 84, 94, 94,
997		101, 94, 104, 100, 103, 88, 98, 110, 103, 106,
998		786, 98, 105, 784, 108, 114, 782, 116, 109, 781,
999		778, 101, 106, 108, 104, 111, 101, 102, 104, 777,
1000		103, 107, 102, 105, 107, 106, 102, 110, 105, 109,
1001		108, 112, 102, 102, 109, 114, 107, 116, 113, 102,
1002		111, 111, 115, 102, 113, 121, 117, 107, 102, 118,
1003		107, 112, 102, 119, 120, 125, 128, 112, 102, 102,
1004		119, 120, 122, 115, 113, 117, 121, 122, 115, 118,
1005
1006		123, 121, 117, 124, 125, 118, 126, 123, 132, 119,
1007		120, 125, 127, 774, 126, 129, 128, 130, 122, 131,
1008		132, 133, 773, 134, 135, 130, 123, 124, 137, 124,
1009		138, 129, 126, 127, 132, 135, 139, 141, 152, 129,
1010		131, 129, 127, 130, 133, 131, 136, 133, 134, 134,
1011		135, 137, 138, 140, 137, 144, 138, 129, 136, 127,
1012		143, 139, 139, 142, 152, 145, 143, 141, 146, 144,
1013		142, 149, 136, 147, 140, 154, 156, 146, 148, 140,
1014		150, 144, 153, 151, 151, 153, 143, 154, 149, 142,
1015		145, 145, 153, 148, 146, 150, 147, 149, 155, 147,
1016
1017		157, 154, 156, 160, 148, 158, 150, 151, 153, 151,
1018		151, 153, 158, 159, 161, 155, 162, 164, 770, 163,
1019		160, 167, 165, 768, 155, 170, 163, 752, 741, 160,
1020		157, 158, 164, 167, 159, 165, 168, 162, 169, 159,
1021		164, 217, 162, 164, 161, 163, 169, 167, 165, 171,
1022		172, 220, 173, 168, 175, 170, 171, 172, 164, 166,
1023		166, 175, 168, 176, 169, 174, 174, 217, 177, 179,
1024		166, 166, 166, 173, 176, 171, 172, 220, 173, 177,
1025		175, 178, 179, 166, 181, 166, 166, 180, 738, 176,
1026		178, 183, 182, 174, 177, 179, 166, 166, 166, 180,
1027
1028		184, 181, 185, 187, 180, 737, 186, 178, 183, 188,
1029		181, 733, 191, 180, 182, 189, 194, 183, 182, 727,
1030		190, 193, 185, 195, 188, 180, 190, 193, 185, 196,
1031		184, 186, 186, 187, 194, 188, 189, 191, 191, 198,
1032		195, 189, 194, 199, 196, 200, 190, 193, 201, 195,
1033		709, 202, 203, 204, 200, 196, 201, 198, 202, 203,
1034		205, 206, 204, 206, 207, 198, 209, 208, 706, 215,
1035		699, 200, 210, 199, 201, 202, 202, 202, 203, 208,
1036		210, 209, 212, 204, 202, 205, 205, 206, 204, 207,
1037		207, 211, 209, 208, 213, 214, 211, 216, 210, 215,
1038
1039		218, 202, 213, 212, 219, 221, 222, 214, 212, 223,
1040		226, 216, 218, 224, 689, 225, 227, 211, 219, 676,
1041		213, 214, 228, 216, 230, 229, 218, 675, 233, 674,
1042		219, 221, 229, 231, 234, 223, 222, 225, 227, 224,
1043		226, 225, 227, 228, 232, 230, 231, 235, 228, 232,
1044		230, 229, 232, 233, 233, 236, 237, 234, 651, 231,
1045		234, 239, 238, 241, 240, 644, 242, 232, 235, 235,
1046		232, 251, 241, 235, 243, 232, 236, 246, 232, 242,
1047		244, 236, 238, 641, 239, 240, 237, 239, 238, 241,
1048		240, 245, 242, 248, 235, 243, 249, 244, 247, 250,
1049
1050		243, 251, 252, 246, 253, 247, 244, 254, 249, 256,
1051		257, 250, 255, 258, 245, 248, 259, 245, 254, 248,
1052		255, 264, 249, 256, 247, 250, 253, 252, 252, 257,
1053		253, 260, 261, 254, 258, 256, 257, 259, 255, 258,
1054		263, 261, 259, 262, 264, 265, 267, 264, 274, 268,
1055		277, 639, 260, 263, 271, 267, 279, 260, 261, 277,
1056		262, 268, 638, 276, 271, 278, 263, 278, 280, 262,
1057		265, 265, 267, 281, 275, 268, 277, 275, 274, 283,
1058		271, 275, 279, 282, 276, 284, 288, 280, 275, 276,
1059		286, 278, 285, 628, 280, 282, 275, 289, 281, 281,
1060
1061		275, 287, 290, 275, 283, 283, 291, 275, 284, 282,
1062		285, 284, 288, 287, 275, 286, 286, 292, 285, 293,
1063		289, 295, 290, 289, 291, 294, 292, 287, 290, 296,
1064		623, 297, 291, 299, 303, 302, 300, 305, 301, 304,
1065		293, 606, 296, 292, 294, 293, 301, 295, 302, 308,
1066		299, 294, 304, 307, 303, 296, 297, 297, 300, 299,
1067		303, 302, 300, 306, 301, 304, 309, 305, 307, 310,
1068		308, 306, 309, 311, 312, 308, 313, 314, 315, 307,
1069		596, 316, 317, 312, 314, 317, 318, 590, 318, 306,
1070		313, 321, 309, 316, 310, 310, 311, 319, 321, 311,
1071
1072		312, 322, 313, 314, 315, 320, 323, 316, 317, 324,
1073		319, 320, 318, 326, 322, 321, 321, 321, 325, 328,
1074		327, 323, 330, 319, 321, 331, 326, 322, 327, 332,
1075		581, 320, 323, 333, 324, 324, 325, 332, 557, 326,
1076		334, 321, 335, 336, 325, 328, 327, 333, 331, 337,
1077		336, 331, 330, 339, 342, 332, 340, 341, 344, 333,
1078		343, 334, 337, 335, 347, 339, 334, 346, 335, 336,
1079		552, 342, 348, 351, 346, 337, 352, 340, 341, 339,
1080		342, 353, 340, 341, 355, 343, 343, 347, 344, 350,
1081		347, 349, 354, 346, 351, 348, 350, 352, 348, 351,
1082
1083		349, 356, 352, 357, 353, 367, 362, 353, 354, 359,
1084		366, 358, 361, 356, 355, 350, 551, 349, 354, 358,
1085		365, 361, 359, 362, 363, 368, 363, 356, 369, 357,
1086		370, 367, 362, 365, 375, 359, 371, 358, 361, 373,
1087		366, 372, 368, 375, 385, 376, 365, 373, 371, 369,
1088		363, 368, 370, 372, 369, 374, 370, 376, 378, 377,
1089		375, 374, 371, 380, 381, 373, 377, 372, 550, 384,
1090		382, 376, 383, 384, 385, 378, 380, 382, 386, 387,
1091		390, 374, 381, 389, 378, 377, 391, 548, 388, 380,
1092		381, 392, 389, 383, 394, 529, 382, 406, 383, 384,
1093
1094		387, 388, 394, 386, 386, 387, 407, 391, 395, 389,
1095		390, 397, 391, 392, 388, 393, 396, 392, 398, 393,
1096		394, 393, 399, 393, 396, 401, 395, 406, 400, 402,
1097		408, 512, 393, 403, 395, 400, 407, 397, 404, 409,
1098		498, 393, 396, 401, 398, 393, 411, 393, 399, 393,
1099		402, 401, 417, 403, 400, 402, 409, 404, 410, 403,
1100		408, 412, 413, 422, 404, 409, 410, 416, 412, 413,
1101		415, 415, 411, 418, 417, 420, 416, 419, 417, 421,
1102		424, 418, 422, 420, 410, 423, 425, 412, 413, 422,
1103		419, 428, 427, 416, 423, 429, 415, 424, 425, 418,
1104
1105		421, 420, 426, 419, 430, 421, 424, 432, 426, 433,
1106		434, 423, 425, 427, 435, 432, 436, 491, 427, 437,
1107		481, 428, 443, 438, 439, 429, 440, 437, 426, 430,
1108		430, 438, 439, 432, 435, 433, 434, 441, 444, 440,
1109		435, 442, 446, 441, 445, 437, 436, 443, 443, 438,
1110		439, 450, 440, 442, 451, 452, 453, 452, 454, 480,
1111		456, 475, 455, 441, 444, 445, 451, 442, 453, 455,
1112		445, 457, 446, 458, 450, 459, 464, 450, 464, 485,
1113		451, 452, 453, 459, 454, 456, 456, 457, 455, 461,
1114		463, 475, 467, 462, 465, 458, 468, 457, 461, 458,
1115
1116		462, 459, 464, 465, 469, 466, 470, 471, 460, 485,
1117		473, 463, 466, 467, 471, 461, 463, 468, 467, 462,
1118		465, 472, 468, 473, 474, 449, 448, 470, 472, 482,
1119		469, 466, 470, 471, 476, 477, 473, 478, 474, 486,
1120		447, 476, 477, 478, 483, 431, 482, 472, 488, 479,
1121		474, 479, 483, 414, 484, 482, 484, 487, 489, 490,
1122		476, 477, 488, 478, 487, 486, 479, 489, 492, 494,
1123		483, 484, 490, 493, 488, 479, 506, 479, 496, 493,
1124		484, 495, 484, 487, 489, 490, 496, 494, 497, 500,
1125		495, 501, 502, 499, 507, 494, 493, 497, 492, 493,
1126
1127		499, 505, 506, 503, 496, 493, 508, 495, 509, 504,
1128		510, 500, 501, 502, 497, 500, 505, 501, 502, 499,
1129		503, 504, 511, 513, 507, 514, 515, 505, 515, 503,
1130		516, 517, 508, 519, 509, 504, 510, 520, 405, 518,
1131		519, 518, 521, 524, 520, 511, 518, 525, 511, 521,
1132		522, 522, 515, 513, 518, 514, 516, 523, 530, 519,
1133		527, 517, 524, 520, 525, 518, 528, 518, 521, 524,
1134		526, 526, 518, 525, 531, 533, 522, 528, 537, 530,
1135		532, 534, 523, 523, 530, 527, 527, 532, 539, 534,
1136		536, 535, 528, 540, 533, 538, 526, 535, 541, 538,
1137
1138		542, 533, 544, 536, 531, 545, 532, 534, 537, 543,
1139		545, 543, 546, 541, 547, 555, 536, 535, 539, 549,
1140		553, 556, 542, 540, 541, 538, 542, 546, 559, 549,
1141		558, 545, 544, 554, 561, 543, 560, 558, 546, 555,
1142		547, 555, 560, 554, 549, 549, 562, 556, 563, 561,
1143		553, 566, 564, 559, 559, 549, 558, 567, 565, 554,
1144		561, 562, 560, 563, 564, 568, 568, 569, 570, 571,
1145		574, 572, 562, 577, 563, 566, 379, 566, 564, 565,
1146		572, 575, 573, 567, 565, 580, 364, 577, 569, 573,
1147		571, 568, 570, 569, 570, 571, 576, 572, 576, 577,
1148
1149		574, 579, 575, 578, 583, 580, 582, 575, 573, 584,
1150		578, 580, 579, 576, 585, 586, 587, 589, 588, 345,
1151		593, 583, 576, 586, 576, 591, 582, 579, 593, 578,
1152		583, 585, 582, 592, 597, 584, 598, 601, 587, 588,
1153		585, 586, 587, 589, 588, 592, 593, 591, 594, 595,
1154		598, 591, 599, 602, 594, 595, 600, 597, 603, 592,
1155		597, 604, 598, 601, 607, 605, 599, 608, 609, 611,
1156		614, 610, 603, 605, 594, 595, 609, 612, 599, 602,
1157		610, 600, 600, 616, 603, 607, 617, 604, 613, 611,
1158		607, 605, 617, 608, 609, 611, 614, 610, 615, 615,
1159
1160		612, 618, 613, 612, 619, 627, 620, 622, 616, 616,
1161		338, 624, 617, 613, 613, 626, 619, 621, 624, 625,
1162		629, 630, 618, 620, 615, 646, 642, 618, 613, 622,
1163		619, 631, 620, 622, 621, 627, 625, 624, 631, 632,
1164		626, 626, 629, 621, 630, 625, 629, 630, 633, 635,
1165		634, 636, 642, 643, 637, 646, 640, 631, 645, 649,
1166		632, 634, 647, 659, 649, 632, 329, 653, 633, 636,
1167		635, 650, 648, 652, 633, 635, 634, 636, 637, 643,
1168		637, 640, 640, 648, 645, 649, 654, 647, 647, 659,
1169		656, 653, 650, 653, 652, 655, 657, 650, 648, 652,
1170
1171		658, 654, 660, 662, 655, 656, 661, 661, 664, 663,
1172		662, 657, 654, 665, 669, 658, 656, 664, 666, 660,
1173		298, 655, 657, 663, 667, 670, 658, 666, 660, 662,
1174		671, 678, 661, 667, 664, 663, 673, 668, 665, 665,
1175		669, 672, 671, 673, 666, 668, 677, 679, 680, 672,
1176		667, 682, 681, 677, 678, 670, 671, 678, 683, 686,
1177		680, 681, 673, 668, 684, 685, 683, 672, 690, 273,
1178		685, 687, 677, 679, 680, 688, 686, 682, 681, 691,
1179		690, 692, 694, 693, 683, 686, 272, 270, 269, 684,
1180		684, 685, 687, 696, 690, 693, 688, 687, 695, 697,
1181
1182		691, 688, 692, 694, 698, 691, 700, 692, 694, 693,
1183		696, 702, 701, 695, 700, 704, 697, 703, 705, 696,
1184		701, 698, 708, 707, 695, 697, 710, 713, 711, 714,
1185		698, 712, 700, 704, 703, 711, 708, 702, 701, 705,
1186		707, 704, 715, 703, 705, 716, 717, 718, 708, 707,
1187		713, 722, 710, 713, 711, 714, 712, 712, 716, 719,
1188		721, 720, 722, 723, 724, 724, 725, 726, 715, 720,
1189		729, 716, 728, 718, 726, 730, 717, 722, 721, 729,
1190		731, 719, 732, 725, 723, 719, 721, 720, 734, 723,
1191		724, 739, 725, 726, 735, 728, 729, 742, 728, 732,
1192
1193		266, 730, 731, 743, 740, 734, 731, 744, 732, 735,
1194		736, 743, 736, 745, 734, 750, 739, 739, 742, 744,
1195		735, 740, 747, 742, 745, 751, 746, 748, 748, 743,
1196		740, 753, 749, 744, 746, 754, 736, 756, 757, 745,
1197		749, 750, 754, 747, 755, 758, 751, 759, 747, 755,
1198		760, 751, 746, 748, 759, 761, 763, 753, 749, 762,
1199		758, 754, 764, 756, 757, 765, 766, 762, 767, 771,
1200		755, 758, 769, 759, 775, 772, 760, 763, 776, 779,
1201		780, 761, 763, 783, 787, 762, 779, 766, 764, 785,
1202		790, 765, 766, 791, 767, 771, 772, 769, 769, 776,
1203
1204		775, 772, 780, 789, 776, 779, 780, 793, 800, 783,
1205		787, 785, 789, 795, 799, 785, 790, 804, 801, 791,
1206		803, 799, 802, 197, 192, 800, 96, 95, 803, 789,
1207		801, 93, 91, 793, 800, 802, 89, 54, 795, 795,
1208		799, 50, 46, 804, 801, 45, 803, 41, 802, 807,
1209		807, 807, 807, 807, 807, 808, 808, 808, 808, 808,
1210		808, 809, 809, 809, 809, 809, 809, 810, 810, 810,
1211		810, 810, 810, 812, 812, 36, 812, 812, 812, 813,
1212		813, 12, 11, 0, 813, 814, 814, 0, 0, 814,
1213		816, 816, 0, 0, 0, 816, 817, 817, 0, 817,
1214
1215		817, 817, 806, 806, 806, 806, 806, 806, 806, 806,
1216		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
1217		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
1218		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
1219		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
1220		806, 806, 806, 806, 806, 806, 806, 806, 806, 806,
1221		806, 806, 806, 806, 806, 806
	1114	1, 1, 1, 1, 1, 3, 3, 3, 4, 4,
	1115	4, 5, 5, 6, 6, 5, 1033, 6, 7, 7,
	1116	7, 7, 69, 7, 8, 8, 8, 8, 1029, 8,
	1117	9, 9, 9, 10, 10, 10, 13, 1023, 18, 46,
	1118
	1119	13, 3, 46, 16, 4, 16, 16, 5, 16, 6,
	1120	19, 21, 30, 69, 21, 7, 22, 19, 30, 42,
	1121	42, 8, 18, 23, 19, 18, 9, 20, 22, 10,
	1122	20, 23, 24, 20, 25, 27, 19, 19, 21, 30,
	1123	16, 26, 24, 22, 19, 20, 25, 27, 425, 23,
	1124	23, 19, 28, 1018, 20, 24, 28, 20, 23, 24,
	1125	20, 25, 27, 26, 28, 1013, 29, 31, 26, 24,
	1126	29, 58, 34, 31, 32, 58, 31, 35, 425, 28,
	1127	33, 63, 35, 28, 32, 31, 29, 32, 102, 34,
	1128	35, 102, 29, 29, 31, 33, 32, 29, 34, 34,
	1129
	1130	31, 32, 33, 31, 35, 63, 36, 33, 63, 35,
	1131	36, 32, 1012, 29, 32, 37, 34, 37, 37, 113,
	1132	37, 51, 33, 51, 51, 64, 51, 55, 55, 100,
	1133	100, 1011, 36, 36, 66, 65, 57, 36, 57, 57,
	1134	60, 57, 60, 60, 65, 60, 67, 66, 68, 64,
	1135	113, 70, 64, 68, 71, 67, 72, 73, 70, 76,
	1136	74, 66, 65, 71, 77, 72, 77, 76, 75, 80,
	1137	78, 75, 1008, 67, 78, 68, 79, 60, 70, 81,
	1138	73, 71, 74, 72, 73, 75, 76, 74, 82, 80,
	1139	83, 77, 75, 81, 78, 75, 80, 78, 75, 79,
	1140
	1141	84, 78, 85, 79, 83, 86, 81, 84, 82, 88,
	1142	87, 90, 75, 91, 86, 82, 1006, 83, 89, 90,
	1143	1002, 92, 91, 88, 93, 85, 999, 84, 87, 85,
	1144	89, 95, 86, 93, 96, 95, 88, 87, 90, 97,
	1145	91, 92, 997, 94, 98, 89, 109, 92, 92, 94,
	1146	108, 93, 112, 98, 97, 110, 96, 104, 95, 104,
	1147	104, 96, 104, 107, 107, 109, 97, 110, 92, 111,
	1148	94, 98, 108, 109, 112, 995, 111, 108, 115, 112,
	1149	994, 116, 110, 117, 993, 116, 990, 989, 119, 118,
	1150	121, 124, 985, 984, 981, 979, 111, 114, 972, 121,
	1151
	1152	115, 119, 114, 122, 960, 115, 117, 114, 116, 125,
	1153	117, 118, 123, 114, 114, 119, 118, 121, 120, 123,
	1154	114, 120, 124, 126, 114, 122, 127, 128, 133, 114,
	1155	122, 130, 127, 120, 114, 125, 125, 129, 131, 123,
	1156	114, 114, 947, 132, 126, 120, 135, 134, 120, 133,
	1157	126, 135, 943, 127, 134, 133, 136, 138, 128, 129,
	1158	137, 139, 130, 132, 129, 140, 139, 137, 136, 131,
	1159	132, 141, 140, 135, 134, 142, 147, 143, 145, 138,
	1160	144, 146, 942, 136, 138, 143, 148, 137, 139, 149,
	1161	938, 152, 140, 147, 148, 142, 141, 153, 141, 151,
	1162
	1163	145, 147, 142, 147, 143, 150, 144, 144, 151, 145,
	1164	154, 149, 146, 148, 155, 152, 149, 150, 152, 156,
	1165	147, 157, 159, 153, 153, 155, 151, 145, 158, 932,
	1166	160, 156, 150, 162, 167, 159, 154, 154, 161, 165,
	1167	163, 155, 166, 167, 164, 157, 156, 163, 157, 159,
	1168	164, 158, 169, 165, 171, 158, 160, 160, 168, 170,
	1169	161, 167, 172, 174, 162, 161, 165, 163, 166, 166,
	1170	175, 164, 171, 168, 170, 177, 169, 172, 178, 169,
	1171	922, 171, 173, 173, 179, 168, 170, 177, 176, 172,
	1172	174, 176, 182, 180, 175, 184, 178, 175, 176, 181,
	1173
	1174	186, 183, 177, 185, 196, 178, 181, 173, 183, 173,
	1175	173, 179, 187, 190, 189, 176, 213, 184, 176, 180,
	1176	180, 185, 184, 182, 193, 188, 181, 189, 183, 190,
	1177	185, 186, 188, 191, 187, 196, 193, 190, 921, 187,
	1178	190, 189, 195, 198, 910, 194, 191, 213, 217, 201,
	1179	195, 193, 188, 200, 908, 198, 190, 197, 199, 905,
	1180	191, 192, 192, 194, 197, 199, 200, 202, 202, 195,
	1181	198, 201, 194, 192, 192, 192, 201, 210, 207, 217,
	1182	200, 204, 205, 203, 197, 199, 192, 207, 192, 192,
	1183	203, 206, 204, 205, 208, 210, 202, 211, 209, 212,
	1184
	1185	192, 192, 192, 216, 210, 207, 214, 208, 204, 205,
	1186	203, 209, 215, 218, 206, 219, 209, 212, 206, 221,
	1187	211, 208, 223, 898, 211, 209, 212, 214, 218, 216,
	1188	216, 890, 225, 214, 215, 220, 226, 219, 209, 215,
	1189	218, 220, 219, 227, 224, 221, 221, 230, 223, 223,
	1190	224, 225, 233, 229, 226, 232, 231, 234, 227, 225,
	1191	229, 233, 220, 226, 883, 234, 235, 237, 239, 230,
	1192	227, 224, 876, 235, 230, 231, 237, 872, 236, 233,
	1193	229, 235, 238, 231, 234, 236, 232, 241, 240, 238,
	1194	240, 235, 235, 235, 239, 239, 244, 243, 237, 242,
	1195
	1196	235, 245, 249, 237, 244, 236, 245, 246, 235, 238,
	1197	248, 242, 243, 241, 241, 240, 250, 247, 235, 251,
	1198	252, 254, 248, 244, 243, 247, 242, 253, 245, 246,
	1199	250, 256, 257, 249, 246, 252, 255, 248, 258, 253,
	1200	259, 260, 263, 250, 247, 254, 251, 252, 254, 261,
	1201	255, 262, 264, 266, 253, 265, 271, 268, 256, 257,
	1202	266, 267, 866, 255, 275, 270, 865, 259, 260, 258,
	1203	268, 261, 272, 263, 262, 264, 261, 265, 262, 264,
	1204	266, 269, 265, 267, 268, 864, 269, 271, 267, 273,
	1205	269, 270, 270, 274, 280, 275, 272, 276, 277, 272,
	1206
	1207	851, 279, 278, 280, 284, 269, 281, 832, 269, 282,
	1208	283, 273, 273, 269, 831, 274, 273, 269, 276, 281,
	1209	274, 280, 277, 279, 276, 277, 278, 285, 279, 278,
	1210	289, 282, 283, 281, 286, 284, 282, 283, 273, 287,
	1211	288, 291, 293, 287, 290, 285, 829, 288, 292, 295,
	1212	291, 294, 296, 289, 285, 297, 290, 289, 286, 301,
	1213	292, 286, 823, 302, 300, 303, 297, 288, 291, 299,
	1214	287, 290, 295, 293, 296, 292, 295, 294, 294, 296,
	1215	298, 301, 297, 299, 300, 302, 301, 303, 298, 304,
	1216	302, 300, 303, 305, 307, 306, 299, 308, 304, 310,
	1217
	1218	311, 313, 316, 320, 322, 325, 312, 298, 306, 311,
	1219	821, 305, 316, 313, 319, 819, 304, 344, 307, 326,
	1220	305, 307, 306, 308, 308, 312, 322, 311, 313, 316,
	1221	310, 322, 325, 312, 320, 323, 324, 319, 324, 326,
	1222	327, 319, 321, 328, 323, 321, 326, 329, 344, 332,
	1223	321, 330, 331, 817, 333, 328, 321, 321, 335, 331,
	1224	816, 814, 323, 324, 336, 321, 327, 327, 332, 321,
	1225	328, 337, 321, 329, 329, 330, 332, 321, 330, 331,
	1226	333, 333, 334, 321, 321, 335, 338, 339, 336, 341,
	1227	340, 336, 337, 343, 334, 342, 813, 345, 337, 340,
	1228
	1229	347, 798, 796, 791, 348, 338, 339, 350, 767, 334,
	1230	346, 341, 348, 338, 339, 342, 341, 340, 351, 354,
	1231	343, 345, 342, 346, 345, 350, 347, 347, 348, 353,
	1232	352, 348, 354, 355, 350, 356, 357, 346, 352, 348,
	1233	755, 351, 358, 359, 360, 351, 354, 353, 356, 362,
	1234	361, 359, 363, 368, 355, 362, 353, 352, 364, 360,
	1235	355, 366, 356, 370, 365, 358, 370, 357, 376, 358,
	1236	359, 360, 361, 365, 367, 366, 362, 361, 363, 363,
	1237	368, 367, 364, 369, 742, 364, 732, 372, 366, 372,
	1238	370, 365, 700, 373, 374, 369, 375, 694, 693, 376,
	1239
	1240	379, 367, 375, 378, 381, 373, 380, 374, 692, 382,
	1241	369, 371, 383, 371, 372, 379, 378, 371, 385, 371,
	1242	373, 374, 377, 375, 371, 383, 381, 379, 382, 377,
	1243	378, 381, 380, 380, 384, 371, 382, 387, 371, 383,
	1244	371, 689, 384, 388, 371, 385, 371, 377, 377, 377,
	1245	389, 371, 390, 391, 392, 687, 377, 394, 389, 397,
	1246	393, 384, 402, 395, 394, 658, 390, 388, 387, 398,
	1247	388, 397, 392, 399, 377, 391, 395, 389, 403, 390,
	1248	391, 392, 393, 400, 394, 401, 397, 393, 402, 402,
	1249	395, 398, 406, 637, 405, 399, 398, 405, 408, 407,
	1250
	1251	399, 409, 616, 401, 406, 400, 407, 410, 411, 403,
	1252	400, 415, 401, 610, 416, 417, 419, 414, 412, 406,
	1253	405, 405, 408, 409, 405, 408, 407, 412, 409, 410,
	1254	413, 414, 411, 415, 410, 411, 416, 413, 415, 417,
	1255	418, 416, 417, 420, 414, 412, 421, 419, 422, 424,
	1256	427, 423, 426, 428, 431, 428, 418, 413, 421, 423,
	1257	605, 426, 424, 437, 432, 435, 591, 418, 427, 430,
	1258	433, 434, 590, 421, 420, 422, 424, 427, 423, 426,
	1259	428, 436, 430, 433, 434, 431, 432, 435, 439, 440,
	1260	437, 432, 435, 436, 438, 442, 430, 433, 434, 441,
	1261
	1262	443, 444, 445, 438, 448, 568, 439, 441, 436, 559,
	1263	445, 440, 443, 444, 446, 439, 440, 451, 442, 547,
	1264	446, 438, 442, 447, 449, 448, 441, 443, 444, 445,
	1265	450, 448, 447, 453, 454, 451, 449, 450, 455, 457,
	1266	456, 446, 458, 457, 451, 455, 453, 459, 460, 461,
	1267	447, 449, 464, 454, 463, 462, 458, 450, 465, 545,
	1268	453, 454, 456, 463, 466, 455, 544, 456, 462, 458,
	1269	457, 461, 467, 469, 460, 460, 461, 521, 459, 472,
	1270	501, 463, 462, 464, 471, 468, 466, 472, 473, 465,
	1271	468, 466, 468, 470, 468, 467, 469, 471, 477, 467,
	1272
	1273	469, 474, 475, 468, 475, 470, 472, 473, 476, 478,
	1274	474, 471, 468, 487, 480, 473, 476, 468, 479, 468,
	1275	470, 468, 483, 481, 482, 477, 485, 488, 474, 475,
	1276	481, 489, 486, 484, 490, 476, 478, 491, 452, 493,
	1277	479, 480, 484, 482, 483, 479, 492, 485, 496, 483,
	1278	481, 482, 486, 485, 492, 491, 494, 496, 488, 486,
	1279	484, 495, 489, 494, 491, 490, 493, 497, 495, 498,
	1280	499, 500, 499, 492, 502, 496, 498, 504, 502, 506,
	1281	500, 503, 503, 494, 505, 510, 504, 507, 495, 511,
	1282	508, 505, 509, 497, 497, 507, 498, 499, 500, 512,
	1283
	1284	509, 513, 506, 508, 504, 502, 506, 510, 503, 511,
	1285	513, 505, 510, 514, 507, 515, 511, 508, 516, 509,
	1286	518, 512, 517, 519, 516, 522, 512, 515, 513, 520,
	1287	523, 514, 524, 525, 527, 528, 524, 526, 523, 429,
	1288	514, 404, 515, 528, 517, 516, 535, 522, 396, 517,
	1289	386, 518, 522, 529, 519, 520, 520, 523, 526, 530,
	1290	525, 529, 528, 524, 526, 527, 531, 530, 532, 533,
	1291	534, 536, 535, 535, 531, 533, 537, 538, 539, 540,
	1292	529, 532, 534, 542, 538, 541, 530, 543, 546, 548,
	1293	537, 349, 541, 531, 536, 532, 533, 534, 536, 549,
	1294
	1295	550, 540, 550, 537, 538, 539, 540, 551, 552, 553,
	1296	554, 549, 541, 548, 542, 546, 548, 554, 543, 555,
	1297	552, 557, 556, 558, 560, 561, 549, 550, 563, 551,
	1298	318, 558, 561, 560, 551, 552, 553, 554, 556, 564,
	1299	562, 565, 571, 567, 557, 555, 555, 562, 557, 556,
	1300	558, 560, 561, 563, 569, 563, 566, 570, 573, 570,
	1301	574, 564, 572, 566, 567, 573, 564, 562, 571, 571,
	1302	567, 572, 565, 575, 576, 577, 569, 578, 583, 589,
	1303	581, 569, 574, 566, 570, 573, 578, 574, 317, 572,
	1304	589, 579, 580, 581, 582, 575, 584, 577, 579, 580,
	1305
	1306	575, 576, 577, 584, 578, 585, 589, 581, 582, 583,
	1307	586, 588, 585, 587, 588, 592, 586, 595, 579, 580,
	1308	593, 582, 596, 584, 597, 587, 315, 594, 593, 588,
	1309	594, 606, 585, 592, 599, 595, 598, 586, 588, 601,
	1310	587, 588, 592, 598, 595, 594, 600, 593, 599, 602,
	1311	604, 597, 601, 596, 594, 600, 603, 594, 602, 604,
	1312	607, 599, 606, 598, 314, 608, 601, 614, 611, 609,
	1313	612, 309, 613, 600, 228, 609, 602, 604, 614, 612,
	1314	613, 615, 603, 603, 618, 621, 608, 611, 619, 622,
	1315	615, 607, 608, 609, 614, 611, 609, 612, 617, 613,
	1316
	1317	620, 622, 609, 621, 623, 617, 624, 618, 615, 625,
	1318	619, 618, 621, 627, 626, 619, 622, 628, 630, 623,
	1319	629, 631, 620, 626, 625, 617, 632, 620, 633, 634,
	1320	635, 623, 638, 632, 627, 636, 625, 624, 629, 639,
	1321	627, 626, 640, 642, 628, 630, 643, 629, 639, 641,
	1322	222, 641, 631, 632, 645, 633, 634, 635, 106, 636,
	1323	650, 645, 636, 638, 646, 644, 639, 644, 647, 105,
	1324	642, 646, 644, 640, 103, 647, 641, 643, 648, 653,
	1325	644, 645, 649, 649, 648, 655, 650, 650, 652, 651,
	1326	660, 646, 644, 657, 644, 647, 651, 653, 662, 644,
	1327
	1328	654, 654, 656, 656, 657, 648, 653, 661, 652, 649,
	1329	659, 655, 655, 663, 661, 652, 651, 667, 662, 665,
	1330	657, 660, 666, 664, 668, 662, 671, 654, 673, 656,
	1331	666, 665, 659, 669, 661, 663, 675, 659, 667, 669,
	1332	663, 664, 668, 670, 667, 679, 665, 674, 672, 666,
	1333	664, 668, 672, 676, 677, 682, 670, 671, 681, 673,
	1334	669, 678, 674, 678, 680, 683, 695, 675, 676, 680,
	1335	670, 684, 686, 681, 674, 685, 679, 677, 101, 672,
	1336	676, 677, 682, 690, 99, 681, 683, 691, 678, 688,
	1337	686, 680, 683, 684, 690, 698, 685, 695, 684, 686,
	1338
	1339	697, 696, 685, 699, 688, 691, 701, 56, 702, 690,
	1340	690, 696, 703, 701, 691, 709, 688, 704, 703, 707,
	1341	698, 690, 698, 705, 710, 706, 697, 697, 696, 708,
	1342	699, 707, 704, 701, 702, 702, 708, 709, 705, 703,
	1343	706, 712, 709, 714, 704, 711, 707, 713, 713, 710,
	1344	705, 710, 706, 715, 711, 716, 708, 717, 718, 719,
	1345	720, 721, 723, 722, 52, 714, 719, 718, 712, 48,
	1346	714, 722, 711, 47, 713, 723, 726, 716, 715, 717,
	1347	715, 724, 716, 721, 717, 718, 719, 727, 721, 723,
	1348	722, 720, 725, 728, 726, 725, 724, 729, 730, 43,
	1349
	1350	731, 736, 727, 726, 729, 733, 38, 728, 724, 730,
	1351	725, 734, 735, 734, 727, 737, 741, 739, 743, 725,
	1352	728, 731, 725, 738, 729, 730, 733, 731, 736, 740,
	1353	735, 738, 733, 737, 744, 12, 743, 745, 734, 735,
	1354	739, 11, 737, 741, 739, 743, 747, 746, 748, 750,
	1355	738, 740, 751, 749, 753, 0, 740, 750, 756, 0,
	1356	751, 744, 746, 745, 745, 749, 752, 760, 747, 753,
	1357	757, 748, 752, 747, 746, 748, 750, 754, 758, 751,
	1358	749, 753, 756, 754, 757, 756, 759, 761, 762, 763,
	1359	764, 765, 758, 752, 760, 766, 769, 757, 768, 765,
	1360
	1361	770, 771, 762, 773, 754, 758, 775, 774, 770, 776,
	1362	772, 778, 759, 759, 761, 762, 763, 764, 765, 772,
	1363	768, 775, 766, 769, 773, 768, 779, 770, 771, 781,
	1364	773, 774, 775, 775, 774, 777, 776, 772, 778, 780,
	1365	780, 783, 782, 777, 784, 785, 786, 787, 775, 789,
	1366	784, 0, 788, 779, 790, 781, 781, 782, 786, 794,
	1367	793, 795, 777, 783, 807, 787, 780, 785, 783, 782,
	1368	788, 784, 785, 786, 787, 792, 797, 790, 793, 788,
	1369	789, 790, 792, 799, 800, 794, 794, 793, 801, 802,
	1370	803, 797, 795, 804, 805, 807, 806, 809, 808, 0,
	1371
	1372	804, 805, 792, 797, 810, 812, 800, 799, 809, 811,
	1373	799, 800, 802, 815, 803, 801, 802, 803, 806, 808,
	1374	804, 805, 818, 806, 809, 808, 810, 820, 811, 822,
	1375	812, 810, 812, 824, 825, 826, 811, 0, 827, 815,
	1376	815, 828, 830, 827, 833, 834, 826, 836, 838, 818,
	1377	0, 835, 837, 0, 820, 843, 822, 838, 845, 845,
	1378	825, 825, 826, 828, 824, 827, 833, 837, 828, 830,
	1379	834, 833, 834, 835, 836, 838, 839, 840, 835, 837,
	1380	841, 842, 843, 844, 847, 845, 846, 848, 842, 850,
	1381	849, 839, 840, 846, 853, 841, 852, 854, 847, 860,
	1382
	1383	0, 844, 859, 839, 840, 852, 0, 841, 842, 848,
	1384	844, 847, 849, 846, 848, 854, 850, 849, 855, 856,
	1385	853, 853, 857, 852, 854, 861, 858, 855, 856, 859,
	1386	860, 862, 868, 857, 858, 863, 867, 861, 869, 862,
	1387	873, 871, 863, 867, 875, 855, 856, 874, 870, 857,
	1388	871, 877, 861, 858, 879, 874, 868, 880, 862, 868,
	1389	870, 878, 863, 867, 881, 869, 878, 873, 871, 888,
	1390	882, 875, 879, 884, 874, 870, 885, 877, 877, 880,
	1391	886, 879, 887, 889, 880, 884, 881, 893, 878, 882,
	1392	891, 881, 0, 892, 887, 894, 888, 882, 885, 896,
	1393
	1394	884, 895, 886, 885, 901, 897, 0, 886, 892, 887,
	1395	889, 893, 891, 894, 893, 902, 899, 891, 903, 895,
	1396	892, 900, 894, 897, 899, 896, 896, 904, 895, 900,
	1397	907, 901, 897, 902, 906, 909, 913, 903, 912, 911,
	1398	914, 915, 902, 899, 907, 903, 911, 916, 900, 904,
	1399	918, 919, 906, 920, 904, 935, 916, 907, 917, 0,
	1400	913, 906, 909, 913, 912, 912, 911, 914, 915, 923,
	1401	924, 917, 927, 926, 916, 925, 920, 923, 919, 928,
	1402	920, 918, 935, 925, 926, 917, 928, 929, 929, 924,
	1403	930, 931, 933, 937, 927, 934, 923, 924, 931, 927,
	1404
	1405	926, 936, 925, 939, 934, 941, 928, 941, 930, 944,
	1406	940, 937, 945, 948, 929, 946, 933, 930, 931, 933,
	1407	937, 939, 934, 951, 936, 940, 949, 0, 936, 950,
	1408	939, 944, 941, 946, 949, 948, 944, 940, 945, 945,
	1409	948, 950, 946, 952, 953, 954, 955, 956, 956, 957,
	1410	951, 958, 953, 949, 952, 959, 950, 957, 961, 962,
	1411	963, 964, 965, 0, 954, 963, 962, 966, 955, 967,
	1412	952, 953, 954, 955, 956, 966, 957, 959, 958, 969,
	1413	970, 973, 959, 968, 967, 961, 962, 963, 964, 965,
	1414	968, 971, 974, 975, 966, 976, 967, 978, 982, 971,
	1415
	1416	980, 977, 986, 973, 0, 987, 969, 970, 973, 983,
	1417	968, 988, 992, 996, 0, 1000, 0, 1004, 971, 974,
	1418	975, 986, 976, 977, 978, 982, 980, 980, 977, 986,
	1419	991, 983, 987, 988, 1001, 992, 983, 991, 988, 992,
	1420	996, 998, 1000, 1003, 1004, 1005, 1001, 1007, 1009, 0,
	1421	1010, 0, 1003, 1015, 1016, 1014, 0, 991, 1022, 1019,
	1422	1015, 1001, 0, 1009, 998, 1017, 1020, 0, 998, 0,
	1423	1003, 1019, 1005, 0, 1007, 1009, 1010, 1010, 1014, 1020,
	1424	1015, 1016, 1014, 1017, 0, 1022, 1019, 1021, 0, 0,
	1425	0, 0, 1017, 1020, 0, 1021, 0, 0, 0, 0,
	1426
	1427	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	1428	0, 0, 0, 0, 1021, 1025, 1025, 1025, 1025, 1025,
	1429	1025, 1026, 1026, 1026, 1026, 1026, 1026, 1027, 1027, 1027,
	1430	1027, 1027, 1027, 1028, 1028, 1028, 1028, 1028, 1028, 1030,
	1431	1030, 0, 1030, 1030, 1030, 1031, 1031, 0, 0, 0,
	1432	1031, 1032, 1032, 0, 0, 1032, 1034, 1034, 0, 0,
	1433	0, 1034, 1035, 1035, 0, 1035, 1035, 1035, 1024, 1024,
	1434	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1435	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1436	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1437
	1438	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1439	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1440	1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024, 1024,
	1441	1024, 1024, 1024, 1024
1222	1442	} ;
1223	1443
1224	1444	static yy_state_type yy_last_accepting_state;

1286	1506	ub_c_error_msg("includes nested too deeply, skipped (>%d)", MAXINCLUDES);
1287	1507	return;
1288	1508	}
	1509	if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot,
	1510	strlen(cfg_parser->chroot)) == 0) {
	1511	filename += strlen(cfg_parser->chroot);
	1512	}
1289	1513	input = fopen(filename, "r");
1290	1514	if(!input) {
1291	1515	ub_c_error_msg("cannot open include file '%s': %s",

1322	1546	#endif
1323	1547
1324	1548	#define YY_NO_INPUT 1
1325		#line 88 "util/configlexer.lex"
	1549	#line 92 "util/configlexer.lex"
1326	1550	#ifndef YY_NO_UNPUT
1327	1551	#define YY_NO_UNPUT 1
1328	1552	#endif

1330	1554	#define YY_NO_INPUT 1
1331	1555	#endif
1332	1556
1333		#line 1334 "<stdout>"
	1557	#line 1558 "<stdout>"
1334	1558
1335	1559	#define INITIAL 0
1336	1560	#define quotedstring 1

1514	1738	register char yy_cp, yy_bp;
1515	1739	register int yy_act;
1516	1740
1517		#line 107 "util/configlexer.lex"
1518
1519		#line 1520 "<stdout>"
	1741	#line 111 "util/configlexer.lex"
	1742
	1743	#line 1744 "<stdout>"
1520	1744
1521	1745	if ( !(yy_init) )
1522	1746	{

1575	1799	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
1576	1800	{
1577	1801	yy_current_state = (int) yy_def[yy_current_state];
1578		if ( yy_current_state >= 807 )
	1802	if ( yy_current_state >= 1025 )
1579	1803	yy_c = yy_meta[(unsigned int) yy_c];
1580	1804	}
1581	1805	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
1582	1806	++yy_cp;
1583	1807	}
1584		while ( yy_base[yy_current_state] != 2303 );
	1808	while ( yy_base[yy_current_state] != 2969 );
1585	1809
1586	1810	yy_find_action:
1587	1811	yy_act = yy_accept[yy_current_state];

1607	1831
1608	1832	case 1:
1609	1833	YY_RULE_SETUP
1610		#line 108 "util/configlexer.lex"
	1834	#line 112 "util/configlexer.lex"
1611	1835	{ LEXOUT(("SP ")); /* ignore */ }
1612	1836	YY_BREAK
1613	1837	case 2:
1614	1838	YY_RULE_SETUP
1615		#line 109 "util/configlexer.lex"
	1839	#line 113 "util/configlexer.lex"
1616	1840	{ LEXOUT(("comment(%s) ", yytext)); /* ignore */ }
1617	1841	YY_BREAK
1618	1842	case 3:
1619	1843	YY_RULE_SETUP
1620		#line 110 "util/configlexer.lex"
	1844	#line 114 "util/configlexer.lex"
1621	1845	{ YDOUT; return VAR_SERVER;}
1622	1846	YY_BREAK
1623	1847	case 4:
1624	1848	YY_RULE_SETUP
1625		#line 111 "util/configlexer.lex"
	1849	#line 115 "util/configlexer.lex"
1626	1850	{ YDOUT; return VAR_NUM_THREADS;}
1627	1851	YY_BREAK
1628	1852	case 5:
1629	1853	YY_RULE_SETUP
1630		#line 112 "util/configlexer.lex"
	1854	#line 116 "util/configlexer.lex"
1631	1855	{ YDOUT; return VAR_VERBOSITY;}
1632	1856	YY_BREAK
1633	1857	case 6:
1634	1858	YY_RULE_SETUP
1635		#line 113 "util/configlexer.lex"
	1859	#line 117 "util/configlexer.lex"
1636	1860	{ YDOUT; return VAR_PORT;}
1637	1861	YY_BREAK
1638	1862	case 7:
1639	1863	YY_RULE_SETUP
1640		#line 114 "util/configlexer.lex"
	1864	#line 118 "util/configlexer.lex"
1641	1865	{ YDOUT; return VAR_OUTGOING_RANGE;}
1642	1866	YY_BREAK
1643	1867	case 8:
1644	1868	YY_RULE_SETUP
1645		#line 115 "util/configlexer.lex"
	1869	#line 119 "util/configlexer.lex"
1646	1870	{ YDOUT; return VAR_OUTGOING_PORT_PERMIT;}
1647	1871	YY_BREAK
1648	1872	case 9:
1649	1873	YY_RULE_SETUP
1650		#line 116 "util/configlexer.lex"
	1874	#line 120 "util/configlexer.lex"
1651	1875	{ YDOUT; return VAR_OUTGOING_PORT_AVOID;}
1652	1876	YY_BREAK
1653	1877	case 10:
1654	1878	YY_RULE_SETUP
1655		#line 117 "util/configlexer.lex"
	1879	#line 121 "util/configlexer.lex"
1656	1880	{ YDOUT; return VAR_OUTGOING_NUM_TCP;}
1657	1881	YY_BREAK
1658	1882	case 11:
1659	1883	YY_RULE_SETUP
1660		#line 118 "util/configlexer.lex"
	1884	#line 122 "util/configlexer.lex"
1661	1885	{ YDOUT; return VAR_INCOMING_NUM_TCP;}
1662	1886	YY_BREAK
1663	1887	case 12:
1664	1888	YY_RULE_SETUP
1665		#line 119 "util/configlexer.lex"
	1889	#line 123 "util/configlexer.lex"
1666	1890	{ YDOUT; return VAR_DO_IP4;}
1667	1891	YY_BREAK
1668	1892	case 13:
1669	1893	YY_RULE_SETUP
1670		#line 120 "util/configlexer.lex"
	1894	#line 124 "util/configlexer.lex"
1671	1895	{ YDOUT; return VAR_DO_IP6;}
1672	1896	YY_BREAK
1673	1897	case 14:
1674	1898	YY_RULE_SETUP
1675		#line 121 "util/configlexer.lex"
	1899	#line 125 "util/configlexer.lex"
1676	1900	{ YDOUT; return VAR_DO_UDP;}
1677	1901	YY_BREAK
1678	1902	case 15:
1679	1903	YY_RULE_SETUP
1680		#line 122 "util/configlexer.lex"
	1904	#line 126 "util/configlexer.lex"
1681	1905	{ YDOUT; return VAR_DO_TCP;}
1682	1906	YY_BREAK
1683	1907	case 16:
1684	1908	YY_RULE_SETUP
1685		#line 123 "util/configlexer.lex"
	1909	#line 127 "util/configlexer.lex"
1686	1910	{ YDOUT; return VAR_DO_DAEMONIZE;}
1687	1911	YY_BREAK
1688	1912	case 17:
1689	1913	YY_RULE_SETUP
1690		#line 124 "util/configlexer.lex"
	1914	#line 128 "util/configlexer.lex"
1691	1915	{ YDOUT; return VAR_INTERFACE;}
1692	1916	YY_BREAK
1693	1917	case 18:
1694	1918	YY_RULE_SETUP
1695		#line 125 "util/configlexer.lex"
	1919	#line 129 "util/configlexer.lex"
1696	1920	{ YDOUT; return VAR_OUTGOING_INTERFACE;}
1697	1921	YY_BREAK
1698	1922	case 19:
1699	1923	YY_RULE_SETUP
1700		#line 126 "util/configlexer.lex"
	1924	#line 130 "util/configlexer.lex"
1701	1925	{ YDOUT; return VAR_INTERFACE_AUTOMATIC;}
1702	1926	YY_BREAK
1703	1927	case 20:
1704	1928	YY_RULE_SETUP
1705		#line 127 "util/configlexer.lex"
	1929	#line 131 "util/configlexer.lex"
1706	1930	{ YDOUT; return VAR_CHROOT;}
1707	1931	YY_BREAK
1708	1932	case 21:
1709	1933	YY_RULE_SETUP
1710		#line 128 "util/configlexer.lex"
	1934	#line 132 "util/configlexer.lex"
1711	1935	{ YDOUT; return VAR_USERNAME;}
1712	1936	YY_BREAK
1713	1937	case 22:
1714	1938	YY_RULE_SETUP
1715		#line 129 "util/configlexer.lex"
	1939	#line 133 "util/configlexer.lex"
1716	1940	{ YDOUT; return VAR_DIRECTORY;}
1717	1941	YY_BREAK
1718	1942	case 23:
1719	1943	YY_RULE_SETUP
1720		#line 130 "util/configlexer.lex"
	1944	#line 134 "util/configlexer.lex"
1721	1945	{ YDOUT; return VAR_LOGFILE;}
1722	1946	YY_BREAK
1723	1947	case 24:
1724	1948	YY_RULE_SETUP
1725		#line 131 "util/configlexer.lex"
	1949	#line 135 "util/configlexer.lex"
1726	1950	{ YDOUT; return VAR_PIDFILE;}
1727	1951	YY_BREAK
1728	1952	case 25:
1729	1953	YY_RULE_SETUP
1730		#line 132 "util/configlexer.lex"
	1954	#line 136 "util/configlexer.lex"
1731	1955	{ YDOUT; return VAR_ROOT_HINTS;}
1732	1956	YY_BREAK
1733	1957	case 26:
1734	1958	YY_RULE_SETUP
1735		#line 133 "util/configlexer.lex"
	1959	#line 137 "util/configlexer.lex"
1736	1960	{ YDOUT; return VAR_MSG_BUFFER_SIZE;}
1737	1961	YY_BREAK
1738	1962	case 27:
1739	1963	YY_RULE_SETUP
1740		#line 134 "util/configlexer.lex"
	1964	#line 138 "util/configlexer.lex"
1741	1965	{ YDOUT; return VAR_MSG_CACHE_SIZE;}
1742	1966	YY_BREAK
1743	1967	case 28:
1744	1968	YY_RULE_SETUP
1745		#line 135 "util/configlexer.lex"
	1969	#line 139 "util/configlexer.lex"
1746	1970	{ YDOUT; return VAR_MSG_CACHE_SLABS;}
1747	1971	YY_BREAK
1748	1972	case 29:
1749	1973	YY_RULE_SETUP
1750		#line 136 "util/configlexer.lex"
	1974	#line 140 "util/configlexer.lex"
1751	1975	{ YDOUT; return VAR_RRSET_CACHE_SIZE;}
1752	1976	YY_BREAK
1753	1977	case 30:
1754	1978	YY_RULE_SETUP
1755		#line 137 "util/configlexer.lex"
	1979	#line 141 "util/configlexer.lex"
1756	1980	{ YDOUT; return VAR_RRSET_CACHE_SLABS;}
1757	1981	YY_BREAK
1758	1982	case 31:
1759	1983	YY_RULE_SETUP
1760		#line 138 "util/configlexer.lex"
	1984	#line 142 "util/configlexer.lex"
1761	1985	{ YDOUT; return VAR_CACHE_MAX_TTL;}
1762	1986	YY_BREAK
1763	1987	case 32:
1764	1988	YY_RULE_SETUP
1765		#line 139 "util/configlexer.lex"
	1989	#line 143 "util/configlexer.lex"
1766	1990	{ YDOUT; return VAR_INFRA_HOST_TTL;}
1767	1991	YY_BREAK
1768	1992	case 33:
1769	1993	YY_RULE_SETUP
1770		#line 140 "util/configlexer.lex"
	1994	#line 144 "util/configlexer.lex"
1771	1995	{ YDOUT; return VAR_INFRA_LAME_TTL;}
1772	1996	YY_BREAK
1773	1997	case 34:
1774	1998	YY_RULE_SETUP
1775		#line 141 "util/configlexer.lex"
	1999	#line 145 "util/configlexer.lex"
1776	2000	{ YDOUT; return VAR_INFRA_CACHE_SLABS;}
1777	2001	YY_BREAK
1778	2002	case 35:
1779	2003	YY_RULE_SETUP
1780		#line 142 "util/configlexer.lex"
	2004	#line 146 "util/configlexer.lex"
1781	2005	{ YDOUT; return VAR_INFRA_CACHE_NUMHOSTS;}
1782	2006	YY_BREAK
1783	2007	case 36:
1784	2008	YY_RULE_SETUP
1785		#line 143 "util/configlexer.lex"
	2009	#line 147 "util/configlexer.lex"
1786	2010	{ YDOUT; return VAR_INFRA_CACHE_LAME_SIZE;}
1787	2011	YY_BREAK
1788	2012	case 37:
1789	2013	YY_RULE_SETUP
1790		#line 144 "util/configlexer.lex"
	2014	#line 148 "util/configlexer.lex"
1791	2015	{ YDOUT; return VAR_NUM_QUERIES_PER_THREAD;}
1792	2016	YY_BREAK
1793	2017	case 38:
1794	2018	YY_RULE_SETUP
1795		#line 145 "util/configlexer.lex"
	2019	#line 149 "util/configlexer.lex"
	2020	{ YDOUT; return VAR_JOSTLE_TIMEOUT;}
	2021	YY_BREAK
	2022	case 39:
	2023	YY_RULE_SETUP
	2024	#line 150 "util/configlexer.lex"
1796	2025	{ YDOUT; return VAR_TARGET_FETCH_POLICY;}
1797	2026	YY_BREAK
1798		case 39:
1799		YY_RULE_SETUP
1800		#line 146 "util/configlexer.lex"
	2027	case 40:
	2028	YY_RULE_SETUP
	2029	#line 151 "util/configlexer.lex"
1801	2030	{ YDOUT; return VAR_HARDEN_SHORT_BUFSIZE;}
1802	2031	YY_BREAK
1803		case 40:
1804		YY_RULE_SETUP
1805		#line 147 "util/configlexer.lex"
	2032	case 41:
	2033	YY_RULE_SETUP
	2034	#line 152 "util/configlexer.lex"
1806	2035	{ YDOUT; return VAR_HARDEN_LARGE_QUERIES;}
1807	2036	YY_BREAK
1808		case 41:
1809		YY_RULE_SETUP
1810		#line 148 "util/configlexer.lex"
	2037	case 42:
	2038	YY_RULE_SETUP
	2039	#line 153 "util/configlexer.lex"
1811	2040	{ YDOUT; return VAR_HARDEN_GLUE;}
1812	2041	YY_BREAK
1813		case 42:
1814		YY_RULE_SETUP
1815		#line 149 "util/configlexer.lex"
	2042	case 43:
	2043	YY_RULE_SETUP
	2044	#line 154 "util/configlexer.lex"
1816	2045	{ YDOUT; return VAR_HARDEN_DNNSEC_STRIPPED;}
1817	2046	YY_BREAK
1818		case 43:
1819		YY_RULE_SETUP
1820		#line 150 "util/configlexer.lex"
	2047	case 44:
	2048	YY_RULE_SETUP
	2049	#line 155 "util/configlexer.lex"
	2050	{ YDOUT; return VAR_HARDEN_REFERRAL_PATH;}
	2051	YY_BREAK
	2052	case 45:
	2053	YY_RULE_SETUP
	2054	#line 156 "util/configlexer.lex"
1821	2055	{ YDOUT; return VAR_USE_CAPS_FOR_ID;}
1822	2056	YY_BREAK
1823		case 44:
1824		YY_RULE_SETUP
1825		#line 151 "util/configlexer.lex"
	2057	case 46:
	2058	YY_RULE_SETUP
	2059	#line 157 "util/configlexer.lex"
	2060	{ YDOUT; return VAR_UNWANTED_REPLY_THRESHOLD;}
	2061	YY_BREAK
	2062	case 47:
	2063	YY_RULE_SETUP
	2064	#line 158 "util/configlexer.lex"
	2065	{ YDOUT; return VAR_PRIVATE_ADDRESS;}
	2066	YY_BREAK
	2067	case 48:
	2068	YY_RULE_SETUP
	2069	#line 159 "util/configlexer.lex"
	2070	{ YDOUT; return VAR_PRIVATE_DOMAIN;}
	2071	YY_BREAK
	2072	case 49:
	2073	YY_RULE_SETUP
	2074	#line 160 "util/configlexer.lex"
1826	2075	{ YDOUT; return VAR_STUB_ZONE;}
1827	2076	YY_BREAK
1828		case 45:
1829		YY_RULE_SETUP
1830		#line 152 "util/configlexer.lex"
	2077	case 50:
	2078	YY_RULE_SETUP
	2079	#line 161 "util/configlexer.lex"
1831	2080	{ YDOUT; return VAR_NAME;}
1832	2081	YY_BREAK
1833		case 46:
1834		YY_RULE_SETUP
1835		#line 153 "util/configlexer.lex"
	2082	case 51:
	2083	YY_RULE_SETUP
	2084	#line 162 "util/configlexer.lex"
1836	2085	{ YDOUT; return VAR_STUB_ADDR;}
1837	2086	YY_BREAK
1838		case 47:
1839		YY_RULE_SETUP
1840		#line 154 "util/configlexer.lex"
	2087	case 52:
	2088	YY_RULE_SETUP
	2089	#line 163 "util/configlexer.lex"
1841	2090	{ YDOUT; return VAR_STUB_HOST;}
1842	2091	YY_BREAK
1843		case 48:
1844		YY_RULE_SETUP
1845		#line 155 "util/configlexer.lex"
	2092	case 53:
	2093	YY_RULE_SETUP
	2094	#line 164 "util/configlexer.lex"
	2095	{ YDOUT; return VAR_STUB_PRIME;}
	2096	YY_BREAK
	2097	case 54:
	2098	YY_RULE_SETUP
	2099	#line 165 "util/configlexer.lex"
1846	2100	{ YDOUT; return VAR_FORWARD_ZONE;}
1847	2101	YY_BREAK
1848		case 49:
1849		YY_RULE_SETUP
1850		#line 156 "util/configlexer.lex"
	2102	case 55:
	2103	YY_RULE_SETUP
	2104	#line 166 "util/configlexer.lex"
1851	2105	{ YDOUT; return VAR_FORWARD_ADDR;}
1852	2106	YY_BREAK
1853		case 50:
1854		YY_RULE_SETUP
1855		#line 157 "util/configlexer.lex"
	2107	case 56:
	2108	YY_RULE_SETUP
	2109	#line 167 "util/configlexer.lex"
1856	2110	{ YDOUT; return VAR_FORWARD_HOST;}
1857	2111	YY_BREAK
1858		case 51:
1859		YY_RULE_SETUP
1860		#line 158 "util/configlexer.lex"
	2112	case 57:
	2113	YY_RULE_SETUP
	2114	#line 168 "util/configlexer.lex"
1861	2115	{ YDOUT; return VAR_DO_NOT_QUERY_ADDRESS;}
1862	2116	YY_BREAK
1863		case 52:
1864		YY_RULE_SETUP
1865		#line 159 "util/configlexer.lex"
	2117	case 58:
	2118	YY_RULE_SETUP
	2119	#line 169 "util/configlexer.lex"
1866	2120	{ YDOUT; return VAR_DO_NOT_QUERY_LOCALHOST;}
1867	2121	YY_BREAK
1868		case 53:
1869		YY_RULE_SETUP
1870		#line 160 "util/configlexer.lex"
	2122	case 59:
	2123	YY_RULE_SETUP
	2124	#line 170 "util/configlexer.lex"
1871	2125	{ YDOUT; return VAR_ACCESS_CONTROL;}
1872	2126	YY_BREAK
1873		case 54:
1874		YY_RULE_SETUP
1875		#line 161 "util/configlexer.lex"
	2127	case 60:
	2128	YY_RULE_SETUP
	2129	#line 171 "util/configlexer.lex"
1876	2130	{ YDOUT; return VAR_HIDE_IDENTITY;}
1877	2131	YY_BREAK
1878		case 55:
1879		YY_RULE_SETUP
1880		#line 162 "util/configlexer.lex"
	2132	case 61:
	2133	YY_RULE_SETUP
	2134	#line 172 "util/configlexer.lex"
1881	2135	{ YDOUT; return VAR_HIDE_VERSION;}
1882	2136	YY_BREAK
1883		case 56:
1884		YY_RULE_SETUP
1885		#line 163 "util/configlexer.lex"
	2137	case 62:
	2138	YY_RULE_SETUP
	2139	#line 173 "util/configlexer.lex"
1886	2140	{ YDOUT; return VAR_IDENTITY;}
1887	2141	YY_BREAK
1888		case 57:
1889		YY_RULE_SETUP
1890		#line 164 "util/configlexer.lex"
	2142	case 63:
	2143	YY_RULE_SETUP
	2144	#line 174 "util/configlexer.lex"
1891	2145	{ YDOUT; return VAR_VERSION;}
1892	2146	YY_BREAK
1893		case 58:
1894		YY_RULE_SETUP
1895		#line 165 "util/configlexer.lex"
	2147	case 64:
	2148	YY_RULE_SETUP
	2149	#line 175 "util/configlexer.lex"
1896	2150	{ YDOUT; return VAR_MODULE_CONF;}
1897	2151	YY_BREAK
1898		case 59:
1899		YY_RULE_SETUP
1900		#line 166 "util/configlexer.lex"
	2152	case 65:
	2153	YY_RULE_SETUP
	2154	#line 176 "util/configlexer.lex"
	2155	{ YDOUT; return VAR_DLV_ANCHOR;}
	2156	YY_BREAK
	2157	case 66:
	2158	YY_RULE_SETUP
	2159	#line 177 "util/configlexer.lex"
	2160	{ YDOUT; return VAR_DLV_ANCHOR_FILE;}
	2161	YY_BREAK
	2162	case 67:
	2163	YY_RULE_SETUP
	2164	#line 178 "util/configlexer.lex"
1901	2165	{ YDOUT; return VAR_TRUST_ANCHOR_FILE;}
1902	2166	YY_BREAK
1903		case 60:
1904		YY_RULE_SETUP
1905		#line 167 "util/configlexer.lex"
	2167	case 68:
	2168	YY_RULE_SETUP
	2169	#line 179 "util/configlexer.lex"
1906	2170	{ YDOUT; return VAR_TRUSTED_KEYS_FILE;}
1907	2171	YY_BREAK
1908		case 61:
1909		YY_RULE_SETUP
1910		#line 168 "util/configlexer.lex"
	2172	case 69:
	2173	YY_RULE_SETUP
	2174	#line 180 "util/configlexer.lex"
1911	2175	{ YDOUT; return VAR_TRUST_ANCHOR;}
1912	2176	YY_BREAK
1913		case 62:
1914		YY_RULE_SETUP
1915		#line 169 "util/configlexer.lex"
	2177	case 70:
	2178	YY_RULE_SETUP
	2179	#line 181 "util/configlexer.lex"
1916	2180	{ YDOUT; return VAR_VAL_OVERRIDE_DATE;}
1917	2181	YY_BREAK
1918		case 63:
1919		YY_RULE_SETUP
1920		#line 170 "util/configlexer.lex"
	2182	case 71:
	2183	YY_RULE_SETUP
	2184	#line 182 "util/configlexer.lex"
1921	2185	{ YDOUT; return VAR_BOGUS_TTL;}
1922	2186	YY_BREAK
1923		case 64:
1924		YY_RULE_SETUP
1925		#line 171 "util/configlexer.lex"
	2187	case 72:
	2188	YY_RULE_SETUP
	2189	#line 183 "util/configlexer.lex"
1926	2190	{ YDOUT; return VAR_VAL_CLEAN_ADDITIONAL;}
1927	2191	YY_BREAK
1928		case 65:
1929		YY_RULE_SETUP
1930		#line 172 "util/configlexer.lex"
	2192	case 73:
	2193	YY_RULE_SETUP
	2194	#line 184 "util/configlexer.lex"
1931	2195	{ YDOUT; return VAR_VAL_PERMISSIVE_MODE;}
1932	2196	YY_BREAK
1933		case 66:
1934		YY_RULE_SETUP
1935		#line 173 "util/configlexer.lex"
	2197	case 74:
	2198	YY_RULE_SETUP
	2199	#line 185 "util/configlexer.lex"
1936	2200	{ YDOUT; return VAR_KEY_CACHE_SIZE;}
1937	2201	YY_BREAK
1938		case 67:
1939		YY_RULE_SETUP
1940		#line 174 "util/configlexer.lex"
	2202	case 75:
	2203	YY_RULE_SETUP
	2204	#line 186 "util/configlexer.lex"
1941	2205	{ YDOUT; return VAR_KEY_CACHE_SLABS;}
1942	2206	YY_BREAK
1943		case 68:
1944		YY_RULE_SETUP
1945		#line 175 "util/configlexer.lex"
	2207	case 76:
	2208	YY_RULE_SETUP
	2209	#line 187 "util/configlexer.lex"
	2210	{ YDOUT; return VAR_NEG_CACHE_SIZE;}
	2211	YY_BREAK
	2212	case 77:
	2213	YY_RULE_SETUP
	2214	#line 188 "util/configlexer.lex"
1946	2215	{ YDOUT; return VAR_VAL_NSEC3_KEYSIZE_ITERATIONS;}
1947	2216	YY_BREAK
1948		case 69:
1949		YY_RULE_SETUP
1950		#line 176 "util/configlexer.lex"
	2217	case 78:
	2218	YY_RULE_SETUP
	2219	#line 189 "util/configlexer.lex"
1951	2220	{ YDOUT; return VAR_USE_SYSLOG;}
1952	2221	YY_BREAK
1953		case 70:
1954		YY_RULE_SETUP
1955		#line 177 "util/configlexer.lex"
	2222	case 79:
	2223	YY_RULE_SETUP
	2224	#line 190 "util/configlexer.lex"
1956	2225	{ YDOUT; return VAR_LOCAL_ZONE;}
1957	2226	YY_BREAK
1958		case 71:
1959		YY_RULE_SETUP
1960		#line 178 "util/configlexer.lex"
	2227	case 80:
	2228	YY_RULE_SETUP
	2229	#line 191 "util/configlexer.lex"
1961	2230	{ YDOUT; return VAR_LOCAL_DATA;}
1962	2231	YY_BREAK
1963		case 72:
1964		YY_RULE_SETUP
1965		#line 179 "util/configlexer.lex"
	2232	case 81:
	2233	YY_RULE_SETUP
	2234	#line 192 "util/configlexer.lex"
	2235	{ YDOUT; return VAR_LOCAL_DATA_PTR;}
	2236	YY_BREAK
	2237	case 82:
	2238	YY_RULE_SETUP
	2239	#line 193 "util/configlexer.lex"
1966	2240	{ YDOUT; return VAR_STATISTICS_INTERVAL;}
1967	2241	YY_BREAK
1968		case 73:
1969		YY_RULE_SETUP
1970		#line 180 "util/configlexer.lex"
	2242	case 83:
	2243	YY_RULE_SETUP
	2244	#line 194 "util/configlexer.lex"
1971	2245	{ YDOUT; return VAR_STATISTICS_CUMULATIVE;}
1972	2246	YY_BREAK
1973		case 74:
1974		/* rule 74 can match eol */
1975		YY_RULE_SETUP
1976		#line 181 "util/configlexer.lex"
	2247	case 84:
	2248	YY_RULE_SETUP
	2249	#line 195 "util/configlexer.lex"
	2250	{ YDOUT; return VAR_EXTENDED_STATISTICS;}
	2251	YY_BREAK
	2252	case 85:
	2253	YY_RULE_SETUP
	2254	#line 196 "util/configlexer.lex"
	2255	{ YDOUT; return VAR_REMOTE_CONTROL; }
	2256	YY_BREAK
	2257	case 86:
	2258	YY_RULE_SETUP
	2259	#line 197 "util/configlexer.lex"
	2260	{ YDOUT; return VAR_CONTROL_ENABLE; }
	2261	YY_BREAK
	2262	case 87:
	2263	YY_RULE_SETUP
	2264	#line 198 "util/configlexer.lex"
	2265	{ YDOUT; return VAR_CONTROL_INTERFACE; }
	2266	YY_BREAK
	2267	case 88:
	2268	YY_RULE_SETUP
	2269	#line 199 "util/configlexer.lex"
	2270	{ YDOUT; return VAR_CONTROL_PORT; }
	2271	YY_BREAK
	2272	case 89:
	2273	YY_RULE_SETUP
	2274	#line 200 "util/configlexer.lex"
	2275	{ YDOUT; return VAR_SERVER_KEY_FILE; }
	2276	YY_BREAK
	2277	case 90:
	2278	YY_RULE_SETUP
	2279	#line 201 "util/configlexer.lex"
	2280	{ YDOUT; return VAR_SERVER_CERT_FILE; }
	2281	YY_BREAK
	2282	case 91:
	2283	YY_RULE_SETUP
	2284	#line 202 "util/configlexer.lex"
	2285	{ YDOUT; return VAR_CONTROL_KEY_FILE; }
	2286	YY_BREAK
	2287	case 92:
	2288	YY_RULE_SETUP
	2289	#line 203 "util/configlexer.lex"
	2290	{ YDOUT; return VAR_CONTROL_CERT_FILE; }
	2291	YY_BREAK
	2292	case 93:
	2293	/* rule 93 can match eol */
	2294	YY_RULE_SETUP
	2295	#line 204 "util/configlexer.lex"
1977	2296	{ LEXOUT(("NL\n")); cfg_parser->line++;}
1978	2297	YY_BREAK
1979	2298	/* Quoted strings. Strip leading and ending quotes */
1980		case 75:
1981		YY_RULE_SETUP
1982		#line 184 "util/configlexer.lex"
	2299	case 94:
	2300	YY_RULE_SETUP
	2301	#line 207 "util/configlexer.lex"
1983	2302	{ BEGIN(quotedstring); LEXOUT(("QS ")); }
1984	2303	YY_BREAK
1985	2304	case YY_STATE_EOF(quotedstring):
1986		#line 185 "util/configlexer.lex"
	2305	#line 208 "util/configlexer.lex"
1987	2306	{
1988	2307	yyerror("EOF inside quoted string");
1989	2308	BEGIN(INITIAL);
1990	2309	}
1991	2310	YY_BREAK
1992		case 76:
1993		YY_RULE_SETUP
1994		#line 189 "util/configlexer.lex"
	2311	case 95:
	2312	YY_RULE_SETUP
	2313	#line 212 "util/configlexer.lex"
1995	2314	{ LEXOUT(("STR(%s) ", yytext)); yymore(); }
1996	2315	YY_BREAK
1997		case 77:
1998		/* rule 77 can match eol */
1999		YY_RULE_SETUP
2000		#line 190 "util/configlexer.lex"
	2316	case 96:
	2317	/* rule 96 can match eol */
	2318	YY_RULE_SETUP
	2319	#line 213 "util/configlexer.lex"
2001	2320	{ cfg_parser->line++; yymore(); }
2002	2321	YY_BREAK
2003		case 78:
2004		YY_RULE_SETUP
2005		#line 191 "util/configlexer.lex"
	2322	case 97:
	2323	YY_RULE_SETUP
	2324	#line 214 "util/configlexer.lex"
2006	2325	{
2007	2326	LEXOUT(("QE "));
2008	2327	BEGIN(INITIAL);

2014	2333	}
2015	2334	YY_BREAK
2016	2335	/* Single Quoted strings. Strip leading and ending quotes */
2017		case 79:
2018		YY_RULE_SETUP
2019		#line 202 "util/configlexer.lex"
	2336	case 98:
	2337	YY_RULE_SETUP
	2338	#line 225 "util/configlexer.lex"
2020	2339	{ BEGIN(singlequotedstr); LEXOUT(("SQS ")); }
2021	2340	YY_BREAK
2022	2341	case YY_STATE_EOF(singlequotedstr):
2023		#line 203 "util/configlexer.lex"
	2342	#line 226 "util/configlexer.lex"
2024	2343	{
2025	2344	yyerror("EOF inside quoted string");
2026	2345	BEGIN(INITIAL);
2027	2346	}
2028	2347	YY_BREAK
2029		case 80:
2030		YY_RULE_SETUP
2031		#line 207 "util/configlexer.lex"
	2348	case 99:
	2349	YY_RULE_SETUP
	2350	#line 230 "util/configlexer.lex"
2032	2351	{ LEXOUT(("STR(%s) ", yytext)); yymore(); }
2033	2352	YY_BREAK
2034		case 81:
2035		/* rule 81 can match eol */
2036		YY_RULE_SETUP
2037		#line 208 "util/configlexer.lex"
	2353	case 100:
	2354	/* rule 100 can match eol */
	2355	YY_RULE_SETUP
	2356	#line 231 "util/configlexer.lex"
2038	2357	{ cfg_parser->line++; yymore(); }
2039	2358	YY_BREAK
2040		case 82:
2041		YY_RULE_SETUP
2042		#line 209 "util/configlexer.lex"
	2359	case 101:
	2360	YY_RULE_SETUP
	2361	#line 232 "util/configlexer.lex"
2043	2362	{
2044	2363	LEXOUT(("SQE "));
2045	2364	BEGIN(INITIAL);

2051	2370	}
2052	2371	YY_BREAK
2053	2372	/* include: directive */
2054		case 83:
2055		YY_RULE_SETUP
2056		#line 220 "util/configlexer.lex"
	2373	case 102:
	2374	YY_RULE_SETUP
	2375	#line 243 "util/configlexer.lex"
2057	2376	{ LEXOUT(("v(%s) ", yytext)); BEGIN(include); }
2058	2377	YY_BREAK
2059	2378	case YY_STATE_EOF(include):
2060		#line 221 "util/configlexer.lex"
	2379	#line 244 "util/configlexer.lex"
2061	2380	{
2062	2381	yyerror("EOF inside include directive");
2063	2382	BEGIN(INITIAL);
2064	2383	}
2065	2384	YY_BREAK
2066		case 84:
2067		YY_RULE_SETUP
2068		#line 225 "util/configlexer.lex"
	2385	case 103:
	2386	YY_RULE_SETUP
	2387	#line 248 "util/configlexer.lex"
2069	2388	{ LEXOUT(("ISP ")); /* ignore */ }
2070	2389	YY_BREAK
2071		case 85:
2072		/* rule 85 can match eol */
2073		YY_RULE_SETUP
2074		#line 226 "util/configlexer.lex"
	2390	case 104:
	2391	/* rule 104 can match eol */
	2392	YY_RULE_SETUP
	2393	#line 249 "util/configlexer.lex"
2075	2394	{ LEXOUT(("NL\n")); cfg_parser->line++;}
2076	2395	YY_BREAK
2077		case 86:
2078		YY_RULE_SETUP
2079		#line 227 "util/configlexer.lex"
	2396	case 105:
	2397	YY_RULE_SETUP
	2398	#line 250 "util/configlexer.lex"
2080	2399	{ LEXOUT(("IQS ")); BEGIN(include_quoted); }
2081	2400	YY_BREAK
2082		case 87:
2083		YY_RULE_SETUP
2084		#line 228 "util/configlexer.lex"
	2401	case 106:
	2402	YY_RULE_SETUP
	2403	#line 251 "util/configlexer.lex"
2085	2404	{
2086	2405	LEXOUT(("Iunquotedstr(%s) ", yytext));
2087	2406	config_start_include(yytext);

2089	2408	}
2090	2409	YY_BREAK
2091	2410	case YY_STATE_EOF(include_quoted):
2092		#line 233 "util/configlexer.lex"
	2411	#line 256 "util/configlexer.lex"
2093	2412	{
2094	2413	yyerror("EOF inside quoted string");
2095	2414	BEGIN(INITIAL);
2096	2415	}
2097	2416	YY_BREAK
2098		case 88:
2099		YY_RULE_SETUP
2100		#line 237 "util/configlexer.lex"
	2417	case 107:
	2418	YY_RULE_SETUP
	2419	#line 260 "util/configlexer.lex"
2101	2420	{ LEXOUT(("ISTR(%s) ", yytext)); yymore(); }
2102	2421	YY_BREAK
2103		case 89:
2104		/* rule 89 can match eol */
2105		YY_RULE_SETUP
2106		#line 238 "util/configlexer.lex"
	2422	case 108:
	2423	/* rule 108 can match eol */
	2424	YY_RULE_SETUP
	2425	#line 261 "util/configlexer.lex"
2107	2426	{ cfg_parser->line++; yymore(); }
2108	2427	YY_BREAK
2109		case 90:
2110		YY_RULE_SETUP
2111		#line 239 "util/configlexer.lex"
	2428	case 109:
	2429	YY_RULE_SETUP
	2430	#line 262 "util/configlexer.lex"
2112	2431	{
2113	2432	LEXOUT(("IQE "));
2114	2433	yytext[yyleng - 1] = '\0';

2117	2436	}
2118	2437	YY_BREAK
2119	2438	case YY_STATE_EOF(INITIAL):
2120		#line 245 "util/configlexer.lex"
	2439	#line 268 "util/configlexer.lex"
2121	2440	{
2122	2441	yy_set_bol(1); /* Set beginning of line, so "^" rules match. */
2123	2442	if (config_include_stack_ptr == 0) {

2128	2447	}
2129	2448	}
2130	2449	YY_BREAK
2131		case 91:
2132		YY_RULE_SETUP
2133		#line 255 "util/configlexer.lex"
	2450	case 110:
	2451	YY_RULE_SETUP
	2452	#line 278 "util/configlexer.lex"
2134	2453	{ LEXOUT(("unquotedstr(%s) ", yytext));
2135	2454	yylval.str = strdup(yytext); return STRING; }
2136	2455	YY_BREAK
2137		case 92:
2138		YY_RULE_SETUP
2139		#line 258 "util/configlexer.lex"
	2456	case 111:
	2457	YY_RULE_SETUP
	2458	#line 281 "util/configlexer.lex"
2140	2459	ECHO;
2141	2460	YY_BREAK
2142		#line 2143 "<stdout>"
	2461	#line 2462 "<stdout>"
2143	2462
2144	2463	case YY_END_OF_BUFFER:
2145	2464	{

2429	2748	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
2430	2749	{
2431	2750	yy_current_state = (int) yy_def[yy_current_state];
2432		if ( yy_current_state >= 807 )
	2751	if ( yy_current_state >= 1025 )
2433	2752	yy_c = yy_meta[(unsigned int) yy_c];
2434	2753	}
2435	2754	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];

2457	2776	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
2458	2777	{
2459	2778	yy_current_state = (int) yy_def[yy_current_state];
2460		if ( yy_current_state >= 807 )
	2779	if ( yy_current_state >= 1025 )
2461	2780	yy_c = yy_meta[(unsigned int) yy_c];
2462	2781	}
2463	2782	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
2464		yy_is_jam = (yy_current_state == 806);
	2783	yy_is_jam = (yy_current_state == 1024);
2465	2784
2466	2785	return yy_is_jam ? 0 : yy_current_state;
2467	2786	}

3098	3417
3099	3418	#define YYTABLES_NAME "yytables"
3100	3419
3101		#line 258 "util/configlexer.lex"
3102
3103
3104
	3420	#line 281 "util/configlexer.lex"
	3421
	3422
	3423

+23

-0

util/configlexer.lex less more

44	44	if(config_include_stack_ptr >= MAXINCLUDES) {
45	45	ub_c_error_msg("includes nested too deeply, skipped (>%d)", MAXINCLUDES);
46	46	return;
	47	}
	48	if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot,
	49	strlen(cfg_parser->chroot)) == 0) {
	50	filename += strlen(cfg_parser->chroot);
47	51	}
48	52	input = fopen(filename, "r");
49	53	if(!input) {

141	145	infra-cache-numhosts{COLON} { YDOUT; return VAR_INFRA_CACHE_NUMHOSTS;}
142	146	infra-cache-lame-size{COLON} { YDOUT; return VAR_INFRA_CACHE_LAME_SIZE;}
143	147	num-queries-per-thread{COLON} { YDOUT; return VAR_NUM_QUERIES_PER_THREAD;}
	148	jostle-timeout{COLON} { YDOUT; return VAR_JOSTLE_TIMEOUT;}
144	149	target-fetch-policy{COLON} { YDOUT; return VAR_TARGET_FETCH_POLICY;}
145	150	harden-short-bufsize{COLON} { YDOUT; return VAR_HARDEN_SHORT_BUFSIZE;}
146	151	harden-large-queries{COLON} { YDOUT; return VAR_HARDEN_LARGE_QUERIES;}
147	152	harden-glue{COLON} { YDOUT; return VAR_HARDEN_GLUE;}
148	153	harden-dnssec-stripped{COLON} { YDOUT; return VAR_HARDEN_DNNSEC_STRIPPED;}
	154	harden-referral-path{COLON} { YDOUT; return VAR_HARDEN_REFERRAL_PATH;}
149	155	use-caps-for-id{COLON} { YDOUT; return VAR_USE_CAPS_FOR_ID;}
	156	unwanted-reply-threshold{COLON} { YDOUT; return VAR_UNWANTED_REPLY_THRESHOLD;}
	157	private-address{COLON} { YDOUT; return VAR_PRIVATE_ADDRESS;}
	158	private-domain{COLON} { YDOUT; return VAR_PRIVATE_DOMAIN;}
150	159	stub-zone{COLON} { YDOUT; return VAR_STUB_ZONE;}
151	160	name{COLON} { YDOUT; return VAR_NAME;}
152	161	stub-addr{COLON} { YDOUT; return VAR_STUB_ADDR;}
153	162	stub-host{COLON} { YDOUT; return VAR_STUB_HOST;}
	163	stub-prime{COLON} { YDOUT; return VAR_STUB_PRIME;}
154	164	forward-zone{COLON} { YDOUT; return VAR_FORWARD_ZONE;}
155	165	forward-addr{COLON} { YDOUT; return VAR_FORWARD_ADDR;}
156	166	forward-host{COLON} { YDOUT; return VAR_FORWARD_HOST;}

162	172	identity{COLON} { YDOUT; return VAR_IDENTITY;}
163	173	version{COLON} { YDOUT; return VAR_VERSION;}
164	174	module-config{COLON} { YDOUT; return VAR_MODULE_CONF;}
	175	dlv-anchor{COLON} { YDOUT; return VAR_DLV_ANCHOR;}
	176	dlv-anchor-file{COLON} { YDOUT; return VAR_DLV_ANCHOR_FILE;}
165	177	trust-anchor-file{COLON} { YDOUT; return VAR_TRUST_ANCHOR_FILE;}
166	178	trusted-keys-file{COLON} { YDOUT; return VAR_TRUSTED_KEYS_FILE;}
167	179	trust-anchor{COLON} { YDOUT; return VAR_TRUST_ANCHOR;}

171	183	val-permissive-mode{COLON} { YDOUT; return VAR_VAL_PERMISSIVE_MODE;}
172	184	key-cache-size{COLON} { YDOUT; return VAR_KEY_CACHE_SIZE;}
173	185	key-cache-slabs{COLON} { YDOUT; return VAR_KEY_CACHE_SLABS;}
	186	neg-cache-size{COLON} { YDOUT; return VAR_NEG_CACHE_SIZE;}
174	187	val-nsec3-keysize-iterations{COLON} { YDOUT; return VAR_VAL_NSEC3_KEYSIZE_ITERATIONS;}
175	188	use-syslog{COLON} { YDOUT; return VAR_USE_SYSLOG;}
176	189	local-zone{COLON} { YDOUT; return VAR_LOCAL_ZONE;}
177	190	local-data{COLON} { YDOUT; return VAR_LOCAL_DATA;}
	191	local-data-ptr{COLON} { YDOUT; return VAR_LOCAL_DATA_PTR;}
178	192	statistics-interval{COLON} { YDOUT; return VAR_STATISTICS_INTERVAL;}
179	193	statistics-cumulative{COLON} { YDOUT; return VAR_STATISTICS_CUMULATIVE;}
	194	extended-statistics{COLON} { YDOUT; return VAR_EXTENDED_STATISTICS;}
	195	remote-control{COLON} { YDOUT; return VAR_REMOTE_CONTROL; }
	196	control-enable{COLON} { YDOUT; return VAR_CONTROL_ENABLE; }
	197	control-interface{COLON} { YDOUT; return VAR_CONTROL_INTERFACE; }
	198	control-port{COLON} { YDOUT; return VAR_CONTROL_PORT; }
	199	server-key-file{COLON} { YDOUT; return VAR_SERVER_KEY_FILE; }
	200	server-cert-file{COLON} { YDOUT; return VAR_SERVER_CERT_FILE; }
	201	control-key-file{COLON} { YDOUT; return VAR_CONTROL_KEY_FILE; }
	202	control-cert-file{COLON} { YDOUT; return VAR_CONTROL_CERT_FILE; }
180	203	{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;}
181	204
182	205	/* Quoted strings. Strip leading and ending quotes */

+650

-342

util/configparser.c less more

143	143	VAR_USE_CAPS_FOR_ID = 333,
144	144	VAR_STATISTICS_CUMULATIVE = 334,
145	145	VAR_OUTGOING_PORT_PERMIT = 335,
146		VAR_OUTGOING_PORT_AVOID = 336
	146	VAR_OUTGOING_PORT_AVOID = 336,
	147	VAR_DLV_ANCHOR_FILE = 337,
	148	VAR_DLV_ANCHOR = 338,
	149	VAR_NEG_CACHE_SIZE = 339,
	150	VAR_HARDEN_REFERRAL_PATH = 340,
	151	VAR_PRIVATE_ADDRESS = 341,
	152	VAR_PRIVATE_DOMAIN = 342,
	153	VAR_REMOTE_CONTROL = 343,
	154	VAR_CONTROL_ENABLE = 344,
	155	VAR_CONTROL_INTERFACE = 345,
	156	VAR_CONTROL_PORT = 346,
	157	VAR_SERVER_KEY_FILE = 347,
	158	VAR_SERVER_CERT_FILE = 348,
	159	VAR_CONTROL_KEY_FILE = 349,
	160	VAR_CONTROL_CERT_FILE = 350,
	161	VAR_EXTENDED_STATISTICS = 351,
	162	VAR_LOCAL_DATA_PTR = 352,
	163	VAR_JOSTLE_TIMEOUT = 353,
	164	VAR_STUB_PRIME = 354,
	165	VAR_UNWANTED_REPLY_THRESHOLD = 355
147	166	};
148	167	#endif
149	168	/* Tokens. */

226	245	#define VAR_STATISTICS_CUMULATIVE 334
227	246	#define VAR_OUTGOING_PORT_PERMIT 335
228	247	#define VAR_OUTGOING_PORT_AVOID 336
	248	#define VAR_DLV_ANCHOR_FILE 337
	249	#define VAR_DLV_ANCHOR 338
	250	#define VAR_NEG_CACHE_SIZE 339
	251	#define VAR_HARDEN_REFERRAL_PATH 340
	252	#define VAR_PRIVATE_ADDRESS 341
	253	#define VAR_PRIVATE_DOMAIN 342
	254	#define VAR_REMOTE_CONTROL 343
	255	#define VAR_CONTROL_ENABLE 344
	256	#define VAR_CONTROL_INTERFACE 345
	257	#define VAR_CONTROL_PORT 346
	258	#define VAR_SERVER_KEY_FILE 347
	259	#define VAR_SERVER_CERT_FILE 348
	260	#define VAR_CONTROL_KEY_FILE 349
	261	#define VAR_CONTROL_CERT_FILE 350
	262	#define VAR_EXTENDED_STATISTICS 351
	263	#define VAR_LOCAL_DATA_PTR 352
	264	#define VAR_JOSTLE_TIMEOUT 353
	265	#define VAR_STUB_PRIME 354
	266	#define VAR_UNWANTED_REPLY_THRESHOLD 355
229	267
230	268
231	269

284	322	char* str;
285	323	}
286	324	/* Line 187 of yacc.c. */
287		#line 289 "util/configparser.c"
	325	#line 327 "util/configparser.c"
288	326	YYSTYPE;
289	327	# define yystype YYSTYPE /* obsolescent; will be withdrawn */
290	328	# define YYSTYPE_IS_DECLARED 1

297	335
298	336
299	337	/* Line 216 of yacc.c. */
300		#line 302 "util/configparser.c"
	338	#line 340 "util/configparser.c"
301	339
302	340	#ifdef short
303	341	# undef short

512	550	/* YYFINAL -- State number of the termination state. */
513	551	#define YYFINAL 2
514	552	/* YYLAST -- Last index in YYTABLE. */
515		#define YYLAST 143
	553	#define YYLAST 180
516	554
517	555	/* YYNTOKENS -- Number of terminals. */
518		#define YYNTOKENS 82
	556	#define YYNTOKENS 101
519	557	/* YYNNTS -- Number of nonterminals. */
520		#define YYNNTS 81
	558	#define YYNNTS 102
521	559	/* YYNRULES -- Number of rules. */
522		#define YYNRULES 153
	560	#define YYNRULES 193
523	561	/* YYNRULES -- Number of states. */
524		#define YYNSTATES 225
	562	#define YYNSTATES 283
525	563
526	564	/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
527	565	#define YYUNDEFTOK 2
528		#define YYMAXUTOK 336
	566	#define YYMAXUTOK 355
529	567
530	568	#define YYTRANSLATE(YYX) \
531	569	((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)

566	604	45, 46, 47, 48, 49, 50, 51, 52, 53, 54,
567	605	55, 56, 57, 58, 59, 60, 61, 62, 63, 64,
568	606	65, 66, 67, 68, 69, 70, 71, 72, 73, 74,
569		75, 76, 77, 78, 79, 80, 81
	607	75, 76, 77, 78, 79, 80, 81, 82, 83, 84,
	608	85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
	609	95, 96, 97, 98, 99, 100
570	610	};
571	611
572	612	#if YYDEBUG

574	614	YYRHS. */
575	615	static const yytype_uint16 yyprhs[] =
576	616	{
577		0, 0, 3, 4, 7, 10, 13, 16, 18, 21,
578		22, 24, 26, 28, 30, 32, 34, 36, 38, 40,
579		42, 44, 46, 48, 50, 52, 54, 56, 58, 60,
580		62, 64, 66, 68, 70, 72, 74, 76, 78, 80,
581		82, 84, 86, 88, 90, 92, 94, 96, 98, 100,
582		102, 104, 106, 108, 110, 112, 114, 116, 118, 120,
583		122, 124, 126, 128, 130, 132, 134, 136, 138, 140,
584		142, 144, 146, 148, 150, 153, 154, 156, 158, 160,
585		162, 165, 166, 168, 170, 172, 175, 178, 181, 184,
586		187, 190, 193, 196, 199, 202, 205, 208, 211, 214,
587		217, 220, 223, 226, 229, 232, 235, 238, 241, 244,
588		247, 250, 253, 256, 259, 262, 265, 268, 271, 274,
589		277, 280, 283, 286, 289, 292, 295, 298, 301, 304,
590		307, 310, 313, 316, 319, 322, 325, 329, 332, 335,
591		338, 341, 344, 347, 350, 353, 356, 360, 363, 366,
592		369, 372, 375, 378
	617	0, 0, 3, 4, 7, 10, 13, 16, 19, 21,
	618	24, 25, 27, 29, 31, 33, 35, 37, 39, 41,
	619	43, 45, 47, 49, 51, 53, 55, 57, 59, 61,
	620	63, 65, 67, 69, 71, 73, 75, 77, 79, 81,
	621	83, 85, 87, 89, 91, 93, 95, 97, 99, 101,
	622	103, 105, 107, 109, 111, 113, 115, 117, 119, 121,
	623	123, 125, 127, 129, 131, 133, 135, 137, 139, 141,
	624	143, 145, 147, 149, 151, 153, 155, 157, 159, 161,
	625	163, 165, 167, 169, 171, 173, 176, 177, 179, 181,
	626	183, 185, 187, 190, 191, 193, 195, 197, 200, 203,
	627	206, 209, 212, 215, 218, 221, 224, 227, 230, 233,
	628	236, 239, 242, 245, 248, 251, 254, 257, 260, 263,
	629	266, 269, 272, 275, 278, 281, 284, 287, 290, 293,
	630	296, 299, 302, 305, 308, 311, 314, 317, 320, 323,
	631	326, 329, 332, 335, 338, 341, 344, 347, 350, 353,
	632	356, 359, 362, 365, 368, 371, 374, 378, 381, 384,
	633	387, 390, 393, 396, 399, 402, 405, 408, 412, 415,
	634	418, 421, 424, 427, 430, 433, 436, 439, 441, 444,
	635	445, 447, 449, 451, 453, 455, 457, 459, 462, 465,
	636	468, 471, 474, 477
593	637	};
594	638
595	639	/* YYRHS -- A `-1'-separated list of the rules' RHS. */
596	640	static const yytype_int16 yyrhs[] =
597	641	{
598		83, 0, -1, -1, 83, 84, -1, 85, 86, -1,
599		88, 89, -1, 91, 92, -1, 11, -1, 86, 87,
600		-1, -1, 94, -1, 95, -1, 98, -1, 101, -1,
601		107, -1, 108, -1, 109, -1, 110, -1, 99, -1,
602		113, -1, 114, -1, 115, -1, 116, -1, 117, -1,
603		127, -1, 128, -1, 129, -1, 130, -1, 131, -1,
604		104, -1, 132, -1, 133, -1, 136, -1, 134, -1,
605		135, -1, 137, -1, 138, -1, 139, -1, 143, -1,
606		122, -1, 123, -1, 124, -1, 125, -1, 140, -1,
607		146, -1, 119, -1, 121, -1, 147, -1, 149, -1,
608		150, -1, 151, -1, 105, -1, 126, -1, 153, -1,
609		154, -1, 120, -1, 152, -1, 112, -1, 100, -1,
610		118, -1, 144, -1, 148, -1, 141, -1, 145, -1,
611		155, -1, 156, -1, 106, -1, 96, -1, 111, -1,
612		142, -1, 97, -1, 102, -1, 103, -1, 38, -1,
613		89, 90, -1, -1, 157, -1, 158, -1, 159, -1,
614		44, -1, 92, 93, -1, -1, 160, -1, 161, -1,
615		162, -1, 13, 10, -1, 12, 10, -1, 76, 10,
616		-1, 79, 10, -1, 14, 10, -1, 16, 10, -1,
617		67, 10, -1, 15, 10, -1, 80, 10, -1, 81,
618		10, -1, 31, 10, -1, 60, 10, -1, 75, 10,
619		-1, 17, 10, -1, 18, 10, -1, 19, 10, -1,
620		20, 10, -1, 77, 10, -1, 66, 10, -1, 21,
621		10, -1, 22, 10, -1, 23, 10, -1, 24, 10,
622		-1, 25, 10, -1, 68, 10, -1, 54, 10, -1,
623		64, 10, -1, 55, 10, -1, 48, 10, -1, 49,
624		10, -1, 50, 10, -1, 51, 10, -1, 61, 10,
625		-1, 26, 10, -1, 27, 10, -1, 28, 10, -1,
626		29, 10, -1, 30, 10, -1, 32, 10, -1, 33,
627		10, -1, 35, 10, -1, 36, 10, -1, 34, 10,
628		-1, 41, 10, -1, 42, 10, -1, 43, 10, -1,
629		52, 10, -1, 71, 10, -1, 78, 10, -1, 47,
630		10, -1, 69, 10, -1, 72, 10, 10, -1, 53,
631		10, -1, 56, 10, -1, 70, 10, -1, 57, 10,
632		-1, 58, 10, -1, 59, 10, -1, 65, 10, -1,
633		62, 10, -1, 63, 10, -1, 73, 10, 10, -1,
634		74, 10, -1, 37, 10, -1, 39, 10, -1, 40,
635		10, -1, 37, 10, -1, 45, 10, -1, 46, 10,
636		-1
	642	102, 0, -1, -1, 102, 103, -1, 104, 105, -1,
	643	107, 108, -1, 110, 111, -1, 193, 194, -1, 11,
	644	-1, 105, 106, -1, -1, 113, -1, 114, -1, 118,
	645	-1, 121, -1, 127, -1, 128, -1, 129, -1, 130,
	646	-1, 119, -1, 133, -1, 134, -1, 135, -1, 136,
	647	-1, 137, -1, 149, -1, 150, -1, 151, -1, 153,
	648	-1, 154, -1, 124, -1, 155, -1, 156, -1, 159,
	649	-1, 157, -1, 158, -1, 160, -1, 161, -1, 162,
	650	-1, 170, -1, 144, -1, 145, -1, 146, -1, 147,
	651	-1, 163, -1, 173, -1, 141, -1, 143, -1, 174,
	652	-1, 176, -1, 177, -1, 178, -1, 125, -1, 148,
	653	-1, 180, -1, 181, -1, 142, -1, 179, -1, 132,
	654	-1, 120, -1, 138, -1, 171, -1, 175, -1, 164,
	655	-1, 172, -1, 183, -1, 184, -1, 126, -1, 115,
	656	-1, 131, -1, 166, -1, 116, -1, 122, -1, 123,
	657	-1, 139, -1, 140, -1, 182, -1, 165, -1, 167,
	658	-1, 168, -1, 117, -1, 185, -1, 152, -1, 169,
	659	-1, 38, -1, 108, 109, -1, -1, 186, -1, 187,
	660	-1, 188, -1, 189, -1, 44, -1, 111, 112, -1,
	661	-1, 190, -1, 191, -1, 192, -1, 13, 10, -1,
	662	12, 10, -1, 76, 10, -1, 79, 10, -1, 96,
	663	10, -1, 14, 10, -1, 16, 10, -1, 67, 10,
	664	-1, 15, 10, -1, 80, 10, -1, 81, 10, -1,
	665	31, 10, -1, 60, 10, -1, 75, 10, -1, 17,
	666	10, -1, 18, 10, -1, 19, 10, -1, 20, 10,
	667	-1, 77, 10, -1, 66, 10, -1, 21, 10, -1,
	668	22, 10, -1, 23, 10, -1, 24, 10, -1, 25,
	669	10, -1, 68, 10, -1, 82, 10, -1, 83, 10,
	670	-1, 54, 10, -1, 64, 10, -1, 55, 10, -1,
	671	48, 10, -1, 49, 10, -1, 50, 10, -1, 51,
	672	10, -1, 61, 10, -1, 26, 10, -1, 27, 10,
	673	-1, 28, 10, -1, 98, 10, -1, 29, 10, -1,
	674	30, 10, -1, 32, 10, -1, 33, 10, -1, 35,
	675	10, -1, 36, 10, -1, 34, 10, -1, 41, 10,
	676	-1, 42, 10, -1, 43, 10, -1, 52, 10, -1,
	677	71, 10, -1, 85, 10, -1, 78, 10, -1, 86,
	678	10, -1, 87, 10, -1, 100, 10, -1, 47, 10,
	679	-1, 69, 10, -1, 72, 10, 10, -1, 53, 10,
	680	-1, 56, 10, -1, 70, 10, -1, 57, 10, -1,
	681	58, 10, -1, 59, 10, -1, 65, 10, -1, 62,
	682	10, -1, 63, 10, -1, 84, 10, -1, 73, 10,
	683	10, -1, 74, 10, -1, 97, 10, -1, 37, 10,
	684	-1, 39, 10, -1, 40, 10, -1, 99, 10, -1,
	685	37, 10, -1, 45, 10, -1, 46, 10, -1, 88,
	686	-1, 194, 195, -1, -1, 196, -1, 198, -1, 197,
	687	-1, 199, -1, 200, -1, 201, -1, 202, -1, 89,
	688	10, -1, 91, 10, -1, 90, 10, -1, 92, 10,
	689	-1, 93, 10, -1, 94, 10, -1, 95, 10, -1
637	690	};
638	691
639	692	/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
640	693	static const yytype_uint16 yyrline[] =
641	694	{
642		0, 96, 96, 96, 97, 97, 98, 102, 107, 108,
643		109, 109, 109, 110, 110, 111, 111, 111, 112, 112,
644		112, 113, 113, 113, 114, 114, 115, 115, 116, 116,
645		117, 117, 118, 118, 119, 119, 120, 120, 121, 121,
646		122, 122, 122, 123, 123, 123, 124, 124, 124, 125,
647		125, 126, 126, 127, 127, 128, 128, 129, 129, 129,
648		130, 130, 131, 131, 132, 132, 132, 133, 133, 134,
649		134, 135, 135, 137, 149, 150, 151, 151, 151, 153,
650		165, 166, 167, 167, 167, 169, 178, 187, 198, 207,
651		216, 229, 244, 253, 262, 271, 280, 289, 298, 307,
652		316, 325, 334, 343, 357, 364, 371, 378, 386, 393,
653		400, 408, 416, 423, 432, 441, 448, 455, 466, 474,
654		487, 496, 504, 517, 526, 535, 544, 553, 566, 573,
655		583, 593, 603, 613, 623, 630, 640, 653, 660, 678,
656		687, 696, 706, 716, 723, 731, 744, 763, 770, 777,
657		784, 791, 798, 805
	695	0, 102, 102, 102, 103, 103, 104, 104, 108, 113,
	696	114, 115, 115, 115, 116, 116, 117, 117, 117, 118,
	697	118, 118, 119, 119, 119, 120, 120, 121, 121, 122,
	698	122, 123, 123, 124, 124, 125, 125, 126, 126, 127,
	699	127, 128, 128, 128, 129, 129, 129, 130, 130, 130,
	700	131, 131, 132, 132, 133, 133, 134, 134, 135, 135,
	701	135, 136, 136, 137, 137, 138, 138, 138, 139, 139,
	702	140, 140, 141, 141, 142, 142, 142, 143, 143, 144,
	703	144, 145, 145, 146, 148, 160, 161, 162, 162, 162,
	704	162, 164, 176, 177, 178, 178, 178, 180, 189, 198,
	705	209, 218, 227, 236, 249, 264, 273, 282, 291, 300,
	706	309, 318, 327, 336, 345, 354, 363, 377, 384, 391,
	707	398, 406, 413, 420, 427, 434, 442, 450, 457, 466,
	708	475, 482, 489, 500, 508, 521, 530, 539, 547, 560,
	709	569, 578, 587, 596, 609, 616, 626, 636, 646, 656,
	710	666, 676, 683, 690, 699, 706, 716, 730, 737, 755,
	711	764, 773, 783, 793, 800, 808, 821, 829, 849, 856,
	712	871, 878, 885, 892, 902, 909, 916, 923, 928, 929,
	713	930, 930, 930, 931, 931, 931, 932, 934, 944, 953,
	714	960, 967, 974, 981
658	715	};
659	716	#endif
660	717

688	745	"VAR_LOCAL_ZONE", "VAR_LOCAL_DATA", "VAR_INTERFACE_AUTOMATIC",
689	746	"VAR_STATISTICS_INTERVAL", "VAR_DO_DAEMONIZE", "VAR_USE_CAPS_FOR_ID",
690	747	"VAR_STATISTICS_CUMULATIVE", "VAR_OUTGOING_PORT_PERMIT",
691		"VAR_OUTGOING_PORT_AVOID", "$accept", "toplevelvars", "toplevelvar",
692		"serverstart", "contents_server", "content_server", "stubstart",
693		"contents_stub", "content_stub", "forwardstart", "contents_forward",
694		"content_forward", "server_num_threads", "server_verbosity",
695		"server_statistics_interval", "server_statistics_cumulative",
	748	"VAR_OUTGOING_PORT_AVOID", "VAR_DLV_ANCHOR_FILE", "VAR_DLV_ANCHOR",
	749	"VAR_NEG_CACHE_SIZE", "VAR_HARDEN_REFERRAL_PATH", "VAR_PRIVATE_ADDRESS",
	750	"VAR_PRIVATE_DOMAIN", "VAR_REMOTE_CONTROL", "VAR_CONTROL_ENABLE",
	751	"VAR_CONTROL_INTERFACE", "VAR_CONTROL_PORT", "VAR_SERVER_KEY_FILE",
	752	"VAR_SERVER_CERT_FILE", "VAR_CONTROL_KEY_FILE", "VAR_CONTROL_CERT_FILE",
	753	"VAR_EXTENDED_STATISTICS", "VAR_LOCAL_DATA_PTR", "VAR_JOSTLE_TIMEOUT",
	754	"VAR_STUB_PRIME", "VAR_UNWANTED_REPLY_THRESHOLD", "$accept",
	755	"toplevelvars", "toplevelvar", "serverstart", "contents_server",
	756	"content_server", "stubstart", "contents_stub", "content_stub",
	757	"forwardstart", "contents_forward", "content_forward",
	758	"server_num_threads", "server_verbosity", "server_statistics_interval",
	759	"server_statistics_cumulative", "server_extended_statistics",
696	760	"server_port", "server_interface", "server_outgoing_interface",
697	761	"server_outgoing_range", "server_outgoing_port_permit",
698	762	"server_outgoing_port_avoid", "server_outgoing_num_tcp",

700	764	"server_do_ip6", "server_do_udp", "server_do_tcp", "server_do_daemonize",
701	765	"server_use_syslog", "server_chroot", "server_username",
702	766	"server_directory", "server_logfile", "server_pidfile",
703		"server_root_hints", "server_trust_anchor_file",
704		"server_trusted_keys_file", "server_trust_anchor",
705		"server_hide_identity", "server_hide_version", "server_identity",
706		"server_version", "server_msg_buffer_size", "server_msg_cache_size",
707		"server_msg_cache_slabs", "server_num_queries_per_thread",
	767	"server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor",
	768	"server_trust_anchor_file", "server_trusted_keys_file",
	769	"server_trust_anchor", "server_hide_identity", "server_hide_version",
	770	"server_identity", "server_version", "server_msg_buffer_size",
	771	"server_msg_cache_size", "server_msg_cache_slabs",
	772	"server_num_queries_per_thread", "server_jostle_timeout",
708	773	"server_rrset_cache_size", "server_rrset_cache_slabs",
709	774	"server_infra_host_ttl", "server_infra_lame_ttl",
710	775	"server_infra_cache_numhosts", "server_infra_cache_lame_size",
711	776	"server_infra_cache_slabs", "server_target_fetch_policy",
712	777	"server_harden_short_bufsize", "server_harden_large_queries",
713	778	"server_harden_glue", "server_harden_dnssec_stripped",
714		"server_use_caps_for_id", "server_do_not_query_address",
	779	"server_harden_referral_path", "server_use_caps_for_id",
	780	"server_private_address", "server_private_domain",
	781	"server_unwanted_reply_threshold", "server_do_not_query_address",
715	782	"server_do_not_query_localhost", "server_access_control",
716	783	"server_module_conf", "server_val_override_date", "server_cache_max_ttl",
717	784	"server_bogus_ttl", "server_val_clean_additional",
718	785	"server_val_permissive_mode", "server_val_nsec3_keysize_iterations",
719		"server_key_cache_size", "server_key_cache_slabs", "server_local_zone",
720		"server_local_data", "stub_name", "stub_host", "stub_addr",
721		"forward_name", "forward_host", "forward_addr", 0
	786	"server_key_cache_size", "server_key_cache_slabs",
	787	"server_neg_cache_size", "server_local_zone", "server_local_data",
	788	"server_local_data_ptr", "stub_name", "stub_host", "stub_addr",
	789	"stub_prime", "forward_name", "forward_host", "forward_addr", "rcstart",
	790	"contents_rc", "content_rc", "rc_control_enable", "rc_control_port",
	791	"rc_control_interface", "rc_server_key_file", "rc_server_cert_file",
	792	"rc_control_key_file", "rc_control_cert_file", 0
722	793	};
723	794	#endif
724	795

735	806	305, 306, 307, 308, 309, 310, 311, 312, 313, 314,
736	807	315, 316, 317, 318, 319, 320, 321, 322, 323, 324,
737	808	325, 326, 327, 328, 329, 330, 331, 332, 333, 334,
738		335, 336
	809	335, 336, 337, 338, 339, 340, 341, 342, 343, 344,
	810	345, 346, 347, 348, 349, 350, 351, 352, 353, 354,
	811	355
739	812	};
740	813	# endif
741	814
742	815	/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
743	816	static const yytype_uint8 yyr1[] =
744	817	{
745		0, 82, 83, 83, 84, 84, 84, 85, 86, 86,
746		87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
747		87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
748		87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
749		87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
750		87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
751		87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
752		87, 87, 87, 88, 89, 89, 90, 90, 90, 91,
753		92, 92, 93, 93, 93, 94, 95, 96, 97, 98,
754		99, 100, 101, 102, 103, 104, 105, 106, 107, 108,
755		109, 110, 111, 112, 113, 114, 115, 116, 117, 118,
756		119, 120, 121, 122, 123, 124, 125, 126, 127, 128,
757		129, 130, 131, 132, 133, 134, 135, 136, 137, 138,
758		139, 140, 141, 142, 143, 144, 145, 146, 147, 148,
759		149, 150, 151, 152, 153, 154, 155, 156, 157, 158,
760		159, 160, 161, 162
	818	0, 101, 102, 102, 103, 103, 103, 103, 104, 105,
	819	105, 106, 106, 106, 106, 106, 106, 106, 106, 106,
	820	106, 106, 106, 106, 106, 106, 106, 106, 106, 106,
	821	106, 106, 106, 106, 106, 106, 106, 106, 106, 106,
	822	106, 106, 106, 106, 106, 106, 106, 106, 106, 106,
	823	106, 106, 106, 106, 106, 106, 106, 106, 106, 106,
	824	106, 106, 106, 106, 106, 106, 106, 106, 106, 106,
	825	106, 106, 106, 106, 106, 106, 106, 106, 106, 106,
	826	106, 106, 106, 106, 107, 108, 108, 109, 109, 109,
	827	109, 110, 111, 111, 112, 112, 112, 113, 114, 115,
	828	116, 117, 118, 119, 120, 121, 122, 123, 124, 125,
	829	126, 127, 128, 129, 130, 131, 132, 133, 134, 135,
	830	136, 137, 138, 139, 140, 141, 142, 143, 144, 145,
	831	146, 147, 148, 149, 150, 151, 152, 153, 154, 155,
	832	156, 157, 158, 159, 160, 161, 162, 163, 164, 165,
	833	166, 167, 168, 169, 170, 171, 172, 173, 174, 175,
	834	176, 177, 178, 179, 180, 181, 182, 183, 184, 185,
	835	186, 187, 188, 189, 190, 191, 192, 193, 194, 194,
	836	195, 195, 195, 195, 195, 195, 195, 196, 197, 198,
	837	199, 200, 201, 202
761	838	};
762	839
763	840	/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
764	841	static const yytype_uint8 yyr2[] =
765	842	{
766		0, 2, 0, 2, 2, 2, 2, 1, 2, 0,
	843	0, 2, 0, 2, 2, 2, 2, 2, 1, 2,
	844	0, 1, 1, 1, 1, 1, 1, 1, 1, 1,
767	845	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
768	846	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
769	847	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
770	848	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
771	849	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
772	850	1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
773		1, 1, 1, 1, 2, 0, 1, 1, 1, 1,
774		2, 0, 1, 1, 1, 2, 2, 2, 2, 2,
	851	1, 1, 1, 1, 1, 2, 0, 1, 1, 1,
	852	1, 1, 2, 0, 1, 1, 1, 2, 2, 2,
	853	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
775	854	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
776	855	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
777	856	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
778	857	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
779	858	2, 2, 2, 2, 2, 2, 3, 2, 2, 2,
780		2, 2, 2, 2, 2, 2, 3, 2, 2, 2,
	859	2, 2, 2, 2, 2, 2, 2, 3, 2, 2,
	860	2, 2, 2, 2, 2, 2, 2, 1, 2, 0,
	861	1, 1, 1, 1, 1, 1, 1, 2, 2, 2,
781	862	2, 2, 2, 2
782	863	};
783	864

786	867	means the default is an error. */
787	868	static const yytype_uint8 yydefact[] =
788	869	{
789		2, 0, 1, 7, 73, 79, 3, 9, 75, 81,
790		4, 5, 6, 0, 0, 0, 0, 0, 0, 0,
	870	2, 0, 1, 8, 84, 91, 177, 3, 10, 86,
	871	93, 179, 4, 5, 6, 7, 0, 0, 0, 0,
791	872	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
792	873	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
793	874	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
794	875	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
795	876	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
796		0, 0, 0, 0, 0, 0, 8, 10, 11, 67,
797		70, 12, 18, 58, 13, 71, 72, 29, 51, 66,
798		14, 15, 16, 17, 68, 57, 19, 20, 21, 22,
799		23, 59, 45, 55, 46, 39, 40, 41, 42, 52,
800		24, 25, 26, 27, 28, 30, 31, 33, 34, 32,
801		35, 36, 37, 43, 62, 69, 38, 60, 63, 44,
802		47, 61, 48, 49, 50, 56, 53, 54, 64, 65,
803		0, 0, 0, 74, 76, 77, 78, 0, 0, 0,
804		80, 82, 83, 84, 86, 85, 89, 92, 90, 98,
805		99, 100, 101, 104, 105, 106, 107, 108, 118, 119,
806		120, 121, 122, 95, 123, 124, 127, 125, 126, 128,
807		129, 130, 134, 113, 114, 115, 116, 131, 137, 110,
808		112, 138, 140, 141, 142, 96, 117, 144, 145, 111,
809		143, 103, 91, 109, 135, 139, 132, 0, 0, 147,
810		97, 87, 102, 133, 88, 93, 94, 148, 149, 150,
811		151, 152, 153, 136, 146
	877	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	878	0, 0, 0, 0, 0, 0, 0, 0, 0, 9,
	879	11, 12, 68, 71, 80, 13, 19, 59, 14, 72,
	880	73, 30, 52, 67, 15, 16, 17, 18, 69, 58,
	881	20, 21, 22, 23, 24, 60, 74, 75, 46, 56,
	882	47, 40, 41, 42, 43, 53, 25, 26, 27, 82,
	883	28, 29, 31, 32, 34, 35, 33, 36, 37, 38,
	884	44, 63, 77, 70, 78, 79, 83, 39, 61, 64,
	885	45, 48, 62, 49, 50, 51, 57, 54, 55, 76,
	886	65, 66, 81, 0, 0, 0, 0, 85, 87, 88,
	887	89, 90, 0, 0, 0, 92, 94, 95, 96, 0,
	888	0, 0, 0, 0, 0, 0, 178, 180, 182, 181,
	889	183, 184, 185, 186, 98, 97, 102, 105, 103, 111,
	890	112, 113, 114, 117, 118, 119, 120, 121, 133, 134,
	891	135, 137, 138, 108, 139, 140, 143, 141, 142, 144,
	892	145, 146, 154, 128, 129, 130, 131, 147, 157, 125,
	893	127, 158, 160, 161, 162, 109, 132, 164, 165, 126,
	894	163, 116, 104, 122, 155, 159, 148, 0, 0, 168,
	895	110, 99, 115, 150, 100, 106, 107, 123, 124, 166,
	896	149, 151, 152, 101, 169, 136, 153, 170, 171, 172,
	897	173, 174, 175, 176, 187, 189, 188, 190, 191, 192,
	898	193, 156, 167
812	899	};
813	900
814	901	/* YYDEFGOTO[NTERM-NUM]. */
815	902	static const yytype_int16 yydefgoto[] =
816	903	{
817		-1, 1, 6, 7, 10, 76, 8, 11, 143, 9,
818		12, 150, 77, 78, 79, 80, 81, 82, 83, 84,
819		85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
820		95, 96, 97, 98, 99, 100, 101, 102, 103, 104,
821		105, 106, 107, 108, 109, 110, 111, 112, 113, 114,
822		115, 116, 117, 118, 119, 120, 121, 122, 123, 124,
823		125, 126, 127, 128, 129, 130, 131, 132, 133, 134,
824		135, 136, 137, 138, 139, 144, 145, 146, 151, 152,
825		153
	904	-1, 1, 7, 8, 12, 89, 9, 13, 167, 10,
	905	14, 175, 90, 91, 92, 93, 94, 95, 96, 97,
	906	98, 99, 100, 101, 102, 103, 104, 105, 106, 107,
	907	108, 109, 110, 111, 112, 113, 114, 115, 116, 117,
	908	118, 119, 120, 121, 122, 123, 124, 125, 126, 127,
	909	128, 129, 130, 131, 132, 133, 134, 135, 136, 137,
	910	138, 139, 140, 141, 142, 143, 144, 145, 146, 147,
	911	148, 149, 150, 151, 152, 153, 154, 155, 156, 157,
	912	158, 159, 160, 161, 162, 168, 169, 170, 171, 176,
	913	177, 178, 11, 15, 186, 187, 188, 189, 190, 191,
	914	192, 193
826	915	};
827	916
828	917	/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing

830	919	#define YYPACT_NINF -13
831	920	static const yytype_int16 yypact[] =
832	921	{
833		-13, 70, -13, -13, -13, -13, -13, -13, -13, -13,
834		-12, 35, 34, 15, 16, 17, 18, 22, 23, 24,
835		63, 66, 67, 68, 72, 73, 74, 75, 76, 77,
836		78, 79, 80, 81, 82, 83, 84, 85, 86, 87,
837		88, 89, 90, 91, 92, 93, 94, 95, 96, 97,
838		99, 100, 101, 102, 103, 105, 106, 107, 108, 109,
839		110, 111, 112, 113, 114, 115, 116, 117, 118, 119,
840		120, 121, 122, 123, 124, 125, -13, -13, -13, -13,
	922	-13, 76, -13, -13, -13, -13, -13, -13, -13, -13,
	923	-13, -13, -12, 40, 44, 2, 15, 16, 17, 18,
	924	22, 23, 24, 68, 72, 73, 88, 89, 90, 91,
	925	92, 93, 94, 95, 96, 97, 98, 99, 100, 101,
	926	102, 103, 105, 106, 107, 108, 109, 111, 112, 113,
	927	114, 115, 116, 117, 118, 119, 120, 121, 122, 123,
	928	124, 125, 126, 127, 128, 130, 131, 132, 133, 134,
	929	135, 136, 137, 138, 139, 140, 141, 142, 143, 144,
	930	145, 146, 147, 148, 149, 150, 151, 152, 153, -13,
841	931	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
842	932	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
843	933	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
844	934	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
845	935	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
846	936	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
847		126, 127, 128, -13, -13, -13, -13, 129, 130, 131,
	937	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
	938	-13, -13, -13, 155, 156, 157, 158, -13, -13, -13,
	939	-13, -13, 159, 160, 161, -13, -13, -13, -13, 162,
	940	163, 164, 165, 166, 167, 168, -13, -13, -13, -13,
848	941	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
849	942	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
850	943	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
851	944	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
852	945	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
853		-13, -13, -13, -13, -13, -13, -13, 132, 133, -13,
	946	-13, -13, -13, -13, -13, -13, -13, 169, 170, -13,
854	947	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
855		-13, -13, -13, -13, -13
	948	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
	949	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
	950	-13, -13, -13
856	951	};
857	952
858	953	/* YYPGOTO[NTERM-NUM]. */

866	961	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
867	962	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
868	963	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
869		-13
	964	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
	965	-13, -13, -13, -13, -13, -13, -13, -13, -13, -13,
	966	-13, -13
870	967	};
871	968
872	969	/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If

874	971	number is the opposite. If zero, do what YYDEFACT says.
875	972	If YYTABLE_NINF, syntax error. */
876	973	#define YYTABLE_NINF -1
877		static const yytype_uint8 yytable[] =
	974	static const yytype_uint16 yytable[] =
878	975	{
879		13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
880		23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
881		33, 34, 35, 36, 37, 154, 155, 156, 157, 38,
882		39, 40, 158, 159, 160, 41, 42, 43, 44, 45,
883		46, 47, 48, 49, 50, 51, 52, 53, 54, 55,
884		56, 57, 58, 59, 60, 61, 62, 63, 64, 65,
885		66, 67, 68, 69, 70, 71, 72, 73, 74, 75,
886		2, 147, 140, 161, 141, 142, 162, 163, 164, 148,
887		149, 3, 165, 166, 167, 168, 169, 170, 171, 172,
888		173, 174, 175, 176, 177, 178, 179, 180, 181, 182,
889		183, 184, 185, 186, 187, 188, 189, 190, 4, 191,
890		192, 193, 194, 195, 5, 196, 197, 198, 199, 200,
891		201, 202, 203, 204, 205, 206, 207, 208, 209, 210,
892		211, 212, 213, 214, 215, 216, 217, 218, 219, 220,
893		221, 222, 223, 224
	976	16, 17, 18, 19, 20, 21, 22, 23, 24, 25,
	977	26, 27, 28, 29, 30, 31, 32, 33, 34, 35,
	978	36, 37, 38, 39, 40, 194, 195, 196, 197, 41,
	979	42, 43, 198, 199, 200, 44, 45, 46, 47, 48,
	980	49, 50, 51, 52, 53, 54, 55, 56, 57, 58,
	981	59, 60, 61, 62, 63, 64, 65, 66, 67, 68,
	982	69, 70, 71, 72, 73, 74, 75, 76, 77, 78,
	983	79, 80, 81, 82, 83, 84, 2, 163, 201, 164,
	984	165, 172, 202, 203, 85, 86, 87, 3, 88, 173,
	985	174, 179, 180, 181, 182, 183, 184, 185, 204, 205,
	986	206, 207, 208, 209, 210, 211, 212, 213, 214, 215,
	987	216, 217, 218, 219, 4, 220, 221, 222, 223, 224,
	988	5, 225, 226, 227, 228, 229, 230, 231, 232, 233,
	989	234, 235, 236, 237, 238, 239, 240, 241, 242, 166,
	990	243, 244, 245, 246, 247, 248, 249, 250, 251, 252,
	991	253, 254, 255, 256, 257, 258, 259, 260, 261, 262,
	992	263, 264, 265, 266, 6, 267, 268, 269, 270, 271,
	993	272, 273, 274, 275, 276, 277, 278, 279, 280, 281,
	994	282
894	995	};
895	996
896	997	static const yytype_uint8 yycheck[] =

902	1003	52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
903	1004	62, 63, 64, 65, 66, 67, 68, 69, 70, 71,
904	1005	72, 73, 74, 75, 76, 77, 78, 79, 80, 81,
905		0, 37, 37, 10, 39, 40, 10, 10, 10, 45,
906		46, 11, 10, 10, 10, 10, 10, 10, 10, 10,
	1006	82, 83, 84, 85, 86, 87, 0, 37, 10, 39,
	1007	40, 37, 10, 10, 96, 97, 98, 11, 100, 45,
	1008	46, 89, 90, 91, 92, 93, 94, 95, 10, 10,
907	1009	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
908		10, 10, 10, 10, 10, 10, 10, 10, 38, 10,
909		10, 10, 10, 10, 44, 10, 10, 10, 10, 10,
	1010	10, 10, 10, 10, 38, 10, 10, 10, 10, 10,
	1011	44, 10, 10, 10, 10, 10, 10, 10, 10, 10,
	1012	10, 10, 10, 10, 10, 10, 10, 10, 10, 99,
910	1013	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
911	1014	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
912		10, 10, 10, 10
	1015	10, 10, 10, 10, 88, 10, 10, 10, 10, 10,
	1016	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
	1017	10
913	1018	};
914	1019
915	1020	/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
916	1021	symbol of state STATE-NUM. */
917	1022	static const yytype_uint8 yystos[] =
918	1023	{
919		0, 83, 0, 11, 38, 44, 84, 85, 88, 91,
920		86, 89, 92, 12, 13, 14, 15, 16, 17, 18,
921		19, 20, 21, 22, 23, 24, 25, 26, 27, 28,
922		29, 30, 31, 32, 33, 34, 35, 36, 41, 42,
923		43, 47, 48, 49, 50, 51, 52, 53, 54, 55,
924		56, 57, 58, 59, 60, 61, 62, 63, 64, 65,
925		66, 67, 68, 69, 70, 71, 72, 73, 74, 75,
926		76, 77, 78, 79, 80, 81, 87, 94, 95, 96,
927		97, 98, 99, 100, 101, 102, 103, 104, 105, 106,
928		107, 108, 109, 110, 111, 112, 113, 114, 115, 116,
929		117, 118, 119, 120, 121, 122, 123, 124, 125, 126,
930		127, 128, 129, 130, 131, 132, 133, 134, 135, 136,
931		137, 138, 139, 140, 141, 142, 143, 144, 145, 146,
932		147, 148, 149, 150, 151, 152, 153, 154, 155, 156,
933		37, 39, 40, 90, 157, 158, 159, 37, 45, 46,
934		93, 160, 161, 162, 10, 10, 10, 10, 10, 10,
	1024	0, 102, 0, 11, 38, 44, 88, 103, 104, 107,
	1025	110, 193, 105, 108, 111, 194, 12, 13, 14, 15,
	1026	16, 17, 18, 19, 20, 21, 22, 23, 24, 25,
	1027	26, 27, 28, 29, 30, 31, 32, 33, 34, 35,
	1028	36, 41, 42, 43, 47, 48, 49, 50, 51, 52,
	1029	53, 54, 55, 56, 57, 58, 59, 60, 61, 62,
	1030	63, 64, 65, 66, 67, 68, 69, 70, 71, 72,
	1031	73, 74, 75, 76, 77, 78, 79, 80, 81, 82,
	1032	83, 84, 85, 86, 87, 96, 97, 98, 100, 106,
	1033	113, 114, 115, 116, 117, 118, 119, 120, 121, 122,
	1034	123, 124, 125, 126, 127, 128, 129, 130, 131, 132,
	1035	133, 134, 135, 136, 137, 138, 139, 140, 141, 142,
	1036	143, 144, 145, 146, 147, 148, 149, 150, 151, 152,
	1037	153, 154, 155, 156, 157, 158, 159, 160, 161, 162,
	1038	163, 164, 165, 166, 167, 168, 169, 170, 171, 172,
	1039	173, 174, 175, 176, 177, 178, 179, 180, 181, 182,
	1040	183, 184, 185, 37, 39, 40, 99, 109, 186, 187,
	1041	188, 189, 37, 45, 46, 112, 190, 191, 192, 89,
	1042	90, 91, 92, 93, 94, 95, 195, 196, 197, 198,
	1043	199, 200, 201, 202, 10, 10, 10, 10, 10, 10,
935	1044	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
936	1045	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
937	1046	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
938	1047	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
939	1048	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
940	1049	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
941		10, 10, 10, 10, 10
	1050	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
	1051	10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
	1052	10, 10, 10
942	1053	};
943	1054
944	1055	#define yyerrok (yyerrstatus = 0)

1752	1863	YY_REDUCE_PRINT (yyn);
1753	1864	switch (yyn)
1754	1865	{
1755		case 7:
1756		#line 103 "util/configparser.y"
	1866	case 8:
	1867	#line 109 "util/configparser.y"
1757	1868	{
1758	1869	OUTYY(("\nP(server:)\n"));
1759	1870	}
1760	1871	break;
1761	1872
1762		case 73:
1763		#line 138 "util/configparser.y"
	1873	case 84:
	1874	#line 149 "util/configparser.y"
1764	1875	{
1765	1876	struct config_stub* s;
1766	1877	OUTYY(("\nP(stub_zone:)\n"));

1773	1884	}
1774	1885	break;
1775	1886
1776		case 79:
1777		#line 154 "util/configparser.y"
	1887	case 91:
	1888	#line 165 "util/configparser.y"
1778	1889	{
1779	1890	struct config_stub* s;
1780	1891	OUTYY(("\nP(forward_zone:)\n"));

1787	1898	}
1788	1899	break;
1789	1900
1790		case 85:
1791		#line 170 "util/configparser.y"
	1901	case 97:
	1902	#line 181 "util/configparser.y"
1792	1903	{
1793	1904	OUTYY(("P(server_num_threads:%s)\n", (yyvsp[(2) - (2)].str)));
1794	1905	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

1798	1909	}
1799	1910	break;
1800	1911
1801		case 86:
1802		#line 179 "util/configparser.y"
	1912	case 98:
	1913	#line 190 "util/configparser.y"
1803	1914	{
1804	1915	OUTYY(("P(server_verbosity:%s)\n", (yyvsp[(2) - (2)].str)));
1805	1916	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

1809	1920	}
1810	1921	break;
1811	1922
1812		case 87:
1813		#line 188 "util/configparser.y"
	1923	case 99:
	1924	#line 199 "util/configparser.y"
1814	1925	{
1815	1926	OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[(2) - (2)].str)));
1816	1927	if(strcmp((yyvsp[(2) - (2)].str), "") == 0 \|\| strcmp((yyvsp[(2) - (2)].str), "0") == 0)

1822	1933	}
1823	1934	break;
1824	1935
1825		case 88:
1826		#line 199 "util/configparser.y"
	1936	case 100:
	1937	#line 210 "util/configparser.y"
1827	1938	{
1828	1939	OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[(2) - (2)].str)));
1829	1940	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

1833	1944	}
1834	1945	break;
1835	1946
1836		case 89:
1837		#line 208 "util/configparser.y"
	1947	case 101:
	1948	#line 219 "util/configparser.y"
	1949	{
	1950	OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[(2) - (2)].str)));
	1951	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
	1952	yyerror("expected yes or no.");
	1953	else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[(2) - (2)].str), "yes")==0);
	1954	free((yyvsp[(2) - (2)].str));
	1955	}
	1956	break;
	1957
	1958	case 102:
	1959	#line 228 "util/configparser.y"
1838	1960	{
1839	1961	OUTYY(("P(server_port:%s)\n", (yyvsp[(2) - (2)].str)));
1840	1962	if(atoi((yyvsp[(2) - (2)].str)) == 0)

1844	1966	}
1845	1967	break;
1846	1968
1847		case 90:
1848		#line 217 "util/configparser.y"
	1969	case 103:
	1970	#line 237 "util/configparser.y"
1849	1971	{
1850	1972	OUTYY(("P(server_interface:%s)\n", (yyvsp[(2) - (2)].str)));
1851	1973	if(cfg_parser->cfg->num_ifs == 0)

1859	1981	}
1860	1982	break;
1861	1983
1862		case 91:
1863		#line 230 "util/configparser.y"
	1984	case 104:
	1985	#line 250 "util/configparser.y"
1864	1986	{
1865	1987	OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[(2) - (2)].str)));
1866	1988	if(cfg_parser->cfg->num_out_ifs == 0)

1876	1998	}
1877	1999	break;
1878	2000
1879		case 92:
1880		#line 245 "util/configparser.y"
	2001	case 105:
	2002	#line 265 "util/configparser.y"
1881	2003	{
1882	2004	OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[(2) - (2)].str)));
1883	2005	if(atoi((yyvsp[(2) - (2)].str)) == 0)

1887	2009	}
1888	2010	break;
1889	2011
1890		case 93:
1891		#line 254 "util/configparser.y"
	2012	case 106:
	2013	#line 274 "util/configparser.y"
1892	2014	{
1893	2015	OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[(2) - (2)].str)));
1894	2016	if(!cfg_mark_ports((yyvsp[(2) - (2)].str), 1,

1898	2020	}
1899	2021	break;
1900	2022
1901		case 94:
1902		#line 263 "util/configparser.y"
	2023	case 107:
	2024	#line 283 "util/configparser.y"
1903	2025	{
1904	2026	OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[(2) - (2)].str)));
1905	2027	if(!cfg_mark_ports((yyvsp[(2) - (2)].str), 0,

1909	2031	}
1910	2032	break;
1911	2033
1912		case 95:
1913		#line 272 "util/configparser.y"
	2034	case 108:
	2035	#line 292 "util/configparser.y"
1914	2036	{
1915	2037	OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[(2) - (2)].str)));
1916	2038	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

1920	2042	}
1921	2043	break;
1922	2044
1923		case 96:
1924		#line 281 "util/configparser.y"
	2045	case 109:
	2046	#line 301 "util/configparser.y"
1925	2047	{
1926	2048	OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[(2) - (2)].str)));
1927	2049	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

1931	2053	}
1932	2054	break;
1933	2055
1934		case 97:
1935		#line 290 "util/configparser.y"
	2056	case 110:
	2057	#line 310 "util/configparser.y"
1936	2058	{
1937	2059	OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[(2) - (2)].str)));
1938	2060	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

1942	2064	}
1943	2065	break;
1944	2066
1945		case 98:
1946		#line 299 "util/configparser.y"
	2067	case 111:
	2068	#line 319 "util/configparser.y"
1947	2069	{
1948	2070	OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[(2) - (2)].str)));
1949	2071	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

1953	2075	}
1954	2076	break;
1955	2077
1956		case 99:
1957		#line 308 "util/configparser.y"
	2078	case 112:
	2079	#line 328 "util/configparser.y"
1958	2080	{
1959	2081	OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[(2) - (2)].str)));
1960	2082	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

1964	2086	}
1965	2087	break;
1966	2088
1967		case 100:
1968		#line 317 "util/configparser.y"
	2089	case 113:
	2090	#line 337 "util/configparser.y"
1969	2091	{
1970	2092	OUTYY(("P(server_do_udp:%s)\n", (yyvsp[(2) - (2)].str)));
1971	2093	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

1975	2097	}
1976	2098	break;
1977	2099
1978		case 101:
1979		#line 326 "util/configparser.y"
	2100	case 114:
	2101	#line 346 "util/configparser.y"
1980	2102	{
1981	2103	OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[(2) - (2)].str)));
1982	2104	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

1986	2108	}
1987	2109	break;
1988	2110
1989		case 102:
1990		#line 335 "util/configparser.y"
	2111	case 115:
	2112	#line 355 "util/configparser.y"
1991	2113	{
1992	2114	OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[(2) - (2)].str)));
1993	2115	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

1997	2119	}
1998	2120	break;
1999	2121
2000		case 103:
2001		#line 344 "util/configparser.y"
	2122	case 116:
	2123	#line 364 "util/configparser.y"
2002	2124	{
2003	2125	OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[(2) - (2)].str)));
2004	2126	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2013	2135	}
2014	2136	break;
2015	2137
2016		case 104:
2017		#line 358 "util/configparser.y"
	2138	case 117:
	2139	#line 378 "util/configparser.y"
2018	2140	{
2019	2141	OUTYY(("P(server_chroot:%s)\n", (yyvsp[(2) - (2)].str)));
2020	2142	free(cfg_parser->cfg->chrootdir);

2022	2144	}
2023	2145	break;
2024	2146
2025		case 105:
2026		#line 365 "util/configparser.y"
	2147	case 118:
	2148	#line 385 "util/configparser.y"
2027	2149	{
2028	2150	OUTYY(("P(server_username:%s)\n", (yyvsp[(2) - (2)].str)));
2029	2151	free(cfg_parser->cfg->username);

2031	2153	}
2032	2154	break;
2033	2155
2034		case 106:
2035		#line 372 "util/configparser.y"
	2156	case 119:
	2157	#line 392 "util/configparser.y"
2036	2158	{
2037	2159	OUTYY(("P(server_directory:%s)\n", (yyvsp[(2) - (2)].str)));
2038	2160	free(cfg_parser->cfg->directory);

2040	2162	}
2041	2163	break;
2042	2164
2043		case 107:
2044		#line 379 "util/configparser.y"
	2165	case 120:
	2166	#line 399 "util/configparser.y"
2045	2167	{
2046	2168	OUTYY(("P(server_logfile:%s)\n", (yyvsp[(2) - (2)].str)));
2047	2169	free(cfg_parser->cfg->logfile);

2050	2172	}
2051	2173	break;
2052	2174
2053		case 108:
2054		#line 387 "util/configparser.y"
	2175	case 121:
	2176	#line 407 "util/configparser.y"
2055	2177	{
2056	2178	OUTYY(("P(server_pidfile:%s)\n", (yyvsp[(2) - (2)].str)));
2057	2179	free(cfg_parser->cfg->pidfile);

2059	2181	}
2060	2182	break;
2061	2183
2062		case 109:
2063		#line 394 "util/configparser.y"
	2184	case 122:
	2185	#line 414 "util/configparser.y"
2064	2186	{
2065	2187	OUTYY(("P(server_root_hints:%s)\n", (yyvsp[(2) - (2)].str)));
2066	2188	if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[(2) - (2)].str)))

2068	2190	}
2069	2191	break;
2070	2192
2071		case 110:
2072		#line 401 "util/configparser.y"
	2193	case 123:
	2194	#line 421 "util/configparser.y"
	2195	{
	2196	OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[(2) - (2)].str)));
	2197	free(cfg_parser->cfg->dlv_anchor_file);
	2198	cfg_parser->cfg->dlv_anchor_file = (yyvsp[(2) - (2)].str);
	2199	}
	2200	break;
	2201
	2202	case 124:
	2203	#line 428 "util/configparser.y"
	2204	{
	2205	OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[(2) - (2)].str)));
	2206	if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[(2) - (2)].str)))
	2207	yyerror("out of memory");
	2208	}
	2209	break;
	2210
	2211	case 125:
	2212	#line 435 "util/configparser.y"
2073	2213	{
2074	2214	OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[(2) - (2)].str)));
2075	2215	if(!cfg_strlist_insert(&cfg_parser->cfg->

2078	2218	}
2079	2219	break;
2080	2220
2081		case 111:
2082		#line 409 "util/configparser.y"
	2221	case 126:
	2222	#line 443 "util/configparser.y"
2083	2223	{
2084	2224	OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[(2) - (2)].str)));
2085	2225	if(!cfg_strlist_insert(&cfg_parser->cfg->

2088	2228	}
2089	2229	break;
2090	2230
2091		case 112:
2092		#line 417 "util/configparser.y"
	2231	case 127:
	2232	#line 451 "util/configparser.y"
2093	2233	{
2094	2234	OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[(2) - (2)].str)));
2095	2235	if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[(2) - (2)].str)))

2097	2237	}
2098	2238	break;
2099	2239
2100		case 113:
2101		#line 424 "util/configparser.y"
	2240	case 128:
	2241	#line 458 "util/configparser.y"
2102	2242	{
2103	2243	OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[(2) - (2)].str)));
2104	2244	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2108	2248	}
2109	2249	break;
2110	2250
2111		case 114:
2112		#line 433 "util/configparser.y"
	2251	case 129:
	2252	#line 467 "util/configparser.y"
2113	2253	{
2114	2254	OUTYY(("P(server_hide_version:%s)\n", (yyvsp[(2) - (2)].str)));
2115	2255	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2119	2259	}
2120	2260	break;
2121	2261
2122		case 115:
2123		#line 442 "util/configparser.y"
	2262	case 130:
	2263	#line 476 "util/configparser.y"
2124	2264	{
2125	2265	OUTYY(("P(server_identity:%s)\n", (yyvsp[(2) - (2)].str)));
2126	2266	free(cfg_parser->cfg->identity);

2128	2268	}
2129	2269	break;
2130	2270
2131		case 116:
2132		#line 449 "util/configparser.y"
	2271	case 131:
	2272	#line 483 "util/configparser.y"
2133	2273	{
2134	2274	OUTYY(("P(server_version:%s)\n", (yyvsp[(2) - (2)].str)));
2135	2275	free(cfg_parser->cfg->version);

2137	2277	}
2138	2278	break;
2139	2279
2140		case 117:
2141		#line 456 "util/configparser.y"
	2280	case 132:
	2281	#line 490 "util/configparser.y"
2142	2282	{
2143	2283	OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[(2) - (2)].str)));
2144	2284	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2150	2290	}
2151	2291	break;
2152	2292
2153		case 118:
2154		#line 467 "util/configparser.y"
	2293	case 133:
	2294	#line 501 "util/configparser.y"
2155	2295	{
2156	2296	OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
2157	2297	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->msg_cache_size))

2160	2300	}
2161	2301	break;
2162	2302
2163		case 119:
2164		#line 475 "util/configparser.y"
	2303	case 134:
	2304	#line 509 "util/configparser.y"
2165	2305	{
2166	2306	OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
2167	2307	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2175	2315	}
2176	2316	break;
2177	2317
2178		case 120:
2179		#line 488 "util/configparser.y"
	2318	case 135:
	2319	#line 522 "util/configparser.y"
2180	2320	{
2181	2321	OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[(2) - (2)].str)));
2182	2322	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2186	2326	}
2187	2327	break;
2188	2328
2189		case 121:
2190		#line 497 "util/configparser.y"
	2329	case 136:
	2330	#line 531 "util/configparser.y"
	2331	{
	2332	OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[(2) - (2)].str)));
	2333	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)
	2334	yyerror("number expected");
	2335	else cfg_parser->cfg->jostle_time = atoi((yyvsp[(2) - (2)].str));
	2336	free((yyvsp[(2) - (2)].str));
	2337	}
	2338	break;
	2339
	2340	case 137:
	2341	#line 540 "util/configparser.y"
2191	2342	{
2192	2343	OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
2193	2344	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->rrset_cache_size))

2196	2347	}
2197	2348	break;
2198	2349
2199		case 122:
2200		#line 505 "util/configparser.y"
	2350	case 138:
	2351	#line 548 "util/configparser.y"
2201	2352	{
2202	2353	OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
2203	2354	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2211	2362	}
2212	2363	break;
2213	2364
2214		case 123:
2215		#line 518 "util/configparser.y"
	2365	case 139:
	2366	#line 561 "util/configparser.y"
2216	2367	{
2217	2368	OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2218	2369	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2222	2373	}
2223	2374	break;
2224	2375
2225		case 124:
2226		#line 527 "util/configparser.y"
	2376	case 140:
	2377	#line 570 "util/configparser.y"
2227	2378	{
2228	2379	OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2229	2380	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2233	2384	}
2234	2385	break;
2235	2386
2236		case 125:
2237		#line 536 "util/configparser.y"
	2387	case 141:
	2388	#line 579 "util/configparser.y"
2238	2389	{
2239	2390	OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[(2) - (2)].str)));
2240	2391	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2244	2395	}
2245	2396	break;
2246	2397
2247		case 126:
2248		#line 545 "util/configparser.y"
	2398	case 142:
	2399	#line 588 "util/configparser.y"
2249	2400	{
2250	2401	OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[(2) - (2)].str)));
2251	2402	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->

2255	2406	}
2256	2407	break;
2257	2408
2258		case 127:
2259		#line 554 "util/configparser.y"
	2409	case 143:
	2410	#line 597 "util/configparser.y"
2260	2411	{
2261	2412	OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
2262	2413	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2270	2421	}
2271	2422	break;
2272	2423
2273		case 128:
2274		#line 567 "util/configparser.y"
	2424	case 144:
	2425	#line 610 "util/configparser.y"
2275	2426	{
2276	2427	OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[(2) - (2)].str)));
2277	2428	free(cfg_parser->cfg->target_fetch_policy);

2279	2430	}
2280	2431	break;
2281	2432
2282		case 129:
2283		#line 574 "util/configparser.y"
	2433	case 145:
	2434	#line 617 "util/configparser.y"
2284	2435	{
2285	2436	OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[(2) - (2)].str)));
2286	2437	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2291	2442	}
2292	2443	break;
2293	2444
2294		case 130:
2295		#line 584 "util/configparser.y"
	2445	case 146:
	2446	#line 627 "util/configparser.y"
2296	2447	{
2297	2448	OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[(2) - (2)].str)));
2298	2449	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2303	2454	}
2304	2455	break;
2305	2456
2306		case 131:
2307		#line 594 "util/configparser.y"
	2457	case 147:
	2458	#line 637 "util/configparser.y"
2308	2459	{
2309	2460	OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[(2) - (2)].str)));
2310	2461	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2315	2466	}
2316	2467	break;
2317	2468
2318		case 132:
2319		#line 604 "util/configparser.y"
	2469	case 148:
	2470	#line 647 "util/configparser.y"
2320	2471	{
2321	2472	OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[(2) - (2)].str)));
2322	2473	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2327	2478	}
2328	2479	break;
2329	2480
2330		case 133:
2331		#line 614 "util/configparser.y"
	2481	case 149:
	2482	#line 657 "util/configparser.y"
	2483	{
	2484	OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[(2) - (2)].str)));
	2485	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
	2486	yyerror("expected yes or no.");
	2487	else cfg_parser->cfg->harden_referral_path =
	2488	(strcmp((yyvsp[(2) - (2)].str), "yes")==0);
	2489	free((yyvsp[(2) - (2)].str));
	2490	}
	2491	break;
	2492
	2493	case 150:
	2494	#line 667 "util/configparser.y"
2332	2495	{
2333	2496	OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[(2) - (2)].str)));
2334	2497	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2339	2502	}
2340	2503	break;
2341	2504
2342		case 134:
2343		#line 624 "util/configparser.y"
	2505	case 151:
	2506	#line 677 "util/configparser.y"
	2507	{
	2508	OUTYY(("P(server_private_address:%s)\n", (yyvsp[(2) - (2)].str)));
	2509	if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[(2) - (2)].str)))
	2510	yyerror("out of memory");
	2511	}
	2512	break;
	2513
	2514	case 152:
	2515	#line 684 "util/configparser.y"
	2516	{
	2517	OUTYY(("P(server_private_domain:%s)\n", (yyvsp[(2) - (2)].str)));
	2518	if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[(2) - (2)].str)))
	2519	yyerror("out of memory");
	2520	}
	2521	break;
	2522
	2523	case 153:
	2524	#line 691 "util/configparser.y"
	2525	{
	2526	OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[(2) - (2)].str)));
	2527	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)
	2528	yyerror("number expected");
	2529	else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[(2) - (2)].str));
	2530	free((yyvsp[(2) - (2)].str));
	2531	}
	2532	break;
	2533
	2534	case 154:
	2535	#line 700 "util/configparser.y"
2344	2536	{
2345	2537	OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[(2) - (2)].str)));
2346	2538	if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[(2) - (2)].str)))

2348	2540	}
2349	2541	break;
2350	2542
2351		case 135:
2352		#line 631 "util/configparser.y"
	2543	case 155:
	2544	#line 707 "util/configparser.y"
2353	2545	{
2354	2546	OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[(2) - (2)].str)));
2355	2547	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2360	2552	}
2361	2553	break;
2362	2554
2363		case 136:
2364		#line 641 "util/configparser.y"
	2555	case 156:
	2556	#line 717 "util/configparser.y"
2365	2557	{
2366	2558	OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str)));
2367	2559	if(strcmp((yyvsp[(3) - (3)].str), "deny")!=0 && strcmp((yyvsp[(3) - (3)].str), "refuse")!=0 &&
2368		strcmp((yyvsp[(3) - (3)].str), "allow")!=0) {
2369		yyerror("expected deny, refuse or allow in "
2370		"access control action");
	2560	strcmp((yyvsp[(3) - (3)].str), "allow")!=0 &&
	2561	strcmp((yyvsp[(3) - (3)].str), "allow_snoop")!=0) {
	2562	yyerror("expected deny, refuse, allow or allow_snoop "
	2563	"in access control action");
2371	2564	} else {
2372	2565	if(!cfg_str2list_insert(&cfg_parser->cfg->acls, (yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str)))
2373	2566	fatal_exit("out of memory adding acl");

2375	2568	}
2376	2569	break;
2377	2570
2378		case 137:
2379		#line 654 "util/configparser.y"
	2571	case 157:
	2572	#line 731 "util/configparser.y"
2380	2573	{
2381	2574	OUTYY(("P(server_module_conf:%s)\n", (yyvsp[(2) - (2)].str)));
2382	2575	free(cfg_parser->cfg->module_conf);

2384	2577	}
2385	2578	break;
2386	2579
2387		case 138:
2388		#line 661 "util/configparser.y"
	2580	case 158:
	2581	#line 738 "util/configparser.y"
2389	2582	{
2390	2583	OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[(2) - (2)].str)));
2391	2584	if(strlen((yyvsp[(2) - (2)].str)) == 0 \|\| strcmp((yyvsp[(2) - (2)].str), "0") == 0) {

2404	2597	}
2405	2598	break;
2406	2599
2407		case 139:
2408		#line 679 "util/configparser.y"
	2600	case 159:
	2601	#line 756 "util/configparser.y"
2409	2602	{
2410	2603	OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2411	2604	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2415	2608	}
2416	2609	break;
2417	2610
2418		case 140:
2419		#line 688 "util/configparser.y"
	2611	case 160:
	2612	#line 765 "util/configparser.y"
2420	2613	{
2421	2614	OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[(2) - (2)].str)));
2422	2615	if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0)

2426	2619	}
2427	2620	break;
2428	2621
2429		case 141:
2430		#line 697 "util/configparser.y"
	2622	case 161:
	2623	#line 774 "util/configparser.y"
2431	2624	{
2432	2625	OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[(2) - (2)].str)));
2433	2626	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2438	2631	}
2439	2632	break;
2440	2633
2441		case 142:
2442		#line 707 "util/configparser.y"
	2634	case 162:
	2635	#line 784 "util/configparser.y"
2443	2636	{
2444	2637	OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[(2) - (2)].str)));
2445	2638	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)

2450	2643	}
2451	2644	break;
2452	2645
2453		case 143:
2454		#line 717 "util/configparser.y"
	2646	case 163:
	2647	#line 794 "util/configparser.y"
2455	2648	{
2456	2649	OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[(2) - (2)].str)));
2457	2650	free(cfg_parser->cfg->val_nsec3_key_iterations);

2459	2652	}
2460	2653	break;
2461	2654
2462		case 144:
2463		#line 724 "util/configparser.y"
	2655	case 164:
	2656	#line 801 "util/configparser.y"
2464	2657	{
2465	2658	OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
2466	2659	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->key_cache_size))

2469	2662	}
2470	2663	break;
2471	2664
2472		case 145:
2473		#line 732 "util/configparser.y"
	2665	case 165:
	2666	#line 809 "util/configparser.y"
2474	2667	{
2475	2668	OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str)));
2476	2669	if(atoi((yyvsp[(2) - (2)].str)) == 0)

2484	2677	}
2485	2678	break;
2486	2679
2487		case 146:
2488		#line 745 "util/configparser.y"
	2680	case 166:
	2681	#line 822 "util/configparser.y"
	2682	{
	2683	OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[(2) - (2)].str)));
	2684	if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->neg_cache_size))
	2685	yyerror("memory size expected");
	2686	free((yyvsp[(2) - (2)].str));
	2687	}
	2688	break;
	2689
	2690	case 167:
	2691	#line 830 "util/configparser.y"
2489	2692	{
2490	2693	OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str)));
2491	2694	if(strcmp((yyvsp[(3) - (3)].str), "static")!=0 && strcmp((yyvsp[(3) - (3)].str), "deny")!=0 &&

2497	2700	if(!cfg_strlist_insert(&cfg_parser->cfg->
2498	2701	local_zones_nodefault, (yyvsp[(2) - (3)].str)))
2499	2702	fatal_exit("out of memory adding local-zone");
	2703	free((yyvsp[(3) - (3)].str));
2500	2704	} else {
2501	2705	if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2502	2706	(yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str)))

2505	2709	}
2506	2710	break;
2507	2711
2508		case 147:
2509		#line 764 "util/configparser.y"
	2712	case 168:
	2713	#line 850 "util/configparser.y"
2510	2714	{
2511	2715	OUTYY(("P(server_local_data:%s)\n", (yyvsp[(2) - (2)].str)));
2512	2716	if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[(2) - (2)].str)))

2514	2718	}
2515	2719	break;
2516	2720
2517		case 148:
2518		#line 771 "util/configparser.y"
	2721	case 169:
	2722	#line 857 "util/configparser.y"
	2723	{
	2724	char* ptr;
	2725	OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[(2) - (2)].str)));
	2726	ptr = cfg_ptr_reverse((yyvsp[(2) - (2)].str));
	2727	free((yyvsp[(2) - (2)].str));
	2728	if(ptr) {
	2729	if(!cfg_strlist_insert(&cfg_parser->cfg->
	2730	local_data, ptr))
	2731	fatal_exit("out of memory adding local-data");
	2732	} else {
	2733	yyerror("local-data-ptr could not be reversed");
	2734	}
	2735	}
	2736	break;
	2737
	2738	case 170:
	2739	#line 872 "util/configparser.y"
2519	2740	{
2520	2741	OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str)));
2521	2742	free(cfg_parser->cfg->stubs->name);

2523	2744	}
2524	2745	break;
2525	2746
2526		case 149:
2527		#line 778 "util/configparser.y"
	2747	case 171:
	2748	#line 879 "util/configparser.y"
2528	2749	{
2529	2750	OUTYY(("P(stub-host:%s)\n", (yyvsp[(2) - (2)].str)));
2530	2751	if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[(2) - (2)].str)))

2532	2753	}
2533	2754	break;
2534	2755
2535		case 150:
2536		#line 785 "util/configparser.y"
	2756	case 172:
	2757	#line 886 "util/configparser.y"
2537	2758	{
2538	2759	OUTYY(("P(stub-addr:%s)\n", (yyvsp[(2) - (2)].str)));
2539	2760	if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[(2) - (2)].str)))

2541	2762	}
2542	2763	break;
2543	2764
2544		case 151:
2545		#line 792 "util/configparser.y"
	2765	case 173:
	2766	#line 893 "util/configparser.y"
	2767	{
	2768	OUTYY(("P(stub-prime:%s)\n", (yyvsp[(2) - (2)].str)));
	2769	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
	2770	yyerror("expected yes or no.");
	2771	else cfg_parser->cfg->stubs->isprime =
	2772	(strcmp((yyvsp[(2) - (2)].str), "yes")==0);
	2773	free((yyvsp[(2) - (2)].str));
	2774	}
	2775	break;
	2776
	2777	case 174:
	2778	#line 903 "util/configparser.y"
2546	2779	{
2547	2780	OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str)));
2548	2781	free(cfg_parser->cfg->forwards->name);

2550	2783	}
2551	2784	break;
2552	2785
2553		case 152:
2554		#line 799 "util/configparser.y"
	2786	case 175:
	2787	#line 910 "util/configparser.y"
2555	2788	{
2556	2789	OUTYY(("P(forward-host:%s)\n", (yyvsp[(2) - (2)].str)));
2557	2790	if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[(2) - (2)].str)))

2559	2792	}
2560	2793	break;
2561	2794
2562		case 153:
2563		#line 806 "util/configparser.y"
	2795	case 176:
	2796	#line 917 "util/configparser.y"
2564	2797	{
2565	2798	OUTYY(("P(forward-addr:%s)\n", (yyvsp[(2) - (2)].str)));
2566	2799	if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[(2) - (2)].str)))

2568	2801	}
2569	2802	break;
2570	2803
	2804	case 177:
	2805	#line 924 "util/configparser.y"
	2806	{
	2807	OUTYY(("\nP(remote-control:)\n"));
	2808	}
	2809	break;
	2810
	2811	case 187:
	2812	#line 935 "util/configparser.y"
	2813	{
	2814	OUTYY(("P(control_enable:%s)\n", (yyvsp[(2) - (2)].str)));
	2815	if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0)
	2816	yyerror("expected yes or no.");
	2817	else cfg_parser->cfg->remote_control_enable =
	2818	(strcmp((yyvsp[(2) - (2)].str), "yes")==0);
	2819	free((yyvsp[(2) - (2)].str));
	2820	}
	2821	break;
	2822
	2823	case 188:
	2824	#line 945 "util/configparser.y"
	2825	{
	2826	OUTYY(("P(control_port:%s)\n", (yyvsp[(2) - (2)].str)));
	2827	if(atoi((yyvsp[(2) - (2)].str)) == 0)
	2828	yyerror("control port number expected");
	2829	else cfg_parser->cfg->control_port = atoi((yyvsp[(2) - (2)].str));
	2830	free((yyvsp[(2) - (2)].str));
	2831	}
	2832	break;
	2833
	2834	case 189:
	2835	#line 954 "util/configparser.y"
	2836	{
	2837	OUTYY(("P(control_interface:%s)\n", (yyvsp[(2) - (2)].str)));
	2838	if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[(2) - (2)].str)))
	2839	yyerror("out of memory");
	2840	}
	2841	break;
	2842
	2843	case 190:
	2844	#line 961 "util/configparser.y"
	2845	{
	2846	OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[(2) - (2)].str)));
	2847	free(cfg_parser->cfg->server_key_file);
	2848	cfg_parser->cfg->server_key_file = (yyvsp[(2) - (2)].str);
	2849	}
	2850	break;
	2851
	2852	case 191:
	2853	#line 968 "util/configparser.y"
	2854	{
	2855	OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[(2) - (2)].str)));
	2856	free(cfg_parser->cfg->server_cert_file);
	2857	cfg_parser->cfg->server_cert_file = (yyvsp[(2) - (2)].str);
	2858	}
	2859	break;
	2860
	2861	case 192:
	2862	#line 975 "util/configparser.y"
	2863	{
	2864	OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[(2) - (2)].str)));
	2865	free(cfg_parser->cfg->control_key_file);
	2866	cfg_parser->cfg->control_key_file = (yyvsp[(2) - (2)].str);
	2867	}
	2868	break;
	2869
	2870	case 193:
	2871	#line 982 "util/configparser.y"
	2872	{
	2873	OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[(2) - (2)].str)));
	2874	free(cfg_parser->cfg->control_cert_file);
	2875	cfg_parser->cfg->control_cert_file = (yyvsp[(2) - (2)].str);
	2876	}
	2877	break;
	2878
2571	2879
2572	2880	/* Line 1267 of yacc.c. */
2573		#line 2575 "util/configparser.c"
	2881	#line 2883 "util/configparser.c"
2574	2882	default: break;
2575	2883	}
2576	2884	YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);

2784	3092	}
2785	3093
2786	3094
2787		#line 812 "util/configparser.y"
	3095	#line 988 "util/configparser.y"
2788	3096
2789	3097
2790	3098	/* parse helper routines could be here */

+40

-2

util/configparser.h less more

116	116	VAR_USE_CAPS_FOR_ID = 333,
117	117	VAR_STATISTICS_CUMULATIVE = 334,
118	118	VAR_OUTGOING_PORT_PERMIT = 335,
119		VAR_OUTGOING_PORT_AVOID = 336
	119	VAR_OUTGOING_PORT_AVOID = 336,
	120	VAR_DLV_ANCHOR_FILE = 337,
	121	VAR_DLV_ANCHOR = 338,
	122	VAR_NEG_CACHE_SIZE = 339,
	123	VAR_HARDEN_REFERRAL_PATH = 340,
	124	VAR_PRIVATE_ADDRESS = 341,
	125	VAR_PRIVATE_DOMAIN = 342,
	126	VAR_REMOTE_CONTROL = 343,
	127	VAR_CONTROL_ENABLE = 344,
	128	VAR_CONTROL_INTERFACE = 345,
	129	VAR_CONTROL_PORT = 346,
	130	VAR_SERVER_KEY_FILE = 347,
	131	VAR_SERVER_CERT_FILE = 348,
	132	VAR_CONTROL_KEY_FILE = 349,
	133	VAR_CONTROL_CERT_FILE = 350,
	134	VAR_EXTENDED_STATISTICS = 351,
	135	VAR_LOCAL_DATA_PTR = 352,
	136	VAR_JOSTLE_TIMEOUT = 353,
	137	VAR_STUB_PRIME = 354,
	138	VAR_UNWANTED_REPLY_THRESHOLD = 355
120	139	};
121	140	#endif
122	141	/* Tokens. */

199	218	#define VAR_STATISTICS_CUMULATIVE 334
200	219	#define VAR_OUTGOING_PORT_PERMIT 335
201	220	#define VAR_OUTGOING_PORT_AVOID 336
	221	#define VAR_DLV_ANCHOR_FILE 337
	222	#define VAR_DLV_ANCHOR 338
	223	#define VAR_NEG_CACHE_SIZE 339
	224	#define VAR_HARDEN_REFERRAL_PATH 340
	225	#define VAR_PRIVATE_ADDRESS 341
	226	#define VAR_PRIVATE_DOMAIN 342
	227	#define VAR_REMOTE_CONTROL 343
	228	#define VAR_CONTROL_ENABLE 344
	229	#define VAR_CONTROL_INTERFACE 345
	230	#define VAR_CONTROL_PORT 346
	231	#define VAR_SERVER_KEY_FILE 347
	232	#define VAR_SERVER_CERT_FILE 348
	233	#define VAR_CONTROL_KEY_FILE 349
	234	#define VAR_CONTROL_CERT_FILE 350
	235	#define VAR_EXTENDED_STATISTICS 351
	236	#define VAR_LOCAL_DATA_PTR 352
	237	#define VAR_JOSTLE_TIMEOUT 353
	238	#define VAR_STUB_PRIME 354
	239	#define VAR_UNWANTED_REPLY_THRESHOLD 355
202	240
203	241
204	242

210	248	char* str;
211	249	}
212	250	/* Line 1489 of yacc.c. */
213		#line 215 "util/configparser.h"
	251	#line 253 "util/configparser.h"
214	252	YYSTYPE;
215	253	# define yystype YYSTYPE /* obsolescent; will be withdrawn */
216	254	# define YYSTYPE_IS_DECLARED 1

+183

-7

util/configparser.y less more

89	89	%token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
90	90	%token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
91	91	%token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
92		%token VAR_OUTGOING_PORT_AVOID
	92	%token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
	93	%token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
	94	%token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
	95	%token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
	96	%token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
	97	%token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
	98	%token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD
93	99
94	100	%%
95	101	toplevelvars: /* empty */ \| toplevelvars toplevelvar ;
96	102	toplevelvar: serverstart contents_server \| stubstart contents_stub \|
97		forwardstart contents_forward
	103	forwardstart contents_forward \| rcstart contents_rc
98	104	;
99	105
100	106	/* server: declaration */

131	137	server_local_zone \| server_local_data \| server_interface_automatic \|
132	138	server_statistics_interval \| server_do_daemonize \|
133	139	server_use_caps_for_id \| server_statistics_cumulative \|
134		server_outgoing_port_permit \| server_outgoing_port_avoid
	140	server_outgoing_port_permit \| server_outgoing_port_avoid \|
	141	server_dlv_anchor_file \| server_dlv_anchor \| server_neg_cache_size \|
	142	server_harden_referral_path \| server_private_address \|
	143	server_private_domain \| server_extended_statistics \|
	144	server_local_data_ptr \| server_jostle_timeout \|
	145	server_unwanted_reply_threshold
135	146	;
136	147	stubstart: VAR_STUB_ZONE
137	148	{

147	158	;
148	159	contents_stub: contents_stub content_stub
149	160	\| ;
150		content_stub: stub_name \| stub_host \| stub_addr
	161	content_stub: stub_name \| stub_host \| stub_addr \| stub_prime
151	162	;
152	163	forwardstart: VAR_FORWARD_ZONE
153	164	{

203	214	free($2);
204	215	}
205	216	;
	217	server_extended_statistics: VAR_EXTENDED_STATISTICS STRING
	218	{
	219	OUTYY(("P(server_extended_statistics:%s)\n", $2));
	220	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
	221	yyerror("expected yes or no.");
	222	else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
	223	free($2);
	224	}
	225	;
206	226	server_port: VAR_PORT STRING
207	227	{
208	228	OUTYY(("P(server_port:%s)\n", $2));

396	416	yyerror("out of memory");
397	417	}
398	418	;
	419	server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING
	420	{
	421	OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
	422	free(cfg_parser->cfg->dlv_anchor_file);
	423	cfg_parser->cfg->dlv_anchor_file = $2;
	424	}
	425	;
	426	server_dlv_anchor: VAR_DLV_ANCHOR STRING
	427	{
	428	OUTYY(("P(server_dlv_anchor:%s)\n", $2));
	429	if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
	430	yyerror("out of memory");
	431	}
	432	;
399	433	server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING
400	434	{
401	435	OUTYY(("P(server_trust_anchor_file:%s)\n", $2));

492	526	free($2);
493	527	}
494	528	;
	529	server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING
	530	{
	531	OUTYY(("P(server_jostle_timeout:%s)\n", $2));
	532	if(atoi($2) == 0 && strcmp($2, "0") != 0)
	533	yyerror("number expected");
	534	else cfg_parser->cfg->jostle_time = atoi($2);
	535	free($2);
	536	}
	537	;
495	538	server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING
496	539	{
497	540	OUTYY(("P(server_rrset_cache_size:%s)\n", $2));

609	652	free($2);
610	653	}
611	654	;
	655	server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING
	656	{
	657	OUTYY(("P(server_harden_referral_path:%s)\n", $2));
	658	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
	659	yyerror("expected yes or no.");
	660	else cfg_parser->cfg->harden_referral_path =
	661	(strcmp($2, "yes")==0);
	662	free($2);
	663	}
	664	;
612	665	server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING
613	666	{
614	667	OUTYY(("P(server_use_caps_for_id:%s)\n", $2));

616	669	yyerror("expected yes or no.");
617	670	else cfg_parser->cfg->use_caps_bits_for_id =
618	671	(strcmp($2, "yes")==0);
	672	free($2);
	673	}
	674	;
	675	server_private_address: VAR_PRIVATE_ADDRESS STRING
	676	{
	677	OUTYY(("P(server_private_address:%s)\n", $2));
	678	if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
	679	yyerror("out of memory");
	680	}
	681	;
	682	server_private_domain: VAR_PRIVATE_DOMAIN STRING
	683	{
	684	OUTYY(("P(server_private_domain:%s)\n", $2));
	685	if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
	686	yyerror("out of memory");
	687	}
	688	;
	689	server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING
	690	{
	691	OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
	692	if(atoi($2) == 0 && strcmp($2, "0") != 0)
	693	yyerror("number expected");
	694	else cfg_parser->cfg->unwanted_threshold = atoi($2);
619	695	free($2);
620	696	}
621	697	;

640	716	{
641	717	OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
642	718	if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
643		strcmp($3, "allow")!=0) {
644		yyerror("expected deny, refuse or allow in "
645		"access control action");
	719	strcmp($3, "allow")!=0 &&
	720	strcmp($3, "allow_snoop")!=0) {
	721	yyerror("expected deny, refuse, allow or allow_snoop "
	722	"in access control action");
646	723	} else {
647	724	if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
648	725	fatal_exit("out of memory adding acl");

740	817	free($2);
741	818	}
742	819	;
	820	server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING
	821	{
	822	OUTYY(("P(server_neg_cache_size:%s)\n", $2));
	823	if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
	824	yyerror("memory size expected");
	825	free($2);
	826	}
	827	;
743	828	server_local_zone: VAR_LOCAL_ZONE STRING STRING
744	829	{
745	830	OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));

752	837	if(!cfg_strlist_insert(&cfg_parser->cfg->
753	838	local_zones_nodefault, $2))
754	839	fatal_exit("out of memory adding local-zone");
	840	free($3);
755	841	} else {
756	842	if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
757	843	$2, $3))

766	852	fatal_exit("out of memory adding local-data");
767	853	}
768	854	;
	855	server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING
	856	{
	857	char* ptr;
	858	OUTYY(("P(server_local_data_ptr:%s)\n", $2));
	859	ptr = cfg_ptr_reverse($2);
	860	free($2);
	861	if(ptr) {
	862	if(!cfg_strlist_insert(&cfg_parser->cfg->
	863	local_data, ptr))
	864	fatal_exit("out of memory adding local-data");
	865	} else {
	866	yyerror("local-data-ptr could not be reversed");
	867	}
	868	}
	869	;
769	870	stub_name: VAR_NAME STRING
770	871	{
771	872	OUTYY(("P(name:%s)\n", $2));

787	888	yyerror("out of memory");
788	889	}
789	890	;
	891	stub_prime: VAR_STUB_PRIME STRING
	892	{
	893	OUTYY(("P(stub-prime:%s)\n", $2));
	894	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
	895	yyerror("expected yes or no.");
	896	else cfg_parser->cfg->stubs->isprime =
	897	(strcmp($2, "yes")==0);
	898	free($2);
	899	}
	900	;
790	901	forward_name: VAR_NAME STRING
791	902	{
792	903	OUTYY(("P(name:%s)\n", $2));

808	919	yyerror("out of memory");
809	920	}
810	921	;
	922	rcstart: VAR_REMOTE_CONTROL
	923	{
	924	OUTYY(("\nP(remote-control:)\n"));
	925	}
	926	;
	927	contents_rc: contents_rc content_rc
	928	\| ;
	929	content_rc: rc_control_enable \| rc_control_interface \| rc_control_port \|
	930	rc_server_key_file \| rc_server_cert_file \| rc_control_key_file \|
	931	rc_control_cert_file
	932	;
	933	rc_control_enable: VAR_CONTROL_ENABLE STRING
	934	{
	935	OUTYY(("P(control_enable:%s)\n", $2));
	936	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
	937	yyerror("expected yes or no.");
	938	else cfg_parser->cfg->remote_control_enable =
	939	(strcmp($2, "yes")==0);
	940	free($2);
	941	}
	942	;
	943	rc_control_port: VAR_CONTROL_PORT STRING
	944	{
	945	OUTYY(("P(control_port:%s)\n", $2));
	946	if(atoi($2) == 0)
	947	yyerror("control port number expected");
	948	else cfg_parser->cfg->control_port = atoi($2);
	949	free($2);
	950	}
	951	;
	952	rc_control_interface: VAR_CONTROL_INTERFACE STRING
	953	{
	954	OUTYY(("P(control_interface:%s)\n", $2));
	955	if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
	956	yyerror("out of memory");
	957	}
	958	;
	959	rc_server_key_file: VAR_SERVER_KEY_FILE STRING
	960	{
	961	OUTYY(("P(rc_server_key_file:%s)\n", $2));
	962	free(cfg_parser->cfg->server_key_file);
	963	cfg_parser->cfg->server_key_file = $2;
	964	}
	965	;
	966	rc_server_cert_file: VAR_SERVER_CERT_FILE STRING
	967	{
	968	OUTYY(("P(rc_server_cert_file:%s)\n", $2));
	969	free(cfg_parser->cfg->server_cert_file);
	970	cfg_parser->cfg->server_cert_file = $2;
	971	}
	972	;
	973	rc_control_key_file: VAR_CONTROL_KEY_FILE STRING
	974	{
	975	OUTYY(("P(rc_control_key_file:%s)\n", $2));
	976	free(cfg_parser->cfg->control_key_file);
	977	cfg_parser->cfg->control_key_file = $2;
	978	}
	979	;
	980	rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING
	981	{
	982	OUTYY(("P(rc_control_cert_file:%s)\n", $2));
	983	free(cfg_parser->cfg->control_cert_file);
	984	cfg_parser->cfg->control_cert_file = $2;
	985	}
	986	;
811	987	%%
812	988
813	989	/* parse helper routines could be here */

+14

-4

util/data/msgencode.c less more

465	465	return r;
466	466	ldns_buffer_write(pkt, &key->rk.type, 2);
467	467	ldns_buffer_write(pkt, &key->rk.rrset_class, 2);
468		ldns_buffer_write_u32(pkt, data->rr_ttl[i]-timenow);
	468	if(data->rr_ttl[i] < timenow)
	469	ldns_buffer_write_u32(pkt, 0);
	470	else ldns_buffer_write_u32(pkt,
	471	data->rr_ttl[i]-timenow);
469	472	if(c) {
470	473	if((r=compress_rdata(pkt, data->rr_data[i],
471	474	data->rr_len[i], region, tree, c))

499	502	}
500	503	ldns_buffer_write_u16(pkt, LDNS_RR_TYPE_RRSIG);
501	504	ldns_buffer_write(pkt, &key->rk.rrset_class, 2);
502		ldns_buffer_write_u32(pkt, data->rr_ttl[i]-timenow);
	505	if(data->rr_ttl[i] < timenow)
	506	ldns_buffer_write_u32(pkt, 0);
	507	else ldns_buffer_write_u32(pkt,
	508	data->rr_ttl[i]-timenow);
503	509	/* rrsig rdata cannot be compressed, perform 100+ byte
504	510	* memcopy. */
505	511	ldns_buffer_write(pkt, data->rr_data[i],

579	585	dname_count_labels(qinfo->qname),
580	586	ldns_buffer_position(buffer), region, NULL, tree))
581	587	return RETVAL_OUTMEM;
582		ldns_buffer_write(buffer, qinfo->qname, qinfo->qname_len);
	588	if(ldns_buffer_current(buffer) == qinfo->qname)
	589	ldns_buffer_skip(buffer, (ssize_t)qinfo->qname_len);
	590	else ldns_buffer_write(buffer, qinfo->qname, qinfo->qname_len);
583	591	ldns_buffer_write_u16(buffer, qinfo->qtype);
584	592	ldns_buffer_write_u16(buffer, qinfo->qclass);
585	593	return RETVAL_OK;

775	783	ldns_buffer_write(buf, &flags, sizeof(uint16_t));
776	784	ldns_buffer_write(buf, &flags, sizeof(uint16_t));
777	785	if(qinfo) {
778		ldns_buffer_write(buf, qinfo->qname, qinfo->qname_len);
	786	if(ldns_buffer_current(buf) == qinfo->qname)
	787	ldns_buffer_skip(buf, (ssize_t)qinfo->qname_len);
	788	else ldns_buffer_write(buf, qinfo->qname, qinfo->qname_len);
779	789	ldns_buffer_write_u16(buf, qinfo->qtype);
780	790	ldns_buffer_write_u16(buf, qinfo->qclass);
781	791	}

+2

-2

util/data/msgparse.c less more

118	118	}
119	119
120	120	/* see if SOA bit is set. */
121		if(ldns_buffer_position(pkt) < pos+rdatalen) {
	121	if(ldns_buffer_position(pkt) < pos+4+rdatalen) {
122	122	/* nsec type bitmap contains items */
123	123	uint8_t win, blen, bits;
124	124	/* need: windownum, bitmap len, firstbyte */
125		if(ldns_buffer_position(pkt)+3 > pos+rdatalen) {
	125	if(ldns_buffer_position(pkt)+3 > pos+4+rdatalen) {
126	126	ldns_buffer_set_position(pkt, pos);
127	127	return 0; /* malformed nsec */
128	128	}

+1

-0

util/data/msgreply.c less more

319	319	if(AA) return rrset_trust_add_AA;
320	320	else return rrset_trust_add_noAA;
321	321	}
	322	/* NOTREACHED */
322	323	return rrset_trust_none;
323	324	}
324	325

+41

-0

util/data/packed_rrset.c less more

44	44	#include "util/storage/lookup3.h"
45	45	#include "util/log.h"
46	46	#include "util/alloc.h"
	47	#include "util/regional.h"
47	48
48	49	void
49	50	ub_packed_rrset_parsedelete(struct ub_packed_rrset_key* pkey,

261	262	entry.data;
262	263	return d->ttl;
263	264	}
	265
	266	struct ub_packed_rrset_key*
	267	packed_rrset_copy_region(struct ub_packed_rrset_key* key,
	268	struct regional* region, uint32_t now)
	269	{
	270	struct ub_packed_rrset_key* ck = regional_alloc(region,
	271	sizeof(struct ub_packed_rrset_key));
	272	struct packed_rrset_data* d;
	273	struct packed_rrset_data* data = (struct packed_rrset_data*)
	274	key->entry.data;
	275	size_t dsize, i;
	276	if(!ck)
	277	return NULL;
	278	ck->id = key->id;
	279	memset(&ck->entry, 0, sizeof(ck->entry));
	280	ck->entry.hash = key->entry.hash;
	281	ck->entry.key = ck;
	282	ck->rk = key->rk;
	283	ck->rk.dname = regional_alloc_init(region, key->rk.dname,
	284	key->rk.dname_len);
	285	if(!ck->rk.dname)
	286	return NULL;
	287	dsize = packed_rrset_sizeof(data);
	288	d = (struct packed_rrset_data*)regional_alloc_init(region, data, dsize);
	289	if(!d)
	290	return NULL;
	291	ck->entry.data = d;
	292	packed_rrset_ptr_fixup(d);
	293	/* make TTLs relative - once per rrset */
	294	for(i=0; i<d->count + d->rrsig_count; i++) {
	295	if(d->rr_ttl[i] < now)
	296	d->rr_ttl[i] = 0;
	297	else d->rr_ttl[i] -= now;
	298	}
	299	if(d->ttl < now)
	300	d->ttl = 0;
	301	else d->ttl -= now;
	302	return ck;
	303	}
	304

+13

-0

util/data/packed_rrset.h less more

42	42	#define UTIL_DATA_PACKED_RRSET_H
43	43	#include "util/storage/lruhash.h"
44	44	struct alloc_cache;
	45	struct regional;
45	46
46	47	/** type used to uniquely identify rrsets. Cannot be reused without
47	48	* clearing the cache. */

362	363	*/
363	364	const char* sec_status_to_string(enum sec_status s);
364	365
	366	/**
	367	* Allocate rrset in region - no more locks needed
	368	* @param key: a (just from rrset cache looked up) rrset key + valid,
	369	* packed data record.
	370	* @param region: where to alloc the copy
	371	* @param now: adjust the TTLs to be relative (subtract from all TTLs).
	372	* @return new region-alloced rrset key or NULL on alloc failure.
	373	*/
	374	struct ub_packed_rrset_key* packed_rrset_copy_region(
	375	struct ub_packed_rrset_key* key, struct regional* region,
	376	uint32_t now);
	377
365	378	#endif /* UTIL_DATA_PACKED_RRSET_H */

+27

-7

util/fptr_wlist.c less more

46	46	#include "util/fptr_wlist.h"
47	47	#include "util/mini_event.h"
48	48	#include "daemon/worker.h"
	49	#include "daemon/remote.h"
49	50	#include "services/outside_network.h"
50	51	#include "services/mesh.h"
51	52	#include "services/localzone.h"
52	53	#include "services/cache/infra.h"
53	54	#include "services/cache/rrset.h"
54	55	#include "iterator/iterator.h"
55		#include "iterator/iter_donotq.h"
56	56	#include "iterator/iter_fwd.h"
57		#include "iterator/iter_hints.h"
58	57	#include "validator/validator.h"
59	58	#include "validator/val_anchor.h"
60	59	#include "validator/val_nsec3.h"
61	60	#include "validator/val_sigcrypt.h"
62	61	#include "validator/val_kentry.h"
	62	#include "validator/val_neg.h"
63	63	#include "util/data/msgreply.h"
64	64	#include "util/data/packed_rrset.h"
65	65	#include "util/storage/slabhash.h"
	66	#include "util/storage/dnstree.h"
66	67	#include "util/locks.h"
67		#include "daemon/acl_list.h"
68	68	#include "libunbound/libworker.h"
69	69	#include "libunbound/context.h"
	70	#include "util/tube.h"
70	71
71	72	int
72	73	fptr_whitelist_comm_point(comm_point_callback_t *fptr)

74	75	if(fptr == &worker_handle_request) return 1;
75	76	else if(fptr == &outnet_udp_cb) return 1;
76	77	else if(fptr == &outnet_tcp_cb) return 1;
77		else if(fptr == &worker_handle_control_cmd) return 1;
	78	else if(fptr == &tube_handle_listen) return 1;
	79	return 0;
	80	}
	81
	82	int
	83	fptr_whitelist_comm_point_raw(comm_point_callback_t *fptr)
	84	{
	85	if(fptr == &tube_handle_listen) return 1;
	86	else if(fptr == &tube_handle_write) return 1;
	87	else if(fptr == &remote_accept_callback) return 1;
	88	else if(fptr == &remote_control_callback) return 1;
78	89	return 0;
79	90	}
80	91

105	116	else if(fptr == &comm_signal_callback) return 1;
106	117	else if(fptr == &comm_point_local_handle_callback) return 1;
107	118	else if(fptr == &comm_point_raw_handle_callback) return 1;
	119	else if(fptr == &tube_handle_signal) return 1;
108	120	return 0;
109	121	}
110	122

139	151	{
140	152	if(fptr == &mesh_state_compare) return 1;
141	153	else if(fptr == &mesh_state_ref_compare) return 1;
142		else if(fptr == &acl_list_cmp) return 1;
	154	else if(fptr == &addr_tree_compare) return 1;
143	155	else if(fptr == &local_zone_cmp) return 1;
144	156	else if(fptr == &local_data_cmp) return 1;
145		else if(fptr == &donotq_cmp) return 1;
146	157	else if(fptr == &fwd_cmp) return 1;
147		else if(fptr == &stub_cmp) return 1;
148	158	else if(fptr == &pending_cmp) return 1;
149	159	else if(fptr == &serviced_cmp) return 1;
	160	else if(fptr == &name_tree_compare) return 1;
150	161	else if(fptr == &order_lock_cmp) return 1;
151	162	else if(fptr == &codeline_cmp) return 1;
152	163	else if(fptr == &nsec3_hash_cmp) return 1;

154	165	else if(fptr == &anchor_cmp) return 1;
155	166	else if(fptr == &canonical_tree_compare) return 1;
156	167	else if(fptr == &context_query_cmp) return 1;
	168	else if(fptr == &val_neg_data_compare) return 1;
	169	else if(fptr == &val_neg_zone_compare) return 1;
157	170	return 0;
158	171	}
159	172

324	337	if(fptr == &worker_alloc_cleanup) return 1;
325	338	return 0;
326	339	}
	340
	341	int fptr_whitelist_tube_listen(tube_callback_t* fptr)
	342	{
	343	if(fptr == &worker_handle_control_cmd) return 1;
	344	else if(fptr == &libworker_handle_control_cmd) return 1;
	345	return 0;
	346	}

+17

-0

util/fptr_wlist.h less more

56	56	#include "util/netevent.h"
57	57	#include "util/storage/lruhash.h"
58	58	#include "util/module.h"
	59	#include "util/tube.h"
59	60
60	61	/**
61	62	* Macro to perform an assertion check for fptr wlist checks.

76	77	int fptr_whitelist_comm_point(comm_point_callback_t *fptr);
77	78
78	79	/**
	80	* Check function pointer whitelist for raw comm_point callback values.
	81	*
	82	* @param fptr: function pointer to check.
	83	* @return false if not in whitelist.
	84	*/
	85	int fptr_whitelist_comm_point_raw(comm_point_callback_t *fptr);
	86
	87	/**
79	88	* Check function pointer whitelist for comm_timer callback values.
80	89	*
81	90	* @param fptr: function pointer to check.

288	297	* @return false if not in whitelist.
289	298	*/
290	299	int fptr_whitelist_alloc_cleanup(void (fptr)(void));
	300
	301	/**
	302	* Check function pointer whitelist for tube listen handler values.
	303	*
	304	* @param fptr: function pointer to check.
	305	* @return false if not in whitelist.
	306	*/
	307	int fptr_whitelist_tube_listen(tube_callback_t* fptr);
291	308
292	309	/** Due to module breakage by fptr wlist, these test app declarations
293	310	* are presented here */

+31

-2

util/iana_ports.inc less more

660	660	848,
661	661	860,
662	662	861,
	663	862,
663	664	873,
664	665	886,
665	666	887,

1840	1841	2184,
1841	1842	2185,
1842	1843	2186,
	1844	2187,
1843	1845	2190,
1844	1846	2191,
1845	1847	2192,

3774	3776	4183,
3775	3777	4184,
3776	3778	4185,
	3779	4188,
3777	3780	4199,
3778	3781	4300,
3779	3782	4301,

3819	3822	4369,
3820	3823	4370,
3821	3824	4373,
	3825	4375,
3822	3826	4376,
3823	3827	4377,
3824	3828	4378,
3825	3829	4379,
3826	3830	4389,
	3831	4390,
3827	3832	4400,
3828	3833	4401,
3829	3834	4402,

3832	3837	4405,
3833	3838	4406,
3834	3839	4426,
	3840	4430,
3835	3841	4441,
3836	3842	4442,
3837	3843	4443,

3919	3925	4701,
3920	3926	4702,
3921	3927	4728,
	3928	4729,
	3929	4730,
3922	3930	4737,
3923	3931	4738,
3924	3932	4739,

3963	3971	4899,
3964	3972	4900,
3965	3973	4914,
	3974	4937,
3966	3975	4940,
3967	3976	4941,
3968	3977	4942,

3977	3986	4988,
3978	3987	4989,
3979	3988	4990,
	3989	4991,
3980	3990	4999,
3981	3991	5000,
3982	3992	5001,

4024	4034	5072,
4025	4035	5073,
4026	4036	5074,
	4037	5079,
4027	4038	5080,
4028	4039	5081,
4029	4040	5082,

4036	4047	5100,
4037	4048	5101,
4038	4049	5102,
	4050	5111,
4039	4051	5112,
	4052	5116,
4040	4053	5133,
4041	4054	5137,
4042	4055	5145,

4100	4113	5316,
4101	4114	5343,
4102	4115	5344,
4103		5349,
4104	4116	5350,
4105	4117	5351,
4106	4118	5352,

4173	4185	5554,
4174	4186	5555,
4175	4187	5556,
4176		5566,
4177	4188	5567,
4178	4189	5568,
4179	4190	5573,

4193	4204	5604,
4194	4205	5605,
4195	4206	5627,
	4207	5628,
4196	4208	5629,
4197	4209	5630,
4198	4210	5631,

4254	4266	5859,
4255	4267	5863,
4256	4268	5900,
	4269	5910,
	4270	5911,
	4271	5912,
	4272	5913,
4257	4273	5963,
4258	4274	5968,
4259	4275	5969,

4296	4312	6112,
4297	4313	6122,
4298	4314	6123,
	4315	6124,
4299	4316	6133,
4300	4317	6140,
4301	4318	6141,

4323	4340	6269,
4324	4341	6300,
4325	4342	6301,
	4343	6316,
4326	4344	6320,
4327	4345	6321,
4328	4346	6322,

4601	4619	8082,
4602	4620	8083,
4603	4621	8086,
	4622	8087,
4604	4623	8088,
4605	4624	8097,
4606	4625	8100,

4703	4722	9000,
4704	4723	9001,
4705	4724	9002,
	4725	9007,
4706	4726	9009,
4707	4727	9020,
4708	4728	9021,

4712	4732	9025,
4713	4733	9026,
4714	4734	9080,
	4735	9084,
4715	4736	9085,
4716	4737	9086,
4717	4738	9087,

4779	4800	9402,
4780	4801	9418,
4781	4802	9443,
	4803	9444,
	4804	9450,
4782	4805	9500,
4783	4806	9535,
4784	4807	9536,

4866	4889	10990,
4867	4890	11000,
4868	4891	11001,
	4892	11106,
4869	4893	11111,
4870	4894	11112,
4871	4895	11161,

4905	4929	12345,
4906	4930	12753,
4907	4931	13160,
	4932	13216,
	4933	13217,
	4934	13218,
4908	4935	13223,
4909	4936	13224,
4910	4937	13720,

4920	4947	13820,
4921	4948	13821,
4922	4949	13822,
	4950	13929,
4923	4951	14000,
4924	4952	14001,
4925	4953	14033,

4996	5024	20005,
4997	5025	20014,
4998	5026	20034,
	5027	20049,
4999	5028	20167,
5000	5029	20202,
5001	5030	20222,

+21

-12

util/log.c less more

66	66	static const char* ident="unbound";
67	67	#ifdef HAVE_SYSLOG_H
68	68	/** are we using syslog(3) to log to */
69		static int log_to_syslog = 0;
	69	static int logging_to_syslog = 0;
70	70	#endif /* HAVE_SYSLOG_H */
71	71	/** time to print in log, if NULL, use time(2) */
72	72	static uint32_t* log_now = NULL;

81	81	}
82	82	if(logfile
83	83	#ifdef HAVE_SYSLOG_H
84		\|\| log_to_syslog
	84	\|\| logging_to_syslog
85	85	#endif
86	86	)
87	87	verbose(VERB_QUERY, "switching log to %s",

89	89	if(logfile && logfile != stderr)
90	90	fclose(logfile);
91	91	#ifdef HAVE_SYSLOG_H
92		if(log_to_syslog) {
	92	if(logging_to_syslog) {
93	93	closelog();
94		log_to_syslog = 0;
	94	logging_to_syslog = 0;
95	95	}
96	96	if(use_syslog) {
97		openlog(ident, 0, LOG_DAEMON);
98		log_to_syslog = 1;
	97	/* do not delay opening until first write, because we may
	98	* chroot and no longer be able to access dev/log and so on */
	99	openlog(ident, LOG_NDELAY, LOG_DAEMON);
	100	logging_to_syslog = 1;
99	101	return;
100	102	}
101	103	#endif /* HAVE_SYSLOG_H */

146	148	(void)pri;
147	149	vsnprintf(message, sizeof(message), format, args);
148	150	#ifdef HAVE_SYSLOG_H
149		if(log_to_syslog) {
	151	if(logging_to_syslog) {
150	152	syslog(pri, "[%d:%x] %s: %s",
151	153	(int)getpid(), tid?*tid:0, type, message);
152	154	return;

234	236	va_end(args);
235	237	}
236	238
237		void
238		log_hex(const char* msg, void* data, size_t length)
	239	/** log hex data */
	240	static void
	241	log_hex_f(enum verbosity_value v, const char* msg, void* data, size_t length)
239	242	{
240	243	size_t i, j;
241	244	uint8_t* data8 = (uint8_t*)data;

245	248	size_t len;
246	249
247	250	if(length == 0) {
248		log_info("%s[%u]", msg, (unsigned)length);
	251	verbose(v, "%s[%u]", msg, (unsigned)length);
249	252	return;
250	253	}
251	254

258	261	buf[j*2 + 1] = hexchar[ data8[i+j] & 0xF ];
259	262	}
260	263	buf[len*2] = 0;
261		log_info("%s[%u:%u] %.*s", msg, (unsigned)length,
	264	verbose(v, "%s[%u:%u] %.*s", msg, (unsigned)length,
262	265	(unsigned)i, (int)len*2, buf);
263	266	}
264	267	}
265	268
	269	void
	270	log_hex(const char* msg, void* data, size_t length)
	271	{
	272	log_hex_f(verbosity, msg, data, length);
	273	}
	274
266	275	void log_buf(enum verbosity_value level, const char* msg, ldns_buffer* buf)
267	276	{
268	277	if(verbosity < level)
269	278	return;
270		log_hex(msg, ldns_buffer_begin(buf), ldns_buffer_limit(buf));
	279	log_hex_f(level, msg, ldns_buffer_begin(buf), ldns_buffer_limit(buf));
271	280	}
272	281
273	282	#ifdef USE_WINSOCK

+1

-0

util/module.c less more

61	61	case module_event_pass: return "module_event_pass";
62	62	case module_event_reply: return "module_event_reply";
63	63	case module_event_noreply: return "module_event_noreply";
	64	case module_event_capsfail: return "module_event_capsfail";
64	65	case module_event_moddone: return "module_event_moddone";
65	66	case module_event_error: return "module_event_error";
66	67	}

+8

-1

util/module.h less more

55	55	struct ub_randstate;
56	56	struct mesh_area;
57	57	struct mesh_state;
	58	struct val_anchors;
	59	struct val_neg_cache;
58	60
59	61	/** Maximum number of modules in operation */
60	62	#define MAX_MODULE 5

202	204	* and are not primed and ready for validation, but on the bright
203	205	* side, they are read only memory, thus no locks and fast. */
204	206	struct val_anchors* anchors;
	207	/** negative cache, configured by the validator. if not NULL,
	208	* contains NSEC record lookup trees. */
	209	struct val_neg_cache* neg_cache;
205	210	/** module specific data. indexed by module id. */
206	211	void* modinfo[MAX_MODULE];
207	212	};

238	243	module_event_reply,
239	244	/** no reply, timeout or other error */
240	245	module_event_noreply,
	246	/** reply is there, but capitalisation check failed */
	247	module_event_capsfail,
241	248	/** next module is done, and its reply is awaiting you */
242	249	module_event_moddone,
243	250	/** error */

281	288	*/
282	289	struct module_func_block {
283	290	/** text string name of module */
284		char* name;
	291	const char* name;
285	292
286	293	/**
287	294	* init the module. Called once for the global state.

+2

-2

util/net_help.c less more

170	170	dest[sizeof(dest)-1] = 0;
171	171	port = ntohs(((struct sockaddr_in*)addr)->sin_port);
172	172	if(verbosity >= 4)
173		log_info("%s %s %s port %d (len %d)", str, family, dest,
	173	verbose(v, "%s %s %s port %d (len %d)", str, family, dest,
174	174	(int)port, (int)addrlen);
175		else log_info("%s %s port %d", str, dest, (int)port);
	175	else verbose(v, "%s %s port %d", str, dest, (int)port);
176	176	}
177	177
178	178	int

+2

-0

util/net_help.h less more

53	53	#define BIT_CD 0x0010
54	54	/** AD flag */
55	55	#define BIT_AD 0x0020
	56	/** Z flag */
	57	#define BIT_Z 0x0040
56	58	/** RA flag */
57	59	#define BIT_RA 0x0080
58	60	/** RD flag */

+108

-41

util/netevent.c less more

47	47	/** The TCP reading or writing query timeout in seconds */
48	48	#define TCP_QUERY_TIMEOUT 120
49	49
	50	#ifndef NONBLOCKING_IS_BROKEN
50	51	/** number of UDP reads to perform per read indication from select */
51	52	#define NUM_UDP_PER_SELECT 100
	53	#else
	54	#define NUM_UDP_PER_SELECT 1
	55	#endif
52	56
53	57	/* We define libevent structures here to hide the libevent stuff. */
54	58

131	135	#endif /* USE_MINI_EVENT */
132	136
133	137	struct comm_base*
134		comm_base_create()
	138	comm_base_create(int sigs)
135	139	{
136	140	struct comm_base* b = (struct comm_base*)calloc(1,
137	141	sizeof(struct comm_base));

143	147	return NULL;
144	148	}
145	149	#ifdef USE_MINI_EVENT
	150	(void)sigs;
146	151	/* use mini event time-sharing feature */
147	152	b->eb->base = event_init(&b->eb->secs, &b->eb->now);
148	153	#else
	154	# ifdef HAVE_EV_LOOP
	155	/* libev */
	156	if(sigs)
	157	b->eb->base=(struct event_base *)ev_default_loop(EVFLAG_AUTO);
	158	else
	159	b->eb->base=(struct event_base *)ev_loop_new(EVFLAG_AUTO);
	160	# else
	161	(void)sigs;
149	162	b->eb->base = event_init();
	163	# endif
150	164	#endif
151	165	if(!b->eb->base) {
152	166	free(b->eb);

154	168	return NULL;
155	169	}
156	170	comm_base_now(b);
	171	/* avoid event_get_method call which causes crashes even when
	172	* not printing, because its result is passed */
157	173	verbose(VERB_ALGO, "libevent %s uses %s method.",
158	174	event_get_version(),
159	175	#ifdef HAVE_EVENT_BASE_GET_METHOD
160	176	event_base_get_method(b->eb->base)
161	177	#else
162		event_get_method()
	178	"not_obtainable"
163	179	#endif
164	180	);
165	181	return b;

208	224	}
209	225	}
210	226
	227	struct event_base* comm_base_internal(struct comm_base* b)
	228	{
	229	return b->eb->base;
	230	}
	231
211	232	/* send a UDP reply */
212	233	int
213	234	comm_point_send_udp_msg(struct comm_point c, ldns_buffer packet,

215	236	{
216	237	ssize_t sent;
217	238	log_assert(c->fd != -1);
218		log_assert(ldns_buffer_remaining(packet) > 0);
	239	#ifdef UNBOUND_DEBUG
	240	if(ldns_buffer_remaining(packet) == 0)
	241	log_err("error: send empty UDP packet");
	242	#endif
219	243	log_assert(addr && addrlen > 0);
220	244	sent = sendto(c->fd, ldns_buffer_begin(packet),
221	245	ldns_buffer_remaining(packet), 0,
222	246	addr, addrlen);
223	247	if(sent == -1) {
	248	#ifdef ENETUNREACH
	249	if(errno == ENETUNREACH && verbosity < VERB_ALGO)
	250	return 0;
	251	#endif
224	252	#ifndef USE_WINSOCK
225	253	verbose(VERB_OPS, "sendto failed: %s", strerror(errno));
226	254	#else

497	525	if(recv == -1) {
498	526	#ifndef USE_WINSOCK
499	527	if(errno != EAGAIN && errno != EINTR)
500		log_err("recvfrom failed: %s", strerror(errno));
	528	log_err("recvfrom %d failed: %s",
	529	fd, strerror(errno));
501	530	#else
502	531	if(WSAGetLastError() != WSAEINPROGRESS &&
503	532	WSAGetLastError() != WSAECONNRESET &&

516	545	(void)comm_point_send_udp_msg(rep.c, rep.c->buffer,
517	546	(struct sockaddr*)&rep.addr, rep.addrlen);
518	547	}
519		if(rep.c->fd == -1) /* commpoint closed */
	548	if(rep.c->fd != fd) /* commpoint closed to -1 or reused for
	549	another UDP port. Note rep.c cannot be reused with TCP fd. */
520	550	break;
521	551	}
522	552	}

533	563	comm_point_start_listening(c, fd, TCP_QUERY_TIMEOUT);
534	564	}
535	565
	566	int comm_point_perform_accept(struct comm_point* c,
	567	struct sockaddr_storage* addr, socklen_t* addrlen)
	568	{
	569	int new_fd;
	570	addrlen = (socklen_t)sizeof(addr);
	571	new_fd = accept(c->fd, (struct sockaddr*)addr, addrlen);
	572	if(new_fd == -1) {
	573	#ifndef USE_WINSOCK
	574	/* EINTR is signal interrupt. others are closed connection. */
	575	if( errno == EINTR \|\| errno == EAGAIN
	576	#ifdef EWOULDBLOCK
	577	\|\| errno == EWOULDBLOCK
	578	#endif
	579	#ifdef ECONNABORTED
	580	\|\| errno == ECONNABORTED
	581	#endif
	582	#ifdef EPROTO
	583	\|\| errno == EPROTO
	584	#endif /* EPROTO */
	585	)
	586	return -1;
	587	log_err("accept failed: %s", strerror(errno));
	588	#else /* USE_WINSOCK */
	589	if(WSAGetLastError() == WSAEINPROGRESS \|\|
	590	WSAGetLastError() == WSAECONNRESET)
	591	return -1;
	592	if(WSAGetLastError() == WSAEWOULDBLOCK) {
	593	winsock_tcp_wouldblock(&c->ev->ev, EV_READ);
	594	return -1;
	595	}
	596	log_err("accept failed: %s", wsa_strerror(WSAGetLastError()));
	597	#endif
	598	log_addr(0, "remote address is", addr, *addrlen);
	599	return -1;
	600	}
	601	fd_set_nonblock(new_fd);
	602	return new_fd;
	603	}
	604
536	605	void
537	606	comm_point_tcp_accept_callback(int fd, short event, void* arg)
538	607	{

551	620	}
552	621	/* accept incoming connection. */
553	622	c_hdl = c->tcp_free;
554		c_hdl->repinfo.addrlen = (socklen_t)sizeof(c_hdl->repinfo.addr);
555	623	log_assert(fd != -1);
556		new_fd = accept(fd, (struct sockaddr*)&c_hdl->repinfo.addr,
	624	new_fd = comm_point_perform_accept(c, &c_hdl->repinfo.addr,
557	625	&c_hdl->repinfo.addrlen);
558		if(new_fd == -1) {
559		#ifndef USE_WINSOCK
560		/* EINTR is signal interrupt. others are closed connection. */
561		if( errno != EINTR
562		#ifdef EWOULDBLOCK
563		&& errno != EWOULDBLOCK
564		#endif
565		#ifdef ECONNABORTED
566		&& errno != ECONNABORTED
567		#endif
568		#ifdef EPROTO
569		&& errno != EPROTO
570		#endif /* EPROTO */
571		)
572		return;
573		log_err("accept failed: %s", strerror(errno));
574		#else /* USE_WINSOCK */
575		if(WSAGetLastError() == WSAEINPROGRESS \|\|
576		WSAGetLastError() == WSAECONNRESET)
577		return;
578		if(WSAGetLastError() == WSAEWOULDBLOCK) {
579		winsock_tcp_wouldblock(&c->ev->ev, EV_READ);
580		return ;
581		}
582		log_err("accept failed: %s", wsa_strerror(WSAGetLastError()));
583		#endif
584		log_addr(0, "remote address is", &c_hdl->repinfo.addr,
585		c_hdl->repinfo.addrlen);
586		return;
587		}
	626	if(new_fd == -1)
	627	return;
	628
588	629	/* grab the tcp handler buffers */
589	630	c->tcp_free = c_hdl->tcp_free;
590	631	if(!c->tcp_free) {

779	820	#ifdef EHOSTUNREACH
780	821	else if(error == EHOSTUNREACH && verbosity < 2)
781	822	return 0; /* silence 'no route to host' */
	823	#endif
	824	#ifdef EHOSTDOWN
	825	else if(error == EHOSTDOWN && verbosity < 2)
	826	return 0; /* silence 'host is down' */
782	827	#endif
783	828	else if(error != 0) {
784	829	log_err("tcp connect: %s", strerror(error));

936	981	}
937	982
938	983	void comm_point_raw_handle_callback(int ATTR_UNUSED(fd),
939		short ATTR_UNUSED(event), void* arg)
	984	short event, void* arg)
940	985	{
941	986	struct comm_point* c = (struct comm_point*)arg;
	987	int err = NETEVENT_NOERROR;
942	988	log_assert(c->type == comm_raw);
943	989	comm_base_now(c->ev->base);
944
945		(void)(*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, NULL);
	990
	991	if(event&EV_TIMEOUT)
	992	err = NETEVENT_TIMEOUT;
	993	fptr_ok(fptr_whitelist_comm_point_raw(c->callback));
	994	(void)(*c->callback)(c, c->cb_arg, err, NULL);
946	995	}
947	996
948	997	struct comm_point*

1093	1142	c->tcp_free = parent->tcp_free;
1094	1143	parent->tcp_free = c;
1095	1144	/* libevent stuff */
1096		evbits = EV_PERSIST \| EV_READ;
	1145	evbits = EV_PERSIST \| EV_READ \| EV_TIMEOUT;
1097	1146	event_set(&c->ev->ev, c->fd, evbits, comm_point_tcp_handle_callback, c);
1098	1147	if(event_base_set(base->eb->base, &c->ev->ev) != 0)
1099	1148	{

1422	1471	return;
1423	1472	}
1424	1473	}
	1474	c->ev->ev.ev_events \|= EV_TIMEOUT;
1425	1475	#ifndef S_SPLINT_S /* splint fails on struct timeval. */
1426	1476	c->timeout->tv_sec = sec;
1427	1477	c->timeout->tv_usec = 0;

1441	1491	}
1442	1492	if(event_add(&c->ev->ev, sec==0?NULL:c->timeout) != 0) {
1443	1493	log_err("event_add failed. in cpsl.");
	1494	}
	1495	}
	1496
	1497	void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr)
	1498	{
	1499	verbose(VERB_ALGO, "comm point listen_for_rw %d %d", c->fd, wr);
	1500	if(event_del(&c->ev->ev) != 0) {
	1501	log_err("event_del error to cplf");
	1502	}
	1503	c->ev->ev.ev_events &= ~(EV_READ\|EV_WRITE);
	1504	if(rd) c->ev->ev.ev_events \|= EV_READ;
	1505	if(wr) c->ev->ev.ev_events \|= EV_WRITE;
	1506	if(event_add(&c->ev->ev, c->timeout) != 0) {
	1507	log_err("event_add failed. in cplf.");
1444	1508	}
1445	1509	}
1446	1510

1507	1571	comm_timer_disable(timer);
1508	1572	event_set(&timer->ev_timer->ev, -1, EV_PERSIST\|EV_TIMEOUT,
1509	1573	comm_timer_callback, timer);
	1574	if(event_base_set(timer->ev_timer->base->eb->base,
	1575	&timer->ev_timer->ev) != 0)
	1576	log_err("comm_timer_set: set_base failed.");
1510	1577	if(evtimer_add(&timer->ev_timer->ev, tv) != 0)
1511	1578	log_err("comm_timer_set: evtimer_add failed.");
1512	1579	timer->ev_timer->enabled = 1;

+32

-1

util/netevent.h less more

62	62	#include "config.h"
63	63	struct comm_point;
64	64	struct comm_reply;
	65	struct event_base;
65	66
66	67	/* internal event notification data storage structure. */
67	68	struct internal_event;

78	79	#define NETEVENT_CLOSED -1
79	80	/** to pass timeout happened to callback function */
80	81	#define NETEVENT_TIMEOUT -2
	82	/** to pass fallback from capsforID to callback function; 0x20 failed */
	83	#define NETEVENT_CAPSFAIL -3
81	84
82	85	/**
83	86	* A communication point dispatcher. Thread specific.

256	259
257	260	/**
258	261	* Create a new comm base.
	262	* @param sigs: if true it attempts to create a default loop for
	263	* signal handling.
259	264	* @return: the new comm base. NULL on error.
260	265	*/
261		struct comm_base* comm_base_create();
	266	struct comm_base* comm_base_create(int sigs);
262	267
263	268	/**
264	269	* Destroy a comm base.

287	292	* @param b: the communication base that is in dispatch().
288	293	*/
289	294	void comm_base_exit(struct comm_base* b);
	295
	296	/**
	297	* Access internal data structure (for util/tube.c on windows)
	298	* @param b: comm base
	299	* @return event_base. Could be libevent, or internal event handler.
	300	*/
	301	struct event_base* comm_base_internal(struct comm_base* b);
290	302
291	303	/**
292	304	* Create an UDP comm point. Calls malloc.

435	447	void comm_point_start_listening(struct comm_point* c, int newfd, int sec);
436	448
437	449	/**
	450	* Stop listening and start listening again for reading or writing.
	451	* @param c: commpoint
	452	* @param rd: if true, listens for reading.
	453	* @param wr: if true, listens for writing.
	454	*/
	455	void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr);
	456
	457	/**
438	458	* Get size of memory used by comm point.
439	459	* For TCP handlers this includes subhandlers.
440	460	* For UDP handlers, this does not include the (shared) UDP buffer.

511	531	*/
512	532	void comm_signal_delete(struct comm_signal* comsig);
513	533
	534	/**
	535	* perform accept(2) with error checking.
	536	* @param c: commpoint with accept fd.
	537	* @param addr: remote end returned here.
	538	* @param addrlen: length of remote end returned here.
	539	* @return new fd, or -1 on error.
	540	* if -1, error message has been printed if necessary, simply drop
	541	* out of the reading handler.
	542	*/
	543	int comm_point_perform_accept(struct comm_point* c,
	544	struct sockaddr_storage* addr, socklen_t* addrlen);
514	545
515	546	/** internal routines **/
516	547

+16

-1

util/random.c less more

39	39	*
40	40	* The code in this file is based on arc4random from
41	41	* openssh-4.0p1/openbsd-compat/bsd-arc4random.c
42		* That code is also BSD licensed.
	42	* That code is also BSD licensed. Here is their statement:
	43	*
	44	* Copyright (c) 1996, David Mazieres <dm@uun.org>
	45	* Copyright (c) 2008, Damien Miller <djm@openbsd.org>
	46	*
	47	* Permission to use, copy, modify, and distribute this software for any
	48	* purpose with or without fee is hereby granted, provided that the above
	49	* copyright notice and this permission notice appear in all copies.
	50	*
	51	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	52	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	53	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	54	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	55	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	56	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	57	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43	58	*/
44	59	#include "config.h"
45	60	#include "util/random.h"

+11

-4

util/rtt.c less more

94	94	}
95	95
96	96	void
97		rtt_lost(struct rtt_info* rtt)
	97	rtt_lost(struct rtt_info* rtt, int orig)
98	98	{
99	99	/* exponential backoff */
100		rtt->rto *= 2;
101		if(rtt->rto > RTT_MAX_TIMEOUT)
102		rtt->rto = RTT_MAX_TIMEOUT;
	100
	101	/* the original rto is doubled, not the current one to make sure
	102	* that the values in the cache are not increased by lots of
	103	* queries simultaneously as they time out at the same time */
	104	orig *= 2;
	105	if(rtt->rto <= orig) {
	106	rtt->rto = orig;
	107	if(rtt->rto > RTT_MAX_TIMEOUT)
	108	rtt->rto = RTT_MAX_TIMEOUT;
	109	}
103	110	}

+4

-1

util/rtt.h less more

90	90	/**
91	91	* Update the statistics with a new timout expired observation.
92	92	* @param rtt: round trip statistics structure.
	93	* @param orig: original rtt time given for the query that timed out.
	94	* Used to calculate the maximum responsible backed off time that
	95	* can reasonably be applied.
93	96	*/
94		void rtt_lost(struct rtt_info* rtt);
	97	void rtt_lost(struct rtt_info* rtt, int orig);
95	98
96	99	#endif /* UTIL_RTT_H */

+232

-0

util/storage/dnstree.c less more

	0	/*
	1	* util/storage/dnstree.c - support for rbtree types suitable for DNS code.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains structures combining types and functions to
	39	* manipulate those structures that help building DNS lookup trees.
	40	*/
	41	#include "config.h"
	42	#include "util/storage/dnstree.h"
	43	#include "util/data/dname.h"
	44	#include "util/net_help.h"
	45
	46	int name_tree_compare(const void* k1, const void* k2)
	47	{
	48	struct name_tree_node* x = (struct name_tree_node*)k1;
	49	struct name_tree_node* y = (struct name_tree_node*)k2;
	50	int m;
	51	if(x->dclass != y->dclass) {
	52	if(x->dclass < y->dclass)
	53	return -1;
	54	return 1;
	55	}
	56	return dname_lab_cmp(x->name, x->labs, y->name, y->labs, &m);
	57	}
	58
	59	int addr_tree_compare(const void* k1, const void* k2)
	60	{
	61	struct addr_tree_node* n1 = (struct addr_tree_node*)k1;
	62	struct addr_tree_node* n2 = (struct addr_tree_node*)k2;
	63	int r = sockaddr_cmp_addr(&n1->addr, n1->addrlen, &n2->addr,
	64	n2->addrlen);
	65	if(r != 0) return r;
	66	if(n1->net < n2->net)
	67	return -1;
	68	if(n1->net > n2->net)
	69	return 1;
	70	return 0;
	71	}
	72
	73	void name_tree_init(rbtree_t* tree)
	74	{
	75	rbtree_init(tree, &name_tree_compare);
	76	}
	77
	78	void addr_tree_init(rbtree_t* tree)
	79	{
	80	rbtree_init(tree, &addr_tree_compare);
	81	}
	82
	83	int name_tree_insert(rbtree_t* tree, struct name_tree_node* node,
	84	uint8_t* name, size_t len, int labs, uint16_t dclass)
	85	{
	86	node->node.key = node;
	87	node->name = name;
	88	node->len = len;
	89	node->labs = labs;
	90	node->dclass = dclass;
	91	node->parent = NULL;
	92	return rbtree_insert(tree, &node->node) != NULL;
	93	}
	94
	95	int addr_tree_insert(rbtree_t* tree, struct addr_tree_node* node,
	96	struct sockaddr_storage* addr, socklen_t addrlen, int net)
	97	{
	98	node->node.key = node;
	99	memcpy(&node->addr, addr, addrlen);
	100	node->addrlen = addrlen;
	101	node->net = net;
	102	node->parent = NULL;
	103	return rbtree_insert(tree, &node->node) != NULL;
	104	}
	105
	106	void addr_tree_init_parents(rbtree_t* tree)
	107	{
	108	struct addr_tree_node* node, prev = NULL, p;
	109	int m;
	110	RBTREE_FOR(node, struct addr_tree_node*, tree) {
	111	node->parent = NULL;
	112	if(!prev \|\| prev->addrlen != node->addrlen) {
	113	prev = node;
	114	continue;
	115	}
	116	m = addr_in_common(&prev->addr, prev->net, &node->addr,
	117	node->net, node->addrlen);
	118	/* sort order like: ::/0, 1::/2, 1::/4, ... 2::/2 */
	119	/* find the previous, or parent-parent-parent */
	120	for(p = prev; p; p = p->parent)
	121	if(p->net <= m) {
	122	/* ==: since prev matched m, this is closest*/
	123	/* <: prev matches more, but is not a parent,
	124	* this one is a (grand)parent */
	125	node->parent = p;
	126	break;
	127	}
	128	prev = node;
	129	}
	130	}
	131
	132	void name_tree_init_parents(rbtree_t* tree)
	133	{
	134	struct name_tree_node* node, prev = NULL, p;
	135	int m;
	136	RBTREE_FOR(node, struct name_tree_node*, tree) {
	137	node->parent = NULL;
	138	if(!prev \|\| prev->dclass != node->dclass) {
	139	prev = node;
	140	continue;
	141	}
	142	(void)dname_lab_cmp(prev->name, prev->labs, node->name,
	143	node->labs, &m); /* we know prev is smaller */
	144	/* sort order like: . com. bla.com. zwb.com. net. */
	145	/* find the previous, or parent-parent-parent */
	146	for(p = prev; p; p = p->parent)
	147	if(p->labs <= m) {
	148	/* ==: since prev matched m, this is closest*/
	149	/* <: prev matches more, but is not a parent,
	150	* this one is a (grand)parent */
	151	node->parent = p;
	152	break;
	153	}
	154	prev = node;
	155	}
	156	}
	157
	158	struct name_tree_node* name_tree_find(rbtree_t* tree, uint8_t* name,
	159	size_t len, int labs, uint16_t dclass)
	160	{
	161	struct name_tree_node key;
	162	key.node.key = &key;
	163	key.name = name;
	164	key.len = len;
	165	key.labs = labs;
	166	key.dclass = dclass;
	167	return (struct name_tree_node*)rbtree_search(tree, &key);
	168	}
	169
	170	struct name_tree_node* name_tree_lookup(rbtree_t* tree, uint8_t* name,
	171	size_t len, int labs, uint16_t dclass)
	172	{
	173	rbnode_t* res = NULL;
	174	struct name_tree_node *result;
	175	struct name_tree_node key;
	176	key.node.key = &key;
	177	key.name = name;
	178	key.len = len;
	179	key.labs = labs;
	180	key.dclass = dclass;
	181	if(rbtree_find_less_equal(tree, &key, &res)) {
	182	/* exact */
	183	result = (struct name_tree_node*)res;
	184	} else {
	185	/* smaller element (or no element) */
	186	int m;
	187	result = (struct name_tree_node*)res;
	188	if(!result \|\| result->dclass != dclass)
	189	return NULL;
	190	/* count number of labels matched */
	191	(void)dname_lab_cmp(result->name, result->labs, key.name,
	192	key.labs, &m);
	193	while(result) { /* go up until qname is subdomain of stub */
	194	if(result->labs <= m)
	195	break;
	196	result = result->parent;
	197	}
	198	}
	199	return result;
	200	}
	201
	202	struct addr_tree_node* addr_tree_lookup(rbtree_t* tree,
	203	struct sockaddr_storage* addr, socklen_t addrlen)
	204	{
	205	rbnode_t* res = NULL;
	206	struct addr_tree_node* result;
	207	struct addr_tree_node key;
	208	key.node.key = &key;
	209	memcpy(&key.addr, addr, addrlen);
	210	key.addrlen = addrlen;
	211	key.net = (addr_is_ip6(addr, addrlen)?128:32);
	212	if(rbtree_find_less_equal(tree, &key, &res)) {
	213	/* exact */
	214	return (struct addr_tree_node*)res;
	215	} else {
	216	/* smaller element (or no element) */
	217	int m;
	218	result = (struct addr_tree_node*)res;
	219	if(!result \|\| result->addrlen != addrlen)
	220	return 0;
	221	/* count number of bits matched */
	222	m = addr_in_common(&result->addr, result->net, addr,
	223	key.net, addrlen);
	224	while(result) { /* go up until addr is inside netblock */
	225	if(result->net <= m)
	226	break;
	227	result = result->parent;
	228	}
	229	}
	230	return result;
	231	}

+184

-0

util/storage/dnstree.h less more

	0	/*
	1	* util/storage/dnstree.h - support for rbtree types suitable for DNS code.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains structures combining types and functions to
	39	* manipulate those structures that help building DNS lookup trees.
	40	*/
	41
	42	#ifndef UTIL_STORAGE_DNSTREE_H
	43	#define UTIL_STORAGE_DNSTREE_H
	44	#include "util/rbtree.h"
	45
	46	/**
	47	* Tree of domain names. Sorted first by class then by name.
	48	* This is not sorted canonically, but fast.
	49	* This can be looked up to obtain a closest encloser parent name.
	50	*
	51	* The tree itself is a rbtree_t.
	52	* This is the element node put as first entry in the client structure.
	53	*/
	54	struct name_tree_node {
	55	/** rbtree node, key is this struct : dclass and name */
	56	rbnode_t node;
	57	/** parent in tree */
	58	struct name_tree_node* parent;
	59	/** name in uncompressed wireformat */
	60	uint8_t* name;
	61	/** length of name */
	62	size_t len;
	63	/** labels in name */
	64	int labs;
	65	/** the class of the name (host order) */
	66	uint16_t dclass;
	67	};
	68
	69	/**
	70	* Tree of IP addresses. Sorted first by protocol, then by bits.
	71	* This can be looked up to obtain the enclosing subnet.
	72	*
	73	* The tree itself is a rbtree_t.
	74	* This is the element node put as first entry in the client structure.
	75	*/
	76	struct addr_tree_node {
	77	/** rbtree node, key is this struct : proto and subnet */
	78	rbnode_t node;
	79	/** parent in tree */
	80	struct addr_tree_node* parent;
	81	/** address */
	82	struct sockaddr_storage addr;
	83	/** length of addr */
	84	socklen_t addrlen;
	85	/** netblock size */
	86	int net;
	87	};
	88
	89	/**
	90	* Init a name tree to be empty
	91	* @param tree: to init.
	92	*/
	93	void name_tree_init(rbtree_t* tree);
	94
	95	/**
	96	* insert element into name tree.
	97	* @param tree: name tree
	98	* @param node: node element (at start of a structure that caller
	99	* has allocated).
	100	* @param name: name to insert (wireformat)
	101	* this node has been allocated by the caller and it itself inserted.
	102	* @param len: length of name
	103	* @param labs: labels in name
	104	* @param dclass: class of name
	105	* @return false on error (duplicate element).
	106	*/
	107	int name_tree_insert(rbtree_t* tree, struct name_tree_node* node,
	108	uint8_t* name, size_t len, int labs, uint16_t dclass);
	109
	110	/**
	111	* Initialize parent pointers in name tree.
	112	* Should be performed after insertions are done, before lookups
	113	* @param tree: name tree
	114	*/
	115	void name_tree_init_parents(rbtree_t* tree);
	116
	117	/**
	118	* Lookup exact match in name tree
	119	* @param tree: name tree
	120	* @param name: wireformat name
	121	* @param len: length of name
	122	* @param labs: labels in name
	123	* @param dclass: class of name
	124	* @return node or NULL if not found.
	125	*/
	126	struct name_tree_node* name_tree_find(rbtree_t* tree, uint8_t* name,
	127	size_t len, int labs, uint16_t dclass);
	128
	129	/**
	130	* Lookup closest encloser in name tree.
	131	* @param tree: name tree
	132	* @param name: wireformat name
	133	* @param len: length of name
	134	* @param labs: labels in name
	135	* @param dclass: class of name
	136	* @return closest enclosing node (could be equal) or NULL if not found.
	137	*/
	138	struct name_tree_node* name_tree_lookup(rbtree_t* tree, uint8_t* name,
	139	size_t len, int labs, uint16_t dclass);
	140
	141	/**
	142	* Init addr tree to be empty.
	143	* @param tree: to init.
	144	*/
	145	void addr_tree_init(rbtree_t* tree);
	146
	147	/**
	148	* insert element into addr tree.
	149	* @param tree: addr tree
	150	* @param node: node element (at start of a structure that caller
	151	* has allocated).
	152	* @param addr: to insert (copied).
	153	* @param addrlen: length of addr
	154	* @param net: size of subnet.
	155	* @return false on error (duplicate element).
	156	*/
	157	int addr_tree_insert(rbtree_t* tree, struct addr_tree_node* node,
	158	struct sockaddr_storage* addr, socklen_t addrlen, int net);
	159
	160	/**
	161	* Initialize parent pointers in addr tree.
	162	* Should be performed after insertions are done, before lookups
	163	* @param tree: addr tree
	164	*/
	165	void addr_tree_init_parents(rbtree_t* tree);
	166
	167	/**
	168	* Lookup closest encloser in addr tree.
	169	* @param tree: addr tree
	170	* @param addr: to lookup.
	171	* @param addrlen: length of addr
	172	* @return closest enclosing node (could be equal) or NULL if not found.
	173	*/
	174	struct addr_tree_node* addr_tree_lookup(rbtree_t* tree,
	175	struct sockaddr_storage* addr, socklen_t addrlen);
	176
	177	/** compare name tree nodes */
	178	int name_tree_compare(const void* k1, const void* k2);
	179
	180	/** compare addr tree nodes */
	181	int addr_tree_compare(const void* k1, const void* k2);
	182
	183	#endif /* UTIL_STORAGE_DNSTREE_H */

+24

-2

util/timehist.c less more

81	81	sizeof(struct timehist));
82	82	if(!hist)
83	83	return NULL;
84		hist->num = 40;
	84	hist->num = NUM_BUCKETS_HIST;
85	85	hist->buckets = (struct th_buck*)calloc(hist->num,
86	86	sizeof(struct th_buck));
87	87	if(!hist->buckets) {

110	110
111	111	/** histogram compare of time values */
112	112	static int
113		timeval_smaller(struct timeval* x, struct timeval* y)
	113	timeval_smaller(const struct timeval* x, const struct timeval* y)
114	114	{
115	115	#ifndef S_SPLINT_S
116	116	if(x->tv_sec < y->tv_sec)

217	217	res = (lookfor - passed)*(up-low)/((double)hist->buckets[i].count);
218	218	return res;
219	219	}
	220
	221	void
	222	timehist_export(struct timehist* hist, size_t* array, size_t sz)
	223	{
	224	size_t i;
	225	if(!hist) return;
	226	if(sz > hist->num)
	227	sz = hist->num;
	228	for(i=0; i<sz; i++)
	229	array[i] = hist->buckets[i].count;
	230	}
	231
	232	void
	233	timehist_import(struct timehist* hist, size_t* array, size_t sz)
	234	{
	235	size_t i;
	236	if(!hist) return;
	237	if(sz > hist->num)
	238	sz = hist->num;
	239	for(i=0; i<sz; i++)
	240	hist->buckets[i].count = array[i];
	241	}

+19

-0

util/timehist.h less more

40	40
41	41	#ifndef UTIL_TIMEHIST_H
42	42	#define UTIL_TIMEHIST_H
	43
	44	/** Number of buckets in a histogram */
	45	#define NUM_BUCKETS_HIST 40
43	46
44	47	/**
45	48	* Bucket of time history information

111	114	*/
112	115	void timehist_log(struct timehist* hist, const char* name);
113	116
	117	/**
	118	* Export histogram to an array.
	119	* @param hist: histogram
	120	* @param array: the array to export to.
	121	* @param sz: number of items in array.
	122	*/
	123	void timehist_export(struct timehist* hist, size_t* array, size_t sz);
	124
	125	/**
	126	* Import histogram from an array.
	127	* @param hist: histogram
	128	* @param array: the array to import from.
	129	* @param sz: number of items in array.
	130	*/
	131	void timehist_import(struct timehist* hist, size_t* array, size_t sz);
	132
114	133	#endif /* UTIL_TIMEHIST_H */

+706

-0

util/tube.c less more

	0	/*
	1	* util/tube.c - pipe service
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains pipe service functions.
	39	*/
	40	#include "config.h"
	41	#include "util/tube.h"
	42	#include "util/log.h"
	43	#include "util/net_help.h"
	44	#include "util/netevent.h"
	45	#include "util/fptr_wlist.h"
	46
	47	#ifndef USE_WINSOCK
	48	/* on unix */
	49
	50	struct tube* tube_create(void)
	51	{
	52	struct tube* tube = (struct tube)calloc(1, sizeof(tube));
	53	int sv[2];
	54	if(!tube) {
	55	int err = errno;
	56	log_err("tube_create: out of memory");
	57	errno = err;
	58	return NULL;
	59	}
	60	tube->sr = -1;
	61	tube->sw = -1;
	62	if(socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) {
	63	int err = errno;
	64	log_err("socketpair: %s", strerror(errno));
	65	free(tube);
	66	errno = err;
	67	return NULL;
	68	}
	69	tube->sr = sv[0];
	70	tube->sw = sv[1];
	71	if(!fd_set_nonblock(tube->sr) \|\| !fd_set_nonblock(tube->sw)) {
	72	int err = errno;
	73	log_err("tube: cannot set nonblocking");
	74	tube_delete(tube);
	75	errno = err;
	76	return NULL;
	77	}
	78	return tube;
	79	}
	80
	81	void tube_delete(struct tube* tube)
	82	{
	83	if(!tube) return;
	84	tube_remove_bg_listen(tube);
	85	tube_remove_bg_write(tube);
	86	/* close fds after deleting commpoints, to be sure.
	87	* Also epoll does not like closing fd before event_del */
	88	tube_close_read(tube);
	89	tube_close_write(tube);
	90	free(tube);
	91	}
	92
	93	void tube_close_read(struct tube* tube)
	94	{
	95	if(tube->sr != -1) {
	96	close(tube->sr);
	97	tube->sr = -1;
	98	}
	99	}
	100
	101	void tube_close_write(struct tube* tube)
	102	{
	103	if(tube->sw != -1) {
	104	close(tube->sw);
	105	tube->sw = -1;
	106	}
	107	}
	108
	109	void tube_remove_bg_listen(struct tube* tube)
	110	{
	111	if(tube->listen_com) {
	112	comm_point_delete(tube->listen_com);
	113	tube->listen_com = NULL;
	114	}
	115	if(tube->cmd_msg) {
	116	free(tube->cmd_msg);
	117	tube->cmd_msg = NULL;
	118	}
	119	}
	120
	121	void tube_remove_bg_write(struct tube* tube)
	122	{
	123	if(tube->res_com) {
	124	comm_point_delete(tube->res_com);
	125	tube->res_com = NULL;
	126	}
	127	if(tube->res_list) {
	128	struct tube_res_list* np, *p = tube->res_list;
	129	tube->res_list = NULL;
	130	tube->res_last = NULL;
	131	while(p) {
	132	np = p->next;
	133	free(p->buf);
	134	free(p);
	135	p = np;
	136	}
	137	}
	138	}
	139
	140	int
	141	tube_handle_listen(struct comm_point* c, void* arg, int error,
	142	struct comm_reply* ATTR_UNUSED(reply_info))
	143	{
	144	struct tube* tube = (struct tube*)arg;
	145	ssize_t r;
	146	if(error != NETEVENT_NOERROR) {
	147	fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb));
	148	(*tube->listen_cb)(tube, NULL, 0, error, tube->listen_arg);
	149	return 0;
	150	}
	151
	152	if(tube->cmd_read < sizeof(tube->cmd_len)) {
	153	/* complete reading the length of control msg */
	154	r = read(c->fd, ((uint8_t*)&tube->cmd_len) + tube->cmd_read,
	155	sizeof(tube->cmd_len) - tube->cmd_read);
	156	if(r==0) {
	157	/* error has happened or */
	158	/* parent closed pipe, must have exited somehow */
	159	fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb));
	160	(*tube->listen_cb)(tube, NULL, 0, NETEVENT_CLOSED,
	161	tube->listen_arg);
	162	return 0;
	163	}
	164	if(r==-1) {
	165	if(errno != EAGAIN && errno != EINTR) {
	166	log_err("rpipe error: %s", strerror(errno));
	167	}
	168	/* nothing to read now, try later */
	169	return 0;
	170	}
	171	tube->cmd_read += r;
	172	if(tube->cmd_read < sizeof(tube->cmd_len)) {
	173	/* not complete, try later */
	174	return 0;
	175	}
	176	tube->cmd_msg = (uint8_t*)calloc(1, tube->cmd_len);
	177	if(!tube->cmd_msg) {
	178	log_err("malloc failure");
	179	tube->cmd_read = 0;
	180	return 0;
	181	}
	182	}
	183	/* cmd_len has been read, read remainder */
	184	r = read(c->fd, tube->cmd_msg+tube->cmd_read-sizeof(tube->cmd_len),
	185	tube->cmd_len - (tube->cmd_read - sizeof(tube->cmd_len)));
	186	if(r==0) {
	187	/* error has happened or */
	188	/* parent closed pipe, must have exited somehow */
	189	fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb));
	190	(*tube->listen_cb)(tube, NULL, 0, NETEVENT_CLOSED,
	191	tube->listen_arg);
	192	return 0;
	193	}
	194	if(r==-1) {
	195	/* nothing to read now, try later */
	196	if(errno != EAGAIN && errno != EINTR) {
	197	log_err("rpipe error: %s", strerror(errno));
	198	}
	199	return 0;
	200	}
	201	tube->cmd_read += r;
	202	if(tube->cmd_read < sizeof(tube->cmd_len) + tube->cmd_len) {
	203	/* not complete, try later */
	204	return 0;
	205	}
	206	tube->cmd_read = 0;
	207
	208	fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb));
	209	(*tube->listen_cb)(tube, tube->cmd_msg, tube->cmd_len,
	210	NETEVENT_NOERROR, tube->listen_arg);
	211	/* also frees the buf */
	212	tube->cmd_msg = NULL;
	213	return 0;
	214	}
	215
	216	int
	217	tube_handle_write(struct comm_point* c, void* arg, int error,
	218	struct comm_reply* ATTR_UNUSED(reply_info))
	219	{
	220	struct tube* tube = (struct tube*)arg;
	221	struct tube_res_list* item = tube->res_list;
	222	ssize_t r;
	223	if(error != NETEVENT_NOERROR) {
	224	log_err("tube_handle_write net error %d", error);
	225	return 0;
	226	}
	227
	228	if(!item) {
	229	comm_point_stop_listening(c);
	230	return 0;
	231	}
	232
	233	if(tube->res_write < sizeof(item->len)) {
	234	r = write(c->fd, ((uint8_t*)&item->len) + tube->res_write,
	235	sizeof(item->len) - tube->res_write);
	236	if(r == -1) {
	237	if(errno != EAGAIN && errno != EINTR) {
	238	log_err("wpipe error: %s", strerror(errno));
	239	}
	240	return 0; /* try again later */
	241	}
	242	if(r == 0) {
	243	/* error on pipe, must have exited somehow */
	244	/* cannot signal this to pipe user */
	245	return 0;
	246	}
	247	tube->res_write += r;
	248	if(tube->res_write < sizeof(item->len))
	249	return 0;
	250	}
	251	r = write(c->fd, item->buf + tube->res_write - sizeof(item->len),
	252	item->len - (tube->res_write - sizeof(item->len)));
	253	if(r == -1) {
	254	if(errno != EAGAIN && errno != EINTR) {
	255	log_err("wpipe error: %s", strerror(errno));
	256	}
	257	return 0; /* try again later */
	258	}
	259	if(r == 0) {
	260	/* error on pipe, must have exited somehow */
	261	/* cannot signal this to pipe user */
	262	return 0;
	263	}
	264	tube->res_write += r;
	265	if(tube->res_write < sizeof(item->len) + item->len)
	266	return 0;
	267	/* done this result, remove it */
	268	free(item->buf);
	269	item->buf = NULL;
	270	tube->res_list = tube->res_list->next;
	271	free(item);
	272	if(!tube->res_list) {
	273	tube->res_last = NULL;
	274	comm_point_stop_listening(c);
	275	}
	276	tube->res_write = 0;
	277	return 0;
	278	}
	279
	280	int tube_write_msg(struct tube* tube, uint8_t* buf, uint32_t len,
	281	int nonblock)
	282	{
	283	ssize_t r;
	284	int fd = tube->sw;
	285
	286	/* test */
	287	if(nonblock) {
	288	r = write(fd, &len, sizeof(len));
	289	if(r == -1) {
	290	if(errno==EINTR \|\| errno==EAGAIN)
	291	return -1;
	292	log_err("tube msg write failed: %s", strerror(errno));
	293	return -1; /* can still continue, perhaps */
	294	}
	295	} else r = 0;
	296	if(!fd_set_block(fd))
	297	return 0;
	298	/* write remainder */
	299	if(r != (ssize_t)sizeof(len)) {
	300	if(write(fd, (char*)(&len)+r, sizeof(len)-r) == -1) {
	301	log_err("tube msg write failed: %s", strerror(errno));
	302	(void)fd_set_nonblock(fd);
	303	return 0;
	304	}
	305	}
	306	if(write(fd, buf, len) == -1) {
	307	log_err("tube msg write failed: %s", strerror(errno));
	308	(void)fd_set_nonblock(fd);
	309	return 0;
	310	}
	311	if(!fd_set_nonblock(fd))
	312	return 0;
	313	return 1;
	314	}
	315
	316	int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len,
	317	int nonblock)
	318	{
	319	ssize_t r;
	320	int fd = tube->sr;
	321
	322	/* test */
	323	*len = 0;
	324	if(nonblock) {
	325	r = read(fd, len, sizeof(*len));
	326	if(r == -1) {
	327	if(errno==EINTR \|\| errno==EAGAIN)
	328	return -1;
	329	log_err("tube msg read failed: %s", strerror(errno));
	330	return -1; /* we can still continue, perhaps */
	331	}
	332	if(r == 0) /* EOF */
	333	return 0;
	334	} else r = 0;
	335	if(!fd_set_block(fd))
	336	return 0;
	337	/* read remainder */
	338	if(r != (ssize_t)sizeof(*len)) {
	339	if((r=read(fd, (char)(len)+r, sizeof(len)-r)) == -1) {
	340	log_err("tube msg read failed: %s", strerror(errno));
	341	(void)fd_set_nonblock(fd);
	342	return 0;
	343	}
	344	if(r == 0) /* EOF */ {
	345	(void)fd_set_nonblock(fd);
	346	return 0;
	347	}
	348	}
	349	buf = (uint8_t)malloc(*len);
	350	if(!*buf) {
	351	log_err("tube read out of memory");
	352	(void)fd_set_nonblock(fd);
	353	return 0;
	354	}
	355	if((r=read(fd, buf, len)) == -1) {
	356	log_err("tube msg read failed: %s", strerror(errno));
	357	(void)fd_set_nonblock(fd);
	358	free(*buf);
	359	return 0;
	360	}
	361	if(r == 0) { /* EOF */
	362	(void)fd_set_nonblock(fd);
	363	free(*buf);
	364	return 0;
	365	}
	366	if(!fd_set_nonblock(fd)) {
	367	free(*buf);
	368	return 0;
	369	}
	370	return 1;
	371	}
	372
	373	/** perform a select() on the fd */
	374	static int
	375	pollit(int fd, struct timeval* t)
	376	{
	377	fd_set r;
	378	#ifndef S_SPLINT_S
	379	FD_ZERO(&r);
	380	FD_SET(FD_SET_T fd, &r);
	381	#endif
	382	if(select(fd+1, &r, NULL, NULL, t) == -1) {
	383	return 0;
	384	}
	385	errno = 0;
	386	return FD_ISSET(fd, &r);
	387	}
	388
	389	int tube_poll(struct tube* tube)
	390	{
	391	struct timeval t;
	392	memset(&t, 0, sizeof(t));
	393	return pollit(tube->sr, &t);
	394	}
	395
	396	int tube_wait(struct tube* tube)
	397	{
	398	return pollit(tube->sr, NULL);
	399	}
	400
	401	int tube_read_fd(struct tube* tube)
	402	{
	403	return tube->sr;
	404	}
	405
	406	int tube_setup_bg_listen(struct tube* tube, struct comm_base* base,
	407	tube_callback_t* cb, void* arg)
	408	{
	409	tube->listen_cb = cb;
	410	tube->listen_arg = arg;
	411	if(!(tube->listen_com = comm_point_create_raw(base, tube->sr,
	412	0, tube_handle_listen, tube))) {
	413	int err = errno;
	414	log_err("tube_setup_bg_l: commpoint creation failed");
	415	errno = err;
	416	return 0;
	417	}
	418	return 1;
	419	}
	420
	421	int tube_setup_bg_write(struct tube* tube, struct comm_base* base)
	422	{
	423	if(!(tube->res_com = comm_point_create_raw(base, tube->sw,
	424	1, tube_handle_write, tube))) {
	425	int err = errno;
	426	log_err("tube_setup_bg_w: commpoint creation failed");
	427	errno = err;
	428	return 0;
	429	}
	430	return 1;
	431	}
	432
	433	int tube_queue_item(struct tube* tube, uint8_t* msg, size_t len)
	434	{
	435	struct tube_res_list* item =
	436	(struct tube_res_list)malloc(sizeof(item));
	437	if(!item) {
	438	free(msg);
	439	log_err("out of memory for async answer");
	440	return 0;
	441	}
	442	item->buf = msg;
	443	item->len = len;
	444	item->next = NULL;
	445	/* add at back of list, since the first one may be partially written */
	446	if(tube->res_last)
	447	tube->res_last->next = item;
	448	else tube->res_list = item;
	449	tube->res_last = item;
	450	if(tube->res_list == tube->res_last) {
	451	/* first added item, start the write process */
	452	comm_point_start_listening(tube->res_com, -1, -1);
	453	}
	454	return 1;
	455	}
	456
	457	void tube_handle_signal(int ATTR_UNUSED(fd), short ATTR_UNUSED(events),
	458	void* ATTR_UNUSED(arg))
	459	{
	460	log_assert(0);
	461	}
	462
	463	#else /* USE_WINSOCK */
	464	/* on windows */
	465
	466
	467	struct tube* tube_create(void)
	468	{
	469	/* windows does not have forks like unix, so we only support
	470	* threads on windows. And thus the pipe need only connect
	471	* threads. We use a mutex and a list of datagrams. */
	472	struct tube* tube = (struct tube)calloc(1, sizeof(tube));
	473	if(!tube) {
	474	int err = errno;
	475	log_err("tube_create: out of memory");
	476	errno = err;
	477	return NULL;
	478	}
	479	tube->event = WSACreateEvent();
	480	if(tube->event == WSA_INVALID_EVENT) {
	481	free(tube);
	482	log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError()));
	483	}
	484	lock_basic_init(&tube->res_lock);
	485	verbose(VERB_ALGO, "tube created");
	486	return tube;
	487	}
	488
	489	void tube_delete(struct tube* tube)
	490	{
	491	if(!tube) return;
	492	tube_remove_bg_listen(tube);
	493	tube_remove_bg_write(tube);
	494	tube_close_read(tube);
	495	tube_close_write(tube);
	496	if(!WSACloseEvent(tube->event))
	497	log_err("WSACloseEvent: %s", wsa_strerror(WSAGetLastError()));
	498	lock_basic_destroy(&tube->res_lock);
	499	verbose(VERB_ALGO, "tube deleted");
	500	free(tube);
	501	}
	502
	503	void tube_close_read(struct tube* ATTR_UNUSED(tube))
	504	{
	505	verbose(VERB_ALGO, "tube close_read");
	506	}
	507
	508	void tube_close_write(struct tube* ATTR_UNUSED(tube))
	509	{
	510	verbose(VERB_ALGO, "tube close_write");
	511	/* wake up waiting reader with an empty queue */
	512	if(!WSASetEvent(tube->event)) {
	513	log_err("WSASetEvent: %s", wsa_strerror(WSAGetLastError()));
	514	}
	515	}
	516
	517	void tube_remove_bg_listen(struct tube* tube)
	518	{
	519	verbose(VERB_ALGO, "tube remove_bg_listen");
	520	winsock_unregister_wsaevent(&tube->ev_listen);
	521	}
	522
	523	void tube_remove_bg_write(struct tube* tube)
	524	{
	525	verbose(VERB_ALGO, "tube remove_bg_write");
	526	if(tube->res_list) {
	527	struct tube_res_list* np, *p = tube->res_list;
	528	tube->res_list = NULL;
	529	tube->res_last = NULL;
	530	while(p) {
	531	np = p->next;
	532	free(p->buf);
	533	free(p);
	534	p = np;
	535	}
	536	}
	537	}
	538
	539	int tube_write_msg(struct tube* tube, uint8_t* buf, uint32_t len,
	540	int ATTR_UNUSED(nonblock))
	541	{
	542	uint8_t* a;
	543	verbose(VERB_ALGO, "tube write_msg len %d", (int)len);
	544	a = (uint8_t*)memdup(buf, len);
	545	if(!a) {
	546	log_err("out of memory in tube_write_msg");
	547	return 0;
	548	}
	549	/* always nonblocking, this pipe cannot get full */
	550	return tube_queue_item(tube, a, len);
	551	}
	552
	553	int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len,
	554	int nonblock)
	555	{
	556	struct tube_res_list* item = NULL;
	557	verbose(VERB_ALGO, "tube read_msg %s", nonblock?"nonblock":"blocking");
	558	*buf = NULL;
	559	if(!tube_poll(tube)) {
	560	verbose(VERB_ALGO, "tube read_msg nodata");
	561	/* nothing ready right now, wait if we want to */
	562	if(nonblock)
	563	return -1; /* would block waiting for items */
	564	if(!tube_wait(tube))
	565	return 0;
	566	}
	567	lock_basic_lock(&tube->res_lock);
	568	if(tube->res_list) {
	569	item = tube->res_list;
	570	tube->res_list = item->next;
	571	if(tube->res_last == item) {
	572	/* the list is now empty */
	573	tube->res_last = NULL;
	574	verbose(VERB_ALGO, "tube read_msg lastdata");
	575	if(!WSAResetEvent(tube->event)) {
	576	log_err("WSAResetEvent: %s",
	577	wsa_strerror(WSAGetLastError()));
	578	}
	579	}
	580	}
	581	lock_basic_unlock(&tube->res_lock);
	582	if(!item)
	583	return 0; /* would block waiting for items */
	584	*buf = item->buf;
	585	*len = item->len;
	586	free(item);
	587	verbose(VERB_ALGO, "tube read_msg len %d", (int)*len);
	588	return 1;
	589	}
	590
	591	int tube_poll(struct tube* tube)
	592	{
	593	struct tube_res_list* item = NULL;
	594	lock_basic_lock(&tube->res_lock);
	595	item = tube->res_list;
	596	lock_basic_unlock(&tube->res_lock);
	597	if(item)
	598	return 1;
	599	return 0;
	600	}
	601
	602	int tube_wait(struct tube* tube)
	603	{
	604	/* block on eventhandle */
	605	DWORD res = WSAWaitForMultipleEvents(
	606	1 /* one event in array */,
	607	&tube->event /* the event to wait for, our pipe signal */,
	608	0 /* wait for all events is false */,
	609	WSA_INFINITE /* wait, no timeout */,
	610	0 /* we are not alertable for IO completion routines */
	611	);
	612	if(res == WSA_WAIT_TIMEOUT) {
	613	return 0;
	614	}
	615	if(res == WSA_WAIT_IO_COMPLETION) {
	616	/* a bit unexpected, since we were not alertable */
	617	return 0;
	618	}
	619	return 1;
	620	}
	621
	622	int tube_read_fd(struct tube* ATTR_UNUSED(tube))
	623	{
	624	/* nothing sensible on Windows */
	625	return -1;
	626	}
	627
	628	int
	629	tube_handle_listen(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg),
	630	int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info))
	631	{
	632	log_assert(0);
	633	return 0;
	634	}
	635
	636	int
	637	tube_handle_write(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg),
	638	int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info))
	639	{
	640	log_assert(0);
	641	return 0;
	642	}
	643
	644	int tube_setup_bg_listen(struct tube* tube, struct comm_base* base,
	645	tube_callback_t* cb, void* arg)
	646	{
	647	tube->listen_cb = cb;
	648	tube->listen_arg = arg;
	649	if(!comm_base_internal(base))
	650	return 1; /* ignore when no comm base - testing */
	651	return winsock_register_wsaevent(comm_base_internal(base),
	652	&tube->ev_listen, tube->event, &tube_handle_signal, tube);
	653	}
	654
	655	int tube_setup_bg_write(struct tube* ATTR_UNUSED(tube),
	656	struct comm_base* ATTR_UNUSED(base))
	657	{
	658	/* the queue item routine performs the signaling */
	659	return 1;
	660	}
	661
	662	int tube_queue_item(struct tube* tube, uint8_t* msg, size_t len)
	663	{
	664	struct tube_res_list* item =
	665	(struct tube_res_list)malloc(sizeof(item));
	666	verbose(VERB_ALGO, "tube queue_item len %d", (int)len);
	667	if(!item) {
	668	free(msg);
	669	log_err("out of memory for async answer");
	670	return 0;
	671	}
	672	item->buf = msg;
	673	item->len = len;
	674	item->next = NULL;
	675	lock_basic_lock(&tube->res_lock);
	676	/* add at back of list, since the first one may be partially written */
	677	if(tube->res_last)
	678	tube->res_last->next = item;
	679	else tube->res_list = item;
	680	tube->res_last = item;
	681	/* signal the eventhandle */
	682	if(!WSASetEvent(tube->event)) {
	683	log_err("WSASetEvent: %s", wsa_strerror(WSAGetLastError()));
	684	}
	685	lock_basic_unlock(&tube->res_lock);
	686	return 1;
	687	}
	688
	689	void tube_handle_signal(int ATTR_UNUSED(fd), short ATTR_UNUSED(events),
	690	void* arg)
	691	{
	692	struct tube* tube = (struct tube*)arg;
	693	uint8_t* buf;
	694	uint32_t len;
	695	verbose(VERB_ALGO, "tube handle_signal");
	696	while(tube_poll(tube)) {
	697	if(tube_read_msg(tube, &buf, &len, 1)) {
	698	fptr_ok(fptr_whitelist_tube_listen(tube->listen_cb));
	699	(*tube->listen_cb)(tube, buf, len, NETEVENT_NOERROR,
	700	tube->listen_arg);
	701	}
	702	}
	703	}
	704
	705	#endif /* USE_WINSOCK */

+273

-0

util/tube.h less more

	0	/*
	1	* util/tube.h - pipe service
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains pipe service functions.
	39	*/
	40
	41	#ifndef UTIL_TUBE_H
	42	#define UTIL_TUBE_H
	43	struct comm_reply;
	44	struct comm_point;
	45	struct comm_base;
	46	struct tube;
	47	struct tube_res_list;
	48	#ifdef USE_WINSOCK
	49	#include "util/locks.h"
	50	#include "util/winsock_event.h"
	51	#endif
	52
	53	/**
	54	* Callback from pipe listen function
	55	* void mycallback(tube, msg, len, error, user_argument);
	56	* if error is true (NETEVENT_*), msg is probably NULL.
	57	*/
	58	typedef void tube_callback_t(struct tube, uint8_t, size_t, int, void*);
	59
	60	/**
	61	* A pipe
	62	*/
	63	struct tube {
	64	#ifndef USE_WINSOCK
	65	/** pipe end to read from */
	66	int sr;
	67	/** pipe end to write on */
	68	int sw;
	69
	70	/** listen commpoint */
	71	struct comm_point* listen_com;
	72	/** listen callback */
	73	tube_callback_t* listen_cb;
	74	/** listen callback user arg */
	75	void* listen_arg;
	76	/** are we currently reading a command, 0 if not, else bytecount */
	77	size_t cmd_read;
	78	/** size of current read command, may be partially read */
	79	uint32_t cmd_len;
	80	/** the current read command content, malloced, can be partially read*/
	81	uint8_t* cmd_msg;
	82
	83	/** background write queue, commpoint to write results back */
	84	struct comm_point* res_com;
	85	/** are we curently writing a result, 0 if not, else bytecount into
	86	* the res_list first entry. */
	87	size_t res_write;
	88	/** list of outstanding results to be written back */
	89	struct tube_res_list* res_list;
	90	/** last in list */
	91	struct tube_res_list* res_last;
	92
	93	#else /* USE_WINSOCK */
	94	/** listen callback */
	95	tube_callback_t* listen_cb;
	96	/** listen callback user arg */
	97	void* listen_arg;
	98	/** the windows sockets event (signaled if items in pipe) */
	99	WSAEVENT event;
	100	/** winsock event storage when registered with event base */
	101	struct event ev_listen;
	102
	103	/** lock on the list of outstanding items */
	104	lock_basic_t res_lock;
	105	/** list of outstanding results on pipe */
	106	struct tube_res_list* res_list;
	107	/** last in list */
	108	struct tube_res_list* res_last;
	109	#endif /* USE_WINSOCK */
	110	};
	111
	112	/**
	113	* List of results (arbitrary command serializations) to write back
	114	*/
	115	struct tube_res_list {
	116	/** next in list */
	117	struct tube_res_list* next;
	118	/** serialized buffer to write */
	119	uint8_t* buf;
	120	/** length to write */
	121	uint32_t len;
	122	};
	123
	124	/**
	125	* Create a pipe
	126	* @return: new tube struct or NULL on error.
	127	*/
	128	struct tube* tube_create(void);
	129
	130	/**
	131	* Delete and destroy a pipe
	132	* @param tube: to delete
	133	*/
	134	void tube_delete(struct tube* tube);
	135
	136	/**
	137	* Write length bytes followed by message.
	138	* @param tube: the tube to write on.
	139	* If that tube is a pipe, its write fd is used as
	140	* the socket to write on. Is nonblocking.
	141	* Set to blocking by the function,
	142	* and back to non-blocking at exit of function.
	143	* @param buf: the message.
	144	* @param len: length of message.
	145	* @param nonblock: if set to true, the first write is nonblocking.
	146	* If the first write fails the function returns -1.
	147	* If set false, the first write is blocking.
	148	* @return: all remainder writes are nonblocking.
	149	* return 0 on error, in that case blocking/nonblocking of socket is
	150	* unknown.
	151	* return 1 if all OK.
	152	*/
	153	int tube_write_msg(struct tube* tube, uint8_t* buf, uint32_t len,
	154	int nonblock);
	155
	156	/**
	157	* Read length bytes followed by message.
	158	* @param tube: The tube to read on.
	159	* If that tube is a pipe, its read fd is used as
	160	* the socket to read on. Is nonblocking.
	161	* Set to blocking by the function,
	162	* and back to non-blocking at exit of function.
	163	* @param buf: the message, malloced.
	164	* @param len: length of message, returned.
	165	* @param nonblock: if set to true, the first read is nonblocking.
	166	* If the first read fails the function returns -1.
	167	* If set false, the first read is blocking.
	168	* @return: all remainder reads are nonblocking.
	169	* return 0 on error, in that case blocking/nonblocking of socket is
	170	* unknown. On EOF 0 is returned.
	171	* return 1 if all OK.
	172	*/
	173	int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len,
	174	int nonblock);
	175
	176	/**
	177	* Close read part of the pipe.
	178	* The tube can no longer be read from.
	179	* @param tube: tube to operate on.
	180	*/
	181	void tube_close_read(struct tube* tube);
	182
	183	/**
	184	* Close write part of the pipe.
	185	* The tube can no longer be written to.
	186	* @param tube: tube to operate on.
	187	*/
	188	void tube_close_write(struct tube* tube);
	189
	190	/**
	191	* See if data is ready for reading on the tube without blocking.
	192	* @param tube: tube to check for readable items
	193	* @return true if readable items are present. False if not (or error).
	194	* true on pipe_closed.
	195	*/
	196	int tube_poll(struct tube* tube);
	197
	198	/**
	199	* Wait for data to be ready for reading on the tube. is blocking.
	200	* No timeout.
	201	* @param tube: the tube to wait on.
	202	* @return: if there was something to read (false on error).
	203	* true on pipe_closed.
	204	*/
	205	int tube_wait(struct tube* tube);
	206
	207	/**
	208	* Get FD that is readable when new information arrives.
	209	* @param tube
	210	* @return file descriptor.
	211	*/
	212	int tube_read_fd(struct tube* tube);
	213
	214	/**
	215	* Start listening for information over the pipe.
	216	* Background registration of a read listener, callback when read completed.
	217	* Do not mix with tube_read_msg style direct reads from the pipe.
	218	* @param tube: tube to listen on
	219	* @param base: what base to register event callback.
	220	* @param cb: callback routine.
	221	* @param arg: user argument for callback routine.
	222	* @return true if successful, false on error.
	223	*/
	224	int tube_setup_bg_listen(struct tube* tube, struct comm_base* base,
	225	tube_callback_t* cb, void* arg);
	226
	227	/**
	228	* Remove bg listen setup from event base.
	229	* @param tube: what tube to cleanup
	230	*/
	231	void tube_remove_bg_listen(struct tube* tube);
	232
	233	/**
	234	* Start background write handler for the pipe.
	235	* Do not mix with tube_write_msg style direct writes to the pipe.
	236	* @param tube: tube to write on
	237	* @param base: what base to register event handler on.
	238	* @return true if successful, false on error.
	239	*/
	240	int tube_setup_bg_write(struct tube* tube, struct comm_base* base);
	241
	242	/**
	243	* Remove bg write setup from event base.
	244	* @param tube: what tube to cleanup
	245	*/
	246	void tube_remove_bg_write(struct tube* tube);
	247
	248
	249	/**
	250	* Append data item to background list of writes.
	251	* Mallocs a list entry behind the scenes.
	252	* Not locked behind the scenes, call from one thread or lock on outside.
	253	* @param tube: what tube to queue on.
	254	* @param msg: memory message to send. Is free()d after use.
	255	* Put at the end of the to-send queue.
	256	* @param len: length of item.
	257	* @return 0 on failure (msg freed).
	258	*/
	259	int tube_queue_item(struct tube* tube, uint8_t* msg, size_t len);
	260
	261	/** for fptr wlist, callback function */
	262	int tube_handle_listen(struct comm_point* c, void* arg, int error,
	263	struct comm_reply* reply_info);
	264
	265	/** for fptr wlist, callback function */
	266	int tube_handle_write(struct comm_point* c, void* arg, int error,
	267	struct comm_reply* reply_info);
	268
	269	/** for fptr wlist, winsock signal event callback function */
	270	void tube_handle_signal(int fd, short events, void* arg);
	271
	272	#endif /* UTIL_TUBE_H */

+46

-1

util/winsock_event.c less more

203	203
204	204	/* prepare event array */
205	205	for(i=0; i<base->max; i++) {
206		if(base->items[i]->ev_fd == -1)
	206	if(base->items[i]->ev_fd == -1 && !base->items[i]->is_signal)
207	207	continue; /* skip timer only events */
208	208	eventlist[numwait] = base->items[i];
209	209	waitfor[numwait++] = base->items[i]->hEvent;

246	246	for(i=startidx; i<numwait; i++) {
247	247	short bits = 0;
248	248	/* eventlist[i] fired */
	249	if(eventlist[i]->is_signal) {
	250	/* not a network event at all */
	251	fptr_ok(fptr_whitelist_event(
	252	eventlist[i]->ev_callback));
	253	(*eventlist[i]->ev_callback)(eventlist[i]->ev_fd,
	254	eventlist[i]->ev_events,
	255	eventlist[i]->ev_arg);
	256	continue;
	257	}
249	258	if(WSAEnumNetworkEvents(eventlist[i]->ev_fd,
250	259	waitfor[i], /* reset the event handle */
251	260	/NULL,/ /* do not reset the event handle */

417	426	ev->idx = ev->ev_base->max++;
418	427	ev->ev_base->items[ev->idx] = ev;
419	428	ev->is_tcp = 0;
	429	ev->is_signal = 0;
420	430
421	431	if((ev->ev_events&(EV_READ\|EV_WRITE)) && ev->ev_fd != -1) {
422	432	BOOL b=0;

561	571	*/
562	572	}
563	573
	574	int winsock_register_wsaevent(struct event_base* base, struct event* ev,
	575	WSAEVENT wsaevent, void (cb)(int, short, void), void* arg)
	576	{
	577	if(base->max == base->cap)
	578	return 0;
	579	memset(ev, 0, sizeof(*ev));
	580	ev->ev_fd = -1;
	581	ev->ev_events = EV_READ;
	582	ev->ev_callback = cb;
	583	ev->ev_arg = arg;
	584	ev->is_signal = 1;
	585	ev->hEvent = wsaevent;
	586	ev->added = 1;
	587	ev->ev_base = base;
	588	ev->idx = ev->ev_base->max++;
	589	ev->ev_base->items[ev->idx] = ev;
	590	return 1;
	591	}
	592
	593	void winsock_unregister_wsaevent(struct event* ev)
	594	{
	595	if(!ev \|\| !ev->added) return;
	596	log_assert(ev->added && ev->ev_base->max > 0)
	597	/* remove item and compact the list */
	598	ev->ev_base->items[ev->idx] = ev->ev_base->items[ev->ev_base->max-1];
	599	ev->ev_base->items[ev->ev_base->max-1] = NULL;
	600	ev->ev_base->max--;
	601	if(ev->idx < ev->ev_base->max)
	602	ev->ev_base->items[ev->idx]->idx = ev->idx;
	603	ev->added = 0;
	604	}
	605
	606	#else /* USE_WINSOCK */
	607	/** symbol so this codefile defines symbols. pleasing ranlib on OSX 10.5 */
	608	int winsock_unused_symbol = 1;
564	609	#endif /* USE_WINSOCK */

+27

-1

util/winsock_event.h less more

166	166	struct timeval ev_timeout;
167	167
168	168	/** callback to call: fd, eventbits, userarg */
169		void (ev_callback)(int, short, void arg);
	169	void (ev_callback)(int, short, void );
170	170	/** callback user arg */
171	171	void *ev_arg;
172	172

182	182	/** should remembered EV_ values be used for TCP streams.
183	183	* Reset after WOULDBLOCK is signaled using the function. */
184	184	int stick_events;
	185
	186	/** true if this event is a signaling WSAEvent by the user.
	187	* User created and user closed WSAEvent. Only signaled/unsigneled,
	188	* no read/write/distinctions needed. */
	189	int is_signal;
185	190	};
186	191
187	192	/** create event base */

230	235	*/
231	236	void winsock_tcp_wouldblock(struct event* ev, int eventbit);
232	237
	238	/**
	239	* Routine for windows only. where you pass a signal WSAEvent that
	240	* you wait for. When the event is signaled, the callback gets called.
	241	* The callback has to WSAResetEvent to disable the signal.
	242	* @param base: the event base.
	243	* @param ev: the event structure for data storage
	244	* can be passed uninitialised.
	245	* @param wsaevent: the WSAEvent that gets signaled.
	246	* @param cb: callback routine.
	247	* @param arg: user argument to callback routine.
	248	* @return false on error.
	249	*/
	250	int winsock_register_wsaevent(struct event_base* base, struct event* ev,
	251	WSAEVENT wsaevent, void (cb)(int, short, void), void* arg);
	252
	253	/**
	254	* Unregister a wsaevent. User has to close the WSAEVENT itself.
	255	* @param ev: event data storage.
	256	*/
	257	void winsock_unregister_wsaevent(struct event* ev);
	258
233	259	#endif /* USE_WINSOCK */
234	260	#endif /* UTIL_WINSOCK_EVENT_H */

+146

-32

validator/val_anchor.c less more

45	45	#include "util/net_help.h"
46	46	#include "util/regional.h"
47	47	#include "util/config_file.h"
	48	#ifdef HAVE_GLOB_H
	49	#include <glob.h>
	50	#endif
48	51
49	52	int
50	53	anchor_cmp(const void* k1, const void* k2)

202	205	* @param dclass: class of RR
203	206	* @param rdata: rdata wireformat, starting with rdlength.
204	207	* @param rdata_len: length of rdata including rdlength.
205		* @return: 0 on error.
206		*/
207		static int
	208	* @return: NULL on error, else the trust anchor.
	209	*/
	210	static struct trust_anchor*
208	211	anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type,
209	212	uint16_t dclass, uint8_t* rdata, size_t rdata_len)
210	213	{

222	225	if(!ta) {
223	226	ta = anchor_new_ta(anchors, name, namelabs, namelen, dclass);
224	227	if(!ta)
225		return 0;
	228	return NULL;
226	229	}
227	230	/* look for duplicates */
228	231	if(anchor_find_key(ta, rdata, rdata_len, type)) {
229		return 1;
	232	return ta;
230	233	}
231	234	k = anchor_new_ta_key(anchors, rdata, rdata_len, type);
232	235	if(!k)
233		return 0;
	236	return NULL;
234	237	/* add new key */
235	238	if(type == LDNS_RR_TYPE_DS)
236	239	ta->numDS++;
237	240	else ta->numDNSKEY++;
238	241	k->next = ta->keylist;
239	242	ta->keylist = k;
240		return 1;
	243	return ta;
241	244	}
242	245
243	246	/**

245	248	* @param anchors: anchor storage.
246	249	* @param buffer: parsing buffer.
247	250	* @param rr: the rr (allocated by caller).
248		* @return false on error.
249		*/
250		static int
	251	* @return NULL on error, else the trust anchor.
	252	*/
	253	static struct trust_anchor*
251	254	anchor_store_new_rr(struct val_anchors* anchors, ldns_buffer* buffer,
252	255	ldns_rr* rr)
253	256	{
	257	struct trust_anchor* ta;
254	258	ldns_rdf* owner = ldns_rr_owner(rr);
255	259	ldns_status status;
256	260	ldns_buffer_clear(buffer);

259	263	if(status != LDNS_STATUS_OK) {
260	264	log_err("error converting trustanchor to wireformat: %s",
261	265	ldns_get_errorstr_by_id(status));
262		return 0;
	266	return NULL;
263	267	}
264	268	ldns_buffer_flip(buffer);
265	269	ldns_buffer_write_u16_at(buffer, 0, ldns_buffer_limit(buffer) - 2);
266	270
267		if(!anchor_store_new_key(anchors, ldns_rdf_data(owner),
	271	if(!(ta=anchor_store_new_key(anchors, ldns_rdf_data(owner),
268	272	ldns_rr_get_type(rr), ldns_rr_get_class(rr),
269		ldns_buffer_begin(buffer), ldns_buffer_limit(buffer))) {
270		return 0;
	273	ldns_buffer_begin(buffer), ldns_buffer_limit(buffer)))) {
	274	return NULL;
271	275	}
272	276	log_nametypeclass(VERB_QUERY, "adding trusted key",
273	277	ldns_rdf_data(owner),
274	278	ldns_rr_get_type(rr), ldns_rr_get_class(rr));
275		return 1;
276		}
277
278		int
	279	return ta;
	280	}
	281
	282	struct trust_anchor*
279	283	anchor_store_str(struct val_anchors* anchors, ldns_buffer* buffer,
280	284	const char* str)
281	285	{
	286	struct trust_anchor* ta;
282	287	ldns_rr* rr = NULL;
283	288	ldns_status status = ldns_rr_new_frm_str(&rr, str, 0, NULL, NULL);
284	289	if(status != LDNS_STATUS_OK) {
285	290	log_err("error parsing trust anchor: %s",
286	291	ldns_get_errorstr_by_id(status));
287	292	ldns_rr_free(rr);
288		return 0;
289		}
290		if(!anchor_store_new_rr(anchors, buffer, rr)) {
	293	return NULL;
	294	}
	295	if(!(ta=anchor_store_new_rr(anchors, buffer, rr))) {
291	296	log_err("out of memory");
292	297	ldns_rr_free(rr);
293		return 0;
	298	return NULL;
294	299	}
295	300	ldns_rr_free(rr);
296		return 1;
	301	return ta;
297	302	}
298	303
299	304	/**

301	306	* @param anchors: anchor storage.
302	307	* @param buffer: parsing buffer.
303	308	* @param fname: string.
304		* @return false on error.
305		*/
306		static int
	309	* @param onlyone: only one trust anchor allowed in file.
	310	* @return NULL on error. Else last trust-anchor point.
	311	*/
	312	static struct trust_anchor*
307	313	anchor_read_file(struct val_anchors* anchors, ldns_buffer* buffer,
308		const char* fname)
309		{
	314	const char* fname, int onlyone)
	315	{
	316	struct trust_anchor* ta = NULL, *tanew;
310	317	uint32_t default_ttl = 3600;
311	318	ldns_rdf* origin = NULL, *prev = NULL;
312	319	int line_nr = 1;

338	345	ldns_rr_free(rr);
339	346	continue;
340	347	}
341		if(!anchor_store_new_rr(anchors, buffer, rr)) {
	348	if(!(tanew=anchor_store_new_rr(anchors, buffer, rr))) {
342	349	log_err("error at %s line %d", fname, line_nr);
343	350	ldns_rr_free(rr);
344	351	ok = 0;
345	352	break;
346	353	}
	354	if(onlyone && ta && ta != tanew) {
	355	log_err("error at %s line %d: no multiple anchor "
	356	"domains allowed (you can have multiple "
	357	"keys, but they must have the same name).",
	358	fname, line_nr);
	359	ldns_rr_free(rr);
	360	ok = 0;
	361	break;
	362	}
	363	ta = tanew;
347	364	ldns_rr_free(rr);
348	365	}
349	366	ldns_rdf_deep_free(origin);
350	367	ldns_rdf_deep_free(prev);
351	368	fclose(in);
352		return ok;
	369	if(!ok) return NULL;
	370	/* empty file is OK when multiple anchors are allowed */
	371	if(!onlyone && !ta) return (struct trust_anchor*)1;
	372	return ta;
353	373	}
354	374
355	375	/** skip file to end of line */

644	664	return 1;
645	665	}
646	666
	667	/**
	668	* Read a BIND9 like files with trust anchors in named.conf format.
	669	* Performs wildcard processing of name.
	670	* @param anchors: anchor storage.
	671	* @param buffer: parsing buffer.
	672	* @param pat: pattern string. (can be wildcarded)
	673	* @return false on error.
	674	*/
	675	static int
	676	anchor_read_bind_file_wild(struct val_anchors* anchors, ldns_buffer* buffer,
	677	const char* pat)
	678	{
	679	#ifdef HAVE_GLOB
	680	glob_t g;
	681	size_t i;
	682	int r, flags;
	683	if(!strchr(pat, '*') && !strchr(pat, '?') && !strchr(pat, '[') &&
	684	!strchr(pat, '{') && !strchr(pat, '~')) {
	685	return anchor_read_bind_file(anchors, buffer, pat);
	686	}
	687	verbose(VERB_QUERY, "wildcard found, processing %s", pat);
	688	flags = 0
	689	#ifdef GLOB_ERR
	690	\| GLOB_ERR
	691	#endif
	692	#ifdef GLOB_NOSORT
	693	\| GLOB_NOSORT
	694	#endif
	695	#ifdef GLOB_BRACE
	696	\| GLOB_BRACE
	697	#endif
	698	#ifdef GLOB_TILDE
	699	\| GLOB_TILDE
	700	#endif
	701	;
	702	memset(&g, 0, sizeof(g));
	703	r = glob(pat, flags, NULL, &g);
	704	if(r) {
	705	/* some error */
	706	if(r == GLOB_NOMATCH) {
	707	verbose(VERB_QUERY, "trusted-keys-file: "
	708	"no matches for %s", pat);
	709	return 1;
	710	} else if(r == GLOB_NOSPACE) {
	711	log_err("wildcard trusted-keys-file %s: "
	712	"pattern out of memory", pat);
	713	} else if(r == GLOB_ABORTED) {
	714	log_err("wildcard trusted-keys-file %s: expansion "
	715	"aborted (%s)", pat, strerror(errno));
	716	} else {
	717	log_err("wildcard trusted-keys-file %s: expansion "
	718	"failed (%s)", pat, strerror(errno));
	719	}
	720	return 0;
	721	}
	722	/* process files found, if any */
	723	for(i=0; i<(size_t)g.gl_pathc; i++) {
	724	if(!anchor_read_bind_file(anchors, buffer, g.gl_pathv[i])) {
	725	log_err("error reading wildcard "
	726	"trusted-keys-file: %s", g.gl_pathv[i]);
	727	globfree(&g);
	728	return 0;
	729	}
	730	}
	731	globfree(&g);
	732	return 1;
	733	#else /* not HAVE_GLOB */
	734	return anchor_read_bind_file(anchors, buffer, pat);
	735	#endif /* HAVE_GLOB */
	736	}
	737
647	738	/**
648	739	* Assemble an rrset structure for the type
649	740	* @param region: allocated in this region.

758	849	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
759	850	cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
760	851	nm += strlen(cfg->chrootdir);
761		if(!anchor_read_file(anchors, parsebuf, nm)) {
	852	if(!anchor_read_file(anchors, parsebuf, nm, 0)) {
762	853	log_err("error reading trust-anchor-file: %s", f->str);
763	854	ldns_buffer_free(parsebuf);
764	855	return 0;

771	862	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
772	863	cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
773	864	nm += strlen(cfg->chrootdir);
774		if(!anchor_read_bind_file(anchors, parsebuf, nm)) {
	865	if(!anchor_read_bind_file_wild(anchors, parsebuf, nm)) {
775	866	log_err("error reading trusted-keys-file: %s", f->str);
776	867	ldns_buffer_free(parsebuf);
777	868	return 0;

782	873	continue;
783	874	if(!anchor_store_str(anchors, parsebuf, f->str)) {
784	875	log_err("error in trust-anchor: \"%s\"", f->str);
	876	ldns_buffer_free(parsebuf);
	877	return 0;
	878	}
	879	}
	880	if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) {
	881	nm = cfg->dlv_anchor_file;
	882	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
	883	cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
	884	nm += strlen(cfg->chrootdir);
	885	if(!(anchors->dlv_anchor = anchor_read_file(anchors, parsebuf,
	886	nm, 1))) {
	887	log_err("error reading dlv-anchor-file: %s",
	888	cfg->dlv_anchor_file);
	889	ldns_buffer_free(parsebuf);
	890	return 0;
	891	}
	892	}
	893	for(f = cfg->dlv_anchor_list; f; f = f->next) {
	894	if(!f->str \|\| f->str[0] == 0) /* empty "" */
	895	continue;
	896	if(!(anchors->dlv_anchor = anchor_store_str(
	897	anchors, parsebuf, f->str))) {
	898	log_err("error in dlv-anchor: \"%s\"", f->str);
785	899	ldns_buffer_free(parsebuf);
786	900	return 0;
787	901	}

+5

-3

validator/val_anchor.h less more

59	59	* contents of type trust_anchor.
60	60	*/
61	61	rbtree_t* tree;
	62	/** The DLV trust anchor (if one is configured, else NULL) */
	63	struct trust_anchor* dlv_anchor;
62	64	};
63	65
64	66	/**

157	159	* @param anchors: anchor storage.
158	160	* @param buffer: parsing buffer, to generate the RR wireformat in.
159	161	* @param str: string.
160		* @return false on error.
	162	* @return NULL on error.
161	163	*/
162		int anchor_store_str(struct val_anchors* anchors, ldns_buffer* buffer,
163		const char* str);
	164	struct trust_anchor* anchor_store_str(struct val_anchors* anchors,
	165	ldns_buffer* buffer, const char* str);
164	166
165	167	/**
166	168	* Get memory in use by the trust anchor storage

+1

-0

validator/val_kentry.c less more

76	76	struct key_entry_key* kk = (struct key_entry_key*)key;
77	77	if(!key)
78	78	return;
	79	lock_rw_destroy(&kk->entry.lock);
79	80	free(kk->name);
80	81	free(kk);
81	82	}

+1370

-0

validator/val_neg.c less more

	0	/*
	1	* validator/val_neg.c - validator aggressive negative caching functions.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains helper functions for the validator module.
	39	* The functions help with aggressive negative caching.
	40	* This creates new denials of existance, and proofs for absence of types
	41	* from cached NSEC records.
	42	*/
	43	#include "config.h"
	44	#include "validator/val_neg.h"
	45	#include "validator/val_nsec.h"
	46	#include "validator/val_nsec3.h"
	47	#include "validator/val_utils.h"
	48	#include "util/data/dname.h"
	49	#include "util/data/msgreply.h"
	50	#include "util/log.h"
	51	#include "util/net_help.h"
	52	#include "util/config_file.h"
	53	#include "services/cache/rrset.h"
	54	#include "services/cache/dns.h"
	55
	56	int val_neg_data_compare(const void* a, const void* b)
	57	{
	58	struct val_neg_data* x = (struct val_neg_data*)a;
	59	struct val_neg_data* y = (struct val_neg_data*)b;
	60	int m;
	61	return dname_canon_lab_cmp(x->name, x->labs, y->name, y->labs, &m);
	62	}
	63
	64	int val_neg_zone_compare(const void* a, const void* b)
	65	{
	66	struct val_neg_zone* x = (struct val_neg_zone*)a;
	67	struct val_neg_zone* y = (struct val_neg_zone*)b;
	68	int m;
	69	if(x->dclass != y->dclass) {
	70	if(x->dclass < y->dclass)
	71	return -1;
	72	return 1;
	73	}
	74	return dname_canon_lab_cmp(x->name, x->labs, y->name, y->labs, &m);
	75	}
	76
	77	struct val_neg_cache* val_neg_create(struct config_file* cfg, size_t maxiter)
	78	{
	79	struct val_neg_cache* neg = (struct val_neg_cache*)calloc(1,
	80	sizeof(*neg));
	81	if(!neg) {
	82	log_err("Could not create neg cache: out of memory");
	83	return NULL;
	84	}
	85	neg->nsec3_max_iter = maxiter;
	86	neg->max = 10241024; / 1 M is thousands of entries */
	87	if(cfg) neg->max = cfg->neg_cache_size;
	88	rbtree_init(&neg->tree, &val_neg_zone_compare);
	89	lock_basic_init(&neg->lock);
	90	lock_protect(&neg->lock, neg, sizeof(*neg));
	91	return neg;
	92	}
	93
	94	size_t val_neg_get_mem(struct val_neg_cache* neg)
	95	{
	96	size_t result;
	97	lock_basic_lock(&neg->lock);
	98	result = sizeof(*neg) + neg->use;
	99	lock_basic_unlock(&neg->lock);
	100	return result;
	101	}
	102
	103	/** clear datas on cache deletion */
	104	static void
	105	neg_clear_datas(rbnode_t* n, void* ATTR_UNUSED(arg))
	106	{
	107	struct val_neg_data* d = (struct val_neg_data*)n;
	108	free(d->name);
	109	free(d);
	110	}
	111
	112	/** clear zones on cache deletion */
	113	static void
	114	neg_clear_zones(rbnode_t* n, void* ATTR_UNUSED(arg))
	115	{
	116	struct val_neg_zone* z = (struct val_neg_zone*)n;
	117	/* delete all the rrset entries in the tree */
	118	traverse_postorder(&z->tree, &neg_clear_datas, NULL);
	119	free(z->nsec3_salt);
	120	free(z->name);
	121	free(z);
	122	}
	123
	124	void neg_cache_delete(struct val_neg_cache* neg)
	125	{
	126	if(!neg) return;
	127	lock_basic_destroy(&neg->lock);
	128	/* delete all the zones in the tree */
	129	traverse_postorder(&neg->tree, &neg_clear_zones, NULL);
	130	free(neg);
	131	}
	132
	133	/**
	134	* Put data element at the front of the LRU list.
	135	* @param neg: negative cache with LRU start and end.
	136	* @param data: this data is fronted.
	137	*/
	138	static void neg_lru_front(struct val_neg_cache* neg,
	139	struct val_neg_data* data)
	140	{
	141	data->prev = NULL;
	142	data->next = neg->first;
	143	if(!neg->first)
	144	neg->last = data;
	145	else neg->first->prev = data;
	146	neg->first = data;
	147	}
	148
	149	/**
	150	* Remove data element from LRU list.
	151	* @param neg: negative cache with LRU start and end.
	152	* @param data: this data is removed from the list.
	153	*/
	154	static void neg_lru_remove(struct val_neg_cache* neg,
	155	struct val_neg_data* data)
	156	{
	157	if(data->prev)
	158	data->prev->next = data->next;
	159	else neg->first = data->next;
	160	if(data->next)
	161	data->next->prev = data->prev;
	162	else neg->last = data->prev;
	163	}
	164
	165	/**
	166	* Touch LRU for data element, put it at the start of the LRU list.
	167	* @param neg: negative cache with LRU start and end.
	168	* @param data: this data is used.
	169	*/
	170	static void neg_lru_touch(struct val_neg_cache* neg,
	171	struct val_neg_data* data)
	172	{
	173	if(data == neg->first)
	174	return; /* nothing to do */
	175	/* remove from current lru position */
	176	neg_lru_remove(neg, data);
	177	/* add at front */
	178	neg_lru_front(neg, data);
	179	}
	180
	181	/**
	182	* Delete a zone element from the negative cache.
	183	* May delete other zone elements to keep tree coherent, or
	184	* only mark the element as 'not in use'.
	185	* @param neg: negative cache.
	186	* @param z: zone element to delete.
	187	*/
	188	static void neg_delete_zone(struct val_neg_cache* neg, struct val_neg_zone* z)
	189	{
	190	struct val_neg_zone* p, *np;
	191	if(!z) return;
	192	log_assert(z->in_use);
	193	log_assert(z->count > 0);
	194	z->in_use = 0;
	195
	196	/* go up the tree and reduce counts */
	197	p = z;
	198	while(p) {
	199	log_assert(p->count > 0);
	200	p->count --;
	201	p = p->parent;
	202	}
	203
	204	/* remove zones with zero count */
	205	p = z;
	206	while(p && p->count == 0) {
	207	np = p->parent;
	208	(void)rbtree_delete(&neg->tree, &p->node);
	209	neg->use -= p->len + sizeof(*p);
	210	free(p->nsec3_salt);
	211	free(p->name);
	212	free(p);
	213	p = np;
	214	}
	215	}
	216
	217	void neg_delete_data(struct val_neg_cache* neg, struct val_neg_data* el)
	218	{
	219	struct val_neg_zone* z;
	220	struct val_neg_data* p, *np;
	221	if(!el) return;
	222	z = el->zone;
	223	log_assert(el->in_use);
	224	log_assert(el->count > 0);
	225	el->in_use = 0;
	226
	227	/* remove it from the lru list */
	228	neg_lru_remove(neg, el);
	229
	230	/* go up the tree and reduce counts */
	231	p = el;
	232	while(p) {
	233	log_assert(p->count > 0);
	234	p->count --;
	235	p = p->parent;
	236	}
	237
	238	/* delete 0 count items from tree */
	239	p = el;
	240	while(p && p->count == 0) {
	241	np = p->parent;
	242	(void)rbtree_delete(&z->tree, &p->node);
	243	neg->use -= p->len + sizeof(*p);
	244	free(p->name);
	245	free(p);
	246	p = np;
	247	}
	248
	249	/* check if the zone is now unused */
	250	if(z->tree.count == 0) {
	251	neg_delete_zone(neg, z);
	252	}
	253	}
	254
	255	/**
	256	* Create more space in negative cache
	257	* The oldest elements are deleted until enough space is present.
	258	* Empty zones are deleted.
	259	* @param neg: negative cache.
	260	* @param need: how many bytes are needed.
	261	*/
	262	static void neg_make_space(struct val_neg_cache* neg, size_t need)
	263	{
	264	/* delete elements until enough space or its empty */
	265	while(neg->last && neg->max < neg->use + need) {
	266	neg_delete_data(neg, neg->last);
	267	}
	268	}
	269
	270	struct val_neg_zone* neg_find_zone(struct val_neg_cache* neg,
	271	uint8_t* nm, size_t len, uint16_t dclass)
	272	{
	273	struct val_neg_zone lookfor;
	274	struct val_neg_zone* result;
	275	lookfor.node.key = &lookfor;
	276	lookfor.name = nm;
	277	lookfor.len = len;
	278	lookfor.labs = dname_count_labels(lookfor.name);
	279	lookfor.dclass = dclass;
	280
	281	result = (struct val_neg_zone*)
	282	rbtree_search(&neg->tree, lookfor.node.key);
	283	return result;
	284	}
	285
	286	/**
	287	* Find the given data
	288	* @param zone: negative zone
	289	* @param nm: what to look for.
	290	* @param len: length of nm
	291	* @param labs: labels in nm
	292	* @return data or NULL if not found.
	293	*/
	294	static struct val_neg_data* neg_find_data(struct val_neg_zone* zone,
	295	uint8_t* nm, size_t len, int labs)
	296	{
	297	struct val_neg_data lookfor;
	298	struct val_neg_data* result;
	299	lookfor.node.key = &lookfor;
	300	lookfor.name = nm;
	301	lookfor.len = len;
	302	lookfor.labs = labs;
	303
	304	result = (struct val_neg_data*)
	305	rbtree_search(&zone->tree, lookfor.node.key);
	306	return result;
	307	}
	308
	309	/**
	310	* Calculate space needed for the data and all its parents
	311	* @param rep: NSEC entries.
	312	* @return size.
	313	*/
	314	static size_t calc_data_need(struct reply_info* rep)
	315	{
	316	uint8_t* d;
	317	size_t i, len, res = 0;
	318
	319	for(i=rep->an_numrrsets; i<rep->an_numrrsets+rep->ns_numrrsets; i++) {
	320	if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC) {
	321	d = rep->rrsets[i]->rk.dname;
	322	len = rep->rrsets[i]->rk.dname_len;
	323	res = sizeof(struct val_neg_data) + len;
	324	while(!dname_is_root(d)) {
	325	log_assert(len > 1); /* not root label */
	326	dname_remove_label(&d, &len);
	327	res += sizeof(struct val_neg_data) + len;
	328	}
	329	}
	330	}
	331	return res;
	332	}
	333
	334	/**
	335	* Calculate space needed for zone and all its parents
	336	* @param d: name of zone
	337	* @param len: length of name
	338	* @return size.
	339	*/
	340	static size_t calc_zone_need(uint8_t* d, size_t len)
	341	{
	342	size_t res = sizeof(struct val_neg_zone) + len;
	343	while(!dname_is_root(d)) {
	344	log_assert(len > 1); /* not root label */
	345	dname_remove_label(&d, &len);
	346	res += sizeof(struct val_neg_zone) + len;
	347	}
	348	return res;
	349	}
	350
	351	/**
	352	* Find closest existing parent zone of the given name.
	353	* @param neg: negative cache.
	354	* @param nm: name to look for
	355	* @param nm_len: length of nm
	356	* @param labs: labelcount of nm.
	357	* @param qclass: class.
	358	* @return the zone or NULL if none found.
	359	*/
	360	static struct val_neg_zone* neg_closest_zone_parent(struct val_neg_cache* neg,
	361	uint8_t* nm, size_t nm_len, int labs, uint16_t qclass)
	362	{
	363	struct val_neg_zone key;
	364	struct val_neg_zone* result;
	365	rbnode_t* res = NULL;
	366	key.node.key = &key;
	367	key.name = nm;
	368	key.len = nm_len;
	369	key.labs = labs;
	370	key.dclass = qclass;
	371	if(rbtree_find_less_equal(&neg->tree, &key, &res)) {
	372	/* exact match */
	373	result = (struct val_neg_zone*)res;
	374	} else {
	375	/* smaller element (or no element) */
	376	int m;
	377	result = (struct val_neg_zone*)res;
	378	if(!result \|\| result->dclass != qclass)
	379	return NULL;
	380	/* count number of labels matched */
	381	(void)dname_lab_cmp(result->name, result->labs, key.name,
	382	key.labs, &m);
	383	while(result) { /* go up until qname is subdomain of stub */
	384	if(result->labs <= m)
	385	break;
	386	result = result->parent;
	387	}
	388	}
	389	return result;
	390	}
	391
	392	/**
	393	* Find closest existing parent data for the given name.
	394	* @param zone: to look in.
	395	* @param nm: name to look for
	396	* @param nm_len: length of nm
	397	* @param labs: labelcount of nm.
	398	* @return the data or NULL if none found.
	399	*/
	400	static struct val_neg_data* neg_closest_data_parent(
	401	struct val_neg_zone* zone, uint8_t* nm, size_t nm_len, int labs)
	402	{
	403	struct val_neg_data key;
	404	struct val_neg_data* result;
	405	rbnode_t* res = NULL;
	406	key.node.key = &key;
	407	key.name = nm;
	408	key.len = nm_len;
	409	key.labs = labs;
	410	if(rbtree_find_less_equal(&zone->tree, &key, &res)) {
	411	/* exact match */
	412	result = (struct val_neg_data*)res;
	413	} else {
	414	/* smaller element (or no element) */
	415	int m;
	416	result = (struct val_neg_data*)res;
	417	if(!result)
	418	return NULL;
	419	/* count number of labels matched */
	420	(void)dname_lab_cmp(result->name, result->labs, key.name,
	421	key.labs, &m);
	422	while(result) { /* go up until qname is subdomain of stub */
	423	if(result->labs <= m)
	424	break;
	425	result = result->parent;
	426	}
	427	}
	428	return result;
	429	}
	430
	431	/**
	432	* Create a single zone node
	433	* @param nm: name for zone (copied)
	434	* @param nm_len: length of name
	435	* @param labs: labels in name.
	436	* @param dclass: class of zone, host order.
	437	* @return new zone or NULL on failure
	438	*/
	439	static struct val_neg_zone* neg_setup_zone_node(
	440	uint8_t* nm, size_t nm_len, int labs, uint16_t dclass)
	441	{
	442	struct val_neg_zone* zone =
	443	(struct val_neg_zone)calloc(1, sizeof(zone));
	444	if(!zone) {
	445	return NULL;
	446	}
	447	zone->node.key = zone;
	448	zone->name = memdup(nm, nm_len);
	449	if(!zone->name) {
	450	free(zone);
	451	return NULL;
	452	}
	453	zone->len = nm_len;
	454	zone->labs = labs;
	455	zone->dclass = dclass;
	456
	457	rbtree_init(&zone->tree, &val_neg_data_compare);
	458	return zone;
	459	}
	460
	461	/**
	462	* Create a linked list of parent zones, starting at longname ending on
	463	* the parent (can be NULL, creates to the root).
	464	* @param nm: name for lowest in chain
	465	* @param nm_len: length of name
	466	* @param labs: labels in name.
	467	* @param dclass: class of zone.
	468	* @param parent: NULL for to root, else so it fits under here.
	469	* @return zone; a chain of zones and their parents up to the parent.
	470	* or NULL on malloc failure
	471	*/
	472	static struct val_neg_zone* neg_zone_chain(
	473	uint8_t* nm, size_t nm_len, int labs, uint16_t dclass,
	474	struct val_neg_zone* parent)
	475	{
	476	int i;
	477	int tolabs = parent?parent->labs:0;
	478	struct val_neg_zone* zone, prev = NULL, first = NULL;
	479
	480	/* create the new subtree, i is labelcount of current creation */
	481	/* this creates a 'first' to z->parent=NULL list of zones */
	482	for(i=labs; i!=tolabs; i--) {
	483	/* create new item */
	484	zone = neg_setup_zone_node(nm, nm_len, i, dclass);
	485	if(!zone) {
	486	/* need to delete other allocations in this routine!*/
	487	struct val_neg_zone* p=first, *np;
	488	while(p) {
	489	np = p->parent;
	490	free(p);
	491	free(p->name);
	492	p = np;
	493	}
	494	return NULL;
	495	}
	496	if(i == labs) {
	497	first = zone;
	498	} else {
	499	prev->parent = zone;
	500	}
	501	/* prepare for next name */
	502	prev = zone;
	503	dname_remove_label(&nm, &nm_len);
	504	}
	505	return first;
	506	}
	507
	508	void val_neg_zone_take_inuse(struct val_neg_zone* zone)
	509	{
	510	if(!zone->in_use) {
	511	struct val_neg_zone* p;
	512	zone->in_use = 1;
	513	/* increase usage count of all parents */
	514	for(p=zone; p; p = p->parent) {
	515	p->count++;
	516	}
	517	}
	518	}
	519
	520	struct val_neg_zone* neg_create_zone(struct val_neg_cache* neg,
	521	uint8_t* nm, size_t nm_len, uint16_t dclass)
	522	{
	523	struct val_neg_zone* zone;
	524	struct val_neg_zone* parent;
	525	struct val_neg_zone* p, *np;
	526	int labs = dname_count_labels(nm);
	527
	528	/* find closest enclosing parent zone that (still) exists */
	529	parent = neg_closest_zone_parent(neg, nm, nm_len, labs, dclass);
	530	if(parent && query_dname_compare(parent->name, nm) == 0)
	531	return parent; /* already exists, weird */
	532	/* if parent exists, it is in use */
	533	log_assert(!parent \|\| parent->count > 0);
	534	zone = neg_zone_chain(nm, nm_len, labs, dclass, parent);
	535	if(!zone) {
	536	return NULL;
	537	}
	538
	539	/* insert the list of zones into the tree */
	540	p = zone;
	541	while(p) {
	542	np = p->parent;
	543	/* mem use */
	544	neg->use += sizeof(struct val_neg_zone) + p->len;
	545	/* insert in tree */
	546	(void)rbtree_insert(&neg->tree, &p->node);
	547	/* last one needs proper parent pointer */
	548	if(np == NULL)
	549	p->parent = parent;
	550	p = np;
	551	}
	552	return zone;
	553	}
	554
	555	/** find zone name of message, returns the SOA record */
	556	static struct ub_packed_rrset_key* reply_find_soa(struct reply_info* rep)
	557	{
	558	size_t i;
	559	for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){
	560	if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_SOA)
	561	return rep->rrsets[i];
	562	}
	563	return NULL;
	564	}
	565
	566	/** see if the reply has NSEC records worthy of caching */
	567	static int reply_has_nsec(struct reply_info* rep)
	568	{
	569	size_t i;
	570	struct packed_rrset_data* d;
	571	if(rep->security != sec_status_secure)
	572	return 0;
	573	for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){
	574	if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC) {
	575	d = (struct packed_rrset_data*)rep->rrsets[i]->
	576	entry.data;
	577	if(d->security == sec_status_secure)
	578	return 1;
	579	}
	580	}
	581	return 0;
	582	}
	583
	584
	585	/**
	586	* Create single node of data element.
	587	* @param nm: name (copied)
	588	* @param nm_len: length of name
	589	* @param labs: labels in name.
	590	* @return element with name nm, or NULL malloc failure.
	591	*/
	592	static struct val_neg_data* neg_setup_data_node(
	593	uint8_t* nm, size_t nm_len, int labs)
	594	{
	595	struct val_neg_data* el;
	596	el = (struct val_neg_data)calloc(1, sizeof(el));
	597	if(!el) {
	598	return NULL;
	599	}
	600	el->node.key = el;
	601	el->name = memdup(nm, nm_len);
	602	if(!el->name) {
	603	free(el);
	604	return NULL;
	605	}
	606	el->len = nm_len;
	607	el->labs = labs;
	608	return el;
	609	}
	610
	611	/**
	612	* Create chain of data element and parents
	613	* @param nm: name
	614	* @param nm_len: length of name
	615	* @param labs: labels in name.
	616	* @param parent: up to where to make, if NULL up to root label.
	617	* @return lowest element with name nm, or NULL malloc failure.
	618	*/
	619	static struct val_neg_data* neg_data_chain(
	620	uint8_t* nm, size_t nm_len, int labs, struct val_neg_data* parent)
	621	{
	622	int i;
	623	int tolabs = parent?parent->labs:0;
	624	struct val_neg_data* el, first = NULL, prev = NULL;
	625
	626	/* create the new subtree, i is labelcount of current creation */
	627	/* this creates a 'first' to z->parent=NULL list of zones */
	628	for(i=labs; i!=tolabs; i--) {
	629	/* create new item */
	630	el = neg_setup_data_node(nm, nm_len, i);
	631	if(!el) {
	632	/* need to delete other allocations in this routine!*/
	633	struct val_neg_data* p = first, *np;
	634	while(p) {
	635	np = p->parent;
	636	free(p);
	637	free(p->name);
	638	p = np;
	639	}
	640	return NULL;
	641	}
	642	if(i == labs) {
	643	first = el;
	644	} else {
	645	prev->parent = el;
	646	}
	647
	648	/* prepare for next name */
	649	prev = el;
	650	dname_remove_label(&nm, &nm_len);
	651	}
	652	return first;
	653	}
	654
	655	/**
	656	* Remove NSEC records between start and end points.
	657	* By walking the tree, the tree is sorted canonically.
	658	* @param neg: negative cache.
	659	* @param zone: the zone
	660	* @param el: element to start walking at.
	661	* @param nsec: the nsec record with the end point
	662	*/
	663	static void wipeout(struct val_neg_cache* neg, struct val_neg_zone* zone,
	664	struct val_neg_data* el, struct ub_packed_rrset_key* nsec)
	665	{
	666	struct packed_rrset_data* d = (struct packed_rrset_data*)nsec->
	667	entry.data;
	668	uint8_t* end;
	669	size_t end_len;
	670	int end_labs, m;
	671	rbnode_t* walk, *next;
	672	struct val_neg_data* cur;
	673	uint8_t buf[257];
	674	/* get endpoint */
	675	if(!d \|\| d->count == 0 \|\| d->rr_len[0] < 2+1)
	676	return;
	677	if(ntohs(nsec->rk.type) == LDNS_RR_TYPE_NSEC) {
	678	end = d->rr_data[0]+2;
	679	end_len = dname_valid(end, d->rr_len[0]-2);
	680	end_labs = dname_count_labels(end);
	681	} else {
	682	/* NSEC3 */
	683	if(!nsec3_get_nextowner_b32(nsec, 0, buf, sizeof(buf)))
	684	return;
	685	end = buf;
	686	end_labs = dname_count_size_labels(end, &end_len);
	687	}
	688
	689	/* sanity check, both owner and end must be below the zone apex */
	690	if(!dname_subdomain_c(el->name, zone->name) \|\|
	691	!dname_subdomain_c(end, zone->name))
	692	return;
	693
	694	/* detect end of zone NSEC ; wipe until the end of zone */
	695	if(query_dname_compare(end, zone->name) == 0) {
	696	end = NULL;
	697	}
	698
	699	walk = rbtree_next(&el->node);
	700	while(walk && walk != RBTREE_NULL) {
	701	cur = (struct val_neg_data*)walk;
	702	/* sanity check: must be larger than start */
	703	if(dname_canon_lab_cmp(cur->name, cur->labs,
	704	el->name, el->labs, &m) <= 0) {
	705	/* r == 0 skip original record. */
	706	/* r < 0 too small! */
	707	walk = rbtree_next(walk);
	708	continue;
	709	}
	710	/* stop at endpoint, also data at empty nonterminals must be
	711	* removed (no NSECs there) so everything between
	712	* start and end */
	713	if(end && dname_canon_lab_cmp(cur->name, cur->labs,
	714	end, end_labs, &m) >= 0) {
	715	break;
	716	}
	717	/* this element has to be deleted, but we cannot do it
	718	* now, because we are walking the tree still ... */
	719	/* get the next element: */
	720	next = rbtree_next(walk);
	721	/* now delete the original element, this may trigger
	722	* rbtree rebalances, but really, the next element is
	723	* the one we need.
	724	* But it may trigger delete of other data and the
	725	* entire zone. However, if that happens, this is done
	726	* by deleting the parents of the element for deletion,
	727	* and maybe also the entire zone if it is empty.
	728	* But parents are smaller in canonical compare, thus,
	729	* if a larger element exists, then it is not a parent,
	730	* it cannot get deleted, the zone cannot get empty.
	731	* If the next==NULL, then zone can be empty. */
	732	if(cur->in_use)
	733	neg_delete_data(neg, cur);
	734	walk = next;
	735	}
	736	}
	737
	738	void neg_insert_data(struct val_neg_cache* neg,
	739	struct val_neg_zone* zone, struct ub_packed_rrset_key* nsec)
	740	{
	741	struct packed_rrset_data* d;
	742	struct val_neg_data* parent;
	743	struct val_neg_data* el;
	744	uint8_t* nm = nsec->rk.dname;
	745	size_t nm_len = nsec->rk.dname_len;
	746	int labs = dname_count_labels(nsec->rk.dname);
	747
	748	d = (struct packed_rrset_data*)nsec->entry.data;
	749	if( !(d->security == sec_status_secure \|\|
	750	(d->security == sec_status_unchecked && d->rrsig_count > 0)))
	751	return;
	752	log_nametypeclass(VERB_ALGO, "negcache rr",
	753	nsec->rk.dname, ntohs(nsec->rk.type),
	754	ntohs(nsec->rk.rrset_class));
	755
	756	/* find closest enclosing parent data that (still) exists */
	757	parent = neg_closest_data_parent(zone, nm, nm_len, labs);
	758	if(parent && query_dname_compare(parent->name, nm) == 0) {
	759	/* perfect match already exists */
	760	log_assert(parent->count > 0);
	761	el = parent;
	762	} else {
	763	struct val_neg_data* p, *np;
	764
	765	/* create subtree for perfect match */
	766	/* if parent exists, it is in use */
	767	log_assert(!parent \|\| parent->count > 0);
	768
	769	el = neg_data_chain(nm, nm_len, labs, parent);
	770	if(!el) {
	771	log_err("out of memory inserting NSEC negative cache");
	772	return;
	773	}
	774	el->in_use = 0; /* set on below */
	775
	776	/* insert the list of zones into the tree */
	777	p = el;
	778	while(p) {
	779	np = p->parent;
	780	/* mem use */
	781	neg->use += sizeof(struct val_neg_data) + p->len;
	782	/* insert in tree */
	783	p->zone = zone;
	784	(void)rbtree_insert(&zone->tree, &p->node);
	785	/* last one needs proper parent pointer */
	786	if(np == NULL)
	787	p->parent = parent;
	788	p = np;
	789	}
	790	}
	791
	792	if(!el->in_use) {
	793	struct val_neg_data* p;
	794
	795	el->in_use = 1;
	796	/* increase usage count of all parents */
	797	for(p=el; p; p = p->parent) {
	798	p->count++;
	799	}
	800
	801	neg_lru_front(neg, el);
	802	} else {
	803	/* in use, bring to front, lru */
	804	neg_lru_touch(neg, el);
	805	}
	806
	807	/* if nsec3 store last used parameters */
	808	if(ntohs(nsec->rk.type) == LDNS_RR_TYPE_NSEC3) {
	809	int h;
	810	uint8_t* s;
	811	size_t slen, it;
	812	if(nsec3_get_params(nsec, 0, &h, &it, &s, &slen) &&
	813	it <= neg->nsec3_max_iter &&
	814	(h != zone->nsec3_hash \|\| it != zone->nsec3_iter \|\|
	815	slen != zone->nsec3_saltlen \|\|
	816	memcmp(zone->nsec3_salt, s, slen) != 0)) {
	817	uint8_t* sa = memdup(s, slen);
	818	if(sa) {
	819	free(zone->nsec3_salt);
	820	zone->nsec3_salt = sa;
	821	zone->nsec3_saltlen = slen;
	822	zone->nsec3_hash = h;
	823	zone->nsec3_iter = it;
	824	}
	825	}
	826	}
	827
	828	/* wipe out the cache items between NSEC start and end */
	829	wipeout(neg, zone, el, nsec);
	830	}
	831
	832	void val_neg_addreply(struct val_neg_cache* neg, struct reply_info* rep)
	833	{
	834	size_t i, need;
	835	struct ub_packed_rrset_key* soa;
	836	struct val_neg_zone* zone;
	837	/* see if secure nsecs inside */
	838	if(!reply_has_nsec(rep))
	839	return;
	840	/* find the zone name in message */
	841	soa = reply_find_soa(rep);
	842	if(!soa)
	843	return;
	844
	845	log_nametypeclass(VERB_ALGO, "negcache insert for zone",
	846	soa->rk.dname, LDNS_RR_TYPE_SOA, ntohs(soa->rk.rrset_class));
	847
	848	/* ask for enough space to store all of it */
	849	need = calc_data_need(rep) +
	850	calc_zone_need(soa->rk.dname, soa->rk.dname_len);
	851	lock_basic_lock(&neg->lock);
	852	neg_make_space(neg, need);
	853
	854	/* find or create the zone entry */
	855	zone = neg_find_zone(neg, soa->rk.dname, soa->rk.dname_len,
	856	ntohs(soa->rk.rrset_class));
	857	if(!zone) {
	858	if(!(zone = neg_create_zone(neg, soa->rk.dname,
	859	soa->rk.dname_len, ntohs(soa->rk.rrset_class)))) {
	860	lock_basic_unlock(&neg->lock);
	861	log_err("out of memory adding negative zone");
	862	return;
	863	}
	864	}
	865	val_neg_zone_take_inuse(zone);
	866
	867	/* insert the NSECs */
	868	for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){
	869	if(ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC)
	870	continue;
	871	if(!dname_subdomain_c(rep->rrsets[i]->rk.dname,
	872	zone->name)) continue;
	873	/* insert NSEC into this zone's tree */
	874	neg_insert_data(neg, zone, rep->rrsets[i]);
	875	}
	876	if(zone->tree.count == 0) {
	877	/* remove empty zone if inserts failed */
	878	neg_delete_zone(neg, zone);
	879	}
	880	lock_basic_unlock(&neg->lock);
	881	}
	882
	883	/**
	884	* Lookup closest data record. For NSEC denial.
	885	* @param zone: zone to look in
	886	* @param qname: name to look for.
	887	* @param len: length of name
	888	* @param labs: labels in name
	889	* @param data: data element, exact or smaller or NULL
	890	* @return true if exact match.
	891	*/
	892	static int neg_closest_data(struct val_neg_zone* zone,
	893	uint8_t* qname, size_t len, int labs, struct val_neg_data** data)
	894	{
	895	struct val_neg_data key;
	896	rbnode_t* r;
	897	key.node.key = &key;
	898	key.name = qname;
	899	key.len = len;
	900	key.labs = labs;
	901	if(rbtree_find_less_equal(&zone->tree, &key, &r)) {
	902	/* exact match */
	903	data = (struct val_neg_data)r;
	904	return 1;
	905	} else {
	906	/* smaller match */
	907	data = (struct val_neg_data)r;
	908	return 0;
	909	}
	910	}
	911
	912	int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len,
	913	uint16_t qclass, struct rrset_cache* rrset_cache, uint32_t now)
	914	{
	915	/* lookup closest zone */
	916	struct val_neg_zone* zone;
	917	struct val_neg_data* data;
	918	int labs;
	919	struct ub_packed_rrset_key* nsec;
	920	struct packed_rrset_data* d;
	921	uint32_t flags;
	922	uint8_t* wc;
	923	struct query_info qinfo;
	924	if(!neg) return 0;
	925
	926	log_nametypeclass(VERB_ALGO, "negcache dlvlookup", qname,
	927	LDNS_RR_TYPE_DLV, qclass);
	928
	929	labs = dname_count_labels(qname);
	930	lock_basic_lock(&neg->lock);
	931	zone = neg_closest_zone_parent(neg, qname, len, labs, qclass);
	932	while(zone && !zone->in_use)
	933	zone = zone->parent;
	934	if(!zone) {
	935	lock_basic_unlock(&neg->lock);
	936	return 0;
	937	}
	938	log_nametypeclass(VERB_ALGO, "negcache zone", zone->name, 0,
	939	zone->dclass);
	940
	941	/* DLV is defined to use NSEC only */
	942	if(zone->nsec3_hash) {
	943	lock_basic_unlock(&neg->lock);
	944	return 0;
	945	}
	946
	947	/* lookup closest data record */
	948	(void)neg_closest_data(zone, qname, len, labs, &data);
	949	while(data && !data->in_use)
	950	data = data->parent;
	951	if(!data) {
	952	lock_basic_unlock(&neg->lock);
	953	return 0;
	954	}
	955	log_nametypeclass(VERB_ALGO, "negcache rr", data->name,
	956	LDNS_RR_TYPE_NSEC, zone->dclass);
	957
	958	/* lookup rrset in rrset cache */
	959	flags = 0;
	960	if(query_dname_compare(data->name, zone->name) == 0)
	961	flags = PACKED_RRSET_NSEC_AT_APEX;
	962	nsec = rrset_cache_lookup(rrset_cache, data->name, data->len,
	963	LDNS_RR_TYPE_NSEC, zone->dclass, flags, now, 0);
	964
	965	/* check if secure and TTL ok */
	966	if(!nsec) {
	967	lock_basic_unlock(&neg->lock);
	968	return 0;
	969	}
	970	d = (struct packed_rrset_data*)nsec->entry.data;
	971	if(!d \|\| now > d->ttl) {
	972	lock_rw_unlock(&nsec->entry.lock);
	973	/* delete data record if expired */
	974	neg_delete_data(neg, data);
	975	lock_basic_unlock(&neg->lock);
	976	return 0;
	977	}
	978	if(d->security != sec_status_secure) {
	979	lock_rw_unlock(&nsec->entry.lock);
	980	neg_delete_data(neg, data);
	981	lock_basic_unlock(&neg->lock);
	982	return 0;
	983	}
	984	verbose(VERB_ALGO, "negcache got secure rrset");
	985
	986	/* check NSEC security */
	987	/* check if NSEC proves no DLV type exists */
	988	/* check if NSEC proves NXDOMAIN for qname */
	989	qinfo.qname = qname;
	990	qinfo.qtype = LDNS_RR_TYPE_DLV;
	991	qinfo.qclass = qclass;
	992	if(!nsec_proves_nodata(nsec, &qinfo, &wc) &&
	993	!val_nsec_proves_name_error(nsec, qname)) {
	994	/* the NSEC is not a denial for the DLV */
	995	lock_rw_unlock(&nsec->entry.lock);
	996	lock_basic_unlock(&neg->lock);
	997	verbose(VERB_ALGO, "negcache not proven");
	998	return 0;
	999	}
	1000	/* so the NSEC was a NODATA proof, or NXDOMAIN proof. */
	1001
	1002	/* no need to check for wildcard NSEC; no wildcards in DLV repos */
	1003	/* no need to lookup SOA record for client; no response message */
	1004
	1005	lock_rw_unlock(&nsec->entry.lock);
	1006	/* if OK touch the LRU for neg_data element */
	1007	neg_lru_touch(neg, data);
	1008	lock_basic_unlock(&neg->lock);
	1009	verbose(VERB_ALGO, "negcache DLV denial proven");
	1010	return 1;
	1011	}
	1012
	1013	/** see if the reply has signed NSEC records and return the signer */
	1014	static uint8_t* reply_nsec_signer(struct reply_info* rep, size_t* signer_len,
	1015	uint16_t* dclass)
	1016	{
	1017	size_t i;
	1018	struct packed_rrset_data* d;
	1019	uint8_t* s;
	1020	for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){
	1021	if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC \|\|
	1022	ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC3) {
	1023	d = (struct packed_rrset_data*)rep->rrsets[i]->
	1024	entry.data;
	1025	/* return first signer name of first NSEC */
	1026	if(d->rrsig_count != 0) {
	1027	val_find_rrset_signer(rep->rrsets[i],
	1028	&s, signer_len);
	1029	if(s && *signer_len) {
	1030	*dclass = ntohs(rep->rrsets[i]->
	1031	rk.rrset_class);
	1032	return s;
	1033	}
	1034	}
	1035	}
	1036	}
	1037	return 0;
	1038	}
	1039
	1040	void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep,
	1041	uint8_t* zone_name)
	1042	{
	1043	size_t i, need;
	1044	uint8_t* signer;
	1045	size_t signer_len;
	1046	uint16_t dclass;
	1047	struct val_neg_zone* zone;
	1048	/* no SOA in this message, find RRSIG over NSEC's signer name.
	1049	* note the NSEC records are maybe not validated yet */
	1050	signer = reply_nsec_signer(rep, &signer_len, &dclass);
	1051	if(!signer)
	1052	return;
	1053	if(!dname_subdomain_c(signer, zone_name)) {
	1054	/* the signer is not in the bailiwick, throw it out */
	1055	return;
	1056	}
	1057
	1058	log_nametypeclass(VERB_ALGO, "negcache insert referral ",
	1059	signer, LDNS_RR_TYPE_NS, dclass);
	1060
	1061	/* ask for enough space to store all of it */
	1062	need = calc_data_need(rep) + calc_zone_need(signer, signer_len);
	1063	lock_basic_lock(&neg->lock);
	1064	neg_make_space(neg, need);
	1065
	1066	/* find or create the zone entry */
	1067	zone = neg_find_zone(neg, signer, signer_len, dclass);
	1068	if(!zone) {
	1069	if(!(zone = neg_create_zone(neg, signer, signer_len,
	1070	dclass))) {
	1071	lock_basic_unlock(&neg->lock);
	1072	log_err("out of memory adding negative zone");
	1073	return;
	1074	}
	1075	}
	1076	val_neg_zone_take_inuse(zone);
	1077
	1078	/* insert the NSECs */
	1079	for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){
	1080	if(ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC &&
	1081	ntohs(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC3)
	1082	continue;
	1083	if(!dname_subdomain_c(rep->rrsets[i]->rk.dname,
	1084	zone->name)) continue;
	1085	/* insert NSEC into this zone's tree */
	1086	neg_insert_data(neg, zone, rep->rrsets[i]);
	1087	}
	1088	if(zone->tree.count == 0) {
	1089	/* remove empty zone if inserts failed */
	1090	neg_delete_zone(neg, zone);
	1091	}
	1092	lock_basic_unlock(&neg->lock);
	1093	}
	1094
	1095	/**
	1096	* See if rrset exists in rrset cache.
	1097	* If it does, the bit is checked, and if not expired, it is returned
	1098	* allocated in region.
	1099	* @param rrset_cache: rrset cache
	1100	* @param qname: to lookup rrset name
	1101	* @param qname_len: length of qname.
	1102	* @param qtype: type of rrset to lookup, host order
	1103	* @param qclass: class of rrset to lookup, host order
	1104	* @param flags: flags for rrset to lookup
	1105	* @param region: where to alloc result
	1106	* @param checkbit: if true, a bit in the nsec typemap is checked for absence.
	1107	* @param checktype: which bit to check
	1108	* @param now: to check ttl against
	1109	* @return rrset or NULL
	1110	*/
	1111	static struct ub_packed_rrset_key*
	1112	grab_nsec(struct rrset_cache* rrset_cache, uint8_t* qname, size_t qname_len,
	1113	uint16_t qtype, uint16_t qclass, uint32_t flags,
	1114	struct regional* region, int checkbit, uint16_t checktype,
	1115	uint32_t now)
	1116	{
	1117	struct ub_packed_rrset_key* r, *k = rrset_cache_lookup(rrset_cache,
	1118	qname, qname_len, qtype, qclass, flags, now, 0);
	1119	struct packed_rrset_data* d;
	1120	if(!k) return NULL;
	1121	d = (struct packed_rrset_data*)k->entry.data;
	1122	if(d->ttl < now) {
	1123	lock_rw_unlock(&k->entry.lock);
	1124	return NULL;
	1125	}
	1126	/* only secure or unchecked records that have signatures. */
	1127	if( ! ( d->security == sec_status_secure \|\|
	1128	(d->security == sec_status_unchecked &&
	1129	d->rrsig_count > 0) ) ) {
	1130	lock_rw_unlock(&k->entry.lock);
	1131	return NULL;
	1132	}
	1133	/* check if checktype is absent */
	1134	if(checkbit && qtype == LDNS_RR_TYPE_NSEC &&
	1135	nsec_has_type(k, checktype)) {
	1136	lock_rw_unlock(&k->entry.lock);
	1137	return NULL;
	1138	}
	1139	/* looks OK! copy to region and return it */
	1140	r = packed_rrset_copy_region(k, region, now);
	1141	/* if it failed, we return the NULL */
	1142	lock_rw_unlock(&k->entry.lock);
	1143	return r;
	1144	}
	1145
	1146	/** find nsec3 closest encloser in neg cache */
	1147	static struct val_neg_data*
	1148	neg_find_nsec3_ce(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
	1149	int qlabs, ldns_buffer* buf, uint8_t* hashnc, size_t* nclen)
	1150	{
	1151	struct val_neg_data* data;
	1152	uint8_t hashce[SHA_DIGEST_LENGTH];
	1153	uint8_t b32[257];
	1154	size_t celen, b32len;
	1155
	1156	*nclen = 0;
	1157	while(qlabs > 0) {
	1158	/* hash */
	1159	if(!(celen=nsec3_get_hashed(buf, qname, qname_len,
	1160	zone->nsec3_hash, zone->nsec3_iter, zone->nsec3_salt,
	1161	zone->nsec3_saltlen, hashce, sizeof(hashce))))
	1162	return NULL;
	1163	if(!(b32len=nsec3_hash_to_b32(hashce, celen, zone->name,
	1164	zone->len, b32, sizeof(b32))))
	1165	return NULL;
	1166
	1167	/* lookup (exact match only) */
	1168	data = neg_find_data(zone, b32, b32len, zone->labs+1);
	1169	if(data && data->in_use) {
	1170	/* found ce match! */
	1171	return data;
	1172	}
	1173
	1174	*nclen = celen;
	1175	memmove(hashnc, hashce, celen);
	1176	dname_remove_label(&qname, &qname_len);
	1177	qlabs --;
	1178	}
	1179	return NULL;
	1180	}
	1181
	1182	/** check nsec3 parameters on nsec3 rrset with current zone values */
	1183	static int
	1184	neg_params_ok(struct val_neg_zone* zone, struct ub_packed_rrset_key* rrset)
	1185	{
	1186	int h;
	1187	uint8_t* s;
	1188	size_t slen, it;
	1189	if(!nsec3_get_params(rrset, 0, &h, &it, &s, &slen))
	1190	return 0;
	1191	return (h == zone->nsec3_hash && it == zone->nsec3_iter &&
	1192	slen == zone->nsec3_saltlen &&
	1193	memcmp(zone->nsec3_salt, s, slen) == 0);
	1194	}
	1195
	1196	/** get next closer for nsec3 proof */
	1197	static struct ub_packed_rrset_key*
	1198	neg_nsec3_getnc(struct val_neg_zone* zone, uint8_t* hashnc, size_t nclen,
	1199	struct rrset_cache* rrset_cache, struct regional* region,
	1200	uint32_t now, uint8_t* b32, size_t maxb32)
	1201	{
	1202	struct ub_packed_rrset_key* nc_rrset;
	1203	struct val_neg_data* data;
	1204	size_t b32len;
	1205
	1206	if(!(b32len=nsec3_hash_to_b32(hashnc, nclen, zone->name,
	1207	zone->len, b32, maxb32)))
	1208	return NULL;
	1209	(void)neg_closest_data(zone, b32, b32len, zone->labs+1, &data);
	1210	if(!data && zone->tree.count != 0) {
	1211	/* could be before the first entry ; return the last
	1212	* entry (possibly the rollover nsec3 at end) */
	1213	data = (struct val_neg_data*)rbtree_last(&zone->tree);
	1214	}
	1215	while(data && !data->in_use)
	1216	data = data->parent;
	1217	if(!data)
	1218	return NULL;
	1219	/* got a data element in tree, grab it */
	1220	nc_rrset = grab_nsec(rrset_cache, data->name, data->len,
	1221	LDNS_RR_TYPE_NSEC3, zone->dclass, 0, region, 0, 0, now);
	1222	if(!nc_rrset)
	1223	return NULL;
	1224	if(!neg_params_ok(zone, nc_rrset))
	1225	return NULL;
	1226	return nc_rrset;
	1227	}
	1228
	1229	/** neg cache nsec3 proof procedure*/
	1230	static struct dns_msg*
	1231	neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
	1232	int qlabs, ldns_buffer* buf, struct rrset_cache* rrset_cache,
	1233	struct regional* region, uint32_t now)
	1234	{
	1235	struct dns_msg* msg;
	1236	struct val_neg_data* data;
	1237	uint8_t hashnc[SHA_DIGEST_LENGTH];
	1238	size_t nclen;
	1239	struct ub_packed_rrset_key* ce_rrset, *nc_rrset;
	1240	struct nsec3_cached_hash c;
	1241	uint8_t nc_b32[257];
	1242
	1243	/* for NSEC3 ; determine the closest encloser for which we
	1244	* can find an exact match. Remember the hashed lower name,
	1245	* since that is the one we need a closest match for.
	1246	* If we find a match straight away, then it becomes NODATA.
	1247	* Otherwise, NXDOMAIN or if OPTOUT, an insecure delegation.
	1248	* Also check that parameters are the same on closest encloser
	1249	* and on closest match.
	1250	*/
	1251	if(!zone->nsec3_hash)
	1252	return NULL; /* not nsec3 zone */
	1253
	1254	if(!(data=neg_find_nsec3_ce(zone, qname, qname_len, qlabs, buf,
	1255	hashnc, &nclen))) {
	1256	return NULL;
	1257	}
	1258
	1259	/* grab the ce rrset */
	1260	ce_rrset = grab_nsec(rrset_cache, data->name, data->len,
	1261	LDNS_RR_TYPE_NSEC3, zone->dclass, 0, region, 1,
	1262	LDNS_RR_TYPE_DS, now);
	1263	if(!ce_rrset)
	1264	return NULL;
	1265	if(!neg_params_ok(zone, ce_rrset))
	1266	return NULL;
	1267
	1268	if(nclen == 0) {
	1269	/* exact match, just check the type bits */
	1270	/* need: -SOA, -DS, +NS */
	1271	if(nsec3_has_type(ce_rrset, 0, LDNS_RR_TYPE_SOA) \|\|
	1272	nsec3_has_type(ce_rrset, 0, LDNS_RR_TYPE_DS) \|\|
	1273	!nsec3_has_type(ce_rrset, 0, LDNS_RR_TYPE_NS))
	1274	return NULL;
	1275	if(!(msg = dns_msg_create(qname, qname_len,
	1276	LDNS_RR_TYPE_DS, zone->dclass, region, 1)))
	1277	return NULL;
	1278	if(!dns_msg_authadd(msg, region, ce_rrset, now))
	1279	return NULL;
	1280	return msg;
	1281	}
	1282	/* if there is no exact match, it must be in an optout span
	1283	* (an existing DS implies an NSEC3 must exist) */
	1284	nc_rrset = neg_nsec3_getnc(zone, hashnc, nclen, rrset_cache,
	1285	region, now, nc_b32, sizeof(nc_b32));
	1286	if(!nc_rrset)
	1287	return NULL;
	1288	if(!neg_params_ok(zone, nc_rrset))
	1289	return NULL;
	1290	if(!nsec3_has_optout(nc_rrset, 0))
	1291	return NULL;
	1292	c.hash = hashnc;
	1293	c.hash_len = nclen;
	1294	c.b32 = nc_b32+1;
	1295	c.b32_len = (size_t)nc_b32[0];
	1296	if(nsec3_covers(zone->name, &c, nc_rrset, 0, buf)) {
	1297	/* nc_rrset covers the next closer name.
	1298	* ce_rrset equals a closer encloser.
	1299	* nc_rrset is optout.
	1300	* No need to check wildcard for type DS */
	1301	if(!(msg = dns_msg_create(qname, qname_len,
	1302	LDNS_RR_TYPE_DS, zone->dclass, region, 2)))
	1303	return NULL;
	1304	if(!dns_msg_authadd(msg, region, ce_rrset, now))
	1305	return NULL;
	1306	if(!dns_msg_authadd(msg, region, nc_rrset, now))
	1307	return NULL;
	1308	return msg;
	1309	}
	1310	return NULL;
	1311	}
	1312
	1313	struct dns_msg*
	1314	val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
	1315	struct regional* region, struct rrset_cache* rrset_cache,
	1316	ldns_buffer* buf, uint32_t now)
	1317	{
	1318	struct dns_msg* msg;
	1319	struct ub_packed_rrset_key* rrset;
	1320	uint8_t* zname;
	1321	size_t zname_len;
	1322	int zname_labs;
	1323	struct val_neg_zone* zone;
	1324
	1325	/* only for DS queries */
	1326	if(qinfo->qtype != LDNS_RR_TYPE_DS)
	1327	return NULL;
	1328
	1329	/* see if info from neg cache is available
	1330	* For NSECs, because there is no optout; a DS next to a delegation
	1331	* always has exactly an NSEC for it itself; check its DS bit.
	1332	* flags=0 (not the zone apex).
	1333	*/
	1334	rrset = grab_nsec(rrset_cache, qinfo->qname, qinfo->qname_len,
	1335	LDNS_RR_TYPE_NSEC, qinfo->qclass, 0, region, 1,
	1336	qinfo->qtype, now);
	1337	if(rrset) {
	1338	/* return msg with that rrset */
	1339	if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len,
	1340	qinfo->qtype, qinfo->qclass, region, 1)))
	1341	return NULL;
	1342	if(!dns_msg_authadd(msg, region, rrset, now))
	1343	return NULL;
	1344	return msg;
	1345	}
	1346
	1347	/* check NSEC3 neg cache for type DS */
	1348	/* need to look one zone higher for DS type */
	1349	zname = qinfo->qname;
	1350	zname_len = qinfo->qname_len;
	1351	dname_remove_label(&zname, &zname_len);
	1352	zname_labs = dname_count_labels(zname);
	1353
	1354	/* lookup closest zone */
	1355	lock_basic_lock(&neg->lock);
	1356	zone = neg_closest_zone_parent(neg, zname, zname_len, zname_labs,
	1357	qinfo->qclass);
	1358	while(zone && !zone->in_use)
	1359	zone = zone->parent;
	1360	if(!zone) {
	1361	lock_basic_unlock(&neg->lock);
	1362	return NULL;
	1363	}
	1364
	1365	msg = neg_nsec3_proof_ds(zone, qinfo->qname, qinfo->qname_len,
	1366	zname_labs+1, buf, rrset_cache, region, now);
	1367	lock_basic_unlock(&neg->lock);
	1368	return msg;
	1369	}

+304

-0

validator/val_neg.h less more

	0	/*
	1	* validator/val_neg.h - validator aggressive negative caching functions.
	2	*
	3	* Copyright (c) 2008, NLnet Labs. All rights reserved.
	4	*
	5	* This software is open source.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* Redistributions of source code must retain the above copyright notice,
	12	* this list of conditions and the following disclaimer.
	13	*
	14	* Redistributions in binary form must reproduce the above copyright notice,
	15	* this list of conditions and the following disclaimer in the documentation
	16	* and/or other materials provided with the distribution.
	17	*
	18	* Neither the name of the NLNET LABS nor the names of its contributors may
	19	* be used to endorse or promote products derived from this software without
	20	* specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	23	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
	26	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	* POSSIBILITY OF SUCH DAMAGE.
	33	*/
	34
	35	/**
	36	* \file
	37	*
	38	* This file contains helper functions for the validator module.
	39	* The functions help with aggressive negative caching.
	40	* This creates new denials of existance, and proofs for absence of types
	41	* from cached NSEC records.
	42	*/
	43
	44	#ifndef VALIDATOR_VAL_NEG_H
	45	#define VALIDATOR_VAL_NEG_H
	46	#include "util/locks.h"
	47	#include "util/rbtree.h"
	48	struct val_neg_data;
	49	struct config_file;
	50	struct reply_info;
	51	struct rrset_cache;
	52	struct regional;
	53	struct query_info;
	54	struct dns_msg;
	55	struct ub_packed_rrset_key;
	56
	57	/**
	58	* The negative cache. It is shared between the threads, so locked.
	59	* Kept as validator-environ-state. It refers back to the rrset cache for
	60	* data elements. It can be out of date and contain conflicting data
	61	* from zone content changes.
	62	* It contains a tree of zones, every zone has a tree of data elements.
	63	* The data elements are part of one big LRU list, with one memory counter.
	64	*/
	65	struct val_neg_cache {
	66	/** the big lock on the negative cache. Because we use a rbtree
	67	* for the data (quick lookup), we need a big lock */
	68	lock_basic_t lock;
	69	/** The zone rbtree. contents sorted canonical, type val_neg_zone */
	70	rbtree_t tree;
	71	/** the first in linked list of LRU of val_neg_data */
	72	struct val_neg_data* first;
	73	/** last in lru (least recently used element) */
	74	struct val_neg_data* last;
	75	/** current memory in use (bytes) */
	76	size_t use;
	77	/** max memory to use (bytes) */
	78	size_t max;
	79	/** max nsec3 iterations allowed */
	80	size_t nsec3_max_iter;
	81	};
	82
	83	/**
	84	* Per Zone aggressive negative caching data.
	85	*/
	86	struct val_neg_zone {
	87	/** rbtree node element, key is this struct: the name, class */
	88	rbnode_t node;
	89	/** name; the key */
	90	uint8_t* name;
	91	/** length of name */
	92	size_t len;
	93	/** labels in name */
	94	int labs;
	95
	96	/** pointer to parent zone in the negative cache */
	97	struct val_neg_zone* parent;
	98
	99	/** the number of elements, including this one and the ones whose
	100	* parents (-parents) include this one, that are in_use
	101	* No elements have a count of zero, those are removed. */
	102	int count;
	103
	104	/** if 0: NSEC zone, else NSEC3 hash algorithm in use */
	105	int nsec3_hash;
	106	/** nsec3 iteration count in use */
	107	size_t nsec3_iter;
	108	/** nsec3 salt in use */
	109	uint8_t* nsec3_salt;
	110	/** length of salt in bytes */
	111	size_t nsec3_saltlen;
	112
	113	/** tree of NSEC data for this zone, sorted canonical
	114	* by NSEC owner name */
	115	rbtree_t tree;
	116
	117	/** class of node; host order */
	118	uint16_t dclass;
	119	/** if this element is in use, boolean */
	120	uint8_t in_use;
	121	};
	122
	123	/**
	124	* Data element for aggressive negative caching.
	125	* The tree of these elements acts as an index onto the rrset cache.
	126	* It shows the NSEC records that (may) exist and are (possibly) secure.
	127	* The rbtree allows for logN search for a covering NSEC record.
	128	* To make tree insertion and deletion logN too, all the parent (one label
	129	* less than the name) data elements are also in the rbtree, with a usage
	130	* count for every data element.
	131	* There is no actual data stored in this data element, if it is in_use,
	132	* then the data can (possibly) be found in the rrset cache.
	133	*/
	134	struct val_neg_data {
	135	/** rbtree node element, key is this struct: the name */
	136	rbnode_t node;
	137	/** name; the key */
	138	uint8_t* name;
	139	/** length of name */
	140	size_t len;
	141	/** labels in name */
	142	int labs;
	143
	144	/** pointer to parent node in the negative cache */
	145	struct val_neg_data* parent;
	146
	147	/** the number of elements, including this one and the ones whose
	148	* parents (-parents) include this one, that are in use
	149	* No elements have a count of zero, those are removed. */
	150	int count;
	151
	152	/** the zone that this denial is part of */
	153	struct val_neg_zone* zone;
	154
	155	/** previous in LRU */
	156	struct val_neg_data* prev;
	157	/** next in LRU (next element was less recently used) */
	158	struct val_neg_data* next;
	159
	160	/** if this element is in use, boolean */
	161	uint8_t in_use;
	162	};
	163
	164	/**
	165	* Create negative cache
	166	* @param cfg: config options.
	167	* @param maxiter: max nsec3 iterations allowed.
	168	* @return neg cache, empty or NULL on failure.
	169	*/
	170	struct val_neg_cache* val_neg_create(struct config_file* cfg, size_t maxiter);
	171
	172	/**
	173	* see how much memory is in use by the negative cache.
	174	* @param neg: negative cache
	175	* @return number of bytes in use.
	176	*/
	177	size_t val_neg_get_mem(struct val_neg_cache* neg);
	178
	179	/**
	180	* Destroy negative cache. There must no longer be any other threads.
	181	* @param neg: negative cache.
	182	*/
	183	void neg_cache_delete(struct val_neg_cache* neg);
	184
	185	/**
	186	* Comparison function for rbtree val neg data elements
	187	*/
	188	int val_neg_data_compare(const void* a, const void* b);
	189
	190	/**
	191	* Comparison function for rbtree val neg zone elements
	192	*/
	193	int val_neg_zone_compare(const void* a, const void* b);
	194
	195	/**
	196	* Insert NSECs from this message into the negative cache for reference.
	197	* @param neg: negative cache
	198	* @param rep: reply with NSECs.
	199	* Errors are ignored, means that storage is omitted.
	200	*/
	201	void val_neg_addreply(struct val_neg_cache* neg, struct reply_info* rep);
	202
	203	/**
	204	* Insert NSECs from this referral into the negative cache for reference.
	205	* @param neg: negative cache
	206	* @param rep: referral reply with NS, NSECs.
	207	* @param zone: bailiwick for the referral.
	208	* Errors are ignored, means that storage is omitted.
	209	*/
	210	void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep,
	211	uint8_t* zone);
	212
	213	/**
	214	* Perform a DLV style lookup
	215	* During the lookup, we could find out that data has expired. In that
	216	* case the neg_cache entries are removed, and lookup fails.
	217	*
	218	* @param neg: negative cache.
	219	* @param qname: name to look for
	220	* @param len: length of qname.
	221	* @param qclass: class to look in.
	222	* @param rrset_cache: the rrset cache, for NSEC lookups.
	223	* @param now: current time for ttl checks.
	224	* @return
	225	* 0 on error
	226	* 0 if no proof of negative
	227	* 1 if indeed negative was proven
	228	* thus, qname DLV qclass does not exist.
	229	*/
	230	int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len,
	231	uint16_t qclass, struct rrset_cache* rrset_cache, uint32_t now);
	232
	233	/**
	234	* For the given query, try to get a reply out of the negative cache.
	235	* The reply still needs to be validated.
	236	* @param neg: negative cache.
	237	* @param qinfo: query
	238	* @param region: where to allocate reply.
	239	* @param rrset_cache: rrset cache.
	240	* @param buf: temporary buffer.
	241	* @param now: to check TTLs against.
	242	* @return a reply message if something was found.
	243	* This reply may still need validation.
	244	* NULL if nothing found (or out of memory).
	245	*/
	246	struct dns_msg* val_neg_getmsg(struct val_neg_cache* neg,
	247	struct query_info* qinfo, struct regional* region,
	248	struct rrset_cache* rrset_cache, ldns_buffer* buf, uint32_t now);
	249
	250
	251	/** functions exposed for unit test **/
	252	/**
	253	* Insert data into the data tree of a zone
	254	* Does not do locking.
	255	* @param neg: negative cache
	256	* @param zone: zone to insert into
	257	* @param nsec: record to insert.
	258	*/
	259	void neg_insert_data(struct val_neg_cache* neg,
	260	struct val_neg_zone* zone, struct ub_packed_rrset_key* nsec);
	261
	262	/**
	263	* Delete a data element from the negative cache.
	264	* May delete other data elements to keep tree coherent, or
	265	* only mark the element as 'not in use'.
	266	* Does not do locking.
	267	* @param neg: negative cache.
	268	* @param el: data element to delete.
	269	*/
	270	void neg_delete_data(struct val_neg_cache* neg, struct val_neg_data* el);
	271
	272	/**
	273	* Find the given zone, from the SOA owner name and class
	274	* Does not do locking.
	275	* @param neg: negative cache
	276	* @param nm: what to look for.
	277	* @param len: length of nm
	278	* @param dclass: class to look for.
	279	* @return zone or NULL if not found.
	280	*/
	281	struct val_neg_zone* neg_find_zone(struct val_neg_cache* neg,
	282	uint8_t* nm, size_t len, uint16_t dclass);
	283
	284	/**
	285	* Create a new zone.
	286	* Does not do locking.
	287	* @param neg: negative cache
	288	* @param nm: what to look for.
	289	* @param nm_len: length of name.
	290	* @param dclass: class of zone, host order.
	291	* @return zone or NULL if out of memory.
	292	*/
	293	struct val_neg_zone* neg_create_zone(struct val_neg_cache* neg,
	294	uint8_t* nm, size_t nm_len, uint16_t dclass);
	295
	296	/**
	297	* take a zone into use. increases counts of parents.
	298	* Does not do locking.
	299	* @param zone: zone to take into use.
	300	*/
	301	void val_neg_zone_take_inuse(struct val_neg_zone* zone);
	302
	303	#endif /* VALIDATOR_VAL_NEG_H */

+87

-11

validator/val_nsec.c less more

44	44	#include "validator/val_utils.h"
45	45	#include "util/data/msgreply.h"
46	46	#include "util/data/dname.h"
	47	#include "util/net_help.h"
47	48
48	49	/** get ttl of rrset */
49	50	static uint32_t

89	90	return 0;
90	91	}
91	92
92		/**
93		* Check if type is present in the NSEC typemap
94		* @param nsec: the nsec RRset.
95		* If there are multiple RRs, then each must have the same typemap,
96		* since the typemap represents the types at this domain node.
97		* @param type: type to check for, host order.
98		* @return true if present
99		*/
100		static int
	93	int
101	94	nsec_has_type(struct ub_packed_rrset_key* nsec, uint16_t type)
102	95	{
103	96	struct packed_rrset_data* d = (struct packed_rrset_data*)nsec->

342	335
343	336	/* If an NS set exists at this name, and NOT a SOA (so this is a
344	337	* zone cut, not a zone apex), then we should have gotten a
345		* referral (or we just got the wrong NSEC).
	338	* referral (or we just got the wrong NSEC).
346	339	* The reverse of this check is used when qtype is DS, since that
347	340	* must use the NSEC from above the zone cut. */
348	341	if(qinfo->qtype != LDNS_RR_TYPE_DS &&
349		nsec_has_type(nsec, LDNS_RR_TYPE_NS) &&
	342	nsec_has_type(nsec, LDNS_RR_TYPE_NS) &&
350	343	!nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) {
351	344	return 0;
352	345	} else if(qinfo->qtype == LDNS_RR_TYPE_DS &&

478	471	}
479	472	return 0;
480	473	}
	474
	475	/**
	476	* Find shared topdomain that exists
	477	*/
	478	static void
	479	dlv_topdomain(struct ub_packed_rrset_key* nsec, uint8_t* qname,
	480	uint8_t** nm, size_t* nm_len)
	481	{
	482	/* make sure reply is part of nm */
	483	/* take shared topdomain with left of NSEC. */
	484
	485	/* because, if empty nonterminal, then right is subdomain of qname.
	486	* and any shared topdomain would be empty nonterminals.
	487	*
	488	* If nxdomain, then the right is bigger, and could have an
	489	* interesting shared topdomain, but if it does have one, it is
	490	* an empty nonterminal. An empty nonterminal shared with the left
	491	* one. */
	492	int n;
	493	uint8_t* common = dname_get_shared_topdomain(qname, nsec->rk.dname);
	494	n = dname_count_labels(*nm) - dname_count_labels(common);
	495	dname_remove_labels(nm, nm_len, n);
	496	}
	497
	498	int val_nsec_check_dlv(struct query_info* qinfo,
	499	struct reply_info* rep, uint8_t** nm, size_t* nm_len)
	500	{
	501	uint8_t* next;
	502	size_t i, nlen;
	503	int c;
	504	/* we should now have a NOERROR/NODATA or NXDOMAIN message */
	505	if(rep->an_numrrsets != 0) {
	506	return 0;
	507	}
	508	/* is this NOERROR ? */
	509	if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
	510	/* it can be a plain NSEC match - go up one more level. */
	511	/* or its an empty nonterminal - go up to nonempty level */
	512	for(i=0; i<rep->ns_numrrsets; i++) {
	513	if(htons(rep->rrsets[i]->rk.type)!=LDNS_RR_TYPE_NSEC \|\|
	514	!nsec_get_next(rep->rrsets[i], &next, &nlen))
	515	continue;
	516	c = dname_canonical_compare(
	517	rep->rrsets[i]->rk.dname, qinfo->qname);
	518	if(c == 0) {
	519	/* plain match */
	520	if(nsec_has_type(rep->rrsets[i],
	521	LDNS_RR_TYPE_DLV))
	522	return 0;
	523	dname_remove_label(nm, nm_len);
	524	return 1;
	525	} else if(c < 0 &&
	526	dname_strict_subdomain_c(next, qinfo->qname)) {
	527	/* ENT */
	528	dlv_topdomain(rep->rrsets[i], qinfo->qname,
	529	nm, nm_len);
	530	return 1;
	531	}
	532	}
	533	return 0;
	534	}
	535
	536	/* is this NXDOMAIN ? */
	537	if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN) {
	538	/* find the qname denial NSEC record. It can tell us
	539	* a closest encloser name; or that we not need bother */
	540	for(i=0; i<rep->ns_numrrsets; i++) {
	541	if(htons(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC)
	542	continue;
	543	if(val_nsec_proves_name_error(rep->rrsets[i],
	544	qinfo->qname)) {
	545	log_nametypeclass(VERB_ALGO, "topdomain on",
	546	rep->rrsets[i]->rk.dname,
	547	ntohs(rep->rrsets[i]->rk.type), 0);
	548	dlv_topdomain(rep->rrsets[i], qinfo->qname,
	549	nm, nm_len);
	550	return 1;
	551	}
	552	}
	553	return 0;
	554	}
	555	return 0;
	556	}

+23

-0

validator/val_nsec.h less more

84	84	int nsecbitmap_has_type_rdata(uint8_t* bitmap, size_t len, uint16_t type);
85	85
86	86	/**
	87	* Check if type is present in the NSEC typemap
	88	* @param nsec: the nsec RRset.
	89	* If there are multiple RRs, then each must have the same typemap,
	90	* since the typemap represents the types at this domain node.
	91	* @param type: type to check for, host order.
	92	* @return true if present
	93	*/
	94	int nsec_has_type(struct ub_packed_rrset_key* nsec, uint16_t type);
	95
	96	/**
87	97	* Determine if a NSEC proves the NOERROR/NODATA conditions. This will also
88	98	* handle the empty non-terminal (ENT) case and partially handle the
89	99	* wildcard case. If the ownername of 'nsec' is a wildcard, the validator

144	154	int val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname,
145	155	size_t qnamelen);
146	156
	157	/**
	158	* Determine the DLV result, what to do with NSEC DLV reply.
	159	* @param qinfo: what was queried for.
	160	* @param rep: the nonpositive reply.
	161	* @param nm: dlv lookup name, to adjust for new lookup name (if needed).
	162	* @param nm_len: length of lookup name.
	163	* @return 0 on error, 1 if a higher point is found.
	164	* If the higher point is above the dlv repo anchor, the qname does
	165	* not exist.
	166	*/
	167	int val_nsec_check_dlv(struct query_info* qinfo,
	168	struct reply_info* rep, uint8_t** nm, size_t* nm_len);
	169
147	170	#endif /* VALIDATOR_VAL_NSEC_H */

+97

-30

validator/val_nsec3.c less more

57	57	* This function we get from ldns-compat or from base system
58	58	* it returns the number of data bytes stored at the target, or <0 on error.
59	59	*/
60		int b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
	60	int ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
61	61	char *target, size_t targsize);
62	62	/**
63	63	* This function we get from ldns-compat or from base system
64	64	* it returns the number of data bytes stored at the target, or <0 on error.
65	65	*/
66		int b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len,
	66	int ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len,
67	67	uint8_t *target, size_t targsize);
68	68
69	69	/**

124	124	return (int)(d->rr_data[r][2+1] & NSEC3_UNKNOWN_FLAGS);
125	125	}
126	126
127		/** return if nsec3 RR has the optout flag */
128		static int
	127	int
129	128	nsec3_has_optout(struct ub_packed_rrset_key* rrset, int r)
130	129	{
131	130	struct packed_rrset_data* d = (struct packed_rrset_data*)

202	201	return 1;
203	202	}
204	203
205		/** return nsec3 RR next hashed owner name */
206		static int
	204	int nsec3_get_params(struct ub_packed_rrset_key* rrset, int r,
	205	int* algo, size_t* iter, uint8_t** salt, size_t* saltlen)
	206	{
	207	if(!nsec3_known_algo(rrset, r) \|\| nsec3_unknown_flags(rrset, r))
	208	return 0;
	209	if(!nsec3_get_salt(rrset, r, salt, saltlen))
	210	return 0;
	211	*algo = nsec3_get_algo(rrset, r);
	212	*iter = nsec3_get_iter(rrset, r);
	213	return 1;
	214	}
	215
	216	int
207	217	nsec3_get_nextowner(struct ub_packed_rrset_key* rrset, int r,
208	218	uint8_t** next, size_t* nextlen)
209	219	{

232	242	return 1;
233	243	}
234	244
235		/** see if NSEC3 RR contains given type */
236		static int
	245	size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone,
	246	size_t zonelen, uint8_t* buf, size_t max)
	247	{
	248	/* write b32 of name, leave one for length */
	249	int ret;
	250	if(max < hashlen2+1) / quick approx of b32, as if hexb16 */
	251	return 0;
	252	ret = ldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1);
	253	if(ret < 1)
	254	return 0;
	255	buf[0] = (uint8_t)ret; /* length of b32 label */
	256	ret++;
	257	if(max - ret < zonelen)
	258	return 0;
	259	memmove(buf+ret, zone, zonelen);
	260	return zonelen+(size_t)ret;
	261	}
	262
	263	size_t nsec3_get_nextowner_b32(struct ub_packed_rrset_key* rrset, int r,
	264	uint8_t* buf, size_t max)
	265	{
	266	uint8_t* nm, *zone;
	267	size_t nmlen, zonelen;
	268	if(!nsec3_get_nextowner(rrset, r, &nm, &nmlen))
	269	return 0;
	270	/* append zone name; the owner name must be <b32>.zone */
	271	zone = rrset->rk.dname;
	272	zonelen = rrset->rk.dname_len;
	273	dname_remove_label(&zone, &zonelen);
	274	return nsec3_hash_to_b32(nm, nmlen, zone, zonelen, buf, max);
	275	}
	276
	277	int
237	278	nsec3_has_type(struct ub_packed_rrset_key* rrset, int r, uint16_t type)
238	279	{
239	280	uint8_t* bitmap;

481	522	return memcmp(s1, s2, s1len);
482	523	}
483	524
	525	size_t
	526	nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
	527	size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max)
	528	{
	529	size_t i, hash_len;
	530	/* prepare buffer for first iteration */
	531	ldns_buffer_clear(buf);
	532	ldns_buffer_write(buf, nm, nmlen);
	533	query_dname_tolower(ldns_buffer_begin(buf));
	534	ldns_buffer_write(buf, salt, saltlen);
	535	ldns_buffer_flip(buf);
	536	switch(algo) {
	537	#ifdef HAVE_EVP_SHA1
	538	case NSEC3_HASH_SHA1:
	539	hash_len = SHA_DIGEST_LENGTH;
	540	if(hash_len > max)
	541	return 0;
	542	(void)SHA1((unsigned char*)ldns_buffer_begin(buf),
	543	(unsigned long)ldns_buffer_limit(buf),
	544	(unsigned char*)res);
	545	for(i=0; i<iter; i++) {
	546	ldns_buffer_clear(buf);
	547	ldns_buffer_write(buf, res, hash_len);
	548	ldns_buffer_write(buf, salt, saltlen);
	549	ldns_buffer_flip(buf);
	550	(void)SHA1(
	551	(unsigned char*)ldns_buffer_begin(buf),
	552	(unsigned long)ldns_buffer_limit(buf),
	553	(unsigned char*)res);
	554	}
	555	break;
	556	#endif /* HAVE_EVP_SHA1 */
	557	default:
	558	log_err("nsec3 hash of unknown algo %d", algo);
	559	return 0;
	560	}
	561	return hash_len;
	562	}
	563
484	564	/** perform hash of name */
485	565	static int
486	566	nsec3_calc_hash(struct regional* region, ldns_buffer* buf,

499	579	ldns_buffer_write(buf, salt, saltlen);
500	580	ldns_buffer_flip(buf);
501	581	switch(algo) {
502		#ifdef SHA_DIGEST_LENGTH
	582	#ifdef HAVE_EVP_SHA1
503	583	case NSEC3_HASH_SHA1:
504	584	c->hash_len = SHA_DIGEST_LENGTH;
505	585	c->hash = (uint8_t*)regional_alloc(region,

520	600	(unsigned char*)c->hash);
521	601	}
522	602	break;
523		#endif /* SHA_DIGEST_LENGTH */
	603	#endif /* HAVE_EVP_SHA1 */
524	604	default:
525	605	log_err("nsec3 hash of unknown algo %d", algo);
526	606	return -1;

535	615	{
536	616	int r;
537	617	ldns_buffer_clear(buf);
538		r = b32_ntop_extended_hex(c->hash, c->hash_len,
	618	r = ldns_b32_ntop_extended_hex(c->hash, c->hash_len,
539	619	(char*)ldns_buffer_begin(buf), ldns_buffer_limit(buf));
540	620	if(r < 1) {
541	621	log_err("b32_ntop_extended_hex: error in encoding: %d", r);

681	761	return 0;
682	762	}
683	763
684		/**
685		* nsec3Covers
686		* Given a hash and a candidate NSEC3Record, determine if that NSEC3Record
687		* covers the hash. Covers specifically means that the hash is in between
688		* the owner and next hashes and does not equal either.
689		*
690		* @param flt: the NSEC3 RR filter, contains zone name.
691		* @param hash: the hash of the name
692		* @param rrset: the rrset of the NSEC3.
693		* @param rr: which rr in the rrset.
694		* @param buf: temporary buffer.
695		* @return true if covers, false if not.
696		*/
697		static int
698		nsec3_covers(struct nsec3_filter* flt, struct nsec3_cached_hash* hash,
	764	int
	765	nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
699	766	struct ub_packed_rrset_key* rrset, int rr, ldns_buffer* buf)
700	767	{
701	768	uint8_t* next, *owner;

710	777	if(nextlen != hash->hash_len \|\| hash->hash_len==0\|\|hash->b32_len==0\|\|
711	778	(size_t)*rrset->rk.dname != hash->b32_len \|\|
712	779	query_dname_compare(rrset->rk.dname+1+
713		(size_t)*rrset->rk.dname, flt->zone) != 0)
	780	(size_t)*rrset->rk.dname, zone) != 0)
714	781	return 0; /* bad lengths or owner name */
715	782
716	783	/* This is the "normal case: owner < next and owner < hash < next */

722	789	/* convert owner name from text to binary */
723	790	ldns_buffer_clear(buf);
724	791	owner = ldns_buffer_begin(buf);
725		len = b32_pton_extended_hex((char*)rrset->rk.dname+1, hash->b32_len,
726		owner, ldns_buffer_limit(buf));
	792	len = ldns_b32_pton_extended_hex((char*)rrset->rk.dname+1,
	793	hash->b32_len, owner, ldns_buffer_limit(buf));
727	794	if(len<1)
728	795	return 0; /* bad owner name in some way */
729	796	if((size_t)len != hash->hash_len \|\| (size_t)len != nextlen)

776	843	break; /* alloc failure */
777	844	} else if(r < 0)
778	845	continue; /* malformed NSEC3 */
779		else if(nsec3_covers(flt, hash, s, i_rr,
	846	else if(nsec3_covers(flt->zone, hash, s, i_rr,
780	847	env->scratch_buffer)) {
781	848	rrset = s; / rrset with this name */
782	849	rr = i_rr; / covers hash with these parameters */

+101

-0

validator/val_nsec3.h less more

272	272	struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname,
273	273	size_t dname_len, struct nsec3_cached_hash** hash);
274	274
	275	/**
	276	* Get next owner name, converted to base32 encoding and with the
	277	* zone name (taken from the nsec3 owner name) appended.
	278	* @param rrset: the NSEC3 rrset.
	279	* @param r: the rr num of the nsec3 in the rrset.
	280	* @param buf: buffer to store name in
	281	* @param max: size of buffer.
	282	* @return length of name on success. 0 on failure (buffer too short or
	283	* bad format nsec3 record).
	284	*/
	285	size_t nsec3_get_nextowner_b32(struct ub_packed_rrset_key* rrset, int r,
	286	uint8_t* buf, size_t max);
	287
	288	/**
	289	* Convert hash into base32 encoding and with the
	290	* zone name appended.
	291	* @param hash: hashed buffer
	292	* @param hashlen: length of hash
	293	* @param zone: name of zone
	294	* @param zonelen: length of zonename.
	295	* @param buf: buffer to store name in
	296	* @param max: size of buffer.
	297	* @return length of name on success. 0 on failure (buffer too short or
	298	* bad format nsec3 record).
	299	*/
	300	size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone,
	301	size_t zonelen, uint8_t* buf, size_t max);
	302
	303	/**
	304	* Get NSEC3 parameters out of rr.
	305	* @param rrset: the NSEC3 rrset.
	306	* @param r: the rr num of the nsec3 in the rrset.
	307	* @param algo: nsec3 hash algo.
	308	* @param iter: iteration count.
	309	* @param salt: ptr to salt inside rdata.
	310	* @param saltlen: length of salt.
	311	* @return 0 if bad formatted, unknown nsec3 hash algo, or unknown flags set.
	312	*/
	313	int nsec3_get_params(struct ub_packed_rrset_key* rrset, int r,
	314	int* algo, size_t* iter, uint8_t** salt, size_t* saltlen);
	315
	316	/**
	317	* Get NSEC3 hashed in a buffer
	318	* @param buf: buffer for temp use.
	319	* @param nm: name to hash
	320	* @param nmlen: length of nm.
	321	* @param algo: algo to use, must be known.
	322	* @param iter: iterations
	323	* @param salt: salt for nsec3
	324	* @param saltlen: length of salt.
	325	* @param res: result of hash stored here.
	326	* @param max: maximum space for result.
	327	* @return 0 on failure, otherwise bytelength stored.
	328	*/
	329	size_t nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
	330	size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max);
	331
	332	/**
	333	* see if NSEC3 RR contains given type
	334	* @param rrset: NSEC3 rrset
	335	* @param r: RR in rrset
	336	* @param type: in host order to check bit for.
	337	* @return true if bit set, false if not or error.
	338	*/
	339	int nsec3_has_type(struct ub_packed_rrset_key* rrset, int r, uint16_t type);
	340
	341	/**
	342	* return if nsec3 RR has the optout flag
	343	* @param rrset: NSEC3 rrset
	344	* @param r: RR in rrset
	345	* @return true if optout, false on error or not optout
	346	*/
	347	int nsec3_has_optout(struct ub_packed_rrset_key* rrset, int r);
	348
	349	/**
	350	* Return nsec3 RR next hashed owner name
	351	* @param rrset: NSEC3 rrset
	352	* @param r: RR in rrset
	353	* @param next: ptr into rdata to next owner hash
	354	* @param nextlen: length of hash.
	355	* @return false on malformed
	356	*/
	357	int nsec3_get_nextowner(struct ub_packed_rrset_key* rrset, int r,
	358	uint8_t** next, size_t* nextlen);
	359
	360	/**
	361	* nsec3Covers
	362	* Given a hash and a candidate NSEC3Record, determine if that NSEC3Record
	363	* covers the hash. Covers specifically means that the hash is in between
	364	* the owner and next hashes and does not equal either.
	365	*
	366	* @param zone: the zone name.
	367	* @param hash: the hash of the name
	368	* @param rrset: the rrset of the NSEC3.
	369	* @param rr: which rr in the rrset.
	370	* @param buf: temporary buffer.
	371	* @return true if covers, false if not.
	372	*/
	373	int nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
	374	struct ub_packed_rrset_key* rrset, int rr, ldns_buffer* buf);
	375
275	376	#endif /* VALIDATOR_VAL_NSEC3_H */

+87

-102

validator/val_sigcrypt.c less more

188	188	return (int)rdata[2+2];
189	189	}
190	190
191		/**
192		* Get DS RR digest algorithm
193		* @param k: DS rrset.
194		* @param idx: which DS.
195		* @return algorithm or 0 if DS too short.
196		*/
197		static int
	191	int
198	192	ds_get_digest_algo(struct ub_packed_rrset_key* k, size_t idx)
199	193	{
200	194	uint8_t* rdata;

253	247	ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx)
254	248	{
255	249	switch(ds_get_digest_algo(k, idx)) {
256		#ifdef SHA_DIGEST_LENGTH
	250	#ifdef HAVE_EVP_SHA1
257	251	case LDNS_SHA1:
258	252	return SHA_DIGEST_LENGTH;
259	253	#endif
260		#ifdef SHA256_DIGEST_LENGTH
	254	#ifdef HAVE_EVP_SHA256
261	255	case LDNS_SHA256:
262	256	return SHA256_DIGEST_LENGTH;
263	257	#endif

299	293	ldns_buffer_flip(b);
300	294
301	295	switch(ds_get_digest_algo(ds_rrset, ds_idx)) {
302		#ifdef SHA_DIGEST_LENGTH
	296	#ifdef HAVE_EVP_SHA1
303	297	case LDNS_SHA1:
304	298	(void)SHA1((unsigned char*)ldns_buffer_begin(b),
305	299	ldns_buffer_limit(b), (unsigned char*)digest);
306	300	return 1;
307	301	#endif
308		#ifdef SHA256_DIGEST_LENGTH
	302	#ifdef HAVE_EVP_SHA256
309	303	case LDNS_SHA256:
310	304	(void)SHA256((unsigned char*)ldns_buffer_begin(b),
311	305	ldns_buffer_limit(b), (unsigned char*)digest);

375	369	case LDNS_RSASHA1:
376	370	case LDNS_RSASHA1_NSEC3:
377	371	case LDNS_RSAMD5:
	372	#ifdef HAVE_EVP_SHA256
	373	case LDNS_RSASHA256:
	374	case LDNS_RSASHA256_NSEC3:
	375	#endif
	376	#ifdef HAVE_EVP_SHA512
	377	case LDNS_RSASHA512:
	378	case LDNS_RSASHA512_NSEC3:
	379	#endif
378	380	return 1;
379	381	default:
380	382	return 0;

405	407	dnskey_idx));
406	408	}
407	409
	410	/**
	411	* Fillup needed algorithm array for DNSKEY set
	412	* @param dnskey: the key
	413	* @param needs: array per algorithm.
	414	* @return the number of algorithms that need valid signatures
	415	*/
	416	static size_t
	417	dnskeyset_needs(struct ub_packed_rrset_key* dnskey, uint8_t needs[])
	418	{
	419	uint8_t algo;
	420	size_t i, total = 0;
	421	size_t num = rrset_get_count(dnskey);
	422
	423	memset(needs, 0, sizeof(uint8_t)*256);
	424	for(i=0; i<num; i++) {
	425	algo = (uint8_t)dnskey_get_algo(dnskey, i);
	426	if(needs[algo] == 0) {
	427	needs[algo] = 1;
	428	total++;
	429	}
	430	}
	431	return total;
	432	}
	433
408	434	enum sec_status
409	435	dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
410	436	struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey)
411	437	{
412	438	enum sec_status sec;
413		size_t i, num;
	439	size_t i, num, numneeds;
414	440	rbtree_t* sortree = NULL;
	441	/* make sure that for all DNSKEY algorithms there are valid sigs */
	442	uint8_t needs[256]; /* 1 if need sig for that algorithm */
	443
415	444	num = rrset_get_sigcount(rrset);
416	445	if(num == 0) {
417	446	verbose(VERB_QUERY, "rrset failed to verify due to a lack of "
418	447	"signatures");
419	448	return sec_status_bogus;
420	449	}
	450
	451	numneeds = dnskeyset_needs(dnskey, needs);
421	452	for(i=0; i<num; i++) {
422	453	sec = dnskeyset_verify_rrset_sig(env, ve, *env->now, rrset,
423	454	dnskey, i, &sortree);
424		if(sec == sec_status_secure)
425		return sec;
426		}
427		verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus");
	455	/* see which algorithm has been fixed up */
	456	if(sec == sec_status_secure) {
	457	uint8_t a = (uint8_t)rrset_get_sig_algo(rrset, i);
	458	if(needs[a] == 1) {
	459	needs[a] = 0;
	460	numneeds --;
	461	if(numneeds == 0) /* done! */
	462	return sec;
	463	}
	464	}
	465	}
	466	verbose(VERB_ALGO, "rrset failed to verify: no valid signatures for "
	467	"%d algorithms", (int)numneeds);
428	468	return sec_status_bogus;
429	469	}
430	470

509	549	/** which RR in the rrset */
510	550	size_t rr_idx;
511	551	};
512
513		/**
514		* Compare HINFO rrsets. For them, the string length bytes are not lowercased,
515		* but the string contents are lowercased.
516		*
517		* This routine works for any 'all STR' RR type. It works similar to the
518		* compare_byfield routine, but stripped down, and modified to lowercase
519		* STR fields.
520		*
521		* @param d: rrset data
522		* @param i: first RR to compare
523		* @param j: first RR to compare
524		* @return comparison code.
525		*/
526		static int
527		canonical_compare_hinfo(struct packed_rrset_data* d, size_t i, size_t j)
528		{
529		uint8_t* di = d->rr_data[i]+2; /* ptr to current rdata byte */
530		uint8_t* dj = d->rr_data[j]+2;
531		size_t ilen = d->rr_len[i]-2; /* length left in rdata */
532		size_t jlen = d->rr_len[j]-2;
533		size_t strlen_i = 0;
534		size_t strlen_j = 0;
535		while(ilen > 0 && jlen > 0) {
536		/* compare this pair of bytes */
537		if( ((strlen_i)?(uint8_t)tolower((int)di):di)
538		!= ((strlen_j)?(uint8_t)tolower((int)dj):dj)
539		) {
540		if(((strlen_i)?(uint8_t)tolower((int)di):di)
541		< ((strlen_j)?(uint8_t)tolower((int)dj):dj))
542		return -1;
543		return 1;
544		}
545		ilen --;
546		jlen --;
547		/* read length byte of the string in rdata if strlen=0 */
548		if(strlen_i == 0) {
549		strlen_i = (size_t)*di;
550		} else strlen_i--;
551		if(strlen_j == 0) {
552		strlen_j = (size_t)*dj;
553		} else strlen_j--;
554		di++;
555		dj++;
556		}
557		if(ilen == 0 && jlen == 0)
558		return 0;
559		if(ilen == 0)
560		return -1;
561		return 1;
562		}
563	552
564	553	/**
565	554	* Compare two RR for canonical order, in a field-style sweep.

766	755	log_assert(desc->_minimum == desc->_maximum);
767	756	return canonical_compare_byfield(d, desc, i, j);
768	757
769		/* This RR type is special, as the contents of text fields
770		* is lowercased. */
771		case LDNS_RR_TYPE_HINFO:
772		return canonical_compare_hinfo(d, i, j);
773
	758	case LDNS_RR_TYPE_HINFO: /* no longer downcased */
774	759	case LDNS_RR_TYPE_NSEC:
775	760	case LDNS_RR_TYPE_RRSIG:
776	761	default:

865	850	ldns_buffer_write(buf, (uint8_t)"\001", 2);
866	851	ldns_buffer_write(buf, nm, len);
867	852	query_dname_tolower(*can_owner);
868		}
869		}
870
871		/**
872		* Lowercase a text rdata field in a buffer.
873		* @param p: pointer to start of text field (length byte).
874		*/
875		static void
876		lowercase_text_field(uint8_t* p)
877		{
878		int i, len = (int)*p;
879		p++;
880		for(i=0; i<len; i++) {
881		p = (uint8_t)tolower((int)p);
882		p++;
883	853	}
884	854	}
885	855

915	885	query_dname_tolower(datstart);
916	886	query_dname_tolower(datstart +
917	887	dname_valid(datstart, len-2));
918		return;
919		case LDNS_RR_TYPE_HINFO:
920		/* lowercase text records */
921		len -= 2;
922		if(len < (size_t)datstart[0]+1)
923		return;
924		lowercase_text_field(datstart);
925		len -= (size_t)datstart[0]+1; /* and skip the 1st */
926		datstart += (size_t)datstart[0]+1;
927		if(len < (size_t)datstart[0]+1)
928		return;
929		lowercase_text_field(datstart);
930	888	return;
931	889	case LDNS_RR_TYPE_RT:
932	890	case LDNS_RR_TYPE_AFSDB:

987	945	/* do not canonicalize NSEC rdata name, compat with bug
988	946	* from bind 9.4 signer, where it does not do so */
989	947	case LDNS_RR_TYPE_NSEC: /* type starts with the name */
	948	case LDNS_RR_TYPE_HINFO: /* not downcased */
990	949	/* A6 not supported */
991	950	default:
992	951	/* nothing to do for unknown types */

1261	1220	break;
1262	1221	case LDNS_RSASHA1:
1263	1222	case LDNS_RSASHA1_NSEC3:
	1223	#ifdef HAVE_EVP_SHA256
	1224	case LDNS_RSASHA256:
	1225	case LDNS_RSASHA256_NSEC3:
	1226	#endif
	1227	#ifdef HAVE_EVP_SHA512
	1228	case LDNS_RSASHA512:
	1229	case LDNS_RSASHA512_NSEC3:
	1230	#endif
1264	1231	rsa = ldns_key_buf2rsa_raw(key, keylen);
1265	1232	if(!rsa) {
1266	1233	verbose(VERB_QUERY, "verify: "
1267		"ldns_key_buf2rsa_raw SHA1 failed");
	1234	"ldns_key_buf2rsa_raw SHA failed");
1268	1235	return 0;
1269	1236	}
1270	1237	if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) {
1271	1238	verbose(VERB_QUERY, "verify: "
1272		"EVP_PKEY_assign_RSA SHA1 failed");
	1239	"EVP_PKEY_assign_RSA SHA failed");
1273	1240	return 0;
1274	1241	}
1275		*digest_type = EVP_sha1();
	1242
	1243	/* select SHA version */
	1244	#ifdef HAVE_EVP_SHA256
	1245	if(algo == LDNS_RSASHA256 \|\|
	1246	algo == LDNS_RSASHA256_NSEC3)
	1247	*digest_type = EVP_sha256();
	1248	else
	1249	#endif
	1250	#ifdef HAVE_EVP_SHA512
	1251	if(algo == LDNS_RSASHA512 \|\|
	1252	algo == LDNS_RSASHA512_NSEC3)
	1253	*digest_type = EVP_sha512();
	1254	else
	1255	#endif
	1256	*digest_type = EVP_sha1();
1276	1257
1277	1258	break;
1278	1259	case LDNS_RSAMD5:

1435	1416	/* verify key dname == sig signer name */
1436	1417	if(query_dname_compare(signer, dnskey->rk.dname) != 0) {
1437	1418	verbose(VERB_QUERY, "verify: wrong key for rrsig");
	1419	log_nametypeclass(VERB_QUERY, "RRSIG signername is",
	1420	signer, 0, 0);
	1421	log_nametypeclass(VERB_QUERY, "the key name is",
	1422	dnskey->rk.dname, 0, 0);
1438	1423	return sec_status_bogus;
1439	1424	}
1440	1425

+8

-0

validator/val_sigcrypt.h less more

98	98	int ds_digest_algo_is_supported(struct ub_packed_rrset_key* ds_rrset,
99	99	size_t ds_idx);
100	100
	101	/**
	102	* Get DS RR digest algorithm
	103	* @param ds_rrset: DS rrset.
	104	* @param ds_idx: which DS.
	105	* @return algorithm or 0 if DS too short.
	106	*/
	107	int ds_get_digest_algo(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx);
	108
101	109	/**
102	110	* See if DS key algorithm is supported
103	111	* @param ds_rrset: DS rrset

+21

-8

validator/val_utils.c less more

149	149	*sname = data;
150	150	}
151	151
152		/**
153		* Find the signer name for an RRset.
154		* @param rrset: the rrset.
155		* @param sname: signer name is returned or NULL if not signed.
156		* @param slen: length of sname (or 0).
157		*/
158		static void
	152	void
159	153	val_find_rrset_signer(struct ub_packed_rrset_key* rrset, uint8_t** sname,
160	154	size_t* slen)
161	155	{

342	336	if(sec == sec_status_secure)
343	337	d->trust = rrset_trust_validated;
344	338	else if(sec == sec_status_bogus) {
	339	size_t i;
345	340	/* update ttl for rrset to fixed value. */
346	341	d->ttl = ve->bogus_ttl;
	342	for(i=0; i<d->count+d->rrsig_count; i++)
	343	d->rr_ttl[i] = ve->bogus_ttl;
347	344	/* leave RR specific TTL: not used for determine
348	345	* if RRset timed out and clients see proper value. */
	346	lock_basic_lock(&ve->bogus_lock);
	347	ve->num_rrset_bogus++;
	348	lock_basic_unlock(&ve->bogus_lock);
349	349	}
350	350	/* if status updated - store in cache for reuse */
351	351	rrset_update_sec_status(env->rrset_cache, rrset, *env->now);

423	423	/* as long as this is false, we can consider this DS rrset to be
424	424	* equivalent to no DS rrset. */
425	425	int has_useful_ds = 0;
	426	int d, digest_algo = 0; /* DS digest algo 0 is not used. */
426	427	size_t i, num;
427	428	enum sec_status sec;
428	429

437	438	}
438	439
439	440	num = rrset_get_count(ds_rrset);
	441	/* find favority algo, for now, highest number supported */
440	442	for(i=0; i<num; i++) {
441		/* Check to see if we can understand this DS. */
442	443	if(!ds_digest_algo_is_supported(ds_rrset, i) \|\|
443	444	!ds_key_algo_is_supported(ds_rrset, i)) {
	445	continue;
	446	}
	447	d = ds_get_digest_algo(ds_rrset, i);
	448	if(d > digest_algo)
	449	digest_algo = d;
	450	}
	451	for(i=0; i<num; i++) {
	452	/* Check to see if we can understand this DS.
	453	* And check it is the strongest digest */
	454	if(!ds_digest_algo_is_supported(ds_rrset, i) \|\|
	455	!ds_key_algo_is_supported(ds_rrset, i) \|\|
	456	ds_get_digest_algo(ds_rrset, i) != digest_algo) {
444	457	continue;
445	458	}
446	459

+9

-0

validator/val_utils.h less more

257	257	size_t val_next_unchecked(struct reply_info* rep, size_t skip);
258	258
259	259	/**
	260	* Find the signer name for an RRset.
	261	* @param rrset: the rrset.
	262	* @param sname: signer name is returned or NULL if not signed.
	263	* @param slen: length of sname (or 0).
	264	*/
	265	void val_find_rrset_signer(struct ub_packed_rrset_key* rrset, uint8_t** sname,
	266	size_t* slen);
	267
	268	/**
260	269	* Get string to denote the classification result.
261	270	* @param subtype: from classification function.
262	271	* @return static string to describe the classification.

+400

-29

validator/validator.c less more

46	46	#include "validator/val_utils.h"
47	47	#include "validator/val_nsec.h"
48	48	#include "validator/val_nsec3.h"
	49	#include "validator/val_neg.h"
49	50	#include "services/cache/dns.h"
50	51	#include "util/data/dname.h"
51	52	#include "util/module.h"

131	132	log_err("validator: cannot apply nsec3 key iterations");
132	133	return 0;
133	134	}
	135	if(!val_env->neg_cache)
	136	val_env->neg_cache = val_neg_create(cfg,
	137	val_env->nsec3_maxiter[val_env->nsec3_keyiter_count-1]);
	138	if(!val_env->neg_cache) {
	139	log_err("out of memory");
	140	return 0;
	141	}
	142	env->neg_cache = val_env->neg_cache;
134	143	return 1;
135	144	}
136	145

146	155	env->modinfo[id] = (void*)val_env;
147	156	env->need_to_validate = 1;
148	157	val_env->permissive_mode = 0;
	158	lock_basic_init(&val_env->bogus_lock);
	159	lock_protect(&val_env->bogus_lock, &val_env->num_rrset_bogus,
	160	sizeof(val_env->num_rrset_bogus));
149	161	if(!val_apply_cfg(env, val_env, env->cfg)) {
150	162	log_err("validator: could not apply configuration settings.");
151	163	return 0;

160	172	if(!env \|\| !env->modinfo[id])
161	173	return;
162	174	val_env = (struct val_env*)env->modinfo[id];
	175	lock_basic_destroy(&val_env->bogus_lock);
163	176	anchors_delete(env->anchors);
164	177	env->anchors = NULL;
165	178	key_cache_delete(val_env->kcache);
	179	neg_cache_delete(val_env->neg_cache);
166	180	free(val_env->nsec3_keysize);
167	181	free(val_env->nsec3_maxiter);
168	182	free(val_env);

286	300	* @param namelen: length of name.
287	301	* @param qtype: query type.
288	302	* @param qclass: query class.
	303	* @param flags: additional flags, such as the CD bit (BIT_CD), or 0.
289	304	* @return false on alloc failure.
290	305	*/
291	306	static int
292	307	generate_request(struct module_qstate* qstate, int id, uint8_t* name,
293		size_t namelen, uint16_t qtype, uint16_t qclass)
	308	size_t namelen, uint16_t qtype, uint16_t qclass, uint16_t flags)
294	309	{
295	310	struct module_qstate* newq;
296	311	struct query_info ask;

301	316	log_query_info(VERB_ALGO, "generate request", &ask);
302	317	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
303	318	if(!(*qstate->env->attach_sub)(qstate, &ask,
304		(uint16_t)(BIT_RD\|BIT_CD), 0, &newq)){
	319	(uint16_t)(BIT_RD\|flags), 0, &newq)){
305	320	log_err("Could not generate request: out of memory");
306	321	return 0;
307	322	}

327	342	int id, struct trust_anchor* toprime)
328	343	{
329	344	int ret = generate_request(qstate, id, toprime->name, toprime->namelen,
330		LDNS_RR_TYPE_DNSKEY, toprime->dclass);
	345	LDNS_RR_TYPE_DNSKEY, toprime->dclass, BIT_CD);
331	346	if(!ret) {
332	347	log_err("Could not prime trust anchor: out of memory");
333	348	return 0;

363	378	struct query_info* qchase, struct reply_info* chase_reply,
364	379	struct key_entry_key* key_entry)
365	380	{
366		size_t i;
	381	uint8_t* sname;
	382	size_t i, slen;
367	383	struct ub_packed_rrset_key* s;
368	384	enum sec_status sec;
369	385	int dname_seen = 0;

428	444	for(i=chase_reply->an_numrrsets+chase_reply->ns_numrrsets;
429	445	i<chase_reply->rrset_count; i++) {
430	446	s = chase_reply->rrsets[i];
431		(void)val_verify_rrset_entry(env, ve, s, key_entry);
	447	/* only validate rrs that have signatures with the key */
	448	/* leave others unchecked, those get removed later on too */
	449	val_find_rrset_signer(s, &sname, &slen);
	450	if(sname && query_dname_compare(sname, key_entry->name)==0)
	451	(void)val_verify_rrset_entry(env, ve, s, key_entry);
432	452	/* the additional section can fail to be secure,
433	453	* it is optional, check signature in case we need
434	454	* to clean the additional section later. */

1127	1147	vq->ds_rrset = 0;
1128	1148	vq->trust_anchor = anchors_lookup(qstate->env->anchors,
1129	1149	lookup_name, lookup_len, vq->qchase.qclass);
1130		if(vq->trust_anchor == NULL) {
1131		/response isn't under a trust anchor, so we cannot validate./
1132		vq->chase_reply->security = sec_status_indeterminate;
1133		/* go to finished state to cache this result */
1134		vq->state = VAL_FINISHED_STATE;
1135		return 1;
1136		}
1137	1150
1138	1151	/* Determine the signer/lookup name */
1139	1152	val_find_signer(subtype, &vq->qchase, vq->orig_msg->rep,

1151	1164
1152	1165	/* for NXDOMAIN it could be signed by a parent of the trust anchor */
1153	1166	if(subtype == VAL_CLASS_NAMEERROR && vq->signer_name &&
	1167	vq->trust_anchor &&
1154	1168	dname_strict_subdomain_c(vq->trust_anchor->name, lookup_name)){
1155	1169	while(vq->trust_anchor && dname_strict_subdomain_c(
1156	1170	vq->trust_anchor->name, lookup_name)) {

1180	1194
1181	1195	vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len,
1182	1196	vq->qchase.qclass, qstate->region, *qstate->env->now);
1183
	1197
	1198	/* there is no key(from DLV) and no trust anchor */
	1199	if(vq->key_entry == NULL && vq->trust_anchor == NULL) {
	1200	/response isn't under a trust anchor, so we cannot validate./
	1201	vq->chase_reply->security = sec_status_indeterminate;
	1202	/* go to finished state to cache this result */
	1203	vq->state = VAL_FINISHED_STATE;
	1204	return 1;
	1205	}
1184	1206	/* if not key, or if keyentry is above the trustanchor, i.e.
1185	1207	* the keyentry is based on another (higher) trustanchor */
1186		if(vq->key_entry == NULL \|\| dname_strict_subdomain_c(
1187		vq->trust_anchor->name, vq->key_entry->name)) {
	1208	else if(vq->key_entry == NULL \|\| (vq->trust_anchor &&
	1209	dname_strict_subdomain_c(vq->trust_anchor->name,
	1210	vq->key_entry->name))) {
1188	1211	/* fire off a trust anchor priming query. */
1189	1212	verbose(VERB_DETAIL, "prime trust anchor");
1190	1213	if(!prime_trust_anchor(qstate, vq, id, vq->trust_anchor))

1203	1226	/* go to finished state to cache this result */
1204	1227	vq->state = VAL_FINISHED_STATE;
1205	1228	return 1;
	1229	} else if(key_entry_isbad(vq->key_entry)) {
	1230	/* key is bad, chain is bad, reply is bogus */
	1231	vq->chase_reply->security = sec_status_bogus;
	1232	vq->state = VAL_FINISHED_STATE;
	1233	return 1;
1206	1234	}
1207	1235
1208	1236	/* otherwise, we have our "closest" cached key -- continue

1274	1302	log_nametypeclass(VERB_ALGO, "target keyname", target_key_name,
1275	1303	LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN);
1276	1304	/* assert we are walking down the DNS tree */
1277		log_assert(dname_subdomain_c(target_key_name, current_key_name));
	1305	if(!dname_subdomain_c(target_key_name, current_key_name)) {
	1306	verbose(VERB_ALGO, "bad signer name");
	1307	vq->chase_reply->security = sec_status_bogus;
	1308	vq->state = VAL_FINISHED_STATE;
	1309	return 1;
	1310	}
1278	1311	/* so this value is >= -1 */
1279	1312	strip_lab = dname_count_labels(target_key_name) -
1280	1313	dname_count_labels(current_key_name) - 1;

1297	1330	vq->key_entry->name) != 0) {
1298	1331	if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1299	1332	vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
1300		vq->qchase.qclass)) {
	1333	vq->qchase.qclass, BIT_CD)) {
1301	1334	log_err("mem error generating DNSKEY request");
1302	1335	return val_error(qstate, id);
1303	1336	}

1307	1340	if(!vq->ds_rrset \|\| query_dname_compare(vq->ds_rrset->rk.dname,
1308	1341	target_key_name) != 0) {
1309	1342	if(!generate_request(qstate, id, target_key_name,
1310		target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass)) {
	1343	target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass,
	1344	BIT_CD)) {
1311	1345	log_err("mem error generating DS request");
1312	1346	return val_error(qstate, id);
1313	1347	}

1317	1351	/* Otherwise, it is time to query for the DNSKEY */
1318	1352	if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
1319	1353	vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
1320		vq->qchase.qclass)) {
	1354	vq->qchase.qclass, BIT_CD)) {
1321	1355	log_err("mem error generating DNSKEY request");
1322	1356	return val_error(qstate, id);
1323	1357	}

1467	1501	}
1468	1502
1469	1503	/**
	1504	* Init DLV check.
	1505	* Called when a query is determined by other trust anchors to be insecure
	1506	* (or indeterminate). Then we look if there is a key in the DLV.
	1507	* Performs aggressive negative cache check to see if there is no key.
	1508	* Otherwise, spawns a DLV query, and changes to the DLV wait state.
	1509	*
	1510	* @param qstate: query state.
	1511	* @param vq: validator query state.
	1512	* @param ve: validator shared global environment.
	1513	* @param id: module id.
	1514	* @return true if there is no DLV.
	1515	* false: processing is finished for the validator operate().
	1516	* This function may exit in three ways:
	1517	* o no DLV (agressive cache), so insecure. (true)
	1518	* o error - stop processing (false)
	1519	* o DLV lookup was started, stop processing (false)
	1520	*/
	1521	static int
	1522	val_dlv_init(struct module_qstate* qstate, struct val_qstate* vq,
	1523	struct val_env* ve, int id)
	1524	{
	1525	uint8_t* nm;
	1526	size_t nm_len;
	1527	/* there must be a DLV configured */
	1528	log_assert(qstate->env->anchors->dlv_anchor);
	1529	/* this bool is true to avoid looping in the DLV checks */
	1530	log_assert(vq->dlv_checked);
	1531
	1532	/* init the DLV lookup variables */
	1533	vq->dlv_lookup_name = NULL;
	1534	vq->dlv_lookup_name_len = 0;
	1535	vq->dlv_insecure_at = NULL;
	1536	vq->dlv_insecure_at_len = 0;
	1537
	1538	/* Determine the name for which we want to lookup DLV.
	1539	* This name is for the current message, or
	1540	* for the current RRset for CNAME, referral subtypes.
	1541	* If there is a signer, use that, otherwise the domain name */
	1542	if(vq->signer_name) {
	1543	nm = vq->signer_name;
	1544	nm_len = vq->signer_len;
	1545	} else {
	1546	/* use qchase */
	1547	nm = vq->qchase.qname;
	1548	nm_len = vq->qchase.qname_len;
	1549	}
	1550	log_nametypeclass(VERB_ALGO, "DLV init look", nm, LDNS_RR_TYPE_DS,
	1551	vq->qchase.qclass);
	1552	log_assert(nm && nm_len)
	1553	/* sanity check: no DLV lookups below the DLV anchor itself.
	1554	* Like, an securely insecure delegation there makes no sense. */
	1555	if(dname_subdomain_c(nm, qstate->env->anchors->dlv_anchor->name)) {
	1556	verbose(VERB_ALGO, "DLV lookup within DLV repository denied");
	1557	return 1;
	1558	}
	1559	/* concat name (minus root label) + dlv name */
	1560	vq->dlv_lookup_name_len = nm_len - 1 +
	1561	qstate->env->anchors->dlv_anchor->namelen;
	1562	vq->dlv_lookup_name = regional_alloc(qstate->region,
	1563	vq->dlv_lookup_name_len);
	1564	if(!vq->dlv_lookup_name) {
	1565	log_err("Out of memory preparing DLV lookup");
	1566	return val_error(qstate, id);
	1567	}
	1568	memmove(vq->dlv_lookup_name, nm, nm_len-1);
	1569	memmove(vq->dlv_lookup_name+nm_len-1,
	1570	qstate->env->anchors->dlv_anchor->name,
	1571	qstate->env->anchors->dlv_anchor->namelen);
	1572	log_nametypeclass(VERB_ALGO, "DLV name", vq->dlv_lookup_name,
	1573	LDNS_RR_TYPE_DLV, vq->qchase.qclass);
	1574
	1575	/* determine where the insecure point was determined, the DLV must
	1576	* be equal or below that to continue building the trust chain
	1577	* down. May be NULL if no trust chain was built yet */
	1578	nm = NULL;
	1579	if(vq->key_entry && key_entry_isnull(vq->key_entry)) {
	1580	nm = vq->key_entry->name;
	1581	nm_len = vq->key_entry->namelen;
	1582	}
	1583	if(nm) {
	1584	vq->dlv_insecure_at_len = nm_len - 1 +
	1585	qstate->env->anchors->dlv_anchor->namelen;
	1586	vq->dlv_insecure_at = regional_alloc(qstate->region,
	1587	vq->dlv_insecure_at_len);
	1588	if(!vq->dlv_insecure_at) {
	1589	log_err("Out of memory preparing DLV lookup");
	1590	return val_error(qstate, id);
	1591	}
	1592	memmove(vq->dlv_insecure_at, nm, nm_len-1);
	1593	memmove(vq->dlv_insecure_at+nm_len-1,
	1594	qstate->env->anchors->dlv_anchor->name,
	1595	qstate->env->anchors->dlv_anchor->namelen);
	1596	log_nametypeclass(VERB_ALGO, "insecure_at",
	1597	vq->dlv_insecure_at, 0, vq->qchase.qclass);
	1598	}
	1599
	1600	/* If we can find the name in the aggressive negative cache,
	1601	* give up; insecure is the answer */
	1602	if(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name,
	1603	vq->dlv_lookup_name_len, vq->qchase.qclass,
	1604	qstate->env->rrset_cache, *qstate->env->now)) {
	1605	return 1;
	1606	}
	1607
	1608	/* perform a lookup for the DLV; with validation */
	1609	vq->state = VAL_DLVLOOKUP_STATE;
	1610	if(!generate_request(qstate, id, vq->dlv_lookup_name,
	1611	vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV,
	1612	vq->qchase.qclass, 0)) {
	1613	return val_error(qstate, id);
	1614	}
	1615
	1616	/* Find the closest encloser DLV from the repository.
	1617	* then that is used to build another chain of trust
	1618	* This may first require a query 'too low' that has NSECs in
	1619	* the answer, from which we determine the closest encloser DLV.
	1620	* When determine the closest encloser, skip empty nonterminals,
	1621	* since we want a nonempty node in the DLV repository. */
	1622
	1623	return 0;
	1624	}
	1625
	1626	/**
1470	1627	* The Finished state. The validation status (good or bad) has been determined.
1471	1628	*
1472	1629	* @param qstate: query state.

1483	1640	enum val_classification subtype = val_classify_response(
1484	1641	qstate->query_flags, &qstate->qinfo, &vq->qchase,
1485	1642	vq->orig_msg->rep, vq->rrset_skip);
	1643
	1644	/* if the result is insecure or indeterminate and we have not
	1645	* checked the DLV yet, check the DLV */
	1646	if((vq->chase_reply->security == sec_status_insecure \|\|
	1647	vq->chase_reply->security == sec_status_indeterminate) &&
	1648	qstate->env->anchors->dlv_anchor && !vq->dlv_checked) {
	1649	vq->dlv_checked = 1;
	1650	if(!val_dlv_init(qstate, vq, ve, id))
	1651	return 0;
	1652	}
1486	1653
1487	1654	/* store overall validation result in orig_msg */
1488	1655	if(vq->rrset_skip == 0)

1505	1672	/* and restart for this rrset */
1506	1673	verbose(VERB_ALGO, "validator: go to next rrset");
1507	1674	vq->chase_reply->security = sec_status_unchecked;
	1675	vq->dlv_checked = 0; /* can do DLV for this RR */
1508	1676	vq->state = VAL_INIT_STATE;
1509	1677	return 1;
1510	1678	}

1522	1690	log_query_info(VERB_ALGO, "validator: chased to",
1523	1691	&vq->qchase);
1524	1692	vq->chase_reply->security = sec_status_unchecked;
	1693	vq->dlv_checked = 0; /* can do DLV for this RR */
1525	1694	vq->state = VAL_INIT_STATE;
1526	1695	return 1;
1527	1696	}

1534	1703	* that are not secure (if clean-additional option is set) */
1535	1704	/* this may cause the msg to be marked bogus */
1536	1705	val_check_nonsecure(ve, vq->orig_msg->rep);
1537		log_query_info(VERB_DETAIL, "validation success",
1538		&qstate->qinfo);
	1706	if(vq->orig_msg->rep->security == sec_status_secure) {
	1707	log_query_info(VERB_DETAIL, "validation success",
	1708	&qstate->qinfo);
	1709	}
1539	1710	}
1540	1711
1541	1712	/* if the result is bogus - set message ttl to bogus ttl to avoid

1563	1734	qstate->return_rcode = LDNS_RCODE_NOERROR;
1564	1735	qstate->return_msg = vq->orig_msg;
1565	1736	qstate->ext_state[id] = module_finished;
	1737	return 0;
	1738	}
	1739
	1740	/**
	1741	* The DLVLookup state. Process DLV lookups.
	1742	*
	1743	* @param qstate: query state.
	1744	* @param vq: validator query state.
	1745	* @param ve: validator shared global environment.
	1746	* @param id: module id.
	1747	* @return true if the event should be processed further on return, false if
	1748	* not.
	1749	*/
	1750	static int
	1751	processDLVLookup(struct module_qstate* qstate, struct val_qstate* vq,
	1752	struct val_env* ve, int id)
	1753	{
	1754	/* see if this we are ready to continue normal resolution */
	1755	/* we may need more DLV lookups */
	1756	if(vq->dlv_status==dlv_error)
	1757	verbose(VERB_ALGO, "DLV woke up with status dlv_error");
	1758	else if(vq->dlv_status==dlv_success)
	1759	verbose(VERB_ALGO, "DLV woke up with status dlv_success");
	1760	else if(vq->dlv_status==dlv_ask_higher)
	1761	verbose(VERB_ALGO, "DLV woke up with status dlv_ask_higher");
	1762	else if(vq->dlv_status==dlv_there_is_no_dlv)
	1763	verbose(VERB_ALGO, "DLV woke up with status dlv_there_is_no_dlv");
	1764	else verbose(VERB_ALGO, "DLV woke up with status unknown");
	1765
	1766	if(vq->dlv_status == dlv_error) {
	1767	verbose(VERB_QUERY, "failed DLV lookup");
	1768	return val_error(qstate, id);
	1769	} else if(vq->dlv_status == dlv_success) {
	1770	uint8_t* nm;
	1771	size_t nmlen;
	1772	/* chain continues with DNSKEY, continue in FINDKEY */
	1773	vq->state = VAL_FINDKEY_STATE;
	1774
	1775	/* strip off the DLV suffix from the name; could result in . */
	1776	log_assert(dname_subdomain_c(vq->ds_rrset->rk.dname,
	1777	qstate->env->anchors->dlv_anchor->name));
	1778	nmlen = vq->ds_rrset->rk.dname_len -
	1779	qstate->env->anchors->dlv_anchor->namelen + 1;
	1780	nm = regional_alloc_init(qstate->region,
	1781	vq->ds_rrset->rk.dname, nmlen);
	1782	if(!nm) {
	1783	log_err("Out of memory in DLVLook");
	1784	return val_error(qstate, id);
	1785	}
	1786	nm[nmlen-1] = 0;
	1787
	1788	vq->ds_rrset->rk.dname = nm;
	1789	vq->ds_rrset->rk.dname_len = nmlen;
	1790
	1791	if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
	1792	vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
	1793	vq->qchase.qclass, BIT_CD)) {
	1794	log_err("mem error generating DNSKEY request");
	1795	return val_error(qstate, id);
	1796	}
	1797	return 0;
	1798	} else if(vq->dlv_status == dlv_there_is_no_dlv) {
	1799	/* continue with the insecure result we got */
	1800	vq->state = VAL_FINISHED_STATE;
	1801	return 1;
	1802	}
	1803	log_assert(vq->dlv_status == dlv_ask_higher);
	1804
	1805	/* ask higher, make sure we stay in DLV repo, below dlv_at */
	1806	if(!dname_subdomain_c(vq->dlv_lookup_name,
	1807	qstate->env->anchors->dlv_anchor->name)) {
	1808	/* just like, there is no DLV */
	1809	verbose(VERB_ALGO, "ask above dlv repo");
	1810	vq->state = VAL_FINISHED_STATE;
	1811	return 1;
	1812	}
	1813	if(vq->dlv_insecure_at && !dname_subdomain_c(vq->dlv_lookup_name,
	1814	vq->dlv_insecure_at)) {
	1815	/* already checked a chain lower than dlv_lookup_name */
	1816	verbose(VERB_ALGO, "ask above insecure endpoint");
	1817	log_nametypeclass(VERB_ALGO, "enpt", vq->dlv_insecure_at, 0, 0);
	1818	vq->state = VAL_FINISHED_STATE;
	1819	return 1;
	1820	}
	1821
	1822	/* check negative cache before making new request */
	1823	if(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name,
	1824	vq->dlv_lookup_name_len, vq->qchase.qclass,
	1825	qstate->env->rrset_cache, *qstate->env->now)) {
	1826	vq->dlv_status = dlv_there_is_no_dlv;
	1827	/* continue with the insecure result we got */
	1828	vq->state = VAL_FINISHED_STATE;
	1829	return 1;
	1830	}
	1831
	1832	if(!generate_request(qstate, id, vq->dlv_lookup_name,
	1833	vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV,
	1834	vq->qchase.qclass, 0)) {
	1835	return val_error(qstate, id);
	1836	}
	1837
1566	1838	return 0;
1567	1839	}
1568	1840

1595	1867	break;
1596	1868	case VAL_FINISHED_STATE:
1597	1869	cont = processFinished(qstate, vq, ve, id);
	1870	break;
	1871	case VAL_DLVLOOKUP_STATE:
	1872	cont = processDLVLookup(qstate, vq, ve, id);
1598	1873	break;
1599	1874	default:
1600	1875	log_warn("validator: invalid state %d",

1906	2181	} else {
1907	2182	verbose(VERB_QUERY, "Encountered an unhandled type of "
1908	2183	"DS response, thus bogus.");
	2184	goto return_bogus;
	2185	}
1909	2186	return_bogus:
1910		*ke = key_entry_create_bad(qstate->region, qinfo->qname,
1911		qinfo->qname_len, qinfo->qclass);
1912		return (*ke) != NULL;
1913		}
1914		/* unreachable */
1915		log_assert(0);
1916		return 0;
	2187	*ke = key_entry_create_bad(qstate->region, qinfo->qname,
	2188	qinfo->qname_len, qinfo->qclass);
	2189	return (*ke) != NULL;
1917	2190	}
1918	2191
1919	2192	/**

2041	2314	/* If good, we stay in the FINDKEY state. */
2042	2315	log_query_info(VERB_DETAIL, "validated DNSKEY", qinfo);
2043	2316	}
2044
	2317
2045	2318	/**
2046	2319	* Process prime response
2047	2320	* Sets the key entry in the state.

2069	2342	/* the qstate will be reactivated after inform_super is done */
2070	2343	}
2071	2344
	2345	/**
	2346	* Process DLV response. Called from inform_supers.
	2347	* Because it is in inform_supers, the mesh itself is busy doing callbacks
	2348	* for a state that is to be deleted soon; don't touch the mesh; instead
	2349	* set a state in the super, as the super will be reactivated soon.
	2350	* Perform processing to determine what state to set in the super.
	2351	*
	2352	* @param qstate: query state that is validating and asked for a DLV.
	2353	* @param vq: validator query state
	2354	* @param id: module id.
	2355	* @param rcode: rcode result value.
	2356	* @param msg: result message (if rcode is OK).
	2357	* @param qinfo: from the sub query state, query info.
	2358	*/
	2359	static void
	2360	process_dlv_response(struct module_qstate* qstate, struct val_qstate* vq,
	2361	int id, int rcode, struct dns_msg* msg, struct query_info* qinfo)
	2362	{
	2363	struct val_env* ve = (struct val_env*)qstate->env->modinfo[id];
	2364
	2365	verbose(VERB_ALGO, "process dlv response to super");
	2366	if(rcode != LDNS_RCODE_NOERROR) {
	2367	/* lookup failed, set in vq to give up */
	2368	vq->dlv_status = dlv_error;
	2369	verbose(VERB_ALGO, "response is error");
	2370	return;
	2371	}
	2372	if(msg->rep->security != sec_status_secure) {
	2373	vq->dlv_status = dlv_error;
	2374	verbose(VERB_ALGO, "response is not secure");
	2375	return;
	2376	}
	2377	/* was the lookup a success? validated DLV? */
	2378	if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NOERROR &&
	2379	msg->rep->an_numrrsets == 1 &&
	2380	msg->rep->security == sec_status_secure &&
	2381	ntohs(msg->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DLV &&
	2382	ntohs(msg->rep->rrsets[0]->rk.rrset_class) == qinfo->qclass &&
	2383	query_dname_compare(msg->rep->rrsets[0]->rk.dname,
	2384	vq->dlv_lookup_name) == 0) {
	2385	/* yay! it is just like a DS */
	2386	vq->ds_rrset = (struct ub_packed_rrset_key*)
	2387	regional_alloc_init(qstate->region,
	2388	msg->rep->rrsets[0], sizeof(*vq->ds_rrset));
	2389	if(!vq->ds_rrset) {
	2390	log_err("out of memory in process_dlv");
	2391	return;
	2392	}
	2393	vq->ds_rrset->entry.key = vq->ds_rrset;
	2394	vq->ds_rrset->rk.dname = (uint8_t*)regional_alloc_init(
	2395	qstate->region, vq->ds_rrset->rk.dname,
	2396	vq->ds_rrset->rk.dname_len);
	2397	if(!vq->ds_rrset->rk.dname) {
	2398	log_err("out of memory in process_dlv");
	2399	vq->dlv_status = dlv_error;
	2400	return;
	2401	}
	2402	vq->ds_rrset->entry.data = regional_alloc_init(qstate->region,
	2403	vq->ds_rrset->entry.data,
	2404	packed_rrset_sizeof(vq->ds_rrset->entry.data));
	2405	if(!vq->ds_rrset->entry.data) {
	2406	log_err("out of memory in process_dlv");
	2407	vq->dlv_status = dlv_error;
	2408	return;
	2409	}
	2410	packed_rrset_ptr_fixup(vq->ds_rrset->entry.data);
	2411	/* make vq do a DNSKEY query next up */
	2412	vq->dlv_status = dlv_success;
	2413	return;
	2414	}
	2415	/* store NSECs into negative cache */
	2416	val_neg_addreply(ve->neg_cache, msg->rep);
	2417
	2418	/* was the lookup a failure?
	2419	* if we have to go up into the DLV for a higher DLV anchor
	2420	* then set this in the vq, so it can make queries when activated.
	2421	* See if the NSECs indicate that we should look for higher DLV
	2422	* or, that there is no DLV securely */
	2423	if(!val_nsec_check_dlv(qinfo, msg->rep, &vq->dlv_lookup_name,
	2424	&vq->dlv_lookup_name_len)) {
	2425	vq->dlv_status = dlv_error;
	2426	verbose(VERB_ALGO, "nsec error");
	2427	return;
	2428	}
	2429	if(!dname_subdomain_c(vq->dlv_lookup_name,
	2430	qstate->env->anchors->dlv_anchor->name)) {
	2431	vq->dlv_status = dlv_there_is_no_dlv;
	2432	return;
	2433	}
	2434	vq->dlv_status = dlv_ask_higher;
	2435	}
	2436
2072	2437	/*
2073	2438	* inform validator super.
2074	2439	*

2102	2467	process_dnskey_response(super, vq, id, qstate->return_rcode,
2103	2468	qstate->return_msg, &qstate->qinfo);
2104	2469	return;
	2470	} else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DLV) {
	2471	process_dlv_response(super, vq, id, qstate->return_rcode,
	2472	qstate->return_msg, &qstate->qinfo);
	2473	return;
2105	2474	}
2106	2475	log_err("internal error in validator: no inform_supers possible");
2107	2476	}

2122	2491	if(!ve)
2123	2492	return 0;
2124	2493	return sizeof(*ve) + key_cache_get_mem(ve->kcache) +
	2494	val_neg_get_mem(ve->neg_cache) +
2125	2495	anchors_get_mem(env->anchors) +
2126	2496	sizeof(size_t)2ve->nsec3_keyiter_count;
2127	2497	}

2149	2519	case VAL_FINDKEY_STATE: return "VAL_FINDKEY_STATE";
2150	2520	case VAL_VALIDATE_STATE: return "VAL_VALIDATE_STATE";
2151	2521	case VAL_FINISHED_STATE: return "VAL_FINISHED_STATE";
	2522	case VAL_DLVLOOKUP_STATE: return "VAL_DLVLOOKUP_STATE";
2152	2523	}
2153	2524	return "UNKNOWN VALIDATOR STATE";
2154	2525	}

+33

-1

validator/validator.h less more

47	47	struct val_anchors;
48	48	struct key_cache;
49	49	struct key_entry_key;
	50	struct val_neg_cache;
50	51
51	52	/**
52	53	* This is the TTL to use when a trust anchor fails to prime. A trust anchor

62	63	* end up here after being primed. */
63	64	struct key_cache* kcache;
64	65
	66	/** aggressive negative cache. index into NSECs in rrset cache. */
	67	struct val_neg_cache* neg_cache;
	68
65	69	/** for debug testing a fixed validation date can be entered.
66	70	* if 0, current time is used for rrsig validation */
67	71	int32_t date_override;

102	106	* in the keysize array.
103	107	*/
104	108	size_t* nsec3_maxiter;
	109
	110	/** lock on bogus counter */
	111	lock_basic_t bogus_lock;
	112	/** number of times rrsets marked bogus */
	113	size_t num_rrset_bogus;
105	114	};
106	115
107	116	/**

115	124	/** validate the answer, using found key entry */
116	125	VAL_VALIDATE_STATE,
117	126	/** finish up */
118		VAL_FINISHED_STATE
	127	VAL_FINISHED_STATE,
	128	/** DLV lookup state, processing DLV queries */
	129	VAL_DLVLOOKUP_STATE
119	130	};
120	131
121	132	/**

183	194
184	195	/** true if this state is waiting to prime a trust anchor */
185	196	int wait_prime_ta;
	197
	198	/** have we already checked the DLV? */
	199	int dlv_checked;
	200	/** The name for which the DLV is looked up. For the current message
	201	* or for the current RRset (for CNAME, REFERRAL types).
	202	* If there is signer name, that may be it, else a domain name */
	203	uint8_t* dlv_lookup_name;
	204	/** length of dlv lookup name */
	205	size_t dlv_lookup_name_len;
	206	/** Name at which chain of trust stopped with insecure, starting DLV
	207	* DLV must result in chain going further down */
	208	uint8_t* dlv_insecure_at;
	209	/** length of dlv insecure point name */
	210	size_t dlv_insecure_at_len;
	211	/** status of DLV lookup. Indication to VAL_DLV_STATE what to do */
	212	enum dlv_status {
	213	dlv_error, /* server failure */
	214	dlv_success, /* got a DLV */
	215	dlv_ask_higher, /* ask again */
	216	dlv_there_is_no_dlv /* got no DLV, sure of it */
	217	} dlv_status;
186	218	};
187	219
188	220	/**