diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index fbbdd8018..554cda12c 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -163,7 +163,7 @@ jobs: make: "no" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: false - name: test_windows diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 73d68fbf3..59d52b7cb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: configure run: ./configure --enable-debug - name: make diff --git a/.gitignore b/.gitignore index 6c3cfb91d..985e48869 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ /config.status /dnstap/dnstap_config.h /dnscrypt/dnscrypt_config.h +/clubsyms.def /doc/example.conf /doc/libunbound.3 /doc/unbound-anchor.8 diff --git a/Makefile.in b/Makefile.in index e7c76c258..74e45bc5e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -130,7 +130,7 @@ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \ util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \ -util/timehist.c util/tube.c util/proxy_protocol.c \ +util/timehist.c util/tube.c util/proxy_protocol.c util/timeval_func.c \ util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \ validator/autotrust.c validator/val_anchor.c validator/validator.c \ validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ @@ -152,7 +152,7 @@ autotrust.lo val_anchor.lo rpz.lo proxy_protocol.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo +$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo timeval_func.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@ -198,7 +198,7 @@ CHECKCONF_OBJ=unbound-checkconf.lo worker_cb.lo CHECKCONF_OBJ_LINK=$(CHECKCONF_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \ $(COMPAT_OBJ) @WIN_CHECKCONF_OBJ_LINK@ CONTROL_SRC=smallapp/unbound-control.c -CONTROL_OBJ=unbound-control.lo +CONTROL_OBJ=unbound-control.lo CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \ $(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@ HOST_SRC=smallapp/unbound-host.c @@ -455,6 +455,7 @@ unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnsta dynlibmod.lo dynlibdmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h +timeval_func.lo timeval_func.o: $(srcdir)/util/timeval_func.c $(srcdir)/util/timeval_func.h # dnscrypt dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ @@ -498,6 +499,7 @@ util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h echo "#include \"util/configyyrename.h\"" >> $@ ;\ $(LEX) -t $(srcdir)/util/configlexer.lex >> $@ ;\ fi + @if test ! -f $@; then echo "No $@ : need flex and bison to compile from source repository"; exit 1; fi util/configparser.c util/configparser.h: $(srcdir)/util/configparser.y @-if test ! -d util; then $(INSTALL) -d util; fi @@ -516,7 +518,7 @@ distclean: clean rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 doc/unbound-host.1 rm -f smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service rm -f $(TEST_BIN) - rm -f Makefile + rm -f Makefile maintainer-clean: distclean rm -f util/configlexer.c util/configparser.c util/configparser.h @@ -616,7 +618,7 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA $(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5 $(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1 $(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup - if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi + if test ! -e "$(DESTDIR)$(configfile)"; then $(INSTALL) -d `dirname "$(DESTDIR)$(configfile)"`; $(INSTALL) -c -m 644 doc/example.conf "$(DESTDIR)$(configfile)"; fi pythonmod-uninstall: rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py @@ -645,11 +647,11 @@ uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL) $(UNBOUND_EVENT_UNINSTA rm -f -- $(DESTDIR)$(includedir)/unbound.h $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la @echo - @echo "You still need to remove "`dirname $(DESTDIR)$(configfile)`" , $(DESTDIR)$(configfile) by hand" + @echo "You still need to remove "`dirname "$(DESTDIR)$(configfile)"`" , $(DESTDIR)$(configfile) by hand" iana_update: curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed - if file port-numbers.tmp | grep 'gzip' >/dev/null; then zcat port-numbers.tmp; else cat port-numbers.tmp; fi | awk '// {p=0;} /udp/ {p=1;} /[^u]/ {p=0;} /Decomissioned|Decommissioned|Removed|De-registered|unassigned|Unassigned|Reserved/ {u=1;} // { if(u==1) {u=0;} else { if(p==1) { match($$0,/[0-9]+/); print substr($$0, RSTART, RLENGTH) ","}}}' | sort -nu > util/iana_ports.inc + if file port-numbers.tmp | grep 'gzip' >/dev/null; then zcat port-numbers.tmp; else cat port-numbers.tmp; fi | awk '// {p=0;} /udp/ {p=1;} /[^u]/ {p=0;} /Decomissioned|Decommissioned|Removed|De-registered|unassigned|Unassigned|Reserved/ {u=1;} // { if(u==1) {u=0;} else { if(p==1) { match($$0,/[0-9]+/); print substr($$0, RSTART, RLENGTH) ","}}}' | sort -nu > util/iana_ports.inc rm -f port-numbers.tmp # dependency generation @@ -877,7 +879,7 @@ rpz.lo rpz.o: $(srcdir)/services/rpz.c config.h $(srcdir)/services/rpz.h $(srcdi outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - + outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h \ @@ -928,7 +930,7 @@ shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/ut $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h + $(srcdir)/util/tube.h $(srcdir)/util/timeval_func.h authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ @@ -983,7 +985,7 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/timeval_func.h proxy_protocol.lo proxy_protocol.o: $(srcdir)/util/proxy_protocol.c config.h \ $(srcdir)/util/proxy_protocol.h $(srcdir)/sldns/sbuffer.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ @@ -1186,7 +1188,7 @@ unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/r $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/random.h $(srcdir)/respip/respip.h \ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/services/outside_network.h + $(srcdir)/services/outside_network.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ @@ -1321,7 +1323,7 @@ unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ @@ -1343,7 +1345,7 @@ testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/test $(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ - $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/timeval_func.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ @@ -1357,7 +1359,7 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ @@ -1409,7 +1411,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ + $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/util/timeval_func.h \ $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -1417,7 +1419,7 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h $(srcdir)/util/timeval_func.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ diff --git a/README.md b/README.md index d1bbcf2b7..c220da030 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,10 @@ # Unbound -[![Travis Build Status](https://travis-ci.org/NLnetLabs/unbound.svg?branch=master)](https://travis-ci.org/NLnetLabs/unbound) +[![Github Build Status](https://github.com/NLnetLabs/unbound/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/NLnetLabs/unbound/actions) [![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound) [![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest) +[![Mastodon Follow](https://img.shields.io/mastodon/follow/109262826617293067?domain=https%3A%2F%2Ffosstodon.org&style=social)](https://fosstodon.org/@nlnetlabs) Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. If you diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index cf436ec54..f27615bd8 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 44 +# Version 46 +# 2023-05-04 fix to remove unused whitespace. +# 2023-01-26 fix -Wstrict-prototypes. # 2022-09-01 fix checking if nonblocking sockets work on OpenBSD. # 2021-08-17 fix sed script in ssldir split handling. # 2021-08-17 fix for openssl to detect split version, with ssldir_include @@ -187,7 +189,7 @@ dnl cache=`echo $1 | sed 'y%.=/+- %___p__%'` AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache, [ echo '$2' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -233,7 +235,7 @@ dnl DEPFLAG: set to flag that generates dependencies. AC_DEFUN([ACX_DEPFLAG], [ AC_MSG_CHECKING([$CC dependency flag]) -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then DEPFLAG="-MM" else @@ -272,7 +274,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -309,7 +311,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -335,7 +337,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG, [ #include #include -int test() { +int test(void) { int a = 0; return a; } @@ -345,7 +347,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE, [ #include -int test() { +int test(void) { int a; a = isascii(32); return a; @@ -356,7 +358,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE, [ #include -int test() { +int test(void) { struct in6_pktinfo inf; int a = (int)sizeof(inf); return a; @@ -370,7 +372,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE -D_FRSRESGID, [ #include -int test() { +int test(void) { int a = setresgid(0,0,0); a = setresuid(0,0,0); return a; @@ -385,7 +387,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_POSIX_C_SOURCE=200112, #endif #include -int test() { +int test(void) { int a = 0; char *t; time_t time = 0; @@ -413,7 +415,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D__EXTENSIONS__, #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -475,7 +477,7 @@ fi dnl Setup ATTR_FORMAT config.h parts. dnl make sure you call ACX_CHECK_FORMAT_ATTRIBUTE also. AC_DEFUN([AHX_CONFIG_FORMAT_ATTRIBUTE], -[ +[ #ifdef HAVE_ATTR_FORMAT # define ATTR_FORMAT(archetype, string_index, first_to_check) \ __attribute__ ((format (archetype, string_index, first_to_check))) @@ -834,7 +836,7 @@ dnl try to see if an additional _LARGEFILE_SOURCE 1 is needed to get fseeko ACX_CHECK_COMPILER_FLAG_NEEDED(-D_LARGEFILE_SOURCE=1, [ #include -int test() { +int test(void) { int a = fseeko(stdin, 0, 0); return a; } @@ -859,7 +861,7 @@ char* (*f) () = getaddrinfo; #ifdef __cplusplus } #endif -int main() { +int main(void) { ; return 0; } @@ -923,7 +925,7 @@ cache=`echo $1 | sed 'y%.=/+-%___p_%'` AC_CACHE_VAL(cv_cc_deprecated_$cache, [ echo '$3' >conftest.c -echo 'void f(){ $2 }' >>conftest.c +echo 'void f(void){ $2 }' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else @@ -1317,7 +1319,7 @@ AC_DEFUN([AHX_CONFIG_W32_FD_SET_T], #ifdef HAVE_WINSOCK2_H #define FD_SET_T (u_int) #else -#define FD_SET_T +#define FD_SET_T #endif ]) @@ -1355,7 +1357,7 @@ dnl $3: define value, 1 AC_DEFUN([AHX_CONFIG_FLAG_OMITTED], [#if defined($1) && !defined($2) #define $2 $3 -[#]endif ]) +[#]endif]) dnl Wrapper for AHX_CONFIG_FLAG_OMITTED for -D style flags dnl $1: the -DNAME or -DNAME=value string. diff --git a/acx_python.m4 b/acx_python.m4 index 16c0c6fd9..c945d6c89 100644 --- a/acx_python.m4 +++ b/acx_python.m4 @@ -17,33 +17,62 @@ AC_DEFUN([AC_PYTHON_DEVEL],[ PYTHON_VERSION=`$PYTHON -c "import sys; \ print(sys.version.split()[[0]])"` fi + # calculate the version number components. + [ + v="$PYTHON_VERSION" + PYTHON_VERSION_MAJOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MAJOR"; then PYTHON_VERSION_MAJOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_MINOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MINOR"; then PYTHON_VERSION_MINOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_PATCH=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_PATCH"; then PYTHON_VERSION_PATCH="0"; fi + ] - # Check if you have sysconfig - AC_MSG_CHECKING([for the sysconfig Python module]) - if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then + # For some systems, sysconfig exists, but has the wrong paths, + # on Debian 10, for python 2.7 and 3.7. So, we check the version, + # and for older versions try distutils.sysconfig first. For newer + # versions>=3.10, where distutils.sysconfig is deprecated, use + # sysconfig first and then attempt the other one. + py_distutils_first="no" + if test $PYTHON_VERSION_MAJOR -lt 3; then + py_distutils_first="yes" + fi + if test $PYTHON_VERSION_MAJOR -eq 3 -a $PYTHON_VERSION_MINOR -lt 10; then + py_distutils_first="yes" + fi + + # Check if you have the first module + if test "$py_distutils_first" = "yes"; then m="distutils"; else m="sysconfig"; fi + sysconfig_module="" + AC_MSG_CHECKING([for the $m Python module]) + if ac_modulecheck_result1=`$PYTHON -c "import $m" 2>&1`; then AC_MSG_RESULT([yes]) - sysconfig_module="sysconfig" - # if yes, use sysconfig, because distutils is deprecated. + sysconfig_module="$m" else AC_MSG_RESULT([no]) - # if no, try to use distutils + fi - # - # Check if you have distutils, else fail - # - AC_MSG_CHECKING([for the distutils Python package]) - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + # if not found, try the other one. + if test -z "$sysconfig_module"; then + if test "$py_distutils_first" = "yes"; then m2="sysconfig"; else m2="distutils"; fi + AC_MSG_CHECKING([for the $m2 Python module]) + if ac_modulecheck_result2=`$PYTHON -c "import $m2" 2>&1`; then AC_MSG_RESULT([yes]) + sysconfig_module="$m2" else AC_MSG_RESULT([no]) - AC_MSG_ERROR([cannot import Python module "distutils". - Please check your Python installation. The error was: - $ac_distutils_result]) + AC_MSG_ERROR([cannot import Python module "$m", or "$m2". + Please check your Python installation. The errors are: + $m + $ac_modulecheck_result1 + $m2 + $ac_modulecheck_result2]) PYTHON_VERSION="" fi - - sysconfig_module="distutils.sysconfig" fi + if test "$sysconfig_module" = "distutils"; then sysconfig_module="distutils.sysconfig"; fi # # Check for Python include path diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index f10005c3d..edaa8976b 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -110,16 +110,15 @@ testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) log_err("out of memory"); return 0; } - cachedb_env->no_internal_lookup = 1; - - if(!edns_register_option(49152, + /* Register an EDNS option (65534) to bypass the worker cache lookup + * for testing */ + if(!edns_register_option(LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST, 1 /* bypass cache */, 0 /* no aggregation */, env)) { - log_err("cachedb: could not register test opcode"); + log_err("testframe_init, could not register test opcode"); free(d); return 0; } - lock_basic_init(&d->lock); lock_protect(&d->lock, d, sizeof(*d)); return 1; @@ -237,7 +236,7 @@ cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) return 1; } -int +int cachedb_init(struct module_env* env, int id) { struct cachedb_env* cachedb_env = (struct cachedb_env*)calloc(1, @@ -276,19 +275,16 @@ cachedb_init(struct module_env* env, int id) return 1; } -void +void cachedb_deinit(struct module_env* env, int id) { struct cachedb_env* cachedb_env; if(!env || !env->modinfo[id]) return; cachedb_env = (struct cachedb_env*)env->modinfo[id]; - /* free contents */ - /* TODO */ if(cachedb_env->enabled) { (*cachedb_env->backend->deinit)(env, cachedb_env); } - free(cachedb_env); env->modinfo[id] = NULL; } @@ -572,7 +568,6 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) memcpy(qstate->return_msg->rep->reason_bogus_str, ede->opt_data+2, ede_len); qstate->return_msg->rep->reason_bogus_str[ede_len] = 0; - qstate->return_msg->rep->reason_bogus_str_size = ede_len; } } @@ -588,10 +583,16 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) verbose(VERB_ALGO, "cachedb msg expired"); /* If serve-expired is enabled, we still use an expired message * setting the TTL to 0. */ - if(qstate->env->cfg->serve_expired) - adjust = -1; - else + if(!qstate->env->cfg->serve_expired || + (FLAGS_GET_RCODE(qstate->return_msg->rep->flags) + != LDNS_RCODE_NOERROR && + FLAGS_GET_RCODE(qstate->return_msg->rep->flags) + != LDNS_RCODE_NXDOMAIN && + FLAGS_GET_RCODE(qstate->return_msg->rep->flags) + != LDNS_RCODE_YXDOMAIN)) return 0; /* message expired */ + else + adjust = -1; } verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust); adjust_msg_ttl(qstate->return_msg, adjust); @@ -661,11 +662,15 @@ cachedb_extcache_store(struct module_qstate* qstate, struct cachedb_env* ie) * See if unbound's internal cache can answer the query */ static int -cachedb_intcache_lookup(struct module_qstate* qstate) +cachedb_intcache_lookup(struct module_qstate* qstate, struct cachedb_env* cde) { uint8_t* dpname=NULL; size_t dpnamelen=0; struct dns_msg* msg; + /* for testframe bypass this lookup */ + if(cde->backend == &testframe_backend) { + return 0; + } if(iter_stub_fwd_no_cache(qstate, &qstate->qinfo, &dpname, &dpnamelen)) return 0; /* no cache for these queries */ @@ -724,6 +729,7 @@ cachedb_handle_query(struct module_qstate* qstate, struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) { + qstate->is_cachedb_answer = 0; /* check if we are enabled, and skip if so */ if(!ie->enabled) { /* pass request to next module */ @@ -740,7 +746,7 @@ cachedb_handle_query(struct module_qstate* qstate, /* lookup inside unbound's internal cache. * This does not look for expired entries. */ - if(!ie->no_internal_lookup && cachedb_intcache_lookup(qstate)) { + if(cachedb_intcache_lookup(qstate, ie)) { if(verbosity >= VERB_ALGO) { if(qstate->return_msg->rep) log_dns_msg("cachedb internal cache lookup", @@ -777,6 +783,7 @@ cachedb_handle_query(struct module_qstate* qstate, qstate->ext_state[id] = module_wait_module; return; } + qstate->is_cachedb_answer = 1; /* we are done with the query */ qstate->ext_state[id] = module_finished; return; @@ -799,6 +806,7 @@ static void cachedb_handle_response(struct module_qstate* qstate, struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) { + qstate->is_cachedb_answer = 0; /* check if we are not enabled or instructed to not cache, and skip */ if(!ie->enabled || qstate->no_cache_store) { /* we are done with the query */ diff --git a/cachedb/cachedb.h b/cachedb/cachedb.h index 5b4185b33..05c4368e6 100644 --- a/cachedb/cachedb.h +++ b/cachedb/cachedb.h @@ -56,9 +56,6 @@ struct cachedb_env { /** backend specific data here */ void* backend_data; - - /** if true, the cache lookup does not look at the internal cache */ - int no_internal_lookup; }; /** diff --git a/cachedb/redis.c b/cachedb/redis.c index 16c3741f7..93a575a4c 100644 --- a/cachedb/redis.c +++ b/cachedb/redis.c @@ -56,6 +56,8 @@ struct redis_moddata { int numctxs; /* number of ctx entries */ const char* server_host; /* server's IP address or host name */ int server_port; /* server's TCP port */ + const char* server_path; /* server's unix path, or "", NULL if unused */ + const char* server_password; /* server's AUTH password, or "", NULL if unused */ struct timeval timeout; /* timeout for connection setup and commands */ }; @@ -67,8 +69,13 @@ redis_connect(const struct redis_moddata* moddata) { redisContext* ctx; - ctx = redisConnectWithTimeout(moddata->server_host, - moddata->server_port, moddata->timeout); + if(moddata->server_path && moddata->server_path[0]!=0) { + ctx = redisConnectUnixWithTimeout(moddata->server_path, + moddata->timeout); + } else { + ctx = redisConnectWithTimeout(moddata->server_host, + moddata->server_port, moddata->timeout); + } if(!ctx || ctx->err) { const char *errstr = "out of memory"; if(ctx) @@ -80,6 +87,17 @@ redis_connect(const struct redis_moddata* moddata) log_err("failed to set redis timeout"); goto fail; } + if(moddata->server_password && moddata->server_password[0]!=0) { + redisReply* rep; + rep = redisCommand(ctx, "AUTH %s", moddata->server_password); + if(!rep || rep->type == REDIS_REPLY_ERROR) { + log_err("failed to authenticate with password"); + freeReplyObject(rep); + goto fail; + } + freeReplyObject(rep); + } + verbose(VERB_OPS, "Connection to Redis established"); return ctx; fail: @@ -94,7 +112,7 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env) int i; struct redis_moddata* moddata = NULL; - verbose(VERB_ALGO, "redis_init"); + verbose(VERB_OPS, "Redis initialization"); moddata = calloc(1, sizeof(struct redis_moddata)); if(!moddata) { @@ -112,6 +130,8 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env) * we don't have to free it in this module. */ moddata->server_host = env->cfg->redis_server_host; moddata->server_port = env->cfg->redis_server_port; + moddata->server_path = env->cfg->redis_server_path; + moddata->server_password = env->cfg->redis_server_password; moddata->timeout.tv_sec = env->cfg->redis_timeout / 1000; moddata->timeout.tv_usec = (env->cfg->redis_timeout % 1000) * 1000; for(i = 0; i < moddata->numctxs; i++) @@ -154,7 +174,7 @@ redis_deinit(struct module_env* env, struct cachedb_env* cachedb_env) cachedb_env->backend_data; (void)env; - verbose(VERB_ALGO, "redis_deinit"); + verbose(VERB_OPS, "Redis deinitialization"); if(!moddata) return; diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c index 5e3b1cbbb..1ff816291 100644 --- a/compat/getentropy_solaris.c +++ b/compat/getentropy_solaris.c @@ -47,7 +47,7 @@ #define SHA512_Update SHA512Update #define SHA512_Final SHA512Final #else -#include "openssl/sha.h" +#include #endif #include diff --git a/config.h.in b/config.h.in index 2caecf30d..f31354d01 100644 --- a/config.h.in +++ b/config.h.in @@ -364,6 +364,9 @@ /* Define if we have LibreSSL */ #undef HAVE_LIBRESSL +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_NET_TSTAMP_H + /* Define to 1 if you have the `localtime_r' function. */ #undef HAVE_LOCALTIME_R @@ -1068,39 +1071,39 @@ #if defined(OMITTED__D_GNU_SOURCE) && !defined(_GNU_SOURCE) #define _GNU_SOURCE 1 -#endif +#endif #if defined(OMITTED__D_BSD_SOURCE) && !defined(_BSD_SOURCE) #define _BSD_SOURCE 1 -#endif +#endif #if defined(OMITTED__D_DEFAULT_SOURCE) && !defined(_DEFAULT_SOURCE) #define _DEFAULT_SOURCE 1 -#endif +#endif #if defined(OMITTED__D__EXTENSIONS__) && !defined(__EXTENSIONS__) #define __EXTENSIONS__ 1 -#endif +#endif #if defined(OMITTED__D_POSIX_C_SOURCE_200112) && !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112 -#endif +#endif #if defined(OMITTED__D_XOPEN_SOURCE_600) && !defined(_XOPEN_SOURCE) #define _XOPEN_SOURCE 600 -#endif +#endif #if defined(OMITTED__D_XOPEN_SOURCE_EXTENDED_1) && !defined(_XOPEN_SOURCE_EXTENDED) #define _XOPEN_SOURCE_EXTENDED 1 -#endif +#endif #if defined(OMITTED__D_ALL_SOURCE) && !defined(_ALL_SOURCE) #define _ALL_SOURCE 1 -#endif +#endif #if defined(OMITTED__D_LARGEFILE_SOURCE_1) && !defined(_LARGEFILE_SOURCE) #define _LARGEFILE_SOURCE 1 -#endif +#endif @@ -1184,7 +1187,7 @@ #endif - + #ifdef HAVE_ATTR_FORMAT # define ATTR_FORMAT(archetype, string_index, first_to_check) \ __attribute__ ((format (archetype, string_index, first_to_check))) @@ -1294,7 +1297,7 @@ void* reallocarray(void *ptr, size_t nmemb, size_t size); #ifdef HAVE_WINSOCK2_H #define FD_SET_T (u_int) #else -#define FD_SET_T +#define FD_SET_T #endif diff --git a/configure b/configure index 5823e49f2..9c9103734 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.17.1. +# Generated by GNU Autoconf 2.69 for unbound 1.17.2. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.17.1' -PACKAGE_STRING='unbound 1.17.1' +PACKAGE_VERSION='1.17.2' +PACKAGE_STRING='unbound 1.17.2' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.17.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.17.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1543,7 +1543,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.17.1:";; + short | recursive ) echo "Configuration of unbound 1.17.2:";; esac cat <<\_ACEOF @@ -1785,7 +1785,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.17.1 +unbound configure 1.17.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.17.1, which was +It was created by unbound $as_me 1.17.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=17 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=2 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=21 +LIBUNBOUND_REVISION=22 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2939,6 +2939,7 @@ LIBUNBOUND_AGE=1 # 1.16.3 had 9:19:1 # 1.17.0 had 9:20:1 # 1.17.1 had 9:21:1 +# 1.17.2 had 9:22:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -5145,7 +5146,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking $CC dependency flag" >&5 $as_echo_n "checking $CC dependency flag... " >&6; } -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then DEPFLAG="-MM" else @@ -5327,7 +5328,7 @@ echo ' #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -5348,7 +5349,7 @@ int test() { return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5418,7 +5419,7 @@ echo ' #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -5439,7 +5440,7 @@ int test() { return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5498,12 +5499,12 @@ else echo ' #include #include -int test() { +int test(void) { int a = 0; return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5562,13 +5563,13 @@ else echo ' #include -int test() { +int test(void) { int a; a = isascii(32); return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5627,13 +5628,13 @@ else echo ' #include -int test() { +int test(void) { struct in6_pktinfo inf; int a = (int)sizeof(inf); return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5695,13 +5696,13 @@ else echo ' #include -int test() { +int test(void) { int a = setresgid(0,0,0); a = setresuid(0,0,0); return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5764,7 +5765,7 @@ echo ' #endif #include -int test() { +int test(void) { int a = 0; char *t; time_t time = 0; @@ -5777,7 +5778,7 @@ int test() { return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5846,7 +5847,7 @@ echo ' #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -5859,7 +5860,7 @@ int test() { return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -6610,6 +6611,11 @@ $as_echo "no" >&6; }; fi fi +if test "$LEX" = "" -o "$LEX" = ":"; then + if test ! -f util/configlexer.c; then + as_fn_error $? "no lex and no util/configlexer.c: need flex and bison to compile from source repository." "$LINENO" 5 + fi +fi for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -6653,6 +6659,11 @@ fi done test -n "$YACC" || YACC="yacc" +if test "$YACC" = "" -o "$YACC" = ":"; then + if test ! -f util/configparser.c; then + as_fn_error $? "no yacc and no util/configparser.c: need flex and bison to compile from source repository." "$LINENO" 5 + fi +fi # Extract the first word of "doxygen", so it can be a program name with args. set dummy doxygen; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -14877,6 +14888,21 @@ fi done +# Check for Linux timestamping headers +for ac_header in linux/net_tstamp.h +do : + ac_fn_c_check_header_compile "$LINENO" "linux/net_tstamp.h" "ac_cv_header_linux_net_tstamp_h" "$ac_includes_default +" +if test "x$ac_cv_header_linux_net_tstamp_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_NET_TSTAMP_H 1 +_ACEOF + +fi + +done + + # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" @@ -15954,12 +15980,12 @@ else echo ' #include -int test() { +int test(void) { int a = fseeko(stdin, 0, 0); return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -17541,39 +17567,68 @@ fi PYTHON_VERSION=`$PYTHON -c "import sys; \ print(sys.version.split()[0])"` fi + # calculate the version number components. - # Check if you have sysconfig - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the sysconfig Python module" >&5 -$as_echo_n "checking for the sysconfig Python module... " >&6; } - if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then + v="$PYTHON_VERSION" + PYTHON_VERSION_MAJOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MAJOR"; then PYTHON_VERSION_MAJOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_MINOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MINOR"; then PYTHON_VERSION_MINOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_PATCH=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_PATCH"; then PYTHON_VERSION_PATCH="0"; fi + + + # For some systems, sysconfig exists, but has the wrong paths, + # on Debian 10, for python 2.7 and 3.7. So, we check the version, + # and for older versions try distutils.sysconfig first. For newer + # versions>=3.10, where distutils.sysconfig is deprecated, use + # sysconfig first and then attempt the other one. + py_distutils_first="no" + if test $PYTHON_VERSION_MAJOR -lt 3; then + py_distutils_first="yes" + fi + if test $PYTHON_VERSION_MAJOR -eq 3 -a $PYTHON_VERSION_MINOR -lt 10; then + py_distutils_first="yes" + fi + + # Check if you have the first module + if test "$py_distutils_first" = "yes"; then m="distutils"; else m="sysconfig"; fi + sysconfig_module="" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the $m Python module" >&5 +$as_echo_n "checking for the $m Python module... " >&6; } + if ac_modulecheck_result1=`$PYTHON -c "import $m" 2>&1`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - sysconfig_module="sysconfig" - # if yes, use sysconfig, because distutils is deprecated. + sysconfig_module="$m" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - # if no, try to use distutils + fi - # - # Check if you have distutils, else fail - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 -$as_echo_n "checking for the distutils Python package... " >&6; } - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + # if not found, try the other one. + if test -z "$sysconfig_module"; then + if test "$py_distutils_first" = "yes"; then m2="sysconfig"; else m2="distutils"; fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the $m2 Python module" >&5 +$as_echo_n "checking for the $m2 Python module... " >&6; } + if ac_modulecheck_result2=`$PYTHON -c "import $m2" 2>&1`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } + sysconfig_module="$m2" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "cannot import Python module \"distutils\". - Please check your Python installation. The error was: - $ac_distutils_result" "$LINENO" 5 + as_fn_error $? "cannot import Python module \"$m\", or \"$m2\". + Please check your Python installation. The errors are: + $m + $ac_modulecheck_result1 + $m2 + $ac_modulecheck_result2" "$LINENO" 5 PYTHON_VERSION="" fi - - sysconfig_module="distutils.sysconfig" fi + if test "$sysconfig_module" = "distutils"; then sysconfig_module="distutils.sysconfig"; fi # # Check for Python include path @@ -17705,7 +17760,14 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # if test ! -z "$PYTHON_VERSION"; then - if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then + badversion="no" + if test "$PYTHON_VERSION_MAJOR" -lt 2; then + badversion="yes" + fi + if test "$PYTHON_VERSION_MAJOR" -eq 2 -a "$PYTHON_VERSION_MINOR" -lt 4; then + badversion="yes" + fi + if test "$badversion" = "yes"; then as_fn_error $? "Python version >= 2.4.0 is required" "$LINENO" 5 fi @@ -20174,7 +20236,7 @@ char* (*f) () = getaddrinfo; #ifdef __cplusplus } #endif -int main() { +int main(void) { ; return 0; } @@ -20448,7 +20510,7 @@ echo ' #include #include ' >conftest.c -echo 'void f(){ (void)daemon(0, 0); }' >>conftest.c +echo 'void f(void){ (void)daemon(0, 0); }' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else @@ -22086,7 +22148,7 @@ _ACEOF -version=1.17.1 +version=1.17.2 date=`date +'%b %e, %Y'` @@ -22605,7 +22667,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.17.1, which was +This file was extended by unbound $as_me 1.17.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22671,7 +22733,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.17.1 +unbound config.status 1.17.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 2c7583310..86b4fbc7d 100644 --- a/configure.ac +++ b/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[17]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MICRO],[2]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=21 +LIBUNBOUND_REVISION=22 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -107,6 +107,7 @@ LIBUNBOUND_AGE=1 # 1.16.3 had 9:19:1 # 1.17.0 had 9:20:1 # 1.17.1 had 9:21:1 +# 1.17.2 had 9:22:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -156,7 +157,7 @@ esac # are we on MinGW? if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes" -else +else if echo $host | grep mingw >/dev/null; then on_mingw="yes" else on_mingw="no"; fi fi @@ -185,9 +186,9 @@ ub_conf_dir=`AS_DIRNAME(["$ub_conf_file"])` AC_SUBST(ub_conf_dir) # Determine run, chroot directory and pidfile locations -AC_ARG_WITH(run-dir, - AS_HELP_STRING([--with-run-dir=path],[set default directory to chdir to (by default dir part of cfg file)]), - UNBOUND_RUN_DIR="$withval", +AC_ARG_WITH(run-dir, + AS_HELP_STRING([--with-run-dir=path],[set default directory to chdir to (by default dir part of cfg file)]), + UNBOUND_RUN_DIR="$withval", if test $on_mingw = no; then UNBOUND_RUN_DIR=`dirname "$ub_conf_file"` else @@ -198,9 +199,9 @@ AC_SUBST(UNBOUND_RUN_DIR) ACX_ESCAPE_BACKSLASH($UNBOUND_RUN_DIR, hdr_run) AC_DEFINE_UNQUOTED(RUN_DIR, ["$hdr_run"], [Directory to chdir to]) -AC_ARG_WITH(chroot-dir, - AS_HELP_STRING([--with-chroot-dir=path],[set default directory to chroot to (by default same as run-dir)]), - UNBOUND_CHROOT_DIR="$withval", +AC_ARG_WITH(chroot-dir, + AS_HELP_STRING([--with-chroot-dir=path],[set default directory to chroot to (by default same as run-dir)]), + UNBOUND_CHROOT_DIR="$withval", if test $on_mingw = no; then UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR" else @@ -218,9 +219,9 @@ AC_ARG_WITH(share-dir, AC_SUBST(UNBOUND_SHARE_DIR) AC_DEFINE_UNQUOTED(SHARE_DIR, ["$UNBOUND_SHARE_DIR"], [Shared data]) -AC_ARG_WITH(pidfile, - AS_HELP_STRING([--with-pidfile=filename],[set default pathname to unbound pidfile (default run-dir/unbound.pid)]), - UNBOUND_PIDFILE="$withval", +AC_ARG_WITH(pidfile, + AS_HELP_STRING([--with-pidfile=filename],[set default pathname to unbound pidfile (default run-dir/unbound.pid)]), + UNBOUND_PIDFILE="$withval", if test $on_mingw = no; then UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid" else @@ -231,9 +232,9 @@ AC_SUBST(UNBOUND_PIDFILE) ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid) AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location]) -AC_ARG_WITH(rootkey-file, - AS_HELP_STRING([--with-rootkey-file=filename],[set default pathname to root key file (default run-dir/root.key). This file is read and written.]), - UNBOUND_ROOTKEY_FILE="$withval", +AC_ARG_WITH(rootkey-file, + AS_HELP_STRING([--with-rootkey-file=filename],[set default pathname to root key file (default run-dir/root.key). This file is read and written.]), + UNBOUND_ROOTKEY_FILE="$withval", if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else @@ -244,9 +245,9 @@ AC_SUBST(UNBOUND_ROOTKEY_FILE) ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey) AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location]) -AC_ARG_WITH(rootcert-file, - AS_HELP_STRING([--with-rootcert-file=filename],[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), - UNBOUND_ROOTCERT_FILE="$withval", +AC_ARG_WITH(rootcert-file, + AS_HELP_STRING([--with-rootcert-file=filename],[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), + UNBOUND_ROOTCERT_FILE="$withval", if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else @@ -257,9 +258,9 @@ AC_SUBST(UNBOUND_ROOTCERT_FILE) ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem) AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location]) -AC_ARG_WITH(username, - AS_HELP_STRING([--with-username=user],[set default user that unbound changes to (default user is unbound)]), - UNBOUND_USERNAME="$withval", +AC_ARG_WITH(username, + AS_HELP_STRING([--with-username=user],[set default user that unbound changes to (default user is unbound)]), + UNBOUND_USERNAME="$withval", UNBOUND_USERNAME="unbound") AC_SUBST(UNBOUND_USERNAME) AC_DEFINE_UNQUOTED(UB_USERNAME, ["$UNBOUND_USERNAME"], [default username]) @@ -285,7 +286,7 @@ ACX_DETERMINE_EXT_FLAGS_UNBOUND # debug mode flags warnings AC_ARG_ENABLE(checking, AS_HELP_STRING([--enable-checking],[Enable warnings, asserts, makefile-dependencies])) AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[same as enable-checking])) -if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug"; +if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug"; else debug_enabled="$enable_checking"; fi AC_SUBST(debug_enabled) case "$debug_enabled" in @@ -388,7 +389,17 @@ fi if test "$LEX" != "" -a "$LEX" != ":"; then ACX_YYLEX_OPTION fi +if test "$LEX" = "" -o "$LEX" = ":"; then + if test ! -f util/configlexer.c; then + AC_MSG_ERROR([no lex and no util/configlexer.c: need flex and bison to compile from source repository.]) + fi +fi AC_PROG_YACC +if test "$YACC" = "" -o "$YACC" = ":"; then + if test ! -f util/configparser.c; then + AC_MSG_ERROR([no yacc and no util/configparser.c: need flex and bison to compile from source repository.]) + fi +fi AC_CHECK_PROG(doxygen, doxygen, doxygen) AC_CHECK_TOOL(STRIP, strip) ACX_LIBTOOL_C_ONLY @@ -453,6 +464,9 @@ AC_CHECK_HEADERS([netioapi.h],,, [AC_INCLUDES_DEFAULT #endif ]) +# Check for Linux timestamping headers +AC_CHECK_HEADERS([linux/net_tstamp.h],,, [AC_INCLUDES_DEFAULT]) + # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. AC_CHECK_TYPE(int8_t, signed char) @@ -548,11 +562,11 @@ sinclude(systemd.m4) # Include systemd.m4 - end # set memory allocation checking if requested -AC_ARG_ENABLE(alloc-checks, AS_HELP_STRING([--enable-alloc-checks],[ enable to memory allocation statistics, for debug purposes ]), +AC_ARG_ENABLE(alloc-checks, AS_HELP_STRING([--enable-alloc-checks],[ enable to memory allocation statistics, for debug purposes ]), , ) -AC_ARG_ENABLE(alloc-lite, AS_HELP_STRING([--enable-alloc-lite],[ enable for lightweight alloc assertions, for debug purposes ]), +AC_ARG_ENABLE(alloc-lite, AS_HELP_STRING([--enable-alloc-lite],[ enable for lightweight alloc assertions, for debug purposes ]), , ) -AC_ARG_ENABLE(alloc-nonregional, AS_HELP_STRING([--enable-alloc-nonregional],[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), +AC_ARG_ENABLE(alloc-nonregional, AS_HELP_STRING([--enable-alloc-nonregional],[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), , ) if test x_$enable_alloc_nonregional = x_yes; then AC_DEFINE(UNBOUND_ALLOC_NONREGIONAL, 1, [use malloc not regions, for debug use]) @@ -585,7 +599,7 @@ if test "$on_mingw" = "yes"; then ])], AC_MSG_RESULT(yes) AC_DEFINE(HAVE_WINDOWS_THREADS, 1, [Using Windows threads]) -, +, AC_MSG_RESULT(no) ) @@ -596,7 +610,7 @@ else # check this first, so that the pthread lib does not get linked in via # libssl or libpython, and thus distorts the tests, and we end up using # the non-threadsafe C libraries. -AC_ARG_WITH(pthreads, AS_HELP_STRING([--with-pthreads],[use pthreads library, or --without-pthreads to disable threading support.]), +AC_ARG_WITH(pthreads, AS_HELP_STRING([--with-pthreads],[use pthreads library, or --without-pthreads to disable threading support.]), [ ],[ withval="yes" ]) ub_have_pthreads=no if test x_$withval != x_no; then @@ -623,7 +637,7 @@ int main(void) {return 0;} # first compile echo "$CC $CFLAGS -c conftest.c -o conftest.o" >&AS_MESSAGE_LOG_FD $CC $CFLAGS -c conftest.c -o conftest.o 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD - if test $? = 0; then + if test $? = 0; then # then link echo "$CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest contest.o" >&AS_MESSAGE_LOG_FD $CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest conftest.o 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD @@ -644,7 +658,7 @@ int main(void) {return 0;} ]) fi -# check solaris thread library +# check solaris thread library AC_ARG_WITH(solaris-threads, AS_HELP_STRING([--with-solaris-threads],[use solaris native thread library.]), [ ],[ withval="no" ]) ub_have_sol_threads=no if test x_$withval != x_no; then @@ -658,8 +672,8 @@ if test x_$withval != x_no; then ACX_CHECK_COMPILER_FLAG(mt, [CFLAGS="$CFLAGS -mt"], [CFLAGS="$CFLAGS -D_REENTRANT"]) ub_have_sol_threads=yes - ] , [ - AC_MSG_ERROR([no solaris threads found.]) + ] , [ + AC_MSG_ERROR([no solaris threads found.]) ]) fi fi @@ -734,7 +748,14 @@ if test x_$ub_test_python != x_no; then ac_save_LIBS="$LIBS" dnl otherwise AC_PYTHON_DEVEL thrashes $LIBS AC_PYTHON_DEVEL if test ! -z "$PYTHON_VERSION"; then - if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then + badversion="no" + if test "$PYTHON_VERSION_MAJOR" -lt 2; then + badversion="yes" + fi + if test "$PYTHON_VERSION_MAJOR" -eq 2 -a "$PYTHON_VERSION_MINOR" -lt 4; then + badversion="yes" + fi + if test "$badversion" = "yes"; then AC_MSG_ERROR([Python version >= 2.4.0 is required]) fi @@ -1085,7 +1106,7 @@ int load_gost_id(void) EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); return gost_id; } -int main(void) { +int main(void) { EVP_MD_CTX* ctx; const EVP_MD* md; unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */ @@ -1529,7 +1550,7 @@ if test x_$enable_fully_static = x_yes; then fi # set lock checking if requested -AC_ARG_ENABLE(lock_checks, AS_HELP_STRING([--enable-lock-checks],[ enable to check lock and unlock calls, for debug purposes ]), +AC_ARG_ENABLE(lock_checks, AS_HELP_STRING([--enable-lock-checks],[ enable to check lock and unlock calls, for debug purposes ]), , ) if test x_$enable_lock_checks = x_yes; then AC_DEFINE(ENABLE_LOCK_CHECKS, 1, [Define if you want to use debug lock checking (slow).]) @@ -1980,11 +2001,11 @@ AC_ARG_WITH(libunbound-only, AS_HELP_STRING([--with-libunbound-only],[do not bui fi ]) if test $ALLTARGET = "alltargets"; then - if test $USE_NSS = "yes"; then - AC_MSG_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) + if test $USE_NSS = "yes"; then + AC_MSG_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) fi if test $USE_NETTLE = "yes"; then - AC_MSG_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) + AC_MSG_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) fi fi @@ -1995,7 +2016,7 @@ ACX_STRIP_EXT_FLAGS if test -n "$LATE_LDFLAGS"; then LDFLAGS="$LATE_LDFLAGS $LDFLAGS" fi -# remove start spaces +# remove start spaces LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'` LIBS=`echo "$LIBS"|sed -e 's/^ *//'` diff --git a/contrib/Dockerfile.tests b/contrib/Dockerfile.tests index 417daccb2..4d1321021 100644 --- a/contrib/Dockerfile.tests +++ b/contrib/Dockerfile.tests @@ -1,10 +1,8 @@ FROM gcc:latest WORKDIR /usr/src/unbound -RUN apt-get update # install semantic parser & lexical analyzer -RUN apt-get install -y bison flex # install packages used in tests -RUN apt-get install -y ldnsutils dnsutils xxd splint doxygen netcat +RUN apt-get update && apt-get install -y bison flex ldnsutils dnsutils xxd splint doxygen netcat-openbsd # accept short rsa keys, which are used in tests RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf diff --git a/contrib/README b/contrib/README index ef2a0ab88..2427a0294 100644 --- a/contrib/README +++ b/contrib/README @@ -55,3 +55,6 @@ distribution but may be helpful. contributed by Andreas Schulze. * metrics.awk: awk script that can convert unbound-control stats to Prometheus metrics format output. +* unbound.init_yocto: An init script to start and stop the server. Put it + in /etc/init.d/unbound to use it. It is for the Yocto Project, in + embedded systems, contributed by beni-sandu. diff --git a/contrib/aaaa-filter-iterator.patch b/contrib/aaaa-filter-iterator.patch index 551313372..cb6dabc44 100644 --- a/contrib/aaaa-filter-iterator.patch +++ b/contrib/aaaa-filter-iterator.patch @@ -105,9 +105,9 @@ index 2482a1f4..bd5ba243 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -177,6 +177,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) - iter_env->supports_ipv6 = cfg->do_ip6; - iter_env->supports_ipv4 = cfg->do_ip4; iter_env->outbound_msg_retry = cfg->outbound_msg_retry; + iter_env->max_sent_count = cfg->max_sent_count; + iter_env->max_query_restarts = cfg->max_query_restarts; + iter_env->aaaa_filter = cfg->aaaa_filter; return 1; } diff --git a/contrib/unbound.init_yocto b/contrib/unbound.init_yocto new file mode 100644 index 000000000..4eba752bc --- /dev/null +++ b/contrib/unbound.init_yocto @@ -0,0 +1,139 @@ +#!/bin/sh +# +# unbound This shell script takes care of starting and stopping +# unbound (DNS server). +# +# chkconfig: - 14 86 +# description: unbound is a Domain Name Server (DNS) \ +# that is used to resolve host names to IP addresses. + +### BEGIN INIT INFO +# Provides: $named unbound +# Required-Start: $network $local_fs +# Required-Stop: $network $local_fs +# Should-Start: $syslog +# Should-Stop: $syslog +# Short-Description: unbound recursive Domain Name Server. +# Description: unbound is a Domain Name Server (DNS) +# that is used to resolve host names to IP addresses. +### END INIT INFO + +# Source function library. +. /etc/init.d/functions + +exec="/usr/sbin/unbound" +prog="unbound" +config="/etc/unbound/unbound.conf" +pidfile="/var/unbound/unbound.pid" +rootdir="/var/unbound" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + + # setup root jail + if [ -s /etc/localtime ]; then + [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; + if [ ! -e ${rootdir}/etc/localtime ] || ! /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then + cp -fp /etc/localtime ${rootdir}/etc/localtime + fi; + fi; + if [ -s /etc/resolv.conf ]; then + [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; + if [ ! -e ${rootdir}/etc/resolv.conf ] || ! /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then + cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf + fi; + fi; + if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then + [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; + [ -e ${rootdir}/dev/log ] || touch ${rootdir}/dev/log + mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; + fi; + if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then + [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; + [ -e ${rootdir}/dev/random ] || touch ${rootdir}/dev/random + mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; + fi; + + # if not running, start it up here + daemonize $exec + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + # stop it here, often "killproc $prog" + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then + umount ${rootdir}/dev/log >/dev/null 2>&1 + fi; + if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then + umount ${rootdir}/dev/random >/dev/null 2>&1 + fi; + return $retval +} + +restart() { + stop + start +} + +reload() { + kill -HUP `cat $pidfile` +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status -p $pidfile >/dev/null 2>&1 +} + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index ada5fac9c..5a05c5251 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -42,9 +42,8 @@ [Unit] Description=Validating, recursive, and caching DNS resolver Documentation=man:unbound(8) -After=network-online.target -Before=nss-lookup.target -Wants=network-online.target nss-lookup.target +After=network.target +Before=network-online.target nss-lookup.target [Install] WantedBy=multi-user.target diff --git a/daemon/cachedump.c b/daemon/cachedump.c index baf8008ea..61ee1d291 100644 --- a/daemon/cachedump.c +++ b/daemon/cachedump.c @@ -166,8 +166,7 @@ dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k) /** dump message entry */ static int -dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, - time_t now) +dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, time_t now) { size_t i; char* nm, *tp, *cl; @@ -192,13 +191,15 @@ dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, } /* meta line */ - if(!ssl_printf(ssl, "msg %s %s %s %d %d " ARG_LL "d %d %u %u %u\n", + if(!ssl_printf(ssl, "msg %s %s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n", nm, cl, tp, (int)d->flags, (int)d->qdcount, (long long)(d->ttl-now), (int)d->security, - (unsigned)d->an_numrrsets, + (unsigned)d->an_numrrsets, (unsigned)d->ns_numrrsets, - (unsigned)d->ar_numrrsets)) { + (unsigned)d->ar_numrrsets, + (int)d->reason_bogus, + d->reason_bogus_str?d->reason_bogus_str:"")) { free(nm); free(tp); free(cl); @@ -387,7 +388,7 @@ move_into_cache(struct ub_packed_rrset_key* k, struct rrset_ref ref; uint8_t* p; - ak = alloc_special_obtain(&worker->alloc); + ak = alloc_special_obtain(worker->alloc); if(!ak) { log_warn("error out of memory"); return 0; @@ -398,7 +399,7 @@ move_into_cache(struct ub_packed_rrset_key* k, ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len); if(!ak->rk.dname) { log_warn("error out of memory"); - ub_packed_rrset_parsedelete(ak, &worker->alloc); + ub_packed_rrset_parsedelete(ak, worker->alloc); return 0; } s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) + @@ -408,7 +409,7 @@ move_into_cache(struct ub_packed_rrset_key* k, ad = (struct packed_rrset_data*)malloc(s); if(!ad) { log_warn("error out of memory"); - ub_packed_rrset_parsedelete(ak, &worker->alloc); + ub_packed_rrset_parsedelete(ak, worker->alloc); return 0; } p = (uint8_t*)ad; @@ -431,7 +432,8 @@ move_into_cache(struct ub_packed_rrset_key* k, ref.key = ak; ref.id = ak->id; (void)rrset_cache_update(worker->env.rrset_cache, &ref, - &worker->alloc, *worker->env.now); + worker->alloc, *worker->env.now); + return 1; } @@ -632,6 +634,9 @@ load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker) long long ttl; size_t i; int go_on = 1; + int ede; + int consumed = 0; + char* ede_str = NULL; regional_free_all(region); @@ -646,11 +651,16 @@ load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker) } /* read remainder of line */ - if(sscanf(s, " %u %u " ARG_LL "d %u %u %u %u", &flags, &qdcount, &ttl, - &security, &an, &ns, &ar) != 7) { + /* note the last space before any possible EDE text */ + if(sscanf(s, " %u %u " ARG_LL "d %u %u %u %u %d %n", &flags, &qdcount, &ttl, + &security, &an, &ns, &ar, &ede, &consumed) != 8) { log_warn("error cannot parse numbers: %s", s); return 0; } + /* there may be EDE text after the numbers */ + if(consumed > 0 && (size_t)consumed < strlen(s)) + ede_str = s + consumed; + memset(&rep, 0, sizeof(rep)); rep.flags = (uint16_t)flags; rep.qdcount = (uint16_t)qdcount; rep.ttl = (time_t)ttl; @@ -665,6 +675,8 @@ load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker) rep.ns_numrrsets = (size_t)ns; rep.ar_numrrsets = (size_t)ar; rep.rrset_count = (size_t)an+(size_t)ns+(size_t)ar; + rep.reason_bogus = (sldns_ede_code)ede; + rep.reason_bogus_str = ede_str?(char*)regional_strdup(region, ede_str):NULL; rep.rrsets = (struct ub_packed_rrset_key**)regional_alloc_zero( region, sizeof(struct ub_packed_rrset_key*)*rep.rrset_count); @@ -859,7 +871,8 @@ int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm, /* go up? */ if(iter_dp_is_useless(&qinfo, BIT_RD, dp, (worker->env.cfg->do_ip4 && worker->back->num_ip4 != 0), - (worker->env.cfg->do_ip6 && worker->back->num_ip6 != 0))) { + (worker->env.cfg->do_ip6 && worker->back->num_ip6 != 0), + worker->env.cfg->do_nat64)) { print_dp_main(ssl, dp, msg); print_dp_details(ssl, worker, dp); if(!ssl_printf(ssl, "cache delegation was " diff --git a/daemon/daemon.c b/daemon/daemon.c index 71091133a..193608d40 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -488,6 +488,27 @@ static int daemon_get_shufport(struct daemon* daemon, int* shufport) return avail; } +/** + * Clear and delete per-worker alloc caches, and free memory maintained in + * superalloc. + * The rrset and message caches must be empty at the time of call. + * @param daemon: the daemon that maintains the alloc caches to be cleared. + */ +static void +daemon_clear_allocs(struct daemon* daemon) +{ + int i; + + for(i=0; inum; i++) { + alloc_clear(daemon->worker_allocs[i]); + free(daemon->worker_allocs[i]); + } + free(daemon->worker_allocs); + daemon->worker_allocs = NULL; + + alloc_clear_special(&daemon->superalloc); +} + /** * Allocate empty worker structures. With backptr and thread-number, * from 0..numthread initialised. Used as user arguments to new threads. @@ -540,6 +561,21 @@ daemon_create_workers(struct daemon* daemon) /* the above is not ports/numthr, due to rounding */ fatal_exit("could not create worker"); } + /* create per-worker alloc caches if not reusing existing ones. */ + if(!daemon->worker_allocs) { + daemon->worker_allocs = (struct alloc_cache**)calloc( + (size_t)daemon->num, sizeof(struct alloc_cache*)); + if(!daemon->worker_allocs) + fatal_exit("could not allocate worker allocs"); + for(i=0; inum; i++) { + struct alloc_cache* alloc = calloc(1, + sizeof(struct alloc_cache)); + if (!alloc) + fatal_exit("could not allocate worker alloc"); + alloc_init(alloc, &daemon->superalloc, i); + daemon->worker_allocs[i] = alloc; + } + } free(shufport); } @@ -771,6 +807,7 @@ daemon_fork(struct daemon* daemon) /* Shutdown SHM */ shm_main_shutdown(daemon); + daemon->reuse_cache = daemon->workers[0]->reuse_cache; daemon->need_to_exit = daemon->workers[0]->need_to_exit; } @@ -785,9 +822,16 @@ daemon_cleanup(struct daemon* daemon) log_thread_set(NULL); /* clean up caches because * a) RRset IDs will be recycled after a reload, causing collisions - * b) validation config can change, thus rrset, msg, keycache clear */ - slabhash_clear(&daemon->env->rrset_cache->table); - slabhash_clear(daemon->env->msg_cache); + * b) validation config can change, thus rrset, msg, keycache clear + * + * If we are trying to keep the cache as long as possible, we should + * defer the cleanup until we know whether the new configuration allows + * the reuse. (If we're exiting, cleanup should be done here). */ + if(!daemon->reuse_cache || daemon->need_to_exit) { + slabhash_clear(&daemon->env->rrset_cache->table); + slabhash_clear(daemon->env->msg_cache); + } + daemon->old_num = daemon->num; /* save the current num */ local_zones_delete(daemon->local_zones); daemon->local_zones = NULL; respip_set_delete(daemon->respip_set); @@ -802,8 +846,13 @@ daemon_cleanup(struct daemon* daemon) worker_delete(daemon->workers[i]); free(daemon->workers); daemon->workers = NULL; + /* Unless we're trying to keep the cache, worker alloc_caches should be + * cleared and freed here. We do this after deleting workers to + * guarantee that the alloc caches are valid throughout the lifetime + * of workers. */ + if(!daemon->reuse_cache || daemon->need_to_exit) + daemon_clear_allocs(daemon); daemon->num = 0; - alloc_clear_special(&daemon->superalloc); #ifdef USE_DNSTAP dt_delete(daemon->dtenv); daemon->dtenv = NULL; @@ -900,8 +949,42 @@ daemon_delete(struct daemon* daemon) void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg) { + int new_num = cfg->num_threads?cfg->num_threads:1; + daemon->cfg = cfg; config_apply(cfg); + + /* If this is a reload and we deferred the decision on whether to + * reuse the alloc, RRset, and message caches, then check to see if + * it's safe to keep the caches: + * - changing the number of threads is obviously incompatible with + * keeping the per-thread alloc caches. It also means we have to + * clear RRset and message caches. (note that 'new_num' may be + * adjusted in daemon_create_workers, but for our purpose we can + * simply compare it with 'old_num'; if they are equal here, + * 'new_num' won't be adjusted to a different value than 'old_num'). + * - changing RRset cache size effectively clears any remaining cache + * entries. We could keep their keys in alloc caches, but it would + * be more consistent with the sense of the change to clear allocs + * and free memory. To do so we also have to clear message cache. + * - only changing message cache size does not necessarily affect + * RRset or alloc cache. But almost all new subsequent queries will + * require recursive resolution anyway, so it doesn't help much to + * just keep RRset and alloc caches. For simplicity we clear/free + * the other two, too. */ + if(daemon->worker_allocs && + (new_num != daemon->old_num || + !slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, + cfg->msg_cache_slabs) || + !slabhash_is_size(&daemon->env->rrset_cache->table, + cfg->rrset_cache_size, cfg->rrset_cache_slabs))) + { + log_warn("cannot reuse caches due to critical config change"); + slabhash_clear(&daemon->env->rrset_cache->table); + slabhash_clear(daemon->env->msg_cache); + daemon_clear_allocs(daemon); + } + if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, cfg->msg_cache_slabs)) { slabhash_delete(daemon->env->msg_cache); diff --git a/daemon/daemon.h b/daemon/daemon.h index 58713e9ce..57665446d 100644 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@ -99,8 +99,12 @@ struct daemon { void* listen_sslctx, *connect_sslctx; /** num threads allocated */ int num; + /** num threads allocated in the previous config or 0 at first */ + int old_num; /** the worker entries */ struct worker** workers; + /** per-worker allocation cache */ + struct alloc_cache **worker_allocs; /** do we need to exit unbound (or is it only a reload?) */ int need_to_exit; /** master random table ; used for port div between threads on reload*/ @@ -140,6 +144,8 @@ struct daemon { /** the dnscrypt environment */ struct dnsc_env* dnscenv; #endif + /** reuse existing cache on reload if other conditions allow it. */ + int reuse_cache; }; /** diff --git a/daemon/remote.c b/daemon/remote.c index 7d4a41400..c7bfa4e12 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -4,22 +4,22 @@ * Copyright (c) 2008, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -38,7 +38,7 @@ * * This file contains the remote control functionality for the daemon. * The remote control can be performed using either the commandline - * unbound-control tool, or a TLS capable web browser. + * unbound-control tool, or a TLS capable web browser. * The channel is secured using TLSv1, and certificates. * Both the server and the client(control tool) have their own keys. */ @@ -87,6 +87,7 @@ #include "sldns/parseutil.h" #include "sldns/wire2str.h" #include "sldns/sbuffer.h" +#include "util/timeval_func.h" #ifdef HAVE_SYS_TYPES_H # include @@ -105,49 +106,6 @@ /** what to put on statistics lines between var and value, ": " or "=" */ #define SQ "=" -/** if true, inhibits a lot of =0 lines from the stats output */ -static const int inhibit_zero = 1; - -/** subtract timers and the values do not overflow or become negative */ -static void -timeval_subtract(struct timeval* d, const struct timeval* end, - const struct timeval* start) -{ -#ifndef S_SPLINT_S - time_t end_usec = end->tv_usec; - d->tv_sec = end->tv_sec - start->tv_sec; - if(end_usec < start->tv_usec) { - end_usec += 1000000; - d->tv_sec--; - } - d->tv_usec = end_usec - start->tv_usec; -#endif -} - -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d <= 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - if(leftover <= 0) - leftover = 0; - avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; - if(avg->tv_sec < 0) - avg->tv_sec = 0; - if(avg->tv_usec < 0) - avg->tv_usec = 0; -#endif -} static int remote_setup_ctx(struct daemon_remote* rc, struct config_file* cfg) @@ -203,7 +161,7 @@ remote_setup_ctx(struct daemon_remote* rc, struct config_file* cfg) struct daemon_remote* daemon_remote_create(struct config_file* cfg) { - struct daemon_remote* rc = (struct daemon_remote*)calloc(1, + struct daemon_remote* rc = (struct daemon_remote*)calloc(1, sizeof(*rc)); if(!rc) { log_err("out of memory in daemon_remote_create"); @@ -412,7 +370,7 @@ accept_open(struct daemon_remote* rc, int fd) n->next = rc->accept_list; rc->accept_list = n; /* open commpt */ - n->com = comm_point_create_raw(rc->worker->base, fd, 0, + n->com = comm_point_create_raw(rc->worker->base, fd, 0, &remote_accept_callback, rc); if(!n->com) return 0; @@ -421,7 +379,7 @@ accept_open(struct daemon_remote* rc, int fd) return 1; } -int daemon_remote_open_accept(struct daemon_remote* rc, +int daemon_remote_open_accept(struct daemon_remote* rc, struct listen_port* ports, struct worker* worker) { struct listen_port* p; @@ -439,7 +397,7 @@ void daemon_remote_stop_accept(struct daemon_remote* rc) { struct listen_list* p; for(p=rc->accept_list; p; p=p->next) { - comm_point_stop_listening(p->com); + comm_point_stop_listening(p->com); } } @@ -447,11 +405,11 @@ void daemon_remote_start_accept(struct daemon_remote* rc) { struct listen_list* p; for(p=rc->accept_list; p; p=p->next) { - comm_point_start_listening(p->com, -1, -1); + comm_point_start_listening(p->com, -1, -1); } } -int remote_accept_callback(struct comm_point* c, void* arg, int err, +int remote_accept_callback(struct comm_point* c, void* arg, int err, struct comm_reply* ATTR_UNUSED(rep)) { struct daemon_remote* rc = (struct daemon_remote*)arg; @@ -483,7 +441,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, } n->fd = newfd; /* start in reading state */ - n->c = comm_point_create_raw(rc->worker->base, newfd, 0, + n->c = comm_point_create_raw(rc->worker->base, newfd, 0, &remote_control_callback, n); if(!n->c) { log_err("out of memory"); @@ -523,7 +481,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, rc->busy_list = n; rc->active ++; - /* perform the first nonblocking read already, for windows, + /* perform the first nonblocking read already, for windows, * so it can return wouldblock. could be faster too. */ (void)remote_control_callback(n->c, n, NETEVENT_NOERROR, NULL); return 0; @@ -560,7 +518,7 @@ int ssl_print_text(RES* res, const char* text) { int r; - if(!res) + if(!res) return 0; if(res->ssl) { ERR_clear_error(); @@ -662,7 +620,7 @@ static char* skipwhite(char* str) { /* EOS \0 is not a space */ - while( isspace((unsigned char)*str) ) + while( isspace((unsigned char)*str) ) str++; return str; } @@ -684,8 +642,9 @@ do_stop(RES* ssl, struct worker* worker) /** do the reload command */ static void -do_reload(RES* ssl, struct worker* worker) +do_reload(RES* ssl, struct worker* worker, int reuse_cache) { + worker->reuse_cache = reuse_cache; worker->need_to_exit = 0; comm_base_exit(worker->base); send_ok(ssl); @@ -709,20 +668,24 @@ static int print_stats(RES* ssl, const char* nm, struct ub_stats_info* s) { struct timeval sumwait, avg; - if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm, + if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries)) return 0; if(!ssl_printf(ssl, "%s.num.queries_ip_ratelimited"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries_ip_ratelimited)) return 0; - if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm, - (unsigned long)(s->svr.num_queries + if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm, + (unsigned long)(s->svr.num_queries - s->svr.num_queries_missed_cache))) return 0; - if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm, + if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries_missed_cache)) return 0; - if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm, + if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries_prefetch)) return 0; + if(!ssl_printf(ssl, "%s.num.queries_timed_out"SQ"%lu\n", nm, + (unsigned long)s->svr.num_queries_timed_out)) return 0; + if(!ssl_printf(ssl, "%s.query.queue_time_us.max"SQ"%lu\n", nm, + (unsigned long)s->svr.max_query_time_us)) return 0; if(!ssl_printf(ssl, "%s.num.expired"SQ"%lu\n", nm, (unsigned long)s->svr.ans_expired)) return 0; - if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, + if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, (unsigned long)s->mesh_replies_sent)) return 0; #ifdef USE_DNSCRYPT if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm, @@ -756,7 +719,7 @@ print_stats(RES* ssl, const char* nm, struct ub_stats_info* s) timeval_divide(&avg, &sumwait, s->mesh_replies_sent); if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm, (long long)avg.tv_sec, (int)avg.tv_usec)) return 0; - if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm, + if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median)) return 0; if(!ssl_printf(ssl, "%s.tcpusage"SQ"%lu\n", nm, (unsigned long)s->svr.tcp_accept_usage)) return 0; @@ -781,7 +744,7 @@ print_longnum(RES* ssl, const char* desc, size_t x) /* more than a Gb */ size_t front = x / (size_t)1000000; size_t back = x % (size_t)1000000; - return ssl_printf(ssl, "%s%u%6.6u\n", desc, + return ssl_printf(ssl, "%s%u%6.6u\n", desc, (unsigned)front, (unsigned)back); } else { return ssl_printf(ssl, "%s%lu\n", desc, (unsigned long)x); @@ -881,11 +844,11 @@ print_uptime(RES* ssl, struct worker* worker, int reset) timeval_subtract(&dt, &now, &worker->daemon->time_last_stat); if(reset) worker->daemon->time_last_stat = now; - if(!ssl_printf(ssl, "time.now"SQ ARG_LL "d.%6.6d\n", + if(!ssl_printf(ssl, "time.now"SQ ARG_LL "d.%6.6d\n", (long long)now.tv_sec, (unsigned)now.tv_usec)) return 0; - if(!ssl_printf(ssl, "time.up"SQ ARG_LL "d.%6.6d\n", + if(!ssl_printf(ssl, "time.up"SQ ARG_LL "d.%6.6d\n", (long long)up.tv_sec, (unsigned)up.tv_usec)) return 0; - if(!ssl_printf(ssl, "time.elapsed"SQ ARG_LL "d.%6.6d\n", + if(!ssl_printf(ssl, "time.elapsed"SQ ARG_LL "d.%6.6d\n", (long long)dt.tv_sec, (unsigned)dt.tv_usec)) return 0; return 1; } @@ -903,7 +866,7 @@ print_hist(RES* ssl, struct ub_stats_info* s) } timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST); for(i=0; inum; i++) { - if(!ssl_printf(ssl, + if(!ssl_printf(ssl, "histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n", (int)hist->buckets[i].lower.tv_sec, (int)hist->buckets[i].lower.tv_usec, @@ -920,7 +883,7 @@ print_hist(RES* ssl, struct ub_stats_info* s) /** print extended stats */ static int -print_ext(RES* ssl, struct ub_stats_info* s) +print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero) { int i; char nm[32]; @@ -946,11 +909,11 @@ print_ext(RES* ssl, struct ub_stats_info* s) } else { snprintf(nm, sizeof(nm), "TYPE%d", i); } - if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n", nm, (unsigned long)s->svr.qtype[i])) return 0; } if(!inhibit_zero || s->svr.qtype_big) { - if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n", (unsigned long)s->svr.qtype_big)) return 0; } /* CLASS */ @@ -963,11 +926,11 @@ print_ext(RES* ssl, struct ub_stats_info* s) } else { snprintf(nm, sizeof(nm), "CLASS%d", i); } - if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n", nm, (unsigned long)s->svr.qclass[i])) return 0; } if(!inhibit_zero || s->svr.qclass_big) { - if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n", (unsigned long)s->svr.qclass_big)) return 0; } /* OPCODE */ @@ -980,44 +943,44 @@ print_ext(RES* ssl, struct ub_stats_info* s) } else { snprintf(nm, sizeof(nm), "OPCODE%d", i); } - if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n", nm, (unsigned long)s->svr.qopcode[i])) return 0; } /* transport */ - if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n", (unsigned long)s->svr.qtcp)) return 0; - if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n", (unsigned long)s->svr.qtcp_outgoing)) return 0; if(!ssl_printf(ssl, "num.query.udpout"SQ"%lu\n", (unsigned long)s->svr.qudp_outgoing)) return 0; - if(!ssl_printf(ssl, "num.query.tls"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.tls"SQ"%lu\n", (unsigned long)s->svr.qtls)) return 0; - if(!ssl_printf(ssl, "num.query.tls.resume"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.tls.resume"SQ"%lu\n", (unsigned long)s->svr.qtls_resume)) return 0; - if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n", (unsigned long)s->svr.qipv6)) return 0; if(!ssl_printf(ssl, "num.query.https"SQ"%lu\n", (unsigned long)s->svr.qhttps)) return 0; /* flags */ - if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n", (unsigned long)s->svr.qbit_QR)) return 0; - if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n", (unsigned long)s->svr.qbit_AA)) return 0; - if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n", (unsigned long)s->svr.qbit_TC)) return 0; - if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n", (unsigned long)s->svr.qbit_RD)) return 0; - if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n", (unsigned long)s->svr.qbit_RA)) return 0; - if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n", (unsigned long)s->svr.qbit_Z)) return 0; - if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n", (unsigned long)s->svr.qbit_AD)) return 0; - if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n", (unsigned long)s->svr.qbit_CD)) return 0; - if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n", (unsigned long)s->svr.qEDNS)) return 0; - if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n", (unsigned long)s->svr.qEDNS_DO)) return 0; /* RCODE */ @@ -1031,31 +994,31 @@ print_ext(RES* ssl, struct ub_stats_info* s) } else { snprintf(nm, sizeof(nm), "RCODE%d", i); } - if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n", + if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n", nm, (unsigned long)s->svr.ans_rcode[i])) return 0; } if(!inhibit_zero || s->svr.ans_rcode_nodata) { - if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n", + if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n", (unsigned long)s->svr.ans_rcode_nodata)) return 0; } /* iteration */ - if(!ssl_printf(ssl, "num.query.ratelimited"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.ratelimited"SQ"%lu\n", (unsigned long)s->svr.queries_ratelimited)) return 0; /* validation */ - if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n", + if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n", (unsigned long)s->svr.ans_secure)) return 0; - if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n", + if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n", (unsigned long)s->svr.ans_bogus)) return 0; - if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n", + if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n", (unsigned long)s->svr.rrset_bogus)) return 0; - if(!ssl_printf(ssl, "num.query.aggressive.NOERROR"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.aggressive.NOERROR"SQ"%lu\n", (unsigned long)s->svr.num_neg_cache_noerror)) return 0; - if(!ssl_printf(ssl, "num.query.aggressive.NXDOMAIN"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.aggressive.NXDOMAIN"SQ"%lu\n", (unsigned long)s->svr.num_neg_cache_nxdomain)) return 0; /* threat detection */ - if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n", + if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n", (unsigned long)s->svr.unwanted_queries)) return 0; - if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n", + if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n", (unsigned long)s->svr.unwanted_replies)) return 0; /* cache counts */ if(!ssl_printf(ssl, "msg.cache.count"SQ"%u\n", @@ -1066,6 +1029,11 @@ print_ext(RES* ssl, struct ub_stats_info* s) (unsigned)s->svr.infra_cache_count)) return 0; if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n", (unsigned)s->svr.key_cache_count)) return 0; + /* max collisions */ + if(!ssl_printf(ssl, "msg.cache.max_collisions"SQ"%u\n", + (unsigned)s->svr.msg_cache_max_collisions)) return 0; + if(!ssl_printf(ssl, "rrset.cache.max_collisions"SQ"%u\n", + (unsigned)s->svr.rrset_cache_max_collisions)) return 0; /* applied RPZ actions */ for(i=0; isvr.num_query_subnet_cache)) return 0; #endif /* CLIENT_SUBNET */ +#ifdef USE_CACHEDB + if(!ssl_printf(ssl, "num.query.cachedb"SQ"%lu\n", + (unsigned long)s->svr.num_query_cachedb)) return 0; +#endif /* USE_CACHEDB */ return 1; } @@ -1120,7 +1092,7 @@ do_stats(RES* ssl, struct worker* worker, int reset) } /* print the thread statistics */ total.mesh_time_median /= (double)daemon->num; - if(!print_stats(ssl, "total", &total)) + if(!print_stats(ssl, "total", &total)) return; if(!print_uptime(ssl, worker, reset)) return; @@ -1129,7 +1101,7 @@ do_stats(RES* ssl, struct worker* worker, int reset) return; if(!print_hist(ssl, &total)) return; - if(!print_ext(ssl, &total)) + if(!print_ext(ssl, &total, daemon->cfg->stat_inhibit_zero)) return; } } @@ -1209,7 +1181,7 @@ perform_zone_add(RES* ssl, struct local_zones* zones, char* arg) return 0; } lock_rw_wrlock(&zones->lock); - if((z=local_zones_find(zones, nm, nmlen, + if((z=local_zones_find(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN))) { /* already present in tree */ lock_rw_wrlock(&z->lock); @@ -1219,7 +1191,7 @@ perform_zone_add(RES* ssl, struct local_zones* zones, char* arg) lock_rw_unlock(&zones->lock); return 1; } - if(!local_zones_add_zone(zones, nm, nmlen, + if(!local_zones_add_zone(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN, t)) { lock_rw_unlock(&zones->lock); ssl_printf(ssl, "error out of memory\n"); @@ -1268,7 +1240,7 @@ perform_zone_remove(RES* ssl, struct local_zones* zones, char* arg) if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return 0; lock_rw_wrlock(&zones->lock); - if((z=local_zones_find(zones, nm, nmlen, + if((z=local_zones_find(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN))) { /* present in tree */ local_zones_del_zone(zones, z); @@ -1609,8 +1581,11 @@ do_flush_type(RES* ssl, struct worker* worker, char* arg) if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return; t = sldns_get_rr_type_by_name(arg2); + if(t == 0 && strcmp(arg2, "TYPE0") != 0) { + return; + } do_cache_remove(worker, nm, nmlen, t, LDNS_RR_CLASS_IN); - + free(nm); send_ok(ssl); } @@ -1720,7 +1695,7 @@ zone_del_rrset(struct lruhash_entry* e, void* arg) struct del_info* inf = (struct del_info*)arg; struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key; if(dname_subdomain_c(k->rk.dname, inf->name)) { - struct packed_rrset_data* d = + struct packed_rrset_data* d = (struct packed_rrset_data*)e->data; if(d->ttl > inf->expired) { d->ttl = inf->expired; @@ -1784,21 +1759,21 @@ do_flush_zone(RES* ssl, struct worker* worker, char* arg) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, + slabhash_traverse(&worker->env.rrset_cache->table, 1, &zone_del_rrset, &inf); slabhash_traverse(worker->env.msg_cache, 1, &zone_del_msg, &inf); /* and validator cache */ if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, + slabhash_traverse(worker->env.key_cache->slab, 1, &zone_del_kcache, &inf); } free(nm); (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, + "and %lu key entries\n", (unsigned long)inf.num_rrsets, (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); } @@ -1853,19 +1828,19 @@ do_flush_bogus(RES* ssl, struct worker* worker) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, + slabhash_traverse(&worker->env.rrset_cache->table, 1, &bogus_del_rrset, &inf); slabhash_traverse(worker->env.msg_cache, 1, &bogus_del_msg, &inf); /* and validator cache */ if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, + slabhash_traverse(worker->env.key_cache->slab, 1, &bogus_del_kcache, &inf); } (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, + "and %lu key entries\n", (unsigned long)inf.num_rrsets, (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); } @@ -1928,19 +1903,19 @@ do_flush_negative(RES* ssl, struct worker* worker) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, + slabhash_traverse(&worker->env.rrset_cache->table, 1, &negative_del_rrset, &inf); slabhash_traverse(worker->env.msg_cache, 1, &negative_del_msg, &inf); /* and validator cache */ if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, + slabhash_traverse(worker->env.key_cache->slab, 1, &negative_del_kcache, &inf); } (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, + "and %lu key entries\n", (unsigned long)inf.num_rrsets, (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); } @@ -1963,7 +1938,9 @@ do_flush_name(RES* ssl, struct worker* w, char* arg) do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN); do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN); do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN); - + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN); + free(nm); send_ok(ssl); } @@ -2333,7 +2310,7 @@ do_status(RES* ssl, struct worker* worker) uptime = (time_t)time(NULL) - (time_t)worker->daemon->time_boot.tv_sec; if(!ssl_printf(ssl, "uptime: " ARG_LL "d seconds\n", (long long)uptime)) return; - if(!ssl_printf(ssl, "options:%s%s%s%s\n" , + if(!ssl_printf(ssl, "options:%s%s%s%s\n" , (worker->daemon->reuseport?" reuseport":""), (worker->daemon->rc->accept_list?" control":""), (worker->daemon->rc->accept_list && worker->daemon->rc->use_cert?"(ssl)":""), @@ -2347,7 +2324,7 @@ do_status(RES* ssl, struct worker* worker) /** get age for the mesh state */ static void -get_mesh_age(struct mesh_state* m, char* buf, size_t len, +get_mesh_age(struct mesh_state* m, char* buf, size_t len, struct module_env* env) { if(m->reply_list) { @@ -2366,7 +2343,7 @@ get_mesh_age(struct mesh_state* m, char* buf, size_t len, /** get status of a mesh state */ static void -get_mesh_status(struct mesh_area* mesh, struct mesh_state* m, +get_mesh_status(struct mesh_area* mesh, struct mesh_state* m, char* buf, size_t len) { enum module_ext_state s = m->s.ext_state[m->s.curmod]; @@ -2388,7 +2365,7 @@ get_mesh_status(struct mesh_area* mesh, struct mesh_state* m, snprintf(buf, len, " "); l = strlen(buf); buf += l; len -= l; - addr_to_str(&e->qsent->addr, e->qsent->addrlen, + addr_to_str(&e->qsent->addr, e->qsent->addrlen, buf, len); l = strlen(buf); buf += l; len -= l; @@ -2441,7 +2418,7 @@ do_dump_requestlist(RES* ssl, struct worker* worker) dname_str(m->s.qinfo.qname, buf); get_mesh_age(m, timebuf, sizeof(timebuf), &worker->env); get_mesh_status(mesh, m, statbuf, sizeof(statbuf)); - if(!ssl_printf(ssl, "%3d %4s %2s %s %s %s\n", + if(!ssl_printf(ssl, "%3d %4s %2s %s %s %s\n", num, (t?t:"TYPE??"), (c?c:"CLASS??"), buf, timebuf, statbuf)) { free(t); @@ -2631,7 +2608,7 @@ do_auth_zone_transfer(RES* ssl, struct worker* worker, char* arg) free(nm); send_ok(ssl); } - + /** do the set_option command */ static void do_set_option(RES* ssl, struct worker* worker, char* arg) @@ -2769,7 +2746,7 @@ do_list_local_zones(RES* ssl, struct local_zones* zones) RBTREE_FOR(z, struct local_zone*, &zones->ztree) { lock_rw_rdlock(&z->lock); dname_str(z->name, buf); - if(!ssl_printf(ssl, "%s %s\n", buf, + if(!ssl_printf(ssl, "%s %s\n", buf, local_zone_type2str(z->type))) { /* failure to print */ lock_rw_unlock(&z->lock); @@ -2998,7 +2975,7 @@ static void distribute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd) { int i; - if(!cmd || !ssl) + if(!cmd || !ssl) return; /* skip i=0 which is me */ for(i=1; iworker->daemon->num; i++) { @@ -3021,7 +2998,7 @@ cmdcmp(char* p, const char* cmd, size_t len) /** execute a remote control command */ static void -execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, +execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, struct worker* worker) { char* p = skipwhite(cmd); @@ -3029,8 +3006,11 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, if(cmdcmp(p, "stop", 4)) { do_stop(ssl, worker); return; + } else if(cmdcmp(p, "reload_keep_cache", 17)) { + do_reload(ssl, worker, 1); + return; } else if(cmdcmp(p, "reload", 6)) { - do_reload(ssl, worker); + do_reload(ssl, worker, 0); return; } else if(cmdcmp(p, "stats_noreset", 13)) { do_stats(ssl, worker, 0); @@ -3202,7 +3182,7 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, } } -void +void daemon_remote_exec(struct worker* worker) { /* read the cmd string */ @@ -3311,7 +3291,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, return 0; } -int remote_control_callback(struct comm_point* c, void* arg, int err, +int remote_control_callback(struct comm_point* c, void* arg, int err, struct comm_reply* ATTR_UNUSED(rep)) { RES res; @@ -3319,7 +3299,7 @@ int remote_control_callback(struct comm_point* c, void* arg, int err, struct daemon_remote* rc = s->rc; int r; if(err != NETEVENT_NOERROR) { - if(err==NETEVENT_TIMEOUT) + if(err==NETEVENT_TIMEOUT) log_err("remote control timed out"); clean_point(rc, s); return 0; diff --git a/daemon/remote.h b/daemon/remote.h index 217ea21e8..4902803f5 100644 --- a/daemon/remote.h +++ b/daemon/remote.h @@ -46,7 +46,7 @@ #ifndef DAEMON_REMOTE_H #define DAEMON_REMOTE_H #ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" +#include #endif struct config_file; struct listen_list; diff --git a/daemon/stats.c b/daemon/stats.c index 6b3834977..fabbd9f60 100644 --- a/daemon/stats.c +++ b/daemon/stats.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -116,8 +116,8 @@ void server_stats_log(struct ub_server_stats* stats, struct worker* worker, log_info("server stats for thread %d: %u queries, " "%u answers from cache, %u recursions, %u prefetch, %u rejected by " "ip ratelimiting", - threadnum, (unsigned)stats->num_queries, - (unsigned)(stats->num_queries - + threadnum, (unsigned)stats->num_queries, + (unsigned)(stats->num_queries - stats->num_queries_missed_cache), (unsigned)stats->num_queries_missed_cache, (unsigned)stats->num_queries_prefetch, @@ -279,7 +279,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.ans_rcode[i] += (long long)worker->env.mesh->ans_rcode[i]; for(i=0; isvr.rpz_action[i] += (long long)worker->env.mesh->rpz_action[i]; - timehist_export(worker->env.mesh->histogram, s->svr.hist, + timehist_export(worker->env.mesh->histogram, s->svr.hist, NUM_BUCKETS_HIST); /* values from outside network */ s->svr.unwanted_replies = (long long)worker->back->unwanted_replies; @@ -293,8 +293,10 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.queries_ratelimited = (long long)get_queries_ratelimit(worker, reset); /* get cache sizes */ - s->svr.msg_cache_count = (long long)count_slabhash_entries(worker->env.msg_cache); - s->svr.rrset_cache_count = (long long)count_slabhash_entries(&worker->env.rrset_cache->table); + get_slabhash_stats(worker->env.msg_cache, + &s->svr.msg_cache_count, &s->svr.msg_cache_max_collisions); + get_slabhash_stats(&worker->env.rrset_cache->table, + &s->svr.rrset_cache_count, &s->svr.rrset_cache_max_collisions); s->svr.infra_cache_count = (long long)count_slabhash_entries(worker->env.infra_cache->hosts); if(worker->env.key_cache) s->svr.key_cache_count = (long long)count_slabhash_entries(worker->env.key_cache->slab); @@ -354,6 +356,11 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.num_query_subnet = 0; s->svr.num_query_subnet_cache = 0; #endif +#ifdef USE_CACHEDB + s->svr.num_query_cachedb = (long long)worker->env.mesh->ans_cachedb; +#else + s->svr.num_query_cachedb = 0; +#endif /* get tcp accept usage */ s->svr.tcp_accept_usage = 0; @@ -419,7 +426,7 @@ void server_stats_reply(struct worker* worker, int reset) struct ub_stats_info s; server_stats_compile(worker, &s, reset); verbose(VERB_ALGO, "write stats replymsg"); - if(!tube_write_msg(worker->daemon->workers[0]->cmd, + if(!tube_write_msg(worker->daemon->workers[0]->cmd, (uint8_t*)&s, sizeof(s), 0)) fatal_exit("could not write stat values over cmd channel"); } @@ -430,6 +437,9 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) total->svr.num_queries_ip_ratelimited += a->svr.num_queries_ip_ratelimited; total->svr.num_queries_missed_cache += a->svr.num_queries_missed_cache; total->svr.num_queries_prefetch += a->svr.num_queries_prefetch; + total->svr.num_queries_timed_out += a->svr.num_queries_timed_out; + if (total->svr.max_query_time_us < a->svr.max_query_time_us) + total->svr.max_query_time_us = a->svr.max_query_time_us; total->svr.sum_query_list_size += a->svr.sum_query_list_size; total->svr.ans_expired += a->svr.ans_expired; #ifdef USE_DNSCRYPT @@ -471,6 +481,9 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) total->svr.unwanted_replies += a->svr.unwanted_replies; total->svr.unwanted_queries += a->svr.unwanted_queries; total->svr.tcp_accept_usage += a->svr.tcp_accept_usage; +#ifdef USE_CACHEDB + total->svr.num_query_cachedb += a->svr.num_query_cachedb; +#endif for(i=0; isvr.qtype[i] += a->svr.qtype[i]; for(i=0; issl != NULL) { stats->qtls++; #ifdef HAVE_SSL - if(SSL_session_reused(c->ssl)) + if(SSL_session_reused(c->ssl)) stats->qtls_resume++; #endif if(c->type == comm_http) diff --git a/daemon/worker.c b/daemon/worker.c index 20c50ae2c..1b988ed36 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -68,6 +68,7 @@ #include "util/fptr_wlist.h" #include "util/tube.h" #include "util/edns.h" +#include "util/timeval_func.h" #include "iterator/iter_fwd.h" #include "iterator/iter_hints.h" #include "iterator/iter_utils.h" @@ -112,7 +113,7 @@ /** Report on memory usage by this thread and global */ static void -worker_mem_report(struct worker* ATTR_UNUSED(worker), +worker_mem_report(struct worker* ATTR_UNUSED(worker), struct serviced_query* ATTR_UNUSED(cur_serv)) { #ifdef UNBOUND_ALLOC_STATS @@ -125,7 +126,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), #ifdef CLIENT_SUBNET size_t subnet = 0; #endif /* CLIENT_SUBNET */ - if(verbosity < VERB_ALGO) + if(verbosity < VERB_ALGO) return; front = listen_get_mem(worker->front); back = outnet_get_mem(worker->back); @@ -133,7 +134,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), rrset = slabhash_get_mem(&worker->env.rrset_cache->table); infra = infra_get_mem(worker->env.infra_cache); mesh = mesh_get_mem(worker->env.mesh); - ac = alloc_get_mem(&worker->alloc); + ac = alloc_get_mem(worker->alloc); superac = alloc_get_mem(&worker->daemon->superalloc); anch = anchors_get_mem(worker->env.anchors); iter = 0; @@ -154,10 +155,10 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), (&worker->env, i); } me = sizeof(*worker) + sizeof(*worker->base) + sizeof(*worker->comsig) - + comm_point_get_mem(worker->cmd_com) - + sizeof(worker->rndstate) - + regional_get_mem(worker->scratchpad) - + sizeof(*worker->env.scratch_buffer) + + comm_point_get_mem(worker->cmd_com) + + sizeof(worker->rndstate) + + regional_get_mem(worker->scratchpad) + + sizeof(*worker->env.scratch_buffer) + sldns_buffer_capacity(worker->env.scratch_buffer) + forwards_get_mem(worker->env.fwds) + hints_get_mem(worker->env.hints); @@ -172,7 +173,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " "rrset=%u infra=%u iter=%u val=%u subnet=%u anchors=%u " "alloccache=%u globalalloccache=%u me=%u", - (unsigned)total, (unsigned)front, (unsigned)back, + (unsigned)total, (unsigned)front, (unsigned)back, (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, (unsigned)iter, (unsigned)val, (unsigned)subnet, (unsigned)anch, (unsigned)ac, @@ -181,13 +182,13 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " "rrset=%u infra=%u iter=%u val=%u anchors=%u " "alloccache=%u globalalloccache=%u me=%u", - (unsigned)total, (unsigned)front, (unsigned)back, - (unsigned)mesh, (unsigned)msg, (unsigned)rrset, + (unsigned)total, (unsigned)front, (unsigned)back, + (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, (unsigned)iter, (unsigned)val, (unsigned)anch, (unsigned)ac, (unsigned)superac, (unsigned)me); #endif /* CLIENT_SUBNET */ log_info("Total heap memory estimate: %u total-alloc: %u " - "total-free: %u", (unsigned)total, + "total-free: %u", (unsigned)total, (unsigned)unbound_mem_alloc, (unsigned)unbound_mem_freed); #else /* no UNBOUND_ALLOC_STATS */ size_t val = 0; @@ -227,7 +228,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), #endif /* UNBOUND_ALLOC_STATS */ } -void +void worker_send_cmd(struct worker* worker, enum worker_commands cmd) { uint32_t c = (uint32_t)htonl(cmd); @@ -236,8 +237,8 @@ worker_send_cmd(struct worker* worker, enum worker_commands cmd) } } -int -worker_handle_service_reply(struct comm_point* c, void* arg, int error, +int +worker_handle_service_reply(struct comm_point* c, void* arg, int error, struct comm_reply* reply_info) { struct outbound_entry* e = (struct outbound_entry*)arg; @@ -252,13 +253,13 @@ worker_handle_service_reply(struct comm_point* c, void* arg, int error, } /* sanity check. */ if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer)) - || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != + || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != LDNS_PACKET_QUERY || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) { /* error becomes timeout for the module as if this reply * never arrived. */ verbose(VERB_ALGO, "worker: bad reply handled as timeout"); - mesh_report_reply(worker->env.mesh, e, reply_info, + mesh_report_reply(worker->env.mesh, e, reply_info, NETEVENT_TIMEOUT); worker_mem_report(worker, sq); return 0; @@ -288,64 +289,86 @@ worker_err_ratelimit(struct worker* worker, int err) return err; } +/** + * Structure holding the result of the worker_check_request function. + * Based on configuration it could be called up to four times; ideally should + * be called once. + */ +struct check_request_result { + int checked; + int value; +}; /** check request sanity. * @param pkt: the wire packet to examine for sanity. * @param worker: parameters for checking. - * @return error code, 0 OK, or -1 discard. + * @param out: struct to update with the result. */ -static int -worker_check_request(sldns_buffer* pkt, struct worker* worker) +static void +worker_check_request(sldns_buffer* pkt, struct worker* worker, + struct check_request_result* out) { + if(out->checked) return; + out->checked = 1; if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) { verbose(VERB_QUERY, "request too short, discarded"); - return -1; + out->value = -1; + return; } - if(sldns_buffer_limit(pkt) > NORMAL_UDP_SIZE && + if(sldns_buffer_limit(pkt) > NORMAL_UDP_SIZE && worker->daemon->cfg->harden_large_queries) { verbose(VERB_QUERY, "request too large, discarded"); - return -1; + out->value = -1; + return; } if(LDNS_QR_WIRE(sldns_buffer_begin(pkt))) { verbose(VERB_QUERY, "request has QR bit on, discarded"); - return -1; + out->value = -1; + return; } if(LDNS_TC_WIRE(sldns_buffer_begin(pkt))) { LDNS_TC_CLR(sldns_buffer_begin(pkt)); verbose(VERB_QUERY, "request bad, has TC bit on"); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY && LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_NOTIFY) { - verbose(VERB_QUERY, "request unknown opcode %d", + verbose(VERB_QUERY, "request unknown opcode %d", LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_NOTIMPL); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_NOTIMPL); + return; } if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) { - verbose(VERB_QUERY, "request wrong nr qd=%d", + verbose(VERB_QUERY, "request wrong nr qd=%d", LDNS_QDCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } - if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 && + if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 && (LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 1 || LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_NOTIFY)) { - verbose(VERB_QUERY, "request wrong nr an=%d", + verbose(VERB_QUERY, "request wrong nr an=%d", LDNS_ANCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } if(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) { - verbose(VERB_QUERY, "request wrong nr ns=%d", + verbose(VERB_QUERY, "request wrong nr ns=%d", LDNS_NSCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { - verbose(VERB_QUERY, "request wrong nr ar=%d", + verbose(VERB_QUERY, "request wrong nr ar=%d", LDNS_ARCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } - return 0; + out->value = 0; + return; } -void +void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* msg, size_t len, int error, void* arg) { @@ -388,7 +411,7 @@ worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* msg, /** check if a delegation is secure */ static enum sec_status -check_delegation_secure(struct reply_info *rep) +check_delegation_secure(struct reply_info *rep) { /* return smallest security status */ size_t i; @@ -424,10 +447,10 @@ deleg_remove_nonsecure_additional(struct reply_info* rep) s = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data) ->security; if(s != sec_status_secure) { - memmove(rep->rrsets+i, rep->rrsets+i+1, - sizeof(struct ub_packed_rrset_key*)* + memmove(rep->rrsets+i, rep->rrsets+i+1, + sizeof(struct ub_packed_rrset_key*)* (rep->rrset_count - i - 1)); - rep->ar_numrrsets--; + rep->ar_numrrsets--; rep->rrset_count--; i--; } @@ -437,15 +460,15 @@ deleg_remove_nonsecure_additional(struct reply_info* rep) /** answer nonrecursive query from the cache */ static int answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, - uint16_t id, uint16_t flags, struct comm_reply* repinfo, + uint16_t id, uint16_t flags, struct comm_reply* repinfo, struct edns_data* edns) { /* for a nonrecursive query return either: * o an error (servfail; we try to avoid this) * o a delegation (closest we have; this routine tries that) - * o the answer (checked by answer_from_cache) + * o the answer (checked by answer_from_cache) * - * So, grab a delegation from the rrset cache. + * So, grab a delegation from the rrset cache. * Then check if it needs validation, if so, this routine fails, * so that iterator can prime and validator can verify rrsets. */ @@ -457,7 +480,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, struct dns_msg *msg = NULL; struct delegpt *dp; - dp = dns_cache_find_delegation(&worker->env, qinfo->qname, + dp = dns_cache_find_delegation(&worker->env, qinfo->qname, qinfo->qname_len, qinfo->qtype, qinfo->qclass, worker->scratchpad, &msg, timenow, 0, NULL, 0); if(!dp) { /* no delegation, need to reprime */ @@ -470,7 +493,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, if(must_validate) { switch(check_delegation_secure(msg->rep)) { case sec_status_unchecked: - /* some rrsets have not been verified yet, go and + /* some rrsets have not been verified yet, go and * let validator do that */ return 0; case sec_status_bogus: @@ -484,13 +507,14 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) return 0; - /* Attached the cached EDE (RFC8914) */ - if (worker->env.cfg->ede) { + /* Attach the cached EDE (RFC8914) */ + if(worker->env.cfg->ede && + msg->rep->reason_bogus != LDNS_EDE_NONE) { edns_opt_list_append_ede(&edns->opt_list_out, worker->scratchpad, msg->rep->reason_bogus, msg->rep->reason_bogus_str); } - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, + error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); if(worker->stats.extended) { worker->stats.ans_bogus++; @@ -529,7 +553,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) edns->opt_list_inplace_cb_out = NULL; - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, + error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); } if(worker->stats.extended) { @@ -565,9 +589,10 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo, /* xxx_deny actions mean dropping the reply, unless the original reply * was redirected to response-ip data. */ - if((actinfo.action == respip_deny || + if(actinfo.action == respip_always_deny || + ((actinfo.action == respip_deny || actinfo.action == respip_inform_deny) && - *encode_repp == rep) + *encode_repp == rep)) *encode_repp = NULL; /* If address info is returned, it means the action should be an @@ -623,6 +648,14 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, if(worker->env.cfg->serve_expired_ttl && rep->serve_expired_ttl < timenow) return 0; + /* Ignore expired failure answers */ + if(FLAGS_GET_RCODE(rep->flags) != + LDNS_RCODE_NOERROR && + FLAGS_GET_RCODE(rep->flags) != + LDNS_RCODE_NXDOMAIN && + FLAGS_GET_RCODE(rep->flags) != + LDNS_RCODE_YXDOMAIN) + return 0; if(!rrset_array_lock(rep->ref, rep->rrset_count, 0)) return 0; *is_expired_answer = 1; @@ -661,8 +694,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) goto bail_out; - /* Attached the cached EDE (RFC8914) */ - if (worker->env.cfg->ede) { + /* Attach the cached EDE (RFC8914) */ + if(worker->env.cfg->ede && rep->reason_bogus != LDNS_EDE_NONE) { edns_opt_list_append_ede(&edns->opt_list_out, worker->scratchpad, rep->reason_bogus, rep->reason_bogus_str); @@ -730,8 +763,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, goto bail_out; } } else { - /* We don't check the global ede as this is a warning, not - * an error */ if (*is_expired_answer == 1 && worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) { EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, @@ -757,7 +788,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, return 1; bail_out: - rrset_array_unlock_touch(worker->env.rrset_cache, + rrset_array_unlock_touch(worker->env.rrset_cache, worker->scratchpad, rep->ref, rep->rrset_count); return 0; } @@ -787,7 +818,8 @@ reply_and_prefetch(struct worker* worker, struct query_info* qinfo, if(modstack_find(&worker->env.mesh->mods, "subnetcache") != -1 && worker->env.unique_mesh) { mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway + - PREFETCH_EXPIRY_ADD, rpz_passthru, repinfo, opt_list); + PREFETCH_EXPIRY_ADD, rpz_passthru, + &repinfo->client_addr, opt_list); return; } #endif @@ -941,12 +973,12 @@ answer_chaos(struct worker* w, struct query_info* qinfo, struct config_file* cfg = w->env.cfg; if(qinfo->qtype != LDNS_RR_TYPE_ANY && qinfo->qtype != LDNS_RR_TYPE_TXT) return 0; - if(query_dname_compare(qinfo->qname, + if(query_dname_compare(qinfo->qname, (uint8_t*)"\002id\006server") == 0 || - query_dname_compare(qinfo->qname, + query_dname_compare(qinfo->qname, (uint8_t*)"\010hostname\004bind") == 0) { - if(cfg->hide_identity) + if(cfg->hide_identity) return 0; if(cfg->identity==NULL || cfg->identity[0]==0) { char buf[MAXHOSTNAMELEN+1]; @@ -961,12 +993,12 @@ answer_chaos(struct worker* w, struct query_info* qinfo, else chaos_replyonestr(pkt, cfg->identity, edns, w, repinfo); return 1; } - if(query_dname_compare(qinfo->qname, + if(query_dname_compare(qinfo->qname, (uint8_t*)"\007version\006server") == 0 || - query_dname_compare(qinfo->qname, + query_dname_compare(qinfo->qname, (uint8_t*)"\007version\004bind") == 0) { - if(cfg->hide_version) + if(cfg->hide_version) return 0; if(cfg->version==NULL || cfg->version[0]==0) chaos_replyonestr(pkt, PACKAGE_STRING, edns, w, repinfo); @@ -1050,7 +1082,8 @@ static int deny_refuse(struct comm_point* c, enum acl_access acl, enum acl_access deny, enum acl_access refuse, struct worker* worker, struct comm_reply* repinfo, - struct acl_addr* acladdr, int ede) + struct acl_addr* acladdr, int ede, + struct check_request_result* check_result) { if(acl == deny) { if(verbosity >= VERB_ALGO) { @@ -1073,9 +1106,16 @@ deny_refuse(struct comm_point* c, enum acl_access acl, if(worker->stats.extended) worker->stats.unwanted_queries++; - if(worker_check_request(c->buffer, worker) == -1) { + worker_check_request(c->buffer, worker, check_result); + if(check_result->value != 0) { + if(check_result->value != -1) { + LDNS_QR_SET(sldns_buffer_begin(c->buffer)); + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + check_result->value); + return 1; + } comm_point_drop_reply(repinfo); - return 0; /* discard this */ + return 0; } /* worker_check_request() above guarantees that the buffer contains at * least a header and that qdcount == 1 @@ -1125,7 +1165,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl, return 1; } LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_REFUSED); sldns_buffer_skip(c->buffer, (ssize_t)sizeof(uint16_t)); /* skip qtype */ @@ -1140,7 +1180,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl, /* Skip through the RR records */ if(LDNS_ANCOUNT(sldns_buffer_begin(c->buffer)) != 0 || LDNS_NSCOUNT(sldns_buffer_begin(c->buffer)) != 0) { - if(!skip_pkt_rrs(c->buffer, + if(!skip_pkt_rrs(c->buffer, ((int)LDNS_ANCOUNT(sldns_buffer_begin(c->buffer)))+ ((int)LDNS_NSCOUNT(sldns_buffer_begin(c->buffer))))) { LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), @@ -1229,7 +1269,8 @@ deny_refuse(struct comm_point* c, enum acl_access acl, static int deny_refuse_all(struct comm_point* c, enum acl_access* acl, struct worker* worker, struct comm_reply* repinfo, - struct acl_addr** acladdr, int ede, int check_proxy) + struct acl_addr** acladdr, int ede, int check_proxy, + struct check_request_result* check_result) { if(check_proxy) { *acladdr = acl_addr_lookup(worker->daemon->acl, @@ -1244,16 +1285,17 @@ deny_refuse_all(struct comm_point* c, enum acl_access* acl, } *acl = acl_get_control(*acladdr); return deny_refuse(c, *acl, acl_deny, acl_refuse, worker, repinfo, - *acladdr, ede); + *acladdr, ede, check_result); } static int deny_refuse_non_local(struct comm_point* c, enum acl_access acl, struct worker* worker, struct comm_reply* repinfo, - struct acl_addr* acladdr, int ede) + struct acl_addr* acladdr, int ede, + struct check_request_result* check_result) { return deny_refuse(c, acl, acl_deny_non_local, acl_refuse_non_local, - worker, repinfo, acladdr, ede); + worker, repinfo, acladdr, ede, check_result); } int @@ -1274,6 +1316,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, int is_expired_answer = 0; int is_secure_answer = 0; int rpz_passthru = 0; + long long wait_queue_time = 0; /* We might have to chase a CNAME chain internally, in which case * we'll have up to two replies and combine them to build a complete * answer. These variables control this case. */ @@ -1282,6 +1325,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, struct query_info* lookup_qinfo = &qinfo; struct query_info qinfo_tmp; /* placeholder for lookup_qinfo */ struct respip_client_info* cinfo = NULL, cinfo_tmp; + struct timeval wait_time; + struct check_request_result check_result = {0,0}; memset(&qinfo, 0, sizeof(qinfo)); if((error != NETEVENT_NOERROR && error != NETEVENT_DONE)|| !repinfo) { @@ -1289,6 +1334,20 @@ worker_handle_request(struct comm_point* c, void* arg, int error, verbose(VERB_ALGO, "handle request called with err=%d", error); return 0; } + + if (worker->env.cfg->sock_queue_timeout && timeval_isset(&c->recv_tv)) { + timeval_subtract(&wait_time, worker->env.now_tv, &c->recv_tv); + wait_queue_time = wait_time.tv_sec * 1000000 + wait_time.tv_usec; + if (worker->stats.max_query_time_us < wait_queue_time) + worker->stats.max_query_time_us = wait_queue_time; + if(wait_queue_time > + (long long)(worker->env.cfg->sock_queue_timeout * 1000000)) { + /* count and drop queries that were sitting in the socket queue too long */ + worker->stats.num_queries_timed_out++; + return 0; + } + } + #ifdef USE_DNSCRYPT repinfo->max_udp_size = worker->daemon->cfg->max_udp_size; if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) { @@ -1298,7 +1357,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(c->dnscrypt && !repinfo->is_dnscrypted) { char buf[LDNS_MAX_DOMAINLEN+1]; /* Check if this is unencrypted and asking for certs */ - if(worker_check_request(c->buffer, worker) != 0) { + worker_check_request(c->buffer, worker, &check_result); + if(check_result.value != 0) { verbose(VERB_ALGO, "dnscrypt: worker check request: bad query."); log_addr(VERB_CLIENT,"from",&repinfo->client_addr, @@ -1340,31 +1400,34 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(worker->dtenv.log_client_query_messages) { log_addr(VERB_ALGO, "request from client", &repinfo->client_addr, repinfo->client_addrlen); log_addr(VERB_ALGO, "to local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); - dt_msg_send_client_query(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); + dt_msg_send_client_query(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer, + ((worker->env.cfg->sock_queue_timeout && timeval_isset(&c->recv_tv))?&c->recv_tv:NULL)); } #endif /* Check deny/refuse ACLs */ if(repinfo->is_proxied) { if((ret=deny_refuse_all(c, &acl, worker, repinfo, &acladdr, - worker->env.cfg->ede, 1)) != -1) { + worker->env.cfg->ede, 1, &check_result)) != -1) { if(ret == 1) goto send_reply; return ret; } } if((ret=deny_refuse_all(c, &acl, worker, repinfo, &acladdr, - worker->env.cfg->ede, 0)) != -1) { + worker->env.cfg->ede, 0, &check_result)) != -1) { if(ret == 1) goto send_reply; return ret; } - if((ret=worker_check_request(c->buffer, worker)) != 0) { + worker_check_request(c->buffer, worker, &check_result); + if(check_result.value != 0) { verbose(VERB_ALGO, "worker check request: bad query."); log_addr(VERB_CLIENT,"from",&repinfo->client_addr, repinfo->client_addrlen); - if(ret != -1) { + if(check_result.value != -1) { LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret); + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + check_result.value); return 1; } comm_point_drop_reply(repinfo); @@ -1410,7 +1473,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } sldns_buffer_rewind(c->buffer); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_FORMERR); goto send_reply; } @@ -1419,21 +1482,21 @@ worker_handle_request(struct comm_point* c, void* arg, int error, addr_to_str(&repinfo->client_addr, repinfo->client_addrlen, ip, sizeof(ip)); log_query_in(ip, qinfo.qname, qinfo.qtype, qinfo.qclass); } - if(qinfo.qtype == LDNS_RR_TYPE_AXFR || + if(qinfo.qtype == LDNS_RR_TYPE_AXFR || qinfo.qtype == LDNS_RR_TYPE_IXFR) { verbose(VERB_ALGO, "worker request: refused zone transfer."); log_addr(VERB_CLIENT, "from", &repinfo->client_addr, repinfo->client_addrlen); sldns_buffer_rewind(c->buffer); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_REFUSED); if(worker->stats.extended) { worker->stats.qtype[qinfo.qtype]++; } goto send_reply; } - if(qinfo.qtype == LDNS_RR_TYPE_OPT || + if(qinfo.qtype == LDNS_RR_TYPE_OPT || qinfo.qtype == LDNS_RR_TYPE_TSIG || qinfo.qtype == LDNS_RR_TYPE_TKEY || qinfo.qtype == LDNS_RR_TYPE_MAILA || @@ -1448,7 +1511,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } sldns_buffer_rewind(c->buffer); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_FORMERR); if(worker->stats.extended) { worker->stats.qtype[qinfo.qtype]++; @@ -1517,10 +1580,10 @@ worker_handle_request(struct comm_point* c, void* arg, int error, repinfo->client_addrlen); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_TC_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_SERVFAIL); sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); - sldns_buffer_write_at(c->buffer, 4, + sldns_buffer_write_at(c->buffer, 4, (uint8_t*)"\0\0\0\0\0\0\0\0", 8); sldns_buffer_flip(c->buffer); regional_free_all(worker->scratchpad); @@ -1587,7 +1650,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, /* We've looked in our local zones. If the answer isn't there, we * might need to bail out based on ACLs now. */ if((ret=deny_refuse_non_local(c, acl, worker, repinfo, acladdr, - worker->env.cfg->ede)) != -1) + worker->env.cfg->ede, &check_result)) != -1) { regional_free_all(worker->scratchpad); if(ret == 1) @@ -1606,7 +1669,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, * ACLs allow the snooping. */ if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) && acl != acl_allow_snoop ) { - if (worker->env.cfg->ede) { + if(worker->env.cfg->ede) { EDNS_OPT_LIST_APPEND_EDE(&edns.opt_list_out, worker->scratchpad, LDNS_EDE_NOT_AUTHORITATIVE, ""); } @@ -1739,8 +1802,8 @@ lookup_cache: if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { if(answer_norec_from_cache(worker, &qinfo, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), repinfo, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), repinfo, &edns)) { regional_free_all(worker->scratchpad); goto send_reply; @@ -1819,10 +1882,10 @@ send_reply_rc: return rc; } -void +void worker_sighandler(int sig, void* arg) { - /* note that log, print, syscalls here give race conditions. + /* note that log, print, syscalls here give race conditions. * And cause hangups if the log-lock is held by the application. */ struct worker* worker = (struct worker*)arg; switch(sig) { @@ -1897,13 +1960,13 @@ void worker_probe_timer_cb(void* arg) comm_timer_set(worker->env.probe_timer, &tv); } -struct worker* +struct worker* worker_create(struct daemon* daemon, int id, int* ports, int n) { unsigned int seed; - struct worker* worker = (struct worker*)calloc(1, + struct worker* worker = (struct worker*)calloc(1, sizeof(struct worker)); - if(!worker) + if(!worker) return NULL; worker->numports = n; worker->ports = (int*)memdup(ports, sizeof(int)*n); @@ -1931,7 +1994,7 @@ worker_create(struct daemon* daemon, int id, int* ports, int n) } int -worker_init(struct worker* worker, struct config_file *cfg, +worker_init(struct worker* worker, struct config_file *cfg, struct listen_port* ports, int do_sigs) { #ifdef USE_DNSTAP @@ -1964,9 +2027,9 @@ worker_init(struct worker* worker, struct config_file *cfg, #endif ub_thread_sig_unblock(SIGTERM); #ifndef LIBEVENT_SIGNAL_PROBLEM - worker->comsig = comm_signal_create(worker->base, + worker->comsig = comm_signal_create(worker->base, worker_sighandler, worker); - if(!worker->comsig + if(!worker->comsig #ifdef SIGHUP || !comm_signal_bind(worker->comsig, SIGHUP) #endif @@ -1983,7 +2046,7 @@ worker_init(struct worker* worker, struct config_file *cfg, return 0; } #endif /* LIBEVENT_SIGNAL_PROBLEM */ - if(!daemon_remote_open_accept(worker->daemon->rc, + if(!daemon_remote_open_accept(worker->daemon->rc, worker->daemon->rc_ports, worker)) { worker_delete(worker); return 0; @@ -2017,8 +2080,8 @@ worker_init(struct worker* worker, struct config_file *cfg, return 0; } worker->back = outside_network_create(worker->base, - cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, - cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, + cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, + cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, cfg->do_tcp?cfg->outgoing_num_tcp:0, cfg->ip_dscp, worker->daemon->env->infra_cache, worker->rndstate, cfg->use_caps_bits_for_id, worker->ports, worker->numports, @@ -2043,13 +2106,13 @@ worker_init(struct worker* worker, struct config_file *cfg, worker_delete(worker); return 0; } - worker->stat_timer = comm_timer_create(worker->base, + worker->stat_timer = comm_timer_create(worker->base, worker_stat_timer_cb, worker); if(!worker->stat_timer) { log_err("could not create statistics timer"); } - /* we use the msg_buffer_size as a good estimate for what the + /* we use the msg_buffer_size as a good estimate for what the * user wants for memory usage sizes */ worker->scratchpad = regional_create_custom(cfg->msg_buffer_size); if(!worker->scratchpad) { @@ -2059,15 +2122,14 @@ worker_init(struct worker* worker, struct config_file *cfg, } server_stats_init(&worker->stats, cfg); - alloc_init(&worker->alloc, &worker->daemon->superalloc, - worker->thread_num); - alloc_set_id_cleanup(&worker->alloc, &worker_alloc_cleanup, worker); + worker->alloc = worker->daemon->worker_allocs[worker->thread_num]; + alloc_set_id_cleanup(worker->alloc, &worker_alloc_cleanup, worker); worker->env = *worker->daemon->env; comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv); worker->env.worker = worker; worker->env.worker_base = worker->base; worker->env.send_query = &worker_send_query; - worker->env.alloc = &worker->alloc; + worker->env.alloc = worker->alloc; worker->env.outnet = worker->back; worker->env.rnd = worker->rndstate; /* If case prefetch is triggered, the corresponding mesh will clear @@ -2159,23 +2221,23 @@ worker_init(struct worker* worker, struct config_file *cfg, worker_mem_report(worker, NULL); /* if statistics enabled start timer */ if(worker->env.cfg->stat_interval > 0) { - verbose(VERB_ALGO, "set statistics interval %d secs", + verbose(VERB_ALGO, "set statistics interval %d secs", worker->env.cfg->stat_interval); worker_restart_timer(worker); } return 1; } -void +void worker_work(struct worker* worker) { comm_base_dispatch(worker->base); } -void +void worker_delete(struct worker* worker) { - if(!worker) + if(!worker) return; if(worker->env.mesh && verbosity >= VERB_OPS) { server_stats_log(&worker->stats, worker, worker->thread_num); @@ -2211,7 +2273,7 @@ worker_delete(struct worker* worker) #endif /* USE_DNSTAP */ comm_base_delete(worker->base); ub_randfree(worker->rndstate); - alloc_clear(&worker->alloc); + /* don't touch worker->alloc, as it's maintained in daemon */ regional_destroy(worker->env.scratch); regional_destroy(worker->scratchpad); free(worker); @@ -2227,7 +2289,7 @@ worker_send_query(struct query_info* qinfo, uint16_t flags, int dnssec, struct worker* worker = q->env->worker; struct outbound_entry* e = (struct outbound_entry*)regional_alloc( q->region, sizeof(*e)); - if(!e) + if(!e) return NULL; e->qstate = q; e->qsent = outnet_serviced_query(worker->back, qinfo, flags, dnssec, @@ -2241,7 +2303,7 @@ worker_send_query(struct query_info* qinfo, uint16_t flags, int dnssec, return e; } -void +void worker_alloc_cleanup(void* arg) { struct worker* worker = (struct worker*)arg; @@ -2289,7 +2351,7 @@ struct outbound_entry* libworker_send_query( return 0; } -int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), +int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) { diff --git a/daemon/worker.h b/daemon/worker.h index 3fb52abd9..ab2fc728d 100644 --- a/daemon/worker.h +++ b/daemon/worker.h @@ -118,7 +118,7 @@ struct worker { /** do we need to restart or quit (on signal) */ int need_to_exit; /** allocation cache for this thread */ - struct alloc_cache alloc; + struct alloc_cache *alloc; /** per thread statistics */ struct ub_server_stats stats; /** thread scratch regional */ @@ -131,6 +131,8 @@ struct worker { /** dnstap environment, changed for this thread */ struct dt_env dtenv; #endif + /** reuse existing cache on reload if other conditions allow it. */ + int reuse_cache; }; /** diff --git a/dns64/dns64.c b/dns64/dns64.c index 9e3b98e58..1e31f51e8 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -59,7 +59,7 @@ ******************************************************************************/ /** - * This is the default DNS64 prefix that is used whent he dns64 module is listed + * This is the default DNS64 prefix that is used when the dns64 module is listed * in module-config but when the dns64-prefix variable is not present. */ static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96"; diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c index 5c0cde1d5..d15eb9b00 100644 --- a/dnstap/dnstap.c +++ b/dnstap/dnstap.c @@ -388,12 +388,15 @@ dt_msg_send_client_query(struct dt_env *env, struct sockaddr_storage *qsock, struct sockaddr_storage *rsock, enum comm_point_type cptype, - sldns_buffer *qmsg) + sldns_buffer *qmsg, + struct timeval* tstamp) { struct dt_msg dm; struct timeval qtime; - gettimeofday(&qtime, NULL); + if(tstamp) + memcpy(&qtime, tstamp, sizeof(qtime)); + else gettimeofday(&qtime, NULL); /* type */ dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__CLIENT_QUERY); diff --git a/dnstap/dnstap.h b/dnstap/dnstap.h index 449fae727..169bdc2c6 100644 --- a/dnstap/dnstap.h +++ b/dnstap/dnstap.h @@ -126,13 +126,15 @@ dt_delete(struct dt_env *env); * @param rsock: local (service) address/port. * @param cptype: comm_udp or comm_tcp. * @param qmsg: query message. + * @param tstamp: timestamp or NULL if none provided. */ void dt_msg_send_client_query(struct dt_env *env, struct sockaddr_storage *qsock, struct sockaddr_storage *rsock, enum comm_point_type cptype, - struct sldns_buffer *qmsg); + struct sldns_buffer *qmsg, + struct timeval* tstamp); /** * Create and send a new dnstap "Message" event of type CLIENT_RESPONSE. diff --git a/dnstap/unbound-dnstap-socket.c b/dnstap/unbound-dnstap-socket.c index 3bf889463..d172a6744 100644 --- a/dnstap/unbound-dnstap-socket.c +++ b/dnstap/unbound-dnstap-socket.c @@ -61,6 +61,7 @@ #include "services/listen_dnsport.h" #include "sldns/sbuffer.h" #include "sldns/wire2str.h" +#include "sldns/pkthdr.h" #ifdef USE_DNSTAP #include #include "dnstap/dnstap.pb-c.h" @@ -448,6 +449,7 @@ static char* q_of_msg(ProtobufCBinaryData message) char buf[300]; /* header, name, type, class minimum to get the query tuple */ if(message.len < 12 + 1 + 4 + 4) return NULL; + if(LDNS_QDCOUNT(message.data) < 1) return NULL; if(sldns_wire2str_rrquestion_buf(message.data+12, message.len-12, buf, sizeof(buf)) != 0) { /* remove trailing newline, tabs to spaces */ @@ -502,7 +504,7 @@ static char* tv_to_str(protobuf_c_boolean has_time_sec, uint64_t time_sec, time_t time_t_sec; memset(&tv, 0, sizeof(tv)); if(has_time_sec) tv.tv_sec = time_sec; - if(has_time_nsec) tv.tv_usec = time_nsec; + if(has_time_nsec) tv.tv_usec = time_nsec/1000; buf[0]=0; time_t_sec = tv.tv_sec; @@ -789,7 +791,7 @@ static int reply_with_accept(struct tap_data* data) /** reply with FINISH control frame to bidirectional client, * returns 0 on error */ -static int reply_with_finish(int fd) +static int reply_with_finish(struct tap_data* data) { #ifdef USE_DNSTAP size_t len = 0; @@ -799,21 +801,34 @@ static int reply_with_finish(int fd) return 0; } - fd_set_block(fd); - if(send(fd, finishframe, len, 0) == -1) { - log_err("send failed: %s", sock_strerror(errno)); - fd_set_nonblock(fd); - free(finishframe); - return 0; + fd_set_block(data->fd); + if(data->ssl) { + int r; + if((r=SSL_write(data->ssl, finishframe, len)) <= 0) { + if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN) + log_err("SSL_write, peer closed connection"); + else + log_err("could not SSL_write"); + fd_set_nonblock(data->fd); + free(finishframe); + return 0; + } + } else { + if(send(data->fd, finishframe, len, 0) == -1) { + log_err("send failed: %s", sock_strerror(errno)); + fd_set_nonblock(data->fd); + free(finishframe); + return 0; + } } if(verbosity) log_info("sent control frame(finish)"); - fd_set_nonblock(fd); + fd_set_nonblock(data->fd); free(finishframe); return 1; #else log_err("no dnstap compiled, no reply"); - (void)fd; + (void)data; return 0; #endif } @@ -933,7 +948,7 @@ static int tap_handshake(struct tap_data* data) #endif /* HAVE_SSL */ /** callback for dnstap listener */ -void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg) +void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) { struct tap_data* data = (struct tap_data*)arg; if(verbosity>=3) log_info("tap callback"); @@ -1016,7 +1031,7 @@ void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg) } } else if(data->len >= 4 && sldns_read_uint32(data->frame) == FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) { - if(!reply_with_finish(fd)) { + if(!reply_with_finish(data)) { tap_data_free(data); return; } diff --git a/doc/Changelog b/doc/Changelog index 66cc6161d..2aba85ce7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,311 @@ +30 July 2023: George + - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. + +28 July 2023: George + - Fix unused variable compile warning for kernel timestamps in + netevent.c + +21 July 2023: George + - Merge #857 from eaglegai: fix potential memory leaks when errors + happen. + - For #857: fix mixed declarations and code. + - Merge #118 from mibere: Changed verbosity level for Redis init & + deinit. + - Merge #390 from Frank Riley: Add missing callbacks to the python + module. + - Cleaner failure code for callback functions in interface.i. + - Merge #889 from borisVanhoof: Free memory in error case + remove + unused function. + - For #889: use netcat-openbsd instead of netcat-traditional. + - For #889: Account for num_detached_states before possible + mesh_state_delete when erroring out. + +20 July 2023: George + - Merge #909 from headshog: Numeric truncation when parsing TYPEXX and + CLASSXX representation. + - For #909: Fix return values. + - Merge #901 from Sergei Trofimovich: config: improve handling of + unknown modules. + +20 July 2023: Wouter + - For #909: Fix RR class comparison. + +14 July 2023: George + - More clear description of the different auth-zone behaviors on the + man page. + +13 July 2023: George + - Merge #880 from chipitsine: services/authzone.c: remove redundant + check. + +11 July 2023: George + - Merge #664 from tilan7763: Add prefetch support for subnet cache + entries. + - For #664: Easier code flow for subnetcache prefetching. + - For #664: Add testcase. + - For #664: Rename subnet_prefetch tests to subnet_global_prefetch to + differentiate from the new subnet prefetch support. + +3 July 2023: George + - Merge #739: Add SVCB dohpath support. + - Code cleanup for sldns_str2wire_svcparam_key_lookup. + - Merge #802: add validation EDEs to queries where the CD bit is set. + - For #802: Cleanup comments and add RCODE check for CD bit test case. + - Skip the 00-lint test. splint is not maintained; it either does not + work or produces false positives. Static analysis is handled in the + clang test. + +3 July 2023: Wouter + - Fix #906: warning: ‘Py_SetProgramName’ is deprecated. + - Fix dereference of NULL variable warning in mesh_do_callback. + +29 June 2023: George + - More fixes for reference counting for python module and clean up + failure code. + - Merge #827 from rcmcdonald91: Eliminate unnecessary Python reloading + which causes memory leaks. + +29 June 2023: Wouter + - Fix python modules with multiple scripts, by incrementing reference + counts. + +27 June 2023: George + - Merge #892: Add cachedb hit stat. Introduces 'num.query.cachedb' as + a new statistical counter. + - Remove warning about unknown cast-function-type warning pragma. + +22 June 2023: Wouter + - Merge #903: contrib: add yocto compatible init script. + +15 June 2023: Philip + - Fix for issue #887 (Timeouts to forward servers on BSD based + system with ASLR) + - Probably fixes #516 (Stream reuse does not work on Windows) as well + +14 June 2023: George + - Properly handle all return values of worker_check_request during + early EDE code. + - Do not check the incoming request more than once. + +12 June 2023: Wouter + - Merge #896: Fix: #895: pythonmodule: add all site-packages + directories to sys.path. + - Fix #895: python + sysconfig gives ANOTHER path comparing to + distutils. + - Fix for uncertain unit test for doh buffer size events. + +25 May 2023: Wouter + - Fix unbound-dnstap-socket printout when no query is present. + - Fix unbound-dnstap-socket time fraction conversion for printout. + +19 May 2023: Wouter + - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR. + - Fix to remove unused variables from RPZ clientip data structure. + +16 May 2023: Wouter + - Fix #888: [FR] Use kernel timestamps for dnstap. + - Fix to print debug log for ancillary data with correct IP address. + +11 May 2023: Wouter + - Fix warning in windows compile, in set_recvtimestamp. + +4 May 2023: Wouter + - Fix #885: Error: util/configlexer.c: No such file or directory, + adds error messages explaining to install flex and bison. + - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h. + - Fix doxygen in addr_to_nat64 header definition. + +1 May 2023: George + - Merge #722 from David 'eqvinox' Lamparter: NAT64 support. + - For #722: minor fixes, formatting, refactoring. + +1 May 2023: Wouter + - Fix RPZ IP responses with trigger rpz-drop on cache entries, that + they are dropped. + +26 April 2023: Philip + - Fix issue #860: Bad interaction with 0 TTL records and serve-expired + +26 April 2023: Wouter + - Merge #882 from vvfedorenko: Features/dropqueuedpackets, with + sock-queue-timeout option that drops packets that have been in the + socket queue for too long. Added statistics num.queries_timed_out + and query.queue_time_us.max that track the socket queue timeouts. + - Fix for #882: small changes, date updated in Copyright for + util/timeval_func.c and util/timeval_func.h. Man page entries and + example entry. + - Fix for #882: document variable to stop doxygen warning. + +19 April 2023: Wouter + - Fix for #878: Invalid IP address in unbound.conf causes Segmentation + Fault on OpenBSD. + +14 April 2023: Wouter + - Merge #875: change obsolete txt URL in unbound-anchor.c to point + to RFC 7958, and Fix #874. + +13 April 2023: Wouter + - Fix build badge, from failing travis link to github ci action link. + +6 April 2023: Wouter + - Fix for #870: Add test case for the qname minimisation and CNAME. + +4 April 2023: Wouter + - Fix #870: NXDOMAIN instead of NOERROR rcode when asked for existing + CNAME record. + +24 March 2023: Philip + - Fix issue #676: Unencrypted query is sent when + forward-tls-upstream: yes is used without tls-cert-bundle + - Extra consistency check to make sure that when TLS is requested, + either we set up a TLS connection or we return an error. + +21 March 2023: Philip + - Fix issue #851: reserved identifier violation + +20 March 2023: Wouter + - iana portlist update. + +17 March 2023: George + - Fix #812, fix #846, by using the SSL_OP_IGNORE_UNEXPECTED_EOF option + to ignore the unexpected eof while reading in openssl >= 3. + +16 March 2023: Wouter + - Fix ssl.h include brackets, instead of quotes. + +14 March 2023: Wouter + - Fix unbound-dnstap-socket test program to reply the finish frame + over a TLS connection correctly. + +23 February 2023: Wouter + - Fix for #852: Completion of error handling. + +21 February 2023: Philip + - Fix #825: Unexpected behavior with client-subnet-always-forward + and serve-expired + +10 February 2023: George + - Clean up iterator/iterator.c::error_response_cache() and allow for + better interaction with serve-expired, prefetch and cached error + responses. + +9 February 2023: George + - Allow TTL refresh of expired error responses. + - Add testcase for refreshing expired error responses. + +9 February 2023: Wouter + - Fix to ignore entirely empty responses, and try at another authority. + This turns completely empty responses, a type of noerror/nodata into + a servfail, but they do not conform to RFC2308, and the retry can + fetch improved content. + - Fix unit tests for spurious empty messages. + - Fix consistency of unit test without roundrobin answers for the + cnametooptout unit test. + - Fix to git ignore the library symbol file that configure can create. + +8 February 2023: Wouter + - Fix #841: Unbound won't build with aaaa-filter-iterator.patch. + +30 January 2023: George + - Add duration variable for speed_local.test. + +26 January 2023: Wouter + - Fix acx_nlnetlabs.m4 for -Wstrict-prototypes. + +23 January 2023: George + - Fix #833: [FR] Ability to set the Redis password. + +23 January 2023: Wouter + - Fix #835: [FR] Ability to use Redis unix sockets. + +20 January 2023: Wouter + - Merge #819: Added new static zone type block_a to suppress all A + queries for specific zones. + +19 January 2023: Wouter + - Set max-udp-size default to 1232. This is the same default value as + the default value for edns-buffer-size. It restricts client edns + buffer size choices, and makes unbound behave similar to other DNS + resolvers. The new choice, down from 4096 means it is harder to get + large responses from Unbound. Thanks to Xiang Li, from NISL Lab, + Tsinghua University. + - Add harden-unknown-additional option. It removes + unknown records from the authority section and additional section. + Thanks to Xiang Li, from NISL Lab, Tsinghua University. + - Set default for harden-unknown-additional to no. So that it does + not hamper future protocol developments. + - Fix test for new default. + +18 January 2023: Wouter + - Fix not following cleared RD flags potentially enables amplification + DDoS attacks, reported by Xiang Li and Wei Xu from NISL Lab, + Tsinghua University. The fix stops query loops, by refusing to send + RD=0 queries to a forwarder, they still get answered from cache. + +13 January 2023: Wouter + - Merge #826: Аdd a metric about the maximum number of collisions in + lrushah. + - Improve documentation for #826, describe the large collisions amount. + +9 January 2023: Wouter + - Fix python module install path detection. + - Fix python version detection in configure. + +6 January 2023: Wouter + - Fix #823: Response change to NODATA for some ANY queries since + 1.12, tested on 1.16.1. + - Fix wildcard in hyperlocal zone service degradation, reported + by Sergey Kacheev. This fix is included in 1.17.1rc2. + That became 1.17.1 on 12 Jan 2023, the code repo continues + with 1.17.2. 1.17.1 excludes fix #823, it is included forwards. + +5 January 2023: Wouter + - Tag for 1.17.1 release. + +2 January 2023: Wouter + - Fix windows compile for libunbound subprocess reap comm point closes. + - Update github workflows to use checkout v3. + +14 December 2022: George + - Merge #569 from JINMEI Tatuya: add keep-cache option to + 'unbound-control reload' to keep caches. + +13 December 2022: George + - Expose 'statistics-inhibit-zero' as a configuration option; the + default value retains Unbound's behavior. + - Expose 'max-sent-count' as a configuration option; the + default value retains Unbound's behavior. + - Merge #461 from Christian Allred: Add max-query-restarts option. + Exposes an internal configuration but the default value retains + Unbound's behavior. + +13 December 2022: Wouter + - Merge #808: Wrap Makefile script's directory variables in quotes. + - Fix to wrap Makefile scripts directory in quotes for uninstall. + +1 December 2022: Wouter + - Fix #773: When used with systemd-networkd, unbound does not start + until systemd-networkd-wait-online.service times out. + +30 November 2022: George + - Add SVCB and HTTPS to the types removed by 'unbound-control flush'. + - Clear documentation for interactivity between the subnet module and + the serve-expired and prefetch configuration options. + +30 November 2022: Wouter + - Fix #782: Segmentation fault in stats.c:404. + +28 November 2022: Wouter + - Fix for the ignore of tcp events for closed comm points, preserve + the use after free protection features. + +23 November 2022: Philip + - Merge #720 from jonathangray: fix use after free when + WSACreateEvent() fails. + +22 November 2022: George + - Ignore expired error responses. + 11 November 2022: Wouter - Fix #779: [doc] Missing documention in ub_resolve_event() for callback parameter was_ratelimited. diff --git a/doc/README.DNS64 b/doc/README.DNS64 index 49446ac57..71e2310ed 100644 --- a/doc/README.DNS64 +++ b/doc/README.DNS64 @@ -28,3 +28,23 @@ prefix. For example: ;; ANSWER SECTION: jazz-v4.viagenie.ca. 86400 IN AAAA 64:ff9b::ce7b:1f02 + +NAT64 support was added by David Lamparter in 2022; license(s) of the +surrounding code apply. Note that NAT64 is closely related but functionally +orthogonal to DNS64; it allows Unbound to send outgoing queries to IPv4-only +servers over IPv6 through the configured NAT64 prefix. This allows running +an Unbound instance on an IPv6-only host without breaking every single domain +that only has IPv4 servers. Whether that Unbound instance also does DNS64 is +an independent choice. + +To enable NAT64 in Unbound, add to unbound.conf's "server" section: + + do-nat64: yes + +The NAT64 prefix defaults to the DNS64 prefix, which in turn defaults to the +standard 64:FF9B::/96 prefix. You can reconfigure it with: + + nat64-prefix: 64:FF9B::/96 + +To test NAT64 operation, pick a domain that only has IPv4 reachability for its +nameservers and try resolving any names in that domain. diff --git a/doc/example.conf.in b/doc/example.conf.in index c21246e4c..0980212e1 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -35,9 +35,14 @@ server: # statistics-cumulative: no # enable extended statistics (query types, answer codes, status) - # printed from unbound-control. default off, because of speed. + # printed from unbound-control. Default off, because of speed. # extended-statistics: no + # Inhibits selected extended statistics (qtype, qclass, qopcode, rcode, + # rpz-actions) from printing if their value is 0. + # Default on. + # statistics-inhibit-zero: yes + # number of threads to create. 1 disables threading. # num-threads: 1 @@ -138,8 +143,8 @@ server: # edns-buffer-size: 1232 # Maximum UDP response size (not applied to TCP response). - # Suggested values are 512 to 4096. Default is 4096. 65536 disables it. - # max-udp-size: 4096 + # Suggested values are 512 to 4096. Default is 1232. 65536 disables it. + # max-udp-size: 1232 # max memory to use for stream(tcp and tls) waiting result buffers. # stream-wait-size: 4m @@ -173,6 +178,15 @@ server: # a throwaway response (also timeouts) is received. # outbound-msg-retry: 5 + # Hard limit on the number of outgoing queries Unbound will make while + # resolving a name, making sure large NS sets do not loop. + # It resets on query restarts (e.g., CNAME) and referrals. + # max-sent-count: 32 + + # Hard limit on the number of times Unbound is allowed to restart a + # query upon encountering a CNAME record. + # max-query-restarts: 11 + # msec for waiting for an unknown server to reply. Increase if you # are behind a slow satellite link, to eg. 1128. # unknown-server-time-limit: 376 @@ -229,6 +243,18 @@ server: # Enable IPv6, "yes" or "no". # do-ip6: yes + # If running unbound on an IPv6-only host, domains that only have + # IPv4 servers would become unresolveable. If NAT64 is available in + # the network, unbound can use NAT64 to reach these servers with + # the following option. This is NOT needed for enabling DNS64 on a + # system that has IPv4 connectivity. + # Consider also enabling prefer-ip6 to prefer native IPv6 connections + # to nameservers. + # do-nat64: no + + # NAT64 prefix. Defaults to using dns64-prefix value. + # nat64-prefix: 64:ff9b::0/96 + # Enable UDP, "yes" or "no". # do-udp: yes @@ -260,6 +286,10 @@ server: # Timeout for EDNS TCP keepalive, in msec. # edns-tcp-keepalive-timeout: 120000 + # UDP queries that have waited in the socket buffer for a long time + # can be dropped. Default is 0, disabled. In seconds, such as 3. + # sock-queue-timeout: 0 + # Use systemd socket activation for UDP, TCP, and control sockets. # use-systemd: no @@ -489,6 +519,10 @@ server: # to validate the zone. # harden-algo-downgrade: no + # Harden against unknown records in the authority section and the + # additional section. + # harden-unknown-additional: no + # Sent minimum amount of information to upstream servers to enhance # privacy. Only sent minimum required labels of the QNAME and set QTYPE # to A when possible. @@ -796,6 +830,8 @@ server: # o always_transparent, always_refuse, always_nxdomain, always_nodata, # always_deny resolve in that way but ignore local data for # that name + # o block_a resolves all records normally but returns + # NODATA for A queries and ignores local data for that name # o always_null returns 0.0.0.0 or ::0 for any name in the zone. # o noview breaks out of that view towards global local-zones. # @@ -1192,6 +1228,10 @@ remote-control: # redis-server-host: 127.0.0.1 # # redis server's TCP port # redis-server-port: 6379 +# # if the server uses a unix socket, set its path, or "" when not used. +# # redis-server-path: "/var/lib/redis/redis-server.sock" +# # if the server uses an AUTH password, specify here, or "" when not used. +# # redis-server-password: "" # # timeout (in ms) for communication with the redis server # redis-timeout: 100 # # set timeout on redis records based on DNS response TTL diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index d3147be6f..acbc89abe 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -54,6 +54,12 @@ Stop the server. The server daemon exits. .B reload Reload the server. This flushes the cache and reads the config file fresh. .TP +.B reload_keep_cache +Reload the server but try to keep the RRset and message cache if +(re)configuration allows for it. +That means the caches sizes and the number of threads must not change between +reloads. +.TP .B verbosity \fInumber Change verbosity value for logging. Same values as \fBverbosity\fR keyword in \fIunbound.conf\fR(5). This new setting lasts until the server is issued @@ -130,7 +136,7 @@ name specified. .TP .B flush \fIname Remove the name from the cache. Removes the types -A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR. +A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS. Because that is fast to do. Other record types can be removed using .B flush_type or @@ -392,6 +398,14 @@ as a cache response was sent. .I threadX.num.expired number of replies that served an expired cache entry. .TP +.I threadX.num.queries_timed_out +number of queries that are dropped because they waited in the UDP socket buffer +for too long. +.TP +.I threadX.query.queue_time_us.max +The maximum wait time for packets in the socket buffer, in microseconds. This +is only reported when sock-queue-timeout is enabled. +.TP .I threadX.num.recursivereplies The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries. .TP @@ -456,6 +470,12 @@ summed over threads. .I total.num.expired summed over threads. .TP +.I total.num.queries_timed_out +summed over threads. +.TP +.I total.query.queue_time_us.max +the maximum of the thread values. +.TP .I total.num.recursivereplies summed over threads. .TP @@ -647,6 +667,18 @@ timing and protocol support information. The number of items in the key cache. These are DNSSEC keys, one item per delegation point, and their validation status. .TP +.I msg.cache.max_collisions +The maximum number of hash table collisions in the msg cache. This is the +number of hashes that are identical when a new element is inserted in the +hash table. If the value is very large, like hundreds, something is wrong +with the performance of the hash table, hash values are incorrect or malicious. +.TP +.I rrset.cache.max_collisions +The maximum number of hash table collisions in the rrset cache. This is the +number of hashes that are identical when a new element is inserted in the +hash table. If the value is very large, like hundreds, something is wrong +with the performance of the hash table, hash values are incorrect or malicious. +.TP .I dnscrypt_shared_secret.cache.count The number of items in the shared secret cache. These are precomputed shared secrets for a given client public key/server secret key pair. Shared secrets @@ -686,7 +718,12 @@ Number of queries that got an answer that contained EDNS client subnet data. .I num.query.subnet_cache Number of queries answered from the edns client subnet cache. These are counted as cachemiss by the main counters, but hit the client subnet -specific cache, after getting processed by the edns client subnet module. +specific cache after getting processed by the edns client subnet module. +.TP +.I num.query.cachedb +Number of queries answered from the external cache of cachedb. +These are counted as cachemiss by the main counters, but hit the cachedb +external cache after getting processed by the cachedb module. .TP .I num.rpz.action. Number of queries answered using configured RPZ policy, per RPZ action type. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index d829008a7..cc554985d 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -112,6 +112,14 @@ If enabled, extended statistics are printed from \fIunbound\-control\fR(8). Default is off, because keeping track of more statistics takes time. The counters are listed in \fIunbound\-control\fR(8). .TP +.B statistics\-inhibit\-zero: \fI +If enabled, selected extended statistics with a value of 0 are inhibited from +printing with \fIunbound\-control\fR(8). +These are query types, query classes, query opcodes, answer rcodes +(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and +RPZ actions. +Default is on. +.TP .B num\-threads: \fI The number of threads to create to serve clients. Use 1 for no threading. .TP @@ -225,7 +233,8 @@ number). .B max\-udp\-size: \fI Maximum UDP response size (not applied to TCP response). 65536 disables the udp response size maximum, and uses the choice from the client, always. -Suggested values are 512 to 4096. Default is 4096. +Suggested values are 512 to 4096. Default is 1232. The default value is the +same as the default for edns\-buffer\-size. .TP .B stream\-wait\-size: \fI Number of bytes size maximum to use for waiting stream buffers. Default is @@ -496,6 +505,14 @@ configured, and finally to 0 if the number of free buffers falls below A minimum actual timeout of 200 milliseconds is observed regardless of the advertised timeout. .TP +.B sock\-queue\-timeout: \fI\fR +UDP queries that have waited in the socket buffer for a long time can be +dropped. Default is 0, disabled. The time is set in seconds, 3 could be a +good value to ignore old queries that likely the client does not need a reply +for any more. This could happen if the host has not been able to service +the queries for a while, i.e. Unbound is not running, and then is enabled +again. It uses timestamp socket options. +.TP .B tcp\-upstream: \fI Enable or disable whether the upstream queries use TCP only for transport. Default is no. Useful in tunneling scenarios. If set to no you can specify @@ -1011,6 +1028,12 @@ validate the zone. Default is no. Zone signers must produce zones that allow this feature to work, but sometimes they do not, and turning this option off avoids that validation failure. .TP +.B harden\-unknown\-additional: \fI +Harden against unknown records in the authority section and additional +section. Default is no. If no, such records are copied from the upstream +and presented to the client together with the answer. If yes, it could +hamper future protocol developments that want to add records. +.TP .B use\-caps\-for\-id: \fI Use 0x20\-encoded random bits in the query to foil spoof attempts. This perturbs the lowercase and uppercase of query names sent to @@ -1383,10 +1406,10 @@ address space are not validated. This is usually required whenever Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, inform, inform_deny, -inform_redirect, always_transparent, always_refuse, always_nxdomain, always_null, noview, -and are explained below. After that the default settings are listed. Use -local\-data: to enter data into the local zone. Answers for local zones -are authoritative DNS answers. By default the zones are class IN. +inform_redirect, always_transparent, block_a, always_refuse, always_nxdomain, +always_null, noview, and are explained below. After that the default settings +are listed. Use local\-data: to enter data into the local zone. Answers for +local zones are authoritative DNS answers. By default the zones are class IN. .IP If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for @@ -1461,6 +1484,12 @@ Ie. answer queries with fixed data and also log the machines that ask. \h'5'\fIalways_transparent\fR Like transparent, but ignores local data and resolves normally. .TP 10 +\h'5'\fIblock_a\fR +Like transparent, but ignores local data and resolves normally all query +types excluding A. For A queries it unconditionally returns NODATA. +Useful in cases when there is a need to explicitly force all apps to use +IPv6 protocol and avoid any queries to IPv4. +.TP 10 \h'5'\fIalways_refuse\fR Like refuse, but ignores local data and refuses the query. .TP 10 @@ -1820,6 +1849,21 @@ If a forward/stub zone is used, this is the number of retries per nameserver in the zone. Default is 5. .TP 5 +.B max\-sent\-count: \fI +Hard limit on the number of outgoing queries Unbound will make while resolving +a name, making sure large NS sets do not loop. +Results in SERVFAIL when reached. +It resets on query restarts (e.g., CNAME) and referrals. +Default is 32. +.TP 5 +.B max\-query\-restarts: \fI +Hard limit on the number of times Unbound is allowed to restart a query upon +encountering a CNAME record. +Results in SERVFAIL when reached. +Changing this value needs caution as it can allow long CNAME chains to be +accepted, where Unbound needs to verify (resolve) each link individually. +Default is 11. +.TP 5 .B fast\-server\-permil: \fI Specify how many times out of 1000 to pick from the set of fastest servers. 0 turns the feature off. A value of 900 would pick from the fastest @@ -1853,7 +1897,7 @@ errors. Default is "no". When the \fBval-log-level\fR option is also set to \fB2\fR, responses with Extended DNS Errors concerning DNSSEC failures that are not served from cache, will also contain a descriptive text message about the reason for the failure. -.TP +.TP 5 .B ede\-serve\-expired: \fI If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale Answer as EDNS0 option to the expired response. Note that this will not attach @@ -2068,13 +2112,32 @@ useful when you want immediate changes to be visible. Authority zones are configured with \fBauth\-zone:\fR, and each one must have a \fBname:\fR. There can be multiple ones, by listing multiple auth\-zone clauses, each with a different name, pertaining to that part of the namespace. The authority zone with the name closest to the name looked up is used. -Authority zones are processed after \fBlocal\-zones\fR and before -cache (\fBfor\-downstream:\fR \fIyes\fR), and when used in this manner -make Unbound respond like an authority server. Authority zones are also -processed after cache, just before going to the network to fetch -information for recursion (\fBfor\-upstream:\fR \fIyes\fR), and when used -in this manner provide a local copy of an authority server that speeds up -lookups of that data. +Authority zones can be processed on two distinct, non-exclusive, configurable +stages. +.LP +With \fBfor\-downstream:\fR \fIyes\fR (default), authority zones are processed +after \fBlocal\-zones\fR and before cache. +When used in this manner, Unbound responds like an authority server with no +further processing other than returning an answer from the zone contents. +A notable example, in this case, is CNAME records which are returned verbatim +to downstream clients without further resolution. +.LP +With \fBfor\-upstream:\fR \fIyes\fR (default), authority zones are processed +after the cache lookup, just before going to the network to fetch +information for recursion. +When used in this manner they provide a local copy of an authority server +that speeds up lookups for that data during resolving. +.LP +If both options are enabled (default), client queries for an authority zone are +answered authoritatively from Unbound, while internal queries that require data +from the authority zone consult the local zone data instead of going to the +network. +.LP +An interesting configuration is \fBfor\-downstream:\fR \fIno\fR, +\fBfor\-upstream:\fR \fIyes\fR that allows for hyperlocal behavior where both +client and internal queries consult the local zone data while resolving. +In this case, the aforementioned CNAME example will result in a thoroughly +resolved answer. .LP Authority zones can be read from zonefile. And can be kept updated via AXFR and IXFR. After update the zonefile is rewritten. The update mechanism @@ -2268,6 +2331,21 @@ List domain for which the AAAA records are ignored and the A record is used by dns64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given. +.SS "NAT64 Operation" +.LP +NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4-only +servers. It is controlled by two options in the \fBserver:\fR section: +.TP +.B do\-nat64: \fI\fR +Use NAT64 to reach IPv4-only servers. +Consider also enabling \fBprefer\-ip6\fR to prefer native IPv6 connections to +nameservers. +Default no. +.TP +.B nat64\-prefix: \fI\fR +Use a specific NAT64 prefix to reach IPv4-only servers. Defaults to using +the prefix configured in \fBdns64\-prefix\fR, which in turn defaults to +64:ff9b::/96. The prefix length must be one of /32, /40, /48, /56, /64 or /96. .SS "DNSCrypt Options" .LP The @@ -2358,6 +2436,9 @@ The maximum size of the ECS cache is controlled by 'msg-cache-size' in the configuration file. On top of that, for each query only 100 different subnets are allowed to be stored for each address family. Exceeding that number, older entries will be purged from cache. +.LP +This module does not interact with the \fBserve\-expired*\fR and +\fBprefetch:\fR options. .TP .B send\-client\-subnet: \fI\fR Send client source address to this authority. Append /num to indicate a @@ -2560,6 +2641,16 @@ This option defaults to "127.0.0.1". The TCP port number of the Redis server. This option defaults to 6379. .TP +.B redis-server-path: \fI\fR +The unix socket path to connect to the redis server. Off by default, and it +can be set to "" to turn this off. Unix sockets may have better throughput +than the IP address option. +.TP +.B redis-server-password: \fI""\fR +The Redis AUTH password to use for the redis server. +Only relevant if Redis is configured for client password authorisation. +Off by default, and it can be set to "" to turn this off. +.TP .B redis-timeout: \fI\fR The period until when Unbound waits for a response from the Redis sever. If this timeout expires Unbound closes the connection, treats it as diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c index 0f1df417f..13fd669b5 100644 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@ -204,6 +204,17 @@ subnetmod_init(struct module_env *env, int id) } alloc_init(&sn_env->alloc, NULL, 0); env->modinfo[id] = (void*)sn_env; + + /* Warn that serve-expired and prefetch do not work with the subnet + * module cache. */ + if(env->cfg->serve_expired) + log_warn( + "subnetcache: serve-expired is set but not working " + "for data originating from the subnet module cache."); + if(env->cfg->prefetch) + log_warn( + "subnetcache: prefetch is set but not working " + "for data originating from the subnet module cache."); /* Copy msg_cache settings */ sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs, HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size, @@ -341,7 +352,7 @@ update_cache(struct module_qstate *qstate, int id) ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash : query_info_hash(&qstate->qinfo, qstate->query_flags); /* Step 1, general qinfo lookup */ - struct lruhash_entry *lru_entry = slabhash_lookup(subnet_msg_cache, h, + struct lruhash_entry* lru_entry = slabhash_lookup(subnet_msg_cache, h, &qstate->qinfo, 1); int need_to_insert = (lru_entry == NULL); if (!lru_entry) { @@ -385,7 +396,7 @@ update_cache(struct module_qstate *qstate, int id) log_err("subnetcache: cache insertion failed"); return; } - + /* store RRsets */ for(i=0; irrset_count; i++) { rep->ref[i].key = rep->rrsets[i]; @@ -410,7 +421,7 @@ update_cache(struct module_qstate *qstate, int id) /** Lookup in cache and reply true iff reply is sent. */ static int -lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq) +lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq, int prefetch) { struct lruhash_entry *e; struct module_env *env = qstate->env; @@ -462,6 +473,10 @@ lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq) INET6_SIZE); sq->ecs_client_out.subnet_validdata = 1; } + + if (prefetch && *qstate->env->now >= ((struct reply_info *)node->elem)->prefetch_ttl) { + qstate->need_refetch = 1; + } return 1; } @@ -498,7 +513,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) * module_finished */ return module_finished; } - + /* We have not asked for subnet data */ if (!sq->subnet_sent) { if (s_in->subnet_validdata) @@ -507,7 +522,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) cp_edns_bad_response(c_out, c_in); return module_finished; } - + /* subnet sent but nothing came back */ if (!s_in->subnet_validdata) { /* The authority indicated no support for edns subnet. As a @@ -524,11 +539,11 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) cp_edns_bad_response(c_out, c_in); return module_finished; } - + /* Being here means we have asked for and got a subnet specific * answer. Also, the answer from the authority is not yet cached * anywhere. */ - + /* can we accept response? */ if(s_out->subnet_addr_fam != s_in->subnet_addr_fam || s_out->subnet_source_mask != s_in->subnet_source_mask || @@ -768,6 +783,11 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, &qstate->mesh_info->reply_list->query_reply.client_addr, &sq->ecs_client_in, qstate->env->cfg); } + else if(qstate->client_addr.ss_family != AF_UNSPEC) { + subnet_option_from_ss( + &qstate->client_addr, + &sq->ecs_client_in, qstate->env->cfg); + } if(sq->ecs_client_in.subnet_validdata == 0) { /* No clients are interested in result or we could not @@ -791,7 +811,9 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, if(!sq->started_no_cache_lookup && !qstate->blacklist) { lock_rw_wrlock(&sne->biglock); - if(lookup_and_reply(qstate, id, sq)) { + if(qstate->mesh_info->reply_list && + lookup_and_reply(qstate, id, sq, + qstate->env->cfg->prefetch)) { sne->num_msg_cache++; lock_rw_unlock(&sne->biglock); verbose(VERB_QUERY, "subnetcache: answered from cache"); diff --git a/iterator/iter_resptype.c b/iterator/iter_resptype.c index c2b824a0f..e85595b84 100644 --- a/iterator/iter_resptype.c +++ b/iterator/iter_resptype.c @@ -284,6 +284,13 @@ response_type_from_server(int rdset, /* If we've gotten this far, this is NOERROR/NODATA (which could * be an entirely empty message) */ + /* but ignore entirely empty messages, noerror/nodata has a soa + * negative ttl value in the authority section, this makes it try + * again at another authority. And turns it from a 5 second empty + * message into a 5 second servfail response. */ + if(msg->rep->an_numrrsets == 0 && msg->rep->ns_numrrsets == 0 && + msg->rep->ar_numrrsets == 0) + return RESPONSE_TYPE_THROWAWAY; /* check if recursive answer; saying it has empty cache */ if( (msg->rep->flags&BIT_RA) && !(msg->rep->flags&BIT_AA) && !rdset) return RESPONSE_TYPE_REC_LAME; diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index f093c1bf9..d1fedcd0f 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -346,6 +346,26 @@ soa_in_auth(struct msg_parse* msg) return 0; } +/** Check if type is allowed in the authority section */ +static int +type_allowed_in_authority_section(uint16_t tp) +{ + if(tp == LDNS_RR_TYPE_SOA || tp == LDNS_RR_TYPE_NS || + tp == LDNS_RR_TYPE_DS || tp == LDNS_RR_TYPE_NSEC || + tp == LDNS_RR_TYPE_NSEC3) + return 1; + return 0; +} + +/** Check if type is allowed in the additional section */ +static int +type_allowed_in_additional_section(uint16_t tp) +{ + if(tp == LDNS_RR_TYPE_A || tp == LDNS_RR_TYPE_AAAA) + return 1; + return 0; +} + /** * This routine normalizes a response. This includes removing "irrelevant" * records from the answer and additional sections and (re)synthesizing @@ -355,11 +375,13 @@ soa_in_auth(struct msg_parse* msg) * @param msg: msg to normalize. * @param qinfo: original query. * @param region: where to allocate synthesized CNAMEs. + * @param env: module env with config options. * @return 0 on error. */ static int scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, - struct query_info* qinfo, struct regional* region) + struct query_info* qinfo, struct regional* region, + struct module_env* env) { uint8_t* sname = qinfo->qname; size_t snamelen = qinfo->qname_len; @@ -511,6 +533,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, /* Mark additional names from AUTHORITY */ while(rrset && rrset->section == LDNS_SECTION_AUTHORITY) { + /* protect internals of recursor by making sure to del these */ if(rrset->type==LDNS_RR_TYPE_DNAME || rrset->type==LDNS_RR_TYPE_CNAME || rrset->type==LDNS_RR_TYPE_A || @@ -519,6 +542,13 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, "RRset:", pkt, msg, prev, &rrset); continue; } + /* Allowed list of types in the authority section */ + if(env->cfg->harden_unknown_additional && + !type_allowed_in_authority_section(rrset->type)) { + remove_rrset("normalize: removing irrelevant " + "RRset:", pkt, msg, prev, &rrset); + continue; + } /* only one NS set allowed in authority section */ if(rrset->type==LDNS_RR_TYPE_NS) { /* NS set must be pertinent to the query */ @@ -576,7 +606,6 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, * found in ANSWER and AUTHORITY. */ /* These records have not been marked OK previously */ while(rrset && rrset->section == LDNS_SECTION_ADDITIONAL) { - /* FIXME: what about other types? */ if(rrset->type==LDNS_RR_TYPE_A || rrset->type==LDNS_RR_TYPE_AAAA) { @@ -589,6 +618,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, continue; } } + /* protect internals of recursor by making sure to del these */ if(rrset->type==LDNS_RR_TYPE_DNAME || rrset->type==LDNS_RR_TYPE_CNAME || rrset->type==LDNS_RR_TYPE_NS) { @@ -596,6 +626,13 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, "RRset:", pkt, msg, prev, &rrset); continue; } + /* Allowed list of types in the additional section */ + if(env->cfg->harden_unknown_additional && + !type_allowed_in_additional_section(rrset->type)) { + remove_rrset("normalize: removing irrelevant " + "RRset:", pkt, msg, prev, &rrset); + continue; + } prev = rrset; rrset = rrset->rrset_all_next; } @@ -846,7 +883,7 @@ scrub_message(sldns_buffer* pkt, struct msg_parse* msg, } /* normalize the response, this cleans up the additional. */ - if(!scrub_normalize(pkt, msg, qinfo, region)) + if(!scrub_normalize(pkt, msg, qinfo, region, env)) return 0; /* delete all out-of-zone information */ if(!scrub_sanitize(pkt, msg, qinfo, zonename, env, ie)) diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index 56b184a02..961f76241 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -71,6 +71,11 @@ /** time when nameserver glue is said to be 'recent' */ #define SUSPICION_RECENT_EXPIRY 86400 +/** if NAT64 is enabled and no NAT64 prefix is configured, first fall back to + * DNS64 prefix. If that is not configured, fall back to this default value. + */ +static const char DEFAULT_NAT64_PREFIX[] = "64:ff9b::/96"; + /** fillup fetch policy array */ static void fetch_fill(struct iter_env* ie, const char* str) @@ -142,6 +147,7 @@ caps_white_apply_cfg(rbtree_type* ntree, struct config_file* cfg) int iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) { + const char *nat64_prefix; int i; /* target fetch policy */ if(!read_fetch_policy(iter_env, cfg->target_fetch_policy)) @@ -172,9 +178,35 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) } } + + nat64_prefix = cfg->nat64_prefix; + if(!nat64_prefix) + nat64_prefix = cfg->dns64_prefix; + if(!nat64_prefix) + nat64_prefix = DEFAULT_NAT64_PREFIX; + if(!netblockstrtoaddr(nat64_prefix, 0, &iter_env->nat64_prefix_addr, + &iter_env->nat64_prefix_addrlen, + &iter_env->nat64_prefix_net)) { + log_err("cannot parse nat64-prefix netblock: %s", nat64_prefix); + return 0; + } + if(!addr_is_ip6(&iter_env->nat64_prefix_addr, + iter_env->nat64_prefix_addrlen)) { + log_err("nat64-prefix is not IPv6: %s", cfg->nat64_prefix); + return 0; + } + if(!prefixnet_is_nat64(iter_env->nat64_prefix_net)) { + log_err("nat64-prefix length it not 32, 40, 48, 56, 64 or 96: %s", + nat64_prefix); + return 0; + } + iter_env->supports_ipv6 = cfg->do_ip6; iter_env->supports_ipv4 = cfg->do_ip4; + iter_env->use_nat64 = cfg->do_nat64; iter_env->outbound_msg_retry = cfg->outbound_msg_retry; + iter_env->max_sent_count = cfg->max_sent_count; + iter_env->max_query_restarts = cfg->max_query_restarts; return 1; } @@ -238,7 +270,8 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, if(!iter_env->supports_ipv6 && addr_is_ip6(&a->addr, a->addrlen)) { return -1; /* there is no ip6 available */ } - if(!iter_env->supports_ipv4 && !addr_is_ip6(&a->addr, a->addrlen)) { + if(!iter_env->supports_ipv4 && !iter_env->use_nat64 && + !addr_is_ip6(&a->addr, a->addrlen)) { return -1; /* there is no ip4 available */ } /* check lameness - need zone , class info */ @@ -745,10 +778,15 @@ iter_mark_pside_cycle_targets(struct module_qstate* qstate, struct delegpt* dp) int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp, int supports_ipv4, int supports_ipv6) + struct delegpt* dp, int supports_ipv4, int supports_ipv6, + int use_nat64) { struct delegpt_ns* ns; struct delegpt_addr* a; + + if(supports_ipv6 && use_nat64) + supports_ipv4 = 1; + /* check: * o RD qflag is on. * o no addresses are provided. diff --git a/iterator/iter_utils.h b/iterator/iter_utils.h index 850be96a6..fa860fa68 100644 --- a/iterator/iter_utils.h +++ b/iterator/iter_utils.h @@ -189,10 +189,13 @@ void iter_mark_pside_cycle_targets(struct module_qstate* qstate, * if not, then the IPv4 addresses are useless. * @param supports_ipv6: if we support ipv6 for lookups to the target. * if not, then the IPv6 addresses are useless. + * @param use_nat64: if we support NAT64 for lookups to the target. + * if yes, IPv4 addresses are useful even if we don't support IPv4. * @return true if dp is useless. */ -int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp, int supports_ipv4, int supports_ipv6); +int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, + struct delegpt* dp, int supports_ipv4, int supports_ipv6, + int use_nat64); /** * See if qname has DNSSEC needs. This is true if there is a trust anchor above diff --git a/iterator/iterator.c b/iterator/iterator.c index f30616ddc..a31e95c05 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -255,7 +255,7 @@ error_supers(struct module_qstate* qstate, int id, struct module_qstate* super) log_err("out of memory adding missing"); } delegpt_mark_neg(dpns, qstate->qinfo.qtype); - if((dpns->got4 == 2 || !ie->supports_ipv4) && + if((dpns->got4 == 2 || (!ie->supports_ipv4 && !ie->use_nat64)) && (dpns->got6 == 2 || !ie->supports_ipv6)) { dpns->resolved = 1; /* mark as failed */ target_count_increase_nx(super_iq, 1); @@ -302,82 +302,65 @@ error_response(struct module_qstate* qstate, int id, int rcode) static int error_response_cache(struct module_qstate* qstate, int id, int rcode) { - if(!qstate->no_cache_store) { - /* store in cache */ - struct reply_info err; - if(qstate->prefetch_leeway > NORR_TTL) { - verbose(VERB_ALGO, "error response for prefetch in cache"); - /* attempt to adjust the cache entry prefetch */ - if(dns_cache_prefetch_adjust(qstate->env, &qstate->qinfo, - NORR_TTL, qstate->query_flags)) - return error_response(qstate, id, rcode); - /* if that fails (not in cache), fall through to store err */ - } - if(qstate->env->cfg->serve_expired) { - /* if serving expired contents, and such content is - * already available, don't overwrite this servfail */ - struct msgreply_entry* msg; - if((msg=msg_cache_lookup(qstate->env, - qstate->qinfo.qname, qstate->qinfo.qname_len, - qstate->qinfo.qtype, qstate->qinfo.qclass, - qstate->query_flags, 0, - qstate->env->cfg->serve_expired_ttl_reset)) - != NULL) { - if(qstate->env->cfg->serve_expired_ttl_reset) { - struct reply_info* rep = - (struct reply_info*)msg->entry.data; - if(rep && *qstate->env->now + - qstate->env->cfg->serve_expired_ttl > - rep->serve_expired_ttl) { - rep->serve_expired_ttl = - *qstate->env->now + - qstate->env->cfg->serve_expired_ttl; - } - } - lock_rw_unlock(&msg->entry.lock); - return error_response(qstate, id, rcode); - } - /* serving expired contents, but nothing is cached - * at all, so the servfail cache entry is useful - * (stops waste of time on this servfail NORR_TTL) */ - } else { - /* don't overwrite existing (non-expired) data in - * cache with a servfail */ - struct msgreply_entry* msg; - if((msg=msg_cache_lookup(qstate->env, - qstate->qinfo.qname, qstate->qinfo.qname_len, - qstate->qinfo.qtype, qstate->qinfo.qclass, - qstate->query_flags, *qstate->env->now, 0)) - != NULL) { - struct reply_info* rep = (struct reply_info*) - msg->entry.data; - if(FLAGS_GET_RCODE(rep->flags) == - LDNS_RCODE_NOERROR || - FLAGS_GET_RCODE(rep->flags) == - LDNS_RCODE_NXDOMAIN) { - /* we have a good entry, - * don't overwrite */ - lock_rw_unlock(&msg->entry.lock); - return error_response(qstate, id, rcode); - } - lock_rw_unlock(&msg->entry.lock); - } - - } - memset(&err, 0, sizeof(err)); - err.flags = (uint16_t)(BIT_QR | BIT_RA); - FLAGS_SET_RCODE(err.flags, rcode); - err.qdcount = 1; - err.ttl = NORR_TTL; - err.prefetch_ttl = PREFETCH_TTL_CALC(err.ttl); - err.serve_expired_ttl = NORR_TTL; - /* do not waste time trying to validate this servfail */ - err.security = sec_status_indeterminate; - err.reason_bogus_str = NULL; - verbose(VERB_ALGO, "store error response in message cache"); - iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL, - qstate->query_flags, qstate->qstarttime); + struct reply_info err; + struct msgreply_entry* msg; + if(qstate->no_cache_store) { + return error_response(qstate, id, rcode); } + if(qstate->prefetch_leeway > NORR_TTL) { + verbose(VERB_ALGO, "error response for prefetch in cache"); + /* attempt to adjust the cache entry prefetch */ + if(dns_cache_prefetch_adjust(qstate->env, &qstate->qinfo, + NORR_TTL, qstate->query_flags)) + return error_response(qstate, id, rcode); + /* if that fails (not in cache), fall through to store err */ + } + if((msg=msg_cache_lookup(qstate->env, + qstate->qinfo.qname, qstate->qinfo.qname_len, + qstate->qinfo.qtype, qstate->qinfo.qclass, + qstate->query_flags, 0, + qstate->env->cfg->serve_expired_ttl_reset)) != NULL) { + struct reply_info* rep = (struct reply_info*)msg->entry.data; + if(qstate->env->cfg->serve_expired && + qstate->env->cfg->serve_expired_ttl_reset && rep && + *qstate->env->now + qstate->env->cfg->serve_expired_ttl + > rep->serve_expired_ttl) { + verbose(VERB_ALGO, "reset serve-expired-ttl for " + "response in cache"); + rep->serve_expired_ttl = *qstate->env->now + + qstate->env->cfg->serve_expired_ttl; + } + if(rep && (FLAGS_GET_RCODE(rep->flags) == + LDNS_RCODE_NOERROR || + FLAGS_GET_RCODE(rep->flags) == + LDNS_RCODE_NXDOMAIN || + FLAGS_GET_RCODE(rep->flags) == + LDNS_RCODE_YXDOMAIN) && + (qstate->env->cfg->serve_expired || + *qstate->env->now <= rep->ttl)) { + /* we have a good entry, don't overwrite */ + lock_rw_unlock(&msg->entry.lock); + return error_response(qstate, id, rcode); + } + lock_rw_unlock(&msg->entry.lock); + /* nothing interesting is cached (already error response or + * expired good record when we don't serve expired), so this + * servfail cache entry is useful (stops waste of time on this + * servfail NORR_TTL) */ + } + /* store in cache */ + memset(&err, 0, sizeof(err)); + err.flags = (uint16_t)(BIT_QR | BIT_RA); + FLAGS_SET_RCODE(err.flags, rcode); + err.qdcount = 1; + err.ttl = NORR_TTL; + err.prefetch_ttl = PREFETCH_TTL_CALC(err.ttl); + err.serve_expired_ttl = NORR_TTL; + /* do not waste time trying to validate this servfail */ + err.security = sec_status_indeterminate; + verbose(VERB_ALGO, "store error response in message cache"); + iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL, + qstate->query_flags, qstate->qstarttime); return error_response(qstate, id, rcode); } @@ -1138,7 +1121,7 @@ generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq, * Generate a NS check request to obtain authoritative information * on an NS rrset. * - * @param qstate: the qtstate that triggered the need to prime. + * @param qstate: the qstate that triggered the need to prime. * @param iq: iterator query state. * @param id: module id. */ @@ -1315,7 +1298,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, /* We enforce a maximum number of query restarts. This is primarily a * cheap way to prevent CNAME loops. */ - if(iq->query_restart_count > MAX_RESTART_COUNT) { + if(iq->query_restart_count > ie->max_query_restarts) { verbose(VERB_QUERY, "request has exceeded the maximum number" " of query restarts with %d", iq->query_restart_count); errinf(qstate, "request has exceeded the maximum number " @@ -1452,6 +1435,19 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, errinf(qstate, "malloc failure for forward zone"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } + if((qstate->query_flags&BIT_RD)==0) { + /* If the server accepts RD=0 queries and forwards + * with RD=1, then if the server is listed as an NS + * entry, it starts query loops. Stop that loop by + * disallowing the query. The RD=0 was previously used + * to check the cache with allow_snoop. For stubs, + * the iterator pass would have primed the stub and + * then cached information can be used for further + * queries. */ + verbose(VERB_ALGO, "cannot forward RD=0 query, to stop query loops"); + errinf(qstate, "cannot forward RD=0 query"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } iq->refetch_glue = 0; iq->minimisation_state = DONOT_MINIMISE_STATE; /* the request has been forwarded. @@ -1561,18 +1557,19 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, /* see if this dp not useless. * It is useless if: - * o all NS items are required glue. + * o all NS items are required glue. * or the query is for NS item that is required glue. * o no addresses are provided. * o RD qflag is on. * Instead, go up one level, and try to get even further - * If the root was useless, use safety belt information. + * If the root was useless, use safety belt information. * Only check cache returns, because replies for servers * could be useless but lead to loops (bumping into the * same server reply) if useless-checked. */ - if(iter_dp_is_useless(&qstate->qinfo, qstate->query_flags, - iq->dp, ie->supports_ipv4, ie->supports_ipv6)) { + if(iter_dp_is_useless(&qstate->qinfo, qstate->query_flags, + iq->dp, ie->supports_ipv4, ie->supports_ipv6, + ie->use_nat64)) { struct delegpt* retdp = NULL; if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen, iq->qchase.qclass, &retdp)) { if(retdp) { @@ -1933,7 +1930,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, break; } /* Send the A request. */ - if(ie->supports_ipv4 && + if((ie->supports_ipv4 || ie->use_nat64) && ((ns->lame && !ns->done_pside4) || (!ns->lame && !ns->got4))) { if(!generate_target_query(qstate, iq, id, @@ -2086,14 +2083,14 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, /* if this nameserver is at a delegation point, but that * delegation point is a stub and we cannot go higher, skip*/ if( ((ie->supports_ipv6 && !ns->done_pside6) || - (ie->supports_ipv4 && !ns->done_pside4)) && + ((ie->supports_ipv4 || ie->use_nat64) && !ns->done_pside4)) && !can_have_last_resort(qstate->env, ns->name, ns->namelen, iq->qchase.qclass, NULL)) { log_nametypeclass(VERB_ALGO, "cannot pside lookup ns " "because it is also a stub/forward,", ns->name, LDNS_RR_TYPE_NS, iq->qchase.qclass); if(ie->supports_ipv6) ns->done_pside6 = 1; - if(ie->supports_ipv4) ns->done_pside4 = 1; + if(ie->supports_ipv4 || ie->use_nat64) ns->done_pside4 = 1; continue; } /* query for parent-side A and AAAA for nameservers */ @@ -2118,7 +2115,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, return 0; } } - if(ie->supports_ipv4 && !ns->done_pside4) { + if((ie->supports_ipv4 || ie->use_nat64) && !ns->done_pside4) { /* Send the A request. */ if(!generate_parentside_target_query(qstate, iq, id, ns->name, ns->namelen, @@ -2260,6 +2257,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, int tf_policy; struct delegpt_addr* target; struct outbound_entry* outq; + struct sockaddr_storage real_addr; + socklen_t real_addrlen; int auth_fallback = 0; uint8_t* qout_orig = NULL; size_t qout_orig_len = 0; @@ -2283,7 +2282,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, errinf(qstate, "exceeded the maximum of referrals"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } - if(iq->sent_count > MAX_SENT_COUNT) { + if(iq->sent_count > ie->max_sent_count) { verbose(VERB_QUERY, "request has exceeded the maximum " "number of sends with %d", iq->sent_count); errinf(qstate, "exceeded the maximum number of sends"); @@ -2385,7 +2384,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } if(!ie->supports_ipv6) delegpt_no_ipv6(iq->dp); - if(!ie->supports_ipv4) + if(!ie->supports_ipv4 && !ie->use_nat64) delegpt_no_ipv4(iq->dp); delegpt_log(VERB_ALGO, iq->dp); @@ -2630,7 +2629,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * the original query is one that matched too, so we have * caps_server+1 number of matching queries now */ if(iq->caps_server+1 >= naddr*3 || - iq->caps_server*2+2 >= MAX_SENT_COUNT) { + iq->caps_server*2+2 >= (size_t)ie->max_sent_count) { /* *2 on sentcount check because ipv6 may fail */ /* we're done, process the response */ verbose(VERB_ALGO, "0x20 fallback had %d responses " @@ -2806,12 +2805,24 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* We have a valid target. */ if(verbosity >= VERB_QUERY) { log_query_info(VERB_QUERY, "sending query:", &iq->qinfo_out); - log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name, + log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name, &target->addr, target->addrlen); verbose(VERB_ALGO, "dnssec status: %s%s", iq->dnssec_expected?"expected": "not expected", iq->dnssec_lame_query?" but lame_query anyway": ""); } + + real_addr = target->addr; + real_addrlen = target->addrlen; + + if(ie->use_nat64 && target->addr.ss_family == AF_INET) { + addr_to_nat64(&target->addr, &ie->nat64_prefix_addr, + ie->nat64_prefix_addrlen, ie->nat64_prefix_net, + &real_addr, &real_addrlen); + log_name_addr(VERB_QUERY, "applied NAT64:", + iq->dp->name, &real_addr, real_addrlen); + } + fptr_ok(fptr_whitelist_modenv_send_query(qstate->env->send_query)); outq = (*qstate->env->send_query)(&iq->qinfo_out, iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), @@ -2822,7 +2833,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, !qstate->blacklist&&(!iter_qname_indicates_dnssec(qstate->env, &iq->qinfo_out)||target->attempts==1)?0:BIT_CD), iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted( - ie, iq), sq_check_ratelimit, &target->addr, target->addrlen, + ie, iq), sq_check_ratelimit, &real_addr, real_addrlen, iq->dp->name, iq->dp->namelen, (iq->dp->tcp_upstream || qstate->env->cfg->tcp_upstream), (iq->dp->ssl_upstream || qstate->env->cfg->ssl_upstream), @@ -2839,7 +2850,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } log_addr(VERB_QUERY, "error sending query to auth server", - &target->addr, target->addrlen); + &real_addr, real_addrlen); if(qstate->env->cfg->qname_minimisation) iq->minimisation_state = SKIP_MINIMISE_STATE; return next_state(iq, QUERYTARGETS_STATE); @@ -2883,7 +2894,7 @@ static int processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, struct iter_env* ie, int id) { - int dnsseclame = 0; + int dnsseclame = 0, origtypecname = 0; enum response_type type; iq->num_current_queries--; @@ -2966,6 +2977,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, /* YXDOMAIN is a permanent error, no need to retry */ type = RESPONSE_TYPE_ANSWER; } + if(type == RESPONSE_TYPE_CNAME) + origtypecname = 1; if(type == RESPONSE_TYPE_CNAME && iq->response->rep->an_numrrsets >= 1 && ntohs(iq->response->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DNAME) { uint8_t* sname = NULL; @@ -3051,11 +3064,14 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iq->minimisation_state = DONOT_MINIMISE_STATE; } if(FLAGS_GET_RCODE(iq->response->rep->flags) == - LDNS_RCODE_NXDOMAIN) { + LDNS_RCODE_NXDOMAIN && !origtypecname) { /* Stop resolving when NXDOMAIN is DNSSEC * signed. Based on assumption that nameservers * serving signed zones do not return NXDOMAIN * for empty-non-terminals. */ + /* If this response is actually a CNAME type, + * the nxdomain rcode may not be for the qname, + * and so it is not the final response. */ if(iq->dnssec_expected) return final_state(iq); /* Make subrequest to validate intermediate @@ -3565,7 +3581,7 @@ processTargetResponse(struct module_qstate* qstate, int id, } else { verbose(VERB_ALGO, "iterator TargetResponse failed"); delegpt_mark_neg(dpns, qstate->qinfo.qtype); - if((dpns->got4 == 2 || !ie->supports_ipv4) && + if((dpns->got4 == 2 || (!ie->supports_ipv4 && !ie->use_nat64)) && (dpns->got6 == 2 || !ie->supports_ipv6)) { dpns->resolved = 1; /* fail the target */ /* do not count cached answers */ @@ -3810,9 +3826,8 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, /* make sure QR flag is on */ iq->response->rep->flags |= BIT_QR; - /* explicitly set the EDE string size to 0 */ + /* explicitly set the EDE string to NULL */ iq->response->rep->reason_bogus_str = NULL; - iq->response->rep->reason_bogus_str_size = 0; /* we have finished processing this query */ qstate->ext_state[id] = module_finished; diff --git a/iterator/iterator.h b/iterator/iterator.h index 18d3270a0..74299e05a 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@ -63,13 +63,8 @@ struct rbtree_type; /** max number of nxdomains allowed for target lookups for a query and * its subqueries when fallback has kicked in */ #define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2) -/** max number of query restarts. Determines max number of CNAME chain. */ -#define MAX_RESTART_COUNT 11 /** max number of referrals. Makes sure resolver does not run away */ #define MAX_REFERRAL_COUNT 130 -/** max number of queries-sent-out. Make sure large NS set does not loop. - * Resets on query restarts (e.g., CNAMES) and referrals. */ -#define MAX_SENT_COUNT 32 /** max number of queries for which to perform dnsseclameness detection, * (rrsigs missing detection) after that, just pick up that response */ #define DNSSEC_LAME_DETECT_COUNT 4 @@ -108,7 +103,7 @@ extern int BLACKLIST_PENALTY; #define RTT_BAND 400 /** - * Global state for the iterator. + * Global state for the iterator. */ struct iter_env { /** A flag to indicate whether or not we have an IPv6 route */ @@ -117,6 +112,18 @@ struct iter_env { /** A flag to indicate whether or not we have an IPv4 route */ int supports_ipv4; + /** A flag to locally apply NAT64 to make IPv4 addrs into IPv6 */ + int use_nat64; + + /** NAT64 prefix address, cf. dns64_env->prefix_addr */ + struct sockaddr_storage nat64_prefix_addr; + + /** sizeof(sockaddr_in6) */ + socklen_t nat64_prefix_addrlen; + + /** CIDR mask length of NAT64 prefix */ + int nat64_prefix_net; + /** A set of inetaddrs that should never be queried. */ struct iter_donotq* donotq; @@ -146,6 +153,12 @@ struct iter_env { /** number of retries on outgoing queries */ int outbound_msg_retry; + + /** number of queries_sent */ + int max_sent_count; + + /** max number of query restarts to limit length of CNAME chain */ + int max_query_restarts; }; /** diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index 225457e73..80a82bb47 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -311,6 +311,7 @@ ub_ctx_delete(struct ub_ctx* ctx) * it and only one should clean up, the one with getpid == pipe_pid.*/ if(ctx->created_bg && ctx->pipe_pid != getpid()) { do_stop = 0; +#ifndef USE_WINSOCK /* Stop events from getting deregistered, if the backend is * epoll, the epoll fd is the same as the other process. * That process should deregister them. */ @@ -322,6 +323,7 @@ ub_ctx_delete(struct ub_ctx* ctx) ctx->rr_pipe->listen_com->event_added = 0; if(ctx->rr_pipe->res_com) ctx->rr_pipe->res_com->event_added = 0; +#endif } /* see if bg thread is created and if threads have been killed */ /* no locks, because those may be held by terminated threads */ diff --git a/libunbound/libworker.c b/libunbound/libworker.c index b9ef02217..ebc1df2e5 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -168,14 +168,12 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) hints_delete(w->env->hints); w->env->hints = NULL; } - if(cfg->ssl_upstream || (cfg->tls_cert_bundle && cfg->tls_cert_bundle[0]) || cfg->tls_win_cert) { - w->sslctx = connect_sslctx_create(NULL, NULL, - cfg->tls_cert_bundle, cfg->tls_win_cert); - if(!w->sslctx) { - /* to make the setup fail after unlock */ - hints_delete(w->env->hints); - w->env->hints = NULL; - } + w->sslctx = connect_sslctx_create(NULL, NULL, + cfg->tls_cert_bundle, cfg->tls_win_cert); + if(!w->sslctx) { + /* to make the setup fail after unlock */ + hints_delete(w->env->hints); + w->env->hints = NULL; } if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i index c9549bf90..0cdb3d7e5 100644 --- a/libunbound/python/libunbound.i +++ b/libunbound/python/libunbound.i @@ -36,6 +36,9 @@ %begin %{ /* store state of warning output, restored at later pop */ #pragma GCC diagnostic push +/* ignore warnings for pragma below, where for older GCC it can produce a + warning if the cast-function-type warning is absent. */ +#pragma GCC diagnostic ignored "-Wpragmas" /* ignore gcc8 METH_NOARGS function cast warnings for swig function pointers */ #pragma GCC diagnostic ignored "-Wcast-function-type" %} diff --git a/libunbound/unbound-event.h b/libunbound/unbound-event.h index 5fa74df78..5ca81908a 100644 --- a/libunbound/unbound-event.h +++ b/libunbound/unbound-event.h @@ -52,8 +52,8 @@ * unbound was compiled with, otherwise it wouldn't work, the event and * event_base structures would be different. */ -#ifndef _UB_UNBOUND_EVENT_H -#define _UB_UNBOUND_EVENT_H +#ifndef UB_UNBOUND_EVENT_H +#define UB_UNBOUND_EVENT_H #ifdef __cplusplus extern "C" { @@ -262,4 +262,4 @@ int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype, } #endif -#endif /* _UB_UNBOUND_H */ +#endif /* UB_UNBOUND_EVENT_H */ diff --git a/libunbound/unbound.h b/libunbound/unbound.h index c779d183e..97be66a88 100644 --- a/libunbound/unbound.h +++ b/libunbound/unbound.h @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -36,7 +36,7 @@ /** * \file * - * This file contains functions to resolve DNS queries and + * This file contains functions to resolve DNS queries and * validate the answers. Synchronously and asynchronously. * * Several ways to use this interface from an application wishing @@ -65,7 +65,7 @@ * ... or process() calls my_callback() with results. * * ... if the application has nothing more to do, wait for answer - * ub_wait(ctx); + * ub_wait(ctx); * * Application threaded. Blocking. * Blocking, same as above. The current thread does the work. @@ -83,7 +83,7 @@ * CRYPTO_set_id_callback and CRYPTO_set_locking_callback. * * If no threading is compiled in, the above async example uses fork(2) to - * create a process to perform the work. The forked process exits when the + * create a process to perform the work. The forked process exits when the * calling process exits, or ctx_delete() is called. * Otherwise, for asynchronous with threading, a worker thread is created. * @@ -94,8 +94,8 @@ * The second calls another worker thread (or process) to perform the work. * And no buffers need to be set up, but a context-switch happens. */ -#ifndef _UB_UNBOUND_H -#define _UB_UNBOUND_H +#ifndef UB_UNBOUND_H +#define UB_UNBOUND_H #ifdef __cplusplus extern "C" { @@ -128,10 +128,10 @@ struct ub_result { /** the class asked for */ int qclass; - /** - * a list of network order DNS rdata items, terminated with a + /** + * a list of network order DNS rdata items, terminated with a * NULL pointer, so that data[0] is the first result entry, - * data[1] the second, and the last entry is NULL. + * data[1] the second, and the last entry is NULL. * If there was no data, data[0] is NULL. */ char** data; @@ -139,8 +139,8 @@ struct ub_result { /** the length in bytes of the data items, len[i] for data[i] */ int* len; - /** - * canonical name for the result (the final cname). + /** + * canonical name for the result (the final cname). * zero terminated string. * May be NULL if no canonical name exists. */ @@ -165,9 +165,9 @@ struct ub_result { */ int havedata; - /** + /** * If there was no data, and the domain did not exist, this is true. - * If it is false, and there was no data, then the domain name + * If it is false, and there was no data, then the domain name * is purported to exist, but the requested data type is not available. */ int nxdomain; @@ -182,19 +182,19 @@ struct ub_result { */ int secure; - /** - * If the result was not secure (secure==0), and this result is due + /** + * If the result was not secure (secure==0), and this result is due * to a security failure, bogus is true. * This means the data has been actively tampered with, signatures - * failed, expected signatures were not present, timestamps on + * failed, expected signatures were not present, timestamps on * signatures were out of date and so on. * - * If !secure and !bogus, this can happen if the data is not secure - * because security is disabled for that domain name. + * If !secure and !bogus, this can happen if the data is not secure + * because security is disabled for that domain name. * This means the data is from a domain where data is not signed. */ int bogus; - + /** * If the result is bogus this contains a string (zero terminated) * that describes the failure. There may be other errors as well @@ -222,7 +222,7 @@ struct ub_result { * The readable function definition looks like: * void my_callback(void* my_arg, int err, struct ub_result* result); * It is called with - * void* my_arg: your pointer to a (struct of) data of your choice, + * void* my_arg: your pointer to a (struct of) data of your choice, * or NULL. * int err: if 0 all is OK, otherwise an error occurred and no results * are forthcoming. @@ -301,8 +301,8 @@ int ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val); * This is a power-users interface that lets you specify all sorts * of options. * @param str: the string is malloced and returned here. NULL on error. - * The caller must free() the string. In cases with multiple - * entries (auto-trust-anchor-file), a newline delimited list is + * The caller must free() the string. In cases with multiple + * entries (auto-trust-anchor-file), a newline delimited list is * returned in the string. * @return 0 if OK else an error code (malloc failure, syntax error). */ @@ -321,10 +321,10 @@ int ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str); int ub_ctx_config(struct ub_ctx* ctx, const char* fname); /** - * Set machine to forward DNS queries to, the caching resolver to use. - * IP4 or IP6 address. Forwards all DNS requests to that machine, which - * is expected to run a recursive resolver. If the proxy is not - * DNSSEC-capable, validation may fail. Can be called several times, in + * Set machine to forward DNS queries to, the caching resolver to use. + * IP4 or IP6 address. Forwards all DNS requests to that machine, which + * is expected to run a recursive resolver. If the proxy is not + * DNSSEC-capable, validation may fail. Can be called several times, in * that case the addresses are used as backup servers. * * To read the list of nameservers from /etc/resolv.conf (from DHCP or so), @@ -389,7 +389,7 @@ int ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname); /** * Read list of hosts from the filename given. - * Usually "/etc/hosts". + * Usually "/etc/hosts". * These addresses are not flagged as DNSSEC secure when queried for. * * @param ctx: context. @@ -403,7 +403,7 @@ int ub_ctx_hosts(struct ub_ctx* ctx, const char* fname); /** * Add a trust anchor to the given context. * The trust anchor is a string, on one line, that holds a valid DNSKEY or - * DS RR. + * DS RR. * @param ctx: context. * At this time it is only possible to add trusted keys before the * first resolve is done. @@ -465,7 +465,7 @@ int ub_ctx_debugout(struct ub_ctx* ctx, void* out); * Set debug verbosity for the context * Output is directed to stderr. * @param ctx: context. - * @param d: debug level, 0 is off, 1 is very minimal, 2 is detailed, + * @param d: debug level, 0 is off, 1 is very minimal, 2 is detailed, * and 3 is lots. * @return 0 if OK, else error. */ @@ -474,10 +474,10 @@ int ub_ctx_debuglevel(struct ub_ctx* ctx, int d); /** * Set a context behaviour for asynchronous action. * @param ctx: context. - * @param dothread: if true, enables threading and a call to resolve_async() + * @param dothread: if true, enables threading and a call to resolve_async() * creates a thread to handle work in the background. * If false, a process is forked to handle work in the background. - * Changes to this setting after async() calls have been made have + * Changes to this setting after async() calls have been made have * no effect (delete and re-create the context to change). * @return 0 if OK, else error. */ @@ -495,7 +495,7 @@ int ub_poll(struct ub_ctx* ctx); /** * Wait for a context to finish with results. Calls ub_process() after - * the wait for you. After the wait, there are no more outstanding + * the wait for you. After the wait, there are no more outstanding * asynchronous queries. * @param ctx: context. * @return: 0 if OK, else error. @@ -530,11 +530,11 @@ int ub_process(struct ub_ctx* ctx); * @param rrtype: type of RR in host order, 1 is A (address). * @param rrclass: class of RR in host order, 1 is IN (for internet). * @param result: the result data is returned in a newly allocated result - * structure. May be NULL on return, return value is set to an error + * structure. May be NULL on return, return value is set to an error * in that case (out of memory). * @return 0 if OK, else error. */ -int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, +int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, struct ub_result** result); /** @@ -561,11 +561,11 @@ int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, * If an error happens during processing, your callback will be called * with error set to a nonzero value (and result==NULL). * @param async_id: if you pass a non-NULL value, an identifier number is - * returned for the query as it is in progress. It can be used to + * returned for the query as it is in progress. It can be used to * cancel the query. * @return 0 if OK, else error. */ -int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, +int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, void* mydata, ub_callback_type callback, int* async_id); /** @@ -589,7 +589,7 @@ int ub_cancel(struct ub_ctx* ctx, int async_id); */ void ub_resolve_free(struct ub_result* result); -/** +/** * Convert error value to a human readable string. * @param err: error code from one of the libunbound functions. * The error codes are from the type enum ub_ctx_err. @@ -605,7 +605,7 @@ const char* ub_strerror(int err); int ub_ctx_print_local_zones(struct ub_ctx* ctx); /** - * Add a new zone with the zonetype to the local authority info of the + * Add a new zone with the zonetype to the local authority info of the * library. * @param ctx: context. Is finalized by the routine. * @param zone_name: name of the zone in text, "example.com" @@ -613,7 +613,7 @@ int ub_ctx_print_local_zones(struct ub_ctx* ctx); * @param zone_type: type of the zone (like for unbound.conf) in text. * @return 0 if OK, else error. */ -int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, +int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, const char *zone_type); /** @@ -649,7 +649,7 @@ int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data); */ const char* ub_version(void); -/** +/** * Some global statistics that are not in struct stats_info, * this struct is shared on a shm segment (shm-key in unbound.conf) */ @@ -699,9 +699,12 @@ struct ub_server_stats { long long num_queries_missed_cache; /** number of prefetch queries - cachehits with prefetch */ long long num_queries_prefetch; - + /** number of queries which are too late to process */ + long long num_queries_timed_out; + /** the longest wait time in the queue */ + long long max_query_time_us; /** - * Sum of the querylistsize of the worker for + * Sum of the querylistsize of the worker for * every query that missed cache. To calculate average. */ long long sum_query_list_size; @@ -773,12 +776,12 @@ struct ub_server_stats { long long tcp_accept_usage; /** expired answers served from cache */ long long ans_expired; - /** histogram data exported to array + /** histogram data exported to array * if the array is the same size, no data is lost, and * if all histograms are same size (is so by default) then * adding up works well. */ long long hist[UB_STATS_BUCKET_NUM]; - + /** number of message cache entries */ long long msg_cache_count; /** number of rrset cache entries */ @@ -788,6 +791,11 @@ struct ub_server_stats { /** number of key cache entries */ long long key_cache_count; + /** maximum number of collisions in the msg cache */ + long long msg_cache_max_collisions; + /** maximum number of collisions in the rrset cache */ + long long rrset_cache_max_collisions; + /** number of queries that used dnscrypt */ long long num_query_dnscrypt_crypted; /** number of queries that queried dnscrypt certificates */ @@ -819,6 +827,8 @@ struct ub_server_stats { /** number of queries answered from edns-subnet specific data, and * the answer was from the edns-subnet cache. */ long long num_query_subnet_cache; + /** number of queries served from cachedb */ + long long num_query_cachedb; /** number of bytes in the stream wait buffers */ long long mem_stream_wait; /** number of bytes in the HTTP2 query buffers */ @@ -831,7 +841,7 @@ struct ub_server_stats { long long rpz_action[UB_STATS_RPZ_ACTION_NUM]; }; -/** +/** * Statistics to send over the control pipe when asked * This struct is made to be memcopied, sent in binary. * shm mapped with (number+1) at num_threads+1, with first as total @@ -860,4 +870,4 @@ struct ub_stats_info { } #endif -#endif /* _UB_UNBOUND_H */ +#endif /* UB_UNBOUND_H */ diff --git a/pythonmod/examples/inplace_callbacks.py b/pythonmod/examples/inplace_callbacks.py index 2682fbd02..e1caaecc7 100644 --- a/pythonmod/examples/inplace_callbacks.py +++ b/pythonmod/examples/inplace_callbacks.py @@ -34,6 +34,9 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' + +import os + #Try: # - dig @localhost nlnetlabs.nl +ednsopt=65002: # This query *could* be answered from cache. If so, unbound will reply @@ -242,6 +245,36 @@ def inplace_query_callback(qinfo, flags, qstate, addr, zone, region, **kwargs): return True +def inplace_query_response_callback(qstate, response, **kwargs): + """ + Function that will be registered as an inplace callback function. + It will be called after receiving a reply from a backend server. + + :param qstate: module qstate. opt_lists are available here; + :param response: struct dns_msg. The reply received from the backend server; + :param **kwargs: Dictionary that may contain parameters added in a future + release. + """ + log_dns_msg( + "python: incoming reply from {}{}".format(qstate.reply.addr, os.linesep), + response.qinfo, response.rep + ) + return True + + +def inplace_edns_back_parsed_call(qstate, **kwargs): + """ + Function that will be registered as an inplace callback function. + It will be called after EDNS is parsed on a reply from a backend server.. + + :param qstate: module qstate. opt_lists are available here; + :param **kwargs: Dictionary that may contain parameters added in a future + release. + """ + log_info("python: edns parsed") + return True + + def init_standard(id, env): """ New version of the init function. @@ -281,6 +314,16 @@ def init_standard(id, env): if not register_inplace_cb_query(inplace_query_callback, env, id): return False + # Register the inplace_edns_back_parsed_call function as an inplace callback + # for when a reply is received from a backend server. + if not register_inplace_cb_query_response(inplace_query_response_callback, env, id): + return False + + # Register the inplace_edns_back_parsed_call function as an inplace callback + # for when EDNS is parsed on a reply from a backend server. + if not register_inplace_cb_edns_back_parsed_call(inplace_edns_back_parsed_call, env, id): + return False + return True diff --git a/pythonmod/interface.i b/pythonmod/interface.i index df8514b47..a436389e1 100644 --- a/pythonmod/interface.i +++ b/pythonmod/interface.i @@ -1378,7 +1378,7 @@ struct delegpt* dns_cache_find_delegation(struct module_env* env, struct regional* region, struct dns_msg** msg, uint32_t timenow, int noexpiredabove, uint8_t* expiretop, size_t expiretoplen); int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp, int supports_ipv4, int supports_ipv6); + struct delegpt* dp, int supports_ipv4, int supports_ipv6, int use_nat64); struct iter_hints_stub* hints_lookup_stub(struct iter_hints* hints, uint8_t* qname, uint16_t qclass, struct delegpt* dp); @@ -1409,7 +1409,8 @@ struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t n if(!dp) return NULL; if(iter_dp_is_useless(&qinfo, BIT_RD, dp, - qstate->env->cfg->do_ip4, qstate->env->cfg->do_ip6)) { + qstate->env->cfg->do_ip4, qstate->env->cfg->do_ip6, + qstate->env->cfg->do_nat64)) { if (dname_is_root((uint8_t*)nm)) return NULL; nm = (char*)dp->name; @@ -1550,13 +1551,15 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, struct comm_reply* repinfo, struct regional* region, struct timeval* start_time, int id, void* python_callback) { - PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; - PyObject *py_rep, *py_repinfo, *py_region; + PyObject *func = NULL, *py_edns = NULL, *py_qstate = NULL; + PyObject *py_opt_list_out = NULL, *py_qinfo = NULL; + PyObject *py_rep = NULL, *py_repinfo = NULL, *py_region = NULL; PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL; int res = 0; double py_start_time = ((double)start_time->tv_sec) + ((double)start_time->tv_usec) / 1.0e6; PyGILState_STATE gstate = PyGILState_Ensure(); + func = (PyObject *) python_callback; py_edns = SWIG_NewPointerObj((void*) edns, SWIGTYPE_p_edns_data, 0); py_qstate = SWIG_NewPointerObj((void*) qstate, @@ -1567,20 +1570,24 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, py_rep = SWIG_NewPointerObj((void*) rep, SWIGTYPE_p_reply_info, 0); py_repinfo = SWIG_NewPointerObj((void*) repinfo, SWIGTYPE_p_comm_reply, 0); py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); - if(py_qinfo && py_qstate && py_rep && py_edns && py_opt_list_out - && py_region && py_repinfo) { - py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep, - rcode, py_edns, py_opt_list_out, py_region); - py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time", - py_start_time); - if(py_args && py_kwargs) { - result = PyObject_Call(func, py_args, py_kwargs); - } else { - log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic"); - } - } else { - log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic"); + if(!(py_qinfo && py_qstate && py_rep && py_edns && py_opt_list_out + && py_region && py_repinfo)) { + log_err("pythonmod: swig pointer failure in python_inplace_cb_reply_generic"); + goto out; } + py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep, + rcode, py_edns, py_opt_list_out, py_region); + py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time", + py_start_time); + if(!(py_args && py_kwargs)) { + log_err("pythonmod: BuildValue failure in python_inplace_cb_reply_generic"); + goto out; + } + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); + } +out: Py_XDECREF(py_edns); Py_XDECREF(py_qstate); Py_XDECREF(py_opt_list_out); @@ -1590,9 +1597,6 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, Py_XDECREF(py_region); Py_XDECREF(py_args); Py_XDECREF(py_kwargs); - if (result) { - res = PyInt_AsLong(result); - } Py_XDECREF(result); PyGILState_Release(gstate); return res; @@ -1640,29 +1644,34 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, int res = 0; PyObject *func = python_callback; PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL; + PyObject *py_qinfo = NULL; + PyObject *py_qstate = NULL; + PyObject *py_addr = NULL; + PyObject *py_zone = NULL; + PyObject *py_region = NULL; PyGILState_STATE gstate = PyGILState_Ensure(); - PyObject *py_qinfo = SWIG_NewPointerObj((void*) qinfo, SWIGTYPE_p_query_info, 0); - PyObject *py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); - PyObject *py_addr = SWIG_NewPointerObj((void *) addr, SWIGTYPE_p_sockaddr_storage, 0); - PyObject *py_zone = PyBytes_FromStringAndSize((const char *)zone, zonelen); - PyObject *py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); - if(py_qinfo && py_qstate && py_addr && py_zone && py_region) { - py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region); - py_kwargs = Py_BuildValue("{}"); - if(py_args && py_kwargs) { - result = PyObject_Call(func, py_args, py_kwargs); - if (result) { - res = PyInt_AsLong(result); - } - } else { - log_err("pythonmod: malloc failure in python_inplace_cb_query_generic"); - } - } else { - log_err("pythonmod: malloc failure in python_inplace_cb_query_generic"); + py_qinfo = SWIG_NewPointerObj((void*) qinfo, SWIGTYPE_p_query_info, 0); + py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); + py_addr = SWIG_NewPointerObj((void *) addr, SWIGTYPE_p_sockaddr_storage, 0); + py_zone = PyBytes_FromStringAndSize((const char *)zone, zonelen); + py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); + if(!(py_qinfo && py_qstate && py_addr && py_zone && py_region)) { + log_err("pythonmod: swig pointer failure in python_inplace_cb_query_generic"); + goto out; } - + py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region); + py_kwargs = Py_BuildValue("{}"); + if(!(py_args && py_kwargs)) { + log_err("pythonmod: BuildValue failure in python_inplace_cb_query_generic"); + goto out; + } + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); + } +out: Py_XDECREF(py_qinfo); Py_XDECREF(py_qstate); Py_XDECREF(py_addr); @@ -1686,6 +1695,105 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, if (ret) Py_INCREF(py_cb); return ret; } + + int python_inplace_cb_query_response(struct module_qstate* qstate, + struct dns_msg* response, int id, void* python_callback) + { + int res = 0; + PyObject *func = python_callback; + PyObject *py_qstate = NULL; + PyObject *py_response = NULL; + PyObject *py_args = NULL; + PyObject *py_kwargs = NULL; + PyObject *result = NULL; + + PyGILState_STATE gstate = PyGILState_Ensure(); + + py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); + py_response = SWIG_NewPointerObj((void*) response, SWIGTYPE_p_dns_msg, 0); + if(!(py_qstate && py_response)) { + log_err("pythonmod: swig pointer failure in python_inplace_cb_query_response"); + goto out; + } + py_args = Py_BuildValue("(OO)", py_qstate, py_response); + py_kwargs = Py_BuildValue("{}"); + if(!(py_args && py_kwargs)) { + log_err("pythonmod: BuildValue failure in python_inplace_cb_query_response"); + goto out; + } + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); + } +out: + Py_XDECREF(py_qstate); + Py_XDECREF(py_response); + + Py_XDECREF(py_args); + Py_XDECREF(py_kwargs); + Py_XDECREF(result); + + PyGILState_Release(gstate); + + return res; + } + + static int register_inplace_cb_query_response(PyObject* py_cb, + struct module_env* env, int id) + { + int ret = inplace_cb_register(python_inplace_cb_query_response, + inplace_cb_query_response, (void*) py_cb, env, id); + if (ret) Py_INCREF(py_cb); + return ret; + } + + int python_inplace_cb_edns_back_parsed_call(struct module_qstate* qstate, + int id, void* python_callback) + { + int res = 0; + PyObject *func = python_callback; + PyObject *py_qstate = NULL; + PyObject *py_args = NULL; + PyObject *py_kwargs = NULL; + PyObject *result = NULL; + + PyGILState_STATE gstate = PyGILState_Ensure(); + + py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); + if(!py_qstate) { + log_err("pythonmod: swig pointer failure in python_inplace_cb_edns_back_parsed_call"); + goto out; + } + py_args = Py_BuildValue("(O)", py_qstate); + py_kwargs = Py_BuildValue("{}"); + if(!(py_args && py_kwargs)) { + log_err("pythonmod: BuildValue failure in python_inplace_cb_edns_back_parsed_call"); + goto out; + } + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); + } +out: + Py_XDECREF(py_qstate); + + Py_XDECREF(py_args); + Py_XDECREF(py_kwargs); + Py_XDECREF(result); + + PyGILState_Release(gstate); + + return res; + } + + static int register_inplace_cb_edns_back_parsed_call(PyObject* py_cb, + struct module_env* env, int id) + { + int ret = inplace_cb_register(python_inplace_cb_edns_back_parsed_call, + inplace_cb_edns_back_parsed, (void*) py_cb, env, id); + if (ret) Py_INCREF(py_cb); + return ret; + } %} /* C declarations */ int inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, @@ -1702,3 +1810,7 @@ static int register_inplace_cb_reply_servfail(PyObject* py_cb, struct module_env* env, int id); static int register_inplace_cb_query(PyObject *py_cb, struct module_env* env, int id); +static int register_inplace_cb_query_response(PyObject *py_cb, + struct module_env* env, int id); +static int register_inplace_cb_edns_back_parsed_call(PyObject *py_cb, + struct module_env* env, int id); diff --git a/pythonmod/pythonmod.c b/pythonmod/pythonmod.c index 7c7da5489..628308612 100644 --- a/pythonmod/pythonmod.c +++ b/pythonmod/pythonmod.c @@ -252,13 +252,24 @@ cleanup: Py_XDECREF(exc_tb); } +/* we only want to unwind Python once at exit */ +static void +pythonmod_atexit(void) +{ + log_assert(py_mod_count == 0); + log_assert(mainthr != NULL); + + PyEval_RestoreThread(mainthr); + Py_Finalize(); +} + int pythonmod_init(struct module_env* env, int id) { int py_mod_idx = py_mod_count++; /* Initialize module */ FILE* script_py = NULL; - PyObject* py_init_arg, *res; + PyObject* py_init_arg = NULL, *res = NULL; PyGILState_STATE gil; int init_standard = 1, i = 0; #if PY_MAJOR_VERSION < 3 @@ -292,24 +303,67 @@ int pythonmod_init(struct module_env* env, int id) /* Initialize Python libraries */ if (py_mod_count==1 && !Py_IsInitialized()) { +#if PY_VERSION_HEX >= 0x03080000 + PyStatus status; + PyPreConfig preconfig; + PyConfig config; +#endif #if PY_MAJOR_VERSION >= 3 wchar_t progname[8]; mbstowcs(progname, "unbound", 8); #else char *progname = "unbound"; #endif +#if PY_VERSION_HEX < 0x03080000 Py_SetProgramName(progname); +#else + /* Python must be preinitialized, before the PyImport_AppendInittab + * call. */ + PyPreConfig_InitPythonConfig(&preconfig); + status = Py_PreInitialize(&preconfig); + if(PyStatus_Exception(status)) { + log_err("python exception in Py_PreInitialize: %s%s%s", + (status.func?status.func:""), (status.func?": ":""), + (status.err_msg?status.err_msg:"")); + return 0; + } +#endif Py_NoSiteFlag = 1; #if PY_MAJOR_VERSION >= 3 PyImport_AppendInittab(SWIG_name, (void*)SWIG_init); #endif +#if PY_VERSION_HEX < 0x03080000 Py_Initialize(); +#else + PyConfig_InitPythonConfig(&config); + status = PyConfig_SetString(&config, &config.program_name, progname); + if(PyStatus_Exception(status)) { + log_err("python exception in PyConfig_SetString(.. program_name ..): %s%s%s", + (status.func?status.func:""), (status.func?": ":""), + (status.err_msg?status.err_msg:"")); + PyConfig_Clear(&config); + return 0; + } + config.site_import = 0; + status = Py_InitializeFromConfig(&config); + if(PyStatus_Exception(status)) { + log_err("python exception in Py_InitializeFromConfig: %s%s%s", + (status.func?status.func:""), (status.func?": ":""), + (status.err_msg?status.err_msg:"")); + PyConfig_Clear(&config); + return 0; + } + PyConfig_Clear(&config); +#endif #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION <= 6) /* initthreads only for python 3.6 and older */ PyEval_InitThreads(); #endif SWIG_init(); mainthr = PyEval_SaveThread(); + + /* register callback to unwind Python at exit */ + atexit(pythonmod_atexit); } gil = PyGILState_Ensure(); @@ -317,6 +371,7 @@ int pythonmod_init(struct module_env* env, int id) if (py_mod_count==1) { /* Initialize Python */ if(PyRun_SimpleString("import sys \n") < 0 ) { + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); goto python_init_fail; } PyRun_SimpleString("sys.path.append('.') \n"); @@ -328,24 +383,17 @@ int pythonmod_init(struct module_env* env, int id) env->cfg->directory); PyRun_SimpleString(wdir); } - /* Check if sysconfig is there and use that instead of distutils; - * distutils.sysconfig is deprecated in Python 3.10. */ - if(PyRun_SimpleString("import sysconfig \n") < 0) { - log_info("pythonmod: module sysconfig not available; " - "falling back to distutils.sysconfig."); - if(PyRun_SimpleString("import distutils.sysconfig \n") < 0 - || PyRun_SimpleString("sys.path.append(" - "distutils.sysconfig.get_python_lib(1,0)) \n") < 0) { - goto python_init_fail; - } - } else { - if(PyRun_SimpleString("sys.path.append(" - "sysconfig.get_path('platlib')) \n") < 0) { - goto python_init_fail; - } + if(PyRun_SimpleString("import site\n") < 0) { + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); + goto python_init_fail; + } + if(PyRun_SimpleString("sys.path.extend(site.getsitepackages())\n") < 0) { + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); + goto python_init_fail; } if(PyRun_SimpleString("from unboundmodule import *\n") < 0) { + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); goto python_init_fail; } } @@ -362,18 +410,22 @@ int pythonmod_init(struct module_env* env, int id) if (script_py == NULL) { log_err("pythonmod: can't open file %s for reading", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } /* Load file */ pe->module = PyImport_AddModule("__main__"); + Py_XINCREF(pe->module); pe->dict = PyModule_GetDict(pe->module); + Py_XINCREF(pe->dict); pe->data = PyDict_New(); - Py_XINCREF(pe->data); - PyModule_AddObject(pe->module, "mod_env", pe->data); - - /* TODO: deallocation of pe->... if an error occurs */ + Py_XINCREF(pe->data); /* reference will be stolen below */ + if(PyModule_AddObject(pe->module, "mod_env", pe->data) < 0) { + log_err("pythonmod: could not add mod_env object"); + Py_XDECREF(pe->data); /* 2 times, here and on python_init_fail; */ + /* on failure the reference is not stolen */ + goto python_init_fail; + } if (PyRun_SimpleFile(script_py, pe->fname) < 0) { #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) @@ -404,18 +456,30 @@ int pythonmod_init(struct module_env* env, int id) fstr = malloc(flen+1); if(!fstr) { log_err("malloc failure to print parse error"); - PyGILState_Release(gil); + +/* close the file */ +#if PY_MAJOR_VERSION < 3 + Py_XDECREF(PyFileObject); +#else fclose(script_py); - return 0; +#endif + + goto python_init_fail; } fseek(script_py, 0, SEEK_SET); if(fread(fstr, flen, 1, script_py) < 1) { log_err("file read failed to print parse error: %s: %s", pe->fname, strerror(errno)); - PyGILState_Release(gil); - fclose(script_py); free(fstr); - return 0; + +/* close the file */ +#if PY_MAJOR_VERSION < 3 + Py_XDECREF(PyFileObject); +#else + fclose(script_py); +#endif + + goto python_init_fail; } fstr[flen] = 0; /* we compile the string, but do not run it, to stop side-effects */ @@ -423,17 +487,26 @@ int pythonmod_init(struct module_env* env, int id) * that we are expecting */ (void)Py_CompileString(fstr, pe->fname, Py_file_input); #endif + log_py_err(); - PyGILState_Release(gil); + +/* close the file */ +#if PY_MAJOR_VERSION < 3 + Py_XDECREF(PyFileObject); +#else fclose(script_py); +#endif + #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) /* no cleanup needed for python before 3.9 */ #else /* cleanup for python 3.9 and newer */ free(fstr); #endif - return 0; + goto python_init_fail; } + +/* close the file */ #if PY_MAJOR_VERSION < 3 Py_XDECREF(PyFileObject); #else @@ -446,28 +519,28 @@ int pythonmod_init(struct module_env* env, int id) if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) { log_err("pythonmod: function init is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } } + Py_XINCREF(pe->func_init); if ((pe->func_deinit = PyDict_GetItemString(pe->dict, "deinit")) == NULL) { log_err("pythonmod: function deinit is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } + Py_XINCREF(pe->func_deinit); if ((pe->func_operate = PyDict_GetItemString(pe->dict, "operate")) == NULL) { log_err("pythonmod: function operate is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } + Py_XINCREF(pe->func_operate); if ((pe->func_inform = PyDict_GetItemString(pe->dict, "inform_super")) == NULL) { log_err("pythonmod: function inform_super is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } + Py_XINCREF(pe->func_inform); if (init_standard) { @@ -483,26 +556,31 @@ int pythonmod_init(struct module_env* env, int id) { log_err("pythonmod: Exception occurred in function init"); log_py_err(); - Py_XDECREF(res); - Py_XDECREF(py_init_arg); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } Py_XDECREF(res); Py_XDECREF(py_init_arg); PyGILState_Release(gil); - return 1; python_init_fail: - log_err("pythonmod: cannot initialize core module: unboundmodule.py"); + Py_XDECREF(pe->module); + Py_XDECREF(pe->dict); + Py_XDECREF(pe->data); + Py_XDECREF(pe->func_init); + Py_XDECREF(pe->func_deinit); + Py_XDECREF(pe->func_operate); + Py_XDECREF(pe->func_inform); + Py_XDECREF(res); + Py_XDECREF(py_init_arg); PyGILState_Release(gil); return 0; } void pythonmod_deinit(struct module_env* env, int id) { + int cbtype; struct pythonmod_env* pe = env->modinfo[id]; if(pe == NULL) return; @@ -522,18 +600,24 @@ void pythonmod_deinit(struct module_env* env, int id) /* Free result if any */ Py_XDECREF(res); /* Free shared data if any */ + Py_XDECREF(pe->module); + Py_XDECREF(pe->dict); Py_XDECREF(pe->data); + Py_XDECREF(pe->func_init); + Py_XDECREF(pe->func_deinit); + Py_XDECREF(pe->func_inform); + Py_XDECREF(pe->func_operate); PyGILState_Release(gil); - if(--py_mod_count==0) { - PyEval_RestoreThread(mainthr); - Py_Finalize(); - mainthr = NULL; - } + py_mod_count--; } pe->fname = NULL; free(pe); + /* iterate over all possible callback types and clean up each in turn */ + for (cbtype = 0; cbtype < inplace_cb_types_total; cbtype++) + inplace_cb_delete(env, cbtype, id); + /* Module is deallocated in Python */ env->modinfo[id] = NULL; } diff --git a/pythonmod/pythonmod.h b/pythonmod/pythonmod.h index 26d74e09f..86b1778c6 100644 --- a/pythonmod/pythonmod.h +++ b/pythonmod/pythonmod.h @@ -82,4 +82,12 @@ int python_inplace_cb_query_generic( uint8_t* zone, size_t zonelen, struct regional* region, int id, void* python_callback); +/** Declared here for fptr_wlist access. The definition is in interface.i. */ +int python_inplace_cb_query_response(struct module_qstate* qstate, + struct dns_msg* response, int id, void* python_callback); + +/** Declared here for fptr_wlist access. The definition is in interface.i. */ +int python_inplace_cb_edns_back_parsed_call(struct module_qstate* qstate, + int id, void* python_callback); + #endif /* PYTHONMOD_H */ diff --git a/services/authzone.c b/services/authzone.c index 6de1e4319..1bba3b157 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1306,8 +1306,8 @@ az_remove_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, auth_data_delete(node); } if(z->rpz) { - rpz_remove_rr(z->rpz, z->namelen, dname, dname_len, rr_type, - rr_class, rdata, rdatalen); + rpz_remove_rr(z->rpz, z->name, z->namelen, dname, dname_len, + rr_type, rr_class, rdata, rdatalen); } return 1; } @@ -2756,6 +2756,7 @@ az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname, == 0) { msg->rep->rrsets[i]->rk.dname = newname; msg->rep->rrsets[i]->rk.dname_len = newlen; + msg->rep->rrsets[i]->entry.hash = rrset_key_hash(&msg->rep->rrsets[i]->rk); } } } @@ -7509,7 +7510,7 @@ static void add_rrlist_rrsigs_into_data(struct packed_rrset_data* data, size_t j; if(!rrlist[i]) continue; - if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD && + if(rrlist[i]->type == LDNS_RR_TYPE_ZONEMD && query_dname_compare(z->name, node->name)==0) { /* omit RRSIGs over type ZONEMD at apex */ continue; diff --git a/services/cache/dns.c b/services/cache/dns.c index 3e9015c4a..9b4ad5888 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -132,31 +132,6 @@ msg_cache_remove(struct module_env* env, uint8_t* qname, size_t qnamelen, slabhash_remove(env->msg_cache, h, &k); } -/** remove servfail msg cache entry */ -static void -msg_del_servfail(struct module_env* env, struct query_info* qinfo, - uint32_t flags) -{ - struct msgreply_entry* e; - /* see if the entry is servfail, and then remove it, so that - * lookups move from the cacheresponse stage to the recursionresponse - * stage */ - e = msg_cache_lookup(env, qinfo->qname, qinfo->qname_len, - qinfo->qtype, qinfo->qclass, flags, 0, 0); - if(!e) return; - /* we don't check for the ttl here, also expired servfail entries - * are removed. If the user uses serve-expired, they would still be - * used to answer from cache */ - if(FLAGS_GET_RCODE(((struct reply_info*)e->entry.data)->flags) - != LDNS_RCODE_SERVFAIL) { - lock_rw_unlock(&e->entry.lock); - return; - } - lock_rw_unlock(&e->entry.lock); - msg_cache_remove(env, qinfo->qname, qinfo->qname_len, qinfo->qtype, - qinfo->qclass, flags); -} - void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside, @@ -182,16 +157,20 @@ dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, /* we do not store the message, but we did store the RRs, * which could be useful for delegation information */ verbose(VERB_ALGO, "TTL 0: dropped msg from cache"); - if (rep->reason_bogus_str_size) { - free(rep->reason_bogus_str); - } - free(rep); - /* if the message is SERVFAIL in cache, remove that SERVFAIL, + reply_info_delete(rep, NULL); + /* if the message is in the cache, remove that msg, * so that the TTL 0 response can be returned for future - * responses (i.e. don't get answered by the servfail from + * responses (i.e. don't get answered from * cache, but instead go to recursion to get this TTL0 - * response). */ - msg_del_servfail(env, qinfo, flags); + * response). + * Possible messages that could be in the cache: + * - SERVFAIL + * - NXDOMAIN + * - NODATA + * - an older record that is expired + * - an older record that did not yet expire */ + msg_cache_remove(env, qinfo->qname, qinfo->qname_len, + qinfo->qtype, qinfo->qclass, flags); return; } @@ -613,7 +592,6 @@ gen_dns_msg(struct regional* region, struct query_info* q, size_t num) if(!msg->rep) return NULL; msg->rep->reason_bogus = LDNS_EDE_NONE; - msg->rep->reason_bogus_str_size = 0; msg->rep->reason_bogus_str = NULL; if(num > RR_COUNT_MAX) return NULL; /* integer overflow protection */ @@ -641,6 +619,14 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, r->serve_expired_ttl < now) { return NULL; } + /* Ignore expired failure answers */ + if(FLAGS_GET_RCODE(r->flags) != + LDNS_RCODE_NOERROR && + FLAGS_GET_RCODE(r->flags) != + LDNS_RCODE_NXDOMAIN && + FLAGS_GET_RCODE(r->flags) != + LDNS_RCODE_YXDOMAIN) + return 0; } else { return NULL; } @@ -669,9 +655,8 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, msg->rep->rrset_count = r->rrset_count; msg->rep->authoritative = r->authoritative; msg->rep->reason_bogus = r->reason_bogus; - if (r->reason_bogus_str_size > 0) { + if(r->reason_bogus_str) { msg->rep->reason_bogus_str = regional_strdup(region, r->reason_bogus_str); - msg->rep->reason_bogus_str_size = r->reason_bogus_str_size; } if(!rrset_array_lock(r->ref, r->rrset_count, now_control)) { @@ -1093,10 +1078,7 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, ((ntohs(ref.key->rk.type)==LDNS_RR_TYPE_NS && !pside) ? qstarttime:*env->now + leeway)); } - if (rep->reason_bogus_str_size) { - free(rep->reason_bogus_str); - } - free(rep); + reply_info_delete(rep, NULL); return 1; } else { /* store msg, and rrsets */ diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 95606aff5..60f9b41e5 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -79,9 +79,11 @@ #ifdef HAVE_NET_IF_H #include #endif - +#ifdef HAVE_LINUX_NET_TSTAMP_H +#include +#endif /** number of queued TCP connections for listen() */ -#define TCP_BACKLOG 256 +#define TCP_BACKLOG 256 #ifndef THREADS_DISABLED /** lock on the counter of stream buffer memory */ @@ -187,7 +189,7 @@ systemd_get_activated(int family, int socktype, int listen, log_err("systemd sd_listen_fds(): %s", strerror(-r)); return -1; } - + for(i = 0; i < r; i++) { if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) { s = SD_LISTEN_FDS_START + i; @@ -253,7 +255,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } #else - if(WSAGetLastError() == WSAEAFNOSUPPORT || + if(WSAGetLastError() == WSAEAFNOSUPPORT || WSAGetLastError() == WSAEPROTONOSUPPORT) { *noproto = 1; return -1; @@ -270,7 +272,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, #endif if(listen) { #ifdef SO_REUSEADDR - if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", sock_strerror(errno)); @@ -368,9 +370,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t slen = (socklen_t)sizeof(got); # ifdef SO_RCVBUFFORCE /* Linux specific: try to use root permission to override - * system limits on rcvbuf. The limit is stored in + * system limits on rcvbuf. The limit is stored in * /proc/sys/net/core/rmem_max or sysctl net.core.rmem_max */ - if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, + if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, (socklen_t)sizeof(rcv)) < 0) { if(errno != EPERM) { log_err("setsockopt(..., SO_RCVBUFFORCE, " @@ -381,7 +383,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } # endif /* SO_RCVBUFFORCE */ - if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, + if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, (socklen_t)sizeof(rcv)) < 0) { log_err("setsockopt(..., SO_RCVBUF, " "...) failed: %s", sock_strerror(errno)); @@ -392,7 +394,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, } /* check if we got the right thing or if system * reduced to some system max. Warn if so */ - if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got, + if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got, &slen) >= 0 && got < rcv/2) { log_warn("so-rcvbuf %u was not granted. " "Got %u. To fix: start with " @@ -413,9 +415,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t slen = (socklen_t)sizeof(got); # ifdef SO_SNDBUFFORCE /* Linux specific: try to use root permission to override - * system limits on sndbuf. The limit is stored in + * system limits on sndbuf. The limit is stored in * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */ - if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, + if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, (socklen_t)sizeof(snd)) < 0) { if(errno != EPERM) { log_err("setsockopt(..., SO_SNDBUFFORCE, " @@ -426,7 +428,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } # endif /* SO_SNDBUFFORCE */ - if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, + if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, (socklen_t)sizeof(snd)) < 0) { log_err("setsockopt(..., SO_SNDBUF, " "...) failed: %s", sock_strerror(errno)); @@ -437,7 +439,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, } /* check if we got the right thing or if system * reduced to some system max. Warn if so */ - if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got, + if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got, &slen) >= 0 && got < snd/2) { log_warn("so-sndbuf %u was not granted. " "Got %u. To fix: start with " @@ -469,7 +471,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, # endif ) { int val=(v6only==2)?0:1; - if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, + if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&val, (socklen_t)sizeof(val)) < 0) { log_err("setsockopt(..., IPV6_V6ONLY" ", ...) failed: %s", sock_strerror(errno)); @@ -576,7 +578,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int action; # if defined(IP_PMTUDISC_OMIT) action = IP_PMTUDISC_OMIT; - if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, + if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, &action, (socklen_t)sizeof(action)) < 0) { if (errno != EINVAL) { @@ -609,7 +611,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, /* the IP_DONTFRAG option if defined in the 11.0 OSX headers, * but does not work on that version, so we exclude it */ int off = 0; - if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, + if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, &off, (socklen_t)sizeof(off)) < 0) { log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s", strerror(errno)); @@ -647,7 +649,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if(WSAGetLastError() != WSAEADDRINUSE && WSAGetLastError() != WSAEADDRNOTAVAIL && !(WSAGetLastError() == WSAEACCES && verbosity < 4 && !listen)) { - log_err_addr("can't bind socket", + log_err_addr("can't bind socket", wsa_strerror(WSAGetLastError()), (struct sockaddr_storage*)addr, addrlen); } @@ -749,7 +751,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, } #endif #ifdef SO_REUSEADDR - if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", sock_strerror(errno)); @@ -793,7 +795,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, && !got_fd_from_systemd # endif ) { - if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, + if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&on, (socklen_t)sizeof(on)) < 0) { log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", sock_strerror(errno)); @@ -845,7 +847,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, addr->ai_addrlen); } #else - log_err_addr("can't bind socket", + log_err_addr("can't bind socket", wsa_strerror(WSAGetLastError()), (struct sockaddr_storage*)addr->ai_addr, addr->ai_addrlen); @@ -873,7 +875,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, /* 5 is recommended on linux */ qlen = 5; #endif - if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen, + if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen))) == -1 ) { #ifdef ENOPROTOOPT /* squelch ENOPROTOOPT: freebsd server mode with kernel support @@ -999,7 +1001,7 @@ err: * Create socket from getaddrinfo results */ static int -make_sock(int stype, const char* ifname, const char* port, +make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, int use_systemd, int dscp, struct unbound_socket* ub_sock) @@ -1015,10 +1017,10 @@ make_sock(int stype, const char* ifname, const char* port, return -1; } #endif - log_err("node %s:%s getaddrinfo: %s %s", + log_err("node %s:%s getaddrinfo: %s %s", ifname?ifname:"default", port, gai_strerror(r), #ifdef EAI_SYSTEM - r==EAI_SYSTEM?(char*)strerror(errno):"" + (r==EAI_SYSTEM?(char*)strerror(errno):"") #else "" #endif @@ -1055,7 +1057,7 @@ make_sock(int stype, const char* ifname, const char* port, /** make socket and first see if ifname contains port override info */ static int -make_sock_port(int stype, const char* ifname, const char* port, +make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, int use_systemd, int dscp, struct unbound_socket* ub_sock) @@ -1114,9 +1116,28 @@ port_insert(struct listen_port** list, int s, enum listen_type ftype, return 1; } +/** set fd to receive software timestamps */ +static int +set_recvtimestamp(int s) +{ +#ifdef HAVE_LINUX_NET_TSTAMP_H + int opt = SOF_TIMESTAMPING_RX_SOFTWARE | SOF_TIMESTAMPING_SOFTWARE; + if (setsockopt(s, SOL_SOCKET, SO_TIMESTAMPNS, (void*)&opt, (socklen_t)sizeof(opt)) < 0) { + log_err("setsockopt(..., SO_TIMESTAMPNS, ...) failed: %s", + strerror(errno)); + return 0; + } + return 1; +#else + log_err("packets timestamping is not supported on this platform"); + (void)s; + return 0; +#endif +} + /** set fd to receive source address packet info */ static int -set_recvpktinfo(int s, int family) +set_recvpktinfo(int s, int family) { #if defined(IPV6_RECVPKTINFO) || defined(IPV6_PKTINFO) || (defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)) || defined(IP_PKTINFO) int on = 1; @@ -1214,6 +1235,9 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, * @param use_systemd: if true, fetch sockets from systemd. * @param dnscrypt_port: dnscrypt service port number * @param dscp: DSCP to use. + * @param sock_queue_timeout: the sock_queue_timeout from config. Seconds to + * wait to discard if UDP packets have waited for long in the socket + * buffer. * @return: returns false on error. */ static int @@ -1223,7 +1247,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, struct config_strlist* tls_additional_port, int https_port, struct config_strlist* proxy_protocol_port, int* reuseport, int transparent, int tcp_mss, int freebind, - int http2_nodelay, int use_systemd, int dnscrypt_port, int dscp) + int http2_nodelay, int use_systemd, int dnscrypt_port, int dscp, + int sock_queue_timeout) { int s, noip6=0; int is_https = if_is_https(ifname, port, https_port); @@ -1252,7 +1277,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); @@ -1263,15 +1289,20 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, /* getting source addr packet info is highly non-portable */ if(!set_recvpktinfo(s, hints->ai_family)) { sock_close(s); - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); return 0; } + if (sock_queue_timeout && !set_recvtimestamp(s)) { + log_warn("socket timestamping is not available"); + } if(!port_insert(list, s, is_dnscrypt ?listen_type_udpancil_dnscrypt:listen_type_udpancil, is_pp2, ub_sock)) { sock_close(s); - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); return 0; } @@ -1283,7 +1314,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); @@ -1291,11 +1323,15 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } return 0; } + if (sock_queue_timeout && !set_recvtimestamp(s)) { + log_warn("socket timestamping is not available"); + } if(!port_insert(list, s, is_dnscrypt ?listen_type_udp_dnscrypt:listen_type_udp, is_pp2, ub_sock)) { sock_close(s); - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); return 0; } @@ -1318,7 +1354,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); if(noip6) { /*log_warn("IPv6 protocol not available");*/ @@ -1330,7 +1367,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, verbose(VERB_ALGO, "setup TCP for SSL service"); if(!port_insert(list, s, port_type, is_pp2, ub_sock)) { sock_close(s); - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); return 0; } @@ -1338,7 +1376,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, return 1; } -/** +/** * Add items to commpoint list in front. * @param c: commpoint to add. * @param front: listen struct. @@ -1389,7 +1427,7 @@ void listen_desetup_locks(void) } } -struct listen_dnsport* +struct listen_dnsport* listen_create(struct comm_base* base, struct listen_port* ports, size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, int harden_large_queries, uint32_t http_max_streams, @@ -1525,10 +1563,10 @@ listen_list_delete(struct listen_list* list) } } -void +void listen_delete(struct listen_dnsport* front) { - if(!front) + if(!front) return; listen_list_delete(front->cps); #ifdef USE_DNSCRYPT @@ -1802,7 +1840,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1819,7 +1857,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1838,7 +1876,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1854,7 +1892,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1872,7 +1910,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1888,7 +1926,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1908,7 +1946,8 @@ void listening_ports_free(struct listen_port* list) } /* rc_ports don't have ub_socket */ if(list->socket) { - freeaddrinfo(list->socket->addr); + if(list->socket->addr) + freeaddrinfo(list->socket->addr); free(list->socket); } free(list); @@ -1919,8 +1958,8 @@ void listening_ports_free(struct listen_port* list) size_t listen_get_mem(struct listen_dnsport* listen) { struct listen_list* p; - size_t s = sizeof(*listen) + sizeof(*listen->base) + - sizeof(*listen->udp_buff) + + size_t s = sizeof(*listen) + sizeof(*listen->base) + + sizeof(*listen->udp_buff) + sldns_buffer_capacity(listen->udp_buff); #ifdef USE_DNSCRYPT s += sizeof(*listen->dnscrypt_udp_buff); @@ -2001,7 +2040,7 @@ void tcp_req_info_clear(struct tcp_req_info* req) } req->open_req_list = NULL; req->num_open_req = 0; - + /* free pending writable result packets */ item = req->done_req_list; while(item) { @@ -2060,7 +2099,7 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) wr = 1; if(!req->read_is_closed) rd = 1; - + if(wr) { req->cp->tcp_is_reading = 0; comm_point_stop_listening(req->cp); @@ -2196,7 +2235,7 @@ tcp_req_info_handle_readdone(struct tcp_req_info* req) } req->in_worker_handle = 0; /* it should be waiting in the mesh for recursion. - * If mesh failed to add a new entry and called commpoint_drop_reply. + * If mesh failed to add a new entry and called commpoint_drop_reply. * Then the mesh state has been cleared. */ if(req->is_drop) { /* the reply has been dropped, stream has been closed. */ @@ -2256,7 +2295,7 @@ tcp_req_info_add_result(struct tcp_req_info* req, uint8_t* buf, size_t len) last = req->done_req_list; while(last && last->next) last = last->next; - + /* create new element */ item = (struct tcp_req_done_item*)malloc(sizeof(*item)); if(!item) { @@ -2615,7 +2654,7 @@ static int http2_query_read_done(struct http2_session* h2_session, "buffer already assigned to stream"); return -1; } - + /* the c->buffer might be used by mesh_send_reply and no be cleard * need to be cleared before use */ sldns_buffer_clear(h2_session->c->buffer); diff --git a/services/localzone.c b/services/localzone.c index 3536b7aaa..44da22d78 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1308,6 +1308,7 @@ local_encode(struct query_info* qinfo, struct module_env* env, else rep.ns_numrrsets = 1; rep.rrset_count = 1; rep.rrsets = &rrset; + rep.reason_bogus = LDNS_EDE_NONE; udpsize = edns->udp_size; edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; @@ -1603,7 +1604,7 @@ local_zone_does_not_cover(struct local_zone* z, struct query_info* qinfo, struct local_data key; struct local_data* ld = NULL; struct local_rrset* lr = NULL; - if(z->type == local_zone_always_transparent) + if(z->type == local_zone_always_transparent || z->type == local_zone_block_a) return 1; if(z->type != local_zone_transparent && z->type != local_zone_typetransparent @@ -1679,6 +1680,16 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, } else if(lz_type == local_zone_typetransparent || lz_type == local_zone_always_transparent) { /* no NODATA or NXDOMAINS for this zone type */ + return 0; + } else if(lz_type == local_zone_block_a) { + /* Return NODATA for all A queries */ + if(qinfo->qtype == LDNS_RR_TYPE_A) { + local_error_encode(qinfo, env, edns, repinfo, buf, temp, + LDNS_RCODE_NOERROR, (LDNS_RCODE_NOERROR|BIT_AA), + LDNS_EDE_NONE, NULL); + return 1; + } + return 0; } else if(lz_type == local_zone_always_null) { /* 0.0.0.0 or ::0 or noerror/nodata for this zone type, @@ -1846,7 +1857,8 @@ local_zones_answer(struct local_zones* zones, struct module_env* env, if(z && (lzt == local_zone_transparent || lzt == local_zone_typetransparent || lzt == local_zone_inform || - lzt == local_zone_always_transparent) && + lzt == local_zone_always_transparent || + lzt == local_zone_block_a) && local_zone_does_not_cover(z, qinfo, labs)) { lock_rw_unlock(&z->lock); z = NULL; @@ -1894,6 +1906,7 @@ local_zones_answer(struct local_zones* zones, struct module_env* env, if(lzt != local_zone_always_refuse && lzt != local_zone_always_transparent + && lzt != local_zone_block_a && lzt != local_zone_always_nxdomain && lzt != local_zone_always_nodata && lzt != local_zone_always_deny @@ -1924,6 +1937,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_inform_deny: return "inform_deny"; case local_zone_inform_redirect: return "inform_redirect"; case local_zone_always_transparent: return "always_transparent"; + case local_zone_block_a: return "block_a"; case local_zone_always_refuse: return "always_refuse"; case local_zone_always_nxdomain: return "always_nxdomain"; case local_zone_always_nodata: return "always_nodata"; @@ -1958,6 +1972,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_inform_redirect; else if(strcmp(type, "always_transparent") == 0) *t = local_zone_always_transparent; + else if(strcmp(type, "block_a") == 0) + *t = local_zone_block_a; else if(strcmp(type, "always_refuse") == 0) *t = local_zone_always_refuse; else if(strcmp(type, "always_nxdomain") == 0) diff --git a/services/localzone.h b/services/localzone.h index 19534f750..4456893ee 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -88,6 +88,8 @@ enum localzone_type { local_zone_inform_redirect, /** resolve normally, even when there is local data */ local_zone_always_transparent, + /** resolve normally, even when there is local data but return NODATA for A queries */ + local_zone_block_a, /** answer with error, even when there is local data */ local_zone_always_refuse, /** answer with nxdomain, even when there is local data */ diff --git a/services/mesh.c b/services/mesh.c index 5d5a1b81b..52d14a2d1 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -63,82 +63,13 @@ #include "util/data/dname.h" #include "respip/respip.h" #include "services/listen_dnsport.h" +#include "util/timeval_func.h" #ifdef CLIENT_SUBNET #include "edns-subnet/subnetmod.h" #include "edns-subnet/edns-subnet.h" #endif -/** subtract timers and the values do not overflow or become negative */ -static void -timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start) -{ -#ifndef S_SPLINT_S - time_t end_usec = end->tv_usec; - d->tv_sec = end->tv_sec - start->tv_sec; - if(end_usec < start->tv_usec) { - end_usec += 1000000; - d->tv_sec--; - } - d->tv_usec = end_usec - start->tv_usec; -#endif -} - -/** add timers and the values do not overflow or become negative */ -static void -timeval_add(struct timeval* d, const struct timeval* add) -{ -#ifndef S_SPLINT_S - d->tv_sec += add->tv_sec; - d->tv_usec += add->tv_usec; - if(d->tv_usec >= 1000000 ) { - d->tv_usec -= 1000000; - d->tv_sec++; - } -#endif -} - -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d <= 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - if(leftover <= 0) - leftover = 0; - avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; - if(avg->tv_sec < 0) - avg->tv_sec = 0; - if(avg->tv_usec < 0) - avg->tv_usec = 0; -#endif -} - -/** histogram compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - /** * Compare two response-ip client info entries for the purpose of mesh state * compare. It returns 0 if ci_a and ci_b are considered equal; otherwise @@ -249,7 +180,7 @@ mesh_state_ref_compare(const void* ap, const void* bp) return mesh_state_compare(a->s, b->s); } -struct mesh_area* +struct mesh_area* mesh_create(struct module_stack* stack, struct module_env* env) { struct mesh_area* mesh = calloc(1, sizeof(struct mesh_area)); @@ -275,6 +206,7 @@ mesh_create(struct module_stack* stack, struct module_env* env) mesh->stats_jostled = 0; mesh->stats_dropped = 0; mesh->ans_expired = 0; + mesh->ans_cachedb = 0; mesh->max_reply_states = env->cfg->num_queries_per_thread; mesh->max_forever_states = (mesh->max_reply_states+1)/2; #ifndef S_SPLINT_S @@ -298,7 +230,7 @@ mesh_delete_helper(rbnode_type* n) * traversal and rbtree rebalancing do not work together */ } -void +void mesh_delete(struct mesh_area* mesh) { if(!mesh) @@ -341,7 +273,7 @@ int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf) if(m && m->reply_list && m->list_select == mesh_jostle_list) { /* how old is it? */ struct timeval age; - timeval_subtract(&age, mesh->env->now_tv, + timeval_subtract(&age, mesh->env->now_tv, &m->reply_list->start_time); if(timeval_smaller(&mesh->jostle_max, &age)) { /* its a goner */ @@ -517,6 +449,8 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, comm_point_send_reply(rep); return; } + /* set detached (it is now) */ + mesh->num_detached_states++; if(unique) mesh_state_make_unique(s); s->s.rpz_passthru = rpz_passthru; @@ -525,13 +459,14 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list_in, s->s.region); if(!s->s.edns_opts_front_in) { - log_err("mesh_state_create: out of memory; SERVFAIL"); + log_err("edns_opt_copy_region: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) edns->opt_list_inplace_cb_out = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); comm_point_send_reply(rep); + mesh_state_delete(&s->s); return; } } @@ -543,8 +478,6 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, #endif rbtree_insert(&mesh->all, &s->node); log_assert(n != NULL); - /* set detached (it is now) */ - mesh->num_detached_states++; added = 1; } if(!s->reply_list && !s->cb_list) { @@ -585,11 +518,11 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, /* move to either the forever or the jostle_list */ if(mesh->num_forever_states < mesh->max_forever_states) { mesh->num_forever_states ++; - mesh_list_insert(s, &mesh->forever_first, + mesh_list_insert(s, &mesh->forever_first, &mesh->forever_last); s->list_select = mesh_forever_list; } else { - mesh_list_insert(s, &mesh->jostle_first, + mesh_list_insert(s, &mesh->jostle_first, &mesh->jostle_last); s->list_select = mesh_jostle_list; } @@ -610,9 +543,9 @@ servfail_mem: return; } -int +int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, struct edns_data* edns, sldns_buffer* buf, + uint16_t qflags, struct edns_data* edns, sldns_buffer* buf, uint16_t qid, mesh_cb_func_type cb, void* cb_arg, int rpz_passthru) { struct mesh_state* s = NULL; @@ -637,6 +570,8 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, if(!s) { return 0; } + /* set detached (it is now) */ + mesh->num_detached_states++; if(unique) mesh_state_make_unique(s); s->s.rpz_passthru = rpz_passthru; @@ -644,6 +579,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list_in, s->s.region); if(!s->s.edns_opts_front_in) { + mesh_state_delete(&s->s); return 0; } } @@ -654,8 +590,6 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, #endif rbtree_insert(&mesh->all, &s->node); log_assert(n != NULL); - /* set detached (it is now) */ - mesh->num_detached_states++; added = 1; } if(!s->reply_list && !s->cb_list) { @@ -672,6 +606,8 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, } /* add serve expired timer if not already there */ if(timeout && !mesh_serve_expired_init(s, timeout)) { + if(added) + mesh_state_delete(&s->s); return 0; } /* update statistics */ @@ -773,7 +709,7 @@ static void mesh_schedule_prefetch(struct mesh_area* mesh, * attached its own ECS data. */ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway, int run, - int rpz_passthru, struct comm_reply* rep, struct edns_option* edns_list) + int rpz_passthru, struct sockaddr_storage* addr, struct edns_option* edns_list) { struct mesh_state* s = NULL; struct edns_option* opt = NULL; @@ -803,20 +739,10 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, return; } } else { - /* Fake the ECS data from the client's IP */ - struct ecs_data ecs; - memset(&ecs, 0, sizeof(ecs)); - subnet_option_from_ss(&rep->client_addr, &ecs, mesh->env->cfg); - if(ecs.subnet_validdata == 0) { - log_err("prefetch_subnet subnet_option_from_ss: invalid data"); - return; - } - subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in, - &s->s, s->s.region); - if(!s->s.edns_opts_front_in) { - log_err("prefetch_subnet subnet_ecs_opt_list_append: out of memory"); - return; - } + /* Store the client's address. Later in the subnet module, + * it is decided whether to include an ECS option or not. + */ + s->s.client_addr = *addr; } #ifdef UNBOUND_DEBUG n = @@ -863,14 +789,14 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway, int rpz_passthru, - struct comm_reply* rep, struct edns_option* opt_list) + struct sockaddr_storage* addr, struct edns_option* opt_list) { + (void)addr; (void)opt_list; - (void)rep; #ifdef CLIENT_SUBNET - if(rep) + if(addr) mesh_schedule_prefetch_subnet(mesh, qinfo, qflags, leeway, 1, - rpz_passthru, rep, opt_list); + rpz_passthru, addr, opt_list); else #endif mesh_schedule_prefetch(mesh, qinfo, qflags, leeway, 1, @@ -900,7 +826,7 @@ mesh_state_create(struct module_env* env, struct query_info* qinfo, int i; if(!region) return NULL; - mstate = (struct mesh_state*)regional_alloc(region, + mstate = (struct mesh_state*)regional_alloc(region, sizeof(struct mesh_state)); if(!mstate) { alloc_reg_release(env->alloc, region); @@ -970,19 +896,13 @@ mesh_state_create(struct module_env* env, struct query_info* qinfo, return mstate; } -int -mesh_state_is_unique(struct mesh_state* mstate) -{ - return mstate->unique != NULL; -} - void mesh_state_make_unique(struct mesh_state* mstate) { mstate->unique = mstate; } -void +void mesh_state_cleanup(struct mesh_state* mstate) { struct mesh_area* mesh; @@ -1028,7 +948,7 @@ mesh_state_cleanup(struct mesh_state* mstate) alloc_reg_release(mstate->s.env->alloc, mstate->s.region); } -void +void mesh_state_delete(struct module_qstate* qstate) { struct mesh_area* mesh; @@ -1041,10 +961,10 @@ mesh_state_delete(struct module_qstate* qstate) mesh_detach_subs(&mstate->s); if(mstate->list_select == mesh_forever_list) { mesh->num_forever_states --; - mesh_list_remove(mstate, &mesh->forever_first, + mesh_list_remove(mstate, &mesh->forever_first, &mesh->forever_last); } else if(mstate->list_select == mesh_jostle_list) { - mesh_list_remove(mstate, &mesh->jostle_first, + mesh_list_remove(mstate, &mesh->jostle_first, &mesh->jostle_last); } if(!mstate->reply_list && !mstate->cb_list @@ -1116,7 +1036,7 @@ void mesh_detach_subs(struct module_qstate* qstate) if(!ref->s->reply_list && !ref->s->cb_list && ref->s->super_set.count == 0) { mesh->num_detached_states++; - log_assert(mesh->num_detached_states + + log_assert(mesh->num_detached_states + mesh->num_reply_states <= mesh->all.count); } } @@ -1181,7 +1101,7 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, if(!mesh_state_attachment(qstate->mesh_info, sub)) return 0; /* if it was a duplicate attachment, the count was not zero before */ - if(!sub->reply_list && !sub->cb_list && was_detached && + if(!sub->reply_list && !sub->cb_list && was_detached && sub->super_set.count == 1) { /* it used to be detached, before this one got added */ log_assert(mesh->num_detached_states > 0); @@ -1251,7 +1171,7 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; - if(!rcode && (rep->security == sec_status_bogus || + if(!rcode && rep && (rep->security == sec_status_bogus || rep->security == sec_status_secure_sentinel_fail)) { if(!(reason = errinf_to_str_bogus(&m->s))) rcode = LDNS_RCODE_SERVFAIL; @@ -1280,10 +1200,10 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region, start_time) || - !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, - r->qflags, r->buf, 0, 1, - m->s.env->scratch, udp_size, &r->edns, - (int)(r->edns.bits & EDNS_DO), secure)) + !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, + r->qflags, r->buf, 0, 1, + m->s.env->scratch, udp_size, &r->edns, + (int)(r->edns.bits & EDNS_DO), secure)) { fptr_ok(fptr_whitelist_mesh_cb(r->cb)); (*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf, @@ -1291,7 +1211,8 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, } else { fptr_ok(fptr_whitelist_mesh_cb(r->cb)); (*r->cb)(r->cb_arg, LDNS_RCODE_NOERROR, r->buf, - rep->security, reason, was_ratelimited); + (rep?rep->security:sec_status_unchecked), + reason, was_ratelimited); } } free(reason); @@ -1311,10 +1232,36 @@ mesh_is_rpz_respip_tcponly_action(struct mesh_state const* m) } static inline int -mesh_is_udp(struct mesh_reply const* r) { +mesh_is_udp(struct mesh_reply const* r) +{ return r->query_reply.c->type == comm_udp; } +static inline void +mesh_find_and_attach_ede_and_reason(struct mesh_state* m, + struct reply_info* rep, struct mesh_reply* r) +{ + /* OLD note: + * During validation the EDE code can be received via two + * code paths. One code path fills the reply_info EDE, and + * the other fills it in the errinf_strlist. These paths + * intersect at some points, but where is opaque due to + * the complexity of the validator. At the time of writing + * we make the choice to prefer the EDE from errinf_strlist + * but a compelling reason to do otherwise is just as valid + * NEW note: + * The compelling reason is that with caching support, the value + * in the reply_info is cached. + * The reason members of the reply_info struct should be + * updated as they are already cached. No reason to + * try and find the EDE information in errinf anymore. + */ + if(rep->reason_bogus != LDNS_EDE_NONE) { + edns_opt_list_append_ede(&r->edns.opt_list_out, + m->s.region, rep->reason_bogus, rep->reason_bogus_str); + } +} + /** * Send reply to mesh reply entry * @param m: mesh state to send it for. @@ -1346,7 +1293,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, /* examine security status */ if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || - m->s.env->cfg->ignore_cd) && rep && + m->s.env->cfg->ignore_cd) && rep && (rep->security <= sec_status_bogus || rep->security == sec_status_secure_sentinel_fail)) { rcode = LDNS_RCODE_SERVFAIL; @@ -1401,50 +1348,17 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list_inplace_cb_out = NULL; - } else { + } else { if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list_inplace_cb_out = NULL; } - /* Send along EDE BOGUS EDNS0 option when answer is bogus */ - if(m->s.env->cfg->ede && rcode == LDNS_RCODE_SERVFAIL && - m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || - m->s.env->cfg->ignore_cd) && rep && - (rep->security <= sec_status_bogus || - rep->security == sec_status_secure_sentinel_fail)) { - char *reason = NULL; - /* During validation the EDE code can be received via two - * code paths. One code path fills the reply_info EDE, and - * the other fills it in the errinf_strlist. These paths - * intersect at some points, but where is opaque due to - * the complexity of the validator. At the time of writing - * we make the choice to prefer the EDE from errinf_strlist - * but a compelling reason to do otherwise is just as valid - * - * Not that we try to tie EDE text (reason_bogus_str) to - * the location where we found the reason_bogus. - */ - sldns_ede_code reason_bogus = errinf_to_reason_bogus(&m->s); - if ((reason_bogus == LDNS_EDE_DNSSEC_BOGUS && - rep->reason_bogus != LDNS_EDE_NONE) || - reason_bogus == LDNS_EDE_NONE) { - - reason_bogus = rep->reason_bogus; - if (rep->reason_bogus_str_size) { - reason = strdup(rep->reason_bogus_str); - } - } - - if (!reason) { - reason = m->s.env->cfg->val_log_level >= 2 - ? errinf_to_str_bogus(&m->s) : NULL; - } - - if(reason_bogus != LDNS_EDE_NONE) { - edns_opt_list_append_ede(&r->edns.opt_list_out, - m->s.region, reason_bogus, reason); - } - free(reason); + /* Send along EDE EDNS0 option when SERVFAILing; usually + * DNSSEC validation failures */ + /* Since we are SERVFAILing here, CD bit and rep->security + * is already handled. */ + if(m->s.env->cfg->ede && rep) { + mesh_find_and_attach_ede_and_reason(m, rep, r); } error_encode(r_buffer, rcode, &m->s.qinfo, r->qid, r->qflags, &r->edns); @@ -1459,12 +1373,22 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, r->edns.bits &= EDNS_DO; m->s.qinfo.qname = r->qname; m->s.qinfo.local_alias = r->local_alias; + + /* Attach EDE without SERVFAIL if the validation failed. + * Need to explicitly check for rep->security otherwise failed + * validation paths may attach to a secure answer. */ + if(m->s.env->cfg->ede && rep && + (rep->security <= sec_status_bogus || + rep->security == sec_status_secure_sentinel_fail)) { + mesh_find_and_attach_ede_and_reason(m, rep, r); + } + if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region, &r->start_time) || - !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, + !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, r->qflags, r_buffer, 0, 1, m->s.env->scratch, udp_size, &r->edns, (int)(r->edns.bits & EDNS_DO), - secure)) + secure)) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time)) @@ -1513,6 +1437,7 @@ void mesh_query_done(struct mesh_state* mstate) struct reply_info* rep = (mstate->s.return_msg? mstate->s.return_msg->rep:NULL); struct timeval tv = {0, 0}; + int i = 0; /* No need for the serve expired timer anymore; we are going to reply. */ if(mstate->s.serve_expired_data) { comm_timer_delete(mstate->s.serve_expired_data->timer); @@ -1532,6 +1457,7 @@ void mesh_query_done(struct mesh_state* mstate) } } for(r = mstate->reply_list; r; r = r->next) { + i++; tv = r->start_time; /* if a response-ip address block has been stored the @@ -1543,16 +1469,6 @@ void mesh_query_done(struct mesh_state* mstate) mstate->s.qinfo.qclass, r->local_alias, &r->query_reply.client_addr, r->query_reply.client_addrlen); - if(mstate->s.env->cfg->stat_extended && - mstate->s.respip_action_info->rpz_used) { - if(mstate->s.respip_action_info->rpz_disabled) - mstate->s.env->mesh->rpz_action[RPZ_DISABLED_ACTION]++; - if(mstate->s.respip_action_info->rpz_cname_override) - mstate->s.env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++; - else - mstate->s.env->mesh->rpz_action[respip_action_to_rpz_action( - mstate->s.respip_action_info->action)]++; - } } /* if this query is determined to be dropped during the @@ -1583,6 +1499,27 @@ void mesh_query_done(struct mesh_state* mstate) prev_buffer = r_buffer; } } + /* Account for each reply sent. */ + if(i > 0 && mstate->s.respip_action_info && + mstate->s.respip_action_info->addrinfo && + mstate->s.env->cfg->stat_extended && + mstate->s.respip_action_info->rpz_used) { + if(mstate->s.respip_action_info->rpz_disabled) + mstate->s.env->mesh->rpz_action[RPZ_DISABLED_ACTION] += i; + if(mstate->s.respip_action_info->rpz_cname_override) + mstate->s.env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION] += i; + else + mstate->s.env->mesh->rpz_action[respip_action_to_rpz_action( + mstate->s.respip_action_info->action)] += i; + } + if(!mstate->s.is_drop && i > 0) { + if(mstate->s.env->cfg->stat_extended + && mstate->s.is_cachedb_answer) { + mstate->s.env->mesh->ans_cachedb += i; + } + } + + /* Mesh area accounting */ if(mstate->reply_list) { mstate->reply_list = NULL; if(!mstate->reply_list && !mstate->cb_list) { @@ -1595,6 +1532,7 @@ void mesh_query_done(struct mesh_state* mstate) mstate->s.env->mesh->num_detached_states++; } mstate->replies_sent = 1; + while((c = mstate->cb_list) != NULL) { /* take this cb off the list; so that the list can be * changed, eg. by adds from the callback routine */ @@ -1621,7 +1559,7 @@ void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate) /* callback the function to inform super of result */ fptr_ok(fptr_whitelist_mod_inform_super( mesh->mods.mod[ref->s->s.curmod]->inform_super)); - (*mesh->mods.mod[ref->s->s.curmod]->inform_super)(&mstate->s, + (*mesh->mods.mod[ref->s->s.curmod]->inform_super)(&mstate->s, ref->s->s.curmod, &ref->s->s); /* copy state that is always relevant to super */ copy_state_to_super(&mstate->s, ref->s->s.curmod, &ref->s->s); @@ -1645,7 +1583,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, * desire aggregation).*/ key.unique = NULL; key.s.client_info = cinfo; - + result = (struct mesh_state*)rbtree_search(&mesh->all, &key); return result; } @@ -1654,7 +1592,7 @@ int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns, sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg, uint16_t qid, uint16_t qflags) { - struct mesh_cb* r = regional_alloc(s->s.region, + struct mesh_cb* r = regional_alloc(s->s.region, sizeof(struct mesh_cb)); if(!r) return 0; @@ -1786,7 +1724,7 @@ mesh_copy_qinfo(struct mesh_state* mstate, struct query_info** qinfop, * Handles module finished. * @param mesh: the mesh area. * @param mstate: currently active mesh state. - * Deleted if finished, calls _done and _supers to + * Deleted if finished, calls _done and _supers to * send replies to clients and inform other mesh states. * This in turn may create additional runnable mesh states. * @param s: state at which the current module exited. @@ -1820,7 +1758,7 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, } if(s == module_restart_next) { int curmod = mstate->s.curmod; - for(; mstate->s.curmod < mesh->mods.num; + for(; mstate->s.curmod < mesh->mods.num; mstate->s.curmod++) { fptr_ok(fptr_whitelist_mod_clear( mesh->mods.mod[mstate->s.curmod]->clear)); @@ -1852,9 +1790,21 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, if(s == module_finished) { if(mstate->s.curmod == 0) { struct query_info* qinfo = NULL; + struct edns_option* opt_list = NULL; + struct sockaddr_storage addr; uint16_t qflags; int rpz_p = 0; +#ifdef CLIENT_SUBNET + struct edns_option* ecs; + if(mstate->s.need_refetch && mstate->reply_list && + modstack_find(&mesh->mods, "subnetcache") != -1 && + mstate->s.env->unique_mesh) { + addr = mstate->reply_list->query_reply.client_addr; + } else +#endif + memset(&addr, 0, sizeof(addr)); + mesh_query_done(mstate); mesh_walk_supers(mesh, mstate); @@ -1864,13 +1814,28 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, * we need to make a copy of the query info here. */ if(mstate->s.need_refetch) { mesh_copy_qinfo(mstate, &qinfo, &qflags); +#ifdef CLIENT_SUBNET + /* Make also a copy of the ecs option if any */ + if((ecs = edns_opt_list_find( + mstate->s.edns_opts_front_in, + mstate->s.env->cfg->client_subnet_opcode)) != NULL) { + (void)edns_opt_list_append(&opt_list, + ecs->opt_code, ecs->opt_len, + ecs->opt_data, + mstate->s.env->scratch); + } +#endif rpz_p = mstate->s.rpz_passthru; } - mesh_state_delete(&mstate->s); if(qinfo) { - mesh_schedule_prefetch(mesh, qinfo, qflags, - 0, 1, rpz_p); + mesh_state_delete(&mstate->s); + mesh_new_prefetch(mesh, qinfo, qflags, 0, + rpz_p, + addr.ss_family!=AF_UNSPEC?&addr:NULL, + opt_list); + } else { + mesh_state_delete(&mstate->s); } return 0; } @@ -1898,7 +1863,7 @@ void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate, mstate->s.reply = NULL; regional_free_all(mstate->s.env->scratch); s = mstate->s.ext_state[mstate->s.curmod]; - verbose(VERB_ALGO, "mesh_run: %s module exit state is %s", + verbose(VERB_ALGO, "mesh_run: %s module exit state is %s", mesh->mods.mod[mstate->s.curmod]->name, strextstate(s)); e = NULL; if(mesh_continue(mesh, mstate, s, &ev)) @@ -1918,14 +1883,14 @@ void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate, } } -void +void mesh_log_list(struct mesh_area* mesh) { char buf[30]; struct mesh_state* m; int num = 0; RBTREE_FOR(m, struct mesh_state*, &mesh->all) { - snprintf(buf, sizeof(buf), "%d%s%s%s%s%s%s mod%d %s%s", + snprintf(buf, sizeof(buf), "%d%s%s%s%s%s%s mod%d %s%s", num++, (m->s.is_priming)?"p":"", /* prime */ (m->s.is_valrec)?"v":"", /* prime */ (m->s.query_flags&BIT_RD)?"RD":"", @@ -1934,18 +1899,18 @@ mesh_log_list(struct mesh_area* mesh) (m->sub_set.count!=0)?"c":"", /* children */ m->s.curmod, (m->reply_list)?"rep":"", /*hasreply*/ (m->cb_list)?"cb":"" /* callbacks */ - ); + ); log_query_info(VERB_ALGO, buf, &m->s.qinfo); } } -void +void mesh_stats(struct mesh_area* mesh, const char* str) { verbose(VERB_DETAIL, "%s %u recursion states (%u with reply, " "%u detached), %u waiting replies, %u recursion replies " - "sent, %d replies dropped, %d states jostled out", - str, (unsigned)mesh->all.count, + "sent, %d replies dropped, %d states jostled out", + str, (unsigned)mesh->all.count, (unsigned)mesh->num_reply_states, (unsigned)mesh->num_detached_states, (unsigned)mesh->num_reply_addrs, @@ -1954,7 +1919,7 @@ mesh_stats(struct mesh_area* mesh, const char* str) (unsigned)mesh->stats_jostled); if(mesh->replies_sent > 0) { struct timeval avg; - timeval_divide(&avg, &mesh->replies_sum_wait, + timeval_divide(&avg, &mesh->replies_sum_wait, mesh->replies_sent); log_info("average recursion processing time " ARG_LL "d.%6.6d sec", @@ -1964,7 +1929,7 @@ mesh_stats(struct mesh_area* mesh, const char* str) } } -void +void mesh_stats_clear(struct mesh_area* mesh) { if(!mesh) @@ -1978,12 +1943,13 @@ mesh_stats_clear(struct mesh_area* mesh) mesh->ans_secure = 0; mesh->ans_bogus = 0; mesh->ans_expired = 0; + mesh->ans_cachedb = 0; memset(&mesh->ans_rcode[0], 0, sizeof(size_t)*UB_STATS_RCODE_NUM); memset(&mesh->rpz_action[0], 0, sizeof(size_t)*UB_STATS_RPZ_ACTION_NUM); mesh->ans_nodata = 0; } -size_t +size_t mesh_get_mem(struct mesh_area* mesh) { struct mesh_state* m; @@ -1997,7 +1963,7 @@ mesh_get_mem(struct mesh_area* mesh) return s; } -int +int mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo, uint16_t flags, int prime, int valrec) { @@ -2114,6 +2080,7 @@ mesh_serve_expired_callback(void* arg) struct timeval tv = {0, 0}; int must_validate = (!(qstate->query_flags&BIT_CD) || qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate; + int i = 0; if(!qstate->serve_expired_data) return; verbose(VERB_ALGO, "Serve expired: Trying to reply with expired data"); comm_timer_delete(qstate->serve_expired_data->timer); @@ -2185,6 +2152,7 @@ mesh_serve_expired_callback(void* arg) log_dns_msg("Serve expired lookup", &qstate->qinfo, msg->rep); for(r = mstate->reply_list; r; r = r->next) { + i++; tv = r->start_time; /* If address info is returned, it means the action should be an @@ -2194,16 +2162,6 @@ mesh_serve_expired_callback(void* arg) qstate->qinfo.qtype, qstate->qinfo.qclass, r->local_alias, &r->query_reply.client_addr, r->query_reply.client_addrlen); - - if(qstate->env->cfg->stat_extended && actinfo.rpz_used) { - if(actinfo.rpz_disabled) - qstate->env->mesh->rpz_action[RPZ_DISABLED_ACTION]++; - if(actinfo.rpz_cname_override) - qstate->env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++; - else - qstate->env->mesh->rpz_action[ - respip_action_to_rpz_action(actinfo.action)]++; - } } /* Add EDE Stale Answer (RCF8914). Ignore global ede as this is @@ -2223,11 +2181,23 @@ mesh_serve_expired_callback(void* arg) tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); prev = r; prev_buffer = r_buffer; - - /* Account for each reply sent. */ - mesh->ans_expired++; - } + /* Account for each reply sent. */ + if(i > 0) { + mesh->ans_expired += i; + if(actinfo.addrinfo && qstate->env->cfg->stat_extended && + actinfo.rpz_used) { + if(actinfo.rpz_disabled) + qstate->env->mesh->rpz_action[RPZ_DISABLED_ACTION] += i; + if(actinfo.rpz_cname_override) + qstate->env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION] += i; + else + qstate->env->mesh->rpz_action[ + respip_action_to_rpz_action(actinfo.action)] += i; + } + } + + /* Mesh area accounting */ if(mstate->reply_list) { mstate->reply_list = NULL; if(!mstate->reply_list && !mstate->cb_list) { @@ -2238,6 +2208,7 @@ mesh_serve_expired_callback(void* arg) } } } + while((c = mstate->cb_list) != NULL) { /* take this cb off the list; so that the list can be * changed, eg. by adds from the callback routine */ diff --git a/services/mesh.h b/services/mesh.h index 25121a67b..d926cfc9d 100644 --- a/services/mesh.h +++ b/services/mesh.h @@ -114,6 +114,8 @@ struct mesh_area { size_t stats_dropped; /** stats, number of expired replies sent */ size_t ans_expired; + /** stats, number of cached replies from cachedb */ + size_t ans_cachedb; /** number of replies sent */ size_t replies_sent; /** sum of waiting times for the replies */ @@ -335,13 +337,13 @@ int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, * @param leeway: TTL leeway what to expire earlier for this update. * @param rpz_passthru: if true, the rpz passthru was previously found and * further rpz processing is stopped. - * @param rep: comm_reply for the client; to be used when subnet is enabled. + * @param addr: sockaddr_storage for the client; to be used with subnet. * @param opt_list: edns opt_list from the client; to be used when subnet is * enabled. */ void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway, int rpz_passthru, - struct comm_reply* rep, struct edns_option* opt_list); + struct sockaddr_storage* addr, struct edns_option* opt_list); /** * Handle new event from the wire. A serviced query has returned. @@ -478,14 +480,6 @@ struct mesh_state* mesh_state_create(struct module_env* env, struct query_info* qinfo, struct respip_client_info* cinfo, uint16_t qflags, int prime, int valrec); -/** - * Check if the mesh state is unique. - * A unique mesh state uses it's unique member to point to itself, else NULL. - * @param mstate: mesh state to check. - * @return true if the mesh state is unique, false otherwise. - */ -int mesh_state_is_unique(struct mesh_state* mstate); - /** * Make a mesh state unique. * A unique mesh state uses it's unique member to point to itself. diff --git a/services/modstack.c b/services/modstack.c index da8e623c1..a90d7178c 100644 --- a/services/modstack.c +++ b/services/modstack.c @@ -120,12 +120,16 @@ modstack_config(struct module_stack* stack, const char* module_conf) stack->mod[i] = module_factory(&module_conf); if(!stack->mod[i]) { char md[256]; + char * s = md; snprintf(md, sizeof(md), "%s", module_conf); - if(strchr(md, ' ')) *(strchr(md, ' ')) = 0; - if(strchr(md, '\t')) *(strchr(md, '\t')) = 0; + /* Leading spaces are present on errors. */ + while (*s && isspace((unsigned char)*s)) + s++; + if(strchr(s, ' ')) *(strchr(s, ' ')) = 0; + if(strchr(s, '\t')) *(strchr(s, '\t')) = 0; log_err("Unknown value in module-config, module: '%s'." " This module is not present (not compiled in)," - " See the list of linked modules with unbound -V", md); + " See the list of linked modules with unbound -V", s); return 0; } } diff --git a/services/outside_network.c b/services/outside_network.c index a4529ade5..2a219cbc6 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -551,8 +551,27 @@ reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr, log_assert(&key_p != ((struct reuse_tcp*)result)->pending); } /* not found, return null */ + + /* It is possible that we search for something before the first element + * in the tree. Replace a null pointer with the first element. + */ + if (!result) { + verbose(VERB_CLIENT, "reuse_tcp_find: taking first"); + result = rbtree_first(&outnet->tcp_reuse); + } + if(!result || result == RBTREE_NULL) return NULL; + + /* It is possible that we got the previous address, but that the + * address we are looking for is in the tree. If the address we got + * is less than the address we are looking, then take the next entry. + */ + if (reuse_cmp_addrportssl(result->key, &key_p.reuse) < 0) { + verbose(VERB_CLIENT, "reuse_tcp_find: key too low"); + result = rbtree_next(result); + } + verbose(VERB_CLIENT, "reuse_tcp_find check inexact match"); /* inexact match, find one of possibly several connections to the * same destination address, with the correct port, ssl, and @@ -620,6 +639,15 @@ outnet_tcp_take_into_use(struct waiting_tcp* w) log_assert(w->addrlen > 0); pend->c->tcp_do_toggle_rw = 0; pend->c->tcp_do_close = 0; + + /* Consistency check, if we have ssl_upstream but no sslctx, then + * log an error and return failure. + */ + if (w->ssl_upstream && !w->outnet->sslctx) { + log_err("SSL upstream requested but no SSL context"); + return 0; + } + /* open socket */ s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp); diff --git a/services/rpz.c b/services/rpz.c index e2efc3c7e..6ce83cb66 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -1188,6 +1188,22 @@ rpz_find_zone(struct local_zones* zones, uint8_t* qname, size_t qname_len, uint1 return z; } +/** Find entry for RR type in the list of rrsets for the clientip. */ +static struct local_rrset* +rpz_find_synthesized_rrset(uint16_t qtype, + struct clientip_synthesized_rr* data) +{ + struct local_rrset* cursor = data->data; + while( cursor != NULL) { + struct packed_rrset_key* packed_rrset = &cursor->rrset->rk; + if(htons(qtype) == packed_rrset->type) { + return cursor; + } + cursor = cursor->next; + } + return NULL; +} + /** * Remove RR from RPZ's local-data * @param z: local-zone for RPZ, holding write lock @@ -1270,15 +1286,15 @@ rpz_rrset_delete_rr(struct resp_addr* raddr, uint16_t rr_type, uint8_t* rdata, } -/** Remove RR from RPZ's local-zone */ +/** Remove RR from rpz localzones structure */ static void -rpz_remove_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, - enum rpz_action a, uint16_t rr_type, uint16_t rr_class, - uint8_t* rdatawl, size_t rdatalen) +rpz_remove_local_zones_trigger(struct local_zones* zones, uint8_t* dname, + size_t dnamelen, enum rpz_action a, uint16_t rr_type, + uint16_t rr_class, uint8_t* rdatawl, size_t rdatalen) { struct local_zone* z; int delete_zone = 1; - z = rpz_find_zone(r->local_zones, dname, dnamelen, rr_class, + z = rpz_find_zone(zones, dname, dnamelen, rr_class, 1 /* only exact */, 1 /* wr lock */, 1 /* keep lock*/); if(!z) { verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, " @@ -1290,15 +1306,24 @@ rpz_remove_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, dnamelen, rr_type, rdatawl, rdatalen); else if(a != localzone_type_to_rpz_action(z->type)) { lock_rw_unlock(&z->lock); - lock_rw_unlock(&r->local_zones->lock); + lock_rw_unlock(&zones->lock); return; } lock_rw_unlock(&z->lock); if(delete_zone) { - local_zones_del_zone(r->local_zones, z); + local_zones_del_zone(zones, z); } - lock_rw_unlock(&r->local_zones->lock); - return; + lock_rw_unlock(&zones->lock); +} + +/** Remove RR from RPZ's local-zone */ +static void +rpz_remove_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, + enum rpz_action a, uint16_t rr_type, uint16_t rr_class, + uint8_t* rdatawl, size_t rdatalen) +{ + rpz_remove_local_zones_trigger(r->local_zones, dname, dnamelen, + a, rr_type, rr_class, rdatawl, rdatalen); } static void @@ -1335,15 +1360,159 @@ rpz_remove_response_ip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, lock_rw_unlock(&r->respip_set->lock); } +/** find and remove type from list of local_rrset entries*/ +static void +del_local_rrset_from_list(struct local_rrset** list_head, uint16_t dtype) +{ + struct local_rrset* prev=NULL, *p=*list_head; + while(p && ntohs(p->rrset->rk.type) != dtype) { + prev = p; + p = p->next; + } + if(!p) + return; /* rrset type not found */ + /* unlink it */ + if(prev) prev->next = p->next; + else *list_head = p->next; + /* no memory recycling for zone deletions ... */ +} + +/** Delete client-ip trigger RR from its RRset and perhaps also the rrset + * from the linked list. Returns if the local data is empty and the node can + * be deleted too, or not. */ +static int rpz_remove_clientip_rr(struct clientip_synthesized_rr* node, + uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) +{ + struct local_rrset* rrset; + struct packed_rrset_data* d; + size_t index; + rrset = rpz_find_synthesized_rrset(rr_type, node); + if(rrset == NULL) + return 0; /* type not found, ignore */ + d = (struct packed_rrset_data*)rrset->rrset->entry.data; + if(!packed_rrset_find_rr(d, rdatawl, rdatalen, &index)) + return 0; /* RR not found, ignore */ + if(d->count == 1) { + /* regional alloc'd */ + /* delete the type entry from the list */ + del_local_rrset_from_list(&node->data, rr_type); + /* if the list is empty, the node can be removed too */ + if(node->data == NULL) + return 1; + } else if (d->count > 1) { + if(!local_rrset_remove_rr(d, index)) + return 0; + } + return 0; +} + +/** remove trigger RR from clientip_syntheized set tree. */ +static void +rpz_clientip_remove_trigger_rr(struct clientip_synthesized_rrset* set, + struct sockaddr_storage* addr, socklen_t addrlen, int net, + enum rpz_action a, uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) +{ + struct clientip_synthesized_rr* node; + int delete_node = 1; + + lock_rw_wrlock(&set->lock); + node = (struct clientip_synthesized_rr*)addr_tree_find(&set->entries, + addr, addrlen, net); + if(node == NULL) { + /* netblock not found */ + verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, " + "RPZ address, netblock not found"); + lock_rw_unlock(&set->lock); + return; + } + lock_rw_wrlock(&node->lock); + if(a == RPZ_LOCAL_DATA_ACTION) { + /* remove RR, signal whether entry can be removed */ + delete_node = rpz_remove_clientip_rr(node, rr_type, rdatawl, + rdatalen); + } else if(a != node->action) { + /* ignore the RR with different action specification */ + delete_node = 0; + } + if(delete_node) { + rbtree_delete(&set->entries, node->node.node.key); + } + lock_rw_unlock(&set->lock); + lock_rw_unlock(&node->lock); + if(delete_node) { + lock_rw_destroy(&node->lock); + } +} + +/** Remove clientip trigger RR from RPZ. */ +static void +rpz_remove_clientip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, + enum rpz_action a, uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + int net, af; + if(a == RPZ_INVALID_ACTION) + return; + if(!netblockdnametoaddr(dname, dnamelen, &addr, &addrlen, &net, &af)) + return; + rpz_clientip_remove_trigger_rr(r->client_set, &addr, addrlen, net, + a, rr_type, rdatawl, rdatalen); +} + +/** Remove nsip trigger RR from RPZ. */ +static void +rpz_remove_nsip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, + enum rpz_action a, uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + int net, af; + if(a == RPZ_INVALID_ACTION) + return; + if(!netblockdnametoaddr(dname, dnamelen, &addr, &addrlen, &net, &af)) + return; + rpz_clientip_remove_trigger_rr(r->ns_set, &addr, addrlen, net, + a, rr_type, rdatawl, rdatalen); +} + +/** Remove nsdname trigger RR from RPZ. */ +static void +rpz_remove_nsdname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, + enum rpz_action a, uint16_t rr_type, uint16_t rr_class, + uint8_t* rdatawl, size_t rdatalen) +{ + uint8_t* dname_stripped = NULL; + size_t dnamelen_stripped = 0; + if(a == RPZ_INVALID_ACTION) + return; + if(!rpz_strip_nsdname_suffix(dname, dnamelen, &dname_stripped, + &dnamelen_stripped)) + return; + rpz_remove_local_zones_trigger(r->nsdname_zones, dname_stripped, + dnamelen_stripped, a, rr_type, rr_class, rdatawl, rdatalen); + free(dname_stripped); +} + void -rpz_remove_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, size_t dnamelen, - uint16_t rr_type, uint16_t rr_class, uint8_t* rdatawl, size_t rdatalen) +rpz_remove_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname, + size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint8_t* rdatawl, + size_t rdatalen) { size_t policydnamelen; enum rpz_trigger t; enum rpz_action a; uint8_t* policydname; + if(rpz_type_ignored(rr_type)) { + /* this rpz action is not valid, eg. this is the SOA or NS RR */ + return; + } + if(!dname_subdomain_c(dname, azname)) { + /* not subdomain of the RPZ zone. */ + return; + } + if(!(policydname = calloc(1, LDNS_MAX_DOMAINLEN + 1))) return; @@ -1358,13 +1527,28 @@ rpz_remove_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, size_t dnamelen, return; } t = rpz_dname_to_trigger(policydname, policydnamelen); + if(t == RPZ_INVALID_TRIGGER) { + /* skipping invalid trigger */ + free(policydname); + return; + } if(t == RPZ_QNAME_TRIGGER) { rpz_remove_qname_trigger(r, policydname, policydnamelen, a, rr_type, rr_class, rdatawl, rdatalen); } else if(t == RPZ_RESPONSE_IP_TRIGGER) { rpz_remove_response_ip_trigger(r, policydname, policydnamelen, a, rr_type, rdatawl, rdatalen); + } else if(t == RPZ_CLIENT_IP_TRIGGER) { + rpz_remove_clientip_trigger(r, policydname, policydnamelen, a, + rr_type, rdatawl, rdatalen); + } else if(t == RPZ_NSIP_TRIGGER) { + rpz_remove_nsip_trigger(r, policydname, policydnamelen, a, + rr_type, rdatawl, rdatalen); + } else if(t == RPZ_NSDNAME_TRIGGER) { + rpz_remove_nsdname_trigger(r, policydname, policydnamelen, a, + rr_type, rr_class, rdatawl, rdatalen); } + /* else it was an unsupported trigger, also skipped. */ free(policydname); } @@ -1563,21 +1747,6 @@ rpz_local_encode(struct module_env* env, struct query_info* qinfo, return 1; } -static struct local_rrset* -rpz_find_synthesized_rrset(uint16_t qtype, - struct clientip_synthesized_rr* data) -{ - struct local_rrset* cursor = data->data; - while( cursor != NULL) { - struct packed_rrset_key* packed_rrset = &cursor->rrset->rk; - if(htons(qtype) == packed_rrset->type) { - return cursor; - } - cursor = cursor->next; - } - return NULL; -} - /** allocate SOA record ubrrsetkey in region */ static struct ub_packed_rrset_key* make_soa_ubrrset(struct auth_zone* auth_zone, struct auth_rrset* soa, diff --git a/services/rpz.h b/services/rpz.h index 53781197a..e6d8bf566 100644 --- a/services/rpz.h +++ b/services/rpz.h @@ -84,10 +84,11 @@ enum rpz_action { RPZ_CNAME_OVERRIDE_ACTION, /* RPZ CNAME action override*/ }; -struct clientip_synthesized_rrset{ +struct clientip_synthesized_rrset { struct regional* region; struct rbtree_type entries; - lock_rw_type lock; /* lock on the respip tree */ + /** lock on the entries tree */ + lock_rw_type lock; }; struct clientip_synthesized_rr { @@ -95,10 +96,6 @@ struct clientip_synthesized_rr { struct addr_tree_node node; /** lock on the node item */ lock_rw_type lock; - /** tag bitlist */ - uint8_t* taglist; - /** length of the taglist (in bytes) */ - size_t taglen; /** action for this address span */ enum rpz_action action; /** "local data" for this node */ @@ -152,6 +149,7 @@ int rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dna /** * Delete policy matching RR, used for IXFR. * @param r: the rpz to add the policy to. + * @param azname: dname of the auth-zone * @param aznamelen: the length of the auth-zone name * @param dname: dname of the RR * @param dnamelen: length of the dname @@ -160,9 +158,9 @@ int rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dna * @param rdatawl: rdata of the RR, prepended with the rdata size * @param rdatalen: length if the RR, including the prepended rdata size */ -void rpz_remove_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, - size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint8_t* rdatawl, - size_t rdatalen); +void rpz_remove_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, + uint8_t* dname, size_t dnamelen, uint16_t rr_type, uint16_t rr_class, + uint8_t* rdatawl, size_t rdatalen); /** * Walk over the RPZ zones to find and apply a QNAME trigger policy. diff --git a/sldns/rrdef.c b/sldns/rrdef.c index 322eff096..e81ebb1fc 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -702,7 +702,11 @@ sldns_get_rr_type_by_name(const char *name) /* TYPEXX representation */ if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) { - return atoi(name + 4); + unsigned int a = atoi(name + 4); + if (a > LDNS_RR_TYPE_LAST) { + return (enum sldns_enum_rr_type)0; + } + return a; } /* Normal types */ @@ -740,7 +744,11 @@ sldns_get_rr_class_by_name(const char *name) /* CLASSXX representation */ if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) { - return atoi(name + 5); + unsigned int a = atoi(name + 5); + if (a > LDNS_RR_CLASS_LAST) { + return (enum sldns_enum_rr_class)0; + } + return a; } /* Normal types */ diff --git a/sldns/rrdef.h b/sldns/rrdef.h index 999c22307..bfe3960a6 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -196,8 +196,8 @@ enum sldns_enum_rr_type LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */ - LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */ - LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */ + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */ + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ @@ -436,7 +436,8 @@ enum sldns_enum_edns_option LDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/ LDNS_EDNS_PADDING = 12, /* RFC7830 */ LDNS_EDNS_EDE = 15, /* RFC8914 */ - LDNS_EDNS_CLIENT_TAG = 16 /* draft-bellis-dnsop-edns-tags-01 */ + LDNS_EDNS_CLIENT_TAG = 16, /* draft-bellis-dnsop-edns-tags-01 */ + LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST = 65534 }; typedef enum sldns_enum_edns_option sldns_edns_option; diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 303d49ba6..45e247613 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -357,7 +357,7 @@ rrinternal_get_delims(sldns_rdf_type rdftype, size_t r_cnt, size_t r_max) break; default : break; } - return "\n\t "; + return "\n\t "; } /* Syntactic sugar for sldns_rr_new_frm_str_internal */ @@ -448,7 +448,7 @@ rrinternal_parse_unknown(sldns_buffer* strbuf, char* token, size_t token_len, sldns_buffer_position(strbuf)); } hex_data_size = (size_t)atoi(token); - if(hex_data_size > LDNS_MAX_RDFLEN || + if(hex_data_size > LDNS_MAX_RDFLEN || *rr_cur_len + hex_data_size > *rr_len) { return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, sldns_buffer_position(strbuf)); @@ -567,7 +567,7 @@ sldns_parse_rdf_token(sldns_buffer* strbuf, char* token, size_t token_len, /* check if not quoted yet, and we have encountered quotes */ if(!*quoted && sldns_rdf_type_maybe_quoted(rdftype) && slen >= 2 && - (token[0] == '"' || token[0] == '\'') && + (token[0] == '"' || token[0] == '\'') && (token[slen-1] == '"' || token[slen-1] == '\'')) { /* move token two smaller (quotes) with endnull */ memmove(token, token+1, slen-2); @@ -698,7 +698,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) mandatory = svcparams[i]; } - /* 4. verify that all the SvcParamKeys in mandatory are present */ + /* Verify that all the SvcParamKeys in mandatory are present */ if(mandatory) { /* Divide by sizeof(uint16_t)*/ uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); @@ -785,7 +785,7 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, token[2]=='\t')) { was_unknown_rr_format = 1; if((status=rrinternal_parse_unknown(strbuf, token, - token_len, rr, rr_len, &rr_cur_len, + token_len, rr, rr_len, &rr_cur_len, pre_data_pos)) != 0) return status; } else if(token_strlen > 0 || quoted) { @@ -844,7 +844,7 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) { size_t rdata_len = rr_cur_len - dname_len - 10; uint8_t *rdata = rr+dname_len + 10; - + /* skip 1st rdata field SvcPriority (uint16_t) */ if (rdata_len < sizeof(uint16_t)) return LDNS_WIREPARSE_ERR_OK; @@ -1123,36 +1123,40 @@ sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len) return key_value; } else switch (key_len) { - case sizeof("mandatory")-1: - if (!strncmp(key, "mandatory", sizeof("mandatory")-1)) - return SVCB_KEY_MANDATORY; - if (!strncmp(key, "echconfig", sizeof("echconfig")-1)) - return SVCB_KEY_ECH; /* allow "echconfig" as well as "ech" */ + case 3: + if (!strncmp(key, "ech", key_len)) + return SVCB_KEY_ECH; break; - case sizeof("alpn")-1: - if (!strncmp(key, "alpn", sizeof("alpn")-1)) + case 4: + if (!strncmp(key, "alpn", key_len)) return SVCB_KEY_ALPN; - if (!strncmp(key, "port", sizeof("port")-1)) + if (!strncmp(key, "port", key_len)) return SVCB_KEY_PORT; break; - case sizeof("no-default-alpn")-1: - if (!strncmp( key , "no-default-alpn" - , sizeof("no-default-alpn")-1)) - return SVCB_KEY_NO_DEFAULT_ALPN; + case 7: + if (!strncmp(key, "dohpath", key_len)) + return SVCB_KEY_DOHPATH; break; - case sizeof("ipv4hint")-1: - if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1)) + case 8: + if (!strncmp(key, "ipv4hint", key_len)) return SVCB_KEY_IPV4HINT; - if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1)) + if (!strncmp(key, "ipv6hint", key_len)) return SVCB_KEY_IPV6HINT; break; - case sizeof("ech")-1: - if (!strncmp(key, "ech", sizeof("ech")-1)) - return SVCB_KEY_ECH; + case 9: + if (!strncmp(key, "mandatory", key_len)) + return SVCB_KEY_MANDATORY; + if (!strncmp(key, "echconfig", key_len)) + return SVCB_KEY_ECH; /* allow "echconfig" as well as "ech" */ + break; + + case 15: + if (!strncmp(key, "no-default-alpn", key_len)) + return SVCB_KEY_NO_DEFAULT_ALPN; break; default: @@ -1477,7 +1481,7 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, size_t str_len; size_t dst_len; size_t val_len; - + val_len = strlen(val); if (val_len > sizeof(unescaped_dst)) { @@ -1511,7 +1515,34 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, sldns_write_uint16(rd + 2, dst_len); memcpy(rd + 4, unescaped_dst, dst_len); *rd_len = 4 + dst_len; - + + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcbparam_dohpath_value(const char* val, + uint8_t* rd, size_t* rd_len) +{ + size_t val_len; + + /* RFC6570#section-2.1 + * "The characters outside of expressions in a URI Template string are + * intended to be copied literally" + * Practically this means we do not have to look for "double escapes" + * like in the alpn value list. + */ + + val_len = strlen(val); + + if (*rd_len < 4 + val_len) { + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + } + + sldns_write_uint16(rd, SVCB_KEY_DOHPATH); + sldns_write_uint16(rd + 2, val_len); + memcpy(rd + 4, val, val_len); + *rd_len = 4 + val_len; + return LDNS_WIREPARSE_ERR_OK; } @@ -1535,6 +1566,7 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, case SVCB_KEY_PORT: case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: + case SVCB_KEY_DOHPATH: return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; #endif default: @@ -1566,6 +1598,8 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len); case SVCB_KEY_ALPN: return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); + case SVCB_KEY_DOHPATH: + return sldns_str2wire_svcbparam_dohpath_value(val, rd, rd_len); default: str_len = strlen(val); if (*rd_len < 4 + str_len) @@ -1593,7 +1627,7 @@ static int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_ /* case: key=value */ if (eq_pos != NULL && eq_pos[1]) { val_in = eq_pos + 1; - + /* unescape characters and "" blocks */ if (*val_in == '"') { val_in++; @@ -1610,11 +1644,11 @@ static int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_ } *val_out = 0; - return sldns_str2wire_svcparam_value(str, eq_pos - str, - unescaped_val[0] ? unescaped_val : NULL, rd, rd_len); + return sldns_str2wire_svcparam_value(str, eq_pos - str, + unescaped_val[0] ? unescaped_val : NULL, rd, rd_len); } /* case: key= */ - else if (eq_pos != NULL && !(eq_pos[1])) { + else if (eq_pos != NULL && !(eq_pos[1])) { return sldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len); } /* case: key */ diff --git a/sldns/str2wire.h b/sldns/str2wire.h index baee4236f..5e4d146d3 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -38,7 +38,8 @@ struct sldns_struct_lookup_table; #define SVCB_KEY_IPV4HINT 4 #define SVCB_KEY_ECH 5 #define SVCB_KEY_IPV6HINT 6 -#define SVCPARAMKEY_COUNT 7 +#define SVCB_KEY_DOHPATH 7 +#define SVCPARAMKEY_COUNT 8 #define MAX_NUMBER_OF_SVCPARAMS 64 @@ -236,6 +237,7 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len); #define LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385 #define LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386 + /** * Get reference to a constant string for the (parse) error. * @param e: error return value diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 74d1b62df..e6278ff56 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -159,7 +159,7 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { "Mandatory SvcParamKey is missing"}, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY, "Keys in SvcParam mandatory MUST be unique" }, - { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, "mandatory MUST not be included as mandatory parameter" }, { LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX, "Could not parse port SvcParamValue" }, @@ -224,7 +224,7 @@ sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data; /* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */ const char *svcparamkey_strs[] = { "mandatory", "alpn", "no-default-alpn", "port", - "ipv4hint", "ech", "ipv6hint" + "ipv4hint", "ech", "ipv6hint", "dohpath" }; char* sldns_wire2str_pkt(uint8_t* data, size_t len) @@ -487,7 +487,7 @@ int sldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, uint8_t* rr = *d; size_t rrlen = *dlen, dname_off, rdlen, ordlen; uint16_t rrtype = 0; - + if(*dlen >= 3 && (*d)[0]==0 && sldns_read_uint16((*d)+1)==LDNS_RR_TYPE_OPT) { /* perform EDNS OPT processing */ @@ -1119,7 +1119,7 @@ static int sldns_wire2str_svcparam_alpn2str(char** s, w += sldns_str_print(s, slen, "%s", ","); } w += sldns_str_print(s, slen, "\""); - + return w; } @@ -1139,7 +1139,7 @@ static int sldns_wire2str_svcparam_ech2str(char** s, (*s) += size; (*slen) -= size; - w += sldns_str_print(s, slen, "\""); + w += sldns_str_print(s, slen, "\""); return w + size; } @@ -1162,7 +1162,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl /* verify that we have data_len data */ if (data_len > *dlen) - return -1; + return -1; written_chars += sldns_print_svcparamkey(s, slen, svcparamkey); if (!data_len) { @@ -1174,6 +1174,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: case SVCB_KEY_MANDATORY: + case SVCB_KEY_DOHPATH: return -1; default: return written_chars; @@ -1201,6 +1202,8 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl case SVCB_KEY_ECH: r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d); break; + case SVCB_KEY_DOHPATH: + /* fallthrough */ default: r = sldns_str_print(s, slen, "=\""); @@ -1222,7 +1225,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl } if (r <= 0) return -1; /* wireformat error */ - + written_chars += r; *d += data_len; *dlen -= data_len; @@ -1551,7 +1554,7 @@ int sldns_wire2str_nsec_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) unsigned i, bit, window, block_len; uint16_t t; int w = 0; - + /* check for errors */ while(pl) { if(pl < 2) return -1; diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index 3bc25a10c..20a100cec 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -1589,8 +1589,7 @@ xml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now) /** * Perform XML parsing of the root-anchors file - * Its format description can be read here - * https://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.txt + * Its format description can be found in RFC 7958. * It uses libexpat. * @param xml: BIO with xml data. * @param now: the current time for checking DS validity periods. diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index f850469ba..ff8043711 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -714,7 +714,7 @@ morechecks(struct config_file* cfg) cfg->chrootdir, cfg); } #endif - /* remove chroot setting so that modules are not stripping pathnames*/ + /* remove chroot setting so that modules are not stripping pathnames */ free(cfg->chrootdir); cfg->chrootdir = NULL; diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 34fb801bb..891ce23ac 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -4,22 +4,22 @@ * Copyright (c) 2008, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -59,6 +59,7 @@ #include "util/locks.h" #include "util/net_help.h" #include "util/shm_side/shm_main.h" +#include "util/timeval_func.h" #include "daemon/stats.h" #include "sldns/wire2str.h" #include "sldns/pkthdr.h" @@ -102,6 +103,12 @@ usage(void) printf(" stop stops the server\n"); printf(" reload reloads the server\n"); printf(" (this flushes data, stats, requestlist)\n"); + printf(" reload_keep_cache reloads the server but tries to\n"); + printf(" keep the RRset and message cache\n"); + printf(" if (re)configuration allows for it.\n"); + printf(" That means the caches sizes and\n"); + printf(" the number of threads must not\n"); + printf(" change between reloads.\n"); printf(" stats print statistics\n"); printf(" stats_noreset peek at statistics\n"); #ifdef HAVE_SHMGET @@ -180,33 +187,6 @@ usage(void) #ifdef HAVE_SHMGET /** what to put on statistics lines between var and value, ": " or "=" */ #define SQ "=" -/** if true, inhibits a lot of =0 lines from the stats output */ -static const int inhibit_zero = 1; -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d <= 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - if(leftover <= 0) - leftover = 0; - avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; - if(avg->tv_sec < 0) - avg->tv_sec = 0; - if(avg->tv_usec < 0) - avg->tv_usec = 0; -#endif -} - /** print unsigned long stats value */ #define PR_UL_NM(str, var) printf("%s."str SQ"%lu\n", nm, (unsigned long)(var)); #define PR_UL(str, var) printf(str SQ"%lu\n", (unsigned long)(var)); @@ -222,12 +202,14 @@ static void pr_stats(const char* nm, struct ub_stats_info* s) { struct timeval sumwait, avg; PR_UL_NM("num.queries", s->svr.num_queries); - PR_UL_NM("num.queries_ip_ratelimited", + PR_UL_NM("num.queries_ip_ratelimited", s->svr.num_queries_ip_ratelimited); PR_UL_NM("num.cachehits", s->svr.num_queries - s->svr.num_queries_missed_cache); PR_UL_NM("num.cachemiss", s->svr.num_queries_missed_cache); PR_UL_NM("num.prefetch", s->svr.num_queries_prefetch); + PR_UL_NM("num.queries_timed_out", s->svr.num_queries_timed_out); + PR_UL_NM("query.queue_time_us.max", s->svr.max_query_time_us); PR_UL_NM("num.expired", s->svr.ans_expired); PR_UL_NM("num.recursivereplies", s->mesh_replies_sent); #ifdef USE_DNSCRYPT @@ -316,7 +298,7 @@ static void print_hist(struct ub_stats_info* s) } /** print extended */ -static void print_extended(struct ub_stats_info* s) +static void print_extended(struct ub_stats_info* s, int inhibit_zero) { int i; char nm[16]; @@ -399,6 +381,9 @@ static void print_extended(struct ub_stats_info* s) PR_UL("rrset.cache.count", s->svr.rrset_cache_count); PR_UL("infra.cache.count", s->svr.infra_cache_count); PR_UL("key.cache.count", s->svr.key_cache_count); + /* max collisions */ + PR_UL("msg.cache.max_collisions", s->svr.msg_cache_max_collisions); + PR_UL("rrset.cache.max_collisions", s->svr.rrset_cache_max_collisions); /* applied RPZ actions */ for(i=0; isvr.num_query_subnet); PR_UL("num.query.subnet_cache", s->svr.num_query_subnet_cache); #endif +#ifdef USE_CACHEDB + PR_UL("num.query.cachedb", s->svr.num_query_cachedb); +#endif } /** print statistics out of memory structures */ @@ -439,7 +427,7 @@ static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats, if(cfg->stat_extended) { print_mem(shm_stat, &stats[0]); print_hist(stats); - print_extended(stats); + print_extended(stats, cfg->stat_inhibit_zero); } } #endif /* HAVE_SHMGET */ @@ -985,7 +973,7 @@ int main(int argc, char* argv[]) fatal_exit("could not exec unbound: %s", strerror(ENOSYS)); #else - if(execlp("unbound", "unbound", "-c", cfgfile, + if(execlp("unbound", "unbound", "-c", cfgfile, (char*)NULL) < 0) { fatal_exit("could not exec unbound: %s", strerror(errno)); diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c index d612575f3..8bffe46ce 100644 --- a/smallapp/unbound-host.c +++ b/smallapp/unbound-host.c @@ -482,6 +482,7 @@ int main(int argc, char* argv[]) case '?': case 'h': default: + ub_ctx_delete(ctx); usage(); } } @@ -495,8 +496,10 @@ int main(int argc, char* argv[]) } argc -= optind; argv += optind; - if(argc != 1) + if(argc != 1) { + ub_ctx_delete(ctx); usage(); + } #ifdef HAVE_SSL #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS diff --git a/testcode/dohclient.c b/testcode/dohclient.c index 64af699bc..de9f39d7d 100644 --- a/testcode/dohclient.c +++ b/testcode/dohclient.c @@ -226,9 +226,16 @@ make_query(char* qname, char* qtype, char* qclass) printf("cannot parse query name: '%s'\n", qname); exit(1); } - qinfo.qtype = sldns_get_rr_type_by_name(qtype); + if(qinfo.qtype == 0 && strcmp(qtype, "TYPE0") != 0) { + printf("cannot parse query type: '%s'\n", qtype); + exit(1); + } qinfo.qclass = sldns_get_rr_class_by_name(qclass); + if(qinfo.qclass == 0 && strcmp(qclass, "CLASS0") != 0) { + printf("cannot parse query class: '%s'\n", qclass); + exit(1); + } qinfo.local_alias = NULL; qinfo_query_encode(buf, &qinfo); /* flips buffer */ diff --git a/testcode/fake_event.c b/testcode/fake_event.c index efb22a6fb..9d65b3c49 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -2,24 +2,24 @@ * testcode/fake_event.c - fake event handling that replays existing scenario. * * Copyright (c) 2007, NLnet Labs. All rights reserved. - * + * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -65,6 +65,7 @@ #include "sldns/wire2str.h" #include "sldns/str2wire.h" #include "daemon/remote.h" +#include "util/timeval_func.h" #include struct worker; struct daemon_remote; @@ -95,21 +96,7 @@ struct fake_commpoint { /** Global variable: the scenario. Saved here for when event_init is done. */ static struct replay_scenario* saved_scenario = NULL; -/** add timers and the values do not overflow or become negative */ -static void -timeval_add(struct timeval* d, const struct timeval* add) -{ -#ifndef S_SPLINT_S - d->tv_sec += add->tv_sec; - d->tv_usec += add->tv_usec; - if(d->tv_usec >= 1000000) { - d->tv_usec -= 1000000; - d->tv_sec++; - } -#endif -} - -void +void fake_temp_file(const char* adj, const char* id, char* buf, size_t len) { #ifdef USE_WINSOCK @@ -121,13 +108,13 @@ fake_temp_file(const char* adj, const char* id, char* buf, size_t len) #endif } -void +void fake_event_init(struct replay_scenario* scen) { saved_scenario = scen; } -void +void fake_event_cleanup(void) { replay_scenario_delete(saved_scenario); @@ -172,7 +159,7 @@ repevt_string(enum replay_event_type t) } /** delete a fake pending */ -static void +static void delete_fake_pending(struct fake_pending* pend) { if(!pend) @@ -200,8 +187,8 @@ delete_replay_answer(struct replay_answer* a) /** * return: true if pending query matches the now event. */ -static int -pending_matches_current(struct replay_runtime* runtime, +static int +pending_matches_current(struct replay_runtime* runtime, struct entry** entry, struct fake_pending **pend) { struct fake_pending* p; @@ -233,7 +220,7 @@ pending_matches_current(struct replay_runtime* runtime, * @return: true if a match is found. */ static int -pending_find_match(struct replay_runtime* runtime, struct entry** entry, +pending_find_match(struct replay_runtime* runtime, struct entry** entry, struct fake_pending* pend) { int timenow = runtime->now->time_step; @@ -245,7 +232,7 @@ pending_find_match(struct replay_runtime* runtime, struct entry** entry, (*entry = find_match(p->match, pend->pkt, pend->pkt_len, pend->transport))) { log_info("matched query time %d in range [%d, %d] " - "with entry line %d", timenow, + "with entry line %d", timenow, p->start_step, p->end_step, (*entry)->lineno); if(p->addrlen != 0) log_addr(0, "matched ip", &p->addr, p->addrlen); @@ -266,8 +253,8 @@ pending_find_match(struct replay_runtime* runtime, struct entry** entry, * @param pend: if true, the outgoing message that matches is returned. * @return: true if pending query matches the now event. */ -static int -pending_matches_range(struct replay_runtime* runtime, +static int +pending_matches_range(struct replay_runtime* runtime, struct entry** entry, struct fake_pending** pend) { struct fake_pending* p = runtime->pending_list; @@ -405,9 +392,9 @@ answer_callback_from_entry(struct replay_runtime* runtime, static void answer_check_it(struct replay_runtime* runtime) { - struct replay_answer* ans = runtime->answer_list, + struct replay_answer* ans = runtime->answer_list, *prev = NULL; - log_assert(runtime && runtime->now && + log_assert(runtime && runtime->now && runtime->now->evt_type == repevt_front_reply); while(ans) { enum transport_type tr = transport_tcp; @@ -420,7 +407,7 @@ answer_check_it(struct replay_runtime* runtime) ans->pkt_len, tr)) { log_info("testbound matched event entry from line %d", runtime->now->match->lineno); - log_info("testbound: do STEP %d %s", + log_info("testbound: do STEP %d %s", runtime->now->time_step, repevt_string(runtime->now->evt_type)); if(prev) @@ -474,7 +461,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo) log_pkt("query pkt", todo->match->reply_list->reply_pkt, todo->match->reply_list->reply_len); /* call the callback for incoming queries */ - if((*runtime->callback_query)(repinfo.c, runtime->cb_arg, + if((*runtime->callback_query)(repinfo.c, runtime->cb_arg, NETEVENT_NOERROR, &repinfo)) { /* send immediate reply */ comm_point_send_reply(&repinfo); @@ -487,7 +474,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo) * Perform callback for fake pending message. */ static void -fake_pending_callback(struct replay_runtime* runtime, +fake_pending_callback(struct replay_runtime* runtime, struct replay_moment* todo, int error) { struct fake_pending* p = runtime->pending_list; @@ -566,7 +553,7 @@ time_passes(struct replay_runtime* runtime, struct replay_moment* mom) timeval_add(&runtime->now_tv, &tv); runtime->now_secs = (time_t)runtime->now_tv.tv_sec; #ifndef S_SPLINT_S - log_info("elapsed %d.%6.6d now %d.%6.6d", + log_info("elapsed %d.%6.6d now %d.%6.6d", (int)tv.tv_sec, (int)tv.tv_usec, (int)runtime->now_tv.tv_sec, (int)runtime->now_tv.tv_usec); #endif @@ -603,7 +590,7 @@ autotrust_check(struct replay_runtime* runtime, struct replay_moment* mom) } strip_end_white(line); expanded = macro_process(runtime->vars, runtime, p->str); - if(!expanded) + if(!expanded) fatal_exit("could not expand macro line %d", lineno); if(verbosity >= 7 && strcmp(p->str, expanded) != 0) log_info("expanded '%s' to '%s'", p->str, expanded); @@ -656,7 +643,7 @@ tempfile_check(struct replay_runtime* runtime, struct replay_moment* mom) } strip_end_white(line); expanded = macro_process(runtime->vars, runtime, p->str); - if(!expanded) + if(!expanded) fatal_exit("could not expand macro line %d", lineno); if(verbosity >= 7 && strcmp(p->str, expanded) != 0) log_info("expanded '%s' to '%s'", p->str, expanded); @@ -746,7 +733,7 @@ do_moment_and_advance(struct replay_runtime* runtime) advance_moment(runtime); return; } - log_info("testbound: do STEP %d %s", runtime->now->time_step, + log_info("testbound: do STEP %d %s", runtime->now->time_step, repevt_string(runtime->now->evt_type)); switch(runtime->now->evt_type) { case repevt_nothing: @@ -761,7 +748,7 @@ do_moment_and_advance(struct replay_runtime* runtime) fake_front_query(runtime, mom); break; case repevt_front_reply: - if(runtime->answer_list) + if(runtime->answer_list) log_err("testbound: There are unmatched answers."); fatal_exit("testbound: query answer not matched"); break; @@ -810,7 +797,7 @@ do_moment_and_advance(struct replay_runtime* runtime) advance_moment(runtime); break; default: - fatal_exit("testbound: unknown event type %d", + fatal_exit("testbound: unknown event type %d", runtime->now->evt_type); } } @@ -831,15 +818,15 @@ run_scenario(struct replay_runtime* runtime) /* else if precoded_range matches pending, do it */ /* else do the current moment */ if(pending_matches_current(runtime, &entry, &pending)) { - log_info("testbound: do STEP %d CHECK_OUT_QUERY", + log_info("testbound: do STEP %d CHECK_OUT_QUERY", runtime->now->time_step); advance_moment(runtime); if(entry->copy_id) - answer_callback_from_entry(runtime, entry, + answer_callback_from_entry(runtime, entry, pending); - } else if(runtime->answer_list && runtime->now && + } else if(runtime->answer_list && runtime->now && runtime->now->evt_type == repevt_front_reply) { - answer_check_it(runtime); + answer_check_it(runtime); advance_moment(runtime); } else if(pending_matches_range(runtime, &entry, &pending)) { answer_callback_from_entry(runtime, entry, pending); @@ -870,7 +857,7 @@ run_scenario(struct replay_runtime* runtime) /*********** Dummy routines ***********/ -struct listen_dnsport* +struct listen_dnsport* listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports), size_t bufsize, int ATTR_UNUSED(tcp_accept_count), int ATTR_UNUSED(tcp_idle_timeout), @@ -898,7 +885,7 @@ listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports), return l; } -void +void listen_delete(struct listen_dnsport* listen) { if(!listen) @@ -907,7 +894,7 @@ listen_delete(struct listen_dnsport* listen) free(listen); } -struct comm_base* +struct comm_base* comm_base_create(int ATTR_UNUSED(sigs)) { /* we return the runtime structure instead. */ @@ -921,7 +908,7 @@ comm_base_create(int ATTR_UNUSED(sigs)) return (struct comm_base*)runtime; } -void +void comm_base_delete(struct comm_base* b) { struct replay_runtime* runtime = (struct replay_runtime*)b; @@ -961,7 +948,7 @@ comm_base_timept(struct comm_base* b, time_t** tt, struct timeval** tv) *tv = &runtime->now_tv; } -void +void comm_base_dispatch(struct comm_base* b) { struct replay_runtime* runtime = (struct replay_runtime*)b; @@ -971,7 +958,7 @@ comm_base_dispatch(struct comm_base* b) else exit(0); /* OK exit when LIBEVENT_SIGNAL_PROBLEM exists */ } -void +void comm_base_exit(struct comm_base* b) { struct replay_runtime* runtime = (struct replay_runtime*)b; @@ -981,7 +968,7 @@ comm_base_exit(struct comm_base* b) } } -struct comm_signal* +struct comm_signal* comm_signal_create(struct comm_base* base, void (*callback)(int, void*), void* cb_arg) { @@ -991,20 +978,20 @@ comm_signal_create(struct comm_base* base, return calloc(1, sizeof(struct comm_signal)); } -int -comm_signal_bind(struct comm_signal* ATTR_UNUSED(comsig), int +int +comm_signal_bind(struct comm_signal* ATTR_UNUSED(comsig), int ATTR_UNUSED(sig)) { return 1; } -void +void comm_signal_delete(struct comm_signal* comsig) { free(comsig); } -void +void comm_point_send_reply(struct comm_reply* repinfo) { struct replay_answer* ans = (struct replay_answer*)calloc(1, @@ -1028,7 +1015,7 @@ comm_point_send_reply(struct comm_reply* repinfo) log_pkt("reply pkt: ", ans->pkt, ans->pkt_len); } -void +void comm_point_drop_reply(struct comm_reply* repinfo) { log_info("comm_point_drop_reply fake"); @@ -1038,14 +1025,14 @@ comm_point_drop_reply(struct comm_reply* repinfo) } } -struct outside_network* -outside_network_create(struct comm_base* base, size_t bufsize, - size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), - int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), - int ATTR_UNUSED(do_ip6), size_t ATTR_UNUSED(num_tcp), +struct outside_network* +outside_network_create(struct comm_base* base, size_t bufsize, + size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), + int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), + int ATTR_UNUSED(do_ip6), size_t ATTR_UNUSED(num_tcp), int ATTR_UNUSED(dscp), struct infra_cache* infra, - struct ub_randstate* ATTR_UNUSED(rnd), + struct ub_randstate* ATTR_UNUSED(rnd), int ATTR_UNUSED(use_caps_for_id), int* ATTR_UNUSED(availports), int ATTR_UNUSED(numavailports), size_t ATTR_UNUSED(unwanted_threshold), int ATTR_UNUSED(outgoing_tcp_mss), @@ -1057,7 +1044,7 @@ outside_network_create(struct comm_base* base, size_t bufsize, int ATTR_UNUSED(tcp_auth_query_timeout)) { struct replay_runtime* runtime = (struct replay_runtime*)base; - struct outside_network* outnet = calloc(1, + struct outside_network* outnet = calloc(1, sizeof(struct outside_network)); (void)unwanted_action; if(!outnet) @@ -1072,7 +1059,7 @@ outside_network_create(struct comm_base* base, size_t bufsize, return outnet; } -void +void outside_network_delete(struct outside_network* outnet) { if(!outnet) @@ -1081,12 +1068,12 @@ outside_network_delete(struct outside_network* outnet) free(outnet); } -void +void outside_network_quit_prepare(struct outside_network* ATTR_UNUSED(outnet)) { } -struct pending* +struct pending* pending_udp_query(struct serviced_query* sq, sldns_buffer* packet, int timeout, comm_point_callback_type* callback, void* callback_arg) { @@ -1128,7 +1115,7 @@ pending_udp_query(struct serviced_query* sq, sldns_buffer* packet, repevt_string(runtime->now->evt_type)); advance_moment(runtime); /* still create the pending, because we need it to callback */ - } + } log_info("testbound: created fake pending"); /* add to list */ pend->next = runtime->pending_list; @@ -1178,7 +1165,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, repevt_string(runtime->now->evt_type)); advance_moment(runtime); /* still create the pending, because we need it to callback */ - } + } log_info("testbound: created fake pending"); /* add to list */ pend->next = runtime->pending_list; @@ -1202,10 +1189,10 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, sizeof(struct fake_pending)); char z[256]; log_assert(pend); - log_nametypeclass(VERB_OPS, "pending serviced query", + log_nametypeclass(VERB_OPS, "pending serviced query", qinfo->qname, qinfo->qtype, qinfo->qclass); dname_str(zone, z); - verbose(VERB_OPS, "pending serviced query zone %s flags%s%s%s%s", + verbose(VERB_OPS, "pending serviced query zone %s flags%s%s%s%s", z, (flags&BIT_RD)?" RD":"", (flags&BIT_CD)?" CD":"", (flags&~(BIT_RD|BIT_CD))?" MORE":"", (dnssec)?" DO":""); @@ -1301,7 +1288,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, repevt_string(runtime->now->evt_type)); advance_moment(runtime); /* still create the pending, because we need it to callback */ - } + } log_info("testbound: created fake pending"); /* add to list */ pend->next = runtime->pending_list; @@ -1356,7 +1343,7 @@ void listening_ports_free(struct listen_port* list) struct comm_point* comm_point_create_local(struct comm_base* ATTR_UNUSED(base), int ATTR_UNUSED(fd), size_t ATTR_UNUSED(bufsize), - comm_point_callback_type* ATTR_UNUSED(callback), + comm_point_callback_type* ATTR_UNUSED(callback), void* ATTR_UNUSED(callback_arg)) { struct fake_commpoint* fc = (struct fake_commpoint*)calloc(1, @@ -1368,7 +1355,7 @@ struct comm_point* comm_point_create_local(struct comm_base* ATTR_UNUSED(base), struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base), int ATTR_UNUSED(fd), int ATTR_UNUSED(writing), - comm_point_callback_type* ATTR_UNUSED(callback), + comm_point_callback_type* ATTR_UNUSED(callback), void* ATTR_UNUSED(callback_arg)) { /* no pipe comm possible */ @@ -1379,7 +1366,7 @@ struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base), return (struct comm_point*)fc; } -void comm_point_start_listening(struct comm_point* ATTR_UNUSED(c), +void comm_point_start_listening(struct comm_point* ATTR_UNUSED(c), int ATTR_UNUSED(newfd), int ATTR_UNUSED(sec)) { /* no bg write pipe comm possible */ @@ -1424,7 +1411,7 @@ size_t serviced_get_mem(struct serviced_query* ATTR_UNUSED(c)) } /* fake for fptr wlist */ -int outnet_udp_cb(struct comm_point* ATTR_UNUSED(c), +int outnet_udp_cb(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply *ATTR_UNUSED(reply_info)) { @@ -1432,7 +1419,7 @@ int outnet_udp_cb(struct comm_point* ATTR_UNUSED(c), return 0; } -int outnet_tcp_cb(struct comm_point* ATTR_UNUSED(c), +int outnet_tcp_cb(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply *ATTR_UNUSED(reply_info)) { @@ -1460,67 +1447,67 @@ void outnet_tcptimer(void* ATTR_UNUSED(arg)) log_assert(0); } -void comm_point_udp_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), +void comm_point_udp_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_udp_ancil_callback(int ATTR_UNUSED(fd), +void comm_point_udp_ancil_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_tcp_accept_callback(int ATTR_UNUSED(fd), +void comm_point_tcp_accept_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_tcp_handle_callback(int ATTR_UNUSED(fd), +void comm_point_tcp_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_timer_callback(int ATTR_UNUSED(fd), +void comm_timer_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_signal_callback(int ATTR_UNUSED(fd), +void comm_signal_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_http_handle_callback(int ATTR_UNUSED(fd), +void comm_point_http_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_local_handle_callback(int ATTR_UNUSED(fd), +void comm_point_local_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), +void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), +void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -int serviced_udp_callback(struct comm_point* ATTR_UNUSED(c), +int serviced_udp_callback(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) { @@ -1528,7 +1515,7 @@ int serviced_udp_callback(struct comm_point* ATTR_UNUSED(c), return 0; } -int serviced_tcp_callback(struct comm_point* ATTR_UNUSED(c), +int serviced_tcp_callback(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) { @@ -1561,7 +1548,7 @@ int reuse_id_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) } /* timers in testbound for autotrust. statistics tested in tdir. */ -struct comm_timer* comm_timer_create(struct comm_base* base, +struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) { struct replay_runtime* runtime = (struct replay_runtime*)base; @@ -1589,7 +1576,7 @@ void comm_timer_set(struct comm_timer* timer, struct timeval* tv) struct fake_timer* t = (struct fake_timer*)timer; t->enabled = 1; t->tv = *tv; - log_info("fake timer set %d.%6.6d", + log_info("fake timer set %d.%6.6d", (int)t->tv.tv_sec, (int)t->tv.tv_usec); timeval_add(&t->tv, &t->runtime->now_tv); } diff --git a/testcode/lock_verify.c b/testcode/lock_verify.c index b0cffe292..0958ff0ba 100644 --- a/testcode/lock_verify.c +++ b/testcode/lock_verify.c @@ -177,6 +177,8 @@ static int readup_str(char** str, FILE* in) } buf[len] = 0; *str = strdup(buf); + if(!*str) + fatal_exit("strdup failed: out of memory"); return 1; } diff --git a/testcode/perf.c b/testcode/perf.c index 7fb524e22..2be86c4bf 100644 --- a/testcode/perf.c +++ b/testcode/perf.c @@ -458,9 +458,17 @@ qlist_parse_line(sldns_buffer* buf, char* p) if(strcmp(tp, "IN") == 0 || strcmp(tp, "CH") == 0) { qinfo.qtype = sldns_get_rr_type_by_name(cl); qinfo.qclass = sldns_get_rr_class_by_name(tp); + if((qinfo.qtype == 0 && strcmp(cl, "TYPE0") != 0) || + (qinfo.qclass == 0 && strcmp(tp, "CLASS0") != 0)) { + return 0; + } } else { qinfo.qtype = sldns_get_rr_type_by_name(tp); qinfo.qclass = sldns_get_rr_class_by_name(cl); + if((qinfo.qtype == 0 && strcmp(tp, "TYPE0") != 0) || + (qinfo.qclass == 0 && strcmp(cl, "CLASS0") != 0)) { + return 0; + } } if(fl[0] == '+') rec = 1; else if(fl[0] == '-') rec = 0; diff --git a/testcode/replay.c b/testcode/replay.c index 43101d6ac..f896a5512 100644 --- a/testcode/replay.c +++ b/testcode/replay.c @@ -2,24 +2,24 @@ * testcode/replay.c - store and use a replay of events for the DNS resolver. * * Copyright (c) 2007, NLnet Labs. All rights reserved. - * + * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -51,6 +51,7 @@ #include "testcode/testpkts.h" #include "testcode/fake_event.h" #include "sldns/str2wire.h" +#include "util/timeval_func.h" /** max length of lines in file */ #define MAX_LINE_LEN 10240 @@ -59,35 +60,19 @@ * Expand a macro * @param store: value storage * @param runtime: replay runtime for other stuff. - * @param text: the macro text, after the ${, Updated to after the } when + * @param text: the macro text, after the ${, Updated to after the } when * done (successfully). * @return expanded text, malloced. NULL on failure. */ -static char* macro_expand(rbtree_type* store, +static char* macro_expand(rbtree_type* store, struct replay_runtime* runtime, char** text); -/** compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - -/** parse keyword in string. +/** parse keyword in string. * @param line: if found, the line is advanced to after the keyword. * @param keyword: string. - * @return: true if found, false if not. + * @return: true if found, false if not. */ -static int +static int parse_keyword(char** line, const char* keyword) { size_t len = (size_t)strlen(keyword); @@ -135,8 +120,8 @@ strip_end_white(char* p) } } -/** - * Read a range from file. +/** + * Read a range from file. * @param remain: Rest of line (after RANGE keyword). * @param in: file to read from. * @param name: name to print in errors. @@ -181,7 +166,7 @@ replay_range_read(char* remain, FILE* in, const char* name, strip_end_white(parse); if(!extstrtoaddr(parse, &rng->addr, &rng->addrlen, UNBOUND_DNS_PORT)) { - log_err("Line %d: could not read ADDRESS: %s", + log_err("Line %d: could not read ADDRESS: %s", pstate->lineno, parse); free(rng); return NULL; @@ -255,8 +240,8 @@ read_assign_step(char* remain, struct replay_moment* mom) fatal_exit("out of memory"); } -/** - * Read a replay moment 'STEP' from file. +/** + * Read a replay moment 'STEP' from file. * @param remain: Rest of line (after STEP keyword). * @param in: file to read from. * @param name: name to print in errors. @@ -376,18 +361,18 @@ replay_moment_read(char* remain, FILE* in, const char* name, strip_end_white(remain); if(!extstrtoaddr(remain, &mom->addr, &mom->addrlen, UNBOUND_DNS_PORT)) { - log_err("line %d: could not parse ADDRESS: %s", + log_err("line %d: could not parse ADDRESS: %s", pstate->lineno, remain); free(mom); return NULL; } - } + } if(parse_keyword(&remain, "ELAPSE")) { double sec; errno = 0; sec = strtod(remain, &remain); if(sec == 0. && errno != 0) { - log_err("line %d: could not parse ELAPSE: %s (%s)", + log_err("line %d: could not parse ELAPSE: %s (%s)", pstate->lineno, remain, strerror(errno)); free(mom); return NULL; @@ -397,7 +382,7 @@ replay_moment_read(char* remain, FILE* in, const char* name, mom->elapse.tv_usec = (int)((sec - (double)mom->elapse.tv_sec) *1000000. + 0.5); #endif - } + } if(readentry) { mom->match = read_entry(in, name, pstate, 1); @@ -433,7 +418,7 @@ make_scenario(char* line) return scen; } -struct replay_scenario* +struct replay_scenario* replay_scenario_read(FILE* in, const char* name, int* lineno) { char line[MAX_LINE_LEN]; @@ -451,7 +436,7 @@ replay_scenario_read(FILE* in, const char* name, int* lineno) (*lineno)++; while(isspace((unsigned char)*parse)) parse++; - if(!*parse) + if(!*parse) continue; /* empty line */ if(parse_keyword(&parse, ";")) continue; /* comment */ @@ -462,11 +447,11 @@ replay_scenario_read(FILE* in, const char* name, int* lineno) if(!scen) fatal_exit("%d: could not make scen", *lineno); continue; - } + } if(!scen) fatal_exit("%d: expected SCENARIO", *lineno); if(parse_keyword(&parse, "RANGE_BEGIN")) { - struct replay_range* newr = replay_range_read(parse, + struct replay_range* newr = replay_range_read(parse, in, name, &pstate, line); if(!newr) fatal_exit("%d: bad range", pstate.lineno); @@ -474,12 +459,12 @@ replay_scenario_read(FILE* in, const char* name, int* lineno) newr->next_range = scen->range_list; scen->range_list = newr; } else if(parse_keyword(&parse, "STEP")) { - struct replay_moment* mom = replay_moment_read(parse, + struct replay_moment* mom = replay_moment_read(parse, in, name, &pstate); if(!mom) fatal_exit("%d: bad moment", pstate.lineno); *lineno = pstate.lineno; - if(scen->mom_last && + if(scen->mom_last && scen->mom_last->time_step >= mom->time_step) fatal_exit("%d: time goes backwards", *lineno); if(scen->mom_last) @@ -502,7 +487,7 @@ replay_scenario_read(FILE* in, const char* name, int* lineno) return NULL; } -void +void replay_scenario_delete(struct replay_scenario* scen) { struct replay_moment* mom, *momn; @@ -630,7 +615,7 @@ do_macro_recursion(rbtree_type* store, struct replay_runtime* runtime, { char* after = at+2; char* expand = macro_expand(store, runtime, &after); - if(!expand) + if(!expand) return NULL; /* expansion failed */ if(!do_buf_insert(at, remain, after, expand)) { free(expand); @@ -665,7 +650,7 @@ do_macro_variable(rbtree_type* store, char* buf, size_t remain) } /* terminator, we are working in macro_expand() buffer */ sv = *at; - *at = 0; + *at = 0; v = macro_getvar(store, name); *at = sv; @@ -816,7 +801,7 @@ macro_expand(rbtree_type* store, struct replay_runtime* runtime, char** text) time_t res = 0; if(runtime) { struct fake_timer* t = first_timer(runtime); - if(t && (time_t)t->tv.tv_sec >= runtime->now_secs) + if(t && (time_t)t->tv.tv_sec >= runtime->now_secs) res = (time_t)t->tv.tv_sec - runtime->now_secs; } snprintf(buf, sizeof(buf), ARG_LL "d", (long long)res); @@ -855,9 +840,9 @@ macro_expand(rbtree_type* store, struct replay_runtime* runtime, char** text) if(dofunc) { /* post process functions, buf has the argument(s) */ if(strncmp(buf, "ctime", 5) == 0) { - return do_macro_ctime(buf+6); + return do_macro_ctime(buf+6); } else if(strncmp(buf, "range", 5) == 0) { - return do_macro_range(buf+6); + return do_macro_range(buf+6); } } return strdup(buf); @@ -891,7 +876,7 @@ macro_process(rbtree_type* store, struct replay_runtime* runtime, char* text) return strdup(buf); } -char* +char* macro_lookup(rbtree_type* store, char* name) { struct replay_var* x = macro_getvar(store, name); @@ -907,7 +892,7 @@ void macro_print_debug(rbtree_type* store) } } -int +int macro_assign(rbtree_type* store, char* name, char* value) { struct replay_var* x = macro_getvar(store, name); diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index b2c0d5328..84d2b65f6 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -132,7 +132,15 @@ write_q(int fd, int udp, SSL* ssl, sldns_buffer* buf, uint16_t id, /* qtype and qclass */ qinfo.qtype = sldns_get_rr_type_by_name(strtype); + if(qinfo.qtype == 0 && strcmp(strtype, "TYPE0") != 0) { + printf("cannot parse query type: '%s'\n", strtype); + exit(1); + } qinfo.qclass = sldns_get_rr_class_by_name(strclass); + if(qinfo.qclass == 0 && strcmp(strclass, "CLASS0") != 0) { + printf("cannot parse query class: '%s'\n", strclass); + exit(1); + } /* clear local alias */ qinfo.local_alias = NULL; @@ -371,15 +379,19 @@ static void send_em(const char* svr, const char* pp2_client, int udp, int usessl, int noanswer, int onarrival, int delay, int num, char** qs) { - sldns_buffer* buf = sldns_buffer_new(65553); - sldns_buffer* proxy_buf = sldns_buffer_new(65553); struct sockaddr_storage svr_addr; socklen_t svr_addrlen; int fd = open_svr(svr, udp, &svr_addr, &svr_addrlen); int i, wait_results = 0, pp2_parsed; SSL_CTX* ctx = NULL; SSL* ssl = NULL; - if(!buf) fatal_exit("out of memory"); + sldns_buffer* buf = sldns_buffer_new(65553); + sldns_buffer* proxy_buf = sldns_buffer_new(65553); + if(!buf || !proxy_buf) { + sldns_buffer_free(buf); + sldns_buffer_free(proxy_buf); + fatal_exit("out of memory"); + } pp2_parsed = parse_pp2_client(pp2_client, udp, proxy_buf); if(usessl) { ctx = connect_sslctx_create(NULL, NULL, NULL, 0); diff --git a/testcode/unitlruhash.c b/testcode/unitlruhash.c index e196f0b63..3c66d7583 100644 --- a/testcode/unitlruhash.c +++ b/testcode/unitlruhash.c @@ -94,7 +94,7 @@ test_bin_find_entry(struct lruhash* table) bin_overflow_remove(&bin, &k->entry); /* find in empty list */ - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == NULL ); /* insert */ lock_quick_lock(&bin.lock); @@ -102,20 +102,20 @@ test_bin_find_entry(struct lruhash* table) lock_quick_unlock(&bin.lock); /* find, hash not OK. */ - unit_assert( bin_find_entry(table, &bin, myhash(13), k) == NULL ); + unit_assert( bin_find_entry(table, &bin, myhash(13), k, NULL) == NULL ); /* find, hash OK, but cmp not */ unit_assert( k->entry.hash == k2->entry.hash ); - unit_assert( bin_find_entry(table, &bin, h, k2) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k2, NULL) == NULL ); /* find, hash OK, and cmp too */ - unit_assert( bin_find_entry(table, &bin, h, k) == &k->entry ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == &k->entry ); /* remove the element */ lock_quick_lock(&bin.lock); bin_overflow_remove(&bin, &k->entry); lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == NULL ); /* prepend two different elements; so the list is long */ /* one has the same hash, but different cmp */ @@ -127,28 +127,28 @@ test_bin_find_entry(struct lruhash* table) lock_quick_unlock(&bin.lock); /* find, hash not OK. */ - unit_assert( bin_find_entry(table, &bin, myhash(13), k) == NULL ); + unit_assert( bin_find_entry(table, &bin, myhash(13), k, NULL) == NULL ); /* find, hash OK, but cmp not */ unit_assert( k->entry.hash == k2->entry.hash ); - unit_assert( bin_find_entry(table, &bin, h, k2) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k2, NULL) == NULL ); /* find, hash OK, and cmp too */ - unit_assert( bin_find_entry(table, &bin, h, k) == &k->entry ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == &k->entry ); /* remove middle element */ - unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4) + unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4, NULL) == &k4->entry ); lock_quick_lock(&bin.lock); bin_overflow_remove(&bin, &k4->entry); lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4) == NULL); + unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4, NULL) == NULL); /* remove last element */ lock_quick_lock(&bin.lock); bin_overflow_remove(&bin, &k->entry); lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == NULL ); lock_quick_destroy(&bin.lock); delkey(k); diff --git a/testdata/00-lint.tdir/00-lint.dsc b/testdata/00-lint.tdir/00-lint.dsc index 4778f7a81..814a53717 100644 --- a/testdata/00-lint.tdir/00-lint.dsc +++ b/testdata/00-lint.tdir/00-lint.dsc @@ -3,14 +3,14 @@ Version: 1.0 Description: Put source into lint. CreationDate: Wed Jan 3 14:12:02 CET 2007 Maintainer: dr. W.C.A. Wijngaards -Category: +Category: Component: -CmdDepends: -Depends: +CmdDepends: +Depends: Help: -Pre: +Pre: 00-lint.pre Post: Test: 00-lint.test -AuxFiles: +AuxFiles: Passed: Failure: diff --git a/testdata/00-lint.tdir/00-lint.pre b/testdata/00-lint.tdir/00-lint.pre new file mode 100644 index 000000000..507f5e1e9 --- /dev/null +++ b/testdata/00-lint.tdir/00-lint.pre @@ -0,0 +1,14 @@ +# #-- 00-lint.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." + +if test -f $PRE/unbound_test_00-lint ; then + echo test enabled +else + skip_test "test skipped; clang linter preferred over splint" +fi diff --git a/testdata/09-unbound-control.tdir/09-unbound-control.conf b/testdata/09-unbound-control.tdir/09-unbound-control.conf index ba55e34e8..227d56075 100644 --- a/testdata/09-unbound-control.tdir/09-unbound-control.conf +++ b/testdata/09-unbound-control.tdir/09-unbound-control.conf @@ -1,6 +1,6 @@ server: verbosity: 2 - # num-threads: 1 + num-threads: 1 interface: 127.0.0.1 port: @PORT@ use-syslog: no @@ -9,6 +9,10 @@ server: chroot: "" username: "" do-not-query-localhost: no + access-control: 127.0.0.1 allow_snoop + msg-cache-size: 4m + rrset-cache-size: 4m + minimal-responses: yes remote-control: control-enable: yes control-interface: 127.0.0.1 @@ -21,4 +25,3 @@ remote-control: forward-zone: name: "." forward-addr: "127.0.0.1@@TOPORT@" - diff --git a/testdata/09-unbound-control.tdir/09-unbound-control.test b/testdata/09-unbound-control.tdir/09-unbound-control.test index f683bf417..0ef679b3f 100644 --- a/testdata/09-unbound-control.tdir/09-unbound-control.test +++ b/testdata/09-unbound-control.tdir/09-unbound-control.test @@ -5,364 +5,317 @@ [ -f .tpkg.var.test ] && source .tpkg.var.test PRE="../.." +. ../common.sh -# exit value is 1 on usage -$PRE/unbound-control -h -if test $? -ne 1; then - echo "wrong exit value for usage." - exit 1 -else - echo "exit value for usage: OK" -fi +# End the test +# $1: exit value +end () { + echo "> cat logfiles" + cat fwd.log + cat unbound.log + exit $1 +} + +# Expect a given exit value of the previous command +# $1: the expected exit value +# $2: optional text to print when failing +expect_exit_value () { + if test $? -ne $1; then + if test -z "$2"; then + if test $1 -eq 1; then + msg="on error" + else + msg="after success" + fi + else + msg="$2" + fi + echo "wrong exit value $msg" + end 1 + fi +} + +# Helper function for quering +# $@: at least the domain name to query and optional dig arguments +query () { + echo "> dig $@" + dig @127.0.0.1 -p $UNBOUND_PORT $@ | tee outfile +} + +# Expect something in the answer +# $1: expected regular expression +expect_answer () { + echo "> check answer for \"$1\"" + if grep "$1" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + +# Fail the test for unexpected answers +# $1: unexpected regular expression +fail_answer () { + echo "> \"$1\" should not be in answer" + if grep "$1" outfile; then + echo "Not OK" + end 1 + else + echo "OK" + fi +} + +# Issue an unbound-control command +# $@: command arguments +control_command () { + echo "$PRE/unbound-control $@" + $PRE/unbound-control $@ > outfile +} + +# Dump the cache contents +# $@: optional options to unbound-control +cache_dump () { + echo "$PRE/unbound-control $@ dump_cache > cache.dump" + $PRE/unbound-control $@ dump_cache > cache.dump +} + +# Load cache contents +# $@: optional options to unbound-control +cache_load () { + echo "$PRE/unbound-control $@ load_cache < cache.dump" + $PRE/unbound-control $@ load_cache < cache.dump +} + +# Expect an entry in the cache dump +# $1: expected regular expression +expect_in_cache_dump () { + echo "> check cache dump for \"$1\"" + if grep "$1" cache.dump; then + echo "OK cache dump" + else + echo "Not OK cache dump" + end 1 + fi +} + +# Fail the test for unexpected entry in the cache dump +# $1: unexpected regular expression +fail_in_cache_dump () { + echo "> \"$1\" should not be in cache dump" + if grep "$1" cache.dump; then + echo "Not OK cache dump" + end 1 + else + echo "OK cache dump" + fi +} + +# start the test +cp ub.conf main.conf + +teststep "exit value is 1 on usage" +control_command -h +expect_exit_value 1 "for usage" # use lock-verify if possible -# test if the server is up. -echo "> dig www.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -echo "> check answer" -if grep "10.20.30.40" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi +teststep "test if the server is up" +query www.example.com. +expect_answer "10.20.30.40" -# exit value is 1 when a bad command is given. -echo "$PRE/unbound-control -c ub.conf blablargh" -$PRE/unbound-control -c ub.conf blablargh -if test $? -ne 1; then - echo "wrong exit value on error." - echo "> cat logfiles" - cat fwd.log - cat unbound.lo - exit 1 -else - echo "correct exit value on error" -fi +teststep "exit value is 1 when a bad command is given" +control_command -c ub.conf blablargh +expect_exit_value 1 # reload the server. test if the server came up by putting a new # local-data element in the server. +teststep "reload the server" echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf -echo "$PRE/unbound-control -c ub.conf reload" -$PRE/unbound-control -c ub.conf reload -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi +control_command -c ub.conf reload +expect_exit_value 0 +query afterreload. +expect_answer "5.6.7.8" -echo "> dig afterreload." -dig @127.0.0.1 -p $UNBOUND_PORT afterreload. | tee outfile -echo "> check answer" -if grep "5.6.7.8" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi +teststep "must have had at least 1 query since reload" +control_command -c ub.conf stats +expect_exit_value 0 +expect_answer "^total.num.queries=[1-9][0-9]*$" -# must have had queries now. 1 since reload. -echo "$PRE/unbound-control -c ub.conf stats" -$PRE/unbound-control -c ub.conf stats > tmp.$$ -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -if grep "^total.num.queries=[1-9][0-9]*$" tmp.$$; then - echo "OK" -else - echo "bad stats" - cat tmp.$$ - exit 1 -fi +teststep "check verbosity" +control_command -c ub.conf verbosity 2 +expect_exit_value 0 -# verbosity -echo "$PRE/unbound-control -c ub.conf verbosity 2" -$PRE/unbound-control -c ub.conf verbosity 2 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi +teststep "check syntax error in parse" +control_command -c ub.conf verbosity jkdf +expect_exit_value 1 -# check syntax error in parse -echo "$PRE/unbound-control -c ub.conf verbosity jkdf" -$PRE/unbound-control -c ub.conf verbosity jkdf -if test $? -ne 1; then - echo "wrong exit value after failure" - exit 1 -fi - -# check bad credentials +teststep "check bad credentials" cp ub.conf bad.conf -echo "remote-control:" >> bad.conf -echo " server-key-file: bad_server.key" >> bad.conf -echo " server-cert-file: bad_server.pem" >> bad.conf -echo " control-key-file: bad_control.key" >> bad.conf -echo " control-cert-file: bad_control.pem" >> bad.conf -echo "$PRE/unbound-control -c bad.conf verbosity 2" -$PRE/unbound-control -c bad.conf verbosity 2 -if test $? -ne 1; then - echo "wrong exit value after failure" - exit 1 -fi +cat conf.bad_credentials >> bad.conf +control_command -c bad.conf verbosity 2 +expect_exit_value 1 -# check spoofedclient credentials +teststep "check spoofed client credentials" rm -f bad.conf cp ub.conf bad.conf -echo "remote-control:" >> bad.conf -echo " server-key-file: unbound_server.key" >> bad.conf -echo " server-cert-file: unbound_server.pem" >> bad.conf -echo " control-key-file: bad_control.key" >> bad.conf -echo " control-cert-file: bad_control.pem" >> bad.conf -echo "$PRE/unbound-control -c bad.conf verbosity 2" -$PRE/unbound-control -c bad.conf verbosity 2 -if test $? -ne 1; then - echo "wrong exit value after failure" - exit 1 -fi +cat conf.spoofed_credentials >> bad.conf +control_command -c bad.conf verbosity 2 +expect_exit_value 1 -# create a new local zone -echo "> test of local zone" -echo "$PRE/unbound-control -c ub.conf local_zone example.net static" -$PRE/unbound-control -c ub.conf local_zone example.net static -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1" -$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi +teststep "create a new local zone" +control_command -c ub.conf local_zone example.net static +expect_exit_value 0 +control_command -c ub.conf local_data www.example.net A 192.0.2.1 +expect_exit_value 0 -# check that www.example.net exists -echo "> dig www.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile -echo "> check answer" -if grep "192.0.2.1" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi +teststep "check that www.example.net exists" +query www.example.net. +expect_answer "192.0.2.1" -# check that mail.example.net has nxdomain -echo "> dig mail.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT mail.example.net. | tee outfile -echo "> check answer" -if grep "NXDOMAIN" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi +teststep "check that mail.example.net has nxdomain" +query mail.example.net. +expect_answer "NXDOMAIN" -# remove www.example.net - check it gets nxdomain -echo "$PRE/unbound-control -c ub.conf local_data_remove www.example.net" -$PRE/unbound-control -c ub.conf local_data_remove www.example.net -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> dig www.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile -echo "> check answer" -if grep "NXDOMAIN" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi +teststep "remove www.example.net - check it gets nxdomain" +control_command -c ub.conf local_data_remove www.example.net +expect_exit_value 0 +query www.example.net. +expect_answer "NXDOMAIN" -# remove nonexistent name - check bug#287(segfault) does not happen. -echo "$PRE/unbound-control -c ub.conf local_data_remove test.example.net" -$PRE/unbound-control -c ub.conf local_data_remove test.example.net +teststep "remove nonexistent name - check bug#287(segfault) does not happen" +control_command -c ub.conf local_data_remove test.example.net # if crash then then we get: error: could not SSL_read from unbound-control -if test $? -ne 0; then - echo "wrong exit value after success" - cat unbound.log - echo "Not OK" - exit 1 -fi +expect_exit_value 0 -# remove example.net - check its gone. -echo "$PRE/unbound-control -c ub.conf local_zone_remove example.net" -$PRE/unbound-control -c ub.conf local_zone_remove example.net -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> dig www.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile -echo "> check answer" -if grep "SERVFAIL" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi +teststep "remove example.net - check its gone" +control_command -c ub.conf local_zone_remove example.net +expect_exit_value 0 +query www.example.net. +expect_answer "SERVFAIL" -# dump the cache -echo "> test cache dump" -# fillup cache -echo "dig www.example.com" -dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. -echo "$PRE/unbound-control -c ub.conf dump_cache" -$PRE/unbound-control -c ub.conf dump_cache > tmp.$$ -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -cat tmp.$$ -if grep 10.20.30.40 tmp.$$; then - echo "OK example.com is in cache dump" -else - echo "Not OK cache dump" - exit 1 -fi +teststep "dump the cache" +query www.example.com. +cache_dump -c ub.conf +expect_exit_value 0 +cat cache.dump +expect_in_cache "10.20.30.40" -# test lookup -echo "$PRE/unbound-control -c ub.conf lookup www.example.com" -$PRE/unbound-control -c ub.conf lookup www.example.com -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi +control_command -c ub.conf lookup www.example.com +expect_exit_value 0 # answer to lookup is meaningless because of use a forwarder, oh well. -# load the cache dump. -echo "$PRE/unbound-control -c ub.conf load_cache < tmp.$$" -$PRE/unbound-control -c ub.conf load_cache < tmp.$$ -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> dig www.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -echo "> check answer" -if grep "10.20.30.40" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi +teststep "load the cache dump" +cache_load -c ub.conf +expect_exit_value 0 +query www.example.com. +expect_answer "10.20.30.40" -# load local-zones from file -echo "$PRE/unbound-control -c ub.conf local_zones < local_zones" -$PRE/unbound-control -c ub.conf local_zones < local_zones -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> dig localzonefromfile." -dig @127.0.0.1 -p $UNBOUND_PORT localzonefromfile | tee outfile -echo "> check answer" -if grep "REFUSED" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi +teststep "load local-zones from file" +control_command -c ub.conf local_zones < local_zones +expect_exit_value 0 +query localzonefromfile +expect_answer "REFUSED" -# load local-data from file -echo "$PRE/unbound-control -c ub.conf local_datas < local_data" -$PRE/unbound-control -c ub.conf local_datas < local_data -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> dig localdatafromfile." -dig @127.0.0.1 -p $UNBOUND_PORT -t txt localdatafromfile | tee outfile -echo "> check answer" -if grep "local data from file OK" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi +teststep "load local-data from file" +control_command -c ub.conf local_datas < local_data +expect_exit_value 0 +query -t txt localdatafromfile +expect_answer "local data from file OK" -# remove local-zone and local-data from file -echo "$PRE/unbound-control -c ub.conf local_zones_remove < local_zones_remove" -$PRE/unbound-control -c ub.conf local_zones_remove < local_zones_remove -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "$PRE/unbound-control -c ub.conf local_datas_remove < local_data_remove" -$PRE/unbound-control -c ub.conf local_datas_remove < local_data_remove -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> check zone and data removal list_local_zones" -$PRE/unbound-control -c ub.conf list_local_zones | tee outfile -if grep "localzonefromfile" outfile; then - echo "Not OK" - exit 1 -fi -if grep "local data from file OK" outfile; then - echo "Not OK" - exit 1 -fi -if grep "otherlocalzone" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi +teststep "remove local-zone and local-data from file" +control_command -c ub.conf local_zones_remove < local_zones_remove +expect_exit_value 0 +control_command -c ub.conf local_datas_remove < local_data_remove +expect_exit_value 0 +control_command -c ub.conf list_local_zones +fail_answer "localzonefromfile" +fail_answer "local data from file OK" +expect_answer "otherlocalzone" -# flushing -echo "$PRE/unbound-control -c ub.conf flush www.example.net" -$PRE/unbound-control -c ub.conf flush www.example.net -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi +teststep "flushing" +control_command -c ub.conf flush www.example.net +expect_exit_value 0 +control_command -c ub.conf flush_type www.example.net TXT +expect_exit_value 0 +control_command -c ub.conf flush_zone example.net +expect_exit_value 0 -echo "$PRE/unbound-control -c ub.conf flush_type www.example.net TXT" -$PRE/unbound-control -c ub.conf flush_type www.example.net TXT -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi +teststep "reload the server for a clean state and populate the cache" +cp main.conf ub.conf +control_command -c ub.conf reload +expect_exit_value 0 +query www.example.com +expect_answer "10.20.30.40" -echo "$PRE/unbound-control -c ub.conf flush_zone example.net" -$PRE/unbound-control -c ub.conf flush_zone example.net -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi +teststep "reload and check cache dump - should be empty" +control_command -c ub.conf reload +expect_exit_value 0 +cache_dump -c ub.conf +expect_exit_value 0 +fail_in_cache_dump "www.example.com.*10.20.30.40" +fail_in_cache_dump "msg www.example.com. IN A" -# now stop the server -echo "$PRE/unbound-control -c ub.conf stop" -$PRE/unbound-control -c ub.conf stop -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -# see if the server has really exited. +query www.example.com +expect_answer "10.20.30.40" + +teststep "reload_keep_cache and check cache dump - should not be empty" +control_command -c ub.conf reload_keep_cache +expect_exit_value 0 +cache_dump -c ub.conf +expect_exit_value 0 +expect_in_cache_dump "www.example.com.*10.20.30.40" +expect_in_cache_dump "msg www.example.com. IN A" +query www.example.com +nordflag +expect_answer "10.20.30.40" + +teststep "change msg-cache-size and reload_keep_cache - should be empty" +echo "server: msg-cache-size: 2m" >> ub.conf +control_command -c ub.conf reload_keep_cache +expect_exit_value 0 +cache_dump -c ub.conf +expect_exit_value 0 +fail_in_cache_dump "www.example.com.*10.20.30.40" +fail_in_cache_dump "msg www.example.com. IN A" +query www.example.com +expect_answer "10.20.30.40" + +teststep "change rrset-cache-size and reload_keep_cache - should be empty" +echo "server: rrset-cache-size: 2m" >> ub.conf +control_command -c ub.conf reload_keep_cache +expect_exit_value 0 +cache_dump -c ub.conf +expect_exit_value 0 +fail_in_cache_dump "www.example.com.*10.20.30.40" +fail_in_cache_dump "msg www.example.com. IN A" +query www.example.com +expect_answer "10.20.30.40" + +teststep "change num-threads and reload_keep_cache - should be empty" +echo "server: num-threads: 2" >> ub.conf +control_command -c ub.conf reload_keep_cache +expect_exit_value 0 +cache_dump -c ub.conf +expect_exit_value 0 +fail_in_cache_dump "www.example.com.*10.20.30.40" +fail_in_cache_dump "msg www.example.com. IN A" +query www.example.com +expect_answer "10.20.30.40" + +teststep "change minimal-responses and reload_keep_cache - should not be empty" +echo "server: minimal-responses: no" >> ub.conf +control_command -c ub.conf reload_keep_cache +expect_exit_value 0 +cache_dump -c ub.conf +expect_exit_value 0 +expect_in_cache_dump "www.example.com.*10.20.30.40" +expect_in_cache_dump "msg www.example.com. IN A" + +teststep "now stop the server" +control_command -c ub.conf stop +expect_exit_value 0 + +teststep "see if the server has really exited" TRY_MAX=20 for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do if kill -0 $UNBOUND_PID 2>&1 | tee tmp.$$; then @@ -379,11 +332,8 @@ for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do done if kill -0 $UNBOUND_PID; then echo "still up!" - echo "> cat logfiles" - cat fwd.log - cat unbound.log echo "not stopped, failure" - exit 1 + end 1 else echo "stopped OK" @@ -392,15 +342,9 @@ else echo "lock-verify test worked." else echo "lock-verify test failed." - cat fwd.log - cat unbound.log - exit 1 + end 1 fi fi fi -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> OK" -exit 0 +end 0 diff --git a/testdata/09-unbound-control.tdir/conf.bad_credentials b/testdata/09-unbound-control.tdir/conf.bad_credentials new file mode 100644 index 000000000..11a131130 --- /dev/null +++ b/testdata/09-unbound-control.tdir/conf.bad_credentials @@ -0,0 +1,5 @@ +remote-control: + server-key-file: bad_server.key + server-cert-file: bad_server.pem + control-key-file: bad_control.key + control-cert-file: bad_control.pem diff --git a/testdata/09-unbound-control.tdir/conf.spoofed_credentials b/testdata/09-unbound-control.tdir/conf.spoofed_credentials new file mode 100644 index 000000000..25cb830dc --- /dev/null +++ b/testdata/09-unbound-control.tdir/conf.spoofed_credentials @@ -0,0 +1,5 @@ +remote-control: + server-key-file: unbound_server.key + server-cert-file: unbound_server.pem + control-key-file: bad_control.key + control-cert-file: bad_control.pem diff --git a/testdata/auth_xfr_host.rpl b/testdata/auth_xfr_host.rpl index d052d36a4..f8bd1890e 100644 --- a/testdata/auth_xfr_host.rpl +++ b/testdata/auth_xfr_host.rpl @@ -84,6 +84,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/autotrust_init_fail.rpl b/testdata/autotrust_init_fail.rpl index 1f3fed957..00703026d 100644 --- a/testdata/autotrust_init_fail.rpl +++ b/testdata/autotrust_init_fail.rpl @@ -5,6 +5,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -159,6 +160,23 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 21 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 22 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + ; The autotrust anchor was probed due to the query. STEP 30 CHECK_AUTOTRUST example.com diff --git a/testdata/autotrust_init_failsig.rpl b/testdata/autotrust_init_failsig.rpl index 7f6a14d83..29a8d11d1 100644 --- a/testdata/autotrust_init_failsig.rpl +++ b/testdata/autotrust_init_failsig.rpl @@ -6,6 +6,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -147,6 +148,23 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 21 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 22 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + ; The autotrust anchor was probed due to the query. STEP 30 CHECK_AUTOTRUST example.com diff --git a/testdata/autotrust_probefail.rpl b/testdata/autotrust_probefail.rpl index e22cbf71f..992d9629d 100644 --- a/testdata/autotrust_probefail.rpl +++ b/testdata/autotrust_probefail.rpl @@ -5,6 +5,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -164,4 +165,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 40 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/autotrust_probefailsig.rpl b/testdata/autotrust_probefailsig.rpl index 7d486ffbc..3988add01 100644 --- a/testdata/autotrust_probefailsig.rpl +++ b/testdata/autotrust_probefailsig.rpl @@ -5,6 +5,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -164,4 +165,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 40 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/autotrust_revtp_use.rpl b/testdata/autotrust_revtp_use.rpl index b43eb60ad..952428a3d 100644 --- a/testdata/autotrust_revtp_use.rpl +++ b/testdata/autotrust_revtp_use.rpl @@ -109,6 +109,8 @@ SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER ; no AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/black_ds_entry.rpl b/testdata/black_ds_entry.rpl index 168dc236d..f2e7a2a99 100644 --- a/testdata/black_ds_entry.rpl +++ b/testdata/black_ds_entry.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -586,6 +587,23 @@ www.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 20 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + ; no more outgoing traffic possible. STEP 110 QUERY ENTRY_BEGIN @@ -603,6 +621,23 @@ ftp.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 121 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ftp.sub.example.com. IN A +ENTRY_END + +STEP 122 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ftp.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + ; wait for timeout seconds. STEP 130 TIME_PASSES ELAPSE 901 diff --git a/testdata/black_key_entry.rpl b/testdata/black_key_entry.rpl index cd2b0bfbe..c66e1dbb1 100644 --- a/testdata/black_key_entry.rpl +++ b/testdata/black_key_entry.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -568,6 +569,23 @@ www.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 20 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + ; no more outgoing traffic possible. STEP 110 QUERY ENTRY_BEGIN @@ -585,6 +603,23 @@ ftp.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 121 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ftp.sub.example.com. IN A +ENTRY_END + +STEP 122 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ftp.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + ; wait for timeout seconds. STEP 130 TIME_PASSES ELAPSE 901 diff --git a/testdata/black_prime_entry.rpl b/testdata/black_prime_entry.rpl index e635ed9cc..1acd7d7c1 100644 --- a/testdata/black_prime_entry.rpl +++ b/testdata/black_prime_entry.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -292,6 +293,22 @@ SECTION QUESTION www.example.com. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + STEP 100 TIME_PASSES ELAPSE 10 ; second query should not result in going to the network. @@ -311,5 +328,21 @@ SECTION QUESTION ftp.example.com. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 121 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ftp.example.com. IN A +ENTRY_END + +STEP 122 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ftp.example.com. IN A +ENTRY_END + SCENARIO_END diff --git a/testdata/cachedb_cached_ede.crpl b/testdata/cachedb_cached_ede.crpl index 55d61e74e..5eade5451 100644 --- a/testdata/cachedb_cached_ede.crpl +++ b/testdata/cachedb_cached_ede.crpl @@ -5,6 +5,7 @@ server: minimal-responses: no module-config: "cachedb validator iterator" trust-anchor-signaling: no + verbosity: 4 ede: yes val-log-level: 2 trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1" @@ -51,7 +52,7 @@ SECTION QUESTION example.nl. IN A SECTION ADDITIONAL HEX_EDNSDATA_BEGIN - C0 00 ; option code = 49152 + FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST) 00 00 ; option length HEX_EDNSDATA_END ENTRY_END @@ -73,7 +74,7 @@ SECTION QUESTION example.nl. IN A SECTION ADDITIONAL HEX_EDNSDATA_BEGIN - C0 00 ; option code = 49152 + FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST) 00 00 ; option length HEX_EDNSDATA_END ENTRY_END diff --git a/testdata/common.sh b/testdata/common.sh index a449f1a64..b0e66f8df 100644 --- a/testdata/common.sh +++ b/testdata/common.sh @@ -29,6 +29,7 @@ # wait_server_up_or_fail: wait for server to come up or print a failure string # skip_test x : print message and skip test (must be called in .pre) # kill_pid : kill a server, make sure and wait for it to go down. +# teststep : print the current test step in the output # print error and exit @@ -272,3 +273,8 @@ set_doxygen_path () { fi } +# Print the current test step in the output +teststep () { + echo + echo "STEP [ $1 ]" +} diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test index bbeb9eb2b..45bde6564 100644 --- a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test @@ -23,15 +23,26 @@ if test "$?" -ne 0; then fi num=$(grep "ANSWER SEC" outfile | wc -l) # 58 byte answers, 500 byte max response buffer -> 8 answers + +# Sometimes unbound is scheduled to be able to respond very quickly, +# before all the queries are sent, and then writes some of the queries +# back already, emptying the buffer, which then does not overflow. +# The attempt is to detect this test flakyness with 'mode w' write lines. +nummodew=$(grep "mode w" unbound.log | wc -l) +echo "num answers $num and num write events $nummodew" if [ $num -eq 8 ]; then echo "content OK" else + if [ "(" $num -eq 9 -o $num -eq 10 ")" -a $nummodew -eq 2 ]; then + echo "skip buffer emptied event" + else echo "result contents not OK" echo "> cat logfiles" cat outfile cat unbound.log echo "result contents not OK" exit 1 + fi fi echo "OK" diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test index 5d478bd49..7ce05faf9 100644 --- a/testdata/ede.tdir/ede.test +++ b/testdata/ede.tdir/ede.test @@ -68,5 +68,21 @@ then exit 1 fi +# EDE with CD bit set (EDE but no SERVFAIL) +dig @127.0.0.1 -p $UNBOUND_PORT cd.dnskey-failures.test +cd > cd_bit_ede.txt -# @TODO DNSSEC indeterminate when implemented +if ! grep -q -e "NXDOMAIN" cd_bit_ede.txt +then + echo "No NXDOMAIN reply with CD bit set" + cat cd_bit_ede.txt + exit 1 +fi +if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" cd_bit_ede.txt +then + echo "No EDE attached with CD bit set" + cat cd_bit_ede.txt + exit 1 +fi + +# TODO EDE with CD bit set (EDE but no SERVFAIL) for a cached answer +# TODO DNSSEC indeterminate when implemented diff --git a/testdata/ede_cache_snoop_noth_auth.rpl b/testdata/ede_cache_snoop_not_auth.rpl similarity index 100% rename from testdata/ede_cache_snoop_noth_auth.rpl rename to testdata/ede_cache_snoop_not_auth.rpl diff --git a/testdata/ede_caching.rpl b/testdata/ede_caching.rpl deleted file mode 100644 index 63bcac28a..000000000 --- a/testdata/ede_caching.rpl +++ /dev/null @@ -1,187 +0,0 @@ -; @TODO decide if we want to keep this, or change the original test(s) -; This test is a copy of autotrust_probefail, where the query is executed twide - - -; config options -server: - target-fetch-policy: "0 0 0 0 0" - log-time-ascii: yes - fake-sha1: yes - trust-anchor-signaling: no - ede: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -AUTOTRUST_FILE example.com -; autotrust trust anchor file -;;id: example.com. 1 -;;last_queried: 1258962400 ;;Mon Nov 23 08:46:40 2009 -;;last_success: 1258962400 ;;Mon Nov 23 08:46:40 2009 -;;next_probe_time: 1258967360 ;;Mon Nov 23 10:09:20 2009 -;;query_failed: 0 -;;query_interval: 5400 -;;retry_time: 3600 -example.com. 10800 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009 -example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009 -AUTOTRUST_END -CONFIG_END - -SCENARIO_BEGIN Test autotrust with probe failure - -; K-ROOT -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id copy_query -REPLY QR AA -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS k.root-servers.net. -SECTION ADDITIONAL -k.root-servers.net IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA SERVFAIL -SECTION QUESTION -ns.example.com. IN AAAA -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. 3600 IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899} -SECTION AUTHORITY -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899} -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA SERVFAIL -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER - -; revoked keys -example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} -example.com. 10800 IN DNSKEY 385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b} -; signatures -example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 55710 example.com. zOSlB1iwtlP2lum1RK0WoDQrMVj0JKwk2E5Mu1okzV38hAx3Xm9IGMK6WrNkVVLmx4OkhYmdPVA95jVsFpwLMw== ;{id = 55710} -example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 16614 example.com. qP49cCYP3lvNnLBYty/JxAwHqBIGjpup5zQ7qpjPnaZpBb/TlpOhY17LBZrqD86VvBbEVz5tkxC9UrCy85ePDQ== ;{id = 16614} - -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -RANGE_END - -; set date/time to Mon Nov 23 09:46:40 2009 -STEP 5 TIME_PASSES EVAL ${1258962400 + 7200} -STEP 6 TRAFFIC ; do the probe -STEP 7 ASSIGN t0 = ${time} -STEP 8 ASSIGN probe0 = ${range 3200 ${timeout} 3600} -STEP 9 ASSIGN tp = ${1258962400} - -; the auto probing should have been done now. -STEP 11 CHECK_AUTOTRUST example.com -FILE_BEGIN -; autotrust trust anchor file -;;id: example.com. 1 -;;last_queried: 1258962400 ;;Mon Nov 23 08:46:40 2009 -;;last_success: 1258962400 ;;Mon Nov 23 08:46:40 2009 -;;next_probe_time: 1258967360 ;;Mon Nov 23 10:09:20 2009 -;;query_failed: 0 -;;query_interval: 5400 -;;retry_time: 3600 -example.com. 10800 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009 -example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009 -FILE_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/testdata/fwd_0ttlservfail.rpl b/testdata/fwd_0ttlservfail.rpl index f1a6dc629..ed912c73b 100644 --- a/testdata/fwd_0ttlservfail.rpl +++ b/testdata/fwd_0ttlservfail.rpl @@ -2,6 +2,7 @@ ; config options go here. server: serve-expired: yes + prefetch: yes forward-zone: name: "." forward-addr: 216.0.0.1 CONFIG_END @@ -45,7 +46,7 @@ SECTION ANSWER ENTRY_END ; enough to pass by the TTL of the servfail answer in cache -STEP 50 TIME_PASSES ELAPSE 40 +STEP 50 TIME_PASSES ELAPSE 5 ; this query triggers a prefetch STEP 210 QUERY diff --git a/testdata/iter_cname_minimise_nx.rpl b/testdata/iter_cname_minimise_nx.rpl new file mode 100644 index 000000000..080055208 --- /dev/null +++ b/testdata/iter_cname_minimise_nx.rpl @@ -0,0 +1,246 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: yes + module-config: "validator iterator" + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test cname chain resolution of nxdomain with qname minimisation. +; the qtype CNAME lookup has NXDOMAIN. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +c.example.com. IN A +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN CNAME +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN CNAME +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +c.example.com. IN A +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_dnsseclame_bug.rpl b/testdata/iter_dnsseclame_bug.rpl index cb17bbf33..c5fd13244 100644 --- a/testdata/iter_dnsseclame_bug.rpl +++ b/testdata/iter_dnsseclame_bug.rpl @@ -117,6 +117,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -126,6 +128,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; no example.net delegation answers yet. @@ -156,6 +160,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -165,6 +171,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -287,6 +295,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -321,6 +331,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; fine DNSKEY response. @@ -417,6 +429,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; response to query of interest diff --git a/testdata/iter_dnsseclame_ds.rpl b/testdata/iter_dnsseclame_ds.rpl index 78a11cc07..6b2bf653f 100644 --- a/testdata/iter_dnsseclame_ds.rpl +++ b/testdata/iter_dnsseclame_ds.rpl @@ -116,6 +116,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -125,6 +127,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -245,6 +249,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. o6B6mzZ2pzXRE9qBagNw+U5kZOCViyuYRObCJTMsEQn8kNzSIxOhuqjBoo0ifKmxvUmCxaNtsWaG4eDC+vCBdQ== ENTRY_END RANGE_END @@ -279,6 +286,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; fine DNSKEY response. @@ -375,6 +384,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; response to query of interest diff --git a/testdata/iter_dnsseclame_ta.rpl b/testdata/iter_dnsseclame_ta.rpl index 5799a1146..ce4414dda 100644 --- a/testdata/iter_dnsseclame_ta.rpl +++ b/testdata/iter_dnsseclame_ta.rpl @@ -119,6 +119,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -128,6 +130,8 @@ REPLY QR NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -239,6 +243,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END RANGE_END @@ -261,6 +268,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; lame DNSKEY response. diff --git a/testdata/iter_donotq127.rpl b/testdata/iter_donotq127.rpl index 3668d7b6f..4b22222d2 100644 --- a/testdata/iter_donotq127.rpl +++ b/testdata/iter_donotq127.rpl @@ -35,6 +35,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_emptydp.rpl b/testdata/iter_emptydp.rpl index 82ddccfad..ecb49b6cd 100644 --- a/testdata/iter_emptydp.rpl +++ b/testdata/iter_emptydp.rpl @@ -108,6 +108,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -156,6 +158,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -180,7 +184,9 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER -; bogus +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END ; response to DNSKEY priming query @@ -261,6 +267,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_emptydp_for_glue.rpl b/testdata/iter_emptydp_for_glue.rpl index 68fad6f15..94dec2bc5 100644 --- a/testdata/iter_emptydp_for_glue.rpl +++ b/testdata/iter_emptydp_for_glue.rpl @@ -135,6 +135,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -211,6 +213,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.org. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.org. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.net. zone @@ -244,6 +248,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -268,7 +274,9 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER -; bogus message. +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END ; response to DNSKEY priming query @@ -343,6 +351,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.org. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.org. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.net. zone @@ -376,6 +386,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -471,6 +483,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END @@ -490,6 +503,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_ignore_empty.rpl b/testdata/iter_ignore_empty.rpl new file mode 100644 index 000000000..c70dd7e8d --- /dev/null +++ b/testdata/iter_ignore_empty.rpl @@ -0,0 +1,198 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test ignore of an empty response. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example2.com. IN NS +SECTION AUTHORITY +example2.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example.net. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns root 4 14400 3600 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns2.example2.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example2.com. IN NS +SECTION ANSWER +example2.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example2.com. IN A +SECTION ANSWER +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example2.com. IN AAAA +SECTION AUTHORITY +example2.com. IN SOA ns2 root 4 14400 3600 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +; wait for pending nameserver lookups. +STEP 20 TRAFFIC + +SCENARIO_END diff --git a/testdata/iter_lame_aaaa.rpl b/testdata/iter_lame_aaaa.rpl index 8afef770f..cef471305 100644 --- a/testdata/iter_lame_aaaa.rpl +++ b/testdata/iter_lame_aaaa.rpl @@ -76,6 +76,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -85,6 +87,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN A SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_lamescrub.rpl b/testdata/iter_lamescrub.rpl index 2de13a655..0ac19d7f8 100644 --- a/testdata/iter_lamescrub.rpl +++ b/testdata/iter_lamescrub.rpl @@ -42,6 +42,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_nat64.rpl b/testdata/iter_nat64.rpl new file mode 100644 index 000000000..dde0a2559 --- /dev/null +++ b/testdata/iter_nat64.rpl @@ -0,0 +1,117 @@ +; config options +server: + do-nat64: yes + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport for a v4-only server. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 64:ff9b::c000:0201 + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_nat64_prefix.rpl b/testdata/iter_nat64_prefix.rpl new file mode 100644 index 000000000..ecb6508dc --- /dev/null +++ b/testdata/iter_nat64_prefix.rpl @@ -0,0 +1,119 @@ +; config options +server: + do-nat64: yes + nat64-prefix: 2001:db8:1234::/96 + target-fetch-policy: "0 0 0 0 0" + do-ip4: no + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport for a v4-only server, custom NAT64 prefix. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8:1234::c000:0201 + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_nat64_prefix48.rpl b/testdata/iter_nat64_prefix48.rpl new file mode 100644 index 000000000..e7c32e8ff --- /dev/null +++ b/testdata/iter_nat64_prefix48.rpl @@ -0,0 +1,118 @@ +; config options +server: + do-nat64: yes + nat64-prefix: 2001:db8:2345::/48 + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport, this time with /48 NAT64 prefix. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8:2345:c000:0002:0100:: + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_nxns_cached.rpl b/testdata/iter_nxns_cached.rpl index 7671df663..6cb8866ed 100644 --- a/testdata/iter_nxns_cached.rpl +++ b/testdata/iter_nxns_cached.rpl @@ -152,6 +152,8 @@ RANGE_BEGIN 31 100 REPLY QR NOERROR SECTION QUESTION nameservers.com. IN A + SECTION AUTHORITY + nameservers.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/iter_nxns_fallback.rpl b/testdata/iter_nxns_fallback.rpl index 324068604..2a6a3fd33 100644 --- a/testdata/iter_nxns_fallback.rpl +++ b/testdata/iter_nxns_fallback.rpl @@ -137,6 +137,8 @@ RANGE_BEGIN 0 100 REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_primenoglue.rpl b/testdata/iter_primenoglue.rpl index a0be71c78..b9808dd2c 100644 --- a/testdata/iter_primenoglue.rpl +++ b/testdata/iter_primenoglue.rpl @@ -114,15 +114,6 @@ SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -A.ROOT-SERVERS.NET. IN AAAA -SECTION ANSWER -ENTRY_END - ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query @@ -130,29 +121,22 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN -MATCH opcode qname +MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION -K.ROOT-SERVERS.NET. IN A +ROOT-SERVERS.NET. IN A SECTION AUTHORITY ROOT-SERVERS.NET. IN NS A.ROOT-SERVERS.NET. SECTION ADDITIONAL A.ROOT-SERVERS.NET. IN A 198.41.0.4 ENTRY_END -ENTRY_BEGIN -MATCH opcode qname -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -K.ROOT-SERVERS.NET. IN AAAA -SECTION ANSWER -ENTRY_END - ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query @@ -213,6 +197,7 @@ K.ROOT-SERVERS.NET. IN A SECTION ANSWER K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END + ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -222,6 +207,8 @@ K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER ; no ip6 address: we want to use only one address for K. to avoid having ; to duplicate the entries in this file for both addresses. +SECTION AUTHORITY +root-servers.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -258,6 +245,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -282,6 +271,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END @@ -363,6 +354,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END @@ -381,6 +373,7 @@ SECTION QUESTION K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER SECTION AUTHORITY +root-servers.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_privaddr.rpl b/testdata/iter_privaddr.rpl index 93a2a147d..0c87b4b9a 100644 --- a/testdata/iter_privaddr.rpl +++ b/testdata/iter_privaddr.rpl @@ -122,6 +122,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_ranoaa_lame.rpl b/testdata/iter_ranoaa_lame.rpl index 0e6d98778..8ee82415a 100644 --- a/testdata/iter_ranoaa_lame.rpl +++ b/testdata/iter_ranoaa_lame.rpl @@ -198,6 +198,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -235,6 +237,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -243,6 +247,8 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; the lame response. diff --git a/testdata/iter_reclame_two.rpl b/testdata/iter_reclame_two.rpl index 459dcb17f..76c310b28 100644 --- a/testdata/iter_reclame_two.rpl +++ b/testdata/iter_reclame_two.rpl @@ -95,6 +95,8 @@ REPLY QR RA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -104,6 +106,8 @@ REPLY QR RA NOERROR SECTION QUESTION lame.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_scrub_ns.rpl b/testdata/iter_scrub_ns.rpl index 365f0b54e..64f980dcd 100644 --- a/testdata/iter_scrub_ns.rpl +++ b/testdata/iter_scrub_ns.rpl @@ -39,6 +39,7 @@ REPLY QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -78,6 +79,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_scrub_ns_fwd.rpl b/testdata/iter_scrub_ns_fwd.rpl index 239dc37f9..f7a526c46 100644 --- a/testdata/iter_scrub_ns_fwd.rpl +++ b/testdata/iter_scrub_ns_fwd.rpl @@ -39,6 +39,7 @@ REPLY RD RA QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -78,6 +79,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_scrub_ns_side.rpl b/testdata/iter_scrub_ns_side.rpl index 98d00fd92..44620ebd1 100644 --- a/testdata/iter_scrub_ns_side.rpl +++ b/testdata/iter_scrub_ns_side.rpl @@ -39,6 +39,7 @@ REPLY QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -54,6 +55,7 @@ REPLY QR NOERROR SECTION QUESTION mail.example.com. IN A SECTION ANSWER +mail.example.com. IN A 1.2.3.11 SECTION AUTHORITY ; not pertinent to the query www.example.com. IN NS ns.example.com. @@ -78,6 +80,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END @@ -96,6 +99,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION mail.example.com. IN A SECTION ANSWER +mail.example.com. IN A 1.2.3.11 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_stublastresort.rpl b/testdata/iter_stublastresort.rpl index b60778910..8fac79905 100644 --- a/testdata/iter_stublastresort.rpl +++ b/testdata/iter_stublastresort.rpl @@ -105,6 +105,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -156,6 +158,8 @@ REPLY QR AA SERVFAIL SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -204,6 +208,8 @@ REPLY QR AA SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/nsid_bogus.rpl b/testdata/nsid_bogus.rpl index 7e92266cf..9a80e1d75 100644 --- a/testdata/nsid_bogus.rpl +++ b/testdata/nsid_bogus.rpl @@ -10,6 +10,7 @@ server: minimal-responses: no nsid: "ascii_hopsa kidee" ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -117,6 +118,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 1440 0 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= SECTION ADDITIONAL ENTRY_END @@ -172,4 +176,33 @@ SECTION ADDITIONAL HEX_EDNSDATA_END ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 0b ; Length 11 + 68 6F 70 73 61 20 ; "hopsa " + 6B 69 64 65 65 ; "kidee" + HEX_EDNSDATA_END +ENTRY_END + SCENARIO_END diff --git a/testdata/ratelimit.tdir/ratelimit.testns b/testdata/ratelimit.tdir/ratelimit.testns index 673bd15a5..563c1db6a 100644 --- a/testdata/ratelimit.tdir/ratelimit.testns +++ b/testdata/ratelimit.tdir/ratelimit.testns @@ -10,4 +10,6 @@ SECTION QUESTION wild IN A SECTION ANSWER wild IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. ENTRY_END diff --git a/testdata/root_key_sentinel.rpl b/testdata/root_key_sentinel.rpl index 39bd9685c..e368bc521 100644 --- a/testdata/root_key_sentinel.rpl +++ b/testdata/root_key_sentinel.rpl @@ -5,6 +5,7 @@ server: target-fetch-policy: "0 0 0 0 0" trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -145,6 +146,22 @@ SECTION QUESTION root-key-sentinel-not-ta-19036. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 23 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +root-key-sentinel-not-ta-19036. IN A +ENTRY_END + +STEP 24 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +root-key-sentinel-not-ta-19036. IN A +ENTRY_END + STEP 30 QUERY ENTRY_BEGIN REPLY RD DO @@ -161,6 +178,22 @@ SECTION QUESTION root-key-sentinel-is-ta-20326. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 34 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +root-key-sentinel-is-ta-20326. IN A +ENTRY_END + +STEP 35 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +root-key-sentinel-is-ta-20326. IN A +ENTRY_END + STEP 40 QUERY ENTRY_BEGIN REPLY RD DO diff --git a/testdata/rpz_ixfr.rpl b/testdata/rpz_ixfr.rpl index ca2b62335..356663157 100644 --- a/testdata/rpz_ixfr.rpl +++ b/testdata/rpz_ixfr.rpl @@ -4,6 +4,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: no rrset-roundrobin: no + access-control: 192.0.0.0/8 allow rpz: name: "rpz.example.com." @@ -22,6 +23,11 @@ d.rpz.example.com. IN CNAME . 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.3 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.4 32.4.123.0.10.rpz-ip.rpz.example.com. CNAME . +; also test client-ip, and remove it later with an IXFR. +24.0.5.0.192.rpz-client-ip A 127.0.0.5 +24.0.6.0.192.rpz-client-ip CNAME *. +32.41.30.20.10.rpz-nsip A 127.0.0.1 +ns.gotham.com.rpz-nsdname A 127.0.0.1 TEMPFILE_END stub-zone: @@ -97,6 +103,42 @@ SECTION ANSWER d.rpz-ip. IN A 10.0.123.4 ENTRY_END +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +a.a. IN A +SECTION ANSWER +a.a. IN A 10.0.123.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION ANSWER +SECTION AUTHORITY +foo.com. 10 IN NS ns.foo.com. +SECTION ADDITIONAL +ns.foo.com. 10 IN A 10.20.30.41 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham.com. IN NS +SECTION ANSWER +SECTION AUTHORITY +gotham.com. 10 IN NS ns.gotham.com. +SECTION ADDITIONAL +ns.gotham.com. 10 IN A 10.20.30.42 +ENTRY_END + ENTRY_BEGIN MATCH opcode qname qtype ADJUST copy_id @@ -124,6 +166,10 @@ d.rpz.example.com. IN CNAME . 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.3 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.4 32.4.123.0.10.rpz-ip.rpz.example.com. CNAME . +24.0.5.0.192.rpz-client-ip.rpz.example.com. A 127.0.0.5 +24.0.6.0.192.rpz-client-ip.rpz.example.com. CNAME *. +32.41.30.20.10.rpz-nsip.rpz.example.com. A 127.0.0.1 +ns.gotham.com.rpz-nsdname.rpz.example.com. A 127.0.0.1 rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 b.rpz.example.com. TXT "hello from RPZ" c.rpz.example.com. TXT "hello from RPZ" @@ -136,6 +182,78 @@ ENTRY_END RANGE_END +; ns.foo.com +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.41 +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +ns.foo.com. IN A +SECTION ANSWER +ns.foo.com. 10 IN A 10.20.30.41 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +ns.foo.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +foo.com. 10 IN SOA ns.foo.com. root.foo.com. 1 2 3 4 10 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +www.foo.com. IN A +SECTION ANSWER +www.foo.com. 10 IN A 10.20.30.42 +ENTRY_END + +RANGE_END + +; ns.gotham.com +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.42 +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +ns.gotham.com. IN A +SECTION ANSWER +ns.gotham.com. 10 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +ns.gotham.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +gotham.com. 10 IN SOA ns.gotham.com. root.gotham.com. 1 2 3 4 10 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +www.gotham.com. IN A +SECTION ANSWER +www.gotham.com. 10 IN A 10.20.30.43 +ENTRY_END + +RANGE_END + STEP 1 QUERY ENTRY_BEGIN REPLY RD @@ -244,7 +362,6 @@ SECTION QUESTION d.rpz-ip. IN A ENTRY_END - STEP 15 CHECK_ANSWER ENTRY_BEGIN MATCH all @@ -253,7 +370,74 @@ SECTION QUESTION d.rpz-ip. IN A ENTRY_END -STEP 16 TIME_PASSES ELAPSE 1 +STEP 16 QUERY ADDRESS 192.0.5.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.a. IN A +ENTRY_END + +STEP 17 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +a.a. IN A +SECTION ANSWER +a.a. IN A 127.0.0.5 +ENTRY_END + +STEP 18 QUERY ADDRESS 192.0.6.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.a. IN A +ENTRY_END + +STEP 19 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +a.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.foo.com. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.foo.com. IN A +SECTION ANSWER +www.foo.com. IN A 127.0.0.1 +ENTRY_END + +STEP 22 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.com. IN A +ENTRY_END + +STEP 23 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham.com. IN A +SECTION ANSWER +www.gotham.com. IN A 127.0.0.1 +ENTRY_END + +STEP 24 TIME_PASSES ELAPSE 1 STEP 30 TIME_PASSES ELAPSE 3600 STEP 40 TRAFFIC @@ -376,4 +560,72 @@ SECTION ANSWER d.rpz-ip. IN A 10.0.123.4 ENTRY_END +STEP 64 QUERY ADDRESS 192.0.5.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.a. IN A +ENTRY_END + +STEP 65 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +a.a. IN A +SECTION ANSWER +a.a. IN A 10.0.123.5 +ENTRY_END + +STEP 66 QUERY ADDRESS 192.0.6.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.a. IN A +ENTRY_END + +STEP 67 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +a.a. IN A +SECTION ANSWER +a.a. IN A 10.0.123.5 +ENTRY_END + +STEP 68 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.foo.com. IN A +ENTRY_END + +STEP 69 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.foo.com. IN A +SECTION ANSWER +www.foo.com. 10 IN A 10.20.30.42 +ENTRY_END + +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.com. IN A +ENTRY_END + +STEP 71 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham.com. IN A +SECTION ANSWER +www.gotham.com. 10 IN A 10.20.30.43 +ENTRY_END + SCENARIO_END diff --git a/testdata/rpz_respip.rpl b/testdata/rpz_respip.rpl index 894a7cc5f..795bb25c8 100644 --- a/testdata/rpz_respip.rpl +++ b/testdata/rpz_respip.rpl @@ -458,14 +458,29 @@ e. IN AAAA ENTRY_END STEP 29 TIME_PASSES ELAPSE 12 +; should be dropped, with cache entry too. STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION +e. IN A +ENTRY_END +STEP 31 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +e. IN AAAA +ENTRY_END +STEP 32 TIME_PASSES ELAPSE 12 + +STEP 33 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION y. IN A ENTRY_END -STEP 31 CHECK_ANSWER +STEP 34 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR TC RD RA NOERROR diff --git a/testdata/serve_expired_0ttl_nodata.rpl b/testdata/serve_expired_0ttl_nodata.rpl new file mode 100644 index 000000000..45b51444b --- /dev/null +++ b/testdata/serve_expired_0ttl_nodata.rpl @@ -0,0 +1,154 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is NODATA; will be cached for the SOA negative TTL. +; - check that the client gets the NODATA; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the NODATA (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NODATA +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Wait for the NXDOMAIN to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NODATA +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_0ttl_nxdomain.rpl b/testdata/serve_expired_0ttl_nxdomain.rpl new file mode 100644 index 000000000..0fcde9f2d --- /dev/null +++ b/testdata/serve_expired_0ttl_nxdomain.rpl @@ -0,0 +1,154 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is NXDOMAIN; will be cached for the SOA negative TTL. +; - check that the client gets the NXDOMAIN; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NXDOMAIN +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Wait for the NXDOMAIN to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NXDOMAIN +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_0ttl_servfail.rpl b/testdata/serve_expired_0ttl_servfail.rpl new file mode 100644 index 000000000..aad7aa8c9 --- /dev/null +++ b/testdata/serve_expired_0ttl_servfail.rpl @@ -0,0 +1,129 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with SERVFAIL followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_cached_servfail.rpl b/testdata/serve_expired_cached_servfail.rpl new file mode 100644 index 000000000..286de708b --- /dev/null +++ b/testdata/serve_expired_cached_servfail.rpl @@ -0,0 +1,130 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 123 + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply +; Scenario overview: +; - query for example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - cached SERVFAIL should be ignored and upstream queried +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 6 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_cached_servfail_refresh.rpl b/testdata/serve_expired_cached_servfail_refresh.rpl new file mode 100644 index 000000000..664de9aa8 --- /dev/null +++ b/testdata/serve_expired_cached_servfail_refresh.rpl @@ -0,0 +1,145 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 123 + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply +; Scenario overview: +; - query for example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - cached SERVFAIL should be ignored and upstream queried +; - answer from upstream is still SERVFAIL; the cached error response will be +; refreshed for another NORR_TTL(5) +; - check that the client gets the SERVFAIL +; - query again; the upstream now has the answer available +; - check that we get the refreshed cached response instead + +; ns.example.com. +RANGE_BEGIN 0 50 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 60 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 6 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be refreshed) +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again, upstream has the real answer available +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the refreshed cached SERVFAIL +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_servfail.rpl b/testdata/serve_expired_client_timeout_servfail.rpl similarity index 86% rename from testdata/serve_expired_servfail.rpl rename to testdata/serve_expired_client_timeout_servfail.rpl index 6e3192ef0..1cae3fd82 100644 --- a/testdata/serve_expired_servfail.rpl +++ b/testdata/serve_expired_client_timeout_servfail.rpl @@ -4,7 +4,7 @@ server: qname-minimisation: "no" minimal-responses: no serve-expired: yes - serve-expired-client-timeout: 1800 + serve-expired-client-timeout: 1 serve-expired-reply-ttl: 123 log-servfail: yes ede: yes @@ -32,11 +32,11 @@ RANGE_BEGIN 0 20 ADJUST copy_id REPLY QR NOERROR SECTION QUESTION - example.com. IN NS + example.com. 10 IN NS SECTION ANSWER - example.com. IN NS ns.example.com. + example.com. 10 IN NS ns.example.com. SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 + ns.example.com. 10 IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN @@ -48,14 +48,14 @@ RANGE_BEGIN 0 20 SECTION ANSWER example.com. 10 IN A 5.6.7.8 SECTION AUTHORITY - example.com. IN NS ns.example.com. + example.com. 10 IN NS ns.example.com. SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 + ns.example.com. 10 IN A 1.2.3.4 ENTRY_END RANGE_END ; ns.example.com. -RANGE_BEGIN 30 100 +RANGE_BEGIN 30 70 ADDRESS 1.2.3.4 ; response to A query ENTRY_BEGIN @@ -85,13 +85,13 @@ ENTRY_BEGIN SECTION ANSWER example.com. 10 IN A 5.6.7.8 SECTION AUTHORITY - example.com. IN NS ns.example.com. + example.com. 10 IN NS ns.example.com. SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 + ns.example.com. 10 IN A 1.2.3.4 ENTRY_END ; Wait for the TTL to expire -STEP 11 TIME_PASSES ELAPSE 3601 +STEP 11 TIME_PASSES ELAPSE 11 ; Query again STEP 30 QUERY diff --git a/testdata/speed_local.tdir/speed_local.test b/testdata/speed_local.tdir/speed_local.test index 684b3c522..6ad1ba737 100644 --- a/testdata/speed_local.tdir/speed_local.test +++ b/testdata/speed_local.tdir/speed_local.test @@ -9,8 +9,11 @@ PRE="../.." get_make (cd $PRE; $MAKE perf) +# seconds per test +dur=1 + echo "> perf version.server" -$PRE/perf -d 1 -a "version.server CH TXT -" 127.0.0.1@$UNBOUND_PORT 2>&1 | +$PRE/perf -d $dur -a "version.server CH TXT -" 127.0.0.1@$UNBOUND_PORT 2>&1 | tee outfile echo -n "version-server " > line.txt @@ -25,7 +28,7 @@ fi echo "> perf localhost" -$PRE/perf -d 1 -a "localhost IN A -" 127.0.0.1@$UNBOUND_PORT 2>&1 | +$PRE/perf -d $dur -a "localhost IN A -" 127.0.0.1@$UNBOUND_PORT 2>&1 | tee outfile echo -n "localhost-addr " >> line.txt diff --git a/testdata/stat_values.tdir/stat_values.pre b/testdata/stat_values.tdir/stat_values.pre index 2db4a17e0..ad1166a06 100644 --- a/testdata/stat_values.tdir/stat_values.pre +++ b/testdata/stat_values.tdir/stat_values.pre @@ -5,6 +5,13 @@ [ -f .tpkg.var.test ] && source .tpkg.var.test . ../common.sh + +PRE="../.." +if grep "define USE_CACHEDB 1" $PRE/config.h; then + USE_CACHEDB=1 + echo "USE_CACHEDB=1" >> .tpkg.var.test +fi + get_random_port 4 UNBOUND_PORT=$RND_PORT FWD_PORT=$(($RND_PORT + 1)) @@ -29,8 +36,8 @@ echo "FWD_EXPIRED_PID=$FWD_EXPIRED_PID" >> .tpkg.var.test # make config file sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@EXPIREDPORT\@/'$FWD_EXPIRED_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values.conf > ub.conf +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@EXPIREDPORT\@/'$FWD_EXPIRED_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values_cachedb.conf > ub_cachedb.conf # start unbound in the background -PRE="../.." $PRE/unbound -d -c ub.conf >unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test diff --git a/testdata/stat_values.tdir/stat_values.test b/testdata/stat_values.tdir/stat_values.test index ef86a0471..c9ed66d82 100644 --- a/testdata/stat_values.tdir/stat_values.test +++ b/testdata/stat_values.tdir/stat_values.test @@ -95,7 +95,7 @@ check_expected_stats () { else echo "! bad expected stats:" cat $FILTERED_STATS_FILE - exit 1 + end 1 fi } @@ -109,7 +109,7 @@ check_rest_stats () { fi if grep -v "=0$" $REST_STATS_FILE; then echo "! bad rest stats" - exit 1 + end 1 else echo "OK" fi @@ -414,4 +414,98 @@ rrset.cache.count=3 infra.cache.count=2" +if test x$USE_CACHEDB = "x1"; then + +# Bring the cachedb configured Unbound up +kill_pid $UNBOUND_PID # kill current Unbound +$PRE/unbound -d -c ub_cachedb.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +echo +echo "[ Check cachedb cache miss. ]" +echo "> dig www.example.com." +dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.cachehits=0 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +num.query.udpout=1 +num.query.cachedb=0 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1 +num.answer.rcode.NOERROR=1" + +echo +echo "[ Check cachedb cache hit. ]" +echo "> dig www.example.com." +dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.cachehits=0 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +num.query.udpout=0 +num.query.cachedb=1 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1 +num.answer.rcode.NOERROR=1" + +echo +echo "[ Check cachedb cache hit with stat reset ]" +echo "> dig www.example.com." +dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.cachehits=0 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +num.query.cachedb=1 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1 +num.answer.rcode.NOERROR=1" + +fi # USE_CACHEDB + end 0 diff --git a/testdata/stat_values.tdir/stat_values.testns b/testdata/stat_values.tdir/stat_values.testns index 6691b0199..12df8a939 100644 --- a/testdata/stat_values.tdir/stat_values.testns +++ b/testdata/stat_values.tdir/stat_values.testns @@ -21,3 +21,13 @@ SECTION QUESTION SECTION ANSWER 1ttl 1 IN A 1.1.1.1 ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +0ttl IN A +SECTION ANSWER +0ttl 0 IN A 0.0.0.1 +ENTRY_END diff --git a/testdata/stat_values.tdir/stat_values_cachedb.conf b/testdata/stat_values.tdir/stat_values_cachedb.conf new file mode 100644 index 000000000..b5e9b0e02 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values_cachedb.conf @@ -0,0 +1,36 @@ +server: + verbosity: 5 + module-config: "cachedb iterator" + serve-expired: yes + num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + extended-statistics: yes + identity: "stat_values" + outbound-msg-retry: 0 + root-key-sentinel: no + trust-anchor-signaling: no + + local-zone: local.zone static + local-data: "www.local.zone A 192.0.2.1" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +forward-zone: + name: "expired." + forward-addr: "127.0.0.1@@EXPIREDPORT@" diff --git a/testdata/stream_ssl.tdir/stream_ssl.serv.conf b/testdata/stream_ssl.tdir/stream_ssl.serv.conf index a5dfcf364..840334f1e 100644 --- a/testdata/stream_ssl.tdir/stream_ssl.serv.conf +++ b/testdata/stream_ssl.tdir/stream_ssl.serv.conf @@ -9,9 +9,15 @@ server: chroot: "" username: "" do-not-query-localhost: yes + local-zone: "example.com" static + local-zone: "server" static + local-zone: "host" static local-data: "www.example.com. IN A 10.20.30.40" local-data: "unbound.server. IN A 127.0.0.1" local-data: "test.host. IN A 1.2.3.4" + local-data: "example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600" + local-data: "server. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600" + local-data: "host. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600" ssl-port: @SERVPORT@ ssl-service-key: "unbound_server.key" ssl-service-pem: "unbound_server.pem" diff --git a/testdata/subnet_cached_servfail.crpl b/testdata/subnet_cached_servfail.crpl new file mode 100644 index 000000000..9c746d579 --- /dev/null +++ b/testdata/subnet_cached_servfail.crpl @@ -0,0 +1,167 @@ +; Check if an expired SERVFAIL answer stored in the global cache does not block +; ECS queries to reach the ECS cache. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + serve-expired: yes + prefetch: yes + +stub-zone: + name: "example.com." + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR SERVFAIL + SECTION QUESTION + www.example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 05 ; option length + 00 01 ; Family + 08 00 ; source mask, scopemask + 7f ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; Bring the cached SERVFAIL to prefetch time +STEP 10 TIME_PASSES ELAPSE 5 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 00 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ENTRY_END + +; This answer was cached but a prefetch was triggerred +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 13 TIME_PASSES ELAPSE 2 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache (because the server replied with ECS this time) +STEP 14 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 00 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ENTRY_END + +; This record came from the ECS cache +STEP 15 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3598 IN NS ns.example.com. +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 08 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ns.example.com. 3598 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_derived.crpl b/testdata/subnet_derived.crpl index 6ff626abd..7acf316fe 100644 --- a/testdata/subnet_derived.crpl +++ b/testdata/subnet_derived.crpl @@ -39,6 +39,7 @@ RANGE_BEGIN 0 100 SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY + net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty @@ -111,6 +112,8 @@ RANGE_BEGIN 0 100 SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty diff --git a/testdata/subnet_format_ip4.crpl b/testdata/subnet_format_ip4.crpl index cd1c858fd..1370caee7 100644 --- a/testdata/subnet_format_ip4.crpl +++ b/testdata/subnet_format_ip4.crpl @@ -38,6 +38,7 @@ RANGE_BEGIN 0 100 SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY + net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty @@ -108,6 +109,8 @@ RANGE_BEGIN 0 100 SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty diff --git a/testdata/subnet_global_prefetch.crpl b/testdata/subnet_global_prefetch.crpl new file mode 100644 index 000000000..2f005d43b --- /dev/null +++ b/testdata/subnet_global_prefetch.crpl @@ -0,0 +1,236 @@ +; Check if the prefetch option works properly for messages stored in the global +; cache for non-ECS clients. The prefetch query needs to result in an ECS +; outgoing query based on the client's IP. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + prefetch: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache (because no ECS from upstream) +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Try to trigger a prefetch +STEP 3 TIME_PASSES ELAPSE 9 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the global cache and a prefetch was triggered. +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 1 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3591 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3591 IN A 1.2.3.4 +ENTRY_END + +; Allow time to pass so that the global cache record is expired. +STEP 13 TIME_PASSES ELAPSE 2 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache. +STEP 15 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the ECS cache. +STEP 16 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3598 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3598 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_global_prefetch_always_forward.crpl b/testdata/subnet_global_prefetch_always_forward.crpl new file mode 100644 index 000000000..ccfe5dfd6 --- /dev/null +++ b/testdata/subnet_global_prefetch_always_forward.crpl @@ -0,0 +1,167 @@ +; Check if the prefetch option works properly when serve-expired is combined +; with client-subnet-always-forward for non-ECS clients. The prefetch query +; needs to result in an outgoing query without ECS. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + serve-expired: yes + client-subnet-always-forward: yes + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test serve-expired and client-subnet-always-forward without ECS in the request + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Wait for the TTL to expire +STEP 3 TIME_PASSES ELAPSE 20 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the global cache and a prefetch was triggered +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3580 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3580 IN A 1.2.3.4 +ENTRY_END + +STEP 13 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH all + REPLY NOERROR DO + SECTION QUESTION + www.example.com. IN A +ENTRY_END + +STEP 14 TRAFFIC + +SCENARIO_END diff --git a/testdata/subnet_global_prefetch_expired.crpl b/testdata/subnet_global_prefetch_expired.crpl new file mode 100644 index 000000000..de1b78055 --- /dev/null +++ b/testdata/subnet_global_prefetch_expired.crpl @@ -0,0 +1,241 @@ +; Check if the prefetch option works properly for messages stored in the global +; cache for non-ECS clients. The prefetch query needs to result in an ECS +; outgoing query based on the client's IP. +; Prefetch initiated via serve-expired. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-ttl: 1 + prefetch: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled (initiated via serve-expired) + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache (because no ECS from upstream) +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Try to trigger a prefetch with expired data +STEP 3 TIME_PASSES ELAPSE 11 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This expired record came from the global cache and a prefetch is triggered. +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3589 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3589 IN A 1.2.3.4 +ENTRY_END + +;STEP 13 TRAFFIC +; Allow enough time to pass so that the expired record from the global cache +; cannot be used anymore. +STEP 14 TIME_PASSES ELAPSE 1 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache. +STEP 15 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the ECS cache. +STEP 16 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 9 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3599 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3599 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_prefetch_with_client_ecs.crpl b/testdata/subnet_global_prefetch_with_client_ecs.crpl similarity index 100% rename from testdata/subnet_prefetch_with_client_ecs.crpl rename to testdata/subnet_global_prefetch_with_client_ecs.crpl diff --git a/testdata/subnet_not_whitelisted.crpl b/testdata/subnet_not_whitelisted.crpl index 545b019ed..5419a5790 100644 --- a/testdata/subnet_not_whitelisted.crpl +++ b/testdata/subnet_not_whitelisted.crpl @@ -39,6 +39,7 @@ RANGE_BEGIN 0 100 SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY + net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty @@ -109,6 +110,8 @@ RANGE_BEGIN 0 100 SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty diff --git a/testdata/subnet_prefetch.crpl b/testdata/subnet_prefetch.crpl index 04922f2bb..aaa6bf08c 100644 --- a/testdata/subnet_prefetch.crpl +++ b/testdata/subnet_prefetch.crpl @@ -1,12 +1,12 @@ -; Check if the prefetch option works properly for messages stored in the global -; cache for non-ECS clients. The prefetch query needs to result in an ECS -; outgoing query based on the client's IP. +; Check if the prefetch option works properly for messages stored in ECS cache +; for non-ECS clients. server: trust-anchor-signaling: no target-fetch-policy: "0 0 0 0 0" send-client-subnet: 1.2.3.4 max-client-subnet-ipv4: 21 + client-subnet-always-forward: yes module-config: "subnetcache iterator" verbosity: 3 access-control: 127.0.0.1 allow_snoop @@ -19,7 +19,7 @@ stub-zone: stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled +SCENARIO_BEGIN Test prefetch option for ECS cache ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 @@ -78,38 +78,7 @@ RANGE_BEGIN 0 100 RANGE_END ; ns.example.com. -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 11 100 +RANGE_BEGIN 0 100 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname @@ -154,7 +123,7 @@ SECTION QUESTION www.example.com. IN A ENTRY_END -; This answer should be in the global cache (because no ECS from upstream) +; This answer will end up in the subnet cache STEP 2 CHECK_ANSWER ENTRY_BEGIN MATCH all @@ -172,53 +141,51 @@ ENTRY_END ; Try to trigger a prefetch STEP 3 TIME_PASSES ELAPSE 9 -STEP 11 QUERY +STEP 4 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.example.com. IN A ENTRY_END -; This record came from the global cache and a prefetch was triggered -STEP 12 CHECK_ANSWER +; This record came from the cache and a prefetch is triggered +STEP 5 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER -www.example.com. 1 IN A 10.20.30.40 +www.example.com. 1 IN A 10.20.30.40 SECTION AUTHORITY -example.com. 3591 IN NS ns.example.com. +example.com. 3591 IN NS ns.example.com. SECTION ADDITIONAL -ns.example.com. 3591 IN A 1.2.3.4 +ns.example.com. 3591 IN A 1.2.3.4 ENTRY_END -; Allow time to pass so that the global cache record is expired -STEP 13 TIME_PASSES ELAPSE 2 +; Allow for some time to pass to differentiate from a cached vs resolved answer +STEP 6 TIME_PASSES ELAPSE 1 -; Query again to verify that the record was prefetched and stored in the ECS -; cache (because the server replied with ECS this time) -STEP 14 QUERY +STEP 7 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.example.com. IN A ENTRY_END -; This record came from the ECS cache -STEP 15 CHECK_ANSWER +; This prefetched record came from the ECS cache +STEP 8 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA NOERROR SECTION QUESTION -www.example.com. IN A +www.example.com. IN A SECTION ANSWER -www.example.com. 8 IN A 10.20.30.40 +www.example.com. 9 IN A 10.20.30.40 SECTION AUTHORITY -example.com. 3598 IN NS ns.example.com. +example.com. 3599 IN NS ns.example.com. SECTION ADDITIONAL -ns.example.com. 3598 IN A 1.2.3.4 +ns.example.com. 3599 IN A 1.2.3.4 ENTRY_END SCENARIO_END diff --git a/testdata/subnet_without_validator.crpl b/testdata/subnet_without_validator.crpl index 2fbf24239..59c38660f 100644 --- a/testdata/subnet_without_validator.crpl +++ b/testdata/subnet_without_validator.crpl @@ -38,6 +38,7 @@ RANGE_BEGIN 0 100 SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY + net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty @@ -108,6 +109,8 @@ RANGE_BEGIN 0 100 SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty diff --git a/testdata/svcb.tdir/svcb.failure-cases-01 b/testdata/svcb.tdir/svcb.failure-cases-01 index c60151692..6d57584f3 100644 --- a/testdata/svcb.tdir/svcb.failure-cases-01 +++ b/testdata/svcb.tdir/svcb.failure-cases-01 @@ -3,7 +3,7 @@ $TTL 3600 @ SOA primary admin 0 0 0 0 0 -; Here there are multiple instances of the same SvcParamKey in the mandatory list +; These cases should be base64 encoded but aren't f21 HTTPS 1 foo.example.com. ech="123" f21 HTTPS 1 foo.example.com. echconfig="123" diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone index 5d6339542..c3d015ec0 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone +++ b/testdata/svcb.tdir/svcb.success-cases.zone @@ -45,3 +45,17 @@ s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a ke ; maximum alpn size allowed (255 characters) s09 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) + +; dohpath can be (non-)quoted and MUST contain "?dns" +; currently there is no validation from Unbound, it can be anything +; maybe needs changing if Unbound is the primary authoritative for SVCB records. +; Then SVCB_SEMANTIC_CHECKS parts of the code could be used per authoritative role. + +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath= +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="/" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="/dns-query{?dns}" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcd}{!abcd}{?dns} +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcdabcd?dns?defedf} +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-queryéè{?dns} diff --git a/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/testdata/svcb.tdir/svcb.success-cases.zone.cmp index e504e7b18..3a42393ba 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone.cmp +++ b/testdata/svcb.tdir/svcb.success-cases.zone.cmp @@ -8,3 +8,11 @@ s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a" s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +_dns.doh.example. 7200 IN SVCB \# 26 000103646F68076578616D706C65000001000302683200070000 +_dns.doh.example. 7200 IN SVCB \# 26 000103646F68076578616D706C65000001000302683200070000 +_dns.doh.example. 7200 IN SVCB \# 26 000103646F68076578616D706C65000001000302683200070000 +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?dns}" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?abcd}{!abcd}{?dns}" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?abcdabcd?dns?defedf}" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query\195\169\195\168{?dns}" diff --git a/testdata/svcb.tdir/svcb.test b/testdata/svcb.tdir/svcb.test index 17330e08f..280c58fc8 100644 --- a/testdata/svcb.tdir/svcb.test +++ b/testdata/svcb.tdir/svcb.test @@ -66,7 +66,7 @@ then elif $PRE/readzone svcb.failure-cases-03 then - echo "Failure case 02: 65 SvcParams is too many SvcParams; the limit is 64" + echo "Failure case 03: 65 SvcParams is too many SvcParams; the limit is 64" echo "Incorrectly succeeded" exit 1 @@ -75,6 +75,7 @@ then echo "Failure case 04: 256 is too many characters for an alpn; maximum is 255" echo "Incorrectly succeeded" exit 1 + else echo "All failure cases test successfully" fi diff --git a/testdata/val_any.rpl b/testdata/val_any.rpl index 4ce195134..ee249ffb6 100644 --- a/testdata/val_any.rpl +++ b/testdata/val_any.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no rrset-roundrobin: no + harden-unknown-additional: yes stub-zone: name: "." @@ -195,10 +196,8 @@ SECTION ADDITIONAL open.example.com. 600 IN A 213.154.224.1 open.example.com. 600 IN AAAA 2001:7b8:206:1::53 open.example.com. 600 IN AAAA 2001:7b8:206:1::1 -_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} -_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} ENTRY_END SCENARIO_END diff --git a/testdata/val_any_dname.rpl b/testdata/val_any_dname.rpl index 6ab3cded7..005d29606 100644 --- a/testdata/val_any_dname.rpl +++ b/testdata/val_any_dname.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no rrset-roundrobin: no + harden-unknown-additional: no stub-zone: name: "." diff --git a/testdata/val_any_negcache.rpl b/testdata/val_any_negcache.rpl new file mode 100644 index 000000000..77aacba8c --- /dev/null +++ b/testdata/val_any_negcache.rpl @@ -0,0 +1,240 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + rrset-roundrobin: no + aggressive-nsec: yes + harden-unknown-additional: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with response to qtype ANY and negative cache. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response with NODATA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN LOC +SECTION AUTHORITY +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ns7.domain-registry.example. 80173 IN A 62.4.86.230 +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +v.net.example. 28800 IN A 213.154.224.17 +v.net.example. 28800 IN AAAA 2001:7b8:206:1:200:39ff:fe59:b187 +johnny.example.com. 600 IN A 213.154.224.44 +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +johnny.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854} +_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} +_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +example.com. IN LOC +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +example.com. IN LOC +SECTION ANSWER +SECTION AUTHORITY +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +example.com. IN ANY +ENTRY_END + +; recursion happens here. +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_cnametocloser_nosig.rpl b/testdata/val_cnametocloser_nosig.rpl index 6a0552ec5..eca05b1aa 100644 --- a/testdata/val_cnametocloser_nosig.rpl +++ b/testdata/val_cnametocloser_nosig.rpl @@ -6,6 +6,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop forward-zone: name: "." @@ -89,11 +90,27 @@ ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN -MATCH all ede=9 +MATCH all ede=10 REPLY QR RD RA DO SERVFAIL SECTION QUESTION www.example.com. IN AAAA SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 20 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN AAAA +ENTRY_END +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_cnametoinsecure.rpl b/testdata/val_cnametoinsecure.rpl index 78d04de97..372a61f21 100644 --- a/testdata/val_cnametoinsecure.rpl +++ b/testdata/val_cnametoinsecure.rpl @@ -50,9 +50,11 @@ SECTION QUESTION unsafe.example.com. IN AAAA SECTION ANSWER ; empty response +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.com. gJkF06xR3FoD/d+rxcLOwGpT8+DV+nbxED8C6T1qZyhWfKlfpYzISNooKBWD+JQbaGKV/nfm+rT3M0fnIXPpQQ== ENTRY_END - ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -88,6 +90,9 @@ SECTION QUESTION unsafe.example.org. IN AAAA SECTION ANSWER ; empty response +SECTION AUTHORITY +example.org. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.org. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.org. lYlSk7saPytwcu6Dp3HKYdyCOIlpTm+T8kjf0hnrLgPDZuksUjw/GLB+d6onTDpWLlasHfi0eoAkNvTeuR0+1w== ENTRY_END RANGE_END @@ -112,6 +117,8 @@ www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20 SECTION AUTHORITY unsafe.example.com. 3600 IN NSEC v.example.com. NS RRSIG NSEC unsafe.example.com. 3600 IN RRSIG NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899} +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.com. gJkF06xR3FoD/d+rxcLOwGpT8+DV+nbxED8C6T1qZyhWfKlfpYzISNooKBWD+JQbaGKV/nfm+rT3M0fnIXPpQQ== ENTRY_END ; NSEC3 @@ -134,6 +141,8 @@ www.example.org. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20 SECTION AUTHORITY ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN RRSIG NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899} +example.org. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.org. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.org. lYlSk7saPytwcu6Dp3HKYdyCOIlpTm+T8kjf0hnrLgPDZuksUjw/GLB+d6onTDpWLlasHfi0eoAkNvTeuR0+1w== ENTRY_END SCENARIO_END diff --git a/testdata/val_cnametonodata_nonsec.rpl b/testdata/val_cnametonodata_nonsec.rpl index 48158162c..8f3927575 100644 --- a/testdata/val_cnametonodata_nonsec.rpl +++ b/testdata/val_cnametonodata_nonsec.rpl @@ -9,6 +9,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -146,11 +147,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. AI+pFL3opyI/Mx3pCwnULbwc99bqXrJjRp4ds1lIBPN9X/Pia3wQdkM= ; NSEC here ... SECTION ADDITIONAL ENTRY_END @@ -208,11 +211,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} ; NSEC here SECTION ADDITIONAL ENTRY_END @@ -226,6 +231,8 @@ SECTION QUESTION www.example.net. IN A SECTION ANSWER SECTION AUTHORITY +example.net. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +;example.net. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.net. ADNbj4XoTESBEkbFri3OG7SujbOUAoyrxPNHbULhxbvbB48Y0YAwvNY= ;www.example.net. IN NSEC example.net. MX NSEC RRSIG ;www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} SECTION ADDITIONAL @@ -262,4 +269,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_cnametooptout.rpl b/testdata/val_cnametooptout.rpl index c9e982253..2ec4889f9 100644 --- a/testdata/val_cnametooptout.rpl +++ b/testdata/val_cnametooptout.rpl @@ -4,6 +4,7 @@ server: val-override-date: "20091113091234" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no forward-zone: name: "." @@ -44,6 +45,9 @@ REPLY QR NOERROR SECTION QUESTION www.content.hud.gov. IN AAAA SECTION ANSWER +SECTION AUTHORITY +content.hud.gov. 86400 IN NS drfswitch.hud.gov. +content.hud.gov. 86400 IN NS lanswitch.hud.gov. ENTRY_END ENTRY_BEGIN @@ -107,6 +111,8 @@ SECTION AUTHORITY 3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775} GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN NSEC3 1 1 5 abcd gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG ; flags: optout GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775} +content.hud.gov. 86400 IN NS drfswitch.hud.gov. +content.hud.gov. 86400 IN NS lanswitch.hud.gov. ENTRY_END SCENARIO_END diff --git a/testdata/val_cnametoposnowc.rpl b/testdata/val_cnametoposnowc.rpl index 2975bd8d2..1ba57633c 100644 --- a/testdata/val_cnametoposnowc.rpl +++ b/testdata/val_cnametoposnowc.rpl @@ -9,6 +9,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -261,4 +262,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_deleg_nons.rpl b/testdata/val_deleg_nons.rpl index 82348d95b..aac87eab7 100644 --- a/testdata/val_deleg_nons.rpl +++ b/testdata/val_deleg_nons.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -269,4 +270,21 @@ foo.www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +foo.www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +foo.www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_dnamewc.rpl b/testdata/val_dnamewc.rpl index 1a0e41ecf..ee72f6a1f 100644 --- a/testdata/val_dnamewc.rpl +++ b/testdata/val_dnamewc.rpl @@ -9,6 +9,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -264,4 +265,21 @@ www.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_ds_cname.rpl b/testdata/val_ds_cname.rpl index 3b88fb5a2..a49c53538 100644 --- a/testdata/val_ds_cname.rpl +++ b/testdata/val_ds_cname.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -78,6 +79,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -202,4 +205,20 @@ SECTION QUESTION www.example.com. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + SCENARIO_END diff --git a/testdata/val_faildnskey.rpl b/testdata/val_faildnskey.rpl index 528082120..cc1cc9eee 100644 --- a/testdata/val_faildnskey.rpl +++ b/testdata/val_faildnskey.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -143,10 +144,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END RANGE_END @@ -168,4 +172,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_faildnskey_ok.rpl b/testdata/val_faildnskey_ok.rpl index d3ac00c47..50f3184b4 100644 --- a/testdata/val_faildnskey_ok.rpl +++ b/testdata/val_faildnskey_ok.rpl @@ -144,10 +144,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END RANGE_END diff --git a/testdata/val_nodata_failsig.rpl b/testdata/val_nodata_failsig.rpl index 0c4426bc1..16b46d4fd 100644 --- a/testdata/val_nodata_failsig.rpl +++ b/testdata/val_nodata_failsig.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -162,4 +163,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nodata_failwc.rpl b/testdata/val_nodata_failwc.rpl index 3aa8212c8..7ac61fa2b 100644 --- a/testdata/val_nodata_failwc.rpl +++ b/testdata/val_nodata_failwc.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "nsecwc.nlnetlabs.nl" @@ -17,8 +18,8 @@ CONFIG_END SCENARIO_BEGIN Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. - ; ns.example.com. -RANGE_BEGIN 0 100 + ; ns.example.com. +RANGE_BEGIN 0 100 ADDRESS 185.49.140.60 ; response to DNSKEY priming query @@ -69,4 +70,21 @@ _25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nokeyprime.rpl b/testdata/val_nokeyprime.rpl index 5d3727420..b7646d34c 100644 --- a/testdata/val_nokeyprime.rpl +++ b/testdata/val_nokeyprime.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -161,4 +162,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nsec3_b1_nameerror_nowc.rpl b/testdata/val_nsec3_b1_nameerror_nowc.rpl index 0ff135af6..9445fec08 100644 --- a/testdata/val_nsec3_b1_nameerror_nowc.rpl +++ b/testdata/val_nsec3_b1_nameerror_nowc.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -140,12 +141,24 @@ SECTION QUESTION a.c.x.w.example. IN A SECTION ANSWER SECTION AUTHORITY -; example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) -; example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) -; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) -; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) -; b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ) -; b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== ) +ENTRY_END + +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +a.c.x.w.example. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +a.c.x.w.example. IN A +SECTION ANSWER +SECTION AUTHORITY ENTRY_END SCENARIO_END diff --git a/testdata/val_nsec3_b2_nodata_nons.rpl b/testdata/val_nsec3_b2_nodata_nons.rpl index b47643b25..7dd06a392 100644 --- a/testdata/val_nsec3_b2_nodata_nons.rpl +++ b/testdata/val_nsec3_b2_nodata_nons.rpl @@ -6,6 +6,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -97,6 +98,9 @@ ADJUST copy_id REPLY QR AA DO NOERROR SECTION QUESTION ns1.example. IN DS +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) ENTRY_END ENTRY_BEGIN @@ -135,4 +139,21 @@ ns1.example. IN MX SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ns1.example. IN MX +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=12 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ns1.example. IN MX +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nsec3_b4_wild_wr.rpl b/testdata/val_nsec3_b4_wild_wr.rpl index 50daf3809..5ca165628 100644 --- a/testdata/val_nsec3_b4_wild_wr.rpl +++ b/testdata/val_nsec3_b4_wild_wr.rpl @@ -129,6 +129,10 @@ SECTION QUESTION ns2.example. IN A SECTION ANSWER ; nothing to make sure the ns1 server is used for queries. +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) ENTRY_END ENTRY_BEGIN @@ -139,6 +143,10 @@ SECTION QUESTION ns2.example. IN AAAA SECTION ANSWER ; nothing to make sure the ns1 server is used for queries. +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) ENTRY_END diff --git a/testdata/val_nsec3_entnodata_optout_badopt.rpl b/testdata/val_nsec3_entnodata_optout_badopt.rpl index b672bd6e6..c7e5a5006 100644 --- a/testdata/val_nsec3_entnodata_optout_badopt.rpl +++ b/testdata/val_nsec3_entnodata_optout_badopt.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -194,4 +195,21 @@ ent.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ent.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ent.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nsec3_nods_badsig.rpl b/testdata/val_nsec3_nods_badsig.rpl index 79290d659..d99470f34 100644 --- a/testdata/val_nsec3_nods_badsig.rpl +++ b/testdata/val_nsec3_nods_badsig.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -234,4 +235,20 @@ www.sub.example.com. IN A SECTION ANSWER ENTRY_END +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nx_failwc.rpl b/testdata/val_nx_failwc.rpl index 645a6b4c9..765b34456 100644 --- a/testdata/val_nx_failwc.rpl +++ b/testdata/val_nx_failwc.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "nsecwc.nlnetlabs.nl" @@ -67,4 +68,21 @@ a.nsecwc.nlnetlabs.nl. IN TXT SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nx_overreach.rpl b/testdata/val_nx_overreach.rpl index e5046bc1a..28089e5f3 100644 --- a/testdata/val_nx_overreach.rpl +++ b/testdata/val_nx_overreach.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -162,4 +163,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_positive_nosigs.rpl b/testdata/val_positive_nosigs.rpl index e57836f90..c48b39e6f 100644 --- a/testdata/val_positive_nosigs.rpl +++ b/testdata/val_positive_nosigs.rpl @@ -137,10 +137,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION www.example.com. IN DS SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END ; response to query of interest diff --git a/testdata/val_secds_nosig.rpl b/testdata/val_secds_nosig.rpl index 69f83a393..ec768799d 100644 --- a/testdata/val_secds_nosig.rpl +++ b/testdata/val_secds_nosig.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -230,4 +231,19 @@ SECTION QUESTION www.sub.example.com. IN A ENTRY_END +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + SCENARIO_END diff --git a/testdata/val_ta_algo_missing.rpl b/testdata/val_ta_algo_missing.rpl index 9efb24266..537af2cb3 100644 --- a/testdata/val_ta_algo_missing.rpl +++ b/testdata/val_ta_algo_missing.rpl @@ -11,6 +11,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -166,11 +167,27 @@ ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN -MATCH all ede=9 +MATCH all ede=6 REPLY QR RD RA DO SERVFAIL SECTION QUESTION www.example.com. IN A SECTION ANSWER ENTRY_END +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/util/config_file.c b/util/config_file.c index f807397e4..54bd5f952 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -87,7 +87,7 @@ struct config_parser_state* cfg_parser = 0; /** init ports possible for use */ static void init_outgoing_availports(int* array, int num); -struct config_file* +struct config_file* config_create(void) { struct config_file* cfg; @@ -99,6 +99,7 @@ config_create(void) cfg->stat_interval = 0; cfg->stat_cumulative = 0; cfg->stat_extended = 0; + cfg->stat_inhibit_zero = 1; cfg->num_threads = 1; cfg->port = UNBOUND_DNS_PORT; cfg->do_ip4 = 1; @@ -115,6 +116,7 @@ config_create(void) cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */ cfg->do_tcp_keepalive = 0; cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */ + cfg->sock_queue_timeout = 0; /* do not check timeout */ cfg->ssl_service_key = NULL; cfg->ssl_service_pem = NULL; cfg->ssl_port = UNBOUND_DNS_OVER_TLS_PORT; @@ -152,7 +154,7 @@ config_create(void) cfg->outgoing_num_ports = 48; /* windows is limited in num fds */ cfg->num_queries_per_thread = 24; cfg->outgoing_num_tcp = 2; /* leaves 64-52=12 for: 4if,1stop,thread4 */ - cfg->incoming_num_tcp = 2; + cfg->incoming_num_tcp = 2; #endif cfg->stream_wait_size = 4 * 1024 * 1024; cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */ @@ -232,6 +234,7 @@ config_create(void) cfg->harden_below_nxdomain = 1; cfg->harden_referral_path = 0; cfg->harden_algo_downgrade = 0; + cfg->harden_unknown_additional = 0; cfg->use_caps_bits_for_id = 0; cfg->caps_whitelist = NULL; cfg->private_address = NULL; @@ -299,14 +302,14 @@ config_create(void) cfg->minimal_responses = 1; cfg->rrset_roundrobin = 1; cfg->unknown_server_time_limit = 376; - cfg->max_udp_size = 4096; - if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) + cfg->max_udp_size = 1232; /* value taken from edns_buffer_size */ + if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) goto error_exit; - if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) + if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) goto error_exit; - if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) + if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) goto error_exit; - if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) + if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) goto error_exit; #ifdef CLIENT_SUBNET @@ -314,7 +317,7 @@ config_create(void) #else if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; #endif - if(!(cfg->val_nsec3_key_iterations = + if(!(cfg->val_nsec3_key_iterations = strdup("1024 150 2048 150 4096 150"))) goto error_exit; #if defined(DNSTAP_SOCKET_PATH) if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) @@ -336,6 +339,8 @@ config_create(void) cfg->ip_ratelimit_backoff = 0; cfg->ratelimit_backoff = 0; cfg->outbound_msg_retry = 5; + cfg->max_sent_count = 32; + cfg->max_query_restarts = 11; cfg->qname_minimisation = 1; cfg->qname_minimisation_strict = 0; cfg->shm_enable = 0; @@ -369,6 +374,8 @@ config_create(void) if(!(cfg->cachedb_secret = strdup("default"))) goto error_exit; #ifdef USE_REDIS if(!(cfg->redis_server_host = strdup("127.0.0.1"))) goto error_exit; + cfg->redis_server_path = NULL; + cfg->redis_server_password = NULL; cfg->redis_timeout = 100; cfg->redis_server_port = 6379; cfg->redis_expire_records = 0; @@ -484,10 +491,10 @@ int config_set_option(struct config_file* cfg, const char* opt, /* not supported, library must have 1 thread in bgworker */ return 0; } else if(strcmp(opt, "outgoing-port-permit:") == 0) { - return cfg_mark_ports(val, 1, + return cfg_mark_ports(val, 1, cfg->outgoing_avail_ports, 65536); } else if(strcmp(opt, "outgoing-port-avoid:") == 0) { - return cfg_mark_ports(val, 0, + return cfg_mark_ports(val, 0, cfg->outgoing_avail_ports, 65536); } else if(strcmp(opt, "local-zone:") == 0) { return cfg_parse_local_zone(cfg, val); @@ -501,7 +508,7 @@ int config_set_option(struct config_file* cfg, const char* opt, if(atoi(val) == 0) return 0; cfg->val_date_override = (uint32_t)atoi(val); } - } else if(strcmp(opt, "local-data-ptr:") == 0) { + } else if(strcmp(opt, "local-data-ptr:") == 0) { char* ptr = cfg_ptr_reverse((char*)opt); return cfg_strlist_insert(&cfg->local_data, ptr); } else if(strcmp(opt, "logfile:") == 0) { @@ -516,6 +523,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("use-syslog:", use_syslog) else S_STR("log-identity:", log_identity) else S_YNO("extended-statistics:", stat_extended) + else S_YNO("statistics-inhibit-zero:", stat_inhibit_zero) else S_YNO("statistics-cumulative:", stat_cumulative) else S_YNO("shm-enable:", shm_enable) else S_NUMBER_OR_ZERO("shm-key:", shm_key) @@ -536,6 +544,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_NUMBER_NONZERO("tcp-reuse-timeout:", tcp_reuse_timeout) else S_YNO("edns-tcp-keepalive:", do_tcp_keepalive) else S_NUMBER_NONZERO("edns-tcp-keepalive-timeout:", tcp_keepalive_timeout) + else S_NUMBER_OR_ZERO("sock-queue-timeout:", sock_queue_timeout) else S_YNO("ssl-upstream:", ssl_upstream) else S_YNO("tls-upstream:", ssl_upstream) else S_STR("ssl-service-key:", ssl_service_key) @@ -645,6 +654,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("harden-below-nxdomain:", harden_below_nxdomain) else S_YNO("harden-referral-path:", harden_referral_path) else S_YNO("harden-algo-downgrade:", harden_algo_downgrade) + else S_YNO("harden-unknown-additional:", harden_unknown_additional) else S_YNO("use-caps-for-id:", use_caps_bits_for_id) else S_STRLIST("caps-whitelist:", caps_whitelist) else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold) @@ -680,7 +690,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else if(strcmp(opt, "serve-expired-reply-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->serve_expired_reply_ttl = atoi(val); SERVE_EXPIRED_REPLY_TTL=(time_t)cfg->serve_expired_reply_ttl;} else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout) - else S_YNO("ede:", ede) + else S_YNO("ede:", ede) else S_YNO("ede-serve-expired:", ede_serve_expired) else S_YNO("serve-original-ttl:", serve_original_ttl) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) @@ -778,6 +788,8 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff) else S_YNO("ratelimit-backoff:", ratelimit_backoff) else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry) + else S_NUMBER_NONZERO("max-sent-count:", max_sent_count) + else S_NUMBER_NONZERO("max-query-restarts:", max_query_restarts) else S_SIZET_NONZERO("fast-server-num:", fast_server_num) else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil) else S_YNO("qname-minimisation:", qname_minimisation) @@ -806,7 +818,7 @@ int config_set_option(struct config_file* cfg, const char* opt, { IS_NUMBER_OR_ZERO; cfg->val_max_restart = (int32_t)atoi(val); } else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); - char** oi = + char** oi = (char**)reallocarray(NULL, (size_t)cfg->num_out_ifs+1, sizeof(char*)); if(!d || !oi) { free(d); free(oi); return -1; } if(cfg->out_ifs && cfg->num_out_ifs) { @@ -901,7 +913,7 @@ config_collate_cat(struct config_strlist* list) for(s=list; s; s=s->next) total += strlen(s->str) + 1; /* len + newline */ left = total+1; /* one extra for nul at end */ - r = malloc(left); + r = malloc(left); if(!r) return NULL; w = r; @@ -980,7 +992,7 @@ config_collate_cat(struct config_strlist* list) } int -config_get_option(struct config_file* cfg, const char* opt, +config_get_option(struct config_file* cfg, const char* opt, void (*func)(char*,void*), void* arg) { char buf[1024], nopt[64]; @@ -996,6 +1008,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "statistics-interval", stat_interval) else O_YNO(opt, "statistics-cumulative", stat_cumulative) else O_YNO(opt, "extended-statistics", stat_extended) + else O_YNO(opt, "statistics-inhibit-zero", stat_inhibit_zero) else O_YNO(opt, "shm-enable", shm_enable) else O_DEC(opt, "shm-key", shm_key) else O_YNO(opt, "use-syslog", use_syslog) @@ -1055,6 +1068,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "tcp-reuse-timeout", tcp_reuse_timeout) else O_YNO(opt, "edns-tcp-keepalive", do_tcp_keepalive) else O_DEC(opt, "edns-tcp-keepalive-timeout", tcp_keepalive_timeout) + else O_DEC(opt, "sock-queue-timeout", sock_queue_timeout) else O_YNO(opt, "ssl-upstream", ssl_upstream) else O_YNO(opt, "tls-upstream", ssl_upstream) else O_STR(opt, "ssl-service-key", ssl_service_key) @@ -1110,6 +1124,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain) else O_YNO(opt, "harden-referral-path", harden_referral_path) else O_YNO(opt, "harden-algo-downgrade", harden_algo_downgrade) + else O_YNO(opt, "harden-unknown-additional", harden_unknown_additional) else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id) else O_LST(opt, "caps-whitelist", caps_whitelist) else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold) @@ -1238,6 +1253,8 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff) else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff) else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry) + else O_UNS(opt, "max-sent-count", max_sent_count) + else O_UNS(opt, "max-query-restarts", max_query_restarts) else O_DEC(opt, "fast-server-num", fast_server_num) else O_DEC(opt, "fast-server-permil", fast_server_permil) else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) @@ -1278,6 +1295,8 @@ config_get_option(struct config_file* cfg, const char* opt, #ifdef USE_REDIS else O_STR(opt, "redis-server-host", redis_server_host) else O_DEC(opt, "redis-server-port", redis_server_port) + else O_STR(opt, "redis-server-path", redis_server_path) + else O_STR(opt, "redis-server-password", redis_server_password) else O_DEC(opt, "redis-timeout", redis_timeout) else O_YNO(opt, "redis-expire-records", redis_expire_records) #endif /* USE_REDIS */ @@ -1313,7 +1332,7 @@ create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot) init_cfg_parse(); } -int +int config_read(struct config_file* cfg, const char* filename, const char* chroot) { FILE *in; @@ -1353,7 +1372,7 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot) if(r == GLOB_NOMATCH) { verbose(VERB_QUERY, "include: " "no matches for %s", fname); - return 1; + return 1; } else if(r == GLOB_NOSPACE) { log_err("include: %s: " "fnametern out of memory", fname); @@ -1552,7 +1571,7 @@ config_del_strbytelist(struct config_strbytelist* p) } } -void +void config_delete(struct config_file* cfg) { if(!cfg) return; @@ -1629,6 +1648,7 @@ config_delete(struct config_file* cfg) free(cfg->server_cert_file); free(cfg->control_key_file); free(cfg->control_cert_file); + free(cfg->nat64_prefix); free(cfg->dns64_prefix); config_delstrlist(cfg->dns64_ignore_aaaa); free(cfg->dnstap_socket_path); @@ -1654,6 +1674,8 @@ config_delete(struct config_file* cfg) free(cfg->cachedb_secret); #ifdef USE_REDIS free(cfg->redis_server_host); + free(cfg->redis_server_path); + free(cfg->redis_server_password); #endif /* USE_REDIS */ #endif /* USE_CACHEDB */ #ifdef USE_IPSET @@ -1663,7 +1685,7 @@ config_delete(struct config_file* cfg) free(cfg); } -static void +static void init_outgoing_availports(int* a, int num) { /* generated with make iana_update */ @@ -1676,7 +1698,7 @@ init_outgoing_availports(int* a, int num) for(i=1024; istr = item; s->next = NULL; - + if (*head==NULL) { *head = s; } else { @@ -1922,11 +1944,11 @@ cfg_strlist_append_ex(struct config_strlist** head, char* item) } last->next = s; } - - return 1; + + return 1; } -int +int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) { struct config_str2list *s; @@ -1948,7 +1970,7 @@ cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) return 1; } -int +int cfg_str3list_insert(struct config_str3list** head, char* item, char* i2, char* i3) { @@ -1984,7 +2006,7 @@ cfg_strbytelist_insert(struct config_strbytelist** head, char* item, return 1; } -time_t +time_t cfg_convert_timeval(const char* str) { time_t t; @@ -1992,7 +2014,7 @@ cfg_convert_timeval(const char* str) memset(&tm, 0, sizeof(tm)); if(strlen(str) < 14) return 0; - if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, + if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) return 0; tm.tm_year -= 1900; @@ -2009,7 +2031,7 @@ cfg_convert_timeval(const char* str) return t; } -int +int cfg_count_numbers(const char* s) { /* format ::= (sp num)+ sp */ @@ -2044,7 +2066,7 @@ static int isalldigit(const char* str, size_t l) return 1; } -int +int cfg_parse_memsize(const char* str, size_t* res) { size_t len; @@ -2060,11 +2082,11 @@ cfg_parse_memsize(const char* str, size_t* res) /* check appended num */ while(len>0 && str[len-1]==' ') len--; - if(len > 1 && str[len-1] == 'b') + if(len > 1 && str[len-1] == 'b') len--; - else if(len > 1 && str[len-1] == 'B') + else if(len > 1 && str[len-1] == 'B') len--; - + if(len > 1 && tolower((unsigned char)str[len-1]) == 'g') mult = 1024*1024*1024; else if(len > 1 && tolower((unsigned char)str[len-1]) == 'm') @@ -2151,7 +2173,7 @@ uint8_t* config_parse_taglist(struct config_file* cfg, char* str, log_err("out of memory"); return 0; } - + /* parse */ s = str; while((p=strsep(&s, " \t\n")) != NULL) { @@ -2237,7 +2259,7 @@ int taglist_intersect(uint8_t* list1, size_t list1len, const uint8_t* list2, return 0; } -void +void config_apply(struct config_file* config) { MAX_TTL = (time_t)config->max_ttl; @@ -2279,7 +2301,7 @@ void config_lookup_uid(struct config_file* cfg) #endif } -/** +/** * Calculate string length of full pathname in original filesys * @param fname: the path name to convert. * Must not be null or empty. @@ -2293,7 +2315,7 @@ strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) { size_t len = 0; int slashit = 0; - if(cfg->chrootdir && cfg->chrootdir[0] && + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { /* already full pathname, return it */ return strlen(fname); @@ -2316,8 +2338,8 @@ strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) /* prepend chdir */ if(slashit && cfg->directory[0] != '/') len++; - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, cfg->directory, + if(cfg->chrootdir && cfg->chrootdir[0] && + strncmp(cfg->chrootdir, cfg->directory, strlen(cfg->chrootdir)) == 0) len += strlen(cfg->directory)-strlen(cfg->chrootdir); else len += strlen(cfg->directory); @@ -2340,7 +2362,7 @@ fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) return NULL; buf[0] = 0; /* is fname already in chroot ? */ - if(cfg->chrootdir && cfg->chrootdir[0] && + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { /* already full pathname, return it */ (void)strlcpy(buf, fname, len); @@ -2366,10 +2388,10 @@ fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) if(slashit && cfg->directory[0] != '/') (void)strlcat(buf, "/", len); /* is the directory already in the chroot? */ - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, cfg->directory, + if(cfg->chrootdir && cfg->chrootdir[0] && + strncmp(cfg->chrootdir, cfg->directory, strlen(cfg->chrootdir)) == 0) - (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir), + (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir), len); else (void)strlcat(buf, cfg->directory, len); slashit = 1; @@ -2406,7 +2428,7 @@ static char* last_space_pos(const char* str) return (sp>tab)?sp:tab; } -int +int cfg_parse_local_zone(struct config_file* cfg, const char* val) { const char *type, *name_end, *name; @@ -2441,11 +2463,11 @@ cfg_parse_local_zone(struct config_file* cfg, const char* val) } if(strcmp(type, "nodefault")==0) { - return cfg_strlist_insert(&cfg->local_zones_nodefault, + return cfg_strlist_insert(&cfg->local_zones_nodefault, strdup(name)); #ifdef USE_IPSET } else if(strcmp(type, "ipset")==0) { - return cfg_strlist_insert(&cfg->local_zones_ipset, + return cfg_strlist_insert(&cfg->local_zones_ipset, strdup(name)); #endif } else { @@ -2500,7 +2522,7 @@ char* cfg_ptr_reverse(char* str) const char* hex = "0123456789abcdef"; char *p = buf; int i; - memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr, + memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr, sizeof(ad)); for(i=15; i>=0; i--) { uint8_t b = ad[i]; @@ -2512,7 +2534,7 @@ char* cfg_ptr_reverse(char* str) snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa. "); } else { uint8_t ad[4]; - memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr, + memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr, sizeof(ad)); snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa. ", (unsigned)ad[3], (unsigned)ad[2], diff --git a/util/config_file.h b/util/config_file.h index b1406913a..5b7569110 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -76,6 +76,8 @@ struct config_file { int stat_cumulative; /** if true, the statistics are kept in greater detail */ int stat_extended; + /** if true, inhibits a lot of =0 lines from the extended stats output */ + int stat_inhibit_zero; /** number of threads to create */ int num_threads; @@ -86,6 +88,8 @@ struct config_file { int do_ip4; /** do ip6 query support. */ int do_ip6; + /** do nat64 on queries */ + int do_nat64; /** prefer ip4 upstream queries. */ int prefer_ip4; /** prefer ip6 upstream queries. */ @@ -114,6 +118,8 @@ struct config_file { int do_tcp_keepalive; /** tcp keepalive timeout, in msec */ int tcp_keepalive_timeout; + /** timeout of packets sitting in the socket queue */ + int sock_queue_timeout; /** proxy protocol ports */ struct config_strlist* proxy_protocol_port; @@ -230,7 +236,7 @@ struct config_file { /** interface description strings (IP addresses) */ char **ifs; - /** number of outgoing interfaces to open. + /** number of outgoing interfaces to open. * If 0 default all interfaces. */ int num_out_ifs; /** outgoing interface description strings (IP addresses) */ @@ -249,7 +255,7 @@ struct config_file { /** list of donotquery addresses, linked list */ struct config_strlist* donotqueryaddrs; #ifdef CLIENT_SUBNET - /** list of servers we send edns-client-subnet option to and + /** list of servers we send edns-client-subnet option to and * accept option from, linked list */ struct config_strlist* client_subnet; /** list of zones we send edns-client-subnet option for */ @@ -290,6 +296,9 @@ struct config_file { int harden_referral_path; /** harden against algorithm downgrade */ int harden_algo_downgrade; + /** harden against unknown records in the authority section and in + * the additional section */ + int harden_unknown_additional; /** use 0x20 bits in query as random ID bits */ int use_caps_bits_for_id; /** 0x20 whitelist, domains that do not use capsforid */ @@ -362,7 +371,7 @@ struct config_file { /** the module configuration string */ char* module_conf; - + /** files with trusted DS and DNSKEYs in zonefile format, list */ struct config_strlist* trust_anchor_file_list; /** list of trustanchor keys, linked list */ @@ -387,7 +396,7 @@ struct config_file { /** max number of query restarts, number of IPs to probe */ int32_t val_max_restart; /** this value sets the number of seconds before revalidating bogus */ - int bogus_ttl; + int bogus_ttl; /** should validator clean additional section for secure msgs */ int val_clean_additional; /** log bogus messages by the validator */ @@ -533,6 +542,9 @@ struct config_file { /** ignore AAAAs for these domain names and use A record anyway */ struct config_strlist* dns64_ignore_aaaa; + /* NAT64 prefix; if unset defaults to dns64_prefix */ + char* nat64_prefix; + /** true to enable dnstap support */ int dnstap; /** using bidirectional frame streams if true */ @@ -608,6 +620,11 @@ struct config_file { /** number of retries on outgoing queries */ int outbound_msg_retry; + /** max sent queries per qstate; resets on query restarts (e.g., + * CNAMES) and referrals */ + int max_sent_count; + /** max number of query restarts; determines max length of CNAME chain */ + int max_query_restarts; /** minimise outgoing QNAME and hide original QTYPE if possible */ int qname_minimisation; /** minimise QNAME in strict mode, minimise according to RFC. @@ -684,6 +701,10 @@ struct config_file { char* redis_server_host; /** redis server's TCP port */ int redis_server_port; + /** redis server's unix path. Or "", NULL if unused */ + char* redis_server_path; + /** redis server's AUTH password. Or "", NULL if unused */ + char* redis_server_password; /** timeout (in ms) for communication with the redis server */ int redis_timeout; /** set timeout on redis records based on DNS response ttl */ @@ -802,7 +823,7 @@ struct config_view { struct config_strlist* local_zones_ipset; #endif /** Fallback to global local_zones when there is no match in the view - * view specific tree. 1 for yes, 0 for no */ + * view specific tree. 1 for yes, 0 for no */ int isfirst; /** predefined actions for particular IP address responses */ struct config_str2list* respip_actions; @@ -877,7 +898,7 @@ struct config_file* config_create_forlib(void); * @param config: where options are stored into, must be freshly created. * @param filename: name of configfile. If NULL nothing is done. * @param chroot: if not NULL, the chroot dir currently in use (for include). - * @return: false on error. In that case errno is set, ENOENT means + * @return: false on error. In that case errno is set, ENOENT means * file not found. */ int config_read(struct config_file* config, const char* filename, @@ -912,16 +933,16 @@ void config_lookup_uid(struct config_file* config); int config_set_option(struct config_file* config, const char* option, const char* value); -/** +/** * Call print routine for the given option. * @param cfg: config. - * @param opt: option name without trailing :. + * @param opt: option name without trailing :. * This is different from config_set_option. * @param func: print func, called as (str, arg) for every data element. * @param arg: user argument for print func. * @return false if the option name is not supported (syntax error). */ -int config_get_option(struct config_file* cfg, const char* opt, +int config_get_option(struct config_file* cfg, const char* opt, void (*func)(char*,void*), void* arg); /** @@ -941,7 +962,7 @@ int config_get_option_list(struct config_file* cfg, const char* opt, * @param str: string. malloced, caller must free it. * @return 0=OK, 1=syntax error, 2=malloc failed. */ -int config_get_option_collate(struct config_file* cfg, const char* opt, +int config_get_option_collate(struct config_file* cfg, const char* opt, char** str); /** @@ -1136,7 +1157,7 @@ int cfg_count_numbers(const char* str); * k=1024, m=1024*1024, g=1024*1024*1024. * @param str: string * @param res: result is stored here, size in bytes. - * @return: true if parsed correctly, or 0 on a parse error (and an error + * @return: true if parsed correctly, or 0 on a parse error (and an error * is logged). */ int cfg_parse_memsize(const char* str, size_t* res); @@ -1170,7 +1191,7 @@ int find_tag_id(struct config_file* cfg, const char* tag); /** * parse taglist from string into bytestring with bitlist. * @param cfg: the config structure (with tagnames) - * @param str: the string to parse. Parse puts 0 bytes in string. + * @param str: the string to parse. Parse puts 0 bytes in string. * @param listlen: returns length of in bytes. * @return malloced bytes with a bitlist of the tags. or NULL on parse error * or malloc failure. @@ -1213,7 +1234,7 @@ int cfg_parse_local_zone(struct config_file* cfg, const char* val); * @param allow: give true if this range is permitted. * @param avail: the array from cfg. * @param num: size of the array (65536). - * @return: true if parsed correctly, or 0 on a parse error (and an error + * @return: true if parsed correctly, or 0 on a parse error (and an error * is logged). */ int cfg_mark_ports(const char* str, int allow, int* avail, int num); @@ -1241,7 +1262,7 @@ void cfg_apply_local_port_policy(struct config_file* cfg, int num); */ int cfg_scan_ports(int* avail, int num); -/** +/** * Convert a filename to full pathname in original filesys * @param fname: the path name to convert. * Must not be null or empty. @@ -1250,7 +1271,7 @@ int cfg_scan_ports(int* avail, int num); * @return pointer to malloced buffer which is: [chroot][chdir]fname * or NULL on malloc failure. */ -char* fname_after_chroot(const char* fname, struct config_file* cfg, +char* fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir); /** @@ -1335,4 +1356,3 @@ int if_is_dnscrypt(const char* ifname, const char* port, int dnscrypt_port); #endif #endif /* UTIL_CONFIG_FILE_H */ - diff --git a/util/configlexer.c b/util/configlexer.c deleted file mode 100644 index 845d9e00d..000000000 --- a/util/configlexer.c +++ /dev/null @@ -1,6657 +0,0 @@ -#include "config.h" -#include "util/configyyrename.h" - -#line 2 "" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 6 -#define YY_FLEX_SUBMINOR_VERSION 4 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif - -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ -#include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ - -#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L - -/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, - * if you want the limit (max/min) macros for int types. - */ -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS 1 -#endif - -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; - -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) -#endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) -#endif - -#ifndef SIZE_MAX -#define SIZE_MAX (~(size_t)0) -#endif - -#endif /* ! C99 */ - -#endif /* ! FLEXINT_H */ - -/* begin standard C++ headers. */ - -/* TODO: this is always defined, so inline it */ -#define yyconst const - -#if defined(__GNUC__) && __GNUC__ >= 3 -#define yynoreturn __attribute__((__noreturn__)) -#else -#define yynoreturn -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an - * integer in range [0..255] for use as an array index. - */ -#define YY_SC_TO_UI(c) ((YY_CHAR) (c)) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN (yy_start) = 1 + 2 * -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START (((yy_start) - 1) / 2) -#define YYSTATE YY_START -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#ifndef YY_BUF_SIZE -#ifdef __ia64__ -/* On IA-64, the buffer size is 16k, not 8k. - * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. - * Ditto for the __ia64__ case accordingly. - */ -#define YY_BUF_SIZE 32768 -#else -#define YY_BUF_SIZE 16384 -#endif /* __ia64__ */ -#endif - -/* The state buf must be large enough to hold one state per character in the main buffer. - */ -#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) - -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE -typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - -extern int yyleng; - -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - - #define YY_LESS_LINENO(n) - #define YY_LINENO_REWIND_TO(ptr) - -/* Return all but the first "n" matched characters back to the input stream. */ -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ - YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) - -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - int yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; - -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ - -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = NULL; /**< Stack as an array. */ - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - * - * Returns the top of the stack, or NULL. - */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; -static int yy_n_chars; /* number of characters read into yy_ch_buf */ -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = NULL; -static int yy_init = 0; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart ( FILE *input_file ); -void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size ); -void yy_delete_buffer ( YY_BUFFER_STATE b ); -void yy_flush_buffer ( YY_BUFFER_STATE b ); -void yypush_buffer_state ( YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state ( void ); - -static void yyensure_buffer_stack ( void ); -static void yy_load_buffer_state ( void ); -static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file ); -#define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER ) - -YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size ); -YY_BUFFER_STATE yy_scan_string ( const char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len ); - -void *yyalloc ( yy_size_t ); -void *yyrealloc ( void *, yy_size_t ); -void yyfree ( void * ); - -#define yy_new_buffer yy_create_buffer -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer( yyin, YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ - } -#define yy_set_bol(at_bol) \ - { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer( yyin, YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ - } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ -typedef flex_uint8_t YY_CHAR; - -FILE *yyin = NULL, *yyout = NULL; - -typedef int yy_state_type; - -extern int yylineno; -int yylineno = 1; - -extern char *yytext; -#ifdef yytext_ptr -#undef yytext_ptr -#endif -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state ( void ); -static yy_state_type yy_try_NUL_trans ( yy_state_type current_state ); -static int yy_get_next_buffer ( void ); -static void yynoreturn yy_fatal_error ( const char* msg ); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - (yytext_ptr) -= (yy_more_len); \ - yyleng = (int) (yy_cp - (yytext_ptr)); \ - (yy_hold_char) = *yy_cp; \ - *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 369 -#define YY_END_OF_BUFFER 370 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static const flex_int16_t yy_accept[3646] = - { 0, - 1, 1, 343, 343, 347, 347, 351, 351, 355, 355, - 1, 1, 359, 359, 363, 363, 370, 367, 1, 341, - 341, 368, 2, 368, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 343, 344, 344, 345, - 368, 347, 348, 348, 349, 368, 354, 351, 352, 352, - 353, 368, 355, 356, 356, 357, 368, 366, 342, 2, - 346, 368, 366, 362, 359, 360, 360, 361, 368, 363, - 364, 364, 365, 368, 367, 0, 1, 2, 2, 2, - 2, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 343, - 0, 347, 0, 354, 0, 351, 355, 0, 366, 0, - 2, 2, 366, 362, 0, 359, 363, 0, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 366, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 339, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 133, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 143, 367, 367, 367, 367, - 367, 367, 367, 366, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 115, 367, 338, 367, 367, 367, - 367, 367, 367, 367, 367, 8, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 134, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 148, 367, 367, 366, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 331, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 366, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 69, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 260, 367, 14, - 15, 367, 19, 18, 367, 367, 240, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 141, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 238, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 3, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 366, 367, 367, 367, 367, 367, 367, 367, 325, 367, - 367, 324, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 350, 367, 367, 367, 367, 367, 367, 367, - 367, 68, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 72, 367, - 294, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 332, 333, 367, 367, 367, 367, 367, 367, 367, 367, - 73, 367, 367, 142, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 137, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 227, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 21, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 169, 367, 367, 367, - 367, 367, 366, 350, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 113, 367, 367, 367, 367, - 367, 367, 367, 302, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 196, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 168, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 112, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 35, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 36, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 70, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 140, 367, 367, 367, 366, 367, 367, - 367, 367, 367, 132, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 71, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 264, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 197, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 58, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 282, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 63, 367, 64, 367, 367, - 367, 367, 367, 116, 367, 117, 367, 367, 367, 367, - 367, 114, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 7, 367, 367, 367, 367, - 366, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 249, - 367, 367, 367, 367, 172, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 265, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 49, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 59, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 219, - - 367, 218, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 16, 17, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 74, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 226, 367, 367, 367, 367, 367, 367, 119, - 367, 118, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 210, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 149, 367, - 367, 367, 366, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 107, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 95, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 239, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 100, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 67, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 213, 214, 367, 367, - 367, 296, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 6, 367, 367, 367, 367, - 367, 367, 367, 315, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 300, 367, 367, 367, 367, 367, 367, - 367, 326, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 46, 367, 367, 367, - 367, 367, 48, 367, 367, 367, 96, 367, 367, 367, - 367, 367, 56, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 366, 367, 206, 367, 367, 367, - 144, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 231, 367, 207, 367, 367, 367, 246, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 57, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 146, 125, 367, 126, 367, 367, 367, 367, 124, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 165, 367, - 367, 54, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 281, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 208, 367, 367, 367, 367, 367, 211, 367, - 217, 367, 367, 367, 367, 367, 367, 245, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 111, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 138, 367, 367, 367, - - 367, 367, 367, 367, 367, 65, 367, 367, 367, 29, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 20, 367, 367, 367, 367, 367, 367, 367, - 30, 39, 367, 177, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 204, 367, - 367, 366, 367, 367, 367, 367, 367, 367, 82, 84, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 304, 367, 367, 367, 367, 261, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 127, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 164, 367, 50, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 255, 367, 367, - 367, 367, 367, 367, 367, 319, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 171, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 313, - 367, 367, 367, 367, 237, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 329, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 189, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 120, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 184, 367, 198, 367, 367, 367, 367, 367, - 367, 367, 366, 367, 152, 367, 367, 367, 367, 367, - 106, 367, 367, 367, 367, 229, 367, 367, 367, 367, - 367, 367, 247, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 273, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 145, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 188, - 367, 367, 367, 367, 367, 367, 367, 85, 367, 86, - 367, 367, 367, 367, 367, 258, 367, 367, 367, 367, - 66, 322, 367, 367, 367, 367, 367, 94, 199, 367, - 220, 367, 250, 367, 367, 212, 297, 367, 367, 367, - 367, 367, 367, 78, 367, 201, 367, 367, 367, 367, - 367, 367, 9, 367, 367, 367, 367, 367, 110, 367, - 367, 367, 367, 367, 367, 286, 367, 367, 367, 367, - 228, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 366, 367, 367, 367, 367, - 187, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 173, 367, 303, 367, 367, 367, 367, 367, 272, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 241, 367, 367, 367, 367, 367, 367, 295, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 170, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 323, 367, 200, - 367, 367, 367, 367, 367, 367, 367, 367, 77, 79, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 109, 367, 367, 367, 367, 367, 367, 284, 367, 367, - 367, 367, 299, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 233, 37, 31, 33, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 38, 367, 32, 34, 367, 40, 367, 367, - - 367, 367, 367, 367, 367, 105, 367, 183, 367, 367, - 367, 367, 367, 367, 367, 366, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 235, 232, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 76, 367, - 367, 367, 147, 367, 128, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 166, 51, 367, 367, 367, - 358, 13, 367, 367, 367, 367, 367, 367, 367, 153, - 367, 367, 367, 367, 367, 367, 367, 317, 367, 320, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 12, 367, 367, 22, 367, 367, 367, 367, - 367, 367, 367, 290, 367, 367, 367, 367, 301, 367, - 367, 367, 367, 80, 367, 243, 367, 367, 367, 367, - 367, 234, 367, 367, 75, 367, 367, 367, 367, 367, - 367, 23, 367, 367, 47, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 182, 181, 367, - 367, 358, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 236, 230, 367, 248, 367, 367, 305, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 194, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 87, 367, 367, 367, 367, 367, - 367, 367, 285, 367, 367, 367, 367, 216, 367, 367, - 367, 367, 367, 242, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 292, 367, 367, 367, 327, 328, - 179, 367, 367, 367, 81, 367, 367, 367, 367, 190, - 367, 367, 367, 121, 123, 122, 367, 367, 367, 25, - 367, 367, 174, 367, 176, 367, 221, 367, 367, 367, - 367, 180, 367, 367, 367, 367, 251, 367, 367, 367, - 367, 367, 367, 367, 155, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 263, 367, 367, - 367, 367, 367, 367, 367, 336, 367, 27, 367, 298, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 92, 222, 367, - 367, 257, 367, 367, 283, 367, 321, 367, 215, 367, - 367, 367, 367, 367, 293, 60, 367, 367, 367, 367, - 367, 367, 367, 4, 367, 367, 367, 367, 136, 367, - 154, 367, 367, 367, 195, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 254, 41, 42, 367, 367, 367, 367, - - 367, 367, 367, 306, 367, 367, 367, 367, 367, 367, - 367, 271, 367, 367, 367, 367, 367, 367, 367, 367, - 225, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 91, 90, 367, 367, 61, - 367, 367, 289, 367, 259, 367, 367, 367, 367, 367, - 11, 367, 367, 367, 367, 340, 367, 367, 367, 367, - 135, 367, 367, 367, 367, 367, 223, 97, 367, 367, - 44, 367, 367, 367, 367, 367, 367, 367, 367, 186, - 367, 367, 367, 367, 367, 367, 367, 157, 367, 367, - 367, 367, 262, 367, 367, 367, 367, 367, 270, 367, - - 367, 367, 367, 150, 367, 367, 367, 129, 131, 130, - 367, 367, 367, 99, 103, 98, 167, 367, 367, 367, - 367, 88, 367, 256, 291, 367, 367, 367, 367, 367, - 367, 10, 367, 367, 367, 367, 367, 287, 330, 367, - 367, 367, 367, 367, 367, 335, 43, 367, 367, 367, - 367, 367, 185, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 104, 102, - 367, 55, 367, 367, 89, 367, 318, 367, 367, 367, - 367, 24, 367, 367, 367, 367, 367, 209, 367, 367, - - 367, 367, 367, 367, 224, 367, 367, 367, 367, 367, - 367, 367, 367, 205, 367, 367, 175, 83, 367, 367, - 367, 367, 367, 307, 367, 367, 367, 367, 367, 367, - 367, 267, 367, 367, 266, 151, 367, 367, 101, 52, - 367, 367, 158, 159, 162, 163, 160, 161, 93, 316, - 367, 367, 288, 139, 367, 367, 367, 26, 367, 178, - 367, 367, 367, 367, 203, 367, 253, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 192, 191, - 45, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 314, 367, 367, 367, 367, 108, - 367, 252, 367, 280, 311, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 337, 367, 53, 62, - 5, 367, 367, 244, 367, 367, 312, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 268, 28, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 269, 367, 367, 367, 156, 367, 367, 367, 367, 367, - 367, 367, 367, 193, 367, 202, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 308, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 334, 367, 367, 276, 367, 367, 367, - 367, 367, 309, 367, 367, 367, 367, 367, 367, 310, - 367, 367, 367, 274, 367, 277, 278, 367, 367, 367, - 367, 367, 275, 279, 0 - } ; - -static const YY_CHAR yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 5, 6, 1, 1, 1, 7, 1, - 1, 1, 1, 1, 8, 1, 1, 1, 9, 1, - 10, 11, 1, 12, 1, 1, 1, 13, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 14, 1, 1, 1, 1, 15, 16, 17, 18, - - 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 40, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static const YY_CHAR yy_meta[41] = - { 0, - 1, 2, 3, 4, 5, 1, 6, 1, 1, 1, - 1, 1, 7, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 - } ; - -static const flex_int16_t yy_base[3664] = - { 0, - 0, 0, 38, 41, 44, 46, 59, 65, 71, 77, - 90, 112, 96, 118, 124, 136, 4156, 2779, 81, 7110, - 7110, 7110, 129, 52, 130, 63, 131, 152, 70, 140, - 149, 156, 57, 88, 76, 173, 175, 95, 197, 145, - 185, 199, 208, 213, 178, 123, 2391, 7110, 7110, 7110, - 107, 2147, 7110, 7110, 7110, 154, 2117, 1982, 7110, 7110, - 7110, 245, 1770, 7110, 7110, 7110, 163, 1609, 7110, 249, - 7110, 253, 148, 1509, 1480, 7110, 7110, 7110, 257, 1324, - 7110, 7110, 7110, 233, 1201, 263, 201, 0, 267, 0, - 0, 165, 191, 221, 252, 205, 181, 265, 92, 261, - - 216, 263, 271, 272, 210, 279, 274, 282, 278, 291, - 283, 286, 276, 285, 295, 293, 306, 314, 297, 313, - 317, 311, 315, 319, 321, 331, 327, 332, 336, 322, - 339, 337, 346, 345, 347, 348, 353, 351, 357, 284, - 358, 359, 369, 360, 380, 365, 381, 379, 375, 366, - 367, 389, 390, 394, 393, 395, 396, 403, 404, 1026, - 419, 993, 422, 933, 429, 800, 757, 433, 713, 437, - 441, 0, 433, 515, 447, 479, 364, 452, 411, 445, - 426, 446, 447, 448, 449, 450, 451, 453, 452, 456, - 470, 234, 463, 473, 481, 479, 476, 483, 486, 493, - - 488, 489, 495, 491, 501, 508, 505, 506, 504, 510, - 512, 513, 460, 514, 517, 529, 518, 516, 526, 538, - 539, 550, 543, 534, 551, 552, 400, 559, 555, 563, - 558, 570, 565, 574, 566, 569, 571, 576, 573, 577, - 580, 581, 578, 584, 585, 587, 589, 598, 599, 590, - 602, 596, 611, 607, 616, 612, 614, 613, 617, 541, - 627, 628, 620, 629, 630, 624, 633, 641, 637, 649, - 644, 635, 645, 647, 648, 652, 651, 656, 653, 668, - 670, 669, 672, 679, 665, 675, 666, 678, 682, 681, - 691, 654, 686, 693, 698, 683, 696, 699, 687, 702, - - 704, 705, 710, 711, 708, 7110, 718, 714, 721, 722, - 729, 726, 731, 733, 740, 741, 716, 725, 737, 739, - 744, 746, 748, 750, 742, 751, 755, 753, 759, 763, - 770, 765, 772, 785, 767, 773, 777, 778, 786, 774, - 780, 798, 812, 790, 808, 809, 795, 813, 814, 815, - 816, 818, 822, 819, 833, 821, 823, 830, 836, 837, - 839, 840, 847, 842, 7110, 844, 852, 866, 853, 862, - 865, 849, 869, 871, 850, 881, 877, 874, 891, 913, - 878, 884, 882, 886, 889, 7110, 896, 893, 937, 895, - 902, 923, 918, 906, 919, 920, 921, 925, 947, 928, - - 926, 943, 961, 958, 942, 948, 945, 959, 967, 972, - 969, 971, 973, 974, 983, 883, 976, 975, 989, 978, - 979, 984, 990, 994, 997, 1003, 1007, 1008, 1009, 999, - 1001, 1013, 1014, 1017, 1025, 1048, 1021, 1019, 1030, 1020, - 1037, 1042, 1022, 1038, 1050, 1049, 1051, 1039, 1040, 1055, - 1058, 1067, 1060, 1063, 1076, 1071, 1074, 1077, 1078, 1079, - 1081, 1080, 1085, 1086, 1087, 1088, 1095, 1093, 1094, 1101, - 1103, 1096, 1109, 1107, 7110, 1111, 7110, 1113, 1114, 1115, - 1116, 1118, 1119, 1120, 1121, 7110, 1123, 1126, 1127, 1137, - 1128, 1138, 1145, 1152, 1130, 1148, 1149, 1150, 1151, 1155, - - 1158, 1169, 1156, 1161, 1172, 1159, 1174, 1171, 1168, 1177, - 1175, 1182, 1178, 1184, 1185, 1186, 1205, 7110, 1187, 1188, - 1195, 1192, 1198, 1203, 1202, 1212, 1223, 1214, 1215, 1222, - 1226, 1239, 1227, 1230, 1191, 1234, 1236, 1247, 1237, 1249, - 1243, 1251, 1245, 1252, 1254, 1255, 1259, 1261, 1265, 1266, - 1268, 7110, 1267, 1271, 1278, 1285, 1280, 1272, 1269, 1283, - 1286, 1289, 1290, 1291, 1293, 1296, 1298, 1300, 1308, 1303, - 1311, 1309, 1310, 1312, 1314, 1317, 1316, 1318, 1323, 1331, - 1328, 1333, 1336, 1344, 1343, 1346, 1353, 1355, 1340, 1348, - 1350, 1356, 1352, 1351, 1360, 1361, 1366, 1363, 1365, 1372, - - 1373, 1374, 1375, 1377, 1378, 1382, 1380, 1385, 1387, 1388, - 1390, 1389, 1391, 1398, 1397, 1399, 1404, 1401, 1417, 1403, - 1406, 1420, 1423, 1410, 1414, 7110, 1432, 1427, 1430, 1431, - 1434, 1437, 1438, 1442, 1441, 1444, 1447, 1445, 1446, 1449, - 1452, 1453, 1454, 1455, 1456, 1462, 1469, 1464, 1473, 1480, - 1479, 1481, 1467, 1483, 1484, 1487, 1488, 1495, 1491, 1499, - 1500, 1490, 1501, 1494, 1514, 1504, 1505, 1511, 1525, 1502, - 1520, 1522, 1512, 1523, 1526, 1528, 1534, 1542, 1538, 1539, - 1546, 1547, 1541, 1549, 1543, 1553, 1556, 1557, 1558, 1559, - 1560, 1567, 1564, 1563, 1569, 1570, 1565, 1571, 1579, 1573, - - 1587, 1577, 1586, 1589, 1592, 1593, 1594, 1595, 1598, 1596, - 1602, 1603, 1604, 1605, 1610, 1617, 1606, 1625, 1618, 1608, - 1619, 1626, 1628, 1634, 1635, 1636, 1637, 1638, 1639, 1641, - 1642, 1648, 1645, 1651, 1652, 1655, 1657, 1656, 1670, 1662, - 1671, 1672, 1659, 1675, 1677, 1679, 1660, 1683, 1685, 1688, - 1690, 1680, 7110, 1678, 1702, 1691, 1699, 1698, 1700, 1701, - 1712, 1705, 1707, 1704, 1708, 1709, 1734, 7110, 1715, 7110, - 7110, 1718, 7110, 7110, 1717, 1721, 7110, 1716, 1731, 1723, - 1724, 1741, 1747, 1749, 1744, 1742, 1751, 1752, 1763, 1773, - 1758, 1759, 1761, 1766, 1767, 1762, 1779, 1776, 1768, 1788, - - 1789, 1769, 1795, 1802, 1790, 1805, 1800, 1803, 1809, 1807, - 1811, 1813, 1817, 1819, 1820, 1822, 1823, 1824, 1826, 1720, - 1828, 1825, 1833, 1830, 1834, 1836, 1835, 1843, 1846, 1839, - 1855, 7110, 1853, 1856, 1842, 1865, 1862, 1866, 1868, 1863, - 1864, 1874, 1876, 1870, 1877, 1879, 1881, 1880, 1882, 1883, - 1886, 1889, 1892, 1890, 1894, 1897, 1896, 1902, 7110, 1903, - 1904, 1906, 1910, 1907, 1908, 1917, 1909, 1918, 1919, 1920, - 1932, 1924, 1934, 1925, 1927, 1936, 1929, 1937, 1939, 7110, - 1947, 1952, 1941, 1954, 1944, 1948, 1956, 1957, 1958, 1960, - 1961, 1963, 1964, 1966, 1977, 1972, 1974, 1973, 1975, 1983, - - 1987, 1980, 1990, 1991, 1999, 1992, 1995, 2000, 2001, 2002, - 2003, 2005, 2006, 2008, 2012, 2013, 2020, 2016, 2024, 2017, - 2019, 2035, 2040, 2022, 2033, 2036, 2037, 2038, 2043, 2047, - 2051, 2046, 2050, 2053, 2060, 2055, 2058, 2061, 2062, 2069, - 2071, 2063, 2073, 2080, 2064, 2074, 2083, 2076, 7110, 2082, - 2084, 7110, 2089, 2090, 2091, 2113, 2092, 2096, 2099, 2104, - 2101, 2105, 2108, 2097, 2115, 2107, 2131, 2119, 2127, 2132, - 2135, 2137, 2133, 2138, 2139, 2140, 2144, 2146, 2149, 2151, - 2159, 2162, 2166, 2168, 2170, 2169, 2171, 2172, 2174, 2194, - 2173, 2175, 2176, 2177, 2178, 2181, 2188, 2182, 2183, 2184, - - 2187, 2199, 2207, 2204, 2205, 2210, 2211, 2212, 2216, 2219, - 2221, 2222, 7110, 2229, 2232, 2224, 2226, 2233, 2244, 2236, - 2237, 7110, 2239, 2240, 2245, 2253, 2250, 2251, 2252, 2254, - 2255, 2258, 2260, 2262, 2264, 2275, 2263, 2282, 7110, 2267, - 7110, 2265, 2266, 2284, 2268, 2277, 2285, 2290, 2288, 2292, - 7110, 7110, 2294, 2295, 2300, 2302, 2312, 2298, 2308, 2309, - 7110, 2310, 2317, 7110, 2314, 2313, 2321, 2319, 2320, 2325, - 2327, 2329, 2331, 2336, 2332, 2343, 2334, 2339, 2347, 7110, - 2350, 2335, 2348, 2353, 2354, 2355, 2356, 2357, 2363, 2360, - 7110, 2364, 2366, 2367, 2380, 2376, 2377, 2378, 2381, 2387, - - 2379, 2383, 2385, 2389, 2390, 2399, 2400, 2401, 2404, 2406, - 2413, 2410, 2414, 7110, 2412, 2398, 2418, 2425, 2421, 2423, - 2420, 2424, 2427, 2428, 2430, 2431, 2436, 2437, 2435, 2441, - 2442, 2443, 2450, 2451, 2452, 2453, 2456, 2447, 2457, 2460, - 2461, 2468, 2463, 2465, 2469, 2470, 7110, 2473, 2476, 2477, - 2478, 2482, 2480, 171, 2484, 2486, 2490, 2489, 2496, 2504, - 2491, 2499, 2512, 2497, 2509, 2508, 2515, 2507, 2516, 2517, - 2518, 2519, 2524, 2525, 2523, 7110, 2527, 2529, 2528, 2532, - 2535, 2534, 2539, 7110, 2545, 2536, 2551, 2560, 2550, 2548, - 2561, 2552, 2563, 2565, 2567, 2566, 2568, 2575, 2573, 2570, - - 2576, 2577, 7110, 2583, 2586, 2588, 2579, 2589, 2597, 2595, - 2590, 2592, 2598, 2600, 2606, 2602, 2608, 2610, 2611, 2613, - 2616, 2615, 2624, 2614, 2619, 2626, 2623, 2625, 2628, 2627, - 2633, 2636, 2643, 2641, 7110, 2648, 2645, 2649, 2647, 2650, - 2652, 2654, 2653, 2672, 2656, 2662, 2664, 2673, 2678, 2667, - 2681, 2688, 2684, 2689, 2693, 2698, 2695, 2699, 2705, 2696, - 2707, 2709, 2703, 2710, 2719, 2711, 2715, 2716, 2718, 2722, - 2730, 2731, 2729, 2733, 2726, 2727, 2744, 2738, 2750, 2756, - 2746, 7110, 2755, 2748, 2742, 2758, 2760, 2767, 2764, 2765, - 2770, 2768, 2771, 2772, 2774, 2778, 2783, 2784, 2657, 2781, - - 2786, 2790, 2788, 2794, 2797, 2796, 2798, 2801, 2808, 2805, - 2810, 2811, 7110, 2812, 2816, 2799, 2817, 2825, 2819, 2828, - 2829, 2831, 2822, 2832, 2833, 2835, 2837, 2838, 2841, 2840, - 2848, 2845, 2847, 2849, 2846, 7110, 2858, 2852, 2859, 2863, - 2862, 2865, 2866, 2873, 2877, 2879, 2881, 2883, 2869, 2885, - 2886, 2889, 7110, 2896, 2898, 2894, 2895, 2903, 2901, 2904, - 2905, 2907, 2908, 7110, 2909, 2911, 2912, 2915, 2913, 2917, - 2924, 2925, 2920, 7110, 2927, 2931, 2932, 2934, 2935, 2936, - 2937, 2938, 2941, 2942, 2944, 2943, 2957, 2946, 2953, 7110, - 2949, 2965, 2960, 2963, 2966, 2970, 2971, 2973, 2975, 2976, - - 2977, 2981, 7110, 2993, 2871, 2989, 2998, 2982, 2990, 2994, - 2999, 3002, 3003, 2996, 3005, 3006, 3009, 7110, 3010, 3013, - 3015, 3017, 3019, 3020, 3021, 3028, 3027, 3026, 3030, 3032, - 3035, 3036, 3034, 3043, 3037, 3047, 3041, 3045, 3054, 3055, - 3057, 3058, 3060, 3061, 3070, 3071, 3068, 3073, 3076, 3077, - 3069, 3078, 3079, 3087, 3092, 3094, 3089, 3095, 7110, 3098, - 3100, 3093, 3091, 3101, 3105, 3103, 3107, 3110, 3106, 3108, - 3120, 3121, 3112, 3128, 3130, 3123, 3132, 3134, 3136, 3137, - 3139, 3138, 3140, 3141, 3148, 3145, 3147, 3149, 3158, 3151, - 3156, 3169, 3154, 3161, 3164, 3165, 3166, 3168, 3171, 3172, - - 3176, 3178, 3174, 3179, 3188, 3190, 3195, 3186, 3197, 3196, - 3199, 3202, 3203, 3204, 7110, 3207, 3208, 3205, 3212, 3215, - 3218, 3219, 3227, 3222, 3226, 3234, 3230, 3229, 3236, 3238, - 3241, 3242, 3243, 3250, 3246, 7110, 3247, 7110, 3248, 3249, - 3252, 3261, 3256, 7110, 3267, 7110, 3257, 3271, 3262, 3264, - 3268, 7110, 3272, 3273, 3277, 3274, 3279, 3281, 3285, 3286, - 3287, 3288, 3289, 3296, 3291, 3295, 3298, 3302, 3301, 3305, - 3308, 3310, 3311, 3313, 3312, 3315, 3319, 3320, 3321, 3328, - 3330, 3331, 3332, 3333, 3334, 7110, 3338, 3341, 3335, 3346, - 3343, 3345, 3347, 3353, 3354, 3355, 3356, 3360, 3358, 3362, - - 3367, 3370, 3364, 3371, 3374, 3381, 3383, 3375, 3390, 7110, - 3385, 3388, 3389, 3392, 7110, 3396, 3393, 3402, 3404, 3397, - 3394, 3400, 3406, 3413, 3407, 3410, 3416, 3420, 3424, 3427, - 3428, 7110, 3421, 3429, 3419, 3437, 3442, 3433, 3445, 3449, - 3446, 3452, 3454, 3456, 3458, 3435, 3459, 3460, 3461, 3462, - 3470, 3472, 3473, 3469, 3482, 3468, 3475, 3484, 3485, 3471, - 3478, 3486, 3487, 3488, 3492, 3494, 3493, 3495, 3496, 3497, - 3503, 3509, 7110, 3501, 3512, 3504, 3521, 3510, 3518, 3519, - 3514, 3523, 3531, 3527, 7110, 3538, 3525, 3535, 3529, 3542, - 3533, 3546, 3547, 3549, 3550, 3551, 3554, 3553, 3552, 7110, - - 3555, 7110, 3556, 3569, 3558, 3564, 3573, 3574, 3576, 3578, - 3580, 3582, 3583, 3584, 3586, 3589, 3590, 3594, 3595, 3598, - 3596, 3615, 3600, 3597, 3602, 3611, 3612, 3613, 3616, 3626, - 3618, 3617, 7110, 7110, 3619, 3621, 3633, 3628, 3635, 3636, - 3637, 3640, 3647, 3643, 3646, 3649, 3650, 3658, 7110, 3653, - 3654, 3660, 3661, 3662, 3671, 3663, 3673, 3680, 3678, 3675, - 3685, 3684, 7110, 3677, 3686, 3693, 3688, 3695, 3702, 7110, - 3691, 7110, 3692, 3694, 3703, 3706, 3705, 3707, 3708, 3709, - 3712, 3715, 3717, 3720, 3730, 3732, 3733, 3727, 3735, 3723, - 3728, 3737, 3739, 3742, 3750, 3745, 3747, 3748, 7110, 3752, - - 3749, 3753, 3754, 3758, 3760, 3768, 3761, 3762, 7110, 3764, - 3771, 3774, 3772, 3776, 3782, 3779, 3783, 3786, 3788, 3789, - 3790, 3792, 3794, 7110, 3793, 3796, 3807, 3799, 3800, 3802, - 3810, 3814, 3820, 7110, 3821, 3813, 3829, 3825, 3815, 3828, - 3831, 3832, 3833, 3835, 3836, 3837, 3838, 3839, 3844, 3845, - 3841, 3840, 3847, 3858, 3859, 3850, 3869, 3857, 3861, 7110, - 3871, 3866, 3872, 3873, 3874, 3875, 3876, 3878, 3881, 3884, - 3886, 3896, 3897, 3888, 3893, 3899, 3901, 3903, 3908, 3910, - 7110, 3911, 3904, 3918, 3916, 3915, 3923, 3925, 3917, 3927, - 3929, 3919, 3930, 3931, 3933, 3941, 3939, 3949, 3945, 3935, - - 3947, 3946, 3954, 3950, 3952, 3953, 3956, 7110, 3968, 3963, - 3969, 3971, 3974, 3975, 3982, 3978, 3979, 3980, 3989, 3981, - 3991, 3983, 3986, 3993, 3996, 3997, 7110, 7110, 4005, 3998, - 4000, 7110, 4002, 4006, 4016, 4012, 4014, 4015, 4018, 4019, - 4020, 4021, 4024, 4022, 4030, 7110, 4037, 4034, 4038, 4035, - 4042, 4050, 4041, 7110, 4040, 4051, 4053, 4056, 4054, 4057, - 4058, 4060, 4062, 4064, 4066, 4067, 4068, 4070, 4080, 4081, - 4073, 4077, 4082, 7110, 4083, 4084, 4090, 4088, 4089, 4091, - 4096, 7110, 4097, 4100, 4098, 4101, 4105, 4109, 4115, 4112, - 4118, 4120, 4121, 4124, 4122, 4125, 4126, 4129, 4136, 4132, - - 4133, 4134, 4131, 4138, 4151, 4153, 7110, 4147, 4154, 4140, - 4158, 4162, 7110, 4167, 4174, 4175, 7110, 4177, 4155, 4159, - 4172, 4182, 7110, 4178, 4179, 4180, 4185, 4187, 4194, 4189, - 4197, 4196, 4198, 4193, 4199, 4202, 7110, 4203, 4200, 4201, - 7110, 4205, 4209, 4221, 4223, 4207, 4224, 4225, 4228, 4226, - 4229, 7110, 4230, 7110, 4234, 4236, 4239, 7110, 4241, 4242, - 4244, 4246, 4243, 4250, 4251, 4257, 4259, 4247, 4261, 4262, - 4263, 4264, 4266, 4275, 4265, 4272, 4273, 4274, 7110, 4277, - 4276, 4284, 4286, 4279, 4296, 4292, 4290, 4285, 4298, 4287, - 7110, 7110, 4305, 7110, 4307, 4308, 4309, 4311, 7110, 4313, - - 4312, 4320, 4315, 4316, 4319, 4318, 4323, 4329, 7110, 4331, - 4333, 7110, 4335, 4338, 4345, 4340, 4341, 4342, 4343, 4346, - 4350, 4349, 4353, 4355, 4356, 4357, 4352, 4366, 4361, 4374, - 4360, 4379, 7110, 4362, 4372, 4377, 4387, 4384, 4380, 4388, - 4392, 4390, 7110, 4394, 4401, 4393, 4404, 4405, 7110, 4406, - 7110, 4396, 4407, 4408, 4417, 4413, 4424, 7110, 4421, 4422, - 4426, 4427, 4428, 4429, 4430, 4434, 4437, 4438, 4440, 4447, - 4443, 4444, 4442, 4451, 4458, 7110, 4446, 4449, 4452, 4462, - 4467, 4459, 4469, 4471, 4478, 4474, 4473, 4476, 4477, 4481, - 4483, 4486, 4488, 4490, 4492, 4482, 7110, 4498, 4496, 4501, - - 4504, 4512, 4507, 4509, 4510, 7110, 4514, 4515, 4516, 7110, - 4517, 4513, 4523, 4528, 4524, 4529, 4531, 4534, 4535, 4537, - 4538, 4536, 7110, 4540, 4543, 4539, 4556, 4557, 4545, 4546, - 7110, 7110, 4563, 7110, 4565, 4544, 4558, 4548, 4568, 4570, - 4575, 4572, 4577, 4578, 4580, 4583, 4584, 4585, 7110, 4586, - 4594, 4590, 4601, 4597, 4608, 4603, 4607, 4604, 7110, 7110, - 4610, 4613, 4611, 4617, 4618, 4621, 4622, 4629, 4625, 4626, - 4632, 4636, 4643, 7110, 4634, 4635, 4642, 4644, 7110, 4645, - 4647, 4648, 4650, 4649, 4651, 4656, 4653, 4657, 4658, 4660, - 4663, 4661, 4674, 4666, 4668, 4675, 4677, 4678, 4681, 4682, - - 4683, 4688, 7110, 4690, 4685, 4691, 4692, 4696, 4699, 4702, - 4703, 4700, 4705, 4713, 7110, 4714, 7110, 4709, 4706, 4725, - 4715, 4708, 4733, 4730, 4734, 4727, 4718, 4736, 4738, 4743, - 4746, 4739, 4748, 4749, 4752, 4753, 4754, 7110, 4757, 4759, - 4761, 4763, 4769, 4771, 4773, 7110, 4774, 4765, 4776, 4777, - 4781, 4783, 4784, 4787, 4788, 4791, 4792, 4793, 4795, 4800, - 4797, 4801, 4802, 4804, 4805, 7110, 4808, 4815, 4809, 4817, - 4812, 4820, 4821, 4823, 4831, 4834, 4822, 4829, 4835, 7110, - 4836, 4838, 4840, 4848, 7110, 4843, 4845, 4846, 4849, 4850, - 4853, 4855, 4856, 4858, 4862, 7110, 4866, 4859, 4868, 4867, - - 4870, 4871, 4872, 4876, 4882, 4884, 4878, 4891, 7110, 4892, - 4885, 4890, 4896, 4898, 4899, 4900, 4903, 4904, 7110, 4905, - 4913, 4914, 4907, 4926, 4931, 4906, 4917, 4934, 4924, 4933, - 4915, 4935, 4936, 4937, 4941, 4942, 4943, 4944, 4945, 4955, - 4960, 4958, 7110, 4946, 7110, 4947, 4956, 4963, 4974, 4969, - 4971, 4972, 4976, 4975, 7110, 4961, 4982, 4984, 4979, 4987, - 7110, 4988, 4985, 4989, 4990, 7110, 5003, 4986, 4992, 4993, - 5008, 5009, 7110, 5014, 5015, 5011, 5023, 5025, 5020, 5022, - 5024, 5026, 5028, 5030, 5031, 5032, 5041, 5034, 5037, 7110, - 5039, 5046, 5052, 5053, 5054, 5036, 5047, 5055, 5057, 5063, - - 5060, 7110, 5064, 5065, 5066, 5067, 5068, 5070, 5071, 5072, - 5084, 5083, 5079, 5076, 5081, 5088, 5090, 5092, 5097, 7110, - 5093, 5098, 5099, 5108, 5109, 5110, 5115, 7110, 5111, 7110, - 5112, 5116, 5121, 5124, 5128, 7110, 5131, 5132, 5119, 5136, - 7110, 7110, 5138, 5139, 5140, 5144, 5141, 7110, 7110, 5147, - 7110, 5148, 7110, 5149, 5151, 7110, 7110, 5101, 5153, 5154, - 5155, 5156, 5158, 7110, 5165, 7110, 5168, 5169, 5170, 5172, - 5159, 5173, 7110, 5174, 5177, 5182, 5183, 5185, 7110, 5176, - 5187, 5191, 5204, 5190, 5186, 7110, 5200, 5202, 5203, 5206, - 7110, 5209, 5212, 5213, 5207, 5214, 5215, 5216, 5123, 5217, - - 5219, 5220, 5229, 5226, 5227, 5230, 5237, 5239, 5241, 5243, - 5244, 5245, 5248, 5249, 5251, 5254, 5257, 5258, 5259, 5260, - 5261, 5265, 5267, 5264, 5273, 5275, 5268, 5277, 5284, 5285, - 5286, 5270, 5288, 5287, 5289, 5295, 5291, 5302, 5297, 5299, - 5303, 5304, 5306, 5305, 5308, 5312, 5313, 5317, 5315, 5318, - 7110, 5311, 5321, 5322, 5331, 5325, 5332, 5335, 5342, 5347, - 5348, 7110, 5350, 7110, 5352, 5336, 5344, 5338, 5356, 7110, - 5358, 5359, 5360, 5361, 5363, 5364, 5365, 5366, 5362, 5369, - 5373, 7110, 5375, 5389, 5376, 5370, 5385, 5396, 7110, 5391, - 5398, 5383, 5393, 5399, 5402, 5403, 5404, 5405, 5408, 5406, - - 5407, 5413, 5416, 5410, 5419, 5420, 7110, 5428, 5432, 5435, - 5421, 5433, 5434, 5436, 5438, 5440, 5442, 5443, 5444, 5446, - 5447, 5448, 5454, 5460, 5457, 5465, 5470, 7110, 5453, 7110, - 5471, 5473, 5474, 5461, 5477, 5478, 5475, 5479, 7110, 7110, - 5476, 5484, 5485, 5490, 5491, 5487, 5494, 5497, 5499, 5500, - 7110, 5501, 5503, 5507, 5511, 5510, 5512, 7110, 5517, 5519, - 5520, 5522, 7110, 5523, 5524, 5526, 5527, 5537, 5529, 5542, - 5538, 5544, 5531, 5534, 5545, 5550, 7110, 7110, 7110, 7110, - 5551, 5554, 5556, 5557, 5558, 5559, 5560, 5564, 5566, 5562, - 5563, 5567, 7110, 5578, 7110, 7110, 5574, 7110, 5580, 5581, - - 5584, 5586, 5568, 5588, 5590, 7110, 5591, 7110, 5596, 5599, - 5592, 5603, 5609, 5600, 5593, 5611, 5613, 5614, 5615, 5616, - 5623, 5621, 5624, 5622, 5627, 5629, 5631, 7110, 7110, 5635, - 5639, 5640, 5642, 5644, 5645, 5646, 5653, 5651, 5652, 5654, - 5656, 5658, 5659, 5667, 5668, 5664, 5665, 5673, 7110, 5674, - 5670, 5676, 7110, 5678, 7110, 5682, 5683, 5684, 5685, 5686, - 5691, 5692, 5693, 5695, 5697, 7110, 7110, 5696, 5711, 5706, - 7110, 7110, 5698, 5707, 5708, 5710, 5716, 5713, 5718, 7110, - 5721, 5722, 5723, 5719, 5725, 5733, 5726, 7110, 5735, 7110, - 5736, 5738, 5744, 5739, 5747, 5752, 5748, 5755, 5754, 5751, - - 5757, 5758, 7110, 5760, 5761, 7110, 5768, 5767, 5771, 5765, - 5772, 5777, 5773, 7110, 5778, 5780, 5785, 5790, 7110, 5792, - 5793, 5794, 5787, 7110, 5801, 7110, 5795, 5802, 5804, 5809, - 5805, 7110, 5806, 5810, 7110, 5813, 5819, 5821, 5822, 5814, - 5823, 7110, 5829, 5824, 7110, 5830, 5832, 5833, 5838, 5839, - 5841, 5835, 5843, 5844, 5851, 5847, 5849, 7110, 7110, 5862, - 5852, 135, 5865, 5855, 5860, 5863, 5866, 5873, 5868, 5870, - 5876, 7110, 7110, 5877, 7110, 5871, 5881, 7110, 5869, 5885, - 5886, 5889, 5890, 5891, 5892, 5896, 5898, 5899, 5900, 5901, - 5902, 5908, 7110, 5920, 5923, 5905, 5926, 5927, 5929, 5931, - - 5933, 5935, 5937, 5938, 5939, 5918, 5940, 5941, 5942, 5945, - 5947, 5948, 5949, 5951, 7110, 5958, 5963, 5952, 5960, 5965, - 5966, 5967, 7110, 5974, 5970, 5979, 5976, 7110, 5983, 5980, - 5984, 5986, 5987, 7110, 5988, 5991, 5998, 5999, 5992, 5994, - 6000, 6002, 6004, 6015, 7110, 6005, 6007, 6008, 7110, 7110, - 7110, 6020, 6022, 6019, 7110, 6027, 6023, 6010, 6028, 7110, - 6030, 6031, 6032, 7110, 7110, 7110, 6034, 6036, 6038, 7110, - 6042, 6045, 7110, 6043, 7110, 6048, 7110, 6049, 6051, 6052, - 6057, 7110, 6058, 6060, 6050, 6067, 7110, 6075, 6077, 6079, - 6061, 6065, 6072, 6081, 7110, 6088, 6084, 6087, 6094, 6080, - - 6083, 6090, 6096, 6097, 6105, 6100, 6103, 7110, 6104, 6107, - 6109, 6116, 6110, 6106, 6113, 7110, 6118, 7110, 6120, 7110, - 6122, 6123, 6124, 6126, 6131, 6127, 6132, 6133, 6134, 6142, - 6144, 6146, 6147, 6148, 6150, 6153, 6154, 7110, 7110, 6164, - 6156, 7110, 6160, 6168, 7110, 6157, 7110, 6172, 7110, 6159, - 6161, 6176, 6169, 6179, 7110, 7110, 6183, 6180, 6186, 6193, - 6188, 6190, 6191, 7110, 6196, 6192, 6194, 6199, 7110, 6207, - 7110, 6202, 6209, 6212, 7110, 6204, 6215, 6219, 6205, 6208, - 6224, 6216, 6221, 6225, 6235, 6231, 6232, 6233, 6237, 6234, - 6238, 6239, 6246, 7110, 7110, 7110, 6240, 6248, 6257, 6255, - - 6256, 6264, 6260, 7110, 6261, 6263, 6265, 6267, 6275, 6271, - 6273, 7110, 6279, 6274, 6276, 6277, 6281, 6283, 6282, 6284, - 7110, 6295, 6297, 6300, 6303, 6304, 6305, 6307, 6312, 6314, - 6316, 6309, 6317, 6325, 6321, 7110, 7110, 6324, 6320, 7110, - 6328, 6330, 7110, 6331, 7110, 6332, 6333, 6334, 6335, 6337, - 7110, 6340, 6341, 6342, 6344, 7110, 6345, 6347, 6349, 6352, - 7110, 6346, 6366, 6359, 6362, 6363, 7110, 7110, 6369, 6371, - 7110, 6373, 6375, 6374, 6382, 6377, 6378, 6384, 6387, 7110, - 6391, 6393, 6385, 6394, 6396, 6397, 6400, 7110, 6399, 6402, - 6403, 6404, 7110, 6408, 6411, 6412, 6410, 6413, 7110, 6415, - - 6416, 6425, 6417, 7110, 6428, 6432, 6433, 7110, 7110, 7110, - 6438, 6440, 6441, 7110, 7110, 7110, 7110, 6443, 6444, 6434, - 6451, 7110, 6447, 7110, 7110, 6455, 6459, 6463, 6465, 6469, - 6468, 7110, 6470, 6471, 6474, 6458, 6477, 7110, 7110, 6478, - 6481, 6482, 6483, 6485, 6486, 7110, 7110, 6487, 6489, 6490, - 6495, 6492, 7110, 6493, 6498, 6500, 6505, 6508, 6516, 6518, - 6510, 6519, 6520, 6527, 6528, 6513, 6530, 6523, 6531, 6534, - 6533, 6541, 6543, 6542, 6547, 6550, 6551, 6553, 7110, 7110, - 6555, 7110, 6557, 6559, 7110, 6560, 7110, 6562, 6564, 6570, - 6572, 7110, 6574, 6576, 6580, 6582, 6565, 7110, 6577, 6584, - - 6588, 6585, 6589, 6590, 7110, 6593, 6595, 6597, 6598, 6599, - 6603, 6604, 6607, 7110, 6602, 6609, 7110, 7110, 6600, 6616, - 6611, 6620, 6622, 7110, 6623, 6630, 6625, 6627, 6628, 6631, - 6629, 7110, 6635, 6633, 7110, 7110, 6634, 6636, 7110, 7110, - 6643, 6644, 7110, 7110, 7110, 7110, 7110, 7110, 7110, 7110, - 6648, 6652, 7110, 7110, 6646, 6657, 6661, 7110, 6663, 7110, - 6650, 6658, 6666, 6654, 7110, 6665, 7110, 6668, 6671, 6672, - 6285, 6675, 6680, 6676, 6678, 6683, 6684, 6685, 6687, 6686, - 6692, 6688, 6694, 6698, 6699, 6706, 6696, 6707, 7110, 7110, - 7110, 6708, 6709, 6714, 6711, 6724, 6725, 6728, 6731, 6717, - - 6719, 6732, 6733, 6737, 6721, 6734, 6747, 6740, 6743, 6745, - 6752, 6744, 6757, 6759, 7110, 6761, 6748, 6753, 6766, 7110, - 6762, 7110, 6767, 7110, 7110, 6769, 6770, 6773, 6774, 6782, - 6784, 6775, 6779, 6780, 6783, 6787, 7110, 6791, 7110, 7110, - 7110, 6794, 6796, 7110, 6795, 6797, 7110, 6798, 6800, 6802, - 6804, 6806, 6803, 6807, 6808, 6811, 7110, 7110, 6814, 6820, - 6823, 6825, 6826, 6833, 6828, 6830, 6832, 6836, 6839, 6846, - 7110, 6844, 6845, 6848, 7110, 6849, 6851, 6852, 6854, 6855, - 6862, 6857, 6864, 7110, 6860, 7110, 6866, 6863, 6878, 6867, - 6868, 6869, 6879, 6884, 6881, 7110, 6871, 6890, 6885, 6892, - - 6895, 6898, 6899, 6888, 6901, 6905, 6909, 6913, 6908, 6914, - 6916, 6917, 6918, 7110, 6920, 6923, 7110, 6924, 6925, 6926, - 6927, 6931, 7110, 6934, 6928, 6936, 6938, 6941, 6943, 7110, - 6949, 6952, 6953, 7110, 6954, 7110, 7110, 6956, 6944, 6957, - 6965, 6967, 7110, 7110, 7110, 6990, 6997, 7004, 7011, 7018, - 7025, 7032, 88, 7039, 7046, 7053, 7060, 7067, 7074, 7081, - 7088, 7095, 7102 - } ; - -static const flex_int16_t yy_def[3664] = - { 0, - 3645, 1, 3646, 3646, 3647, 3647, 3648, 3648, 3649, 3649, - 3650, 3650, 3651, 3651, 3652, 3652, 3645, 3653, 3645, 3645, - 3645, 3645, 3654, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3655, 3645, 3645, 3645, - 3655, 3656, 3645, 3645, 3645, 3656, 3657, 3645, 3645, 3645, - 3645, 3657, 3658, 3645, 3645, 3645, 3658, 3659, 3645, 3660, - 3645, 3659, 3659, 3661, 3645, 3645, 3645, 3645, 3661, 3662, - 3645, 3645, 3645, 3662, 3653, 3653, 3645, 3663, 3654, 3663, - 3654, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3655, - 3655, 3656, 3656, 3657, 3657, 3645, 3658, 3658, 3659, 3659, - 3660, 3660, 3659, 3661, 3661, 3645, 3662, 3662, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3659, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3659, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3659, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3659, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3645, - 3645, 3653, 3645, 3645, 3653, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3659, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3659, 3659, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3659, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3659, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3659, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3659, 3653, 3645, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3645, 3653, 3645, 3653, 3653, 3653, 3653, 3645, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3645, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3659, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3659, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3645, 3645, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, - 3645, 3653, 3645, 3653, 3653, 3645, 3645, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3659, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3645, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3645, 3645, 3653, 3645, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3659, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, 3653, 3653, - 3645, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3645, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3645, 3653, - 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, - 3653, 3659, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3645, 3653, 3645, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3645, 3645, - 3645, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3645, 3645, 3645, 3653, 3653, 3653, 3645, - 3653, 3653, 3645, 3653, 3645, 3653, 3645, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, - 3653, 3645, 3653, 3653, 3645, 3653, 3645, 3653, 3645, 3653, - 3653, 3653, 3653, 3653, 3645, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3645, 3653, - 3645, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3645, 3645, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, 3653, 3645, - 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, 3653, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3645, 3653, - - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3645, 3645, 3645, - 3653, 3653, 3653, 3645, 3645, 3645, 3645, 3653, 3653, 3653, - 3653, 3645, 3653, 3645, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, - 3653, 3645, 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, - - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3645, 3645, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3645, 3653, 3653, 3645, 3645, 3653, 3653, 3645, 3645, - 3653, 3653, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, - 3653, 3653, 3645, 3645, 3653, 3653, 3653, 3645, 3653, 3645, - 3653, 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, - 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3645, - 3653, 3645, 3653, 3645, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3645, 3645, - 3645, 3653, 3653, 3645, 3653, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3645, 3645, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3645, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3645, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3653, 3653, 3645, 3653, 3653, 3653, 3653, - - 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, 3653, - 3653, 3653, 3653, 3645, 3653, 3653, 3645, 3653, 3653, 3653, - 3653, 3653, 3645, 3653, 3653, 3653, 3653, 3653, 3653, 3645, - 3653, 3653, 3653, 3645, 3653, 3645, 3645, 3653, 3653, 3653, - 3653, 3653, 3645, 3645, 0, 3645, 3645, 3645, 3645, 3645, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, - 3645, 3645, 3645 - } ; - -static const flex_int16_t yy_nxt[7151] = - { 0, - 18, 19, 20, 21, 22, 23, 22, 18, 18, 18, - 18, 18, 22, 24, 25, 26, 27, 28, 29, 30, - 18, 31, 32, 33, 34, 35, 36, 37, 38, 39, - 40, 41, 42, 43, 44, 45, 18, 18, 18, 46, - 48, 49, 50, 48, 49, 50, 53, 54, 53, 54, - 55, 51, 55, 85, 51, 85, 85, 56, 85, 56, - 58, 59, 60, 61, 85, 22, 58, 59, 60, 61, - 86, 22, 62, 64, 65, 66, 86, 97, 62, 64, - 65, 66, 87, 86, 67, 119, 88, 108, 85, 86, - 67, 19, 20, 21, 69, 70, 71, 75, 76, 77, - - 78, 86, 22, 72, 121, 86, 120, 109, 86, 79, - 160, 160, 73, 19, 20, 21, 69, 70, 71, 75, - 76, 77, 78, 187, 22, 72, 81, 82, 83, 130, - 90, 79, 90, 90, 73, 90, 86, 84, 81, 82, - 83, 90, 91, 86, 86, 98, 92, 93, 170, 84, - 94, 159, 99, 86, 110, 95, 100, 162, 86, 101, - 162, 170, 86, 112, 96, 86, 167, 167, 111, 86, - 102, 113, 137, 115, 103, 173, 116, 104, 86, 105, - 106, 179, 114, 117, 170, 118, 86, 122, 86, 126, - 107, 86, 156, 127, 86, 123, 157, 184, 86, 138, - - 158, 124, 87, 139, 86, 125, 88, 128, 180, 129, - 86, 131, 86, 140, 141, 132, 142, 143, 86, 133, - 144, 86, 148, 86, 149, 134, 86, 145, 135, 86, - 152, 146, 147, 150, 86, 136, 177, 177, 183, 151, - 153, 181, 196, 189, 154, 155, 164, 86, 164, 164, - 90, 164, 90, 90, 169, 90, 169, 169, 174, 169, - 174, 174, 172, 174, 85, 86, 85, 85, 90, 85, - 90, 90, 291, 90, 86, 85, 86, 182, 86, 90, - 91, 185, 190, 188, 86, 86, 197, 86, 191, 86, - 192, 86, 86, 208, 186, 86, 86, 86, 86, 86, - - 200, 199, 193, 194, 86, 198, 86, 195, 86, 201, - 86, 202, 247, 210, 206, 203, 204, 207, 209, 86, - 211, 216, 212, 205, 86, 213, 86, 86, 86, 218, - 86, 219, 86, 221, 86, 86, 227, 222, 214, 215, - 86, 228, 226, 224, 86, 86, 217, 230, 225, 86, - 86, 220, 86, 223, 231, 233, 234, 229, 86, 86, - 86, 86, 232, 236, 86, 238, 86, 242, 235, 239, - 86, 86, 86, 86, 244, 240, 237, 178, 86, 86, - 86, 241, 86, 245, 243, 250, 253, 254, 86, 246, - 255, 249, 86, 86, 86, 256, 251, 248, 262, 259, - - 252, 263, 86, 86, 261, 265, 86, 86, 86, 86, - 260, 269, 257, 86, 266, 258, 86, 86, 264, 268, - 270, 272, 160, 160, 86, 162, 267, 271, 162, 275, - 164, 273, 164, 164, 341, 164, 167, 167, 169, 86, - 169, 169, 90, 169, 90, 90, 170, 90, 174, 274, - 174, 174, 276, 174, 172, 177, 177, 278, 86, 86, - 86, 86, 86, 86, 86, 86, 86, 277, 280, 86, - 283, 286, 282, 86, 279, 281, 86, 289, 288, 285, - 176, 292, 284, 86, 290, 287, 86, 293, 294, 86, - 295, 321, 86, 298, 86, 296, 86, 303, 299, 86, - - 305, 86, 86, 300, 86, 306, 86, 308, 86, 301, - 302, 304, 297, 309, 86, 312, 310, 86, 86, 86, - 307, 86, 314, 86, 315, 86, 86, 86, 175, 86, - 86, 86, 322, 316, 311, 323, 329, 317, 319, 86, - 318, 320, 86, 324, 313, 332, 325, 86, 326, 330, - 336, 86, 86, 333, 86, 331, 86, 334, 338, 339, - 327, 378, 328, 86, 86, 86, 342, 337, 86, 335, - 344, 86, 86, 343, 340, 345, 86, 346, 86, 86, - 347, 349, 86, 86, 86, 348, 86, 86, 351, 86, - 86, 86, 350, 86, 86, 353, 359, 86, 86, 354, - - 86, 357, 86, 86, 352, 364, 360, 358, 355, 86, - 365, 86, 86, 361, 356, 86, 362, 366, 370, 368, - 86, 367, 363, 373, 86, 86, 86, 86, 376, 86, - 86, 369, 375, 86, 379, 380, 382, 86, 371, 372, - 86, 86, 86, 86, 387, 374, 86, 385, 86, 377, - 86, 384, 381, 386, 86, 383, 389, 86, 86, 390, - 170, 86, 86, 393, 86, 86, 86, 86, 388, 86, - 412, 392, 394, 396, 398, 400, 391, 401, 86, 86, - 395, 86, 86, 86, 397, 86, 404, 402, 86, 399, - 403, 86, 86, 405, 86, 86, 86, 407, 411, 86, - - 86, 413, 406, 409, 86, 408, 86, 414, 415, 86, - 417, 86, 86, 418, 416, 86, 419, 86, 86, 410, - 421, 86, 422, 86, 86, 426, 170, 86, 428, 86, - 420, 86, 423, 424, 86, 86, 430, 429, 86, 86, - 425, 427, 86, 431, 86, 433, 86, 435, 436, 438, - 86, 434, 86, 86, 86, 86, 439, 86, 442, 86, - 432, 86, 443, 86, 86, 441, 86, 445, 86, 448, - 168, 440, 86, 437, 446, 450, 86, 453, 86, 444, - 86, 454, 447, 86, 449, 86, 86, 86, 452, 462, - 86, 86, 451, 86, 465, 464, 466, 455, 86, 86, - - 470, 166, 469, 86, 463, 471, 476, 456, 86, 467, - 457, 86, 468, 472, 473, 458, 459, 460, 461, 474, - 477, 86, 86, 480, 475, 86, 86, 86, 86, 86, - 486, 86, 86, 488, 86, 86, 86, 484, 485, 478, - 487, 481, 479, 86, 482, 483, 86, 489, 492, 86, - 86, 491, 86, 86, 497, 86, 498, 86, 499, 490, - 86, 493, 86, 86, 516, 86, 86, 500, 496, 494, - 503, 505, 495, 504, 501, 86, 510, 502, 86, 86, - 506, 508, 86, 509, 86, 511, 507, 86, 517, 518, - 86, 86, 519, 515, 86, 86, 86, 86, 512, 86, - - 533, 513, 86, 514, 86, 520, 86, 521, 86, 86, - 535, 532, 538, 522, 536, 86, 537, 523, 534, 170, - 540, 579, 524, 549, 550, 525, 86, 526, 539, 527, - 551, 86, 86, 86, 86, 552, 86, 553, 86, 86, - 555, 86, 528, 558, 554, 529, 165, 530, 557, 531, - 86, 556, 541, 542, 560, 86, 86, 559, 86, 562, - 86, 86, 543, 544, 545, 546, 547, 561, 564, 548, - 563, 86, 86, 570, 86, 568, 566, 571, 565, 573, - 86, 569, 86, 574, 86, 86, 86, 86, 86, 86, - 578, 86, 86, 581, 567, 572, 86, 86, 576, 582, - - 583, 577, 86, 86, 575, 580, 163, 86, 585, 588, - 86, 584, 86, 586, 86, 589, 86, 587, 590, 591, - 86, 86, 86, 596, 593, 594, 86, 86, 612, 598, - 86, 597, 86, 86, 86, 86, 592, 615, 86, 161, - 595, 613, 599, 86, 601, 600, 602, 603, 614, 617, - 86, 86, 86, 86, 624, 86, 618, 619, 604, 616, - 605, 86, 86, 86, 86, 621, 606, 620, 86, 622, - 626, 86, 623, 86, 607, 608, 86, 629, 609, 610, - 86, 625, 611, 630, 86, 627, 628, 86, 631, 86, - 86, 86, 86, 86, 86, 636, 634, 635, 86, 86, - - 86, 86, 632, 637, 642, 638, 86, 86, 86, 86, - 644, 633, 641, 643, 86, 646, 86, 640, 639, 645, - 86, 647, 86, 649, 86, 651, 86, 86, 86, 86, - 648, 86, 86, 86, 86, 653, 86, 657, 655, 86, - 86, 86, 650, 86, 664, 666, 659, 652, 669, 654, - 86, 86, 656, 658, 660, 665, 661, 662, 86, 668, - 663, 86, 86, 86, 86, 86, 673, 667, 86, 86, - 671, 86, 86, 672, 86, 670, 677, 679, 674, 680, - 676, 86, 86, 675, 86, 86, 682, 86, 86, 678, - 86, 86, 683, 687, 686, 86, 689, 86, 86, 86, - - 86, 86, 685, 681, 86, 86, 684, 721, 86, 704, - 688, 86, 692, 690, 86, 86, 86, 691, 86, 693, - 701, 706, 702, 703, 694, 86, 695, 86, 86, 708, - 705, 707, 696, 712, 697, 86, 86, 698, 699, 86, - 86, 709, 711, 86, 700, 710, 717, 86, 716, 86, - 86, 714, 86, 713, 715, 719, 86, 718, 86, 720, - 86, 724, 86, 726, 86, 86, 730, 86, 86, 723, - 722, 727, 86, 729, 86, 725, 728, 733, 86, 86, - 86, 86, 86, 734, 86, 86, 731, 737, 739, 738, - 732, 170, 741, 86, 736, 740, 86, 735, 86, 86, - - 743, 744, 86, 86, 86, 742, 86, 748, 750, 86, - 745, 86, 753, 86, 746, 754, 86, 749, 756, 752, - 747, 86, 86, 86, 86, 86, 758, 86, 755, 86, - 86, 86, 762, 751, 757, 761, 86, 178, 767, 759, - 763, 86, 760, 768, 86, 770, 86, 764, 771, 86, - 765, 772, 766, 86, 769, 773, 86, 86, 774, 86, - 775, 86, 776, 86, 86, 86, 86, 777, 86, 86, - 782, 778, 781, 86, 86, 780, 86, 785, 86, 86, - 790, 784, 779, 783, 786, 86, 86, 86, 86, 789, - 86, 86, 792, 86, 796, 86, 794, 788, 86, 787, - - 86, 86, 86, 86, 86, 803, 799, 791, 793, 795, - 86, 86, 86, 797, 86, 804, 86, 86, 801, 86, - 806, 798, 800, 86, 802, 807, 805, 86, 808, 809, - 86, 811, 810, 86, 812, 813, 86, 816, 814, 818, - 86, 815, 817, 86, 86, 86, 820, 86, 821, 819, - 86, 86, 823, 824, 86, 86, 825, 86, 86, 86, - 86, 832, 86, 830, 828, 86, 86, 86, 86, 86, - 822, 826, 827, 829, 833, 86, 839, 86, 837, 831, - 86, 176, 86, 840, 836, 834, 86, 838, 835, 841, - 842, 843, 86, 86, 86, 844, 86, 86, 846, 845, - - 86, 86, 851, 86, 86, 849, 853, 86, 86, 852, - 847, 848, 86, 86, 86, 86, 854, 86, 86, 856, - 850, 858, 175, 857, 86, 86, 859, 86, 855, 862, - 860, 861, 865, 86, 866, 86, 86, 870, 86, 86, - 868, 86, 867, 863, 864, 869, 871, 86, 872, 875, - 873, 86, 86, 879, 86, 86, 86, 877, 880, 86, - 86, 881, 86, 876, 883, 874, 86, 878, 885, 86, - 86, 86, 86, 86, 891, 884, 86, 86, 86, 882, - 86, 892, 86, 86, 86, 893, 86, 886, 887, 888, - 86, 889, 86, 890, 901, 898, 896, 894, 895, 86, - - 86, 900, 86, 897, 899, 86, 86, 86, 86, 86, - 902, 86, 908, 903, 904, 86, 86, 86, 86, 86, - 918, 86, 170, 86, 905, 910, 907, 906, 916, 909, - 86, 86, 86, 911, 912, 913, 914, 915, 86, 86, - 921, 86, 919, 922, 917, 920, 924, 86, 86, 86, - 86, 86, 86, 923, 86, 86, 929, 928, 86, 930, - 932, 86, 927, 925, 86, 86, 933, 926, 86, 86, - 86, 935, 86, 86, 936, 170, 934, 940, 931, 938, - 941, 939, 937, 86, 86, 86, 944, 942, 86, 943, - 86, 86, 86, 86, 948, 949, 86, 945, 86, 950, - - 952, 86, 954, 86, 86, 946, 947, 951, 953, 956, - 955, 86, 86, 86, 86, 86, 958, 86, 86, 962, - 86, 86, 86, 959, 957, 86, 963, 964, 86, 86, - 86, 86, 961, 86, 86, 965, 86, 86, 960, 977, - 978, 1029, 967, 975, 86, 981, 966, 86, 976, 968, - 980, 979, 969, 982, 86, 86, 970, 86, 983, 971, - 86, 984, 86, 985, 86, 86, 972, 973, 986, 974, - 990, 86, 86, 987, 86, 86, 86, 999, 988, 86, - 86, 86, 86, 168, 1002, 989, 86, 991, 992, 86, - 993, 998, 86, 994, 1006, 1000, 1004, 1001, 995, 1003, - - 1007, 86, 86, 86, 996, 997, 1008, 1010, 86, 1012, - 1014, 1011, 1005, 86, 1013, 86, 86, 1009, 86, 1015, - 86, 1017, 86, 1018, 86, 1019, 86, 1020, 1016, 1022, - 86, 1021, 86, 86, 1023, 86, 86, 86, 86, 86, - 1026, 86, 1030, 86, 1033, 1024, 86, 86, 86, 86, - 1037, 1039, 86, 1031, 1025, 86, 86, 1027, 1028, 86, - 1032, 1035, 1040, 1043, 1038, 1034, 86, 1041, 86, 86, - 1036, 1042, 1045, 1047, 1044, 86, 86, 86, 86, 86, - 1046, 86, 1049, 86, 1048, 1050, 1051, 86, 1052, 86, - 86, 1053, 86, 86, 86, 86, 86, 1055, 1056, 86, - - 1057, 1061, 86, 86, 1065, 86, 1064, 86, 1054, 86, - 86, 1063, 1059, 1058, 1062, 86, 86, 86, 1060, 86, - 86, 86, 86, 86, 1073, 1068, 1069, 1066, 1071, 1072, - 86, 86, 86, 86, 1067, 1074, 1075, 86, 86, 1079, - 86, 1077, 86, 1070, 1080, 86, 1078, 86, 1082, 86, - 86, 1081, 86, 1083, 86, 1088, 1076, 86, 1085, 1084, - 86, 86, 1090, 1089, 1091, 86, 1086, 86, 1087, 86, - 86, 86, 1093, 86, 86, 1092, 86, 86, 1094, 86, - 1101, 1095, 1099, 166, 1104, 86, 86, 86, 86, 1096, - 86, 1098, 1097, 86, 1105, 1102, 86, 1100, 1103, 1106, - - 86, 1111, 1107, 86, 86, 86, 1110, 1108, 86, 1113, - 1109, 1114, 86, 86, 86, 86, 86, 1112, 86, 86, - 1125, 86, 1117, 1119, 1115, 86, 86, 1126, 1116, 86, - 86, 1128, 86, 86, 1118, 86, 1120, 86, 1122, 1133, - 1121, 1123, 1131, 1127, 1129, 1124, 86, 1132, 86, 86, - 86, 86, 1130, 86, 1140, 1137, 86, 1139, 1141, 86, - 86, 1135, 1142, 86, 86, 1134, 86, 1145, 86, 1136, - 1147, 86, 1138, 86, 86, 86, 86, 86, 1153, 1144, - 1149, 1143, 86, 1154, 170, 1150, 86, 86, 1146, 86, - 1156, 1155, 1148, 86, 1157, 86, 86, 86, 1151, 1158, - - 1152, 1160, 86, 86, 86, 86, 1173, 1159, 1161, 86, - 86, 1163, 86, 1174, 86, 1164, 1176, 86, 86, 1162, - 86, 86, 1178, 1165, 1180, 1166, 86, 1175, 86, 1167, - 165, 1168, 86, 1181, 1182, 1169, 1179, 1170, 1183, 1177, - 86, 1185, 1171, 1184, 86, 86, 86, 1172, 86, 1187, - 86, 86, 86, 86, 1186, 1190, 1193, 86, 1192, 86, - 163, 1188, 86, 1189, 86, 1191, 1194, 1198, 1197, 1201, - 1199, 1196, 86, 1202, 1195, 86, 1205, 1200, 1204, 86, - 1203, 86, 86, 86, 86, 86, 86, 86, 86, 86, - 86, 86, 1220, 1217, 86, 86, 86, 86, 1216, 1221, - - 86, 86, 1219, 1218, 1207, 1208, 1206, 86, 1209, 1222, - 1224, 1223, 86, 1210, 1228, 1211, 1225, 86, 86, 1226, - 86, 1212, 1229, 86, 86, 86, 1213, 1214, 1227, 86, - 1230, 1235, 86, 1215, 86, 86, 1238, 86, 1236, 86, - 1232, 1231, 86, 1233, 1241, 86, 86, 1234, 1239, 86, - 86, 1243, 86, 86, 1244, 1237, 1240, 86, 86, 1242, - 1249, 1246, 1247, 86, 86, 86, 86, 86, 86, 1245, - 1252, 86, 1250, 86, 1248, 86, 86, 86, 86, 86, - 86, 86, 1254, 1251, 1257, 1256, 1258, 1253, 86, 1261, - 86, 1255, 1263, 1260, 1259, 86, 1262, 86, 86, 1264, - - 1266, 86, 1265, 86, 1267, 86, 1270, 86, 86, 1275, - 1271, 86, 1272, 86, 1274, 86, 1268, 1273, 1269, 1276, - 1277, 86, 86, 86, 1281, 86, 86, 86, 1283, 1282, - 86, 1284, 86, 86, 86, 1279, 1278, 1286, 86, 1280, - 86, 1285, 86, 1293, 86, 86, 1287, 86, 86, 86, - 1295, 1300, 86, 1288, 1289, 1291, 86, 1297, 1290, 1292, - 86, 86, 1296, 86, 1299, 1294, 86, 86, 86, 86, - 86, 1302, 1303, 86, 1298, 1306, 86, 86, 1305, 86, - 86, 1307, 1301, 1309, 1304, 1308, 1311, 1312, 1313, 86, - 86, 86, 86, 86, 86, 1310, 86, 1316, 86, 1314, - - 86, 1317, 86, 86, 161, 1321, 1323, 1324, 1325, 1315, - 1318, 86, 86, 86, 86, 1319, 1322, 86, 1320, 86, - 1328, 1330, 1326, 86, 1327, 86, 86, 86, 1329, 1332, - 1331, 86, 1334, 86, 86, 1336, 86, 86, 86, 1335, - 86, 86, 1337, 86, 86, 1339, 1338, 1342, 86, 86, - 86, 1333, 1343, 1345, 86, 86, 86, 1349, 1350, 1340, - 86, 1344, 1341, 86, 86, 86, 86, 1347, 1353, 86, - 86, 1352, 1346, 86, 86, 1348, 86, 1358, 86, 1354, - 1351, 86, 86, 86, 1355, 1356, 86, 1360, 1364, 86, - 86, 86, 1357, 170, 1359, 86, 1366, 86, 1365, 86, - - 1367, 1361, 86, 86, 86, 1363, 1376, 1372, 1362, 86, - 86, 1369, 86, 1368, 1370, 1371, 1374, 86, 1373, 1377, - 86, 86, 86, 1380, 1375, 86, 1378, 1379, 86, 86, - 86, 86, 86, 1381, 1382, 1384, 86, 86, 86, 1390, - 86, 86, 86, 1383, 1387, 86, 1385, 86, 86, 86, - 1401, 1386, 86, 1388, 1394, 1389, 1391, 1396, 86, 1392, - 1393, 86, 1400, 86, 86, 86, 1397, 1395, 1398, 1402, - 1404, 1399, 1403, 86, 86, 1405, 86, 1406, 86, 86, - 86, 86, 1413, 86, 1407, 1410, 86, 1409, 86, 86, - 86, 1414, 86, 1412, 1408, 1418, 86, 1415, 1411, 86, - - 1416, 86, 86, 86, 1419, 86, 1420, 1422, 86, 1417, - 86, 86, 1421, 86, 1423, 86, 1428, 1424, 1425, 86, - 1426, 86, 1431, 86, 86, 1429, 86, 86, 86, 86, - 1427, 1438, 86, 1432, 1430, 1436, 86, 86, 86, 86, - 86, 86, 1433, 1437, 1435, 1434, 86, 1439, 1441, 86, - 1448, 1442, 1440, 1444, 86, 1450, 86, 1443, 86, 1445, - 86, 86, 86, 86, 1447, 86, 86, 86, 1453, 86, - 86, 1446, 1456, 1451, 1449, 86, 1452, 86, 1457, 1458, - 86, 1455, 1526, 1454, 1459, 86, 86, 1463, 1460, 1461, - 1462, 86, 1464, 1471, 86, 1473, 1465, 86, 1474, 1466, - - 1467, 86, 86, 1472, 1468, 1477, 86, 1475, 86, 86, - 1469, 86, 86, 1478, 1470, 1476, 86, 1479, 86, 1480, - 86, 1482, 86, 86, 86, 1483, 1487, 1484, 86, 86, - 1481, 86, 86, 1488, 1490, 86, 1485, 1493, 1494, 86, - 86, 1486, 86, 86, 86, 1491, 86, 1495, 1489, 1498, - 1496, 86, 1497, 1492, 1499, 86, 1500, 86, 1501, 86, - 1502, 86, 1503, 86, 1505, 1504, 1506, 1507, 86, 86, - 1508, 86, 1509, 86, 1514, 1511, 1510, 86, 86, 1515, - 86, 86, 1513, 86, 86, 86, 1516, 86, 1518, 1512, - 1524, 86, 86, 1520, 86, 1519, 86, 86, 1525, 86, - - 1517, 86, 1527, 86, 1521, 1523, 1522, 86, 1529, 86, - 86, 86, 86, 1528, 86, 1530, 1531, 1532, 86, 1535, - 1536, 86, 1538, 86, 86, 86, 1539, 1533, 1540, 86, - 86, 1542, 86, 1537, 1541, 86, 1534, 1544, 86, 1543, - 1546, 86, 86, 1547, 86, 86, 86, 1552, 86, 1548, - 86, 86, 1545, 86, 86, 1557, 1549, 1555, 86, 86, - 86, 86, 86, 1558, 1560, 86, 1550, 1551, 1554, 1559, - 1553, 86, 86, 1556, 1562, 86, 86, 1561, 86, 86, - 1563, 1565, 86, 1567, 86, 1564, 86, 1568, 1629, 1566, - 86, 1569, 86, 1570, 86, 1572, 86, 1571, 86, 86, - - 1574, 1573, 86, 1578, 1575, 1579, 1576, 86, 86, 86, - 1582, 86, 1580, 1581, 86, 1577, 86, 86, 86, 1586, - 86, 86, 86, 1583, 86, 86, 86, 1588, 170, 1585, - 86, 1594, 1595, 86, 1597, 1590, 1584, 86, 86, 1596, - 86, 1587, 1589, 1591, 86, 86, 1592, 86, 86, 86, - 86, 86, 1605, 1593, 86, 86, 86, 86, 1598, 86, - 1602, 1609, 86, 1603, 1599, 1600, 86, 1601, 1604, 1610, - 86, 1612, 1614, 86, 1606, 1608, 86, 1615, 86, 86, - 1607, 1613, 1611, 86, 86, 1617, 86, 1618, 86, 86, - 86, 1616, 1626, 1623, 86, 86, 1624, 1619, 1625, 1620, - - 1628, 1621, 86, 86, 1622, 1631, 86, 86, 1627, 86, - 1632, 86, 86, 1630, 1633, 86, 86, 1636, 86, 86, - 1637, 1638, 86, 86, 1641, 1635, 86, 1639, 86, 1634, - 86, 1646, 86, 86, 86, 1650, 1647, 1643, 1640, 86, - 86, 86, 1642, 86, 1644, 86, 1645, 86, 86, 86, - 86, 1648, 1651, 1649, 86, 1652, 86, 1659, 86, 1654, - 86, 1658, 1653, 1655, 1656, 1660, 1657, 86, 86, 1664, - 86, 86, 1661, 86, 86, 1668, 1663, 1669, 1670, 1662, - 1666, 86, 86, 86, 86, 1665, 86, 1672, 1673, 86, - 86, 86, 86, 1667, 1678, 1671, 1674, 1677, 1675, 1679, - - 86, 1680, 86, 1681, 86, 86, 86, 86, 86, 1682, - 1685, 86, 1676, 86, 86, 1687, 86, 1686, 86, 86, - 86, 86, 1688, 86, 1693, 86, 1689, 1692, 1683, 1695, - 1684, 1691, 1690, 86, 86, 1699, 86, 1701, 1696, 1694, - 1700, 86, 1702, 86, 1698, 86, 1704, 86, 1697, 86, - 86, 86, 86, 86, 86, 1712, 1703, 1708, 86, 1707, - 86, 86, 86, 1713, 86, 1716, 1705, 86, 1706, 86, - 1709, 86, 1711, 1710, 86, 1718, 1719, 86, 86, 86, - 1714, 86, 86, 1717, 86, 86, 1720, 86, 1715, 86, - 1728, 86, 86, 1721, 1729, 1725, 1722, 1723, 1724, 86, - - 1727, 86, 1733, 86, 1735, 1726, 1730, 1734, 86, 86, - 86, 1731, 86, 1732, 1736, 86, 86, 86, 86, 1741, - 86, 86, 1737, 1742, 1739, 86, 1745, 1738, 86, 1740, - 1749, 86, 86, 1746, 1751, 86, 1743, 1750, 1744, 86, - 86, 1754, 86, 86, 1748, 1747, 1756, 86, 1755, 86, - 1752, 86, 1753, 1757, 86, 86, 86, 1762, 1763, 86, - 86, 86, 86, 86, 1760, 86, 1767, 1766, 1768, 86, - 86, 1758, 1759, 1771, 86, 86, 1761, 86, 1764, 1770, - 86, 86, 1765, 1772, 86, 86, 86, 86, 1776, 1769, - 86, 1773, 86, 1774, 86, 1781, 1779, 1775, 86, 86, - - 86, 86, 86, 1787, 86, 1788, 1785, 1777, 86, 86, - 1778, 86, 1780, 1782, 86, 86, 1786, 1789, 86, 1784, - 1783, 86, 1794, 86, 86, 86, 86, 1799, 86, 1790, - 1791, 1797, 86, 86, 86, 1802, 1800, 1795, 1793, 1792, - 1798, 86, 1796, 86, 86, 86, 86, 86, 86, 1806, - 1809, 86, 1808, 1801, 86, 1805, 170, 1810, 86, 86, - 86, 1811, 1804, 1803, 1812, 1807, 86, 86, 86, 86, - 1820, 86, 1813, 86, 1815, 86, 1814, 86, 1821, 1824, - 86, 1818, 1826, 86, 86, 1816, 1817, 86, 86, 1828, - 1830, 1822, 1825, 1819, 86, 1823, 86, 1832, 86, 1829, - - 1834, 86, 86, 86, 1827, 86, 86, 86, 1831, 86, - 86, 1836, 1833, 86, 1837, 86, 1839, 86, 1840, 86, - 86, 1835, 1844, 86, 1841, 1842, 86, 1845, 1843, 86, - 1838, 1852, 86, 86, 86, 1847, 1849, 86, 1846, 1850, - 86, 86, 86, 1856, 1854, 1853, 86, 1857, 86, 1848, - 86, 1851, 1862, 1859, 1860, 86, 1863, 1858, 86, 86, - 1855, 1869, 86, 1867, 1864, 86, 1865, 86, 1866, 86, - 1861, 86, 86, 86, 86, 86, 1868, 1874, 1873, 1875, - 1876, 86, 86, 86, 86, 86, 86, 1877, 86, 1878, - 1870, 86, 1871, 1880, 1872, 86, 1881, 86, 86, 86, - - 86, 86, 1883, 1882, 1879, 86, 86, 86, 86, 86, - 86, 1884, 1893, 1892, 86, 1887, 86, 86, 1885, 1888, - 1886, 1889, 86, 86, 1890, 86, 1896, 86, 1899, 1895, - 1898, 86, 86, 1891, 86, 1894, 86, 1897, 86, 1904, - 86, 1903, 86, 1900, 86, 1906, 86, 1901, 86, 1907, - 1908, 86, 1902, 1910, 1911, 86, 1912, 1905, 1909, 86, - 86, 1913, 86, 86, 86, 86, 86, 86, 86, 86, - 1927, 86, 1917, 1914, 1919, 1920, 1928, 86, 1921, 1918, - 1916, 1922, 86, 1923, 1915, 1926, 86, 86, 1924, 86, - 1932, 86, 1931, 86, 1925, 86, 86, 86, 1929, 86, - - 1936, 1935, 86, 86, 1937, 1930, 1933, 86, 86, 86, - 86, 86, 1946, 86, 1934, 86, 1940, 1947, 1944, 1939, - 1942, 1938, 1945, 1943, 86, 86, 86, 1941, 86, 86, - 86, 86, 86, 1953, 86, 1948, 1955, 1949, 1954, 86, - 1951, 86, 1956, 1950, 1960, 1952, 86, 1959, 86, 86, - 86, 1963, 1958, 86, 1965, 1964, 86, 1957, 1962, 86, - 86, 1969, 86, 86, 1961, 1973, 86, 86, 1966, 1967, - 1974, 86, 1968, 86, 86, 86, 86, 1970, 1980, 1978, - 1975, 1972, 1976, 1971, 86, 1982, 86, 1983, 86, 1979, - 86, 86, 1986, 86, 1981, 1977, 1984, 86, 86, 86, - - 1990, 86, 1985, 1987, 86, 86, 86, 86, 86, 1994, - 1988, 1992, 1995, 1989, 1991, 86, 86, 1993, 86, 86, - 86, 86, 86, 2000, 1996, 86, 1997, 1999, 86, 2001, - 86, 2003, 2007, 86, 2002, 1998, 86, 2009, 2004, 2010, - 86, 86, 2005, 86, 2006, 86, 86, 2013, 86, 2011, - 86, 2017, 86, 2012, 2008, 86, 2014, 2019, 86, 2015, - 86, 86, 86, 86, 2023, 86, 86, 86, 2018, 2016, - 2025, 86, 2026, 86, 86, 86, 2021, 86, 2028, 2022, - 2020, 86, 2024, 2030, 86, 170, 2029, 86, 2032, 86, - 2034, 2027, 86, 2033, 2037, 86, 86, 2035, 2031, 86, - - 2041, 86, 86, 86, 2036, 86, 86, 86, 2039, 86, - 2043, 2038, 86, 86, 2048, 86, 2042, 2044, 2040, 2045, - 86, 2051, 2052, 86, 2049, 2046, 86, 86, 86, 2047, - 2053, 2050, 2054, 86, 86, 2056, 2057, 2058, 86, 2055, - 2059, 86, 86, 2060, 86, 86, 86, 2061, 86, 86, - 86, 86, 86, 86, 86, 2066, 2067, 86, 86, 2071, - 86, 2068, 2072, 86, 2080, 2062, 2064, 2065, 2063, 2069, - 86, 86, 86, 2070, 86, 2073, 2075, 2077, 2078, 86, - 2074, 2079, 86, 2076, 86, 86, 86, 86, 86, 86, - 2087, 86, 2090, 2091, 86, 2081, 2092, 86, 2083, 86, - - 2082, 86, 2085, 2088, 2084, 2089, 86, 2086, 2094, 86, - 86, 2095, 86, 2099, 86, 2101, 86, 86, 2103, 2093, - 2100, 86, 2096, 86, 86, 2105, 2102, 2097, 86, 86, - 86, 86, 86, 2098, 2106, 2104, 86, 2109, 86, 2108, - 86, 2112, 86, 86, 86, 2111, 86, 2113, 86, 2115, - 2110, 2116, 86, 2107, 86, 2117, 2119, 2118, 86, 86, - 86, 2127, 86, 86, 2114, 86, 86, 86, 2124, 86, - 2120, 2121, 2122, 2130, 2131, 2132, 86, 2123, 2125, 2126, - 2133, 86, 86, 2128, 86, 2129, 2136, 86, 86, 2139, - 2134, 86, 86, 86, 86, 86, 86, 2135, 2137, 86, - - 2140, 2143, 86, 2138, 86, 2145, 86, 2148, 2149, 86, - 86, 86, 2141, 86, 2142, 86, 2146, 2151, 86, 86, - 2144, 2147, 2153, 2156, 2154, 86, 2158, 86, 86, 86, - 2150, 86, 86, 86, 86, 86, 2152, 86, 2164, 2161, - 2155, 2157, 2162, 86, 2167, 2169, 2160, 86, 86, 2159, - 86, 86, 2168, 86, 86, 86, 2173, 2172, 2175, 2166, - 2163, 2165, 2171, 86, 86, 2176, 86, 86, 2170, 86, - 86, 86, 2174, 86, 2177, 86, 2178, 86, 2182, 86, - 86, 86, 2184, 86, 2187, 2179, 86, 2188, 2189, 2183, - 86, 2180, 2181, 86, 86, 86, 86, 86, 2185, 2192, - - 2197, 86, 86, 86, 86, 2191, 2190, 2186, 2196, 86, - 86, 86, 2203, 86, 86, 2193, 2194, 2202, 86, 2195, - 2204, 2206, 86, 2199, 2200, 86, 2198, 2205, 86, 2201, - 2210, 86, 2207, 86, 86, 86, 2208, 86, 86, 86, - 2214, 2209, 86, 2218, 86, 86, 86, 86, 2212, 86, - 2223, 86, 2221, 86, 2211, 3645, 2213, 2222, 2215, 2216, - 86, 2220, 2217, 2219, 86, 2224, 86, 86, 86, 2226, - 2225, 86, 86, 2229, 2231, 86, 2230, 2238, 2227, 2232, - 86, 2233, 2235, 2228, 2236, 86, 2234, 86, 86, 2240, - 86, 86, 86, 86, 2237, 86, 2242, 2239, 86, 2244, - - 86, 2246, 86, 2241, 2248, 2243, 86, 86, 2249, 86, - 86, 86, 170, 86, 86, 86, 86, 2252, 86, 2256, - 86, 2257, 86, 2258, 2247, 2245, 2251, 2253, 2254, 3645, - 2250, 2262, 2255, 2259, 86, 2260, 86, 86, 86, 86, - 2261, 86, 86, 86, 2263, 2265, 2264, 86, 2267, 86, - 2268, 2266, 86, 2270, 86, 86, 86, 86, 2274, 86, - 86, 2269, 2273, 86, 86, 2275, 2271, 2272, 2276, 2277, - 86, 2279, 86, 2278, 86, 86, 86, 86, 86, 86, - 2280, 2284, 2286, 2281, 2285, 86, 86, 86, 86, 86, - 86, 2291, 86, 2282, 2288, 2283, 2287, 86, 86, 86, - - 86, 2290, 2292, 86, 2289, 86, 2294, 2293, 2295, 86, - 2297, 86, 2296, 2302, 2298, 2299, 2301, 2303, 86, 2300, - 86, 86, 86, 2304, 86, 86, 86, 2310, 86, 86, - 2312, 86, 86, 86, 2313, 2315, 86, 2305, 2306, 2309, - 2307, 2308, 86, 2317, 86, 2311, 86, 2318, 86, 2314, - 2316, 86, 2321, 86, 86, 86, 86, 2320, 86, 86, - 2326, 2323, 86, 86, 2327, 86, 86, 2322, 86, 86, - 86, 2319, 2328, 86, 86, 86, 2325, 2324, 2330, 86, - 2331, 2337, 2333, 2329, 2332, 86, 2338, 86, 2335, 2336, - 86, 2334, 86, 86, 2340, 2343, 2339, 86, 2341, 2346, - - 86, 86, 2345, 86, 2349, 86, 86, 86, 2344, 86, - 2350, 2342, 2352, 2348, 86, 2347, 2353, 86, 86, 86, - 86, 86, 2355, 2351, 2354, 2356, 86, 2358, 2357, 2359, - 86, 2363, 2361, 2360, 86, 86, 2364, 86, 2366, 86, - 86, 86, 86, 86, 2369, 2362, 2368, 86, 2370, 2365, - 86, 86, 2371, 86, 2375, 86, 86, 86, 2379, 86, - 86, 2376, 86, 2380, 86, 86, 2367, 2378, 2372, 2373, - 2377, 86, 86, 2374, 2385, 86, 2383, 2384, 2382, 2381, - 86, 2386, 86, 2387, 86, 2390, 86, 86, 2392, 86, - 86, 86, 2391, 2396, 86, 86, 86, 2388, 2394, 86, - - 2398, 86, 2399, 86, 2389, 86, 2395, 2393, 2397, 86, - 2401, 86, 2400, 2402, 86, 2403, 2406, 86, 2404, 2408, - 86, 2405, 86, 86, 2409, 86, 86, 86, 86, 86, - 86, 2411, 2410, 2414, 2415, 2412, 86, 86, 2407, 2413, - 2419, 86, 86, 2416, 86, 2418, 2417, 86, 86, 86, - 86, 86, 86, 86, 2427, 2420, 86, 86, 86, 86, - 2421, 86, 2422, 2423, 2425, 2428, 2426, 2433, 2429, 86, - 86, 86, 2430, 2424, 2431, 2432, 86, 2434, 86, 2440, - 2438, 86, 2435, 86, 2437, 86, 2439, 2443, 86, 2445, - 86, 86, 2442, 86, 2444, 2436, 86, 86, 86, 86, - - 2448, 2452, 2449, 170, 2456, 3645, 2441, 86, 2454, 2446, - 86, 2450, 2447, 2455, 86, 2457, 86, 86, 2451, 2458, - 86, 86, 2461, 86, 86, 2453, 86, 2462, 2459, 2466, - 86, 86, 2467, 2465, 86, 86, 2470, 2460, 86, 86, - 2472, 2463, 86, 2471, 2473, 86, 2468, 86, 86, 86, - 2475, 2476, 2464, 2469, 2474, 86, 86, 86, 86, 2478, - 86, 86, 86, 86, 86, 2481, 86, 2484, 2477, 86, - 86, 86, 2490, 86, 86, 2488, 86, 2479, 2483, 86, - 2491, 86, 2485, 2480, 2482, 2486, 2487, 86, 86, 2492, - 86, 86, 2493, 2489, 86, 86, 86, 2494, 86, 2499, - - 2502, 86, 2497, 86, 86, 86, 2496, 2495, 2500, 86, - 2498, 2503, 86, 86, 2501, 86, 86, 2504, 86, 86, - 2513, 86, 86, 2505, 2506, 2511, 86, 86, 86, 3645, - 2518, 86, 2507, 2516, 2509, 2515, 2508, 2510, 86, 2512, - 86, 2519, 2514, 86, 2517, 2520, 86, 86, 2521, 86, - 2522, 86, 86, 2523, 2529, 2524, 86, 2527, 2528, 86, - 2530, 86, 86, 2525, 2526, 86, 86, 86, 2534, 2536, - 86, 2535, 86, 2537, 86, 2538, 86, 2531, 86, 2533, - 2532, 2541, 86, 2542, 86, 2539, 86, 86, 2540, 86, - 86, 2543, 2544, 2548, 86, 2549, 86, 86, 2545, 2551, - - 86, 86, 2547, 2553, 86, 86, 86, 2556, 86, 2546, - 86, 2555, 2557, 86, 86, 86, 2550, 86, 86, 2552, - 2554, 86, 86, 2559, 2558, 86, 2563, 2564, 86, 2566, - 86, 2561, 2560, 86, 86, 86, 86, 2562, 2568, 2570, - 2569, 2565, 86, 2567, 86, 2571, 2573, 86, 86, 86, - 2576, 86, 2579, 86, 2574, 2580, 86, 2575, 86, 86, - 2572, 86, 86, 86, 2577, 2586, 86, 2585, 86, 86, - 2578, 86, 86, 2582, 2588, 86, 2581, 2584, 2591, 86, - 86, 86, 2583, 86, 86, 86, 2589, 2587, 2593, 86, - 2590, 86, 2592, 2601, 2594, 86, 2599, 86, 86, 2605, - - 2597, 2595, 2596, 86, 86, 86, 2600, 2602, 2607, 86, - 2606, 86, 86, 86, 2608, 2598, 86, 86, 86, 86, - 86, 2612, 2603, 2614, 2604, 2610, 86, 86, 86, 3645, - 86, 2615, 2616, 2618, 2611, 2617, 2609, 86, 2619, 86, - 2620, 2622, 2623, 2613, 86, 2621, 86, 86, 86, 86, - 86, 2624, 2627, 2625, 86, 86, 86, 86, 86, 86, - 86, 2626, 2634, 2629, 2630, 2631, 2632, 2635, 86, 86, - 2628, 86, 2633, 86, 86, 2636, 86, 2640, 2639, 2637, - 2638, 2641, 86, 2642, 86, 86, 2645, 86, 86, 170, - 2649, 2643, 86, 2644, 2646, 86, 2651, 86, 86, 86, - - 86, 86, 86, 86, 2659, 86, 86, 2652, 2647, 2653, - 2648, 2650, 3645, 2654, 2655, 2657, 86, 2656, 2661, 2658, - 2662, 86, 86, 2663, 86, 2660, 2664, 86, 86, 2666, - 2667, 2665, 2668, 86, 2670, 86, 86, 86, 86, 86, - 2672, 86, 2669, 86, 86, 86, 2676, 86, 2677, 86, - 86, 2671, 86, 2673, 86, 2679, 2680, 2674, 2685, 86, - 86, 2678, 2681, 2675, 2682, 86, 86, 86, 86, 2686, - 86, 2683, 2684, 86, 2688, 2689, 86, 86, 86, 86, - 86, 86, 2691, 86, 86, 86, 2690, 2696, 2687, 86, - 2698, 2699, 86, 2701, 86, 2695, 86, 86, 2692, 2693, - - 2694, 86, 2700, 86, 2697, 86, 86, 2702, 2705, 2707, - 86, 86, 86, 2703, 86, 2711, 2712, 2710, 2708, 2734, - 2704, 86, 86, 86, 86, 86, 2706, 2709, 86, 86, - 2714, 2713, 86, 2715, 86, 2718, 86, 86, 2769, 2716, - 2719, 86, 2720, 2717, 86, 86, 2726, 2721, 2722, 86, - 2724, 86, 86, 86, 86, 2725, 2728, 86, 2723, 2730, - 86, 86, 86, 2729, 86, 2727, 86, 86, 86, 86, - 2739, 86, 86, 2737, 2738, 2741, 2732, 2740, 86, 2731, - 2733, 86, 86, 86, 2743, 86, 86, 86, 2736, 86, - 86, 2746, 2735, 2748, 2745, 86, 86, 2751, 86, 86, - - 86, 2744, 2742, 86, 86, 2752, 2747, 2749, 2750, 2753, - 2754, 2755, 2758, 86, 2757, 86, 86, 86, 2759, 86, - 86, 2756, 86, 2762, 2763, 86, 86, 86, 86, 86, - 86, 2764, 86, 86, 2768, 2760, 2766, 2761, 2765, 86, - 86, 2767, 86, 86, 2770, 2772, 2771, 2773, 2776, 2777, - 86, 2778, 86, 2779, 86, 2780, 86, 86, 86, 2774, - 2775, 86, 86, 2784, 86, 2785, 2783, 86, 2786, 2781, - 86, 86, 86, 86, 86, 3645, 2782, 86, 86, 2793, - 86, 86, 2787, 86, 2789, 2795, 86, 2796, 86, 2798, - 86, 2788, 2797, 2790, 2792, 2791, 2794, 86, 86, 86, - - 86, 86, 86, 2802, 86, 2800, 2803, 2806, 86, 2799, - 86, 2801, 86, 2807, 2808, 86, 86, 86, 86, 86, - 2804, 86, 2805, 2815, 86, 170, 86, 2817, 86, 2811, - 86, 86, 2810, 2813, 86, 86, 2809, 2816, 86, 2818, - 2814, 2812, 2821, 2819, 86, 86, 2820, 2824, 86, 86, - 2826, 86, 2825, 2827, 2828, 86, 2822, 86, 2823, 2829, - 86, 86, 2830, 86, 2831, 86, 2832, 2833, 2834, 86, - 2835, 86, 86, 86, 86, 86, 86, 86, 86, 86, - 2843, 3645, 86, 86, 2836, 2841, 86, 2847, 86, 86, - 2838, 2837, 2848, 2845, 2840, 2839, 86, 2842, 86, 2844, - - 2846, 2849, 86, 2850, 86, 2851, 86, 2852, 2853, 86, - 2855, 86, 86, 2854, 2856, 86, 86, 86, 86, 86, - 86, 86, 2859, 86, 2857, 2866, 86, 2865, 2867, 86, - 2858, 2860, 86, 86, 86, 2861, 2862, 2863, 2864, 2870, - 2871, 86, 2873, 2868, 2872, 86, 86, 86, 86, 86, - 2869, 86, 2874, 86, 2880, 86, 86, 86, 2879, 86, - 86, 86, 2876, 3645, 2875, 2878, 86, 86, 2877, 2888, - 86, 2884, 2886, 86, 86, 2887, 2881, 2882, 86, 2883, - 2889, 2885, 2890, 86, 86, 2891, 86, 86, 86, 86, - 86, 86, 86, 2892, 2895, 2896, 2897, 86, 86, 2894, - - 86, 2902, 2903, 86, 86, 2893, 2906, 86, 2898, 2900, - 86, 2899, 86, 86, 86, 2901, 86, 2909, 2905, 2904, - 86, 2907, 2914, 86, 86, 86, 2912, 2908, 2913, 2910, - 86, 2911, 86, 86, 2919, 86, 86, 86, 2915, 86, - 86, 2923, 86, 2922, 86, 2916, 2921, 86, 2920, 2924, - 86, 86, 2917, 2918, 2926, 86, 2927, 86, 86, 2930, - 2929, 2925, 2932, 86, 86, 2933, 2928, 86, 2935, 86, - 86, 86, 86, 86, 2942, 86, 86, 86, 2931, 86, - 86, 86, 2939, 2936, 2937, 2938, 2940, 86, 2941, 2934, - 2945, 86, 2946, 86, 86, 2944, 2943, 86, 2947, 86, - - 2951, 86, 2949, 86, 86, 86, 86, 2950, 2948, 86, - 2952, 2953, 86, 86, 2955, 2958, 86, 2956, 2960, 2954, - 2957, 2959, 86, 2962, 170, 2961, 86, 86, 86, 86, - 2967, 3645, 2964, 2963, 86, 86, 86, 86, 2969, 2968, - 86, 2972, 86, 2973, 86, 2971, 2965, 2966, 86, 2977, - 2970, 2975, 86, 86, 2978, 86, 2976, 86, 86, 86, - 2982, 2974, 2979, 2980, 86, 86, 86, 86, 2983, 86, - 2984, 86, 86, 2981, 2989, 2990, 2985, 86, 86, 2987, - 86, 86, 2991, 86, 2986, 2993, 86, 86, 2995, 86, - 2992, 86, 2996, 2988, 2994, 86, 86, 86, 86, 86, - - 2998, 2999, 3000, 2997, 86, 86, 86, 3005, 86, 86, - 86, 86, 3002, 3003, 3004, 3007, 3001, 3006, 3009, 86, - 86, 86, 3645, 86, 86, 3010, 86, 3008, 3015, 86, - 3011, 86, 86, 3016, 86, 86, 86, 3020, 86, 86, - 3012, 3013, 3014, 3018, 3019, 3023, 86, 3021, 86, 86, - 3017, 86, 86, 3022, 3030, 3027, 3028, 86, 3024, 3031, - 86, 86, 3033, 3025, 86, 86, 3034, 86, 86, 3026, - 86, 86, 3035, 86, 86, 3040, 3037, 3029, 86, 3032, - 86, 86, 3038, 3041, 86, 86, 86, 3039, 3042, 3045, - 86, 86, 3047, 86, 3645, 3036, 3043, 3049, 86, 3044, - - 86, 3046, 3050, 86, 3051, 86, 86, 86, 86, 3054, - 3052, 3048, 3053, 3055, 86, 86, 3059, 86, 86, 86, - 3057, 3060, 86, 86, 3063, 3064, 86, 86, 3056, 3058, - 3061, 3065, 86, 3066, 86, 86, 86, 86, 3067, 3062, - 3068, 3070, 86, 86, 3073, 86, 86, 3074, 86, 3069, - 3075, 86, 86, 3077, 86, 3071, 86, 86, 3081, 3082, - 86, 3078, 86, 3072, 86, 86, 3083, 3076, 86, 3084, - 3085, 3080, 3086, 86, 3079, 86, 86, 3087, 86, 86, - 3092, 86, 86, 86, 86, 3091, 86, 3094, 3095, 86, - 86, 3088, 3097, 3089, 86, 3096, 3090, 3098, 86, 86, - - 3101, 3100, 86, 86, 86, 86, 3093, 3099, 3104, 86, - 3108, 86, 86, 86, 86, 86, 3110, 3645, 86, 3102, - 3103, 86, 3105, 3107, 3111, 3106, 3109, 3115, 3112, 3114, - 3117, 86, 3116, 86, 3113, 3118, 86, 3119, 3120, 86, - 86, 3121, 86, 3122, 86, 3123, 86, 3124, 86, 3125, - 86, 86, 86, 86, 86, 86, 3127, 3129, 86, 3131, - 86, 86, 86, 3133, 86, 86, 3126, 3130, 3140, 3134, - 3138, 86, 3128, 86, 3132, 3139, 86, 3142, 86, 86, - 86, 3135, 3136, 86, 3137, 3143, 3145, 86, 3141, 86, - 3146, 3147, 86, 86, 3148, 3149, 86, 86, 3144, 86, - - 86, 86, 3150, 3155, 86, 86, 3151, 86, 3152, 3153, - 3156, 86, 86, 86, 3158, 86, 3157, 86, 86, 3154, - 86, 86, 3163, 86, 3160, 3167, 3159, 3164, 86, 3166, - 3161, 3165, 86, 86, 3169, 86, 86, 3162, 3168, 3171, - 86, 86, 3175, 86, 86, 86, 3170, 86, 3173, 86, - 3172, 86, 3182, 3176, 3179, 86, 86, 3177, 86, 3174, - 3180, 86, 86, 86, 86, 86, 3187, 3185, 3183, 3186, - 86, 86, 3178, 86, 86, 3181, 3189, 3191, 86, 3188, - 86, 3192, 3184, 3197, 3193, 86, 3190, 3194, 86, 3195, - 86, 3196, 86, 86, 86, 3201, 86, 86, 3198, 3200, - - 86, 86, 3202, 86, 3199, 3203, 3204, 86, 3206, 86, - 86, 3205, 3210, 86, 3208, 3212, 86, 86, 86, 86, - 86, 3213, 86, 86, 3207, 3214, 86, 3215, 3209, 86, - 3216, 86, 3221, 86, 3218, 86, 86, 86, 3211, 86, - 86, 3219, 3217, 3225, 86, 86, 86, 86, 3222, 3223, - 3224, 3220, 3230, 3226, 3229, 86, 3227, 86, 3232, 86, - 86, 86, 3236, 86, 3228, 3237, 86, 86, 3233, 86, - 86, 3239, 86, 86, 86, 3231, 3240, 86, 3234, 3242, - 3243, 86, 86, 3241, 3245, 86, 3238, 3235, 3246, 86, - 3247, 3244, 86, 86, 3248, 3251, 86, 3250, 3249, 86, - - 3254, 86, 3256, 86, 86, 86, 86, 86, 3253, 86, - 3258, 3261, 86, 3252, 3262, 86, 3264, 86, 86, 3259, - 86, 86, 86, 3257, 3255, 86, 3260, 3267, 86, 86, - 3265, 3268, 86, 3269, 86, 3263, 3271, 86, 86, 3266, - 3273, 3270, 3276, 3274, 86, 86, 86, 86, 86, 3280, - 86, 86, 86, 86, 3282, 3283, 3272, 3278, 3275, 86, - 3284, 86, 3281, 3277, 3287, 3285, 3279, 3288, 86, 86, - 86, 3290, 3289, 86, 86, 3293, 86, 86, 86, 3292, - 86, 3286, 3296, 3294, 86, 3299, 86, 86, 86, 86, - 86, 3291, 86, 3304, 86, 86, 86, 86, 86, 3295, - - 3500, 3297, 3298, 3303, 3300, 3301, 3307, 3308, 86, 3309, - 86, 3306, 3310, 86, 3302, 3305, 86, 86, 86, 3314, - 86, 3311, 86, 3313, 3315, 86, 3316, 86, 3317, 86, - 86, 3312, 3320, 86, 86, 3318, 3322, 86, 86, 3321, - 3324, 86, 3325, 86, 86, 86, 86, 86, 86, 3323, - 86, 3331, 3332, 86, 86, 86, 3319, 86, 86, 86, - 86, 3338, 86, 3326, 3339, 86, 3329, 3327, 3328, 3337, - 3330, 3335, 86, 3341, 3334, 86, 86, 3340, 3336, 86, - 3333, 3344, 86, 3346, 86, 3347, 86, 86, 86, 3350, - 86, 86, 3342, 3348, 3343, 86, 3353, 86, 86, 3352, - - 86, 3349, 3351, 3345, 86, 3354, 86, 86, 3355, 86, - 86, 3356, 86, 86, 3359, 86, 86, 86, 3357, 3361, - 3362, 86, 3360, 86, 86, 86, 86, 3358, 86, 86, - 86, 3371, 3374, 3372, 3363, 3375, 3364, 3365, 86, 3366, - 3367, 86, 3368, 3369, 3370, 86, 86, 86, 3377, 3373, - 3379, 86, 3380, 86, 86, 3382, 86, 86, 3381, 3378, - 86, 3376, 3383, 3385, 86, 3645, 3384, 3387, 86, 3388, - 3389, 86, 86, 3390, 3391, 3386, 86, 3392, 86, 3393, - 3394, 86, 86, 86, 86, 3395, 3398, 86, 3396, 3399, - 86, 86, 3401, 3397, 86, 86, 86, 3405, 86, 86, - - 86, 3404, 86, 86, 3400, 86, 86, 3409, 86, 3408, - 3645, 86, 3414, 86, 3402, 3403, 3413, 3410, 86, 3406, - 3411, 86, 3416, 86, 3412, 3407, 86, 3415, 3417, 86, - 3418, 86, 86, 86, 3423, 3425, 86, 3420, 3419, 3424, - 86, 86, 3421, 86, 86, 3422, 86, 86, 3645, 3429, - 3433, 3426, 3430, 3432, 86, 86, 86, 3428, 3427, 3435, - 86, 3434, 3436, 86, 86, 3431, 86, 3439, 86, 3440, - 86, 3438, 86, 86, 3443, 86, 3444, 86, 86, 3437, - 3645, 3441, 3445, 86, 3446, 86, 3447, 86, 3448, 86, - 86, 3442, 3449, 86, 3450, 86, 3453, 86, 86, 3452, - - 3454, 86, 86, 86, 3451, 3458, 86, 3455, 86, 3460, - 86, 86, 86, 86, 3456, 86, 86, 86, 3464, 3465, - 86, 3467, 86, 3457, 86, 3462, 3461, 3459, 3463, 86, - 3466, 3468, 3469, 86, 3471, 86, 86, 3474, 86, 3473, - 86, 86, 86, 86, 86, 3476, 86, 86, 86, 86, - 3470, 3482, 3475, 3472, 3480, 3481, 86, 86, 3479, 86, - 3477, 86, 3478, 86, 3483, 86, 3486, 86, 3487, 3489, - 86, 86, 3488, 3490, 86, 3491, 86, 3485, 86, 86, - 3493, 86, 3484, 3494, 86, 86, 3492, 3495, 86, 86, - 3499, 86, 3496, 86, 3502, 3498, 86, 86, 86, 86, - - 86, 86, 3503, 3501, 3497, 86, 3511, 86, 3509, 86, - 3504, 86, 86, 3506, 3505, 3508, 3513, 3510, 3515, 86, - 86, 86, 86, 3507, 86, 3517, 3520, 86, 3512, 3516, - 86, 3514, 86, 3521, 86, 3518, 3522, 86, 86, 3523, - 3524, 86, 3519, 3525, 86, 86, 86, 86, 3528, 3526, - 86, 3529, 3527, 86, 3533, 3530, 86, 86, 86, 3531, - 86, 86, 3532, 3536, 3537, 86, 86, 3534, 3535, 3539, - 86, 3540, 86, 3541, 86, 86, 3542, 3538, 3544, 86, - 86, 3547, 86, 86, 3548, 3543, 86, 86, 86, 3551, - 3545, 3552, 86, 86, 3549, 86, 86, 86, 3546, 3557, - - 86, 3556, 3553, 3558, 86, 3554, 3550, 86, 86, 86, - 86, 86, 3555, 86, 3562, 86, 86, 86, 3564, 86, - 86, 86, 3561, 3571, 86, 3569, 3570, 86, 3559, 3560, - 3566, 3563, 3567, 86, 3565, 3568, 86, 3575, 86, 86, - 3577, 86, 3578, 86, 3576, 86, 86, 3572, 3579, 86, - 3580, 3573, 86, 3583, 3581, 3574, 3584, 86, 86, 86, - 3586, 86, 86, 3585, 86, 86, 3587, 86, 86, 3592, - 86, 3582, 3589, 86, 3595, 86, 86, 86, 3596, 86, - 86, 86, 86, 3588, 86, 3597, 3590, 3591, 3598, 3593, - 3594, 86, 86, 3603, 86, 3602, 3599, 86, 86, 3600, - - 3601, 86, 3604, 86, 3607, 86, 3609, 3605, 86, 3610, - 3606, 86, 86, 3614, 86, 3645, 3611, 3608, 86, 3612, - 3613, 86, 86, 3615, 3616, 3617, 86, 86, 3618, 86, - 86, 86, 3623, 86, 3619, 3621, 86, 86, 86, 86, - 86, 86, 3625, 3626, 86, 3629, 3630, 86, 3620, 86, - 3622, 86, 3633, 3634, 86, 3624, 86, 86, 3627, 3628, - 3631, 3636, 86, 3635, 3637, 86, 86, 86, 3632, 86, - 86, 3645, 3639, 3638, 3640, 3645, 3641, 3643, 86, 3644, - 86, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3642, - 47, 47, 47, 47, 47, 47, 47, 52, 52, 52, - - 52, 52, 52, 52, 57, 57, 57, 57, 57, 57, - 57, 63, 63, 63, 63, 63, 63, 63, 68, 68, - 68, 68, 68, 68, 68, 74, 74, 74, 74, 74, - 74, 74, 80, 80, 80, 80, 80, 80, 80, 89, - 89, 3645, 89, 89, 89, 89, 160, 160, 3645, 3645, - 3645, 160, 160, 162, 162, 3645, 3645, 162, 3645, 162, - 164, 3645, 3645, 3645, 3645, 3645, 164, 167, 167, 3645, - 3645, 3645, 167, 167, 169, 3645, 3645, 3645, 3645, 3645, - 169, 171, 171, 3645, 171, 171, 171, 171, 174, 3645, - 3645, 3645, 3645, 3645, 174, 177, 177, 3645, 3645, 3645, - - 177, 177, 90, 90, 3645, 90, 90, 90, 90, 17, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645 - } ; - -static const flex_int16_t yy_chk[7151] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 3, 3, 3, 4, 4, 4, 5, 5, 6, 6, - 5, 3, 6, 24, 4, 24, 24, 5, 24, 6, - 7, 7, 7, 7, 24, 7, 8, 8, 8, 8, - 33, 8, 7, 9, 9, 9, 26, 26, 8, 10, - 10, 10, 19, 29, 9, 33, 19, 29, 3653, 35, - 10, 11, 11, 11, 11, 11, 11, 13, 13, 13, - - 13, 34, 13, 11, 35, 99, 34, 29, 38, 13, - 51, 51, 11, 12, 12, 12, 12, 12, 12, 14, - 14, 14, 14, 99, 14, 12, 15, 15, 15, 38, - 23, 14, 23, 23, 12, 23, 46, 15, 16, 16, - 16, 23, 23, 25, 27, 27, 25, 25, 2962, 16, - 25, 46, 27, 30, 30, 25, 27, 56, 40, 27, - 56, 73, 31, 31, 25, 28, 67, 67, 30, 32, - 28, 31, 40, 32, 28, 73, 32, 28, 92, 28, - 28, 92, 31, 32, 1154, 32, 36, 36, 37, 37, - 28, 45, 45, 37, 97, 36, 45, 97, 41, 41, - - 45, 36, 87, 41, 93, 36, 87, 37, 93, 37, - 39, 39, 42, 41, 41, 39, 41, 42, 96, 39, - 42, 43, 43, 105, 43, 39, 44, 42, 39, 101, - 44, 42, 42, 43, 94, 39, 84, 84, 96, 43, - 44, 94, 105, 101, 44, 44, 62, 192, 62, 62, - 70, 62, 70, 70, 72, 70, 72, 72, 79, 72, - 79, 79, 70, 79, 86, 95, 86, 86, 89, 86, - 89, 89, 192, 89, 100, 86, 102, 95, 98, 89, - 89, 98, 102, 100, 103, 104, 106, 107, 102, 113, - 102, 109, 106, 113, 98, 108, 111, 140, 114, 112, - - 108, 107, 103, 103, 110, 106, 116, 104, 115, 108, - 119, 109, 140, 115, 111, 110, 110, 112, 114, 117, - 116, 118, 117, 110, 122, 117, 120, 118, 123, 119, - 121, 120, 124, 121, 125, 130, 124, 121, 117, 117, - 127, 125, 123, 122, 126, 128, 118, 127, 122, 129, - 132, 120, 131, 121, 128, 130, 131, 126, 134, 133, - 135, 136, 129, 133, 138, 135, 137, 137, 132, 135, - 139, 141, 142, 144, 139, 135, 134, 177, 146, 150, - 151, 136, 143, 139, 138, 143, 144, 145, 149, 139, - 146, 142, 148, 145, 147, 147, 143, 141, 150, 148, - - 143, 151, 152, 153, 149, 153, 155, 154, 156, 157, - 148, 155, 147, 227, 153, 147, 158, 159, 152, 154, - 156, 158, 161, 161, 179, 163, 153, 157, 163, 179, - 165, 159, 165, 165, 227, 165, 168, 168, 170, 181, - 170, 170, 171, 170, 171, 171, 173, 171, 175, 173, - 175, 175, 180, 175, 171, 178, 178, 181, 180, 182, - 183, 184, 185, 186, 187, 189, 188, 180, 183, 190, - 185, 188, 184, 213, 182, 183, 193, 191, 190, 187, - 176, 193, 186, 191, 191, 189, 194, 194, 195, 197, - 196, 213, 196, 197, 195, 196, 198, 198, 197, 199, - - 200, 201, 202, 197, 204, 200, 200, 202, 203, 197, - 197, 199, 196, 203, 205, 206, 204, 209, 207, 208, - 201, 206, 207, 210, 208, 211, 212, 214, 174, 218, - 215, 217, 214, 209, 205, 215, 217, 210, 212, 219, - 211, 212, 216, 216, 206, 220, 216, 224, 216, 218, - 223, 220, 221, 221, 260, 219, 223, 222, 225, 226, - 216, 260, 216, 222, 225, 226, 228, 224, 229, 222, - 230, 231, 228, 229, 226, 231, 230, 232, 233, 235, - 233, 234, 236, 232, 237, 233, 239, 234, 236, 238, - 240, 243, 235, 241, 242, 238, 243, 244, 245, 239, - - 246, 241, 247, 250, 237, 248, 244, 242, 239, 252, - 248, 248, 249, 245, 240, 251, 246, 249, 253, 251, - 254, 250, 247, 255, 253, 256, 258, 257, 258, 255, - 259, 252, 257, 263, 261, 262, 264, 266, 254, 254, - 261, 262, 264, 265, 269, 256, 267, 267, 272, 259, - 269, 266, 263, 268, 268, 265, 270, 271, 273, 271, - 274, 275, 270, 273, 277, 276, 279, 292, 269, 278, - 292, 272, 274, 276, 278, 280, 271, 281, 285, 287, - 275, 280, 282, 281, 277, 283, 284, 282, 286, 279, - 283, 288, 284, 285, 290, 289, 296, 287, 291, 293, - - 299, 293, 286, 289, 291, 288, 294, 294, 295, 297, - 297, 295, 298, 298, 296, 300, 299, 301, 302, 290, - 301, 305, 302, 303, 304, 307, 169, 308, 309, 317, - 300, 307, 303, 304, 309, 310, 311, 310, 318, 312, - 305, 308, 311, 312, 313, 313, 314, 315, 316, 317, - 319, 314, 320, 315, 316, 325, 318, 321, 321, 322, - 312, 323, 322, 324, 326, 320, 328, 324, 327, 327, - 167, 319, 329, 316, 325, 329, 330, 331, 332, 323, - 335, 332, 326, 331, 328, 333, 336, 340, 330, 335, - 337, 338, 329, 341, 338, 337, 338, 333, 334, 339, - - 340, 166, 339, 344, 336, 341, 344, 334, 347, 338, - 334, 342, 338, 342, 342, 334, 334, 334, 334, 343, - 345, 345, 346, 347, 343, 343, 348, 349, 350, 351, - 352, 352, 354, 354, 356, 353, 357, 350, 351, 346, - 353, 348, 346, 358, 349, 349, 355, 355, 358, 359, - 360, 357, 361, 362, 363, 364, 364, 366, 364, 356, - 363, 359, 372, 375, 375, 367, 369, 364, 362, 360, - 367, 369, 361, 368, 364, 370, 372, 366, 371, 368, - 370, 371, 373, 371, 374, 373, 370, 378, 376, 377, - 377, 381, 378, 374, 376, 383, 416, 382, 373, 384, - - 382, 373, 385, 373, 379, 379, 388, 379, 390, 387, - 383, 381, 387, 379, 384, 391, 385, 379, 382, 394, - 388, 416, 379, 390, 391, 379, 380, 380, 387, 380, - 392, 393, 395, 396, 397, 392, 392, 393, 398, 401, - 394, 400, 380, 397, 393, 380, 164, 380, 396, 380, - 389, 395, 389, 389, 399, 405, 402, 398, 407, 401, - 399, 406, 389, 389, 389, 389, 389, 400, 403, 389, - 402, 404, 408, 407, 403, 405, 404, 408, 403, 410, - 409, 406, 411, 411, 412, 410, 413, 414, 418, 417, - 415, 420, 421, 418, 404, 409, 415, 422, 413, 419, - - 419, 414, 419, 423, 412, 417, 162, 424, 421, 424, - 425, 420, 430, 422, 431, 425, 426, 423, 426, 426, - 427, 428, 429, 429, 427, 428, 432, 433, 437, 431, - 434, 430, 438, 440, 437, 443, 426, 440, 435, 160, - 428, 438, 432, 439, 434, 433, 435, 435, 439, 442, - 441, 444, 448, 449, 449, 442, 443, 444, 435, 441, - 435, 436, 446, 445, 447, 446, 436, 445, 450, 447, - 451, 451, 448, 453, 436, 436, 454, 454, 436, 436, - 452, 450, 436, 455, 456, 452, 453, 457, 456, 455, - 458, 459, 460, 462, 461, 461, 459, 460, 463, 464, - - 465, 466, 457, 461, 466, 462, 468, 469, 467, 472, - 468, 458, 465, 467, 470, 470, 471, 464, 463, 469, - 474, 471, 473, 473, 476, 476, 478, 479, 480, 481, - 472, 482, 483, 484, 485, 479, 487, 483, 481, 488, - 489, 491, 474, 495, 490, 492, 485, 478, 495, 480, - 490, 492, 482, 484, 487, 491, 487, 488, 493, 494, - 489, 496, 497, 498, 499, 494, 498, 493, 500, 503, - 497, 501, 506, 497, 504, 496, 502, 504, 499, 505, - 501, 509, 502, 500, 508, 505, 506, 507, 511, 503, - 510, 513, 507, 511, 510, 512, 513, 514, 515, 516, - - 519, 520, 509, 505, 535, 522, 508, 535, 521, 522, - 512, 523, 516, 514, 85, 525, 524, 515, 517, 517, - 519, 524, 520, 521, 517, 526, 517, 528, 529, 526, - 523, 525, 517, 529, 517, 530, 527, 517, 517, 531, - 533, 527, 528, 534, 517, 527, 532, 536, 531, 537, - 539, 530, 532, 529, 530, 533, 541, 532, 543, 534, - 538, 538, 540, 540, 542, 544, 544, 545, 546, 537, - 536, 541, 547, 543, 548, 539, 542, 547, 549, 550, - 553, 551, 559, 548, 554, 558, 545, 551, 554, 553, - 546, 555, 556, 557, 550, 555, 560, 549, 556, 561, - - 558, 559, 562, 563, 564, 557, 565, 563, 565, 566, - 560, 567, 568, 568, 561, 569, 570, 564, 571, 567, - 562, 569, 572, 573, 571, 574, 573, 575, 570, 577, - 576, 578, 577, 566, 572, 576, 579, 80, 580, 574, - 578, 581, 575, 580, 580, 582, 582, 578, 583, 583, - 578, 584, 579, 589, 581, 585, 585, 584, 586, 586, - 587, 590, 588, 591, 594, 593, 587, 588, 588, 592, - 593, 589, 592, 595, 596, 591, 598, 596, 599, 597, - 601, 595, 590, 594, 597, 600, 601, 602, 603, 600, - 604, 605, 603, 607, 607, 606, 605, 599, 608, 598, - - 609, 610, 612, 611, 613, 614, 610, 602, 604, 606, - 615, 614, 616, 608, 618, 615, 620, 617, 612, 621, - 617, 609, 611, 624, 613, 617, 616, 625, 617, 617, - 619, 619, 618, 622, 620, 621, 623, 624, 622, 627, - 628, 623, 625, 629, 630, 627, 629, 631, 630, 628, - 632, 633, 631, 632, 635, 634, 633, 636, 638, 639, - 637, 640, 640, 638, 636, 641, 642, 643, 644, 645, - 630, 634, 635, 637, 641, 646, 647, 648, 645, 639, - 653, 75, 647, 648, 644, 642, 649, 646, 643, 649, - 650, 650, 651, 650, 652, 651, 654, 655, 653, 652, - - 656, 657, 658, 662, 659, 656, 660, 664, 658, 659, - 654, 655, 660, 661, 663, 670, 661, 666, 667, 663, - 657, 665, 74, 664, 668, 673, 665, 665, 662, 668, - 666, 667, 669, 671, 670, 672, 674, 674, 669, 675, - 672, 676, 671, 668, 668, 673, 675, 677, 676, 678, - 677, 679, 680, 681, 683, 678, 685, 680, 681, 681, - 682, 682, 684, 679, 684, 677, 686, 680, 686, 687, - 688, 689, 690, 691, 692, 685, 694, 693, 697, 683, - 692, 693, 695, 696, 698, 694, 700, 687, 688, 689, - 702, 690, 699, 691, 701, 699, 697, 695, 696, 703, - - 701, 700, 704, 698, 699, 705, 706, 707, 708, 710, - 702, 709, 708, 703, 704, 711, 712, 713, 714, 717, - 717, 720, 68, 715, 705, 710, 707, 706, 715, 709, - 716, 719, 721, 711, 712, 712, 713, 714, 718, 722, - 720, 723, 718, 721, 716, 719, 723, 724, 725, 726, - 727, 728, 729, 722, 730, 731, 728, 727, 733, 729, - 731, 732, 726, 724, 734, 735, 732, 725, 736, 738, - 737, 734, 743, 747, 735, 740, 733, 739, 730, 737, - 740, 738, 736, 739, 741, 742, 743, 741, 744, 742, - 745, 754, 746, 752, 747, 748, 748, 744, 749, 749, - - 750, 750, 752, 751, 756, 745, 746, 749, 751, 755, - 754, 758, 757, 759, 760, 755, 757, 764, 762, 761, - 763, 765, 766, 758, 756, 761, 762, 763, 769, 778, - 775, 772, 760, 820, 776, 764, 780, 781, 759, 775, - 776, 820, 766, 769, 779, 780, 765, 767, 772, 767, - 779, 778, 767, 781, 782, 786, 767, 785, 782, 767, - 783, 783, 784, 784, 787, 788, 767, 767, 785, 767, - 789, 791, 792, 786, 793, 796, 789, 792, 787, 794, - 795, 799, 802, 63, 795, 788, 790, 790, 790, 798, - 790, 791, 797, 790, 798, 793, 797, 794, 790, 796, - - 799, 800, 801, 805, 790, 790, 800, 802, 803, 804, - 805, 803, 797, 807, 804, 804, 808, 801, 806, 806, - 810, 808, 809, 809, 811, 810, 812, 811, 807, 813, - 813, 812, 814, 815, 814, 816, 817, 818, 822, 819, - 817, 821, 821, 824, 824, 815, 823, 825, 827, 826, - 828, 830, 830, 822, 816, 835, 828, 818, 819, 829, - 823, 826, 831, 834, 829, 825, 833, 831, 831, 834, - 827, 833, 836, 838, 835, 837, 840, 841, 836, 838, - 837, 839, 840, 844, 839, 841, 842, 842, 843, 843, - 845, 844, 846, 848, 847, 849, 850, 846, 847, 851, - - 848, 852, 852, 854, 856, 853, 855, 855, 845, 857, - 856, 854, 850, 849, 853, 858, 860, 861, 851, 862, - 864, 865, 867, 863, 865, 860, 861, 857, 863, 864, - 866, 868, 869, 870, 858, 866, 867, 872, 874, 871, - 875, 869, 877, 862, 871, 871, 870, 873, 873, 876, - 878, 872, 879, 874, 883, 879, 868, 885, 876, 875, - 881, 886, 881, 879, 882, 882, 877, 884, 878, 887, - 888, 889, 884, 890, 891, 883, 892, 893, 885, 894, - 892, 886, 890, 58, 895, 896, 898, 897, 899, 887, - 895, 889, 888, 902, 896, 893, 900, 891, 894, 897, - - 901, 902, 898, 903, 904, 906, 901, 899, 907, 904, - 900, 905, 905, 908, 909, 910, 911, 903, 912, 913, - 916, 914, 908, 910, 906, 915, 916, 917, 907, 918, - 920, 919, 921, 917, 909, 924, 911, 919, 913, 924, - 912, 914, 922, 918, 920, 915, 925, 923, 922, 926, - 927, 928, 921, 923, 930, 927, 929, 929, 931, 932, - 930, 926, 932, 933, 931, 925, 934, 935, 936, 926, - 937, 937, 928, 935, 938, 939, 942, 945, 941, 934, - 939, 933, 940, 941, 941, 940, 943, 946, 936, 948, - 943, 942, 938, 944, 944, 950, 947, 951, 940, 945, - - 940, 947, 953, 954, 955, 957, 957, 946, 948, 958, - 964, 951, 959, 958, 961, 953, 960, 960, 962, 950, - 966, 963, 962, 954, 964, 955, 956, 959, 965, 956, - 57, 956, 968, 965, 966, 956, 963, 956, 967, 961, - 969, 968, 956, 967, 967, 970, 973, 956, 971, 970, - 972, 974, 975, 976, 969, 972, 974, 977, 973, 978, - 52, 970, 979, 971, 980, 972, 975, 979, 978, 982, - 980, 977, 981, 983, 976, 982, 986, 981, 985, 983, - 984, 984, 986, 985, 987, 988, 991, 989, 992, 993, - 994, 995, 995, 992, 996, 998, 999, 1000, 991, 996, - - 1001, 997, 994, 993, 988, 989, 987, 990, 990, 997, - 999, 998, 1002, 990, 1003, 990, 1000, 1004, 1005, 1001, - 1003, 990, 1004, 1006, 1007, 1008, 990, 990, 1002, 1009, - 1005, 1010, 1010, 990, 1011, 1012, 1014, 1016, 1011, 1017, - 1007, 1006, 1014, 1008, 1017, 1015, 1018, 1009, 1015, 1020, - 1021, 1019, 1023, 1024, 1020, 1012, 1016, 1019, 1025, 1018, - 1026, 1023, 1024, 1027, 1028, 1029, 1026, 1030, 1031, 1021, - 1029, 1032, 1027, 1033, 1025, 1034, 1037, 1035, 1042, 1043, - 1040, 1045, 1031, 1028, 1034, 1033, 1035, 1030, 1036, 1038, - 1046, 1032, 1042, 1037, 1036, 1038, 1040, 1044, 1047, 1043, - - 1045, 1049, 1044, 1048, 1046, 1050, 1049, 1053, 1054, 1056, - 1050, 1058, 1053, 1055, 1055, 1056, 1047, 1054, 1048, 1057, - 1058, 1059, 1060, 1062, 1063, 1057, 1066, 1065, 1065, 1063, - 1063, 1065, 1068, 1069, 1067, 1060, 1059, 1067, 1070, 1062, - 1071, 1066, 1072, 1074, 1073, 1075, 1068, 1077, 1082, 1074, - 1076, 1082, 1078, 1069, 1070, 1072, 1076, 1078, 1071, 1073, - 1079, 1083, 1077, 1081, 1081, 1075, 1084, 1085, 1086, 1087, - 1088, 1084, 1085, 1090, 1079, 1088, 1089, 1092, 1087, 1093, - 1094, 1089, 1083, 1092, 1086, 1090, 1094, 1095, 1096, 1096, - 1097, 1098, 1101, 1095, 1099, 1093, 1102, 1099, 1103, 1097, - - 1100, 1100, 1104, 1105, 47, 1104, 1106, 1107, 1108, 1098, - 1101, 1116, 1106, 1107, 1108, 1102, 1105, 1109, 1103, 1110, - 1111, 1113, 1109, 1112, 1110, 1115, 1111, 1113, 1112, 1116, - 1115, 1117, 1118, 1121, 1119, 1120, 1120, 1122, 1118, 1119, - 1123, 1124, 1121, 1125, 1126, 1123, 1122, 1126, 1129, 1127, - 1128, 1117, 1127, 1129, 1130, 1131, 1132, 1133, 1134, 1124, - 1138, 1128, 1125, 1133, 1134, 1135, 1136, 1131, 1137, 1137, - 1139, 1136, 1130, 1140, 1141, 1132, 1143, 1142, 1144, 1138, - 1135, 1142, 1145, 1146, 1139, 1140, 1148, 1144, 1149, 1149, - 1150, 1151, 1141, 1153, 1143, 1152, 1151, 1155, 1150, 1156, - - 1152, 1145, 1158, 1157, 1161, 1148, 1162, 1158, 1146, 1159, - 1164, 1155, 1162, 1153, 1156, 1157, 1160, 1160, 1159, 1163, - 1168, 1166, 1165, 1166, 1161, 1163, 1164, 1165, 1167, 1169, - 1170, 1171, 1172, 1167, 1168, 1170, 1175, 1173, 1174, 1177, - 1177, 1179, 1178, 1169, 1173, 1180, 1171, 1182, 1181, 1186, - 1186, 1172, 1183, 1174, 1181, 1175, 1178, 1183, 1185, 1179, - 1180, 1190, 1185, 1189, 1187, 1192, 1183, 1182, 1183, 1187, - 1189, 1183, 1188, 1188, 1191, 1190, 1193, 1191, 1194, 1196, - 1195, 1197, 1198, 1200, 1192, 1195, 1199, 1194, 1198, 1201, - 1202, 1199, 1207, 1197, 1193, 1204, 1204, 1200, 1196, 1205, - - 1201, 1206, 1208, 1211, 1205, 1212, 1206, 1208, 1210, 1202, - 1209, 1213, 1207, 1214, 1209, 1216, 1214, 1210, 1211, 1215, - 1212, 1217, 1216, 1218, 1219, 1214, 1220, 1224, 1222, 1221, - 1213, 1223, 1225, 1217, 1215, 1221, 1227, 1223, 1228, 1226, - 1230, 1229, 1218, 1222, 1220, 1219, 1231, 1224, 1226, 1232, - 1233, 1227, 1225, 1229, 1234, 1236, 1233, 1228, 1237, 1230, - 1239, 1236, 1238, 1240, 1232, 1241, 1243, 1242, 1239, 1245, - 1299, 1231, 1242, 1237, 1234, 1246, 1238, 1247, 1243, 1244, - 1250, 1241, 1299, 1240, 1244, 1244, 1248, 1248, 1245, 1246, - 1247, 1249, 1249, 1250, 1251, 1252, 1249, 1253, 1253, 1249, - - 1249, 1252, 1254, 1251, 1249, 1256, 1255, 1254, 1257, 1260, - 1249, 1256, 1258, 1257, 1249, 1255, 1263, 1258, 1259, 1259, - 1261, 1261, 1262, 1264, 1266, 1262, 1265, 1262, 1267, 1268, - 1260, 1269, 1265, 1266, 1268, 1270, 1263, 1271, 1272, 1275, - 1276, 1264, 1273, 1271, 1272, 1269, 1274, 1273, 1267, 1276, - 1274, 1278, 1275, 1270, 1276, 1285, 1276, 1277, 1276, 1281, - 1276, 1284, 1277, 1279, 1279, 1278, 1280, 1280, 1283, 1280, - 1281, 1286, 1283, 1287, 1288, 1285, 1284, 1289, 1290, 1288, - 1288, 1292, 1287, 1291, 1293, 1294, 1289, 1295, 1291, 1286, - 1297, 1296, 18, 1293, 1300, 1292, 1297, 1298, 1298, 1301, - - 1290, 1303, 1300, 1302, 1294, 1296, 1295, 1304, 1302, 1306, - 1305, 1307, 1316, 1301, 1308, 1303, 1304, 1305, 1310, 1308, - 1309, 1309, 1311, 1311, 1312, 1314, 1312, 1306, 1314, 1315, - 1317, 1316, 1319, 1310, 1315, 1323, 1307, 1318, 1318, 1317, - 1320, 1320, 1321, 1321, 1322, 1324, 1325, 1326, 1326, 1322, - 1327, 1328, 1319, 1330, 1329, 1331, 1323, 1329, 1332, 1335, - 1333, 1331, 1334, 1332, 1334, 1338, 1324, 1325, 1328, 1333, - 1327, 1337, 1339, 1330, 1337, 1341, 1340, 1335, 1342, 1343, - 1338, 1340, 1349, 1342, 1405, 1339, 1344, 1343, 1405, 1341, - 1345, 1344, 1346, 1345, 1347, 1347, 1348, 1346, 1350, 1351, - - 1349, 1348, 1352, 1354, 1350, 1355, 1351, 1356, 1357, 1354, - 1358, 1355, 1356, 1357, 1359, 1352, 1358, 1360, 1361, 1362, - 1362, 1363, 1365, 1359, 1366, 1367, 1369, 1365, 1368, 1361, - 1370, 1371, 1372, 1373, 1375, 1367, 1360, 1371, 1372, 1373, - 1375, 1363, 1366, 1368, 1376, 1377, 1369, 1378, 1379, 1380, - 1381, 1382, 1382, 1370, 1383, 1384, 1386, 1385, 1376, 1388, - 1379, 1386, 1391, 1380, 1376, 1377, 1389, 1378, 1381, 1387, - 1387, 1389, 1392, 1393, 1383, 1385, 1394, 1392, 1392, 1395, - 1384, 1391, 1388, 1396, 1397, 1394, 1398, 1395, 1399, 1400, - 1401, 1393, 1401, 1399, 1402, 1408, 1399, 1396, 1400, 1397, - - 1404, 1398, 1406, 1409, 1398, 1407, 1404, 1410, 1402, 1414, - 1407, 1407, 1411, 1406, 1408, 1412, 1413, 1411, 1415, 1416, - 1412, 1413, 1417, 1419, 1416, 1410, 1420, 1414, 1421, 1409, - 1422, 1422, 1423, 1424, 1425, 1426, 1423, 1419, 1415, 1428, - 1427, 1426, 1417, 1429, 1420, 1430, 1421, 1433, 1431, 1432, - 1435, 1424, 1427, 1425, 1437, 1428, 1434, 1435, 1438, 1430, - 1436, 1434, 1429, 1431, 1432, 1436, 1433, 1439, 1440, 1440, - 1441, 1442, 1437, 1443, 1444, 1444, 1439, 1445, 1446, 1438, - 1442, 1447, 1451, 1445, 1446, 1441, 1448, 1448, 1449, 1449, - 1450, 1452, 1453, 1443, 1454, 1447, 1450, 1453, 1451, 1455, - - 1454, 1456, 1457, 1457, 1463, 1455, 1462, 1456, 1458, 1458, - 1460, 1460, 1452, 1461, 1464, 1462, 1466, 1461, 1465, 1469, - 1467, 1470, 1463, 1468, 1468, 1473, 1464, 1467, 1458, 1470, - 1458, 1466, 1465, 1471, 1472, 1474, 1476, 1475, 1471, 1469, - 1474, 1474, 1475, 1475, 1473, 1477, 1477, 1478, 1472, 1479, - 1480, 1482, 1481, 1483, 1484, 1485, 1476, 1481, 1486, 1480, - 1487, 1485, 1488, 1486, 1490, 1489, 1478, 1493, 1479, 1491, - 1482, 1489, 1484, 1483, 1494, 1491, 1492, 1495, 1496, 1497, - 1487, 1498, 1492, 1490, 1499, 1500, 1493, 1503, 1488, 1501, - 1501, 1502, 1504, 1494, 1502, 1498, 1495, 1496, 1497, 1508, - - 1500, 1505, 1506, 1506, 1508, 1499, 1503, 1507, 1507, 1510, - 1509, 1504, 1511, 1505, 1509, 1512, 1513, 1514, 1518, 1514, - 1516, 1517, 1510, 1514, 1512, 1519, 1517, 1511, 1520, 1513, - 1521, 1521, 1522, 1518, 1523, 1524, 1514, 1522, 1516, 1525, - 1523, 1526, 1528, 1527, 1520, 1519, 1528, 1526, 1527, 1529, - 1524, 1530, 1525, 1529, 1531, 1532, 1533, 1534, 1535, 1535, - 1537, 1539, 1540, 1534, 1532, 1541, 1541, 1540, 1542, 1543, - 1547, 1530, 1531, 1547, 1542, 1549, 1533, 1550, 1537, 1545, - 1545, 1551, 1539, 1548, 1548, 1553, 1554, 1556, 1553, 1543, - 1555, 1549, 1557, 1550, 1558, 1558, 1556, 1551, 1559, 1560, - - 1561, 1562, 1563, 1564, 1565, 1565, 1562, 1554, 1566, 1564, - 1555, 1567, 1557, 1559, 1569, 1568, 1563, 1566, 1570, 1561, - 1560, 1571, 1571, 1572, 1573, 1575, 1574, 1576, 1576, 1567, - 1568, 1574, 1577, 1578, 1579, 1579, 1577, 1572, 1570, 1569, - 1575, 1580, 1573, 1581, 1582, 1583, 1584, 1585, 1589, 1583, - 1587, 1587, 1585, 1578, 1588, 1582, 1591, 1588, 1592, 1590, - 1593, 1589, 1581, 1580, 1590, 1584, 1594, 1595, 1596, 1597, - 1597, 1599, 1591, 1598, 1593, 1600, 1592, 1603, 1598, 1601, - 1601, 1595, 1603, 1602, 1604, 1594, 1594, 1605, 1608, 1605, - 1607, 1599, 1602, 1596, 1606, 1600, 1607, 1609, 1611, 1606, - - 1612, 1612, 1613, 1609, 1604, 1614, 1617, 1621, 1608, 1616, - 1620, 1614, 1611, 1622, 1616, 1618, 1618, 1619, 1619, 1623, - 1625, 1613, 1623, 1626, 1620, 1621, 1624, 1624, 1622, 1627, - 1617, 1629, 1635, 1628, 1633, 1626, 1628, 1629, 1625, 1628, - 1630, 1631, 1634, 1633, 1631, 1630, 1638, 1634, 1646, 1627, - 1636, 1628, 1639, 1636, 1637, 1637, 1640, 1635, 1639, 1641, - 1631, 1646, 1640, 1644, 1641, 1642, 1642, 1643, 1643, 1644, - 1638, 1645, 1647, 1648, 1649, 1650, 1645, 1651, 1650, 1652, - 1653, 1656, 1654, 1651, 1660, 1652, 1653, 1654, 1657, 1655, - 1647, 1661, 1648, 1657, 1649, 1655, 1658, 1658, 1659, 1662, - - 1663, 1664, 1660, 1659, 1656, 1665, 1667, 1666, 1668, 1669, - 1670, 1661, 1670, 1669, 1674, 1664, 1671, 1676, 1662, 1665, - 1663, 1666, 1672, 1678, 1667, 1675, 1674, 1681, 1677, 1672, - 1676, 1679, 1680, 1668, 1677, 1671, 1682, 1675, 1687, 1682, - 1684, 1681, 1689, 1678, 1683, 1683, 1691, 1679, 1688, 1684, - 1686, 1686, 1680, 1688, 1689, 1690, 1690, 1682, 1687, 1692, - 1693, 1691, 1694, 1695, 1696, 1699, 1698, 1697, 1701, 1703, - 1705, 1705, 1695, 1692, 1697, 1698, 1706, 1706, 1698, 1696, - 1694, 1699, 1704, 1701, 1693, 1704, 1707, 1708, 1701, 1709, - 1710, 1710, 1709, 1711, 1703, 1712, 1713, 1714, 1707, 1715, - - 1714, 1713, 1716, 1717, 1715, 1708, 1711, 1718, 1719, 1721, - 1724, 1720, 1723, 1723, 1712, 1725, 1718, 1724, 1721, 1717, - 1720, 1716, 1722, 1720, 1726, 1727, 1728, 1719, 1722, 1729, - 1732, 1731, 1735, 1730, 1736, 1725, 1731, 1726, 1730, 1730, - 1728, 1738, 1732, 1727, 1738, 1729, 1737, 1737, 1739, 1740, - 1741, 1741, 1736, 1742, 1742, 1741, 1744, 1735, 1740, 1745, - 1743, 1744, 1746, 1747, 1739, 1748, 1750, 1751, 1742, 1743, - 1748, 1748, 1743, 1752, 1753, 1754, 1756, 1745, 1755, 1753, - 1750, 1747, 1751, 1746, 1755, 1757, 1757, 1758, 1760, 1754, - 1764, 1759, 1761, 1758, 1756, 1752, 1759, 1762, 1761, 1765, - - 1766, 1767, 1760, 1762, 1771, 1773, 1766, 1774, 1768, 1769, - 1764, 1768, 1771, 1765, 1767, 1769, 1775, 1768, 1777, 1776, - 1778, 1779, 1780, 1777, 1773, 1781, 1774, 1776, 1782, 1778, - 1783, 1780, 1784, 1784, 1779, 1775, 1790, 1785, 1781, 1786, - 1788, 1791, 1782, 1785, 1783, 1786, 1787, 1789, 1789, 1787, - 1792, 1793, 1793, 1788, 1784, 1794, 1790, 1795, 1796, 1791, - 1797, 1798, 1801, 1795, 1800, 1800, 1802, 1803, 1794, 1792, - 1802, 1804, 1803, 1805, 1807, 1808, 1797, 1810, 1805, 1798, - 1796, 1806, 1801, 1807, 1811, 1813, 1806, 1812, 1810, 1814, - 1812, 1804, 1816, 1811, 1815, 1815, 1817, 1813, 1808, 1818, - - 1819, 1819, 1820, 1821, 1814, 1822, 1825, 1823, 1817, 1826, - 1821, 1816, 1828, 1829, 1827, 1830, 1820, 1822, 1818, 1823, - 1827, 1830, 1831, 1831, 1828, 1825, 1836, 1832, 1839, 1826, - 1832, 1829, 1833, 1833, 1835, 1836, 1837, 1838, 1838, 1835, - 1839, 1840, 1837, 1840, 1841, 1842, 1843, 1841, 1844, 1845, - 1846, 1847, 1848, 1852, 1851, 1846, 1847, 1849, 1850, 1851, - 1853, 1848, 1852, 1856, 1858, 1842, 1844, 1845, 1843, 1849, - 1858, 1854, 1855, 1850, 1859, 1852, 1854, 1855, 1856, 1862, - 1853, 1857, 1857, 1854, 1861, 1863, 1864, 1865, 1866, 1867, - 1866, 1868, 1868, 1869, 1869, 1859, 1870, 1870, 1862, 1871, - - 1861, 1874, 1864, 1867, 1863, 1867, 1875, 1865, 1872, 1872, - 1873, 1873, 1876, 1877, 1877, 1879, 1878, 1883, 1882, 1871, - 1878, 1879, 1874, 1880, 1882, 1884, 1880, 1875, 1886, 1885, - 1889, 1884, 1892, 1876, 1885, 1883, 1887, 1888, 1888, 1887, - 1890, 1891, 1891, 1893, 1894, 1890, 1895, 1892, 1900, 1894, - 1889, 1895, 1897, 1886, 1896, 1896, 1898, 1897, 1899, 1902, - 1901, 1903, 1898, 1904, 1893, 1905, 1906, 1903, 1900, 1907, - 1899, 1899, 1899, 1906, 1907, 1909, 1910, 1899, 1901, 1902, - 1909, 1909, 1911, 1904, 1912, 1905, 1912, 1913, 1914, 1915, - 1910, 1916, 1917, 1918, 1920, 1915, 1922, 1911, 1913, 1923, - - 1916, 1919, 1919, 1914, 1921, 1921, 1924, 1924, 1925, 1925, - 1926, 1930, 1917, 1931, 1918, 1933, 1922, 1929, 1929, 1934, - 1920, 1923, 1931, 1935, 1933, 1936, 1937, 1937, 1938, 1935, - 1926, 1939, 1940, 1941, 1942, 1944, 1930, 1943, 1943, 1940, - 1934, 1936, 1941, 1945, 1947, 1949, 1939, 1948, 1950, 1938, - 1947, 1949, 1948, 1955, 1953, 1951, 1953, 1952, 1956, 1945, - 1942, 1944, 1951, 1952, 1956, 1957, 1957, 1959, 1950, 1958, - 1960, 1961, 1955, 1962, 1958, 1963, 1959, 1964, 1963, 1965, - 1966, 1967, 1965, 1968, 1968, 1960, 1971, 1969, 1970, 1964, - 1972, 1961, 1962, 1969, 1970, 1973, 1975, 1976, 1966, 1973, - - 1978, 1978, 1979, 1977, 1980, 1972, 1971, 1967, 1977, 1981, - 1983, 1985, 1985, 1984, 1986, 1973, 1975, 1984, 1987, 1976, - 1986, 1988, 1988, 1980, 1981, 1990, 1979, 1987, 1989, 1983, - 1991, 1991, 1989, 1992, 1993, 1995, 1990, 1994, 1996, 1997, - 1995, 1990, 1998, 1999, 2003, 2000, 2001, 2002, 1993, 1999, - 2004, 2004, 2002, 2010, 1992, 17, 1994, 2003, 1996, 1997, - 2008, 2001, 1998, 2000, 2005, 2005, 2006, 2009, 2019, 2008, - 2006, 2011, 2020, 2010, 2012, 2012, 2011, 2020, 2009, 2014, - 2014, 2015, 2016, 2009, 2018, 2021, 2015, 2015, 2016, 2022, - 2018, 2024, 2025, 2026, 2019, 2022, 2025, 2021, 2027, 2027, - - 2028, 2029, 2030, 2024, 2031, 2026, 2034, 2029, 2032, 2032, - 2031, 2033, 2035, 2039, 2040, 2036, 2038, 2035, 2042, 2040, - 2046, 2042, 2043, 2043, 2030, 2028, 2034, 2036, 2038, 0, - 2033, 2047, 2039, 2044, 2044, 2045, 2045, 2047, 2048, 2050, - 2046, 2049, 2051, 2053, 2048, 2050, 2049, 2055, 2053, 2056, - 2055, 2051, 2057, 2057, 2059, 2060, 2063, 2061, 2062, 2062, - 2068, 2056, 2061, 2064, 2065, 2063, 2059, 2060, 2064, 2065, - 2066, 2067, 2067, 2066, 2069, 2070, 2071, 2072, 2075, 2073, - 2068, 2072, 2074, 2069, 2073, 2076, 2077, 2078, 2074, 2081, - 2080, 2080, 2084, 2070, 2076, 2071, 2075, 2082, 2088, 2083, - - 2090, 2078, 2080, 2087, 2077, 2086, 2082, 2081, 2083, 2085, - 2085, 2089, 2084, 2090, 2086, 2087, 2089, 2093, 2093, 2088, - 2095, 2096, 2097, 2095, 2098, 2101, 2100, 2102, 2103, 2104, - 2104, 2106, 2105, 2102, 2105, 2107, 2107, 2096, 2097, 2101, - 2098, 2100, 2108, 2110, 2110, 2103, 2111, 2111, 2113, 2106, - 2108, 2114, 2115, 2116, 2117, 2118, 2119, 2114, 2115, 2120, - 2120, 2117, 2122, 2121, 2121, 2127, 2123, 2116, 2124, 2125, - 2126, 2113, 2121, 2131, 2129, 2134, 2119, 2118, 2123, 2128, - 2124, 2130, 2126, 2122, 2125, 2135, 2130, 2130, 2128, 2129, - 2136, 2127, 2132, 2139, 2132, 2134, 2131, 2138, 2132, 2137, - - 2137, 2140, 2136, 2142, 2140, 2141, 2146, 2144, 2135, 2152, - 2141, 2132, 2144, 2139, 2145, 2138, 2145, 2147, 2148, 2150, - 2153, 2154, 2147, 2142, 2146, 2148, 2156, 2152, 2150, 2153, - 2155, 2157, 2155, 2154, 2159, 2160, 2159, 2157, 2161, 2161, - 2162, 2163, 2164, 2165, 2164, 2156, 2163, 2166, 2165, 2160, - 2167, 2168, 2166, 2169, 2170, 2173, 2171, 2172, 2174, 2177, - 2170, 2171, 2178, 2174, 2174, 2179, 2162, 2173, 2167, 2168, - 2172, 2175, 2182, 2169, 2180, 2180, 2178, 2179, 2177, 2175, - 2181, 2181, 2183, 2182, 2184, 2185, 2187, 2186, 2187, 2188, - 2189, 2185, 2186, 2190, 2190, 2196, 2191, 2183, 2189, 2192, - - 2192, 2193, 2193, 2194, 2184, 2195, 2189, 2188, 2191, 2199, - 2195, 2198, 2194, 2196, 2200, 2198, 2200, 2201, 2199, 2202, - 2203, 2199, 2204, 2205, 2202, 2202, 2212, 2207, 2208, 2209, - 2211, 2204, 2203, 2208, 2209, 2205, 2213, 2215, 2201, 2207, - 2214, 2214, 2216, 2211, 2217, 2213, 2212, 2218, 2219, 2222, - 2220, 2221, 2226, 2224, 2222, 2215, 2225, 2236, 2229, 2230, - 2216, 2238, 2217, 2218, 2220, 2224, 2221, 2229, 2225, 2227, - 2228, 2237, 2226, 2219, 2227, 2228, 2233, 2230, 2235, 2238, - 2236, 2239, 2233, 2240, 2235, 2242, 2237, 2241, 2241, 2243, - 2243, 2244, 2240, 2245, 2242, 2233, 2246, 2247, 2248, 2250, - - 2246, 2251, 2247, 2252, 2254, 0, 2239, 2251, 2253, 2244, - 2254, 2248, 2245, 2253, 2253, 2255, 2256, 2258, 2250, 2256, - 2257, 2255, 2261, 2261, 2263, 2252, 2262, 2262, 2257, 2264, - 2264, 2265, 2265, 2263, 2266, 2267, 2268, 2258, 2269, 2270, - 2270, 2262, 2268, 2269, 2271, 2271, 2266, 2275, 2276, 2272, - 2273, 2275, 2262, 2267, 2272, 2277, 2273, 2278, 2280, 2277, - 2281, 2282, 2284, 2283, 2285, 2281, 2287, 2284, 2276, 2286, - 2288, 2289, 2290, 2290, 2292, 2288, 2291, 2278, 2283, 2294, - 2291, 2295, 2285, 2280, 2282, 2286, 2287, 2293, 2296, 2292, - 2297, 2298, 2293, 2289, 2299, 2300, 2301, 2294, 2305, 2299, - - 2302, 2302, 2297, 2304, 2306, 2307, 2296, 2295, 2300, 2308, - 2298, 2304, 2309, 2312, 2301, 2310, 2311, 2305, 2313, 2319, - 2314, 2322, 2318, 2306, 2307, 2312, 2314, 2316, 2321, 0, - 2321, 2327, 2308, 2319, 2310, 2318, 2309, 2311, 2320, 2313, - 2326, 2322, 2316, 2324, 2320, 2323, 2323, 2325, 2324, 2328, - 2325, 2329, 2332, 2326, 2332, 2327, 2330, 2330, 2331, 2331, - 2333, 2333, 2334, 2328, 2329, 2335, 2336, 2337, 2337, 2339, - 2339, 2337, 2340, 2340, 2341, 2341, 2342, 2334, 2348, 2336, - 2335, 2343, 2343, 2344, 2344, 2342, 2345, 2347, 2342, 2349, - 2350, 2345, 2347, 2351, 2351, 2352, 2352, 2353, 2348, 2354, - - 2354, 2355, 2350, 2356, 2356, 2357, 2358, 2359, 2359, 2349, - 2361, 2358, 2360, 2360, 2362, 2363, 2353, 2364, 2365, 2355, - 2357, 2367, 2369, 2362, 2361, 2371, 2367, 2368, 2368, 2370, - 2370, 2364, 2363, 2372, 2373, 2377, 2374, 2365, 2372, 2374, - 2373, 2369, 2378, 2371, 2375, 2375, 2376, 2376, 2379, 2381, - 2379, 2382, 2383, 2383, 2377, 2384, 2386, 2378, 2387, 2388, - 2375, 2384, 2389, 2390, 2381, 2391, 2391, 2390, 2392, 2393, - 2382, 2394, 2398, 2387, 2393, 2395, 2386, 2389, 2397, 2397, - 2400, 2399, 2388, 2401, 2402, 2403, 2394, 2392, 2399, 2404, - 2395, 2407, 2398, 2407, 2400, 2405, 2405, 2406, 2411, 2410, - - 2403, 2401, 2402, 2412, 2408, 2410, 2406, 2408, 2412, 2413, - 2411, 2414, 2415, 2416, 2413, 2404, 2417, 2418, 2420, 2426, - 2423, 2417, 2408, 2420, 2408, 2415, 2421, 2422, 2431, 0, - 2427, 2421, 2422, 2424, 2416, 2423, 2414, 2429, 2425, 2424, - 2426, 2428, 2429, 2418, 2425, 2427, 2430, 2428, 2432, 2433, - 2434, 2430, 2433, 2431, 2435, 2436, 2437, 2438, 2439, 2444, - 2446, 2432, 2440, 2435, 2436, 2437, 2438, 2441, 2440, 2447, - 2434, 2442, 2439, 2441, 2456, 2442, 2448, 2448, 2447, 2444, - 2446, 2449, 2450, 2450, 2451, 2452, 2452, 2449, 2454, 2453, - 2456, 2450, 2459, 2451, 2453, 2457, 2458, 2458, 2463, 2468, - - 2460, 2462, 2464, 2465, 2468, 2469, 2470, 2459, 2454, 2460, - 2454, 2457, 0, 2462, 2463, 2465, 2467, 2464, 2470, 2467, - 2471, 2471, 2472, 2472, 2476, 2469, 2474, 2474, 2475, 2476, - 2477, 2475, 2478, 2479, 2480, 2480, 2477, 2481, 2478, 2482, - 2482, 2483, 2479, 2484, 2485, 2486, 2486, 2488, 2487, 2496, - 2489, 2481, 2491, 2483, 2487, 2489, 2491, 2484, 2496, 2492, - 2497, 2488, 2492, 2485, 2493, 2493, 2494, 2495, 2498, 2497, - 2499, 2494, 2495, 2501, 2499, 2500, 2500, 2503, 2504, 2505, - 2506, 2507, 2503, 2508, 2509, 2510, 2501, 2508, 2498, 2514, - 2510, 2511, 2513, 2513, 2515, 2507, 2512, 2511, 2504, 2505, - - 2506, 2516, 2512, 2517, 2509, 2518, 2521, 2514, 2517, 2519, - 2519, 2522, 2523, 2515, 2558, 2524, 2525, 2523, 2521, 2558, - 2516, 2524, 2525, 2526, 2529, 2531, 2518, 2522, 2527, 2532, - 2527, 2526, 2539, 2529, 2533, 2533, 2599, 2534, 2599, 2531, - 2534, 2535, 2535, 2532, 2537, 2538, 2544, 2537, 2538, 2540, - 2540, 2543, 2544, 2545, 2547, 2543, 2546, 2546, 2539, 2550, - 2550, 2552, 2554, 2547, 2555, 2545, 2559, 2560, 2561, 2562, - 2563, 2563, 2571, 2561, 2562, 2567, 2554, 2565, 2565, 2552, - 2555, 2567, 2568, 2569, 2569, 2570, 2572, 2574, 2560, 2580, - 2575, 2572, 2559, 2575, 2571, 2576, 2577, 2578, 2578, 2585, - - 2581, 2570, 2568, 2584, 2582, 2580, 2574, 2576, 2577, 2581, - 2582, 2583, 2587, 2587, 2585, 2588, 2589, 2583, 2588, 2590, - 2595, 2584, 2592, 2592, 2593, 2593, 2594, 2596, 2597, 2598, - 2600, 2594, 2601, 2602, 2598, 2589, 2596, 2590, 2595, 2604, - 2605, 2597, 2603, 2606, 2600, 2602, 2601, 2603, 2606, 2607, - 2607, 2608, 2608, 2609, 2609, 2610, 2610, 2611, 2612, 2604, - 2605, 2613, 2614, 2614, 2615, 2615, 2613, 2616, 2616, 2611, - 2617, 2618, 2619, 2620, 2621, 0, 2612, 2624, 2622, 2623, - 2623, 2627, 2617, 2632, 2619, 2625, 2625, 2626, 2626, 2628, - 2628, 2618, 2627, 2620, 2622, 2621, 2624, 2629, 2630, 2631, - - 2634, 2633, 2635, 2632, 2637, 2630, 2633, 2636, 2636, 2629, - 2639, 2631, 2640, 2637, 2638, 2638, 2641, 2642, 2644, 2643, - 2634, 2645, 2635, 2645, 2652, 2646, 2647, 2647, 2649, 2641, - 2648, 2650, 2640, 2643, 2653, 2654, 2639, 2646, 2656, 2648, - 2644, 2642, 2652, 2649, 2655, 2657, 2650, 2655, 2658, 2666, - 2657, 2668, 2656, 2658, 2659, 2659, 2653, 2667, 2654, 2660, - 2660, 2661, 2661, 2663, 2663, 2665, 2665, 2666, 2667, 2669, - 2668, 2671, 2672, 2673, 2674, 2679, 2675, 2676, 2677, 2678, - 2677, 0, 2680, 2686, 2669, 2675, 2681, 2681, 2683, 2685, - 2672, 2671, 2683, 2679, 2674, 2673, 2692, 2676, 2687, 2678, - - 2680, 2684, 2684, 2685, 2690, 2686, 2693, 2687, 2688, 2688, - 2691, 2691, 2694, 2690, 2692, 2695, 2696, 2697, 2698, 2700, - 2701, 2699, 2695, 2704, 2693, 2702, 2702, 2701, 2703, 2703, - 2694, 2696, 2705, 2706, 2711, 2697, 2698, 2699, 2700, 2706, - 2708, 2708, 2710, 2704, 2709, 2709, 2712, 2713, 2710, 2714, - 2705, 2715, 2711, 2716, 2717, 2717, 2718, 2719, 2716, 2720, - 2721, 2722, 2713, 0, 2712, 2715, 2729, 2723, 2714, 2725, - 2725, 2721, 2723, 2724, 2734, 2724, 2718, 2719, 2726, 2720, - 2726, 2722, 2727, 2727, 2731, 2729, 2732, 2733, 2737, 2741, - 2735, 2736, 2738, 2731, 2734, 2735, 2736, 2742, 2743, 2733, - - 2746, 2743, 2744, 2744, 2745, 2732, 2747, 2747, 2737, 2741, - 2748, 2738, 2749, 2750, 2752, 2742, 2753, 2750, 2746, 2745, - 2754, 2748, 2756, 2756, 2755, 2757, 2754, 2749, 2755, 2752, - 2759, 2753, 2760, 2761, 2762, 2762, 2764, 2765, 2757, 2766, - 2767, 2767, 2769, 2766, 2773, 2759, 2765, 2774, 2764, 2768, - 2768, 2771, 2760, 2761, 2770, 2770, 2771, 2772, 2775, 2774, - 2773, 2769, 2776, 2776, 2781, 2781, 2772, 2782, 2783, 2783, - 2784, 2785, 2786, 2787, 2790, 2790, 2791, 2788, 2775, 2789, - 2792, 2803, 2787, 2784, 2785, 2786, 2788, 2797, 2789, 2782, - 2794, 2794, 2797, 2799, 2800, 2792, 2791, 2801, 2799, 2802, - - 2803, 2804, 2801, 2805, 2807, 2811, 2815, 2802, 2800, 2809, - 2804, 2805, 2810, 2814, 2809, 2812, 2812, 2810, 2814, 2807, - 2811, 2813, 2813, 2816, 2816, 2815, 2817, 2818, 2819, 2820, - 2821, 0, 2818, 2817, 2822, 2824, 2821, 2823, 2823, 2822, - 2825, 2826, 2826, 2827, 2827, 2825, 2819, 2820, 2830, 2833, - 2824, 2831, 2831, 2832, 2833, 2833, 2832, 2834, 2835, 2836, - 2837, 2830, 2834, 2835, 2838, 2839, 2837, 2840, 2838, 2841, - 2839, 2842, 2843, 2836, 2844, 2845, 2840, 2846, 2847, 2842, - 2844, 2845, 2846, 2851, 2841, 2848, 2848, 2850, 2851, 2852, - 2847, 2854, 2852, 2843, 2850, 2856, 2857, 2858, 2859, 2860, - - 2856, 2857, 2858, 2854, 2861, 2862, 2863, 2863, 2864, 2868, - 2865, 2873, 2860, 2861, 2862, 2865, 2859, 2864, 2869, 2870, - 2874, 2875, 0, 2876, 2869, 2870, 2878, 2868, 2877, 2877, - 2873, 2879, 2884, 2878, 2881, 2882, 2883, 2883, 2885, 2887, - 2874, 2875, 2876, 2881, 2882, 2886, 2886, 2884, 2889, 2891, - 2879, 2892, 2894, 2885, 2895, 2892, 2893, 2893, 2887, 2896, - 2895, 2897, 2898, 2889, 2900, 2896, 2899, 2899, 2898, 2891, - 2901, 2902, 2900, 2904, 2905, 2907, 2902, 2894, 2910, 2897, - 2908, 2907, 2904, 2908, 2909, 2911, 2913, 2905, 2909, 2912, - 2912, 2915, 2915, 2916, 0, 2901, 2910, 2917, 2917, 2911, - - 2923, 2913, 2918, 2918, 2920, 2920, 2921, 2922, 2927, 2923, - 2921, 2916, 2922, 2925, 2925, 2928, 2930, 2929, 2931, 2933, - 2928, 2930, 2930, 2934, 2934, 2936, 2936, 2940, 2927, 2929, - 2931, 2937, 2937, 2938, 2938, 2939, 2941, 2944, 2939, 2933, - 2940, 2943, 2943, 2946, 2947, 2947, 2948, 2948, 2952, 2941, - 2949, 2949, 2950, 2951, 2951, 2944, 2953, 2954, 2955, 2956, - 2956, 2952, 2957, 2946, 2955, 2961, 2957, 2950, 2964, 2960, - 2961, 2954, 2963, 2965, 2953, 2960, 2966, 2963, 2963, 2967, - 2968, 2969, 2979, 2970, 2976, 2967, 2968, 2970, 2971, 2971, - 2974, 2964, 2976, 2965, 2977, 2974, 2966, 2977, 2980, 2981, - - 2981, 2980, 2982, 2983, 2984, 2985, 2969, 2979, 2983, 2986, - 2987, 2987, 2988, 2989, 2990, 2991, 2989, 0, 2996, 2982, - 2982, 2992, 2984, 2986, 2989, 2985, 2988, 2994, 2990, 2992, - 2995, 3006, 2994, 2994, 2991, 2995, 2995, 2996, 2997, 2997, - 2998, 2998, 2999, 2999, 3000, 3000, 3001, 3001, 3002, 3002, - 3003, 3004, 3005, 3007, 3008, 3009, 3004, 3006, 3010, 3008, - 3011, 3012, 3013, 3010, 3014, 3018, 3003, 3007, 3018, 3011, - 3016, 3016, 3005, 3019, 3009, 3017, 3017, 3020, 3020, 3021, - 3022, 3012, 3013, 3025, 3014, 3021, 3024, 3024, 3019, 3027, - 3025, 3026, 3026, 3030, 3027, 3029, 3029, 3031, 3022, 3032, - - 3033, 3035, 3030, 3036, 3036, 3039, 3031, 3040, 3032, 3033, - 3037, 3037, 3038, 3041, 3039, 3042, 3038, 3043, 3046, 3035, - 3047, 3048, 3044, 3058, 3041, 3048, 3040, 3044, 3044, 3047, - 3042, 3046, 3054, 3052, 3053, 3053, 3057, 3043, 3052, 3056, - 3056, 3059, 3061, 3061, 3062, 3063, 3054, 3067, 3058, 3068, - 3057, 3069, 3072, 3062, 3068, 3071, 3074, 3063, 3072, 3059, - 3069, 3076, 3078, 3085, 3079, 3080, 3080, 3078, 3074, 3079, - 3081, 3083, 3067, 3084, 3091, 3071, 3083, 3085, 3092, 3081, - 3086, 3086, 3076, 3091, 3086, 3093, 3084, 3088, 3088, 3089, - 3089, 3090, 3090, 3100, 3094, 3096, 3101, 3097, 3092, 3094, - - 3098, 3096, 3097, 3102, 3093, 3098, 3099, 3099, 3101, 3103, - 3104, 3100, 3105, 3106, 3103, 3107, 3107, 3109, 3105, 3114, - 3110, 3109, 3111, 3113, 3102, 3110, 3115, 3111, 3104, 3112, - 3112, 3117, 3119, 3119, 3114, 3121, 3122, 3123, 3106, 3124, - 3126, 3115, 3113, 3124, 3125, 3127, 3128, 3129, 3121, 3122, - 3123, 3117, 3129, 3125, 3128, 3130, 3126, 3131, 3131, 3132, - 3133, 3134, 3135, 3135, 3127, 3136, 3136, 3137, 3132, 3141, - 3146, 3140, 3150, 3143, 3151, 3130, 3140, 3140, 3133, 3143, - 3144, 3144, 3153, 3141, 3148, 3148, 3137, 3134, 3150, 3152, - 3151, 3146, 3154, 3158, 3152, 3157, 3157, 3154, 3153, 3159, - - 3160, 3161, 3162, 3162, 3163, 3166, 3160, 3167, 3159, 3165, - 3165, 3168, 3168, 3158, 3170, 3172, 3173, 3176, 3179, 3166, - 3170, 3180, 3173, 3163, 3161, 3174, 3167, 3177, 3177, 3182, - 3174, 3178, 3178, 3179, 3183, 3172, 3181, 3181, 3184, 3176, - 3182, 3180, 3185, 3183, 3186, 3187, 3188, 3190, 3185, 3189, - 3189, 3191, 3192, 3197, 3191, 3192, 3181, 3187, 3184, 3193, - 3193, 3198, 3190, 3186, 3199, 3197, 3188, 3200, 3200, 3201, - 3199, 3202, 3201, 3203, 3205, 3206, 3206, 3202, 3207, 3205, - 3208, 3198, 3209, 3207, 3210, 3211, 3211, 3214, 3209, 3215, - 3216, 3203, 3213, 3217, 3217, 3219, 3218, 3220, 3471, 3208, - - 3471, 3210, 3210, 3216, 3213, 3214, 3220, 3222, 3222, 3223, - 3223, 3219, 3224, 3224, 3215, 3218, 3225, 3226, 3227, 3228, - 3228, 3225, 3232, 3227, 3229, 3229, 3230, 3230, 3231, 3231, - 3233, 3226, 3234, 3239, 3235, 3232, 3238, 3238, 3234, 3235, - 3241, 3241, 3242, 3242, 3244, 3246, 3247, 3248, 3249, 3239, - 3250, 3250, 3252, 3252, 3253, 3254, 3233, 3255, 3257, 3262, - 3258, 3259, 3259, 3244, 3260, 3260, 3248, 3246, 3247, 3258, - 3249, 3255, 3264, 3263, 3254, 3265, 3266, 3262, 3257, 3263, - 3253, 3266, 3269, 3270, 3270, 3272, 3272, 3274, 3273, 3275, - 3276, 3277, 3264, 3273, 3265, 3275, 3278, 3278, 3283, 3277, - - 3279, 3274, 3276, 3269, 3281, 3279, 3282, 3284, 3281, 3285, - 3286, 3282, 3289, 3287, 3285, 3290, 3291, 3292, 3283, 3287, - 3289, 3294, 3286, 3297, 3295, 3296, 3298, 3284, 3300, 3301, - 3303, 3298, 3302, 3300, 3290, 3303, 3291, 3292, 3302, 3294, - 3295, 3305, 3296, 3296, 3297, 3306, 3307, 3320, 3306, 3301, - 3311, 3311, 3312, 3312, 3313, 3318, 3318, 3319, 3313, 3307, - 3323, 3305, 3319, 3321, 3321, 0, 3320, 3326, 3326, 3327, - 3327, 3336, 3327, 3328, 3328, 3323, 3328, 3329, 3329, 3330, - 3330, 3331, 3330, 3333, 3334, 3331, 3335, 3335, 3333, 3336, - 3337, 3340, 3340, 3334, 3341, 3342, 3343, 3344, 3344, 3345, - - 3348, 3343, 3349, 3350, 3337, 3352, 3354, 3350, 3351, 3349, - 0, 3355, 3356, 3356, 3341, 3342, 3355, 3351, 3357, 3345, - 3352, 3358, 3358, 3361, 3354, 3348, 3366, 3357, 3359, 3359, - 3360, 3360, 3362, 3363, 3364, 3365, 3368, 3362, 3361, 3364, - 3364, 3365, 3363, 3367, 3369, 3363, 3371, 3370, 0, 3369, - 3373, 3366, 3370, 3372, 3372, 3374, 3373, 3368, 3367, 3375, - 3375, 3374, 3376, 3376, 3377, 3371, 3378, 3381, 3381, 3383, - 3383, 3378, 3384, 3386, 3388, 3388, 3389, 3389, 3397, 3377, - 0, 3384, 3390, 3390, 3391, 3391, 3393, 3393, 3394, 3394, - 3399, 3386, 3395, 3395, 3396, 3396, 3400, 3400, 3402, 3399, - - 3401, 3401, 3403, 3404, 3397, 3406, 3406, 3402, 3407, 3408, - 3408, 3409, 3410, 3419, 3403, 3415, 3411, 3412, 3412, 3413, - 3413, 3416, 3416, 3404, 3421, 3410, 3409, 3407, 3411, 3420, - 3415, 3419, 3420, 3422, 3422, 3423, 3425, 3426, 3427, 3425, - 3428, 3429, 3431, 3426, 3430, 3428, 3434, 3437, 3433, 3438, - 3421, 3437, 3427, 3423, 3433, 3434, 3441, 3442, 3431, 3455, - 3429, 3451, 3430, 3461, 3438, 3452, 3451, 3464, 3452, 3456, - 3456, 3462, 3455, 3457, 3457, 3459, 3459, 3442, 3466, 3463, - 3462, 3468, 3441, 3463, 3469, 3470, 3461, 3464, 3472, 3474, - 3470, 3475, 3466, 3473, 3473, 3469, 3476, 3477, 3478, 3480, - - 3479, 3482, 3474, 3472, 3468, 3481, 3482, 3483, 3480, 3487, - 3475, 3484, 3485, 3477, 3476, 3479, 3484, 3481, 3486, 3486, - 3488, 3492, 3493, 3478, 3495, 3488, 3494, 3494, 3483, 3487, - 3500, 3485, 3501, 3495, 3505, 3492, 3496, 3496, 3497, 3497, - 3498, 3498, 3493, 3499, 3499, 3502, 3503, 3506, 3502, 3500, - 3504, 3503, 3501, 3508, 3507, 3504, 3509, 3512, 3510, 3505, - 3507, 3517, 3506, 3510, 3511, 3511, 3518, 3508, 3509, 3513, - 3513, 3514, 3514, 3516, 3516, 3521, 3517, 3512, 3519, 3519, - 3523, 3526, 3526, 3527, 3527, 3518, 3528, 3529, 3532, 3530, - 3521, 3531, 3533, 3534, 3528, 3530, 3535, 3531, 3523, 3536, - - 3536, 3535, 3532, 3538, 3538, 3533, 3529, 3542, 3545, 3543, - 3546, 3548, 3534, 3549, 3546, 3550, 3553, 3551, 3549, 3552, - 3554, 3555, 3545, 3556, 3556, 3554, 3555, 3559, 3542, 3543, - 3551, 3548, 3552, 3560, 3550, 3553, 3561, 3562, 3562, 3563, - 3564, 3565, 3565, 3566, 3563, 3567, 3564, 3559, 3566, 3568, - 3567, 3560, 3569, 3570, 3568, 3561, 3572, 3572, 3573, 3570, - 3574, 3574, 3576, 3573, 3577, 3578, 3576, 3579, 3580, 3581, - 3582, 3569, 3578, 3585, 3585, 3581, 3588, 3583, 3587, 3587, - 3590, 3591, 3592, 3577, 3597, 3588, 3579, 3580, 3588, 3582, - 3583, 3589, 3593, 3593, 3595, 3592, 3589, 3594, 3599, 3590, - - 3591, 3604, 3594, 3598, 3598, 3600, 3600, 3595, 3601, 3601, - 3597, 3602, 3603, 3605, 3605, 0, 3602, 3599, 3606, 3603, - 3604, 3609, 3607, 3606, 3607, 3608, 3608, 3610, 3609, 3611, - 3612, 3613, 3615, 3615, 3610, 3612, 3616, 3618, 3619, 3620, - 3621, 3625, 3618, 3619, 3622, 3622, 3624, 3624, 3611, 3626, - 3613, 3627, 3627, 3628, 3628, 3616, 3629, 3639, 3620, 3621, - 3625, 3631, 3631, 3629, 3632, 3632, 3633, 3635, 3626, 3638, - 3640, 0, 3635, 3633, 3638, 0, 3639, 3641, 3641, 3642, - 3642, 0, 0, 0, 0, 0, 0, 0, 0, 3640, - 3646, 3646, 3646, 3646, 3646, 3646, 3646, 3647, 3647, 3647, - - 3647, 3647, 3647, 3647, 3648, 3648, 3648, 3648, 3648, 3648, - 3648, 3649, 3649, 3649, 3649, 3649, 3649, 3649, 3650, 3650, - 3650, 3650, 3650, 3650, 3650, 3651, 3651, 3651, 3651, 3651, - 3651, 3651, 3652, 3652, 3652, 3652, 3652, 3652, 3652, 3654, - 3654, 0, 3654, 3654, 3654, 3654, 3655, 3655, 0, 0, - 0, 3655, 3655, 3656, 3656, 0, 0, 3656, 0, 3656, - 3657, 0, 0, 0, 0, 0, 3657, 3658, 3658, 0, - 0, 0, 3658, 3658, 3659, 0, 0, 0, 0, 0, - 3659, 3660, 3660, 0, 3660, 3660, 3660, 3660, 3661, 0, - 0, 0, 0, 0, 3661, 3662, 3662, 0, 0, 0, - - 3662, 3662, 3663, 3663, 0, 3663, 3663, 3663, 3663, 3645, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, - 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645, 3645 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -extern int yy_flex_debug; -int yy_flex_debug = 0; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -static int yy_more_flag = 0; -static int yy_more_len = 0; -#define yymore() ((yy_more_flag) = 1) -#define YY_MORE_ADJ (yy_more_len) -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "./util/configlexer.lex" -#line 2 "./util/configlexer.lex" -/* - * configlexer.lex - lexical analyzer for unbound config file - * - * Copyright (c) 2001-2006, NLnet Labs. All rights reserved - * - * See LICENSE for the license. - * - */ - -/* because flex keeps having sign-unsigned compare problems that are unfixed*/ -#if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2)))) -#pragma GCC diagnostic ignored "-Wsign-compare" -#endif - -#include -#include -#ifdef HAVE_GLOB_H -# include -#endif - -#include "util/config_file.h" -#include "util/configparser.h" -void ub_c_error(const char *message); - -#if 0 -#define LEXOUT(s) printf s /* used ONLY when debugging */ -#else -#define LEXOUT(s) -#endif - -/** avoid warning in about fwrite return value */ -#define ECHO ub_c_error_msg("syntax error at text: %s", yytext) - -/** A parser variable, this is a statement in the config file which is - * of the form variable: value1 value2 ... nargs is the number of values. */ -#define YDVAR(nargs, var) \ - num_args=(nargs); \ - LEXOUT(("v(%s%d) ", yytext, num_args)); \ - if(num_args > 0) { BEGIN(val); } \ - return (var); - -struct inc_state { - char* filename; - int line; - YY_BUFFER_STATE buffer; - struct inc_state* next; - int inc_toplevel; -}; -static struct inc_state* config_include_stack = NULL; -static int inc_depth = 0; -static int inc_prev = 0; -static int num_args = 0; -static int inc_toplevel = 0; - -void init_cfg_parse(void) -{ - config_include_stack = NULL; - inc_depth = 0; - inc_prev = 0; - num_args = 0; - inc_toplevel = 0; -} - -static void config_start_include(const char* filename, int toplevel) -{ - FILE *input; - struct inc_state* s; - char* nm; - if(inc_depth+1 > 100000) { - ub_c_error_msg("too many include files"); - return; - } - if(*filename == '\0') { - ub_c_error_msg("empty include file name"); - return; - } - s = (struct inc_state*)malloc(sizeof(*s)); - if(!s) { - ub_c_error_msg("include %s: malloc failure", filename); - return; - } - if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, - strlen(cfg_parser->chroot)) == 0) { - filename += strlen(cfg_parser->chroot); - } - nm = strdup(filename); - if(!nm) { - ub_c_error_msg("include %s: strdup failure", filename); - free(s); - return; - } - input = fopen(filename, "r"); - if(!input) { - ub_c_error_msg("cannot open include file '%s': %s", - filename, strerror(errno)); - free(s); - free(nm); - return; - } - LEXOUT(("switch_to_include_file(%s)\n", filename)); - inc_depth++; - s->filename = cfg_parser->filename; - s->line = cfg_parser->line; - s->buffer = YY_CURRENT_BUFFER; - s->inc_toplevel = inc_toplevel; - s->next = config_include_stack; - config_include_stack = s; - cfg_parser->filename = nm; - cfg_parser->line = 1; - inc_toplevel = toplevel; - yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); -} - -static void config_start_include_glob(const char* filename, int toplevel) -{ - - /* check for wildcards */ -#ifdef HAVE_GLOB - glob_t g; - int i, r, flags; - if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && - !strchr(filename, '{') && !strchr(filename, '~'))) { - flags = 0 -#ifdef GLOB_ERR - | GLOB_ERR -#endif - /* do not set GLOB_NOSORT so the results are sorted - and in a predictable order. */ -#ifdef GLOB_BRACE - | GLOB_BRACE -#endif -#ifdef GLOB_TILDE - | GLOB_TILDE -#endif - ; - memset(&g, 0, sizeof(g)); - if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, - strlen(cfg_parser->chroot)) == 0) { - filename += strlen(cfg_parser->chroot); - } - r = glob(filename, flags, NULL, &g); - if(r) { - /* some error */ - globfree(&g); - if(r == GLOB_NOMATCH) - return; /* no matches for pattern */ - config_start_include(filename, toplevel); /* let original deal with it */ - return; - } - /* process files found, if any */ - for(i=(int)g.gl_pathc-1; i>=0; i--) { - config_start_include(g.gl_pathv[i], toplevel); - } - globfree(&g); - return; - } -#endif /* HAVE_GLOB */ - - config_start_include(filename, toplevel); -} - -static void config_end_include(void) -{ - struct inc_state* s = config_include_stack; - --inc_depth; - if(!s) return; - free(cfg_parser->filename); - cfg_parser->filename = s->filename; - cfg_parser->line = s->line; - yy_delete_buffer(YY_CURRENT_BUFFER); - yy_switch_to_buffer(s->buffer); - config_include_stack = s->next; - inc_toplevel = s->inc_toplevel; - free(s); -} - -#ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \ - } -#endif - -#line 3406 "" -#define YY_NO_INPUT 1 -#line 191 "./util/configlexer.lex" -#ifndef YY_NO_UNPUT -#define YY_NO_UNPUT 1 -#endif -#ifndef YY_NO_INPUT -#define YY_NO_INPUT 1 -#endif -#line 3415 "" - -#line 3417 "" - -#define INITIAL 0 -#define quotedstring 1 -#define singlequotedstr 2 -#define include 3 -#define include_quoted 4 -#define val 5 -#define include_toplevel 6 -#define include_toplevel_quoted 7 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif - -static int yy_init_globals ( void ); - -/* Accessor methods to globals. - These are made visible to non-reentrant scanners for convenience. */ - -int yylex_destroy ( void ); - -int yyget_debug ( void ); - -void yyset_debug ( int debug_flag ); - -YY_EXTRA_TYPE yyget_extra ( void ); - -void yyset_extra ( YY_EXTRA_TYPE user_defined ); - -FILE *yyget_in ( void ); - -void yyset_in ( FILE * _in_str ); - -FILE *yyget_out ( void ); - -void yyset_out ( FILE * _out_str ); - - int yyget_leng ( void ); - -char *yyget_text ( void ); - -int yyget_lineno ( void ); - -void yyset_lineno ( int _line_number ); - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap ( void ); -#else -extern int yywrap ( void ); -#endif -#endif - -#ifndef YY_NO_UNPUT - -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy ( char *, const char *, int ); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen ( const char * ); -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput ( void ); -#else -static int input ( void ); -#endif - -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#ifdef __ia64__ -/* On IA-64, the buffer size is 16k, not 8k */ -#define YY_READ_BUF_SIZE 16384 -#else -#define YY_READ_BUF_SIZE 8192 -#endif /* __ia64__ */ -#endif - -/* Copy whatever the last rule matched to the standard output. */ -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ - { \ - int c = '*'; \ - int n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else \ - { \ - errno=0; \ - while ( (result = (int) fread(buf, 1, (yy_size_t) max_size, yyin)) == 0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* end tables serialization structures and prototypes */ - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK /*LINTED*/break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -/** The main scanner function which does all the work. - */ -YY_DECL -{ - yy_state_type yy_current_state; - char *yy_cp, *yy_bp; - int yy_act; - - if ( !(yy_init) ) - { - (yy_init) = 1; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer( yyin, YY_BUF_SIZE ); - } - - yy_load_buffer_state( ); - } - - { -#line 211 "./util/configlexer.lex" - -#line 3641 "" - - while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ - { - (yy_more_len) = 0; - if ( (yy_more_flag) ) - { - (yy_more_len) = (int) ((yy_c_buf_p) - (yytext_ptr)); - (yy_more_flag) = 0; - } - yy_cp = (yy_c_buf_p); - - /* Support of yytext. */ - *yy_cp = (yy_hold_char); - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = (yy_start); -yy_match: - do - { - YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3646 ) - yy_c = yy_meta[yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 7110 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - -do_action: /* This label is used only to access EOF actions. */ - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 212 "./util/configlexer.lex" -{ - LEXOUT(("SP ")); /* ignore */ } - YY_BREAK -case 2: -YY_RULE_SETUP -#line 214 "./util/configlexer.lex" -{ - /* note that flex makes the longest match and '.' is any but not nl */ - LEXOUT(("comment(%s) ", yytext)); /* ignore */ } - YY_BREAK -case 3: -YY_RULE_SETUP -#line 217 "./util/configlexer.lex" -{ YDVAR(0, VAR_SERVER) } - YY_BREAK -case 4: -YY_RULE_SETUP -#line 218 "./util/configlexer.lex" -{ YDVAR(1, VAR_QNAME_MINIMISATION) } - YY_BREAK -case 5: -YY_RULE_SETUP -#line 219 "./util/configlexer.lex" -{ YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } - YY_BREAK -case 6: -YY_RULE_SETUP -#line 220 "./util/configlexer.lex" -{ YDVAR(1, VAR_NUM_THREADS) } - YY_BREAK -case 7: -YY_RULE_SETUP -#line 221 "./util/configlexer.lex" -{ YDVAR(1, VAR_VERBOSITY) } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 222 "./util/configlexer.lex" -{ YDVAR(1, VAR_PORT) } - YY_BREAK -case 9: -YY_RULE_SETUP -#line 223 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_RANGE) } - YY_BREAK -case 10: -YY_RULE_SETUP -#line 224 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } - YY_BREAK -case 11: -YY_RULE_SETUP -#line 225 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_PORT_AVOID) } - YY_BREAK -case 12: -YY_RULE_SETUP -#line 226 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_NUM_TCP) } - YY_BREAK -case 13: -YY_RULE_SETUP -#line 227 "./util/configlexer.lex" -{ YDVAR(1, VAR_INCOMING_NUM_TCP) } - YY_BREAK -case 14: -YY_RULE_SETUP -#line 228 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_IP4) } - YY_BREAK -case 15: -YY_RULE_SETUP -#line 229 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_IP6) } - YY_BREAK -case 16: -YY_RULE_SETUP -#line 230 "./util/configlexer.lex" -{ YDVAR(1, VAR_PREFER_IP4) } - YY_BREAK -case 17: -YY_RULE_SETUP -#line 231 "./util/configlexer.lex" -{ YDVAR(1, VAR_PREFER_IP6) } - YY_BREAK -case 18: -YY_RULE_SETUP -#line 232 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_UDP) } - YY_BREAK -case 19: -YY_RULE_SETUP -#line 233 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_TCP) } - YY_BREAK -case 20: -YY_RULE_SETUP -#line 234 "./util/configlexer.lex" -{ YDVAR(1, VAR_TCP_UPSTREAM) } - YY_BREAK -case 21: -YY_RULE_SETUP -#line 235 "./util/configlexer.lex" -{ YDVAR(1, VAR_TCP_MSS) } - YY_BREAK -case 22: -YY_RULE_SETUP -#line 236 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_TCP_MSS) } - YY_BREAK -case 23: -YY_RULE_SETUP -#line 237 "./util/configlexer.lex" -{ YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } - YY_BREAK -case 24: -YY_RULE_SETUP -#line 238 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) } - YY_BREAK -case 25: -YY_RULE_SETUP -#line 239 "./util/configlexer.lex" -{ YDVAR(1, VAR_TCP_REUSE_TIMEOUT) } - YY_BREAK -case 26: -YY_RULE_SETUP -#line 240 "./util/configlexer.lex" -{ YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) } - YY_BREAK -case 27: -YY_RULE_SETUP -#line 241 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } - YY_BREAK -case 28: -YY_RULE_SETUP -#line 242 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } - YY_BREAK -case 29: -YY_RULE_SETUP -#line 243 "./util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } - YY_BREAK -case 30: -YY_RULE_SETUP -#line 244 "./util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } - YY_BREAK -case 31: -YY_RULE_SETUP -#line 245 "./util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } - YY_BREAK -case 32: -YY_RULE_SETUP -#line 246 "./util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } - YY_BREAK -case 33: -YY_RULE_SETUP -#line 247 "./util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } - YY_BREAK -case 34: -YY_RULE_SETUP -#line 248 "./util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } - YY_BREAK -case 35: -YY_RULE_SETUP -#line 249 "./util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } - YY_BREAK -case 36: -YY_RULE_SETUP -#line 250 "./util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } - YY_BREAK -case 37: -YY_RULE_SETUP -#line 251 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } - YY_BREAK -case 38: -YY_RULE_SETUP -#line 252 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } - YY_BREAK -case 39: -YY_RULE_SETUP -#line 253 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_WIN_CERT) } - YY_BREAK -case 40: -YY_RULE_SETUP -#line 254 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_WIN_CERT) } - YY_BREAK -case 41: -YY_RULE_SETUP -#line 255 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } - YY_BREAK -case 42: -YY_RULE_SETUP -#line 256 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } - YY_BREAK -case 43: -YY_RULE_SETUP -#line 257 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } - YY_BREAK -case 44: -YY_RULE_SETUP -#line 258 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } - YY_BREAK -case 45: -YY_RULE_SETUP -#line 259 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } - YY_BREAK -case 46: -YY_RULE_SETUP -#line 260 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CIPHERS) } - YY_BREAK -case 47: -YY_RULE_SETUP -#line 261 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CIPHERSUITES) } - YY_BREAK -case 48: -YY_RULE_SETUP -#line 262 "./util/configlexer.lex" -{ YDVAR(1, VAR_TLS_USE_SNI) } - YY_BREAK -case 49: -YY_RULE_SETUP -#line 263 "./util/configlexer.lex" -{ YDVAR(1, VAR_HTTPS_PORT) } - YY_BREAK -case 50: -YY_RULE_SETUP -#line 264 "./util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_ENDPOINT) } - YY_BREAK -case 51: -YY_RULE_SETUP -#line 265 "./util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_MAX_STREAMS) } - YY_BREAK -case 52: -YY_RULE_SETUP -#line 266 "./util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } - YY_BREAK -case 53: -YY_RULE_SETUP -#line 267 "./util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } - YY_BREAK -case 54: -YY_RULE_SETUP -#line 268 "./util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_NODELAY) } - YY_BREAK -case 55: -YY_RULE_SETUP -#line 269 "./util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } - YY_BREAK -case 56: -YY_RULE_SETUP -#line 270 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSTEMD) } - YY_BREAK -case 57: -YY_RULE_SETUP -#line 271 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } - YY_BREAK -case 58: -YY_RULE_SETUP -#line 272 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } - YY_BREAK -case 59: -YY_RULE_SETUP -#line 273 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } - YY_BREAK -case 60: -YY_RULE_SETUP -#line 274 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } - YY_BREAK -case 61: -YY_RULE_SETUP -#line 275 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } - YY_BREAK -case 62: -YY_RULE_SETUP -#line 276 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC_PORTS) } - YY_BREAK -case 63: -YY_RULE_SETUP -#line 277 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } - YY_BREAK -case 64: -YY_RULE_SETUP -#line 278 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } - YY_BREAK -case 65: -YY_RULE_SETUP -#line 279 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } - YY_BREAK -case 66: -YY_RULE_SETUP -#line 280 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } - YY_BREAK -case 67: -YY_RULE_SETUP -#line 281 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_FREEBIND) } - YY_BREAK -case 68: -YY_RULE_SETUP -#line 282 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_DSCP) } - YY_BREAK -case 69: -YY_RULE_SETUP -#line 283 "./util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } - YY_BREAK -case 70: -YY_RULE_SETUP -#line 284 "./util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } - YY_BREAK -case 71: -YY_RULE_SETUP -#line 285 "./util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } - YY_BREAK -case 72: -YY_RULE_SETUP -#line 286 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } - YY_BREAK -case 73: -YY_RULE_SETUP -#line 287 "./util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } - YY_BREAK -case 74: -YY_RULE_SETUP -#line 288 "./util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } - YY_BREAK -case 75: -YY_RULE_SETUP -#line 289 "./util/configlexer.lex" -{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } - YY_BREAK -case 76: -YY_RULE_SETUP -#line 290 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } - YY_BREAK -case 77: -YY_RULE_SETUP -#line 291 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } - YY_BREAK -case 78: -YY_RULE_SETUP -#line 292 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } - YY_BREAK -case 79: -YY_RULE_SETUP -#line 293 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } - YY_BREAK -case 80: -YY_RULE_SETUP -#line 294 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } - YY_BREAK -case 81: -YY_RULE_SETUP -#line 295 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } - YY_BREAK -case 82: -YY_RULE_SETUP -#line 296 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } - YY_BREAK -case 83: -YY_RULE_SETUP -#line 297 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } - YY_BREAK -case 84: -YY_RULE_SETUP -#line 298 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } - YY_BREAK -case 85: -YY_RULE_SETUP -#line 299 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } - YY_BREAK -case 86: -YY_RULE_SETUP -#line 300 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } - YY_BREAK -case 87: -YY_RULE_SETUP -#line 301 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } - YY_BREAK -case 88: -YY_RULE_SETUP -#line 302 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } - YY_BREAK -case 89: -YY_RULE_SETUP -#line 303 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } - YY_BREAK -case 90: -YY_RULE_SETUP -#line 304 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } - YY_BREAK -case 91: -YY_RULE_SETUP -#line 305 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MAX_RTT) } - YY_BREAK -case 92: -YY_RULE_SETUP -#line 306 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_KEEP_PROBING) } - YY_BREAK -case 93: -YY_RULE_SETUP -#line 307 "./util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } - YY_BREAK -case 94: -YY_RULE_SETUP -#line 308 "./util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } - YY_BREAK -case 95: -YY_RULE_SETUP -#line 309 "./util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } - YY_BREAK -case 96: -YY_RULE_SETUP -#line 310 "./util/configlexer.lex" -{ YDVAR(1, VAR_UDP_CONNECT) } - YY_BREAK -case 97: -YY_RULE_SETUP -#line 311 "./util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } - YY_BREAK -case 98: -YY_RULE_SETUP -#line 312 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } - YY_BREAK -case 99: -YY_RULE_SETUP -#line 313 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } - YY_BREAK -case 100: -YY_RULE_SETUP -#line 314 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } - YY_BREAK -case 101: -YY_RULE_SETUP -#line 315 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } - YY_BREAK -case 102: -YY_RULE_SETUP -#line 316 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } - YY_BREAK -case 103: -YY_RULE_SETUP -#line 317 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } - YY_BREAK -case 104: -YY_RULE_SETUP -#line 318 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } - YY_BREAK -case 105: -YY_RULE_SETUP -#line 319 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } - YY_BREAK -case 106: -YY_RULE_SETUP -#line 320 "./util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } - YY_BREAK -case 107: -YY_RULE_SETUP -#line 321 "./util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } - YY_BREAK -case 108: -YY_RULE_SETUP -#line 322 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } - YY_BREAK -case 109: -YY_RULE_SETUP -#line 323 "./util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } - YY_BREAK -case 110: -YY_RULE_SETUP -#line 324 "./util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } - YY_BREAK -case 111: -YY_RULE_SETUP -#line 325 "./util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } - YY_BREAK -case 112: -YY_RULE_SETUP -#line 326 "./util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } - YY_BREAK -case 113: -YY_RULE_SETUP -#line 327 "./util/configlexer.lex" -{ YDVAR(1, VAR_DENY_ANY) } - YY_BREAK -case 114: -YY_RULE_SETUP -#line 328 "./util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } - YY_BREAK -case 115: -YY_RULE_SETUP -#line 329 "./util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } - YY_BREAK -case 116: -YY_RULE_SETUP -#line 330 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } - YY_BREAK -case 117: -YY_RULE_SETUP -#line 331 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } - YY_BREAK -case 118: -YY_RULE_SETUP -#line 332 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } - YY_BREAK -case 119: -YY_RULE_SETUP -#line 333 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } - YY_BREAK -case 120: -YY_RULE_SETUP -#line 334 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_NO_CACHE) } - YY_BREAK -case 121: -YY_RULE_SETUP -#line 335 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } - YY_BREAK -case 122: -YY_RULE_SETUP -#line 336 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } - YY_BREAK -case 123: -YY_RULE_SETUP -#line 337 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_TCP_UPSTREAM) } - YY_BREAK -case 124: -YY_RULE_SETUP -#line 338 "./util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } - YY_BREAK -case 125: -YY_RULE_SETUP -#line 339 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } - YY_BREAK -case 126: -YY_RULE_SETUP -#line 340 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } - YY_BREAK -case 127: -YY_RULE_SETUP -#line 341 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } - YY_BREAK -case 128: -YY_RULE_SETUP -#line 342 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_NO_CACHE) } - YY_BREAK -case 129: -YY_RULE_SETUP -#line 343 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } - YY_BREAK -case 130: -YY_RULE_SETUP -#line 344 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } - YY_BREAK -case 131: -YY_RULE_SETUP -#line 345 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_TCP_UPSTREAM) } - YY_BREAK -case 132: -YY_RULE_SETUP -#line 346 "./util/configlexer.lex" -{ YDVAR(0, VAR_AUTH_ZONE) } - YY_BREAK -case 133: -YY_RULE_SETUP -#line 347 "./util/configlexer.lex" -{ YDVAR(0, VAR_RPZ) } - YY_BREAK -case 134: -YY_RULE_SETUP -#line 348 "./util/configlexer.lex" -{ YDVAR(1, VAR_TAGS) } - YY_BREAK -case 135: -YY_RULE_SETUP -#line 349 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } - YY_BREAK -case 136: -YY_RULE_SETUP -#line 350 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } - YY_BREAK -case 137: -YY_RULE_SETUP -#line 351 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG) } - YY_BREAK -case 138: -YY_RULE_SETUP -#line 352 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG_NAME) } - YY_BREAK -case 139: -YY_RULE_SETUP -#line 353 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_SIGNAL_NXDOMAIN_RA) } - YY_BREAK -case 140: -YY_RULE_SETUP -#line 354 "./util/configlexer.lex" -{ YDVAR(1, VAR_ZONEFILE) } - YY_BREAK -case 141: -YY_RULE_SETUP -#line 355 "./util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } - YY_BREAK -case 142: -YY_RULE_SETUP -#line 356 "./util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } - YY_BREAK -case 143: -YY_RULE_SETUP -#line 357 "./util/configlexer.lex" -{ YDVAR(1, VAR_URL) } - YY_BREAK -case 144: -YY_RULE_SETUP -#line 358 "./util/configlexer.lex" -{ YDVAR(1, VAR_ALLOW_NOTIFY) } - YY_BREAK -case 145: -YY_RULE_SETUP -#line 359 "./util/configlexer.lex" -{ YDVAR(1, VAR_FOR_DOWNSTREAM) } - YY_BREAK -case 146: -YY_RULE_SETUP -#line 360 "./util/configlexer.lex" -{ YDVAR(1, VAR_FOR_UPSTREAM) } - YY_BREAK -case 147: -YY_RULE_SETUP -#line 361 "./util/configlexer.lex" -{ YDVAR(1, VAR_FALLBACK_ENABLED) } - YY_BREAK -case 148: -YY_RULE_SETUP -#line 362 "./util/configlexer.lex" -{ YDVAR(0, VAR_VIEW) } - YY_BREAK -case 149: -YY_RULE_SETUP -#line 363 "./util/configlexer.lex" -{ YDVAR(1, VAR_VIEW_FIRST) } - YY_BREAK -case 150: -YY_RULE_SETUP -#line 364 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } - YY_BREAK -case 151: -YY_RULE_SETUP -#line 365 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } - YY_BREAK -case 152: -YY_RULE_SETUP -#line 366 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } - YY_BREAK -case 153: -YY_RULE_SETUP -#line 367 "./util/configlexer.lex" -{ YDVAR(2, VAR_INTERFACE_ACTION) } - YY_BREAK -case 154: -YY_RULE_SETUP -#line 368 "./util/configlexer.lex" -{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } - YY_BREAK -case 155: -YY_RULE_SETUP -#line 369 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } - YY_BREAK -case 156: -YY_RULE_SETUP -#line 370 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } - YY_BREAK -case 157: -YY_RULE_SETUP -#line 371 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } - YY_BREAK -case 158: -YY_RULE_SETUP -#line 372 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } - YY_BREAK -case 159: -YY_RULE_SETUP -#line 373 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } - YY_BREAK -case 160: -YY_RULE_SETUP -#line 374 "./util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } - YY_BREAK -case 161: -YY_RULE_SETUP -#line 375 "./util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } - YY_BREAK -case 162: -YY_RULE_SETUP -#line 376 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } - YY_BREAK -case 163: -YY_RULE_SETUP -#line 377 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } - YY_BREAK -case 164: -YY_RULE_SETUP -#line 378 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } - YY_BREAK -case 165: -YY_RULE_SETUP -#line 379 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } - YY_BREAK -case 166: -YY_RULE_SETUP -#line 380 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } - YY_BREAK -case 167: -YY_RULE_SETUP -#line 381 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) } - YY_BREAK -case 168: -YY_RULE_SETUP -#line 382 "./util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } - YY_BREAK -case 169: -YY_RULE_SETUP -#line 383 "./util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } - YY_BREAK -case 170: -YY_RULE_SETUP -#line 384 "./util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_USER_AGENT) } - YY_BREAK -case 171: -YY_RULE_SETUP -#line 385 "./util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } - YY_BREAK -case 172: -YY_RULE_SETUP -#line 386 "./util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } - YY_BREAK -case 173: -YY_RULE_SETUP -#line 387 "./util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } - YY_BREAK -case 174: -YY_RULE_SETUP -#line 388 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } - YY_BREAK -case 175: -YY_RULE_SETUP -#line 389 "./util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } - YY_BREAK -case 176: -YY_RULE_SETUP -#line 390 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } - YY_BREAK -case 177: -YY_RULE_SETUP -#line 391 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } - YY_BREAK -case 178: -YY_RULE_SETUP -#line 392 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } - YY_BREAK -case 179: -YY_RULE_SETUP -#line 393 "./util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } - YY_BREAK -case 180: -YY_RULE_SETUP -#line 394 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } - YY_BREAK -case 181: -YY_RULE_SETUP -#line 395 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } - YY_BREAK -case 182: -YY_RULE_SETUP -#line 396 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } - YY_BREAK -case 183: -YY_RULE_SETUP -#line 397 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_MAX_RESTART) } - YY_BREAK -case 184: -YY_RULE_SETUP -#line 398 "./util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } - YY_BREAK -case 185: -YY_RULE_SETUP -#line 399 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } - YY_BREAK -case 186: -YY_RULE_SETUP -#line 400 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } - YY_BREAK -case 187: -YY_RULE_SETUP -#line 401 "./util/configlexer.lex" -{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } - YY_BREAK -case 188: -YY_RULE_SETUP -#line 402 "./util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } - YY_BREAK -case 189: -YY_RULE_SETUP -#line 403 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } - YY_BREAK -case 190: -YY_RULE_SETUP -#line 404 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } - YY_BREAK -case 191: -YY_RULE_SETUP -#line 405 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } - YY_BREAK -case 192: -YY_RULE_SETUP -#line 406 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } - YY_BREAK -case 193: -YY_RULE_SETUP -#line 407 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } - YY_BREAK -case 194: -YY_RULE_SETUP -#line 408 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDE_SERVE_EXPIRED) } - YY_BREAK -case 195: -YY_RULE_SETUP -#line 409 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } - YY_BREAK -case 196: -YY_RULE_SETUP -#line 410 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } - YY_BREAK -case 197: -YY_RULE_SETUP -#line 411 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } - YY_BREAK -case 198: -YY_RULE_SETUP -#line 412 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } - YY_BREAK -case 199: -YY_RULE_SETUP -#line 413 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } - YY_BREAK -case 200: -YY_RULE_SETUP -#line 414 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } - YY_BREAK -case 201: -YY_RULE_SETUP -#line 415 "./util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } - YY_BREAK -case 202: -YY_RULE_SETUP -#line 416 "./util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } - YY_BREAK -case 203: -YY_RULE_SETUP -#line 418 "./util/configlexer.lex" -{ YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } - YY_BREAK -case 204: -YY_RULE_SETUP -#line 419 "./util/configlexer.lex" -{ YDVAR(1, VAR_ZONEMD_CHECK) } - YY_BREAK -case 205: -YY_RULE_SETUP -#line 420 "./util/configlexer.lex" -{ YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) } - YY_BREAK -case 206: -YY_RULE_SETUP -#line 421 "./util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } - YY_BREAK -case 207: -YY_RULE_SETUP -#line 422 "./util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } - YY_BREAK -case 208: -YY_RULE_SETUP -#line 423 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } - YY_BREAK -case 209: -YY_RULE_SETUP -#line 424 "./util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } - YY_BREAK -case 210: -YY_RULE_SETUP -#line 425 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } - YY_BREAK -case 211: -YY_RULE_SETUP -#line 426 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_IDENTITY) } - YY_BREAK -case 212: -YY_RULE_SETUP -#line 427 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } - YY_BREAK -case 213: -YY_RULE_SETUP -#line 428 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } - YY_BREAK -case 214: -YY_RULE_SETUP -#line 429 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_REPLIES) } - YY_BREAK -case 215: -YY_RULE_SETUP -#line 430 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } - YY_BREAK -case 216: -YY_RULE_SETUP -#line 431 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } - YY_BREAK -case 217: -YY_RULE_SETUP -#line 432 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_SERVFAIL) } - YY_BREAK -case 218: -YY_RULE_SETUP -#line 433 "./util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } - YY_BREAK -case 219: -YY_RULE_SETUP -#line 434 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } - YY_BREAK -case 220: -YY_RULE_SETUP -#line 435 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } - YY_BREAK -case 221: -YY_RULE_SETUP -#line 436 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } - YY_BREAK -case 222: -YY_RULE_SETUP -#line 437 "./util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } - YY_BREAK -case 223: -YY_RULE_SETUP -#line 438 "./util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } - YY_BREAK -case 224: -YY_RULE_SETUP -#line 439 "./util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } - YY_BREAK -case 225: -YY_RULE_SETUP -#line 440 "./util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } - YY_BREAK -case 226: -YY_RULE_SETUP -#line 441 "./util/configlexer.lex" -{ YDVAR(1, VAR_SHM_ENABLE) } - YY_BREAK -case 227: -YY_RULE_SETUP -#line 442 "./util/configlexer.lex" -{ YDVAR(1, VAR_SHM_KEY) } - YY_BREAK -case 228: -YY_RULE_SETUP -#line 443 "./util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } - YY_BREAK -case 229: -YY_RULE_SETUP -#line 444 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } - YY_BREAK -case 230: -YY_RULE_SETUP -#line 445 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } - YY_BREAK -case 231: -YY_RULE_SETUP -#line 446 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } - YY_BREAK -case 232: -YY_RULE_SETUP -#line 447 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } - YY_BREAK -case 233: -YY_RULE_SETUP -#line 448 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } - YY_BREAK -case 234: -YY_RULE_SETUP -#line 449 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } - YY_BREAK -case 235: -YY_RULE_SETUP -#line 450 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } - YY_BREAK -case 236: -YY_RULE_SETUP -#line 451 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } - YY_BREAK -case 237: -YY_RULE_SETUP -#line 452 "./util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } - YY_BREAK -case 238: -YY_RULE_SETUP -#line 453 "./util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } - YY_BREAK -case 239: -YY_RULE_SETUP -#line 454 "./util/configlexer.lex" -{ YDVAR(1, VAR_DYNLIB_FILE) } - YY_BREAK -case 240: -YY_RULE_SETUP -#line 455 "./util/configlexer.lex" -{ YDVAR(0, VAR_DYNLIB) } - YY_BREAK -case 241: -YY_RULE_SETUP -#line 456 "./util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } - YY_BREAK -case 242: -YY_RULE_SETUP -#line 457 "./util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } - YY_BREAK -case 243: -YY_RULE_SETUP -#line 458 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } - YY_BREAK -case 244: -YY_RULE_SETUP -#line 459 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } - YY_BREAK -case 245: -YY_RULE_SETUP -#line 460 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } - YY_BREAK -case 246: -YY_RULE_SETUP -#line 461 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } - YY_BREAK -case 247: -YY_RULE_SETUP -#line 462 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } - YY_BREAK -case 248: -YY_RULE_SETUP -#line 463 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } - YY_BREAK -case 249: -YY_RULE_SETUP -#line 464 "./util/configlexer.lex" -{ YDVAR(1, VAR_DEFINE_TAG) } - YY_BREAK -case 250: -YY_RULE_SETUP -#line 465 "./util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } - YY_BREAK -case 251: -YY_RULE_SETUP -#line 466 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } - YY_BREAK -case 252: -YY_RULE_SETUP -#line 467 "./util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } - YY_BREAK -case 253: -YY_RULE_SETUP -#line 468 "./util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } - YY_BREAK -case 254: -YY_RULE_SETUP -#line 469 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } - YY_BREAK -case 255: -YY_RULE_SETUP -#line 470 "./util/configlexer.lex" -{ YDVAR(2, VAR_INTERFACE_TAG) } - YY_BREAK -case 256: -YY_RULE_SETUP -#line 471 "./util/configlexer.lex" -{ YDVAR(3, VAR_INTERFACE_TAG_ACTION) } - YY_BREAK -case 257: -YY_RULE_SETUP -#line 472 "./util/configlexer.lex" -{ YDVAR(3, VAR_INTERFACE_TAG_DATA) } - YY_BREAK -case 258: -YY_RULE_SETUP -#line 473 "./util/configlexer.lex" -{ YDVAR(2, VAR_INTERFACE_VIEW) } - YY_BREAK -case 259: -YY_RULE_SETUP -#line 474 "./util/configlexer.lex" -{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } - YY_BREAK -case 260: -YY_RULE_SETUP -#line 475 "./util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } - YY_BREAK -case 261: -YY_RULE_SETUP -#line 476 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } - YY_BREAK -case 262: -YY_RULE_SETUP -#line 477 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } - YY_BREAK -case 263: -YY_RULE_SETUP -#line 478 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } - YY_BREAK -case 264: -YY_RULE_SETUP -#line 479 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IP) } - YY_BREAK -case 265: -YY_RULE_SETUP -#line 480 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS) } - YY_BREAK -case 266: -YY_RULE_SETUP -#line 481 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } - YY_BREAK -case 267: -YY_RULE_SETUP -#line 482 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } - YY_BREAK -case 268: -YY_RULE_SETUP -#line 483 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } - YY_BREAK -case 269: -YY_RULE_SETUP -#line 485 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } - YY_BREAK -case 270: -YY_RULE_SETUP -#line 487 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } - YY_BREAK -case 271: -YY_RULE_SETUP -#line 488 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } - YY_BREAK -case 272: -YY_RULE_SETUP -#line 489 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } - YY_BREAK -case 273: -YY_RULE_SETUP -#line 490 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } - YY_BREAK -case 274: -YY_RULE_SETUP -#line 491 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } - YY_BREAK -case 275: -YY_RULE_SETUP -#line 493 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } - YY_BREAK -case 276: -YY_RULE_SETUP -#line 495 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } - YY_BREAK -case 277: -YY_RULE_SETUP -#line 497 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } - YY_BREAK -case 278: -YY_RULE_SETUP -#line 499 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } - YY_BREAK -case 279: -YY_RULE_SETUP -#line 501 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } - YY_BREAK -case 280: -YY_RULE_SETUP -#line 503 "./util/configlexer.lex" -{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } - YY_BREAK -case 281: -YY_RULE_SETUP -#line 504 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT) } - YY_BREAK -case 282: -YY_RULE_SETUP -#line 505 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } - YY_BREAK -case 283: -YY_RULE_SETUP -#line 506 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } - YY_BREAK -case 284: -YY_RULE_SETUP -#line 507 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } - YY_BREAK -case 285: -YY_RULE_SETUP -#line 508 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } - YY_BREAK -case 286: -YY_RULE_SETUP -#line 509 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } - YY_BREAK -case 287: -YY_RULE_SETUP -#line 510 "./util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } - YY_BREAK -case 288: -YY_RULE_SETUP -#line 511 "./util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } - YY_BREAK -case 289: -YY_RULE_SETUP -#line 512 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } - YY_BREAK -case 290: -YY_RULE_SETUP -#line 513 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } - YY_BREAK -case 291: -YY_RULE_SETUP -#line 514 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) } - YY_BREAK -case 292: -YY_RULE_SETUP -#line 515 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_BACKOFF) } - YY_BREAK -case 293: -YY_RULE_SETUP -#line 516 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTBOUND_MSG_RETRY) } - YY_BREAK -case 294: -YY_RULE_SETUP -#line 517 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOW_RTT) } - YY_BREAK -case 295: -YY_RULE_SETUP -#line 518 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_NUM) } - YY_BREAK -case 296: -YY_RULE_SETUP -#line 519 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } - YY_BREAK -case 297: -YY_RULE_SETUP -#line 520 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } - YY_BREAK -case 298: -YY_RULE_SETUP -#line 521 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } - YY_BREAK -case 299: -YY_RULE_SETUP -#line 522 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_TAG) } - YY_BREAK -case 300: -YY_RULE_SETUP -#line 523 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP) } - YY_BREAK -case 301: -YY_RULE_SETUP -#line 524 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_DATA) } - YY_BREAK -case 302: -YY_RULE_SETUP -#line 525 "./util/configlexer.lex" -{ YDVAR(0, VAR_DNSCRYPT) } - YY_BREAK -case 303: -YY_RULE_SETUP -#line 526 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } - YY_BREAK -case 304: -YY_RULE_SETUP -#line 527 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PORT) } - YY_BREAK -case 305: -YY_RULE_SETUP -#line 528 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } - YY_BREAK -case 306: -YY_RULE_SETUP -#line 529 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } - YY_BREAK -case 307: -YY_RULE_SETUP -#line 530 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } - YY_BREAK -case 308: -YY_RULE_SETUP -#line 531 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } - YY_BREAK -case 309: -YY_RULE_SETUP -#line 532 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } - YY_BREAK -case 310: -YY_RULE_SETUP -#line 534 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } - YY_BREAK -case 311: -YY_RULE_SETUP -#line 536 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } - YY_BREAK -case 312: -YY_RULE_SETUP -#line 537 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } - YY_BREAK -case 313: -YY_RULE_SETUP -#line 538 "./util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES) } - YY_BREAK -case 314: -YY_RULE_SETUP -#line 539 "./util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } - YY_BREAK -case 315: -YY_RULE_SETUP -#line 540 "./util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES) } - YY_BREAK -case 316: -YY_RULE_SETUP -#line 541 "./util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } - YY_BREAK -case 317: -YY_RULE_SETUP -#line 542 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_ENABLED) } - YY_BREAK -case 318: -YY_RULE_SETUP -#line 543 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } - YY_BREAK -case 319: -YY_RULE_SETUP -#line 544 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_HOOK) } - YY_BREAK -case 320: -YY_RULE_SETUP -#line 545 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } - YY_BREAK -case 321: -YY_RULE_SETUP -#line 546 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } - YY_BREAK -case 322: -YY_RULE_SETUP -#line 547 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } - YY_BREAK -case 323: -YY_RULE_SETUP -#line 548 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_STRICT) } - YY_BREAK -case 324: -YY_RULE_SETUP -#line 549 "./util/configlexer.lex" -{ YDVAR(0, VAR_CACHEDB) } - YY_BREAK -case 325: -YY_RULE_SETUP -#line 550 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_BACKEND) } - YY_BREAK -case 326: -YY_RULE_SETUP -#line 551 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } - YY_BREAK -case 327: -YY_RULE_SETUP -#line 552 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISHOST) } - YY_BREAK -case 328: -YY_RULE_SETUP -#line 553 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPORT) } - YY_BREAK -case 329: -YY_RULE_SETUP -#line 554 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } - YY_BREAK -case 330: -YY_RULE_SETUP -#line 555 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } - YY_BREAK -case 331: -YY_RULE_SETUP -#line 556 "./util/configlexer.lex" -{ YDVAR(0, VAR_IPSET) } - YY_BREAK -case 332: -YY_RULE_SETUP -#line 557 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V4) } - YY_BREAK -case 333: -YY_RULE_SETUP -#line 558 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V6) } - YY_BREAK -case 334: -YY_RULE_SETUP -#line 559 "./util/configlexer.lex" -{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } - YY_BREAK -case 335: -YY_RULE_SETUP -#line 560 "./util/configlexer.lex" -{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } - YY_BREAK -case 336: -YY_RULE_SETUP -#line 561 "./util/configlexer.lex" -{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } - YY_BREAK -case 337: -YY_RULE_SETUP -#line 562 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } - YY_BREAK -case 338: -YY_RULE_SETUP -#line 563 "./util/configlexer.lex" -{ YDVAR(1, VAR_NSID ) } - YY_BREAK -case 339: -YY_RULE_SETUP -#line 564 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDE ) } - YY_BREAK -case 340: -YY_RULE_SETUP -#line 565 "./util/configlexer.lex" -{ YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } - YY_BREAK -case 341: -/* rule 341 can match eol */ -YY_RULE_SETUP -#line 566 "./util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++; } - YY_BREAK -/* Quoted strings. Strip leading and ending quotes */ -case 342: -YY_RULE_SETUP -#line 569 "./util/configlexer.lex" -{ BEGIN(quotedstring); LEXOUT(("QS ")); } - YY_BREAK -case YY_STATE_EOF(quotedstring): -#line 570 "./util/configlexer.lex" -{ - yyerror("EOF inside quoted string"); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } -} - YY_BREAK -case 343: -YY_RULE_SETUP -#line 575 "./util/configlexer.lex" -{ LEXOUT(("STR(%s) ", yytext)); yymore(); } - YY_BREAK -case 344: -/* rule 344 can match eol */ -YY_RULE_SETUP -#line 576 "./util/configlexer.lex" -{ yyerror("newline inside quoted string, no end \""); - cfg_parser->line++; BEGIN(INITIAL); } - YY_BREAK -case 345: -YY_RULE_SETUP -#line 578 "./util/configlexer.lex" -{ - LEXOUT(("QE ")); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } - yytext[yyleng - 1] = '\0'; - yylval.str = strdup(yytext); - if(!yylval.str) - yyerror("out of memory"); - return STRING_ARG; -} - YY_BREAK -/* Single Quoted strings. Strip leading and ending quotes */ -case 346: -YY_RULE_SETUP -#line 590 "./util/configlexer.lex" -{ BEGIN(singlequotedstr); LEXOUT(("SQS ")); } - YY_BREAK -case YY_STATE_EOF(singlequotedstr): -#line 591 "./util/configlexer.lex" -{ - yyerror("EOF inside quoted string"); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } -} - YY_BREAK -case 347: -YY_RULE_SETUP -#line 596 "./util/configlexer.lex" -{ LEXOUT(("STR(%s) ", yytext)); yymore(); } - YY_BREAK -case 348: -/* rule 348 can match eol */ -YY_RULE_SETUP -#line 597 "./util/configlexer.lex" -{ yyerror("newline inside quoted string, no end '"); - cfg_parser->line++; BEGIN(INITIAL); } - YY_BREAK -case 349: -YY_RULE_SETUP -#line 599 "./util/configlexer.lex" -{ - LEXOUT(("SQE ")); - if(--num_args == 0) { BEGIN(INITIAL); } - else { BEGIN(val); } - yytext[yyleng - 1] = '\0'; - yylval.str = strdup(yytext); - if(!yylval.str) - yyerror("out of memory"); - return STRING_ARG; -} - YY_BREAK -/* include: directive */ -case 350: -YY_RULE_SETUP -#line 611 "./util/configlexer.lex" -{ - LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } - YY_BREAK -case YY_STATE_EOF(include): -#line 613 "./util/configlexer.lex" -{ - yyerror("EOF inside include directive"); - BEGIN(inc_prev); -} - YY_BREAK -case 351: -YY_RULE_SETUP -#line 617 "./util/configlexer.lex" -{ LEXOUT(("ISP ")); /* ignore */ } - YY_BREAK -case 352: -/* rule 352 can match eol */ -YY_RULE_SETUP -#line 618 "./util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++;} - YY_BREAK -case 353: -YY_RULE_SETUP -#line 619 "./util/configlexer.lex" -{ LEXOUT(("IQS ")); BEGIN(include_quoted); } - YY_BREAK -case 354: -YY_RULE_SETUP -#line 620 "./util/configlexer.lex" -{ - LEXOUT(("Iunquotedstr(%s) ", yytext)); - config_start_include_glob(yytext, 0); - BEGIN(inc_prev); -} - YY_BREAK -case YY_STATE_EOF(include_quoted): -#line 625 "./util/configlexer.lex" -{ - yyerror("EOF inside quoted string"); - BEGIN(inc_prev); -} - YY_BREAK -case 355: -YY_RULE_SETUP -#line 629 "./util/configlexer.lex" -{ LEXOUT(("ISTR(%s) ", yytext)); yymore(); } - YY_BREAK -case 356: -/* rule 356 can match eol */ -YY_RULE_SETUP -#line 630 "./util/configlexer.lex" -{ yyerror("newline before \" in include name"); - cfg_parser->line++; BEGIN(inc_prev); } - YY_BREAK -case 357: -YY_RULE_SETUP -#line 632 "./util/configlexer.lex" -{ - LEXOUT(("IQE ")); - yytext[yyleng - 1] = '\0'; - config_start_include_glob(yytext, 0); - BEGIN(inc_prev); -} - YY_BREAK -case YY_STATE_EOF(INITIAL): -case YY_STATE_EOF(val): -#line 638 "./util/configlexer.lex" -{ - LEXOUT(("LEXEOF ")); - yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ - if (!config_include_stack) { - yyterminate(); - } else { - int prev_toplevel = inc_toplevel; - fclose(yyin); - config_end_include(); - if(prev_toplevel) return (VAR_FORCE_TOPLEVEL); - } -} - YY_BREAK -/* include-toplevel: directive */ -case 358: -YY_RULE_SETUP -#line 652 "./util/configlexer.lex" -{ - LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); -} - YY_BREAK -case YY_STATE_EOF(include_toplevel): -#line 655 "./util/configlexer.lex" -{ - yyerror("EOF inside include_toplevel directive"); - BEGIN(inc_prev); -} - YY_BREAK -case 359: -YY_RULE_SETUP -#line 659 "./util/configlexer.lex" -{ LEXOUT(("ITSP ")); /* ignore */ } - YY_BREAK -case 360: -/* rule 360 can match eol */ -YY_RULE_SETUP -#line 660 "./util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++; } - YY_BREAK -case 361: -YY_RULE_SETUP -#line 661 "./util/configlexer.lex" -{ LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } - YY_BREAK -case 362: -YY_RULE_SETUP -#line 662 "./util/configlexer.lex" -{ - LEXOUT(("ITunquotedstr(%s) ", yytext)); - config_start_include_glob(yytext, 1); - BEGIN(inc_prev); - return (VAR_FORCE_TOPLEVEL); -} - YY_BREAK -case YY_STATE_EOF(include_toplevel_quoted): -#line 668 "./util/configlexer.lex" -{ - yyerror("EOF inside quoted string"); - BEGIN(inc_prev); -} - YY_BREAK -case 363: -YY_RULE_SETUP -#line 672 "./util/configlexer.lex" -{ LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } - YY_BREAK -case 364: -/* rule 364 can match eol */ -YY_RULE_SETUP -#line 673 "./util/configlexer.lex" -{ - yyerror("newline before \" in include name"); - cfg_parser->line++; BEGIN(inc_prev); -} - YY_BREAK -case 365: -YY_RULE_SETUP -#line 677 "./util/configlexer.lex" -{ - LEXOUT(("ITQE ")); - yytext[yyleng - 1] = '\0'; - config_start_include_glob(yytext, 1); - BEGIN(inc_prev); - return (VAR_FORCE_TOPLEVEL); -} - YY_BREAK -case 366: -YY_RULE_SETUP -#line 685 "./util/configlexer.lex" -{ LEXOUT(("unquotedstr(%s) ", yytext)); - if(--num_args == 0) { BEGIN(INITIAL); } - yylval.str = strdup(yytext); return STRING_ARG; } - YY_BREAK -case 367: -YY_RULE_SETUP -#line 689 "./util/configlexer.lex" -{ - ub_c_error_msg("unknown keyword '%s'", yytext); - } - YY_BREAK -case 368: -YY_RULE_SETUP -#line 693 "./util/configlexer.lex" -{ - ub_c_error_msg("stray '%s'", yytext); - } - YY_BREAK -case 369: -YY_RULE_SETUP -#line 697 "./util/configlexer.lex" -ECHO; - YY_BREAK -#line 5687 "" - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); - YY_RESTORE_YY_MORE_OFFSET - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = (yy_c_buf_p); - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_END_OF_FILE: - { - (yy_did_buffer_switch_on_eof) = 0; - - if ( yywrap( ) ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of user's declarations */ -} /* end of yylex */ - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ -static int yy_get_next_buffer (void) -{ - char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - char *source = (yytext_ptr); - int number_to_move, i; - int ret_val; - - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr) - 1); - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; - - else - { - int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; - - int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yyrealloc( (void *) b->yy_ch_buf, - (yy_size_t) (b->yy_buf_size + 2) ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = NULL; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - - number_to_move - 1; - - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); - - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - if ( (yy_n_chars) == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - if (((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { - /* Extend the array by 50%, plus the number we really need. */ - int new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( - (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size ); - if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); - /* "- 2" to take care of EOB's */ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); - } - - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; - - return ret_val; -} - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - - static yy_state_type yy_get_previous_state (void) -{ - yy_state_type yy_current_state; - char *yy_cp; - - yy_current_state = (yy_start); - - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) - { - YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3646 ) - yy_c = yy_meta[yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - } - - return yy_current_state; -} - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ - int yy_is_jam; - char *yy_cp = (yy_c_buf_p); - - YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3646 ) - yy_c = yy_meta[yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 3645); - - return yy_is_jam ? 0 : yy_current_state; -} - -#ifndef YY_NO_UNPUT - -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus - static int yyinput (void) -#else - static int input (void) -#endif - -{ - int c; - - *(yy_c_buf_p) = (yy_hold_char); - - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; - - else - { /* need more input */ - int offset = (int) ((yy_c_buf_p) - (yytext_ptr)); - ++(yy_c_buf_p); - - switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart( yyin ); - - /*FALLTHROUGH*/ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap( ) ) - return 0; - - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; - break; - } - } - } - - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); - - return c; -} -#endif /* ifndef YY_NO_INPUT */ - -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer( yyin, YY_BUF_SIZE ); - } - - yy_init_buffer( YY_CURRENT_BUFFER, input_file ); - yy_load_buffer_state( ); -} - -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) - return; - - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - (yy_did_buffer_switch_on_eof) = 1; -} - -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} - -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer( b, file ); - - return b; -} - -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - - if ( ! b ) - return; - - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yyfree( (void *) b->yy_ch_buf ); - - yyfree( (void *) b ); -} - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - -{ - int oerrno = errno; - - yy_flush_buffer( b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} - -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; - } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - yy_size_t num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - if ( ! (yy_buffer_stack) ) - YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - yy_size_t grow_size = 8 /* arbitrary grow size */; - - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - if ( ! (yy_buffer_stack) ) - YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return NULL; - - b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = (int) (size - 2); /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = NULL; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer( b ); - - return b; -} - -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (const char * yystr ) -{ - - return yy_scan_bytes( yystr, (int) strlen(yystr) ); -} - -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param yybytes the byte buffer to scan - * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len ) -{ - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = (yy_size_t) (_yybytes_len + 2); - buf = (char *) yyalloc( n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < _yybytes_len; ++i ) - buf[i] = yybytes[i]; - - buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer( buf, n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; -} - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -static void yynoreturn yy_fatal_error (const char* msg ) -{ - fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) - -/* Accessor methods (get/set functions) to struct members. */ - -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} - -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} - -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} - -/** Get the current token. - * - */ - -char *yyget_text (void) -{ - return yytext; -} - -/** Set the current line number. - * @param _line_number line number - * - */ -void yyset_lineno (int _line_number ) -{ - - yylineno = _line_number; -} - -/** Set the input stream. This does not discard the current - * input buffer. - * @param _in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * _in_str ) -{ - yyin = _in_str ; -} - -void yyset_out (FILE * _out_str ) -{ - yyout = _out_str ; -} - -int yyget_debug (void) -{ - return yy_flex_debug; -} - -void yyset_debug (int _bdebug ) -{ - yy_flex_debug = _bdebug ; -} - -static int yy_init_globals (void) -{ - /* Initialization is the same as for the non-reentrant scanner. - * This function is called from yylex_destroy(), so don't allocate here. - */ - - (yy_buffer_stack) = NULL; - (yy_buffer_stack_top) = 0; - (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = NULL; - (yy_init) = 0; - (yy_start) = 0; - -/* Defined in main.c */ -#ifdef YY_STDINIT - yyin = stdin; - yyout = stdout; -#else - yyin = NULL; - yyout = NULL; -#endif - - /* For future reference: Set errno on error, since we are called by - * yylex_init() - */ - return 0; -} - -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer( YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } - - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; - - /* Reset the globals. This is important in a non-reentrant scanner so the next time - * yylex() is called, initialization will occur. */ - yy_init_globals( ); - - return 0; -} - -/* - * Internal utility routines. - */ - -#ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, const char * s2, int n ) -{ - - int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; -} -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (const char * s ) -{ - int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; -} -#endif - -void *yyalloc (yy_size_t size ) -{ - return malloc(size); -} - -void *yyrealloc (void * ptr, yy_size_t size ) -{ - - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return realloc(ptr, size); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" - -#line 697 "./util/configlexer.lex" - - diff --git a/util/configlexer.lex b/util/configlexer.lex index 09e314b21..c1f58af71 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -209,9 +209,9 @@ SQANY [^\'\n\r\\]|\\. %x quotedstring singlequotedstr include include_quoted val include_toplevel include_toplevel_quoted %% -{SPACE}* { +{SPACE}* { LEXOUT(("SP ")); /* ignore */ } -{SPACE}*{COMMENT}.* { +{SPACE}*{COMMENT}.* { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } server{COLON} { YDVAR(0, VAR_SERVER) } @@ -227,6 +227,7 @@ outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) } incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } +do-nat64{COLON} { YDVAR(1, VAR_DO_NAT64) } prefer-ip4{COLON} { YDVAR(1, VAR_PREFER_IP4) } prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) } do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } @@ -240,6 +241,7 @@ tcp-reuse-timeout{COLON} { YDVAR(1, VAR_TCP_REUSE_TIMEOUT) } tcp-auth-query-timeout{COLON} { YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) } edns-tcp-keepalive{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } edns-tcp-keepalive-timeout{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } +sock-queue-timeout{COLON} { YDVAR(1, VAR_SOCK_QUEUE_TIMEOUT) } ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } tls-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } @@ -316,6 +318,7 @@ harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +harden-unknown-additional{COLON} { YDVAR(1, VAR_HARDEN_UNKNOWN_ADDITIONAL) } use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } caps-exempt{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } @@ -413,7 +416,7 @@ val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } -val-nsec3-keysize-iterations{COLON} { +val-nsec3-keysize-iterations{COLON} { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } zonemd-permissive-mode{COLON} { YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } zonemd-check{COLON} { YDVAR(1, VAR_ZONEMD_CHECK) } @@ -438,6 +441,7 @@ insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) } statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } +statistics-inhibit-zero{COLON} { YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) } shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) } shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) } remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } @@ -461,6 +465,7 @@ max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) } dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) } dns64-ignore-aaaa{COLON} { YDVAR(1, VAR_DNS64_IGNORE_AAAA) } +nat64-prefix{COLON} { YDVAR(1, VAR_NAT64_PREFIX) } define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) } local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) } access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } @@ -514,6 +519,8 @@ ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) } ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) } ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) } outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) } +max-sent-count{COLON} { YDVAR(1, VAR_MAX_SENT_COUNT) } +max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) } low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) } fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) } low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) } @@ -551,6 +558,8 @@ backend{COLON} { YDVAR(1, VAR_CACHEDB_BACKEND) } secret-seed{COLON} { YDVAR(1, VAR_CACHEDB_SECRETSEED) } redis-server-host{COLON} { YDVAR(1, VAR_CACHEDB_REDISHOST) } redis-server-port{COLON} { YDVAR(1, VAR_CACHEDB_REDISPORT) } +redis-server-path{COLON} { YDVAR(1, VAR_CACHEDB_REDISPATH) } +redis-server-password{COLON} { YDVAR(1, VAR_CACHEDB_REDISPASSWORD) } redis-timeout{COLON} { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } redis-expire-records{COLON} { YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } ipset{COLON} { YDVAR(0, VAR_IPSET) } @@ -573,7 +582,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } else { BEGIN(val); } } {DQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } -{NEWLINE} { yyerror("newline inside quoted string, no end \""); +{NEWLINE} { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } \" { LEXOUT(("QE ")); @@ -594,7 +603,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } else { BEGIN(val); } } {SQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } -{NEWLINE} { yyerror("newline inside quoted string, no end '"); +{NEWLINE} { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } \' { LEXOUT(("SQE ")); @@ -608,7 +617,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } } /* include: directive */ -include{COLON} { +include{COLON} { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } <> { yyerror("EOF inside include directive"); @@ -627,7 +636,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } BEGIN(inc_prev); } {DQANY}* { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } -{NEWLINE} { yyerror("newline before \" in include name"); +{NEWLINE} { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } \" { LEXOUT(("IQE ")); @@ -682,7 +691,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } return (VAR_FORCE_TOPLEVEL); } -{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); +{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } diff --git a/util/configparser.c b/util/configparser.c deleted file mode 100644 index 4670d36e7..000000000 --- a/util/configparser.c +++ /dev/null @@ -1,7368 +0,0 @@ -/* A Bison parser, made by GNU Bison 3.8.2. */ - -/* Bison implementation for Yacc-like parsers in C - - Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation, - Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -/* C LALR(1) parser skeleton written by Richard Stallman, by - simplifying the original so-called "semantic" parser. */ - -/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, - especially those whose name start with YY_ or yy_. They are - private implementation details that can be changed or removed. */ - -/* All symbols defined below should begin with yy or YY, to avoid - infringing on user name space. This should be done even for local - variables, as they might otherwise be expanded by user macros. - There are some unavoidable exceptions within include files to - define necessary library symbols; they are noted "INFRINGES ON - USER NAME SPACE" below. */ - -/* Identify Bison output, and Bison version. */ -#define YYBISON 30802 - -/* Bison version string. */ -#define YYBISON_VERSION "3.8.2" - -/* Skeleton name. */ -#define YYSKELETON_NAME "yacc.c" - -/* Pure parsers. */ -#define YYPURE 0 - -/* Push parsers. */ -#define YYPUSH 0 - -/* Pull parsers. */ -#define YYPULL 1 - - - - -/* First part of user prologue. */ -#line 38 "./util/configparser.y" - -#include "config.h" - -#include -#include -#include -#include -#include - -#include "util/configyyrename.h" -#include "util/config_file.h" -#include "util/net_help.h" - -int ub_c_lex(void); -void ub_c_error(const char *message); - -static void validate_respip_action(const char* action); -static void validate_acl_action(const char* action); - -/* these need to be global, otherwise they cannot be used inside yacc */ -extern struct config_parser_state* cfg_parser; - -#if 0 -#define OUTYY(s) printf s /* used ONLY when debugging */ -#else -#define OUTYY(s) -#endif - - -#line 101 "util/configparser.c" - -# ifndef YY_CAST -# ifdef __cplusplus -# define YY_CAST(Type, Val) static_cast (Val) -# define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) -# else -# define YY_CAST(Type, Val) ((Type) (Val)) -# define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) -# endif -# endif -# ifndef YY_NULLPTR -# if defined __cplusplus -# if 201103L <= __cplusplus -# define YY_NULLPTR nullptr -# else -# define YY_NULLPTR 0 -# endif -# else -# define YY_NULLPTR ((void*)0) -# endif -# endif - -#include "configparser.h" -/* Symbol kind. */ -enum yysymbol_kind_t -{ - YYSYMBOL_YYEMPTY = -2, - YYSYMBOL_YYEOF = 0, /* "end of file" */ - YYSYMBOL_YYerror = 1, /* error */ - YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ - YYSYMBOL_SPACE = 3, /* SPACE */ - YYSYMBOL_LETTER = 4, /* LETTER */ - YYSYMBOL_NEWLINE = 5, /* NEWLINE */ - YYSYMBOL_COMMENT = 6, /* COMMENT */ - YYSYMBOL_COLON = 7, /* COLON */ - YYSYMBOL_ANY = 8, /* ANY */ - YYSYMBOL_ZONESTR = 9, /* ZONESTR */ - YYSYMBOL_STRING_ARG = 10, /* STRING_ARG */ - YYSYMBOL_VAR_FORCE_TOPLEVEL = 11, /* VAR_FORCE_TOPLEVEL */ - YYSYMBOL_VAR_SERVER = 12, /* VAR_SERVER */ - YYSYMBOL_VAR_VERBOSITY = 13, /* VAR_VERBOSITY */ - YYSYMBOL_VAR_NUM_THREADS = 14, /* VAR_NUM_THREADS */ - YYSYMBOL_VAR_PORT = 15, /* VAR_PORT */ - YYSYMBOL_VAR_OUTGOING_RANGE = 16, /* VAR_OUTGOING_RANGE */ - YYSYMBOL_VAR_INTERFACE = 17, /* VAR_INTERFACE */ - YYSYMBOL_VAR_PREFER_IP4 = 18, /* VAR_PREFER_IP4 */ - YYSYMBOL_VAR_DO_IP4 = 19, /* VAR_DO_IP4 */ - YYSYMBOL_VAR_DO_IP6 = 20, /* VAR_DO_IP6 */ - YYSYMBOL_VAR_PREFER_IP6 = 21, /* VAR_PREFER_IP6 */ - YYSYMBOL_VAR_DO_UDP = 22, /* VAR_DO_UDP */ - YYSYMBOL_VAR_DO_TCP = 23, /* VAR_DO_TCP */ - YYSYMBOL_VAR_TCP_MSS = 24, /* VAR_TCP_MSS */ - YYSYMBOL_VAR_OUTGOING_TCP_MSS = 25, /* VAR_OUTGOING_TCP_MSS */ - YYSYMBOL_VAR_TCP_IDLE_TIMEOUT = 26, /* VAR_TCP_IDLE_TIMEOUT */ - YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE = 27, /* VAR_EDNS_TCP_KEEPALIVE */ - YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 28, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ - YYSYMBOL_VAR_CHROOT = 29, /* VAR_CHROOT */ - YYSYMBOL_VAR_USERNAME = 30, /* VAR_USERNAME */ - YYSYMBOL_VAR_DIRECTORY = 31, /* VAR_DIRECTORY */ - YYSYMBOL_VAR_LOGFILE = 32, /* VAR_LOGFILE */ - YYSYMBOL_VAR_PIDFILE = 33, /* VAR_PIDFILE */ - YYSYMBOL_VAR_MSG_CACHE_SIZE = 34, /* VAR_MSG_CACHE_SIZE */ - YYSYMBOL_VAR_MSG_CACHE_SLABS = 35, /* VAR_MSG_CACHE_SLABS */ - YYSYMBOL_VAR_NUM_QUERIES_PER_THREAD = 36, /* VAR_NUM_QUERIES_PER_THREAD */ - YYSYMBOL_VAR_RRSET_CACHE_SIZE = 37, /* VAR_RRSET_CACHE_SIZE */ - YYSYMBOL_VAR_RRSET_CACHE_SLABS = 38, /* VAR_RRSET_CACHE_SLABS */ - YYSYMBOL_VAR_OUTGOING_NUM_TCP = 39, /* VAR_OUTGOING_NUM_TCP */ - YYSYMBOL_VAR_INFRA_HOST_TTL = 40, /* VAR_INFRA_HOST_TTL */ - YYSYMBOL_VAR_INFRA_LAME_TTL = 41, /* VAR_INFRA_LAME_TTL */ - YYSYMBOL_VAR_INFRA_CACHE_SLABS = 42, /* VAR_INFRA_CACHE_SLABS */ - YYSYMBOL_VAR_INFRA_CACHE_NUMHOSTS = 43, /* VAR_INFRA_CACHE_NUMHOSTS */ - YYSYMBOL_VAR_INFRA_CACHE_LAME_SIZE = 44, /* VAR_INFRA_CACHE_LAME_SIZE */ - YYSYMBOL_VAR_NAME = 45, /* VAR_NAME */ - YYSYMBOL_VAR_STUB_ZONE = 46, /* VAR_STUB_ZONE */ - YYSYMBOL_VAR_STUB_HOST = 47, /* VAR_STUB_HOST */ - YYSYMBOL_VAR_STUB_ADDR = 48, /* VAR_STUB_ADDR */ - YYSYMBOL_VAR_TARGET_FETCH_POLICY = 49, /* VAR_TARGET_FETCH_POLICY */ - YYSYMBOL_VAR_HARDEN_SHORT_BUFSIZE = 50, /* VAR_HARDEN_SHORT_BUFSIZE */ - YYSYMBOL_VAR_HARDEN_LARGE_QUERIES = 51, /* VAR_HARDEN_LARGE_QUERIES */ - YYSYMBOL_VAR_FORWARD_ZONE = 52, /* VAR_FORWARD_ZONE */ - YYSYMBOL_VAR_FORWARD_HOST = 53, /* VAR_FORWARD_HOST */ - YYSYMBOL_VAR_FORWARD_ADDR = 54, /* VAR_FORWARD_ADDR */ - YYSYMBOL_VAR_DO_NOT_QUERY_ADDRESS = 55, /* VAR_DO_NOT_QUERY_ADDRESS */ - YYSYMBOL_VAR_HIDE_IDENTITY = 56, /* VAR_HIDE_IDENTITY */ - YYSYMBOL_VAR_HIDE_VERSION = 57, /* VAR_HIDE_VERSION */ - YYSYMBOL_VAR_IDENTITY = 58, /* VAR_IDENTITY */ - YYSYMBOL_VAR_VERSION = 59, /* VAR_VERSION */ - YYSYMBOL_VAR_HARDEN_GLUE = 60, /* VAR_HARDEN_GLUE */ - YYSYMBOL_VAR_MODULE_CONF = 61, /* VAR_MODULE_CONF */ - YYSYMBOL_VAR_TRUST_ANCHOR_FILE = 62, /* VAR_TRUST_ANCHOR_FILE */ - YYSYMBOL_VAR_TRUST_ANCHOR = 63, /* VAR_TRUST_ANCHOR */ - YYSYMBOL_VAR_VAL_OVERRIDE_DATE = 64, /* VAR_VAL_OVERRIDE_DATE */ - YYSYMBOL_VAR_BOGUS_TTL = 65, /* VAR_BOGUS_TTL */ - YYSYMBOL_VAR_VAL_CLEAN_ADDITIONAL = 66, /* VAR_VAL_CLEAN_ADDITIONAL */ - YYSYMBOL_VAR_VAL_PERMISSIVE_MODE = 67, /* VAR_VAL_PERMISSIVE_MODE */ - YYSYMBOL_VAR_INCOMING_NUM_TCP = 68, /* VAR_INCOMING_NUM_TCP */ - YYSYMBOL_VAR_MSG_BUFFER_SIZE = 69, /* VAR_MSG_BUFFER_SIZE */ - YYSYMBOL_VAR_KEY_CACHE_SIZE = 70, /* VAR_KEY_CACHE_SIZE */ - YYSYMBOL_VAR_KEY_CACHE_SLABS = 71, /* VAR_KEY_CACHE_SLABS */ - YYSYMBOL_VAR_TRUSTED_KEYS_FILE = 72, /* VAR_TRUSTED_KEYS_FILE */ - YYSYMBOL_VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 73, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ - YYSYMBOL_VAR_USE_SYSLOG = 74, /* VAR_USE_SYSLOG */ - YYSYMBOL_VAR_OUTGOING_INTERFACE = 75, /* VAR_OUTGOING_INTERFACE */ - YYSYMBOL_VAR_ROOT_HINTS = 76, /* VAR_ROOT_HINTS */ - YYSYMBOL_VAR_DO_NOT_QUERY_LOCALHOST = 77, /* VAR_DO_NOT_QUERY_LOCALHOST */ - YYSYMBOL_VAR_CACHE_MAX_TTL = 78, /* VAR_CACHE_MAX_TTL */ - YYSYMBOL_VAR_HARDEN_DNSSEC_STRIPPED = 79, /* VAR_HARDEN_DNSSEC_STRIPPED */ - YYSYMBOL_VAR_ACCESS_CONTROL = 80, /* VAR_ACCESS_CONTROL */ - YYSYMBOL_VAR_LOCAL_ZONE = 81, /* VAR_LOCAL_ZONE */ - YYSYMBOL_VAR_LOCAL_DATA = 82, /* VAR_LOCAL_DATA */ - YYSYMBOL_VAR_INTERFACE_AUTOMATIC = 83, /* VAR_INTERFACE_AUTOMATIC */ - YYSYMBOL_VAR_STATISTICS_INTERVAL = 84, /* VAR_STATISTICS_INTERVAL */ - YYSYMBOL_VAR_DO_DAEMONIZE = 85, /* VAR_DO_DAEMONIZE */ - YYSYMBOL_VAR_USE_CAPS_FOR_ID = 86, /* VAR_USE_CAPS_FOR_ID */ - YYSYMBOL_VAR_STATISTICS_CUMULATIVE = 87, /* VAR_STATISTICS_CUMULATIVE */ - YYSYMBOL_VAR_OUTGOING_PORT_PERMIT = 88, /* VAR_OUTGOING_PORT_PERMIT */ - YYSYMBOL_VAR_OUTGOING_PORT_AVOID = 89, /* VAR_OUTGOING_PORT_AVOID */ - YYSYMBOL_VAR_DLV_ANCHOR_FILE = 90, /* VAR_DLV_ANCHOR_FILE */ - YYSYMBOL_VAR_DLV_ANCHOR = 91, /* VAR_DLV_ANCHOR */ - YYSYMBOL_VAR_NEG_CACHE_SIZE = 92, /* VAR_NEG_CACHE_SIZE */ - YYSYMBOL_VAR_HARDEN_REFERRAL_PATH = 93, /* VAR_HARDEN_REFERRAL_PATH */ - YYSYMBOL_VAR_PRIVATE_ADDRESS = 94, /* VAR_PRIVATE_ADDRESS */ - YYSYMBOL_VAR_PRIVATE_DOMAIN = 95, /* VAR_PRIVATE_DOMAIN */ - YYSYMBOL_VAR_REMOTE_CONTROL = 96, /* VAR_REMOTE_CONTROL */ - YYSYMBOL_VAR_CONTROL_ENABLE = 97, /* VAR_CONTROL_ENABLE */ - YYSYMBOL_VAR_CONTROL_INTERFACE = 98, /* VAR_CONTROL_INTERFACE */ - YYSYMBOL_VAR_CONTROL_PORT = 99, /* VAR_CONTROL_PORT */ - YYSYMBOL_VAR_SERVER_KEY_FILE = 100, /* VAR_SERVER_KEY_FILE */ - YYSYMBOL_VAR_SERVER_CERT_FILE = 101, /* VAR_SERVER_CERT_FILE */ - YYSYMBOL_VAR_CONTROL_KEY_FILE = 102, /* VAR_CONTROL_KEY_FILE */ - YYSYMBOL_VAR_CONTROL_CERT_FILE = 103, /* VAR_CONTROL_CERT_FILE */ - YYSYMBOL_VAR_CONTROL_USE_CERT = 104, /* VAR_CONTROL_USE_CERT */ - YYSYMBOL_VAR_TCP_REUSE_TIMEOUT = 105, /* VAR_TCP_REUSE_TIMEOUT */ - YYSYMBOL_VAR_MAX_REUSE_TCP_QUERIES = 106, /* VAR_MAX_REUSE_TCP_QUERIES */ - YYSYMBOL_VAR_EXTENDED_STATISTICS = 107, /* VAR_EXTENDED_STATISTICS */ - YYSYMBOL_VAR_LOCAL_DATA_PTR = 108, /* VAR_LOCAL_DATA_PTR */ - YYSYMBOL_VAR_JOSTLE_TIMEOUT = 109, /* VAR_JOSTLE_TIMEOUT */ - YYSYMBOL_VAR_STUB_PRIME = 110, /* VAR_STUB_PRIME */ - YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 111, /* VAR_UNWANTED_REPLY_THRESHOLD */ - YYSYMBOL_VAR_LOG_TIME_ASCII = 112, /* VAR_LOG_TIME_ASCII */ - YYSYMBOL_VAR_DOMAIN_INSECURE = 113, /* VAR_DOMAIN_INSECURE */ - YYSYMBOL_VAR_PYTHON = 114, /* VAR_PYTHON */ - YYSYMBOL_VAR_PYTHON_SCRIPT = 115, /* VAR_PYTHON_SCRIPT */ - YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 116, /* VAR_VAL_SIG_SKEW_MIN */ - YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 117, /* VAR_VAL_SIG_SKEW_MAX */ - YYSYMBOL_VAR_VAL_MAX_RESTART = 118, /* VAR_VAL_MAX_RESTART */ - YYSYMBOL_VAR_CACHE_MIN_TTL = 119, /* VAR_CACHE_MIN_TTL */ - YYSYMBOL_VAR_VAL_LOG_LEVEL = 120, /* VAR_VAL_LOG_LEVEL */ - YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 121, /* VAR_AUTO_TRUST_ANCHOR_FILE */ - YYSYMBOL_VAR_KEEP_MISSING = 122, /* VAR_KEEP_MISSING */ - YYSYMBOL_VAR_ADD_HOLDDOWN = 123, /* VAR_ADD_HOLDDOWN */ - YYSYMBOL_VAR_DEL_HOLDDOWN = 124, /* VAR_DEL_HOLDDOWN */ - YYSYMBOL_VAR_SO_RCVBUF = 125, /* VAR_SO_RCVBUF */ - YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 126, /* VAR_EDNS_BUFFER_SIZE */ - YYSYMBOL_VAR_PREFETCH = 127, /* VAR_PREFETCH */ - YYSYMBOL_VAR_PREFETCH_KEY = 128, /* VAR_PREFETCH_KEY */ - YYSYMBOL_VAR_SO_SNDBUF = 129, /* VAR_SO_SNDBUF */ - YYSYMBOL_VAR_SO_REUSEPORT = 130, /* VAR_SO_REUSEPORT */ - YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 131, /* VAR_HARDEN_BELOW_NXDOMAIN */ - YYSYMBOL_VAR_IGNORE_CD_FLAG = 132, /* VAR_IGNORE_CD_FLAG */ - YYSYMBOL_VAR_LOG_QUERIES = 133, /* VAR_LOG_QUERIES */ - YYSYMBOL_VAR_LOG_REPLIES = 134, /* VAR_LOG_REPLIES */ - YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 135, /* VAR_LOG_LOCAL_ACTIONS */ - YYSYMBOL_VAR_TCP_UPSTREAM = 136, /* VAR_TCP_UPSTREAM */ - YYSYMBOL_VAR_SSL_UPSTREAM = 137, /* VAR_SSL_UPSTREAM */ - YYSYMBOL_VAR_TCP_AUTH_QUERY_TIMEOUT = 138, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ - YYSYMBOL_VAR_SSL_SERVICE_KEY = 139, /* VAR_SSL_SERVICE_KEY */ - YYSYMBOL_VAR_SSL_SERVICE_PEM = 140, /* VAR_SSL_SERVICE_PEM */ - YYSYMBOL_VAR_SSL_PORT = 141, /* VAR_SSL_PORT */ - YYSYMBOL_VAR_FORWARD_FIRST = 142, /* VAR_FORWARD_FIRST */ - YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 143, /* VAR_STUB_SSL_UPSTREAM */ - YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 144, /* VAR_FORWARD_SSL_UPSTREAM */ - YYSYMBOL_VAR_TLS_CERT_BUNDLE = 145, /* VAR_TLS_CERT_BUNDLE */ - YYSYMBOL_VAR_STUB_TCP_UPSTREAM = 146, /* VAR_STUB_TCP_UPSTREAM */ - YYSYMBOL_VAR_FORWARD_TCP_UPSTREAM = 147, /* VAR_FORWARD_TCP_UPSTREAM */ - YYSYMBOL_VAR_HTTPS_PORT = 148, /* VAR_HTTPS_PORT */ - YYSYMBOL_VAR_HTTP_ENDPOINT = 149, /* VAR_HTTP_ENDPOINT */ - YYSYMBOL_VAR_HTTP_MAX_STREAMS = 150, /* VAR_HTTP_MAX_STREAMS */ - YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 151, /* VAR_HTTP_QUERY_BUFFER_SIZE */ - YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 152, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ - YYSYMBOL_VAR_HTTP_NODELAY = 153, /* VAR_HTTP_NODELAY */ - YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 154, /* VAR_HTTP_NOTLS_DOWNSTREAM */ - YYSYMBOL_VAR_STUB_FIRST = 155, /* VAR_STUB_FIRST */ - YYSYMBOL_VAR_MINIMAL_RESPONSES = 156, /* VAR_MINIMAL_RESPONSES */ - YYSYMBOL_VAR_RRSET_ROUNDROBIN = 157, /* VAR_RRSET_ROUNDROBIN */ - YYSYMBOL_VAR_MAX_UDP_SIZE = 158, /* VAR_MAX_UDP_SIZE */ - YYSYMBOL_VAR_DELAY_CLOSE = 159, /* VAR_DELAY_CLOSE */ - YYSYMBOL_VAR_UDP_CONNECT = 160, /* VAR_UDP_CONNECT */ - YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 161, /* VAR_UNBLOCK_LAN_ZONES */ - YYSYMBOL_VAR_INSECURE_LAN_ZONES = 162, /* VAR_INSECURE_LAN_ZONES */ - YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 163, /* VAR_INFRA_CACHE_MIN_RTT */ - YYSYMBOL_VAR_INFRA_CACHE_MAX_RTT = 164, /* VAR_INFRA_CACHE_MAX_RTT */ - YYSYMBOL_VAR_INFRA_KEEP_PROBING = 165, /* VAR_INFRA_KEEP_PROBING */ - YYSYMBOL_VAR_DNS64_PREFIX = 166, /* VAR_DNS64_PREFIX */ - YYSYMBOL_VAR_DNS64_SYNTHALL = 167, /* VAR_DNS64_SYNTHALL */ - YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 168, /* VAR_DNS64_IGNORE_AAAA */ - YYSYMBOL_VAR_DNSTAP = 169, /* VAR_DNSTAP */ - YYSYMBOL_VAR_DNSTAP_ENABLE = 170, /* VAR_DNSTAP_ENABLE */ - YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 171, /* VAR_DNSTAP_SOCKET_PATH */ - YYSYMBOL_VAR_DNSTAP_IP = 172, /* VAR_DNSTAP_IP */ - YYSYMBOL_VAR_DNSTAP_TLS = 173, /* VAR_DNSTAP_TLS */ - YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 174, /* VAR_DNSTAP_TLS_SERVER_NAME */ - YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 175, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ - YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 176, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ - YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 177, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ - YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 178, /* VAR_DNSTAP_SEND_IDENTITY */ - YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 179, /* VAR_DNSTAP_SEND_VERSION */ - YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 180, /* VAR_DNSTAP_BIDIRECTIONAL */ - YYSYMBOL_VAR_DNSTAP_IDENTITY = 181, /* VAR_DNSTAP_IDENTITY */ - YYSYMBOL_VAR_DNSTAP_VERSION = 182, /* VAR_DNSTAP_VERSION */ - YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 183, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 184, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 185, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 186, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 187, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 188, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_RESPONSE_IP_TAG = 189, /* VAR_RESPONSE_IP_TAG */ - YYSYMBOL_VAR_RESPONSE_IP = 190, /* VAR_RESPONSE_IP */ - YYSYMBOL_VAR_RESPONSE_IP_DATA = 191, /* VAR_RESPONSE_IP_DATA */ - YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 192, /* VAR_HARDEN_ALGO_DOWNGRADE */ - YYSYMBOL_VAR_IP_TRANSPARENT = 193, /* VAR_IP_TRANSPARENT */ - YYSYMBOL_VAR_IP_DSCP = 194, /* VAR_IP_DSCP */ - YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 195, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ - YYSYMBOL_VAR_IP_RATELIMIT = 196, /* VAR_IP_RATELIMIT */ - YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 197, /* VAR_IP_RATELIMIT_SLABS */ - YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 198, /* VAR_IP_RATELIMIT_SIZE */ - YYSYMBOL_VAR_RATELIMIT = 199, /* VAR_RATELIMIT */ - YYSYMBOL_VAR_RATELIMIT_SLABS = 200, /* VAR_RATELIMIT_SLABS */ - YYSYMBOL_VAR_RATELIMIT_SIZE = 201, /* VAR_RATELIMIT_SIZE */ - YYSYMBOL_VAR_OUTBOUND_MSG_RETRY = 202, /* VAR_OUTBOUND_MSG_RETRY */ - YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 203, /* VAR_RATELIMIT_FOR_DOMAIN */ - YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 204, /* VAR_RATELIMIT_BELOW_DOMAIN */ - YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 205, /* VAR_IP_RATELIMIT_FACTOR */ - YYSYMBOL_VAR_RATELIMIT_FACTOR = 206, /* VAR_RATELIMIT_FACTOR */ - YYSYMBOL_VAR_IP_RATELIMIT_BACKOFF = 207, /* VAR_IP_RATELIMIT_BACKOFF */ - YYSYMBOL_VAR_RATELIMIT_BACKOFF = 208, /* VAR_RATELIMIT_BACKOFF */ - YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 209, /* VAR_SEND_CLIENT_SUBNET */ - YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 210, /* VAR_CLIENT_SUBNET_ZONE */ - YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 211, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 212, /* VAR_CLIENT_SUBNET_OPCODE */ - YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 213, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 214, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 215, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 216, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 217, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 218, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - YYSYMBOL_VAR_CAPS_WHITELIST = 219, /* VAR_CAPS_WHITELIST */ - YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 220, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 221, /* VAR_PERMIT_SMALL_HOLDDOWN */ - YYSYMBOL_VAR_QNAME_MINIMISATION = 222, /* VAR_QNAME_MINIMISATION */ - YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 223, /* VAR_QNAME_MINIMISATION_STRICT */ - YYSYMBOL_VAR_IP_FREEBIND = 224, /* VAR_IP_FREEBIND */ - YYSYMBOL_VAR_DEFINE_TAG = 225, /* VAR_DEFINE_TAG */ - YYSYMBOL_VAR_LOCAL_ZONE_TAG = 226, /* VAR_LOCAL_ZONE_TAG */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 227, /* VAR_ACCESS_CONTROL_TAG */ - YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 228, /* VAR_LOCAL_ZONE_OVERRIDE */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 229, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 230, /* VAR_ACCESS_CONTROL_TAG_DATA */ - YYSYMBOL_VAR_VIEW = 231, /* VAR_VIEW */ - YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 232, /* VAR_ACCESS_CONTROL_VIEW */ - YYSYMBOL_VAR_VIEW_FIRST = 233, /* VAR_VIEW_FIRST */ - YYSYMBOL_VAR_SERVE_EXPIRED = 234, /* VAR_SERVE_EXPIRED */ - YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 235, /* VAR_SERVE_EXPIRED_TTL */ - YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 236, /* VAR_SERVE_EXPIRED_TTL_RESET */ - YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 237, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 238, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - YYSYMBOL_VAR_EDE_SERVE_EXPIRED = 239, /* VAR_EDE_SERVE_EXPIRED */ - YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 240, /* VAR_SERVE_ORIGINAL_TTL */ - YYSYMBOL_VAR_FAKE_DSA = 241, /* VAR_FAKE_DSA */ - YYSYMBOL_VAR_FAKE_SHA1 = 242, /* VAR_FAKE_SHA1 */ - YYSYMBOL_VAR_LOG_IDENTITY = 243, /* VAR_LOG_IDENTITY */ - YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 244, /* VAR_HIDE_TRUSTANCHOR */ - YYSYMBOL_VAR_HIDE_HTTP_USER_AGENT = 245, /* VAR_HIDE_HTTP_USER_AGENT */ - YYSYMBOL_VAR_HTTP_USER_AGENT = 246, /* VAR_HTTP_USER_AGENT */ - YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 247, /* VAR_TRUST_ANCHOR_SIGNALING */ - YYSYMBOL_VAR_AGGRESSIVE_NSEC = 248, /* VAR_AGGRESSIVE_NSEC */ - YYSYMBOL_VAR_USE_SYSTEMD = 249, /* VAR_USE_SYSTEMD */ - YYSYMBOL_VAR_SHM_ENABLE = 250, /* VAR_SHM_ENABLE */ - YYSYMBOL_VAR_SHM_KEY = 251, /* VAR_SHM_KEY */ - YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 252, /* VAR_ROOT_KEY_SENTINEL */ - YYSYMBOL_VAR_DNSCRYPT = 253, /* VAR_DNSCRYPT */ - YYSYMBOL_VAR_DNSCRYPT_ENABLE = 254, /* VAR_DNSCRYPT_ENABLE */ - YYSYMBOL_VAR_DNSCRYPT_PORT = 255, /* VAR_DNSCRYPT_PORT */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 256, /* VAR_DNSCRYPT_PROVIDER */ - YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 257, /* VAR_DNSCRYPT_SECRET_KEY */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 258, /* VAR_DNSCRYPT_PROVIDER_CERT */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 259, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 260, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 261, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 262, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 263, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - YYSYMBOL_VAR_PAD_RESPONSES = 264, /* VAR_PAD_RESPONSES */ - YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 265, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - YYSYMBOL_VAR_PAD_QUERIES = 266, /* VAR_PAD_QUERIES */ - YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 267, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - YYSYMBOL_VAR_IPSECMOD_ENABLED = 268, /* VAR_IPSECMOD_ENABLED */ - YYSYMBOL_VAR_IPSECMOD_HOOK = 269, /* VAR_IPSECMOD_HOOK */ - YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 270, /* VAR_IPSECMOD_IGNORE_BOGUS */ - YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 271, /* VAR_IPSECMOD_MAX_TTL */ - YYSYMBOL_VAR_IPSECMOD_WHITELIST = 272, /* VAR_IPSECMOD_WHITELIST */ - YYSYMBOL_VAR_IPSECMOD_STRICT = 273, /* VAR_IPSECMOD_STRICT */ - YYSYMBOL_VAR_CACHEDB = 274, /* VAR_CACHEDB */ - YYSYMBOL_VAR_CACHEDB_BACKEND = 275, /* VAR_CACHEDB_BACKEND */ - YYSYMBOL_VAR_CACHEDB_SECRETSEED = 276, /* VAR_CACHEDB_SECRETSEED */ - YYSYMBOL_VAR_CACHEDB_REDISHOST = 277, /* VAR_CACHEDB_REDISHOST */ - YYSYMBOL_VAR_CACHEDB_REDISPORT = 278, /* VAR_CACHEDB_REDISPORT */ - YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 279, /* VAR_CACHEDB_REDISTIMEOUT */ - YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 280, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 281, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - YYSYMBOL_VAR_FOR_UPSTREAM = 282, /* VAR_FOR_UPSTREAM */ - YYSYMBOL_VAR_AUTH_ZONE = 283, /* VAR_AUTH_ZONE */ - YYSYMBOL_VAR_ZONEFILE = 284, /* VAR_ZONEFILE */ - YYSYMBOL_VAR_MASTER = 285, /* VAR_MASTER */ - YYSYMBOL_VAR_URL = 286, /* VAR_URL */ - YYSYMBOL_VAR_FOR_DOWNSTREAM = 287, /* VAR_FOR_DOWNSTREAM */ - YYSYMBOL_VAR_FALLBACK_ENABLED = 288, /* VAR_FALLBACK_ENABLED */ - YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 289, /* VAR_TLS_ADDITIONAL_PORT */ - YYSYMBOL_VAR_LOW_RTT = 290, /* VAR_LOW_RTT */ - YYSYMBOL_VAR_LOW_RTT_PERMIL = 291, /* VAR_LOW_RTT_PERMIL */ - YYSYMBOL_VAR_FAST_SERVER_PERMIL = 292, /* VAR_FAST_SERVER_PERMIL */ - YYSYMBOL_VAR_FAST_SERVER_NUM = 293, /* VAR_FAST_SERVER_NUM */ - YYSYMBOL_VAR_ALLOW_NOTIFY = 294, /* VAR_ALLOW_NOTIFY */ - YYSYMBOL_VAR_TLS_WIN_CERT = 295, /* VAR_TLS_WIN_CERT */ - YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 296, /* VAR_TCP_CONNECTION_LIMIT */ - YYSYMBOL_VAR_FORWARD_NO_CACHE = 297, /* VAR_FORWARD_NO_CACHE */ - YYSYMBOL_VAR_STUB_NO_CACHE = 298, /* VAR_STUB_NO_CACHE */ - YYSYMBOL_VAR_LOG_SERVFAIL = 299, /* VAR_LOG_SERVFAIL */ - YYSYMBOL_VAR_DENY_ANY = 300, /* VAR_DENY_ANY */ - YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 301, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 302, /* VAR_LOG_TAG_QUERYREPLY */ - YYSYMBOL_VAR_STREAM_WAIT_SIZE = 303, /* VAR_STREAM_WAIT_SIZE */ - YYSYMBOL_VAR_TLS_CIPHERS = 304, /* VAR_TLS_CIPHERS */ - YYSYMBOL_VAR_TLS_CIPHERSUITES = 305, /* VAR_TLS_CIPHERSUITES */ - YYSYMBOL_VAR_TLS_USE_SNI = 306, /* VAR_TLS_USE_SNI */ - YYSYMBOL_VAR_IPSET = 307, /* VAR_IPSET */ - YYSYMBOL_VAR_IPSET_NAME_V4 = 308, /* VAR_IPSET_NAME_V4 */ - YYSYMBOL_VAR_IPSET_NAME_V6 = 309, /* VAR_IPSET_NAME_V6 */ - YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 310, /* VAR_TLS_SESSION_TICKET_KEYS */ - YYSYMBOL_VAR_RPZ = 311, /* VAR_RPZ */ - YYSYMBOL_VAR_TAGS = 312, /* VAR_TAGS */ - YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 313, /* VAR_RPZ_ACTION_OVERRIDE */ - YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 314, /* VAR_RPZ_CNAME_OVERRIDE */ - YYSYMBOL_VAR_RPZ_LOG = 315, /* VAR_RPZ_LOG */ - YYSYMBOL_VAR_RPZ_LOG_NAME = 316, /* VAR_RPZ_LOG_NAME */ - YYSYMBOL_VAR_DYNLIB = 317, /* VAR_DYNLIB */ - YYSYMBOL_VAR_DYNLIB_FILE = 318, /* VAR_DYNLIB_FILE */ - YYSYMBOL_VAR_EDNS_CLIENT_STRING = 319, /* VAR_EDNS_CLIENT_STRING */ - YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 320, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - YYSYMBOL_VAR_NSID = 321, /* VAR_NSID */ - YYSYMBOL_VAR_ZONEMD_PERMISSIVE_MODE = 322, /* VAR_ZONEMD_PERMISSIVE_MODE */ - YYSYMBOL_VAR_ZONEMD_CHECK = 323, /* VAR_ZONEMD_CHECK */ - YYSYMBOL_VAR_ZONEMD_REJECT_ABSENCE = 324, /* VAR_ZONEMD_REJECT_ABSENCE */ - YYSYMBOL_VAR_RPZ_SIGNAL_NXDOMAIN_RA = 325, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */ - YYSYMBOL_VAR_INTERFACE_AUTOMATIC_PORTS = 326, /* VAR_INTERFACE_AUTOMATIC_PORTS */ - YYSYMBOL_VAR_EDE = 327, /* VAR_EDE */ - YYSYMBOL_VAR_INTERFACE_ACTION = 328, /* VAR_INTERFACE_ACTION */ - YYSYMBOL_VAR_INTERFACE_VIEW = 329, /* VAR_INTERFACE_VIEW */ - YYSYMBOL_VAR_INTERFACE_TAG = 330, /* VAR_INTERFACE_TAG */ - YYSYMBOL_VAR_INTERFACE_TAG_ACTION = 331, /* VAR_INTERFACE_TAG_ACTION */ - YYSYMBOL_VAR_INTERFACE_TAG_DATA = 332, /* VAR_INTERFACE_TAG_DATA */ - YYSYMBOL_VAR_PROXY_PROTOCOL_PORT = 333, /* VAR_PROXY_PROTOCOL_PORT */ - YYSYMBOL_YYACCEPT = 334, /* $accept */ - YYSYMBOL_toplevelvars = 335, /* toplevelvars */ - YYSYMBOL_toplevelvar = 336, /* toplevelvar */ - YYSYMBOL_force_toplevel = 337, /* force_toplevel */ - YYSYMBOL_serverstart = 338, /* serverstart */ - YYSYMBOL_contents_server = 339, /* contents_server */ - YYSYMBOL_content_server = 340, /* content_server */ - YYSYMBOL_stubstart = 341, /* stubstart */ - YYSYMBOL_contents_stub = 342, /* contents_stub */ - YYSYMBOL_content_stub = 343, /* content_stub */ - YYSYMBOL_forwardstart = 344, /* forwardstart */ - YYSYMBOL_contents_forward = 345, /* contents_forward */ - YYSYMBOL_content_forward = 346, /* content_forward */ - YYSYMBOL_viewstart = 347, /* viewstart */ - YYSYMBOL_contents_view = 348, /* contents_view */ - YYSYMBOL_content_view = 349, /* content_view */ - YYSYMBOL_authstart = 350, /* authstart */ - YYSYMBOL_contents_auth = 351, /* contents_auth */ - YYSYMBOL_content_auth = 352, /* content_auth */ - YYSYMBOL_rpz_tag = 353, /* rpz_tag */ - YYSYMBOL_rpz_action_override = 354, /* rpz_action_override */ - YYSYMBOL_rpz_cname_override = 355, /* rpz_cname_override */ - YYSYMBOL_rpz_log = 356, /* rpz_log */ - YYSYMBOL_rpz_log_name = 357, /* rpz_log_name */ - YYSYMBOL_rpz_signal_nxdomain_ra = 358, /* rpz_signal_nxdomain_ra */ - YYSYMBOL_rpzstart = 359, /* rpzstart */ - YYSYMBOL_contents_rpz = 360, /* contents_rpz */ - YYSYMBOL_content_rpz = 361, /* content_rpz */ - YYSYMBOL_server_num_threads = 362, /* server_num_threads */ - YYSYMBOL_server_verbosity = 363, /* server_verbosity */ - YYSYMBOL_server_statistics_interval = 364, /* server_statistics_interval */ - YYSYMBOL_server_statistics_cumulative = 365, /* server_statistics_cumulative */ - YYSYMBOL_server_extended_statistics = 366, /* server_extended_statistics */ - YYSYMBOL_server_shm_enable = 367, /* server_shm_enable */ - YYSYMBOL_server_shm_key = 368, /* server_shm_key */ - YYSYMBOL_server_port = 369, /* server_port */ - YYSYMBOL_server_send_client_subnet = 370, /* server_send_client_subnet */ - YYSYMBOL_server_client_subnet_zone = 371, /* server_client_subnet_zone */ - YYSYMBOL_server_client_subnet_always_forward = 372, /* server_client_subnet_always_forward */ - YYSYMBOL_server_client_subnet_opcode = 373, /* server_client_subnet_opcode */ - YYSYMBOL_server_max_client_subnet_ipv4 = 374, /* server_max_client_subnet_ipv4 */ - YYSYMBOL_server_max_client_subnet_ipv6 = 375, /* server_max_client_subnet_ipv6 */ - YYSYMBOL_server_min_client_subnet_ipv4 = 376, /* server_min_client_subnet_ipv4 */ - YYSYMBOL_server_min_client_subnet_ipv6 = 377, /* server_min_client_subnet_ipv6 */ - YYSYMBOL_server_max_ecs_tree_size_ipv4 = 378, /* server_max_ecs_tree_size_ipv4 */ - YYSYMBOL_server_max_ecs_tree_size_ipv6 = 379, /* server_max_ecs_tree_size_ipv6 */ - YYSYMBOL_server_interface = 380, /* server_interface */ - YYSYMBOL_server_outgoing_interface = 381, /* server_outgoing_interface */ - YYSYMBOL_server_outgoing_range = 382, /* server_outgoing_range */ - YYSYMBOL_server_outgoing_port_permit = 383, /* server_outgoing_port_permit */ - YYSYMBOL_server_outgoing_port_avoid = 384, /* server_outgoing_port_avoid */ - YYSYMBOL_server_outgoing_num_tcp = 385, /* server_outgoing_num_tcp */ - YYSYMBOL_server_incoming_num_tcp = 386, /* server_incoming_num_tcp */ - YYSYMBOL_server_interface_automatic = 387, /* server_interface_automatic */ - YYSYMBOL_server_interface_automatic_ports = 388, /* server_interface_automatic_ports */ - YYSYMBOL_server_do_ip4 = 389, /* server_do_ip4 */ - YYSYMBOL_server_do_ip6 = 390, /* server_do_ip6 */ - YYSYMBOL_server_do_udp = 391, /* server_do_udp */ - YYSYMBOL_server_do_tcp = 392, /* server_do_tcp */ - YYSYMBOL_server_prefer_ip4 = 393, /* server_prefer_ip4 */ - YYSYMBOL_server_prefer_ip6 = 394, /* server_prefer_ip6 */ - YYSYMBOL_server_tcp_mss = 395, /* server_tcp_mss */ - YYSYMBOL_server_outgoing_tcp_mss = 396, /* server_outgoing_tcp_mss */ - YYSYMBOL_server_tcp_idle_timeout = 397, /* server_tcp_idle_timeout */ - YYSYMBOL_server_max_reuse_tcp_queries = 398, /* server_max_reuse_tcp_queries */ - YYSYMBOL_server_tcp_reuse_timeout = 399, /* server_tcp_reuse_timeout */ - YYSYMBOL_server_tcp_auth_query_timeout = 400, /* server_tcp_auth_query_timeout */ - YYSYMBOL_server_tcp_keepalive = 401, /* server_tcp_keepalive */ - YYSYMBOL_server_tcp_keepalive_timeout = 402, /* server_tcp_keepalive_timeout */ - YYSYMBOL_server_tcp_upstream = 403, /* server_tcp_upstream */ - YYSYMBOL_server_udp_upstream_without_downstream = 404, /* server_udp_upstream_without_downstream */ - YYSYMBOL_server_ssl_upstream = 405, /* server_ssl_upstream */ - YYSYMBOL_server_ssl_service_key = 406, /* server_ssl_service_key */ - YYSYMBOL_server_ssl_service_pem = 407, /* server_ssl_service_pem */ - YYSYMBOL_server_ssl_port = 408, /* server_ssl_port */ - YYSYMBOL_server_tls_cert_bundle = 409, /* server_tls_cert_bundle */ - YYSYMBOL_server_tls_win_cert = 410, /* server_tls_win_cert */ - YYSYMBOL_server_tls_additional_port = 411, /* server_tls_additional_port */ - YYSYMBOL_server_tls_ciphers = 412, /* server_tls_ciphers */ - YYSYMBOL_server_tls_ciphersuites = 413, /* server_tls_ciphersuites */ - YYSYMBOL_server_tls_session_ticket_keys = 414, /* server_tls_session_ticket_keys */ - YYSYMBOL_server_tls_use_sni = 415, /* server_tls_use_sni */ - YYSYMBOL_server_https_port = 416, /* server_https_port */ - YYSYMBOL_server_http_endpoint = 417, /* server_http_endpoint */ - YYSYMBOL_server_http_max_streams = 418, /* server_http_max_streams */ - YYSYMBOL_server_http_query_buffer_size = 419, /* server_http_query_buffer_size */ - YYSYMBOL_server_http_response_buffer_size = 420, /* server_http_response_buffer_size */ - YYSYMBOL_server_http_nodelay = 421, /* server_http_nodelay */ - YYSYMBOL_server_http_notls_downstream = 422, /* server_http_notls_downstream */ - YYSYMBOL_server_use_systemd = 423, /* server_use_systemd */ - YYSYMBOL_server_do_daemonize = 424, /* server_do_daemonize */ - YYSYMBOL_server_use_syslog = 425, /* server_use_syslog */ - YYSYMBOL_server_log_time_ascii = 426, /* server_log_time_ascii */ - YYSYMBOL_server_log_queries = 427, /* server_log_queries */ - YYSYMBOL_server_log_replies = 428, /* server_log_replies */ - YYSYMBOL_server_log_tag_queryreply = 429, /* server_log_tag_queryreply */ - YYSYMBOL_server_log_servfail = 430, /* server_log_servfail */ - YYSYMBOL_server_log_local_actions = 431, /* server_log_local_actions */ - YYSYMBOL_server_chroot = 432, /* server_chroot */ - YYSYMBOL_server_username = 433, /* server_username */ - YYSYMBOL_server_directory = 434, /* server_directory */ - YYSYMBOL_server_logfile = 435, /* server_logfile */ - YYSYMBOL_server_pidfile = 436, /* server_pidfile */ - YYSYMBOL_server_root_hints = 437, /* server_root_hints */ - YYSYMBOL_server_dlv_anchor_file = 438, /* server_dlv_anchor_file */ - YYSYMBOL_server_dlv_anchor = 439, /* server_dlv_anchor */ - YYSYMBOL_server_auto_trust_anchor_file = 440, /* server_auto_trust_anchor_file */ - YYSYMBOL_server_trust_anchor_file = 441, /* server_trust_anchor_file */ - YYSYMBOL_server_trusted_keys_file = 442, /* server_trusted_keys_file */ - YYSYMBOL_server_trust_anchor = 443, /* server_trust_anchor */ - YYSYMBOL_server_trust_anchor_signaling = 444, /* server_trust_anchor_signaling */ - YYSYMBOL_server_root_key_sentinel = 445, /* server_root_key_sentinel */ - YYSYMBOL_server_domain_insecure = 446, /* server_domain_insecure */ - YYSYMBOL_server_hide_identity = 447, /* server_hide_identity */ - YYSYMBOL_server_hide_version = 448, /* server_hide_version */ - YYSYMBOL_server_hide_trustanchor = 449, /* server_hide_trustanchor */ - YYSYMBOL_server_hide_http_user_agent = 450, /* server_hide_http_user_agent */ - YYSYMBOL_server_identity = 451, /* server_identity */ - YYSYMBOL_server_version = 452, /* server_version */ - YYSYMBOL_server_http_user_agent = 453, /* server_http_user_agent */ - YYSYMBOL_server_nsid = 454, /* server_nsid */ - YYSYMBOL_server_so_rcvbuf = 455, /* server_so_rcvbuf */ - YYSYMBOL_server_so_sndbuf = 456, /* server_so_sndbuf */ - YYSYMBOL_server_so_reuseport = 457, /* server_so_reuseport */ - YYSYMBOL_server_ip_transparent = 458, /* server_ip_transparent */ - YYSYMBOL_server_ip_freebind = 459, /* server_ip_freebind */ - YYSYMBOL_server_ip_dscp = 460, /* server_ip_dscp */ - YYSYMBOL_server_stream_wait_size = 461, /* server_stream_wait_size */ - YYSYMBOL_server_edns_buffer_size = 462, /* server_edns_buffer_size */ - YYSYMBOL_server_msg_buffer_size = 463, /* server_msg_buffer_size */ - YYSYMBOL_server_msg_cache_size = 464, /* server_msg_cache_size */ - YYSYMBOL_server_msg_cache_slabs = 465, /* server_msg_cache_slabs */ - YYSYMBOL_server_num_queries_per_thread = 466, /* server_num_queries_per_thread */ - YYSYMBOL_server_jostle_timeout = 467, /* server_jostle_timeout */ - YYSYMBOL_server_delay_close = 468, /* server_delay_close */ - YYSYMBOL_server_udp_connect = 469, /* server_udp_connect */ - YYSYMBOL_server_unblock_lan_zones = 470, /* server_unblock_lan_zones */ - YYSYMBOL_server_insecure_lan_zones = 471, /* server_insecure_lan_zones */ - YYSYMBOL_server_rrset_cache_size = 472, /* server_rrset_cache_size */ - YYSYMBOL_server_rrset_cache_slabs = 473, /* server_rrset_cache_slabs */ - YYSYMBOL_server_infra_host_ttl = 474, /* server_infra_host_ttl */ - YYSYMBOL_server_infra_lame_ttl = 475, /* server_infra_lame_ttl */ - YYSYMBOL_server_infra_cache_numhosts = 476, /* server_infra_cache_numhosts */ - YYSYMBOL_server_infra_cache_lame_size = 477, /* server_infra_cache_lame_size */ - YYSYMBOL_server_infra_cache_slabs = 478, /* server_infra_cache_slabs */ - YYSYMBOL_server_infra_cache_min_rtt = 479, /* server_infra_cache_min_rtt */ - YYSYMBOL_server_infra_cache_max_rtt = 480, /* server_infra_cache_max_rtt */ - YYSYMBOL_server_infra_keep_probing = 481, /* server_infra_keep_probing */ - YYSYMBOL_server_target_fetch_policy = 482, /* server_target_fetch_policy */ - YYSYMBOL_server_harden_short_bufsize = 483, /* server_harden_short_bufsize */ - YYSYMBOL_server_harden_large_queries = 484, /* server_harden_large_queries */ - YYSYMBOL_server_harden_glue = 485, /* server_harden_glue */ - YYSYMBOL_server_harden_dnssec_stripped = 486, /* server_harden_dnssec_stripped */ - YYSYMBOL_server_harden_below_nxdomain = 487, /* server_harden_below_nxdomain */ - YYSYMBOL_server_harden_referral_path = 488, /* server_harden_referral_path */ - YYSYMBOL_server_harden_algo_downgrade = 489, /* server_harden_algo_downgrade */ - YYSYMBOL_server_use_caps_for_id = 490, /* server_use_caps_for_id */ - YYSYMBOL_server_caps_whitelist = 491, /* server_caps_whitelist */ - YYSYMBOL_server_private_address = 492, /* server_private_address */ - YYSYMBOL_server_private_domain = 493, /* server_private_domain */ - YYSYMBOL_server_prefetch = 494, /* server_prefetch */ - YYSYMBOL_server_prefetch_key = 495, /* server_prefetch_key */ - YYSYMBOL_server_deny_any = 496, /* server_deny_any */ - YYSYMBOL_server_unwanted_reply_threshold = 497, /* server_unwanted_reply_threshold */ - YYSYMBOL_server_do_not_query_address = 498, /* server_do_not_query_address */ - YYSYMBOL_server_do_not_query_localhost = 499, /* server_do_not_query_localhost */ - YYSYMBOL_server_access_control = 500, /* server_access_control */ - YYSYMBOL_server_interface_action = 501, /* server_interface_action */ - YYSYMBOL_server_module_conf = 502, /* server_module_conf */ - YYSYMBOL_server_val_override_date = 503, /* server_val_override_date */ - YYSYMBOL_server_val_sig_skew_min = 504, /* server_val_sig_skew_min */ - YYSYMBOL_server_val_sig_skew_max = 505, /* server_val_sig_skew_max */ - YYSYMBOL_server_val_max_restart = 506, /* server_val_max_restart */ - YYSYMBOL_server_cache_max_ttl = 507, /* server_cache_max_ttl */ - YYSYMBOL_server_cache_max_negative_ttl = 508, /* server_cache_max_negative_ttl */ - YYSYMBOL_server_cache_min_ttl = 509, /* server_cache_min_ttl */ - YYSYMBOL_server_bogus_ttl = 510, /* server_bogus_ttl */ - YYSYMBOL_server_val_clean_additional = 511, /* server_val_clean_additional */ - YYSYMBOL_server_val_permissive_mode = 512, /* server_val_permissive_mode */ - YYSYMBOL_server_aggressive_nsec = 513, /* server_aggressive_nsec */ - YYSYMBOL_server_ignore_cd_flag = 514, /* server_ignore_cd_flag */ - YYSYMBOL_server_serve_expired = 515, /* server_serve_expired */ - YYSYMBOL_server_serve_expired_ttl = 516, /* server_serve_expired_ttl */ - YYSYMBOL_server_serve_expired_ttl_reset = 517, /* server_serve_expired_ttl_reset */ - YYSYMBOL_server_serve_expired_reply_ttl = 518, /* server_serve_expired_reply_ttl */ - YYSYMBOL_server_serve_expired_client_timeout = 519, /* server_serve_expired_client_timeout */ - YYSYMBOL_server_ede_serve_expired = 520, /* server_ede_serve_expired */ - YYSYMBOL_server_serve_original_ttl = 521, /* server_serve_original_ttl */ - YYSYMBOL_server_fake_dsa = 522, /* server_fake_dsa */ - YYSYMBOL_server_fake_sha1 = 523, /* server_fake_sha1 */ - YYSYMBOL_server_val_log_level = 524, /* server_val_log_level */ - YYSYMBOL_server_val_nsec3_keysize_iterations = 525, /* server_val_nsec3_keysize_iterations */ - YYSYMBOL_server_zonemd_permissive_mode = 526, /* server_zonemd_permissive_mode */ - YYSYMBOL_server_add_holddown = 527, /* server_add_holddown */ - YYSYMBOL_server_del_holddown = 528, /* server_del_holddown */ - YYSYMBOL_server_keep_missing = 529, /* server_keep_missing */ - YYSYMBOL_server_permit_small_holddown = 530, /* server_permit_small_holddown */ - YYSYMBOL_server_key_cache_size = 531, /* server_key_cache_size */ - YYSYMBOL_server_key_cache_slabs = 532, /* server_key_cache_slabs */ - YYSYMBOL_server_neg_cache_size = 533, /* server_neg_cache_size */ - YYSYMBOL_server_local_zone = 534, /* server_local_zone */ - YYSYMBOL_server_local_data = 535, /* server_local_data */ - YYSYMBOL_server_local_data_ptr = 536, /* server_local_data_ptr */ - YYSYMBOL_server_minimal_responses = 537, /* server_minimal_responses */ - YYSYMBOL_server_rrset_roundrobin = 538, /* server_rrset_roundrobin */ - YYSYMBOL_server_unknown_server_time_limit = 539, /* server_unknown_server_time_limit */ - YYSYMBOL_server_max_udp_size = 540, /* server_max_udp_size */ - YYSYMBOL_server_dns64_prefix = 541, /* server_dns64_prefix */ - YYSYMBOL_server_dns64_synthall = 542, /* server_dns64_synthall */ - YYSYMBOL_server_dns64_ignore_aaaa = 543, /* server_dns64_ignore_aaaa */ - YYSYMBOL_server_define_tag = 544, /* server_define_tag */ - YYSYMBOL_server_local_zone_tag = 545, /* server_local_zone_tag */ - YYSYMBOL_server_access_control_tag = 546, /* server_access_control_tag */ - YYSYMBOL_server_access_control_tag_action = 547, /* server_access_control_tag_action */ - YYSYMBOL_server_access_control_tag_data = 548, /* server_access_control_tag_data */ - YYSYMBOL_server_local_zone_override = 549, /* server_local_zone_override */ - YYSYMBOL_server_access_control_view = 550, /* server_access_control_view */ - YYSYMBOL_server_interface_tag = 551, /* server_interface_tag */ - YYSYMBOL_server_interface_tag_action = 552, /* server_interface_tag_action */ - YYSYMBOL_server_interface_tag_data = 553, /* server_interface_tag_data */ - YYSYMBOL_server_interface_view = 554, /* server_interface_view */ - YYSYMBOL_server_response_ip_tag = 555, /* server_response_ip_tag */ - YYSYMBOL_server_ip_ratelimit = 556, /* server_ip_ratelimit */ - YYSYMBOL_server_ratelimit = 557, /* server_ratelimit */ - YYSYMBOL_server_ip_ratelimit_size = 558, /* server_ip_ratelimit_size */ - YYSYMBOL_server_ratelimit_size = 559, /* server_ratelimit_size */ - YYSYMBOL_server_ip_ratelimit_slabs = 560, /* server_ip_ratelimit_slabs */ - YYSYMBOL_server_ratelimit_slabs = 561, /* server_ratelimit_slabs */ - YYSYMBOL_server_ratelimit_for_domain = 562, /* server_ratelimit_for_domain */ - YYSYMBOL_server_ratelimit_below_domain = 563, /* server_ratelimit_below_domain */ - YYSYMBOL_server_ip_ratelimit_factor = 564, /* server_ip_ratelimit_factor */ - YYSYMBOL_server_ratelimit_factor = 565, /* server_ratelimit_factor */ - YYSYMBOL_server_ip_ratelimit_backoff = 566, /* server_ip_ratelimit_backoff */ - YYSYMBOL_server_ratelimit_backoff = 567, /* server_ratelimit_backoff */ - YYSYMBOL_server_outbound_msg_retry = 568, /* server_outbound_msg_retry */ - YYSYMBOL_server_low_rtt = 569, /* server_low_rtt */ - YYSYMBOL_server_fast_server_num = 570, /* server_fast_server_num */ - YYSYMBOL_server_fast_server_permil = 571, /* server_fast_server_permil */ - YYSYMBOL_server_qname_minimisation = 572, /* server_qname_minimisation */ - YYSYMBOL_server_qname_minimisation_strict = 573, /* server_qname_minimisation_strict */ - YYSYMBOL_server_pad_responses = 574, /* server_pad_responses */ - YYSYMBOL_server_pad_responses_block_size = 575, /* server_pad_responses_block_size */ - YYSYMBOL_server_pad_queries = 576, /* server_pad_queries */ - YYSYMBOL_server_pad_queries_block_size = 577, /* server_pad_queries_block_size */ - YYSYMBOL_server_ipsecmod_enabled = 578, /* server_ipsecmod_enabled */ - YYSYMBOL_server_ipsecmod_ignore_bogus = 579, /* server_ipsecmod_ignore_bogus */ - YYSYMBOL_server_ipsecmod_hook = 580, /* server_ipsecmod_hook */ - YYSYMBOL_server_ipsecmod_max_ttl = 581, /* server_ipsecmod_max_ttl */ - YYSYMBOL_server_ipsecmod_whitelist = 582, /* server_ipsecmod_whitelist */ - YYSYMBOL_server_ipsecmod_strict = 583, /* server_ipsecmod_strict */ - YYSYMBOL_server_edns_client_string = 584, /* server_edns_client_string */ - YYSYMBOL_server_edns_client_string_opcode = 585, /* server_edns_client_string_opcode */ - YYSYMBOL_server_ede = 586, /* server_ede */ - YYSYMBOL_server_proxy_protocol_port = 587, /* server_proxy_protocol_port */ - YYSYMBOL_stub_name = 588, /* stub_name */ - YYSYMBOL_stub_host = 589, /* stub_host */ - YYSYMBOL_stub_addr = 590, /* stub_addr */ - YYSYMBOL_stub_first = 591, /* stub_first */ - YYSYMBOL_stub_no_cache = 592, /* stub_no_cache */ - YYSYMBOL_stub_ssl_upstream = 593, /* stub_ssl_upstream */ - YYSYMBOL_stub_tcp_upstream = 594, /* stub_tcp_upstream */ - YYSYMBOL_stub_prime = 595, /* stub_prime */ - YYSYMBOL_forward_name = 596, /* forward_name */ - YYSYMBOL_forward_host = 597, /* forward_host */ - YYSYMBOL_forward_addr = 598, /* forward_addr */ - YYSYMBOL_forward_first = 599, /* forward_first */ - YYSYMBOL_forward_no_cache = 600, /* forward_no_cache */ - YYSYMBOL_forward_ssl_upstream = 601, /* forward_ssl_upstream */ - YYSYMBOL_forward_tcp_upstream = 602, /* forward_tcp_upstream */ - YYSYMBOL_auth_name = 603, /* auth_name */ - YYSYMBOL_auth_zonefile = 604, /* auth_zonefile */ - YYSYMBOL_auth_master = 605, /* auth_master */ - YYSYMBOL_auth_url = 606, /* auth_url */ - YYSYMBOL_auth_allow_notify = 607, /* auth_allow_notify */ - YYSYMBOL_auth_zonemd_check = 608, /* auth_zonemd_check */ - YYSYMBOL_auth_zonemd_reject_absence = 609, /* auth_zonemd_reject_absence */ - YYSYMBOL_auth_for_downstream = 610, /* auth_for_downstream */ - YYSYMBOL_auth_for_upstream = 611, /* auth_for_upstream */ - YYSYMBOL_auth_fallback_enabled = 612, /* auth_fallback_enabled */ - YYSYMBOL_view_name = 613, /* view_name */ - YYSYMBOL_view_local_zone = 614, /* view_local_zone */ - YYSYMBOL_view_response_ip = 615, /* view_response_ip */ - YYSYMBOL_view_response_ip_data = 616, /* view_response_ip_data */ - YYSYMBOL_view_local_data = 617, /* view_local_data */ - YYSYMBOL_view_local_data_ptr = 618, /* view_local_data_ptr */ - YYSYMBOL_view_first = 619, /* view_first */ - YYSYMBOL_rcstart = 620, /* rcstart */ - YYSYMBOL_contents_rc = 621, /* contents_rc */ - YYSYMBOL_content_rc = 622, /* content_rc */ - YYSYMBOL_rc_control_enable = 623, /* rc_control_enable */ - YYSYMBOL_rc_control_port = 624, /* rc_control_port */ - YYSYMBOL_rc_control_interface = 625, /* rc_control_interface */ - YYSYMBOL_rc_control_use_cert = 626, /* rc_control_use_cert */ - YYSYMBOL_rc_server_key_file = 627, /* rc_server_key_file */ - YYSYMBOL_rc_server_cert_file = 628, /* rc_server_cert_file */ - YYSYMBOL_rc_control_key_file = 629, /* rc_control_key_file */ - YYSYMBOL_rc_control_cert_file = 630, /* rc_control_cert_file */ - YYSYMBOL_dtstart = 631, /* dtstart */ - YYSYMBOL_contents_dt = 632, /* contents_dt */ - YYSYMBOL_content_dt = 633, /* content_dt */ - YYSYMBOL_dt_dnstap_enable = 634, /* dt_dnstap_enable */ - YYSYMBOL_dt_dnstap_bidirectional = 635, /* dt_dnstap_bidirectional */ - YYSYMBOL_dt_dnstap_socket_path = 636, /* dt_dnstap_socket_path */ - YYSYMBOL_dt_dnstap_ip = 637, /* dt_dnstap_ip */ - YYSYMBOL_dt_dnstap_tls = 638, /* dt_dnstap_tls */ - YYSYMBOL_dt_dnstap_tls_server_name = 639, /* dt_dnstap_tls_server_name */ - YYSYMBOL_dt_dnstap_tls_cert_bundle = 640, /* dt_dnstap_tls_cert_bundle */ - YYSYMBOL_dt_dnstap_tls_client_key_file = 641, /* dt_dnstap_tls_client_key_file */ - YYSYMBOL_dt_dnstap_tls_client_cert_file = 642, /* dt_dnstap_tls_client_cert_file */ - YYSYMBOL_dt_dnstap_send_identity = 643, /* dt_dnstap_send_identity */ - YYSYMBOL_dt_dnstap_send_version = 644, /* dt_dnstap_send_version */ - YYSYMBOL_dt_dnstap_identity = 645, /* dt_dnstap_identity */ - YYSYMBOL_dt_dnstap_version = 646, /* dt_dnstap_version */ - YYSYMBOL_dt_dnstap_log_resolver_query_messages = 647, /* dt_dnstap_log_resolver_query_messages */ - YYSYMBOL_dt_dnstap_log_resolver_response_messages = 648, /* dt_dnstap_log_resolver_response_messages */ - YYSYMBOL_dt_dnstap_log_client_query_messages = 649, /* dt_dnstap_log_client_query_messages */ - YYSYMBOL_dt_dnstap_log_client_response_messages = 650, /* dt_dnstap_log_client_response_messages */ - YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 651, /* dt_dnstap_log_forwarder_query_messages */ - YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 652, /* dt_dnstap_log_forwarder_response_messages */ - YYSYMBOL_pythonstart = 653, /* pythonstart */ - YYSYMBOL_contents_py = 654, /* contents_py */ - YYSYMBOL_content_py = 655, /* content_py */ - YYSYMBOL_py_script = 656, /* py_script */ - YYSYMBOL_dynlibstart = 657, /* dynlibstart */ - YYSYMBOL_contents_dl = 658, /* contents_dl */ - YYSYMBOL_content_dl = 659, /* content_dl */ - YYSYMBOL_dl_file = 660, /* dl_file */ - YYSYMBOL_server_disable_dnssec_lame_check = 661, /* server_disable_dnssec_lame_check */ - YYSYMBOL_server_log_identity = 662, /* server_log_identity */ - YYSYMBOL_server_response_ip = 663, /* server_response_ip */ - YYSYMBOL_server_response_ip_data = 664, /* server_response_ip_data */ - YYSYMBOL_dnscstart = 665, /* dnscstart */ - YYSYMBOL_contents_dnsc = 666, /* contents_dnsc */ - YYSYMBOL_content_dnsc = 667, /* content_dnsc */ - YYSYMBOL_dnsc_dnscrypt_enable = 668, /* dnsc_dnscrypt_enable */ - YYSYMBOL_dnsc_dnscrypt_port = 669, /* dnsc_dnscrypt_port */ - YYSYMBOL_dnsc_dnscrypt_provider = 670, /* dnsc_dnscrypt_provider */ - YYSYMBOL_dnsc_dnscrypt_provider_cert = 671, /* dnsc_dnscrypt_provider_cert */ - YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 672, /* dnsc_dnscrypt_provider_cert_rotated */ - YYSYMBOL_dnsc_dnscrypt_secret_key = 673, /* dnsc_dnscrypt_secret_key */ - YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 674, /* dnsc_dnscrypt_shared_secret_cache_size */ - YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 675, /* dnsc_dnscrypt_shared_secret_cache_slabs */ - YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 676, /* dnsc_dnscrypt_nonce_cache_size */ - YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 677, /* dnsc_dnscrypt_nonce_cache_slabs */ - YYSYMBOL_cachedbstart = 678, /* cachedbstart */ - YYSYMBOL_contents_cachedb = 679, /* contents_cachedb */ - YYSYMBOL_content_cachedb = 680, /* content_cachedb */ - YYSYMBOL_cachedb_backend_name = 681, /* cachedb_backend_name */ - YYSYMBOL_cachedb_secret_seed = 682, /* cachedb_secret_seed */ - YYSYMBOL_redis_server_host = 683, /* redis_server_host */ - YYSYMBOL_redis_server_port = 684, /* redis_server_port */ - YYSYMBOL_redis_timeout = 685, /* redis_timeout */ - YYSYMBOL_redis_expire_records = 686, /* redis_expire_records */ - YYSYMBOL_server_tcp_connection_limit = 687, /* server_tcp_connection_limit */ - YYSYMBOL_ipsetstart = 688, /* ipsetstart */ - YYSYMBOL_contents_ipset = 689, /* contents_ipset */ - YYSYMBOL_content_ipset = 690, /* content_ipset */ - YYSYMBOL_ipset_name_v4 = 691, /* ipset_name_v4 */ - YYSYMBOL_ipset_name_v6 = 692 /* ipset_name_v6 */ -}; -typedef enum yysymbol_kind_t yysymbol_kind_t; - - - - -#ifdef short -# undef short -#endif - -/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure - and (if available) are included - so that the code can choose integer types of a good width. */ - -#ifndef __PTRDIFF_MAX__ -# include /* INFRINGES ON USER NAME SPACE */ -# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ -# include /* INFRINGES ON USER NAME SPACE */ -# define YY_STDINT_H -# endif -#endif - -/* Narrow types that promote to a signed type and that can represent a - signed or unsigned integer of at least N bits. In tables they can - save space and decrease cache pressure. Promoting to a signed type - helps avoid bugs in integer arithmetic. */ - -#ifdef __INT_LEAST8_MAX__ -typedef __INT_LEAST8_TYPE__ yytype_int8; -#elif defined YY_STDINT_H -typedef int_least8_t yytype_int8; -#else -typedef signed char yytype_int8; -#endif - -#ifdef __INT_LEAST16_MAX__ -typedef __INT_LEAST16_TYPE__ yytype_int16; -#elif defined YY_STDINT_H -typedef int_least16_t yytype_int16; -#else -typedef short yytype_int16; -#endif - -/* Work around bug in HP-UX 11.23, which defines these macros - incorrectly for preprocessor constants. This workaround can likely - be removed in 2023, as HPE has promised support for HP-UX 11.23 - (aka HP-UX 11i v2) only through the end of 2022; see Table 2 of - . */ -#ifdef __hpux -# undef UINT_LEAST8_MAX -# undef UINT_LEAST16_MAX -# define UINT_LEAST8_MAX 255 -# define UINT_LEAST16_MAX 65535 -#endif - -#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ -typedef __UINT_LEAST8_TYPE__ yytype_uint8; -#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ - && UINT_LEAST8_MAX <= INT_MAX) -typedef uint_least8_t yytype_uint8; -#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX -typedef unsigned char yytype_uint8; -#else -typedef short yytype_uint8; -#endif - -#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ -typedef __UINT_LEAST16_TYPE__ yytype_uint16; -#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ - && UINT_LEAST16_MAX <= INT_MAX) -typedef uint_least16_t yytype_uint16; -#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX -typedef unsigned short yytype_uint16; -#else -typedef int yytype_uint16; -#endif - -#ifndef YYPTRDIFF_T -# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ -# define YYPTRDIFF_T __PTRDIFF_TYPE__ -# define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ -# elif defined PTRDIFF_MAX -# ifndef ptrdiff_t -# include /* INFRINGES ON USER NAME SPACE */ -# endif -# define YYPTRDIFF_T ptrdiff_t -# define YYPTRDIFF_MAXIMUM PTRDIFF_MAX -# else -# define YYPTRDIFF_T long -# define YYPTRDIFF_MAXIMUM LONG_MAX -# endif -#endif - -#ifndef YYSIZE_T -# ifdef __SIZE_TYPE__ -# define YYSIZE_T __SIZE_TYPE__ -# elif defined size_t -# define YYSIZE_T size_t -# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# else -# define YYSIZE_T unsigned -# endif -#endif - -#define YYSIZE_MAXIMUM \ - YY_CAST (YYPTRDIFF_T, \ - (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ - ? YYPTRDIFF_MAXIMUM \ - : YY_CAST (YYSIZE_T, -1))) - -#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) - - -/* Stored state numbers (used for stacks). */ -typedef yytype_int16 yy_state_t; - -/* State numbers in computations. */ -typedef int yy_state_fast_t; - -#ifndef YY_ -# if defined YYENABLE_NLS && YYENABLE_NLS -# if ENABLE_NLS -# include /* INFRINGES ON USER NAME SPACE */ -# define YY_(Msgid) dgettext ("bison-runtime", Msgid) -# endif -# endif -# ifndef YY_ -# define YY_(Msgid) Msgid -# endif -#endif - - -#ifndef YY_ATTRIBUTE_PURE -# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) -# define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) -# else -# define YY_ATTRIBUTE_PURE -# endif -#endif - -#ifndef YY_ATTRIBUTE_UNUSED -# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) -# define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) -# else -# define YY_ATTRIBUTE_UNUSED -# endif -#endif - -/* Suppress unused-variable warnings by "using" E. */ -#if ! defined lint || defined __GNUC__ -# define YY_USE(E) ((void) (E)) -#else -# define YY_USE(E) /* empty */ -#endif - -/* Suppress an incorrect diagnostic about yylval being uninitialized. */ -#if defined __GNUC__ && ! defined __ICC && 406 <= __GNUC__ * 100 + __GNUC_MINOR__ -# if __GNUC__ * 100 + __GNUC_MINOR__ < 407 -# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ - _Pragma ("GCC diagnostic push") \ - _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") -# else -# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ - _Pragma ("GCC diagnostic push") \ - _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ - _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") -# endif -# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ - _Pragma ("GCC diagnostic pop") -#else -# define YY_INITIAL_VALUE(Value) Value -#endif -#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN -# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN -# define YY_IGNORE_MAYBE_UNINITIALIZED_END -#endif -#ifndef YY_INITIAL_VALUE -# define YY_INITIAL_VALUE(Value) /* Nothing. */ -#endif - -#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ -# define YY_IGNORE_USELESS_CAST_BEGIN \ - _Pragma ("GCC diagnostic push") \ - _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") -# define YY_IGNORE_USELESS_CAST_END \ - _Pragma ("GCC diagnostic pop") -#endif -#ifndef YY_IGNORE_USELESS_CAST_BEGIN -# define YY_IGNORE_USELESS_CAST_BEGIN -# define YY_IGNORE_USELESS_CAST_END -#endif - - -#define YY_ASSERT(E) ((void) (0 && (E))) - -#if !defined yyoverflow - -/* The parser invokes alloca or malloc; define the necessary symbols. */ - -# ifdef YYSTACK_USE_ALLOCA -# if YYSTACK_USE_ALLOCA -# ifdef __GNUC__ -# define YYSTACK_ALLOC __builtin_alloca -# elif defined __BUILTIN_VA_ARG_INCR -# include /* INFRINGES ON USER NAME SPACE */ -# elif defined _AIX -# define YYSTACK_ALLOC __alloca -# elif defined _MSC_VER -# include /* INFRINGES ON USER NAME SPACE */ -# define alloca _alloca -# else -# define YYSTACK_ALLOC alloca -# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS -# include /* INFRINGES ON USER NAME SPACE */ - /* Use EXIT_SUCCESS as a witness for stdlib.h. */ -# ifndef EXIT_SUCCESS -# define EXIT_SUCCESS 0 -# endif -# endif -# endif -# endif -# endif - -# ifdef YYSTACK_ALLOC - /* Pacify GCC's 'empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) -# ifndef YYSTACK_ALLOC_MAXIMUM - /* The OS might guarantee only one guard page at the bottom of the stack, - and a page size can be as small as 4096 bytes. So we cannot safely - invoke alloca (N) if N exceeds 4096. Use a slightly smaller number - to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ -# endif -# else -# define YYSTACK_ALLOC YYMALLOC -# define YYSTACK_FREE YYFREE -# ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM -# endif -# if (defined __cplusplus && ! defined EXIT_SUCCESS \ - && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) -# include /* INFRINGES ON USER NAME SPACE */ -# ifndef EXIT_SUCCESS -# define EXIT_SUCCESS 0 -# endif -# endif -# ifndef YYMALLOC -# define YYMALLOC malloc -# if ! defined malloc && ! defined EXIT_SUCCESS -void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifndef YYFREE -# define YYFREE free -# if ! defined free && ! defined EXIT_SUCCESS -void free (void *); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# endif -#endif /* !defined yyoverflow */ - -#if (! defined yyoverflow \ - && (! defined __cplusplus \ - || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) - -/* A type that is properly aligned for any stack member. */ -union yyalloc -{ - yy_state_t yyss_alloc; - YYSTYPE yyvs_alloc; -}; - -/* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) - -/* The size of an array large to enough to hold all stacks, each with - N elements. */ -# define YYSTACK_BYTES(N) \ - ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ - + YYSTACK_GAP_MAXIMUM) - -# define YYCOPY_NEEDED 1 - -/* Relocate STACK from its old location to the new one. The - local variables YYSIZE and YYSTACKSIZE give the old and new number of - elements in the stack, and YYPTR gives the new location of the - stack. Advance YYPTR to a properly aligned location for the next - stack. */ -# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ - do \ - { \ - YYPTRDIFF_T yynewbytes; \ - YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ - Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / YYSIZEOF (*yyptr); \ - } \ - while (0) - -#endif - -#if defined YYCOPY_NEEDED && YYCOPY_NEEDED -/* Copy COUNT objects from SRC to DST. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined __GNUC__ && 1 < __GNUC__ -# define YYCOPY(Dst, Src, Count) \ - __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) -# else -# define YYCOPY(Dst, Src, Count) \ - do \ - { \ - YYPTRDIFF_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (Dst)[yyi] = (Src)[yyi]; \ - } \ - while (0) -# endif -# endif -#endif /* !YYCOPY_NEEDED */ - -/* YYFINAL -- State number of the termination state. */ -#define YYFINAL 2 -/* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 713 - -/* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 334 -/* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 359 -/* YYNRULES -- Number of rules. */ -#define YYNRULES 695 -/* YYNSTATES -- Number of states. */ -#define YYNSTATES 1040 - -/* YYMAXUTOK -- Last valid token kind. */ -#define YYMAXUTOK 588 - - -/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM - as returned by yylex, with out-of-bounds checking. */ -#define YYTRANSLATE(YYX) \ - (0 <= (YYX) && (YYX) <= YYMAXUTOK \ - ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ - : YYSYMBOL_YYUNDEF) - -/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM - as returned by yylex. */ -static const yytype_int16 yytranslate[] = -{ - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, - 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, - 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, - 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, - 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, - 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, - 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, - 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, - 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, - 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, - 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, - 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, - 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, - 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, - 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, - 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, - 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333 -}; - -#if YYDEBUG -/* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ -static const yytype_int16 yyrline[] = -{ - 0, 199, 199, 199, 200, 200, 201, 201, 202, 202, - 202, 203, 203, 204, 204, 205, 205, 206, 208, 215, - 221, 222, 223, 223, 223, 224, 224, 225, 225, 225, - 226, 226, 227, 227, 227, 228, 228, 229, 229, 229, - 230, 230, 230, 231, 231, 232, 232, 233, 233, 234, - 234, 235, 235, 236, 236, 237, 237, 238, 238, 239, - 239, 239, 240, 240, 241, 241, 241, 242, 242, 242, - 243, 243, 244, 244, 245, 245, 246, 246, 247, 247, - 247, 248, 248, 249, 249, 250, 250, 250, 251, 251, - 252, 252, 253, 253, 254, 254, 254, 255, 255, 256, - 256, 257, 257, 258, 258, 259, 259, 260, 260, 261, - 261, 262, 262, 263, 263, 263, 264, 264, 264, 265, - 265, 265, 266, 266, 266, 266, 267, 268, 268, 268, - 269, 269, 269, 270, 270, 271, 271, 272, 272, 272, - 273, 273, 273, 274, 274, 275, 275, 275, 276, 276, - 276, 277, 277, 277, 278, 278, 279, 279, 280, 280, - 281, 282, 282, 283, 283, 284, 284, 285, 285, 286, - 286, 287, 287, 288, 288, 289, 289, 290, 290, 291, - 291, 292, 292, 292, 293, 293, 294, 294, 295, 295, - 296, 296, 296, 297, 297, 298, 299, 299, 300, 300, - 301, 302, 302, 303, 303, 304, 304, 304, 305, 305, - 306, 306, 306, 307, 307, 307, 308, 308, 309, 310, - 310, 311, 311, 312, 312, 313, 313, 314, 314, 314, - 315, 315, 315, 316, 316, 316, 317, 317, 318, 318, - 319, 319, 320, 320, 321, 321, 322, 322, 323, 323, - 324, 324, 325, 327, 341, 342, 343, 343, 343, 343, - 343, 344, 344, 344, 346, 360, 361, 362, 362, 362, - 362, 363, 363, 363, 365, 381, 382, 383, 383, 383, - 383, 384, 384, 384, 386, 407, 408, 409, 409, 409, - 409, 410, 410, 410, 411, 411, 411, 414, 433, 450, - 458, 468, 475, 485, 504, 505, 506, 506, 506, 506, - 506, 507, 507, 507, 508, 508, 508, 508, 510, 519, - 528, 539, 548, 557, 566, 577, 586, 598, 612, 627, - 638, 655, 672, 689, 706, 721, 736, 749, 764, 773, - 782, 791, 800, 809, 818, 825, 834, 843, 852, 861, - 870, 879, 888, 897, 910, 921, 932, 943, 952, 965, - 974, 983, 992, 999, 1006, 1015, 1022, 1031, 1039, 1046, - 1053, 1061, 1070, 1078, 1094, 1102, 1110, 1118, 1126, 1134, - 1143, 1152, 1166, 1175, 1184, 1193, 1202, 1211, 1220, 1227, - 1234, 1260, 1268, 1275, 1282, 1289, 1296, 1304, 1312, 1320, - 1327, 1338, 1349, 1356, 1365, 1374, 1383, 1392, 1399, 1406, - 1413, 1429, 1437, 1445, 1455, 1465, 1475, 1489, 1497, 1510, - 1521, 1529, 1542, 1551, 1560, 1569, 1578, 1588, 1598, 1606, - 1619, 1628, 1636, 1645, 1653, 1666, 1675, 1684, 1694, 1701, - 1711, 1721, 1731, 1741, 1751, 1761, 1771, 1781, 1788, 1795, - 1802, 1811, 1820, 1829, 1838, 1845, 1855, 1863, 1872, 1879, - 1897, 1910, 1923, 1936, 1945, 1954, 1963, 1972, 1982, 1992, - 2003, 2012, 2021, 2030, 2039, 2048, 2057, 2066, 2075, 2088, - 2101, 2110, 2117, 2126, 2135, 2144, 2153, 2162, 2170, 2183, - 2191, 2246, 2253, 2268, 2278, 2288, 2295, 2302, 2309, 2318, - 2326, 2340, 2361, 2382, 2394, 2406, 2418, 2427, 2448, 2460, - 2472, 2481, 2502, 2511, 2520, 2528, 2536, 2549, 2562, 2577, - 2592, 2601, 2610, 2620, 2630, 2639, 2645, 2654, 2663, 2673, - 2683, 2693, 2702, 2712, 2721, 2734, 2747, 2759, 2773, 2785, - 2799, 2808, 2819, 2828, 2835, 2845, 2852, 2859, 2868, 2877, - 2887, 2897, 2907, 2917, 2924, 2931, 2940, 2949, 2959, 2969, - 2979, 2986, 2993, 3000, 3008, 3018, 3028, 3038, 3048, 3058, - 3068, 3124, 3134, 3142, 3150, 3165, 3174, 3180, 3181, 3182, - 3182, 3182, 3183, 3183, 3183, 3184, 3184, 3186, 3196, 3205, - 3212, 3219, 3226, 3233, 3240, 3247, 3253, 3254, 3255, 3255, - 3255, 3256, 3256, 3256, 3257, 3258, 3258, 3259, 3259, 3260, - 3260, 3261, 3262, 3263, 3264, 3265, 3266, 3268, 3277, 3287, - 3294, 3301, 3310, 3317, 3324, 3331, 3338, 3347, 3356, 3363, - 3370, 3380, 3390, 3400, 3410, 3420, 3430, 3436, 3437, 3438, - 3440, 3446, 3452, 3453, 3454, 3456, 3462, 3472, 3479, 3488, - 3496, 3502, 3503, 3505, 3505, 3505, 3506, 3506, 3507, 3508, - 3509, 3510, 3511, 3513, 3523, 3532, 3539, 3548, 3555, 3564, - 3572, 3585, 3593, 3606, 3612, 3613, 3614, 3614, 3615, 3615, - 3615, 3616, 3618, 3630, 3642, 3654, 3669, 3682, 3695, 3706, - 3712, 3713, 3714, 3714, 3716, 3731 -}; -#endif - -/** Accessing symbol of state STATE. */ -#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) - -#if YYDEBUG || 0 -/* The user-facing name of the symbol whose (internal) number is - YYSYMBOL. No bounds checking. */ -static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; - -/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ -static const char *const yytname[] = -{ - "\"end of file\"", "error", "\"invalid token\"", "SPACE", "LETTER", - "NEWLINE", "COMMENT", "COLON", "ANY", "ZONESTR", "STRING_ARG", - "VAR_FORCE_TOPLEVEL", "VAR_SERVER", "VAR_VERBOSITY", "VAR_NUM_THREADS", - "VAR_PORT", "VAR_OUTGOING_RANGE", "VAR_INTERFACE", "VAR_PREFER_IP4", - "VAR_DO_IP4", "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", - "VAR_TCP_MSS", "VAR_OUTGOING_TCP_MSS", "VAR_TCP_IDLE_TIMEOUT", - "VAR_EDNS_TCP_KEEPALIVE", "VAR_EDNS_TCP_KEEPALIVE_TIMEOUT", "VAR_CHROOT", - "VAR_USERNAME", "VAR_DIRECTORY", "VAR_LOGFILE", "VAR_PIDFILE", - "VAR_MSG_CACHE_SIZE", "VAR_MSG_CACHE_SLABS", - "VAR_NUM_QUERIES_PER_THREAD", "VAR_RRSET_CACHE_SIZE", - "VAR_RRSET_CACHE_SLABS", "VAR_OUTGOING_NUM_TCP", "VAR_INFRA_HOST_TTL", - "VAR_INFRA_LAME_TTL", "VAR_INFRA_CACHE_SLABS", - "VAR_INFRA_CACHE_NUMHOSTS", "VAR_INFRA_CACHE_LAME_SIZE", "VAR_NAME", - "VAR_STUB_ZONE", "VAR_STUB_HOST", "VAR_STUB_ADDR", - "VAR_TARGET_FETCH_POLICY", "VAR_HARDEN_SHORT_BUFSIZE", - "VAR_HARDEN_LARGE_QUERIES", "VAR_FORWARD_ZONE", "VAR_FORWARD_HOST", - "VAR_FORWARD_ADDR", "VAR_DO_NOT_QUERY_ADDRESS", "VAR_HIDE_IDENTITY", - "VAR_HIDE_VERSION", "VAR_IDENTITY", "VAR_VERSION", "VAR_HARDEN_GLUE", - "VAR_MODULE_CONF", "VAR_TRUST_ANCHOR_FILE", "VAR_TRUST_ANCHOR", - "VAR_VAL_OVERRIDE_DATE", "VAR_BOGUS_TTL", "VAR_VAL_CLEAN_ADDITIONAL", - "VAR_VAL_PERMISSIVE_MODE", "VAR_INCOMING_NUM_TCP", "VAR_MSG_BUFFER_SIZE", - "VAR_KEY_CACHE_SIZE", "VAR_KEY_CACHE_SLABS", "VAR_TRUSTED_KEYS_FILE", - "VAR_VAL_NSEC3_KEYSIZE_ITERATIONS", "VAR_USE_SYSLOG", - "VAR_OUTGOING_INTERFACE", "VAR_ROOT_HINTS", "VAR_DO_NOT_QUERY_LOCALHOST", - "VAR_CACHE_MAX_TTL", "VAR_HARDEN_DNSSEC_STRIPPED", "VAR_ACCESS_CONTROL", - "VAR_LOCAL_ZONE", "VAR_LOCAL_DATA", "VAR_INTERFACE_AUTOMATIC", - "VAR_STATISTICS_INTERVAL", "VAR_DO_DAEMONIZE", "VAR_USE_CAPS_FOR_ID", - "VAR_STATISTICS_CUMULATIVE", "VAR_OUTGOING_PORT_PERMIT", - "VAR_OUTGOING_PORT_AVOID", "VAR_DLV_ANCHOR_FILE", "VAR_DLV_ANCHOR", - "VAR_NEG_CACHE_SIZE", "VAR_HARDEN_REFERRAL_PATH", "VAR_PRIVATE_ADDRESS", - "VAR_PRIVATE_DOMAIN", "VAR_REMOTE_CONTROL", "VAR_CONTROL_ENABLE", - "VAR_CONTROL_INTERFACE", "VAR_CONTROL_PORT", "VAR_SERVER_KEY_FILE", - "VAR_SERVER_CERT_FILE", "VAR_CONTROL_KEY_FILE", "VAR_CONTROL_CERT_FILE", - "VAR_CONTROL_USE_CERT", "VAR_TCP_REUSE_TIMEOUT", - "VAR_MAX_REUSE_TCP_QUERIES", "VAR_EXTENDED_STATISTICS", - "VAR_LOCAL_DATA_PTR", "VAR_JOSTLE_TIMEOUT", "VAR_STUB_PRIME", - "VAR_UNWANTED_REPLY_THRESHOLD", "VAR_LOG_TIME_ASCII", - "VAR_DOMAIN_INSECURE", "VAR_PYTHON", "VAR_PYTHON_SCRIPT", - "VAR_VAL_SIG_SKEW_MIN", "VAR_VAL_SIG_SKEW_MAX", "VAR_VAL_MAX_RESTART", - "VAR_CACHE_MIN_TTL", "VAR_VAL_LOG_LEVEL", "VAR_AUTO_TRUST_ANCHOR_FILE", - "VAR_KEEP_MISSING", "VAR_ADD_HOLDDOWN", "VAR_DEL_HOLDDOWN", - "VAR_SO_RCVBUF", "VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH", - "VAR_PREFETCH_KEY", "VAR_SO_SNDBUF", "VAR_SO_REUSEPORT", - "VAR_HARDEN_BELOW_NXDOMAIN", "VAR_IGNORE_CD_FLAG", "VAR_LOG_QUERIES", - "VAR_LOG_REPLIES", "VAR_LOG_LOCAL_ACTIONS", "VAR_TCP_UPSTREAM", - "VAR_SSL_UPSTREAM", "VAR_TCP_AUTH_QUERY_TIMEOUT", "VAR_SSL_SERVICE_KEY", - "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", "VAR_FORWARD_FIRST", - "VAR_STUB_SSL_UPSTREAM", "VAR_FORWARD_SSL_UPSTREAM", - "VAR_TLS_CERT_BUNDLE", "VAR_STUB_TCP_UPSTREAM", - "VAR_FORWARD_TCP_UPSTREAM", "VAR_HTTPS_PORT", "VAR_HTTP_ENDPOINT", - "VAR_HTTP_MAX_STREAMS", "VAR_HTTP_QUERY_BUFFER_SIZE", - "VAR_HTTP_RESPONSE_BUFFER_SIZE", "VAR_HTTP_NODELAY", - "VAR_HTTP_NOTLS_DOWNSTREAM", "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES", - "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", "VAR_DELAY_CLOSE", - "VAR_UDP_CONNECT", "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES", - "VAR_INFRA_CACHE_MIN_RTT", "VAR_INFRA_CACHE_MAX_RTT", - "VAR_INFRA_KEEP_PROBING", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", - "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", - "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", "VAR_DNSTAP_TLS", - "VAR_DNSTAP_TLS_SERVER_NAME", "VAR_DNSTAP_TLS_CERT_BUNDLE", - "VAR_DNSTAP_TLS_CLIENT_KEY_FILE", "VAR_DNSTAP_TLS_CLIENT_CERT_FILE", - "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION", - "VAR_DNSTAP_BIDIRECTIONAL", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", - "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", - "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", - "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", - "VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES", - "VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES", - "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", "VAR_RESPONSE_IP_TAG", - "VAR_RESPONSE_IP", "VAR_RESPONSE_IP_DATA", "VAR_HARDEN_ALGO_DOWNGRADE", - "VAR_IP_TRANSPARENT", "VAR_IP_DSCP", "VAR_DISABLE_DNSSEC_LAME_CHECK", - "VAR_IP_RATELIMIT", "VAR_IP_RATELIMIT_SLABS", "VAR_IP_RATELIMIT_SIZE", - "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE", - "VAR_OUTBOUND_MSG_RETRY", "VAR_RATELIMIT_FOR_DOMAIN", - "VAR_RATELIMIT_BELOW_DOMAIN", "VAR_IP_RATELIMIT_FACTOR", - "VAR_RATELIMIT_FACTOR", "VAR_IP_RATELIMIT_BACKOFF", - "VAR_RATELIMIT_BACKOFF", "VAR_SEND_CLIENT_SUBNET", - "VAR_CLIENT_SUBNET_ZONE", "VAR_CLIENT_SUBNET_ALWAYS_FORWARD", - "VAR_CLIENT_SUBNET_OPCODE", "VAR_MAX_CLIENT_SUBNET_IPV4", - "VAR_MAX_CLIENT_SUBNET_IPV6", "VAR_MIN_CLIENT_SUBNET_IPV4", - "VAR_MIN_CLIENT_SUBNET_IPV6", "VAR_MAX_ECS_TREE_SIZE_IPV4", - "VAR_MAX_ECS_TREE_SIZE_IPV6", "VAR_CAPS_WHITELIST", - "VAR_CACHE_MAX_NEGATIVE_TTL", "VAR_PERMIT_SMALL_HOLDDOWN", - "VAR_QNAME_MINIMISATION", "VAR_QNAME_MINIMISATION_STRICT", - "VAR_IP_FREEBIND", "VAR_DEFINE_TAG", "VAR_LOCAL_ZONE_TAG", - "VAR_ACCESS_CONTROL_TAG", "VAR_LOCAL_ZONE_OVERRIDE", - "VAR_ACCESS_CONTROL_TAG_ACTION", "VAR_ACCESS_CONTROL_TAG_DATA", - "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", "VAR_VIEW_FIRST", - "VAR_SERVE_EXPIRED", "VAR_SERVE_EXPIRED_TTL", - "VAR_SERVE_EXPIRED_TTL_RESET", "VAR_SERVE_EXPIRED_REPLY_TTL", - "VAR_SERVE_EXPIRED_CLIENT_TIMEOUT", "VAR_EDE_SERVE_EXPIRED", - "VAR_SERVE_ORIGINAL_TTL", "VAR_FAKE_DSA", "VAR_FAKE_SHA1", - "VAR_LOG_IDENTITY", "VAR_HIDE_TRUSTANCHOR", "VAR_HIDE_HTTP_USER_AGENT", - "VAR_HTTP_USER_AGENT", "VAR_TRUST_ANCHOR_SIGNALING", - "VAR_AGGRESSIVE_NSEC", "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", - "VAR_SHM_KEY", "VAR_ROOT_KEY_SENTINEL", "VAR_DNSCRYPT", - "VAR_DNSCRYPT_ENABLE", "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", - "VAR_DNSCRYPT_SECRET_KEY", "VAR_DNSCRYPT_PROVIDER_CERT", - "VAR_DNSCRYPT_PROVIDER_CERT_ROTATED", - "VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE", - "VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS", - "VAR_DNSCRYPT_NONCE_CACHE_SIZE", "VAR_DNSCRYPT_NONCE_CACHE_SLABS", - "VAR_PAD_RESPONSES", "VAR_PAD_RESPONSES_BLOCK_SIZE", "VAR_PAD_QUERIES", - "VAR_PAD_QUERIES_BLOCK_SIZE", "VAR_IPSECMOD_ENABLED", - "VAR_IPSECMOD_HOOK", "VAR_IPSECMOD_IGNORE_BOGUS", "VAR_IPSECMOD_MAX_TTL", - "VAR_IPSECMOD_WHITELIST", "VAR_IPSECMOD_STRICT", "VAR_CACHEDB", - "VAR_CACHEDB_BACKEND", "VAR_CACHEDB_SECRETSEED", "VAR_CACHEDB_REDISHOST", - "VAR_CACHEDB_REDISPORT", "VAR_CACHEDB_REDISTIMEOUT", - "VAR_CACHEDB_REDISEXPIRERECORDS", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", - "VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", - "VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", - "VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL", - "VAR_FAST_SERVER_PERMIL", "VAR_FAST_SERVER_NUM", "VAR_ALLOW_NOTIFY", - "VAR_TLS_WIN_CERT", "VAR_TCP_CONNECTION_LIMIT", "VAR_FORWARD_NO_CACHE", - "VAR_STUB_NO_CACHE", "VAR_LOG_SERVFAIL", "VAR_DENY_ANY", - "VAR_UNKNOWN_SERVER_TIME_LIMIT", "VAR_LOG_TAG_QUERYREPLY", - "VAR_STREAM_WAIT_SIZE", "VAR_TLS_CIPHERS", "VAR_TLS_CIPHERSUITES", - "VAR_TLS_USE_SNI", "VAR_IPSET", "VAR_IPSET_NAME_V4", "VAR_IPSET_NAME_V6", - "VAR_TLS_SESSION_TICKET_KEYS", "VAR_RPZ", "VAR_TAGS", - "VAR_RPZ_ACTION_OVERRIDE", "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG", - "VAR_RPZ_LOG_NAME", "VAR_DYNLIB", "VAR_DYNLIB_FILE", - "VAR_EDNS_CLIENT_STRING", "VAR_EDNS_CLIENT_STRING_OPCODE", "VAR_NSID", - "VAR_ZONEMD_PERMISSIVE_MODE", "VAR_ZONEMD_CHECK", - "VAR_ZONEMD_REJECT_ABSENCE", "VAR_RPZ_SIGNAL_NXDOMAIN_RA", - "VAR_INTERFACE_AUTOMATIC_PORTS", "VAR_EDE", "VAR_INTERFACE_ACTION", - "VAR_INTERFACE_VIEW", "VAR_INTERFACE_TAG", "VAR_INTERFACE_TAG_ACTION", - "VAR_INTERFACE_TAG_DATA", "VAR_PROXY_PROTOCOL_PORT", "$accept", - "toplevelvars", "toplevelvar", "force_toplevel", "serverstart", - "contents_server", "content_server", "stubstart", "contents_stub", - "content_stub", "forwardstart", "contents_forward", "content_forward", - "viewstart", "contents_view", "content_view", "authstart", - "contents_auth", "content_auth", "rpz_tag", "rpz_action_override", - "rpz_cname_override", "rpz_log", "rpz_log_name", - "rpz_signal_nxdomain_ra", "rpzstart", "contents_rpz", "content_rpz", - "server_num_threads", "server_verbosity", "server_statistics_interval", - "server_statistics_cumulative", "server_extended_statistics", - "server_shm_enable", "server_shm_key", "server_port", - "server_send_client_subnet", "server_client_subnet_zone", - "server_client_subnet_always_forward", "server_client_subnet_opcode", - "server_max_client_subnet_ipv4", "server_max_client_subnet_ipv6", - "server_min_client_subnet_ipv4", "server_min_client_subnet_ipv6", - "server_max_ecs_tree_size_ipv4", "server_max_ecs_tree_size_ipv6", - "server_interface", "server_outgoing_interface", "server_outgoing_range", - "server_outgoing_port_permit", "server_outgoing_port_avoid", - "server_outgoing_num_tcp", "server_incoming_num_tcp", - "server_interface_automatic", "server_interface_automatic_ports", - "server_do_ip4", "server_do_ip6", "server_do_udp", "server_do_tcp", - "server_prefer_ip4", "server_prefer_ip6", "server_tcp_mss", - "server_outgoing_tcp_mss", "server_tcp_idle_timeout", - "server_max_reuse_tcp_queries", "server_tcp_reuse_timeout", - "server_tcp_auth_query_timeout", "server_tcp_keepalive", - "server_tcp_keepalive_timeout", "server_tcp_upstream", - "server_udp_upstream_without_downstream", "server_ssl_upstream", - "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", - "server_tls_cert_bundle", "server_tls_win_cert", - "server_tls_additional_port", "server_tls_ciphers", - "server_tls_ciphersuites", "server_tls_session_ticket_keys", - "server_tls_use_sni", "server_https_port", "server_http_endpoint", - "server_http_max_streams", "server_http_query_buffer_size", - "server_http_response_buffer_size", "server_http_nodelay", - "server_http_notls_downstream", "server_use_systemd", - "server_do_daemonize", "server_use_syslog", "server_log_time_ascii", - "server_log_queries", "server_log_replies", "server_log_tag_queryreply", - "server_log_servfail", "server_log_local_actions", "server_chroot", - "server_username", "server_directory", "server_logfile", - "server_pidfile", "server_root_hints", "server_dlv_anchor_file", - "server_dlv_anchor", "server_auto_trust_anchor_file", - "server_trust_anchor_file", "server_trusted_keys_file", - "server_trust_anchor", "server_trust_anchor_signaling", - "server_root_key_sentinel", "server_domain_insecure", - "server_hide_identity", "server_hide_version", "server_hide_trustanchor", - "server_hide_http_user_agent", "server_identity", "server_version", - "server_http_user_agent", "server_nsid", "server_so_rcvbuf", - "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", - "server_ip_freebind", "server_ip_dscp", "server_stream_wait_size", - "server_edns_buffer_size", "server_msg_buffer_size", - "server_msg_cache_size", "server_msg_cache_slabs", - "server_num_queries_per_thread", "server_jostle_timeout", - "server_delay_close", "server_udp_connect", "server_unblock_lan_zones", - "server_insecure_lan_zones", "server_rrset_cache_size", - "server_rrset_cache_slabs", "server_infra_host_ttl", - "server_infra_lame_ttl", "server_infra_cache_numhosts", - "server_infra_cache_lame_size", "server_infra_cache_slabs", - "server_infra_cache_min_rtt", "server_infra_cache_max_rtt", - "server_infra_keep_probing", "server_target_fetch_policy", - "server_harden_short_bufsize", "server_harden_large_queries", - "server_harden_glue", "server_harden_dnssec_stripped", - "server_harden_below_nxdomain", "server_harden_referral_path", - "server_harden_algo_downgrade", "server_use_caps_for_id", - "server_caps_whitelist", "server_private_address", - "server_private_domain", "server_prefetch", "server_prefetch_key", - "server_deny_any", "server_unwanted_reply_threshold", - "server_do_not_query_address", "server_do_not_query_localhost", - "server_access_control", "server_interface_action", "server_module_conf", - "server_val_override_date", "server_val_sig_skew_min", - "server_val_sig_skew_max", "server_val_max_restart", - "server_cache_max_ttl", "server_cache_max_negative_ttl", - "server_cache_min_ttl", "server_bogus_ttl", - "server_val_clean_additional", "server_val_permissive_mode", - "server_aggressive_nsec", "server_ignore_cd_flag", - "server_serve_expired", "server_serve_expired_ttl", - "server_serve_expired_ttl_reset", "server_serve_expired_reply_ttl", - "server_serve_expired_client_timeout", "server_ede_serve_expired", - "server_serve_original_ttl", "server_fake_dsa", "server_fake_sha1", - "server_val_log_level", "server_val_nsec3_keysize_iterations", - "server_zonemd_permissive_mode", "server_add_holddown", - "server_del_holddown", "server_keep_missing", - "server_permit_small_holddown", "server_key_cache_size", - "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone", - "server_local_data", "server_local_data_ptr", "server_minimal_responses", - "server_rrset_roundrobin", "server_unknown_server_time_limit", - "server_max_udp_size", "server_dns64_prefix", "server_dns64_synthall", - "server_dns64_ignore_aaaa", "server_define_tag", "server_local_zone_tag", - "server_access_control_tag", "server_access_control_tag_action", - "server_access_control_tag_data", "server_local_zone_override", - "server_access_control_view", "server_interface_tag", - "server_interface_tag_action", "server_interface_tag_data", - "server_interface_view", "server_response_ip_tag", "server_ip_ratelimit", - "server_ratelimit", "server_ip_ratelimit_size", "server_ratelimit_size", - "server_ip_ratelimit_slabs", "server_ratelimit_slabs", - "server_ratelimit_for_domain", "server_ratelimit_below_domain", - "server_ip_ratelimit_factor", "server_ratelimit_factor", - "server_ip_ratelimit_backoff", "server_ratelimit_backoff", - "server_outbound_msg_retry", "server_low_rtt", "server_fast_server_num", - "server_fast_server_permil", "server_qname_minimisation", - "server_qname_minimisation_strict", "server_pad_responses", - "server_pad_responses_block_size", "server_pad_queries", - "server_pad_queries_block_size", "server_ipsecmod_enabled", - "server_ipsecmod_ignore_bogus", "server_ipsecmod_hook", - "server_ipsecmod_max_ttl", "server_ipsecmod_whitelist", - "server_ipsecmod_strict", "server_edns_client_string", - "server_edns_client_string_opcode", "server_ede", - "server_proxy_protocol_port", "stub_name", "stub_host", "stub_addr", - "stub_first", "stub_no_cache", "stub_ssl_upstream", "stub_tcp_upstream", - "stub_prime", "forward_name", "forward_host", "forward_addr", - "forward_first", "forward_no_cache", "forward_ssl_upstream", - "forward_tcp_upstream", "auth_name", "auth_zonefile", "auth_master", - "auth_url", "auth_allow_notify", "auth_zonemd_check", - "auth_zonemd_reject_absence", "auth_for_downstream", "auth_for_upstream", - "auth_fallback_enabled", "view_name", "view_local_zone", - "view_response_ip", "view_response_ip_data", "view_local_data", - "view_local_data_ptr", "view_first", "rcstart", "contents_rc", - "content_rc", "rc_control_enable", "rc_control_port", - "rc_control_interface", "rc_control_use_cert", "rc_server_key_file", - "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file", - "dtstart", "contents_dt", "content_dt", "dt_dnstap_enable", - "dt_dnstap_bidirectional", "dt_dnstap_socket_path", "dt_dnstap_ip", - "dt_dnstap_tls", "dt_dnstap_tls_server_name", - "dt_dnstap_tls_cert_bundle", "dt_dnstap_tls_client_key_file", - "dt_dnstap_tls_client_cert_file", "dt_dnstap_send_identity", - "dt_dnstap_send_version", "dt_dnstap_identity", "dt_dnstap_version", - "dt_dnstap_log_resolver_query_messages", - "dt_dnstap_log_resolver_response_messages", - "dt_dnstap_log_client_query_messages", - "dt_dnstap_log_client_response_messages", - "dt_dnstap_log_forwarder_query_messages", - "dt_dnstap_log_forwarder_response_messages", "pythonstart", - "contents_py", "content_py", "py_script", "dynlibstart", "contents_dl", - "content_dl", "dl_file", "server_disable_dnssec_lame_check", - "server_log_identity", "server_response_ip", "server_response_ip_data", - "dnscstart", "contents_dnsc", "content_dnsc", "dnsc_dnscrypt_enable", - "dnsc_dnscrypt_port", "dnsc_dnscrypt_provider", - "dnsc_dnscrypt_provider_cert", "dnsc_dnscrypt_provider_cert_rotated", - "dnsc_dnscrypt_secret_key", "dnsc_dnscrypt_shared_secret_cache_size", - "dnsc_dnscrypt_shared_secret_cache_slabs", - "dnsc_dnscrypt_nonce_cache_size", "dnsc_dnscrypt_nonce_cache_slabs", - "cachedbstart", "contents_cachedb", "content_cachedb", - "cachedb_backend_name", "cachedb_secret_seed", "redis_server_host", - "redis_server_port", "redis_timeout", "redis_expire_records", - "server_tcp_connection_limit", "ipsetstart", "contents_ipset", - "content_ipset", "ipset_name_v4", "ipset_name_v6", YY_NULLPTR -}; - -static const char * -yysymbol_name (yysymbol_kind_t yysymbol) -{ - return yytname[yysymbol]; -} -#endif - -#define YYPACT_NINF (-284) - -#define yypact_value_is_default(Yyn) \ - ((Yyn) == YYPACT_NINF) - -#define YYTABLE_NINF (-1) - -#define yytable_value_is_error(Yyn) \ - 0 - -/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -static const yytype_int16 yypact[] = -{ - -284, 250, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -13, 201, 218, 52, 84, 38, 236, 209, - -81, -283, -93, -191, -276, 29, 30, 31, 80, 81, - 91, 92, 120, 121, 132, 146, 147, 148, 149, 161, - 162, 163, 164, 165, 208, 210, 230, 231, 234, 235, - 237, 254, 255, 256, 257, 259, 260, 263, 264, 265, - 268, 271, 274, 284, 285, 288, 289, 290, 291, 293, - 294, 295, 300, 302, 311, 316, 317, 318, 319, 320, - 321, 331, 332, 333, 335, 338, 339, 345, 347, 348, - 349, 351, 357, 363, 364, 365, 366, 367, 388, 389, - 390, 391, 392, 393, 394, 395, 396, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 410, 411, 412, - 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 490, 491, 492, 494, 495, - 496, 497, 498, 499, 500, 501, 502, 503, 504, 506, - 507, 508, 509, 510, 511, 512, 513, 515, 516, 517, - 518, 519, 520, 521, 522, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 548, 549, - 550, 552, 553, 554, 555, 556, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, 558, 559, - 560, 561, 562, 563, 564, 565, -284, -284, -284, -284, - -284, -284, -284, -284, -284, 566, 567, 568, 569, 570, - 571, 572, -284, -284, -284, -284, -284, -284, -284, -284, - 573, 574, 575, 576, 577, 578, 579, -284, -284, -284, - -284, -284, -284, -284, -284, 580, 581, 582, 583, 584, - 585, 586, 587, 588, 589, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, 590, 591, 592, 593, - 594, 595, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, 596, 597, 598, 599, 600, - 601, 602, 603, -284, -284, -284, -284, -284, -284, -284, - -284, -284, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, 623, -284, -284, 624, -284, -284, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, 635, 636, - 637, 638, 639, 640, -284, -284, -284, -284, -284, -284, - -284, 641, 642, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, 643, 644, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, 645, 646, 647, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, 648, 649, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, 650, 651, 652, 653, 654, 655, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, 656, -284, -284, -284, -284, - -284, -284, -284, -284, -284, 657, -284, -284, -284, -284, - -284, 658, 659, 660, 661, 662, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, 663, -284, -284, 664, 665, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, 666, 667, 668, -284, -284, -284, -284, -284, -284, - 669, 670, -284, -284, -284, -284, -284, -284, -284, -284 -}; - -/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. - Performed when YYTABLE does not specify something else to do. Zero - means the default is an error. */ -static const yytype_int16 yydefact[] = -{ - 2, 0, 1, 18, 19, 253, 264, 576, 636, 595, - 274, 650, 673, 284, 689, 303, 641, 3, 17, 21, - 255, 266, 276, 286, 305, 578, 597, 638, 643, 652, - 675, 691, 4, 5, 6, 10, 14, 15, 8, 9, - 7, 16, 11, 12, 13, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 20, 22, 23, 88, - 91, 100, 213, 214, 24, 167, 168, 169, 170, 171, - 172, 173, 174, 175, 176, 37, 79, 25, 92, 93, - 48, 72, 87, 250, 26, 27, 30, 31, 28, 29, - 32, 33, 34, 247, 248, 249, 35, 36, 124, 225, - 125, 127, 128, 129, 227, 232, 228, 239, 240, 241, - 242, 130, 131, 132, 133, 134, 135, 136, 209, 89, - 78, 104, 122, 123, 237, 234, 126, 38, 39, 40, - 41, 42, 80, 94, 95, 111, 66, 76, 67, 217, - 218, 105, 58, 59, 216, 62, 60, 61, 63, 245, - 115, 119, 140, 151, 181, 154, 238, 116, 73, 43, - 44, 45, 102, 141, 142, 143, 144, 46, 47, 49, - 50, 52, 53, 51, 148, 149, 155, 54, 55, 56, - 64, 83, 120, 97, 150, 90, 177, 98, 99, 117, - 118, 235, 103, 57, 81, 84, 190, 65, 68, 106, - 107, 108, 82, 178, 109, 69, 70, 71, 226, 121, - 200, 201, 202, 203, 204, 205, 206, 207, 215, 110, - 77, 246, 112, 113, 114, 179, 74, 75, 96, 85, - 86, 101, 137, 138, 236, 139, 145, 146, 147, 182, - 183, 185, 187, 188, 186, 189, 192, 193, 194, 191, - 210, 152, 153, 158, 159, 156, 157, 160, 161, 163, - 162, 165, 164, 166, 229, 231, 230, 180, 195, 196, - 197, 198, 199, 219, 221, 220, 222, 223, 224, 243, - 244, 251, 252, 184, 208, 211, 212, 233, 0, 0, - 0, 0, 0, 0, 0, 0, 254, 256, 257, 258, - 260, 261, 262, 263, 259, 0, 0, 0, 0, 0, - 0, 0, 265, 267, 268, 269, 270, 271, 272, 273, - 0, 0, 0, 0, 0, 0, 0, 275, 277, 278, - 281, 282, 279, 283, 280, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 285, 287, 288, 289, 290, - 294, 295, 296, 291, 292, 293, 0, 0, 0, 0, - 0, 0, 308, 312, 313, 314, 315, 316, 304, 306, - 307, 309, 310, 311, 317, 0, 0, 0, 0, 0, - 0, 0, 0, 577, 579, 581, 580, 586, 582, 583, - 584, 585, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 596, 598, 600, 599, 601, 602, 603, 604, 605, - 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, - 616, 0, 637, 639, 0, 642, 644, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 651, 653, 654, - 655, 657, 658, 656, 659, 660, 661, 662, 0, 0, - 0, 0, 0, 0, 674, 676, 677, 678, 679, 680, - 681, 0, 0, 690, 692, 693, 319, 318, 325, 338, - 336, 349, 345, 346, 350, 347, 348, 351, 352, 353, - 357, 358, 388, 389, 390, 391, 392, 420, 421, 422, - 428, 429, 341, 430, 431, 434, 432, 433, 438, 439, - 440, 454, 403, 404, 407, 408, 441, 458, 397, 399, - 459, 466, 467, 468, 342, 419, 487, 488, 398, 481, - 381, 337, 393, 455, 463, 442, 0, 0, 491, 343, - 320, 380, 446, 321, 339, 340, 394, 395, 489, 444, - 448, 449, 355, 354, 322, 492, 423, 453, 382, 402, - 460, 461, 462, 465, 480, 396, 485, 483, 484, 411, - 418, 450, 451, 412, 413, 443, 470, 383, 384, 387, - 359, 361, 356, 362, 363, 364, 365, 372, 373, 374, - 375, 376, 377, 378, 493, 494, 496, 424, 425, 426, - 427, 435, 436, 437, 497, 498, 499, 0, 0, 0, - 445, 414, 416, 646, 512, 516, 514, 513, 517, 515, - 524, 0, 0, 520, 521, 522, 523, 326, 327, 328, - 329, 330, 331, 332, 333, 334, 335, 447, 464, 486, - 528, 529, 415, 500, 0, 0, 0, 0, 0, 0, - 471, 472, 473, 474, 475, 476, 477, 478, 479, 647, - 405, 406, 409, 400, 469, 379, 323, 324, 401, 530, - 531, 532, 533, 534, 536, 535, 537, 538, 539, 360, - 367, 525, 527, 526, 366, 0, 386, 452, 495, 385, - 417, 368, 369, 371, 370, 0, 541, 410, 482, 344, - 542, 0, 0, 0, 0, 0, 543, 544, 545, 546, - 551, 549, 550, 547, 548, 552, 553, 554, 555, 557, - 558, 556, 569, 0, 573, 574, 0, 0, 575, 559, - 567, 560, 561, 562, 566, 568, 563, 564, 565, 297, - 298, 299, 300, 301, 302, 587, 589, 588, 591, 592, - 593, 594, 590, 617, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 618, 628, 629, 630, 631, 632, 633, - 634, 635, 640, 645, 663, 664, 665, 668, 666, 667, - 669, 670, 671, 672, 682, 683, 684, 685, 686, 687, - 694, 695, 456, 490, 511, 648, 649, 518, 519, 501, - 502, 0, 0, 0, 506, 688, 540, 457, 510, 507, - 0, 0, 570, 571, 572, 505, 503, 504, 508, 509 -}; - -/* YYPGOTO[NTERM-NUM]. */ -static const yytype_int16 yypgoto[] = -{ - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, 671, - 672, 673, 674, 675, -284, -284, 676, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284, -284, - -284, -284, -284, -284, -284, -284, -284, -284, -284 -}; - -/* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int16 yydefgoto[] = -{ - 0, 1, 17, 18, 19, 32, 276, 20, 33, 516, - 21, 34, 532, 22, 35, 547, 23, 36, 565, 582, - 583, 584, 585, 586, 587, 24, 37, 588, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, - 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 517, 518, 519, 520, 521, 522, - 523, 524, 533, 534, 535, 536, 537, 538, 539, 566, - 567, 568, 569, 570, 571, 572, 573, 574, 575, 548, - 549, 550, 551, 552, 553, 554, 25, 38, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 26, 39, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 27, - 40, 652, 653, 28, 41, 655, 656, 503, 504, 505, - 506, 29, 42, 667, 668, 669, 670, 671, 672, 673, - 674, 675, 676, 677, 30, 43, 684, 685, 686, 687, - 688, 689, 690, 507, 31, 44, 693, 694, 695 -}; - -/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule whose - number is the opposite. If YYTABLE_NINF, syntax error. */ -static const yytype_int16 yytable[] = -{ - 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, - 75, 76, 691, 692, 651, 654, 77, 78, 79, 696, - 697, 698, 80, 81, 82, 83, 84, 85, 86, 87, - 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, - 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, - 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, - 118, 119, 120, 555, 678, 679, 680, 681, 682, 683, - 699, 700, 121, 122, 123, 124, 125, 540, 126, 127, - 128, 701, 702, 129, 130, 131, 132, 133, 134, 135, - 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, - 146, 147, 148, 149, 150, 151, 152, 153, 154, 555, - 703, 704, 155, 541, 542, 156, 157, 158, 159, 160, - 161, 162, 705, 163, 164, 165, 166, 167, 168, 169, - 170, 171, 172, 173, 174, 175, 706, 707, 708, 709, - 543, 657, 658, 659, 660, 661, 662, 663, 664, 665, - 666, 710, 711, 712, 713, 714, 176, 177, 178, 179, - 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, - 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 210, 211, 212, 213, 214, 215, 216, 217, 715, 218, - 716, 219, 220, 221, 222, 223, 224, 225, 226, 227, - 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, - 717, 718, 544, 545, 719, 720, 508, 721, 509, 510, - 2, 238, 239, 240, 241, 242, 243, 244, 245, 246, - 247, 3, 4, 525, 722, 723, 724, 725, 248, 726, - 727, 526, 527, 728, 729, 730, 249, 250, 731, 251, - 252, 732, 253, 254, 733, 546, 255, 256, 257, 258, - 259, 260, 261, 262, 734, 735, 5, 263, 736, 737, - 738, 739, 6, 740, 741, 742, 264, 265, 266, 267, - 743, 511, 744, 268, 269, 270, 271, 272, 273, 274, - 275, 745, 557, 558, 559, 560, 746, 747, 748, 749, - 750, 751, 562, 595, 596, 597, 598, 599, 600, 601, - 602, 752, 753, 754, 512, 755, 7, 513, 756, 757, - 576, 577, 578, 579, 580, 758, 514, 759, 760, 761, - 528, 762, 529, 581, 8, 530, 556, 763, 557, 558, - 559, 560, 561, 764, 765, 766, 767, 768, 562, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 769, 770, - 771, 772, 773, 774, 775, 776, 777, 563, 564, 778, - 779, 780, 781, 782, 783, 784, 785, 786, 787, 9, - 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, - 798, 799, 800, 801, 802, 803, 804, 805, 806, 807, - 808, 809, 810, 811, 812, 813, 814, 815, 816, 817, - 818, 819, 820, 821, 822, 823, 824, 825, 826, 827, - 828, 829, 830, 831, 832, 833, 834, 835, 836, 837, - 838, 839, 840, 841, 842, 843, 844, 845, 846, 847, - 848, 10, 849, 850, 851, 852, 853, 854, 855, 856, - 857, 858, 859, 860, 861, 862, 863, 864, 865, 515, - 866, 867, 868, 11, 869, 870, 871, 872, 873, 874, - 875, 876, 877, 878, 879, 531, 880, 881, 882, 883, - 884, 885, 886, 887, 12, 888, 889, 890, 891, 892, - 893, 894, 895, 13, 896, 897, 898, 899, 900, 901, - 902, 903, 904, 905, 906, 907, 908, 909, 910, 911, - 912, 913, 914, 915, 916, 917, 918, 14, 919, 920, - 921, 15, 922, 923, 924, 925, 926, 16, 927, 928, - 929, 930, 931, 932, 933, 934, 935, 936, 937, 938, - 939, 940, 941, 942, 943, 944, 945, 946, 947, 948, - 949, 950, 951, 952, 953, 954, 955, 956, 957, 958, - 959, 960, 961, 962, 963, 964, 965, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 977, 978, - 979, 980, 981, 982, 983, 984, 985, 986, 987, 988, - 989, 990, 991, 992, 993, 994, 995, 996, 997, 998, - 999, 1000, 1001, 1002, 1003, 1004, 1005, 1006, 1007, 1008, - 1009, 1010, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, - 1019, 1020, 1021, 1022, 1023, 1024, 1025, 1026, 1027, 1028, - 1029, 1030, 1031, 1032, 1033, 1034, 1035, 1036, 1037, 1038, - 1039, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 589, 590, - 591, 592, 593, 594 -}; - -static const yytype_int16 yycheck[] = -{ - 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, - 43, 44, 308, 309, 115, 318, 49, 50, 51, 10, - 10, 10, 55, 56, 57, 58, 59, 60, 61, 62, - 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, - 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, - 93, 94, 95, 45, 275, 276, 277, 278, 279, 280, - 10, 10, 105, 106, 107, 108, 109, 45, 111, 112, - 113, 10, 10, 116, 117, 118, 119, 120, 121, 122, - 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 139, 140, 141, 45, - 10, 10, 145, 81, 82, 148, 149, 150, 151, 152, - 153, 154, 10, 156, 157, 158, 159, 160, 161, 162, - 163, 164, 165, 166, 167, 168, 10, 10, 10, 10, - 108, 254, 255, 256, 257, 258, 259, 260, 261, 262, - 263, 10, 10, 10, 10, 10, 189, 190, 191, 192, - 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, - 223, 224, 225, 226, 227, 228, 229, 230, 10, 232, - 10, 234, 235, 236, 237, 238, 239, 240, 241, 242, - 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, - 10, 10, 190, 191, 10, 10, 45, 10, 47, 48, - 0, 264, 265, 266, 267, 268, 269, 270, 271, 272, - 273, 11, 12, 45, 10, 10, 10, 10, 281, 10, - 10, 53, 54, 10, 10, 10, 289, 290, 10, 292, - 293, 10, 295, 296, 10, 233, 299, 300, 301, 302, - 303, 304, 305, 306, 10, 10, 46, 310, 10, 10, - 10, 10, 52, 10, 10, 10, 319, 320, 321, 322, - 10, 110, 10, 326, 327, 328, 329, 330, 331, 332, - 333, 10, 284, 285, 286, 287, 10, 10, 10, 10, - 10, 10, 294, 97, 98, 99, 100, 101, 102, 103, - 104, 10, 10, 10, 143, 10, 96, 146, 10, 10, - 312, 313, 314, 315, 316, 10, 155, 10, 10, 10, - 142, 10, 144, 325, 114, 147, 282, 10, 284, 285, - 286, 287, 288, 10, 10, 10, 10, 10, 294, 170, - 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, - 181, 182, 183, 184, 185, 186, 187, 188, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 323, 324, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 169, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 231, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 298, - 10, 10, 10, 253, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 297, 10, 10, 10, 10, - 10, 10, 10, 10, 274, 10, 10, 10, 10, 10, - 10, 10, 10, 283, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 307, 10, 10, - 10, 311, 10, 10, 10, 10, 10, 317, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 37, 37, - 37, 37, 37, 37 -}; - -/* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of - state STATE-NUM. */ -static const yytype_int16 yystos[] = -{ - 0, 335, 0, 11, 12, 46, 52, 96, 114, 169, - 231, 253, 274, 283, 307, 311, 317, 336, 337, 338, - 341, 344, 347, 350, 359, 620, 631, 653, 657, 665, - 678, 688, 339, 342, 345, 348, 351, 360, 621, 632, - 654, 658, 666, 679, 689, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 49, 50, 51, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, - 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, - 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, - 95, 105, 106, 107, 108, 109, 111, 112, 113, 116, - 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, - 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 141, 145, 148, 149, 150, 151, - 152, 153, 154, 156, 157, 158, 159, 160, 161, 162, - 163, 164, 165, 166, 167, 168, 189, 190, 191, 192, - 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, - 223, 224, 225, 226, 227, 228, 229, 230, 232, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 281, 289, - 290, 292, 293, 295, 296, 299, 300, 301, 302, 303, - 304, 305, 306, 310, 319, 320, 321, 322, 326, 327, - 328, 329, 330, 331, 332, 333, 340, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, - 585, 586, 587, 661, 662, 663, 664, 687, 45, 47, - 48, 110, 143, 146, 155, 298, 343, 588, 589, 590, - 591, 592, 593, 594, 595, 45, 53, 54, 142, 144, - 147, 297, 346, 596, 597, 598, 599, 600, 601, 602, - 45, 81, 82, 108, 190, 191, 233, 349, 613, 614, - 615, 616, 617, 618, 619, 45, 282, 284, 285, 286, - 287, 288, 294, 323, 324, 352, 603, 604, 605, 606, - 607, 608, 609, 610, 611, 612, 312, 313, 314, 315, - 316, 325, 353, 354, 355, 356, 357, 358, 361, 603, - 604, 605, 606, 607, 610, 97, 98, 99, 100, 101, - 102, 103, 104, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 170, 171, 172, 173, 174, 175, 176, 177, - 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, - 188, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 115, 655, 656, 318, 659, 660, 254, 255, 256, - 257, 258, 259, 260, 261, 262, 263, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 275, 276, - 277, 278, 279, 280, 680, 681, 682, 683, 684, 685, - 686, 308, 309, 690, 691, 692, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10 -}; - -/* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM. */ -static const yytype_int16 yyr1[] = -{ - 0, 334, 335, 335, 336, 336, 336, 336, 336, 336, - 336, 336, 336, 336, 336, 336, 336, 336, 337, 338, - 339, 339, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 340, 340, 340, 341, 342, 342, 343, 343, 343, 343, - 343, 343, 343, 343, 344, 345, 345, 346, 346, 346, - 346, 346, 346, 346, 347, 348, 348, 349, 349, 349, - 349, 349, 349, 349, 350, 351, 351, 352, 352, 352, - 352, 352, 352, 352, 352, 352, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 360, 361, 361, 361, 361, - 361, 361, 361, 361, 361, 361, 361, 361, 362, 363, - 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, - 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, - 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, - 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, - 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, - 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, - 614, 615, 616, 617, 618, 619, 620, 621, 621, 622, - 622, 622, 622, 622, 622, 622, 622, 623, 624, 625, - 626, 627, 628, 629, 630, 631, 632, 632, 633, 633, - 633, 633, 633, 633, 633, 633, 633, 633, 633, 633, - 633, 633, 633, 633, 633, 633, 633, 634, 635, 636, - 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, - 647, 648, 649, 650, 651, 652, 653, 654, 654, 655, - 656, 657, 658, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 666, 667, 667, 667, 667, 667, 667, 667, - 667, 667, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 679, 680, 680, 680, 680, - 680, 680, 681, 682, 683, 684, 685, 686, 687, 688, - 689, 689, 690, 690, 691, 692 -}; - -/* YYR2[RULE-NUM] -- Number of symbols on the right-hand side of rule RULE-NUM. */ -static const yytype_int8 yyr2[] = -{ - 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, - 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, - 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, - 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, - 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 3, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 3, 3, 4, 4, 4, 3, 3, 4, 4, - 3, 3, 2, 2, 2, 2, 2, 2, 3, 3, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 3, 3, 3, 2, 2, 2, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, - 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, - 2, 1, 2, 0, 1, 2, 2, 2, 3, 3, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 2, 2, 2, 2, 2, 2, 3, 1, - 2, 0, 1, 1, 2, 2 -}; - - -enum { YYENOMEM = -2 }; - -#define yyerrok (yyerrstatus = 0) -#define yyclearin (yychar = YYEMPTY) - -#define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab -#define YYNOMEM goto yyexhaustedlab - - -#define YYRECOVERING() (!!yyerrstatus) - -#define YYBACKUP(Token, Value) \ - do \ - if (yychar == YYEMPTY) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - YYPOPSTACK (yylen); \ - yystate = *yyssp; \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ - while (0) - -/* Backward compatibility with an undocumented macro. - Use YYerror or YYUNDEF. */ -#define YYERRCODE YYUNDEF - - -/* Enable debugging if requested. */ -#if YYDEBUG - -# ifndef YYFPRINTF -# include /* INFRINGES ON USER NAME SPACE */ -# define YYFPRINTF fprintf -# endif - -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (0) - - - - -# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yy_symbol_print (stderr, \ - Kind, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (0) - - -/*-----------------------------------. -| Print this symbol's value on YYO. | -`-----------------------------------*/ - -static void -yy_symbol_value_print (FILE *yyo, - yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) -{ - FILE *yyoutput = yyo; - YY_USE (yyoutput); - if (!yyvaluep) - return; - YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - YY_USE (yykind); - YY_IGNORE_MAYBE_UNINITIALIZED_END -} - - -/*---------------------------. -| Print this symbol on YYO. | -`---------------------------*/ - -static void -yy_symbol_print (FILE *yyo, - yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) -{ - YYFPRINTF (yyo, "%s %s (", - yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); - - yy_symbol_value_print (yyo, yykind, yyvaluep); - YYFPRINTF (yyo, ")"); -} - -/*------------------------------------------------------------------. -| yy_stack_print -- Print the state stack from its BOTTOM up to its | -| TOP (included). | -`------------------------------------------------------------------*/ - -static void -yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) -{ - YYFPRINTF (stderr, "Stack now"); - for (; yybottom <= yytop; yybottom++) - { - int yybot = *yybottom; - YYFPRINTF (stderr, " %d", yybot); - } - YYFPRINTF (stderr, "\n"); -} - -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (0) - - -/*------------------------------------------------. -| Report that the YYRULE is going to be reduced. | -`------------------------------------------------*/ - -static void -yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, - int yyrule) -{ - int yylno = yyrline[yyrule]; - int yynrhs = yyr2[yyrule]; - int yyi; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", - yyrule - 1, yylno); - /* The symbols being reduced. */ - for (yyi = 0; yyi < yynrhs; yyi++) - { - YYFPRINTF (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, - YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), - &yyvsp[(yyi + 1) - (yynrhs)]); - YYFPRINTF (stderr, "\n"); - } -} - -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (yyssp, yyvsp, Rule); \ -} while (0) - -/* Nonzero means print parse trace. It is left uninitialized so that - multiple parsers can coexist. */ -int yydebug; -#else /* !YYDEBUG */ -# define YYDPRINTF(Args) ((void) 0) -# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) -# define YY_STACK_PRINT(Bottom, Top) -# define YY_REDUCE_PRINT(Rule) -#endif /* !YYDEBUG */ - - -/* YYINITDEPTH -- initial size of the parser's stacks. */ -#ifndef YYINITDEPTH -# define YYINITDEPTH 200 -#endif - -/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only - if the built-in stack extension method is used). - - Do not make this value too large; the results are undefined if - YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) - evaluated with infinite-precision integer arithmetic. */ - -#ifndef YYMAXDEPTH -# define YYMAXDEPTH 10000 -#endif - - - - - - -/*-----------------------------------------------. -| Release the memory associated to this symbol. | -`-----------------------------------------------*/ - -static void -yydestruct (const char *yymsg, - yysymbol_kind_t yykind, YYSTYPE *yyvaluep) -{ - YY_USE (yyvaluep); - if (!yymsg) - yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); - - YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - YY_USE (yykind); - YY_IGNORE_MAYBE_UNINITIALIZED_END -} - - -/* Lookahead token kind. */ -int yychar; - -/* The semantic value of the lookahead symbol. */ -YYSTYPE yylval; -/* Number of syntax errors so far. */ -int yynerrs; - - - - -/*----------. -| yyparse. | -`----------*/ - -int -yyparse (void) -{ - yy_state_fast_t yystate = 0; - /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus = 0; - - /* Refer to the stacks through separate pointers, to allow yyoverflow - to reallocate them elsewhere. */ - - /* Their size. */ - YYPTRDIFF_T yystacksize = YYINITDEPTH; - - /* The state stack: array, bottom, top. */ - yy_state_t yyssa[YYINITDEPTH]; - yy_state_t *yyss = yyssa; - yy_state_t *yyssp = yyss; - - /* The semantic value stack: array, bottom, top. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs = yyvsa; - YYSTYPE *yyvsp = yyvs; - - int yyn; - /* The return value of yyparse. */ - int yyresult; - /* Lookahead symbol kind. */ - yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; - /* The variables used to return semantic value and location from the - action routines. */ - YYSTYPE yyval; - - - -#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) - - /* The number of symbols on the RHS of the reduced rule. - Keep to zero when no symbol should be popped. */ - int yylen = 0; - - YYDPRINTF ((stderr, "Starting parse\n")); - - yychar = YYEMPTY; /* Cause a token to be read. */ - - goto yysetstate; - - -/*------------------------------------------------------------. -| yynewstate -- push a new state, which is found in yystate. | -`------------------------------------------------------------*/ -yynewstate: - /* In all cases, when you get here, the value and location stacks - have just been pushed. So pushing a state here evens the stacks. */ - yyssp++; - - -/*--------------------------------------------------------------------. -| yysetstate -- set current state (the top of the stack) to yystate. | -`--------------------------------------------------------------------*/ -yysetstate: - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); - YY_ASSERT (0 <= yystate && yystate < YYNSTATES); - YY_IGNORE_USELESS_CAST_BEGIN - *yyssp = YY_CAST (yy_state_t, yystate); - YY_IGNORE_USELESS_CAST_END - YY_STACK_PRINT (yyss, yyssp); - - if (yyss + yystacksize - 1 <= yyssp) -#if !defined yyoverflow && !defined YYSTACK_RELOCATE - YYNOMEM; -#else - { - /* Get the current used size of the three stacks, in elements. */ - YYPTRDIFF_T yysize = yyssp - yyss + 1; - -# if defined yyoverflow - { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - yy_state_t *yyss1 = yyss; - YYSTYPE *yyvs1 = yyvs; - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * YYSIZEOF (*yyssp), - &yyvs1, yysize * YYSIZEOF (*yyvsp), - &yystacksize); - yyss = yyss1; - yyvs = yyvs1; - } -# else /* defined YYSTACK_RELOCATE */ - /* Extend the stack our own way. */ - if (YYMAXDEPTH <= yystacksize) - YYNOMEM; - yystacksize *= 2; - if (YYMAXDEPTH < yystacksize) - yystacksize = YYMAXDEPTH; - - { - yy_state_t *yyss1 = yyss; - union yyalloc *yyptr = - YY_CAST (union yyalloc *, - YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); - if (! yyptr) - YYNOMEM; - YYSTACK_RELOCATE (yyss_alloc, yyss); - YYSTACK_RELOCATE (yyvs_alloc, yyvs); -# undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); - } -# endif - - yyssp = yyss + yysize - 1; - yyvsp = yyvs + yysize - 1; - - YY_IGNORE_USELESS_CAST_BEGIN - YYDPRINTF ((stderr, "Stack size increased to %ld\n", - YY_CAST (long, yystacksize))); - YY_IGNORE_USELESS_CAST_END - - if (yyss + yystacksize - 1 <= yyssp) - YYABORT; - } -#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ - - - if (yystate == YYFINAL) - YYACCEPT; - - goto yybackup; - - -/*-----------. -| yybackup. | -`-----------*/ -yybackup: - /* Do appropriate processing given the current state. Read a - lookahead token if we need one and don't already have one. */ - - /* First try to decide what to do without reference to lookahead token. */ - yyn = yypact[yystate]; - if (yypact_value_is_default (yyn)) - goto yydefault; - - /* Not known => get a lookahead token if don't already have one. */ - - /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ - if (yychar == YYEMPTY) - { - YYDPRINTF ((stderr, "Reading a token\n")); - yychar = yylex (); - } - - if (yychar <= YYEOF) - { - yychar = YYEOF; - yytoken = YYSYMBOL_YYEOF; - YYDPRINTF ((stderr, "Now at end of input.\n")); - } - else if (yychar == YYerror) - { - /* The scanner already issued an error message, process directly - to error recovery. But do not keep the error token as - lookahead, it is too special and may lead us to an endless - loop in error recovery. */ - yychar = YYUNDEF; - yytoken = YYSYMBOL_YYerror; - goto yyerrlab1; - } - else - { - yytoken = YYTRANSLATE (yychar); - YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); - } - - /* If the proper action on seeing token YYTOKEN is to reduce or to - detect an error, take that action. */ - yyn += yytoken; - if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) - goto yydefault; - yyn = yytable[yyn]; - if (yyn <= 0) - { - if (yytable_value_is_error (yyn)) - goto yyerrlab; - yyn = -yyn; - goto yyreduce; - } - - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - - /* Shift the lookahead token. */ - YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - yystate = yyn; - YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - *++yyvsp = yylval; - YY_IGNORE_MAYBE_UNINITIALIZED_END - - /* Discard the shifted token. */ - yychar = YYEMPTY; - goto yynewstate; - - -/*-----------------------------------------------------------. -| yydefault -- do the default action for the current state. | -`-----------------------------------------------------------*/ -yydefault: - yyn = yydefact[yystate]; - if (yyn == 0) - goto yyerrlab; - goto yyreduce; - - -/*-----------------------------. -| yyreduce -- do a reduction. | -`-----------------------------*/ -yyreduce: - /* yyn is the number of a rule to reduce with. */ - yylen = yyr2[yyn]; - - /* If YYLEN is nonzero, implement the default value of the action: - '$$ = $1'. - - Otherwise, the following line sets YYVAL to garbage. - This behavior is undocumented and Bison - users should not rely upon it. Assigning to YYVAL - unconditionally makes the parser a bit smaller, and it avoids a - GCC warning that YYVAL may be used uninitialized. */ - yyval = yyvsp[1-yylen]; - - - YY_REDUCE_PRINT (yyn); - switch (yyn) - { - case 18: /* force_toplevel: VAR_FORCE_TOPLEVEL */ -#line 209 "./util/configparser.y" - { - OUTYY(("\nP(force-toplevel)\n")); - cfg_parser->started_toplevel = 0; - } -#line 2799 "util/configparser.c" - break; - - case 19: /* serverstart: VAR_SERVER */ -#line 216 "./util/configparser.y" - { - OUTYY(("\nP(server:)\n")); - cfg_parser->started_toplevel = 1; - } -#line 2808 "util/configparser.c" - break; - - case 253: /* stubstart: VAR_STUB_ZONE */ -#line 328 "./util/configparser.y" - { - struct config_stub* s; - OUTYY(("\nP(stub_zone:)\n")); - cfg_parser->started_toplevel = 1; - s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(s) { - s->next = cfg_parser->cfg->stubs; - cfg_parser->cfg->stubs = s; - } else { - yyerror("out of memory"); - } - } -#line 2825 "util/configparser.c" - break; - - case 264: /* forwardstart: VAR_FORWARD_ZONE */ -#line 347 "./util/configparser.y" - { - struct config_stub* s; - OUTYY(("\nP(forward_zone:)\n")); - cfg_parser->started_toplevel = 1; - s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(s) { - s->next = cfg_parser->cfg->forwards; - cfg_parser->cfg->forwards = s; - } else { - yyerror("out of memory"); - } - } -#line 2842 "util/configparser.c" - break; - - case 274: /* viewstart: VAR_VIEW */ -#line 366 "./util/configparser.y" - { - struct config_view* s; - OUTYY(("\nP(view:)\n")); - cfg_parser->started_toplevel = 1; - s = (struct config_view*)calloc(1, sizeof(struct config_view)); - if(s) { - s->next = cfg_parser->cfg->views; - if(s->next && !s->next->name) - yyerror("view without name"); - cfg_parser->cfg->views = s; - } else { - yyerror("out of memory"); - } - } -#line 2861 "util/configparser.c" - break; - - case 284: /* authstart: VAR_AUTH_ZONE */ -#line 387 "./util/configparser.y" - { - struct config_auth* s; - OUTYY(("\nP(auth_zone:)\n")); - cfg_parser->started_toplevel = 1; - s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); - if(s) { - s->next = cfg_parser->cfg->auths; - cfg_parser->cfg->auths = s; - /* defaults for auth zone */ - s->for_downstream = 1; - s->for_upstream = 1; - s->fallback_enabled = 0; - s->zonemd_check = 0; - s->zonemd_reject_absence = 0; - s->isrpz = 0; - } else { - yyerror("out of memory"); - } - } -#line 2885 "util/configparser.c" - break; - - case 297: /* rpz_tag: VAR_TAGS STRING_ARG */ -#line 415 "./util/configparser.y" - { - uint8_t* bitlist; - size_t len = 0; - OUTYY(("P(server_local_zone_tag:%s)\n", (yyvsp[0].str))); - bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), - &len); - free((yyvsp[0].str)); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - } - if(bitlist) { - cfg_parser->cfg->auths->rpz_taglist = bitlist; - cfg_parser->cfg->auths->rpz_taglistlen = len; - - } - } -#line 2906 "util/configparser.c" - break; - - case 298: /* rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG */ -#line 434 "./util/configparser.y" - { - OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 && - strcmp((yyvsp[0].str), "passthru")!=0 && strcmp((yyvsp[0].str), "drop")!=0 && - strcmp((yyvsp[0].str), "cname")!=0 && strcmp((yyvsp[0].str), "disabled")!=0) { - yyerror("rpz-action-override action: expected nxdomain, " - "nodata, passthru, drop, cname or disabled"); - free((yyvsp[0].str)); - cfg_parser->cfg->auths->rpz_action_override = NULL; - } - else { - cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str); - } - } -#line 2925 "util/configparser.c" - break; - - case 299: /* rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG */ -#line 451 "./util/configparser.y" - { - OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->auths->rpz_cname); - cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str); - } -#line 2935 "util/configparser.c" - break; - - case 300: /* rpz_log: VAR_RPZ_LOG STRING_ARG */ -#line 459 "./util/configparser.y" - { - OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2947 "util/configparser.c" - break; - - case 301: /* rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG */ -#line 469 "./util/configparser.y" - { - OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->auths->rpz_log_name); - cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str); - } -#line 2957 "util/configparser.c" - break; - - case 302: /* rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG */ -#line 476 "./util/configparser.y" - { - OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 2969 "util/configparser.c" - break; - - case 303: /* rpzstart: VAR_RPZ */ -#line 486 "./util/configparser.y" - { - struct config_auth* s; - OUTYY(("\nP(rpz:)\n")); - cfg_parser->started_toplevel = 1; - s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); - if(s) { - s->next = cfg_parser->cfg->auths; - cfg_parser->cfg->auths = s; - /* defaults for RPZ auth zone */ - s->for_downstream = 0; - s->for_upstream = 0; - s->fallback_enabled = 0; - s->isrpz = 1; - } else { - yyerror("out of memory"); - } - } -#line 2991 "util/configparser.c" - break; - - case 318: /* server_num_threads: VAR_NUM_THREADS STRING_ARG */ -#line 511 "./util/configparser.y" - { - OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3003 "util/configparser.c" - break; - - case 319: /* server_verbosity: VAR_VERBOSITY STRING_ARG */ -#line 520 "./util/configparser.y" - { - OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3015 "util/configparser.c" - break; - - case 320: /* server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG */ -#line 529 "./util/configparser.y" - { - OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) - cfg_parser->cfg->stat_interval = 0; - else if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3029 "util/configparser.c" - break; - - case 321: /* server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG */ -#line 540 "./util/configparser.y" - { - OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3041 "util/configparser.c" - break; - - case 322: /* server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG */ -#line 549 "./util/configparser.y" - { - OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3053 "util/configparser.c" - break; - - case 323: /* server_shm_enable: VAR_SHM_ENABLE STRING_ARG */ -#line 558 "./util/configparser.y" - { - OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3065 "util/configparser.c" - break; - - case 324: /* server_shm_key: VAR_SHM_KEY STRING_ARG */ -#line 567 "./util/configparser.y" - { - OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) - cfg_parser->cfg->shm_key = 0; - else if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3079 "util/configparser.c" - break; - - case 325: /* server_port: VAR_PORT STRING_ARG */ -#line 578 "./util/configparser.y" - { - OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3091 "util/configparser.c" - break; - - case 326: /* server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG */ -#line 587 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, (yyvsp[0].str))) - fatal_exit("out of memory adding client-subnet"); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 3106 "util/configparser.c" - break; - - case 327: /* server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG */ -#line 599 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone, - (yyvsp[0].str))) - fatal_exit("out of memory adding client-subnet-zone"); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 3122 "util/configparser.c" - break; - - case 328: /* server_client_subnet_always_forward: VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG */ -#line 613 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->client_subnet_always_forward = - (strcmp((yyvsp[0].str), "yes")==0); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 3140 "util/configparser.c" - break; - - case 329: /* server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG */ -#line 628 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); - OUTYY(("P(Deprecated option, ignoring)\n")); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 3154 "util/configparser.c" - break; - - case 330: /* server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG */ -#line 639 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("IPv4 subnet length expected"); - else if (atoi((yyvsp[0].str)) > 32) - cfg_parser->cfg->max_client_subnet_ipv4 = 32; - else if (atoi((yyvsp[0].str)) < 0) - cfg_parser->cfg->max_client_subnet_ipv4 = 0; - else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 3174 "util/configparser.c" - break; - - case 331: /* server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG */ -#line 656 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("Ipv6 subnet length expected"); - else if (atoi((yyvsp[0].str)) > 128) - cfg_parser->cfg->max_client_subnet_ipv6 = 128; - else if (atoi((yyvsp[0].str)) < 0) - cfg_parser->cfg->max_client_subnet_ipv6 = 0; - else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 3194 "util/configparser.c" - break; - - case 332: /* server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG */ -#line 673 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("IPv4 subnet length expected"); - else if (atoi((yyvsp[0].str)) > 32) - cfg_parser->cfg->min_client_subnet_ipv4 = 32; - else if (atoi((yyvsp[0].str)) < 0) - cfg_parser->cfg->min_client_subnet_ipv4 = 0; - else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 3214 "util/configparser.c" - break; - - case 333: /* server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG */ -#line 690 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("Ipv6 subnet length expected"); - else if (atoi((yyvsp[0].str)) > 128) - cfg_parser->cfg->min_client_subnet_ipv6 = 128; - else if (atoi((yyvsp[0].str)) < 0) - cfg_parser->cfg->min_client_subnet_ipv6 = 0; - else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 3234 "util/configparser.c" - break; - - case 334: /* server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG */ -#line 707 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("IPv4 ECS tree size expected"); - else if (atoi((yyvsp[0].str)) < 0) - cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0; - else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 3252 "util/configparser.c" - break; - - case 335: /* server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG */ -#line 722 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("IPv6 ECS tree size expected"); - else if (atoi((yyvsp[0].str)) < 0) - cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0; - else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 3270 "util/configparser.c" - break; - - case 336: /* server_interface: VAR_INTERFACE STRING_ARG */ -#line 737 "./util/configparser.y" - { - OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->num_ifs == 0) - cfg_parser->cfg->ifs = calloc(1, sizeof(char*)); - else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs, - (cfg_parser->cfg->num_ifs+1)*sizeof(char*)); - if(!cfg_parser->cfg->ifs) - yyerror("out of memory"); - else - cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); - } -#line 3286 "util/configparser.c" - break; - - case 337: /* server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG */ -#line 750 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->num_out_ifs == 0) - cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*)); - else cfg_parser->cfg->out_ifs = realloc( - cfg_parser->cfg->out_ifs, - (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*)); - if(!cfg_parser->cfg->out_ifs) - yyerror("out of memory"); - else - cfg_parser->cfg->out_ifs[ - cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); - } -#line 3304 "util/configparser.c" - break; - - case 338: /* server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG */ -#line 765 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3316 "util/configparser.c" - break; - - case 339: /* server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG */ -#line 774 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); - if(!cfg_mark_ports((yyvsp[0].str), 1, - cfg_parser->cfg->outgoing_avail_ports, 65536)) - yyerror("port number or range (\"low-high\") expected"); - free((yyvsp[0].str)); - } -#line 3328 "util/configparser.c" - break; - - case 340: /* server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG */ -#line 783 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); - if(!cfg_mark_ports((yyvsp[0].str), 0, - cfg_parser->cfg->outgoing_avail_ports, 65536)) - yyerror("port number or range (\"low-high\") expected"); - free((yyvsp[0].str)); - } -#line 3340 "util/configparser.c" - break; - - case 341: /* server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG */ -#line 792 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3352 "util/configparser.c" - break; - - case 342: /* server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG */ -#line 801 "./util/configparser.y" - { - OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3364 "util/configparser.c" - break; - - case 343: /* server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG */ -#line 810 "./util/configparser.y" - { - OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3376 "util/configparser.c" - break; - - case 344: /* server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG */ -#line 819 "./util/configparser.y" - { - OUTYY(("P(server_interface_automatic_ports:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->if_automatic_ports); - cfg_parser->cfg->if_automatic_ports = (yyvsp[0].str); - } -#line 3386 "util/configparser.c" - break; - - case 345: /* server_do_ip4: VAR_DO_IP4 STRING_ARG */ -#line 826 "./util/configparser.y" - { - OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3398 "util/configparser.c" - break; - - case 346: /* server_do_ip6: VAR_DO_IP6 STRING_ARG */ -#line 835 "./util/configparser.y" - { - OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3410 "util/configparser.c" - break; - - case 347: /* server_do_udp: VAR_DO_UDP STRING_ARG */ -#line 844 "./util/configparser.y" - { - OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3422 "util/configparser.c" - break; - - case 348: /* server_do_tcp: VAR_DO_TCP STRING_ARG */ -#line 853 "./util/configparser.y" - { - OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3434 "util/configparser.c" - break; - - case 349: /* server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG */ -#line 862 "./util/configparser.y" - { - OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3446 "util/configparser.c" - break; - - case 350: /* server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG */ -#line 871 "./util/configparser.y" - { - OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3458 "util/configparser.c" - break; - - case 351: /* server_tcp_mss: VAR_TCP_MSS STRING_ARG */ -#line 880 "./util/configparser.y" - { - OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3470 "util/configparser.c" - break; - - case 352: /* server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG */ -#line 889 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3482 "util/configparser.c" - break; - - case 353: /* server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG */ -#line 898 "./util/configparser.y" - { - OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) > 120000) - cfg_parser->cfg->tcp_idle_timeout = 120000; - else if (atoi((yyvsp[0].str)) < 1) - cfg_parser->cfg->tcp_idle_timeout = 1; - else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3498 "util/configparser.c" - break; - - case 354: /* server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG */ -#line 911 "./util/configparser.y" - { - OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) < 1) - cfg_parser->cfg->max_reuse_tcp_queries = 0; - else cfg_parser->cfg->max_reuse_tcp_queries = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3512 "util/configparser.c" - break; - - case 355: /* server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG */ -#line 922 "./util/configparser.y" - { - OUTYY(("P(server_tcp_reuse_timeout:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) < 1) - cfg_parser->cfg->tcp_reuse_timeout = 0; - else cfg_parser->cfg->tcp_reuse_timeout = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3526 "util/configparser.c" - break; - - case 356: /* server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG */ -#line 933 "./util/configparser.y" - { - OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) < 1) - cfg_parser->cfg->tcp_auth_query_timeout = 0; - else cfg_parser->cfg->tcp_auth_query_timeout = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3540 "util/configparser.c" - break; - - case 357: /* server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG */ -#line 944 "./util/configparser.y" - { - OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3552 "util/configparser.c" - break; - - case 358: /* server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG */ -#line 953 "./util/configparser.y" - { - OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) > 6553500) - cfg_parser->cfg->tcp_keepalive_timeout = 6553500; - else if (atoi((yyvsp[0].str)) < 1) - cfg_parser->cfg->tcp_keepalive_timeout = 0; - else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3568 "util/configparser.c" - break; - - case 359: /* server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG */ -#line 966 "./util/configparser.y" - { - OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3580 "util/configparser.c" - break; - - case 360: /* server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG */ -#line 975 "./util/configparser.y" - { - OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3592 "util/configparser.c" - break; - - case 361: /* server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG */ -#line 984 "./util/configparser.y" - { - OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3604 "util/configparser.c" - break; - - case 362: /* server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG */ -#line 993 "./util/configparser.y" - { - OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->ssl_service_key); - cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); - } -#line 3614 "util/configparser.c" - break; - - case 363: /* server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG */ -#line 1000 "./util/configparser.y" - { - OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->ssl_service_pem); - cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); - } -#line 3624 "util/configparser.c" - break; - - case 364: /* server_ssl_port: VAR_SSL_PORT STRING_ARG */ -#line 1007 "./util/configparser.y" - { - OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3636 "util/configparser.c" - break; - - case 365: /* server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG */ -#line 1016 "./util/configparser.y" - { - OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->tls_cert_bundle); - cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); - } -#line 3646 "util/configparser.c" - break; - - case 366: /* server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG */ -#line 1023 "./util/configparser.y" - { - OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3658 "util/configparser.c" - break; - - case 367: /* server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG */ -#line 1032 "./util/configparser.y" - { - OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, - (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 3669 "util/configparser.c" - break; - - case 368: /* server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG */ -#line 1040 "./util/configparser.y" - { - OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->tls_ciphers); - cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); - } -#line 3679 "util/configparser.c" - break; - - case 369: /* server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG */ -#line 1047 "./util/configparser.y" - { - OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->tls_ciphersuites); - cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); - } -#line 3689 "util/configparser.c" - break; - - case 370: /* server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG */ -#line 1054 "./util/configparser.y" - { - OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, - (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 3700 "util/configparser.c" - break; - - case 371: /* server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG */ -#line 1062 "./util/configparser.y" - { - OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3712 "util/configparser.c" - break; - - case 372: /* server_https_port: VAR_HTTPS_PORT STRING_ARG */ -#line 1071 "./util/configparser.y" - { - OUTYY(("P(server_https_port:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->https_port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3724 "util/configparser.c" - break; - - case 373: /* server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG */ -#line 1079 "./util/configparser.y" - { - OUTYY(("P(server_http_endpoint:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->http_endpoint); - if((yyvsp[0].str) && (yyvsp[0].str)[0] != '/') { - cfg_parser->cfg->http_endpoint = malloc(strlen((yyvsp[0].str))+2); - if(!cfg_parser->cfg->http_endpoint) - yyerror("out of memory"); - cfg_parser->cfg->http_endpoint[0] = '/'; - memmove(cfg_parser->cfg->http_endpoint+1, (yyvsp[0].str), - strlen((yyvsp[0].str))+1); - free((yyvsp[0].str)); - } else { - cfg_parser->cfg->http_endpoint = (yyvsp[0].str); - } - } -#line 3744 "util/configparser.c" - break; - - case 374: /* server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG */ -#line 1095 "./util/configparser.y" - { - OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 3756 "util/configparser.c" - break; - - case 375: /* server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG */ -#line 1103 "./util/configparser.y" - { - OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), - &cfg_parser->cfg->http_query_buffer_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 3768 "util/configparser.c" - break; - - case 376: /* server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG */ -#line 1111 "./util/configparser.y" - { - OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), - &cfg_parser->cfg->http_response_buffer_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 3780 "util/configparser.c" - break; - - case 377: /* server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG */ -#line 1119 "./util/configparser.y" - { - OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3792 "util/configparser.c" - break; - - case 378: /* server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG */ -#line 1127 "./util/configparser.y" - { - OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3804 "util/configparser.c" - break; - - case 379: /* server_use_systemd: VAR_USE_SYSTEMD STRING_ARG */ -#line 1135 "./util/configparser.y" - { - OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3816 "util/configparser.c" - break; - - case 380: /* server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG */ -#line 1144 "./util/configparser.y" - { - OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3828 "util/configparser.c" - break; - - case 381: /* server_use_syslog: VAR_USE_SYSLOG STRING_ARG */ -#line 1153 "./util/configparser.y" - { - OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_syslog = (strcmp((yyvsp[0].str), "yes")==0); -#if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS) - if(strcmp((yyvsp[0].str), "yes") == 0) - yyerror("no syslog services are available. " - "(reconfigure and compile to add)"); -#endif - free((yyvsp[0].str)); - } -#line 3845 "util/configparser.c" - break; - - case 382: /* server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG */ -#line 1167 "./util/configparser.y" - { - OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3857 "util/configparser.c" - break; - - case 383: /* server_log_queries: VAR_LOG_QUERIES STRING_ARG */ -#line 1176 "./util/configparser.y" - { - OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3869 "util/configparser.c" - break; - - case 384: /* server_log_replies: VAR_LOG_REPLIES STRING_ARG */ -#line 1185 "./util/configparser.y" - { - OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3881 "util/configparser.c" - break; - - case 385: /* server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG */ -#line 1194 "./util/configparser.y" - { - OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3893 "util/configparser.c" - break; - - case 386: /* server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG */ -#line 1203 "./util/configparser.y" - { - OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3905 "util/configparser.c" - break; - - case 387: /* server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG */ -#line 1212 "./util/configparser.y" - { - OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 3917 "util/configparser.c" - break; - - case 388: /* server_chroot: VAR_CHROOT STRING_ARG */ -#line 1221 "./util/configparser.y" - { - OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->chrootdir); - cfg_parser->cfg->chrootdir = (yyvsp[0].str); - } -#line 3927 "util/configparser.c" - break; - - case 389: /* server_username: VAR_USERNAME STRING_ARG */ -#line 1228 "./util/configparser.y" - { - OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->username); - cfg_parser->cfg->username = (yyvsp[0].str); - } -#line 3937 "util/configparser.c" - break; - - case 390: /* server_directory: VAR_DIRECTORY STRING_ARG */ -#line 1235 "./util/configparser.y" - { - OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->directory); - cfg_parser->cfg->directory = (yyvsp[0].str); - /* change there right away for includes relative to this */ - if((yyvsp[0].str)[0]) { - char* d; -#ifdef UB_ON_WINDOWS - w_config_adjust_directory(cfg_parser->cfg); -#endif - d = cfg_parser->cfg->directory; - /* adjust directory if we have already chroot, - * like, we reread after sighup */ - if(cfg_parser->chroot && cfg_parser->chroot[0] && - strncmp(d, cfg_parser->chroot, strlen( - cfg_parser->chroot)) == 0) - d += strlen(cfg_parser->chroot); - if(d[0]) { - if(chdir(d)) - log_err("cannot chdir to directory: %s (%s)", - d, strerror(errno)); - } - } - } -#line 3966 "util/configparser.c" - break; - - case 391: /* server_logfile: VAR_LOGFILE STRING_ARG */ -#line 1261 "./util/configparser.y" - { - OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->logfile); - cfg_parser->cfg->logfile = (yyvsp[0].str); - cfg_parser->cfg->use_syslog = 0; - } -#line 3977 "util/configparser.c" - break; - - case 392: /* server_pidfile: VAR_PIDFILE STRING_ARG */ -#line 1269 "./util/configparser.y" - { - OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->pidfile); - cfg_parser->cfg->pidfile = (yyvsp[0].str); - } -#line 3987 "util/configparser.c" - break; - - case 393: /* server_root_hints: VAR_ROOT_HINTS STRING_ARG */ -#line 1276 "./util/configparser.y" - { - OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 3997 "util/configparser.c" - break; - - case 394: /* server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG */ -#line 1283 "./util/configparser.y" - { - OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); - log_warn("option dlv-anchor-file ignored: DLV is decommissioned"); - free((yyvsp[0].str)); - } -#line 4007 "util/configparser.c" - break; - - case 395: /* server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG */ -#line 1290 "./util/configparser.y" - { - OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); - log_warn("option dlv-anchor ignored: DLV is decommissioned"); - free((yyvsp[0].str)); - } -#line 4017 "util/configparser.c" - break; - - case 396: /* server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG */ -#line 1297 "./util/configparser.y" - { - OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - auto_trust_anchor_file_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4028 "util/configparser.c" - break; - - case 397: /* server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG */ -#line 1305 "./util/configparser.y" - { - OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - trust_anchor_file_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4039 "util/configparser.c" - break; - - case 398: /* server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG */ -#line 1313 "./util/configparser.y" - { - OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - trusted_keys_file_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4050 "util/configparser.c" - break; - - case 399: /* server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG */ -#line 1321 "./util/configparser.y" - { - OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4060 "util/configparser.c" - break; - - case 400: /* server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG */ -#line 1328 "./util/configparser.y" - { - OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->trust_anchor_signaling = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4074 "util/configparser.c" - break; - - case 401: /* server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG */ -#line 1339 "./util/configparser.y" - { - OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->root_key_sentinel = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4088 "util/configparser.c" - break; - - case 402: /* server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG */ -#line 1350 "./util/configparser.y" - { - OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4098 "util/configparser.c" - break; - - case 403: /* server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG */ -#line 1357 "./util/configparser.y" - { - OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4110 "util/configparser.c" - break; - - case 404: /* server_hide_version: VAR_HIDE_VERSION STRING_ARG */ -#line 1366 "./util/configparser.y" - { - OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4122 "util/configparser.c" - break; - - case 405: /* server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG */ -#line 1375 "./util/configparser.y" - { - OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4134 "util/configparser.c" - break; - - case 406: /* server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG */ -#line 1384 "./util/configparser.y" - { - OUTYY(("P(server_hide_user_agent:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_http_user_agent = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4146 "util/configparser.c" - break; - - case 407: /* server_identity: VAR_IDENTITY STRING_ARG */ -#line 1393 "./util/configparser.y" - { - OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->identity); - cfg_parser->cfg->identity = (yyvsp[0].str); - } -#line 4156 "util/configparser.c" - break; - - case 408: /* server_version: VAR_VERSION STRING_ARG */ -#line 1400 "./util/configparser.y" - { - OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->version); - cfg_parser->cfg->version = (yyvsp[0].str); - } -#line 4166 "util/configparser.c" - break; - - case 409: /* server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG */ -#line 1407 "./util/configparser.y" - { - OUTYY(("P(server_http_user_agent:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->http_user_agent); - cfg_parser->cfg->http_user_agent = (yyvsp[0].str); - } -#line 4176 "util/configparser.c" - break; - - case 410: /* server_nsid: VAR_NSID STRING_ARG */ -#line 1414 "./util/configparser.y" - { - OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->nsid_cfg_str); - cfg_parser->cfg->nsid_cfg_str = (yyvsp[0].str); - free(cfg_parser->cfg->nsid); - cfg_parser->cfg->nsid = NULL; - cfg_parser->cfg->nsid_len = 0; - if (*(yyvsp[0].str) == 0) - ; /* pass; empty string is not setting nsid */ - else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid( - (yyvsp[0].str), &cfg_parser->cfg->nsid_len))) - yyerror("the NSID must be either a hex string or an " - "ascii character string prepended with ascii_."); - } -#line 4195 "util/configparser.c" - break; - - case 411: /* server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG */ -#line 1430 "./util/configparser.y" - { - OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) - yyerror("buffer size expected"); - free((yyvsp[0].str)); - } -#line 4206 "util/configparser.c" - break; - - case 412: /* server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG */ -#line 1438 "./util/configparser.y" - { - OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) - yyerror("buffer size expected"); - free((yyvsp[0].str)); - } -#line 4217 "util/configparser.c" - break; - - case 413: /* server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG */ -#line 1446 "./util/configparser.y" - { - OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->so_reuseport = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4230 "util/configparser.c" - break; - - case 414: /* server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG */ -#line 1456 "./util/configparser.y" - { - OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_transparent = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4243 "util/configparser.c" - break; - - case 415: /* server_ip_freebind: VAR_IP_FREEBIND STRING_ARG */ -#line 1466 "./util/configparser.y" - { - OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_freebind = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4256 "util/configparser.c" - break; - - case 416: /* server_ip_dscp: VAR_IP_DSCP STRING_ARG */ -#line 1476 "./util/configparser.y" - { - OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) > 63) - yyerror("value too large (max 63)"); - else if (atoi((yyvsp[0].str)) < 0) - yyerror("value too small (min 0)"); - else - cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4273 "util/configparser.c" - break; - - case 417: /* server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG */ -#line 1490 "./util/configparser.y" - { - OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 4284 "util/configparser.c" - break; - - case 418: /* server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG */ -#line 1498 "./util/configparser.y" - { - OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) < 12) - yyerror("edns buffer size too small"); - else if (atoi((yyvsp[0].str)) > 65535) - cfg_parser->cfg->edns_buffer_size = 65535; - else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4300 "util/configparser.c" - break; - - case 419: /* server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG */ -#line 1511 "./util/configparser.y" - { - OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else if (atoi((yyvsp[0].str)) < 4096) - yyerror("message buffer size too small (use 4096)"); - else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4314 "util/configparser.c" - break; - - case 420: /* server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG */ -#line 1522 "./util/configparser.y" - { - OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 4325 "util/configparser.c" - break; - - case 421: /* server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG */ -#line 1530 "./util/configparser.y" - { - OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) { - yyerror("number expected"); - } else { - cfg_parser->cfg->msg_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->msg_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 4341 "util/configparser.c" - break; - - case 422: /* server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG */ -#line 1543 "./util/configparser.y" - { - OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4353 "util/configparser.c" - break; - - case 423: /* server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG */ -#line 1552 "./util/configparser.y" - { - OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4365 "util/configparser.c" - break; - - case 424: /* server_delay_close: VAR_DELAY_CLOSE STRING_ARG */ -#line 1561 "./util/configparser.y" - { - OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4377 "util/configparser.c" - break; - - case 425: /* server_udp_connect: VAR_UDP_CONNECT STRING_ARG */ -#line 1570 "./util/configparser.y" - { - OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4389 "util/configparser.c" - break; - - case 426: /* server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG */ -#line 1579 "./util/configparser.y" - { - OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->unblock_lan_zones = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4402 "util/configparser.c" - break; - - case 427: /* server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG */ -#line 1589 "./util/configparser.y" - { - OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->insecure_lan_zones = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4415 "util/configparser.c" - break; - - case 428: /* server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG */ -#line 1599 "./util/configparser.y" - { - OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 4426 "util/configparser.c" - break; - - case 429: /* server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG */ -#line 1607 "./util/configparser.y" - { - OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) { - yyerror("number expected"); - } else { - cfg_parser->cfg->rrset_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 4442 "util/configparser.c" - break; - - case 430: /* server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG */ -#line 1620 "./util/configparser.y" - { - OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4454 "util/configparser.c" - break; - - case 431: /* server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG */ -#line 1629 "./util/configparser.y" - { - OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); - verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " - "removed, use infra-host-ttl)", (yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4465 "util/configparser.c" - break; - - case 432: /* server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG */ -#line 1637 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4477 "util/configparser.c" - break; - - case 433: /* server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG */ -#line 1646 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); - verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " - "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4488 "util/configparser.c" - break; - - case 434: /* server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG */ -#line 1654 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) { - yyerror("number expected"); - } else { - cfg_parser->cfg->infra_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->infra_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 4504 "util/configparser.c" - break; - - case 435: /* server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG */ -#line 1667 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4516 "util/configparser.c" - break; - - case 436: /* server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG */ -#line 1676 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_max_rtt:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_max_rtt = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4528 "util/configparser.c" - break; - - case 437: /* server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG */ -#line 1685 "./util/configparser.y" - { - OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->infra_keep_probing = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4541 "util/configparser.c" - break; - - case 438: /* server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG */ -#line 1695 "./util/configparser.y" - { - OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->target_fetch_policy); - cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); - } -#line 4551 "util/configparser.c" - break; - - case 439: /* server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG */ -#line 1702 "./util/configparser.y" - { - OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_short_bufsize = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4564 "util/configparser.c" - break; - - case 440: /* server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG */ -#line 1712 "./util/configparser.y" - { - OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_large_queries = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4577 "util/configparser.c" - break; - - case 441: /* server_harden_glue: VAR_HARDEN_GLUE STRING_ARG */ -#line 1722 "./util/configparser.y" - { - OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_glue = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4590 "util/configparser.c" - break; - - case 442: /* server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG */ -#line 1732 "./util/configparser.y" - { - OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_dnssec_stripped = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4603 "util/configparser.c" - break; - - case 443: /* server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG */ -#line 1742 "./util/configparser.y" - { - OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_below_nxdomain = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4616 "util/configparser.c" - break; - - case 444: /* server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG */ -#line 1752 "./util/configparser.y" - { - OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_referral_path = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4629 "util/configparser.c" - break; - - case 445: /* server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG */ -#line 1762 "./util/configparser.y" - { - OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_algo_downgrade = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4642 "util/configparser.c" - break; - - case 446: /* server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG */ -#line 1772 "./util/configparser.y" - { - OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_caps_bits_for_id = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4655 "util/configparser.c" - break; - - case 447: /* server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG */ -#line 1782 "./util/configparser.y" - { - OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4665 "util/configparser.c" - break; - - case 448: /* server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG */ -#line 1789 "./util/configparser.y" - { - OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4675 "util/configparser.c" - break; - - case 449: /* server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG */ -#line 1796 "./util/configparser.y" - { - OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4685 "util/configparser.c" - break; - - case 450: /* server_prefetch: VAR_PREFETCH STRING_ARG */ -#line 1803 "./util/configparser.y" - { - OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4697 "util/configparser.c" - break; - - case 451: /* server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG */ -#line 1812 "./util/configparser.y" - { - OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4709 "util/configparser.c" - break; - - case 452: /* server_deny_any: VAR_DENY_ANY STRING_ARG */ -#line 1821 "./util/configparser.y" - { - OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4721 "util/configparser.c" - break; - - case 453: /* server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG */ -#line 1830 "./util/configparser.y" - { - OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4733 "util/configparser.c" - break; - - case 454: /* server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG */ -#line 1839 "./util/configparser.y" - { - OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 4743 "util/configparser.c" - break; - - case 455: /* server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG */ -#line 1846 "./util/configparser.y" - { - OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->donotquery_localhost = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4756 "util/configparser.c" - break; - - case 456: /* server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG */ -#line 1856 "./util/configparser.y" - { - OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - validate_acl_action((yyvsp[0].str)); - if(!cfg_str2list_insert(&cfg_parser->cfg->acls, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding acl"); - } -#line 4767 "util/configparser.c" - break; - - case 457: /* server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG */ -#line 1864 "./util/configparser.y" - { - OUTYY(("P(server_interface_action:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - validate_acl_action((yyvsp[0].str)); - if(!cfg_str2list_insert( - &cfg_parser->cfg->interface_actions, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding acl"); - } -#line 4779 "util/configparser.c" - break; - - case 458: /* server_module_conf: VAR_MODULE_CONF STRING_ARG */ -#line 1873 "./util/configparser.y" - { - OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->module_conf); - cfg_parser->cfg->module_conf = (yyvsp[0].str); - } -#line 4789 "util/configparser.c" - break; - - case 459: /* server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG */ -#line 1880 "./util/configparser.y" - { - OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); - if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { - cfg_parser->cfg->val_date_override = 0; - } else if(strlen((yyvsp[0].str)) == 14) { - cfg_parser->cfg->val_date_override = - cfg_convert_timeval((yyvsp[0].str)); - if(!cfg_parser->cfg->val_date_override) - yyerror("bad date/time specification"); - } else { - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - cfg_parser->cfg->val_date_override = atoi((yyvsp[0].str)); - } - free((yyvsp[0].str)); - } -#line 4810 "util/configparser.c" - break; - - case 460: /* server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG */ -#line 1898 "./util/configparser.y" - { - OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); - if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { - cfg_parser->cfg->val_sig_skew_min = 0; - } else { - cfg_parser->cfg->val_sig_skew_min = atoi((yyvsp[0].str)); - if(!cfg_parser->cfg->val_sig_skew_min) - yyerror("number expected"); - } - free((yyvsp[0].str)); - } -#line 4826 "util/configparser.c" - break; - - case 461: /* server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG */ -#line 1911 "./util/configparser.y" - { - OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); - if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { - cfg_parser->cfg->val_sig_skew_max = 0; - } else { - cfg_parser->cfg->val_sig_skew_max = atoi((yyvsp[0].str)); - if(!cfg_parser->cfg->val_sig_skew_max) - yyerror("number expected"); - } - free((yyvsp[0].str)); - } -#line 4842 "util/configparser.c" - break; - - case 462: /* server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG */ -#line 1924 "./util/configparser.y" - { - OUTYY(("P(server_val_max_restart:%s)\n", (yyvsp[0].str))); - if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { - cfg_parser->cfg->val_max_restart = 0; - } else { - cfg_parser->cfg->val_max_restart = atoi((yyvsp[0].str)); - if(!cfg_parser->cfg->val_max_restart) - yyerror("number expected"); - } - free((yyvsp[0].str)); - } -#line 4858 "util/configparser.c" - break; - - case 463: /* server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG */ -#line 1937 "./util/configparser.y" - { - OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4870 "util/configparser.c" - break; - - case 464: /* server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG */ -#line 1946 "./util/configparser.y" - { - OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4882 "util/configparser.c" - break; - - case 465: /* server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG */ -#line 1955 "./util/configparser.y" - { - OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4894 "util/configparser.c" - break; - - case 466: /* server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG */ -#line 1964 "./util/configparser.y" - { - OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4906 "util/configparser.c" - break; - - case 467: /* server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG */ -#line 1973 "./util/configparser.y" - { - OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->val_clean_additional = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4919 "util/configparser.c" - break; - - case 468: /* server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG */ -#line 1983 "./util/configparser.y" - { - OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->val_permissive_mode = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4932 "util/configparser.c" - break; - - case 469: /* server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG */ -#line 1993 "./util/configparser.y" - { - OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->aggressive_nsec = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4946 "util/configparser.c" - break; - - case 470: /* server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG */ -#line 2004 "./util/configparser.y" - { - OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4958 "util/configparser.c" - break; - - case 471: /* server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG */ -#line 2013 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4970 "util/configparser.c" - break; - - case 472: /* server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG */ -#line 2022 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 4982 "util/configparser.c" - break; - - case 473: /* server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG */ -#line 2031 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 4994 "util/configparser.c" - break; - - case 474: /* server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG */ -#line 2040 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5006 "util/configparser.c" - break; - - case 475: /* server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG */ -#line 2049 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5018 "util/configparser.c" - break; - - case 476: /* server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG */ -#line 2058 "./util/configparser.y" - { - OUTYY(("P(server_ede_serve_expired:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ede_serve_expired = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5030 "util/configparser.c" - break; - - case 477: /* server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG */ -#line 2067 "./util/configparser.y" - { - OUTYY(("P(server_serve_original_ttl:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->serve_original_ttl = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5042 "util/configparser.c" - break; - - case 478: /* server_fake_dsa: VAR_FAKE_DSA STRING_ARG */ -#line 2076 "./util/configparser.y" - { - OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); -#if defined(HAVE_SSL) || defined(HAVE_NETTLE) - else fake_dsa = (strcmp((yyvsp[0].str), "yes")==0); - if(fake_dsa) - log_warn("test option fake_dsa is enabled"); -#endif - free((yyvsp[0].str)); - } -#line 5058 "util/configparser.c" - break; - - case 479: /* server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG */ -#line 2089 "./util/configparser.y" - { - OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); -#if defined(HAVE_SSL) || defined(HAVE_NETTLE) - else fake_sha1 = (strcmp((yyvsp[0].str), "yes")==0); - if(fake_sha1) - log_warn("test option fake_sha1 is enabled"); -#endif - free((yyvsp[0].str)); - } -#line 5074 "util/configparser.c" - break; - - case 480: /* server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG */ -#line 2102 "./util/configparser.y" - { - OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5086 "util/configparser.c" - break; - - case 481: /* server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG */ -#line 2111 "./util/configparser.y" - { - OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->val_nsec3_key_iterations); - cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); - } -#line 5096 "util/configparser.c" - break; - - case 482: /* server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG */ -#line 2118 "./util/configparser.y" - { - OUTYY(("P(server_zonemd_permissive_mode:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->zonemd_permissive_mode = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5108 "util/configparser.c" - break; - - case 483: /* server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG */ -#line 2127 "./util/configparser.y" - { - OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5120 "util/configparser.c" - break; - - case 484: /* server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG */ -#line 2136 "./util/configparser.y" - { - OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5132 "util/configparser.c" - break; - - case 485: /* server_keep_missing: VAR_KEEP_MISSING STRING_ARG */ -#line 2145 "./util/configparser.y" - { - OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5144 "util/configparser.c" - break; - - case 486: /* server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG */ -#line 2154 "./util/configparser.y" - { - OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->permit_small_holddown = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5157 "util/configparser.c" - break; - - case 487: /* server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG */ -#line 2163 "./util/configparser.y" - { - OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 5168 "util/configparser.c" - break; - - case 488: /* server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG */ -#line 2171 "./util/configparser.y" - { - OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) { - yyerror("number expected"); - } else { - cfg_parser->cfg->key_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->key_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 5184 "util/configparser.c" - break; - - case 489: /* server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG */ -#line 2184 "./util/configparser.y" - { - OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 5195 "util/configparser.c" - break; - - case 490: /* server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG */ -#line 2192 "./util/configparser.y" - { - OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && - strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && - strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 - && strcmp((yyvsp[0].str), "typetransparent")!=0 - && strcmp((yyvsp[0].str), "always_transparent")!=0 - && strcmp((yyvsp[0].str), "always_refuse")!=0 - && strcmp((yyvsp[0].str), "always_nxdomain")!=0 - && strcmp((yyvsp[0].str), "always_nodata")!=0 - && strcmp((yyvsp[0].str), "always_deny")!=0 - && strcmp((yyvsp[0].str), "always_null")!=0 - && strcmp((yyvsp[0].str), "noview")!=0 - && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0 - && strcmp((yyvsp[0].str), "inform_redirect") != 0 - && strcmp((yyvsp[0].str), "ipset") != 0) { - yyerror("local-zone type: expected static, deny, " - "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny, " - "inform_redirect, always_transparent, " - "always_refuse, always_nxdomain, " - "always_nodata, always_deny, always_null, " - "noview, nodefault or ipset"); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } else if(strcmp((yyvsp[0].str), "nodefault")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_zones_nodefault, (yyvsp[-1].str))) - fatal_exit("out of memory adding local-zone"); - free((yyvsp[0].str)); -#ifdef USE_IPSET - } else if(strcmp((yyvsp[0].str), "ipset")==0) { - size_t len = strlen((yyvsp[-1].str)); - /* Make sure to add the trailing dot. - * These are str compared to domain names. */ - if((yyvsp[-1].str)[len-1] != '.') { - if(!((yyvsp[-1].str) = realloc((yyvsp[-1].str), len+2))) { - fatal_exit("out of memory adding local-zone"); - } - (yyvsp[-1].str)[len] = '.'; - (yyvsp[-1].str)[len+1] = 0; - } - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_zones_ipset, (yyvsp[-1].str))) - fatal_exit("out of memory adding local-zone"); - free((yyvsp[0].str)); -#endif - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones, - (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding local-zone"); - } - } -#line 5253 "util/configparser.c" - break; - - case 491: /* server_local_data: VAR_LOCAL_DATA STRING_ARG */ -#line 2247 "./util/configparser.y" - { - OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) - fatal_exit("out of memory adding local-data"); - } -#line 5263 "util/configparser.c" - break; - - case 492: /* server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG */ -#line 2254 "./util/configparser.y" - { - char* ptr; - OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); - ptr = cfg_ptr_reverse((yyvsp[0].str)); - free((yyvsp[0].str)); - if(ptr) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_data, ptr)) - fatal_exit("out of memory adding local-data"); - } else { - yyerror("local-data-ptr could not be reversed"); - } - } -#line 5281 "util/configparser.c" - break; - - case 493: /* server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG */ -#line 2269 "./util/configparser.y" - { - OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->minimal_responses = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5294 "util/configparser.c" - break; - - case 494: /* server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG */ -#line 2279 "./util/configparser.y" - { - OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->rrset_roundrobin = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5307 "util/configparser.c" - break; - - case 495: /* server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG */ -#line 2289 "./util/configparser.y" - { - OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); - cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5317 "util/configparser.c" - break; - - case 496: /* server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG */ -#line 2296 "./util/configparser.y" - { - OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); - cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5327 "util/configparser.c" - break; - - case 497: /* server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG */ -#line 2303 "./util/configparser.y" - { - OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dns64_prefix); - cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); - } -#line 5337 "util/configparser.c" - break; - - case 498: /* server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG */ -#line 2310 "./util/configparser.y" - { - OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5349 "util/configparser.c" - break; - - case 499: /* server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG */ -#line 2319 "./util/configparser.y" - { - OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, - (yyvsp[0].str))) - fatal_exit("out of memory adding dns64-ignore-aaaa"); - } -#line 5360 "util/configparser.c" - break; - - case 500: /* server_define_tag: VAR_DEFINE_TAG STRING_ARG */ -#line 2327 "./util/configparser.y" - { - char* p, *s = (yyvsp[0].str); - OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); - while((p=strsep(&s, " \t\n")) != NULL) { - if(*p) { - if(!config_add_tag(cfg_parser->cfg, p)) - yyerror("could not define-tag, " - "out of memory"); - } - } - free((yyvsp[0].str)); - } -#line 5377 "util/configparser.c" - break; - - case 501: /* server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG */ -#line 2341 "./util/configparser.y" - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), - &len); - free((yyvsp[0].str)); - OUTYY(("P(server_local_zone_tag:%s)\n", (yyvsp[-1].str))); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - free((yyvsp[-1].str)); - } - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->local_zone_tags, - (yyvsp[-1].str), bitlist, len)) { - yyerror("out of memory"); - free((yyvsp[-1].str)); - } - } - } -#line 5401 "util/configparser.c" - break; - - case 502: /* server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG */ -#line 2362 "./util/configparser.y" - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), - &len); - free((yyvsp[0].str)); - OUTYY(("P(server_access_control_tag:%s)\n", (yyvsp[-1].str))); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - free((yyvsp[-1].str)); - } - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->acl_tags, - (yyvsp[-1].str), bitlist, len)) { - yyerror("out of memory"); - free((yyvsp[-1].str)); - } - } - } -#line 5425 "util/configparser.c" - break; - - case 503: /* server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG */ -#line 2383 "./util/configparser.y" - { - OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, - (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-2].str)); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 5440 "util/configparser.c" - break; - - case 504: /* server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG */ -#line 2395 "./util/configparser.y" - { - OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, - (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-2].str)); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 5455 "util/configparser.c" - break; - - case 505: /* server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG */ -#line 2407 "./util/configparser.y" - { - OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, - (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-2].str)); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 5470 "util/configparser.c" - break; - - case 506: /* server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG */ -#line 2419 "./util/configparser.y" - { - OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, - (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - } - } -#line 5482 "util/configparser.c" - break; - - case 507: /* server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG */ -#line 2428 "./util/configparser.y" - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), - &len); - free((yyvsp[0].str)); - OUTYY(("P(server_interface_tag:%s)\n", (yyvsp[-1].str))); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - free((yyvsp[-1].str)); - } - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->interface_tags, - (yyvsp[-1].str), bitlist, len)) { - yyerror("out of memory"); - free((yyvsp[-1].str)); - } - } - } -#line 5506 "util/configparser.c" - break; - - case 508: /* server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG */ -#line 2449 "./util/configparser.y" - { - OUTYY(("P(server_interface_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions, - (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-2].str)); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 5521 "util/configparser.c" - break; - - case 509: /* server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG */ -#line 2461 "./util/configparser.y" - { - OUTYY(("P(server_interface_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas, - (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - free((yyvsp[-2].str)); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } - } -#line 5536 "util/configparser.c" - break; - - case 510: /* server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG */ -#line 2473 "./util/configparser.y" - { - OUTYY(("P(server_interface_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view, - (yyvsp[-1].str), (yyvsp[0].str))) { - yyerror("out of memory"); - } - } -#line 5548 "util/configparser.c" - break; - - case 511: /* server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG */ -#line 2482 "./util/configparser.y" - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), - &len); - free((yyvsp[0].str)); - OUTYY(("P(response_ip_tag:%s)\n", (yyvsp[-1].str))); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - free((yyvsp[-1].str)); - } - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->respip_tags, - (yyvsp[-1].str), bitlist, len)) { - yyerror("out of memory"); - free((yyvsp[-1].str)); - } - } - } -#line 5572 "util/configparser.c" - break; - - case 512: /* server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG */ -#line 2503 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5584 "util/configparser.c" - break; - - case 513: /* server_ratelimit: VAR_RATELIMIT STRING_ARG */ -#line 2512 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5596 "util/configparser.c" - break; - - case 514: /* server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG */ -#line 2521 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 5607 "util/configparser.c" - break; - - case 515: /* server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG */ -#line 2529 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 5618 "util/configparser.c" - break; - - case 516: /* server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG */ -#line 2537 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) { - yyerror("number expected"); - } else { - cfg_parser->cfg->ip_ratelimit_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 5634 "util/configparser.c" - break; - - case 517: /* server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG */ -#line 2550 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) { - yyerror("number expected"); - } else { - cfg_parser->cfg->ratelimit_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->ratelimit_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 5650 "util/configparser.c" - break; - - case 518: /* server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG */ -#line 2563 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { - yyerror("number expected"); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg-> - ratelimit_for_domain, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding " - "ratelimit-for-domain"); - } - } -#line 5668 "util/configparser.c" - break; - - case 519: /* server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG */ -#line 2578 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { - yyerror("number expected"); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg-> - ratelimit_below_domain, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding " - "ratelimit-below-domain"); - } - } -#line 5686 "util/configparser.c" - break; - - case 520: /* server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG */ -#line 2593 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5698 "util/configparser.c" - break; - - case 521: /* server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG */ -#line 2602 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5710 "util/configparser.c" - break; - - case 522: /* server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG */ -#line 2611 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_ratelimit_backoff = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5723 "util/configparser.c" - break; - - case 523: /* server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG */ -#line 2621 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_backoff:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ratelimit_backoff = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5736 "util/configparser.c" - break; - - case 524: /* server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG */ -#line 2631 "./util/configparser.y" - { - OUTYY(("P(server_outbound_msg_retry:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outbound_msg_retry = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5748 "util/configparser.c" - break; - - case 525: /* server_low_rtt: VAR_LOW_RTT STRING_ARG */ -#line 2640 "./util/configparser.y" - { - OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); - free((yyvsp[0].str)); - } -#line 5757 "util/configparser.c" - break; - - case 526: /* server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG */ -#line 2646 "./util/configparser.y" - { - OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) <= 0) - yyerror("number expected"); - else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5769 "util/configparser.c" - break; - - case 527: /* server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG */ -#line 2655 "./util/configparser.y" - { - OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5781 "util/configparser.c" - break; - - case 528: /* server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG */ -#line 2664 "./util/configparser.y" - { - OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->qname_minimisation = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5794 "util/configparser.c" - break; - - case 529: /* server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG */ -#line 2674 "./util/configparser.y" - { - OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->qname_minimisation_strict = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5807 "util/configparser.c" - break; - - case 530: /* server_pad_responses: VAR_PAD_RESPONSES STRING_ARG */ -#line 2684 "./util/configparser.y" - { - OUTYY(("P(server_pad_responses:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->pad_responses = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5820 "util/configparser.c" - break; - - case 531: /* server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG */ -#line 2694 "./util/configparser.y" - { - OUTYY(("P(server_pad_responses_block_size:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->pad_responses_block_size = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5832 "util/configparser.c" - break; - - case 532: /* server_pad_queries: VAR_PAD_QUERIES STRING_ARG */ -#line 2703 "./util/configparser.y" - { - OUTYY(("P(server_pad_queries:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->pad_queries = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5845 "util/configparser.c" - break; - - case 533: /* server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG */ -#line 2713 "./util/configparser.y" - { - OUTYY(("P(server_pad_queries_block_size:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("number expected"); - else cfg_parser->cfg->pad_queries_block_size = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5857 "util/configparser.c" - break; - - case 534: /* server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG */ -#line 2722 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ipsecmod_enabled = (strcmp((yyvsp[0].str), "yes")==0); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 5873 "util/configparser.c" - break; - - case 535: /* server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG */ -#line 2735 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp((yyvsp[0].str), "yes")==0); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 5889 "util/configparser.c" - break; - - case 536: /* server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG */ -#line 2748 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->ipsecmod_hook); - cfg_parser->cfg->ipsecmod_hook = (yyvsp[0].str); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 5904 "util/configparser.c" - break; - - case 537: /* server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG */ -#line 2760 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ipsecmod_max_ttl = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 5921 "util/configparser.c" - break; - - case 538: /* server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG */ -#line 2774 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, (yyvsp[0].str))) - yyerror("out of memory"); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 5936 "util/configparser.c" - break; - - case 539: /* server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG */ -#line 2786 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ipsecmod_strict = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 5953 "util/configparser.c" - break; - - case 540: /* server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG */ -#line 2800 "./util/configparser.y" - { - OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(!cfg_str2list_insert( - &cfg_parser->cfg->edns_client_strings, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding " - "edns-client-string"); - } -#line 5965 "util/configparser.c" - break; - - case 541: /* server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG */ -#line 2809 "./util/configparser.y" - { - OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) - yyerror("option code expected"); - else if(atoi((yyvsp[0].str)) > 65535 || atoi((yyvsp[0].str)) < 0) - yyerror("option code must be in interval [0, 65535]"); - else cfg_parser->cfg->edns_client_string_opcode = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 5979 "util/configparser.c" - break; - - case 542: /* server_ede: VAR_EDE STRING_ARG */ -#line 2820 "./util/configparser.y" - { - OUTYY(("P(server_ede:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ede = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 5991 "util/configparser.c" - break; - - case 543: /* server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG */ -#line 2829 "./util/configparser.y" - { - OUTYY(("P(server_proxy_protocol_port:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6001 "util/configparser.c" - break; - - case 544: /* stub_name: VAR_NAME STRING_ARG */ -#line 2836 "./util/configparser.y" - { - OUTYY(("P(name:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->stubs->name) - yyerror("stub name override, there must be one name " - "for one stub-zone"); - free(cfg_parser->cfg->stubs->name); - cfg_parser->cfg->stubs->name = (yyvsp[0].str); - } -#line 6014 "util/configparser.c" - break; - - case 545: /* stub_host: VAR_STUB_HOST STRING_ARG */ -#line 2846 "./util/configparser.y" - { - OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6024 "util/configparser.c" - break; - - case 546: /* stub_addr: VAR_STUB_ADDR STRING_ARG */ -#line 2853 "./util/configparser.y" - { - OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6034 "util/configparser.c" - break; - - case 547: /* stub_first: VAR_STUB_FIRST STRING_ARG */ -#line 2860 "./util/configparser.y" - { - OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6046 "util/configparser.c" - break; - - case 548: /* stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG */ -#line 2869 "./util/configparser.y" - { - OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6058 "util/configparser.c" - break; - - case 549: /* stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG */ -#line 2878 "./util/configparser.y" - { - OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->ssl_upstream = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6071 "util/configparser.c" - break; - - case 550: /* stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG */ -#line 2888 "./util/configparser.y" - { - OUTYY(("P(stub-tcp-upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->tcp_upstream = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6084 "util/configparser.c" - break; - - case 551: /* stub_prime: VAR_STUB_PRIME STRING_ARG */ -#line 2898 "./util/configparser.y" - { - OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->isprime = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6097 "util/configparser.c" - break; - - case 552: /* forward_name: VAR_NAME STRING_ARG */ -#line 2908 "./util/configparser.y" - { - OUTYY(("P(name:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->forwards->name) - yyerror("forward name override, there must be one " - "name for one forward-zone"); - free(cfg_parser->cfg->forwards->name); - cfg_parser->cfg->forwards->name = (yyvsp[0].str); - } -#line 6110 "util/configparser.c" - break; - - case 553: /* forward_host: VAR_FORWARD_HOST STRING_ARG */ -#line 2918 "./util/configparser.y" - { - OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6120 "util/configparser.c" - break; - - case 554: /* forward_addr: VAR_FORWARD_ADDR STRING_ARG */ -#line 2925 "./util/configparser.y" - { - OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6130 "util/configparser.c" - break; - - case 555: /* forward_first: VAR_FORWARD_FIRST STRING_ARG */ -#line 2932 "./util/configparser.y" - { - OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6142 "util/configparser.c" - break; - - case 556: /* forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG */ -#line 2941 "./util/configparser.y" - { - OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6154 "util/configparser.c" - break; - - case 557: /* forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG */ -#line 2950 "./util/configparser.y" - { - OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->ssl_upstream = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6167 "util/configparser.c" - break; - - case 558: /* forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG */ -#line 2960 "./util/configparser.y" - { - OUTYY(("P(forward-tcp-upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->tcp_upstream = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6180 "util/configparser.c" - break; - - case 559: /* auth_name: VAR_NAME STRING_ARG */ -#line 2970 "./util/configparser.y" - { - OUTYY(("P(name:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->auths->name) - yyerror("auth name override, there must be one name " - "for one auth-zone"); - free(cfg_parser->cfg->auths->name); - cfg_parser->cfg->auths->name = (yyvsp[0].str); - } -#line 6193 "util/configparser.c" - break; - - case 560: /* auth_zonefile: VAR_ZONEFILE STRING_ARG */ -#line 2980 "./util/configparser.y" - { - OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->auths->zonefile); - cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); - } -#line 6203 "util/configparser.c" - break; - - case 561: /* auth_master: VAR_MASTER STRING_ARG */ -#line 2987 "./util/configparser.y" - { - OUTYY(("P(master:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6213 "util/configparser.c" - break; - - case 562: /* auth_url: VAR_URL STRING_ARG */ -#line 2994 "./util/configparser.y" - { - OUTYY(("P(url:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6223 "util/configparser.c" - break; - - case 563: /* auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG */ -#line 3001 "./util/configparser.y" - { - OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, - (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6234 "util/configparser.c" - break; - - case 564: /* auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG */ -#line 3009 "./util/configparser.y" - { - OUTYY(("P(zonemd-check:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->zonemd_check = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6247 "util/configparser.c" - break; - - case 565: /* auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG */ -#line 3019 "./util/configparser.y" - { - OUTYY(("P(zonemd-reject-absence:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->zonemd_reject_absence = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6260 "util/configparser.c" - break; - - case 566: /* auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG */ -#line 3029 "./util/configparser.y" - { - OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->for_downstream = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6273 "util/configparser.c" - break; - - case 567: /* auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG */ -#line 3039 "./util/configparser.y" - { - OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->for_upstream = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6286 "util/configparser.c" - break; - - case 568: /* auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG */ -#line 3049 "./util/configparser.y" - { - OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->fallback_enabled = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6299 "util/configparser.c" - break; - - case 569: /* view_name: VAR_NAME STRING_ARG */ -#line 3059 "./util/configparser.y" - { - OUTYY(("P(name:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->views->name) - yyerror("view name override, there must be one " - "name for one view"); - free(cfg_parser->cfg->views->name); - cfg_parser->cfg->views->name = (yyvsp[0].str); - } -#line 6312 "util/configparser.c" - break; - - case 570: /* view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG */ -#line 3069 "./util/configparser.y" - { - OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && - strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && - strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 - && strcmp((yyvsp[0].str), "typetransparent")!=0 - && strcmp((yyvsp[0].str), "always_transparent")!=0 - && strcmp((yyvsp[0].str), "always_refuse")!=0 - && strcmp((yyvsp[0].str), "always_nxdomain")!=0 - && strcmp((yyvsp[0].str), "always_nodata")!=0 - && strcmp((yyvsp[0].str), "always_deny")!=0 - && strcmp((yyvsp[0].str), "always_null")!=0 - && strcmp((yyvsp[0].str), "noview")!=0 - && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0 - && strcmp((yyvsp[0].str), "inform_redirect") != 0 - && strcmp((yyvsp[0].str), "ipset") != 0) { - yyerror("local-zone type: expected static, deny, " - "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny, " - "inform_redirect, always_transparent, " - "always_refuse, always_nxdomain, " - "always_nodata, always_deny, always_null, " - "noview, nodefault or ipset"); - free((yyvsp[-1].str)); - free((yyvsp[0].str)); - } else if(strcmp((yyvsp[0].str), "nodefault")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_zones_nodefault, (yyvsp[-1].str))) - fatal_exit("out of memory adding local-zone"); - free((yyvsp[0].str)); -#ifdef USE_IPSET - } else if(strcmp((yyvsp[0].str), "ipset")==0) { - size_t len = strlen((yyvsp[-1].str)); - /* Make sure to add the trailing dot. - * These are str compared to domain names. */ - if((yyvsp[-1].str)[len-1] != '.') { - if(!((yyvsp[-1].str) = realloc((yyvsp[-1].str), len+2))) { - fatal_exit("out of memory adding local-zone"); - } - (yyvsp[-1].str)[len] = '.'; - (yyvsp[-1].str)[len+1] = 0; - } - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_zones_ipset, (yyvsp[-1].str))) - fatal_exit("out of memory adding local-zone"); - free((yyvsp[0].str)); -#endif - } else { - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->local_zones, - (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding local-zone"); - } - } -#line 6371 "util/configparser.c" - break; - - case 571: /* view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG */ -#line 3125 "./util/configparser.y" - { - OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - validate_respip_action((yyvsp[0].str)); - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->respip_actions, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding per-view " - "response-ip action"); - } -#line 6384 "util/configparser.c" - break; - - case 572: /* view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG */ -#line 3135 "./util/configparser.y" - { - OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding response-ip-data"); - } -#line 6395 "util/configparser.c" - break; - - case 573: /* view_local_data: VAR_LOCAL_DATA STRING_ARG */ -#line 3143 "./util/configparser.y" - { - OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { - fatal_exit("out of memory adding local-data"); - } - } -#line 6406 "util/configparser.c" - break; - - case 574: /* view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG */ -#line 3151 "./util/configparser.y" - { - char* ptr; - OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); - ptr = cfg_ptr_reverse((yyvsp[0].str)); - free((yyvsp[0].str)); - if(ptr) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_data, ptr)) - fatal_exit("out of memory adding local-data"); - } else { - yyerror("local-data-ptr could not be reversed"); - } - } -#line 6424 "util/configparser.c" - break; - - case 575: /* view_first: VAR_VIEW_FIRST STRING_ARG */ -#line 3166 "./util/configparser.y" - { - OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6436 "util/configparser.c" - break; - - case 576: /* rcstart: VAR_REMOTE_CONTROL */ -#line 3175 "./util/configparser.y" - { - OUTYY(("\nP(remote-control:)\n")); - cfg_parser->started_toplevel = 1; - } -#line 6445 "util/configparser.c" - break; - - case 587: /* rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG */ -#line 3187 "./util/configparser.y" - { - OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->remote_control_enable = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6458 "util/configparser.c" - break; - - case 588: /* rc_control_port: VAR_CONTROL_PORT STRING_ARG */ -#line 3197 "./util/configparser.y" - { - OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("control port number expected"); - else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 6470 "util/configparser.c" - break; - - case 589: /* rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG */ -#line 3206 "./util/configparser.y" - { - OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6480 "util/configparser.c" - break; - - case 590: /* rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG */ -#line 3213 "./util/configparser.y" - { - OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); - cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6490 "util/configparser.c" - break; - - case 591: /* rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG */ -#line 3220 "./util/configparser.y" - { - OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->server_key_file); - cfg_parser->cfg->server_key_file = (yyvsp[0].str); - } -#line 6500 "util/configparser.c" - break; - - case 592: /* rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG */ -#line 3227 "./util/configparser.y" - { - OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->server_cert_file); - cfg_parser->cfg->server_cert_file = (yyvsp[0].str); - } -#line 6510 "util/configparser.c" - break; - - case 593: /* rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG */ -#line 3234 "./util/configparser.y" - { - OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->control_key_file); - cfg_parser->cfg->control_key_file = (yyvsp[0].str); - } -#line 6520 "util/configparser.c" - break; - - case 594: /* rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG */ -#line 3241 "./util/configparser.y" - { - OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->control_cert_file); - cfg_parser->cfg->control_cert_file = (yyvsp[0].str); - } -#line 6530 "util/configparser.c" - break; - - case 595: /* dtstart: VAR_DNSTAP */ -#line 3248 "./util/configparser.y" - { - OUTYY(("\nP(dnstap:)\n")); - cfg_parser->started_toplevel = 1; - } -#line 6539 "util/configparser.c" - break; - - case 617: /* dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG */ -#line 3269 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6551 "util/configparser.c" - break; - - case 618: /* dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG */ -#line 3278 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_bidirectional = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6564 "util/configparser.c" - break; - - case 619: /* dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG */ -#line 3288 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_socket_path); - cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); - } -#line 6574 "util/configparser.c" - break; - - case 620: /* dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG */ -#line 3295 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_ip); - cfg_parser->cfg->dnstap_ip = (yyvsp[0].str); - } -#line 6584 "util/configparser.c" - break; - - case 621: /* dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG */ -#line 3302 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6596 "util/configparser.c" - break; - - case 622: /* dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG */ -#line 3311 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_tls_server_name); - cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str); - } -#line 6606 "util/configparser.c" - break; - - case 623: /* dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG */ -#line 3318 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_tls_cert_bundle); - cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str); - } -#line 6616 "util/configparser.c" - break; - - case 624: /* dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG */ -#line 3325 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_tls_client_key_file); - cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str); - } -#line 6626 "util/configparser.c" - break; - - case 625: /* dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG */ -#line 3332 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_tls_client_cert_file); - cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str); - } -#line 6636 "util/configparser.c" - break; - - case 626: /* dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG */ -#line 3339 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6648 "util/configparser.c" - break; - - case 627: /* dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG */ -#line 3348 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6660 "util/configparser.c" - break; - - case 628: /* dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG */ -#line 3357 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_identity); - cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); - } -#line 6670 "util/configparser.c" - break; - - case 629: /* dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG */ -#line 3364 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnstap_version); - cfg_parser->cfg->dnstap_version = (yyvsp[0].str); - } -#line 6680 "util/configparser.c" - break; - - case 630: /* dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG */ -#line 3371 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_resolver_query_messages = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6693 "util/configparser.c" - break; - - case 631: /* dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG */ -#line 3381 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_resolver_response_messages = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6706 "util/configparser.c" - break; - - case 632: /* dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG */ -#line 3391 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_client_query_messages = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6719 "util/configparser.c" - break; - - case 633: /* dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG */ -#line 3401 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_client_response_messages = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6732 "util/configparser.c" - break; - - case 634: /* dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG */ -#line 3411 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_forwarder_query_messages = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6745 "util/configparser.c" - break; - - case 635: /* dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG */ -#line 3421 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_forwarder_response_messages = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6758 "util/configparser.c" - break; - - case 636: /* pythonstart: VAR_PYTHON */ -#line 3431 "./util/configparser.y" - { - OUTYY(("\nP(python:)\n")); - cfg_parser->started_toplevel = 1; - } -#line 6767 "util/configparser.c" - break; - - case 640: /* py_script: VAR_PYTHON_SCRIPT STRING_ARG */ -#line 3441 "./util/configparser.y" - { - OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6777 "util/configparser.c" - break; - - case 641: /* dynlibstart: VAR_DYNLIB */ -#line 3447 "./util/configparser.y" - { - OUTYY(("\nP(dynlib:)\n")); - cfg_parser->started_toplevel = 1; - } -#line 6786 "util/configparser.c" - break; - - case 645: /* dl_file: VAR_DYNLIB_FILE STRING_ARG */ -#line 3457 "./util/configparser.y" - { - OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str))) - yyerror("out of memory"); - } -#line 6796 "util/configparser.c" - break; - - case 646: /* server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG */ -#line 3463 "./util/configparser.y" - { - OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); - if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->disable_dnssec_lame_check = - (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6809 "util/configparser.c" - break; - - case 647: /* server_log_identity: VAR_LOG_IDENTITY STRING_ARG */ -#line 3473 "./util/configparser.y" - { - OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->log_identity); - cfg_parser->cfg->log_identity = (yyvsp[0].str); - } -#line 6819 "util/configparser.c" - break; - - case 648: /* server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG */ -#line 3480 "./util/configparser.y" - { - OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - validate_respip_action((yyvsp[0].str)); - if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, - (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding response-ip"); - } -#line 6831 "util/configparser.c" - break; - - case 649: /* server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG */ -#line 3489 "./util/configparser.y" - { - OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); - if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, - (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding response-ip-data"); - } -#line 6842 "util/configparser.c" - break; - - case 650: /* dnscstart: VAR_DNSCRYPT */ -#line 3497 "./util/configparser.y" - { - OUTYY(("\nP(dnscrypt:)\n")); - cfg_parser->started_toplevel = 1; - } -#line 6851 "util/configparser.c" - break; - - case 663: /* dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG */ -#line 3514 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); - free((yyvsp[0].str)); - } -#line 6863 "util/configparser.c" - break; - - case 664: /* dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG */ -#line 3524 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); - free((yyvsp[0].str)); - } -#line 6875 "util/configparser.c" - break; - - case 665: /* dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG */ -#line 3533 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dnscrypt_provider); - cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); - } -#line 6885 "util/configparser.c" - break; - - case 666: /* dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG */ -#line 3540 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); - if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) - log_warn("dnscrypt-provider-cert %s is a duplicate", (yyvsp[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) - fatal_exit("out of memory adding dnscrypt-provider-cert"); - } -#line 6897 "util/configparser.c" - break; - - case 667: /* dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG */ -#line 3549 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) - fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); - } -#line 6907 "util/configparser.c" - break; - - case 668: /* dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG */ -#line 3556 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); - if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) - log_warn("dnscrypt-secret-key: %s is a duplicate", (yyvsp[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) - fatal_exit("out of memory adding dnscrypt-secret-key"); - } -#line 6919 "util/configparser.c" - break; - - case 669: /* dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG */ -#line 3565 "./util/configparser.y" - { - OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 6930 "util/configparser.c" - break; - - case 670: /* dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG */ -#line 3573 "./util/configparser.y" - { - OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) { - yyerror("number expected"); - } else { - cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 6946 "util/configparser.c" - break; - - case 671: /* dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG */ -#line 3586 "./util/configparser.y" - { - OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); - if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) - yyerror("memory size expected"); - free((yyvsp[0].str)); - } -#line 6957 "util/configparser.c" - break; - - case 672: /* dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG */ -#line 3594 "./util/configparser.y" - { - OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) { - yyerror("number expected"); - } else { - cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi((yyvsp[0].str)); - if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs)) - yyerror("must be a power of 2"); - } - free((yyvsp[0].str)); - } -#line 6973 "util/configparser.c" - break; - - case 673: /* cachedbstart: VAR_CACHEDB */ -#line 3607 "./util/configparser.y" - { - OUTYY(("\nP(cachedb:)\n")); - cfg_parser->started_toplevel = 1; - } -#line 6982 "util/configparser.c" - break; - - case 682: /* cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG */ -#line 3619 "./util/configparser.y" - { - #ifdef USE_CACHEDB - OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->cachedb_backend); - cfg_parser->cfg->cachedb_backend = (yyvsp[0].str); - #else - OUTYY(("P(Compiled without cachedb, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 6997 "util/configparser.c" - break; - - case 683: /* cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG */ -#line 3631 "./util/configparser.y" - { - #ifdef USE_CACHEDB - OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->cachedb_secret); - cfg_parser->cfg->cachedb_secret = (yyvsp[0].str); - #else - OUTYY(("P(Compiled without cachedb, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 7012 "util/configparser.c" - break; - - case 684: /* redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG */ -#line 3643 "./util/configparser.y" - { - #if defined(USE_CACHEDB) && defined(USE_REDIS) - OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->redis_server_host); - cfg_parser->cfg->redis_server_host = (yyvsp[0].str); - #else - OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 7027 "util/configparser.c" - break; - - case 685: /* redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG */ -#line 3655 "./util/configparser.y" - { - #if defined(USE_CACHEDB) && defined(USE_REDIS) - int port; - OUTYY(("P(redis_server_port:%s)\n", (yyvsp[0].str))); - port = atoi((yyvsp[0].str)); - if(port == 0 || port < 0 || port > 65535) - yyerror("valid redis server port number expected"); - else cfg_parser->cfg->redis_server_port = port; - #else - OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 7045 "util/configparser.c" - break; - - case 686: /* redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG */ -#line 3670 "./util/configparser.y" - { - #if defined(USE_CACHEDB) && defined(USE_REDIS) - OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); - if(atoi((yyvsp[0].str)) == 0) - yyerror("redis timeout value expected"); - else cfg_parser->cfg->redis_timeout = atoi((yyvsp[0].str)); - #else - OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 7061 "util/configparser.c" - break; - - case 687: /* redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG */ -#line 3683 "./util/configparser.y" - { - #if defined(USE_CACHEDB) && defined(USE_REDIS) - OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str))); - if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->redis_expire_records = (strcmp((yyvsp[0].str), "yes")==0); - #else - OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); - #endif - free((yyvsp[0].str)); - } -#line 7077 "util/configparser.c" - break; - - case 688: /* server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG */ -#line 3696 "./util/configparser.y" - { - OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); - if (atoi((yyvsp[0].str)) < 0) - yyerror("positive number expected"); - else { - if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, (yyvsp[-1].str), (yyvsp[0].str))) - fatal_exit("out of memory adding tcp connection limit"); - } - } -#line 7091 "util/configparser.c" - break; - - case 689: /* ipsetstart: VAR_IPSET */ -#line 3707 "./util/configparser.y" - { - OUTYY(("\nP(ipset:)\n")); - cfg_parser->started_toplevel = 1; - } -#line 7100 "util/configparser.c" - break; - - case 694: /* ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG */ -#line 3717 "./util/configparser.y" - { - #ifdef USE_IPSET - OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->ipset_name_v4) - yyerror("ipset name v4 override, there must be one " - "name for ip v4"); - free(cfg_parser->cfg->ipset_name_v4); - cfg_parser->cfg->ipset_name_v4 = (yyvsp[0].str); - #else - OUTYY(("P(Compiled without ipset, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 7118 "util/configparser.c" - break; - - case 695: /* ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG */ -#line 3732 "./util/configparser.y" - { - #ifdef USE_IPSET - OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); - if(cfg_parser->cfg->ipset_name_v6) - yyerror("ipset name v6 override, there must be one " - "name for ip v6"); - free(cfg_parser->cfg->ipset_name_v6); - cfg_parser->cfg->ipset_name_v6 = (yyvsp[0].str); - #else - OUTYY(("P(Compiled without ipset, ignoring)\n")); - free((yyvsp[0].str)); - #endif - } -#line 7136 "util/configparser.c" - break; - - -#line 7140 "util/configparser.c" - - default: break; - } - /* User semantic actions sometimes alter yychar, and that requires - that yytoken be updated with the new translation. We take the - approach of translating immediately before every use of yytoken. - One alternative is translating here after every semantic action, - but that translation would be missed if the semantic action invokes - YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or - if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an - incorrect destructor might then be invoked immediately. In the - case of YYERROR or YYBACKUP, subsequent parser actions might lead - to an incorrect destructor call or verbose syntax error message - before the lookahead is translated. */ - YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); - - YYPOPSTACK (yylen); - yylen = 0; - - *++yyvsp = yyval; - - /* Now 'shift' the result of the reduction. Determine what state - that goes to, based on the state we popped back to and the rule - number reduced by. */ - { - const int yylhs = yyr1[yyn] - YYNTOKENS; - const int yyi = yypgoto[yylhs] + *yyssp; - yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp - ? yytable[yyi] - : yydefgoto[yylhs]); - } - - goto yynewstate; - - -/*--------------------------------------. -| yyerrlab -- here on detecting error. | -`--------------------------------------*/ -yyerrlab: - /* Make sure we have latest lookahead translation. See comments at - user semantic actions for why this is necessary. */ - yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); - /* If not already recovering from an error, report this error. */ - if (!yyerrstatus) - { - ++yynerrs; - yyerror (YY_("syntax error")); - } - - if (yyerrstatus == 3) - { - /* If just tried and failed to reuse lookahead token after an - error, discard it. */ - - if (yychar <= YYEOF) - { - /* Return failure if at end of input. */ - if (yychar == YYEOF) - YYABORT; - } - else - { - yydestruct ("Error: discarding", - yytoken, &yylval); - yychar = YYEMPTY; - } - } - - /* Else will try to reuse lookahead token after shifting the error - token. */ - goto yyerrlab1; - - -/*---------------------------------------------------. -| yyerrorlab -- error raised explicitly by YYERROR. | -`---------------------------------------------------*/ -yyerrorlab: - /* Pacify compilers when the user code never invokes YYERROR and the - label yyerrorlab therefore never appears in user code. */ - if (0) - YYERROR; - ++yynerrs; - - /* Do not reclaim the symbols of the rule whose action triggered - this YYERROR. */ - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - yystate = *yyssp; - goto yyerrlab1; - - -/*-------------------------------------------------------------. -| yyerrlab1 -- common code for both syntax error and YYERROR. | -`-------------------------------------------------------------*/ -yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ - - /* Pop stack until we find a state that shifts the error token. */ - for (;;) - { - yyn = yypact[yystate]; - if (!yypact_value_is_default (yyn)) - { - yyn += YYSYMBOL_YYerror; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } - - /* Pop the current state because it cannot handle the error token. */ - if (yyssp == yyss) - YYABORT; - - - yydestruct ("Error: popping", - YY_ACCESSING_SYMBOL (yystate), yyvsp); - YYPOPSTACK (1); - yystate = *yyssp; - YY_STACK_PRINT (yyss, yyssp); - } - - YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - *++yyvsp = yylval; - YY_IGNORE_MAYBE_UNINITIALIZED_END - - - /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); - - yystate = yyn; - goto yynewstate; - - -/*-------------------------------------. -| yyacceptlab -- YYACCEPT comes here. | -`-------------------------------------*/ -yyacceptlab: - yyresult = 0; - goto yyreturnlab; - - -/*-----------------------------------. -| yyabortlab -- YYABORT comes here. | -`-----------------------------------*/ -yyabortlab: - yyresult = 1; - goto yyreturnlab; - - -/*-----------------------------------------------------------. -| yyexhaustedlab -- YYNOMEM (memory exhaustion) comes here. | -`-----------------------------------------------------------*/ -yyexhaustedlab: - yyerror (YY_("memory exhausted")); - yyresult = 2; - goto yyreturnlab; - - -/*----------------------------------------------------------. -| yyreturnlab -- parsing is finished, clean up and return. | -`----------------------------------------------------------*/ -yyreturnlab: - if (yychar != YYEMPTY) - { - /* Make sure we have latest lookahead translation. See comments at - user semantic actions for why this is necessary. */ - yytoken = YYTRANSLATE (yychar); - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval); - } - /* Do not reclaim the symbols of the rule whose action triggered - this YYABORT or YYACCEPT. */ - YYPOPSTACK (yylen); - YY_STACK_PRINT (yyss, yyssp); - while (yyssp != yyss) - { - yydestruct ("Cleanup: popping", - YY_ACCESSING_SYMBOL (+*yyssp), yyvsp); - YYPOPSTACK (1); - } -#ifndef yyoverflow - if (yyss != yyssa) - YYSTACK_FREE (yyss); -#endif - - return yyresult; -} - -#line 3746 "./util/configparser.y" - - -/* parse helper routines could be here */ -static void -validate_respip_action(const char* action) -{ - if(strcmp(action, "deny")!=0 && - strcmp(action, "redirect")!=0 && - strcmp(action, "inform")!=0 && - strcmp(action, "inform_deny")!=0 && - strcmp(action, "always_transparent")!=0 && - strcmp(action, "always_refuse")!=0 && - strcmp(action, "always_nxdomain")!=0) - { - yyerror("response-ip action: expected deny, redirect, " - "inform, inform_deny, always_transparent, " - "always_refuse or always_nxdomain"); - } -} - -static void -validate_acl_action(const char* action) -{ - if(strcmp(action, "deny")!=0 && - strcmp(action, "refuse")!=0 && - strcmp(action, "deny_non_local")!=0 && - strcmp(action, "refuse_non_local")!=0 && - strcmp(action, "allow_setrd")!=0 && - strcmp(action, "allow")!=0 && - strcmp(action, "allow_snoop")!=0) - { - yyerror("expected deny, refuse, deny_non_local, " - "refuse_non_local, allow, allow_setrd or " - "allow_snoop as access control action"); - } -} diff --git a/util/configparser.h b/util/configparser.h deleted file mode 100644 index 4987e1169..000000000 --- a/util/configparser.h +++ /dev/null @@ -1,751 +0,0 @@ -/* A Bison parser, made by GNU Bison 3.8.2. */ - -/* Bison interface for Yacc-like parsers in C - - Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation, - Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, - especially those whose name start with YY_ or yy_. They are - private implementation details that can be changed or removed. */ - -#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED -# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED -/* Debug traces. */ -#ifndef YYDEBUG -# define YYDEBUG 0 -#endif -#if YYDEBUG -extern int yydebug; -#endif - -/* Token kinds. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - enum yytokentype - { - YYEMPTY = -2, - YYEOF = 0, /* "end of file" */ - YYerror = 256, /* error */ - YYUNDEF = 257, /* "invalid token" */ - SPACE = 258, /* SPACE */ - LETTER = 259, /* LETTER */ - NEWLINE = 260, /* NEWLINE */ - COMMENT = 261, /* COMMENT */ - COLON = 262, /* COLON */ - ANY = 263, /* ANY */ - ZONESTR = 264, /* ZONESTR */ - STRING_ARG = 265, /* STRING_ARG */ - VAR_FORCE_TOPLEVEL = 266, /* VAR_FORCE_TOPLEVEL */ - VAR_SERVER = 267, /* VAR_SERVER */ - VAR_VERBOSITY = 268, /* VAR_VERBOSITY */ - VAR_NUM_THREADS = 269, /* VAR_NUM_THREADS */ - VAR_PORT = 270, /* VAR_PORT */ - VAR_OUTGOING_RANGE = 271, /* VAR_OUTGOING_RANGE */ - VAR_INTERFACE = 272, /* VAR_INTERFACE */ - VAR_PREFER_IP4 = 273, /* VAR_PREFER_IP4 */ - VAR_DO_IP4 = 274, /* VAR_DO_IP4 */ - VAR_DO_IP6 = 275, /* VAR_DO_IP6 */ - VAR_PREFER_IP6 = 276, /* VAR_PREFER_IP6 */ - VAR_DO_UDP = 277, /* VAR_DO_UDP */ - VAR_DO_TCP = 278, /* VAR_DO_TCP */ - VAR_TCP_MSS = 279, /* VAR_TCP_MSS */ - VAR_OUTGOING_TCP_MSS = 280, /* VAR_OUTGOING_TCP_MSS */ - VAR_TCP_IDLE_TIMEOUT = 281, /* VAR_TCP_IDLE_TIMEOUT */ - VAR_EDNS_TCP_KEEPALIVE = 282, /* VAR_EDNS_TCP_KEEPALIVE */ - VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ - VAR_CHROOT = 284, /* VAR_CHROOT */ - VAR_USERNAME = 285, /* VAR_USERNAME */ - VAR_DIRECTORY = 286, /* VAR_DIRECTORY */ - VAR_LOGFILE = 287, /* VAR_LOGFILE */ - VAR_PIDFILE = 288, /* VAR_PIDFILE */ - VAR_MSG_CACHE_SIZE = 289, /* VAR_MSG_CACHE_SIZE */ - VAR_MSG_CACHE_SLABS = 290, /* VAR_MSG_CACHE_SLABS */ - VAR_NUM_QUERIES_PER_THREAD = 291, /* VAR_NUM_QUERIES_PER_THREAD */ - VAR_RRSET_CACHE_SIZE = 292, /* VAR_RRSET_CACHE_SIZE */ - VAR_RRSET_CACHE_SLABS = 293, /* VAR_RRSET_CACHE_SLABS */ - VAR_OUTGOING_NUM_TCP = 294, /* VAR_OUTGOING_NUM_TCP */ - VAR_INFRA_HOST_TTL = 295, /* VAR_INFRA_HOST_TTL */ - VAR_INFRA_LAME_TTL = 296, /* VAR_INFRA_LAME_TTL */ - VAR_INFRA_CACHE_SLABS = 297, /* VAR_INFRA_CACHE_SLABS */ - VAR_INFRA_CACHE_NUMHOSTS = 298, /* VAR_INFRA_CACHE_NUMHOSTS */ - VAR_INFRA_CACHE_LAME_SIZE = 299, /* VAR_INFRA_CACHE_LAME_SIZE */ - VAR_NAME = 300, /* VAR_NAME */ - VAR_STUB_ZONE = 301, /* VAR_STUB_ZONE */ - VAR_STUB_HOST = 302, /* VAR_STUB_HOST */ - VAR_STUB_ADDR = 303, /* VAR_STUB_ADDR */ - VAR_TARGET_FETCH_POLICY = 304, /* VAR_TARGET_FETCH_POLICY */ - VAR_HARDEN_SHORT_BUFSIZE = 305, /* VAR_HARDEN_SHORT_BUFSIZE */ - VAR_HARDEN_LARGE_QUERIES = 306, /* VAR_HARDEN_LARGE_QUERIES */ - VAR_FORWARD_ZONE = 307, /* VAR_FORWARD_ZONE */ - VAR_FORWARD_HOST = 308, /* VAR_FORWARD_HOST */ - VAR_FORWARD_ADDR = 309, /* VAR_FORWARD_ADDR */ - VAR_DO_NOT_QUERY_ADDRESS = 310, /* VAR_DO_NOT_QUERY_ADDRESS */ - VAR_HIDE_IDENTITY = 311, /* VAR_HIDE_IDENTITY */ - VAR_HIDE_VERSION = 312, /* VAR_HIDE_VERSION */ - VAR_IDENTITY = 313, /* VAR_IDENTITY */ - VAR_VERSION = 314, /* VAR_VERSION */ - VAR_HARDEN_GLUE = 315, /* VAR_HARDEN_GLUE */ - VAR_MODULE_CONF = 316, /* VAR_MODULE_CONF */ - VAR_TRUST_ANCHOR_FILE = 317, /* VAR_TRUST_ANCHOR_FILE */ - VAR_TRUST_ANCHOR = 318, /* VAR_TRUST_ANCHOR */ - VAR_VAL_OVERRIDE_DATE = 319, /* VAR_VAL_OVERRIDE_DATE */ - VAR_BOGUS_TTL = 320, /* VAR_BOGUS_TTL */ - VAR_VAL_CLEAN_ADDITIONAL = 321, /* VAR_VAL_CLEAN_ADDITIONAL */ - VAR_VAL_PERMISSIVE_MODE = 322, /* VAR_VAL_PERMISSIVE_MODE */ - VAR_INCOMING_NUM_TCP = 323, /* VAR_INCOMING_NUM_TCP */ - VAR_MSG_BUFFER_SIZE = 324, /* VAR_MSG_BUFFER_SIZE */ - VAR_KEY_CACHE_SIZE = 325, /* VAR_KEY_CACHE_SIZE */ - VAR_KEY_CACHE_SLABS = 326, /* VAR_KEY_CACHE_SLABS */ - VAR_TRUSTED_KEYS_FILE = 327, /* VAR_TRUSTED_KEYS_FILE */ - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ - VAR_USE_SYSLOG = 329, /* VAR_USE_SYSLOG */ - VAR_OUTGOING_INTERFACE = 330, /* VAR_OUTGOING_INTERFACE */ - VAR_ROOT_HINTS = 331, /* VAR_ROOT_HINTS */ - VAR_DO_NOT_QUERY_LOCALHOST = 332, /* VAR_DO_NOT_QUERY_LOCALHOST */ - VAR_CACHE_MAX_TTL = 333, /* VAR_CACHE_MAX_TTL */ - VAR_HARDEN_DNSSEC_STRIPPED = 334, /* VAR_HARDEN_DNSSEC_STRIPPED */ - VAR_ACCESS_CONTROL = 335, /* VAR_ACCESS_CONTROL */ - VAR_LOCAL_ZONE = 336, /* VAR_LOCAL_ZONE */ - VAR_LOCAL_DATA = 337, /* VAR_LOCAL_DATA */ - VAR_INTERFACE_AUTOMATIC = 338, /* VAR_INTERFACE_AUTOMATIC */ - VAR_STATISTICS_INTERVAL = 339, /* VAR_STATISTICS_INTERVAL */ - VAR_DO_DAEMONIZE = 340, /* VAR_DO_DAEMONIZE */ - VAR_USE_CAPS_FOR_ID = 341, /* VAR_USE_CAPS_FOR_ID */ - VAR_STATISTICS_CUMULATIVE = 342, /* VAR_STATISTICS_CUMULATIVE */ - VAR_OUTGOING_PORT_PERMIT = 343, /* VAR_OUTGOING_PORT_PERMIT */ - VAR_OUTGOING_PORT_AVOID = 344, /* VAR_OUTGOING_PORT_AVOID */ - VAR_DLV_ANCHOR_FILE = 345, /* VAR_DLV_ANCHOR_FILE */ - VAR_DLV_ANCHOR = 346, /* VAR_DLV_ANCHOR */ - VAR_NEG_CACHE_SIZE = 347, /* VAR_NEG_CACHE_SIZE */ - VAR_HARDEN_REFERRAL_PATH = 348, /* VAR_HARDEN_REFERRAL_PATH */ - VAR_PRIVATE_ADDRESS = 349, /* VAR_PRIVATE_ADDRESS */ - VAR_PRIVATE_DOMAIN = 350, /* VAR_PRIVATE_DOMAIN */ - VAR_REMOTE_CONTROL = 351, /* VAR_REMOTE_CONTROL */ - VAR_CONTROL_ENABLE = 352, /* VAR_CONTROL_ENABLE */ - VAR_CONTROL_INTERFACE = 353, /* VAR_CONTROL_INTERFACE */ - VAR_CONTROL_PORT = 354, /* VAR_CONTROL_PORT */ - VAR_SERVER_KEY_FILE = 355, /* VAR_SERVER_KEY_FILE */ - VAR_SERVER_CERT_FILE = 356, /* VAR_SERVER_CERT_FILE */ - VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */ - VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */ - VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */ - VAR_TCP_REUSE_TIMEOUT = 360, /* VAR_TCP_REUSE_TIMEOUT */ - VAR_MAX_REUSE_TCP_QUERIES = 361, /* VAR_MAX_REUSE_TCP_QUERIES */ - VAR_EXTENDED_STATISTICS = 362, /* VAR_EXTENDED_STATISTICS */ - VAR_LOCAL_DATA_PTR = 363, /* VAR_LOCAL_DATA_PTR */ - VAR_JOSTLE_TIMEOUT = 364, /* VAR_JOSTLE_TIMEOUT */ - VAR_STUB_PRIME = 365, /* VAR_STUB_PRIME */ - VAR_UNWANTED_REPLY_THRESHOLD = 366, /* VAR_UNWANTED_REPLY_THRESHOLD */ - VAR_LOG_TIME_ASCII = 367, /* VAR_LOG_TIME_ASCII */ - VAR_DOMAIN_INSECURE = 368, /* VAR_DOMAIN_INSECURE */ - VAR_PYTHON = 369, /* VAR_PYTHON */ - VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */ - VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */ - VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */ - VAR_VAL_MAX_RESTART = 373, /* VAR_VAL_MAX_RESTART */ - VAR_CACHE_MIN_TTL = 374, /* VAR_CACHE_MIN_TTL */ - VAR_VAL_LOG_LEVEL = 375, /* VAR_VAL_LOG_LEVEL */ - VAR_AUTO_TRUST_ANCHOR_FILE = 376, /* VAR_AUTO_TRUST_ANCHOR_FILE */ - VAR_KEEP_MISSING = 377, /* VAR_KEEP_MISSING */ - VAR_ADD_HOLDDOWN = 378, /* VAR_ADD_HOLDDOWN */ - VAR_DEL_HOLDDOWN = 379, /* VAR_DEL_HOLDDOWN */ - VAR_SO_RCVBUF = 380, /* VAR_SO_RCVBUF */ - VAR_EDNS_BUFFER_SIZE = 381, /* VAR_EDNS_BUFFER_SIZE */ - VAR_PREFETCH = 382, /* VAR_PREFETCH */ - VAR_PREFETCH_KEY = 383, /* VAR_PREFETCH_KEY */ - VAR_SO_SNDBUF = 384, /* VAR_SO_SNDBUF */ - VAR_SO_REUSEPORT = 385, /* VAR_SO_REUSEPORT */ - VAR_HARDEN_BELOW_NXDOMAIN = 386, /* VAR_HARDEN_BELOW_NXDOMAIN */ - VAR_IGNORE_CD_FLAG = 387, /* VAR_IGNORE_CD_FLAG */ - VAR_LOG_QUERIES = 388, /* VAR_LOG_QUERIES */ - VAR_LOG_REPLIES = 389, /* VAR_LOG_REPLIES */ - VAR_LOG_LOCAL_ACTIONS = 390, /* VAR_LOG_LOCAL_ACTIONS */ - VAR_TCP_UPSTREAM = 391, /* VAR_TCP_UPSTREAM */ - VAR_SSL_UPSTREAM = 392, /* VAR_SSL_UPSTREAM */ - VAR_TCP_AUTH_QUERY_TIMEOUT = 393, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ - VAR_SSL_SERVICE_KEY = 394, /* VAR_SSL_SERVICE_KEY */ - VAR_SSL_SERVICE_PEM = 395, /* VAR_SSL_SERVICE_PEM */ - VAR_SSL_PORT = 396, /* VAR_SSL_PORT */ - VAR_FORWARD_FIRST = 397, /* VAR_FORWARD_FIRST */ - VAR_STUB_SSL_UPSTREAM = 398, /* VAR_STUB_SSL_UPSTREAM */ - VAR_FORWARD_SSL_UPSTREAM = 399, /* VAR_FORWARD_SSL_UPSTREAM */ - VAR_TLS_CERT_BUNDLE = 400, /* VAR_TLS_CERT_BUNDLE */ - VAR_STUB_TCP_UPSTREAM = 401, /* VAR_STUB_TCP_UPSTREAM */ - VAR_FORWARD_TCP_UPSTREAM = 402, /* VAR_FORWARD_TCP_UPSTREAM */ - VAR_HTTPS_PORT = 403, /* VAR_HTTPS_PORT */ - VAR_HTTP_ENDPOINT = 404, /* VAR_HTTP_ENDPOINT */ - VAR_HTTP_MAX_STREAMS = 405, /* VAR_HTTP_MAX_STREAMS */ - VAR_HTTP_QUERY_BUFFER_SIZE = 406, /* VAR_HTTP_QUERY_BUFFER_SIZE */ - VAR_HTTP_RESPONSE_BUFFER_SIZE = 407, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ - VAR_HTTP_NODELAY = 408, /* VAR_HTTP_NODELAY */ - VAR_HTTP_NOTLS_DOWNSTREAM = 409, /* VAR_HTTP_NOTLS_DOWNSTREAM */ - VAR_STUB_FIRST = 410, /* VAR_STUB_FIRST */ - VAR_MINIMAL_RESPONSES = 411, /* VAR_MINIMAL_RESPONSES */ - VAR_RRSET_ROUNDROBIN = 412, /* VAR_RRSET_ROUNDROBIN */ - VAR_MAX_UDP_SIZE = 413, /* VAR_MAX_UDP_SIZE */ - VAR_DELAY_CLOSE = 414, /* VAR_DELAY_CLOSE */ - VAR_UDP_CONNECT = 415, /* VAR_UDP_CONNECT */ - VAR_UNBLOCK_LAN_ZONES = 416, /* VAR_UNBLOCK_LAN_ZONES */ - VAR_INSECURE_LAN_ZONES = 417, /* VAR_INSECURE_LAN_ZONES */ - VAR_INFRA_CACHE_MIN_RTT = 418, /* VAR_INFRA_CACHE_MIN_RTT */ - VAR_INFRA_CACHE_MAX_RTT = 419, /* VAR_INFRA_CACHE_MAX_RTT */ - VAR_INFRA_KEEP_PROBING = 420, /* VAR_INFRA_KEEP_PROBING */ - VAR_DNS64_PREFIX = 421, /* VAR_DNS64_PREFIX */ - VAR_DNS64_SYNTHALL = 422, /* VAR_DNS64_SYNTHALL */ - VAR_DNS64_IGNORE_AAAA = 423, /* VAR_DNS64_IGNORE_AAAA */ - VAR_DNSTAP = 424, /* VAR_DNSTAP */ - VAR_DNSTAP_ENABLE = 425, /* VAR_DNSTAP_ENABLE */ - VAR_DNSTAP_SOCKET_PATH = 426, /* VAR_DNSTAP_SOCKET_PATH */ - VAR_DNSTAP_IP = 427, /* VAR_DNSTAP_IP */ - VAR_DNSTAP_TLS = 428, /* VAR_DNSTAP_TLS */ - VAR_DNSTAP_TLS_SERVER_NAME = 429, /* VAR_DNSTAP_TLS_SERVER_NAME */ - VAR_DNSTAP_TLS_CERT_BUNDLE = 430, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ - VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ - VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 432, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ - VAR_DNSTAP_SEND_IDENTITY = 433, /* VAR_DNSTAP_SEND_IDENTITY */ - VAR_DNSTAP_SEND_VERSION = 434, /* VAR_DNSTAP_SEND_VERSION */ - VAR_DNSTAP_BIDIRECTIONAL = 435, /* VAR_DNSTAP_BIDIRECTIONAL */ - VAR_DNSTAP_IDENTITY = 436, /* VAR_DNSTAP_IDENTITY */ - VAR_DNSTAP_VERSION = 437, /* VAR_DNSTAP_VERSION */ - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 439, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 441, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 443, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ - VAR_RESPONSE_IP_TAG = 444, /* VAR_RESPONSE_IP_TAG */ - VAR_RESPONSE_IP = 445, /* VAR_RESPONSE_IP */ - VAR_RESPONSE_IP_DATA = 446, /* VAR_RESPONSE_IP_DATA */ - VAR_HARDEN_ALGO_DOWNGRADE = 447, /* VAR_HARDEN_ALGO_DOWNGRADE */ - VAR_IP_TRANSPARENT = 448, /* VAR_IP_TRANSPARENT */ - VAR_IP_DSCP = 449, /* VAR_IP_DSCP */ - VAR_DISABLE_DNSSEC_LAME_CHECK = 450, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ - VAR_IP_RATELIMIT = 451, /* VAR_IP_RATELIMIT */ - VAR_IP_RATELIMIT_SLABS = 452, /* VAR_IP_RATELIMIT_SLABS */ - VAR_IP_RATELIMIT_SIZE = 453, /* VAR_IP_RATELIMIT_SIZE */ - VAR_RATELIMIT = 454, /* VAR_RATELIMIT */ - VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */ - VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */ - VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */ - VAR_RATELIMIT_FOR_DOMAIN = 458, /* VAR_RATELIMIT_FOR_DOMAIN */ - VAR_RATELIMIT_BELOW_DOMAIN = 459, /* VAR_RATELIMIT_BELOW_DOMAIN */ - VAR_IP_RATELIMIT_FACTOR = 460, /* VAR_IP_RATELIMIT_FACTOR */ - VAR_RATELIMIT_FACTOR = 461, /* VAR_RATELIMIT_FACTOR */ - VAR_IP_RATELIMIT_BACKOFF = 462, /* VAR_IP_RATELIMIT_BACKOFF */ - VAR_RATELIMIT_BACKOFF = 463, /* VAR_RATELIMIT_BACKOFF */ - VAR_SEND_CLIENT_SUBNET = 464, /* VAR_SEND_CLIENT_SUBNET */ - VAR_CLIENT_SUBNET_ZONE = 465, /* VAR_CLIENT_SUBNET_ZONE */ - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 466, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - VAR_CLIENT_SUBNET_OPCODE = 467, /* VAR_CLIENT_SUBNET_OPCODE */ - VAR_MAX_CLIENT_SUBNET_IPV4 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - VAR_MAX_CLIENT_SUBNET_IPV6 = 469, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - VAR_MIN_CLIENT_SUBNET_IPV4 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - VAR_MIN_CLIENT_SUBNET_IPV6 = 471, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - VAR_MAX_ECS_TREE_SIZE_IPV4 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - VAR_MAX_ECS_TREE_SIZE_IPV6 = 473, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - VAR_CAPS_WHITELIST = 474, /* VAR_CAPS_WHITELIST */ - VAR_CACHE_MAX_NEGATIVE_TTL = 475, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - VAR_PERMIT_SMALL_HOLDDOWN = 476, /* VAR_PERMIT_SMALL_HOLDDOWN */ - VAR_QNAME_MINIMISATION = 477, /* VAR_QNAME_MINIMISATION */ - VAR_QNAME_MINIMISATION_STRICT = 478, /* VAR_QNAME_MINIMISATION_STRICT */ - VAR_IP_FREEBIND = 479, /* VAR_IP_FREEBIND */ - VAR_DEFINE_TAG = 480, /* VAR_DEFINE_TAG */ - VAR_LOCAL_ZONE_TAG = 481, /* VAR_LOCAL_ZONE_TAG */ - VAR_ACCESS_CONTROL_TAG = 482, /* VAR_ACCESS_CONTROL_TAG */ - VAR_LOCAL_ZONE_OVERRIDE = 483, /* VAR_LOCAL_ZONE_OVERRIDE */ - VAR_ACCESS_CONTROL_TAG_ACTION = 484, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - VAR_ACCESS_CONTROL_TAG_DATA = 485, /* VAR_ACCESS_CONTROL_TAG_DATA */ - VAR_VIEW = 486, /* VAR_VIEW */ - VAR_ACCESS_CONTROL_VIEW = 487, /* VAR_ACCESS_CONTROL_VIEW */ - VAR_VIEW_FIRST = 488, /* VAR_VIEW_FIRST */ - VAR_SERVE_EXPIRED = 489, /* VAR_SERVE_EXPIRED */ - VAR_SERVE_EXPIRED_TTL = 490, /* VAR_SERVE_EXPIRED_TTL */ - VAR_SERVE_EXPIRED_TTL_RESET = 491, /* VAR_SERVE_EXPIRED_TTL_RESET */ - VAR_SERVE_EXPIRED_REPLY_TTL = 492, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 493, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - VAR_EDE_SERVE_EXPIRED = 494, /* VAR_EDE_SERVE_EXPIRED */ - VAR_SERVE_ORIGINAL_TTL = 495, /* VAR_SERVE_ORIGINAL_TTL */ - VAR_FAKE_DSA = 496, /* VAR_FAKE_DSA */ - VAR_FAKE_SHA1 = 497, /* VAR_FAKE_SHA1 */ - VAR_LOG_IDENTITY = 498, /* VAR_LOG_IDENTITY */ - VAR_HIDE_TRUSTANCHOR = 499, /* VAR_HIDE_TRUSTANCHOR */ - VAR_HIDE_HTTP_USER_AGENT = 500, /* VAR_HIDE_HTTP_USER_AGENT */ - VAR_HTTP_USER_AGENT = 501, /* VAR_HTTP_USER_AGENT */ - VAR_TRUST_ANCHOR_SIGNALING = 502, /* VAR_TRUST_ANCHOR_SIGNALING */ - VAR_AGGRESSIVE_NSEC = 503, /* VAR_AGGRESSIVE_NSEC */ - VAR_USE_SYSTEMD = 504, /* VAR_USE_SYSTEMD */ - VAR_SHM_ENABLE = 505, /* VAR_SHM_ENABLE */ - VAR_SHM_KEY = 506, /* VAR_SHM_KEY */ - VAR_ROOT_KEY_SENTINEL = 507, /* VAR_ROOT_KEY_SENTINEL */ - VAR_DNSCRYPT = 508, /* VAR_DNSCRYPT */ - VAR_DNSCRYPT_ENABLE = 509, /* VAR_DNSCRYPT_ENABLE */ - VAR_DNSCRYPT_PORT = 510, /* VAR_DNSCRYPT_PORT */ - VAR_DNSCRYPT_PROVIDER = 511, /* VAR_DNSCRYPT_PROVIDER */ - VAR_DNSCRYPT_SECRET_KEY = 512, /* VAR_DNSCRYPT_SECRET_KEY */ - VAR_DNSCRYPT_PROVIDER_CERT = 513, /* VAR_DNSCRYPT_PROVIDER_CERT */ - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 514, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 516, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 518, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - VAR_PAD_RESPONSES = 519, /* VAR_PAD_RESPONSES */ - VAR_PAD_RESPONSES_BLOCK_SIZE = 520, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - VAR_PAD_QUERIES = 521, /* VAR_PAD_QUERIES */ - VAR_PAD_QUERIES_BLOCK_SIZE = 522, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - VAR_IPSECMOD_ENABLED = 523, /* VAR_IPSECMOD_ENABLED */ - VAR_IPSECMOD_HOOK = 524, /* VAR_IPSECMOD_HOOK */ - VAR_IPSECMOD_IGNORE_BOGUS = 525, /* VAR_IPSECMOD_IGNORE_BOGUS */ - VAR_IPSECMOD_MAX_TTL = 526, /* VAR_IPSECMOD_MAX_TTL */ - VAR_IPSECMOD_WHITELIST = 527, /* VAR_IPSECMOD_WHITELIST */ - VAR_IPSECMOD_STRICT = 528, /* VAR_IPSECMOD_STRICT */ - VAR_CACHEDB = 529, /* VAR_CACHEDB */ - VAR_CACHEDB_BACKEND = 530, /* VAR_CACHEDB_BACKEND */ - VAR_CACHEDB_SECRETSEED = 531, /* VAR_CACHEDB_SECRETSEED */ - VAR_CACHEDB_REDISHOST = 532, /* VAR_CACHEDB_REDISHOST */ - VAR_CACHEDB_REDISPORT = 533, /* VAR_CACHEDB_REDISPORT */ - VAR_CACHEDB_REDISTIMEOUT = 534, /* VAR_CACHEDB_REDISTIMEOUT */ - VAR_CACHEDB_REDISEXPIRERECORDS = 535, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 536, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - VAR_FOR_UPSTREAM = 537, /* VAR_FOR_UPSTREAM */ - VAR_AUTH_ZONE = 538, /* VAR_AUTH_ZONE */ - VAR_ZONEFILE = 539, /* VAR_ZONEFILE */ - VAR_MASTER = 540, /* VAR_MASTER */ - VAR_URL = 541, /* VAR_URL */ - VAR_FOR_DOWNSTREAM = 542, /* VAR_FOR_DOWNSTREAM */ - VAR_FALLBACK_ENABLED = 543, /* VAR_FALLBACK_ENABLED */ - VAR_TLS_ADDITIONAL_PORT = 544, /* VAR_TLS_ADDITIONAL_PORT */ - VAR_LOW_RTT = 545, /* VAR_LOW_RTT */ - VAR_LOW_RTT_PERMIL = 546, /* VAR_LOW_RTT_PERMIL */ - VAR_FAST_SERVER_PERMIL = 547, /* VAR_FAST_SERVER_PERMIL */ - VAR_FAST_SERVER_NUM = 548, /* VAR_FAST_SERVER_NUM */ - VAR_ALLOW_NOTIFY = 549, /* VAR_ALLOW_NOTIFY */ - VAR_TLS_WIN_CERT = 550, /* VAR_TLS_WIN_CERT */ - VAR_TCP_CONNECTION_LIMIT = 551, /* VAR_TCP_CONNECTION_LIMIT */ - VAR_FORWARD_NO_CACHE = 552, /* VAR_FORWARD_NO_CACHE */ - VAR_STUB_NO_CACHE = 553, /* VAR_STUB_NO_CACHE */ - VAR_LOG_SERVFAIL = 554, /* VAR_LOG_SERVFAIL */ - VAR_DENY_ANY = 555, /* VAR_DENY_ANY */ - VAR_UNKNOWN_SERVER_TIME_LIMIT = 556, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - VAR_LOG_TAG_QUERYREPLY = 557, /* VAR_LOG_TAG_QUERYREPLY */ - VAR_STREAM_WAIT_SIZE = 558, /* VAR_STREAM_WAIT_SIZE */ - VAR_TLS_CIPHERS = 559, /* VAR_TLS_CIPHERS */ - VAR_TLS_CIPHERSUITES = 560, /* VAR_TLS_CIPHERSUITES */ - VAR_TLS_USE_SNI = 561, /* VAR_TLS_USE_SNI */ - VAR_IPSET = 562, /* VAR_IPSET */ - VAR_IPSET_NAME_V4 = 563, /* VAR_IPSET_NAME_V4 */ - VAR_IPSET_NAME_V6 = 564, /* VAR_IPSET_NAME_V6 */ - VAR_TLS_SESSION_TICKET_KEYS = 565, /* VAR_TLS_SESSION_TICKET_KEYS */ - VAR_RPZ = 566, /* VAR_RPZ */ - VAR_TAGS = 567, /* VAR_TAGS */ - VAR_RPZ_ACTION_OVERRIDE = 568, /* VAR_RPZ_ACTION_OVERRIDE */ - VAR_RPZ_CNAME_OVERRIDE = 569, /* VAR_RPZ_CNAME_OVERRIDE */ - VAR_RPZ_LOG = 570, /* VAR_RPZ_LOG */ - VAR_RPZ_LOG_NAME = 571, /* VAR_RPZ_LOG_NAME */ - VAR_DYNLIB = 572, /* VAR_DYNLIB */ - VAR_DYNLIB_FILE = 573, /* VAR_DYNLIB_FILE */ - VAR_EDNS_CLIENT_STRING = 574, /* VAR_EDNS_CLIENT_STRING */ - VAR_EDNS_CLIENT_STRING_OPCODE = 575, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - VAR_NSID = 576, /* VAR_NSID */ - VAR_ZONEMD_PERMISSIVE_MODE = 577, /* VAR_ZONEMD_PERMISSIVE_MODE */ - VAR_ZONEMD_CHECK = 578, /* VAR_ZONEMD_CHECK */ - VAR_ZONEMD_REJECT_ABSENCE = 579, /* VAR_ZONEMD_REJECT_ABSENCE */ - VAR_RPZ_SIGNAL_NXDOMAIN_RA = 580, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */ - VAR_INTERFACE_AUTOMATIC_PORTS = 581, /* VAR_INTERFACE_AUTOMATIC_PORTS */ - VAR_EDE = 582, /* VAR_EDE */ - VAR_INTERFACE_ACTION = 583, /* VAR_INTERFACE_ACTION */ - VAR_INTERFACE_VIEW = 584, /* VAR_INTERFACE_VIEW */ - VAR_INTERFACE_TAG = 585, /* VAR_INTERFACE_TAG */ - VAR_INTERFACE_TAG_ACTION = 586, /* VAR_INTERFACE_TAG_ACTION */ - VAR_INTERFACE_TAG_DATA = 587, /* VAR_INTERFACE_TAG_DATA */ - VAR_PROXY_PROTOCOL_PORT = 588 /* VAR_PROXY_PROTOCOL_PORT */ - }; - typedef enum yytokentype yytoken_kind_t; -#endif -/* Token kinds. */ -#define YYEMPTY -2 -#define YYEOF 0 -#define YYerror 256 -#define YYUNDEF 257 -#define SPACE 258 -#define LETTER 259 -#define NEWLINE 260 -#define COMMENT 261 -#define COLON 262 -#define ANY 263 -#define ZONESTR 264 -#define STRING_ARG 265 -#define VAR_FORCE_TOPLEVEL 266 -#define VAR_SERVER 267 -#define VAR_VERBOSITY 268 -#define VAR_NUM_THREADS 269 -#define VAR_PORT 270 -#define VAR_OUTGOING_RANGE 271 -#define VAR_INTERFACE 272 -#define VAR_PREFER_IP4 273 -#define VAR_DO_IP4 274 -#define VAR_DO_IP6 275 -#define VAR_PREFER_IP6 276 -#define VAR_DO_UDP 277 -#define VAR_DO_TCP 278 -#define VAR_TCP_MSS 279 -#define VAR_OUTGOING_TCP_MSS 280 -#define VAR_TCP_IDLE_TIMEOUT 281 -#define VAR_EDNS_TCP_KEEPALIVE 282 -#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 283 -#define VAR_CHROOT 284 -#define VAR_USERNAME 285 -#define VAR_DIRECTORY 286 -#define VAR_LOGFILE 287 -#define VAR_PIDFILE 288 -#define VAR_MSG_CACHE_SIZE 289 -#define VAR_MSG_CACHE_SLABS 290 -#define VAR_NUM_QUERIES_PER_THREAD 291 -#define VAR_RRSET_CACHE_SIZE 292 -#define VAR_RRSET_CACHE_SLABS 293 -#define VAR_OUTGOING_NUM_TCP 294 -#define VAR_INFRA_HOST_TTL 295 -#define VAR_INFRA_LAME_TTL 296 -#define VAR_INFRA_CACHE_SLABS 297 -#define VAR_INFRA_CACHE_NUMHOSTS 298 -#define VAR_INFRA_CACHE_LAME_SIZE 299 -#define VAR_NAME 300 -#define VAR_STUB_ZONE 301 -#define VAR_STUB_HOST 302 -#define VAR_STUB_ADDR 303 -#define VAR_TARGET_FETCH_POLICY 304 -#define VAR_HARDEN_SHORT_BUFSIZE 305 -#define VAR_HARDEN_LARGE_QUERIES 306 -#define VAR_FORWARD_ZONE 307 -#define VAR_FORWARD_HOST 308 -#define VAR_FORWARD_ADDR 309 -#define VAR_DO_NOT_QUERY_ADDRESS 310 -#define VAR_HIDE_IDENTITY 311 -#define VAR_HIDE_VERSION 312 -#define VAR_IDENTITY 313 -#define VAR_VERSION 314 -#define VAR_HARDEN_GLUE 315 -#define VAR_MODULE_CONF 316 -#define VAR_TRUST_ANCHOR_FILE 317 -#define VAR_TRUST_ANCHOR 318 -#define VAR_VAL_OVERRIDE_DATE 319 -#define VAR_BOGUS_TTL 320 -#define VAR_VAL_CLEAN_ADDITIONAL 321 -#define VAR_VAL_PERMISSIVE_MODE 322 -#define VAR_INCOMING_NUM_TCP 323 -#define VAR_MSG_BUFFER_SIZE 324 -#define VAR_KEY_CACHE_SIZE 325 -#define VAR_KEY_CACHE_SLABS 326 -#define VAR_TRUSTED_KEYS_FILE 327 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 328 -#define VAR_USE_SYSLOG 329 -#define VAR_OUTGOING_INTERFACE 330 -#define VAR_ROOT_HINTS 331 -#define VAR_DO_NOT_QUERY_LOCALHOST 332 -#define VAR_CACHE_MAX_TTL 333 -#define VAR_HARDEN_DNSSEC_STRIPPED 334 -#define VAR_ACCESS_CONTROL 335 -#define VAR_LOCAL_ZONE 336 -#define VAR_LOCAL_DATA 337 -#define VAR_INTERFACE_AUTOMATIC 338 -#define VAR_STATISTICS_INTERVAL 339 -#define VAR_DO_DAEMONIZE 340 -#define VAR_USE_CAPS_FOR_ID 341 -#define VAR_STATISTICS_CUMULATIVE 342 -#define VAR_OUTGOING_PORT_PERMIT 343 -#define VAR_OUTGOING_PORT_AVOID 344 -#define VAR_DLV_ANCHOR_FILE 345 -#define VAR_DLV_ANCHOR 346 -#define VAR_NEG_CACHE_SIZE 347 -#define VAR_HARDEN_REFERRAL_PATH 348 -#define VAR_PRIVATE_ADDRESS 349 -#define VAR_PRIVATE_DOMAIN 350 -#define VAR_REMOTE_CONTROL 351 -#define VAR_CONTROL_ENABLE 352 -#define VAR_CONTROL_INTERFACE 353 -#define VAR_CONTROL_PORT 354 -#define VAR_SERVER_KEY_FILE 355 -#define VAR_SERVER_CERT_FILE 356 -#define VAR_CONTROL_KEY_FILE 357 -#define VAR_CONTROL_CERT_FILE 358 -#define VAR_CONTROL_USE_CERT 359 -#define VAR_TCP_REUSE_TIMEOUT 360 -#define VAR_MAX_REUSE_TCP_QUERIES 361 -#define VAR_EXTENDED_STATISTICS 362 -#define VAR_LOCAL_DATA_PTR 363 -#define VAR_JOSTLE_TIMEOUT 364 -#define VAR_STUB_PRIME 365 -#define VAR_UNWANTED_REPLY_THRESHOLD 366 -#define VAR_LOG_TIME_ASCII 367 -#define VAR_DOMAIN_INSECURE 368 -#define VAR_PYTHON 369 -#define VAR_PYTHON_SCRIPT 370 -#define VAR_VAL_SIG_SKEW_MIN 371 -#define VAR_VAL_SIG_SKEW_MAX 372 -#define VAR_VAL_MAX_RESTART 373 -#define VAR_CACHE_MIN_TTL 374 -#define VAR_VAL_LOG_LEVEL 375 -#define VAR_AUTO_TRUST_ANCHOR_FILE 376 -#define VAR_KEEP_MISSING 377 -#define VAR_ADD_HOLDDOWN 378 -#define VAR_DEL_HOLDDOWN 379 -#define VAR_SO_RCVBUF 380 -#define VAR_EDNS_BUFFER_SIZE 381 -#define VAR_PREFETCH 382 -#define VAR_PREFETCH_KEY 383 -#define VAR_SO_SNDBUF 384 -#define VAR_SO_REUSEPORT 385 -#define VAR_HARDEN_BELOW_NXDOMAIN 386 -#define VAR_IGNORE_CD_FLAG 387 -#define VAR_LOG_QUERIES 388 -#define VAR_LOG_REPLIES 389 -#define VAR_LOG_LOCAL_ACTIONS 390 -#define VAR_TCP_UPSTREAM 391 -#define VAR_SSL_UPSTREAM 392 -#define VAR_TCP_AUTH_QUERY_TIMEOUT 393 -#define VAR_SSL_SERVICE_KEY 394 -#define VAR_SSL_SERVICE_PEM 395 -#define VAR_SSL_PORT 396 -#define VAR_FORWARD_FIRST 397 -#define VAR_STUB_SSL_UPSTREAM 398 -#define VAR_FORWARD_SSL_UPSTREAM 399 -#define VAR_TLS_CERT_BUNDLE 400 -#define VAR_STUB_TCP_UPSTREAM 401 -#define VAR_FORWARD_TCP_UPSTREAM 402 -#define VAR_HTTPS_PORT 403 -#define VAR_HTTP_ENDPOINT 404 -#define VAR_HTTP_MAX_STREAMS 405 -#define VAR_HTTP_QUERY_BUFFER_SIZE 406 -#define VAR_HTTP_RESPONSE_BUFFER_SIZE 407 -#define VAR_HTTP_NODELAY 408 -#define VAR_HTTP_NOTLS_DOWNSTREAM 409 -#define VAR_STUB_FIRST 410 -#define VAR_MINIMAL_RESPONSES 411 -#define VAR_RRSET_ROUNDROBIN 412 -#define VAR_MAX_UDP_SIZE 413 -#define VAR_DELAY_CLOSE 414 -#define VAR_UDP_CONNECT 415 -#define VAR_UNBLOCK_LAN_ZONES 416 -#define VAR_INSECURE_LAN_ZONES 417 -#define VAR_INFRA_CACHE_MIN_RTT 418 -#define VAR_INFRA_CACHE_MAX_RTT 419 -#define VAR_INFRA_KEEP_PROBING 420 -#define VAR_DNS64_PREFIX 421 -#define VAR_DNS64_SYNTHALL 422 -#define VAR_DNS64_IGNORE_AAAA 423 -#define VAR_DNSTAP 424 -#define VAR_DNSTAP_ENABLE 425 -#define VAR_DNSTAP_SOCKET_PATH 426 -#define VAR_DNSTAP_IP 427 -#define VAR_DNSTAP_TLS 428 -#define VAR_DNSTAP_TLS_SERVER_NAME 429 -#define VAR_DNSTAP_TLS_CERT_BUNDLE 430 -#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 431 -#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 432 -#define VAR_DNSTAP_SEND_IDENTITY 433 -#define VAR_DNSTAP_SEND_VERSION 434 -#define VAR_DNSTAP_BIDIRECTIONAL 435 -#define VAR_DNSTAP_IDENTITY 436 -#define VAR_DNSTAP_VERSION 437 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 438 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 439 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 440 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 441 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 442 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 443 -#define VAR_RESPONSE_IP_TAG 444 -#define VAR_RESPONSE_IP 445 -#define VAR_RESPONSE_IP_DATA 446 -#define VAR_HARDEN_ALGO_DOWNGRADE 447 -#define VAR_IP_TRANSPARENT 448 -#define VAR_IP_DSCP 449 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 450 -#define VAR_IP_RATELIMIT 451 -#define VAR_IP_RATELIMIT_SLABS 452 -#define VAR_IP_RATELIMIT_SIZE 453 -#define VAR_RATELIMIT 454 -#define VAR_RATELIMIT_SLABS 455 -#define VAR_RATELIMIT_SIZE 456 -#define VAR_OUTBOUND_MSG_RETRY 457 -#define VAR_RATELIMIT_FOR_DOMAIN 458 -#define VAR_RATELIMIT_BELOW_DOMAIN 459 -#define VAR_IP_RATELIMIT_FACTOR 460 -#define VAR_RATELIMIT_FACTOR 461 -#define VAR_IP_RATELIMIT_BACKOFF 462 -#define VAR_RATELIMIT_BACKOFF 463 -#define VAR_SEND_CLIENT_SUBNET 464 -#define VAR_CLIENT_SUBNET_ZONE 465 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 466 -#define VAR_CLIENT_SUBNET_OPCODE 467 -#define VAR_MAX_CLIENT_SUBNET_IPV4 468 -#define VAR_MAX_CLIENT_SUBNET_IPV6 469 -#define VAR_MIN_CLIENT_SUBNET_IPV4 470 -#define VAR_MIN_CLIENT_SUBNET_IPV6 471 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 472 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 473 -#define VAR_CAPS_WHITELIST 474 -#define VAR_CACHE_MAX_NEGATIVE_TTL 475 -#define VAR_PERMIT_SMALL_HOLDDOWN 476 -#define VAR_QNAME_MINIMISATION 477 -#define VAR_QNAME_MINIMISATION_STRICT 478 -#define VAR_IP_FREEBIND 479 -#define VAR_DEFINE_TAG 480 -#define VAR_LOCAL_ZONE_TAG 481 -#define VAR_ACCESS_CONTROL_TAG 482 -#define VAR_LOCAL_ZONE_OVERRIDE 483 -#define VAR_ACCESS_CONTROL_TAG_ACTION 484 -#define VAR_ACCESS_CONTROL_TAG_DATA 485 -#define VAR_VIEW 486 -#define VAR_ACCESS_CONTROL_VIEW 487 -#define VAR_VIEW_FIRST 488 -#define VAR_SERVE_EXPIRED 489 -#define VAR_SERVE_EXPIRED_TTL 490 -#define VAR_SERVE_EXPIRED_TTL_RESET 491 -#define VAR_SERVE_EXPIRED_REPLY_TTL 492 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 493 -#define VAR_EDE_SERVE_EXPIRED 494 -#define VAR_SERVE_ORIGINAL_TTL 495 -#define VAR_FAKE_DSA 496 -#define VAR_FAKE_SHA1 497 -#define VAR_LOG_IDENTITY 498 -#define VAR_HIDE_TRUSTANCHOR 499 -#define VAR_HIDE_HTTP_USER_AGENT 500 -#define VAR_HTTP_USER_AGENT 501 -#define VAR_TRUST_ANCHOR_SIGNALING 502 -#define VAR_AGGRESSIVE_NSEC 503 -#define VAR_USE_SYSTEMD 504 -#define VAR_SHM_ENABLE 505 -#define VAR_SHM_KEY 506 -#define VAR_ROOT_KEY_SENTINEL 507 -#define VAR_DNSCRYPT 508 -#define VAR_DNSCRYPT_ENABLE 509 -#define VAR_DNSCRYPT_PORT 510 -#define VAR_DNSCRYPT_PROVIDER 511 -#define VAR_DNSCRYPT_SECRET_KEY 512 -#define VAR_DNSCRYPT_PROVIDER_CERT 513 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 514 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 515 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 516 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 517 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 518 -#define VAR_PAD_RESPONSES 519 -#define VAR_PAD_RESPONSES_BLOCK_SIZE 520 -#define VAR_PAD_QUERIES 521 -#define VAR_PAD_QUERIES_BLOCK_SIZE 522 -#define VAR_IPSECMOD_ENABLED 523 -#define VAR_IPSECMOD_HOOK 524 -#define VAR_IPSECMOD_IGNORE_BOGUS 525 -#define VAR_IPSECMOD_MAX_TTL 526 -#define VAR_IPSECMOD_WHITELIST 527 -#define VAR_IPSECMOD_STRICT 528 -#define VAR_CACHEDB 529 -#define VAR_CACHEDB_BACKEND 530 -#define VAR_CACHEDB_SECRETSEED 531 -#define VAR_CACHEDB_REDISHOST 532 -#define VAR_CACHEDB_REDISPORT 533 -#define VAR_CACHEDB_REDISTIMEOUT 534 -#define VAR_CACHEDB_REDISEXPIRERECORDS 535 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 536 -#define VAR_FOR_UPSTREAM 537 -#define VAR_AUTH_ZONE 538 -#define VAR_ZONEFILE 539 -#define VAR_MASTER 540 -#define VAR_URL 541 -#define VAR_FOR_DOWNSTREAM 542 -#define VAR_FALLBACK_ENABLED 543 -#define VAR_TLS_ADDITIONAL_PORT 544 -#define VAR_LOW_RTT 545 -#define VAR_LOW_RTT_PERMIL 546 -#define VAR_FAST_SERVER_PERMIL 547 -#define VAR_FAST_SERVER_NUM 548 -#define VAR_ALLOW_NOTIFY 549 -#define VAR_TLS_WIN_CERT 550 -#define VAR_TCP_CONNECTION_LIMIT 551 -#define VAR_FORWARD_NO_CACHE 552 -#define VAR_STUB_NO_CACHE 553 -#define VAR_LOG_SERVFAIL 554 -#define VAR_DENY_ANY 555 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 556 -#define VAR_LOG_TAG_QUERYREPLY 557 -#define VAR_STREAM_WAIT_SIZE 558 -#define VAR_TLS_CIPHERS 559 -#define VAR_TLS_CIPHERSUITES 560 -#define VAR_TLS_USE_SNI 561 -#define VAR_IPSET 562 -#define VAR_IPSET_NAME_V4 563 -#define VAR_IPSET_NAME_V6 564 -#define VAR_TLS_SESSION_TICKET_KEYS 565 -#define VAR_RPZ 566 -#define VAR_TAGS 567 -#define VAR_RPZ_ACTION_OVERRIDE 568 -#define VAR_RPZ_CNAME_OVERRIDE 569 -#define VAR_RPZ_LOG 570 -#define VAR_RPZ_LOG_NAME 571 -#define VAR_DYNLIB 572 -#define VAR_DYNLIB_FILE 573 -#define VAR_EDNS_CLIENT_STRING 574 -#define VAR_EDNS_CLIENT_STRING_OPCODE 575 -#define VAR_NSID 576 -#define VAR_ZONEMD_PERMISSIVE_MODE 577 -#define VAR_ZONEMD_CHECK 578 -#define VAR_ZONEMD_REJECT_ABSENCE 579 -#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 580 -#define VAR_INTERFACE_AUTOMATIC_PORTS 581 -#define VAR_EDE 582 -#define VAR_INTERFACE_ACTION 583 -#define VAR_INTERFACE_VIEW 584 -#define VAR_INTERFACE_TAG 585 -#define VAR_INTERFACE_TAG_ACTION 586 -#define VAR_INTERFACE_TAG_DATA 587 -#define VAR_PROXY_PROTOCOL_PORT 588 - -/* Value type. */ -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -union YYSTYPE -{ -#line 67 "./util/configparser.y" - - char* str; - -#line 737 "util/configparser.h" - -}; -typedef union YYSTYPE YYSTYPE; -# define YYSTYPE_IS_TRIVIAL 1 -# define YYSTYPE_IS_DECLARED 1 -#endif - - -extern YYSTYPE yylval; - - -int yyparse (void); - - -#endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED */ diff --git a/util/configparser.y b/util/configparser.y index 3ecdad2ad..d07b8788f 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -73,9 +73,10 @@ extern struct config_parser_state* cfg_parser; %token VAR_FORCE_TOPLEVEL %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4 -%token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP +%token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT +%token VAR_SOCK_QUEUE_TIMEOUT %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP @@ -123,6 +124,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA +%token VAR_NAT64_PREFIX %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE @@ -140,7 +142,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_DISABLE_DNSSEC_LAME_CHECK %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE -%token VAR_OUTBOUND_MSG_RETRY +%token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF @@ -175,7 +177,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT -%token VAR_CACHEDB_REDISEXPIRERECORDS +%token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL @@ -193,7 +195,8 @@ extern struct config_parser_state* cfg_parser; %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA -%token VAR_PROXY_PROTOCOL_PORT +%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO +%token VAR_HARDEN_UNKNOWN_ADDITIONAL %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -222,10 +225,11 @@ contents_server: contents_server content_server | ; content_server: server_num_threads | server_verbosity | server_port | server_outgoing_range | server_do_ip4 | - server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 | - server_do_udp | server_do_tcp | + server_do_ip6 | server_do_nat64 | server_prefer_ip4 | + server_prefer_ip6 | server_do_udp | server_do_tcp | server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout | server_tcp_keepalive | server_tcp_keepalive_timeout | + server_sock_queue_timeout | server_interface | server_chroot | server_username | server_directory | server_logfile | server_pidfile | server_msg_cache_size | server_msg_cache_slabs | @@ -273,6 +277,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_so_reuseport | server_delay_close | server_udp_connect | server_unblock_lan_zones | server_insecure_lan_zones | server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa | + server_nat64_prefix | server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade | server_ip_transparent | server_ip_ratelimit | server_ratelimit | server_ip_dscp | server_infra_keep_probing | @@ -282,6 +287,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_ratelimit_below_domain | server_ratelimit_factor | server_ip_ratelimit_factor | server_ratelimit_backoff | server_ip_ratelimit_backoff | server_outbound_msg_retry | + server_max_sent_count | server_max_query_restarts | server_send_client_subnet | server_client_subnet_zone | server_client_subnet_always_forward | server_client_subnet_opcode | server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 | @@ -301,7 +307,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_serve_expired | server_serve_expired_ttl | server_serve_expired_ttl_reset | server_serve_expired_reply_ttl | server_serve_expired_client_timeout | - server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa | + server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa | server_log_identity | server_use_systemd | server_response_ip_tag | server_response_ip | server_response_ip_data | server_shm_enable | server_shm_key | server_fake_sha1 | @@ -322,7 +328,8 @@ content_server: server_num_threads | server_verbosity | server_port | server_zonemd_permissive_mode | server_max_reuse_tcp_queries | server_tcp_reuse_timeout | server_tcp_auth_query_timeout | server_interface_automatic_ports | server_ede | - server_proxy_protocol_port + server_proxy_protocol_port | server_statistics_inhibit_zero | + server_harden_unknown_additional ; stubstart: VAR_STUB_ZONE { @@ -485,7 +492,7 @@ rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG rpzstart: VAR_RPZ { struct config_auth* s; - OUTYY(("\nP(rpz:)\n")); + OUTYY(("\nP(rpz:)\n")); cfg_parser->started_toplevel = 1; s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); if(s) { @@ -501,7 +508,7 @@ rpzstart: VAR_RPZ } } ; -contents_rpz: contents_rpz content_rpz +contents_rpz: contents_rpz content_rpz | ; content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url | auth_allow_notify | rpz_action_override | rpz_cname_override | @@ -554,6 +561,15 @@ server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG free($2); } ; +server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG + { + OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0); + free($2); + } + ; server_shm_enable: VAR_SHM_ENABLE STRING_ARG { OUTYY(("P(server_shm_enable:%s)\n", $2)); @@ -840,6 +856,15 @@ server_do_ip6: VAR_DO_IP6 STRING_ARG free($2); } ; +server_do_nat64: VAR_DO_NAT64 STRING_ARG + { + OUTYY(("P(server_do_nat64:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0); + free($2); + } + ; server_do_udp: VAR_DO_UDP STRING_ARG { OUTYY(("P(server_do_udp:%s)\n", $2)); @@ -962,6 +987,19 @@ server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG free($2); } ; +server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG + { + OUTYY(("P(server_sock_queue_timeout:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) > 6553500) + cfg_parser->cfg->sock_queue_timeout = 6553500; + else if (atoi($2) < 1) + cfg_parser->cfg->sock_queue_timeout = 0; + else cfg_parser->cfg->sock_queue_timeout = atoi($2); + free($2); + } + ; server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG { OUTYY(("P(server_tcp_upstream:%s)\n", $2)); @@ -1768,6 +1806,16 @@ server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG free($2); } ; +server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG + { + OUTYY(("P(server_harden_unknown_additional:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_unknown_additional = + (strcmp($2, "yes")==0); + free($2); + } + ; server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG { OUTYY(("P(server_use_caps_for_id:%s)\n", $2)); @@ -2196,6 +2244,7 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 && strcmp($3, "typetransparent")!=0 && strcmp($3, "always_transparent")!=0 + && strcmp($3, "block_a")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 && strcmp($3, "always_nodata")!=0 @@ -2208,7 +2257,7 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "inform_redirect, always_transparent, " + "inform_redirect, always_transparent, block_a," "always_refuse, always_nxdomain, " "always_nodata, always_deny, always_null, " "noview, nodefault or ipset"); @@ -2323,6 +2372,13 @@ server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG fatal_exit("out of memory adding dns64-ignore-aaaa"); } ; +server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG + { + OUTYY(("P(nat64_prefix:%s)\n", $2)); + free(cfg_parser->cfg->nat64_prefix); + cfg_parser->cfg->nat64_prefix = $2; + } + ; server_define_tag: VAR_DEFINE_TAG STRING_ARG { char* p, *s = $2; @@ -2636,6 +2692,24 @@ server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG free($2); } ; +server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG + { + OUTYY(("P(server_max_sent_count:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_sent_count = atoi($2); + free($2); + } + ; +server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG + { + OUTYY(("P(server_max_query_restarts:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_query_restarts = atoi($2); + free($2); + } + ; server_low_rtt: VAR_LOW_RTT STRING_ARG { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); @@ -2685,7 +2759,7 @@ server_pad_responses: VAR_PAD_RESPONSES STRING_ARG OUTYY(("P(server_pad_responses:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); - else cfg_parser->cfg->pad_responses = + else cfg_parser->cfg->pad_responses = (strcmp($2, "yes")==0); free($2); } @@ -2704,7 +2778,7 @@ server_pad_queries: VAR_PAD_QUERIES STRING_ARG OUTYY(("P(server_pad_queries:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); - else cfg_parser->cfg->pad_queries = + else cfg_parser->cfg->pad_queries = (strcmp($2, "yes")==0); free($2); } @@ -3444,8 +3518,8 @@ py_script: VAR_PYTHON_SCRIPT STRING_ARG yyerror("out of memory"); } dynlibstart: VAR_DYNLIB - { - OUTYY(("\nP(dynlib:)\n")); + { + OUTYY(("\nP(dynlib:)\n")); cfg_parser->started_toplevel = 1; } ; @@ -3613,7 +3687,7 @@ contents_cachedb: contents_cachedb content_cachedb | ; content_cachedb: cachedb_backend_name | cachedb_secret_seed | redis_server_host | redis_server_port | redis_timeout | - redis_expire_records + redis_expire_records | redis_server_path | redis_server_password ; cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG { @@ -3666,6 +3740,30 @@ redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG free($2); } ; +redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_path:%s)\n", $2)); + free(cfg_parser->cfg->redis_server_path); + cfg_parser->cfg->redis_server_path = $2; + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free($2); + #endif + } + ; +redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_password:%s)\n", $2)); + free(cfg_parser->cfg->redis_server_password); + cfg_parser->cfg->redis_server_password = $2; + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free($2); + #endif + } + ; redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG { #if defined(USE_CACHEDB) && defined(USE_REDIS) diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 3360f3175..792387444 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -117,16 +117,9 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, rep->ar_numrrsets = ar; rep->rrset_count = total; rep->security = sec; - /* verify that we set the EDE to none by setting it explicitly */ - if (reason_bogus != LDNS_EDE_NONE) { - rep->reason_bogus = reason_bogus; - } else { - rep->reason_bogus = LDNS_EDE_NONE; - } + rep->reason_bogus = reason_bogus; /* this is only allocated and used for caching on copy */ rep->reason_bogus_str = NULL; - rep->reason_bogus_str_size = 0; - rep->authoritative = 0; /* array starts after the refs */ if(region) @@ -589,9 +582,9 @@ reply_info_parsedelete(struct reply_info* rep, struct alloc_cache* alloc) for(i=0; irrset_count; i++) { ub_packed_rrset_parsedelete(rep->rrsets[i], alloc); } - - if (rep->reason_bogus_str_size) { + if(rep->reason_bogus_str) { free(rep->reason_bogus_str); + rep->reason_bogus_str = NULL; } free(rep); } @@ -674,8 +667,9 @@ void reply_info_delete(void* d, void* ATTR_UNUSED(arg)) { struct reply_info* r = (struct reply_info*)d; - if (r->reason_bogus_str_size) { + if(r->reason_bogus_str) { free(r->reason_bogus_str); + r->reason_bogus_str = NULL; } free(r); } @@ -753,35 +747,34 @@ repinfo_copy_rrsets(struct reply_info* dest, struct reply_info* from, return 1; } -struct reply_info* -reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, +struct reply_info* +reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, struct regional* region) { struct reply_info* cp; - cp = construct_reply_info_base(region, rep->flags, rep->qdcount, - rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, + cp = construct_reply_info_base(region, rep->flags, rep->qdcount, + rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets, rep->rrset_count, rep->security, rep->reason_bogus); if(!cp) return NULL; - if (rep->reason_bogus_str_size > 0 && rep->reason_bogus_str) { - if (region) { + if(rep->reason_bogus_str && *rep->reason_bogus_str != 0) { + if(region) { cp->reason_bogus_str = (char*)regional_alloc(region, - sizeof(char) * (rep->reason_bogus_str_size + 1)); + sizeof(char) + * (strlen(rep->reason_bogus_str)+1)); + } else { + cp->reason_bogus_str = malloc(sizeof(char) + * (strlen(rep->reason_bogus_str)+1)); } - else { - cp->reason_bogus_str = malloc(sizeof(char) * (rep->reason_bogus_str_size + 1)); - } - - if (!(cp->reason_bogus_str)) { + if(!cp->reason_bogus_str) { if(!region) reply_info_parsedelete(cp, alloc); return NULL; } memcpy(cp->reason_bogus_str, rep->reason_bogus_str, - rep->reason_bogus_str_size+1); - cp->reason_bogus_str_size = rep->reason_bogus_str_size; + strlen(rep->reason_bogus_str)+1); } /* allocate ub_key structures special or not */ @@ -1231,7 +1224,7 @@ int inplace_cb_query_response_call(struct module_env* env, } struct edns_option* edns_opt_copy_region(struct edns_option* list, - struct regional* region) + struct regional* region) { struct edns_option* result = NULL, *cur = NULL, *s; while(list) { @@ -1260,6 +1253,42 @@ struct edns_option* edns_opt_copy_region(struct edns_option* list, return result; } +struct edns_option* edns_opt_copy_filter_region(struct edns_option* list, + uint16_t* filter_list, size_t filter_list_len, struct regional* region) +{ + struct edns_option* result = NULL, *cur = NULL, *s; + size_t i; + while(list) { + for(i=0; iopt_code) goto found; + if(i == filter_list_len) goto next; +found: + /* copy edns option structure */ + s = regional_alloc_init(region, list, sizeof(*list)); + if(!s) return NULL; + s->next = NULL; + + /* copy option data */ + if(s->opt_data) { + s->opt_data = regional_alloc_init(region, s->opt_data, + s->opt_len); + if(!s->opt_data) + return NULL; + } + + /* link into list */ + if(cur) + cur->next = s; + else result = s; + cur = s; + +next: + /* examine next element */ + list = list->next; + } + return result; +} + int edns_opt_compare(struct edns_option* p, struct edns_option* q) { if(!p && !q) return 0; diff --git a/util/data/msgreply.h b/util/data/msgreply.h index c3ca39f09..1339fd9cc 100644 --- a/util/data/msgreply.h +++ b/util/data/msgreply.h @@ -170,20 +170,17 @@ struct reply_info { /** * EDE (rfc8914) code with reason for DNSSEC bogus status. + * Used for caching the EDE. */ sldns_ede_code reason_bogus; /** - * EDE (rfc8914) text string with human-readable reason for DNSSEC - * bogus status. Used for caching the EDE. + * EDE (rfc8914) NULL-terminated string with human-readable reason + * for DNSSEC bogus status. + * Used for caching the EDE. */ char* reason_bogus_str; - /** - * EDE (rfc8914) text string size. - */ - size_t reason_bogus_str_size; - /** * Number of RRsets in each section. * The answer section. Add up the RRs in every RRset to calculate @@ -251,15 +248,15 @@ struct msgreply_entry { * @param ar: ar count * @param total: total rrset count (presumably an+ns+ar). * @param sec: security status of the reply info. - * @param: reason_bogus: the Extended DNS Error for DNSSEC bogus status + * @param reason_bogus: the Extended DNS Error for DNSSEC bogus status * @return the reply_info base struct with the array for putting the rrsets * in. The array has been zeroed. Returns NULL on malloc failure. */ struct reply_info* construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, - time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns, - size_t ar, size_t total, enum sec_status sec, - sldns_ede_code reason_bogus); + time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns, + size_t ar, size_t total, enum sec_status sec, + sldns_ede_code reason_bogus); /** * Parse wire query into a queryinfo structure, return 0 on parse error. @@ -731,6 +728,12 @@ int inplace_cb_query_response_call(struct module_env* env, struct edns_option* edns_opt_copy_region(struct edns_option* list, struct regional* region); +/** + * Copy a filtered edns option list allocated to the new region + */ +struct edns_option* edns_opt_copy_filter_region(struct edns_option* list, + uint16_t* filter_list, size_t filter_list_len, struct regional* region); + /** * Copy edns option list allocated with malloc */ diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index dc8ab6693..3b88da235 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -659,6 +659,10 @@ int fptr_whitelist_inplace_cb_edns_back_parsed( #else (void)fptr; #endif +#ifdef WITH_PYTHONMODULE + if(fptr == &python_inplace_cb_edns_back_parsed_call) + return 1; +#endif #ifdef WITH_DYNLIBMODULE if(fptr == &dynlib_inplace_cb_edns_back_parsed) return 1; @@ -675,6 +679,10 @@ int fptr_whitelist_inplace_cb_query_response( #else (void)fptr; #endif +#ifdef WITH_PYTHONMODULE + if(fptr == &python_inplace_cb_query_response) + return 1; +#endif #ifdef WITH_DYNLIBMODULE if(fptr == &dynlib_inplace_cb_query_response) return 1; diff --git a/util/iana_ports.inc b/util/iana_ports.inc index b816f8a04..49e65dcb7 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -674,6 +674,8 @@ 911, 912, 913, +914, +915, 989, 990, 991, @@ -1901,6 +1903,7 @@ 2256, 2257, 2258, +2259, 2260, 2261, 2262, diff --git a/util/module.c b/util/module.c index 6698f9497..773dab853 100644 --- a/util/module.c +++ b/util/module.c @@ -84,8 +84,10 @@ void errinf_ede(struct module_qstate* qstate, const char* str, sldns_ede_code reason_bogus) { struct errinf_strlist* p; - if((qstate->env->cfg->val_log_level < 2 && !qstate->env->cfg->log_servfail) || !str) + if(!str || (qstate->env->cfg->val_log_level < 2 && + !qstate->env->cfg->log_servfail)) { return; + } p = (struct errinf_strlist*)regional_alloc(qstate->region, sizeof(*p)); if(!p) { log_err("malloc failure in validator-error-info string"); @@ -152,15 +154,19 @@ char* errinf_to_str_bogus(struct module_qstate* qstate) return p; } +/* Try to find the latest (most specific) dnssec failure */ sldns_ede_code errinf_to_reason_bogus(struct module_qstate* qstate) { struct errinf_strlist* s; + sldns_ede_code ede = LDNS_EDE_NONE; for(s=qstate->errinf; s; s=s->next) { - if (s->reason_bogus != LDNS_EDE_NONE) { - return s->reason_bogus; - } + if(s->reason_bogus == LDNS_EDE_NONE) continue; + if(ede != LDNS_EDE_NONE + && ede != LDNS_EDE_DNSSEC_BOGUS + && s->reason_bogus == LDNS_EDE_DNSSEC_BOGUS) continue; + ede = s->reason_bogus; } - return LDNS_EDE_NONE; + return ede; } char* errinf_to_str_servfail(struct module_qstate* qstate) diff --git a/util/module.h b/util/module.h index 013c65b02..5b6fcc93c 100644 --- a/util/module.h +++ b/util/module.h @@ -619,6 +619,12 @@ struct module_qstate { /** if this is a validation recursion query that does not get * validation itself */ int is_valrec; +#ifdef CLIENT_SUBNET + /** the client network address is needed for the client-subnet option + * when prefetching, but we can't use reply_list in mesh_info, because + * we don't want to send a reply for the internal query. */ + struct sockaddr_storage client_addr; +#endif /** comm_reply contains server replies */ struct comm_reply* reply; @@ -671,6 +677,8 @@ struct module_qstate { * those servers. By comparing expiry time with qstarttime for type NS. */ time_t qstarttime; + /** whether a message from cachedb will be used for the reply */ + int is_cachedb_answer; /** * Attributes of clients that share the qstate that may affect IP-based @@ -818,11 +826,11 @@ void errinf_dname(struct module_qstate* qstate, const char* str, * This string is malloced and has to be freed by caller. */ char* errinf_to_str_bogus(struct module_qstate* qstate); + /** - * Check the sldns_ede_code of the qstate. + * Check the sldns_ede_code of the qstate->errinf. * @param qstate: query state. - * @return LDNS_EDE_DNSSEC_BOGUS by default, or the first explicitly set - * sldns_ede_code. + * @return the latest explicitly set sldns_ede_code or LDNS_EDE_NONE. */ sldns_ede_code errinf_to_reason_bogus(struct module_qstate* qstate); diff --git a/util/net_help.c b/util/net_help.c index 54fad6986..e559c9b2f 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -779,8 +779,8 @@ addr_in_common(struct sockaddr_storage* addr1, int net1, return match; } -void -addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, +void +addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, char* buf, size_t len) { int af = (int)((struct sockaddr_in*)addr)->sin_family; @@ -792,7 +792,50 @@ addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, } } -int +int +prefixnet_is_nat64(int prefixnet) +{ + return (prefixnet == 32 || prefixnet == 40 || + prefixnet == 48 || prefixnet == 56 || + prefixnet == 64 || prefixnet == 96); +} + +void +addr_to_nat64(const struct sockaddr_storage* addr, + const struct sockaddr_storage* nat64_prefix, + socklen_t nat64_prefixlen, int nat64_prefixnet, + struct sockaddr_storage* nat64_addr, socklen_t* nat64_addrlen) +{ + struct sockaddr_in *sin = (struct sockaddr_in *)addr; + struct sockaddr_in6 *sin6; + uint8_t *v4_byte; + + /* This needs to be checked by the caller */ + log_assert(addr->ss_family == AF_INET); + /* Current usage is only from config values; prefix lengths enforced + * during config validation */ + log_assert(prefixnet_is_nat64(nat64_prefixnet)); + + *nat64_addr = *nat64_prefix; + *nat64_addrlen = nat64_prefixlen; + + sin6 = (struct sockaddr_in6 *)nat64_addr; + sin6->sin6_flowinfo = 0; + sin6->sin6_port = sin->sin_port; + + nat64_prefixnet = nat64_prefixnet / 8; + + v4_byte = (uint8_t *)&sin->sin_addr.s_addr; + for(int i = 0; i < 4; i++) { + if(nat64_prefixnet == 8) { + /* bits 64...71 are MBZ */ + sin6->sin6_addr.s6_addr[nat64_prefixnet++] = 0; + } + sin6->sin6_addr.s6_addr[nat64_prefixnet++] = *v4_byte++; + } +} + +int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen) { /* prefix for ipv4 into ipv6 mapping is ::ffff:x.x.x.x */ @@ -1005,6 +1048,16 @@ listen_sslctx_setup(void* ctxt) log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list"); } #endif +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF) + /* ignore errors when peers do not send the mandatory close_notify + * alert on shutdown. + * Relevant for openssl >= 3 */ + if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) & + SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) { + log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF"); + return 0; + } +#endif if((SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE) & SSL_OP_CIPHER_SERVER_PREFERENCE) != @@ -1233,6 +1286,17 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert) SSL_CTX_free(ctx); return 0; } +#endif +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF) + /* ignore errors when peers do not send the mandatory close_notify + * alert on shutdown. + * Relevant for openssl >= 3 */ + if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) & + SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) { + log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF"); + SSL_CTX_free(ctx); + return 0; + } #endif if(key && key[0]) { if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { diff --git a/util/net_help.h b/util/net_help.h index f1881b3ed..a9de910d5 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -331,6 +331,29 @@ int addr_in_common(struct sockaddr_storage* addr1, int net1, void addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, char* buf, size_t len); +/** + * Check if the prefix network length is one of the allowed 32, 40, 48, 56, 64, + * or 96. + * @param prefixnet: prefix network length to check. + * @return 1 on success, 0 on failure. + */ +int prefixnet_is_nat64(int prefixnet); + +/** + * Create a NAT64 address from a given address (needs to be IPv4) and a given + * NAT64 prefix. The NAT64 prefix net needs to be one of 32, 40, 48, 56, 64, 96. + * @param addr: IPv4 address. + * @param nat64_prefix: NAT64 prefix. + * @param nat64_prefixlen: NAT64 prefix len. + * @param nat64_prefixnet: NAT64 prefix mask. + * @param nat64_addr: the resulting NAT64 address. + * @param nat64_addrlen: the resulting NAT64 address length. + */ +void addr_to_nat64(const struct sockaddr_storage* addr, + const struct sockaddr_storage* nat64_prefix, + socklen_t nat64_prefixlen, int nat64_prefixnet, + struct sockaddr_storage* nat64_addr, socklen_t* nat64_addrlen); + /** * See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0" * @param addr: address diff --git a/util/netevent.c b/util/netevent.c index 6ddeb076d..f9f9fc116 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -46,6 +46,7 @@ #include "util/tcp_conn_limit.h" #include "util/fptr_wlist.h" #include "util/proxy_protocol.h" +#include "util/timeval_func.h" #include "sldns/pkthdr.h" #include "sldns/sbuffer.h" #include "sldns/str2wire.h" @@ -71,7 +72,9 @@ #ifdef HAVE_OPENSSL_ERR_H #include #endif - +#ifdef HAVE_LINUX_NET_TSTAMP_H +#include +#endif /* -------- Start of local definitions -------- */ /** if CMSG_ALIGN is not defined on this platform, a workaround */ #ifndef CMSG_ALIGN @@ -114,6 +117,16 @@ /** timeout in millisec to wait for write to unblock, packets dropped after.*/ #define SEND_BLOCKED_WAIT_TIMEOUT 200 +/** Let's make timestamping code cleaner and redefine SO_TIMESTAMP* */ +#ifndef SO_TIMESTAMP +#define SO_TIMESTAMP 29 +#endif +#ifndef SO_TIMESTAMPNS +#define SO_TIMESTAMPNS 35 +#endif +#ifndef SO_TIMESTAMPING +#define SO_TIMESTAMPING 37 +#endif /** * The internal event structure for keeping ub_event info for the event. * Possibly other structures (list, tree) this is part of. @@ -177,7 +190,7 @@ static struct comm_point* comm_point_create_tcp_handler( /* -------- End of local definitions -------- */ -struct comm_base* +struct comm_base* comm_base_create(int sigs) { struct comm_base* b = (struct comm_base*)calloc(1, @@ -220,7 +233,7 @@ comm_base_create_event(struct ub_event_base* base) return b; } -void +void comm_base_delete(struct comm_base* b) { if(!b) @@ -237,7 +250,7 @@ comm_base_delete(struct comm_base* b) free(b); } -void +void comm_base_delete_no_base(struct comm_base* b) { if(!b) @@ -253,14 +266,14 @@ comm_base_delete_no_base(struct comm_base* b) free(b); } -void +void comm_base_timept(struct comm_base* b, time_t** tt, struct timeval** tv) { *tt = &b->eb->secs; *tv = &b->eb->now; } -void +void comm_base_dispatch(struct comm_base* b) { int retval; @@ -470,7 +483,7 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, (struct sockaddr_storage*)addr, addrlen); return 0; } else if((size_t)sent != sldns_buffer_remaining(packet)) { - log_err("sent %d in place of %d bytes", + log_err("sent %d in place of %d bytes", (int)sent, (int)sldns_buffer_remaining(packet)); return 0; } @@ -489,7 +502,7 @@ static void p_ancil(const char* str, struct comm_reply* r) if(r->srctype == 6) { #ifdef IPV6_PKTINFO char buf[1024]; - if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr, + if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr, buf, (socklen_t)sizeof(buf)) == 0) { (void)strlcpy(buf, "(inet_ntop error)", sizeof(buf)); } @@ -499,13 +512,13 @@ static void p_ancil(const char* str, struct comm_reply* r) } else if(r->srctype == 4) { #ifdef IP_PKTINFO char buf1[1024], buf2[1024]; - if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_addr, + if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_addr, buf1, (socklen_t)sizeof(buf1)) == 0) { (void)strlcpy(buf1, "(inet_ntop error)", sizeof(buf1)); } buf1[sizeof(buf1)-1]=0; #ifdef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST - if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_spec_dst, + if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_spec_dst, buf2, (socklen_t)sizeof(buf2)) == 0) { (void)strlcpy(buf2, "(inet_ntop error)", sizeof(buf2)); } @@ -517,7 +530,7 @@ static void p_ancil(const char* str, struct comm_reply* r) buf1, buf2); #elif defined(IP_RECVDSTADDR) char buf1[1024]; - if(inet_ntop(AF_INET, &r->pktinfo.v4addr, + if(inet_ntop(AF_INET, &r->pktinfo.v4addr, buf1, (socklen_t)sizeof(buf1)) == 0) { (void)strlcpy(buf1, "(inet_ntop error)", sizeof(buf1)); } @@ -531,7 +544,7 @@ static void p_ancil(const char* str, struct comm_reply* r) /** send a UDP reply over specified interface*/ static int comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen, struct comm_reply* r) + struct sockaddr* addr, socklen_t addrlen, struct comm_reply* r) { #if defined(AF_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_SENDMSG) ssize_t sent; @@ -613,7 +626,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); } #endif /* S_SPLINT_S */ - if(verbosity >= VERB_ALGO) + if(verbosity >= VERB_ALGO && r->srctype != 0) p_ancil("send_udp over interface", r); sent = sendmsg(c->fd, &msg, 0); if(sent == -1) { @@ -695,7 +708,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, if(!udp_send_errno_needs_log(addr, addrlen)) return 0; verbose(VERB_OPS, "sendmsg failed: %s", strerror(errno)); - log_addr(VERB_OPS, "remote address is", + log_addr(VERB_OPS, "remote address is", (struct sockaddr_storage*)addr, addrlen); #ifdef __NetBSD__ /* netbsd 7 has IP_PKTINFO for recv but not send */ @@ -705,7 +718,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, #endif return 0; } else if((size_t)sent != sldns_buffer_remaining(packet)) { - log_err("sent %d in place of %d bytes", + log_err("sent %d in place of %d bytes", (int)sent, (int)sldns_buffer_remaining(packet)); return 0; } @@ -817,7 +830,7 @@ done: return 1; } -void +void comm_point_udp_ancil_callback(int fd, short event, void* arg) { #if defined(AF_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_RECVMSG) @@ -833,6 +846,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) #ifndef S_SPLINT_S struct cmsghdr* cmsg; #endif /* S_SPLINT_S */ +#ifdef HAVE_LINUX_NET_TSTAMP_H + struct timespec *ts; +#endif /* HAVE_LINUX_NET_TSTAMP_H */ rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); @@ -843,6 +859,7 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) ub_comm_base_now(rep.c->ev->base); for(i=0; ibuffer); + timeval_clear(&rep.c->recv_tv); rep.remote_addrlen = (socklen_t)sizeof(rep.remote_addr); log_assert(fd != -1); log_assert(sldns_buffer_remaining(rep.c->buffer) > 0); @@ -894,9 +911,23 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) sizeof(struct in_addr)); break; #endif /* IP_PKTINFO or IP_RECVDSTADDR */ +#ifdef HAVE_LINUX_NET_TSTAMP_H + } else if( cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SO_TIMESTAMPNS) { + ts = (struct timespec *)CMSG_DATA(cmsg); + TIMESPEC_TO_TIMEVAL(&rep.c->recv_tv, ts); + } else if( cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SO_TIMESTAMPING) { + ts = (struct timespec *)CMSG_DATA(cmsg); + TIMESPEC_TO_TIMEVAL(&rep.c->recv_tv, ts); + } else if( cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SO_TIMESTAMP) { + memmove(&rep.c->recv_tv, CMSG_DATA(cmsg), sizeof(struct timeval)); +#endif /* HAVE_LINUX_NET_TSTAMP_H */ } } - if(verbosity >= VERB_ALGO) + + if(verbosity >= VERB_ALGO && rep.srctype != 0) p_ancil("receive_udp on interface", &rep); #endif /* S_SPLINT_S */ @@ -930,7 +961,7 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) #endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG */ } -void +void comm_point_udp_callback(int fd, short event, void* arg) { struct comm_reply rep; @@ -950,14 +981,14 @@ comm_point_udp_callback(int fd, short event, void* arg) rep.remote_addrlen = (socklen_t)sizeof(rep.remote_addr); log_assert(fd != -1); log_assert(sldns_buffer_remaining(rep.c->buffer) > 0); - rcv = recvfrom(fd, (void*)sldns_buffer_begin(rep.c->buffer), + rcv = recvfrom(fd, (void*)sldns_buffer_begin(rep.c->buffer), sldns_buffer_remaining(rep.c->buffer), MSG_DONTWAIT, (struct sockaddr*)&rep.remote_addr, &rep.remote_addrlen); if(rcv == -1) { #ifndef USE_WINSOCK if(errno != EAGAIN && errno != EINTR && udp_recv_needs_log(errno)) - log_err("recvfrom %d failed: %s", + log_err("recvfrom %d failed: %s", fd, strerror(errno)); #else if(WSAGetLastError() != WSAEINPROGRESS && @@ -1012,7 +1043,7 @@ int adjusted_tcp_timeout(struct comm_point* c) /** Use a new tcp handler for new query fd, set to read query */ static void -setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) +setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) { int handler_usage; log_assert(c->type == comm_tcp || c->type == comm_http); @@ -1076,10 +1107,10 @@ int comm_point_perform_accept(struct comm_point* c, /* EINTR is signal interrupt. others are closed connection. */ if( errno == EINTR || errno == EAGAIN #ifdef EWOULDBLOCK - || errno == EWOULDBLOCK + || errno == EWOULDBLOCK #endif #ifdef ECONNABORTED - || errno == ECONNABORTED + || errno == ECONNABORTED #endif #ifdef EPROTO || errno == EPROTO @@ -1253,7 +1284,7 @@ static int http2_submit_settings(struct http2_session* h2_session) #endif /* HAVE_NGHTTP2 */ -void +void comm_point_tcp_accept_callback(int fd, short event, void* arg) { struct comm_point* c = (struct comm_point*)arg, *c_hdl; @@ -2161,7 +2192,7 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) log_err("in comm_point_tcp_handle_read buffer_remaining is " "not > 0 as expected, continuing with (harmless) 0 " "length recv"); - r = recv(fd, (void*)sldns_buffer_current(c->buffer), + r = recv(fd, (void*)sldns_buffer_current(c->buffer), sldns_buffer_remaining(c->buffer), MSG_DONTWAIT); if(r == 0) { if(c->tcp_req_info) @@ -2252,8 +2283,8 @@ recv_error: return 0; } -/** - * Handle tcp writing callback. +/** + * Handle tcp writing callback. * @param fd: file descriptor of socket. * @param c: comm point to write buffer out of. * @return: 0 on error @@ -2277,7 +2308,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ int error = 0; socklen_t len = (socklen_t)sizeof(error); - if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, &len) < 0){ #ifndef USE_WINSOCK error = errno; /* on solaris errno is error */ @@ -2318,7 +2349,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) return ssl_handle_it(c, 1); #ifdef USE_MSG_FASTOPEN - /* Only try this on first use of a connection that uses tfo, + /* Only try this on first use of a connection that uses tfo, otherwise fall through to normal write */ /* Also, TFO support on WINDOWS not implemented at the moment */ if(c->tcp_do_fastopen == 1) { @@ -2473,7 +2504,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if(WSAGetLastError() == WSAEWOULDBLOCK) { ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); - return 1; + return 1; } if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ @@ -2522,7 +2553,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) return 1; if(WSAGetLastError() == WSAEWOULDBLOCK) { ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); - return 1; + return 1; } if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ @@ -2541,7 +2572,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); } - + return 1; } @@ -2561,7 +2592,7 @@ tcp_req_info_read_again(int fd, struct comm_point* c) if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } return 0; @@ -2618,7 +2649,7 @@ tcp_more_write_again(int fd, struct comm_point* c) } } -void +void comm_point_tcp_handle_callback(int fd, short event, void* arg) { struct comm_point* c = (struct comm_point*)arg; @@ -2665,6 +2696,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) #endif ) { int has_tcpq = (c->tcp_req_info != NULL); + int* moreread = c->tcp_more_read_again; if(!comm_point_tcp_handle_read(fd, c, 0)) { reclaim_tcp_handler(c); if(!c->tcp_do_close) { @@ -2679,12 +2711,13 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) if(!tcp_req_info_read_again(fd, c)) return; } - if(c->tcp_more_read_again && *c->tcp_more_read_again) + if(moreread && *moreread) tcp_more_read_again(fd, c); return; } if(event&UB_EV_WRITE) { int has_tcpq = (c->tcp_req_info != NULL); + int* morewrite = c->tcp_more_write_again; if(!comm_point_tcp_handle_write(fd, c)) { reclaim_tcp_handler(c); if(!c->tcp_do_close) { @@ -2699,7 +2732,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) if(!tcp_req_info_read_again(fd, c)) return; } - if(c->tcp_more_write_again && *c->tcp_more_write_again) + if(morewrite && *morewrite) tcp_more_write_again(fd, c); return; } @@ -2781,7 +2814,7 @@ http_read_more(int fd, struct comm_point* c) { ssize_t r; log_assert(sldns_buffer_remaining(c->buffer) > 0); - r = recv(fd, (void*)sldns_buffer_current(c->buffer), + r = recv(fd, (void*)sldns_buffer_current(c->buffer), sldns_buffer_remaining(c->buffer), MSG_DONTWAIT); if(r == 0) { return 0; @@ -3050,7 +3083,7 @@ http_chunked_segment(struct comm_point* c) /* return and wait to read more */ return 1; } - + /* callback of http reader for a new part of the data */ c->http_stored = 0; sldns_buffer_set_position(c->buffer, 0); @@ -3400,7 +3433,7 @@ http_check_connect(int fd, struct comm_point* c) /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ int error = 0; socklen_t len = (socklen_t)sizeof(error); - if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, &len) < 0){ #ifndef USE_WINSOCK error = errno; /* on solaris errno is error */ @@ -3485,7 +3518,7 @@ http_write_more(int fd, struct comm_point* c) { ssize_t r; log_assert(sldns_buffer_remaining(c->buffer) > 0); - r = send(fd, (void*)sldns_buffer_current(c->buffer), + r = send(fd, (void*)sldns_buffer_current(c->buffer), sldns_buffer_remaining(c->buffer), 0); if(r == -1) { #ifndef USE_WINSOCK @@ -3496,7 +3529,7 @@ http_write_more(int fd, struct comm_point* c) return 1; if(WSAGetLastError() == WSAEWOULDBLOCK) { ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); - return 1; + return 1; } #endif log_err_addr("http send r", sock_strerror(errno), @@ -3617,8 +3650,8 @@ comm_point_http2_handle_write(int ATTR_UNUSED(fd), struct comm_point* c) #endif } -/** - * Handle http writing callback. +/** + * Handle http writing callback. * @param fd: file descriptor of socket. * @param c: comm point to write buffer out of. * @return: 0 on error @@ -3684,7 +3717,7 @@ comm_point_http_handle_write(int fd, struct comm_point* c) return 1; } -void +void comm_point_http_handle_callback(int fd, short event, void* arg) { struct comm_point* c = (struct comm_point*)arg; @@ -3737,7 +3770,7 @@ void comm_point_local_handle_callback(int fd, short event, void* arg) if(event&UB_EV_READ) { if(!comm_point_tcp_handle_read(fd, c, 1)) { fptr_ok(fptr_whitelist_comm_point(c->callback)); - (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } return; @@ -3745,21 +3778,21 @@ void comm_point_local_handle_callback(int fd, short event, void* arg) log_err("Ignored event %d for localhdl.", event); } -void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), +void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), short event, void* arg) { struct comm_point* c = (struct comm_point*)arg; int err = NETEVENT_NOERROR; log_assert(c->type == comm_raw); ub_comm_base_now(c->ev->base); - + if(event&UB_EV_TIMEOUT) err = NETEVENT_TIMEOUT; fptr_ok(fptr_whitelist_comm_point_raw(c->callback)); (void)(*c->callback)(c, c->cb_arg, err, NULL); } -struct comm_point* +struct comm_point* comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, int pp2_enabled, comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) @@ -3807,7 +3840,11 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, evbits = UB_EV_READ | UB_EV_PERSIST; /* ub_event stuff */ c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, +#ifdef USE_WINSOCK comm_point_udp_callback, c); +#else + comm_point_udp_ancil_callback, c); +#endif if(c->ev->ev == NULL) { log_err("could not baseset udp event"); comm_point_delete(c); @@ -3822,7 +3859,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, return c; } -struct comm_point* +struct comm_point* comm_point_create_udp_ancil(struct comm_base *base, int fd, sldns_buffer* buffer, int pp2_enabled, comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) @@ -3885,8 +3922,8 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd, return c; } -static struct comm_point* -comm_point_create_tcp_handler(struct comm_base *base, +static struct comm_point* +comm_point_create_tcp_handler(struct comm_base *base, struct comm_point* parent, size_t bufsize, struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) @@ -3983,8 +4020,8 @@ comm_point_create_tcp_handler(struct comm_base *base, return c; } -static struct comm_point* -comm_point_create_http_handler(struct comm_base *base, +static struct comm_point* +comm_point_create_http_handler(struct comm_base *base, struct comm_point* parent, size_t bufsize, int harden_large_queries, uint32_t http_max_streams, char* http_endpoint, comm_point_callback_type* callback, void* callback_arg, @@ -4081,7 +4118,7 @@ comm_point_create_http_handler(struct comm_base *base, return NULL; } #endif - + /* add to parent free list */ c->tcp_free = parent->tcp_free; parent->tcp_free = c; @@ -4103,7 +4140,7 @@ comm_point_create_http_handler(struct comm_base *base, return c; } -struct comm_point* +struct comm_point* comm_point_create_tcp(struct comm_base *base, int fd, int num, int idle_timeout, int harden_large_queries, uint32_t http_max_streams, char* http_endpoint, @@ -4201,11 +4238,11 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, return NULL; } } - + return c; } -struct comm_point* +struct comm_point* comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, comm_point_callback_type* callback, void* callback_arg) { @@ -4272,7 +4309,7 @@ comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, return c; } -struct comm_point* +struct comm_point* comm_point_create_http_out(struct comm_base *base, size_t bufsize, comm_point_callback_type* callback, void* callback_arg, sldns_buffer* temp) @@ -4343,7 +4380,7 @@ comm_point_create_http_out(struct comm_base *base, size_t bufsize, return c; } -struct comm_point* +struct comm_point* comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, comm_point_callback_type* callback, void* callback_arg) { @@ -4411,8 +4448,8 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, return c; } -struct comm_point* -comm_point_create_raw(struct comm_base* base, int fd, int writing, +struct comm_point* +comm_point_create_raw(struct comm_base* base, int fd, int writing, comm_point_callback_type* callback, void* callback_arg) { struct comm_point* c = (struct comm_point*)calloc(1, @@ -4476,7 +4513,7 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing, return c; } -void +void comm_point_close(struct comm_point* c) { if(!c) @@ -4495,6 +4532,11 @@ comm_point_close(struct comm_point* c) tcp_req_info_clear(c->tcp_req_info); if(c->h2_session) http2_session_server_delete(c->h2_session); + /* stop the comm point from reading or writing after it is closed. */ + if(c->tcp_more_read_again && *c->tcp_more_read_again) + *c->tcp_more_read_again = 0; + if(c->tcp_more_write_again && *c->tcp_more_write_again) + *c->tcp_more_write_again = 0; /* close fd after removing from event lists, or epoll.. is messed up */ if(c->fd != -1 && !c->do_not_close) { @@ -4511,10 +4553,10 @@ comm_point_close(struct comm_point* c) c->fd = -1; } -void +void comm_point_delete(struct comm_point* c) { - if(!c) + if(!c) return; if((c->type == comm_tcp || c->type == comm_http) && c->ssl) { #ifdef HAVE_SSL @@ -4553,7 +4595,7 @@ comm_point_delete(struct comm_point* c) free(c); } -void +void comm_point_send_reply(struct comm_reply *repinfo) { struct sldns_buffer* buffer; @@ -4617,7 +4659,7 @@ comm_point_send_reply(struct comm_reply *repinfo) } } -void +void comm_point_drop_reply(struct comm_reply* repinfo) { if(!repinfo) @@ -4641,7 +4683,7 @@ comm_point_drop_reply(struct comm_reply* repinfo) reclaim_tcp_handler(repinfo->c); } -void +void comm_point_stop_listening(struct comm_point* c) { verbose(VERB_ALGO, "comm point stop listening %d", c->fd); @@ -4653,10 +4695,10 @@ comm_point_stop_listening(struct comm_point* c) } } -void +void comm_point_start_listening(struct comm_point* c, int newfd, int msec) { - verbose(VERB_ALGO, "comm point start listening %d (%d msec)", + verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); if(c->type == comm_tcp_accept && !c->tcp_free) { /* no use to start listening no free slots. */ @@ -4740,10 +4782,10 @@ void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) size_t comm_point_get_mem(struct comm_point* c) { size_t s; - if(!c) + if(!c) return 0; s = sizeof(*c) + sizeof(*c->ev); - if(c->timeout) + if(c->timeout) s += sizeof(*c->timeout); if(c->type == comm_tcp || c->type == comm_local) { s += sizeof(*c->buffer) + sldns_buffer_capacity(c->buffer); @@ -4762,7 +4804,7 @@ size_t comm_point_get_mem(struct comm_point* c) return s; } -struct comm_timer* +struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) { struct internal_timer *tm = (struct internal_timer*)calloc(1, @@ -4775,7 +4817,7 @@ comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) tm->base = base; tm->super.callback = cb; tm->super.cb_arg = cb_arg; - tm->ev = ub_event_new(base->eb->base, -1, UB_EV_TIMEOUT, + tm->ev = ub_event_new(base->eb->base, -1, UB_EV_TIMEOUT, comm_timer_callback, &tm->super); if(tm->ev == NULL) { log_err("timer_create: event_base_set failed."); @@ -4785,7 +4827,7 @@ comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) return &tm->super; } -void +void comm_timer_disable(struct comm_timer* timer) { if(!timer) @@ -4794,7 +4836,7 @@ comm_timer_disable(struct comm_timer* timer) timer->ev_timer->enabled = 0; } -void +void comm_timer_set(struct comm_timer* timer, struct timeval* tv) { log_assert(tv); @@ -4806,7 +4848,7 @@ comm_timer_set(struct comm_timer* timer, struct timeval* tv) timer->ev_timer->enabled = 1; } -void +void comm_timer_delete(struct comm_timer* timer) { if(!timer) @@ -4819,7 +4861,7 @@ comm_timer_delete(struct comm_timer* timer) free(timer->ev_timer); } -void +void comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg) { struct comm_timer* tm = (struct comm_timer*)arg; @@ -4831,19 +4873,19 @@ comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg) (*tm->callback)(tm->cb_arg); } -int +int comm_timer_is_set(struct comm_timer* timer) { return (int)timer->ev_timer->enabled; } -size_t +size_t comm_timer_get_mem(struct comm_timer* ATTR_UNUSED(timer)) { return sizeof(struct internal_timer); } -struct comm_signal* +struct comm_signal* comm_signal_create(struct comm_base* base, void (*callback)(int, void*), void* cb_arg) { @@ -4860,7 +4902,7 @@ comm_signal_create(struct comm_base* base, return com; } -void +void comm_signal_callback(int sig, short event, void* arg) { struct comm_signal* comsig = (struct comm_signal*)arg; @@ -4871,10 +4913,10 @@ comm_signal_callback(int sig, short event, void* arg) (*comsig->callback)(sig, comsig->cb_arg); } -int +int comm_signal_bind(struct comm_signal* comsig, int sig) { - struct internal_signal* entry = (struct internal_signal*)calloc(1, + struct internal_signal* entry = (struct internal_signal*)calloc(1, sizeof(struct internal_signal)); if(!entry) { log_err("malloc failed"); @@ -4901,7 +4943,7 @@ comm_signal_bind(struct comm_signal* comsig, int sig) return 1; } -void +void comm_signal_delete(struct comm_signal* comsig) { struct internal_signal* p, *np; diff --git a/util/netevent.h b/util/netevent.h index 3e7849c13..761b8539c 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -83,7 +83,7 @@ struct internal_timer; /* A sub struct of the comm_timer super struct */ enum listen_type; /** callback from communication point function type */ -typedef int comm_point_callback_type(struct comm_point*, void*, int, +typedef int comm_point_callback_type(struct comm_point*, void*, int, struct comm_reply*); /** to pass no_error to callback function */ @@ -91,7 +91,7 @@ typedef int comm_point_callback_type(struct comm_point*, void*, int, /** to pass closed connection to callback function */ #define NETEVENT_CLOSED -1 /** to pass timeout happened to callback function */ -#define NETEVENT_TIMEOUT -2 +#define NETEVENT_TIMEOUT -2 /** to pass fallback from capsforID to callback function; 0x20 failed */ #define NETEVENT_CAPSFAIL -3 /** to pass done transfer to callback function; http file is complete */ @@ -165,8 +165,8 @@ struct comm_reply { socklen_t client_addrlen; }; -/** - * Communication point to the network +/** + * Communication point to the network * These behaviours can be accomplished by setting the flags * and passing return values from the callback. * udp frontside: called after readdone. sendafter. @@ -206,7 +206,7 @@ struct comm_point { int max_tcp_count; /** current number of tcp handler in-use for this accept socket */ int cur_tcp_count; - /** malloced array of tcp handlers for a tcp-accept, + /** malloced array of tcp handlers for a tcp-accept, of size max_tcp_count. */ struct comm_point** tcp_handlers; /** linked list of free tcp_handlers to use for new queries. @@ -271,9 +271,9 @@ struct comm_point { /** is this a UDP, TCP-accept or TCP socket. */ enum comm_point_type { /** UDP socket - handle datagrams. */ - comm_udp, + comm_udp, /** TCP accept socket - only creates handlers if readable. */ - comm_tcp_accept, + comm_tcp_accept, /** TCP handler socket - handle byteperbyte readwrite. */ comm_tcp, /** HTTP handler socket */ @@ -282,7 +282,7 @@ struct comm_point { comm_local, /** raw - not DNS format - for pipe readers and writers */ comm_raw - } + } /** variable with type of socket, UDP,TCP-accept,TCP,pipe */ type; @@ -303,7 +303,7 @@ struct comm_point { /** if set the connection is NOT closed on delete. */ int do_not_close; - /** if set, the connection is closed on error, on timeout, + /** if set, the connection is closed on error, on timeout, and after read/write completes. No callback is done. */ int tcp_do_close; @@ -383,15 +383,16 @@ struct comm_point { /** number of queries outstanding on this socket, used by * outside network for udp ports */ int inuse; - + /** the timestamp when the packet was received by the kernel */ + struct timeval recv_tv; /** callback when done. tcp_accept does not get called back, is NULL then. If a timeout happens, callback with timeout=1 is called. - If an error happens, callback is called with error set + If an error happens, callback is called with error set nonzero. If not NETEVENT_NOERROR, it is an errno value. If the connection is closed (by remote end) then the callback is called with error set to NETEVENT_CLOSED=-1. - If a timeout happens on the connection, the error is set to + If a timeout happens on the connection, the error is set to NETEVENT_TIMEOUT=-2. The reply_info can be copied if the reply needs to happen at a later time. It consists of a struct with commpoint and address. @@ -399,7 +400,7 @@ struct comm_point { Note the reply information is temporary and must be copied. NULL is passed for_reply info, in cases where error happened. - declare as: + declare as: int my_callback(struct comm_point* c, void* my_arg, int error, struct comm_reply *reply_info); @@ -446,14 +447,14 @@ struct comm_signal { /** * Create a new comm base. - * @param sigs: if true it attempts to create a default loop for + * @param sigs: if true it attempts to create a default loop for * signal handling. * @return: the new comm base. NULL on error. */ struct comm_base* comm_base_create(int sigs); /** - * Create comm base that uses the given ub_event_base (underlying pluggable + * Create comm base that uses the given ub_event_base (underlying pluggable * event mechanism pointer). * @param base: underlying pluggable event base. * @return: the new comm base. NULL on error. @@ -619,7 +620,7 @@ struct comm_point* comm_point_create_http_out(struct comm_base* base, * @return: the commpoint or NULL on error. */ struct comm_point* comm_point_create_local(struct comm_base* base, - int fd, size_t bufsize, + int fd, size_t bufsize, comm_point_callback_type* callback, void* callback_arg); /** @@ -632,7 +633,7 @@ struct comm_point* comm_point_create_local(struct comm_base* base, * @return: the commpoint or NULL on error. */ struct comm_point* comm_point_create_raw(struct comm_base* base, - int fd, int writing, + int fd, int writing, comm_point_callback_type* callback, void* callback_arg); /** @@ -722,7 +723,7 @@ size_t comm_point_get_mem(struct comm_point* c); * @param cb_arg: user callback argument. * @return: the new timer or NULL on error. */ -struct comm_timer* comm_timer_create(struct comm_base* base, +struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg); /** @@ -792,7 +793,7 @@ void comm_signal_delete(struct comm_signal* comsig); * if -1, error message has been printed if necessary, simply drop * out of the reading handler. */ -int comm_point_perform_accept(struct comm_point* c, +int comm_point_perform_accept(struct comm_point* c, struct sockaddr_storage* addr, socklen_t* addrlen); /**** internal routines ****/ @@ -801,7 +802,7 @@ int comm_point_perform_accept(struct comm_point* c, * This routine is published for checks and tests, and is only used internally. * handle libevent callback for udp comm point. * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -811,7 +812,7 @@ void comm_point_udp_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for udp ancillary data comm point. * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -821,7 +822,7 @@ void comm_point_udp_ancil_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for tcp accept comm point * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -831,7 +832,7 @@ void comm_point_tcp_accept_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for tcp data comm point * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -841,7 +842,7 @@ void comm_point_tcp_handle_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for tcp data comm point * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -955,7 +956,7 @@ void http2_stream_add_meshstate(struct http2_stream* h2_stream, * This routine is published for checks and tests, and is only used internally. * handle libevent callback for timer comm. * @param fd: file descriptor (always -1). - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_timer structure. */ @@ -965,7 +966,7 @@ void comm_timer_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for signal comm. * @param fd: file descriptor (used for the signal number). - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the internal commsignal structure. */ @@ -975,7 +976,7 @@ void comm_signal_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * libevent callback for AF_UNIX fds * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -985,7 +986,7 @@ void comm_point_local_handle_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * libevent callback for raw fd access. * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -995,7 +996,7 @@ void comm_point_raw_handle_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * libevent callback for timeout on slow accept. * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ diff --git a/util/storage/lruhash.c b/util/storage/lruhash.c index 3500a4ef0..e17b180db 100644 --- a/util/storage/lruhash.c +++ b/util/storage/lruhash.c @@ -81,6 +81,7 @@ lruhash_create(size_t start_size, size_t maxmem, table->num = 0; table->space_used = 0; table->space_max = maxmem; + table->max_collisions = 0; table->array = calloc(table->size, sizeof(struct lruhash_bin)); if(!table->array) { lock_quick_destroy(&table->lock); @@ -216,15 +217,19 @@ reclaim_space(struct lruhash* table, struct lruhash_entry** list) struct lruhash_entry* bin_find_entry(struct lruhash* table, - struct lruhash_bin* bin, hashvalue_type hash, void* key) + struct lruhash_bin* bin, hashvalue_type hash, void* key, size_t* collisions) { + size_t c = 0; struct lruhash_entry* p = bin->overflow_list; while(p) { if(p->hash == hash && table->compfunc(p->key, key) == 0) - return p; + break; + c++; p = p->overflow_next; } - return NULL; + if (collisions != NULL) + *collisions = c; + return p; } void @@ -303,6 +308,7 @@ lruhash_insert(struct lruhash* table, hashvalue_type hash, struct lruhash_bin* bin; struct lruhash_entry* found, *reclaimlist=NULL; size_t need_size; + size_t collisions; fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); @@ -317,12 +323,14 @@ lruhash_insert(struct lruhash* table, hashvalue_type hash, lock_quick_lock(&bin->lock); /* see if entry exists already */ - if(!(found=bin_find_entry(table, bin, hash, entry->key))) { + if(!(found=bin_find_entry(table, bin, hash, entry->key, &collisions))) { /* if not: add to bin */ entry->overflow_next = bin->overflow_list; bin->overflow_list = entry; lru_front(table, entry); table->num++; + if (table->max_collisions < collisions) + table->max_collisions = collisions; table->space_used += need_size; } else { /* if so: update data - needs a writelock */ @@ -362,7 +370,7 @@ lruhash_lookup(struct lruhash* table, hashvalue_type hash, void* key, int wr) lock_quick_lock(&table->lock); bin = &table->array[hash & table->size_mask]; lock_quick_lock(&bin->lock); - if((entry=bin_find_entry(table, bin, hash, key))) + if((entry=bin_find_entry(table, bin, hash, key, NULL))) lru_touch(table, entry); lock_quick_unlock(&table->lock); @@ -389,7 +397,7 @@ lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key) lock_quick_lock(&table->lock); bin = &table->array[hash & table->size_mask]; lock_quick_lock(&bin->lock); - if((entry=bin_find_entry(table, bin, hash, key))) { + if((entry=bin_find_entry(table, bin, hash, key, NULL))) { bin_overflow_remove(bin, entry); lru_remove(table, entry); } else { @@ -579,6 +587,7 @@ lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, struct lruhash_bin* bin; struct lruhash_entry* found, *reclaimlist = NULL; size_t need_size; + size_t collisions; fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); @@ -593,7 +602,7 @@ lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, lock_quick_lock(&bin->lock); /* see if entry exists already */ - if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) { + if ((found = bin_find_entry(table, bin, hash, entry->key, &collisions)) != NULL) { /* if so: keep the existing data - acquire a writelock */ lock_rw_wrlock(&found->lock); } @@ -604,6 +613,8 @@ lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, bin->overflow_list = entry; lru_front(table, entry); table->num++; + if (table->max_collisions < collisions) + table->max_collisions = collisions; table->space_used += need_size; /* return the entry that was presented, and lock it */ found = entry; diff --git a/util/storage/lruhash.h b/util/storage/lruhash.h index 4759b5001..2086e4dec 100644 --- a/util/storage/lruhash.h +++ b/util/storage/lruhash.h @@ -178,6 +178,8 @@ struct lruhash { size_t space_used; /** the amount of space the hash table is maximally allowed to use. */ size_t space_max; + /** the maximum collisions were detected during the lruhash_insert operations. */ + size_t max_collisions; }; /** @@ -357,10 +359,11 @@ void bin_delete(struct lruhash* table, struct lruhash_bin* bin); * @param bin: hash bin to look into. * @param hash: hash value to look for. * @param key: key to look for. + * @param collisions: how many collisions were found during the search. * @return: the entry or NULL if not found. */ struct lruhash_entry* bin_find_entry(struct lruhash* table, - struct lruhash_bin* bin, hashvalue_type hash, void* key); + struct lruhash_bin* bin, hashvalue_type hash, void* key, size_t* collisions); /** * Remove entry from bin overflow chain. diff --git a/util/storage/slabhash.c b/util/storage/slabhash.c index a6c3d0fa6..7d376c4d6 100644 --- a/util/storage/slabhash.c +++ b/util/storage/slabhash.c @@ -242,3 +242,21 @@ size_t count_slabhash_entries(struct slabhash* sh) } return cnt; } + +void get_slabhash_stats(struct slabhash* sh, long long* num, long long* collisions) +{ + size_t slab, cnt = 0, max_collisions = 0; + + for(slab=0; slabsize; slab++) { + lock_quick_lock(&sh->array[slab]->lock); + cnt += sh->array[slab]->num; + if (max_collisions < sh->array[slab]->max_collisions) { + max_collisions = sh->array[slab]->max_collisions; + } + lock_quick_unlock(&sh->array[slab]->lock); + } + if (num != NULL) + *num = cnt; + if (collisions != NULL) + *collisions = max_collisions; +} diff --git a/util/storage/slabhash.h b/util/storage/slabhash.h index 4ecb60421..dc5fc3603 100644 --- a/util/storage/slabhash.h +++ b/util/storage/slabhash.h @@ -200,6 +200,15 @@ void slabhash_traverse(struct slabhash* table, int wr, */ size_t count_slabhash_entries(struct slabhash* table); +/** + * Retrieves number of items in slabhash and the current max collision level + * @param table: slabbed hash table. + * @param entries_count: where to save the current number of elements. + * @param max_collisions: where to save the current max collisions level. + */ +void get_slabhash_stats(struct slabhash* table, + long long* entries_count, long long* max_collisions); + /* --- test representation --- */ /** test structure contains test key */ struct slabhash_testkey { diff --git a/util/timehist.c b/util/timehist.c index 61cc995fd..2063fe80e 100644 --- a/util/timehist.c +++ b/util/timehist.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -46,6 +46,7 @@ #include #include "util/timehist.h" #include "util/log.h" +#include "util/timeval_func.h" /** special timestwo operation for time values in histogram setup */ static void @@ -83,12 +84,12 @@ dosetup(struct timehist* hist) struct timehist* timehist_setup(void) { - struct timehist* hist = (struct timehist*)calloc(1, + struct timehist* hist = (struct timehist*)calloc(1, sizeof(struct timehist)); if(!hist) return NULL; hist->num = NUM_BUCKETS_HIST; - hist->buckets = (struct th_buck*)calloc(hist->num, + hist->buckets = (struct th_buck*)calloc(hist->num, sizeof(struct th_buck)); if(!hist->buckets) { free(hist); @@ -114,23 +115,6 @@ void timehist_clear(struct timehist* hist) hist->buckets[i].count = 0; } -/** histogram compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - - void timehist_insert(struct timehist* hist, struct timeval* tv) { size_t i; @@ -194,7 +178,7 @@ timehist_count(struct timehist* hist) return res; } -double +double timehist_quartile(struct timehist* hist, double q) { double lookfor, passed, res; @@ -209,22 +193,22 @@ timehist_quartile(struct timehist* hist, double q) lookfor *= q; passed = 0; i = 0; - while(i+1 < hist->num && + while(i+1 < hist->num && passed+(double)hist->buckets[i].count < lookfor) { passed += (double)hist->buckets[i++].count; } /* got the right bucket */ #ifndef S_SPLINT_S - low = (double)hist->buckets[i].lower.tv_sec + + low = (double)hist->buckets[i].lower.tv_sec + (double)hist->buckets[i].lower.tv_usec/1000000.; - up = (double)hist->buckets[i].upper.tv_sec + + up = (double)hist->buckets[i].upper.tv_sec + (double)hist->buckets[i].upper.tv_usec/1000000.; #endif res = (lookfor - passed)*(up-low)/((double)hist->buckets[i].count); return low+res; } -void +void timehist_export(struct timehist* hist, long long* array, size_t sz) { size_t i; @@ -235,7 +219,7 @@ timehist_export(struct timehist* hist, long long* array, size_t sz) array[i] = (long long)hist->buckets[i].count; } -void +void timehist_import(struct timehist* hist, long long* array, size_t sz) { size_t i; diff --git a/util/timeval_func.c b/util/timeval_func.c new file mode 100644 index 000000000..90250e153 --- /dev/null +++ b/util/timeval_func.c @@ -0,0 +1,113 @@ +/* + * util/timeval_func.c - helpers to work with struct timeval values. + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains helpers to manipulate struct timeval values. + */ + +#include "config.h" +#include "timeval_func.h" + +/** subtract timers and the values do not overflow or become negative */ +void +timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start) +{ +#ifndef S_SPLINT_S + time_t end_usec = end->tv_usec; + d->tv_sec = end->tv_sec - start->tv_sec; + if(end_usec < start->tv_usec) { + end_usec += 1000000; + d->tv_sec--; + } + d->tv_usec = end_usec - start->tv_usec; +#endif +} + +/** add timers and the values do not overflow or become negative */ +void +timeval_add(struct timeval* d, const struct timeval* add) +{ +#ifndef S_SPLINT_S + d->tv_sec += add->tv_sec; + d->tv_usec += add->tv_usec; + if(d->tv_usec >= 1000000 ) { + d->tv_usec -= 1000000; + d->tv_sec++; + } +#endif +} + +/** divide sum of timers to get average */ +void +timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) +{ +#ifndef S_SPLINT_S + long long leftover; + if(d <= 0) { + avg->tv_sec = 0; + avg->tv_usec = 0; + return; + } + avg->tv_sec = sum->tv_sec / d; + avg->tv_usec = sum->tv_usec / d; + /* handle fraction from seconds divide */ + leftover = sum->tv_sec - avg->tv_sec*d; + if(leftover <= 0) + leftover = 0; + avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; + if(avg->tv_sec < 0) + avg->tv_sec = 0; + if(avg->tv_usec < 0) + avg->tv_usec = 0; +#endif +} + +/** histogram compare of time values */ +int +timeval_smaller(const struct timeval* x, const struct timeval* y) +{ +#ifndef S_SPLINT_S + if(x->tv_sec < y->tv_sec) + return 1; + else if(x->tv_sec == y->tv_sec) { + if(x->tv_usec <= y->tv_usec) + return 1; + else return 0; + } + else return 0; +#endif +} diff --git a/util/timeval_func.h b/util/timeval_func.h new file mode 100644 index 000000000..819d1dd80 --- /dev/null +++ b/util/timeval_func.h @@ -0,0 +1,53 @@ +/* + * util/timeval_func.h - definitions of helpers for struct timeval values. + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains definitions of helpers to manipulate struct timeval + * values, implemented in the corresponding C file. + */ +#include + +#ifndef timeval_isset +#define timeval_isset(tv) ((tv)->tv_sec || (tv)->tv_usec) +#endif +#ifndef timeval_clear +#define timeval_clear(tv) ((tv)->tv_sec = (tv)->tv_usec = 0) +#endif +void timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start); +void timeval_add(struct timeval* d, const struct timeval* add); +void timeval_divide(struct timeval* avg, const struct timeval* sum, long long d); +int timeval_smaller(const struct timeval* x, const struct timeval* y); diff --git a/util/tube.c b/util/tube.c index 43455feef..7d98b93c3 100644 --- a/util/tube.c +++ b/util/tube.c @@ -45,6 +45,9 @@ #include "util/netevent.h" #include "util/fptr_wlist.h" #include "util/ub_event.h" +#ifdef HAVE_POLL_H +#include +#endif #ifndef USE_WINSOCK /* on unix */ @@ -396,20 +399,28 @@ int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len, return 1; } -/** perform a select() on the fd */ +/** perform poll() on the fd */ static int pollit(int fd, struct timeval* t) { - fd_set r; + struct pollfd fds; + int pret; + int msec = -1; + memset(&fds, 0, sizeof(fds)); + fds.fd = fd; + fds.events = POLLIN | POLLERR | POLLHUP; #ifndef S_SPLINT_S - FD_ZERO(&r); - FD_SET(FD_SET_T fd, &r); + if(t) + msec = t->tv_sec*1000 + t->tv_usec/1000; #endif - if(select(fd+1, &r, NULL, NULL, t) == -1) { + + pret = poll(&fds, 1, msec); + + if(pret == -1) return 0; - } - errno = 0; - return (int)(FD_ISSET(fd, &r)); + if(pret != 0) + return 1; + return 0; } int tube_poll(struct tube* tube) @@ -426,24 +437,27 @@ int tube_wait(struct tube* tube) int tube_wait_timeout(struct tube* tube, int msec) { - struct timeval t; - int fd = tube->sr; - fd_set r; - t.tv_sec = msec/1000; - t.tv_usec = (msec%1000)*1000; -#ifndef S_SPLINT_S - FD_ZERO(&r); - FD_SET(FD_SET_T fd, &r); -#endif + int ret = 0; + while(1) { - if(select(fd+1, &r, NULL, NULL, &t) == -1) { + struct pollfd fds; + memset(&fds, 0, sizeof(fds)); + + fds.fd = tube->sr; + fds.events = POLLIN | POLLERR | POLLHUP; + ret = poll(&fds, 1, msec); + + if(ret == -1) { if(errno == EAGAIN || errno == EINTR) continue; return -1; } break; } - return (int)(FD_ISSET(fd, &r)); + + if(ret != 0) + return 1; + return 0; } int tube_read_fd(struct tube* tube) @@ -529,6 +543,7 @@ struct tube* tube_create(void) if(tube->event == WSA_INVALID_EVENT) { free(tube); log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError())); + return NULL; } if(!WSAResetEvent(tube->event)) { log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError())); diff --git a/validator/val_kcache.c b/validator/val_kcache.c index c190085b5..f5d49d24f 100644 --- a/validator/val_kcache.c +++ b/validator/val_kcache.c @@ -81,17 +81,11 @@ key_cache_delete(struct key_cache* kcache) void key_cache_insert(struct key_cache* kcache, struct key_entry_key* kkey, - struct module_qstate* qstate) + int copy_reason) { - struct key_entry_key* k = key_entry_copy(kkey); + struct key_entry_key* k = key_entry_copy(kkey, copy_reason); if(!k) return; - if(key_entry_isbad(k) && qstate->errinf && - qstate->env->cfg->val_log_level >= 2) { - /* on malloc failure there is simply no reason string */ - key_entry_set_reason(k, errinf_to_str_bogus(qstate)); - key_entry_set_reason_bogus(k, errinf_to_reason_bogus(qstate)); - } key_entry_hash(k); slabhash_insert(kcache->slab, k->entry.hash, &k->entry, k->entry.data, NULL); diff --git a/validator/val_kcache.h b/validator/val_kcache.h index 76c9dd094..df8de0999 100644 --- a/validator/val_kcache.h +++ b/validator/val_kcache.h @@ -76,10 +76,10 @@ void key_cache_delete(struct key_cache* kcache); * @param kcache: the key cache. * @param kkey: key entry key, assumed malloced in a region, is copied * to perform update or insertion. Its data pointer is also copied. - * @param qstate: store errinf reason in case its bad. + * @param copy_reason: if the reason string needs to be copied (allocated). */ void key_cache_insert(struct key_cache* kcache, struct key_entry_key* kkey, - struct module_qstate* qstate); + int copy_reason); /** * Remove an entry from the key cache. diff --git a/validator/val_kentry.c b/validator/val_kentry.c index a47feba61..85f026402 100644 --- a/validator/val_kentry.c +++ b/validator/val_kentry.c @@ -152,7 +152,7 @@ key_entry_copy_toregion(struct key_entry_key* kkey, struct regional* region) } struct key_entry_key* -key_entry_copy(struct key_entry_key* kkey) +key_entry_copy(struct key_entry_key* kkey, int copy_reason) { struct key_entry_key* newk; if(!kkey) @@ -190,7 +190,7 @@ key_entry_copy(struct key_entry_key* kkey) } packed_rrset_ptr_fixup(newd->rrset_data); } - if(d->reason) { + if(copy_reason && d->reason && *d->reason != 0) { newd->reason = strdup(d->reason); if(!newd->reason) { free(newd->rrset_data); @@ -199,6 +199,8 @@ key_entry_copy(struct key_entry_key* kkey) free(newk); return NULL; } + } else { + newd->reason = NULL; } if(d->algo) { newd->algo = (uint8_t*)strdup((char*)d->algo); @@ -237,22 +239,6 @@ key_entry_isbad(struct key_entry_key* kkey) return (int)(d->isbad); } -void -key_entry_set_reason(struct key_entry_key* kkey, char* reason) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - d->reason = reason; -} - -void -key_entry_set_reason_bogus(struct key_entry_key* kkey, sldns_ede_code ede) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - if (ede != LDNS_EDE_NONE) { /* reason_bogus init is LDNS_EDE_NONE already */ - d->reason_bogus = ede; - } -} - char* key_entry_get_reason(struct key_entry_key* kkey) { @@ -294,6 +280,7 @@ key_entry_setup(struct regional* region, struct key_entry_key* key_entry_create_null(struct regional* region, uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + sldns_ede_code reason_bogus, const char* reason, time_t now) { struct key_entry_key* k; @@ -302,8 +289,10 @@ key_entry_create_null(struct regional* region, return NULL; d->ttl = now + ttl; d->isbad = 0; - d->reason = NULL; - d->reason_bogus = LDNS_EDE_NONE; + d->reason = (!reason || *reason == 0) + ?NULL :(char*)regional_strdup(region, reason); + /* On allocation error we don't store the reason string */ + d->reason_bogus = reason_bogus; d->rrset_type = LDNS_RR_TYPE_DNSKEY; d->rrset_data = NULL; d->algo = NULL; @@ -313,7 +302,9 @@ key_entry_create_null(struct regional* region, struct key_entry_key* key_entry_create_rrset(struct regional* region, uint8_t* name, size_t namelen, uint16_t dclass, - struct ub_packed_rrset_key* rrset, uint8_t* sigalg, time_t now) + struct ub_packed_rrset_key* rrset, uint8_t* sigalg, + sldns_ede_code reason_bogus, const char* reason, + time_t now) { struct key_entry_key* k; struct key_entry_data* d; @@ -323,8 +314,10 @@ key_entry_create_rrset(struct regional* region, return NULL; d->ttl = rd->ttl + now; d->isbad = 0; - d->reason = NULL; - d->reason_bogus = LDNS_EDE_NONE; + d->reason = (!reason || *reason == 0) + ?NULL :(char*)regional_strdup(region, reason); + /* On allocation error we don't store the reason string */ + d->reason_bogus = reason_bogus; d->rrset_type = ntohs(rrset->rk.type); d->rrset_data = (struct packed_rrset_data*)regional_alloc_init(region, rd, packed_rrset_sizeof(rd)); @@ -341,7 +334,8 @@ key_entry_create_rrset(struct regional* region, struct key_entry_key* key_entry_create_bad(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + sldns_ede_code reason_bogus, const char* reason, time_t now) { struct key_entry_key* k; @@ -350,8 +344,10 @@ key_entry_create_bad(struct regional* region, return NULL; d->ttl = now + ttl; d->isbad = 1; - d->reason = NULL; - d->reason_bogus = LDNS_EDE_NONE; + d->reason = (!reason || *reason == 0) + ?NULL :(char*)regional_strdup(region, reason); + /* On allocation error we don't store the reason string */ + d->reason_bogus = reason_bogus; d->rrset_type = LDNS_RR_TYPE_DNSKEY; d->rrset_data = NULL; d->algo = NULL; diff --git a/validator/val_kentry.h b/validator/val_kentry.h index ded45beaa..ca9f0dabc 100644 --- a/validator/val_kentry.h +++ b/validator/val_kentry.h @@ -120,9 +120,11 @@ struct key_entry_key* key_entry_copy_toregion(struct key_entry_key* kkey, /** * Copy a key entry, malloced. * @param kkey: the key entry key (and data pointer) to copy. + * @param copy_reason: if the reason string needs to be copied (allocated). * @return newly allocated entry or NULL on a failure to allocate memory. */ -struct key_entry_key* key_entry_copy(struct key_entry_key* kkey); +struct key_entry_key* key_entry_copy(struct key_entry_key* kkey, + int copy_reason); /** * See if this is a null entry. Does not do locking. @@ -145,23 +147,6 @@ int key_entry_isgood(struct key_entry_key* kkey); */ int key_entry_isbad(struct key_entry_key* kkey); -/** - * Set reason why a key is bad. - * @param kkey: bad key. - * @param reason: string to attach, you must allocate it. - * Not safe to call twice unless you deallocate it yourself. - */ -void key_entry_set_reason(struct key_entry_key* kkey, char* reason); - -/** - * Set the EDE (RFC8914) code why the key is bad, if it - * exists (so not LDNS_EDE_NONE). - * @param kkey: bad key. - * @param ede: EDE code to attach to this key. - */ -void key_entry_set_reason_bogus(struct key_entry_key* kkey, sldns_ede_code ede); - - /** * Get reason why a key is bad. * @param kkey: bad key @@ -184,11 +169,14 @@ sldns_ede_code key_entry_get_reason_bogus(struct key_entry_key* kkey); * @param namelen: length of name * @param dclass: class of key entry. (host order); * @param ttl: what ttl should the key have. relative. + * @param reason_bogus: accompanying EDE code. + * @param reason: accompanying NULL-terminated EDE string (or NULL). * @param now: current time (added to ttl). * @return new key entry or NULL on alloc failure */ struct key_entry_key* key_entry_create_null(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + sldns_ede_code reason_bogus, const char* reason, time_t now); /** @@ -199,12 +187,16 @@ struct key_entry_key* key_entry_create_null(struct regional* region, * @param dclass: class of key entry. (host order); * @param rrset: data for key entry. This is copied to the region. * @param sigalg: signalled algorithm list (or NULL). + * @param reason_bogus: accompanying EDE code (usually LDNS_EDE_NONE). + * @param reason: accompanying NULL-terminated EDE string (or NULL). * @param now: current time (added to ttl of rrset) * @return new key entry or NULL on alloc failure */ struct key_entry_key* key_entry_create_rrset(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, - struct ub_packed_rrset_key* rrset, uint8_t* sigalg, time_t now); + uint8_t* name, size_t namelen, uint16_t dclass, + struct ub_packed_rrset_key* rrset, uint8_t* sigalg, + sldns_ede_code reason_bogus, const char* reason, + time_t now); /** * Create a bad entry, in the given region. @@ -213,11 +205,14 @@ struct key_entry_key* key_entry_create_rrset(struct regional* region, * @param namelen: length of name * @param dclass: class of key entry. (host order); * @param ttl: what ttl should the key have. relative. + * @param reason_bogus: accompanying EDE code. + * @param reason: accompanying NULL-terminated EDE string (or NULL). * @param now: current time (added to ttl). * @return new key entry or NULL on alloc failure */ struct key_entry_key* key_entry_create_bad(struct regional* region, uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + sldns_ede_code reason_bogus, const char* reason, time_t now); /** diff --git a/validator/val_neg.c b/validator/val_neg.c index 67699b1f7..52bc68387 100644 --- a/validator/val_neg.c +++ b/validator/val_neg.c @@ -43,7 +43,7 @@ */ #include "config.h" #ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" +#include #define NSEC3_SHA_LEN SHA_DIGEST_LENGTH #else #define NSEC3_SHA_LEN 20 @@ -1407,6 +1407,11 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, /* Matching NSEC, use to generate No Data answer. Not creating answers * yet for No Data proven using wildcard. */ if(nsec && nsec_proves_nodata(nsec, qinfo, &nodata_wc) && !nodata_wc) { + /* do not create nodata answers for qtype ANY, it is a query + * type, not an rrtype to disprove. Nameerrors are useful for + * qtype ANY, in the else branch. */ + if(qinfo->qtype == LDNS_RR_TYPE_ANY) + return NULL; if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, qinfo->qtype, qinfo->qclass, region, 2))) return NULL; diff --git a/validator/val_nsec.c b/validator/val_nsec.c index 876bfab6d..17c90d83f 100644 --- a/validator/val_nsec.c +++ b/validator/val_nsec.c @@ -174,9 +174,10 @@ val_nsec_proves_no_ds(struct ub_packed_rrset_key* nsec, /** check security status from cache or verify rrset, returns true if secure */ static int -nsec_verify_rrset(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey, - char** reason, struct module_qstate* qstate) +nsec_verify_rrset(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey, + char** reason, sldns_ede_code* reason_bogus, + struct module_qstate* qstate) { struct packed_rrset_data* d = (struct packed_rrset_data*) nsec->entry.data; @@ -187,7 +188,7 @@ nsec_verify_rrset(struct module_env* env, struct val_env* ve, if(d->security == sec_status_secure) return 1; d->security = val_verify_rrset_entry(env, ve, nsec, kkey, reason, - NULL, LDNS_SECTION_AUTHORITY, qstate); + reason_bogus, LDNS_SECTION_AUTHORITY, qstate); if(d->security == sec_status_secure) { rrset_update_sec_status(env->rrset_cache, nsec, *env->now); return 1; @@ -199,7 +200,7 @@ enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, time_t* proof_ttl, char** reason, - struct module_qstate* qstate) + sldns_ede_code* reason_bogus, struct module_qstate* qstate) { struct ub_packed_rrset_key* nsec = reply_find_rrset_section_ns( rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_NSEC, @@ -216,7 +217,8 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, * 1) this is a delegation point and there is no DS * 2) this is not a delegation point */ if(nsec) { - if(!nsec_verify_rrset(env, ve, nsec, kkey, reason, qstate)) { + if(!nsec_verify_rrset(env, ve, nsec, kkey, reason, + reason_bogus, qstate)) { verbose(VERB_ALGO, "NSEC RRset for the " "referral did not verify."); return sec_status_bogus; @@ -225,6 +227,7 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, if(sec == sec_status_bogus) { /* something was wrong. */ *reason = "NSEC does not prove absence of DS"; + *reason_bogus = LDNS_EDE_DNSSEC_BOGUS; return sec; } else if(sec == sec_status_insecure) { /* this wasn't a delegation point. */ @@ -246,9 +249,11 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, if(rep->rrsets[i]->rk.type != htons(LDNS_RR_TYPE_NSEC)) continue; if(!nsec_verify_rrset(env, ve, rep->rrsets[i], kkey, reason, - qstate)) { + reason_bogus, qstate)) { verbose(VERB_ALGO, "NSEC for empty non-terminal " "did not verify."); + *reason = "NSEC for empty non-terminal " + "did not verify."; return sec_status_bogus; } if(nsec_proves_nodata(rep->rrsets[i], qinfo, &wc)) { diff --git a/validator/val_nsec.h b/validator/val_nsec.h index 7117809d6..81844c908 100644 --- a/validator/val_nsec.h +++ b/validator/val_nsec.h @@ -44,6 +44,7 @@ #ifndef VALIDATOR_VAL_NSEC_H #define VALIDATOR_VAL_NSEC_H #include "util/data/packed_rrset.h" +#include "sldns/rrdef.h" struct val_env; struct module_env; struct module_qstate; @@ -65,6 +66,7 @@ struct key_entry_key; * @param kkey: key entry to use for verification of signatures. * @param proof_ttl: if secure, the TTL of how long this proof lasts. * @param reason: string explaining why bogus. + * @param reason_bogus: relevant EDE code for validation failure. * @param qstate: qstate with region. * @return security status. * SECURE: proved absence of DS. @@ -75,7 +77,8 @@ struct key_entry_key; enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, - time_t* proof_ttl, char** reason, struct module_qstate* qstate); + time_t* proof_ttl, char** reason, sldns_ede_code* reason_bogus, + struct module_qstate* qstate); /** * nsec typemap check, takes an NSEC-type bitmap as argument, checks for type. diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index 5ab21e20e..bd4891e3b 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -718,9 +718,9 @@ dnskey_verify_rrset(struct module_env* env, struct val_env* ve, } verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus"); if(!numchecked) { - *reason = "signature missing"; + *reason = "signature for expected key and algorithm missing"; if(reason_bogus) - *reason_bogus = LDNS_EDE_RRSIGS_MISSING; + *reason_bogus = LDNS_EDE_DNSSEC_BOGUS; } else if(numchecked == numindeterminate) { verbose(VERB_ALGO, "rrset failed to verify due to algorithm " "refusal by cryptolib"); diff --git a/validator/val_utils.c b/validator/val_utils.c index e2319ee23..8b388882b 100644 --- a/validator/val_utils.c +++ b/validator/val_utils.c @@ -587,16 +587,18 @@ val_verify_new_DNSKEYs(struct regional* region, struct module_env* env, return key_entry_create_rrset(region, ds_rrset->rk.dname, ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class), dnskey_rrset, - downprot?sigalg:NULL, *env->now); + downprot?sigalg:NULL, LDNS_EDE_NONE, NULL, + *env->now); } else if(sec == sec_status_insecure) { return key_entry_create_null(region, ds_rrset->rk.dname, - ds_rrset->rk.dname_len, + ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class), - rrset_get_ttl(ds_rrset), *env->now); + rrset_get_ttl(ds_rrset), *reason_bogus, *reason, + *env->now); } return key_entry_create_bad(region, ds_rrset->rk.dname, ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class), - BOGUS_KEY_TTL, *env->now); + BOGUS_KEY_TTL, *reason_bogus, *reason, *env->now); } enum sec_status @@ -694,7 +696,7 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, has_useful_ta = 1; sec = dnskey_verify_rrset(env, ve, dnskey_rrset, - ta_dnskey, i, reason, NULL, LDNS_SECTION_ANSWER, qstate); + ta_dnskey, i, reason, reason_bogus, LDNS_SECTION_ANSWER, qstate); if(sec == sec_status_secure) { if(!sigalg || algo_needs_set_secure(&needs, (uint8_t)dnskey_get_algo(ta_dnskey, i))) { @@ -743,16 +745,17 @@ val_verify_new_DNSKEYs_with_ta(struct regional* region, struct module_env* env, return key_entry_create_rrset(region, dnskey_rrset->rk.dname, dnskey_rrset->rk.dname_len, ntohs(dnskey_rrset->rk.rrset_class), dnskey_rrset, - downprot?sigalg:NULL, *env->now); + downprot?sigalg:NULL, LDNS_EDE_NONE, NULL, *env->now); } else if(sec == sec_status_insecure) { return key_entry_create_null(region, dnskey_rrset->rk.dname, dnskey_rrset->rk.dname_len, ntohs(dnskey_rrset->rk.rrset_class), - rrset_get_ttl(dnskey_rrset), *env->now); + rrset_get_ttl(dnskey_rrset), *reason_bogus, *reason, + *env->now); } return key_entry_create_bad(region, dnskey_rrset->rk.dname, dnskey_rrset->rk.dname_len, ntohs(dnskey_rrset->rk.rrset_class), - BOGUS_KEY_TTL, *env->now); + BOGUS_KEY_TTL, *reason_bogus, *reason, *env->now); } int diff --git a/validator/validator.c b/validator/validator.c index f4c8242a8..9de9d54db 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -70,16 +70,16 @@ static void process_ds_response(struct module_qstate* qstate, struct query_info* qinfo, struct sock_list* origin); -/* Updates the suplied EDE (RFC8914) code selectively so we don't loose - * a more specific code - */ +/* Updates the suplied EDE (RFC8914) code selectively so we don't lose + * a more specific code */ static void update_reason_bogus(struct reply_info* rep, sldns_ede_code reason_bogus) { - if (rep->reason_bogus == LDNS_EDE_DNSSEC_BOGUS || - rep->reason_bogus == LDNS_EDE_NONE) { - rep->reason_bogus = reason_bogus; - } + if(reason_bogus == LDNS_EDE_NONE) return; + if(reason_bogus == LDNS_EDE_DNSSEC_BOGUS + && rep->reason_bogus != LDNS_EDE_NONE + && rep->reason_bogus != LDNS_EDE_DNSSEC_BOGUS) return; + rep->reason_bogus = reason_bogus; } @@ -1672,20 +1672,13 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, vq->state = VAL_FINISHED_STATE; return 1; } else if(key_entry_isbad(vq->key_entry)) { - sldns_ede_code ede = LDNS_EDE_DNSSEC_BOGUS; - - /* the key could have a more spefic EDE than just bogus */ - if(key_entry_get_reason_bogus(vq->key_entry) != LDNS_EDE_NONE) { - ede = key_entry_get_reason_bogus(vq->key_entry); - } - + /* Bad keys should have the relevant EDE code and text */ + sldns_ede_code ede = key_entry_get_reason_bogus(vq->key_entry); /* key is bad, chain is bad, reply is bogus */ errinf_dname(qstate, "key for validation", vq->key_entry->name); errinf_ede(qstate, "is marked as invalid", ede); - if(key_entry_get_reason(vq->key_entry)) { - errinf(qstate, "because of a previous"); - errinf(qstate, key_entry_get_reason(vq->key_entry)); - } + errinf(qstate, "because of a previous"); + errinf(qstate, key_entry_get_reason(vq->key_entry)); /* no retries, stop bothering the authority until timeout */ vq->restart_count = ve->max_restart; @@ -1888,7 +1881,8 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, vq->chase_reply->security = sec_status_insecure; val_mark_insecure(vq->chase_reply, vq->key_entry->name, qstate->env->rrset_cache, qstate->env); - key_cache_insert(ve->kcache, vq->key_entry, qstate); + key_cache_insert(ve->kcache, vq->key_entry, + qstate->env->cfg->val_log_level >= 2); return 1; } @@ -1897,12 +1891,13 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, "of trust to keys for", vq->key_entry->name, LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class); vq->chase_reply->security = sec_status_bogus; - - update_reason_bogus(vq->chase_reply, LDNS_EDE_DNSKEY_MISSING); + update_reason_bogus(vq->chase_reply, + key_entry_get_reason_bogus(vq->key_entry)); errinf_ede(qstate, "while building chain of trust", - LDNS_EDE_DNSKEY_MISSING); + key_entry_get_reason_bogus(vq->key_entry)); if(vq->restart_count >= ve->max_restart) - key_cache_insert(ve->kcache, vq->key_entry, qstate); + key_cache_insert(ve->kcache, vq->key_entry, + qstate->env->cfg->val_log_level >= 2); return 1; } @@ -2154,20 +2149,14 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, char* err_str = errinf_to_str_bogus(qstate); if(err_str) { size_t err_str_len = strlen(err_str); - - /* allocate space and store the error string and it's size*/ - if (qstate->region) { - vq->orig_msg->rep->reason_bogus_str = regional_alloc( - qstate->region, - sizeof(char) * (err_str_len + 1)); - } else { - vq->orig_msg->rep->reason_bogus_str = malloc( - sizeof(char) * (err_str_len + 1)); - } - + log_info("%s", err_str); + /* allocate space and store the error + * string */ + vq->orig_msg->rep->reason_bogus_str = regional_alloc( + qstate->region, + sizeof(char) * (err_str_len+1)); memcpy(vq->orig_msg->rep->reason_bogus_str, - err_str, err_str_len + 1); - vq->orig_msg->rep->reason_bogus_str_size = err_str_len; + err_str, err_str_len+1); } free(err_str); } @@ -2212,6 +2201,8 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, } } + /* Update rep->reason_bogus as it is the one being cached */ + update_reason_bogus(vq->orig_msg->rep, errinf_to_reason_bogus(qstate)); /* store results in cache */ if(qstate->query_flags&BIT_RD) { /* if secure, this will override cache anyway, no need @@ -2387,13 +2378,17 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- " "could not fetch DNSKEY rrset", ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); + reason_bogus = LDNS_EDE_DNSKEY_MISSING; + reason = "no DNSKEY rrset"; if(qstate->env->cfg->harden_dnssec_stripped) { - errinf_ede(qstate, "no DNSKEY rrset", LDNS_EDE_DNSKEY_MISSING); + errinf_ede(qstate, reason, reason_bogus); kkey = key_entry_create_bad(qstate->region, ta->name, ta->namelen, ta->dclass, BOGUS_KEY_TTL, + reason_bogus, reason, *qstate->env->now); } else kkey = key_entry_create_null(qstate->region, ta->name, ta->namelen, ta->dclass, NULL_KEY_TTL, + reason_bogus, reason, *qstate->env->now); if(!kkey) { log_err("out of memory: allocate fail prime key"); @@ -2426,9 +2421,11 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, errinf_ede(qstate, reason, reason_bogus); kkey = key_entry_create_bad(qstate->region, ta->name, ta->namelen, ta->dclass, BOGUS_KEY_TTL, + reason_bogus, reason, *qstate->env->now); } else kkey = key_entry_create_null(qstate->region, ta->name, ta->namelen, ta->dclass, NULL_KEY_TTL, + reason_bogus, reason, *qstate->env->now); if(!kkey) { log_err("out of memory: allocate null prime key"); @@ -2475,8 +2472,9 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* errors here pretty much break validation */ verbose(VERB_DETAIL, "DS response was error, thus bogus"); errinf(qstate, rc); - errinf_ede(qstate, "no DS", LDNS_EDE_NETWORK_ERROR); - + reason = "no DS"; + reason_bogus = LDNS_EDE_NETWORK_ERROR; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } @@ -2490,7 +2488,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, if(!ds) { log_warn("internal error: POSITIVE DS response was " "missing DS."); - errinf_ede(qstate, "no DS record", LDNS_EDE_DNSSEC_BOGUS); + reason = "no DS record"; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } /* Verify only returns BOGUS or SECURE. If the rrset is @@ -2509,13 +2508,11 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, if(!val_dsset_isusable(ds)) { /* If they aren't usable, then we treat it like * there was no DS. */ - - /* TODO add EDE Unsupported DS Digest Type; this needs - * EDE to be added on non SERVFAIL answers. */ - - *ke = key_entry_create_null(qstate->region, - qinfo->qname, qinfo->qname_len, qinfo->qclass, - ub_packed_rrset_ttl(ds), *qstate->env->now); + *ke = key_entry_create_null(qstate->region, + qinfo->qname, qinfo->qname_len, qinfo->qclass, + ub_packed_rrset_ttl(ds), + LDNS_EDE_UNSUPPORTED_DS_DIGEST, NULL, + *qstate->env->now); return (*ke) != NULL; } @@ -2523,7 +2520,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, log_query_info(VERB_DETAIL, "validated DS", qinfo); *ke = key_entry_create_rrset(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, ds, - NULL, *qstate->env->now); + NULL, LDNS_EDE_NONE, NULL, *qstate->env->now); return (*ke) != NULL; } else if(subtype == VAL_CLASS_NODATA || subtype == VAL_CLASS_NAMEERROR) { @@ -2535,7 +2532,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* make sure there are NSECs or NSEC3s with signatures */ if(!val_has_signed_nsecs(msg->rep, &reason)) { verbose(VERB_ALGO, "no NSECs: %s", reason); - errinf_ede(qstate, reason, LDNS_EDE_NSEC_MISSING); + reason_bogus = LDNS_EDE_NSEC_MISSING; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } @@ -2547,7 +2545,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* Try to prove absence of the DS with NSEC */ sec = val_nsec_prove_nodata_dsreply( qstate->env, ve, qinfo, msg->rep, vq->key_entry, - &proof_ttl, &reason, qstate); + &proof_ttl, &reason, &reason_bogus, qstate); switch(sec) { case sec_status_secure: verbose(VERB_DETAIL, "NSEC RRset for the " @@ -2555,6 +2553,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, *ke = key_entry_create_null(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, proof_ttl, + LDNS_EDE_NONE, NULL, *qstate->env->now); return (*ke) != NULL; case sec_status_insecure: @@ -2588,6 +2587,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, *ke = key_entry_create_null(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, proof_ttl, + LDNS_EDE_NONE, NULL, *qstate->env->now); return (*ke) != NULL; case sec_status_indeterminate: @@ -2610,7 +2610,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, * this is BOGUS. */ verbose(VERB_DETAIL, "DS %s ran out of options, so return " "bogus", val_classification_to_string(subtype)); - errinf(qstate, "no DS but also no proof of that"); + reason = "no DS but also no proof of that"; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } else if(subtype == VAL_CLASS_CNAME || subtype == VAL_CLASS_CNAMENOANSWER) { @@ -2622,22 +2623,25 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, cname = reply_find_rrset_section_an(msg->rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_CNAME, qinfo->qclass); if(!cname) { - errinf(qstate, "validator classified CNAME but no " - "CNAME of the queried name for DS"); + reason = "validator classified CNAME but no " + "CNAME of the queried name for DS"; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } if(((struct packed_rrset_data*)cname->entry.data)->rrsig_count == 0) { if(msg->rep->an_numrrsets != 0 && ntohs(msg->rep-> rrsets[0]->rk.type)==LDNS_RR_TYPE_DNAME) { - errinf(qstate, "DS got DNAME answer"); + reason = "DS got DNAME answer"; } else { - errinf(qstate, "DS got unsigned CNAME answer"); + reason = "DS got unsigned CNAME answer"; } + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } - sec = val_verify_rrset_entry(qstate->env, ve, cname, - vq->key_entry, &reason, NULL, LDNS_SECTION_ANSWER, qstate); + sec = val_verify_rrset_entry(qstate->env, ve, cname, + vq->key_entry, &reason, &reason_bogus, + LDNS_SECTION_ANSWER, qstate); if(sec == sec_status_secure) { verbose(VERB_ALGO, "CNAME validated, " "proof that DS does not exist"); @@ -2646,12 +2650,13 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, return 1; } errinf(qstate, "CNAME in DS response was not secure."); - errinf(qstate, reason); + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } else { verbose(VERB_QUERY, "Encountered an unhandled type of " "DS response, thus bogus."); errinf(qstate, "no DS and"); + reason = "no DS"; if(FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_NOERROR) { char rc[16]; rc[0]=0; @@ -2664,8 +2669,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, } return_bogus: *ke = key_entry_create_bad(qstate->region, qinfo->qname, - qinfo->qname_len, qinfo->qclass, - BOGUS_KEY_TTL, *qstate->env->now); + qinfo->qname_len, qinfo->qclass, BOGUS_KEY_TTL, + reason_bogus, reason, *qstate->env->now); return (*ke) != NULL; } @@ -2785,14 +2790,17 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, vq->restart_count++; return; } - vq->key_entry = key_entry_create_bad(qstate->region, + reason = "No DNSKEY record"; + reason_bogus = LDNS_EDE_DNSKEY_MISSING; + vq->key_entry = key_entry_create_bad(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, - BOGUS_KEY_TTL, *qstate->env->now); + BOGUS_KEY_TTL, reason_bogus, reason, + *qstate->env->now); if(!vq->key_entry) { log_err("alloc failure in missing dnskey response"); /* key_entry is NULL for failure in Validate */ } - errinf_ede(qstate, "No DNSKEY record", LDNS_EDE_DNSKEY_MISSING); + errinf_ede(qstate, reason, reason_bogus); errinf_origin(qstate, origin); errinf_dname(qstate, "for key", qinfo->qname); vq->state = VAL_VALIDATE_STATE; @@ -2839,7 +2847,8 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, qstate->errinf = NULL; /* The DNSKEY validated, so cache it as a trusted key rrset. */ - key_cache_insert(ve->kcache, vq->key_entry, qstate); + key_cache_insert(ve->kcache, vq->key_entry, + qstate->env->cfg->val_log_level >= 2); /* If good, we stay in the FINDKEY state. */ log_query_info(VERB_DETAIL, "validated DNSKEY", qinfo); @@ -2907,7 +2916,8 @@ process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, errinf_origin(qstate, origin); errinf_dname(qstate, "for trust anchor", ta->name); /* store the freshly primed entry in the cache */ - key_cache_insert(ve->kcache, vq->key_entry, qstate); + key_cache_insert(ve->kcache, vq->key_entry, + qstate->env->cfg->val_log_level >= 2); } /* If the result of the prime is a null key, skip the FINDKEY state.*/